The detection rule 'Google Accessed a GSuite Resource' aims to monitor and log instances where Google accesses GSuite resources directly, often tied to support incidents. This interaction is tracked through the 'GSuite.ActivityEvent' log type, which captures relevant access activity. The rule has a low severity, indicating that while such access is notable, it may not necessarily represent a high risk in the context of system security. To validate this rule, two test cases are defined: one to verify that a normal login event is not considered a significant incident, and another that confirms when Google access is registered as an actual GSuite resource access. The presence of access transparency allows administrators to review these events comprehensively, ensuring that any support-related access is tracked and reported correctly. This rule utilizes the actor's email as a main summary attribute, facilitating easy identification of the user involved in the detected activities.