Add User/Group Management Dashboards to Security module (#15236)

Add dashboards to the Winlogbeat Security module for visualizing User Management events
and Group Management events. There are two versions of each dashboard - one with and without TSVB (time series visual builder) visualizations.

This updates the Winlogbeat build to include the dashboards from the module directories.

Add it adds winlog.event_data.MemberName to the fields.yml because it's used in the user
management dashboard and should be in the fields.yml so the dashboards load without error.

Co-authored-by: Andrew Kroh <[email protected]>

winlogbeat/_meta/fields.common.yml

@@ -162,6 +162,10 @@
               type: keyword
             - name: MaximumPerformancePercent
               type: keyword
+            - name: MemberName
+              type: keyword
+            - name: MemberSid
+              type: keyword
             - name: MinimumPerformancePercent
               type: keyword
             - name: MinimumThrottlePercent

winlogbeat/docs/fields.asciidoc

@@ -6967,6 +6967,20 @@ type: keyword
 
 --
 
+*`winlog.event_data.MemberName`*::
++
+--
+type: keyword
+
+--
+
+*`winlog.event_data.MemberSid`*::
++
+--
+type: keyword
+
+--
+
 *`winlog.event_data.MinimumPerformancePercent`*::
 +
 --

winlogbeat/scripts/mage/update.go

@@ -56,7 +56,12 @@ func (Update) Config() error {
 // Dashboards collects all the dashboards and generates index patterns.
 func (Update) Dashboards() error {
 	mg.Deps(fb.FieldsYML)
-	return devtools.KibanaDashboards()
+	switch SelectLogic {
+	case devtools.XPackProject:
+		return devtools.KibanaDashboards(devtools.OSSBeatDir("module"), devtools.XPackBeatDir("module"))
+	default:
+		return devtools.KibanaDashboards(devtools.OSSBeatDir("module"))
+	}
 }
 
 // Fields updates all fields files (.go, .yml).