1Password collector
Overview
With 1Password Collector, you can send your account activity to Devo using the 1Password Events Reporting API. This API can report 1Password activity like sign-in attempts, item usage, and audit events.
Devo collector features
Feature | Details |
---|---|
Allow parallel downloading ( |
|
Running environments |
|
Populated Devo events |
|
Flattening pre-processing |
|
Allowed source events obfuscation |
|
Data sources
Data source | Description | API endpoint | Collector service name | Devo table | Available from release |
---|---|---|---|---|---|
Audit Events | Returns a list of audit events from the Activity Log. |
| |
|
|
Item Usage Actions | Returns a list of account activity events. |
|
|
|
|
Sign-in Attempts | Returns a list of sign-in attempts. |
|
|
|
|
API limits
The Events API limits requests to 600 per minute and up to 30,000 per hour. Exceeding these limits will return an error "429 Too many requests".
The API can access data from the last 120 days. If you need to access data from more than 120 days ago, you can use the Activity Log in your 1Password account.
Minimum configuration required for basic pulling
Although this collector supports advanced configuration, the fields required to retrieve data with basic configuration are defined below.
Setting | Details |
---|---|
| A token can access data for one or more events, depending on which events were scoped when the token was created. Make sure the bearer token you use has access to the events you want to request. You can verify this from the Events Reporting integration details in the Integrations section of your 1Password account or through a GET request to the introspection endpoint. |
| The |
Accepted authentication methods
Every call to the 1Password Events API must be authorized with a bearer token. You must include your bearer token in the collector configuration.
For example:
Authentication method | Details |
---|---|
| You will need your |
Vendor setup
Before you can use the 1Password Events API, you'll need to:
Set up an Events Reporting integration in your account.
Create a bearer token and select the event features it can access.
To create a bearer token:
Sign in to your account on http://1Password.com and click Integrations in the sidebar.
Choose the Events Reporting integration where you want to issue a token and click Add a token.
Enter a name for the bearer token and choose when it will expire. Select or deselect the event types the token has access to, then click Issue Token.
Click Save in 1Password and choose which vault to save your token to. Then click View Integration Details.
Treat your token like a password
The security of your 1Password application is tied to the security of your token. Secure it as you would any sensitive credential. Do not share it with unauthorized individuals or email it to anyone under any circumstances!
Connectivity requirements
The 1Password Events API is a REST-style API that follows the OpenAPI 3.0 Specifications. All communications between clients and servers are over HTTPS.
Run the collector
Once the data source is configured, you can either send us the required information if you want us to host and manage the collector for you (Cloud collector), or deploy and host the collector in your own machine using a Docker image (On-premise collector).
Collector services detail
For all the services
Devo categorization and destination
Please check the section Data Source Description to learn about the target tables for each service.
Restart the persistence
This collector uses persistent storage to download events in an orderly fashion and avoid duplicates. In case you want to re-ingest historical data or recreate the persistence, you can restart the persistence of this collector by following these steps:
Edit the configuration file.
Change the value of the
start_time_value
to a different one.Save the changes.
Restart the collector.
The collector will detect this change and will restart the persistence using the parameters of the configuration file or the default configuration in case it has not been provided.
Troubleshooting
This collector has different security layers that detect both an invalid configuration and abnormal operation. This table will help you detect and resolve the most common errors.
Configuration errors
Error type | Error ID | Error message | Cause | Solution |
---|---|---|---|---|
| 1 | The parameter configuration is missing and it is mandatory | The parameter is missing in the configuration | Check the documentation and update the configuration accordingly |
| 2 | The parameter setting must be a valid instance of < | The parameter type in the configuration is incorrect | Check the documentation and update the configuration accordingly |
| 3 | The parameter setting must not be an empty string | The parameter is present in the configuration but it is empty | Check the documentation and update the configuration accordingly |
| 200 | <Variable_text> | Some errors happened when accessing the persistence | Contact Devo Support |
| 4xx-5xx | The execution of the 1Password request is having an unexpected response | Some errors happened when accessing the 1Password API | Usually, this error gets fixed in the next iteration. If it is a repeating error, please get in touch with Devo Support |
Collector operations
Verify collector operations
This is for the standalone mode only. You can check the information in the following sections to verify the correct collector operation.
Initialization
The initialization module validates the given configuration and runs the setup, the input (pulling logic), and output (delivering logic) services. A successful run has the following output messages for the initializer module:
2023-01-10T15:22:57.146 INFO MainProcess::MainThread -> Loading configuration using the following files: {"full_config": "config-test-local.yaml", "job_config_loc": null, "collector_config_loc": null}
2023-01-10T15:22:57.146 INFO MainProcess::MainThread -> Using the default location for "job_config_loc" file: "/etc/devo/job/job_config.json"
2023-01-10T15:22:57.147 INFO MainProcess::MainThread -> "\etc\devo\job" does not exists
2023-01-10T15:22:57.147 INFO MainProcess::MainThread -> Using the default location for "collector_config_loc" file: "/etc/devo/collector/collector_config.json"
2023-01-10T15:22:57.148 INFO MainProcess::MainThread -> "\etc\devo\collector" does not exists
2023-01-10T15:22:57.148 INFO MainProcess::MainThread -> Results of validation of config files parameters: {"config": "C:\git\collectors2\devo-collector-<name>\config\config.yaml", "config_validated": True, "job_config_loc": "/etc/devo/job/job_config.json", "job_config_loc_default": True, "job_config_loc_validated": False, "collector_config_loc": "/etc/devo/collector/collector_config.json", "collector_config_loc_default": True, "collector_config_loc_validated": False}
2023-01-10T15:22:57.171 WARNING MainProcess::MainThread -> [WARNING] Illegal global setting has been ignored -> multiprocessing: False
Event delivery and Devo ingestion
The event delivery module is in charge of receiving the events from the internal queues where all the events are injected by the pullers and delivering them using the selected compatible delivery method. A successful run has the following output messages for the initializer module:
2023-01-10T15:23:00.788 INFO OutputProcess::MainThread -> DevoSender(standard_senders,devo_sender_0) -> Starting thread
2023-01-10T15:23:00.789 INFO OutputProcess::MainThread -> DevoSenderManagerMonitor(standard_senders,devo_1) -> Starting thread (every 300 seconds)
2023-01-10T15:23:00.790 INFO OutputProcess::MainThread -> DevoSenderManager(standard_senders,manager,devo_1) -> Starting thread
2023-01-10T15:23:00.842 INFO OutputProcess::MainThread -> global_status: {"output_process": {"process_id": 18804, "process_status": "running", "thread_counter": 21, "thread_names": ["MainThread", "pydevd.Writer", "pydevd.Reader", "pydevd.CommandThread", "pydevd.CheckAliveThread", "DevoSender(standard_senders,devo_sender_0)", "DevoSenderManagerMonitor(standard_senders,devo_1)", "DevoSenderManager(standard_senders,manager,devo_1)", "OutputStandardConsumer(standard_senders_consumer_0)",
Sender services
The Integrations Factory Collector SDK has 3 different sender services depending on the event type to deliver (internal, standard, and lookup). This collector uses the following Sender Services:
Logging trace | Description |
---|---|
Number of available senders: 1 | Displays the number of concurrent senders available for the given Sender Service. |
Sender manager internal queue size: 0 | Displays the items available in the internal sender queue. This value helps detect bottlenecks and needs to increase the performance of data delivery to Devo. This last can be made by increasing the concurrent senders. |
Total number of messages sent: 44, messages sent since "2022-06-28 10:39:22.511671+00:00": 21 (elapsed 0.007 seconds) | Displays the number of events from the last time the collector executed the pull logic. Following the given example, the following conclusions can be obtained:
By default, these traces will be shown every 10 minutes. |
Sender statistics
Each service displays its performance statistics that allow checking how many events have been delivered to Devo by type:
Logging trace | Description |
---|---|
Number of available senders: 1 | Displays the number of concurrent senders available for the given Sender Service. |
Sender manager internal queue size: 0 | Displays the items available in the internal sender queue. |
Standard - Total number of messages sent: 57, messages sent since "2023-01-10 16:09:16.116750+00:00": 0 (elapsed 0.000 seconds | Displays the number of events from the last time the collector executed the pull logic. Following the given example, the following conclusions can be obtained:
|
Check memory usage
To check the memory usage of this collector, look for the following log records in the collector which are displayed every 5 minutes by default, always after running the memory-free process.
The used memory is displayed by running processes and the sum of both values will give the total used memory for the collector.
The global pressure of the available memory is displayed in the global value.
All metrics (Global, RSS, VMS) include the value before freeing and after previous -> after freeing memory
INFO InputProcess::MainThread -> [GC] global: 20.4% -> 20.4%, process: RSS(34.50MiB -> 34.08MiB), VMS(410.52MiB -> 410.02MiB)
INFO OutputProcess::MainThread -> [GC] global: 20.4% -> 20.4%, process: RSS(28.41MiB -> 28.41MiB), VMS(705.28MiB -> 705.28MiB)
Change log
Release | Released on | Release type | Details | Recommendations |
---|---|---|---|---|
|
| IMPROVEMENTS |
|
|
|
| IMPROVEMENTS |
|
|
|
| IMPROVEMENTS |
|
|
|
| IMPROVEMENTS | Added
Changed
|
|