LimaCharlie

If you use the 1Password Business password manager, you can get account activity in LimaCharlie using <a href="https://support.1password.com/events-reporting/" rel="nofollow noopener noreferrer" target="_blank">1Password Events Reporting</a>.

Once configured, you'll be able to set up LimaCharlie D&amp;R rules to alert you when suspicious activity occurs.

For example, you can have a detection occur when there are more than five failed login attempts within 1 minute.

Five Failed Logins within 1 Minute

event: credentials_failed op: is platform name: 1password with events: count: 5 event: credentials_failed op: exists path: / within: 60

You can also be alerted when users have an outdated version of 1Password using the rule below.

event: modern_version_failed op: is platform name: 1password

Refer to the <a href="https://support.1password.com/events-api-reference/" rel="nofollow noopener noreferrer" target="_blank">1Password Event API reference</a> for other data you can use to create detections.

1Password Business

Technical Documentation

Slack Community

Course

GitHub

Swagger Doc

Release Notes

Find answers and get help from Intercom Support and Community Experts