1Password collector

Configuration requirements

To run this collector, there are some configurations detailed below that you need to consider.

Configuration	Details
Cylance APP	You need to run a Cylance app.
Application ID	Once you create the App, it gives you an Application ID.
Application Secret	Once you create the App, it gives you an Application Secret.
Tenant ID	You can find it in your Cylance console.

Refer to the Vendor setup section to know more about these configurations.

Overview

The 1Password collector pulls data from the 1Password Events API and forwards to Devo.

Devo collector features

Feature	Details
Allow parallel downloading (`multipod`)	`not allowed`
Running environments	`collector server`
Populated Devo events	`standard`

Data sources

Data source	Description	API endpoint	Collector service name	Devo table	Available from release
Item Usage	Returns information about items in shared vaults that have been modified, accessed, or used. Events include the name and IP address of the user who accessed the item, when it was accessed, and the vault where the item is stored.	`/api/v1/itemusages`	`item_usage`	`auth.agilebits.onepassword.itemusage`	`v0.1.0`
Sign-in Attempts	Returns information about sign-in attempts. Events include the name and IP address of the user who attempted to sign in to the account, when the attempt was made, and -- for failed attempts -- the cause of the failure.	`/api/v1/signinattempts`	`sign_in_attempts`	`auth.agilebits.onepassword.signinattempt`	`v0.1.0`
Audit	Returns information about actions performed by team members within a 1Password account. Events include when an action was performed and by whom, along with details about the type and object of the action and any other information about the activity. More info here on audit events.	`/api/v1/auditevents`	`audit`	`auth.agilebits.onepassword.audit`	`v0.1.2`

For more information on how the events are parsed, visit our page.

Flattening preprocessing

Data source	Collector service	Optional	Flattening details
Source	Service	`yes` `no`	Flattening steps

Vendor setup

Generate a Bearer Token

To issue a bearer token:

Sign in to your account on http://1Password.com and click Integrations in the sidebar.
Choose the Events Reporting integration where you want to issue a token and click “Add a token”.
Enter a name for the bearer token and choose when it will expire. Select or deselect the event types the token has access to, then click Issue Token.
Click Save in 1Password and choose which vault to save your token to. Then click View Integration Details.

Additional Information: Get started with 1Password Events Reporting | issue or revoke bearer tokens

Identify Your 1Password Server

The URL of the server that hosts your 1Password account is required in order to make requests to the 1Password Events API.

If your account is on:	Your Events API URL is:
1Password.com	`https://events.1password.com` (1Password Business) `https://events.ent.1password.com` (1Password Enterprise)
http://1Password.ca	`https://events.1password.ca`
http://1Password.eu	`https://events.1password.eu`

Additional Information: Get started with 1Password Events Reporting | Servers

Minimum configuration required for basic pulling

Although this collector supports advanced configuration, the fields required to retrieve data with basic configuration are defined below.

This minimum configuration refers exclusively to those specific parameters of this integration. There are more required parameters related to the generic behavior of the collector. Check setting sections for details.

Setting	Details
`base_url`	The URL of the server that hosts your 1Password account
`token`	Access token created in the 1Password console.

Run the collector

Once the data source is configured, you can either send us the required information if you want us to host and manage the collector for you (Cloud collector).

We use a piece of software called Collector Server to host and manage all our available collectors. If you want us to host this collector for you, get in touch with us and we will guide you through the configuration.

Change log for v1.0.0

Release	Released on	Release type	Details	Recommendations
`v1.0.1`	07 Nov 2023	V1	`Release Version`	`Recommended version`
`v1.0.0`	06 Nov 2023	V1	`Release Version`	`Recommended version`

Change log for v0.x.x

Release	Released on	Release type	Details	Recommendations
`v0.1.2`	`10/03/23`	PRE-RELEASE	Pre-release version of collector	`Not ready for general release`
`v0.1.1`	`02/10/23`	PRE-RELEASE	Pre-release version of collector	`Not ready for general release`
`v0.1.0`	`02/09/23`	PRE-RELEASE	Pre-release version of collector	`Not ready for general release`