MS Sentinel Running List of Rules Requests

[skylar-1Password]

Starting an issue to track requests for rules to be added to the 1Password x Sentinel integration.

• Changes to SSO configurations for 1Password
• Changes to firewall rules
• Users were added to owner, security or admin groups
• User's account MFA was changed n-times in [time].
• Multiple MFA methods for a user's 1Password account were added in [time]
• IP changed more than n-times while 1Password session is open.
• Service account was added or given access to data
• Changes to permissions on vaults (generally or specific)
• Ability to define specific vaults that trigger alerts if user gives themselves access (e.g. AWS, Azure, root accounts)
• Ability to define specific vaults that trigger alerts if user accesses item (e.g. AWS, Azure, root accounts)

[github-actions]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed in two weeks if no further activity occurs. 1Password employees have been nudged.