This page is displayed in , but your browser is set to .
Would you like to switch to the version?

Bitwarden Blog

Using Splunk with Bitwarden Password Manager

RL
authored by:Ryan Luibrand
published :

Bitwarden integrates with Splunk for event and security logging

Bitwarden provides an official integration app for Splunk Enterprise, Splunk Cloud Classic, and Splunk Cloud Victoria. It can be accessed

within the Splunk user interface
and can also be found
on the Splunkbase
. The integration app simplifies the process for bringing the Bitwarden events into Splunk, and a step-by-step guide is available in the
Help documentation
.

The Bitwarden Event Logs app for Splunk comes with three pre-built dashboards: Bitwarden authentication events, vault item events, and organization events. Splunk users can also build custom dashboards and integrate Bitwarden events data into existing dashboards. This makes it easy to identify patterns at-a-glance and respond immediately to threats to the business IT infrastructure. More integration information is provided in the

Splunk integration datasheet
.

The below video shows Splunk in action on a self-hosted Splunk Enterprise installation.

Splunk and Bitwarden: Expanding SIEM coverage

Splunk is a well-known tool in the world of Security Incident and Event Management, or SIEM. It performs advanced analysis on the thousands to millions of loggable events on a network, including from hardware and applications, and consolidates them into actionable security alerts and dashboards.

In all, more than 60 types of events are recorded and logged in perpetuity and can be passed to Splunk for analysis and integration into existing security systems.

Now, with the official integration, that includes the

robust, auditable event logs
of Bitwarden Password Manager. These logs cover user events, vault item events, organization events, and more. In all, more than 60 types of events are recorded and logged in perpetuity and can be passed to Splunk for analysis and integration into existing security systems. Importantly, this expands SIEM monitoring to apps, websites, and other data that normally flies under the radar.

How Bitwarden enhances Splunk capabilities

  • Expands SIEM oversight to website and application logins

  • Option to self-host both Bitwarden and Splunk for uniform security control

  • Provides open source transparency for credential management, including the Splunk integration app itself

What you can do with Bitwarden and Splunk

  • Set alerts for suspicious access to logins and stored credit cards

  • Identify a rogue user account and temporarily revoke it from the organization

  • Determine proper usage and adoption of Bitwarden Password Manager

If you use Splunk in your organization, you will find value in the Bitwarden open source approach to security, the depth of the Bitwarden event logs, and the benefits of expanding SIEM coverage to an organization password vault. Bitwarden also has integrations with

Elastic
and
Panther
, and any SIEM tool can access Bitwarden events via
the two available APIs
. Visit
bitwarden.com
 today to start a 7-day trial or reach out to the
business sales team
 to learn more!

Editor's note: This blog was originally written June 1, 2023 and updated on May 14, 2024 to detail support for Splunk cloud installations.

Back to Blog

Get started with Bitwarden today.

Crea tu cuenta gratis