Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Cloud Security] [Vulnerability Management] Vulnerabilities index transform #151880

Closed
5 tasks done
opauloh opened this issue Feb 22, 2023 · 5 comments · Fixed by #152393
Closed
5 tasks done

[Cloud Security] [Vulnerability Management] Vulnerabilities index transform #151880

opauloh opened this issue Feb 22, 2023 · 5 comments · Fixed by #152393
Assignees
@Omolola-Akinleye
Labels
8.8 candidate Team:Cloud Security Cloud Security team related verified Vulnerability Management

Comments

@opauloh
Copy link
Contributor

opauloh commented Feb 22, 2023
edited by Omolola-Akinleye
Loading

Summary

Create a Transform for the vulnerability management index, use as reference the initializeCspTransforms already defined in the plugins.ts

Tasks

  • Add kibana_system Index privileges for vulnerabilities index
  • Create Ingest Pipeline for vulnerabilities
  • Create Indices for vulnerabilities
  • Confirm unique keys to build the latest vulnerabilities transform
  • Create transform for vulnerabilities

References

Transform API
plugin.ts
Vulnerabilities Schema Discussion
Index privileges PR
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-cloud-security-posture (Team:Cloud Security)

@kfirpeled kfirpeled assigned opauloh and Omolola-Akinleye and unassigned opauloh Feb 23, 2023
@kfirpeled kfirpeled mentioned this issue Feb 23, 2023
Closed
4 tasks
@Omolola-Akinleye Omolola-Akinleye linked a pull request Feb 28, 2023 that will close this issue
[Cloud Posture]Create vulnerability transforms #152393
Merged
10 tasks
@Omolola-Akinleye Omolola-Akinleye mentioned this issue Feb 28, 2023
Merged
10 tasks
@Omolola-Akinleye
Copy link
Contributor

@amirbenun Do we want to use resource.id and vulnerabilities.id as the unique keys to build transform?

cc: @opauloh @kfirpeled @eyalkraft

@amirbenun
Copy link
Contributor

Seems to me that these together are almost enough to point to a unique vulnerability.
Having said that, I realize that an EC2 instance (resource.id) can have the same vulnerability (vulnerability.id) more than once, for example, if an EC2 instance runs 2 projects.
Maybe another parameter that can help us here is the file on which we detect the vulnerability, but I am not sure that trivy provides that information.
Based my comment on the example result we see here https://github.com/elastic/security-team/issues/5690

@eyalkraft
Copy link
Contributor

@amirbenun
You raise an interesting point.
I think using resource.id, vulnerability.id, and possibly also package.version would be enough for first iteration.

@Omolola-Akinleye
Copy link
Contributor

Elasticsearch Index Privileges PR - elastic/elasticsearch#94255

Omolola-Akinleye added a commit that referenced this issue Mar 21, 2023
@Omolola-Akinleye @kibanamachine
[Cloud Posture]Create vulnerability transforms (#152393)
5e6a430 
## Summary
Issue [#151880](#151880)

This PR creates the vulnerabilities transforms.


- [x] Create  transform for vulnerabilities
    - [x] InitializeTransform() 
    - [x] Create a transform config
    - [x] Delete the latest transform for vulnerabilities
- [x] Create  Indices for vulnerabilities
    - [x] Create indices  for vulnerabilities
- [x] Create Transform Ingest Pipeline for Vulnerabilities
    - [x] Define Ingest Pipeline Config
    - [x] Define Ingest Pipeline ID
    - [x] Tested Ingested Pipeline

Vulnerabilities Transform
<img width="716" alt="image"
src="https://user-images.githubusercontent.com/17135495/221977922-64372f8b-157f-4c6f-a310-a94fe2b4e47f.png">



Vulnerabilities Index
<img width="1471" alt="image"
src="https://user-images.githubusercontent.com/17135495/221970878-9581b1de-277e-49b8-96e2-6175d75b7d5e.png">

Vulnerabilities Index Template

<img width="863" alt="image"
src="https://user-images.githubusercontent.com/17135495/221971260-493c9ea2-8006-434c-98c9-abd4d37a076a.png">

Vulnerabilities Index Latest Template
<img width="1702" alt="image"
src="https://user-images.githubusercontent.com/17135495/221971431-ca65ee76-ee69-4efa-833b-e9decea9d3aa.png">

---------

Co-authored-by: Kibana Machine <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Omolola-Akinleye Omolola-Akinleye

Labels
8.8 candidate Team:Cloud Security Cloud Security team related verified Vulnerability Management
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[Cloud Posture]Create vulnerability transforms Omolola-Akinleye/kibana
6 participants
@elasticmachine @Omolola-Akinleye @opauloh @amirbenun @eyalkraft @CohenIdo