In October 2022, we announced our partnership with Google Chrome Enterprise to give organizations greater visibility into managed Chrome Enterprise browsers and ChromeOS for security use cases. Today, we’re proud to announce the next step in this partnership: an integration between CrowdStrike Falcon® LogScale and Google Chrome Enterprise Connectors Framework to give joint customers an easier way to ingest Chrome security telemetry for better threat hunting. 

The Chrome Enterprise package, available now in the Falcon LogScale Marketplace, allows security teams to improve threat hunts and cut incident response times by easily observing abnormal and suspicious activity that occurs within ChromeOS and the Chrome browser. 

Delivering Insight Through Visibility

Central to the new integration are Falcon LogScale dashboards and widgets that cover the current Chrome Threat and ChromeOS event types, which are supported via the Chrome Enterprise Connectors Framework.

The Chrome Enterprise package provides joint customers a turnkey solution for security monitoring and in-depth incident investigations. Users can now seamlessly integrate and correlate user authentications, suspicious or malicious webpage visits, and data control events to quickly identify unusual activity indicative of attacks and immediately take action to stop breaches.

The dashboards provide a dynamic view of Chrome data and can be adapted to meet any operational or security need. The package includes a parser as well as four dashboards for providing a general event overview and monitoring events in the Chrome browser, ChromeOS and installations of Chrome extensions on Chrome browsers. 

Additionally, the package allows joint customers to focus on event types, such as extension installations, to improve detection of suspicious extensions. It also monitors for USB device connections on ChromeOS to detect possible data exfiltration.

Get Started in Minutes

With this new integration, Falcon LogScale customers can easily collect and store ChromeOS logs using a new, high-throughput reporting connector that directly serves events to their Falcon LogScale instance with minimal latency. By configuring the reporting connector with the Falcon LogScale URL and ingest token, managed devices within all selected organizational units will send events directly to the Falcon LogScale repository for streamlined deployment, faster data ingestion and better threat hunting. 

Additional Resources

• Download the Chrome Enterprise package from the Falcon LogScale Community GitHub repository and from the Falcon LogScale Marketplace.
• Going to Fal.Con 2023? Add this session to your agenda: “Expanding Horizons with Falcon LogScale: Exploring the App Ecosystem and Key Integrations.” 
• See Falcon LogScale in action in this fast-paced demo.
• Sharpen your threat hunting skills with Falcon LogScale by attending a hands-on lab.