diff --git a/config/filter.d/bitwarden.conf b/config/filter.d/bitwarden.conf
new file mode 100644
index 00000000..29bd4be8
--- /dev/null
+++ b/config/filter.d/bitwarden.conf
@@ -0,0 +1,6 @@
+# Fail2Ban filter for Bitwarden
+# Detecting failed login attempts
+# Logged in bwdata/logs/identity/Identity/log.txt
+
+[Definition]
+failregex = ^\s*\[WRN\]\s+Failed login attempt(?:, 2FA invalid)?\. <HOST>$
diff --git a/config/jail.conf b/config/jail.conf
index b39b3a6c..41495a09 100644
--- a/config/jail.conf
+++ b/config/jail.conf
@@ -821,6 +821,10 @@ udpport = 1200,27000,27001,27002,27003,27004,27005,27006,27007,27008,27009,27010
 action  = %(banaction)s[name=%(__name__)s-tcp, port="%(tcpport)s", protocol="tcp", chain="%(chain)s", actname=%(banaction)s-tcp]
            %(banaction)s[name=%(__name__)s-udp, port="%(udpport)s", protocol="udp", chain="%(chain)s", actname=%(banaction)s-udp]
 
+[bitwarden]
+port    = http,https
+logpath = /home/*/bwdata/logs/identity/Identity/log.txt
+
 [centreon]
 port    = http,https
 logpath = /var/log/centreon/login.log
diff --git a/fail2ban/tests/files/logs/bitwarden b/fail2ban/tests/files/logs/bitwarden
new file mode 100644
index 00000000..3642b3bf
--- /dev/null
+++ b/fail2ban/tests/files/logs/bitwarden
@@ -0,0 +1,5 @@
+# failJSON: { "time": "2019-11-25T18:04:49", "match": true , "host": "192.168.0.16" }
+2019-11-26 01:04:49.008 +08:00 [WRN] Failed login attempt. 192.168.0.16
+
+# failJSON: { "time": "2019-11-25T21:39:58", "match": true , "host": "192.168.0.21" }
+2019-11-25 21:39:58.464 +01:00 [WRN] Failed login attempt, 2FA invalid. 192.168.0.21