[Cloud Security] [CNVM] Added mappings to vulnerability (elastic#5915)

agithomas · Apr 22, 2023 · e5526dc · e5526dc
1 parent ebdc73a
commit e5526dc
Show file tree

Hide file tree

Showing 11 changed files with 73 additions and 11 deletions.
diff --git a/packages/cloud_security_posture/changelog.yml b/packages/cloud_security_posture/changelog.yml
@@ -1,5 +1,5 @@
 # newer versions go on top
-- version: "1.3.0-preview4"
+- version: "1.3.0-preview5"
   changes:
     - description: New vulnerability management integration
       type: enhancement

diff --git a/packages/cloud_security_posture/data_stream/findings/fields/base-fields.yml b/packages/cloud_security_posture/data_stream/findings/fields/base-fields.yml
@@ -9,4 +9,4 @@
   description: Data stream namespace.
 - name: "@timestamp"
   type: date
-  description: Event timestamp.
+  description: Event timestamp.
diff --git a/packages/cloud_security_posture/data_stream/findings/fields/cloudbeat.yml b/packages/cloud_security_posture/data_stream/findings/fields/cloudbeat.yml
@@ -23,13 +23,13 @@
       ignore_above: 1024
       description: The commit SHA of the Cloudbeat.
       default_field: false
-# Currently we can't map commit_time, epm doesn't support format for field type date (see: https://github.com/elastic/kibana/pull/151871)
-#    - name: commit_time
-#      level: extended
-#      type: date
-#      description: The commit time of the Cloudbeat.
-#      format: "yyyy-MM-dd HH:mm:ss Z z||strict_date_optional_time||epoch_millis"
-#      default_field: false
+      # Currently we can't map commit_time, epm doesn't support format for field type date (see: https://github.com/elastic/kibana/pull/151871)
+      #    - name: commit_time
+      #      level: extended
+      #      type: date
+      #      description: The commit time of the Cloudbeat.
+      #      format: "yyyy-MM-dd HH:mm:ss Z z||strict_date_optional_time||epoch_millis"
+      #      default_field: false
     - name: kubernetes.version
       level: extended
       type: keyword

diff --git a/packages/cloud_security_posture/data_stream/findings/fields/ecs.yml b/packages/cloud_security_posture/data_stream/findings/fields/ecs.yml
@@ -122,3 +122,5 @@
   external: ecs
 - name: cloud.provider
   external: ecs
+- name: cloud.region
+  external: ecs
diff --git a/packages/cloud_security_posture/data_stream/vulnerabilities/fields/base-fields.yml b/packages/cloud_security_posture/data_stream/vulnerabilities/fields/base-fields.yml
@@ -9,4 +9,4 @@
   description: Data stream namespace.
 - name: "@timestamp"
   type: date
-  description: Event timestamp.
+  description: Event timestamp.
diff --git a/packages/cloud_security_posture/data_stream/vulnerabilities/fields/ecs.yml b/packages/cloud_security_posture/data_stream/vulnerabilities/fields/ecs.yml
@@ -86,3 +86,5 @@
   external: ecs
 - name: cloud.provider
   external: ecs
+- name: cloud.region
+  external: ecs
diff --git a/packages/cloud_security_posture/data_stream/vulnerabilities/fields/resource.yml b/packages/cloud_security_posture/data_stream/vulnerabilities/fields/resource.yml
@@ -0,0 +1,7 @@
+- name: resource
+  type: group
+  fields:
+    - name: id
+      type: keyword
+    - name: name
+      type: keyword
diff --git a/packages/cloud_security_posture/data_stream/vulnerabilities/fields/vulnerability.yml b/packages/cloud_security_posture/data_stream/vulnerabilities/fields/vulnerability.yml
@@ -0,0 +1,23 @@
+- name: vulnerability
+  type: group
+  fields:
+    - name: package.version
+      type: keyword
+    - name: package.name
+      type: keyword
+    - name: package.fixed_version
+      type: keyword
+    - name: title
+      type: keyword
+    - name: data_source.ID
+      type: keyword
+    - name: data_source.URL
+      type: keyword
+    - name: data_source.Name
+      type: keyword
+    - name: cwe
+      type: keyword
+    - name: scanner.version
+      type: keyword
+    - name: published_date
+      type: keyword
diff --git a/...ure/kibana/index_pattern/cloud_security_posture-07a5e6d6-982d-4c7c-a845-5f2be43279c9.json b/...ure/kibana/index_pattern/cloud_security_posture-07a5e6d6-982d-4c7c-a845-5f2be43279c9.json
@@ -0,0 +1,14 @@
+{
+    "attributes": {
+        "description": "",
+        "title": "logs-cloud_security_posture.vulnerabilities_latest-*",
+        "timeFieldName": "@timestamp",
+        "namespaces": "[*]"
+    },
+    "coreMigrationVersion": "8.3.0",
+    "id": "cloud_security_posture-07a5e6d6-982d-4c7c-a845-5f2be43279c9",
+    "migrationVersion": {
+        "index-pattern": "8.0.0"
+    },
+    "type": "index-pattern"
+}
diff --git a/...ure/kibana/index_pattern/cloud_security_posture-c406d945-a359-4c04-9a6a-65d66de8706b.json b/...ure/kibana/index_pattern/cloud_security_posture-c406d945-a359-4c04-9a6a-65d66de8706b.json
@@ -0,0 +1,14 @@
+{
+    "attributes": {
+        "description": "",
+        "title": "logs-cloud_security_posture.vulnerabilities-*",
+        "timeFieldName": "@timestamp",
+        "namespaces": "[*]"
+    },
+    "coreMigrationVersion": "8.1.0",
+    "id": "cloud_security_posture-c406d945-a359-4c04-9a6a-65d66de8706b",
+    "migrationVersion": {
+        "index-pattern": "8.0.0"
+    },
+    "type": "index-pattern"
+}
diff --git a/packages/cloud_security_posture/manifest.yml b/packages/cloud_security_posture/manifest.yml
@@ -1,7 +1,7 @@
 format_version: 2.3.0
 name: cloud_security_posture
 title: "Security Posture Management"
-version: "1.3.0-preview4"
+version: "1.3.0-preview5"
 source:
   license: "Elastic-2.0"
 description: "Identify & remediate configuration risks in your Cloud infrastructure"