Fix issue with incorrect policy response attachment. (#113430)

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>

x-pack/plugins/security_solution/server/lib/telemetry/receiver.ts

@@ -84,7 +84,7 @@ export class TelemetryReceiver {
           policy_responses: {
             terms: {
               size: this.max_records,
-              field: 'Endpoint.policy.applied.id',
+              field: 'agent.id',
             },
             aggs: {
               latest_response: {

x-pack/plugins/security_solution/server/lib/telemetry/tasks/endpoint.ts

@@ -190,13 +190,11 @@ export class TelemetryEndpointTask {
      *
      * As the policy id + policy version does not exist on the Endpoint Metrics document
      * we need to fetch information about the Fleet Agent and sync the metrics document
-     * with the Fleet agent's policy data.
+     * with the Agent's policy data.
      *
-     * 7.14 ~ An issue was created with the Endpoint agent team to add the policy id +
-     * policy version to the metrics document to circumvent and refactor away from
-     * this expensive join operation.
      */
     const agentsResponse = endpointData.fleetAgentsResponse;
+
     if (agentsResponse === undefined) {
       this.logger.debug('no fleet agent information available');
       return 0;
@@ -286,7 +284,7 @@ export class TelemetryEndpointTask {
           policyConfig = endpointPolicyCache.get(policyInformation) || null;
 
           if (policyConfig) {
-            failedPolicy = policyResponses.get(policyConfig?.id);
+            failedPolicy = policyResponses.get(endpointAgentId);
           }
         }
 
@@ -294,7 +292,6 @@ export class TelemetryEndpointTask {
 
         return {
           '@timestamp': executeTo,
-          agent_id: fleetAgentId,
           endpoint_id: endpointAgentId,
           endpoint_version: endpoint.endpoint_version,
           endpoint_package_version: policyConfig?.package?.version || null,