Merge pull request #6 from turbot/release/v0.3.0

cbruno10 · web-flow · commit 6037d2b6665e · 2025-02-14T14:54:17.000-05:00
Release/v0.3.0
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,9 @@
+## v0.3.0 [2025-02-14]
+
+_Enhancements_
+
+- Add `operation_src` and `resource_src` columns to all detections to preserve original log data in columns with consistent naming.
+
 ## v0.2.0 [2025-02-06]
 
 _Enhancements_
@@ -11,6 +17,6 @@ _What's new?_
 - New benchmarks added:
   - Audit Log Detections benchmark (`powerpipe benchmark run gcp_audit_log_detections.benchmark.audit_log_detections`).
   - MITRE ATT&CK v16.1 benchmark (`powerpipe benchmark run gcp_audit_log_detections.benchmark.mitre_attack_v161`).
-  
+
 - New dashboards added:
   - [Audit Log Activity Dashboard](https://hub.powerpipe.io/mods/turbot/gcp_audit_log_detections/dashboards/dashboard.activity_dashboard)
diff --git a/locals.pp b/locals.pp
@@ -19,14 +19,18 @@
   tp_index as project,
   tp_id as source_id,
   -- Create new aliases to preserve original row data
+  operation as operation_src,
+  resource as resource_src,
   *
+  exclude operation, resource
   EOQ
 
   detection_sql_where_conditions = <<-EOQ
     and severity != 'Error'
     -- TODO: Do we need to check operation?
     -- and (operation_src is null or operation_src.last = true)
   EOQ
+
   // Keep same order as SQL statement for easier readability
   detection_display_columns = [
     "timestamp",
@@ -41,4 +45,4 @@
 
 locals {
   detection_sql_resource_column_resource_name = replace(local.detection_sql_columns, "__RESOURCE_SQL__", "resource_name")
-}
+}
