Difference between revisions of "Datadog SIEM Content Packs for 1Password"
Jump to navigation
Jump to search
(3 intermediate revisions by the same user not shown) | |||
Line 3: | Line 3: | ||
+ | Rules: | ||
+ | * <code>[[1Password vault export attempt by user]]</code> | ||
+ | * <code>[[Unusual 1Password item usage action observed from user]]</code> | ||
+ | * <code>[[Impossible travel event observed from 1Password user]]</code> | ||
+ | * <code>[[Anomalous amount of failed sign-in attempts by 1Password user]]</code> | ||
+ | * <code>[[Unusual 1Password device authorization activity]]</code> | ||
+ | * <code>[[Attempt to modify a 1Password item by user]]</code> | ||
− | + | == Related == | |
− | + | * [[1Password Datadog integration]] | |
− | |||
− | |||
− | |||
− | * [[ | ||
== See also == | == See also == | ||
* {{DD SIEM}} | * {{DD SIEM}} | ||
+ | * {{1p}} | ||
[[Category:Datadog]] | [[Category:Datadog]] |
Latest revision as of 16:24, 26 August 2024
Rules:
1Password vault export attempt by user
Unusual 1Password item usage action observed from user
Impossible travel event observed from 1Password user
Anomalous amount of failed sign-in attempts by 1Password user
Unusual 1Password device authorization activity
Attempt to modify a 1Password item by user
Related[edit]
See also[edit]
- Datadog security: Datadog Cloud SIEM, Content Packs, Datadog Cloud SIEM signals
- 1password,
op
, Privnote, Kolide, 1password connect, 1password Kubernetes Injector,1password-cli, kind: OnePasswordItem
, 1Password Browser extension,uses: 1password/load-secrets-action@v2
, 1Password Watchtower, 1Password Secrets Automation, 1password secret key, 1password Kubernetes operator, operator logs
Advertising: