Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Auditbeat] Add system module user dataset ECS categorization fields #18035

Merged
merged 7 commits into from
May 5, 2020
Merged

[Auditbeat] Add system module user dataset ECS categorization fields #18035

merged 7 commits into from
May 5, 2020

Conversation

andrewstucki
Copy link

@andrewstucki andrewstucki commented Apr 28, 2020
edited
Loading

Checklist

  • My code follows the style guidelines of this project
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Related issues

@andrewstucki andrewstucki requested a review from a team as a code owner April 28, 2020 03:50
@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Apr 28, 2020
@elasticmachine
Copy link
Collaborator

Pinging @elastic/siem (Team:SIEM)

@andresrc andresrc removed the needs_team Indicates that the issue/PR needs a Team:* label label Apr 28, 2020
leehinman
leehinman requested changes Apr 30, 2020
View reviewed changes
Copy link
Contributor

@leehinman leehinman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ECS categorization looks good.

Could we add the following?:

  • related.user
  • user.group.id

@andrewstucki
Copy link
Author

thanks, done

@elasticmachine
Copy link
Collaborator

elasticmachine commented May 5, 2020
edited
Loading

💚 Build Succeeded

Pipeline View Test View Changes Artifacts preview stats

Expand to view the summary

Build stats

Test stats 🧪

Test Results
Failed 0
Passed 189
Skipped 17
Total 206

leehinman
leehinman approved these changes May 5, 2020
View reviewed changes
Copy link
Contributor

@leehinman leehinman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@andrewstucki andrewstucki merged commit 000bbc6 into elastic:master May 5, 2020
@andrewstucki andrewstucki deleted the auditbeat-system-user-update branch May 5, 2020 15:36
andrewstucki pushed a commit to andrewstucki/beats that referenced this pull request May 5, 2020
[Auditbeat] Add system module user dataset ECS categorization fields (e…
c86f431 
…lastic#18035)

* [Auditbeat] Add system module user dataset ECS categorization fields

* add changelog entry

* Add user.group and related.user fields

* Remove group name that may not match across test environments

* Modify test so it doesn't pick up real user events

(cherry picked from commit 000bbc6)
@andrewstucki andrewstucki mentioned this pull request May 5, 2020
Merged
2 tasks
andrewstucki pushed a commit that referenced this pull request May 5, 2020
Cherry-pick #18035 to 7.x: [Auditbeat] Add system module user dataset…
73bd96c 
… ECS categorization fields (#18252)

* [Auditbeat] Add system module user dataset ECS categorization fields (#18035)

* [Auditbeat] Add system module user dataset ECS categorization fields

* add changelog entry

* Add user.group and related.user fields

* Remove group name that may not match across test environments

* Modify test so it doesn't pick up real user events

(cherry picked from commit 000bbc6)

* Fix up changelog
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@leehinman leehinman leehinman approved these changes

Assignees
No one assigned
Labels
Auditbeat enhancement v7.8.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Auditbeat] Update Auditbeat system module user dataset to ECS 1.4
4 participants
@andrewstucki @elasticmachine @leehinman @andresrc