Event Type and Device Name updates (#42)

* Event Type and Device Name updates
bitwarden · May 8, 2024 · a9a6d65 · a9a6d65
1 parent 3373a99
commit a9a6d65
Show file tree

Hide file tree

Showing 5 changed files with 127 additions and 23 deletions.
diff --git a/globalConfig.json b/globalConfig.json
@@ -23,7 +23,7 @@
     "meta": {
         "name": "bitwarden_event_logs_beta",
         "restRoot": "bitwarden_event_logs",
-        "version": "1.2.1",
+        "version": "1.2.2",
         "displayName": "Bitwarden Event Logs (beta)",
         "schemaVersion": "0.0.3",
         "_uccVersion": "5.41.0"

diff --git a/package.sh b/package.sh
@@ -3,6 +3,9 @@
 VERSION=$(poetry version | awk -F ' ' '{print $2}')
 APP_NAME="bitwarden_event_logs_beta"
 
+mkdir -p package/bin
+mkdir -p package/lib
+
 # Clean
 rm -rf output/
 rm -rf package/bin/*

diff --git a/package/default/props.conf b/package/default/props.conf
@@ -5,7 +5,107 @@ TRUNCATE = 5000
 KV_MODE = json
 FIELDALIAS-alias_1 = ipAddress AS src
 FIELDALIAS-alias_2 = date AS timestamp
-EVAL-typeName = coalesce(case(type==1000,"User_LoggedIn", type==1001,"User_ChangedPassword", type==1002,"User_Updated2fa", type==1003,"User_Disabled2fa", type==1004,"User_Recovered2fa", type==1005,"User_FailedLogIn", type==1006,"User_FailedLogIn2fa", type==1007,"User_ClientExportedVault", type==1008,"User_UpdatedTempPassword", type==1009,"User_MigratedKeyToKeyConnector", type==1100,"Cipher_Created", type==1101,"Cipher_Updated", type==1102,"Cipher_Deleted", type==1103,"Cipher_AttachmentCreated", type==1104,"Cipher_AttachmentDeleted", type==1105,"Cipher_Shared", type==1106,"Cipher_UpdatedCollections", type==1107,"Cipher_ClientViewed", type==1108,"Cipher_ClientToggledPasswordVisible", type==1109,"Cipher_ClientToggledHiddenFieldVisible", type==1110,"Cipher_ClientToggledCardCodeVisible", type==1111,"Cipher_ClientCopiedPassword", type==1112,"Cipher_ClientCopiedHiddenField", type==1113,"Cipher_ClientCopiedCardCode", type==1114,"Cipher_ClientAutofilled", type==1115,"Cipher_SoftDeleted", type==1116,"Cipher_Restored", type==1117,"Cipher_ClientToggledCardNumberVisible", type==1300,"Collection_Created", type==1301,"Collection_Updated", type==1302,"Collection_Deleted", type==1400,"Group_Created", type==1401,"Group_Updated", type==1402,"Group_Deleted", type==1500,"OrganizationUser_Invited", type==1501,"OrganizationUser_Confirmed", type==1502,"OrganizationUser_Updated", type==1503,"OrganizationUser_Removed", type==1504,"OrganizationUser_UpdatedGroups", type==1505,"OrganizationUser_UnlinkedSso", type==1506,"OrganizationUser_ResetPassword_Enroll", type==1507,"OrganizationUser_ResetPassword_Withdraw", type==1508,"OrganizationUser_AdminResetPassword", type==1509,"OrganizationUser_ResetSsoLink", type==1510,"OrganizationUser_FirstSsoLogin", type==1511,"OrganizationUser_Revoked", type==1512,"OrganizationUser_Restored", type==1600,"Organization_Updated", type==1601,"Organization_PurgedVault", type==1602,"Organization_ClientExportedVault", type==1603,"Organization_VaultAccessed", type==1604,"Organization_EnabledSso", type==1605,"Organization_DisabledSso", type==1606,"Organization_EnabledKeyConnector", type==1607,"Organization_DisabledKeyConnector", type==1608,"Organization_SponsorshipsSynced", type==1700,"Policy_Updated", type==1800,"ProviderUser_Invited", type==1801,"ProviderUser_Confirmed", type==1802,"ProviderUser_Updated", type==1803,"ProviderUser_Removed", type==1900,"ProviderOrganization_Created", type==1901,"ProviderOrganization_Added", type==1902,"ProviderOrganization_Removed", type==1903,"ProviderOrganization_VaultAccessed"), type)
-EVAL-deviceName = coalesce(case(device==0,"Android", device==1,"iOS", device==2,"Chrome Extension", device==3,"Firefox Extension", device==4,"Opera Extension", device==5,"Edge Extension", device==6,"Windows Desktop", device==7,"macOS Desktop", device==8,"Linux Desktop", device==9,"Chrome Browser", device==10,"Firefox Browser", device==11,"Opera Browser", device==12,"Edge Browser", device==13,"IEBrowser", device==14,"Unknown Browser", device==15,"Android Amazon", device==16,"UWP", device==17,"Safari Browser", device==18,"Vivaldi Browser", device==19,"Vivaldi Extension", device==20,"Safari Extension"), device)
+EVAL-typeName = coalesce(case(type==1000,"User_LoggedIn",\
+    type==1001,"User_ChangedPassword",\
+    type==1002,"User_Updated2fa",\
+    type==1003,"User_Disabled2fa",\
+    type==1004,"User_Recovered2fa",\
+    type==1005,"User_FailedLogIn",\
+    type==1006,"User_FailedLogIn2fa",\
+    type==1007,"User_ClientExportedVault",\
+    type==1008,"User_UpdatedTempPassword",\
+    type==1009,"User_MigratedKeyToKeyConnector",\
+    type==1010,"User_RequestedDeviceApproval",\
+    type==1100,"Cipher_Created",\
+    type==1101,"Cipher_Updated",\
+    type==1102,"Cipher_Deleted",\
+    type==1103,"Cipher_AttachmentCreated",\
+    type==1104,"Cipher_AttachmentDeleted",\
+    type==1105,"Cipher_Shared",\
+    type==1106,"Cipher_UpdatedCollections",\
+    type==1107,"Cipher_ClientViewed",\
+    type==1108,"Cipher_ClientToggledPasswordVisible",\
+    type==1109,"Cipher_ClientToggledHiddenFieldVisible",\
+    type==1110,"Cipher_ClientToggledCardCodeVisible",\
+    type==1111,"Cipher_ClientCopiedPassword",\
+    type==1112,"Cipher_ClientCopiedHiddenField",\
+    type==1113,"Cipher_ClientCopiedCardCode",\
+    type==1114,"Cipher_ClientAutofilled",\
+    type==1115,"Cipher_SoftDeleted",\
+    type==1116,"Cipher_Restored",\
+    type==1117,"Cipher_ClientToggledCardNumberVisible",\
+    type==1300,"Collection_Created",\
+    type==1301,"Collection_Updated",\
+    type==1302,"Collection_Deleted",\
+    type==1400,"Group_Created",\
+    type==1401,"Group_Updated",\
+    type==1402,"Group_Deleted",\
+    type==1500,"OrganizationUser_Invited",\
+    type==1501,"OrganizationUser_Confirmed",\
+    type==1502,"OrganizationUser_Updated",\
+    type==1503,"OrganizationUser_Removed",\
+    type==1504,"OrganizationUser_UpdatedGroups",\
+    type==1505,"OrganizationUser_UnlinkedSso",\
+    type==1506,"OrganizationUser_ResetPassword_Enroll",\
+    type==1507,"OrganizationUser_ResetPassword_Withdraw",\
+    type==1508,"OrganizationUser_AdminResetPassword",\
+    type==1509,"OrganizationUser_ResetSsoLink",\
+    type==1510,"OrganizationUser_FirstSsoLogin",\
+    type==1511,"OrganizationUser_Revoked",\
+    type==1512,"OrganizationUser_Restored",\
+    type==1513,"OrganizationUser_ApprovedAuthRequest",\
+    type==1514,"OrganizationUser_RejectedAuthRequest",\
+    type==1600,"Organization_Updated",\
+    type==1601,"Organization_PurgedVault",\
+    type==1602,"Organization_ClientExportedVault",\
+    type==1603,"Organization_VaultAccessed",\
+    type==1604,"Organization_EnabledSso",\
+    type==1605,"Organization_DisabledSso",\
+    type==1606,"Organization_EnabledKeyConnector",\
+    type==1607,"Organization_DisabledKeyConnector",\
+    type==1608,"Organization_SponsorshipsSynced",\
+    type==1609,"Organization_CollectionManagement_Updated",\
+    type==1700,"Policy_Updated",\
+    type==1800,"ProviderUser_Invited",\
+    type==1801,"ProviderUser_Confirmed",\
+    type==1802,"ProviderUser_Updated",\
+    type==1803,"ProviderUser_Removed",\
+    type==1900,"ProviderOrganization_Created",\
+    type==1901,"ProviderOrganization_Added",\
+    type==1902,"ProviderOrganization_Removed",\
+    type==1903,"ProviderOrganization_VaultAccessed",\
+    type==2000,"OrganizationDomain_Added",\
+    type==2001,"OrganizationDomain_Removed",\
+    type==2002,"OrganizationDomain_Verified",\
+    type==2003,"OrganizationDomain_NotVerified",\
+    type==2100,"Secret_Retrieved"\
+    ), type)
+EVAL-deviceName = coalesce(case(device==0,"Android",\
+    device==1,"iOS",\
+    device==2,"Chrome Extension",\
+    device==3,"Firefox Extension",\
+    device==4,"Opera Extension",\
+    device==5,"Edge Extension",\
+    device==6,"Windows Desktop",\
+    device==7,"macOS Desktop",\
+    device==8,"Linux Desktop",\
+    device==9,"Chrome Browser",\
+    device==10,"Firefox Browser",\
+    device==11,"Opera Browser",\
+    device==12,"Edge Browser",\
+    device==13,"IEBrowser",\
+    device==14,"Unknown Browser",\
+    device==15,"Android Amazon",\
+    device==16,"UWP",\
+    device==17,"Safari Browser",\
+    device==18,"Vivaldi Browser",\
+    device==19,"Vivaldi Extension",\
+    device==20,"Safari Extension",\
+    device==21,"SDK",\
+    device==22,"Server",\
+    device==23,"Windows CLI",\
+    device==24,"MacOs CLI",\
+    device==25,"Linux CLI"\
+    ), device)
 TIME_PREFIX = "date":"
 TIME_FORMAT = %Y-%m-%dT%H:%M:%S.%6N%Z
diff --git a/poetry.lock b/poetry.lock
diff --git a/pyproject.toml b/pyproject.toml
@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "bitwarden_event_logs"
-version = "1.2.1"
+version = "1.2.2"
 description = "A Splunk app for reporting Bitwarden event logs."
 authors = [
     "Bitwarden <[email protected]>"