This detection rule monitors the addition of new mobile applications to the organization's mobile apps whitelist in Google Workspace. It triggers when a user successfully adds a mobile application to the whitelist, which is significant for security compliance and management of mobile app usage. The rule is enabled by default with a medium severity level due to potential risks associated with unauthorized applications being allowed within the organization. The underlying logic utilizes G Suite Activity Events to capture specific activities related to mobile app management. The presence of new apps can affect device security and access to sensitive data, making this a relevant rule in many operational contexts. The rule analyzes logs for events related to adding approved mobile applications, focusing primarily on their usage within an organizational unit.