Bitwarden Logs
Panther supports pulling logs directly from Bitwarden
Last updated
Was this helpful?
Panther supports pulling logs directly from Bitwarden
Last updated
Was this helpful?
Panther can query the for new audit events every 60 seconds.
To read events from your Bitwarden account, you must have a Bitwarden with API access.
In the left-hand navigation bar of your Panther Console, click Configure > Log Sources.
Click Create New.
Search for “Bitwarden,” then click its tile.
In the slide-out panel, click Start Setup.
Enter a descriptive name for the source, e.g., "My Bitwarden logs".
Click Setup.
In a separate browser tab, open the Bitwarden web console.
Navigate to the Settings tab.
In the lefthand navigation bar, select Organization info.
Copy the Client ID and Client Secret and store them in a secure location, as you will need them in the next step.
Navigate to the Panther Console, on the Credentials page where you left off in the earlier steps.
Click Setup. You will be directed to a success screen:
The Trigger an alert when no events are processed setting defaults to YES. We recommend leaving this enabled, as you will be alerted if data stops flowing from the log source after a certain period of time. The timeframe is configurable, with a default of 24 hours.
In the API Key section, click View API key.
In the Client ID and Client Secret fields, paste the credentials you retrieved from Bitwarden in the previous step.
You can optionally enable one or more .
These logs represent events for the entire organization. For more information, see .