{"id":18454359,"url":"https://github.com/1password/events-api-elastic","last_synced_at":"2025-04-08T03:36:08.676Z","repository":{"id":39698504,"uuid":"377839123","full_name":"1Password/events-api-elastic","owner":"1Password","description":null,"archived":false,"fork":false,"pushed_at":"2024-01-16T15:28:35.000Z","size":21243,"stargazers_count":14,"open_issues_count":1,"forks_count":6,"subscribers_count":14,"default_branch":"main","last_synced_at":"2024-06-21T07:06:16.486Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/1Password.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-06-17T13:25:01.000Z","updated_at":"2024-05-20T15:02:57.000Z","dependencies_parsed_at":"2024-06-20T05:22:17.660Z","dependency_job_id":"ee8e1772-daed-47c8-86ae-81d605f78069","html_url":"https://github.com/1Password/events-api-elastic","commit_stats":null,"previous_names":[],"tags_count":9,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/1Password%2Fevents-api-elastic","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/1Password%2Fevents-api-elastic/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/1Password%2Fevents-api-elastic/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/1Password%2Fevents-api-elastic/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/1Password","download_url":"https://codeload.github.com/1Password/events-api-elastic/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":223303757,"owners_count":17123097,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-06T08:03:55.180Z","updated_at":"2024-11-06T08:03:55.744Z","avatar_url":"https://github.com/1Password.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Eventsapibeat\n\nEventsapibeat is the open source libbeat based data shipper for pulling events from the 1Password Events API.\nThis beat will fetch successful and failed sign-in attempts and items usage data from public 1Password Events API.\n\n## Installation\n\nDownload the latest binaries from [the releases page](https://github.com/1Password/events-api-elastic/releases/latest).\nOr build from sources, _resulting binary will be located at 'bin' folder_:\n\n```shell\nmake eventsapibeat\n```\n\n## Configuration\n\nRename the sample configuration file _eventsapibeat-sample.yml_ to _eventsapibeat.yml_.\n\nCreate a [1Password Events Reporting](https://support.1password.com/events-reporting-elastic/) integration for your account and configure the `auth_token`.\n\n```yaml\nsignin_attempts:\n auth_token: \"token\"\nitem_usages:\n auth_token: \"token\"\naudit_events:\n auth_token: \"token\"\n```\n\nConfigure the remaining options and set your output as usual.\n\n## Run\n\n```\n./eventsapibeat -c eventsapibeat.yml -e\n```\n\n## Elastic Common Schema\n\n### Sign-in Attempts fields\n\n| Field | Description | Type |\n| ------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------- | --------- |\n| `@timestamp` | The date and time of the sign-in attempt | date |\n| `event.action` | The category of the sign-in attempt | keyword |\n| `user.id` | The UUID of the user that attempted to sign in to the account | keyword |\n| `user.full_name` | The name of the user, hydrated at the time the event was generated | keyword |\n| `user.email` | The email address of the user, hydrated at the time the event was generated | keyword |\n| `os.name` | The name of the operating system of the user that attempted to sign in to the account | keyword |\n| `os.version` | The version of the operating system of the user that attempted to sign in to the account | keyword |\n| `source.ip` | The IP address that attempted to sign in to the account | ip |\n| `geo.country_iso_code` | The country code of the event. Uses the ISO 3166 standard | keyword |\n| `geo.region_name` | The region name of the event | keyword |\n| `geo.city_name` | The city name of the event | keyword |\n| `geo.location` | The longitude and latitude of the event | geo_point |\n| `onepassword.uuid` | The UUID of the event | keyword |\n| `onepassword.session_uuid` | The UUID of the session that created the event | keyword |\n| `onepassword.type` | Details about the sign-in attempt | keyword |\n| `onepassword.country` | The country code of the event. Uses the ISO 3166 standard | keyword |\n| `onepassword.details` | Additional information about the sign-in attempt, such as any firewall rules that prevent a user from signing in | keyword |\n| `onepassword.client.app_name` | The name of the 1Password app that attempted to sign in to the account | keyword |\n| `onepassword.client.app_version` | The version number of the 1Password app | keyword |\n| `onepassword.client.platform_name` | The name of the platform running the 1Password app | keyword |\n| `onepassword.client.platform_version` | The version of the browser or computer where the 1Password app is installed, or the CPU of the machine where the 1Password command-line tool is installed | keyword |\n\n### Item Usages fields\n\n| Field | Description | Type |\n| ------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------- | --------- |\n| `@timestamp` | The date and time of the item usage | date |\n| `event.action` | The action performed on the item | keyword |\n| `user.id` | The UUID of the user that accessed the item | keyword |\n| `user.full_name` | The name of the user, hydrated at the time the event was generated | keyword |\n| `user.email` | The email address of the user, hydrated at the time the event was generated | keyword |\n| `os.name` | The name of the operating system the item was accessed from | keyword |\n| `os.version` | The version of the operating system the item was accessed from | keyword |\n| `source.ip` | The IP address the item was accessed from | ip |\n| `geo.country_iso_code` | The country code of the event. Uses the ISO 3166 standard | keyword |\n| `geo.region_name` | The region name of the event | keyword |\n| `geo.city_name` | The city name of the event | keyword |\n| `geo.location` | The longitutde and latitude of the event | geo_point |\n| `onepassword.uuid` | The UUID of the event | keyword |\n| `onepassword.used_version` | The version of the item that was accessed | long |\n| `onepassword.vault_uuid` | The UUID of the vault the item is in | keyword |\n| `onepassword.item_uuid` | The UUID of the item that was accessed | keyword |\n| `onepassword.client.app_name` | The name of the 1Password app the item was accessed from | keyword |\n| `onepassword.client.app_version` | The version number of the 1Password app | keyword |\n| `onepassword.client.platform_name` | The name of the platform the item was accessed from | keyword |\n| `onepassword.client.platform_version` | The version of the browser or computer where the 1Password app is installed, or the CPU of the machine where the 1Password command-line tool is installed | keyword |\n\n### Audit Events fields\n\n| Field | Description | Type |\n| ---------------------------------- | ------------------------------------------------------------------ | ------- |\n| `@timestamp` | The date and time of the audit event. Uses the RFC 3339 standard. | date |\n| `event.action` | Details about the action taken for the audit event. | keyword |\n| `user.id` | The UUID of the user that performed the audit event. | keyword |\n| `source.ip` | The IP address that performed the audit event. | ip |\n| `onepassword.uuid` | The UUID of the audit event. | keyword |\n| `onepassword.object_type` | The target object type of the audit event. | keyword |\n| `onepassword.object_uuid` | The target object UUID of the audit event. | keyword |\n| `onepassword.aux_id` | Any auxiliary ID of the audit event. | long |\n| `onepassword.aux_uuid` | Any auxiliary UUID of the audit event. | keyword |\n| `onepassword.aux_info` | Any auxiliary info of the audit event. | keyword |\n| `onepassword.session.session_uuid` | The UUID of the user session that performed the audit event. | keyword |\n| `onepassword.session.device_uuid` | The UUID of the device that performed the audit event. | keyword |\n| `onepassword.session.login_time` | The login time of the user session that performed the audit event. | date |\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F1password%2Fevents-api-elastic","html_url":"https://awesome.ecosyste.ms/projects/github.com%2F1password%2Fevents-api-elastic","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F1password%2Fevents-api-elastic/lists"}