Microsoft Sentinel SIEM
Microsoft Sentinel is a security information and event management (SIEM) platform that can be used to monitor Bitwarden organizations. Organizations can monitor event activity with the Bitwarden Event Logs app on the Microsoft Dashboard.
To setup the Bitwarden integration, an active Azure account with access to Microsoft Sentinel is required, as well as a Bitwarden organization in which you have the required access permissions.
Navigate to your Microsoft Sentinel dashboard. Select your workspace or select New to add Microsoft Sentinel to a new workspace.
Sentinel New Workspace Navigate to apps catalogue
third step if required
Once the Bitwarden Event Logs app has been installed to your Microsoft Sentinel dashboard, you can connect your Bitwarden organization using your Bitwarden API key.
Go to the dashboard home and select the Bitwarden Event Logs app.
Select Data connectors from the navigation menu. Then, select the
menu for your workspace and Open connector page.Open connector page Keep this screen open, on another tab, log in to the Bitwarden web app and open the Admin Console using the product switcher (
):Produktwechsler Navigate to your organization's Settings → Organization info screen and select the View API key button. You will be asked to re-enter your master password in order to access your API key information.
Organisation API Informationen Return to the Microsoft Sentinel tab. On the Configuration page, complete the following fields:
Field | Value |
---|---|
Bitwarden Identity Url | For Bitwarden cloud users, the default URL will be For self-hosted Bitwarden users, input your self-hosted URL. Be sure that the URL does not include and trailing forward slashes at the end of the URL " |
Bitwarden Api Url | For Bitwarden cloud users, the default URL will be For self-hosted Bitwarden users, input your self-hosted URL. Be sure that the URL does not include and trailing forward slashes at the end of the URL " |
Client ID | Input the value for |
Client Secret | Input the value for |
Select Connect once the required fields have been completed.
Warnung
Ihr Organisation-API-Schlüssel ermöglicht vollen Zugriff auf Ihre Organisation. Bewahren Sie Ihren API-Schlüssel privat auf. Wenn Sie glauben, dass Ihr API-Schlüssel kompromittiert wurde, wählen Sie Einstellungen > Organisationsinfo > API-Schlüssel erneuern Knopf auf diesem Bildschirm. Aktive Implementierungen Ihres aktuellen API-Schlüssels müssen mit dem neuen Schlüssel neu konfiguriert werden, bevor sie verwendet werden können.
Hinweis
Historic event data is not available for the Bitwarden Event Logs app on Microsoft Sentinel at this time.
To start monitoring data in the Microsoft Sentinel directory, and select Workbooks and them Templates from the navigation menu.
![Workbook Templates](https://res.cloudinary.com/bw-com/image/upload/f_auto/v1/ctf/7rncvj1f8mw7/4eh5nlRZ1TCptqg8Q8Yz3T/55e09959de52e396a69f17f5509fdccd/workbooks.png?_a=BAJFJtWI0)
The Bitwarden Event Logs app will have three templates included by default. Select one of the templates and choose View Template.
![Included Templates](https://res.cloudinary.com/bw-com/image/upload/f_auto/v1/ctf/7rncvj1f8mw7/2UfrEiMzlyVJcJ7P9Exaub/9e0664475aa6b357b5a3710e6ac268b8/included_templates.png?_a=BAJFJtWI0)
Select one of the templates to begin monitoring data. The dashboard include graphs and reported data:
![Microsoft Sentinel Overview](https://res.cloudinary.com/bw-com/image/upload/f_auto/v1/ctf/7rncvj1f8mw7/3Wf1N2jRun1kROxJnjGrMy/ebe3cb8fddff817e8a00b1f2666a3f0e/BitwardenEventLogsAuthenticationWhite1.png?_a=BAJFJtWI0)
Continue scrolling the overview page for additional event log data:
![BitwardenEventLogsAuthenticationWhite2](https://res.cloudinary.com/bw-com/image/upload/f_auto/v1/ctf/7rncvj1f8mw7/6wGNTITmTwvrzJXIJSZxJA/500b34ddb453cb63036a995e3c3db5d0/BitwardenEventLogsAuthenticationWhite2.png?_a=BAJFJtWI0)
Customize the data displayed by reports