Unusual 1Password device authorization activity
Set up the 1password integration.
Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel,
n'hésitez pas à nous contacter.
Goal
Detect when a 1Password device authorization action is observed.
Strategy
This rule monitors 1Password audit logs for device authorization action that may allow an attacker to maintain persistence within a 1Password tenant.
Note: This rule uses the New Value detection method to determine when a previously unseen device authorization action is observed.
Triage & response
Investigate user {{@usr.email}} attempting an unfamiliar {{@evt.name}} device authorization action on {{@session.device_uuid}} from {{@network.client.ip}}.
