[Cloud Posture] Create indices for benchmark score and latest findings (

#127479)
elastic · Mar 17, 2022 · b53dfe7 · b53dfe7
1 parent b47ee8b
commit b53dfe7
Show file tree

Hide file tree

Showing 5 changed files with 206 additions and 1 deletion.
diff --git a/x-pack/plugins/cloud_security_posture/common/constants.ts b/x-pack/plugins/cloud_security_posture/common/constants.ts
@@ -12,6 +12,8 @@ export const UPDATE_RULES_CONFIG_ROUTE_PATH = '/api/csp/update_rules_config';
 
 export const CSP_KUBEBEAT_INDEX_PATTERN = 'logs-cis_kubernetes_benchmark.findings*';
 export const AGENT_LOGS_INDEX_PATTERN = '.logs-cis_kubernetes_benchmark.metadata*';
+export const LATEST_FINDINGS_INDEX_PATTERN = 'cloud_security_posture-findings_latest';
+export const BENCHMARK_SCORE_INDEX_PATTERN = 'cloud_security_posture-benchmark_scores';
 
 export const CSP_FINDINGS_INDEX_NAME = 'findings';
 export const CIS_KUBERNETES_PACKAGE_NAME = 'cis_kubernetes_benchmark';

diff --git a/x-pack/plugins/cloud_security_posture/server/create_indices/benchmark_score_mapping.ts b/x-pack/plugins/cloud_security_posture/server/create_indices/benchmark_score_mapping.ts
@@ -0,0 +1,45 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import type { MappingTypeMapping } from '@elastic/elasticsearch/lib/api/types';
+
+export const benchmarkScoreMapping: MappingTypeMapping = {
+  properties: {
+    '@timestamp': {
+      type: 'date',
+    },
+    score: {
+      type: 'float',
+    },
+    total_findings: {
+      type: 'integer',
+    },
+    'passed.passed_counter': {
+      type: 'integer',
+    },
+    'failed.failed_counter': {
+      type: 'integer',
+    },
+    cluster_id: {
+      type: 'text',
+      fields: {
+        keyword: {
+          ignore_above: 1024,
+          type: 'keyword',
+        },
+      },
+    },
+    'rule.benchmark.name': {
+      type: 'text',
+      fields: {
+        keyword: {
+          ignore_above: 1024,
+          type: 'keyword',
+        },
+      },
+    },
+  },
+};
diff --git a/x-pack/plugins/cloud_security_posture/server/create_indices/create_transforms_indices.ts b/x-pack/plugins/cloud_security_posture/server/create_indices/create_transforms_indices.ts
@@ -0,0 +1,48 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import { transformError } from '@kbn/securitysolution-es-utils';
+import { MappingTypeMapping } from '@elastic/elasticsearch/lib/api/types';
+import type { ElasticsearchClient, Logger } from '../../../../../src/core/server';
+import { benchmarkScoreMapping } from './benchmark_score_mapping';
+import { latestFindingsMapping } from './latest_findings_mapping';
+import {
+  LATEST_FINDINGS_INDEX_PATTERN,
+  BENCHMARK_SCORE_INDEX_PATTERN,
+} from '../../common/constants';
+
+// TODO: Add integration tests
+export const initializeCspTransformsIndices = async (
+  esClient: ElasticsearchClient,
+  logger: Logger
+) => {
+  createIndexIfNotExists(esClient, LATEST_FINDINGS_INDEX_PATTERN, latestFindingsMapping, logger);
+  createIndexIfNotExists(esClient, BENCHMARK_SCORE_INDEX_PATTERN, benchmarkScoreMapping, logger);
+};
+
+export const createIndexIfNotExists = async (
+  esClient: ElasticsearchClient,
+  index: string,
+  mapping: MappingTypeMapping,
+  logger: Logger
+) => {
+  try {
+    const isLatestIndexExists = await esClient.indices.exists({
+      index,
+    });
+
+    if (!isLatestIndexExists) {
+      await esClient.indices.create({
+        index,
+        mappings: mapping,
+      });
+    }
+  } catch (err) {
+    const error = transformError(err);
+    logger.error(`Failed to create ${LATEST_FINDINGS_INDEX_PATTERN}`);
+    logger.error(error.message);
+  }
+};
diff --git a/x-pack/plugins/cloud_security_posture/server/create_indices/latest_findings_mapping.ts b/x-pack/plugins/cloud_security_posture/server/create_indices/latest_findings_mapping.ts
@@ -0,0 +1,109 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import type { MappingTypeMapping } from '@elastic/elasticsearch/lib/api/types';
+
+export const latestFindingsMapping: MappingTypeMapping = {
+  properties: {
+    result: {
+      properties: {
+        evaluation: {
+          type: 'text',
+          fields: {
+            keyword: {
+              ignore_above: 1024,
+              type: 'keyword',
+            },
+          },
+        },
+      },
+    },
+
+    agent: {
+      properties: {
+        id: {
+          type: 'text',
+          fields: {
+            keyword: {
+              ignore_above: 1024,
+              type: 'keyword',
+            },
+          },
+        },
+      },
+    },
+    '@timestamp': {
+      type: 'date',
+    },
+    cycle_id: {
+      type: 'text',
+      fields: {
+        keyword: {
+          ignore_above: 1024,
+          type: 'keyword',
+        },
+      },
+    },
+    resource: {
+      properties: {
+        filename: {
+          type: 'text',
+          fields: {
+            keyword: {
+              ignore_above: 1024,
+              type: 'keyword',
+            },
+          },
+        },
+        type: {
+          type: 'text',
+          fields: {
+            keyword: {
+              ignore_above: 1024,
+              type: 'keyword',
+            },
+          },
+        },
+      },
+    },
+    resource_id: {
+      type: 'text',
+      fields: {
+        keyword: {
+          ignore_above: 1024,
+          type: 'keyword',
+        },
+      },
+    },
+    rule: {
+      properties: {
+        name: {
+          ignore_above: 1024,
+          type: 'keyword',
+          fields: {
+            keyword: {
+              ignore_above: 1024,
+              type: 'keyword',
+            },
+          },
+        },
+        benchmark: {
+          properties: {
+            name: {
+              type: 'text',
+              fields: {
+                keyword: {
+                  ignore_above: 1024,
+                  type: 'keyword',
+                },
+              },
+            },
+          },
+        },
+      },
+    },
+  },
+};
diff --git a/x-pack/plugins/cloud_security_posture/server/plugin.ts b/x-pack/plugins/cloud_security_posture/server/plugin.ts
@@ -22,6 +22,7 @@ import type {
 import { defineRoutes } from './routes';
 import { cspRuleAssetType } from './saved_objects/cis_1_4_1/csp_rule_type';
 import { initializeCspRules } from './saved_objects/cis_1_4_1/initialize_rules';
+import { initializeCspTransformsIndices } from './create_indices/create_transforms_indices';
 
 export interface CspAppContext {
   logger: Logger;
@@ -68,7 +69,7 @@ export class CspPlugin
     });
 
     initializeCspRules(core.savedObjects.createInternalRepository());
-
+    initializeCspTransformsIndices(core.elasticsearch.client.asInternalUser, this.logger);
     return {};
   }
   public stop() {}