Skip to main content
Skip table of contents

Google Chronicle

What is Google Chronicle?

Chronicle is a cloud service, built as a specialized layer on top of core Google infrastructure, designed for enterprises to privately retain, analyze, and search the massive amounts of security and network telemetry they generate.

Chronicle SIEM normalizes, indexes, correlates, and analyzes the data to provide instant analysis and context on risky activity.

Chronicle SOAR (Security Orchestration, Automation and Response) enables security teams to automate response to threats.

Why Should You Use the Google Chronicle Connector?

The Google Chronicle connector provides visibility into the assets in your environment. You can use this visibility to:

  • ensure assets are managed per your security policies

  • derive relationships between assets, users, applications, and data

How Does This Connector Work?

Lucidum executes read-only requests to the Google Chronicle REST API and ingests only meta-data about Google Chronicle devices. Lucidum does not retrieve any data stored on your assets.

Configuring the Connector in Lucidum




Customer ID

The Customer ID, assigned by Google.

To find the customer ID, navigate to Settings > Organization > License Management. Customer ID is located in the System Version area.


Region Prefix

Region prefix where your Google Chronicle instance resides.

To find your default region, see


Artifact Search Domain

The domain name associated with your assets.

JSON Key File

For details on creating a service account and a JSON Key for that account, see

Source Documentation

Creating Credentials

For details on creating a service account, see:

For details on creating a JSON Key for that account, see:

Required Permissions

When creating the service account, assign the role Chronicle API Viewer ( roles/chronicle.viewer).

API Documentation

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.