Determine who an item was shared with via audit events
Is there any way via the auditevents or itemusages API results to determine who accessed an item via a sharing link? I'm able to find "share" events, but nothing indicating who the item was shared with. I would expect, at least, events in the itemusages API for "reveal" or "secure-copy".
I'm able to determine this via Activity Log on the 1Password site or via sharing history for items that I have access to, but this isn't sufficient for security use cases due to retention limitations.
Has anyone found a solution for this?
Comments
-
Hello @pstratis! 👋
Thanks for reaching out! The Activity Log keeps 365 days of events, do you require a longer retention period than that? If you do then you can send your account activity to a SIEM solution using events reporting. You can find more information here:
For more information, I recommend reaching out to our extended services team at
support+forum@1Password.comand they would be happy to advise further.-Dave
0 -
Hey Dave - that's the root of my question. We are already sending account activity to our SIEM via Events Reporting and unfortunately it doesn't seem like the same level of visibility is available via the Events API (specifically, it doesn't show who an item was shared with).
In any case, I'll reach out to support for more help.
0
