From bf7fae8593e6b74fd997c683db0026d984fb4cd9 Mon Sep 17 00:00:00 2001 From: P1llus Date: Mon, 27 Jul 2020 11:03:50 +0200 Subject: [PATCH 01/16] initial push for zoom module --- x-pack/filebeat/filebeat.reference.yml | 15 ++ x-pack/filebeat/include/list.go | 1 + x-pack/filebeat/module/zoom/_meta/config.yml | 13 ++ .../filebeat/module/zoom/_meta/docs.asciidoc | 168 ++++++++++++++++++ x-pack/filebeat/module/zoom/_meta/fields.yml | 5 + x-pack/filebeat/module/zoom/fields.go | 23 +++ x-pack/filebeat/module/zoom/module.yml | 1 + .../module/zoom/webhook/_meta/fields.yml | 12 ++ .../module/zoom/webhook/config/webhook.yml | 33 ++++ .../module/zoom/webhook/ingest/account.yml | 0 .../zoom/webhook/ingest/chat_channel.yml | 0 .../zoom/webhook/ingest/chat_message.yml | 0 .../module/zoom/webhook/ingest/meeting.yml | 0 .../module/zoom/webhook/ingest/phone.yml | 0 .../module/zoom/webhook/ingest/pipeline.yml | 48 +++++ .../module/zoom/webhook/ingest/recording.yml | 0 .../module/zoom/webhook/ingest/user.yml | 0 .../module/zoom/webhook/ingest/webinar.yml | 0 .../module/zoom/webhook/ingest/zoomroom.yml | 0 .../filebeat/module/zoom/webhook/manifest.yml | 39 ++++ x-pack/filebeat/modules.d/zoom.yml.disabled | 16 ++ 21 files changed, 374 insertions(+) create mode 100644 x-pack/filebeat/module/zoom/_meta/config.yml create mode 100644 x-pack/filebeat/module/zoom/_meta/docs.asciidoc create mode 100644 x-pack/filebeat/module/zoom/_meta/fields.yml create mode 100644 x-pack/filebeat/module/zoom/fields.go create mode 100644 x-pack/filebeat/module/zoom/module.yml create mode 100644 x-pack/filebeat/module/zoom/webhook/_meta/fields.yml create mode 100644 x-pack/filebeat/module/zoom/webhook/config/webhook.yml create mode 100644 x-pack/filebeat/module/zoom/webhook/ingest/account.yml create mode 100644 x-pack/filebeat/module/zoom/webhook/ingest/chat_channel.yml create mode 100644 x-pack/filebeat/module/zoom/webhook/ingest/chat_message.yml create mode 100644 x-pack/filebeat/module/zoom/webhook/ingest/meeting.yml create mode 100644 x-pack/filebeat/module/zoom/webhook/ingest/phone.yml create mode 100644 x-pack/filebeat/module/zoom/webhook/ingest/pipeline.yml create mode 100644 x-pack/filebeat/module/zoom/webhook/ingest/recording.yml create mode 100644 x-pack/filebeat/module/zoom/webhook/ingest/user.yml create mode 100644 x-pack/filebeat/module/zoom/webhook/ingest/webinar.yml create mode 100644 x-pack/filebeat/module/zoom/webhook/ingest/zoomroom.yml create mode 100644 x-pack/filebeat/module/zoom/webhook/manifest.yml create mode 100644 x-pack/filebeat/modules.d/zoom.yml.disabled diff --git a/x-pack/filebeat/filebeat.reference.yml b/x-pack/filebeat/filebeat.reference.yml index d58cc94ae4d..f01da244ed3 100644 --- a/x-pack/filebeat/filebeat.reference.yml +++ b/x-pack/filebeat/filebeat.reference.yml @@ -1450,6 +1450,21 @@ filebeat.modules: # Filebeat will choose the paths depending on your OS. #var.paths: +#--------------------------------- Zoom Module --------------------------------- +- module: checkpoint + firewall: + enabled: true + + # Set which input to use between syslog (default) or file. + #var.input: syslog + + # The interface to listen to UDP based syslog traffic. Defaults to + # localhost. Set to 0.0.0.0 to bind to all available interfaces. + #var.syslog_host: localhost + + # The UDP port to listen for syslog traffic. Defaults to 9001. + #var.syslog_port: 9001 + #----------------------------- Zscaler NSS Module ----------------------------- - module: zscaler zia: diff --git a/x-pack/filebeat/include/list.go b/x-pack/filebeat/include/list.go index e39c6c7c624..7a17ab869d6 100644 --- a/x-pack/filebeat/include/list.go +++ b/x-pack/filebeat/include/list.go @@ -50,6 +50,7 @@ import ( _ "github.com/elastic/beats/v7/x-pack/filebeat/module/suricata" _ "github.com/elastic/beats/v7/x-pack/filebeat/module/tomcat" _ "github.com/elastic/beats/v7/x-pack/filebeat/module/zeek" + _ "github.com/elastic/beats/v7/x-pack/filebeat/module/zoom" _ "github.com/elastic/beats/v7/x-pack/filebeat/module/zscaler" _ "github.com/elastic/beats/v7/x-pack/filebeat/processors/decode_cef" ) diff --git a/x-pack/filebeat/module/zoom/_meta/config.yml b/x-pack/filebeat/module/zoom/_meta/config.yml new file mode 100644 index 00000000000..4408a7ba5f2 --- /dev/null +++ b/x-pack/filebeat/module/zoom/_meta/config.yml @@ -0,0 +1,13 @@ +- module: checkpoint + firewall: + enabled: true + + # Set which input to use between syslog (default) or file. + #var.input: syslog + + # The interface to listen to UDP based syslog traffic. Defaults to + # localhost. Set to 0.0.0.0 to bind to all available interfaces. + #var.syslog_host: localhost + + # The UDP port to listen for syslog traffic. Defaults to 9001. + #var.syslog_port: 9001 diff --git a/x-pack/filebeat/module/zoom/_meta/docs.asciidoc b/x-pack/filebeat/module/zoom/_meta/docs.asciidoc new file mode 100644 index 00000000000..b09dcde2333 --- /dev/null +++ b/x-pack/filebeat/module/zoom/_meta/docs.asciidoc @@ -0,0 +1,168 @@ +[role="xpack"] + +:modulename: checkpoint +:has-dashboards: false + + +== Check Point module +beta[] + +This is a module for Check Point firewall logs. It supports logs from the Log Exporter in the Syslog format. + +To configure a Log Exporter, please refer to the documentation by https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk122323[Check Point]. + +Example below: + +`cp_log_export add name testdestination target-server 192.168.1.1 target-port 9001 protocol udp format syslog` + +The module that supports Check Point firewall logs sent in the CEF format requires the <> + +The Check Point and ECS fields that are the same between both modules will be mapped to the same names for compability between modules, though not all fields are included in CEF. Please reference the supported fields in the CEF documentation. + +include::../include/gs-link.asciidoc[] + + +[float] +=== Compatibility + +This module has been tested against Check Point Log Exporter on R80.X but should also work with R77.30. + +include::../include/configuring-intro.asciidoc[] + +:fileset_ex: firewall + +include::../include/config-option-intro.asciidoc[] + +[float] +==== `firewall` fileset settings + +Example config: + +[source,yaml] +---- +- module: checkpoint + firewall: + var.syslog_host: 0.0.0.0 + var.syslog_port: 9001 +---- + +include::../include/var-paths.asciidoc[] + +*`var.syslog_host`*:: + +The interface to listen to UDP based syslog traffic. Defaults to localhost. +Set to 0.0.0.0 to bind to all available interfaces. + +*`var.syslog_port`*:: + +The UDP port to listen for syslog traffic. Defaults to 9001. + +*`var.tags`*:: + +A list of tags to include in events. Including `forwarded` indicates that the +events did not originate on this host and causes `host.name` to not be added to +events. Defaults to `[checkpoint-firewall, forwarded]`. + +[float] +==== Check Point devices + +This module will parse Check Point Syslog data as documented in: +https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk144192[Checkpoint Log Fields Description.] + +Check Point Syslog extensions are mapped as follows to ECS: +[options="header"] +|============================================================== +| Check Point Fields | ECS Fields | +| action | event.action | +| appi_name | network.application | +| app_risk | event.risk_score | +| app_rule_id | rule.id | +| app_rule_name | rule.name | +| bytes | network.bytes | +| categories | rule.category | +| client_inbound_interface | observer.ingress.interface.name| +| client_outbound_bytes | source.bytes | +| client_outbound_interface | observer.egress.interface.name | +| client_outbound_packets | source.packets | +| destination_dns_hostname | destination.domain | +| dlp_file_name | file.name | +| dns_message_type | dns.type | +| dns_type | dns.question.type | +| domain_name | dns.question.name | +| dst | destination.ip | +| dst_machine_name | destination.domain | +| dlp_rule_name | rule.name | +| dlp_rule_uid | rule.uuid | +| endpoint_ip | observer.ip | +| file_id | file.inode | +| file_type | file.type | +| file_name | file.name | +| file_size | file.size | +| file_md5 | file.hash.md5 | +| file_sha1 | file.hash.sha1 | +| file_sha256 | file.hash.sha256 | +| first_detection | event.start | +| from | source.user.email | +| ifdir | network.direction | +| industry_reference | vulnerability.id | +| inzone | observer.ingress.zone | +| last_detection | event.end | +| loguid | event.id | +| mac_destination_address | destination.mac | +| mac_source_address | source.mac | +| malware_action | rule.description | +| matched_category | rule.category | +| malware_rule_id | rule.rule.id | +| message | message | +| method | http.request.method | +| origin | observer.name | +| origin_ip | observer.ip | +| os_name | host.os.name | +| os_version | host.os.version | +| outzone | observer.egress.zone | +| packet_capture | event.url | +| packets | network.packets | +| parent_process_md5 | process.parent.hash.md5 | +| parent_process_name | process.parent.name | +| process_md5 | process.hash.md5 | +| process_name | process.name | +| product | observer.product | +| proto | network.iana_number | +| reason | message | +| received_bytes | destination.bytes | +| referrer | http.request.referrer | +| rule_name | rule.name | +| resource | url.original | +| s_port | source.port | +| security_inzone | observer.ingress.zone | +| security_outzone | observer.egress.zone | +| sent_bytes | source.bytes | +| sequencenum | event.sequence | +| service | destination.port | +| service_id | network.application | +| service_name | destination.service.name | +| server_outbound_packets | destination.packets | +| server_outbound_bytes | destination.bytes | +| severity | event.severity | +| smartdefense_profile | rule.ruleset | +| src | source.ip | +| src_machine_name | source.domain | +| src_user_group | source.user.group.name | +| start_time | event.start | +| status | http.response.status_code | +| tid | dns.id | +| time | @timestamp | +| to | destination.user.email | +| type | observer.type | +| update_version | observer.version | +| url | url.original | +| user_group | group.name | +| usercheck_incident_uid | destination.user.id | +| web_client_type | user_agent.name | +| xlatesrc | source.nat.ip | +| xlatedst | destination.nat.ip | +| xlatesport | source.nat.port | +| xlatedport | destination.nat.port | +|============================================================== + +:modulename!: diff --git a/x-pack/filebeat/module/zoom/_meta/fields.yml b/x-pack/filebeat/module/zoom/_meta/fields.yml new file mode 100644 index 00000000000..e0fe58c7fbe --- /dev/null +++ b/x-pack/filebeat/module/zoom/_meta/fields.yml @@ -0,0 +1,5 @@ +- key: zoom + title: Zoom + description: > + Some Zoom module + fields: diff --git a/x-pack/filebeat/module/zoom/fields.go b/x-pack/filebeat/module/zoom/fields.go new file mode 100644 index 00000000000..bd151fb9a20 --- /dev/null +++ b/x-pack/filebeat/module/zoom/fields.go @@ -0,0 +1,23 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +// Code generated by beats/dev-tools/cmd/asset/asset.go - DO NOT EDIT. + +package zoom + +import ( + "github.com/elastic/beats/v7/libbeat/asset" +) + +func init() { + if err := asset.SetFields("filebeat", "zoom", asset.ModuleFieldsPri, AssetZoom); err != nil { + panic(err) + } +} + +// AssetZoom returns asset data. +// This is the base64 encoded gzipped contents of module/zoom. +func AssetZoom() string { + return "eJx8j0FqwzAQRfc+xb9AcgAtCiWrLgqFFgrdBNn6dkRkjRmNU9zTlzg4OC707zRPM/NmhzMnhx+RvgIsWqLD1+0VWBqNg0XJDk8VALxLzxmjlzAmVkAbmUJxM75mh+x73kcusWmgQ6cyDquqMtEXOtQ0v6oHtn5MdpyHO7Q+FT7gP2ZLXmcvtKIYvJaYu5vv89sLPlmfRM5lv+rY6q9PaCS3MTA3PCZemB4+LSfFbOyoGyYX6rdGo4PpyA39x/+aw30v5r0INGofMwPqCR8npbdDkjHsq98AAAD//3cefEc=" +} diff --git a/x-pack/filebeat/module/zoom/module.yml b/x-pack/filebeat/module/zoom/module.yml new file mode 100644 index 00000000000..ed97d539c09 --- /dev/null +++ b/x-pack/filebeat/module/zoom/module.yml @@ -0,0 +1 @@ +--- diff --git a/x-pack/filebeat/module/zoom/webhook/_meta/fields.yml b/x-pack/filebeat/module/zoom/webhook/_meta/fields.yml new file mode 100644 index 00000000000..33afa17c13e --- /dev/null +++ b/x-pack/filebeat/module/zoom/webhook/_meta/fields.yml @@ -0,0 +1,12 @@ +- name: zoom + type: group + release: beta + default_field: false + description: > + Module for parsing Zoom API Webhooks. + fields: + - name: confidence_level + type: integer + overwrite: true + description: > + Confidence level determined by ThreatCloud. diff --git a/x-pack/filebeat/module/zoom/webhook/config/webhook.yml b/x-pack/filebeat/module/zoom/webhook/config/webhook.yml new file mode 100644 index 00000000000..0ee23a7272b --- /dev/null +++ b/x-pack/filebeat/module/zoom/webhook/config/webhook.yml @@ -0,0 +1,33 @@ +{{ if eq .input "http_endpoint" }} + +type: http_endpoint +listen_address: {{ .listen_address }} +listen_port: {{ .listen_port }} +response_code: {{ .response_code }} +response_body: {{ .response_body }} +url: {{ .url }} +prefix: {{ .prefix }} +basic_auth: {{ .basic_auth }} +username: {{ .username }} +username: {{ .password }} + +{{ else if eq .input "file" }} + +type: log +paths: +{{ range $i, $path := .paths }} + - {{$path}} +{{ end }} +exclude_files: [".gz$"] + +{{ end }} + +tags: {{.tags | tojson}} +publisher_pipeline.disable_host: {{ inList .tags "forwarded" }} + +processors: + - add_locale: ~ + - add_fields: + target: '' + fields: + ecs.version: 1.5.0 diff --git a/x-pack/filebeat/module/zoom/webhook/ingest/account.yml b/x-pack/filebeat/module/zoom/webhook/ingest/account.yml new file mode 100644 index 00000000000..e69de29bb2d diff --git a/x-pack/filebeat/module/zoom/webhook/ingest/chat_channel.yml b/x-pack/filebeat/module/zoom/webhook/ingest/chat_channel.yml new file mode 100644 index 00000000000..e69de29bb2d diff --git a/x-pack/filebeat/module/zoom/webhook/ingest/chat_message.yml b/x-pack/filebeat/module/zoom/webhook/ingest/chat_message.yml new file mode 100644 index 00000000000..e69de29bb2d diff --git a/x-pack/filebeat/module/zoom/webhook/ingest/meeting.yml b/x-pack/filebeat/module/zoom/webhook/ingest/meeting.yml new file mode 100644 index 00000000000..e69de29bb2d diff --git a/x-pack/filebeat/module/zoom/webhook/ingest/phone.yml b/x-pack/filebeat/module/zoom/webhook/ingest/phone.yml new file mode 100644 index 00000000000..e69de29bb2d diff --git a/x-pack/filebeat/module/zoom/webhook/ingest/pipeline.yml b/x-pack/filebeat/module/zoom/webhook/ingest/pipeline.yml new file mode 100644 index 00000000000..ebb28488e9b --- /dev/null +++ b/x-pack/filebeat/module/zoom/webhook/ingest/pipeline.yml @@ -0,0 +1,48 @@ +description: Pipeline for parsing checkpoint firewall logs +processors: +- rename: + field: zoom.event + target_field: event.action + ignore_missing: true +- rename: + field: zoom.payload + target_field: _temp_.payload + ignore_missing: true +- remove: + field: zoom + ignore_missing: true +- rename: + field: _temp_.payload + target_field: zoom + ignore_missing: true +- pipeline: + name: '{< IngestPipeline "meeting" >}' + if: "ctx?.event?.action.startsWith('meeting')" +- pipeline: + name: '{< IngestPipeline "account" >}' + if: "ctx?.event?.action.startsWith('account')" +- pipeline: + name: '{< IngestPipeline "chat_message" >}' + if: "ctx?.event?.action.startsWith('chat_message')" +- pipeline: + name: '{< IngestPipeline "chat_channel" >}' + if: "ctx?.event?.action.startsWith('chat_message')" +- pipeline: + name: '{< IngestPipeline "phone" >}' + if: "ctx?.event?.action.startsWith('phone')" +- pipeline: + name: '{< IngestPipeline "recording" >}' + if: "ctx?.event?.action.startsWith('recording')" +- pipeline: + name: '{< IngestPipeline "user" >}' + if: "ctx?.event?.action.startsWith('user')" +- pipeline: + name: '{< IngestPipeline "webinar" >}' + if: "ctx?.event?.action.startsWith('webinar')" +- pipeline: + name: '{< IngestPipeline "zoomroom" >}' + if: "ctx?.event?.action.startsWith('zoomroom')" +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' \ No newline at end of file diff --git a/x-pack/filebeat/module/zoom/webhook/ingest/recording.yml b/x-pack/filebeat/module/zoom/webhook/ingest/recording.yml new file mode 100644 index 00000000000..e69de29bb2d diff --git a/x-pack/filebeat/module/zoom/webhook/ingest/user.yml b/x-pack/filebeat/module/zoom/webhook/ingest/user.yml new file mode 100644 index 00000000000..e69de29bb2d diff --git a/x-pack/filebeat/module/zoom/webhook/ingest/webinar.yml b/x-pack/filebeat/module/zoom/webhook/ingest/webinar.yml new file mode 100644 index 00000000000..e69de29bb2d diff --git a/x-pack/filebeat/module/zoom/webhook/ingest/zoomroom.yml b/x-pack/filebeat/module/zoom/webhook/ingest/zoomroom.yml new file mode 100644 index 00000000000..e69de29bb2d diff --git a/x-pack/filebeat/module/zoom/webhook/manifest.yml b/x-pack/filebeat/module/zoom/webhook/manifest.yml new file mode 100644 index 00000000000..f028dbdb31c --- /dev/null +++ b/x-pack/filebeat/module/zoom/webhook/manifest.yml @@ -0,0 +1,39 @@ +module_version: 1.0 + +var: + - name: listen_address + default: localhost + - name: listen_port + default: 8080 + - name: input + default: http_endpoint + - name: response_code + default: 200 + - name: response_body + default: '{"message": "success"}' + - name: url + default: / + - name: prefix + default: json + - name: basic_auth + default: false + - name: username + default: "" + - name: password + default: "" + + - name: tags + default: [zoom-webhook, forwarded] + +ingest_pipeline: + - ingest/pipeline.yml + - ingest/account.yml + - ingest/chat_message.yml + - ingest/chat_channel.yml + - ingest/meeting.yml + - ingest/phone.yml + - ingest/recording.yml + - ingest/user.yml + - ingest/webinar.yml + - ingest/zoomroom.yml +input: config/webhook.yml diff --git a/x-pack/filebeat/modules.d/zoom.yml.disabled b/x-pack/filebeat/modules.d/zoom.yml.disabled new file mode 100644 index 00000000000..d3576c42c88 --- /dev/null +++ b/x-pack/filebeat/modules.d/zoom.yml.disabled @@ -0,0 +1,16 @@ +# Module: zoom +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-zoom.html + +- module: checkpoint + firewall: + enabled: true + + # Set which input to use between syslog (default) or file. + #var.input: syslog + + # The interface to listen to UDP based syslog traffic. Defaults to + # localhost. Set to 0.0.0.0 to bind to all available interfaces. + #var.syslog_host: localhost + + # The UDP port to listen for syslog traffic. Defaults to 9001. + #var.syslog_port: 9001 From dd0cbaa7e62da552e57a2e151901b9e02d9e5178 Mon Sep 17 00:00:00 2001 From: P1llus Date: Mon, 3 Aug 2020 17:50:00 +0200 Subject: [PATCH 02/16] stashing changes --- .../module/zoom/webhook/ingest/account.yml | 60 +++++++++++++++++++ .../zoom/webhook/ingest/chat_channel.yml | 44 ++++++++++++++ .../zoom/webhook/ingest/chat_message.yml | 49 +++++++++++++++ .../module/zoom/webhook/ingest/meeting.yml | 50 ++++++++++++++++ .../module/zoom/webhook/ingest/phone.yml | 50 ++++++++++++++++ .../module/zoom/webhook/ingest/pipeline.yml | 13 +++- 6 files changed, 264 insertions(+), 2 deletions(-) diff --git a/x-pack/filebeat/module/zoom/webhook/ingest/account.yml b/x-pack/filebeat/module/zoom/webhook/ingest/account.yml index e69de29bb2d..c9f731489eb 100644 --- a/x-pack/filebeat/module/zoom/webhook/ingest/account.yml +++ b/x-pack/filebeat/module/zoom/webhook/ingest/account.yml @@ -0,0 +1,60 @@ +description: Pipeline for parsing Zoom account webhooks +processors: +- append: + field: event.category + value: iam +- append: + field: event.type + value: user +- append: + field: event.type + value: creation + if: ctx?.event?.action == 'account.created' +- append: + field: event.type + value: change + if: "['account.updated', 'account.settings_updated', 'account.disassociated'].contains(ctx?.event?.action)" +- rename: + field: zoom.operator + target_field: source.user.email + ignore_missing: true +- rename: + field: zoom.operator_id + target_field: source.user.id + ignore_missing: true +- rename: + field: zoom.account_id + target_field: zoom.master_account_id + ignore_missing: true +- rename: + field: zoom.object.id + target_field: zoom.sub_account_id + ignore_missing: true +- rename: + field: zoom.object.owner_id + target_field: destination.user.id + ignore_missing: true +- rename: + field: zoom.object.owner_id + target_field: destination.user.email + ignore_missing: true +- rename: + field: zoom.object + target_field: zoom.account + if: ctx?.event?.action != 'account.created' +- rename: + field: zoom.old_object + target_field: zoom.old_account + if: ctx?.event?.action != 'account.created' +- append: + field: related.user + value: "{{source.user.idl}}" + if: "ctx.source?.user?.id != null" +- append: + field: related.user + value: "{{destination.user.id}}" + if: "ctx.destination?.user?.id != null" +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/x-pack/filebeat/module/zoom/webhook/ingest/chat_channel.yml b/x-pack/filebeat/module/zoom/webhook/ingest/chat_channel.yml index e69de29bb2d..5485c0172a0 100644 --- a/x-pack/filebeat/module/zoom/webhook/ingest/chat_channel.yml +++ b/x-pack/filebeat/module/zoom/webhook/ingest/chat_channel.yml @@ -0,0 +1,44 @@ +description: Pipeline for parsing Zoom chat_channel webhooks +processors: +- append: + field: event.type + value: user + if: "['chat_channel.member_invited', 'chat_channel.member_joined', 'chat_channel.member_left'].contains(ctx?.event?.action)" +- append: + field: event.type + value: creation + if: ctx?.event?.action == 'chat_channel.created' +- append: + field: event.type + value: deletion + if: ctx?.event?.action == 'chat_channel.deleted' +- append: + field: event.type + value: change + if: ctx?.event?.action == 'chat_channel.deleted' +- rename: + field: zoom.operator + target_field: source.user.email + ignore_missing: true +- rename: + field: zoom.operator_id + target_field: source.user.id + ignore_missing: true +- rename: + field: zoom.object + target_field: zoom.channel + ignore_missing: true +- foreach: + field: zoom.channel.members + processor: + append: + field: related.user + value: "{{_ingest._value.id}}" +- append: + field: related.user + value: "{{source.user.id}}" + if: "ctx.source?.user?.id != null" +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/x-pack/filebeat/module/zoom/webhook/ingest/chat_message.yml b/x-pack/filebeat/module/zoom/webhook/ingest/chat_message.yml index e69de29bb2d..c11d3564ec9 100644 --- a/x-pack/filebeat/module/zoom/webhook/ingest/chat_message.yml +++ b/x-pack/filebeat/module/zoom/webhook/ingest/chat_message.yml @@ -0,0 +1,49 @@ +description: Pipeline for parsing Zoom chat_message webhooks +processors: +- append: + field: event.type + value: info +- append: + field: event.type + value: creation + if: ctx?.event?.action == 'chat_message.sent' +- append: + field: event.type + value: deletion + if: ctx?.event?.action == 'chat_message.deleted' +- append: + field: event.type + value: change + if: ctx?.event?.action == 'chat_message.updated' +- rename: + field: zoom.operator + target_field: source.user.email + ignore_missing: true +- rename: + field: zoom.operator_id + target_field: source.user.id + ignore_missing: true +- rename: + field: zoom.object + target_field: zoom.chat + ignore_missing: true +- rename: + field: zoom.chat.contact_email + target_field: destination.user.email + ignore_missing: true +- rename: + field: zoom.chat.contact_id + target_field: destination.user.id + ignore_missing: true +- append: + field: related.user + value: "{{source.user.id}}" + if: "ctx.source?.user?.id != null" +- append: + field: related.user + value: "{{destination.user.id}}" + if: "ctx.destination?.user?.id != null" +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/x-pack/filebeat/module/zoom/webhook/ingest/meeting.yml b/x-pack/filebeat/module/zoom/webhook/ingest/meeting.yml index e69de29bb2d..64893a41021 100644 --- a/x-pack/filebeat/module/zoom/webhook/ingest/meeting.yml +++ b/x-pack/filebeat/module/zoom/webhook/ingest/meeting.yml @@ -0,0 +1,50 @@ +description: Pipeline for parsing Zoom meeting webhooks +processors: +- append: + field: event.type + value: info + if: ctx?.event?.action != meeting.alert +- append: + field: event.type + value: creation + if: "['meeting.registration_created', 'meeting.created'].contains(ctx?.event?.action)" +- append: + field: event.type + value: deletion + if: ctx?.event?.action == 'meeting.deleted' +- append: + field: event.type + value: change + if: ctx?.event?.action == 'meeting.updated' +- append: + field: event.type + value: start + if: ctx?.event?.action == 'meeting.started' +- append: + field: event.type + value: end + if: ctx?.event?.action == 'meeting.ended' +- rename: + field: zoom.operator + target_field: source.user.email + ignore_missing: true +- rename: + field: zoom.operator_id + target_field: source.user.id + ignore_missing: true +- rename: + field: zoom.object + target_field: zoom.meeting + ignore_missing: true +- rename: + field: zoom.old_object + target_field: zoom.old_meeting + ignore_missing: true +- append: + field: related.user + value: "{{source.user.id}}" + if: "ctx.source?.user?.id != null" +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/x-pack/filebeat/module/zoom/webhook/ingest/phone.yml b/x-pack/filebeat/module/zoom/webhook/ingest/phone.yml index e69de29bb2d..6744163faf0 100644 --- a/x-pack/filebeat/module/zoom/webhook/ingest/phone.yml +++ b/x-pack/filebeat/module/zoom/webhook/ingest/phone.yml @@ -0,0 +1,50 @@ +description: Pipeline for parsing Zoom phone webhooks +processors: +- append: + field: event.type + value: info + if: ctx?.event?.action != meeting.alert +- append: + field: event.type + value: creation + if: "['meeting.registration_created', 'meeting.created'].contains(ctx?.event?.action)" +- append: + field: event.type + value: deletion + if: ctx?.event?.action == 'meeting.deleted' +- append: + field: event.type + value: change + if: ctx?.event?.action == 'meeting.updated' +- append: + field: event.type + value: start + if: ctx?.event?.action == 'meeting.started' +- append: + field: event.type + value: end + if: ctx?.event?.action == 'meeting.ended' +- rename: + field: zoom.operator + target_field: source.user.email + ignore_missing: true +- rename: + field: zoom.operator_id + target_field: source.user.id + ignore_missing: true +- rename: + field: zoom.object + target_field: zoom.meeting + ignore_missing: true +- rename: + field: zoom.old_object + target_field: zoom.old_meeting + ignore_missing: true +- append: + field: related.user + value: "{{source.user.id}}" + if: "ctx.source?.user?.id != null" +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/x-pack/filebeat/module/zoom/webhook/ingest/pipeline.yml b/x-pack/filebeat/module/zoom/webhook/ingest/pipeline.yml index ebb28488e9b..0b48dcc25dc 100644 --- a/x-pack/filebeat/module/zoom/webhook/ingest/pipeline.yml +++ b/x-pack/filebeat/module/zoom/webhook/ingest/pipeline.yml @@ -1,5 +1,14 @@ -description: Pipeline for parsing checkpoint firewall logs +description: Initial pipeline for parsing Zoom webhooks processors: +- set: + field: observer.vendor + target_field: Zoom +- set: + field: observer.product + target_field: Webhook +- append: + field: event.kind + value: event - rename: field: zoom.event target_field: event.action @@ -45,4 +54,4 @@ processors: on_failure: - set: field: error.message - value: '{{ _ingest.on_failure_message }}' \ No newline at end of file + value: '{{ _ingest.on_failure_message }}' From c3c2846ab5574a0162565bda9421dde303009d63 Mon Sep 17 00:00:00 2001 From: P1llus Date: Mon, 3 Aug 2020 23:01:39 +0200 Subject: [PATCH 03/16] initial MVP for the zoom module --- filebeat/docs/fields.asciidoc | 4485 +++++++++++++++++ filebeat/docs/modules/zoom.asciidoc | 60 + filebeat/docs/modules_list.asciidoc | 2 + x-pack/filebeat/filebeat.reference.yml | 16 +- x-pack/filebeat/module/zoom/_meta/config.yml | 16 +- .../filebeat/module/zoom/_meta/docs.asciidoc | 155 +- x-pack/filebeat/module/zoom/fields.go | 2 +- .../module/zoom/webhook/_meta/fields.yml | 1791 ++++++- .../module/zoom/webhook/config/webhook.yml | 1 + .../module/zoom/webhook/ingest/account.yml | 24 +- .../zoom/webhook/ingest/chat_channel.yml | 21 +- .../zoom/webhook/ingest/chat_message.yml | 26 +- .../module/zoom/webhook/ingest/meeting.yml | 24 +- .../module/zoom/webhook/ingest/phone.yml | 41 +- .../module/zoom/webhook/ingest/pipeline.yml | 24 +- .../module/zoom/webhook/ingest/recording.yml | 53 + .../module/zoom/webhook/ingest/user.yml | 41 + .../module/zoom/webhook/ingest/webinar.yml | 58 + .../module/zoom/webhook/ingest/zoomroom.yml | 26 + .../filebeat/module/zoom/webhook/manifest.yml | 11 +- x-pack/filebeat/modules.d/zoom.yml.disabled | 16 +- 21 files changed, 6623 insertions(+), 270 deletions(-) create mode 100644 filebeat/docs/modules/zoom.asciidoc diff --git a/filebeat/docs/fields.asciidoc b/filebeat/docs/fields.asciidoc index 67e84f08f35..2291b1579d1 100644 --- a/filebeat/docs/fields.asciidoc +++ b/filebeat/docs/fields.asciidoc @@ -80,6 +80,7 @@ grouped in the following categories: * <> * <> * <> +* <> * <> -- @@ -127577,6 +127578,4490 @@ type: boolean -- +[[exported-fields-zoom]] +== Zoom fields + +Some Zoom module + + + +[float] +=== zoom + +Module for parsing Zoom API Webhooks. + + + +*`zoom.master_account_id`*:: ++ +-- +Master Account related to a specific Sub Account + + +type: keyword + +-- + +*`zoom.sub_account_id`*:: ++ +-- +Related Sub Account + + +type: keyword + +-- + +*`zoom.operator_id`*:: ++ +-- +UserID that triggered the event + + +type: keyword + +-- + +*`zoom.operator`*:: ++ +-- +Username/Email related to the user that triggered the event + + +type: keyword + +-- + +*`zoom.account_id`*:: ++ +-- +Related accountID to the event + + +type: keyword + +-- + +*`zoom.timestamp`*:: ++ +-- +Timestamp related to the event + + +type: date + +-- + +*`zoom.account.owner_id`*:: ++ +-- +UserID of the related user the action was performed on + + +type: keyword + +-- + +*`zoom.account.email`*:: ++ +-- +Email related to the user the action was performed on + + +type: keyword + +-- + +*`zoom.account.owner_email`*:: ++ +-- +Email related to the user the action was performed on + + +type: keyword + +-- + +*`zoom.account.account_name`*:: ++ +-- +Name related to the user the action was performed on + + +type: keyword + +-- + +*`zoom.account.account_alias`*:: ++ +-- +Alias related to the user the action was performed on + + +type: keyword + +-- + +*`zoom.account.account_support_name`*:: ++ +-- +Support account related to the user the action was performed on + + +type: keyword + +-- + +*`zoom.account.account_support_email`*:: ++ +-- +Support account (Email) related to the user the action was performed on + + +type: keyword + +-- + +*`zoom.account.settings.schedule_meeting.host_video`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.account.settings.schedule_meeting.participant_video`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.account.settings.schedule_meeting.audio_type`*:: ++ +-- +Settings related to the account + + +type: keyword + +-- + +*`zoom.account.settings.schedule_meeting.join_before_host`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.account.settings.schedule_meeting.enforce_login`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.account.settings.schedule_meeting.enforce_login_with_domains`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.account.settings.schedule_meeting.enforce_login_domains`*:: ++ +-- +Settings related to the account + + +type: keyword + +-- + +*`zoom.account.settings.schedule_meeting.not_store_meeting_topic`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.account.settings.schedule_meeting.force_pmi_jbh_password`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.account.settings.in_meeting.e2e_encryption`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.account.settings.in_meeting.chat`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.account.settings.in_meeting.private_chat`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.account.settings.in_meeting.auto_saving_chat`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.account.settings.in_meeting.file_transfer`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.account.settings.in_meeting.feedback`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.account.settings.in_meeting.post_meeting_feedback`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.account.settings.in_meeting.co_host`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.account.settings.in_meeting.polling`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.account.settings.in_meeting.attendee_on_hold`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.account.settings.in_meeting.show_meeting_control_toolbar`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.account.settings.in_meeting.allow_show_zoom_windows`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.account.settings.in_meeting.annotation`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.account.settings.in_meeting.whiteboard`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.account.settings.in_meeting.webinar_question_answer`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.account.settings.in_meeting.anonymous_question_answer`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.account.settings.in_meeting.breakout_room`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.account.settings.in_meeting.closed_caption`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.account.settings.in_meeting.far_end_camera_control`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.account.settings.in_meeting.group_hd`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.account.settings.in_meeting.virtual_background`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.account.settings.in_meeting.watermark`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.account.settings.in_meeting.alert_guest_join`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.account.settings.in_meeting.auto_answer`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.account.settings.in_meeting.p2p_connetion`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.account.settings.in_meeting.p2p_ports`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.account.settings.in_meeting.ports_range`*:: ++ +-- +Settings related to the account + + +type: keyword + +-- + +*`zoom.account.settings.in_meeting.sending_default_email_invites`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.account.settings.in_meeting.use_html_format_email`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.account.settings.in_meeting.dscp_marking`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.account.settings.in_meeting.dscp_audio`*:: ++ +-- +Settings related to the account + + +type: long + +-- + +*`zoom.account.settings.in_meeting.dscp_video`*:: ++ +-- +Settings related to the account + + +type: long + +-- + +*`zoom.account.settings.in_meeting.stereo_audio`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.account.settings.in_meeting.original_audio`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.account.settings.in_meeting.screen_sharing`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.account.settings.in_meeting.remote_control`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.account.settings.in_meeting.attention_tracking`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.account.settings.email_notification.cloud_recording_avaliable_reminder`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.account.settings.email_notification.jbh_reminder`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.account.settings.email_notification.cancel_meeting_reminder`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.account.settings.email_notification.low_host_count_reminder`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.account.settings.email_notification.alternative_host_reminder`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.account.settings.zoom_rooms.upcoming_meeting_alert`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.account.settings.zoom_rooms.start_airplay_manually`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.account.settings.zoom_rooms.weekly_system_restart`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.account.settings.zoom_rooms.list_meetings_with_calendar`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.account.settings.zoom_rooms.zr_post_meeting_feedback`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.account.settings.zoom_rooms.ultrasonic`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.account.settings.zoom_rooms.force_private_meeting`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.account.settings.zoom_rooms.hide_host_information`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.account.settings.zoom_rooms.cmr_for_instant_meeting`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.account.settings.zoom_rooms.auto_start_stop_scheduled_meetings`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.account.settings.security.admin_change_name_pic`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.account.settings.security.import_photos_from_devices`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.account.settings.security.hide_billing_info`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.account.settings.recording.local_recording`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.account.settings.recording.cloud_recording`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.account.settings.recording.record_speaker_view`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.account.settings.recording.record_gallery_view`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.account.settings.recording.record_audio_file`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.account.settings.recording.save_chat_text`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.account.settings.recording.show_timestamp`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.account.settings.recording.recording_audio_transcript`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.account.settings.recording.auto_recording`*:: ++ +-- +Settings related to the account + + +type: keyword + +-- + +*`zoom.account.settings.recording.cloud_recording_download`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.account.settings.recording.cloud_recording_download_host`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.account.settings.recording.account_user_access_recording`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.account.settings.recording.auto_delete_cmr`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.account.settings.recording.auto_delete_cmr_days`*:: ++ +-- +Settings related to the account + + +type: long + +-- + +*`zoom.account.settings.telephony.third_party_audio`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.account.settings.telephony.audio_conference_info`*:: ++ +-- +Settings related to the account + + +type: keyword + +-- + +*`zoom.account.settings.integration.google_calendar`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.account.settings.integration.google_drive`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.account.settings.integration.dropbox`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.account.settings.integration.box`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.account.settings.integration.microsoft_one_drive`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.account.settings.integration.kubi`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.account.settings.feature.meeting_capacity`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.old_account.owner_id`*:: ++ +-- +UserID of the related user the action was performed on + + +type: keyword + +-- + +*`zoom.old_account.email`*:: ++ +-- +Email related to the user the action was performed on + + +type: keyword + +-- + +*`zoom.old_account.owner_email`*:: ++ +-- +Email related to the user the action was performed on + + +type: keyword + +-- + +*`zoom.old_account.account_name`*:: ++ +-- +Name related to the user the action was performed on + + +type: keyword + +-- + +*`zoom.old_account.account_alias`*:: ++ +-- +Alias related to the user the action was performed on + + +type: keyword + +-- + +*`zoom.old_account.account_support_name`*:: ++ +-- +Support account related to the user the action was performed on + + +type: keyword + +-- + +*`zoom.old_account.account_support_email`*:: ++ +-- +Support account (Email) related to the user the action was performed on + + +type: keyword + +-- + +*`zoom.old_account.settings.schedule_meeting.host_video`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.old_account.settings.schedule_meeting.participant_video`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.old_account.settings.schedule_meeting.audio_type`*:: ++ +-- +Settings related to the account + + +type: keyword + +-- + +*`zoom.old_account.settings.schedule_meeting.join_before_host`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.old_account.settings.schedule_meeting.enforce_login`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.old_account.settings.schedule_meeting.enforce_login_with_domains`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.old_account.settings.schedule_meeting.enforce_login_domains`*:: ++ +-- +Settings related to the account + + +type: keyword + +-- + +*`zoom.old_account.settings.schedule_meeting.not_store_meeting_topic`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.old_account.settings.schedule_meeting.force_pmi_jbh_password`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.old_account.settings.in_meeting.e2e_encryption`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.old_account.settings.in_meeting.chat`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.old_account.settings.in_meeting.private_chat`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.old_account.settings.in_meeting.auto_saving_chat`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.old_account.settings.in_meeting.file_transfer`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.old_account.settings.in_meeting.feedback`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.old_account.settings.in_meeting.post_meeting_feedback`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.old_account.settings.in_meeting.co_host`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.old_account.settings.in_meeting.polling`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.old_account.settings.in_meeting.attendee_on_hold`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.old_account.settings.in_meeting.show_meeting_control_toolbar`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.old_account.settings.in_meeting.allow_show_zoom_windows`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.old_account.settings.in_meeting.annotation`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.old_account.settings.in_meeting.whiteboard`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.old_account.settings.in_meeting.webinar_question_answer`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.old_account.settings.in_meeting.anonymous_question_answer`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.old_account.settings.in_meeting.breakout_room`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.old_account.settings.in_meeting.closed_caption`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.old_account.settings.in_meeting.far_end_camera_control`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.old_account.settings.in_meeting.group_hd`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.old_account.settings.in_meeting.virtual_background`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.old_account.settings.in_meeting.watermark`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.old_account.settings.in_meeting.alert_guest_join`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.old_account.settings.in_meeting.auto_answer`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.old_account.settings.in_meeting.p2p_connetion`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.old_account.settings.in_meeting.p2p_ports`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.old_account.settings.in_meeting.ports_range`*:: ++ +-- +Settings related to the account + + +type: keyword + +-- + +*`zoom.old_account.settings.in_meeting.sending_default_email_invites`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.old_account.settings.in_meeting.use_html_format_email`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.old_account.settings.in_meeting.dscp_marking`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.old_account.settings.in_meeting.dscp_audio`*:: ++ +-- +Settings related to the account + + +type: long + +-- + +*`zoom.old_account.settings.in_meeting.dscp_video`*:: ++ +-- +Settings related to the account + + +type: long + +-- + +*`zoom.old_account.settings.in_meeting.stereo_audio`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.old_account.settings.in_meeting.original_audio`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.old_account.settings.in_meeting.screen_sharing`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.old_account.settings.in_meeting.remote_control`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.old_account.settings.in_meeting.attention_tracking`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.old_account.settings.email_notification.cloud_recording_avaliable_reminder`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.old_account.settings.email_notification.jbh_reminder`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.old_account.settings.email_notification.cancel_meeting_reminder`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.old_account.settings.email_notification.low_host_count_reminder`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.old_account.settings.email_notification.alternative_host_reminder`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.old_account.settings.zoom_rooms.upcoming_meeting_alert`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.old_account.settings.zoom_rooms.start_airplay_manually`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.old_account.settings.zoom_rooms.weekly_system_restart`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.old_account.settings.zoom_rooms.list_meetings_with_calendar`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.old_account.settings.zoom_rooms.zr_post_meeting_feedback`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.old_account.settings.zoom_rooms.ultrasonic`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.old_account.settings.zoom_rooms.force_private_meeting`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.old_account.settings.zoom_rooms.hide_host_information`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.old_account.settings.zoom_rooms.cmr_for_instant_meeting`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.old_account.settings.zoom_rooms.auto_start_stop_scheduled_meetings`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.old_account.settings.security.admin_change_name_pic`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.old_account.settings.security.import_photos_from_devices`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.old_account.settings.security.hide_billing_info`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.old_account.settings.recording.local_recording`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.old_account.settings.recording.cloud_recording`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.old_account.settings.recording.record_speaker_view`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.old_account.settings.recording.record_gallery_view`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.old_account.settings.recording.record_audio_file`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.old_account.settings.recording.save_chat_text`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.old_account.settings.recording.show_timestamp`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.old_account.settings.recording.recording_audio_transcript`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.old_account.settings.recording.auto_recording`*:: ++ +-- +Settings related to the account + + +type: keyword + +-- + +*`zoom.old_account.settings.recording.cloud_recording_download`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.old_account.settings.recording.cloud_recording_download_host`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.old_account.settings.recording.account_user_access_recording`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.old_account.settings.recording.auto_delete_cmr`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.old_account.settings.recording.auto_delete_cmr_days`*:: ++ +-- +Settings related to the account + + +type: long + +-- + +*`zoom.old_account.settings.telephony.third_party_audio`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.old_account.settings.telephony.audio_conference_info`*:: ++ +-- +Settings related to the account + + +type: keyword + +-- + +*`zoom.old_account.settings.integration.google_calendar`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.old_account.settings.integration.google_drive`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.old_account.settings.integration.dropbox`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.old_account.settings.integration.box`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.old_account.settings.integration.microsoft_one_drive`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.old_account.settings.integration.kubi`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.old_account.settings.feature.meeting_capacity`*:: ++ +-- +Settings related to the account + + +type: boolean + +-- + +*`zoom.chat_channel.name`*:: ++ +-- +Channel name + + +type: keyword + +-- + +*`zoom.chat_channel.id`*:: ++ +-- +Channel ID + + +type: keyword + +-- + +*`zoom.chat_channel.type`*:: ++ +-- +Channel type + + +type: integer + +-- + +*`zoom.chat_channel.timestamp`*:: ++ +-- +Time when channel was created/modified/deleted + + +type: date + +-- + +*`zoom.chat_channel.date_time`*:: ++ +-- +Time when channel was created/modified/deleted + + +type: date + +-- + +*`zoom.chat_messages.id`*:: ++ +-- +Message ID + + +type: keyword + +-- + +*`zoom.chat_messages.type`*:: ++ +-- +Type of message, either private message or channel message + + +type: integer + +-- + +*`zoom.chat_messages.date_time`*:: ++ +-- +Time when message was created/modified/deleted + + +type: date + +-- + +*`zoom.chat_messages.timestamp`*:: ++ +-- +Time when message was created/modified/deleted + + +type: date + +-- + +*`zoom.chat_messages.session_id`*:: ++ +-- +SessionID for the channel related to the message + + +type: keyword + +-- + +*`zoom.chat_messages.contact_email`*:: ++ +-- +Email address related to the user sending the message + + +type: keyword + +-- + +*`zoom.chat_messages.contact_id`*:: ++ +-- +UserID related to the user sending the message + + +type: keyword + +-- + +*`zoom.chat_messages.channel_id`*:: ++ +-- +ChannelID related to the message + + +type: keyword + +-- + +*`zoom.chat_messages.channel_name`*:: ++ +-- +Channel name related to the message + + +type: keyword + +-- + +*`zoom.chat_messages.message`*:: ++ +-- +The message sent + + +type: keyword + +-- + +*`zoom.meeting.id`*:: ++ +-- +The ID of the meeting + + +type: keyword + +-- + +*`zoom.meeting.uuid`*:: ++ +-- +The UUID of the meeting + + +type: keyword + +-- + +*`zoom.meeting.host_id`*:: ++ +-- +The UserID of the meeting host + + +type: keyword + +-- + +*`zoom.meeting.topic`*:: ++ +-- +Meeting Topic + + +type: keyword + +-- + +*`zoom.meeting.type`*:: ++ +-- +Type of meeting created + + +type: integer + +-- + +*`zoom.meeting.start_time`*:: ++ +-- +Time the meeting started + + +type: date + +-- + +*`zoom.meeting.timezone`*:: ++ +-- +Timezone used for the meeting + + +type: keyword + +-- + +*`zoom.meeting.duration`*:: ++ +-- +Seconds the meeting has been active + + +type: long + +-- + +*`zoom.meeting.issues`*:: ++ +-- +Issue message if an alert is triggered on the meeting + + +type: long + +-- + +*`zoom.meeting.password`*:: ++ +-- +Password related to the meeting + + +type: keyword + +-- + +*`zoom.meeting.settings.host_video`*:: ++ +-- +Settings related to the meeting + + +type: boolean + +-- + +*`zoom.meeting.settings.participant_video`*:: ++ +-- +Settings related to the meeting + + +type: boolean + +-- + +*`zoom.meeting.settings.join_before_host`*:: ++ +-- +Settings related to the meeting + + +type: boolean + +-- + +*`zoom.meeting.settings.mute_upon_entry`*:: ++ +-- +Settings related to the meeting + + +type: boolean + +-- + +*`zoom.meeting.settings.audio`*:: ++ +-- +Settings related to the meeting + + +type: keyword + +-- + +*`zoom.meeting.settings.auto_recording`*:: ++ +-- +Settings related to the meeting + + +type: keyword + +-- + +*`zoom.meeting.settings.use_pmi`*:: ++ +-- +Settings related to the meeting + + +type: boolean + +-- + +*`zoom.meeting.settings.auto_recording`*:: ++ +-- +Settings related to the meeting + + +type: keyword + +-- + +*`zoom.meeting.settings.waiting_room`*:: ++ +-- +Settings related to the meeting + + +type: boolean + +-- + +*`zoom.meeting.settings.watermark`*:: ++ +-- +Settings related to the meeting + + +type: boolean + +-- + +*`zoom.meeting.settings.enforce_login`*:: ++ +-- +Settings related to the meeting + + +type: boolean + +-- + +*`zoom.meeting.registrant.id`*:: ++ +-- +Information about the person that registers to the meeting + + +type: keyword + +-- + +*`zoom.meeting.registrant.email`*:: ++ +-- +Information about the person that registers to the meeting + + +type: keyword + +-- + +*`zoom.meeting.registrant.first_name`*:: ++ +-- +Information about the person that registers to the meeting + + +type: keyword + +-- + +*`zoom.meeting.registrant.last_name`*:: ++ +-- +Information about the person that registers to the meeting + + +type: keyword + +-- + +*`zoom.meeting.registrant.address`*:: ++ +-- +Information about the person that registers to the meeting + + +type: keyword + +-- + +*`zoom.meeting.registrant.city`*:: ++ +-- +Information about the person that registers to the meeting + + +type: keyword + +-- + +*`zoom.meeting.registrant.country`*:: ++ +-- +Information about the person that registers to the meeting + + +type: keyword + +-- + +*`zoom.meeting.registrant.zip`*:: ++ +-- +Information about the person that registers to the meeting + + +type: keyword + +-- + +*`zoom.meeting.registrant.state`*:: ++ +-- +Information about the person that registers to the meeting + + +type: keyword + +-- + +*`zoom.meeting.registrant.phone`*:: ++ +-- +Information about the person that registers to the meeting + + +type: keyword + +-- + +*`zoom.meeting.registrant.industry`*:: ++ +-- +Information about the person that registers to the meeting + + +type: keyword + +-- + +*`zoom.meeting.registrant.org`*:: ++ +-- +Information about the person that registers to the meeting + + +type: keyword + +-- + +*`zoom.meeting.registrant.job_title`*:: ++ +-- +Information about the person that registers to the meeting + + +type: keyword + +-- + +*`zoom.meeting.registrant.purchasing_time_frame`*:: ++ +-- +Information about the person that registers to the meeting + + +type: keyword + +-- + +*`zoom.meeting.registrant.role_in_purchase_process`*:: ++ +-- +Information about the person that registers to the meeting + + +type: keyword + +-- + +*`zoom.meeting.registrant.no_of_employees`*:: ++ +-- +Information about the person that registers to the meeting + + +type: keyword + +-- + +*`zoom.meeting.registrant.comments`*:: ++ +-- +Information about the person that registers to the meeting + + +type: keyword + +-- + +*`zoom.meeting.registrant.join_url`*:: ++ +-- +Information about the person that registers to the meeting + + +type: keyword + +-- + +*`zoom.meeting.participant.id`*:: ++ +-- +Meeting ID of the related meeting + + +type: keyword + +-- + +*`zoom.meeting.participant.user_id`*:: ++ +-- +UserID of the participant trigger the sharing event + + +type: keyword + +-- + +*`zoom.meeting.participant.user_name`*:: ++ +-- +User name of the participant trigger the sharing event + + +type: keyword + +-- + +*`zoom.meeting.participant.join_time`*:: ++ +-- +The time the participant joined the related meeting + + +type: date + +-- + +*`zoom.meeting.participant.leave_time`*:: ++ +-- +The time the participant left the related meeting + + +type: date + +-- + +*`zoom.meeting.participant.sharing_details.link_source`*:: ++ +-- +Method of sharing with dropbox integration + + +type: keyword + +-- + +*`zoom.meeting.participant.sharing_details.content`*:: ++ +-- +Type of content that was shared + + +type: keyword + +-- + +*`zoom.meeting.participant.sharing_details.file_link`*:: ++ +-- +The file link that was shared + + +type: keyword + +-- + +*`zoom.meeting.participant.sharing_details.date_time`*:: ++ +-- +Timestamp the sharing started + + +type: keyword + +-- + +*`zoom.meeting.participant.sharing_details.source`*:: ++ +-- +The file source that was shared + + +type: keyword + +-- + +*`zoom.old_meeting.id`*:: ++ +-- +The ID of the meeting + + +type: keyword + +-- + +*`zoom.old_meeting.uuid`*:: ++ +-- +The UUID of the meeting + + +type: keyword + +-- + +*`zoom.old_meeting.host_id`*:: ++ +-- +The UserID of the meeting host + + +type: keyword + +-- + +*`zoom.old_meeting.topic`*:: ++ +-- +Meeting Topic + + +type: keyword + +-- + +*`zoom.old_meeting.type`*:: ++ +-- +Type of meeting created + + +type: integer + +-- + +*`zoom.old_meeting.start_time`*:: ++ +-- +Time the meeting started + + +type: date + +-- + +*`zoom.old_meeting.timezone`*:: ++ +-- +Timezone used for the meeting + + +type: keyword + +-- + +*`zoom.old_meeting.duration`*:: ++ +-- +Seconds the meeting has been active + + +type: long + +-- + +*`zoom.old_meeting.issues`*:: ++ +-- +Issue message if an alert is triggered on the meeting + + +type: long + +-- + +*`zoom.old_meeting.password`*:: ++ +-- +Password related to the meeting + + +type: keyword + +-- + +*`zoom.old_meeting.settings.host_video`*:: ++ +-- +Settings related to the meeting + + +type: boolean + +-- + +*`zoom.old_meeting.settings.participant_video`*:: ++ +-- +Settings related to the meeting + + +type: boolean + +-- + +*`zoom.old_meeting.settings.join_before_host`*:: ++ +-- +Settings related to the meeting + + +type: boolean + +-- + +*`zoom.old_meeting.settings.mute_upon_entry`*:: ++ +-- +Settings related to the meeting + + +type: boolean + +-- + +*`zoom.old_meeting.settings.audio`*:: ++ +-- +Settings related to the meeting + + +type: keyword + +-- + +*`zoom.old_meeting.settings.auto_recording`*:: ++ +-- +Settings related to the meeting + + +type: keyword + +-- + +*`zoom.old_meeting.settings.use_pmi`*:: ++ +-- +Settings related to the meeting + + +type: boolean + +-- + +*`zoom.old_meeting.settings.auto_recording`*:: ++ +-- +Settings related to the meeting + + +type: keyword + +-- + +*`zoom.old_meeting.settings.waiting_room`*:: ++ +-- +Settings related to the meeting + + +type: boolean + +-- + +*`zoom.old_meeting.settings.watermark`*:: ++ +-- +Settings related to the meeting + + +type: boolean + +-- + +*`zoom.old_meeting.settings.enforce_login`*:: ++ +-- +Settings related to the meeting + + +type: boolean + +-- + +*`zoom.phone.ringing_start_time`*:: ++ +-- +The timestamp when a ringtone was established to the callee + + +type: date + +-- + +*`zoom.phone.connected_start_time`*:: ++ +-- +The timestamp when a ringtone was established to the callee + + +type: date + +-- + +*`zoom.phone.answer_start_time`*:: ++ +-- +The timestamp when the call was answered + + +type: date + +-- + +*`zoom.phone.call_end_time`*:: ++ +-- +The timestamp when the call ended + + +type: date + +-- + +*`zoom.phone.call_id`*:: ++ +-- +Unique ID of the call + + +type: keyword + +-- + +*`zoom.phone.duration`*:: ++ +-- +Duration of a voicemail + + +type: long + +-- + +*`zoom.phone.caller_number`*:: ++ +-- +Caller number related to the voicemail + + +type: keyword + +-- + +*`zoom.phone.caller_name`*:: ++ +-- +Caller name related to the voicemail + + +type: keyword + +-- + +*`zoom.phone.caller_number_type`*:: ++ +-- +Caller type related to the voicemail + + +type: long + +-- + +*`zoom.phone.caller_user_id`*:: ++ +-- +UserID of the person related to the voicemail + + +type: keyword + +-- + +*`zoom.phone.callee_user_id`*:: ++ +-- +UserID of the callee related to the voicemail + + +type: keyword + +-- + +*`zoom.phone.caller.user_id`*:: ++ +-- +UserID of the person which initiated the call + + +type: keyword + +-- + +*`zoom.phone.caller.phone_number`*:: ++ +-- +Phone Number of the caller + + +type: keyword + +-- + +*`zoom.phone.caller.extension_number`*:: ++ +-- +Extension number of the caller + + +type: keyword + +-- + +*`zoom.phone.caller.timezone`*:: ++ +-- +Timezone of the caller + + +type: keyword + +-- + +*`zoom.phone.caller.device_type`*:: ++ +-- +Device type used by the caller + + +type: keyword + +-- + +*`zoom.phone.callee_user_id`*:: ++ +-- +UserID of the person that is called + + +type: keyword + +-- + +*`zoom.phone.callee.user_id`*:: ++ +-- +UserID of the person that is called + + +type: keyword + +-- + +*`zoom.phone.callee.phone_number`*:: ++ +-- +Phone Number of the callee + + +type: keyword + +-- + +*`zoom.phone.callee.extension_number`*:: ++ +-- +Extension number of the callee + + +type: keyword + +-- + +*`zoom.phone.callee.timezone`*:: ++ +-- +Timezone of the callee + + +type: keyword + +-- + +*`zoom.phone.callee.device_type`*:: ++ +-- +Device type used by the callee + + +type: keyword + +-- + +*`zoom.recording.id`*:: ++ +-- +ID of the recording + + +type: keyword + +-- + +*`zoom.recording.uuid`*:: ++ +-- +UUID of the recording + + +type: keyword + +-- + +*`zoom.recording.host_id`*:: ++ +-- +UserID of the host related to the meeting recording + + +type: keyword + +-- + +*`zoom.recording.topic`*:: ++ +-- +Topic of the meeting related to the recording + + +type: keyword + +-- + +*`zoom.recording.type`*:: ++ +-- +Type of recording + + +type: long + +-- + +*`zoom.recording.start_time`*:: ++ +-- +Date of the recording + + +type: date + +-- + +*`zoom.recording.timezone`*:: ++ +-- +The timezone used for the recording date + + +type: keyword + +-- + +*`zoom.recording.duration`*:: ++ +-- +Duration of the recording + + +type: long + +-- + +*`zoom.recording.share_url`*:: ++ +-- +The share URL for the recording + + +type: keyword + +-- + +*`zoom.recording.total_size`*:: ++ +-- +Total size of the recording in bytes + + +type: long + +-- + +*`zoom.recording.recording_count`*:: ++ +-- +Amount of recording files related to the recording + + +type: long + +-- + +*`zoom.recording.host_email`*:: ++ +-- +Email address of the host related to the meeting + + +type: long + +-- + +*`zoom.recording.registrant.id`*:: ++ +-- +Information about the person that registers to the meeting + + +type: keyword + +-- + +*`zoom.recording.registrant.email`*:: ++ +-- +Information about the person that registers to the meeting + + +type: keyword + +-- + +*`zoom.recording.registrant.first_name`*:: ++ +-- +Information about the person that registers to the meeting + + +type: keyword + +-- + +*`zoom.recording.registrant.last_name`*:: ++ +-- +Information about the person that registers to the meeting + + +type: keyword + +-- + +*`zoom.recording.registrant.address`*:: ++ +-- +Information about the person that registers to the meeting + + +type: keyword + +-- + +*`zoom.recording.registrant.city`*:: ++ +-- +Information about the person that registers to the meeting + + +type: keyword + +-- + +*`zoom.recording.registrant.country`*:: ++ +-- +Information about the person that registers to the meeting + + +type: keyword + +-- + +*`zoom.recording.registrant.zip`*:: ++ +-- +Information about the person that registers to the meeting + + +type: keyword + +-- + +*`zoom.recording.registrant.state`*:: ++ +-- +Information about the person that registers to the meeting + + +type: keyword + +-- + +*`zoom.recording.registrant.phone`*:: ++ +-- +Information about the person that registers to the meeting + + +type: keyword + +-- + +*`zoom.recording.registrant.industry`*:: ++ +-- +Information about the person that registers to the meeting + + +type: keyword + +-- + +*`zoom.recording.registrant.org`*:: ++ +-- +Information about the person that registers to the meeting + + +type: keyword + +-- + +*`zoom.recording.registrant.job_title`*:: ++ +-- +Information about the person that registers to the meeting + + +type: keyword + +-- + +*`zoom.recording.registrant.purchasing_time_frame`*:: ++ +-- +Information about the person that registers to the meeting + + +type: keyword + +-- + +*`zoom.recording.registrant.role_in_purchase_process`*:: ++ +-- +Information about the person that registers to the meeting + + +type: keyword + +-- + +*`zoom.recording.registrant.no_of_employees`*:: ++ +-- +Information about the person that registers to the meeting + + +type: keyword + +-- + +*`zoom.recording.registrant.comments`*:: ++ +-- +Information about the person that registers to the meeting + + +type: keyword + +-- + +*`zoom.recording.registrant.join_url`*:: ++ +-- +Information about the person that registers to the meeting + + +type: keyword + +-- + +*`zoom.user.id`*:: ++ +-- +UserID related to the user event + + +type: keyword + +-- + +*`zoom.user.first_name`*:: ++ +-- +User first name related to the user event + + +type: keyword + +-- + +*`zoom.user.last_name`*:: ++ +-- +User last name related to the user event + + +type: keyword + +-- + +*`zoom.user.email`*:: ++ +-- +User email related to the user event + + +type: keyword + +-- + +*`zoom.user.type`*:: ++ +-- +User type related to the user event + + +type: keyword + +-- + +*`zoom.user.phone_number`*:: ++ +-- +Phone number related to the user + + +type: keyword + +-- + +*`zoom.user.phone_country`*:: ++ +-- +Country code related to the phone number + + +type: keyword + +-- + +*`zoom.user.company`*:: ++ +-- +User Company + + +type: keyword + +-- + +*`zoom.user.pmi`*:: ++ +-- +User personal meeting ID + + +type: keyword + +-- + +*`zoom.user.use_pmi`*:: ++ +-- +If use PMI is enabled + + +type: boolean + +-- + +*`zoom.user.pic_url`*:: ++ +-- +URL to the profile picture + + +type: keyword + +-- + +*`zoom.user.vanity_name`*:: ++ +-- +Name of the related users personal meeting room + + +type: keyword + +-- + +*`zoom.user.timezone`*:: ++ +-- +Timezone configured for the user + + +type: keyword + +-- + +*`zoom.user.language`*:: ++ +-- +Language settings for the user + + +type: keyword + +-- + +*`zoom.user.host_key`*:: ++ +-- +Host key set for the user + + +type: keyword + +-- + +*`zoom.user.role`*:: ++ +-- +The configured role for the user + + +type: keyword + +-- + +*`zoom.user.dept`*:: ++ +-- +The configured departement for the user + + +type: keyword + +-- + +*`zoom.user.settings.meeting_capacity`*:: ++ +-- +Maximum capacity for the user + + +type: long + +-- + +*`zoom.user.settings.large_meeting`*:: ++ +-- +If large meeting plan is enabled for the user + + +type: boolean + +-- + +*`zoom.user.presence_status`*:: ++ +-- +Current presence status of user + + +type: keyword + +-- + +*`zoom.user.personal_note`*:: ++ +-- +Personal notes for the User + + +type: keyword + +-- + +*`zoom.user.date_time`*:: ++ +-- +Time when user logged in/out + + +type: date + +-- + +*`zoom.old_user.id`*:: ++ +-- +UserID related to the user event + + +type: keyword + +-- + +*`zoom.old_user.first_name`*:: ++ +-- +User first name related to the user event + + +type: keyword + +-- + +*`zoom.old_user.last_name`*:: ++ +-- +User last name related to the user event + + +type: keyword + +-- + +*`zoom.old_user.email`*:: ++ +-- +User email related to the user event + + +type: keyword + +-- + +*`zoom.old_user.type`*:: ++ +-- +User type related to the user event + + +type: keyword + +-- + +*`zoom.old_user.phone_number`*:: ++ +-- +Phone number related to the user + + +type: keyword + +-- + +*`zoom.old_user.phone_country`*:: ++ +-- +Country code related to the phone number + + +type: keyword + +-- + +*`zoom.old_user.company`*:: ++ +-- +User Company + + +type: keyword + +-- + +*`zoom.old_user.pmi`*:: ++ +-- +User personal meeting ID + + +type: keyword + +-- + +*`zoom.old_user.use_pmi`*:: ++ +-- +If use PMI is enabled + + +type: boolean + +-- + +*`zoom.old_user.pic_url`*:: ++ +-- +URL to the profile picture + + +type: keyword + +-- + +*`zoom.old_user.vanity_name`*:: ++ +-- +Name of the related users personal meeting room + + +type: keyword + +-- + +*`zoom.old_user.timezone`*:: ++ +-- +Timezone configured for the user + + +type: keyword + +-- + +*`zoom.old_user.language`*:: ++ +-- +Language settings for the user + + +type: keyword + +-- + +*`zoom.old_user.host_key`*:: ++ +-- +Host key set for the user + + +type: keyword + +-- + +*`zoom.old_user.role`*:: ++ +-- +The configured role for the user + + +type: keyword + +-- + +*`zoom.old_user.dept`*:: ++ +-- +The configured departement for the user + + +type: keyword + +-- + +*`zoom.old_user.settings.meeting_capacity`*:: ++ +-- +Maximum capacity for the user + + +type: long + +-- + +*`zoom.old_user.settings.large_meeting`*:: ++ +-- +If large meeting plan is enabled for the user + + +type: boolean + +-- + +*`zoom.old_user.presence_status`*:: ++ +-- +Current presence status of user + + +type: keyword + +-- + +*`zoom.old_user.personal_note`*:: ++ +-- +Personal notes for the User + + +type: keyword + +-- + +*`zoom.old_user.date_time`*:: ++ +-- +Time when user logged in/out + + +type: date + +-- + +*`zoom.webinar.id`*:: ++ +-- +Unique ID for the webinar + + +type: keyword + +-- + +*`zoom.webinar.uuid`*:: ++ +-- +UUID for the webinar + + +type: keyword + +-- + +*`zoom.webinar.host_id`*:: ++ +-- +UserID of the host of the webinar + + +type: keyword + +-- + +*`zoom.webinar.topic`*:: ++ +-- +Topic of the webinar + + +type: keyword + +-- + +*`zoom.webinar.type`*:: ++ +-- +Type of webinar created + + +type: keyword + +-- + +*`zoom.webinar.start_time`*:: ++ +-- +Start time of the webinar + + +type: date + +-- + +*`zoom.webinar.timezone`*:: ++ +-- +Timezone of the webinar + + +type: keyword + +-- + +*`zoom.webinar.duration`*:: ++ +-- +Duration of the webinar + + +type: long + +-- + +*`zoom.webinar.agenda`*:: ++ +-- +Agenda of the webinar + + +type: keyword + +-- + +*`zoom.webinar.password`*:: ++ +-- +Password for the webinar + + +type: keyword + +-- + +*`zoom.webinar.issues`*:: ++ +-- +Related issues to the webinar + + +type: keyword + +-- + +*`zoom.webinar.settings.host_video`*:: ++ +-- +Related webinar settings + + +type: keyword + +-- + +*`zoom.webinar.settings.panelists_video`*:: ++ +-- +Related webinar settings + + +type: keyword + +-- + +*`zoom.webinar.settings.practice_session`*:: ++ +-- +Related webinar settings + + +type: keyword + +-- + +*`zoom.webinar.settings.approval_type`*:: ++ +-- +Related webinar settings + + +type: keyword + +-- + +*`zoom.webinar.settings.registration_type`*:: ++ +-- +Related webinar settings + + +type: keyword + +-- + +*`zoom.webinar.settings.audio`*:: ++ +-- +Related webinar settings + + +type: keyword + +-- + +*`zoom.webinar.settings.auto_recording`*:: ++ +-- +Related webinar settings + + +type: keyword + +-- + +*`zoom.webinar.settings.enforce_login`*:: ++ +-- +Related webinar settings + + +type: keyword + +-- + +*`zoom.old_webinar.id`*:: ++ +-- +Unique ID for the webinar + + +type: keyword + +-- + +*`zoom.old_webinar.uuid`*:: ++ +-- +UUID for the webinar + + +type: keyword + +-- + +*`zoom.old_webinar.host_id`*:: ++ +-- +UserID of the host of the webinar + + +type: keyword + +-- + +*`zoom.old_webinar.topic`*:: ++ +-- +Topic of the webinar + + +type: keyword + +-- + +*`zoom.old_webinar.type`*:: ++ +-- +Type of webinar created + + +type: keyword + +-- + +*`zoom.old_webinar.start_time`*:: ++ +-- +Start time of the webinar + + +type: date + +-- + +*`zoom.old_webinar.timezone`*:: ++ +-- +Timezone of the webinar + + +type: keyword + +-- + +*`zoom.old_webinar.duration`*:: ++ +-- +Duration of the webinar + + +type: long + +-- + +*`zoom.old_webinar.agenda`*:: ++ +-- +Agenda of the webinar + + +type: keyword + +-- + +*`zoom.old_webinar.password`*:: ++ +-- +Password for the webinar + + +type: keyword + +-- + +*`zoom.old_webinar.settings.host_video`*:: ++ +-- +Related webinar settings + + +type: keyword + +-- + +*`zoom.old_webinar.settings.panelists_video`*:: ++ +-- +Related webinar settings + + +type: keyword + +-- + +*`zoom.old_webinar.settings.practice_session`*:: ++ +-- +Related webinar settings + + +type: keyword + +-- + +*`zoom.old_webinar.settings.approval_type`*:: ++ +-- +Related webinar settings + + +type: keyword + +-- + +*`zoom.old_webinar.settings.registration_type`*:: ++ +-- +Related webinar settings + + +type: keyword + +-- + +*`zoom.old_webinar.settings.audio`*:: ++ +-- +Related webinar settings + + +type: keyword + +-- + +*`zoom.old_webinar.settings.auto_recording`*:: ++ +-- +Related webinar settings + + +type: keyword + +-- + +*`zoom.old_webinar.settings.enforce_login`*:: ++ +-- +Related webinar settings + + +type: keyword + +-- + +*`zoom.webinar.registrant.id`*:: ++ +-- +Information about the person that registers to the webinar + + +type: keyword + +-- + +*`zoom.webinar.registrant.email`*:: ++ +-- +Information about the person that registers to the webinar + + +type: keyword + +-- + +*`zoom.webinar.registrant.first_name`*:: ++ +-- +Information about the person that registers to the webinar + + +type: keyword + +-- + +*`zoom.webinar.registrant.last_name`*:: ++ +-- +Information about the person that registers to the webinar + + +type: keyword + +-- + +*`zoom.webinar.registrant.address`*:: ++ +-- +Information about the person that registers to the webinar + + +type: keyword + +-- + +*`zoom.webinar.registrant.city`*:: ++ +-- +Information about the person that registers to the webinar + + +type: keyword + +-- + +*`zoom.webinar.registrant.country`*:: ++ +-- +Information about the person that registers to the webinar + + +type: keyword + +-- + +*`zoom.webinar.registrant.zip`*:: ++ +-- +Information about the person that registers to the webinar + + +type: keyword + +-- + +*`zoom.webinar.registrant.state`*:: ++ +-- +Information about the person that registers to the webinar + + +type: keyword + +-- + +*`zoom.webinar.registrant.phone`*:: ++ +-- +Information about the person that registers to the webinar + + +type: keyword + +-- + +*`zoom.webinar.registrant.industry`*:: ++ +-- +Information about the person that registers to the webinar + + +type: keyword + +-- + +*`zoom.webinar.registrant.org`*:: ++ +-- +Information about the person that registers to the webinar + + +type: keyword + +-- + +*`zoom.webinar.registrant.job_title`*:: ++ +-- +Information about the person that registers to the webinar + + +type: keyword + +-- + +*`zoom.webinar.registrant.purchasing_time_frame`*:: ++ +-- +Information about the person that registers to the webinar + + +type: keyword + +-- + +*`zoom.webinar.registrant.role_in_purchase_process`*:: ++ +-- +Information about the person that registers to the webinar + + +type: keyword + +-- + +*`zoom.webinar.registrant.no_of_employees`*:: ++ +-- +Information about the person that registers to the webinar + + +type: keyword + +-- + +*`zoom.webinar.registrant.comments`*:: ++ +-- +Information about the person that registers to the webinar + + +type: keyword + +-- + +*`zoom.webinar.registrant.join_url`*:: ++ +-- +Information about the person that registers to the webinar + + +type: keyword + +-- + +*`zoom.webinar.participant.id`*:: ++ +-- +Webinar ID of the related meeting + + +type: keyword + +-- + +*`zoom.webinar.participant.user_id`*:: ++ +-- +UserID of the participant trigger the sharing event + + +type: keyword + +-- + +*`zoom.webinar.participant.user_name`*:: ++ +-- +User name of the participant trigger the sharing event + + +type: keyword + +-- + +*`zoom.webinar.participant.join_time`*:: ++ +-- +The time the participant joined the related meeting + + +type: date + +-- + +*`zoom.webinar.participant.leave_time`*:: ++ +-- +The time the participant left the related meeting + + +type: date + +-- + +*`zoom.zoomroom.id`*:: ++ +-- +ID of the Zoom room + + +type: keyword + +-- + +*`zoom.zoomroom.room_name`*:: ++ +-- +Name of the Zoom room + + +type: keyword + +-- + +*`zoom.zoomroom.calendar_name`*:: ++ +-- +Calendar name of the Zoom room + + +type: keyword + +-- + +*`zoom.zoomroom.calendar_id`*:: ++ +-- +Calendar ID of the Zoom room + + +type: keyword + +-- + +*`zoom.zoomroom.event_id`*:: ++ +-- +Event ID of the Zoom room + + +type: keyword + +-- + +*`zoom.zoomroom.change_key`*:: ++ +-- +Change key of the Zoom room + + +type: keyword + +-- + +*`zoom.zoomroom.resource_email`*:: ++ +-- +Resource email address related to the Zoom room + + +type: keyword + +-- + +*`zoom.zoomroom.email`*:: ++ +-- +Email related to the Zoom room + + +type: keyword + +-- + +*`zoom.zoomroom.issue`*:: ++ +-- +Related issue message to the Zoom room + + +type: keyword + +-- + +*`zoom.zoomroom.alert_type`*:: ++ +-- +Zoom room alert type + + +type: keyword + +-- + +*`zoom.zoomroom.component`*:: ++ +-- +Zoom room component + + +type: keyword + +-- + +*`zoom.zoomroom.alert_kind`*:: ++ +-- +Alert kind related to the Zoom room + + +type: keyword + +-- + [[exported-fields-zscaler]] == Zscaler NSS fields diff --git a/filebeat/docs/modules/zoom.asciidoc b/filebeat/docs/modules/zoom.asciidoc new file mode 100644 index 00000000000..26be63ff187 --- /dev/null +++ b/filebeat/docs/modules/zoom.asciidoc @@ -0,0 +1,60 @@ +//// +This file is generated! See scripts/docs_collector.py +//// + +[[filebeat-module-zoom]] +[role="xpack"] + +:modulename: zoom +:has-dashboards: false + + +== Zoom module +beta[] + +This is a module for Zoom webhook logs. The module creates a HTTP listeners that accepts incoming webhooks from Zoom. + +To configure Zoom to send webhooks to the filebeat module, please follow the documentation from Zoom located here: https://marketplace.zoom.us/docs/guides/build/webhook-only-app[Zoom Documentation]. + +include::../include/gs-link.asciidoc[] + +:fileset_ex: webhook + +include::../include/configuring-intro.asciidoc[] +include::../include/config-option-intro.asciidoc[] + +[float] +==== `webhook` fileset settings + +Example config: + +[source,yaml] +---- +- module: zoom + webhook: + enabled: true + var.input: http_endpoint + var.listen_address: 0.0.0.0 + var.listen_port: 8080 +---- + +include::../include/var-paths.asciidoc[] + +*`var.listen_address`*:: + +The IP address of the interface the module should listen on. Also supports 0.0.0.0 to listen on all interfaces. + +*`var.listen_port`*:: + +The port the module should be listening on. + +:modulename!: +:has-dashboards!: + + +[float] +=== Fields + +For a description of each field in the module, see the +<> section. + diff --git a/filebeat/docs/modules_list.asciidoc b/filebeat/docs/modules_list.asciidoc index 936d44f2cb4..c69ac708b9f 100644 --- a/filebeat/docs/modules_list.asciidoc +++ b/filebeat/docs/modules_list.asciidoc @@ -59,6 +59,7 @@ This file is generated! See scripts/docs_collector.py * <> * <> * <> + * <> * <> @@ -121,4 +122,5 @@ include::modules/system.asciidoc[] include::modules/tomcat.asciidoc[] include::modules/traefik.asciidoc[] include::modules/zeek.asciidoc[] +include::modules/zoom.asciidoc[] include::modules/zscaler.asciidoc[] diff --git a/x-pack/filebeat/filebeat.reference.yml b/x-pack/filebeat/filebeat.reference.yml index f01da244ed3..11de3a4eb3c 100644 --- a/x-pack/filebeat/filebeat.reference.yml +++ b/x-pack/filebeat/filebeat.reference.yml @@ -1451,19 +1451,19 @@ filebeat.modules: #var.paths: #--------------------------------- Zoom Module --------------------------------- -- module: checkpoint - firewall: +- module: zoom + webhook: enabled: true - # Set which input to use between syslog (default) or file. - #var.input: syslog + # The type of input to use + #var.input: http_endpoint - # The interface to listen to UDP based syslog traffic. Defaults to + # The interface to listen for incoming HTTP requests. Defaults to # localhost. Set to 0.0.0.0 to bind to all available interfaces. - #var.syslog_host: localhost + #var.listen_address: localhost - # The UDP port to listen for syslog traffic. Defaults to 9001. - #var.syslog_port: 9001 + # The port to bind to + #var.listen_port: 80 #----------------------------- Zscaler NSS Module ----------------------------- - module: zscaler diff --git a/x-pack/filebeat/module/zoom/_meta/config.yml b/x-pack/filebeat/module/zoom/_meta/config.yml index 4408a7ba5f2..96d1f602221 100644 --- a/x-pack/filebeat/module/zoom/_meta/config.yml +++ b/x-pack/filebeat/module/zoom/_meta/config.yml @@ -1,13 +1,13 @@ -- module: checkpoint - firewall: +- module: zoom + webhook: enabled: true - # Set which input to use between syslog (default) or file. - #var.input: syslog + # The type of input to use + #var.input: http_endpoint - # The interface to listen to UDP based syslog traffic. Defaults to + # The interface to listen for incoming HTTP requests. Defaults to # localhost. Set to 0.0.0.0 to bind to all available interfaces. - #var.syslog_host: localhost + #var.listen_address: localhost - # The UDP port to listen for syslog traffic. Defaults to 9001. - #var.syslog_port: 9001 + # The port to bind to + #var.listen_port: 80 diff --git a/x-pack/filebeat/module/zoom/_meta/docs.asciidoc b/x-pack/filebeat/module/zoom/_meta/docs.asciidoc index b09dcde2333..b34edf57720 100644 --- a/x-pack/filebeat/module/zoom/_meta/docs.asciidoc +++ b/x-pack/filebeat/module/zoom/_meta/docs.asciidoc @@ -1,168 +1,47 @@ [role="xpack"] -:modulename: checkpoint +:modulename: zoom :has-dashboards: false -== Check Point module +== Zoom module beta[] -This is a module for Check Point firewall logs. It supports logs from the Log Exporter in the Syslog format. +This is a module for Zoom webhook logs. The module creates a HTTP listeners that accepts incoming webhooks from Zoom. -To configure a Log Exporter, please refer to the documentation by https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk122323[Check Point]. - -Example below: - -`cp_log_export add name testdestination target-server 192.168.1.1 target-port 9001 protocol udp format syslog` - -The module that supports Check Point firewall logs sent in the CEF format requires the <> - -The Check Point and ECS fields that are the same between both modules will be mapped to the same names for compability between modules, though not all fields are included in CEF. Please reference the supported fields in the CEF documentation. +To configure Zoom to send webhooks to the filebeat module, please follow the documentation from Zoom located here: https://marketplace.zoom.us/docs/guides/build/webhook-only-app[Zoom Documentation]. include::../include/gs-link.asciidoc[] - -[float] -=== Compatibility - -This module has been tested against Check Point Log Exporter on R80.X but should also work with R77.30. +:fileset_ex: webhook include::../include/configuring-intro.asciidoc[] - -:fileset_ex: firewall - include::../include/config-option-intro.asciidoc[] [float] -==== `firewall` fileset settings +==== `webhook` fileset settings Example config: [source,yaml] ---- -- module: checkpoint - firewall: - var.syslog_host: 0.0.0.0 - var.syslog_port: 9001 +- module: zoom + webhook: + enabled: true + var.input: http_endpoint + var.listen_address: 0.0.0.0 + var.listen_port: 8080 ---- include::../include/var-paths.asciidoc[] -*`var.syslog_host`*:: - -The interface to listen to UDP based syslog traffic. Defaults to localhost. -Set to 0.0.0.0 to bind to all available interfaces. +*`var.listen_address`*:: -*`var.syslog_port`*:: +The IP address of the interface the module should listen on. Also supports 0.0.0.0 to listen on all interfaces. -The UDP port to listen for syslog traffic. Defaults to 9001. +*`var.listen_port`*:: -*`var.tags`*:: - -A list of tags to include in events. Including `forwarded` indicates that the -events did not originate on this host and causes `host.name` to not be added to -events. Defaults to `[checkpoint-firewall, forwarded]`. - -[float] -==== Check Point devices - -This module will parse Check Point Syslog data as documented in: -https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk144192[Checkpoint Log Fields Description.] - -Check Point Syslog extensions are mapped as follows to ECS: -[options="header"] -|============================================================== -| Check Point Fields | ECS Fields | -| action | event.action | -| appi_name | network.application | -| app_risk | event.risk_score | -| app_rule_id | rule.id | -| app_rule_name | rule.name | -| bytes | network.bytes | -| categories | rule.category | -| client_inbound_interface | observer.ingress.interface.name| -| client_outbound_bytes | source.bytes | -| client_outbound_interface | observer.egress.interface.name | -| client_outbound_packets | source.packets | -| destination_dns_hostname | destination.domain | -| dlp_file_name | file.name | -| dns_message_type | dns.type | -| dns_type | dns.question.type | -| domain_name | dns.question.name | -| dst | destination.ip | -| dst_machine_name | destination.domain | -| dlp_rule_name | rule.name | -| dlp_rule_uid | rule.uuid | -| endpoint_ip | observer.ip | -| file_id | file.inode | -| file_type | file.type | -| file_name | file.name | -| file_size | file.size | -| file_md5 | file.hash.md5 | -| file_sha1 | file.hash.sha1 | -| file_sha256 | file.hash.sha256 | -| first_detection | event.start | -| from | source.user.email | -| ifdir | network.direction | -| industry_reference | vulnerability.id | -| inzone | observer.ingress.zone | -| last_detection | event.end | -| loguid | event.id | -| mac_destination_address | destination.mac | -| mac_source_address | source.mac | -| malware_action | rule.description | -| matched_category | rule.category | -| malware_rule_id | rule.rule.id | -| message | message | -| method | http.request.method | -| origin | observer.name | -| origin_ip | observer.ip | -| os_name | host.os.name | -| os_version | host.os.version | -| outzone | observer.egress.zone | -| packet_capture | event.url | -| packets | network.packets | -| parent_process_md5 | process.parent.hash.md5 | -| parent_process_name | process.parent.name | -| process_md5 | process.hash.md5 | -| process_name | process.name | -| product | observer.product | -| proto | network.iana_number | -| reason | message | -| received_bytes | destination.bytes | -| referrer | http.request.referrer | -| rule_name | rule.name | -| resource | url.original | -| s_port | source.port | -| security_inzone | observer.ingress.zone | -| security_outzone | observer.egress.zone | -| sent_bytes | source.bytes | -| sequencenum | event.sequence | -| service | destination.port | -| service_id | network.application | -| service_name | destination.service.name | -| server_outbound_packets | destination.packets | -| server_outbound_bytes | destination.bytes | -| severity | event.severity | -| smartdefense_profile | rule.ruleset | -| src | source.ip | -| src_machine_name | source.domain | -| src_user_group | source.user.group.name | -| start_time | event.start | -| status | http.response.status_code | -| tid | dns.id | -| time | @timestamp | -| to | destination.user.email | -| type | observer.type | -| update_version | observer.version | -| url | url.original | -| user_group | group.name | -| usercheck_incident_uid | destination.user.id | -| web_client_type | user_agent.name | -| xlatesrc | source.nat.ip | -| xlatedst | destination.nat.ip | -| xlatesport | source.nat.port | -| xlatedport | destination.nat.port | -|============================================================== +The port the module should be listening on. :modulename!: +:has-dashboards!: diff --git a/x-pack/filebeat/module/zoom/fields.go b/x-pack/filebeat/module/zoom/fields.go index bd151fb9a20..372926084d8 100644 --- a/x-pack/filebeat/module/zoom/fields.go +++ b/x-pack/filebeat/module/zoom/fields.go @@ -19,5 +19,5 @@ func init() { // AssetZoom returns asset data. // This is the base64 encoded gzipped contents of module/zoom. func AssetZoom() string { - return "eJx8j0FqwzAQRfc+xb9AcgAtCiWrLgqFFgrdBNn6dkRkjRmNU9zTlzg4OC707zRPM/NmhzMnhx+RvgIsWqLD1+0VWBqNg0XJDk8VALxLzxmjlzAmVkAbmUJxM75mh+x73kcusWmgQ6cyDquqMtEXOtQ0v6oHtn5MdpyHO7Q+FT7gP2ZLXmcvtKIYvJaYu5vv89sLPlmfRM5lv+rY6q9PaCS3MTA3PCZemB4+LSfFbOyoGyYX6rdGo4PpyA39x/+aw30v5r0INGofMwPqCR8npbdDkjHsq98AAAD//3cefEc=" + return "eJzUnc+P27iSx+/zV/C4C+zrAd4xhwWCJMA2MBkE+YEHvAtBS2WLaYrUIyk7zl+/IPXDsk2ZkptqlfswmNjdxY8okqpi8Vv6B3mB4zvyW6nyD0IstwLekX83/8rBZJpXliv5jvzvH4QQ8k2V4L8mpcprAX8QsuUgcvPOf+1+/kEkK6E32f3YYwXvyE6ruhp8qkEAM/CObMCywec5bFktLPXG35EtEwbOvr4i634+ey6yVZpUTBsudw3v+y/P5F+wKZR6MU+Dv7jEH15CyYwFTVmWqVpayvOz3+qu6QWOB6Uvv7uB6DG9afK+Me36gVnIiVWEEVNBxrc8I9/qTfcbQT5TbxaB+9rSxNpXFWhmlU7a+A8D+vkjsQWzxGq+24F2HVMAgT1EQNJSONt/fioZF8P740hqA3oe4ZK3qbXtOk1FMCwvwVhWVkGKnFmYh/C9s3fZQ9GeeFIHCYuMHLX1BB1Qe6+AsMz9ITkwQyrQW6VLyImSNyHB3f10hLcG032ATS+ix+yGv/s0HeffrIRFMJngzKTjfO/MLQJq6qpSOnW/fmusdq0tSp546F6i/5cfy/+d9BIMWMvlzjyZrADnbdASwH3yVChj6Z7noIJXtFFKAJMzr6ht7fIS2I0Hc5y0YtryjFdMPggwq3OuqMNKOFgWIf2puKQb2CoN1A0I7D0Lcqt0BlSoHb8Ewg1LD9wWNFcl4zK8XKMlvwWNaCxLZamxbiS3n1CrKp5h7+ump6uS05+bglbMmECHrk3N5Wls/BMoyEwffYt4ObOCYVvOBnSV5ntmgeKmZLVV1LC9m0y4SbdcALWaSbOFcGiNAxMg37DsBS9h5dzCbgHFj5spjH7LWX8KweUOLyCzFmQOQJWkhRKInzymUId+aGZKWq0EtUqJDUM85ZkQ6kA9+2+lSnrgMlcHbC7gEFhKZRnuh/uh4BY2imF2lA6w4ZJp+p8ajGuTMmkOmB9OTCp5LFVtHgd5o4G9qNpSfZ7BQYaZCWUgpxlD7jNvmaYgHWgJmnVrLF5en6KjBeJFYM+1rZmgzotytBIx64FZ0CXTiN09JkBbunPLE/2p0G0BXYZO2JfP6p+Vm+QScC9LDrNS2iJ2mjwe1UzusO35Dh1okLnznbsTCz6fQbnccwuI+7Y2QAtbCrpVumS30jAocHOTVdQto6jDPk/pExVBRqGu4NcAHE/3rA9oLGhQN/oQxX1Wmu+4ZAI7p8k0gKSmYBr1vNFQKgv4XWO/reNjOKtZhnAtah4+Ulm+5ZnfbnBhUp1TDZnS/jnF9kxwthFANZRc5uhcqcA1/NwUD0SbMZmB6DfVHgdcqIPf+KXNCY3HAWfCgpbM8n2TcceK7vcqtVKleaqrTJVueHTDxEdheHmNZdpSxnUl2JGWTNZMiCNe3gPAizhSczQWSqrB8+PFFfyUITLNsYaMCZA5ul34AfRvTR8hszWcdcJqZpREd4JhwNieXWhz2W3f4sUteN4uulw2sSS+bY8BblZqF/JSLo1l0uLv3+a4gF99jVUV7c665P1ygYzdQFZrbo9PLC+5pFnB5A78AVWK8ORQB8tLfxq1KpRVhm61KmkOe56h28Ppif3E23CfCfdzDxloH3I8CZUxcQpB0HJehEpoOZv/o6YC9gKa7jkcsLPumBCgjw/B2pw03nIR3nXGQGrYvjnmRi38wubWDjALdaC3JUcYMAebI80hc81k0z5aZO8V3F6p1suOjK6oNFcHKRTDlq+NA2M8EDcYDc1XtDaNWhWMeYDHmB/DOQiwQLMSW5w7yklzdgw7hSulTywIqAolj0+24DqnFdP2iDI1cSJtFtpMyS1okBmMO7BrJnkt7HSzw7hTaicA655MgDTXfI/Nfxli5lpVG/ULMSFuupJnWhm1tVRJ/Hf7pd5wZHhbYLbW8NSffWYVy7hdYUs7yKtE3pV2wK2UH4KilaFf9+ZDoHZ+HVLVfAgVrXI+BPs46vlb9A+koB9eBn4V/TRaZEr6adBY1PTTaHEp6qcxI1LV3wGMSFl/Dz0Kdf00cJQK+2noGFX2QXKkSvsY6/rq8BghHsV9jBSX6j5Gi0h5H0VFcegnOlDxnVOKzn4MKvx4vyJQ4kfnPio1fowWryI/2s8YVflRaCTK/BgnFnV+lBOjQj8+CFCq9GPYiJT60acZIrV+1KVBqNiPMeNQ7ccosSn3o4sZDvV+/MGLScE/KRR7hOUVkZJ/CioCNX88XECi6I864XhV/TF0hMr+GDIedf8k0rUV/pMg11b5R2cYGqV/jBST2j/aq4gU/zFWTKr/SVtIiJT/Qd4HVP9PvQ48FQAm9zzGKgBT4VFWApgKj7QaQBAfeUWAGDPGqgAxZoSVAWLIaKsDxMBxVgiIzkQkVQJinAgrBcSQEVYLiCGjrBgQg8ZeNSB8wAhx5YDbwFirB9ymRlZBIAiLtIpAhBVVJYEIK7pqAtN48VQUmMaLpapAhBZTZYEYKqLqApPGAL4KAxFsTFUG5q24SCoN3AmN9eDfQ1QcmDKmsVQdmMe6duWBIC3a6gMRWoQVCEaSEEirEEylRaBNj6KiqEYQpcRPiK4qQZR4/coEQUQ81QmGqD4uyAomJYintKLpD41VcmU12HbKWghdy88f4+2OCmb9kLrKME1s+cpquO2bkU7O7CVZpPXvvARyKECStgUv4c40uNHwZ6lyvuWQ/9m4H3mczxH4cAwZXwnGsB2YpIPmc2P05qDpG047ar4fKyBqS1rz/0OA2wI0afMA3edE6b7j2o8moC53EzusV97E5WZBIkADxnAlk5Zr+dbYfP5ItqoputDd2YvFe/qNzpS0LEtePKKpg8LyXIMJ1+1oT1beibtAEZyEkM1NSQrZPiOuOedjLffAvp8t9Juvwvp+at7dxbAf053qSnmjXMOnkkqhJOFl63Wduv0fP+YRNInY1BBntaXapsjVjtYly3jVgzsf0E2736/MXjW80NO5ab99ktwkaPK0qZ+6w973LUQoXPu/lUw5F1uLbk3N+0fXlIGZ13r8ZMA9m12Zkrk5H5DMkA2A9PWL9uG1ql8njKlHUrnzYZ6dsX6N4lvCJPFHvQg3xGq+24H2FZQm99bNyht33bkvrcXrhT1O08ewb1nGaRbYChWbZvG9fbmjWXhlbYHWlZIUpNVvsCUxi2585znpPu5MprfNo82Cq42v4YPuNiLusgPjflfubWTXM9HeTLE6i+uNy6FNYdOw48ZqJm3SQOD5dLCRsI2qrQeqQBv/SGeWNA2DNnfSJo7Zlwfecm1SV9lcnlqwB4Rut14eCXk0r4GVV9Wjfg9S5N88vF+KFNfY65AXNXBVJA2clwfmMq/Ngw1ipRP6gcvj/lQbarkdOe+JFLqqdVYw48uQ8hLoVj/Y808rAZRL2l4I0Eqr7MEeiFJRtaVQVkIdYWTfCSl6psoS5EgZEqTMfrul1vg96sG+VeJkdrMlev1GiLlU/jjoci+qGDTV7ZT6z9tyBwT2sYzPFWxa/97hNhmxRYj9SE2ZJyiA2C5XMER1Dblg+hVDQQDbpz1KMAYrYGtfhdreDJqDZVyYJ8HlCzWq1lnCofEZbKFyNy66e3/gtiDtyUMyOJN2N3empL0cTq9L4LTJrNZws3QdmPGXEEkn3QL15Y1dLydELYA4s8SZTQZ6+zjM3Ukxf4DlbB2YkqC7BZp6tPbd2Rie1KFK9OrSlTLrQ4L1sutDCgwZ9iHPm2fZzxpfLdM+pFg3237WHwgy7kMeJFn3s3UEZ+Z9iIgj+342wrFl4INwyLLwQUZcmfggIqpsfJAQQUZ+hAtPijkIiCIz/5hdhydDP4KHIksfZEOUqfdplScX6Lh7md5xa3cUmnDMiwAYca1Z50K5aMd9tRHcFCfejAkBYcelwfUVozML+aMAN6W434S24/GsTbsjfnLbl0wIX4r/jbBA5nGepPubkv+nHoa3roUbAIld9I+tOdc6I3vFs+uzJdc9AJrKutyMFFS8T03gzZLG7OUSMYcrrcahpQpIHGb31fjLNufftpbL/fkruJberG/SHffywdJ8TSv399/iyY6m/w4FzwrCJbe84YwvEi2f/0fymfrFWSV/NxN12JU6TgS/LEivjktN9amz3C0hM8kW3IqZSdLUjUv8at6P3mizYPitoc1xBtTiU3GYGeWmoYo9hgHeaALOpXrjaXfTFW2IVpp2E8jeaNpNIHn7aReGOhX/SXomeZDZDwXt162nTZ8MUydTCZKnTs5ntzM/EotORkycTfFZlMu0zgXiZLR03maXaJnadPJA8iOzMHf0LLCytHHjdX6lb/X62q7BFozg5vSPz+OmPfX0vc1nA/nx9a/rzonOJcsENfx3smHrDBJn8KpvCJdkc7x8k9M106ky33VNnPvB3pfO2NmM8rn2q62xWSvluChkPuF5FYf4gtkbiPbnIyhugry4NTdB5AdQ3QS58etugtjYlTdBaNTamzAxcvVNEBqz/iYIjFuBE0TGrcEJPwSxq3CC1Jh1OEFg/Eqc8IB+KC1O8BIeTo0TvIpH0eOMPC+RK3JGpixyTU5tQCcNYm5UoxsXiXiKJfx8L2TxhoPZzylYC7jxnsrZvRsqcRjngbzNe2DSbjZ7llBKeArKkkmLcFLfNRvjSe7rf2gMkkzlV91UDWDHwTJVVkwmRPK37UPA6nl/jBwDvL/JZuVjot9oHill65tPfhLxeesMky+fnwk3BCTbjOXWmsvnWdqnwY+vf/X3XSuvdKl4Zmsd3r71EHsmuT0mXtL+HogFuwHpWjPXN+jqLOP5YrJcKi1Tcst3tR5sed+evYLJXZ20rOdfrUXSHVOcSOK3Rl8g4Xz9P2Ws+0tHMhHCecEJb0txdkec8YkcOYy8bygFRw4V0xacrzkR53SEvRngt4vcz9/F/sx+8bIuSWd2LpZgerfAazWft8Rb7ud1JZgcrIITMSsNxr+3xFhm64Tu/Ydaa3cTuwZI04BbpCJE7YJFpUq5d/SlWwed2dO8/3F7qC9Wx9x7U0LtdpATLv9U9bjoDkeM0JPgixN6NGyxQg+GJV7ogXDEDD0OorjhgglX7NDDvX38cOqX1WKIHmHFOOLUDSvHEj0I2njitNjgiCkGjwkEcUVPs3Zs0YMgiC96FjwxRo+EL864RkMba5yWTUzxxokKR8xxGv5rxx0H2HDJEocdvUit64i2lZsEC5wgntP8Wxwfbv9/Cs6SR4UntZ80buiOBLfWb9Ze6QiSHwv+5gw2JcHmdMTikoMpFAufAp6CwHYgc5auG957e3MIFqycMmeluFFj5i6Ir63b3djtQoMpJFMLt7wKq5uzXWPTiComQXBjDTIszTLLnVfSvCIPCxerKq32TCQWFL0Oqjtf4ayjAktcIea1MMvUNnkdVbwqx/JQzstd378cUqzkYw4RkPiZQ6S1fM0zhtX8zSHFyj7nWYes6ncOSVb0PYcY6/mfQ4qVfdCzwYrG+wtS4fAAw2g4vMAgGwZPMAiGxRsM99qKHuEIEAKvMEiGwTPsoPAIPKeE26jknTOBkYg7Z1LjkHbOhMYg7JyJvLqscy4vAlHnTOS1JZ0zcdcXdM4EXl/OORMYhZhzJvPaUs6ZuDiEnHMHMjoZ58wLQCninHkNmCScs5+NCAScsycqAvnmtBTkMq9U+1cbNc17pVqICu0r1UZhFzjHLZO8Ui1EjPWVaiFWpK9U+61UqZUqF6pY+G+lyvGzqn3j7j8LnqWdSJExATJnCxSi9mbPJsJcpJS3pweafZ/89EzK8slZnA+SFUzuIO0B3g/epj/CO3P0QvOitRtl3O7cxWtf4AZnJd0u5AtTb11atk8hHcxEFH+2Jv1mJz97Q9Q8JP8mqcQb6X3T7Xuqrqxfj2pVVkomfQvkCSJsfKQnXrhMOMnf++t3NsdHzP8HAAD//0xqk+s=" } diff --git a/x-pack/filebeat/module/zoom/webhook/_meta/fields.yml b/x-pack/filebeat/module/zoom/webhook/_meta/fields.yml index 33afa17c13e..450fa969f46 100644 --- a/x-pack/filebeat/module/zoom/webhook/_meta/fields.yml +++ b/x-pack/filebeat/module/zoom/webhook/_meta/fields.yml @@ -5,8 +5,1793 @@ description: > Module for parsing Zoom API Webhooks. fields: - - name: confidence_level + - name: master_account_id + type: keyword + description: > + Master Account related to a specific Sub Account + - name: sub_account_id + type: keyword + description: > + Related Sub Account + - name: operator_id + type: keyword + description: > + UserID that triggered the event + - name: operator + type: keyword + description: > + Username/Email related to the user that triggered the event + - name: account_id + type: keyword + description: > + Related accountID to the event + - name: timestamp + type: date + description: > + Timestamp related to the event + - name: account.owner_id + type: keyword + description: > + UserID of the related user the action was performed on + - name: account.email + type: keyword + description: > + Email related to the user the action was performed on + - name: account.owner_email + type: keyword + description: > + Email related to the user the action was performed on + - name: account.account_name + type: keyword + description: > + Name related to the user the action was performed on + - name: account.account_alias + type: keyword + description: > + Alias related to the user the action was performed on + - name: account.account_support_name + type: keyword + description: > + Support account related to the user the action was performed on + - name: account.account_support_email + type: keyword + description: > + Support account (Email) related to the user the action was performed on + - name: account.settings.schedule_meeting.host_video + type: boolean + description: > + Settings related to the account + - name: account.settings.schedule_meeting.participant_video + type: boolean + description: > + Settings related to the account + - name: account.settings.schedule_meeting.audio_type + type: keyword + description: > + Settings related to the account + - name: account.settings.schedule_meeting.join_before_host + type: boolean + description: > + Settings related to the account + - name: account.settings.schedule_meeting.enforce_login + type: boolean + description: > + Settings related to the account + - name: account.settings.schedule_meeting.enforce_login_with_domains + type: boolean + description: > + Settings related to the account + - name: account.settings.schedule_meeting.enforce_login_domains + type: keyword + description: > + Settings related to the account + - name: account.settings.schedule_meeting.not_store_meeting_topic + type: boolean + description: > + Settings related to the account + - name: account.settings.schedule_meeting.force_pmi_jbh_password + type: boolean + description: > + Settings related to the account + - name: account.settings.in_meeting.e2e_encryption + type: boolean + description: > + Settings related to the account + - name: account.settings.in_meeting.chat + type: boolean + description: > + Settings related to the account + - name: account.settings.in_meeting.private_chat + type: boolean + description: > + Settings related to the account + - name: account.settings.in_meeting.auto_saving_chat + type: boolean + description: > + Settings related to the account + - name: account.settings.in_meeting.file_transfer + type: boolean + description: > + Settings related to the account + - name: account.settings.in_meeting.feedback + type: boolean + description: > + Settings related to the account + - name: account.settings.in_meeting.post_meeting_feedback + type: boolean + description: > + Settings related to the account + - name: account.settings.in_meeting.co_host + type: boolean + description: > + Settings related to the account + - name: account.settings.in_meeting.polling + type: boolean + description: > + Settings related to the account + - name: account.settings.in_meeting.attendee_on_hold + type: boolean + description: > + Settings related to the account + - name: account.settings.in_meeting.show_meeting_control_toolbar + type: boolean + description: > + Settings related to the account + - name: account.settings.in_meeting.allow_show_zoom_windows + type: boolean + description: > + Settings related to the account + - name: account.settings.in_meeting.annotation + type: boolean + description: > + Settings related to the account + - name: account.settings.in_meeting.whiteboard + type: boolean + description: > + Settings related to the account + - name: account.settings.in_meeting.webinar_question_answer + type: boolean + description: > + Settings related to the account + - name: account.settings.in_meeting.anonymous_question_answer + type: boolean + description: > + Settings related to the account + - name: account.settings.in_meeting.breakout_room + type: boolean + description: > + Settings related to the account + - name: account.settings.in_meeting.closed_caption + type: boolean + description: > + Settings related to the account + - name: account.settings.in_meeting.far_end_camera_control + type: boolean + description: > + Settings related to the account + - name: account.settings.in_meeting.group_hd + type: boolean + description: > + Settings related to the account + - name: account.settings.in_meeting.virtual_background + type: boolean + description: > + Settings related to the account + - name: account.settings.in_meeting.watermark + type: boolean + description: > + Settings related to the account + - name: account.settings.in_meeting.alert_guest_join + type: boolean + description: > + Settings related to the account + - name: account.settings.in_meeting.auto_answer + type: boolean + description: > + Settings related to the account + - name: account.settings.in_meeting.p2p_connetion + type: boolean + description: > + Settings related to the account + - name: account.settings.in_meeting.p2p_ports + type: boolean + description: > + Settings related to the account + - name: account.settings.in_meeting.ports_range + type: keyword + description: > + Settings related to the account + - name: account.settings.in_meeting.sending_default_email_invites + type: boolean + description: > + Settings related to the account + - name: account.settings.in_meeting.use_html_format_email + type: boolean + description: > + Settings related to the account + - name: account.settings.in_meeting.dscp_marking + type: boolean + description: > + Settings related to the account + - name: account.settings.in_meeting.dscp_audio + type: long + description: > + Settings related to the account + - name: account.settings.in_meeting.dscp_video + type: long + description: > + Settings related to the account + - name: account.settings.in_meeting.stereo_audio + type: boolean + description: > + Settings related to the account + - name: account.settings.in_meeting.original_audio + type: boolean + description: > + Settings related to the account + - name: account.settings.in_meeting.screen_sharing + type: boolean + description: > + Settings related to the account + - name: account.settings.in_meeting.remote_control + type: boolean + description: > + Settings related to the account + - name: account.settings.in_meeting.attention_tracking + type: boolean + description: > + Settings related to the account + - name: account.settings.email_notification.cloud_recording_avaliable_reminder + type: boolean + description: > + Settings related to the account + - name: account.settings.email_notification.jbh_reminder + type: boolean + description: > + Settings related to the account + - name: account.settings.email_notification.cancel_meeting_reminder + type: boolean + description: > + Settings related to the account + - name: account.settings.email_notification.low_host_count_reminder + type: boolean + description: > + Settings related to the account + - name: account.settings.email_notification.alternative_host_reminder + type: boolean + description: > + Settings related to the account + - name: account.settings.zoom_rooms.upcoming_meeting_alert + type: boolean + description: > + Settings related to the account + - name: account.settings.zoom_rooms.start_airplay_manually + type: boolean + description: > + Settings related to the account + - name: account.settings.zoom_rooms.weekly_system_restart + type: boolean + description: > + Settings related to the account + - name: account.settings.zoom_rooms.list_meetings_with_calendar + type: boolean + description: > + Settings related to the account + - name: account.settings.zoom_rooms.zr_post_meeting_feedback + type: boolean + description: > + Settings related to the account + - name: account.settings.zoom_rooms.ultrasonic + type: boolean + description: > + Settings related to the account + - name: account.settings.zoom_rooms.force_private_meeting + type: boolean + description: > + Settings related to the account + - name: account.settings.zoom_rooms.hide_host_information + type: boolean + description: > + Settings related to the account + - name: account.settings.zoom_rooms.cmr_for_instant_meeting + type: boolean + description: > + Settings related to the account + - name: account.settings.zoom_rooms.auto_start_stop_scheduled_meetings + type: boolean + description: > + Settings related to the account + - name: account.settings.security.admin_change_name_pic + type: boolean + description: > + Settings related to the account + - name: account.settings.security.import_photos_from_devices + type: boolean + description: > + Settings related to the account + - name: account.settings.security.hide_billing_info + type: boolean + description: > + Settings related to the account + - name: account.settings.recording.local_recording + type: boolean + description: > + Settings related to the account + - name: account.settings.recording.cloud_recording + type: boolean + description: > + Settings related to the account + - name: account.settings.recording.record_speaker_view + type: boolean + description: > + Settings related to the account + - name: account.settings.recording.record_gallery_view + type: boolean + description: > + Settings related to the account + - name: account.settings.recording.record_audio_file + type: boolean + description: > + Settings related to the account + - name: account.settings.recording.save_chat_text + type: boolean + description: > + Settings related to the account + - name: account.settings.recording.show_timestamp + type: boolean + description: > + Settings related to the account + - name: account.settings.recording.recording_audio_transcript + type: boolean + description: > + Settings related to the account + - name: account.settings.recording.auto_recording + type: keyword + description: > + Settings related to the account + - name: account.settings.recording.cloud_recording_download + type: boolean + description: > + Settings related to the account + - name: account.settings.recording.cloud_recording_download_host + type: boolean + description: > + Settings related to the account + - name: account.settings.recording.account_user_access_recording + type: boolean + description: > + Settings related to the account + - name: account.settings.recording.auto_delete_cmr + type: boolean + description: > + Settings related to the account + - name: account.settings.recording.auto_delete_cmr_days + type: long + description: > + Settings related to the account + - name: account.settings.telephony.third_party_audio + type: boolean + description: > + Settings related to the account + - name: account.settings.telephony.audio_conference_info + type: keyword + description: > + Settings related to the account + - name: account.settings.integration.google_calendar + type: boolean + description: > + Settings related to the account + - name: account.settings.integration.google_drive + type: boolean + description: > + Settings related to the account + - name: account.settings.integration.dropbox + type: boolean + description: > + Settings related to the account + - name: account.settings.integration.box + type: boolean + description: > + Settings related to the account + - name: account.settings.integration.microsoft_one_drive + type: boolean + description: > + Settings related to the account + - name: account.settings.integration.kubi + type: boolean + description: > + Settings related to the account + - name: account.settings.feature.meeting_capacity + type: boolean + description: > + Settings related to the account + + - name: old_account.owner_id + type: keyword + description: > + UserID of the related user the action was performed on + - name: old_account.email + type: keyword + description: > + Email related to the user the action was performed on + - name: old_account.owner_email + type: keyword + description: > + Email related to the user the action was performed on + - name: old_account.account_name + type: keyword + description: > + Name related to the user the action was performed on + - name: old_account.account_alias + type: keyword + description: > + Alias related to the user the action was performed on + - name: old_account.account_support_name + type: keyword + description: > + Support account related to the user the action was performed on + - name: old_account.account_support_email + type: keyword + description: > + Support account (Email) related to the user the action was performed on + - name: old_account.settings.schedule_meeting.host_video + type: boolean + description: > + Settings related to the account + - name: old_account.settings.schedule_meeting.participant_video + type: boolean + description: > + Settings related to the account + - name: old_account.settings.schedule_meeting.audio_type + type: keyword + description: > + Settings related to the account + - name: old_account.settings.schedule_meeting.join_before_host + type: boolean + description: > + Settings related to the account + - name: old_account.settings.schedule_meeting.enforce_login + type: boolean + description: > + Settings related to the account + - name: old_account.settings.schedule_meeting.enforce_login_with_domains + type: boolean + description: > + Settings related to the account + - name: old_account.settings.schedule_meeting.enforce_login_domains + type: keyword + description: > + Settings related to the account + - name: old_account.settings.schedule_meeting.not_store_meeting_topic + type: boolean + description: > + Settings related to the account + - name: old_account.settings.schedule_meeting.force_pmi_jbh_password + type: boolean + description: > + Settings related to the account + - name: old_account.settings.in_meeting.e2e_encryption + type: boolean + description: > + Settings related to the account + - name: old_account.settings.in_meeting.chat + type: boolean + description: > + Settings related to the account + - name: old_account.settings.in_meeting.private_chat + type: boolean + description: > + Settings related to the account + - name: old_account.settings.in_meeting.auto_saving_chat + type: boolean + description: > + Settings related to the account + - name: old_account.settings.in_meeting.file_transfer + type: boolean + description: > + Settings related to the account + - name: old_account.settings.in_meeting.feedback + type: boolean + description: > + Settings related to the account + - name: old_account.settings.in_meeting.post_meeting_feedback + type: boolean + description: > + Settings related to the account + - name: old_account.settings.in_meeting.co_host + type: boolean + description: > + Settings related to the account + - name: old_account.settings.in_meeting.polling + type: boolean + description: > + Settings related to the account + - name: old_account.settings.in_meeting.attendee_on_hold + type: boolean + description: > + Settings related to the account + - name: old_account.settings.in_meeting.show_meeting_control_toolbar + type: boolean + description: > + Settings related to the account + - name: old_account.settings.in_meeting.allow_show_zoom_windows + type: boolean + description: > + Settings related to the account + - name: old_account.settings.in_meeting.annotation + type: boolean + description: > + Settings related to the account + - name: old_account.settings.in_meeting.whiteboard + type: boolean + description: > + Settings related to the account + - name: old_account.settings.in_meeting.webinar_question_answer + type: boolean + description: > + Settings related to the account + - name: old_account.settings.in_meeting.anonymous_question_answer + type: boolean + description: > + Settings related to the account + - name: old_account.settings.in_meeting.breakout_room + type: boolean + description: > + Settings related to the account + - name: old_account.settings.in_meeting.closed_caption + type: boolean + description: > + Settings related to the account + - name: old_account.settings.in_meeting.far_end_camera_control + type: boolean + description: > + Settings related to the account + - name: old_account.settings.in_meeting.group_hd + type: boolean + description: > + Settings related to the account + - name: old_account.settings.in_meeting.virtual_background + type: boolean + description: > + Settings related to the account + - name: old_account.settings.in_meeting.watermark + type: boolean + description: > + Settings related to the account + - name: old_account.settings.in_meeting.alert_guest_join + type: boolean + description: > + Settings related to the account + - name: old_account.settings.in_meeting.auto_answer + type: boolean + description: > + Settings related to the account + - name: old_account.settings.in_meeting.p2p_connetion + type: boolean + description: > + Settings related to the account + - name: old_account.settings.in_meeting.p2p_ports + type: boolean + description: > + Settings related to the account + - name: old_account.settings.in_meeting.ports_range + type: keyword + description: > + Settings related to the account + - name: old_account.settings.in_meeting.sending_default_email_invites + type: boolean + description: > + Settings related to the account + - name: old_account.settings.in_meeting.use_html_format_email + type: boolean + description: > + Settings related to the account + - name: old_account.settings.in_meeting.dscp_marking + type: boolean + description: > + Settings related to the account + - name: old_account.settings.in_meeting.dscp_audio + type: long + description: > + Settings related to the account + - name: old_account.settings.in_meeting.dscp_video + type: long + description: > + Settings related to the account + - name: old_account.settings.in_meeting.stereo_audio + type: boolean + description: > + Settings related to the account + - name: old_account.settings.in_meeting.original_audio + type: boolean + description: > + Settings related to the account + - name: old_account.settings.in_meeting.screen_sharing + type: boolean + description: > + Settings related to the account + - name: old_account.settings.in_meeting.remote_control + type: boolean + description: > + Settings related to the account + - name: old_account.settings.in_meeting.attention_tracking + type: boolean + description: > + Settings related to the account + - name: old_account.settings.email_notification.cloud_recording_avaliable_reminder + type: boolean + description: > + Settings related to the account + - name: old_account.settings.email_notification.jbh_reminder + type: boolean + description: > + Settings related to the account + - name: old_account.settings.email_notification.cancel_meeting_reminder + type: boolean + description: > + Settings related to the account + - name: old_account.settings.email_notification.low_host_count_reminder + type: boolean + description: > + Settings related to the account + - name: old_account.settings.email_notification.alternative_host_reminder + type: boolean + description: > + Settings related to the account + - name: old_account.settings.zoom_rooms.upcoming_meeting_alert + type: boolean + description: > + Settings related to the account + - name: old_account.settings.zoom_rooms.start_airplay_manually + type: boolean + description: > + Settings related to the account + - name: old_account.settings.zoom_rooms.weekly_system_restart + type: boolean + description: > + Settings related to the account + - name: old_account.settings.zoom_rooms.list_meetings_with_calendar + type: boolean + description: > + Settings related to the account + - name: old_account.settings.zoom_rooms.zr_post_meeting_feedback + type: boolean + description: > + Settings related to the account + - name: old_account.settings.zoom_rooms.ultrasonic + type: boolean + description: > + Settings related to the account + - name: old_account.settings.zoom_rooms.force_private_meeting + type: boolean + description: > + Settings related to the account + - name: old_account.settings.zoom_rooms.hide_host_information + type: boolean + description: > + Settings related to the account + - name: old_account.settings.zoom_rooms.cmr_for_instant_meeting + type: boolean + description: > + Settings related to the account + - name: old_account.settings.zoom_rooms.auto_start_stop_scheduled_meetings + type: boolean + description: > + Settings related to the account + - name: old_account.settings.security.admin_change_name_pic + type: boolean + description: > + Settings related to the account + - name: old_account.settings.security.import_photos_from_devices + type: boolean + description: > + Settings related to the account + - name: old_account.settings.security.hide_billing_info + type: boolean + description: > + Settings related to the account + - name: old_account.settings.recording.local_recording + type: boolean + description: > + Settings related to the account + - name: old_account.settings.recording.cloud_recording + type: boolean + description: > + Settings related to the account + - name: old_account.settings.recording.record_speaker_view + type: boolean + description: > + Settings related to the account + - name: old_account.settings.recording.record_gallery_view + type: boolean + description: > + Settings related to the account + - name: old_account.settings.recording.record_audio_file + type: boolean + description: > + Settings related to the account + - name: old_account.settings.recording.save_chat_text + type: boolean + description: > + Settings related to the account + - name: old_account.settings.recording.show_timestamp + type: boolean + description: > + Settings related to the account + - name: old_account.settings.recording.recording_audio_transcript + type: boolean + description: > + Settings related to the account + - name: old_account.settings.recording.auto_recording + type: keyword + description: > + Settings related to the account + - name: old_account.settings.recording.cloud_recording_download + type: boolean + description: > + Settings related to the account + - name: old_account.settings.recording.cloud_recording_download_host + type: boolean + description: > + Settings related to the account + - name: old_account.settings.recording.account_user_access_recording + type: boolean + description: > + Settings related to the account + - name: old_account.settings.recording.auto_delete_cmr + type: boolean + description: > + Settings related to the account + - name: old_account.settings.recording.auto_delete_cmr_days + type: long + description: > + Settings related to the account + - name: old_account.settings.telephony.third_party_audio + type: boolean + description: > + Settings related to the account + - name: old_account.settings.telephony.audio_conference_info + type: keyword + description: > + Settings related to the account + - name: old_account.settings.integration.google_calendar + type: boolean + description: > + Settings related to the account + - name: old_account.settings.integration.google_drive + type: boolean + description: > + Settings related to the account + - name: old_account.settings.integration.dropbox + type: boolean + description: > + Settings related to the account + - name: old_account.settings.integration.box + type: boolean + description: > + Settings related to the account + - name: old_account.settings.integration.microsoft_one_drive + type: boolean + description: > + Settings related to the account + - name: old_account.settings.integration.kubi + type: boolean + description: > + Settings related to the account + - name: old_account.settings.feature.meeting_capacity + type: boolean + description: > + Settings related to the account + - name: chat_channel.name + type: keyword + description: > + Channel name + - name: chat_channel.id + type: keyword + description: > + Channel ID + - name: chat_channel.type + type: integer + description: > + Channel type + - name: chat_channel.timestamp + type: date + description: > + Time when channel was created/modified/deleted + - name: chat_channel.date_time + type: date + description: > + Time when channel was created/modified/deleted + - name: chat_messages.id + type: keyword + description: > + Message ID + - name: chat_messages.type + type: integer + description: > + Type of message, either private message or channel message + - name: chat_messages.date_time + type: date + description: > + Time when message was created/modified/deleted + - name: chat_messages.timestamp + type: date + description: > + Time when message was created/modified/deleted + - name: chat_messages.session_id + type: keyword + description: > + SessionID for the channel related to the message + - name: chat_messages.contact_email + type: keyword + description: > + Email address related to the user sending the message + - name: chat_messages.contact_id + type: keyword + description: > + UserID related to the user sending the message + - name: chat_messages.channel_id + type: keyword + description: > + ChannelID related to the message + - name: chat_messages.channel_name + type: keyword + description: > + Channel name related to the message + - name: chat_messages.message + type: keyword + description: > + The message sent + - name: meeting.id + type: keyword + description: > + The ID of the meeting + - name: meeting.uuid + type: keyword + description: > + The UUID of the meeting + - name: meeting.host_id + type: keyword + description: > + The UserID of the meeting host + - name: meeting.topic + type: keyword + description: > + Meeting Topic + - name: meeting.type type: integer - overwrite: true description: > - Confidence level determined by ThreatCloud. + Type of meeting created + - name: meeting.start_time + type: date + description: > + Time the meeting started + - name: meeting.timezone + type: keyword + description: > + Timezone used for the meeting + - name: meeting.duration + type: long + description: > + Seconds the meeting has been active + - name: meeting.issues + type: long + description: > + Issue message if an alert is triggered on the meeting + - name: meeting.password + type: keyword + description: > + Password related to the meeting + - name: meeting.settings.host_video + type: boolean + description: > + Settings related to the meeting + - name: meeting.settings.participant_video + type: boolean + description: > + Settings related to the meeting + - name: meeting.settings.join_before_host + type: boolean + description: > + Settings related to the meeting + - name: meeting.settings.mute_upon_entry + type: boolean + description: > + Settings related to the meeting + - name: meeting.settings.audio + type: keyword + description: > + Settings related to the meeting + - name: meeting.settings.auto_recording + type: keyword + description: > + Settings related to the meeting + - name: meeting.settings.use_pmi + type: boolean + description: > + Settings related to the meeting + - name: meeting.settings.auto_recording + type: keyword + description: > + Settings related to the meeting + - name: meeting.settings.waiting_room + type: boolean + description: > + Settings related to the meeting + - name: meeting.settings.watermark + type: boolean + description: > + Settings related to the meeting + - name: meeting.settings.enforce_login + type: boolean + description: > + Settings related to the meeting + - name: meeting.registrant.id + type: keyword + description: > + Information about the person that registers to the meeting + - name: meeting.registrant.email + type: keyword + description: > + Information about the person that registers to the meeting + - name: meeting.registrant.first_name + type: keyword + description: > + Information about the person that registers to the meeting + - name: meeting.registrant.last_name + type: keyword + description: > + Information about the person that registers to the meeting + - name: meeting.registrant.address + type: keyword + description: > + Information about the person that registers to the meeting + - name: meeting.registrant.city + type: keyword + description: > + Information about the person that registers to the meeting + - name: meeting.registrant.country + type: keyword + description: > + Information about the person that registers to the meeting + - name: meeting.registrant.zip + type: keyword + description: > + Information about the person that registers to the meeting + - name: meeting.registrant.state + type: keyword + description: > + Information about the person that registers to the meeting + - name: meeting.registrant.phone + type: keyword + description: > + Information about the person that registers to the meeting + - name: meeting.registrant.industry + type: keyword + description: > + Information about the person that registers to the meeting + - name: meeting.registrant.org + type: keyword + description: > + Information about the person that registers to the meeting + - name: meeting.registrant.job_title + type: keyword + description: > + Information about the person that registers to the meeting + - name: meeting.registrant.purchasing_time_frame + type: keyword + description: > + Information about the person that registers to the meeting + - name: meeting.registrant.role_in_purchase_process + type: keyword + description: > + Information about the person that registers to the meeting + - name: meeting.registrant.no_of_employees + type: keyword + description: > + Information about the person that registers to the meeting + - name: meeting.registrant.comments + type: keyword + description: > + Information about the person that registers to the meeting + - name: meeting.registrant.join_url + type: keyword + description: > + Information about the person that registers to the meeting + - name: meeting.participant.id + type: keyword + description: > + Meeting ID of the related meeting + - name: meeting.participant.user_id + type: keyword + description: > + UserID of the participant trigger the sharing event + - name: meeting.participant.user_name + type: keyword + description: > + User name of the participant trigger the sharing event + - name: meeting.participant.join_time + type: date + description: > + The time the participant joined the related meeting + - name: meeting.participant.leave_time + type: date + description: > + The time the participant left the related meeting + - name: meeting.participant.sharing_details.link_source + type: keyword + description: > + Method of sharing with dropbox integration + - name: meeting.participant.sharing_details.content + type: keyword + description: > + Type of content that was shared + - name: meeting.participant.sharing_details.file_link + type: keyword + description: > + The file link that was shared + - name: meeting.participant.sharing_details.date_time + type: keyword + description: > + Timestamp the sharing started + - name: meeting.participant.sharing_details.source + type: keyword + description: > + The file source that was shared + - name: old_meeting.id + type: keyword + description: > + The ID of the meeting + - name: old_meeting.uuid + type: keyword + description: > + The UUID of the meeting + - name: old_meeting.host_id + type: keyword + description: > + The UserID of the meeting host + - name: old_meeting.topic + type: keyword + description: > + Meeting Topic + - name: old_meeting.type + type: integer + description: > + Type of meeting created + - name: old_meeting.start_time + type: date + description: > + Time the meeting started + - name: old_meeting.timezone + type: keyword + description: > + Timezone used for the meeting + - name: old_meeting.duration + type: long + description: > + Seconds the meeting has been active + - name: old_meeting.issues + type: long + description: > + Issue message if an alert is triggered on the meeting + - name: old_meeting.password + type: keyword + description: > + Password related to the meeting + - name: old_meeting.settings.host_video + type: boolean + description: > + Settings related to the meeting + - name: old_meeting.settings.participant_video + type: boolean + description: > + Settings related to the meeting + - name: old_meeting.settings.join_before_host + type: boolean + description: > + Settings related to the meeting + - name: old_meeting.settings.mute_upon_entry + type: boolean + description: > + Settings related to the meeting + - name: old_meeting.settings.audio + type: keyword + description: > + Settings related to the meeting + - name: old_meeting.settings.auto_recording + type: keyword + description: > + Settings related to the meeting + - name: old_meeting.settings.use_pmi + type: boolean + description: > + Settings related to the meeting + - name: old_meeting.settings.auto_recording + type: keyword + description: > + Settings related to the meeting + - name: old_meeting.settings.waiting_room + type: boolean + description: > + Settings related to the meeting + - name: old_meeting.settings.watermark + type: boolean + description: > + Settings related to the meeting + - name: old_meeting.settings.enforce_login + type: boolean + description: > + Settings related to the meeting + - name: phone.ringing_start_time + type: date + description: > + The timestamp when a ringtone was established to the callee + - name: phone.connected_start_time + type: date + description: > + The timestamp when a ringtone was established to the callee + - name: phone.answer_start_time + type: date + description: > + The timestamp when the call was answered + - name: phone.call_end_time + type: date + description: > + The timestamp when the call ended + - name: phone.call_id + type: keyword + description: > + Unique ID of the call + - name: phone.duration + type: long + description: > + Duration of a voicemail + - name: phone.caller_number + type: keyword + description: > + Caller number related to the voicemail + - name: phone.caller_name + type: keyword + description: > + Caller name related to the voicemail + - name: phone.caller_number_type + type: long + description: > + Caller type related to the voicemail + - name: phone.caller_user_id + type: keyword + description: > + UserID of the person related to the voicemail + - name: phone.callee_user_id + type: keyword + description: > + UserID of the callee related to the voicemail + - name: phone.caller.user_id + type: keyword + description: > + UserID of the person which initiated the call + - name: phone.caller.phone_number + type: keyword + description: > + Phone Number of the caller + - name: phone.caller.extension_number + type: keyword + description: > + Extension number of the caller + - name: phone.caller.timezone + type: keyword + description: > + Timezone of the caller + - name: phone.caller.device_type + type: keyword + description: > + Device type used by the caller + - name: phone.callee_user_id + type: keyword + description: > + UserID of the person that is called + - name: phone.callee.user_id + type: keyword + description: > + UserID of the person that is called + - name: phone.callee.phone_number + type: keyword + description: > + Phone Number of the callee + - name: phone.callee.extension_number + type: keyword + description: > + Extension number of the callee + - name: phone.callee.timezone + type: keyword + description: > + Timezone of the callee + - name: phone.callee.device_type + type: keyword + description: > + Device type used by the callee + - name: recording.id + type: keyword + description: > + ID of the recording + - name: recording.uuid + type: keyword + description: > + UUID of the recording + - name: recording.host_id + type: keyword + description: > + UserID of the host related to the meeting recording + - name: recording.topic + type: keyword + description: > + Topic of the meeting related to the recording + - name: recording.type + type: long + description: > + Type of recording + - name: recording.start_time + type: date + description: > + Date of the recording + - name: recording.timezone + type: keyword + description: > + The timezone used for the recording date + - name: recording.duration + type: long + description: > + Duration of the recording + - name: recording.share_url + type: keyword + description: > + The share URL for the recording + - name: recording.total_size + type: long + description: > + Total size of the recording in bytes + - name: recording.recording_count + type: long + description: > + Amount of recording files related to the recording + - name: recording.host_email + type: long + description: > + Email address of the host related to the meeting + + - name: recording.registrant.id + type: keyword + description: > + Information about the person that registers to the meeting + - name: recording.registrant.email + type: keyword + description: > + Information about the person that registers to the meeting + - name: recording.registrant.first_name + type: keyword + description: > + Information about the person that registers to the meeting + - name: recording.registrant.last_name + type: keyword + description: > + Information about the person that registers to the meeting + - name: recording.registrant.address + type: keyword + description: > + Information about the person that registers to the meeting + - name: recording.registrant.city + type: keyword + description: > + Information about the person that registers to the meeting + - name: recording.registrant.country + type: keyword + description: > + Information about the person that registers to the meeting + - name: recording.registrant.zip + type: keyword + description: > + Information about the person that registers to the meeting + - name: recording.registrant.state + type: keyword + description: > + Information about the person that registers to the meeting + - name: recording.registrant.phone + type: keyword + description: > + Information about the person that registers to the meeting + - name: recording.registrant.industry + type: keyword + description: > + Information about the person that registers to the meeting + - name: recording.registrant.org + type: keyword + description: > + Information about the person that registers to the meeting + - name: recording.registrant.job_title + type: keyword + description: > + Information about the person that registers to the meeting + - name: recording.registrant.purchasing_time_frame + type: keyword + description: > + Information about the person that registers to the meeting + - name: recording.registrant.role_in_purchase_process + type: keyword + description: > + Information about the person that registers to the meeting + - name: recording.registrant.no_of_employees + type: keyword + description: > + Information about the person that registers to the meeting + - name: recording.registrant.comments + type: keyword + description: > + Information about the person that registers to the meeting + - name: recording.registrant.join_url + type: keyword + description: > + Information about the person that registers to the meeting + - name: user.id + type: keyword + description: > + UserID related to the user event + - name: user.first_name + type: keyword + description: > + User first name related to the user event + - name: user.last_name + type: keyword + description: > + User last name related to the user event + - name: user.email + type: keyword + description: > + User email related to the user event + - name: user.type + type: keyword + description: > + User type related to the user event + - name: user.phone_number + type: keyword + description: > + Phone number related to the user + - name: user.phone_country + type: keyword + description: > + Country code related to the phone number + - name: user.company + type: keyword + description: > + User Company + - name: user.pmi + type: keyword + description: > + User personal meeting ID + - name: user.use_pmi + type: boolean + description: > + If use PMI is enabled + - name: user.pic_url + type: keyword + description: > + URL to the profile picture + - name: user.vanity_name + type: keyword + description: > + Name of the related users personal meeting room + - name: user.timezone + type: keyword + description: > + Timezone configured for the user + - name: user.language + type: keyword + description: > + Language settings for the user + - name: user.host_key + type: keyword + description: > + Host key set for the user + - name: user.role + type: keyword + description: > + The configured role for the user + - name: user.dept + type: keyword + description: > + The configured departement for the user + - name: user.settings.meeting_capacity + type: long + description: > + Maximum capacity for the user + - name: user.settings.large_meeting + type: boolean + description: > + If large meeting plan is enabled for the user + - name: user.presence_status + type: keyword + description: > + Current presence status of user + - name: user.personal_note + type: keyword + description: > + Personal notes for the User + - name: user.date_time + type: date + description: > + Time when user logged in/out + - name: old_user.id + type: keyword + description: > + UserID related to the user event + - name: old_user.first_name + type: keyword + description: > + User first name related to the user event + - name: old_user.last_name + type: keyword + description: > + User last name related to the user event + - name: old_user.email + type: keyword + description: > + User email related to the user event + - name: old_user.type + type: keyword + description: > + User type related to the user event + - name: old_user.phone_number + type: keyword + description: > + Phone number related to the user + - name: old_user.phone_country + type: keyword + description: > + Country code related to the phone number + - name: old_user.company + type: keyword + description: > + User Company + - name: old_user.pmi + type: keyword + description: > + User personal meeting ID + - name: old_user.use_pmi + type: boolean + description: > + If use PMI is enabled + - name: old_user.pic_url + type: keyword + description: > + URL to the profile picture + - name: old_user.vanity_name + type: keyword + description: > + Name of the related users personal meeting room + - name: old_user.timezone + type: keyword + description: > + Timezone configured for the user + - name: old_user.language + type: keyword + description: > + Language settings for the user + - name: old_user.host_key + type: keyword + description: > + Host key set for the user + - name: old_user.role + type: keyword + description: > + The configured role for the user + - name: old_user.dept + type: keyword + description: > + The configured departement for the user + - name: old_user.settings.meeting_capacity + type: long + description: > + Maximum capacity for the user + - name: old_user.settings.large_meeting + type: boolean + description: > + If large meeting plan is enabled for the user + - name: old_user.presence_status + type: keyword + description: > + Current presence status of user + - name: old_user.personal_note + type: keyword + description: > + Personal notes for the User + - name: old_user.date_time + type: date + description: > + Time when user logged in/out + - name: webinar.id + type: keyword + description: > + Unique ID for the webinar + - name: webinar.uuid + type: keyword + description: > + UUID for the webinar + - name: webinar.host_id + type: keyword + description: > + UserID of the host of the webinar + - name: webinar.topic + type: keyword + description: > + Topic of the webinar + - name: webinar.type + type: keyword + description: > + Type of webinar created + - name: webinar.start_time + type: date + description: > + Start time of the webinar + - name: webinar.timezone + type: keyword + description: > + Timezone of the webinar + - name: webinar.duration + type: long + description: > + Duration of the webinar + - name: webinar.agenda + type: keyword + description: > + Agenda of the webinar + - name: webinar.password + type: keyword + description: > + Password for the webinar + - name: webinar.issues + type: keyword + description: > + Related issues to the webinar + - name: webinar.settings.host_video + type: keyword + description: > + Related webinar settings + - name: webinar.settings.panelists_video + type: keyword + description: > + Related webinar settings + - name: webinar.settings.practice_session + type: keyword + description: > + Related webinar settings + - name: webinar.settings.approval_type + type: keyword + description: > + Related webinar settings + - name: webinar.settings.registration_type + type: keyword + description: > + Related webinar settings + - name: webinar.settings.audio + type: keyword + description: > + Related webinar settings + - name: webinar.settings.auto_recording + type: keyword + description: > + Related webinar settings + - name: webinar.settings.enforce_login + type: keyword + description: > + Related webinar settings + - name: old_webinar.id + type: keyword + description: > + Unique ID for the webinar + - name: old_webinar.uuid + type: keyword + description: > + UUID for the webinar + - name: old_webinar.host_id + type: keyword + description: > + UserID of the host of the webinar + - name: old_webinar.topic + type: keyword + description: > + Topic of the webinar + - name: old_webinar.type + type: keyword + description: > + Type of webinar created + - name: old_webinar.start_time + type: date + description: > + Start time of the webinar + - name: old_webinar.timezone + type: keyword + description: > + Timezone of the webinar + - name: old_webinar.duration + type: long + description: > + Duration of the webinar + - name: old_webinar.agenda + type: keyword + description: > + Agenda of the webinar + - name: old_webinar.password + type: keyword + description: > + Password for the webinar + - name: old_webinar.settings.host_video + type: keyword + description: > + Related webinar settings + - name: old_webinar.settings.panelists_video + type: keyword + description: > + Related webinar settings + - name: old_webinar.settings.practice_session + type: keyword + description: > + Related webinar settings + - name: old_webinar.settings.approval_type + type: keyword + description: > + Related webinar settings + - name: old_webinar.settings.registration_type + type: keyword + description: > + Related webinar settings + - name: old_webinar.settings.audio + type: keyword + description: > + Related webinar settings + - name: old_webinar.settings.auto_recording + type: keyword + description: > + Related webinar settings + - name: old_webinar.settings.enforce_login + type: keyword + description: > + Related webinar settings + - name: webinar.registrant.id + type: keyword + description: > + Information about the person that registers to the webinar + - name: webinar.registrant.email + type: keyword + description: > + Information about the person that registers to the webinar + - name: webinar.registrant.first_name + type: keyword + description: > + Information about the person that registers to the webinar + - name: webinar.registrant.last_name + type: keyword + description: > + Information about the person that registers to the webinar + - name: webinar.registrant.address + type: keyword + description: > + Information about the person that registers to the webinar + - name: webinar.registrant.city + type: keyword + description: > + Information about the person that registers to the webinar + - name: webinar.registrant.country + type: keyword + description: > + Information about the person that registers to the webinar + - name: webinar.registrant.zip + type: keyword + description: > + Information about the person that registers to the webinar + - name: webinar.registrant.state + type: keyword + description: > + Information about the person that registers to the webinar + - name: webinar.registrant.phone + type: keyword + description: > + Information about the person that registers to the webinar + - name: webinar.registrant.industry + type: keyword + description: > + Information about the person that registers to the webinar + - name: webinar.registrant.org + type: keyword + description: > + Information about the person that registers to the webinar + - name: webinar.registrant.job_title + type: keyword + description: > + Information about the person that registers to the webinar + - name: webinar.registrant.purchasing_time_frame + type: keyword + description: > + Information about the person that registers to the webinar + - name: webinar.registrant.role_in_purchase_process + type: keyword + description: > + Information about the person that registers to the webinar + - name: webinar.registrant.no_of_employees + type: keyword + description: > + Information about the person that registers to the webinar + - name: webinar.registrant.comments + type: keyword + description: > + Information about the person that registers to the webinar + - name: webinar.registrant.join_url + type: keyword + description: > + Information about the person that registers to the webinar + - name: webinar.participant.id + type: keyword + description: > + Webinar ID of the related meeting + - name: webinar.participant.user_id + type: keyword + description: > + UserID of the participant trigger the sharing event + - name: webinar.participant.user_name + type: keyword + description: > + User name of the participant trigger the sharing event + - name: webinar.participant.join_time + type: date + description: > + The time the participant joined the related meeting + - name: webinar.participant.leave_time + type: date + description: > + The time the participant left the related meeting + - name: zoomroom.id + type: keyword + description: > + ID of the Zoom room + - name: zoomroom.room_name + type: keyword + description: > + Name of the Zoom room + - name: zoomroom.calendar_name + type: keyword + description: > + Calendar name of the Zoom room + - name: zoomroom.calendar_id + type: keyword + description: > + Calendar ID of the Zoom room + - name: zoomroom.event_id + type: keyword + description: > + Event ID of the Zoom room + - name: zoomroom.change_key + type: keyword + description: > + Change key of the Zoom room + - name: zoomroom.resource_email + type: keyword + description: > + Resource email address related to the Zoom room + - name: zoomroom.email + type: keyword + description: > + Email related to the Zoom room + - name: zoomroom.issue + type: keyword + description: > + Related issue message to the Zoom room + - name: zoomroom.alert_type + type: keyword + description: > + Zoom room alert type + - name: zoomroom.component + type: keyword + description: > + Zoom room component + - name: zoomroom.alert_kind + type: keyword + description: > + Alert kind related to the Zoom room diff --git a/x-pack/filebeat/module/zoom/webhook/config/webhook.yml b/x-pack/filebeat/module/zoom/webhook/config/webhook.yml index 0ee23a7272b..6e5f08008b4 100644 --- a/x-pack/filebeat/module/zoom/webhook/config/webhook.yml +++ b/x-pack/filebeat/module/zoom/webhook/config/webhook.yml @@ -10,6 +10,7 @@ prefix: {{ .prefix }} basic_auth: {{ .basic_auth }} username: {{ .username }} username: {{ .password }} +content_type: {{ .content_type }} {{ else if eq .input "file" }} diff --git a/x-pack/filebeat/module/zoom/webhook/ingest/account.yml b/x-pack/filebeat/module/zoom/webhook/ingest/account.yml index c9f731489eb..cc91a441ea7 100644 --- a/x-pack/filebeat/module/zoom/webhook/ingest/account.yml +++ b/x-pack/filebeat/module/zoom/webhook/ingest/account.yml @@ -14,14 +14,6 @@ processors: field: event.type value: change if: "['account.updated', 'account.settings_updated', 'account.disassociated'].contains(ctx?.event?.action)" -- rename: - field: zoom.operator - target_field: source.user.email - ignore_missing: true -- rename: - field: zoom.operator_id - target_field: source.user.id - ignore_missing: true - rename: field: zoom.account_id target_field: zoom.master_account_id @@ -30,14 +22,6 @@ processors: field: zoom.object.id target_field: zoom.sub_account_id ignore_missing: true -- rename: - field: zoom.object.owner_id - target_field: destination.user.id - ignore_missing: true -- rename: - field: zoom.object.owner_id - target_field: destination.user.email - ignore_missing: true - rename: field: zoom.object target_field: zoom.account @@ -48,12 +32,8 @@ processors: if: ctx?.event?.action != 'account.created' - append: field: related.user - value: "{{source.user.idl}}" - if: "ctx.source?.user?.id != null" -- append: - field: related.user - value: "{{destination.user.id}}" - if: "ctx.destination?.user?.id != null" + value: "{{zoom.account.owner_id}}" + if: "ctx?.zoom?.account?.owner_id != null" on_failure: - set: field: error.message diff --git a/x-pack/filebeat/module/zoom/webhook/ingest/chat_channel.yml b/x-pack/filebeat/module/zoom/webhook/ingest/chat_channel.yml index 5485c0172a0..2577dd893d1 100644 --- a/x-pack/filebeat/module/zoom/webhook/ingest/chat_channel.yml +++ b/x-pack/filebeat/module/zoom/webhook/ingest/chat_channel.yml @@ -16,28 +16,21 @@ processors: field: event.type value: change if: ctx?.event?.action == 'chat_channel.deleted' -- rename: - field: zoom.operator - target_field: source.user.email - ignore_missing: true -- rename: - field: zoom.operator_id - target_field: source.user.id - ignore_missing: true - rename: field: zoom.object - target_field: zoom.channel + target_field: zoom.chat_channel ignore_missing: true - foreach: - field: zoom.channel.members + field: zoom.chat_channel.members processor: append: field: related.user value: "{{_ingest._value.id}}" -- append: - field: related.user - value: "{{source.user.id}}" - if: "ctx.source?.user?.id != null" +# Removing to prevent nested values, added to related.user above +- remove: + field: + - zoom.chat_channel.members + ignore_missing: true on_failure: - set: field: error.message diff --git a/x-pack/filebeat/module/zoom/webhook/ingest/chat_message.yml b/x-pack/filebeat/module/zoom/webhook/ingest/chat_message.yml index c11d3564ec9..28d3d2bd1bb 100644 --- a/x-pack/filebeat/module/zoom/webhook/ingest/chat_message.yml +++ b/x-pack/filebeat/module/zoom/webhook/ingest/chat_message.yml @@ -15,34 +15,14 @@ processors: field: event.type value: change if: ctx?.event?.action == 'chat_message.updated' -- rename: - field: zoom.operator - target_field: source.user.email - ignore_missing: true -- rename: - field: zoom.operator_id - target_field: source.user.id - ignore_missing: true - rename: field: zoom.object - target_field: zoom.chat - ignore_missing: true -- rename: - field: zoom.chat.contact_email - target_field: destination.user.email - ignore_missing: true -- rename: - field: zoom.chat.contact_id - target_field: destination.user.id + target_field: zoom.chat_message ignore_missing: true - append: field: related.user - value: "{{source.user.id}}" - if: "ctx.source?.user?.id != null" -- append: - field: related.user - value: "{{destination.user.id}}" - if: "ctx.destination?.user?.id != null" + value: "{{zoom.chat_message.contact_id}}" + if: "ctx?.zoom?.chat_message?.contact_id != null" on_failure: - set: field: error.message diff --git a/x-pack/filebeat/module/zoom/webhook/ingest/meeting.yml b/x-pack/filebeat/module/zoom/webhook/ingest/meeting.yml index 64893a41021..048fb359017 100644 --- a/x-pack/filebeat/module/zoom/webhook/ingest/meeting.yml +++ b/x-pack/filebeat/module/zoom/webhook/ingest/meeting.yml @@ -4,6 +4,14 @@ processors: field: event.type value: info if: ctx?.event?.action != meeting.alert +- append: + field: event.type + value: error + if: ctx?.event?.action == meeting.alert +- append: + field: event.type + value: allowed + if: ctx?.event?.action == meeting.registration_approved - append: field: event.type value: creation @@ -19,19 +27,11 @@ processors: - append: field: event.type value: start - if: ctx?.event?.action == 'meeting.started' + if: "['meeting.started', 'meeting.sharing_started'].contains(ctx?.event?.action)" - append: field: event.type value: end - if: ctx?.event?.action == 'meeting.ended' -- rename: - field: zoom.operator - target_field: source.user.email - ignore_missing: true -- rename: - field: zoom.operator_id - target_field: source.user.id - ignore_missing: true + if: "['meeting.ended', 'meeting.sharing_ended'].contains(ctx?.event?.action)" - rename: field: zoom.object target_field: zoom.meeting @@ -42,8 +42,8 @@ processors: ignore_missing: true - append: field: related.user - value: "{{source.user.id}}" - if: "ctx.source?.user?.id != null" + value: "{{zoom.meeting.host_id}}" + if: "ctx?.zoom?.meeting?.host_id != null" on_failure: - set: field: error.message diff --git a/x-pack/filebeat/module/zoom/webhook/ingest/phone.yml b/x-pack/filebeat/module/zoom/webhook/ingest/phone.yml index 6744163faf0..910b5dcf344 100644 --- a/x-pack/filebeat/module/zoom/webhook/ingest/phone.yml +++ b/x-pack/filebeat/module/zoom/webhook/ingest/phone.yml @@ -3,47 +3,34 @@ processors: - append: field: event.type value: info - if: ctx?.event?.action != meeting.alert - append: field: event.type value: creation - if: "['meeting.registration_created', 'meeting.created'].contains(ctx?.event?.action)" -- append: - field: event.type - value: deletion - if: ctx?.event?.action == 'meeting.deleted' -- append: - field: event.type - value: change - if: ctx?.event?.action == 'meeting.updated' + if: "['phone.caller_ringing', 'phone.callee_ringing'].contains(ctx?.event?.action)" - append: field: event.type value: start - if: ctx?.event?.action == 'meeting.started' + if: "['phone.callee_answered', 'phone.caller_connected'].contains(ctx?.event?.action)" - append: field: event.type value: end - if: ctx?.event?.action == 'meeting.ended' -- rename: - field: zoom.operator - target_field: source.user.email - ignore_missing: true -- rename: - field: zoom.operator_id - target_field: source.user.id - ignore_missing: true + if: "['phone.callee_missed', 'phone.callee_ended', 'phone.caller_ended'].contains(ctx?.event?.action)" - rename: field: zoom.object - target_field: zoom.meeting - ignore_missing: true -- rename: - field: zoom.old_object - target_field: zoom.old_meeting + target_field: zoom.phone ignore_missing: true - append: field: related.user - value: "{{source.user.id}}" - if: "ctx.source?.user?.id != null" + value: "{{zoom.phone.callee.user_id}}" + if: "ctx?.zoom?.phone?.callee?.user_id != null" +- append: + field: related.user + value: "{{zoom.phone.callee_user_id}}" + if: "ctx?.zoom?.phone?.callee_user_id != null" +- append: + field: related.user + value: "{{zoom.phone.caller.user_id}}" + if: "ctx?.zoom?.phone?.caller?.user_id != null" on_failure: - set: field: error.message diff --git a/x-pack/filebeat/module/zoom/webhook/ingest/pipeline.yml b/x-pack/filebeat/module/zoom/webhook/ingest/pipeline.yml index 0b48dcc25dc..71202ea9a3e 100644 --- a/x-pack/filebeat/module/zoom/webhook/ingest/pipeline.yml +++ b/x-pack/filebeat/module/zoom/webhook/ingest/pipeline.yml @@ -2,10 +2,10 @@ description: Initial pipeline for parsing Zoom webhooks processors: - set: field: observer.vendor - target_field: Zoom + value: Zoom - set: field: observer.product - target_field: Webhook + value: Webhook - append: field: event.kind value: event @@ -24,6 +24,26 @@ processors: field: _temp_.payload target_field: zoom ignore_missing: true +- append: + field: related.user + value: "{{zoom.operator_idl}}" + if: "ctx?.zoom?.operator_id != null" +# Removing some fields that have complex nested arrays that might impact performance +- remove: + field: + - zoom.object.occurences + - zoom.old_object.occurences + - zoom.object.recurrence + - zoom.old_object.recurrence + - zoom.object.managed_domains + - zoom.old_object.managed_domains + - zoom.object.registrant.custom_questions + - zoom.old_object.registrant.custom_questions + - zoom.object.call_logs + - zoom.old_object.call_logs + - zoom.object.recording_file + - zoom.old_object.recording_file + ignore_missing: true - pipeline: name: '{< IngestPipeline "meeting" >}' if: "ctx?.event?.action.startsWith('meeting')" diff --git a/x-pack/filebeat/module/zoom/webhook/ingest/recording.yml b/x-pack/filebeat/module/zoom/webhook/ingest/recording.yml index e69de29bb2d..34c42f948af 100644 --- a/x-pack/filebeat/module/zoom/webhook/ingest/recording.yml +++ b/x-pack/filebeat/module/zoom/webhook/ingest/recording.yml @@ -0,0 +1,53 @@ +description: Pipeline for parsing Zoom recording webhooks +processors: +- append: + field: event.type + value: info +- append: + field: event.type + value: creation + if: "ctx?.event?.action == recording.registration_created" +- append: + field: event.type + value: allowed + if: "ctx?.event?.action == recording.registration_approved" +- append: + field: event.type + value: denied + if: "ctx?.event?.action == recording.registration_denied" +- append: + field: event.type + value: deletion + if: "['recording.deleted', 'recording.trashed'].contains(ctx?.event?.action)" +- append: + field: event.type + value: change + if: "['recording.paused', 'recording.resumed', 'recording.renamed', 'recording.recovered'].contains(ctx?.event?.action)" +- append: + field: event.type + value: start + if: "ctx?.event?.action == recording.started" +- append: + field: event.type + value: end + if: "['recording.stopped', 'recording.completed', 'recording.transcript_completed'].contains(ctx?.event?.action)" +- rename: + field: zoom.object + target_field: zoom.recording + ignore_missing: true +- rename: + field: zoom.old_object + target_field: zoom.old_recording + ignore_missing: true +- append: + field: related.user + value: "{{zoom.recording.host_id}}" + if: "ctx?.zoom?.recording?.host_id != null" +- append: + field: related.user + value: "{{zoom.recording.registrant.id}}" + if: "ctx?.zoom?.recording?.registrant?.id != null" +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/x-pack/filebeat/module/zoom/webhook/ingest/user.yml b/x-pack/filebeat/module/zoom/webhook/ingest/user.yml index e69de29bb2d..b458ba53274 100644 --- a/x-pack/filebeat/module/zoom/webhook/ingest/user.yml +++ b/x-pack/filebeat/module/zoom/webhook/ingest/user.yml @@ -0,0 +1,41 @@ +description: Pipeline for parsing Zoom user webhooks +processors: +- append: + field: event.type + value: iam +- append: + field: event.type + value: creation + if: ctx?.event?.action != user.created +- append: + field: event.type + value: deletion + if: ctx?.event?.action == 'user.deleted' +- append: + field: event.type + value: change + if: "['user.updated', 'user.settings_updated', 'user.deactivated', 'user.activated', 'user.disassociated', 'user.presence_status_updated', 'user.personal_notes_updated'].contains(ctx?.event?.action)" +- append: + field: event.type + value: start + if: ctx?.event?.action == 'user.signed_in' +- append: + field: event.type + value: end + if: ctx?.event?.action == 'user.signed_out' +- rename: + field: zoom.object + target_field: zoom.user + ignore_missing: true +- rename: + field: zoom.old_object + target_field: zoom.old_user + ignore_missing: true +- append: + field: related.user + value: "{{zoom.user.id}}" + if: "ctx?.zoom?.user?.id != null" +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/x-pack/filebeat/module/zoom/webhook/ingest/webinar.yml b/x-pack/filebeat/module/zoom/webhook/ingest/webinar.yml index e69de29bb2d..8e4e10ae607 100644 --- a/x-pack/filebeat/module/zoom/webhook/ingest/webinar.yml +++ b/x-pack/filebeat/module/zoom/webhook/ingest/webinar.yml @@ -0,0 +1,58 @@ +description: Pipeline for parsing Zoom webinar webhooks +processors: +- append: + field: event.type + value: info + if: ctx?.event?.action != 'webinar.alert' +- append: + field: event.type + value: error + if: ctx?.event?.action == 'webinar.alert' +- append: + field: event.type + value: creation + if: "['webinar.created', 'webinar.registration_created'].contains(ctx?.event?.action)" +- append: + field: event.type + value: deletion + if: ctx?.event?.action == 'webinar.deleted' +- append: + field: event.type + value: allowed + if: ctx?.event?.action == 'webinar.registration_approved' +- append: + field: event.type + value: denied + if: ctx?.event?.action == 'webinar.registration_denied' +- append: + field: event.type + value: change + if: "['webinar.updated', 'webinar.registration_approved', 'webinar.registration_denied', 'webinar.registration_cancelled'].contains(ctx?.event?.action)" +- append: + field: event.type + value: start + if: "['webinar.started', 'webinar.sharing_started'].contains(ctx?.event?.action)" +- append: + field: event.type + value: end + if: "['webinar.ended', 'webinar.sharing_ended'].contains(ctx?.event?.action)" +- rename: + field: zoom.object + target_field: zoom.webinar + ignore_missing: true +- rename: + field: zoom.old_object + target_field: zoom.old_webinar + ignore_missing: true +- append: + field: related.user + value: "{{zoom.webinar.host_id}}" + if: "ctx?.zoom?.webinar?.host_id != null" +- append: + field: related.user + value: "{{zoom.webinar.participant.user_id}}" + if: "ctx?.zoom?.webinar?.participant?.user_id != null" +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/x-pack/filebeat/module/zoom/webhook/ingest/zoomroom.yml b/x-pack/filebeat/module/zoom/webhook/ingest/zoomroom.yml index e69de29bb2d..5c464b8ddd5 100644 --- a/x-pack/filebeat/module/zoom/webhook/ingest/zoomroom.yml +++ b/x-pack/filebeat/module/zoom/webhook/ingest/zoomroom.yml @@ -0,0 +1,26 @@ +description: Pipeline for parsing Zoom zoom_room webhooks +processors: +- append: + field: event.type + value: info + if: "['zoomroom.checked_in', 'zoomroom.checked_out'].contains(ctx?.event?.action)" +- append: + field: event.type + value: start + if: ctx?.event?.action == 'zoomroom.checked_in' +- append: + field: event.type + value: end + if: ctx?.event?.action == 'zoomroom.checked_out' +- rename: + field: zoom.object + target_field: zoom.zoomroom + ignore_missing: true +- append: + field: related.user + value: "{{zoom.user.id}}" + if: "ctx?.zoom?.user?.id != null" +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/x-pack/filebeat/module/zoom/webhook/manifest.yml b/x-pack/filebeat/module/zoom/webhook/manifest.yml index f028dbdb31c..8f2318b20e0 100644 --- a/x-pack/filebeat/module/zoom/webhook/manifest.yml +++ b/x-pack/filebeat/module/zoom/webhook/manifest.yml @@ -4,9 +4,11 @@ var: - name: listen_address default: localhost - name: listen_port - default: 8080 + default: 80 - name: input default: http_endpoint + - name: content_type + default: "" - name: response_code default: 200 - name: response_body @@ -14,7 +16,7 @@ var: - name: url default: / - name: prefix - default: json + default: zoom - name: basic_auth default: false - name: username @@ -26,14 +28,15 @@ var: default: [zoom-webhook, forwarded] ingest_pipeline: - - ingest/pipeline.yml - ingest/account.yml - - ingest/chat_message.yml - ingest/chat_channel.yml + - ingest/chat_message.yml - ingest/meeting.yml - ingest/phone.yml + - ingest/pipeline.yml - ingest/recording.yml - ingest/user.yml - ingest/webinar.yml - ingest/zoomroom.yml + input: config/webhook.yml diff --git a/x-pack/filebeat/modules.d/zoom.yml.disabled b/x-pack/filebeat/modules.d/zoom.yml.disabled index d3576c42c88..45a26edba63 100644 --- a/x-pack/filebeat/modules.d/zoom.yml.disabled +++ b/x-pack/filebeat/modules.d/zoom.yml.disabled @@ -1,16 +1,16 @@ # Module: zoom # Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-zoom.html -- module: checkpoint - firewall: +- module: zoom + webhook: enabled: true - # Set which input to use between syslog (default) or file. - #var.input: syslog + # The type of input to use + #var.input: http_endpoint - # The interface to listen to UDP based syslog traffic. Defaults to + # The interface to listen for incoming HTTP requests. Defaults to # localhost. Set to 0.0.0.0 to bind to all available interfaces. - #var.syslog_host: localhost + #var.listen_address: localhost - # The UDP port to listen for syslog traffic. Defaults to 9001. - #var.syslog_port: 9001 + # The port to bind to + #var.listen_port: 80 From ccff3fc32f6c119737a4ed7a4b871c224cd03fed Mon Sep 17 00:00:00 2001 From: P1llus Date: Tue, 4 Aug 2020 17:28:56 +0200 Subject: [PATCH 04/16] Adding test logs and updating fields.yml, fixing some pipeline mistakes --- x-pack/filebeat/module/zoom/fields.go | 2 +- .../module/zoom/webhook/_meta/fields.yml | 1472 ++--------------- .../module/zoom/webhook/config/webhook.yml | 6 +- .../module/zoom/webhook/ingest/account.yml | 6 +- .../module/zoom/webhook/ingest/meeting.yml | 10 +- .../module/zoom/webhook/ingest/pipeline.yml | 24 +- .../module/zoom/webhook/ingest/recording.yml | 12 +- .../module/zoom/webhook/ingest/user.yml | 6 +- .../module/zoom/webhook/ingest/webinar.yml | 4 - .../filebeat/module/zoom/webhook/manifest.yml | 5 +- .../zoom/webhook/test/account.ndjson.log | 3 + .../test/account.ndjson.log-expected.json | 116 ++ .../zoom/webhook/test/chat_channel.ndjson.log | 6 + .../chat_channel.ndjson.log-expected.json | 73 + .../zoom/webhook/test/chat_message.ndjson.log | 3 + .../chat_message.ndjson.log-expected.json | 116 ++ .../zoom/webhook/test/meeting.ndjson.log | 15 + .../test/meeting.ndjson.log-expected.json | 619 +++++++ .../module/zoom/webhook/test/phone.ndjson.log | 11 + .../zoom/webhook/test/recording.ndjson.log | 13 + .../test/recording.ndjson.log-expected.json | 461 ++++++ .../module/zoom/webhook/test/user.ndjson.log | 13 + .../zoom/webhook/test/webinar.ndjson.log | 14 + .../test/webinar.ndjson.log-expected.json | 625 +++++++ .../zoom/webhook/test/zoomroom.ndjson.log | 4 + .../test/zoomroom.ndjson.log-expected.json | 126 ++ 26 files changed, 2396 insertions(+), 1369 deletions(-) create mode 100644 x-pack/filebeat/module/zoom/webhook/test/account.ndjson.log create mode 100644 x-pack/filebeat/module/zoom/webhook/test/account.ndjson.log-expected.json create mode 100644 x-pack/filebeat/module/zoom/webhook/test/chat_channel.ndjson.log create mode 100644 x-pack/filebeat/module/zoom/webhook/test/chat_channel.ndjson.log-expected.json create mode 100644 x-pack/filebeat/module/zoom/webhook/test/chat_message.ndjson.log create mode 100644 x-pack/filebeat/module/zoom/webhook/test/chat_message.ndjson.log-expected.json create mode 100644 x-pack/filebeat/module/zoom/webhook/test/meeting.ndjson.log create mode 100644 x-pack/filebeat/module/zoom/webhook/test/meeting.ndjson.log-expected.json create mode 100644 x-pack/filebeat/module/zoom/webhook/test/phone.ndjson.log create mode 100644 x-pack/filebeat/module/zoom/webhook/test/recording.ndjson.log create mode 100644 x-pack/filebeat/module/zoom/webhook/test/recording.ndjson.log-expected.json create mode 100644 x-pack/filebeat/module/zoom/webhook/test/user.ndjson.log create mode 100644 x-pack/filebeat/module/zoom/webhook/test/webinar.ndjson.log create mode 100644 x-pack/filebeat/module/zoom/webhook/test/webinar.ndjson.log-expected.json create mode 100644 x-pack/filebeat/module/zoom/webhook/test/zoomroom.ndjson.log create mode 100644 x-pack/filebeat/module/zoom/webhook/test/zoomroom.ndjson.log-expected.json diff --git a/x-pack/filebeat/module/zoom/fields.go b/x-pack/filebeat/module/zoom/fields.go index 372926084d8..219709f8cd5 100644 --- a/x-pack/filebeat/module/zoom/fields.go +++ b/x-pack/filebeat/module/zoom/fields.go @@ -19,5 +19,5 @@ func init() { // AssetZoom returns asset data. // This is the base64 encoded gzipped contents of module/zoom. func AssetZoom() string { - return "eJzUnc+P27iSx+/zV/C4C+zrAd4xhwWCJMA2MBkE+YEHvAtBS2WLaYrUIyk7zl+/IPXDsk2ZkptqlfswmNjdxY8okqpi8Vv6B3mB4zvyW6nyD0IstwLekX83/8rBZJpXliv5jvzvH4QQ8k2V4L8mpcprAX8QsuUgcvPOf+1+/kEkK6E32f3YYwXvyE6ruhp8qkEAM/CObMCywec5bFktLPXG35EtEwbOvr4i634+ey6yVZpUTBsudw3v+y/P5F+wKZR6MU+Dv7jEH15CyYwFTVmWqVpayvOz3+qu6QWOB6Uvv7uB6DG9afK+Me36gVnIiVWEEVNBxrc8I9/qTfcbQT5TbxaB+9rSxNpXFWhmlU7a+A8D+vkjsQWzxGq+24F2HVMAgT1EQNJSONt/fioZF8P740hqA3oe4ZK3qbXtOk1FMCwvwVhWVkGKnFmYh/C9s3fZQ9GeeFIHCYuMHLX1BB1Qe6+AsMz9ITkwQyrQW6VLyImSNyHB3f10hLcG032ATS+ix+yGv/s0HeffrIRFMJngzKTjfO/MLQJq6qpSOnW/fmusdq0tSp546F6i/5cfy/+d9BIMWMvlzjyZrADnbdASwH3yVChj6Z7noIJXtFFKAJMzr6ht7fIS2I0Hc5y0YtryjFdMPggwq3OuqMNKOFgWIf2puKQb2CoN1A0I7D0Lcqt0BlSoHb8Ewg1LD9wWNFcl4zK8XKMlvwWNaCxLZamxbiS3n1CrKp5h7+ump6uS05+bglbMmECHrk3N5Wls/BMoyEwffYt4ObOCYVvOBnSV5ntmgeKmZLVV1LC9m0y4SbdcALWaSbOFcGiNAxMg37DsBS9h5dzCbgHFj5spjH7LWX8KweUOLyCzFmQOQJWkhRKInzymUId+aGZKWq0EtUqJDUM85ZkQ6kA9+2+lSnrgMlcHbC7gEFhKZRnuh/uh4BY2imF2lA6w4ZJp+p8ajGuTMmkOmB9OTCp5LFVtHgd5o4G9qNpSfZ7BQYaZCWUgpxlD7jNvmaYgHWgJmnVrLF5en6KjBeJFYM+1rZmgzotytBIx64FZ0CXTiN09JkBbunPLE/2p0G0BXYZO2JfP6p+Vm+QScC9LDrNS2iJ2mjwe1UzusO35Dh1okLnznbsTCz6fQbnccwuI+7Y2QAtbCrpVumS30jAocHOTVdQto6jDPk/pExVBRqGu4NcAHE/3rA9oLGhQN/oQxX1Wmu+4ZAI7p8k0gKSmYBr1vNFQKgv4XWO/reNjOKtZhnAtah4+Ulm+5ZnfbnBhUp1TDZnS/jnF9kxwthFANZRc5uhcqcA1/NwUD0SbMZmB6DfVHgdcqIPf+KXNCY3HAWfCgpbM8n2TcceK7vcqtVKleaqrTJVueHTDxEdheHmNZdpSxnUl2JGWTNZMiCNe3gPAizhSczQWSqrB8+PFFfyUITLNsYaMCZA5ul34AfRvTR8hszWcdcJqZpREd4JhwNieXWhz2W3f4sUteN4uulw2sSS+bY8BblZqF/JSLo1l0uLv3+a4gF99jVUV7c665P1ygYzdQFZrbo9PLC+5pFnB5A78AVWK8ORQB8tLfxq1KpRVhm61KmkOe56h28Ppif3E23CfCfdzDxloH3I8CZUxcQpB0HJehEpoOZv/o6YC9gKa7jkcsLPumBCgjw/B2pw03nIR3nXGQGrYvjnmRi38wubWDjALdaC3JUcYMAebI80hc81k0z5aZO8V3F6p1suOjK6oNFcHKRTDlq+NA2M8EDcYDc1XtDaNWhWMeYDHmB/DOQiwQLMSW5w7yklzdgw7hSulTywIqAolj0+24DqnFdP2iDI1cSJtFtpMyS1okBmMO7BrJnkt7HSzw7hTaicA655MgDTXfI/Nfxli5lpVG/ULMSFuupJnWhm1tVRJ/Hf7pd5wZHhbYLbW8NSffWYVy7hdYUs7yKtE3pV2wK2UH4KilaFf9+ZDoHZ+HVLVfAgVrXI+BPs46vlb9A+koB9eBn4V/TRaZEr6adBY1PTTaHEp6qcxI1LV3wGMSFl/Dz0Kdf00cJQK+2noGFX2QXKkSvsY6/rq8BghHsV9jBSX6j5Gi0h5H0VFcegnOlDxnVOKzn4MKvx4vyJQ4kfnPio1fowWryI/2s8YVflRaCTK/BgnFnV+lBOjQj8+CFCq9GPYiJT60acZIrV+1KVBqNiPMeNQ7ccosSn3o4sZDvV+/MGLScE/KRR7hOUVkZJ/CioCNX88XECi6I864XhV/TF0hMr+GDIedf8k0rUV/pMg11b5R2cYGqV/jBST2j/aq4gU/zFWTKr/SVtIiJT/Qd4HVP9PvQ48FQAm9zzGKgBT4VFWApgKj7QaQBAfeUWAGDPGqgAxZoSVAWLIaKsDxMBxVgiIzkQkVQJinAgrBcSQEVYLiCGjrBgQg8ZeNSB8wAhx5YDbwFirB9ymRlZBIAiLtIpAhBVVJYEIK7pqAtN48VQUmMaLpapAhBZTZYEYKqLqApPGAL4KAxFsTFUG5q24SCoN3AmN9eDfQ1QcmDKmsVQdmMe6duWBIC3a6gMRWoQVCEaSEEirEEylRaBNj6KiqEYQpcRPiK4qQZR4/coEQUQ81QmGqD4uyAomJYintKLpD41VcmU12HbKWghdy88f4+2OCmb9kLrKME1s+cpquO2bkU7O7CVZpPXvvARyKECStgUv4c40uNHwZ6lyvuWQ/9m4H3mczxH4cAwZXwnGsB2YpIPmc2P05qDpG047ar4fKyBqS1rz/0OA2wI0afMA3edE6b7j2o8moC53EzusV97E5WZBIkADxnAlk5Zr+dbYfP5ItqoputDd2YvFe/qNzpS0LEtePKKpg8LyXIMJ1+1oT1beibtAEZyEkM1NSQrZPiOuOedjLffAvp8t9Juvwvp+at7dxbAf053qSnmjXMOnkkqhJOFl63Wduv0fP+YRNInY1BBntaXapsjVjtYly3jVgzsf0E2736/MXjW80NO5ab99ktwkaPK0qZ+6w973LUQoXPu/lUw5F1uLbk3N+0fXlIGZ13r8ZMA9m12Zkrk5H5DMkA2A9PWL9uG1ql8njKlHUrnzYZ6dsX6N4lvCJPFHvQg3xGq+24H2FZQm99bNyht33bkvrcXrhT1O08ewb1nGaRbYChWbZvG9fbmjWXhlbYHWlZIUpNVvsCUxi2585znpPu5MprfNo82Cq42v4YPuNiLusgPjflfubWTXM9HeTLE6i+uNy6FNYdOw48ZqJm3SQOD5dLCRsI2qrQeqQBv/SGeWNA2DNnfSJo7Zlwfecm1SV9lcnlqwB4Rut14eCXk0r4GVV9Wjfg9S5N88vF+KFNfY65AXNXBVJA2clwfmMq/Ngw1ipRP6gcvj/lQbarkdOe+JFLqqdVYw48uQ8hLoVj/Y808rAZRL2l4I0Eqr7MEeiFJRtaVQVkIdYWTfCSl6psoS5EgZEqTMfrul1vg96sG+VeJkdrMlev1GiLlU/jjoci+qGDTV7ZT6z9tyBwT2sYzPFWxa/97hNhmxRYj9SE2ZJyiA2C5XMER1Dblg+hVDQQDbpz1KMAYrYGtfhdreDJqDZVyYJ8HlCzWq1lnCofEZbKFyNy66e3/gtiDtyUMyOJN2N3empL0cTq9L4LTJrNZws3QdmPGXEEkn3QL15Y1dLydELYA4s8SZTQZ6+zjM3Ukxf4DlbB2YkqC7BZp6tPbd2Rie1KFK9OrSlTLrQ4L1sutDCgwZ9iHPm2fZzxpfLdM+pFg3237WHwgy7kMeJFn3s3UEZ+Z9iIgj+342wrFl4INwyLLwQUZcmfggIqpsfJAQQUZ+hAtPijkIiCIz/5hdhydDP4KHIksfZEOUqfdplScX6Lh7md5xa3cUmnDMiwAYca1Z50K5aMd9tRHcFCfejAkBYcelwfUVozML+aMAN6W434S24/GsTbsjfnLbl0wIX4r/jbBA5nGepPubkv+nHoa3roUbAIld9I+tOdc6I3vFs+uzJdc9AJrKutyMFFS8T03gzZLG7OUSMYcrrcahpQpIHGb31fjLNufftpbL/fkruJberG/SHffywdJ8TSv399/iyY6m/w4FzwrCJbe84YwvEi2f/0fymfrFWSV/NxN12JU6TgS/LEivjktN9amz3C0hM8kW3IqZSdLUjUv8at6P3mizYPitoc1xBtTiU3GYGeWmoYo9hgHeaALOpXrjaXfTFW2IVpp2E8jeaNpNIHn7aReGOhX/SXomeZDZDwXt162nTZ8MUydTCZKnTs5ntzM/EotORkycTfFZlMu0zgXiZLR03maXaJnadPJA8iOzMHf0LLCytHHjdX6lb/X62q7BFozg5vSPz+OmPfX0vc1nA/nx9a/rzonOJcsENfx3smHrDBJn8KpvCJdkc7x8k9M106ky33VNnPvB3pfO2NmM8rn2q62xWSvluChkPuF5FYf4gtkbiPbnIyhugry4NTdB5AdQ3QS58etugtjYlTdBaNTamzAxcvVNEBqz/iYIjFuBE0TGrcEJPwSxq3CC1Jh1OEFg/Eqc8IB+KC1O8BIeTo0TvIpH0eOMPC+RK3JGpixyTU5tQCcNYm5UoxsXiXiKJfx8L2TxhoPZzylYC7jxnsrZvRsqcRjngbzNe2DSbjZ7llBKeArKkkmLcFLfNRvjSe7rf2gMkkzlV91UDWDHwTJVVkwmRPK37UPA6nl/jBwDvL/JZuVjot9oHill65tPfhLxeesMky+fnwk3BCTbjOXWmsvnWdqnwY+vf/X3XSuvdKl4Zmsd3r71EHsmuT0mXtL+HogFuwHpWjPXN+jqLOP5YrJcKi1Tcst3tR5sed+evYLJXZ20rOdfrUXSHVOcSOK3Rl8g4Xz9P2Ws+0tHMhHCecEJb0txdkec8YkcOYy8bygFRw4V0xacrzkR53SEvRngt4vcz9/F/sx+8bIuSWd2LpZgerfAazWft8Rb7ud1JZgcrIITMSsNxr+3xFhm64Tu/Ydaa3cTuwZI04BbpCJE7YJFpUq5d/SlWwed2dO8/3F7qC9Wx9x7U0LtdpATLv9U9bjoDkeM0JPgixN6NGyxQg+GJV7ogXDEDD0OorjhgglX7NDDvX38cOqX1WKIHmHFOOLUDSvHEj0I2njitNjgiCkGjwkEcUVPs3Zs0YMgiC96FjwxRo+EL864RkMba5yWTUzxxokKR8xxGv5rxx0H2HDJEocdvUit64i2lZsEC5wgntP8Wxwfbv9/Cs6SR4UntZ80buiOBLfWb9Ze6QiSHwv+5gw2JcHmdMTikoMpFAufAp6CwHYgc5auG957e3MIFqycMmeluFFj5i6Ir63b3djtQoMpJFMLt7wKq5uzXWPTiComQXBjDTIszTLLnVfSvCIPCxerKq32TCQWFL0Oqjtf4ayjAktcIea1MMvUNnkdVbwqx/JQzstd378cUqzkYw4RkPiZQ6S1fM0zhtX8zSHFyj7nWYes6ncOSVb0PYcY6/mfQ4qVfdCzwYrG+wtS4fAAw2g4vMAgGwZPMAiGxRsM99qKHuEIEAKvMEiGwTPsoPAIPKeE26jknTOBkYg7Z1LjkHbOhMYg7JyJvLqscy4vAlHnTOS1JZ0zcdcXdM4EXl/OORMYhZhzJvPaUs6ZuDiEnHMHMjoZ58wLQCninHkNmCScs5+NCAScsycqAvnmtBTkMq9U+1cbNc17pVqICu0r1UZhFzjHLZO8Ui1EjPWVaiFWpK9U+61UqZUqF6pY+G+lyvGzqn3j7j8LnqWdSJExATJnCxSi9mbPJsJcpJS3pweafZ/89EzK8slZnA+SFUzuIO0B3g/epj/CO3P0QvOitRtl3O7cxWtf4AZnJd0u5AtTb11atk8hHcxEFH+2Jv1mJz97Q9Q8JP8mqcQb6X3T7Xuqrqxfj2pVVkomfQvkCSJsfKQnXrhMOMnf++t3NsdHzP8HAAD//0xqk+s=" + return "eJzUnEtv3DgSx+/5FDzuAjvO3YcFDDvAejEZBHGMBfYisKWSxDFFaknKnvanX/ChtlpvdRc7aR+CWG3/66fiq1gs+jfyAvtb8i5l9YkQwwyHW/Jf/10GOlWsNkyKW/LPT4QQ8iQrcB+TSmYNh0+E5Ax4pm/dx/brNyJoBQfJ9svsa7glhZJN3XmqgAPVcEt2YGjneQY5bbhJnPgtySnXcPTxgKz9+uq4SC4VqanSTBSe9+7bI/kP7EopX/RN5zf6+N1XqKg2oBKaprIRJmHZ0U+17/QC+zep+p/NIDpMJ03uvLT1AzWQESMJJbqGlOUsJU/Nrv2JUT7d7KLAfQ80S/ZlDYoaqVCNP2tQjw/ElNQQo1hRgLKOKYHAKyyA4FJY7c9fKsp4t30sSaNBbSOM2UxB2zpNLmAYVoE2tKpHKTJqYBvCj1av76F5hOQnM6QKqJVLrE28BrkPsmQg2+sGN/JNQJRhI3P36q0nQkcFQlMH9kY1qUHlUlWQESlmIcF2fTzCuZF0GqD34i+P2Y59+xSP8w9aQRRMyhnVeJx3Vi4KqG7qWipsvz551dZaVHLkrttH/5vry39HeYW0pCZJSyoE8Btcj997VTJQHbWNOWm2lh8flu1OLhVMGCigH3ustDy5UhzbjrBsk7cSBAkWXB9wqyJknyuZsZxB9jkDDgayZT5LkFjIX4yvAq1pAah95qvXnO0zrV3cPvNjX4Nd4IP6PwgwU4IitWKv1ED7nEh1cFt4tEwarwVbqvNaMN4IwOHToLUNKDF72pPXfHxwu1k7YbfN2pvQV7dyKoWhKfq640MmmmUK9PhSr0Fkdit+Em2EMBmP0bcIKmNYG4aYm6nirdMno4394FlUPz6s2yYc3/BVAIaJAnUhsIY/dlzBwqz1PyUTSaMQR96/JRPk+fvvWyiaBtsLz8/b/FBKjTuqHcTRBjiYItbULIuRNUsxowNv98dAdmA4Umzg7YeVbJZAG6oM+qLf9b6zsEBh7b9LgTkjBEU7rWeHtXNNx8wa5RI4oyxc9n57xQKeSpHp4w5JNdkBCLf5eh2fMA+zldYNjG/Ft8M8WrHDTMlyQgWhHJQhTHfSmFKs9lZNtR5pnTNa7ltQHK4u0zR1KQXcKCYKJooEv0+X8JE19REjJdaasT3MBo32ox1nuvzgTSnnMN62HjeVQkBqILsWYCr0G6iL0LY8jtXbnZhCgi8p5wmI7FJYILJlHtSYVbD/Nd1Yw1qYAUCexR6CnLVOyatk6XD7MPQAqEQ01W6wjp0TfzpZ4mX7U8QWLtyoOFCNBMWbfTV9HrG92QKX/fUzuOzOKOI5RQ1KS3EyH8Tm81a28QUy+MuA0PiHTOcDdhv45jIN/FaytCRMMMM85/IsFvjcN+hTyTerSv7wM0nXlWqZ6KNhsam+tMrtHLeRLGIovZEkg1eWAnLPf3CifkZzof1uvwEK4vdyVxHAtAdaChEALjT2tlJdeMTNhsme6CeNuBVkFxpxK0guP+LGoRSkUmXYubZuZUPQX7COm+XqZrjWEqBnuY5Ht5Wf2CevRkROfrmkVz8D10NcjYYXCbe5sbWm0Te5D9TA1t4TYWYJe9phauxgdfhuQ7CIu8st/tElVYCbTLcOcrIuoz5wzuJYMpQnmr2jdVsrSKzgwDeECbLbm15ucMh0+F8yLOI8HeyuctUl3RFFcsZhcPS3aaacPpPcTnh8ILk8YY7y2egMdRGbOXucLlV0FDlTGrvOydIQJzyau1iDxWkcKqt7MhTy2bYDgsmawAUY/K3/aEJnDUrMsH48JWfNLvG4eUnt8YDuvSBJZTZwU92BnQZLZVVTgYjkmu1+RPXYHxVDNun3f5QfQrGJkiVnvtGQTCHspORA+yv+UsieW2Hy7euj3XyCoLup3ad/fZbiruZ2DW/bXUm7PpGapaZR4wGOg3ilgpl9jELdkbpsPWwgdXxnpj+ZxNtsplLkrGhUJyicH72ciqJBreP4PSgSDcY6Q68kccHDCyCO13/ZQOEF9pZkJYSSHDlS77SIFV/JkUE9HuVhcGRQU2WgArHWLbUCDSJ19z1Mg1hUft8oZTFaA8QbsMNsgSgMuUTIfvh83jrYDmWne3DP83xrRSu6dAEBl0UBGWHis2xGId5gxwRFDnIPh5WtD4KVWYKIlVFbMCIkjbaYv0TGKPx/DU7M7NAq+6jBc5sFCuqzFVItAXom6MkKuizMJkdEzzKvoYic+FmDQAsQGcVzw53T20IQseZpy0wxUxl21lVSr9vGzd7aKMi7lJWNViNl+d2V7clo+GDc/hMxWl9JkVJuu1GEwhIn6zMhJyKh1qW3QJvbyaUmUFm+WMXtIGlJRQG424V7p+k2DBt7L2jZqBSwr2N8D7ohbTVxL2Nt013gdu1KFDc5RZrzDoWx25BcAS3yoevBdCjPnbwi+NGrZVVL0c/+IUGMi0944oUJxEF+597fam7rMQoKpo2iwuAuTyKXqvJBC93JxgyqLLxhUHrN+UKHEnt7/P0gTUakRwCQR3k8T8U4CYlHG+GAJB5sWCeuATVlBnEBj8iJfboRD/WdjV+t/cUw7XR2FaPJnTVdAygTWaOvpJNK1U8y/JKYf8pd4v6U2jXA1o1KS6qZKFyiK8nVlaxXSnJImEjCC0BSK5leyQImZCLzBKqayz1gJnJirmVVBcJcBSv+cQIya02VYSmrsbcoXw8n/f0T57U0sWvSP0y1l07dc11SZcGni1gGkBEKj7qZNhxS1xMjXEwcIFpD4WLN1ibnQF9xzyGnIDnk5iTE4PQkA0MZ1zeciZfEZ7kwB48pZWbbv23jN2ZKkilZ7+Rf/l7+yBHIGt5UCoOan2lPs4Kwn4LeqPYFrBO3PGYAc8YhsV5FRCzBlYUSK3s24PxZ+cmHYP6Cb3dcz/3NgjlA7N54cF9I5h47cBRP8ix5pXzqZCjn1BgQsBHEwMSf0GgLddCN/T8AAP//kuX+7w==" } diff --git a/x-pack/filebeat/module/zoom/webhook/_meta/fields.yml b/x-pack/filebeat/module/zoom/webhook/_meta/fields.yml index 450fa969f46..65785a2dedf 100644 --- a/x-pack/filebeat/module/zoom/webhook/_meta/fields.yml +++ b/x-pack/filebeat/module/zoom/webhook/_meta/fields.yml @@ -29,759 +29,42 @@ type: date description: > Timestamp related to the event - - name: account.owner_id - type: keyword - description: > - UserID of the related user the action was performed on - - name: account.email - type: keyword - description: > - Email related to the user the action was performed on - - name: account.owner_email - type: keyword - description: > - Email related to the user the action was performed on - - name: account.account_name - type: keyword - description: > - Name related to the user the action was performed on - - name: account.account_alias - type: keyword - description: > - Alias related to the user the action was performed on - - name: account.account_support_name - type: keyword - description: > - Support account related to the user the action was performed on - - name: account.account_support_email - type: keyword - description: > - Support account (Email) related to the user the action was performed on - - name: account.settings.schedule_meeting.host_video - type: boolean - description: > - Settings related to the account - - name: account.settings.schedule_meeting.participant_video - type: boolean - description: > - Settings related to the account - - name: account.settings.schedule_meeting.audio_type - type: keyword - description: > - Settings related to the account - - name: account.settings.schedule_meeting.join_before_host - type: boolean - description: > - Settings related to the account - - name: account.settings.schedule_meeting.enforce_login - type: boolean - description: > - Settings related to the account - - name: account.settings.schedule_meeting.enforce_login_with_domains - type: boolean - description: > - Settings related to the account - - name: account.settings.schedule_meeting.enforce_login_domains - type: keyword - description: > - Settings related to the account - - name: account.settings.schedule_meeting.not_store_meeting_topic - type: boolean - description: > - Settings related to the account - - name: account.settings.schedule_meeting.force_pmi_jbh_password - type: boolean - description: > - Settings related to the account - - name: account.settings.in_meeting.e2e_encryption - type: boolean - description: > - Settings related to the account - - name: account.settings.in_meeting.chat - type: boolean - description: > - Settings related to the account - - name: account.settings.in_meeting.private_chat - type: boolean - description: > - Settings related to the account - - name: account.settings.in_meeting.auto_saving_chat - type: boolean - description: > - Settings related to the account - - name: account.settings.in_meeting.file_transfer - type: boolean - description: > - Settings related to the account - - name: account.settings.in_meeting.feedback - type: boolean - description: > - Settings related to the account - - name: account.settings.in_meeting.post_meeting_feedback - type: boolean - description: > - Settings related to the account - - name: account.settings.in_meeting.co_host - type: boolean - description: > - Settings related to the account - - name: account.settings.in_meeting.polling - type: boolean - description: > - Settings related to the account - - name: account.settings.in_meeting.attendee_on_hold - type: boolean - description: > - Settings related to the account - - name: account.settings.in_meeting.show_meeting_control_toolbar - type: boolean - description: > - Settings related to the account - - name: account.settings.in_meeting.allow_show_zoom_windows - type: boolean - description: > - Settings related to the account - - name: account.settings.in_meeting.annotation - type: boolean - description: > - Settings related to the account - - name: account.settings.in_meeting.whiteboard - type: boolean - description: > - Settings related to the account - - name: account.settings.in_meeting.webinar_question_answer - type: boolean - description: > - Settings related to the account - - name: account.settings.in_meeting.anonymous_question_answer - type: boolean - description: > - Settings related to the account - - name: account.settings.in_meeting.breakout_room - type: boolean - description: > - Settings related to the account - - name: account.settings.in_meeting.closed_caption - type: boolean - description: > - Settings related to the account - - name: account.settings.in_meeting.far_end_camera_control - type: boolean - description: > - Settings related to the account - - name: account.settings.in_meeting.group_hd - type: boolean - description: > - Settings related to the account - - name: account.settings.in_meeting.virtual_background - type: boolean - description: > - Settings related to the account - - name: account.settings.in_meeting.watermark - type: boolean - description: > - Settings related to the account - - name: account.settings.in_meeting.alert_guest_join - type: boolean - description: > - Settings related to the account - - name: account.settings.in_meeting.auto_answer - type: boolean - description: > - Settings related to the account - - name: account.settings.in_meeting.p2p_connetion - type: boolean - description: > - Settings related to the account - - name: account.settings.in_meeting.p2p_ports - type: boolean - description: > - Settings related to the account - - name: account.settings.in_meeting.ports_range - type: keyword - description: > - Settings related to the account - - name: account.settings.in_meeting.sending_default_email_invites - type: boolean - description: > - Settings related to the account - - name: account.settings.in_meeting.use_html_format_email - type: boolean - description: > - Settings related to the account - - name: account.settings.in_meeting.dscp_marking - type: boolean - description: > - Settings related to the account - - name: account.settings.in_meeting.dscp_audio - type: long - description: > - Settings related to the account - - name: account.settings.in_meeting.dscp_video - type: long - description: > - Settings related to the account - - name: account.settings.in_meeting.stereo_audio - type: boolean - description: > - Settings related to the account - - name: account.settings.in_meeting.original_audio - type: boolean - description: > - Settings related to the account - - name: account.settings.in_meeting.screen_sharing - type: boolean - description: > - Settings related to the account - - name: account.settings.in_meeting.remote_control - type: boolean - description: > - Settings related to the account - - name: account.settings.in_meeting.attention_tracking - type: boolean - description: > - Settings related to the account - - name: account.settings.email_notification.cloud_recording_avaliable_reminder - type: boolean - description: > - Settings related to the account - - name: account.settings.email_notification.jbh_reminder - type: boolean - description: > - Settings related to the account - - name: account.settings.email_notification.cancel_meeting_reminder - type: boolean - description: > - Settings related to the account - - name: account.settings.email_notification.low_host_count_reminder - type: boolean - description: > - Settings related to the account - - name: account.settings.email_notification.alternative_host_reminder - type: boolean - description: > - Settings related to the account - - name: account.settings.zoom_rooms.upcoming_meeting_alert - type: boolean - description: > - Settings related to the account - - name: account.settings.zoom_rooms.start_airplay_manually - type: boolean - description: > - Settings related to the account - - name: account.settings.zoom_rooms.weekly_system_restart - type: boolean - description: > - Settings related to the account - - name: account.settings.zoom_rooms.list_meetings_with_calendar - type: boolean - description: > - Settings related to the account - - name: account.settings.zoom_rooms.zr_post_meeting_feedback - type: boolean - description: > - Settings related to the account - - name: account.settings.zoom_rooms.ultrasonic - type: boolean - description: > - Settings related to the account - - name: account.settings.zoom_rooms.force_private_meeting - type: boolean - description: > - Settings related to the account - - name: account.settings.zoom_rooms.hide_host_information - type: boolean - description: > - Settings related to the account - - name: account.settings.zoom_rooms.cmr_for_instant_meeting - type: boolean - description: > - Settings related to the account - - name: account.settings.zoom_rooms.auto_start_stop_scheduled_meetings - type: boolean - description: > - Settings related to the account - - name: account.settings.security.admin_change_name_pic - type: boolean - description: > - Settings related to the account - - name: account.settings.security.import_photos_from_devices - type: boolean - description: > - Settings related to the account - - name: account.settings.security.hide_billing_info - type: boolean - description: > - Settings related to the account - - name: account.settings.recording.local_recording - type: boolean - description: > - Settings related to the account - - name: account.settings.recording.cloud_recording - type: boolean - description: > - Settings related to the account - - name: account.settings.recording.record_speaker_view - type: boolean - description: > - Settings related to the account - - name: account.settings.recording.record_gallery_view - type: boolean - description: > - Settings related to the account - - name: account.settings.recording.record_audio_file - type: boolean - description: > - Settings related to the account - - name: account.settings.recording.save_chat_text - type: boolean - description: > - Settings related to the account - - name: account.settings.recording.show_timestamp - type: boolean - description: > - Settings related to the account - - name: account.settings.recording.recording_audio_transcript - type: boolean - description: > - Settings related to the account - - name: account.settings.recording.auto_recording - type: keyword - description: > - Settings related to the account - - name: account.settings.recording.cloud_recording_download - type: boolean - description: > - Settings related to the account - - name: account.settings.recording.cloud_recording_download_host - type: boolean - description: > - Settings related to the account - - name: account.settings.recording.account_user_access_recording - type: boolean - description: > - Settings related to the account - - name: account.settings.recording.auto_delete_cmr - type: boolean - description: > - Settings related to the account - - name: account.settings.recording.auto_delete_cmr_days - type: long - description: > - Settings related to the account - - name: account.settings.telephony.third_party_audio - type: boolean - description: > - Settings related to the account - - name: account.settings.telephony.audio_conference_info - type: keyword - description: > - Settings related to the account - - name: account.settings.integration.google_calendar - type: boolean - description: > - Settings related to the account - - name: account.settings.integration.google_drive - type: boolean - description: > - Settings related to the account - - name: account.settings.integration.dropbox - type: boolean - description: > - Settings related to the account - - name: account.settings.integration.box - type: boolean - description: > - Settings related to the account - - name: account.settings.integration.microsoft_one_drive - type: boolean - description: > - Settings related to the account - - name: account.settings.integration.kubi - type: boolean - description: > - Settings related to the account - - name: account.settings.feature.meeting_capacity - type: boolean - description: > - Settings related to the account - - - name: old_account.owner_id - type: keyword - description: > - UserID of the related user the action was performed on - - name: old_account.email - type: keyword - description: > - Email related to the user the action was performed on - - name: old_account.owner_email - type: keyword - description: > - Email related to the user the action was performed on - - name: old_account.account_name - type: keyword - description: > - Name related to the user the action was performed on - - name: old_account.account_alias - type: keyword - description: > - Alias related to the user the action was performed on - - name: old_account.account_support_name - type: keyword - description: > - Support account related to the user the action was performed on - - name: old_account.account_support_email - type: keyword - description: > - Support account (Email) related to the user the action was performed on - - name: old_account.settings.schedule_meeting.host_video - type: boolean - description: > - Settings related to the account - - name: old_account.settings.schedule_meeting.participant_video - type: boolean - description: > - Settings related to the account - - name: old_account.settings.schedule_meeting.audio_type - type: keyword - description: > - Settings related to the account - - name: old_account.settings.schedule_meeting.join_before_host - type: boolean - description: > - Settings related to the account - - name: old_account.settings.schedule_meeting.enforce_login - type: boolean - description: > - Settings related to the account - - name: old_account.settings.schedule_meeting.enforce_login_with_domains - type: boolean - description: > - Settings related to the account - - name: old_account.settings.schedule_meeting.enforce_login_domains - type: keyword - description: > - Settings related to the account - - name: old_account.settings.schedule_meeting.not_store_meeting_topic - type: boolean - description: > - Settings related to the account - - name: old_account.settings.schedule_meeting.force_pmi_jbh_password - type: boolean - description: > - Settings related to the account - - name: old_account.settings.in_meeting.e2e_encryption - type: boolean - description: > - Settings related to the account - - name: old_account.settings.in_meeting.chat - type: boolean - description: > - Settings related to the account - - name: old_account.settings.in_meeting.private_chat - type: boolean - description: > - Settings related to the account - - name: old_account.settings.in_meeting.auto_saving_chat - type: boolean - description: > - Settings related to the account - - name: old_account.settings.in_meeting.file_transfer - type: boolean - description: > - Settings related to the account - - name: old_account.settings.in_meeting.feedback - type: boolean - description: > - Settings related to the account - - name: old_account.settings.in_meeting.post_meeting_feedback - type: boolean - description: > - Settings related to the account - - name: old_account.settings.in_meeting.co_host - type: boolean - description: > - Settings related to the account - - name: old_account.settings.in_meeting.polling - type: boolean - description: > - Settings related to the account - - name: old_account.settings.in_meeting.attendee_on_hold - type: boolean - description: > - Settings related to the account - - name: old_account.settings.in_meeting.show_meeting_control_toolbar - type: boolean - description: > - Settings related to the account - - name: old_account.settings.in_meeting.allow_show_zoom_windows - type: boolean - description: > - Settings related to the account - - name: old_account.settings.in_meeting.annotation - type: boolean - description: > - Settings related to the account - - name: old_account.settings.in_meeting.whiteboard - type: boolean - description: > - Settings related to the account - - name: old_account.settings.in_meeting.webinar_question_answer - type: boolean - description: > - Settings related to the account - - name: old_account.settings.in_meeting.anonymous_question_answer - type: boolean - description: > - Settings related to the account - - name: old_account.settings.in_meeting.breakout_room - type: boolean - description: > - Settings related to the account - - name: old_account.settings.in_meeting.closed_caption - type: boolean - description: > - Settings related to the account - - name: old_account.settings.in_meeting.far_end_camera_control - type: boolean - description: > - Settings related to the account - - name: old_account.settings.in_meeting.group_hd - type: boolean - description: > - Settings related to the account - - name: old_account.settings.in_meeting.virtual_background - type: boolean - description: > - Settings related to the account - - name: old_account.settings.in_meeting.watermark - type: boolean - description: > - Settings related to the account - - name: old_account.settings.in_meeting.alert_guest_join - type: boolean - description: > - Settings related to the account - - name: old_account.settings.in_meeting.auto_answer - type: boolean - description: > - Settings related to the account - - name: old_account.settings.in_meeting.p2p_connetion - type: boolean - description: > - Settings related to the account - - name: old_account.settings.in_meeting.p2p_ports - type: boolean - description: > - Settings related to the account - - name: old_account.settings.in_meeting.ports_range - type: keyword - description: > - Settings related to the account - - name: old_account.settings.in_meeting.sending_default_email_invites - type: boolean - description: > - Settings related to the account - - name: old_account.settings.in_meeting.use_html_format_email - type: boolean - description: > - Settings related to the account - - name: old_account.settings.in_meeting.dscp_marking - type: boolean - description: > - Settings related to the account - - name: old_account.settings.in_meeting.dscp_audio - type: long - description: > - Settings related to the account - - name: old_account.settings.in_meeting.dscp_video - type: long - description: > - Settings related to the account - - name: old_account.settings.in_meeting.stereo_audio - type: boolean - description: > - Settings related to the account - - name: old_account.settings.in_meeting.original_audio - type: boolean - description: > - Settings related to the account - - name: old_account.settings.in_meeting.screen_sharing - type: boolean - description: > - Settings related to the account - - name: old_account.settings.in_meeting.remote_control - type: boolean - description: > - Settings related to the account - - name: old_account.settings.in_meeting.attention_tracking - type: boolean - description: > - Settings related to the account - - name: old_account.settings.email_notification.cloud_recording_avaliable_reminder - type: boolean - description: > - Settings related to the account - - name: old_account.settings.email_notification.jbh_reminder - type: boolean - description: > - Settings related to the account - - name: old_account.settings.email_notification.cancel_meeting_reminder - type: boolean - description: > - Settings related to the account - - name: old_account.settings.email_notification.low_host_count_reminder - type: boolean - description: > - Settings related to the account - - name: old_account.settings.email_notification.alternative_host_reminder - type: boolean - description: > - Settings related to the account - - name: old_account.settings.zoom_rooms.upcoming_meeting_alert - type: boolean - description: > - Settings related to the account - - name: old_account.settings.zoom_rooms.start_airplay_manually - type: boolean - description: > - Settings related to the account - - name: old_account.settings.zoom_rooms.weekly_system_restart - type: boolean - description: > - Settings related to the account - - name: old_account.settings.zoom_rooms.list_meetings_with_calendar - type: boolean - description: > - Settings related to the account - - name: old_account.settings.zoom_rooms.zr_post_meeting_feedback - type: boolean - description: > - Settings related to the account - - name: old_account.settings.zoom_rooms.ultrasonic - type: boolean - description: > - Settings related to the account - - name: old_account.settings.zoom_rooms.force_private_meeting - type: boolean - description: > - Settings related to the account - - name: old_account.settings.zoom_rooms.hide_host_information - type: boolean - description: > - Settings related to the account - - name: old_account.settings.zoom_rooms.cmr_for_instant_meeting - type: boolean - description: > - Settings related to the account - - name: old_account.settings.zoom_rooms.auto_start_stop_scheduled_meetings - type: boolean - description: > - Settings related to the account - - name: old_account.settings.security.admin_change_name_pic - type: boolean - description: > - Settings related to the account - - name: old_account.settings.security.import_photos_from_devices - type: boolean - description: > - Settings related to the account - - name: old_account.settings.security.hide_billing_info - type: boolean - description: > - Settings related to the account - - name: old_account.settings.recording.local_recording - type: boolean - description: > - Settings related to the account - - name: old_account.settings.recording.cloud_recording - type: boolean - description: > - Settings related to the account - - name: old_account.settings.recording.record_speaker_view - type: boolean - description: > - Settings related to the account - - name: old_account.settings.recording.record_gallery_view - type: boolean - description: > - Settings related to the account - - name: old_account.settings.recording.record_audio_file - type: boolean - description: > - Settings related to the account - - name: old_account.settings.recording.save_chat_text - type: boolean - description: > - Settings related to the account - - name: old_account.settings.recording.show_timestamp - type: boolean - description: > - Settings related to the account - - name: old_account.settings.recording.recording_audio_transcript - type: boolean + - name: time_stamp + type: date description: > - Settings related to the account - - name: old_account.settings.recording.auto_recording + Timestamp related to the event + - name: creation_type type: keyword description: > - Settings related to the account - - name: old_account.settings.recording.cloud_recording_download - type: boolean - description: > - Settings related to the account - - name: old_account.settings.recording.cloud_recording_download_host - type: boolean - description: > - Settings related to the account - - name: old_account.settings.recording.account_user_access_recording - type: boolean - description: > - Settings related to the account - - name: old_account.settings.recording.auto_delete_cmr - type: boolean - description: > - Settings related to the account - - name: old_account.settings.recording.auto_delete_cmr_days - type: long - description: > - Settings related to the account - - name: old_account.settings.telephony.third_party_audio - type: boolean - description: > - Settings related to the account - - name: old_account.settings.telephony.audio_conference_info + Creation type + - name: account.owner_id type: keyword description: > - Settings related to the account - - name: old_account.settings.integration.google_calendar - type: boolean - description: > - Settings related to the account - - name: old_account.settings.integration.google_drive - type: boolean + UserID of the related user the action was performed on + - name: account.email + type: keyword description: > - Settings related to the account - - name: old_account.settings.integration.dropbox - type: boolean + Email related to the user the action was performed on + - name: account.owner_email + type: keyword description: > - Settings related to the account - - name: old_account.settings.integration.box - type: boolean + Email related to the user the action was performed on + - name: account.account_name + type: keyword description: > - Settings related to the account - - name: old_account.settings.integration.microsoft_one_drive - type: boolean + Name related to the user the action was performed on + - name: account.account_alias + type: keyword description: > - Settings related to the account - - name: old_account.settings.integration.kubi - type: boolean + Alias related to the user the action was performed on + - name: account.account_support_name + type: keyword description: > - Settings related to the account - - name: old_account.settings.feature.meeting_capacity - type: boolean + Support account related to the user the action was performed on + - name: account.account_support_email + type: keyword description: > - Settings related to the account + Support account (Email) related to the user the action was performed on - name: chat_channel.name type: keyword description: > @@ -802,43 +85,43 @@ type: date description: > Time when channel was created/modified/deleted - - name: chat_messages.id + - name: chat_message.id type: keyword description: > Message ID - - name: chat_messages.type + - name: chat_message.type type: integer description: > Type of message, either private message or channel message - - name: chat_messages.date_time + - name: chat_message.date_time type: date description: > Time when message was created/modified/deleted - - name: chat_messages.timestamp + - name: chat_message.timestamp type: date description: > Time when message was created/modified/deleted - - name: chat_messages.session_id + - name: chat_message.session_id type: keyword description: > SessionID for the channel related to the message - - name: chat_messages.contact_email + - name: chat_message.contact_email type: keyword description: > Email address related to the user sending the message - - name: chat_messages.contact_id + - name: chat_message.contact_id type: keyword description: > UserID related to the user sending the message - - name: chat_messages.channel_id + - name: chat_message.channel_id type: keyword description: > ChannelID related to the message - - name: chat_messages.channel_name + - name: chat_message.channel_name type: keyword description: > Channel name related to the message - - name: chat_messages.message + - name: chat_message.message type: keyword description: > The message sent @@ -846,6 +129,10 @@ type: keyword description: > The ID of the meeting + - name: meeting.join_url + type: keyword + description: > + Join URL of the meeting - name: meeting.uuid type: keyword description: > @@ -871,257 +158,17 @@ description: > Timezone used for the meeting - name: meeting.duration - type: long - description: > - Seconds the meeting has been active - - name: meeting.issues - type: long - description: > - Issue message if an alert is triggered on the meeting - - name: meeting.password - type: keyword - description: > - Password related to the meeting - - name: meeting.settings.host_video - type: boolean - description: > - Settings related to the meeting - - name: meeting.settings.participant_video - type: boolean - description: > - Settings related to the meeting - - name: meeting.settings.join_before_host - type: boolean - description: > - Settings related to the meeting - - name: meeting.settings.mute_upon_entry - type: boolean - description: > - Settings related to the meeting - - name: meeting.settings.audio - type: keyword - description: > - Settings related to the meeting - - name: meeting.settings.auto_recording - type: keyword - description: > - Settings related to the meeting - - name: meeting.settings.use_pmi - type: boolean - description: > - Settings related to the meeting - - name: meeting.settings.auto_recording - type: keyword - description: > - Settings related to the meeting - - name: meeting.settings.waiting_room - type: boolean - description: > - Settings related to the meeting - - name: meeting.settings.watermark - type: boolean - description: > - Settings related to the meeting - - name: meeting.settings.enforce_login - type: boolean - description: > - Settings related to the meeting - - name: meeting.registrant.id - type: keyword - description: > - Information about the person that registers to the meeting - - name: meeting.registrant.email - type: keyword - description: > - Information about the person that registers to the meeting - - name: meeting.registrant.first_name - type: keyword - description: > - Information about the person that registers to the meeting - - name: meeting.registrant.last_name - type: keyword - description: > - Information about the person that registers to the meeting - - name: meeting.registrant.address - type: keyword - description: > - Information about the person that registers to the meeting - - name: meeting.registrant.city - type: keyword - description: > - Information about the person that registers to the meeting - - name: meeting.registrant.country - type: keyword - description: > - Information about the person that registers to the meeting - - name: meeting.registrant.zip - type: keyword - description: > - Information about the person that registers to the meeting - - name: meeting.registrant.state - type: keyword - description: > - Information about the person that registers to the meeting - - name: meeting.registrant.phone - type: keyword - description: > - Information about the person that registers to the meeting - - name: meeting.registrant.industry - type: keyword - description: > - Information about the person that registers to the meeting - - name: meeting.registrant.org - type: keyword - description: > - Information about the person that registers to the meeting - - name: meeting.registrant.job_title - type: keyword - description: > - Information about the person that registers to the meeting - - name: meeting.registrant.purchasing_time_frame - type: keyword - description: > - Information about the person that registers to the meeting - - name: meeting.registrant.role_in_purchase_process - type: keyword - description: > - Information about the person that registers to the meeting - - name: meeting.registrant.no_of_employees - type: keyword - description: > - Information about the person that registers to the meeting - - name: meeting.registrant.comments - type: keyword - description: > - Information about the person that registers to the meeting - - name: meeting.registrant.join_url - type: keyword - description: > - Information about the person that registers to the meeting - - name: meeting.participant.id - type: keyword - description: > - Meeting ID of the related meeting - - name: meeting.participant.user_id - type: keyword - description: > - UserID of the participant trigger the sharing event - - name: meeting.participant.user_name - type: keyword - description: > - User name of the participant trigger the sharing event - - name: meeting.participant.join_time - type: date - description: > - The time the participant joined the related meeting - - name: meeting.participant.leave_time - type: date - description: > - The time the participant left the related meeting - - name: meeting.participant.sharing_details.link_source - type: keyword - description: > - Method of sharing with dropbox integration - - name: meeting.participant.sharing_details.content - type: keyword - description: > - Type of content that was shared - - name: meeting.participant.sharing_details.file_link - type: keyword - description: > - The file link that was shared - - name: meeting.participant.sharing_details.date_time - type: keyword - description: > - Timestamp the sharing started - - name: meeting.participant.sharing_details.source - type: keyword - description: > - The file source that was shared - - name: old_meeting.id - type: keyword - description: > - The ID of the meeting - - name: old_meeting.uuid - type: keyword - description: > - The UUID of the meeting - - name: old_meeting.host_id - type: keyword - description: > - The UserID of the meeting host - - name: old_meeting.topic - type: keyword - description: > - Meeting Topic - - name: old_meeting.type - type: integer - description: > - Type of meeting created - - name: old_meeting.start_time - type: date - description: > - Time the meeting started - - name: old_meeting.timezone - type: keyword - description: > - Timezone used for the meeting - - name: old_meeting.duration - type: long - description: > - Seconds the meeting has been active - - name: old_meeting.issues - type: long - description: > - Issue message if an alert is triggered on the meeting - - name: old_meeting.password - type: keyword - description: > - Password related to the meeting - - name: old_meeting.settings.host_video - type: boolean - description: > - Settings related to the meeting - - name: old_meeting.settings.participant_video - type: boolean - description: > - Settings related to the meeting - - name: old_meeting.settings.join_before_host - type: boolean - description: > - Settings related to the meeting - - name: old_meeting.settings.mute_upon_entry - type: boolean - description: > - Settings related to the meeting - - name: old_meeting.settings.audio - type: keyword - description: > - Settings related to the meeting - - name: old_meeting.settings.auto_recording - type: keyword - description: > - Settings related to the meeting - - name: old_meeting.settings.use_pmi - type: boolean - description: > - Settings related to the meeting - - name: old_meeting.settings.auto_recording - type: keyword - description: > - Settings related to the meeting - - name: old_meeting.settings.waiting_room - type: boolean + type: long description: > - Settings related to the meeting - - name: old_meeting.settings.watermark - type: boolean + Seconds the meeting has been active + - name: meeting.issues + type: long description: > - Settings related to the meeting - - name: old_meeting.settings.enforce_login - type: boolean + Issue message if an alert is triggered on the meeting + - name: meeting.password + type: keyword description: > - Settings related to the meeting + Password related to the meeting - name: phone.ringing_start_time type: date description: > @@ -1166,6 +213,10 @@ type: keyword description: > UserID of the callee related to the voicemail + - name: callee_extension_type + type: keyword + description: > + UserID of the callee related to the voicemail - name: phone.caller.user_id type: keyword description: > @@ -1186,7 +237,7 @@ type: keyword description: > Device type used by the caller - - name: phone.callee_user_id + - name: phone.callee_id type: keyword description: > UserID of the person that is called @@ -1258,79 +309,6 @@ type: long description: > Email address of the host related to the meeting - - - name: recording.registrant.id - type: keyword - description: > - Information about the person that registers to the meeting - - name: recording.registrant.email - type: keyword - description: > - Information about the person that registers to the meeting - - name: recording.registrant.first_name - type: keyword - description: > - Information about the person that registers to the meeting - - name: recording.registrant.last_name - type: keyword - description: > - Information about the person that registers to the meeting - - name: recording.registrant.address - type: keyword - description: > - Information about the person that registers to the meeting - - name: recording.registrant.city - type: keyword - description: > - Information about the person that registers to the meeting - - name: recording.registrant.country - type: keyword - description: > - Information about the person that registers to the meeting - - name: recording.registrant.zip - type: keyword - description: > - Information about the person that registers to the meeting - - name: recording.registrant.state - type: keyword - description: > - Information about the person that registers to the meeting - - name: recording.registrant.phone - type: keyword - description: > - Information about the person that registers to the meeting - - name: recording.registrant.industry - type: keyword - description: > - Information about the person that registers to the meeting - - name: recording.registrant.org - type: keyword - description: > - Information about the person that registers to the meeting - - name: recording.registrant.job_title - type: keyword - description: > - Information about the person that registers to the meeting - - name: recording.registrant.purchasing_time_frame - type: keyword - description: > - Information about the person that registers to the meeting - - name: recording.registrant.role_in_purchase_process - type: keyword - description: > - Information about the person that registers to the meeting - - name: recording.registrant.no_of_employees - type: keyword - description: > - Information about the person that registers to the meeting - - name: recording.registrant.comments - type: keyword - description: > - Information about the person that registers to the meeting - - name: recording.registrant.join_url - type: keyword - description: > - Information about the person that registers to the meeting - name: user.id type: keyword description: > @@ -1399,118 +377,26 @@ type: keyword description: > The configured departement for the user - - name: user.settings.meeting_capacity - type: long - description: > - Maximum capacity for the user - - name: user.settings.large_meeting - type: boolean - description: > - If large meeting plan is enabled for the user - name: user.presence_status type: keyword description: > Current presence status of user - - name: user.personal_note + - name: user.personal_notes type: keyword description: > Personal notes for the User - name: user.date_time type: date description: > - Time when user logged in/out - - name: old_user.id - type: keyword - description: > - UserID related to the user event - - name: old_user.first_name - type: keyword - description: > - User first name related to the user event - - name: old_user.last_name - type: keyword - description: > - User last name related to the user event - - name: old_user.email - type: keyword - description: > - User email related to the user event - - name: old_user.type - type: keyword - description: > - User type related to the user event - - name: old_user.phone_number - type: keyword - description: > - Phone number related to the user - - name: old_user.phone_country - type: keyword - description: > - Country code related to the phone number - - name: old_user.company - type: keyword - description: > - User Company - - name: old_user.pmi - type: keyword - description: > - User personal meeting ID - - name: old_user.use_pmi - type: boolean - description: > - If use PMI is enabled - - name: old_user.pic_url - type: keyword - description: > - URL to the profile picture - - name: old_user.vanity_name - type: keyword - description: > - Name of the related users personal meeting room - - name: old_user.timezone - type: keyword - description: > - Timezone configured for the user - - name: old_user.language - type: keyword - description: > - Language settings for the user - - name: old_user.host_key - type: keyword - description: > - Host key set for the user - - name: old_user.role - type: keyword - description: > - The configured role for the user - - name: old_user.dept - type: keyword - description: > - The configured departement for the user - - name: old_user.settings.meeting_capacity - type: long - description: > - Maximum capacity for the user - - name: old_user.settings.large_meeting - type: boolean - description: > - If large meeting plan is enabled for the user - - name: old_user.presence_status - type: keyword - description: > - Current presence status of user - - name: old_user.personal_note - type: keyword - description: > - Personal notes for the User - - name: old_user.date_time - type: date - description: > - Time when user logged in/out + Time when user logged in/ou - name: webinar.id type: keyword description: > Unique ID for the webinar + - name: webinar.join_url + type: keyword + description: > + Join URL for the webinar - name: webinar.uuid type: keyword description: > @@ -1550,248 +436,176 @@ - name: webinar.issues type: keyword description: > - Related issues to the webinar - - name: webinar.settings.host_video - type: keyword - description: > - Related webinar settings - - name: webinar.settings.panelists_video - type: keyword - description: > - Related webinar settings - - name: webinar.settings.practice_session - type: keyword - description: > - Related webinar settings - - name: webinar.settings.approval_type - type: keyword - description: > - Related webinar settings - - name: webinar.settings.registration_type - type: keyword - description: > - Related webinar settings - - name: webinar.settings.audio - type: keyword - description: > - Related webinar settings - - name: webinar.settings.auto_recording - type: keyword - description: > - Related webinar settings - - name: webinar.settings.enforce_login - type: keyword - description: > - Related webinar settings - - name: old_webinar.id - type: keyword - description: > - Unique ID for the webinar - - name: old_webinar.uuid - type: keyword - description: > - UUID for the webinar - - name: old_webinar.host_id - type: keyword - description: > - UserID of the host of the webinar - - name: old_webinar.topic + Related issues to the webina + - name: zoomroom.id type: keyword description: > - Topic of the webinar - - name: old_webinar.type + ID of the Zoom room + - name: zoomroom.room_name type: keyword description: > - Type of webinar created - - name: old_webinar.start_time - type: date - description: > - Start time of the webinar - - name: old_webinar.timezone + Name of the Zoom room + - name: zoomroom.calendar_name type: keyword description: > - Timezone of the webinar - - name: old_webinar.duration - type: long - description: > - Duration of the webinar - - name: old_webinar.agenda + Calendar name of the Zoom room + - name: zoomroom.calendar_id type: keyword description: > - Agenda of the webinar - - name: old_webinar.password + Calendar ID of the Zoom room + - name: zoomroom.event_id type: keyword description: > - Password for the webinar - - name: old_webinar.settings.host_video + Event ID of the Zoom room + - name: zoomroom.change_key type: keyword description: > - Related webinar settings - - name: old_webinar.settings.panelists_video + Change key of the Zoom room + - name: zoomroom.resource_email type: keyword description: > - Related webinar settings - - name: old_webinar.settings.practice_session + Resource email address related to the Zoom room + - name: zoomroom.email type: keyword description: > - Related webinar settings - - name: old_webinar.settings.approval_type + Email related to the Zoom room + - name: zoomroom.issue type: keyword description: > - Related webinar settings - - name: old_webinar.settings.registration_type + Related issue message to the Zoom room + - name: zoomroom.alert_type type: keyword description: > - Related webinar settings - - name: old_webinar.settings.audio + Zoom room alert type + - name: zoomroom.component type: keyword description: > - Related webinar settings - - name: old_webinar.settings.auto_recording + Zoom room component + - name: zoomroom.alert_kind type: keyword description: > - Related webinar settings - - name: old_webinar.settings.enforce_login + Alert kind related to the Zoom room + - name: registrant.id type: keyword description: > - Related webinar settings - - name: webinar.registrant.id + Information about the person that registers to the meeting + - name: registrant.status type: keyword description: > - Information about the person that registers to the webinar - - name: webinar.registrant.email + Registrant status + - name: registrant.email type: keyword description: > - Information about the person that registers to the webinar - - name: webinar.registrant.first_name + Information about the person that registers to the meeting + - name: registrant.first_name type: keyword description: > - Information about the person that registers to the webinar - - name: webinar.registrant.last_name + Information about the person that registers to the meeting + - name: registrant.last_name type: keyword description: > - Information about the person that registers to the webinar - - name: webinar.registrant.address + Information about the person that registers to the meeting + - name: registrant.address type: keyword description: > - Information about the person that registers to the webinar - - name: webinar.registrant.city + Information about the person that registers to the meeting + - name: registrant.city type: keyword description: > - Information about the person that registers to the webinar - - name: webinar.registrant.country + Information about the person that registers to the meeting + - name: registrant.country type: keyword description: > - Information about the person that registers to the webinar - - name: webinar.registrant.zip + Information about the person that registers to the meeting + - name: registrant.zip type: keyword description: > - Information about the person that registers to the webinar - - name: webinar.registrant.state + Information about the person that registers to the meeting + - name: registrant.state type: keyword description: > - Information about the person that registers to the webinar - - name: webinar.registrant.phone + Information about the person that registers to the meeting + - name: registrant.phone type: keyword description: > - Information about the person that registers to the webinar - - name: webinar.registrant.industry + Information about the person that registers to the meeting + - name: registrant.industry type: keyword description: > - Information about the person that registers to the webinar - - name: webinar.registrant.org + Information about the person that registers to the meeting + - name: registrant.org type: keyword description: > - Information about the person that registers to the webinar - - name: webinar.registrant.job_title + Information about the person that registers to the meeting + - name: registrant.job_title type: keyword description: > - Information about the person that registers to the webinar - - name: webinar.registrant.purchasing_time_frame + Information about the person that registers to the meeting + - name: registrant.purchasing_time_frame type: keyword description: > - Information about the person that registers to the webinar - - name: webinar.registrant.role_in_purchase_process + Information about the person that registers to the meeting + - name: registrant.role_in_purchase_process type: keyword description: > - Information about the person that registers to the webinar - - name: webinar.registrant.no_of_employees + Information about the person that registers to the meeting + - name: registrant.no_of_employees type: keyword description: > - Information about the person that registers to the webinar - - name: webinar.registrant.comments + Information about the person that registers to the meeting + - name: registrant.comments type: keyword description: > - Information about the person that registers to the webinar - - name: webinar.registrant.join_url + Information about the person that registers to the meeting + - name: registrant.join_url type: keyword description: > - Information about the person that registers to the webinar - - name: webinar.participant.id + Information about the person that registers to the meeting + - name: participant.id type: keyword description: > - Webinar ID of the related meeting - - name: webinar.participant.user_id + Meeting ID of the related meeting + - name: participant.user_id type: keyword description: > UserID of the participant trigger the sharing event - - name: webinar.participant.user_name + - name: participant.user_name type: keyword description: > User name of the participant trigger the sharing event - - name: webinar.participant.join_time + - name: participant.join_time type: date description: > The time the participant joined the related meeting - - name: webinar.participant.leave_time + - name: participant.leave_time type: date description: > The time the participant left the related meeting - - name: zoomroom.id - type: keyword - description: > - ID of the Zoom room - - name: zoomroom.room_name - type: keyword - description: > - Name of the Zoom room - - name: zoomroom.calendar_name - type: keyword - description: > - Calendar name of the Zoom room - - name: zoomroom.calendar_id - type: keyword - description: > - Calendar ID of the Zoom room - - name: zoomroom.event_id - type: keyword - description: > - Event ID of the Zoom room - - name: zoomroom.change_key + - name: participant.sharing_details.link_source type: keyword description: > - Change key of the Zoom room - - name: zoomroom.resource_email + Method of sharing with dropbox integration + - name: participant.sharing_details.content type: keyword description: > - Resource email address related to the Zoom room - - name: zoomroom.email + Type of content that was shared + - name: participant.sharing_details.file_link type: keyword description: > - Email related to the Zoom room - - name: zoomroom.issue + The file link that was shared + - name: participant.sharing_details.date_time type: keyword description: > - Related issue message to the Zoom room - - name: zoomroom.alert_type + Timestamp the sharing started + - name: participant.sharing_details.source type: keyword description: > - Zoom room alert type - - name: zoomroom.component - type: keyword + The file source that was share + - name: old_values + type: flattened description: > - Zoom room component - - name: zoomroom.alert_kind - type: keyword + test + - name: settings + type: flattened description: > - Alert kind related to the Zoom room + test diff --git a/x-pack/filebeat/module/zoom/webhook/config/webhook.yml b/x-pack/filebeat/module/zoom/webhook/config/webhook.yml index 6e5f08008b4..fa37f5cd925 100644 --- a/x-pack/filebeat/module/zoom/webhook/config/webhook.yml +++ b/x-pack/filebeat/module/zoom/webhook/config/webhook.yml @@ -3,9 +3,6 @@ type: http_endpoint listen_address: {{ .listen_address }} listen_port: {{ .listen_port }} -response_code: {{ .response_code }} -response_body: {{ .response_body }} -url: {{ .url }} prefix: {{ .prefix }} basic_auth: {{ .basic_auth }} username: {{ .username }} @@ -27,6 +24,9 @@ tags: {{.tags | tojson}} publisher_pipeline.disable_host: {{ inList .tags "forwarded" }} processors: + - decode_json_fields: + fields: [message] + target: zoom - add_locale: ~ - add_fields: target: '' diff --git a/x-pack/filebeat/module/zoom/webhook/ingest/account.yml b/x-pack/filebeat/module/zoom/webhook/ingest/account.yml index cc91a441ea7..75b460423ff 100644 --- a/x-pack/filebeat/module/zoom/webhook/ingest/account.yml +++ b/x-pack/filebeat/module/zoom/webhook/ingest/account.yml @@ -25,11 +25,7 @@ processors: - rename: field: zoom.object target_field: zoom.account - if: ctx?.event?.action != 'account.created' -- rename: - field: zoom.old_object - target_field: zoom.old_account - if: ctx?.event?.action != 'account.created' + ignore_missing: true - append: field: related.user value: "{{zoom.account.owner_id}}" diff --git a/x-pack/filebeat/module/zoom/webhook/ingest/meeting.yml b/x-pack/filebeat/module/zoom/webhook/ingest/meeting.yml index 048fb359017..056c47ef088 100644 --- a/x-pack/filebeat/module/zoom/webhook/ingest/meeting.yml +++ b/x-pack/filebeat/module/zoom/webhook/ingest/meeting.yml @@ -3,15 +3,15 @@ processors: - append: field: event.type value: info - if: ctx?.event?.action != meeting.alert + if: ctx?.event?.action != 'meeting.alert' - append: field: event.type value: error - if: ctx?.event?.action == meeting.alert + if: ctx?.event?.action == 'meeting.alert' - append: field: event.type value: allowed - if: ctx?.event?.action == meeting.registration_approved + if: ctx?.event?.action == 'meeting.registration_approved' - append: field: event.type value: creation @@ -36,10 +36,6 @@ processors: field: zoom.object target_field: zoom.meeting ignore_missing: true -- rename: - field: zoom.old_object - target_field: zoom.old_meeting - ignore_missing: true - append: field: related.user value: "{{zoom.meeting.host_id}}" diff --git a/x-pack/filebeat/module/zoom/webhook/ingest/pipeline.yml b/x-pack/filebeat/module/zoom/webhook/ingest/pipeline.yml index 71202ea9a3e..3e4ac68d9dc 100644 --- a/x-pack/filebeat/module/zoom/webhook/ingest/pipeline.yml +++ b/x-pack/filebeat/module/zoom/webhook/ingest/pipeline.yml @@ -16,13 +16,26 @@ processors: - rename: field: zoom.payload target_field: _temp_.payload - ignore_missing: true - remove: field: zoom - ignore_missing: true - rename: field: _temp_.payload target_field: zoom +- rename: + field: zoom.old_object + target_field: zoom.old_values + ignore_missing: true +- rename: + field: zoom.object.participant + target_field: zoom.participant + ignore_missing: true +- rename: + field: zoom.object.settings + target_field: zoom.settings + ignore_missing: true +- rename: + field: zoom.object.registrant + target_field: zoom.registrant ignore_missing: true - append: field: related.user @@ -31,18 +44,23 @@ processors: # Removing some fields that have complex nested arrays that might impact performance - remove: field: + - message + - _temp_ - zoom.object.occurences - zoom.old_object.occurences - zoom.object.recurrence - zoom.old_object.recurrence - zoom.object.managed_domains - zoom.old_object.managed_domains + - zoom.registrant.custom_questions - zoom.object.registrant.custom_questions - zoom.old_object.registrant.custom_questions - zoom.object.call_logs - zoom.old_object.call_logs - zoom.object.recording_file - zoom.old_object.recording_file + - zoom.object.recording_files + - zoom.old_object.recording_files ignore_missing: true - pipeline: name: '{< IngestPipeline "meeting" >}' @@ -55,7 +73,7 @@ processors: if: "ctx?.event?.action.startsWith('chat_message')" - pipeline: name: '{< IngestPipeline "chat_channel" >}' - if: "ctx?.event?.action.startsWith('chat_message')" + if: "ctx?.event?.action.startsWith('chat_channel')" - pipeline: name: '{< IngestPipeline "phone" >}' if: "ctx?.event?.action.startsWith('phone')" diff --git a/x-pack/filebeat/module/zoom/webhook/ingest/recording.yml b/x-pack/filebeat/module/zoom/webhook/ingest/recording.yml index 34c42f948af..14fb2c4a4c6 100644 --- a/x-pack/filebeat/module/zoom/webhook/ingest/recording.yml +++ b/x-pack/filebeat/module/zoom/webhook/ingest/recording.yml @@ -6,15 +6,15 @@ processors: - append: field: event.type value: creation - if: "ctx?.event?.action == recording.registration_created" + if: ctx?.event?.action == 'recording.registration_created' - append: field: event.type value: allowed - if: "ctx?.event?.action == recording.registration_approved" + if: ctx?.event?.action == 'recording.registration_approved' - append: field: event.type value: denied - if: "ctx?.event?.action == recording.registration_denied" + if: ctx?.event?.action == 'recording.registration_denied' - append: field: event.type value: deletion @@ -26,7 +26,7 @@ processors: - append: field: event.type value: start - if: "ctx?.event?.action == recording.started" + if: ctx?.event?.action == 'recording.started' - append: field: event.type value: end @@ -35,10 +35,6 @@ processors: field: zoom.object target_field: zoom.recording ignore_missing: true -- rename: - field: zoom.old_object - target_field: zoom.old_recording - ignore_missing: true - append: field: related.user value: "{{zoom.recording.host_id}}" diff --git a/x-pack/filebeat/module/zoom/webhook/ingest/user.yml b/x-pack/filebeat/module/zoom/webhook/ingest/user.yml index b458ba53274..5beafb3cfea 100644 --- a/x-pack/filebeat/module/zoom/webhook/ingest/user.yml +++ b/x-pack/filebeat/module/zoom/webhook/ingest/user.yml @@ -6,7 +6,7 @@ processors: - append: field: event.type value: creation - if: ctx?.event?.action != user.created + if: ctx?.event?.action != 'user.created' - append: field: event.type value: deletion @@ -27,10 +27,6 @@ processors: field: zoom.object target_field: zoom.user ignore_missing: true -- rename: - field: zoom.old_object - target_field: zoom.old_user - ignore_missing: true - append: field: related.user value: "{{zoom.user.id}}" diff --git a/x-pack/filebeat/module/zoom/webhook/ingest/webinar.yml b/x-pack/filebeat/module/zoom/webhook/ingest/webinar.yml index 8e4e10ae607..b6a78331c58 100644 --- a/x-pack/filebeat/module/zoom/webhook/ingest/webinar.yml +++ b/x-pack/filebeat/module/zoom/webhook/ingest/webinar.yml @@ -40,10 +40,6 @@ processors: field: zoom.object target_field: zoom.webinar ignore_missing: true -- rename: - field: zoom.old_object - target_field: zoom.old_webinar - ignore_missing: true - append: field: related.user value: "{{zoom.webinar.host_id}}" diff --git a/x-pack/filebeat/module/zoom/webhook/manifest.yml b/x-pack/filebeat/module/zoom/webhook/manifest.yml index 8f2318b20e0..9089d1e3ecb 100644 --- a/x-pack/filebeat/module/zoom/webhook/manifest.yml +++ b/x-pack/filebeat/module/zoom/webhook/manifest.yml @@ -10,11 +10,8 @@ var: - name: content_type default: "" - name: response_code - default: 200 - name: response_body - default: '{"message": "success"}' - name: url - default: / - name: prefix default: zoom - name: basic_auth @@ -28,12 +25,12 @@ var: default: [zoom-webhook, forwarded] ingest_pipeline: + - ingest/pipeline.yml - ingest/account.yml - ingest/chat_channel.yml - ingest/chat_message.yml - ingest/meeting.yml - ingest/phone.yml - - ingest/pipeline.yml - ingest/recording.yml - ingest/user.yml - ingest/webinar.yml diff --git a/x-pack/filebeat/module/zoom/webhook/test/account.ndjson.log b/x-pack/filebeat/module/zoom/webhook/test/account.ndjson.log new file mode 100644 index 00000000000..b71f418e22c --- /dev/null +++ b/x-pack/filebeat/module/zoom/webhook/test/account.ndjson.log @@ -0,0 +1,3 @@ +{"event":"account.created","payload":{"account_id":"lq8KK_EoRCq6ByEyA73qCA","operator":"youramazingemailhere@somemail.com","operator_id":"uLohghhRgfgrbTayCX6r2Q_qQsQ","object":{"id":"aIxE1yiRR8WghhUIO6eu9L","owner_id":"e2ZHO5RSGqyfrmFnElxw","owner_email":"thesubaccountowneremail@somemail.com"}}} +{"event":"account.updated","payload":{"account_id":"abKKcd_IGRCq63yEy673lCA","operator":"theoperatoremail@someemail.com","operator_id":"iKoRgfbaTazDX6r2Q_eQsQL","object":{"id":"eFs_EGRCq6ByEyA73qCA","account_name":"Michael Harris","account_alias":"MH"},"old_object":{"id":"eFs_EGRCq6ByEyA73qCA","account_name":"Mike Harris","account_alias":""},"time_stamp":1562000584527}} +{"event":"account.disassociated","payload":{"account_id":"aBcd_dgfoeq6ByEyA73qCA","operator":"youremail@someemail.com","operator_id":"gdjfdhjLsuhfvhjd","object":{"id":"LdjkfxE1yiRR8Wdfggeu9LfBQ","owner_id":"eZbcHO5RSGqyKAUmFnElxw","owner_email":"theowneremail@someemail.com"}}} diff --git a/x-pack/filebeat/module/zoom/webhook/test/account.ndjson.log-expected.json b/x-pack/filebeat/module/zoom/webhook/test/account.ndjson.log-expected.json new file mode 100644 index 00000000000..4d751f142db --- /dev/null +++ b/x-pack/filebeat/module/zoom/webhook/test/account.ndjson.log-expected.json @@ -0,0 +1,116 @@ +[ + { + "@timestamp": "2020-08-04T15:28:13.299Z", + "event.action": "account.created", + "event.category": [ + "iam" + ], + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "user", + "creation" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 0, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "", + "e2ZHO5RSGqyfrmFnElxw" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "zoom.account.owner_email": "thesubaccountowneremail@somemail.com", + "zoom.account.owner_id": "e2ZHO5RSGqyfrmFnElxw", + "zoom.master_account_id": "lq8KK_EoRCq6ByEyA73qCA", + "zoom.operator": "youramazingemailhere@somemail.com", + "zoom.operator_id": "uLohghhRgfgrbTayCX6r2Q_qQsQ", + "zoom.sub_account_id": "aIxE1yiRR8WghhUIO6eu9L" + }, + { + "@timestamp": "2020-08-04T15:28:13.300Z", + "event.action": "account.updated", + "event.category": [ + "iam" + ], + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "user", + "change" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 297, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "zoom.account.account_alias": "MH", + "zoom.account.account_name": "Michael Harris", + "zoom.master_account_id": "abKKcd_IGRCq63yEy673lCA", + "zoom.old_values.account_alias": "", + "zoom.old_values.account_name": "Mike Harris", + "zoom.old_values.id": "eFs_EGRCq6ByEyA73qCA", + "zoom.operator": "theoperatoremail@someemail.com", + "zoom.operator_id": "iKoRgfbaTazDX6r2Q_eQsQL", + "zoom.sub_account_id": "eFs_EGRCq6ByEyA73qCA", + "zoom.time_stamp": 1562000584527 + }, + { + "@timestamp": "2020-08-04T15:28:13.300Z", + "event.action": "account.disassociated", + "event.category": [ + "iam" + ], + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "user", + "change" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 670, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "", + "eZbcHO5RSGqyKAUmFnElxw" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "zoom.account.owner_email": "theowneremail@someemail.com", + "zoom.account.owner_id": "eZbcHO5RSGqyKAUmFnElxw", + "zoom.master_account_id": "aBcd_dgfoeq6ByEyA73qCA", + "zoom.operator": "youremail@someemail.com", + "zoom.operator_id": "gdjfdhjLsuhfvhjd", + "zoom.sub_account_id": "LdjkfxE1yiRR8Wdfggeu9LfBQ" + } +] \ No newline at end of file diff --git a/x-pack/filebeat/module/zoom/webhook/test/chat_channel.ndjson.log b/x-pack/filebeat/module/zoom/webhook/test/chat_channel.ndjson.log new file mode 100644 index 00000000000..3da7af8f760 --- /dev/null +++ b/x-pack/filebeat/module/zoom/webhook/test/chat_channel.ndjson.log @@ -0,0 +1,6 @@ +{"event":"chat_channel.created","payload":{"account_id":"vbbvnvAdsfe","operator":"somememai@gmtsffjdfhail.com","operator_id":"z8dfgdfguQrdfgdf","object":{"name":"Delivering Happiness","id":"6dfgdfgdg444447b0egga","type":1,"date_time":"2020-02-10T21:39:50Z","timestamp":1581370790388,"members":[{"id":"z8dfgdfguQrdfgdf","display_name":"Maya Jung"},{"id":"sdfdsfdsKIrrCYw","display_name":"Matt Yank"}]}}} +{"event":"chat_channel.updated","payload":{"account_id":"vbbvnvAdsfe","operator":"somememai@gmtsffjdfhail.com","operator_id":"z8dfgdfguQrdfgdf","object":{"name":"Building Happy","id":"6dfgdfgdg444447b0egga","type":1,"date_time":"2020-02-10T21:59:05Z","timestamp":1581371945584}}} +{"event":"chat_channel.deleted","payload":{"account_id":"vbbvnvAdsfe","operator":"somememai@gmtsffjdfhail.com","operator_id":"z8dfgdfguQrdfgdf","object":{"name":"Building Happy","id":"6dfgdfgdg444447b0egga","type":1,"date_time":"2020-02-10T21:59:05Z","timestamp":1581371945584}}} +{"event":"chat_channel.member_invited","payload":{"account_id":"vbbvnvAdsfe","operator":"somememai@gmtsffjdfhail.com","operator_id":"z8dfgdfguQrdfgdf","object":{"name":"Delivering Happiness","id":"6dfgdfgdg444447b0egga","type":1,"date_time":"2020-02-10T21:39:50Z","timestamp":1581370790388,"members":[{"id":"s0hhFOCYw","display_name":"Matt Y"}]}}} +{"event":"chat_channel.member_joined","payload":{"account_id":"vbbvnvAdsfe","operator":"somememai@gmtsffjdfhail.com","operator_id":"z8dfgdfguQrdfgdf","object":{"name":"Delivering Happiness","id":"6dfgdfgdg444447b0egga","type":1,"date_time":"2020-02-10T21:39:50Z","timestamp":1581370790388}}} +{"event":"chat_channel.member_left","payload":{"account_id":"vbbvnvAdsfe","operator":"somememai@gmtsffjdfhail.com","operator_id":"z8dfgdfguQrdfgdf","object":{"name":"Delivering Happiness","id":"6dfgdfgdg444447b0egga","type":1,"date_time":"2020-02-10T21:39:50Z","timestamp":1581370790388}}} diff --git a/x-pack/filebeat/module/zoom/webhook/test/chat_channel.ndjson.log-expected.json b/x-pack/filebeat/module/zoom/webhook/test/chat_channel.ndjson.log-expected.json new file mode 100644 index 00000000000..05bfc663365 --- /dev/null +++ b/x-pack/filebeat/module/zoom/webhook/test/chat_channel.ndjson.log-expected.json @@ -0,0 +1,73 @@ +[ + { + "@timestamp": "2020-08-04T15:28:17.746Z", + "event.action": "chat_channel.created", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "creation" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 0, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "", + "z8dfgdfguQrdfgdf", + "sdfdsfdsKIrrCYw" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "zoom.account_id": "vbbvnvAdsfe", + "zoom.chat_channel.date_time": "2020-02-10T21:39:50Z", + "zoom.chat_channel.id": "6dfgdfgdg444447b0egga", + "zoom.chat_channel.name": "Delivering Happiness", + "zoom.chat_channel.timestamp": 1581370790388, + "zoom.chat_channel.type": 1, + "zoom.operator": "somememai@gmtsffjdfhail.com", + "zoom.operator_id": "z8dfgdfguQrdfgdf" + }, + { + "@timestamp": "2020-08-04T15:28:17.746Z", + "event.action": "chat_channel.member_invited", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "user" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 963, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "", + "s0hhFOCYw" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "zoom.account_id": "vbbvnvAdsfe", + "zoom.chat_channel.date_time": "2020-02-10T21:39:50Z", + "zoom.chat_channel.id": "6dfgdfgdg444447b0egga", + "zoom.chat_channel.name": "Delivering Happiness", + "zoom.chat_channel.timestamp": 1581370790388, + "zoom.chat_channel.type": 1, + "zoom.operator": "somememai@gmtsffjdfhail.com", + "zoom.operator_id": "z8dfgdfguQrdfgdf" + } +] \ No newline at end of file diff --git a/x-pack/filebeat/module/zoom/webhook/test/chat_message.ndjson.log b/x-pack/filebeat/module/zoom/webhook/test/chat_message.ndjson.log new file mode 100644 index 00000000000..45c38b08004 --- /dev/null +++ b/x-pack/filebeat/module/zoom/webhook/test/chat_message.ndjson.log @@ -0,0 +1,3 @@ +{"event":"chat_message.sent","payload":{"account_id":"EPsdvdsgfdgxHMA","operator":"someoperatoremail@somekindofmailservice123.com","operator_id":"zfdgdfgdfgfp8uQ","object":{"channel_name":"AlwaysBeCodingChannel","date_time":"2020-02-11T22:02:11Z","session_id":"fcffdgfgffghfghgfhghgb10","id":"EwwwwA-87F4-222222-8CD9-FA00000E6B9","type":"to_channel","message":"asd","channel_id":"fsdgdgdgdfgdfgdfgdfgb10","timestamp":1581458531930}}} +{"event":"chat_message.updated","payload":{"account_id":"EPsdvdsgfdgxHMA","operator":"someoperatoremail@somekindofmailservice123.com","operator_id":"zfdgdfgdfgfp8uQ","object":{"channel_name":"AlwaysBeCodingChannel","date_time":"2020-02-11T22:02:11Z","session_id":"fcffdgfgffghfghgfhghgb10","id":"Ell123-87F4-222222-8CD9-FA00000E6B9","type":"to_channel","message":"gfd","channel_id":"fsdgdgdgdfgdfgdfgdfgb10","timestamp":1581462008594}}} +{"event":"chat_message.updated","payload":{"account_id":"EPsdvdsgfdgxHMA","operator":"someoperatoremail@somekindofmailservice123.com","operator_id":"zfdgdfgdfgfp8uQ","object":{"channel_name":"AlwaysBeCodingChannel","date_time":"2020-02-11T22:02:11Z","session_id":"fcffdgfgffghfghgfhghgb10","id":"Ell123-87F4-222222-8CD9-FA00000E6B9","type":"to_channel","message":null,"channel_id":"fsdgdgdgdfgdfgdfgdfgb10","timestamp":1581462008594}}} diff --git a/x-pack/filebeat/module/zoom/webhook/test/chat_message.ndjson.log-expected.json b/x-pack/filebeat/module/zoom/webhook/test/chat_message.ndjson.log-expected.json new file mode 100644 index 00000000000..a9dac48d644 --- /dev/null +++ b/x-pack/filebeat/module/zoom/webhook/test/chat_message.ndjson.log-expected.json @@ -0,0 +1,116 @@ +[ + { + "@timestamp": "2020-08-04T15:28:00.912Z", + "event.action": "chat_message.sent", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "info", + "creation" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 0, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "zoom.account_id": "EPsdvdsgfdgxHMA", + "zoom.chat_message.channel_id": "fsdgdgdgdfgdfgdfgdfgb10", + "zoom.chat_message.channel_name": "AlwaysBeCodingChannel", + "zoom.chat_message.date_time": "2020-02-11T22:02:11Z", + "zoom.chat_message.id": "EwwwwA-87F4-222222-8CD9-FA00000E6B9", + "zoom.chat_message.message": "asd", + "zoom.chat_message.session_id": "fcffdgfgffghfghgfhghgb10", + "zoom.chat_message.timestamp": 1581458531930, + "zoom.chat_message.type": "to_channel", + "zoom.operator": "someoperatoremail@somekindofmailservice123.com", + "zoom.operator_id": "zfdgdfgdfgfp8uQ" + }, + { + "@timestamp": "2020-08-04T15:28:00.912Z", + "event.action": "chat_message.updated", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "info", + "change" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 434, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "zoom.account_id": "EPsdvdsgfdgxHMA", + "zoom.chat_message.channel_id": "fsdgdgdgdfgdfgdfgdfgb10", + "zoom.chat_message.channel_name": "AlwaysBeCodingChannel", + "zoom.chat_message.date_time": "2020-02-11T22:02:11Z", + "zoom.chat_message.id": "Ell123-87F4-222222-8CD9-FA00000E6B9", + "zoom.chat_message.message": "gfd", + "zoom.chat_message.session_id": "fcffdgfgffghfghgfhghgb10", + "zoom.chat_message.timestamp": 1581462008594, + "zoom.chat_message.type": "to_channel", + "zoom.operator": "someoperatoremail@somekindofmailservice123.com", + "zoom.operator_id": "zfdgdfgdfgfp8uQ" + }, + { + "@timestamp": "2020-08-04T15:28:00.912Z", + "event.action": "chat_message.updated", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "info", + "change" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 871, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "zoom.account_id": "EPsdvdsgfdgxHMA", + "zoom.chat_message.channel_id": "fsdgdgdgdfgdfgdfgdfgb10", + "zoom.chat_message.channel_name": "AlwaysBeCodingChannel", + "zoom.chat_message.date_time": "2020-02-11T22:02:11Z", + "zoom.chat_message.id": "Ell123-87F4-222222-8CD9-FA00000E6B9", + "zoom.chat_message.message": null, + "zoom.chat_message.session_id": "fcffdgfgffghfghgfhghgb10", + "zoom.chat_message.timestamp": 1581462008594, + "zoom.chat_message.type": "to_channel", + "zoom.operator": "someoperatoremail@somekindofmailservice123.com", + "zoom.operator_id": "zfdgdfgdfgfp8uQ" + } +] \ No newline at end of file diff --git a/x-pack/filebeat/module/zoom/webhook/test/meeting.ndjson.log b/x-pack/filebeat/module/zoom/webhook/test/meeting.ndjson.log new file mode 100644 index 00000000000..5215e857972 --- /dev/null +++ b/x-pack/filebeat/module/zoom/webhook/test/meeting.ndjson.log @@ -0,0 +1,15 @@ +{"event":"meeting.alert","payload":{"object":{"duration":60,"start_time":"2019-07-16T17:14:39Z","timezone":"America/Los_Angeles","topic":"My Meeting","id":"6962400003","type":2,"uuid":"4118UHIiRCAAAtBlDkcVyw==","host_id":"z8yCxTTTTSiw02QgCAp8uQ","issues":"Unstable audio quality"}},"account_id":"EPeQtiABC000VYxHMA"} +{"event":"meeting.created","payload":{"account_id":"o8KK_AAACq6BBEyA70CA","operator":"someemail@email.com","operator_id":"uLoRgfbbTayCX6r2Q_qQsQ","object":{"uuid":"czLF6FFFoQOKgAB99DlDb9g==","id":111111111,"host_id":"uLoRgfbbTayCX6r2Q_qQsQ","topic":"My Meeting","type":2,"start_time":"2019-07-09T17:00:00Z","duration":60,"timezone":"America/Los_Angeles"}}} +{"event":"meeting.updated","payload":{"account_id":"AAAAAAAAAAA","operator":"someemail@email.com","operator_id":"BBBBBBBBBB","object":{"id":155184668,"type":2,"start_time":"2019-07-11T20:00:00Z","duration":120,"join_url":"https://zoom.us/j/00000000","settings":{"participant_video":false,"join_before_host":false,"use_pmi":true}},"old_object":{"id":155184668,"type":8,"join_url":"https://zoom.us/j/00000000","occurrences":[{"occurrence_id":"1562875200000","start_time":"2019-07-11T20:00:00Z","duration":120,"status":"available"},{"occurrence_id":"1563480000000","start_time":"2019-07-18T20:00:00Z","duration":120,"status":"available"},{"occurrence_id":"1564084800000","start_time":"2019-07-25T20:00:00Z","duration":120,"status":"available"},{"occurrence_id":"1564689600000","start_time":"2019-08-01T20:00:00Z","duration":120,"status":"available"},{"occurrence_id":"1565294400000","start_time":"2019-08-08T20:00:00Z","duration":120,"status":"available"},{"occurrence_id":"1565899200000","start_time":"2019-08-15T20:00:00Z","duration":120,"status":"available"},{"occurrence_id":"1566504000000","start_time":"2019-08-22T20:00:00Z","duration":120,"status":"available"}],"settings":{"participant_video":true,"join_before_host":true,"use_pmi":false},"recurrence":{"type":2,"repeat_interval":1,"weekly_days":"5","end_date_time":"2019-08-23T06:59:00Z"}},"time_stamp":1562791953209}} +{"event":"meeting.deleted","payload":{"account_id":"AAAAAAAAAA","operator":"someemail@email.com","operator_id":"BBBBBBBBBB","object":{"uuid":"KJpz1gbpTC8ke68xXmQa0==","id":809321987,"host_id":"BBBBBBBBBB","topic":"My Meeting","type":2,"start_time":"2019-07-09T17:00:00Z","duration":60,"timezone":"America/Los_Angeles"}}} +{"event":"meeting.started","payload":{"account_id":"o8KK_AAACq6BBEyA70CA","object":{"uuid":"czLF6FFFoQOKgAB99DlDb9g==","id":"111111111","host_id":"uLoRgfbbTayCX6r2Q_qQsQ","topic":"My Meeting","type":2,"start_time":"2019-07-09T17:00:00Z","duration":60,"timezone":"America/Los_Angeles"}}} +{"event":"meeting.ended","payload":{"account_id":"o8KK_AAACq6BBEyA70CA","object":{"uuid":"czLF6FFFoQOKgAB99DlDb9g==","id":"111111111","host_id":"uLoRgfbbTayCX6r2Q_qQsQ","topic":"My Meeting","type":2,"start_time":"2019-07-09T17:00:00Z","duration":10,"timezone":"America/Los_Angeles"}}} +{"event":"meeting.registration_created","payload":{"account_id":"lAAAAAAAAAAAAA","object":{"uuid":"dj12vck6sdTn6yy7qdy3dQg==","id":150000008,"host_id":"uLobbbbbbbbbb_qQsQ","topic":"A test meeting","type":2,"start_time":"2019-07-11T20:00:00Z","duration":120,"timezone":"America/Los_Angeles","registrant":{"id":"U0BBBBBBBBBBfrUz1Q","first_name":"Cool","last_name":"Person","email":"coolemail@email.com","address":"","city":"","country":"","zip":"","state":"","phone":"","industry":"","org":"","job_title":"","purchasing_time_frame":"","role_in_purchase_process":"","no_of_employees":"","comments":"","custom_questions":[],"status":"approved","join_url":"https://zoom.us/w/someendpointhere"}}}} +{"event":"meeting.registration_approved","payload":{"account_id":"lAAAAAAAAAAAAA","operator":"somemail@email.com","operator_id":"Lobbbbbbbbbb_qQsQ","object":{"uuid":"dj12vck6sdTn6yy7qdy3dQg==","id":150000008,"host_id":"uLobbbbbbbbbb_qQsQ","topic":"A test meeting","type":2,"start_time":"2019-07-11T20:00:00Z","duration":60,"timezone":"America/Los_Angeles","registrant":{"id":"U0BBBBBBBBBBfrUz1Q","first_name":"Cool","last_name":"Person","email":"coolemail@email.com"}}}} +{"event":"meeting.registration_cancelled","payload":{"account_id":"lAAAAAAAAAAAAA","operator":"coolemail@email.com","object":{"uuid":"dj12vck6sdTn6yy7qdy3dQg==","id":150000008,"host_id":"uLobbbbbbbbbb_qQsQ","topic":"A test meeting","type":2,"start_time":"2019-07-11T20:00:00Z","duration":120,"timezone":"America/Los_Angeles","registrant":{"id":"U0BBBBBBBBBBfrUz1Q","first_name":"Cool","last_name":"Person","email":"coolemail@email.com"}}}} +{"event":"meeting.sharing_started","payload":{"object":{"duration":60,"start_time":"2019-07-16T17:14:39Z","timezone":"America/Los_Angeles","topic":"My Meeting","id":"6962400003","type":2,"uuid":"4118UHIiRCAAAtBlDkcVyw==","host_id":"z8yCxTTTTSiw02QgCAp8uQ","participant":{"id":"s0AAAASoSE1V8KIFOCYw","user_id":"16778000","user_name":"Arya Arya","sharing_details":{"link_source":"in_meeting","file_link":"","source":"dropbox","date_time":"2019-07-16T17:19:11Z","content":"application"}}},"account_id":"EPeQtiABC000VYxHMA"}} +{"event":"meeting.sharing_ended","payload":{"object":{"duration":60,"start_time":"2019-07-16T17:14:39Z","timezone":"America/Los_Angeles","topic":"My Meeting","id":"6962400003","type":2,"uuid":"4118UHIiRCAAAtBlDkcVyw==","host_id":"z8yCxTTTTSiw02QgCAp8uQ","participant":{"id":"s0AAAASoSE1V8KIFOCYw","user_id":"16778000","user_name":"Arya Arya","sharing_details":{"link_source":"in_meeting","file_link":"","source":"dropbox","date_time":"2019-07-16T17:19:11Z","content":"application"}}},"account_id":"EPeQtiABC000VYxHMA"}} +{"event":"meeting.participant_jbh_waiting","payload":{"account_id":"EPeQti9EQsiyO30GVYxHMA","object":{"duration":60,"timezone":"America/Los_Angeles","topic":"Mytestmeeting","id":"5590000000","type":2,"uuid":"WnxYNY9mQu6aSa/kYLu1lA==","host_id":"z8yCxjjyTAAAA2QgCfp8uQ","participant":{"user_name":"Shrijana Shrijana"}}}} +{"event":"meeting.participant_jbh_joined","payload":{"account_id":"APeeQti9ErttQsiyO30GVYxHMA","object":{"duration":60,"timezone":"America/Los_Angeles","topic":"Mytestmeeting","id":"5594913504","type":2,"uuid":"WnxYNryyY9mQu6aSa/kYLu1lA==","host_id":"zf8yCxjjyTSdteriw02QgCfp8uQ","participant":{"user_name":"Tom Harry"}}}} +{"event":"meeting.participant_joined","payload":{"account_id":"o8KK_AAACq6BBEyA70CA","object":{"uuid":"czLF6FFFoQOKgAB99DlDb9g==","id":"111111111","host_id":"uLoRgfbbTayCX6r2Q_qQsQ","topic":"My Meeting","type":2,"start_time":"2019-07-09T17:00:00Z","duration":60,"timezone":"America/Los_Angeles","participant":{"user_id":"167782040","user_name":"shree","id":"iFxeBPYun6SAiWUzBcEkX","join_time":"2019-07-16T17:13:13Z"}}}} +{"event":"meeting.participant_left","payload":{"account_id":"o8KK_AAACq6BBEyA70CA","object":{"uuid":"czLF6FFFoQOKgAB99DlDb9g==","id":"111111111","host_id":"uLoRgfbbTayCX6r2Q_qQsQ","topic":"My Meeting","type":2,"start_time":"2019-07-09T17:00:00Z","duration":60,"timezone":"America/Los_Angeles","participant":{"user_id":"167782040","user_name":"shree","id":"iFxeBPYun6SAiWUzBcEkX","leave_time":"2019-07-16T17:13:13Z"}}}} diff --git a/x-pack/filebeat/module/zoom/webhook/test/meeting.ndjson.log-expected.json b/x-pack/filebeat/module/zoom/webhook/test/meeting.ndjson.log-expected.json new file mode 100644 index 00000000000..ca7de5569bd --- /dev/null +++ b/x-pack/filebeat/module/zoom/webhook/test/meeting.ndjson.log-expected.json @@ -0,0 +1,619 @@ +[ + { + "@timestamp": "2020-08-04T15:28:24.665Z", + "event.action": "meeting.created", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "info", + "creation" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 317, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "", + "uLoRgfbbTayCX6r2Q_qQsQ" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "zoom.account_id": "o8KK_AAACq6BBEyA70CA", + "zoom.meeting.duration": 60, + "zoom.meeting.host_id": "uLoRgfbbTayCX6r2Q_qQsQ", + "zoom.meeting.id": 111111111, + "zoom.meeting.start_time": "2019-07-09T17:00:00Z", + "zoom.meeting.timezone": "America/Los_Angeles", + "zoom.meeting.topic": "My Meeting", + "zoom.meeting.type": 2, + "zoom.meeting.uuid": "czLF6FFFoQOKgAB99DlDb9g==", + "zoom.operator": "someemail@email.com", + "zoom.operator_id": "uLoRgfbbTayCX6r2Q_qQsQ" + }, + { + "@timestamp": "2020-08-04T15:28:24.665Z", + "event.action": "meeting.updated", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "info", + "change" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 674, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "zoom.account_id": "AAAAAAAAAAA", + "zoom.meeting.duration": 120, + "zoom.meeting.id": 155184668, + "zoom.meeting.join_url": "https://zoom.us/j/00000000", + "zoom.meeting.start_time": "2019-07-11T20:00:00Z", + "zoom.meeting.type": 2, + "zoom.old_values.id": 155184668, + "zoom.old_values.join_url": "https://zoom.us/j/00000000", + "zoom.old_values.occurrences": [ + { + "duration": 120, + "occurrence_id": "1562875200000", + "start_time": "2019-07-11T20:00:00Z", + "status": "available" + }, + { + "duration": 120, + "occurrence_id": "1563480000000", + "start_time": "2019-07-18T20:00:00Z", + "status": "available" + }, + { + "duration": 120, + "occurrence_id": "1564084800000", + "start_time": "2019-07-25T20:00:00Z", + "status": "available" + }, + { + "duration": 120, + "occurrence_id": "1564689600000", + "start_time": "2019-08-01T20:00:00Z", + "status": "available" + }, + { + "duration": 120, + "occurrence_id": "1565294400000", + "start_time": "2019-08-08T20:00:00Z", + "status": "available" + }, + { + "duration": 120, + "occurrence_id": "1565899200000", + "start_time": "2019-08-15T20:00:00Z", + "status": "available" + }, + { + "duration": 120, + "occurrence_id": "1566504000000", + "start_time": "2019-08-22T20:00:00Z", + "status": "available" + } + ], + "zoom.old_values.recurrence.end_date_time": "2019-08-23T06:59:00Z", + "zoom.old_values.recurrence.repeat_interval": 1, + "zoom.old_values.recurrence.type": 2, + "zoom.old_values.recurrence.weekly_days": "5", + "zoom.old_values.settings.join_before_host": true, + "zoom.old_values.settings.participant_video": true, + "zoom.old_values.settings.use_pmi": false, + "zoom.old_values.type": 8, + "zoom.operator": "someemail@email.com", + "zoom.operator_id": "BBBBBBBBBB", + "zoom.settings.join_before_host": false, + "zoom.settings.participant_video": false, + "zoom.settings.use_pmi": true, + "zoom.time_stamp": 1562791953209 + }, + { + "@timestamp": "2020-08-04T15:28:24.665Z", + "event.action": "meeting.deleted", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "info", + "deletion" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 2049, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "", + "BBBBBBBBBB" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "zoom.account_id": "AAAAAAAAAA", + "zoom.meeting.duration": 60, + "zoom.meeting.host_id": "BBBBBBBBBB", + "zoom.meeting.id": 809321987, + "zoom.meeting.start_time": "2019-07-09T17:00:00Z", + "zoom.meeting.timezone": "America/Los_Angeles", + "zoom.meeting.topic": "My Meeting", + "zoom.meeting.type": 2, + "zoom.meeting.uuid": "KJpz1gbpTC8ke68xXmQa0==", + "zoom.operator": "someemail@email.com", + "zoom.operator_id": "BBBBBBBBBB" + }, + { + "@timestamp": "2020-08-04T15:28:24.665Z", + "event.action": "meeting.started", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "info", + "start" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 2370, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "uLoRgfbbTayCX6r2Q_qQsQ" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "zoom.account_id": "o8KK_AAACq6BBEyA70CA", + "zoom.meeting.duration": 60, + "zoom.meeting.host_id": "uLoRgfbbTayCX6r2Q_qQsQ", + "zoom.meeting.id": "111111111", + "zoom.meeting.start_time": "2019-07-09T17:00:00Z", + "zoom.meeting.timezone": "America/Los_Angeles", + "zoom.meeting.topic": "My Meeting", + "zoom.meeting.type": 2, + "zoom.meeting.uuid": "czLF6FFFoQOKgAB99DlDb9g==" + }, + { + "@timestamp": "2020-08-04T15:28:24.665Z", + "event.action": "meeting.ended", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "info", + "end" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 2657, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "uLoRgfbbTayCX6r2Q_qQsQ" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "zoom.account_id": "o8KK_AAACq6BBEyA70CA", + "zoom.meeting.duration": 10, + "zoom.meeting.host_id": "uLoRgfbbTayCX6r2Q_qQsQ", + "zoom.meeting.id": "111111111", + "zoom.meeting.start_time": "2019-07-09T17:00:00Z", + "zoom.meeting.timezone": "America/Los_Angeles", + "zoom.meeting.topic": "My Meeting", + "zoom.meeting.type": 2, + "zoom.meeting.uuid": "czLF6FFFoQOKgAB99DlDb9g==" + }, + { + "@timestamp": "2020-08-04T15:28:24.665Z", + "event.action": "meeting.registration_created", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "info", + "creation" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 2942, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "uLobbbbbbbbbb_qQsQ" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "zoom.account_id": "lAAAAAAAAAAAAA", + "zoom.meeting.duration": 120, + "zoom.meeting.host_id": "uLobbbbbbbbbb_qQsQ", + "zoom.meeting.id": 150000008, + "zoom.meeting.start_time": "2019-07-11T20:00:00Z", + "zoom.meeting.timezone": "America/Los_Angeles", + "zoom.meeting.topic": "A test meeting", + "zoom.meeting.type": 2, + "zoom.meeting.uuid": "dj12vck6sdTn6yy7qdy3dQg==", + "zoom.registrant.address": "", + "zoom.registrant.city": "", + "zoom.registrant.comments": "", + "zoom.registrant.country": "", + "zoom.registrant.email": "coolemail@email.com", + "zoom.registrant.first_name": "Cool", + "zoom.registrant.id": "U0BBBBBBBBBBfrUz1Q", + "zoom.registrant.industry": "", + "zoom.registrant.job_title": "", + "zoom.registrant.join_url": "https://zoom.us/w/someendpointhere", + "zoom.registrant.last_name": "Person", + "zoom.registrant.no_of_employees": "", + "zoom.registrant.org": "", + "zoom.registrant.phone": "", + "zoom.registrant.purchasing_time_frame": "", + "zoom.registrant.role_in_purchase_process": "", + "zoom.registrant.state": "", + "zoom.registrant.status": "approved", + "zoom.registrant.zip": "" + }, + { + "@timestamp": "2020-08-04T15:28:24.665Z", + "event.action": "meeting.registration_approved", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "info", + "allowed" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 3634, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "", + "uLobbbbbbbbbb_qQsQ" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "zoom.account_id": "lAAAAAAAAAAAAA", + "zoom.meeting.duration": 60, + "zoom.meeting.host_id": "uLobbbbbbbbbb_qQsQ", + "zoom.meeting.id": 150000008, + "zoom.meeting.start_time": "2019-07-11T20:00:00Z", + "zoom.meeting.timezone": "America/Los_Angeles", + "zoom.meeting.topic": "A test meeting", + "zoom.meeting.type": 2, + "zoom.meeting.uuid": "dj12vck6sdTn6yy7qdy3dQg==", + "zoom.operator": "somemail@email.com", + "zoom.operator_id": "Lobbbbbbbbbb_qQsQ", + "zoom.registrant.email": "coolemail@email.com", + "zoom.registrant.first_name": "Cool", + "zoom.registrant.id": "U0BBBBBBBBBBfrUz1Q", + "zoom.registrant.last_name": "Person" + }, + { + "@timestamp": "2020-08-04T15:28:24.665Z", + "event.action": "meeting.registration_cancelled", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "info" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 4105, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "uLobbbbbbbbbb_qQsQ" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "zoom.account_id": "lAAAAAAAAAAAAA", + "zoom.meeting.duration": 120, + "zoom.meeting.host_id": "uLobbbbbbbbbb_qQsQ", + "zoom.meeting.id": 150000008, + "zoom.meeting.start_time": "2019-07-11T20:00:00Z", + "zoom.meeting.timezone": "America/Los_Angeles", + "zoom.meeting.topic": "A test meeting", + "zoom.meeting.type": 2, + "zoom.meeting.uuid": "dj12vck6sdTn6yy7qdy3dQg==", + "zoom.operator": "coolemail@email.com", + "zoom.registrant.email": "coolemail@email.com", + "zoom.registrant.first_name": "Cool", + "zoom.registrant.id": "U0BBBBBBBBBBfrUz1Q", + "zoom.registrant.last_name": "Person" + }, + { + "@timestamp": "2020-08-04T15:28:24.665Z", + "event.action": "meeting.sharing_started", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "info", + "start" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 4545, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "z8yCxTTTTSiw02QgCAp8uQ" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "zoom.account_id": "EPeQtiABC000VYxHMA", + "zoom.meeting.duration": 60, + "zoom.meeting.host_id": "z8yCxTTTTSiw02QgCAp8uQ", + "zoom.meeting.id": "6962400003", + "zoom.meeting.start_time": "2019-07-16T17:14:39Z", + "zoom.meeting.timezone": "America/Los_Angeles", + "zoom.meeting.topic": "My Meeting", + "zoom.meeting.type": 2, + "zoom.meeting.uuid": "4118UHIiRCAAAtBlDkcVyw==", + "zoom.participant.id": "s0AAAASoSE1V8KIFOCYw", + "zoom.participant.sharing_details.content": "application", + "zoom.participant.sharing_details.date_time": "2019-07-16T17:19:11Z", + "zoom.participant.sharing_details.file_link": "", + "zoom.participant.sharing_details.link_source": "in_meeting", + "zoom.participant.sharing_details.source": "dropbox", + "zoom.participant.user_id": "16778000", + "zoom.participant.user_name": "Arya Arya" + }, + { + "@timestamp": "2020-08-04T15:28:24.665Z", + "event.action": "meeting.sharing_ended", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "info", + "end" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 5067, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "z8yCxTTTTSiw02QgCAp8uQ" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "zoom.account_id": "EPeQtiABC000VYxHMA", + "zoom.meeting.duration": 60, + "zoom.meeting.host_id": "z8yCxTTTTSiw02QgCAp8uQ", + "zoom.meeting.id": "6962400003", + "zoom.meeting.start_time": "2019-07-16T17:14:39Z", + "zoom.meeting.timezone": "America/Los_Angeles", + "zoom.meeting.topic": "My Meeting", + "zoom.meeting.type": 2, + "zoom.meeting.uuid": "4118UHIiRCAAAtBlDkcVyw==", + "zoom.participant.id": "s0AAAASoSE1V8KIFOCYw", + "zoom.participant.sharing_details.content": "application", + "zoom.participant.sharing_details.date_time": "2019-07-16T17:19:11Z", + "zoom.participant.sharing_details.file_link": "", + "zoom.participant.sharing_details.link_source": "in_meeting", + "zoom.participant.sharing_details.source": "dropbox", + "zoom.participant.user_id": "16778000", + "zoom.participant.user_name": "Arya Arya" + }, + { + "@timestamp": "2020-08-04T15:28:24.665Z", + "event.action": "meeting.participant_jbh_waiting", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "info" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 5587, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "z8yCxjjyTAAAA2QgCfp8uQ" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "zoom.account_id": "EPeQti9EQsiyO30GVYxHMA", + "zoom.meeting.duration": 60, + "zoom.meeting.host_id": "z8yCxjjyTAAAA2QgCfp8uQ", + "zoom.meeting.id": "5590000000", + "zoom.meeting.timezone": "America/Los_Angeles", + "zoom.meeting.topic": "Mytestmeeting", + "zoom.meeting.type": 2, + "zoom.meeting.uuid": "WnxYNY9mQu6aSa/kYLu1lA==", + "zoom.participant.user_name": "Shrijana Shrijana" + }, + { + "@timestamp": "2020-08-04T15:28:24.665Z", + "event.action": "meeting.participant_jbh_joined", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "info" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 5907, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "zf8yCxjjyTSdteriw02QgCfp8uQ" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "zoom.account_id": "APeeQti9ErttQsiyO30GVYxHMA", + "zoom.meeting.duration": 60, + "zoom.meeting.host_id": "zf8yCxjjyTSdteriw02QgCfp8uQ", + "zoom.meeting.id": "5594913504", + "zoom.meeting.timezone": "America/Los_Angeles", + "zoom.meeting.topic": "Mytestmeeting", + "zoom.meeting.type": 2, + "zoom.meeting.uuid": "WnxYNryyY9mQu6aSa/kYLu1lA==", + "zoom.participant.user_name": "Tom Harry" + }, + { + "@timestamp": "2020-08-04T15:28:24.665Z", + "event.action": "meeting.participant_joined", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "info" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 6230, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "uLoRgfbbTayCX6r2Q_qQsQ" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "zoom.account_id": "o8KK_AAACq6BBEyA70CA", + "zoom.meeting.duration": 60, + "zoom.meeting.host_id": "uLoRgfbbTayCX6r2Q_qQsQ", + "zoom.meeting.id": "111111111", + "zoom.meeting.start_time": "2019-07-09T17:00:00Z", + "zoom.meeting.timezone": "America/Los_Angeles", + "zoom.meeting.topic": "My Meeting", + "zoom.meeting.type": 2, + "zoom.meeting.uuid": "czLF6FFFoQOKgAB99DlDb9g==", + "zoom.participant.id": "iFxeBPYun6SAiWUzBcEkX", + "zoom.participant.join_time": "2019-07-16T17:13:13Z", + "zoom.participant.user_id": "167782040", + "zoom.participant.user_name": "shree" + }, + { + "@timestamp": "2020-08-04T15:28:24.666Z", + "event.action": "meeting.participant_left", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "info" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 6650, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "uLoRgfbbTayCX6r2Q_qQsQ" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "zoom.account_id": "o8KK_AAACq6BBEyA70CA", + "zoom.meeting.duration": 60, + "zoom.meeting.host_id": "uLoRgfbbTayCX6r2Q_qQsQ", + "zoom.meeting.id": "111111111", + "zoom.meeting.start_time": "2019-07-09T17:00:00Z", + "zoom.meeting.timezone": "America/Los_Angeles", + "zoom.meeting.topic": "My Meeting", + "zoom.meeting.type": 2, + "zoom.meeting.uuid": "czLF6FFFoQOKgAB99DlDb9g==", + "zoom.participant.id": "iFxeBPYun6SAiWUzBcEkX", + "zoom.participant.leave_time": "2019-07-16T17:13:13Z", + "zoom.participant.user_id": "167782040", + "zoom.participant.user_name": "shree" + } +] \ No newline at end of file diff --git a/x-pack/filebeat/module/zoom/webhook/test/phone.ndjson.log b/x-pack/filebeat/module/zoom/webhook/test/phone.ndjson.log new file mode 100644 index 00000000000..30931c4b742 --- /dev/null +++ b/x-pack/filebeat/module/zoom/webhook/test/phone.ndjson.log @@ -0,0 +1,11 @@ +{"event":"phone.caller_ringing","payload":{"account_id":"EPeQ33fdf34YxHMA","object":{"call_id":"ddd5540","caller":{"extension_number":10803,"phone_number":"10803","user_id":"cadsd32wA","timezone":"America/Los_Angeles","device_type":"Android_Phone(5.1.2)"},"callee":{"extension_number":10800,"phone_number":"10800"},"ringing_start_time":"2020-07-22T01:41:55Z"}}} +{"event":"phone.caller_connected","payload":{"account_id":"EPeQdfg34VYxHMA","object":{"call_id":"684445540","caller":{"extension_number":10803,"phone_number":"10803","user_id":"cajhdsf3wA","timezone":"America/Los_Angeles","device_type":"Android_Phone"},"callee":{"extension_number":10800,"phone_number":"10800"},"ringing_start_time":"2020-07-22T01:41:55Z","connected_start_time":"2020-07-22T01:42:04Z"}}} +{"event":"phone.caller_ringing","payload":{"account_id":"cbvxnYyO30GVYxHMA","object":{"call_id":"68sdsasdda7","caller":{"extension_number":10800,"phone_number":"+1200000001","user_id":"z8yCxjgjsuyd58uQ","timezone":"America/Los_Angeles","device_type":"MAC_Client(5.1.2856436)"},"callee":{"phone_number":"16654444444444446"},"ringing_start_time":"2020-07-22T01:38:40Z"}}} +{"event":"phone.callee_answered","payload":{"account_id":"EPsjdhgffgHMA","object":{"call_id":"685dfvhzsza5540","caller":{"extension_number":10803,"phone_number":"10803"},"callee":{"extension_number":10800,"phone_number":"10800","user_id":"z8yCDSSQWSSWuQ","timezone":"America/Los_Angeles","device_type":"MAC_Client"},"ringing_start_time":"2020-07-22T01:41:56Z","answer_start_time":"2020-07-22T01:42:04Z"}}} +{"event":"phone.callee_missed","payload":{"object":{"caller":{"phone_number":"+1000000"},"callee":{"user_id":"z66jfgjdg2QgCfp8uQ","extension_number":"10800","timezone":"America/Los_Angeles"},"call_id":"6dfdg07-22T21:09:17Z","call_end_time":"2020-07-22T21:09:24Z"},"account_id":"EPeQjuh6768MA"}} +{"event":"phone.callee_ended","payload":{"object":{"caller":{"phone_number":"+1000000"},"callee":{"user_id":"z66jfgjdg2QgCfp8uQ","extension_number":"10800","timezone":"America/Los_Angeles"},"call_id":"6dfdg07-22T21:09:17Z","answer_start_time":"2020-07-22T21:09:20Z","call_end_time":"2020-07-22T21:09:24Z"},"account_id":"EPeQjuh6768MA"}} +{"event":"phone.caller_ended","payload":{"object":{"caller":{"phone_number":"+1000000"},"callee":{"user_id":"z66jfgjdg2QgCfp8uQ","extension_number":"10800","timezone":"America/Los_Angeles"},"call_id":"6dfdg07-22T21:09:17Z","answer_start_time":"2020-07-22T21:09:20Z","call_end_time":"2020-07-22T21:09:24Z"},"account_id":"EPeQjuh6768MA"}} +{"event":"phone.callee_rejected","payload":{"object":{"caller":{"phone_number":"+12044444444"},"callee":{"user_id":"sfcg43FOCYw","extension_number":"9001","timezone":"America/Los_Angeles"},"call_id":"6dfhggtrh93","ringing_start_time":"2020-07-22T21:06:33Z","call_end_time":"2020-07-22T21:06:39Z"},"account_id":"MKDRWo34535wow"}} +{"event":"phone.voicemail_received","payload":{"account_id":"test","object":{"id":"235435","date_time":"2020-07-22T21:06:39Z","download_url":"https://testurl.com/file.mp4","duration":"1235","caller_number":"+12044444444","caller_number_type":"3","caller_name":"Testaccount","callee_user_id":"543234","callee_number":"+12044444444","callee_number_type":"2","callee_name":"Testaccount2","callee_extension_type":"2","callee_id":"1234"}}} +{"event":"phone.caller_call_log_completed","payload":{"account_id":"EPebnxvbdn342MA","object":{"call_logs":[{"id":"02dfdfsd9e33","caller_number":"10803","caller_number_type":1,"caller_name":"Shree","callee_number":"10800","callee_number_type":1,"callee_name":"Maya","direction":"outbound","duration":44,"result":"Call connected","date_time":"2020-07-22T01:41:55Z"}],"user_id":"caddsfsdfv_VaHE53wA"}}} +{"event":"phone.callee_call_log_completed","payload":{"account_id":"EPeQt3543hvxzc","object":{"call_logs":[{"id":"1585adsfsdfec39404b","caller_number":"10803","caller_number_type":1,"caller_name":"Shrye","callee_number":"10800","callee_number_type":1,"callee_name":"Ryhee","direction":"inbound","duration":44,"result":"Call connected","date_time":"2020-07-22T01:41:56Z"}],"user_id":"z8sdfsdfds3uQ"}}} diff --git a/x-pack/filebeat/module/zoom/webhook/test/recording.ndjson.log b/x-pack/filebeat/module/zoom/webhook/test/recording.ndjson.log new file mode 100644 index 00000000000..1b270331d00 --- /dev/null +++ b/x-pack/filebeat/module/zoom/webhook/test/recording.ndjson.log @@ -0,0 +1,13 @@ +{"event":"recording.started","payload":{"account_id":"lAAAAAAAAAAAAA","object":{"uuid":"dj12vck6sdTn6yy7qdy3dQg==","id":150000008,"host_id":"uLobbbbbbbbbb_qQsQ","topic":"A test meeting","type":2,"start_time":"2019-07-11T20:00:00Z","duration":1,"timezone":"America/Los_Angeles","recording_file":{"recording_start":"2019-07-31T22:41:02Z","recording_end":""}}}} +{"event":"recording.paused","payload":{"account_id":"lAAAAAAAAAAAAA","object":{"uuid":"dj12vck6sdTn6yy7qdy3dQg==","id":150000008,"host_id":"uLobbbbbbbbbb_qQsQ","topic":"A test meeting","type":2,"start_time":"2019-07-11T20:00:00Z","duration":1,"timezone":"America/Los_Angeles","recording_file":{"recording_start":"2019-07-31T22:41:02Z","recording_end":""}}}} +{"event":"recording.resumed","payload":{"account_id":"lAAAAAAAAAAAAA","object":{"uuid":"dj12vck6sdTn6yy7qdy3dQg==","id":150000008,"host_id":"uLobbbbbbbbbb_qQsQ","topic":"A test meeting","type":2,"start_time":"2019-07-11T20:00:00Z","duration":1,"timezone":"America/Los_Angeles","recording_file":{"recording_start":"2019-07-31T22:45:02Z","recording_end":""}}}} +{"event":"recording.stopped","payload":{"account_id":"lAAAAAAAAAAAAA","object":{"uuid":"dj12vck6sdTn6yy7qdy3dQg==","id":150000008,"host_id":"uLobbbbbbbbbb_qQsQ","topic":"A test meeting","type":2,"start_time":"2019-07-11T20:00:00Z","duration":8,"timezone":"America/Los_Angeles","recording_file":{"recording_start":"2019-07-31T22:41:02Z","recording_end":"2019-07-31T22:43:29Z"}}}} +{"event":"recording.completed","payload":{"account_id":"lAAAAAAAAAAAAA","object":{"uuid":"dj12vck6sdTn6yy7qdy3dQg==","id":150000008,"host_id":"uLobbbbbbbbbb_qQsQ","topic":"A test meeting","type":2,"start_time":"2019-07-11T20:00:00Z","duration":1,"timezone":"America/Los_Angeles","host_email":"somemeail@someemailservice.fjdjf","total_size":529758,"recording_count":4,"share_url":"https://zoom.us/recording/share/aaaaaannnnnldglrkgmrmhh","recording_files":[{"id":"8f88599d-19ca-4d2b-a965-1196e777cb3c","meeting_id":"bpKUheqtRLifLBcIYVJLZw==","recording_start":"2019-07-23T22:14:57Z","recording_end":"2019-07-23T22:15:41Z","file_type":"MP4","file_size":282825,"play_url":"https://zoom.us/recording/play/80ebRwsfjskf2H3vlSigX0gNlBBBBBBBBBBBBBB","download_url":"https://zoom.us/recording/download/80ebRwsfjskf2H3vlSigX0gNlBBBBBBBBBBBBBB","status":"completed","recording_type":"shared_screen_with_speaker_view"},{"id":"a6b332f9-2246-49e5-913e-588adc7f0f5f","meeting_id":"bpKUheqtRLifLBcIYVJLZw==","recording_start":"2019-07-23T22:14:57Z","recording_end":"2019-07-23T22:15:41Z","file_type":"M4A","file_size":246560,"play_url":"https://zoom.us/recording/play/Oaevut8LSACCCCCCCCnnnnnnnnbbbb","download_url":"https://zoom.us/recording/download/Oaevut8LSACCCCCCCCnnnnnnnnbbbb","status":"completed","recording_type":"audio_only"},{"meeting_id":"bpKUheqtRLifLBcIYVJLZw==","recording_start":"2019-07-23T22:14:57Z","recording_end":"2019-07-23T22:15:41Z","file_type":"TIMELINE","download_url":"https://zoom.us/recording/download/2dBBBBBccccDDDDeeee"},{"id":"97a4f7ca-e7e8-4e3b-b28a-27b42cd33c09","meeting_id":"bpKUheqtRLifLBcIYVJLZw==","recording_start":"2019-07-23T22:14:57Z","recording_end":"2019-07-23T22:15:41Z","file_type":"TRANSCRIPT","file_size":373,"play_url":"https://zoom.us/recording/play/7h0BBBBBBBchfhfhffh_0AAAAbbbbbeeSFcf209m","download_url":"https://zoom.us/recording/play/7h0BBBBBBBchfhfhffh_0AAAAbbbbbeeSFcf209m","status":"completed","recording_type":"audio_transcript"}]}}} +{"event":"recording.renamed","payload":{"account_id":"EPhgfhfghfYxHMA","operator":"shrifdfdh@kjdmail.com","operator_id":"zdhghgCfp8uQ","object":{"uuid":"9xxxkifpPUz+Ow==","id":7000000,"topic":"Edited Recording Title","type":1},"old_object":{"uuid":"9xxxkifpPUz+Ow==","id":7000000,"topic":"My Fancy Recording Title","type":1},"time_stamp":1575500457395}} +{"event":"recording.trashed","payload":{"account_id":"lAAAAAAAAAAAAA","object":{"uuid":"dj12vck6sdTn6yy7qdy3dQg==","id":150000008,"host_id":"uLobbbbbbbbbb_qQsQ","topic":"A test meeting","type":2,"start_time":"2019-07-11T20:00:00Z","duration":1,"timezone":"America/Los_Angeles","total_size":529758,"recording_count":4,"share_url":"https://zoom.us/recording/share/aaaaaannnnnldglrkgmrmhh","recording_files":[{"id":"8f88599d-19ca-4d2b-a965-1196e777cb3c","meeting_id":"bpKUheqtRLifLBcIYVJLZw==","recording_start":"2019-07-23T22:14:57Z","recording_end":"2019-07-23T22:15:41Z","file_type":"MP4","file_size":282825,"play_url":"https://zoom.us/recording/play/80ebRwsfjskf2H3vlSigX0gNlBBBBBBBBBBBBBB","download_url":"https://zoom.us/recording/download/80ebRwsfjskf2H3vlSigX0gNlBBBBBBBBBBBBBB","status":"completed","recording_type":"shared_screen_with_speaker_view"},{"id":"a6b332f9-2246-49e5-913e-588adc7f0f5f","meeting_id":"bpKUheqtRLifLBcIYVJLZw==","recording_start":"2019-07-23T22:14:57Z","recording_end":"2019-07-23T22:15:41Z","file_type":"M4A","file_size":246560,"play_url":"https://zoom.us/recording/play/Oaevut8LSACCCCCCCCnnnnnnnnbbbb","download_url":"https://zoom.us/recording/download/Oaevut8LSACCCCCCCCnnnnnnnnbbbb","status":"completed","recording_type":"audio_only"},{"meeting_id":"bpKUheqtRLifLBcIYVJLZw==","recording_start":"2019-07-23T22:14:57Z","recording_end":"2019-07-23T22:15:41Z","file_type":"TIMELINE","download_url":"https://zoom.us/recording/download/2dBBBBBccccDDDDeeee"},{"id":"97a4f7ca-e7e8-4e3b-b28a-27b42cd33c09","meeting_id":"bpKUheqtRLifLBcIYVJLZw==","recording_start":"2019-07-23T22:14:57Z","recording_end":"2019-07-23T22:15:41Z","file_type":"TRANSCRIPT","file_size":373,"play_url":"https://zoom.us/recording/play/7h0BBBBBBBchfhfhffh_0AAAAbbbbbeeSFcf209m","download_url":"https://zoom.us/recording/play/7h0BBBBBBBchfhfhffh_0AAAAbbbbbeeSFcf209m","status":"completed","recording_type":"audio_transcript"}]}}} +{"event":"recording.deleted","payload":{"account_id":"lAAAAAAAAAAAAA","object":{"uuid":"dj12vck6sdTn6yy7qdy3dQg==","id":150000008,"host_id":"uLobbbbbbbbbb_qQsQ","topic":"A test meeting","type":2,"start_time":"2019-07-11T20:00:00Z","duration":1,"timezone":"America/Los_Angeles","total_size":529758,"recording_count":4,"share_url":"https://zoom.us/recording/share/aaaaaannnnnldglrkgmrmhh","recording_files":[{"id":"8f88599d-19ca-4d2b-a965-1196e777cb3c","meeting_id":"bpKUheqtRLifLBcIYVJLZw==","recording_start":"2019-07-23T22:14:57Z","recording_end":"2019-07-23T22:15:41Z","file_type":"MP4","file_size":282825,"play_url":"https://zoom.us/recording/play/80ebRwsfjskf2H3vlSigX0gNlBBBBBBBBBBBBBB","download_url":"https://zoom.us/recording/download/80ebRwsfjskf2H3vlSigX0gNlBBBBBBBBBBBBBB","status":"completed","recording_type":"shared_screen_with_speaker_view"},{"id":"a6b332f9-2246-49e5-913e-588adc7f0f5f","meeting_id":"bpKUheqtRLifLBcIYVJLZw==","recording_start":"2019-07-23T22:14:57Z","recording_end":"2019-07-23T22:15:41Z","file_type":"M4A","file_size":246560,"play_url":"https://zoom.us/recording/play/Oaevut8LSACCCCCCCCnnnnnnnnbbbb","download_url":"https://zoom.us/recording/download/Oaevut8LSACCCCCCCCnnnnnnnnbbbb","status":"completed","recording_type":"audio_only"},{"meeting_id":"bpKUheqtRLifLBcIYVJLZw==","recording_start":"2019-07-23T22:14:57Z","recording_end":"2019-07-23T22:15:41Z","file_type":"TIMELINE","download_url":"https://zoom.us/recording/download/2dBBBBBccccDDDDeeee"},{"id":"97a4f7ca-e7e8-4e3b-b28a-27b42cd33c09","meeting_id":"bpKUheqtRLifLBcIYVJLZw==","recording_start":"2019-07-23T22:14:57Z","recording_end":"2019-07-23T22:15:41Z","file_type":"TRANSCRIPT","file_size":373,"play_url":"https://zoom.us/recording/play/7h0BBBBBBBchfhfhffh_0AAAAbbbbbeeSFcf209m","download_url":"https://zoom.us/recording/play/7h0BBBBBBBchfhfhffh_0AAAAbbbbbeeSFcf209m","status":"completed","recording_type":"audio_transcript"}]}}} +{"event":"recording.recovered","payload":{"account_id":"lAAAAAAAAAAAAA","object":{"uuid":"dj12vck6sdTn6yy7qdy3dQg==","id":150000008,"host_id":"uLobbbbbbbbbb_qQsQ","topic":"A test meeting","type":2,"start_time":"2019-07-11T20:00:00Z","duration":1,"timezone":"America/Los_Angeles","total_size":529758,"recording_count":4,"share_url":"https://zoom.us/recording/share/aaaaaannnnnldglrkgmrmhh","recording_files":[{"id":"8f88599d-19ca-4d2b-a965-1196e777cb3c","meeting_id":"bpKUheqtRLifLBcIYVJLZw==","recording_start":"2019-07-23T22:14:57Z","recording_end":"2019-07-23T22:15:41Z","file_type":"MP4","file_size":282825,"play_url":"https://zoom.us/recording/play/80ebRwsfjskf2H3vlSigX0gNlBBBBBBBBBBBBBB","download_url":"https://zoom.us/recording/download/80ebRwsfjskf2H3vlSigX0gNlBBBBBBBBBBBBBB","status":"completed","recording_type":"shared_screen_with_speaker_view"},{"id":"a6b332f9-2246-49e5-913e-588adc7f0f5f","meeting_id":"bpKUheqtRLifLBcIYVJLZw==","recording_start":"2019-07-23T22:14:57Z","recording_end":"2019-07-23T22:15:41Z","file_type":"M4A","file_size":246560,"play_url":"https://zoom.us/recording/play/Oaevut8LSACCCCCCCCnnnnnnnnbbbb","download_url":"https://zoom.us/recording/download/Oaevut8LSACCCCCCCCnnnnnnnnbbbb","status":"completed","recording_type":"audio_only"},{"meeting_id":"bpKUheqtRLifLBcIYVJLZw==","recording_start":"2019-07-23T22:14:57Z","recording_end":"2019-07-23T22:15:41Z","file_type":"TIMELINE","download_url":"https://zoom.us/recording/download/2dBBBBBccccDDDDeeee"},{"id":"97a4f7ca-e7e8-4e3b-b28a-27b42cd33c09","meeting_id":"bpKUheqtRLifLBcIYVJLZw==","recording_start":"2019-07-23T22:14:57Z","recording_end":"2019-07-23T22:15:41Z","file_type":"TRANSCRIPT","file_size":373,"play_url":"https://zoom.us/recording/play/7h0BBBBBBBchfhfhffh_0AAAAbbbbbeeSFcf209m","download_url":"https://zoom.us/recording/play/7h0BBBBBBBchfhfhffh_0AAAAbbbbbeeSFcf209m","status":"completed","recording_type":"audio_transcript"}]}}} +{"event":"recording.transcript_completed","payload":{"account_id":"lAAAAAAAAAAAAA","object":{"uuid":"dj12vck6sdTn6yy7qdy3dQg==","id":150000008,"host_id":"uLobbbbbbbbbb_qQsQ","topic":"A test meeting","type":2,"start_time":"2019-07-11T20:00:00Z","duration":1,"timezone":"America/Los_Angeles","total_size":529758,"recording_count":4,"share_url":"https://zoom.us/recording/share/aaaaaannnnnldglrkgmrmhh","recording_files":[{"id":"296cdfgdfg-768a838","meeting_id":"Buyiz+Ow==","recording_start":"2019-11-23T01:56:08Z","recording_end":"2019-11-23T01:57:44Z","file_type":"TRANSCRIPT","file_size":142,"play_url":"https://zoom.us/recording/play/ytutuytuyu","download_url":"https://zoom.us/recording/download/ytutuytuyu","status":"completed","recording_type":"audio_transcript"}]}}} +{"event":"recording.registration_created","payload":{"account_id":"lAAAAAAAAAAAAA","object":{"uuid":"dj12vck6sdTn6yy7qdy3dQg==","id":150000008,"host_id":"uLobbbbbbbbbb_qQsQ","topic":"A test meeting","type":2,"start_time":"2019-07-11T20:00:00Z","duration":120,"timezone":"America/Los_Angeles","registrant":{"id":"U0BBBBBBBBBBfrUz1Q","first_name":"Cool","last_name":"Person","email":"coolemail@email.com"}}}} +{"event":"recording.registration_approved","payload":{"account_id":"lAAAAAAAAAAAAA","object":{"uuid":"dj12vck6sdTn6yy7qdy3dQg==","id":150000008,"host_id":"uLobbbbbbbbbb_qQsQ","topic":"A test meeting","type":2,"start_time":"2019-07-11T20:00:00Z","duration":120,"timezone":"America/Los_Angeles","registrant":{"id":"U0BBBBBBBBBBfrUz1Q","first_name":"Cool","last_name":"Person","email":"coolemail@email.com"}}}} +{"event":"recording.registration_denied","payload":{"account_id":"lAAAAAAAAAAAAA","object":{"uuid":"dj12vck6sdTn6yy7qdy3dQg==","id":150000008,"host_id":"uLobbbbbbbbbb_qQsQ","topic":"A test meeting","type":2,"start_time":"2019-07-11T20:00:00Z","duration":120,"timezone":"America/Los_Angeles","registrant":{"id":"U0BBBBBBBBBBfrUz1Q","first_name":"Cool","last_name":"Person","email":"coolemail@email.com"}}}} diff --git a/x-pack/filebeat/module/zoom/webhook/test/recording.ndjson.log-expected.json b/x-pack/filebeat/module/zoom/webhook/test/recording.ndjson.log-expected.json new file mode 100644 index 00000000000..360d580c9cf --- /dev/null +++ b/x-pack/filebeat/module/zoom/webhook/test/recording.ndjson.log-expected.json @@ -0,0 +1,461 @@ +[ + { + "@timestamp": "2020-08-04T15:28:19.726Z", + "event.action": "recording.started", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "info", + "start" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 0, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "uLobbbbbbbbbb_qQsQ" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "zoom.account_id": "lAAAAAAAAAAAAA", + "zoom.recording.duration": 1, + "zoom.recording.host_id": "uLobbbbbbbbbb_qQsQ", + "zoom.recording.id": 150000008, + "zoom.recording.start_time": "2019-07-11T20:00:00Z", + "zoom.recording.timezone": "America/Los_Angeles", + "zoom.recording.topic": "A test meeting", + "zoom.recording.type": 2, + "zoom.recording.uuid": "dj12vck6sdTn6yy7qdy3dQg==" + }, + { + "@timestamp": "2020-08-04T15:28:19.727Z", + "event.action": "recording.paused", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "info", + "change" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 359, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "uLobbbbbbbbbb_qQsQ" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "zoom.account_id": "lAAAAAAAAAAAAA", + "zoom.recording.duration": 1, + "zoom.recording.host_id": "uLobbbbbbbbbb_qQsQ", + "zoom.recording.id": 150000008, + "zoom.recording.start_time": "2019-07-11T20:00:00Z", + "zoom.recording.timezone": "America/Los_Angeles", + "zoom.recording.topic": "A test meeting", + "zoom.recording.type": 2, + "zoom.recording.uuid": "dj12vck6sdTn6yy7qdy3dQg==" + }, + { + "@timestamp": "2020-08-04T15:28:19.727Z", + "event.action": "recording.resumed", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "info", + "change" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 717, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "uLobbbbbbbbbb_qQsQ" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "zoom.account_id": "lAAAAAAAAAAAAA", + "zoom.recording.duration": 1, + "zoom.recording.host_id": "uLobbbbbbbbbb_qQsQ", + "zoom.recording.id": 150000008, + "zoom.recording.start_time": "2019-07-11T20:00:00Z", + "zoom.recording.timezone": "America/Los_Angeles", + "zoom.recording.topic": "A test meeting", + "zoom.recording.type": 2, + "zoom.recording.uuid": "dj12vck6sdTn6yy7qdy3dQg==" + }, + { + "@timestamp": "2020-08-04T15:28:19.727Z", + "event.action": "recording.stopped", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "info", + "end" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 1076, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "uLobbbbbbbbbb_qQsQ" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "zoom.account_id": "lAAAAAAAAAAAAA", + "zoom.recording.duration": 8, + "zoom.recording.host_id": "uLobbbbbbbbbb_qQsQ", + "zoom.recording.id": 150000008, + "zoom.recording.start_time": "2019-07-11T20:00:00Z", + "zoom.recording.timezone": "America/Los_Angeles", + "zoom.recording.topic": "A test meeting", + "zoom.recording.type": 2, + "zoom.recording.uuid": "dj12vck6sdTn6yy7qdy3dQg==" + }, + { + "@timestamp": "2020-08-04T15:28:19.727Z", + "event.action": "recording.renamed", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "info", + "change" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 3433, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "zoom.account_id": "EPhgfhfghfYxHMA", + "zoom.old_values.id": 7000000, + "zoom.old_values.topic": "My Fancy Recording Title", + "zoom.old_values.type": 1, + "zoom.old_values.uuid": "9xxxkifpPUz+Ow==", + "zoom.operator": "shrifdfdh@kjdmail.com", + "zoom.operator_id": "zdhghgCfp8uQ", + "zoom.recording.id": 7000000, + "zoom.recording.topic": "Edited Recording Title", + "zoom.recording.type": 1, + "zoom.recording.uuid": "9xxxkifpPUz+Ow==", + "zoom.time_stamp": 1575500457395 + }, + { + "@timestamp": "2020-08-04T15:28:19.727Z", + "event.action": "recording.trashed", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "info", + "deletion" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 3787, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "uLobbbbbbbbbb_qQsQ" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "zoom.account_id": "lAAAAAAAAAAAAA", + "zoom.recording.duration": 1, + "zoom.recording.host_id": "uLobbbbbbbbbb_qQsQ", + "zoom.recording.id": 150000008, + "zoom.recording.recording_count": 4, + "zoom.recording.share_url": "https://zoom.us/recording/share/aaaaaannnnnldglrkgmrmhh", + "zoom.recording.start_time": "2019-07-11T20:00:00Z", + "zoom.recording.timezone": "America/Los_Angeles", + "zoom.recording.topic": "A test meeting", + "zoom.recording.total_size": 529758, + "zoom.recording.type": 2, + "zoom.recording.uuid": "dj12vck6sdTn6yy7qdy3dQg==" + }, + { + "@timestamp": "2020-08-04T15:28:19.727Z", + "event.action": "recording.deleted", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "info", + "deletion" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 5715, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "uLobbbbbbbbbb_qQsQ" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "zoom.account_id": "lAAAAAAAAAAAAA", + "zoom.recording.duration": 1, + "zoom.recording.host_id": "uLobbbbbbbbbb_qQsQ", + "zoom.recording.id": 150000008, + "zoom.recording.recording_count": 4, + "zoom.recording.share_url": "https://zoom.us/recording/share/aaaaaannnnnldglrkgmrmhh", + "zoom.recording.start_time": "2019-07-11T20:00:00Z", + "zoom.recording.timezone": "America/Los_Angeles", + "zoom.recording.topic": "A test meeting", + "zoom.recording.total_size": 529758, + "zoom.recording.type": 2, + "zoom.recording.uuid": "dj12vck6sdTn6yy7qdy3dQg==" + }, + { + "@timestamp": "2020-08-04T15:28:19.727Z", + "event.action": "recording.recovered", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "info", + "change" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 7643, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "uLobbbbbbbbbb_qQsQ" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "zoom.account_id": "lAAAAAAAAAAAAA", + "zoom.recording.duration": 1, + "zoom.recording.host_id": "uLobbbbbbbbbb_qQsQ", + "zoom.recording.id": 150000008, + "zoom.recording.recording_count": 4, + "zoom.recording.share_url": "https://zoom.us/recording/share/aaaaaannnnnldglrkgmrmhh", + "zoom.recording.start_time": "2019-07-11T20:00:00Z", + "zoom.recording.timezone": "America/Los_Angeles", + "zoom.recording.topic": "A test meeting", + "zoom.recording.total_size": 529758, + "zoom.recording.type": 2, + "zoom.recording.uuid": "dj12vck6sdTn6yy7qdy3dQg==" + }, + { + "@timestamp": "2020-08-04T15:28:19.727Z", + "event.action": "recording.transcript_completed", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "info", + "end" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 9573, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "uLobbbbbbbbbb_qQsQ" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "zoom.account_id": "lAAAAAAAAAAAAA", + "zoom.recording.duration": 1, + "zoom.recording.host_id": "uLobbbbbbbbbb_qQsQ", + "zoom.recording.id": 150000008, + "zoom.recording.recording_count": 4, + "zoom.recording.share_url": "https://zoom.us/recording/share/aaaaaannnnnldglrkgmrmhh", + "zoom.recording.start_time": "2019-07-11T20:00:00Z", + "zoom.recording.timezone": "America/Los_Angeles", + "zoom.recording.topic": "A test meeting", + "zoom.recording.total_size": 529758, + "zoom.recording.type": 2, + "zoom.recording.uuid": "dj12vck6sdTn6yy7qdy3dQg==" + }, + { + "@timestamp": "2020-08-04T15:28:19.727Z", + "event.action": "recording.registration_created", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "info", + "creation" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 10346, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "uLobbbbbbbbbb_qQsQ" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "zoom.account_id": "lAAAAAAAAAAAAA", + "zoom.recording.duration": 120, + "zoom.recording.host_id": "uLobbbbbbbbbb_qQsQ", + "zoom.recording.id": 150000008, + "zoom.recording.start_time": "2019-07-11T20:00:00Z", + "zoom.recording.timezone": "America/Los_Angeles", + "zoom.recording.topic": "A test meeting", + "zoom.recording.type": 2, + "zoom.recording.uuid": "dj12vck6sdTn6yy7qdy3dQg==", + "zoom.registrant.email": "coolemail@email.com", + "zoom.registrant.first_name": "Cool", + "zoom.registrant.id": "U0BBBBBBBBBBfrUz1Q", + "zoom.registrant.last_name": "Person" + }, + { + "@timestamp": "2020-08-04T15:28:19.727Z", + "event.action": "recording.registration_approved", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "info", + "allowed" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 10753, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "uLobbbbbbbbbb_qQsQ" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "zoom.account_id": "lAAAAAAAAAAAAA", + "zoom.recording.duration": 120, + "zoom.recording.host_id": "uLobbbbbbbbbb_qQsQ", + "zoom.recording.id": 150000008, + "zoom.recording.start_time": "2019-07-11T20:00:00Z", + "zoom.recording.timezone": "America/Los_Angeles", + "zoom.recording.topic": "A test meeting", + "zoom.recording.type": 2, + "zoom.recording.uuid": "dj12vck6sdTn6yy7qdy3dQg==", + "zoom.registrant.email": "coolemail@email.com", + "zoom.registrant.first_name": "Cool", + "zoom.registrant.id": "U0BBBBBBBBBBfrUz1Q", + "zoom.registrant.last_name": "Person" + }, + { + "@timestamp": "2020-08-04T15:28:19.727Z", + "event.action": "recording.registration_denied", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "info", + "denied" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 11161, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "uLobbbbbbbbbb_qQsQ" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "zoom.account_id": "lAAAAAAAAAAAAA", + "zoom.recording.duration": 120, + "zoom.recording.host_id": "uLobbbbbbbbbb_qQsQ", + "zoom.recording.id": 150000008, + "zoom.recording.start_time": "2019-07-11T20:00:00Z", + "zoom.recording.timezone": "America/Los_Angeles", + "zoom.recording.topic": "A test meeting", + "zoom.recording.type": 2, + "zoom.recording.uuid": "dj12vck6sdTn6yy7qdy3dQg==", + "zoom.registrant.email": "coolemail@email.com", + "zoom.registrant.first_name": "Cool", + "zoom.registrant.id": "U0BBBBBBBBBBfrUz1Q", + "zoom.registrant.last_name": "Person" + } +] \ No newline at end of file diff --git a/x-pack/filebeat/module/zoom/webhook/test/user.ndjson.log b/x-pack/filebeat/module/zoom/webhook/test/user.ndjson.log new file mode 100644 index 00000000000..26aaee344d4 --- /dev/null +++ b/x-pack/filebeat/module/zoom/webhook/test/user.ndjson.log @@ -0,0 +1,13 @@ +{"event":"user.created","payload":{"account_id":"AAAAAA","operator":"anawesomeuser@email.com","creation_type":"create","object":{"id":"abcD3ojfdbjfg","first_name":"Henry","last_name":"Phan","email":"henrysemail@email.com","type":"3"}}} +{"event":"user.invitation_accepted","payload":{"account_id":"EPjyjVYxHMA","object":{"id":"sbyjt3ODg","first_name":"Maria","last_name":"CoolPerson","email":"maria@maria.developer.dfgfdgf","type":1}}} +{"event":"user.updated","payload":{"account_id":"lAA_EBBBBBBB","operator":"shrija2016+dev_ma@gmail.com","operator_id":"uLobbbbbbbb_qQsQ","object":{"id":"uLobbbbbbbb_qQsQ","company":"Zoom"},"old_object":{"id":"uLobbbbbbbb_qQsQ","company":"NotZoom"},"time_stamp":1563559854861}} +{"event":"user.settings_updated","payload":{"account_id":"CAl6ByEyAq8KK_CCCCCC","operator":"iamtheoperator@gmail.com","operator_id":"uLoRgfbbTayCX6r2Q_qQsQ","object":{"id":"uL34AAbbbbAAAAAAQsQ","settings":{"in_meeting":{"private_chat":false}}},"old_object":{"id":"uL34AAbbbbAAAAAAQsQ","settings":{"in_meeting":{"private_chat":true}}},"time_stamp":1563572826929}} +{"event":"user.settings_updated","payload":{"account_id":"EPbbbbb@@@@@2sfdfdA","operator":"somememail@randommailer28.com","operator_id":"fdhjfdhsj536274gfd","object":{"id":"fdhjfdhsj536274gfd","settings":{"meeting_authentication":false}},"old_object":{"id":"fdhjfdhsj536274gfd","settings":{"meeting_authentication":true}},"time_stamp":1593451939427}} +{"event":"user.deactivated","payload":{"account_id":"AAAAAABBBB","operator":"anawesomeuser@email.com","operator_id":"z8yCxjabcdEFGHfp8uQ","object":{"id":"abcD3ojfdbjfg","first_name":"Henry","last_name":"Phan","email":"henrysemail@email.com","type":1}}} +{"event":"user.activated","payload":{"account_id":"AAAAAABBBB","operator":"anawesomeuser@email.com","operator_id":"z8yCxjabcdEFGHfp8uQ","object":{"id":"abcD3ojfdbjfg","first_name":"Henry","last_name":"Phan","email":"henrysemail@email.com","type":3}}} +{"event":"user.disassociated","payload":{"account_id":"AAAAAABBBB","operator":"anawesomeuser@email.com","operator_id":"z8yCxjabcdEFGHfp8uQ","object":{"id":"abcD3ojfdbjfg","first_name":"Henry","last_name":"Phan","email":"henrysemail@email.com","type":3}}} +{"event":"user.deleted","payload":{"account_id":"AAAAAABBBB","operator":"anawesomeuser@email.com","operator_id":"z8yCxjabcdEFGHfp8uQ","object":{"id":"abcD3ojfdbjfg","first_name":"Henry","last_name":"Phan","email":"henrysemail@email.com","type":"3"}}} +{"event":"user.presence_status_updated","payload":{"account_id":"EPjfyjxHMA","object":{"date_time":"2019-11-26T20:13:57Z","email":"sfdhfghfgh@dkjdfd.com","id":"z8ycx1223fq","presence_status":"Available"}}} +{"event":"user.personal_notes_updated","payload":{"account_id":"EPfhhdrYxHMA","object":{"date_time":"2019-11-26T21:29:08Z","email":"sdfsgdfg@fjghg.ghm","id":"z8aggp8uq","personal_notes":"Out of Office until February 31"},"old_object":{"personal_notes":"this is the old note"}}} +{"event":"user.signed_in","payload":{"account_id":"dsjfosdfpdosgifdjg","object":{"id":"djkglfdgkjdflghfdpe","client_type":"android","date_time":"2019-09-10T14:36:10Z","version":"4.5.3308.0902","email":"awesomeuser@awesomemeail.ghkgf"}}} +{"event":"user.signed_out","payload":{"account_id":"dsjfosdfpdosgifdjg","object":{"id":"djkglfdgkjdflghfdpe","client_type":"android","date_time":"2019-09-10T14:36:10Z","version":"4.5.3308.0902","email":"awesomeuser@awesomemeail.ghkgf"}}} diff --git a/x-pack/filebeat/module/zoom/webhook/test/webinar.ndjson.log b/x-pack/filebeat/module/zoom/webhook/test/webinar.ndjson.log new file mode 100644 index 00000000000..eb10c3d33d4 --- /dev/null +++ b/x-pack/filebeat/module/zoom/webhook/test/webinar.ndjson.log @@ -0,0 +1,14 @@ +{"event":"webinar.created","payload":{"account_id":"o8KK_AAACq6BBEyA70CA","operator":"someemail@email.com","operator_id":"uLoRgfbbTayCX6r2Q_qQsQ","object":{"uuid":"czLF6FFFoQOKgAB99DlDb9g==","id":111111111,"host_id":"uLoRgfbbTayCX6r2Q_qQsQ","topic":"My Meeting","type":5,"start_time":"2019-07-09T17:00:00Z","duration":60,"timezone":"America/Los_Angeles"}}} +{"event":"webinar.updated","payload":{"account_id":"AAAAAAAAAAA","operator":"someemail@email.com","operator_id":"BBBBBBBBBB","object":{"id":155184668,"type":5,"start_time":"2019-07-11T20:00:00Z","duration":120,"join_url":"https://zoom.us/j/00000000","settings":{"host_video":"false"}},"old_object":{"id":155184668,"type":9,"join_url":"https://zoom.us/j/00000000","occurrences":[{"occurrence_id":"1562875200000","start_time":"2019-07-11T20:00:00Z","duration":120,"status":"available"},{"occurrence_id":"1563480000000","start_time":"2019-07-18T20:00:00Z","duration":120,"status":"available"},{"occurrence_id":"1564084800000","start_time":"2019-07-25T20:00:00Z","duration":120,"status":"available"},{"occurrence_id":"1564689600000","start_time":"2019-08-01T20:00:00Z","duration":120,"status":"available"},{"occurrence_id":"1565294400000","start_time":"2019-08-08T20:00:00Z","duration":120,"status":"available"},{"occurrence_id":"1565899200000","start_time":"2019-08-15T20:00:00Z","duration":120,"status":"available"},{"occurrence_id":"1566504000000","start_time":"2019-08-22T20:00:00Z","duration":120,"status":"available"}],"settings":{"participant_video":true,"join_before_host":true,"use_pmi":false}}}} +{"event":"webinar.deleted","payload":{"account_id":"o8KK_AAACq6BBEyA70CA","operator":"someemail@email.com","operator_id":"uLoRgfbbTayCX6r2Q_qQsQ","object":{"uuid":"czLF6FFFoQOKgAB99DlDb9g==","id":111111111,"host_id":"uLoRgfbbTayCX6r2Q_qQsQ","topic":"My Meeting","type":5,"start_time":"2019-07-09T17:00:00Z","duration":60,"timezone":"America/Los_Angeles"}}} +{"event":"webinar.started","payload":{"account_id":"o8KK_AAACq6BBEyA70CA","operator":"someemail@email.com","object":{"uuid":"czLF6FFFoQOKgAB99DlDb9g==","id":111111111,"host_id":"uLoRgfbbTayCX6r2Q_qQsQ","topic":"My Meeting","type":5,"start_time":"2019-07-09T17:00:00Z","duration":0,"timezone":"America/Los_Angeles"}}} +{"event":"webinar.ended","payload":{"account_id":"o8KK_AAACq6BBEyA70CA","operator":"someemail@email.com","object":{"uuid":"czLF6FFFoQOKgAB99DlDb9g==","id":111111111,"host_id":"uLoRgfbbTayCX6r2Q_qQsQ","topic":"My Meeting","type":5,"start_time":"2019-07-09T17:00:00Z","duration":0,"timezone":"America/Los_Angeles"}}} +{"event":"webinar.alert","payload":{"object":{"duration":60,"start_time":"2019-07-16T17:14:39Z","timezone":"America/Los_Angeles","topic":"My Webinar","id":"6962400003","type":2,"uuid":"4118UHIiRCAAAtBlDkcVyw==","host_id":"z8yCxTTTTSiw02QgCAp8uQ","issues":"Unstable audio quality"}},"account_id":"EPeQtiABC000VYxHMA"} +{"event":"webinar.sharing_started","payload":{"object":{"duration":60,"start_time":"2019-07-16T17:14:39Z","timezone":"America/Los_Angeles","topic":"My Meeting","id":"6962400003","type":5,"uuid":"4118UHIiRCAAAtBlDkcVyw==","host_id":"z8yCxTTTTSiw02QgCAp8uQ","participant":{"id":"s0AAAASoSE1V8KIFOCYw","user_id":"16778000","user_name":"Arya Arya","sharing_details":{"link_source":"in_meeting","file_link":"","source":"dropbox","date_time":"2019-07-16T17:19:11Z","content":"application"}}},"account_id":"EPeQtiABC000VYxHMA"}} +{"event":"webinar.sharing_started","payload":{"object":{"duration":60,"start_time":"2019-07-16T17:14:39Z","timezone":"America/Los_Angeles","topic":"My Meeting","id":"6962400003","type":5,"uuid":"4118UHIiRCAAAtBlDkcVyw==","host_id":"z8yCxTTTTSiw02QgCAp8uQ","participant":{"id":"s0AAAASoSE1V8KIFOCYw","user_id":"16778000","user_name":"Arya Arya","sharing_details":{"link_source":"in_meeting","file_link":"","source":"dropbox","date_time":"2019-07-16T17:19:11Z","content":"application"}}},"account_id":"EPeQtiABC000VYxHMA"}} +{"event":"webinar.registration_created","payload":{"account_id":"lAAAAAAAAAAAAA","object":{"uuid":"dj12vck6sdTn6yy7qdy3dQg==","id":150000008,"host_id":"uLobbbbbbbbbb_qQsQ","topic":"A test meeting","type":2,"start_time":"2019-07-11T20:00:00Z","duration":120,"timezone":"America/Los_Angeles","registrant":{"id":"U0BBBBBBBBBBfrUz1Q","first_name":"Cool","last_name":"Person","email":"coolemail@email.com","address":"","city":"","country":"","zip":"","state":"","phone":"","industry":"","org":"","job_title":"","purchasing_time_frame":"","role_in_purchase_process":"","no_of_employees":"","comments":"","custom_questions":[],"status":"approved","join_url":"https://zoom.us/w/someendpointhere"}}}} +{"event":"webinar.registration_approved","payload":{"account_id":"lAAAAAAAAAAAAA","operator":"somemail@email.com","operator_id":"Lobbbbbbbbbb_qQsQ","object":{"uuid":"dj12vck6sdTn6yy7qdy3dQg==","id":150000008,"host_id":"uLobbbbbbbbbb_qQsQ","topic":"A test meeting","type":2,"start_time":"2019-07-11T20:00:00Z","duration":120,"timezone":"America/Los_Angeles","registrant":{"id":"U0BBBBBBBBBBfrUz1Q","first_name":"Cool","last_name":"Person","email":"coolemail@email.com"}}}} +{"event":"webinar.registration_denied","payload":{"account_id":"lAAAAAAAAAAAAA","operator":"coolemail@email.com","object":{"uuid":"dj12vck6sdTn6yy7qdy3dQg==","id":150000008,"host_id":"uLobbbbbbbbbb_qQsQ","topic":"A test meeting","type":5,"start_time":"2019-07-11T20:00:00Z","duration":120,"timezone":"America/Los_Angeles","registrant":{"id":"U0BBBBBBBBBBfrUz1Q","first_name":"Cool","last_name":"Person","email":"coolemail@email.com"}}}} +{"event":"webinar.registration_cancelled","payload":{"account_id":"lAAAAAAAAAAAAA","operator":"coolemail@email.com","object":{"uuid":"dj12vck6sdTn6yy7qdy3dQg==","id":150000008,"host_id":"uLobbbbbbbbbb_qQsQ","topic":"A test meeting","type":5,"start_time":"2019-07-11T20:00:00Z","duration":120,"timezone":"America/Los_Angeles","registrant":{"id":"U0BBBBBBBBBBfrUz1Q","first_name":"Cool","last_name":"Person","email":"coolemail@email.com"}}}} +{"event":"webinar.participant_joined","payload":{"account_id":"o8KK_AAACq6BBEyA70CA","operator":"someemail@email.com","object":{"uuid":"czLF6FFFoQOKgAB99DlDb9g==","id":"111111111","host_id":"uLoRgfbbTayCX6r2Q_qQsQ","topic":"My Meeting","type":2,"start_time":"2019-07-09T17:00:00Z","duration":60,"timezone":"America/Los_Angeles","participant":{"user_id":"16782040","user_name":"shree","id":"iFxeBPYun6SAiWUzBcEkX","join_time":"2019-07-16T17:13:13Z"}}}} +{"event":"webinar.participant_left","payload":{"account_id":"o8KK_AAACq6BBEyA70CA","operator":"someemail@email.com","object":{"uuid":"czLF6FFFoQOKgAB99DlDb9g==","id":"111111111","host_id":"uLoRgfbbTayCX6r2Q_qQsQ","topic":"My Meeting","type":2,"start_time":"2019-07-09T17:00:00Z","duration":60,"timezone":"America/Los_Angeles","participant":{"user_id":"16782040","user_name":"shree","id":"iFxeBPYun6SAiWUzBcEkX","leave_time":"2019-07-16T17:13:13Z"}}}} diff --git a/x-pack/filebeat/module/zoom/webhook/test/webinar.ndjson.log-expected.json b/x-pack/filebeat/module/zoom/webhook/test/webinar.ndjson.log-expected.json new file mode 100644 index 00000000000..7c49dbdde9f --- /dev/null +++ b/x-pack/filebeat/module/zoom/webhook/test/webinar.ndjson.log-expected.json @@ -0,0 +1,625 @@ +[ + { + "@timestamp": "2020-08-04T15:28:15.360Z", + "event.action": "webinar.created", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "info", + "creation" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 0, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "", + "uLoRgfbbTayCX6r2Q_qQsQ" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "zoom.account_id": "o8KK_AAACq6BBEyA70CA", + "zoom.operator": "someemail@email.com", + "zoom.operator_id": "uLoRgfbbTayCX6r2Q_qQsQ", + "zoom.webinar.duration": 60, + "zoom.webinar.host_id": "uLoRgfbbTayCX6r2Q_qQsQ", + "zoom.webinar.id": 111111111, + "zoom.webinar.start_time": "2019-07-09T17:00:00Z", + "zoom.webinar.timezone": "America/Los_Angeles", + "zoom.webinar.topic": "My Meeting", + "zoom.webinar.type": 5, + "zoom.webinar.uuid": "czLF6FFFoQOKgAB99DlDb9g==" + }, + { + "@timestamp": "2020-08-04T15:28:15.360Z", + "event.action": "webinar.updated", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "info", + "change" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 357, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "zoom.account_id": "AAAAAAAAAAA", + "zoom.old_values.id": 155184668, + "zoom.old_values.join_url": "https://zoom.us/j/00000000", + "zoom.old_values.occurrences": [ + { + "duration": 120, + "occurrence_id": "1562875200000", + "start_time": "2019-07-11T20:00:00Z", + "status": "available" + }, + { + "duration": 120, + "occurrence_id": "1563480000000", + "start_time": "2019-07-18T20:00:00Z", + "status": "available" + }, + { + "duration": 120, + "occurrence_id": "1564084800000", + "start_time": "2019-07-25T20:00:00Z", + "status": "available" + }, + { + "duration": 120, + "occurrence_id": "1564689600000", + "start_time": "2019-08-01T20:00:00Z", + "status": "available" + }, + { + "duration": 120, + "occurrence_id": "1565294400000", + "start_time": "2019-08-08T20:00:00Z", + "status": "available" + }, + { + "duration": 120, + "occurrence_id": "1565899200000", + "start_time": "2019-08-15T20:00:00Z", + "status": "available" + }, + { + "duration": 120, + "occurrence_id": "1566504000000", + "start_time": "2019-08-22T20:00:00Z", + "status": "available" + } + ], + "zoom.old_values.settings.join_before_host": true, + "zoom.old_values.settings.participant_video": true, + "zoom.old_values.settings.use_pmi": false, + "zoom.old_values.type": 9, + "zoom.operator": "someemail@email.com", + "zoom.operator_id": "BBBBBBBBBB", + "zoom.settings.host_video": "false", + "zoom.webinar.duration": 120, + "zoom.webinar.id": 155184668, + "zoom.webinar.join_url": "https://zoom.us/j/00000000", + "zoom.webinar.start_time": "2019-07-11T20:00:00Z", + "zoom.webinar.type": 5 + }, + { + "@timestamp": "2020-08-04T15:28:15.360Z", + "event.action": "webinar.deleted", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "info", + "deletion" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 1559, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "", + "uLoRgfbbTayCX6r2Q_qQsQ" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "zoom.account_id": "o8KK_AAACq6BBEyA70CA", + "zoom.operator": "someemail@email.com", + "zoom.operator_id": "uLoRgfbbTayCX6r2Q_qQsQ", + "zoom.webinar.duration": 60, + "zoom.webinar.host_id": "uLoRgfbbTayCX6r2Q_qQsQ", + "zoom.webinar.id": 111111111, + "zoom.webinar.start_time": "2019-07-09T17:00:00Z", + "zoom.webinar.timezone": "America/Los_Angeles", + "zoom.webinar.topic": "My Meeting", + "zoom.webinar.type": 5, + "zoom.webinar.uuid": "czLF6FFFoQOKgAB99DlDb9g==" + }, + { + "@timestamp": "2020-08-04T15:28:15.361Z", + "event.action": "webinar.started", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "info", + "start" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 1916, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "uLoRgfbbTayCX6r2Q_qQsQ" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "zoom.account_id": "o8KK_AAACq6BBEyA70CA", + "zoom.operator": "someemail@email.com", + "zoom.webinar.duration": 0, + "zoom.webinar.host_id": "uLoRgfbbTayCX6r2Q_qQsQ", + "zoom.webinar.id": 111111111, + "zoom.webinar.start_time": "2019-07-09T17:00:00Z", + "zoom.webinar.timezone": "America/Los_Angeles", + "zoom.webinar.topic": "My Meeting", + "zoom.webinar.type": 5, + "zoom.webinar.uuid": "czLF6FFFoQOKgAB99DlDb9g==" + }, + { + "@timestamp": "2020-08-04T15:28:15.361Z", + "event.action": "webinar.ended", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "info", + "end" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 2233, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "uLoRgfbbTayCX6r2Q_qQsQ" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "zoom.account_id": "o8KK_AAACq6BBEyA70CA", + "zoom.operator": "someemail@email.com", + "zoom.webinar.duration": 0, + "zoom.webinar.host_id": "uLoRgfbbTayCX6r2Q_qQsQ", + "zoom.webinar.id": 111111111, + "zoom.webinar.start_time": "2019-07-09T17:00:00Z", + "zoom.webinar.timezone": "America/Los_Angeles", + "zoom.webinar.topic": "My Meeting", + "zoom.webinar.type": 5, + "zoom.webinar.uuid": "czLF6FFFoQOKgAB99DlDb9g==" + }, + { + "@timestamp": "2020-08-04T15:28:15.361Z", + "event.action": "webinar.alert", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "error" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 2548, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "z8yCxTTTTSiw02QgCAp8uQ" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "zoom.webinar.duration": 60, + "zoom.webinar.host_id": "z8yCxTTTTSiw02QgCAp8uQ", + "zoom.webinar.id": "6962400003", + "zoom.webinar.issues": "Unstable audio quality", + "zoom.webinar.start_time": "2019-07-16T17:14:39Z", + "zoom.webinar.timezone": "America/Los_Angeles", + "zoom.webinar.topic": "My Webinar", + "zoom.webinar.type": 2, + "zoom.webinar.uuid": "4118UHIiRCAAAtBlDkcVyw==" + }, + { + "@timestamp": "2020-08-04T15:28:15.361Z", + "event.action": "webinar.sharing_started", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "info", + "start" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 2865, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "z8yCxTTTTSiw02QgCAp8uQ" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "zoom.account_id": "EPeQtiABC000VYxHMA", + "zoom.participant.id": "s0AAAASoSE1V8KIFOCYw", + "zoom.participant.sharing_details.content": "application", + "zoom.participant.sharing_details.date_time": "2019-07-16T17:19:11Z", + "zoom.participant.sharing_details.file_link": "", + "zoom.participant.sharing_details.link_source": "in_meeting", + "zoom.participant.sharing_details.source": "dropbox", + "zoom.participant.user_id": "16778000", + "zoom.participant.user_name": "Arya Arya", + "zoom.webinar.duration": 60, + "zoom.webinar.host_id": "z8yCxTTTTSiw02QgCAp8uQ", + "zoom.webinar.id": "6962400003", + "zoom.webinar.start_time": "2019-07-16T17:14:39Z", + "zoom.webinar.timezone": "America/Los_Angeles", + "zoom.webinar.topic": "My Meeting", + "zoom.webinar.type": 5, + "zoom.webinar.uuid": "4118UHIiRCAAAtBlDkcVyw==" + }, + { + "@timestamp": "2020-08-04T15:28:15.361Z", + "event.action": "webinar.sharing_started", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "info", + "start" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 3387, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "z8yCxTTTTSiw02QgCAp8uQ" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "zoom.account_id": "EPeQtiABC000VYxHMA", + "zoom.participant.id": "s0AAAASoSE1V8KIFOCYw", + "zoom.participant.sharing_details.content": "application", + "zoom.participant.sharing_details.date_time": "2019-07-16T17:19:11Z", + "zoom.participant.sharing_details.file_link": "", + "zoom.participant.sharing_details.link_source": "in_meeting", + "zoom.participant.sharing_details.source": "dropbox", + "zoom.participant.user_id": "16778000", + "zoom.participant.user_name": "Arya Arya", + "zoom.webinar.duration": 60, + "zoom.webinar.host_id": "z8yCxTTTTSiw02QgCAp8uQ", + "zoom.webinar.id": "6962400003", + "zoom.webinar.start_time": "2019-07-16T17:14:39Z", + "zoom.webinar.timezone": "America/Los_Angeles", + "zoom.webinar.topic": "My Meeting", + "zoom.webinar.type": 5, + "zoom.webinar.uuid": "4118UHIiRCAAAtBlDkcVyw==" + }, + { + "@timestamp": "2020-08-04T15:28:15.361Z", + "event.action": "webinar.registration_created", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "info", + "creation" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 3909, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "uLobbbbbbbbbb_qQsQ" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "zoom.account_id": "lAAAAAAAAAAAAA", + "zoom.registrant.address": "", + "zoom.registrant.city": "", + "zoom.registrant.comments": "", + "zoom.registrant.country": "", + "zoom.registrant.email": "coolemail@email.com", + "zoom.registrant.first_name": "Cool", + "zoom.registrant.id": "U0BBBBBBBBBBfrUz1Q", + "zoom.registrant.industry": "", + "zoom.registrant.job_title": "", + "zoom.registrant.join_url": "https://zoom.us/w/someendpointhere", + "zoom.registrant.last_name": "Person", + "zoom.registrant.no_of_employees": "", + "zoom.registrant.org": "", + "zoom.registrant.phone": "", + "zoom.registrant.purchasing_time_frame": "", + "zoom.registrant.role_in_purchase_process": "", + "zoom.registrant.state": "", + "zoom.registrant.status": "approved", + "zoom.registrant.zip": "", + "zoom.webinar.duration": 120, + "zoom.webinar.host_id": "uLobbbbbbbbbb_qQsQ", + "zoom.webinar.id": 150000008, + "zoom.webinar.start_time": "2019-07-11T20:00:00Z", + "zoom.webinar.timezone": "America/Los_Angeles", + "zoom.webinar.topic": "A test meeting", + "zoom.webinar.type": 2, + "zoom.webinar.uuid": "dj12vck6sdTn6yy7qdy3dQg==" + }, + { + "@timestamp": "2020-08-04T15:28:15.361Z", + "event.action": "webinar.registration_approved", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "info", + "allowed", + "change" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 4601, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "", + "uLobbbbbbbbbb_qQsQ" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "zoom.account_id": "lAAAAAAAAAAAAA", + "zoom.operator": "somemail@email.com", + "zoom.operator_id": "Lobbbbbbbbbb_qQsQ", + "zoom.registrant.email": "coolemail@email.com", + "zoom.registrant.first_name": "Cool", + "zoom.registrant.id": "U0BBBBBBBBBBfrUz1Q", + "zoom.registrant.last_name": "Person", + "zoom.webinar.duration": 120, + "zoom.webinar.host_id": "uLobbbbbbbbbb_qQsQ", + "zoom.webinar.id": 150000008, + "zoom.webinar.start_time": "2019-07-11T20:00:00Z", + "zoom.webinar.timezone": "America/Los_Angeles", + "zoom.webinar.topic": "A test meeting", + "zoom.webinar.type": 2, + "zoom.webinar.uuid": "dj12vck6sdTn6yy7qdy3dQg==" + }, + { + "@timestamp": "2020-08-04T15:28:15.361Z", + "event.action": "webinar.registration_denied", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "info", + "denied", + "change" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 5073, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "uLobbbbbbbbbb_qQsQ" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "zoom.account_id": "lAAAAAAAAAAAAA", + "zoom.operator": "coolemail@email.com", + "zoom.registrant.email": "coolemail@email.com", + "zoom.registrant.first_name": "Cool", + "zoom.registrant.id": "U0BBBBBBBBBBfrUz1Q", + "zoom.registrant.last_name": "Person", + "zoom.webinar.duration": 120, + "zoom.webinar.host_id": "uLobbbbbbbbbb_qQsQ", + "zoom.webinar.id": 150000008, + "zoom.webinar.start_time": "2019-07-11T20:00:00Z", + "zoom.webinar.timezone": "America/Los_Angeles", + "zoom.webinar.topic": "A test meeting", + "zoom.webinar.type": 5, + "zoom.webinar.uuid": "dj12vck6sdTn6yy7qdy3dQg==" + }, + { + "@timestamp": "2020-08-04T15:28:15.361Z", + "event.action": "webinar.registration_cancelled", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "info", + "change" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 5510, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "uLobbbbbbbbbb_qQsQ" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "zoom.account_id": "lAAAAAAAAAAAAA", + "zoom.operator": "coolemail@email.com", + "zoom.registrant.email": "coolemail@email.com", + "zoom.registrant.first_name": "Cool", + "zoom.registrant.id": "U0BBBBBBBBBBfrUz1Q", + "zoom.registrant.last_name": "Person", + "zoom.webinar.duration": 120, + "zoom.webinar.host_id": "uLobbbbbbbbbb_qQsQ", + "zoom.webinar.id": 150000008, + "zoom.webinar.start_time": "2019-07-11T20:00:00Z", + "zoom.webinar.timezone": "America/Los_Angeles", + "zoom.webinar.topic": "A test meeting", + "zoom.webinar.type": 5, + "zoom.webinar.uuid": "dj12vck6sdTn6yy7qdy3dQg==" + }, + { + "@timestamp": "2020-08-04T15:28:15.361Z", + "event.action": "webinar.participant_joined", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "info" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 5950, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "uLoRgfbbTayCX6r2Q_qQsQ" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "zoom.account_id": "o8KK_AAACq6BBEyA70CA", + "zoom.operator": "someemail@email.com", + "zoom.participant.id": "iFxeBPYun6SAiWUzBcEkX", + "zoom.participant.join_time": "2019-07-16T17:13:13Z", + "zoom.participant.user_id": "16782040", + "zoom.participant.user_name": "shree", + "zoom.webinar.duration": 60, + "zoom.webinar.host_id": "uLoRgfbbTayCX6r2Q_qQsQ", + "zoom.webinar.id": "111111111", + "zoom.webinar.start_time": "2019-07-09T17:00:00Z", + "zoom.webinar.timezone": "America/Los_Angeles", + "zoom.webinar.topic": "My Meeting", + "zoom.webinar.type": 2, + "zoom.webinar.uuid": "czLF6FFFoQOKgAB99DlDb9g==" + }, + { + "@timestamp": "2020-08-04T15:28:15.361Z", + "event.action": "webinar.participant_left", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "info" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 6402, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "uLoRgfbbTayCX6r2Q_qQsQ" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "zoom.account_id": "o8KK_AAACq6BBEyA70CA", + "zoom.operator": "someemail@email.com", + "zoom.participant.id": "iFxeBPYun6SAiWUzBcEkX", + "zoom.participant.leave_time": "2019-07-16T17:13:13Z", + "zoom.participant.user_id": "16782040", + "zoom.participant.user_name": "shree", + "zoom.webinar.duration": 60, + "zoom.webinar.host_id": "uLoRgfbbTayCX6r2Q_qQsQ", + "zoom.webinar.id": "111111111", + "zoom.webinar.start_time": "2019-07-09T17:00:00Z", + "zoom.webinar.timezone": "America/Los_Angeles", + "zoom.webinar.topic": "My Meeting", + "zoom.webinar.type": 2, + "zoom.webinar.uuid": "czLF6FFFoQOKgAB99DlDb9g==" + } +] \ No newline at end of file diff --git a/x-pack/filebeat/module/zoom/webhook/test/zoomroom.ndjson.log b/x-pack/filebeat/module/zoom/webhook/test/zoomroom.ndjson.log new file mode 100644 index 00000000000..03fda8d1b28 --- /dev/null +++ b/x-pack/filebeat/module/zoom/webhook/test/zoomroom.ndjson.log @@ -0,0 +1,4 @@ +{"event":"zoomroom.alert","payload":{"account_id":"EPAbcdefyZslakjflP","object":{"room_name":"MyFabulousZoomRoom","issue":"Room Controller disconnected","id":"EbY5jzz2R5KVPn6ZY9wh0A","calendar_name":"myemailforcalendarintegration@somedomain.com","email":"myemailforzoomroom@somedomain.com","alert_type":1,"component":2,"alert_kind":1}}} +{"event":"zoomroom.delayed_alert","payload":{"account_id":"EPAbcdefyZslakjflP","object":{"room_name":"MyFabulousZoomRoom","issue":"Room Controller disconnected","id":"EbY5jzz2R5KVPn6ZY9wh0A","calendar_name":"myemailforcalendarintegration@somedomain.com","email":"myemailforzoomroom@somedomain.com","alert_type":1,"component":2,"alert_kind":1}}} +{"event":"zoomroom.checked_in","payload":{"account_id":"vhdnmf673q2543rfhgsca","object":{"id":"365743fgshfh63","room_name":"Sharks Room","calendar_id":"mytestemailaddress123444@zoom.us","calendar_name":"zoom.us_abcd783r894v4nigh8@group.calendar.google.com","email":"jdfhdsk@dgjfh.sfgjgdf","event_id":"AbbbbbGYxLTc3OTVkMzFmZDc0MwBGAAAAAAD48FI58voYSqDgJePOSZblBwBQ/N0JvB/FRqv5UT2rFfkVAAAAAAENAABQ/N0JvB/FRqv5UT2rFfkVAAE2YC8DAAA=","change_key":"DwAAABYAAABQ/N0JvB/FRqv5UT2rFfkVAAE2XqVw","resource_email":"public.test@testmail123gdgds.com"}}} +{"event":"zoomroom.checked_in","payload":{"account_id":"vhdnmf673q2543rfhgsca","object":{"id":"365743fgshfh63","room_name":"Sharks Room","calendar_id":"mytestemailaddress123444@zoom.us","calendar_name":"zoom.us_abcd783r894v4nigh8@group.calendar.google.com","email":"jdfhdsk@dgjfh.sfgjgdf","event_id":"AbbbbbGYxLTc3OTVkMzFmZDc0MwBGAAAAAAD48FI58voYSqDgJePOSZblBwBQ/N0JvB/FRqv5UT2rFfkVAAAAAAENAABQ/N0JvB/FRqv5UT2rFfkVAAE2YC8DAAA=","change_key":"DwAAABYAAABQ/N0JvB/FRqv5UT2rFfkVAAE2XqVw","resource_email":"public.test@testmail123gdgds.com"}}} diff --git a/x-pack/filebeat/module/zoom/webhook/test/zoomroom.ndjson.log-expected.json b/x-pack/filebeat/module/zoom/webhook/test/zoomroom.ndjson.log-expected.json new file mode 100644 index 00000000000..f33ef646f94 --- /dev/null +++ b/x-pack/filebeat/module/zoom/webhook/test/zoomroom.ndjson.log-expected.json @@ -0,0 +1,126 @@ +[ + { + "@timestamp": "2020-08-04T15:28:08.945Z", + "event.action": "zoomroom.alert", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 0, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "zoom.account_id": "EPAbcdefyZslakjflP", + "zoom.zoomroom.alert_kind": 1, + "zoom.zoomroom.alert_type": 1, + "zoom.zoomroom.calendar_name": "myemailforcalendarintegration@somedomain.com", + "zoom.zoomroom.component": 2, + "zoom.zoomroom.email": "myemailforzoomroom@somedomain.com", + "zoom.zoomroom.id": "EbY5jzz2R5KVPn6ZY9wh0A", + "zoom.zoomroom.issue": "Room Controller disconnected", + "zoom.zoomroom.room_name": "MyFabulousZoomRoom" + }, + { + "@timestamp": "2020-08-04T15:28:08.945Z", + "event.action": "zoomroom.delayed_alert", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 337, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "zoom.account_id": "EPAbcdefyZslakjflP", + "zoom.zoomroom.alert_kind": 1, + "zoom.zoomroom.alert_type": 1, + "zoom.zoomroom.calendar_name": "myemailforcalendarintegration@somedomain.com", + "zoom.zoomroom.component": 2, + "zoom.zoomroom.email": "myemailforzoomroom@somedomain.com", + "zoom.zoomroom.id": "EbY5jzz2R5KVPn6ZY9wh0A", + "zoom.zoomroom.issue": "Room Controller disconnected", + "zoom.zoomroom.room_name": "MyFabulousZoomRoom" + }, + { + "@timestamp": "2020-08-04T15:28:08.946Z", + "event.action": "zoomroom.checked_in", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "info", + "start" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 682, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "zoom.account_id": "vhdnmf673q2543rfhgsca", + "zoom.zoomroom.calendar_id": "mytestemailaddress123444@zoom.us", + "zoom.zoomroom.calendar_name": "zoom.us_abcd783r894v4nigh8@group.calendar.google.com", + "zoom.zoomroom.change_key": "DwAAABYAAABQ/N0JvB/FRqv5UT2rFfkVAAE2XqVw", + "zoom.zoomroom.email": "jdfhdsk@dgjfh.sfgjgdf", + "zoom.zoomroom.event_id": "AbbbbbGYxLTc3OTVkMzFmZDc0MwBGAAAAAAD48FI58voYSqDgJePOSZblBwBQ/N0JvB/FRqv5UT2rFfkVAAAAAAENAABQ/N0JvB/FRqv5UT2rFfkVAAE2YC8DAAA=", + "zoom.zoomroom.id": "365743fgshfh63", + "zoom.zoomroom.resource_email": "public.test@testmail123gdgds.com", + "zoom.zoomroom.room_name": "Sharks Room" + }, + { + "@timestamp": "2020-08-04T15:28:08.946Z", + "event.action": "zoomroom.checked_in", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "info", + "start" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 1221, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "zoom.account_id": "vhdnmf673q2543rfhgsca", + "zoom.zoomroom.calendar_id": "mytestemailaddress123444@zoom.us", + "zoom.zoomroom.calendar_name": "zoom.us_abcd783r894v4nigh8@group.calendar.google.com", + "zoom.zoomroom.change_key": "DwAAABYAAABQ/N0JvB/FRqv5UT2rFfkVAAE2XqVw", + "zoom.zoomroom.email": "jdfhdsk@dgjfh.sfgjgdf", + "zoom.zoomroom.event_id": "AbbbbbGYxLTc3OTVkMzFmZDc0MwBGAAAAAAD48FI58voYSqDgJePOSZblBwBQ/N0JvB/FRqv5UT2rFfkVAAAAAAENAABQ/N0JvB/FRqv5UT2rFfkVAAE2YC8DAAA=", + "zoom.zoomroom.id": "365743fgshfh63", + "zoom.zoomroom.resource_email": "public.test@testmail123gdgds.com", + "zoom.zoomroom.room_name": "Sharks Room" + } +] \ No newline at end of file From bcea6a492873287f0e80ea10849fd840446b2a85 Mon Sep 17 00:00:00 2001 From: P1llus Date: Tue, 4 Aug 2020 20:01:33 +0200 Subject: [PATCH 05/16] still need to fix fields comments and go through it before review, but nosetests are now passing --- x-pack/filebeat/module/zoom/fields.go | 2 +- .../module/zoom/webhook/_meta/fields.yml | 38 +- .../test/account.ndjson.log-expected.json | 6 +- .../chat_channel.ndjson.log-expected.json | 4 +- .../chat_message.ndjson.log-expected.json | 6 +- .../test/meeting.ndjson.log-expected.json | 28 +- .../test/phone.ndjson.log-expected.json | 379 ++++++++++++++ .../test/recording.ndjson.log-expected.json | 24 +- .../test/user.ndjson.log-expected.json | 463 ++++++++++++++++++ .../test/webinar.ndjson.log-expected.json | 28 +- .../test/zoomroom.ndjson.log-expected.json | 8 +- 11 files changed, 932 insertions(+), 54 deletions(-) create mode 100644 x-pack/filebeat/module/zoom/webhook/test/phone.ndjson.log-expected.json create mode 100644 x-pack/filebeat/module/zoom/webhook/test/user.ndjson.log-expected.json diff --git a/x-pack/filebeat/module/zoom/fields.go b/x-pack/filebeat/module/zoom/fields.go index 219709f8cd5..e463734edc1 100644 --- a/x-pack/filebeat/module/zoom/fields.go +++ b/x-pack/filebeat/module/zoom/fields.go @@ -19,5 +19,5 @@ func init() { // AssetZoom returns asset data. // This is the base64 encoded gzipped contents of module/zoom. func AssetZoom() string { - return "eJzUnEtv3DgSx+/5FDzuAjvO3YcFDDvAejEZBHGMBfYisKWSxDFFaknKnvanX/ChtlpvdRc7aR+CWG3/66fiq1gs+jfyAvtb8i5l9YkQwwyHW/Jf/10GOlWsNkyKW/LPT4QQ8iQrcB+TSmYNh0+E5Ax4pm/dx/brNyJoBQfJ9svsa7glhZJN3XmqgAPVcEt2YGjneQY5bbhJnPgtySnXcPTxgKz9+uq4SC4VqanSTBSe9+7bI/kP7EopX/RN5zf6+N1XqKg2oBKaprIRJmHZ0U+17/QC+zep+p/NIDpMJ03uvLT1AzWQESMJJbqGlOUsJU/Nrv2JUT7d7KLAfQ80S/ZlDYoaqVCNP2tQjw/ElNQQo1hRgLKOKYHAKyyA4FJY7c9fKsp4t30sSaNBbSOM2UxB2zpNLmAYVoE2tKpHKTJqYBvCj1av76F5hOQnM6QKqJVLrE28BrkPsmQg2+sGN/JNQJRhI3P36q0nQkcFQlMH9kY1qUHlUlWQESlmIcF2fTzCuZF0GqD34i+P2Y59+xSP8w9aQRRMyhnVeJx3Vi4KqG7qWipsvz551dZaVHLkrttH/5vry39HeYW0pCZJSyoE8Btcj997VTJQHbWNOWm2lh8flu1OLhVMGCigH3ustDy5UhzbjrBsk7cSBAkWXB9wqyJknyuZsZxB9jkDDgayZT5LkFjIX4yvAq1pAah95qvXnO0zrV3cPvNjX4Nd4IP6PwgwU4IitWKv1ED7nEh1cFt4tEwarwVbqvNaMN4IwOHToLUNKDF72pPXfHxwu1k7YbfN2pvQV7dyKoWhKfq640MmmmUK9PhSr0Fkdit+Em2EMBmP0bcIKmNYG4aYm6nirdMno4394FlUPz6s2yYc3/BVAIaJAnUhsIY/dlzBwqz1PyUTSaMQR96/JRPk+fvvWyiaBtsLz8/b/FBKjTuqHcTRBjiYItbULIuRNUsxowNv98dAdmA4Umzg7YeVbJZAG6oM+qLf9b6zsEBh7b9LgTkjBEU7rWeHtXNNx8wa5RI4oyxc9n57xQKeSpHp4w5JNdkBCLf5eh2fMA+zldYNjG/Ft8M8WrHDTMlyQgWhHJQhTHfSmFKs9lZNtR5pnTNa7ltQHK4u0zR1KQXcKCYKJooEv0+X8JE19REjJdaasT3MBo32ox1nuvzgTSnnMN62HjeVQkBqILsWYCr0G6iL0LY8jtXbnZhCgi8p5wmI7FJYILJlHtSYVbD/Nd1Yw1qYAUCexR6CnLVOyatk6XD7MPQAqEQ01W6wjp0TfzpZ4mX7U8QWLtyoOFCNBMWbfTV9HrG92QKX/fUzuOzOKOI5RQ1KS3EyH8Tm81a28QUy+MuA0PiHTOcDdhv45jIN/FaytCRMMMM85/IsFvjcN+hTyTerSv7wM0nXlWqZ6KNhsam+tMrtHLeRLGIovZEkg1eWAnLPf3CifkZzof1uvwEK4vdyVxHAtAdaChEALjT2tlJdeMTNhsme6CeNuBVkFxpxK0guP+LGoRSkUmXYubZuZUPQX7COm+XqZrjWEqBnuY5Ht5Wf2CevRkROfrmkVz8D10NcjYYXCbe5sbWm0Te5D9TA1t4TYWYJe9phauxgdfhuQ7CIu8st/tElVYCbTLcOcrIuoz5wzuJYMpQnmr2jdVsrSKzgwDeECbLbm15ucMh0+F8yLOI8HeyuctUl3RFFcsZhcPS3aaacPpPcTnh8ILk8YY7y2egMdRGbOXucLlV0FDlTGrvOydIQJzyau1iDxWkcKqt7MhTy2bYDgsmawAUY/K3/aEJnDUrMsH48JWfNLvG4eUnt8YDuvSBJZTZwU92BnQZLZVVTgYjkmu1+RPXYHxVDNun3f5QfQrGJkiVnvtGQTCHspORA+yv+UsieW2Hy7euj3XyCoLup3ad/fZbiruZ2DW/bXUm7PpGapaZR4wGOg3ilgpl9jELdkbpsPWwgdXxnpj+ZxNtsplLkrGhUJyicH72ciqJBreP4PSgSDcY6Q68kccHDCyCO13/ZQOEF9pZkJYSSHDlS77SIFV/JkUE9HuVhcGRQU2WgArHWLbUCDSJ19z1Mg1hUft8oZTFaA8QbsMNsgSgMuUTIfvh83jrYDmWne3DP83xrRSu6dAEBl0UBGWHis2xGId5gxwRFDnIPh5WtD4KVWYKIlVFbMCIkjbaYv0TGKPx/DU7M7NAq+6jBc5sFCuqzFVItAXom6MkKuizMJkdEzzKvoYic+FmDQAsQGcVzw53T20IQseZpy0wxUxl21lVSr9vGzd7aKMi7lJWNViNl+d2V7clo+GDc/hMxWl9JkVJuu1GEwhIn6zMhJyKh1qW3QJvbyaUmUFm+WMXtIGlJRQG424V7p+k2DBt7L2jZqBSwr2N8D7ohbTVxL2Nt013gdu1KFDc5RZrzDoWx25BcAS3yoevBdCjPnbwi+NGrZVVL0c/+IUGMi0944oUJxEF+597fam7rMQoKpo2iwuAuTyKXqvJBC93JxgyqLLxhUHrN+UKHEnt7/P0gTUakRwCQR3k8T8U4CYlHG+GAJB5sWCeuATVlBnEBj8iJfboRD/WdjV+t/cUw7XR2FaPJnTVdAygTWaOvpJNK1U8y/JKYf8pd4v6U2jXA1o1KS6qZKFyiK8nVlaxXSnJImEjCC0BSK5leyQImZCLzBKqayz1gJnJirmVVBcJcBSv+cQIya02VYSmrsbcoXw8n/f0T57U0sWvSP0y1l07dc11SZcGni1gGkBEKj7qZNhxS1xMjXEwcIFpD4WLN1ibnQF9xzyGnIDnk5iTE4PQkA0MZ1zeciZfEZ7kwB48pZWbbv23jN2ZKkilZ7+Rf/l7+yBHIGt5UCoOan2lPs4Kwn4LeqPYFrBO3PGYAc8YhsV5FRCzBlYUSK3s24PxZ+cmHYP6Cb3dcz/3NgjlA7N54cF9I5h47cBRP8ix5pXzqZCjn1BgQsBHEwMSf0GgLddCN/T8AAP//kuX+7w==" + return "eJzUnF9v2zgSwN/7Kfh4B9y273k4IEgKXA7bRdE2d8C9CLQ4srihSB1J2et8+gX/yLH1X/YwW+ehaOx45qfhcGY4JP0LeYHDHXlVqvpAiOVWwB35X/iNgck1ry1X8o788wMhhHxXFfi3SaVYI+ADIQUHwcydf9v9/EIkreAosv2xhxruyFarpj55VYMAauCObMDSk9cZFLQRNvPC70hBhYGzt3tk7c8Xz0UKpUlNteFyG3jvvz6R/8KmVOrFfDz5RBf/9BEqaizojOa5aqTNODv7q/aZXuCwV7r73gSix/SiyX0Q7exALTBiFaHE1JDzgufke7Np/2KQzzSbJHDfIs2cflWDplZpVOXPBvTTI7EltcRqvt2CdoYpgcAOZkBwKZzsT58rysXp+DiSxoBeR5hymKJsZzQ1g2F5BcbSqh6kYNTCOoQfrbyuhaYRsr+YIddAnbjM6cQbkIcolvTEdtzgo9pLSDJtVOEfvbVEdFQgNPdge2pIDbpQugJGlJyEBOf6eIRTM+kywGDFnx6znfvuVTzO32gFSTCp4NTgcd47cUlATVPXSmPb9XuQ2mpLSo7sul30v3lf/jvKI+QltVleUilBfMS1+EOQSnpSB3VjBs1W89PjvN7RVMGlhS10a4+FmkczxbnuBGmb7EuQJGrwPuCzIrBPlWK84MA+MRBggc3zOYLMQf5kfBUYQ7eA6jNfgsxJn2n14vrMj0MNLsFH6f8gwG0JmtSa76iF9nWi9NFs8aV50nQj2FJdN4LpZgAOnwFjXEGJ6Wnfg8ynR7+adQG7HdZOQF88yrmSluboeSeUTJQxDWY41RuQzC3FL6JNUCbjMYYRQWWMuaGPuZoqXZ6+GG3oD6+i+vGm3Q3h8IKvArBcblETgVP8tuKKGia1/664zBqNOPP+rbgkz99+XUPRNNhWeH5eZ4dSGdxZ7SHOFsBRFXGqJlmsqnmOWR0EvT96YnuKE9UGQX/MZJMExlJt0ZP+qfW9hhkKp/9VScyIECW6sM6OuXOJY7JG+wbOIItQnU8vSOC5ksycOyQ1ZAMg/eJrNxwwj9HKmAaGl+LrYZ6csGOk5AWhklAB2hJuTtqYSi62Vk2NGRidK0bua5TYzy7jNHWpJG6F/yz5/xsf21vf8Tp8Xa3kDrTpO8k5jasnUpQtHZ697ISJcwqm9lIoynBTzmOU6tNOC7RTPO8Xlec4msstl9sMP+yU8NbYDkU9JU6bdVZydb17ayO4Kd9cKqdCwPD0C7i5khJyC+xWgKk0e9DvQtvyeNagdyTKR1tSITKQ7L2wQLJ5njQhI9YfTsPU1MRNNI9RnNNOF01G7006k0216ZUa1ywRvFgSxHaj+Bou3IVLpBpYt6y21fiW0fphi1zu41dwpUo20ZNr0EbJi/kgNV/QcgUf/GFBGvzdQFRMnaymOB/mfcnzknDJLQ+c87Es8vlf0APKV1/p/BbiyakppwqfSPQ2sNhUn1vJbaRbSZZwzbOShMGO54Ds+Y9eaIhrfg22OayAgvRe7o9ucBOA5goFSFfPX0WVYj/5OjO9cwiYrN6jiZBZhiiuSD1zJcVloSC2gsIiccACg2P3FwXL+TF8r2C5gOT9g+UUFPaW3SO1QKhkflV1jATeicZPUmnIlWbYrfXTg0xR/ox23Kb2aUN7KQF6U/s8RzjxI22xxYjIvW7f4+423DuIi9HwVlVt/FuqGr1h4ifSSu9JEORif6TfCT9q7T9bHyxhp2KNfUxJNeA2Mp2BvNizTubyuWSpyAx/RXNbJ5A4gT3bEC7J5mA7WwF9puP/sv6Z7cvB7it/mOx0RpGCC+jt9K+KlONHENYTnp8/mA+Yg3yuxsfdRhg/ajCeTz1FwbXBPtboaIgXPNgHW4IlaBoqJ/diKOSjLB4IRo8Az8DgN5AGm4NLUFKuxYbbu07tHI+PS/qAB/QQBJJcsZ6ZZhdAHixXVU0lIpIftocBqef2qDiyyrBop+JYio2cUPTqGwPZGMJGKQG0m/HnSvbCCSZfvzwRbghIuhlrGYTH5zluNnc5vB13rVx+IjXPbaOHCxwPsaOS20PCPsrpNQzTHyB9fkWuG0zSrXtzJQu+bfRJUTg9ewWV2wb12NavUSIxYJ0xzEISXzy8AOJ8/ZcrFF7g4EgWQmglkCv1kxFxwhdyMKiHqzwMDgY11RYqkEvNUmswIHN/vcs2iHdIHhqtHUargAQFbprNEMUpl0nVLZ+vy4PtVPZyj+Z5nh6tZGesfUEg1HYLjHD5STUT6U5wkDZRyzEIP2tjTY/PDrQZW1xeRPKfIPDY2VsBtIcNlxR5DdA7ShS1TBIkPCe6BiNBT22N+vdoqMX/L8FJ2TxbpD/JjI3SJ8+LtgTojbLvTuBZu3mRIZLvByyhSNwXW4JAtyAZxTPDvZe3hiDhCdA1kWLinOxVF+uD3HZZEbQNgrwqVbliPtEmiP8Ci9HFwlG5+yfhYmYhRU6Fc6MEZ7i82NAouhAJ9ZZOC7R6nHznBpXls5O4HiQvqdwC7mrqwcv066mV3gtGNToH7Mtp36Lc2NUbuaW2dOje4bsGFqL44JQo5h2vCaxD8tcJkJcWR9XxssLohek3r1ZVrWS3OYoEMSx8xBIvXCJO8nv//E7mOo/RsOXGaiotbnqShdJVKFroRjW2d3IoKAZtlmy/nFBidw++HUWTAdEDAMizPJ2lUmwUpaNNsH+UDjbmiVtAzblFTOAJObE3f9KhvvLhLxr4yTBdOLuJ2eS34m4BlEvWmBtxUqW7TYafEvN3tcn8F0veAmzd6Lykhsutb3Rlhb6RfKWVgIzLLD4AZLVW+Y0kMKkyVWRQ1UIdALORkzKXVRVIexOs+NsJyKw11ZbnvMZeonw5HoTobsgvpUl98eNNVXsF379uSqod+PgZnx5kgnNZp502HFLviQnuAPcQnaJ4e23tkAugO9xt2jFIAYW9CDEaPWNgKRfmo+DyJQtdLszJY0vF3Pi3Y7zntiRMq3qj/gjfUjKwBbKEN1fSovZnjvvPQXAIQXtqwvnekZtLE4AFF5A5qyIiluBPzRIn9mrA6aMEF2+Chbv0p/N66htcpgCxvfFovtjMPTfgIJ4SLNtRMbYzVAhqLUhYCWJh5AuF2nNM6Mr+DAAA//9J6VZr" } diff --git a/x-pack/filebeat/module/zoom/webhook/_meta/fields.yml b/x-pack/filebeat/module/zoom/webhook/_meta/fields.yml index 65785a2dedf..db3b1d20d8c 100644 --- a/x-pack/filebeat/module/zoom/webhook/_meta/fields.yml +++ b/x-pack/filebeat/module/zoom/webhook/_meta/fields.yml @@ -169,6 +169,18 @@ type: keyword description: > Password related to the meeting + - name: phone.id + type: keyword + description: > + Unique ID for the phone or conversation + - name: phone.user_id + type: keyword + description: > + UserID for the phone owner + - name: phone.download_url + type: keyword + description: > + Download URL for the voicemail - name: phone.ringing_start_time type: date description: > @@ -213,7 +225,7 @@ type: keyword description: > UserID of the callee related to the voicemail - - name: callee_extension_type + - name: phone.callee_extension_type type: keyword description: > UserID of the callee related to the voicemail @@ -245,10 +257,22 @@ type: keyword description: > UserID of the person that is called + - name: phone.callee_name + type: keyword + description: > + Name of the person that is called - name: phone.callee.phone_number type: keyword description: > Phone Number of the callee + - name: phone.callee_number + type: keyword + description: > + Number of the callee related to the voicemail + - name: phone.callee_number_type + type: keyword + description: > + Type of phone number - name: phone.callee.extension_number type: keyword description: > @@ -261,6 +285,10 @@ type: keyword description: > Device type used by the callee + - name: phone.date_time + type: date + description: > + Date and time of the phone event - name: recording.id type: keyword description: > @@ -389,6 +417,14 @@ type: date description: > Time when user logged in/ou + - name: user.client_type + type: keyword + description: > + Type of client used by the user + - name: user.version + type: keyword + description: > + Version of the client used by the user - name: webinar.id type: keyword description: > diff --git a/x-pack/filebeat/module/zoom/webhook/test/account.ndjson.log-expected.json b/x-pack/filebeat/module/zoom/webhook/test/account.ndjson.log-expected.json index 4d751f142db..27751fc4344 100644 --- a/x-pack/filebeat/module/zoom/webhook/test/account.ndjson.log-expected.json +++ b/x-pack/filebeat/module/zoom/webhook/test/account.ndjson.log-expected.json @@ -1,6 +1,6 @@ [ { - "@timestamp": "2020-08-04T15:28:13.299Z", + "@timestamp": "2020-08-04T18:00:45.401Z", "event.action": "account.created", "event.category": [ "iam" @@ -37,7 +37,7 @@ "zoom.sub_account_id": "aIxE1yiRR8WghhUIO6eu9L" }, { - "@timestamp": "2020-08-04T15:28:13.300Z", + "@timestamp": "2020-08-04T18:00:45.401Z", "event.action": "account.updated", "event.category": [ "iam" @@ -77,7 +77,7 @@ "zoom.time_stamp": 1562000584527 }, { - "@timestamp": "2020-08-04T15:28:13.300Z", + "@timestamp": "2020-08-04T18:00:45.401Z", "event.action": "account.disassociated", "event.category": [ "iam" diff --git a/x-pack/filebeat/module/zoom/webhook/test/chat_channel.ndjson.log-expected.json b/x-pack/filebeat/module/zoom/webhook/test/chat_channel.ndjson.log-expected.json index 05bfc663365..ffd891b3560 100644 --- a/x-pack/filebeat/module/zoom/webhook/test/chat_channel.ndjson.log-expected.json +++ b/x-pack/filebeat/module/zoom/webhook/test/chat_channel.ndjson.log-expected.json @@ -1,6 +1,6 @@ [ { - "@timestamp": "2020-08-04T15:28:17.746Z", + "@timestamp": "2020-08-04T18:00:49.928Z", "event.action": "chat_channel.created", "event.dataset": "zoom.webhook", "event.kind": [ @@ -36,7 +36,7 @@ "zoom.operator_id": "z8dfgdfguQrdfgdf" }, { - "@timestamp": "2020-08-04T15:28:17.746Z", + "@timestamp": "2020-08-04T18:00:49.928Z", "event.action": "chat_channel.member_invited", "event.dataset": "zoom.webhook", "event.kind": [ diff --git a/x-pack/filebeat/module/zoom/webhook/test/chat_message.ndjson.log-expected.json b/x-pack/filebeat/module/zoom/webhook/test/chat_message.ndjson.log-expected.json index a9dac48d644..13c7e152204 100644 --- a/x-pack/filebeat/module/zoom/webhook/test/chat_message.ndjson.log-expected.json +++ b/x-pack/filebeat/module/zoom/webhook/test/chat_message.ndjson.log-expected.json @@ -1,6 +1,6 @@ [ { - "@timestamp": "2020-08-04T15:28:00.912Z", + "@timestamp": "2020-08-04T18:00:32.577Z", "event.action": "chat_message.sent", "event.dataset": "zoom.webhook", "event.kind": [ @@ -38,7 +38,7 @@ "zoom.operator_id": "zfdgdfgdfgfp8uQ" }, { - "@timestamp": "2020-08-04T15:28:00.912Z", + "@timestamp": "2020-08-04T18:00:32.577Z", "event.action": "chat_message.updated", "event.dataset": "zoom.webhook", "event.kind": [ @@ -76,7 +76,7 @@ "zoom.operator_id": "zfdgdfgdfgfp8uQ" }, { - "@timestamp": "2020-08-04T15:28:00.912Z", + "@timestamp": "2020-08-04T18:00:32.577Z", "event.action": "chat_message.updated", "event.dataset": "zoom.webhook", "event.kind": [ diff --git a/x-pack/filebeat/module/zoom/webhook/test/meeting.ndjson.log-expected.json b/x-pack/filebeat/module/zoom/webhook/test/meeting.ndjson.log-expected.json index ca7de5569bd..78b117b0da7 100644 --- a/x-pack/filebeat/module/zoom/webhook/test/meeting.ndjson.log-expected.json +++ b/x-pack/filebeat/module/zoom/webhook/test/meeting.ndjson.log-expected.json @@ -1,6 +1,6 @@ [ { - "@timestamp": "2020-08-04T15:28:24.665Z", + "@timestamp": "2020-08-04T18:00:56.903Z", "event.action": "meeting.created", "event.dataset": "zoom.webhook", "event.kind": [ @@ -39,7 +39,7 @@ "zoom.operator_id": "uLoRgfbbTayCX6r2Q_qQsQ" }, { - "@timestamp": "2020-08-04T15:28:24.665Z", + "@timestamp": "2020-08-04T18:00:56.903Z", "event.action": "meeting.updated", "event.dataset": "zoom.webhook", "event.kind": [ @@ -132,7 +132,7 @@ "zoom.time_stamp": 1562791953209 }, { - "@timestamp": "2020-08-04T15:28:24.665Z", + "@timestamp": "2020-08-04T18:00:56.903Z", "event.action": "meeting.deleted", "event.dataset": "zoom.webhook", "event.kind": [ @@ -171,7 +171,7 @@ "zoom.operator_id": "BBBBBBBBBB" }, { - "@timestamp": "2020-08-04T15:28:24.665Z", + "@timestamp": "2020-08-04T18:00:56.903Z", "event.action": "meeting.started", "event.dataset": "zoom.webhook", "event.kind": [ @@ -207,7 +207,7 @@ "zoom.meeting.uuid": "czLF6FFFoQOKgAB99DlDb9g==" }, { - "@timestamp": "2020-08-04T15:28:24.665Z", + "@timestamp": "2020-08-04T18:00:56.903Z", "event.action": "meeting.ended", "event.dataset": "zoom.webhook", "event.kind": [ @@ -243,7 +243,7 @@ "zoom.meeting.uuid": "czLF6FFFoQOKgAB99DlDb9g==" }, { - "@timestamp": "2020-08-04T15:28:24.665Z", + "@timestamp": "2020-08-04T18:00:56.903Z", "event.action": "meeting.registration_created", "event.dataset": "zoom.webhook", "event.kind": [ @@ -298,7 +298,7 @@ "zoom.registrant.zip": "" }, { - "@timestamp": "2020-08-04T15:28:24.665Z", + "@timestamp": "2020-08-04T18:00:56.903Z", "event.action": "meeting.registration_approved", "event.dataset": "zoom.webhook", "event.kind": [ @@ -341,7 +341,7 @@ "zoom.registrant.last_name": "Person" }, { - "@timestamp": "2020-08-04T15:28:24.665Z", + "@timestamp": "2020-08-04T18:00:56.903Z", "event.action": "meeting.registration_cancelled", "event.dataset": "zoom.webhook", "event.kind": [ @@ -381,7 +381,7 @@ "zoom.registrant.last_name": "Person" }, { - "@timestamp": "2020-08-04T15:28:24.665Z", + "@timestamp": "2020-08-04T18:00:56.903Z", "event.action": "meeting.sharing_started", "event.dataset": "zoom.webhook", "event.kind": [ @@ -425,7 +425,7 @@ "zoom.participant.user_name": "Arya Arya" }, { - "@timestamp": "2020-08-04T15:28:24.665Z", + "@timestamp": "2020-08-04T18:00:56.904Z", "event.action": "meeting.sharing_ended", "event.dataset": "zoom.webhook", "event.kind": [ @@ -469,7 +469,7 @@ "zoom.participant.user_name": "Arya Arya" }, { - "@timestamp": "2020-08-04T15:28:24.665Z", + "@timestamp": "2020-08-04T18:00:56.904Z", "event.action": "meeting.participant_jbh_waiting", "event.dataset": "zoom.webhook", "event.kind": [ @@ -504,7 +504,7 @@ "zoom.participant.user_name": "Shrijana Shrijana" }, { - "@timestamp": "2020-08-04T15:28:24.665Z", + "@timestamp": "2020-08-04T18:00:56.904Z", "event.action": "meeting.participant_jbh_joined", "event.dataset": "zoom.webhook", "event.kind": [ @@ -539,7 +539,7 @@ "zoom.participant.user_name": "Tom Harry" }, { - "@timestamp": "2020-08-04T15:28:24.665Z", + "@timestamp": "2020-08-04T18:00:56.904Z", "event.action": "meeting.participant_joined", "event.dataset": "zoom.webhook", "event.kind": [ @@ -578,7 +578,7 @@ "zoom.participant.user_name": "shree" }, { - "@timestamp": "2020-08-04T15:28:24.666Z", + "@timestamp": "2020-08-04T18:00:56.904Z", "event.action": "meeting.participant_left", "event.dataset": "zoom.webhook", "event.kind": [ diff --git a/x-pack/filebeat/module/zoom/webhook/test/phone.ndjson.log-expected.json b/x-pack/filebeat/module/zoom/webhook/test/phone.ndjson.log-expected.json new file mode 100644 index 00000000000..0273ef10927 --- /dev/null +++ b/x-pack/filebeat/module/zoom/webhook/test/phone.ndjson.log-expected.json @@ -0,0 +1,379 @@ +[ + { + "@timestamp": "2020-08-04T18:00:43.055Z", + "event.action": "phone.caller_ringing", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "info", + "creation" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 0, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "cadsd32wA" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "zoom.account_id": "EPeQ33fdf34YxHMA", + "zoom.phone.call_id": "ddd5540", + "zoom.phone.callee.extension_number": 10800, + "zoom.phone.callee.phone_number": "10800", + "zoom.phone.caller.device_type": "Android_Phone(5.1.2)", + "zoom.phone.caller.extension_number": 10803, + "zoom.phone.caller.phone_number": "10803", + "zoom.phone.caller.timezone": "America/Los_Angeles", + "zoom.phone.caller.user_id": "cadsd32wA", + "zoom.phone.ringing_start_time": "2020-07-22T01:41:55Z" + }, + { + "@timestamp": "2020-08-04T18:00:43.055Z", + "event.action": "phone.caller_connected", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "info", + "start" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 362, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "cajhdsf3wA" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "zoom.account_id": "EPeQdfg34VYxHMA", + "zoom.phone.call_id": "684445540", + "zoom.phone.callee.extension_number": 10800, + "zoom.phone.callee.phone_number": "10800", + "zoom.phone.caller.device_type": "Android_Phone", + "zoom.phone.caller.extension_number": 10803, + "zoom.phone.caller.phone_number": "10803", + "zoom.phone.caller.timezone": "America/Los_Angeles", + "zoom.phone.caller.user_id": "cajhdsf3wA", + "zoom.phone.connected_start_time": "2020-07-22T01:42:04Z", + "zoom.phone.ringing_start_time": "2020-07-22T01:41:55Z" + }, + { + "@timestamp": "2020-08-04T18:00:43.055Z", + "event.action": "phone.caller_ringing", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "info", + "creation" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 767, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "z8yCxjgjsuyd58uQ" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "zoom.account_id": "cbvxnYyO30GVYxHMA", + "zoom.phone.call_id": "68sdsasdda7", + "zoom.phone.callee.phone_number": "16654444444444446", + "zoom.phone.caller.device_type": "MAC_Client(5.1.2856436)", + "zoom.phone.caller.extension_number": 10800, + "zoom.phone.caller.phone_number": "+1200000001", + "zoom.phone.caller.timezone": "America/Los_Angeles", + "zoom.phone.caller.user_id": "z8yCxjgjsuyd58uQ", + "zoom.phone.ringing_start_time": "2020-07-22T01:38:40Z" + }, + { + "@timestamp": "2020-08-04T18:00:43.055Z", + "event.action": "phone.callee_answered", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "info", + "start" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 1137, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "z8yCDSSQWSSWuQ" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "zoom.account_id": "EPsjdhgffgHMA", + "zoom.phone.answer_start_time": "2020-07-22T01:42:04Z", + "zoom.phone.call_id": "685dfvhzsza5540", + "zoom.phone.callee.device_type": "MAC_Client", + "zoom.phone.callee.extension_number": 10800, + "zoom.phone.callee.phone_number": "10800", + "zoom.phone.callee.timezone": "America/Los_Angeles", + "zoom.phone.callee.user_id": "z8yCDSSQWSSWuQ", + "zoom.phone.caller.extension_number": 10803, + "zoom.phone.caller.phone_number": "10803", + "zoom.phone.ringing_start_time": "2020-07-22T01:41:56Z" + }, + { + "@timestamp": "2020-08-04T18:00:43.055Z", + "event.action": "phone.callee_missed", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "info", + "end" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 1543, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "z66jfgjdg2QgCfp8uQ" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "zoom.account_id": "EPeQjuh6768MA", + "zoom.phone.call_end_time": "2020-07-22T21:09:24Z", + "zoom.phone.call_id": "6dfdg07-22T21:09:17Z", + "zoom.phone.callee.extension_number": "10800", + "zoom.phone.callee.timezone": "America/Los_Angeles", + "zoom.phone.callee.user_id": "z66jfgjdg2QgCfp8uQ", + "zoom.phone.caller.phone_number": "+1000000" + }, + { + "@timestamp": "2020-08-04T18:00:43.055Z", + "event.action": "phone.callee_ended", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "info", + "end" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 1838, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "z66jfgjdg2QgCfp8uQ" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "zoom.account_id": "EPeQjuh6768MA", + "zoom.phone.answer_start_time": "2020-07-22T21:09:20Z", + "zoom.phone.call_end_time": "2020-07-22T21:09:24Z", + "zoom.phone.call_id": "6dfdg07-22T21:09:17Z", + "zoom.phone.callee.extension_number": "10800", + "zoom.phone.callee.timezone": "America/Los_Angeles", + "zoom.phone.callee.user_id": "z66jfgjdg2QgCfp8uQ", + "zoom.phone.caller.phone_number": "+1000000" + }, + { + "@timestamp": "2020-08-04T18:00:43.055Z", + "event.action": "phone.caller_ended", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "info", + "end" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 2175, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "z66jfgjdg2QgCfp8uQ" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "zoom.account_id": "EPeQjuh6768MA", + "zoom.phone.answer_start_time": "2020-07-22T21:09:20Z", + "zoom.phone.call_end_time": "2020-07-22T21:09:24Z", + "zoom.phone.call_id": "6dfdg07-22T21:09:17Z", + "zoom.phone.callee.extension_number": "10800", + "zoom.phone.callee.timezone": "America/Los_Angeles", + "zoom.phone.callee.user_id": "z66jfgjdg2QgCfp8uQ", + "zoom.phone.caller.phone_number": "+1000000" + }, + { + "@timestamp": "2020-08-04T18:00:43.055Z", + "event.action": "phone.callee_rejected", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "info" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 2512, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "sfcg43FOCYw" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "zoom.account_id": "MKDRWo34535wow", + "zoom.phone.call_end_time": "2020-07-22T21:06:39Z", + "zoom.phone.call_id": "6dfhggtrh93", + "zoom.phone.callee.extension_number": "9001", + "zoom.phone.callee.timezone": "America/Los_Angeles", + "zoom.phone.callee.user_id": "sfcg43FOCYw", + "zoom.phone.caller.phone_number": "+12044444444", + "zoom.phone.ringing_start_time": "2020-07-22T21:06:33Z" + }, + { + "@timestamp": "2020-08-04T18:00:43.055Z", + "event.action": "phone.voicemail_received", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "info" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 2841, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "543234" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "zoom.account_id": "test", + "zoom.phone.callee_extension_type": "2", + "zoom.phone.callee_id": "1234", + "zoom.phone.callee_name": "Testaccount2", + "zoom.phone.callee_number": "+12044444444", + "zoom.phone.callee_number_type": "2", + "zoom.phone.callee_user_id": "543234", + "zoom.phone.caller_name": "Testaccount", + "zoom.phone.caller_number": "+12044444444", + "zoom.phone.caller_number_type": "3", + "zoom.phone.date_time": "2020-07-22T21:06:39Z", + "zoom.phone.download_url": "https://testurl.com/file.mp4", + "zoom.phone.duration": "1235", + "zoom.phone.id": "235435" + }, + { + "@timestamp": "2020-08-04T18:00:43.055Z", + "event.action": "phone.caller_call_log_completed", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "info" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 3276, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "zoom.account_id": "EPebnxvbdn342MA", + "zoom.phone.user_id": "caddsfsdfv_VaHE53wA" + }, + { + "@timestamp": "2020-08-04T18:00:43.055Z", + "event.action": "phone.callee_call_log_completed", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "info" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 3677, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "zoom.account_id": "EPeQt3543hvxzc", + "zoom.phone.user_id": "z8sdfsdfds3uQ" + } +] \ No newline at end of file diff --git a/x-pack/filebeat/module/zoom/webhook/test/recording.ndjson.log-expected.json b/x-pack/filebeat/module/zoom/webhook/test/recording.ndjson.log-expected.json index 360d580c9cf..86b44f809f7 100644 --- a/x-pack/filebeat/module/zoom/webhook/test/recording.ndjson.log-expected.json +++ b/x-pack/filebeat/module/zoom/webhook/test/recording.ndjson.log-expected.json @@ -1,6 +1,6 @@ [ { - "@timestamp": "2020-08-04T15:28:19.726Z", + "@timestamp": "2020-08-04T18:00:51.900Z", "event.action": "recording.started", "event.dataset": "zoom.webhook", "event.kind": [ @@ -36,7 +36,7 @@ "zoom.recording.uuid": "dj12vck6sdTn6yy7qdy3dQg==" }, { - "@timestamp": "2020-08-04T15:28:19.727Z", + "@timestamp": "2020-08-04T18:00:51.900Z", "event.action": "recording.paused", "event.dataset": "zoom.webhook", "event.kind": [ @@ -72,7 +72,7 @@ "zoom.recording.uuid": "dj12vck6sdTn6yy7qdy3dQg==" }, { - "@timestamp": "2020-08-04T15:28:19.727Z", + "@timestamp": "2020-08-04T18:00:51.900Z", "event.action": "recording.resumed", "event.dataset": "zoom.webhook", "event.kind": [ @@ -108,7 +108,7 @@ "zoom.recording.uuid": "dj12vck6sdTn6yy7qdy3dQg==" }, { - "@timestamp": "2020-08-04T15:28:19.727Z", + "@timestamp": "2020-08-04T18:00:51.900Z", "event.action": "recording.stopped", "event.dataset": "zoom.webhook", "event.kind": [ @@ -144,7 +144,7 @@ "zoom.recording.uuid": "dj12vck6sdTn6yy7qdy3dQg==" }, { - "@timestamp": "2020-08-04T15:28:19.727Z", + "@timestamp": "2020-08-04T18:00:51.901Z", "event.action": "recording.renamed", "event.dataset": "zoom.webhook", "event.kind": [ @@ -183,7 +183,7 @@ "zoom.time_stamp": 1575500457395 }, { - "@timestamp": "2020-08-04T15:28:19.727Z", + "@timestamp": "2020-08-04T18:00:51.901Z", "event.action": "recording.trashed", "event.dataset": "zoom.webhook", "event.kind": [ @@ -222,7 +222,7 @@ "zoom.recording.uuid": "dj12vck6sdTn6yy7qdy3dQg==" }, { - "@timestamp": "2020-08-04T15:28:19.727Z", + "@timestamp": "2020-08-04T18:00:51.901Z", "event.action": "recording.deleted", "event.dataset": "zoom.webhook", "event.kind": [ @@ -261,7 +261,7 @@ "zoom.recording.uuid": "dj12vck6sdTn6yy7qdy3dQg==" }, { - "@timestamp": "2020-08-04T15:28:19.727Z", + "@timestamp": "2020-08-04T18:00:51.901Z", "event.action": "recording.recovered", "event.dataset": "zoom.webhook", "event.kind": [ @@ -300,7 +300,7 @@ "zoom.recording.uuid": "dj12vck6sdTn6yy7qdy3dQg==" }, { - "@timestamp": "2020-08-04T15:28:19.727Z", + "@timestamp": "2020-08-04T18:00:51.901Z", "event.action": "recording.transcript_completed", "event.dataset": "zoom.webhook", "event.kind": [ @@ -339,7 +339,7 @@ "zoom.recording.uuid": "dj12vck6sdTn6yy7qdy3dQg==" }, { - "@timestamp": "2020-08-04T15:28:19.727Z", + "@timestamp": "2020-08-04T18:00:51.901Z", "event.action": "recording.registration_created", "event.dataset": "zoom.webhook", "event.kind": [ @@ -379,7 +379,7 @@ "zoom.registrant.last_name": "Person" }, { - "@timestamp": "2020-08-04T15:28:19.727Z", + "@timestamp": "2020-08-04T18:00:51.901Z", "event.action": "recording.registration_approved", "event.dataset": "zoom.webhook", "event.kind": [ @@ -419,7 +419,7 @@ "zoom.registrant.last_name": "Person" }, { - "@timestamp": "2020-08-04T15:28:19.727Z", + "@timestamp": "2020-08-04T18:00:51.901Z", "event.action": "recording.registration_denied", "event.dataset": "zoom.webhook", "event.kind": [ diff --git a/x-pack/filebeat/module/zoom/webhook/test/user.ndjson.log-expected.json b/x-pack/filebeat/module/zoom/webhook/test/user.ndjson.log-expected.json new file mode 100644 index 00000000000..372d38ed39a --- /dev/null +++ b/x-pack/filebeat/module/zoom/webhook/test/user.ndjson.log-expected.json @@ -0,0 +1,463 @@ +[ + { + "@timestamp": "2020-08-04T18:00:54.153Z", + "event.action": "user.created", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "iam" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 0, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "abcD3ojfdbjfg" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "zoom.account_id": "AAAAAA", + "zoom.creation_type": "create", + "zoom.operator": "anawesomeuser@email.com", + "zoom.user.email": "henrysemail@email.com", + "zoom.user.first_name": "Henry", + "zoom.user.id": "abcD3ojfdbjfg", + "zoom.user.last_name": "Phan", + "zoom.user.type": "3" + }, + { + "@timestamp": "2020-08-04T18:00:54.153Z", + "event.action": "user.invitation_accepted", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "iam", + "creation" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 236, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "sbyjt3ODg" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "zoom.account_id": "EPjyjVYxHMA", + "zoom.user.email": "maria@maria.developer.dfgfdgf", + "zoom.user.first_name": "Maria", + "zoom.user.id": "sbyjt3ODg", + "zoom.user.last_name": "CoolPerson", + "zoom.user.type": 1 + }, + { + "@timestamp": "2020-08-04T18:00:54.153Z", + "event.action": "user.updated", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "iam", + "creation", + "change" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 435, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "", + "uLobbbbbbbb_qQsQ" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "zoom.account_id": "lAA_EBBBBBBB", + "zoom.old_values.company": "NotZoom", + "zoom.old_values.id": "uLobbbbbbbb_qQsQ", + "zoom.operator": "shrija2016+dev_ma@gmail.com", + "zoom.operator_id": "uLobbbbbbbb_qQsQ", + "zoom.time_stamp": 1563559854861, + "zoom.user.company": "Zoom", + "zoom.user.id": "uLobbbbbbbb_qQsQ" + }, + { + "@timestamp": "2020-08-04T18:00:54.153Z", + "event.action": "user.settings_updated", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "iam", + "creation", + "change" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 712, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "", + "uL34AAbbbbAAAAAAQsQ" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "zoom.account_id": "CAl6ByEyAq8KK_CCCCCC", + "zoom.old_values.id": "uL34AAbbbbAAAAAAQsQ", + "zoom.old_values.settings.in_meeting.private_chat": true, + "zoom.operator": "iamtheoperator@gmail.com", + "zoom.operator_id": "uLoRgfbbTayCX6r2Q_qQsQ", + "zoom.settings.in_meeting.private_chat": false, + "zoom.time_stamp": 1563572826929, + "zoom.user.id": "uL34AAbbbbAAAAAAQsQ" + }, + { + "@timestamp": "2020-08-04T18:00:54.153Z", + "event.action": "user.settings_updated", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "iam", + "creation", + "change" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 1075, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "", + "fdhjfdhsj536274gfd" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "zoom.account_id": "EPbbbbb@@@@@2sfdfdA", + "zoom.old_values.id": "fdhjfdhsj536274gfd", + "zoom.old_values.settings.meeting_authentication": true, + "zoom.operator": "somememail@randommailer28.com", + "zoom.operator_id": "fdhjfdhsj536274gfd", + "zoom.settings.meeting_authentication": false, + "zoom.time_stamp": 1593451939427, + "zoom.user.id": "fdhjfdhsj536274gfd" + }, + { + "@timestamp": "2020-08-04T18:00:54.153Z", + "event.action": "user.deactivated", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "iam", + "creation", + "change" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 1426, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "", + "abcD3ojfdbjfg" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "zoom.account_id": "AAAAAABBBB", + "zoom.operator": "anawesomeuser@email.com", + "zoom.operator_id": "z8yCxjabcdEFGHfp8uQ", + "zoom.user.email": "henrysemail@email.com", + "zoom.user.first_name": "Henry", + "zoom.user.id": "abcD3ojfdbjfg", + "zoom.user.last_name": "Phan", + "zoom.user.type": 1 + }, + { + "@timestamp": "2020-08-04T18:00:54.153Z", + "event.action": "user.activated", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "iam", + "creation", + "change" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 1679, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "", + "abcD3ojfdbjfg" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "zoom.account_id": "AAAAAABBBB", + "zoom.operator": "anawesomeuser@email.com", + "zoom.operator_id": "z8yCxjabcdEFGHfp8uQ", + "zoom.user.email": "henrysemail@email.com", + "zoom.user.first_name": "Henry", + "zoom.user.id": "abcD3ojfdbjfg", + "zoom.user.last_name": "Phan", + "zoom.user.type": 3 + }, + { + "@timestamp": "2020-08-04T18:00:54.153Z", + "event.action": "user.disassociated", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "iam", + "creation", + "change" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 1930, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "", + "abcD3ojfdbjfg" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "zoom.account_id": "AAAAAABBBB", + "zoom.operator": "anawesomeuser@email.com", + "zoom.operator_id": "z8yCxjabcdEFGHfp8uQ", + "zoom.user.email": "henrysemail@email.com", + "zoom.user.first_name": "Henry", + "zoom.user.id": "abcD3ojfdbjfg", + "zoom.user.last_name": "Phan", + "zoom.user.type": 3 + }, + { + "@timestamp": "2020-08-04T18:00:54.153Z", + "event.action": "user.deleted", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "iam", + "creation", + "deletion" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 2185, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "", + "abcD3ojfdbjfg" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "zoom.account_id": "AAAAAABBBB", + "zoom.operator": "anawesomeuser@email.com", + "zoom.operator_id": "z8yCxjabcdEFGHfp8uQ", + "zoom.user.email": "henrysemail@email.com", + "zoom.user.first_name": "Henry", + "zoom.user.id": "abcD3ojfdbjfg", + "zoom.user.last_name": "Phan", + "zoom.user.type": "3" + }, + { + "@timestamp": "2020-08-04T18:00:54.153Z", + "event.action": "user.presence_status_updated", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "iam", + "creation", + "change" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 2436, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "z8ycx1223fq" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "zoom.account_id": "EPjfyjxHMA", + "zoom.user.date_time": "2019-11-26T20:13:57Z", + "zoom.user.email": "sfdhfghfgh@dkjdfd.com", + "zoom.user.id": "z8ycx1223fq", + "zoom.user.presence_status": "Available" + }, + { + "@timestamp": "2020-08-04T18:00:54.153Z", + "event.action": "user.personal_notes_updated", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "iam", + "creation", + "change" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 2642, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "z8aggp8uq" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "zoom.account_id": "EPfhhdrYxHMA", + "zoom.old_values.personal_notes": "this is the old note", + "zoom.user.date_time": "2019-11-26T21:29:08Z", + "zoom.user.email": "sdfsgdfg@fjghg.ghm", + "zoom.user.id": "z8aggp8uq", + "zoom.user.personal_notes": "Out of Office until February 31" + }, + { + "@timestamp": "2020-08-04T18:00:54.153Z", + "event.action": "user.signed_in", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "iam", + "creation", + "start" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 2920, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "djkglfdgkjdflghfdpe" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "zoom.account_id": "dsjfosdfpdosgifdjg", + "zoom.user.client_type": "android", + "zoom.user.date_time": "2019-09-10T14:36:10Z", + "zoom.user.email": "awesomeuser@awesomemeail.ghkgf", + "zoom.user.id": "djkglfdgkjdflghfdpe", + "zoom.user.version": "4.5.3308.0902" + }, + { + "@timestamp": "2020-08-04T18:00:54.154Z", + "event.action": "user.signed_out", + "event.dataset": "zoom.webhook", + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "iam", + "creation", + "end" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 3157, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "djkglfdgkjdflghfdpe" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "zoom.account_id": "dsjfosdfpdosgifdjg", + "zoom.user.client_type": "android", + "zoom.user.date_time": "2019-09-10T14:36:10Z", + "zoom.user.email": "awesomeuser@awesomemeail.ghkgf", + "zoom.user.id": "djkglfdgkjdflghfdpe", + "zoom.user.version": "4.5.3308.0902" + } +] \ No newline at end of file diff --git a/x-pack/filebeat/module/zoom/webhook/test/webinar.ndjson.log-expected.json b/x-pack/filebeat/module/zoom/webhook/test/webinar.ndjson.log-expected.json index 7c49dbdde9f..23cd63d6726 100644 --- a/x-pack/filebeat/module/zoom/webhook/test/webinar.ndjson.log-expected.json +++ b/x-pack/filebeat/module/zoom/webhook/test/webinar.ndjson.log-expected.json @@ -1,6 +1,6 @@ [ { - "@timestamp": "2020-08-04T15:28:15.360Z", + "@timestamp": "2020-08-04T18:00:47.499Z", "event.action": "webinar.created", "event.dataset": "zoom.webhook", "event.kind": [ @@ -39,7 +39,7 @@ "zoom.webinar.uuid": "czLF6FFFoQOKgAB99DlDb9g==" }, { - "@timestamp": "2020-08-04T15:28:15.360Z", + "@timestamp": "2020-08-04T18:00:47.499Z", "event.action": "webinar.updated", "event.dataset": "zoom.webhook", "event.kind": [ @@ -125,7 +125,7 @@ "zoom.webinar.type": 5 }, { - "@timestamp": "2020-08-04T15:28:15.360Z", + "@timestamp": "2020-08-04T18:00:47.499Z", "event.action": "webinar.deleted", "event.dataset": "zoom.webhook", "event.kind": [ @@ -164,7 +164,7 @@ "zoom.webinar.uuid": "czLF6FFFoQOKgAB99DlDb9g==" }, { - "@timestamp": "2020-08-04T15:28:15.361Z", + "@timestamp": "2020-08-04T18:00:47.500Z", "event.action": "webinar.started", "event.dataset": "zoom.webhook", "event.kind": [ @@ -201,7 +201,7 @@ "zoom.webinar.uuid": "czLF6FFFoQOKgAB99DlDb9g==" }, { - "@timestamp": "2020-08-04T15:28:15.361Z", + "@timestamp": "2020-08-04T18:00:47.500Z", "event.action": "webinar.ended", "event.dataset": "zoom.webhook", "event.kind": [ @@ -238,7 +238,7 @@ "zoom.webinar.uuid": "czLF6FFFoQOKgAB99DlDb9g==" }, { - "@timestamp": "2020-08-04T15:28:15.361Z", + "@timestamp": "2020-08-04T18:00:47.500Z", "event.action": "webinar.alert", "event.dataset": "zoom.webhook", "event.kind": [ @@ -273,7 +273,7 @@ "zoom.webinar.uuid": "4118UHIiRCAAAtBlDkcVyw==" }, { - "@timestamp": "2020-08-04T15:28:15.361Z", + "@timestamp": "2020-08-04T18:00:47.500Z", "event.action": "webinar.sharing_started", "event.dataset": "zoom.webhook", "event.kind": [ @@ -317,7 +317,7 @@ "zoom.webinar.uuid": "4118UHIiRCAAAtBlDkcVyw==" }, { - "@timestamp": "2020-08-04T15:28:15.361Z", + "@timestamp": "2020-08-04T18:00:47.500Z", "event.action": "webinar.sharing_started", "event.dataset": "zoom.webhook", "event.kind": [ @@ -361,7 +361,7 @@ "zoom.webinar.uuid": "4118UHIiRCAAAtBlDkcVyw==" }, { - "@timestamp": "2020-08-04T15:28:15.361Z", + "@timestamp": "2020-08-04T18:00:47.500Z", "event.action": "webinar.registration_created", "event.dataset": "zoom.webhook", "event.kind": [ @@ -416,7 +416,7 @@ "zoom.webinar.uuid": "dj12vck6sdTn6yy7qdy3dQg==" }, { - "@timestamp": "2020-08-04T15:28:15.361Z", + "@timestamp": "2020-08-04T18:00:47.500Z", "event.action": "webinar.registration_approved", "event.dataset": "zoom.webhook", "event.kind": [ @@ -460,7 +460,7 @@ "zoom.webinar.uuid": "dj12vck6sdTn6yy7qdy3dQg==" }, { - "@timestamp": "2020-08-04T15:28:15.361Z", + "@timestamp": "2020-08-04T18:00:47.500Z", "event.action": "webinar.registration_denied", "event.dataset": "zoom.webhook", "event.kind": [ @@ -502,7 +502,7 @@ "zoom.webinar.uuid": "dj12vck6sdTn6yy7qdy3dQg==" }, { - "@timestamp": "2020-08-04T15:28:15.361Z", + "@timestamp": "2020-08-04T18:00:47.500Z", "event.action": "webinar.registration_cancelled", "event.dataset": "zoom.webhook", "event.kind": [ @@ -543,7 +543,7 @@ "zoom.webinar.uuid": "dj12vck6sdTn6yy7qdy3dQg==" }, { - "@timestamp": "2020-08-04T15:28:15.361Z", + "@timestamp": "2020-08-04T18:00:47.500Z", "event.action": "webinar.participant_joined", "event.dataset": "zoom.webhook", "event.kind": [ @@ -583,7 +583,7 @@ "zoom.webinar.uuid": "czLF6FFFoQOKgAB99DlDb9g==" }, { - "@timestamp": "2020-08-04T15:28:15.361Z", + "@timestamp": "2020-08-04T18:00:47.500Z", "event.action": "webinar.participant_left", "event.dataset": "zoom.webhook", "event.kind": [ diff --git a/x-pack/filebeat/module/zoom/webhook/test/zoomroom.ndjson.log-expected.json b/x-pack/filebeat/module/zoom/webhook/test/zoomroom.ndjson.log-expected.json index f33ef646f94..4dbaba16d79 100644 --- a/x-pack/filebeat/module/zoom/webhook/test/zoomroom.ndjson.log-expected.json +++ b/x-pack/filebeat/module/zoom/webhook/test/zoomroom.ndjson.log-expected.json @@ -1,6 +1,6 @@ [ { - "@timestamp": "2020-08-04T15:28:08.945Z", + "@timestamp": "2020-08-04T18:00:40.873Z", "event.action": "zoomroom.alert", "event.dataset": "zoom.webhook", "event.kind": [ @@ -29,7 +29,7 @@ "zoom.zoomroom.room_name": "MyFabulousZoomRoom" }, { - "@timestamp": "2020-08-04T15:28:08.945Z", + "@timestamp": "2020-08-04T18:00:40.873Z", "event.action": "zoomroom.delayed_alert", "event.dataset": "zoom.webhook", "event.kind": [ @@ -58,7 +58,7 @@ "zoom.zoomroom.room_name": "MyFabulousZoomRoom" }, { - "@timestamp": "2020-08-04T15:28:08.946Z", + "@timestamp": "2020-08-04T18:00:40.873Z", "event.action": "zoomroom.checked_in", "event.dataset": "zoom.webhook", "event.kind": [ @@ -91,7 +91,7 @@ "zoom.zoomroom.room_name": "Sharks Room" }, { - "@timestamp": "2020-08-04T15:28:08.946Z", + "@timestamp": "2020-08-04T18:00:40.874Z", "event.action": "zoomroom.checked_in", "event.dataset": "zoom.webhook", "event.kind": [ From 38d313583868447fdd0a1324410fe508bccbdec1 Mon Sep 17 00:00:00 2001 From: P1llus Date: Tue, 4 Aug 2020 20:53:58 +0200 Subject: [PATCH 06/16] finished cleaning up fields.yml, generated new golden files --- x-pack/filebeat/module/zoom/fields.go | 2 +- .../module/zoom/webhook/_meta/fields.yml | 230 +++++++++--------- .../test/account.ndjson.log-expected.json | 6 +- .../chat_channel.ndjson.log-expected.json | 4 +- .../chat_message.ndjson.log-expected.json | 6 +- .../test/meeting.ndjson.log-expected.json | 28 +-- .../test/phone.ndjson.log-expected.json | 22 +- .../test/recording.ndjson.log-expected.json | 24 +- .../test/user.ndjson.log-expected.json | 26 +- .../test/webinar.ndjson.log-expected.json | 28 +-- .../test/zoomroom.ndjson.log-expected.json | 8 +- 11 files changed, 192 insertions(+), 192 deletions(-) diff --git a/x-pack/filebeat/module/zoom/fields.go b/x-pack/filebeat/module/zoom/fields.go index e463734edc1..43adc381437 100644 --- a/x-pack/filebeat/module/zoom/fields.go +++ b/x-pack/filebeat/module/zoom/fields.go @@ -19,5 +19,5 @@ func init() { // AssetZoom returns asset data. // This is the base64 encoded gzipped contents of module/zoom. func AssetZoom() string { - return "eJzUnF9v2zgSwN/7Kfh4B9y273k4IEgKXA7bRdE2d8C9CLQ4srihSB1J2et8+gX/yLH1X/YwW+ehaOx45qfhcGY4JP0LeYHDHXlVqvpAiOVWwB35X/iNgck1ry1X8o788wMhhHxXFfi3SaVYI+ADIQUHwcydf9v9/EIkreAosv2xhxruyFarpj55VYMAauCObMDSk9cZFLQRNvPC70hBhYGzt3tk7c8Xz0UKpUlNteFyG3jvvz6R/8KmVOrFfDz5RBf/9BEqaizojOa5aqTNODv7q/aZXuCwV7r73gSix/SiyX0Q7exALTBiFaHE1JDzgufke7Np/2KQzzSbJHDfIs2cflWDplZpVOXPBvTTI7EltcRqvt2CdoYpgcAOZkBwKZzsT58rysXp+DiSxoBeR5hymKJsZzQ1g2F5BcbSqh6kYNTCOoQfrbyuhaYRsr+YIddAnbjM6cQbkIcolvTEdtzgo9pLSDJtVOEfvbVEdFQgNPdge2pIDbpQugJGlJyEBOf6eIRTM+kywGDFnx6znfvuVTzO32gFSTCp4NTgcd47cUlATVPXSmPb9XuQ2mpLSo7sul30v3lf/jvKI+QltVleUilBfMS1+EOQSnpSB3VjBs1W89PjvN7RVMGlhS10a4+FmkczxbnuBGmb7EuQJGrwPuCzIrBPlWK84MA+MRBggc3zOYLMQf5kfBUYQ7eA6jNfgsxJn2n14vrMj0MNLsFH6f8gwG0JmtSa76iF9nWi9NFs8aV50nQj2FJdN4LpZgAOnwFjXEGJ6Wnfg8ynR7+adQG7HdZOQF88yrmSluboeSeUTJQxDWY41RuQzC3FL6JNUCbjMYYRQWWMuaGPuZoqXZ6+GG3oD6+i+vGm3Q3h8IKvArBcblETgVP8tuKKGia1/664zBqNOPP+rbgkz99+XUPRNNhWeH5eZ4dSGdxZ7SHOFsBRFXGqJlmsqnmOWR0EvT96YnuKE9UGQX/MZJMExlJt0ZP+qfW9hhkKp/9VScyIECW6sM6OuXOJY7JG+wbOIItQnU8vSOC5ksycOyQ1ZAMg/eJrNxwwj9HKmAaGl+LrYZ6csGOk5AWhklAB2hJuTtqYSi62Vk2NGRidK0bua5TYzy7jNHWpJG6F/yz5/xsf21vf8Tp8Xa3kDrTpO8k5jasnUpQtHZ697ISJcwqm9lIoynBTzmOU6tNOC7RTPO8Xlec4msstl9sMP+yU8NbYDkU9JU6bdVZydb17ayO4Kd9cKqdCwPD0C7i5khJyC+xWgKk0e9DvQtvyeNagdyTKR1tSITKQ7L2wQLJ5njQhI9YfTsPU1MRNNI9RnNNOF01G7006k0216ZUa1ywRvFgSxHaj+Bou3IVLpBpYt6y21fiW0fphi1zu41dwpUo20ZNr0EbJi/kgNV/QcgUf/GFBGvzdQFRMnaymOB/mfcnzknDJLQ+c87Es8vlf0APKV1/p/BbiyakppwqfSPQ2sNhUn1vJbaRbSZZwzbOShMGO54Ds+Y9eaIhrfg22OayAgvRe7o9ucBOA5goFSFfPX0WVYj/5OjO9cwiYrN6jiZBZhiiuSD1zJcVloSC2gsIiccACg2P3FwXL+TF8r2C5gOT9g+UUFPaW3SO1QKhkflV1jATeicZPUmnIlWbYrfXTg0xR/ox23Kb2aUN7KQF6U/s8RzjxI22xxYjIvW7f4+423DuIi9HwVlVt/FuqGr1h4ifSSu9JEORif6TfCT9q7T9bHyxhp2KNfUxJNeA2Mp2BvNizTubyuWSpyAx/RXNbJ5A4gT3bEC7J5mA7WwF9puP/sv6Z7cvB7it/mOx0RpGCC+jt9K+KlONHENYTnp8/mA+Yg3yuxsfdRhg/ajCeTz1FwbXBPtboaIgXPNgHW4IlaBoqJ/diKOSjLB4IRo8Az8DgN5AGm4NLUFKuxYbbu07tHI+PS/qAB/QQBJJcsZ6ZZhdAHixXVU0lIpIftocBqef2qDiyyrBop+JYio2cUPTqGwPZGMJGKQG0m/HnSvbCCSZfvzwRbghIuhlrGYTH5zluNnc5vB13rVx+IjXPbaOHCxwPsaOS20PCPsrpNQzTHyB9fkWuG0zSrXtzJQu+bfRJUTg9ewWV2wb12NavUSIxYJ0xzEISXzy8AOJ8/ZcrFF7g4EgWQmglkCv1kxFxwhdyMKiHqzwMDgY11RYqkEvNUmswIHN/vcs2iHdIHhqtHUargAQFbprNEMUpl0nVLZ+vy4PtVPZyj+Z5nh6tZGesfUEg1HYLjHD5STUT6U5wkDZRyzEIP2tjTY/PDrQZW1xeRPKfIPDY2VsBtIcNlxR5DdA7ShS1TBIkPCe6BiNBT22N+vdoqMX/L8FJ2TxbpD/JjI3SJ8+LtgTojbLvTuBZu3mRIZLvByyhSNwXW4JAtyAZxTPDvZe3hiDhCdA1kWLinOxVF+uD3HZZEbQNgrwqVbliPtEmiP8Ci9HFwlG5+yfhYmYhRU6Fc6MEZ7i82NAouhAJ9ZZOC7R6nHznBpXls5O4HiQvqdwC7mrqwcv066mV3gtGNToH7Mtp36Lc2NUbuaW2dOje4bsGFqL44JQo5h2vCaxD8tcJkJcWR9XxssLohek3r1ZVrWS3OYoEMSx8xBIvXCJO8nv//E7mOo/RsOXGaiotbnqShdJVKFroRjW2d3IoKAZtlmy/nFBidw++HUWTAdEDAMizPJ2lUmwUpaNNsH+UDjbmiVtAzblFTOAJObE3f9KhvvLhLxr4yTBdOLuJ2eS34m4BlEvWmBtxUqW7TYafEvN3tcn8F0veAmzd6Lykhsutb3Rlhb6RfKWVgIzLLD4AZLVW+Y0kMKkyVWRQ1UIdALORkzKXVRVIexOs+NsJyKw11ZbnvMZeonw5HoTobsgvpUl98eNNVXsF379uSqod+PgZnx5kgnNZp502HFLviQnuAPcQnaJ4e23tkAugO9xt2jFIAYW9CDEaPWNgKRfmo+DyJQtdLszJY0vF3Pi3Y7zntiRMq3qj/gjfUjKwBbKEN1fSovZnjvvPQXAIQXtqwvnekZtLE4AFF5A5qyIiluBPzRIn9mrA6aMEF2+Chbv0p/N66htcpgCxvfFovtjMPTfgIJ4SLNtRMbYzVAhqLUhYCWJh5AuF2nNM6Mr+DAAA//9J6VZr" + return "eJzEnF9v2zgSwN/3UxB9SoFsF7uHO+DycECRdO9y1+722uYW2BeBpsYWNxSpklRc59Mf+E+WbVmSnaE3D0XtKMMfh8PhzJDi9+QRNjfkWan6O0IstwJuyO/hUwmGad5YruQN+cd3hBDyWdXgf01qVbYCviNkyUGU5sb/2v18TyStoROZfuymgRuy0qptet9qEEAN3JAFWNr7voQlbYUtvPAbsqTCwM6vD8jSzwfPRZZKk4Zqw+Uq8L79eE9+g0Wl1KN50/uLffx+F2pqLOiCMqZaaQte7jyV+vQIm7XS+78bQfSYXjR5G0Q7PVALJbGKUGIaYHzJGfncLtITg3ymXWSB+xRpptpXDWhqlUZt/MGAvr8jtqKWWM1XK9BOMRUQeIIJEFwKJ/uHdzXloj8+jqQ1oE8jzDlMUbZTmprAsLwGY2ndDFKU1MJpCF+SvH0NjSMUfzID00CduMK1iTcgt1EsORC7ZwZv1FpClmmjlr7rSRPRUIFQ5sHW1JAG9FLpGkqi5CgkONPHIxybSecBBi3mxqTOz6Y2ybrirPKYJTfUGMW4e3CUM01+9y0e6G8VSEJlR+akE25I27g5VF4TW3HjvnDqlbAmT1S0QAyMeqgOlgpOTT5aLx4R17RNo3RuHfdbyQCPbMrH6H0zL8BnFbUFq6iUIN7gKvyLA3DKjY4sthIW24oasgDXp7KE8odalXzJofyhBAHH5uAOK6bDdaRbh4vLibssfdk0Xp+JcWiZfENuqSQLID9e3csnbuH7X6XYvL4mP1191PyJWnhNlCZ/ufrYLgRnr2f0ATnUuKMWCJWlDyDI2pl26pDzxn5JP0vZDqVwQpFA3zWKVWiUNRhDV4Bqug+Sf2371psswrVIYovTSHmsNEq/JiwYJHBbgSavrCqYkpYy+8pZov8cNPtqGhV7jAeMMTb1wmHGnjXBGBEBDRjjImdMe/wcZN7f+bS97073XNVs04yWkic2pGWpwZjBUNaALLlcnUebIR9YgFBy5Yl6lBoY8Cf3LT2BMowJKuVtkHl/d/5IRyrcMCRyhVDkXLShB19E9ZYYq92oeYPhMhnashWim94+AnFz3BzLfmsAy+XqMktKbGwU5A/FZdFqxInqgrOHT+/dkDnhcdymSdoWO0R8eDhPJ5UyuA7Bw+wUCZiSS75q9ZaIuFZHsaxqOEOEcuLOUc/R2INLCyvYrwTOjj2CGuLyOEpgLNU2X0zRs1jim5rAcX/0rCRq7stjHOvk+nTRQNkt0Qmui1jMKF/Zal8bG+Rza9Tp1pxEupGjHQ+XpOaytTDOw41pAb2+kZZXl2Ybl3r7Zsia26qvtGuvRfhG60bADXn1II2lCwGEtiVX5GtLBbeb4bg2daChxgxgvqALH6PEwwXv+HxsKiVzJSfJ0nwbLuZnSj6BNod2tEvjxiBHLLXHs5Z+qHt1wlsqBHmvVmQBYZV2w3ts4gbWUq2lULTEXf7uolS/BibsJ8XZYTy8i+OiCy5XBbpzc/O18xQhH6HEtWadLl24An4KcFNtDY9RIWA40Aq4TEkJzEKZB7g8zPIQoKk0a9AXI05Mnje0PWqR7tkCZHlJNJDlNNNlKiBUjM0P5FXsbmcF6ybo1Bq2VQroQrb14iDeeUnq48WSIHZ/KZjjQxIXbkIWqQbysVOYfKeO7/qdPoKRy/35Ua5Qyop1rFhitaAlFb6m+tPVu2/x43QPcq1tKSUI3TlXw3ARvvMtAAr4ZkEa/K3fd0luMIU+7oRdLEJN5to//N8WWrgmtLXqEzDwzXFjnZmYimp4zyX8c+8MzbClZIuCYtca0EbJuB3KJbc89DH2eprPf0D3Xh99bPZLcF6jRj2Pcmsv2KRbi5EDtNNk+Anfl5TqnUhSwhNngDyh7rzQMJt83rnYnAAFFzhbEX1R/Ha+D8o9Mw/56CxjB+Ql+2Ar94W++9Ie4wB1phKR+eaQnbAAToVAL9q7Gw4aj0yUnS3n8+Ih+LP883m2cSmffSbd5f34qaB5t3H3/Gco8xw/RKiBKV1ebCOla24CBncLY2j7Yi4J+hbG7jrnxKf/d8XotPkVKI4UFbaIObczEtOeic/VXh4P3cnvko+6FZY3ArrExZ/9Mtek8UfzCauAPYYz9KVibQ3SHi/AbvEvWd7qWh3dKempFt8Nx/Kmd8U72yRbtoMuH4JlLC/tskwUmHrD6LLObHuzlDEw5rRpoSwVheHPWBWcL04gcQIH1bTYTCup+19x+K7E+WDbwG8LtOQCDg6enOSPs56I6Xvm4U2kmR7apUi4y2pYOoaO7Bxf4T3FkmuDfazY0RAveLCiOQdL0DxUTu7ZUMjG5YHg6GsDEzC4C6hnGSrzzkHJk7l6pBClDide89G839IbZLYolTBVnqU2puqGSnwqL/UsZdUce/h8GZWKzj+e56RaA8UxuIVSAuh+TDEBd79MhxkqasjHD/cEJF2IMXfdcIYbKPzcCpEiBV9y1sqtf6ThzLZ6N510BMfRnqjkdoPsLn/p1bYOhlG7ePkcp5WvQtA77pWC03GtCSpXLeoBxvdR4uksPnZ5BERf8C8XpDzChhiwMyG0Esg5Q08PTvhMjhKa4SATg6OExuVQLs+bidNoMCCZf6vTtohnqm5brR1GaoCEBtykmyCK07GQaj96f1mtOE1zL7dTz8P4aCEXrY4kwt67CLVaQUm4VJqodmxpFRykzVQGDsIP/HNX8F1otfZbnjVl12TN5TXh3SEvKkut+Mg68wTaHMuRz8L+XxDYlVCH6QeB1rDgkiKnKgcH4NI6ElsbJcl3lrrnI/rHqudAZahJnqObXAXJ7q2VrYb6xck5aMiFyA8p2x46Xz2LJ4tjiNLT+erOIcSzMX+9+i088Pqa/O3qE7BW+9cd0p+tua1Ua8mSf4Pg+vyG0d+PPNp/brSzl6xVJsCxSmU3CPmCwZ0apUM9qCrNsZLM9cqkq4lqZaKhK5AlzRYYBfGnTOqMR7R3nXGvjjqHC/vs+1ufTTfKGXQ48W4IXbiZSrdjaHqPyPDCub97Z5D0WanapVB5t9b8pobevadogMH9k+FsRG8I+8ckZkIxKpw5Zjhn6cW+CCnroKVWdgK0mYQ++b4Qnm+LbG8I2b4E4mE/TauzonIFuEnvf2DT6e0DZ1oZtXT5lSpbZk14eSr6YF+o1xByL2v691I9bQNm2nV4Yg6BUa1mkHf/YUjb3YBwnyOdajGXxu24CLcGxHLCPTpnm8mRUwHaGhdgRZe+FyBsSd0j1hD42vKmPlbe6pi9XOTM82167y/eXNLZbXpFNm1u+8bfeP8reAjR/Vf+AZP2xJeqlXGZgrlb39t5q+pGyX01XKZ73RCE16UiyPVOf7uvEfscxvSRS0TXut9pU6m135TdW5TiAHaXrsRk4serL+lutnis7FYAdZ8Gu6JhxY3VVNq8MUd8QTA0FnO03tuLSo9GcD1K7GLb56625jA7X7/He/TcR8eVxWNiKy/Hpu7P2/1cbNwMm73vaS7YuLohOoLd0wVooIxbxNDqltsNPiL2vuxt3JLFBn3mwzfWnAX5O2/CnnEOn4k4h5zLxIf0lXDEkkH/gAA2K5dla1ANNF1qmiSjIyu9X5V6Ae2vekUlfw4Z09B2LwbxH2pR+JuZ8bj/rRbhsmd86201q6jhcuULqsVSI1/Mo5QBSWIz4dSlbwO9J1oJKLgsUlNFoxVDXdhSZ/zWL5eEbrsV28pmU1IVallA3Qi1Acxa4PbUYiecsNjP3m4a0upYu/wEc0SiRCJgadF5M95z5O+i9ns8qTWf17VuhszcrGuotpzxJnsK1Gto9/6M0YtGenS5X21F4cM/m9mP1l/M6G0x65YX3YF07UF5AqAA+pT53MQuoZ/y8/lMRbVb5UqwlAvzRnD5WIQiJ96wfwBbqdINemwuFApLrZqF+tav157My5S0qEWq7vRHENy7iK6iR68cGQFccgGF0yquu/RHCJ3YFwOOH+w5e382XJHjizBxzMf2iscAsa2xU18QvKfAQTwlyiK8UDSIsRTUWpBwIoiFI9fUGbBu8uI39v8AAAD//wrK/gQ=" } diff --git a/x-pack/filebeat/module/zoom/webhook/_meta/fields.yml b/x-pack/filebeat/module/zoom/webhook/_meta/fields.yml index db3b1d20d8c..84dd8406448 100644 --- a/x-pack/filebeat/module/zoom/webhook/_meta/fields.yml +++ b/x-pack/filebeat/module/zoom/webhook/_meta/fields.yml @@ -48,59 +48,59 @@ - name: account.owner_email type: keyword description: > - Email related to the user the action was performed on + Email related to a sub account which was disassociated - name: account.account_name type: keyword description: > - Name related to the user the action was performed on + When an account name is updated, this is the new value set - name: account.account_alias type: keyword description: > - Alias related to the user the action was performed on + When an account alias is updated, this is the new value set - name: account.account_support_name type: keyword description: > - Support account related to the user the action was performed on + When an account support_name is updated, this is the new value set - name: account.account_support_email type: keyword description: > - Support account (Email) related to the user the action was performed on + When an account support_email is updated, this is the new value set - name: chat_channel.name type: keyword description: > - Channel name + The name of the channel that has been added/modified/deleted - name: chat_channel.id type: keyword description: > - Channel ID + The ID of the channel that has been added/modified/deleted - name: chat_channel.type - type: integer + type: keyword description: > - Channel type + Type of channel related to the event. Can be 1(Invite-Only), 2(Private) or 3(Public) - name: chat_channel.timestamp type: date description: > - Time when channel was created/modified/deleted + Date and time when channel was created/modified/deleted - name: chat_channel.date_time type: date description: > - Time when channel was created/modified/deleted + Epoch time when channel was created/modified/deleted - name: chat_message.id type: keyword description: > - Message ID + Unique ID of the related chat message - name: chat_message.type - type: integer + type: keyword description: > - Type of message, either private message or channel message + Type of message, can be either "to_contact" or "to_channel" - name: chat_message.date_time type: date description: > - Time when message was created/modified/deleted + Date and time when message was created/modified/deleted - name: chat_message.timestamp type: date description: > - Time when message was created/modified/deleted + Epoch when message was created/modified/deleted - name: chat_message.session_id type: keyword description: > @@ -112,7 +112,7 @@ - name: chat_message.contact_id type: keyword description: > - UserID related to the user sending the message + UserID belonging to the user receiving a message - name: chat_message.channel_id type: keyword description: > @@ -124,27 +124,27 @@ - name: chat_message.message type: keyword description: > - The message sent + A string containing the full message that was sent - name: meeting.id type: keyword description: > - The ID of the meeting + Unique ID of the related meeting - name: meeting.join_url type: keyword description: > - Join URL of the meeting + The URL to join the meeting - name: meeting.uuid type: keyword description: > - The UUID of the meeting + The UUID of the related meeting - name: meeting.host_id type: keyword description: > - The UserID of the meeting host + The UserID of the configured meeting host - name: meeting.topic type: keyword description: > - Meeting Topic + Topic of the related meeting - name: meeting.type type: integer description: > @@ -152,19 +152,19 @@ - name: meeting.start_time type: date description: > - Time the meeting started + Date and time the meeting started - name: meeting.timezone type: keyword description: > - Timezone used for the meeting + Which timezone is used for the meeting timestamps - name: meeting.duration type: long description: > - Seconds the meeting has been active + The duration of a meeting in minutes - name: meeting.issues - type: long + type: keyword description: > - Issue message if an alert is triggered on the meeting + When a user reports an issue with the meeting, for example: "Unstable audio quality" - name: meeting.password type: keyword description: > @@ -176,7 +176,7 @@ - name: phone.user_id type: keyword description: > - UserID for the phone owner + UserID for the phone owner related to a Call Log being completed - name: phone.download_url type: keyword description: > @@ -188,23 +188,23 @@ - name: phone.connected_start_time type: date description: > - The timestamp when a ringtone was established to the callee + The date and time when a ringtone was established to the callee - name: phone.answer_start_time type: date description: > - The timestamp when the call was answered + The date and time when the call was answered - name: phone.call_end_time type: date description: > - The timestamp when the call ended + The date and time when the call ended - name: phone.call_id type: keyword description: > - Unique ID of the call + Unique ID of the related call - name: phone.duration type: long description: > - Duration of a voicemail + Duration of a voicemail in minutes - name: phone.caller_number type: keyword description: > @@ -216,11 +216,11 @@ - name: phone.caller_number_type type: long description: > - Caller type related to the voicemail + Caller type related to the voicemail, can either be 1(Internal) or 2(External) - name: phone.caller_user_id type: keyword description: > - UserID of the person related to the voicemail + UserID of the caller related to the voicemail - name: phone.callee_user_id type: keyword description: > @@ -228,7 +228,7 @@ - name: phone.callee_extension_type type: keyword description: > - UserID of the callee related to the voicemail + Extension type of the calle related to the voicemail, can be user, callQueue, autoReceptionist or shareLineGroup - name: phone.caller.user_id type: keyword description: > @@ -236,7 +236,7 @@ - name: phone.caller.phone_number type: keyword description: > - Phone Number of the caller + Phone Number of the caller related to the call - name: phone.caller.extension_number type: keyword description: > @@ -252,19 +252,19 @@ - name: phone.callee_id type: keyword description: > - UserID of the person that is called + UserID of the related callee of the voicemail - name: phone.callee.user_id type: keyword description: > - UserID of the person that is called + UserID of the related callee of a call - name: phone.callee_name type: keyword description: > - Name of the person that is called + The name of the callee related to the voicemail - name: phone.callee.phone_number type: keyword description: > - Phone Number of the callee + Phone Number of the callee related to the call - name: phone.callee_number type: keyword description: > @@ -272,47 +272,47 @@ - name: phone.callee_number_type type: keyword description: > - Type of phone number + Type of number related to the callee of the voicemail. Can be 1(Internal) or 2(External) - name: phone.callee.extension_number type: keyword description: > - Extension number of the callee + Extension number of the callee related to the call - name: phone.callee.timezone type: keyword description: > - Timezone of the callee + Timezone of the callee related to the call - name: phone.callee.device_type type: keyword description: > - Device type used by the callee + Device type used by the callee related to the call - name: phone.date_time type: date description: > - Date and time of the phone event + Date and time of the related phone event - name: recording.id type: keyword description: > - ID of the recording + Unique ID of the related recording - name: recording.uuid type: keyword description: > - UUID of the recording + UUID of the related recording - name: recording.host_id type: keyword description: > - UserID of the host related to the meeting recording + UserID of the host of the meeting that was recorded - name: recording.topic type: keyword description: > Topic of the meeting related to the recording - name: recording.type - type: long + type: keyword description: > - Type of recording + Type of recording, can be multiple type of values, please check Zoom documentation - name: recording.start_time type: date description: > - Date of the recording + The date and time when the recording started - name: recording.timezone type: keyword description: > @@ -320,11 +320,11 @@ - name: recording.duration type: long description: > - Duration of the recording + Duration of the recording in minutes - name: recording.share_url type: keyword description: > - The share URL for the recording + The URL to access the recording - name: recording.total_size type: long description: > @@ -332,11 +332,11 @@ - name: recording.recording_count type: long description: > - Amount of recording files related to the recording + Number of recording files related to the recording - name: recording.host_email - type: long + type: keyword description: > - Email address of the host related to the meeting + Email address of the host related to the meeting that was recorded - name: user.id type: keyword description: > @@ -360,31 +360,31 @@ - name: user.phone_number type: keyword description: > - Phone number related to the user + User phone number related to the user event - name: user.phone_country type: keyword description: > - Country code related to the phone number + User country code related to the user event - name: user.company type: keyword description: > - User Company + User company related to the user event - name: user.pmi type: keyword description: > - User personal meeting ID + User personal meeting ID related to the user event - name: user.use_pmi type: boolean description: > - If use PMI is enabled + If a user has PMI enabled - name: user.pic_url type: keyword description: > - URL to the profile picture + Full URL to the profile picture used by the user - name: user.vanity_name type: keyword description: > - Name of the related users personal meeting room + Name of the personal meeting room related to the user event - name: user.timezone type: keyword description: > @@ -392,7 +392,7 @@ - name: user.language type: keyword description: > - Language settings for the user + Language configured for the user - name: user.host_key type: keyword description: > @@ -416,11 +416,11 @@ - name: user.date_time type: date description: > - Time when user logged in/ou + The date and time when user logged inor out - name: user.client_type type: keyword description: > - Type of client used by the user + Type of client used by the user. Can be browser, mac, win, iphone or android - name: user.version type: keyword description: > @@ -428,59 +428,59 @@ - name: webinar.id type: keyword description: > - Unique ID for the webinar + Unique ID for the related webinar - name: webinar.join_url type: keyword description: > - Join URL for the webinar + The URL configured to join the webinar - name: webinar.uuid type: keyword description: > - UUID for the webinar + UUID for the related webinar - name: webinar.host_id type: keyword description: > - UserID of the host of the webinar + UserID for the configured host of the webinar - name: webinar.topic type: keyword description: > - Topic of the webinar + Meeting topic of the related webinar - name: webinar.type type: keyword description: > - Type of webinar created + Type of webinar created. Can be either 5(Webinar), 6(Recurring webinar without fixed time) or 9(Recurring webinar with fixed time) - name: webinar.start_time type: date description: > - Start time of the webinar + The date and time when the webinar started - name: webinar.timezone type: keyword description: > - Timezone of the webinar + Timezone used for the dates related to the webinar - name: webinar.duration type: long description: > - Duration of the webinar + Duration of the webinar in minutes - name: webinar.agenda type: keyword description: > - Agenda of the webinar + The configured agenda of the webinar - name: webinar.password type: keyword description: > - Password for the webinar + Password configured to access the webinar - name: webinar.issues type: keyword description: > - Related issues to the webina + Any reported issues about a webinar is reported in this field - name: zoomroom.id type: keyword description: > - ID of the Zoom room + Unique ID of the Zoom room - name: zoomroom.room_name type: keyword description: > - Name of the Zoom room + The configured name of the Zoom room - name: zoomroom.calendar_name type: keyword description: > @@ -488,135 +488,135 @@ - name: zoomroom.calendar_id type: keyword description: > - Calendar ID of the Zoom room + Unique ID of the calendar used by the Zoom room - name: zoomroom.event_id type: keyword description: > - Event ID of the Zoom room + Unique ID of the calendar event associated with the Zoom Room - name: zoomroom.change_key type: keyword description: > - Change key of the Zoom room + Key used by Microsoft products integration that represents a specific version of a calendar - name: zoomroom.resource_email type: keyword description: > - Resource email address related to the Zoom room + Email address associated with the calendar in use by the Zoom room - name: zoomroom.email type: keyword description: > - Email related to the Zoom room + Email address associated with the Zoom room itself - name: zoomroom.issue type: keyword description: > - Related issue message to the Zoom room + Any reported alerts or issues related to the Zoom room or its equipment - name: zoomroom.alert_type type: keyword description: > - Zoom room alert type + A integer value representing the type of alert. The list of alert types can be found in the Zoom documentation - name: zoomroom.component type: keyword description: > - Zoom room component + A integer value representing the type of equipment or component, The list of component types can be found in the Zoom documentation - name: zoomroom.alert_kind type: keyword description: > - Alert kind related to the Zoom room + A integer value showing if the Zoom room alert has been either 1(Triggered) or 2(Cleared) - name: registrant.id type: keyword description: > - Information about the person that registers to the meeting + Unique ID of the user registrating to a meeting or webinar - name: registrant.status type: keyword description: > - Registrant status + Status of the specific user registration - name: registrant.email type: keyword description: > - Information about the person that registers to the meeting + Email of the user registrating to a meeting or webinar - name: registrant.first_name type: keyword description: > - Information about the person that registers to the meeting + First name of the user registrating to a meeting or webinar - name: registrant.last_name type: keyword description: > - Information about the person that registers to the meeting + Last name of the user registrating to a meeting or webinar - name: registrant.address type: keyword description: > - Information about the person that registers to the meeting + Address of the user registrating to a meeting or webinar - name: registrant.city type: keyword description: > - Information about the person that registers to the meeting + City of the user registrating to a meeting or webinar - name: registrant.country type: keyword description: > - Information about the person that registers to the meeting + Country of the user registrating to a meeting or webinar - name: registrant.zip type: keyword description: > - Information about the person that registers to the meeting + Zip code of the user registrating to a meeting or webinar - name: registrant.state type: keyword description: > - Information about the person that registers to the meeting + State of the user registrating to a meeting or webinar - name: registrant.phone type: keyword description: > - Information about the person that registers to the meeting + Phone number of the user registrating to a meeting or webinar - name: registrant.industry type: keyword description: > - Information about the person that registers to the meeting + Related industry of the user registrating to a meeting or webinar - name: registrant.org type: keyword description: > - Information about the person that registers to the meeting + Organization related to the user registrating to a meeting or webinar - name: registrant.job_title type: keyword description: > - Information about the person that registers to the meeting + Job title of the user registrating to a meeting or webinar - name: registrant.purchasing_time_frame type: keyword description: > - Information about the person that registers to the meeting + Choosen purchase timeframe of the user registrating to a meeting or webinar - name: registrant.role_in_purchase_process type: keyword description: > - Information about the person that registers to the meeting + Choosen role in a purchase process related to the user registrating to a meeting or webinar - name: registrant.no_of_employees type: keyword description: > - Information about the person that registers to the meeting + Number of employees choosen by the user registrating to a meeting or webinar - name: registrant.comments type: keyword description: > - Information about the person that registers to the meeting + Comments left by the user registrating to a meeting or webinar - name: registrant.join_url type: keyword description: > - Information about the person that registers to the meeting + The URL that the registrant can use to join the webinar - name: participant.id type: keyword description: > - Meeting ID of the related meeting + Unique ID of the participant related to a meeting - name: participant.user_id type: keyword description: > - UserID of the participant trigger the sharing event + UserID of the participant related to a meeting - name: participant.user_name type: keyword description: > - User name of the participant trigger the sharing event + Username of the participant related to a meeting - name: participant.join_time type: date description: > - The time the participant joined the related meeting + The date and time a participant joined a meeting - name: participant.leave_time type: date description: > - The time the participant left the related meeting + The date and time a participant left a meeting - name: participant.sharing_details.link_source type: keyword description: > diff --git a/x-pack/filebeat/module/zoom/webhook/test/account.ndjson.log-expected.json b/x-pack/filebeat/module/zoom/webhook/test/account.ndjson.log-expected.json index 27751fc4344..c5241af9edc 100644 --- a/x-pack/filebeat/module/zoom/webhook/test/account.ndjson.log-expected.json +++ b/x-pack/filebeat/module/zoom/webhook/test/account.ndjson.log-expected.json @@ -1,6 +1,6 @@ [ { - "@timestamp": "2020-08-04T18:00:45.401Z", + "@timestamp": "2020-08-04T18:53:21.616Z", "event.action": "account.created", "event.category": [ "iam" @@ -37,7 +37,7 @@ "zoom.sub_account_id": "aIxE1yiRR8WghhUIO6eu9L" }, { - "@timestamp": "2020-08-04T18:00:45.401Z", + "@timestamp": "2020-08-04T18:53:21.616Z", "event.action": "account.updated", "event.category": [ "iam" @@ -77,7 +77,7 @@ "zoom.time_stamp": 1562000584527 }, { - "@timestamp": "2020-08-04T18:00:45.401Z", + "@timestamp": "2020-08-04T18:53:21.616Z", "event.action": "account.disassociated", "event.category": [ "iam" diff --git a/x-pack/filebeat/module/zoom/webhook/test/chat_channel.ndjson.log-expected.json b/x-pack/filebeat/module/zoom/webhook/test/chat_channel.ndjson.log-expected.json index ffd891b3560..115eccf7d80 100644 --- a/x-pack/filebeat/module/zoom/webhook/test/chat_channel.ndjson.log-expected.json +++ b/x-pack/filebeat/module/zoom/webhook/test/chat_channel.ndjson.log-expected.json @@ -1,6 +1,6 @@ [ { - "@timestamp": "2020-08-04T18:00:49.928Z", + "@timestamp": "2020-08-04T18:53:26.130Z", "event.action": "chat_channel.created", "event.dataset": "zoom.webhook", "event.kind": [ @@ -36,7 +36,7 @@ "zoom.operator_id": "z8dfgdfguQrdfgdf" }, { - "@timestamp": "2020-08-04T18:00:49.928Z", + "@timestamp": "2020-08-04T18:53:26.131Z", "event.action": "chat_channel.member_invited", "event.dataset": "zoom.webhook", "event.kind": [ diff --git a/x-pack/filebeat/module/zoom/webhook/test/chat_message.ndjson.log-expected.json b/x-pack/filebeat/module/zoom/webhook/test/chat_message.ndjson.log-expected.json index 13c7e152204..902bf84c4aa 100644 --- a/x-pack/filebeat/module/zoom/webhook/test/chat_message.ndjson.log-expected.json +++ b/x-pack/filebeat/module/zoom/webhook/test/chat_message.ndjson.log-expected.json @@ -1,6 +1,6 @@ [ { - "@timestamp": "2020-08-04T18:00:32.577Z", + "@timestamp": "2020-08-04T18:53:08.820Z", "event.action": "chat_message.sent", "event.dataset": "zoom.webhook", "event.kind": [ @@ -38,7 +38,7 @@ "zoom.operator_id": "zfdgdfgdfgfp8uQ" }, { - "@timestamp": "2020-08-04T18:00:32.577Z", + "@timestamp": "2020-08-04T18:53:08.820Z", "event.action": "chat_message.updated", "event.dataset": "zoom.webhook", "event.kind": [ @@ -76,7 +76,7 @@ "zoom.operator_id": "zfdgdfgdfgfp8uQ" }, { - "@timestamp": "2020-08-04T18:00:32.577Z", + "@timestamp": "2020-08-04T18:53:08.820Z", "event.action": "chat_message.updated", "event.dataset": "zoom.webhook", "event.kind": [ diff --git a/x-pack/filebeat/module/zoom/webhook/test/meeting.ndjson.log-expected.json b/x-pack/filebeat/module/zoom/webhook/test/meeting.ndjson.log-expected.json index 78b117b0da7..6fcba052623 100644 --- a/x-pack/filebeat/module/zoom/webhook/test/meeting.ndjson.log-expected.json +++ b/x-pack/filebeat/module/zoom/webhook/test/meeting.ndjson.log-expected.json @@ -1,6 +1,6 @@ [ { - "@timestamp": "2020-08-04T18:00:56.903Z", + "@timestamp": "2020-08-04T18:53:33.101Z", "event.action": "meeting.created", "event.dataset": "zoom.webhook", "event.kind": [ @@ -39,7 +39,7 @@ "zoom.operator_id": "uLoRgfbbTayCX6r2Q_qQsQ" }, { - "@timestamp": "2020-08-04T18:00:56.903Z", + "@timestamp": "2020-08-04T18:53:33.101Z", "event.action": "meeting.updated", "event.dataset": "zoom.webhook", "event.kind": [ @@ -132,7 +132,7 @@ "zoom.time_stamp": 1562791953209 }, { - "@timestamp": "2020-08-04T18:00:56.903Z", + "@timestamp": "2020-08-04T18:53:33.101Z", "event.action": "meeting.deleted", "event.dataset": "zoom.webhook", "event.kind": [ @@ -171,7 +171,7 @@ "zoom.operator_id": "BBBBBBBBBB" }, { - "@timestamp": "2020-08-04T18:00:56.903Z", + "@timestamp": "2020-08-04T18:53:33.101Z", "event.action": "meeting.started", "event.dataset": "zoom.webhook", "event.kind": [ @@ -207,7 +207,7 @@ "zoom.meeting.uuid": "czLF6FFFoQOKgAB99DlDb9g==" }, { - "@timestamp": "2020-08-04T18:00:56.903Z", + "@timestamp": "2020-08-04T18:53:33.101Z", "event.action": "meeting.ended", "event.dataset": "zoom.webhook", "event.kind": [ @@ -243,7 +243,7 @@ "zoom.meeting.uuid": "czLF6FFFoQOKgAB99DlDb9g==" }, { - "@timestamp": "2020-08-04T18:00:56.903Z", + "@timestamp": "2020-08-04T18:53:33.101Z", "event.action": "meeting.registration_created", "event.dataset": "zoom.webhook", "event.kind": [ @@ -298,7 +298,7 @@ "zoom.registrant.zip": "" }, { - "@timestamp": "2020-08-04T18:00:56.903Z", + "@timestamp": "2020-08-04T18:53:33.101Z", "event.action": "meeting.registration_approved", "event.dataset": "zoom.webhook", "event.kind": [ @@ -341,7 +341,7 @@ "zoom.registrant.last_name": "Person" }, { - "@timestamp": "2020-08-04T18:00:56.903Z", + "@timestamp": "2020-08-04T18:53:33.101Z", "event.action": "meeting.registration_cancelled", "event.dataset": "zoom.webhook", "event.kind": [ @@ -381,7 +381,7 @@ "zoom.registrant.last_name": "Person" }, { - "@timestamp": "2020-08-04T18:00:56.903Z", + "@timestamp": "2020-08-04T18:53:33.101Z", "event.action": "meeting.sharing_started", "event.dataset": "zoom.webhook", "event.kind": [ @@ -425,7 +425,7 @@ "zoom.participant.user_name": "Arya Arya" }, { - "@timestamp": "2020-08-04T18:00:56.904Z", + "@timestamp": "2020-08-04T18:53:33.101Z", "event.action": "meeting.sharing_ended", "event.dataset": "zoom.webhook", "event.kind": [ @@ -469,7 +469,7 @@ "zoom.participant.user_name": "Arya Arya" }, { - "@timestamp": "2020-08-04T18:00:56.904Z", + "@timestamp": "2020-08-04T18:53:33.101Z", "event.action": "meeting.participant_jbh_waiting", "event.dataset": "zoom.webhook", "event.kind": [ @@ -504,7 +504,7 @@ "zoom.participant.user_name": "Shrijana Shrijana" }, { - "@timestamp": "2020-08-04T18:00:56.904Z", + "@timestamp": "2020-08-04T18:53:33.101Z", "event.action": "meeting.participant_jbh_joined", "event.dataset": "zoom.webhook", "event.kind": [ @@ -539,7 +539,7 @@ "zoom.participant.user_name": "Tom Harry" }, { - "@timestamp": "2020-08-04T18:00:56.904Z", + "@timestamp": "2020-08-04T18:53:33.101Z", "event.action": "meeting.participant_joined", "event.dataset": "zoom.webhook", "event.kind": [ @@ -578,7 +578,7 @@ "zoom.participant.user_name": "shree" }, { - "@timestamp": "2020-08-04T18:00:56.904Z", + "@timestamp": "2020-08-04T18:53:33.101Z", "event.action": "meeting.participant_left", "event.dataset": "zoom.webhook", "event.kind": [ diff --git a/x-pack/filebeat/module/zoom/webhook/test/phone.ndjson.log-expected.json b/x-pack/filebeat/module/zoom/webhook/test/phone.ndjson.log-expected.json index 0273ef10927..a31e884354d 100644 --- a/x-pack/filebeat/module/zoom/webhook/test/phone.ndjson.log-expected.json +++ b/x-pack/filebeat/module/zoom/webhook/test/phone.ndjson.log-expected.json @@ -1,6 +1,6 @@ [ { - "@timestamp": "2020-08-04T18:00:43.055Z", + "@timestamp": "2020-08-04T18:53:19.266Z", "event.action": "phone.caller_ringing", "event.dataset": "zoom.webhook", "event.kind": [ @@ -37,7 +37,7 @@ "zoom.phone.ringing_start_time": "2020-07-22T01:41:55Z" }, { - "@timestamp": "2020-08-04T18:00:43.055Z", + "@timestamp": "2020-08-04T18:53:19.267Z", "event.action": "phone.caller_connected", "event.dataset": "zoom.webhook", "event.kind": [ @@ -75,7 +75,7 @@ "zoom.phone.ringing_start_time": "2020-07-22T01:41:55Z" }, { - "@timestamp": "2020-08-04T18:00:43.055Z", + "@timestamp": "2020-08-04T18:53:19.267Z", "event.action": "phone.caller_ringing", "event.dataset": "zoom.webhook", "event.kind": [ @@ -111,7 +111,7 @@ "zoom.phone.ringing_start_time": "2020-07-22T01:38:40Z" }, { - "@timestamp": "2020-08-04T18:00:43.055Z", + "@timestamp": "2020-08-04T18:53:19.267Z", "event.action": "phone.callee_answered", "event.dataset": "zoom.webhook", "event.kind": [ @@ -149,7 +149,7 @@ "zoom.phone.ringing_start_time": "2020-07-22T01:41:56Z" }, { - "@timestamp": "2020-08-04T18:00:43.055Z", + "@timestamp": "2020-08-04T18:53:19.267Z", "event.action": "phone.callee_missed", "event.dataset": "zoom.webhook", "event.kind": [ @@ -183,7 +183,7 @@ "zoom.phone.caller.phone_number": "+1000000" }, { - "@timestamp": "2020-08-04T18:00:43.055Z", + "@timestamp": "2020-08-04T18:53:19.267Z", "event.action": "phone.callee_ended", "event.dataset": "zoom.webhook", "event.kind": [ @@ -218,7 +218,7 @@ "zoom.phone.caller.phone_number": "+1000000" }, { - "@timestamp": "2020-08-04T18:00:43.055Z", + "@timestamp": "2020-08-04T18:53:19.268Z", "event.action": "phone.caller_ended", "event.dataset": "zoom.webhook", "event.kind": [ @@ -253,7 +253,7 @@ "zoom.phone.caller.phone_number": "+1000000" }, { - "@timestamp": "2020-08-04T18:00:43.055Z", + "@timestamp": "2020-08-04T18:53:19.268Z", "event.action": "phone.callee_rejected", "event.dataset": "zoom.webhook", "event.kind": [ @@ -287,7 +287,7 @@ "zoom.phone.ringing_start_time": "2020-07-22T21:06:33Z" }, { - "@timestamp": "2020-08-04T18:00:43.055Z", + "@timestamp": "2020-08-04T18:53:19.268Z", "event.action": "phone.voicemail_received", "event.dataset": "zoom.webhook", "event.kind": [ @@ -327,7 +327,7 @@ "zoom.phone.id": "235435" }, { - "@timestamp": "2020-08-04T18:00:43.055Z", + "@timestamp": "2020-08-04T18:53:19.268Z", "event.action": "phone.caller_call_log_completed", "event.dataset": "zoom.webhook", "event.kind": [ @@ -352,7 +352,7 @@ "zoom.phone.user_id": "caddsfsdfv_VaHE53wA" }, { - "@timestamp": "2020-08-04T18:00:43.055Z", + "@timestamp": "2020-08-04T18:53:19.268Z", "event.action": "phone.callee_call_log_completed", "event.dataset": "zoom.webhook", "event.kind": [ diff --git a/x-pack/filebeat/module/zoom/webhook/test/recording.ndjson.log-expected.json b/x-pack/filebeat/module/zoom/webhook/test/recording.ndjson.log-expected.json index 86b44f809f7..6ffa2593329 100644 --- a/x-pack/filebeat/module/zoom/webhook/test/recording.ndjson.log-expected.json +++ b/x-pack/filebeat/module/zoom/webhook/test/recording.ndjson.log-expected.json @@ -1,6 +1,6 @@ [ { - "@timestamp": "2020-08-04T18:00:51.900Z", + "@timestamp": "2020-08-04T18:53:28.104Z", "event.action": "recording.started", "event.dataset": "zoom.webhook", "event.kind": [ @@ -36,7 +36,7 @@ "zoom.recording.uuid": "dj12vck6sdTn6yy7qdy3dQg==" }, { - "@timestamp": "2020-08-04T18:00:51.900Z", + "@timestamp": "2020-08-04T18:53:28.104Z", "event.action": "recording.paused", "event.dataset": "zoom.webhook", "event.kind": [ @@ -72,7 +72,7 @@ "zoom.recording.uuid": "dj12vck6sdTn6yy7qdy3dQg==" }, { - "@timestamp": "2020-08-04T18:00:51.900Z", + "@timestamp": "2020-08-04T18:53:28.104Z", "event.action": "recording.resumed", "event.dataset": "zoom.webhook", "event.kind": [ @@ -108,7 +108,7 @@ "zoom.recording.uuid": "dj12vck6sdTn6yy7qdy3dQg==" }, { - "@timestamp": "2020-08-04T18:00:51.900Z", + "@timestamp": "2020-08-04T18:53:28.104Z", "event.action": "recording.stopped", "event.dataset": "zoom.webhook", "event.kind": [ @@ -144,7 +144,7 @@ "zoom.recording.uuid": "dj12vck6sdTn6yy7qdy3dQg==" }, { - "@timestamp": "2020-08-04T18:00:51.901Z", + "@timestamp": "2020-08-04T18:53:28.104Z", "event.action": "recording.renamed", "event.dataset": "zoom.webhook", "event.kind": [ @@ -183,7 +183,7 @@ "zoom.time_stamp": 1575500457395 }, { - "@timestamp": "2020-08-04T18:00:51.901Z", + "@timestamp": "2020-08-04T18:53:28.104Z", "event.action": "recording.trashed", "event.dataset": "zoom.webhook", "event.kind": [ @@ -222,7 +222,7 @@ "zoom.recording.uuid": "dj12vck6sdTn6yy7qdy3dQg==" }, { - "@timestamp": "2020-08-04T18:00:51.901Z", + "@timestamp": "2020-08-04T18:53:28.104Z", "event.action": "recording.deleted", "event.dataset": "zoom.webhook", "event.kind": [ @@ -261,7 +261,7 @@ "zoom.recording.uuid": "dj12vck6sdTn6yy7qdy3dQg==" }, { - "@timestamp": "2020-08-04T18:00:51.901Z", + "@timestamp": "2020-08-04T18:53:28.105Z", "event.action": "recording.recovered", "event.dataset": "zoom.webhook", "event.kind": [ @@ -300,7 +300,7 @@ "zoom.recording.uuid": "dj12vck6sdTn6yy7qdy3dQg==" }, { - "@timestamp": "2020-08-04T18:00:51.901Z", + "@timestamp": "2020-08-04T18:53:28.105Z", "event.action": "recording.transcript_completed", "event.dataset": "zoom.webhook", "event.kind": [ @@ -339,7 +339,7 @@ "zoom.recording.uuid": "dj12vck6sdTn6yy7qdy3dQg==" }, { - "@timestamp": "2020-08-04T18:00:51.901Z", + "@timestamp": "2020-08-04T18:53:28.105Z", "event.action": "recording.registration_created", "event.dataset": "zoom.webhook", "event.kind": [ @@ -379,7 +379,7 @@ "zoom.registrant.last_name": "Person" }, { - "@timestamp": "2020-08-04T18:00:51.901Z", + "@timestamp": "2020-08-04T18:53:28.105Z", "event.action": "recording.registration_approved", "event.dataset": "zoom.webhook", "event.kind": [ @@ -419,7 +419,7 @@ "zoom.registrant.last_name": "Person" }, { - "@timestamp": "2020-08-04T18:00:51.901Z", + "@timestamp": "2020-08-04T18:53:28.105Z", "event.action": "recording.registration_denied", "event.dataset": "zoom.webhook", "event.kind": [ diff --git a/x-pack/filebeat/module/zoom/webhook/test/user.ndjson.log-expected.json b/x-pack/filebeat/module/zoom/webhook/test/user.ndjson.log-expected.json index 372d38ed39a..1358ea1b23f 100644 --- a/x-pack/filebeat/module/zoom/webhook/test/user.ndjson.log-expected.json +++ b/x-pack/filebeat/module/zoom/webhook/test/user.ndjson.log-expected.json @@ -1,6 +1,6 @@ [ { - "@timestamp": "2020-08-04T18:00:54.153Z", + "@timestamp": "2020-08-04T18:53:30.374Z", "event.action": "user.created", "event.dataset": "zoom.webhook", "event.kind": [ @@ -34,7 +34,7 @@ "zoom.user.type": "3" }, { - "@timestamp": "2020-08-04T18:00:54.153Z", + "@timestamp": "2020-08-04T18:53:30.374Z", "event.action": "user.invitation_accepted", "event.dataset": "zoom.webhook", "event.kind": [ @@ -67,7 +67,7 @@ "zoom.user.type": 1 }, { - "@timestamp": "2020-08-04T18:00:54.153Z", + "@timestamp": "2020-08-04T18:53:30.374Z", "event.action": "user.updated", "event.dataset": "zoom.webhook", "event.kind": [ @@ -104,7 +104,7 @@ "zoom.user.id": "uLobbbbbbbb_qQsQ" }, { - "@timestamp": "2020-08-04T18:00:54.153Z", + "@timestamp": "2020-08-04T18:53:30.375Z", "event.action": "user.settings_updated", "event.dataset": "zoom.webhook", "event.kind": [ @@ -141,7 +141,7 @@ "zoom.user.id": "uL34AAbbbbAAAAAAQsQ" }, { - "@timestamp": "2020-08-04T18:00:54.153Z", + "@timestamp": "2020-08-04T18:53:30.375Z", "event.action": "user.settings_updated", "event.dataset": "zoom.webhook", "event.kind": [ @@ -178,7 +178,7 @@ "zoom.user.id": "fdhjfdhsj536274gfd" }, { - "@timestamp": "2020-08-04T18:00:54.153Z", + "@timestamp": "2020-08-04T18:53:30.375Z", "event.action": "user.deactivated", "event.dataset": "zoom.webhook", "event.kind": [ @@ -215,7 +215,7 @@ "zoom.user.type": 1 }, { - "@timestamp": "2020-08-04T18:00:54.153Z", + "@timestamp": "2020-08-04T18:53:30.375Z", "event.action": "user.activated", "event.dataset": "zoom.webhook", "event.kind": [ @@ -252,7 +252,7 @@ "zoom.user.type": 3 }, { - "@timestamp": "2020-08-04T18:00:54.153Z", + "@timestamp": "2020-08-04T18:53:30.375Z", "event.action": "user.disassociated", "event.dataset": "zoom.webhook", "event.kind": [ @@ -289,7 +289,7 @@ "zoom.user.type": 3 }, { - "@timestamp": "2020-08-04T18:00:54.153Z", + "@timestamp": "2020-08-04T18:53:30.375Z", "event.action": "user.deleted", "event.dataset": "zoom.webhook", "event.kind": [ @@ -326,7 +326,7 @@ "zoom.user.type": "3" }, { - "@timestamp": "2020-08-04T18:00:54.153Z", + "@timestamp": "2020-08-04T18:53:30.375Z", "event.action": "user.presence_status_updated", "event.dataset": "zoom.webhook", "event.kind": [ @@ -359,7 +359,7 @@ "zoom.user.presence_status": "Available" }, { - "@timestamp": "2020-08-04T18:00:54.153Z", + "@timestamp": "2020-08-04T18:53:30.375Z", "event.action": "user.personal_notes_updated", "event.dataset": "zoom.webhook", "event.kind": [ @@ -393,7 +393,7 @@ "zoom.user.personal_notes": "Out of Office until February 31" }, { - "@timestamp": "2020-08-04T18:00:54.153Z", + "@timestamp": "2020-08-04T18:53:30.375Z", "event.action": "user.signed_in", "event.dataset": "zoom.webhook", "event.kind": [ @@ -427,7 +427,7 @@ "zoom.user.version": "4.5.3308.0902" }, { - "@timestamp": "2020-08-04T18:00:54.154Z", + "@timestamp": "2020-08-04T18:53:30.375Z", "event.action": "user.signed_out", "event.dataset": "zoom.webhook", "event.kind": [ diff --git a/x-pack/filebeat/module/zoom/webhook/test/webinar.ndjson.log-expected.json b/x-pack/filebeat/module/zoom/webhook/test/webinar.ndjson.log-expected.json index 23cd63d6726..b5b03c907de 100644 --- a/x-pack/filebeat/module/zoom/webhook/test/webinar.ndjson.log-expected.json +++ b/x-pack/filebeat/module/zoom/webhook/test/webinar.ndjson.log-expected.json @@ -1,6 +1,6 @@ [ { - "@timestamp": "2020-08-04T18:00:47.499Z", + "@timestamp": "2020-08-04T18:53:23.693Z", "event.action": "webinar.created", "event.dataset": "zoom.webhook", "event.kind": [ @@ -39,7 +39,7 @@ "zoom.webinar.uuid": "czLF6FFFoQOKgAB99DlDb9g==" }, { - "@timestamp": "2020-08-04T18:00:47.499Z", + "@timestamp": "2020-08-04T18:53:23.693Z", "event.action": "webinar.updated", "event.dataset": "zoom.webhook", "event.kind": [ @@ -125,7 +125,7 @@ "zoom.webinar.type": 5 }, { - "@timestamp": "2020-08-04T18:00:47.499Z", + "@timestamp": "2020-08-04T18:53:23.693Z", "event.action": "webinar.deleted", "event.dataset": "zoom.webhook", "event.kind": [ @@ -164,7 +164,7 @@ "zoom.webinar.uuid": "czLF6FFFoQOKgAB99DlDb9g==" }, { - "@timestamp": "2020-08-04T18:00:47.500Z", + "@timestamp": "2020-08-04T18:53:23.693Z", "event.action": "webinar.started", "event.dataset": "zoom.webhook", "event.kind": [ @@ -201,7 +201,7 @@ "zoom.webinar.uuid": "czLF6FFFoQOKgAB99DlDb9g==" }, { - "@timestamp": "2020-08-04T18:00:47.500Z", + "@timestamp": "2020-08-04T18:53:23.693Z", "event.action": "webinar.ended", "event.dataset": "zoom.webhook", "event.kind": [ @@ -238,7 +238,7 @@ "zoom.webinar.uuid": "czLF6FFFoQOKgAB99DlDb9g==" }, { - "@timestamp": "2020-08-04T18:00:47.500Z", + "@timestamp": "2020-08-04T18:53:23.693Z", "event.action": "webinar.alert", "event.dataset": "zoom.webhook", "event.kind": [ @@ -273,7 +273,7 @@ "zoom.webinar.uuid": "4118UHIiRCAAAtBlDkcVyw==" }, { - "@timestamp": "2020-08-04T18:00:47.500Z", + "@timestamp": "2020-08-04T18:53:23.693Z", "event.action": "webinar.sharing_started", "event.dataset": "zoom.webhook", "event.kind": [ @@ -317,7 +317,7 @@ "zoom.webinar.uuid": "4118UHIiRCAAAtBlDkcVyw==" }, { - "@timestamp": "2020-08-04T18:00:47.500Z", + "@timestamp": "2020-08-04T18:53:23.693Z", "event.action": "webinar.sharing_started", "event.dataset": "zoom.webhook", "event.kind": [ @@ -361,7 +361,7 @@ "zoom.webinar.uuid": "4118UHIiRCAAAtBlDkcVyw==" }, { - "@timestamp": "2020-08-04T18:00:47.500Z", + "@timestamp": "2020-08-04T18:53:23.693Z", "event.action": "webinar.registration_created", "event.dataset": "zoom.webhook", "event.kind": [ @@ -416,7 +416,7 @@ "zoom.webinar.uuid": "dj12vck6sdTn6yy7qdy3dQg==" }, { - "@timestamp": "2020-08-04T18:00:47.500Z", + "@timestamp": "2020-08-04T18:53:23.693Z", "event.action": "webinar.registration_approved", "event.dataset": "zoom.webhook", "event.kind": [ @@ -460,7 +460,7 @@ "zoom.webinar.uuid": "dj12vck6sdTn6yy7qdy3dQg==" }, { - "@timestamp": "2020-08-04T18:00:47.500Z", + "@timestamp": "2020-08-04T18:53:23.693Z", "event.action": "webinar.registration_denied", "event.dataset": "zoom.webhook", "event.kind": [ @@ -502,7 +502,7 @@ "zoom.webinar.uuid": "dj12vck6sdTn6yy7qdy3dQg==" }, { - "@timestamp": "2020-08-04T18:00:47.500Z", + "@timestamp": "2020-08-04T18:53:23.693Z", "event.action": "webinar.registration_cancelled", "event.dataset": "zoom.webhook", "event.kind": [ @@ -543,7 +543,7 @@ "zoom.webinar.uuid": "dj12vck6sdTn6yy7qdy3dQg==" }, { - "@timestamp": "2020-08-04T18:00:47.500Z", + "@timestamp": "2020-08-04T18:53:23.694Z", "event.action": "webinar.participant_joined", "event.dataset": "zoom.webhook", "event.kind": [ @@ -583,7 +583,7 @@ "zoom.webinar.uuid": "czLF6FFFoQOKgAB99DlDb9g==" }, { - "@timestamp": "2020-08-04T18:00:47.500Z", + "@timestamp": "2020-08-04T18:53:23.694Z", "event.action": "webinar.participant_left", "event.dataset": "zoom.webhook", "event.kind": [ diff --git a/x-pack/filebeat/module/zoom/webhook/test/zoomroom.ndjson.log-expected.json b/x-pack/filebeat/module/zoom/webhook/test/zoomroom.ndjson.log-expected.json index 4dbaba16d79..c40805e2dce 100644 --- a/x-pack/filebeat/module/zoom/webhook/test/zoomroom.ndjson.log-expected.json +++ b/x-pack/filebeat/module/zoom/webhook/test/zoomroom.ndjson.log-expected.json @@ -1,6 +1,6 @@ [ { - "@timestamp": "2020-08-04T18:00:40.873Z", + "@timestamp": "2020-08-04T18:53:17.171Z", "event.action": "zoomroom.alert", "event.dataset": "zoom.webhook", "event.kind": [ @@ -29,7 +29,7 @@ "zoom.zoomroom.room_name": "MyFabulousZoomRoom" }, { - "@timestamp": "2020-08-04T18:00:40.873Z", + "@timestamp": "2020-08-04T18:53:17.171Z", "event.action": "zoomroom.delayed_alert", "event.dataset": "zoom.webhook", "event.kind": [ @@ -58,7 +58,7 @@ "zoom.zoomroom.room_name": "MyFabulousZoomRoom" }, { - "@timestamp": "2020-08-04T18:00:40.873Z", + "@timestamp": "2020-08-04T18:53:17.172Z", "event.action": "zoomroom.checked_in", "event.dataset": "zoom.webhook", "event.kind": [ @@ -91,7 +91,7 @@ "zoom.zoomroom.room_name": "Sharks Room" }, { - "@timestamp": "2020-08-04T18:00:40.874Z", + "@timestamp": "2020-08-04T18:53:17.172Z", "event.action": "zoomroom.checked_in", "event.dataset": "zoom.webhook", "event.kind": [ From cfe2ce53a8f72b902991c160381f0d3e14ef9982 Mon Sep 17 00:00:00 2001 From: P1llus Date: Tue, 4 Aug 2020 21:02:19 +0200 Subject: [PATCH 07/16] update changelog --- CHANGELOG.next.asciidoc | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 27a2a77064e..85af2a3879c 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -559,6 +559,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Improve Fortinet firewall module with `x509` ECS mappings {pull}20983[20983] - Improve Santa module with `x509` ECS mappings {pull}20976[20976] - Improve Suricata Eve module with `x509` ECS mappings {pull}20973[20973] +- Added new module for Zoom webhooks {pull}20414[20414] *Heartbeat* From ba60f2182694e7886e833e75f0ae6a0423f234a3 Mon Sep 17 00:00:00 2001 From: P1llus Date: Tue, 4 Aug 2020 22:20:53 +0200 Subject: [PATCH 08/16] fixing specific typos, field mappings and description texts pointed out in PR comments --- filebeat/docs/fields.asciidoc | 3570 ++--------------- filebeat/docs/modules/zoom.asciidoc | 4 +- .../filebeat/module/zoom/_meta/docs.asciidoc | 4 +- x-pack/filebeat/module/zoom/_meta/fields.yml | 2 +- x-pack/filebeat/module/zoom/fields.go | 2 +- .../module/zoom/webhook/_meta/fields.yml | 50 +- .../module/zoom/webhook/ingest/pipeline.yml | 3 + .../module/zoom/webhook/ingest/user.yml | 5 + .../test/account.ndjson.log-expected.json | 9 +- .../chat_channel.ndjson.log-expected.json | 6 +- .../chat_message.ndjson.log-expected.json | 9 +- .../test/meeting.ndjson.log-expected.json | 42 +- .../test/phone.ndjson.log-expected.json | 33 +- .../test/recording.ndjson.log-expected.json | 36 +- .../test/user.ndjson.log-expected.json | 43 +- .../test/webinar.ndjson.log-expected.json | 42 +- .../test/zoomroom.ndjson.log-expected.json | 12 +- 17 files changed, 543 insertions(+), 3329 deletions(-) diff --git a/filebeat/docs/fields.asciidoc b/filebeat/docs/fields.asciidoc index 2291b1579d1..6bc39dace29 100644 --- a/filebeat/docs/fields.asciidoc +++ b/filebeat/docs/fields.asciidoc @@ -127581,7 +127581,7 @@ type: boolean [[exported-fields-zoom]] == Zoom fields -Some Zoom module +Module for handling incoming Zoom webhook requests @@ -127652,4413 +127652,1543 @@ type: date -- -*`zoom.account.owner_id`*:: -+ --- -UserID of the related user the action was performed on - - -type: keyword - --- - -*`zoom.account.email`*:: -+ --- -Email related to the user the action was performed on - - -type: keyword - --- - -*`zoom.account.owner_email`*:: -+ --- -Email related to the user the action was performed on - - -type: keyword - --- - -*`zoom.account.account_name`*:: -+ --- -Name related to the user the action was performed on - - -type: keyword - --- - -*`zoom.account.account_alias`*:: -+ --- -Alias related to the user the action was performed on - - -type: keyword - --- - -*`zoom.account.account_support_name`*:: -+ --- -Support account related to the user the action was performed on - - -type: keyword - --- - -*`zoom.account.account_support_email`*:: -+ --- -Support account (Email) related to the user the action was performed on - - -type: keyword - --- - -*`zoom.account.settings.schedule_meeting.host_video`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.account.settings.schedule_meeting.participant_video`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.account.settings.schedule_meeting.audio_type`*:: -+ --- -Settings related to the account - - -type: keyword - --- - -*`zoom.account.settings.schedule_meeting.join_before_host`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.account.settings.schedule_meeting.enforce_login`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.account.settings.schedule_meeting.enforce_login_with_domains`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.account.settings.schedule_meeting.enforce_login_domains`*:: -+ --- -Settings related to the account - - -type: keyword - --- - -*`zoom.account.settings.schedule_meeting.not_store_meeting_topic`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.account.settings.schedule_meeting.force_pmi_jbh_password`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.account.settings.in_meeting.e2e_encryption`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.account.settings.in_meeting.chat`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.account.settings.in_meeting.private_chat`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.account.settings.in_meeting.auto_saving_chat`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.account.settings.in_meeting.file_transfer`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.account.settings.in_meeting.feedback`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.account.settings.in_meeting.post_meeting_feedback`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.account.settings.in_meeting.co_host`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.account.settings.in_meeting.polling`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.account.settings.in_meeting.attendee_on_hold`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.account.settings.in_meeting.show_meeting_control_toolbar`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.account.settings.in_meeting.allow_show_zoom_windows`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.account.settings.in_meeting.annotation`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.account.settings.in_meeting.whiteboard`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.account.settings.in_meeting.webinar_question_answer`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.account.settings.in_meeting.anonymous_question_answer`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.account.settings.in_meeting.breakout_room`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.account.settings.in_meeting.closed_caption`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.account.settings.in_meeting.far_end_camera_control`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.account.settings.in_meeting.group_hd`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.account.settings.in_meeting.virtual_background`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.account.settings.in_meeting.watermark`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.account.settings.in_meeting.alert_guest_join`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.account.settings.in_meeting.auto_answer`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.account.settings.in_meeting.p2p_connetion`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.account.settings.in_meeting.p2p_ports`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.account.settings.in_meeting.ports_range`*:: -+ --- -Settings related to the account - - -type: keyword - --- - -*`zoom.account.settings.in_meeting.sending_default_email_invites`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.account.settings.in_meeting.use_html_format_email`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.account.settings.in_meeting.dscp_marking`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.account.settings.in_meeting.dscp_audio`*:: -+ --- -Settings related to the account - - -type: long - --- - -*`zoom.account.settings.in_meeting.dscp_video`*:: -+ --- -Settings related to the account - - -type: long - --- - -*`zoom.account.settings.in_meeting.stereo_audio`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.account.settings.in_meeting.original_audio`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.account.settings.in_meeting.screen_sharing`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.account.settings.in_meeting.remote_control`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.account.settings.in_meeting.attention_tracking`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.account.settings.email_notification.cloud_recording_avaliable_reminder`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.account.settings.email_notification.jbh_reminder`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.account.settings.email_notification.cancel_meeting_reminder`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.account.settings.email_notification.low_host_count_reminder`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.account.settings.email_notification.alternative_host_reminder`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.account.settings.zoom_rooms.upcoming_meeting_alert`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.account.settings.zoom_rooms.start_airplay_manually`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.account.settings.zoom_rooms.weekly_system_restart`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.account.settings.zoom_rooms.list_meetings_with_calendar`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.account.settings.zoom_rooms.zr_post_meeting_feedback`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.account.settings.zoom_rooms.ultrasonic`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.account.settings.zoom_rooms.force_private_meeting`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.account.settings.zoom_rooms.hide_host_information`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.account.settings.zoom_rooms.cmr_for_instant_meeting`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.account.settings.zoom_rooms.auto_start_stop_scheduled_meetings`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.account.settings.security.admin_change_name_pic`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.account.settings.security.import_photos_from_devices`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.account.settings.security.hide_billing_info`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.account.settings.recording.local_recording`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.account.settings.recording.cloud_recording`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.account.settings.recording.record_speaker_view`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.account.settings.recording.record_gallery_view`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.account.settings.recording.record_audio_file`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.account.settings.recording.save_chat_text`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.account.settings.recording.show_timestamp`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.account.settings.recording.recording_audio_transcript`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.account.settings.recording.auto_recording`*:: -+ --- -Settings related to the account - - -type: keyword - --- - -*`zoom.account.settings.recording.cloud_recording_download`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.account.settings.recording.cloud_recording_download_host`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.account.settings.recording.account_user_access_recording`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.account.settings.recording.auto_delete_cmr`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.account.settings.recording.auto_delete_cmr_days`*:: -+ --- -Settings related to the account - - -type: long - --- - -*`zoom.account.settings.telephony.third_party_audio`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.account.settings.telephony.audio_conference_info`*:: -+ --- -Settings related to the account - - -type: keyword - --- - -*`zoom.account.settings.integration.google_calendar`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.account.settings.integration.google_drive`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.account.settings.integration.dropbox`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.account.settings.integration.box`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.account.settings.integration.microsoft_one_drive`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.account.settings.integration.kubi`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.account.settings.feature.meeting_capacity`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.old_account.owner_id`*:: -+ --- -UserID of the related user the action was performed on - - -type: keyword - --- - -*`zoom.old_account.email`*:: -+ --- -Email related to the user the action was performed on - - -type: keyword - --- - -*`zoom.old_account.owner_email`*:: -+ --- -Email related to the user the action was performed on - - -type: keyword - --- - -*`zoom.old_account.account_name`*:: -+ --- -Name related to the user the action was performed on - - -type: keyword - --- - -*`zoom.old_account.account_alias`*:: -+ --- -Alias related to the user the action was performed on - - -type: keyword - --- - -*`zoom.old_account.account_support_name`*:: -+ --- -Support account related to the user the action was performed on - - -type: keyword - --- - -*`zoom.old_account.account_support_email`*:: -+ --- -Support account (Email) related to the user the action was performed on - - -type: keyword - --- - -*`zoom.old_account.settings.schedule_meeting.host_video`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.old_account.settings.schedule_meeting.participant_video`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.old_account.settings.schedule_meeting.audio_type`*:: -+ --- -Settings related to the account - - -type: keyword - --- - -*`zoom.old_account.settings.schedule_meeting.join_before_host`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.old_account.settings.schedule_meeting.enforce_login`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.old_account.settings.schedule_meeting.enforce_login_with_domains`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.old_account.settings.schedule_meeting.enforce_login_domains`*:: -+ --- -Settings related to the account - - -type: keyword - --- - -*`zoom.old_account.settings.schedule_meeting.not_store_meeting_topic`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.old_account.settings.schedule_meeting.force_pmi_jbh_password`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.old_account.settings.in_meeting.e2e_encryption`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.old_account.settings.in_meeting.chat`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.old_account.settings.in_meeting.private_chat`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.old_account.settings.in_meeting.auto_saving_chat`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.old_account.settings.in_meeting.file_transfer`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.old_account.settings.in_meeting.feedback`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.old_account.settings.in_meeting.post_meeting_feedback`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.old_account.settings.in_meeting.co_host`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.old_account.settings.in_meeting.polling`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.old_account.settings.in_meeting.attendee_on_hold`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.old_account.settings.in_meeting.show_meeting_control_toolbar`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.old_account.settings.in_meeting.allow_show_zoom_windows`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.old_account.settings.in_meeting.annotation`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.old_account.settings.in_meeting.whiteboard`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.old_account.settings.in_meeting.webinar_question_answer`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.old_account.settings.in_meeting.anonymous_question_answer`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.old_account.settings.in_meeting.breakout_room`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.old_account.settings.in_meeting.closed_caption`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.old_account.settings.in_meeting.far_end_camera_control`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.old_account.settings.in_meeting.group_hd`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.old_account.settings.in_meeting.virtual_background`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.old_account.settings.in_meeting.watermark`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.old_account.settings.in_meeting.alert_guest_join`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.old_account.settings.in_meeting.auto_answer`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.old_account.settings.in_meeting.p2p_connetion`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.old_account.settings.in_meeting.p2p_ports`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.old_account.settings.in_meeting.ports_range`*:: -+ --- -Settings related to the account - - -type: keyword - --- - -*`zoom.old_account.settings.in_meeting.sending_default_email_invites`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.old_account.settings.in_meeting.use_html_format_email`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.old_account.settings.in_meeting.dscp_marking`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.old_account.settings.in_meeting.dscp_audio`*:: -+ --- -Settings related to the account - - -type: long - --- - -*`zoom.old_account.settings.in_meeting.dscp_video`*:: -+ --- -Settings related to the account - - -type: long - --- - -*`zoom.old_account.settings.in_meeting.stereo_audio`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.old_account.settings.in_meeting.original_audio`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.old_account.settings.in_meeting.screen_sharing`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.old_account.settings.in_meeting.remote_control`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.old_account.settings.in_meeting.attention_tracking`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.old_account.settings.email_notification.cloud_recording_avaliable_reminder`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.old_account.settings.email_notification.jbh_reminder`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.old_account.settings.email_notification.cancel_meeting_reminder`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.old_account.settings.email_notification.low_host_count_reminder`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.old_account.settings.email_notification.alternative_host_reminder`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.old_account.settings.zoom_rooms.upcoming_meeting_alert`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.old_account.settings.zoom_rooms.start_airplay_manually`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.old_account.settings.zoom_rooms.weekly_system_restart`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.old_account.settings.zoom_rooms.list_meetings_with_calendar`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.old_account.settings.zoom_rooms.zr_post_meeting_feedback`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.old_account.settings.zoom_rooms.ultrasonic`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.old_account.settings.zoom_rooms.force_private_meeting`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.old_account.settings.zoom_rooms.hide_host_information`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.old_account.settings.zoom_rooms.cmr_for_instant_meeting`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.old_account.settings.zoom_rooms.auto_start_stop_scheduled_meetings`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.old_account.settings.security.admin_change_name_pic`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.old_account.settings.security.import_photos_from_devices`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.old_account.settings.security.hide_billing_info`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.old_account.settings.recording.local_recording`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.old_account.settings.recording.cloud_recording`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.old_account.settings.recording.record_speaker_view`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.old_account.settings.recording.record_gallery_view`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.old_account.settings.recording.record_audio_file`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.old_account.settings.recording.save_chat_text`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.old_account.settings.recording.show_timestamp`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.old_account.settings.recording.recording_audio_transcript`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.old_account.settings.recording.auto_recording`*:: -+ --- -Settings related to the account - - -type: keyword - --- - -*`zoom.old_account.settings.recording.cloud_recording_download`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.old_account.settings.recording.cloud_recording_download_host`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.old_account.settings.recording.account_user_access_recording`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.old_account.settings.recording.auto_delete_cmr`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.old_account.settings.recording.auto_delete_cmr_days`*:: -+ --- -Settings related to the account - - -type: long - --- - -*`zoom.old_account.settings.telephony.third_party_audio`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.old_account.settings.telephony.audio_conference_info`*:: -+ --- -Settings related to the account - - -type: keyword - --- - -*`zoom.old_account.settings.integration.google_calendar`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.old_account.settings.integration.google_drive`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.old_account.settings.integration.dropbox`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.old_account.settings.integration.box`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.old_account.settings.integration.microsoft_one_drive`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.old_account.settings.integration.kubi`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.old_account.settings.feature.meeting_capacity`*:: -+ --- -Settings related to the account - - -type: boolean - --- - -*`zoom.chat_channel.name`*:: -+ --- -Channel name - - -type: keyword - --- - -*`zoom.chat_channel.id`*:: -+ --- -Channel ID - - -type: keyword - --- - -*`zoom.chat_channel.type`*:: -+ --- -Channel type - - -type: integer - --- - -*`zoom.chat_channel.timestamp`*:: -+ --- -Time when channel was created/modified/deleted - - -type: date - --- - -*`zoom.chat_channel.date_time`*:: -+ --- -Time when channel was created/modified/deleted - - -type: date - --- - -*`zoom.chat_messages.id`*:: -+ --- -Message ID - - -type: keyword - --- - -*`zoom.chat_messages.type`*:: -+ --- -Type of message, either private message or channel message - - -type: integer - --- - -*`zoom.chat_messages.date_time`*:: -+ --- -Time when message was created/modified/deleted - - -type: date - --- - -*`zoom.chat_messages.timestamp`*:: -+ --- -Time when message was created/modified/deleted - - -type: date - --- - -*`zoom.chat_messages.session_id`*:: -+ --- -SessionID for the channel related to the message - - -type: keyword - --- - -*`zoom.chat_messages.contact_email`*:: -+ --- -Email address related to the user sending the message - - -type: keyword - --- - -*`zoom.chat_messages.contact_id`*:: -+ --- -UserID related to the user sending the message - - -type: keyword - --- - -*`zoom.chat_messages.channel_id`*:: -+ --- -ChannelID related to the message - - -type: keyword - --- - -*`zoom.chat_messages.channel_name`*:: -+ --- -Channel name related to the message - - -type: keyword - --- - -*`zoom.chat_messages.message`*:: -+ --- -The message sent - - -type: keyword - --- - -*`zoom.meeting.id`*:: -+ --- -The ID of the meeting - - -type: keyword - --- - -*`zoom.meeting.uuid`*:: -+ --- -The UUID of the meeting - - -type: keyword - --- - -*`zoom.meeting.host_id`*:: -+ --- -The UserID of the meeting host - - -type: keyword - --- - -*`zoom.meeting.topic`*:: -+ --- -Meeting Topic - - -type: keyword - --- - -*`zoom.meeting.type`*:: -+ --- -Type of meeting created - - -type: integer - --- - -*`zoom.meeting.start_time`*:: -+ --- -Time the meeting started - - -type: date - --- - -*`zoom.meeting.timezone`*:: -+ --- -Timezone used for the meeting - - -type: keyword - --- - -*`zoom.meeting.duration`*:: -+ --- -Seconds the meeting has been active - - -type: long - --- - -*`zoom.meeting.issues`*:: -+ --- -Issue message if an alert is triggered on the meeting - - -type: long - --- - -*`zoom.meeting.password`*:: -+ --- -Password related to the meeting - - -type: keyword - --- - -*`zoom.meeting.settings.host_video`*:: -+ --- -Settings related to the meeting - - -type: boolean - --- - -*`zoom.meeting.settings.participant_video`*:: -+ --- -Settings related to the meeting - - -type: boolean - --- - -*`zoom.meeting.settings.join_before_host`*:: -+ --- -Settings related to the meeting - - -type: boolean - --- - -*`zoom.meeting.settings.mute_upon_entry`*:: -+ --- -Settings related to the meeting - - -type: boolean - --- - -*`zoom.meeting.settings.audio`*:: -+ --- -Settings related to the meeting - - -type: keyword - --- - -*`zoom.meeting.settings.auto_recording`*:: -+ --- -Settings related to the meeting - - -type: keyword - --- - -*`zoom.meeting.settings.use_pmi`*:: -+ --- -Settings related to the meeting - - -type: boolean - --- - -*`zoom.meeting.settings.auto_recording`*:: -+ --- -Settings related to the meeting - - -type: keyword - --- - -*`zoom.meeting.settings.waiting_room`*:: -+ --- -Settings related to the meeting - - -type: boolean - --- - -*`zoom.meeting.settings.watermark`*:: -+ --- -Settings related to the meeting - - -type: boolean - --- - -*`zoom.meeting.settings.enforce_login`*:: -+ --- -Settings related to the meeting - - -type: boolean - --- - -*`zoom.meeting.registrant.id`*:: -+ --- -Information about the person that registers to the meeting - - -type: keyword - --- - -*`zoom.meeting.registrant.email`*:: -+ --- -Information about the person that registers to the meeting - - -type: keyword - --- - -*`zoom.meeting.registrant.first_name`*:: -+ --- -Information about the person that registers to the meeting - - -type: keyword - --- - -*`zoom.meeting.registrant.last_name`*:: -+ --- -Information about the person that registers to the meeting - - -type: keyword - --- - -*`zoom.meeting.registrant.address`*:: -+ --- -Information about the person that registers to the meeting - - -type: keyword - --- - -*`zoom.meeting.registrant.city`*:: -+ --- -Information about the person that registers to the meeting - - -type: keyword - --- - -*`zoom.meeting.registrant.country`*:: -+ --- -Information about the person that registers to the meeting - - -type: keyword - --- - -*`zoom.meeting.registrant.zip`*:: -+ --- -Information about the person that registers to the meeting - - -type: keyword - --- - -*`zoom.meeting.registrant.state`*:: -+ --- -Information about the person that registers to the meeting - - -type: keyword - --- - -*`zoom.meeting.registrant.phone`*:: -+ --- -Information about the person that registers to the meeting - - -type: keyword - --- - -*`zoom.meeting.registrant.industry`*:: -+ --- -Information about the person that registers to the meeting - - -type: keyword - --- - -*`zoom.meeting.registrant.org`*:: -+ --- -Information about the person that registers to the meeting - - -type: keyword - --- - -*`zoom.meeting.registrant.job_title`*:: -+ --- -Information about the person that registers to the meeting - - -type: keyword - --- - -*`zoom.meeting.registrant.purchasing_time_frame`*:: -+ --- -Information about the person that registers to the meeting - - -type: keyword - --- - -*`zoom.meeting.registrant.role_in_purchase_process`*:: -+ --- -Information about the person that registers to the meeting - - -type: keyword - --- - -*`zoom.meeting.registrant.no_of_employees`*:: -+ --- -Information about the person that registers to the meeting - - -type: keyword - --- - -*`zoom.meeting.registrant.comments`*:: -+ --- -Information about the person that registers to the meeting - - -type: keyword - --- - -*`zoom.meeting.registrant.join_url`*:: -+ --- -Information about the person that registers to the meeting - - -type: keyword - --- - -*`zoom.meeting.participant.id`*:: -+ --- -Meeting ID of the related meeting - - -type: keyword - --- - -*`zoom.meeting.participant.user_id`*:: -+ --- -UserID of the participant trigger the sharing event - - -type: keyword - --- - -*`zoom.meeting.participant.user_name`*:: -+ --- -User name of the participant trigger the sharing event - - -type: keyword - --- - -*`zoom.meeting.participant.join_time`*:: -+ --- -The time the participant joined the related meeting - - -type: date - --- - -*`zoom.meeting.participant.leave_time`*:: -+ --- -The time the participant left the related meeting - - -type: date - --- - -*`zoom.meeting.participant.sharing_details.link_source`*:: -+ --- -Method of sharing with dropbox integration - - -type: keyword - --- - -*`zoom.meeting.participant.sharing_details.content`*:: -+ --- -Type of content that was shared - - -type: keyword - --- - -*`zoom.meeting.participant.sharing_details.file_link`*:: -+ --- -The file link that was shared - - -type: keyword - --- - -*`zoom.meeting.participant.sharing_details.date_time`*:: -+ --- -Timestamp the sharing started - - -type: keyword - --- - -*`zoom.meeting.participant.sharing_details.source`*:: -+ --- -The file source that was shared - - -type: keyword - --- - -*`zoom.old_meeting.id`*:: -+ --- -The ID of the meeting - - -type: keyword - --- - -*`zoom.old_meeting.uuid`*:: -+ --- -The UUID of the meeting - - -type: keyword - --- - -*`zoom.old_meeting.host_id`*:: -+ --- -The UserID of the meeting host - - -type: keyword - --- - -*`zoom.old_meeting.topic`*:: -+ --- -Meeting Topic - - -type: keyword - --- - -*`zoom.old_meeting.type`*:: -+ --- -Type of meeting created - - -type: integer - --- - -*`zoom.old_meeting.start_time`*:: -+ --- -Time the meeting started - - -type: date - --- - -*`zoom.old_meeting.timezone`*:: -+ --- -Timezone used for the meeting - - -type: keyword - --- - -*`zoom.old_meeting.duration`*:: -+ --- -Seconds the meeting has been active - - -type: long - --- - -*`zoom.old_meeting.issues`*:: -+ --- -Issue message if an alert is triggered on the meeting - - -type: long - --- - -*`zoom.old_meeting.password`*:: -+ --- -Password related to the meeting - - -type: keyword - --- - -*`zoom.old_meeting.settings.host_video`*:: -+ --- -Settings related to the meeting - - -type: boolean - --- - -*`zoom.old_meeting.settings.participant_video`*:: -+ --- -Settings related to the meeting - - -type: boolean - --- - -*`zoom.old_meeting.settings.join_before_host`*:: -+ --- -Settings related to the meeting - - -type: boolean - --- - -*`zoom.old_meeting.settings.mute_upon_entry`*:: -+ --- -Settings related to the meeting - - -type: boolean - --- - -*`zoom.old_meeting.settings.audio`*:: -+ --- -Settings related to the meeting - - -type: keyword - --- - -*`zoom.old_meeting.settings.auto_recording`*:: -+ --- -Settings related to the meeting - - -type: keyword - --- - -*`zoom.old_meeting.settings.use_pmi`*:: -+ --- -Settings related to the meeting - - -type: boolean - --- - -*`zoom.old_meeting.settings.auto_recording`*:: -+ --- -Settings related to the meeting - - -type: keyword - --- - -*`zoom.old_meeting.settings.waiting_room`*:: -+ --- -Settings related to the meeting - - -type: boolean - --- - -*`zoom.old_meeting.settings.watermark`*:: -+ --- -Settings related to the meeting - - -type: boolean - --- - -*`zoom.old_meeting.settings.enforce_login`*:: -+ --- -Settings related to the meeting - - -type: boolean - --- - -*`zoom.phone.ringing_start_time`*:: -+ --- -The timestamp when a ringtone was established to the callee - - -type: date - --- - -*`zoom.phone.connected_start_time`*:: -+ --- -The timestamp when a ringtone was established to the callee - - -type: date - --- - -*`zoom.phone.answer_start_time`*:: +*`zoom.time_stamp`*:: + -- -The timestamp when the call was answered - - -type: date - --- - -*`zoom.phone.call_end_time`*:: -+ --- -The timestamp when the call ended +Timestamp related to the event type: date -- -*`zoom.phone.call_id`*:: -+ --- -Unique ID of the call - - -type: keyword - --- - -*`zoom.phone.duration`*:: -+ --- -Duration of a voicemail - - -type: long - --- - -*`zoom.phone.caller_number`*:: -+ --- -Caller number related to the voicemail - - -type: keyword - --- - -*`zoom.phone.caller_name`*:: -+ --- -Caller name related to the voicemail - - -type: keyword - --- - -*`zoom.phone.caller_number_type`*:: -+ --- -Caller type related to the voicemail - - -type: long - --- - -*`zoom.phone.caller_user_id`*:: -+ --- -UserID of the person related to the voicemail - - -type: keyword - --- - -*`zoom.phone.callee_user_id`*:: -+ --- -UserID of the callee related to the voicemail - - -type: keyword - --- - -*`zoom.phone.caller.user_id`*:: -+ --- -UserID of the person which initiated the call - - -type: keyword - --- - -*`zoom.phone.caller.phone_number`*:: -+ --- -Phone Number of the caller - - -type: keyword - --- - -*`zoom.phone.caller.extension_number`*:: -+ --- -Extension number of the caller - - -type: keyword - --- - -*`zoom.phone.caller.timezone`*:: -+ --- -Timezone of the caller - - -type: keyword - --- - -*`zoom.phone.caller.device_type`*:: +*`zoom.creation_type`*:: + -- -Device type used by the caller +Creation type type: keyword -- -*`zoom.phone.callee_user_id`*:: +*`zoom.account.owner_id`*:: + -- -UserID of the person that is called +UserID of the user whose sub account was created/disassociated type: keyword -- -*`zoom.phone.callee.user_id`*:: +*`zoom.account.email`*:: + -- -UserID of the person that is called +Email related to the user the action was performed on type: keyword -- -*`zoom.phone.callee.phone_number`*:: +*`zoom.account.owner_email`*:: + -- -Phone Number of the callee +Email of the user whose sub account was created/disassociated type: keyword -- -*`zoom.phone.callee.extension_number`*:: +*`zoom.account.account_name`*:: + -- -Extension number of the callee +When an account name is updated, this is the new value set type: keyword -- -*`zoom.phone.callee.timezone`*:: +*`zoom.account.account_alias`*:: + -- -Timezone of the callee +When an account alias is updated, this is the new value set type: keyword -- -*`zoom.phone.callee.device_type`*:: +*`zoom.account.account_support_name`*:: + -- -Device type used by the callee +When an account support_name is updated, this is the new value set type: keyword -- -*`zoom.recording.id`*:: +*`zoom.account.account_support_email`*:: + -- -ID of the recording +When an account support_email is updated, this is the new value set type: keyword -- -*`zoom.recording.uuid`*:: +*`zoom.chat_channel.name`*:: + -- -UUID of the recording +The name of the channel that has been added/modified/deleted type: keyword -- -*`zoom.recording.host_id`*:: +*`zoom.chat_channel.id`*:: + -- -UserID of the host related to the meeting recording +The ID of the channel that has been added/modified/deleted type: keyword -- -*`zoom.recording.topic`*:: +*`zoom.chat_channel.type`*:: + -- -Topic of the meeting related to the recording +Type of channel related to the event. Can be 1(Invite-Only), 2(Private) or 3(Public) type: keyword -- -*`zoom.recording.type`*:: +*`zoom.chat_channel.timestamp`*:: + -- -Type of recording +Date and time when channel was created/modified/deleted -type: long +type: date -- -*`zoom.recording.start_time`*:: +*`zoom.chat_channel.date_time`*:: + -- -Date of the recording +Epoch time when channel was created/modified/deleted type: date -- -*`zoom.recording.timezone`*:: +*`zoom.chat_message.id`*:: + -- -The timezone used for the recording date +Unique ID of the related chat message type: keyword -- -*`zoom.recording.duration`*:: -+ --- -Duration of the recording - - -type: long - --- - -*`zoom.recording.share_url`*:: +*`zoom.chat_message.type`*:: + -- -The share URL for the recording +Type of message, can be either "to_contact" or "to_channel" type: keyword -- -*`zoom.recording.total_size`*:: +*`zoom.chat_message.date_time`*:: + -- -Total size of the recording in bytes +Date and time when message was created/modified/deleted -type: long +type: date -- -*`zoom.recording.recording_count`*:: +*`zoom.chat_message.timestamp`*:: + -- -Amount of recording files related to the recording +Epoch when message was created/modified/deleted -type: long +type: date -- -*`zoom.recording.host_email`*:: +*`zoom.chat_message.session_id`*:: + -- -Email address of the host related to the meeting +SessionID for the channel related to the message -type: long +type: keyword -- -*`zoom.recording.registrant.id`*:: +*`zoom.chat_message.contact_email`*:: + -- -Information about the person that registers to the meeting +Email address related to the user sending the message type: keyword -- -*`zoom.recording.registrant.email`*:: +*`zoom.chat_message.contact_id`*:: + -- -Information about the person that registers to the meeting +UserID belonging to the user receiving a message type: keyword -- -*`zoom.recording.registrant.first_name`*:: +*`zoom.chat_message.channel_id`*:: + -- -Information about the person that registers to the meeting +ChannelID related to the message type: keyword -- -*`zoom.recording.registrant.last_name`*:: +*`zoom.chat_message.channel_name`*:: + -- -Information about the person that registers to the meeting +Channel name related to the message type: keyword -- -*`zoom.recording.registrant.address`*:: +*`zoom.chat_message.message`*:: + -- -Information about the person that registers to the meeting +A string containing the full message that was sent type: keyword -- -*`zoom.recording.registrant.city`*:: +*`zoom.meeting.id`*:: + -- -Information about the person that registers to the meeting +Unique ID of the related meeting type: keyword -- -*`zoom.recording.registrant.country`*:: +*`zoom.meeting.join_url`*:: + -- -Information about the person that registers to the meeting +The URL to join the meeting type: keyword -- -*`zoom.recording.registrant.zip`*:: +*`zoom.meeting.uuid`*:: + -- -Information about the person that registers to the meeting +The UUID of the related meeting type: keyword -- -*`zoom.recording.registrant.state`*:: +*`zoom.meeting.host_id`*:: + -- -Information about the person that registers to the meeting +The UserID of the configured meeting host type: keyword -- -*`zoom.recording.registrant.phone`*:: +*`zoom.meeting.topic`*:: + -- -Information about the person that registers to the meeting +Topic of the related meeting type: keyword -- -*`zoom.recording.registrant.industry`*:: +*`zoom.meeting.type`*:: + -- -Information about the person that registers to the meeting +Type of meeting created -type: keyword +type: integer -- -*`zoom.recording.registrant.org`*:: +*`zoom.meeting.start_time`*:: + -- -Information about the person that registers to the meeting +Date and time the meeting started -type: keyword +type: date -- -*`zoom.recording.registrant.job_title`*:: +*`zoom.meeting.timezone`*:: + -- -Information about the person that registers to the meeting +Which timezone is used for the meeting timestamps type: keyword -- -*`zoom.recording.registrant.purchasing_time_frame`*:: +*`zoom.meeting.duration`*:: + -- -Information about the person that registers to the meeting +The duration of a meeting in minutes -type: keyword +type: long -- -*`zoom.recording.registrant.role_in_purchase_process`*:: +*`zoom.meeting.issues`*:: + -- -Information about the person that registers to the meeting +When a user reports an issue with the meeting, for example: "Unstable audio quality" type: keyword -- -*`zoom.recording.registrant.no_of_employees`*:: +*`zoom.meeting.password`*:: + -- -Information about the person that registers to the meeting +Password related to the meeting type: keyword -- -*`zoom.recording.registrant.comments`*:: +*`zoom.phone.id`*:: + -- -Information about the person that registers to the meeting +Unique ID for the phone or conversation type: keyword -- -*`zoom.recording.registrant.join_url`*:: +*`zoom.phone.user_id`*:: + -- -Information about the person that registers to the meeting +UserID for the phone owner related to a Call Log being completed type: keyword -- -*`zoom.user.id`*:: +*`zoom.phone.download_url`*:: + -- -UserID related to the user event +Download URL for the voicemail type: keyword -- -*`zoom.user.first_name`*:: +*`zoom.phone.ringing_start_time`*:: + -- -User first name related to the user event +The timestamp when a ringtone was established to the callee -type: keyword +type: date -- -*`zoom.user.last_name`*:: +*`zoom.phone.connected_start_time`*:: + -- -User last name related to the user event +The date and time when a ringtone was established to the callee -type: keyword +type: date -- -*`zoom.user.email`*:: +*`zoom.phone.answer_start_time`*:: + -- -User email related to the user event +The date and time when the call was answered -type: keyword +type: date -- -*`zoom.user.type`*:: +*`zoom.phone.call_end_time`*:: + -- -User type related to the user event +The date and time when the call ended -type: keyword +type: date -- -*`zoom.user.phone_number`*:: +*`zoom.phone.call_id`*:: + -- -Phone number related to the user +Unique ID of the related call type: keyword -- -*`zoom.user.phone_country`*:: +*`zoom.phone.duration`*:: + -- -Country code related to the phone number +Duration of a voicemail in minutes -type: keyword +type: long -- -*`zoom.user.company`*:: +*`zoom.phone.caller_number`*:: + -- -User Company +Caller number related to the voicemail type: keyword -- -*`zoom.user.pmi`*:: +*`zoom.phone.caller_name`*:: + -- -User personal meeting ID +Caller name related to the voicemail type: keyword -- -*`zoom.user.use_pmi`*:: +*`zoom.phone.caller_number_type`*:: + -- -If use PMI is enabled +Caller type related to the voicemail, can either be 1(Internal) or 2(External) -type: boolean +type: long -- -*`zoom.user.pic_url`*:: +*`zoom.phone.caller_user_id`*:: + -- -URL to the profile picture +UserID of the caller related to the voicemail type: keyword -- -*`zoom.user.vanity_name`*:: +*`zoom.phone.callee_user_id`*:: + -- -Name of the related users personal meeting room +UserID of the callee related to the voicemail type: keyword -- -*`zoom.user.timezone`*:: +*`zoom.phone.callee_extension_type`*:: + -- -Timezone configured for the user +Extension type of the calle related to the voicemail, can be user, callQueue, autoReceptionist or shareLineGroup type: keyword -- -*`zoom.user.language`*:: +*`zoom.phone.caller.user_id`*:: + -- -Language settings for the user +UserID of the person which initiated the call type: keyword -- -*`zoom.user.host_key`*:: +*`zoom.phone.caller.phone_number`*:: + -- -Host key set for the user +Phone Number of the caller related to the call type: keyword -- -*`zoom.user.role`*:: +*`zoom.phone.caller.extension_number`*:: + -- -The configured role for the user +Extension number of the caller type: keyword -- -*`zoom.user.dept`*:: +*`zoom.phone.caller.timezone`*:: + -- -The configured departement for the user +Timezone of the caller type: keyword -- -*`zoom.user.settings.meeting_capacity`*:: +*`zoom.phone.caller.device_type`*:: + -- -Maximum capacity for the user +Device type used by the caller -type: long +type: keyword -- -*`zoom.user.settings.large_meeting`*:: +*`zoom.phone.callee_id`*:: + -- -If large meeting plan is enabled for the user +UserID of the related callee of the voicemail -type: boolean +type: keyword -- -*`zoom.user.presence_status`*:: +*`zoom.phone.callee.user_id`*:: + -- -Current presence status of user +UserID of the related callee of a call type: keyword -- -*`zoom.user.personal_note`*:: +*`zoom.phone.callee_name`*:: + -- -Personal notes for the User +The name of the callee related to the voicemail type: keyword -- -*`zoom.user.date_time`*:: +*`zoom.phone.callee.phone_number`*:: + -- -Time when user logged in/out +Phone Number of the callee related to the call -type: date +type: keyword -- -*`zoom.old_user.id`*:: +*`zoom.phone.callee_number`*:: + -- -UserID related to the user event +Number of the callee related to the voicemail type: keyword -- -*`zoom.old_user.first_name`*:: +*`zoom.phone.callee_number_type`*:: + -- -User first name related to the user event +Type of number related to the callee of the voicemail. Can be 1(Internal) or 2(External) type: keyword -- -*`zoom.old_user.last_name`*:: +*`zoom.phone.callee.extension_number`*:: + -- -User last name related to the user event +Extension number of the callee related to the call type: keyword -- -*`zoom.old_user.email`*:: +*`zoom.phone.callee.timezone`*:: + -- -User email related to the user event +Timezone of the callee related to the call type: keyword -- -*`zoom.old_user.type`*:: +*`zoom.phone.callee.device_type`*:: + -- -User type related to the user event +Device type used by the callee related to the call type: keyword -- -*`zoom.old_user.phone_number`*:: +*`zoom.phone.date_time`*:: + -- -Phone number related to the user +Date and time of the related phone event -type: keyword +type: date -- -*`zoom.old_user.phone_country`*:: +*`zoom.recording.id`*:: + -- -Country code related to the phone number +Unique ID of the related recording type: keyword -- -*`zoom.old_user.company`*:: +*`zoom.recording.uuid`*:: + -- -User Company +UUID of the related recording type: keyword -- -*`zoom.old_user.pmi`*:: +*`zoom.recording.host_id`*:: + -- -User personal meeting ID +UserID of the host of the meeting that was recorded type: keyword -- -*`zoom.old_user.use_pmi`*:: +*`zoom.recording.topic`*:: + -- -If use PMI is enabled +Topic of the meeting related to the recording -type: boolean +type: keyword -- -*`zoom.old_user.pic_url`*:: +*`zoom.recording.type`*:: + -- -URL to the profile picture +Type of recording, can be multiple type of values, please check Zoom documentation type: keyword -- -*`zoom.old_user.vanity_name`*:: +*`zoom.recording.start_time`*:: + -- -Name of the related users personal meeting room +The date and time when the recording started -type: keyword +type: date -- -*`zoom.old_user.timezone`*:: +*`zoom.recording.timezone`*:: + -- -Timezone configured for the user +The timezone used for the recording date type: keyword -- -*`zoom.old_user.language`*:: +*`zoom.recording.duration`*:: + -- -Language settings for the user +Duration of the recording in minutes -type: keyword +type: long -- -*`zoom.old_user.host_key`*:: +*`zoom.recording.share_url`*:: + -- -Host key set for the user +The URL to access the recording type: keyword -- -*`zoom.old_user.role`*:: +*`zoom.recording.total_size`*:: + -- -The configured role for the user +Total size of the recording in bytes -type: keyword +type: long -- -*`zoom.old_user.dept`*:: +*`zoom.recording.recording_count`*:: + -- -The configured departement for the user +Number of recording files related to the recording -type: keyword +type: long -- -*`zoom.old_user.settings.meeting_capacity`*:: +*`zoom.recording.host_email`*:: + -- -Maximum capacity for the user +Email address of the host related to the meeting that was recorded -type: long +type: keyword -- -*`zoom.old_user.settings.large_meeting`*:: +*`zoom.user.id`*:: + -- -If large meeting plan is enabled for the user +UserID related to the user event -type: boolean +type: keyword -- -*`zoom.old_user.presence_status`*:: +*`zoom.user.first_name`*:: + -- -Current presence status of user +User first name related to the user event type: keyword -- -*`zoom.old_user.personal_note`*:: +*`zoom.user.last_name`*:: + -- -Personal notes for the User +User last name related to the user event type: keyword -- -*`zoom.old_user.date_time`*:: +*`zoom.user.email`*:: + -- -Time when user logged in/out +User email related to the user event -type: date +type: keyword -- -*`zoom.webinar.id`*:: +*`zoom.user.type`*:: + -- -Unique ID for the webinar +User type related to the user event type: keyword -- -*`zoom.webinar.uuid`*:: +*`zoom.user.phone_number`*:: + -- -UUID for the webinar +User phone number related to the user event type: keyword -- -*`zoom.webinar.host_id`*:: +*`zoom.user.phone_country`*:: + -- -UserID of the host of the webinar +User country code related to the user event type: keyword -- -*`zoom.webinar.topic`*:: +*`zoom.user.company`*:: + -- -Topic of the webinar +User company related to the user event type: keyword -- -*`zoom.webinar.type`*:: +*`zoom.user.pmi`*:: + -- -Type of webinar created +User personal meeting ID related to the user event type: keyword -- -*`zoom.webinar.start_time`*:: +*`zoom.user.use_pmi`*:: + -- -Start time of the webinar +If a user has PMI enabled -type: date +type: boolean -- -*`zoom.webinar.timezone`*:: +*`zoom.user.pic_url`*:: + -- -Timezone of the webinar +Full URL to the profile picture used by the user type: keyword -- -*`zoom.webinar.duration`*:: +*`zoom.user.vanity_name`*:: + -- -Duration of the webinar +Name of the personal meeting room related to the user event -type: long +type: keyword -- -*`zoom.webinar.agenda`*:: +*`zoom.user.timezone`*:: + -- -Agenda of the webinar +Timezone configured for the user type: keyword -- -*`zoom.webinar.password`*:: +*`zoom.user.language`*:: + -- -Password for the webinar +Language configured for the user type: keyword -- -*`zoom.webinar.issues`*:: +*`zoom.user.host_key`*:: + -- -Related issues to the webinar +Host key set for the user type: keyword -- -*`zoom.webinar.settings.host_video`*:: +*`zoom.user.role`*:: + -- -Related webinar settings +The configured role for the user type: keyword -- -*`zoom.webinar.settings.panelists_video`*:: +*`zoom.user.dept`*:: + -- -Related webinar settings +The configured departement for the user type: keyword -- -*`zoom.webinar.settings.practice_session`*:: +*`zoom.user.presence_status`*:: + -- -Related webinar settings +Current presence status of user type: keyword -- -*`zoom.webinar.settings.approval_type`*:: +*`zoom.user.personal_notes`*:: + -- -Related webinar settings +Personal notes for the User type: keyword -- -*`zoom.webinar.settings.registration_type`*:: +*`zoom.user.date_time`*:: + -- -Related webinar settings +The date and time when user logged in or out -type: keyword +type: date -- -*`zoom.webinar.settings.audio`*:: +*`zoom.user.client_type`*:: + -- -Related webinar settings +Type of client used by the user. Can be browser, mac, win, iphone or android type: keyword -- -*`zoom.webinar.settings.auto_recording`*:: +*`zoom.user.version`*:: + -- -Related webinar settings +Version of the client used by the user type: keyword -- -*`zoom.webinar.settings.enforce_login`*:: +*`zoom.webinar.id`*:: + -- -Related webinar settings +Unique ID for the related webinar type: keyword -- -*`zoom.old_webinar.id`*:: +*`zoom.webinar.join_url`*:: + -- -Unique ID for the webinar +The URL configured to join the webinar type: keyword -- -*`zoom.old_webinar.uuid`*:: +*`zoom.webinar.uuid`*:: + -- -UUID for the webinar +UUID for the related webinar type: keyword -- -*`zoom.old_webinar.host_id`*:: +*`zoom.webinar.host_id`*:: + -- -UserID of the host of the webinar +UserID for the configured host of the webinar type: keyword -- -*`zoom.old_webinar.topic`*:: +*`zoom.webinar.topic`*:: + -- -Topic of the webinar +Meeting topic of the related webinar type: keyword -- -*`zoom.old_webinar.type`*:: +*`zoom.webinar.type`*:: + -- -Type of webinar created +Type of webinar created. Can be either 5(Webinar), 6(Recurring webinar without fixed time) or 9(Recurring webinar with fixed time) type: keyword -- -*`zoom.old_webinar.start_time`*:: +*`zoom.webinar.start_time`*:: + -- -Start time of the webinar +The date and time when the webinar started type: date -- -*`zoom.old_webinar.timezone`*:: +*`zoom.webinar.timezone`*:: + -- -Timezone of the webinar +Timezone used for the dates related to the webinar type: keyword -- -*`zoom.old_webinar.duration`*:: +*`zoom.webinar.duration`*:: + -- -Duration of the webinar +Duration of the webinar in minutes type: long -- -*`zoom.old_webinar.agenda`*:: +*`zoom.webinar.agenda`*:: + -- -Agenda of the webinar +The configured agenda of the webinar type: keyword -- -*`zoom.old_webinar.password`*:: +*`zoom.webinar.password`*:: + -- -Password for the webinar +Password configured to access the webinar type: keyword -- -*`zoom.old_webinar.settings.host_video`*:: +*`zoom.webinar.issues`*:: + -- -Related webinar settings +Any reported issues about a webinar is reported in this field type: keyword -- -*`zoom.old_webinar.settings.panelists_video`*:: +*`zoom.zoomroom.id`*:: + -- -Related webinar settings +Unique ID of the Zoom room type: keyword -- -*`zoom.old_webinar.settings.practice_session`*:: +*`zoom.zoomroom.room_name`*:: + -- -Related webinar settings +The configured name of the Zoom room type: keyword -- -*`zoom.old_webinar.settings.approval_type`*:: +*`zoom.zoomroom.calendar_name`*:: + -- -Related webinar settings +Calendar name of the Zoom room type: keyword -- -*`zoom.old_webinar.settings.registration_type`*:: +*`zoom.zoomroom.calendar_id`*:: + -- -Related webinar settings +Unique ID of the calendar used by the Zoom room type: keyword -- -*`zoom.old_webinar.settings.audio`*:: +*`zoom.zoomroom.event_id`*:: + -- -Related webinar settings +Unique ID of the calendar event associated with the Zoom Room type: keyword -- -*`zoom.old_webinar.settings.auto_recording`*:: +*`zoom.zoomroom.change_key`*:: + -- -Related webinar settings +Key used by Microsoft products integration that represents a specific version of a calendar type: keyword -- -*`zoom.old_webinar.settings.enforce_login`*:: +*`zoom.zoomroom.resource_email`*:: + -- -Related webinar settings +Email address associated with the calendar in use by the Zoom room type: keyword -- -*`zoom.webinar.registrant.id`*:: +*`zoom.zoomroom.email`*:: + -- -Information about the person that registers to the webinar +Email address associated with the Zoom room itself type: keyword -- -*`zoom.webinar.registrant.email`*:: +*`zoom.zoomroom.issue`*:: + -- -Information about the person that registers to the webinar +Any reported alerts or issues related to the Zoom room or its equipment type: keyword -- -*`zoom.webinar.registrant.first_name`*:: +*`zoom.zoomroom.alert_type`*:: + -- -Information about the person that registers to the webinar +An integer value representing the type of alert. The list of alert types can be found in the Zoom documentation type: keyword -- -*`zoom.webinar.registrant.last_name`*:: +*`zoom.zoomroom.component`*:: + -- -Information about the person that registers to the webinar +An integer value representing the type of equipment or component, The list of component types can be found in the Zoom documentation type: keyword -- -*`zoom.webinar.registrant.address`*:: +*`zoom.zoomroom.alert_kind`*:: + -- -Information about the person that registers to the webinar +An integer value showing if the Zoom room alert has been either 1(Triggered) or 2(Cleared) type: keyword -- -*`zoom.webinar.registrant.city`*:: +*`zoom.registrant.id`*:: + -- -Information about the person that registers to the webinar +Unique ID of the user registering to a meeting or webinar type: keyword -- -*`zoom.webinar.registrant.country`*:: +*`zoom.registrant.status`*:: + -- -Information about the person that registers to the webinar +Status of the specific user registration type: keyword -- -*`zoom.webinar.registrant.zip`*:: +*`zoom.registrant.email`*:: + -- -Information about the person that registers to the webinar +Email of the user registering to a meeting or webinar type: keyword -- -*`zoom.webinar.registrant.state`*:: +*`zoom.registrant.first_name`*:: + -- -Information about the person that registers to the webinar +First name of the user registering to a meeting or webinar type: keyword -- -*`zoom.webinar.registrant.phone`*:: +*`zoom.registrant.last_name`*:: + -- -Information about the person that registers to the webinar +Last name of the user registering to a meeting or webinar type: keyword -- -*`zoom.webinar.registrant.industry`*:: +*`zoom.registrant.address`*:: + -- -Information about the person that registers to the webinar +Address of the user registering to a meeting or webinar type: keyword -- -*`zoom.webinar.registrant.org`*:: +*`zoom.registrant.city`*:: + -- -Information about the person that registers to the webinar +City of the user registering to a meeting or webinar type: keyword -- -*`zoom.webinar.registrant.job_title`*:: +*`zoom.registrant.country`*:: + -- -Information about the person that registers to the webinar +Country of the user registering to a meeting or webinar type: keyword -- -*`zoom.webinar.registrant.purchasing_time_frame`*:: +*`zoom.registrant.zip`*:: + -- -Information about the person that registers to the webinar +Zip code of the user registering to a meeting or webinar type: keyword -- -*`zoom.webinar.registrant.role_in_purchase_process`*:: +*`zoom.registrant.state`*:: + -- -Information about the person that registers to the webinar +State of the user registering to a meeting or webinar type: keyword -- -*`zoom.webinar.registrant.no_of_employees`*:: +*`zoom.registrant.phone`*:: + -- -Information about the person that registers to the webinar +Phone number of the user registering to a meeting or webinar type: keyword -- -*`zoom.webinar.registrant.comments`*:: +*`zoom.registrant.industry`*:: + -- -Information about the person that registers to the webinar +Related industry of the user registering to a meeting or webinar type: keyword -- -*`zoom.webinar.registrant.join_url`*:: +*`zoom.registrant.org`*:: + -- -Information about the person that registers to the webinar +Organization related to the user registering to a meeting or webinar type: keyword -- -*`zoom.webinar.participant.id`*:: +*`zoom.registrant.job_title`*:: + -- -Webinar ID of the related meeting +Job title of the user registering to a meeting or webinar type: keyword -- -*`zoom.webinar.participant.user_id`*:: +*`zoom.registrant.purchasing_time_frame`*:: + -- -UserID of the participant trigger the sharing event +Choosen purchase timeframe of the user registering to a meeting or webinar type: keyword -- -*`zoom.webinar.participant.user_name`*:: +*`zoom.registrant.role_in_purchase_process`*:: + -- -User name of the participant trigger the sharing event +Choosen role in a purchase process related to the user registering to a meeting or webinar type: keyword -- -*`zoom.webinar.participant.join_time`*:: +*`zoom.registrant.no_of_employees`*:: + -- -The time the participant joined the related meeting +Number of employees choosen by the user registering to a meeting or webinar -type: date +type: keyword -- -*`zoom.webinar.participant.leave_time`*:: +*`zoom.registrant.comments`*:: + -- -The time the participant left the related meeting +Comments left by the user registering to a meeting or webinar -type: date +type: keyword -- -*`zoom.zoomroom.id`*:: +*`zoom.registrant.join_url`*:: + -- -ID of the Zoom room +The URL that the registrant can use to join the webinar type: keyword -- -*`zoom.zoomroom.room_name`*:: +*`zoom.participant.id`*:: + -- -Name of the Zoom room +Unique ID of the participant related to a meeting type: keyword -- -*`zoom.zoomroom.calendar_name`*:: +*`zoom.participant.user_id`*:: + -- -Calendar name of the Zoom room +UserID of the participant related to a meeting type: keyword -- -*`zoom.zoomroom.calendar_id`*:: +*`zoom.participant.user_name`*:: + -- -Calendar ID of the Zoom room +Username of the participant related to a meeting type: keyword -- -*`zoom.zoomroom.event_id`*:: +*`zoom.participant.join_time`*:: + -- -Event ID of the Zoom room +The date and time a participant joined a meeting -type: keyword +type: date -- -*`zoom.zoomroom.change_key`*:: +*`zoom.participant.leave_time`*:: + -- -Change key of the Zoom room +The date and time a participant left a meeting -type: keyword +type: date -- -*`zoom.zoomroom.resource_email`*:: +*`zoom.participant.sharing_details.link_source`*:: + -- -Resource email address related to the Zoom room +Method of sharing with dropbox integration type: keyword -- -*`zoom.zoomroom.email`*:: +*`zoom.participant.sharing_details.content`*:: + -- -Email related to the Zoom room +Type of content that was shared type: keyword -- -*`zoom.zoomroom.issue`*:: +*`zoom.participant.sharing_details.file_link`*:: + -- -Related issue message to the Zoom room +The file link that was shared type: keyword -- -*`zoom.zoomroom.alert_type`*:: +*`zoom.participant.sharing_details.date_time`*:: + -- -Zoom room alert type +Timestamp the sharing started type: keyword -- -*`zoom.zoomroom.component`*:: +*`zoom.participant.sharing_details.source`*:: + -- -Zoom room component +The file source that was share type: keyword -- -*`zoom.zoomroom.alert_kind`*:: +*`zoom.old_values`*:: + -- -Alert kind related to the Zoom room +Includes the old values when updating a object like user, meeting, account or webinar -type: keyword +type: flattened + +-- + +*`zoom.settings`*:: ++ +-- +The current active settings related to a object like user, meeting, account or webinar + + +type: flattened -- diff --git a/filebeat/docs/modules/zoom.asciidoc b/filebeat/docs/modules/zoom.asciidoc index 26be63ff187..adc6a4053c3 100644 --- a/filebeat/docs/modules/zoom.asciidoc +++ b/filebeat/docs/modules/zoom.asciidoc @@ -12,9 +12,9 @@ This file is generated! See scripts/docs_collector.py == Zoom module beta[] -This is a module for Zoom webhook logs. The module creates a HTTP listeners that accepts incoming webhooks from Zoom. +This is a module for Zoom webhook logs. The module creates an HTTP listener that accepts incoming webhooks from Zoom. -To configure Zoom to send webhooks to the filebeat module, please follow the documentation from Zoom located here: https://marketplace.zoom.us/docs/guides/build/webhook-only-app[Zoom Documentation]. +To configure Zoom to send webhooks to the filebeat module, please follow the https://marketplace.zoom.us/docs/guides/build/webhook-only-app[Zoom Documentation]. include::../include/gs-link.asciidoc[] diff --git a/x-pack/filebeat/module/zoom/_meta/docs.asciidoc b/x-pack/filebeat/module/zoom/_meta/docs.asciidoc index b34edf57720..0d324bfdbdb 100644 --- a/x-pack/filebeat/module/zoom/_meta/docs.asciidoc +++ b/x-pack/filebeat/module/zoom/_meta/docs.asciidoc @@ -7,9 +7,9 @@ == Zoom module beta[] -This is a module for Zoom webhook logs. The module creates a HTTP listeners that accepts incoming webhooks from Zoom. +This is a module for Zoom webhook logs. The module creates an HTTP listener that accepts incoming webhooks from Zoom. -To configure Zoom to send webhooks to the filebeat module, please follow the documentation from Zoom located here: https://marketplace.zoom.us/docs/guides/build/webhook-only-app[Zoom Documentation]. +To configure Zoom to send webhooks to the filebeat module, please follow the https://marketplace.zoom.us/docs/guides/build/webhook-only-app[Zoom Documentation]. include::../include/gs-link.asciidoc[] diff --git a/x-pack/filebeat/module/zoom/_meta/fields.yml b/x-pack/filebeat/module/zoom/_meta/fields.yml index e0fe58c7fbe..effe0e74b04 100644 --- a/x-pack/filebeat/module/zoom/_meta/fields.yml +++ b/x-pack/filebeat/module/zoom/_meta/fields.yml @@ -1,5 +1,5 @@ - key: zoom title: Zoom description: > - Some Zoom module + Module for handling incoming Zoom webhook requests fields: diff --git a/x-pack/filebeat/module/zoom/fields.go b/x-pack/filebeat/module/zoom/fields.go index 43adc381437..e664a9f08c6 100644 --- a/x-pack/filebeat/module/zoom/fields.go +++ b/x-pack/filebeat/module/zoom/fields.go @@ -19,5 +19,5 @@ func init() { // AssetZoom returns asset data. // This is the base64 encoded gzipped contents of module/zoom. func AssetZoom() string { - return "eJzEnF9v2zgSwN/3UxB9SoFsF7uHO+DycECRdO9y1+722uYW2BeBpsYWNxSpklRc59Mf+E+WbVmSnaE3D0XtKMMfh8PhzJDi9+QRNjfkWan6O0IstwJuyO/hUwmGad5YruQN+cd3hBDyWdXgf01qVbYCviNkyUGU5sb/2v18TyStoROZfuymgRuy0qptet9qEEAN3JAFWNr7voQlbYUtvPAbsqTCwM6vD8jSzwfPRZZKk4Zqw+Uq8L79eE9+g0Wl1KN50/uLffx+F2pqLOiCMqZaaQte7jyV+vQIm7XS+78bQfSYXjR5G0Q7PVALJbGKUGIaYHzJGfncLtITg3ymXWSB+xRpptpXDWhqlUZt/MGAvr8jtqKWWM1XK9BOMRUQeIIJEFwKJ/uHdzXloj8+jqQ1oE8jzDlMUbZTmprAsLwGY2ndDFKU1MJpCF+SvH0NjSMUfzID00CduMK1iTcgt1EsORC7ZwZv1FpClmmjlr7rSRPRUIFQ5sHW1JAG9FLpGkqi5CgkONPHIxybSecBBi3mxqTOz6Y2ybrirPKYJTfUGMW4e3CUM01+9y0e6G8VSEJlR+akE25I27g5VF4TW3HjvnDqlbAmT1S0QAyMeqgOlgpOTT5aLx4R17RNo3RuHfdbyQCPbMrH6H0zL8BnFbUFq6iUIN7gKvyLA3DKjY4sthIW24oasgDXp7KE8odalXzJofyhBAHH5uAOK6bDdaRbh4vLibssfdk0Xp+JcWiZfENuqSQLID9e3csnbuH7X6XYvL4mP1191PyJWnhNlCZ/ufrYLgRnr2f0ATnUuKMWCJWlDyDI2pl26pDzxn5JP0vZDqVwQpFA3zWKVWiUNRhDV4Bqug+Sf2371psswrVIYovTSHmsNEq/JiwYJHBbgSavrCqYkpYy+8pZov8cNPtqGhV7jAeMMTb1wmHGnjXBGBEBDRjjImdMe/wcZN7f+bS97073XNVs04yWkic2pGWpwZjBUNaALLlcnUebIR9YgFBy5Yl6lBoY8Cf3LT2BMowJKuVtkHl/d/5IRyrcMCRyhVDkXLShB19E9ZYYq92oeYPhMhnashWim94+AnFz3BzLfmsAy+XqMktKbGwU5A/FZdFqxInqgrOHT+/dkDnhcdymSdoWO0R8eDhPJ5UyuA7Bw+wUCZiSS75q9ZaIuFZHsaxqOEOEcuLOUc/R2INLCyvYrwTOjj2CGuLyOEpgLNU2X0zRs1jim5rAcX/0rCRq7stjHOvk+nTRQNkt0Qmui1jMKF/Zal8bG+Rza9Tp1pxEupGjHQ+XpOaytTDOw41pAb2+kZZXl2Ybl3r7Zsia26qvtGuvRfhG60bADXn1II2lCwGEtiVX5GtLBbeb4bg2daChxgxgvqALH6PEwwXv+HxsKiVzJSfJ0nwbLuZnSj6BNod2tEvjxiBHLLXHs5Z+qHt1wlsqBHmvVmQBYZV2w3ts4gbWUq2lULTEXf7uolS/BibsJ8XZYTy8i+OiCy5XBbpzc/O18xQhH6HEtWadLl24An4KcFNtDY9RIWA40Aq4TEkJzEKZB7g8zPIQoKk0a9AXI05Mnje0PWqR7tkCZHlJNJDlNNNlKiBUjM0P5FXsbmcF6ybo1Bq2VQroQrb14iDeeUnq48WSIHZ/KZjjQxIXbkIWqQbysVOYfKeO7/qdPoKRy/35Ua5Qyop1rFhitaAlFb6m+tPVu2/x43QPcq1tKSUI3TlXw3ARvvMtAAr4ZkEa/K3fd0luMIU+7oRdLEJN5to//N8WWrgmtLXqEzDwzXFjnZmYimp4zyX8c+8MzbClZIuCYtca0EbJuB3KJbc89DH2eprPf0D3Xh99bPZLcF6jRj2Pcmsv2KRbi5EDtNNk+Anfl5TqnUhSwhNngDyh7rzQMJt83rnYnAAFFzhbEX1R/Ha+D8o9Mw/56CxjB+Ql+2Ar94W++9Ie4wB1phKR+eaQnbAAToVAL9q7Gw4aj0yUnS3n8+Ih+LP883m2cSmffSbd5f34qaB5t3H3/Gco8xw/RKiBKV1ebCOla24CBncLY2j7Yi4J+hbG7jrnxKf/d8XotPkVKI4UFbaIObczEtOeic/VXh4P3cnvko+6FZY3ArrExZ/9Mtek8UfzCauAPYYz9KVibQ3SHi/AbvEvWd7qWh3dKempFt8Nx/Kmd8U72yRbtoMuH4JlLC/tskwUmHrD6LLObHuzlDEw5rRpoSwVheHPWBWcL04gcQIH1bTYTCup+19x+K7E+WDbwG8LtOQCDg6enOSPs56I6Xvm4U2kmR7apUi4y2pYOoaO7Bxf4T3FkmuDfazY0RAveLCiOQdL0DxUTu7ZUMjG5YHg6GsDEzC4C6hnGSrzzkHJk7l6pBClDide89G839IbZLYolTBVnqU2puqGSnwqL/UsZdUce/h8GZWKzj+e56RaA8UxuIVSAuh+TDEBd79MhxkqasjHD/cEJF2IMXfdcIYbKPzcCpEiBV9y1sqtf6ThzLZ6N510BMfRnqjkdoPsLn/p1bYOhlG7ePkcp5WvQtA77pWC03GtCSpXLeoBxvdR4uksPnZ5BERf8C8XpDzChhiwMyG0Esg5Q08PTvhMjhKa4SATg6OExuVQLs+bidNoMCCZf6vTtohnqm5brR1GaoCEBtykmyCK07GQaj96f1mtOE1zL7dTz8P4aCEXrY4kwt67CLVaQUm4VJqodmxpFRykzVQGDsIP/HNX8F1otfZbnjVl12TN5TXh3SEvKkut+Mg68wTaHMuRz8L+XxDYlVCH6QeB1rDgkiKnKgcH4NI6ElsbJcl3lrrnI/rHqudAZahJnqObXAXJ7q2VrYb6xck5aMiFyA8p2x46Xz2LJ4tjiNLT+erOIcSzMX+9+i088Pqa/O3qE7BW+9cd0p+tua1Ua8mSf4Pg+vyG0d+PPNp/brSzl6xVJsCxSmU3CPmCwZ0apUM9qCrNsZLM9cqkq4lqZaKhK5AlzRYYBfGnTOqMR7R3nXGvjjqHC/vs+1ufTTfKGXQ48W4IXbiZSrdjaHqPyPDCub97Z5D0WanapVB5t9b8pobevadogMH9k+FsRG8I+8ckZkIxKpw5Zjhn6cW+CCnroKVWdgK0mYQ++b4Qnm+LbG8I2b4E4mE/TauzonIFuEnvf2DT6e0DZ1oZtXT5lSpbZk14eSr6YF+o1xByL2v691I9bQNm2nV4Yg6BUa1mkHf/YUjb3YBwnyOdajGXxu24CLcGxHLCPTpnm8mRUwHaGhdgRZe+FyBsSd0j1hD42vKmPlbe6pi9XOTM82167y/eXNLZbXpFNm1u+8bfeP8reAjR/Vf+AZP2xJeqlXGZgrlb39t5q+pGyX01XKZ73RCE16UiyPVOf7uvEfscxvSRS0TXut9pU6m135TdW5TiAHaXrsRk4serL+lutnis7FYAdZ8Gu6JhxY3VVNq8MUd8QTA0FnO03tuLSo9GcD1K7GLb56625jA7X7/He/TcR8eVxWNiKy/Hpu7P2/1cbNwMm73vaS7YuLohOoLd0wVooIxbxNDqltsNPiL2vuxt3JLFBn3mwzfWnAX5O2/CnnEOn4k4h5zLxIf0lXDEkkH/gAA2K5dla1ANNF1qmiSjIyu9X5V6Ae2vekUlfw4Z09B2LwbxH2pR+JuZ8bj/rRbhsmd86201q6jhcuULqsVSI1/Mo5QBSWIz4dSlbwO9J1oJKLgsUlNFoxVDXdhSZ/zWL5eEbrsV28pmU1IVallA3Qi1Acxa4PbUYiecsNjP3m4a0upYu/wEc0SiRCJgadF5M95z5O+i9ns8qTWf17VuhszcrGuotpzxJnsK1Gto9/6M0YtGenS5X21F4cM/m9mP1l/M6G0x65YX3YF07UF5AqAA+pT53MQuoZ/y8/lMRbVb5UqwlAvzRnD5WIQiJ96wfwBbqdINemwuFApLrZqF+tav157My5S0qEWq7vRHENy7iK6iR68cGQFccgGF0yquu/RHCJ3YFwOOH+w5e382XJHjizBxzMf2iscAsa2xU18QvKfAQTwlyiK8UDSIsRTUWpBwIoiFI9fUGbBu8uI39v8AAAD//wrK/gQ=" + return "eJzEnF+P27gRwN/vUxB52gB7OdwVLdB9KBDs5tptk7s0l+0B9yLQ1NhiliYVkrLj/fQF/8myLUuyPfTtQ7B2tMMfh8PhzJDi9+QZNnfkRanld4RYbgXckT/CpxIM07y2XMk78o/vCCHkgyobAWSuNKmoLAWXC8IlU0v3i/szsoZZpdQz0fC1AWPNd4TMOYjS3HkB7ud7IukS2kbTj93UcEcWWjV151sNAqiBOzIDSzvflzCnjbCFF35H5lQY2PnvA/b00+lDTbVpyd9+fCS/B3rzpvMX+/jdLiypsaALyphqpC14ufNU6tMzbNZK7//fAKLH9KLJ2yDa6YFaKIlVhBJTA+NzzshvzSw90ctnmlkWuE+RZqx9VYOmVmnUxp8M6McHYitqidV8sQDtFFMBgRWMgOBSONk/vFtSLrrj40gaA/o0wpzDFGU7pakRDMuXYCxd1r0UJbVwGsLnJG9fQ8MIxZ/MwDRQJ65wbeINyH0USw7E7pnBG7WWkGXaqPnWQNeVMuCcRGqWrKkJfYfyh5Ibaoxi3H0ahAU3BfBIh2YUEMq8Bh1pDXqu9BJKouQEbWbBzKHP5Avct3i8v1cgCZUtm5NOuCFN7aZUeUtsxY37wvVHwpqsqGiAGBh0WC0sFZyafLRePCKuaepa6dw67raSAR7Zoo/R+2YuwGcVtQWrqJQg3uAq/LMDcMqN8zC2EtbeihoyA9ensoTyh6Uq+Zy7mQgCjs3BHVZM/+tIt/4XlxN3lfq8qb0+E2PfqvmG3FNJZkB+vHmUK27h+1+l2Ly+JT/dfNR8RS28JkqTv9x8bGaCs9cT+oAceTxQC4TK0scTZO1MO3Wo65VPV7ZDKZxQJNB3tWIVGuUSjKELQDXdJ8m/Nl3rTRbhWiSxxXGkPFYapd8SFgwSuK1Ak1dWFUxJS5l95SzRfw6afTWOij3GPcYYm7pwmLFnTTBGREADxrhAGtMefwsyHx98Ft91p3uuarJpRkvJEyLSstRgTG9Ea0CWXC7Oo82QHsxAKLnwRB1KDQz4yn1LT6AMY4JKeR9kPj6cP9KRCjcMiVwhFDkXre/Bi6jeEmO1GzVvMFwmQ5s3QrTT20cgbo6bY8nwEsByubjOkhIbGwT5orgsGo04UV1w9vTpvRsyJzyO2zhJ02CHiE9P5+mkUgbXIXiYnZoBU3LOF43eEhHX6iCWVTVniFBO3DnqORp7cGlhAfuFwcmxR1BDXB4HCYyl2uaLKToWS3xTIzjuj16URM19eYxjnVyfLhoo2yU6wbURixnkKxvtS2W9fG6NOt2ak0g3crTl4ZIsuWwsDPNwYxpAr2+k5dWl2cal3r4Zsua26irt1msRvtFlLeCOvHqSxtKZAEKbkivytaGC201/XJs6UFNjejAv6MLHKPFwwTs+H+tKyVzJSbI034aL+ZmSK9Dm0I52adwY5Iil9njW0g91Zx/nngpB3qsFmUFYpd3wHpu4gbVUaykULXGXv4co1a+BCXulODuMh3dxXHTB5aJAd25uvraeIuQjlLjWrNOlC1fATwFuqq3hMSoE9AdaAZcpKYFZKPMAl4dZHgI0lWYN+mrEicnzhrYHLdI9W4Asr4kGshxnuk4FhIqh+YG8ij3srGDtBB1bw7ZKAV3IZjk7iHcuSX28WBLE7i8FU3xI4sJNyCJVTz52CpPv1PFNwNNHMHK5Pz/KFUpZsY4VS6wWtKTC11R/unn3LX4c70GutS2lBKE752oYrsJ3vgVAAd8sSIO/E/wuyQ2m0MUdsYtZqMnc+of/20ADt4Q2Vn0CBr45bqwzE1NRDe+5hH/uHanpt5RsUVDsWg3aKEnWPkngklse+hh7Pc7nP6B7r48+NvslOK9Bo55GubUXbNKtxcge2nEy/ITvc0r1TiQpYcUZIE+oBy80zCafd842J0BBRsvvhgrQKmu6D8o9Mw/56CRjB+Ql+2Ar90LffW2PcYA6UYnIfFPITlgAx0Kgi/bu+oPGIxNlZ8v5vHgI/iz/fJ5tXMtnn0l3fT9+Kmjebdw9/xnKPMfPFGpgSpdX20hpmxuBwd3C6Nu+mEqCvoWxu8458en3thidNr8CxZGiwhYx53ZGYtoz8anay+OhW/lt8rFshOW1gDZx8We/zC2p/Ul9wipgz+FIfalYswRpjxdgt/jXLG+1rQ7ulHRUi++GY3nTu+KdbZIt20GXD8Eylpd2WUYKTJ1hdFlntr1ZyhgYc9q0UJaKwvAXrArOZyeQOIG9apptxpXU/lYcvjpxPtg28NsCzbmAg4MnJ/njrCdiup65fxNpood2KRLushqWjr4jO8dXeE8x59pgHyt2NMQL7q1oTsESNA+Vk3s2FLJxeSA4+vbACAzuAupZ+sq8U1DyZK4eKUSp/YnXdDTvt/QGmS1KJUyVZ6mNqWVNJT6Vl3qWspYce/h8GZWK1j+e56QaA8UxuJlSAuh+TDEC9zhPhxkqasjHD48EJJ2JIXddc4YbKPzcCJEiBV9y1sqtf6TmzDZ6N510BMfRVlRyu0F2l790alsHw6hdvHyO08pXIegc90rB6bDWBJWLBvUA4/so8XQWH7s8A6Iv+JcLUp5hQwzYiRBaCeScoaMHJ3wiRwl1f5CJwVFC7XIol+dNxKk1GJDMv+RpG8QzVfeN1g4jNUBCA27SjRDF6VhItR+9X1YrTtPcy23V8zQ8WshFqyOJsPcuQi0WULq8RWmimqG1VXCQNlMdOAg/cNBtxXem1drveS4puyVrLm8Jb095UVlqxQcWmhVocyxJPgv7f0FgW0Ptp+8FWsOMS4qcqxycgEsLSWxtkCTfYeqOk+ieq54ClaEoeY5uclUk29dWthrqVienoCFXIj+kdLvvgPUkniyOIUpPB6xbhxAPx/z15vfwwOtb8rebT8Aa7d93SH+25rZSjSVz/g2C7/M7Rn8/8mj3ucHOXrNYmQCHSpXtIOSLBneKlA71oKw0xUoyFyyTrkbKlYmGLkCWNFtkFMSfMqkzntHedcadQuoULuzD7299Ol0rZ9DhyLshdOZmKt2Ooek8IsMb5/4unl7SF6WWLofKu7fmdzX07r1FPQzunwyHIzpD2D0nMRGKUeHMMcNBSy/2IqSsg5Za2QnQJhL67PtKeL4tsr0iZPsWiIf9NK7OisoF4Ga9/4FNq7cPnGll1NwlWKpsmDXh7anog32lXkNIvqzp3lO12gbMtO3wyBwCoxrNIO8GRJ+22wHhPkk61WKujdtyEW4NiPmIe3TONpMjpwK0NS7Aii59L0DYkrpHrCHwteH18lh9q2X2cpEzz7cyvfkX7y5pDTe9JJu2t33rb7wDFjzE6P4r/4BJu+Jz1ci4TsHUze/txFXLWsl9PVypf+0ghDemIsntTofbrxE7HUb1mUtE53rQa1Optd+Y3VuX4hC2F6/EfOLHm8/purZ4tOxeAHWfevuiYcGN1VTavGFHfEnQNQY6vpu/fYFR6cEYrgOJXW/7rS2vOcrW23dwe6L9Hq7sF3Mh6C7Htu7P2x1dZNoMu73vaSbWuLgheoHd0wVYnIxbxMDqntsNOiH2rux93JBF5nzh/dfVnMX4B6/DhnEGZ4k4fZyvRGf0NXDEYkH3bAAyKpdlY1CNM91umiRjEyu9X426APZXvaCSv4RMqW+fFwH4i5oV/gpnPOx/q1m4FRrdchvNKmq4XPgyajHXyPfxKGVAkthMOGzp28DuiFYCCi6L1FJRa8VQl7PUF7/hyyWh217FtnIZlFSFmhewrIXaAGb9b3tUsRVOWOxmZwcNZ01cuoQEczyiRCJgbrFxM15t5G+j9rs6qTWfxzVudkzcnquptpzxOnvG02lo98qMwbtFOnS532ZF4cM/jtmNzy9m9LaYdZOL7kC69qA8AVAAXWU+KrFL6Gf8dD5TUecLihIs5cK8EVw+F6GsiTfsH8BWqnSDHpsLpcFSq3qmvnUrtCfzMiUtalWqPe8RBHfunqvo0VtGBgDnXEDhtIrrLv2pQSf2YsDhszxn78iGW3F80SWO+dDu8BAgtjW26guC9xTYi6dEWYR3iHox5oJaCxJOBHmUTDQlhD1OJcr4mlI8+1SX1IbrLNXsCzBLBH9O9yq0d26la7BHVm8D1j2PSu+3++JpNsosX0HbzK4vPw3//wEAAP//BZ5GoQ==" } diff --git a/x-pack/filebeat/module/zoom/webhook/_meta/fields.yml b/x-pack/filebeat/module/zoom/webhook/_meta/fields.yml index 84dd8406448..94cc1299ff4 100644 --- a/x-pack/filebeat/module/zoom/webhook/_meta/fields.yml +++ b/x-pack/filebeat/module/zoom/webhook/_meta/fields.yml @@ -40,7 +40,7 @@ - name: account.owner_id type: keyword description: > - UserID of the related user the action was performed on + UserID of the user whose sub account was created/disassociated - name: account.email type: keyword description: > @@ -48,7 +48,7 @@ - name: account.owner_email type: keyword description: > - Email related to a sub account which was disassociated + Email of the user whose sub account was created/disassociated - name: account.account_name type: keyword description: > @@ -416,7 +416,7 @@ - name: user.date_time type: date description: > - The date and time when user logged inor out + The date and time when user logged in or out - name: user.client_type type: keyword description: > @@ -512,19 +512,19 @@ - name: zoomroom.alert_type type: keyword description: > - A integer value representing the type of alert. The list of alert types can be found in the Zoom documentation + An integer value representing the type of alert. The list of alert types can be found in the Zoom documentation - name: zoomroom.component type: keyword description: > - A integer value representing the type of equipment or component, The list of component types can be found in the Zoom documentation + An integer value representing the type of equipment or component, The list of component types can be found in the Zoom documentation - name: zoomroom.alert_kind type: keyword description: > - A integer value showing if the Zoom room alert has been either 1(Triggered) or 2(Cleared) + An integer value showing if the Zoom room alert has been either 1(Triggered) or 2(Cleared) - name: registrant.id type: keyword description: > - Unique ID of the user registrating to a meeting or webinar + Unique ID of the user registering to a meeting or webinar - name: registrant.status type: keyword description: > @@ -532,67 +532,67 @@ - name: registrant.email type: keyword description: > - Email of the user registrating to a meeting or webinar + Email of the user registering to a meeting or webinar - name: registrant.first_name type: keyword description: > - First name of the user registrating to a meeting or webinar + First name of the user registering to a meeting or webinar - name: registrant.last_name type: keyword description: > - Last name of the user registrating to a meeting or webinar + Last name of the user registering to a meeting or webinar - name: registrant.address type: keyword description: > - Address of the user registrating to a meeting or webinar + Address of the user registering to a meeting or webinar - name: registrant.city type: keyword description: > - City of the user registrating to a meeting or webinar + City of the user registering to a meeting or webinar - name: registrant.country type: keyword description: > - Country of the user registrating to a meeting or webinar + Country of the user registering to a meeting or webinar - name: registrant.zip type: keyword description: > - Zip code of the user registrating to a meeting or webinar + Zip code of the user registering to a meeting or webinar - name: registrant.state type: keyword description: > - State of the user registrating to a meeting or webinar + State of the user registering to a meeting or webinar - name: registrant.phone type: keyword description: > - Phone number of the user registrating to a meeting or webinar + Phone number of the user registering to a meeting or webinar - name: registrant.industry type: keyword description: > - Related industry of the user registrating to a meeting or webinar + Related industry of the user registering to a meeting or webinar - name: registrant.org type: keyword description: > - Organization related to the user registrating to a meeting or webinar + Organization related to the user registering to a meeting or webinar - name: registrant.job_title type: keyword description: > - Job title of the user registrating to a meeting or webinar + Job title of the user registering to a meeting or webinar - name: registrant.purchasing_time_frame type: keyword description: > - Choosen purchase timeframe of the user registrating to a meeting or webinar + Choosen purchase timeframe of the user registering to a meeting or webinar - name: registrant.role_in_purchase_process type: keyword description: > - Choosen role in a purchase process related to the user registrating to a meeting or webinar + Choosen role in a purchase process related to the user registering to a meeting or webinar - name: registrant.no_of_employees type: keyword description: > - Number of employees choosen by the user registrating to a meeting or webinar + Number of employees choosen by the user registering to a meeting or webinar - name: registrant.comments type: keyword description: > - Comments left by the user registrating to a meeting or webinar + Comments left by the user registering to a meeting or webinar - name: registrant.join_url type: keyword description: > @@ -640,8 +640,8 @@ - name: old_values type: flattened description: > - test + Includes the old values when updating a object like user, meeting, account or webinar - name: settings type: flattened description: > - test + The current active settings related to a object like user, meeting, account or webinar diff --git a/x-pack/filebeat/module/zoom/webhook/ingest/pipeline.yml b/x-pack/filebeat/module/zoom/webhook/ingest/pipeline.yml index 3e4ac68d9dc..f2e1f68f2d1 100644 --- a/x-pack/filebeat/module/zoom/webhook/ingest/pipeline.yml +++ b/x-pack/filebeat/module/zoom/webhook/ingest/pipeline.yml @@ -6,6 +6,9 @@ processors: - set: field: observer.product value: Webhook +- set: + field: event.ingested + value: '{{_ingest.timestamp}}' - append: field: event.kind value: event diff --git a/x-pack/filebeat/module/zoom/webhook/ingest/user.yml b/x-pack/filebeat/module/zoom/webhook/ingest/user.yml index 5beafb3cfea..737292dab04 100644 --- a/x-pack/filebeat/module/zoom/webhook/ingest/user.yml +++ b/x-pack/filebeat/module/zoom/webhook/ingest/user.yml @@ -3,6 +3,11 @@ processors: - append: field: event.type value: iam + if: "!['user.signed_in', 'user.signed_out'].contains(ctx?.event?.action)" +- append: + field: event.type + value: authentication + if: "['user.signed_in', 'user.signed_out'].contains(ctx?.event?.action)" - append: field: event.type value: creation diff --git a/x-pack/filebeat/module/zoom/webhook/test/account.ndjson.log-expected.json b/x-pack/filebeat/module/zoom/webhook/test/account.ndjson.log-expected.json index c5241af9edc..e2dd9b074cb 100644 --- a/x-pack/filebeat/module/zoom/webhook/test/account.ndjson.log-expected.json +++ b/x-pack/filebeat/module/zoom/webhook/test/account.ndjson.log-expected.json @@ -1,11 +1,12 @@ [ { - "@timestamp": "2020-08-04T18:53:21.616Z", + "@timestamp": "2020-08-04T20:19:12.451Z", "event.action": "account.created", "event.category": [ "iam" ], "event.dataset": "zoom.webhook", + "event.ingested": "2020-08-04T20:19:13.545601Z", "event.kind": [ "event" ], @@ -37,12 +38,13 @@ "zoom.sub_account_id": "aIxE1yiRR8WghhUIO6eu9L" }, { - "@timestamp": "2020-08-04T18:53:21.616Z", + "@timestamp": "2020-08-04T20:19:12.451Z", "event.action": "account.updated", "event.category": [ "iam" ], "event.dataset": "zoom.webhook", + "event.ingested": "2020-08-04T20:19:13.545813Z", "event.kind": [ "event" ], @@ -77,12 +79,13 @@ "zoom.time_stamp": 1562000584527 }, { - "@timestamp": "2020-08-04T18:53:21.616Z", + "@timestamp": "2020-08-04T20:19:12.451Z", "event.action": "account.disassociated", "event.category": [ "iam" ], "event.dataset": "zoom.webhook", + "event.ingested": "2020-08-04T20:19:13.545915Z", "event.kind": [ "event" ], diff --git a/x-pack/filebeat/module/zoom/webhook/test/chat_channel.ndjson.log-expected.json b/x-pack/filebeat/module/zoom/webhook/test/chat_channel.ndjson.log-expected.json index 115eccf7d80..584b865ebdf 100644 --- a/x-pack/filebeat/module/zoom/webhook/test/chat_channel.ndjson.log-expected.json +++ b/x-pack/filebeat/module/zoom/webhook/test/chat_channel.ndjson.log-expected.json @@ -1,8 +1,9 @@ [ { - "@timestamp": "2020-08-04T18:53:26.130Z", + "@timestamp": "2020-08-04T20:19:16.920Z", "event.action": "chat_channel.created", "event.dataset": "zoom.webhook", + "event.ingested": "2020-08-04T20:19:18.012505Z", "event.kind": [ "event" ], @@ -36,9 +37,10 @@ "zoom.operator_id": "z8dfgdfguQrdfgdf" }, { - "@timestamp": "2020-08-04T18:53:26.131Z", + "@timestamp": "2020-08-04T20:19:16.921Z", "event.action": "chat_channel.member_invited", "event.dataset": "zoom.webhook", + "event.ingested": "2020-08-04T20:19:18.012902Z", "event.kind": [ "event" ], diff --git a/x-pack/filebeat/module/zoom/webhook/test/chat_message.ndjson.log-expected.json b/x-pack/filebeat/module/zoom/webhook/test/chat_message.ndjson.log-expected.json index 902bf84c4aa..1cb6a7d8732 100644 --- a/x-pack/filebeat/module/zoom/webhook/test/chat_message.ndjson.log-expected.json +++ b/x-pack/filebeat/module/zoom/webhook/test/chat_message.ndjson.log-expected.json @@ -1,8 +1,9 @@ [ { - "@timestamp": "2020-08-04T18:53:08.820Z", + "@timestamp": "2020-08-04T20:18:59.994Z", "event.action": "chat_message.sent", "event.dataset": "zoom.webhook", + "event.ingested": "2020-08-04T20:19:01.089874Z", "event.kind": [ "event" ], @@ -38,9 +39,10 @@ "zoom.operator_id": "zfdgdfgdfgfp8uQ" }, { - "@timestamp": "2020-08-04T18:53:08.820Z", + "@timestamp": "2020-08-04T20:18:59.994Z", "event.action": "chat_message.updated", "event.dataset": "zoom.webhook", + "event.ingested": "2020-08-04T20:19:01.090058Z", "event.kind": [ "event" ], @@ -76,9 +78,10 @@ "zoom.operator_id": "zfdgdfgdfgfp8uQ" }, { - "@timestamp": "2020-08-04T18:53:08.820Z", + "@timestamp": "2020-08-04T20:18:59.995Z", "event.action": "chat_message.updated", "event.dataset": "zoom.webhook", + "event.ingested": "2020-08-04T20:19:01.090156Z", "event.kind": [ "event" ], diff --git a/x-pack/filebeat/module/zoom/webhook/test/meeting.ndjson.log-expected.json b/x-pack/filebeat/module/zoom/webhook/test/meeting.ndjson.log-expected.json index 6fcba052623..dae654896bd 100644 --- a/x-pack/filebeat/module/zoom/webhook/test/meeting.ndjson.log-expected.json +++ b/x-pack/filebeat/module/zoom/webhook/test/meeting.ndjson.log-expected.json @@ -1,8 +1,9 @@ [ { - "@timestamp": "2020-08-04T18:53:33.101Z", + "@timestamp": "2020-08-04T20:19:23.828Z", "event.action": "meeting.created", "event.dataset": "zoom.webhook", + "event.ingested": "2020-08-04T20:19:24.922980Z", "event.kind": [ "event" ], @@ -39,9 +40,10 @@ "zoom.operator_id": "uLoRgfbbTayCX6r2Q_qQsQ" }, { - "@timestamp": "2020-08-04T18:53:33.101Z", + "@timestamp": "2020-08-04T20:19:23.828Z", "event.action": "meeting.updated", "event.dataset": "zoom.webhook", + "event.ingested": "2020-08-04T20:19:24.923104Z", "event.kind": [ "event" ], @@ -132,9 +134,10 @@ "zoom.time_stamp": 1562791953209 }, { - "@timestamp": "2020-08-04T18:53:33.101Z", + "@timestamp": "2020-08-04T20:19:23.828Z", "event.action": "meeting.deleted", "event.dataset": "zoom.webhook", + "event.ingested": "2020-08-04T20:19:24.923211Z", "event.kind": [ "event" ], @@ -171,9 +174,10 @@ "zoom.operator_id": "BBBBBBBBBB" }, { - "@timestamp": "2020-08-04T18:53:33.101Z", + "@timestamp": "2020-08-04T20:19:23.829Z", "event.action": "meeting.started", "event.dataset": "zoom.webhook", + "event.ingested": "2020-08-04T20:19:24.923321Z", "event.kind": [ "event" ], @@ -207,9 +211,10 @@ "zoom.meeting.uuid": "czLF6FFFoQOKgAB99DlDb9g==" }, { - "@timestamp": "2020-08-04T18:53:33.101Z", + "@timestamp": "2020-08-04T20:19:23.829Z", "event.action": "meeting.ended", "event.dataset": "zoom.webhook", + "event.ingested": "2020-08-04T20:19:24.923413Z", "event.kind": [ "event" ], @@ -243,9 +248,10 @@ "zoom.meeting.uuid": "czLF6FFFoQOKgAB99DlDb9g==" }, { - "@timestamp": "2020-08-04T18:53:33.101Z", + "@timestamp": "2020-08-04T20:19:23.829Z", "event.action": "meeting.registration_created", "event.dataset": "zoom.webhook", + "event.ingested": "2020-08-04T20:19:24.923511Z", "event.kind": [ "event" ], @@ -298,9 +304,10 @@ "zoom.registrant.zip": "" }, { - "@timestamp": "2020-08-04T18:53:33.101Z", + "@timestamp": "2020-08-04T20:19:23.829Z", "event.action": "meeting.registration_approved", "event.dataset": "zoom.webhook", + "event.ingested": "2020-08-04T20:19:24.923626Z", "event.kind": [ "event" ], @@ -341,9 +348,10 @@ "zoom.registrant.last_name": "Person" }, { - "@timestamp": "2020-08-04T18:53:33.101Z", + "@timestamp": "2020-08-04T20:19:23.829Z", "event.action": "meeting.registration_cancelled", "event.dataset": "zoom.webhook", + "event.ingested": "2020-08-04T20:19:24.923734Z", "event.kind": [ "event" ], @@ -381,9 +389,10 @@ "zoom.registrant.last_name": "Person" }, { - "@timestamp": "2020-08-04T18:53:33.101Z", + "@timestamp": "2020-08-04T20:19:23.829Z", "event.action": "meeting.sharing_started", "event.dataset": "zoom.webhook", + "event.ingested": "2020-08-04T20:19:24.923848Z", "event.kind": [ "event" ], @@ -425,9 +434,10 @@ "zoom.participant.user_name": "Arya Arya" }, { - "@timestamp": "2020-08-04T18:53:33.101Z", + "@timestamp": "2020-08-04T20:19:23.829Z", "event.action": "meeting.sharing_ended", "event.dataset": "zoom.webhook", + "event.ingested": "2020-08-04T20:19:24.923945Z", "event.kind": [ "event" ], @@ -469,9 +479,10 @@ "zoom.participant.user_name": "Arya Arya" }, { - "@timestamp": "2020-08-04T18:53:33.101Z", + "@timestamp": "2020-08-04T20:19:23.829Z", "event.action": "meeting.participant_jbh_waiting", "event.dataset": "zoom.webhook", + "event.ingested": "2020-08-04T20:19:24.924062Z", "event.kind": [ "event" ], @@ -504,9 +515,10 @@ "zoom.participant.user_name": "Shrijana Shrijana" }, { - "@timestamp": "2020-08-04T18:53:33.101Z", + "@timestamp": "2020-08-04T20:19:23.829Z", "event.action": "meeting.participant_jbh_joined", "event.dataset": "zoom.webhook", + "event.ingested": "2020-08-04T20:19:24.924155Z", "event.kind": [ "event" ], @@ -539,9 +551,10 @@ "zoom.participant.user_name": "Tom Harry" }, { - "@timestamp": "2020-08-04T18:53:33.101Z", + "@timestamp": "2020-08-04T20:19:23.829Z", "event.action": "meeting.participant_joined", "event.dataset": "zoom.webhook", + "event.ingested": "2020-08-04T20:19:24.924248Z", "event.kind": [ "event" ], @@ -578,9 +591,10 @@ "zoom.participant.user_name": "shree" }, { - "@timestamp": "2020-08-04T18:53:33.101Z", + "@timestamp": "2020-08-04T20:19:23.829Z", "event.action": "meeting.participant_left", "event.dataset": "zoom.webhook", + "event.ingested": "2020-08-04T20:19:24.924341Z", "event.kind": [ "event" ], diff --git a/x-pack/filebeat/module/zoom/webhook/test/phone.ndjson.log-expected.json b/x-pack/filebeat/module/zoom/webhook/test/phone.ndjson.log-expected.json index a31e884354d..c2c7dd1b7e0 100644 --- a/x-pack/filebeat/module/zoom/webhook/test/phone.ndjson.log-expected.json +++ b/x-pack/filebeat/module/zoom/webhook/test/phone.ndjson.log-expected.json @@ -1,8 +1,9 @@ [ { - "@timestamp": "2020-08-04T18:53:19.266Z", + "@timestamp": "2020-08-04T20:19:10.139Z", "event.action": "phone.caller_ringing", "event.dataset": "zoom.webhook", + "event.ingested": "2020-08-04T20:19:11.234307Z", "event.kind": [ "event" ], @@ -37,9 +38,10 @@ "zoom.phone.ringing_start_time": "2020-07-22T01:41:55Z" }, { - "@timestamp": "2020-08-04T18:53:19.267Z", + "@timestamp": "2020-08-04T20:19:10.139Z", "event.action": "phone.caller_connected", "event.dataset": "zoom.webhook", + "event.ingested": "2020-08-04T20:19:11.234500Z", "event.kind": [ "event" ], @@ -75,9 +77,10 @@ "zoom.phone.ringing_start_time": "2020-07-22T01:41:55Z" }, { - "@timestamp": "2020-08-04T18:53:19.267Z", + "@timestamp": "2020-08-04T20:19:10.139Z", "event.action": "phone.caller_ringing", "event.dataset": "zoom.webhook", + "event.ingested": "2020-08-04T20:19:11.234607Z", "event.kind": [ "event" ], @@ -111,9 +114,10 @@ "zoom.phone.ringing_start_time": "2020-07-22T01:38:40Z" }, { - "@timestamp": "2020-08-04T18:53:19.267Z", + "@timestamp": "2020-08-04T20:19:10.139Z", "event.action": "phone.callee_answered", "event.dataset": "zoom.webhook", + "event.ingested": "2020-08-04T20:19:11.234703Z", "event.kind": [ "event" ], @@ -149,9 +153,10 @@ "zoom.phone.ringing_start_time": "2020-07-22T01:41:56Z" }, { - "@timestamp": "2020-08-04T18:53:19.267Z", + "@timestamp": "2020-08-04T20:19:10.140Z", "event.action": "phone.callee_missed", "event.dataset": "zoom.webhook", + "event.ingested": "2020-08-04T20:19:11.234795Z", "event.kind": [ "event" ], @@ -183,9 +188,10 @@ "zoom.phone.caller.phone_number": "+1000000" }, { - "@timestamp": "2020-08-04T18:53:19.267Z", + "@timestamp": "2020-08-04T20:19:10.140Z", "event.action": "phone.callee_ended", "event.dataset": "zoom.webhook", + "event.ingested": "2020-08-04T20:19:11.234888Z", "event.kind": [ "event" ], @@ -218,9 +224,10 @@ "zoom.phone.caller.phone_number": "+1000000" }, { - "@timestamp": "2020-08-04T18:53:19.268Z", + "@timestamp": "2020-08-04T20:19:10.140Z", "event.action": "phone.caller_ended", "event.dataset": "zoom.webhook", + "event.ingested": "2020-08-04T20:19:11.234976Z", "event.kind": [ "event" ], @@ -253,9 +260,10 @@ "zoom.phone.caller.phone_number": "+1000000" }, { - "@timestamp": "2020-08-04T18:53:19.268Z", + "@timestamp": "2020-08-04T20:19:10.140Z", "event.action": "phone.callee_rejected", "event.dataset": "zoom.webhook", + "event.ingested": "2020-08-04T20:19:11.235064Z", "event.kind": [ "event" ], @@ -287,9 +295,10 @@ "zoom.phone.ringing_start_time": "2020-07-22T21:06:33Z" }, { - "@timestamp": "2020-08-04T18:53:19.268Z", + "@timestamp": "2020-08-04T20:19:10.140Z", "event.action": "phone.voicemail_received", "event.dataset": "zoom.webhook", + "event.ingested": "2020-08-04T20:19:11.235154Z", "event.kind": [ "event" ], @@ -327,9 +336,10 @@ "zoom.phone.id": "235435" }, { - "@timestamp": "2020-08-04T18:53:19.268Z", + "@timestamp": "2020-08-04T20:19:10.140Z", "event.action": "phone.caller_call_log_completed", "event.dataset": "zoom.webhook", + "event.ingested": "2020-08-04T20:19:11.235244Z", "event.kind": [ "event" ], @@ -352,9 +362,10 @@ "zoom.phone.user_id": "caddsfsdfv_VaHE53wA" }, { - "@timestamp": "2020-08-04T18:53:19.268Z", + "@timestamp": "2020-08-04T20:19:10.140Z", "event.action": "phone.callee_call_log_completed", "event.dataset": "zoom.webhook", + "event.ingested": "2020-08-04T20:19:11.235319Z", "event.kind": [ "event" ], diff --git a/x-pack/filebeat/module/zoom/webhook/test/recording.ndjson.log-expected.json b/x-pack/filebeat/module/zoom/webhook/test/recording.ndjson.log-expected.json index 6ffa2593329..1dad53e859d 100644 --- a/x-pack/filebeat/module/zoom/webhook/test/recording.ndjson.log-expected.json +++ b/x-pack/filebeat/module/zoom/webhook/test/recording.ndjson.log-expected.json @@ -1,8 +1,9 @@ [ { - "@timestamp": "2020-08-04T18:53:28.104Z", + "@timestamp": "2020-08-04T20:19:18.873Z", "event.action": "recording.started", "event.dataset": "zoom.webhook", + "event.ingested": "2020-08-04T20:19:19.975829Z", "event.kind": [ "event" ], @@ -36,9 +37,10 @@ "zoom.recording.uuid": "dj12vck6sdTn6yy7qdy3dQg==" }, { - "@timestamp": "2020-08-04T18:53:28.104Z", + "@timestamp": "2020-08-04T20:19:18.874Z", "event.action": "recording.paused", "event.dataset": "zoom.webhook", + "event.ingested": "2020-08-04T20:19:19.976028Z", "event.kind": [ "event" ], @@ -72,9 +74,10 @@ "zoom.recording.uuid": "dj12vck6sdTn6yy7qdy3dQg==" }, { - "@timestamp": "2020-08-04T18:53:28.104Z", + "@timestamp": "2020-08-04T20:19:18.874Z", "event.action": "recording.resumed", "event.dataset": "zoom.webhook", + "event.ingested": "2020-08-04T20:19:19.976133Z", "event.kind": [ "event" ], @@ -108,9 +111,10 @@ "zoom.recording.uuid": "dj12vck6sdTn6yy7qdy3dQg==" }, { - "@timestamp": "2020-08-04T18:53:28.104Z", + "@timestamp": "2020-08-04T20:19:18.874Z", "event.action": "recording.stopped", "event.dataset": "zoom.webhook", + "event.ingested": "2020-08-04T20:19:19.976235Z", "event.kind": [ "event" ], @@ -144,9 +148,10 @@ "zoom.recording.uuid": "dj12vck6sdTn6yy7qdy3dQg==" }, { - "@timestamp": "2020-08-04T18:53:28.104Z", + "@timestamp": "2020-08-04T20:19:18.874Z", "event.action": "recording.renamed", "event.dataset": "zoom.webhook", + "event.ingested": "2020-08-04T20:19:19.976474Z", "event.kind": [ "event" ], @@ -183,9 +188,10 @@ "zoom.time_stamp": 1575500457395 }, { - "@timestamp": "2020-08-04T18:53:28.104Z", + "@timestamp": "2020-08-04T20:19:18.874Z", "event.action": "recording.trashed", "event.dataset": "zoom.webhook", + "event.ingested": "2020-08-04T20:19:19.976636Z", "event.kind": [ "event" ], @@ -222,9 +228,10 @@ "zoom.recording.uuid": "dj12vck6sdTn6yy7qdy3dQg==" }, { - "@timestamp": "2020-08-04T18:53:28.104Z", + "@timestamp": "2020-08-04T20:19:18.874Z", "event.action": "recording.deleted", "event.dataset": "zoom.webhook", + "event.ingested": "2020-08-04T20:19:19.976808Z", "event.kind": [ "event" ], @@ -261,9 +268,10 @@ "zoom.recording.uuid": "dj12vck6sdTn6yy7qdy3dQg==" }, { - "@timestamp": "2020-08-04T18:53:28.105Z", + "@timestamp": "2020-08-04T20:19:18.874Z", "event.action": "recording.recovered", "event.dataset": "zoom.webhook", + "event.ingested": "2020-08-04T20:19:19.976926Z", "event.kind": [ "event" ], @@ -300,9 +308,10 @@ "zoom.recording.uuid": "dj12vck6sdTn6yy7qdy3dQg==" }, { - "@timestamp": "2020-08-04T18:53:28.105Z", + "@timestamp": "2020-08-04T20:19:18.874Z", "event.action": "recording.transcript_completed", "event.dataset": "zoom.webhook", + "event.ingested": "2020-08-04T20:19:19.977026Z", "event.kind": [ "event" ], @@ -339,9 +348,10 @@ "zoom.recording.uuid": "dj12vck6sdTn6yy7qdy3dQg==" }, { - "@timestamp": "2020-08-04T18:53:28.105Z", + "@timestamp": "2020-08-04T20:19:18.874Z", "event.action": "recording.registration_created", "event.dataset": "zoom.webhook", + "event.ingested": "2020-08-04T20:19:19.977120Z", "event.kind": [ "event" ], @@ -379,9 +389,10 @@ "zoom.registrant.last_name": "Person" }, { - "@timestamp": "2020-08-04T18:53:28.105Z", + "@timestamp": "2020-08-04T20:19:18.874Z", "event.action": "recording.registration_approved", "event.dataset": "zoom.webhook", + "event.ingested": "2020-08-04T20:19:19.977224Z", "event.kind": [ "event" ], @@ -419,9 +430,10 @@ "zoom.registrant.last_name": "Person" }, { - "@timestamp": "2020-08-04T18:53:28.105Z", + "@timestamp": "2020-08-04T20:19:18.875Z", "event.action": "recording.registration_denied", "event.dataset": "zoom.webhook", + "event.ingested": "2020-08-04T20:19:19.977323Z", "event.kind": [ "event" ], diff --git a/x-pack/filebeat/module/zoom/webhook/test/user.ndjson.log-expected.json b/x-pack/filebeat/module/zoom/webhook/test/user.ndjson.log-expected.json index 1358ea1b23f..8633bf87d0a 100644 --- a/x-pack/filebeat/module/zoom/webhook/test/user.ndjson.log-expected.json +++ b/x-pack/filebeat/module/zoom/webhook/test/user.ndjson.log-expected.json @@ -1,8 +1,9 @@ [ { - "@timestamp": "2020-08-04T18:53:30.374Z", + "@timestamp": "2020-08-04T20:19:21.133Z", "event.action": "user.created", "event.dataset": "zoom.webhook", + "event.ingested": "2020-08-04T20:19:22.229469Z", "event.kind": [ "event" ], @@ -34,9 +35,10 @@ "zoom.user.type": "3" }, { - "@timestamp": "2020-08-04T18:53:30.374Z", + "@timestamp": "2020-08-04T20:19:21.133Z", "event.action": "user.invitation_accepted", "event.dataset": "zoom.webhook", + "event.ingested": "2020-08-04T20:19:22.229660Z", "event.kind": [ "event" ], @@ -67,9 +69,10 @@ "zoom.user.type": 1 }, { - "@timestamp": "2020-08-04T18:53:30.374Z", + "@timestamp": "2020-08-04T20:19:21.133Z", "event.action": "user.updated", "event.dataset": "zoom.webhook", + "event.ingested": "2020-08-04T20:19:22.229764Z", "event.kind": [ "event" ], @@ -104,9 +107,10 @@ "zoom.user.id": "uLobbbbbbbb_qQsQ" }, { - "@timestamp": "2020-08-04T18:53:30.375Z", + "@timestamp": "2020-08-04T20:19:21.133Z", "event.action": "user.settings_updated", "event.dataset": "zoom.webhook", + "event.ingested": "2020-08-04T20:19:22.229871Z", "event.kind": [ "event" ], @@ -141,9 +145,10 @@ "zoom.user.id": "uL34AAbbbbAAAAAAQsQ" }, { - "@timestamp": "2020-08-04T18:53:30.375Z", + "@timestamp": "2020-08-04T20:19:21.133Z", "event.action": "user.settings_updated", "event.dataset": "zoom.webhook", + "event.ingested": "2020-08-04T20:19:22.229982Z", "event.kind": [ "event" ], @@ -178,9 +183,10 @@ "zoom.user.id": "fdhjfdhsj536274gfd" }, { - "@timestamp": "2020-08-04T18:53:30.375Z", + "@timestamp": "2020-08-04T20:19:21.133Z", "event.action": "user.deactivated", "event.dataset": "zoom.webhook", + "event.ingested": "2020-08-04T20:19:22.230087Z", "event.kind": [ "event" ], @@ -215,9 +221,10 @@ "zoom.user.type": 1 }, { - "@timestamp": "2020-08-04T18:53:30.375Z", + "@timestamp": "2020-08-04T20:19:21.133Z", "event.action": "user.activated", "event.dataset": "zoom.webhook", + "event.ingested": "2020-08-04T20:19:22.230201Z", "event.kind": [ "event" ], @@ -252,9 +259,10 @@ "zoom.user.type": 3 }, { - "@timestamp": "2020-08-04T18:53:30.375Z", + "@timestamp": "2020-08-04T20:19:21.133Z", "event.action": "user.disassociated", "event.dataset": "zoom.webhook", + "event.ingested": "2020-08-04T20:19:22.230301Z", "event.kind": [ "event" ], @@ -289,9 +297,10 @@ "zoom.user.type": 3 }, { - "@timestamp": "2020-08-04T18:53:30.375Z", + "@timestamp": "2020-08-04T20:19:21.134Z", "event.action": "user.deleted", "event.dataset": "zoom.webhook", + "event.ingested": "2020-08-04T20:19:22.230406Z", "event.kind": [ "event" ], @@ -326,9 +335,10 @@ "zoom.user.type": "3" }, { - "@timestamp": "2020-08-04T18:53:30.375Z", + "@timestamp": "2020-08-04T20:19:21.134Z", "event.action": "user.presence_status_updated", "event.dataset": "zoom.webhook", + "event.ingested": "2020-08-04T20:19:22.230508Z", "event.kind": [ "event" ], @@ -359,9 +369,10 @@ "zoom.user.presence_status": "Available" }, { - "@timestamp": "2020-08-04T18:53:30.375Z", + "@timestamp": "2020-08-04T20:19:21.134Z", "event.action": "user.personal_notes_updated", "event.dataset": "zoom.webhook", + "event.ingested": "2020-08-04T20:19:22.230602Z", "event.kind": [ "event" ], @@ -393,16 +404,17 @@ "zoom.user.personal_notes": "Out of Office until February 31" }, { - "@timestamp": "2020-08-04T18:53:30.375Z", + "@timestamp": "2020-08-04T20:19:21.134Z", "event.action": "user.signed_in", "event.dataset": "zoom.webhook", + "event.ingested": "2020-08-04T20:19:22.230693Z", "event.kind": [ "event" ], "event.module": "zoom", "event.timezone": "-02:00", "event.type": [ - "iam", + "authentication", "creation", "start" ], @@ -427,16 +439,17 @@ "zoom.user.version": "4.5.3308.0902" }, { - "@timestamp": "2020-08-04T18:53:30.375Z", + "@timestamp": "2020-08-04T20:19:21.134Z", "event.action": "user.signed_out", "event.dataset": "zoom.webhook", + "event.ingested": "2020-08-04T20:19:22.230781Z", "event.kind": [ "event" ], "event.module": "zoom", "event.timezone": "-02:00", "event.type": [ - "iam", + "authentication", "creation", "end" ], diff --git a/x-pack/filebeat/module/zoom/webhook/test/webinar.ndjson.log-expected.json b/x-pack/filebeat/module/zoom/webhook/test/webinar.ndjson.log-expected.json index b5b03c907de..ed5de09f796 100644 --- a/x-pack/filebeat/module/zoom/webhook/test/webinar.ndjson.log-expected.json +++ b/x-pack/filebeat/module/zoom/webhook/test/webinar.ndjson.log-expected.json @@ -1,8 +1,9 @@ [ { - "@timestamp": "2020-08-04T18:53:23.693Z", + "@timestamp": "2020-08-04T20:19:14.530Z", "event.action": "webinar.created", "event.dataset": "zoom.webhook", + "event.ingested": "2020-08-04T20:19:15.625835Z", "event.kind": [ "event" ], @@ -39,9 +40,10 @@ "zoom.webinar.uuid": "czLF6FFFoQOKgAB99DlDb9g==" }, { - "@timestamp": "2020-08-04T18:53:23.693Z", + "@timestamp": "2020-08-04T20:19:14.530Z", "event.action": "webinar.updated", "event.dataset": "zoom.webhook", + "event.ingested": "2020-08-04T20:19:15.626052Z", "event.kind": [ "event" ], @@ -125,9 +127,10 @@ "zoom.webinar.type": 5 }, { - "@timestamp": "2020-08-04T18:53:23.693Z", + "@timestamp": "2020-08-04T20:19:14.530Z", "event.action": "webinar.deleted", "event.dataset": "zoom.webhook", + "event.ingested": "2020-08-04T20:19:15.626164Z", "event.kind": [ "event" ], @@ -164,9 +167,10 @@ "zoom.webinar.uuid": "czLF6FFFoQOKgAB99DlDb9g==" }, { - "@timestamp": "2020-08-04T18:53:23.693Z", + "@timestamp": "2020-08-04T20:19:14.530Z", "event.action": "webinar.started", "event.dataset": "zoom.webhook", + "event.ingested": "2020-08-04T20:19:15.626270Z", "event.kind": [ "event" ], @@ -201,9 +205,10 @@ "zoom.webinar.uuid": "czLF6FFFoQOKgAB99DlDb9g==" }, { - "@timestamp": "2020-08-04T18:53:23.693Z", + "@timestamp": "2020-08-04T20:19:14.530Z", "event.action": "webinar.ended", "event.dataset": "zoom.webhook", + "event.ingested": "2020-08-04T20:19:15.626376Z", "event.kind": [ "event" ], @@ -238,9 +243,10 @@ "zoom.webinar.uuid": "czLF6FFFoQOKgAB99DlDb9g==" }, { - "@timestamp": "2020-08-04T18:53:23.693Z", + "@timestamp": "2020-08-04T20:19:14.530Z", "event.action": "webinar.alert", "event.dataset": "zoom.webhook", + "event.ingested": "2020-08-04T20:19:15.626471Z", "event.kind": [ "event" ], @@ -273,9 +279,10 @@ "zoom.webinar.uuid": "4118UHIiRCAAAtBlDkcVyw==" }, { - "@timestamp": "2020-08-04T18:53:23.693Z", + "@timestamp": "2020-08-04T20:19:14.530Z", "event.action": "webinar.sharing_started", "event.dataset": "zoom.webhook", + "event.ingested": "2020-08-04T20:19:15.626568Z", "event.kind": [ "event" ], @@ -317,9 +324,10 @@ "zoom.webinar.uuid": "4118UHIiRCAAAtBlDkcVyw==" }, { - "@timestamp": "2020-08-04T18:53:23.693Z", + "@timestamp": "2020-08-04T20:19:14.530Z", "event.action": "webinar.sharing_started", "event.dataset": "zoom.webhook", + "event.ingested": "2020-08-04T20:19:15.626666Z", "event.kind": [ "event" ], @@ -361,9 +369,10 @@ "zoom.webinar.uuid": "4118UHIiRCAAAtBlDkcVyw==" }, { - "@timestamp": "2020-08-04T18:53:23.693Z", + "@timestamp": "2020-08-04T20:19:14.530Z", "event.action": "webinar.registration_created", "event.dataset": "zoom.webhook", + "event.ingested": "2020-08-04T20:19:15.626770Z", "event.kind": [ "event" ], @@ -416,9 +425,10 @@ "zoom.webinar.uuid": "dj12vck6sdTn6yy7qdy3dQg==" }, { - "@timestamp": "2020-08-04T18:53:23.693Z", + "@timestamp": "2020-08-04T20:19:14.531Z", "event.action": "webinar.registration_approved", "event.dataset": "zoom.webhook", + "event.ingested": "2020-08-04T20:19:15.626870Z", "event.kind": [ "event" ], @@ -460,9 +470,10 @@ "zoom.webinar.uuid": "dj12vck6sdTn6yy7qdy3dQg==" }, { - "@timestamp": "2020-08-04T18:53:23.693Z", + "@timestamp": "2020-08-04T20:19:14.531Z", "event.action": "webinar.registration_denied", "event.dataset": "zoom.webhook", + "event.ingested": "2020-08-04T20:19:15.626975Z", "event.kind": [ "event" ], @@ -502,9 +513,10 @@ "zoom.webinar.uuid": "dj12vck6sdTn6yy7qdy3dQg==" }, { - "@timestamp": "2020-08-04T18:53:23.693Z", + "@timestamp": "2020-08-04T20:19:14.531Z", "event.action": "webinar.registration_cancelled", "event.dataset": "zoom.webhook", + "event.ingested": "2020-08-04T20:19:15.627079Z", "event.kind": [ "event" ], @@ -543,9 +555,10 @@ "zoom.webinar.uuid": "dj12vck6sdTn6yy7qdy3dQg==" }, { - "@timestamp": "2020-08-04T18:53:23.694Z", + "@timestamp": "2020-08-04T20:19:14.531Z", "event.action": "webinar.participant_joined", "event.dataset": "zoom.webhook", + "event.ingested": "2020-08-04T20:19:15.627178Z", "event.kind": [ "event" ], @@ -583,9 +596,10 @@ "zoom.webinar.uuid": "czLF6FFFoQOKgAB99DlDb9g==" }, { - "@timestamp": "2020-08-04T18:53:23.694Z", + "@timestamp": "2020-08-04T20:19:14.531Z", "event.action": "webinar.participant_left", "event.dataset": "zoom.webhook", + "event.ingested": "2020-08-04T20:19:15.627273Z", "event.kind": [ "event" ], diff --git a/x-pack/filebeat/module/zoom/webhook/test/zoomroom.ndjson.log-expected.json b/x-pack/filebeat/module/zoom/webhook/test/zoomroom.ndjson.log-expected.json index c40805e2dce..601141d9bbb 100644 --- a/x-pack/filebeat/module/zoom/webhook/test/zoomroom.ndjson.log-expected.json +++ b/x-pack/filebeat/module/zoom/webhook/test/zoomroom.ndjson.log-expected.json @@ -1,8 +1,9 @@ [ { - "@timestamp": "2020-08-04T18:53:17.171Z", + "@timestamp": "2020-08-04T20:19:08.054Z", "event.action": "zoomroom.alert", "event.dataset": "zoom.webhook", + "event.ingested": "2020-08-04T20:19:09.146634Z", "event.kind": [ "event" ], @@ -29,9 +30,10 @@ "zoom.zoomroom.room_name": "MyFabulousZoomRoom" }, { - "@timestamp": "2020-08-04T18:53:17.171Z", + "@timestamp": "2020-08-04T20:19:08.054Z", "event.action": "zoomroom.delayed_alert", "event.dataset": "zoom.webhook", + "event.ingested": "2020-08-04T20:19:09.146810Z", "event.kind": [ "event" ], @@ -58,9 +60,10 @@ "zoom.zoomroom.room_name": "MyFabulousZoomRoom" }, { - "@timestamp": "2020-08-04T18:53:17.172Z", + "@timestamp": "2020-08-04T20:19:08.054Z", "event.action": "zoomroom.checked_in", "event.dataset": "zoom.webhook", + "event.ingested": "2020-08-04T20:19:09.146905Z", "event.kind": [ "event" ], @@ -91,9 +94,10 @@ "zoom.zoomroom.room_name": "Sharks Room" }, { - "@timestamp": "2020-08-04T18:53:17.172Z", + "@timestamp": "2020-08-04T20:19:08.054Z", "event.action": "zoomroom.checked_in", "event.dataset": "zoom.webhook", + "event.ingested": "2020-08-04T20:19:09.146985Z", "event.kind": [ "event" ], From 672e3cc9ddebf73f01a06d390293c1d6a4dbe0ab Mon Sep 17 00:00:00 2001 From: P1llus Date: Thu, 6 Aug 2020 01:14:51 +0200 Subject: [PATCH 09/16] adding lots of new date logic to parse different timestamps, updated fields.yml with less fields and merged multiple fields together --- x-pack/filebeat/module/zoom/fields.go | 2 +- .../module/zoom/webhook/_meta/fields.yml | 92 ++++------ .../module/zoom/webhook/ingest/account.yml | 12 +- .../zoom/webhook/ingest/chat_channel.yml | 27 ++- .../zoom/webhook/ingest/chat_message.yml | 21 +++ .../module/zoom/webhook/ingest/meeting.yml | 86 ++++++++- .../module/zoom/webhook/ingest/phone.yml | 128 ++++++++++++- .../module/zoom/webhook/ingest/pipeline.yml | 20 +- .../module/zoom/webhook/ingest/recording.yml | 37 ++++ .../module/zoom/webhook/ingest/user.yml | 19 ++ .../module/zoom/webhook/ingest/webinar.yml | 28 +++ .../test/account.ndjson.log-expected.json | 18 +- .../chat_channel.ndjson.log-expected.json | 14 +- .../chat_message.ndjson.log-expected.json | 21 +-- .../test/meeting.ndjson.log-expected.json | 172 +++++++----------- .../test/phone.ndjson.log-expected.json | 63 +++---- .../test/recording.ndjson.log-expected.json | 138 +++----------- .../test/user.ndjson.log-expected.json | 60 ++---- .../zoom/webhook/test/webinar.ndjson.log | 2 +- .../test/webinar.ndjson.log-expected.json | 119 ++++-------- .../test/zoomroom.ndjson.log-expected.json | 12 +- 21 files changed, 595 insertions(+), 496 deletions(-) diff --git a/x-pack/filebeat/module/zoom/fields.go b/x-pack/filebeat/module/zoom/fields.go index e664a9f08c6..7a2df6de41f 100644 --- a/x-pack/filebeat/module/zoom/fields.go +++ b/x-pack/filebeat/module/zoom/fields.go @@ -19,5 +19,5 @@ func init() { // AssetZoom returns asset data. // This is the base64 encoded gzipped contents of module/zoom. func AssetZoom() string { - return "eJzEnF+P27gRwN/vUxB52gB7OdwVLdB9KBDs5tptk7s0l+0B9yLQ1NhiliYVkrLj/fQF/8myLUuyPfTtQ7B2tMMfh8PhzJDi9+QZNnfkRanld4RYbgXckT/CpxIM07y2XMk78o/vCCHkgyobAWSuNKmoLAWXC8IlU0v3i/szsoZZpdQz0fC1AWPNd4TMOYjS3HkB7ud7IukS2kbTj93UcEcWWjV151sNAqiBOzIDSzvflzCnjbCFF35H5lQY2PnvA/b00+lDTbVpyd9+fCS/B3rzpvMX+/jdLiypsaALyphqpC14ufNU6tMzbNZK7//fAKLH9KLJ2yDa6YFaKIlVhBJTA+NzzshvzSw90ctnmlkWuE+RZqx9VYOmVmnUxp8M6McHYitqidV8sQDtFFMBgRWMgOBSONk/vFtSLrrj40gaA/o0wpzDFGU7pakRDMuXYCxd1r0UJbVwGsLnJG9fQ8MIxZ/MwDRQJ65wbeINyH0USw7E7pnBG7WWkGXaqPnWQNeVMuCcRGqWrKkJfYfyh5Ibaoxi3H0ahAU3BfBIh2YUEMq8Bh1pDXqu9BJKouQEbWbBzKHP5Avct3i8v1cgCZUtm5NOuCFN7aZUeUtsxY37wvVHwpqsqGiAGBh0WC0sFZyafLRePCKuaepa6dw67raSAR7Zoo/R+2YuwGcVtQWrqJQg3uAq/LMDcMqN8zC2EtbeihoyA9ensoTyh6Uq+Zy7mQgCjs3BHVZM/+tIt/4XlxN3lfq8qb0+E2PfqvmG3FNJZkB+vHmUK27h+1+l2Ly+JT/dfNR8RS28JkqTv9x8bGaCs9cT+oAceTxQC4TK0scTZO1MO3Wo65VPV7ZDKZxQJNB3tWIVGuUSjKELQDXdJ8m/Nl3rTRbhWiSxxXGkPFYapd8SFgwSuK1Ak1dWFUxJS5l95SzRfw6afTWOij3GPcYYm7pwmLFnTTBGREADxrhAGtMefwsyHx98Ft91p3uuarJpRkvJEyLSstRgTG9Ea0CWXC7Oo82QHsxAKLnwRB1KDQz4yn1LT6AMY4JKeR9kPj6cP9KRCjcMiVwhFDkXre/Bi6jeEmO1GzVvMFwmQ5s3QrTT20cgbo6bY8nwEsByubjOkhIbGwT5orgsGo04UV1w9vTpvRsyJzyO2zhJ02CHiE9P5+mkUgbXIXiYnZoBU3LOF43eEhHX6iCWVTVniFBO3DnqORp7cGlhAfuFwcmxR1BDXB4HCYyl2uaLKToWS3xTIzjuj16URM19eYxjnVyfLhoo2yU6wbURixnkKxvtS2W9fG6NOt2ak0g3crTl4ZIsuWwsDPNwYxpAr2+k5dWl2cal3r4Zsua26irt1msRvtFlLeCOvHqSxtKZAEKbkivytaGC201/XJs6UFNjejAv6MLHKPFwwTs+H+tKyVzJSbI034aL+ZmSK9Dm0I52adwY5Iil9njW0g91Zx/nngpB3qsFmUFYpd3wHpu4gbVUaykULXGXv4co1a+BCXulODuMh3dxXHTB5aJAd25uvraeIuQjlLjWrNOlC1fATwFuqq3hMSoE9AdaAZcpKYFZKPMAl4dZHgI0lWYN+mrEicnzhrYHLdI9W4Asr4kGshxnuk4FhIqh+YG8ij3srGDtBB1bw7ZKAV3IZjk7iHcuSX28WBLE7i8FU3xI4sJNyCJVTz52CpPv1PFNwNNHMHK5Pz/KFUpZsY4VS6wWtKTC11R/unn3LX4c70GutS2lBKE752oYrsJ3vgVAAd8sSIO/E/wuyQ2m0MUdsYtZqMnc+of/20ADt4Q2Vn0CBr45bqwzE1NRDe+5hH/uHanpt5RsUVDsWg3aKEnWPkngklse+hh7Pc7nP6B7r48+NvslOK9Bo55GubUXbNKtxcge2nEy/ITvc0r1TiQpYcUZIE+oBy80zCafd842J0BBRsvvhgrQKmu6D8o9Mw/56CRjB+Ql+2Ar90LffW2PcYA6UYnIfFPITlgAx0Kgi/bu+oPGIxNlZ8v5vHgI/iz/fJ5tXMtnn0l3fT9+Kmjebdw9/xnKPMfPFGpgSpdX20hpmxuBwd3C6Nu+mEqCvoWxu8458en3thidNr8CxZGiwhYx53ZGYtoz8anay+OhW/lt8rFshOW1gDZx8We/zC2p/Ul9wipgz+FIfalYswRpjxdgt/jXLG+1rQ7ulHRUi++GY3nTu+KdbZIt20GXD8Eylpd2WUYKTJ1hdFlntr1ZyhgYc9q0UJaKwvAXrArOZyeQOIG9apptxpXU/lYcvjpxPtg28NsCzbmAg4MnJ/njrCdiup65fxNpood2KRLushqWjr4jO8dXeE8x59pgHyt2NMQL7q1oTsESNA+Vk3s2FLJxeSA4+vbACAzuAupZ+sq8U1DyZK4eKUSp/YnXdDTvt/QGmS1KJUyVZ6mNqWVNJT6Vl3qWspYce/h8GZWK1j+e56QaA8UxuJlSAuh+TDEC9zhPhxkqasjHD48EJJ2JIXddc4YbKPzcCJEiBV9y1sqtf6TmzDZ6N510BMfRVlRyu0F2l790alsHw6hdvHyO08pXIegc90rB6bDWBJWLBvUA4/so8XQWH7s8A6Iv+JcLUp5hQwzYiRBaCeScoaMHJ3wiRwl1f5CJwVFC7XIol+dNxKk1GJDMv+RpG8QzVfeN1g4jNUBCA27SjRDF6VhItR+9X1YrTtPcy23V8zQ8WshFqyOJsPcuQi0WULq8RWmimqG1VXCQNlMdOAg/cNBtxXem1drveS4puyVrLm8Jb095UVlqxQcWmhVocyxJPgv7f0FgW0Ptp+8FWsOMS4qcqxycgEsLSWxtkCTfYeqOk+ieq54ClaEoeY5uclUk29dWthrqVienoCFXIj+kdLvvgPUkniyOIUpPB6xbhxAPx/z15vfwwOtb8rebT8Aa7d93SH+25rZSjSVz/g2C7/M7Rn8/8mj3ucHOXrNYmQCHSpXtIOSLBneKlA71oKw0xUoyFyyTrkbKlYmGLkCWNFtkFMSfMqkzntHedcadQuoULuzD7299Ol0rZ9DhyLshdOZmKt2Ooek8IsMb5/4unl7SF6WWLofKu7fmdzX07r1FPQzunwyHIzpD2D0nMRGKUeHMMcNBSy/2IqSsg5Za2QnQJhL67PtKeL4tsr0iZPsWiIf9NK7OisoF4Ga9/4FNq7cPnGll1NwlWKpsmDXh7anog32lXkNIvqzp3lO12gbMtO3wyBwCoxrNIO8GRJ+22wHhPkk61WKujdtyEW4NiPmIe3TONpMjpwK0NS7Aii59L0DYkrpHrCHwteH18lh9q2X2cpEzz7cyvfkX7y5pDTe9JJu2t33rb7wDFjzE6P4r/4BJu+Jz1ci4TsHUze/txFXLWsl9PVypf+0ghDemIsntTofbrxE7HUb1mUtE53rQa1Optd+Y3VuX4hC2F6/EfOLHm8/purZ4tOxeAHWfevuiYcGN1VTavGFHfEnQNQY6vpu/fYFR6cEYrgOJXW/7rS2vOcrW23dwe6L9Hq7sF3Mh6C7Htu7P2x1dZNoMu73vaSbWuLgheoHd0wVYnIxbxMDqntsNOiH2rux93JBF5nzh/dfVnMX4B6/DhnEGZ4k4fZyvRGf0NXDEYkH3bAAyKpdlY1CNM91umiRjEyu9X426APZXvaCSv4RMqW+fFwH4i5oV/gpnPOx/q1m4FRrdchvNKmq4XPgyajHXyPfxKGVAkthMOGzp28DuiFYCCi6L1FJRa8VQl7PUF7/hyyWh217FtnIZlFSFmhewrIXaAGb9b3tUsRVOWOxmZwcNZ01cuoQEczyiRCJgbrFxM15t5G+j9rs6qTWfxzVudkzcnquptpzxOnvG02lo98qMwbtFOnS532ZF4cM/jtmNzy9m9LaYdZOL7kC69qA8AVAAXWU+KrFL6Gf8dD5TUecLihIs5cK8EVw+F6GsiTfsH8BWqnSDHpsLpcFSq3qmvnUrtCfzMiUtalWqPe8RBHfunqvo0VtGBgDnXEDhtIrrLv2pQSf2YsDhszxn78iGW3F80SWO+dDu8BAgtjW26guC9xTYi6dEWYR3iHox5oJaCxJOBHmUTDQlhD1OJcr4mlI8+1SX1IbrLNXsCzBLBH9O9yq0d26la7BHVm8D1j2PSu+3++JpNsosX0HbzK4vPw3//wEAAP//BZ5GoQ==" + return "eJzUnF9v27oVwN/vpyD6lAJpit5hA5aHAUXSu2VL7+3SZgXui0BTRxYbilRJyq7z6Qf+k2RblmSH9N36UMSOcvjjIXl4/lB8g55gc42ehah+QkhTzeAa/e4+5aCIpLWmgl+jv/2EEEIfRd4wQIWQqMQ8Z5QvEeVEVOYH82doDYtSiCck4XsDSqufECoosFxdWwHm3xvEcQVto+Gf3tRwjZZSNHXvWwkMsIJrtACNe9/nUOCG6cwKv0YFZgq2fr3HHv71+lBjqVry95/u0FdHr656f7GL3+9ChZUGmWFCRMN1RvOtp0KfnmCzFnL3dyOIFtOKRu+daKMHrCFHWiCMVA2EFpSgz80iPDHIp5pFErgHTzPVvqhBYi1k1MYfFci7W6RLrJGWdLkEaRRTAoIVTIDEpTCy336oMGX98TEkjQJ5HGHKYfKyjdLEBIamFSiNq3qQIscajkP4EuTtaugwApGAjbjMtBlPGTdeLNoTuzMEV2LNIcmUFUU3OdalUGAWaGgWrbFyfYf8bU4VVkoQaj6NwoKZfvFIx2YzIEysBg1pDbIQsoIcCT5Dm0kwU+gzrEPzbTzeryVwhHnLZqQjqlBTmyWVXyJdUmW+MP3hsEYrzBpACkaNRQuLGcUqHa0VHxFXNXUtZGod91tJAB95Rh+it828AJ+UWGekxJwDu4qr8C8GwCjXr0Pfitv3SqzQAkyf8hzyt5XIaUHNSgQGh9bgFmtM+2tIO/sblzPuLvVlU1t9BsahXfMK3WCOFoDeXdzxFdXw5jfONq8v0c8XnyRdYQ2vkZDoTxefmgWj5PXhPlSgFF5CVF0/cvq96as7dMG0iHyL00hp1OqlXyLiNAhUlyDRKy0yIrjGRL8yqrOf3Qi8mkZVoJTxV2Jq8bOTeXdrA5X+rN2ZEbMV6vuXZifGeS5BqUHHQQHPTZR1Em0CL2wBTPClJepRSiBAV+ZbfASlG5OolDdO5t3t6SPtqeJae8/lLP6paEMPvojqPVJamlGzE4byMNGKhrGA5Qy9cQfVoZijAtCUL89jCH1joyBNE3v/e3w8jaQUKu4ytDBbARERvKDLRnZEyLQ6iqVFTUlEKCPuFPWk2qecGnz8MkqgNJY6M4F7pJj9FmtAmOc2GeDXt8OxTU3gmD96FjyqY09JiYJc6wsryNuNMcC1qQs1ypc30uYBBvnMznD8bA4izcjhlodyVFHeaBjnoUo1ED14C5uaiSGUiStsM2hNddlX2qXVIvzAVc3gGr165ErjBQOEm5wK9L3BjOrNsA8UOlBjpQYwX9CFT17i/jZzeD3WpeCpHNkw02wbxj8kgq9Aqv15tE1jxiCFB7PDs+Z2qHsJ4hvMGLoXS7QAtzea4T20cB1rLtacCZxnjYzoHd56qejx4b7FXglK9r3QbRyzp1O+zKIbN7NeW0uB1m6xmNa00aVxEsAuAarKbuIRzBgMuzcOlwjOgWjI0wDnWxY5FjTmag3ybMSByfK6tkdnpHk2A56fEw14Ps10nmgZs7H1EXkXu93awdoFOrWHdUoBGdf2bvuHtoHd3aClfDuhK8+Xyhp7yBqkEhytrbNCOdXUwXr+aT7eVAuQkase1tx5p9I10OY+3l3ccQ2SY2bTRT9ffPjhP85gTZpI7K+BcbPraOyHzHUvohdid9dfrdTxmThvfOGHBq7iF7Y+BLntQPdId8bcrIFL+7t/N9DAJcKNFg9AwEqnSpuZoEos4Z5y+PtOMX6yY7GHoOsaHxiGabL4sciXEIUcSZLDihKIPPK3VqgbdhsSLTZHQEX2lvct9l6a6DiLnc5/HjQzO1vfTMT/JUMI/0dbCJzbaO9Nxnnj+wcYbTiD0YY/ymifOAxnMuQn0p3fuB8LamKedCnCHWvl0hKHD/hIIELmZ0u3t81NwMRNuQ+l2+eSRE+5b+97Rnz4uU2ehhKJozgQBHeIKdPvgWlnis/VXpqMfCu/NctVwzStWbc52oMY6hLV9sgqIiWQJ3e2NBekqYDrwwnDDv+c6Zi21dHMfk+18c2wT8dZU7yV1u/Y9rq8D5YwHbLNMpEQ6Q2j2Y/jJlNt4ezh3qZ4CQGljlsWQmOWKfo8PHonVD6MQGQEDqppsZlWUvtTtn+G+HSwzvvrgArKYO94wlzVdZhGTO+jXTXJlukpK/QgKvDh/SQ+aEG5zUPP2eSSHkbpb3fDlaSZ255xwFMEy0OnZQ67TZaioFLFPjhpaJAVPHi4Yw4Ww2mojNyToSJPLgsEB89HT8DE9Uosi/U7TkBJE3lbJOf6+7jvZDS7GchNZDYvFRGRn6Q2Iqoa8/hUVupJyqpo7OGzNQzMWvt4mpFqFGSH4BZCMMC7jtoE3F0RTjSUWKFPH+8QcLxgY+a6piSu9/VLw1hwv2y9RwqzxaKaEt3I7RjdEBxGW2FO9Sayufy1lzbcG0ZpgpBTjFa6tEvvzFfw+Me1xjBfNlHPDt57icezWN/lCSLagn8YJ+UJNkiBngkhBYsciPX0YITP5MihHvaBY3DkUBu31wTPM3FqCQo4AeOc6ybiwaqbRkqDERpArgGz6CaI/HLMuNgNiV6W6w7L3Mpt1fM4CkMYBa5jlwjCWwtW+J4pbF9YWEixtsnsCpNLtKb8EtH2UBXmuRR0xKSvQKpDMf5J2P9xAtsU8DD9INAaFpTjyFHB3oGzYLJ9a6Mk3wTlafINveWoBTLtWLg5UAlyqqfoJlVCtX03o9NQP7k6By1yIvVjCGyHzjPP4kliGLz0cJ65NQj+/Zs/X3x1D7y+RH+5eADSSHuoP/zZmupSNBoV9Ae4nIOtN/71wKP950Y7e85cawAcy+O0g5DO79rKsRrUvazYnFmSON8adDWRbQ00eAk8x8l8ECf+mEWd8Ej0tjHu5YHncMU+a/7eBq61MBPanTBXCC/MSsXdGKreI9y9vWrv1BgkfRaiMtFK2tKgLcrI7ftHBhjMf5HDtJ2p1T/sMROKYGamo4z9epcX+yKkpIMWWtly0GYS2jj3THi2LdRdN9C9dGFhH6bVWWK+hLjx5b9g0+rtIyVSKFGYUEbkDdEKUa5h6W2wzYlLcGGOVv37Zladw4zbDk+sIVCikQTSpvqHtN0OCOWm68fOmHPjtlyIagWsmDCPxtgmMuSYgdTKOFjepO84CB2peUQrBN8bWleHMkkts5UbOfJ8z93cBenvQWgnbngTNFTnbetX1gAz6nx0+5V9QIWifiEa7vcpmFu77xauqGrBd/Vwpv61g+BeUPIkl1sdbr+O2Gk3qk/0QH0xTq9VKda2rryzL/khbC9x8PHEu4sv4dolfzDxhgE2nwb7ImFJlZaY67Ruh38nzzQG0r+A3r0vKOSoD9eDjJ3Z+twmsgxla+17uAPe/gBX8kt+IuguRQH1l652Gpk2QV31Hidi9ZtbRCuwXcePxUmojuhY3VC9iU4Yu/5540ufkTmf6fA1cScx/k5rV5pNYCwjLh9jK6Mz2hx4xGRBvwofGZXyvFFRJ2e4pTBIjk0s5G426gWwv8kl5vTZRUpDFdUIwN/EIrNXscbD/qdYuNtdo8/cRpISK8qXNo2aFTLypTNCKODIN+POito2YndECgYZ5VloKaulIFG3s9AXW1qlHOGuV76tVBOKi0wUGVQ1ExuImf/rTlq2whHx3exV0OLsiZUJSGKOh5eIGBQ6Nm66apy7VdZWdUJrNo5rzOqYWZ6rsdSU0Dp5xNNraPuGitGrPHp0qV/ajsIX/+Bj3z9/MaOdi0mLXHgL0rQH+RGADPAq6utJU4R2xc/nUyU2tiDLQWPK1BWj/Clzac14w/4RdClyM+i+OZcazKWoF+JHP0N7NC8RXEfNSrXnPZzg3gVrJT54qccIYEEZZEarcc2lPZ9nxL4YcPz9uZMrsu4SGpt08WM+Vh0eA4w9G1v1OcE7ChzEEyzP3CtQgxgFw1oDhyNB7jhhTQ6uxilY7t+ycnV1eyeuu7NRLL4B0YjRp/DCbHvFVbhSd2L3VqDN81HpbbnPnxvDRNMVtM1s2/Lj8P8bAAD//+6SIKA=" } diff --git a/x-pack/filebeat/module/zoom/webhook/_meta/fields.yml b/x-pack/filebeat/module/zoom/webhook/_meta/fields.yml index 94cc1299ff4..62f1c447f00 100644 --- a/x-pack/filebeat/module/zoom/webhook/_meta/fields.yml +++ b/x-pack/filebeat/module/zoom/webhook/_meta/fields.yml @@ -29,10 +29,6 @@ type: date description: > Timestamp related to the event - - name: time_stamp - type: date - description: > - Timestamp related to the event - name: creation_type type: keyword description: > @@ -77,14 +73,6 @@ type: keyword description: > Type of channel related to the event. Can be 1(Invite-Only), 2(Private) or 3(Public) - - name: chat_channel.timestamp - type: date - description: > - Date and time when channel was created/modified/deleted - - name: chat_channel.date_time - type: date - description: > - Epoch time when channel was created/modified/deleted - name: chat_message.id type: keyword description: > @@ -93,14 +81,6 @@ type: keyword description: > Type of message, can be either "to_contact" or "to_channel" - - name: chat_message.date_time - type: date - description: > - Date and time when message was created/modified/deleted - - name: chat_message.timestamp - type: date - description: > - Epoch when message was created/modified/deleted - name: chat_message.session_id type: keyword description: > @@ -129,10 +109,6 @@ type: keyword description: > Unique ID of the related meeting - - name: meeting.join_url - type: keyword - description: > - The URL to join the meeting - name: meeting.uuid type: keyword description: > @@ -146,7 +122,7 @@ description: > Topic of the related meeting - name: meeting.type - type: integer + type: keyword description: > Type of meeting created - name: meeting.start_time @@ -205,38 +181,30 @@ type: long description: > Duration of a voicemail in minutes - - name: phone.caller_number - type: keyword - description: > - Caller number related to the voicemail - - name: phone.caller_name - type: keyword - description: > - Caller name related to the voicemail - - name: phone.caller_number_type - type: long - description: > - Caller type related to the voicemail, can either be 1(Internal) or 2(External) - - name: phone.caller_user_id + - name: phone.caller.id type: keyword description: > - UserID of the caller related to the voicemail - - name: phone.callee_user_id + UserID of the caller related to the voicemail/call + - name: phone.caller.user_id type: keyword description: > - UserID of the callee related to the voicemail - - name: phone.callee_extension_type + UserID of the person which initiated the call + - name: phone.caller.number_type type: keyword description: > - Extension type of the calle related to the voicemail, can be user, callQueue, autoReceptionist or shareLineGroup - - name: phone.caller.user_id + The type of number, can be 1(Internal) or 2(External) + - name: phone.caller.name type: keyword description: > - UserID of the person which initiated the call + The name of the related callee - name: phone.caller.phone_number type: keyword description: > Phone Number of the caller related to the call + - name: phone.caller.extension_type + type: keyword + description: > + Extension type of the caller number, can be user, callQueue, autoReceptionist or shareLineGroup - name: phone.caller.extension_number type: keyword description: > @@ -249,30 +217,30 @@ type: keyword description: > Device type used by the caller - - name: phone.callee_id + - name: phone.callee.id type: keyword description: > - UserID of the related callee of the voicemail + UserID of the callee related to the voicemail/call - name: phone.callee.user_id type: keyword description: > - UserID of the related callee of a call - - name: phone.callee_name + UserID of the related callee of a voicemail/call + - name: phone.callee.name type: keyword description: > - The name of the callee related to the voicemail - - name: phone.callee.phone_number + The name of the related callee + - name: phone.callee.number_type type: keyword description: > - Phone Number of the callee related to the call - - name: phone.callee_number + The type of number, can be 1(Internal) or 2(External) + - name: phone.callee.phone_number type: keyword description: > - Number of the callee related to the voicemail - - name: phone.callee_number_type + Phone Number of the callee related to the call + - name: phone.callee.extension_type type: keyword description: > - Type of number related to the callee of the voicemail. Can be 1(Internal) or 2(External) + Extension type of the callee number, can be user, callQueue, autoReceptionist or shareLineGroup - name: phone.callee.extension_number type: keyword description: > @@ -333,6 +301,14 @@ type: long description: > Number of recording files related to the recording + - name: recording.recording_file.recording_start + type: date + description: > + The date and time the recording started + - name: recording.recording_file.recording_end + type: date + description: > + The date and time the recording finished - name: recording.host_email type: keyword description: > @@ -413,10 +389,6 @@ type: keyword description: > Personal notes for the User - - name: user.date_time - type: date - description: > - The date and time when user logged in or out - name: user.client_type type: keyword description: > diff --git a/x-pack/filebeat/module/zoom/webhook/ingest/account.yml b/x-pack/filebeat/module/zoom/webhook/ingest/account.yml index 75b460423ff..a873c6ae62c 100644 --- a/x-pack/filebeat/module/zoom/webhook/ingest/account.yml +++ b/x-pack/filebeat/module/zoom/webhook/ingest/account.yml @@ -22,6 +22,13 @@ processors: field: zoom.object.id target_field: zoom.sub_account_id ignore_missing: true +- date: + field: zoom.time_stamp + target_field: '@timestamp' + formats: + - UNIX_MS + if: ctx?.zoom?.time_stamp != null + ignore_failure: true - rename: field: zoom.object target_field: zoom.account @@ -29,7 +36,10 @@ processors: - append: field: related.user value: "{{zoom.account.owner_id}}" - if: "ctx?.zoom?.account?.owner_id != null" + if: ctx?.zoom?.account?.owner_id != null +- remove: + field: zoom.time_stamp + ignore_missing: true on_failure: - set: field: error.message diff --git a/x-pack/filebeat/module/zoom/webhook/ingest/chat_channel.yml b/x-pack/filebeat/module/zoom/webhook/ingest/chat_channel.yml index 2577dd893d1..8f3140d2799 100644 --- a/x-pack/filebeat/module/zoom/webhook/ingest/chat_channel.yml +++ b/x-pack/filebeat/module/zoom/webhook/ingest/chat_channel.yml @@ -15,11 +15,33 @@ processors: - append: field: event.type value: change - if: ctx?.event?.action == 'chat_channel.deleted' + if: ctx?.event?.action == 'chat_channel.updated' - rename: field: zoom.object target_field: zoom.chat_channel ignore_missing: true +- date: + field: zoom.chat_channel.timestamp + target_field: '@timestamp' + formats: + - UNIX_MS + if: ctx?.zoom?.chat_channel?.timestamp != null + ignore_failure: true +- remove: + field: zoom.chat_channel.date_time + ignore_missing: true + if: ctx?.zoom?.chat_channel?.timestamp != null +- date: + field: zoom.chat_channel.date_time + target_field: '@timestamp' + formats: + - ISO_INSTANT + if: "ctx?.zoom?.chat_channel?.date_time != null && ctx?.zoom?.chat_channel?.timestamp == null" + ignore_failure: true +- remove: + field: zoom.chat_channel.timestamp + ignore_missing: true + if: ctx?.zoom?.chat_channel?.timestamp != null - foreach: field: zoom.chat_channel.members processor: @@ -28,8 +50,7 @@ processors: value: "{{_ingest._value.id}}" # Removing to prevent nested values, added to related.user above - remove: - field: - - zoom.chat_channel.members + field: zoom.chat_channel.members ignore_missing: true on_failure: - set: diff --git a/x-pack/filebeat/module/zoom/webhook/ingest/chat_message.yml b/x-pack/filebeat/module/zoom/webhook/ingest/chat_message.yml index 28d3d2bd1bb..0e686080294 100644 --- a/x-pack/filebeat/module/zoom/webhook/ingest/chat_message.yml +++ b/x-pack/filebeat/module/zoom/webhook/ingest/chat_message.yml @@ -23,6 +23,27 @@ processors: field: related.user value: "{{zoom.chat_message.contact_id}}" if: "ctx?.zoom?.chat_message?.contact_id != null" +- date: + field: zoom.chat_message.timestamp + target_field: '@timestamp' + formats: + - UNIX_MS + if: ctx?.zoom?.chat_message?.timestamp != null + ignore_failure: true +- remove: + field: zoom.chat_message.date_time + ignore_missing: true + if: ctx?.zoom?.chat_message?.timestamp != null +- date: + field: zoom.chat_message.date_time + target_field: '@timestamp' + formats: + - ISO_INSTANT + if: ctx?.zoom?.chat_message?.timestamp == null + ignore_failure: true +- remove: + field: zoom.chat_message.timestamp + ignore_missing: true on_failure: - set: field: error.message diff --git a/x-pack/filebeat/module/zoom/webhook/ingest/meeting.yml b/x-pack/filebeat/module/zoom/webhook/ingest/meeting.yml index 056c47ef088..e0012edf8e4 100644 --- a/x-pack/filebeat/module/zoom/webhook/ingest/meeting.yml +++ b/x-pack/filebeat/module/zoom/webhook/ingest/meeting.yml @@ -36,10 +36,94 @@ processors: field: zoom.object target_field: zoom.meeting ignore_missing: true +- rename: + field: zoom.meeting.join_url + target_field: url.full + ignore_missing: true +- rename: + field: zoom.registrant.join_url + target_field: url.full + ignore_missing: true + if: ctx?.url?.full == null - append: field: related.user value: "{{zoom.meeting.host_id}}" - if: "ctx?.zoom?.meeting?.host_id != null" + if: ctx?.zoom?.meeting?.host_id != null +- date: + field: zoom.meeting.start_time + target_field: event.start + formats: + - ISO_INSTANT + if: ctx?.event?.action == 'meeting.started' + ignore_failure: true +- date: + field: zoom.participant.sharing_details.date_time + target_field: '@timestamp' + formats: + - ISO_INSTANT + if: ctx?.event?.action == 'meeting.sharing_started' + ignore_failure: true +- date: + field: zoom.participant.date_time + target_field: '@timestamp' + formats: + - ISO_INSTANT + if: "['meeting.participant_put_in_waiting_room', 'meeting.participant_joined_waiting_room', 'meeting.participant_left_waiting_room'].contains(ctx?.event?.action)" + ignore_failure: true +- date: + field: zoom.participant.join_time + target_field: '@timestamp' + formats: + - ISO_INSTANT + if: ctx?.event?.action == 'meeting.participant_joined' + ignore_failure: true +- date: + field: zoom.participant.leave_time + target_field: '@timestamp' + formats: + - ISO_INSTANT + if: ctx?.event?.action == 'meeting.participant_left' + ignore_failure: true +- date: + field: zoom.time_stamp + target_field: '@timestamp' + formats: + - ISO_INSTANT + if: ctx?.event?.action == 'meeting.updated' + ignore_failure: true +- script: + lang: painless + if: ctx?.zoom?.meeting?.duration != null + source: >- + ctx.event.duration = ctx.zoom.meeting.duration * 60L * 1000000000L; +- remove: + field: zoom.meeting.start_time + ignore_missing: true + if: ctx?.event?.action == 'meeting.started' +- remove: + field: zoom.meeting.duration + ignore_missing: true + if: ctx?.event?.duration != null +- remove: + field: zoom.participant.sharing_details.date_time + ignore_missing: true + if: ctx?.event?.action == 'meeting.sharing_started' +- remove: + field: zoom.participant.date_time + ignore_missing: true + if: "['meeting.participant_put_in_waiting_room', 'meeting.participant_joined_waiting_room', 'meeting.participant_left_waiting_room'].contains(ctx?.event?.action)" +- remove: + field: zoom.participant.join_time + ignore_missing: true + if: ctx?.event?.action == 'meeting.participant_joined' +- remove: + field: zoom.participant.leave_time + ignore_missing: true + if: ctx?.event?.action == 'meeting.participant_left' +- remove: + field: zoom.time_stamp + ignore_missing: true + if: ctx?.event?.action == 'meeting.updated' on_failure: - set: field: error.message diff --git a/x-pack/filebeat/module/zoom/webhook/ingest/phone.yml b/x-pack/filebeat/module/zoom/webhook/ingest/phone.yml index 910b5dcf344..2e363e3da42 100644 --- a/x-pack/filebeat/module/zoom/webhook/ingest/phone.yml +++ b/x-pack/filebeat/module/zoom/webhook/ingest/phone.yml @@ -19,18 +19,140 @@ processors: field: zoom.object target_field: zoom.phone ignore_missing: true +- rename: + field: zoom.phone.download_url + target_field: url.full + ignore_missing: true +- date: + field: zoom.phone.ringing_start_time + target_field: '@timestamp' + formats: + - ISO_INSTANT + if: "['phone.callee_ringing', 'phone.caller_ringing', 'phone.caller_ended'].contains(ctx?.event?.action)" + ignore_failure: true +- date: + field: zoom.phone.connected_start_time + target_field: '@timestamp' + formats: + - ISO_INSTANT + if: ctx?.event?.action == 'phone.caller_connected' + ignore_failure: true +- date: + field: zoom.phone.answer_start_time + target_field: '@timestamp' + formats: + - ISO_INSTANT + if: "ctx?.zoom?.phone.answer_start_time != null && ctx?.event?.action == 'phone.callee_answered'" + ignore_failure: true +- date: + field: zoom.phone.call_end_time + target_field: '@timestamp' + formats: + - ISO_INSTANT + if: "['phone.callee_missed', 'phone.callee_ended', 'phone.caller_ended', 'phone.callee_rejected'].contains(ctx?.event?.action)" + ignore_failure: true +- date: + field: zoom.phone.date_time + target_field: '@timestamp' + formats: + - ISO_INSTANT + if: ctx?.event?.action == 'phone.voicemail_received' + ignore_failure: true +# Calculates duration when duration is unknown but start and end time is known (with ringing_start_time) +- script: + lang: painless + if: "ctx?.zoom?.phone?.ringing_start_time != null && ctx?.zoom?.phone?.answer_start_time == null && ctx?.zoom?.phone?.call_end_time != null && ctx?.zoom?.duration == null" + source: >- + ctx.event.start = ctx.zoom.phone.ringing_start_time; + ctx.event.end = ctx.zoom.phone.call_end_time; + ZonedDateTime start = ZonedDateTime.parse(ctx.event.start); + ZonedDateTime end = ZonedDateTime.parse(ctx.event.end); + ctx.event.duration = ChronoUnit.NANOS.between(start, end); + +# Calculates duration when duration is unknown but start and end time is known (with answer_start_time) +- script: + lang: painless + if: "ctx?.zoom?.phone?.ringing_start_time == null && ctx?.zoom?.phone?.answer_start_time != null && ctx?.zoom?.phone?.call_end_time != null && ctx?.zoom?.duration == null" + source: >- + ctx.event.start = ctx.zoom.phone.answer_start_time; + ctx.event.end = ctx.zoom.phone.call_end_time; + ZonedDateTime start = ZonedDateTime.parse(ctx.event.start); + ZonedDateTime end = ZonedDateTime.parse(ctx.event.end); + ctx.event.duration = ChronoUnit.NANOS.between(start, end); + +# Duration is in minutes, so multiply by seconds and then multiply again to convert seconds to nano +- script: + lang: painless + if: ctx?.zoom?.duration != null + source: >- + ctx.event.duration = Integer.parseInt(ctx.zoom.duration) * 60L * 1000000000L; + +# Moving all voicemail related fields to their proper nested fields +# that already exists for all other phone webhooks +- rename: + field: zoom.phone.callee_user_id + target_field: zoom.phone.callee.user_id + ignore_missing: true +- rename: + field: zoom.phone.callee_extension_type + target_field: zoom.phone.callee.extension_type + ignore_missing: true +- rename: + field: zoom.phone.callee_id + target_field: zoom.phone.callee.id + ignore_missing: true +- rename: + field: zoom.phone.callee_name + target_field: zoom.phone.callee.name + ignore_missing: true +- rename: + field: zoom.phone.callee_number + target_field: zoom.phone.callee.phone_number + ignore_missing: true +- rename: + field: zoom.phone.callee_number_type + target_field: zoom.phone.callee.number_type + ignore_missing: true +- rename: + field: zoom.phone.callee_user_id + target_field: zoom.phone.callee.user_id + ignore_missing: true +- rename: + field: zoom.phone.callee_extension_type + target_field: zoom.phone.callee.extension_type + ignore_missing: true +- rename: + field: zoom.phone.caller_id + target_field: zoom.phone.caller.id + ignore_missing: true +- rename: + field: zoom.phone.caller_name + target_field: zoom.phone.caller.name + ignore_missing: true +- rename: + field: zoom.phone.caller_number + target_field: zoom.phone.caller.phone_number + ignore_missing: true +- rename: + field: zoom.phone.caller_number_type + target_field: zoom.phone.caller.number_type + ignore_missing: true - append: field: related.user value: "{{zoom.phone.callee.user_id}}" - if: "ctx?.zoom?.phone?.callee?.user_id != null" + if: ctx?.zoom?.phone?.callee?.user_id != null - append: field: related.user value: "{{zoom.phone.callee_user_id}}" - if: "ctx?.zoom?.phone?.callee_user_id != null" + if: ctx?.zoom?.phone?.callee_user_id != null - append: field: related.user value: "{{zoom.phone.caller.user_id}}" - if: "ctx?.zoom?.phone?.caller?.user_id != null" + if: ctx?.zoom?.phone?.caller?.user_id != null +- remove: + field: zoom.phone.date_time + ignore_missing: true + if: ctx?.event?.action == 'phone.voicemail_received' on_failure: - set: field: error.message diff --git a/x-pack/filebeat/module/zoom/webhook/ingest/pipeline.yml b/x-pack/filebeat/module/zoom/webhook/ingest/pipeline.yml index f2e1f68f2d1..95c95cba215 100644 --- a/x-pack/filebeat/module/zoom/webhook/ingest/pipeline.yml +++ b/x-pack/filebeat/module/zoom/webhook/ingest/pipeline.yml @@ -42,28 +42,26 @@ processors: ignore_missing: true - append: field: related.user - value: "{{zoom.operator_idl}}" + value: "{{zoom.operator_id}}" if: "ctx?.zoom?.operator_id != null" # Removing some fields that have complex nested arrays that might impact performance - remove: field: - message - _temp_ - - zoom.object.occurences - - zoom.old_object.occurences + - zoom.object.occurrences + - zoom.old_values.occurrences - zoom.object.recurrence - - zoom.old_object.recurrence + - zoom.old_values.recurrence - zoom.object.managed_domains - - zoom.old_object.managed_domains + - zoom.old_values.managed_domains - zoom.registrant.custom_questions - - zoom.object.registrant.custom_questions - - zoom.old_object.registrant.custom_questions + - zoom.old_values.registrant.custom_questions - zoom.object.call_logs - - zoom.old_object.call_logs - - zoom.object.recording_file - - zoom.old_object.recording_file + - zoom.old_values.call_logs - zoom.object.recording_files - - zoom.old_object.recording_files + - zoom.old_values.recording_files + - zoom.object.call_logs ignore_missing: true - pipeline: name: '{< IngestPipeline "meeting" >}' diff --git a/x-pack/filebeat/module/zoom/webhook/ingest/recording.yml b/x-pack/filebeat/module/zoom/webhook/ingest/recording.yml index 14fb2c4a4c6..9e5ba923b12 100644 --- a/x-pack/filebeat/module/zoom/webhook/ingest/recording.yml +++ b/x-pack/filebeat/module/zoom/webhook/ingest/recording.yml @@ -35,6 +35,39 @@ processors: field: zoom.object target_field: zoom.recording ignore_missing: true +- rename: + field: zoom.recording.share_url + target_field: url.full + ignore_missing: true +- date: + field: zoom.time_stamp + target_field: '@timestamp' + formats: + - UNIX_MS + if: ctx?.event?.action == 'recording.renamed' + ignore_failure: true +- set: + field: event.start + value: '{{ zoom.recording.recording_file.recording_start }}' + if: ctx?.event?.action == 'recording.started' +- set: + field: event.end + value: '{{ zoom.recording.recording_file.recording_end }}' + if: ctx?.event?.action == 'recording.stopped' +- script: + lang: painless + if: "ctx?.event?.end != null && ctx?.event?.start != null && ctx?.event?.action == 'recording.stopped'" + source: >- + ZonedDateTime start = ZonedDateTime.parse(ctx.event.start); + ZonedDateTime end = ZonedDateTime.parse(ctx.event.end); + ctx.event.duration = ChronoUnit.NANOS.between(start, end); +- date: + field: zoom.recording.recording_file.recording_start + target_field: '@timestamp' + formats: + - ISO_INSTANT + if: "ctx?.zoom?.recording?.recording_file?.recording_start != null && ctx?.event?.action == 'recording.started'" + ignore_failure: true - append: field: related.user value: "{{zoom.recording.host_id}}" @@ -43,6 +76,10 @@ processors: field: related.user value: "{{zoom.recording.registrant.id}}" if: "ctx?.zoom?.recording?.registrant?.id != null" +- remove: + field: zoom.time_stamp + ignore_missing: true + if: ctx?.event?.action == 'recording.renamed' on_failure: - set: field: error.message diff --git a/x-pack/filebeat/module/zoom/webhook/ingest/user.yml b/x-pack/filebeat/module/zoom/webhook/ingest/user.yml index 737292dab04..02afc6d6636 100644 --- a/x-pack/filebeat/module/zoom/webhook/ingest/user.yml +++ b/x-pack/filebeat/module/zoom/webhook/ingest/user.yml @@ -32,10 +32,29 @@ processors: field: zoom.object target_field: zoom.user ignore_missing: true +- date: + field: zoom.time_stamp + target_field: '@timestamp' + formats: + - UNIX_MS + if: "['user.updated', 'user.settings_updated'].contains(ctx?.event?.action)" + ignore_failure: true +- date: + field: zoom.user.date_time + target_field: '@timestamp' + formats: + - ISO_INSTANT + if: "['user.signed_in', 'user.signed_out', 'user.personal_notes_updated', 'user.presence_status_updated'].contains(ctx?.event?.action)" + ignore_failure: true - append: field: related.user value: "{{zoom.user.id}}" if: "ctx?.zoom?.user?.id != null" +- remove: + field: + - zoom.time_stamp + - zoom.user.date_time + ignore_missing: true on_failure: - set: field: error.message diff --git a/x-pack/filebeat/module/zoom/webhook/ingest/webinar.yml b/x-pack/filebeat/module/zoom/webhook/ingest/webinar.yml index b6a78331c58..f136fab304e 100644 --- a/x-pack/filebeat/module/zoom/webhook/ingest/webinar.yml +++ b/x-pack/filebeat/module/zoom/webhook/ingest/webinar.yml @@ -40,6 +40,34 @@ processors: field: zoom.object target_field: zoom.webinar ignore_missing: true +- date: + field: zoom.time_stamp + target_field: '@timestamp' + formats: + - UNIX_MS + if: ctx?.event?.action == 'webinar.updated' + ignore_failure: true +- date: + field: zoom.webinar.start_time + target_field: '@timestamp' + formats: + - ISO_INSTANT + if: ctx?.event?.action == 'webinar.started' + ignore_failure: true +- date: + field: zoom.participant.join_time + target_field: '@timestamp' + formats: + - ISO_INSTANT + if: ctx?.event?.action == 'webinar.participant_joined' + ignore_failure: true +- date: + field: zoom.participant.leave_time + target_field: '@timestamp' + formats: + - ISO_INSTANT + if: ctx?.event?.action == 'webinar.participant_left' + ignore_failure: true - append: field: related.user value: "{{zoom.webinar.host_id}}" diff --git a/x-pack/filebeat/module/zoom/webhook/test/account.ndjson.log-expected.json b/x-pack/filebeat/module/zoom/webhook/test/account.ndjson.log-expected.json index e2dd9b074cb..0c4ff0e7850 100644 --- a/x-pack/filebeat/module/zoom/webhook/test/account.ndjson.log-expected.json +++ b/x-pack/filebeat/module/zoom/webhook/test/account.ndjson.log-expected.json @@ -1,12 +1,11 @@ [ { - "@timestamp": "2020-08-04T20:19:12.451Z", + "@timestamp": "2020-08-05T23:13:21.708Z", "event.action": "account.created", "event.category": [ "iam" ], "event.dataset": "zoom.webhook", - "event.ingested": "2020-08-04T20:19:13.545601Z", "event.kind": [ "event" ], @@ -22,7 +21,7 @@ "observer.product": "Webhook", "observer.vendor": "Zoom", "related.user": [ - "", + "uLohghhRgfgrbTayCX6r2Q_qQsQ", "e2ZHO5RSGqyfrmFnElxw" ], "service.type": "zoom", @@ -38,13 +37,12 @@ "zoom.sub_account_id": "aIxE1yiRR8WghhUIO6eu9L" }, { - "@timestamp": "2020-08-04T20:19:12.451Z", + "@timestamp": "2019-07-01T17:03:04.527Z", "event.action": "account.updated", "event.category": [ "iam" ], "event.dataset": "zoom.webhook", - "event.ingested": "2020-08-04T20:19:13.545813Z", "event.kind": [ "event" ], @@ -60,7 +58,7 @@ "observer.product": "Webhook", "observer.vendor": "Zoom", "related.user": [ - "" + "iKoRgfbaTazDX6r2Q_eQsQL" ], "service.type": "zoom", "tags": [ @@ -75,17 +73,15 @@ "zoom.old_values.id": "eFs_EGRCq6ByEyA73qCA", "zoom.operator": "theoperatoremail@someemail.com", "zoom.operator_id": "iKoRgfbaTazDX6r2Q_eQsQL", - "zoom.sub_account_id": "eFs_EGRCq6ByEyA73qCA", - "zoom.time_stamp": 1562000584527 + "zoom.sub_account_id": "eFs_EGRCq6ByEyA73qCA" }, { - "@timestamp": "2020-08-04T20:19:12.451Z", + "@timestamp": "2020-08-05T23:13:21.709Z", "event.action": "account.disassociated", "event.category": [ "iam" ], "event.dataset": "zoom.webhook", - "event.ingested": "2020-08-04T20:19:13.545915Z", "event.kind": [ "event" ], @@ -101,7 +97,7 @@ "observer.product": "Webhook", "observer.vendor": "Zoom", "related.user": [ - "", + "gdjfdhjLsuhfvhjd", "eZbcHO5RSGqyKAUmFnElxw" ], "service.type": "zoom", diff --git a/x-pack/filebeat/module/zoom/webhook/test/chat_channel.ndjson.log-expected.json b/x-pack/filebeat/module/zoom/webhook/test/chat_channel.ndjson.log-expected.json index 584b865ebdf..331ca3d03ae 100644 --- a/x-pack/filebeat/module/zoom/webhook/test/chat_channel.ndjson.log-expected.json +++ b/x-pack/filebeat/module/zoom/webhook/test/chat_channel.ndjson.log-expected.json @@ -1,9 +1,8 @@ [ { - "@timestamp": "2020-08-04T20:19:16.920Z", + "@timestamp": "2020-02-10T21:39:50.388Z", "event.action": "chat_channel.created", "event.dataset": "zoom.webhook", - "event.ingested": "2020-08-04T20:19:18.012505Z", "event.kind": [ "event" ], @@ -18,7 +17,7 @@ "observer.product": "Webhook", "observer.vendor": "Zoom", "related.user": [ - "", + "z8dfgdfguQrdfgdf", "z8dfgdfguQrdfgdf", "sdfdsfdsKIrrCYw" ], @@ -28,19 +27,16 @@ "forwarded" ], "zoom.account_id": "vbbvnvAdsfe", - "zoom.chat_channel.date_time": "2020-02-10T21:39:50Z", "zoom.chat_channel.id": "6dfgdfgdg444447b0egga", "zoom.chat_channel.name": "Delivering Happiness", - "zoom.chat_channel.timestamp": 1581370790388, "zoom.chat_channel.type": 1, "zoom.operator": "somememai@gmtsffjdfhail.com", "zoom.operator_id": "z8dfgdfguQrdfgdf" }, { - "@timestamp": "2020-08-04T20:19:16.921Z", + "@timestamp": "2020-02-10T21:39:50.388Z", "event.action": "chat_channel.member_invited", "event.dataset": "zoom.webhook", - "event.ingested": "2020-08-04T20:19:18.012902Z", "event.kind": [ "event" ], @@ -55,7 +51,7 @@ "observer.product": "Webhook", "observer.vendor": "Zoom", "related.user": [ - "", + "z8dfgdfguQrdfgdf", "s0hhFOCYw" ], "service.type": "zoom", @@ -64,10 +60,8 @@ "forwarded" ], "zoom.account_id": "vbbvnvAdsfe", - "zoom.chat_channel.date_time": "2020-02-10T21:39:50Z", "zoom.chat_channel.id": "6dfgdfgdg444447b0egga", "zoom.chat_channel.name": "Delivering Happiness", - "zoom.chat_channel.timestamp": 1581370790388, "zoom.chat_channel.type": 1, "zoom.operator": "somememai@gmtsffjdfhail.com", "zoom.operator_id": "z8dfgdfguQrdfgdf" diff --git a/x-pack/filebeat/module/zoom/webhook/test/chat_message.ndjson.log-expected.json b/x-pack/filebeat/module/zoom/webhook/test/chat_message.ndjson.log-expected.json index 1cb6a7d8732..b75d29e9e79 100644 --- a/x-pack/filebeat/module/zoom/webhook/test/chat_message.ndjson.log-expected.json +++ b/x-pack/filebeat/module/zoom/webhook/test/chat_message.ndjson.log-expected.json @@ -1,9 +1,8 @@ [ { - "@timestamp": "2020-08-04T20:18:59.994Z", + "@timestamp": "2020-02-11T22:02:11.930Z", "event.action": "chat_message.sent", "event.dataset": "zoom.webhook", - "event.ingested": "2020-08-04T20:19:01.089874Z", "event.kind": [ "event" ], @@ -19,7 +18,7 @@ "observer.product": "Webhook", "observer.vendor": "Zoom", "related.user": [ - "" + "zfdgdfgdfgfp8uQ" ], "service.type": "zoom", "tags": [ @@ -29,20 +28,17 @@ "zoom.account_id": "EPsdvdsgfdgxHMA", "zoom.chat_message.channel_id": "fsdgdgdgdfgdfgdfgdfgb10", "zoom.chat_message.channel_name": "AlwaysBeCodingChannel", - "zoom.chat_message.date_time": "2020-02-11T22:02:11Z", "zoom.chat_message.id": "EwwwwA-87F4-222222-8CD9-FA00000E6B9", "zoom.chat_message.message": "asd", "zoom.chat_message.session_id": "fcffdgfgffghfghgfhghgb10", - "zoom.chat_message.timestamp": 1581458531930, "zoom.chat_message.type": "to_channel", "zoom.operator": "someoperatoremail@somekindofmailservice123.com", "zoom.operator_id": "zfdgdfgdfgfp8uQ" }, { - "@timestamp": "2020-08-04T20:18:59.994Z", + "@timestamp": "2020-02-11T23:00:08.594Z", "event.action": "chat_message.updated", "event.dataset": "zoom.webhook", - "event.ingested": "2020-08-04T20:19:01.090058Z", "event.kind": [ "event" ], @@ -58,7 +54,7 @@ "observer.product": "Webhook", "observer.vendor": "Zoom", "related.user": [ - "" + "zfdgdfgdfgfp8uQ" ], "service.type": "zoom", "tags": [ @@ -68,20 +64,17 @@ "zoom.account_id": "EPsdvdsgfdgxHMA", "zoom.chat_message.channel_id": "fsdgdgdgdfgdfgdfgdfgb10", "zoom.chat_message.channel_name": "AlwaysBeCodingChannel", - "zoom.chat_message.date_time": "2020-02-11T22:02:11Z", "zoom.chat_message.id": "Ell123-87F4-222222-8CD9-FA00000E6B9", "zoom.chat_message.message": "gfd", "zoom.chat_message.session_id": "fcffdgfgffghfghgfhghgb10", - "zoom.chat_message.timestamp": 1581462008594, "zoom.chat_message.type": "to_channel", "zoom.operator": "someoperatoremail@somekindofmailservice123.com", "zoom.operator_id": "zfdgdfgdfgfp8uQ" }, { - "@timestamp": "2020-08-04T20:18:59.995Z", + "@timestamp": "2020-02-11T23:00:08.594Z", "event.action": "chat_message.updated", "event.dataset": "zoom.webhook", - "event.ingested": "2020-08-04T20:19:01.090156Z", "event.kind": [ "event" ], @@ -97,7 +90,7 @@ "observer.product": "Webhook", "observer.vendor": "Zoom", "related.user": [ - "" + "zfdgdfgdfgfp8uQ" ], "service.type": "zoom", "tags": [ @@ -107,11 +100,9 @@ "zoom.account_id": "EPsdvdsgfdgxHMA", "zoom.chat_message.channel_id": "fsdgdgdgdfgdfgdfgdfgb10", "zoom.chat_message.channel_name": "AlwaysBeCodingChannel", - "zoom.chat_message.date_time": "2020-02-11T22:02:11Z", "zoom.chat_message.id": "Ell123-87F4-222222-8CD9-FA00000E6B9", "zoom.chat_message.message": null, "zoom.chat_message.session_id": "fcffdgfgffghfghgfhghgb10", - "zoom.chat_message.timestamp": 1581462008594, "zoom.chat_message.type": "to_channel", "zoom.operator": "someoperatoremail@somekindofmailservice123.com", "zoom.operator_id": "zfdgdfgdfgfp8uQ" diff --git a/x-pack/filebeat/module/zoom/webhook/test/meeting.ndjson.log-expected.json b/x-pack/filebeat/module/zoom/webhook/test/meeting.ndjson.log-expected.json index dae654896bd..dac9068f58e 100644 --- a/x-pack/filebeat/module/zoom/webhook/test/meeting.ndjson.log-expected.json +++ b/x-pack/filebeat/module/zoom/webhook/test/meeting.ndjson.log-expected.json @@ -1,9 +1,44 @@ [ { - "@timestamp": "2020-08-04T20:19:23.828Z", + "@timestamp": "2020-08-05T23:13:32.753Z", + "event.action": "meeting.alert", + "event.dataset": "zoom.webhook", + "event.duration": 3600000000000, + "event.kind": [ + "event" + ], + "event.module": "zoom", + "event.timezone": "-02:00", + "event.type": [ + "error" + ], + "fileset.name": "webhook", + "input.type": "log", + "log.offset": 0, + "observer.product": "Webhook", + "observer.vendor": "Zoom", + "related.user": [ + "z8yCxTTTTSiw02QgCAp8uQ" + ], + "service.type": "zoom", + "tags": [ + "zoom-webhook", + "forwarded" + ], + "zoom.meeting.host_id": "z8yCxTTTTSiw02QgCAp8uQ", + "zoom.meeting.id": "6962400003", + "zoom.meeting.issues": "Unstable audio quality", + "zoom.meeting.start_time": "2019-07-16T17:14:39Z", + "zoom.meeting.timezone": "America/Los_Angeles", + "zoom.meeting.topic": "My Meeting", + "zoom.meeting.type": 2, + "zoom.meeting.uuid": "4118UHIiRCAAAtBlDkcVyw==" + }, + { + "@timestamp": "2020-08-05T23:13:32.754Z", "event.action": "meeting.created", "event.dataset": "zoom.webhook", - "event.ingested": "2020-08-04T20:19:24.922980Z", + "event.duration": 3600000000000, "event.kind": [ "event" ], @@ -19,7 +54,7 @@ "observer.product": "Webhook", "observer.vendor": "Zoom", "related.user": [ - "", + "uLoRgfbbTayCX6r2Q_qQsQ", "uLoRgfbbTayCX6r2Q_qQsQ" ], "service.type": "zoom", @@ -28,7 +63,6 @@ "forwarded" ], "zoom.account_id": "o8KK_AAACq6BBEyA70CA", - "zoom.meeting.duration": 60, "zoom.meeting.host_id": "uLoRgfbbTayCX6r2Q_qQsQ", "zoom.meeting.id": 111111111, "zoom.meeting.start_time": "2019-07-09T17:00:00Z", @@ -40,10 +74,10 @@ "zoom.operator_id": "uLoRgfbbTayCX6r2Q_qQsQ" }, { - "@timestamp": "2020-08-04T20:19:23.828Z", + "@timestamp": "2020-08-05T23:13:32.754Z", "event.action": "meeting.updated", "event.dataset": "zoom.webhook", - "event.ingested": "2020-08-04T20:19:24.923104Z", + "event.duration": 7200000000000, "event.kind": [ "event" ], @@ -59,69 +93,20 @@ "observer.product": "Webhook", "observer.vendor": "Zoom", "related.user": [ - "" + "BBBBBBBBBB" ], "service.type": "zoom", "tags": [ "zoom-webhook", "forwarded" ], + "url.full": "https://zoom.us/j/00000000", "zoom.account_id": "AAAAAAAAAAA", - "zoom.meeting.duration": 120, "zoom.meeting.id": 155184668, - "zoom.meeting.join_url": "https://zoom.us/j/00000000", "zoom.meeting.start_time": "2019-07-11T20:00:00Z", "zoom.meeting.type": 2, "zoom.old_values.id": 155184668, "zoom.old_values.join_url": "https://zoom.us/j/00000000", - "zoom.old_values.occurrences": [ - { - "duration": 120, - "occurrence_id": "1562875200000", - "start_time": "2019-07-11T20:00:00Z", - "status": "available" - }, - { - "duration": 120, - "occurrence_id": "1563480000000", - "start_time": "2019-07-18T20:00:00Z", - "status": "available" - }, - { - "duration": 120, - "occurrence_id": "1564084800000", - "start_time": "2019-07-25T20:00:00Z", - "status": "available" - }, - { - "duration": 120, - "occurrence_id": "1564689600000", - "start_time": "2019-08-01T20:00:00Z", - "status": "available" - }, - { - "duration": 120, - "occurrence_id": "1565294400000", - "start_time": "2019-08-08T20:00:00Z", - "status": "available" - }, - { - "duration": 120, - "occurrence_id": "1565899200000", - "start_time": "2019-08-15T20:00:00Z", - "status": "available" - }, - { - "duration": 120, - "occurrence_id": "1566504000000", - "start_time": "2019-08-22T20:00:00Z", - "status": "available" - } - ], - "zoom.old_values.recurrence.end_date_time": "2019-08-23T06:59:00Z", - "zoom.old_values.recurrence.repeat_interval": 1, - "zoom.old_values.recurrence.type": 2, - "zoom.old_values.recurrence.weekly_days": "5", "zoom.old_values.settings.join_before_host": true, "zoom.old_values.settings.participant_video": true, "zoom.old_values.settings.use_pmi": false, @@ -130,14 +115,13 @@ "zoom.operator_id": "BBBBBBBBBB", "zoom.settings.join_before_host": false, "zoom.settings.participant_video": false, - "zoom.settings.use_pmi": true, - "zoom.time_stamp": 1562791953209 + "zoom.settings.use_pmi": true }, { - "@timestamp": "2020-08-04T20:19:23.828Z", + "@timestamp": "2020-08-05T23:13:32.754Z", "event.action": "meeting.deleted", "event.dataset": "zoom.webhook", - "event.ingested": "2020-08-04T20:19:24.923211Z", + "event.duration": 3600000000000, "event.kind": [ "event" ], @@ -153,7 +137,7 @@ "observer.product": "Webhook", "observer.vendor": "Zoom", "related.user": [ - "", + "BBBBBBBBBB", "BBBBBBBBBB" ], "service.type": "zoom", @@ -162,7 +146,6 @@ "forwarded" ], "zoom.account_id": "AAAAAAAAAA", - "zoom.meeting.duration": 60, "zoom.meeting.host_id": "BBBBBBBBBB", "zoom.meeting.id": 809321987, "zoom.meeting.start_time": "2019-07-09T17:00:00Z", @@ -174,10 +157,10 @@ "zoom.operator_id": "BBBBBBBBBB" }, { - "@timestamp": "2020-08-04T20:19:23.829Z", + "@timestamp": "2020-08-05T23:13:32.754Z", "event.action": "meeting.started", "event.dataset": "zoom.webhook", - "event.ingested": "2020-08-04T20:19:24.923321Z", + "event.duration": 3600000000000, "event.kind": [ "event" ], @@ -201,20 +184,18 @@ "forwarded" ], "zoom.account_id": "o8KK_AAACq6BBEyA70CA", - "zoom.meeting.duration": 60, "zoom.meeting.host_id": "uLoRgfbbTayCX6r2Q_qQsQ", "zoom.meeting.id": "111111111", - "zoom.meeting.start_time": "2019-07-09T17:00:00Z", "zoom.meeting.timezone": "America/Los_Angeles", "zoom.meeting.topic": "My Meeting", "zoom.meeting.type": 2, "zoom.meeting.uuid": "czLF6FFFoQOKgAB99DlDb9g==" }, { - "@timestamp": "2020-08-04T20:19:23.829Z", + "@timestamp": "2020-08-05T23:13:32.754Z", "event.action": "meeting.ended", "event.dataset": "zoom.webhook", - "event.ingested": "2020-08-04T20:19:24.923413Z", + "event.duration": 600000000000, "event.kind": [ "event" ], @@ -238,7 +219,6 @@ "forwarded" ], "zoom.account_id": "o8KK_AAACq6BBEyA70CA", - "zoom.meeting.duration": 10, "zoom.meeting.host_id": "uLoRgfbbTayCX6r2Q_qQsQ", "zoom.meeting.id": "111111111", "zoom.meeting.start_time": "2019-07-09T17:00:00Z", @@ -248,10 +228,10 @@ "zoom.meeting.uuid": "czLF6FFFoQOKgAB99DlDb9g==" }, { - "@timestamp": "2020-08-04T20:19:23.829Z", + "@timestamp": "2020-08-05T23:13:32.754Z", "event.action": "meeting.registration_created", "event.dataset": "zoom.webhook", - "event.ingested": "2020-08-04T20:19:24.923511Z", + "event.duration": 7200000000000, "event.kind": [ "event" ], @@ -274,8 +254,8 @@ "zoom-webhook", "forwarded" ], + "url.full": "https://zoom.us/w/someendpointhere", "zoom.account_id": "lAAAAAAAAAAAAA", - "zoom.meeting.duration": 120, "zoom.meeting.host_id": "uLobbbbbbbbbb_qQsQ", "zoom.meeting.id": 150000008, "zoom.meeting.start_time": "2019-07-11T20:00:00Z", @@ -292,7 +272,6 @@ "zoom.registrant.id": "U0BBBBBBBBBBfrUz1Q", "zoom.registrant.industry": "", "zoom.registrant.job_title": "", - "zoom.registrant.join_url": "https://zoom.us/w/someendpointhere", "zoom.registrant.last_name": "Person", "zoom.registrant.no_of_employees": "", "zoom.registrant.org": "", @@ -304,10 +283,10 @@ "zoom.registrant.zip": "" }, { - "@timestamp": "2020-08-04T20:19:23.829Z", + "@timestamp": "2020-08-05T23:13:32.754Z", "event.action": "meeting.registration_approved", "event.dataset": "zoom.webhook", - "event.ingested": "2020-08-04T20:19:24.923626Z", + "event.duration": 3600000000000, "event.kind": [ "event" ], @@ -323,7 +302,7 @@ "observer.product": "Webhook", "observer.vendor": "Zoom", "related.user": [ - "", + "Lobbbbbbbbbb_qQsQ", "uLobbbbbbbbbb_qQsQ" ], "service.type": "zoom", @@ -332,7 +311,6 @@ "forwarded" ], "zoom.account_id": "lAAAAAAAAAAAAA", - "zoom.meeting.duration": 60, "zoom.meeting.host_id": "uLobbbbbbbbbb_qQsQ", "zoom.meeting.id": 150000008, "zoom.meeting.start_time": "2019-07-11T20:00:00Z", @@ -348,10 +326,10 @@ "zoom.registrant.last_name": "Person" }, { - "@timestamp": "2020-08-04T20:19:23.829Z", + "@timestamp": "2020-08-05T23:13:32.754Z", "event.action": "meeting.registration_cancelled", "event.dataset": "zoom.webhook", - "event.ingested": "2020-08-04T20:19:24.923734Z", + "event.duration": 7200000000000, "event.kind": [ "event" ], @@ -374,7 +352,6 @@ "forwarded" ], "zoom.account_id": "lAAAAAAAAAAAAA", - "zoom.meeting.duration": 120, "zoom.meeting.host_id": "uLobbbbbbbbbb_qQsQ", "zoom.meeting.id": 150000008, "zoom.meeting.start_time": "2019-07-11T20:00:00Z", @@ -389,10 +366,10 @@ "zoom.registrant.last_name": "Person" }, { - "@timestamp": "2020-08-04T20:19:23.829Z", + "@timestamp": "2020-08-05T23:13:32.754Z", "event.action": "meeting.sharing_started", "event.dataset": "zoom.webhook", - "event.ingested": "2020-08-04T20:19:24.923848Z", + "event.duration": 3600000000000, "event.kind": [ "event" ], @@ -416,7 +393,6 @@ "forwarded" ], "zoom.account_id": "EPeQtiABC000VYxHMA", - "zoom.meeting.duration": 60, "zoom.meeting.host_id": "z8yCxTTTTSiw02QgCAp8uQ", "zoom.meeting.id": "6962400003", "zoom.meeting.start_time": "2019-07-16T17:14:39Z", @@ -426,7 +402,6 @@ "zoom.meeting.uuid": "4118UHIiRCAAAtBlDkcVyw==", "zoom.participant.id": "s0AAAASoSE1V8KIFOCYw", "zoom.participant.sharing_details.content": "application", - "zoom.participant.sharing_details.date_time": "2019-07-16T17:19:11Z", "zoom.participant.sharing_details.file_link": "", "zoom.participant.sharing_details.link_source": "in_meeting", "zoom.participant.sharing_details.source": "dropbox", @@ -434,10 +409,10 @@ "zoom.participant.user_name": "Arya Arya" }, { - "@timestamp": "2020-08-04T20:19:23.829Z", + "@timestamp": "2020-08-05T23:13:32.755Z", "event.action": "meeting.sharing_ended", "event.dataset": "zoom.webhook", - "event.ingested": "2020-08-04T20:19:24.923945Z", + "event.duration": 3600000000000, "event.kind": [ "event" ], @@ -461,7 +436,6 @@ "forwarded" ], "zoom.account_id": "EPeQtiABC000VYxHMA", - "zoom.meeting.duration": 60, "zoom.meeting.host_id": "z8yCxTTTTSiw02QgCAp8uQ", "zoom.meeting.id": "6962400003", "zoom.meeting.start_time": "2019-07-16T17:14:39Z", @@ -479,10 +453,10 @@ "zoom.participant.user_name": "Arya Arya" }, { - "@timestamp": "2020-08-04T20:19:23.829Z", + "@timestamp": "2020-08-05T23:13:32.755Z", "event.action": "meeting.participant_jbh_waiting", "event.dataset": "zoom.webhook", - "event.ingested": "2020-08-04T20:19:24.924062Z", + "event.duration": 3600000000000, "event.kind": [ "event" ], @@ -505,7 +479,6 @@ "forwarded" ], "zoom.account_id": "EPeQti9EQsiyO30GVYxHMA", - "zoom.meeting.duration": 60, "zoom.meeting.host_id": "z8yCxjjyTAAAA2QgCfp8uQ", "zoom.meeting.id": "5590000000", "zoom.meeting.timezone": "America/Los_Angeles", @@ -515,10 +488,10 @@ "zoom.participant.user_name": "Shrijana Shrijana" }, { - "@timestamp": "2020-08-04T20:19:23.829Z", + "@timestamp": "2020-08-05T23:13:32.755Z", "event.action": "meeting.participant_jbh_joined", "event.dataset": "zoom.webhook", - "event.ingested": "2020-08-04T20:19:24.924155Z", + "event.duration": 3600000000000, "event.kind": [ "event" ], @@ -541,7 +514,6 @@ "forwarded" ], "zoom.account_id": "APeeQti9ErttQsiyO30GVYxHMA", - "zoom.meeting.duration": 60, "zoom.meeting.host_id": "zf8yCxjjyTSdteriw02QgCfp8uQ", "zoom.meeting.id": "5594913504", "zoom.meeting.timezone": "America/Los_Angeles", @@ -551,10 +523,10 @@ "zoom.participant.user_name": "Tom Harry" }, { - "@timestamp": "2020-08-04T20:19:23.829Z", + "@timestamp": "2020-08-05T23:13:32.755Z", "event.action": "meeting.participant_joined", "event.dataset": "zoom.webhook", - "event.ingested": "2020-08-04T20:19:24.924248Z", + "event.duration": 3600000000000, "event.kind": [ "event" ], @@ -577,7 +549,6 @@ "forwarded" ], "zoom.account_id": "o8KK_AAACq6BBEyA70CA", - "zoom.meeting.duration": 60, "zoom.meeting.host_id": "uLoRgfbbTayCX6r2Q_qQsQ", "zoom.meeting.id": "111111111", "zoom.meeting.start_time": "2019-07-09T17:00:00Z", @@ -586,15 +557,14 @@ "zoom.meeting.type": 2, "zoom.meeting.uuid": "czLF6FFFoQOKgAB99DlDb9g==", "zoom.participant.id": "iFxeBPYun6SAiWUzBcEkX", - "zoom.participant.join_time": "2019-07-16T17:13:13Z", "zoom.participant.user_id": "167782040", "zoom.participant.user_name": "shree" }, { - "@timestamp": "2020-08-04T20:19:23.829Z", + "@timestamp": "2020-08-05T23:13:32.755Z", "event.action": "meeting.participant_left", "event.dataset": "zoom.webhook", - "event.ingested": "2020-08-04T20:19:24.924341Z", + "event.duration": 3600000000000, "event.kind": [ "event" ], @@ -617,7 +587,6 @@ "forwarded" ], "zoom.account_id": "o8KK_AAACq6BBEyA70CA", - "zoom.meeting.duration": 60, "zoom.meeting.host_id": "uLoRgfbbTayCX6r2Q_qQsQ", "zoom.meeting.id": "111111111", "zoom.meeting.start_time": "2019-07-09T17:00:00Z", @@ -626,7 +595,6 @@ "zoom.meeting.type": 2, "zoom.meeting.uuid": "czLF6FFFoQOKgAB99DlDb9g==", "zoom.participant.id": "iFxeBPYun6SAiWUzBcEkX", - "zoom.participant.leave_time": "2019-07-16T17:13:13Z", "zoom.participant.user_id": "167782040", "zoom.participant.user_name": "shree" } diff --git a/x-pack/filebeat/module/zoom/webhook/test/phone.ndjson.log-expected.json b/x-pack/filebeat/module/zoom/webhook/test/phone.ndjson.log-expected.json index c2c7dd1b7e0..99ccf0b554a 100644 --- a/x-pack/filebeat/module/zoom/webhook/test/phone.ndjson.log-expected.json +++ b/x-pack/filebeat/module/zoom/webhook/test/phone.ndjson.log-expected.json @@ -1,9 +1,8 @@ [ { - "@timestamp": "2020-08-04T20:19:10.139Z", + "@timestamp": "2020-08-05T23:13:19.349Z", "event.action": "phone.caller_ringing", "event.dataset": "zoom.webhook", - "event.ingested": "2020-08-04T20:19:11.234307Z", "event.kind": [ "event" ], @@ -38,10 +37,9 @@ "zoom.phone.ringing_start_time": "2020-07-22T01:41:55Z" }, { - "@timestamp": "2020-08-04T20:19:10.139Z", + "@timestamp": "2020-08-05T23:13:19.350Z", "event.action": "phone.caller_connected", "event.dataset": "zoom.webhook", - "event.ingested": "2020-08-04T20:19:11.234500Z", "event.kind": [ "event" ], @@ -77,10 +75,9 @@ "zoom.phone.ringing_start_time": "2020-07-22T01:41:55Z" }, { - "@timestamp": "2020-08-04T20:19:10.139Z", + "@timestamp": "2020-08-05T23:13:19.350Z", "event.action": "phone.caller_ringing", "event.dataset": "zoom.webhook", - "event.ingested": "2020-08-04T20:19:11.234607Z", "event.kind": [ "event" ], @@ -114,10 +111,9 @@ "zoom.phone.ringing_start_time": "2020-07-22T01:38:40Z" }, { - "@timestamp": "2020-08-04T20:19:10.139Z", + "@timestamp": "2020-08-05T23:13:19.350Z", "event.action": "phone.callee_answered", "event.dataset": "zoom.webhook", - "event.ingested": "2020-08-04T20:19:11.234703Z", "event.kind": [ "event" ], @@ -153,10 +149,9 @@ "zoom.phone.ringing_start_time": "2020-07-22T01:41:56Z" }, { - "@timestamp": "2020-08-04T20:19:10.140Z", + "@timestamp": "2020-08-05T23:13:19.350Z", "event.action": "phone.callee_missed", "event.dataset": "zoom.webhook", - "event.ingested": "2020-08-04T20:19:11.234795Z", "event.kind": [ "event" ], @@ -188,14 +183,16 @@ "zoom.phone.caller.phone_number": "+1000000" }, { - "@timestamp": "2020-08-04T20:19:10.140Z", + "@timestamp": "2020-08-05T23:13:19.350Z", "event.action": "phone.callee_ended", "event.dataset": "zoom.webhook", - "event.ingested": "2020-08-04T20:19:11.234888Z", + "event.duration": 4000000000, + "event.end": "2020-07-22T21:09:24Z", "event.kind": [ "event" ], "event.module": "zoom", + "event.start": "2020-07-22T21:09:20Z", "event.timezone": "-02:00", "event.type": [ "info", @@ -224,14 +221,16 @@ "zoom.phone.caller.phone_number": "+1000000" }, { - "@timestamp": "2020-08-04T20:19:10.140Z", + "@timestamp": "2020-08-05T23:13:19.350Z", "event.action": "phone.caller_ended", "event.dataset": "zoom.webhook", - "event.ingested": "2020-08-04T20:19:11.234976Z", + "event.duration": 4000000000, + "event.end": "2020-07-22T21:09:24Z", "event.kind": [ "event" ], "event.module": "zoom", + "event.start": "2020-07-22T21:09:20Z", "event.timezone": "-02:00", "event.type": [ "info", @@ -260,14 +259,16 @@ "zoom.phone.caller.phone_number": "+1000000" }, { - "@timestamp": "2020-08-04T20:19:10.140Z", + "@timestamp": "2020-08-05T23:13:19.350Z", "event.action": "phone.callee_rejected", "event.dataset": "zoom.webhook", - "event.ingested": "2020-08-04T20:19:11.235064Z", + "event.duration": 6000000000, + "event.end": "2020-07-22T21:06:39Z", "event.kind": [ "event" ], "event.module": "zoom", + "event.start": "2020-07-22T21:06:33Z", "event.timezone": "-02:00", "event.type": [ "info" @@ -295,10 +296,9 @@ "zoom.phone.ringing_start_time": "2020-07-22T21:06:33Z" }, { - "@timestamp": "2020-08-04T20:19:10.140Z", + "@timestamp": "2020-08-05T23:13:19.350Z", "event.action": "phone.voicemail_received", "event.dataset": "zoom.webhook", - "event.ingested": "2020-08-04T20:19:11.235154Z", "event.kind": [ "event" ], @@ -320,26 +320,24 @@ "zoom-webhook", "forwarded" ], + "url.full": "https://testurl.com/file.mp4", "zoom.account_id": "test", - "zoom.phone.callee_extension_type": "2", - "zoom.phone.callee_id": "1234", - "zoom.phone.callee_name": "Testaccount2", - "zoom.phone.callee_number": "+12044444444", - "zoom.phone.callee_number_type": "2", - "zoom.phone.callee_user_id": "543234", - "zoom.phone.caller_name": "Testaccount", - "zoom.phone.caller_number": "+12044444444", - "zoom.phone.caller_number_type": "3", - "zoom.phone.date_time": "2020-07-22T21:06:39Z", - "zoom.phone.download_url": "https://testurl.com/file.mp4", + "zoom.phone.callee.extension_type": "2", + "zoom.phone.callee.id": "1234", + "zoom.phone.callee.name": "Testaccount2", + "zoom.phone.callee.number_type": "2", + "zoom.phone.callee.phone_number": "+12044444444", + "zoom.phone.callee.user_id": "543234", + "zoom.phone.caller.name": "Testaccount", + "zoom.phone.caller.number_type": "3", + "zoom.phone.caller.phone_number": "+12044444444", "zoom.phone.duration": "1235", "zoom.phone.id": "235435" }, { - "@timestamp": "2020-08-04T20:19:10.140Z", + "@timestamp": "2020-08-05T23:13:19.350Z", "event.action": "phone.caller_call_log_completed", "event.dataset": "zoom.webhook", - "event.ingested": "2020-08-04T20:19:11.235244Z", "event.kind": [ "event" ], @@ -362,10 +360,9 @@ "zoom.phone.user_id": "caddsfsdfv_VaHE53wA" }, { - "@timestamp": "2020-08-04T20:19:10.140Z", + "@timestamp": "2020-08-05T23:13:19.350Z", "event.action": "phone.callee_call_log_completed", "event.dataset": "zoom.webhook", - "event.ingested": "2020-08-04T20:19:11.235319Z", "event.kind": [ "event" ], diff --git a/x-pack/filebeat/module/zoom/webhook/test/recording.ndjson.log-expected.json b/x-pack/filebeat/module/zoom/webhook/test/recording.ndjson.log-expected.json index 1dad53e859d..985cbd0f49b 100644 --- a/x-pack/filebeat/module/zoom/webhook/test/recording.ndjson.log-expected.json +++ b/x-pack/filebeat/module/zoom/webhook/test/recording.ndjson.log-expected.json @@ -1,83 +1,9 @@ [ { - "@timestamp": "2020-08-04T20:19:18.873Z", - "event.action": "recording.started", - "event.dataset": "zoom.webhook", - "event.ingested": "2020-08-04T20:19:19.975829Z", - "event.kind": [ - "event" - ], - "event.module": "zoom", - "event.timezone": "-02:00", - "event.type": [ - "info", - "start" - ], - "fileset.name": "webhook", - "input.type": "log", - "log.offset": 0, - "observer.product": "Webhook", - "observer.vendor": "Zoom", - "related.user": [ - "uLobbbbbbbbbb_qQsQ" - ], - "service.type": "zoom", - "tags": [ - "zoom-webhook", - "forwarded" - ], - "zoom.account_id": "lAAAAAAAAAAAAA", - "zoom.recording.duration": 1, - "zoom.recording.host_id": "uLobbbbbbbbbb_qQsQ", - "zoom.recording.id": 150000008, - "zoom.recording.start_time": "2019-07-11T20:00:00Z", - "zoom.recording.timezone": "America/Los_Angeles", - "zoom.recording.topic": "A test meeting", - "zoom.recording.type": 2, - "zoom.recording.uuid": "dj12vck6sdTn6yy7qdy3dQg==" - }, - { - "@timestamp": "2020-08-04T20:19:18.874Z", - "event.action": "recording.paused", - "event.dataset": "zoom.webhook", - "event.ingested": "2020-08-04T20:19:19.976028Z", - "event.kind": [ - "event" - ], - "event.module": "zoom", - "event.timezone": "-02:00", - "event.type": [ - "info", - "change" - ], - "fileset.name": "webhook", - "input.type": "log", - "log.offset": 359, - "observer.product": "Webhook", - "observer.vendor": "Zoom", - "related.user": [ - "uLobbbbbbbbbb_qQsQ" - ], - "service.type": "zoom", - "tags": [ - "zoom-webhook", - "forwarded" - ], - "zoom.account_id": "lAAAAAAAAAAAAA", - "zoom.recording.duration": 1, - "zoom.recording.host_id": "uLobbbbbbbbbb_qQsQ", - "zoom.recording.id": 150000008, - "zoom.recording.start_time": "2019-07-11T20:00:00Z", - "zoom.recording.timezone": "America/Los_Angeles", - "zoom.recording.topic": "A test meeting", - "zoom.recording.type": 2, - "zoom.recording.uuid": "dj12vck6sdTn6yy7qdy3dQg==" - }, - { - "@timestamp": "2020-08-04T20:19:18.874Z", - "event.action": "recording.resumed", + "@timestamp": "2020-08-05T23:13:28.177Z", + "event.action": "recording.stopped", "event.dataset": "zoom.webhook", - "event.ingested": "2020-08-04T20:19:19.976133Z", + "event.end": "2019-07-31T22:43:29Z", "event.kind": [ "event" ], @@ -85,11 +11,11 @@ "event.timezone": "-02:00", "event.type": [ "info", - "change" + "end" ], "fileset.name": "webhook", "input.type": "log", - "log.offset": 717, + "log.offset": 1076, "observer.product": "Webhook", "observer.vendor": "Zoom", "related.user": [ @@ -101,9 +27,11 @@ "forwarded" ], "zoom.account_id": "lAAAAAAAAAAAAA", - "zoom.recording.duration": 1, + "zoom.recording.duration": 8, "zoom.recording.host_id": "uLobbbbbbbbbb_qQsQ", "zoom.recording.id": 150000008, + "zoom.recording.recording_file.recording_end": "2019-07-31T22:43:29Z", + "zoom.recording.recording_file.recording_start": "2019-07-31T22:41:02Z", "zoom.recording.start_time": "2019-07-11T20:00:00Z", "zoom.recording.timezone": "America/Los_Angeles", "zoom.recording.topic": "A test meeting", @@ -111,10 +39,9 @@ "zoom.recording.uuid": "dj12vck6sdTn6yy7qdy3dQg==" }, { - "@timestamp": "2020-08-04T20:19:18.874Z", - "event.action": "recording.stopped", + "@timestamp": "2020-08-05T23:13:28.177Z", + "event.action": "recording.completed", "event.dataset": "zoom.webhook", - "event.ingested": "2020-08-04T20:19:19.976235Z", "event.kind": [ "event" ], @@ -126,7 +53,7 @@ ], "fileset.name": "webhook", "input.type": "log", - "log.offset": 1076, + "log.offset": 1455, "observer.product": "Webhook", "observer.vendor": "Zoom", "related.user": [ @@ -137,21 +64,24 @@ "zoom-webhook", "forwarded" ], + "url.full": "https://zoom.us/recording/share/aaaaaannnnnldglrkgmrmhh", "zoom.account_id": "lAAAAAAAAAAAAA", - "zoom.recording.duration": 8, + "zoom.recording.duration": 1, + "zoom.recording.host_email": "somemeail@someemailservice.fjdjf", "zoom.recording.host_id": "uLobbbbbbbbbb_qQsQ", "zoom.recording.id": 150000008, + "zoom.recording.recording_count": 4, "zoom.recording.start_time": "2019-07-11T20:00:00Z", "zoom.recording.timezone": "America/Los_Angeles", "zoom.recording.topic": "A test meeting", + "zoom.recording.total_size": 529758, "zoom.recording.type": 2, "zoom.recording.uuid": "dj12vck6sdTn6yy7qdy3dQg==" }, { - "@timestamp": "2020-08-04T20:19:18.874Z", + "@timestamp": "2019-12-04T23:00:57.395Z", "event.action": "recording.renamed", "event.dataset": "zoom.webhook", - "event.ingested": "2020-08-04T20:19:19.976474Z", "event.kind": [ "event" ], @@ -167,7 +97,7 @@ "observer.product": "Webhook", "observer.vendor": "Zoom", "related.user": [ - "" + "zdhghgCfp8uQ" ], "service.type": "zoom", "tags": [ @@ -184,14 +114,12 @@ "zoom.recording.id": 7000000, "zoom.recording.topic": "Edited Recording Title", "zoom.recording.type": 1, - "zoom.recording.uuid": "9xxxkifpPUz+Ow==", - "zoom.time_stamp": 1575500457395 + "zoom.recording.uuid": "9xxxkifpPUz+Ow==" }, { - "@timestamp": "2020-08-04T20:19:18.874Z", + "@timestamp": "2020-08-05T23:13:28.177Z", "event.action": "recording.trashed", "event.dataset": "zoom.webhook", - "event.ingested": "2020-08-04T20:19:19.976636Z", "event.kind": [ "event" ], @@ -214,12 +142,12 @@ "zoom-webhook", "forwarded" ], + "url.full": "https://zoom.us/recording/share/aaaaaannnnnldglrkgmrmhh", "zoom.account_id": "lAAAAAAAAAAAAA", "zoom.recording.duration": 1, "zoom.recording.host_id": "uLobbbbbbbbbb_qQsQ", "zoom.recording.id": 150000008, "zoom.recording.recording_count": 4, - "zoom.recording.share_url": "https://zoom.us/recording/share/aaaaaannnnnldglrkgmrmhh", "zoom.recording.start_time": "2019-07-11T20:00:00Z", "zoom.recording.timezone": "America/Los_Angeles", "zoom.recording.topic": "A test meeting", @@ -228,10 +156,9 @@ "zoom.recording.uuid": "dj12vck6sdTn6yy7qdy3dQg==" }, { - "@timestamp": "2020-08-04T20:19:18.874Z", + "@timestamp": "2020-08-05T23:13:28.177Z", "event.action": "recording.deleted", "event.dataset": "zoom.webhook", - "event.ingested": "2020-08-04T20:19:19.976808Z", "event.kind": [ "event" ], @@ -254,12 +181,12 @@ "zoom-webhook", "forwarded" ], + "url.full": "https://zoom.us/recording/share/aaaaaannnnnldglrkgmrmhh", "zoom.account_id": "lAAAAAAAAAAAAA", "zoom.recording.duration": 1, "zoom.recording.host_id": "uLobbbbbbbbbb_qQsQ", "zoom.recording.id": 150000008, "zoom.recording.recording_count": 4, - "zoom.recording.share_url": "https://zoom.us/recording/share/aaaaaannnnnldglrkgmrmhh", "zoom.recording.start_time": "2019-07-11T20:00:00Z", "zoom.recording.timezone": "America/Los_Angeles", "zoom.recording.topic": "A test meeting", @@ -268,10 +195,9 @@ "zoom.recording.uuid": "dj12vck6sdTn6yy7qdy3dQg==" }, { - "@timestamp": "2020-08-04T20:19:18.874Z", + "@timestamp": "2020-08-05T23:13:28.178Z", "event.action": "recording.recovered", "event.dataset": "zoom.webhook", - "event.ingested": "2020-08-04T20:19:19.976926Z", "event.kind": [ "event" ], @@ -294,12 +220,12 @@ "zoom-webhook", "forwarded" ], + "url.full": "https://zoom.us/recording/share/aaaaaannnnnldglrkgmrmhh", "zoom.account_id": "lAAAAAAAAAAAAA", "zoom.recording.duration": 1, "zoom.recording.host_id": "uLobbbbbbbbbb_qQsQ", "zoom.recording.id": 150000008, "zoom.recording.recording_count": 4, - "zoom.recording.share_url": "https://zoom.us/recording/share/aaaaaannnnnldglrkgmrmhh", "zoom.recording.start_time": "2019-07-11T20:00:00Z", "zoom.recording.timezone": "America/Los_Angeles", "zoom.recording.topic": "A test meeting", @@ -308,10 +234,9 @@ "zoom.recording.uuid": "dj12vck6sdTn6yy7qdy3dQg==" }, { - "@timestamp": "2020-08-04T20:19:18.874Z", + "@timestamp": "2020-08-05T23:13:28.178Z", "event.action": "recording.transcript_completed", "event.dataset": "zoom.webhook", - "event.ingested": "2020-08-04T20:19:19.977026Z", "event.kind": [ "event" ], @@ -334,12 +259,12 @@ "zoom-webhook", "forwarded" ], + "url.full": "https://zoom.us/recording/share/aaaaaannnnnldglrkgmrmhh", "zoom.account_id": "lAAAAAAAAAAAAA", "zoom.recording.duration": 1, "zoom.recording.host_id": "uLobbbbbbbbbb_qQsQ", "zoom.recording.id": 150000008, "zoom.recording.recording_count": 4, - "zoom.recording.share_url": "https://zoom.us/recording/share/aaaaaannnnnldglrkgmrmhh", "zoom.recording.start_time": "2019-07-11T20:00:00Z", "zoom.recording.timezone": "America/Los_Angeles", "zoom.recording.topic": "A test meeting", @@ -348,10 +273,9 @@ "zoom.recording.uuid": "dj12vck6sdTn6yy7qdy3dQg==" }, { - "@timestamp": "2020-08-04T20:19:18.874Z", + "@timestamp": "2020-08-05T23:13:28.178Z", "event.action": "recording.registration_created", "event.dataset": "zoom.webhook", - "event.ingested": "2020-08-04T20:19:19.977120Z", "event.kind": [ "event" ], @@ -389,10 +313,9 @@ "zoom.registrant.last_name": "Person" }, { - "@timestamp": "2020-08-04T20:19:18.874Z", + "@timestamp": "2020-08-05T23:13:28.178Z", "event.action": "recording.registration_approved", "event.dataset": "zoom.webhook", - "event.ingested": "2020-08-04T20:19:19.977224Z", "event.kind": [ "event" ], @@ -430,10 +353,9 @@ "zoom.registrant.last_name": "Person" }, { - "@timestamp": "2020-08-04T20:19:18.875Z", + "@timestamp": "2020-08-05T23:13:28.178Z", "event.action": "recording.registration_denied", "event.dataset": "zoom.webhook", - "event.ingested": "2020-08-04T20:19:19.977323Z", "event.kind": [ "event" ], diff --git a/x-pack/filebeat/module/zoom/webhook/test/user.ndjson.log-expected.json b/x-pack/filebeat/module/zoom/webhook/test/user.ndjson.log-expected.json index 8633bf87d0a..98090d2ba62 100644 --- a/x-pack/filebeat/module/zoom/webhook/test/user.ndjson.log-expected.json +++ b/x-pack/filebeat/module/zoom/webhook/test/user.ndjson.log-expected.json @@ -1,9 +1,8 @@ [ { - "@timestamp": "2020-08-04T20:19:21.133Z", + "@timestamp": "2020-08-05T23:13:30.442Z", "event.action": "user.created", "event.dataset": "zoom.webhook", - "event.ingested": "2020-08-04T20:19:22.229469Z", "event.kind": [ "event" ], @@ -35,10 +34,9 @@ "zoom.user.type": "3" }, { - "@timestamp": "2020-08-04T20:19:21.133Z", + "@timestamp": "2020-08-05T23:13:30.442Z", "event.action": "user.invitation_accepted", "event.dataset": "zoom.webhook", - "event.ingested": "2020-08-04T20:19:22.229660Z", "event.kind": [ "event" ], @@ -69,10 +67,9 @@ "zoom.user.type": 1 }, { - "@timestamp": "2020-08-04T20:19:21.133Z", + "@timestamp": "2019-07-19T18:10:54.861Z", "event.action": "user.updated", "event.dataset": "zoom.webhook", - "event.ingested": "2020-08-04T20:19:22.229764Z", "event.kind": [ "event" ], @@ -89,7 +86,7 @@ "observer.product": "Webhook", "observer.vendor": "Zoom", "related.user": [ - "", + "uLobbbbbbbb_qQsQ", "uLobbbbbbbb_qQsQ" ], "service.type": "zoom", @@ -102,15 +99,13 @@ "zoom.old_values.id": "uLobbbbbbbb_qQsQ", "zoom.operator": "shrija2016+dev_ma@gmail.com", "zoom.operator_id": "uLobbbbbbbb_qQsQ", - "zoom.time_stamp": 1563559854861, "zoom.user.company": "Zoom", "zoom.user.id": "uLobbbbbbbb_qQsQ" }, { - "@timestamp": "2020-08-04T20:19:21.133Z", + "@timestamp": "2019-07-19T21:47:06.929Z", "event.action": "user.settings_updated", "event.dataset": "zoom.webhook", - "event.ingested": "2020-08-04T20:19:22.229871Z", "event.kind": [ "event" ], @@ -127,7 +122,7 @@ "observer.product": "Webhook", "observer.vendor": "Zoom", "related.user": [ - "", + "uLoRgfbbTayCX6r2Q_qQsQ", "uL34AAbbbbAAAAAAQsQ" ], "service.type": "zoom", @@ -141,14 +136,12 @@ "zoom.operator": "iamtheoperator@gmail.com", "zoom.operator_id": "uLoRgfbbTayCX6r2Q_qQsQ", "zoom.settings.in_meeting.private_chat": false, - "zoom.time_stamp": 1563572826929, "zoom.user.id": "uL34AAbbbbAAAAAAQsQ" }, { - "@timestamp": "2020-08-04T20:19:21.133Z", + "@timestamp": "2020-06-29T17:32:19.427Z", "event.action": "user.settings_updated", "event.dataset": "zoom.webhook", - "event.ingested": "2020-08-04T20:19:22.229982Z", "event.kind": [ "event" ], @@ -165,7 +158,7 @@ "observer.product": "Webhook", "observer.vendor": "Zoom", "related.user": [ - "", + "fdhjfdhsj536274gfd", "fdhjfdhsj536274gfd" ], "service.type": "zoom", @@ -179,14 +172,12 @@ "zoom.operator": "somememail@randommailer28.com", "zoom.operator_id": "fdhjfdhsj536274gfd", "zoom.settings.meeting_authentication": false, - "zoom.time_stamp": 1593451939427, "zoom.user.id": "fdhjfdhsj536274gfd" }, { - "@timestamp": "2020-08-04T20:19:21.133Z", + "@timestamp": "2020-08-05T23:13:30.442Z", "event.action": "user.deactivated", "event.dataset": "zoom.webhook", - "event.ingested": "2020-08-04T20:19:22.230087Z", "event.kind": [ "event" ], @@ -203,7 +194,7 @@ "observer.product": "Webhook", "observer.vendor": "Zoom", "related.user": [ - "", + "z8yCxjabcdEFGHfp8uQ", "abcD3ojfdbjfg" ], "service.type": "zoom", @@ -221,10 +212,9 @@ "zoom.user.type": 1 }, { - "@timestamp": "2020-08-04T20:19:21.133Z", + "@timestamp": "2020-08-05T23:13:30.442Z", "event.action": "user.activated", "event.dataset": "zoom.webhook", - "event.ingested": "2020-08-04T20:19:22.230201Z", "event.kind": [ "event" ], @@ -241,7 +231,7 @@ "observer.product": "Webhook", "observer.vendor": "Zoom", "related.user": [ - "", + "z8yCxjabcdEFGHfp8uQ", "abcD3ojfdbjfg" ], "service.type": "zoom", @@ -259,10 +249,9 @@ "zoom.user.type": 3 }, { - "@timestamp": "2020-08-04T20:19:21.133Z", + "@timestamp": "2020-08-05T23:13:30.442Z", "event.action": "user.disassociated", "event.dataset": "zoom.webhook", - "event.ingested": "2020-08-04T20:19:22.230301Z", "event.kind": [ "event" ], @@ -279,7 +268,7 @@ "observer.product": "Webhook", "observer.vendor": "Zoom", "related.user": [ - "", + "z8yCxjabcdEFGHfp8uQ", "abcD3ojfdbjfg" ], "service.type": "zoom", @@ -297,10 +286,9 @@ "zoom.user.type": 3 }, { - "@timestamp": "2020-08-04T20:19:21.134Z", + "@timestamp": "2020-08-05T23:13:30.442Z", "event.action": "user.deleted", "event.dataset": "zoom.webhook", - "event.ingested": "2020-08-04T20:19:22.230406Z", "event.kind": [ "event" ], @@ -317,7 +305,7 @@ "observer.product": "Webhook", "observer.vendor": "Zoom", "related.user": [ - "", + "z8yCxjabcdEFGHfp8uQ", "abcD3ojfdbjfg" ], "service.type": "zoom", @@ -335,10 +323,9 @@ "zoom.user.type": "3" }, { - "@timestamp": "2020-08-04T20:19:21.134Z", + "@timestamp": "2020-08-05T23:13:30.442Z", "event.action": "user.presence_status_updated", "event.dataset": "zoom.webhook", - "event.ingested": "2020-08-04T20:19:22.230508Z", "event.kind": [ "event" ], @@ -363,16 +350,14 @@ "forwarded" ], "zoom.account_id": "EPjfyjxHMA", - "zoom.user.date_time": "2019-11-26T20:13:57Z", "zoom.user.email": "sfdhfghfgh@dkjdfd.com", "zoom.user.id": "z8ycx1223fq", "zoom.user.presence_status": "Available" }, { - "@timestamp": "2020-08-04T20:19:21.134Z", + "@timestamp": "2020-08-05T23:13:30.442Z", "event.action": "user.personal_notes_updated", "event.dataset": "zoom.webhook", - "event.ingested": "2020-08-04T20:19:22.230602Z", "event.kind": [ "event" ], @@ -398,16 +383,14 @@ ], "zoom.account_id": "EPfhhdrYxHMA", "zoom.old_values.personal_notes": "this is the old note", - "zoom.user.date_time": "2019-11-26T21:29:08Z", "zoom.user.email": "sdfsgdfg@fjghg.ghm", "zoom.user.id": "z8aggp8uq", "zoom.user.personal_notes": "Out of Office until February 31" }, { - "@timestamp": "2020-08-04T20:19:21.134Z", + "@timestamp": "2020-08-05T23:13:30.442Z", "event.action": "user.signed_in", "event.dataset": "zoom.webhook", - "event.ingested": "2020-08-04T20:19:22.230693Z", "event.kind": [ "event" ], @@ -433,16 +416,14 @@ ], "zoom.account_id": "dsjfosdfpdosgifdjg", "zoom.user.client_type": "android", - "zoom.user.date_time": "2019-09-10T14:36:10Z", "zoom.user.email": "awesomeuser@awesomemeail.ghkgf", "zoom.user.id": "djkglfdgkjdflghfdpe", "zoom.user.version": "4.5.3308.0902" }, { - "@timestamp": "2020-08-04T20:19:21.134Z", + "@timestamp": "2020-08-05T23:13:30.442Z", "event.action": "user.signed_out", "event.dataset": "zoom.webhook", - "event.ingested": "2020-08-04T20:19:22.230781Z", "event.kind": [ "event" ], @@ -468,7 +449,6 @@ ], "zoom.account_id": "dsjfosdfpdosgifdjg", "zoom.user.client_type": "android", - "zoom.user.date_time": "2019-09-10T14:36:10Z", "zoom.user.email": "awesomeuser@awesomemeail.ghkgf", "zoom.user.id": "djkglfdgkjdflghfdpe", "zoom.user.version": "4.5.3308.0902" diff --git a/x-pack/filebeat/module/zoom/webhook/test/webinar.ndjson.log b/x-pack/filebeat/module/zoom/webhook/test/webinar.ndjson.log index eb10c3d33d4..41782df2405 100644 --- a/x-pack/filebeat/module/zoom/webhook/test/webinar.ndjson.log +++ b/x-pack/filebeat/module/zoom/webhook/test/webinar.ndjson.log @@ -1,5 +1,5 @@ {"event":"webinar.created","payload":{"account_id":"o8KK_AAACq6BBEyA70CA","operator":"someemail@email.com","operator_id":"uLoRgfbbTayCX6r2Q_qQsQ","object":{"uuid":"czLF6FFFoQOKgAB99DlDb9g==","id":111111111,"host_id":"uLoRgfbbTayCX6r2Q_qQsQ","topic":"My Meeting","type":5,"start_time":"2019-07-09T17:00:00Z","duration":60,"timezone":"America/Los_Angeles"}}} -{"event":"webinar.updated","payload":{"account_id":"AAAAAAAAAAA","operator":"someemail@email.com","operator_id":"BBBBBBBBBB","object":{"id":155184668,"type":5,"start_time":"2019-07-11T20:00:00Z","duration":120,"join_url":"https://zoom.us/j/00000000","settings":{"host_video":"false"}},"old_object":{"id":155184668,"type":9,"join_url":"https://zoom.us/j/00000000","occurrences":[{"occurrence_id":"1562875200000","start_time":"2019-07-11T20:00:00Z","duration":120,"status":"available"},{"occurrence_id":"1563480000000","start_time":"2019-07-18T20:00:00Z","duration":120,"status":"available"},{"occurrence_id":"1564084800000","start_time":"2019-07-25T20:00:00Z","duration":120,"status":"available"},{"occurrence_id":"1564689600000","start_time":"2019-08-01T20:00:00Z","duration":120,"status":"available"},{"occurrence_id":"1565294400000","start_time":"2019-08-08T20:00:00Z","duration":120,"status":"available"},{"occurrence_id":"1565899200000","start_time":"2019-08-15T20:00:00Z","duration":120,"status":"available"},{"occurrence_id":"1566504000000","start_time":"2019-08-22T20:00:00Z","duration":120,"status":"available"}],"settings":{"participant_video":true,"join_before_host":true,"use_pmi":false}}}} +{"event":"webinar.updated","payload":{"account_id":"AAAAAAAAAAA","operator":"someemail@email.com","operator_id":"BBBBBBBBBB","object":{"id":155184668,"type":5,"start_time":"2019-07-11T20:00:00Z","duration":120,"join_url":"https://zoom.us/j/00000000","settings":{"host_video":"false"}},"old_object":{"id":155184668,"type":9,"join_url":"https://zoom.us/j/00000000","occurrences":[{"occurrence_id":"1562875200000","start_time":"2019-07-11T20:00:00Z","duration":120,"status":"available"},{"occurrence_id":"1563480000000","start_time":"2019-07-18T20:00:00Z","duration":120,"status":"available"},{"occurrence_id":"1564084800000","start_time":"2019-07-25T20:00:00Z","duration":120,"status":"available"},{"occurrence_id":"1564689600000","start_time":"2019-08-01T20:00:00Z","duration":120,"status":"available"},{"occurrence_id":"1565294400000","start_time":"2019-08-08T20:00:00Z","duration":120,"status":"available"},{"occurrence_id":"1565899200000","start_time":"2019-08-15T20:00:00Z","duration":120,"status":"available"},{"occurrence_id":"1566504000000","start_time":"2019-08-22T20:00:00Z","duration":120,"status":"available"}],"settings":{"participant_video":true,"join_before_host":true,"use_pmi":false}, "time_stamp": 1562791953209}}} {"event":"webinar.deleted","payload":{"account_id":"o8KK_AAACq6BBEyA70CA","operator":"someemail@email.com","operator_id":"uLoRgfbbTayCX6r2Q_qQsQ","object":{"uuid":"czLF6FFFoQOKgAB99DlDb9g==","id":111111111,"host_id":"uLoRgfbbTayCX6r2Q_qQsQ","topic":"My Meeting","type":5,"start_time":"2019-07-09T17:00:00Z","duration":60,"timezone":"America/Los_Angeles"}}} {"event":"webinar.started","payload":{"account_id":"o8KK_AAACq6BBEyA70CA","operator":"someemail@email.com","object":{"uuid":"czLF6FFFoQOKgAB99DlDb9g==","id":111111111,"host_id":"uLoRgfbbTayCX6r2Q_qQsQ","topic":"My Meeting","type":5,"start_time":"2019-07-09T17:00:00Z","duration":0,"timezone":"America/Los_Angeles"}}} {"event":"webinar.ended","payload":{"account_id":"o8KK_AAACq6BBEyA70CA","operator":"someemail@email.com","object":{"uuid":"czLF6FFFoQOKgAB99DlDb9g==","id":111111111,"host_id":"uLoRgfbbTayCX6r2Q_qQsQ","topic":"My Meeting","type":5,"start_time":"2019-07-09T17:00:00Z","duration":0,"timezone":"America/Los_Angeles"}}} diff --git a/x-pack/filebeat/module/zoom/webhook/test/webinar.ndjson.log-expected.json b/x-pack/filebeat/module/zoom/webhook/test/webinar.ndjson.log-expected.json index ed5de09f796..68624f247d5 100644 --- a/x-pack/filebeat/module/zoom/webhook/test/webinar.ndjson.log-expected.json +++ b/x-pack/filebeat/module/zoom/webhook/test/webinar.ndjson.log-expected.json @@ -1,9 +1,8 @@ [ { - "@timestamp": "2020-08-04T20:19:14.530Z", + "@timestamp": "2020-08-05T23:13:23.789Z", "event.action": "webinar.created", "event.dataset": "zoom.webhook", - "event.ingested": "2020-08-04T20:19:15.625835Z", "event.kind": [ "event" ], @@ -19,7 +18,7 @@ "observer.product": "Webhook", "observer.vendor": "Zoom", "related.user": [ - "", + "uLoRgfbbTayCX6r2Q_qQsQ", "uLoRgfbbTayCX6r2Q_qQsQ" ], "service.type": "zoom", @@ -40,10 +39,9 @@ "zoom.webinar.uuid": "czLF6FFFoQOKgAB99DlDb9g==" }, { - "@timestamp": "2020-08-04T20:19:14.530Z", + "@timestamp": "2020-08-05T23:13:23.789Z", "event.action": "webinar.updated", "event.dataset": "zoom.webhook", - "event.ingested": "2020-08-04T20:19:15.626052Z", "event.kind": [ "event" ], @@ -59,7 +57,7 @@ "observer.product": "Webhook", "observer.vendor": "Zoom", "related.user": [ - "" + "BBBBBBBBBB" ], "service.type": "zoom", "tags": [ @@ -69,53 +67,10 @@ "zoom.account_id": "AAAAAAAAAAA", "zoom.old_values.id": 155184668, "zoom.old_values.join_url": "https://zoom.us/j/00000000", - "zoom.old_values.occurrences": [ - { - "duration": 120, - "occurrence_id": "1562875200000", - "start_time": "2019-07-11T20:00:00Z", - "status": "available" - }, - { - "duration": 120, - "occurrence_id": "1563480000000", - "start_time": "2019-07-18T20:00:00Z", - "status": "available" - }, - { - "duration": 120, - "occurrence_id": "1564084800000", - "start_time": "2019-07-25T20:00:00Z", - "status": "available" - }, - { - "duration": 120, - "occurrence_id": "1564689600000", - "start_time": "2019-08-01T20:00:00Z", - "status": "available" - }, - { - "duration": 120, - "occurrence_id": "1565294400000", - "start_time": "2019-08-08T20:00:00Z", - "status": "available" - }, - { - "duration": 120, - "occurrence_id": "1565899200000", - "start_time": "2019-08-15T20:00:00Z", - "status": "available" - }, - { - "duration": 120, - "occurrence_id": "1566504000000", - "start_time": "2019-08-22T20:00:00Z", - "status": "available" - } - ], "zoom.old_values.settings.join_before_host": true, "zoom.old_values.settings.participant_video": true, "zoom.old_values.settings.use_pmi": false, + "zoom.old_values.time_stamp": 1562791953209, "zoom.old_values.type": 9, "zoom.operator": "someemail@email.com", "zoom.operator_id": "BBBBBBBBBB", @@ -127,10 +82,9 @@ "zoom.webinar.type": 5 }, { - "@timestamp": "2020-08-04T20:19:14.530Z", + "@timestamp": "2020-08-05T23:13:23.789Z", "event.action": "webinar.deleted", "event.dataset": "zoom.webhook", - "event.ingested": "2020-08-04T20:19:15.626164Z", "event.kind": [ "event" ], @@ -142,11 +96,11 @@ ], "fileset.name": "webhook", "input.type": "log", - "log.offset": 1559, + "log.offset": 1588, "observer.product": "Webhook", "observer.vendor": "Zoom", "related.user": [ - "", + "uLoRgfbbTayCX6r2Q_qQsQ", "uLoRgfbbTayCX6r2Q_qQsQ" ], "service.type": "zoom", @@ -167,10 +121,9 @@ "zoom.webinar.uuid": "czLF6FFFoQOKgAB99DlDb9g==" }, { - "@timestamp": "2020-08-04T20:19:14.530Z", + "@timestamp": "2020-08-05T23:13:23.789Z", "event.action": "webinar.started", "event.dataset": "zoom.webhook", - "event.ingested": "2020-08-04T20:19:15.626270Z", "event.kind": [ "event" ], @@ -182,7 +135,7 @@ ], "fileset.name": "webhook", "input.type": "log", - "log.offset": 1916, + "log.offset": 1945, "observer.product": "Webhook", "observer.vendor": "Zoom", "related.user": [ @@ -205,10 +158,9 @@ "zoom.webinar.uuid": "czLF6FFFoQOKgAB99DlDb9g==" }, { - "@timestamp": "2020-08-04T20:19:14.530Z", + "@timestamp": "2020-08-05T23:13:23.789Z", "event.action": "webinar.ended", "event.dataset": "zoom.webhook", - "event.ingested": "2020-08-04T20:19:15.626376Z", "event.kind": [ "event" ], @@ -220,7 +172,7 @@ ], "fileset.name": "webhook", "input.type": "log", - "log.offset": 2233, + "log.offset": 2262, "observer.product": "Webhook", "observer.vendor": "Zoom", "related.user": [ @@ -243,10 +195,9 @@ "zoom.webinar.uuid": "czLF6FFFoQOKgAB99DlDb9g==" }, { - "@timestamp": "2020-08-04T20:19:14.530Z", + "@timestamp": "2020-08-05T23:13:23.789Z", "event.action": "webinar.alert", "event.dataset": "zoom.webhook", - "event.ingested": "2020-08-04T20:19:15.626471Z", "event.kind": [ "event" ], @@ -257,7 +208,7 @@ ], "fileset.name": "webhook", "input.type": "log", - "log.offset": 2548, + "log.offset": 2577, "observer.product": "Webhook", "observer.vendor": "Zoom", "related.user": [ @@ -279,10 +230,9 @@ "zoom.webinar.uuid": "4118UHIiRCAAAtBlDkcVyw==" }, { - "@timestamp": "2020-08-04T20:19:14.530Z", + "@timestamp": "2020-08-05T23:13:23.789Z", "event.action": "webinar.sharing_started", "event.dataset": "zoom.webhook", - "event.ingested": "2020-08-04T20:19:15.626568Z", "event.kind": [ "event" ], @@ -294,7 +244,7 @@ ], "fileset.name": "webhook", "input.type": "log", - "log.offset": 2865, + "log.offset": 2894, "observer.product": "Webhook", "observer.vendor": "Zoom", "related.user": [ @@ -324,10 +274,9 @@ "zoom.webinar.uuid": "4118UHIiRCAAAtBlDkcVyw==" }, { - "@timestamp": "2020-08-04T20:19:14.530Z", + "@timestamp": "2020-08-05T23:13:23.789Z", "event.action": "webinar.sharing_started", "event.dataset": "zoom.webhook", - "event.ingested": "2020-08-04T20:19:15.626666Z", "event.kind": [ "event" ], @@ -339,7 +288,7 @@ ], "fileset.name": "webhook", "input.type": "log", - "log.offset": 3387, + "log.offset": 3416, "observer.product": "Webhook", "observer.vendor": "Zoom", "related.user": [ @@ -369,10 +318,9 @@ "zoom.webinar.uuid": "4118UHIiRCAAAtBlDkcVyw==" }, { - "@timestamp": "2020-08-04T20:19:14.530Z", + "@timestamp": "2020-08-05T23:13:23.789Z", "event.action": "webinar.registration_created", "event.dataset": "zoom.webhook", - "event.ingested": "2020-08-04T20:19:15.626770Z", "event.kind": [ "event" ], @@ -384,7 +332,7 @@ ], "fileset.name": "webhook", "input.type": "log", - "log.offset": 3909, + "log.offset": 3938, "observer.product": "Webhook", "observer.vendor": "Zoom", "related.user": [ @@ -425,10 +373,9 @@ "zoom.webinar.uuid": "dj12vck6sdTn6yy7qdy3dQg==" }, { - "@timestamp": "2020-08-04T20:19:14.531Z", + "@timestamp": "2020-08-05T23:13:23.790Z", "event.action": "webinar.registration_approved", "event.dataset": "zoom.webhook", - "event.ingested": "2020-08-04T20:19:15.626870Z", "event.kind": [ "event" ], @@ -441,11 +388,11 @@ ], "fileset.name": "webhook", "input.type": "log", - "log.offset": 4601, + "log.offset": 4630, "observer.product": "Webhook", "observer.vendor": "Zoom", "related.user": [ - "", + "Lobbbbbbbbbb_qQsQ", "uLobbbbbbbbbb_qQsQ" ], "service.type": "zoom", @@ -470,10 +417,9 @@ "zoom.webinar.uuid": "dj12vck6sdTn6yy7qdy3dQg==" }, { - "@timestamp": "2020-08-04T20:19:14.531Z", + "@timestamp": "2020-08-05T23:13:23.790Z", "event.action": "webinar.registration_denied", "event.dataset": "zoom.webhook", - "event.ingested": "2020-08-04T20:19:15.626975Z", "event.kind": [ "event" ], @@ -486,7 +432,7 @@ ], "fileset.name": "webhook", "input.type": "log", - "log.offset": 5073, + "log.offset": 5102, "observer.product": "Webhook", "observer.vendor": "Zoom", "related.user": [ @@ -513,10 +459,9 @@ "zoom.webinar.uuid": "dj12vck6sdTn6yy7qdy3dQg==" }, { - "@timestamp": "2020-08-04T20:19:14.531Z", + "@timestamp": "2020-08-05T23:13:23.790Z", "event.action": "webinar.registration_cancelled", "event.dataset": "zoom.webhook", - "event.ingested": "2020-08-04T20:19:15.627079Z", "event.kind": [ "event" ], @@ -528,7 +473,7 @@ ], "fileset.name": "webhook", "input.type": "log", - "log.offset": 5510, + "log.offset": 5539, "observer.product": "Webhook", "observer.vendor": "Zoom", "related.user": [ @@ -555,10 +500,9 @@ "zoom.webinar.uuid": "dj12vck6sdTn6yy7qdy3dQg==" }, { - "@timestamp": "2020-08-04T20:19:14.531Z", + "@timestamp": "2020-08-05T23:13:23.790Z", "event.action": "webinar.participant_joined", "event.dataset": "zoom.webhook", - "event.ingested": "2020-08-04T20:19:15.627178Z", "event.kind": [ "event" ], @@ -569,7 +513,7 @@ ], "fileset.name": "webhook", "input.type": "log", - "log.offset": 5950, + "log.offset": 5979, "observer.product": "Webhook", "observer.vendor": "Zoom", "related.user": [ @@ -596,10 +540,9 @@ "zoom.webinar.uuid": "czLF6FFFoQOKgAB99DlDb9g==" }, { - "@timestamp": "2020-08-04T20:19:14.531Z", + "@timestamp": "2020-08-05T23:13:23.790Z", "event.action": "webinar.participant_left", "event.dataset": "zoom.webhook", - "event.ingested": "2020-08-04T20:19:15.627273Z", "event.kind": [ "event" ], @@ -610,7 +553,7 @@ ], "fileset.name": "webhook", "input.type": "log", - "log.offset": 6402, + "log.offset": 6431, "observer.product": "Webhook", "observer.vendor": "Zoom", "related.user": [ diff --git a/x-pack/filebeat/module/zoom/webhook/test/zoomroom.ndjson.log-expected.json b/x-pack/filebeat/module/zoom/webhook/test/zoomroom.ndjson.log-expected.json index 601141d9bbb..3822a837d73 100644 --- a/x-pack/filebeat/module/zoom/webhook/test/zoomroom.ndjson.log-expected.json +++ b/x-pack/filebeat/module/zoom/webhook/test/zoomroom.ndjson.log-expected.json @@ -1,9 +1,8 @@ [ { - "@timestamp": "2020-08-04T20:19:08.054Z", + "@timestamp": "2020-08-05T23:13:17.231Z", "event.action": "zoomroom.alert", "event.dataset": "zoom.webhook", - "event.ingested": "2020-08-04T20:19:09.146634Z", "event.kind": [ "event" ], @@ -30,10 +29,9 @@ "zoom.zoomroom.room_name": "MyFabulousZoomRoom" }, { - "@timestamp": "2020-08-04T20:19:08.054Z", + "@timestamp": "2020-08-05T23:13:17.231Z", "event.action": "zoomroom.delayed_alert", "event.dataset": "zoom.webhook", - "event.ingested": "2020-08-04T20:19:09.146810Z", "event.kind": [ "event" ], @@ -60,10 +58,9 @@ "zoom.zoomroom.room_name": "MyFabulousZoomRoom" }, { - "@timestamp": "2020-08-04T20:19:08.054Z", + "@timestamp": "2020-08-05T23:13:17.231Z", "event.action": "zoomroom.checked_in", "event.dataset": "zoom.webhook", - "event.ingested": "2020-08-04T20:19:09.146905Z", "event.kind": [ "event" ], @@ -94,10 +91,9 @@ "zoom.zoomroom.room_name": "Sharks Room" }, { - "@timestamp": "2020-08-04T20:19:08.054Z", + "@timestamp": "2020-08-05T23:13:17.231Z", "event.action": "zoomroom.checked_in", "event.dataset": "zoom.webhook", - "event.ingested": "2020-08-04T20:19:09.146985Z", "event.kind": [ "event" ], From faa259dd856a0f7426f854f4a5cc522bf823649a Mon Sep 17 00:00:00 2001 From: P1llus Date: Thu, 6 Aug 2020 01:21:41 +0200 Subject: [PATCH 10/16] updating golden files --- .../test/account.ndjson.log-expected.json | 4 +-- .../test/meeting.ndjson.log-expected.json | 30 +++++++++---------- .../test/phone.ndjson.log-expected.json | 22 +++++++------- .../test/recording.ndjson.log-expected.json | 18 +++++------ .../test/user.ndjson.log-expected.json | 20 ++++++------- .../test/webinar.ndjson.log-expected.json | 28 ++++++++--------- .../test/zoomroom.ndjson.log-expected.json | 8 ++--- 7 files changed, 65 insertions(+), 65 deletions(-) diff --git a/x-pack/filebeat/module/zoom/webhook/test/account.ndjson.log-expected.json b/x-pack/filebeat/module/zoom/webhook/test/account.ndjson.log-expected.json index 0c4ff0e7850..88e72d4b7c0 100644 --- a/x-pack/filebeat/module/zoom/webhook/test/account.ndjson.log-expected.json +++ b/x-pack/filebeat/module/zoom/webhook/test/account.ndjson.log-expected.json @@ -1,6 +1,6 @@ [ { - "@timestamp": "2020-08-05T23:13:21.708Z", + "@timestamp": "2020-08-05T23:21:00.133Z", "event.action": "account.created", "event.category": [ "iam" @@ -76,7 +76,7 @@ "zoom.sub_account_id": "eFs_EGRCq6ByEyA73qCA" }, { - "@timestamp": "2020-08-05T23:13:21.709Z", + "@timestamp": "2020-08-05T23:21:00.133Z", "event.action": "account.disassociated", "event.category": [ "iam" diff --git a/x-pack/filebeat/module/zoom/webhook/test/meeting.ndjson.log-expected.json b/x-pack/filebeat/module/zoom/webhook/test/meeting.ndjson.log-expected.json index dac9068f58e..7a2dab782a9 100644 --- a/x-pack/filebeat/module/zoom/webhook/test/meeting.ndjson.log-expected.json +++ b/x-pack/filebeat/module/zoom/webhook/test/meeting.ndjson.log-expected.json @@ -1,6 +1,6 @@ [ { - "@timestamp": "2020-08-05T23:13:32.753Z", + "@timestamp": "2020-08-05T23:21:11.269Z", "event.action": "meeting.alert", "event.dataset": "zoom.webhook", "event.duration": 3600000000000, @@ -35,7 +35,7 @@ "zoom.meeting.uuid": "4118UHIiRCAAAtBlDkcVyw==" }, { - "@timestamp": "2020-08-05T23:13:32.754Z", + "@timestamp": "2020-08-05T23:21:11.270Z", "event.action": "meeting.created", "event.dataset": "zoom.webhook", "event.duration": 3600000000000, @@ -74,7 +74,7 @@ "zoom.operator_id": "uLoRgfbbTayCX6r2Q_qQsQ" }, { - "@timestamp": "2020-08-05T23:13:32.754Z", + "@timestamp": "2020-08-05T23:21:11.270Z", "event.action": "meeting.updated", "event.dataset": "zoom.webhook", "event.duration": 7200000000000, @@ -118,7 +118,7 @@ "zoom.settings.use_pmi": true }, { - "@timestamp": "2020-08-05T23:13:32.754Z", + "@timestamp": "2020-08-05T23:21:11.270Z", "event.action": "meeting.deleted", "event.dataset": "zoom.webhook", "event.duration": 3600000000000, @@ -157,7 +157,7 @@ "zoom.operator_id": "BBBBBBBBBB" }, { - "@timestamp": "2020-08-05T23:13:32.754Z", + "@timestamp": "2020-08-05T23:21:11.270Z", "event.action": "meeting.started", "event.dataset": "zoom.webhook", "event.duration": 3600000000000, @@ -192,7 +192,7 @@ "zoom.meeting.uuid": "czLF6FFFoQOKgAB99DlDb9g==" }, { - "@timestamp": "2020-08-05T23:13:32.754Z", + "@timestamp": "2020-08-05T23:21:11.270Z", "event.action": "meeting.ended", "event.dataset": "zoom.webhook", "event.duration": 600000000000, @@ -228,7 +228,7 @@ "zoom.meeting.uuid": "czLF6FFFoQOKgAB99DlDb9g==" }, { - "@timestamp": "2020-08-05T23:13:32.754Z", + "@timestamp": "2020-08-05T23:21:11.270Z", "event.action": "meeting.registration_created", "event.dataset": "zoom.webhook", "event.duration": 7200000000000, @@ -283,7 +283,7 @@ "zoom.registrant.zip": "" }, { - "@timestamp": "2020-08-05T23:13:32.754Z", + "@timestamp": "2020-08-05T23:21:11.270Z", "event.action": "meeting.registration_approved", "event.dataset": "zoom.webhook", "event.duration": 3600000000000, @@ -326,7 +326,7 @@ "zoom.registrant.last_name": "Person" }, { - "@timestamp": "2020-08-05T23:13:32.754Z", + "@timestamp": "2020-08-05T23:21:11.270Z", "event.action": "meeting.registration_cancelled", "event.dataset": "zoom.webhook", "event.duration": 7200000000000, @@ -366,7 +366,7 @@ "zoom.registrant.last_name": "Person" }, { - "@timestamp": "2020-08-05T23:13:32.754Z", + "@timestamp": "2020-08-05T23:21:11.270Z", "event.action": "meeting.sharing_started", "event.dataset": "zoom.webhook", "event.duration": 3600000000000, @@ -409,7 +409,7 @@ "zoom.participant.user_name": "Arya Arya" }, { - "@timestamp": "2020-08-05T23:13:32.755Z", + "@timestamp": "2020-08-05T23:21:11.270Z", "event.action": "meeting.sharing_ended", "event.dataset": "zoom.webhook", "event.duration": 3600000000000, @@ -453,7 +453,7 @@ "zoom.participant.user_name": "Arya Arya" }, { - "@timestamp": "2020-08-05T23:13:32.755Z", + "@timestamp": "2020-08-05T23:21:11.270Z", "event.action": "meeting.participant_jbh_waiting", "event.dataset": "zoom.webhook", "event.duration": 3600000000000, @@ -488,7 +488,7 @@ "zoom.participant.user_name": "Shrijana Shrijana" }, { - "@timestamp": "2020-08-05T23:13:32.755Z", + "@timestamp": "2020-08-05T23:21:11.270Z", "event.action": "meeting.participant_jbh_joined", "event.dataset": "zoom.webhook", "event.duration": 3600000000000, @@ -523,7 +523,7 @@ "zoom.participant.user_name": "Tom Harry" }, { - "@timestamp": "2020-08-05T23:13:32.755Z", + "@timestamp": "2020-08-05T23:21:11.270Z", "event.action": "meeting.participant_joined", "event.dataset": "zoom.webhook", "event.duration": 3600000000000, @@ -561,7 +561,7 @@ "zoom.participant.user_name": "shree" }, { - "@timestamp": "2020-08-05T23:13:32.755Z", + "@timestamp": "2020-08-05T23:21:11.270Z", "event.action": "meeting.participant_left", "event.dataset": "zoom.webhook", "event.duration": 3600000000000, diff --git a/x-pack/filebeat/module/zoom/webhook/test/phone.ndjson.log-expected.json b/x-pack/filebeat/module/zoom/webhook/test/phone.ndjson.log-expected.json index 99ccf0b554a..272693592df 100644 --- a/x-pack/filebeat/module/zoom/webhook/test/phone.ndjson.log-expected.json +++ b/x-pack/filebeat/module/zoom/webhook/test/phone.ndjson.log-expected.json @@ -1,6 +1,6 @@ [ { - "@timestamp": "2020-08-05T23:13:19.349Z", + "@timestamp": "2020-08-05T23:20:57.741Z", "event.action": "phone.caller_ringing", "event.dataset": "zoom.webhook", "event.kind": [ @@ -37,7 +37,7 @@ "zoom.phone.ringing_start_time": "2020-07-22T01:41:55Z" }, { - "@timestamp": "2020-08-05T23:13:19.350Z", + "@timestamp": "2020-08-05T23:20:57.741Z", "event.action": "phone.caller_connected", "event.dataset": "zoom.webhook", "event.kind": [ @@ -75,7 +75,7 @@ "zoom.phone.ringing_start_time": "2020-07-22T01:41:55Z" }, { - "@timestamp": "2020-08-05T23:13:19.350Z", + "@timestamp": "2020-08-05T23:20:57.741Z", "event.action": "phone.caller_ringing", "event.dataset": "zoom.webhook", "event.kind": [ @@ -111,7 +111,7 @@ "zoom.phone.ringing_start_time": "2020-07-22T01:38:40Z" }, { - "@timestamp": "2020-08-05T23:13:19.350Z", + "@timestamp": "2020-08-05T23:20:57.741Z", "event.action": "phone.callee_answered", "event.dataset": "zoom.webhook", "event.kind": [ @@ -149,7 +149,7 @@ "zoom.phone.ringing_start_time": "2020-07-22T01:41:56Z" }, { - "@timestamp": "2020-08-05T23:13:19.350Z", + "@timestamp": "2020-08-05T23:20:57.741Z", "event.action": "phone.callee_missed", "event.dataset": "zoom.webhook", "event.kind": [ @@ -183,7 +183,7 @@ "zoom.phone.caller.phone_number": "+1000000" }, { - "@timestamp": "2020-08-05T23:13:19.350Z", + "@timestamp": "2020-08-05T23:20:57.741Z", "event.action": "phone.callee_ended", "event.dataset": "zoom.webhook", "event.duration": 4000000000, @@ -221,7 +221,7 @@ "zoom.phone.caller.phone_number": "+1000000" }, { - "@timestamp": "2020-08-05T23:13:19.350Z", + "@timestamp": "2020-08-05T23:20:57.741Z", "event.action": "phone.caller_ended", "event.dataset": "zoom.webhook", "event.duration": 4000000000, @@ -259,7 +259,7 @@ "zoom.phone.caller.phone_number": "+1000000" }, { - "@timestamp": "2020-08-05T23:13:19.350Z", + "@timestamp": "2020-08-05T23:20:57.741Z", "event.action": "phone.callee_rejected", "event.dataset": "zoom.webhook", "event.duration": 6000000000, @@ -296,7 +296,7 @@ "zoom.phone.ringing_start_time": "2020-07-22T21:06:33Z" }, { - "@timestamp": "2020-08-05T23:13:19.350Z", + "@timestamp": "2020-08-05T23:20:57.741Z", "event.action": "phone.voicemail_received", "event.dataset": "zoom.webhook", "event.kind": [ @@ -335,7 +335,7 @@ "zoom.phone.id": "235435" }, { - "@timestamp": "2020-08-05T23:13:19.350Z", + "@timestamp": "2020-08-05T23:20:57.741Z", "event.action": "phone.caller_call_log_completed", "event.dataset": "zoom.webhook", "event.kind": [ @@ -360,7 +360,7 @@ "zoom.phone.user_id": "caddsfsdfv_VaHE53wA" }, { - "@timestamp": "2020-08-05T23:13:19.350Z", + "@timestamp": "2020-08-05T23:20:57.741Z", "event.action": "phone.callee_call_log_completed", "event.dataset": "zoom.webhook", "event.kind": [ diff --git a/x-pack/filebeat/module/zoom/webhook/test/recording.ndjson.log-expected.json b/x-pack/filebeat/module/zoom/webhook/test/recording.ndjson.log-expected.json index 985cbd0f49b..19e531ee11a 100644 --- a/x-pack/filebeat/module/zoom/webhook/test/recording.ndjson.log-expected.json +++ b/x-pack/filebeat/module/zoom/webhook/test/recording.ndjson.log-expected.json @@ -1,6 +1,6 @@ [ { - "@timestamp": "2020-08-05T23:13:28.177Z", + "@timestamp": "2020-08-05T23:21:06.639Z", "event.action": "recording.stopped", "event.dataset": "zoom.webhook", "event.end": "2019-07-31T22:43:29Z", @@ -39,7 +39,7 @@ "zoom.recording.uuid": "dj12vck6sdTn6yy7qdy3dQg==" }, { - "@timestamp": "2020-08-05T23:13:28.177Z", + "@timestamp": "2020-08-05T23:21:06.639Z", "event.action": "recording.completed", "event.dataset": "zoom.webhook", "event.kind": [ @@ -117,7 +117,7 @@ "zoom.recording.uuid": "9xxxkifpPUz+Ow==" }, { - "@timestamp": "2020-08-05T23:13:28.177Z", + "@timestamp": "2020-08-05T23:21:06.639Z", "event.action": "recording.trashed", "event.dataset": "zoom.webhook", "event.kind": [ @@ -156,7 +156,7 @@ "zoom.recording.uuid": "dj12vck6sdTn6yy7qdy3dQg==" }, { - "@timestamp": "2020-08-05T23:13:28.177Z", + "@timestamp": "2020-08-05T23:21:06.639Z", "event.action": "recording.deleted", "event.dataset": "zoom.webhook", "event.kind": [ @@ -195,7 +195,7 @@ "zoom.recording.uuid": "dj12vck6sdTn6yy7qdy3dQg==" }, { - "@timestamp": "2020-08-05T23:13:28.178Z", + "@timestamp": "2020-08-05T23:21:06.639Z", "event.action": "recording.recovered", "event.dataset": "zoom.webhook", "event.kind": [ @@ -234,7 +234,7 @@ "zoom.recording.uuid": "dj12vck6sdTn6yy7qdy3dQg==" }, { - "@timestamp": "2020-08-05T23:13:28.178Z", + "@timestamp": "2020-08-05T23:21:06.639Z", "event.action": "recording.transcript_completed", "event.dataset": "zoom.webhook", "event.kind": [ @@ -273,7 +273,7 @@ "zoom.recording.uuid": "dj12vck6sdTn6yy7qdy3dQg==" }, { - "@timestamp": "2020-08-05T23:13:28.178Z", + "@timestamp": "2020-08-05T23:21:06.640Z", "event.action": "recording.registration_created", "event.dataset": "zoom.webhook", "event.kind": [ @@ -313,7 +313,7 @@ "zoom.registrant.last_name": "Person" }, { - "@timestamp": "2020-08-05T23:13:28.178Z", + "@timestamp": "2020-08-05T23:21:06.640Z", "event.action": "recording.registration_approved", "event.dataset": "zoom.webhook", "event.kind": [ @@ -353,7 +353,7 @@ "zoom.registrant.last_name": "Person" }, { - "@timestamp": "2020-08-05T23:13:28.178Z", + "@timestamp": "2020-08-05T23:21:06.640Z", "event.action": "recording.registration_denied", "event.dataset": "zoom.webhook", "event.kind": [ diff --git a/x-pack/filebeat/module/zoom/webhook/test/user.ndjson.log-expected.json b/x-pack/filebeat/module/zoom/webhook/test/user.ndjson.log-expected.json index 98090d2ba62..86f0efeae72 100644 --- a/x-pack/filebeat/module/zoom/webhook/test/user.ndjson.log-expected.json +++ b/x-pack/filebeat/module/zoom/webhook/test/user.ndjson.log-expected.json @@ -1,6 +1,6 @@ [ { - "@timestamp": "2020-08-05T23:13:30.442Z", + "@timestamp": "2020-08-05T23:21:08.932Z", "event.action": "user.created", "event.dataset": "zoom.webhook", "event.kind": [ @@ -34,7 +34,7 @@ "zoom.user.type": "3" }, { - "@timestamp": "2020-08-05T23:13:30.442Z", + "@timestamp": "2020-08-05T23:21:08.932Z", "event.action": "user.invitation_accepted", "event.dataset": "zoom.webhook", "event.kind": [ @@ -175,7 +175,7 @@ "zoom.user.id": "fdhjfdhsj536274gfd" }, { - "@timestamp": "2020-08-05T23:13:30.442Z", + "@timestamp": "2020-08-05T23:21:08.933Z", "event.action": "user.deactivated", "event.dataset": "zoom.webhook", "event.kind": [ @@ -212,7 +212,7 @@ "zoom.user.type": 1 }, { - "@timestamp": "2020-08-05T23:13:30.442Z", + "@timestamp": "2020-08-05T23:21:08.933Z", "event.action": "user.activated", "event.dataset": "zoom.webhook", "event.kind": [ @@ -249,7 +249,7 @@ "zoom.user.type": 3 }, { - "@timestamp": "2020-08-05T23:13:30.442Z", + "@timestamp": "2020-08-05T23:21:08.933Z", "event.action": "user.disassociated", "event.dataset": "zoom.webhook", "event.kind": [ @@ -286,7 +286,7 @@ "zoom.user.type": 3 }, { - "@timestamp": "2020-08-05T23:13:30.442Z", + "@timestamp": "2020-08-05T23:21:08.933Z", "event.action": "user.deleted", "event.dataset": "zoom.webhook", "event.kind": [ @@ -323,7 +323,7 @@ "zoom.user.type": "3" }, { - "@timestamp": "2020-08-05T23:13:30.442Z", + "@timestamp": "2020-08-05T23:21:08.933Z", "event.action": "user.presence_status_updated", "event.dataset": "zoom.webhook", "event.kind": [ @@ -355,7 +355,7 @@ "zoom.user.presence_status": "Available" }, { - "@timestamp": "2020-08-05T23:13:30.442Z", + "@timestamp": "2020-08-05T23:21:08.933Z", "event.action": "user.personal_notes_updated", "event.dataset": "zoom.webhook", "event.kind": [ @@ -388,7 +388,7 @@ "zoom.user.personal_notes": "Out of Office until February 31" }, { - "@timestamp": "2020-08-05T23:13:30.442Z", + "@timestamp": "2020-08-05T23:21:08.933Z", "event.action": "user.signed_in", "event.dataset": "zoom.webhook", "event.kind": [ @@ -421,7 +421,7 @@ "zoom.user.version": "4.5.3308.0902" }, { - "@timestamp": "2020-08-05T23:13:30.442Z", + "@timestamp": "2020-08-05T23:21:08.933Z", "event.action": "user.signed_out", "event.dataset": "zoom.webhook", "event.kind": [ diff --git a/x-pack/filebeat/module/zoom/webhook/test/webinar.ndjson.log-expected.json b/x-pack/filebeat/module/zoom/webhook/test/webinar.ndjson.log-expected.json index 68624f247d5..5e60af25327 100644 --- a/x-pack/filebeat/module/zoom/webhook/test/webinar.ndjson.log-expected.json +++ b/x-pack/filebeat/module/zoom/webhook/test/webinar.ndjson.log-expected.json @@ -1,6 +1,6 @@ [ { - "@timestamp": "2020-08-05T23:13:23.789Z", + "@timestamp": "2020-08-05T23:21:02.226Z", "event.action": "webinar.created", "event.dataset": "zoom.webhook", "event.kind": [ @@ -39,7 +39,7 @@ "zoom.webinar.uuid": "czLF6FFFoQOKgAB99DlDb9g==" }, { - "@timestamp": "2020-08-05T23:13:23.789Z", + "@timestamp": "2020-08-05T23:21:02.226Z", "event.action": "webinar.updated", "event.dataset": "zoom.webhook", "event.kind": [ @@ -82,7 +82,7 @@ "zoom.webinar.type": 5 }, { - "@timestamp": "2020-08-05T23:13:23.789Z", + "@timestamp": "2020-08-05T23:21:02.226Z", "event.action": "webinar.deleted", "event.dataset": "zoom.webhook", "event.kind": [ @@ -121,7 +121,7 @@ "zoom.webinar.uuid": "czLF6FFFoQOKgAB99DlDb9g==" }, { - "@timestamp": "2020-08-05T23:13:23.789Z", + "@timestamp": "2020-08-05T23:21:02.227Z", "event.action": "webinar.started", "event.dataset": "zoom.webhook", "event.kind": [ @@ -158,7 +158,7 @@ "zoom.webinar.uuid": "czLF6FFFoQOKgAB99DlDb9g==" }, { - "@timestamp": "2020-08-05T23:13:23.789Z", + "@timestamp": "2020-08-05T23:21:02.227Z", "event.action": "webinar.ended", "event.dataset": "zoom.webhook", "event.kind": [ @@ -195,7 +195,7 @@ "zoom.webinar.uuid": "czLF6FFFoQOKgAB99DlDb9g==" }, { - "@timestamp": "2020-08-05T23:13:23.789Z", + "@timestamp": "2020-08-05T23:21:02.227Z", "event.action": "webinar.alert", "event.dataset": "zoom.webhook", "event.kind": [ @@ -230,7 +230,7 @@ "zoom.webinar.uuid": "4118UHIiRCAAAtBlDkcVyw==" }, { - "@timestamp": "2020-08-05T23:13:23.789Z", + "@timestamp": "2020-08-05T23:21:02.227Z", "event.action": "webinar.sharing_started", "event.dataset": "zoom.webhook", "event.kind": [ @@ -274,7 +274,7 @@ "zoom.webinar.uuid": "4118UHIiRCAAAtBlDkcVyw==" }, { - "@timestamp": "2020-08-05T23:13:23.789Z", + "@timestamp": "2020-08-05T23:21:02.227Z", "event.action": "webinar.sharing_started", "event.dataset": "zoom.webhook", "event.kind": [ @@ -318,7 +318,7 @@ "zoom.webinar.uuid": "4118UHIiRCAAAtBlDkcVyw==" }, { - "@timestamp": "2020-08-05T23:13:23.789Z", + "@timestamp": "2020-08-05T23:21:02.227Z", "event.action": "webinar.registration_created", "event.dataset": "zoom.webhook", "event.kind": [ @@ -373,7 +373,7 @@ "zoom.webinar.uuid": "dj12vck6sdTn6yy7qdy3dQg==" }, { - "@timestamp": "2020-08-05T23:13:23.790Z", + "@timestamp": "2020-08-05T23:21:02.227Z", "event.action": "webinar.registration_approved", "event.dataset": "zoom.webhook", "event.kind": [ @@ -417,7 +417,7 @@ "zoom.webinar.uuid": "dj12vck6sdTn6yy7qdy3dQg==" }, { - "@timestamp": "2020-08-05T23:13:23.790Z", + "@timestamp": "2020-08-05T23:21:02.228Z", "event.action": "webinar.registration_denied", "event.dataset": "zoom.webhook", "event.kind": [ @@ -459,7 +459,7 @@ "zoom.webinar.uuid": "dj12vck6sdTn6yy7qdy3dQg==" }, { - "@timestamp": "2020-08-05T23:13:23.790Z", + "@timestamp": "2020-08-05T23:21:02.228Z", "event.action": "webinar.registration_cancelled", "event.dataset": "zoom.webhook", "event.kind": [ @@ -500,7 +500,7 @@ "zoom.webinar.uuid": "dj12vck6sdTn6yy7qdy3dQg==" }, { - "@timestamp": "2020-08-05T23:13:23.790Z", + "@timestamp": "2020-08-05T23:21:02.228Z", "event.action": "webinar.participant_joined", "event.dataset": "zoom.webhook", "event.kind": [ @@ -540,7 +540,7 @@ "zoom.webinar.uuid": "czLF6FFFoQOKgAB99DlDb9g==" }, { - "@timestamp": "2020-08-05T23:13:23.790Z", + "@timestamp": "2020-08-05T23:21:02.228Z", "event.action": "webinar.participant_left", "event.dataset": "zoom.webhook", "event.kind": [ diff --git a/x-pack/filebeat/module/zoom/webhook/test/zoomroom.ndjson.log-expected.json b/x-pack/filebeat/module/zoom/webhook/test/zoomroom.ndjson.log-expected.json index 3822a837d73..461b494863e 100644 --- a/x-pack/filebeat/module/zoom/webhook/test/zoomroom.ndjson.log-expected.json +++ b/x-pack/filebeat/module/zoom/webhook/test/zoomroom.ndjson.log-expected.json @@ -1,6 +1,6 @@ [ { - "@timestamp": "2020-08-05T23:13:17.231Z", + "@timestamp": "2020-08-05T23:20:55.593Z", "event.action": "zoomroom.alert", "event.dataset": "zoom.webhook", "event.kind": [ @@ -29,7 +29,7 @@ "zoom.zoomroom.room_name": "MyFabulousZoomRoom" }, { - "@timestamp": "2020-08-05T23:13:17.231Z", + "@timestamp": "2020-08-05T23:20:55.593Z", "event.action": "zoomroom.delayed_alert", "event.dataset": "zoom.webhook", "event.kind": [ @@ -58,7 +58,7 @@ "zoom.zoomroom.room_name": "MyFabulousZoomRoom" }, { - "@timestamp": "2020-08-05T23:13:17.231Z", + "@timestamp": "2020-08-05T23:20:55.593Z", "event.action": "zoomroom.checked_in", "event.dataset": "zoom.webhook", "event.kind": [ @@ -91,7 +91,7 @@ "zoom.zoomroom.room_name": "Sharks Room" }, { - "@timestamp": "2020-08-05T23:13:17.231Z", + "@timestamp": "2020-08-05T23:20:55.593Z", "event.action": "zoomroom.checked_in", "event.dataset": "zoom.webhook", "event.kind": [ From a54293a3e126fe062e06365b209441bbf7299d23 Mon Sep 17 00:00:00 2001 From: P1llus Date: Thu, 6 Aug 2020 01:29:31 +0200 Subject: [PATCH 11/16] update docs --- filebeat/docs/fields.asciidoc | 158 ++++++++++------------------------ 1 file changed, 44 insertions(+), 114 deletions(-) diff --git a/filebeat/docs/fields.asciidoc b/filebeat/docs/fields.asciidoc index 6bc39dace29..e9bd3feb16f 100644 --- a/filebeat/docs/fields.asciidoc +++ b/filebeat/docs/fields.asciidoc @@ -127648,16 +127648,6 @@ type: keyword Timestamp related to the event -type: date - --- - -*`zoom.time_stamp`*:: -+ --- -Timestamp related to the event - - type: date -- @@ -127772,26 +127762,6 @@ type: keyword -- -*`zoom.chat_channel.timestamp`*:: -+ --- -Date and time when channel was created/modified/deleted - - -type: date - --- - -*`zoom.chat_channel.date_time`*:: -+ --- -Epoch time when channel was created/modified/deleted - - -type: date - --- - *`zoom.chat_message.id`*:: + -- @@ -127812,26 +127782,6 @@ type: keyword -- -*`zoom.chat_message.date_time`*:: -+ --- -Date and time when message was created/modified/deleted - - -type: date - --- - -*`zoom.chat_message.timestamp`*:: -+ --- -Epoch when message was created/modified/deleted - - -type: date - --- - *`zoom.chat_message.session_id`*:: + -- @@ -127898,16 +127848,6 @@ type: keyword Unique ID of the related meeting -type: keyword - --- - -*`zoom.meeting.join_url`*:: -+ --- -The URL to join the meeting - - type: keyword -- @@ -127948,7 +127888,7 @@ type: keyword Type of meeting created -type: integer +type: keyword -- @@ -128092,80 +128032,60 @@ type: long -- -*`zoom.phone.caller_number`*:: +*`zoom.phone.caller.id`*:: + -- -Caller number related to the voicemail +UserID of the caller related to the voicemail/call type: keyword -- -*`zoom.phone.caller_name`*:: -+ --- -Caller name related to the voicemail - - -type: keyword - --- - -*`zoom.phone.caller_number_type`*:: -+ --- -Caller type related to the voicemail, can either be 1(Internal) or 2(External) - - -type: long - --- - -*`zoom.phone.caller_user_id`*:: +*`zoom.phone.caller.user_id`*:: + -- -UserID of the caller related to the voicemail +UserID of the person which initiated the call type: keyword -- -*`zoom.phone.callee_user_id`*:: +*`zoom.phone.caller.number_type`*:: + -- -UserID of the callee related to the voicemail +The type of number, can be 1(Internal) or 2(External) type: keyword -- -*`zoom.phone.callee_extension_type`*:: +*`zoom.phone.caller.name`*:: + -- -Extension type of the calle related to the voicemail, can be user, callQueue, autoReceptionist or shareLineGroup +The name of the related callee type: keyword -- -*`zoom.phone.caller.user_id`*:: +*`zoom.phone.caller.phone_number`*:: + -- -UserID of the person which initiated the call +Phone Number of the caller related to the call type: keyword -- -*`zoom.phone.caller.phone_number`*:: +*`zoom.phone.caller.extension_type`*:: + -- -Phone Number of the caller related to the call +Extension type of the caller number, can be user, callQueue, autoReceptionist or shareLineGroup type: keyword @@ -128202,10 +128122,10 @@ type: keyword -- -*`zoom.phone.callee_id`*:: +*`zoom.phone.callee.id`*:: + -- -UserID of the related callee of the voicemail +UserID of the callee related to the voicemail/call type: keyword @@ -128215,47 +128135,47 @@ type: keyword *`zoom.phone.callee.user_id`*:: + -- -UserID of the related callee of a call +UserID of the related callee of a voicemail/call type: keyword -- -*`zoom.phone.callee_name`*:: +*`zoom.phone.callee.name`*:: + -- -The name of the callee related to the voicemail +The name of the related callee type: keyword -- -*`zoom.phone.callee.phone_number`*:: +*`zoom.phone.callee.number_type`*:: + -- -Phone Number of the callee related to the call +The type of number, can be 1(Internal) or 2(External) type: keyword -- -*`zoom.phone.callee_number`*:: +*`zoom.phone.callee.phone_number`*:: + -- -Number of the callee related to the voicemail +Phone Number of the callee related to the call type: keyword -- -*`zoom.phone.callee_number_type`*:: +*`zoom.phone.callee.extension_type`*:: + -- -Type of number related to the callee of the voicemail. Can be 1(Internal) or 2(External) +Extension type of the callee number, can be user, callQueue, autoReceptionist or shareLineGroup type: keyword @@ -128412,6 +128332,26 @@ type: long -- +*`zoom.recording.recording_file.recording_start`*:: ++ +-- +The date and time the recording started + + +type: date + +-- + +*`zoom.recording.recording_file.recording_end`*:: ++ +-- +The date and time the recording finished + + +type: date + +-- + *`zoom.recording.host_email`*:: + -- @@ -128612,16 +128552,6 @@ type: keyword -- -*`zoom.user.date_time`*:: -+ --- -The date and time when user logged in or out - - -type: date - --- - *`zoom.user.client_type`*:: + -- From 47f2254489b979bce6bda7124fcffebe623c4383 Mon Sep 17 00:00:00 2001 From: P1llus Date: Thu, 6 Aug 2020 09:21:05 +0200 Subject: [PATCH 12/16] ignoring timestamp in golden files and generate new golden files --- filebeat/tests/system/test_modules.py | 1 + .../webhook/test/account.ndjson.log-expected.json | 3 --- .../test/chat_channel.ndjson.log-expected.json | 2 -- .../test/chat_message.ndjson.log-expected.json | 3 --- .../webhook/test/meeting.ndjson.log-expected.json | 15 --------------- .../webhook/test/phone.ndjson.log-expected.json | 11 ----------- .../test/recording.ndjson.log-expected.json | 10 ---------- .../webhook/test/user.ndjson.log-expected.json | 13 ------------- .../webhook/test/webinar.ndjson.log-expected.json | 14 -------------- .../test/zoomroom.ndjson.log-expected.json | 4 ---- 10 files changed, 1 insertion(+), 75 deletions(-) diff --git a/filebeat/tests/system/test_modules.py b/filebeat/tests/system/test_modules.py index ad710a6487a..20d997d1b19 100644 --- a/filebeat/tests/system/test_modules.py +++ b/filebeat/tests/system/test_modules.py @@ -253,6 +253,7 @@ def clean_keys(obj): "gsuite.login", "gsuite.saml", "gsuite.user_accounts", + "zoom.webhook", } # dataset + log file pairs for which @timestamp is kept as an exception from above remove_timestamp_exception = { diff --git a/x-pack/filebeat/module/zoom/webhook/test/account.ndjson.log-expected.json b/x-pack/filebeat/module/zoom/webhook/test/account.ndjson.log-expected.json index 88e72d4b7c0..34d5e7363e7 100644 --- a/x-pack/filebeat/module/zoom/webhook/test/account.ndjson.log-expected.json +++ b/x-pack/filebeat/module/zoom/webhook/test/account.ndjson.log-expected.json @@ -1,6 +1,5 @@ [ { - "@timestamp": "2020-08-05T23:21:00.133Z", "event.action": "account.created", "event.category": [ "iam" @@ -37,7 +36,6 @@ "zoom.sub_account_id": "aIxE1yiRR8WghhUIO6eu9L" }, { - "@timestamp": "2019-07-01T17:03:04.527Z", "event.action": "account.updated", "event.category": [ "iam" @@ -76,7 +74,6 @@ "zoom.sub_account_id": "eFs_EGRCq6ByEyA73qCA" }, { - "@timestamp": "2020-08-05T23:21:00.133Z", "event.action": "account.disassociated", "event.category": [ "iam" diff --git a/x-pack/filebeat/module/zoom/webhook/test/chat_channel.ndjson.log-expected.json b/x-pack/filebeat/module/zoom/webhook/test/chat_channel.ndjson.log-expected.json index 331ca3d03ae..100d3fbeea9 100644 --- a/x-pack/filebeat/module/zoom/webhook/test/chat_channel.ndjson.log-expected.json +++ b/x-pack/filebeat/module/zoom/webhook/test/chat_channel.ndjson.log-expected.json @@ -1,6 +1,5 @@ [ { - "@timestamp": "2020-02-10T21:39:50.388Z", "event.action": "chat_channel.created", "event.dataset": "zoom.webhook", "event.kind": [ @@ -34,7 +33,6 @@ "zoom.operator_id": "z8dfgdfguQrdfgdf" }, { - "@timestamp": "2020-02-10T21:39:50.388Z", "event.action": "chat_channel.member_invited", "event.dataset": "zoom.webhook", "event.kind": [ diff --git a/x-pack/filebeat/module/zoom/webhook/test/chat_message.ndjson.log-expected.json b/x-pack/filebeat/module/zoom/webhook/test/chat_message.ndjson.log-expected.json index b75d29e9e79..86cf03b6423 100644 --- a/x-pack/filebeat/module/zoom/webhook/test/chat_message.ndjson.log-expected.json +++ b/x-pack/filebeat/module/zoom/webhook/test/chat_message.ndjson.log-expected.json @@ -1,6 +1,5 @@ [ { - "@timestamp": "2020-02-11T22:02:11.930Z", "event.action": "chat_message.sent", "event.dataset": "zoom.webhook", "event.kind": [ @@ -36,7 +35,6 @@ "zoom.operator_id": "zfdgdfgdfgfp8uQ" }, { - "@timestamp": "2020-02-11T23:00:08.594Z", "event.action": "chat_message.updated", "event.dataset": "zoom.webhook", "event.kind": [ @@ -72,7 +70,6 @@ "zoom.operator_id": "zfdgdfgdfgfp8uQ" }, { - "@timestamp": "2020-02-11T23:00:08.594Z", "event.action": "chat_message.updated", "event.dataset": "zoom.webhook", "event.kind": [ diff --git a/x-pack/filebeat/module/zoom/webhook/test/meeting.ndjson.log-expected.json b/x-pack/filebeat/module/zoom/webhook/test/meeting.ndjson.log-expected.json index 7a2dab782a9..858f739d55a 100644 --- a/x-pack/filebeat/module/zoom/webhook/test/meeting.ndjson.log-expected.json +++ b/x-pack/filebeat/module/zoom/webhook/test/meeting.ndjson.log-expected.json @@ -1,6 +1,5 @@ [ { - "@timestamp": "2020-08-05T23:21:11.269Z", "event.action": "meeting.alert", "event.dataset": "zoom.webhook", "event.duration": 3600000000000, @@ -35,7 +34,6 @@ "zoom.meeting.uuid": "4118UHIiRCAAAtBlDkcVyw==" }, { - "@timestamp": "2020-08-05T23:21:11.270Z", "event.action": "meeting.created", "event.dataset": "zoom.webhook", "event.duration": 3600000000000, @@ -74,7 +72,6 @@ "zoom.operator_id": "uLoRgfbbTayCX6r2Q_qQsQ" }, { - "@timestamp": "2020-08-05T23:21:11.270Z", "event.action": "meeting.updated", "event.dataset": "zoom.webhook", "event.duration": 7200000000000, @@ -118,7 +115,6 @@ "zoom.settings.use_pmi": true }, { - "@timestamp": "2020-08-05T23:21:11.270Z", "event.action": "meeting.deleted", "event.dataset": "zoom.webhook", "event.duration": 3600000000000, @@ -157,7 +153,6 @@ "zoom.operator_id": "BBBBBBBBBB" }, { - "@timestamp": "2020-08-05T23:21:11.270Z", "event.action": "meeting.started", "event.dataset": "zoom.webhook", "event.duration": 3600000000000, @@ -192,7 +187,6 @@ "zoom.meeting.uuid": "czLF6FFFoQOKgAB99DlDb9g==" }, { - "@timestamp": "2020-08-05T23:21:11.270Z", "event.action": "meeting.ended", "event.dataset": "zoom.webhook", "event.duration": 600000000000, @@ -228,7 +222,6 @@ "zoom.meeting.uuid": "czLF6FFFoQOKgAB99DlDb9g==" }, { - "@timestamp": "2020-08-05T23:21:11.270Z", "event.action": "meeting.registration_created", "event.dataset": "zoom.webhook", "event.duration": 7200000000000, @@ -283,7 +276,6 @@ "zoom.registrant.zip": "" }, { - "@timestamp": "2020-08-05T23:21:11.270Z", "event.action": "meeting.registration_approved", "event.dataset": "zoom.webhook", "event.duration": 3600000000000, @@ -326,7 +318,6 @@ "zoom.registrant.last_name": "Person" }, { - "@timestamp": "2020-08-05T23:21:11.270Z", "event.action": "meeting.registration_cancelled", "event.dataset": "zoom.webhook", "event.duration": 7200000000000, @@ -366,7 +357,6 @@ "zoom.registrant.last_name": "Person" }, { - "@timestamp": "2020-08-05T23:21:11.270Z", "event.action": "meeting.sharing_started", "event.dataset": "zoom.webhook", "event.duration": 3600000000000, @@ -409,7 +399,6 @@ "zoom.participant.user_name": "Arya Arya" }, { - "@timestamp": "2020-08-05T23:21:11.270Z", "event.action": "meeting.sharing_ended", "event.dataset": "zoom.webhook", "event.duration": 3600000000000, @@ -453,7 +442,6 @@ "zoom.participant.user_name": "Arya Arya" }, { - "@timestamp": "2020-08-05T23:21:11.270Z", "event.action": "meeting.participant_jbh_waiting", "event.dataset": "zoom.webhook", "event.duration": 3600000000000, @@ -488,7 +476,6 @@ "zoom.participant.user_name": "Shrijana Shrijana" }, { - "@timestamp": "2020-08-05T23:21:11.270Z", "event.action": "meeting.participant_jbh_joined", "event.dataset": "zoom.webhook", "event.duration": 3600000000000, @@ -523,7 +510,6 @@ "zoom.participant.user_name": "Tom Harry" }, { - "@timestamp": "2020-08-05T23:21:11.270Z", "event.action": "meeting.participant_joined", "event.dataset": "zoom.webhook", "event.duration": 3600000000000, @@ -561,7 +547,6 @@ "zoom.participant.user_name": "shree" }, { - "@timestamp": "2020-08-05T23:21:11.270Z", "event.action": "meeting.participant_left", "event.dataset": "zoom.webhook", "event.duration": 3600000000000, diff --git a/x-pack/filebeat/module/zoom/webhook/test/phone.ndjson.log-expected.json b/x-pack/filebeat/module/zoom/webhook/test/phone.ndjson.log-expected.json index 272693592df..c5ef97dac47 100644 --- a/x-pack/filebeat/module/zoom/webhook/test/phone.ndjson.log-expected.json +++ b/x-pack/filebeat/module/zoom/webhook/test/phone.ndjson.log-expected.json @@ -1,6 +1,5 @@ [ { - "@timestamp": "2020-08-05T23:20:57.741Z", "event.action": "phone.caller_ringing", "event.dataset": "zoom.webhook", "event.kind": [ @@ -37,7 +36,6 @@ "zoom.phone.ringing_start_time": "2020-07-22T01:41:55Z" }, { - "@timestamp": "2020-08-05T23:20:57.741Z", "event.action": "phone.caller_connected", "event.dataset": "zoom.webhook", "event.kind": [ @@ -75,7 +73,6 @@ "zoom.phone.ringing_start_time": "2020-07-22T01:41:55Z" }, { - "@timestamp": "2020-08-05T23:20:57.741Z", "event.action": "phone.caller_ringing", "event.dataset": "zoom.webhook", "event.kind": [ @@ -111,7 +108,6 @@ "zoom.phone.ringing_start_time": "2020-07-22T01:38:40Z" }, { - "@timestamp": "2020-08-05T23:20:57.741Z", "event.action": "phone.callee_answered", "event.dataset": "zoom.webhook", "event.kind": [ @@ -149,7 +145,6 @@ "zoom.phone.ringing_start_time": "2020-07-22T01:41:56Z" }, { - "@timestamp": "2020-08-05T23:20:57.741Z", "event.action": "phone.callee_missed", "event.dataset": "zoom.webhook", "event.kind": [ @@ -183,7 +178,6 @@ "zoom.phone.caller.phone_number": "+1000000" }, { - "@timestamp": "2020-08-05T23:20:57.741Z", "event.action": "phone.callee_ended", "event.dataset": "zoom.webhook", "event.duration": 4000000000, @@ -221,7 +215,6 @@ "zoom.phone.caller.phone_number": "+1000000" }, { - "@timestamp": "2020-08-05T23:20:57.741Z", "event.action": "phone.caller_ended", "event.dataset": "zoom.webhook", "event.duration": 4000000000, @@ -259,7 +252,6 @@ "zoom.phone.caller.phone_number": "+1000000" }, { - "@timestamp": "2020-08-05T23:20:57.741Z", "event.action": "phone.callee_rejected", "event.dataset": "zoom.webhook", "event.duration": 6000000000, @@ -296,7 +288,6 @@ "zoom.phone.ringing_start_time": "2020-07-22T21:06:33Z" }, { - "@timestamp": "2020-08-05T23:20:57.741Z", "event.action": "phone.voicemail_received", "event.dataset": "zoom.webhook", "event.kind": [ @@ -335,7 +326,6 @@ "zoom.phone.id": "235435" }, { - "@timestamp": "2020-08-05T23:20:57.741Z", "event.action": "phone.caller_call_log_completed", "event.dataset": "zoom.webhook", "event.kind": [ @@ -360,7 +350,6 @@ "zoom.phone.user_id": "caddsfsdfv_VaHE53wA" }, { - "@timestamp": "2020-08-05T23:20:57.741Z", "event.action": "phone.callee_call_log_completed", "event.dataset": "zoom.webhook", "event.kind": [ diff --git a/x-pack/filebeat/module/zoom/webhook/test/recording.ndjson.log-expected.json b/x-pack/filebeat/module/zoom/webhook/test/recording.ndjson.log-expected.json index 19e531ee11a..f7a97693de5 100644 --- a/x-pack/filebeat/module/zoom/webhook/test/recording.ndjson.log-expected.json +++ b/x-pack/filebeat/module/zoom/webhook/test/recording.ndjson.log-expected.json @@ -1,6 +1,5 @@ [ { - "@timestamp": "2020-08-05T23:21:06.639Z", "event.action": "recording.stopped", "event.dataset": "zoom.webhook", "event.end": "2019-07-31T22:43:29Z", @@ -39,7 +38,6 @@ "zoom.recording.uuid": "dj12vck6sdTn6yy7qdy3dQg==" }, { - "@timestamp": "2020-08-05T23:21:06.639Z", "event.action": "recording.completed", "event.dataset": "zoom.webhook", "event.kind": [ @@ -79,7 +77,6 @@ "zoom.recording.uuid": "dj12vck6sdTn6yy7qdy3dQg==" }, { - "@timestamp": "2019-12-04T23:00:57.395Z", "event.action": "recording.renamed", "event.dataset": "zoom.webhook", "event.kind": [ @@ -117,7 +114,6 @@ "zoom.recording.uuid": "9xxxkifpPUz+Ow==" }, { - "@timestamp": "2020-08-05T23:21:06.639Z", "event.action": "recording.trashed", "event.dataset": "zoom.webhook", "event.kind": [ @@ -156,7 +152,6 @@ "zoom.recording.uuid": "dj12vck6sdTn6yy7qdy3dQg==" }, { - "@timestamp": "2020-08-05T23:21:06.639Z", "event.action": "recording.deleted", "event.dataset": "zoom.webhook", "event.kind": [ @@ -195,7 +190,6 @@ "zoom.recording.uuid": "dj12vck6sdTn6yy7qdy3dQg==" }, { - "@timestamp": "2020-08-05T23:21:06.639Z", "event.action": "recording.recovered", "event.dataset": "zoom.webhook", "event.kind": [ @@ -234,7 +228,6 @@ "zoom.recording.uuid": "dj12vck6sdTn6yy7qdy3dQg==" }, { - "@timestamp": "2020-08-05T23:21:06.639Z", "event.action": "recording.transcript_completed", "event.dataset": "zoom.webhook", "event.kind": [ @@ -273,7 +266,6 @@ "zoom.recording.uuid": "dj12vck6sdTn6yy7qdy3dQg==" }, { - "@timestamp": "2020-08-05T23:21:06.640Z", "event.action": "recording.registration_created", "event.dataset": "zoom.webhook", "event.kind": [ @@ -313,7 +305,6 @@ "zoom.registrant.last_name": "Person" }, { - "@timestamp": "2020-08-05T23:21:06.640Z", "event.action": "recording.registration_approved", "event.dataset": "zoom.webhook", "event.kind": [ @@ -353,7 +344,6 @@ "zoom.registrant.last_name": "Person" }, { - "@timestamp": "2020-08-05T23:21:06.640Z", "event.action": "recording.registration_denied", "event.dataset": "zoom.webhook", "event.kind": [ diff --git a/x-pack/filebeat/module/zoom/webhook/test/user.ndjson.log-expected.json b/x-pack/filebeat/module/zoom/webhook/test/user.ndjson.log-expected.json index 86f0efeae72..3ca08b077f0 100644 --- a/x-pack/filebeat/module/zoom/webhook/test/user.ndjson.log-expected.json +++ b/x-pack/filebeat/module/zoom/webhook/test/user.ndjson.log-expected.json @@ -1,6 +1,5 @@ [ { - "@timestamp": "2020-08-05T23:21:08.932Z", "event.action": "user.created", "event.dataset": "zoom.webhook", "event.kind": [ @@ -34,7 +33,6 @@ "zoom.user.type": "3" }, { - "@timestamp": "2020-08-05T23:21:08.932Z", "event.action": "user.invitation_accepted", "event.dataset": "zoom.webhook", "event.kind": [ @@ -67,7 +65,6 @@ "zoom.user.type": 1 }, { - "@timestamp": "2019-07-19T18:10:54.861Z", "event.action": "user.updated", "event.dataset": "zoom.webhook", "event.kind": [ @@ -103,7 +100,6 @@ "zoom.user.id": "uLobbbbbbbb_qQsQ" }, { - "@timestamp": "2019-07-19T21:47:06.929Z", "event.action": "user.settings_updated", "event.dataset": "zoom.webhook", "event.kind": [ @@ -139,7 +135,6 @@ "zoom.user.id": "uL34AAbbbbAAAAAAQsQ" }, { - "@timestamp": "2020-06-29T17:32:19.427Z", "event.action": "user.settings_updated", "event.dataset": "zoom.webhook", "event.kind": [ @@ -175,7 +170,6 @@ "zoom.user.id": "fdhjfdhsj536274gfd" }, { - "@timestamp": "2020-08-05T23:21:08.933Z", "event.action": "user.deactivated", "event.dataset": "zoom.webhook", "event.kind": [ @@ -212,7 +206,6 @@ "zoom.user.type": 1 }, { - "@timestamp": "2020-08-05T23:21:08.933Z", "event.action": "user.activated", "event.dataset": "zoom.webhook", "event.kind": [ @@ -249,7 +242,6 @@ "zoom.user.type": 3 }, { - "@timestamp": "2020-08-05T23:21:08.933Z", "event.action": "user.disassociated", "event.dataset": "zoom.webhook", "event.kind": [ @@ -286,7 +278,6 @@ "zoom.user.type": 3 }, { - "@timestamp": "2020-08-05T23:21:08.933Z", "event.action": "user.deleted", "event.dataset": "zoom.webhook", "event.kind": [ @@ -323,7 +314,6 @@ "zoom.user.type": "3" }, { - "@timestamp": "2020-08-05T23:21:08.933Z", "event.action": "user.presence_status_updated", "event.dataset": "zoom.webhook", "event.kind": [ @@ -355,7 +345,6 @@ "zoom.user.presence_status": "Available" }, { - "@timestamp": "2020-08-05T23:21:08.933Z", "event.action": "user.personal_notes_updated", "event.dataset": "zoom.webhook", "event.kind": [ @@ -388,7 +377,6 @@ "zoom.user.personal_notes": "Out of Office until February 31" }, { - "@timestamp": "2020-08-05T23:21:08.933Z", "event.action": "user.signed_in", "event.dataset": "zoom.webhook", "event.kind": [ @@ -421,7 +409,6 @@ "zoom.user.version": "4.5.3308.0902" }, { - "@timestamp": "2020-08-05T23:21:08.933Z", "event.action": "user.signed_out", "event.dataset": "zoom.webhook", "event.kind": [ diff --git a/x-pack/filebeat/module/zoom/webhook/test/webinar.ndjson.log-expected.json b/x-pack/filebeat/module/zoom/webhook/test/webinar.ndjson.log-expected.json index 5e60af25327..1bef0aa4e15 100644 --- a/x-pack/filebeat/module/zoom/webhook/test/webinar.ndjson.log-expected.json +++ b/x-pack/filebeat/module/zoom/webhook/test/webinar.ndjson.log-expected.json @@ -1,6 +1,5 @@ [ { - "@timestamp": "2020-08-05T23:21:02.226Z", "event.action": "webinar.created", "event.dataset": "zoom.webhook", "event.kind": [ @@ -39,7 +38,6 @@ "zoom.webinar.uuid": "czLF6FFFoQOKgAB99DlDb9g==" }, { - "@timestamp": "2020-08-05T23:21:02.226Z", "event.action": "webinar.updated", "event.dataset": "zoom.webhook", "event.kind": [ @@ -82,7 +80,6 @@ "zoom.webinar.type": 5 }, { - "@timestamp": "2020-08-05T23:21:02.226Z", "event.action": "webinar.deleted", "event.dataset": "zoom.webhook", "event.kind": [ @@ -121,7 +118,6 @@ "zoom.webinar.uuid": "czLF6FFFoQOKgAB99DlDb9g==" }, { - "@timestamp": "2020-08-05T23:21:02.227Z", "event.action": "webinar.started", "event.dataset": "zoom.webhook", "event.kind": [ @@ -158,7 +154,6 @@ "zoom.webinar.uuid": "czLF6FFFoQOKgAB99DlDb9g==" }, { - "@timestamp": "2020-08-05T23:21:02.227Z", "event.action": "webinar.ended", "event.dataset": "zoom.webhook", "event.kind": [ @@ -195,7 +190,6 @@ "zoom.webinar.uuid": "czLF6FFFoQOKgAB99DlDb9g==" }, { - "@timestamp": "2020-08-05T23:21:02.227Z", "event.action": "webinar.alert", "event.dataset": "zoom.webhook", "event.kind": [ @@ -230,7 +224,6 @@ "zoom.webinar.uuid": "4118UHIiRCAAAtBlDkcVyw==" }, { - "@timestamp": "2020-08-05T23:21:02.227Z", "event.action": "webinar.sharing_started", "event.dataset": "zoom.webhook", "event.kind": [ @@ -274,7 +267,6 @@ "zoom.webinar.uuid": "4118UHIiRCAAAtBlDkcVyw==" }, { - "@timestamp": "2020-08-05T23:21:02.227Z", "event.action": "webinar.sharing_started", "event.dataset": "zoom.webhook", "event.kind": [ @@ -318,7 +310,6 @@ "zoom.webinar.uuid": "4118UHIiRCAAAtBlDkcVyw==" }, { - "@timestamp": "2020-08-05T23:21:02.227Z", "event.action": "webinar.registration_created", "event.dataset": "zoom.webhook", "event.kind": [ @@ -373,7 +364,6 @@ "zoom.webinar.uuid": "dj12vck6sdTn6yy7qdy3dQg==" }, { - "@timestamp": "2020-08-05T23:21:02.227Z", "event.action": "webinar.registration_approved", "event.dataset": "zoom.webhook", "event.kind": [ @@ -417,7 +407,6 @@ "zoom.webinar.uuid": "dj12vck6sdTn6yy7qdy3dQg==" }, { - "@timestamp": "2020-08-05T23:21:02.228Z", "event.action": "webinar.registration_denied", "event.dataset": "zoom.webhook", "event.kind": [ @@ -459,7 +448,6 @@ "zoom.webinar.uuid": "dj12vck6sdTn6yy7qdy3dQg==" }, { - "@timestamp": "2020-08-05T23:21:02.228Z", "event.action": "webinar.registration_cancelled", "event.dataset": "zoom.webhook", "event.kind": [ @@ -500,7 +488,6 @@ "zoom.webinar.uuid": "dj12vck6sdTn6yy7qdy3dQg==" }, { - "@timestamp": "2020-08-05T23:21:02.228Z", "event.action": "webinar.participant_joined", "event.dataset": "zoom.webhook", "event.kind": [ @@ -540,7 +527,6 @@ "zoom.webinar.uuid": "czLF6FFFoQOKgAB99DlDb9g==" }, { - "@timestamp": "2020-08-05T23:21:02.228Z", "event.action": "webinar.participant_left", "event.dataset": "zoom.webhook", "event.kind": [ diff --git a/x-pack/filebeat/module/zoom/webhook/test/zoomroom.ndjson.log-expected.json b/x-pack/filebeat/module/zoom/webhook/test/zoomroom.ndjson.log-expected.json index 461b494863e..0d567d8ccd6 100644 --- a/x-pack/filebeat/module/zoom/webhook/test/zoomroom.ndjson.log-expected.json +++ b/x-pack/filebeat/module/zoom/webhook/test/zoomroom.ndjson.log-expected.json @@ -1,6 +1,5 @@ [ { - "@timestamp": "2020-08-05T23:20:55.593Z", "event.action": "zoomroom.alert", "event.dataset": "zoom.webhook", "event.kind": [ @@ -29,7 +28,6 @@ "zoom.zoomroom.room_name": "MyFabulousZoomRoom" }, { - "@timestamp": "2020-08-05T23:20:55.593Z", "event.action": "zoomroom.delayed_alert", "event.dataset": "zoom.webhook", "event.kind": [ @@ -58,7 +56,6 @@ "zoom.zoomroom.room_name": "MyFabulousZoomRoom" }, { - "@timestamp": "2020-08-05T23:20:55.593Z", "event.action": "zoomroom.checked_in", "event.dataset": "zoom.webhook", "event.kind": [ @@ -91,7 +88,6 @@ "zoom.zoomroom.room_name": "Sharks Room" }, { - "@timestamp": "2020-08-05T23:20:55.593Z", "event.action": "zoomroom.checked_in", "event.dataset": "zoom.webhook", "event.kind": [ From 8f9541bd1c8d00e11202c79a0a155ed08d2d9412 Mon Sep 17 00:00:00 2001 From: P1llus Date: Mon, 10 Aug 2020 20:22:11 +0200 Subject: [PATCH 13/16] updating PR with support for secret header and token values, updating the docs to reflect this as well --- filebeat/docs/modules/zoom.asciidoc | 5 +++++ x-pack/filebeat/filebeat.reference.yml | 6 ++++++ x-pack/filebeat/module/zoom/_meta/config.yml | 6 ++++++ x-pack/filebeat/module/zoom/_meta/docs.asciidoc | 5 +++++ x-pack/filebeat/module/zoom/webhook/config/webhook.yml | 1 + x-pack/filebeat/module/zoom/webhook/manifest.yml | 4 ++++ x-pack/filebeat/modules.d/zoom.yml.disabled | 6 ++++++ 7 files changed, 33 insertions(+) diff --git a/filebeat/docs/modules/zoom.asciidoc b/filebeat/docs/modules/zoom.asciidoc index adc6a4053c3..7a65ccdbeeb 100644 --- a/filebeat/docs/modules/zoom.asciidoc +++ b/filebeat/docs/modules/zoom.asciidoc @@ -26,6 +26,9 @@ include::../include/config-option-intro.asciidoc[] [float] ==== `webhook` fileset settings +When a webhook integration is created on Zoom, it will show a special token used to ensure that filebeat only handles HTTP requests from the correct source. +This is configured with the `secret.header` and `secret.value` settings as shown below. + Example config: [source,yaml] @@ -36,6 +39,8 @@ Example config: var.input: http_endpoint var.listen_address: 0.0.0.0 var.listen_port: 8080 + var.secret.header: Authorization + var.secret.value: ZOOMTOKEN ---- include::../include/var-paths.asciidoc[] diff --git a/x-pack/filebeat/filebeat.reference.yml b/x-pack/filebeat/filebeat.reference.yml index 11de3a4eb3c..4d3b8645a8d 100644 --- a/x-pack/filebeat/filebeat.reference.yml +++ b/x-pack/filebeat/filebeat.reference.yml @@ -1465,6 +1465,12 @@ filebeat.modules: # The port to bind to #var.listen_port: 80 + # The header Zoom uses to send its secret token, defaults to "Authorization" + #secret.header: Authorization + + # The secret token value created by Zoom + #secret.value: ZOOMTOKEN + #----------------------------- Zscaler NSS Module ----------------------------- - module: zscaler zia: diff --git a/x-pack/filebeat/module/zoom/_meta/config.yml b/x-pack/filebeat/module/zoom/_meta/config.yml index 96d1f602221..43c8ed43628 100644 --- a/x-pack/filebeat/module/zoom/_meta/config.yml +++ b/x-pack/filebeat/module/zoom/_meta/config.yml @@ -11,3 +11,9 @@ # The port to bind to #var.listen_port: 80 + + # The header Zoom uses to send its secret token, defaults to "Authorization" + #secret.header: Authorization + + # The secret token value created by Zoom + #secret.value: ZOOMTOKEN diff --git a/x-pack/filebeat/module/zoom/_meta/docs.asciidoc b/x-pack/filebeat/module/zoom/_meta/docs.asciidoc index 0d324bfdbdb..b960a7e4400 100644 --- a/x-pack/filebeat/module/zoom/_meta/docs.asciidoc +++ b/x-pack/filebeat/module/zoom/_meta/docs.asciidoc @@ -21,6 +21,9 @@ include::../include/config-option-intro.asciidoc[] [float] ==== `webhook` fileset settings +When a webhook integration is created on Zoom, it will show a special token used to ensure that filebeat only handles HTTP requests from the correct source. +This is configured with the `secret.header` and `secret.value` settings as shown below. + Example config: [source,yaml] @@ -31,6 +34,8 @@ Example config: var.input: http_endpoint var.listen_address: 0.0.0.0 var.listen_port: 8080 + var.secret.header: Authorization + var.secret.value: ZOOMTOKEN ---- include::../include/var-paths.asciidoc[] diff --git a/x-pack/filebeat/module/zoom/webhook/config/webhook.yml b/x-pack/filebeat/module/zoom/webhook/config/webhook.yml index fa37f5cd925..62ecaa81454 100644 --- a/x-pack/filebeat/module/zoom/webhook/config/webhook.yml +++ b/x-pack/filebeat/module/zoom/webhook/config/webhook.yml @@ -8,6 +8,7 @@ basic_auth: {{ .basic_auth }} username: {{ .username }} username: {{ .password }} content_type: {{ .content_type }} +secret: {{ .secret | tojson }} {{ else if eq .input "file" }} diff --git a/x-pack/filebeat/module/zoom/webhook/manifest.yml b/x-pack/filebeat/module/zoom/webhook/manifest.yml index 9089d1e3ecb..31f78e24e25 100644 --- a/x-pack/filebeat/module/zoom/webhook/manifest.yml +++ b/x-pack/filebeat/module/zoom/webhook/manifest.yml @@ -20,6 +20,10 @@ var: default: "" - name: password default: "" + - name: secret + default: + header: Authorization + value: "" - name: tags default: [zoom-webhook, forwarded] diff --git a/x-pack/filebeat/modules.d/zoom.yml.disabled b/x-pack/filebeat/modules.d/zoom.yml.disabled index 45a26edba63..f5320d112b9 100644 --- a/x-pack/filebeat/modules.d/zoom.yml.disabled +++ b/x-pack/filebeat/modules.d/zoom.yml.disabled @@ -14,3 +14,9 @@ # The port to bind to #var.listen_port: 80 + + # The header Zoom uses to send its secret token, defaults to "Authorization" + #secret.header: Authorization + + # The secret token value created by Zoom + #secret.value: ZOOMTOKEN From ae8fd29db68fd16124ad5c546aa4670ad3d6bdd0 Mon Sep 17 00:00:00 2001 From: P1llus Date: Mon, 10 Aug 2020 21:22:13 +0200 Subject: [PATCH 14/16] fixing issue with empty content_type value --- x-pack/filebeat/module/zoom/webhook/config/webhook.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/x-pack/filebeat/module/zoom/webhook/config/webhook.yml b/x-pack/filebeat/module/zoom/webhook/config/webhook.yml index 62ecaa81454..a00473c94fb 100644 --- a/x-pack/filebeat/module/zoom/webhook/config/webhook.yml +++ b/x-pack/filebeat/module/zoom/webhook/config/webhook.yml @@ -7,7 +7,7 @@ prefix: {{ .prefix }} basic_auth: {{ .basic_auth }} username: {{ .username }} username: {{ .password }} -content_type: {{ .content_type }} +content_type: "{{ .content_type }}" secret: {{ .secret | tojson }} {{ else if eq .input "file" }} From bf68a7d172e5d790c03b30fccef8576ae713793c Mon Sep 17 00:00:00 2001 From: P1llus Date: Wed, 19 Aug 2020 11:17:33 +0200 Subject: [PATCH 15/16] adding ssl options to webhook.yml --- x-pack/filebeat/module/zoom/webhook/config/webhook.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/x-pack/filebeat/module/zoom/webhook/config/webhook.yml b/x-pack/filebeat/module/zoom/webhook/config/webhook.yml index a00473c94fb..207da5447e1 100644 --- a/x-pack/filebeat/module/zoom/webhook/config/webhook.yml +++ b/x-pack/filebeat/module/zoom/webhook/config/webhook.yml @@ -9,6 +9,7 @@ username: {{ .username }} username: {{ .password }} content_type: "{{ .content_type }}" secret: {{ .secret | tojson }} +ssl: {{ .ssl | tojson }} {{ else if eq .input "file" }} From a3db786ab84e7abdb3b46962c848c6dca5e57fd4 Mon Sep 17 00:00:00 2001 From: P1llus Date: Wed, 19 Aug 2020 21:48:57 +0200 Subject: [PATCH 16/16] updating docs for SSL --- filebeat/docs/modules/zoom.asciidoc | 4 ++++ x-pack/filebeat/module/zoom/_meta/docs.asciidoc | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/filebeat/docs/modules/zoom.asciidoc b/filebeat/docs/modules/zoom.asciidoc index 7a65ccdbeeb..4c191cf7abf 100644 --- a/filebeat/docs/modules/zoom.asciidoc +++ b/filebeat/docs/modules/zoom.asciidoc @@ -53,6 +53,10 @@ The IP address of the interface the module should listen on. Also supports 0.0.0 The port the module should be listening on. +*`var.ssl`*:: + +Configuration options for SSL parameters like the SSL certificate and CA to use for the HTTP(s) listener See <> for more information. + :modulename!: :has-dashboards!: diff --git a/x-pack/filebeat/module/zoom/_meta/docs.asciidoc b/x-pack/filebeat/module/zoom/_meta/docs.asciidoc index b960a7e4400..e0b467fc63a 100644 --- a/x-pack/filebeat/module/zoom/_meta/docs.asciidoc +++ b/x-pack/filebeat/module/zoom/_meta/docs.asciidoc @@ -48,5 +48,9 @@ The IP address of the interface the module should listen on. Also supports 0.0.0 The port the module should be listening on. +*`var.ssl`*:: + +Configuration options for SSL parameters like the SSL certificate and CA to use for the HTTP(s) listener See <> for more information. + :modulename!: :has-dashboards!: