MS Sentinel Running List of Rules Requests

[skylar-1Password]

Starting an issue to track requests for rules to be added to the 1Password x Sentinel integration.

• Changes to SSO configurations for 1Password
• Changes to firewall rules
• Users were added to owner, security or admin groups
• User's account MFA was changed n-times in [time].
• Multiple MFA methods for a user's 1Password account were added in [time]
• IP changed more than n-times while 1Password session is open.
• Service account was added or given access to data
• Changes to permissions on vaults (generally or specific)
• Ability to define specific vaults that trigger alerts if user gives themselves access (e.g. AWS, Azure, root accounts)
• Ability to define specific vaults that trigger alerts if user accesses item (e.g. AWS, Azure, root accounts)