Skip to main content

Configuration Guide - 1Password

Tony Black
  • Updated

TEAM: Huntress Managed Security Information and Event Management (SIEM)
PRODUCT: SIEM
ENVIRONMENT: REST API
SUMMARY: Configuration Guide for 1Password

 

 

Vendor Information

Vendor

1Password

Supported Model Name/Number

N/A

Supported Software Version(s)

N/A

Collection Method

REST API

Provider Name

1Password

Additional Information

1Password Events Reporting

1Password API Reference

 

Device Configuration Checklist

Note: A 1Password Business or Enterprise license is required for API access.

 

1Password Portal Steps

  1. Sign into your 1Password account
  2. Click Integrations on the sidebar
  3. Select Other
  4. Enter a Name (Huntress SIEM) for the integration
  5. Enter a Name for the bearer token and select an expiration date.
  6. Select the event types the token has access to
  7. Click Issue Token
  8. Click Save in 1Password and choose which vault to save the token to.
  9. Click View Integration Details and note the bearer token

Huntress Portal Steps

  1. Open the Huntress Portal
  2. Click on SIEM on the left navigation menu
  3. Click Source Management
  4. SIEM Source Mgmt.png
  5. Click Add Source
  6. Choose 1Password
  7. 1Password Source Add.png
  8. Click Add on the right side of the screen
  9. Add New Source Button.png
  10. Set the configuration details
    1. Select the appropriate Organization from the drop down menu
    2. Enter a unique Name for the 1Password source
    3. (Optional) Enter a description fro the source
    4. Select the Server that matches your 1Password subscription
    5. Enter the Bearer Token generated from the 1Password Portal steps above
  11. 1Password Source Add.png
  12. Click Save

Example Log Messages

Sign-In Attempt

{
"cursor": "aGVsbG8hIGlzIGl0IG1lIHlvdSBhcmUgbG9va2luZyBmb3IK",
"has_more": true,
"items": [
{
"uuid": "56YE2TYN2VFYRLNSHKPW5NVT5E",
"session_uuid": "A5K6COGVRVEJXJW3XQZGS7VAMM",
"timestamp": "2023-03-15T16:32:50-03:00",
"category": "firewall_failed",
"type": "continent_blocked",
"country": "France",
"details": {
"value": "Europe"
},
"target_user": {
"uuid": "IR7VJHJ36JHINBFAD7V2T5MP3E",
"name": "Wendy Appleseed",
"email": "wendy_appleseed@agilebits.com"
},
"client": {
"app_name": "1Password Browser",
"app_version": "20240",
"platform_name": "Chrome",
"platform_version": "string",
"os_name": "MacOSX",
"os_version": "13.2",
"ip_address": "192.0.2.254"
},
"location": {
"country": "Canada",
"region": "Ontario",
"city": "Toronto",
"latitude": 43.5991,
"longitude": -79.4988
}
}
]
}

 

Item Usage

{
"cursor": "aGVsbG8hIGlzIGl0IG1lIHlvdSBhcmUgbG9va2luZyBmb3IK",
"has_more": true,
"items": [
{
"uuid": "56YE2TYN2VFYRLNSHKPW5NVT5E",
"timestamp": "2023-03-15T16:33:50-03:00",
"used_version": 0,
"vault_uuid": "VZSYVT2LGHTBWBQGUJAIZVRABM",
"item_uuid": "SDGD3I4AJYO6RMHRK8DYVNFIDZ",
"user": {
"uuid": "4HCGRGYCTRQFBMGVEGTABYDU2V",
"name": "Wendy Appleseed",
"email": "wendy_appleseed@agilebits.com"
},
"client": {
"app_name": "1Password Browser",
"app_version": "20240",
"platform_name": "Chrome",
"platform_version": "string",
"os_name": "MacOSX",
"os_version": "13.2",
"ip_address": "192.0.2.254"
},
"location": {
"country": "Canada",
"region": "Ontario",
"city": "Toronto",
"latitude": 43.5991,
"longitude": -79.4988
},
"action": "secure-copy"
}
]
}

 

Related articles