Hi,
Our organization is interested in monitoring BitWarden security Event Logs, we want to forward those logs to an external SOC that uses a SIEM to monitor this data for us.
I found that it can be done via the public API.
My question is, does the API key the external SOC will provide them access to everything in our organization’s BitWarden? Will they see also password and critical notes, or we can limit them for that specific Event Logs only?
By the way, aside from API, is there any other known method to forward those Event Logs?
Thank you
The Bitwarden public API would not be for viewing or managing items such as password or secure notes, but instead is only for managing members, collections, groups, event logs, and policies.
Otherwise this may make for a good feature request for the ability to create specific API keys with granular access for specific functions.
I know there was another fairly recent feature request requesting for a backup only limited API key function, so similar in that limited access is wanted.
If you are perhaps self-hosting then there may be a way to push the original logs from docker into your SIEM that way as well.