This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Has anyone got successful with 1password logs ingestion in Chronicle SIEM?

Posted 3 weeks ago
rahulgk-mettle
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hi,

I have been struggling to find the right approach to ingest 1password audit events into Chronicle SIEM. Upon checking with Chronicle support, they mentioned they don't have a direct integration at this moment. Has anyone managed to ingest the 1password audit logs using other approaches such as GCS or webhook?

1 4 121
Topic Labels
4 REPLIES 4

Posted on --/--/---- --:-- AM
jkephsecru
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

You can customise/edit one of the ingestion scripts to pull the data and push to Chronicle from gcp, it is not a simple task but it is an option, currently we are using this method to pull all Events ;

https://github.com/chronicle/ingestion-scripts
1PASSWORD.png

0 Likes

Posted on --/--/---- --:-- AM
rahulgk-mettle
Bronze 1
Bronze 1
In response to jkephsecru
Reply posted on --/--/---- --:-- AM

Thank you. Did you need to build your own custom parser for 1password audit events?

0 Likes

Posted on --/--/---- --:-- AM
jkephsecru
Bronze 3
Bronze 3
In response to rahulgk-mettle
Reply posted on --/--/---- --:-- AM

Correct, we needed to use a customised parser for audit events (as is often the case).

0 Likes

Posted on --/--/---- --:-- AM
rahulgk-mettle
Bronze 1
Bronze 1
In response to jkephsecru
Reply posted on --/--/---- --:-- AM
Thank you for your inputs. Much appreciated.