When you use 1Password Events Reporting, you can send information from 1Password to your security information and event management (SIEM) system through the 1Password Events REST API.
The 1Password Events API only sends the information you choose to your SIEM
When you set up 1Password Events Reporting, you choose which events your SIEM has access to. Tokens that you create for the Events API can only access the information for those events.
A separate 1Password server is used to provide information to the Events API
The 1Password server that provides information to the Events API is separate and isolated from the rest of 1Password.com. It only has access to event data and no other 1Password information.
Only authorized applications and services can get information from the 1Password Events API
When the Events API requests information from the 1Password server, the HTTP request must have an authorization header containing an authorization token.
Authorization tokens are only valid for the Events Reporting integration they’re created for. They’re signed by the key for the 1Password account that the Events API uses, using the ES256 signing algorithm. You can revoke a token at any time.
The Events API data is end-to-end encrypted
The Events API data is encrypted at rest and in transit. Additionally, vault and item names are encrypted on the client side and can’t be accessed by the Events API.
If you discover a vulnerability
If you discover a vulnerability in 1Password, submit a report on Bugcrowd.