Supported Cortex XSOAR versions: 6.8.0 and later.
Simple customer authentication and streamlined workforce identity operations.
Navigate to Settings > Configurations > Automation & Feed Integrations.
Search for OneLogin Event Collector.
Click Add instance to create and configure a new integration instance.
Parameter Description Required Your server URL True Client Id The client ID. True Client Secret The client secret. True The maximum number of events per fetch False First fetch timestamp (<number> <time unit>, e.g., 12 hours, 7 days) False Trust any certificate (not secure) False Use system proxy settings False
Click Test to validate the URLs, token, and connection.
You can execute these commands from the Cortex XSIAM CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
Manual command to fetch events from OneLogin and display them.
|should_push_events||If true, the command will create events, otherwise it will only display them. Possible values are: true, false. Default is false.||Required|
|limit||Number of results to return. Maximum is 2000. Default is 10.||Optional|
|cursor||A string pointing at the next page of results. The cursor can be found within the response_metadata field, as part of the raw response of the OneLogin Events API call.||Optional|
|since||Occurrence time of the least recent event to include (inclusive). Default is 3 days.||Optional|
|until||Occurrence time of the most recent event to include (inclusive).||Optional|
|event_type_id||A comma-separated list of type IDs of events to include.||Optional|
There is no context output for this command.