May I know what are the changes made to the dashboards?

The main change is that dashboards are exported to version 8.19, along with below minor field changes :

Finding Dashboard

• Resource Name Filter (google_scc.finding.resource.name -> resource.id)
• Total Finding Metric (change decimal from 2 to 0)

Overview Dashboard

• Distribution of Vulnerabilities by Severity (google_scc.finding.severity -> vulnerability.severity)
• Top 5 Projects by Severity for Vulnerabilities (google_scc.finding.severity -> vulnerability.severity)
• Top 5 Projects by Severity for Vulnerabilities (google_scc.finding.severity -> vulnerability.severity, google_scc.finding.resource.project.name -> cloud.project.id)
• Top 5 Projects by Severity for Threats (google_scc.finding.resource.project.name -> cloud.project.id)

Finding Essentials Details

  organization.id
- google_scc.finding.name
+ resource.id
  google_scc.finding.category
  google_scc.finding.class
  google_scc.finding.severity
- google_scc.finding.resource.project.name
- event.created
- google_scc.finding.security_marks.name
- google_scc.finding.parent
+ cloud.project.id
+ google_scc.finding.security_marks.name

It seems like mainly ECS fields are used inside dashboards over custom fields. Could you add that to commit message?

@kcreddy @brijesh-elastic for example this I believe is covered by ecs@mappings even though resource is not a part of ECS itself. In the component template dynamic templates are being used which match by *.name for example

The problem is with pipeline tests. Any non-ECS field inside the *expected.json file must be explicitly defined. Otherwise they fail.

got it, I wonder if it's smth we want to improve going forward, or is it an expected safety net? It just doesn't match well the dynamic approach taken by ecs@mappings

Safety and also to do with preferring explicit mappings over dynamic mappings for Elasticsearch performanc.e

I wonder if we need event.id here. Isn't a combination of rule.uuid and resource.id unique?

Yes, it will be required.
rule.uuid is not present in most of the cases. So, we must have to add event.id to be unique.

same here, the combination of resource.id, package.name and package.version should be unique enough. This way we make sure that we don't have duplicated findings, eg. if event.id is generated for each change in the finding (eg. change of the status) we might have N finding documents for each (resource.id, package.name,package.version)

Yes, in here too, it will be required.
There are cases that combination of resource.id, package.name, package.version isn't unique.