Hi,
I have been struggling to find the right approach to ingest 1password audit events into Chronicle SIEM. Upon checking with Chronicle support, they mentioned they don't have a direct integration at this moment. Has anyone managed to ingest the 1password audit logs using other approaches such as GCS or webhook?
You can customise/edit one of the ingestion scripts to pull the data and push to Chronicle from gcp, it is not a simple task but it is an option, currently we are using this method to pull all Events ;
https://github.com/chronicle/ingestion-scripts
Thank you. Did you need to build your own custom parser for 1password audit events?
Correct, we needed to use a customised parser for audit events (as is often the case).
User | Count |
---|---|
3 | |
2 | |
1 | |
1 | |
1 |