there is a event log , detecting “Login attempt failed with incorrect two-step login”
https://bitwarden.com/help/article/event-logs/
Login attempt failed with incorrect two-step login. (1006)
and , there is a API to getting eventlog ,
https://bitwarden.com/help/article/event-logs/#api-responses
so, by using log management solution like, splunk,sumologic,elk, you can detect and alert abnormal login attempts.
self hosted
I care about cloud hosted user.