Connect this data source on your own, using the Hunters platform.
TL;DR
Supported data types | 3rd party detection | Hunters detection | IOC search | Search | Table name | Log format | Collection method |
|---|---|---|---|---|---|---|---|
Sign In Attempts | ✅ | ✅ | onepassword_sign_in_logs | NDJSON | API | ||
Item Usages | ✅ | ✅ | onepassword_item_usages_logs | NDJSON | API | ||
Audit Events | ✅ | ✅ | onepassword_audit_events | NDJSON | API |
Overview
.png?sv=2022-11-02&spr=https&st=2025-04-20T02%3A06%3A36Z&se=2025-04-20T02%3A17%3A36Z&sr=c&sp=r&sig=sYLKe%2Fs9F%2Bg0tKfmJ2xDFdvqeefTOx7iXt8Rj0543r4%3D)
1Password is a password manager that stores encrypted passwords online. In the process of integrating the logs into hunters, the data is fetched using API, normalized into schemas and streamed to Hunters' Data Lake. The Ingestion allows the exploration of this source for overseeing users' sign in attempts and item usages.
Supported data types
Sign In Attempts
Table name: onepassword_sign_in_logs
Returns information about sign-in attempts. Events include the name and IP address of the user who attempted to sign in to the account, when the attempt was made, and -- for failed attempts -- the cause of the failure. More information on the event types can be found here.
Item Usages
Table name: onepassword_item_usages_logs
Returns information about items in shared vaults that have been modified, accessed, or used. Events include the name and IP address of the user who accessed the item, when it was accessed, and the vault where the item is stored. More information on the event types can be found here.
Audit Events
Table name: onepassword_audit_events
Returns audit events from the Activity Log of your 1Password Business account. Audit event data includes actions performed by team members in a 1Password account, such as changes made to the account, vaults, groups, users, and more. More information on the event types can be found here.
Send data to Hunters
Hunters supports the collection of 1Password logs using API.
To connect 1Password logs:
Acquire the Host value from 1Password as described here.
Acquire the Bearer Token value from 1Password as described here.
📘Note
To enable each of the supported data types, a relevant Scope needs to be added to the Bearer Token upon creation. Make sure to add the relevant scopes with respect to the data that needs to be onboarded.
Complete the process on the Hunters platform, following this guide.