You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
139 lines
5.8 KiB
139 lines
5.8 KiB
[bitwarden:events]
|
|
LINE_BREAKER = ([\r\n])
|
|
SHOULD_LINEMERGE = false
|
|
TRUNCATE = 5000
|
|
KV_MODE = json
|
|
FIELDALIAS-alias_1 = ipAddress AS src
|
|
FIELDALIAS-alias_2 = date AS timestamp
|
|
EVAL-typeName = coalesce(case(\
|
|
type==1000,"User_LoggedIn",\
|
|
type==1001,"User_ChangedPassword",\
|
|
type==1002,"User_Updated2fa",\
|
|
type==1003,"User_Disabled2fa",\
|
|
type==1004,"User_Recovered2fa",\
|
|
type==1005,"User_FailedLogIn",\
|
|
type==1006,"User_FailedLogIn2fa",\
|
|
type==1007,"User_ClientExportedVault",\
|
|
type==1008,"User_UpdatedTempPassword",\
|
|
type==1009,"User_MigratedKeyToKeyConnector",\
|
|
type==1010,"User_RequestedDeviceApproval",\
|
|
type==1011,"User_TdeOffboardingPasswordSet",\
|
|
type==1100,"Cipher_Created",\
|
|
type==1101,"Cipher_Updated",\
|
|
type==1102,"Cipher_Deleted",\
|
|
type==1103,"Cipher_AttachmentCreated",\
|
|
type==1104,"Cipher_AttachmentDeleted",\
|
|
type==1105,"Cipher_Shared",\
|
|
type==1106,"Cipher_UpdatedCollections",\
|
|
type==1107,"Cipher_ClientViewed",\
|
|
type==1108,"Cipher_ClientToggledPasswordVisible",\
|
|
type==1109,"Cipher_ClientToggledHiddenFieldVisible",\
|
|
type==1110,"Cipher_ClientToggledCardCodeVisible",\
|
|
type==1111,"Cipher_ClientCopiedPassword",\
|
|
type==1112,"Cipher_ClientCopiedHiddenField",\
|
|
type==1113,"Cipher_ClientCopiedCardCode",\
|
|
type==1114,"Cipher_ClientAutofilled",\
|
|
type==1115,"Cipher_SoftDeleted",\
|
|
type==1116,"Cipher_Restored",\
|
|
type==1117,"Cipher_ClientToggledCardNumberVisible",\
|
|
type==1300,"Collection_Created",\
|
|
type==1301,"Collection_Updated",\
|
|
type==1302,"Collection_Deleted",\
|
|
type==1400,"Group_Created",\
|
|
type==1401,"Group_Updated",\
|
|
type==1402,"Group_Deleted",\
|
|
type==1500,"OrganizationUser_Invited",\
|
|
type==1501,"OrganizationUser_Confirmed",\
|
|
type==1502,"OrganizationUser_Updated",\
|
|
type==1503,"OrganizationUser_Removed",\
|
|
type==1504,"OrganizationUser_UpdatedGroups",\
|
|
type==1505,"OrganizationUser_UnlinkedSso",\
|
|
type==1506,"OrganizationUser_ResetPassword_Enroll",\
|
|
type==1507,"OrganizationUser_ResetPassword_Withdraw",\
|
|
type==1508,"OrganizationUser_AdminResetPassword",\
|
|
type==1509,"OrganizationUser_ResetSsoLink",\
|
|
type==1510,"OrganizationUser_FirstSsoLogin",\
|
|
type==1511,"OrganizationUser_Revoked",\
|
|
type==1512,"OrganizationUser_Restored",\
|
|
type==1513,"OrganizationUser_ApprovedAuthRequest",\
|
|
type==1514,"OrganizationUser_RejectedAuthRequest",\
|
|
type==1515,"OrganizationUser_Deleted",\
|
|
type==1516,"OrganizationUser_Left",\
|
|
type==1517,"OrganizationUser_AutomaticallyConfirmed",\
|
|
type==1600,"Organization_Updated",\
|
|
type==1601,"Organization_PurgedVault",\
|
|
type==1602,"Organization_ClientExportedVault",\
|
|
type==1603,"Organization_VaultAccessed",\
|
|
type==1604,"Organization_EnabledSso",\
|
|
type==1605,"Organization_DisabledSso",\
|
|
type==1606,"Organization_EnabledKeyConnector",\
|
|
type==1607,"Organization_DisabledKeyConnector",\
|
|
type==1608,"Organization_SponsorshipsSynced",\
|
|
type==1609,"Organization_CollectionManagement_Updated",\
|
|
type==1610,"Organization_CollectionManagement_LimitCollectionCreationEnabled",\
|
|
type==1611,"Organization_CollectionManagement_LimitCollectionCreationDisabled",\
|
|
type==1612,"Organization_CollectionManagement_LimitCollectionDeletionEnabled",\
|
|
type==1613,"Organization_CollectionManagement_LimitCollectionDeletionDisabled",\
|
|
type==1614,"Organization_CollectionManagement_LimitItemDeletionEnabled",\
|
|
type==1615,"Organization_CollectionManagement_LimitItemDeletionDisabled",\
|
|
type==1616,"Organization_CollectionManagement_AllowAdminAccessToAllCollectionItemsEnabled",\
|
|
type==1617,"Organization_CollectionManagement_AllowAdminAccessToAllCollectionItemsDisabled",\
|
|
type==1620,"Organization_AutoConfirmEnabled_Admin",\
|
|
type==1621,"Organization_AutoConfirmDisabled_Admin",\
|
|
type==1622,"Organization_AutoConfirmEnabled_Portal",\
|
|
type==1623,"Organization_AutoConfirmDisabled_Portal",\
|
|
type==1700,"Policy_Updated",\
|
|
type==1800,"ProviderUser_Invited",\
|
|
type==1801,"ProviderUser_Confirmed",\
|
|
type==1802,"ProviderUser_Updated",\
|
|
type==1803,"ProviderUser_Removed",\
|
|
type==1900,"ProviderOrganization_Created",\
|
|
type==1901,"ProviderOrganization_Added",\
|
|
type==1902,"ProviderOrganization_Removed",\
|
|
type==1903,"ProviderOrganization_VaultAccessed",\
|
|
type==2000,"OrganizationDomain_Added",\
|
|
type==2001,"OrganizationDomain_Removed",\
|
|
type==2002,"OrganizationDomain_Verified",\
|
|
type==2003,"OrganizationDomain_NotVerified",\
|
|
type==2100,"Secret_Retrieved",\
|
|
type==2101,"Secret_Created",\
|
|
type==2102,"Secret_Edited",\
|
|
type==2103,"Secret_Deleted",\
|
|
type==2104,"Secret_Permanently_Deleted",\
|
|
type==2105,"Secret_Restored",\
|
|
type==2200,"Project_Retrieved",\
|
|
type==2201,"Project_Created",\
|
|
type==2202,"Project_Edited",\
|
|
type==2203,"Project_Deleted"\
|
|
), type)
|
|
EVAL-deviceName = coalesce(case(device==0,"Android",\
|
|
device==1,"iOS",\
|
|
device==2,"Chrome Extension",\
|
|
device==3,"Firefox Extension",\
|
|
device==4,"Opera Extension",\
|
|
device==5,"Edge Extension",\
|
|
device==6,"Windows Desktop",\
|
|
device==7,"macOS Desktop",\
|
|
device==8,"Linux Desktop",\
|
|
device==9,"Chrome Browser",\
|
|
device==10,"Firefox Browser",\
|
|
device==11,"Opera Browser",\
|
|
device==12,"Edge Browser",\
|
|
device==13,"IEBrowser",\
|
|
device==14,"Unknown Browser",\
|
|
device==15,"Android Amazon",\
|
|
device==16,"UWP",\
|
|
device==17,"Safari Browser",\
|
|
device==18,"Vivaldi Browser",\
|
|
device==19,"Vivaldi Extension",\
|
|
device==20,"Safari Extension",\
|
|
device==21,"SDK",\
|
|
device==22,"Server",\
|
|
device==23,"Windows CLI",\
|
|
device==24,"MacOs CLI",\
|
|
device==25,"Linux CLI",\
|
|
device==26,"DuckDuckGo"\
|
|
), device)
|
|
TIME_PREFIX = "date":"
|
|
TIME_FORMAT = %Y-%m-%dT%H:%M:%S.%6N%Z
|