Hi everyone,

I recently contributed a set of GitHub Actions-based ingestion scripts to the open-source Chronicle ingestion-scripts GitHub repo via this pull request. These scripts are designed to provide a lightweight and infrastructure-free way to forward third-party security logs into Google Chronicle using the Unstructured Ingestion API.

🛠️ What’s Included

The ingestors are built entirely around GitHub Actions, and support:

• 1Password audit logs

• GitHub audit logs

• Microsoft Entra non-interactive sign-ins

• Snowflake logs

• Thinkst Canary Audit Logs

Each connector includes:

• A standalone main.py for log collection and forwarding

• requirements.txt for dependencies

• Example GitHub Actions workflows for automated or manual scheduling

📂 View the Source

You can explore the full set of scripts here in my personal repo:
👉 https://github.com/TaigaWalk/Chronicle-Scripts

💡 Why GitHub Actions?

These ingestors are meant for users who prefer not to manage Cloud Functions, Kubernetes, or external runners — especially helpful for hybrid or lean teams looking for reliable ingestion pipelines.