[9.1] [Entity Store] Remove non ECS complaint identity fields mapping (#226741) (#226955)

romulets · web-flow · commit 1b8d746863b3 · 2025-07-08T16:22:26.000+03:00
# Backport This will backport the following commits from `main` to `9.1`: - [[Entity Store] Remove non ECS complaint identity fields mapping (#226741)](#226741)  ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport)
diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/entity_store/elasticsearch_assets/entity_index.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/entity_store/elasticsearch_assets/entity_index.ts
@@ -65,17 +65,13 @@ export const getEntityIndexStatus = async ({
 export type MappingProperties = NonNullable<MappingTypeMapping['properties']>;
 
 export const generateIndexMappings = (
-  description: Pick<EntityEngineInstallationDescriptor, 'fields' | 'identityField'>
+  description: Pick<
+    EntityEngineInstallationDescriptor,
+    'fields' | 'identityField' | 'identityFieldMapping'
+  >
 ): MappingTypeMapping => {
   const identityFieldMappings: MappingProperties = {
-    [description.identityField]: {
-      type: 'keyword',
-      fields: {
-        text: {
-          type: 'match_only_text',
-        },
-      },
-    },
+    [description.identityField]: description.identityFieldMapping,
   };
 
   const otherFieldMappings = description.fields
@@ -99,11 +95,6 @@ export const BASE_ENTITY_INDEX_MAPPING: MappingProperties = {
   },
   'entity.name': {
     type: 'keyword',
-    fields: {
-      text: {
-        type: 'match_only_text',
-      },
-    },
   },
   'entity.source': {
     type: 'keyword',
diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/entity_store/entity_definitions/entity_descriptions/generic.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/entity_store/entity_definitions/entity_descriptions/generic.ts
@@ -15,6 +15,7 @@ export const genericEntityEngineDescription: EntityDescription = {
   entityType: 'generic',
   version: GENERIC_DEFINITION_VERSION,
   identityField: GENERIC_IDENTITY_FIELD,
+  identityFieldMapping: { type: 'keyword' },
   settings: {
     timestampField: '@timestamp',
   },
diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/entity_store/entity_definitions/entity_descriptions/host.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/entity_store/entity_definitions/entity_descriptions/host.ts
@@ -15,6 +15,7 @@ export const hostEntityEngineDescription: EntityDescription = {
   entityType: 'host',
   version: HOST_DEFINITION_VERSION,
   identityField: HOST_IDENTITY_FIELD,
+  identityFieldMapping: { type: 'keyword' },
   settings: {
     timestampField: '@timestamp',
   },
diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/entity_store/entity_definitions/entity_descriptions/service.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/entity_store/entity_definitions/entity_descriptions/service.ts
@@ -16,6 +16,7 @@ export const serviceEntityEngineDescription: EntityDescription = {
   entityType: 'service',
   version: SERVICE_DEFINITION_VERSION,
   identityField: SERVICE_IDENTITY_FIELD,
+  identityFieldMapping: { type: 'keyword' },
   settings: {
     timestampField: '@timestamp',
   },
diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/entity_store/entity_definitions/entity_descriptions/user.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/entity_store/entity_definitions/entity_descriptions/user.ts
@@ -14,6 +14,14 @@ export const userEntityEngineDescription: EntityDescription = {
   entityType: 'user',
   version: USER_DEFINITION_VERSION,
   identityField: USER_IDENTITY_FIELD,
+  identityFieldMapping: {
+    type: 'keyword',
+    fields: {
+      text: {
+        type: 'match_only_text',
+      },
+    },
+  },
   settings: {
     timestampField: '@timestamp',
   },
diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/entity_store/entity_definitions/types.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/entity_store/entity_definitions/types.ts
@@ -23,6 +23,7 @@ export type EntityDescription = PickPartial<
   | 'indexMappings'
   | 'settings'
   | 'pipeline'
-  | 'dynamic',
+  | 'dynamic'
+  | 'identityFieldMapping',
   'indexPatterns' | 'indexMappings' | 'settings' | 'dynamic'
 >;
diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/entity_store/entity_store_data_client.test.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/entity_store/entity_store_data_client.test.ts
@@ -38,6 +38,7 @@ const definition: EntityDefinition = convertToEntityManagerDefinition(
     version: '0.0.1',
     fields: [],
     identityField: 'host.name',
+    identityFieldMapping: { type: 'keyword' },
     indexMappings: {},
     indexPatterns: [],
     settings: {
diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/entity_store/installation/__snapshots__/engine_description.test.ts.snap b/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/entity_store/installation/__snapshots__/engine_description.test.ts.snap
diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/entity_store/installation/engine_description.test.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/entity_store/installation/engine_description.test.ts
@@ -62,7 +62,6 @@ describe('getUnitedEntityDefinition', () => {
       expect(entityManagerDefinition).toMatchSnapshot();
     });
   });
-
   describe('service', () => {
     const description = createEngineDescription({
       entityType: 'service',
diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/entity_store/installation/types.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/entity_store/installation/types.ts
@@ -21,6 +21,7 @@ export interface EntityEngineInstallationDescriptor {
   version: string;
   entityType: EntityType;
   identityField: string;
+  identityFieldMapping: MappingProperty;
 
   /**
    * Default static index patterns to use as the source of entity data.
