forked from elastic/kibana
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[8.x] [Cloud Security] Vulnerabilities Preview & Refactor CSP Plugin …
…PHASE 2 (elastic#193638) (elastic#195230) # Backport This will backport the following commits from `main` to `8.x`: - [[Cloud Security] Vulnerabilities Preview & Refactor CSP Plugin PHASE 2 (elastic#193638)](elastic#193638) <!--- Backport version: 8.9.8 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Rickyanto Ang","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-10-04T19:28:18Z","message":"[Cloud Security] Vulnerabilities Preview & Refactor CSP Plugin PHASE 2 (elastic#193638)\n\nIn an attempt to make Reviewing easier and more accurate, the\r\nimplementation of Vulnerabilities on Host.name flyout in Alerts Page\r\nwill be split into 2 Phases\r\n\r\nPhase 1: Move Functions, Utils or Helpers, Hooks, constants to Package\r\nPhase 2: Implementing the feature\r\n\r\nThis is Phase 2\r\n<img width=\"1465\" alt=\"Screenshot 2024-09-20 at 5 33 01 PM\"\r\nsrc=\"https://github.com/user-attachments/assets/cabe2f3a-d35a-4825-9fe5-61fe2d570328\">\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine <[email protected]>\r\nCo-authored-by: Maxim Kholod <[email protected]>","sha":"0b92c268f9e862812a4c2ab4ba50a3b90bc87a65","branchLabelMapping":{"^v9.0.0$":"main","^v8.16.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:Cloud Security","backport:prev-minor","ci:build-cloud-image","ci:project-deploy-security","v8.16.0"],"number":193638,"url":"https://github.com/elastic/kibana/pull/193638","mergeCommit":{"message":"[Cloud Security] Vulnerabilities Preview & Refactor CSP Plugin PHASE 2 (elastic#193638)\n\nIn an attempt to make Reviewing easier and more accurate, the\r\nimplementation of Vulnerabilities on Host.name flyout in Alerts Page\r\nwill be split into 2 Phases\r\n\r\nPhase 1: Move Functions, Utils or Helpers, Hooks, constants to Package\r\nPhase 2: Implementing the feature\r\n\r\nThis is Phase 2\r\n<img width=\"1465\" alt=\"Screenshot 2024-09-20 at 5 33 01 PM\"\r\nsrc=\"https://github.com/user-attachments/assets/cabe2f3a-d35a-4825-9fe5-61fe2d570328\">\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine <[email protected]>\r\nCo-authored-by: Maxim Kholod <[email protected]>","sha":"0b92c268f9e862812a4c2ab4ba50a3b90bc87a65"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","labelRegex":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/193638","number":193638,"mergeCommit":{"message":"[Cloud Security] Vulnerabilities Preview & Refactor CSP Plugin PHASE 2 (elastic#193638)\n\nIn an attempt to make Reviewing easier and more accurate, the\r\nimplementation of Vulnerabilities on Host.name flyout in Alerts Page\r\nwill be split into 2 Phases\r\n\r\nPhase 1: Move Functions, Utils or Helpers, Hooks, constants to Package\r\nPhase 2: Implementing the feature\r\n\r\nThis is Phase 2\r\n<img width=\"1465\" alt=\"Screenshot 2024-09-20 at 5 33 01 PM\"\r\nsrc=\"https://github.com/user-attachments/assets/cabe2f3a-d35a-4825-9fe5-61fe2d570328\">\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine <[email protected]>\r\nCo-authored-by: Maxim Kholod <[email protected]>","sha":"0b92c268f9e862812a4c2ab4ba50a3b90bc87a65"}},{"branch":"8.x","label":"v8.16.0","labelRegex":"^v8.16.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> --------- Co-authored-by: kibanamachine <[email protected]>
- Loading branch information
1 parent
5de888f
commit f9c640d
Showing
31 changed files
with
829 additions
and
86 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
90 changes: 90 additions & 0 deletions
90
x-pack/packages/kbn-cloud-security-posture/src/hooks/use_vulnerabilities_preview.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,90 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License | ||
* 2.0; you may not use this file except in compliance with the Elastic License | ||
* 2.0. | ||
*/ | ||
import { useQuery } from '@tanstack/react-query'; | ||
import { useKibana } from '@kbn/kibana-react-plugin/public'; | ||
import { lastValueFrom } from 'rxjs'; | ||
import type { IKibanaSearchResponse, IKibanaSearchRequest } from '@kbn/search-types'; | ||
import { | ||
SearchRequest, | ||
SearchResponse, | ||
AggregationsMultiBucketAggregateBase, | ||
AggregationsStringRareTermsBucketKeys, | ||
} from '@elastic/elasticsearch/lib/api/typesWithBodyKey'; | ||
import { | ||
CDR_VULNERABILITIES_INDEX_PATTERN, | ||
LATEST_VULNERABILITIES_RETENTION_POLICY, | ||
} from '@kbn/cloud-security-posture-common'; | ||
import type { CspVulnerabilityFinding } from '@kbn/cloud-security-posture-common/schema/vulnerabilities/latest'; | ||
import type { CoreStart } from '@kbn/core/public'; | ||
import type { CspClientPluginStartDeps, UseCspOptions } from '../../type'; | ||
import { showErrorToast } from '../..'; | ||
import { | ||
getFindingsCountAggQueryVulnerabilities, | ||
getVulnerabilitiesAggregationCount, | ||
} from '../utils/hooks_utils'; | ||
|
||
type LatestFindingsRequest = IKibanaSearchRequest<SearchRequest>; | ||
type LatestFindingsResponse = IKibanaSearchResponse< | ||
SearchResponse<CspVulnerabilityFinding, FindingsAggs> | ||
>; | ||
|
||
interface FindingsAggs { | ||
count: AggregationsMultiBucketAggregateBase<AggregationsStringRareTermsBucketKeys>; | ||
} | ||
|
||
const getVulnerabilitiesQuery = ({ query }: UseCspOptions, isPreview = false) => ({ | ||
index: CDR_VULNERABILITIES_INDEX_PATTERN, | ||
size: 0, | ||
aggs: getFindingsCountAggQueryVulnerabilities(), | ||
ignore_unavailable: true, | ||
query: { | ||
...query, | ||
bool: { | ||
...query?.bool, | ||
filter: [ | ||
...(query?.bool?.filter ?? []), | ||
{ | ||
range: { | ||
'@timestamp': { | ||
gte: `now-${LATEST_VULNERABILITIES_RETENTION_POLICY}`, | ||
lte: 'now', | ||
}, | ||
}, | ||
}, | ||
], | ||
}, | ||
}, | ||
}); | ||
|
||
export const useVulnerabilitiesPreview = (options: UseCspOptions) => { | ||
const { | ||
data, | ||
notifications: { toasts }, | ||
} = useKibana<CoreStart & CspClientPluginStartDeps>().services; | ||
|
||
return useQuery( | ||
['csp_vulnerabilities_preview', { params: options }], | ||
async () => { | ||
const { | ||
rawResponse: { aggregations }, | ||
} = await lastValueFrom( | ||
data.search.search<LatestFindingsRequest, LatestFindingsResponse>({ | ||
params: getVulnerabilitiesQuery(options), | ||
}) | ||
); | ||
|
||
return { | ||
count: getVulnerabilitiesAggregationCount(aggregations?.count?.buckets), | ||
}; | ||
}, | ||
{ | ||
keepPreviousData: true, | ||
enabled: options.enabled, | ||
onError: (err: Error) => showErrorToast(toasts, err), | ||
} | ||
); | ||
}; |
30 changes: 30 additions & 0 deletions
30
x-pack/packages/kbn-cloud-security-posture/src/utils/get_vulnerabilitiy_colors.test.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License | ||
* 2.0; you may not use this file except in compliance with the Elastic License | ||
* 2.0. | ||
*/ | ||
|
||
import { euiThemeVars } from '@kbn/ui-theme'; | ||
import { getSeverityStatusColor } from './get_vulnerability_colors'; | ||
describe('getSeverityStatusColor', () => { | ||
it('should return the correct color for LOW severity', () => { | ||
expect(getSeverityStatusColor('LOW')).toBe(euiThemeVars.euiColorVis0); | ||
}); | ||
|
||
it('should return the correct color for MEDIUM severity', () => { | ||
expect(getSeverityStatusColor('MEDIUM')).toBe(euiThemeVars.euiColorVis5_behindText); | ||
}); | ||
|
||
it('should return the correct color for HIGH severity', () => { | ||
expect(getSeverityStatusColor('HIGH')).toBe(euiThemeVars.euiColorVis9_behindText); | ||
}); | ||
|
||
it('should return the correct color for CRITICAL severity', () => { | ||
expect(getSeverityStatusColor('CRITICAL')).toBe(euiThemeVars.euiColorDanger); | ||
}); | ||
|
||
it('should return #aaa for an unknown severity', () => { | ||
expect(getSeverityStatusColor('UNKNOWN')).toBe('#aaa'); | ||
}); | ||
}); |
25 changes: 25 additions & 0 deletions
25
x-pack/packages/kbn-cloud-security-posture/src/utils/get_vulnerability_colors.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License | ||
* 2.0; you may not use this file except in compliance with the Elastic License | ||
* 2.0. | ||
*/ | ||
|
||
import { euiThemeVars } from '@kbn/ui-theme'; | ||
import type { VulnSeverity } from '@kbn/cloud-security-posture-common'; | ||
import { VULNERABILITIES_SEVERITY } from '@kbn/cloud-security-posture-common'; | ||
|
||
export const getSeverityStatusColor = (severity: VulnSeverity): string => { | ||
switch (severity) { | ||
case VULNERABILITIES_SEVERITY.LOW: | ||
return euiThemeVars.euiColorVis0; | ||
case VULNERABILITIES_SEVERITY.MEDIUM: | ||
return euiThemeVars.euiColorVis5_behindText; | ||
case VULNERABILITIES_SEVERITY.HIGH: | ||
return euiThemeVars.euiColorVis9_behindText; | ||
case VULNERABILITIES_SEVERITY.CRITICAL: | ||
return euiThemeVars.euiColorDanger; | ||
default: | ||
return '#aaa'; | ||
} | ||
}; |
29 changes: 29 additions & 0 deletions
29
x-pack/packages/kbn-cloud-security-posture/src/utils/get_vulnerability_text.test.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License | ||
* 2.0; you may not use this file except in compliance with the Elastic License | ||
* 2.0. | ||
*/ | ||
|
||
import { getSeverityText } from './get_vulnerability_text'; | ||
describe('getSeverityStatusColor', () => { | ||
it('should return the correct color for LOW severity', () => { | ||
expect(getSeverityText('LOW')).toBe('Low'); | ||
}); | ||
|
||
it('should return the correct color for MEDIUM severity', () => { | ||
expect(getSeverityText('MEDIUM')).toBe('Medium'); | ||
}); | ||
|
||
it('should return the correct color for HIGH severity', () => { | ||
expect(getSeverityText('HIGH')).toBe('High'); | ||
}); | ||
|
||
it('should return the correct color for CRITICAL severity', () => { | ||
expect(getSeverityText('CRITICAL')).toBe('Critical'); | ||
}); | ||
|
||
it('should return #aaa for an unknown severity', () => { | ||
expect(getSeverityText('UNKNOWN')).toBe('None'); | ||
}); | ||
}); |
24 changes: 24 additions & 0 deletions
24
x-pack/packages/kbn-cloud-security-posture/src/utils/get_vulnerability_text.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License | ||
* 2.0; you may not use this file except in compliance with the Elastic License | ||
* 2.0. | ||
*/ | ||
|
||
import type { VulnSeverity } from '@kbn/cloud-security-posture-common'; | ||
import { VULNERABILITIES_SEVERITY } from '@kbn/cloud-security-posture-common'; | ||
|
||
export const getSeverityText = (severity: VulnSeverity): string => { | ||
switch (severity) { | ||
case VULNERABILITIES_SEVERITY.LOW: | ||
return 'Low'; | ||
case VULNERABILITIES_SEVERITY.MEDIUM: | ||
return 'Medium'; | ||
case VULNERABILITIES_SEVERITY.HIGH: | ||
return 'High'; | ||
case VULNERABILITIES_SEVERITY.CRITICAL: | ||
return 'Critical'; | ||
default: | ||
return 'None'; | ||
} | ||
}; |
59 changes: 59 additions & 0 deletions
59
x-pack/packages/kbn-cloud-security-posture/src/utils/hooks_utils.test.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License | ||
* 2.0; you may not use this file except in compliance with the Elastic License | ||
* 2.0. | ||
*/ | ||
|
||
import type * as estypes from '@elastic/elasticsearch/lib/api/typesWithBodyKey'; | ||
import { | ||
AggregationBuckets, | ||
getVulnerabilitiesAggregationCount, | ||
VULNERABILITIES_RESULT_EVALUATION, | ||
} from './hooks_utils'; | ||
|
||
describe('getVulnerabilitiesAggregationCount', () => { | ||
it('should return default counts when nothing is provided', () => { | ||
const result = { | ||
[VULNERABILITIES_RESULT_EVALUATION.LOW]: 0, | ||
[VULNERABILITIES_RESULT_EVALUATION.MEDIUM]: 0, | ||
[VULNERABILITIES_RESULT_EVALUATION.HIGH]: 0, | ||
[VULNERABILITIES_RESULT_EVALUATION.CRITICAL]: 0, | ||
[VULNERABILITIES_RESULT_EVALUATION.NONE]: 0, | ||
}; | ||
expect(getVulnerabilitiesAggregationCount()).toEqual(result); | ||
}); | ||
|
||
it('should return default counts when empty bucket is provided', () => { | ||
const result = { | ||
[VULNERABILITIES_RESULT_EVALUATION.LOW]: 0, | ||
[VULNERABILITIES_RESULT_EVALUATION.MEDIUM]: 0, | ||
[VULNERABILITIES_RESULT_EVALUATION.HIGH]: 0, | ||
[VULNERABILITIES_RESULT_EVALUATION.CRITICAL]: 0, | ||
[VULNERABILITIES_RESULT_EVALUATION.NONE]: 0, | ||
}; | ||
expect(getVulnerabilitiesAggregationCount({})).toEqual(result); | ||
}); | ||
|
||
it('should return counts when provided with non empty buckets', () => { | ||
const buckets: AggregationBuckets = { | ||
[VULNERABILITIES_RESULT_EVALUATION.LOW]: { doc_count: 1 }, | ||
[VULNERABILITIES_RESULT_EVALUATION.MEDIUM]: { doc_count: 2 }, | ||
[VULNERABILITIES_RESULT_EVALUATION.HIGH]: { doc_count: 3 }, | ||
[VULNERABILITIES_RESULT_EVALUATION.CRITICAL]: { doc_count: 4 }, | ||
[VULNERABILITIES_RESULT_EVALUATION.NONE]: { doc_count: 5 }, | ||
}; | ||
|
||
const vulnerabilitiesAggregrationCount = getVulnerabilitiesAggregationCount( | ||
buckets as estypes.AggregationsBuckets<estypes.AggregationsStringRareTermsBucketKeys> | ||
); | ||
const result = { | ||
[VULNERABILITIES_RESULT_EVALUATION.LOW]: 1, | ||
[VULNERABILITIES_RESULT_EVALUATION.MEDIUM]: 2, | ||
[VULNERABILITIES_RESULT_EVALUATION.HIGH]: 3, | ||
[VULNERABILITIES_RESULT_EVALUATION.CRITICAL]: 4, | ||
[VULNERABILITIES_RESULT_EVALUATION.NONE]: 5, | ||
}; | ||
expect(vulnerabilitiesAggregrationCount).toEqual(result); | ||
}); | ||
}); |
Oops, something went wrong.