daily_brief
Combine external access events and sharing state to identify external file leakage risks. Provides a compact morning brief of recent external downloads, previews, and open shared links.
Instructions
Morning DLP brief: external access (events) + external-sharing state (enumeration).
One call that combines:
access (enterprise-wide, events): external DOWNLOAD/PREVIEW in the last
since_hours, with top external accessors and top externally-accessed files.exposure (co-admin visible folders, enumeration): current external collaborations, open ("anyone with the link") shared links, and the owners most externally exposed.
Reuses the cached folder scan, so calling this alongside the other enumeration
tools doesn't re-walk. Args mirror the underlying tools; top defaults to 5
for a compact summary. Coverage/caps caveats are the same (capped flags +
enumeration limited to the co-admin's visible content). On failure returns
{"error": ...}.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| top | No | ||
| max_depth | No | ||
| max_events | No | ||
| max_folders | No | ||
| since_hours | No |