[Cloud Posture] Update latest transform config (#134249)

2025-04-24 09:48:58 -04:00 · 2022-06-14 16:40:54 +03:00 · 2022-06-14 16:40:54 +03:00 · 7f3acfd57b
commit 7f3acfd57b
parent 43d5907312
3 changed files with 5 additions and 97 deletions
--- a/x-pack/plugins/cloud_security_posture/server/create_indices/latest_findings_mapping.ts
+++ b/x-pack/plugins/cloud_security_posture/server/create_indices/latest_findings_mapping.ts
@ -107,6 +107,10 @@ export const latestFindingsMapping: MappingTypeMapping = {
            },
          },
        },
+        id: {
+          ignore_above: 1024,
+          type: 'keyword',
+        },
        benchmark: {
          properties: {
            name: {
--- a/x-pack/plugins/cloud_security_posture/server/create_transforms/benchmark_score_transform.ts
+++ b/x-pack/plugins/cloud_security_posture/server/create_transforms/benchmark_score_transform.ts
@ -1,96 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import type { TransformPutTransformRequest } from '@elastic/elasticsearch/lib/api/types';
-import {
-  LATEST_FINDINGS_INDEX_DEFAULT_NS,
-  BENCHMARK_SCORE_INDEX_DEFAULT_NS,
-} from '../../common/constants';
-
-export const benchmarkScoreTransform: TransformPutTransformRequest = {
-  transform_id: 'cloud_security_posture.score-default-0.0.1',
-  description: 'Calculate latest findings score',
-  source: {
-    index: LATEST_FINDINGS_INDEX_DEFAULT_NS,
-  },
-  dest: {
-    index: BENCHMARK_SCORE_INDEX_DEFAULT_NS,
-  },
-  frequency: '30m',
-  sync: {
-    time: {
-      field: 'event.ingested',
-      delay: '60s',
-    },
-  },
-  retention_policy: {
-    time: {
-      field: '@timestamp',
-      max_age: '30d',
-    },
-  },
-  pivot: {
-    group_by: {
-      '@timestamp': {
-        date_histogram: {
-          field: '@timestamp',
-          calendar_interval: '1m',
-        },
-      },
-    },
-    aggregations: {
-      total_findings: {
-        value_count: {
-          field: 'result.evaluation.keyword',
-        },
-      },
-      passed_findings: {
-        filter: {
-          term: {
-            'result.evaluation.keyword': 'passed',
-          },
-        },
-      },
-      failed_findings: {
-        filter: {
-          term: {
-            'result.evaluation.keyword': 'failed',
-          },
-        },
-      },
-      score_by_cluster_id: {
-        terms: {
-          field: 'cluster_id.keyword',
-        },
-        aggregations: {
-          total_findings: {
-            value_count: {
-              field: 'result.evaluation.keyword',
-            },
-          },
-          passed_findings: {
-            filter: {
-              term: {
-                'result.evaluation.keyword': 'passed',
-              },
-            },
-          },
-          failed_findings: {
-            filter: {
-              term: {
-                'result.evaluation.keyword': 'failed',
-              },
-            },
-          },
-        },
-      },
-    },
-  },
-  _meta: {
-    managed: 'true',
-  },
-};
--- a/x-pack/plugins/cloud_security_posture/server/create_transforms/latest_findings_transform.ts
+++ b/x-pack/plugins/cloud_security_posture/server/create_transforms/latest_findings_transform.ts
@ -31,7 +31,7 @@ export const latestFindingsTransform: TransformPutTransformRequest = {
  },
  latest: {
    sort: '@timestamp',
-    unique_key: ['resource_id.keyword', 'rule.name.keyword', 'agent.id.keyword'],
+    unique_key: ['resource.id.keyword', 'rule.id'],
  },
  _meta: {
    managed: 'true',