Refresh intakes documentation

SEKOIA-IO · Jan 22, 2024 · 84e89d9 · 84e89d9
1 parent 3d9baf5
commit 84e89d9
Showing 1 changed file with 60 additions and 0 deletions.
diff --git a/...perations_center/integrations/generated/04d36706-ee4a-419b-906d-f92f3a46bcdd.md b/...perations_center/integrations/generated/04d36706-ee4a-419b-906d-f92f3a46bcdd.md
@@ -197,6 +197,65 @@ Find below few samples of events and how they are normalized by Sekoia.io.
 	```
 
 
+=== "test_target_user.json"
+
+    ```json
+
+    {
+        "message": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2024-01-17T11:09:39.840Z\",\"uniqueQualifier\":\"111111\",\"applicationName\":\"drive\",\"customerId\":\"XXXXXX\"},\"etag\":\"aaa-aaa/aaa\",\"actor\":{\"email\":\"[email protected]\",\"profileId\":\"11111\"},\"ipAddress\":\"0.0.0.0\",\"events\":[{\"type\":\"access\",\"name\":\"edit\",\"parameters\":[{\"name\":\"primary_event\",\"boolValue\":false},{\"name\":\"billable\",\"boolValue\":true},{\"name\":\"owner_is_shared_drive\",\"boolValue\":false},{\"name\":\"owner\",\"value\":\"[email protected]\"},{\"name\":\"doc_id\",\"value\":\"1111111111\"},{\"name\":\"doc_type\",\"value\":\"document\"},{\"name\":\"is_encrypted\",\"boolValue\":false},{\"name\":\"doc_title\",\"value\":\"Doc Temp\"},{\"name\":\"visibility\",\"value\":\"shared_externally\"},{\"name\":\"originating_app_id\",\"value\":\"111111\"},{\"name\":\"actor_is_collaborator_account\",\"boolValue\":false},{\"name\":\"owner_is_team_drive\",\"boolValue\":false}]},{\"type\":\"acl_change\",\"name\":\"change_user_access\",\"parameters\":[{\"name\":\"primary_event\",\"boolValue\":true},{\"name\":\"billable\",\"boolValue\":true},{\"name\":\"visibility_change\",\"value\":\"external\"},{\"name\":\"target_user\",\"value\":\"[email protected]\"},{\"name\":\"old_value\",\"multiValue\":[\"none\"]},{\"name\":\"new_value\",\"multiValue\":[\"can_edit\"]},{\"name\":\"old_visibility\",\"value\":\"shared_internally\"},{\"name\":\"owner_is_shared_drive\",\"boolValue\":false},{\"name\":\"owner\",\"value\":\"[email protected]\"},{\"name\":\"doc_id\",\"value\":\"11111\"},{\"name\":\"doc_type\",\"value\":\"document\"},{\"name\":\"is_encrypted\",\"boolValue\":false},{\"name\":\"doc_title\",\"value\":\"Doc Temp\"},{\"name\":\"visibility\",\"value\":\"shared_externally\"},{\"name\":\"originating_app_id\",\"value\":\"11111\"},{\"name\":\"actor_is_collaborator_account\",\"boolValue\":false},{\"name\":\"owner_is_team_drive\",\"boolValue\":false}]}]}",
+        "event": {
+            "action": "edit",
+            "category": [
+                "file"
+            ],
+            "dataset": "admin#reports#activity",
+            "kind": "event",
+            "type": [
+                "change"
+            ]
+        },
+        "@timestamp": "2024-01-17T11:09:39.840000Z",
+        "file": {
+            "name": "Doc Temp",
+            "owner": "[email protected]",
+            "type": "document"
+        },
+        "google": {
+            "report": {
+                "actor": {
+                    "email": "[email protected]"
+                },
+                "parameters": {
+                    "visibility": "shared_externally"
+                }
+            }
+        },
+        "network": {
+            "application": "drive"
+        },
+        "related": {
+            "ip": [
+                "0.0.0.0"
+            ],
+            "user": [
+                "[email protected]"
+            ]
+        },
+        "source": {
+            "address": "0.0.0.0",
+            "ip": "0.0.0.0"
+        },
+        "user": {
+            "id": "XXXXXX",
+            "target": {
+                "email": "[email protected]"
+            }
+        }
+    }
+    	
+	```
+
+
 
 
 
@@ -222,4 +281,5 @@ The following table lists the fields that are extracted, normalized under the EC
 |`source.ip` | `ip` | IP address of the source. |
 |`user.email` | `keyword` | User email address. |
 |`user.id` | `keyword` | Unique identifier of the user. |
+|`user.target.email` | `keyword` | User email address. |