From 27c3d9a6dccf26bc0fb7551373fecb9999a97b5b Mon Sep 17 00:00:00 2001
From: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Date: Thu, 7 Nov 2024 23:10:38 +1100
Subject: [PATCH] [8.x] [Entity Store] Aligning mappings with ECS (#199001)
 (#199283)

# Backport

This will backport the following commits from `main` to `8.x`:
- [[Entity Store] Aligning mappings with ECS
(#199001)](https://github.com/elastic/kibana/pull/199001)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Tiago Vila
Verde","email":"tiago.vilaverde@elastic.co"},"sourceCommit":{"committedDate":"2024-11-07T10:06:59Z","message":"[Entity
Store] Aligning mappings with ECS (#199001)\n\n## Summary\r\n\r\nThis PR
corrects some of the mappings set in the component template to\r\nfollow
ECS guidelines.\r\n\r\n#### How to test\r\n\r\nInitialise an entity
engine via devtools:\r\n```\r\nPOST
kbn:/api/entity_store/engines/host/init\r\n{}\r\n```\r\n\r\nCheck the
mappings with:\r\n```\r\nGET
.entities.v1.latest.security_<entityType>_default/_mapping\r\n```","sha":"3fff48a2cad951cfc531e0f61e9939ae4436a77b","branchLabelMapping":{"^v9.0.0$":"main","^v8.17.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:Entity
Analytics","v8.16.0","backport:version","v8.17.0"],"title":"[Entity
Store] Aligning mappings with
ECS","number":199001,"url":"https://github.com/elastic/kibana/pull/199001","mergeCommit":{"message":"[Entity
Store] Aligning mappings with ECS (#199001)\n\n## Summary\r\n\r\nThis PR
corrects some of the mappings set in the component template to\r\nfollow
ECS guidelines.\r\n\r\n#### How to test\r\n\r\nInitialise an entity
engine via devtools:\r\n```\r\nPOST
kbn:/api/entity_store/engines/host/init\r\n{}\r\n```\r\n\r\nCheck the
mappings with:\r\n```\r\nGET
.entities.v1.latest.security_<entityType>_default/_mapping\r\n```","sha":"3fff48a2cad951cfc531e0f61e9939ae4436a77b"}},"sourceBranch":"main","suggestedTargetBranches":["8.16","8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/199001","number":199001,"mergeCommit":{"message":"[Entity
Store] Aligning mappings with ECS (#199001)\n\n## Summary\r\n\r\nThis PR
corrects some of the mappings set in the component template to\r\nfollow
ECS guidelines.\r\n\r\n#### How to test\r\n\r\nInitialise an entity
engine via devtools:\r\n```\r\nPOST
kbn:/api/entity_store/engines/host/init\r\n{}\r\n```\r\n\r\nCheck the
mappings with:\r\n```\r\nGET
.entities.v1.latest.security_<entityType>_default/_mapping\r\n```","sha":"3fff48a2cad951cfc531e0f61e9939ae4436a77b"}},{"branch":"8.16","label":"v8.16.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.x","label":"v8.17.0","branchLabelMappingKey":"^v8.17.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: Tiago Vila Verde <tiago.vilaverde@elastic.co>
---
 .../entity_store/entities_list.test.tsx       |  2 +-
 .../hooks/use_entities_list_columns.tsx       |  2 +-
 .../united_entity_definitions/constants.ts    |  4 +--
 .../entity_types/host.ts                      | 12 +++++++-
 .../entity_types/user.ts                      | 12 +++++++-
 .../get_united_definition.test.ts             | 28 ++++++++++++++++---
 .../united_entity_definition.ts               | 10 +++++++
 7 files changed, 60 insertions(+), 10 deletions(-)

diff --git a/x-pack/plugins/security_solution/public/entity_analytics/components/entity_store/entities_list.test.tsx b/x-pack/plugins/security_solution/public/entity_analytics/components/entity_store/entities_list.test.tsx
index 91f0c42eab385..0f493304e1f87 100644
--- a/x-pack/plugins/security_solution/public/entity_analytics/components/entity_store/entities_list.test.tsx
+++ b/x-pack/plugins/security_solution/public/entity_analytics/components/entity_store/entities_list.test.tsx
@@ -109,7 +109,7 @@ describe('EntitiesList', () => {
     fireEvent.click(columnHeader);
     expect(mockUseEntitiesListQuery).toHaveBeenCalledWith(
       expect.objectContaining({
-        sortField: 'entity.name.text',
+        sortField: 'entity.name',
         sortOrder: 'asc',
       })
     );
diff --git a/x-pack/plugins/security_solution/public/entity_analytics/components/entity_store/hooks/use_entities_list_columns.tsx b/x-pack/plugins/security_solution/public/entity_analytics/components/entity_store/hooks/use_entities_list_columns.tsx
index 974a80454ee21..e603c95b6604a 100644
--- a/x-pack/plugins/security_solution/public/entity_analytics/components/entity_store/hooks/use_entities_list_columns.tsx
+++ b/x-pack/plugins/security_solution/public/entity_analytics/components/entity_store/hooks/use_entities_list_columns.tsx
@@ -79,7 +79,7 @@ export const useEntitiesListColumns = (): EntitiesListColumns => {
       width: '5%',
     },
     {
-      field: 'entity.name.text',
+      field: 'entity.name',
       name: (
         <FormattedMessage
           id="xpack.securitySolution.entityAnalytics.entityStore.entitiesList.nameColumn.title"
diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/united_entity_definitions/constants.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/united_entity_definitions/constants.ts
index 9f9dbb836498d..43730fa06357a 100644
--- a/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/united_entity_definitions/constants.ts
+++ b/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/united_entity_definitions/constants.ts
@@ -15,10 +15,10 @@ export const BASE_ENTITY_INDEX_MAPPING: MappingProperties = {
     type: 'keyword',
   },
   'entity.name': {
-    type: 'text',
+    type: 'keyword',
     fields: {
       text: {
-        type: 'keyword',
+        type: 'match_only_text',
       },
     },
   },
diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/united_entity_definitions/entity_types/host.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/united_entity_definitions/entity_types/host.ts
index db9266997743e..5abeffd05b1f1 100644
--- a/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/united_entity_definitions/entity_types/host.ts
+++ b/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/united_entity_definitions/entity_types/host.ts
@@ -18,7 +18,17 @@ export const getHostUnitedDefinition: UnitedDefinitionBuilder = (fieldHistoryLen
       collect({ field: 'host.domain' }),
       collect({ field: 'host.hostname' }),
       collect({ field: 'host.id' }),
-      collect({ field: 'host.os.name' }),
+      collect({
+        field: 'host.os.name',
+        mapping: {
+          type: 'keyword',
+          fields: {
+            text: {
+              type: 'match_only_text',
+            },
+          },
+        },
+      }),
       collect({ field: 'host.os.type' }),
       collect({
         field: 'host.ip',
diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/united_entity_definitions/entity_types/user.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/united_entity_definitions/entity_types/user.ts
index 632d1a685b992..3881425df77ce 100644
--- a/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/united_entity_definitions/entity_types/user.ts
+++ b/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/united_entity_definitions/entity_types/user.ts
@@ -16,7 +16,17 @@ export const getUserUnitedDefinition: UnitedDefinitionBuilder = (fieldHistoryLen
     fields: [
       collect({ field: 'user.domain' }),
       collect({ field: 'user.email' }),
-      collect({ field: 'user.full_name' }),
+      collect({
+        field: 'user.full_name',
+        mapping: {
+          type: 'keyword',
+          fields: {
+            text: {
+              type: 'match_only_text',
+            },
+          },
+        },
+      }),
       collect({ field: 'user.hash' }),
       collect({ field: 'user.id' }),
       collect({ field: 'user.roles' }),
diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/united_entity_definitions/get_united_definition.test.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/united_entity_definitions/get_united_definition.test.ts
index fa443ffa94047..07c011b4791e6 100644
--- a/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/united_entity_definitions/get_united_definition.test.ts
+++ b/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/united_entity_definitions/get_united_definition.test.ts
@@ -32,10 +32,10 @@ describe('getUnitedEntityDefinition', () => {
             "entity.name": Object {
               "fields": Object {
                 "text": Object {
-                  "type": "keyword",
+                  "type": "match_only_text",
                 },
               },
-              "type": "text",
+              "type": "keyword",
             },
             "entity.source": Object {
               "type": "keyword",
@@ -59,9 +59,19 @@ describe('getUnitedEntityDefinition', () => {
               "type": "keyword",
             },
             "host.name": Object {
+              "fields": Object {
+                "text": Object {
+                  "type": "match_only_text",
+                },
+              },
               "type": "keyword",
             },
             "host.os.name": Object {
+              "fields": Object {
+                "text": Object {
+                  "type": "match_only_text",
+                },
+              },
               "type": "keyword",
             },
             "host.os.type": Object {
@@ -335,10 +345,10 @@ describe('getUnitedEntityDefinition', () => {
             "entity.name": Object {
               "fields": Object {
                 "text": Object {
-                  "type": "keyword",
+                  "type": "match_only_text",
                 },
               },
-              "type": "text",
+              "type": "keyword",
             },
             "entity.source": Object {
               "type": "keyword",
@@ -350,6 +360,11 @@ describe('getUnitedEntityDefinition', () => {
               "type": "keyword",
             },
             "user.full_name": Object {
+              "fields": Object {
+                "text": Object {
+                  "type": "match_only_text",
+                },
+              },
               "type": "keyword",
             },
             "user.hash": Object {
@@ -359,6 +374,11 @@ describe('getUnitedEntityDefinition', () => {
               "type": "keyword",
             },
             "user.name": Object {
+              "fields": Object {
+                "text": Object {
+                  "type": "match_only_text",
+                },
+              },
               "type": "keyword",
             },
             "user.risk.calculated_level": Object {
diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/united_entity_definitions/united_entity_definition.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/united_entity_definitions/united_entity_definition.ts
index eced765c75193..fc7430ebb1806 100644
--- a/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/united_entity_definitions/united_entity_definition.ts
+++ b/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/united_entity_definitions/united_entity_definition.ts
@@ -94,6 +94,11 @@ export class UnitedEntityDefinition {
       ...BASE_ENTITY_INDEX_MAPPING,
       [identityField]: {
         type: 'keyword',
+        fields: {
+          text: {
+            type: 'match_only_text',
+          },
+        },
       },
     };
 
@@ -107,6 +112,11 @@ export class UnitedEntityDefinition {
 
     properties[identityField] = {
       type: 'keyword',
+      fields: {
+        text: {
+          type: 'match_only_text',
+        },
+      },
     };
 
     return {