There’s one thing IT and security professionals can never have enough of: visibility. Now, 1Password Business customers can gain even greater visibility into their security posture with the upgraded Events API.
The enhanced Events API features full event parity with the 1Password Activity Log, both to expand your field of vision and to support your auditing efforts.
What is the 1Password Events API?
You can’t protect what you can’t see. With the original Events API, you could stream some 1Password events to your SIEM (Security Information and Event Management) tool.
Those 1Password events could then be incorporated into custom dashboards, alerts, visualizations, and search, for example, to give you a deeper understanding of how your team uses 1Password.
The Events API makes it easy to correlate and enrich 1Password events data to surface security insights that may require action. Think automated alerts for threat detection, and the ability to visualize 1Password usage.
That means you can monitor user adoption, set up alerts to be notified when a secret is shared, or aid investigations by correlating logins with suspicious events. All by streaming 1Password events to third-party SIEM tools using the 1Password Events API.
What’s new in the 1Password Events API?
The original Events API included support for three event types: successful sign-in attempts, failed sign-in attempts, and item usage.
The enhanced Events API adds support for all events captured by the 1Password Activity Log, including:
- Account changes
- Billing changes
- Changes to email addresses
- Device addition or removal
- Families account changes
- File uploads
- Group access changes
- Group vault access changes
- Integration events
- Shared items
- Team member and guest invitations
- User access changes
- Vault changes
- Vault item changes
- Views of administrative reports
With these additions, 1Password Business customers can combine 1Password events with data from their SIEM tool to:
- Create custom reports, dashboards, alerts, and visualizations.
- Track 1Password adoption across the organization.
- Isolate certain security events in the service of an investigation.
- Better support auditing and compliance workflows.
- More easily monitor and report on security posture.
Note that if you’re still using 1Password CLI 1.0 to retrieve auditing events, these Events API enhancements have replaced the audit command in CLI 1.0.
How to get started with the 1Password Events API
1Password Business customers can stream events directly from 1Password Events API to their SIEM tool today, either through pre-built integrations with Splunk (coming soon) or Elastic, or with a custom integration.
Want to start small? Try running a lightweight Python script to learn how to make calls to the Events API. Or dive into the documentation to get started with the 1Password Events API and your chosen SIEM tool.
Tweet about this post