Manage Chrome Enterprise reporting connectors

Applies to managed Chrome browsers and ChromeOS devices.

As an admin, you can use the Google Admin console to get Chrome to report events to third-party service providers. For example, you can configure Chrome to report security events such as malware transfer, unsafe site visits, and password reuse. You can let Chrome report events using multiple service providers and configurations at the same time.

Step 1: Add new provider configurations

You must be a Super Admin to add new provider configurations. For details about the Super Admin role, see Pre-built administrator roles.

  1. Sign in to your Google Admin console.

    Sign in using an account with super administrator privileges (does not end in @gmail.com).

  2. In the Admin console, go to Menu and then Devicesand thenChromeand thenConnectors.
  3. (Optional) If you’re configuring Chrome Enterprise connectors settings for the first time, follow the prompts to turn on Chrome Enterprise Connectors.
  4. At the top, click + New provider configuration.
  5. In the panel that appears on the right, find the provider that you want.
  6. Click Set up.
  7. Enter the configuration details. For information, see Provider configuration details below.
  8. Click Test connection to validate the configuration details.
    If the validation fails, review the configuration details and retest. If it continuously fails, contact your admin for help.
  9. If the validation is successful, click Add configuration.

Configurations are added for your entire organization. Then, you can use them in any organizational unit, as needed.

After you add a new configuration, it's listed on the Connectors page. You can see the configurations that you added for each provider and the number of organizational units where it’s connected.

Step 2: Configure reporting

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. In the Admin console, go to Menu and then Devicesand thenChromeand thenSettings. The User & browser settings page opens by default.

    If you signed up for Chrome Enterprise Core, go to Menu and then Chrome browserand thenSettings.

  3. To apply the setting to all users and enrolled browsers, leave the top organizational unit selected. Otherwise, select a child organizational unit.
  4. Go to Browser reporting.
  5. Click Event reporting.
  6. Select Enable event reporting.
  7. (Optional) Configure additional settings. Choose the reported event types that you need, based on what type of content you want to send for analysis. For details, see Chrome audit log.
    • Default event types—Chrome threat and data protection events include malware transfer, password reuse, and unsafe site visits.
  8. Click Save. Or, you might click Override for an organizational unit.

    To later restore the inherited value, click Inherit

Step 3: Choose configuration to use

  1. Still on the Admin console's Users and browsers settings page, click Event reporting and then the reporting connector provider configurations link.
    Or, from the Admin console Home page, go to Devicesand thenChromeand thenConnectors.
  2. Select a child organizational unit.
  3. For Reporting connectors, check the box next to the configurations that you want to use.
  4. Click Save.

Note: Even if you don't use a configuration, events are still reported and available in the Chrome log events.

Manage configurations

Add a configuration to an existing provider

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. In the Admin console, go to Menu and then Devicesand thenChromeand thenConnectors.
  3. On the left, make sure that All browsers & devices is selected.
  4. Find the connector provider you want to add a configuration to.
  5. On the far right, click and thenAdd another configuration.
  6. Enter the configuration details. For information, see Provider configuration details.
  7. Click Test connection to validate the configuration details.
    If the validation fails, review the configuration details and retest. If it continuously fails, contact your admin for help.
  8. If the validation is successful, click Add configuration.

View or edit a configuration

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. In the Admin console, go to Menu and then Devicesand thenChromeand thenConnectors.
  3. For the configuration that you want to change, click Details.
  4. In the Provider configuration section, click Edit.
  5. Make your changes. 
  6. (Optional) Click Test connection if required. Some changes do not need to be tested.
  7. Click Save configuration.

Remove configurations

Remove all configurations for a service provider

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. In the Admin console, go to Menu and then Devicesand thenChromeand thenConnectors.
  3. Find the connector provider you want to remove all configurations for.
  4. On the far right, click and thenDelete all configurations.
  5. Click Delete to confirm.

Remove a specific configuration

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. In the Admin console, go to Menu and then Devicesand thenChromeand thenConnectors.
  3. Find the configuration you want to remove.
  4.  On the far right, click and thenDelete.
  5. Click Delete to confirm.

Provider configuration details

Chronicle

Field Description

Configuration ID

The ID that’s shown on the User & browsers settings page and the Connectors page.

API key

The API key to specify when calling the Chronicle injection API to identify the customer.

The Integrate Chronicle with Chrome browser in Chrome Enterprise Core document guides you through the process of setting up the integration between Chrome Enterprise Core and Chronicle.

DOWNLOAD GUIDE (PDF)

Google Cloud Pub/Sub

Field Description

Configuration ID

The ID that’s shown on the User & browsers settings page and the Connectors page.

Topic full path

Pub/Sub resource unique identifier, such as projects/sampleproject/topics/sampletopic.

Note: Topics must have publish permissions set for the account
cloud-pub-sub-publisher@chrome-reporting.iam.gserviceaccount.com

The Integrate Google Cloud Pub/Sub with Chrome browser in Chrome Enterprise Core document guides you through the process of setting up the integration between Chrome Enterprise Core and Google Cloud Pub/Sub.

DOWNLOAD GUIDE (PDF)

Splunk

Field Description

Configuration ID

The name that’s shown on the User & browsers settings page and the Connectors page.

Http event collector

Protocol, domain, and port of the HTTP event collector to receive the events.

Token

The authorization token of the HTTP event collector.

Source name override

Leave empty to use the HTTP event collector default source name. Or specify another one to be used with this configuration.

The Getting started with the Splunk integration in Chrome Enterprise Core document guides you through the process of setting up the integration between Chrome Enterprise Core and Splunk.

DOWNLOAD GUIDE (PDF)

 CrowdStrike

Field Description

Configuration ID

The name that’s shown on the User & browsers settings page and the Connectors page.

Ingest Token

Ingest token obtained from https://cloud.us.humio.com
Host Name The host name of your CrowdStrike instance. Most likely cloud.us.humio.comsa-cluster.humio-support.com, or your on-prem instance.

The Getting started with the CrowdStrike Falcon LogScale integration in Chrome Enterprise Core document guides you through the process of setting up the integration between Chrome Enterprise Core and CrowdStrike.

DOWNLOAD GUIDE (PDF)

Palo Alto Networks

Field Description

Configuration ID

The ID that’s shown on the User & browsers settings page and the Connectors page.

API key

The API key to specify when calling the Palo Alto Networks injection API to identify the customer.

Host Name

The host name of your Palo Alto Networks instance. Most likely cortex-gateway.paloaltonetworks.com or your on-prem instance.

The Getting started with Palo Alto Networks Integration in Chrome Enterprise Core document guides you through the process of setting up the integration between Chrome Enterprise Core and Palo Alto Networks.

DOWNLOAD GUIDE (PDF)

Reported event types

Chrome Data Protection events are available only for customers who have purchased Chrome Enterprise Premium. For more information about Chrome Enterprise Premium and how to set it up, go to Protect Chrome users with Chrome Enterprise Premium.

For details about the various events that Chrome audit log shows, go to Chrome log events.

Related topics

Google and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.

Was this helpful?

How can we improve it?
Search
Clear search
Close search
Google apps
Main menu