1Password plugin

Visit our website to see the data that you can access if you use this plugin to add the data source to SquaredUp:

1Password

Visualize your 1Password report data. This includes sign-in attempts and item usage.

The 1Password data source features the ability to do the following and more:

• Sign in events by category (table, donut, line graph)

• Sign in events by type (table, donut, line graph)

• Top N Failed Sign-ins

• Top N Most used logins

• Most used Items

• Track user adoption or retention

• Monitor spikes in failed logins and visualize the source country.

How to add a 1Password data source

To issue a 1Password events API key:

1. Sign in to your account on 1Password.com and click Integrations in the sidebar.

2. Set a name for the integration, such as SquaredUp.

3. Enter a name for the 1Password events API key and choose when it will expire. Select the event types the token has access to, this should be both, then click Issue Token.

4. Optionally, you can click Save in 1Password and choose which vault to save your token to. Then click View Integration Details.

Now use your bearer token to configure the data source in SquaredUp:

1. To add a data source click on the + next to Data Sources on the left-hand menu in SquaredUp. Search for the data source and click on it to open the Configure data source page.

2. Display Name:

   Enter a name for your data source. This helps you to identify this data source in the list of your data sources.

3. 1Password Events API Key:

   Enter your 1Password events API key for either Business or Enterprise.

4. Select 1Password server domain:

   Select where your 1Password server is located. Available options are: .com, .ca, and .eu.

5. Business or Enterprise account:

   Select whether you are configuring the data source for a Business or Enterprise account.

6. Install Sample Dashboards:

   Select whether you would like to install sample dashboards with the data source. By default, this is set to on.

7. Optionally, select whether you would like to restrict access to this data source instance. By default, restricted access is set to off.

   Restrict access to this data source

   The term data source here really means data source instance. For example, a user may configure two instances of the AWS data source, one for their development environment and one for production. In that case, each data source instance has its own access control settings.

   By default, Restrict access to this data source is set to off. The data source can be viewed, edited and administered by anyone. If you would like to control who has access to this data source, switch Restrict access to this data source to on.

   Use the Restrict access to this data source dropdown to control who has access to the workspace:

   • By default, the user setting the permissions for the data source will be given Full Control and the Everyone group will be given Link to workspace permissions.

   • Tailor access to the data source, as required, by selecting individual users or user groups from the dropdown and giving them Link to workspace or Full Control permissions.

   • If the user is not available from the dropdown, you are able to invite them to the data source by typing in their email address and then clicking Add. The new user will then receive an email inviting them to create an account on SquaredUp. Once the account has been created, they will gain access to the organization.

   • At least one user or group must be given Full Control.

   • Admin users can edit the configuration, modify the Access Control List (ACL) and delete the data source, regardless of the ACL chosen.

   Data source access levels

   Access Level:

   Link to workspace	User can link the data source to any workspace they have at least Editor permissions for. Data from the data source can then be viewed by anyone with any access to the workspace. User can share the data source data with anyone they want. User cannot configure the data source in any way, or delete it.
   Full Control	User can change the data source configuration, ACL, and delete the data source.

   See Access control for more information.

8. Click Add.

   You can also add a data source from Settings > Data Sources > Add data source, but sample dashboards are not added when using this method.

Using the 1Password data streams

What is a data stream?

Data streams standardize data from all the different shapes and formats your tools use into a straightforward tabular format. While creating a tile you can tweak data streams by grouping or aggregating specific columns. Depending on the kind of data, SquaredUp will automatically suggest how to visualize the result, for example as a table or line graph.

Data streams can be either global or scoped:

• Global data streams are unscoped and return information of a general nature (e.g. "Get the current number of unused hosts").

• A scoped data stream gets information relevant to the specific set objects supplied in the tile scope (e.g. "Get the current session count for these hosts").

Creating a data stream using the configurable data stream

What is a configurable data stream?

A configurable data stream allows you to easily create new data streams specific to your needs, by entering information into a form, such as metric names or queries. Configurable data streams have a cog icon next to their name in the tile editor.

Any data stream you create can be edited by clicking the edit button (pencil) next to it in the tile editor, and also from Settings > Advanced > Data Streams.

There are five configurable data streams available for this data source:

• All Failed Sign-ins - Get the failed sign-ins, see All Failed Sign-ins

• All Item Usages - Get all the items used, see All Item Usages

• All Sign-ins - Get all the sign-ins, see All Sign-ins

• Graph Item Usages - Graph the items used by a selected property, see Graph Item Usages

• Graph Sign-ins - Graph sign-ins for the selected timeframe, see Graph Sign-ins

All Failed Sign-ins

1. Filter by the 1Password data source.

2. Select All Failed Sign-ins from the data stream list and then click Next.

3. Enter a Display Name for the new data stream.

4. Optional, list top n:

   Optionally, enter how many failed sign-in attempts to limit the list to, for example: 10.

5. Optional, property to top n:

   Optionally, select a property that you wish to filter top n results by. Available options are: category, country, type, user_name, client_app_name, client_ip, client_platform_name, client_os_name.

All Item Usages

1. Filter by the 1Password data source.

2. Select All Item Usages from the data stream list and then click Next..

3. Enter a Display Name for the new data stream.

4. Optional, list top n:

   Optionally, enter how many used items to limit the list to, for example: 10.

5. Optional, property to top n:

   Optionally, select a property that you wish to filter top n results by. Available options are: action, user_name, user_UUID, user_email, client_app_name, client_os_name, client_os_version, client_platform_name, client_ip.

All Sign-ins

1. Filter by the 1Password data source.

2. Select All Sign-ins from the data stream list and then click Next..

3. Enter a Display Name for the new data stream.

4. Optional, list top n:

   Optionally, enter how many sign-in attempts to limit the list to, for example: 10.

5. Optional property to top n:

   Optionally, select a property that you wish to filter top n results by. Available options are: category, country, type, user_name, client_app_name, client_ip, client_platform_name, client_os_name.

Graph Item Usages

1. Filter by the 1Password data source.

2. Select Graph Item Usages from the data stream list and then click Next..

3. Enter a Display Name for the new data stream.

4. Property to graph:

   Select a property that you want to graph to, for example: action, user_name, user_UUID, user_email, client_app_name, client_os_name, client_os_version, client_platform_name, client_ip.

Graph Sign-ins

1. Filter by the 1Password data source.

2. Select Graph Sign-ins from the data stream list and then click Next.

3. Enter a Display Name for the new data stream.

4. Property to graph:

   Select a property that you want to graph to, for example: category, country, type, user_name, client_app_name, client_ip, client_platform_name, client_os_name.

Data streams – dataSourceConfig Overrides

timeframe

You can override the provided timeframe enum when graphing by adding a timeframe to the dataSourceConfig to group by:

"Last1hour" for mins

"Last24hours" for hours

"Last7days" for days

"months" for months

“timeframe” : “Last24hours"

filter

A filter can be added to bring back values that match the values of the property named in name:

"filter": [{
  "name" : "category",
  "value" : ["credentials_failed","mfa_failed","modern_version_failed","firewall_failed"]
}],

This could be used to ensure only a specific users, actions or countries show up in the visualization.