[Meta] Review Elastic Gmail Connector for Email Detection Rules

[terrancedejesus]

Parent Epic (If Applicable)

Meta Summary

This meta is used to track the review of Elastic's Gmail connector. This connector uses the Gmail API to asynchronously request Gmail logs for each user entity in the Google Workspace organization.

At this time, the Google Workspace integration does not ingest Gmail logs as a result of the Reports: Admin API endpoint in Google Workspace not providing them.

Estimated Time to Complete

1 Week: The scope of this is vague and limited intentionally as a result of this being purely explorational.

Potential Blockers

Tasklist

### Meta Tasks
- [ ] Provide Week 1 Update Comment
- [ ] Provide Week 2 Update or Closeout Comment
- [ ] Setup Gmail Connector in Controlled Lab
- [ ] Emulate End User Behavior and Analyze Data Ingested
- [ ] Review Data Model and Schema for Plausible Data Points to Write Detection Rules On
- [ ] Determine Connector Schema Validation in Detection Rules if Necessary

Resources / References

• https://www.elastic.co/guide/en/enterprise-search/8.10/connectors-gmail.html
• https://docs.elastic.co/en/integrations/google_workspace
• https://github.com/elastic/connectors/blob/63b8486cdaeb38ddb3f5fff0f5350fe0280b7f47/connectors/sources/gmail.py
• https://github.com/elastic/connectors/blob/63b8486cdaeb38ddb3f5fff0f5350fe0280b7f47/connectors/sources/google.py#L297

[botelastic[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[botelastic[bot]]

This has been closed due to inactivity. If you feel this is an error, please re-open and include a justifying comment.