![](\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Bitwarden.svg\")
",
- "Description": "The [Bitwarden](https://www.bitwarden.com) Solution for Microsoft Sentinel provides a simple way to ingest Event Logs events from Bitwarden into Microsoft Sentinel.",
+ "Description": "This application provides insight into activity of your Bitwarden organization such as user's activity (logged in, changed password, 2fa, etc.), cipher activity (created, updated, deleted, shared, etc.), collection activity, organization activity, and more.",
"Data Connectors": [
"Data Connectors/BitwardenEventLogs/definitions.json"
],
diff --git a/Solutions/Bitwarden/Package/3.0.0.zip b/Solutions/Bitwarden/Package/3.0.0.zip
index 73185e18926..b607cdfc010 100644
Binary files a/Solutions/Bitwarden/Package/3.0.0.zip and b/Solutions/Bitwarden/Package/3.0.0.zip differ
diff --git a/Solutions/Bitwarden/Package/createUiDefinition.json b/Solutions/Bitwarden/Package/createUiDefinition.json
index 34bf04fb7cb..3c751e27772 100644
--- a/Solutions/Bitwarden/Package/createUiDefinition.json
+++ b/Solutions/Bitwarden/Package/createUiDefinition.json
@@ -6,7 +6,7 @@
"config": {
"isWizard": false,
"basics": {
- "description": "\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Bitwarden/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Bitwarden](https://www.bitwarden.com) Solution for Microsoft Sentinel provides a simple way to ingest Event Logs events from Bitwarden into Microsoft Sentinel.\n\n**Data Connectors:** 1, **Parsers:** 1, **Workbooks:** 3\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+ "description": "\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Bitwarden/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThis application provides insight into activity of your Bitwarden organization such as user's activity (logged in, changed password, 2fa, etc.), cipher activity (created, updated, deleted, shared, etc.), collection activity, organization activity, and more.\n\n**Data Connectors:** 1, **Parsers:** 1, **Workbooks:** 3\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
"subscription": {
"resourceProviders": [
"Microsoft.OperationsManagement/solutions",
diff --git a/Solutions/Bitwarden/Package/mainTemplate.json b/Solutions/Bitwarden/Package/mainTemplate.json
index bf7f893d4d1..e2a9ce37123 100644
--- a/Solutions/Bitwarden/Package/mainTemplate.json
+++ b/Solutions/Bitwarden/Package/mainTemplate.json
@@ -72,7 +72,7 @@
"_email": "[variables('email')]",
"_solutionName": "Bitwarden",
"_solutionVersion": "3.0.0",
- "solutionId": "bitwarden.azure-sentinel-solution-bitwarden-event-logs",
+ "solutionId": "8bit-solutions-llc.bitwarden-sentinel-integration",
"_solutionId": "[variables('solutionId')]",
"workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]",
"dataConnectorCCPVersion": "1.0.0",
@@ -1018,7 +1018,7 @@
},
"properties": {
"displayName": "[parameters('workbook1-name')]",
- "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"6f7b06e9-6ae9-47e4-974b-85b998d96c1d\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Time\",\"type\":4,\"typeSettings\":{\"selectableValues\":[{\"durationMs\":300000},{\"durationMs\":900000},{\"durationMs\":1800000},{\"durationMs\":3600000},{\"durationMs\":14400000},{\"durationMs\":43200000},{\"durationMs\":86400000},{\"durationMs\":172800000},{\"durationMs\":259200000},{\"durationMs\":604800000},{\"durationMs\":1209600000},{\"durationMs\":2419200000},{\"durationMs\":2592000000},{\"durationMs\":5184000000},{\"durationMs\":7776000000}],\"allowCustom\":true},\"timeContext\":{\"durationMs\":86400000},\"value\":{\"durationMs\":86400000}}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 3\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"BitwardenEventLogs | where eventType >= 1300 and eventType < 1800 | extend country = geo_info_from_ip_address(ipAddress).country | where country != \\\"\\\"\",\"size\":3,\"title\":\"Organization Item Events by Country\",\"timeContextFromParameter\":\"Time\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"map\",\"mapSettings\":{\"locInfo\":\"CountryRegion\",\"locInfoColumn\":\"country\",\"sizeSettings\":\"country\",\"sizeAggregation\":\"Count\",\"legendMetric\":\"country\",\"legendAggregation\":\"Count\",\"itemColorSettings\":{\"nodeColorField\":\"eventType\",\"colorAggregation\":\"Sum\",\"type\":\"heatmap\",\"heatmapPalette\":\"greenRed\"}}},\"name\":\"query - 4\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"BitwardenEventLogs | where eventType >= 1300 and eventType < 1800 | summarize deviceCount = count() by deviceName, bin(TimeGenerated, 1h) | sort by TimeGenerated desc\",\"size\":1,\"showAnalytics\":true,\"title\":\"Organization Events by Device\",\"timeContextFromParameter\":\"Time\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"linechart\"},\"customWidth\":\"50\",\"showPin\":true,\"name\":\"query - 1\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"BitwardenEventLogs | where eventType >= 1300 and eventType < 1800 | summarize eventTypeCount = count() by eventTypeName, bin(TimeGenerated, 1h) | sort by TimeGenerated desc\",\"size\":1,\"showAnalytics\":true,\"title\":\"Organization Events by Type\",\"timeContextFromParameter\":\"Time\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"linechart\"},\"customWidth\":\"50\",\"showPin\":true,\"name\":\"query - 1 - Copy\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"3dffc9fc-e511-4ce5-9526-8f18c19df622\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"TopUsersBy\",\"label\":\"Top Users By\",\"type\":2,\"typeSettings\":{\"showDefault\":false},\"jsonData\":\"[{\\\"value\\\": \\\"actingUserId\\\",\\\"label\\\": \\\"User ID\\\",\\\"selected\\\": false},{\\\"value\\\": \\\"actingUserEmail\\\",\\\"label\\\": \\\"User Email\\\",\\\"selected\\\": true},{\\\"value\\\": \\\"actingUserName\\\", \\\"label\\\": \\\"User Name\\\",\\\"selected\\\": false}]\",\"timeContext\":{\"durationMs\":86400000}}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 5\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"BitwardenEventLogs | where eventType >= 1300 and eventType < 1800 | where actingUserId != \\\"\\\" and {TopUsersBy} != \\\"\\\" | summarize userCount = count() by {TopUsersBy}\",\"size\":1,\"showAnalytics\":true,\"title\":\"Top Organization Event Users\",\"timeContextFromParameter\":\"Time\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\",\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"eventTypeName\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"eventType\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}},\"graphSettings\":{\"type\":0,\"topContent\":{\"columnMatch\":\"eventTypeName\",\"formatter\":1},\"centerContent\":{\"columnMatch\":\"eventType\",\"formatter\":1,\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}}},\"customWidth\":\"50\",\"showPin\":true,\"name\":\"query - 1 - Copy - Copy\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"BitwardenEventLogs | where eventType >= 1300 and eventType < 1800\",\"size\":3,\"title\":\"Latest Organization Events\",\"timeContextFromParameter\":\"Time\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"TimeGenerated\",\"formatter\":6},{\"columnMatch\":\"ipAddress\",\"formatter\":17}]}},\"name\":\"query - 6\"}],\"styleSettings\":{\"spacingStyle\":\"none\"},\"fromTemplateId\":\"sentinel-BitwardenEventLogsOrganization\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\r\n",
+ "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"6f7b06e9-6ae9-47e4-974b-85b998d96c1d\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Time\",\"type\":4,\"typeSettings\":{\"selectableValues\":[{\"durationMs\":300000},{\"durationMs\":900000},{\"durationMs\":1800000},{\"durationMs\":3600000},{\"durationMs\":14400000},{\"durationMs\":43200000},{\"durationMs\":86400000},{\"durationMs\":172800000},{\"durationMs\":259200000},{\"durationMs\":604800000},{\"durationMs\":1209600000},{\"durationMs\":2419200000},{\"durationMs\":2592000000},{\"durationMs\":5184000000},{\"durationMs\":7776000000}],\"allowCustom\":true},\"timeContext\":{\"durationMs\":86400000},\"value\":{\"durationMs\":86400000}}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 3\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"BitwardenEventLogs | where eventType >= 1300 and eventType < 1800 | extend country = geo_info_from_ip_address(ipAddress).country | where country != \\\"\\\"\",\"size\":3,\"title\":\"Organization Item Events by Country\",\"timeContextFromParameter\":\"Time\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"map\",\"mapSettings\":{\"locInfo\":\"CountryRegion\",\"locInfoColumn\":\"country\",\"sizeSettings\":\"country\",\"sizeAggregation\":\"Count\",\"legendMetric\":\"country\",\"legendAggregation\":\"Count\",\"itemColorSettings\":{\"nodeColorField\":\"eventType\",\"colorAggregation\":\"Sum\",\"type\":\"heatmap\",\"heatmapPalette\":\"greenRed\"}}},\"name\":\"query - 4\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"BitwardenEventLogs | where eventType >= 1300 and eventType < 1800 | summarize deviceCount = count() by deviceName, bin(TimeGenerated, 1h) | sort by TimeGenerated desc\",\"size\":1,\"showAnalytics\":true,\"title\":\"Organization Events by Device\",\"timeContextFromParameter\":\"Time\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"linechart\"},\"customWidth\":\"50\",\"showPin\":true,\"name\":\"query - 1\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"BitwardenEventLogs | where eventType >= 1300 and eventType < 1800 | summarize eventTypeCount = count() by eventTypeName, bin(TimeGenerated, 1h) | sort by TimeGenerated desc\",\"size\":1,\"showAnalytics\":true,\"title\":\"Organization Events by Type\",\"timeContextFromParameter\":\"Time\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"linechart\"},\"customWidth\":\"50\",\"showPin\":true,\"name\":\"query - 1 - Copy\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"3dffc9fc-e511-4ce5-9526-8f18c19df622\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"TopUsersBy\",\"label\":\"Top Users By\",\"type\":2,\"typeSettings\":{\"showDefault\":false},\"jsonData\":\"[{\\\"value\\\": \\\"actingUserId\\\",\\\"label\\\": \\\"User ID\\\",\\\"selected\\\": false},{\\\"value\\\": \\\"actingUserEmail\\\",\\\"label\\\": \\\"User Email\\\",\\\"selected\\\": true},{\\\"value\\\": \\\"actingUserName\\\", \\\"label\\\": \\\"User Name\\\",\\\"selected\\\": false}]\",\"timeContext\":{\"durationMs\":86400000}}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 5\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"BitwardenEventLogs | where eventType >= 1300 and eventType < 1800 | where actingUserId != \\\"\\\" and {TopUsersBy} != \\\"\\\" | summarize userCount = count() by {TopUsersBy}\",\"size\":1,\"showAnalytics\":true,\"title\":\"Top Organization Event Users\",\"timeContextFromParameter\":\"Time\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\",\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"eventTypeName\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"eventType\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}},\"graphSettings\":{\"type\":0,\"topContent\":{\"columnMatch\":\"eventTypeName\",\"formatter\":1},\"centerContent\":{\"columnMatch\":\"eventType\",\"formatter\":1,\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}}},\"customWidth\":\"50\",\"showPin\":true,\"name\":\"query - 1 - Copy - Copy\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"BitwardenEventLogs | where eventType >= 1300 and eventType < 1800\",\"size\":3,\"title\":\"Latest Organization Events\",\"timeContextFromParameter\":\"Time\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"TimeGenerated\",\"formatter\":6},{\"columnMatch\":\"ipAddress\",\"formatter\":17}]}},\"name\":\"query - 6\"}],\"styleSettings\":{\"spacingStyle\":\"none\"},\"fromTemplateId\":\"sentinel-BitwardenEventLogsOrganization\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\n",
"version": "1.0",
"sourceId": "[variables('workspaceResourceId')]",
"category": "sentinel"
@@ -1114,7 +1114,7 @@
},
"properties": {
"displayName": "[parameters('workbook2-name')]",
- "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"6f7b06e9-6ae9-47e4-974b-85b998d96c1d\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Time\",\"type\":4,\"typeSettings\":{\"selectableValues\":[{\"durationMs\":300000},{\"durationMs\":900000},{\"durationMs\":1800000},{\"durationMs\":3600000},{\"durationMs\":14400000},{\"durationMs\":43200000},{\"durationMs\":86400000},{\"durationMs\":172800000},{\"durationMs\":259200000},{\"durationMs\":604800000},{\"durationMs\":1209600000},{\"durationMs\":2419200000},{\"durationMs\":2592000000},{\"durationMs\":5184000000},{\"durationMs\":7776000000}],\"allowCustom\":true},\"timeContext\":{\"durationMs\":86400000},\"value\":{\"durationMs\":86400000}}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 3\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"BitwardenEventLogs | where eventType == 1000 | extend country = geo_info_from_ip_address(ipAddress).country | where country != \\\"\\\"\",\"size\":3,\"title\":\"Successful Log In Attempts by Country\",\"timeContextFromParameter\":\"Time\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"map\",\"mapSettings\":{\"locInfo\":\"CountryRegion\",\"locInfoColumn\":\"country\",\"sizeSettings\":\"country\",\"sizeAggregation\":\"Count\",\"legendMetric\":\"country\",\"legendAggregation\":\"Count\",\"itemColorSettings\":{\"nodeColorField\":\"eventType\",\"colorAggregation\":\"Sum\",\"type\":\"heatmap\",\"heatmapPalette\":\"greenRed\"}}},\"name\":\"query - 4\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"BitwardenEventLogs | where (eventType >= 1000 and eventType < 1007) or (eventType >= 1008 and eventType < 1010) | summarize deviceCount = count() by deviceName, bin(TimeGenerated, 1h) | sort by TimeGenerated desc\",\"size\":1,\"showAnalytics\":true,\"title\":\"Authentication Events by Device\",\"timeContextFromParameter\":\"Time\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"linechart\"},\"customWidth\":\"50\",\"showPin\":true,\"name\":\"query - 1\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"BitwardenEventLogs | where (eventType >= 1000 and eventType < 1007) or (eventType >= 1008 and eventType < 1010) | summarize eventTypeCount = count() by eventTypeName, bin(TimeGenerated, 1h) | sort by TimeGenerated desc\",\"size\":1,\"showAnalytics\":true,\"title\":\"Authentication Events by Type\",\"timeContextFromParameter\":\"Time\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"linechart\"},\"customWidth\":\"50\",\"showPin\":true,\"name\":\"query - 1 - Copy\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"3dffc9fc-e511-4ce5-9526-8f18c19df622\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"TopUsersBy\",\"label\":\"Top Users By\",\"type\":2,\"typeSettings\":{\"showDefault\":false},\"jsonData\":\"[ { \\\"value\\\": \\\"actingUserId\\\", \\\"label\\\": \\\"User ID\\\", \\\"selected\\\": false }, { \\\"value\\\": \\\"actingUserEmail\\\", \\\"label\\\": \\\"User Email\\\", \\\"selected\\\": true }, { \\\"value\\\": \\\"actingUserName\\\", \\\"label\\\": \\\"User Name\\\", \\\"selected\\\": false } ]\",\"timeContext\":{\"durationMs\":86400000}}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 5\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"BitwardenEventLogs | where eventType >= 1005 and eventType < 1007 | where actingUserId != \\\"\\\" and {TopUsersBy} != \\\"\\\" | summarize userCount = count() by {TopUsersBy}\",\"size\":1,\"showAnalytics\":true,\"title\":\"Top Failed Log Event Users\",\"timeContextFromParameter\":\"Time\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\",\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"eventTypeName\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"eventType\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}},\"graphSettings\":{\"type\":0,\"topContent\":{\"columnMatch\":\"eventTypeName\",\"formatter\":1},\"centerContent\":{\"columnMatch\":\"eventType\",\"formatter\":1,\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}}},\"customWidth\":\"50\",\"showPin\":true,\"name\":\"query - 1 - Copy - Copy\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"BitwardenEventLogs | where eventType == 1000 | where actingUserId != \\\"\\\" and {TopUsersBy} != \\\"\\\" | summarize userCount = count() by {TopUsersBy}\",\"size\":1,\"showAnalytics\":true,\"title\":\"Top Successful Log Event Users\",\"timeContextFromParameter\":\"Time\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\",\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"eventTypeName\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"eventType\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}},\"graphSettings\":{\"type\":0,\"topContent\":{\"columnMatch\":\"eventTypeName\",\"formatter\":1},\"centerContent\":{\"columnMatch\":\"eventType\",\"formatter\":1,\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}}},\"customWidth\":\"50\",\"showPin\":true,\"name\":\"query - 1 - Copy 2\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"BitwardenEventLogs | where (eventType >= 1000 and eventType < 1007) or (eventType >= 1008 and eventType < 1010)\",\"size\":3,\"title\":\"Latest Authentication Events\",\"timeContextFromParameter\":\"Time\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"TimeGenerated\",\"formatter\":6},{\"columnMatch\":\"ipAddress\",\"formatter\":17}]}},\"name\":\"query - 6\"}],\"styleSettings\":{\"spacingStyle\":\"none\"},\"fromTemplateId\":\"sentinel-BitwardenEventLogsAuthentication\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\r\n",
+ "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"6f7b06e9-6ae9-47e4-974b-85b998d96c1d\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Time\",\"type\":4,\"typeSettings\":{\"selectableValues\":[{\"durationMs\":300000},{\"durationMs\":900000},{\"durationMs\":1800000},{\"durationMs\":3600000},{\"durationMs\":14400000},{\"durationMs\":43200000},{\"durationMs\":86400000},{\"durationMs\":172800000},{\"durationMs\":259200000},{\"durationMs\":604800000},{\"durationMs\":1209600000},{\"durationMs\":2419200000},{\"durationMs\":2592000000},{\"durationMs\":5184000000},{\"durationMs\":7776000000}],\"allowCustom\":true},\"timeContext\":{\"durationMs\":86400000},\"value\":{\"durationMs\":86400000}}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 3\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"BitwardenEventLogs | where eventType == 1000 | extend country = geo_info_from_ip_address(ipAddress).country | where country != \\\"\\\"\",\"size\":3,\"title\":\"Successful Log In Attempts by Country\",\"timeContextFromParameter\":\"Time\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"map\",\"mapSettings\":{\"locInfo\":\"CountryRegion\",\"locInfoColumn\":\"country\",\"sizeSettings\":\"country\",\"sizeAggregation\":\"Count\",\"legendMetric\":\"country\",\"legendAggregation\":\"Count\",\"itemColorSettings\":{\"nodeColorField\":\"eventType\",\"colorAggregation\":\"Sum\",\"type\":\"heatmap\",\"heatmapPalette\":\"greenRed\"}}},\"name\":\"query - 4\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"BitwardenEventLogs | where (eventType >= 1000 and eventType < 1007) or (eventType >= 1008 and eventType < 1010) | summarize deviceCount = count() by deviceName, bin(TimeGenerated, 1h) | sort by TimeGenerated desc\",\"size\":1,\"showAnalytics\":true,\"title\":\"Authentication Events by Device\",\"timeContextFromParameter\":\"Time\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"linechart\"},\"customWidth\":\"50\",\"showPin\":true,\"name\":\"query - 1\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"BitwardenEventLogs | where (eventType >= 1000 and eventType < 1007) or (eventType >= 1008 and eventType < 1010) | summarize eventTypeCount = count() by eventTypeName, bin(TimeGenerated, 1h) | sort by TimeGenerated desc\",\"size\":1,\"showAnalytics\":true,\"title\":\"Authentication Events by Type\",\"timeContextFromParameter\":\"Time\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"linechart\"},\"customWidth\":\"50\",\"showPin\":true,\"name\":\"query - 1 - Copy\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"3dffc9fc-e511-4ce5-9526-8f18c19df622\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"TopUsersBy\",\"label\":\"Top Users By\",\"type\":2,\"typeSettings\":{\"showDefault\":false},\"jsonData\":\"[ { \\\"value\\\": \\\"actingUserId\\\", \\\"label\\\": \\\"User ID\\\", \\\"selected\\\": false }, { \\\"value\\\": \\\"actingUserEmail\\\", \\\"label\\\": \\\"User Email\\\", \\\"selected\\\": true }, { \\\"value\\\": \\\"actingUserName\\\", \\\"label\\\": \\\"User Name\\\", \\\"selected\\\": false } ]\",\"timeContext\":{\"durationMs\":86400000}}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 5\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"BitwardenEventLogs | where eventType >= 1005 and eventType < 1007 | where actingUserId != \\\"\\\" and {TopUsersBy} != \\\"\\\" | summarize userCount = count() by {TopUsersBy}\",\"size\":1,\"showAnalytics\":true,\"title\":\"Top Failed Log Event Users\",\"timeContextFromParameter\":\"Time\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\",\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"eventTypeName\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"eventType\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}},\"graphSettings\":{\"type\":0,\"topContent\":{\"columnMatch\":\"eventTypeName\",\"formatter\":1},\"centerContent\":{\"columnMatch\":\"eventType\",\"formatter\":1,\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}}},\"customWidth\":\"50\",\"showPin\":true,\"name\":\"query - 1 - Copy - Copy\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"BitwardenEventLogs | where eventType == 1000 | where actingUserId != \\\"\\\" and {TopUsersBy} != \\\"\\\" | summarize userCount = count() by {TopUsersBy}\",\"size\":1,\"showAnalytics\":true,\"title\":\"Top Successful Log Event Users\",\"timeContextFromParameter\":\"Time\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\",\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"eventTypeName\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"eventType\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}},\"graphSettings\":{\"type\":0,\"topContent\":{\"columnMatch\":\"eventTypeName\",\"formatter\":1},\"centerContent\":{\"columnMatch\":\"eventType\",\"formatter\":1,\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}}},\"customWidth\":\"50\",\"showPin\":true,\"name\":\"query - 1 - Copy 2\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"BitwardenEventLogs | where (eventType >= 1000 and eventType < 1007) or (eventType >= 1008 and eventType < 1010)\",\"size\":3,\"title\":\"Latest Authentication Events\",\"timeContextFromParameter\":\"Time\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"TimeGenerated\",\"formatter\":6},{\"columnMatch\":\"ipAddress\",\"formatter\":17}]}},\"name\":\"query - 6\"}],\"styleSettings\":{\"spacingStyle\":\"none\"},\"fromTemplateId\":\"sentinel-BitwardenEventLogsAuthentication\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\n",
"version": "1.0",
"sourceId": "[variables('workspaceResourceId')]",
"category": "sentinel"
@@ -1210,7 +1210,7 @@
},
"properties": {
"displayName": "[parameters('workbook3-name')]",
- "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"6f7b06e9-6ae9-47e4-974b-85b998d96c1d\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Time\",\"type\":4,\"typeSettings\":{\"selectableValues\":[{\"durationMs\":300000},{\"durationMs\":900000},{\"durationMs\":1800000},{\"durationMs\":3600000},{\"durationMs\":14400000},{\"durationMs\":43200000},{\"durationMs\":86400000},{\"durationMs\":172800000},{\"durationMs\":259200000},{\"durationMs\":604800000},{\"durationMs\":1209600000},{\"durationMs\":2419200000},{\"durationMs\":2592000000},{\"durationMs\":5184000000},{\"durationMs\":7776000000}],\"allowCustom\":true},\"timeContext\":{\"durationMs\":86400000},\"value\":{\"durationMs\":86400000}}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 3\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"BitwardenEventLogs | where eventType >= 1100 and eventType < 1200 | extend country = geo_info_from_ip_address(ipAddress).country | where country != \\\"\\\"\",\"size\":3,\"title\":\"Vault Item Events by Country\",\"timeContextFromParameter\":\"Time\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"map\",\"mapSettings\":{\"locInfo\":\"CountryRegion\",\"locInfoColumn\":\"country\",\"sizeSettings\":\"country\",\"sizeAggregation\":\"Count\",\"legendMetric\":\"country\",\"legendAggregation\":\"Count\",\"itemColorSettings\":{\"nodeColorField\":\"eventType\",\"colorAggregation\":\"Sum\",\"type\":\"heatmap\",\"heatmapPalette\":\"greenRed\"}}},\"name\":\"query - 4\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"BitwardenEventLogs | where eventType >= 1100 and eventType < 1200 | summarize deviceCount = count() by deviceName, bin(TimeGenerated, 1h) | sort by TimeGenerated desc\",\"size\":1,\"showAnalytics\":true,\"title\":\"Vault Item Events by Device\",\"timeContextFromParameter\":\"Time\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"linechart\"},\"customWidth\":\"50\",\"showPin\":true,\"name\":\"query - 1\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"BitwardenEventLogs | where eventType >= 1100 and eventType < 1200 | summarize eventTypeCount = count() by eventTypeName, bin(TimeGenerated, 1h) | sort by TimeGenerated desc\",\"size\":1,\"showAnalytics\":true,\"title\":\"Vault Item Events by Type\",\"timeContextFromParameter\":\"Time\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"linechart\"},\"customWidth\":\"50\",\"showPin\":true,\"name\":\"query - 1 - Copy\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"3dffc9fc-e511-4ce5-9526-8f18c19df622\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"TopUsersBy\",\"label\":\"Top Users By\",\"type\":2,\"typeSettings\":{\"showDefault\":false},\"jsonData\":\"[ { \\\"value\\\": \\\"actingUserId\\\", \\\"label\\\": \\\"User ID\\\", \\\"selected\\\": false }, { \\\"value\\\": \\\"actingUserEmail\\\", \\\"label\\\": \\\"User Email\\\", \\\"selected\\\": true }, { \\\"value\\\": \\\"actingUserName\\\", \\\"label\\\": \\\"User Name\\\", \\\"selected\\\": false } ]\",\"timeContext\":{\"durationMs\":86400000}}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 5\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"BitwardenEventLogs | where eventType >= 1100 and eventType < 1200 | where actingUserId != \\\"\\\" and {TopUsersBy} != \\\"\\\" | summarize userCount = count() by {TopUsersBy}\",\"size\":1,\"showAnalytics\":true,\"title\":\"Top Vault Item Event Users\",\"timeContextFromParameter\":\"Time\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\",\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"eventTypeName\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"eventType\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}},\"graphSettings\":{\"type\":0,\"topContent\":{\"columnMatch\":\"eventTypeName\",\"formatter\":1},\"centerContent\":{\"columnMatch\":\"eventType\",\"formatter\":1,\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}}},\"customWidth\":\"50\",\"showPin\":true,\"name\":\"query - 1 - Copy - Copy\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"BitwardenEventLogs | where eventType >= 1100 and eventType < 1200\",\"size\":3,\"title\":\"Latest Vault Item Events\",\"timeContextFromParameter\":\"Time\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"TimeGenerated\",\"formatter\":6},{\"columnMatch\":\"ipAddress\",\"formatter\":17}]}},\"name\":\"query - 6\"}],\"styleSettings\":{\"spacingStyle\":\"none\"},\"fromTemplateId\":\"sentinel-BitwardenEventLogsVaultItems\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\r\n",
+ "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"6f7b06e9-6ae9-47e4-974b-85b998d96c1d\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"Time\",\"type\":4,\"typeSettings\":{\"selectableValues\":[{\"durationMs\":300000},{\"durationMs\":900000},{\"durationMs\":1800000},{\"durationMs\":3600000},{\"durationMs\":14400000},{\"durationMs\":43200000},{\"durationMs\":86400000},{\"durationMs\":172800000},{\"durationMs\":259200000},{\"durationMs\":604800000},{\"durationMs\":1209600000},{\"durationMs\":2419200000},{\"durationMs\":2592000000},{\"durationMs\":5184000000},{\"durationMs\":7776000000}],\"allowCustom\":true},\"timeContext\":{\"durationMs\":86400000},\"value\":{\"durationMs\":86400000}}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 3\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"BitwardenEventLogs | where eventType >= 1100 and eventType < 1200 | extend country = geo_info_from_ip_address(ipAddress).country | where country != \\\"\\\"\",\"size\":3,\"title\":\"Vault Item Events by Country\",\"timeContextFromParameter\":\"Time\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"map\",\"mapSettings\":{\"locInfo\":\"CountryRegion\",\"locInfoColumn\":\"country\",\"sizeSettings\":\"country\",\"sizeAggregation\":\"Count\",\"legendMetric\":\"country\",\"legendAggregation\":\"Count\",\"itemColorSettings\":{\"nodeColorField\":\"eventType\",\"colorAggregation\":\"Sum\",\"type\":\"heatmap\",\"heatmapPalette\":\"greenRed\"}}},\"name\":\"query - 4\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"BitwardenEventLogs | where eventType >= 1100 and eventType < 1200 | summarize deviceCount = count() by deviceName, bin(TimeGenerated, 1h) | sort by TimeGenerated desc\",\"size\":1,\"showAnalytics\":true,\"title\":\"Vault Item Events by Device\",\"timeContextFromParameter\":\"Time\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"linechart\"},\"customWidth\":\"50\",\"showPin\":true,\"name\":\"query - 1\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"BitwardenEventLogs | where eventType >= 1100 and eventType < 1200 | summarize eventTypeCount = count() by eventTypeName, bin(TimeGenerated, 1h) | sort by TimeGenerated desc\",\"size\":1,\"showAnalytics\":true,\"title\":\"Vault Item Events by Type\",\"timeContextFromParameter\":\"Time\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"linechart\"},\"customWidth\":\"50\",\"showPin\":true,\"name\":\"query - 1 - Copy\"},{\"type\":9,\"content\":{\"version\":\"KqlParameterItem/1.0\",\"parameters\":[{\"id\":\"3dffc9fc-e511-4ce5-9526-8f18c19df622\",\"version\":\"KqlParameterItem/1.0\",\"name\":\"TopUsersBy\",\"label\":\"Top Users By\",\"type\":2,\"typeSettings\":{\"showDefault\":false},\"jsonData\":\"[ { \\\"value\\\": \\\"actingUserId\\\", \\\"label\\\": \\\"User ID\\\", \\\"selected\\\": false }, { \\\"value\\\": \\\"actingUserEmail\\\", \\\"label\\\": \\\"User Email\\\", \\\"selected\\\": true }, { \\\"value\\\": \\\"actingUserName\\\", \\\"label\\\": \\\"User Name\\\", \\\"selected\\\": false } ]\",\"timeContext\":{\"durationMs\":86400000}}],\"style\":\"pills\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\"},\"name\":\"parameters - 5\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"BitwardenEventLogs | where eventType >= 1100 and eventType < 1200 | where actingUserId != \\\"\\\" and {TopUsersBy} != \\\"\\\" | summarize userCount = count() by {TopUsersBy}\",\"size\":1,\"showAnalytics\":true,\"title\":\"Top Vault Item Event Users\",\"timeContextFromParameter\":\"Time\",\"showExportToExcel\":true,\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"visualization\":\"barchart\",\"tileSettings\":{\"showBorder\":false,\"titleContent\":{\"columnMatch\":\"eventTypeName\",\"formatter\":1},\"leftContent\":{\"columnMatch\":\"eventType\",\"formatter\":12,\"formatOptions\":{\"palette\":\"auto\"},\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}},\"graphSettings\":{\"type\":0,\"topContent\":{\"columnMatch\":\"eventTypeName\",\"formatter\":1},\"centerContent\":{\"columnMatch\":\"eventType\",\"formatter\":1,\"numberFormat\":{\"unit\":17,\"options\":{\"maximumSignificantDigits\":3,\"maximumFractionDigits\":2}}}}},\"customWidth\":\"50\",\"showPin\":true,\"name\":\"query - 1 - Copy - Copy\"},{\"type\":3,\"content\":{\"version\":\"KqlItem/1.0\",\"query\":\"BitwardenEventLogs | where eventType >= 1100 and eventType < 1200\",\"size\":3,\"title\":\"Latest Vault Item Events\",\"timeContextFromParameter\":\"Time\",\"queryType\":0,\"resourceType\":\"microsoft.operationalinsights/workspaces\",\"gridSettings\":{\"formatters\":[{\"columnMatch\":\"TimeGenerated\",\"formatter\":6},{\"columnMatch\":\"ipAddress\",\"formatter\":17}]}},\"name\":\"query - 6\"}],\"styleSettings\":{\"spacingStyle\":\"none\"},\"fromTemplateId\":\"sentinel-BitwardenEventLogsVaultItems\",\"$schema\":\"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"}\n",
"version": "1.0",
"sourceId": "[variables('workspaceResourceId')]",
"category": "sentinel"
@@ -1421,7 +1421,7 @@
"contentSchemaVersion": "3.0.0",
"displayName": "Bitwarden",
"publisherDisplayName": "Bitwarden Inc",
- "descriptionHtml": "Note: Please refer to the following before installing the solution:
\n• Review the solution Release Notes
\n• There may be known issues pertaining to this Solution, please refer to them before installing.
\nThe Bitwarden Solution for Microsoft Sentinel provides a simple way to ingest Event Logs events from Bitwarden into Microsoft Sentinel.
\nData Connectors: 1, Parsers: 1, Workbooks: 3
\nLearn more about Microsoft Sentinel | Learn more about Solutions
\n", + "descriptionHtml": "Note: Please refer to the following before installing the solution:
\n• Review the solution Release Notes
\n• There may be known issues pertaining to this Solution, please refer to them before installing.
\nThis application provides insight into activity of your Bitwarden organization such as user's activity (logged in, changed password, 2fa, etc.), cipher activity (created, updated, deleted, shared, etc.), collection activity, organization activity, and more.
\nData Connectors: 1, Parsers: 1, Workbooks: 3
\nLearn more about Microsoft Sentinel | Learn more about Solutions
\n", "contentKind": "Solution", "contentProductId": "[variables('_solutioncontentProductId')]", "id": "[variables('_solutioncontentProductId')]", @@ -1474,12 +1474,14 @@ ] }, "firstPublishDate": "2024-05-12", + "lastPublishDate": "2024-10-02", "providers": [ "Bitwarden" ], "categories": { "domains": [ - "Security - Threat Protection" + "Security - Threat Protection", + "Security - Information Protection" ] } }, diff --git a/Solutions/Bitwarden/SolutionMetadata.json b/Solutions/Bitwarden/SolutionMetadata.json index 8f2f2343c03..7ddd04f1aeb 100644 --- a/Solutions/Bitwarden/SolutionMetadata.json +++ b/Solutions/Bitwarden/SolutionMetadata.json @@ -1,13 +1,15 @@ { - "publisherId": "bitwarden", - "offerId": "azure-sentinel-solution-bitwarden-event-logs", + "publisherId": "8bit-solutions-llc", + "offerId": "bitwarden-sentinel-integration", "firstPublishDate": "2024-05-12", + "lastPublishDate": "2024-10-02", "providers": [ "Bitwarden" ], "categories": { "domains": [ - "Security - Threat Protection" + "Security - Threat Protection", + "Security - Information Protection" ], "verticals": [] },