grove: A Software as a Service (SaaS) log collection framework

Grove

Grove is a Software as a Service (SaaS) log collection framework, designed to support the collection of logs from services which do not natively support log streaming.

Grove enables teams to collect security-related events from their vendors in a reliable and consistent way. This data may then be stored and analyzed with a team’s existing tooling in order to support threat detection and compliance programs.

Out of the box, Grove provides:

  • 🪵 Reliable and periodic collection of logs.
  • ☁️ Support a large number of widely used SaaS applications and services.
  • 🧱 Plugin-based “connectors” to enable support for new applications and services.
  • 🧳 “Bring your own” caching, output, configuration, and secrets backends.

Grove was created and is currently maintained by the HashiCorp security team.

log collection framework

Supported Sources

Currently, the following log sources are supported by Grove out of the box. If a source isn’t listed here, support can be added by creating a custom connector!

  • Atlassian audit events (e.g. Confluence, Jira)
  • GitHub audit logs
  • GSuite alerts
  • GSuite activity logs
  • Okta system logs
  • Oomnitza activity logs
  • 1Password sign-in attempt logs
  • 1Password item usage event logs
  • 1Password audit logs
  • PagerDuty audit records
  • SalesForce Cloud event logs
  • SalesForce Marketing Cloud audit event logs
  • SalesForce Marketing Cloud security event logs
  • Slack audit logs
  • Terraform Cloud audit trails
  • Torq activity logs
  • Torq audit logs
  • Twilio monitor events
  • Twilio message logs
  • Workday activity logs
  • Zoom activity logs
  • Zoom operation logs

Install & Use

Copyright 2023 HashiCorp, Inc