Gain visibility into abnormal user activity in your organization's 1Password account by monitoring 1Password event logs with Panther's log puller integration.
1Password event logs show various types of activity in a user's 1Password account, such as item usages and sign-in attempts logs from the 1Password account.
Use Panther’s built-in rules to monitor activity, or write your own detections in Python to fit your internal business use cases.
Common security use cases for 1Password Event Logs with Panther include monitoring:
- Sign-in attempts from a user's 1Password account
- Items in shared vaults that have been modified, accessed or used
How it Works
The integration is simple and fast:
- Create a new API token in 1Password
- Enter the API token and other details in the Panther 1Password log source onboarding flow
- Panther will parse, normalize, and analyze your log data in real-time
- As rules are triggered, alerts are sent to your configured destinations
- Normalized logs can be searched from Panther’s Data Explorer
- Sit back and monitor your activity!
Learn more about Panther's supported log schema for 1Password.