Add Index Alias for Cloud Security Latest Findings Index

x-pack/platform/packages/shared/kbn-cloud-security-posture/common/constants.ts

@@ -9,11 +9,16 @@ import { MisconfigurationEvaluationStatus } from './types/misconfigurations';
 
 export const KSPM_POLICY_TEMPLATE = 'kspm';
 export const CSPM_POLICY_TEMPLATE = 'cspm';
-export const CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_PATTERN =
+export const CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS =
+  'security_solution-cloud_security_posture.misconfiguration_latest';
+
+export const DEPRECATED_CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_PATTERN =
   'logs-cloud_security_posture.findings_latest-default';
+
 export const CDR_LATEST_THIRD_PARTY_MISCONFIGURATIONS_INDEX_PATTERN =
   'security_solution-*.misconfiguration_latest';
-export const CDR_MISCONFIGURATIONS_INDEX_PATTERN = `${CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_PATTERN},${CDR_LATEST_THIRD_PARTY_MISCONFIGURATIONS_INDEX_PATTERN}`;
+export const CDR_MISCONFIGURATIONS_INDEX_PATTERN = `${CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS},${CDR_LATEST_THIRD_PARTY_MISCONFIGURATIONS_INDEX_PATTERN}`;
+
 export const CDR_MISCONFIGURATIONS_DATA_VIEW_NAME = 'Latest Cloud Security Misconfigurations';
 export const LATEST_FINDINGS_RETENTION_POLICY = '26h';
 export const MAX_FINDINGS_TO_LOAD = 500;

x-pack/solutions/security/plugins/cloud_security_posture/common/constants.ts

@@ -40,8 +40,6 @@ export const FINDINGS_INDEX_NAME = 'logs-cloud_security_posture.findings';
 export const FINDINGS_INDEX_DEFAULT_NS = 'logs-cloud_security_posture.findings-default';
 
 export const LATEST_FINDINGS_INDEX_TEMPLATE_NAME = 'logs-cloud_security_posture.findings_latest';
-export const LATEST_FINDINGS_INDEX_DEFAULT_NS =
-  'logs-cloud_security_posture.findings_latest-default';
 
 export const BENCHMARK_SCORE_INDEX_TEMPLATE_NAME = 'logs-cloud_security_posture.scores';
 export const BENCHMARK_SCORE_INDEX_PATTERN = 'logs-cloud_security_posture.scores-*';

x-pack/solutions/security/plugins/cloud_security_posture/public/components/no_findings_states/no_findings_states.test.tsx

@@ -171,7 +171,7 @@ describe('NoFindingsStates', () => {
         screen.getByText(/required elasticsearch index privilege for the following indices:/i)
       ).toBeInTheDocument();
       expect(
-        screen.getByText('logs-cloud_security_posture.findings_latest-default')
+        screen.getByText('security_solution-cloud_security_posture.misconfiguration_latest')
       ).toBeInTheDocument();
       expect(screen.getByText('logs-cloud_security_posture.findings-default*')).toBeInTheDocument();
       expect(screen.getByText('logs-cloud_security_posture.scores-default')).toBeInTheDocument();

x-pack/solutions/security/plugins/cloud_security_posture/public/pages/benchmarks/benchmarks.test.tsx

@@ -38,7 +38,10 @@ describe('<Benchmarks />', () => {
           cspm: { status: 'indexed' },
           kspm: { status: 'indexed' },
           indicesDetails: [
-            { index: 'logs-cloud_security_posture.findings_latest-default', status: 'not-empty' },
+            {
+              index: 'security_solution-cloud_security_posture.misconfiguration_latest',
+              status: 'not-empty',
+            },
             { index: 'logs-cloud_security_posture.findings-default*', status: 'not-empty' },
           ],
         },

x-pack/solutions/security/plugins/cloud_security_posture/public/pages/compliance_dashboard/compliance_dashboard.test.tsx

@@ -111,7 +111,10 @@ describe('<ComplianceDashboard />', () => {
           cspm: { status: 'not-installed', healthyAgents: 0, installedPackagePolicies: 0 },
           isPluginInitialized: false,
           indicesDetails: [
-            { index: 'logs-cloud_security_posture.findings_latest-default', status: 'empty' },
+            {
+              index: 'security_solution-cloud_security_posture.misconfiguration_latest',
+              status: 'empty',
+            },
             { index: 'logs-cloud_security_posture.findings-default*', status: 'empty' },
           ],
         },
@@ -152,7 +155,10 @@ describe('<ComplianceDashboard />', () => {
           cspm: { status: 'not-deployed', healthyAgents: 0, installedPackagePolicies: 1 },
           installedPackageVersion: '1.2.13',
           indicesDetails: [
-            { index: 'logs-cloud_security_posture.findings_latest-default', status: 'empty' },
+            {
+              index: 'security_solution-cloud_security_posture.misconfiguration_latest',
+              status: 'empty',
+            },
             { index: 'logs-cloud_security_posture.findings-default*', status: 'empty' },
           ],
         },
@@ -192,7 +198,10 @@ describe('<ComplianceDashboard />', () => {
           cspm: { status: 'indexing', healthyAgents: 1, installedPackagePolicies: 1 },
           installedPackageVersion: '1.2.13',
           indicesDetails: [
-            { index: 'logs-cloud_security_posture.findings_latest-default', status: 'empty' },
+            {
+              index: 'security_solution-cloud_security_posture.misconfiguration_latest',
+              status: 'empty',
+            },
             { index: 'logs-cloud_security_posture.findings-default*', status: 'empty' },
           ],
         },
@@ -232,7 +241,10 @@ describe('<ComplianceDashboard />', () => {
           cspm: { status: 'waiting_for_results', healthyAgents: 1, installedPackagePolicies: 1 },
           installedPackageVersion: '1.2.13',
           indicesDetails: [
-            { index: 'logs-cloud_security_posture.findings_latest-default', status: 'empty' },
+            {
+              index: 'security_solution-cloud_security_posture.misconfiguration_latest',
+              status: 'empty',
+            },
             { index: 'logs-cloud_security_posture.findings-default*', status: 'empty' },
           ],
         },
@@ -272,7 +284,10 @@ describe('<ComplianceDashboard />', () => {
           cspm: { status: 'index-timeout', healthyAgents: 1, installedPackagePolicies: 1 },
           installedPackageVersion: '1.2.13',
           indicesDetails: [
-            { index: 'logs-cloud_security_posture.findings_latest-default', status: 'empty' },
+            {
+              index: 'security_solution-cloud_security_posture.misconfiguration_latest',
+              status: 'empty',
+            },
             { index: 'logs-cloud_security_posture.findings-default*', status: 'empty' },
           ],
         },
@@ -312,7 +327,10 @@ describe('<ComplianceDashboard />', () => {
           cspm: { status: 'unprivileged', healthyAgents: 1, installedPackagePolicies: 1 },
           installedPackageVersion: '1.2.13',
           indicesDetails: [
-            { index: 'logs-cloud_security_posture.findings_latest-default', status: 'empty' },
+            {
+              index: 'security_solution-cloud_security_posture.misconfiguration_latest',
+              status: 'empty',
+            },
             { index: 'logs-cloud_security_posture.findings-default*', status: 'empty' },
           ],
         },
@@ -352,7 +370,10 @@ describe('<ComplianceDashboard />', () => {
           cspm: { status: 'indexed' },
           installedPackageVersion: '1.2.13',
           indicesDetails: [
-            { index: 'logs-cloud_security_posture.findings_latest-default', status: 'not-empty' },
+            {
+              index: 'security_solution-cloud_security_posture.misconfiguration_latest',
+              status: 'not-empty',
+            },
             { index: 'logs-cloud_security_posture.findings-default*', status: 'not-empty' },
           ],
         },
@@ -391,7 +412,10 @@ describe('<ComplianceDashboard />', () => {
           cspm: { status: 'not-installed' },
           installedPackageVersion: '1.2.13',
           indicesDetails: [
-            { index: 'logs-cloud_security_posture.findings_latest-default', status: 'not-empty' },
+            {
+              index: 'security_solution-cloud_security_posture.misconfiguration_latest',
+              status: 'not-empty',
+            },
             { index: 'logs-cloud_security_posture.findings-default*', status: 'not-empty' },
           ],
         },
@@ -430,7 +454,10 @@ describe('<ComplianceDashboard />', () => {
           cspm: { status: 'indexed' },
           installedPackageVersion: '1.2.13',
           indicesDetails: [
-            { index: 'logs-cloud_security_posture.findings_latest-default', status: 'not-empty' },
+            {
+              index: 'security_solution-cloud_security_posture.misconfiguration_latest',
+              status: 'not-empty',
+            },
             { index: 'logs-cloud_security_posture.findings-default*', status: 'not-empty' },
           ],
         },
@@ -469,7 +496,10 @@ describe('<ComplianceDashboard />', () => {
           cspm: { status: 'indexed', healthyAgents: 0, installedPackagePolicies: 1 },
           installedPackageVersion: '1.2.13',
           indicesDetails: [
-            { index: 'logs-cloud_security_posture.findings_latest-default', status: 'not-empty' },
+            {
+              index: 'security_solution-cloud_security_posture.misconfiguration_latest',
+              status: 'not-empty',
+            },
             { index: 'logs-cloud_security_posture.findings-default*', status: 'not-empty' },
           ],
         },
@@ -509,7 +539,10 @@ describe('<ComplianceDashboard />', () => {
           cspm: { status: 'not-installed' },
           installedPackageVersion: '1.2.13',
           indicesDetails: [
-            { index: 'logs-cloud_security_posture.findings_latest-default', status: 'empty' },
+            {
+              index: 'security_solution-cloud_security_posture.misconfiguration_latest',
+              status: 'empty',
+            },
             { index: 'logs-cloud_security_posture.findings-default*', status: 'empty' },
           ],
         },
@@ -549,7 +582,10 @@ describe('<ComplianceDashboard />', () => {
           kspm: { status: 'indexed' },
           installedPackageVersion: '1.2.13',
           indicesDetails: [
-            { index: 'logs-cloud_security_posture.findings_latest-default', status: 'not-empty' },
+            {
+              index: 'security_solution-cloud_security_posture.misconfiguration_latest',
+              status: 'not-empty',
+            },
             { index: 'logs-cloud_security_posture.findings-default*', status: 'not-empty' },
           ],
         },
@@ -589,7 +625,10 @@ describe('<ComplianceDashboard />', () => {
           kspm: { status: 'indexed' },
           installedPackageVersion: '1.2.13',
           indicesDetails: [
-            { index: 'logs-cloud_security_posture.findings_latest-default', status: 'not-empty' },
+            {
+              index: 'security_solution-cloud_security_posture.misconfiguration_latest',
+              status: 'not-empty',
+            },
             { index: 'logs-cloud_security_posture.findings-default*', status: 'not-empty' },
           ],
         },
@@ -629,7 +668,10 @@ describe('<ComplianceDashboard />', () => {
           cspm: { status: 'not-installed' },
           installedPackageVersion: '1.2.13',
           indicesDetails: [
-            { index: 'logs-cloud_security_posture.findings_latest-default', status: 'empty' },
+            {
+              index: 'security_solution-cloud_security_posture.misconfiguration_latest',
+              status: 'empty',
+            },
             { index: 'logs-cloud_security_posture.findings-default*', status: 'empty' },
           ],
         },
@@ -671,7 +713,10 @@ describe('<ComplianceDashboard />', () => {
           kspm: { status: 'not-installed' },
           installedPackageVersion: '1.2.13',
           indicesDetails: [
-            { index: 'logs-cloud_security_posture.findings_latest-default', status: 'empty' },
+            {
+              index: 'security_solution-cloud_security_posture.misconfiguration_latest',
+              status: 'empty',
+            },
             { index: 'logs-cloud_security_posture.findings-default*', status: 'empty' },
           ],
         },

x-pack/solutions/security/plugins/cloud_security_posture/public/pages/configurations/configurations.handlers.mock.ts

@@ -143,7 +143,7 @@ export const generateCspFinding = (
 
 export const generateFindingHit = (finding: CspFinding) => {
   return {
-    _index: 'logs-cloud_security_posture.findings_latest-default',
+    _index: 'security_solution-cloud_security_posture.misconfiguration_latest',
     _id: uuidV4(),
     _score: null,
     _source: finding,

x-pack/solutions/security/plugins/cloud_security_posture/public/pages/rules/rules.test.tsx

@@ -73,7 +73,10 @@ describe('<Rules />', () => {
           cspm: { status: 'indexed' },
           kspm: { status: 'indexed' },
           indicesDetails: [
-            { index: 'logs-cloud_security_posture.findings_latest-default', status: 'not-empty' },
+            {
+              index: 'security_solution-cloud_security_posture.misconfiguration_latest',
+              status: 'not-empty',
+            },
             { index: 'logs-cloud_security_posture.findings-default*', status: 'not-empty' },
           ],
         },

x-pack/solutions/security/plugins/cloud_security_posture/public/pages/vulnerabilities/vulnerabilties.test.tsx

@@ -180,7 +180,10 @@ describe('<Vulnerabilities />', () => {
           cspm: { status: 'not-deployed' },
           [VULN_MGMT_POLICY_TEMPLATE]: { status: 'not-installed' },
           indicesDetails: [
-            { index: 'logs-cloud_security_posture.findings_latest-default', status: 'empty' },
+            {
+              index: 'security_solution-cloud_security_posture.misconfiguration_latest',
+              status: 'empty',
+            },
             { index: 'logs-cloud_security_posture.findings-default*', status: 'empty' },
             { index: CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN, status: 'empty' },
           ],

x-pack/solutions/security/plugins/cloud_security_posture/public/test/mock_server/handlers/dataview.handlers.mock.ts

@@ -37,7 +37,7 @@ export const defaultDataViewFindHandler = http.get(
           generateDataViewField('rule.name'),
           generateDataViewField('rule.section'),
         ],
-        indices: ['logs-cloud_security_posture.findings_latest-default'],
+        indices: ['security_solution-cloud_security_posture.misconfiguration_latest'],
       });
     }
 

x-pack/solutions/security/plugins/cloud_security_posture/server/create_indices/latest_indices.ts

@@ -7,12 +7,11 @@
 
 import {
   CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
-  CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_PATTERN,
+  DEPRECATED_CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_PATTERN,
 } from '@kbn/cloud-security-posture-common';
 import {
   FINDINGS_INDEX_NAME,
   LATEST_FINDINGS_INDEX_TEMPLATE_NAME,
-  LATEST_FINDINGS_INDEX_DEFAULT_NS,
   VULNERABILITIES_INDEX_NAME,
   LATEST_VULNERABILITIES_INDEX_TEMPLATE_NAME,
 } from '../../common/constants';
@@ -21,9 +20,9 @@ import { LatestIndexConfig } from './types';
 export const latestIndexConfigs: LatestIndexConfig = {
   findings: {
     indexName: FINDINGS_INDEX_NAME,
-    indexPattern: CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_PATTERN,
+    indexPattern: DEPRECATED_CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_PATTERN,
     indexTemplateName: LATEST_FINDINGS_INDEX_TEMPLATE_NAME,
-    indexDefaultName: LATEST_FINDINGS_INDEX_DEFAULT_NS,
+    indexDefaultName: DEPRECATED_CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_PATTERN,
   },
   vulnerabilities: {
     indexName: VULNERABILITIES_INDEX_NAME,

x-pack/solutions/security/plugins/cloud_security_posture/server/create_transforms/latest_findings_transform.ts

@@ -8,11 +8,9 @@ import type { TransformPutTransformRequest } from '@elastic/elasticsearch/lib/ap
 import {
   LATEST_FINDINGS_RETENTION_POLICY,
   FINDINGS_INDEX_PATTERN,
+  DEPRECATED_CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_PATTERN,
 } from '@kbn/cloud-security-posture-common';
-import {
+import { CLOUD_SECURITY_POSTURE_PACKAGE_NAME } from '../../common/constants';
-  CLOUD_SECURITY_POSTURE_PACKAGE_NAME,
-  LATEST_FINDINGS_INDEX_DEFAULT_NS,
-} from '../../common/constants';
 
 const LATEST_FINDINGS_TRANSFORM_V830 = 'cloud_security_posture.findings_latest-default-0.0.1';
 const LATEST_FINDINGS_TRANSFORM_V840 = 'cloud_security_posture.findings_latest-default-8.4.0';
@@ -34,7 +32,7 @@ export const latestFindingsTransform: TransformPutTransformRequest = {
     index: FINDINGS_INDEX_PATTERN,
   },
   dest: {
-    index: LATEST_FINDINGS_INDEX_DEFAULT_NS,
+    index: DEPRECATED_CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_PATTERN,
   },
   frequency: '5m',
   sync: {

x-pack/solutions/security/plugins/cloud_security_posture/server/lib/telemetry/collectors/accounts_stats_collector.ts

@@ -10,10 +10,10 @@ import type {
   AggregationsMultiBucketBase,
   SearchRequest,
 } from '@elastic/elasticsearch/lib/api/types';
+import { CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS } from '@kbn/cloud-security-posture-common';
 import { getIdentifierRuntimeMapping } from '../../../../common/runtime_mappings/get_identifier_runtime_mapping';
 import { calculatePostureScore } from '../../../../common/utils/helpers';
 import type { CspmAccountsStats } from './types';
-import { LATEST_FINDINGS_INDEX_DEFAULT_NS } from '../../../../common/constants';
 
 interface Value {
   value: number;
@@ -57,7 +57,7 @@ interface AccountEntity {
 }
 
 const getAccountsStatsQuery = (): SearchRequest => ({
-  index: LATEST_FINDINGS_INDEX_DEFAULT_NS,
+  index: CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS,
   runtime_mappings: getIdentifierRuntimeMapping(),
   query: {
     match_all: {},
@@ -234,7 +234,7 @@ export const getAccountsStats = async (
 ): Promise<CspmAccountsStats[]> => {
   try {
     const isIndexExists = await esClient.indices.exists({
-      index: LATEST_FINDINGS_INDEX_DEFAULT_NS,
+      index: CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS,
     });
 
     if (isIndexExists) {

x-pack/solutions/security/plugins/cloud_security_posture/server/lib/telemetry/collectors/cloud_accounts_stats_collector.ts

@@ -10,6 +10,7 @@ import {
   CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
   KSPM_POLICY_TEMPLATE,
   CSPM_POLICY_TEMPLATE,
+  CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS,
 } from '@kbn/cloud-security-posture-common';
 import type { SearchRequest } from '@elastic/elasticsearch/lib/api/types';
 import { getPackagePolicyIdRuntimeMapping } from '../../../../common/runtime_mappings/get_package_policy_id_mapping';
@@ -21,10 +22,7 @@ import type {
   CloudProviderKey,
   CloudSecurityAccountsStats,
 } from './types';
-import {
+import { VULN_MGMT_POLICY_TEMPLATE } from '../../../../common/constants';
-  LATEST_FINDINGS_INDEX_DEFAULT_NS,
-  VULN_MGMT_POLICY_TEMPLATE,
-} from '../../../../common/constants';
 import {
   getCspBenchmarkRulesStatesHandler,
   getMutedRulesFilterQuery,
@@ -412,7 +410,7 @@ export const getIndexAccountStats = async (
     ? getCloudAccountsStats(accountsStatsResponse.aggregations, logger)
     : [];
 
-  if (index === LATEST_FINDINGS_INDEX_DEFAULT_NS) {
+  if (index === CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS) {
     const cloudAccountsStatsForEnabledRules = await getAccountStatsBasedOnEnablesRule(
       esClient,
       encryptedSoClient,
@@ -442,7 +440,7 @@ export const getAllCloudAccountsStats = async (
 ): Promise<CloudSecurityAccountsStats[]> => {
   try {
     const indices = [
-      LATEST_FINDINGS_INDEX_DEFAULT_NS,
+      CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS,
       CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
     ];
     const [findingIndex, vulnerabilitiesIndex] = await Promise.all(

x-pack/solutions/security/plugins/cloud_security_posture/server/lib/telemetry/collectors/indices_stats_collector.ts

@@ -6,7 +6,10 @@
  */
 import type { CoreStart, Logger, SavedObjectsClientContract } from '@kbn/core/server';
 import type { ElasticsearchClient } from '@kbn/core-elasticsearch-server';
-import { CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN } from '@kbn/cloud-security-posture-common';
+import {
+  CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS,
+  CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
+} from '@kbn/cloud-security-posture-common';
 import { getCspStatus } from '../../../routes/status/status';
 import type { CspServerPluginStart, CspServerPluginStartDeps } from '../../../types';
 
@@ -14,7 +17,6 @@ import type { CspmIndicesStats, IndexStats } from './types';
 import {
   BENCHMARK_SCORE_INDEX_DEFAULT_NS,
   FINDINGS_INDEX_DEFAULT_NS,
-  LATEST_FINDINGS_INDEX_DEFAULT_NS,
   VULNERABILITIES_INDEX_DEFAULT_NS,
 } from '../../../../common/constants';
 
@@ -80,7 +82,7 @@ export const getIndicesStats = async (
 ): Promise<CspmIndicesStats> => {
   const [findings, latestFindings, vulMng, vulMngLatest, score] = await Promise.all([
     getIndexStats(esClient, FINDINGS_INDEX_DEFAULT_NS, logger),
-    getIndexStats(esClient, LATEST_FINDINGS_INDEX_DEFAULT_NS, logger),
+    getIndexStats(esClient, CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS, logger),
     getIndexStats(esClient, VULNERABILITIES_INDEX_DEFAULT_NS, logger),
     getIndexStats(esClient, CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN, logger),
     getIndexStats(esClient, BENCHMARK_SCORE_INDEX_DEFAULT_NS, logger),

x-pack/solutions/security/plugins/cloud_security_posture/server/lib/telemetry/collectors/resources_stats_collector.ts

@@ -7,9 +7,9 @@
 import type { ElasticsearchClient } from '@kbn/core-elasticsearch-server';
 import type { Logger } from '@kbn/core/server';
 import type { SearchRequest } from '@elastic/elasticsearch/lib/api/types';
+import { CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS } from '@kbn/cloud-security-posture-common';
 import { getIdentifierRuntimeMapping } from '../../../../common/runtime_mappings/get_identifier_runtime_mapping';
 import type { CspmResourcesStats } from './types';
-import { LATEST_FINDINGS_INDEX_DEFAULT_NS } from '../../../../common/constants';
 
 interface ResourcesStats {
   accounts: {
@@ -144,12 +144,12 @@ export const getResourcesStats = async (
 ): Promise<CspmResourcesStats[]> => {
   try {
     const isIndexExists = await esClient.indices.exists({
-      index: LATEST_FINDINGS_INDEX_DEFAULT_NS,
+      index: CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS,
     });
 
     if (isIndexExists) {
       const resourcesStatsResponse = await esClient.search<unknown, ResourcesStats>(
-        getResourcesStatsQuery(LATEST_FINDINGS_INDEX_DEFAULT_NS)
+        getResourcesStatsQuery(CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS)
       );
 
       const cspmResourcesStats = resourcesStatsResponse.aggregations

x-pack/solutions/security/plugins/cloud_security_posture/server/lib/telemetry/collectors/rules_stats_collector.ts

@@ -10,9 +10,9 @@ import type {
   AggregationsMultiBucketBase,
   SearchRequest,
 } from '@elastic/elasticsearch/lib/api/types';
+import { CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS } from '@kbn/cloud-security-posture-common';
 import { getIdentifierRuntimeMapping } from '../../../../common/runtime_mappings/get_identifier_runtime_mapping';
 import type { CspmRulesStats } from './types';
-import { LATEST_FINDINGS_INDEX_DEFAULT_NS } from '../../../../common/constants';
 
 interface BenchmarkName {
   metrics: { 'rule.benchmark.name': string };
@@ -69,7 +69,7 @@ interface RuleEntity {
 }
 
 const getRulesStatsQuery = (): SearchRequest => ({
-  index: LATEST_FINDINGS_INDEX_DEFAULT_NS,
+  index: CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS,
   query: {
     match_all: {},
   },
@@ -264,7 +264,7 @@ export const getRulesStats = async (
 ): Promise<CspmRulesStats[]> => {
   try {
     const isIndexExists = await esClient.indices.exists({
-      index: LATEST_FINDINGS_INDEX_DEFAULT_NS,
+      index: CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS,
     });
 
     if (isIndexExists) {

x-pack/solutions/security/plugins/cloud_security_posture/server/plugin.ts

@@ -30,6 +30,10 @@ import type {
   CspBenchmarkRule,
   CspSettings,
 } from '@kbn/cloud-security-posture-common/schema/rules/latest';
+import {
+  CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS,
+  DEPRECATED_CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_PATTERN,
+} from '@kbn/cloud-security-posture-common';
 import semver from 'semver';
 import { isCspPackage } from '../common/utils/helpers';
 import { isSubscriptionAllowed } from '../common/utils/subscription';
@@ -241,9 +245,50 @@ export class CspPlugin
       this.logger
     );
     await scheduleFindingsStatsTask(taskManager, this.logger);
+    await this.initializeIndexAlias(esClient, this.logger);
     this.#isInitialized = true;
   }
 
+  // For integration versions earlier than 2.00, we will manually create an index alias for the deprecated latest index 'logs-cloud_security_posture.findings_latest-default'.
+  // For integration versions 2.00 and above, the index alias will be automatically created or updated as part of the Transform setup.
+  initializeIndexAlias = async (esClient: ElasticsearchClient, logger: Logger): Promise<void> => {
+    const isAliasExists = await esClient.indices.existsAlias({
+      name: CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS,
+    });
+
+    const isDeprecatedLatestIndexExists = await esClient.indices.exists({
+      index: DEPRECATED_CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_PATTERN,
+    });
+
+    // This handles the following scenarios:
+    // 1. A customer using an older integration version (pre-2.00) who has upgraded their Kibana stack.
+    // 2. A customer with a new Kibana stack who installs an integration version earlier than 2.00 for the first time (e.g., in a serverless environment).
+    if (isDeprecatedLatestIndexExists && !isAliasExists) {
+      try {
+        await esClient.indices.updateAliases({
+          actions: [
+            {
+              add: {
+                index: DEPRECATED_CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_PATTERN,
+                alias: CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS,
+                is_write_index: true,
+              },
+            },
+          ],
+        });
+        this.logger.info(
+          `Index alias ${CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS} created successfully`
+        );
+      } catch (error) {
+        this.logger.error(
+          `Failed to create index alias ${CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS}`,
+          error
+        );
+        throw error;
+      }
+    }
+  };
+
   async uninstallResources(taskManager: TaskManagerStartContract, logger: Logger): Promise<void> {
     await removeFindingsStatsTask(taskManager, logger);
   }

x-pack/solutions/security/plugins/cloud_security_posture/server/routes/benchmarks/v2.ts

@@ -10,10 +10,8 @@ import { MappingRuntimeFields } from '@elastic/elasticsearch/lib/api/types';
 import type { ElasticsearchClient, Logger } from '@kbn/core/server';
 import { SavedObjectsClientContract } from '@kbn/core-saved-objects-api-server';
 import type { CspBenchmarkRule } from '@kbn/cloud-security-posture-common/schema/rules/latest';
-import {
+import { CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS } from '@kbn/cloud-security-posture-common';
-  CSP_BENCHMARK_RULE_SAVED_OBJECT_TYPE,
+import { CSP_BENCHMARK_RULE_SAVED_OBJECT_TYPE } from '../../../common/constants';
-  LATEST_FINDINGS_INDEX_DEFAULT_NS,
-} from '../../../common/constants';
 
 import { Benchmark } from '../../../common/types/latest';
 import { getClusters } from '../compliance_dashboard/get_clusters';
@@ -59,7 +57,7 @@ export const getBenchmarksData = async (
   const rulesFilter = await getMutedRulesFilterQuery(encryptedSoClient);
 
   const { id: pitId } = await esClient.openPointInTime({
-    index: LATEST_FINDINGS_INDEX_DEFAULT_NS,
+    index: CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS,
     keep_alive: '30s',
   });
   // Transform response to a benchmark row: {id, name, version}

x-pack/solutions/security/plugins/cloud_security_posture/server/routes/compliance_dashboard/compliance_dashboard.ts

@@ -8,6 +8,7 @@
 import { transformError } from '@kbn/securitysolution-es-utils';
 import type { QueryDslQueryContainer } from '@elastic/elasticsearch/lib/api/types';
 import { MappingRuntimeFields } from '@elastic/elasticsearch/lib/api/types';
+import { CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS } from '@kbn/cloud-security-posture-common';
 import { getComplianceDashboardSchema } from '../../../common/schemas/stats';
 import { getSafePostureTypeRuntimeMapping } from '../../../common/runtime_mappings/get_safe_posture_type_runtime_mapping';
 import type {
@@ -16,7 +17,7 @@ import type {
   GetComplianceDashboardRequest,
   ComplianceDashboardDataV2,
 } from '../../../common/types_old';
-import { LATEST_FINDINGS_INDEX_DEFAULT_NS, STATS_ROUTE_PATH } from '../../../common/constants';
+import { STATS_ROUTE_PATH } from '../../../common/constants';
 import { getGroupedFindingsEvaluation } from './get_grouped_findings_evaluation';
 import { ClusterWithoutTrend, getClusters } from './get_clusters';
 import { getStats } from './get_stats';
@@ -88,7 +89,7 @@ export const defineGetComplianceDashboardRoute = (router: CspRouter) =>
           const esClient = cspContext.esClient.asCurrentUser;
 
           const { id: pitId } = await esClient.openPointInTime({
-            index: LATEST_FINDINGS_INDEX_DEFAULT_NS,
+            index: CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS,
             keep_alive: '30s',
           });
 
@@ -162,7 +163,7 @@ export const defineGetComplianceDashboardRoute = (router: CspRouter) =>
           const filteredRules = await getMutedRulesFilterQuery(encryptedSoClient);
 
           const { id: pitId } = await esClient.openPointInTime({
-            index: LATEST_FINDINGS_INDEX_DEFAULT_NS,
+            index: CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS,
             keep_alive: '30s',
           });
 

x-pack/solutions/security/plugins/cloud_security_posture/server/routes/status/status.handlers.mock.ts

@@ -27,7 +27,7 @@ export const notInstalledHandler = http.get(STATUS_URL, () => {
     },
     indicesDetails: [
       {
-        index: 'logs-cloud_security_posture.findings_latest-default',
+        index: 'security_solution-cloud_security_posture.misconfiguration_latest',
         status: 'empty',
       },
       {
@@ -68,7 +68,7 @@ export const notInstalledHasMisconfigurationsFindingsHandler = http.get(STATUS_U
     },
     indicesDetails: [
       {
-        index: 'logs-cloud_security_posture.findings_latest-default',
+        index: 'security_solution-cloud_security_posture.misconfiguration_latest',
         status: 'empty',
       },
       {
@@ -108,7 +108,7 @@ export const notDeployedHandler = http.get(STATUS_URL, () => {
     },
     indicesDetails: [
       {
-        index: 'logs-cloud_security_posture.findings_latest-default',
+        index: 'security_solution-cloud_security_posture.misconfiguration_latest',
         status: 'empty',
       },
       {
@@ -149,7 +149,7 @@ export const indexingHandler = http.get(STATUS_URL, () => {
     },
     indicesDetails: [
       {
-        index: 'logs-cloud_security_posture.findings_latest-default',
+        index: 'security_solution-cloud_security_posture.misconfiguration_latest',
         status: 'empty',
       },
       {
@@ -189,7 +189,7 @@ export const indexTimeoutHandler = http.get(STATUS_URL, () => {
     },
     indicesDetails: [
       {
-        index: 'logs-cloud_security_posture.findings_latest-default',
+        index: 'security_solution-cloud_security_posture.misconfiguration_latest',
         status: 'empty',
       },
       {
@@ -229,7 +229,7 @@ export const unprivilegedHandler = http.get(STATUS_URL, () => {
     },
     indicesDetails: [
       {
-        index: 'logs-cloud_security_posture.findings_latest-default',
+        index: 'security_solution-cloud_security_posture.misconfiguration_latest',
         status: 'unprivileged',
       },
       {
@@ -269,7 +269,7 @@ export const indexedHandler = http.get(STATUS_URL, () => {
     },
     indicesDetails: [
       {
-        index: 'logs-cloud_security_posture.findings_latest-default',
+        index: 'security_solution-cloud_security_posture.misconfiguration_latest',
         status: 'not-empty',
       },
       {

x-pack/solutions/security/plugins/cloud_security_posture/server/routes/status/status.ts

@@ -17,6 +17,7 @@ import {
   CDR_VULNERABILITIES_INDEX_PATTERN,
   CDR_EXTENDED_VULN_RETENTION_POLICY,
   FINDINGS_INDEX_PATTERN,
+  CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS,
 } from '@kbn/cloud-security-posture-common';
 import type {
   CspSetupStatus,
@@ -36,7 +37,6 @@ import { schema } from '@kbn/config-schema';
 import { VersionedRoute } from '@kbn/core-http-server/src/versioning/types';
 import {
   CLOUD_SECURITY_POSTURE_PACKAGE_NAME,
-  LATEST_FINDINGS_INDEX_DEFAULT_NS,
   BENCHMARK_SCORE_INDEX_DEFAULT_NS,
   VULNERABILITIES_INDEX_PATTERN,
   POSTURE_TYPES,
@@ -228,7 +228,7 @@ export const getCspStatus = async ({
       CDR_EXTENDED_VULN_RETENTION_POLICY,
       logger
     ),
-    checkIndexStatus(esClient, LATEST_FINDINGS_INDEX_DEFAULT_NS, logger, {
+    checkIndexStatus(esClient, CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS, logger, {
       postureType: POSTURE_TYPE_ALL,
       retentionTime: LATEST_VULNERABILITIES_RETENTION_POLICY,
     }),
@@ -241,7 +241,7 @@ export const getCspStatus = async ({
       retentionTime: LATEST_VULNERABILITIES_RETENTION_POLICY,
     }),
 
-    checkIndexStatus(esClient, LATEST_FINDINGS_INDEX_DEFAULT_NS, logger, {
+    checkIndexStatus(esClient, CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS, logger, {
       postureType: CSPM_POLICY_TEMPLATE,
       retentionTime: LATEST_FINDINGS_RETENTION_POLICY,
     }),
@@ -254,7 +254,7 @@ export const getCspStatus = async ({
       retentionTime: LATEST_FINDINGS_RETENTION_POLICY,
     }),
 
-    checkIndexStatus(esClient, LATEST_FINDINGS_INDEX_DEFAULT_NS, logger, {
+    checkIndexStatus(esClient, CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS, logger, {
       postureType: KSPM_POLICY_TEMPLATE,
       retentionTime: LATEST_FINDINGS_RETENTION_POLICY,
     }),
@@ -340,7 +340,7 @@ export const getCspStatus = async ({
   const MIN_DATE = 0;
   const indicesDetails = [
     {
-      index: LATEST_FINDINGS_INDEX_DEFAULT_NS,
+      index: CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS,
       status: findingsLatestIndexStatus,
     },
     {

x-pack/solutions/security/plugins/cloud_security_posture/server/tasks/findings_stats_task.ts

@@ -15,6 +15,7 @@ import type { SearchRequest } from '@elastic/elasticsearch/lib/api/types';
 import { ElasticsearchClient } from '@kbn/core/server';
 import { QueryDslQueryContainer } from '@kbn/data-views-plugin/common/types';
 import {
+  CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS,
   CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
   VULNERABILITIES_SEVERITY,
 } from '@kbn/cloud-security-posture-common';
@@ -27,7 +28,6 @@ import {
   BENCHMARK_SCORE_INDEX_DEFAULT_NS,
   CSPM_FINDINGS_STATS_INTERVAL,
   INTERNAL_CSP_SETTINGS_SAVED_OBJECT_TYPE,
-  LATEST_FINDINGS_INDEX_DEFAULT_NS,
   VULN_MGMT_POLICY_TEMPLATE,
 } from '../../common/constants';
 import { scheduleTaskSafe, removeTaskSafe } from '../lib/task_manager_util';
@@ -218,7 +218,7 @@ const getScoreAggregationQuery = () => ({
 });
 
 const getScoreQuery = (filteredRules: QueryDslQueryContainer[]): SearchRequest => ({
-  index: LATEST_FINDINGS_INDEX_DEFAULT_NS,
+  index: CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS,
   size: 0,
   // creates the safe_posture_type and asset_identifier runtime fields
   runtime_mappings: { ...getIdentifierRuntimeMapping(), ...getSafePostureTypeRuntimeMapping() },

x-pack/solutions/security/plugins/security_solution_serverless/server/cloud_security/constants.ts

@@ -8,11 +8,10 @@
 import {
   CSPM_POLICY_TEMPLATE,
   KSPM_POLICY_TEMPLATE,
-  CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_PATTERN,
   CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
+  CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS,
 } from '@kbn/cloud-security-posture-common';
 import { CNVM_POLICY_TEMPLATE } from '@kbn/cloud-security-posture-plugin/common/constants';
-
 export const CLOUD_SECURITY_TASK_TYPE = 'cloud_security';
 export const AGGREGATION_PRECISION_THRESHOLD = 40000;
 export const ASSETS_SAMPLE_GRANULARITY = '24h';
@@ -24,11 +23,11 @@ export const CNVM = CNVM_POLICY_TEMPLATE;
 
 export const METERING_CONFIGS = {
   [CSPM]: {
-    index: CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_PATTERN,
+    index: CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS,
     assets_identifier: 'resource.id',
   },
   [KSPM]: {
-    index: CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_PATTERN,
+    index: CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS,
     assets_identifier: 'agent.id',
   },
   [CNVM]: {

x-pack/solutions/security/test/api_integration/apis/cloud_security_posture/status/status_index_timeout.ts

@@ -7,10 +7,12 @@
 import expect from '@kbn/expect';
 import type { CspSetupStatus } from '@kbn/cloud-security-posture-common';
 import { ELASTIC_HTTP_VERSION_HEADER } from '@kbn/core-http-common';
-import { CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN } from '@kbn/cloud-security-posture-common';
+import {
+  CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS,
+  CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
+} from '@kbn/cloud-security-posture-common';
 import {
   FINDINGS_INDEX_DEFAULT_NS,
-  LATEST_FINDINGS_INDEX_DEFAULT_NS,
   VULNERABILITIES_INDEX_DEFAULT_NS,
 } from '@kbn/cloud-security-posture-plugin/common/constants';
 import { EsIndexDataProvider } from '../../../../cloud_security_posture_api/utils';
@@ -29,7 +31,10 @@ export default function (providerContext: FtrProviderContext) {
   const kibanaServer = getService('kibanaServer');
   const fleetAndAgents = getService('fleetAndAgents');
   const findingsIndex = new EsIndexDataProvider(es, FINDINGS_INDEX_DEFAULT_NS);
-  const latestFindingsIndex = new EsIndexDataProvider(es, LATEST_FINDINGS_INDEX_DEFAULT_NS);
+  const latestFindingsIndex = new EsIndexDataProvider(
+    es,
+    CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS
+  );
   const vulnerabilitiesIndex = new EsIndexDataProvider(es, VULNERABILITIES_INDEX_DEFAULT_NS);
   const cdrVulnerabilitiesIndex = new EsIndexDataProvider(
     es,

x-pack/solutions/security/test/api_integration/apis/cloud_security_posture/status/status_indexed.ts

@@ -6,9 +6,12 @@
  */
 import expect from '@kbn/expect';
 import { ELASTIC_HTTP_VERSION_HEADER } from '@kbn/core-http-common';
-import { CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN } from '@kbn/cloud-security-posture-common';
+import {
+  CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS,
+  CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
+} from '@kbn/cloud-security-posture-common';
 import type { CspSetupStatus } from '@kbn/cloud-security-posture-common';
-import { LATEST_FINDINGS_INDEX_DEFAULT_NS } from '@kbn/cloud-security-posture-plugin/common/constants';
+
 import { FtrProviderContext } from '../../../ftr_provider_context';
 import { EsIndexDataProvider } from '../../../../cloud_security_posture_api/utils';
 import { createPackagePolicy } from '../helper';
@@ -20,7 +23,10 @@ export default function (providerContext: FtrProviderContext) {
   const es = getService('es');
   const esArchiver = getService('esArchiver');
   const kibanaServer = getService('kibanaServer');
-  const latestFindingsIndex = new EsIndexDataProvider(es, LATEST_FINDINGS_INDEX_DEFAULT_NS);
+  const latestFindingsIndex = new EsIndexDataProvider(
+    es,
+    CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS
+  );
   const latestVulnerabilitiesIndex = new EsIndexDataProvider(
     es,
     CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN
@@ -103,7 +109,7 @@ export default function (providerContext: FtrProviderContext) {
         );
       });
 
-      it(`Return kspm status indexed when logs-cloud_security_posture.findings_latest-default contains new kspm documents`, async () => {
+      it(`Return kspm status indexed when security_solution-cloud_security_posture.misconfiguration_latest contains new kspm documents`, async () => {
         await createPackagePolicy(
           supertest,
           agentPolicyId,
@@ -127,7 +133,7 @@ export default function (providerContext: FtrProviderContext) {
         );
       });
 
-      it(`Return cspm status indexed when logs-cloud_security_posture.findings_latest-default contains new cspm documents`, async () => {
+      it(`Return cspm status indexed when security_solution-cloud_security_posture.misconfiguration_latest contains new cspm documents`, async () => {
         await createPackagePolicy(
           supertest,
           agentPolicyId,

x-pack/solutions/security/test/api_integration/apis/cloud_security_posture/status/status_indexing.ts

@@ -54,7 +54,7 @@ export default function (providerContext: FtrProviderContext) {
         await esArchiver.unload('x-pack/test/functional/es_archives/fleet/empty_fleet_server');
       });
 
-      it(`Return kspm status indexing when logs-cloud_security_posture.findings_latest-default doesn't contain new kspm documents, but has newly connected agents`, async () => {
+      it(`Return kspm status indexing when security_solution-cloud_security_posture.misconfiguration_latest doesn't contain new kspm documents, but has newly connected agents`, async () => {
         await createPackagePolicy(
           supertest,
           agentPolicyId,
@@ -78,7 +78,7 @@ export default function (providerContext: FtrProviderContext) {
         );
       });
 
-      it(`Return cspm status indexing when logs-cloud_security_posture.findings_latest-default doesn't contain new cspm documents, but has newly connected agents  `, async () => {
+      it(`Return cspm status indexing when security_solution-cloud_security_posture.misconfiguration_latest doesn't contain new cspm documents, but has newly connected agents  `, async () => {
         await createPackagePolicy(
           supertest,
           agentPolicyId,

x-pack/solutions/security/test/api_integration/apis/cloud_security_posture/status/status_unprivileged.ts

@@ -7,14 +7,12 @@
 import expect from '@kbn/expect';
 import { ELASTIC_HTTP_VERSION_HEADER } from '@kbn/core-http-common';
 import {
+  CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS,
   CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
   FINDINGS_INDEX_PATTERN,
 } from '@kbn/cloud-security-posture-common';
 import type { CspSetupStatus } from '@kbn/cloud-security-posture-common';
-import {
+import { BENCHMARK_SCORE_INDEX_DEFAULT_NS } from '@kbn/cloud-security-posture-plugin/common/constants';
-  BENCHMARK_SCORE_INDEX_DEFAULT_NS,
-  LATEST_FINDINGS_INDEX_DEFAULT_NS,
-} from '@kbn/cloud-security-posture-plugin/common/constants';
 import { find, without } from 'lodash';
 import { FtrProviderContext } from '../../../ftr_provider_context';
 import { createPackagePolicy, createUser, createCSPRole, deleteRole, deleteUser } from '../helper';
@@ -31,7 +29,7 @@ export default function (providerContext: FtrProviderContext) {
   const security = getService('security');
 
   const allIndices = [
-    LATEST_FINDINGS_INDEX_DEFAULT_NS,
+    CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS,
     FINDINGS_INDEX_PATTERN,
     BENCHMARK_SCORE_INDEX_DEFAULT_NS,
     CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
@@ -139,7 +137,10 @@ export default function (providerContext: FtrProviderContext) {
       });
 
       it(`Return unprivileged when missing access to findings_latest index`, async () => {
-        const privilegedIndices = without(allIndices, LATEST_FINDINGS_INDEX_DEFAULT_NS);
+        const privilegedIndices = without(
+          allIndices,
+          CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS
+        );
         await createCSPRole(security, UNPRIVILEGED_ROLE, privilegedIndices);
         await createUser(security, UNPRIVILEGED_USERNAME, UNPRIVILEGED_ROLE);
 
@@ -173,9 +174,10 @@ export default function (providerContext: FtrProviderContext) {
         );
 
         expect(res).to.have.property('indicesDetails');
-        expect(find(res.indicesDetails, { index: LATEST_FINDINGS_INDEX_DEFAULT_NS })?.status).eql(
+        expect(
-          'unprivileged'
+          find(res.indicesDetails, { index: CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS })
-        );
+            ?.status
+        ).eql('unprivileged');
 
         privilegedIndices.forEach((index) => {
           expect(find(res.indicesDetails, { index })?.status).not.eql('unprivileged');

x-pack/solutions/security/test/cloud_security_posture_api/routes/benchmarks.ts

@@ -8,10 +8,8 @@ import {
   ELASTIC_HTTP_VERSION_HEADER,
   X_ELASTIC_INTERNAL_ORIGIN_REQUEST,
 } from '@kbn/core-http-common';
-import {
+import { CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS } from '@kbn/cloud-security-posture-common';
-  CSP_BENCHMARK_RULE_SAVED_OBJECT_TYPE,
+import { CSP_BENCHMARK_RULE_SAVED_OBJECT_TYPE } from '@kbn/cloud-security-posture-plugin/common/constants';
-  LATEST_FINDINGS_INDEX_DEFAULT_NS,
-} from '@kbn/cloud-security-posture-plugin/common/constants';
 import expect from '@kbn/expect';
 import Chance from 'chance';
 import { CspBenchmarkRule } from '@kbn/cloud-security-posture-common/schema/rules/latest';
@@ -31,7 +29,10 @@ export default function (providerContext: FtrProviderContext) {
   const logger = getService('log');
   const supertestWithoutAuth = getService('supertestWithoutAuth');
   const cspSecurity = CspSecurityCommonProvider(providerContext);
-  const findingsIndex = new EsIndexDataProvider(es, LATEST_FINDINGS_INDEX_DEFAULT_NS);
+  const findingsIndex = new EsIndexDataProvider(
+    es,
+    CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS
+  );
 
   const getCspBenchmarkRules = async (benchmarkId: string): Promise<CspBenchmarkRule[]> => {
     let cspBenchmarkRules: CspBenchmarkRule[] = [];

x-pack/solutions/security/test/cloud_security_posture_api/routes/helper/user_roles_utilites.ts

@@ -6,9 +6,9 @@
  */
 
 import {
-  CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_PATTERN,
   CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
   FINDINGS_INDEX_PATTERN,
+  CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS,
 } from '@kbn/cloud-security-posture-common';
 import {
   BENCHMARK_SCORE_INDEX_PATTERN,
@@ -22,7 +22,7 @@ const alertsSecurityUserIndices = [
     privileges: ['read'],
   },
   {
-    names: [CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_PATTERN],
+    names: [CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS],
     privileges: ['read'],
   },
   {
@@ -45,7 +45,7 @@ const securityUserIndinces = [
     privileges: ['read'],
   },
   {
-    names: [CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_PATTERN],
+    names: [CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS],
     privileges: ['read'],
   },
   {

x-pack/solutions/security/test/cloud_security_posture_api/routes/stats.ts

@@ -5,10 +5,8 @@
  * 2.0.
  */
 import { ELASTIC_HTTP_VERSION_HEADER } from '@kbn/core-http-common';
-import {
+import { BENCHMARK_SCORE_INDEX_DEFAULT_NS } from '@kbn/cloud-security-posture-plugin/common/constants';
-  BENCHMARK_SCORE_INDEX_DEFAULT_NS,
+import { CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS } from '@kbn/cloud-security-posture-common';
-  LATEST_FINDINGS_INDEX_DEFAULT_NS,
-} from '@kbn/cloud-security-posture-plugin/common/constants';
 import {
   BenchmarkData,
   Cluster,
@@ -65,7 +63,10 @@ export default function (providerContext: FtrProviderContext) {
   const log = getService('log');
   const supertestWithoutAuth = getService('supertestWithoutAuth');
   const cspSecurity = CspSecurityCommonProvider(providerContext);
-  const findingsIndex = new EsIndexDataProvider(es, LATEST_FINDINGS_INDEX_DEFAULT_NS);
+  const findingsIndex = new EsIndexDataProvider(
+    es,
+    CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS
+  );
   const benchmarkScoreIndex = new EsIndexDataProvider(es, BENCHMARK_SCORE_INDEX_DEFAULT_NS);
 
   // Failing: See https://github.com/elastic/kibana/issues/214191

x-pack/solutions/security/test/cloud_security_posture_api/telemetry/telemetry.ts

@@ -14,7 +14,7 @@ import { data } from './data';
 import type { FtrProviderContext } from '../ftr_provider_context';
 import { waitForPluginInitialized, EsIndexDataProvider } from '../utils';
 
-const FINDINGS_INDEX = 'logs-cloud_security_posture.findings_latest-default';
+const FINDINGS_INDEX = 'security_solution-cloud_security_posture.misconfiguration_latest';
 
 // eslint-disable-next-line import/no-default-export
 export default function ({ getService }: FtrProviderContext) {

x-pack/solutions/security/test/cloud_security_posture_functional/page_objects/csp_dashboard_page.ts

@@ -13,7 +13,7 @@ import {
 import type { FtrProviderContext } from '../ftr_provider_context';
 
 // Defined in CSP plugin
-const LATEST_FINDINGS_INDEX = 'logs-cloud_security_posture.findings_latest-default';
+const LATEST_FINDINGS_INDEX = 'security_solution-cloud_security_posture.misconfiguration_latest';
 
 export function CspDashboardPageProvider({ getService, getPageObjects }: FtrProviderContext) {
   const testSubjects = getService('testSubjects');

x-pack/solutions/security/test/cloud_security_posture_functional/page_objects/security_common.ts

@@ -24,6 +24,11 @@ export function CspSecurityCommonProvider({ getPageObjects, getService }: FtrPro
             names: ['logs-cloud_security_posture.findings_latest-*'],
             privileges: ['read'],
           },
+          {
+            names: ['security_solution-cloud_security_posture.misconfiguration_latest'],
+            privileges: ['read'],
+          },
+
           {
             names: ['logs-cloud_security_posture.scores-*'],
             privileges: ['read'],

x-pack/solutions/security/test/cloud_security_posture_functional/pages/compliance_dashboard.ts

@@ -29,6 +29,9 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) {
         },
       },
       cluster_id: 'Upper case cluster id',
+      data_stream: {
+        dataset: 'cloud_security_posture.findings',
+      },
     },
   ];
 

x-pack/solutions/security/test/cloud_security_posture_functional/pages/findings_old_data.ts

@@ -165,6 +165,10 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) {
 
       // Before we start any test we must wait for cloud_security_posture plugin to complete its initialization
       await findings.waitForPluginInitialized();
+
+      // delete old data
+      await findings.index.remove();
+      await findings.vulnerabilitiesIndex.remove();
     });
 
     afterEach(async () => {

x-pack/test/security_solution_cypress/cypress/e2e/cloud_security_posture/misconfiguration_contextual_flyout.cy.ts

@@ -5,7 +5,6 @@
  * 2.0.
  */
 
-import { CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_PATTERN } from '@kbn/cloud-security-posture-common';
 import { createRule } from '../../tasks/api_calls/rules';
 import { getNewRule } from '../../objects/rule';
 import { getDataTestSubjectSelector } from '../../helpers/common';
@@ -20,6 +19,9 @@ import { login } from '../../tasks/login';
 import { ALERTS_URL } from '../../urls/navigation';
 import { visit } from '../../tasks/navigation';
 
+export const CDR_MOCK_THIRD_PARTY_MISCONFIGURATION_LATEST_INDEX =
+  'security_solution-test.misconfiguration_latest';
+
 const CSP_INSIGHT_MISCONFIGURATION_TITLE = getDataTestSubjectSelector(
   'securitySolutionFlyoutInsightsMisconfigurationsTitleLink'
 );
@@ -94,13 +96,86 @@ const mockFindingUserName = (matches: boolean) => {
     },
   };
 };
+const putIndexMapping = () => {
+  rootRequest({
+    method: 'PUT',
+    url: `${Cypress.env(
+      'ELASTICSEARCH_URL'
+    )}/${CDR_MOCK_THIRD_PARTY_MISCONFIGURATION_LATEST_INDEX}`,
+    body: {},
+  });
 
-const createMockFinding = (isNameMatches: boolean, findingType: 'host.name' | 'user.name') => {
+  rootRequest({
+    method: 'PUT',
+    url: `${Cypress.env(
+      'ELASTICSEARCH_URL'
+    )}/${CDR_MOCK_THIRD_PARTY_MISCONFIGURATION_LATEST_INDEX}/_mapping`,
+    body: {
+      properties: {
+        'result.evaluation': {
+          type: 'keyword',
+        },
+        'host.name': {
+          type: 'keyword',
+        },
+        'resource.id': {
+          type: 'keyword',
+        },
+        resource: {
+          type: 'object',
+          properties: {
+            id: {
+              type: 'keyword',
+            },
+            name: {
+              type: 'keyword',
+            },
+            sub_type: {
+              type: 'keyword',
+            },
+          },
+        },
+        rule: {
+          type: 'object',
+          properties: {
+            name: {
+              type: 'keyword',
+            },
+            section: {
+              type: 'keyword',
+            },
+            benchmark: {
+              type: 'object',
+              properties: {
+                id: {
+                  type: 'keyword',
+                },
+                posture_type: {
+                  type: 'keyword',
+                },
+                name: {
+                  type: 'keyword',
+                },
+                version: {
+                  type: 'keyword',
+                },
+              },
+            },
+          },
+        },
+      },
+    },
+  });
+};
+const createMockMisconfigurationFinding = (
+  isNameMatches: boolean,
+  findingType: 'host.name' | 'user.name'
+) => {
   return rootRequest({
     method: 'POST',
     url: `${Cypress.env(
       'ELASTICSEARCH_URL'
-    )}/${CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_PATTERN}/_doc`,
+    )}/${CDR_MOCK_THIRD_PARTY_MISCONFIGURATION_LATEST_INDEX}/_doc`,
     body:
       findingType === 'host.name'
         ? mockFindingHostName(isNameMatches)
@@ -108,16 +183,20 @@ const createMockFinding = (isNameMatches: boolean, findingType: 'host.name' | 'u
   });
 };
 
-const deleteDataStream = () => {
+const deleteLatestMisconfigurationIndex = () => {
   return rootRequest({
     method: 'DELETE',
     url: `${Cypress.env(
       'ELASTICSEARCH_URL'
-    )}/_data_stream/${CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_PATTERN}`,
+    )}/${CDR_MOCK_THIRD_PARTY_MISCONFIGURATION_LATEST_INDEX}`,
   });
 };
 
-describe('Alert Host details expandable flyout', { tags: ['@ess', '@serverless'] }, () => {
+// Skip on serverless once this ticket is verified: https://github.com/elastic/security-team/issues/12819
+describe(
+  'Alert Host details expandable flyout',
+  { tags: ['@ess', '@serverless', '@skipInServerless'] },
+  () => {
     beforeEach(() => {
       deleteAlertsAndRules();
       login();
@@ -128,14 +207,15 @@ describe('Alert Host details expandable flyout', { tags: ['@ess', '@serverless']
 
     context('Host name - Has misconfiguration findings', () => {
       beforeEach(() => {
-      createMockFinding(true, 'host.name');
+        putIndexMapping();
+        createMockMisconfigurationFinding(true, 'host.name');
         cy.reload();
         expandFirstAlertHostFlyout();
       });
 
       afterEach(() => {
         /* Deleting data stream even though we don't create it because data stream is automatically created when Cloud security API is used  */
-      deleteDataStream();
+        deleteLatestMisconfigurationIndex();
       });
 
       it('should display Misconfiguration preview under Insights Entities when it has Misconfiguration Findings', () => {
@@ -154,13 +234,14 @@ describe('Alert Host details expandable flyout', { tags: ['@ess', '@serverless']
       'Host name - Has misconfiguration findings but host name is not the same as alert host name',
       () => {
         beforeEach(() => {
-        createMockFinding(false, 'host.name');
+          putIndexMapping();
+          createMockMisconfigurationFinding(false, 'host.name');
           cy.reload();
           expandFirstAlertHostFlyout();
         });
 
         afterEach(() => {
-        deleteDataStream();
+          deleteLatestMisconfigurationIndex();
         });
 
         it('should display Misconfiguration preview under Insights Entities when it has Misconfiguration Findings', () => {
@@ -174,13 +255,14 @@ describe('Alert Host details expandable flyout', { tags: ['@ess', '@serverless']
 
     context('User name - Has misconfiguration findings', () => {
       beforeEach(() => {
-      createMockFinding(true, 'user.name');
+        putIndexMapping();
+        createMockMisconfigurationFinding(true, 'user.name');
         cy.reload();
         expandFirstAlertUserFlyout();
       });
 
       afterEach(() => {
-      deleteDataStream();
+        deleteLatestMisconfigurationIndex();
       });
 
       it('should display Misconfiguration preview under Insights Entities when it has Misconfiguration Findings', () => {
@@ -199,13 +281,14 @@ describe('Alert Host details expandable flyout', { tags: ['@ess', '@serverless']
       'User name - Has misconfiguration findings but host name is not the same as alert host name',
       () => {
         beforeEach(() => {
-        createMockFinding(false, 'user.name');
+          putIndexMapping();
+          createMockMisconfigurationFinding(false, 'user.name');
           cy.reload();
           expandFirstAlertHostFlyout();
         });
 
         afterEach(() => {
-        deleteDataStream();
+          deleteLatestMisconfigurationIndex();
         });
 
         it('should display Misconfiguration preview under Insights Entities when it has Misconfiguration Findings', () => {
@@ -216,4 +299,5 @@ describe('Alert Host details expandable flyout', { tags: ['@ess', '@serverless']
         });
       }
     );
-});
+  }
+);

x-pack/test_serverless/api_integration/test_suites/security/cloud_security_posture/serverless_metering/cloud_security_metering.ts

@@ -6,8 +6,10 @@
  */
 
 import expect from '@kbn/expect';
-import { CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN } from '@kbn/cloud-security-posture-common';
+import {
-import { LATEST_FINDINGS_INDEX_DEFAULT_NS } from '@kbn/cloud-security-posture-plugin/common/constants';
+  CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
+  CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS,
+} from '@kbn/cloud-security-posture-common';
 import * as http from 'http';
 import { createPackagePolicy } from '@kbn/test-suites-xpack-security/api_integration/apis/cloud_security_posture/helper';
 import { EsIndexDataProvider } from '@kbn/test-suites-xpack-security/cloud_security_posture_api/utils';
@@ -26,7 +28,10 @@ export default function (providerContext: FtrProviderContext) {
   const svlCommonApi = getService('svlCommonApi');
   const svlUserManager = getService('svlUserManager');
   const supertestWithoutAuth = getService('supertestWithoutAuth');
-  const findingsIndex = new EsIndexDataProvider(es, LATEST_FINDINGS_INDEX_DEFAULT_NS);
+  const findingsIndex = new EsIndexDataProvider(
+    es,
+    CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS
+  );
   const vulnerabilitiesIndex = new EsIndexDataProvider(
     es,
     CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN

x-pack/test_serverless/api_integration/test_suites/security/cloud_security_posture/status/status_indexed.ts

@@ -7,8 +7,10 @@
 import expect from '@kbn/expect';
 import { ELASTIC_HTTP_VERSION_HEADER } from '@kbn/core-http-common';
 import type { CspSetupStatus } from '@kbn/cloud-security-posture-common';
-import { CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN } from '@kbn/cloud-security-posture-common';
+import {
-import { LATEST_FINDINGS_INDEX_DEFAULT_NS } from '@kbn/cloud-security-posture-plugin/common/constants';
+  CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
+  CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS,
+} from '@kbn/cloud-security-posture-common';
 import { createPackagePolicy } from '@kbn/test-suites-xpack-security/api_integration/apis/cloud_security_posture/helper';
 import { EsIndexDataProvider } from '@kbn/test-suites-xpack-security/cloud_security_posture_api/utils';
 import {
@@ -26,7 +28,10 @@ export default function (providerContext: FtrProviderContext) {
   const supertestWithoutAuth = getService('supertestWithoutAuth');
   const svlCommonApi = getService('svlCommonApi');
   const svlUserManager = getService('svlUserManager');
-  const latestFindingsIndex = new EsIndexDataProvider(es, LATEST_FINDINGS_INDEX_DEFAULT_NS);
+  const latestFindingsIndex = new EsIndexDataProvider(
+    es,
+    CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS
+  );
   const latestVulnerabilitiesIndex = new EsIndexDataProvider(
     es,
     CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN
@@ -76,7 +81,7 @@ export default function (providerContext: FtrProviderContext) {
         await esArchiver.unload('x-pack/test/functional/es_archives/fleet/empty_fleet_server');
       });
 
-      it(`Return kspm status indexed when logs-cloud_security_posture.findings_latest-default contains new kspm documents`, async () => {
+      it(`Return kspm status indexed when security_solution-cloud_security_posture.misconfiguration_latestration_latest contains new kspm documents`, async () => {
         await createPackagePolicy(
           supertestWithoutAuth,
           agentPolicyId,
@@ -104,7 +109,7 @@ export default function (providerContext: FtrProviderContext) {
         );
       });
 
-      it(`Return cspm status indexed when logs-cloud_security_posture.findings_latest-default contains new cspm documents`, async () => {
+      it(`Return cspm status indexed when security_solution-cloud_security_posture.misconfiguration_latestration_latest contains new cspm documents`, async () => {
         await createPackagePolicy(
           supertestWithoutAuth,
           agentPolicyId,

x-pack/test_serverless/api_integration/test_suites/security/cloud_security_posture/status/status_indexing.ts

@@ -74,7 +74,7 @@ export default function (providerContext: FtrProviderContext) {
         await esArchiver.unload('x-pack/test/functional/es_archives/fleet/empty_fleet_server');
       });
 
-      it(`Return kspm status indexing when logs-cloud_security_posture.findings_latest-default doesn't contain new kspm documents, but has newly connected agents`, async () => {
+      it(`Return kspm status indexing when security_solution-cloud_security_posture.misconfiguration_latest doesn't contain new kspm documents, but has newly connected agents`, async () => {
         await createPackagePolicy(
           supertestWithoutAuth,
           agentPolicyId,
@@ -102,7 +102,7 @@ export default function (providerContext: FtrProviderContext) {
         );
       });
 
-      it(`Return cspm status indexing when logs-cloud_security_posture.findings_latest-default doesn't contain new cspm documents, but has newly connected agents  `, async () => {
+      it(`Return cspm status indexing when security_solution-cloud_security_posture.misconfiguration_latest doesn't contain new cspm documents, but has newly connected agents  `, async () => {
         await createPackagePolicy(
           supertestWithoutAuth,
           agentPolicyId,

x-pack/test_serverless/api_integration/test_suites/security/cloud_security_posture/telemetry.ts

@@ -17,7 +17,7 @@ import { SupertestWithRoleScopeType } from '../../../services';
 import type { FtrProviderContext } from '../../../ftr_provider_context';
 import { RoleCredentials } from '../../../../shared/services';
 
-const FINDINGS_INDEX = 'logs-cloud_security_posture.findings_latest-default';
+const FINDINGS_INDEX = 'security_solution-cloud_security_posture.misconfiguration_latest';
 
 export default function ({ getService }: FtrProviderContext) {
   const retry = getService('retry');

x-pack/test_serverless/functional/test_suites/security/ftr/cloud_security_posture/compliance_dashboard.ts

@@ -65,7 +65,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) {
     });
 
     describe('Kubernetes Dashboard', () => {
-      it('displays accurate summary compliance score', async () => {
+      it.skip('displays accurate summary compliance score', async () => {
         await pageObjects.header.waitUntilLoadingHasFinished();
         await retry.try(async () => {
           const scoreElement = await dashboard.getKubernetesComplianceScore();