Consola de AdministradorInformando

Microsoft Sentinel SIEM

Microsoft Sentinel is a security information and event management (SIEM) platform that can be used to monitor Bitwarden organizations. Organizations can monitor event activity with the Bitwarden Event Logs app on Microsoft Sentinel.

Setup

To setup the Bitwarden integration, an active Azure account with access to a Microsoft Sentinel Workspace is required. Additionally, a Bitwarden API key, which can only be retrieved by organization owners.

Install the Bitwarden app to your Microsoft Sentinel dashboard

The Bitwarden Event Logs application can be located in the Microsoft Azure Marketplace. To add the new application to your Workspace:

  1. Choose the Bitwarden Event Logs plan from the dropdown menu and select Create.

    Bitwarden Event Logs marketplace app
    Bitwarden Event Logs marketplace app

  2. Complete the required fields and select the Workspace that will be monitoring Bitwarden organization data.

  3. Once complete, select Review + create.

Connect your Bitwarden Organization

Once the Bitwarden Event Logs app has been added to your Microsoft Sentinel Workspace, you can connect your Bitwarden organization using your Bitwarden API key.

  1. Return to the Data connectors screen and select the Bitwarden Event Logs app. Select Open connector page. If the Bitwarden Event Logs app is not visible, you may be required to select Refresh.

    Microsoft Sentinel Bitwarden Event Logs app
    Microsoft Sentinel Bitwarden Event Logs app
  2. Keep this screen open, on another tab, log in to the Bitwarden web app and open the Admin Console using the product switcher:

    Selector de producto
    Selector de producto
  3. Navigate to your organization's SettingsOrganization info screen and select the View API key button. You will be asked to re-enter your master password in order to access your API key information.

    Información de API de la organización
    Información de API de la organización
  4. Return to the Microsoft Sentinel tab. On the Configuration page, complete the following fields:

Field

Value

Bitwarden Identity URL

For Bitwarden cloud users, the default URL will be https://identity.bitwarden.com or https://identity.bitwarden.eu.

For self-hosted Bitwarden users, input your self-hosted URL. For example, https://<self-hosted-url>/identity. Be sure that the URL does not include any trailing forward slashes at the end of the URL "/".

Bitwarden API URL

For Bitwarden cloud users, the default URL will be https://api.bitwarden.com or https://api.bitwarden.eu.

For self-hosted Bitwarden users, input your self-hosted URL. For example, https://<self-hosted-url>/api. Be sure that the URL does not include any trailing forward slashes at the end of the URL "/".

Client ID

Input the value for client_id from the Bitwarden organization API key window.

Client Secret

Input the value for client_secret from the Bitwarden organization API key window.

Select Connect once the required fields have been completed.

nota

La información de la clave API de su organización es datos sensibles. No comparta estos valores en lugares no seguros.

Start monitoring event logs

nota

Historic event data is not available for the Bitwarden Event Logs app on Microsoft Sentinel at this time. Additionally, it may take up to 1 hour for the first events to appear in Microsoft Sentinel.

Bitwarden organization event logs can be viewed in Microsoft Sentinel using the BitwardenEventLogs query function.

  1. From Microsoft Sentinel, select Logs. A New Query tab will be created. On the left hand navigation, select FunctionsWorkspace functions BitwardenEventLogs.

  2. Before running the query, you may select time frame and add specific parameters to the query. To being the query, select Run.

    Microsoft Sentinel query
    Microsoft Sentinel query

    Queries can be saved for future use.

    Microsoft Sentinel query result
    Microsoft Sentinel query result

Monitor using Workbooks

Workbooks can be used to review event logs and visualize data. Additionally, templates are included in the Bitwarden Event Logs Workbook for a pre-configured overview of available data.

To access Workbooks, select Workbooks from the navigation and then Templates.

Workbook templates
Workbook templates

The Bitwarden Event Logs app will have three templates included by default. Select one of the templates and choose View Template to begin monitoring data.

Included templates
Included templates

The dashboards include visualized data:

Microsoft Sentinel dashboard view
Microsoft Sentinel dashboard view

Continue scrolling the overview page for additional event log data:

Bitwarden even log view
Bitwarden even log view

Sugerir cambios en esta página

¿Cómo podemos mejorar esta página para usted?
Si tiene preguntas técnicas, sobre facturación o sobre el producto, póngase en contacto con el servicio de asistencia.

Estado de la nube

Comprobar estado

Mejora tus conocimientos de ciberseguridad.

Suscríbete al boletín informativo.


© 2024 Bitwarden, Inc. Términos Privacidad Ajustes de Cookies Mapa del sitio

Go to EnglishStay Here