This automation searches for emails that have been observed by a given Indicator of Compromise (IOC). IOC is a piece of digital forensics (identification, investigation, and remediation of cyberattacks) that suggests that an account may have been breached. You can decide on the IOC from the following list: https://support.google.com/mail/answer/7190. Note also the differences between the UI and the automation filters: https://developers.google.com/gmail/api/guides/filtering. It reports the search results to the relevant SecOps personnel. The automation requires a connection as a service account for a business account and uses the `user delegation` method. A premium business Gmail account would be better for scalability but is not mandatory. For more details about the account type: https://support.google.com/a/answer/7575955?hl=en.