Fix EventID's for "Users Added to Group" panel

[sakurai-youhei]

Fixes #6275

https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/plan/appendix-l--events-to-monitor
4732 636 Low A member was added to a security-enabled local group.
4728 632 Low A member was added to a security-enabled global group.
4756 660 Low A member was added to a security-enabled universal group.
4751 655 Low A member was added to a security-disabled global group.
4761 665 Low A member was added to a security-disabled universal group.
4746 650 Low A member was added to a security-disabled local group.
4785 689 Low A member was added to a basic application group.
4787 691 Low A nonmember was added to a basic application group.

What does this PR do?

Change Event ID's set to the filter in "Users Added to Group" panel.

Checklist

• I have reviewed tips for building integrations and this pull request is aligned with them.
• I have verified that all data streams collect metrics or logs.
• I have added an entry to my package's changelog.yml file.
• I have verified that Kibana version constraints are current according to guidelines.

How to test this PR locally

Rewrite the numbers manually in the Lens.

Related issues

• Fixes [System][Windows] "Users Added to Group" panel has incorrect filter #6275

Screenshots

Kibana > Dashboard > [System Windows Security] Group Management Events > Users Added to Group

Before change

After change

[elasticmachine]

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Start Time: 2023-07-08T16:41:00.258+0000

• Duration: 15 min 12 sec

Test stats 🧪

Test	Results
Failed	0
Passed	146
Skipped	0
Total	146

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

• /test : Re-trigger the build.

[elasticmachine]

🌐 Coverage report

Name	Metrics % (covered/total)	Diff
Packages	100.0% (3/3)	💚
Files	100.0% (4/4)	💚 2.757
Classes	100.0% (4/4)	💚 2.757
Methods	60.759% (48/79)	👎 -32.149
Lines	100.0% (2811/2811)	💚 8.85
Conditionals	100.0% (0/0)	💚

[elasticmachine]

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

[efd6]

There is currently a beta version in play for the promotion of TSDB to GA, so this PR should wait for that to have gone in before it's updated and merged.

/cc @tetianakravchenko

[ebeahan]

Are these changes able to move forward with 1.34.0 released in #6607?

[sakurai-youhei]

@ebeahan Is that change bumping up to 1.34.1 ok?

[sakurai-youhei]

/test

[sakurai-youhei]

The same issue here. #6607 (comment) Because elastic-package v0.83.2 was released with the fix - elastic/elastic-package#1315 20 hours ago, I'm attempting the test again.

[sakurai-youhei]

/test

[efd6]

@sakurai-youhei Are you able to merge?

[sakurai-youhei]

@efd6 No, The merge button is still diactive and it says:

Waiting on code owner review from elastic/elastic-agent-data-plane, elastic/kibana-visualizations, and/or elastic/obs-infraobs-integrations.

Could you give another approval from either? Thanks.

[efd6]

Sorry, I missed that there are different owners across multiple files.

[efd6]

@elastic/elastic-agent-data-plane, @elastic/kibana-visualizations and @elastic/obs-infraobs-integrations would you be able to take a look please.

[ishleenk17]

Looks good!

[elasticmachine]

Package system - 1.36.1 containing this change is available at https://epr.elastic.co/search?package=system