Skip to content

Commit a9a6d65

Browse files
mzieniukbwmzieniukbw
authored
Event Type and Device Name updates (#42)
* Event Type and Device Name updates
1 parent 3373a99 commit a9a6d65

File tree

5 files changed

+127
-23
lines changed

5 files changed

+127
-23
lines changed

globalConfig.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,7 @@
2323
"meta": {
2424
"name": "bitwarden_event_logs_beta",
2525
"restRoot": "bitwarden_event_logs",
26-
"version": "1.2.1",
26+
"version": "1.2.2",
2727
"displayName": "Bitwarden Event Logs (beta)",
2828
"schemaVersion": "0.0.3",
2929
"_uccVersion": "5.41.0"

package.sh

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,9 @@
33
VERSION=$(poetry version | awk -F ' ' '{print $2}')
44
APP_NAME="bitwarden_event_logs_beta"
55

6+
mkdir -p package/bin
7+
mkdir -p package/lib
8+
69
# Clean
710
rm -rf output/
811
rm -rf package/bin/*

package/default/props.conf

Lines changed: 102 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,107 @@ TRUNCATE = 5000
55
KV_MODE = json
66
FIELDALIAS-alias_1 = ipAddress AS src
77
FIELDALIAS-alias_2 = date AS timestamp
8-
EVAL-typeName = coalesce(case(type==1000,"User_LoggedIn", type==1001,"User_ChangedPassword", type==1002,"User_Updated2fa", type==1003,"User_Disabled2fa", type==1004,"User_Recovered2fa", type==1005,"User_FailedLogIn", type==1006,"User_FailedLogIn2fa", type==1007,"User_ClientExportedVault", type==1008,"User_UpdatedTempPassword", type==1009,"User_MigratedKeyToKeyConnector", type==1100,"Cipher_Created", type==1101,"Cipher_Updated", type==1102,"Cipher_Deleted", type==1103,"Cipher_AttachmentCreated", type==1104,"Cipher_AttachmentDeleted", type==1105,"Cipher_Shared", type==1106,"Cipher_UpdatedCollections", type==1107,"Cipher_ClientViewed", type==1108,"Cipher_ClientToggledPasswordVisible", type==1109,"Cipher_ClientToggledHiddenFieldVisible", type==1110,"Cipher_ClientToggledCardCodeVisible", type==1111,"Cipher_ClientCopiedPassword", type==1112,"Cipher_ClientCopiedHiddenField", type==1113,"Cipher_ClientCopiedCardCode", type==1114,"Cipher_ClientAutofilled", type==1115,"Cipher_SoftDeleted", type==1116,"Cipher_Restored", type==1117,"Cipher_ClientToggledCardNumberVisible", type==1300,"Collection_Created", type==1301,"Collection_Updated", type==1302,"Collection_Deleted", type==1400,"Group_Created", type==1401,"Group_Updated", type==1402,"Group_Deleted", type==1500,"OrganizationUser_Invited", type==1501,"OrganizationUser_Confirmed", type==1502,"OrganizationUser_Updated", type==1503,"OrganizationUser_Removed", type==1504,"OrganizationUser_UpdatedGroups", type==1505,"OrganizationUser_UnlinkedSso", type==1506,"OrganizationUser_ResetPassword_Enroll", type==1507,"OrganizationUser_ResetPassword_Withdraw", type==1508,"OrganizationUser_AdminResetPassword", type==1509,"OrganizationUser_ResetSsoLink", type==1510,"OrganizationUser_FirstSsoLogin", type==1511,"OrganizationUser_Revoked", type==1512,"OrganizationUser_Restored", type==1600,"Organization_Updated", type==1601,"Organization_PurgedVault", type==1602,"Organization_ClientExportedVault", type==1603,"Organization_VaultAccessed", type==1604,"Organization_EnabledSso", type==1605,"Organization_DisabledSso", type==1606,"Organization_EnabledKeyConnector", type==1607,"Organization_DisabledKeyConnector", type==1608,"Organization_SponsorshipsSynced", type==1700,"Policy_Updated", type==1800,"ProviderUser_Invited", type==1801,"ProviderUser_Confirmed", type==1802,"ProviderUser_Updated", type==1803,"ProviderUser_Removed", type==1900,"ProviderOrganization_Created", type==1901,"ProviderOrganization_Added", type==1902,"ProviderOrganization_Removed", type==1903,"ProviderOrganization_VaultAccessed"), type)
9-
EVAL-deviceName = coalesce(case(device==0,"Android", device==1,"iOS", device==2,"Chrome Extension", device==3,"Firefox Extension", device==4,"Opera Extension", device==5,"Edge Extension", device==6,"Windows Desktop", device==7,"macOS Desktop", device==8,"Linux Desktop", device==9,"Chrome Browser", device==10,"Firefox Browser", device==11,"Opera Browser", device==12,"Edge Browser", device==13,"IEBrowser", device==14,"Unknown Browser", device==15,"Android Amazon", device==16,"UWP", device==17,"Safari Browser", device==18,"Vivaldi Browser", device==19,"Vivaldi Extension", device==20,"Safari Extension"), device)
8+
EVAL-typeName = coalesce(case(type==1000,"User_LoggedIn",\
9+
type==1001,"User_ChangedPassword",\
10+
type==1002,"User_Updated2fa",\
11+
type==1003,"User_Disabled2fa",\
12+
type==1004,"User_Recovered2fa",\
13+
type==1005,"User_FailedLogIn",\
14+
type==1006,"User_FailedLogIn2fa",\
15+
type==1007,"User_ClientExportedVault",\
16+
type==1008,"User_UpdatedTempPassword",\
17+
type==1009,"User_MigratedKeyToKeyConnector",\
18+
type==1010,"User_RequestedDeviceApproval",\
19+
type==1100,"Cipher_Created",\
20+
type==1101,"Cipher_Updated",\
21+
type==1102,"Cipher_Deleted",\
22+
type==1103,"Cipher_AttachmentCreated",\
23+
type==1104,"Cipher_AttachmentDeleted",\
24+
type==1105,"Cipher_Shared",\
25+
type==1106,"Cipher_UpdatedCollections",\
26+
type==1107,"Cipher_ClientViewed",\
27+
type==1108,"Cipher_ClientToggledPasswordVisible",\
28+
type==1109,"Cipher_ClientToggledHiddenFieldVisible",\
29+
type==1110,"Cipher_ClientToggledCardCodeVisible",\
30+
type==1111,"Cipher_ClientCopiedPassword",\
31+
type==1112,"Cipher_ClientCopiedHiddenField",\
32+
type==1113,"Cipher_ClientCopiedCardCode",\
33+
type==1114,"Cipher_ClientAutofilled",\
34+
type==1115,"Cipher_SoftDeleted",\
35+
type==1116,"Cipher_Restored",\
36+
type==1117,"Cipher_ClientToggledCardNumberVisible",\
37+
type==1300,"Collection_Created",\
38+
type==1301,"Collection_Updated",\
39+
type==1302,"Collection_Deleted",\
40+
type==1400,"Group_Created",\
41+
type==1401,"Group_Updated",\
42+
type==1402,"Group_Deleted",\
43+
type==1500,"OrganizationUser_Invited",\
44+
type==1501,"OrganizationUser_Confirmed",\
45+
type==1502,"OrganizationUser_Updated",\
46+
type==1503,"OrganizationUser_Removed",\
47+
type==1504,"OrganizationUser_UpdatedGroups",\
48+
type==1505,"OrganizationUser_UnlinkedSso",\
49+
type==1506,"OrganizationUser_ResetPassword_Enroll",\
50+
type==1507,"OrganizationUser_ResetPassword_Withdraw",\
51+
type==1508,"OrganizationUser_AdminResetPassword",\
52+
type==1509,"OrganizationUser_ResetSsoLink",\
53+
type==1510,"OrganizationUser_FirstSsoLogin",\
54+
type==1511,"OrganizationUser_Revoked",\
55+
type==1512,"OrganizationUser_Restored",\
56+
type==1513,"OrganizationUser_ApprovedAuthRequest",\
57+
type==1514,"OrganizationUser_RejectedAuthRequest",\
58+
type==1600,"Organization_Updated",\
59+
type==1601,"Organization_PurgedVault",\
60+
type==1602,"Organization_ClientExportedVault",\
61+
type==1603,"Organization_VaultAccessed",\
62+
type==1604,"Organization_EnabledSso",\
63+
type==1605,"Organization_DisabledSso",\
64+
type==1606,"Organization_EnabledKeyConnector",\
65+
type==1607,"Organization_DisabledKeyConnector",\
66+
type==1608,"Organization_SponsorshipsSynced",\
67+
type==1609,"Organization_CollectionManagement_Updated",\
68+
type==1700,"Policy_Updated",\
69+
type==1800,"ProviderUser_Invited",\
70+
type==1801,"ProviderUser_Confirmed",\
71+
type==1802,"ProviderUser_Updated",\
72+
type==1803,"ProviderUser_Removed",\
73+
type==1900,"ProviderOrganization_Created",\
74+
type==1901,"ProviderOrganization_Added",\
75+
type==1902,"ProviderOrganization_Removed",\
76+
type==1903,"ProviderOrganization_VaultAccessed",\
77+
type==2000,"OrganizationDomain_Added",\
78+
type==2001,"OrganizationDomain_Removed",\
79+
type==2002,"OrganizationDomain_Verified",\
80+
type==2003,"OrganizationDomain_NotVerified",\
81+
type==2100,"Secret_Retrieved"\
82+
), type)
83+
EVAL-deviceName = coalesce(case(device==0,"Android",\
84+
device==1,"iOS",\
85+
device==2,"Chrome Extension",\
86+
device==3,"Firefox Extension",\
87+
device==4,"Opera Extension",\
88+
device==5,"Edge Extension",\
89+
device==6,"Windows Desktop",\
90+
device==7,"macOS Desktop",\
91+
device==8,"Linux Desktop",\
92+
device==9,"Chrome Browser",\
93+
device==10,"Firefox Browser",\
94+
device==11,"Opera Browser",\
95+
device==12,"Edge Browser",\
96+
device==13,"IEBrowser",\
97+
device==14,"Unknown Browser",\
98+
device==15,"Android Amazon",\
99+
device==16,"UWP",\
100+
device==17,"Safari Browser",\
101+
device==18,"Vivaldi Browser",\
102+
device==19,"Vivaldi Extension",\
103+
device==20,"Safari Extension",\
104+
device==21,"SDK",\
105+
device==22,"Server",\
106+
device==23,"Windows CLI",\
107+
device==24,"MacOs CLI",\
108+
device==25,"Linux CLI"\
109+
), device)
10110
TIME_PREFIX = "date":"
11111
TIME_FORMAT = %Y-%m-%dT%H:%M:%S.%6N%Z

poetry.lock

Lines changed: 20 additions & 19 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

pyproject.toml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
[tool.poetry]
22
name = "bitwarden_event_logs"
3-
version = "1.2.1"
3+
version = "1.2.2"
44
description = "A Splunk app for reporting Bitwarden event logs."
55
authors = [
66
"Bitwarden <[email protected]>"

0 commit comments

Comments
 (0)