This document provides an overview of the rule sets within the Chrome Enterprise
Threats category, the required data sources, and configuration you can use to
tune the alerts generated by each rule set.
Rule sets in the Chrome Enterprise Premium Threats category help identify threats in the
Google Cloud environment using Chrome Enterprise Premium Management logs. This category
includes the following rule sets:
Chrome Extension Threats: Detects activities related to Chrome extensions
that could indicate malicious or suspicious behavior.
Chrome Browser Threats: Detects suspicious behavior within Chrome browser that
may indicate a compromise. This includes, but is not limited to, payload
deliveries, exfiltration attempts, and password harvesting.
Supported devices and log types
The rule sets in the Chrome Enterprise Premium Threats category require logs from the
following Google Security Operations data sources:
Chrome Management Logs (CHROME_MANAGEMENT)
To feed these logs to Google SecOps, follow the steps in
Collect Google Chrome logs.
Contact your Google SecOps representative if you need to collect
these logs using a different mechanism.
You can reduce the number of detections a rule or rule set generates using
rule exclusions.
A rule exclusion defines the criteria used to exclude an event from being
evaluated by the rule set, or by specific rules in the rule set. Create one or
more rule exclusions to help reduce the volume of detections. See
Configure rule exclusions for more
information.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-29 UTC."],[[["\u003cp\u003eThe Chrome Enterprise Threats category in Google SecOps identifies potential threats within the Google Cloud environment using Chrome Enterprise Management logs.\u003c/p\u003e\n"],["\u003cp\u003eThis category includes rule sets like Chrome Extension Threats, which detect malicious or suspicious behavior related to Chrome extensions, and Chrome Browser Threats, which detect suspicious browser activity indicative of compromise.\u003c/p\u003e\n"],["\u003cp\u003eThe rule sets in this category require Chrome Management Logs (\u003ccode\u003eCHROME_MANAGEMENT\u003c/code\u003e) from Google Security Operations data sources.\u003c/p\u003e\n"],["\u003cp\u003eYou can tune alerts generated by these rule sets and reduce the number of detections through the use of rule exclusions, which filter out specific events from being evaluated.\u003c/p\u003e\n"]]],[],null,["# Overview of Chrome Enterprise Premium Threats Category\n======================================================\n\nSupported in: \nGoogle secops [SIEM](/chronicle/docs/secops/google-secops-siem-toc)\n| **Note:** This feature is covered by [Pre-GA Offerings Terms](https://chronicle.security/legal/service-terms/) of the Google Security Operations Service Specific Terms. Pre-GA features might have limited support, and changes to pre-GA features might not be compatible with other pre-GA versions. For more information, see the [Google SecOps Technical Support Service guidelines](https://chronicle.security/legal/technical-support-services-guidelines/) and the [Google SecOps Service Specific Terms](https://chronicle.security/legal/service-terms/).\n\nThis document provides an overview of the rule sets within the Chrome Enterprise\nThreats category, the required data sources, and configuration you can use to\ntune the alerts generated by each rule set.\nRule sets in the Chrome Enterprise Premium Threats category help identify threats in the\nGoogle Cloud environment using Chrome Enterprise Premium Management logs. This category\nincludes the following rule sets:\n\n- **Chrome Extension Threats**: Detects activities related to Chrome extensions\n that could indicate malicious or suspicious behavior.\n\n- **Chrome Browser Threats**: Detects suspicious behavior within Chrome browser that\n may indicate a compromise. This includes, but is not limited to, payload\n deliveries, exfiltration attempts, and password harvesting.\n\nSupported devices and log types\n-------------------------------\n\nThe rule sets in the Chrome Enterprise Premium Threats category require logs from the\nfollowing Google Security Operations data sources:\n\n- Chrome Management Logs (`CHROME_MANAGEMENT`)\n\nTo feed these logs to Google SecOps, follow the steps in\n[Collect Google Chrome logs](/chronicle/docs/ingestion/default-parsers/collect-chrome-management).\nContact your Google SecOps representative if you need to collect\nthese logs using a different mechanism.\n\nFor a list of all Google SecOps supported data sources, see\n[Supported log types and default parsers](/chronicle/docs/ingestion/parser-list/supported-default-parsers).\n\nTune alerts returned by rule sets\n---------------------------------\n\nYou can reduce the number of detections a rule or rule set generates using\n[rule exclusions](/chronicle/docs/detection/rule-exclusions).\n\nA rule exclusion defines the criteria used to exclude an event from being\nevaluated by the rule set, or by specific rules in the rule set. Create one or\nmore rule exclusions to help reduce the volume of detections. See\n[Configure rule exclusions](/chronicle/docs/detection/rule-exclusions) for more\ninformation.\n\n**Need more help?** [Get answers from Community members and Google SecOps professionals.](https://security.googlecloudcommunity.com/google-security-operations-2)"]]
