google_workspace: add missing field mappings in data streams (#14549)

Add missing field mappings in admin, device, drive, login
and token data streams.

Author: navnit-elastic

packages/google_workspace/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "2.43.0"
+  changes:
+    - description: Add missing field mappings in the `admin`, `device`, `drive`, `login` and `token` data streams.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/14549
 - version: "2.42.0"
   changes:
     - description: Use `terminate` processor instead of `fail` processor to handle agent errors.

packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-application.log-expected.json

@@ -776,4 +776,4 @@
             }
         }
     ]
-}
+}

packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-calendar.log-expected.json

@@ -1063,4 +1063,4 @@
             }
         }
     ]
-}
+}

packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-chat.log-expected.json

@@ -332,4 +332,4 @@
             }
         }
     ]
-}
+}

packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-chromeos.log-expected.json

@@ -1723,4 +1723,4 @@
             }
         }
     ]
-}
+}

packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-contacts.log-expected.json

@@ -87,4 +87,4 @@
             }
         }
     ]
-}
+}

packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-delegatedadmin.log-expected.json

@@ -653,4 +653,4 @@
             }
         }
     ]
-}
+}

packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-docs.log-expected.json

@@ -359,4 +359,4 @@
             }
         }
     ]
-}
+}

packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-domain.log

@@ -3,6 +3,7 @@
 {"kind":"admin#reports#activity","id":{"time":"2020-10-02T15:00:00Z","uniqueQualifier":1,"applicationName":"admin","customerId":"1"},"actor":{"callerType":"USER","email":"[email protected]","profileId":1},"ownerDomain":"elastic.com","ipAddress":"67.43.156.13","events":{"type":"DOMAIN_SETTINGS","name":"ADD_APPLICATION_TO_WHITELIST","parameters":[{"name":"APP_ID","value":"id"},{"name":"APPLICATION_NAME","value":"app name"}]}}
 {"kind":"admin#reports#activity","id":{"time":"2020-10-02T15:00:00Z","uniqueQualifier":1,"applicationName":"admin","customerId":"1"},"actor":{"callerType":"USER","email":"[email protected]","profileId":1},"ownerDomain":"elastic.com","ipAddress":"67.43.156.13","events":{"type":"DOMAIN_SETTINGS","name":"CHANGE_ADVERTISEMENT_OPTION","parameters":[{"name":"DOMAIN_NAME","value":"example.com"},{"name":"NEW_VALUE","value":"new"},{"name":"OLD_VALUE","value":"old"}]}}
 {"kind":"admin#reports#activity","id":{"time":"2020-10-02T15:00:00Z","uniqueQualifier":1,"applicationName":"admin","customerId":"1"},"actor":{"callerType":"USER","email":"[email protected]","profileId":1},"ownerDomain":"elastic.com","ipAddress":"67.43.156.13","events":{"type":"DOMAIN_SETTINGS","name":"CREATE_ALERT","parameters":[{"name":"ALERT_NAME","value":"alert name"}]}}
+{"kind":"admin#reports#activity","id":{"time":"2020-10-02T15:00:00Z","uniqueQualifier":1,"applicationName":"admin","customerId":"1"},"actor":{"callerType":"USER","email":"[email protected]","profileId":1},"ownerDomain":"elastic.com","ipAddress":"67.43.156.13","events":{"type":"DOMAIN_SETTINGS","name":"CREATE_ALERT","parameters":[{"name":"ALERT_NAME","value":"alert name"},{"name":"ALERT_ID","value":"1abc23d4-56e-f78ghi-9j0k-lm1n"}]}}
 {"kind":"admin#reports#activity","id":{"time":"2020-10-02T15:00:00Z","uniqueQualifier":1,"applicationName":"admin","customerId":"1"},"actor":{"callerType":"USER","email":"[email protected]","profileId":1},"ownerDomain":"elastic.com","ipAddress":"67.43.156.13","events":{"type":"DOMAIN_SETTINGS","name":"CHANGE_ALERT_CRITERIA","parameters":[{"name":"ALERT_NAME","value":"alert name"}]}}
 {"kind":"admin#reports#activity","id":{"time":"2020-10-02T15:00:00Z","uniqueQualifier":1,"applicationName":"admin","customerId":"1"},"actor":{"callerType":"USER","email":"[email protected]","profileId":1},"ownerDomain":"elastic.com","ipAddress":"67.43.156.13","events":{"type":"DOMAIN_SETTINGS","name":"DELETE_ALERT","parameters":[{"name":"ALERT_NAME","value":"alert name"}]}}
 {"kind":"admin#reports#activity","id":{"time":"2020-10-02T15:00:00Z","uniqueQualifier":1,"applicationName":"admin","customerId":"1"},"actor":{"callerType":"USER","email":"[email protected]","profileId":1},"ownerDomain":"elastic.com","ipAddress":"67.43.156.13","events":{"type":"DOMAIN_SETTINGS","name":"ALERT_RECEIVERS_CHANGED","parameters":[{"name":"ALERT_NAME","value":"alert name"},{"name":"NEW_VALUE","value":"new"},{"name":"OLD_VALUE","value":"old"}]}}

packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-domain.log-expected.json

@@ -391,6 +391,84 @@
                 "name": "foo"
             }
         },
+        {
+            "@timestamp": "2020-10-02T15:00:00.000Z",
+            "ecs": {
+                "version": "8.16.0"
+            },
+            "event": {
+                "action": "CREATE_ALERT",
+                "category": [
+                    "iam"
+                ],
+                "id": "1",
+                "kind": "event",
+                "original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"admin\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"[email protected]\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"67.43.156.13\",\"events\":{\"type\":\"DOMAIN_SETTINGS\",\"name\":\"CREATE_ALERT\",\"parameters\":[{\"name\":\"ALERT_NAME\",\"value\":\"alert name\"},{\"name\":\"ALERT_ID\",\"value\":\"1abc23d4-56e-f78ghi-9j0k-lm1n\"}]}}",
+                "provider": "admin",
+                "type": [
+                    "creation"
+                ]
+            },
+            "google_workspace": {
+                "actor": {
+                    "type": "USER"
+                },
+                "admin": {
+                    "alert": {
+                        "id": "1abc23d4-56e-f78ghi-9j0k-lm1n",
+                        "name": "alert name"
+                    }
+                },
+                "event": {
+                    "type": "DOMAIN_SETTINGS"
+                },
+                "kind": "admin#reports#activity",
+                "organization": {
+                    "domain": "elastic.com"
+                }
+            },
+            "organization": {
+                "id": "1"
+            },
+            "related": {
+                "ip": [
+                    "67.43.156.13"
+                ],
+                "user": [
+                    "foo"
+                ]
+            },
+            "source": {
+                "as": {
+                    "number": 35908
+                },
+                "geo": {
+                    "continent_name": "Asia",
+                    "country_iso_code": "BT",
+                    "country_name": "Bhutan",
+                    "location": {
+                        "lat": 27.5,
+                        "lon": 90.5
+                    }
+                },
+                "ip": "67.43.156.13",
+                "user": {
+                    "domain": "bar.com",
+                    "email": "[email protected]",
+                    "id": "1",
+                    "name": "foo"
+                }
+            },
+            "tags": [
+                "preserve_original_event"
+            ],
+            "user": {
+                "domain": "bar.com",
+                "email": "[email protected]",
+                "id": "1",
+                "name": "foo"
+            }
+        },
         {
             "@timestamp": "2020-10-02T15:00:00.000Z",
             "ecs": {
@@ -6666,4 +6744,4 @@
             }
         }
     ]
-}
+}