search
Knowledge BaseRelease NotesRequest Demo

Bitwarden Logs

Panther supports pulling logs directly from Bitwarden

hashtag
Overview

Panther can query the Bitwarden Events APIarrow-up-right for new audit events every 60 seconds.

hashtag
How to onboard Bitwarden logs to Panther

hashtag
Prerequisite

hashtag
Step 1: Create a new Bitwarden source in Panther

  1. In the left-hand navigation bar of your Panther Console, click Configure > Log Sources.

  2. Click Create New.

  3. Search for “Bitwarden,” then click its tile.

  4. In the slide-out panel, click Start Setup.

  5. Enter a descriptive name for the source, e.g., "My Bitwarden logs".

  6. Click Setup.

hashtag
Step 2: Fetch API credentials in Bitwarden

  1. In a separate browser tab, open the Bitwarden web console.

  2. Navigate to the Settings tab.

  3. In the lefthand navigation bar, select Organization info.

  4. In the API Key section, click View API key. The Bitwarden console shows the Settings > Organization info page. The "Organization name" field has a value of "Panther Test Organization" and there are also fields for Billing email and Business name. Below, an API Key section says "Your API key can be used to authenticate to the Bitwarden public API." Below, there is "View API key" and "Rotate API key" buttons.

  5. Copy the Client ID and Client Secret and store them in a secure location, as you will need them in the next step.

hashtag
Step 3: Finalize Bitwarden onboarding in Panther

  1. Navigate to the Panther Console, on the Credentials page where you left off in the earlier steps.

  2. In the Client ID and Client Secret fields, paste the credentials you retrieved from Bitwarden in the previous step. On the Configuration page of the Bitwarden source setup flow, there are fields for "Client ID" and "Client Secret." At the bottom of the page is a "Setup" button.

  3. Click Setup. You will be directed to a success screen:\

    The success screen reads, "Everything looks good! Panther will now automatically pull & process logs from your account"

    • You can optionally enable one or more Detection Packsarrow-up-right.

    • The Trigger an alert when no events are processed setting defaults to YES. We recommend leaving this enabled, as you will be alerted if data stops flowing from the log source after a certain period of time. The timeframe is configurable, with a default of 24 hours.\

      The "Trigger an alert when no events are processed" toggle is set to YES. The "How long should Panther wait before it sends you an alert that no events have been processed" setting is set to 1 Day

hashtag
Supported log types

hashtag
Bitwarden.Events

These logs represent events for the entire organization. For more information, see Bitwarden's API documentationarrow-up-right.

PreviousAzure Monitor LogsNextBox Logs

Last updated

Was this helpful?