Add domain field to Group Schema#547
Merged
webmat merged 4 commits intoelastic:masterfrom Sep 25, 2019
janniten:group_domain_add
Merged
Add domain field to Group Schema#547webmat merged 4 commits intoelastic:masterfrom janniten:group_domain_add
webmat merged 4 commits intoelastic:masterfrom
janniten:group_domain_add
Conversation
Contributor
|
Thanks for submitting this! I think this makes sense, yes. @dainperkins WDYT? |
webmat
reviewed
Sep 9, 2019
Contributor
|
@elasticmachine, run elasticsearch-ci/docs |
webmat
suggested changes
Sep 24, 2019
Contributor
webmat
left a comment
There was a problem hiding this comment.
Alright, this is almost good to go. Two minor changes and I'll merge:
- Please add a changelog entry in CHANGELOG.next.md
- Please add an empty line before "For example...", this will ensure they appear as two paragraphs in the docs.
Thanks again :-)
Contributor
Author
Done! |
webmat
approved these changes
Sep 25, 2019
Contributor
webmat
left a comment
There was a problem hiding this comment.
Alright, thanks for the adjustments!
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Added group.domain field in the group schema.
I've been working with Window's Security Groups Events and the group domain needs to be mapped into ECS in order to be able to correlate with others events
(Example events 4731,4732,4733,... where the SubjectDomainName is the domain of the group created/modified/deteled, etc)
Another use case I found to justified the existence of the group,domain was several Fortigate Logs where group="DOMAIN\GROUP" appears as field (for example log_id=0315093008)