-
Notifications
You must be signed in to change notification settings - Fork 4.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Filebeat][Gsuite] Adds Groups audit Fileset #19725
Conversation
Pinging @elastic/siem (Team:SIEM) |
💚 Build SucceededExpand to view the summary
Build stats
Test stats 🧪
Steps errorsExpand to view the steps failures
|
a4cc970
to
31ad294
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The one LGTM too.
General question that may affect others in this module. I've looked at this and the login fileset, was there any previous discussion regarding setting source.*
instead of client.*
? ECS advises to always set source
and to set client
when it adds context (docs). Having fields like source.ip
populated consistently makes it easier to pivot between different source IMO.
Makes sense, since it is a change to the common part to all filesets, I will open it as a new PR though 👍 |
dad8bc0
to
a49eff7
Compare
* Add support for Gsuite groups fileset * Add CHANGELOG entry * Update config * Regenerate test files (cherry picked from commit 751a1d3)
* Add support for Gsuite groups fileset * Add CHANGELOG entry * Update config * Regenerate test files
What does this PR do?
Why is it important?
Enhances GSuite module with more meaningful filesets.
Checklist
CHANGELOG.next.asciidoc
orCHANGELOG-developer.next.asciidoc
.Relates to
Depends on #19702