Integrating Bindplane OP console Audit logs with Secops

Hello, you need to attach this configuration to one of your existing or new agents.
The OP itself is not sending the logs, they need to be sent from an agent.

1. Go to  New Configuration and under Source, choose BindPlane Audit.
2. Choose your SecOps as the destination.
3. Add BINDPLANE as the Ingestion Label.
4. Add Agent to the Configuration and apply 

Hi ​@Eoved  : Thanks for the response.

Based on my understanding, the log flow will be as follows:

Bindplane OP SAAS Console → Bindplane Agent (within our corporate network) → SecOps

If this flow is correct, could you please advise which network ports need to be opened on the corporate firewall for communication between the OP Console and the Agent? Since the data is received by the agent from the internet and then forwarded to SecOps, we need to ensure the appropriate connectivity is in place.

Hi ​@Eoved ,

I followed the suggested approach and I’m now able to see the Bindplane audit logs in the SecOps console. However, I’m noticing a new issue with the event content.

In SecOps, only the Description field is being populated, while the rest of the fields that are visible in the Bindplane console for the same audit event are not present.

Is this the expected behavior of this integration, or is there a way to forward the complete audit log payload (all fields) into a single event in SecOps for better visibility and correlation?