diff --git a/filebeat/docs/fields.asciidoc b/filebeat/docs/fields.asciidoc index cd147b54104f..e63dff8db52d 100644 --- a/filebeat/docs/fields.asciidoc +++ b/filebeat/docs/fields.asciidoc @@ -23242,24 +23242,24 @@ More information about specific fields can be found at https://developers.google -*`gsuite.actor.key`*:: +*`gsuite.actor.type`*:: + -- -Only present when callerType is KEY. Can be the consumer_key of the requestor for OAuth 2LO API requests or an identifier for robot accounts. +The type of actor. +Values can be: + *USER*: Another user in the same domain. + *EXTERNAL_USER*: A user outside the domain. + *KEY*: A non-human actor. type: keyword -- -*`gsuite.actor.type`*:: +*`gsuite.actor.key`*:: + -- -The type of actor. -Values can be: - *USER*: Another user in the same domain. - *EXTERNAL_USER*: A user outside the domain. - *KEY*: A non-human actor. +Only present when `actor.type` is `KEY`. Can be the `consumer_key` of the requestor for OAuth 2LO API requests or an identifier for robot accounts. type: keyword @@ -23269,7 +23269,7 @@ type: keyword *`gsuite.event.type`*:: + -- -The type of event. +The type of GSuite event, mapped from `items[].events[].type` in the original payload. Each fileset can have a different set of values for it, more details can be found at https://developers.google.com/admin-sdk/reports/v1/reference/activities/list type: keyword @@ -23281,7 +23281,7 @@ example: audit#activity *`gsuite.kind`*:: + -- -The type of API resource. +The type of API resource, mapped from `kind` in the original payload. More details can be found at https://developers.google.com/admin-sdk/reports/v1/reference/activities/list type: keyword diff --git a/filebeat/docs/modules/gsuite.asciidoc b/filebeat/docs/modules/gsuite.asciidoc index cbaf0341bedf..0870f008c79e 100644 --- a/filebeat/docs/modules/gsuite.asciidoc +++ b/filebeat/docs/modules/gsuite.asciidoc @@ -6,7 +6,7 @@ This file is generated! See scripts/docs_collector.py [role="xpack"] :modulename: gsuite -:has-dashboards: true +:has-dashboards: false == GSuite module @@ -26,7 +26,7 @@ It is compatible with a subset of applications under the https://developers.goog === Configure the module -To allow the filebeat module to ingest data from the Google Reports API, you would need an admin account, and set up a `ServiceAccount` to access `Admin SDK API`. Also notice, https://developers.google.com/admin-sdk/reports/v1/guides/delegation[Domain-Wide Delegation] is required for your application in order to work properly. +In order for filebeat to ingest data from the Google Reports API you must set up a `ServiceAccount` that has access to the `Admin SDK API`. Additionally https://developers.google.com/admin-sdk/reports/v1/guides/delegation[Domain-Wide Delegation] is required for your application to work properly. This module will make use of the following `oauth2 scope`: @@ -94,14 +94,6 @@ This is a list of GSuite Reports fields that are mapped to ECS. These are the common ones to all filesets. -[float] -=== Example dashboard - -This module comes with a sample dashboard. For example: - -TODO: include an image of a sample dashboard. If you do not include a dashboard, -remove this section and set `:has-dashboards: false` at the top of this file. - :has-dashboards!: :modulename!: diff --git a/x-pack/filebeat/module/gsuite/_meta/docs.asciidoc b/x-pack/filebeat/module/gsuite/_meta/docs.asciidoc index 5ea135ede228..4af4410b17e8 100644 --- a/x-pack/filebeat/module/gsuite/_meta/docs.asciidoc +++ b/x-pack/filebeat/module/gsuite/_meta/docs.asciidoc @@ -1,7 +1,7 @@ [role="xpack"] :modulename: gsuite -:has-dashboards: true +:has-dashboards: false == GSuite module @@ -21,7 +21,7 @@ It is compatible with a subset of applications under the https://developers.goog === Configure the module -To allow the filebeat module to ingest data from the Google Reports API, you would need an admin account, and set up a `ServiceAccount` to access `Admin SDK API`. Also notice, https://developers.google.com/admin-sdk/reports/v1/guides/delegation[Domain-Wide Delegation] is required for your application in order to work properly. +In order for filebeat to ingest data from the Google Reports API you must set up a `ServiceAccount` that has access to the `Admin SDK API`. Additionally https://developers.google.com/admin-sdk/reports/v1/guides/delegation[Domain-Wide Delegation] is required for your application to work properly. This module will make use of the following `oauth2 scope`: @@ -89,14 +89,6 @@ This is a list of GSuite Reports fields that are mapped to ECS. These are the common ones to all filesets. -[float] -=== Example dashboard - -This module comes with a sample dashboard. For example: - -TODO: include an image of a sample dashboard. If you do not include a dashboard, -remove this section and set `:has-dashboards: false` at the top of this file. - :has-dashboards!: :modulename!: diff --git a/x-pack/filebeat/module/gsuite/_meta/fields.yml b/x-pack/filebeat/module/gsuite/_meta/fields.yml index 6d9dcf4df991..21ef9c6e6926 100644 --- a/x-pack/filebeat/module/gsuite/_meta/fields.yml +++ b/x-pack/filebeat/module/gsuite/_meta/fields.yml @@ -11,10 +11,6 @@ More information about specific fields can be found at https://developers.google.com/admin-sdk/reports/v1/reference/activities/list fields: - - name: actor.key - type: keyword - description: > - Only present when callerType is KEY. Can be the consumer_key of the requestor for OAuth 2LO API requests or an identifier for robot accounts. - name: actor.type type: keyword description: > @@ -24,15 +20,21 @@ *USER*: Another user in the same domain. *EXTERNAL_USER*: A user outside the domain. *KEY*: A non-human actor. + - name: actor.key + type: keyword + description: > + Only present when `actor.type` is `KEY`. Can be the `consumer_key` of the requestor for OAuth 2LO API requests or an identifier for robot accounts. - name: event.type type: keyword description: > - The type of event. + The type of GSuite event, mapped from `items[].events[].type` in the original payload. + Each fileset can have a different set of values for it, more details can be found at https://developers.google.com/admin-sdk/reports/v1/reference/activities/list example: audit#activity - name: kind type: keyword description: > - The type of API resource. + The type of API resource, mapped from `kind` in the original payload. + More details can be found at https://developers.google.com/admin-sdk/reports/v1/reference/activities/list example: audit#activity - name: organization.domain type: keyword diff --git a/x-pack/filebeat/module/gsuite/fields.go b/x-pack/filebeat/module/gsuite/fields.go index efdd33ae8ccd..5003648f3417 100644 --- a/x-pack/filebeat/module/gsuite/fields.go +++ b/x-pack/filebeat/module/gsuite/fields.go @@ -19,5 +19,5 @@ func init() { // AssetGsuite returns asset data. // This is the base64 encoded gzipped contents of module/gsuite. func AssetGsuite() string { - return "eJy0VMFu4zYQvfsrBttDgQUioT3qUMAo3KLYpFkk2aJ7EmhyZA1McVhy6F316wuKVqA4NopuXB45M2/eG3LeDexxbGAXEwmuAITEYgPvysW7FYDBqAN5IXYN/LQCgGM23LFJNhd1hNbEZordgFMDLhDzMdipZKWdEhvolI1zSEafswMn/5z8qmE+v5am0aOmjvSxabV6TrjjgECu4zCoXAxqy0lOC0ArB1uEjpMzoAR6ER+bujZ4QMseQ6x2zDuLleahVmYgdxPNvg7oOUisDz/UATsM6DTWSgsdSAhjbSnKkctyHsuZKC0cqj2Oz5FZ/x7HLxzM4v7CFPK5d3YEHzCiE/jSowOtrMXwNHoEivBh87mCn4tM6RE0u5gGDO0eR+Buugv4V8IoHKDjAPfrJD38eHsP64+/zbEIHEA5IINOqCMsuYG3LKC05uQkVhdEZllvU/nU41SWGRfM1Yv4H8omnJ+zeRECeP/pcfPwvoG1Y+kxQIoYgNwkPaoBwfCgyFWnZZs/nzYPv69v27m+VHKSSKZM80Llh83nKd+xu+nToNxM+nQ+eEAnV55PwVyE8asafF5klQzJd8dvOr4isydnrkejfJ7IKWj8FjYcdsrR39P2VmXObyNX6BUkkF5JXg/VdagFDWzH4yrkxf4+nk5xZhXVYF/RWBoWnFn5JYDy3pKeVLX55oTiJV3/qg3gUQ0WHj8uO0w9q7M8OkU2BWxP/t4bOdzyjtyMPQFV8Et2DsiOmL+F5xhpaxEOZWUn+wThb7Fe5T06Q19n5x3r/Dzn9ZIjISVo2u14Pb0PxR2zK3TwuL67BZWkzxZZHuA8Fw675Ehar6S/HheAT5M9FfDznaMoSbHVbM4/umW3+4+/LosusJBhL/RFzc60Nr9t+3+RmHrA1OMlo38CAAD//+Ulf6s=" + return "eJzMVU2PIzUQvedXlJYD0orpCI45IEUorNDOMKvJLmKFUKfSLqdLcbsau5yd5tcju5Mhk2TExwxofWq5vl49v6q+gi0NM9jExEoTAGV1NINX48WrCYCh2ATulcXP4NsJAOy94UZMcjnIMjkTZ8V2BR47OsqYjyGLyWldHGdg0cWDSYc+ewdJ/YPzWcF83oxFY08NW272RavJg8ONBAL2VkKHORhwLUlPA6BBD2sCK8kbQIVWtY+z6dTQjpz0FGK1Edk4qhrppmg69lfRbKeBegkap7uvp4EsBfINTbFR3rEyxanjqHssx3wcc4KNSqhyxw+mAwFbGj5JMEf3T9CQz/uWShiI3eecPLL/hC7RodPZIxPA6w/Lxd3rGcy9aEsBUqQA7EFbgogdgZEO2VenYYuf3y/ufpxf14f4MVKSRjZUwp+IfLv4WPy9+Ks2degPoC/zs6XhefTcejdAHyiSV/jUkofVn8yvgCOs3i4+rir4bpRChr5qxMfUUai3NKwysfk20G+JokoAKwFu50lb+Ob6FubvfjjYIkgA9MCGvLJlGn2DrEUBm0aS13jeKu3I6wtL4c2yTEhJ/RV02PdkwAbpYMVKXfzl16rY8seeivHZJfCGPTrocXCC5vELLrBpwbKjSFo01eKOAMGwLWOgkA1iYTfKLrfPGUCeR0OK7P6XqcuH7rHr8wLDZFi/2DsOZ/Rv2ZuXI36UQ5QUGjohPhf6mzzffMZ8Sdig59/LXq3GMX8efSOBYybQFjWPJVpLjZKB9bAfv9zMl3E/LWeoInbuDMbxrwQuLOPjBNj3jpvSVZ1vTiA+1ddf9gawxM7B8t1xhVKzuojDIrsUqD7ZB8/EcC0b9ofcJVEF3+dtBVkFWbi9xMhrR4fRLZIBlX8jt6x6b/j+oLZhmp/ncr/sWRmVTL0eXq7fu3Ej55+SheX85howaZvX8vgAl7FI2CTPWveo7cthAfhQ/o5j8suVo6KmWDdiLj+6E7/5h6rLTY9pIad9oi414k3t8tvW/xWIUgNKjceI/ggAAP//yAgQFA==" } diff --git a/x-pack/filebeat/module/gsuite/module.yml b/x-pack/filebeat/module/gsuite/module.yml deleted file mode 100644 index 7e5d3b58e065..000000000000 --- a/x-pack/filebeat/module/gsuite/module.yml +++ /dev/null @@ -1,3 +0,0 @@ -dashboards: -- id: Filebeat-gsuite-Overview-Dashboard - file: Filebeat-gsuite-Overview.json