Bitwarden Password Manager

Version: Classic 2019 Enterprise Organizations, Enterprise Organizations, and Teams Organizations (On-Premises and Cloud Bitwarden Password Manager)

Bitwarden is a free and open-source password management service that stores sensitive information such as website credentials in an encrypted vault. Bitwarden offers a cloud-hosted service as well as the ability to deploy the solution on-premises.

Netsurion Open XDR monitors events from the Bitwarden Password Manager. Dashboard, alerts, and reports in Netsurion will help you to monitor the login from any unusual location, the Two-Step Login disabled events, organization policy changes/modification, user password modification, and other cipher-related events to keep track of suspicious and unusual events occurring within the Bitwarden Password Manager.

Netsurion Data Source Integration for the Bitwarden Password Manager allows you to monitor the following components: –

  • Security – User login failure, MFA disabled, policy updated. 
  • Operation – User login success, group, collections, users, and organization events.

After the Bitwarden Password Manager is configured to deliver events to the Netsurion Open XDR Manager, the dashboards, and reports can be configured into Netsurion Open XDR.

The following are the key Data Source Integration available in Netsurion Open XDR.

Alerts

Type Name Description
Security Bitwarden PM – Login Failed This alert will be triggered when the user login failure is detected in the Bitwarden Password Manager.
Security Bitwarden PM – MFA Disabled This alert will be triggered when the user disables the Two-Step Login in the Bitwarden Password Manager.
Security Bitwarden PM – Policy Updated This alert will be triggered when the organization policy is updated in the Bitwarden Password Manager.

Reports

Type Name Description
Security Bitwarden PM – User Login Failure Report This report provides a detailed summary of user login failure events detected. It contains a user IP address, username, user email, device type, and more.
Security Bitwarden PM – Cipher Events Report This report provides a detailed summary of cipher- events. It contains a cipher Id, user who triggered the event, a user email, device type, event name, and more.
Operations Bitwarden PM – User Login Success Report This report provides a detailed summary of user login success events. It contains a user IP address, username, user email, device type, and more.
Operations Bitwarden PM – Group and Collection Management Report This report provides a detailed summary of group and collection management events. It contains an event name, group Id/collection Id, a user who triggered the event, and more.
Operations Bitwarden PM – User Events Report This report provides a detailed summary of events performed by the users to manage their accounts. It contains an event type, username, user email, device type, and more.
Operations Bitwarden PM – Organization Events Report This report provides a detailed summary of organization management events. It contains an event type, username, user email, device type, and more.
Operations Bitwarden PM – Provider User and Organization Events Report This report provides a detailed summary of provider users and provider organization management events. It contains an event type, username, user email, device type, and more.

Documentation

The configuration details are consistent with Netsurion Open XDR 9.3 and later, and the Bitwarden Password Manager.

Download Integration Guide, How-to Guide, and Bitwarden Password Manager Integrator version 1.0.0 for configuration instructions and more information.