Set up ChromeOS XDR

3: Verify reporting is working

When you have completed the setup of the ChromeOS XDR connector, enrolled ChromeOS endpoints start automatically sending telemetry events to your provider.

CrowdStrike Falcon

You can verify the data flow to CrowdStrike Falcon by:

  • Seeing new ChromeOS hosts in CrowdStrike Falcon’s Host Management page . The ChromeOS Serial number is the CrowdStrike Falcon Hostname.
  • Seeing new ChromeOS events in CrowdStrike Falcon’s Investigate app  when you run the search query event_platform=CrOS.
  • Generating a sample detection and viewing it in endpoint detections.
    1. Sign in to any connected ChromeOS device.
    2. Open the built-in crosh shell by pressing Ctrl + Alt + t.
    3. Run the following command:
      ping thisisatest.burpcollaborator.net.
      A detection is generated within minutes whether or not the ping succeeds.
    4. View the detection at https://falcon.crowdstrike.com/activity/detections.

Google and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.

Was this helpful?

How can we improve it?

Need more help?

Try these next steps:

Post to the help community Get answers from community members
true
Search
Clear search
Close search
Google apps
Main menu
9170819435931408673
true
Search Help Center
true
true
true
true
true
410864
false
false