+1Hi,
I have been struggling to find the right approach to ingest 1password audit events into Chronicle SIEM. Upon checking with Chronicle support, they mentioned they don't have a direct integration at this moment. Has anyone managed to ingest the 1password audit logs using other approaches such as GCS or webhook?
+3You can customise/edit one of the ingestion scripts to pull the data and push to Chronicle from gcp, it is not a simple task but it is an option, currently we are using this method to pull all Events ;
https://github.com/chronicle/ingestion-scripts
+1You can customise/edit one of the ingestion scripts to pull the data and push to Chronicle from gcp, it is not a simple task but it is an option, currently we are using this method to pull all Events ;
https://github.com/chronicle/ingestion-scripts
Thank you. Did you need to build your own custom parser for 1password audit events?
+3Thank you. Did you need to build your own custom parser for 1password audit events?
Correct, we needed to use a customised parser for audit events (as is often the case).
+1Correct, we needed to use a customised parser for audit events (as is often the case).
+10Hey do you a 1password audit events parser to share?
A parser for ONEPASSWORD_AUDIT_EVENTS log type was created back in November - https://cloud.google.com/chronicle/docs/ingestion/parser-list/onepassword-audit-events-changelog
You can check if a log type has a parser here - https://cloud.google.com/chronicle/docs/ingestion/parser-list/supported-default-parsers
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
