Gain visibility into abnormal user activity

Request a DemoRead the Docs

Gain visibility into abnormal user activity in your organization's 1Password account by monitoring 1Password event logs with Panther's log puller integration.

1Password event logs show various types of activity in a user's 1Password account, such as item usages and sign-in attempts logs from the 1Password account.

Use Panther’s built-in rules to monitor activity, or write your own detections in Python to fit your internal business use cases.

Use Cases

Common security use cases for 1Password Event Logs with Panther include monitoring:

  • Sign-in attempts from a user's 1Password account
  • Items in shared vaults that have been modified, accessed or used

How it Works

The integration is simple and fast:

  • Create a new API token in 1Password
  • Enter the API token and other details in the Panther 1Password log source onboarding flow
  • Panther will parse, normalize, and analyze your log data in real-time
  • As rules are triggered, alerts are sent to your configured destinations
  • Normalized logs can be searched from Panther’s Data Explorer
  • Sit back and monitor your activity!

Learn more about Panther's supported log schema for 1Password.