OneLogin - Learn more about the OneLogin Standard Collector and content pack integrations in Cortex XSIAM. - Administrator Guide - Cortex XSIAM - Cortex

OneLogin - Learn more about the OneLogin Standard Collector and content pack integrations in Cortex XSIAM. - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM 3.x Documentation

Product

Cortex XSIAM

Creation date

2025-07-15

Last date published

2026-06-11

Category

Administrator Guide

Abstract

Learn more about the OneLogin Standard Collector and content pack integrations in Cortex XSIAM.

You can configure collecting OneLogin logs and data using a Standard Collector or with a content pack integration:

OneLogin vendor	Description
Standard Collector overview	Forward logs and data to Cortex XSIAM from OneLogin via the OneLogin REST APIs using the OneLogin data source.
Link to Standard Collector instructions	The following types of data can be ingested from OneLogin: Log collection Events: User logins, administrative operations, provisioning, and a list of all OneLogin event types Directory Users: Lists of users. Groups: Lists of groups. Apps: Lists of apps. For more information, see Ingest logs and data from OneLogin.
Link to content pack/integration details	The OneLogin content pack provides capabilities for simple customer authentication and streamlined workforce identity operations utilizing APIs. It includes one modeling rule for data normalization and the following integration: OneLogin Event Collector: Use this integration to gather simple customer authentication and streamlined workforce identity operations with the `onelogin-get-events` command.

OneLogin vendor

Description

Standard Collector overview

Forward logs and data to Cortex XSIAM from OneLogin via the OneLogin REST APIs using the OneLogin data source.

Link to Standard Collector instructions

The following types of data can be ingested from OneLogin:

Log collection
- Events: User logins, administrative operations, provisioning, and a list of all OneLogin event types
Directory
- Users: Lists of users.
- Groups: Lists of groups.
- Apps: Lists of apps.

For more information, see Ingest logs and data from OneLogin.

Link to content pack/integration details

The OneLogin content pack provides capabilities for simple customer authentication and streamlined workforce identity operations utilizing APIs. It includes one modeling rule for data normalization and the following integration:

OneLogin Event Collector: Use this integration to gather simple customer authentication and streamlined workforce identity operations with the onelogin-get-events command.