[sentinel_one] Enrich events with event.{category,type,outcome}

packages/sentinel_one/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.2.1"
+  changes:
+    - description: Enrich the event.category, event.type, event.kind and event.outcome field based on activity.
+      type: bugfix
+      link: https://github.com/elastic/integrations/pull/3787
 - version: "1.2.0"
   changes:
     - description: Set event.kind to alert for Sentinel One Threats.

packages/sentinel_one/data_stream/activity/_dev/test/pipeline/test-pipeline-activity.log

@@ -20,3 +20,8 @@
 {"accountId":"1234567890123456789","accountName":"Default","activityType":1234,"agentId":null,"agentUpdatedVersion":null,"comments":null,"createdAt":"2022-04-13T03:34:10.933835Z","data":{"accountName":"Default","fullScopeDetails":"Account Default","fullScopeDetailsPath":"test/path","groupName":null,"ipAddress":"81.2.69.143","reason":null,"role":"Admin","scopeLevel":"Account","scopeName":"Default","siteName":null,"source":"src","userScope":"account","username":"test user"},"description":null,"groupId":null,"groupName":null,"hash":null,"id":"1234567890123456789","osFamily":null,"primaryDescription":"The management user test User logged in to the management console with IP Address 81.2.69.144","secondaryDescription":null,"siteId":null,"siteName":null,"threatId":null,"updatedAt":"2022-04-13T03:34:10.931846Z","userId":"1234567890123456789"}
 {"accountId":"1234567890123456789","accountName":"Default","activityType":1234,"agentId":null,"agentUpdatedVersion":null,"comments":null,"createdAt":"2022-04-18T05:09:27.532131Z","data":{"accountName":"Default","byUser":"test user","fullScopeDetails":"Account Default","fullScopeDetailsPath":"test/path","groupName":null,"role":"Level","scopeLevel":"Account","scopeName":"Default","siteName":null,"userScope":"account","username":"test user"},"description":"<ManagementUser at 0x7f6e6xxc34 with id=1234567890123456789, email='user@example.com', user_scope='account'>","groupId":null,"groupName":null,"hash":null,"id":"1234567890123456789","osFamily":null,"primaryDescription":"The management user test User added user test user as Level.","secondaryDescription":null,"siteId":null,"siteName":null,"threatId":null,"updatedAt":"2022-04-18T05:09:27.520345Z","userId":"1234567890123456789"}
 {"accountId":"1234567890123456789","accountName":"Default","activityType":1234,"agentId":null,"agentUpdatedVersion":null,"comments":null,"createdAt":"2022-04-18T05:09:27.534319Z","data":{"accountName":"Default","byUser":"test user","fullScopeDetails":"Account Default","fullScopeDetailsPath":"test/path","groupName":null,"role":"Level","roleName":"Level","scopeLevel":"Account","scopeLevelName":"Default","scopeName":"Default","siteName":null,"userScope":"account","username":"test user"},"description":null,"groupId":null,"groupName":null,"hash":null,"id":"1234567890123456789","osFamily":null,"primaryDescription":"The management user test User added user test user to role Level in scope Default","secondaryDescription":null,"siteId":null,"siteName":null,"threatId":null,"updatedAt":"2022-04-18T05:09:27.531568Z","userId":"1234567890123456789"}
+{"accountId":"1234567890123456789","accountName":"Default","activityType":1234,"agentId":null,"agentUpdatedVersion":null,"comments":null,"createdAt":"2022-04-05T16:11:05.469398Z","data":{"accountName":"Default","fullScopeDetails":"Account Default","fullScopeDetailsPath":"test/default","groupName":null,"recoveryEmail":"user@example.com","role":"Admin","scopeLevel":"Account","scopeName":"Default","siteName":null,"userScope":"account","username":"test User"},"description":null,"groupId":null,"groupName":null,"hash":null,"id":"1234567890123456789","osFamily":null,"primaryDescription":"The management user test sent a Verification Email to the user test.","secondaryDescription":null,"siteId":null,"siteName":null,"threatId":null,"updatedAt":"2022-04-05T16:11:05.189394Z","userId":"1234567890123456789"}
+{"accountId":"1234567890123456789","accountName":"Default","activityType":1234,"agentId":null,"agentUpdatedVersion":null,"comments":null,"createdAt":"2022-04-05T16:11:05.469398Z","data":{"accountName":"Default","fullScopeDetails":"Account Default","fullScopeDetailsPath":"test/default","groupName":null,"recoveryEmail":"user@example.com","role":"Admin","scopeLevel":"Account","scopeName":"Default","siteName":null,"userScope":"account","username":"test User"},"description":null,"groupId":null,"groupName":null,"hash":null,"id":"1234567890123456789","osFamily":null,"primaryDescription":"The management user Test failed to log in to the management console with IP Address x.x.x.x.","secondaryDescription":null,"siteId":null,"siteName":null,"threatId":null,"updatedAt":"2022-04-05T16:11:05.189394Z","userId":"1234567890123456789"}
+{"accountId":"1234567890123456789","accountName":"Default","activityType":1234,"agentId":null,"agentUpdatedVersion":null,"comments":null,"createdAt":"2022-04-05T16:11:05.469398Z","data":{"accountName":"Default","fullScopeDetails":"Account Default","fullScopeDetailsPath":"test/default","groupName":null,"recoveryEmail":"user@example.com","role":"Admin","scopeLevel":"Account","scopeName":"Default","siteName":null,"userScope":"account","username":"test User"},"description":null,"groupId":null,"groupName":null,"hash":null,"id":"1234567890123456789","osFamily":null,"primaryDescription": null,"secondaryDescription":null,"siteId":null,"siteName":null,"threatId":null,"updatedAt":"2022-04-05T16:11:05.189394Z","userId":"1234567890123456789"}
+{"accountId":"1234567890123456789","accountName":"Default","activityType":1234,"agentId":null,"agentUpdatedVersion":null,"comments":null,"createdAt":"2022-04-05T16:11:05.469398Z","data":{"accountName":"Default","fullScopeDetails":"Account Default","fullScopeDetailsPath":"test/default","groupName":null,"recoveryEmail":"user@example.com","role":"Admin","scopeLevel":"Account","scopeName":"Default","siteName":null,"userScope":"account","username":"test User"},"description":null,"groupId":null,"groupName":null,"hash":null,"id":"1234567890123456789","osFamily":null,"primaryDescription": null,"secondaryDescription":null,"siteId":null,"siteName":null,"threatId":"","updatedAt":"2022-04-05T16:11:05.189394Z","userId":"1234567890123456789"}
+{"accountId":"1234567890123456789","accountName":"Default","activityType":1234,"agentId":"1234567890123456789","agentUpdatedVersion":null,"comments":null,"createdAt":"2022-04-06T08:45:54.532670Z","data":{"accountName":"Default","computerName":"user-computer-name","confidenceLevel":"malicious","escapedMaliciousProcessArguments":null,"fileContentHash":"aaf4c61ddcc5e8a2dabede0f3b482cxxxxxxxxxx","fileDisplayName":"default.exe","filePath":"\\test\\default.exe","fullScopeDetails":"Group Default Group in Site Default site of Account Default","fullScopeDetailsPath":"test/default / Default site / Default Group","groupName":"Default Group","siteName":"Default site","threatClassification":"Trojan","threatClassificationSource":"Cloud","username":null},"description":null,"groupId":"1234567890123456789","groupName":"Default Group","hash":null,"id":"1234567890123456789","osFamily":null,"primaryDescription":"Threat with confidence level malicious detected: default.exe","secondaryDescription":"6a264eda96e766b41bc14a3c9e99xxxxxxxxxx","siteId":"1234567890123456789","siteName":"Default site","threatId":"1234567890123456789","updatedAt":"2022-04-06T08:45:54.527789Z","userId":null}