I need help getting audit events from our vault using the CLI

ChikaAcholonu
ChikaAcholonu
Community Member
edited May 2023 in Business and Teams

Our SIEM tool doesn't have a built in integration with 1Password, so I'm trying to use the CLI to make API calls that will audit event logs. The plan is to have the logs sent to an S3 bucket.
I've got 2 questions
-One is the best way to get the audit events from 1Password to an S3 bucket
-I'm getting errors on the CLI when I try to use this command to make an API call

cmd /c curl --request POST --url https://events.1password.com/api/v1/itemusages --header "Authorization: Bearer 'Bearer_Token' --header 'Content-Type: application/json' --data '{ "limit":10, "start_time":"2023-03-28T16:32:50-03:00"}'

I get this error
{"Error":{"Message":"Bad Request"}}

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Windows
Browser:_ Not Provided
Referrer: forum-search:scim bridge

Comments

  • 1P_Amanda
    1P_Amanda

    Hi @ChikaAcholonu,

    I'm moving this to the Business and Teams bucket, as this is related to the events API, not our CLI. The people answering there should have an answer for you!

    Thanks,
    Amanda

  • ag_max
    ag_max
    edited May 2023

    Hi @ChikaAcholonu,

    I'm moving this to our email system, as our Integrations team would be happy to assist with this 1Password Events Reporting matter. One of my colleagues will reply as soon as they're available. Thanks so much for your patience. 👍

    ref: Zd-#140292

This discussion has been closed.