diff --git a/config/filter.d/bitwarden.conf b/config/filter.d/bitwarden.conf
index 4a836cbb..b0651c8e 100644
--- a/config/filter.d/bitwarden.conf
+++ b/config/filter.d/bitwarden.conf
@@ -6,7 +6,8 @@
 before = common.conf
 
 [Definition]
-failregex = ^%(__prefix_line)s\s*\[[^\s]+\]\s+Failed login attempt(?:, 2FA invalid)?\. <HOST>$
+_daemon = Bitwarden-Identity
+failregex = ^%(__prefix_line)s\s*\[(?:W(?:RN|arning)|Bit\.Core\.[^\]]+)\]\s+Failed login attempt(?:, 2FA invalid)?\. <ADDR>$
 
 # DEV Notes:
 # __prefix_line can result to an empty string, so it can support syslog and non-syslog at once.
diff --git a/fail2ban/tests/files/logs/bitwarden b/fail2ban/tests/files/logs/bitwarden
index 27a22854..0fede6c6 100644
--- a/fail2ban/tests/files/logs/bitwarden
+++ b/fail2ban/tests/files/logs/bitwarden
@@ -1,6 +1,9 @@
 # failJSON: { "time": "2019-11-25T18:04:49", "match": true , "host": "192.168.0.16" }
 2019-11-26 01:04:49.008 +08:00 [WRN] Failed login attempt. 192.168.0.16
 
+# failJSON: { "time": "2019-11-25T21:39:58", "match": true , "host": "192.168.0.21" }
+2019-11-25 21:39:58.464 +01:00 [WRN] Failed login attempt, 2FA invalid. 192.168.0.21
+
 # failJSON: { "time": "2019-11-25T21:39:58", "match": true , "host": "192.168.0.21" }
 2019-11-25 21:39:58.464 +01:00 [Warning] Failed login attempt, 2FA invalid. 192.168.0.21