Skip to content

Commit

Permalink
Resolve comments
Browse files Browse the repository at this point in the history
  • Loading branch information
@brijesh-elastic
brijesh-elastic committed Jul 25, 2024
1 parent 79d4f12 commit 164ec7a
Show file tree
Hide file tree
Showing 13 changed files with 177 additions and 136 deletions.
10 changes: 5 additions & 5 deletions packages/proofpoint_on_demand/data_stream/audit/sample_event.json
View file
Original file line number Diff line number Diff line change
@@ -1,22 +1,22 @@
{
"@timestamp": "2023-10-30T06:13:37.162Z",
"agent": {
"ephemeral_id": "26bf214d-6057-496b-a5c2-358c0898467e",
"id": "b70c058d-0ca0-4014-8c5e-c743338a38a3",
"ephemeral_id": "47390a83-5b53-47d7-8583-4e2075c0c3a7",
"id": "8561ea27-9bb2-4207-aed6-dba9ce3b1a40",
"name": "docker-fleet-agent",
"type": "filebeat",
"version": "8.13.0"
},
"data_stream": {
"dataset": "proofpoint_on_demand.audit",
"namespace": "13945",
"namespace": "14398",
"type": "logs"
},
"ecs": {
"version": "8.11.0"
},
"elastic_agent": {
"id": "b70c058d-0ca0-4014-8c5e-c743338a38a3",
"id": "8561ea27-9bb2-4207-aed6-dba9ce3b1a40",
"snapshot": false,
"version": "8.13.0"
},
Expand All @@ -28,7 +28,7 @@
],
"dataset": "proofpoint_on_demand.audit",
"id": "792f514f-15cb-480d-825e-e3565d32f928",
"ingested": "2024-07-23T12:24:04Z",
"ingested": "2024-07-25T09:11:29Z",
"kind": "event",
"original": "{\"audit\":{\"action\":\"login\",\"level\":\"INFO\",\"resourceType\":\"authorization\",\"tags\":[{\"name\":\"eventSubCategory\",\"value\":\"authorization\"},{\"name\":\"eventDetails\",\"value\":\"\"},{\"name\":\"login.authorization\",\"value\":\"true\"}],\"user\":{\"email\":\"[email protected]\",\"id\":\"a7e6abcd-1234-7901-1234-abcdefc31236\",\"ipAddress\":\"1.128.0.0\"}},\"guid\":\"792f514f-15cb-480d-825e-e3565d32f928\",\"metadata\":{\"customerId\":\"c8215678-6e78-42dd-a327-abcde13f9cff\",\"origin\":{\"data\":{\"agent\":\"89.160.20.128\",\"cid\":\"pphosted_prodmgt_hosted\",\"version\":\"1.0\"},\"schemaVersion\":\"1.0\",\"type\":\"cadmin-api-gateway\"}},\"ts\":\"2023-10-30T06:13:37.162521+0000\"}",
"type": [
Expand Down
111 changes: 63 additions & 48 deletions ...ages/proofpoint_on_demand/data_stream/mail/_dev/test/pipeline/test-mail.log-expected.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,12 +6,19 @@
"version": "8.11.0"
},
"email": {
"from": {
"address": [
"[email protected]"
]
},
"sender": {
"address": "[email protected]"
},
"to": {
"address": [
"[email protected]"
]
},
"x_mailer": "*file*"
}
},
"event": {
"category": [
Expand Down Expand Up @@ -65,6 +72,7 @@
"example.proofpoint.com"
],
"user": [
"[email protected]",
"[email protected]"
]
},
Expand All @@ -81,10 +89,9 @@
"email": {
"to": {
"address": [
"<[email protected]>"
"[email protected]"
]
},
"x_mailer": "esmtp"
}
},
"event": {
"category": [
Expand Down Expand Up @@ -131,7 +138,7 @@
"relay": "abcd.example.net. [IPv6:2a02:cf40::]",
"status": "Sent (Ok: queued)",
"to": [
"<[email protected]>"
"[email protected]"
],
"xdelay": "00:00:00"
},
Expand All @@ -148,7 +155,7 @@
"m0000123.ppops.net"
],
"user": [
"<[email protected]>"
"[email protected]"
]
},
"tags": [
Expand All @@ -169,10 +176,10 @@
"email": {
"from": {
"address": [
"<[email protected]>"
"[email protected]"
]
},
"message_id": "<[email protected]>"
"message_id": "[email protected]"
},
"event": {
"category": [
Expand Down Expand Up @@ -216,8 +223,8 @@
"auth": "NONE",
"class": 0,
"daemon": "MTA",
"from": "<[email protected]>",
"msgid": "<[email protected]>",
"from": "[email protected]",
"msgid": "[email protected]",
"nrcpts": 1,
"protocol": "ESMTP",
"qid": "45ABSW12341234",
Expand All @@ -237,7 +244,7 @@
"m0000123.ppops.net"
],
"user": [
"<[email protected]>"
"[email protected]"
]
},
"tags": [
Expand All @@ -253,10 +260,9 @@
"email": {
"to": {
"address": [
"<[email protected]>"
"[email protected]"
]
},
"x_mailer": "relay"
}
},
"event": {
"category": [
Expand Down Expand Up @@ -303,7 +309,7 @@
"relay": "test4.example.net. [216.160.83.56]",
"status": "Sent (Ok: queued)",
"to": [
"<[email protected]>"
"[email protected]"
],
"xdelay": "00:00:00"
},
Expand All @@ -320,7 +326,7 @@
"m0000123.ppops.net"
],
"user": [
"<[email protected]>"
"[email protected]"
]
},
"tags": [
Expand All @@ -339,12 +345,19 @@
"version": "8.11.0"
},
"email": {
"from": {
"address": [
"[email protected]"
]
},
"sender": {
"address": "[email protected]"
},
"to": {
"address": [
"[email protected]"
]
},
"x_mailer": "dsn"
}
},
"event": {
"category": [
Expand Down Expand Up @@ -398,6 +411,7 @@
"example.proofpoint.com"
],
"user": [
"[email protected]",
"[email protected]"
]
},
Expand All @@ -416,8 +430,7 @@
"address": [
"[email protected]"
]
},
"x_mailer": "local"
}
},
"event": {
"category": [
Expand Down Expand Up @@ -505,7 +518,7 @@
"[email protected]"
]
},
"message_id": "<[email protected]>"
"message_id": "[email protected]"
},
"event": {
"category": [
Expand Down Expand Up @@ -550,7 +563,7 @@
"class": 0,
"daemon": "MTA",
"from": "[email protected]",
"msgid": "<[email protected]>",
"msgid": "[email protected]",
"nrcpts": 1,
"protocol": "SMTP",
"qid": "45ABSW12341234",
Expand Down Expand Up @@ -588,8 +601,7 @@
"address": [
"[email protected]"
]
},
"x_mailer": "relay"
}
},
"event": {
"category": [
Expand Down Expand Up @@ -674,10 +686,10 @@
"email": {
"from": {
"address": [
"<[email protected]>"
"[email protected]"
]
},
"message_id": "<[email protected]>"
"message_id": "[email protected]"
},
"event": {
"category": [
Expand Down Expand Up @@ -721,8 +733,8 @@
"auth": "NONE",
"class": 0,
"daemon": "MTA",
"from": "<[email protected]>",
"msgid": "<[email protected]>",
"from": "[email protected]",
"msgid": "[email protected]",
"nrcpts": 1,
"protocol": "SMTP",
"qid": "45ABSW12341234",
Expand All @@ -742,7 +754,7 @@
"m0000123.ppops.net"
],
"user": [
"<[email protected]>"
"[email protected]"
]
},
"tags": [
Expand All @@ -760,8 +772,7 @@
"address": [
"[email protected]"
]
},
"x_mailer": "relay"
}
},
"event": {
"category": [
Expand Down Expand Up @@ -844,12 +855,19 @@
"version": "8.11.0"
},
"email": {
"from": {
"address": [
"[email protected]"
]
},
"sender": {
"address": "[email protected]"
},
"to": {
"address": [
"[email protected]"
]
},
"x_mailer": "dsn"
}
},
"event": {
"category": [
Expand Down Expand Up @@ -903,6 +921,7 @@
"example.proofpoint.com"
],
"user": [
"[email protected]",
"[email protected]"
]
},
Expand All @@ -921,8 +940,7 @@
"address": [
"[email protected]"
]
},
"x_mailer": "local"
}
},
"event": {
"category": [
Expand Down Expand Up @@ -1010,7 +1028,7 @@
"[email protected]"
]
},
"message_id": "<[email protected]>"
"message_id": "[email protected]"
},
"event": {
"category": [
Expand Down Expand Up @@ -1055,7 +1073,7 @@
"class": 0,
"daemon": "MTA",
"from": "[email protected]",
"msgid": "<[email protected]>",
"msgid": "[email protected]",
"nrcpts": 1,
"protocol": "SMTP",
"qid": "45ABSW12341234",
Expand Down Expand Up @@ -1093,8 +1111,7 @@
"address": [
"[email protected]"
]
},
"x_mailer": "relay"
}
},
"event": {
"category": [
Expand Down Expand Up @@ -1182,7 +1199,7 @@
"[email protected]"
]
},
"message_id": "<[email protected]>"
"message_id": "[email protected]"
},
"event": {
"category": [
Expand Down Expand Up @@ -1227,7 +1244,7 @@
"class": 0,
"daemon": "MTA",
"from": "[email protected]",
"msgid": "<[email protected]>",
"msgid": "[email protected]",
"nrcpts": 1,
"protocol": "SMTP",
"qid": "45ABSW12341234",
Expand Down Expand Up @@ -1270,8 +1287,7 @@
"address": [
"[email protected]"
]
},
"x_mailer": "dsn"
}
},
"event": {
"category": [
Expand Down Expand Up @@ -1361,7 +1377,7 @@
"[email protected]"
]
},
"message_id": "<[email protected]>"
"message_id": "[email protected]"
},
"event": {
"category": [
Expand Down Expand Up @@ -1406,7 +1422,7 @@
"class": 0,
"daemon": "MTA",
"from": "[email protected]",
"msgid": "<[email protected]>",
"msgid": "[email protected]",
"nrcpts": 1,
"protocol": "SMTP",
"qid": "45ABSW12341234",
Expand Down Expand Up @@ -1449,8 +1465,7 @@
"address": [
"[email protected]"
]
},
"x_mailer": "dsn"
}
},
"event": {
"category": [
Expand Down
Loading

0 comments on commit 164ec7a

Please sign in to comment.