Merge branch 'main' into investigations-dependency

packages/kbn-search-connectors/types/native_connectors.ts

@@ -2978,6 +2978,27 @@ export const NATIVE_CONNECTOR_DEFINITIONS: Record<string, NativeConnector | unde
         validations: [],
         value: false,
       },
+      use_document_level_security: {
+        default_value: null,
+        depends_on: [],
+        display: DisplayType.TOGGLE,
+        label: ENABLE_DOCUMENT_LEVEL_SECURITY_LABEL,
+        options: [],
+        order: 8,
+        required: true,
+        sensitive: false,
+        tooltip: i18n.translate(
+          'searchConnectors.nativeConnectors.servicenow.configuration.useDocumentLevelSecurityTooltip',
+          {
+            defaultMessage:
+              'Document level security ensures identities and permissions set in ServiceNow are maintained in Elasticsearch. This enables you to restrict and personalize read-access users and groups have to documents in this index. Access control syncs ensure this metadata is kept up to date in your Elasticsearch documents.',
+          }
+        ),
+        type: FieldType.BOOLEAN,
+        ui_restrictions: [],
+        validations: [],
+        value: false,
+      },
     },
     features: {
       [FeatureName.SYNC_RULES]: {

x-pack/plugins/cloud_security_posture/common/constants.ts

@@ -30,6 +30,10 @@ export const CSP_BENCHMARK_RULES_BULK_ACTION_ROUTE_PATH =
   '/internal/cloud_security_posture/rules/_bulk_action';
 export const CSP_BENCHMARK_RULES_BULK_ACTION_API_CURRENT_VERSION = '1';
 
+export const CSP_GET_BENCHMARK_RULES_STATE_ROUTE_PATH =
+  '/internal/cloud_security_posture/rules/_get_states';
+export const CSP_GET_BENCHMARK_RULES_STATE_API_CURRENT_VERSION = '1';
+
 export const GET_DETECTION_RULE_ALERTS_STATUS_PATH =
   '/internal/cloud_security_posture/detection_engine_rules/alerts/_status';
 export const DETECTION_RULE_ALERTS_STATUS_API_CURRENT_VERSION = '1';

x-pack/plugins/cloud_security_posture/common/types/rules/v3.ts

@@ -137,18 +137,21 @@ export interface FindCspBenchmarkRuleResponse {
 
 export type PageUrlParams = Record<'policyId' | 'packagePolicyId', string>;
 
-export const cspBenchmarkRules = schema.arrayOf(
+export const rulesToUpdate = schema.arrayOf(
   schema.object({
     rule_id: schema.string(),
+    benchmark_id: schema.string(),
+    benchmark_version: schema.string(),
+    rule_number: schema.string(),
   })
 );
 
 export const cspBenchmarkRulesBulkActionRequestSchema = schema.object({
   action: schema.oneOf([schema.literal('mute'), schema.literal('unmute')]),
-  rules: cspBenchmarkRules,
+  rules: rulesToUpdate,
 });
 
-export type CspBenchmarkRules = TypeOf<typeof cspBenchmarkRules>;
+export type RulesToUpdate = TypeOf<typeof rulesToUpdate>;
 
 export type CspBenchmarkRulesBulkActionRequestSchema = TypeOf<
   typeof cspBenchmarkRulesBulkActionRequestSchema

x-pack/plugins/cloud_security_posture/public/pages/vulnerability_dashboard/vulnerability_trend_graph.tsx

@@ -14,18 +14,19 @@ import {
   timeFormatter,
   niceTimeFormatByDay,
   PartialTheme,
-  LEGACY_LIGHT_THEME,
 } from '@elastic/charts';
 import { EuiButton, EuiComboBox } from '@elastic/eui';
 import { i18n } from '@kbn/i18n';
 import { FormattedMessage } from '@kbn/i18n-react';
+
 import { truthy } from '../../../common/utils/helpers';
 import { useNavigateVulnerabilities } from '../../common/hooks/use_navigate_findings';
 import { VulnStatsTrend, VulnSeverity } from '../../../common/types_old';
 import { useVulnerabilityDashboardApi } from '../../common/api/use_vulnerability_dashboard_api';
 import { getSeverityStatusColor } from '../../common/utils/get_vulnerability_colors';
 import { ChartPanel } from '../../components/chart_panel';
 import { VULNERABILITIES_SEVERITY } from '../../../common/constants';
+import { useKibana } from '../../common/hooks/use_kibana';
 
 const stackAccessors: VulnSeverity[] = [
   VULNERABILITIES_SEVERITY.CRITICAL,
@@ -151,6 +152,9 @@ const getTrendData = (vulnTrends: VulnStatsTrend[], selectedAccount: string) =>
 };
 
 export const VulnerabilityTrendGraph = () => {
+  const {
+    services: { charts },
+  } = useKibana();
   const getVulnerabilityDashboard = useVulnerabilityDashboardApi();
   const vulnTrends = getVulnerabilityDashboard.data?.vulnTrends || [];
   const [selectedAccount, setSelectedAccount] = useState(DEFAULT_ACCOUNT);
@@ -208,8 +212,7 @@ export const VulnerabilityTrendGraph = () => {
       <div style={chartStyle}>
         <Chart>
           <Settings
-            // TODO connect to charts.theme service see src/plugins/charts/public/services/theme/README.md
-            baseTheme={LEGACY_LIGHT_THEME}
+            baseTheme={charts.theme.useChartsBaseTheme()}
             legendPosition="right"
             showLegend
             theme={theme}

x-pack/plugins/cloud_security_posture/server/routes/benchmark_rules/bulk_action/bulk_action.ts

@@ -23,6 +23,9 @@ import { bulkActionBenchmarkRulesHandler } from './v1';
 	  action: 'mute' | 'unmute'; // Specify the bulk action type (mute or unmute)
 	  rules: [
 	    {
+        benchmark_id: string;       // Identifier for the CSP benchmark
+	      benchmark_version: string;  // Version of the CSP benchmark
+	      rule_number: string;        // Rule number within the benchmark
 	      rule_id: string;            // Unique identifier for the rule
 	    },
 	    // ... (additional benchmark rules)

x-pack/plugins/cloud_security_posture/server/routes/benchmark_rules/bulk_action/utils.ts

@@ -13,6 +13,7 @@ import type { FindResult, RulesClient } from '@kbn/alerting-plugin/server';
 import type { RuleParams } from '@kbn/alerting-plugin/server/application/rule/types';
 import type {
   CspBenchmarkRule,
+  RulesToUpdate,
   CspBenchmarkRulesStates,
   CspSettings,
 } from '../../../../common/types/rules/v3';
@@ -118,23 +119,22 @@ export const updateRulesStates = async (
 export const setRulesStates = (
   ruleIds: string[],
   state: boolean,
-  benchmarkRules: CspBenchmarkRule[]
+  rulesToUpdate: RulesToUpdate
 ): CspBenchmarkRulesStates => {
   const rulesStates: CspBenchmarkRulesStates = {};
   ruleIds.forEach((ruleId, index) => {
-    const benchmarkRule = benchmarkRules[index];
+    const benchmarkRule = rulesToUpdate[index];
     rulesStates[ruleId] = {
       muted: state,
-      benchmark_id: benchmarkRule.metadata.benchmark.id,
-      benchmark_version: benchmarkRule.metadata.benchmark.version,
-      rule_number: benchmarkRule.metadata.benchmark.rule_number || '',
-      rule_id: benchmarkRule.metadata.id,
+      benchmark_id: benchmarkRule.benchmark_id,
+      benchmark_version: benchmarkRule.benchmark_version,
+      rule_number: benchmarkRule.rule_number,
+      rule_id: benchmarkRule.rule_id,
     };
   });
   return rulesStates;
 };
 
-export const buildRuleKey = (benchmarkRule: CspBenchmarkRule) => {
-  const ruleNumber = benchmarkRule.metadata.benchmark.rule_number;
-  return `${benchmarkRule.metadata.benchmark.id};${benchmarkRule.metadata.benchmark.version};${ruleNumber}`;
+export const buildRuleKey = (benchmarkId: string, benchmarkVersion: string, ruleNumber: string) => {
+  return `${benchmarkId};${benchmarkVersion};${ruleNumber}`;
 };

x-pack/plugins/cloud_security_posture/server/routes/benchmark_rules/bulk_action/v1.ts

@@ -16,8 +16,7 @@ import {
 } from './utils';
 import type {
   BulkActionBenchmarkRulesResponse,
-  CspBenchmarkRule,
-  CspBenchmarkRules,
+  RulesToUpdate,
 } from '../../../../common/types/rules/v3';
 
 const muteStatesMap = {
@@ -29,7 +28,7 @@ export const bulkActionBenchmarkRulesHandler = async (
   soClient: SavedObjectsClientContract,
   encryptedSoClient: SavedObjectsClientContract,
   detectionRulesClient: RulesClient,
-  rulesToUpdate: CspBenchmarkRules,
+  rulesToUpdate: RulesToUpdate,
   action: 'mute' | 'unmute',
   logger: Logger
 ): Promise<BulkActionBenchmarkRulesResponse> => {
@@ -39,13 +38,12 @@ export const bulkActionBenchmarkRulesHandler = async (
   if (benchmarkRules.includes(undefined))
     throw new Error('At least one of the provided benchmark rule IDs does not exist');
 
-  const rulesKeys = benchmarkRules.map((benchmarkRule) => buildRuleKey(benchmarkRule!));
-  const newRulesStates = setRulesStates(
-    rulesKeys,
-    muteStatesMap[action],
-    benchmarkRules as CspBenchmarkRule[]
+  const rulesKeys = rulesToUpdate.map((rule) =>
+    buildRuleKey(rule.benchmark_id, rule.benchmark_version, rule.rule_number)
   );
 
+  const newRulesStates = setRulesStates(rulesKeys, muteStatesMap[action], rulesToUpdate);
+
   const newCspSettings = await updateRulesStates(encryptedSoClient, newRulesStates);
   const disabledRulesCounter =
     action === 'mute' ? await muteDetectionRules(soClient, detectionRulesClient, rulesIds) : 0;

x-pack/plugins/cloud_security_posture/server/routes/benchmark_rules/get_states/get_states.ts

@@ -0,0 +1,51 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { transformError } from '@kbn/securitysolution-es-utils';
+import { CspRouter } from '../../../types';
+import { CSP_GET_BENCHMARK_RULES_STATE_ROUTE_PATH } from '../../../../common/constants';
+import { CspBenchmarkRulesStates } from '../../../../common/types/rules/v3';
+import { getCspBenchmarkRulesStatesHandler } from './v1';
+
+export const defineGetCspBenchmarkRulesStatesRoute = (router: CspRouter) =>
+  router.versioned
+    .get({
+      access: 'internal',
+      path: CSP_GET_BENCHMARK_RULES_STATE_ROUTE_PATH,
+    })
+    .addVersion(
+      {
+        version: '1',
+        validate: {},
+      },
+      async (context, request, response) => {
+        if (!(await context.fleet).authz.fleet.all) {
+          return response.forbidden();
+        }
+        const cspContext = await context.csp;
+
+        try {
+          const encryptedSoClient = cspContext.encryptedSavedObjects;
+
+          const rulesStates: CspBenchmarkRulesStates = await getCspBenchmarkRulesStatesHandler(
+            encryptedSoClient
+          );
+
+          return response.ok({
+            body: rulesStates,
+          });
+        } catch (err) {
+          const error = transformError(err);
+
+          cspContext.logger.error(`Failed to fetch CSP benchmark rules state: ${error.message}`);
+          return response.customError({
+            body: { message: error.message },
+            statusCode: error.statusCode || 500, // Default to 500 if no specific status code is provided
+          });
+        }
+      }
+    );

x-pack/plugins/cloud_security_posture/server/routes/benchmark_rules/get_states/v1.ts

@@ -0,0 +1,45 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import { SavedObjectsClientContract } from '@kbn/core-saved-objects-api-server';
+import { transformError } from '@kbn/securitysolution-es-utils';
+import { CspBenchmarkRulesStates, CspSettings } from '../../../../common/types/rules/v3';
+import {
+  INTERNAL_CSP_SETTINGS_SAVED_OBJECT_ID,
+  INTERNAL_CSP_SETTINGS_SAVED_OBJECT_TYPE,
+} from '../../../../common/constants';
+
+export const createCspSettingObject = async (soClient: SavedObjectsClientContract) => {
+  return soClient.create<CspSettings>(
+    INTERNAL_CSP_SETTINGS_SAVED_OBJECT_TYPE,
+    {
+      rules: {},
+    },
+    { id: INTERNAL_CSP_SETTINGS_SAVED_OBJECT_ID }
+  );
+};
+
+export const getCspBenchmarkRulesStatesHandler = async (
+  encryptedSoClient: SavedObjectsClientContract
+): Promise<CspBenchmarkRulesStates> => {
+  try {
+    const getSoResponse = await encryptedSoClient.get<CspSettings>(
+      INTERNAL_CSP_SETTINGS_SAVED_OBJECT_TYPE,
+      INTERNAL_CSP_SETTINGS_SAVED_OBJECT_ID
+    );
+    return getSoResponse.attributes.rules;
+  } catch (err) {
+    const error = transformError(err);
+    if (error.statusCode === 404) {
+      const newCspSettings = await createCspSettingObject(encryptedSoClient);
+      return newCspSettings.attributes.rules;
+    }
+
+    throw new Error(
+      `An error occurred while trying to fetch csp settings: ${error.message}, ${error.statusCode}`
+    );
+  }
+};

x-pack/plugins/cloud_security_posture/server/routes/setup_routes.ts

@@ -21,6 +21,7 @@ import { defineGetCspStatusRoute } from './status/status';
 import { defineFindCspBenchmarkRuleRoute } from './benchmark_rules/find/find';
 import { defineGetDetectionEngineAlertsStatus } from './detection_engine/get_detection_engine_alerts_count_by_rule_tags';
 import { defineBulkActionCspBenchmarkRulesRoute } from './benchmark_rules/bulk_action/bulk_action';
+import { defineGetCspBenchmarkRulesStatesRoute } from './benchmark_rules/get_states/get_states';
 
 /**
  * 1. Registers routes
@@ -43,6 +44,7 @@ export async function setupRoutes({
   defineFindCspBenchmarkRuleRoute(router);
   defineGetDetectionEngineAlertsStatus(router);
   defineBulkActionCspBenchmarkRulesRoute(router);
+  defineGetCspBenchmarkRulesStatesRoute(router);
 
   core.http.registerRouteHandlerContext<CspRequestHandlerContext, typeof PLUGIN_ID>(
     PLUGIN_ID,