Unusual 1Password item usage action observed from user

Set up the 1password integration.

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Goal

Detect when 1Password item usage activity is observed.

Strategy

This rule monitors 1Password audit logs for the following item usage actions

Note: This rule uses the New Value detection method, to determine when a previously unseen item usage action is observed.

Triage & response

Investigate {{@usr.email}} attempting an item usage action: {{@evt.name}} that they haven’t performed recently with item {{@item_uuid}} within vault {{@vault_uuid}}.