Bitwarden Resources

Use Panther with Bitwarden for SIEM to monitor Bitwarden events

Learn how Panther can monitor Bitwarden events to provide security information and event management (SIEM) to generate alerts and streamline investigation into suspicious activities.

  1. Resources
  2. Use Panther with Bitwarden for SIEM to monitor Bitwarden events

Panther is a cloud-native SIEM solution that is able to process large amounts of data, allowing security teams to investigate security concerns for their infrastructure quickly and in a manner that’s easily understood. Panther detects suspicious activity and generates alerts for IT, DevOps, and SRE teams when a potential threat is identified. 

Bitwarden integrates with Panther to furnish event logs for security information and event management (SIEM), as a defense against malevolent attacks and intrusions into the network and other IT assets. SIEM technology aggregates events from data sources to detect possible threats in real-time, while also helping ensure compliance and security oversight for data within cloud infrastructure.

With Bitwarden and Panther, detailed information on activity within Bitwarden Password Manager and Secrets Manager can be gathered and analyzed for easy monitoring and alerts. Together, the two integrate to provide valuable insights into a given Bitwarden organization, including information such as user activity, password changes, shared passwords, and more. Panther ingests this data and combines it with the monitoring of other infrastructure, apps, and networking, to provide alerts and streamline investigation into suspicious activities.

The benefits of Bitwarden and Panther together include

  • Alerts for suspicious activity and detailed reports from Bitwarden logs

  • Expands SIEM oversight to website and application credentials

  • Visual dashboards and event search macros for easy monitoring

  • Records of specific credential access by users

  • Insights into user adoption of company security tools

  • Offboarding reports that list credentials a former employee had access to, ensuring tighter security and access control

Did you know?

Bitwarden records more than 50 types of events that are logged in perpetuity and can be passed to Panther for analysis and integration into existing security systems.

Integration Details

Panther connects to Bitwarden through an API key and OAuth 2.0 credentials. Panther has designed an integration within the Panther application catalog, accessible within `Log Sources` in the Panther Dashboard Overview. Once connected to the Bitwarden organization, even logs will automatically flow into Panther. Note that Panther integration is only available for Bitwarden cloud hosted organizations.

Alternatively, use Bitwarden API integration to set up SIEM functionality with any provider by exporting event data from your organization. The Public API can provide information about your organization and users. The Vault Management API provides access to information about encrypted data and is hosted within the Bitwarden CLI client using the serve command on an owned endpoint. Combined, these two APIs will provide a full view of your organization and vault.

Choose the plan that fits your needs



per month

Free Forever

Get a Bitwarden vault

  • Unlimited devices
  • Passkey management
  • All the core functions
  • Always free

Share vault items with one other user


Less than$1

per month

$10 billed annually

Enjoy premium features

  • Integrated authenticator
  • File attachments
  • Emergency access
  • Security reports and more

Share vault items with one other user



per month

Up to 6 users, $40 billed annually

Secure your family logins

  • 6 premium accounts
  • Unlimited sharing
  • Unlimited collections
  • Organization storage

Share vault items between six people

Pricing shown in USD and based on an annual subscription

© 2024 Bitwarden, Inc. Terms Privacy Cookie Settings Sitemap

This site is available in English.
Go to EnglishStay Here