From 367e931857c6665085ff538d656d4a1d10a7a3ab Mon Sep 17 00:00:00 2001
From: Laurence <laurence.jones@live.co.uk>
Date: Wed, 18 Sep 2024 11:33:27 +0100
Subject: [PATCH 1/3] enhance: Fix vaultwarden logs to allow non timezoned
 timestamps

---
 .index.json                                   |   8 +-
 .tests/vaultwarden-logs/parser.assert         | 920 ++++++++++--------
 .tests/vaultwarden-logs/vaultwarden-logs.log  |  48 +-
 .../Dominic-Wagner/vaultwarden-logs.yaml      |   8 +-
 4 files changed, 531 insertions(+), 453 deletions(-)

diff --git a/.index.json b/.index.json
index e9562358307..92377f269e0 100644
--- a/.index.json
+++ b/.index.json
@@ -5921,15 +5921,19 @@
   "Dominic-Wagner/vaultwarden-logs": {
    "path": "parsers/s01-parse/Dominic-Wagner/vaultwarden-logs.yaml",
    "stage": "s01-parse",
-   "version": "0.1",
+   "version": "0.2",
    "versions": {
     "0.1": {
      "digest": "016236c174143284ded1df7e2180c4271b9e7e2e949560aed17b32a00da8c0d6",
      "deprecated": false
+    },
+    "0.2": {
+     "digest": "45d9d297c5f3901ebea3bcf7de08e339cbcd8259c35ed9f7773298514805d986",
+     "deprecated": false
     }
    },
    "long_description": "UGFyc2VyIGZvciBbVmF1bHR3YXJkZW5dKGh0dHBzOi8vZ2l0aHViLmNvbS9kYW5pLWdhcmNpYS92YXVsdHdhcmRlbikgTG9ncy4KCklmIHVzaW5nIExPR19GSUxFIGVudmlyb25tZW50IHZhcmlhYmxlOgpgYGB5YW1sCi0tLQpmaWxlbmFtZXM6CiAtIC92YXIvbG9nL3ZhdWx0d2FyZGVuLmxvZwpsYWJlbHM6CiAgdHlwZTogVmF1bHR3YXJkZW4KYGBgCklmIHJ1bm5pbmcgdmlhIHN5c3RlbWQ6CmBgYHlhbWwKLS0tCnNvdXJjZTogam91cm5hbGN0bApqb3VybmFsY3RsX2ZpbHRlcjoKICAtICJTWVNMT0dfSURFTlRJRkVSPVZhdWx0d2FyZGVuIgpsYWJlbHM6CiAgdHlwZTogVmF1bHR3YXJkZW4=",
-   "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogIlVwcGVyKGV2dC5QYXJzZWQucHJvZ3JhbSkgPT0gJ1ZBVUxUV0FSREVOJyIKbmFtZTogRG9taW5pYy1XYWduZXIvdmF1bHR3YXJkZW4tbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIHZhdWx0d2FyZGVuIGxvZ3MiCnBhdHRlcm5fc3ludGF4OgogIERBVEVfWU1EOiAiJXtZRUFSOnllYXJ9LSV7TU9OVEhOVU06bW9udGh9LSV7TU9OVEhEQVk6ZGF5fSIKbm9kZXM6CiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAnXlxbJXtEQVRFX1lNRDpkYXRlfSAle1RJTUU6dGltZX1cXVxbdmF1bHR3YXJkZW46OmFwaTo6aWRlbnRpdHlcXVxbRVJST1JcXSBVc2VybmFtZSBvciBwYXNzd29yZCBpcyBpbmNvcnJlY3RcLiBUcnkgYWdhaW5cLiBJUDogJXtJUDpzb3VyY2VfaXB9XC4gVXNlcm5hbWU6ICV7RU1BSUxBRERSRVNTOnVzZXJuYW1lfVwuJCcKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogdmF1bHR3YXJkZW5fZmFpbGVkX2F1dGgKICAgICAgICAtIG1ldGE6IHVzZXJuYW1lCiAgICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnVzZXJuYW1lCiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAnXlxbJXtEQVRFX1lNRDpkYXRlfSAle1RJTUU6dGltZX1cXVxbdmF1bHR3YXJkZW46OmFwaTo6YWRtaW5cXVxbRVJST1JcXSBJbnZhbGlkIGFkbWluIHRva2VuLiBJUDogJXtJUDpzb3VyY2VfaXB9JwogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiB2YXVsdHdhcmRlbl9mYWlsZWRfYWRtaW5fYXV0aAogIC0gZ3JvazoKICAgICAgcGF0dGVybjogJ15cWyV7REFURV9ZTUQ6ZGF0ZX0gJXtUSU1FOnRpbWV9XF1cW3ZhdWx0d2FyZGVuOjphcGk6OmNvcmU6OnR3b19mYWN0b3I6OmF1dGhlbnRpY2F0b3JcXVxbRVJST1JcXSBJbnZhbGlkIFRPVFAgY29kZSEgU2VydmVyIHRpbWU6ICV7REFURV9ZTUQ6c2VydmVyX2RhdGV9ICV7VElNRTpzZXJ2ZXJfdGltZX0gJXtUWjpzZXJ2ZXJfdHp9IElQOiAle0lQOnNvdXJjZV9pcH0nCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IHZhdWx0d2FyZGVuX2ZhaWxlZF90b3RwCgpzdGF0aWNzOgogICAgLSBtZXRhOiBzZXJ2aWNlCiAgICAgIHZhbHVlOiB2YXVsdHdhcmRlbgogICAgLSBtZXRhOiBzb3VyY2VfaXAKICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc291cmNlX2lwIgogICAgLSB0YXJnZXQ6IGV2dC5TdHJUaW1lCiAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLmRhdGUgKyAnICcgKyBldnQuUGFyc2VkLnRpbWUiCg==",
+   "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogIlVwcGVyKGV2dC5QYXJzZWQucHJvZ3JhbSkgPT0gJ1ZBVUxUV0FSREVOJyIKbmFtZTogRG9taW5pYy1XYWduZXIvdmF1bHR3YXJkZW4tbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIHZhdWx0d2FyZGVuIGxvZ3MiCnBhdHRlcm5fc3ludGF4OgogIERBVEVfWU1EOiAiJXtZRUFSOnllYXJ9LSV7TU9OVEhOVU06bW9udGh9LSV7TU9OVEhEQVk6ZGF5fSIKbm9kZXM6CiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAnXlxbJXtUSU1FU1RBTVBfSVNPODYwMTpkYXRldGltZXN0YW1wfVxdXFt2YXVsdHdhcmRlbjo6YXBpOjppZGVudGl0eVxdXFtFUlJPUlxdIFVzZXJuYW1lIG9yIHBhc3N3b3JkIGlzIGluY29ycmVjdFwuIFRyeSBhZ2FpblwuIElQOiAle0lQOnNvdXJjZV9pcH1cLiBVc2VybmFtZTogJXtFTUFJTEFERFJFU1M6dXNlcm5hbWV9XC4kJwogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiB2YXVsdHdhcmRlbl9mYWlsZWRfYXV0aAogICAgICAgIC0gbWV0YTogdXNlcm5hbWUKICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQudXNlcm5hbWUKICAtIGdyb2s6CiAgICAgIHBhdHRlcm46ICdeXFsle1RJTUVTVEFNUF9JU084NjAxOmRhdGV0aW1lc3RhbXB9XF1cW3ZhdWx0d2FyZGVuOjphcGk6OmFkbWluXF1cW0VSUk9SXF0gSW52YWxpZCBhZG1pbiB0b2tlbi4gSVA6ICV7SVA6c291cmNlX2lwfScKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogdmF1bHR3YXJkZW5fZmFpbGVkX2FkbWluX2F1dGgKICAtIGdyb2s6CiAgICAgIHBhdHRlcm46ICdeXFsle1RJTUVTVEFNUF9JU084NjAxOmRhdGV0aW1lc3RhbXB9XF1cW3ZhdWx0d2FyZGVuOjphcGk6OmNvcmU6OnR3b19mYWN0b3I6OmF1dGhlbnRpY2F0b3JcXVxbRVJST1JcXSBJbnZhbGlkIFRPVFAgY29kZSEgU2VydmVyIHRpbWU6ICV7REFURV9ZTUQ6c2VydmVyX2RhdGV9ICV7VElNRTpzZXJ2ZXJfdGltZX0gJXtUWjpzZXJ2ZXJfdHp9IElQOiAle0lQOnNvdXJjZV9pcH0nCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IHZhdWx0d2FyZGVuX2ZhaWxlZF90b3RwCgpzdGF0aWNzOgogICAgLSBtZXRhOiBzZXJ2aWNlCiAgICAgIHZhbHVlOiB2YXVsdHdhcmRlbgogICAgLSBtZXRhOiBzb3VyY2VfaXAKICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc291cmNlX2lwIgogICAgLSB0YXJnZXQ6IGV2dC5TdHJUaW1lCiAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQuZGF0ZXRpbWVzdGFtcAo=",
    "description": "Parse vaultwarden logs",
    "author": "Dominic-Wagner",
    "labels": null
diff --git a/.tests/vaultwarden-logs/parser.assert b/.tests/vaultwarden-logs/parser.assert
index fc0eef90254..ed22dabc87d 100644
--- a/.tests/vaultwarden-logs/parser.assert
+++ b/.tests/vaultwarden-logs/parser.assert
@@ -1,116 +1,162 @@
 len(results) == 4
-len(results["s00-raw"]["crowdsecurity/non-syslog"]) == 22
+len(results["s00-raw"]["crowdsecurity/non-syslog"]) == 26
 results["s00-raw"]["crowdsecurity/non-syslog"][0].Success == true
-results["s00-raw"]["crowdsecurity/non-syslog"][0].Evt.Parsed["message"] == "[2022-02-03 16:10:11.219][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: 2001:db8::b6d3:95d7:1425:766d. Username: test@example.com."
+results["s00-raw"]["crowdsecurity/non-syslog"][0].Evt.Parsed["message"] == "[2022-02-03 16:10:11.219][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: ::1. Username: test@example.com."
 results["s00-raw"]["crowdsecurity/non-syslog"][0].Evt.Parsed["program"] == "Vaultwarden"
 results["s00-raw"]["crowdsecurity/non-syslog"][0].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
 results["s00-raw"]["crowdsecurity/non-syslog"][0].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/non-syslog"][0].Evt.Whitelisted == false
 results["s00-raw"]["crowdsecurity/non-syslog"][1].Success == true
-results["s00-raw"]["crowdsecurity/non-syslog"][1].Evt.Parsed["message"] == "[2022-02-03 16:10:15.993][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: 2001:db8::b6d3:95d7:1425:766d. Username: test@example.com."
+results["s00-raw"]["crowdsecurity/non-syslog"][1].Evt.Parsed["message"] == "[2022-02-03 16:10:15.993][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: ::1. Username: test@example.com."
 results["s00-raw"]["crowdsecurity/non-syslog"][1].Evt.Parsed["program"] == "Vaultwarden"
-results["s00-raw"]["crowdsecurity/non-syslog"][1].Evt.Meta["datasource_type"] == "file"
 results["s00-raw"]["crowdsecurity/non-syslog"][1].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
+results["s00-raw"]["crowdsecurity/non-syslog"][1].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/non-syslog"][1].Evt.Whitelisted == false
 results["s00-raw"]["crowdsecurity/non-syslog"][2].Success == true
+results["s00-raw"]["crowdsecurity/non-syslog"][2].Evt.Parsed["message"] == "[2022-02-03 16:10:14.593][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: ::1. Username: test@example.com."
 results["s00-raw"]["crowdsecurity/non-syslog"][2].Evt.Parsed["program"] == "Vaultwarden"
-results["s00-raw"]["crowdsecurity/non-syslog"][2].Evt.Parsed["message"] == "[2022-02-03 16:10:14.593][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: 2001:db8::b6d3:95d7:1425:766d. Username: test@example.com."
-results["s00-raw"]["crowdsecurity/non-syslog"][2].Evt.Meta["datasource_type"] == "file"
 results["s00-raw"]["crowdsecurity/non-syslog"][2].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
+results["s00-raw"]["crowdsecurity/non-syslog"][2].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/non-syslog"][2].Evt.Whitelisted == false
 results["s00-raw"]["crowdsecurity/non-syslog"][3].Success == true
+results["s00-raw"]["crowdsecurity/non-syslog"][3].Evt.Parsed["message"] == "[2022-02-03 16:10:30.702][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: ::1. Username: test@example.com."
 results["s00-raw"]["crowdsecurity/non-syslog"][3].Evt.Parsed["program"] == "Vaultwarden"
-results["s00-raw"]["crowdsecurity/non-syslog"][3].Evt.Parsed["message"] == "[2022-02-03 16:10:30.702][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: 2001:db8::b6d3:95d7:1425:766d. Username: test@example.com."
-results["s00-raw"]["crowdsecurity/non-syslog"][3].Evt.Meta["datasource_type"] == "file"
 results["s00-raw"]["crowdsecurity/non-syslog"][3].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
+results["s00-raw"]["crowdsecurity/non-syslog"][3].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/non-syslog"][3].Evt.Whitelisted == false
 results["s00-raw"]["crowdsecurity/non-syslog"][4].Success == true
-results["s00-raw"]["crowdsecurity/non-syslog"][4].Evt.Parsed["message"] == "[2022-02-03 16:10:35.376][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: 2001:db8::b6d3:95d7:1425:766d. Username: test@example.com."
+results["s00-raw"]["crowdsecurity/non-syslog"][4].Evt.Parsed["message"] == "[2022-02-03 16:10:35.376][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: ::1. Username: test@example.com."
 results["s00-raw"]["crowdsecurity/non-syslog"][4].Evt.Parsed["program"] == "Vaultwarden"
-results["s00-raw"]["crowdsecurity/non-syslog"][4].Evt.Meta["datasource_type"] == "file"
 results["s00-raw"]["crowdsecurity/non-syslog"][4].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
+results["s00-raw"]["crowdsecurity/non-syslog"][4].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/non-syslog"][4].Evt.Whitelisted == false
 results["s00-raw"]["crowdsecurity/non-syslog"][5].Success == true
-results["s00-raw"]["crowdsecurity/non-syslog"][5].Evt.Parsed["message"] == "[2022-02-03 16:10:36.810][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: 2001:db8::b6d3:95d7:1425:766d. Username: test@example.com."
+results["s00-raw"]["crowdsecurity/non-syslog"][5].Evt.Parsed["message"] == "[2022-02-03 16:10:36.810][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: ::1. Username: test@example.com."
 results["s00-raw"]["crowdsecurity/non-syslog"][5].Evt.Parsed["program"] == "Vaultwarden"
 results["s00-raw"]["crowdsecurity/non-syslog"][5].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
 results["s00-raw"]["crowdsecurity/non-syslog"][5].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/non-syslog"][5].Evt.Whitelisted == false
 results["s00-raw"]["crowdsecurity/non-syslog"][6].Success == true
-results["s00-raw"]["crowdsecurity/non-syslog"][6].Evt.Parsed["message"] == "[2021-02-03 16:10:59.955][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: 192.0.2.130. Username: test@example.com."
+results["s00-raw"]["crowdsecurity/non-syslog"][6].Evt.Parsed["message"] == "[2021-02-03 16:10:59.955][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: 192.168.1.1. Username: test@example.com."
 results["s00-raw"]["crowdsecurity/non-syslog"][6].Evt.Parsed["program"] == "Vaultwarden"
 results["s00-raw"]["crowdsecurity/non-syslog"][6].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
 results["s00-raw"]["crowdsecurity/non-syslog"][6].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/non-syslog"][6].Evt.Whitelisted == false
 results["s00-raw"]["crowdsecurity/non-syslog"][7].Success == true
-results["s00-raw"]["crowdsecurity/non-syslog"][7].Evt.Parsed["message"] == "[2021-02-03 16:11:02.266][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: 192.0.2.130. Username: test@example.com."
+results["s00-raw"]["crowdsecurity/non-syslog"][7].Evt.Parsed["message"] == "[2021-02-03 16:11:02.266][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: 192.168.1.1. Username: test@example.com."
 results["s00-raw"]["crowdsecurity/non-syslog"][7].Evt.Parsed["program"] == "Vaultwarden"
-results["s00-raw"]["crowdsecurity/non-syslog"][7].Evt.Meta["datasource_type"] == "file"
 results["s00-raw"]["crowdsecurity/non-syslog"][7].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
+results["s00-raw"]["crowdsecurity/non-syslog"][7].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/non-syslog"][7].Evt.Whitelisted == false
 results["s00-raw"]["crowdsecurity/non-syslog"][8].Success == true
-results["s00-raw"]["crowdsecurity/non-syslog"][8].Evt.Parsed["message"] == "[2021-02-03 16:11:04.117][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: 192.0.2.130. Username: test@example.com."
+results["s00-raw"]["crowdsecurity/non-syslog"][8].Evt.Parsed["message"] == "[2021-02-03 16:11:04.117][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: 192.168.1.1. Username: test@example.com."
 results["s00-raw"]["crowdsecurity/non-syslog"][8].Evt.Parsed["program"] == "Vaultwarden"
 results["s00-raw"]["crowdsecurity/non-syslog"][8].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
 results["s00-raw"]["crowdsecurity/non-syslog"][8].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/non-syslog"][8].Evt.Whitelisted == false
 results["s00-raw"]["crowdsecurity/non-syslog"][9].Success == true
-results["s00-raw"]["crowdsecurity/non-syslog"][9].Evt.Parsed["message"] == "[2021-02-03 16:11:57.620][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: 192.0.2.130. Username: test@example.com."
+results["s00-raw"]["crowdsecurity/non-syslog"][9].Evt.Parsed["message"] == "[2021-02-03 16:11:57.620][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: 192.168.1.1. Username: test@example.com."
 results["s00-raw"]["crowdsecurity/non-syslog"][9].Evt.Parsed["program"] == "Vaultwarden"
-results["s00-raw"]["crowdsecurity/non-syslog"][9].Evt.Meta["datasource_type"] == "file"
 results["s00-raw"]["crowdsecurity/non-syslog"][9].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
+results["s00-raw"]["crowdsecurity/non-syslog"][9].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/non-syslog"][9].Evt.Whitelisted == false
 results["s00-raw"]["crowdsecurity/non-syslog"][10].Success == true
-results["s00-raw"]["crowdsecurity/non-syslog"][10].Evt.Parsed["message"] == "[2022-02-05 11:55:04.725][vaultwarden::api::admin][ERROR] Invalid admin token. IP: 2001:db8:48::82b:7a19"
+results["s00-raw"]["crowdsecurity/non-syslog"][10].Evt.Parsed["message"] == "[2022-02-05 11:55:04.725][vaultwarden::api::admin][ERROR] Invalid admin token. IP: ::1"
 results["s00-raw"]["crowdsecurity/non-syslog"][10].Evt.Parsed["program"] == "Vaultwarden"
-results["s00-raw"]["crowdsecurity/non-syslog"][10].Evt.Meta["datasource_type"] == "file"
 results["s00-raw"]["crowdsecurity/non-syslog"][10].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
+results["s00-raw"]["crowdsecurity/non-syslog"][10].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/non-syslog"][10].Evt.Whitelisted == false
 results["s00-raw"]["crowdsecurity/non-syslog"][11].Success == true
-results["s00-raw"]["crowdsecurity/non-syslog"][11].Evt.Parsed["message"] == "[2022-02-05 11:55:04.725][vaultwarden::api::admin][ERROR] Invalid admin token. IP: 2001:db8:48::82b:7a19"
+results["s00-raw"]["crowdsecurity/non-syslog"][11].Evt.Parsed["message"] == "[2022-02-05 11:55:04.725][vaultwarden::api::admin][ERROR] Invalid admin token. IP: ::1"
 results["s00-raw"]["crowdsecurity/non-syslog"][11].Evt.Parsed["program"] == "Vaultwarden"
 results["s00-raw"]["crowdsecurity/non-syslog"][11].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
 results["s00-raw"]["crowdsecurity/non-syslog"][11].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/non-syslog"][11].Evt.Whitelisted == false
 results["s00-raw"]["crowdsecurity/non-syslog"][12].Success == true
-results["s00-raw"]["crowdsecurity/non-syslog"][12].Evt.Parsed["message"] == "[2022-02-05 11:55:04.725][vaultwarden::api::admin][ERROR] Invalid admin token. IP: 2001:db8:48::82b:7a19"
+results["s00-raw"]["crowdsecurity/non-syslog"][12].Evt.Parsed["message"] == "[2022-02-05 11:55:04.725][vaultwarden::api::admin][ERROR] Invalid admin token. IP: ::1"
 results["s00-raw"]["crowdsecurity/non-syslog"][12].Evt.Parsed["program"] == "Vaultwarden"
 results["s00-raw"]["crowdsecurity/non-syslog"][12].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
 results["s00-raw"]["crowdsecurity/non-syslog"][12].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/non-syslog"][12].Evt.Whitelisted == false
 results["s00-raw"]["crowdsecurity/non-syslog"][13].Success == true
-results["s00-raw"]["crowdsecurity/non-syslog"][13].Evt.Parsed["message"] == "[2022-02-05 11:55:04.725][vaultwarden::api::admin][ERROR] Invalid admin token. IP: 2001:db8:48::82b:7a19"
+results["s00-raw"]["crowdsecurity/non-syslog"][13].Evt.Parsed["message"] == "[2022-02-05 11:55:04.725][vaultwarden::api::admin][ERROR] Invalid admin token. IP: ::1"
 results["s00-raw"]["crowdsecurity/non-syslog"][13].Evt.Parsed["program"] == "Vaultwarden"
 results["s00-raw"]["crowdsecurity/non-syslog"][13].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
 results["s00-raw"]["crowdsecurity/non-syslog"][13].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/non-syslog"][13].Evt.Whitelisted == false
 results["s00-raw"]["crowdsecurity/non-syslog"][14].Success == true
-results["s00-raw"]["crowdsecurity/non-syslog"][14].Evt.Parsed["message"] == "[2022-02-05 11:55:04.725][vaultwarden::api::admin][ERROR] Invalid admin token. IP: 2001:db8:48::82b:7a19"
+results["s00-raw"]["crowdsecurity/non-syslog"][14].Evt.Parsed["message"] == "[2022-02-05 11:55:04.725][vaultwarden::api::admin][ERROR] Invalid admin token. IP: ::1"
 results["s00-raw"]["crowdsecurity/non-syslog"][14].Evt.Parsed["program"] == "Vaultwarden"
 results["s00-raw"]["crowdsecurity/non-syslog"][14].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
 results["s00-raw"]["crowdsecurity/non-syslog"][14].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/non-syslog"][14].Evt.Whitelisted == false
 results["s00-raw"]["crowdsecurity/non-syslog"][15].Success == true
-results["s00-raw"]["crowdsecurity/non-syslog"][15].Evt.Parsed["message"] == "[2022-02-05 11:55:04.725][vaultwarden::api::admin][ERROR] Invalid admin token. IP: 2001:db8:48::82b:7a19"
+results["s00-raw"]["crowdsecurity/non-syslog"][15].Evt.Parsed["message"] == "[2022-02-05 11:55:04.725][vaultwarden::api::admin][ERROR] Invalid admin token. IP: ::1"
 results["s00-raw"]["crowdsecurity/non-syslog"][15].Evt.Parsed["program"] == "Vaultwarden"
 results["s00-raw"]["crowdsecurity/non-syslog"][15].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
 results["s00-raw"]["crowdsecurity/non-syslog"][15].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/non-syslog"][15].Evt.Whitelisted == false
 results["s00-raw"]["crowdsecurity/non-syslog"][16].Success == true
-results["s00-raw"]["crowdsecurity/non-syslog"][16].Evt.Parsed["message"] == "[2022-02-05 12:01:51.892][vaultwarden::api::core::two_factor::authenticator][ERROR] Invalid TOTP code! Server time: 2022-02-05 12:01:51 UTC IP: 2001:db8:48::82b:7a18"
+results["s00-raw"]["crowdsecurity/non-syslog"][16].Evt.Parsed["message"] == "[2022-02-05 12:01:51.892][vaultwarden::api::core::two_factor::authenticator][ERROR] Invalid TOTP code! Server time: 2022-02-05 12:01:51 UTC IP: ::1"
 results["s00-raw"]["crowdsecurity/non-syslog"][16].Evt.Parsed["program"] == "Vaultwarden"
 results["s00-raw"]["crowdsecurity/non-syslog"][16].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
 results["s00-raw"]["crowdsecurity/non-syslog"][16].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/non-syslog"][16].Evt.Whitelisted == false
 results["s00-raw"]["crowdsecurity/non-syslog"][17].Success == true
-results["s00-raw"]["crowdsecurity/non-syslog"][17].Evt.Parsed["message"] == "[2022-02-05 12:01:51.892][vaultwarden::api::core::two_factor::authenticator][ERROR] Invalid TOTP code! Server time: 2022-02-05 12:01:51 UTC IP: 2001:db8:48::82b:7a18"
+results["s00-raw"]["crowdsecurity/non-syslog"][17].Evt.Parsed["message"] == "[2022-02-05 12:01:51.892][vaultwarden::api::core::two_factor::authenticator][ERROR] Invalid TOTP code! Server time: 2022-02-05 12:01:51 UTC IP: ::1"
 results["s00-raw"]["crowdsecurity/non-syslog"][17].Evt.Parsed["program"] == "Vaultwarden"
 results["s00-raw"]["crowdsecurity/non-syslog"][17].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
 results["s00-raw"]["crowdsecurity/non-syslog"][17].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/non-syslog"][17].Evt.Whitelisted == false
 results["s00-raw"]["crowdsecurity/non-syslog"][18].Success == true
-results["s00-raw"]["crowdsecurity/non-syslog"][18].Evt.Parsed["message"] == "[2022-02-05 12:01:51.892][vaultwarden::api::core::two_factor::authenticator][ERROR] Invalid TOTP code! Server time: 2022-02-05 12:01:51 UTC IP: 2001:db8:48::82b:7a18"
+results["s00-raw"]["crowdsecurity/non-syslog"][18].Evt.Parsed["message"] == "[2022-02-05 12:01:51.892][vaultwarden::api::core::two_factor::authenticator][ERROR] Invalid TOTP code! Server time: 2022-02-05 12:01:51 UTC IP: ::1"
 results["s00-raw"]["crowdsecurity/non-syslog"][18].Evt.Parsed["program"] == "Vaultwarden"
 results["s00-raw"]["crowdsecurity/non-syslog"][18].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
 results["s00-raw"]["crowdsecurity/non-syslog"][18].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/non-syslog"][18].Evt.Whitelisted == false
 results["s00-raw"]["crowdsecurity/non-syslog"][19].Success == true
-results["s00-raw"]["crowdsecurity/non-syslog"][19].Evt.Parsed["message"] == "[2022-02-05 12:01:51.892][vaultwarden::api::core::two_factor::authenticator][ERROR] Invalid TOTP code! Server time: 2022-02-05 12:01:51 UTC IP: 2001:db8:48::82b:7a18"
+results["s00-raw"]["crowdsecurity/non-syslog"][19].Evt.Parsed["message"] == "[2022-02-05 12:01:51.892][vaultwarden::api::core::two_factor::authenticator][ERROR] Invalid TOTP code! Server time: 2022-02-05 12:01:51 UTC IP: ::1"
 results["s00-raw"]["crowdsecurity/non-syslog"][19].Evt.Parsed["program"] == "Vaultwarden"
 results["s00-raw"]["crowdsecurity/non-syslog"][19].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
 results["s00-raw"]["crowdsecurity/non-syslog"][19].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/non-syslog"][19].Evt.Whitelisted == false
 results["s00-raw"]["crowdsecurity/non-syslog"][20].Success == true
-results["s00-raw"]["crowdsecurity/non-syslog"][20].Evt.Parsed["message"] == "[2022-02-05 12:01:51.892][vaultwarden::api::core::two_factor::authenticator][ERROR] Invalid TOTP code! Server time: 2022-02-05 12:01:51 UTC IP: 2001:db8:48::82b:7a18"
+results["s00-raw"]["crowdsecurity/non-syslog"][20].Evt.Parsed["message"] == "[2022-02-05 12:01:51.892][vaultwarden::api::core::two_factor::authenticator][ERROR] Invalid TOTP code! Server time: 2022-02-05 12:01:51 UTC IP: ::1"
 results["s00-raw"]["crowdsecurity/non-syslog"][20].Evt.Parsed["program"] == "Vaultwarden"
 results["s00-raw"]["crowdsecurity/non-syslog"][20].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
 results["s00-raw"]["crowdsecurity/non-syslog"][20].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/non-syslog"][20].Evt.Whitelisted == false
 results["s00-raw"]["crowdsecurity/non-syslog"][21].Success == true
-results["s00-raw"]["crowdsecurity/non-syslog"][21].Evt.Parsed["message"] == "[2022-02-05 12:01:51.892][vaultwarden::api::core::two_factor::authenticator][ERROR] Invalid TOTP code! Server time: 2022-02-05 12:01:51 UTC IP: 2001:db8:48::82b:7a18"
+results["s00-raw"]["crowdsecurity/non-syslog"][21].Evt.Parsed["message"] == "[2022-02-05 12:01:51.892][vaultwarden::api::core::two_factor::authenticator][ERROR] Invalid TOTP code! Server time: 2022-02-05 12:01:51 UTC IP: ::1"
 results["s00-raw"]["crowdsecurity/non-syslog"][21].Evt.Parsed["program"] == "Vaultwarden"
 results["s00-raw"]["crowdsecurity/non-syslog"][21].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
 results["s00-raw"]["crowdsecurity/non-syslog"][21].Evt.Meta["datasource_type"] == "file"
-len(results["s00-raw"]["crowdsecurity/syslog-logs"]) == 22
+results["s00-raw"]["crowdsecurity/non-syslog"][21].Evt.Whitelisted == false
+results["s00-raw"]["crowdsecurity/non-syslog"][22].Success == true
+results["s00-raw"]["crowdsecurity/non-syslog"][22].Evt.Parsed["message"] == "[2024-03-02 17:38:19.023-0700][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: 192.168.1.2. Username: blah@gmail.com."
+results["s00-raw"]["crowdsecurity/non-syslog"][22].Evt.Parsed["program"] == "Vaultwarden"
+results["s00-raw"]["crowdsecurity/non-syslog"][22].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
+results["s00-raw"]["crowdsecurity/non-syslog"][22].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/non-syslog"][22].Evt.Whitelisted == false
+results["s00-raw"]["crowdsecurity/non-syslog"][23].Success == true
+results["s00-raw"]["crowdsecurity/non-syslog"][23].Evt.Parsed["message"] == "[2024-03-02 17:42:20.407-0700][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: 192.168.1.2. Username: blah@gmail.com."
+results["s00-raw"]["crowdsecurity/non-syslog"][23].Evt.Parsed["program"] == "Vaultwarden"
+results["s00-raw"]["crowdsecurity/non-syslog"][23].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
+results["s00-raw"]["crowdsecurity/non-syslog"][23].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/non-syslog"][23].Evt.Whitelisted == false
+results["s00-raw"]["crowdsecurity/non-syslog"][24].Success == true
+results["s00-raw"]["crowdsecurity/non-syslog"][24].Evt.Parsed["message"] == "[2024-03-07 21:16:33.743-0700][vaultwarden::api::core::two_factor::authenticator][ERROR] Invalid TOTP code! Server time: 2024-03-08 04:16:33 UTC IP: 192.168.43.14"
+results["s00-raw"]["crowdsecurity/non-syslog"][24].Evt.Parsed["program"] == "Vaultwarden"
+results["s00-raw"]["crowdsecurity/non-syslog"][24].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
+results["s00-raw"]["crowdsecurity/non-syslog"][24].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/non-syslog"][24].Evt.Whitelisted == false
+results["s00-raw"]["crowdsecurity/non-syslog"][25].Success == true
+results["s00-raw"]["crowdsecurity/non-syslog"][25].Evt.Parsed["message"] == "[2024-03-07 21:19:30.450-0700][vaultwarden::api::admin][ERROR] Invalid admin token. IP: 192.168.41.1"
+results["s00-raw"]["crowdsecurity/non-syslog"][25].Evt.Parsed["program"] == "Vaultwarden"
+results["s00-raw"]["crowdsecurity/non-syslog"][25].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
+results["s00-raw"]["crowdsecurity/non-syslog"][25].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/non-syslog"][25].Evt.Whitelisted == false
+len(results["s00-raw"]["crowdsecurity/syslog-logs"]) == 26
 results["s00-raw"]["crowdsecurity/syslog-logs"][0].Success == false
 results["s00-raw"]["crowdsecurity/syslog-logs"][1].Success == false
 results["s00-raw"]["crowdsecurity/syslog-logs"][2].Success == false
@@ -133,742 +179,766 @@ results["s00-raw"]["crowdsecurity/syslog-logs"][18].Success == false
 results["s00-raw"]["crowdsecurity/syslog-logs"][19].Success == false
 results["s00-raw"]["crowdsecurity/syslog-logs"][20].Success == false
 results["s00-raw"]["crowdsecurity/syslog-logs"][21].Success == false
-len(results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"]) == 22
+results["s00-raw"]["crowdsecurity/syslog-logs"][22].Success == false
+results["s00-raw"]["crowdsecurity/syslog-logs"][23].Success == false
+results["s00-raw"]["crowdsecurity/syslog-logs"][24].Success == false
+results["s00-raw"]["crowdsecurity/syslog-logs"][25].Success == false
+len(results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"]) == 26
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][0].Success == true
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][0].Evt.Parsed["date"] == "2022-02-03"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][0].Evt.Parsed["day"] == "03"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][0].Evt.Parsed["message"] == "[2022-02-03 16:10:11.219][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: 2001:db8::b6d3:95d7:1425:766d. Username: test@example.com."
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][0].Evt.Parsed["month"] == "02"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][0].Evt.Parsed["datetimestamp"] == "2022-02-03 16:10:11.219"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][0].Evt.Parsed["message"] == "[2022-02-03 16:10:11.219][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: ::1. Username: test@example.com."
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][0].Evt.Parsed["program"] == "Vaultwarden"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][0].Evt.Parsed["time"] == "16:10:11.219"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][0].Evt.Parsed["source_ip"] == "::1"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][0].Evt.Parsed["username"] == "test@example.com"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][0].Evt.Parsed["source_ip"] == "2001:db8::b6d3:95d7:1425:766d"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][0].Evt.Parsed["year"] == "2022"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][0].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][0].Evt.Meta["datasource_type"] == "file"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][0].Evt.Meta["log_type"] == "vaultwarden_failed_auth"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][0].Evt.Meta["service"] == "vaultwarden"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][0].Evt.Meta["source_ip"] == "2001:db8::b6d3:95d7:1425:766d"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][0].Evt.Meta["source_ip"] == "::1"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][0].Evt.Meta["username"] == "test@example.com"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][0].Evt.Whitelisted == false
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][1].Success == true
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][1].Evt.Parsed["month"] == "02"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][1].Evt.Parsed["datetimestamp"] == "2022-02-03 16:10:15.993"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][1].Evt.Parsed["message"] == "[2022-02-03 16:10:15.993][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: ::1. Username: test@example.com."
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][1].Evt.Parsed["program"] == "Vaultwarden"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][1].Evt.Parsed["source_ip"] == "::1"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][1].Evt.Parsed["username"] == "test@example.com"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][1].Evt.Parsed["year"] == "2022"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][1].Evt.Parsed["date"] == "2022-02-03"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][1].Evt.Parsed["day"] == "03"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][1].Evt.Parsed["message"] == "[2022-02-03 16:10:15.993][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: 2001:db8::b6d3:95d7:1425:766d. Username: test@example.com."
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][1].Evt.Parsed["source_ip"] == "2001:db8::b6d3:95d7:1425:766d"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][1].Evt.Parsed["time"] == "16:10:15.993"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][1].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][1].Evt.Meta["datasource_type"] == "file"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][1].Evt.Meta["log_type"] == "vaultwarden_failed_auth"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][1].Evt.Meta["service"] == "vaultwarden"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][1].Evt.Meta["source_ip"] == "2001:db8::b6d3:95d7:1425:766d"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][1].Evt.Meta["source_ip"] == "::1"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][1].Evt.Meta["username"] == "test@example.com"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][1].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][1].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][1].Evt.Whitelisted == false
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][2].Success == true
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][2].Evt.Parsed["message"] == "[2022-02-03 16:10:14.593][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: 2001:db8::b6d3:95d7:1425:766d. Username: test@example.com."
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][2].Evt.Parsed["datetimestamp"] == "2022-02-03 16:10:14.593"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][2].Evt.Parsed["message"] == "[2022-02-03 16:10:14.593][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: ::1. Username: test@example.com."
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][2].Evt.Parsed["program"] == "Vaultwarden"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][2].Evt.Parsed["source_ip"] == "::1"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][2].Evt.Parsed["username"] == "test@example.com"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][2].Evt.Parsed["year"] == "2022"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][2].Evt.Parsed["date"] == "2022-02-03"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][2].Evt.Parsed["day"] == "03"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][2].Evt.Parsed["time"] == "16:10:14.593"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][2].Evt.Parsed["month"] == "02"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][2].Evt.Parsed["source_ip"] == "2001:db8::b6d3:95d7:1425:766d"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][2].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][2].Evt.Meta["datasource_type"] == "file"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][2].Evt.Meta["log_type"] == "vaultwarden_failed_auth"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][2].Evt.Meta["service"] == "vaultwarden"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][2].Evt.Meta["source_ip"] == "2001:db8::b6d3:95d7:1425:766d"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][2].Evt.Meta["source_ip"] == "::1"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][2].Evt.Meta["username"] == "test@example.com"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][2].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][2].Evt.Whitelisted == false
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][3].Success == true
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][3].Evt.Parsed["username"] == "test@example.com"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][3].Evt.Parsed["year"] == "2022"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][3].Evt.Parsed["month"] == "02"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][3].Evt.Parsed["datetimestamp"] == "2022-02-03 16:10:30.702"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][3].Evt.Parsed["message"] == "[2022-02-03 16:10:30.702][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: ::1. Username: test@example.com."
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][3].Evt.Parsed["program"] == "Vaultwarden"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][3].Evt.Parsed["source_ip"] == "2001:db8::b6d3:95d7:1425:766d"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][3].Evt.Parsed["time"] == "16:10:30.702"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][3].Evt.Parsed["date"] == "2022-02-03"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][3].Evt.Parsed["day"] == "03"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][3].Evt.Parsed["message"] == "[2022-02-03 16:10:30.702][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: 2001:db8::b6d3:95d7:1425:766d. Username: test@example.com."
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][3].Evt.Parsed["source_ip"] == "::1"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][3].Evt.Parsed["username"] == "test@example.com"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][3].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][3].Evt.Meta["datasource_type"] == "file"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][3].Evt.Meta["log_type"] == "vaultwarden_failed_auth"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][3].Evt.Meta["service"] == "vaultwarden"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][3].Evt.Meta["source_ip"] == "2001:db8::b6d3:95d7:1425:766d"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][3].Evt.Meta["source_ip"] == "::1"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][3].Evt.Meta["username"] == "test@example.com"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][3].Evt.Whitelisted == false
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][4].Success == true
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][4].Evt.Parsed["day"] == "03"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][4].Evt.Parsed["username"] == "test@example.com"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][4].Evt.Parsed["date"] == "2022-02-03"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][4].Evt.Parsed["month"] == "02"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][4].Evt.Parsed["datetimestamp"] == "2022-02-03 16:10:35.376"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][4].Evt.Parsed["message"] == "[2022-02-03 16:10:35.376][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: ::1. Username: test@example.com."
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][4].Evt.Parsed["program"] == "Vaultwarden"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][4].Evt.Parsed["source_ip"] == "2001:db8::b6d3:95d7:1425:766d"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][4].Evt.Parsed["time"] == "16:10:35.376"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][4].Evt.Parsed["year"] == "2022"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][4].Evt.Parsed["message"] == "[2022-02-03 16:10:35.376][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: 2001:db8::b6d3:95d7:1425:766d. Username: test@example.com."
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][4].Evt.Parsed["source_ip"] == "::1"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][4].Evt.Parsed["username"] == "test@example.com"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][4].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][4].Evt.Meta["datasource_type"] == "file"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][4].Evt.Meta["log_type"] == "vaultwarden_failed_auth"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][4].Evt.Meta["service"] == "vaultwarden"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][4].Evt.Meta["source_ip"] == "2001:db8::b6d3:95d7:1425:766d"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][4].Evt.Meta["source_ip"] == "::1"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][4].Evt.Meta["username"] == "test@example.com"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][4].Evt.Whitelisted == false
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][5].Success == true
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][5].Evt.Parsed["source_ip"] == "2001:db8::b6d3:95d7:1425:766d"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][5].Evt.Parsed["username"] == "test@example.com"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][5].Evt.Parsed["year"] == "2022"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][5].Evt.Parsed["date"] == "2022-02-03"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][5].Evt.Parsed["month"] == "02"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][5].Evt.Parsed["datetimestamp"] == "2022-02-03 16:10:36.810"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][5].Evt.Parsed["message"] == "[2022-02-03 16:10:36.810][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: ::1. Username: test@example.com."
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][5].Evt.Parsed["program"] == "Vaultwarden"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][5].Evt.Parsed["time"] == "16:10:36.810"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][5].Evt.Parsed["day"] == "03"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][5].Evt.Parsed["message"] == "[2022-02-03 16:10:36.810][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: 2001:db8::b6d3:95d7:1425:766d. Username: test@example.com."
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][5].Evt.Parsed["source_ip"] == "::1"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][5].Evt.Parsed["username"] == "test@example.com"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][5].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][5].Evt.Meta["datasource_type"] == "file"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][5].Evt.Meta["log_type"] == "vaultwarden_failed_auth"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][5].Evt.Meta["service"] == "vaultwarden"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][5].Evt.Meta["source_ip"] == "2001:db8::b6d3:95d7:1425:766d"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][5].Evt.Meta["source_ip"] == "::1"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][5].Evt.Meta["username"] == "test@example.com"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][5].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][5].Evt.Whitelisted == false
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][6].Success == true
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][6].Evt.Parsed["day"] == "03"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][6].Evt.Parsed["message"] == "[2021-02-03 16:10:59.955][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: 192.0.2.130. Username: test@example.com."
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][6].Evt.Parsed["month"] == "02"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][6].Evt.Parsed["source_ip"] == "192.0.2.130"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][6].Evt.Parsed["time"] == "16:10:59.955"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][6].Evt.Parsed["date"] == "2021-02-03"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][6].Evt.Parsed["username"] == "test@example.com"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][6].Evt.Parsed["year"] == "2021"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][6].Evt.Parsed["datetimestamp"] == "2021-02-03 16:10:59.955"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][6].Evt.Parsed["message"] == "[2021-02-03 16:10:59.955][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: 192.168.1.1. Username: test@example.com."
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][6].Evt.Parsed["program"] == "Vaultwarden"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][6].Evt.Meta["source_ip"] == "192.0.2.130"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][6].Evt.Meta["username"] == "test@example.com"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][6].Evt.Parsed["source_ip"] == "192.168.1.1"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][6].Evt.Parsed["username"] == "test@example.com"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][6].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][6].Evt.Meta["datasource_type"] == "file"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][6].Evt.Meta["log_type"] == "vaultwarden_failed_auth"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][6].Evt.Meta["service"] == "vaultwarden"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][6].Evt.Meta["source_ip"] == "192.168.1.1"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][6].Evt.Meta["username"] == "test@example.com"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][6].Evt.Whitelisted == false
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][7].Success == true
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][7].Evt.Parsed["username"] == "test@example.com"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][7].Evt.Parsed["date"] == "2021-02-03"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][7].Evt.Parsed["day"] == "03"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][7].Evt.Parsed["message"] == "[2021-02-03 16:11:02.266][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: 192.0.2.130. Username: test@example.com."
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][7].Evt.Parsed["datetimestamp"] == "2021-02-03 16:11:02.266"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][7].Evt.Parsed["message"] == "[2021-02-03 16:11:02.266][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: 192.168.1.1. Username: test@example.com."
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][7].Evt.Parsed["program"] == "Vaultwarden"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][7].Evt.Parsed["source_ip"] == "192.0.2.130"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][7].Evt.Parsed["time"] == "16:11:02.266"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][7].Evt.Parsed["month"] == "02"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][7].Evt.Parsed["year"] == "2021"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][7].Evt.Parsed["source_ip"] == "192.168.1.1"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][7].Evt.Parsed["username"] == "test@example.com"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][7].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][7].Evt.Meta["datasource_type"] == "file"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][7].Evt.Meta["log_type"] == "vaultwarden_failed_auth"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][7].Evt.Meta["service"] == "vaultwarden"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][7].Evt.Meta["source_ip"] == "192.0.2.130"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][7].Evt.Meta["source_ip"] == "192.168.1.1"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][7].Evt.Meta["username"] == "test@example.com"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][7].Evt.Whitelisted == false
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][8].Success == true
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][8].Evt.Parsed["time"] == "16:11:04.117"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][8].Evt.Parsed["year"] == "2021"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][8].Evt.Parsed["month"] == "02"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][8].Evt.Parsed["day"] == "03"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][8].Evt.Parsed["message"] == "[2021-02-03 16:11:04.117][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: 192.0.2.130. Username: test@example.com."
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][8].Evt.Parsed["datetimestamp"] == "2021-02-03 16:11:04.117"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][8].Evt.Parsed["message"] == "[2021-02-03 16:11:04.117][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: 192.168.1.1. Username: test@example.com."
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][8].Evt.Parsed["program"] == "Vaultwarden"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][8].Evt.Parsed["source_ip"] == "192.0.2.130"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][8].Evt.Parsed["source_ip"] == "192.168.1.1"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][8].Evt.Parsed["username"] == "test@example.com"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][8].Evt.Parsed["date"] == "2021-02-03"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][8].Evt.Meta["service"] == "vaultwarden"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][8].Evt.Meta["source_ip"] == "192.0.2.130"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][8].Evt.Meta["username"] == "test@example.com"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][8].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][8].Evt.Meta["datasource_type"] == "file"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][8].Evt.Meta["log_type"] == "vaultwarden_failed_auth"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][8].Evt.Meta["service"] == "vaultwarden"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][8].Evt.Meta["source_ip"] == "192.168.1.1"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][8].Evt.Meta["username"] == "test@example.com"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][8].Evt.Whitelisted == false
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][9].Success == true
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][9].Evt.Parsed["day"] == "03"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][9].Evt.Parsed["month"] == "02"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][9].Evt.Parsed["source_ip"] == "192.0.2.130"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][9].Evt.Parsed["time"] == "16:11:57.620"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][9].Evt.Parsed["year"] == "2021"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][9].Evt.Parsed["date"] == "2021-02-03"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][9].Evt.Parsed["message"] == "[2021-02-03 16:11:57.620][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: 192.0.2.130. Username: test@example.com."
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][9].Evt.Parsed["datetimestamp"] == "2021-02-03 16:11:57.620"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][9].Evt.Parsed["message"] == "[2021-02-03 16:11:57.620][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: 192.168.1.1. Username: test@example.com."
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][9].Evt.Parsed["program"] == "Vaultwarden"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][9].Evt.Parsed["source_ip"] == "192.168.1.1"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][9].Evt.Parsed["username"] == "test@example.com"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][9].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][9].Evt.Meta["datasource_type"] == "file"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][9].Evt.Meta["log_type"] == "vaultwarden_failed_auth"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][9].Evt.Meta["service"] == "vaultwarden"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][9].Evt.Meta["source_ip"] == "192.0.2.130"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][9].Evt.Meta["source_ip"] == "192.168.1.1"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][9].Evt.Meta["username"] == "test@example.com"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][9].Evt.Whitelisted == false
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][10].Success == true
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][10].Evt.Parsed["year"] == "2022"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][10].Evt.Parsed["date"] == "2022-02-05"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][10].Evt.Parsed["day"] == "05"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][10].Evt.Parsed["message"] == "[2022-02-05 11:55:04.725][vaultwarden::api::admin][ERROR] Invalid admin token. IP: 2001:db8:48::82b:7a19"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][10].Evt.Parsed["month"] == "02"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][10].Evt.Parsed["datetimestamp"] == "2022-02-05 11:55:04.725"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][10].Evt.Parsed["message"] == "[2022-02-05 11:55:04.725][vaultwarden::api::admin][ERROR] Invalid admin token. IP: ::1"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][10].Evt.Parsed["program"] == "Vaultwarden"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][10].Evt.Parsed["source_ip"] == "2001:db8:48::82b:7a19"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][10].Evt.Parsed["time"] == "11:55:04.725"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][10].Evt.Parsed["source_ip"] == "::1"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][10].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][10].Evt.Meta["datasource_type"] == "file"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][10].Evt.Meta["log_type"] == "vaultwarden_failed_admin_auth"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][10].Evt.Meta["service"] == "vaultwarden"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][10].Evt.Meta["source_ip"] == "2001:db8:48::82b:7a19"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][10].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][10].Evt.Meta["source_ip"] == "::1"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][10].Evt.Whitelisted == false
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][11].Success == true
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][11].Evt.Parsed["date"] == "2022-02-05"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][11].Evt.Parsed["day"] == "05"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][11].Evt.Parsed["message"] == "[2022-02-05 11:55:04.725][vaultwarden::api::admin][ERROR] Invalid admin token. IP: 2001:db8:48::82b:7a19"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][11].Evt.Parsed["month"] == "02"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][11].Evt.Parsed["datetimestamp"] == "2022-02-05 11:55:04.725"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][11].Evt.Parsed["message"] == "[2022-02-05 11:55:04.725][vaultwarden::api::admin][ERROR] Invalid admin token. IP: ::1"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][11].Evt.Parsed["program"] == "Vaultwarden"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][11].Evt.Parsed["source_ip"] == "2001:db8:48::82b:7a19"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][11].Evt.Parsed["time"] == "11:55:04.725"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][11].Evt.Parsed["year"] == "2022"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][11].Evt.Meta["source_ip"] == "2001:db8:48::82b:7a19"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][11].Evt.Parsed["source_ip"] == "::1"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][11].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][11].Evt.Meta["datasource_type"] == "file"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][11].Evt.Meta["log_type"] == "vaultwarden_failed_admin_auth"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][11].Evt.Meta["service"] == "vaultwarden"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][11].Evt.Meta["source_ip"] == "::1"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][11].Evt.Whitelisted == false
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][12].Success == true
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][12].Evt.Parsed["source_ip"] == "2001:db8:48::82b:7a19"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][12].Evt.Parsed["time"] == "11:55:04.725"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][12].Evt.Parsed["year"] == "2022"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][12].Evt.Parsed["date"] == "2022-02-05"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][12].Evt.Parsed["day"] == "05"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][12].Evt.Parsed["message"] == "[2022-02-05 11:55:04.725][vaultwarden::api::admin][ERROR] Invalid admin token. IP: 2001:db8:48::82b:7a19"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][12].Evt.Parsed["month"] == "02"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][12].Evt.Parsed["datetimestamp"] == "2022-02-05 11:55:04.725"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][12].Evt.Parsed["message"] == "[2022-02-05 11:55:04.725][vaultwarden::api::admin][ERROR] Invalid admin token. IP: ::1"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][12].Evt.Parsed["program"] == "Vaultwarden"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][12].Evt.Meta["service"] == "vaultwarden"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][12].Evt.Meta["source_ip"] == "2001:db8:48::82b:7a19"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][12].Evt.Parsed["source_ip"] == "::1"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][12].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][12].Evt.Meta["datasource_type"] == "file"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][12].Evt.Meta["log_type"] == "vaultwarden_failed_admin_auth"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][12].Evt.Meta["service"] == "vaultwarden"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][12].Evt.Meta["source_ip"] == "::1"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][12].Evt.Whitelisted == false
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][13].Success == true
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][13].Evt.Parsed["month"] == "02"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][13].Evt.Parsed["datetimestamp"] == "2022-02-05 11:55:04.725"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][13].Evt.Parsed["message"] == "[2022-02-05 11:55:04.725][vaultwarden::api::admin][ERROR] Invalid admin token. IP: ::1"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][13].Evt.Parsed["program"] == "Vaultwarden"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][13].Evt.Parsed["source_ip"] == "2001:db8:48::82b:7a19"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][13].Evt.Parsed["time"] == "11:55:04.725"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][13].Evt.Parsed["year"] == "2022"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][13].Evt.Parsed["date"] == "2022-02-05"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][13].Evt.Parsed["day"] == "05"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][13].Evt.Parsed["message"] == "[2022-02-05 11:55:04.725][vaultwarden::api::admin][ERROR] Invalid admin token. IP: 2001:db8:48::82b:7a19"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][13].Evt.Parsed["source_ip"] == "::1"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][13].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][13].Evt.Meta["datasource_type"] == "file"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][13].Evt.Meta["log_type"] == "vaultwarden_failed_admin_auth"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][13].Evt.Meta["service"] == "vaultwarden"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][13].Evt.Meta["source_ip"] == "2001:db8:48::82b:7a19"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][13].Evt.Meta["source_ip"] == "::1"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][13].Evt.Whitelisted == false
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][14].Success == true
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][14].Evt.Parsed["source_ip"] == "2001:db8:48::82b:7a19"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][14].Evt.Parsed["time"] == "11:55:04.725"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][14].Evt.Parsed["year"] == "2022"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][14].Evt.Parsed["date"] == "2022-02-05"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][14].Evt.Parsed["day"] == "05"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][14].Evt.Parsed["message"] == "[2022-02-05 11:55:04.725][vaultwarden::api::admin][ERROR] Invalid admin token. IP: 2001:db8:48::82b:7a19"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][14].Evt.Parsed["month"] == "02"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][14].Evt.Parsed["datetimestamp"] == "2022-02-05 11:55:04.725"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][14].Evt.Parsed["message"] == "[2022-02-05 11:55:04.725][vaultwarden::api::admin][ERROR] Invalid admin token. IP: ::1"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][14].Evt.Parsed["program"] == "Vaultwarden"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][14].Evt.Parsed["source_ip"] == "::1"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][14].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][14].Evt.Meta["datasource_type"] == "file"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][14].Evt.Meta["log_type"] == "vaultwarden_failed_admin_auth"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][14].Evt.Meta["service"] == "vaultwarden"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][14].Evt.Meta["source_ip"] == "2001:db8:48::82b:7a19"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][14].Evt.Meta["source_ip"] == "::1"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][14].Evt.Whitelisted == false
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][15].Success == true
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][15].Evt.Parsed["month"] == "02"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][15].Evt.Parsed["datetimestamp"] == "2022-02-05 11:55:04.725"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][15].Evt.Parsed["message"] == "[2022-02-05 11:55:04.725][vaultwarden::api::admin][ERROR] Invalid admin token. IP: ::1"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][15].Evt.Parsed["program"] == "Vaultwarden"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][15].Evt.Parsed["source_ip"] == "2001:db8:48::82b:7a19"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][15].Evt.Parsed["time"] == "11:55:04.725"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][15].Evt.Parsed["year"] == "2022"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][15].Evt.Parsed["date"] == "2022-02-05"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][15].Evt.Parsed["day"] == "05"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][15].Evt.Parsed["message"] == "[2022-02-05 11:55:04.725][vaultwarden::api::admin][ERROR] Invalid admin token. IP: 2001:db8:48::82b:7a19"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][15].Evt.Parsed["source_ip"] == "::1"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][15].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][15].Evt.Meta["datasource_type"] == "file"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][15].Evt.Meta["log_type"] == "vaultwarden_failed_admin_auth"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][15].Evt.Meta["service"] == "vaultwarden"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][15].Evt.Meta["source_ip"] == "2001:db8:48::82b:7a19"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][15].Evt.Meta["source_ip"] == "::1"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][15].Evt.Whitelisted == false
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][16].Success == true
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][16].Evt.Parsed["datetimestamp"] == "2022-02-05 12:01:51.892"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][16].Evt.Parsed["day"] == "05"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][16].Evt.Parsed["message"] == "[2022-02-05 12:01:51.892][vaultwarden::api::core::two_factor::authenticator][ERROR] Invalid TOTP code! Server time: 2022-02-05 12:01:51 UTC IP: ::1"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][16].Evt.Parsed["month"] == "02"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][16].Evt.Parsed["program"] == "Vaultwarden"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][16].Evt.Parsed["server_date"] == "2022-02-05"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][16].Evt.Parsed["server_time"] == "12:01:51"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][16].Evt.Parsed["server_tz"] == "UTC"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][16].Evt.Parsed["source_ip"] == "2001:db8:48::82b:7a18"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][16].Evt.Parsed["source_ip"] == "::1"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][16].Evt.Parsed["year"] == "2022"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][16].Evt.Parsed["date"] == "2022-02-05"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][16].Evt.Parsed["day"] == "05"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][16].Evt.Parsed["message"] == "[2022-02-05 12:01:51.892][vaultwarden::api::core::two_factor::authenticator][ERROR] Invalid TOTP code! Server time: 2022-02-05 12:01:51 UTC IP: 2001:db8:48::82b:7a18"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][16].Evt.Parsed["month"] == "02"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][16].Evt.Parsed["server_date"] == "2022-02-05"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][16].Evt.Parsed["time"] == "12:01:51.892"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][16].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][16].Evt.Meta["datasource_type"] == "file"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][16].Evt.Meta["log_type"] == "vaultwarden_failed_totp"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][16].Evt.Meta["service"] == "vaultwarden"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][16].Evt.Meta["source_ip"] == "2001:db8:48::82b:7a18"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][16].Evt.Meta["source_ip"] == "::1"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][16].Evt.Whitelisted == false
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][17].Success == true
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][17].Evt.Parsed["datetimestamp"] == "2022-02-05 12:01:51.892"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][17].Evt.Parsed["day"] == "05"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][17].Evt.Parsed["message"] == "[2022-02-05 12:01:51.892][vaultwarden::api::core::two_factor::authenticator][ERROR] Invalid TOTP code! Server time: 2022-02-05 12:01:51 UTC IP: ::1"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][17].Evt.Parsed["month"] == "02"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][17].Evt.Parsed["program"] == "Vaultwarden"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][17].Evt.Parsed["server_date"] == "2022-02-05"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][17].Evt.Parsed["server_time"] == "12:01:51"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][17].Evt.Parsed["server_tz"] == "UTC"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][17].Evt.Parsed["time"] == "12:01:51.892"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][17].Evt.Parsed["source_ip"] == "::1"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][17].Evt.Parsed["year"] == "2022"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][17].Evt.Parsed["date"] == "2022-02-05"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][17].Evt.Parsed["day"] == "05"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][17].Evt.Parsed["message"] == "[2022-02-05 12:01:51.892][vaultwarden::api::core::two_factor::authenticator][ERROR] Invalid TOTP code! Server time: 2022-02-05 12:01:51 UTC IP: 2001:db8:48::82b:7a18"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][17].Evt.Parsed["program"] == "Vaultwarden"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][17].Evt.Parsed["server_date"] == "2022-02-05"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][17].Evt.Parsed["source_ip"] == "2001:db8:48::82b:7a18"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][17].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][17].Evt.Meta["datasource_type"] == "file"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][17].Evt.Meta["log_type"] == "vaultwarden_failed_totp"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][17].Evt.Meta["service"] == "vaultwarden"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][17].Evt.Meta["source_ip"] == "2001:db8:48::82b:7a18"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][17].Evt.Meta["source_ip"] == "::1"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][17].Evt.Whitelisted == false
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][18].Success == true
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][18].Evt.Parsed["message"] == "[2022-02-05 12:01:51.892][vaultwarden::api::core::two_factor::authenticator][ERROR] Invalid TOTP code! Server time: 2022-02-05 12:01:51 UTC IP: 2001:db8:48::82b:7a18"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][18].Evt.Parsed["server_time"] == "12:01:51"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][18].Evt.Parsed["server_tz"] == "UTC"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][18].Evt.Parsed["source_ip"] == "2001:db8:48::82b:7a18"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][18].Evt.Parsed["time"] == "12:01:51.892"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][18].Evt.Parsed["year"] == "2022"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][18].Evt.Parsed["date"] == "2022-02-05"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][18].Evt.Parsed["datetimestamp"] == "2022-02-05 12:01:51.892"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][18].Evt.Parsed["day"] == "05"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][18].Evt.Parsed["server_date"] == "2022-02-05"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][18].Evt.Parsed["message"] == "[2022-02-05 12:01:51.892][vaultwarden::api::core::two_factor::authenticator][ERROR] Invalid TOTP code! Server time: 2022-02-05 12:01:51 UTC IP: ::1"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][18].Evt.Parsed["month"] == "02"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][18].Evt.Parsed["program"] == "Vaultwarden"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][18].Evt.Parsed["server_date"] == "2022-02-05"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][18].Evt.Parsed["server_time"] == "12:01:51"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][18].Evt.Parsed["server_tz"] == "UTC"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][18].Evt.Parsed["source_ip"] == "::1"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][18].Evt.Parsed["year"] == "2022"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][18].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][18].Evt.Meta["datasource_type"] == "file"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][18].Evt.Meta["log_type"] == "vaultwarden_failed_totp"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][18].Evt.Meta["service"] == "vaultwarden"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][18].Evt.Meta["source_ip"] == "2001:db8:48::82b:7a18"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][18].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][18].Evt.Meta["source_ip"] == "::1"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][18].Evt.Whitelisted == false
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][19].Success == true
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][19].Evt.Parsed["server_time"] == "12:01:51"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][19].Evt.Parsed["time"] == "12:01:51.892"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][19].Evt.Parsed["year"] == "2022"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][19].Evt.Parsed["date"] == "2022-02-05"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][19].Evt.Parsed["datetimestamp"] == "2022-02-05 12:01:51.892"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][19].Evt.Parsed["day"] == "05"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][19].Evt.Parsed["message"] == "[2022-02-05 12:01:51.892][vaultwarden::api::core::two_factor::authenticator][ERROR] Invalid TOTP code! Server time: 2022-02-05 12:01:51 UTC IP: ::1"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][19].Evt.Parsed["month"] == "02"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][19].Evt.Parsed["server_date"] == "2022-02-05"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][19].Evt.Parsed["message"] == "[2022-02-05 12:01:51.892][vaultwarden::api::core::two_factor::authenticator][ERROR] Invalid TOTP code! Server time: 2022-02-05 12:01:51 UTC IP: 2001:db8:48::82b:7a18"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][19].Evt.Parsed["program"] == "Vaultwarden"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][19].Evt.Parsed["server_date"] == "2022-02-05"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][19].Evt.Parsed["server_time"] == "12:01:51"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][19].Evt.Parsed["server_tz"] == "UTC"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][19].Evt.Parsed["source_ip"] == "2001:db8:48::82b:7a18"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][19].Evt.Meta["source_ip"] == "2001:db8:48::82b:7a18"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][19].Evt.Parsed["source_ip"] == "::1"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][19].Evt.Parsed["year"] == "2022"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][19].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][19].Evt.Meta["datasource_type"] == "file"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][19].Evt.Meta["log_type"] == "vaultwarden_failed_totp"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][19].Evt.Meta["service"] == "vaultwarden"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][19].Evt.Meta["source_ip"] == "::1"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][19].Evt.Whitelisted == false
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][20].Success == true
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][20].Evt.Parsed["date"] == "2022-02-05"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][20].Evt.Parsed["message"] == "[2022-02-05 12:01:51.892][vaultwarden::api::core::two_factor::authenticator][ERROR] Invalid TOTP code! Server time: 2022-02-05 12:01:51 UTC IP: 2001:db8:48::82b:7a18"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][20].Evt.Parsed["month"] == "02"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][20].Evt.Parsed["year"] == "2022"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][20].Evt.Parsed["datetimestamp"] == "2022-02-05 12:01:51.892"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][20].Evt.Parsed["day"] == "05"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][20].Evt.Parsed["message"] == "[2022-02-05 12:01:51.892][vaultwarden::api::core::two_factor::authenticator][ERROR] Invalid TOTP code! Server time: 2022-02-05 12:01:51 UTC IP: ::1"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][20].Evt.Parsed["month"] == "02"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][20].Evt.Parsed["program"] == "Vaultwarden"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][20].Evt.Parsed["server_date"] == "2022-02-05"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][20].Evt.Parsed["server_time"] == "12:01:51"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][20].Evt.Parsed["server_tz"] == "UTC"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][20].Evt.Parsed["source_ip"] == "2001:db8:48::82b:7a18"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][20].Evt.Parsed["time"] == "12:01:51.892"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][20].Evt.Meta["log_type"] == "vaultwarden_failed_totp"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][20].Evt.Meta["service"] == "vaultwarden"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][20].Evt.Meta["source_ip"] == "2001:db8:48::82b:7a18"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][20].Evt.Parsed["source_ip"] == "::1"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][20].Evt.Parsed["year"] == "2022"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][20].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][20].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][20].Evt.Meta["log_type"] == "vaultwarden_failed_totp"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][20].Evt.Meta["service"] == "vaultwarden"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][20].Evt.Meta["source_ip"] == "::1"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][20].Evt.Whitelisted == false
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][21].Success == true
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][21].Evt.Parsed["date"] == "2022-02-05"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][21].Evt.Parsed["message"] == "[2022-02-05 12:01:51.892][vaultwarden::api::core::two_factor::authenticator][ERROR] Invalid TOTP code! Server time: 2022-02-05 12:01:51 UTC IP: 2001:db8:48::82b:7a18"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][21].Evt.Parsed["server_date"] == "2022-02-05"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][21].Evt.Parsed["server_tz"] == "UTC"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][21].Evt.Parsed["time"] == "12:01:51.892"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][21].Evt.Parsed["year"] == "2022"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][21].Evt.Parsed["datetimestamp"] == "2022-02-05 12:01:51.892"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][21].Evt.Parsed["day"] == "05"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][21].Evt.Parsed["message"] == "[2022-02-05 12:01:51.892][vaultwarden::api::core::two_factor::authenticator][ERROR] Invalid TOTP code! Server time: 2022-02-05 12:01:51 UTC IP: ::1"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][21].Evt.Parsed["month"] == "02"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][21].Evt.Parsed["program"] == "Vaultwarden"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][21].Evt.Parsed["server_date"] == "2022-02-05"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][21].Evt.Parsed["server_time"] == "12:01:51"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][21].Evt.Parsed["source_ip"] == "2001:db8:48::82b:7a18"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][21].Evt.Parsed["server_tz"] == "UTC"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][21].Evt.Parsed["source_ip"] == "::1"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][21].Evt.Parsed["year"] == "2022"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][21].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][21].Evt.Meta["datasource_type"] == "file"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][21].Evt.Meta["log_type"] == "vaultwarden_failed_totp"
 results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][21].Evt.Meta["service"] == "vaultwarden"
-results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][21].Evt.Meta["source_ip"] == "2001:db8:48::82b:7a18"
-len(results["s02-enrich"]["crowdsecurity/dateparse-enrich"]) == 22
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][21].Evt.Meta["source_ip"] == "::1"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][21].Evt.Whitelisted == false
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][22].Success == true
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][22].Evt.Parsed["datetimestamp"] == "2024-03-02 17:38:19.023-0700"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][22].Evt.Parsed["message"] == "[2024-03-02 17:38:19.023-0700][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: 192.168.1.2. Username: blah@gmail.com."
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][22].Evt.Parsed["program"] == "Vaultwarden"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][22].Evt.Parsed["source_ip"] == "192.168.1.2"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][22].Evt.Parsed["username"] == "blah@gmail.com"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][22].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][22].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][22].Evt.Meta["log_type"] == "vaultwarden_failed_auth"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][22].Evt.Meta["service"] == "vaultwarden"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][22].Evt.Meta["source_ip"] == "192.168.1.2"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][22].Evt.Meta["username"] == "blah@gmail.com"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][22].Evt.Whitelisted == false
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][23].Success == true
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][23].Evt.Parsed["datetimestamp"] == "2024-03-02 17:42:20.407-0700"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][23].Evt.Parsed["message"] == "[2024-03-02 17:42:20.407-0700][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: 192.168.1.2. Username: blah@gmail.com."
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][23].Evt.Parsed["program"] == "Vaultwarden"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][23].Evt.Parsed["source_ip"] == "192.168.1.2"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][23].Evt.Parsed["username"] == "blah@gmail.com"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][23].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][23].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][23].Evt.Meta["log_type"] == "vaultwarden_failed_auth"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][23].Evt.Meta["service"] == "vaultwarden"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][23].Evt.Meta["source_ip"] == "192.168.1.2"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][23].Evt.Meta["username"] == "blah@gmail.com"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][23].Evt.Whitelisted == false
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][24].Success == true
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][24].Evt.Parsed["datetimestamp"] == "2024-03-07 21:16:33.743-0700"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][24].Evt.Parsed["day"] == "08"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][24].Evt.Parsed["message"] == "[2024-03-07 21:16:33.743-0700][vaultwarden::api::core::two_factor::authenticator][ERROR] Invalid TOTP code! Server time: 2024-03-08 04:16:33 UTC IP: 192.168.43.14"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][24].Evt.Parsed["month"] == "03"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][24].Evt.Parsed["program"] == "Vaultwarden"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][24].Evt.Parsed["server_date"] == "2024-03-08"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][24].Evt.Parsed["server_time"] == "04:16:33"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][24].Evt.Parsed["server_tz"] == "UTC"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][24].Evt.Parsed["source_ip"] == "192.168.43.14"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][24].Evt.Parsed["year"] == "2024"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][24].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][24].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][24].Evt.Meta["log_type"] == "vaultwarden_failed_totp"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][24].Evt.Meta["service"] == "vaultwarden"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][24].Evt.Meta["source_ip"] == "192.168.43.14"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][24].Evt.Whitelisted == false
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][25].Success == true
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][25].Evt.Parsed["datetimestamp"] == "2024-03-07 21:19:30.450-0700"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][25].Evt.Parsed["message"] == "[2024-03-07 21:19:30.450-0700][vaultwarden::api::admin][ERROR] Invalid admin token. IP: 192.168.41.1"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][25].Evt.Parsed["program"] == "Vaultwarden"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][25].Evt.Parsed["source_ip"] == "192.168.41.1"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][25].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][25].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][25].Evt.Meta["log_type"] == "vaultwarden_failed_admin_auth"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][25].Evt.Meta["service"] == "vaultwarden"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][25].Evt.Meta["source_ip"] == "192.168.41.1"
+results["s01-parse"]["Dominic-Wagner/vaultwarden-logs"][25].Evt.Whitelisted == false
+len(results["s02-enrich"]["crowdsecurity/dateparse-enrich"]) == 26
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Success == true
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["date"] == "2022-02-03"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["month"] == "02"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["datetimestamp"] == "2022-02-03 16:10:11.219"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["message"] == "[2022-02-03 16:10:11.219][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: ::1. Username: test@example.com."
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["program"] == "Vaultwarden"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["source_ip"] == "2001:db8::b6d3:95d7:1425:766d"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["time"] == "16:10:11.219"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["source_ip"] == "::1"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["username"] == "test@example.com"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["day"] == "03"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["message"] == "[2022-02-03 16:10:11.219][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: 2001:db8::b6d3:95d7:1425:766d. Username: test@example.com."
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["year"] == "2022"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["source_ip"] == "2001:db8::b6d3:95d7:1425:766d"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["timestamp"] == "2022-02-03T16:10:11.219Z"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["username"] == "test@example.com"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["datasource_type"] == "file"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["log_type"] == "vaultwarden_failed_auth"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["service"] == "vaultwarden"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["source_ip"] == "::1"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["timestamp"] == "2022-02-03T16:10:11.219Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["username"] == "test@example.com"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Enriched["MarshaledTime"] == "2022-02-03T16:10:11.219Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Whitelisted == false
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Success == true
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["source_ip"] == "2001:db8::b6d3:95d7:1425:766d"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["time"] == "16:10:15.993"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["username"] == "test@example.com"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["day"] == "03"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["message"] == "[2022-02-03 16:10:15.993][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: 2001:db8::b6d3:95d7:1425:766d. Username: test@example.com."
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["datetimestamp"] == "2022-02-03 16:10:15.993"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["message"] == "[2022-02-03 16:10:15.993][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: ::1. Username: test@example.com."
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["program"] == "Vaultwarden"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["date"] == "2022-02-03"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["month"] == "02"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["year"] == "2022"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["source_ip"] == "::1"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["username"] == "test@example.com"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["datasource_type"] == "file"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["log_type"] == "vaultwarden_failed_auth"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["service"] == "vaultwarden"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["source_ip"] == "2001:db8::b6d3:95d7:1425:766d"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["source_ip"] == "::1"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["timestamp"] == "2022-02-03T16:10:15.993Z"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["username"] == "test@example.com"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["datasource_type"] == "file"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Enriched["MarshaledTime"] == "2022-02-03T16:10:15.993Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Whitelisted == false
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Success == true
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["datetimestamp"] == "2022-02-03 16:10:14.593"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["message"] == "[2022-02-03 16:10:14.593][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: ::1. Username: test@example.com."
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["program"] == "Vaultwarden"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["source_ip"] == "2001:db8::b6d3:95d7:1425:766d"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["time"] == "16:10:14.593"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["source_ip"] == "::1"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["username"] == "test@example.com"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["date"] == "2022-02-03"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["message"] == "[2022-02-03 16:10:14.593][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: 2001:db8::b6d3:95d7:1425:766d. Username: test@example.com."
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["month"] == "02"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["year"] == "2022"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["day"] == "03"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["datasource_type"] == "file"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["log_type"] == "vaultwarden_failed_auth"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["service"] == "vaultwarden"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["source_ip"] == "2001:db8::b6d3:95d7:1425:766d"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["source_ip"] == "::1"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["timestamp"] == "2022-02-03T16:10:14.593Z"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["username"] == "test@example.com"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Enriched["MarshaledTime"] == "2022-02-03T16:10:14.593Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Whitelisted == false
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Success == true
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["message"] == "[2022-02-03 16:10:30.702][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: 2001:db8::b6d3:95d7:1425:766d. Username: test@example.com."
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["month"] == "02"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["datetimestamp"] == "2022-02-03 16:10:30.702"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["message"] == "[2022-02-03 16:10:30.702][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: ::1. Username: test@example.com."
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["program"] == "Vaultwarden"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["year"] == "2022"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["date"] == "2022-02-03"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["source_ip"] == "2001:db8::b6d3:95d7:1425:766d"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["time"] == "16:10:30.702"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["source_ip"] == "::1"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["username"] == "test@example.com"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["day"] == "03"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["datasource_type"] == "file"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["log_type"] == "vaultwarden_failed_auth"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["service"] == "vaultwarden"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["source_ip"] == "2001:db8::b6d3:95d7:1425:766d"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["source_ip"] == "::1"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["timestamp"] == "2022-02-03T16:10:30.702Z"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["username"] == "test@example.com"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Enriched["MarshaledTime"] == "2022-02-03T16:10:30.702Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Whitelisted == false
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Success == true
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["date"] == "2022-02-03"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["day"] == "03"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["month"] == "02"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["datetimestamp"] == "2022-02-03 16:10:35.376"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["message"] == "[2022-02-03 16:10:35.376][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: ::1. Username: test@example.com."
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["program"] == "Vaultwarden"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["year"] == "2022"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["message"] == "[2022-02-03 16:10:35.376][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: 2001:db8::b6d3:95d7:1425:766d. Username: test@example.com."
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["source_ip"] == "2001:db8::b6d3:95d7:1425:766d"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["time"] == "16:10:35.376"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["source_ip"] == "::1"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["username"] == "test@example.com"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["source_ip"] == "2001:db8::b6d3:95d7:1425:766d"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["timestamp"] == "2022-02-03T16:10:35.376Z"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["username"] == "test@example.com"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["datasource_type"] == "file"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["log_type"] == "vaultwarden_failed_auth"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["service"] == "vaultwarden"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["source_ip"] == "::1"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["timestamp"] == "2022-02-03T16:10:35.376Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["username"] == "test@example.com"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Enriched["MarshaledTime"] == "2022-02-03T16:10:35.376Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Whitelisted == false
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Success == true
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["source_ip"] == "2001:db8::b6d3:95d7:1425:766d"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["time"] == "16:10:36.810"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["date"] == "2022-02-03"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["datetimestamp"] == "2022-02-03 16:10:36.810"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["message"] == "[2022-02-03 16:10:36.810][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: ::1. Username: test@example.com."
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["program"] == "Vaultwarden"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["month"] == "02"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["source_ip"] == "::1"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["username"] == "test@example.com"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["year"] == "2022"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["day"] == "03"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["message"] == "[2022-02-03 16:10:36.810][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: 2001:db8::b6d3:95d7:1425:766d. Username: test@example.com."
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["datasource_type"] == "file"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["log_type"] == "vaultwarden_failed_auth"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["service"] == "vaultwarden"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["source_ip"] == "2001:db8::b6d3:95d7:1425:766d"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["source_ip"] == "::1"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["timestamp"] == "2022-02-03T16:10:36.81Z"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["username"] == "test@example.com"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["datasource_type"] == "file"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Enriched["MarshaledTime"] == "2022-02-03T16:10:36.81Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Whitelisted == false
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Success == true
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Parsed["day"] == "03"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Parsed["message"] == "[2021-02-03 16:10:59.955][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: 192.0.2.130. Username: test@example.com."
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Parsed["month"] == "02"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Parsed["datetimestamp"] == "2021-02-03 16:10:59.955"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Parsed["message"] == "[2021-02-03 16:10:59.955][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: 192.168.1.1. Username: test@example.com."
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Parsed["program"] == "Vaultwarden"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Parsed["source_ip"] == "192.0.2.130"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Parsed["time"] == "16:10:59.955"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Parsed["date"] == "2021-02-03"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Parsed["source_ip"] == "192.168.1.1"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Parsed["username"] == "test@example.com"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Parsed["year"] == "2021"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Meta["username"] == "test@example.com"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Meta["datasource_type"] == "file"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Meta["log_type"] == "vaultwarden_failed_auth"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Meta["service"] == "vaultwarden"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Meta["source_ip"] == "192.0.2.130"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Meta["source_ip"] == "192.168.1.1"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Meta["timestamp"] == "2021-02-03T16:10:59.955Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Meta["username"] == "test@example.com"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Enriched["MarshaledTime"] == "2021-02-03T16:10:59.955Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Whitelisted == false
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Success == true
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Parsed["year"] == "2021"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Parsed["day"] == "03"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Parsed["message"] == "[2021-02-03 16:11:02.266][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: 192.0.2.130. Username: test@example.com."
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Parsed["datetimestamp"] == "2021-02-03 16:11:02.266"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Parsed["message"] == "[2021-02-03 16:11:02.266][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: 192.168.1.1. Username: test@example.com."
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Parsed["program"] == "Vaultwarden"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Parsed["source_ip"] == "192.0.2.130"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Parsed["time"] == "16:11:02.266"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Parsed["date"] == "2021-02-03"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Parsed["month"] == "02"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Parsed["source_ip"] == "192.168.1.1"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Parsed["username"] == "test@example.com"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Meta["timestamp"] == "2021-02-03T16:11:02.266Z"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Meta["username"] == "test@example.com"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Meta["datasource_type"] == "file"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Meta["log_type"] == "vaultwarden_failed_auth"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Meta["service"] == "vaultwarden"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Meta["source_ip"] == "192.0.2.130"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Meta["source_ip"] == "192.168.1.1"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Meta["timestamp"] == "2021-02-03T16:11:02.266Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Meta["username"] == "test@example.com"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Enriched["MarshaledTime"] == "2021-02-03T16:11:02.266Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Whitelisted == false
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Success == true
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Parsed["day"] == "03"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Parsed["message"] == "[2021-02-03 16:11:04.117][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: 192.0.2.130. Username: test@example.com."
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Parsed["time"] == "16:11:04.117"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Parsed["username"] == "test@example.com"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Parsed["year"] == "2021"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Parsed["date"] == "2021-02-03"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Parsed["month"] == "02"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Parsed["datetimestamp"] == "2021-02-03 16:11:04.117"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Parsed["message"] == "[2021-02-03 16:11:04.117][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: 192.168.1.1. Username: test@example.com."
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Parsed["program"] == "Vaultwarden"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Parsed["source_ip"] == "192.0.2.130"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Meta["username"] == "test@example.com"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Parsed["source_ip"] == "192.168.1.1"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Parsed["username"] == "test@example.com"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Meta["datasource_type"] == "file"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Meta["log_type"] == "vaultwarden_failed_auth"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Meta["service"] == "vaultwarden"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Meta["source_ip"] == "192.0.2.130"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Meta["source_ip"] == "192.168.1.1"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Meta["timestamp"] == "2021-02-03T16:11:04.117Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Meta["username"] == "test@example.com"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Enriched["MarshaledTime"] == "2021-02-03T16:11:04.117Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Whitelisted == false
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][9].Success == true
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][9].Evt.Parsed["time"] == "16:11:57.620"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][9].Evt.Parsed["username"] == "test@example.com"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][9].Evt.Parsed["year"] == "2021"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][9].Evt.Parsed["day"] == "03"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][9].Evt.Parsed["message"] == "[2021-02-03 16:11:57.620][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: 192.0.2.130. Username: test@example.com."
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][9].Evt.Parsed["month"] == "02"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][9].Evt.Parsed["datetimestamp"] == "2021-02-03 16:11:57.620"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][9].Evt.Parsed["message"] == "[2021-02-03 16:11:57.620][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: 192.168.1.1. Username: test@example.com."
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][9].Evt.Parsed["program"] == "Vaultwarden"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][9].Evt.Parsed["date"] == "2021-02-03"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][9].Evt.Parsed["source_ip"] == "192.0.2.130"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][9].Evt.Parsed["source_ip"] == "192.168.1.1"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][9].Evt.Parsed["username"] == "test@example.com"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][9].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][9].Evt.Meta["datasource_type"] == "file"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][9].Evt.Meta["log_type"] == "vaultwarden_failed_auth"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][9].Evt.Meta["service"] == "vaultwarden"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][9].Evt.Meta["source_ip"] == "192.0.2.130"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][9].Evt.Meta["source_ip"] == "192.168.1.1"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][9].Evt.Meta["timestamp"] == "2021-02-03T16:11:57.62Z"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][9].Evt.Meta["username"] == "test@example.com"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][9].Evt.Enriched["MarshaledTime"] == "2021-02-03T16:11:57.62Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][9].Evt.Whitelisted == false
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Success == true
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Evt.Parsed["year"] == "2022"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Evt.Parsed["date"] == "2022-02-05"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Evt.Parsed["day"] == "05"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Evt.Parsed["message"] == "[2022-02-05 11:55:04.725][vaultwarden::api::admin][ERROR] Invalid admin token. IP: 2001:db8:48::82b:7a19"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Evt.Parsed["month"] == "02"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Evt.Parsed["datetimestamp"] == "2022-02-05 11:55:04.725"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Evt.Parsed["message"] == "[2022-02-05 11:55:04.725][vaultwarden::api::admin][ERROR] Invalid admin token. IP: ::1"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Evt.Parsed["program"] == "Vaultwarden"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Evt.Parsed["source_ip"] == "2001:db8:48::82b:7a19"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Evt.Parsed["time"] == "11:55:04.725"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Evt.Meta["source_ip"] == "2001:db8:48::82b:7a19"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Evt.Meta["timestamp"] == "2022-02-05T11:55:04.725Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Evt.Parsed["source_ip"] == "::1"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Evt.Meta["datasource_type"] == "file"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Evt.Meta["log_type"] == "vaultwarden_failed_admin_auth"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Evt.Meta["service"] == "vaultwarden"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Evt.Meta["source_ip"] == "::1"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Evt.Meta["timestamp"] == "2022-02-05T11:55:04.725Z"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Evt.Enriched["MarshaledTime"] == "2022-02-05T11:55:04.725Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Evt.Whitelisted == false
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Success == true
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Parsed["datetimestamp"] == "2022-02-05 11:55:04.725"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Parsed["message"] == "[2022-02-05 11:55:04.725][vaultwarden::api::admin][ERROR] Invalid admin token. IP: ::1"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Parsed["program"] == "Vaultwarden"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Parsed["source_ip"] == "2001:db8:48::82b:7a19"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Parsed["time"] == "11:55:04.725"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Parsed["year"] == "2022"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Parsed["date"] == "2022-02-05"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Parsed["day"] == "05"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Parsed["message"] == "[2022-02-05 11:55:04.725][vaultwarden::api::admin][ERROR] Invalid admin token. IP: 2001:db8:48::82b:7a19"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Parsed["month"] == "02"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Meta["service"] == "vaultwarden"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Meta["source_ip"] == "2001:db8:48::82b:7a19"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Meta["timestamp"] == "2022-02-05T11:55:04.725Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Parsed["source_ip"] == "::1"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Meta["datasource_type"] == "file"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Meta["log_type"] == "vaultwarden_failed_admin_auth"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Meta["service"] == "vaultwarden"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Meta["source_ip"] == "::1"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Meta["timestamp"] == "2022-02-05T11:55:04.725Z"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Enriched["MarshaledTime"] == "2022-02-05T11:55:04.725Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Whitelisted == false
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Success == true
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Evt.Parsed["message"] == "[2022-02-05 11:55:04.725][vaultwarden::api::admin][ERROR] Invalid admin token. IP: 2001:db8:48::82b:7a19"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Evt.Parsed["month"] == "02"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Evt.Parsed["datetimestamp"] == "2022-02-05 11:55:04.725"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Evt.Parsed["message"] == "[2022-02-05 11:55:04.725][vaultwarden::api::admin][ERROR] Invalid admin token. IP: ::1"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Evt.Parsed["program"] == "Vaultwarden"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Evt.Parsed["source_ip"] == "2001:db8:48::82b:7a19"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Evt.Parsed["time"] == "11:55:04.725"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Evt.Parsed["year"] == "2022"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Evt.Parsed["date"] == "2022-02-05"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Evt.Parsed["day"] == "05"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Evt.Parsed["source_ip"] == "::1"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Evt.Meta["datasource_type"] == "file"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Evt.Meta["log_type"] == "vaultwarden_failed_admin_auth"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Evt.Meta["service"] == "vaultwarden"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Evt.Meta["source_ip"] == "2001:db8:48::82b:7a19"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Evt.Meta["source_ip"] == "::1"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Evt.Meta["timestamp"] == "2022-02-05T11:55:04.725Z"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Evt.Meta["datasource_type"] == "file"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Evt.Enriched["MarshaledTime"] == "2022-02-05T11:55:04.725Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Evt.Whitelisted == false
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Success == true
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Evt.Parsed["time"] == "11:55:04.725"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Evt.Parsed["year"] == "2022"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Evt.Parsed["date"] == "2022-02-05"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Evt.Parsed["day"] == "05"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Evt.Parsed["message"] == "[2022-02-05 11:55:04.725][vaultwarden::api::admin][ERROR] Invalid admin token. IP: 2001:db8:48::82b:7a19"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Evt.Parsed["month"] == "02"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Evt.Parsed["datetimestamp"] == "2022-02-05 11:55:04.725"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Evt.Parsed["message"] == "[2022-02-05 11:55:04.725][vaultwarden::api::admin][ERROR] Invalid admin token. IP: ::1"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Evt.Parsed["program"] == "Vaultwarden"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Evt.Parsed["source_ip"] == "2001:db8:48::82b:7a19"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Evt.Parsed["source_ip"] == "::1"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Evt.Meta["datasource_type"] == "file"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Evt.Meta["log_type"] == "vaultwarden_failed_admin_auth"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Evt.Meta["service"] == "vaultwarden"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Evt.Meta["source_ip"] == "2001:db8:48::82b:7a19"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Evt.Meta["source_ip"] == "::1"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Evt.Meta["timestamp"] == "2022-02-05T11:55:04.725Z"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Evt.Enriched["MarshaledTime"] == "2022-02-05T11:55:04.725Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Evt.Whitelisted == false
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Success == true
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Evt.Parsed["month"] == "02"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Evt.Parsed["datetimestamp"] == "2022-02-05 11:55:04.725"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Evt.Parsed["message"] == "[2022-02-05 11:55:04.725][vaultwarden::api::admin][ERROR] Invalid admin token. IP: ::1"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Evt.Parsed["program"] == "Vaultwarden"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Evt.Parsed["source_ip"] == "2001:db8:48::82b:7a19"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Evt.Parsed["time"] == "11:55:04.725"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Evt.Parsed["year"] == "2022"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Evt.Parsed["date"] == "2022-02-05"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Evt.Parsed["day"] == "05"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Evt.Parsed["message"] == "[2022-02-05 11:55:04.725][vaultwarden::api::admin][ERROR] Invalid admin token. IP: 2001:db8:48::82b:7a19"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Evt.Parsed["source_ip"] == "::1"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Evt.Meta["datasource_type"] == "file"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Evt.Meta["log_type"] == "vaultwarden_failed_admin_auth"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Evt.Meta["service"] == "vaultwarden"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Evt.Meta["source_ip"] == "2001:db8:48::82b:7a19"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Evt.Meta["source_ip"] == "::1"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Evt.Meta["timestamp"] == "2022-02-05T11:55:04.725Z"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Evt.Enriched["MarshaledTime"] == "2022-02-05T11:55:04.725Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Evt.Whitelisted == false
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Success == true
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Parsed["day"] == "05"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Parsed["message"] == "[2022-02-05 11:55:04.725][vaultwarden::api::admin][ERROR] Invalid admin token. IP: 2001:db8:48::82b:7a19"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Parsed["month"] == "02"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Parsed["datetimestamp"] == "2022-02-05 11:55:04.725"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Parsed["message"] == "[2022-02-05 11:55:04.725][vaultwarden::api::admin][ERROR] Invalid admin token. IP: ::1"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Parsed["program"] == "Vaultwarden"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Parsed["source_ip"] == "2001:db8:48::82b:7a19"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Parsed["time"] == "11:55:04.725"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Parsed["year"] == "2022"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Parsed["date"] == "2022-02-05"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Parsed["source_ip"] == "::1"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Meta["datasource_type"] == "file"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Meta["log_type"] == "vaultwarden_failed_admin_auth"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Meta["service"] == "vaultwarden"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Meta["source_ip"] == "2001:db8:48::82b:7a19"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Meta["source_ip"] == "::1"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Meta["timestamp"] == "2022-02-05T11:55:04.725Z"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Meta["datasource_type"] == "file"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Enriched["MarshaledTime"] == "2022-02-05T11:55:04.725Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Whitelisted == false
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][16].Success == true
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][16].Evt.Parsed["server_date"] == "2022-02-05"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][16].Evt.Parsed["time"] == "12:01:51.892"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][16].Evt.Parsed["server_tz"] == "UTC"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][16].Evt.Parsed["source_ip"] == "2001:db8:48::82b:7a18"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][16].Evt.Parsed["date"] == "2022-02-05"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][16].Evt.Parsed["datetimestamp"] == "2022-02-05 12:01:51.892"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][16].Evt.Parsed["day"] == "05"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][16].Evt.Parsed["message"] == "[2022-02-05 12:01:51.892][vaultwarden::api::core::two_factor::authenticator][ERROR] Invalid TOTP code! Server time: 2022-02-05 12:01:51 UTC IP: 2001:db8:48::82b:7a18"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][16].Evt.Parsed["message"] == "[2022-02-05 12:01:51.892][vaultwarden::api::core::two_factor::authenticator][ERROR] Invalid TOTP code! Server time: 2022-02-05 12:01:51 UTC IP: ::1"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][16].Evt.Parsed["month"] == "02"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][16].Evt.Parsed["program"] == "Vaultwarden"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][16].Evt.Parsed["server_date"] == "2022-02-05"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][16].Evt.Parsed["server_time"] == "12:01:51"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][16].Evt.Parsed["server_tz"] == "UTC"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][16].Evt.Parsed["source_ip"] == "::1"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][16].Evt.Parsed["year"] == "2022"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][16].Evt.Meta["service"] == "vaultwarden"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][16].Evt.Meta["source_ip"] == "2001:db8:48::82b:7a18"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][16].Evt.Meta["timestamp"] == "2022-02-05T12:01:51.892Z"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][16].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][16].Evt.Meta["datasource_type"] == "file"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][16].Evt.Meta["log_type"] == "vaultwarden_failed_totp"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][16].Evt.Meta["service"] == "vaultwarden"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][16].Evt.Meta["source_ip"] == "::1"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][16].Evt.Meta["timestamp"] == "2022-02-05T12:01:51.892Z"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][16].Evt.Enriched["MarshaledTime"] == "2022-02-05T12:01:51.892Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][16].Evt.Whitelisted == false
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][17].Success == true
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][17].Evt.Parsed["date"] == "2022-02-05"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][17].Evt.Parsed["datetimestamp"] == "2022-02-05 12:01:51.892"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][17].Evt.Parsed["day"] == "05"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][17].Evt.Parsed["message"] == "[2022-02-05 12:01:51.892][vaultwarden::api::core::two_factor::authenticator][ERROR] Invalid TOTP code! Server time: 2022-02-05 12:01:51 UTC IP: ::1"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][17].Evt.Parsed["month"] == "02"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][17].Evt.Parsed["program"] == "Vaultwarden"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][17].Evt.Parsed["server_date"] == "2022-02-05"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][17].Evt.Parsed["server_time"] == "12:01:51"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][17].Evt.Parsed["server_tz"] == "UTC"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][17].Evt.Parsed["day"] == "05"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][17].Evt.Parsed["message"] == "[2022-02-05 12:01:51.892][vaultwarden::api::core::two_factor::authenticator][ERROR] Invalid TOTP code! Server time: 2022-02-05 12:01:51 UTC IP: 2001:db8:48::82b:7a18"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][17].Evt.Parsed["program"] == "Vaultwarden"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][17].Evt.Parsed["source_ip"] == "2001:db8:48::82b:7a18"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][17].Evt.Parsed["time"] == "12:01:51.892"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][17].Evt.Parsed["source_ip"] == "::1"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][17].Evt.Parsed["year"] == "2022"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][17].Evt.Meta["timestamp"] == "2022-02-05T12:01:51.892Z"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][17].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][17].Evt.Meta["datasource_type"] == "file"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][17].Evt.Meta["log_type"] == "vaultwarden_failed_totp"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][17].Evt.Meta["service"] == "vaultwarden"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][17].Evt.Meta["source_ip"] == "2001:db8:48::82b:7a18"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][17].Evt.Meta["source_ip"] == "::1"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][17].Evt.Meta["timestamp"] == "2022-02-05T12:01:51.892Z"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][17].Evt.Enriched["MarshaledTime"] == "2022-02-05T12:01:51.892Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][17].Evt.Whitelisted == false
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][18].Success == true
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][18].Evt.Parsed["date"] == "2022-02-05"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][18].Evt.Parsed["message"] == "[2022-02-05 12:01:51.892][vaultwarden::api::core::two_factor::authenticator][ERROR] Invalid TOTP code! Server time: 2022-02-05 12:01:51 UTC IP: 2001:db8:48::82b:7a18"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][18].Evt.Parsed["datetimestamp"] == "2022-02-05 12:01:51.892"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][18].Evt.Parsed["day"] == "05"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][18].Evt.Parsed["message"] == "[2022-02-05 12:01:51.892][vaultwarden::api::core::two_factor::authenticator][ERROR] Invalid TOTP code! Server time: 2022-02-05 12:01:51 UTC IP: ::1"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][18].Evt.Parsed["month"] == "02"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][18].Evt.Parsed["program"] == "Vaultwarden"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][18].Evt.Parsed["server_date"] == "2022-02-05"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][18].Evt.Parsed["server_time"] == "12:01:51"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][18].Evt.Parsed["server_tz"] == "UTC"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][18].Evt.Parsed["source_ip"] == "::1"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][18].Evt.Parsed["year"] == "2022"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][18].Evt.Parsed["day"] == "05"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][18].Evt.Parsed["program"] == "Vaultwarden"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][18].Evt.Parsed["server_time"] == "12:01:51"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][18].Evt.Parsed["source_ip"] == "2001:db8:48::82b:7a18"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][18].Evt.Parsed["time"] == "12:01:51.892"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][18].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][18].Evt.Meta["datasource_type"] == "file"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][18].Evt.Meta["log_type"] == "vaultwarden_failed_totp"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][18].Evt.Meta["service"] == "vaultwarden"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][18].Evt.Meta["source_ip"] == "2001:db8:48::82b:7a18"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][18].Evt.Meta["source_ip"] == "::1"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][18].Evt.Meta["timestamp"] == "2022-02-05T12:01:51.892Z"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][18].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][18].Evt.Enriched["MarshaledTime"] == "2022-02-05T12:01:51.892Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][18].Evt.Whitelisted == false
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][19].Success == true
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][19].Evt.Parsed["message"] == "[2022-02-05 12:01:51.892][vaultwarden::api::core::two_factor::authenticator][ERROR] Invalid TOTP code! Server time: 2022-02-05 12:01:51 UTC IP: 2001:db8:48::82b:7a18"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][19].Evt.Parsed["month"] == "02"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][19].Evt.Parsed["time"] == "12:01:51.892"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][19].Evt.Parsed["server_tz"] == "UTC"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][19].Evt.Parsed["source_ip"] == "2001:db8:48::82b:7a18"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][19].Evt.Parsed["year"] == "2022"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][19].Evt.Parsed["date"] == "2022-02-05"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][19].Evt.Parsed["datetimestamp"] == "2022-02-05 12:01:51.892"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][19].Evt.Parsed["day"] == "05"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][19].Evt.Parsed["message"] == "[2022-02-05 12:01:51.892][vaultwarden::api::core::two_factor::authenticator][ERROR] Invalid TOTP code! Server time: 2022-02-05 12:01:51 UTC IP: ::1"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][19].Evt.Parsed["month"] == "02"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][19].Evt.Parsed["program"] == "Vaultwarden"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][19].Evt.Parsed["server_date"] == "2022-02-05"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][19].Evt.Parsed["server_time"] == "12:01:51"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][19].Evt.Parsed["server_tz"] == "UTC"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][19].Evt.Parsed["source_ip"] == "::1"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][19].Evt.Parsed["year"] == "2022"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][19].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][19].Evt.Meta["datasource_type"] == "file"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][19].Evt.Meta["log_type"] == "vaultwarden_failed_totp"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][19].Evt.Meta["service"] == "vaultwarden"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][19].Evt.Meta["source_ip"] == "2001:db8:48::82b:7a18"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][19].Evt.Meta["source_ip"] == "::1"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][19].Evt.Meta["timestamp"] == "2022-02-05T12:01:51.892Z"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][19].Evt.Enriched["MarshaledTime"] == "2022-02-05T12:01:51.892Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][19].Evt.Whitelisted == false
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][20].Success == true
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][20].Evt.Parsed["date"] == "2022-02-05"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][20].Evt.Parsed["message"] == "[2022-02-05 12:01:51.892][vaultwarden::api::core::two_factor::authenticator][ERROR] Invalid TOTP code! Server time: 2022-02-05 12:01:51 UTC IP: 2001:db8:48::82b:7a18"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][20].Evt.Parsed["program"] == "Vaultwarden"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][20].Evt.Parsed["server_tz"] == "UTC"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][20].Evt.Parsed["datetimestamp"] == "2022-02-05 12:01:51.892"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][20].Evt.Parsed["day"] == "05"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][20].Evt.Parsed["message"] == "[2022-02-05 12:01:51.892][vaultwarden::api::core::two_factor::authenticator][ERROR] Invalid TOTP code! Server time: 2022-02-05 12:01:51 UTC IP: ::1"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][20].Evt.Parsed["month"] == "02"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][20].Evt.Parsed["program"] == "Vaultwarden"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][20].Evt.Parsed["server_date"] == "2022-02-05"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][20].Evt.Parsed["server_time"] == "12:01:51"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][20].Evt.Parsed["source_ip"] == "2001:db8:48::82b:7a18"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][20].Evt.Parsed["time"] == "12:01:51.892"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][20].Evt.Parsed["server_tz"] == "UTC"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][20].Evt.Parsed["source_ip"] == "::1"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][20].Evt.Parsed["year"] == "2022"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][20].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][20].Evt.Meta["datasource_type"] == "file"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][20].Evt.Meta["log_type"] == "vaultwarden_failed_totp"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][20].Evt.Meta["service"] == "vaultwarden"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][20].Evt.Meta["source_ip"] == "2001:db8:48::82b:7a18"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][20].Evt.Meta["source_ip"] == "::1"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][20].Evt.Meta["timestamp"] == "2022-02-05T12:01:51.892Z"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][20].Evt.Enriched["MarshaledTime"] == "2022-02-05T12:01:51.892Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][20].Evt.Whitelisted == false
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][21].Success == true
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][21].Evt.Parsed["date"] == "2022-02-05"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][21].Evt.Parsed["datetimestamp"] == "2022-02-05 12:01:51.892"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][21].Evt.Parsed["day"] == "05"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][21].Evt.Parsed["message"] == "[2022-02-05 12:01:51.892][vaultwarden::api::core::two_factor::authenticator][ERROR] Invalid TOTP code! Server time: 2022-02-05 12:01:51 UTC IP: 2001:db8:48::82b:7a18"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][21].Evt.Parsed["server_date"] == "2022-02-05"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][21].Evt.Parsed["message"] == "[2022-02-05 12:01:51.892][vaultwarden::api::core::two_factor::authenticator][ERROR] Invalid TOTP code! Server time: 2022-02-05 12:01:51 UTC IP: ::1"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][21].Evt.Parsed["month"] == "02"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][21].Evt.Parsed["program"] == "Vaultwarden"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][21].Evt.Parsed["server_date"] == "2022-02-05"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][21].Evt.Parsed["server_time"] == "12:01:51"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][21].Evt.Parsed["server_tz"] == "UTC"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][21].Evt.Parsed["source_ip"] == "2001:db8:48::82b:7a18"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][21].Evt.Parsed["time"] == "12:01:51.892"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][21].Evt.Parsed["source_ip"] == "::1"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][21].Evt.Parsed["year"] == "2022"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][21].Evt.Meta["timestamp"] == "2022-02-05T12:01:51.892Z"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][21].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][21].Evt.Meta["datasource_type"] == "file"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][21].Evt.Meta["log_type"] == "vaultwarden_failed_totp"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][21].Evt.Meta["service"] == "vaultwarden"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][21].Evt.Meta["source_ip"] == "2001:db8:48::82b:7a18"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][21].Evt.Meta["source_ip"] == "::1"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][21].Evt.Meta["timestamp"] == "2022-02-05T12:01:51.892Z"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][21].Evt.Enriched["MarshaledTime"] == "2022-02-05T12:01:51.892Z"
-len(results["success"][""]) == 0
\ No newline at end of file
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][21].Evt.Whitelisted == false
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][22].Success == true
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][22].Evt.Parsed["datetimestamp"] == "2024-03-02 17:38:19.023-0700"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][22].Evt.Parsed["message"] == "[2024-03-02 17:38:19.023-0700][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: 192.168.1.2. Username: blah@gmail.com."
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][22].Evt.Parsed["program"] == "Vaultwarden"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][22].Evt.Parsed["source_ip"] == "192.168.1.2"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][22].Evt.Parsed["username"] == "blah@gmail.com"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][22].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][22].Evt.Meta["datasource_type"] == "file"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][22].Evt.Meta["log_type"] == "vaultwarden_failed_auth"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][22].Evt.Meta["service"] == "vaultwarden"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][22].Evt.Meta["source_ip"] == "192.168.1.2"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][22].Evt.Meta["timestamp"] == "2024-09-18T10:30:09.900629277Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][22].Evt.Meta["username"] == "blah@gmail.com"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][22].Evt.Enriched["MarshaledTime"] == "2024-09-18T10:30:09.900629277Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][22].Evt.Whitelisted == false
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][23].Success == true
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][23].Evt.Parsed["datetimestamp"] == "2024-03-02 17:42:20.407-0700"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][23].Evt.Parsed["message"] == "[2024-03-02 17:42:20.407-0700][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: 192.168.1.2. Username: blah@gmail.com."
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][23].Evt.Parsed["program"] == "Vaultwarden"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][23].Evt.Parsed["source_ip"] == "192.168.1.2"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][23].Evt.Parsed["username"] == "blah@gmail.com"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][23].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][23].Evt.Meta["datasource_type"] == "file"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][23].Evt.Meta["log_type"] == "vaultwarden_failed_auth"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][23].Evt.Meta["service"] == "vaultwarden"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][23].Evt.Meta["source_ip"] == "192.168.1.2"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][23].Evt.Meta["timestamp"] == "2024-09-18T10:30:09.900739626Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][23].Evt.Meta["username"] == "blah@gmail.com"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][23].Evt.Enriched["MarshaledTime"] == "2024-09-18T10:30:09.900739626Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][23].Evt.Whitelisted == false
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][24].Success == true
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][24].Evt.Parsed["datetimestamp"] == "2024-03-07 21:16:33.743-0700"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][24].Evt.Parsed["day"] == "08"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][24].Evt.Parsed["message"] == "[2024-03-07 21:16:33.743-0700][vaultwarden::api::core::two_factor::authenticator][ERROR] Invalid TOTP code! Server time: 2024-03-08 04:16:33 UTC IP: 192.168.43.14"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][24].Evt.Parsed["month"] == "03"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][24].Evt.Parsed["program"] == "Vaultwarden"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][24].Evt.Parsed["server_date"] == "2024-03-08"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][24].Evt.Parsed["server_time"] == "04:16:33"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][24].Evt.Parsed["server_tz"] == "UTC"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][24].Evt.Parsed["source_ip"] == "192.168.43.14"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][24].Evt.Parsed["year"] == "2024"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][24].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][24].Evt.Meta["datasource_type"] == "file"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][24].Evt.Meta["log_type"] == "vaultwarden_failed_totp"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][24].Evt.Meta["service"] == "vaultwarden"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][24].Evt.Meta["source_ip"] == "192.168.43.14"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][24].Evt.Meta["timestamp"] == "2024-09-18T10:30:09.900881226Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][24].Evt.Enriched["MarshaledTime"] == "2024-09-18T10:30:09.900881226Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][24].Evt.Whitelisted == false
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][25].Success == true
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][25].Evt.Parsed["datetimestamp"] == "2024-03-07 21:19:30.450-0700"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][25].Evt.Parsed["message"] == "[2024-03-07 21:19:30.450-0700][vaultwarden::api::admin][ERROR] Invalid admin token. IP: 192.168.41.1"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][25].Evt.Parsed["program"] == "Vaultwarden"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][25].Evt.Parsed["source_ip"] == "192.168.41.1"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][25].Evt.Meta["datasource_path"] == "vaultwarden-logs.log"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][25].Evt.Meta["datasource_type"] == "file"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][25].Evt.Meta["log_type"] == "vaultwarden_failed_admin_auth"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][25].Evt.Meta["service"] == "vaultwarden"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][25].Evt.Meta["source_ip"] == "192.168.41.1"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][25].Evt.Meta["timestamp"] == "2024-09-18T10:30:09.900998594Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][25].Evt.Enriched["MarshaledTime"] == "2024-09-18T10:30:09.900998594Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][25].Evt.Whitelisted == false
+len(results["success"][""]) == 0
diff --git a/.tests/vaultwarden-logs/vaultwarden-logs.log b/.tests/vaultwarden-logs/vaultwarden-logs.log
index 90f873b3380..0520bfcc45b 100644
--- a/.tests/vaultwarden-logs/vaultwarden-logs.log
+++ b/.tests/vaultwarden-logs/vaultwarden-logs.log
@@ -1,22 +1,26 @@
-[2022-02-03 16:10:11.219][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: 2001:db8::b6d3:95d7:1425:766d. Username: test@example.com.
-[2022-02-03 16:10:15.993][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: 2001:db8::b6d3:95d7:1425:766d. Username: test@example.com.
-[2022-02-03 16:10:14.593][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: 2001:db8::b6d3:95d7:1425:766d. Username: test@example.com.
-[2022-02-03 16:10:30.702][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: 2001:db8::b6d3:95d7:1425:766d. Username: test@example.com.
-[2022-02-03 16:10:35.376][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: 2001:db8::b6d3:95d7:1425:766d. Username: test@example.com.
-[2022-02-03 16:10:36.810][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: 2001:db8::b6d3:95d7:1425:766d. Username: test@example.com.
-[2021-02-03 16:10:59.955][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: 192.0.2.130. Username: test@example.com.
-[2021-02-03 16:11:02.266][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: 192.0.2.130. Username: test@example.com.
-[2021-02-03 16:11:04.117][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: 192.0.2.130. Username: test@example.com.
-[2021-02-03 16:11:57.620][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: 192.0.2.130. Username: test@example.com.
-[2022-02-05 11:55:04.725][vaultwarden::api::admin][ERROR] Invalid admin token. IP: 2001:db8:48::82b:7a19
-[2022-02-05 11:55:04.725][vaultwarden::api::admin][ERROR] Invalid admin token. IP: 2001:db8:48::82b:7a19
-[2022-02-05 11:55:04.725][vaultwarden::api::admin][ERROR] Invalid admin token. IP: 2001:db8:48::82b:7a19
-[2022-02-05 11:55:04.725][vaultwarden::api::admin][ERROR] Invalid admin token. IP: 2001:db8:48::82b:7a19
-[2022-02-05 11:55:04.725][vaultwarden::api::admin][ERROR] Invalid admin token. IP: 2001:db8:48::82b:7a19
-[2022-02-05 11:55:04.725][vaultwarden::api::admin][ERROR] Invalid admin token. IP: 2001:db8:48::82b:7a19
-[2022-02-05 12:01:51.892][vaultwarden::api::core::two_factor::authenticator][ERROR] Invalid TOTP code! Server time: 2022-02-05 12:01:51 UTC IP: 2001:db8:48::82b:7a18
-[2022-02-05 12:01:51.892][vaultwarden::api::core::two_factor::authenticator][ERROR] Invalid TOTP code! Server time: 2022-02-05 12:01:51 UTC IP: 2001:db8:48::82b:7a18
-[2022-02-05 12:01:51.892][vaultwarden::api::core::two_factor::authenticator][ERROR] Invalid TOTP code! Server time: 2022-02-05 12:01:51 UTC IP: 2001:db8:48::82b:7a18
-[2022-02-05 12:01:51.892][vaultwarden::api::core::two_factor::authenticator][ERROR] Invalid TOTP code! Server time: 2022-02-05 12:01:51 UTC IP: 2001:db8:48::82b:7a18
-[2022-02-05 12:01:51.892][vaultwarden::api::core::two_factor::authenticator][ERROR] Invalid TOTP code! Server time: 2022-02-05 12:01:51 UTC IP: 2001:db8:48::82b:7a18
-[2022-02-05 12:01:51.892][vaultwarden::api::core::two_factor::authenticator][ERROR] Invalid TOTP code! Server time: 2022-02-05 12:01:51 UTC IP: 2001:db8:48::82b:7a18
\ No newline at end of file
+[2022-02-03 16:10:11.219][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: ::1. Username: test@example.com.
+[2022-02-03 16:10:15.993][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: ::1. Username: test@example.com.
+[2022-02-03 16:10:14.593][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: ::1. Username: test@example.com.
+[2022-02-03 16:10:30.702][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: ::1. Username: test@example.com.
+[2022-02-03 16:10:35.376][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: ::1. Username: test@example.com.
+[2022-02-03 16:10:36.810][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: ::1. Username: test@example.com.
+[2021-02-03 16:10:59.955][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: 192.168.1.1. Username: test@example.com.
+[2021-02-03 16:11:02.266][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: 192.168.1.1. Username: test@example.com.
+[2021-02-03 16:11:04.117][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: 192.168.1.1. Username: test@example.com.
+[2021-02-03 16:11:57.620][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: 192.168.1.1. Username: test@example.com.
+[2022-02-05 11:55:04.725][vaultwarden::api::admin][ERROR] Invalid admin token. IP: ::1
+[2022-02-05 11:55:04.725][vaultwarden::api::admin][ERROR] Invalid admin token. IP: ::1
+[2022-02-05 11:55:04.725][vaultwarden::api::admin][ERROR] Invalid admin token. IP: ::1
+[2022-02-05 11:55:04.725][vaultwarden::api::admin][ERROR] Invalid admin token. IP: ::1
+[2022-02-05 11:55:04.725][vaultwarden::api::admin][ERROR] Invalid admin token. IP: ::1
+[2022-02-05 11:55:04.725][vaultwarden::api::admin][ERROR] Invalid admin token. IP: ::1
+[2022-02-05 12:01:51.892][vaultwarden::api::core::two_factor::authenticator][ERROR] Invalid TOTP code! Server time: 2022-02-05 12:01:51 UTC IP: ::1
+[2022-02-05 12:01:51.892][vaultwarden::api::core::two_factor::authenticator][ERROR] Invalid TOTP code! Server time: 2022-02-05 12:01:51 UTC IP: ::1
+[2022-02-05 12:01:51.892][vaultwarden::api::core::two_factor::authenticator][ERROR] Invalid TOTP code! Server time: 2022-02-05 12:01:51 UTC IP: ::1
+[2022-02-05 12:01:51.892][vaultwarden::api::core::two_factor::authenticator][ERROR] Invalid TOTP code! Server time: 2022-02-05 12:01:51 UTC IP: ::1
+[2022-02-05 12:01:51.892][vaultwarden::api::core::two_factor::authenticator][ERROR] Invalid TOTP code! Server time: 2022-02-05 12:01:51 UTC IP: ::1
+[2022-02-05 12:01:51.892][vaultwarden::api::core::two_factor::authenticator][ERROR] Invalid TOTP code! Server time: 2022-02-05 12:01:51 UTC IP: ::1
+[2024-03-02 17:38:19.023-0700][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: 192.168.1.2. Username: blah@gmail.com.
+[2024-03-02 17:42:20.407-0700][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: 192.168.1.2. Username: blah@gmail.com.
+[2024-03-07 21:16:33.743-0700][vaultwarden::api::core::two_factor::authenticator][ERROR] Invalid TOTP code! Server time: 2024-03-08 04:16:33 UTC IP: 192.168.43.14
+[2024-03-07 21:19:30.450-0700][vaultwarden::api::admin][ERROR] Invalid admin token. IP: 192.168.41.1
\ No newline at end of file
diff --git a/parsers/s01-parse/Dominic-Wagner/vaultwarden-logs.yaml b/parsers/s01-parse/Dominic-Wagner/vaultwarden-logs.yaml
index a70faa10caa..a07991dfa65 100644
--- a/parsers/s01-parse/Dominic-Wagner/vaultwarden-logs.yaml
+++ b/parsers/s01-parse/Dominic-Wagner/vaultwarden-logs.yaml
@@ -6,7 +6,7 @@ pattern_syntax:
   DATE_YMD: "%{YEAR:year}-%{MONTHNUM:month}-%{MONTHDAY:day}"
 nodes:
   - grok:
-      pattern: '^\[%{DATE_YMD:date} %{TIME:time}\]\[vaultwarden::api::identity\]\[ERROR\] Username or password is incorrect\. Try again\. IP: %{IP:source_ip}\. Username: %{EMAILADDRESS:username}\.$'
+      pattern: '^\[%{TIMESTAMP_ISO8601:datetimestamp}\]\[vaultwarden::api::identity\]\[ERROR\] Username or password is incorrect\. Try again\. IP: %{IP:source_ip}\. Username: %{EMAILADDRESS:username}\.$'
       apply_on: message
       statics:
         - meta: log_type
@@ -14,13 +14,13 @@ nodes:
         - meta: username
           expression: evt.Parsed.username
   - grok:
-      pattern: '^\[%{DATE_YMD:date} %{TIME:time}\]\[vaultwarden::api::admin\]\[ERROR\] Invalid admin token. IP: %{IP:source_ip}'
+      pattern: '^\[%{TIMESTAMP_ISO8601:datetimestamp}\]\[vaultwarden::api::admin\]\[ERROR\] Invalid admin token. IP: %{IP:source_ip}'
       apply_on: message
       statics:
         - meta: log_type
           value: vaultwarden_failed_admin_auth
   - grok:
-      pattern: '^\[%{DATE_YMD:date} %{TIME:time}\]\[vaultwarden::api::core::two_factor::authenticator\]\[ERROR\] Invalid TOTP code! Server time: %{DATE_YMD:server_date} %{TIME:server_time} %{TZ:server_tz} IP: %{IP:source_ip}'
+      pattern: '^\[%{TIMESTAMP_ISO8601:datetimestamp}\]\[vaultwarden::api::core::two_factor::authenticator\]\[ERROR\] Invalid TOTP code! Server time: %{DATE_YMD:server_date} %{TIME:server_time} %{TZ:server_tz} IP: %{IP:source_ip}'
       apply_on: message
       statics:
         - meta: log_type
@@ -32,4 +32,4 @@ statics:
     - meta: source_ip
       expression: "evt.Parsed.source_ip"
     - target: evt.StrTime
-      expression: "evt.Parsed.date + ' ' + evt.Parsed.time"
+      expression: evt.Parsed.datetimestamp

From afe4ca6ef05639eee7d13e38a0104e645fd7885c Mon Sep 17 00:00:00 2001
From: Laurence <laurence.jones@live.co.uk>
Date: Fri, 20 Sep 2024 09:49:37 +0100
Subject: [PATCH 2/3] enhance: should fix tests and parsing

---
 .index.json                                      |  8 ++++++--
 .tests/vaultwarden-logs/parser.assert            | 16 ++++++++--------
 .../Dominic-Wagner/vaultwarden-logs.yaml         |  2 ++
 3 files changed, 16 insertions(+), 10 deletions(-)

diff --git a/.index.json b/.index.json
index 92377f269e0..01a8682cd31 100644
--- a/.index.json
+++ b/.index.json
@@ -5921,7 +5921,7 @@
   "Dominic-Wagner/vaultwarden-logs": {
    "path": "parsers/s01-parse/Dominic-Wagner/vaultwarden-logs.yaml",
    "stage": "s01-parse",
-   "version": "0.2",
+   "version": "0.3",
    "versions": {
     "0.1": {
      "digest": "016236c174143284ded1df7e2180c4271b9e7e2e949560aed17b32a00da8c0d6",
@@ -5930,10 +5930,14 @@
     "0.2": {
      "digest": "45d9d297c5f3901ebea3bcf7de08e339cbcd8259c35ed9f7773298514805d986",
      "deprecated": false
+    },
+    "0.3": {
+     "digest": "21acb65826b0c2abbfae088811a2c44078af4b52ea6bb97f75b40ad29abf328a",
+     "deprecated": false
     }
    },
    "long_description": "UGFyc2VyIGZvciBbVmF1bHR3YXJkZW5dKGh0dHBzOi8vZ2l0aHViLmNvbS9kYW5pLWdhcmNpYS92YXVsdHdhcmRlbikgTG9ncy4KCklmIHVzaW5nIExPR19GSUxFIGVudmlyb25tZW50IHZhcmlhYmxlOgpgYGB5YW1sCi0tLQpmaWxlbmFtZXM6CiAtIC92YXIvbG9nL3ZhdWx0d2FyZGVuLmxvZwpsYWJlbHM6CiAgdHlwZTogVmF1bHR3YXJkZW4KYGBgCklmIHJ1bm5pbmcgdmlhIHN5c3RlbWQ6CmBgYHlhbWwKLS0tCnNvdXJjZTogam91cm5hbGN0bApqb3VybmFsY3RsX2ZpbHRlcjoKICAtICJTWVNMT0dfSURFTlRJRkVSPVZhdWx0d2FyZGVuIgpsYWJlbHM6CiAgdHlwZTogVmF1bHR3YXJkZW4=",
-   "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogIlVwcGVyKGV2dC5QYXJzZWQucHJvZ3JhbSkgPT0gJ1ZBVUxUV0FSREVOJyIKbmFtZTogRG9taW5pYy1XYWduZXIvdmF1bHR3YXJkZW4tbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIHZhdWx0d2FyZGVuIGxvZ3MiCnBhdHRlcm5fc3ludGF4OgogIERBVEVfWU1EOiAiJXtZRUFSOnllYXJ9LSV7TU9OVEhOVU06bW9udGh9LSV7TU9OVEhEQVk6ZGF5fSIKbm9kZXM6CiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAnXlxbJXtUSU1FU1RBTVBfSVNPODYwMTpkYXRldGltZXN0YW1wfVxdXFt2YXVsdHdhcmRlbjo6YXBpOjppZGVudGl0eVxdXFtFUlJPUlxdIFVzZXJuYW1lIG9yIHBhc3N3b3JkIGlzIGluY29ycmVjdFwuIFRyeSBhZ2FpblwuIElQOiAle0lQOnNvdXJjZV9pcH1cLiBVc2VybmFtZTogJXtFTUFJTEFERFJFU1M6dXNlcm5hbWV9XC4kJwogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiB2YXVsdHdhcmRlbl9mYWlsZWRfYXV0aAogICAgICAgIC0gbWV0YTogdXNlcm5hbWUKICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQudXNlcm5hbWUKICAtIGdyb2s6CiAgICAgIHBhdHRlcm46ICdeXFsle1RJTUVTVEFNUF9JU084NjAxOmRhdGV0aW1lc3RhbXB9XF1cW3ZhdWx0d2FyZGVuOjphcGk6OmFkbWluXF1cW0VSUk9SXF0gSW52YWxpZCBhZG1pbiB0b2tlbi4gSVA6ICV7SVA6c291cmNlX2lwfScKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogdmF1bHR3YXJkZW5fZmFpbGVkX2FkbWluX2F1dGgKICAtIGdyb2s6CiAgICAgIHBhdHRlcm46ICdeXFsle1RJTUVTVEFNUF9JU084NjAxOmRhdGV0aW1lc3RhbXB9XF1cW3ZhdWx0d2FyZGVuOjphcGk6OmNvcmU6OnR3b19mYWN0b3I6OmF1dGhlbnRpY2F0b3JcXVxbRVJST1JcXSBJbnZhbGlkIFRPVFAgY29kZSEgU2VydmVyIHRpbWU6ICV7REFURV9ZTUQ6c2VydmVyX2RhdGV9ICV7VElNRTpzZXJ2ZXJfdGltZX0gJXtUWjpzZXJ2ZXJfdHp9IElQOiAle0lQOnNvdXJjZV9pcH0nCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IHZhdWx0d2FyZGVuX2ZhaWxlZF90b3RwCgpzdGF0aWNzOgogICAgLSBtZXRhOiBzZXJ2aWNlCiAgICAgIHZhbHVlOiB2YXVsdHdhcmRlbgogICAgLSBtZXRhOiBzb3VyY2VfaXAKICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc291cmNlX2lwIgogICAgLSB0YXJnZXQ6IGV2dC5TdHJUaW1lCiAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQuZGF0ZXRpbWVzdGFtcAo=",
+   "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogIlVwcGVyKGV2dC5QYXJzZWQucHJvZ3JhbSkgPT0gJ1ZBVUxUV0FSREVOJyIKbmFtZTogRG9taW5pYy1XYWduZXIvdmF1bHR3YXJkZW4tbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIHZhdWx0d2FyZGVuIGxvZ3MiCnBhdHRlcm5fc3ludGF4OgogIERBVEVfWU1EOiAiJXtZRUFSOnllYXJ9LSV7TU9OVEhOVU06bW9udGh9LSV7TU9OVEhEQVk6ZGF5fSIKbm9kZXM6CiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAnXlxbJXtUSU1FU1RBTVBfSVNPODYwMTpkYXRldGltZXN0YW1wfVxdXFt2YXVsdHdhcmRlbjo6YXBpOjppZGVudGl0eVxdXFtFUlJPUlxdIFVzZXJuYW1lIG9yIHBhc3N3b3JkIGlzIGluY29ycmVjdFwuIFRyeSBhZ2FpblwuIElQOiAle0lQOnNvdXJjZV9pcH1cLiBVc2VybmFtZTogJXtFTUFJTEFERFJFU1M6dXNlcm5hbWV9XC4kJwogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiB2YXVsdHdhcmRlbl9mYWlsZWRfYXV0aAogICAgICAgIC0gbWV0YTogdXNlcm5hbWUKICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQudXNlcm5hbWUKICAtIGdyb2s6CiAgICAgIHBhdHRlcm46ICdeXFsle1RJTUVTVEFNUF9JU084NjAxOmRhdGV0aW1lc3RhbXB9XF1cW3ZhdWx0d2FyZGVuOjphcGk6OmFkbWluXF1cW0VSUk9SXF0gSW52YWxpZCBhZG1pbiB0b2tlbi4gSVA6ICV7SVA6c291cmNlX2lwfScKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogdmF1bHR3YXJkZW5fZmFpbGVkX2FkbWluX2F1dGgKICAtIGdyb2s6CiAgICAgIHBhdHRlcm46ICdeXFsle1RJTUVTVEFNUF9JU084NjAxOmRhdGV0aW1lc3RhbXB9XF1cW3ZhdWx0d2FyZGVuOjphcGk6OmNvcmU6OnR3b19mYWN0b3I6OmF1dGhlbnRpY2F0b3JcXVxbRVJST1JcXSBJbnZhbGlkIFRPVFAgY29kZSEgU2VydmVyIHRpbWU6ICV7REFURV9ZTUQ6c2VydmVyX2RhdGV9ICV7VElNRTpzZXJ2ZXJfdGltZX0gJXtUWjpzZXJ2ZXJfdHp9IElQOiAle0lQOnNvdXJjZV9pcH0nCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IHZhdWx0d2FyZGVuX2ZhaWxlZF90b3RwCgpzdGF0aWNzOgogICAgLSBtZXRhOiBzZXJ2aWNlCiAgICAgIHZhbHVlOiB2YXVsdHdhcmRlbgogICAgLSBtZXRhOiBzb3VyY2VfaXAKICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc291cmNlX2lwIgogICAgLSB0YXJnZXQ6IGV2dC5TdHJUaW1lRm9ybWF0CiAgICAgIHZhbHVlOiAiMjAwNi0wMS0wMiAxNTowNDowNS4wMDAtMDcwMCIKICAgIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLmRhdGV0aW1lc3RhbXAK",
    "description": "Parse vaultwarden logs",
    "author": "Dominic-Wagner",
    "labels": null
diff --git a/.tests/vaultwarden-logs/parser.assert b/.tests/vaultwarden-logs/parser.assert
index ed22dabc87d..998bd03b3ff 100644
--- a/.tests/vaultwarden-logs/parser.assert
+++ b/.tests/vaultwarden-logs/parser.assert
@@ -890,9 +890,9 @@ results["s02-enrich"]["crowdsecurity/dateparse-enrich"][22].Evt.Meta["datasource
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][22].Evt.Meta["log_type"] == "vaultwarden_failed_auth"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][22].Evt.Meta["service"] == "vaultwarden"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][22].Evt.Meta["source_ip"] == "192.168.1.2"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][22].Evt.Meta["timestamp"] == "2024-09-18T10:30:09.900629277Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][22].Evt.Meta["timestamp"] == "2024-03-02T17:38:19.023-07:00"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][22].Evt.Meta["username"] == "blah@gmail.com"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][22].Evt.Enriched["MarshaledTime"] == "2024-09-18T10:30:09.900629277Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][22].Evt.Enriched["MarshaledTime"] == "2024-03-02T17:38:19.023-07:00"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][22].Evt.Whitelisted == false
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][23].Success == true
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][23].Evt.Parsed["datetimestamp"] == "2024-03-02 17:42:20.407-0700"
@@ -905,9 +905,9 @@ results["s02-enrich"]["crowdsecurity/dateparse-enrich"][23].Evt.Meta["datasource
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][23].Evt.Meta["log_type"] == "vaultwarden_failed_auth"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][23].Evt.Meta["service"] == "vaultwarden"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][23].Evt.Meta["source_ip"] == "192.168.1.2"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][23].Evt.Meta["timestamp"] == "2024-09-18T10:30:09.900739626Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][23].Evt.Meta["timestamp"] == "2024-03-02T17:42:20.407-07:00"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][23].Evt.Meta["username"] == "blah@gmail.com"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][23].Evt.Enriched["MarshaledTime"] == "2024-09-18T10:30:09.900739626Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][23].Evt.Enriched["MarshaledTime"] == "2024-03-02T17:42:20.407-07:00"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][23].Evt.Whitelisted == false
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][24].Success == true
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][24].Evt.Parsed["datetimestamp"] == "2024-03-07 21:16:33.743-0700"
@@ -925,8 +925,8 @@ results["s02-enrich"]["crowdsecurity/dateparse-enrich"][24].Evt.Meta["datasource
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][24].Evt.Meta["log_type"] == "vaultwarden_failed_totp"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][24].Evt.Meta["service"] == "vaultwarden"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][24].Evt.Meta["source_ip"] == "192.168.43.14"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][24].Evt.Meta["timestamp"] == "2024-09-18T10:30:09.900881226Z"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][24].Evt.Enriched["MarshaledTime"] == "2024-09-18T10:30:09.900881226Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][24].Evt.Meta["timestamp"] == "2024-03-07T21:16:33.743-07:00"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][24].Evt.Enriched["MarshaledTime"] == "2024-03-07T21:16:33.743-07:00"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][24].Evt.Whitelisted == false
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][25].Success == true
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][25].Evt.Parsed["datetimestamp"] == "2024-03-07 21:19:30.450-0700"
@@ -938,7 +938,7 @@ results["s02-enrich"]["crowdsecurity/dateparse-enrich"][25].Evt.Meta["datasource
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][25].Evt.Meta["log_type"] == "vaultwarden_failed_admin_auth"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][25].Evt.Meta["service"] == "vaultwarden"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][25].Evt.Meta["source_ip"] == "192.168.41.1"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][25].Evt.Meta["timestamp"] == "2024-09-18T10:30:09.900998594Z"
-results["s02-enrich"]["crowdsecurity/dateparse-enrich"][25].Evt.Enriched["MarshaledTime"] == "2024-09-18T10:30:09.900998594Z"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][25].Evt.Meta["timestamp"] == "2024-03-07T21:19:30.45-07:00"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][25].Evt.Enriched["MarshaledTime"] == "2024-03-07T21:19:30.45-07:00"
 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][25].Evt.Whitelisted == false
 len(results["success"][""]) == 0
diff --git a/parsers/s01-parse/Dominic-Wagner/vaultwarden-logs.yaml b/parsers/s01-parse/Dominic-Wagner/vaultwarden-logs.yaml
index a07991dfa65..f44bdb4080a 100644
--- a/parsers/s01-parse/Dominic-Wagner/vaultwarden-logs.yaml
+++ b/parsers/s01-parse/Dominic-Wagner/vaultwarden-logs.yaml
@@ -31,5 +31,7 @@ statics:
       value: vaultwarden
     - meta: source_ip
       expression: "evt.Parsed.source_ip"
+    - target: evt.StrTimeFormat
+      value: "2006-01-02 15:04:05.000-0700"
     - target: evt.StrTime
       expression: evt.Parsed.datetimestamp

From fc229ac8b59c4b5c6ca89c33d14aaf4956683dda Mon Sep 17 00:00:00 2001
From: Laurence <laurence.jones@live.co.uk>
Date: Fri, 20 Sep 2024 10:00:39 +0100
Subject: [PATCH 3/3] enhance: update readme to describe how to fix timestamp
 issues

---
 .index.json                                          | 4 ++--
 collections/Dominic-Wagner/vaultwarden.md            | 4 ++++
 parsers/s01-parse/Dominic-Wagner/vaultwarden-logs.md | 7 ++++++-
 3 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/.index.json b/.index.json
index 01a8682cd31..b2654391d3e 100644
--- a/.index.json
+++ b/.index.json
@@ -2465,7 +2465,7 @@
      "deprecated": false
     }
    },
-   "long_description": "QSBjb2xsZWN0aW9uIHRvIGRlZmVuZCBbVmF1bHR3YXJkZW5dKGh0dHBzOi8vZ2l0aHViLmNvbS9kYW5pLWdhcmNpYS92YXVsdHdhcmRlbikgaW5zdGFuY2UgYWdhaW5zdCBjb21tb24gYXR0YWNrcyA6CiAtIFZhdWx0d2FyZGVuIHBhcnNlcgogLSBWYXVsdHdhcmRlbiBicnV0ZWZvcmNlICYgZW51bWVyYXRpb24gZGV0ZWN0aW9uCgojIyBBY3F1aXNpdGlvbiB0ZW1wbGF0ZQoKRXhhbXBsZSBhY3F1aXNpdGlvbiBmb3IgdGhpcyBjb2xsZWN0aW9uIDoKCklmIHVzaW5nIExPR19GSUxFIGVudmlyb25tZW50IHZhcmlhYmxlOgpgYGB5YW1sCi0tLQpmaWxlbmFtZXM6CiAtIC92YXIvbG9nL3ZhdWx0d2FyZGVuLmxvZwpsYWJlbHM6CiAgdHlwZTogVmF1bHR3YXJkZW4KYGBgCklmIHJ1bm5pbmcgdmlhIHN5c3RlbWQ6CmBgYHlhbWwKLS0tCnNvdXJjZTogam91cm5hbGN0bApqb3VybmFsY3RsX2ZpbHRlcjoKICAtICJTWVNMT0dfSURFTlRJRkVSPVZhdWx0d2FyZGVuIgpsYWJlbHM6CiAgdHlwZTogVmF1bHR3YXJkZW4KYGBgCg==",
+   "long_description": "QSBjb2xsZWN0aW9uIHRvIGRlZmVuZCBbVmF1bHR3YXJkZW5dKGh0dHBzOi8vZ2l0aHViLmNvbS9kYW5pLWdhcmNpYS92YXVsdHdhcmRlbikgaW5zdGFuY2UgYWdhaW5zdCBjb21tb24gYXR0YWNrcyA6CiAtIFZhdWx0d2FyZGVuIHBhcnNlcgogLSBWYXVsdHdhcmRlbiBicnV0ZWZvcmNlICYgZW51bWVyYXRpb24gZGV0ZWN0aW9uCgojIyBBY3F1aXNpdGlvbiB0ZW1wbGF0ZQoKRXhhbXBsZSBhY3F1aXNpdGlvbiBmb3IgdGhpcyBjb2xsZWN0aW9uIDoKCklmIHVzaW5nIExPR19GSUxFIGVudmlyb25tZW50IHZhcmlhYmxlOgpgYGB5YW1sCi0tLQpmaWxlbmFtZXM6CiAtIC92YXIvbG9nL3ZhdWx0d2FyZGVuLmxvZwpsYWJlbHM6CiAgdHlwZTogVmF1bHR3YXJkZW4KYGBgCklmIHJ1bm5pbmcgdmlhIHN5c3RlbWQ6CmBgYHlhbWwKLS0tCnNvdXJjZTogam91cm5hbGN0bApqb3VybmFsY3RsX2ZpbHRlcjoKICAtICJTWVNMT0dfSURFTlRJRkVSPVZhdWx0d2FyZGVuIgpsYWJlbHM6CiAgdHlwZTogVmF1bHR3YXJkZW4KYGBgCgojIyBUaW1lc3RhbXAgaXNzdWVzCgpJbiB0aGUgZGVmYXVsdCBjb25maWd1cmF0aW9uIG9mIGB2YXVsdHdhcmRlbmAgbG9ncywgdGhlIHRpbWVzdGFtcCB1c2VzIHN5c3RlbSBsb2NhbCB0aW1lLiBUaGlzIG1lYW5zIHRoYXQgZGV0ZWN0aW9uIG1heSBub3Qgd29yayBhcyBleHBlY3RlZCBhcyBDcm93ZFNlYyB1c2VzIFVUQyB0aW1lLiBUbyBmaXggdGhpcywgeW91IGNhbiBjb25maWd1cmUgYHZhdWx0d2FyZGVuYCB0byBsb2cgdGhlIG9mZnNldCBmcm9tIFVUQyB0aW1lLiBUbyBkbyB0aGlzLCBoZWFkIG92ZXIgdG8gYFZhdWx0d2FyZGVuIEFkbWluIFBhbmVsIC0+IEFkdmFuY2VkIFNldHRpbmdzIC0+IExvZyB0aW1lc3RhbXAgZm9ybWF0YCBhbmQgY2hhbmdlIGZvcm1hdCB0byBgJVktJW0tJWQgJUg6JU06JVMuJTNmJXpgLgo=",
    "content": "cGFyc2VyczoKICAtIERvbWluaWMtV2FnbmVyL3ZhdWx0d2FyZGVuLWxvZ3MKc2NlbmFyaW9zOgogIC0gRG9taW5pYy1XYWduZXIvdmF1bHR3YXJkZW4tYmYKZGVzY3JpcHRpb246ICJWYXVsdHdhcmRlbiBzdXBwb3J0IDogcGFyc2VyIGFuZCBicnV0ZS1mb3JjZSBkZXRlY3Rpb24iCmF1dGhvcjogRG9taW5pYy1XYWduZXIKdGFnczoKICAtIGxpbnV4CiAgLSBicnV0ZS1mb3JjZQogIC0gdmF1bHR3YXJkZW4K",
    "description": "Vaultwarden support : parser and brute-force detection",
    "author": "Dominic-Wagner",
@@ -5936,7 +5936,7 @@
      "deprecated": false
     }
    },
-   "long_description": "UGFyc2VyIGZvciBbVmF1bHR3YXJkZW5dKGh0dHBzOi8vZ2l0aHViLmNvbS9kYW5pLWdhcmNpYS92YXVsdHdhcmRlbikgTG9ncy4KCklmIHVzaW5nIExPR19GSUxFIGVudmlyb25tZW50IHZhcmlhYmxlOgpgYGB5YW1sCi0tLQpmaWxlbmFtZXM6CiAtIC92YXIvbG9nL3ZhdWx0d2FyZGVuLmxvZwpsYWJlbHM6CiAgdHlwZTogVmF1bHR3YXJkZW4KYGBgCklmIHJ1bm5pbmcgdmlhIHN5c3RlbWQ6CmBgYHlhbWwKLS0tCnNvdXJjZTogam91cm5hbGN0bApqb3VybmFsY3RsX2ZpbHRlcjoKICAtICJTWVNMT0dfSURFTlRJRkVSPVZhdWx0d2FyZGVuIgpsYWJlbHM6CiAgdHlwZTogVmF1bHR3YXJkZW4=",
+   "long_description": "UGFyc2VyIGZvciBbVmF1bHR3YXJkZW5dKGh0dHBzOi8vZ2l0aHViLmNvbS9kYW5pLWdhcmNpYS92YXVsdHdhcmRlbikgTG9ncy4KCklmIHVzaW5nIExPR19GSUxFIGVudmlyb25tZW50IHZhcmlhYmxlOgpgYGB5YW1sCi0tLQpmaWxlbmFtZXM6CiAtIC92YXIvbG9nL3ZhdWx0d2FyZGVuLmxvZwpsYWJlbHM6CiAgdHlwZTogVmF1bHR3YXJkZW4KYGBgCklmIHJ1bm5pbmcgdmlhIHN5c3RlbWQ6CmBgYHlhbWwKLS0tCnNvdXJjZTogam91cm5hbGN0bApqb3VybmFsY3RsX2ZpbHRlcjoKICAtICJTWVNMT0dfSURFTlRJRkVSPVZhdWx0d2FyZGVuIgpsYWJlbHM6CiAgdHlwZTogVmF1bHR3YXJkZW4KYGBgCgojIyBUaW1lc3RhbXAgaXNzdWVzCgpJbiB0aGUgZGVmYXVsdCBjb25maWd1cmF0aW9uIG9mIGB2YXVsdHdhcmRlbmAgbG9ncywgdGhlIHRpbWVzdGFtcCB1c2VzIHN5c3RlbSBsb2NhbCB0aW1lLiBUaGlzIG1lYW5zIHRoYXQgZGV0ZWN0aW9uIG1heSBub3Qgd29yayBhcyBleHBlY3RlZCBhcyBDcm93ZFNlYyB1c2VzIFVUQyB0aW1lLiBUbyBmaXggdGhpcywgeW91IGNhbiBjb25maWd1cmUgYHZhdWx0d2FyZGVuYCB0byBsb2cgdGhlIG9mZnNldCBmcm9tIFVUQyB0aW1lLiBUbyBkbyB0aGlzLCBoZWFkIG92ZXIgdG8gYFZhdWx0d2FyZGVuIEFkbWluIFBhbmVsIC0+IEFkdmFuY2VkIFNldHRpbmdzIC0+IExvZyB0aW1lc3RhbXAgZm9ybWF0YCBhbmQgY2hhbmdlIGZvcm1hdCB0byBgJVktJW0tJWQgJUg6JU06JVMuJTNmJXpgLgo=",
    "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogIlVwcGVyKGV2dC5QYXJzZWQucHJvZ3JhbSkgPT0gJ1ZBVUxUV0FSREVOJyIKbmFtZTogRG9taW5pYy1XYWduZXIvdmF1bHR3YXJkZW4tbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIHZhdWx0d2FyZGVuIGxvZ3MiCnBhdHRlcm5fc3ludGF4OgogIERBVEVfWU1EOiAiJXtZRUFSOnllYXJ9LSV7TU9OVEhOVU06bW9udGh9LSV7TU9OVEhEQVk6ZGF5fSIKbm9kZXM6CiAgLSBncm9rOgogICAgICBwYXR0ZXJuOiAnXlxbJXtUSU1FU1RBTVBfSVNPODYwMTpkYXRldGltZXN0YW1wfVxdXFt2YXVsdHdhcmRlbjo6YXBpOjppZGVudGl0eVxdXFtFUlJPUlxdIFVzZXJuYW1lIG9yIHBhc3N3b3JkIGlzIGluY29ycmVjdFwuIFRyeSBhZ2FpblwuIElQOiAle0lQOnNvdXJjZV9pcH1cLiBVc2VybmFtZTogJXtFTUFJTEFERFJFU1M6dXNlcm5hbWV9XC4kJwogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiB2YXVsdHdhcmRlbl9mYWlsZWRfYXV0aAogICAgICAgIC0gbWV0YTogdXNlcm5hbWUKICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQudXNlcm5hbWUKICAtIGdyb2s6CiAgICAgIHBhdHRlcm46ICdeXFsle1RJTUVTVEFNUF9JU084NjAxOmRhdGV0aW1lc3RhbXB9XF1cW3ZhdWx0d2FyZGVuOjphcGk6OmFkbWluXF1cW0VSUk9SXF0gSW52YWxpZCBhZG1pbiB0b2tlbi4gSVA6ICV7SVA6c291cmNlX2lwfScKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogdmF1bHR3YXJkZW5fZmFpbGVkX2FkbWluX2F1dGgKICAtIGdyb2s6CiAgICAgIHBhdHRlcm46ICdeXFsle1RJTUVTVEFNUF9JU084NjAxOmRhdGV0aW1lc3RhbXB9XF1cW3ZhdWx0d2FyZGVuOjphcGk6OmNvcmU6OnR3b19mYWN0b3I6OmF1dGhlbnRpY2F0b3JcXVxbRVJST1JcXSBJbnZhbGlkIFRPVFAgY29kZSEgU2VydmVyIHRpbWU6ICV7REFURV9ZTUQ6c2VydmVyX2RhdGV9ICV7VElNRTpzZXJ2ZXJfdGltZX0gJXtUWjpzZXJ2ZXJfdHp9IElQOiAle0lQOnNvdXJjZV9pcH0nCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IHZhdWx0d2FyZGVuX2ZhaWxlZF90b3RwCgpzdGF0aWNzOgogICAgLSBtZXRhOiBzZXJ2aWNlCiAgICAgIHZhbHVlOiB2YXVsdHdhcmRlbgogICAgLSBtZXRhOiBzb3VyY2VfaXAKICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc291cmNlX2lwIgogICAgLSB0YXJnZXQ6IGV2dC5TdHJUaW1lRm9ybWF0CiAgICAgIHZhbHVlOiAiMjAwNi0wMS0wMiAxNTowNDowNS4wMDAtMDcwMCIKICAgIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLmRhdGV0aW1lc3RhbXAK",
    "description": "Parse vaultwarden logs",
    "author": "Dominic-Wagner",
diff --git a/collections/Dominic-Wagner/vaultwarden.md b/collections/Dominic-Wagner/vaultwarden.md
index 7fc6548bab0..75e23415ffc 100644
--- a/collections/Dominic-Wagner/vaultwarden.md
+++ b/collections/Dominic-Wagner/vaultwarden.md
@@ -23,3 +23,7 @@ journalctl_filter:
 labels:
   type: Vaultwarden
 ```
+
+## Timestamp issues
+
+In the default configuration of `vaultwarden` logs, the timestamp uses system local time. This means that detection may not work as expected as CrowdSec uses UTC time. To fix this, you can configure `vaultwarden` to log the offset from UTC time. To do this, head over to `Vaultwarden Admin Panel -> Advanced Settings -> Log timestamp format` and change format to `%Y-%m-%d %H:%M:%S.%3f%z`.
diff --git a/parsers/s01-parse/Dominic-Wagner/vaultwarden-logs.md b/parsers/s01-parse/Dominic-Wagner/vaultwarden-logs.md
index 9c24d1a1800..c5033257934 100644
--- a/parsers/s01-parse/Dominic-Wagner/vaultwarden-logs.md
+++ b/parsers/s01-parse/Dominic-Wagner/vaultwarden-logs.md
@@ -15,4 +15,9 @@ source: journalctl
 journalctl_filter:
   - "SYSLOG_IDENTIFER=Vaultwarden"
 labels:
-  type: Vaultwarden
\ No newline at end of file
+  type: Vaultwarden
+```
+
+## Timestamp issues
+
+In the default configuration of `vaultwarden` logs, the timestamp uses system local time. This means that detection may not work as expected as CrowdSec uses UTC time. To fix this, you can configure `vaultwarden` to log the offset from UTC time. To do this, head over to `Vaultwarden Admin Panel -> Advanced Settings -> Log timestamp format` and change format to `%Y-%m-%d %H:%M:%S.%3f%z`.