Add operation_src and resource_src columns to preserve original log data in detections

Author: cbruno10

locals.pp

@@ -19,14 +19,18 @@
   tp_index as project,
   tp_id as source_id,
   -- Create new aliases to preserve original row data
+  operation as operation_src,
+  resource as resource_src,
   *
+  exclude operation, resource
   EOQ
 
   detection_sql_where_conditions = <<-EOQ
     and severity != 'Error'
     -- TODO: Do we need to check operation?
     -- and (operation_src is null or operation_src.last = true)
   EOQ
+
   // Keep same order as SQL statement for easier readability
   detection_display_columns = [
     "timestamp",
@@ -41,4 +45,4 @@
 
 locals {
   detection_sql_resource_column_resource_name = replace(local.detection_sql_columns, "__RESOURCE_SQL__", "resource_name")
-}
+}