diff --git a/Plugins/Community Based Plugins/1Password/KQL/README.md b/Plugins/Community Based Plugins/1Password/KQL/README.md
new file mode 100644
index 00000000..bea4af1d
--- /dev/null
+++ b/Plugins/Community Based Plugins/1Password/KQL/README.md
@@ -0,0 +1,259 @@
+# User Manual: 1Password Plugin for Microsoft Copilot for Security
+
+## Introduction
+This manual provides detailed instructions for implementing, configuring, and using the 1Password plugin with Microsoft Copilot for Security. This integration enables security teams to analyze and investigate 1Password audit data through Microsoft Sentinel, allowing for enhanced security monitoring, threat detection, and incident response.
+
+## Table of Contents
+1. [Overview](#overview)
+2. [Prerequisites](#prerequisites)
+3. [Implementation Steps](#implementation-steps)
+4. [Configuration Guide](#configuration-guide)
+5. [Usage Instructions](#usage-instructions)
+6. [Advanced Usage](#advanced-usage)
+7. [Security Considerations](#security-considerations)
+8. [Troubleshooting](#troubleshooting)
+9. [Frequently Asked Questions](#frequently-asked-questions)
+10. [Additional Resources](#additional-resources)
+
+## Overview
+The 1Password plugin for Microsoft Copilot for Security leverages audit data collected by Microsoft Sentinel to provide security teams with insights into 1Password usage, potential security events, and anomalous behaviors. This plugin does not retrieve secrets or credentials from 1Password, but rather analyzes the audit logs and events to enhance security monitoring and incident response capabilities.
+
+## Prerequisites
+Before implementing the 1Password plugin for Microsoft Copilot for Security, ensure you have:
+- A 1Password Enterprise subscription (Business or Enterprise plan)
+- Microsoft Sentinel deployed and configured in your environment
+- Microsoft Sentinel data connector for 1Password properly configured and ingesting data
+- Administrative access to your Microsoft Copilot for Security environment
+- Microsoft Sentinel workspace linked to Microsoft Copilot for Security
+- Familiarity with KQL (Kusto Query Language) for creating and modifying queries
+
+## Implementation Steps
+
+### Step 1: Configure 1Password Audit Logging
+To enable audit logging in 1Password, follow the [Events Reporting documentation](https://support.1password.com/events-reporting/) or complete these steps:
+
+1. Sign in to 1Password.com as an owner or administrator
+2. Click **Integrations** in the sidebar
+3. Click **Directory** at the top of the page
+4. Find the **Microsoft Sentinel** integration and click **Set Up**
+5. Enter a name for your integration (e.g., "Microsoft Sentinel Connector")
+6. Choose between:
+ - **Send events from all vaults** to report events for your entire account
+ - **Choose vaults** to select specific vaults for event reporting
+7. Click **Add Integration**
+8. Save the bearer token that's displayed - you'll need this to configure the Microsoft Sentinel connector
+9. Follow the [1Password Sentinel integration guide](https://support.1password.com/1password-sentinel-integration/#step-2-activate-the-1password-serverless-connector) to activate the serverless connector
+10. Configure the appropriate log retention policies
+11. Verify that user activities, authentication events, and admin actions are being logged
+
+For detailed configuration options and troubleshooting, refer to the [Events Reporting setup guide](https://support.1password.com/events-reporting/#step-1-set-up-an-events-reporting-integration).
+2. Navigate to the Security settings
+3. Ensure comprehensive audit logging is enabled
+4. Configure the appropriate log retention policies
+5. Verify that user activities, authentication events, and admin actions are being logged
+
+### Step 2: Set Up Microsoft Sentinel Connector for 1Password
+1. Access your Microsoft Sentinel workspace
+2. Navigate to the Data Connectors section
+3. Locate and select the 1Password data connector
+4. Follow the configuration wizard to connect to your 1Password environment
+5. Validate that audit logs are being successfully ingested into Microsoft Sentinel
+
+### Step 3: Install and Configure the Plugin
+1. Access your Microsoft Copilot for Security admin portal
+2. Navigate to the Plugin Management section
+3. Select "Add New Plugin" and choose the community plugin option
+4. Upload the 1Password plugin package or specify its repository location
+5. Configure the plugin to connect to your Microsoft Sentinel workspace
+
+## Configuration Guide
+
+### Required Parameters
+Configure the following parameters for the plugin to function correctly:
+
+1. **Microsoft Entra Tenant ID**
+ - The unique identifier of your Microsoft Entra environment
+ - Format: `xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx`
+
+2. **Subscription ID**
+ - The unique identifier of the Azure Subscription of Microsoft Sentinel
+ - Format: `xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx`
+
+3. **ResourceGroup Name**
+ - This is the resource group name that security copilot will use for sentinel.
+
+4. **Workspace Name**
+ - This is the workspace name that security copilot will use for sentinel.
+
+### Configuration Methods
+1. **Plugin Configuration Portal**
+ - Configure settings directly in the Microsoft Copilot for Security plugin interface
+ - Specify workspace connection parameters
+ - Test connectivity before saving
+
+## Usage Instructions
+
+### Basic Usage
+After successful installation and configuration, the 1Password plugin integrates seamlessly with Microsoft Copilot for Security's natural language interface. You can analyze 1Password audit data by simply asking Copilot questions during your security workflows.
+
+### KQL Integration
+The 1Password plugin leverages KQL (Kusto Query Language) to query Microsoft Sentinel data. This enables precise analysis of 1Password audit logs:
+
+```kql
+// Example KQL query to analyze failed login attempts
+OnePasswordEventLogs_CL
+| where EventType == "signinattempts"
+| where ResultType == "fail"
+| summarize FailedAttempts = count() by tostring(target_user.name), tostring(client.ip_address), bin(TimeGenerated, 1h)
+| where FailedAttempts > 5
+```
+
+### Interaction Methods
+å
+#### 1. Natural Language Queries
+Use conversational language to analyze 1Password audit data:
+
+* "Show me all failed login attempts in 1Password over the past week"
+* "Who accessed sensitive vaults in 1Password outside of business hours?"
+* "Has anyone created new shared vaults in the last month?"
+
+#### 2. Structured Commands
+For more precise control, use structured command syntax:
+
+* `analyze-events -type:"item.view" -timeframe:"last 7 days" -user:"admin"`
+* `detect-anomalies -dataset:"authentication" -baseline:"30 days"`
+* `report-activity -vault:"Finance" -action:"create,delete,modify"`
+
+#### 3. Workflow Integration
+Include 1Password audit analysis as part of larger security workflows:
+
+* "Investigate this user account and check for unusual 1Password activity"
+* "Analyze login patterns across our SSO providers including 1Password"
+* "Generate a compliance report showing all access to regulated data in 1Password"
+
+### Response Formatting
+The plugin formats responses to provide clear security insights:
+
+* **Event Timelines**: Chronological view of related security events
+* **User Activity Profiles**: Aggregated view of user behaviors
+* **Anomaly Highlighting**: Clear identification of outlier events
+* **Visual Analytics**: Charts and graphs for pattern recognition
+
+## Advanced Usage
+
+### Security Incident Investigation
+The plugin enables advanced investigation of security incidents involving 1Password usage:
+
+```
+# Example Investigation Workflow
+1. Receive alert about suspicious access to sensitive vault
+2. Query 1Password audit logs for all actions by the flagged user
+3. Analyze access patterns and compare to historical baseline
+4. Correlate with other security telemetry (network logs, endpoint data)
+5. Generate comprehensive incident timeline and recommended actions
+```
+
+## Security Considerations
+
+### Data Access Controls
+The 1Password plugin for Microsoft Copilot for Security implements careful data access controls:
+- Only analyzes audit log data, not actual credentials or secrets
+- Leverages Microsoft Sentinel's existing security model and access controls
+- Uses TLS encryption for all communications between components
+- Respects workspace access permissions configured in Microsoft Sentinel
+
+### Security Best Practices
+- **Role-Based Access Control**: Limit access to 1Password audit data in Microsoft Sentinel
+- **Log Data Classification**: Properly classify and handle audit data according to sensitivity
+- **Result Filtering**: Configure data minimization practices for query results
+- **Workspace Isolation**: Maintain proper separation between production and development workspaces
+- **Alert Configuration**: Set up appropriate alerts based on 1Password audit analysis
+
+### Common Issues and Resolutions
+
+#### Data Ingestion Issues
+| Issue | Possible Causes | Resolution Steps |
+|-------|----------------|-----------------|
+| Missing Audit Data | Connector misconfiguration, Ingestion pipeline issues | 1. Verify Microsoft Sentinel connector status
2. Check 1Password audit logging settings
3. Review data connector logs
4. Validate Log Analytics agent functionality |
+| Data Delay | Ingestion latency, High data volume, Processing bottlenecks | 1. Check ingestion pipeline status
2. Review Microsoft Sentinel health metrics
3. Optimize data collection rules
4. Consider dedicated capacity for critical data |
+
+#### Query Issues
+| Issue | Possible Causes | Resolution Steps |
+|-------|----------------|-----------------|
+| Query Timeout | Complex queries, Large data volume, Resource constraints | 1. Optimize query complexity
2. Add appropriate filters
3. Use time-based partitioning
4. Consider materialized views |
+| Schema Mismatch | Custom field mappings, Schema evolution, Parser errors | 1. Review schema definitions
2. Update field mappings
3. Check for data format changes
4. Update custom parsers if needed |
+
+#### Plugin Access Issues
+| Feature | Common Problems | Troubleshooting Steps |
+|---------|----------------|---------------------|
+| Workspace Access | Permission issues, Misconfigured workspace ID | 1. Verify workspace access permissions
2. Check workspace connection string
3. Review Microsoft Copilot for Security configuration
4. Validate Microsoft Entra ID permissions |
+| KQL Functions | Function registration failure, Syntax errors, Execution timeout | 1. Check function registration status
2. Validate KQL syntax
3. Review function permissions
4. Optimize function logic |
+
+### Performance Optimization
+- Use efficient KQL patterns and avoid cross-joins on large datasets
+- Implement appropriate time filters to limit data processing
+- Consider materialized views for frequently run analytical queries
+- Monitor query performance and optimize resource-intensive operations
+
+## Frequently Asked Questions
+
+**Q: What 1Password plans are compatible with this plugin?**
+A: The plugin works with any 1Password Business or Enterprise plan that supports audit logging and can be integrated with Microsoft Sentinel. Teams, Business, and Enterprise plans are all compatible when properly configured.
+
+**Q: Does the plugin access actual credentials or secrets from 1Password?**
+A: No, the plugin only analyzes audit data that has been ingested into Microsoft Sentinel. It does not access, retrieve, or expose any actual credentials or secrets stored in 1Password.
+
+**Q: What types of 1Password events can be analyzed with this plugin?**
+A: The plugin can analyze all audit events captured by 1Password and ingested into Microsoft Sentinel, including user authentication, item access, administrative actions, vault management, and security settings changes.
+
+**Q: How current is the audit data available through the plugin?**
+A: Data freshness depends on your Microsoft Sentinel ingestion configuration. Typically, there is a slight delay between events occurring in 1Password and their availability in Microsoft Sentinel, usually ranging from minutes to an hour.
+
+**Q: How far back can the plugin analyze 1Password audit data?**
+A: The plugin can analyze data as far back as your Microsoft Sentinel retention policy allows, which is typically 90 days by default but can be extended based on your configuration and licensing.
+
+**Q: Can I create custom detection rules using this plugin?**
+A: Yes, the plugin supports the creation and management of custom detection rules based on 1Password audit patterns, allowing organizations to implement security controls specific to their environment.
+
+**Q: What happens if the Microsoft Sentinel connector stops ingesting data?**
+A: The plugin will continue to function but will only be able to analyze historical data up to the point when ingestion stopped. It includes diagnostic capabilities to detect and alert on ingestion issues.
+
+**Q: Does the plugin support cross-platform audit analysis?**
+A: Yes, you can correlate 1Password audit data with other security telemetry in Microsoft Sentinel to perform cross-platform security analysis and investigations.
+
+**Q: Can the plugin detect insider threats or compromised accounts?**
+A: Yes, the plugin includes behavior analytics capabilities that can help identify unusual patterns that might indicate insider threats or compromised 1Password accounts based on audit log patterns.
+
+## Additional Resources
+
+### Documentation
+- [1Password Business Documentation](https://support.1password.com/business/)
+- [Microsoft Sentinel 1Password Data Connector](https://learn.microsoft.com/en-us/azure/sentinel/data-connectors/1password)
+- [Microsoft Copilot for Security Plugin Framework](https://learn.microsoft.com/en-us/security-copilot/plugins-overview)
+- [KQL Query Language Reference](https://learn.microsoft.com/en-us/azure/data-explorer/kusto/query/)
+
+### Technical Resources
+- [KQL Functions Reference for 1Password Audit Analysis](plugin-documentation/kql-reference.md)
+- [Audit Schema Documentation](plugin-documentation/audit-schema.pdf)
+- [Sample Security Detection Rules](https://github.com/microsoft/securitycopilot-workflows/1password)
+- [Microsoft Sentinel Workbooks for 1Password](https://github.com/microsoft/sentinel-workbooks/1password)
+
+### Training and Support
+- [Video Tutorial: Setting Up the 1Password Plugin with Microsoft Sentinel](https://aka.ms/copilot-security/tutorials)
+- [Interactive Training Lab: Advanced KQL for Audit Analysis](https://aka.ms/copilot-security/labs)
+- [Community Forum: Microsoft Copilot for Security](https://techcommunity.microsoft.com/t5/security-copilot/bd-p/SecurityCopilot)
+- [1Password Security Resources](https://support.1password.com/security/)
+
+### Updates and Releases
+- [Plugin Release Notes](plugin-documentation/releases.md)
+- [Sentinel Data Connector Updates](https://learn.microsoft.com/en-us/azure/sentinel/whats-new)
+- [1Password Audit Log Format Changes](https://developer.1password.com/changelog/)
+
+---
+
+*© 2025 Microsoft Corporation. All rights reserved.*
+*1Password is a registered trademark of AgileBits Inc.*
+
+*This documentation is provided for informational purposes only and is subject to change without notice. Microsoft makes no warranties, express or implied, with respect to the information provided here.*
+
+*For questions, technical support, or to report security vulnerabilities, please contact your Microsoft security representative or visit the Security Copilot support portal.*
diff --git a/Plugins/Community Based Plugins/1Password/KQL/logo/1password.svg b/Plugins/Community Based Plugins/1Password/KQL/logo/1password.svg
new file mode 100644
index 00000000..0b54863b
--- /dev/null
+++ b/Plugins/Community Based Plugins/1Password/KQL/logo/1password.svg
@@ -0,0 +1,2 @@
+
+
\ No newline at end of file
diff --git a/Plugins/Community Based Plugins/1Password/KQL/manifest/1password_manifest.yaml b/Plugins/Community Based Plugins/1Password/KQL/manifest/1password_manifest.yaml
new file mode 100644
index 00000000..72ccb240
--- /dev/null
+++ b/Plugins/Community Based Plugins/1Password/KQL/manifest/1password_manifest.yaml
@@ -0,0 +1,483 @@
+Descriptor:
+ Name: 1Password
+ DisplayName: 1Password Plugin v0.5.0 (Preview)
+ Description: |-
+ This integration enables Microsoft Copilot for Security to query and analyze 1Password audit and event logs using KQL (Kusto Query Language).
+ It allows security teams to monitor failed user login attempts and integration token changes within 1Password,
+ providing enhanced visibility and incident response capabilities directly from Microsoft Sentinel.
+ Category: Other
+ Icon: https://raw.githubusercontent.com/Azure/Azure-Sentinel/refs/heads/master/Logos/1password.svg
+ Settings:
+
+ - Name: TenantId
+ Label: TenantId
+ Description: Azure TenantId
+ HintText: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
+ SettingType: String
+ Required: true
+
+ - Name: SubscriptionId
+ Label: Subscription Id
+ Description: This is the subscription id that security copilot will use for sentinel.
+ HintText: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
+ SettingType: String
+ Required: true
+
+ - Name: ResourceGroupName
+ Label: ResourceGroupName
+ Description: This is the resource group name that security copilot will use for sentinel.
+ HintText: rg-dev-sentinel
+ SettingType: String
+ Required: true
+
+ - Name: WorkspaceName
+ Label: WorkspaceName
+ Description: This is the workspace name that security copilot will use for sentinel.
+ HintText: SentinelWorkspace
+ SettingType: String
+ Required: true
+
+ SupportedAuthTypes:
+ - None
+
+SkillGroups:
+ - Format: KQL
+ Skills:
+
+# -----------------------------------------------------------------------------------------------------------------------------
+# base functionality - signinattempts (user and summarized)
+# -----------------------------------------------------------------------------------------------------------------------------
+
+ - Name: usersigninattempts
+ DisplayName: user signin attempts
+ Description: Fetches a summarized list of specific user signin attempts for the provided month (current_month/last_month)
+ Inputs:
+ - Name: month
+ Description: Look back to the current_month or last_month.
+ Required: true
+ - Name: user
+ Description: Filter for the user based on their UserPrincipalName (email).
+ Required: true
+ Settings:
+ Target: Sentinel
+ TenantId: '{{TenantId}}'
+ SubscriptionId: '{{SubscriptionId}}'
+ ResourceGroupName: '{{ResourceGroupName}}'
+ WorkspaceName: '{{WorkspaceName}}'
+ Template: |-
+ let current_month = -0;
+ let last_month = -1;
+ OnePasswordEventLogs_CL
+ // time filter
+ | where TimeGenerated between (startofmonth(now(), {{month}}) .. endofmonth(now(), {{month}}))
+ | where log_source == "signinattempts"
+ // user filter
+ | where tostring(target_user.email) == "{{user}}"
+ // target_user variables
+ | extend
+ target_user_email = tostring(target_user.email)
+ , target_user_name = tostring(target_user.name)
+ , target_user_uuid = tostring(target_user.uuid)
+ // client variables
+ | extend
+ client_app_name = tostring(client.app_name)
+ , client_ip_address = tostring(client.ip_address)
+ , client_os_name = tostring(client.os_name)
+ , client_platform_name = tostring(client.platform_name)
+ // location variables
+ | extend
+ location_city = tostring(location.city)
+ , location_country = tostring(location.country)
+ , location_region = tostring(location.region)
+ | summarize by
+ target_user_email
+ , client_ip_address
+ , target_user_name
+ , target_user_uuid
+ , category
+ , action_type
+ , client_app_name
+ , client_os_name
+ , client_platform_name
+ , location_country
+ , location_region
+ , location_city
+ | sort by
+ target_user_email asc
+ , client_ip_address asc
+
+ - Name: summarizedsigninattempts
+ DisplayName: summarized signin attempts
+ Description: Fetches a summarized list of user signin attempts for the provided month (current_month/last_month)
+ Inputs:
+ - Name: month
+ Description: Look back to the current_month or last_month.
+ Required: true
+ Settings:
+ Target: Sentinel
+ TenantId: '{{TenantId}}'
+ SubscriptionId: '{{SubscriptionId}}'
+ ResourceGroupName: '{{ResourceGroupName}}'
+ WorkspaceName: '{{WorkspaceName}}'
+ Template: |-
+ let current_month = -0;
+ let last_month = -1;
+ OnePasswordEventLogs_CL
+ // time filter
+ | where TimeGenerated between (startofmonth(now(), {{month}}) .. endofmonth(now(), {{month}}))
+ | where log_source == "signinattempts"
+ // target_user variables
+ | extend
+ target_user_email = tostring(target_user.email)
+ , target_user_name = tostring(target_user.name)
+ , target_user_uuid = tostring(target_user.uuid)
+ // client variables
+ | extend
+ client_app_name = tostring(client.app_name)
+ , client_ip_address = tostring(client.ip_address)
+ , client_os_name = tostring(client.os_name)
+ , client_platform_name = tostring(client.platform_name)
+ // location variables
+ | extend
+ location_city = tostring(location.city)
+ , location_country = tostring(location.country)
+ , location_region = tostring(location.region)
+ | summarize by
+ target_user_email
+ , client_ip_address
+ , target_user_name
+ , target_user_uuid
+ , category
+ , action_type
+ , client_app_name
+ , client_os_name
+ , client_platform_name
+ , location_country
+ , location_region
+ , location_city
+ | sort by
+ target_user_email asc
+ , client_ip_address asc
+
+# -----------------------------------------------------------------------------------------------------------------------------
+# base functionality - auditevents (user and summarized)
+# -----------------------------------------------------------------------------------------------------------------------------
+
+ - Name: userauditevents
+ DisplayName: user audit events
+ Description: Fetches a summarized list of specific user audit events for the provided month (current_month/last_month)
+ Inputs:
+ - Name: month
+ Description: Look back to the current_month or last_month.
+ Required: true
+ - Name: user
+ Description: Filter for the user based on their UserPrincipalName (email).
+ Required: true
+ Settings:
+ Target: Sentinel
+ TenantId: '{{TenantId}}'
+ SubscriptionId: '{{SubscriptionId}}'
+ ResourceGroupName: '{{ResourceGroupName}}'
+ WorkspaceName: '{{WorkspaceName}}'
+ Template: |-
+ let current_month = -0;
+ let last_month = -1;
+ let itemusages_actions = dynamic(["enter-item-edit-mode", "export", "fill", "other", "reveal", "secure-copy", "select-sso-provider", "server-create", "server-fetch", "server-update", "share"]);
+ OnePasswordEventLogs_CL
+ // time filter
+ | where TimeGenerated between (startofmonth(now(), {{month}}) .. endofmonth(now(), {{month}}))
+ // temporary addition of itemusages due to logging bug
+ | where log_source == "auditevents" or (log_source == "itemusages" and action !in~ (itemusages_actions))
+ // user filter
+ | where tostring(actor_details.email) == "{{user}}"
+ // location variables
+ | extend
+ location_country = tostring(location.country)
+ , location_region = tostring(location.region)
+ , location_city = tostring(location.city)
+ // actor_details variables
+ | extend
+ actor_details_uuid = tostring(actor_details.uuid)
+ , actor_details_name = tostring(actor_details.name)
+ , actor_details_email = tostring(actor_details.email)
+ // session variables
+ | extend
+ session_device_uuid = tostring(session.device_uuid)
+ , session_ip_address = tostring(session.ip)
+ | summarize by
+ actor_details_email
+ , session_ip_address
+ , actor_details_name
+ , actor_details_uuid
+ , action
+ , object_type
+ , aux_info
+ , session_device_uuid
+ , location_country
+ , location_region
+ , location_city
+ | sort by
+ actor_details_email asc
+ , session_ip_address asc
+
+ - Name: summarizedauditevents
+ DisplayName: summarized audit events
+ Description: Fetches a summarized list of user audit events for the provided month (current_month/last_month)
+ Inputs:
+ - Name: month
+ Description: Look back to the current_month or last_month.
+ Required: true
+ Settings:
+ Target: Sentinel
+ TenantId: '{{TenantId}}'
+ SubscriptionId: '{{SubscriptionId}}'
+ ResourceGroupName: '{{ResourceGroupName}}'
+ WorkspaceName: '{{WorkspaceName}}'
+ Template: |-
+ let current_month = -0;
+ let last_month = -1;
+ let itemusages_actions = dynamic(["enter-item-edit-mode", "export", "fill", "other", "reveal", "secure-copy", "select-sso-provider", "server-create", "server-fetch", "server-update", "share"]);
+ OnePasswordEventLogs_CL
+ // time filter
+ | where TimeGenerated between (startofmonth(now(), {{month}}) .. endofmonth(now(), {{month}}))
+ // temporary addition of itemusages due to logging bug
+ | where log_source == "auditevents" or (log_source == "itemusages" and action !in~ (itemusages_actions))
+ // location variables
+ | extend
+ location_country = tostring(location.country)
+ , location_region = tostring(location.region)
+ , location_city = tostring(location.city)
+ // actor_details variables
+ | extend
+ actor_details_uuid = tostring(actor_details.uuid)
+ , actor_details_name = tostring(actor_details.name)
+ , actor_details_email = tostring(actor_details.email)
+ // session variables
+ | extend
+ session_device_uuid = tostring(session.device_uuid)
+ , session_ip_address = tostring(session.ip)
+ | summarize by
+ actor_details_email
+ , session_ip_address
+ , actor_details_name
+ , actor_details_uuid
+ , action
+ , object_type
+ , aux_info
+ , session_device_uuid
+ , location_country
+ , location_region
+ , location_city
+ | sort by
+ actor_details_email asc
+ , session_ip_address asc
+
+# -----------------------------------------------------------------------------------------------------------------------------
+# base functionality - itemusages (user and summarized)
+# -----------------------------------------------------------------------------------------------------------------------------
+
+ - Name: useritemusages
+ DisplayName: user item usages
+ Description: Fetches a summarized list of specific user item usages for the provided month (current_month/last_month)
+ Inputs:
+ - Name: month
+ Description: Look back to the current_month or last_month.
+ Required: true
+ - Name: user
+ Description: Filter for the user based on their UserPrincipalName (email).
+ Required: true
+ Settings:
+ Target: Sentinel
+ TenantId: '{{TenantId}}'
+ SubscriptionId: '{{SubscriptionId}}'
+ ResourceGroupName: '{{ResourceGroupName}}'
+ WorkspaceName: '{{WorkspaceName}}'
+ Template: |-
+ let current_month = -0;
+ let last_month = -1;
+ let itemusages_actions = dynamic(["enter-item-edit-mode", "export", "fill", "other", "reveal", "secure-copy", "select-sso-provider", "server-create", "server-fetch", "server-update", "share"]);
+ OnePasswordEventLogs_CL
+ // time filter
+ | where TimeGenerated between (startofmonth(now(), {{month}}) .. endofmonth(now(), {{month}}))
+ // temporary addition of itemusages due to logging bug
+ | where log_source == "itemusages" and action in~ (itemusages_actions)
+ // user filter
+ | where tostring(user.email) == "{{user}}"
+ // client variables
+ | extend
+ client_app_name = tostring(client.app_name)
+ , client_platform_name = tostring(client.platform_name)
+ , client_os_name = tostring(client.os_name)
+ , client_ip_address = tostring(client.ip_address)
+ // location variables
+ | extend
+ location_country = tostring(location.country)
+ , location_region = tostring(location.region)
+ , location_city = tostring(location.city)
+ // user variables
+ | extend
+ user_uuid = tostring(user.uuid)
+ , user_name = tostring(user.name)
+ , user_email = tostring(user.email)
+ | summarize by
+ user_email
+ , client_ip_address
+ , user_name
+ , user_uuid
+ , action
+ , vault_uuid
+ , item_uuid
+ , location_country
+ , location_region
+ , location_city
+ | sort by
+ user_email asc
+ , client_ip_address asc
+
+ - Name: summarizeditemusages
+ DisplayName: summarized item usages
+ Description: Fetches a summarized list of user item usages for the provided month (current_month/last_month)
+ Inputs:
+ - Name: month
+ Description: Look back to the current_month or last_month.
+ Required: true
+ Settings:
+ Target: Sentinel
+ TenantId: '{{TenantId}}'
+ SubscriptionId: '{{SubscriptionId}}'
+ ResourceGroupName: '{{ResourceGroupName}}'
+ WorkspaceName: '{{WorkspaceName}}'
+ Template: |-
+ let current_month = -0;
+ let last_month = -1;
+ let itemusages_actions = dynamic(["enter-item-edit-mode", "export", "fill", "other", "reveal", "secure-copy", "select-sso-provider", "server-create", "server-fetch", "server-update", "share"]);
+ OnePasswordEventLogs_CL
+ // time filter
+ | where TimeGenerated between (startofmonth(now(), {{month}}) .. endofmonth(now(), {{month}}))
+ // temporary addition of itemusages due to logging bug
+ | where log_source == "itemusages" and action in~ (itemusages_actions)
+ // client variables
+ | extend
+ client_app_name = tostring(client.app_name)
+ , client_platform_name = tostring(client.platform_name)
+ , client_os_name = tostring(client.os_name)
+ , client_ip_address = tostring(client.ip_address)
+ // location variables
+ | extend
+ location_country = tostring(location.country)
+ , location_region = tostring(location.region)
+ , location_city = tostring(location.city)
+ // user variables
+ | extend
+ user_uuid = tostring(user.uuid)
+ , user_name = tostring(user.name)
+ , user_email = tostring(user.email)
+ | summarize by
+ user_email
+ , client_ip_address
+ , user_name
+ , user_uuid
+ , action
+ , vault_uuid
+ , item_uuid
+ , location_country
+ , location_region
+ , location_city
+ | sort by
+ user_email asc
+ , client_ip_address asc
+
+# -----------------------------------------------------------------------------------------------------------------------------
+# extra functionality - ()
+# TODO:
+# - SessionCollection
+# - UserCollection
+# - ClientCollection
+# - LocationCollection
+# -----------------------------------------------------------------------------------------------------------------------------
+
+ - Name: SessionCollection
+ DisplayName: Session information for session_uuid
+ Description: Fetches all information related to a specific session_uuid
+ Inputs:
+ - Name: day
+ Description: Look back to the specified days (1, 3, 7, 30, or more days).
+ Required: true
+ - Name: session_uuid
+ Description: Session UUID
+ Required: true
+ Settings:
+ Target: Sentinel
+ TenantId: '{{TenantId}}'
+ SubscriptionId: '{{SubscriptionId}}'
+ ResourceGroupName: '{{ResourceGroupName}}'
+ WorkspaceName: '{{WorkspaceName}}'
+ Template: |-
+ let signinattempts_categories = dynamic(["success", "credentials_failed", "mfa_failed", "sso_failed", "modern_version_failed", "firewall_failed", "firewall_reported_success"]);
+ let auditevents_actions = dynamic(["activate","addgsso","begin","beginr","cancel","cancelr","changeks","changeks","changela","changemp","changenm","changesk","chngasso","chngdsso","chngpsso","complete","completr","convert","create","dealldev","delete","delgsso","delshare","deolddev","detchild","disblduo","disblmfa","disblsso","dlgsess","dvrfydmn","enblduo","enblmfa","enblsso","expire","export","grant","hide","join","launchi","leave","musercom","muserdec","patch","propose","provsn","prsndall","purge","rdmchild","reactive","reauth","replace","replace","resendts","revoke","role","sdvcsso","sendpkg","sendts","share","ssotknv","suspend","tdvcsso","trename","trevoke","trvlaway","trvlback","tverify","uisas","unhide","unknown","unlink","updatduo","update","updatea","updatfw","updatmfa","upguest","uvrfydmn","verify","view","vrfydmn"]);
+ let itemusages_actions = dynamic(["enter-item-edit-mode", "export", "fill", "other", "reveal", "secure-copy", "select-sso-provider", "server-create", "server-fetch", "server-update", "share"]);
+ OnePasswordEventLogs_CL
+ | where TimeGenerated >= ago({{day}}d)
+ | where user.email !endswith "1passwordserviceaccounts.com"
+ // session variables and filter
+ | extend
+ session_uuid = case(
+ isempty(session), session_uuid
+ , tostring(session.uuid)
+ )
+ | where isnotempty(session_uuid)
+ | where session_uuid =~ "{{session_uuid}}"
+ // actor variables
+ | extend
+ actor_uuid = case(
+ log_source == "signinattempts" or category in (signinattempts_categories), tostring(target_user.uuid)
+ , log_source == "auditevents" or action in (auditevents_actions), tostring(actor_details.uuid)
+ , log_source == "itemusages" or action in (itemusages_actions), tostring(user.uuid)
+ , "Unknown actor_uuid"
+ )
+ , actor_name = case(
+ log_source == "signinattempts" or category in (signinattempts_categories), tostring(target_user.name)
+ , log_source == "auditevents" or action in (auditevents_actions), tostring(actor_details.name)
+ , log_source == "itemusages" or action in (itemusages_actions), tostring(user.name)
+ , "Unknown actor_name"
+ )
+ , actor_email = case(
+ log_source == "signinattempts" or category in (signinattempts_categories), tostring(target_user.email)
+ , log_source == "auditevents" or action in (auditevents_actions), tostring(actor_details.email)
+ , log_source == "itemusages" or action in (itemusages_actions), tostring(user.email)
+ , "Unknown actor_email"
+ )
+ // location variables
+ | extend
+ location_country = tostring(location.country)
+ , location_region = tostring(location.region)
+ , location_city = tostring(location.city)
+ // client variables
+ | extend
+ client_app_name = tostring(client.app_name)
+ , client_ip_address = tostring(client.ip_address)
+ , client_os_name = tostring(client.os_name)
+ , client_platform_name = tostring(client.platform_name)
+ | project-away session, actor_details, target_user, user, location, client, country, object_uuid, aux_uuid
+ | project-reorder
+ timestamp
+ , session_uuid
+ , log_source
+ , category
+ , action_type
+ , action
+ , object_type
+ , actor_email
+ , actor_uuid
+ , actor_name
+ , location_country
+ , location_region
+ , location_city
+ , client_ip_address
+ , client_os_name
+ , client_platform_name
+ , client_app_name
+ , TimeGenerated
+ , Type
+ , TenantId
+ | sort by timestamp asc
diff --git a/Plugins/Community Based Plugins/1Password/KQL/sampledata/1password.csv b/Plugins/Community Based Plugins/1Password/KQL/sampledata/1password.csv
new file mode 100644
index 00000000..42e72379
--- /dev/null
+++ b/Plugins/Community Based Plugins/1Password/KQL/sampledata/1password.csv
@@ -0,0 +1,55 @@
+SourceSystem,"TimeGenerated [UTC]","uuid_s","session_uuid","timestamp [UTC]",country,category,"action_type",details,"target_user",client,location,"actor_uuid","actor_details",action,"object_type","object_uuid","object_details","aux_id","aux_uuid","aux_details","aux_info",session,"used_version","vault_uuid","item_uuid",user,"log_source",TenantId,Type,"_ResourceId"
+,"4/18/2025, 12:55:02.901 PM",PRP3TX4DCZAIZCZ43XEXTAGRY4,3QW5AMJNGVF3FJTUQFVKKKR7MM,"4/18/2025, 12:54:18.794 PM",CA,success,"credentials_ok",,"{""uuid"":""XMBOV3AOFFFLNPHI7HKN2EI2XY"",""name"":""Clarence Wong"",""email"":""axel.rose@agilebits.com""}","{""app_name"":""1Password Browser Extension"",""app_version"":""81070027"",""platform_name"":""Chrome extension"",""platform_version"":""135.0.7049.96"",""os_name"":""MacOSX"",""os_version"":""15.3.2"",""ip_address"":""2607:fea8:52a2:e300:dd0:2824:3c99:7d69""}","{""country"":""CA"",""region"":""Ontario"",""city"":""Markham"",""latitude"":43.8455,""longitude"":-79.2635}",,,,,,,,,,,,,,,,signinattempts,"8ffcf5f0-cf26-483b-8d8a-b7b1544bb815","OnePasswordEventLogs_CL",
+,"4/18/2025, 12:55:02.901 PM",ICWRCZYO2BHHJGCNTTGKLVDOVE,GLXUBQ6I3JDWRPWW35PVOG26D4,"4/18/2025, 12:54:36.072 PM",CA,success,"credentials_ok",,"{""uuid"":""XMBOV3AOFFFLNPHI7HKN2EI2XY"",""name"":""Clarence Wong"",""email"":""axel.rose@agilebits.com""}","{""app_name"":""1Password Browser Extension"",""app_version"":""81070027"",""platform_name"":""Chrome extension"",""platform_version"":""135.0.7049.96"",""os_name"":""MacOSX"",""os_version"":""15.3.2"",""ip_address"":""2607:fea8:52a2:e300:dd0:2824:3c99:7d69""}","{""country"":""CA"",""region"":""Ontario"",""city"":""Markham"",""latitude"":43.8455,""longitude"":-79.2635}",,,,,,,,,,,,,,,,signinattempts,"8ffcf5f0-cf26-483b-8d8a-b7b1544bb815","OnePasswordEventLogs_CL",
+,"4/18/2025, 12:40:19.703 PM",2MZ5LG7B3AWO3KIDYRP4Z3RGW6,,"4/4/2025, 4:45:16.121 PM",,,,,,,"{""country"":""Canada"",""region"":""British Columbia"",""city"":""Kelowna"",""latitude"":49.8956,""longitude"":-119.4897}",IBW4GP5NZFFBRK6IIS5SG3K4CI,"{""uuid"":""IBW4GP5NZFFBRK6IIS5SG3K4CI"",""name"":""John Doe"",""email"":""john.doe@agilebits.com""}",create,device,l7xfhzeajqz4p3sblvnjp6s4ky,,5547344,IBW4GP5NZFFBRK6IIS5SG3K4CI,"{""uuid"":""IBW4GP5NZFFBRK6IIS5SG3K4CI"",""name"":""John Doe"",""email"":""john.doe@agilebits.com""}",,"{""uuid"":""UTLGFSJ3BFEXBJ6KS7I6V2M2FU"",""login_time"":""2025-04-04T16:45:16.1044527Z"",""device_uuid"":""l7xfhzeajqz4p3sblvnjp6s4ky"",""ip"":""207.6.250.192""}",,,,,auditevents,"8ffcf5f0-cf26-483b-8d8a-b7b1544bb815","OnePasswordEventLogs_CL",
+,"4/18/2025, 12:40:19.703 PM",WL7LRUMV4CLRR6A745JOKFTLEI,,"4/4/2025, 4:48:04.321 PM",,,,,,,"{""country"":""Canada"",""region"":""British Columbia"",""city"":""Kelowna"",""latitude"":49.8956,""longitude"":-119.4897}",IBW4GP5NZFFBRK6IIS5SG3K4CI,"{""uuid"":""IBW4GP5NZFFBRK6IIS5SG3K4CI"",""name"":""John Doe"",""email"":""john.doe@agilebits.com""}",view,report,,,,,,"activity-log","{""uuid"":""UTLGFSJ3BFEXBJ6KS7I6V2M2FU"",""login_time"":""2025-04-04T16:45:16.1044527Z"",""device_uuid"":""l7xfhzeajqz4p3sblvnjp6s4ky"",""ip"":""207.6.250.192""}",,,,,auditevents,"8ffcf5f0-cf26-483b-8d8a-b7b1544bb815","OnePasswordEventLogs_CL",
+,"4/18/2025, 12:40:19.703 PM",RTNVIBWEKYFI26TER3KLD7JVRV,,"4/4/2025, 4:49:05.793 PM",,,,,,,"{""country"":""Canada"",""region"":""British Columbia"",""city"":""Kelowna"",""latitude"":49.8956,""longitude"":-119.4897}",IBW4GP5NZFFBRK6IIS5SG3K4CI,"{""uuid"":""IBW4GP5NZFFBRK6IIS5SG3K4CI"",""name"":""John Doe"",""email"":""john.doe@agilebits.com""}",create,sa,SU3NS4P6KJDUTI5QYOOC5Y24OI,,,,,D,"{""uuid"":""UTLGFSJ3BFEXBJ6KS7I6V2M2FU"",""login_time"":""2025-04-04T16:45:16.1044527Z"",""device_uuid"":""l7xfhzeajqz4p3sblvnjp6s4ky"",""ip"":""207.6.250.192""}",,,,,auditevents,"8ffcf5f0-cf26-483b-8d8a-b7b1544bb815","OnePasswordEventLogs_CL",
+,"4/18/2025, 12:40:19.703 PM",PLO3WHHNFLTZQT6WHYV3G7J2EB,,"4/4/2025, 4:49:05.804 PM",,,,,,,"{""country"":""Canada"",""region"":""British Columbia"",""city"":""Kelowna"",""latitude"":49.8956,""longitude"":-119.4897}",IBW4GP5NZFFBRK6IIS5SG3K4CI,"{""uuid"":""IBW4GP5NZFFBRK6IIS5SG3K4CI"",""name"":""John Doe"",""email"":""john.doe@agilebits.com""}",create,satoken,SU3NS4P6KJDUTI5QYOOC5Y24OI,,,,,"sl-microsoft-temp","{""uuid"":""UTLGFSJ3BFEXBJ6KS7I6V2M2FU"",""login_time"":""2025-04-04T16:45:16.1044527Z"",""device_uuid"":""l7xfhzeajqz4p3sblvnjp6s4ky"",""ip"":""207.6.250.192""}",,,,,auditevents,"8ffcf5f0-cf26-483b-8d8a-b7b1544bb815","OnePasswordEventLogs_CL",
+,"4/18/2025, 12:40:19.703 PM",BUFF5HHXI5NHZLHPSMHEJY5XMP,,"4/9/2025, 5:13:56.951 PM",,,,,,,"{""country"":""Canada"",""region"":""British Columbia"",""city"":""Kelowna"",""latitude"":49.8956,""longitude"":-119.4897}",IBW4GP5NZFFBRK6IIS5SG3K4CI,"{""uuid"":""IBW4GP5NZFFBRK6IIS5SG3K4CI"",""name"":""John Doe"",""email"":""john.doe@agilebits.com""}",dlgsess,dlgdsess,JVPUAZQDWFBGDJRVJZDH2TDSHA,,,LSFGKSMJNFEUTKCX27PFS2OAVE,,,"{""uuid"":""LSFGKSMJNFEUTKCX27PFS2OAVE"",""login_time"":""2025-04-09T17:13:50.9925067Z"",""device_uuid"":""l7xfhzeajqz4p3sblvnjp6s4ky"",""ip"":""207.6.250.192""}",,,,,auditevents,"8ffcf5f0-cf26-483b-8d8a-b7b1544bb815","OnePasswordEventLogs_CL",
+,"4/18/2025, 12:40:19.703 PM",M6EV3JS5HID2RJH47KW2BWBNDH,,"4/9/2025, 5:13:56.963 PM",,,,,,,"{""country"":""Canada"",""region"":""British Columbia"",""city"":""Kelowna"",""latitude"":49.8956,""longitude"":-119.4897}",IBW4GP5NZFFBRK6IIS5SG3K4CI,"{""uuid"":""IBW4GP5NZFFBRK6IIS5SG3K4CI"",""name"":""John Doe"",""email"":""john.doe@agilebits.com""}",create,device,bphjwuec4duaoc6jiiipxebzbi,,5547344,IBW4GP5NZFFBRK6IIS5SG3K4CI,"{""uuid"":""IBW4GP5NZFFBRK6IIS5SG3K4CI"",""name"":""John Doe"",""email"":""john.doe@agilebits.com""}",,"{""uuid"":""LSFGKSMJNFEUTKCX27PFS2OAVE"",""login_time"":""2025-04-09T17:13:50.9925067Z"",""device_uuid"":""l7xfhzeajqz4p3sblvnjp6s4ky"",""ip"":""207.6.250.192""}",,,,,auditevents,"8ffcf5f0-cf26-483b-8d8a-b7b1544bb815","OnePasswordEventLogs_CL",
+,"4/18/2025, 12:40:19.703 PM",2GPZLX3RIM5DCBH6ZRTVKLIDRL,,"4/9/2025, 5:15:26.888 PM",,,,,,,"{""country"":""Canada"",""region"":""British Columbia"",""city"":""Kelowna"",""latitude"":49.8956,""longitude"":-119.4897}",IBW4GP5NZFFBRK6IIS5SG3K4CI,"{""uuid"":""IBW4GP5NZFFBRK6IIS5SG3K4CI"",""name"":""John Doe"",""email"":""john.doe@agilebits.com""}",create,vault,dzkriehzyenlesox7gaaxv7pma,,,,,,"{""uuid"":""LSFGKSMJNFEUTKCX27PFS2OAVE"",""login_time"":""2025-04-09T17:13:50.9925067Z"",""device_uuid"":""l7xfhzeajqz4p3sblvnjp6s4ky"",""ip"":""207.6.250.192""}",,,,,auditevents,"8ffcf5f0-cf26-483b-8d8a-b7b1544bb815","OnePasswordEventLogs_CL",
+,"4/18/2025, 12:40:19.703 PM",AHDJ74VRU4AFU6NJ54G4AUJR2Z,,"4/9/2025, 5:15:26.949 PM",,,,,,,"{""country"":""Canada"",""region"":""British Columbia"",""city"":""Kelowna"",""latitude"":49.8956,""longitude"":-119.4897}",IBW4GP5NZFFBRK6IIS5SG3K4CI,"{""uuid"":""IBW4GP5NZFFBRK6IIS5SG3K4CI"",""name"":""John Doe"",""email"":""john.doe@agilebits.com""}",grant,uva,dzkriehzyenlesox7gaaxv7pma,,5547344,IBW4GP5NZFFBRK6IIS5SG3K4CI,"{""uuid"":""IBW4GP5NZFFBRK6IIS5SG3K4CI"",""name"":""John Doe"",""email"":""john.doe@agilebits.com""}",2147483646,"{""uuid"":""LSFGKSMJNFEUTKCX27PFS2OAVE"",""login_time"":""2025-04-09T17:13:50.9925067Z"",""device_uuid"":""l7xfhzeajqz4p3sblvnjp6s4ky"",""ip"":""207.6.250.192""}",,,,,auditevents,"8ffcf5f0-cf26-483b-8d8a-b7b1544bb815","OnePasswordEventLogs_CL",
+,"4/18/2025, 12:40:19.703 PM",VQMFRXB7W6MLMW3P2Z6ADLLXUD,,"4/9/2025, 5:15:26.962 PM",,,,,,,"{""country"":""Canada"",""region"":""British Columbia"",""city"":""Kelowna"",""latitude"":49.8956,""longitude"":-119.4897}",IBW4GP5NZFFBRK6IIS5SG3K4CI,"{""uuid"":""IBW4GP5NZFFBRK6IIS5SG3K4CI"",""name"":""John Doe"",""email"":""john.doe@agilebits.com""}",grant,gva,dzkriehzyenlesox7gaaxv7pma,,22527804,rghqswd6b35ud5jupjjodpns44,,1,"{""uuid"":""LSFGKSMJNFEUTKCX27PFS2OAVE"",""login_time"":""2025-04-09T17:13:50.9925067Z"",""device_uuid"":""l7xfhzeajqz4p3sblvnjp6s4ky"",""ip"":""207.6.250.192""}",,,,,auditevents,"8ffcf5f0-cf26-483b-8d8a-b7b1544bb815","OnePasswordEventLogs_CL",
+,"4/18/2025, 12:40:19.703 PM",72WL6YAEYNXDXICB2YJ6RQ6EYC,,"4/9/2025, 5:15:26.973 PM",,,,,,,"{""country"":""Canada"",""region"":""British Columbia"",""city"":""Kelowna"",""latitude"":49.8956,""longitude"":-119.4897}",IBW4GP5NZFFBRK6IIS5SG3K4CI,"{""uuid"":""IBW4GP5NZFFBRK6IIS5SG3K4CI"",""name"":""John Doe"",""email"":""john.doe@agilebits.com""}",grant,gva,dzkriehzyenlesox7gaaxv7pma,,22527805,btxffna52mw3aqpchktgefx6zi,,2,"{""uuid"":""LSFGKSMJNFEUTKCX27PFS2OAVE"",""login_time"":""2025-04-09T17:13:50.9925067Z"",""device_uuid"":""l7xfhzeajqz4p3sblvnjp6s4ky"",""ip"":""207.6.250.192""}",,,,,auditevents,"8ffcf5f0-cf26-483b-8d8a-b7b1544bb815","OnePasswordEventLogs_CL",
+,"4/18/2025, 12:40:19.703 PM",WKNUB46HLWWF7RXFFEZY35C36B,,"4/9/2025, 5:15:26.985 PM",,,,,,,"{""country"":""Canada"",""region"":""British Columbia"",""city"":""Kelowna"",""latitude"":49.8956,""longitude"":-119.4897}",IBW4GP5NZFFBRK6IIS5SG3K4CI,"{""uuid"":""IBW4GP5NZFFBRK6IIS5SG3K4CI"",""name"":""John Doe"",""email"":""john.doe@agilebits.com""}",grant,gva,dzkriehzyenlesox7gaaxv7pma,,22527806,7ol5ey5xurrhpjoo7gymu4pp7a,,2,"{""uuid"":""LSFGKSMJNFEUTKCX27PFS2OAVE"",""login_time"":""2025-04-09T17:13:50.9925067Z"",""device_uuid"":""l7xfhzeajqz4p3sblvnjp6s4ky"",""ip"":""207.6.250.192""}",,,,,auditevents,"8ffcf5f0-cf26-483b-8d8a-b7b1544bb815","OnePasswordEventLogs_CL",
+,"4/18/2025, 12:40:19.703 PM",YBXGY3YVBIP6TDPFVT7L7BKAH7,,"4/9/2025, 5:15:32.351 PM",,,,,,,"{""country"":""Canada"",""region"":""British Columbia"",""city"":""Kelowna"",""latitude"":49.8956,""longitude"":-119.4897}",IBW4GP5NZFFBRK6IIS5SG3K4CI,"{""uuid"":""IBW4GP5NZFFBRK6IIS5SG3K4CI"",""name"":""John Doe"",""email"":""john.doe@agilebits.com""}",dlgsess,dlgdsess,LMVI3756QBBVLGMGF6TBGO3NUY,,,LSFGKSMJNFEUTKCX27PFS2OAVE,,,"{""uuid"":""LSFGKSMJNFEUTKCX27PFS2OAVE"",""login_time"":""2025-04-09T17:13:50.9925067Z"",""device_uuid"":""l7xfhzeajqz4p3sblvnjp6s4ky"",""ip"":""207.6.250.192""}",,,,,auditevents,"8ffcf5f0-cf26-483b-8d8a-b7b1544bb815","OnePasswordEventLogs_CL",
+,"4/18/2025, 12:40:19.703 PM",UU76HEVBO2EO7YNIZINGOKXY5G,,"4/9/2025, 5:15:43.001 PM",,,,,,,"{""country"":""Canada"",""region"":""British Columbia"",""city"":""Kelowna"",""latitude"":49.8956,""longitude"":-119.4897}",IBW4GP5NZFFBRK6IIS5SG3K4CI,"{""uuid"":""IBW4GP5NZFFBRK6IIS5SG3K4CI"",""name"":""John Doe"",""email"":""john.doe@agilebits.com""}",patch,items,dzkriehzyenlesox7gaaxv7pma,,2,,,"1,0,0,0,0","{""uuid"":""LSFGKSMJNFEUTKCX27PFS2OAVE"",""login_time"":""2025-04-09T17:13:50.9925067Z"",""device_uuid"":""l7xfhzeajqz4p3sblvnjp6s4ky"",""ip"":""207.6.250.192""}",,,,,auditevents,"8ffcf5f0-cf26-483b-8d8a-b7b1544bb815","OnePasswordEventLogs_CL",
+,"4/18/2025, 12:40:19.703 PM",CAEFEKA7TFXGGWUKP3R7XNITJZ,,"4/9/2025, 5:19:13.251 PM",,,,,,,"{""country"":""Canada"",""region"":""British Columbia"",""city"":""Kelowna"",""latitude"":49.8956,""longitude"":-119.4897}",IBW4GP5NZFFBRK6IIS5SG3K4CI,"{""uuid"":""IBW4GP5NZFFBRK6IIS5SG3K4CI"",""name"":""John Doe"",""email"":""john.doe@agilebits.com""}",share,item,yyznfshprnktijvsjhouufqx5i,,18311600,dzkriehzyenlesox7gaaxv7pma,,4hutefbdsrnzz75d5yfvi4yqyu,"{""uuid"":""LMVI3756QBBVLGMGF6TBGO3NUY"",""login_time"":""2025-04-09T17:13:50.9925067Z"",""device_uuid"":""bphjwuec4duaoc6jiiipxebzbi"",""ip"":""207.6.250.192""}",,,,,auditevents,"8ffcf5f0-cf26-483b-8d8a-b7b1544bb815","OnePasswordEventLogs_CL",
+,"4/18/2025, 12:40:19.703 PM",S6J3HGO6OX6NDID6F435MENUAD,,"4/10/2025, 7:08:48.817 PM",,,,,,,"{""country"":""Canada"",""region"":""Ontario"",""city"":""Markham"",""latitude"":43.8455,""longitude"":-79.2635}",XMBOV3AOFFFLNPHI7HKN2EI2XY,"{""uuid"":""XMBOV3AOFFFLNPHI7HKN2EI2XY"",""name"":""Clarence Wong"",""email"":""axel.rose@agilebits.com""}",create,device,xw27aj7ayveb6ecuge3lxlxrw4,,5542660,XMBOV3AOFFFLNPHI7HKN2EI2XY,"{""uuid"":""XMBOV3AOFFFLNPHI7HKN2EI2XY"",""name"":""Clarence Wong"",""email"":""axel.rose@agilebits.com""}",,"{""uuid"":""C7V57KMF2BDMZFCFLEK4ND6SNY"",""login_time"":""2025-04-10T19:08:48.7986500Z"",""device_uuid"":""xw27aj7ayveb6ecuge3lxlxrw4"",""ip"":""2607:fea8:52a2:e300:ec42:517a:6903:6487""}",,,,,auditevents,"8ffcf5f0-cf26-483b-8d8a-b7b1544bb815","OnePasswordEventLogs_CL",
+,"4/18/2025, 12:40:19.703 PM",CMMLUZD4K6VACQWXW3IHS7CRM4,,"4/18/2025, 11:44:43.305 AM",,,,,,,"{""country"":""The Netherlands"",""region"":""Utrecht"",""city"":""Amersfoort"",""latitude"":52.1592,""longitude"":5.3849}",PVXZMHITIFHG3FNMW4WERJEOCA,"{""uuid"":""PVXZMHITIFHG3FNMW4WERJEOCA"",""name"":""Peter Pan"",""email"":""peter.pan@hotmail.com""}",create,device,hsybmdp2dth3v5w6sxfz3fdrvu,,5547458,PVXZMHITIFHG3FNMW4WERJEOCA,"{""uuid"":""PVXZMHITIFHG3FNMW4WERJEOCA"",""name"":""Peter Pan"",""email"":""peter.pan@hotmail.com""}",,"{""uuid"":""5AVYJMTULJAQRDYCXJAK7W2H5Y"",""login_time"":""2025-04-18T11:44:43.2669887Z"",""device_uuid"":""hsybmdp2dth3v5w6sxfz3fdrvu"",""ip"":""2a02:a44f:4345:0:801b:87ab:a162:a10f""}",,,,,auditevents,"8ffcf5f0-cf26-483b-8d8a-b7b1544bb815","OnePasswordEventLogs_CL",
+,"4/18/2025, 12:40:19.703 PM",5A5OKTJAMI3R3CVY536YAA6R6E,,"4/18/2025, 11:46:03.624 AM",,,,,,,"{""country"":""The Netherlands"",""region"":""Utrecht"",""city"":""Amersfoort"",""latitude"":52.1592,""longitude"":5.3849}",PVXZMHITIFHG3FNMW4WERJEOCA,"{""uuid"":""PVXZMHITIFHG3FNMW4WERJEOCA"",""name"":""Peter Pan"",""email"":""peter.pan@hotmail.com""}",suspend,user,CPX3K36BWJA4NKLQP3KADNFXFU,"{""uuid"":""CPX3K36BWJA4NKLQP3KADNFXFU"",""name"":""Jack Sparrow"",""email"":""info@slxndrs.com""}",,,,,"{""uuid"":""5AVYJMTULJAQRDYCXJAK7W2H5Y"",""login_time"":""2025-04-18T11:44:43.2669887Z"",""device_uuid"":""hsybmdp2dth3v5w6sxfz3fdrvu"",""ip"":""2a02:a44f:4345:0:801b:87ab:a162:a10f""}",,,,,auditevents,"8ffcf5f0-cf26-483b-8d8a-b7b1544bb815","OnePasswordEventLogs_CL",
+,"4/18/2025, 12:40:19.703 PM",5CLDHPJPHX4RKAHPBFBRRM2GXD,,"4/18/2025, 11:46:04.043 AM",,,,,,,"{""country"":""The Netherlands"",""region"":""Utrecht"",""city"":""Amersfoort"",""latitude"":52.1592,""longitude"":5.3849}",PVXZMHITIFHG3FNMW4WERJEOCA,"{""uuid"":""PVXZMHITIFHG3FNMW4WERJEOCA"",""name"":""Peter Pan"",""email"":""peter.pan@hotmail.com""}",delete,vault,v6stujbzdep5c7wjxvy7bv7wcm,,,,,,"{""uuid"":""5AVYJMTULJAQRDYCXJAK7W2H5Y"",""login_time"":""2025-04-18T11:44:43.2669887Z"",""device_uuid"":""hsybmdp2dth3v5w6sxfz3fdrvu"",""ip"":""2a02:a44f:4345:0:801b:87ab:a162:a10f""}",,,,,auditevents,"8ffcf5f0-cf26-483b-8d8a-b7b1544bb815","OnePasswordEventLogs_CL",
+,"4/18/2025, 12:40:19.703 PM",ZRGO4CJHU7CX4GWA6XPXKPE7XP,,"4/18/2025, 11:46:04.052 AM",,,,,,,"{""country"":""The Netherlands"",""region"":""Utrecht"",""city"":""Amersfoort"",""latitude"":52.1592,""longitude"":5.3849}",PVXZMHITIFHG3FNMW4WERJEOCA,"{""uuid"":""PVXZMHITIFHG3FNMW4WERJEOCA"",""name"":""Peter Pan"",""email"":""peter.pan@hotmail.com""}",delete,user,CPX3K36BWJA4NKLQP3KADNFXFU,"{""uuid"":""CPX3K36BWJA4NKLQP3KADNFXFU"",""name"":""Jack Sparrow"",""email"":""info@slxndrs.com""}",,,,,"{""uuid"":""5AVYJMTULJAQRDYCXJAK7W2H5Y"",""login_time"":""2025-04-18T11:44:43.2669887Z"",""device_uuid"":""hsybmdp2dth3v5w6sxfz3fdrvu"",""ip"":""2a02:a44f:4345:0:801b:87ab:a162:a10f""}",,,,,auditevents,"8ffcf5f0-cf26-483b-8d8a-b7b1544bb815","OnePasswordEventLogs_CL",
+,"4/18/2025, 12:40:19.703 PM",46QURC4PKKRI4MJPCYVYYSNTSF,,"4/18/2025, 11:46:28.557 AM",,,,,,,"{""country"":""The Netherlands"",""region"":""Utrecht"",""city"":""Amersfoort"",""latitude"":52.1592,""longitude"":5.3849}",PVXZMHITIFHG3FNMW4WERJEOCA,"{""uuid"":""PVXZMHITIFHG3FNMW4WERJEOCA"",""name"":""Peter Pan"",""email"":""peter.pan@hotmail.com""}",create,invite,GMDEHR4LEJAQRHC2N4H2COIHMU,,,,,"info@slxndrs.com","{""uuid"":""5AVYJMTULJAQRDYCXJAK7W2H5Y"",""login_time"":""2025-04-18T11:44:43.2669887Z"",""device_uuid"":""hsybmdp2dth3v5w6sxfz3fdrvu"",""ip"":""2a02:a44f:4345:0:801b:87ab:a162:a10f""}",,,,,auditevents,"8ffcf5f0-cf26-483b-8d8a-b7b1544bb815","OnePasswordEventLogs_CL",
+,"4/18/2025, 12:40:19.703 PM",GED74PQMIO7JTH65FNBXSP4VWO,,"4/18/2025, 11:47:07.830 AM",,,,,,,"{""country"":""The Netherlands"",""region"":""Utrecht"",""city"":""Amersfoort"",""latitude"":52.1592,""longitude"":5.3849}",PVXZMHITIFHG3FNMW4WERJEOCA,"{""uuid"":""PVXZMHITIFHG3FNMW4WERJEOCA"",""name"":""Peter Pan"",""email"":""peter.pan@hotmail.com""}",trevoke,satoken,B4DGXVKQGNHW3HAW2NRSEJCWOU,,,,,"Development Thijs","{""uuid"":""5AVYJMTULJAQRDYCXJAK7W2H5Y"",""login_time"":""2025-04-18T11:44:43.2669887Z"",""device_uuid"":""hsybmdp2dth3v5w6sxfz3fdrvu"",""ip"":""2a02:a44f:4345:0:801b:87ab:a162:a10f""}",,,,,auditevents,"8ffcf5f0-cf26-483b-8d8a-b7b1544bb815","OnePasswordEventLogs_CL",
+,"4/18/2025, 12:40:19.703 PM",AKSMVJYVYBJHTV2VRCAY7AZ2PL,,"4/18/2025, 11:47:11.940 AM",,,,,,,"{""country"":""The Netherlands"",""region"":""Utrecht"",""city"":""Amersfoort"",""latitude"":52.1592,""longitude"":5.3849}",PVXZMHITIFHG3FNMW4WERJEOCA,"{""uuid"":""PVXZMHITIFHG3FNMW4WERJEOCA"",""name"":""Peter Pan"",""email"":""peter.pan@hotmail.com""}",trevoke,satoken,B4DGXVKQGNHW3HAW2NRSEJCWOU,,,,,"Production from UI","{""uuid"":""5AVYJMTULJAQRDYCXJAK7W2H5Y"",""login_time"":""2025-04-18T11:44:43.2669887Z"",""device_uuid"":""hsybmdp2dth3v5w6sxfz3fdrvu"",""ip"":""2a02:a44f:4345:0:801b:87ab:a162:a10f""}",,,,,auditevents,"8ffcf5f0-cf26-483b-8d8a-b7b1544bb815","OnePasswordEventLogs_CL",
+,"4/18/2025, 12:40:19.703 PM",VI64BDVVWFZR27WWBYMF62Y2V2,,"4/18/2025, 11:47:28.194 AM",,,,,,,"{""country"":""The Netherlands"",""region"":""Utrecht"",""city"":""Amersfoort"",""latitude"":52.1592,""longitude"":5.3849}",PVXZMHITIFHG3FNMW4WERJEOCA,"{""uuid"":""PVXZMHITIFHG3FNMW4WERJEOCA"",""name"":""Peter Pan"",""email"":""peter.pan@hotmail.com""}",create,satoken,B4DGXVKQGNHW3HAW2NRSEJCWOU,,,,,Copilot,"{""uuid"":""5AVYJMTULJAQRDYCXJAK7W2H5Y"",""login_time"":""2025-04-18T11:44:43.2669887Z"",""device_uuid"":""hsybmdp2dth3v5w6sxfz3fdrvu"",""ip"":""2a02:a44f:4345:0:801b:87ab:a162:a10f""}",,,,,auditevents,"8ffcf5f0-cf26-483b-8d8a-b7b1544bb815","OnePasswordEventLogs_CL",
+,"4/18/2025, 12:40:19.703 PM",DKDXK65DRATULJAC2BLZBYKDEZ,,"4/18/2025, 11:58:48.682 AM",,,,,,,"{""country"":""The Netherlands"",""region"":""Utrecht"",""city"":""Amersfoort"",""latitude"":52.1592,""longitude"":5.3849}",PVXZMHITIFHG3FNMW4WERJEOCA,"{""uuid"":""PVXZMHITIFHG3FNMW4WERJEOCA"",""name"":""Peter Pan"",""email"":""peter.pan@hotmail.com""}",view,report,,,,,,"activity-log","{""uuid"":""G3BMS3U6XJDP7JZ34ND7HKDM4Y"",""login_time"":""2025-04-18T11:57:23.3069882Z"",""device_uuid"":""hsybmdp2dth3v5w6sxfz3fdrvu"",""ip"":""2a02:a44f:4345:0:801b:87ab:a162:a10f""}",,,,,auditevents,"8ffcf5f0-cf26-483b-8d8a-b7b1544bb815","OnePasswordEventLogs_CL",
+,"4/18/2025, 12:40:19.703 PM",6OB56ACRRPWVCAVWLTSWHWFXWS,,"4/18/2025, 11:59:41.223 AM",,,,,,,"{""country"":""The Netherlands"",""region"":""Utrecht"",""city"":""Amersfoort"",""latitude"":52.1592,""longitude"":5.3849}",PVXZMHITIFHG3FNMW4WERJEOCA,"{""uuid"":""PVXZMHITIFHG3FNMW4WERJEOCA"",""name"":""Peter Pan"",""email"":""peter.pan@hotmail.com""}",reactive,user,OBVNU7G3JNED5PYYGVQY6FM65Q,"{""uuid"":""OBVNU7G3JNED5PYYGVQY6FM65Q"",""name"":""Jack Sparrow (test)"",""email"":""jack.sparrow@outlook.com""}",,,,,"{""uuid"":""G3BMS3U6XJDP7JZ34ND7HKDM4Y"",""login_time"":""2025-04-18T11:57:23.3069882Z"",""device_uuid"":""hsybmdp2dth3v5w6sxfz3fdrvu"",""ip"":""2a02:a44f:4345:0:801b:87ab:a162:a10f""}",,,,,auditevents,"8ffcf5f0-cf26-483b-8d8a-b7b1544bb815","OnePasswordEventLogs_CL",
+,"4/18/2025, 12:40:19.703 PM",WGMHKYBUT232J7RT5PDIDDMJRN,,"4/18/2025, 12:00:30.446 PM",,,,,,,"{""country"":""The Netherlands"",""region"":""Utrecht"",""city"":""Amersfoort"",""latitude"":52.1592,""longitude"":5.3849}",PVXZMHITIFHG3FNMW4WERJEOCA,"{""uuid"":""PVXZMHITIFHG3FNMW4WERJEOCA"",""name"":""Peter Pan"",""email"":""peter.pan@hotmail.com""}",beginr,user,OBVNU7G3JNED5PYYGVQY6FM65Q,"{""uuid"":""OBVNU7G3JNED5PYYGVQY6FM65Q"",""name"":""Jack Sparrow (test)"",""email"":""jack.sparrow@outlook.com""}",,,,,"{""uuid"":""G3BMS3U6XJDP7JZ34ND7HKDM4Y"",""login_time"":""2025-04-18T11:57:23.3069882Z"",""device_uuid"":""hsybmdp2dth3v5w6sxfz3fdrvu"",""ip"":""2a02:a44f:4345:0:801b:87ab:a162:a10f""}",,,,,auditevents,"8ffcf5f0-cf26-483b-8d8a-b7b1544bb815","OnePasswordEventLogs_CL",
+,"4/18/2025, 12:40:19.703 PM",2NSLEYQQY4IBYPQSEIPAQHL2HT,,"4/18/2025, 12:02:19.428 PM",,,,,,,"{""country"":""The Netherlands"",""region"":""Utrecht"",""city"":""Amersfoort"",""latitude"":52.1592,""longitude"":5.3849}",PVXZMHITIFHG3FNMW4WERJEOCA,"{""uuid"":""PVXZMHITIFHG3FNMW4WERJEOCA"",""name"":""Peter Pan"",""email"":""peter.pan@hotmail.com""}",completr,user,OBVNU7G3JNED5PYYGVQY6FM65Q,"{""uuid"":""OBVNU7G3JNED5PYYGVQY6FM65Q"",""name"":""Jack Sparrow (test)"",""email"":""jack.sparrow@outlook.com""}",,,,,"{""uuid"":""G3BMS3U6XJDP7JZ34ND7HKDM4Y"",""login_time"":""2025-04-18T11:57:23.3069882Z"",""device_uuid"":""hsybmdp2dth3v5w6sxfz3fdrvu"",""ip"":""2a02:a44f:4345:0:801b:87ab:a162:a10f""}",,,,,auditevents,"8ffcf5f0-cf26-483b-8d8a-b7b1544bb815","OnePasswordEventLogs_CL",
+,"4/18/2025, 12:40:19.703 PM",WQSBSGEQ67YFWXPRSKHSMS63M5,,"4/18/2025, 12:03:55.138 PM",,,,,,,"{""country"":""The Netherlands"",""region"":""Utrecht"",""city"":""Utrecht"",""latitude"":52.1083,""longitude"":5.1423}",OBVNU7G3JNED5PYYGVQY6FM65Q,"{""uuid"":""OBVNU7G3JNED5PYYGVQY6FM65Q"",""name"":""Jack Sparrow (test)"",""email"":""jack.sparrow@outlook.com""}",create,device,3phoep7rew5k4n45iiwqna4cfm,,5622552,OBVNU7G3JNED5PYYGVQY6FM65Q,"{""uuid"":""OBVNU7G3JNED5PYYGVQY6FM65Q"",""name"":""Jack Sparrow (test)"",""email"":""jack.sparrow@outlook.com""}",,"{""uuid"":""MYV36CCVNZDEPNHXVCUXES2ADM"",""login_time"":""2025-04-18T12:03:55.0983200Z"",""device_uuid"":""3phoep7rew5k4n45iiwqna4cfm"",""ip"":""86.85.254.86""}",,,,,auditevents,"8ffcf5f0-cf26-483b-8d8a-b7b1544bb815","OnePasswordEventLogs_CL",
+,"4/18/2025, 12:40:19.703 PM",O3JU2XYEOPMBURMNEGYCPS246D,,"4/18/2025, 12:04:29.632 PM",,,,,,,"{""country"":""The Netherlands"",""region"":""Utrecht"",""city"":""Amersfoort"",""latitude"":52.1592,""longitude"":5.3849}",PVXZMHITIFHG3FNMW4WERJEOCA,"{""uuid"":""PVXZMHITIFHG3FNMW4WERJEOCA"",""name"":""Peter Pan"",""email"":""peter.pan@hotmail.com""}",delete,vault,xeuq3jvbbm5xtqmom37i4k2c24,,,,,,"{""uuid"":""G3BMS3U6XJDP7JZ34ND7HKDM4Y"",""login_time"":""2025-04-18T11:57:23.3069882Z"",""device_uuid"":""hsybmdp2dth3v5w6sxfz3fdrvu"",""ip"":""2a02:a44f:4345:0:801b:87ab:a162:a10f""}",,,,,auditevents,"8ffcf5f0-cf26-483b-8d8a-b7b1544bb815","OnePasswordEventLogs_CL",
+,"4/18/2025, 12:40:19.703 PM",BLZPGPHCLMHZ6QIFT5LFPJEWUD,,"4/18/2025, 12:04:50.571 PM",,,,,,,"{""country"":""The Netherlands"",""region"":""Utrecht"",""city"":""Utrecht"",""latitude"":52.1083,""longitude"":5.1423}",OBVNU7G3JNED5PYYGVQY6FM65Q,"{""uuid"":""OBVNU7G3JNED5PYYGVQY6FM65Q"",""name"":""Jack Sparrow"",""email"":""jack.sparrow@outlook.com""}",changenm,user,OBVNU7G3JNED5PYYGVQY6FM65Q,"{""uuid"":""OBVNU7G3JNED5PYYGVQY6FM65Q"",""name"":""Jack Sparrow"",""email"":""jack.sparrow@outlook.com""}",,,,,"{""uuid"":""MYV36CCVNZDEPNHXVCUXES2ADM"",""login_time"":""2025-04-18T12:03:55.0983200Z"",""device_uuid"":""3phoep7rew5k4n45iiwqna4cfm"",""ip"":""86.85.254.86""}",,,,,auditevents,"8ffcf5f0-cf26-483b-8d8a-b7b1544bb815","OnePasswordEventLogs_CL",
+,"4/18/2025, 12:40:19.703 PM",C6DCPVY4QEU4T5PLDGY2LRZV2V,,"4/18/2025, 12:05:53.754 PM",,,,,,,"{""country"":""The Netherlands"",""region"":""Utrecht"",""city"":""Amersfoort"",""latitude"":52.1592,""longitude"":5.3849}",PVXZMHITIFHG3FNMW4WERJEOCA,"{""uuid"":""PVXZMHITIFHG3FNMW4WERJEOCA"",""name"":""Peter Pan"",""email"":""peter.pan@hotmail.com""}",grant,uva,dzkriehzyenlesox7gaaxv7pma,,5622552,OBVNU7G3JNED5PYYGVQY6FM65Q,"{""uuid"":""OBVNU7G3JNED5PYYGVQY6FM65Q"",""name"":""Jack Sparrow"",""email"":""jack.sparrow@outlook.com""}",15730672,"{""uuid"":""G3BMS3U6XJDP7JZ34ND7HKDM4Y"",""login_time"":""2025-04-18T11:57:23.3069882Z"",""device_uuid"":""hsybmdp2dth3v5w6sxfz3fdrvu"",""ip"":""2a02:a44f:4345:0:801b:87ab:a162:a10f""}",,,,,auditevents,"8ffcf5f0-cf26-483b-8d8a-b7b1544bb815","OnePasswordEventLogs_CL",
+,"4/18/2025, 12:40:19.703 PM",56WAGARROVUHCRP3JX5GI3EQD6,,"4/18/2025, 12:05:53.773 PM",,,,,,,"{""country"":""The Netherlands"",""region"":""Utrecht"",""city"":""Amersfoort"",""latitude"":52.1592,""longitude"":5.3849}",PVXZMHITIFHG3FNMW4WERJEOCA,"{""uuid"":""PVXZMHITIFHG3FNMW4WERJEOCA"",""name"":""Peter Pan"",""email"":""peter.pan@hotmail.com""}",grant,uva,36pafghqo5a7lnfbmk62ynhdra,,5622552,OBVNU7G3JNED5PYYGVQY6FM65Q,"{""uuid"":""OBVNU7G3JNED5PYYGVQY6FM65Q"",""name"":""Jack Sparrow"",""email"":""jack.sparrow@outlook.com""}",15730672,"{""uuid"":""G3BMS3U6XJDP7JZ34ND7HKDM4Y"",""login_time"":""2025-04-18T11:57:23.3069882Z"",""device_uuid"":""hsybmdp2dth3v5w6sxfz3fdrvu"",""ip"":""2a02:a44f:4345:0:801b:87ab:a162:a10f""}",,,,,auditevents,"8ffcf5f0-cf26-483b-8d8a-b7b1544bb815","OnePasswordEventLogs_CL",
+,"4/18/2025, 12:40:19.703 PM",6LREFBYAOEMFHRTSKBZ6S36JER,,"4/18/2025, 12:05:53.775 PM",,,,,,,"{""country"":""The Netherlands"",""region"":""Utrecht"",""city"":""Amersfoort"",""latitude"":52.1592,""longitude"":5.3849}",PVXZMHITIFHG3FNMW4WERJEOCA,"{""uuid"":""PVXZMHITIFHG3FNMW4WERJEOCA"",""name"":""Peter Pan"",""email"":""peter.pan@hotmail.com""}",grant,uva,27laikzuyzowz6mzhk7oymb7pq,,5622552,OBVNU7G3JNED5PYYGVQY6FM65Q,"{""uuid"":""OBVNU7G3JNED5PYYGVQY6FM65Q"",""name"":""Jack Sparrow"",""email"":""jack.sparrow@outlook.com""}",15730672,"{""uuid"":""G3BMS3U6XJDP7JZ34ND7HKDM4Y"",""login_time"":""2025-04-18T11:57:23.3069882Z"",""device_uuid"":""hsybmdp2dth3v5w6sxfz3fdrvu"",""ip"":""2a02:a44f:4345:0:801b:87ab:a162:a10f""}",,,,,auditevents,"8ffcf5f0-cf26-483b-8d8a-b7b1544bb815","OnePasswordEventLogs_CL",
+,"4/18/2025, 12:40:19.703 PM",CEQZBXT6U332CPONGN7J7QP7UR,,"4/18/2025, 12:13:05.552 PM",,,,,,,"{""country"":""The Netherlands"",""region"":""Utrecht"",""city"":""Amersfoort"",""latitude"":52.1592,""longitude"":5.3849}",PVXZMHITIFHG3FNMW4WERJEOCA,"{""uuid"":""PVXZMHITIFHG3FNMW4WERJEOCA"",""name"":""Peter Pan"",""email"":""peter.pan@hotmail.com""}",view,report,,,,36pafghqo5a7lnfbmk62ynhdra,,"vault-usage-report","{""uuid"":""G3BMS3U6XJDP7JZ34ND7HKDM4Y"",""login_time"":""2025-04-18T11:57:23.3069882Z"",""device_uuid"":""hsybmdp2dth3v5w6sxfz3fdrvu"",""ip"":""2a02:a44f:4345:0:801b:87ab:a162:a10f""}",,,,,auditevents,"8ffcf5f0-cf26-483b-8d8a-b7b1544bb815","OnePasswordEventLogs_CL",
+,"4/18/2025, 12:40:19.703 PM",56KSTZ22RG2XZNGRRXV6GNYQRO,,"4/18/2025, 12:13:09.090 PM",,,,,,,"{""country"":""The Netherlands"",""region"":""Utrecht"",""city"":""Amersfoort"",""latitude"":52.1592,""longitude"":5.3849}",PVXZMHITIFHG3FNMW4WERJEOCA,"{""uuid"":""PVXZMHITIFHG3FNMW4WERJEOCA"",""name"":""Peter Pan"",""email"":""peter.pan@hotmail.com""}",export,report,,,,36pafghqo5a7lnfbmk62ynhdra,,"vault-usage-report","{""uuid"":""G3BMS3U6XJDP7JZ34ND7HKDM4Y"",""login_time"":""2025-04-18T11:57:23.3069882Z"",""device_uuid"":""hsybmdp2dth3v5w6sxfz3fdrvu"",""ip"":""2a02:a44f:4345:0:801b:87ab:a162:a10f""}",,,,,auditevents,"8ffcf5f0-cf26-483b-8d8a-b7b1544bb815","OnePasswordEventLogs_CL",
+,"4/18/2025, 12:40:19.703 PM",NH6PZIQFJLWYAH7KJLDPXMXEW7,,"4/18/2025, 12:13:20.202 PM",,,,,,,"{""country"":""The Netherlands"",""region"":""Utrecht"",""city"":""Amersfoort"",""latitude"":52.1592,""longitude"":5.3849}",PVXZMHITIFHG3FNMW4WERJEOCA,"{""uuid"":""PVXZMHITIFHG3FNMW4WERJEOCA"",""name"":""Peter Pan"",""email"":""peter.pan@hotmail.com""}",view,report,,,,OBVNU7G3JNED5PYYGVQY6FM65Q,,"user-usage-report","{""uuid"":""G3BMS3U6XJDP7JZ34ND7HKDM4Y"",""login_time"":""2025-04-18T11:57:23.3069882Z"",""device_uuid"":""hsybmdp2dth3v5w6sxfz3fdrvu"",""ip"":""2a02:a44f:4345:0:801b:87ab:a162:a10f""}",,,,,auditevents,"8ffcf5f0-cf26-483b-8d8a-b7b1544bb815","OnePasswordEventLogs_CL",
+,"4/18/2025, 12:40:19.703 PM",O26RO7O5WJFGTOZO67BUALRTZS,,"4/18/2025, 12:13:25.201 PM",,,,,,,"{""country"":""The Netherlands"",""region"":""Utrecht"",""city"":""Amersfoort"",""latitude"":52.1592,""longitude"":5.3849}",PVXZMHITIFHG3FNMW4WERJEOCA,"{""uuid"":""PVXZMHITIFHG3FNMW4WERJEOCA"",""name"":""Peter Pan"",""email"":""peter.pan@hotmail.com""}",export,report,,,,OBVNU7G3JNED5PYYGVQY6FM65Q,,"user-usage-report","{""uuid"":""G3BMS3U6XJDP7JZ34ND7HKDM4Y"",""login_time"":""2025-04-18T11:57:23.3069882Z"",""device_uuid"":""hsybmdp2dth3v5w6sxfz3fdrvu"",""ip"":""2a02:a44f:4345:0:801b:87ab:a162:a10f""}",,,,,auditevents,"8ffcf5f0-cf26-483b-8d8a-b7b1544bb815","OnePasswordEventLogs_CL",
+,"4/18/2025, 12:40:19.703 PM",QUYEBIL4PNV4KG4NILW662ATGL,,"4/18/2025, 12:14:52.447 PM",,,,,,,"{""country"":""The Netherlands"",""region"":""Utrecht"",""city"":""Amersfoort"",""latitude"":52.1592,""longitude"":5.3849}",PVXZMHITIFHG3FNMW4WERJEOCA,"{""uuid"":""PVXZMHITIFHG3FNMW4WERJEOCA"",""name"":""Peter Pan"",""email"":""peter.pan@hotmail.com""}",delete,user,ZXH73GV3PVFZZFQ23ONYDQJZII,"{""uuid"":""ZXH73GV3PVFZZFQ23ONYDQJZII"",""name"":""Sentinel integration"",""email"":""oqgiyj6saz5rs@1passwordserviceaccounts.com""}",,,,,"{""uuid"":""G3BMS3U6XJDP7JZ34ND7HKDM4Y"",""login_time"":""2025-04-18T11:57:23.3069882Z"",""device_uuid"":""hsybmdp2dth3v5w6sxfz3fdrvu"",""ip"":""2a02:a44f:4345:0:801b:87ab:a162:a10f""}",,,,,auditevents,"8ffcf5f0-cf26-483b-8d8a-b7b1544bb815","OnePasswordEventLogs_CL",
+,"4/18/2025, 12:40:19.703 PM",CO6OVY5Z4Y455ZH424DWZWSU34,,"4/18/2025, 12:15:10.621 PM",,,,,,,"{""country"":""The Netherlands"",""region"":""Utrecht"",""city"":""Amersfoort"",""latitude"":52.1592,""longitude"":5.3849}",PVXZMHITIFHG3FNMW4WERJEOCA,"{""uuid"":""PVXZMHITIFHG3FNMW4WERJEOCA"",""name"":""Peter Pan"",""email"":""peter.pan@hotmail.com""}",delete,user,SU3NS4P6KJDUTI5QYOOC5Y24OI,"{""uuid"":""SU3NS4P6KJDUTI5QYOOC5Y24OI"",""name"":""sl-microsoft-test"",""email"":""m6owabpqoihgo@1passwordserviceaccounts.com""}",,,,,"{""uuid"":""G3BMS3U6XJDP7JZ34ND7HKDM4Y"",""login_time"":""2025-04-18T11:57:23.3069882Z"",""device_uuid"":""hsybmdp2dth3v5w6sxfz3fdrvu"",""ip"":""2a02:a44f:4345:0:801b:87ab:a162:a10f""}",,,,,auditevents,"8ffcf5f0-cf26-483b-8d8a-b7b1544bb815","OnePasswordEventLogs_CL",
+,"4/18/2025, 12:40:19.703 PM",ZDVBDXJHOYRHCF26PZA3HPJ6LK,,"4/18/2025, 12:15:26.125 PM",,,,,,,"{""country"":""The Netherlands"",""region"":""Utrecht"",""city"":""Amersfoort"",""latitude"":52.1592,""longitude"":5.3849}",PVXZMHITIFHG3FNMW4WERJEOCA,"{""uuid"":""PVXZMHITIFHG3FNMW4WERJEOCA"",""name"":""Peter Pan"",""email"":""peter.pan@hotmail.com""}",create,satoken,B4DGXVKQGNHW3HAW2NRSEJCWOU,,,,,Pilot,"{""uuid"":""G3BMS3U6XJDP7JZ34ND7HKDM4Y"",""login_time"":""2025-04-18T11:57:23.3069882Z"",""device_uuid"":""hsybmdp2dth3v5w6sxfz3fdrvu"",""ip"":""2a02:a44f:4345:0:801b:87ab:a162:a10f""}",,,,,auditevents,"8ffcf5f0-cf26-483b-8d8a-b7b1544bb815","OnePasswordEventLogs_CL",
+,"4/18/2025, 12:40:19.703 PM",GQU2AQROG5AJHK6YB34BPSOL6Y,UTLGFSJ3BFEXBJ6KS7I6V2M2FU,"4/4/2025, 4:45:16.126 PM",CA,success,"credentials_ok",,"{""uuid"":""IBW4GP5NZFFBRK6IIS5SG3K4CI"",""name"":""John Doe"",""email"":""john.doe@agilebits.com""}","{""app_name"":""1Password Browser Extension"",""app_version"":""81074012"",""platform_name"":""Chrome extension"",""platform_version"":""134.0.6998.189"",""os_name"":""MacOSX"",""os_version"":""15.4.0"",""ip_address"":""207.6.250.192""}","{""country"":""CA"",""region"":""British Columbia"",""city"":""Kelowna"",""latitude"":49.8956,""longitude"":-119.4897}",,,,,,,,,,,,,,,,signinattempts,"8ffcf5f0-cf26-483b-8d8a-b7b1544bb815","OnePasswordEventLogs_CL",
+,"4/18/2025, 12:40:19.703 PM",NF6NGL7S6FD3XFULPKDAFLECRY,LSFGKSMJNFEUTKCX27PFS2OAVE,"4/9/2025, 5:13:51.014 PM",CA,success,"credentials_ok",,"{""uuid"":""IBW4GP5NZFFBRK6IIS5SG3K4CI"",""name"":""John Doe"",""email"":""john.doe@agilebits.com""}","{""app_name"":""1Password Browser Extension"",""app_version"":""81074017"",""platform_name"":""Chrome extension"",""platform_version"":""134.0.6998.199"",""os_name"":""MacOSX"",""os_version"":""15.4.0"",""ip_address"":""207.6.250.192""}","{""country"":""CA"",""region"":""British Columbia"",""city"":""Kelowna"",""latitude"":49.8956,""longitude"":-119.4897}",,,,,,,,,,,,,,,,signinattempts,"8ffcf5f0-cf26-483b-8d8a-b7b1544bb815","OnePasswordEventLogs_CL",
+,"4/18/2025, 12:40:19.703 PM",T7IV5RBYHRBTRDBMDWZ5B5EIQU,JVPUAZQDWFBGDJRVJZDH2TDSHA,"4/9/2025, 5:13:56.967 PM",CA,success,"credentials_ok",,"{""uuid"":""IBW4GP5NZFFBRK6IIS5SG3K4CI"",""name"":""John Doe"",""email"":""john.doe@agilebits.com""}","{""app_name"":""1Password for Web"",""app_version"":""1975"",""platform_name"":""Chrome"",""platform_version"":""134.0.6998.199"",""os_name"":""MacOSX"",""os_version"":""15.4.0"",""ip_address"":""207.6.250.192""}","{""country"":""CA"",""region"":""British Columbia"",""city"":""Kelowna"",""latitude"":49.8956,""longitude"":-119.4897}",,,,,,,,,,,,,,,,signinattempts,"8ffcf5f0-cf26-483b-8d8a-b7b1544bb815","OnePasswordEventLogs_CL",
+,"4/18/2025, 12:40:19.703 PM",SS5QW3HSRNCYHNICRWJNXI5QQA,LMVI3756QBBVLGMGF6TBGO3NUY,"4/9/2025, 5:15:32.357 PM",CA,success,"credentials_ok",,"{""uuid"":""IBW4GP5NZFFBRK6IIS5SG3K4CI"",""name"":""John Doe"",""email"":""john.doe@agilebits.com""}","{""app_name"":""1Password for Web"",""app_version"":""1975"",""platform_name"":""Chrome"",""platform_version"":""134.0.6998.199"",""os_name"":""MacOSX"",""os_version"":""15.4.0"",""ip_address"":""207.6.250.192""}","{""country"":""CA"",""region"":""British Columbia"",""city"":""Kelowna"",""latitude"":49.8956,""longitude"":-119.4897}",,,,,,,,,,,,,,,,signinattempts,"8ffcf5f0-cf26-483b-8d8a-b7b1544bb815","OnePasswordEventLogs_CL",
+,"4/18/2025, 12:40:19.703 PM",4XOAEYUNFJGLNNUQG44AFHZSGA,C7V57KMF2BDMZFCFLEK4ND6SNY,"4/10/2025, 7:08:48.828 PM",CA,success,"credentials_ok",,"{""uuid"":""XMBOV3AOFFFLNPHI7HKN2EI2XY"",""name"":""Clarence Wong"",""email"":""axel.rose@agilebits.com""}","{""app_name"":""1Password Browser Extension"",""app_version"":""81070027"",""platform_name"":""Chrome extension"",""platform_version"":""135.0.7049.85"",""os_name"":""MacOSX"",""os_version"":""15.3.2"",""ip_address"":""2607:fea8:52a2:e300:ec42:517a:6903:6487""}","{""country"":""CA"",""region"":""Ontario"",""city"":""Markham"",""latitude"":43.8455,""longitude"":-79.2635}",,,,,,,,,,,,,,,,signinattempts,"8ffcf5f0-cf26-483b-8d8a-b7b1544bb815","OnePasswordEventLogs_CL",
+,"4/18/2025, 12:40:19.703 PM",FQCRF6I5CJDUPAKVCHP47QWVFQ,TFOSOH6JCBAQRH37ZOTIWMGFYU,"4/11/2025, 1:14:19.172 PM",CA,success,"credentials_ok",,"{""uuid"":""XMBOV3AOFFFLNPHI7HKN2EI2XY"",""name"":""Clarence Wong"",""email"":""axel.rose@agilebits.com""}","{""app_name"":""1Password Browser Extension"",""app_version"":""81070027"",""platform_name"":""Chrome extension"",""platform_version"":""135.0.7049.85"",""os_name"":""MacOSX"",""os_version"":""15.3.2"",""ip_address"":""2607:fea8:52a2:e300:ec42:517a:6903:6487""}","{""country"":""CA"",""region"":""Ontario"",""city"":""Markham"",""latitude"":43.8455,""longitude"":-79.2635}",,,,,,,,,,,,,,,,signinattempts,"8ffcf5f0-cf26-483b-8d8a-b7b1544bb815","OnePasswordEventLogs_CL",
+,"4/18/2025, 12:40:19.703 PM",72HSUCNG2ZGORE64PYLGULKYSY,DUI4WKZ3BJFP3PHUAEMRPMP2FU,"4/18/2025, 11:44:02.575 AM",NL,"credentials_failed","password_secret_bad",,"{""uuid"":""PVXZMHITIFHG3FNMW4WERJEOCA"",""name"":""Peter Pan"",""email"":""peter.pan@hotmail.com""}","{""app_name"":""1Password for Web"",""app_version"":""1982"",""platform_name"":""Safari"",""platform_version"":""18.4"",""os_name"":""MacOSX"",""os_version"":""10.15.7"",""ip_address"":""2a02:a44f:4345:0:801b:87ab:a162:a10f""}","{""country"":""NL"",""region"":""Utrecht"",""city"":""Amersfoort"",""latitude"":52.1592,""longitude"":5.3849}",,,,,,,,,,,,,,,,signinattempts,"8ffcf5f0-cf26-483b-8d8a-b7b1544bb815","OnePasswordEventLogs_CL",
+,"4/18/2025, 12:40:19.703 PM",THAYXVGVEJH6LARQKHJZXVAKPI,5AVYJMTULJAQRDYCXJAK7W2H5Y,"4/18/2025, 11:44:43.313 AM",NL,success,"credentials_ok",,"{""uuid"":""PVXZMHITIFHG3FNMW4WERJEOCA"",""name"":""Peter Pan"",""email"":""peter.pan@hotmail.com""}","{""app_name"":""1Password for Web"",""app_version"":""1982"",""platform_name"":""Safari"",""platform_version"":""18.4"",""os_name"":""MacOSX"",""os_version"":""10.15.7"",""ip_address"":""2a02:a44f:4345:0:801b:87ab:a162:a10f""}","{""country"":""NL"",""region"":""Utrecht"",""city"":""Amersfoort"",""latitude"":52.1592,""longitude"":5.3849}",,,,,,,,,,,,,,,,signinattempts,"8ffcf5f0-cf26-483b-8d8a-b7b1544bb815","OnePasswordEventLogs_CL",
+,"4/18/2025, 12:40:19.703 PM",JEVVI4GVMNCSXJBF52IXO2OM4Q,G3BMS3U6XJDP7JZ34ND7HKDM4Y,"4/18/2025, 11:57:23.319 AM",NL,success,"credentials_ok",,"{""uuid"":""PVXZMHITIFHG3FNMW4WERJEOCA"",""name"":""Peter Pan"",""email"":""peter.pan@hotmail.com""}","{""app_name"":""1Password for Web"",""app_version"":""1982"",""platform_name"":""Safari"",""platform_version"":""18.4"",""os_name"":""MacOSX"",""os_version"":""10.15.7"",""ip_address"":""2a02:a44f:4345:0:801b:87ab:a162:a10f""}","{""country"":""NL"",""region"":""Utrecht"",""city"":""Amersfoort"",""latitude"":52.1592,""longitude"":5.3849}",,,,,,,,,,,,,,,,signinattempts,"8ffcf5f0-cf26-483b-8d8a-b7b1544bb815","OnePasswordEventLogs_CL",
+,"4/18/2025, 12:40:19.703 PM",HDCR3PNYARBSFE5HC6AWUPWCYI,MYV36CCVNZDEPNHXVCUXES2ADM,"4/18/2025, 12:03:55.150 PM",NL,success,"credentials_ok",,"{""uuid"":""OBVNU7G3JNED5PYYGVQY6FM65Q"",""name"":""Jack Sparrow (test)"",""email"":""jack.sparrow@outlook.com""}","{""app_name"":""1Password for Web"",""app_version"":""1982"",""platform_name"":""Brave"",""platform_version"":""135.0.0.0"",""os_name"":""Windows"",""os_version"":""11.0"",""ip_address"":""86.85.254.86""}","{""country"":""NL"",""region"":""Utrecht"",""city"":""Utrecht"",""latitude"":52.1083,""longitude"":5.1423}",,,,,,,,,,,,,,,,signinattempts,"8ffcf5f0-cf26-483b-8d8a-b7b1544bb815","OnePasswordEventLogs_CL",
+,"4/18/2025, 12:40:19.703 PM",CVOHJRHF7BAXHLZNORNP6N6IMA,,"4/9/2025, 5:15:42.746 PM",,,,,,"{""app_name"":""1Password Browser Extension"",""app_version"":""81074017"",""platform_name"":""Chrome extension"",""platform_version"":""134.0.6998.199"",""os_name"":""MacOSX"",""os_version"":""15.4.0"",""ip_address"":""207.6.250.192""}","{""country"":""Canada"",""region"":""British Columbia"",""city"":""Kelowna"",""latitude"":49.8956,""longitude"":-119.4897}",,,"server-create",,,,,,,,,1,dzkriehzyenlesox7gaaxv7pma,yyznfshprnktijvsjhouufqx5i,"{""uuid"":""IBW4GP5NZFFBRK6IIS5SG3K4CI"",""name"":""John Doe"",""email"":""john.doe@agilebits.com""}",itemusages,"8ffcf5f0-cf26-483b-8d8a-b7b1544bb815","OnePasswordEventLogs_CL",
+,"4/18/2025, 12:40:19.703 PM",7FW55XI4JZEXZLG43WEPF7IBAY,,"4/9/2025, 5:19:13.254 PM",,,,,,"{""app_name"":""1Password for Web"",""app_version"":""1975"",""platform_name"":""Chrome"",""platform_version"":""134.0.6998.199"",""os_name"":""MacOSX"",""os_version"":""15.4.0"",""ip_address"":""207.6.250.192""}","{""country"":""Canada"",""region"":""British Columbia"",""city"":""Kelowna"",""latitude"":49.8956,""longitude"":-119.4897}",,,share,,,,,,,,,1,dzkriehzyenlesox7gaaxv7pma,yyznfshprnktijvsjhouufqx5i,"{""uuid"":""IBW4GP5NZFFBRK6IIS5SG3K4CI"",""name"":""John Doe"",""email"":""john.doe@agilebits.com""}",itemusages,"8ffcf5f0-cf26-483b-8d8a-b7b1544bb815","OnePasswordEventLogs_CL",