Microsoft Sentinel SIEM

Microsoft Sentinel is a security information and event management (SIEM) platform that can be used to monitor Bitwarden organizations. Organizations can monitor event activity with the Bitwarden Event Logs app on the Microsoft Dashboard.

To setup the Bitwarden integration, an active Azure account with access to Microsoft Sentinel is required, as well as a Bitwarden organization in which you have the required access permissions.

1. Navigate to your Microsoft Sentinel dashboard. Select your workspace or select New to add Microsoft Sentinel to a new workspace.
   

   

2. Navigate to apps catalogue

3. third step if required
   

Once the Bitwarden Event Logs app has been installed to your Microsoft Sentinel dashboard, you can connect your Bitwarden organization using your Bitwarden API key.

1. Go to the dashboard home and select the Bitwarden Event Logs app.
   

2. Select Data connectors from the navigation menu. Then, select the menu for your workspace and Open connector page.
   

   

3. Keep this screen open, on another tab, log in to the Bitwarden web app and open the Admin Console using the product switcher ():
   
   

   

4. Navigate to your organization's Settings → Organization info screen and select the View API key button. You will be asked to re-enter your master password in order to access your API key information.
   

   

5. Return to the Microsoft Sentinel tab. On the Configuration page, complete the following fields:
   

Select Connect once the required fields have been completed.

To start monitoring data in the Microsoft Sentinel directory, and select Workbooks and them Templates from the navigation menu.

The Bitwarden Event Logs app will have three templates included by default. Select one of the templates and choose View Template.

Select one of the templates to begin monitoring data. The dashboard include graphs and reported data:

Continue scrolling the overview page for additional event log data:

Customize the data displayed by reports