Chrome log events—Events and attributes
The table below describes in detail the attributes of each Chrome event. The event to attribute mapping spreadsheet
gives a high level view of which attributes you can view for chrome events in your organization.
| Chrome event | Attribute name— Reporting connector |
Attribute name— Google Admin console |
Attribute description | Attribute example |
|---|---|---|---|---|
|
Browser Crash
|
agents | For Crowdstrike
Crowdstrike Agent ID and Crowdstrike Customer ID |
Information about agents installed on the device. Only Crowdstrike agents are currently supported. | "crowdstrike": {
|
|
Browser Crash
|
browser_channel | Browser Channel | Browser channel. | dev, canary, unknown, stable |
|
Browser Crash
|
browser_version | Browser Version | Version of Chrome browser. | 113.0.5628.0 |
|
Browser Crash
|
client_type | Client Type | Managed Chrome surface where the event happened. | Chrome browser, Chrome profile, ChromeOS, Unknown |
|
Browser Crash
|
— | Description | Text description of the event. | The browser (version 113.0.5653.2 on channel canary) crashed and uploaded a report with ID 88b738e0299cb2c1 |
|
Browser Crash
|
device_id | Device ID | The ID of the device. The value is platform-specific. Not reported for unmanaged devices with managed user profiles. |
ab81082c-6839-450d-9ed6-7b3c268d6b94 |
|
Browser Crash
|
device_name | Device Name | Name of the device on which the event happened. Not reported for unmanaged devices with managed user profiles. |
KIRANWINDOWS |
|
Browser Crash
|
device_user | Device User | The user's name as reported by the OS. Not reported for unmanaged devices with managed user profiles. |
ALTOSTRAT\kiran |
|
Browser Crash
|
directory_device_id | Directory Device ID | Device ID returned by the directory API. Not reported for unmanaged devices with managed user profiles. | 7e6d4bae-e869-4da3-8822-1de247d7542f |
|
Browser Crash
|
event | Event | The logged event action. | browserCrashEvent—Browser crash |
|
Browser Crash
|
local_ips | Local IP | The IP address of the device. | 172.16.1.1 192.168.1.1 |
|
Browser Crash
|
os_platform | Device Platform | The OS that the browser is running. Not reported for unmanaged devices with managed user profiles. | Windows 10 |
|
Browser Crash
|
os_version | — | The version of the OS that is running the browser. Not reported for unmanaged devices with managed user profiles. | 15278.64.0 |
|
Browser Crash
|
profile_user | Profile User | User name of the signed in user for the Chrome profile. Blank if the user has not signed into a profile. | kiran |
|
Browser Crash
|
remote_ip | Remote IP | The public IP address of the server being communicated with. | 192.168.1.1 |
|
Browser Crash
|
report_id | Report ID | Alphanumeric ID. | 88b738e0299cb2c1 |
|
Browser Crash
|
time | Date | Date and time when the event was received. | 2023-03-02T22:07:21-08:00 |
|
Browser Crash
|
user_agent | User Agent | The user agent string of the browser used to access the content. | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4140.0 Safari/537.36 |
|
Content Transfer
|
agents | For Crowdstrike
Crowdstrike Agent ID and Crowdstrike Customer ID |
Information about agents installed on the device. Only Crowdstrike agents are currently supported. | "crowdstrike": {
|
|
Content Transfer
|
browser_version | Browser Version | Version of Chrome browser. | 113.0.5628.0 |
|
Content Transfer
|
client_type | Client Type | Managed Chrome surface where the event happened. | Chrome browser, Chrome profile, ChromeOS, Unknown |
|
Content Transfer
|
content_hash | Content Hash | The SHA256 hash of the content. | |
|
Content Transfer
|
content_name | Content Name | The name of the content, such as a filename. | |
|
Content Transfer
|
content_size | Content Size | The size of the content, in bytes. | |
|
Content Transfer
|
content_transfer_method | Content Transfer Method | The method for content transferring. | file picker, drag and drop, file paste |
|
Content Transfer
|
content_type | Content Type | The media (MIME) type of content. | text, html |
|
Content Transfer
|
— | Description | Text description of the event. | Content was transferred |
|
Content Transfer
|
device_id | Device ID | The ID of the device. The value is platform-specific. Not reported for unmanaged devices with managed user profiles. |
ab81082c-6839-450d-9ed6-7b3c268d6b94 |
|
Content Transfer
|
device_name | Device Name | Name of the device on which the event happened. Not reported for unmanaged devices with managed user profiles. |
KIRANWINDOWS |
|
Content Transfer
|
device_user | Device User | The user's name as reported by the OS. Not reported for unmanaged devices with managed user profiles. |
ALTOSTRAT\kiran |
|
Content Transfer
|
directory_device_id | Directory Device ID | Device ID returned by the directory API. Not reported for unmanaged devices with managed user profiles. | 7e6d4bae-e869-4da3-8822-1de247d7542f |
|
Content Transfer
|
event | Event | The logged event action. | contentTransferEvent—Content transfer |
|
Content Transfer
|
local_ips | Local IP | The IP address of the device. | 172.16.1.1 192.168.1.1 |
|
Content Transfer
|
os_platform | Device Platform | The OS that the browser is running. Not reported for unmanaged devices with managed user profiles. | Windows 10 |
|
Content Transfer
|
os_version | — | The version of the OS that is running the browser. Not reported for unmanaged devices with managed user profiles. | 15278.64.0 |
|
Content Transfer
|
profile_user | Profile User | User name of the signed in user for the Chrome profile. Blank if the user has not signed into a profile. | kiran |
|
Content Transfer
|
remote_ip | Remote IP | The public IP address of the server being communicated with. | 192.168.1.1 |
|
Content Transfer
|
result | Event result | The result of the event based on the policies and rules set. | Detected |
|
Content Transfer
|
scan_id | — | Scan ID. | 4A43FB462E48008A30451B17E204CF6B529EA1828C9C92FF7A514925BECFFD8E609D84DB2AA362ECC475A6DBFFD8E0C681E12A5D786619D011966306640C440A1D4DE84A24D18824D1D1EC4C4463109EE67E24A0CA60BC764A6695158C35AD3D2E4E038C2FEB3C65EB22761E7165FDA1DB7E840696481427A86BEA296C2E30B2 |
|
Content Transfer
|
tab_url | Tab URL | On a file download, the returned URL does not match the Tab URL. | If the user is on Google Drive and they download a file, the URL is something like googleusercontents.com/myfile.txt, and the Tab Url is drive.google.com. In every other case, both URLs are the same. |
|
Content Transfer
|
time | Date | Date and time when the event was received. | 2023-03-02T22:07:21-08:00 |
|
Content Transfer
|
trigger_type | Trigger Type | The user action that triggered the event. | Unknown, Page printed, File upload, File download, Web content upload |
|
Content Transfer
|
user_agent | User Agent | The user agent string of the browser used to access the content. | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4140.0 Safari/537.36 |
|
Content Transfer
|
url | URL | URL of file or upload page. | |
|
Content Unscanned
|
agents | For Crowdstrike
Crowdstrike Agent ID and Crowdstrike Customer ID |
Information about agents installed on the device. Only Crowdstrike agents are currently supported. | "crowdstrike": {
|
|
Content Unscanned
|
browser_version | Browser Version | Version of Chrome browser. | 113.0.5628.0 |
|
Content Unscanned
|
client_type | Client Type | Managed Chrome surface where the event happened. | Chrome browser, Chrome profile, ChromeOS, Unknown |
|
Content Unscanned
|
content_hash | Content Hash | The SHA256 hash of the content. | |
|
Content Unscanned
|
content_name | Content Name | The name of the content, such as a filename. | |
|
Content Unscanned
|
content_size | Content Size | The size of the content, in bytes. | |
|
Content Unscanned
|
content_transfer_method | Content Transfer Method | The method for content transferring. | file picker, drag and drop, file paste |
|
Content Unscanned
|
content_type | Content Type | The media (MIME) type of content. | text, html |
|
Content Unscanned
|
— | Description | Text description of the event. | The transferred content was not scanned because of |
|
Content Unscanned
|
device_id | Device ID | The ID of the device. The value is platform-specific. Not reported for unmanaged devices with managed user profiles. |
ab81082c-6839-450d-9ed6-7b3c268d6b94 |
|
Content Unscanned
|
device_name | Device Name | Name of the device on which the event happened. Not reported for unmanaged devices with managed user profiles. |
KIRANWINDOWS |
|
Content Unscanned
|
device_user | Device User | The user's name as reported by the OS. Not reported for unmanaged devices with managed user profiles. |
ALTOSTRAT\kiran |
|
Content Unscanned
|
directory_device_id | Directory Device ID | Device ID returned by the directory API. Not reported for unmanaged devices with managed user profiles. | 7e6d4bae-e869-4da3-8822-1de247d7542f |
|
Content Unscanned
|
event | Event | The logged event action. | unscannedFileEvent—Content unscanned |
|
Content Unscanned
|
local_ips | Local IP | The IP address of the device. | 172.16.1.1 192.168.1.1 |
|
Content Unscanned
|
os_platform | Device Platform | The OS that the browser is running. Not reported for unmanaged devices with managed user profiles. | Windows 10 |
|
Content Unscanned
|
os_version | — | The version of the OS that is running the browser. Not reported for unmanaged devices with managed user profiles. | 15278.64.0 |
|
Content Unscanned
|
profile_user | Profile User | User name of the signed in user for the Chrome profile. Blank if the user has not signed into a profile. | kiran |
|
Content Unscanned
|
reason | Event reason | Reason for the event. | FILE_PASSWORD_PROTECTED, FILE_TOO_LARGE, DLP_SCAN_FAILED, MALWARE_SCAN_FAILED, MALWARE_SCAN_UNSUPPORTED_FILE_TYPE, SERVICE_UNAVAILABLE, TOO_MANY_REQUESTS TIMEOUT Note:The Admin console appends the Event name, such as CONTENT_UNSCANNED_FILE_PASSWORD_PROTECTED |
|
Content Unscanned
|
remote_ip | Remote IP | The public IP address of the server being communicated with. | 192.168.1.1 |
|
Content Unscanned
|
time | Date | Date and time when the event was received. | 2023-03-02T22:07:21-08:00 |
|
Content Unscanned
|
result | Event result | The result of the event based on the policies and rules set. | Allowed. |
|
Content Unscanned
|
tab_url | Tab URL | On a file download, the returned URL does not match the Tab URL. | If the user is on Google Drive and they download a file, the URL is something like googleusercontents.com/myfile.txt, and the Tab Url is drive.google.com. In every other case, both URLs are the same. |
|
Content Unscanned
|
trigger_type | Trigger Type | The user action that triggered the event. | Unknown, Page printed, File upload, File download, Web content upload |
|
Content Unscanned
|
user_agent | User Agent | The user agent string of the browser used to access the content. | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4140.0 Safari/537.36 |
|
Content Unscanned
|
url | URL | Upload or download URL, depending on the event | |
|
Data Control Event
|
agents | For Crowdstrike
Crowdstrike Agent ID and Crowdstrike Customer ID |
Information about agents installed on the device. Only Crowdstrike agents are currently supported. | "crowdstrike": {
|
|
Data Control Event
|
browser_version | Browser Version | Version of Chrome browser. | 113.0.5628.0 |
|
Data Control Event
|
client_type | Client Type | Managed Chrome surface where the event happened. | Chrome browser, Chrome profile, ChromeOS, Unknown |
|
Data Control Event
|
— | Description | Text description of the event. | Data access control rule triggered by ChromeOS |
|
Data Control Event
|
destination | Destination | Destination URL value that triggered the event. | |
|
Data Control Event
|
device_id | Device ID | The ID of the device. The value is platform-specific. Not reported for unmanaged devices with managed user profiles. |
ab81082c-6839-450d-9ed6-7b3c268d6b94 |
|
Data Control Event
|
device_name | Device Name | Name of the device on which the event happened. Not reported for unmanaged devices with managed user profiles. |
KIRANWINDOWS |
|
Data Control Event
|
device_user | Device User | The user's name as reported by the OS. Not reported for unmanaged devices with managed user profiles. |
ALTOSTRAT\kiran |
|
Data Control Event
|
directory_device_id | Directory Device ID | Device ID returned by the directory API. Not reported for unmanaged devices with managed user profiles. | 7e6d4bae-e869-4da3-8822-1de247d7542f |
|
Data Control Event
|
event | Event | The logged event action. | dataAccessControlEvent—Data access control |
|
Data Control Event
|
local_ips | Local IP | The IP address of the device. | 172.16.1.1 192.168.1.1 |
|
Data Control Event
|
os_platform | Device Platform | The OS that the browser is running. Not reported for unmanaged devices with managed user profiles. | Windows 10 |
|
Data Control Event
|
os_version | — | The version of the OS that is running the browser. Not reported for unmanaged devices with managed user profiles. | 15278.64.0 |
|
Data Control Event
|
profile_user | Profile User | User name of the signed in user for the Chrome profile. Blank if the user has not signed into a profile. | kiran |
|
Data Control Event
|
reason | Event reason | Reason for the event.This is not reported in reporting connector output | EVENT_REASON_DLP_EVENT |
|
Data Control Event
|
remote_ip | Remote IP | The public IP address of the server being communicated with. | 192.168.1.1 |
|
Data Control Event
|
result | Event result | The result of the event based on the policies and rules set.The reporting connector sends the values in Capital letters. | Reported, Warned, Blocked, Bypassed |
|
Data Control Event
|
source | Source | Source URL value which triggered the event. | |
|
Data Control Event
|
time | Date | Date and time when the event was received. | 2023-03-02T22:07:21-08:00 |
|
Data Control Event
|
trigger_type | Trigger Type | The user action that triggered the event.The reporting connector sends the values in Capital letters. | Clipboard, Files, Screenshot, Screencast, Printing, Eprivacy |
|
Data Control Event
|
url | URL | The URLs which triggered the event. This field does not show up in the reporting connector output. Instead, this is represented as source and destination fields in the reporting connector output. | Source "URL1" Destination "URL2" |
|
Data Control Event
|
user_agent | User Agent | The user agent string of the browser used to access the content. | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4140.0 Safari/537.36 |
|
Extension install
|
agents | For Crowdstrike
Crowdstrike Agent ID and Crowdstrike Customer ID |
Information about agents installed on the device. Only Crowdstrike agents are currently supported. | "crowdstrike": {
|
|
Extension install
|
browser_version | Browser Version | Version of Chrome browser. | 113.0.5628.0 |
|
Extension install
|
client_type | Client Type | Managed Chrome surface where the event happened. | Chrome browser, Chrome profile, ChromeOS, Unknown |
|
Extension install
|
— | Description | Text description of the event. | The browser extension Chrome Web Store Payments with id nmmhkkegccagdldgiimedpiccmgmieda was installed |
|
Extension install
|
device_id | Device ID | The ID of the device. The value is platform-specific. Not reported for unmanaged devices with managed user profiles. |
ab81082c-6839-450d-9ed6-7b3c268d6b94 |
|
Extension install
|
device_name | Device Name | Name of the device on which the event happened. Not reported for unmanaged devices with managed user profiles. |
KIRANWINDOWS |
|
Extension install
|
device_user | Device User | The user's name as reported by the OS. Not reported for unmanaged devices with managed user profiles. |
ALTOSTRAT\kiran |
|
Extension install
|
directory_device_id | Directory Device ID | Device ID returned by the directory API. Not reported for unmanaged devices with managed user profiles. | 7e6d4bae-e869-4da3-8822-1de247d7542f |
|
Extension install
|
event | Event | The logged event action. | browserExtensionInstallEvent—Browser extension installed |
|
Extension install
|
extension_action | Extension action type | The type of Chrome extension action that triggers the event. | Install, Update, Uninstall |
|
Extension install
|
extension_description | — | Description of the extension. | |
|
Extension install
|
extension_id | Application ID | Chrome Web Store ID of the extension. | nmmhkkegccagdldgiimedpiccmgmieda |
|
Extension install
|
extension_name | Application Name | Name of the extension from the Chrome Web Store. | Chrome Web Store Payments |
|
Extension install
|
extension_source | Extension source | The source from where the Chrome extension was installed. | Chrome Web Store, External, Component, Unspecified |
|
Extension install
|
extension_version | Extension version | The version of the extension.
|
2.0.13 |
|
Extension install
|
local_ips | Local IP | The IP address of the device. | 172.16.1.1 192.168.1.1 |
|
Extension install
|
os_platform | Device Platform | The OS that the browser is running. Not reported for unmanaged devices with managed user profiles. | Windows 10 |
|
Extension install
|
os_version | — | The version of the OS that is running the browser. Not reported for unmanaged devices with managed user profiles. | 15278.64.0 |
|
Extension install
|
profile_user | Profile User | User name of the signed in user for the Chrome profile. Blank if the user has not signed into a profile. | kiran |
|
Extension install
|
remote_ip | Remote IP | The public IP address of the server being communicated with. | 192.168.1.1 |
|
Extension install
|
result | Event result | The result of the event based on the policies and rules set. | Reported |
|
Extension install
|
time | Date | Date and time when the event was received. | 2023-03-02T22:07:21-08:00 |
|
Extension install
|
user_agent | User Agent | The user agent string of the browser used to access the content. | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4140.0 Safari/537.36 |
|
Extension Telemetry
|
browser_version | Browser Version | Version of Chrome browser. | 113.0.5628.0 |
|
Extension Telemetry
|
client_type | Client Type | Managed Chrome surface where the event happened. | Chrome browser, Chrome profile, ChromeOS, Unknown |
|
Extension Telemetry
|
device_id | Device ID | The ID of the device. The value is platform-specific. Not reported for unmanaged devices with managed user profiles. |
ab81082c-6839-450d-9ed6-7b3c268d6b94 |
|
Extension Telemetry
|
device_name | Device Name | Name of the device on which the event happened. Not reported for unmanaged devices with managed user profiles. |
KIRANWINDOWS |
|
Extension Telemetry
|
device_user | Device User | The user's name as reported by the OS. Not reported for unmanaged devices with managed user profiles. |
ALTOSTRAT\kiran |
|
Extension Telemetry
|
directory_device_id | Directory Device ID | Device ID returned by the directory API. Not reported for unmanaged devices with managed user profiles. | 7e6d4bae-e869-4da3-8822-1de247d7542f |
|
Extension Telemetry
|
event | Event | The logged event action. | extensionTelemetryEvent—Extension Telemetry |
|
Extension Telemetry
|
extension_files_info | Extension file infos | The extension file names and hashes. Only reported for off-store extensions. | |
|
Extension Telemetry
|
extension_name | Application Name | Name of the extension from the Chrome Web Store. | Chrome Web Store Payments |
|
Extension Telemetry
|
extension_source | Extension source | The source from where the Chrome extension was installed. | Chrome Web Store, External, Component, Unspecified |
|
Extension Telemetry
|
extension_version | Extension version | The version of the extension.
|
2.0.13 |
|
Extension Telemetry
|
local_ips | Local IP | The IP address of the device. | 172.16.1.1 192.168.1.1 |
|
Extension Telemetry
|
os_platform | Device Platform | The OS that the browser is running. Not reported for unmanaged devices with managed user profiles. | Windows 10 |
|
Extension Telemetry
|
os_version | — | The version of the OS that is running the browser. Not reported for unmanaged devices with managed user profiles. | 15278.64.0 |
|
Extension Telemetry
|
profile_identifier | Profile Identifier | Identifier of the Chrome profile. On a managed browser, this is the path to the profile storage. On an unmanaged device, this is the profile identifier generated through the profile UUID and device id. | C:\Users\kiran\AppData\Local\Google\Chrome\User Data\Default |
|
Extension Telemetry
|
profile_user | Profile User | User name of the signed in user for the Chrome profile. Blank if the user has not signed into a profile. | kiran |
|
Extension Telemetry
|
remote_ip | Remote IP | The public IP address of the server being communicated with. | 192.168.1.1 |
|
Extension Telemetry
|
telemetry_event_signals | Telemetry Signals | Information about the various telemetry signals. | |
|
Extension Telemetry
|
time | Date | Date and time when the event was received. | 2023-03-02T22:07:21-08:00 |
|
Extension Telemetry
|
user_agent | User Agent | The user agent string of the browser used to access the content. | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4140.0 Safari/537.36 |
|
Login
|
agents | For Crowdstrike
Crowdstrike Agent ID and Crowdstrike Customer ID |
Information about agents installed on the device. Only Crowdstrike agents are currently supported. | "crowdstrike": {
|
|
Login
|
browser_version | Browser Version | Version of Chrome browser. | 113.0.5628.0 |
|
Login
|
client_type | Client Type | Managed Chrome surface where the event happened. | Chrome browser, Chrome profile, ChromeOS, Unknown |
|
Login
|
— | Description | Text description of the event. | Login was detected for ***** Note:All email addresses are anonymized. Managed domain email addresses will show the domain only, such as ****@domain |
|
Login
|
device_id | Device ID | The ID of the device. The value is platform-specific. Not reported for unmanaged devices with managed user profiles. |
ab81082c-6839-450d-9ed6-7b3c268d6b94 |
|
Login
|
device_name | Device Name | Name of the device on which the event happened. Not reported for unmanaged devices with managed user profiles. |
KIRANWINDOWS |
|
Login
|
device_user | Device User | The user's name as reported by the OS. Not reported for unmanaged devices with managed user profiles. |
ALTOSTRAT\kiran |
|
Login
|
directory_device_id | Directory Device ID | Device ID returned by the directory API. Not reported for unmanaged devices with managed user profiles. | 7e6d4bae-e869-4da3-8822-1de247d7542f |
|
Login
|
event | Event | The logged event action. | loginEvent—Login |
|
Login
|
local_ips | Local IP | The IP address of the device. | 172.16.1.1 192.168.1.1 |
|
Login
|
os_platform | Device Platform | The OS that the browser is running. Not reported for unmanaged devices with managed user profiles. | Windows 10 |
|
Login
|
os_version | — | The version of the OS that is running the browser. Not reported for unmanaged devices with managed user profiles. | 15278.64.0 |
|
Login
|
profile_user | Profile User | User name of the signed in user for the Chrome profile. Blank if the user has not signed into a profile. | kiran |
|
Login
|
remote_ip | Remote IP | The public IP address of the server being communicated with. | 192.168.1.1 |
|
Login
|
result | Event result | The result of the event based on the policies and rules set. | Detected |
|
Login
|
time | Date | Date and time when the event was received. | 2023-03-02T22:07:21-08:00 |
|
Login
|
url | URL | URL of login page. | |
|
Login
|
user_agent | User Agent | The user agent string of the browser used to access the content. | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4140.0 Safari/537.36 |
|
Malware Transfer
|
agents | For Crowdstrike
Crowdstrike Agent ID and Crowdstrike Customer ID |
Information about agents installed on the device. Only Crowdstrike agents are currently supported. | "crowdstrike": {
|
|
Malware Transfer
|
browser_version | Browser Version | Version of Chrome browser. | 113.0.5628.0 |
|
Malware Transfer
|
client_type | Client Type | Managed Chrome surface where the event happened. | Chrome browser, Chrome profile, ChromeOS, Unknown |
|
Malware Transfer
|
content_hash | Content Hash | The SHA256 hash of the content. | |
|
Malware Transfer
|
content_name | Content Name | The name of the content, such as a filename. | |
|
Malware Transfer
|
content_size | Content Size | The size of the content, in bytes. | |
|
Malware Transfer
|
content_transfer_method | Content Transfer Method | The method for content transferring. | file picker, drag and drop, file paste |
|
Malware Transfer
|
content_type | Content Type | The media (MIME) type of content. | text, html |
|
Malware Transfer
|
— | Description | Text description of the event. | Malware was detected in the tranferred content for *****@gmail.com |
|
Malware Transfer
|
device_id | Device ID | The ID of the device. The value is platform-specific. Not reported for unmanaged devices with managed user profiles. |
ab81082c-6839-450d-9ed6-7b3c268d6b94 |
|
Malware Transfer
|
device_name | Device Name | Name of the device on which the event happened. Not reported for unmanaged devices with managed user profiles. |
KIRANWINDOWS |
|
Malware Transfer
|
device_user | Device User | The user's name as reported by the OS. Not reported for unmanaged devices with managed user profiles. |
ALTOSTRAT\kiran |
|
Malware Transfer
|
directory_device_id | Directory Device ID | Device ID returned by the directory API. Not reported for unmanaged devices with managed user profiles. | 7e6d4bae-e869-4da3-8822-1de247d7542f |
|
Malware Transfer
|
event | Event | The logged event action. | dangerousDownloadEvent—Malware transfer |
|
Malware Transfer
|
local_ips | Local IP | The IP address of the device. | 172.16.1.1 192.168.1.1 |
|
Malware Transfer
|
os_platform | Device Platform | The OS that the browser is running. Not reported for unmanaged devices with managed user profiles. | Windows 10 |
|
Malware Transfer
|
os_version | — | The version of the OS that is running the browser. Not reported for unmanaged devices with managed user profiles. | 15278.64.0 |
|
Malware Transfer
|
profile_user | Profile User | User name of the signed in user for the Chrome profile. Blank if the user has not signed into a profile. | kiran |
|
Malware Transfer
|
reason | Event reason | Reason for the event. | DANGEROUS, DANGEROUS_HOST, DANGEROUS_FILE_TYPE, DANGEROUS_URL, UNWANTED_SOFTWARE, UNCOMMON, UNKNOWN Note:The Admin console appends the Event name, such as MALWARE_TRANSFER_DANGEROUS |
|
Malware Transfer
|
remote_ip | Remote IP | The public IP address of the server being communicated with. | 192.168.1.1 |
|
Malware Transfer
|
result | Event result | The result of the event based on the policies and rules set. | Bypassed, Blocked, Warned, Allowed |
|
Malware Transfer
|
scan_id | — | Scan ID. | 4A43FB462E48008A30451B17E204CF6B529EA1828C9C92FF7A514925BECFFD8E609D84DB2AA362ECC475A6DBFFD8E0C681E12A5D786619D011966306640C440A1D4DE84A24D18824D1D1EC4C4463109EE67E24A0CA60BC764A6695158C35AD3D2E4E038C2FEB3C65EB22761E7165FDA1DB7E840696481427A86BEA296C2E30B2 |
|
Malware Transfer
|
server_scan_status | Server Scan Status | The backend server scan status. | complete, audit due to config, audit due to deadline exceeded |
|
Malware Transfer
|
tab_url | Tab URL | On a file download, the returned URL does not match the Tab URL. | If the user is on Google Drive and they download a file, the URL is something like googleusercontents.com/myfile.txt, and the Tab Url is drive.google.com. In every other case, both URLs are the same. |
|
Malware Transfer
|
time | Date | Date and time when the event was received. | 2023-03-02T22:07:21-08:00 |
|
Malware Transfer
|
trigger_type | Trigger Type | The user action that triggered the event. | Unknown, File upload, File download |
|
Malware Transfer
|
url | URL | URL of the malware. | |
|
Malware Transfer
|
user_agent | User Agent | The user agent string of the browser used to access the content. | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4140.0 Safari/537.36 |
|
Password Breach
|
agents | For Crowdstrike
Crowdstrike Agent ID and Crowdstrike Customer ID |
Information about agents installed on the device. Only Crowdstrike agents are currently supported. | "crowdstrike": {
|
|
Password Breach
|
browser_version | Browser Version | Version of Chrome browser. | 113.0.5628.0 |
|
Password Breach
|
client_type | Client Type | Managed Chrome surface where the event happened. | Chrome browser, Chrome profile, ChromeOS, Unknown |
|
Password Breach
|
— | Description | Text description of the event. | Password breach was detected for *****@gmail.com |
|
Password Breach
|
device_id | Device ID | The ID of the device. The value is platform-specific. Not reported for unmanaged devices with managed user profiles. |
ab81082c-6839-450d-9ed6-7b3c268d6b94 |
|
Password Breach
|
device_name | Device Name | Name of the device on which the event happened. Not reported for unmanaged devices with managed user profiles. |
KIRANWINDOWS |
|
Password Breach
|
device_user | Device User | The user's name as reported by the OS. Not reported for unmanaged devices with managed user profiles. |
ALTOSTRAT\kiran |
|
Password Breach
|
directory_device_id | Directory Device ID | Device ID returned by the directory API. Not reported for unmanaged devices with managed user profiles. | 7e6d4bae-e869-4da3-8822-1de247d7542f |
|
Password Breach
|
event | Event | The logged event action. | passwordBreachEvent—Password Breach |
|
Password Breach
|
local_ips | Local IP | The IP address of the device. | 172.16.1.1 192.168.1.1 |
|
Password Breach
|
os_platform | Device Platform | The OS that the browser is running. Not reported for unmanaged devices with managed user profiles. | Windows 10 |
|
Password Breach
|
os_version | — | The version of the OS that is running the browser. Not reported for unmanaged devices with managed user profiles. | 15278.64.0 |
|
Password Breach
|
profile_user | Profile User | User name of the signed in user for the Chrome profile. Blank if the user has not signed into a profile. | kiran |
|
Password Breach
|
reason | Event reason | Reason for the event. | PASSWORD_ENTRY, SAFETY_CHECK, TRIGGER_TYPE_UNSPECIFIED |
|
Password Breach
|
remote_ip | Remote IP | The public IP address of the server being communicated with. | 192.168.1.1 |
|
Password Breach
|
result | Event result | The result of the event based on the policies and rules set. | Warned |
|
Password Breach
|
trigger_user | Trigger User | Username for which password breach was detected. | Username is masked in the alert. Only domain is unmasked. For example, *****@gmail.com |
|
Password Breach
|
url | URL | URL list of login pages impacted by the password breach. URLs stored in password manager. | |
|
Password Breach
|
user_agent | User Agent | The user agent string of the browser used to access the content. | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4140.0 Safari/537.36 |
|
Password Breach
|
time | Date | Date and time when the event was received. | 2023-03-02T22:07:21-08:00 |
|
Password Change
|
agents | For Crowdstrike
Crowdstrike Agent ID and Crowdstrike Customer ID |
Information about agents installed on the device. Only Crowdstrike agents are currently supported. | "crowdstrike": {
|
|
Password Change
|
browser_version | Browser Version | Version of Chrome browser. | 113.0.5628.0 |
|
Password Change
|
client_type | Client Type | Managed Chrome surface where the event happened. | Chrome browser, Chrome profile, ChromeOS, Unknown |
|
Password Change
|
— | Description | Text description of the event. | Password changed for trigger_user |
|
Password Change
|
device_id | Device ID | The ID of the device. The value is platform-specific. Not reported for unmanaged devices with managed user profiles. |
ab81082c-6839-450d-9ed6-7b3c268d6b94 |
|
Password Change
|
device_name | Device Name | Name of the device on which the event happened. Not reported for unmanaged devices with managed user profiles. |
KIRANWINDOWS |
|
Password Change
|
device_user | Device User | The user's name as reported by the OS. Not reported for unmanaged devices with managed user profiles. |
ALTOSTRAT\kiran |
|
Password Change
|
directory_device_id | Directory Device ID | Device ID returned by the directory API. Not reported for unmanaged devices with managed user profiles. | 7e6d4bae-e869-4da3-8822-1de247d7542f |
|
Password Change
|
event | Event | The logged event action. | passwordChangedEvent—Password Change |
|
Password Change
|
local_ips | Local IP | The IP address of the device. | 172.16.1.1 192.168.1.1 |
|
Password Change
|
os_platform | Device Platform | The OS that the browser is running. Not reported for unmanaged devices with managed user profiles. | Windows 10 |
|
Password Change
|
os_version | — | The version of the OS that is running the browser. Not reported for unmanaged devices with managed user profiles. | 15278.64.0 |
|
Password Change
|
profile_user | Profile User | User name of the signed in user for the Chrome profile. Blank if the user has not signed into a profile. | kiran |
|
Password Change
|
remote_ip | Remote IP | The public IP address of the server being communicated with. | 192.168.1.1 |
|
Password Change
|
result | Event result | The result of the event based on the policies and rules set. | Detected |
|
Password Change
|
time | Date | Date and time when the event was received. | 2023-03-02T22:07:21-08:00 |
|
Password Change
|
trigger_user | Trigger User | Username for which password was changed. | kiran |
|
Password Change
|
user_agent | User Agent | The user agent string of the browser used to access the content. | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4140.0 Safari/537.36 |
|
Password Reuse
|
agents | For Crowdstrike
Crowdstrike Agent ID and Crowdstrike Customer ID |
Information about agents installed on the device. Only Crowdstrike agents are currently supported. | "crowdstrike": {
|
|
Password Reuse
|
browser_version | Browser Version | Version of Chrome browser. | 113.0.5628.0 |
|
Password Reuse
|
client_type | Client Type | Managed Chrome surface where the event happened. | Chrome browser, Chrome profile, ChromeOS, Unknown |
|
Password Reuse
|
— | Description | Text description of the event. | Password reuse for trigger_user. Note:Personal email addresses are anonymized |
|
Password Reuse
|
device_id | Device ID | The ID of the device. The value is platform-specific. Not reported for unmanaged devices with managed user profiles. |
ab81082c-6839-450d-9ed6-7b3c268d6b94 |
|
Password Reuse
|
device_name | Device Name | Name of the device on which the event happened. Not reported for unmanaged devices with managed user profiles. |
KIRANWINDOWS |
|
Password Reuse
|
device_user | Device User | The user's name as reported by the OS. Not reported for unmanaged devices with managed user profiles. |
ALTOSTRAT\kiran |
|
Password Reuse
|
directory_device_id | Directory Device ID | Device ID returned by the directory API. Not reported for unmanaged devices with managed user profiles. | 7e6d4bae-e869-4da3-8822-1de247d7542f |
|
Password Reuse
|
event | Event | The logged event action. | passwordReuseEvent—Password Reuse |
|
Password Reuse
|
local_ips | Local IP | The IP address of the device. | 172.16.1.1 192.168.1.1 |
|
Password Reuse
|
os_platform | Device Platform | The OS that the browser is running. Not reported for unmanaged devices with managed user profiles. | Windows 10 |
|
Password Reuse
|
os_version | — | The version of the OS that is running the browser. Not reported for unmanaged devices with managed user profiles. | 15278.64.0 |
|
Password Reuse
|
profile_user | Profile User | User name of the signed in user for the Chrome profile. Blank if the user has not signed into a profile. | kiran |
|
Password Reuse
|
reason | Event reason | Reason for the event. | PASSWORD_REUSED_UNAUTHORIZED_SITE, PASSWORD_REUSED_PHISHING_URL |
|
Password Reuse
|
remote_ip | Remote IP | The public IP address of the server being communicated with. | 192.168.1.1 |
|
Password Reuse
|
result | Event result | The result of the event based on the policies and rules set. | Allowed, Warned, and Detected. Note:Detected value is reported by Chrome browser up to version 101 |
|
Password Reuse
|
time | Date | Date and time when the event was received. | 2023-03-02T22:07:21-08:00 |
|
Password Reuse
|
trigger_user | Trigger User | Username that was reused. | kiran |
|
Password Reuse
|
url | URL | URL where the password was reused. | |
|
Password Reuse
|
user_agent | User Agent | The user agent string of the browser used to access the content. | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4140.0 Safari/537.36 |
|
Sensitive Data Transfer
|
agents | For Crowdstrike
Crowdstrike Agent ID and Crowdstrike Customer ID |
Information about agents installed on the device. Only Crowdstrike agents are currently supported. | "crowdstrike": {
|
|
Sensitive Data Transfer
|
browser_version | Browser Version | Version of Chrome browser. | 113.0.5628.0 |
|
Sensitive Data Transfer
|
client_type | Client Type | Managed Chrome surface where the event happened. | Chrome browser, Chrome profile, ChromeOS, Unknown |
|
Sensitive Data Transfer
|
content_hash | Content Hash | The SHA256 hash of the content. | |
|
Sensitive Data Transfer
|
content_name | Content Name | The name of the content, such as a filename. | |
|
Sensitive Data Transfer
|
content_size | Content Size | The size of the content, in bytes. | |
|
Sensitive Data Transfer
|
content_transfer_method | Content Transfer Method | The method for content transferring. | file picker, drag and drop, file paste |
|
Sensitive Data Transfer
|
content_type | Content Type | The media (MIME) type of content. | text, html |
|
Sensitive Data Transfer
|
— | Description | Text description of the event. | Sensitive data was detected in the transferred content for |
|
Sensitive Data Transfer
|
device_id | Device ID | The ID of the device. The value is platform-specific. Not reported for unmanaged devices with managed user profiles. |
ab81082c-6839-450d-9ed6-7b3c268d6b94 |
|
Sensitive Data Transfer
|
device_name | Device Name | Name of the device on which the event happened. Not reported for unmanaged devices with managed user profiles. |
KIRANWINDOWS |
|
Sensitive Data Transfer
|
device_user | Device User | The user's name as reported by the OS. Not reported for unmanaged devices with managed user profiles. |
ALTOSTRAT\kiran |
|
Sensitive Data Transfer
|
directory_device_id | Directory Device ID | Device ID returned by the directory API. Not reported for unmanaged devices with managed user profiles. | 7e6d4bae-e869-4da3-8822-1de247d7542f |
|
Sensitive Data Transfer
|
event | Event | The logged event action. | sensitiveDataEvent—Sensitive data transfer |
|
Sensitive Data Transfer
|
local_ips | Local IP | The IP address of the device. | 172.16.1.1 192.168.1.1 |
|
Sensitive Data Transfer
|
os_platform | Device Platform | The OS that the browser is running. Not reported for unmanaged devices with managed user profiles. | Windows 10 |
|
Sensitive Data Transfer
|
os_version | — | The version of the OS that is running the browser. Not reported for unmanaged devices with managed user profiles. | 15278.64.0 |
|
Sensitive Data Transfer
|
profile_user | Profile User | User name of the signed in user for the Chrome profile. Blank if the user has not signed into a profile. | kiran |
|
Sensitive Data Transfer
|
reason | Event reason | List of rules that triggered the event. | This field is called triggered_rules
in reporting connector output. |
|
Sensitive Data Transfer
|
remote_ip | Remote IP | The public IP address of the server being communicated with. | 192.168.1.1 |
|
Sensitive Data Transfer
|
result | Event result | The result of the event based on the policies and rules set. | Detected |
|
Sensitive Data Transfer
|
scan_id | — | Scan ID. | 4A43FB462E48008A30451B17E204CF6B529EA1828C9C92FF7A514925BECFFD8E609D84DB2AA362ECC475A6DBFFD8E0C681E12A5D786619D011966306640C440A1D4DE84A24D18824D1D1EC4C4463109EE67E24A0CA60BC764A6695158C35AD3D2E4E038C2FEB3C65EB22761E7165FDA1DB7E840696481427A86BEA296C2E30B2 |
|
Sensitive Data Transfer
|
server_scan_status | Server Scan Status | The backend server scan status. | complete, audit due to config, audit due to deadline exceeded |
|
Sensitive Data Transfer
|
tab_url | Tab URL | On a file download, the returned URL does not match the Tab URL. | If the user is on Google Drive and they download a file, the URL is something like googleusercontents.com/myfile.txt, and the Tab Url is drive.google.com. In every other case, both URLs are the same. |
|
Sensitive Data Transfer
|
time | Date | Date and time when the event was received. | 2023-03-02T22:07:21-08:00 |
|
Sensitive Data Transfer
|
trigger_type | Trigger Type | The user action that triggered the event. | Unknown, Page printed, File upload, File download, Web content upload |
|
Sensitive Data Transfer
|
user_agent | User Agent | The user agent string of the browser used to access the content. | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4140.0 Safari/537.36 |
|
Sensitive Data Transfer
|
url | URL | URL of file or upload page. | |
|
Unsafe Site Visit
|
agents | For Crowdstrike
Crowdstrike Agent ID and Crowdstrike Customer ID |
Information about agents installed on the device. Only Crowdstrike agents are currently supported. | "crowdstrike": {
|
|
Unsafe Site Visit
|
browser_version | Browser Version | Version of Chrome browser. | 113.0.5628.0 |
|
Unsafe Site Visit
|
client_type | Client Type | Managed Chrome surface where the event happened. | Chrome browser, Chrome profile, ChromeOS, Unknown |
|
Unsafe Site Visit
|
— | Description | Text description of the event. | Unsafe site visit warning shown for profile user. Note:Personal email addresses are hidden. Only domain is shown, ****@gmail.com |
|
Unsafe Site Visit
|
device_id | Device ID | The ID of the device. The value is platform-specific. Not reported for unmanaged devices with managed user profiles. |
ab81082c-6839-450d-9ed6-7b3c268d6b94 |
|
Unsafe Site Visit
|
device_name | Device Name | Name of the device on which the event happened. Not reported for unmanaged devices with managed user profiles. |
KIRANWINDOWS |
|
Unsafe Site Visit
|
device_user | Device User | The user's name as reported by the OS. Not reported for unmanaged devices with managed user profiles. |
ALTOSTRAT\kiran |
|
Unsafe Site Visit
|
directory_device_id | Directory Device ID | Device ID returned by the directory API. Not reported for unmanaged devices with managed user profiles. | 7e6d4bae-e869-4da3-8822-1de247d7542f |
|
Unsafe Site Visit
|
event | Event | The logged event action. | badNavigationEvent—Unsafe site visit |
|
Unsafe Site Visit
|
local_ips | Local IP | The IP address of the device. | 172.16.1.1 192.168.1.1 |
|
Unsafe Site Visit
|
os_platform | Device Platform | The OS that the browser is running. Not reported for unmanaged devices with managed user profiles. | Windows 10 |
|
Unsafe Site Visit
|
os_version | — | The version of the OS that is running the browser. Not reported for unmanaged devices with managed user profiles. | 15278.64.0 |
|
Unsafe Site Visit
|
profile_user | Profile User | User name of the signed in user for the Chrome profile. Blank if the user has not signed into a profile. | kiran |
|
Unsafe Site Visit
|
reason | Event reason | Reason for the event. | SSL_ERROR, MALWARE, SOCIAL_ENGINEERING, UNWANTED_SOFTWARE. Note:The Admin console appends the Event name, such as UNSAFE_SITE_VISIT_MALWARE |
|
Unsafe Site Visit
|
remote_ip | Remote IP | The public IP address of the server being communicated with. | 192.168.1.1 |
|
Unsafe Site Visit
|
result | Event result | The result of the event based on the policies and rules set. | Bypassed, Blocked, Warned, Allowed |
|
Unsafe Site Visit
|
time | Date | Date and time when the event was received. | 2023-03-02T22:07:21-08:00 |
|
Unsafe Site Visit
|
url | URL | URL of the unsafe site. | |
|
Unsafe Site Visit
|
user_agent | User Agent | The user agent string of the browser used to access the content. | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4140.0 Safari/537.36 |
|
Url Filtering Interstitial Event
|
agents | For Crowdstrike
Crowdstrike Agent ID and Crowdstrike Customer ID |
Information about agents installed on the device. Only Crowdstrike agents are currently supported. | "crowdstrike": {
|
|
Url Filtering Interstitial Event
|
browser_version | Browser Version | Version of Chrome browser. | 113.0.5628.0 |
|
Url Filtering Interstitial Event
|
client_type | Client Type | Managed Chrome surface where the event happened. | Chrome browser, Chrome profile, ChromeOS, Unknown |
|
Url Filtering Interstitial Event
|
— | Description | Text description of the event. | URL filtering interstitial warning shown for url |
|
Url Filtering Interstitial Event
|
device_id | Device ID | The ID of the device. The value is platform-specific. Not reported for unmanaged devices with managed user profiles. |
ab81082c-6839-450d-9ed6-7b3c268d6b94 |
|
Url Filtering Interstitial Event
|
device_name | Device Name | Name of the device on which the event happened. Not reported for unmanaged devices with managed user profiles. |
KIRANWINDOWS |
|
Url Filtering Interstitial Event
|
device_user | Device User | The user's name as reported by the OS. Not reported for unmanaged devices with managed user profiles. |
ALTOSTRAT\kiran |
|
Url Filtering Interstitial Event
|
directory_device_id | Directory Device ID | Device ID returned by the directory API. Not reported for unmanaged devices with managed user profiles. | 7e6d4bae-e869-4da3-8822-1de247d7542f |
|
Url Filtering Interstitial Event
|
event | Event | The logged event action. | urlFilteringInterstitialEvent—URL Filtering |
|
Url Filtering Interstitial Event
|
local_ips | Local IP | The IP address of the device. | 172.16.1.1 192.168.1.1 |
|
Url Filtering Interstitial Event
|
os_platform | Device Platform | The OS that the browser is running. Not reported for unmanaged devices with managed user profiles. | Windows 10 |
|
Url Filtering Interstitial Event
|
os_version | — | The version of the OS that is running the browser. Not reported for unmanaged devices with managed user profiles. | 15278.64.0 |
|
Url Filtering Interstitial Event
|
profile_user | Profile User | User name of the signed in user for the Chrome profile. Blank if the user has not signed into a profile. | kiran |
|
Url Filtering Interstitial Event
|
reason | Event reason | List of rules that triggered the event. | This field is called triggered_rules
in reporting connector output. |
|
Url Filtering Interstitial Event
|
remote_ip | Remote IP | The public IP address of the server being communicated with. | 192.168.1.1 |
|
Url Filtering Interstitial Event
|
result | Event result | The result of the event based on the policies and rules set. | Warned—EVENT_RESULT_WARNED, Blocked—EVENT_RESULT_BLOCKED, Bypassed—EVENT_RESULT_BYPASSED |
|
Url Filtering Interstitial Event
|
time | Date | Date and time when the event was received. | 2023-03-02T22:07:21-08:00 |
|
Url Filtering Interstitial Event
|
url_category | URL category | Category of the URL. | Reporting connector output: /Internet & Technology/Computer Security Admin Console: Computer Security |
|
Url Filtering Interstitial Event
|
user_agent | User Agent | The user agent string of the browser used to access the content. | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4140.0 Safari/537.36 |
| Try your keywords on Google Web Search . | ||||
