[o365_metrics]Update ownership for O365 Metrics integration #12814
Conversation
narph
added
Team:Security-Service Integrations
💚 Build Succeeded
|
|
Thanks @narph for creating this. It makes sense to divide the ownership based on the data domain instead of development team. All of the data in the mentioned data-streams pertains to Microsoft 365 Reports and are thus related to In these 4 data-streams, the ingest pipelines and field naming convention are closely aligned with existing observability-owned data-streams. The CEL input program is slightly different and built based around user requirements. But that shouldn't be reason for security to own these data-streams IMO as data is Also when it comes to future enhancements for these data-streams such as enabling TSDS, observability has better guidance in executing these tasks rather than security. |
Update ownership for O365 Metrics integration
Currently some of the data streams are owned by the @elastic/security-service-integrations because they were created by one of the team members.
All the data streams that the security team owns:
Based on the integration name and scope and looking at the sample logs:
https://github.com/elastic/integrations/blob/main/packages/o365_metrics/data_stream/groups_activity_group_detail/sample_event.json
https://github.com/elastic/integrations/blob/main/packages/o365_metrics/data_stream/onedrive_usage_account_detail/sample_event.json
https://github.com/elastic/integrations/blob/main/packages/o365_metrics/data_stream/teams_user_activity_user_detail/sample_event.json
https://github.com/elastic/integrations/blob/main/packages/o365_metrics/data_stream/viva_engage_groups_activity_group_detail/sample_event.json
the data streams return exclusively metrics (specifically count and duration) and not logs or security information.
@kcreddy feel free to chime in here.
@lalit-satapathy do you see any reason the service team should continue owning these data streams?