The rule 'GSuite User Banned from Group' detects when a GSuite user has been banned from an enterprise group due to moderator action. This action can be significant as it indicates that user may have violated group policies or other rules set forth by administrators. The rule specifically looks for GSuite activity events where the actor, typically a moderator, performs the action of banning a user from the group. The primary aim is to alert administrators or security teams to review the reason for the ban and determine if additional actions are necessary regarding the user's account. The rule runs against log types 'GSuite.ActivityEvent' and is tagged with 'GSuite' for easy categorization and management.