> For the complete documentation index, see [llms.txt](https://docs.keeper.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.keeper.io/enterprise-guide/event-reporting/google-security-operations-chronicle.md).

# Google Security Operations (Chronicle)

### Overview

Keeper supports event streaming into Google Security Operations, formerly known as Google Chronicle. External logging is real-time, and new events will appear almost immediately. Setup instructions are below.

{% stepper %}
{% step %}

### Create an API Key

* Go to the Google Cloud console and select the project associated to your Google Security Operations (Chronicle) environment.
* Select **APIs & Services** > **Credentials** and **create a new Credential** > **API Key**.
* After creating the API key, edit the key and apply restrictions.
* Ensure that the API key is restricted to "**Chronicle API**" capabilities only.
* Save this `API key` for step 3 below.

<figure><img src="/files/aNuNTgWIBmaG6reFmYVF" alt=""><figcaption><p>API Key</p></figcaption></figure>
{% endstep %}

{% step %}

### Create a Feed

From your Google Security Operations tenant:

* Go to **Settings** > **Feeds** > **Add Feed**
* Select Source Type of "Webhook" and then select Log Type of "Keeper Enterprise Security"
* Select **Next** and then **Submit**.
* When prompted, generate the `Secret Key` and save it for the step 3.
* Also, copy the `Feed Endpoint` and save this for step 3.

<figure><img src="/files/UbLPO6Mow54F6qThnSp0" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/ctbOU36c9K2sOoHD078d" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/Qmz2qaNdY8x55seIbzMQ" alt=""><figcaption><p>Feed Secret Key</p></figcaption></figure>

<figure><img src="/files/Nyhsc1TzJVhiicBbbJ67" alt=""><figcaption><p>Endpoint Information</p></figcaption></figure>
{% endstep %}

{% step %}

### Activate Integration

* From the **Keeper Admin Console**, go to **Reporting & Alerts** > **External Logging**
* Select **Google Security Operations**
* Provide `API Key` from step 1, `Feed Endpoint` and `Feed Secret Key` from Step 2.
* Click **Test** and then **Save**.

<figure><img src="/files/uBrWtMo6woCvBw9EWtA1" alt=""><figcaption><p>Admin Console Settings</p></figcaption></figure>
{% endstep %}
{% endstepper %}

### Setup Complete!

When SIEM logs are sent from Keeper to Google, the data will begin to populate within 15 minutes.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.keeper.io/enterprise-guide/event-reporting/google-security-operations-chronicle.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.