use id instead of name to group vulnerabilities by resource and cloud account

2025-06-27 18:51:07 -04:00 · 2025-06-26 17:30:45 +02:00 · 2025-06-26 17:30:45 +02:00 · 63a6603bf7
commit 63a6603bf7
parent ce3751bc14
6 changed files with 27 additions and 24 deletions
--- a/x-pack/solutions/security/plugins/cloud_security_posture/public/common/constants.ts
+++ b/x-pack/solutions/security/plugins/cloud_security_posture/public/common/constants.ts
@ -196,6 +196,7 @@ export const VULNERABILITY_FIELDS = {
  PACKAGE_VERSION: 'package.version',
  PACKAGE_FIXED_VERSION: 'package.fixed_version',
  CLOUD_ACCOUNT_NAME: 'cloud.account.name',
+  CLOUD_ACCOUNT_ID: 'cloud.account.id',
  CLOUD_PROVIDER: 'cloud.provider',
  DESCRIPTION: 'vulnerability.description',
  VENDOR: 'observer.vendor',
@ -203,9 +204,8 @@ export const VULNERABILITY_FIELDS = {

 export const VULNERABILITY_GROUPING_OPTIONS = {
  NONE: 'none',
-  RESOURCE_NAME: VULNERABILITY_FIELDS.RESOURCE_NAME,
  RESOURCE_ID: VULNERABILITY_FIELDS.RESOURCE_ID,
-  CLOUD_ACCOUNT_NAME: VULNERABILITY_FIELDS.CLOUD_ACCOUNT_NAME,
+  CLOUD_ACCOUNT_ID: VULNERABILITY_FIELDS.CLOUD_ACCOUNT_ID,
  CVE: VULNERABILITY_FIELDS.VULNERABILITY_ID,
 } as const;

--- a/x-pack/solutions/security/plugins/cloud_security_posture/public/pages/vulnerabilities/constants.ts
+++ b/x-pack/solutions/security/plugins/cloud_security_posture/public/pages/vulnerabilities/constants.ts
@ -13,12 +13,12 @@ import { VULNERABILITY_GROUPING_OPTIONS, VULNERABILITY_FIELDS } from '../../comm

 export const defaultGroupingOptions: GroupOption[] = [
  {
-    label: GROUPING_LABELS.RESOURCE_NAME,
-    key: VULNERABILITY_GROUPING_OPTIONS.RESOURCE_NAME,
+    label: GROUPING_LABELS.RESOURCE,
+    key: VULNERABILITY_GROUPING_OPTIONS.RESOURCE_ID,
  },
  {
-    label: GROUPING_LABELS.CLOUD_ACCOUNT_NAME,
-    key: VULNERABILITY_GROUPING_OPTIONS.CLOUD_ACCOUNT_NAME,
+    label: GROUPING_LABELS.CLOUD_ACCOUNT,
+    key: VULNERABILITY_GROUPING_OPTIONS.CLOUD_ACCOUNT_ID,
  },
  {
    label: 'CVE',
--- a/x-pack/solutions/security/plugins/cloud_security_posture/public/pages/vulnerabilities/hooks/use_grouped_vulnerabilities.tsx
+++ b/x-pack/solutions/security/plugins/cloud_security_posture/public/pages/vulnerabilities/hooks/use_grouped_vulnerabilities.tsx
@ -30,7 +30,7 @@ export interface VulnerabilitiesGroupingAggregation {
  description?: {
    buckets?: GenericBuckets[];
  };
-  resourceId?: {
+  resourceName?: {
    buckets?: GenericBuckets[];
  };
  isLoading?: boolean;
--- a/x-pack/solutions/security/plugins/cloud_security_posture/public/pages/vulnerabilities/hooks/use_latest_vulnerabilities_grouping.tsx
+++ b/x-pack/solutions/security/plugins/cloud_security_posture/public/pages/vulnerabilities/hooks/use_latest_vulnerabilities_grouping.tsx
@ -100,9 +100,12 @@ const getAggregationsByGroupField = (field: string): NamedAggregation[] => {
  ];

  switch (field) {
-    case VULNERABILITY_GROUPING_OPTIONS.RESOURCE_NAME:
-      return [...aggMetrics, getTermAggregation('resourceId', VULNERABILITY_FIELDS.RESOURCE_ID)];
-    case VULNERABILITY_GROUPING_OPTIONS.CLOUD_ACCOUNT_NAME:
+    case VULNERABILITY_GROUPING_OPTIONS.RESOURCE_ID:
+      return [
+        ...aggMetrics,
+        getTermAggregation('resourceName', VULNERABILITY_FIELDS.RESOURCE_NAME),
+      ];
+    case VULNERABILITY_GROUPING_OPTIONS.CLOUD_ACCOUNT_ID:
      return [
        ...aggMetrics,
        getTermAggregation('cloudProvider', VULNERABILITY_FIELDS.CLOUD_PROVIDER),
--- a/x-pack/solutions/security/plugins/cloud_security_posture/public/pages/vulnerabilities/latest_vulnerabilities_group_renderer.tsx
+++ b/x-pack/solutions/security/plugins/cloud_security_posture/public/pages/vulnerabilities/latest_vulnerabilities_group_renderer.tsx
@ -52,9 +52,9 @@ export const groupPanelRenderer: GroupPanelRenderer<VulnerabilitiesGroupingAggre
    : '';

  switch (selectedGroup) {
-    case VULNERABILITY_GROUPING_OPTIONS.RESOURCE_NAME:
+    case VULNERABILITY_GROUPING_OPTIONS.RESOURCE_ID:
      return nullGroupMessage ? (
-        renderNullGroup(NULL_GROUPING_MESSAGES.RESOURCE_NAME)
+        renderNullGroup(NULL_GROUPING_MESSAGES.RESOURCE_ID)
      ) : (
        <EuiFlexGroup alignItems="center">
          <EuiFlexItem>
@ -70,9 +70,9 @@ export const groupPanelRenderer: GroupPanelRenderer<VulnerabilitiesGroupingAggre
                    css={css`
                      word-break: break-all;
                    `}
-                    title={bucket.resourceId?.buckets?.[0]?.key as string}
+                    title={bucket.resourceName?.buckets?.[0]?.key as string}
                  >
-                    <strong>{bucket.key_as_string}</strong> {bucket.resourceId?.buckets?.[0]?.key}
+                    <strong>{bucket.key_as_string}</strong> {bucket.resourceName?.buckets?.[0]?.key}
                  </EuiTextBlockTruncate>
                </EuiText>
              </EuiFlexItem>
@ -80,9 +80,9 @@ export const groupPanelRenderer: GroupPanelRenderer<VulnerabilitiesGroupingAggre
          </EuiFlexItem>
        </EuiFlexGroup>
      );
-    case VULNERABILITY_GROUPING_OPTIONS.CLOUD_ACCOUNT_NAME:
+    case VULNERABILITY_GROUPING_OPTIONS.CLOUD_ACCOUNT_ID:
      return nullGroupMessage ? (
-        renderNullGroup(NULL_GROUPING_MESSAGES.CLOUD_ACCOUNT_NAME)
+        renderNullGroup(NULL_GROUPING_MESSAGES.CLOUD_ACCOUNT_ID)
      ) : (
        <EuiFlexGroup alignItems="center">
          {cloudProvider && (
--- a/x-pack/solutions/security/plugins/cloud_security_posture/public/pages/vulnerabilities/translations.ts
+++ b/x-pack/solutions/security/plugins/cloud_security_posture/public/pages/vulnerabilities/translations.ts
@ -27,12 +27,12 @@ export const VULNERABILITIES_GROUPS_UNIT = (
  const groupCount = hasNullGroup ? totalCount - 1 : totalCount;

  switch (selectedGroup) {
-    case VULNERABILITY_GROUPING_OPTIONS.RESOURCE_NAME:
+    case VULNERABILITY_GROUPING_OPTIONS.RESOURCE_ID:
      return i18n.translate('xpack.csp.vulnerabilities.groupUnit.resource', {
        values: { groupCount },
        defaultMessage: `{groupCount} {groupCount, plural, =1 {resource} other {resources}}`,
      });
-    case VULNERABILITY_GROUPING_OPTIONS.CLOUD_ACCOUNT_NAME:
+    case VULNERABILITY_GROUPING_OPTIONS.CLOUD_ACCOUNT_ID:
      return i18n.translate('xpack.csp.vulnerabilities.groupUnit.cloudAccount', {
        values: { groupCount },
        defaultMessage: `{groupCount} {groupCount, plural, =1 {cloud account} other {cloud accounts}}`,
@ -58,10 +58,10 @@ export const NULL_GROUPING_UNIT = i18n.translate(
 );

 export const NULL_GROUPING_MESSAGES = {
-  RESOURCE_NAME: i18n.translate('xpack.csp.vulnerabilities.grouping.resource.nullGroupTitle', {
+  RESOURCE_ID: i18n.translate('xpack.csp.vulnerabilities.grouping.resource.nullGroupTitle', {
    defaultMessage: 'No resource',
  }),
-  CLOUD_ACCOUNT_NAME: i18n.translate(
+  CLOUD_ACCOUNT_ID: i18n.translate(
    'xpack.csp.vulnerabilities.grouping.cloudAccount.nullGroupTitle',
    {
      defaultMessage: 'No cloud account',
@ -73,11 +73,11 @@ export const NULL_GROUPING_MESSAGES = {
 };

 export const GROUPING_LABELS = {
-  RESOURCE_NAME: i18n.translate('xpack.csp.vulnerabilities.groupBy.resource', {
-    defaultMessage: 'Resource',
+  RESOURCE: i18n.translate('xpack.csp.vulnerabilities.groupBy.resource', {
+    defaultMessage: 'Resource ID',
  }),
-  CLOUD_ACCOUNT_NAME: i18n.translate('xpack.csp.vulnerabilities.groupBy.cloudAccount', {
-    defaultMessage: 'Cloud account',
+  CLOUD_ACCOUNT: i18n.translate('xpack.csp.vulnerabilities.groupBy.cloudAccount', {
+    defaultMessage: 'Cloud account ID',
  }),
 };