[1Password] Add 1Password Events API Audit Events

[anthonythleung]

• Enhancement

What does this PR do?

This PR adds a new audit events data stream to the 1Password Elastic integration.

Checklist

• I have reviewed tips for building integrations and this pull request is aligned with them.
• I have verified that all data streams collect metrics or logs.
• I have added an entry to my package's changelog.yml file.
• I have verified that Kibana version constraints are current according to guidelines.

Screenshots

[elasticmachine]

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Start Time: 2023-03-23T20:37:09.112+0000

• Duration: 16 min 28 sec

Test stats 🧪

Test	Results
Failed	0
Passed	22
Skipped	0
Total	22

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

• /test : Re-trigger the build.

[elasticmachine]

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

[efd6]

/test

[efd6]

Can you provide a link to the auditevents API and describe the provenance of the test cases (constructed/sanitised/etc).

[elasticmachine]

🌐 Coverage report

Name	Metrics % (covered/total)	Diff
Packages	100.0% (3/3)	💚
Files	100.0% (3/3)	💚 3.049
Classes	100.0% (3/3)	💚 3.049
Methods	90.909% (30/33)	👎 -0.632
Lines	87.888% (283/322)	👎 -4.529
Conditionals	100.0% (0/0)	💚

[anthonythleung]

Can you provide a link to the auditevents API and describe the provenance of the test cases (constructed/sanitised/etc).

Thanks for the review! The events API audit events data streaming has not been released yet, so I don't have any links or documentations for this right now, but the API is scheduled to be released on Mar 15, so I'll have the documentations available by then. The test data were created with a local development build of the Events API with local test data.

[efd6]

@anthonythleung Thanks for that. I'll ping here late March if we don't have them by then.

[efd6]

/test

[anthonythleung]

@efd6 The audit events API has now been released and the documentations are available here: https://developer.1password.com/docs/events-api/reference/#post-apiv1auditevents

[efd6]

The agent is complaining:

2023-03-16 09:45:11 {"log.level":"error","@timestamp":"2023-03-15T23:15:11.961Z","message":"Error while processing http request: failed to execute rf.collectResponse: failed to execute http client.Do: server responded with status code 404: ","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"httpjson-default","type":"httpjson"},"log":{"source":"httpjson-default"},"ecs.version":"1.6.0","log.logger":"input.httpjson-cursor","log.origin":{"file.line":135,"file.name":"httpjson/input.go"},"id":"httpjson-1password.audit_events-23c79f8b-96db-46c4-a472-ae89233f01ff","input_source":"http://elastic-package-service_1password_eventsapi_mock_1:8080/api/v1/auditevents","service.name":"filebeat","input_url":"http://elastic-package-service_1password_eventsapi_mock_1:8080/api/v1/auditevents","ecs.version":"1.6.0"}

It looks like you are missing an endpoint addition to the docker/config.yml.

[efd6]

/test

[efd6]

/test

[efd6]

Sorry, a conflicting change has been made. Would you please resolve the conflict. Ping me when it's done so I won't miss a window. It all looks good to me after that is done.

[anthonythleung]

@efd6 I've resolved the merge conflicts and addressed the comments above. Thanks!

[efd6]

/test

[efd6]

Thank you

[elasticmachine]

Package 1password - 1.10.0 containing this change is available at https://epr.elastic.co/search?package=1password