Skip to main content

Hi everyone,

I recently contributed a set of GitHub Actions-based ingestion scripts to the open-source Chronicle ingestion-scripts GitHub repo via this pull request. These scripts are designed to provide a lightweight and infrastructure-free way to forward third-party security logs into Google Chronicle using the Unstructured Ingestion API.

🛠️️ What’s Included

The ingestors are built entirely around GitHub Actions, and support:

  • 1Password audit logs

  • GitHub audit logs

  • Microsoft Entra non-interactive sign-ins

  • Snowflake logs

  • Thinkst Canary Audit Logs

Each connector includes:

  • A standalone main.py for log collection and forwarding

  • requirements.txt for dependencies

  • Example GitHub Actions workflows for automated or manual scheduling

📂 View the Source

You can explore the full set of scripts here in my personal repo:
👉 https://github.com/TaigaWalk/Chronicle-Scripts

💡 Why GitHub Actions?

These ingestors are meant for users who prefer not to manage Cloud Functions, Kubernetes, or external runners — especially helpful for hybrid or lean teams looking for reliable ingestion pipelines.

Just coming to say I love the awesome creativity here. Never thought to use GitHub actions like this. Amazing work! 🔥


-mike

Thank you @TaigaWalk for your contributions! We appreciate you sharing your expertise with the community. 

Thank you both @matthewnichols and @mikewilusz ! I've found Github Actions to be a great resource outside of Cloud Runners and cost-effective. Fairly simple setup and can be scaled really easily.

Reply


Terms & ConditionsCookie settings
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.