github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-24 09:48:58 -04:00
Code Issues Projects Releases Packages Wiki Activity

[Cloud Security] do not filter out CNVM documents with missing or unknown severity (#163419)

Browse source 
## Summary

This PR removes filtering vulnerabilities where the `severity` field is
missing or is different from CRITICAL, HIGH, MEDIUM or LOW. Right now
this is handled ok in the data grid but won't be reflected in the
severity map or trend chart components.
<img width="1728" alt="Screenshot 2023-08-08 at 17 42 46"
src="45ccf860-0cb7-4b03-ab51-5720dd7f90f9">



fixes
- https://github.com/elastic/security-team/issues/7289
This commit is contained in:
Maxim Kholod 2023-08-15 10:41:14 +03:00 committed by GitHub
parent 560c87179b
commit efbee18dc9
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 5 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

13
x-pack/plugins/cloud_security_posture/common/utils/get_safe_vulnerabilities_query_filter.ts
View file

@ -5,7 +5,6 @@
* 2.0.
*/
import { QueryDslQueryContainer } from '@elastic/elasticsearch/lib/api/types';
import { VULNERABILITIES_SEVERITY } from '../constants';
export const getSafeVulnerabilitiesQueryFilter = (query?: QueryDslQueryContainer) => ({
...query,
@ -13,20 +12,8 @@ export const getSafeVulnerabilitiesQueryFilter = (query?: QueryDslQueryContainer
...query?.bool,
filter: [
...((query?.bool?.filter as []) || []),
{
bool: {
minimum_should_match: 1,
should: [
{ match_phrase: { 'vulnerability.severity': VULNERABILITIES_SEVERITY.CRITICAL } },
{ match_phrase: { 'vulnerability.severity': VULNERABILITIES_SEVERITY.HIGH } },
{ match_phrase: { 'vulnerability.severity': VULNERABILITIES_SEVERITY.MEDIUM } },
{ match_phrase: { 'vulnerability.severity': VULNERABILITIES_SEVERITY.LOW } },
],
},
},
{ exists: { field: 'vulnerability.score.base' } },
{ exists: { field: 'vulnerability.score.version' } },
{ exists: { field: 'vulnerability.severity' } },
{ exists: { field: 'resource.id' } },
{ exists: { field: 'resource.name' } },
],

10
x-pack/plugins/cloud_security_posture/public/pages/vulnerabilities/utils/custom_sort_script.ts
View file

@ -28,13 +28,13 @@ export const severitySortScript = (direction: string) => ({
script: {
lang: 'painless',
inline:
"if(params.scores.containsKey(doc['vulnerability.severity'].value)) { return params.scores[doc['vulnerability.severity'].value];} return 1000;",
"if(doc.containsKey('vulnerability.severity') && !doc['vulnerability.severity'].empty && doc['vulnerability.severity'].size()!=0 && doc['vulnerability.severity'].value!=null && params.scores.containsKey(doc['vulnerability.severity'].value)) { return params.scores[doc['vulnerability.severity'].value];} return 0;",
params: {
scores: {
LOW: 0,
MEDIUM: 1,
HIGH: 2,
CRITICAL: 3,
LOW: 1,
MEDIUM: 2,
HIGH: 3,
CRITICAL: 4,
},
},
},