From d932e799c704ef21632da953b8bba3c5ac65d2c7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Simon=20K=C3=B6tting?= <145989254+SimonKoetting@users.noreply.github.com> Date: Thu, 25 Apr 2024 07:35:45 +0200 Subject: [PATCH] [Exchange Server] GA of Integration, Add Dashbord Panel Titles & System Tests (#9560) * Add Dashboard Titles * Add Dashboard Titles * Change Version to GA * adjust PR in Changelog * Add System Tests to all datstreams * fix imap system test config * remove Folder structure out of system tests sample logs * Fix mapping * Add convert for inode field * specify numeric_keyword_fields in system tests --- .../_dev/deploy/docker/docker-compose.yml | 8 ++ .../docker/sample_logs/imappop_Imap4.log | 1 + .../docker/sample_logs/imappop_Pop3.log | 1 + .../docker/sample_logs/smtp_SmtpRecive.log | 1 + .../docker/sample_logs/smtp_SmtpSend.log | 1 + .../docker/sample_logs/test-httpproxy.log | 1 + .../sample_logs/test-messagetracking.log | 4 + .../microsoft_exchange_server/changelog.yml | 5 + .../_dev/test/system/test-default-config.yml | 11 ++ .../data_stream/httpproxy/fields/ecs.yml | 4 + .../data_stream/httpproxy/fields/fields.yml | 8 ++ .../_dev/test/system/test-default-config.yml | 11 ++ .../data_stream/imap4_pop3/fields/ecs.yml | 2 + .../data_stream/imap4_pop3/fields/fields.yml | 8 ++ .../_dev/test/system/test-default-config.yml | 11 ++ .../messagetracking/fields/ecs.yml | 4 + .../messagetracking/fields/fields.yml | 10 +- .../_dev/test/system/test-default-config.yml | 11 ++ .../data_stream/smtp/fields/ecs.yml | 2 + .../data_stream/smtp/fields/fields.yml | 8 ++ ...66a4ce40-1a00-4ced-9547-7e96def93f02.json} | 113 +++++++++--------- ...-75b14bd0-c034-11ee-a682-0f218cc418af.json | 2 +- .../microsoft_exchange_server/manifest.yml | 2 +- 23 files changed, 171 insertions(+), 58 deletions(-) create mode 100644 packages/microsoft_exchange_server/_dev/deploy/docker/docker-compose.yml create mode 100755 packages/microsoft_exchange_server/_dev/deploy/docker/sample_logs/imappop_Imap4.log create mode 100755 packages/microsoft_exchange_server/_dev/deploy/docker/sample_logs/imappop_Pop3.log create mode 100755 packages/microsoft_exchange_server/_dev/deploy/docker/sample_logs/smtp_SmtpRecive.log create mode 100755 packages/microsoft_exchange_server/_dev/deploy/docker/sample_logs/smtp_SmtpSend.log create mode 100755 packages/microsoft_exchange_server/_dev/deploy/docker/sample_logs/test-httpproxy.log create mode 100755 packages/microsoft_exchange_server/_dev/deploy/docker/sample_logs/test-messagetracking.log create mode 100644 packages/microsoft_exchange_server/data_stream/httpproxy/_dev/test/system/test-default-config.yml create mode 100644 packages/microsoft_exchange_server/data_stream/imap4_pop3/_dev/test/system/test-default-config.yml create mode 100644 packages/microsoft_exchange_server/data_stream/messagetracking/_dev/test/system/test-default-config.yml create mode 100644 packages/microsoft_exchange_server/data_stream/smtp/_dev/test/system/test-default-config.yml rename packages/microsoft_exchange_server/kibana/dashboard/{microsoft_exchange_server-8e9d55c5-637a-4fd8-b53b-9501e98a8e88.json => microsoft_exchange_server-66a4ce40-1a00-4ced-9547-7e96def93f02.json} (94%) diff --git a/packages/microsoft_exchange_server/_dev/deploy/docker/docker-compose.yml b/packages/microsoft_exchange_server/_dev/deploy/docker/docker-compose.yml new file mode 100644 index 00000000000..ca12fbc6e11 --- /dev/null +++ b/packages/microsoft_exchange_server/_dev/deploy/docker/docker-compose.yml @@ -0,0 +1,8 @@ +version: "3.0" +services: + exchange_server: + image: alpine + volumes: + - ./sample_logs:/sample_logs:ro + - ${SERVICE_LOGS_DIR}:/var/log + command: /bin/sh -c "cp /sample_logs/* /var/log/" diff --git a/packages/microsoft_exchange_server/_dev/deploy/docker/sample_logs/imappop_Imap4.log b/packages/microsoft_exchange_server/_dev/deploy/docker/sample_logs/imappop_Imap4.log new file mode 100755 index 00000000000..0427d666299 --- /dev/null +++ b/packages/microsoft_exchange_server/_dev/deploy/docker/sample_logs/imappop_Imap4.log @@ -0,0 +1 @@ +2024-01-24T15:30:19.847Z,00000000000ABC12,2,1.2.3.4:143,10.11.12.13:65468,example123,118,31,34,authenticate,PLAIN,"R=OK;Msg=""Proxy:Host123.domain.tld:1993:SSL;ProxySuccess"";LiveIdAR=OK;ActivityContextData=0cb2fd35-94c0-44de-9860-134d27654078", diff --git a/packages/microsoft_exchange_server/_dev/deploy/docker/sample_logs/imappop_Pop3.log b/packages/microsoft_exchange_server/_dev/deploy/docker/sample_logs/imappop_Pop3.log new file mode 100755 index 00000000000..67c85df3a14 --- /dev/null +++ b/packages/microsoft_exchange_server/_dev/deploy/docker/sample_logs/imappop_Pop3.log @@ -0,0 +1 @@ +2024-01-24T15:31:51.067Z,00000000000ABC12,1,1.2.3.4:110,10.11.12.13:12345,ccw.altitude,1,17,5,user,ccw.altitude,R=OK, diff --git a/packages/microsoft_exchange_server/_dev/deploy/docker/sample_logs/smtp_SmtpRecive.log b/packages/microsoft_exchange_server/_dev/deploy/docker/sample_logs/smtp_SmtpRecive.log new file mode 100755 index 00000000000..9a842c79a16 --- /dev/null +++ b/packages/microsoft_exchange_server/_dev/deploy/docker/sample_logs/smtp_SmtpRecive.log @@ -0,0 +1 @@ +2024-01-25T15:14:39.031Z,NETBIOS\\Default Frontend NETBIOS,08DC1DB8591B229A,2,10.11.12.13:25,10.11.12.14:53228,<,EHLO mgt.my.domain.tld, diff --git a/packages/microsoft_exchange_server/_dev/deploy/docker/sample_logs/smtp_SmtpSend.log b/packages/microsoft_exchange_server/_dev/deploy/docker/sample_logs/smtp_SmtpSend.log new file mode 100755 index 00000000000..7d15b20de35 --- /dev/null +++ b/packages/microsoft_exchange_server/_dev/deploy/docker/sample_logs/smtp_SmtpSend.log @@ -0,0 +1 @@ +2024-01-25T15:14:39.460Z,Inbound Proxy Internal Send Connector,08DC1DB8591B22A0,1,,10.11.12.13:2525,*,,attempting to connect diff --git a/packages/microsoft_exchange_server/_dev/deploy/docker/sample_logs/test-httpproxy.log b/packages/microsoft_exchange_server/_dev/deploy/docker/sample_logs/test-httpproxy.log new file mode 100755 index 00000000000..ba3975e6fbe --- /dev/null +++ b/packages/microsoft_exchange_server/_dev/deploy/docker/sample_logs/test-httpproxy.log @@ -0,0 +1 @@ +2024-01-24T15:26:47.957Z,3422ea93-768f-4cd4-8b0c-578038deb0b2,15,1,2507,35,R:{750498CA-0EBD-4E7F-B2F6-377AD1BDD198}:20373;RT:Execute;CI:{FF8D5880-5A7A-4AF7-8DDA-8F662BD6BCB6}:155680117;CID:{FF8D5880-5A7A-4AF7-8DDA-8F662BD6BCB6},Mapi,mail.domain.tld,/mapi/emsmdb/,,Negotiate,true,DOMAIN\user,domain.tld,MailboxGuid~0aa89cf8-aa07-4103-8a1d-ca9e619f223e,Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.16731; Pro),10.12.13.14,Host123,200,200,,POST,Proxy,Host456.domain.tld,15.01.2507.000,CrossForest,MailboxGuidWithDomain,Database~a6c4dbb1-3265-4fbf-9dc6-754dffd67275~~2024-02-23T15:26:43,,,70,132,,,0,1,,0,,0,,0,0,,0,10,0,0,0,0,3,0,0,0,2,0,10,0,4,7,7,7,10,,?MailboxId=0e36a769-e2a9-4d1d-98df-80be2753326c@domain.tld,,BeginRequest=2024-01-24T15:26:47.947Z;CorrelationID=;ProxyState-Run=None;FEAuth=BEVersion-1942063563;BeginGetRequestStream=2024-01-24T15:26:47.953Z;OnRequestStreamReady=2024-01-24T15:26:47.953Z;BeginGetResponse=2024-01-24T15:26:47.953Z;OnResponseReady=2024-01-24T15:26:47.957Z;EndGetResponse=2024-01-24T15:26:47.957Z;ProxyState-Complete=ProxyResponseData;SharedCacheGuard=0;EndRequest=2024-01-24T15:26:47.957Z;,,,|RoutingDB:0cb2fd35-94c0-44de-9860-134d27654078,,,CafeV1 diff --git a/packages/microsoft_exchange_server/_dev/deploy/docker/sample_logs/test-messagetracking.log b/packages/microsoft_exchange_server/_dev/deploy/docker/sample_logs/test-messagetracking.log new file mode 100755 index 00000000000..6a83935be5c --- /dev/null +++ b/packages/microsoft_exchange_server/_dev/deploy/docker/sample_logs/test-messagetracking.log @@ -0,0 +1,4 @@ +2024-01-25T15:16:09.843Z,,,,exchange-mail,No suitable shadow servers,,SMTP,HAREDIRECTFAIL,70971234566456,<20240124222112.B4AE1234EF@host01.my.domain.com>,2fd37dca-1234-5bfb-175d-08dc1db88f52,mailuser@my.domain.com,,15054,1,,,Undelivered Mail Returned to Sender,MAILER-DAEMON@host01.my.domain.com,root@host01.my.domain.com,,Incoming,,,,S:DeliveryPriority=Normal;S:OriginalFromAddress=root@host01.my.domain.com;S:AccountForest=my.domain.com,Email,dc69df25-1234-564c-41c4-08dc1db88f7f,15.02.0330.005 +2024-01-25T15:16:09.949Z,10.11.12.14,exchange-mail.my.domain.com,10.11.12.14,exchange-mail,08DC1DB12C345BE5;2024-01-25T15:16:09.544Z;0,exchange-mail\Default exchange-mail,SMTP,RECEIVE,70912345566403,<20240123200014.123F425E28@host01.my.domain.com>,1e6eb197-c6b4-1234-1b69-56dc1db88f50,mailuser@my.domain.com,,7229,1,,,vzdump backup status (host01.my.domain.com): backup successful,root@host01.my.domain.com,root@host01.my.domain.com,0cA: ,Incoming,,10.11.12.13,10.11.12.14,S:ProxyHop1=exchange-mail.my.domain.com(10.11.12.14);S:MessageValue=MediumHigh;S:Replication=Failed;S:FirstForestHop=exchange-mail.my.domain.com;S:FromEntity=Internet;S:ProxiedClientIPAddress=10.11.12.13;S:ProxiedClientHostname=host01.my.domain.com;S:DeliveryPriority=Normal;S:AccountForest=my.domain.com,Email,05503123-c5b9-46fe-1234-56dc1db88f8f,15.02.0330.005 +2024-01-25T15:16:14.415Z,10.11.12.14,exchange-mail.my.domain.com,10.11.12.14,exchange-mail,08DC1DB12C345BE9;2024-01-25T15:16:12.885Z;0,exchange-mail\Default exchange-mail,SMTP,RECEIVE,70912345566407,<20240123200018.123C42553@pve-vhost01.my.domain.com>,c95b5dd1-f520-1234-e6dc-56dc1db8914d,mailuser@my.domain.com,,8251,1,,,vzdump backup status (pve-vhost01.my.domain.com): backup successful,root@pve-vhost01.my.domain.com,root@pve-vhost01.my.domain.com,0cA: ,Incoming,,10.11.12.15,10.11.12.14,S:ProxyHop1=exchange-mail.my.domain.com(10.11.12.14);S:MessageValue=MediumHigh;S:Replication=Failed;S:FirstForestHop=exchange-mail.my.domain.com;S:FromEntity=Internet;S:ProxiedClientIPAddress=10.11.12.15;S:ProxiedClientHostname=pve-vhost01.my.domain.com;S:DeliveryPriority=Normal;S:AccountForest=my.domain.com,Email,d6aef52d-0e05-1234-e29b-56dc1db89238,15.02.0330.005 +2024-01-07T00:00:07.463Z,192.168.0.1,exchange,192.168.0.2,exchange.example.com,;250 2.0.0OK20240107001234.567E6224C8@monitor.example.com[Hostname=exchange.example.com];ClientSubmitTime:,Intra-Organization SMTP Send Connector,SMTP,SEND,29519319995411,20240107001234.567E6224C8@monitor.example.com,0b7099ea-cb95-1234-328e-08dc5f139ac8,uwe.musterman@example.com,250 2.1.5Recipient OK,38663,1,,,ein Titel,support@example.com,support@example.com,2024-01-07T00:00:05.535Z;LSRV=exchange.example.com:TOTAL-HUB=1.921|SMR=0.127(SMRDE=0.002|SMRC=0.125(SMRCL=0.105|X-SMRCR=0.125))|CAT=1.698(CATOS=0.018(CATSM=0.017(CATSM-Malware Agent=0.017))|CATRESL=0.004|CATORES=1.567(CATRS=1.566(CATRS-ScanMail Routing Agent=0.117|CATRS-Transport Rule Agent=0.002(X-ETREX=0.002)|CATRS-Index Routing Agent=1.444))|CATORT=0.108(CATRT=0.107(CATRT-Journal Agent=0.107)))|QDM=0.010|SMSC=0.006(X-SMSDR=0.011)|SMS=0.076(SMSMBXD=0.071),Originating,,,,S:E2ELatency=1.928;S:MsgRecipCount=1;S:IncludeInSla=True;S:Microsoft.Exchange.Transport.MailRecipient.RequiredTlsAuthLevel=Opportunistic;S:IsSmtpResponseFromExternalServer=False;S:DeliveryPriority=Normal;S:AccountForest=example.com,Email,a7ae9ef9-e10c-4111-19bf-08dc0f111bee,15.01.2507.035 diff --git a/packages/microsoft_exchange_server/changelog.yml b/packages/microsoft_exchange_server/changelog.yml index 4de89e3a3af..14a8ceca491 100644 --- a/packages/microsoft_exchange_server/changelog.yml +++ b/packages/microsoft_exchange_server/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.0.0" + changes: + - description: GA of Integration, Add Dashbord Panel Titles & added System Tests + type: enhancement + link: https://github.com/elastic/integrations/pull/9560 - version: "0.1.2" changes: - description: Fix Recipientstatus field type, add custom processor support & adjust docs diff --git a/packages/microsoft_exchange_server/data_stream/httpproxy/_dev/test/system/test-default-config.yml b/packages/microsoft_exchange_server/data_stream/httpproxy/_dev/test/system/test-default-config.yml new file mode 100644 index 00000000000..445b0f0ba14 --- /dev/null +++ b/packages/microsoft_exchange_server/data_stream/httpproxy/_dev/test/system/test-default-config.yml @@ -0,0 +1,11 @@ +service: exchange_server +input: filestream +data_stream: + vars: + paths: + - "{{SERVICE_LOGS_DIR}}/test-httpproxy.log" + preserve_original_event: true +numeric_keyword_fields: + - log.file.device_id + - log.file.inode + - log.offset diff --git a/packages/microsoft_exchange_server/data_stream/httpproxy/fields/ecs.yml b/packages/microsoft_exchange_server/data_stream/httpproxy/fields/ecs.yml index 2b27b8981dd..ab38f7095ac 100644 --- a/packages/microsoft_exchange_server/data_stream/httpproxy/fields/ecs.yml +++ b/packages/microsoft_exchange_server/data_stream/httpproxy/fields/ecs.yml @@ -18,3 +18,7 @@ name: tags - external: ecs name: user.name +- external: ecs + name: ecs.version +- external: ecs + name: log.file.path diff --git a/packages/microsoft_exchange_server/data_stream/httpproxy/fields/fields.yml b/packages/microsoft_exchange_server/data_stream/httpproxy/fields/fields.yml index fff82215084..c7c460f67eb 100644 --- a/packages/microsoft_exchange_server/data_stream/httpproxy/fields/fields.yml +++ b/packages/microsoft_exchange_server/data_stream/httpproxy/fields/fields.yml @@ -136,3 +136,11 @@ type: ip - name: microsoft.exchange.clientipaddress_internal type: ip +- name: input.type + type: keyword +- name: log.file.device_id + type: keyword +- name: log.file.inode + type: keyword +- name: log.offset + type: keyword diff --git a/packages/microsoft_exchange_server/data_stream/imap4_pop3/_dev/test/system/test-default-config.yml b/packages/microsoft_exchange_server/data_stream/imap4_pop3/_dev/test/system/test-default-config.yml new file mode 100644 index 00000000000..9f2f39765e3 --- /dev/null +++ b/packages/microsoft_exchange_server/data_stream/imap4_pop3/_dev/test/system/test-default-config.yml @@ -0,0 +1,11 @@ +service: exchange_server +input: filestream +data_stream: + vars: + paths: + - "{{SERVICE_LOGS_DIR}}/imappop_*.log" + preserve_original_event: true +numeric_keyword_fields: + - log.file.device_id + - log.file.inode + - log.offset diff --git a/packages/microsoft_exchange_server/data_stream/imap4_pop3/fields/ecs.yml b/packages/microsoft_exchange_server/data_stream/imap4_pop3/fields/ecs.yml index e404a5c3aa5..03721be9b7e 100644 --- a/packages/microsoft_exchange_server/data_stream/imap4_pop3/fields/ecs.yml +++ b/packages/microsoft_exchange_server/data_stream/imap4_pop3/fields/ecs.yml @@ -6,3 +6,5 @@ name: source.ip - external: ecs name: tags +- external: ecs + name: ecs.version diff --git a/packages/microsoft_exchange_server/data_stream/imap4_pop3/fields/fields.yml b/packages/microsoft_exchange_server/data_stream/imap4_pop3/fields/fields.yml index f892677c4d6..b8eb453c717 100644 --- a/packages/microsoft_exchange_server/data_stream/imap4_pop3/fields/fields.yml +++ b/packages/microsoft_exchange_server/data_stream/imap4_pop3/fields/fields.yml @@ -24,3 +24,11 @@ type: keyword - name: microsoft.exchange.logtype type: keyword +- name: input.type + type: keyword +- name: log.file.device_id + type: keyword +- name: log.file.inode + type: keyword +- name: log.offset + type: keyword diff --git a/packages/microsoft_exchange_server/data_stream/messagetracking/_dev/test/system/test-default-config.yml b/packages/microsoft_exchange_server/data_stream/messagetracking/_dev/test/system/test-default-config.yml new file mode 100644 index 00000000000..1b036494a4f --- /dev/null +++ b/packages/microsoft_exchange_server/data_stream/messagetracking/_dev/test/system/test-default-config.yml @@ -0,0 +1,11 @@ +service: exchange_server +input: filestream +data_stream: + vars: + paths: + - "{{SERVICE_LOGS_DIR}}/test-messagetracking.log" + preserve_original_event: true +numeric_keyword_fields: + - log.file.device_id + - log.file.inode + - log.offset diff --git a/packages/microsoft_exchange_server/data_stream/messagetracking/fields/ecs.yml b/packages/microsoft_exchange_server/data_stream/messagetracking/fields/ecs.yml index 274f45cc7ba..79114732125 100644 --- a/packages/microsoft_exchange_server/data_stream/messagetracking/fields/ecs.yml +++ b/packages/microsoft_exchange_server/data_stream/messagetracking/fields/ecs.yml @@ -26,3 +26,7 @@ name: network.bytes - external: ecs name: tags +- external: ecs + name: ecs.version +- external: ecs + name: log.file.path diff --git a/packages/microsoft_exchange_server/data_stream/messagetracking/fields/fields.yml b/packages/microsoft_exchange_server/data_stream/messagetracking/fields/fields.yml index 3375724ba18..774e11c1a6f 100644 --- a/packages/microsoft_exchange_server/data_stream/messagetracking/fields/fields.yml +++ b/packages/microsoft_exchange_server/data_stream/messagetracking/fields/fields.yml @@ -9,7 +9,7 @@ - name: microsoft.exchange.networkmessageid type: keyword - name: microsoft.exchange.recipientstatus - type: keyword + type: keyword - name: microsoft.exchange.recipientcount type: long - name: microsoft.exchange.relatedrecipientaddress @@ -36,3 +36,11 @@ type: keyword - name: microsoft.exchange.logtype type: keyword +- name: input.type + type: keyword +- name: log.file.device_id + type: keyword +- name: log.file.inode + type: keyword +- name: log.offset + type: keyword diff --git a/packages/microsoft_exchange_server/data_stream/smtp/_dev/test/system/test-default-config.yml b/packages/microsoft_exchange_server/data_stream/smtp/_dev/test/system/test-default-config.yml new file mode 100644 index 00000000000..f0e79391baa --- /dev/null +++ b/packages/microsoft_exchange_server/data_stream/smtp/_dev/test/system/test-default-config.yml @@ -0,0 +1,11 @@ +service: exchange_server +input: filestream +data_stream: + vars: + paths: + - "{{SERVICE_LOGS_DIR}}/smtp_*.log" + preserve_original_event: true +numeric_keyword_fields: + - log.file.device_id + - log.file.inode + - log.offset diff --git a/packages/microsoft_exchange_server/data_stream/smtp/fields/ecs.yml b/packages/microsoft_exchange_server/data_stream/smtp/fields/ecs.yml index ddc5f4b0da3..d17f2eea967 100644 --- a/packages/microsoft_exchange_server/data_stream/smtp/fields/ecs.yml +++ b/packages/microsoft_exchange_server/data_stream/smtp/fields/ecs.yml @@ -4,3 +4,5 @@ name: log.file.path - external: ecs name: tags +- external: ecs + name: ecs.version diff --git a/packages/microsoft_exchange_server/data_stream/smtp/fields/fields.yml b/packages/microsoft_exchange_server/data_stream/smtp/fields/fields.yml index 666f4652f17..8eaff29b0f8 100644 --- a/packages/microsoft_exchange_server/data_stream/smtp/fields/fields.yml +++ b/packages/microsoft_exchange_server/data_stream/smtp/fields/fields.yml @@ -16,3 +16,11 @@ type: keyword - name: microsoft.exchange.logtype type: keyword +- name: input.type + type: keyword +- name: log.file.device_id + type: keyword +- name: log.file.inode + type: keyword +- name: log.offset + type: keyword diff --git a/packages/microsoft_exchange_server/kibana/dashboard/microsoft_exchange_server-8e9d55c5-637a-4fd8-b53b-9501e98a8e88.json b/packages/microsoft_exchange_server/kibana/dashboard/microsoft_exchange_server-66a4ce40-1a00-4ced-9547-7e96def93f02.json similarity index 94% rename from packages/microsoft_exchange_server/kibana/dashboard/microsoft_exchange_server-8e9d55c5-637a-4fd8-b53b-9501e98a8e88.json rename to packages/microsoft_exchange_server/kibana/dashboard/microsoft_exchange_server-66a4ce40-1a00-4ced-9547-7e96def93f02.json index cbafca63307..a9442d17b6f 100644 --- a/packages/microsoft_exchange_server/kibana/dashboard/microsoft_exchange_server-8e9d55c5-637a-4fd8-b53b-9501e98a8e88.json +++ b/packages/microsoft_exchange_server/kibana/dashboard/microsoft_exchange_server-66a4ce40-1a00-4ced-9547-7e96def93f02.json @@ -4,7 +4,7 @@ "chainingSystem": "HIERARCHICAL", "controlStyle": "oneLine", "ignoreParentSettingsJSON": "{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}", - "panelsJSON": "{\"a5fe2192-b77c-4f16-888e-4e59fe064c78\":{\"type\":\"optionsListControl\",\"order\":0,\"grow\":true,\"width\":\"medium\",\"explicitInput\":{\"id\":\"a5fe2192-b77c-4f16-888e-4e59fe064c78\",\"fieldName\":\"microsoft.exchange.anchormailbox\",\"title\":\"Anchormailbox\",\"grow\":true,\"width\":\"medium\",\"searchTechnique\":\"wildcard\",\"enhancements\":{}}},\"7c8291ec-dc6d-4fa0-8d67-bb53efdf6c57\":{\"type\":\"optionsListControl\",\"order\":1,\"grow\":true,\"width\":\"medium\",\"explicitInput\":{\"id\":\"7c8291ec-dc6d-4fa0-8d67-bb53efdf6c57\",\"fieldName\":\"microsoft.exchange.authenticateduser\",\"title\":\"Authenticated user\",\"grow\":true,\"width\":\"medium\",\"searchTechnique\":\"wildcard\",\"enhancements\":{}}},\"f542c63c-4265-4ebc-a9d6-7278f4d3976a\":{\"type\":\"optionsListControl\",\"order\":2,\"grow\":true,\"width\":\"medium\",\"explicitInput\":{\"id\":\"f542c63c-4265-4ebc-a9d6-7278f4d3976a\",\"fieldName\":\"microsoft.exchange.urlhost\",\"title\":\"URL Host\",\"grow\":true,\"width\":\"medium\",\"searchTechnique\":\"wildcard\",\"enhancements\":{}}}}" + "panelsJSON": "{\"b5f2cda4-ccb5-442f-a766-dddfc5e8826d\":{\"type\":\"optionsListControl\",\"order\":0,\"grow\":true,\"width\":\"medium\",\"explicitInput\":{\"id\":\"b5f2cda4-ccb5-442f-a766-dddfc5e8826d\",\"fieldName\":\"microsoft.exchange.anchormailbox\",\"title\":\"Anchormailbox\",\"grow\":true,\"width\":\"medium\",\"searchTechnique\":\"wildcard\",\"enhancements\":{}}},\"ab5425b5-a5b1-41f5-bd66-2a9f036ef103\":{\"type\":\"optionsListControl\",\"order\":1,\"grow\":true,\"width\":\"medium\",\"explicitInput\":{\"id\":\"ab5425b5-a5b1-41f5-bd66-2a9f036ef103\",\"fieldName\":\"microsoft.exchange.authenticateduser\",\"title\":\"Authenticated user\",\"grow\":true,\"width\":\"medium\",\"searchTechnique\":\"wildcard\",\"enhancements\":{}}},\"7514f639-d5c3-4623-a69d-960608a4cb51\":{\"type\":\"optionsListControl\",\"order\":2,\"grow\":true,\"width\":\"medium\",\"explicitInput\":{\"id\":\"7514f639-d5c3-4623-a69d-960608a4cb51\",\"fieldName\":\"microsoft.exchange.urlhost\",\"title\":\"URL Host\",\"grow\":true,\"width\":\"medium\",\"searchTechnique\":\"wildcard\",\"enhancements\":{}}}}" }, "description": "", "kibanaSavedObjectMeta": { @@ -40,7 +40,7 @@ } }, "optionsJSON": { - "hidePanelTitles": true, + "hidePanelTitles": false, "syncColors": false, "syncCursor": true, "syncTooltips": false, @@ -142,12 +142,12 @@ }, "gridData": { "h": 6, - "i": "d2e19276-b24c-4239-ab0f-3b9c328fb252", + "i": "35ad8ad6-63a5-4a0d-a034-9e5324bc6a6e", "w": 8, "x": 0, "y": 0 }, - "panelIndex": "d2e19276-b24c-4239-ab0f-3b9c328fb252", + "panelIndex": "35ad8ad6-63a5-4a0d-a034-9e5324bc6a6e", "type": "lens" }, { @@ -248,12 +248,12 @@ }, "gridData": { "h": 6, - "i": "8a0f3277-f4af-40f5-9526-0b8be36b2daf", + "i": "30970f92-d438-4033-b472-cd7716e8a8ab", "w": 8, "x": 8, "y": 0 }, - "panelIndex": "8a0f3277-f4af-40f5-9526-0b8be36b2daf", + "panelIndex": "30970f92-d438-4033-b472-cd7716e8a8ab", "type": "lens" }, { @@ -354,12 +354,12 @@ }, "gridData": { "h": 6, - "i": "8cd05d59-543a-4b41-9bdd-49b7b8e2cd31", + "i": "90e7fb8c-9bfe-4787-aafc-b9397b4d305a", "w": 8, "x": 16, "y": 0 }, - "panelIndex": "8cd05d59-543a-4b41-9bdd-49b7b8e2cd31", + "panelIndex": "90e7fb8c-9bfe-4787-aafc-b9397b4d305a", "type": "lens" }, { @@ -456,12 +456,12 @@ }, "gridData": { "h": 6, - "i": "3fdd01ea-f1a6-4aef-9f4c-ceb6d2c787ba", + "i": "75939550-1b6c-4e7b-88ab-3b5b32a0c046", "w": 8, "x": 24, "y": 0 }, - "panelIndex": "3fdd01ea-f1a6-4aef-9f4c-ceb6d2c787ba", + "panelIndex": "75939550-1b6c-4e7b-88ab-3b5b32a0c046", "title": "", "type": "lens" }, @@ -559,12 +559,12 @@ }, "gridData": { "h": 6, - "i": "fdf2a0a3-389d-4f7c-9684-5b8d1ed89c91", + "i": "9a947804-caeb-4286-9cc7-6b46ecf897da", "w": 8, "x": 32, "y": 0 }, - "panelIndex": "fdf2a0a3-389d-4f7c-9684-5b8d1ed89c91", + "panelIndex": "9a947804-caeb-4286-9cc7-6b46ecf897da", "title": "", "type": "lens" }, @@ -662,12 +662,12 @@ }, "gridData": { "h": 6, - "i": "2997a185-6ea5-4e41-bd70-f5a46bd4e127", + "i": "badfa697-4f42-49c1-8ab5-c163ec169e30", "w": 8, "x": 40, "y": 0 }, - "panelIndex": "2997a185-6ea5-4e41-bd70-f5a46bd4e127", + "panelIndex": "badfa697-4f42-49c1-8ab5-c163ec169e30", "title": "", "type": "lens" }, @@ -847,12 +847,12 @@ }, "gridData": { "h": 9, - "i": "b489c5cc-9794-46a7-9fe1-a5370fc7d4b3", + "i": "1b517ef6-c22b-493a-9c3d-76b5909bcc12", "w": 48, "x": 0, "y": 6 }, - "panelIndex": "b489c5cc-9794-46a7-9fe1-a5370fc7d4b3", + "panelIndex": "1b517ef6-c22b-493a-9c3d-76b5909bcc12", "type": "lens" }, { @@ -1016,17 +1016,18 @@ "type": "lens", "visualizationType": "lnsPie" }, - "enhancements": {} + "enhancements": {}, + "hidePanelTitles": false }, "gridData": { "h": 15, - "i": "0720a83e-43d7-4993-8072-26be8aa3feb6", + "i": "d2d44378-0c79-488b-873b-fdce4502144e", "w": 16, "x": 0, "y": 15 }, - "panelIndex": "0720a83e-43d7-4993-8072-26be8aa3feb6", - "title": "", + "panelIndex": "d2d44378-0c79-488b-873b-fdce4502144e", + "title": "Top 15 Status Codes by Exchange-URL", "type": "lens" }, { @@ -1191,17 +1192,18 @@ "type": "lens", "visualizationType": "lnsPie" }, - "enhancements": {} + "enhancements": {}, + "hidePanelTitles": false }, "gridData": { "h": 15, - "i": "70ef3233-def0-42d0-9b35-2e48221fcd16", + "i": "65e3b7a6-139d-4c8d-9df7-12b20e6cde7a", "w": 16, "x": 16, "y": 15 }, - "panelIndex": "70ef3233-def0-42d0-9b35-2e48221fcd16", - "title": "", + "panelIndex": "65e3b7a6-139d-4c8d-9df7-12b20e6cde7a", + "title": "Top 15 Users by Exchange-URL", "type": "lens" }, { @@ -1333,17 +1335,18 @@ "type": "lens", "visualizationType": "lnsPie" }, - "enhancements": {} + "enhancements": {}, + "hidePanelTitles": false }, "gridData": { "h": 15, - "i": "4f7e8e5e-8dc8-4fe7-98b1-16ce0cc6cbcb", + "i": "64ccf2d3-e961-4215-9ad4-8330b65ecb7c", "w": 16, "x": 32, "y": 15 }, - "panelIndex": "4f7e8e5e-8dc8-4fe7-98b1-16ce0cc6cbcb", - "title": "", + "panelIndex": "64ccf2d3-e961-4215-9ad4-8330b65ecb7c", + "title": "Top 15 Users", "type": "lens" }, { @@ -1352,13 +1355,13 @@ }, "gridData": { "h": 27, - "i": "f2260518-d4c1-4b3b-a602-c18c06fc1562", + "i": "48468992-018f-4f15-9607-4fc855e54d83", "w": 48, "x": 0, "y": 30 }, - "panelIndex": "f2260518-d4c1-4b3b-a602-c18c06fc1562", - "panelRefName": "panel_f2260518-d4c1-4b3b-a602-c18c06fc1562", + "panelIndex": "48468992-018f-4f15-9607-4fc855e54d83", + "panelRefName": "panel_48468992-018f-4f15-9607-4fc855e54d83", "type": "search" } ], @@ -1367,8 +1370,8 @@ "version": 1 }, "coreMigrationVersion": "8.8.0", - "created_at": "2024-03-11T10:15:01.086Z", - "id": "microsoft_exchange_server-8e9d55c5-637a-4fd8-b53b-9501e98a8e88", + "created_at": "2024-04-10T07:08:36.139Z", + "id": "microsoft_exchange_server-66a4ce40-1a00-4ced-9547-7e96def93f02", "managed": true, "references": [ { @@ -1378,112 +1381,112 @@ }, { "id": "logs-*", - "name": "d2e19276-b24c-4239-ab0f-3b9c328fb252:indexpattern-datasource-layer-d64931ec-87ab-4503-9c67-dbb397048ac8", + "name": "35ad8ad6-63a5-4a0d-a034-9e5324bc6a6e:indexpattern-datasource-layer-d64931ec-87ab-4503-9c67-dbb397048ac8", "type": "index-pattern" }, { "id": "logs-*", - "name": "d2e19276-b24c-4239-ab0f-3b9c328fb252:e6c91c87-ff12-4e3b-9ce7-b54ed4facc16", + "name": "35ad8ad6-63a5-4a0d-a034-9e5324bc6a6e:e6c91c87-ff12-4e3b-9ce7-b54ed4facc16", "type": "index-pattern" }, { "id": "logs-*", - "name": "8a0f3277-f4af-40f5-9526-0b8be36b2daf:indexpattern-datasource-layer-d64931ec-87ab-4503-9c67-dbb397048ac8", + "name": "30970f92-d438-4033-b472-cd7716e8a8ab:indexpattern-datasource-layer-d64931ec-87ab-4503-9c67-dbb397048ac8", "type": "index-pattern" }, { "id": "logs-*", - "name": "8cd05d59-543a-4b41-9bdd-49b7b8e2cd31:indexpattern-datasource-layer-d64931ec-87ab-4503-9c67-dbb397048ac8", + "name": "90e7fb8c-9bfe-4787-aafc-b9397b4d305a:indexpattern-datasource-layer-d64931ec-87ab-4503-9c67-dbb397048ac8", "type": "index-pattern" }, { "id": "logs-*", - "name": "3fdd01ea-f1a6-4aef-9f4c-ceb6d2c787ba:indexpattern-datasource-layer-d64931ec-87ab-4503-9c67-dbb397048ac8", + "name": "75939550-1b6c-4e7b-88ab-3b5b32a0c046:indexpattern-datasource-layer-d64931ec-87ab-4503-9c67-dbb397048ac8", "type": "index-pattern" }, { "id": "logs-*", - "name": "3fdd01ea-f1a6-4aef-9f4c-ceb6d2c787ba:db318c6d-c8a9-4f58-89ce-3cafe82ddb9d", + "name": "75939550-1b6c-4e7b-88ab-3b5b32a0c046:db318c6d-c8a9-4f58-89ce-3cafe82ddb9d", "type": "index-pattern" }, { "id": "logs-*", - "name": "fdf2a0a3-389d-4f7c-9684-5b8d1ed89c91:indexpattern-datasource-layer-d64931ec-87ab-4503-9c67-dbb397048ac8", + "name": "9a947804-caeb-4286-9cc7-6b46ecf897da:indexpattern-datasource-layer-d64931ec-87ab-4503-9c67-dbb397048ac8", "type": "index-pattern" }, { "id": "logs-*", - "name": "fdf2a0a3-389d-4f7c-9684-5b8d1ed89c91:7eefe26a-cbbb-424b-a989-b3be44ac08ed", + "name": "9a947804-caeb-4286-9cc7-6b46ecf897da:7eefe26a-cbbb-424b-a989-b3be44ac08ed", "type": "index-pattern" }, { "id": "logs-*", - "name": "2997a185-6ea5-4e41-bd70-f5a46bd4e127:indexpattern-datasource-layer-d64931ec-87ab-4503-9c67-dbb397048ac8", + "name": "badfa697-4f42-49c1-8ab5-c163ec169e30:indexpattern-datasource-layer-d64931ec-87ab-4503-9c67-dbb397048ac8", "type": "index-pattern" }, { "id": "logs-*", - "name": "2997a185-6ea5-4e41-bd70-f5a46bd4e127:b3936adc-f4db-45b1-845e-a13a7c890d2c", + "name": "badfa697-4f42-49c1-8ab5-c163ec169e30:b3936adc-f4db-45b1-845e-a13a7c890d2c", "type": "index-pattern" }, { "id": "logs-*", - "name": "b489c5cc-9794-46a7-9fe1-a5370fc7d4b3:indexpattern-datasource-layer-f50b399c-7fd8-43f7-8464-fcf7127eb0c4", + "name": "1b517ef6-c22b-493a-9c3d-76b5909bcc12:indexpattern-datasource-layer-f50b399c-7fd8-43f7-8464-fcf7127eb0c4", "type": "index-pattern" }, { "id": "logs-*", - "name": "b489c5cc-9794-46a7-9fe1-a5370fc7d4b3:46fa66b7-9fa0-45f5-8e0b-c9ef86b8acc3", + "name": "1b517ef6-c22b-493a-9c3d-76b5909bcc12:46fa66b7-9fa0-45f5-8e0b-c9ef86b8acc3", "type": "index-pattern" }, { "id": "logs-*", - "name": "0720a83e-43d7-4993-8072-26be8aa3feb6:indexpattern-datasource-layer-d64931ec-87ab-4503-9c67-dbb397048ac8", + "name": "d2d44378-0c79-488b-873b-fdce4502144e:indexpattern-datasource-layer-d64931ec-87ab-4503-9c67-dbb397048ac8", "type": "index-pattern" }, { "id": "logs-*", - "name": "0720a83e-43d7-4993-8072-26be8aa3feb6:2f74c5df-c534-4145-a74f-8489c346879e", + "name": "d2d44378-0c79-488b-873b-fdce4502144e:2f74c5df-c534-4145-a74f-8489c346879e", "type": "index-pattern" }, { "id": "logs-*", - "name": "70ef3233-def0-42d0-9b35-2e48221fcd16:indexpattern-datasource-layer-d64931ec-87ab-4503-9c67-dbb397048ac8", + "name": "65e3b7a6-139d-4c8d-9df7-12b20e6cde7a:indexpattern-datasource-layer-d64931ec-87ab-4503-9c67-dbb397048ac8", "type": "index-pattern" }, { "id": "logs-*", - "name": "70ef3233-def0-42d0-9b35-2e48221fcd16:af78ff4d-82f1-410b-8478-0732fffc9e5b", + "name": "65e3b7a6-139d-4c8d-9df7-12b20e6cde7a:af78ff4d-82f1-410b-8478-0732fffc9e5b", "type": "index-pattern" }, { "id": "logs-*", - "name": "4f7e8e5e-8dc8-4fe7-98b1-16ce0cc6cbcb:indexpattern-datasource-layer-d64931ec-87ab-4503-9c67-dbb397048ac8", + "name": "64ccf2d3-e961-4215-9ad4-8330b65ecb7c:indexpattern-datasource-layer-d64931ec-87ab-4503-9c67-dbb397048ac8", "type": "index-pattern" }, { "id": "logs-*", - "name": "4f7e8e5e-8dc8-4fe7-98b1-16ce0cc6cbcb:c9c5c37e-da56-4106-b488-560a5da4a1f8", + "name": "64ccf2d3-e961-4215-9ad4-8330b65ecb7c:c9c5c37e-da56-4106-b488-560a5da4a1f8", "type": "index-pattern" }, { "id": "microsoft_exchange_server-75b14bd0-c034-11ee-a682-0f218cc418af", - "name": "f2260518-d4c1-4b3b-a602-c18c06fc1562:panel_f2260518-d4c1-4b3b-a602-c18c06fc1562", + "name": "48468992-018f-4f15-9607-4fc855e54d83:panel_48468992-018f-4f15-9607-4fc855e54d83", "type": "search" }, { "id": "logs-*", - "name": "controlGroup_a5fe2192-b77c-4f16-888e-4e59fe064c78:optionsListDataView", + "name": "controlGroup_b5f2cda4-ccb5-442f-a766-dddfc5e8826d:optionsListDataView", "type": "index-pattern" }, { "id": "logs-*", - "name": "controlGroup_7c8291ec-dc6d-4fa0-8d67-bb53efdf6c57:optionsListDataView", + "name": "controlGroup_ab5425b5-a5b1-41f5-bd66-2a9f036ef103:optionsListDataView", "type": "index-pattern" }, { "id": "logs-*", - "name": "controlGroup_f542c63c-4265-4ebc-a9d6-7278f4d3976a:optionsListDataView", + "name": "controlGroup_7514f639-d5c3-4623-a69d-960608a4cb51:optionsListDataView", "type": "index-pattern" } ], diff --git a/packages/microsoft_exchange_server/kibana/search/microsoft_exchange_server-75b14bd0-c034-11ee-a682-0f218cc418af.json b/packages/microsoft_exchange_server/kibana/search/microsoft_exchange_server-75b14bd0-c034-11ee-a682-0f218cc418af.json index 1beffc5ea94..ec277a4ba13 100644 --- a/packages/microsoft_exchange_server/kibana/search/microsoft_exchange_server-75b14bd0-c034-11ee-a682-0f218cc418af.json +++ b/packages/microsoft_exchange_server/kibana/search/microsoft_exchange_server-75b14bd0-c034-11ee-a682-0f218cc418af.json @@ -57,7 +57,7 @@ "viewMode": "documents" }, "coreMigrationVersion": "8.8.0", - "created_at": "2024-03-11T10:14:48.072Z", + "created_at": "2024-04-10T06:56:23.933Z", "id": "microsoft_exchange_server-75b14bd0-c034-11ee-a682-0f218cc418af", "managed": true, "references": [ diff --git a/packages/microsoft_exchange_server/manifest.yml b/packages/microsoft_exchange_server/manifest.yml index 1b62ad6d1d6..84cc1c95cc7 100644 --- a/packages/microsoft_exchange_server/manifest.yml +++ b/packages/microsoft_exchange_server/manifest.yml @@ -1,7 +1,7 @@ format_version: 3.0.3 name: microsoft_exchange_server title: "Microsoft Exchange Server" -version: 0.1.2 +version: 1.0.0 source: license: "Elastic-2.0" description: Collect logs from Microsoft Exchange Server with Elastic Agent.