From 84e89d94b09380f8b6b8d5ed754793a219b2546f Mon Sep 17 00:00:00 2001 From: "sekoia-io-cross-repo-comm-app[bot]" Date: Mon, 22 Jan 2024 13:53:25 +0000 Subject: [PATCH] Refresh intakes documentation --- .../04d36706-ee4a-419b-906d-f92f3a46bcdd.md | 60 +++++++++++++++++++ 1 file changed, 60 insertions(+) diff --git a/_shared_content/operations_center/integrations/generated/04d36706-ee4a-419b-906d-f92f3a46bcdd.md b/_shared_content/operations_center/integrations/generated/04d36706-ee4a-419b-906d-f92f3a46bcdd.md index 7eb1013f21..14babeb277 100644 --- a/_shared_content/operations_center/integrations/generated/04d36706-ee4a-419b-906d-f92f3a46bcdd.md +++ b/_shared_content/operations_center/integrations/generated/04d36706-ee4a-419b-906d-f92f3a46bcdd.md @@ -197,6 +197,65 @@ Find below few samples of events and how they are normalized by Sekoia.io. ``` +=== "test_target_user.json" + + ```json + + { + "message": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2024-01-17T11:09:39.840Z\",\"uniqueQualifier\":\"111111\",\"applicationName\":\"drive\",\"customerId\":\"XXXXXX\"},\"etag\":\"aaa-aaa/aaa\",\"actor\":{\"email\":\"senduser@test.com\",\"profileId\":\"11111\"},\"ipAddress\":\"0.0.0.0\",\"events\":[{\"type\":\"access\",\"name\":\"edit\",\"parameters\":[{\"name\":\"primary_event\",\"boolValue\":false},{\"name\":\"billable\",\"boolValue\":true},{\"name\":\"owner_is_shared_drive\",\"boolValue\":false},{\"name\":\"owner\",\"value\":\"owner@test.com\"},{\"name\":\"doc_id\",\"value\":\"1111111111\"},{\"name\":\"doc_type\",\"value\":\"document\"},{\"name\":\"is_encrypted\",\"boolValue\":false},{\"name\":\"doc_title\",\"value\":\"Doc Temp\"},{\"name\":\"visibility\",\"value\":\"shared_externally\"},{\"name\":\"originating_app_id\",\"value\":\"111111\"},{\"name\":\"actor_is_collaborator_account\",\"boolValue\":false},{\"name\":\"owner_is_team_drive\",\"boolValue\":false}]},{\"type\":\"acl_change\",\"name\":\"change_user_access\",\"parameters\":[{\"name\":\"primary_event\",\"boolValue\":true},{\"name\":\"billable\",\"boolValue\":true},{\"name\":\"visibility_change\",\"value\":\"external\"},{\"name\":\"target_user\",\"value\":\"targetuser@test.fr\"},{\"name\":\"old_value\",\"multiValue\":[\"none\"]},{\"name\":\"new_value\",\"multiValue\":[\"can_edit\"]},{\"name\":\"old_visibility\",\"value\":\"shared_internally\"},{\"name\":\"owner_is_shared_drive\",\"boolValue\":false},{\"name\":\"owner\",\"value\":\"owner@test.com\"},{\"name\":\"doc_id\",\"value\":\"11111\"},{\"name\":\"doc_type\",\"value\":\"document\"},{\"name\":\"is_encrypted\",\"boolValue\":false},{\"name\":\"doc_title\",\"value\":\"Doc Temp\"},{\"name\":\"visibility\",\"value\":\"shared_externally\"},{\"name\":\"originating_app_id\",\"value\":\"11111\"},{\"name\":\"actor_is_collaborator_account\",\"boolValue\":false},{\"name\":\"owner_is_team_drive\",\"boolValue\":false}]}]}", + "event": { + "action": "edit", + "category": [ + "file" + ], + "dataset": "admin#reports#activity", + "kind": "event", + "type": [ + "change" + ] + }, + "@timestamp": "2024-01-17T11:09:39.840000Z", + "file": { + "name": "Doc Temp", + "owner": "owner@test.com", + "type": "document" + }, + "google": { + "report": { + "actor": { + "email": "senduser@test.com" + }, + "parameters": { + "visibility": "shared_externally" + } + } + }, + "network": { + "application": "drive" + }, + "related": { + "ip": [ + "0.0.0.0" + ], + "user": [ + "owner@test.com" + ] + }, + "source": { + "address": "0.0.0.0", + "ip": "0.0.0.0" + }, + "user": { + "id": "XXXXXX", + "target": { + "email": "targetuser@test.fr" + } + } + } + + ``` + + @@ -222,4 +281,5 @@ The following table lists the fields that are extracted, normalized under the EC |`source.ip` | `ip` | IP address of the source. | |`user.email` | `keyword` | User email address. | |`user.id` | `keyword` | Unique identifier of the user. | +|`user.target.email` | `keyword` | User email address. |