Question: google admin activity log #584
Comments
|
@weichea The GSuite admin activity log is something we'd like to support in Elastic SIEM. Did you ever get around to mapping the events to ECS? |
|
@jamiehynds Yea, we have mapped out some of the gadmin fields. Whats the best way for us share this? |
|
If you could drop me an email it'd be great. Worth noting that we're not currently working on GSuite support, but would love to see the mappings you've done to date. Thanks! |
|
A good way to capture these mappings could be via an online spreadsheet that you share publicly here (if you'r comfortable with that). The column names could be like the ones supported by this experimental tool ecs-mapper. So "source_field", "destination_field", and a few more if needed (see the CSV Format heading). |
|
@webmat let me check on the ecs-mapper. Just a quick update, I'm getting approval internally before I can share the mapping. Shouldn't have any issue, hopefully I can get back next week. |
|
Hi @weichea. It's been a bit, but wondering if you were able to obtain necessary approval to share your mappings? |
|
@weichea kindly provided Gsuite mappings to me via email. We are currently working on a new Beats module for GSuite, tracking here elastic/beats#19769 |
|
@jamiehynds I have already sent it to you back in May... Do you want me to resend it? |
|
All good @weichea - I still have it. Thanks again :) |
|
Excellent - thanks both for following up @jamiehynds @weichea ! |
Hello
Has anyone mapped out the google admin activity log to ecs schema? If yes, could you share it?
The text was updated successfully, but these errors were encountered: