A Splunk app for reporting Bitwarden event logs.
Follow the steps in Bitwarden Splunk SIEM
This app requires Python 3.8 installed. Install Poetry if not already installed.
Activate shell: poetry shell
Install dependencies: poetry install --with dev
- Install docker.
- Run splunk enterprise
docker run --rm --name splunk -d -p 8001:8000 -p 8089:8089 -e SPLUNK_START_ARGS='--accept-license' -e SPLUNK_PASSWORD='password' splunk/splunk:latest
- Package and Deploy to splunk:
./package.sh
./deploy.sh
- Access logs:
docker exec -u splunk -it splunk bash
tail -f /opt/splunk/var/log/splunk/bitwarden_event_logs_beta.log
- Access Splunk url in the browser: http://localhost:8001
- Enter credentials, login:
admin
, password:password
- Click on the Apps -> Bitwarden Event Logs
- Complete the Setup
- Enter credentials, login:
Modify the version in the pyproject.toml
Remove the _beta
suffix from:
app_name
variable in utils.pyapp_name
variable in setup_page.jsapp_name
variable in setup_page.jsinfo/id/name
variable in app.manifest- from first line
[script://
in inputs.conf id.name
andpackage.id
in app.conf