Open ynirk opened 1 year ago
Pinging @elastic/security-external-integrations (Team:Security-External Integrations)
I would like that highlight that token
is closely tied to the existing google_workspace
audit sources and has security use cases on par with login type events.
@sf-sharris we recently added some additional sources to our Workspace integration (via Elastic Agent). Additional sources included Access Transparency, Groups Enterprise, Mobile/Device, Oauth/Token and Context Aware Access.
Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)
Describe the enhancement:
Filebeat google_workspace module only supports a subset of applications from Google Reports API. In order to gain visibility and have more detection capabilities, it would be nice to have the other applications available for ingestion:
Elastic Agent has a similar enhancement issue in https://github.com/elastic/integrations/issues/4722
Describe a specific use case for the enhancement or feature:
As a security analyst we like to have a full visibility on logs in case we need them for investigation. Also we can create new detection based on these new sources.