# Google Security Operations (Chronicle)

### Overview

Keeper supports event streaming into Google Security Operations, formerly known as Google Chronicle. External logging is real-time, and new events will appear almost immediately. Setup instructions are below.

{% stepper %}
{% step %}

### Create an API Key

* Go to the Google Cloud console and select the project associated to your Google Security Operations (Chronicle) environment.
* Select **APIs & Services** > **Credentials** and **create a new Credential** > **API Key**.
* After creating the API key, edit the key and apply restrictions. 
* Ensure that the API key is restricted to "**Chronicle API**" capabilities only.
* Save this `API key` for step 3 below.

<figure><img src="https://4290574019-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LO5CAzpxoaEquZJBpYz%2Fuploads%2FwHnQEkbbbG5G7M87qvKD%2FScreenshot%202025-07-03%20at%2010.32.57%E2%80%AFAM.png?alt=media&#x26;token=33cbc729-66e8-47cf-bf47-ee134b51caf0" alt=""><figcaption><p>API Key</p></figcaption></figure>
{% endstep %}

{% step %}

### Create a Feed

From your Google Security Operations tenant:

* Go to **Settings** > **Feeds** > **Add Feed**
* Select Source Type of "Webhook" and then select Log Type of "Keeper Enterprise Security"
* Select **Next** and then **Submit**.
* When prompted, generate the `Secret Key` and save it for the step 3.
* Also, copy the `Feed Endpoint` and save this for step 3.

<figure><img src="https://4290574019-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LO5CAzpxoaEquZJBpYz%2Fuploads%2FTuePD6CIzdKGwnyj1eMA%2FScreenshot%202025-07-03%20at%209.57.02%E2%80%AFAM.png?alt=media&#x26;token=38df6cf3-3dca-4561-ba62-a23d9da31987" alt=""><figcaption></figcaption></figure>

<figure><img src="https://4290574019-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LO5CAzpxoaEquZJBpYz%2Fuploads%2Frz0APdybgtr4hecdxjSb%2FScreenshot%202025-07-03%20at%2010.01.26%E2%80%AFAM.png?alt=media&#x26;token=57ea4fa0-8ab8-408e-b51b-be8a326b66c4" alt=""><figcaption></figcaption></figure>

<figure><img src="https://4290574019-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LO5CAzpxoaEquZJBpYz%2Fuploads%2Fmzb6jmrci17QN1IwWiAa%2FScreenshot%202025-07-03%20at%2010.03.24%E2%80%AFAM.png?alt=media&#x26;token=4a1028b9-18c5-40b7-97ca-3cd76b5b9d9c" alt=""><figcaption><p>Feed Secret Key</p></figcaption></figure>

<figure><img src="https://4290574019-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LO5CAzpxoaEquZJBpYz%2Fuploads%2FGSdDzWHXs3ViL7cvhgur%2FScreenshot%202025-07-03%20at%2010.19.20%E2%80%AFAM.png?alt=media&#x26;token=429f2ea3-9621-40bb-a55b-7a0df3ed9d33" alt=""><figcaption><p>Endpoint Information</p></figcaption></figure>
{% endstep %}

{% step %}

### Activate Integration

* From the **Keeper Admin Console**, go to **Reporting & Alerts** > **External Logging**
* Select **Google Security Operations**
* Provide `API Key` from step 1, `Feed Endpoint` and `Feed Secret Key` from Step 2.
* Click **Test** and then **Save**.

<figure><img src="https://4290574019-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LO5CAzpxoaEquZJBpYz%2Fuploads%2Fg6zBmQlZf8LY4S1OkFnE%2FScreenshot%202025-07-03%20at%2010.20.06%E2%80%AFAM.png?alt=media&#x26;token=379bf63d-1b62-45ce-948e-922b2ff44772" alt=""><figcaption><p>Admin Console Settings</p></figcaption></figure>
{% endstep %}
{% endstepper %}

### Setup Complete!

When SIEM logs are sent from Keeper to Google, the data will begin to populate within 15 minutes.