Integrating PAS with Google SecOps

Third-party vendors create and maintain this integration. Delinea does not guarantee that the integration will work properly or that it respects Delinea product limitations. Delinea has not reviewed this integration and Delinea Support staff can only assist with the Delinea side of setup.

Google SecOps integrates with Delinea Privileged Access Service (PAS) by ingesting Single Sign-On (SSO) and audit activity logs exported from PAS into an Amazon S3 bucket. A serverless collection workflow, built using AWS Lambda, EventBridge, IAM, and S3, retrieves audit events from PAS through OAuth authenticated API calls and stores them in structured JSON format for ingestion.

Once the logs are received by Google SecOps through an Amazon S3 feed, the platform automatically parses event data from both JSON and syslog formats. The parser extracts key information such as timestamps, user identity attributes, authentication details, device identifiers, event types, login outcomes, and additional security relevant metadata. These fields are normalized into the Google SecOps Unified Data Model (UDM), enabling consistent correlation with other identity and access activity across the environment.

Through this integration, important PAS authentication and access events, such as login successes and failures, user agent details, account usage, directory service interactions, session information, and authorization outcomes, are available within Google SecOps for centralized threat detection, investigation, and compliance monitoring.

To learn more about this type of integration workflow, refer to the Google SecOps documentation.