Skip to content

Commit 7a97274

Browse files
efd6efd6
authored
zoom: map user.email and participant.public_ip fields to ECS (#14499)
Also add new field definitions from the API docs[1][2]. Note that public_ip is not listed in the documentation but is observed in provided events (added in tests). [1]https://developers.zoom.us/docs/api/meetings/events/#tag/meeting/POSTmeeting.participant_joined [2]https://developers.zoom.us/docs/api/meetings/events/#tag/webinar/POSTwebinar.participant_joined
1 parent 6fe8199 commit 7a97274

20 files changed

+407
-14
lines changed

packages/zoom/changelog.yml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,9 @@
11
# newer versions go on top
2+
- version: "1.23.0"
3+
changes:
4+
- description: Map `user.email` and `source.ip` from available fields.
5+
type: enhancement
6+
link: https://github.com/elastic/integrations/pull/14499
27
- version: "1.22.0"
38
changes:
49
- description: Update Kibana constraint to support 9.0.0.

packages/zoom/data_stream/webhook/_dev/test/pipeline/test-account.json-expected.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -148,4 +148,4 @@
148148
}
149149
}
150150
]
151-
}
151+
}

packages/zoom/data_stream/webhook/_dev/test/pipeline/test-chat-channel.json-expected.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -234,4 +234,4 @@
234234
}
235235
}
236236
]
237-
}
237+
}

packages/zoom/data_stream/webhook/_dev/test/pipeline/test-chat-message.json-expected.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -126,4 +126,4 @@
126126
}
127127
}
128128
]
129-
}
129+
}

packages/zoom/data_stream/webhook/_dev/test/pipeline/test-meeting.json

Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -416,6 +416,35 @@
416416
}
417417
}
418418
}
419+
},
420+
{
421+
"zoom": {
422+
"event": "meeting.participant_joined",
423+
"event_ts": 1752127174016,
424+
"payload": {
425+
"account_id": "HzozXXXXXXXX",
426+
"object": {
427+
"duration": 60,
428+
"host_id": "dNvWUbXXXXXXXXXXXXXX",
429+
"id": "986XXXXXXXX",
430+
"participant": {
431+
"email": "user@elastic",
432+
"id": "8XjrxbGtXXXXXXXXXX",
433+
"join_time": "2025-07-10T05:59:30Z",
434+
"participant_user_id": "8XjrxbGtXXXXXXXXXX",
435+
"participant_uuid": "0E699901-3B16-3698-3388-XXXXXXXXXX",
436+
"public_ip": "81.2.69.144",
437+
"user_id": "123456789",
438+
"user_name": "Display Name of User"
439+
},
440+
"start_time": "2025-07-10T05:57:47Z",
441+
"timezone": "Asia/Seoul",
442+
"topic": "Team Meeting",
443+
"type": 2,
444+
"uuid": "pU/13Hdsdfsdfsdf7xZZzpUg=="
445+
}
446+
}
447+
}
419448
}
420449
]
421450
}

packages/zoom/data_stream/webhook/_dev/test/pipeline/test-meeting.json-expected.json

Lines changed: 75 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -429,6 +429,7 @@
429429
"related": {
430430
"user": [
431431
"s0AAAASoSE1V8KIFOCYw",
432+
"16778000",
432433
"z8yCxTTTTSiw02QgCAp8uQ"
433434
]
434435
},
@@ -481,6 +482,7 @@
481482
"related": {
482483
"user": [
483484
"s0AAAASoSE1V8KIFOCYw",
485+
"16778000",
484486
"z8yCxTTTTSiw02QgCAp8uQ"
485487
]
486488
},
@@ -617,6 +619,7 @@
617619
"related": {
618620
"user": [
619621
"iFxeBPYun6SAiWUzBcEkX",
622+
"167782040",
620623
"uLoRgfbbTayCX6r2Q_qQsQ"
621624
]
622625
},
@@ -663,6 +666,7 @@
663666
"related": {
664667
"user": [
665668
"iFxeBPYun6SAiWUzBcEkX",
669+
"167782040",
666670
"uLoRgfbbTayCX6r2Q_qQsQ"
667671
]
668672
},
@@ -687,6 +691,76 @@
687691
"user_name": "shree"
688692
}
689693
}
694+
},
695+
{
696+
"ecs": {
697+
"version": "8.11.0"
698+
},
699+
"event": {
700+
"action": "meeting.participant_joined",
701+
"duration": 3600000000000,
702+
"kind": [
703+
"event"
704+
],
705+
"type": [
706+
"info"
707+
]
708+
},
709+
"observer": {
710+
"product": "Webhook",
711+
"vendor": "Zoom"
712+
},
713+
"related": {
714+
"ip": [
715+
"81.2.69.144"
716+
],
717+
"user": [
718+
"8XjrxbGtXXXXXXXXXX",
719+
"123456789",
720+
"0E699901-3B16-3698-3388-XXXXXXXXXX",
721+
"dNvWUbXXXXXXXXXXXXXX"
722+
]
723+
},
724+
"source": {
725+
"geo": {
726+
"city_name": "London",
727+
"continent_name": "Europe",
728+
"country_iso_code": "GB",
729+
"country_name": "United Kingdom",
730+
"location": {
731+
"lat": 51.5142,
732+
"lon": -0.0931
733+
},
734+
"region_iso_code": "GB-ENG",
735+
"region_name": "England"
736+
},
737+
"ip": "81.2.69.144"
738+
},
739+
"user": {
740+
"email": "user@elastic",
741+
"full_name": "Display Name of User",
742+
"id": "8XjrxbGtXXXXXXXXXX"
743+
},
744+
"zoom": {
745+
"account_id": "HzozXXXXXXXX",
746+
"meeting": {
747+
"host_id": "dNvWUbXXXXXXXXXXXXXX",
748+
"id": "986XXXXXXXX",
749+
"start_time": "2025-07-10T05:57:47Z",
750+
"timezone": "Asia/Seoul",
751+
"topic": "Team Meeting",
752+
"type": 2,
753+
"uuid": "pU/13Hdsdfsdfsdf7xZZzpUg=="
754+
},
755+
"participant": {
756+
"email": "user@elastic",
757+
"id": "8XjrxbGtXXXXXXXXXX",
758+
"participant_user_id": "8XjrxbGtXXXXXXXXXX",
759+
"participant_uuid": "0E699901-3B16-3698-3388-XXXXXXXXXX",
760+
"user_id": "123456789",
761+
"user_name": "Display Name of User"
762+
}
763+
}
690764
}
691765
]
692-
}
766+
}

packages/zoom/data_stream/webhook/_dev/test/pipeline/test-phone.json-expected.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -476,4 +476,4 @@
476476
}
477477
}
478478
]
479-
}
479+
}

packages/zoom/data_stream/webhook/_dev/test/pipeline/test-recording.json-expected.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -595,4 +595,4 @@
595595
}
596596
}
597597
]
598-
}
598+
}

packages/zoom/data_stream/webhook/_dev/test/pipeline/test-user.json

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -229,6 +229,23 @@
229229
}
230230
}
231231
}
232+
},
233+
{
234+
"zoom": {
235+
"event": "user.signed_in",
236+
"event_ts": 1752128713153,
237+
"payload": {
238+
"account_id": "HzozXXXXXXXX",
239+
"object": {
240+
"client_type": "iphone",
241+
"date_time": "2025-07-10T06:25:13Z",
242+
"email": "username@elastic",
243+
"id": "WYVlJyXXXXXXXXXXXXX",
244+
"login_type": 101,
245+
"version": "6.5.1.25747"
246+
}
247+
}
248+
}
232249
}
233250
]
234251
}

packages/zoom/data_stream/webhook/_dev/test/pipeline/test-user.json-config.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,3 +2,4 @@ dynamic_fields:
22
"event.ingested": ".*"
33
numeric_keyword_fields:
44
- "zoom.user.type"
5+
- "zoom.user.login_type"

0 commit comments

Comments
 (0)