[Wiz] Added Dashboards for all the Data Streams

[mohitjha-elastic]

Type of change

• Enhancement

What does this PR do?

• Add dashboards for all the data streams.
• Set unknown to the event.outcome in the pipeline.

Checklist

• I have reviewed tips for building integrations and this pull request is aligned with them.
• I have verified that all data streams collect metrics or logs.
• I have added an entry to my package's changelog.yml file.
• I have verified that Kibana version constraints are current according to guidelines.

How to test this PR locally

Clone integrations repo.
Install the elastic package locally.
Start elastic stack using the elastic package.
Move to integrations/packages/wiz directory.
Run the following command to run tests.

Automated Test

test-file.txt

[elasticmachine]

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Start Time: 2023-10-13T12:26:16.917+0000

• Duration: 19 min 35 sec

Test stats 🧪

Test	Results
Failed	0
Passed	18
Skipped	0
Total	18

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

• /test : Re-trigger the build.

[jamiehynds]

@mohitjha-elastic for the Audit dashboard, could we replace the 'Total Audit' visualisation with 'Audit Events by User', with a pie-chart, breaking down the audit events by user.id. This is likely more useful than displaying the total number of audit events, and can identify Wiz admins/users who have performed the most actions within the Wiz console.

[jamiehynds]

Can we remove the audit, issue and vulnerability sentences below as this sentence already covers the fact that we support audit, issue and vulnerability.

[elasticmachine]

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

[efd6]

/test

[elasticmachine]

🌐 Coverage report

Name	Metrics % (covered/total)	Diff
Packages	100.0% (3/3)	💚
Files	100.0% (3/3)	💚 3.301
Classes	100.0% (3/3)	💚 3.301
Methods	100.0% (39/39)	💚 7.382
Lines	94.011% (1146/1219)	👍 5.622
Conditionals	100.0% (0/0)	💚

[kcreddy]

Suggested change

	link: hhttps://github.com/elastic/integrations/pull/8154
	link: https://github.com/elastic/integrations/pull/8154

[kcreddy]

Suggested change

	"label": "Count of Audit",
	"label": "Count of Audit Events",

[kcreddy]

/test

[kcreddy]

LGTM. We can merge after Jamie's approval.

[piyush-elastic]

Can we change the navigation to the latest version ?
wiz-0.1.0/overview -> wiz-0.2.0/overview

[jamiehynds]

@mohitjha-elastic is Event ID the only field we can use in the Issue Details and Issues over Time? Anything that's more human readable like 'Issue Name' or something along those lines? Can we also adjust 'Issues over Timestamp' to 'Issues over Time' (sounds better). Sorry the last minute adjustment.

[mohitjha-elastic]

Hey @jamiehynds,
We do not have any other fields like the issue name or others so we have been using the Event ID only. However, the Event ID is the Issue ID but we are using the ECS name in the dashboard, let me know if you want us to replace the name Event ID with Issue ID.

No worries, will adjust Issues over Timestamp to Issue over Time.

[jamiehynds]

@mohitjha-elastic ok, if the Event ID is the best we can do we can leave it there for now. Would be great to hyperlink each Event ID so users could go to the Wiz console from the dashboard in order to view more information about the Event, but not sure if that's possible?

We can go ahead and merge, but Wiz may have suggestions during the validation process and we can make adjustments if necessary

[mohitjha-elastic]

I guess it won't be possible to redirect from the Event ID to the Wiz console.
Also, we have adjusted the Issues over Timestamp to Issue over Time.

[elasticmachine]

Package wiz - 0.2.0 containing this change is available at https://epr.elastic.co/search?package=wiz