OneLogin - Learn more about the OneLogin Standard Collector and content pack integrations in Cortex XDR. - Administrator Guide - Cortex XDR - Cortex

OneLogin - Learn more about the OneLogin Standard Collector and content pack integrations in Cortex XDR. - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR 5.x Documentation

Product

Cortex XDR

License

XDR + Cloud

Creation date

2025-07-13

Last date published

2026-06-11

Category

Administrator Guide

Abstract

Learn more about the OneLogin Standard Collector and content pack integrations in Cortex XDR.

You can configure collecting OneLogin logs and data using a Standard Collector or with a content pack integration:

OneLogin vendor	Description
Standard Collector overview	Forward logs and data to Cortex XDR from OneLogin via the OneLogin REST APIs using the OneLogin data source.
Link to Standard Collector instructions	The following types of data can be ingested from OneLogin: Log collection Events: User logins, administrative operations, provisioning, and a list of all OneLogin event types Directory Users: Lists of users. Groups: Lists of groups. Apps: Lists of apps. For more information, see Ingest logs and data from OneLogin.
Link to content pack/integration details	The OneLogin content pack provides capabilities for simple customer authentication and streamlined workforce identity operations utilizing APIs. It includes one modeling rule for data normalization and the following integration: OneLogin Event Collector: Use this integration to gather simple customer authentication and streamlined workforce identity operations with the `onelogin-get-events` command.

OneLogin vendor

Description

Standard Collector overview

Forward logs and data to Cortex XDR from OneLogin via the OneLogin REST APIs using the OneLogin data source.

Link to Standard Collector instructions

The following types of data can be ingested from OneLogin:

Log collection
- Events: User logins, administrative operations, provisioning, and a list of all OneLogin event types
Directory
- Users: Lists of users.
- Groups: Lists of groups.
- Apps: Lists of apps.

For more information, see Ingest logs and data from OneLogin.

Link to content pack/integration details

The OneLogin content pack provides capabilities for simple customer authentication and streamlined workforce identity operations utilizing APIs. It includes one modeling rule for data normalization and the following integration:

OneLogin Event Collector: Use this integration to gather simple customer authentication and streamlined workforce identity operations with the onelogin-get-events command.