From e5526dc294792bcf19db5e958baf9c94bafa0d27 Mon Sep 17 00:00:00 2001 From: Kfir Peled <61654899+kfirpeled@users.noreply.github.com> Date: Wed, 19 Apr 2023 16:43:23 -0600 Subject: [PATCH] [Cloud Security] [CNVM] Added mappings to vulnerability (#5915) --- packages/cloud_security_posture/changelog.yml | 2 +- .../findings/fields/base-fields.yml | 2 +- .../data_stream/findings/fields/cloudbeat.yml | 14 +++++------ .../data_stream/findings/fields/ecs.yml | 2 ++ .../vulnerabilities/fields/base-fields.yml | 2 +- .../vulnerabilities/fields/ecs.yml | 2 ++ .../vulnerabilities/fields/resource.yml | 7 ++++++ .../vulnerabilities/fields/vulnerability.yml | 23 +++++++++++++++++++ ...-07a5e6d6-982d-4c7c-a845-5f2be43279c9.json | 14 +++++++++++ ...-c406d945-a359-4c04-9a6a-65d66de8706b.json | 14 +++++++++++ packages/cloud_security_posture/manifest.yml | 2 +- 11 files changed, 73 insertions(+), 11 deletions(-) create mode 100644 packages/cloud_security_posture/data_stream/vulnerabilities/fields/resource.yml create mode 100644 packages/cloud_security_posture/data_stream/vulnerabilities/fields/vulnerability.yml create mode 100644 packages/cloud_security_posture/kibana/index_pattern/cloud_security_posture-07a5e6d6-982d-4c7c-a845-5f2be43279c9.json create mode 100644 packages/cloud_security_posture/kibana/index_pattern/cloud_security_posture-c406d945-a359-4c04-9a6a-65d66de8706b.json diff --git a/packages/cloud_security_posture/changelog.yml b/packages/cloud_security_posture/changelog.yml index 8a8f6e725d3..9b067d1af11 100644 --- a/packages/cloud_security_posture/changelog.yml +++ b/packages/cloud_security_posture/changelog.yml @@ -1,5 +1,5 @@ # newer versions go on top -- version: "1.3.0-preview4" +- version: "1.3.0-preview5" changes: - description: New vulnerability management integration type: enhancement diff --git a/packages/cloud_security_posture/data_stream/findings/fields/base-fields.yml b/packages/cloud_security_posture/data_stream/findings/fields/base-fields.yml index d3b0f5a163e..0d1791ffed6 100644 --- a/packages/cloud_security_posture/data_stream/findings/fields/base-fields.yml +++ b/packages/cloud_security_posture/data_stream/findings/fields/base-fields.yml @@ -9,4 +9,4 @@ description: Data stream namespace. - name: "@timestamp" type: date - description: Event timestamp. \ No newline at end of file + description: Event timestamp. diff --git a/packages/cloud_security_posture/data_stream/findings/fields/cloudbeat.yml b/packages/cloud_security_posture/data_stream/findings/fields/cloudbeat.yml index c15b132bdd0..704c3055bfd 100644 --- a/packages/cloud_security_posture/data_stream/findings/fields/cloudbeat.yml +++ b/packages/cloud_security_posture/data_stream/findings/fields/cloudbeat.yml @@ -23,13 +23,13 @@ ignore_above: 1024 description: The commit SHA of the Cloudbeat. default_field: false -# Currently we can't map commit_time, epm doesn't support format for field type date (see: https://github.com/elastic/kibana/pull/151871) -# - name: commit_time -# level: extended -# type: date -# description: The commit time of the Cloudbeat. -# format: "yyyy-MM-dd HH:mm:ss Z z||strict_date_optional_time||epoch_millis" -# default_field: false + # Currently we can't map commit_time, epm doesn't support format for field type date (see: https://github.com/elastic/kibana/pull/151871) + # - name: commit_time + # level: extended + # type: date + # description: The commit time of the Cloudbeat. + # format: "yyyy-MM-dd HH:mm:ss Z z||strict_date_optional_time||epoch_millis" + # default_field: false - name: kubernetes.version level: extended type: keyword diff --git a/packages/cloud_security_posture/data_stream/findings/fields/ecs.yml b/packages/cloud_security_posture/data_stream/findings/fields/ecs.yml index f4a0be9467d..4adb6c82f96 100644 --- a/packages/cloud_security_posture/data_stream/findings/fields/ecs.yml +++ b/packages/cloud_security_posture/data_stream/findings/fields/ecs.yml @@ -122,3 +122,5 @@ external: ecs - name: cloud.provider external: ecs +- name: cloud.region + external: ecs diff --git a/packages/cloud_security_posture/data_stream/vulnerabilities/fields/base-fields.yml b/packages/cloud_security_posture/data_stream/vulnerabilities/fields/base-fields.yml index d3b0f5a163e..0d1791ffed6 100644 --- a/packages/cloud_security_posture/data_stream/vulnerabilities/fields/base-fields.yml +++ b/packages/cloud_security_posture/data_stream/vulnerabilities/fields/base-fields.yml @@ -9,4 +9,4 @@ description: Data stream namespace. - name: "@timestamp" type: date - description: Event timestamp. \ No newline at end of file + description: Event timestamp. diff --git a/packages/cloud_security_posture/data_stream/vulnerabilities/fields/ecs.yml b/packages/cloud_security_posture/data_stream/vulnerabilities/fields/ecs.yml index bf2383adda7..f0f0c6e1711 100644 --- a/packages/cloud_security_posture/data_stream/vulnerabilities/fields/ecs.yml +++ b/packages/cloud_security_posture/data_stream/vulnerabilities/fields/ecs.yml @@ -86,3 +86,5 @@ external: ecs - name: cloud.provider external: ecs +- name: cloud.region + external: ecs diff --git a/packages/cloud_security_posture/data_stream/vulnerabilities/fields/resource.yml b/packages/cloud_security_posture/data_stream/vulnerabilities/fields/resource.yml new file mode 100644 index 00000000000..425eb9530e9 --- /dev/null +++ b/packages/cloud_security_posture/data_stream/vulnerabilities/fields/resource.yml @@ -0,0 +1,7 @@ +- name: resource + type: group + fields: + - name: id + type: keyword + - name: name + type: keyword diff --git a/packages/cloud_security_posture/data_stream/vulnerabilities/fields/vulnerability.yml b/packages/cloud_security_posture/data_stream/vulnerabilities/fields/vulnerability.yml new file mode 100644 index 00000000000..076bd6920d7 --- /dev/null +++ b/packages/cloud_security_posture/data_stream/vulnerabilities/fields/vulnerability.yml @@ -0,0 +1,23 @@ +- name: vulnerability + type: group + fields: + - name: package.version + type: keyword + - name: package.name + type: keyword + - name: package.fixed_version + type: keyword + - name: title + type: keyword + - name: data_source.ID + type: keyword + - name: data_source.URL + type: keyword + - name: data_source.Name + type: keyword + - name: cwe + type: keyword + - name: scanner.version + type: keyword + - name: published_date + type: keyword diff --git a/packages/cloud_security_posture/kibana/index_pattern/cloud_security_posture-07a5e6d6-982d-4c7c-a845-5f2be43279c9.json b/packages/cloud_security_posture/kibana/index_pattern/cloud_security_posture-07a5e6d6-982d-4c7c-a845-5f2be43279c9.json new file mode 100644 index 00000000000..a5add7bfadc --- /dev/null +++ b/packages/cloud_security_posture/kibana/index_pattern/cloud_security_posture-07a5e6d6-982d-4c7c-a845-5f2be43279c9.json @@ -0,0 +1,14 @@ +{ + "attributes": { + "description": "", + "title": "logs-cloud_security_posture.vulnerabilities_latest-*", + "timeFieldName": "@timestamp", + "namespaces": "[*]" + }, + "coreMigrationVersion": "8.3.0", + "id": "cloud_security_posture-07a5e6d6-982d-4c7c-a845-5f2be43279c9", + "migrationVersion": { + "index-pattern": "8.0.0" + }, + "type": "index-pattern" +} \ No newline at end of file diff --git a/packages/cloud_security_posture/kibana/index_pattern/cloud_security_posture-c406d945-a359-4c04-9a6a-65d66de8706b.json b/packages/cloud_security_posture/kibana/index_pattern/cloud_security_posture-c406d945-a359-4c04-9a6a-65d66de8706b.json new file mode 100644 index 00000000000..7e6270c3125 --- /dev/null +++ b/packages/cloud_security_posture/kibana/index_pattern/cloud_security_posture-c406d945-a359-4c04-9a6a-65d66de8706b.json @@ -0,0 +1,14 @@ +{ + "attributes": { + "description": "", + "title": "logs-cloud_security_posture.vulnerabilities-*", + "timeFieldName": "@timestamp", + "namespaces": "[*]" + }, + "coreMigrationVersion": "8.1.0", + "id": "cloud_security_posture-c406d945-a359-4c04-9a6a-65d66de8706b", + "migrationVersion": { + "index-pattern": "8.0.0" + }, + "type": "index-pattern" +} \ No newline at end of file diff --git a/packages/cloud_security_posture/manifest.yml b/packages/cloud_security_posture/manifest.yml index 5e4431f2f62..fbc69f704ed 100644 --- a/packages/cloud_security_posture/manifest.yml +++ b/packages/cloud_security_posture/manifest.yml @@ -1,7 +1,7 @@ format_version: 2.3.0 name: cloud_security_posture title: "Security Posture Management" -version: "1.3.0-preview4" +version: "1.3.0-preview5" source: license: "Elastic-2.0" description: "Identify & remediate configuration risks in your Cloud infrastructure"