Hi everyone,
I recently contributed a set of GitHub Actions-based ingestion scripts to the open-source Chronicle ingestion-scripts GitHub repo via this pull request. These scripts are designed to provide a lightweight and infrastructure-free way to forward third-party security logs into Google Chronicle using the Unstructured Ingestion API.
🛠️️ What’s Included
The ingestors are built entirely around GitHub Actions, and support:
1Password audit logs
GitHub audit logs
Microsoft Entra non-interactive sign-ins
Snowflake logs
Thinkst Canary Audit Logs
Each connector includes:
A standalone main.py for log collection and forwarding
requirements.txt for dependencies
Example GitHub Actions workflows for automated or manual scheduling
📂 View the Source
You can explore the full set of scripts here in my personal repo:
👉 https://github.com/TaigaWalk/Chronicle-Scripts
💡 Why GitHub Actions?
These ingestors are meant for users who prefer not to manage Cloud Functions, Kubernetes, or external runners — especially helpful for hybrid or lean teams looking for reliable ingestion pipelines.
