I’m wondering if anyone has been able to figure out the least painful method of ingesting logs from BitWarden into IDR. Reading their documentation, it’s a mix of API calls and CLI stuff to join records and make it somewhat usable…they’ve got integrations with Splunk, Elastic, and Panther, so I’m hoping someone here has had luck finding a way to do it without a bunch of data gymnastics.
3 Likes
I would also be interested if you find a solution to this.
I am also looking for this functionality.
What about having a timer trigger… Bitwarden API to get event logs, sent it over as SYSLOG from ICON to IDR so it appears in raw logs, and then do some customer log parsing…and some custom rules.
This allows you also to enhance automation based on some of the use cases you have.
PS I am curious also, so any theories are welcome to test out 