Skip to content

Commit

Permalink
[8.x] Reducing vulnerability runtime mappings (#198739) (#198788)
Browse files Browse the repository at this point in the history
# Backport

This will backport the following commits from `main` to `8.x`:
- [Reducing vulnerability runtime mappings
(#198739)](#198739)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Paulo
Silva","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-11-04T14:00:35Z","message":"Reducing
vulnerability runtime mappings (#198739)\n\n## Summary\r\n\r\nIt closes
https://github.com/elastic/security-team/issues/11034\r\n\r\nThis PR
removes runtime mappings for vulnerabilities, since they will
be\r\nadded on the third party integration on
[this\r\nPR](elastic/integrations#11614) before
the 8.16\r\nrelease, we can remove the runtime mappings in Kibana in
favour of not\r\ncompromising performance.\r\n\r\nCo-authored-by: Maxim
Kholod
<[email protected]>","sha":"10d7926e3b2a943250d0ec2437c8d645486b84bd","branchLabelMapping":{"^v9.0.0$":"main","^v8.17.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:Cloud
Security","v8.16.0","backport:version","v8.17.0"],"title":"Reducing
vulnerability runtime
mappings","number":198739,"url":"https://github.com/elastic/kibana/pull/198739","mergeCommit":{"message":"Reducing
vulnerability runtime mappings (#198739)\n\n## Summary\r\n\r\nIt closes
https://github.com/elastic/security-team/issues/11034\r\n\r\nThis PR
removes runtime mappings for vulnerabilities, since they will
be\r\nadded on the third party integration on
[this\r\nPR](elastic/integrations#11614) before
the 8.16\r\nrelease, we can remove the runtime mappings in Kibana in
favour of not\r\ncompromising performance.\r\n\r\nCo-authored-by: Maxim
Kholod
<[email protected]>","sha":"10d7926e3b2a943250d0ec2437c8d645486b84bd"}},"sourceBranch":"main","suggestedTargetBranches":["8.16","8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/198739","number":198739,"mergeCommit":{"message":"Reducing
vulnerability runtime mappings (#198739)\n\n## Summary\r\n\r\nIt closes
https://github.com/elastic/security-team/issues/11034\r\n\r\nThis PR
removes runtime mappings for vulnerabilities, since they will
be\r\nadded on the third party integration on
[this\r\nPR](elastic/integrations#11614) before
the 8.16\r\nrelease, we can remove the runtime mappings in Kibana in
favour of not\r\ncompromising performance.\r\n\r\nCo-authored-by: Maxim
Kholod
<[email protected]>","sha":"10d7926e3b2a943250d0ec2437c8d645486b84bd"}},{"branch":"8.16","label":"v8.16.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.x","label":"v8.17.0","branchLabelMappingKey":"^v8.17.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: Paulo Silva <[email protected]>
  • Loading branch information
kibanamachine and opauloh authored Nov 4, 2024
1 parent a0ce46b commit 2f0a68a
Showing 1 changed file with 2 additions and 6 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -263,9 +263,7 @@ The runtime mappings are used to prevent filtering out the data when any of thes
TODO: Remove the fields below once they are mapped as Keyword in the Third Party integrations, or remove
the fields from the runtime mappings if they are removed from the Data Table.
*/
export const CDR_VULNERABILITY_DATA_TABLE_RUNTIME_MAPPING_FIELDS: string[] = [
VULNERABILITY_FIELDS.VENDOR,
];
export const CDR_VULNERABILITY_DATA_TABLE_RUNTIME_MAPPING_FIELDS: string[] = [];
export const CDR_MISCONFIGURATION_DATA_TABLE_RUNTIME_MAPPING_FIELDS: string[] = [
'rule.benchmark.rule_number',
'rule.section',
Expand All @@ -279,9 +277,7 @@ to prevent filtering out the data when grouping by the key field.
TODO: Remove the fields below once they are mapped as Keyword in the Third Party integrations, or remove
the fields from the runtime mappings if they are removed from the Data Table.
*/
export const CDR_VULNERABILITY_GROUPING_RUNTIME_MAPPING_FIELDS: Record<string, string[]> = {
[VULNERABILITY_GROUPING_OPTIONS.CLOUD_ACCOUNT_NAME]: [VULNERABILITY_FIELDS.CLOUD_PROVIDER],
};
export const CDR_VULNERABILITY_GROUPING_RUNTIME_MAPPING_FIELDS: Record<string, string[]> = {};
export const CDR_MISCONFIGURATION_GROUPING_RUNTIME_MAPPING_FIELDS: Record<string, string[]> = {
[FINDINGS_GROUPING_OPTIONS.ORCHESTRATOR_CLUSTER_NAME]: ['orchestrator.cluster.name'],
[FINDINGS_GROUPING_OPTIONS.CLOUD_ACCOUNT_NAME]: ['cloud.account.name'],
Expand Down

0 comments on commit 2f0a68a

Please sign in to comment.