Attempt to modify a 1Password item by user
Set up the 1password integration.
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。
Goal
Detect when a 1Password user attempts to modify an item.
Strategy
This rule monitors 1Password audit logs to determine when the the enter-item-edit-mode item usage action occurs. This could indicate an attempt to modify an item.
Triage & response
- Investigate the
{{@usr.email}} attempting to modify item {{@item_uuid}} within vault {{@vault_uuid}}. - If this action was unintend by the user:
- Rotate the user’s 1Password master password
- Identify all the items that were modified and rotate the necessary authentication credentials
