Skip to content

Commit

Permalink
Merge pull request #2011 from lvoloshyn-sekoia/lv/add_1password_docs
Browse files Browse the repository at this point in the history
Add 1Password EPM docs
  • Loading branch information
squioc authored Sep 20, 2024
2 parents c326a75 + 42787a4 commit 933c6ba
Show file tree
Hide file tree
Showing 6 changed files with 84 additions and 0 deletions.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
83 changes: 83 additions & 0 deletions docs/integration/categories/applicative/1password_epm.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,83 @@
uuid: 09754cc4-e247-4712-9a76-25529ba11b8b
name: 1Password EPM
type: intake

## Overview

1Password's Enterprise Password Manager offers robust security features for businesses, enabling secure sharing and management of passwords and sensitive data across teams, with advanced admin controls and seamless integration into existing workflows.

!!! Warning
Important note - This format is currently in beta. We highly value your feedback to improve its performance.

- **Plan**: Defend Prime
- **Supported environment**: SaaS

- **Detection based on**: Telemetry, Audit
- **Supported application or feature**:
- Audit Events
- Item Usages
- Sign-in Attempts

{!_shared_content/operations_center/detection/generated/suggested_rules_09754cc4-e247-4712-9a76-25529ba11b8b_do_not_edit_manually.md!}

{!_shared_content/operations_center/integrations/generated/09754cc4-e247-4712-9a76-25529ba11b8b.md!}

## Configure

### How to create an API token

1. Log in the 1Password console
2. On the right panel, click `Integrations`

![step_1.png](/assets/operation_center/integration_catalog/cloud_and_saas/1password/01_integration.png)

3. In the Events Reporting, Click the `Other`

![step_2.png](/assets/operation_center/integration_catalog/cloud_and_saas/1password/02_events_reporting.png)

4. Type a name for the Integration and click `Add Integration`

![step_3.png](/assets/operation_center/integration_catalog/cloud_and_saas/1password/03_create_token.png)

5. Type a name for the token, select the expiration period
6. Select `Audit events`, `Item usage events` and `Sign-in attempts` as events to report
7. Click `Issue token`

![step_4.png](/assets/operation_center/integration_catalog/cloud_and_saas/1password/04_issue_token.png)

### Create your intake

Go to your Sekoia.io [Intakes page](https://app.sekoia.io/operations/intakes), and follow these steps:

1. Click on **+ Intake** button to create a new one
2. Choose **1Password EPM**, give it a name and choose the relevant Entity
3. Click on **Create** button
4. Copy the **Intake key**

!!! Note
Save the `Intake key` on a block note. It will be used in the next step.

### Pull the logs to collect them on Sekoia.io

Go to the Sekoia.io [playbook page](https://app.sekoia.io/operations/playbooks), and follow these steps:

1. Click on **+ PLAYBOOK** button to create a new one
2. Select **Use a template**
3. Search for `1Password` keyword on the search bar and select the template named `Fetch new events from 1Password EPM`
4. Create a **Module configuration** using
- API token from `How to create an API token` step.
- Base URL depending by the server that hosts your 1Password account:

| If your account is on: | Your base URL is: |
|-------------------------|------------------------------------------------------------------------------------------------------------|
| 1Password.com | https://events.1password.com (1Password Business) <br/>https://events.ent.1password.com (1Password Enterprise) |
| 1Password.ca | https://events.1password.ca |
| 1Password.eu | https://events.1password.eu |

Name the module configuration as you wish

5. Create a **Trigger configuration** using `Intake key` created on the previous step
6. Click on the **Save** button
7. Toggle **Activate the playbook** on the top right corner of the page

#### Enjoy your events on the [Events page](https://app.sekoia.io/operations/events)
1 change: 1 addition & 0 deletions mkdocs.yml
Original file line number Diff line number Diff line change
Expand Up @@ -316,6 +316,7 @@ nav:
- List of Intakes:
- Overview: integration/categories/overview.md
- Applicative:
- 1Password EPM: integration/categories/applicative/1password_epm.md
- Apache HTTP Server: integration/categories/applicative/apache.md
- Azure Files: integration/categories/applicative/azure_files.md
- Azure MySQL: integration/categories/applicative/azure_mysql.md
Expand Down

0 comments on commit 933c6ba

Please sign in to comment.