Falcon LogScale Users Gain Better Threat Hunting with Chrome Enterprise Security Telemetry

New integration helps Falcon LogScale users quickly ingest security telemetry from the Chrome browser and ChromeOS

In October 2022, we announced our partnership with Google Chrome Enterprise to give organizations greater visibility into managed Chrome Enterprise browsers and ChromeOS for security use cases. Today, we’re proud to announce the next step in this partnership: an integration between CrowdStrike Falcon® LogScale and Google Chrome Enterprise Connectors Framework to give joint customers an easier way to ingest Chrome security telemetry for better threat hunting.

 

The Chrome Enterprise package, available now in the Falcon LogScale Marketplace, allows security teams to improve threat hunts and cut incident response times by easily observing abnormal and suspicious activity that occurs within ChromeOS and the Chrome browser.

Delivering Insight Through Visibility

Central to the new integration are Falcon LogScale dashboards and widgets that cover the current Chrome Threat and ChromeOS event types, which are supported via the Chrome Enterprise Connectors Framework.

The Chrome Enterprise package provides joint customers a turnkey solution for security monitoring and in-depth incident investigations. Users can now seamlessly integrate and correlate user authentications, suspicious or malicious webpage visits, and data control events to quickly identify unusual activity indicative of attacks and immediately take action to stop breaches.

The dashboards provide a dynamic view of Chrome data and can be adapted to meet any operational or security need. The package includes a parser as well as four dashboards for providing a general event overview and monitoring events in the Chrome browser, ChromeOS and installations of Chrome extensions on Chrome browsers.

 

Additionally, the package allows joint customers to focus on event types, such as extension installations, to improve detection of suspicious extensions. It also monitors for USB device connections on ChromeOS to detect possible data exfiltration.

Chrome extension monitoring dashboard in Falcon LogScale (click to enlarge)

Get Started in Minutes

With this new integration, Falcon LogScale customers can easily collect and store ChromeOS logs using a new, high-throughput reporting connector that directly serves events to their Falcon LogScale instance with minimal latency. By configuring the reporting connector with the Falcon LogScale URL and ingest token, managed devices within all selected organizational units will send events directly to the Falcon LogScale repository for streamlined deployment, faster data ingestion and better threat hunting.

Additional Resources