Closed megan201296 closed 8 months ago
philhagen
commented
8 months ago this should be addressed as of e8d554345897a83673ef3871fb86f6a69438bf1f. we can test on develop. However, there is one record from the sample you privately provided that consistently failed due to an elasticsearch mapping error. I'll send that directly to you.
megan201296
commented
8 months ago Tested and confirmed its functioning as expected @philhagen !
philhagen
commented
8 months ago closing this to move progress toward milestone. will be integrated to next public/v* branch release. thank you!
There are different logs that will be leveraged for the future FOR509 labs based on updates to Google Workspace. The existing parser may provide some of the parsing but I don't think it will support other parts. The most important log and the one heavily leveraged in the lab is Gmail Log Events log.
There's a secondary one, the Gmail Messages log (I know, super clear naming between the two), that could provide value if able to be parsed, but if its a lot of additional work it can be backburnered or ditched as it won't impact the labs, just could provide extra content if it is parsable.