[Cloud Security][Dashboard Enhancements] Create Aggregation query to get benchmarks

[Omolola-Akinleye]

Motivation: I aim to create a new aggregation query that retrieves findings by benchmark, enabling users to quickly view and analyze grouped cloud assets. This will include benchmark data (ID, name, versions), passed/failed findings, posture score, and CIS section’s Compliance Score. The benchmark aggregation will utilize the stats API to enhance the Compliance Dashboard Data API ticket.

Acceptance Criteria:

1. Create Benchmark Aggregation:

• A new aggregation query that collects cloud assets metadata and stats by rule.benchmark.id and `rule.benchmark.version.

• The aggregated results return a list of benchmark assets which include the rule benchmark ID and benchmark versions

• The aggregated results should include

  • Benchmark Id
  • Benchmark Version
  • Benchmark Name
  • Resource Type Aggregation by passed/failed findings by benchmark id and version
  • Passed/Failed findings by benchmark id and version
  • Count of assets

• Apply getIdentifierRuntimeMapping to the aggregation query in order to get the number of cloud assets depending on posture type and ensure querying Backward compatibility.

2. Add Passed/Failed Findings Aggregation under Benchmark Version aggs

• The query shall aggregate using result.evaluation field passed/failed findings.
• The query results shall return the count of passed findings and the count of failed findings.

3.Add Resource type Aggregation under Benchmark Version Aggs

• The Resource type aggregation shall aggregate CIS section compliance scores.
• The aggregation results will return the CIS section, counts of passed and failed findings, and the overall score.

4.Add Error Handling

• The aggregation query shall throw an error if the cloud assets by benchmark ID aggregation fails.
• The aggregation query shall throw an error if the cloud assets by benchmark version aggregation fail.
• The aggregation query shall throw an error if the passed/failed findings aggregation fails.
• The aggregation query shall throw an error if the resource type aggregation fails.

Definition of Done

Preview Give feedback

1. Develop the Benchmark Aggregation query. Aggregate by benchmark id and benchmark version
2. Add passed/failed findings aggs to Benchmark Aggregation. Refer to getStatsFromFindingsEvaluationsAggs.
3. Add resource type aggregations to Benchmark Aggregation. See getFailedFindingsFromAggs.
4. Implement and pass all unit tests.

Note:
This ticket is subtask to

Epic - https://github.com/elastic/security-team/issues/7621

[elasticmachine]

Pinging @elastic/kibana-cloud-security-posture (Team:Cloud Security)

[animehart]

benchmark id, benchmark version, failed findings, passed findings, resource type are shown in the Benchmark response and can also be seen in the UI :verified