Applies to managed Chrome browsers and ChromeOS devices.
As an admin, you can use the Google Admin console to get Chrome to report events to third-party service providers. For example, you can configure Chrome to report security events such as malware transfer, unsafe site visits, and password reuse. You can let Chrome report events using multiple service providers and configurations at the same time.
Step 1: Add new provider configurations
You must be a Super Admin to add new provider configurations. For details about the Super Admin role, see Pre-built administrator roles.
-
Sign in to your Google Admin console.
Sign in using an account with super administrator privileges (does not end in @gmail.com).
-
In the Admin console, go to Menu DevicesChromeConnectors.
- (Optional) If you’re configuring Chrome Enterprise connectors settings for the first time, follow the prompts to turn on Chrome Enterprise Connectors.
- At the top, click + New provider configuration.
- In the panel that appears on the right, find the provider that you want.
- Click Set up.
- Enter the configuration details. For information, see Provider configuration details below.
- Click Test connection to validate the configuration details.
If the validation fails, review the configuration details and retest. If it continuously fails, contact your admin for help. - If the validation is successful, click Add configuration.
Configurations are added for your entire organization. Then, you can use them in any organizational unit, as needed.
After you add a new configuration, it's listed on the Connectors page. You can see the configurations that you added for each provider and the number of organizational units where it’s connected.
Step 2: Configure reporting
-
Sign in to your Google Admin console.
Sign in using your administrator account (does not end in @gmail.com).
-
In the Admin console, go to Menu DevicesChromeSettings. The User & browser settings page opens by default.
If you signed up for Chrome Enterprise Core, go to Menu Chrome browserSettings.
-
To apply the setting to all users and enrolled browsers, leave the top organizational unit selected. Otherwise, select a child organizational unit.
- Go to Browser reporting.
- Click Event reporting.
- Select Enable event reporting.
- (Optional) Configure additional settings. Choose the reported event types that you need, based on what type of content you want to send for analysis. For details, see Chrome audit log.
- Default event types—Chrome threat and data protection events include malware transfer, password reuse, and unsafe site visits.
-
Click Save. Or, you might click Override for an organizational unit.
To later restore the inherited value, click Inherit.
Step 3: Choose configuration to use
- Still on the Admin console's Users and browsers settings page, click Event reporting and then the reporting connector provider configurations link.
Or, from the Admin console Home page, go to DevicesChromeConnectors. - Select a child organizational unit.
- For Reporting connectors, check the box next to the configurations that you want to use.
- Click Save.
Note: Even if you don't use a configuration, events are still reported and available in the Chrome log events.
Manage configurations
Add a configuration to an existing provider
-
Sign in to your Google Admin console.
Sign in using your administrator account (does not end in @gmail.com).
-
In the Admin console, go to Menu DevicesChromeConnectors.
- On the left, make sure that All browsers & devices is selected.
- Find the connector provider you want to add a configuration to.
- On the far right, click Add another configuration.
- Enter the configuration details. For information, see Provider configuration details.
- Click Test connection to validate the configuration details.
If the validation fails, review the configuration details and retest. If it continuously fails, contact your admin for help. - If the validation is successful, click Add configuration.
View or edit a configuration
-
Sign in to your Google Admin console.
Sign in using your administrator account (does not end in @gmail.com).
-
In the Admin console, go to Menu DevicesChromeConnectors.
- For the configuration that you want to change, click Details.
- In the Provider configuration section, click Edit.
- Make your changes.
- (Optional) Click Test connection if required. Some changes do not need to be tested.
- Click Save configuration.
Remove configurations
Remove all configurations for a service provider
-
Sign in to your Google Admin console.
Sign in using your administrator account (does not end in @gmail.com).
-
In the Admin console, go to Menu DevicesChromeConnectors.
- Find the connector provider you want to remove all configurations for.
- On the far right, click Delete all configurations.
- Click Delete to confirm.
Remove a specific configuration
-
Sign in to your Google Admin console.
Sign in using your administrator account (does not end in @gmail.com).
-
In the Admin console, go to Menu DevicesChromeConnectors.
- Find the configuration you want to remove.
- On the far right, click Delete.
- Click Delete to confirm.
Provider configuration details
Chronicle
Field | Description |
---|---|
Configuration ID |
The ID that’s shown on the User & browsers settings page and the Connectors page. |
API key |
The API key to specify when calling the Chronicle injection API to identify the customer. |
The Integrate Chronicle with Chrome browser in Chrome Enterprise Core document guides you through the process of setting up the integration between Chrome Enterprise Core and Chronicle.
Google Cloud Pub/Sub
Field | Description |
---|---|
Configuration ID |
The ID that’s shown on the User & browsers settings page and the Connectors page. |
Topic full path |
Pub/Sub resource unique identifier, such as projects/sampleproject/topics/sampletopic. Note: Topics must have publish permissions set for the account |
The Integrate Google Cloud Pub/Sub with Chrome browser in Chrome Enterprise Core document guides you through the process of setting up the integration between Chrome Enterprise Core and Google Cloud Pub/Sub.
Splunk
Field | Description |
---|---|
Configuration ID |
The name that’s shown on the User & browsers settings page and the Connectors page. |
Http event collector |
Protocol, domain, and port of the HTTP event collector to receive the events. |
Token |
The authorization token of the HTTP event collector. |
Source name override |
Leave empty to use the HTTP event collector default source name. Or specify another one to be used with this configuration. |
The Getting started with the Splunk integration in Chrome Enterprise Core document guides you through the process of setting up the integration between Chrome Enterprise Core and Splunk.
CrowdStrike
Field | Description |
---|---|
Configuration ID |
The name that’s shown on the User & browsers settings page and the Connectors page. |
Ingest Token |
Ingest token obtained from https://cloud.us.humio.com |
Host Name | The host name of your CrowdStrike instance. Most likely cloud.us.humio.com, sa-cluster.humio-support.com, or your on-prem instance. |
The Getting started with the CrowdStrike Falcon LogScale integration in Chrome Enterprise Core document guides you through the process of setting up the integration between Chrome Enterprise Core and CrowdStrike.
Palo Alto Networks
Field | Description |
---|---|
Configuration ID |
The ID that’s shown on the User & browsers settings page and the Connectors page. |
API key |
The API key to specify when calling the Palo Alto Networks injection API to identify the customer. |
Host Name |
The host name of your Palo Alto Networks instance. Most likely cortex-gateway.paloaltonetworks.com or your on-prem instance. |
The Getting started with Palo Alto Networks Integration in Chrome Enterprise Core document guides you through the process of setting up the integration between Chrome Enterprise Core and Palo Alto Networks.
Reported event types
Chrome Data Protection events are available only for customers who have purchased Chrome Enterprise Premium. For more information about Chrome Enterprise Premium and how to set it up, go to Protect Chrome users with Chrome Enterprise Premium.
For details about the various events that Chrome audit log shows, go to Chrome log events.
Related topics
Google and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.