Planning your return to office strategy? See how Chrome OS can help.

Manage Chrome Enterprise reporting connectors

Applies to managed Chrome browsers and Chrome OS devices.

As an admin, you can use the Google Admin console to get Chrome to report events to third-party service providers. For example, you can configure Chrome to report security events such as malware transfer, unsafe site visits, and password reuse. You can let Chrome report events using multiple service providers and configurations at the same time.

Step 1: Add new provider configurations

You must be a Super Admin to add new provider configurations. For details about the Super Admin role, see Pre-built administrator roles.

  1. Sign in to your Google Admin console.

    Sign in using an account with super administrator privileges (does not end in @gmail.com).

  2. From the Admin console Home page, go to Devicesand thenChrome.
  3. Click Connectors.
  4. (Optional) If you’re configuring Chrome Enterprise connectors settings for the first time, follow the prompts to turn on Chrome Enterprise Connectors.
  5. At the top, click + New provider configuration.
  6. In the panel that appears on the right, find the provider that you want.
  7. Click Set up.
  8. Enter the configuration details. For information, see Provider configuration details below.
  9. Click Add configuration.

Configurations are added for your entire organization. Then, you can use them in any organizational unit, as needed.

After you add a new configuration, it's listed on the Connectors page. You can see the configurations that you added for each provider and the number of organizational units where it’s connected.

Step 2: Configure reporting

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console Home page, go to Devicesand thenChrome.
  3. Click Settingsand thenUsers & browsers.
  4. To apply the setting to everyone, leave the top organizational unit selected. Otherwise, select a child organizational unit.
  5. Go to Chrome Enterprise connectors.
  6. (Optional) Next to Security events reporting, select Allow selected events.
  7. (Optional) Configure additional settings. Choose the reported event types that you need, based on what type of content you want to send for analysis. For details, see Chrome audit log.
    • Default event types—Chrome threat and data protection events include malware transfer, password reuse, and unsafe site visits.
  8. Click Save.

Step 3: Choose configuration to use

  1. Still on the Admin console's Users and browsers settings page, next to Security events reporting, click the Reporting connector provider configurations link.
    Or, from the Admin console Home page, go to Devicesand thenChromeand thenConnectors.
  2. Select a child organizational unit.
  3. For Reporting connectors, check the box next to the configurations that you want to use.
  4. Click Save.

Note: Even if you don't use a configuration, events are still reported and available in the Chrome log events.

Manage configurations

Add a configuration to an existing provider

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console Home page, go to Devicesand thenChrome.
  3. Click Connectors.
  4. On the left, make sure that All browsers & devices is selected.
  5. Find the connector provider you want to add a configuration to.
  6. On the far right, click Add another or delete all configurations"".
  7. Click Add another configuration.
  8. Enter the configuration details. For information, see Provider configuration details.
  9. Click Add configuration.

View or edit a configuration

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console Home page, go to Devicesand thenChrome.
  3. Click Connectors.
  4. For the configuration that you want to change, click Details.
  5. In the Provider configuration section, click Edit.
  6. Make your changes.
  7. Click Save configuration.

Remove configurations

Remove all configurations for a service provider

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console Home page, go to Devicesand thenChrome.
  3. Click Connectors.
  4. Find the connector provider you want to remove all configurations for.
  5. On the far right, click Add another or delete all configurations"".
  6. Click Delete all configurations.
  7. Click Delete to confirm.

Remove a specific configuration

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console Home page, go to Devicesand thenChrome.
  3. Click Connectors.
  4. Find the configuration you want to remove.
  5. On the far right, click Delete this configuration"".
  6. Click Delete.
  7. Click Delete to confirm.

Provider configuration details

Chronicle

Field Description

Configuration name

The name that’s shown on the User & browsers settings page and the Connectors page.

API key

The API key to specify when calling the Chronicle injection API to identify the customer.

The Integrate Chronicle with Chrome browser in Chrome Browser Cloud Management document guides you through the process of setting up the integration between Chrome Browser Cloud Management and Chronicle.

DOWNLOAD GUIDE (PDF)

Google Cloud Pub/Sub

Field Description

Configuration name

The name that’s shown on the User & browsers settings page and the Connectors page.

Topic full path

Pub/Sub resource unique identifier, such as projects/sampleproject/topics/sampletopic.

Note: Topics must have publish permissions set for the account
cloud-pub-sub-publisher@chrome-reporting.iam.gserviceaccount.com

The Integrate Google Cloud Pub/Sub with Chrome browser in Chrome Browser Cloud Management document guides you through the process of setting up the integration between Chrome Browser Cloud Management and Google Cloud Pub/Sub.

DOWNLOAD GUIDE (PDF)

Splunk

Field Description

Configuration name

The name that’s shown on the User & browsers settings page and the Connectors page.

Http event collector

Protocol, domain, and port of the HTTP event collector to receive the events.

Token

The authorization token of the HTTP event collector.

Source name override

Leave empty to use the HTTP event collector default source name. Or specify another one to be used with this configuration.

The Getting started with the Splunk integration in Chrome Browser Cloud Management document guides you through the process of setting up the integration between Chrome Browser Cloud Management and Splunk.

DOWNLOAD GUIDE (PDF)

Reported event types

Chrome Threat and Chrome Data Protection events are available only for customers who have purchased BeyondCorp Enterprise. For more information about BeyondCorp and how to set it up, go to Protect Chrome users with BeyondCorp Threat and Data Protection.

For details about the various events that Chrome audit log shows, go to Chrome log events.

Related topics

Google and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.

Was this helpful?
How can we improve it?
Search
Clear search
Close search
Google apps
Main menu
Search Help Center
true
410864
false
false