Skip to main content


Splunk Lantern

Improving Google Chrome security


Users in your organization use Google’s Chrome browser. To improve the security around this, you use the security event reporting that Google Chrome provides from Chrome browsers directly to the Google Admin console. The events reported cover a wide range of use cases which help to detect and mitigate several classes of attacks, possible vulnerabilities and any user misbehavior within managed Google Chrome browsers.

Using the Google Admin console, you can add Splunk as a Chrome Reporting connector to send these events to Splunk HTTP Event Collector. The Google Admin console and APIs allow administrators to configure which events send to Splunk Cloud Platform through custom filtering.

By using Splunk as a Chrome Reporting Connector, you can enhance the security of the Chrome browser through integrating with Splunk to receive events (such as malware transfer, unsafe site visit, password reuse, and password change) and selecting specific data sets to be processed.

Required data

Data normalized to the following CIM models:

Next steps

Events that appear should be investigated further and assessed against your existing organizational policies.

These additional Splunk resources might help you understand and implement this use case:

Still need help with this use case? Most customers have OnDemand Services per their license support plan. Engage the ODS team at if you require assistance.