1Password for Microsoft Sentinel
Solution: 1Password
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Publisher | 1Password |
| Support Tier | Partner |
| Support Link | https://support.1password.com/ |
| Categories | domains |
| Version | 3.0.2 |
| Author | Rogier Dijkman (SecureHats) |
| First Published | 2023-12-01 |
| Solution Folder | 1Password |
| Marketplace | Azure Marketplace · Popularity: 🟢 High (91%) |
The 1Password solution for Microsoft Sentinel enables you to ingest sign-in attempts, item usage, and audit events from your 1Password Business account using the 1Password Events Reporting API. This allows you to monitor and investigate events in 1Password in Microsoft Sentinel along with the other applications and services your organization uses.
Underlying Microsoft Technologies used:
This solution depends on the following technologies, and some of which may be in Preview state or may incur additional ingestion or operational costs:
Contents
Data Connectors
This solution provides 1 data connector(s) (plus 2 discovered⚠️):
🔍 Discovered: This item was discovered by scanning the solution folder but is not listed in the Solution JSON file.
Tables Used
This solution uses 2 table(s):
| Table | Used By Connectors | Used By Content |
|---|---|---|
OnePasswordEventLogs_CL |
1Password, 1Password (Serverless), 1Password (Serverless) | Analytics, Workbooks |
SigninLogs |
- | Workbooks |
Content Items
This solution includes 19 content item(s):
| Content Type | Count |
|---|---|
| Analytic Rules | 18 |
| Workbooks | 1 |
Analytic Rules
Workbooks
| Name | Tables Used |
|---|---|
| 1Password | OnePasswordEventLogs_CLSigninLogs |
Additional Documentation
📄 Source: 1Password/README.md
1Password (Preview)
Overview
The key function of this Solution is to retrieve sign-in attempts, item usage, and audit events logs from your 1Password Business account using the 1Password Events Reporting API, and store it in an Azure Log Analytics Workspace using Microsoft cloud native features.
Azure services needed
Required
- 1Password Business account
- 1Password Events API key
- Microsoft Azure
- Microsoft Sentinel
- Contributor role with User Access Administrator role on the Microsoft Sentinel Resource Group
or - Owner on the Microsoft Sentinel Resource Group
Automated Installation
Installing the 1Password Solution for Microsoft Sentinel is easy and can be completed in only a few minutes.
Just click the button below to get started with the deployment wizard.
NOTE: To deploy the solution, the Azure user account executing the deployment needs to have
Ownerpermissions on the Microsoft SentinelResource Groupin Azure.
This is required to assign the correct RBAC role to the managed identity of the FunctionApp!
Manual Installation using the ARM template
Deployment steps
## Manual Installation using the ARM template 1. Install the data connector using the ARM template or use this link to skip the steps below  2. After the deployment of the template has completed open the Microsoft Sentinel portal and select the data connector  3. Select the `Open connector page` button to open the data connector configuration 4. click on the `Deploy to Azure` button
This will open a new browser page containing a deployment wizard in Microsoft Azure.
Fill in all the required fields and select `create` on the last page.  The required resources for the deployment will now be created.
Deployed Resources
The 1Password Solution for Microsoft Sentinel is comprised of following Azure resources:
Click on the topics below to fold them out.
Resource Group
### **Resource Group** *[Content truncated...]* ## Release Notes | **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** | |-------------|--------------------------------|----------------------------------------| | 3.0.2 | 17-09-2024 | Added new CCP **Data Connector**. | | 3.0.1 | 27-06-2024 | Fixed typo error in **Analytic Rule** 1Password - Changes to SSO configuration.yaml. Fixed Logo link and typo in CreateUI. | | 3.0.0 | 12-06-2024 | Initial Solution Release. | --- **Browse:** [🏠](../README.md) · [Solutions](../solutions-index.md) · [Connectors](../connectors-index.md) · [Methods](../methods-index.md) · [Tables](../tables-index.md) · [Content](../content/content-index.md) · [Parsers](../parsers/parsers-index.md) · [ASIM Parsers](../asim/asim-index.md) · [ASIM Products](../asim/asim-products-index.md) · [📊](../statistics.md) ↑ [Back to Solutions Index](../solutions-index.md)