Skip to main content

OneLogin Event Collector

This Integration is part of the OneLogin Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.8.0 and later.

Simple customer authentication and streamlined workforce identity operations.

Configure OneLogin Event Collector on Cortex XSIAM#

  1. Navigate to Settings > Configurations > Data Collection > Data Sources.

  2. Search for OneLogin Event Collector.

  3. Click Add instance to create and configure a new integration instance.

    Your server URLTrue
    Client IdThe client ID.True
    Client SecretThe client secret.True
    The maximum number of events per fetchFalse
    First fetch timestamp (<number> <time unit>, e.g., 12 hours, 7 days)False
    Trust any certificate (not secure)False
    Use system proxy settingsFalse
  4. Click Test to validate the URLs, token, and connection.


You can execute these commands from the Cortex XSIAM CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.


Manual command to fetch events from OneLogin and display them.

Base Command#



Argument NameDescriptionRequired
should_push_eventsIf true, the command will create events, otherwise it will only display them. Possible values are: true, false. Default is false.Required
limitNumber of results to return. Maximum is 2000. Default is 10.Optional
cursorA string pointing at the next page of results. The cursor can be found within the response_metadata field, as part of the raw response of the OneLogin Events API call.Optional
sinceOccurrence time of the least recent event to include (inclusive). Default is 3 days.Optional
untilOccurrence time of the most recent event to include (inclusive).Optional
event_type_idA comma-separated list of type IDs of events to include.Optional

Context Output#

There is no context output for this command.