Skip to content

Commit

Permalink
[8.10] [Cloud Security] [Alerts] Fix alerts telemetry collector (#164757
Browse files Browse the repository at this point in the history
) (#164913)

# Backport

This will backport the following commits from `main` to `8.10`:
- [[Cloud Security] [Alerts] Fix alerts telemetry collector
(#164757)](#164757)

<!--- Backport version: 8.9.7 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Paulo
Henrique","email":"[email protected]"},"sourceCommit":{"committedDate":"2023-08-26T04:25:52Z","message":"[Cloud
Security] [Alerts] Fix alerts telemetry collector
(#164757)","sha":"d18ef2f9797787b481345694b512dd56f40c0b48","branchLabelMapping":{"^v8.11.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:skip","Team:Cloud
Security","backport:prev-minor","v8.10.0","v8.11.0"],"number":164757,"url":"https://github.com/elastic/kibana/pull/164757","mergeCommit":{"message":"[Cloud
Security] [Alerts] Fix alerts telemetry collector
(#164757)","sha":"d18ef2f9797787b481345694b512dd56f40c0b48"}},"sourceBranch":"main","suggestedTargetBranches":["8.10"],"targetPullRequestStates":[{"branch":"8.10","label":"v8.10.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.11.0","labelRegex":"^v8.11.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/164757","number":164757,"mergeCommit":{"message":"[Cloud
Security] [Alerts] Fix alerts telemetry collector
(#164757)","sha":"d18ef2f9797787b481345694b512dd56f40c0b48"}}]}]
BACKPORT-->

Co-authored-by: Paulo Henrique <[email protected]>
  • Loading branch information
kibanamachine and opauloh authored Aug 26, 2023
1 parent 73c44a1 commit 681661d
Showing 1 changed file with 36 additions and 56 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -9,53 +9,28 @@ import type { ElasticsearchClient } from '@kbn/core-elasticsearch-server';
import type { CloudSecurityAlertsStats } from './types';
import { DETECTION_ENGINE_ALERTS_INDEX_DEFAULT } from '../../../../common/constants';

interface AlertsStats {
aggregations: {
cspm: {
rules_count: {
value: number;
};
alerts_open: {
doc_count: number;
};
alerts_acknowledged: {
doc_count: number;
};
alerts_closed: {
doc_count: number;
};
};
kspm: {
rules_count: {
value: number;
};
alerts_open: {
doc_count: number;
};
alerts_acknowledged: {
doc_count: number;
};
alerts_closed: {
doc_count: number;
};
};
vuln_mgmt: {
rules_count: {
value: number;
};
alerts_open: {
doc_count: number;
};
alerts_acknowledged: {
doc_count: number;
};
alerts_closed: {
doc_count: number;
};
};
interface AlertStat {
doc_count: number;
rules_count: {
value: number;
};
alerts_open: {
doc_count: number;
};
alerts_acknowledged: {
doc_count: number;
};
alerts_closed: {
doc_count: number;
};
}

interface AlertsStats {
cspm: AlertStat;
kspm: AlertStat;
vuln_mgmt: AlertStat;
}

const getAlertsStatsQuery = (index: string) => ({
size: 0,
query: {
Expand Down Expand Up @@ -187,20 +162,25 @@ export const getAlertsStats = async (

if (isIndexExists) {
const alertsStats = await esClient.search<unknown, AlertsStats>(getAlertsStatsQuery(index));

const postureTypes = ['cspm', 'kspm', 'vuln_mgmt'] as const;

return postureTypes.map((postureType) => ({
posture_type: postureType,
rules_count: alertsStats.aggregations?.aggregations[postureType].rules_count.value,
alerts_count: alertsStats.aggregations?.aggregations[postureType].alerts_open.doc_count,
alerts_open_count:
alertsStats.aggregations?.aggregations[postureType].alerts_open.doc_count,
alerts_acknowledged_count:
alertsStats.aggregations?.aggregations[postureType].alerts_acknowledged.doc_count,
alerts_closed_count:
alertsStats.aggregations?.aggregations[postureType].alerts_closed.doc_count,
})) as CloudSecurityAlertsStats[];
return postureTypes
.filter(
(postureType) =>
alertsStats?.aggregations?.[postureType]?.doc_count &&
alertsStats.aggregations[postureType].doc_count > 0
)
.map((postureType): CloudSecurityAlertsStats => {
const postureTypeData = alertsStats!.aggregations![postureType];
return {
posture_type: postureType,
rules_count: postureTypeData.rules_count?.value,
alerts_count: postureTypeData.doc_count,
alerts_open_count: postureTypeData.alerts_open?.doc_count,
alerts_acknowledged_count: postureTypeData.alerts_acknowledged?.doc_count,
alerts_closed_count: postureTypeData.alerts_closed?.doc_count,
};
});
}
return [];
} catch (e) {
Expand Down

0 comments on commit 681661d

Please sign in to comment.