[Meta] Review Google Chrome Logs Data for Potential Browser-Based Detections Rules

[terrancedejesus]

Parent Epic (If Applicable)

Meta Summary

This meta is used to track the review of Google Chrome Log ingestion into the Elastic Stack via the Google Workspace integration. Google Chrome logs are available from the Reports: Admin API endpoint in Google Workspace. This potentially grants visibility into end user behavior via the browser that could be used to detect browser-based threats.

This meta is meant to only capture the triage and exploration of this. If viable, another meta will be created and scoped accordingly to add additional detection rules.

Estimated Time to Complete

1 Week

Potential Blockers

Tasklist

### Meta Tasks
- [ ] Provide Week 1 Update Comment
- [ ] Provide Week 2 Update or Closeout Comment
- [ ] Setup Google Workspace Lab
- [ ] Add Several Temporary Users
- [ ] Setup Google Chrome Monitoring from Admin Console
- [ ] Emulate Legitimate and Malicious Behavior
- [ ] Review Ingested Data and Data Model for Plausible Data Points to Write Detection Rules On
- [ ] Create Next Meta (if applicable)

Resources / References

• https://support.google.com/a/answer/9393909?hl=en
• https://docs.elastic.co/en/integrations/google_workspace

[botelastic[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[botelastic[bot]]

This has been closed due to inactivity. If you feel this is an error, please re-open and include a justifying comment.