Impossible travel event observed from 1Password user

Set up the 1password integration.


Detect an Impossible Travel event from a 1Password user.


The Impossible Travel detection type’s algorithm compares the GeoIP data of the last log and the current log to determine if the user ( traveled more than 500km at over 1,000km/h.

Triage and response

  1. Determine if {{}} should be connecting from {{}},{{}} and {{}}, {{}} in a short period of time.
  2. If the user should not be connecting from {{}}, {{}} or {{}}, {{}}, then consider isolating the account and resetting their credentials.
  3. Use the Cloud SIEM - User Investigation dashboard to audit any user actions that may have occurred after the illegitimate login.