Use Panther with Bitwarden for SIEM to monitor Bitwarden events

Panther is a cloud-native SIEM solution that is able to process large amounts of data, allowing security teams to investigate security concerns for their infrastructure quickly and in a manner that’s easily understood. Panther detects suspicious activity and generates alerts for IT, DevOps, and SRE teams when a potential threat is identified. 

Bitwarden integrates with Panther to furnish event logs for security information and event management (SIEM), as a defense against malevolent attacks and intrusions into the network and other IT assets. SIEM technology aggregates events from data sources to detect possible threats in real-time, while also helping ensure compliance and security oversight for data within cloud infrastructure.

With Bitwarden and Panther, detailed information on activity within Bitwarden Password Manager and Secrets Manager can be gathered and analyzed for easy monitoring and alerts. Together, the two integrate to provide valuable insights into a given Bitwarden organization, including information such as user activity, password changes, shared passwords, and more. Panther ingests this data and combines it with the monitoring of other infrastructure, apps, and networking, to provide alerts and streamline investigation into suspicious activities.

• Alerts for suspicious activity and detailed reports from Bitwarden logs

• Expands SIEM oversight to website and application credentials

• Visual dashboards and event search macros for easy monitoring

• Records of specific credential access by users

• Insights into user adoption of company security tools

• Offboarding reports that list credentials a former employee had access to, ensuring tighter security and access control

Panther connects to Bitwarden through an API key and OAuth 2.0 credentials. Panther has designed an integration within the Panther application catalog, accessible within `Log Sources` in the Panther Dashboard Overview. Once connected to the Bitwarden organization, even logs will automatically flow into Panther. Note that Panther integration is only available for Bitwarden cloud hosted organizations.

Alternatively, use Bitwarden API integration to set up SIEM functionality with any provider by exporting event data from your organization. The Public API can provide information about your organization and users. The Vault Management API provides access to information about encrypted data and is hosted within the Bitwarden CLI client using the serve command on an owned endpoint. Combined, these two APIs will provide a full view of your organization and vault.