Overview of Chrome Enterprise Threats Category

Supported in:

Google SecOps SIEM

This document provides an overview of the rule sets within the Chrome Enterprise Threats category, the required data sources, and configuration you can use to tune the alerts generated by each rule set. Rule sets in the Chrome Enterprise Threat category help identify threats in the Google Cloud environment using Chrome Enterprise Management logs. This category includes the following rule sets:

Chrome Extension Threats: Detects activities related to Chrome extensions that could indicate malicious or suspicious behavior.
Chrome Browser Threats: Detects suspicious behavior within Chrome browser that may indicate a compromise. This includes, but is not limited to, payload deliveries, exfiltration attempts, and password harvesting.

Supported devices and log types

The rule sets in the Chrome Enterprise Threats category require logs from the following Google Security Operations data sources:

Chrome Management Logs (CHROME_MANAGEMENT)

To feed these logs to Google SecOps, follow the steps in Collect Google Chrome logs. Contact your Google SecOps representative if you need to collect these logs using a different mechanism.

For a list of all Google SecOps supported data sources, see Supported log types and default parsers.

Tune alerts returned by rule sets

You can reduce the number of detections a rule or rule set generates using rule exclusions.

A rule exclusion defines the criteria used to exclude an event from being evaluated by the rule set, or by specific rules in the rule set. Create one or more rule exclusions to help reduce the volume of detections. See Configure rule exclusions for more information.

Need more help? Get answers from Community members and Google SecOps professionals.