Add GitHub Actions-based Chronicle ingestors and README

[TaigaWalk]

🔄 Add GitHub Actions-Based Ingestors for Third-Party Logs

This PR introduces a new github_actions/ directory that contains standalone ingestion scripts designed to run within GitHub Actions. These scripts forward third-party security logs into Google Chronicle using the Unstructured Ingestion API.

🗂️ Directory Overview

The following integrations are included:

• 1password-chronicle-ingestor: Ingests 1Password audit logs

• github-chronicle-ingestor: Ingests GitHub audit logs

• entra-noninteractive-chronicle-ingestor: Ingests Microsoft Entra (Azure AD) non-interactive sign-in logs

• snowflake-chronicle-ingestor: Ingests Snowflake audit logs

• thinkst-audit-chronicle-ingestor: Ingests Thinkst Canary audit events

Each ingestor includes:

• main.py: A Python script that pulls and transforms logs

• requirements.txt: Dependency definitions

• Optional .github/workflows/*.yml: GitHub Actions workflows for manual or scheduled runs

🛠️ Why GitHub Actions?

These ingestors provide a lightweight, infrastructure-free alternative to GCP-hosted ingestion methods. GitHub Actions allows organizations to automate ingestion without requiring Cloud Functions, Cloud Run, or Kubernetes — ideal for smaller teams or hybrid environments.

🙏 Notes

All scripts are ready to run out of the box via GitHub Actions.

Happy to adjust the structure (e.g., moving scripts under third_party/) if preferred for consistency with the main repo.

Let me know if there’s anything else I should modify or optimize to align with the repo’s standards!

[google-cla]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.