Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Filebeat][Gsuite] Adds Groups audit Fileset #19725

Merged
merged 4 commits into from
Jul 15, 2020
Merged

[Filebeat][Gsuite] Adds Groups audit Fileset #19725

merged 4 commits into from
Jul 15, 2020

Conversation

marc-gr
Copy link
Contributor

@marc-gr marc-gr commented Jul 8, 2020

What does this PR do?

  • Adds a new fileset that fetches the groups audits for GSuite module

Why is it important?

Enhances GSuite module with more meaningful filesets.

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Relates to

Depends on #19702

@elasticmachine
Copy link
Collaborator

Pinging @elastic/siem (Team:SIEM)

@botelastic botelastic bot added needs_team Indicates that the issue/PR needs a Team:* label and removed needs_team Indicates that the issue/PR needs a Team:* label labels Jul 8, 2020
@marc-gr marc-gr requested a review from a team July 8, 2020 08:16
@elasticmachine
Copy link
Collaborator

elasticmachine commented Jul 8, 2020
edited by jenkins-beats-ci bot
Loading

💚 Build Succeeded

Pipeline View Test View Changes Artifacts preview

Expand to view the summary

Build stats

  • Build Cause: [Pull request #19725 updated]

  • Start Time: 2020-07-14T23:48:46.264+0000

  • Duration: 55 min 20 sec

Test stats 🧪

Test Results
Failed 0
Passed 4252
Skipped 679
Total 4931

Steps errors

Expand to view the steps failures

  • Name: Report to Codecov

    • Description: curl -sSLo codecov https://codecov.io/bash for i in auditbeat filebeat heartbeat libbeat metricbeat packetbeat winlogbeat journalbeat do FILE="${i}/build/coverage/full.cov" if [ -f "${FILE}" ]; then bash codecov -f "${FILE}" fi done

    • Duration: 2 min 22 sec

    • Start Time: 2020-07-15T00:10:43.856+0000

    • log

@marc-gr marc-gr force-pushed the gsuite_groups branch 2 times, most recently from a4cc970 to 31ad294 Compare July 9, 2020 10:26
andrewkroh
andrewkroh approved these changes Jul 13, 2020
View reviewed changes
Copy link
Member

@andrewkroh andrewkroh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The one LGTM too.

General question that may affect others in this module. I've looked at this and the login fileset, was there any previous discussion regarding setting source.* instead of client.*? ECS advises to always set source and to set client when it adds context (docs). Having fields like source.ip populated consistently makes it easier to pivot between different source IMO.

@marc-gr
Copy link
Contributor Author

marc-gr commented Jul 13, 2020

The one LGTM too.

General question that may affect others in this module. I've looked at this and the login fileset, was there any previous discussion regarding setting source.* instead of client.*? ECS advises to always set source and to set client when it adds context (docs). Having fields like source.ip populated consistently makes it easier to pivot between different source IMO.

Makes sense, since it is a change to the common part to all filesets, I will open it as a new PR though 👍

@marc-gr marc-gr force-pushed the gsuite_groups branch 6 times, most recently from dad8bc0 to a49eff7 Compare July 14, 2020 22:54
@andrewkroh andrewkroh merged commit 751a1d3 into elastic:master Jul 15, 2020
andrewkroh pushed a commit to andrewkroh/beats that referenced this pull request Jul 15, 2020
@marc-gr @andrewkroh
[Filebeat][Gsuite] Adds Groups audit Fileset (elastic#19725)
13fd1c2 
* Add support for Gsuite groups fileset

* Add CHANGELOG entry

* Update config

* Regenerate test files

(cherry picked from commit 751a1d3)
@andrewkroh andrewkroh mentioned this pull request Jul 15, 2020
Merged
6 tasks
andrewkroh added a commit that referenced this pull request Jul 15, 2020
@andrewkroh @marc-gr
[Filebeat][Gsuite] Adds Groups audit Fileset (#19725) (#19936)
8a4363b 
* Add support for Gsuite groups fileset

* Add CHANGELOG entry

* Update config

* Regenerate test files

(cherry picked from commit 751a1d3)

Co-authored-by: Marc Guasch <marc-gr@users.noreply.github.com>
melchiormoulin pushed a commit to melchiormoulin/beats that referenced this pull request Oct 14, 2020
@marc-gr @melchiormoulin
[Filebeat][Gsuite] Adds Groups audit Fileset (elastic#19725)
a8ac389 
* Add support for Gsuite groups fileset

* Add CHANGELOG entry

* Update config

* Regenerate test files
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andrewkroh andrewkroh andrewkroh approved these changes

Assignees
No one assigned
Labels
enhancement review v7.9.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@marc-gr @elasticmachine @andrewkroh