[O365] Add fingerprint processor to prevent ingestion of duplicate events

[taylor-swanson]

What does this PR do?

• Added a fingerprint processor to prevent duplicate events from being ingested. It generates a hash based on the o365audit field.

Checklist

• I have reviewed tips for building integrations and this pull request is aligned with them.
• I have verified that all data streams collect metrics or logs.
• I have added an entry to my package's changelog.yml file.
• I have verified that Kibana version constraints are current according to guidelines.

Related issues

• Closes [O365] Add fingerprint processor to prevent duplicate events being ingested #5046

[elasticmachine]

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Start Time: 2023-01-23T14:12:59.337+0000

• Duration: 15 min 10 sec

Test stats 🧪

Test	Results
Failed	0
Passed	24
Skipped	0
Total	24

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

• /test : Re-trigger the build.

[elasticmachine]

🌐 Coverage report

Name	Metrics % (covered/total)	Diff
Packages	100.0% (1/1)	💚
Files	100.0% (1/1)	💚
Classes	100.0% (1/1)	💚
Methods	100.0% (16/16)	💚
Lines	82.155% (732/891)	❕
Conditionals	100.0% (0/0)	💚

[elasticmachine]

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

[efd6]

This could potentially be o365audit.ObjectId or o365audit.Id for a cheaper fingerprint. (The latter matches the @metadata._id that I see in logs).

[taylor-swanson]

Good point. For performance reasons, I think I'll go ahead and switch it to that.

[elasticmachine]

Package o365 - 1.10.1 containing this change is available at https://epr.elastic.co/search?package=o365