forked from elastic/beats
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[Filebeat][Gsuite] Adds Drive audit Fileset (elastic#19704)
* Add Gsuite Drive fileset * Update config * Update docs * Add CHANGELOG entry * Change url * Update config * Regenerate test files
- Loading branch information
Showing
14 changed files
with
2,335 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -743,6 +743,14 @@ filebeat.modules: | |
# var.http_client_timeout: 60s | ||
# var.user_key: all | ||
# var.interval: 5s | ||
drive: | ||
enabled: true | ||
# var.jwt_file: credentials.json | ||
# var.delegated_account: [email protected] | ||
# var.initial_interval: 24h | ||
# var.http_client_timeout: 60s | ||
# var.user_key: all | ||
# var.interval: 5s | ||
|
||
#------------------------------- HAProxy Module ------------------------------- | ||
- module: haproxy | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -31,3 +31,11 @@ | |
# var.http_client_timeout: 60s | ||
# var.user_key: all | ||
# var.interval: 5s | ||
drive: | ||
enabled: true | ||
# var.jwt_file: credentials.json | ||
# var.delegated_account: [email protected] | ||
# var.initial_interval: 24h | ||
# var.http_client_timeout: 60s | ||
# var.user_key: all | ||
# var.interval: 5s |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,89 @@ | ||
- name: drive | ||
type: group | ||
fields: | ||
- name: billable | ||
type: boolean | ||
description: Whether this activity is billable. | ||
- name: source_folder_id | ||
type: keyword | ||
- name: source_folder_title | ||
type: keyword | ||
- name: destination_folder_id | ||
type: keyword | ||
- name: destination_folder_title | ||
type: keyword | ||
- name: file.id | ||
type: keyword | ||
- name: file.type | ||
type: keyword | ||
description: > | ||
Document Drive type. For a list of possible values refer to https://developers.google.com/admin-sdk/reports/v1/appendix/activity/drive | ||
- name: originating_app_id | ||
type: keyword | ||
description: > | ||
The Google Cloud Project ID of the application that performed the action. | ||
- name: file.owner.email | ||
type: keyword | ||
- name: file.owner.is_shared_drive | ||
type: boolean | ||
description: > | ||
Boolean flag denoting whether owner is a shared drive. | ||
- name: primary_event | ||
type: boolean | ||
description: > | ||
Whether this is a primary event. A single user action in Drive may generate several events. | ||
- name: shared_drive_id | ||
type: keyword | ||
description: > | ||
The unique identifier of the Team Drive. Only populated for for events relating to a Team Drive or item contained inside a Team Drive. | ||
- name: visibility | ||
type: keyword | ||
description: > | ||
Visibility of target file. For a list of possible values refer to https://developers.google.com/admin-sdk/reports/v1/appendix/activity/drive | ||
- name: new_value | ||
type: keyword | ||
description: > | ||
When a setting or property of the file changes, the new value for it will appear here. | ||
- name: old_value | ||
type: keyword | ||
description: > | ||
When a setting or property of the file changes, the old value for it will appear here. | ||
- name: sheets_import_range_recipient_doc | ||
type: keyword | ||
description: Doc ID of the recipient of a sheets import range. | ||
- name: old_visibility | ||
type: keyword | ||
description: > | ||
When visibility changes, this holds the old value. | ||
- name: visibility_change | ||
type: keyword | ||
description: > | ||
When visibility changes, this holds the new overall visibility of the file. | ||
- name: target_domain | ||
type: keyword | ||
description: > | ||
The domain for which the acccess scope was changed. This can also be the alias all to indicate the access scope was changed for all domains that have visibility for this document. | ||
- name: added_role | ||
type: keyword | ||
description: > | ||
Added membership role of a user/group in a Team Drive. | ||
For a list of possible values refer to https://developers.google.com/admin-sdk/reports/v1/appendix/activity/drive | ||
- name: membership_change_type | ||
type: keyword | ||
description: > | ||
Type of change in Team Drive membership of a user/group. | ||
For a list of possible values refer to https://developers.google.com/admin-sdk/reports/v1/appendix/activity/drive | ||
- name: shared_drive_settings_change_type | ||
type: keyword | ||
description: > | ||
Type of change in Team Drive settings. | ||
For a list of possible values refer to https://developers.google.com/admin-sdk/reports/v1/appendix/activity/drive | ||
- name: removed_role | ||
type: keyword | ||
description: > | ||
Removed membership role of a user/group in a Team Drive. | ||
For a list of possible values refer to https://developers.google.com/admin-sdk/reports/v1/appendix/activity/drive | ||
- name: target | ||
type: keyword | ||
description: Target user or group. | ||
|
Oops, something went wrong.