github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-24 09:48:58 -04:00
Code Issues Projects Releases Packages Wiki Activity

[Cloud Security] use global cdr vuln data view (#191581)

Browse source
This commit is contained in:
Ido Cohen 2024-09-03 16:08:19 +03:00 committed by GitHub
parent b7a909f3e8
commit c594254fb4
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
26 changed files with 110 additions and 83 deletions
Download patch file Download diff file Expand all files Collapse all files

2
x-pack/packages/kbn-cloud-security-posture-common/constants.ts
View file

@ -9,7 +9,7 @@ export const CSPM_POLICY_TEMPLATE = 'cspm';
export const CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_PATTERN =
'logs-cloud_security_posture.findings_latest-default';
export const CDR_LATEST_THIRD_PARTY_MISCONFIGURATIONS_INDEX_PATTERN =
'logs-*_latest_misconfigurations_cdr';
'security_solution-*.misconfiguration_latest';
export const CDR_MISCONFIGURATIONS_INDEX_PATTERN = `${CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_PATTERN},${CDR_LATEST_THIRD_PARTY_MISCONFIGURATIONS_INDEX_PATTERN}`;
export const LATEST_FINDINGS_RETENTION_POLICY = '26h';
export const MAX_FINDINGS_TO_LOAD = 500;

19
x-pack/plugins/cloud_security_posture/common/constants.ts
View file

@ -41,12 +41,6 @@ export const CDR_MISCONFIGURATIONS_DATA_VIEW_NAME = 'Latest Cloud Security Misco
export const CDR_MISCONFIGURATIONS_DATA_VIEW_ID_PREFIX =
'security_solution_cdr_latest_misconfigurations';
export const CDR_VULNERABILITIES_DATA_VIEW_NAME = 'Latest Cloud Security Vulnerabilities';
export const CDR_VULNERABILITIES_DATA_VIEW_ID_PREFIX =
'security_solution_cdr_latest_vulnerabilities';
export const CDR_VULNERABILITIES_INDEX_PATTERN =
'logs-*_latest_vulnerabilities_cdr,logs-cloud_security_posture.vulnerabilities_latest-default';
export const FINDINGS_INDEX_NAME = 'logs-cloud_security_posture.findings';
export const FINDINGS_INDEX_PATTERN = 'logs-cloud_security_posture.findings-default*';
export const FINDINGS_INDEX_DEFAULT_NS = 'logs-cloud_security_posture.findings-default';
@ -59,6 +53,10 @@ export const BENCHMARK_SCORE_INDEX_TEMPLATE_NAME = 'logs-cloud_security_posture.
export const BENCHMARK_SCORE_INDEX_PATTERN = 'logs-cloud_security_posture.scores-*';
export const BENCHMARK_SCORE_INDEX_DEFAULT_NS = 'logs-cloud_security_posture.scores-default';
export const CDR_VULNERABILITIES_DATA_VIEW_NAME = 'Latest Cloud Security Vulnerabilities';
export const CDR_VULNERABILITIES_DATA_VIEW_ID_PREFIX =
'security_solution_cdr_latest_vulnerabilities';
export const VULNERABILITIES_INDEX_NAME = 'logs-cloud_security_posture.vulnerabilities';
export const VULNERABILITIES_INDEX_PATTERN = 'logs-cloud_security_posture.vulnerabilities-default*';
export const VULNERABILITIES_INDEX_DEFAULT_NS =
@ -66,10 +64,13 @@ export const VULNERABILITIES_INDEX_DEFAULT_NS =
export const LATEST_VULNERABILITIES_INDEX_TEMPLATE_NAME =
'logs-cloud_security_posture.vulnerabilities_latest';
export const LATEST_VULNERABILITIES_INDEX_PATTERN =
'logs-cloud_security_posture.vulnerabilities_latest*';
export const LATEST_VULNERABILITIES_INDEX_DEFAULT_NS =
export const CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN =
'logs-cloud_security_posture.vulnerabilities_latest-default';
export const CDR_LATEST_THIRD_PARTY_VULNERABILITIES_INDEX_PATTERN =
'security_solution-*.vulnerability_latest';
export const CDR_VULNERABILITIES_INDEX_PATTERN = `${CDR_LATEST_THIRD_PARTY_VULNERABILITIES_INDEX_PATTERN},${CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN}`;
export const LATEST_VULNERABILITIES_RETENTION_POLICY = '3d';
export const SECURITY_DEFAULT_DATA_VIEW_ID = 'security-solution-default';

4
x-pack/plugins/cloud_security_posture/public/pages/vulnerabilities/hooks/use_grouped_vulnerabilities.tsx
View file

@ -11,7 +11,7 @@ import { GenericBuckets, GroupingQuery, RootAggregation } from '@kbn/grouping/sr
import { useQuery } from '@tanstack/react-query';
import { lastValueFrom } from 'rxjs';
import { showErrorToast } from '@kbn/cloud-security-posture';
import { LATEST_VULNERABILITIES_INDEX_PATTERN } from '../../../../common/constants';
import { CDR_VULNERABILITIES_INDEX_PATTERN } from '../../../../common/constants';
import { useKibana } from '../../../common/hooks/use_kibana';
// Elasticsearch returns `null` when a sub-aggregation cannot be computed
@ -56,7 +56,7 @@ export type VulnerabilitiesRootGroupingAggregation =
export const getGroupedVulnerabilitiesQuery = (query: GroupingQuery) => ({
...query,
index: LATEST_VULNERABILITIES_INDEX_PATTERN,
index: CDR_VULNERABILITIES_INDEX_PATTERN,
size: 0,
});

6
x-pack/plugins/cloud_security_posture/public/pages/vulnerabilities/hooks/use_latest_vulnerabilities.tsx
View file

@ -21,7 +21,7 @@ import { FindingsBaseEsQuery, showErrorToast } from '@kbn/cloud-security-posture
import { VULNERABILITY_FIELDS } from '../../../common/constants';
import { CspVulnerabilityFinding } from '../../../../common/schemas';
import {
LATEST_VULNERABILITIES_INDEX_PATTERN,
CDR_VULNERABILITIES_INDEX_PATTERN,
LATEST_VULNERABILITIES_RETENTION_POLICY,
} from '../../../../common/constants';
import { useKibana } from '../../../common/hooks/use_kibana';
@ -56,7 +56,7 @@ export const getVulnerabilitiesQuery = (
{ query, sort }: VulnerabilitiesQuery,
pageParam: number
) => ({
index: LATEST_VULNERABILITIES_INDEX_PATTERN,
index: CDR_VULNERABILITIES_INDEX_PATTERN,
sort: getMultiFieldsSort(sort),
size: MAX_FINDINGS_TO_LOAD,
query: {
@ -91,7 +91,7 @@ export const useLatestVulnerabilities = (options: VulnerabilitiesQuery) => {
* the last loaded record to be used as a from parameter to fetch the next chunk of data.
*/
return useInfiniteQuery(
[LATEST_VULNERABILITIES_INDEX_PATTERN, options],
[CDR_VULNERABILITIES_INDEX_PATTERN, options],
async ({ pageParam }) => {
const {
rawResponse: { hits },

20
x-pack/plugins/cloud_security_posture/public/pages/vulnerabilities/vulnerabilties.test.tsx
View file

@ -9,7 +9,7 @@ import Chance from 'chance';
import { Vulnerabilities } from './vulnerabilities';
import {
CDR_MISCONFIGURATIONS_DATA_VIEW_ID_PREFIX,
LATEST_VULNERABILITIES_INDEX_DEFAULT_NS,
CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
VULN_MGMT_POLICY_TEMPLATE,
} from '../../../common/constants';
import { useCspSetupStatusApi } from '@kbn/cloud-security-posture/src/hooks/use_csp_setup_status_api';
@ -71,7 +71,9 @@ describe('<Vulnerabilities />', () => {
status: 'success',
data: {
[VULN_MGMT_POLICY_TEMPLATE]: { status: 'not-deployed' },
indicesDetails: [{ index: LATEST_VULNERABILITIES_INDEX_DEFAULT_NS, status: 'empty' }],
indicesDetails: [
{ index: CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN, status: 'empty' },
],
},
})
);
@ -97,7 +99,9 @@ describe('<Vulnerabilities />', () => {
status: 'success',
data: {
[VULN_MGMT_POLICY_TEMPLATE]: { status: 'indexing' },
indicesDetails: [{ index: LATEST_VULNERABILITIES_INDEX_DEFAULT_NS, status: 'empty' }],
indicesDetails: [
{ index: CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN, status: 'empty' },
],
},
})
);
@ -121,7 +125,9 @@ describe('<Vulnerabilities />', () => {
status: 'success',
data: {
[VULN_MGMT_POLICY_TEMPLATE]: { status: 'index-timeout' },
indicesDetails: [{ index: LATEST_VULNERABILITIES_INDEX_DEFAULT_NS, status: 'empty' }],
indicesDetails: [
{ index: CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN, status: 'empty' },
],
},
})
);
@ -144,7 +150,9 @@ describe('<Vulnerabilities />', () => {
status: 'success',
data: {
[VULN_MGMT_POLICY_TEMPLATE]: { status: 'unprivileged' },
indicesDetails: [{ index: LATEST_VULNERABILITIES_INDEX_DEFAULT_NS, status: 'empty' }],
indicesDetails: [
{ index: CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN, status: 'empty' },
],
},
})
);
@ -177,7 +185,7 @@ describe('<Vulnerabilities />', () => {
indicesDetails: [
{ index: 'logs-cloud_security_posture.findings_latest-default', status: 'empty' },
{ index: 'logs-cloud_security_posture.findings-default*', status: 'empty' },
{ index: LATEST_VULNERABILITIES_INDEX_DEFAULT_NS, status: 'empty' },
{ index: CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN, status: 'empty' },
],
},
})

26
x-pack/plugins/cloud_security_posture/public/pages/vulnerability_dashboard/vulnerability_dashboard.test.tsx
View file

@ -9,7 +9,7 @@ import Chance from 'chance';
import { dataPluginMock } from '@kbn/data-plugin/public/mocks';
import { unifiedSearchPluginMock } from '@kbn/unified-search-plugin/public/mocks';
import {
LATEST_VULNERABILITIES_INDEX_DEFAULT_NS,
CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
VULN_MGMT_POLICY_TEMPLATE,
} from '../../../common/constants';
import { chartPluginMock } from '@kbn/charts-plugin/public/mocks';
@ -79,7 +79,9 @@ describe('<VulnerabilityDashboard />', () => {
status: 'success',
data: {
[VULN_MGMT_POLICY_TEMPLATE]: { status: 'not-installed' },
indicesDetails: [{ index: LATEST_VULNERABILITIES_INDEX_DEFAULT_NS, status: 'empty' }],
indicesDetails: [
{ index: CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN, status: 'empty' },
],
},
})
);
@ -100,7 +102,9 @@ describe('<VulnerabilityDashboard />', () => {
status: 'success',
data: {
[VULN_MGMT_POLICY_TEMPLATE]: { status: 'not-deployed' },
indicesDetails: [{ index: LATEST_VULNERABILITIES_INDEX_DEFAULT_NS, status: 'empty' }],
indicesDetails: [
{ index: CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN, status: 'empty' },
],
},
})
);
@ -121,7 +125,9 @@ describe('<VulnerabilityDashboard />', () => {
status: 'success',
data: {
[VULN_MGMT_POLICY_TEMPLATE]: { status: 'indexing' },
indicesDetails: [{ index: LATEST_VULNERABILITIES_INDEX_DEFAULT_NS, status: 'empty' }],
indicesDetails: [
{ index: CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN, status: 'empty' },
],
},
})
);
@ -141,7 +147,9 @@ describe('<VulnerabilityDashboard />', () => {
status: 'success',
data: {
[VULN_MGMT_POLICY_TEMPLATE]: { status: 'index-timeout' },
indicesDetails: [{ index: LATEST_VULNERABILITIES_INDEX_DEFAULT_NS, status: 'empty' }],
indicesDetails: [
{ index: CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN, status: 'empty' },
],
},
})
);
@ -160,7 +168,9 @@ describe('<VulnerabilityDashboard />', () => {
status: 'success',
data: {
[VULN_MGMT_POLICY_TEMPLATE]: { status: 'unprivileged' },
indicesDetails: [{ index: LATEST_VULNERABILITIES_INDEX_DEFAULT_NS, status: 'empty' }],
indicesDetails: [
{ index: CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN, status: 'empty' },
],
},
})
);
@ -180,7 +190,9 @@ describe('<VulnerabilityDashboard />', () => {
status: 'success',
data: {
[VULN_MGMT_POLICY_TEMPLATE]: { status: 'indexed' },
indicesDetails: [{ index: LATEST_VULNERABILITIES_INDEX_DEFAULT_NS, status: 'not-empty' }],
indicesDetails: [
{ index: CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN, status: 'not-empty' },
],
},
})
);

7
x-pack/plugins/cloud_security_posture/server/create_indices/latest_indices.ts
View file

@ -11,9 +11,8 @@ import {
LATEST_FINDINGS_INDEX_TEMPLATE_NAME,
LATEST_FINDINGS_INDEX_DEFAULT_NS,
VULNERABILITIES_INDEX_NAME,
LATEST_VULNERABILITIES_INDEX_PATTERN,
CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
LATEST_VULNERABILITIES_INDEX_TEMPLATE_NAME,
LATEST_VULNERABILITIES_INDEX_DEFAULT_NS,
} from '../../common/constants';
import { LatestIndexConfig } from './types';
@ -26,8 +25,8 @@ export const latestIndexConfigs: LatestIndexConfig = {
},
vulnerabilities: {
indexName: VULNERABILITIES_INDEX_NAME,
indexPattern: LATEST_VULNERABILITIES_INDEX_PATTERN,
indexPattern: CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
indexTemplateName: LATEST_VULNERABILITIES_INDEX_TEMPLATE_NAME,
indexDefaultName: LATEST_VULNERABILITIES_INDEX_DEFAULT_NS,
indexDefaultName: CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
},
};

4
x-pack/plugins/cloud_security_posture/server/create_transforms/latest_vulnerabilities_transforms.ts
View file

@ -8,7 +8,7 @@
import { TransformPutTransformRequest } from '@elastic/elasticsearch/lib/api/types';
import {
CLOUD_SECURITY_POSTURE_PACKAGE_NAME,
LATEST_VULNERABILITIES_INDEX_DEFAULT_NS,
CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
LATEST_VULNERABILITIES_RETENTION_POLICY,
VULNERABILITIES_INDEX_PATTERN,
} from '../../common/constants';
@ -28,7 +28,7 @@ export const latestVulnerabilitiesTransform: TransformPutTransformRequest = {
index: VULNERABILITIES_INDEX_PATTERN,
},
dest: {
index: LATEST_VULNERABILITIES_INDEX_DEFAULT_NS,
index: CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
},
frequency: '5m',
sync: {

7
x-pack/plugins/cloud_security_posture/server/lib/telemetry/collectors/cloud_accounts_stats_collector.ts
View file

@ -19,7 +19,7 @@ import type {
} from './types';
import {
LATEST_FINDINGS_INDEX_DEFAULT_NS,
LATEST_VULNERABILITIES_INDEX_DEFAULT_NS,
CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
VULN_MGMT_POLICY_TEMPLATE,
} from '../../../../common/constants';
import {
@ -438,7 +438,10 @@ export const getAllCloudAccountsStats = async (
logger: Logger
): Promise<CloudSecurityAccountsStats[]> => {
try {
const indices = [LATEST_FINDINGS_INDEX_DEFAULT_NS, LATEST_VULNERABILITIES_INDEX_DEFAULT_NS];
const indices = [
LATEST_FINDINGS_INDEX_DEFAULT_NS,
CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
];
const [findingIndex, vulnerabilitiesIndex] = await Promise.all(
indices.map(async (index) => ({
exists: await esClient.indices.exists({

4
x-pack/plugins/cloud_security_posture/server/lib/telemetry/collectors/indices_stats_collector.ts
View file

@ -14,7 +14,7 @@ import {
BENCHMARK_SCORE_INDEX_DEFAULT_NS,
FINDINGS_INDEX_DEFAULT_NS,
LATEST_FINDINGS_INDEX_DEFAULT_NS,
LATEST_VULNERABILITIES_INDEX_DEFAULT_NS,
CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
VULNERABILITIES_INDEX_DEFAULT_NS,
} from '../../../../common/constants';
@ -82,7 +82,7 @@ export const getIndicesStats = async (
getIndexStats(esClient, FINDINGS_INDEX_DEFAULT_NS, logger),
getIndexStats(esClient, LATEST_FINDINGS_INDEX_DEFAULT_NS, logger),
getIndexStats(esClient, VULNERABILITIES_INDEX_DEFAULT_NS, logger),
getIndexStats(esClient, LATEST_VULNERABILITIES_INDEX_DEFAULT_NS, logger),
getIndexStats(esClient, CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN, logger),
getIndexStats(esClient, BENCHMARK_SCORE_INDEX_DEFAULT_NS, logger),
]);

6
x-pack/plugins/cloud_security_posture/server/routes/status/status.ts
View file

@ -36,7 +36,7 @@ import {
BENCHMARK_SCORE_INDEX_DEFAULT_NS,
VULNERABILITIES_INDEX_PATTERN,
POSTURE_TYPES,
LATEST_VULNERABILITIES_INDEX_DEFAULT_NS,
CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
VULN_MGMT_POLICY_TEMPLATE,
POSTURE_TYPE_ALL,
LATEST_VULNERABILITIES_RETENTION_POLICY,
@ -257,7 +257,7 @@ export const getCspStatus = async ({
retentionTime: LATEST_FINDINGS_RETENTION_POLICY,
}),
checkIndexStatus(esClient, LATEST_VULNERABILITIES_INDEX_DEFAULT_NS, logger, {
checkIndexStatus(esClient, CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN, logger, {
postureType: VULN_MGMT_POLICY_TEMPLATE,
retentionTime: LATEST_VULNERABILITIES_RETENTION_POLICY,
}),
@ -342,7 +342,7 @@ export const getCspStatus = async ({
status: scoreIndexStatus,
},
{
index: LATEST_VULNERABILITIES_INDEX_DEFAULT_NS,
index: CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
status: vulnerabilitiesLatestIndexStatus,
},
];

4
x-pack/plugins/cloud_security_posture/server/routes/vulnerabilities_dashboard/get_top_patchable_vulnerabilities.ts
View file

@ -8,7 +8,7 @@
import { SearchRequest } from '@elastic/elasticsearch/lib/api/types';
import { ElasticsearchClient } from '@kbn/core-elasticsearch-server';
import { AggFieldBucket, PatchableVulnerabilityStat } from '../../../common/types_old';
import { LATEST_VULNERABILITIES_INDEX_DEFAULT_NS } from '../../../common/constants';
import { CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN } from '../../../common/constants';
interface VulnerabilityBucket {
key: string | undefined;
@ -39,7 +39,7 @@ const getPatchableVulnerabilitiesQuery = (): SearchRequest => ({
],
},
},
index: LATEST_VULNERABILITIES_INDEX_DEFAULT_NS,
index: CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
aggs: {
patchable_vulnerabilities: {
terms: {

4
x-pack/plugins/cloud_security_posture/server/routes/vulnerabilities_dashboard/get_top_vulnerabilities.ts
View file

@ -8,7 +8,7 @@
import { SearchRequest } from '@elastic/elasticsearch/lib/api/types';
import { ElasticsearchClient } from '@kbn/core-elasticsearch-server';
import { VulnerabilityStat } from '../../../common/types_old';
import { LATEST_VULNERABILITIES_INDEX_DEFAULT_NS } from '../../../common/constants';
import { CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN } from '../../../common/constants';
interface VulnerabilityBucket {
key: string | undefined;
@ -77,7 +77,7 @@ const getVulnerabilitiesQuery = (): SearchRequest => ({
query: {
match_all: {},
},
index: LATEST_VULNERABILITIES_INDEX_DEFAULT_NS,
index: CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
aggs: {
vulnerabilities: {
terms: {

4
x-pack/plugins/cloud_security_posture/server/routes/vulnerabilities_dashboard/get_top_vulnerable_resources.ts
View file

@ -8,7 +8,7 @@
import { SearchRequest } from '@elastic/elasticsearch/lib/api/types';
import { ElasticsearchClient } from '@kbn/core-elasticsearch-server';
import { AggFieldBucket, VulnerableResourceStat } from '../../../common/types_old';
import { LATEST_VULNERABILITIES_INDEX_DEFAULT_NS } from '../../../common/constants';
import { CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN } from '../../../common/constants';
interface ResourceBucket {
key: string | undefined;
@ -28,7 +28,7 @@ const getVulnerabilitiesResourcesQuery = (): SearchRequest => ({
query: {
match_all: {},
},
index: LATEST_VULNERABILITIES_INDEX_DEFAULT_NS,
index: CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
aggs: {
vulnerable_resources: {
terms: {

4
x-pack/plugins/cloud_security_posture/server/routes/vulnerabilities_dashboard/get_vulnerabilities_statistics.ts
View file

@ -8,7 +8,7 @@
import { SearchRequest } from '@elastic/elasticsearch/lib/api/types';
import { ElasticsearchClient } from '@kbn/core-elasticsearch-server';
import {
LATEST_VULNERABILITIES_INDEX_DEFAULT_NS,
CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
VULNERABILITIES_SEVERITY,
} from '../../../common/constants';
@ -35,7 +35,7 @@ export const getVulnerabilitiesStatisticsQuery = (): SearchRequest => ({
query: {
match_all: {},
},
index: LATEST_VULNERABILITIES_INDEX_DEFAULT_NS,
index: CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
aggs: {
critical: {
filter: { term: { 'vulnerability.severity': VULNERABILITIES_SEVERITY.CRITICAL } },

4
x-pack/plugins/cloud_security_posture/server/tasks/findings_stats_task.ts
View file

@ -24,7 +24,7 @@ import {
CSPM_FINDINGS_STATS_INTERVAL,
INTERNAL_CSP_SETTINGS_SAVED_OBJECT_TYPE,
LATEST_FINDINGS_INDEX_DEFAULT_NS,
LATEST_VULNERABILITIES_INDEX_DEFAULT_NS,
CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
VULNERABILITIES_SEVERITY,
VULN_MGMT_POLICY_TEMPLATE,
} from '../../common/constants';
@ -227,7 +227,7 @@ const getScoreQuery = (filteredRules: QueryDslQueryContainer[]): SearchRequest =
});
const getVulnStatsTrendQuery = (): SearchRequest => ({
index: LATEST_VULNERABILITIES_INDEX_DEFAULT_NS,
index: CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
size: 0,
query: {
match_all: {},

4
x-pack/plugins/security_solution_serverless/server/cloud_security/constants.ts
View file

@ -12,7 +12,7 @@ import {
} from '@kbn/cloud-security-posture-common';
import {
CNVM_POLICY_TEMPLATE,
LATEST_VULNERABILITIES_INDEX_PATTERN,
CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
} from '@kbn/cloud-security-posture-plugin/common/constants';
import { INTEGRATION_PACKAGE_NAME } from '@kbn/cloud-defend-plugin/common/constants';
@ -37,7 +37,7 @@ export const METERING_CONFIGS = {
assets_identifier: 'agent.id',
},
[CNVM]: {
index: LATEST_VULNERABILITIES_INDEX_PATTERN,
index: CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
assets_identifier: 'cloud.instance.id',
},
[CLOUD_DEFEND]: {

4
x-pack/test/api_integration/apis/cloud_security_posture/status/status_index_timeout.ts
View file

@ -10,7 +10,7 @@ import { ELASTIC_HTTP_VERSION_HEADER } from '@kbn/core-http-common';
import {
FINDINGS_INDEX_DEFAULT_NS,
LATEST_FINDINGS_INDEX_DEFAULT_NS,
LATEST_VULNERABILITIES_INDEX_DEFAULT_NS,
CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
VULNERABILITIES_INDEX_DEFAULT_NS,
} from '@kbn/cloud-security-posture-plugin/common/constants';
import { generateAgent } from '../../../../fleet_api_integration/helpers';
@ -20,7 +20,7 @@ import { deleteIndex, createPackagePolicy } from '../helper';
const INDEX_ARRAY = [
FINDINGS_INDEX_DEFAULT_NS,
LATEST_FINDINGS_INDEX_DEFAULT_NS,
LATEST_VULNERABILITIES_INDEX_DEFAULT_NS,
CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
VULNERABILITIES_INDEX_DEFAULT_NS,
];

8
x-pack/test/api_integration/apis/cloud_security_posture/status/status_indexed.ts
View file

@ -10,7 +10,7 @@ import type { CspSetupStatus } from '@kbn/cloud-security-posture-common';
import {
FINDINGS_INDEX_DEFAULT_NS,
LATEST_FINDINGS_INDEX_DEFAULT_NS,
LATEST_VULNERABILITIES_INDEX_DEFAULT_NS,
CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
VULNERABILITIES_INDEX_DEFAULT_NS,
} from '@kbn/cloud-security-posture-plugin/common/constants';
import { FtrProviderContext } from '../../../ftr_provider_context';
@ -20,7 +20,7 @@ import { findingsMockData, vulnerabilityMockData } from '../mock_data';
const INDEX_ARRAY = [
FINDINGS_INDEX_DEFAULT_NS,
LATEST_FINDINGS_INDEX_DEFAULT_NS,
LATEST_VULNERABILITIES_INDEX_DEFAULT_NS,
CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
VULNERABILITIES_INDEX_DEFAULT_NS,
];
@ -52,7 +52,7 @@ export default function (providerContext: FtrProviderContext) {
await deleteIndex(es, INDEX_ARRAY);
await addIndex(es, findingsMockData, LATEST_FINDINGS_INDEX_DEFAULT_NS);
await addIndex(es, vulnerabilityMockData, LATEST_VULNERABILITIES_INDEX_DEFAULT_NS);
await addIndex(es, vulnerabilityMockData, CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN);
});
afterEach(async () => {
@ -78,7 +78,7 @@ export default function (providerContext: FtrProviderContext) {
it(`Return hasMisconfigurationsFindings true when there are only findings in third party index`, async () => {
await deleteIndex(es, INDEX_ARRAY);
const mock3PIndex = 'logs-mock-3p-integration_latest_misconfigurations_cdr';
const mock3PIndex = 'security_solution-mock-3p-integration.misconfiguration_latest';
await addIndex(es, findingsMockData, mock3PIndex);
const { body: res }: { body: CspSetupStatus } = await supertest

4
x-pack/test/api_integration/apis/cloud_security_posture/status/status_indexing.ts
View file

@ -10,7 +10,7 @@ import type { CspSetupStatus } from '@kbn/cloud-security-posture-common';
import {
FINDINGS_INDEX_DEFAULT_NS,
LATEST_FINDINGS_INDEX_DEFAULT_NS,
LATEST_VULNERABILITIES_INDEX_DEFAULT_NS,
CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
VULNERABILITIES_INDEX_DEFAULT_NS,
} from '@kbn/cloud-security-posture-plugin/common/constants';
import { FtrProviderContext } from '../../../ftr_provider_context';
@ -20,7 +20,7 @@ import { findingsMockData, vulnerabilityMockData } from '../mock_data';
const INDEX_ARRAY = [
FINDINGS_INDEX_DEFAULT_NS,
LATEST_FINDINGS_INDEX_DEFAULT_NS,
LATEST_VULNERABILITIES_INDEX_DEFAULT_NS,
CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
VULNERABILITIES_INDEX_DEFAULT_NS,
];

14
x-pack/test/api_integration/apis/cloud_security_posture/status/status_unprivileged.ts
View file

@ -10,7 +10,7 @@ import type { CspSetupStatus } from '@kbn/cloud-security-posture-common';
import {
BENCHMARK_SCORE_INDEX_DEFAULT_NS,
LATEST_FINDINGS_INDEX_DEFAULT_NS,
LATEST_VULNERABILITIES_INDEX_DEFAULT_NS,
CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
FINDINGS_INDEX_PATTERN,
} from '@kbn/cloud-security-posture-plugin/common/constants';
import { FtrProviderContext } from '../../../ftr_provider_context';
@ -165,7 +165,7 @@ export default function (providerContext: FtrProviderContext) {
assertIndexStatus(res.indicesDetails, BENCHMARK_SCORE_INDEX_DEFAULT_NS, 'unprivileged');
assertIndexStatus(
res.indicesDetails,
LATEST_VULNERABILITIES_INDEX_DEFAULT_NS,
CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
'unprivileged'
);
});
@ -209,7 +209,7 @@ export default function (providerContext: FtrProviderContext) {
assertIndexStatus(res.indicesDetails, BENCHMARK_SCORE_INDEX_DEFAULT_NS, 'empty');
assertIndexStatus(
res.indicesDetails,
LATEST_VULNERABILITIES_INDEX_DEFAULT_NS,
CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
'unprivileged'
);
});
@ -218,7 +218,7 @@ export default function (providerContext: FtrProviderContext) {
await createCSPOnlyRole(
security,
UNPRIVILEGED_ROLE,
LATEST_VULNERABILITIES_INDEX_DEFAULT_NS
CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN
);
await createUser(security, UNPRIVILEGED_USERNAME, UNPRIVILEGED_ROLE);
@ -254,7 +254,11 @@ export default function (providerContext: FtrProviderContext) {
assertIndexStatus(res.indicesDetails, LATEST_FINDINGS_INDEX_DEFAULT_NS, 'unprivileged');
assertIndexStatus(res.indicesDetails, FINDINGS_INDEX_PATTERN, 'empty');
assertIndexStatus(res.indicesDetails, BENCHMARK_SCORE_INDEX_DEFAULT_NS, 'unprivileged');
assertIndexStatus(res.indicesDetails, LATEST_VULNERABILITIES_INDEX_DEFAULT_NS, 'empty');
assertIndexStatus(
res.indicesDetails,
CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
'empty'
);
});
});
});

6
x-pack/test/cloud_security_posture_api/routes/helper/user_roles_utilites.ts
View file

@ -8,7 +8,7 @@
import { CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_PATTERN } from '@kbn/cloud-security-posture-common';
import {
BENCHMARK_SCORE_INDEX_PATTERN,
LATEST_VULNERABILITIES_INDEX_PATTERN,
CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
ALERTS_INDEX_PATTERN,
FINDINGS_INDEX_PATTERN,
} from '@kbn/cloud-security-posture-plugin/common/constants';
@ -28,7 +28,7 @@ const alertsSecurityUserIndices = [
privileges: ['read'],
},
{
names: [LATEST_VULNERABILITIES_INDEX_PATTERN],
names: [CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN],
privileges: ['all'],
},
{
@ -51,7 +51,7 @@ const securityUserIndinces = [
privileges: ['read'],
},
{
names: [LATEST_VULNERABILITIES_INDEX_PATTERN],
names: [CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN],
privileges: ['all'],
},
];

6
x-pack/test/cloud_security_posture_functional/page_objects/findings_page.ts
View file

@ -14,7 +14,7 @@ const FINDINGS_INDEX = 'logs-cloud_security_posture.findings-default';
const FINDINGS_LATEST_INDEX = 'logs-cloud_security_posture.findings_latest-default';
export const VULNERABILITIES_INDEX_DEFAULT_NS =
'logs-cloud_security_posture.vulnerabilities-default';
export const LATEST_VULNERABILITIES_INDEX_DEFAULT_NS =
export const CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN =
'logs-cloud_security_posture.vulnerabilities_latest-default';
export function FindingsPageProvider({ getService, getPageObjects }: FtrProviderContext) {
@ -72,14 +72,14 @@ export function FindingsPageProvider({ getService, getPageObjects }: FtrProvider
remove: () =>
Promise.all([
deleteByQuery(VULNERABILITIES_INDEX_DEFAULT_NS),
deleteByQuery(LATEST_VULNERABILITIES_INDEX_DEFAULT_NS),
deleteByQuery(CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN),
]),
add: async (findingsMock: Array<Record<string, unknown>>) => {
await es.bulk({
refresh: true,
operations: [
...insertOperation(VULNERABILITIES_INDEX_DEFAULT_NS, findingsMock),
...insertOperation(LATEST_VULNERABILITIES_INDEX_DEFAULT_NS, findingsMock),
...insertOperation(CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN, findingsMock),
],
});
},

12
x-pack/test_serverless/api_integration/test_suites/security/cloud_security_posture/serverless_metering/cloud_security_metering.ts
View file

@ -8,7 +8,7 @@
import expect from '@kbn/expect';
import {
LATEST_FINDINGS_INDEX_DEFAULT_NS,
LATEST_VULNERABILITIES_INDEX_DEFAULT_NS,
CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
} from '@kbn/cloud-security-posture-plugin/common/constants';
import * as http from 'http';
import {
@ -72,7 +72,7 @@ export default function (providerContext: FtrProviderContext) {
await deleteIndex(es, [
LATEST_FINDINGS_INDEX_DEFAULT_NS,
LATEST_VULNERABILITIES_INDEX_DEFAULT_NS,
CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
CLOUD_DEFEND_HEARTBEAT_INDEX_DEFAULT_NS,
]);
});
@ -80,13 +80,13 @@ export default function (providerContext: FtrProviderContext) {
afterEach(async () => {
await deleteIndex(es, [
LATEST_FINDINGS_INDEX_DEFAULT_NS,
LATEST_VULNERABILITIES_INDEX_DEFAULT_NS,
CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
]);
await kibanaServer.savedObjects.cleanStandardList();
await esArchiver.unload('x-pack/test/functional/es_archives/fleet/empty_fleet_server');
await deleteIndex(es, [
LATEST_FINDINGS_INDEX_DEFAULT_NS,
LATEST_VULNERABILITIES_INDEX_DEFAULT_NS,
CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
CLOUD_DEFEND_HEARTBEAT_INDEX_DEFAULT_NS,
]);
});
@ -202,7 +202,7 @@ export default function (providerContext: FtrProviderContext) {
numberOfFindings: 2,
});
await addIndex(es, billableFindings, LATEST_VULNERABILITIES_INDEX_DEFAULT_NS);
await addIndex(es, billableFindings, CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN);
let interceptedRequestBody: UsageRecord[] = [];
@ -328,7 +328,7 @@ export default function (providerContext: FtrProviderContext) {
],
LATEST_FINDINGS_INDEX_DEFAULT_NS
),
addIndex(es, [...billableFindingsCNVM], LATEST_VULNERABILITIES_INDEX_DEFAULT_NS),
addIndex(es, [...billableFindingsCNVM], CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN),
addIndex(
es,
[...blockActionEnabledHeartbeats, ...blockActionDisabledHeartbeats],

6
x-pack/test_serverless/api_integration/test_suites/security/cloud_security_posture/status/status_indexed.ts
View file

@ -10,7 +10,7 @@ import type { CspSetupStatus } from '@kbn/cloud-security-posture-common';
import {
FINDINGS_INDEX_DEFAULT_NS,
LATEST_FINDINGS_INDEX_DEFAULT_NS,
LATEST_VULNERABILITIES_INDEX_DEFAULT_NS,
CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
VULNERABILITIES_INDEX_DEFAULT_NS,
} from '@kbn/cloud-security-posture-plugin/common/constants';
import {
@ -28,7 +28,7 @@ import { RoleCredentials } from '../../../../../shared/services';
const INDEX_ARRAY = [
FINDINGS_INDEX_DEFAULT_NS,
LATEST_FINDINGS_INDEX_DEFAULT_NS,
LATEST_VULNERABILITIES_INDEX_DEFAULT_NS,
CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
VULNERABILITIES_INDEX_DEFAULT_NS,
];
@ -76,7 +76,7 @@ export default function (providerContext: FtrProviderContext) {
await deleteIndex(es, INDEX_ARRAY);
await addIndex(es, findingsMockData, LATEST_FINDINGS_INDEX_DEFAULT_NS);
await addIndex(es, vulnerabilityMockData, LATEST_VULNERABILITIES_INDEX_DEFAULT_NS);
await addIndex(es, vulnerabilityMockData, CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN);
});
afterEach(async () => {

4
x-pack/test_serverless/api_integration/test_suites/security/cloud_security_posture/status/status_indexing.ts
View file

@ -10,7 +10,7 @@ import type { CspSetupStatus } from '@kbn/cloud-security-posture-common';
import {
FINDINGS_INDEX_DEFAULT_NS,
LATEST_FINDINGS_INDEX_DEFAULT_NS,
LATEST_VULNERABILITIES_INDEX_DEFAULT_NS,
CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
VULNERABILITIES_INDEX_DEFAULT_NS,
} from '@kbn/cloud-security-posture-plugin/common/constants';
import {
@ -28,7 +28,7 @@ import { RoleCredentials } from '../../../../../shared/services';
const INDEX_ARRAY = [
FINDINGS_INDEX_DEFAULT_NS,
LATEST_FINDINGS_INDEX_DEFAULT_NS,
LATEST_VULNERABILITIES_INDEX_DEFAULT_NS,
CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
VULNERABILITIES_INDEX_DEFAULT_NS,
];