I would like to use the event source Rapid7 Universal Ingress Authentication for 1Password. So, I started building a workflow that would request the events from 1Password using API calling. Next, I want to use ICON to forward to traffic to one of our collectors, so I’m able to use that data as input for the event source. I managed to build the first part, I’ve the data within ICON. But I don’t know how I can forward it towards our collector.
Hi @kyle_klatt!
Yes, I already configured the event source 1Password. But I was missing the data as raw log within the Log Search. I thought that the log format was not compatible for ingestion and that I had to convert the data using EUF before key/value pairs were created.
But, I’ve just checked the unparsed data log set and I see 1Password is added, with the key/value pairs that I can use.
I guess I don’t need to build a workflow now, thank you Kyle!
Have a great day!