mirror of
https://github.com/elastic/kibana.git
synced 2025-06-28 11:05:39 -04:00
Add Index Alias for Cloud Security Latest Findings Index
This commit is contained in:
Ido Cohen
GitHub
parent
a8a7574c66
commit
c38269744b
41 changed files with 424 additions and 206 deletions
|
|
@ -9,11 +9,16 @@ import { MisconfigurationEvaluationStatus } from './types/misconfigurations';
|
|||
|
||||
export const KSPM_POLICY_TEMPLATE = 'kspm';
|
||||
export const CSPM_POLICY_TEMPLATE = 'cspm';
|
||||
export const CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_PATTERN =
|
||||
export const CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS =
|
||||
'security_solution-cloud_security_posture.misconfiguration_latest';
|
||||
|
||||
export const DEPRECATED_CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_PATTERN =
|
||||
'logs-cloud_security_posture.findings_latest-default';
|
||||
|
||||
export const CDR_LATEST_THIRD_PARTY_MISCONFIGURATIONS_INDEX_PATTERN =
|
||||
'security_solution-*.misconfiguration_latest';
|
||||
export const CDR_MISCONFIGURATIONS_INDEX_PATTERN = `${CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_PATTERN},${CDR_LATEST_THIRD_PARTY_MISCONFIGURATIONS_INDEX_PATTERN}`;
|
||||
export const CDR_MISCONFIGURATIONS_INDEX_PATTERN = `${CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS},${CDR_LATEST_THIRD_PARTY_MISCONFIGURATIONS_INDEX_PATTERN}`;
|
||||
|
||||
export const CDR_MISCONFIGURATIONS_DATA_VIEW_NAME = 'Latest Cloud Security Misconfigurations';
|
||||
export const LATEST_FINDINGS_RETENTION_POLICY = '26h';
|
||||
export const MAX_FINDINGS_TO_LOAD = 500;
|
||||
|
|
|
|||
|
|
@ -40,8 +40,6 @@ export const FINDINGS_INDEX_NAME = 'logs-cloud_security_posture.findings';
|
|||
export const FINDINGS_INDEX_DEFAULT_NS = 'logs-cloud_security_posture.findings-default';
|
||||
|
||||
export const LATEST_FINDINGS_INDEX_TEMPLATE_NAME = 'logs-cloud_security_posture.findings_latest';
|
||||
export const LATEST_FINDINGS_INDEX_DEFAULT_NS =
|
||||
'logs-cloud_security_posture.findings_latest-default';
|
||||
|
||||
export const BENCHMARK_SCORE_INDEX_TEMPLATE_NAME = 'logs-cloud_security_posture.scores';
|
||||
export const BENCHMARK_SCORE_INDEX_PATTERN = 'logs-cloud_security_posture.scores-*';
|
||||
|
|
|
|||
|
|
@ -171,7 +171,7 @@ describe('NoFindingsStates', () => {
|
|||
screen.getByText(/required elasticsearch index privilege for the following indices:/i)
|
||||
).toBeInTheDocument();
|
||||
expect(
|
||||
screen.getByText('logs-cloud_security_posture.findings_latest-default')
|
||||
screen.getByText('security_solution-cloud_security_posture.misconfiguration_latest')
|
||||
).toBeInTheDocument();
|
||||
expect(screen.getByText('logs-cloud_security_posture.findings-default*')).toBeInTheDocument();
|
||||
expect(screen.getByText('logs-cloud_security_posture.scores-default')).toBeInTheDocument();
|
||||
|
|
|
|||
|
|
@ -38,7 +38,10 @@ describe('<Benchmarks />', () => {
|
|||
cspm: { status: 'indexed' },
|
||||
kspm: { status: 'indexed' },
|
||||
indicesDetails: [
|
||||
{ index: 'logs-cloud_security_posture.findings_latest-default', status: 'not-empty' },
|
||||
{
|
||||
index: 'security_solution-cloud_security_posture.misconfiguration_latest',
|
||||
status: 'not-empty',
|
||||
},
|
||||
{ index: 'logs-cloud_security_posture.findings-default*', status: 'not-empty' },
|
||||
],
|
||||
},
|
||||
|
|
|
|||
|
|
@ -111,7 +111,10 @@ describe('<ComplianceDashboard />', () => {
|
|||
cspm: { status: 'not-installed', healthyAgents: 0, installedPackagePolicies: 0 },
|
||||
isPluginInitialized: false,
|
||||
indicesDetails: [
|
||||
{ index: 'logs-cloud_security_posture.findings_latest-default', status: 'empty' },
|
||||
{
|
||||
index: 'security_solution-cloud_security_posture.misconfiguration_latest',
|
||||
status: 'empty',
|
||||
},
|
||||
{ index: 'logs-cloud_security_posture.findings-default*', status: 'empty' },
|
||||
],
|
||||
},
|
||||
|
|
@ -152,7 +155,10 @@ describe('<ComplianceDashboard />', () => {
|
|||
cspm: { status: 'not-deployed', healthyAgents: 0, installedPackagePolicies: 1 },
|
||||
installedPackageVersion: '1.2.13',
|
||||
indicesDetails: [
|
||||
{ index: 'logs-cloud_security_posture.findings_latest-default', status: 'empty' },
|
||||
{
|
||||
index: 'security_solution-cloud_security_posture.misconfiguration_latest',
|
||||
status: 'empty',
|
||||
},
|
||||
{ index: 'logs-cloud_security_posture.findings-default*', status: 'empty' },
|
||||
],
|
||||
},
|
||||
|
|
@ -192,7 +198,10 @@ describe('<ComplianceDashboard />', () => {
|
|||
cspm: { status: 'indexing', healthyAgents: 1, installedPackagePolicies: 1 },
|
||||
installedPackageVersion: '1.2.13',
|
||||
indicesDetails: [
|
||||
{ index: 'logs-cloud_security_posture.findings_latest-default', status: 'empty' },
|
||||
{
|
||||
index: 'security_solution-cloud_security_posture.misconfiguration_latest',
|
||||
status: 'empty',
|
||||
},
|
||||
{ index: 'logs-cloud_security_posture.findings-default*', status: 'empty' },
|
||||
],
|
||||
},
|
||||
|
|
@ -232,7 +241,10 @@ describe('<ComplianceDashboard />', () => {
|
|||
cspm: { status: 'waiting_for_results', healthyAgents: 1, installedPackagePolicies: 1 },
|
||||
installedPackageVersion: '1.2.13',
|
||||
indicesDetails: [
|
||||
{ index: 'logs-cloud_security_posture.findings_latest-default', status: 'empty' },
|
||||
{
|
||||
index: 'security_solution-cloud_security_posture.misconfiguration_latest',
|
||||
status: 'empty',
|
||||
},
|
||||
{ index: 'logs-cloud_security_posture.findings-default*', status: 'empty' },
|
||||
],
|
||||
},
|
||||
|
|
@ -272,7 +284,10 @@ describe('<ComplianceDashboard />', () => {
|
|||
cspm: { status: 'index-timeout', healthyAgents: 1, installedPackagePolicies: 1 },
|
||||
installedPackageVersion: '1.2.13',
|
||||
indicesDetails: [
|
||||
{ index: 'logs-cloud_security_posture.findings_latest-default', status: 'empty' },
|
||||
{
|
||||
index: 'security_solution-cloud_security_posture.misconfiguration_latest',
|
||||
status: 'empty',
|
||||
},
|
||||
{ index: 'logs-cloud_security_posture.findings-default*', status: 'empty' },
|
||||
],
|
||||
},
|
||||
|
|
@ -312,7 +327,10 @@ describe('<ComplianceDashboard />', () => {
|
|||
cspm: { status: 'unprivileged', healthyAgents: 1, installedPackagePolicies: 1 },
|
||||
installedPackageVersion: '1.2.13',
|
||||
indicesDetails: [
|
||||
{ index: 'logs-cloud_security_posture.findings_latest-default', status: 'empty' },
|
||||
{
|
||||
index: 'security_solution-cloud_security_posture.misconfiguration_latest',
|
||||
status: 'empty',
|
||||
},
|
||||
{ index: 'logs-cloud_security_posture.findings-default*', status: 'empty' },
|
||||
],
|
||||
},
|
||||
|
|
@ -352,7 +370,10 @@ describe('<ComplianceDashboard />', () => {
|
|||
cspm: { status: 'indexed' },
|
||||
installedPackageVersion: '1.2.13',
|
||||
indicesDetails: [
|
||||
{ index: 'logs-cloud_security_posture.findings_latest-default', status: 'not-empty' },
|
||||
{
|
||||
index: 'security_solution-cloud_security_posture.misconfiguration_latest',
|
||||
status: 'not-empty',
|
||||
},
|
||||
{ index: 'logs-cloud_security_posture.findings-default*', status: 'not-empty' },
|
||||
],
|
||||
},
|
||||
|
|
@ -391,7 +412,10 @@ describe('<ComplianceDashboard />', () => {
|
|||
cspm: { status: 'not-installed' },
|
||||
installedPackageVersion: '1.2.13',
|
||||
indicesDetails: [
|
||||
{ index: 'logs-cloud_security_posture.findings_latest-default', status: 'not-empty' },
|
||||
{
|
||||
index: 'security_solution-cloud_security_posture.misconfiguration_latest',
|
||||
status: 'not-empty',
|
||||
},
|
||||
{ index: 'logs-cloud_security_posture.findings-default*', status: 'not-empty' },
|
||||
],
|
||||
},
|
||||
|
|
@ -430,7 +454,10 @@ describe('<ComplianceDashboard />', () => {
|
|||
cspm: { status: 'indexed' },
|
||||
installedPackageVersion: '1.2.13',
|
||||
indicesDetails: [
|
||||
{ index: 'logs-cloud_security_posture.findings_latest-default', status: 'not-empty' },
|
||||
{
|
||||
index: 'security_solution-cloud_security_posture.misconfiguration_latest',
|
||||
status: 'not-empty',
|
||||
},
|
||||
{ index: 'logs-cloud_security_posture.findings-default*', status: 'not-empty' },
|
||||
],
|
||||
},
|
||||
|
|
@ -469,7 +496,10 @@ describe('<ComplianceDashboard />', () => {
|
|||
cspm: { status: 'indexed', healthyAgents: 0, installedPackagePolicies: 1 },
|
||||
installedPackageVersion: '1.2.13',
|
||||
indicesDetails: [
|
||||
{ index: 'logs-cloud_security_posture.findings_latest-default', status: 'not-empty' },
|
||||
{
|
||||
index: 'security_solution-cloud_security_posture.misconfiguration_latest',
|
||||
status: 'not-empty',
|
||||
},
|
||||
{ index: 'logs-cloud_security_posture.findings-default*', status: 'not-empty' },
|
||||
],
|
||||
},
|
||||
|
|
@ -509,7 +539,10 @@ describe('<ComplianceDashboard />', () => {
|
|||
cspm: { status: 'not-installed' },
|
||||
installedPackageVersion: '1.2.13',
|
||||
indicesDetails: [
|
||||
{ index: 'logs-cloud_security_posture.findings_latest-default', status: 'empty' },
|
||||
{
|
||||
index: 'security_solution-cloud_security_posture.misconfiguration_latest',
|
||||
status: 'empty',
|
||||
},
|
||||
{ index: 'logs-cloud_security_posture.findings-default*', status: 'empty' },
|
||||
],
|
||||
},
|
||||
|
|
@ -549,7 +582,10 @@ describe('<ComplianceDashboard />', () => {
|
|||
kspm: { status: 'indexed' },
|
||||
installedPackageVersion: '1.2.13',
|
||||
indicesDetails: [
|
||||
{ index: 'logs-cloud_security_posture.findings_latest-default', status: 'not-empty' },
|
||||
{
|
||||
index: 'security_solution-cloud_security_posture.misconfiguration_latest',
|
||||
status: 'not-empty',
|
||||
},
|
||||
{ index: 'logs-cloud_security_posture.findings-default*', status: 'not-empty' },
|
||||
],
|
||||
},
|
||||
|
|
@ -589,7 +625,10 @@ describe('<ComplianceDashboard />', () => {
|
|||
kspm: { status: 'indexed' },
|
||||
installedPackageVersion: '1.2.13',
|
||||
indicesDetails: [
|
||||
{ index: 'logs-cloud_security_posture.findings_latest-default', status: 'not-empty' },
|
||||
{
|
||||
index: 'security_solution-cloud_security_posture.misconfiguration_latest',
|
||||
status: 'not-empty',
|
||||
},
|
||||
{ index: 'logs-cloud_security_posture.findings-default*', status: 'not-empty' },
|
||||
],
|
||||
},
|
||||
|
|
@ -629,7 +668,10 @@ describe('<ComplianceDashboard />', () => {
|
|||
cspm: { status: 'not-installed' },
|
||||
installedPackageVersion: '1.2.13',
|
||||
indicesDetails: [
|
||||
{ index: 'logs-cloud_security_posture.findings_latest-default', status: 'empty' },
|
||||
{
|
||||
index: 'security_solution-cloud_security_posture.misconfiguration_latest',
|
||||
status: 'empty',
|
||||
},
|
||||
{ index: 'logs-cloud_security_posture.findings-default*', status: 'empty' },
|
||||
],
|
||||
},
|
||||
|
|
@ -671,7 +713,10 @@ describe('<ComplianceDashboard />', () => {
|
|||
kspm: { status: 'not-installed' },
|
||||
installedPackageVersion: '1.2.13',
|
||||
indicesDetails: [
|
||||
{ index: 'logs-cloud_security_posture.findings_latest-default', status: 'empty' },
|
||||
{
|
||||
index: 'security_solution-cloud_security_posture.misconfiguration_latest',
|
||||
status: 'empty',
|
||||
},
|
||||
{ index: 'logs-cloud_security_posture.findings-default*', status: 'empty' },
|
||||
],
|
||||
},
|
||||
|
|
|
|||
|
|
@ -143,7 +143,7 @@ export const generateCspFinding = (
|
|||
|
||||
export const generateFindingHit = (finding: CspFinding) => {
|
||||
return {
|
||||
_index: 'logs-cloud_security_posture.findings_latest-default',
|
||||
_index: 'security_solution-cloud_security_posture.misconfiguration_latest',
|
||||
_id: uuidV4(),
|
||||
_score: null,
|
||||
_source: finding,
|
||||
|
|
|
|||
|
|
@ -73,7 +73,10 @@ describe('<Rules />', () => {
|
|||
cspm: { status: 'indexed' },
|
||||
kspm: { status: 'indexed' },
|
||||
indicesDetails: [
|
||||
{ index: 'logs-cloud_security_posture.findings_latest-default', status: 'not-empty' },
|
||||
{
|
||||
index: 'security_solution-cloud_security_posture.misconfiguration_latest',
|
||||
status: 'not-empty',
|
||||
},
|
||||
{ index: 'logs-cloud_security_posture.findings-default*', status: 'not-empty' },
|
||||
],
|
||||
},
|
||||
|
|
|
|||
|
|
@ -180,7 +180,10 @@ describe('<Vulnerabilities />', () => {
|
|||
cspm: { status: 'not-deployed' },
|
||||
[VULN_MGMT_POLICY_TEMPLATE]: { status: 'not-installed' },
|
||||
indicesDetails: [
|
||||
{ index: 'logs-cloud_security_posture.findings_latest-default', status: 'empty' },
|
||||
{
|
||||
index: 'security_solution-cloud_security_posture.misconfiguration_latest',
|
||||
status: 'empty',
|
||||
},
|
||||
{ index: 'logs-cloud_security_posture.findings-default*', status: 'empty' },
|
||||
{ index: CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN, status: 'empty' },
|
||||
],
|
||||
|
|
|
|||
|
|
@ -37,7 +37,7 @@ export const defaultDataViewFindHandler = http.get(
|
|||
generateDataViewField('rule.name'),
|
||||
generateDataViewField('rule.section'),
|
||||
],
|
||||
indices: ['logs-cloud_security_posture.findings_latest-default'],
|
||||
indices: ['security_solution-cloud_security_posture.misconfiguration_latest'],
|
||||
});
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -7,12 +7,11 @@
|
|||
|
||||
import {
|
||||
CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
|
||||
CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_PATTERN,
|
||||
DEPRECATED_CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_PATTERN,
|
||||
} from '@kbn/cloud-security-posture-common';
|
||||
import {
|
||||
FINDINGS_INDEX_NAME,
|
||||
LATEST_FINDINGS_INDEX_TEMPLATE_NAME,
|
||||
LATEST_FINDINGS_INDEX_DEFAULT_NS,
|
||||
VULNERABILITIES_INDEX_NAME,
|
||||
LATEST_VULNERABILITIES_INDEX_TEMPLATE_NAME,
|
||||
} from '../../common/constants';
|
||||
|
|
@ -21,9 +20,9 @@ import { LatestIndexConfig } from './types';
|
|||
export const latestIndexConfigs: LatestIndexConfig = {
|
||||
findings: {
|
||||
indexName: FINDINGS_INDEX_NAME,
|
||||
indexPattern: CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_PATTERN,
|
||||
indexPattern: DEPRECATED_CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_PATTERN,
|
||||
indexTemplateName: LATEST_FINDINGS_INDEX_TEMPLATE_NAME,
|
||||
indexDefaultName: LATEST_FINDINGS_INDEX_DEFAULT_NS,
|
||||
indexDefaultName: DEPRECATED_CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_PATTERN,
|
||||
},
|
||||
vulnerabilities: {
|
||||
indexName: VULNERABILITIES_INDEX_NAME,
|
||||
|
|
|
|||
|
|
@ -8,11 +8,9 @@ import type { TransformPutTransformRequest } from '@elastic/elasticsearch/lib/ap
|
|||
import {
|
||||
LATEST_FINDINGS_RETENTION_POLICY,
|
||||
FINDINGS_INDEX_PATTERN,
|
||||
DEPRECATED_CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_PATTERN,
|
||||
} from '@kbn/cloud-security-posture-common';
|
||||
import {
|
||||
CLOUD_SECURITY_POSTURE_PACKAGE_NAME,
|
||||
LATEST_FINDINGS_INDEX_DEFAULT_NS,
|
||||
} from '../../common/constants';
|
||||
import { CLOUD_SECURITY_POSTURE_PACKAGE_NAME } from '../../common/constants';
|
||||
|
||||
const LATEST_FINDINGS_TRANSFORM_V830 = 'cloud_security_posture.findings_latest-default-0.0.1';
|
||||
const LATEST_FINDINGS_TRANSFORM_V840 = 'cloud_security_posture.findings_latest-default-8.4.0';
|
||||
|
|
@ -34,7 +32,7 @@ export const latestFindingsTransform: TransformPutTransformRequest = {
|
|||
index: FINDINGS_INDEX_PATTERN,
|
||||
},
|
||||
dest: {
|
||||
index: LATEST_FINDINGS_INDEX_DEFAULT_NS,
|
||||
index: DEPRECATED_CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_PATTERN,
|
||||
},
|
||||
frequency: '5m',
|
||||
sync: {
|
||||
|
|
|
|||
|
|
@ -10,10 +10,10 @@ import type {
|
|||
AggregationsMultiBucketBase,
|
||||
SearchRequest,
|
||||
} from '@elastic/elasticsearch/lib/api/types';
|
||||
import { CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS } from '@kbn/cloud-security-posture-common';
|
||||
import { getIdentifierRuntimeMapping } from '../../../../common/runtime_mappings/get_identifier_runtime_mapping';
|
||||
import { calculatePostureScore } from '../../../../common/utils/helpers';
|
||||
import type { CspmAccountsStats } from './types';
|
||||
import { LATEST_FINDINGS_INDEX_DEFAULT_NS } from '../../../../common/constants';
|
||||
|
||||
interface Value {
|
||||
value: number;
|
||||
|
|
@ -57,7 +57,7 @@ interface AccountEntity {
|
|||
}
|
||||
|
||||
const getAccountsStatsQuery = (): SearchRequest => ({
|
||||
index: LATEST_FINDINGS_INDEX_DEFAULT_NS,
|
||||
index: CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS,
|
||||
runtime_mappings: getIdentifierRuntimeMapping(),
|
||||
query: {
|
||||
match_all: {},
|
||||
|
|
@ -234,7 +234,7 @@ export const getAccountsStats = async (
|
|||
): Promise<CspmAccountsStats[]> => {
|
||||
try {
|
||||
const isIndexExists = await esClient.indices.exists({
|
||||
index: LATEST_FINDINGS_INDEX_DEFAULT_NS,
|
||||
index: CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS,
|
||||
});
|
||||
|
||||
if (isIndexExists) {
|
||||
|
|
|
|||
|
|
@ -10,6 +10,7 @@ import {
|
|||
CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
|
||||
KSPM_POLICY_TEMPLATE,
|
||||
CSPM_POLICY_TEMPLATE,
|
||||
CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS,
|
||||
} from '@kbn/cloud-security-posture-common';
|
||||
import type { SearchRequest } from '@elastic/elasticsearch/lib/api/types';
|
||||
import { getPackagePolicyIdRuntimeMapping } from '../../../../common/runtime_mappings/get_package_policy_id_mapping';
|
||||
|
|
@ -21,10 +22,7 @@ import type {
|
|||
CloudProviderKey,
|
||||
CloudSecurityAccountsStats,
|
||||
} from './types';
|
||||
import {
|
||||
LATEST_FINDINGS_INDEX_DEFAULT_NS,
|
||||
VULN_MGMT_POLICY_TEMPLATE,
|
||||
} from '../../../../common/constants';
|
||||
import { VULN_MGMT_POLICY_TEMPLATE } from '../../../../common/constants';
|
||||
import {
|
||||
getCspBenchmarkRulesStatesHandler,
|
||||
getMutedRulesFilterQuery,
|
||||
|
|
@ -412,7 +410,7 @@ export const getIndexAccountStats = async (
|
|||
? getCloudAccountsStats(accountsStatsResponse.aggregations, logger)
|
||||
: [];
|
||||
|
||||
if (index === LATEST_FINDINGS_INDEX_DEFAULT_NS) {
|
||||
if (index === CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS) {
|
||||
const cloudAccountsStatsForEnabledRules = await getAccountStatsBasedOnEnablesRule(
|
||||
esClient,
|
||||
encryptedSoClient,
|
||||
|
|
@ -442,7 +440,7 @@ export const getAllCloudAccountsStats = async (
|
|||
): Promise<CloudSecurityAccountsStats[]> => {
|
||||
try {
|
||||
const indices = [
|
||||
LATEST_FINDINGS_INDEX_DEFAULT_NS,
|
||||
CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS,
|
||||
CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
|
||||
];
|
||||
const [findingIndex, vulnerabilitiesIndex] = await Promise.all(
|
||||
|
|
|
|||
|
|
@ -6,7 +6,10 @@
|
|||
*/
|
||||
import type { CoreStart, Logger, SavedObjectsClientContract } from '@kbn/core/server';
|
||||
import type { ElasticsearchClient } from '@kbn/core-elasticsearch-server';
|
||||
import { CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN } from '@kbn/cloud-security-posture-common';
|
||||
import {
|
||||
CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS,
|
||||
CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
|
||||
} from '@kbn/cloud-security-posture-common';
|
||||
import { getCspStatus } from '../../../routes/status/status';
|
||||
import type { CspServerPluginStart, CspServerPluginStartDeps } from '../../../types';
|
||||
|
||||
|
|
@ -14,7 +17,6 @@ import type { CspmIndicesStats, IndexStats } from './types';
|
|||
import {
|
||||
BENCHMARK_SCORE_INDEX_DEFAULT_NS,
|
||||
FINDINGS_INDEX_DEFAULT_NS,
|
||||
LATEST_FINDINGS_INDEX_DEFAULT_NS,
|
||||
VULNERABILITIES_INDEX_DEFAULT_NS,
|
||||
} from '../../../../common/constants';
|
||||
|
||||
|
|
@ -80,7 +82,7 @@ export const getIndicesStats = async (
|
|||
): Promise<CspmIndicesStats> => {
|
||||
const [findings, latestFindings, vulMng, vulMngLatest, score] = await Promise.all([
|
||||
getIndexStats(esClient, FINDINGS_INDEX_DEFAULT_NS, logger),
|
||||
getIndexStats(esClient, LATEST_FINDINGS_INDEX_DEFAULT_NS, logger),
|
||||
getIndexStats(esClient, CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS, logger),
|
||||
getIndexStats(esClient, VULNERABILITIES_INDEX_DEFAULT_NS, logger),
|
||||
getIndexStats(esClient, CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN, logger),
|
||||
getIndexStats(esClient, BENCHMARK_SCORE_INDEX_DEFAULT_NS, logger),
|
||||
|
|
|
|||
|
|
@ -7,9 +7,9 @@
|
|||
import type { ElasticsearchClient } from '@kbn/core-elasticsearch-server';
|
||||
import type { Logger } from '@kbn/core/server';
|
||||
import type { SearchRequest } from '@elastic/elasticsearch/lib/api/types';
|
||||
import { CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS } from '@kbn/cloud-security-posture-common';
|
||||
import { getIdentifierRuntimeMapping } from '../../../../common/runtime_mappings/get_identifier_runtime_mapping';
|
||||
import type { CspmResourcesStats } from './types';
|
||||
import { LATEST_FINDINGS_INDEX_DEFAULT_NS } from '../../../../common/constants';
|
||||
|
||||
interface ResourcesStats {
|
||||
accounts: {
|
||||
|
|
@ -144,12 +144,12 @@ export const getResourcesStats = async (
|
|||
): Promise<CspmResourcesStats[]> => {
|
||||
try {
|
||||
const isIndexExists = await esClient.indices.exists({
|
||||
index: LATEST_FINDINGS_INDEX_DEFAULT_NS,
|
||||
index: CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS,
|
||||
});
|
||||
|
||||
if (isIndexExists) {
|
||||
const resourcesStatsResponse = await esClient.search<unknown, ResourcesStats>(
|
||||
getResourcesStatsQuery(LATEST_FINDINGS_INDEX_DEFAULT_NS)
|
||||
getResourcesStatsQuery(CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS)
|
||||
);
|
||||
|
||||
const cspmResourcesStats = resourcesStatsResponse.aggregations
|
||||
|
|
|
|||
|
|
@ -10,9 +10,9 @@ import type {
|
|||
AggregationsMultiBucketBase,
|
||||
SearchRequest,
|
||||
} from '@elastic/elasticsearch/lib/api/types';
|
||||
import { CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS } from '@kbn/cloud-security-posture-common';
|
||||
import { getIdentifierRuntimeMapping } from '../../../../common/runtime_mappings/get_identifier_runtime_mapping';
|
||||
import type { CspmRulesStats } from './types';
|
||||
import { LATEST_FINDINGS_INDEX_DEFAULT_NS } from '../../../../common/constants';
|
||||
|
||||
interface BenchmarkName {
|
||||
metrics: { 'rule.benchmark.name': string };
|
||||
|
|
@ -69,7 +69,7 @@ interface RuleEntity {
|
|||
}
|
||||
|
||||
const getRulesStatsQuery = (): SearchRequest => ({
|
||||
index: LATEST_FINDINGS_INDEX_DEFAULT_NS,
|
||||
index: CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS,
|
||||
query: {
|
||||
match_all: {},
|
||||
},
|
||||
|
|
@ -264,7 +264,7 @@ export const getRulesStats = async (
|
|||
): Promise<CspmRulesStats[]> => {
|
||||
try {
|
||||
const isIndexExists = await esClient.indices.exists({
|
||||
index: LATEST_FINDINGS_INDEX_DEFAULT_NS,
|
||||
index: CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS,
|
||||
});
|
||||
|
||||
if (isIndexExists) {
|
||||
|
|
|
|||
|
|
@ -30,6 +30,10 @@ import type {
|
|||
CspBenchmarkRule,
|
||||
CspSettings,
|
||||
} from '@kbn/cloud-security-posture-common/schema/rules/latest';
|
||||
import {
|
||||
CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS,
|
||||
DEPRECATED_CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_PATTERN,
|
||||
} from '@kbn/cloud-security-posture-common';
|
||||
import semver from 'semver';
|
||||
import { isCspPackage } from '../common/utils/helpers';
|
||||
import { isSubscriptionAllowed } from '../common/utils/subscription';
|
||||
|
|
@ -241,9 +245,50 @@ export class CspPlugin
|
|||
this.logger
|
||||
);
|
||||
await scheduleFindingsStatsTask(taskManager, this.logger);
|
||||
await this.initializeIndexAlias(esClient, this.logger);
|
||||
this.#isInitialized = true;
|
||||
}
|
||||
|
||||
// For integration versions earlier than 2.00, we will manually create an index alias for the deprecated latest index 'logs-cloud_security_posture.findings_latest-default'.
|
||||
// For integration versions 2.00 and above, the index alias will be automatically created or updated as part of the Transform setup.
|
||||
initializeIndexAlias = async (esClient: ElasticsearchClient, logger: Logger): Promise<void> => {
|
||||
const isAliasExists = await esClient.indices.existsAlias({
|
||||
name: CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS,
|
||||
});
|
||||
|
||||
const isDeprecatedLatestIndexExists = await esClient.indices.exists({
|
||||
index: DEPRECATED_CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_PATTERN,
|
||||
});
|
||||
|
||||
// This handles the following scenarios:
|
||||
// 1. A customer using an older integration version (pre-2.00) who has upgraded their Kibana stack.
|
||||
// 2. A customer with a new Kibana stack who installs an integration version earlier than 2.00 for the first time (e.g., in a serverless environment).
|
||||
if (isDeprecatedLatestIndexExists && !isAliasExists) {
|
||||
try {
|
||||
await esClient.indices.updateAliases({
|
||||
actions: [
|
||||
{
|
||||
add: {
|
||||
index: DEPRECATED_CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_PATTERN,
|
||||
alias: CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS,
|
||||
is_write_index: true,
|
||||
},
|
||||
},
|
||||
],
|
||||
});
|
||||
this.logger.info(
|
||||
`Index alias ${CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS} created successfully`
|
||||
);
|
||||
} catch (error) {
|
||||
this.logger.error(
|
||||
`Failed to create index alias ${CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS}`,
|
||||
error
|
||||
);
|
||||
throw error;
|
||||
}
|
||||
}
|
||||
};
|
||||
|
||||
async uninstallResources(taskManager: TaskManagerStartContract, logger: Logger): Promise<void> {
|
||||
await removeFindingsStatsTask(taskManager, logger);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -10,10 +10,8 @@ import { MappingRuntimeFields } from '@elastic/elasticsearch/lib/api/types';
|
|||
import type { ElasticsearchClient, Logger } from '@kbn/core/server';
|
||||
import { SavedObjectsClientContract } from '@kbn/core-saved-objects-api-server';
|
||||
import type { CspBenchmarkRule } from '@kbn/cloud-security-posture-common/schema/rules/latest';
|
||||
import {
|
||||
CSP_BENCHMARK_RULE_SAVED_OBJECT_TYPE,
|
||||
LATEST_FINDINGS_INDEX_DEFAULT_NS,
|
||||
} from '../../../common/constants';
|
||||
import { CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS } from '@kbn/cloud-security-posture-common';
|
||||
import { CSP_BENCHMARK_RULE_SAVED_OBJECT_TYPE } from '../../../common/constants';
|
||||
|
||||
import { Benchmark } from '../../../common/types/latest';
|
||||
import { getClusters } from '../compliance_dashboard/get_clusters';
|
||||
|
|
@ -59,7 +57,7 @@ export const getBenchmarksData = async (
|
|||
const rulesFilter = await getMutedRulesFilterQuery(encryptedSoClient);
|
||||
|
||||
const { id: pitId } = await esClient.openPointInTime({
|
||||
index: LATEST_FINDINGS_INDEX_DEFAULT_NS,
|
||||
index: CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS,
|
||||
keep_alive: '30s',
|
||||
});
|
||||
// Transform response to a benchmark row: {id, name, version}
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@
|
|||
import { transformError } from '@kbn/securitysolution-es-utils';
|
||||
import type { QueryDslQueryContainer } from '@elastic/elasticsearch/lib/api/types';
|
||||
import { MappingRuntimeFields } from '@elastic/elasticsearch/lib/api/types';
|
||||
import { CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS } from '@kbn/cloud-security-posture-common';
|
||||
import { getComplianceDashboardSchema } from '../../../common/schemas/stats';
|
||||
import { getSafePostureTypeRuntimeMapping } from '../../../common/runtime_mappings/get_safe_posture_type_runtime_mapping';
|
||||
import type {
|
||||
|
|
@ -16,7 +17,7 @@ import type {
|
|||
GetComplianceDashboardRequest,
|
||||
ComplianceDashboardDataV2,
|
||||
} from '../../../common/types_old';
|
||||
import { LATEST_FINDINGS_INDEX_DEFAULT_NS, STATS_ROUTE_PATH } from '../../../common/constants';
|
||||
import { STATS_ROUTE_PATH } from '../../../common/constants';
|
||||
import { getGroupedFindingsEvaluation } from './get_grouped_findings_evaluation';
|
||||
import { ClusterWithoutTrend, getClusters } from './get_clusters';
|
||||
import { getStats } from './get_stats';
|
||||
|
|
@ -88,7 +89,7 @@ export const defineGetComplianceDashboardRoute = (router: CspRouter) =>
|
|||
const esClient = cspContext.esClient.asCurrentUser;
|
||||
|
||||
const { id: pitId } = await esClient.openPointInTime({
|
||||
index: LATEST_FINDINGS_INDEX_DEFAULT_NS,
|
||||
index: CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS,
|
||||
keep_alive: '30s',
|
||||
});
|
||||
|
||||
|
|
@ -162,7 +163,7 @@ export const defineGetComplianceDashboardRoute = (router: CspRouter) =>
|
|||
const filteredRules = await getMutedRulesFilterQuery(encryptedSoClient);
|
||||
|
||||
const { id: pitId } = await esClient.openPointInTime({
|
||||
index: LATEST_FINDINGS_INDEX_DEFAULT_NS,
|
||||
index: CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS,
|
||||
keep_alive: '30s',
|
||||
});
|
||||
|
||||
|
|
|
|||
|
|
@ -27,7 +27,7 @@ export const notInstalledHandler = http.get(STATUS_URL, () => {
|
|||
},
|
||||
indicesDetails: [
|
||||
{
|
||||
index: 'logs-cloud_security_posture.findings_latest-default',
|
||||
index: 'security_solution-cloud_security_posture.misconfiguration_latest',
|
||||
status: 'empty',
|
||||
},
|
||||
{
|
||||
|
|
@ -68,7 +68,7 @@ export const notInstalledHasMisconfigurationsFindingsHandler = http.get(STATUS_U
|
|||
},
|
||||
indicesDetails: [
|
||||
{
|
||||
index: 'logs-cloud_security_posture.findings_latest-default',
|
||||
index: 'security_solution-cloud_security_posture.misconfiguration_latest',
|
||||
status: 'empty',
|
||||
},
|
||||
{
|
||||
|
|
@ -108,7 +108,7 @@ export const notDeployedHandler = http.get(STATUS_URL, () => {
|
|||
},
|
||||
indicesDetails: [
|
||||
{
|
||||
index: 'logs-cloud_security_posture.findings_latest-default',
|
||||
index: 'security_solution-cloud_security_posture.misconfiguration_latest',
|
||||
status: 'empty',
|
||||
},
|
||||
{
|
||||
|
|
@ -149,7 +149,7 @@ export const indexingHandler = http.get(STATUS_URL, () => {
|
|||
},
|
||||
indicesDetails: [
|
||||
{
|
||||
index: 'logs-cloud_security_posture.findings_latest-default',
|
||||
index: 'security_solution-cloud_security_posture.misconfiguration_latest',
|
||||
status: 'empty',
|
||||
},
|
||||
{
|
||||
|
|
@ -189,7 +189,7 @@ export const indexTimeoutHandler = http.get(STATUS_URL, () => {
|
|||
},
|
||||
indicesDetails: [
|
||||
{
|
||||
index: 'logs-cloud_security_posture.findings_latest-default',
|
||||
index: 'security_solution-cloud_security_posture.misconfiguration_latest',
|
||||
status: 'empty',
|
||||
},
|
||||
{
|
||||
|
|
@ -229,7 +229,7 @@ export const unprivilegedHandler = http.get(STATUS_URL, () => {
|
|||
},
|
||||
indicesDetails: [
|
||||
{
|
||||
index: 'logs-cloud_security_posture.findings_latest-default',
|
||||
index: 'security_solution-cloud_security_posture.misconfiguration_latest',
|
||||
status: 'unprivileged',
|
||||
},
|
||||
{
|
||||
|
|
@ -269,7 +269,7 @@ export const indexedHandler = http.get(STATUS_URL, () => {
|
|||
},
|
||||
indicesDetails: [
|
||||
{
|
||||
index: 'logs-cloud_security_posture.findings_latest-default',
|
||||
index: 'security_solution-cloud_security_posture.misconfiguration_latest',
|
||||
status: 'not-empty',
|
||||
},
|
||||
{
|
||||
|
|
|
|||
|
|
@ -17,6 +17,7 @@ import {
|
|||
CDR_VULNERABILITIES_INDEX_PATTERN,
|
||||
CDR_EXTENDED_VULN_RETENTION_POLICY,
|
||||
FINDINGS_INDEX_PATTERN,
|
||||
CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS,
|
||||
} from '@kbn/cloud-security-posture-common';
|
||||
import type {
|
||||
CspSetupStatus,
|
||||
|
|
@ -36,7 +37,6 @@ import { schema } from '@kbn/config-schema';
|
|||
import { VersionedRoute } from '@kbn/core-http-server/src/versioning/types';
|
||||
import {
|
||||
CLOUD_SECURITY_POSTURE_PACKAGE_NAME,
|
||||
LATEST_FINDINGS_INDEX_DEFAULT_NS,
|
||||
BENCHMARK_SCORE_INDEX_DEFAULT_NS,
|
||||
VULNERABILITIES_INDEX_PATTERN,
|
||||
POSTURE_TYPES,
|
||||
|
|
@ -228,7 +228,7 @@ export const getCspStatus = async ({
|
|||
CDR_EXTENDED_VULN_RETENTION_POLICY,
|
||||
logger
|
||||
),
|
||||
checkIndexStatus(esClient, LATEST_FINDINGS_INDEX_DEFAULT_NS, logger, {
|
||||
checkIndexStatus(esClient, CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS, logger, {
|
||||
postureType: POSTURE_TYPE_ALL,
|
||||
retentionTime: LATEST_VULNERABILITIES_RETENTION_POLICY,
|
||||
}),
|
||||
|
|
@ -241,7 +241,7 @@ export const getCspStatus = async ({
|
|||
retentionTime: LATEST_VULNERABILITIES_RETENTION_POLICY,
|
||||
}),
|
||||
|
||||
checkIndexStatus(esClient, LATEST_FINDINGS_INDEX_DEFAULT_NS, logger, {
|
||||
checkIndexStatus(esClient, CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS, logger, {
|
||||
postureType: CSPM_POLICY_TEMPLATE,
|
||||
retentionTime: LATEST_FINDINGS_RETENTION_POLICY,
|
||||
}),
|
||||
|
|
@ -254,7 +254,7 @@ export const getCspStatus = async ({
|
|||
retentionTime: LATEST_FINDINGS_RETENTION_POLICY,
|
||||
}),
|
||||
|
||||
checkIndexStatus(esClient, LATEST_FINDINGS_INDEX_DEFAULT_NS, logger, {
|
||||
checkIndexStatus(esClient, CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS, logger, {
|
||||
postureType: KSPM_POLICY_TEMPLATE,
|
||||
retentionTime: LATEST_FINDINGS_RETENTION_POLICY,
|
||||
}),
|
||||
|
|
@ -340,7 +340,7 @@ export const getCspStatus = async ({
|
|||
const MIN_DATE = 0;
|
||||
const indicesDetails = [
|
||||
{
|
||||
index: LATEST_FINDINGS_INDEX_DEFAULT_NS,
|
||||
index: CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS,
|
||||
status: findingsLatestIndexStatus,
|
||||
},
|
||||
{
|
||||
|
|
|
|||
|
|
@ -15,6 +15,7 @@ import type { SearchRequest } from '@elastic/elasticsearch/lib/api/types';
|
|||
import { ElasticsearchClient } from '@kbn/core/server';
|
||||
import { QueryDslQueryContainer } from '@kbn/data-views-plugin/common/types';
|
||||
import {
|
||||
CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS,
|
||||
CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
|
||||
VULNERABILITIES_SEVERITY,
|
||||
} from '@kbn/cloud-security-posture-common';
|
||||
|
|
@ -27,7 +28,6 @@ import {
|
|||
BENCHMARK_SCORE_INDEX_DEFAULT_NS,
|
||||
CSPM_FINDINGS_STATS_INTERVAL,
|
||||
INTERNAL_CSP_SETTINGS_SAVED_OBJECT_TYPE,
|
||||
LATEST_FINDINGS_INDEX_DEFAULT_NS,
|
||||
VULN_MGMT_POLICY_TEMPLATE,
|
||||
} from '../../common/constants';
|
||||
import { scheduleTaskSafe, removeTaskSafe } from '../lib/task_manager_util';
|
||||
|
|
@ -218,7 +218,7 @@ const getScoreAggregationQuery = () => ({
|
|||
});
|
||||
|
||||
const getScoreQuery = (filteredRules: QueryDslQueryContainer[]): SearchRequest => ({
|
||||
index: LATEST_FINDINGS_INDEX_DEFAULT_NS,
|
||||
index: CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS,
|
||||
size: 0,
|
||||
// creates the safe_posture_type and asset_identifier runtime fields
|
||||
runtime_mappings: { ...getIdentifierRuntimeMapping(), ...getSafePostureTypeRuntimeMapping() },
|
||||
|
|
|
|||
|
|
@ -8,11 +8,10 @@
|
|||
import {
|
||||
CSPM_POLICY_TEMPLATE,
|
||||
KSPM_POLICY_TEMPLATE,
|
||||
CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_PATTERN,
|
||||
CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
|
||||
CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS,
|
||||
} from '@kbn/cloud-security-posture-common';
|
||||
import { CNVM_POLICY_TEMPLATE } from '@kbn/cloud-security-posture-plugin/common/constants';
|
||||
|
||||
export const CLOUD_SECURITY_TASK_TYPE = 'cloud_security';
|
||||
export const AGGREGATION_PRECISION_THRESHOLD = 40000;
|
||||
export const ASSETS_SAMPLE_GRANULARITY = '24h';
|
||||
|
|
@ -24,11 +23,11 @@ export const CNVM = CNVM_POLICY_TEMPLATE;
|
|||
|
||||
export const METERING_CONFIGS = {
|
||||
[CSPM]: {
|
||||
index: CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_PATTERN,
|
||||
index: CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS,
|
||||
assets_identifier: 'resource.id',
|
||||
},
|
||||
[KSPM]: {
|
||||
index: CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_PATTERN,
|
||||
index: CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS,
|
||||
assets_identifier: 'agent.id',
|
||||
},
|
||||
[CNVM]: {
|
||||
|
|
|
|||
|
|
@ -7,10 +7,12 @@
|
|||
import expect from '@kbn/expect';
|
||||
import type { CspSetupStatus } from '@kbn/cloud-security-posture-common';
|
||||
import { ELASTIC_HTTP_VERSION_HEADER } from '@kbn/core-http-common';
|
||||
import { CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN } from '@kbn/cloud-security-posture-common';
|
||||
import {
|
||||
CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS,
|
||||
CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
|
||||
} from '@kbn/cloud-security-posture-common';
|
||||
import {
|
||||
FINDINGS_INDEX_DEFAULT_NS,
|
||||
LATEST_FINDINGS_INDEX_DEFAULT_NS,
|
||||
VULNERABILITIES_INDEX_DEFAULT_NS,
|
||||
} from '@kbn/cloud-security-posture-plugin/common/constants';
|
||||
import { EsIndexDataProvider } from '../../../../cloud_security_posture_api/utils';
|
||||
|
|
@ -29,7 +31,10 @@ export default function (providerContext: FtrProviderContext) {
|
|||
const kibanaServer = getService('kibanaServer');
|
||||
const fleetAndAgents = getService('fleetAndAgents');
|
||||
const findingsIndex = new EsIndexDataProvider(es, FINDINGS_INDEX_DEFAULT_NS);
|
||||
const latestFindingsIndex = new EsIndexDataProvider(es, LATEST_FINDINGS_INDEX_DEFAULT_NS);
|
||||
const latestFindingsIndex = new EsIndexDataProvider(
|
||||
es,
|
||||
CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS
|
||||
);
|
||||
const vulnerabilitiesIndex = new EsIndexDataProvider(es, VULNERABILITIES_INDEX_DEFAULT_NS);
|
||||
const cdrVulnerabilitiesIndex = new EsIndexDataProvider(
|
||||
es,
|
||||
|
|
|
|||
|
|
@ -6,9 +6,12 @@
|
|||
*/
|
||||
import expect from '@kbn/expect';
|
||||
import { ELASTIC_HTTP_VERSION_HEADER } from '@kbn/core-http-common';
|
||||
import { CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN } from '@kbn/cloud-security-posture-common';
|
||||
import {
|
||||
CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS,
|
||||
CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
|
||||
} from '@kbn/cloud-security-posture-common';
|
||||
import type { CspSetupStatus } from '@kbn/cloud-security-posture-common';
|
||||
import { LATEST_FINDINGS_INDEX_DEFAULT_NS } from '@kbn/cloud-security-posture-plugin/common/constants';
|
||||
|
||||
import { FtrProviderContext } from '../../../ftr_provider_context';
|
||||
import { EsIndexDataProvider } from '../../../../cloud_security_posture_api/utils';
|
||||
import { createPackagePolicy } from '../helper';
|
||||
|
|
@ -20,7 +23,10 @@ export default function (providerContext: FtrProviderContext) {
|
|||
const es = getService('es');
|
||||
const esArchiver = getService('esArchiver');
|
||||
const kibanaServer = getService('kibanaServer');
|
||||
const latestFindingsIndex = new EsIndexDataProvider(es, LATEST_FINDINGS_INDEX_DEFAULT_NS);
|
||||
const latestFindingsIndex = new EsIndexDataProvider(
|
||||
es,
|
||||
CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS
|
||||
);
|
||||
const latestVulnerabilitiesIndex = new EsIndexDataProvider(
|
||||
es,
|
||||
CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN
|
||||
|
|
@ -103,7 +109,7 @@ export default function (providerContext: FtrProviderContext) {
|
|||
);
|
||||
});
|
||||
|
||||
it(`Return kspm status indexed when logs-cloud_security_posture.findings_latest-default contains new kspm documents`, async () => {
|
||||
it(`Return kspm status indexed when security_solution-cloud_security_posture.misconfiguration_latest contains new kspm documents`, async () => {
|
||||
await createPackagePolicy(
|
||||
supertest,
|
||||
agentPolicyId,
|
||||
|
|
@ -127,7 +133,7 @@ export default function (providerContext: FtrProviderContext) {
|
|||
);
|
||||
});
|
||||
|
||||
it(`Return cspm status indexed when logs-cloud_security_posture.findings_latest-default contains new cspm documents`, async () => {
|
||||
it(`Return cspm status indexed when security_solution-cloud_security_posture.misconfiguration_latest contains new cspm documents`, async () => {
|
||||
await createPackagePolicy(
|
||||
supertest,
|
||||
agentPolicyId,
|
||||
|
|
|
|||
|
|
@ -54,7 +54,7 @@ export default function (providerContext: FtrProviderContext) {
|
|||
await esArchiver.unload('x-pack/test/functional/es_archives/fleet/empty_fleet_server');
|
||||
});
|
||||
|
||||
it(`Return kspm status indexing when logs-cloud_security_posture.findings_latest-default doesn't contain new kspm documents, but has newly connected agents`, async () => {
|
||||
it(`Return kspm status indexing when security_solution-cloud_security_posture.misconfiguration_latest doesn't contain new kspm documents, but has newly connected agents`, async () => {
|
||||
await createPackagePolicy(
|
||||
supertest,
|
||||
agentPolicyId,
|
||||
|
|
@ -78,7 +78,7 @@ export default function (providerContext: FtrProviderContext) {
|
|||
);
|
||||
});
|
||||
|
||||
it(`Return cspm status indexing when logs-cloud_security_posture.findings_latest-default doesn't contain new cspm documents, but has newly connected agents `, async () => {
|
||||
it(`Return cspm status indexing when security_solution-cloud_security_posture.misconfiguration_latest doesn't contain new cspm documents, but has newly connected agents `, async () => {
|
||||
await createPackagePolicy(
|
||||
supertest,
|
||||
agentPolicyId,
|
||||
|
|
|
|||
|
|
@ -7,14 +7,12 @@
|
|||
import expect from '@kbn/expect';
|
||||
import { ELASTIC_HTTP_VERSION_HEADER } from '@kbn/core-http-common';
|
||||
import {
|
||||
CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS,
|
||||
CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
|
||||
FINDINGS_INDEX_PATTERN,
|
||||
} from '@kbn/cloud-security-posture-common';
|
||||
import type { CspSetupStatus } from '@kbn/cloud-security-posture-common';
|
||||
import {
|
||||
BENCHMARK_SCORE_INDEX_DEFAULT_NS,
|
||||
LATEST_FINDINGS_INDEX_DEFAULT_NS,
|
||||
} from '@kbn/cloud-security-posture-plugin/common/constants';
|
||||
import { BENCHMARK_SCORE_INDEX_DEFAULT_NS } from '@kbn/cloud-security-posture-plugin/common/constants';
|
||||
import { find, without } from 'lodash';
|
||||
import { FtrProviderContext } from '../../../ftr_provider_context';
|
||||
import { createPackagePolicy, createUser, createCSPRole, deleteRole, deleteUser } from '../helper';
|
||||
|
|
@ -31,7 +29,7 @@ export default function (providerContext: FtrProviderContext) {
|
|||
const security = getService('security');
|
||||
|
||||
const allIndices = [
|
||||
LATEST_FINDINGS_INDEX_DEFAULT_NS,
|
||||
CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS,
|
||||
FINDINGS_INDEX_PATTERN,
|
||||
BENCHMARK_SCORE_INDEX_DEFAULT_NS,
|
||||
CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
|
||||
|
|
@ -139,7 +137,10 @@ export default function (providerContext: FtrProviderContext) {
|
|||
});
|
||||
|
||||
it(`Return unprivileged when missing access to findings_latest index`, async () => {
|
||||
const privilegedIndices = without(allIndices, LATEST_FINDINGS_INDEX_DEFAULT_NS);
|
||||
const privilegedIndices = without(
|
||||
allIndices,
|
||||
CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS
|
||||
);
|
||||
await createCSPRole(security, UNPRIVILEGED_ROLE, privilegedIndices);
|
||||
await createUser(security, UNPRIVILEGED_USERNAME, UNPRIVILEGED_ROLE);
|
||||
|
||||
|
|
@ -173,9 +174,10 @@ export default function (providerContext: FtrProviderContext) {
|
|||
);
|
||||
|
||||
expect(res).to.have.property('indicesDetails');
|
||||
expect(find(res.indicesDetails, { index: LATEST_FINDINGS_INDEX_DEFAULT_NS })?.status).eql(
|
||||
'unprivileged'
|
||||
);
|
||||
expect(
|
||||
find(res.indicesDetails, { index: CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS })
|
||||
?.status
|
||||
).eql('unprivileged');
|
||||
|
||||
privilegedIndices.forEach((index) => {
|
||||
expect(find(res.indicesDetails, { index })?.status).not.eql('unprivileged');
|
||||
|
|
|
|||
|
|
@ -8,10 +8,8 @@ import {
|
|||
ELASTIC_HTTP_VERSION_HEADER,
|
||||
X_ELASTIC_INTERNAL_ORIGIN_REQUEST,
|
||||
} from '@kbn/core-http-common';
|
||||
import {
|
||||
CSP_BENCHMARK_RULE_SAVED_OBJECT_TYPE,
|
||||
LATEST_FINDINGS_INDEX_DEFAULT_NS,
|
||||
} from '@kbn/cloud-security-posture-plugin/common/constants';
|
||||
import { CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS } from '@kbn/cloud-security-posture-common';
|
||||
import { CSP_BENCHMARK_RULE_SAVED_OBJECT_TYPE } from '@kbn/cloud-security-posture-plugin/common/constants';
|
||||
import expect from '@kbn/expect';
|
||||
import Chance from 'chance';
|
||||
import { CspBenchmarkRule } from '@kbn/cloud-security-posture-common/schema/rules/latest';
|
||||
|
|
@ -31,7 +29,10 @@ export default function (providerContext: FtrProviderContext) {
|
|||
const logger = getService('log');
|
||||
const supertestWithoutAuth = getService('supertestWithoutAuth');
|
||||
const cspSecurity = CspSecurityCommonProvider(providerContext);
|
||||
const findingsIndex = new EsIndexDataProvider(es, LATEST_FINDINGS_INDEX_DEFAULT_NS);
|
||||
const findingsIndex = new EsIndexDataProvider(
|
||||
es,
|
||||
CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS
|
||||
);
|
||||
|
||||
const getCspBenchmarkRules = async (benchmarkId: string): Promise<CspBenchmarkRule[]> => {
|
||||
let cspBenchmarkRules: CspBenchmarkRule[] = [];
|
||||
|
|
|
|||
|
|
@ -6,9 +6,9 @@
|
|||
*/
|
||||
|
||||
import {
|
||||
CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_PATTERN,
|
||||
CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
|
||||
FINDINGS_INDEX_PATTERN,
|
||||
CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS,
|
||||
} from '@kbn/cloud-security-posture-common';
|
||||
import {
|
||||
BENCHMARK_SCORE_INDEX_PATTERN,
|
||||
|
|
@ -22,7 +22,7 @@ const alertsSecurityUserIndices = [
|
|||
privileges: ['read'],
|
||||
},
|
||||
{
|
||||
names: [CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_PATTERN],
|
||||
names: [CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS],
|
||||
privileges: ['read'],
|
||||
},
|
||||
{
|
||||
|
|
@ -45,7 +45,7 @@ const securityUserIndinces = [
|
|||
privileges: ['read'],
|
||||
},
|
||||
{
|
||||
names: [CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_PATTERN],
|
||||
names: [CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS],
|
||||
privileges: ['read'],
|
||||
},
|
||||
{
|
||||
|
|
|
|||
|
|
@ -5,10 +5,8 @@
|
|||
* 2.0.
|
||||
*/
|
||||
import { ELASTIC_HTTP_VERSION_HEADER } from '@kbn/core-http-common';
|
||||
import {
|
||||
BENCHMARK_SCORE_INDEX_DEFAULT_NS,
|
||||
LATEST_FINDINGS_INDEX_DEFAULT_NS,
|
||||
} from '@kbn/cloud-security-posture-plugin/common/constants';
|
||||
import { BENCHMARK_SCORE_INDEX_DEFAULT_NS } from '@kbn/cloud-security-posture-plugin/common/constants';
|
||||
import { CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS } from '@kbn/cloud-security-posture-common';
|
||||
import {
|
||||
BenchmarkData,
|
||||
Cluster,
|
||||
|
|
@ -65,7 +63,10 @@ export default function (providerContext: FtrProviderContext) {
|
|||
const log = getService('log');
|
||||
const supertestWithoutAuth = getService('supertestWithoutAuth');
|
||||
const cspSecurity = CspSecurityCommonProvider(providerContext);
|
||||
const findingsIndex = new EsIndexDataProvider(es, LATEST_FINDINGS_INDEX_DEFAULT_NS);
|
||||
const findingsIndex = new EsIndexDataProvider(
|
||||
es,
|
||||
CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS
|
||||
);
|
||||
const benchmarkScoreIndex = new EsIndexDataProvider(es, BENCHMARK_SCORE_INDEX_DEFAULT_NS);
|
||||
|
||||
// Failing: See https://github.com/elastic/kibana/issues/214191
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ import { data } from './data';
|
|||
import type { FtrProviderContext } from '../ftr_provider_context';
|
||||
import { waitForPluginInitialized, EsIndexDataProvider } from '../utils';
|
||||
|
||||
const FINDINGS_INDEX = 'logs-cloud_security_posture.findings_latest-default';
|
||||
const FINDINGS_INDEX = 'security_solution-cloud_security_posture.misconfiguration_latest';
|
||||
|
||||
// eslint-disable-next-line import/no-default-export
|
||||
export default function ({ getService }: FtrProviderContext) {
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@ import {
|
|||
import type { FtrProviderContext } from '../ftr_provider_context';
|
||||
|
||||
// Defined in CSP plugin
|
||||
const LATEST_FINDINGS_INDEX = 'logs-cloud_security_posture.findings_latest-default';
|
||||
const LATEST_FINDINGS_INDEX = 'security_solution-cloud_security_posture.misconfiguration_latest';
|
||||
|
||||
export function CspDashboardPageProvider({ getService, getPageObjects }: FtrProviderContext) {
|
||||
const testSubjects = getService('testSubjects');
|
||||
|
|
|
|||
|
|
@ -24,6 +24,11 @@ export function CspSecurityCommonProvider({ getPageObjects, getService }: FtrPro
|
|||
names: ['logs-cloud_security_posture.findings_latest-*'],
|
||||
privileges: ['read'],
|
||||
},
|
||||
{
|
||||
names: ['security_solution-cloud_security_posture.misconfiguration_latest'],
|
||||
privileges: ['read'],
|
||||
},
|
||||
|
||||
{
|
||||
names: ['logs-cloud_security_posture.scores-*'],
|
||||
privileges: ['read'],
|
||||
|
|
|
|||
|
|
@ -29,6 +29,9 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) {
|
|||
},
|
||||
},
|
||||
cluster_id: 'Upper case cluster id',
|
||||
data_stream: {
|
||||
dataset: 'cloud_security_posture.findings',
|
||||
},
|
||||
},
|
||||
];
|
||||
|
||||
|
|
|
|||
|
|
@ -165,6 +165,10 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) {
|
|||
|
||||
// Before we start any test we must wait for cloud_security_posture plugin to complete its initialization
|
||||
await findings.waitForPluginInitialized();
|
||||
|
||||
// delete old data
|
||||
await findings.index.remove();
|
||||
await findings.vulnerabilitiesIndex.remove();
|
||||
});
|
||||
|
||||
afterEach(async () => {
|
||||
|
|
|
|||
|
|
@ -5,7 +5,6 @@
|
|||
* 2.0.
|
||||
*/
|
||||
|
||||
import { CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_PATTERN } from '@kbn/cloud-security-posture-common';
|
||||
import { createRule } from '../../tasks/api_calls/rules';
|
||||
import { getNewRule } from '../../objects/rule';
|
||||
import { getDataTestSubjectSelector } from '../../helpers/common';
|
||||
|
|
@ -20,6 +19,9 @@ import { login } from '../../tasks/login';
|
|||
import { ALERTS_URL } from '../../urls/navigation';
|
||||
import { visit } from '../../tasks/navigation';
|
||||
|
||||
export const CDR_MOCK_THIRD_PARTY_MISCONFIGURATION_LATEST_INDEX =
|
||||
'security_solution-test.misconfiguration_latest';
|
||||
|
||||
const CSP_INSIGHT_MISCONFIGURATION_TITLE = getDataTestSubjectSelector(
|
||||
'securitySolutionFlyoutInsightsMisconfigurationsTitleLink'
|
||||
);
|
||||
|
|
@ -94,13 +96,86 @@ const mockFindingUserName = (matches: boolean) => {
|
|||
},
|
||||
};
|
||||
};
|
||||
const putIndexMapping = () => {
|
||||
rootRequest({
|
||||
method: 'PUT',
|
||||
url: `${Cypress.env(
|
||||
'ELASTICSEARCH_URL'
|
||||
)}/${CDR_MOCK_THIRD_PARTY_MISCONFIGURATION_LATEST_INDEX}`,
|
||||
body: {},
|
||||
});
|
||||
|
||||
const createMockFinding = (isNameMatches: boolean, findingType: 'host.name' | 'user.name') => {
|
||||
rootRequest({
|
||||
method: 'PUT',
|
||||
url: `${Cypress.env(
|
||||
'ELASTICSEARCH_URL'
|
||||
)}/${CDR_MOCK_THIRD_PARTY_MISCONFIGURATION_LATEST_INDEX}/_mapping`,
|
||||
body: {
|
||||
properties: {
|
||||
'result.evaluation': {
|
||||
type: 'keyword',
|
||||
},
|
||||
'host.name': {
|
||||
type: 'keyword',
|
||||
},
|
||||
'resource.id': {
|
||||
type: 'keyword',
|
||||
},
|
||||
resource: {
|
||||
type: 'object',
|
||||
properties: {
|
||||
id: {
|
||||
type: 'keyword',
|
||||
},
|
||||
name: {
|
||||
type: 'keyword',
|
||||
},
|
||||
sub_type: {
|
||||
type: 'keyword',
|
||||
},
|
||||
},
|
||||
},
|
||||
rule: {
|
||||
type: 'object',
|
||||
properties: {
|
||||
name: {
|
||||
type: 'keyword',
|
||||
},
|
||||
section: {
|
||||
type: 'keyword',
|
||||
},
|
||||
benchmark: {
|
||||
type: 'object',
|
||||
properties: {
|
||||
id: {
|
||||
type: 'keyword',
|
||||
},
|
||||
posture_type: {
|
||||
type: 'keyword',
|
||||
},
|
||||
name: {
|
||||
type: 'keyword',
|
||||
},
|
||||
version: {
|
||||
type: 'keyword',
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
});
|
||||
};
|
||||
const createMockMisconfigurationFinding = (
|
||||
isNameMatches: boolean,
|
||||
findingType: 'host.name' | 'user.name'
|
||||
) => {
|
||||
return rootRequest({
|
||||
method: 'POST',
|
||||
url: `${Cypress.env(
|
||||
'ELASTICSEARCH_URL'
|
||||
)}/${CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_PATTERN}/_doc`,
|
||||
)}/${CDR_MOCK_THIRD_PARTY_MISCONFIGURATION_LATEST_INDEX}/_doc`,
|
||||
body:
|
||||
findingType === 'host.name'
|
||||
? mockFindingHostName(isNameMatches)
|
||||
|
|
@ -108,16 +183,20 @@ const createMockFinding = (isNameMatches: boolean, findingType: 'host.name' | 'u
|
|||
});
|
||||
};
|
||||
|
||||
const deleteDataStream = () => {
|
||||
const deleteLatestMisconfigurationIndex = () => {
|
||||
return rootRequest({
|
||||
method: 'DELETE',
|
||||
url: `${Cypress.env(
|
||||
'ELASTICSEARCH_URL'
|
||||
)}/_data_stream/${CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_PATTERN}`,
|
||||
)}/${CDR_MOCK_THIRD_PARTY_MISCONFIGURATION_LATEST_INDEX}`,
|
||||
});
|
||||
};
|
||||
|
||||
describe('Alert Host details expandable flyout', { tags: ['@ess', '@serverless'] }, () => {
|
||||
// Skip on serverless once this ticket is verified: https://github.com/elastic/security-team/issues/12819
|
||||
describe(
|
||||
'Alert Host details expandable flyout',
|
||||
{ tags: ['@ess', '@serverless', '@skipInServerless'] },
|
||||
() => {
|
||||
beforeEach(() => {
|
||||
deleteAlertsAndRules();
|
||||
login();
|
||||
|
|
@ -128,14 +207,15 @@ describe('Alert Host details expandable flyout', { tags: ['@ess', '@serverless']
|
|||
|
||||
context('Host name - Has misconfiguration findings', () => {
|
||||
beforeEach(() => {
|
||||
createMockFinding(true, 'host.name');
|
||||
putIndexMapping();
|
||||
createMockMisconfigurationFinding(true, 'host.name');
|
||||
cy.reload();
|
||||
expandFirstAlertHostFlyout();
|
||||
});
|
||||
|
||||
afterEach(() => {
|
||||
/* Deleting data stream even though we don't create it because data stream is automatically created when Cloud security API is used */
|
||||
deleteDataStream();
|
||||
deleteLatestMisconfigurationIndex();
|
||||
});
|
||||
|
||||
it('should display Misconfiguration preview under Insights Entities when it has Misconfiguration Findings', () => {
|
||||
|
|
@ -154,13 +234,14 @@ describe('Alert Host details expandable flyout', { tags: ['@ess', '@serverless']
|
|||
'Host name - Has misconfiguration findings but host name is not the same as alert host name',
|
||||
() => {
|
||||
beforeEach(() => {
|
||||
createMockFinding(false, 'host.name');
|
||||
putIndexMapping();
|
||||
createMockMisconfigurationFinding(false, 'host.name');
|
||||
cy.reload();
|
||||
expandFirstAlertHostFlyout();
|
||||
});
|
||||
|
||||
afterEach(() => {
|
||||
deleteDataStream();
|
||||
deleteLatestMisconfigurationIndex();
|
||||
});
|
||||
|
||||
it('should display Misconfiguration preview under Insights Entities when it has Misconfiguration Findings', () => {
|
||||
|
|
@ -174,13 +255,14 @@ describe('Alert Host details expandable flyout', { tags: ['@ess', '@serverless']
|
|||
|
||||
context('User name - Has misconfiguration findings', () => {
|
||||
beforeEach(() => {
|
||||
createMockFinding(true, 'user.name');
|
||||
putIndexMapping();
|
||||
createMockMisconfigurationFinding(true, 'user.name');
|
||||
cy.reload();
|
||||
expandFirstAlertUserFlyout();
|
||||
});
|
||||
|
||||
afterEach(() => {
|
||||
deleteDataStream();
|
||||
deleteLatestMisconfigurationIndex();
|
||||
});
|
||||
|
||||
it('should display Misconfiguration preview under Insights Entities when it has Misconfiguration Findings', () => {
|
||||
|
|
@ -199,13 +281,14 @@ describe('Alert Host details expandable flyout', { tags: ['@ess', '@serverless']
|
|||
'User name - Has misconfiguration findings but host name is not the same as alert host name',
|
||||
() => {
|
||||
beforeEach(() => {
|
||||
createMockFinding(false, 'user.name');
|
||||
putIndexMapping();
|
||||
createMockMisconfigurationFinding(false, 'user.name');
|
||||
cy.reload();
|
||||
expandFirstAlertHostFlyout();
|
||||
});
|
||||
|
||||
afterEach(() => {
|
||||
deleteDataStream();
|
||||
deleteLatestMisconfigurationIndex();
|
||||
});
|
||||
|
||||
it('should display Misconfiguration preview under Insights Entities when it has Misconfiguration Findings', () => {
|
||||
|
|
@ -216,4 +299,5 @@ describe('Alert Host details expandable flyout', { tags: ['@ess', '@serverless']
|
|||
});
|
||||
}
|
||||
);
|
||||
});
|
||||
}
|
||||
);
|
||||
|
|
|
|||
|
|
@ -6,8 +6,10 @@
|
|||
*/
|
||||
|
||||
import expect from '@kbn/expect';
|
||||
import { CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN } from '@kbn/cloud-security-posture-common';
|
||||
import { LATEST_FINDINGS_INDEX_DEFAULT_NS } from '@kbn/cloud-security-posture-plugin/common/constants';
|
||||
import {
|
||||
CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
|
||||
CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS,
|
||||
} from '@kbn/cloud-security-posture-common';
|
||||
import * as http from 'http';
|
||||
import { createPackagePolicy } from '@kbn/test-suites-xpack-security/api_integration/apis/cloud_security_posture/helper';
|
||||
import { EsIndexDataProvider } from '@kbn/test-suites-xpack-security/cloud_security_posture_api/utils';
|
||||
|
|
@ -26,7 +28,10 @@ export default function (providerContext: FtrProviderContext) {
|
|||
const svlCommonApi = getService('svlCommonApi');
|
||||
const svlUserManager = getService('svlUserManager');
|
||||
const supertestWithoutAuth = getService('supertestWithoutAuth');
|
||||
const findingsIndex = new EsIndexDataProvider(es, LATEST_FINDINGS_INDEX_DEFAULT_NS);
|
||||
const findingsIndex = new EsIndexDataProvider(
|
||||
es,
|
||||
CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS
|
||||
);
|
||||
const vulnerabilitiesIndex = new EsIndexDataProvider(
|
||||
es,
|
||||
CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN
|
||||
|
|
|
|||
|
|
@ -7,8 +7,10 @@
|
|||
import expect from '@kbn/expect';
|
||||
import { ELASTIC_HTTP_VERSION_HEADER } from '@kbn/core-http-common';
|
||||
import type { CspSetupStatus } from '@kbn/cloud-security-posture-common';
|
||||
import { CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN } from '@kbn/cloud-security-posture-common';
|
||||
import { LATEST_FINDINGS_INDEX_DEFAULT_NS } from '@kbn/cloud-security-posture-plugin/common/constants';
|
||||
import {
|
||||
CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
|
||||
CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS,
|
||||
} from '@kbn/cloud-security-posture-common';
|
||||
import { createPackagePolicy } from '@kbn/test-suites-xpack-security/api_integration/apis/cloud_security_posture/helper';
|
||||
import { EsIndexDataProvider } from '@kbn/test-suites-xpack-security/cloud_security_posture_api/utils';
|
||||
import {
|
||||
|
|
@ -26,7 +28,10 @@ export default function (providerContext: FtrProviderContext) {
|
|||
const supertestWithoutAuth = getService('supertestWithoutAuth');
|
||||
const svlCommonApi = getService('svlCommonApi');
|
||||
const svlUserManager = getService('svlUserManager');
|
||||
const latestFindingsIndex = new EsIndexDataProvider(es, LATEST_FINDINGS_INDEX_DEFAULT_NS);
|
||||
const latestFindingsIndex = new EsIndexDataProvider(
|
||||
es,
|
||||
CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_ALIAS
|
||||
);
|
||||
const latestVulnerabilitiesIndex = new EsIndexDataProvider(
|
||||
es,
|
||||
CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN
|
||||
|
|
@ -76,7 +81,7 @@ export default function (providerContext: FtrProviderContext) {
|
|||
await esArchiver.unload('x-pack/test/functional/es_archives/fleet/empty_fleet_server');
|
||||
});
|
||||
|
||||
it(`Return kspm status indexed when logs-cloud_security_posture.findings_latest-default contains new kspm documents`, async () => {
|
||||
it(`Return kspm status indexed when security_solution-cloud_security_posture.misconfiguration_latestration_latest contains new kspm documents`, async () => {
|
||||
await createPackagePolicy(
|
||||
supertestWithoutAuth,
|
||||
agentPolicyId,
|
||||
|
|
@ -104,7 +109,7 @@ export default function (providerContext: FtrProviderContext) {
|
|||
);
|
||||
});
|
||||
|
||||
it(`Return cspm status indexed when logs-cloud_security_posture.findings_latest-default contains new cspm documents`, async () => {
|
||||
it(`Return cspm status indexed when security_solution-cloud_security_posture.misconfiguration_latestration_latest contains new cspm documents`, async () => {
|
||||
await createPackagePolicy(
|
||||
supertestWithoutAuth,
|
||||
agentPolicyId,
|
||||
|
|
|
|||
|
|
@ -74,7 +74,7 @@ export default function (providerContext: FtrProviderContext) {
|
|||
await esArchiver.unload('x-pack/test/functional/es_archives/fleet/empty_fleet_server');
|
||||
});
|
||||
|
||||
it(`Return kspm status indexing when logs-cloud_security_posture.findings_latest-default doesn't contain new kspm documents, but has newly connected agents`, async () => {
|
||||
it(`Return kspm status indexing when security_solution-cloud_security_posture.misconfiguration_latest doesn't contain new kspm documents, but has newly connected agents`, async () => {
|
||||
await createPackagePolicy(
|
||||
supertestWithoutAuth,
|
||||
agentPolicyId,
|
||||
|
|
@ -102,7 +102,7 @@ export default function (providerContext: FtrProviderContext) {
|
|||
);
|
||||
});
|
||||
|
||||
it(`Return cspm status indexing when logs-cloud_security_posture.findings_latest-default doesn't contain new cspm documents, but has newly connected agents `, async () => {
|
||||
it(`Return cspm status indexing when security_solution-cloud_security_posture.misconfiguration_latest doesn't contain new cspm documents, but has newly connected agents `, async () => {
|
||||
await createPackagePolicy(
|
||||
supertestWithoutAuth,
|
||||
agentPolicyId,
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ import { SupertestWithRoleScopeType } from '../../../services';
|
|||
import type { FtrProviderContext } from '../../../ftr_provider_context';
|
||||
import { RoleCredentials } from '../../../../shared/services';
|
||||
|
||||
const FINDINGS_INDEX = 'logs-cloud_security_posture.findings_latest-default';
|
||||
const FINDINGS_INDEX = 'security_solution-cloud_security_posture.misconfiguration_latest';
|
||||
|
||||
export default function ({ getService }: FtrProviderContext) {
|
||||
const retry = getService('retry');
|
||||
|
|
|
|||
|
|
@ -65,7 +65,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) {
|
|||
});
|
||||
|
||||
describe('Kubernetes Dashboard', () => {
|
||||
it('displays accurate summary compliance score', async () => {
|
||||
it.skip('displays accurate summary compliance score', async () => {
|
||||
await pageObjects.header.waitUntilLoadingHasFinished();
|
||||
await retry.try(async () => {
|
||||
const scoreElement = await dashboard.getKubernetesComplianceScore();
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue