From 681661de2982d0385e796b521b7633edb06e6e51 Mon Sep 17 00:00:00 2001 From: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> Date: Sat, 26 Aug 2023 01:37:01 -0400 Subject: [PATCH] [8.10] [Cloud Security] [Alerts] Fix alerts telemetry collector (#164757) (#164913) # Backport This will backport the following commits from `main` to `8.10`: - [[Cloud Security] [Alerts] Fix alerts telemetry collector (#164757)](https://github.com/elastic/kibana/pull/164757) ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) Co-authored-by: Paulo Henrique --- .../collectors/alert_stats_collector.ts | 92 ++++++++----------- 1 file changed, 36 insertions(+), 56 deletions(-) diff --git a/x-pack/plugins/cloud_security_posture/server/lib/telemetry/collectors/alert_stats_collector.ts b/x-pack/plugins/cloud_security_posture/server/lib/telemetry/collectors/alert_stats_collector.ts index 7e63af4fb1320..1edd6ca731c3e 100644 --- a/x-pack/plugins/cloud_security_posture/server/lib/telemetry/collectors/alert_stats_collector.ts +++ b/x-pack/plugins/cloud_security_posture/server/lib/telemetry/collectors/alert_stats_collector.ts @@ -9,53 +9,28 @@ import type { ElasticsearchClient } from '@kbn/core-elasticsearch-server'; import type { CloudSecurityAlertsStats } from './types'; import { DETECTION_ENGINE_ALERTS_INDEX_DEFAULT } from '../../../../common/constants'; -interface AlertsStats { - aggregations: { - cspm: { - rules_count: { - value: number; - }; - alerts_open: { - doc_count: number; - }; - alerts_acknowledged: { - doc_count: number; - }; - alerts_closed: { - doc_count: number; - }; - }; - kspm: { - rules_count: { - value: number; - }; - alerts_open: { - doc_count: number; - }; - alerts_acknowledged: { - doc_count: number; - }; - alerts_closed: { - doc_count: number; - }; - }; - vuln_mgmt: { - rules_count: { - value: number; - }; - alerts_open: { - doc_count: number; - }; - alerts_acknowledged: { - doc_count: number; - }; - alerts_closed: { - doc_count: number; - }; - }; +interface AlertStat { + doc_count: number; + rules_count: { + value: number; + }; + alerts_open: { + doc_count: number; + }; + alerts_acknowledged: { + doc_count: number; + }; + alerts_closed: { + doc_count: number; }; } +interface AlertsStats { + cspm: AlertStat; + kspm: AlertStat; + vuln_mgmt: AlertStat; +} + const getAlertsStatsQuery = (index: string) => ({ size: 0, query: { @@ -187,20 +162,25 @@ export const getAlertsStats = async ( if (isIndexExists) { const alertsStats = await esClient.search(getAlertsStatsQuery(index)); - const postureTypes = ['cspm', 'kspm', 'vuln_mgmt'] as const; - return postureTypes.map((postureType) => ({ - posture_type: postureType, - rules_count: alertsStats.aggregations?.aggregations[postureType].rules_count.value, - alerts_count: alertsStats.aggregations?.aggregations[postureType].alerts_open.doc_count, - alerts_open_count: - alertsStats.aggregations?.aggregations[postureType].alerts_open.doc_count, - alerts_acknowledged_count: - alertsStats.aggregations?.aggregations[postureType].alerts_acknowledged.doc_count, - alerts_closed_count: - alertsStats.aggregations?.aggregations[postureType].alerts_closed.doc_count, - })) as CloudSecurityAlertsStats[]; + return postureTypes + .filter( + (postureType) => + alertsStats?.aggregations?.[postureType]?.doc_count && + alertsStats.aggregations[postureType].doc_count > 0 + ) + .map((postureType): CloudSecurityAlertsStats => { + const postureTypeData = alertsStats!.aggregations![postureType]; + return { + posture_type: postureType, + rules_count: postureTypeData.rules_count?.value, + alerts_count: postureTypeData.doc_count, + alerts_open_count: postureTypeData.alerts_open?.doc_count, + alerts_acknowledged_count: postureTypeData.alerts_acknowledged?.doc_count, + alerts_closed_count: postureTypeData.alerts_closed?.doc_count, + }; + }); } return []; } catch (e) {