Hi,
I have been struggling to find the right approach to ingest 1password audit events into Chronicle SIEM. Upon checking with Chronicle support, they mentioned they don't have a direct integration at this moment. Has anyone managed to ingest the 1password audit logs using other approaches such as GCS or webhook?
You can customise/edit one of the ingestion scripts to pull the data and push to Chronicle from gcp, it is not a simple task but it is an option, currently we are using this method to pull all Events ;
https://github.com/chronicle/ingestion-scripts
You can customise/edit one of the ingestion scripts to pull the data and push to Chronicle from gcp, it is not a simple task but it is an option, currently we are using this method to pull all Events ;
https://github.com/chronicle/ingestion-scripts
Thank you. Did you need to build your own custom parser for 1password audit events?
Thank you. Did you need to build your own custom parser for 1password audit events?
Correct, we needed to use a customised parser for audit events (as is often the case).
Correct, we needed to use a customised parser for audit events (as is often the case).
Hey do you a 1password audit events parser to share?
Hey do you a 1password audit events parser to share?
A parser for ONEPASSWORD_AUDIT_EVENTS log type was created back in November - https://cloud.google.com/chronicle/docs/ingestion/parser-list/onepassword-audit-events-changelog
You can check if a log type has a parser here - https://cloud.google.com/chronicle/docs/ingestion/parser-list/supported-default-parsers
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.