> For the complete documentation index, see [llms.txt](https://docs.keeper.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.keeper.io/enterprise-guide/event-reporting/google-security-operations-chronicle.md).

# Google Security Operations (Chronicle)

### Overview

Keeper supports event streaming into Google Security Operations, formerly known as Google Chronicle. External logging is real-time, and new events will appear within a few minutes. Setup instructions are below.

{% stepper %}
{% step %}

### Create an API Key

* Go to the Google Cloud console and select the project associated with your Google Security Operations (Chronicle) environment.
* Select **APIs & Services** > **Credentials** and **create a new credential** > **API Key**.
* After creating the API key, edit the key and apply restrictions.&#x20;
* Ensure that the API key is restricted to "**Chronicle API**" capabilities only.
* Save this `API key` for step 3 below.

<figure><img src="/files/aNuNTgWIBmaG6reFmYVF" alt=""><figcaption><p>API Key</p></figcaption></figure>
{% endstep %}

{% step %}

### Create a Feed

From your Google Security Operations tenant:

* Go to **Settings** > **Feeds** > **Add Feed.**
* Select Source Type of "Webhook" and then select Log Type of "Keeper Enterprise Security"
* Select **Next** and then **Submit**.
* When prompted, generate the `Secret Key` and save it for step 3.
* Also, copy the `Feed Endpoint` and save this for step 3.

<figure><img src="/files/UbLPO6Mow54F6qThnSp0" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/ctbOU36c9K2sOoHD078d" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/Qmz2qaNdY8x55seIbzMQ" alt=""><figcaption><p>Feed Secret Key</p></figcaption></figure>

<figure><img src="/files/Nyhsc1TzJVhiicBbbJ67" alt=""><figcaption><p>Endpoint Information</p></figcaption></figure>
{% endstep %}

{% step %}

### Activate Integration

* From the **Keeper Admin Console**, go to **Reporting & Alerts** > **External Logging.**
* Select **Google Security Operations.**
* Provide `API Key` from step 1, `Feed Endpoint` and `Feed Secret Key` from Step 2.
* Click **Test** and then **Save**.

<figure><img src="/files/uBrWtMo6woCvBw9EWtA1" alt=""><figcaption><p>Admin Console Settings</p></figcaption></figure>
{% endstep %}
{% endstepper %}

### Setup Complete

When audit events are sent from Keeper to Google, the data will begin to populate within a few minutes.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.keeper.io/enterprise-guide/event-reporting/google-security-operations-chronicle.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
