Skip to content

Commit

Permalink
[ECS][Filebeat] Gsuite/Google Workspace ECS 1.8 (elastic#23709)
Browse files Browse the repository at this point in the history
* Add new ECS user and categories features to google_workspace/gsuite

* Update CHANGELOG.next.asciidoc

Co-authored-by: Adrian Serrano <adrisr83@gmail.com>

Co-authored-by: Adrian Serrano <adrisr83@gmail.com>
  • Loading branch information
marc-gr and adriansr authored Feb 4, 2021
1 parent d1f1983 commit 5dcbfa6
Show file tree
Hide file tree
Showing 59 changed files with 4,001 additions and 817 deletions.
2 changes: 1 addition & 1 deletion CHANGELOG.next.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -836,6 +836,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
- Added `application/x-www-form-urlencoded` as encode option for httpjson input {pull}23521[23521]
- Added RFC6587 framing option for tcp and unix inputs {issue}23663[23663] {pull}23724[23724]
- Upgrade Cisco ASA/FTD/Umbrella to ECS 1.8.0. {pull}23819[23819]
- Add new ECS user and categories features to google_workspace/gsuite {issue}23118[23118] {pull}23709[23709]

*Heartbeat*

Expand Down Expand Up @@ -1045,4 +1046,3 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
*Journalbeat*



11 changes: 11 additions & 0 deletions x-pack/filebeat/module/google_workspace/admin/config/pipeline.js
Original file line number Diff line number Diff line change
Expand Up @@ -422,6 +422,17 @@ var login = (function () {
}

evt.AppendTo("related.user", data[0]);
evt.Put("user.target.name", data[0]);
evt.Put("user.target.domain", data[1]);
evt.Put("user.target.email", email);
var groupName = evt.Get("group.name");
if (groupName) {
evt.Put("user.target.group.name", groupName);
}
var groupDomain = evt.Get("group.domain");
if (groupDomain) {
evt.Put("user.target.group.domain", groupDomain);
}
};

var setEventDuration = function(evt) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,10 @@
"source.user.name": "foo",
"tags": [
"forwarded"
]
],
"user.domain": "bar.com",
"user.id": "1",
"user.name": "foo"
},
{
"@timestamp": "2020-10-02T15:00:00.000Z",
Expand Down Expand Up @@ -112,7 +115,10 @@
"source.user.name": "foo",
"tags": [
"forwarded"
]
],
"user.domain": "bar.com",
"user.id": "1",
"user.name": "foo"
},
{
"@timestamp": "2020-10-02T15:00:00.000Z",
Expand Down Expand Up @@ -169,7 +175,10 @@
"source.user.name": "foo",
"tags": [
"forwarded"
]
],
"user.domain": "bar.com",
"user.id": "1",
"user.name": "foo"
},
{
"@timestamp": "2020-10-02T15:00:00.000Z",
Expand Down Expand Up @@ -224,7 +233,10 @@
"source.user.name": "foo",
"tags": [
"forwarded"
]
],
"user.domain": "bar.com",
"user.id": "1",
"user.name": "foo"
},
{
"@timestamp": "2020-10-02T15:00:00.000Z",
Expand Down Expand Up @@ -275,7 +287,10 @@
"source.user.name": "foo",
"tags": [
"forwarded"
]
],
"user.domain": "bar.com",
"user.id": "1",
"user.name": "foo"
},
{
"@timestamp": "2020-10-02T15:00:00.000Z",
Expand Down Expand Up @@ -325,7 +340,10 @@
"source.user.name": "foo",
"tags": [
"forwarded"
]
],
"user.domain": "bar.com",
"user.id": "1",
"user.name": "foo"
},
{
"@timestamp": "2020-10-02T15:00:00.000Z",
Expand Down Expand Up @@ -375,7 +393,10 @@
"source.user.name": "foo",
"tags": [
"forwarded"
]
],
"user.domain": "bar.com",
"user.id": "1",
"user.name": "foo"
},
{
"@timestamp": "2020-10-02T15:00:00.000Z",
Expand Down Expand Up @@ -426,7 +447,10 @@
"source.user.name": "foo",
"tags": [
"forwarded"
]
],
"user.domain": "bar.com",
"user.id": "1",
"user.name": "foo"
},
{
"@timestamp": "2020-10-02T15:00:00.000Z",
Expand Down Expand Up @@ -476,6 +500,9 @@
"source.user.name": "foo",
"tags": [
"forwarded"
]
],
"user.domain": "bar.com",
"user.id": "1",
"user.name": "foo"
}
]
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,10 @@
"source.user.name": "foo",
"tags": [
"forwarded"
]
],
"user.domain": "bar.com",
"user.id": "1",
"user.name": "foo"
},
{
"@timestamp": "2020-10-02T15:00:00.000Z",
Expand Down Expand Up @@ -97,7 +100,10 @@
"source.user.name": "foo",
"tags": [
"forwarded"
]
],
"user.domain": "bar.com",
"user.id": "1",
"user.name": "foo"
},
{
"@timestamp": "2020-10-02T15:00:00.000Z",
Expand Down Expand Up @@ -150,7 +156,10 @@
"source.user.name": "foo",
"tags": [
"forwarded"
]
],
"user.domain": "bar.com",
"user.id": "1",
"user.name": "foo"
},
{
"@timestamp": "2020-10-02T15:00:00.000Z",
Expand Down Expand Up @@ -200,7 +209,10 @@
"source.user.name": "foo",
"tags": [
"forwarded"
]
],
"user.domain": "bar.com",
"user.id": "1",
"user.name": "foo"
},
{
"@timestamp": "2020-10-02T15:00:00.000Z",
Expand Down Expand Up @@ -250,7 +262,10 @@
"source.user.name": "foo",
"tags": [
"forwarded"
]
],
"user.domain": "bar.com",
"user.id": "1",
"user.name": "foo"
},
{
"@timestamp": "2020-10-02T15:00:00.000Z",
Expand Down Expand Up @@ -300,7 +315,10 @@
"source.user.name": "foo",
"tags": [
"forwarded"
]
],
"user.domain": "bar.com",
"user.id": "1",
"user.name": "foo"
},
{
"@timestamp": "2020-10-02T15:00:00.000Z",
Expand Down Expand Up @@ -350,7 +368,10 @@
"source.user.name": "foo",
"tags": [
"forwarded"
]
],
"user.domain": "bar.com",
"user.id": "1",
"user.name": "foo"
},
{
"@timestamp": "2020-10-02T15:00:00.000Z",
Expand Down Expand Up @@ -404,7 +425,10 @@
"source.user.name": "foo",
"tags": [
"forwarded"
]
],
"user.domain": "bar.com",
"user.id": "1",
"user.name": "foo"
},
{
"@timestamp": "2020-10-02T15:00:00.000Z",
Expand Down Expand Up @@ -455,7 +479,10 @@
"source.user.name": "foo",
"tags": [
"forwarded"
]
],
"user.domain": "bar.com",
"user.id": "1",
"user.name": "foo"
},
{
"@timestamp": "2020-10-02T15:00:00.000Z",
Expand Down Expand Up @@ -508,7 +535,10 @@
"source.user.name": "foo",
"tags": [
"forwarded"
]
],
"user.domain": "bar.com",
"user.id": "1",
"user.name": "foo"
},
{
"@timestamp": "2020-10-02T15:00:00.000Z",
Expand Down Expand Up @@ -565,7 +595,10 @@
"source.user.name": "foo",
"tags": [
"forwarded"
]
],
"user.domain": "bar.com",
"user.id": "1",
"user.name": "foo"
},
{
"@timestamp": "2020-10-02T15:00:00.000Z",
Expand Down Expand Up @@ -615,7 +648,13 @@
"source.user.name": "foo",
"tags": [
"forwarded"
]
],
"user.domain": "bar.com",
"user.id": "1",
"user.name": "foo",
"user.target.domain": "example.com",
"user.target.email": "user@example.com",
"user.target.name": "user"
},
{
"@timestamp": "2020-10-02T15:00:00.000Z",
Expand Down Expand Up @@ -665,6 +704,12 @@
"source.user.name": "foo",
"tags": [
"forwarded"
]
],
"user.domain": "bar.com",
"user.id": "1",
"user.name": "foo",
"user.target.domain": "example.com",
"user.target.email": "user@example.com",
"user.target.name": "user"
}
]
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,10 @@
"source.user.name": "foo",
"tags": [
"forwarded"
]
],
"user.domain": "bar.com",
"user.id": "1",
"user.name": "foo"
},
{
"@timestamp": "2020-10-02T15:00:00.000Z",
Expand Down Expand Up @@ -95,7 +98,10 @@
"source.user.name": "foo",
"tags": [
"forwarded"
]
],
"user.domain": "bar.com",
"user.id": "1",
"user.name": "foo"
},
{
"@timestamp": "2020-10-02T15:00:00.000Z",
Expand Down Expand Up @@ -145,7 +151,10 @@
"source.user.name": "foo",
"tags": [
"forwarded"
]
],
"user.domain": "bar.com",
"user.id": "1",
"user.name": "foo"
},
{
"@timestamp": "2020-10-02T15:00:00.000Z",
Expand Down Expand Up @@ -202,6 +211,9 @@
"source.user.name": "foo",
"tags": [
"forwarded"
]
],
"user.domain": "bar.com",
"user.id": "1",
"user.name": "foo"
}
]
Loading

0 comments on commit 5dcbfa6

Please sign in to comment.