[8.x] [Cloud Security] Only adding &#x60;safe_posture_type&#x60; to native csp findings (#196064) (#196200)

kibanamachine · JordanSh · web-flow · commit 84faa5c7e9d8 · 2024-10-14T15:29:29.000-05:00
# Backport This will backport the following commits from `main` to `8.x`: - [[Cloud Security] Only adding &#x60;safe_posture_type&#x60; to native csp findings (#196064)](#196064)  ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport)  Co-authored-by: Jordan <51442161+JordanSh@users.noreply.github.com>
diff --git a/x-pack/plugins/cloud_security_posture/common/runtime_mappings/get_safe_posture_type_runtime_mapping.ts b/x-pack/plugins/cloud_security_posture/common/runtime_mappings/get_safe_posture_type_runtime_mapping.ts
@@ -16,14 +16,16 @@ export const getSafePostureTypeRuntimeMapping = (): MappingRuntimeFields => ({
     type: 'keyword',
     script: {
       source: `
-        def postureTypeAvailable = doc.containsKey("rule.benchmark.posture_type") &&
-          !doc["rule.benchmark.posture_type"].empty;
+        def postureTypeAvailable = doc.containsKey("rule.benchmark.posture_type") && !doc["rule.benchmark.posture_type"].empty;
+        boolean isNativeCsp = doc.containsKey("data_stream.dataset") && !doc["data_stream.dataset"].empty && doc["data_stream.dataset"].value == "cloud_security_posture.findings";
 
-        if (!postureTypeAvailable) {
-          // Before 8.7 release
-          emit("kspm");
-        } else {
-          emit(doc["rule.benchmark.posture_type"].value);
+        if (isNativeCsp) {
+          if (!postureTypeAvailable) {
+            // Before 8.7 release
+            emit("kspm");
+          } else {
+            emit(doc["rule.benchmark.posture_type"].value);
+          }
         }
       `,
     },
diff --git a/x-pack/plugins/cloud_security_posture/server/lib/check_index_status.ts b/x-pack/plugins/cloud_security_posture/server/lib/check_index_status.ts
@@ -49,6 +49,7 @@ export const checkIndexStatus = async (
       ],
     },
   };
+
   try {
     const queryResult = await esClient.search({
       index,
diff --git a/x-pack/test/api_integration/apis/cloud_security_posture/mock_data.ts b/x-pack/test/api_integration/apis/cloud_security_posture/mock_data.ts
@@ -28,6 +28,9 @@ export const findingsMockData = [
       ingested: '2023-08-19T18:20:41Z',
       created: '2023-08-19T18:17:15.609124281Z',
     },
+    data_stream: {
+      dataset: 'cloud_security_posture.findings',
+    },
   },
   {
     resource: { id: chance.guid(), name: `Pod`, sub_type: 'Upper case sub type' },
@@ -48,6 +51,9 @@ export const findingsMockData = [
       ingested: '2023-08-19T18:20:41Z',
       created: '2023-08-19T18:17:15.609124281Z',
     },
+    data_stream: {
+      dataset: 'cloud_security_posture.findings',
+    },
   },
 ];
 
diff --git a/x-pack/test/cloud_security_posture_api/routes/mocks/findings_mock.ts b/x-pack/test/cloud_security_posture_api/routes/mocks/findings_mock.ts
@@ -32,6 +32,9 @@ export const findingsMockData = [
     orchestrator: {
       cluster: { id: 'Upper case cluster id' },
     },
+    data_stream: {
+      dataset: 'cloud_security_posture.findings',
+    },
   },
   {
     '@timestamp': '2023-06-29T02:08:44.993Z',
@@ -55,5 +58,8 @@ export const findingsMockData = [
     cloud: {
       account: { id: 'Another Upper case account id' },
     },
+    data_stream: {
+      dataset: 'cloud_security_posture.findings',
+    },
   },
 ];
diff --git a/x-pack/test_serverless/functional/test_suites/security/ftr/cloud_security_posture/compliance_dashboard.ts b/x-pack/test_serverless/functional/test_suites/security/ftr/cloud_security_posture/compliance_dashboard.ts
@@ -33,6 +33,9 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) {
         },
       },
       cluster_id: 'Upper case cluster id',
+      data_stream: {
+        dataset: 'cloud_security_posture.findings',
+      },
     },
   ];
 

-Original file line number
+Diff line change
       ],
     },
   };
++
   try {
     const queryResult = await esClient.search({
       index,