Panther SIEM

Panther is a security information and event management (SIEM) platform that can be used with Bitwarden organizations. Organization users can monitor event activity with the Bitwarden app on their Panther monitoring system.

To start you will need a Panther account and dashboard. Create a Panther account on their website.

1. Access the Panther dashboard.

2. On the menu, open the Configure dropdown and select Log Sources.
   

   

3. Select Onboard your logs.
   

   

4. Search Bitwarden in the catalogue.
   

   

5. Click on the Bitwarden integration and select Start Setup.

After you select Start Setup you will be brought to the configuration screen.

1. Enter a name for the integration and then select Setup.

2. Next, you will have to access to your Bitwarden organization's Client ID and Client Secret. Keeping this screen open, on another tab, log in to the Bitwarden web app and open the Admin Console using the product switcher:

   

3. Navigate to your organization's Settings → Organization info screen and select the View API key button. You will be asked to re-enter your master password in order to access your API key information.

   

4. Copy and paste the client_id and client_secret values into their respective locations on the Bitwarden App setup page. Once you have entered the information, continue by selecting Setup again.

5. Panther will run a test on the integration. Once a successful test has been completed, You will be given to option to adjust preferences. Complete the setup by pressing View Log Source.
   

   note

   Panther may take up to 10 minutes to ingest data following the Bitwarden App setup.

1. To begin monitoring data, head over to the primary dashboard and select  Investigate and Data Explorer.

2. On the Data Explorer page, select the panther_logs.public database from the drop down menu. Make sure that bitwarden_events is being viewed as well.
   

   

3. Once you have made all of your required selections, select Run Query.
   You may also Save as to use the query at another time.

4. A list of Bitwarden events will be produced at the bottom of the screen.
   

   

5. Events can be expanded and viewed in JSON by selecting View JSON. .
   

   

   For additional information regarding Bitwarden organization events, see here. Additional options for specific queries are available, see the Panther Data Explorer documentation for more information.