Rapid7 SIEM
Rapid7 is a security platform offering several ways to analyze vulnerabilities and threat data, such as security information and event management (SIEM). With the Rapid7 Bitwarden integration, developed by the team at Rapid7, organizations can monitor Bitwarden organization and event activity with the Bitwarden app on Rapid7's InsightConnect software.
noot
The Bitwarden plugin on InsightConnect is available for cloud and Insight Orchestrator users. This guide will demonstrate the cloud setup. For more information on Insight Orchestrator, see the Rapid7 documentation here.
To start, you will need an account with Rapid7 with access to InsightConnect. Create an account on the Rapid7 website.
Access the InsightConnect dashboard.
On the navigation menu, select SETTINGS → Plugins & Tools.
Search Bitwarden in the Extension catalogue and install the plugin.
Return to your Extension library and select the Bitwarden plugin, then
Create Connection. Keep the connection window open, information from the Bitwarden web vault is required to complete the next step.In a new tab or window, access your Bitwarden organization's Client ID and Client Secret. Log in to the Bitwarden web app and open the Admin Console using the product switcher:
Navigate to your organization's Settings → Organization info screen and select the View API key button. You will be asked to re-enter your master password in order to access your API key information.
Copy the
client_id
andclient_secret
values. Return to the Create a Cloud Connection window:Paste the
client_id
value into the Client ID field.Paste the
client_secret
value into the Client Secret field. In order to access this field, select Add Credential from the Select Credential dropdown menu. Paste theclient_secret
value in the Secret Key field. Complete any additional Name and Description values you wish to include in the connection.
Once you have input the values, select Save & Test Connection. Rapid7 will run a connection test and indicate if the setup was successful.
noot
De API-sleutelgegevens van uw organisatie zijn gevoelige gegevens. Deel deze waarden niet op niet-veilige locaties.
To begin monitoring data with Rapid7, create an InsightConnect workflow. This guide will demonstrate creating a cloud workflow and then testing the workflow.
On the main navigation, select WORKFLOWS.
In the right corner of the screen, select Add Workflow to begin.
A window will appear showing different options for creating a workflow. For this example, select Start From Scratch. Advanced users may choose to browse existing templates.
On the Create New Workflow window, complete the following required fields:
Workflow Name: Create a name for the Workflow such as Bitwarden Logs.
Time Savings: Time that this Workflow will save.
Optional: Include Summary and Tags for the Workflow as desired.
Select Create once you have finished.
Click on the new trigger in the workflow editor. In the Select a Trigger window, select select the trigger you would like to use to initiate your workflow, such as API Trigger. Complete the following required fields:
Name: Provide a name for the new trigger.
Variable: Choose variable such as
Event
.Data Type: Select String.
Optional: Enter a Trigger Description to keep notes about the use of the trigger.
Select Close once you have completed the setup.
On the workflow editor, select the
plus icon to add a new step.Select
Action to add a new action. Select Bitwarden from the plugins list.On the Select an Action screen, choose the action you with to monitor. For this example, we will be selecting List Events. Select Continue once you have made your selection.
Choose the Cloud option for running. On the connection drop down, choose the Bitwarden connection we established previously in the guide. Select Continue once complete.
On the Configure Details screen, complete the optional fields as required by your setup, such as Start Date.
Select Save Step once you have customized the step details.
noot
Rapid7 allows several actions to be created and chained together. You may repeat this step with additional Bitwarden actions to report more information. See a complete list of Bitwarden integration actions here.
Return to the Workflow Editor and select Test to try out the workflow. The Test Workflow window will appear. Select Test Workflow at the bottom of the window to run the process.
This may take a moment. Once complete, a Job Details window will appear with results of the workflow:
To enable the workflow, select WORKFLOWS from the primary navigation.
Activate the workflow by using the toggle option:
Once active, reports will be generated based on the trigger settings established on your workflow. View these reports by selecting JOBS on the navigation.
Suggest changes to this page
How can we improve this page for you?
For technical, billing, and product questions, please contact support