Microsoft Sentinel customers, get ready to streamline your security monitoring and investigation workflows with the official 1Password integration for Microsoft Sentinel.
1Password for Microsoft Sentinel is an end-to-end solution allowing you to ingest 1Password Events API data directly to Microsoft Sentinel. This brings visibility to 1Password audit events, sign-in activity, and shared item usage, with the full power of Microsoft Sentinel. You can get started right away with alerts and a dynamic, customizable dashboard thanks to out-of-the-box analytics rules and workbooks.
Here are the highlights:
- Track security events: Stay in the know with real-time alerts for successful and failed login attempts as well as account and billing changes.
- Monitor shared item usage: Gain insights into user adoption and usage, file uploads, and item modifications for accountability and transparency.
- Threat intel notifications: Proactively identify potential security threats and attacks, equipped with actionable suggestions with 18 analytics rule templates.
- Streamline reporting: Consolidate 1Password logs into Microsoft Sentinel, allowing for a single pane of glass and reducing the time spent toggling between different apps and services.
Using the 1Password Events API
The new integration makes it easier for security admins and analysts to monitor and manage their organization’s credentials and secrets, better assess security risks, and quickly detect, investigate, and mitigate threats.
For example, admins can set up custom alerts for:
- Privilege escalation within 1Password
- Privileged vault and group access control changes
- Impossible travel
- Changes to a user’s MFA settings
- 1Password tenant-level changes (e.g., firewall rules or authentication policies)
Admins can also create dashboards and custom graphs to illustrate event activity, and cross-reference 1Password events with data from other services.
Together, 1Password and Microsoft Sentinel eliminates the hassle of juggling multiple security platforms. Just connect your 1Password Business account to Microsoft Sentinel to track your 1Password security events in one place and illuminate your overall secrets landscape.
“We all know how crucial visibility is for security teams. This collaboration helps bridge that visibility gap, surfacing and visualizing 1Password events directly in Microsoft Sentinel, allowing businesses to take a more proactive approach to reducing risk.” – Natee Pretikul, Principal Product Management Lead, Microsoft Security
Special thanks to our open source contributors
We’d like to give a special shout-out to our community for making this integration possible. In particular, we’d like to thank Rogier Dijkman (azurekid) and Stefan Alexander Smit, among many other contributors to the Microsoft Sentinel and 1Password integration!
Getting started
The new Microsoft Sentinel integration is available to anyone with a 1Password Business account and a Microsoft Sentinel account via the Microsoft Azure Marketplace. Get started by connecting your account from the integrations directory in 1Password Business. Once the accounts are connected, you can start enabling features.
Microsoft Sentinel is the newest in a long line of 1Password Business security information and event management (SIEM) integrations that includes Datadog, Elastic, Panther, Splunk, and Sumo Logic. (You can build your own, too, with the 1Password Events API.)
Interested in partnering with 1Password as an integrated service? We’d love to hear from you. Reach out to tech-partnerships@1password.com to start a conversation.
Tweet about this post