[Cloud Security] use global cdr vuln data view (#191581)

elastic · Sep 3, 2024 · c594254 · c594254
1 parent b7a909f
commit c594254
Show file tree

Hide file tree

Showing 26 changed files with 110 additions and 83 deletions.
diff --git a/x-pack/packages/kbn-cloud-security-posture-common/constants.ts b/x-pack/packages/kbn-cloud-security-posture-common/constants.ts
@@ -9,7 +9,7 @@ export const CSPM_POLICY_TEMPLATE = 'cspm';
 export const CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_PATTERN =
   'logs-cloud_security_posture.findings_latest-default';
 export const CDR_LATEST_THIRD_PARTY_MISCONFIGURATIONS_INDEX_PATTERN =
-  'logs-*_latest_misconfigurations_cdr';
+  'security_solution-*.misconfiguration_latest';
 export const CDR_MISCONFIGURATIONS_INDEX_PATTERN = `${CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_PATTERN},${CDR_LATEST_THIRD_PARTY_MISCONFIGURATIONS_INDEX_PATTERN}`;
 export const LATEST_FINDINGS_RETENTION_POLICY = '26h';
 export const MAX_FINDINGS_TO_LOAD = 500;

diff --git a/x-pack/plugins/cloud_security_posture/common/constants.ts b/x-pack/plugins/cloud_security_posture/common/constants.ts
@@ -41,12 +41,6 @@ export const CDR_MISCONFIGURATIONS_DATA_VIEW_NAME = 'Latest Cloud Security Misco
 export const CDR_MISCONFIGURATIONS_DATA_VIEW_ID_PREFIX =
   'security_solution_cdr_latest_misconfigurations';
 
-export const CDR_VULNERABILITIES_DATA_VIEW_NAME = 'Latest Cloud Security Vulnerabilities';
-export const CDR_VULNERABILITIES_DATA_VIEW_ID_PREFIX =
-  'security_solution_cdr_latest_vulnerabilities';
-export const CDR_VULNERABILITIES_INDEX_PATTERN =
-  'logs-*_latest_vulnerabilities_cdr,logs-cloud_security_posture.vulnerabilities_latest-default';
-
 export const FINDINGS_INDEX_NAME = 'logs-cloud_security_posture.findings';
 export const FINDINGS_INDEX_PATTERN = 'logs-cloud_security_posture.findings-default*';
 export const FINDINGS_INDEX_DEFAULT_NS = 'logs-cloud_security_posture.findings-default';
@@ -59,17 +53,24 @@ export const BENCHMARK_SCORE_INDEX_TEMPLATE_NAME = 'logs-cloud_security_posture.
 export const BENCHMARK_SCORE_INDEX_PATTERN = 'logs-cloud_security_posture.scores-*';
 export const BENCHMARK_SCORE_INDEX_DEFAULT_NS = 'logs-cloud_security_posture.scores-default';
 
+export const CDR_VULNERABILITIES_DATA_VIEW_NAME = 'Latest Cloud Security Vulnerabilities';
+export const CDR_VULNERABILITIES_DATA_VIEW_ID_PREFIX =
+  'security_solution_cdr_latest_vulnerabilities';
+
 export const VULNERABILITIES_INDEX_NAME = 'logs-cloud_security_posture.vulnerabilities';
 export const VULNERABILITIES_INDEX_PATTERN = 'logs-cloud_security_posture.vulnerabilities-default*';
 export const VULNERABILITIES_INDEX_DEFAULT_NS =
   'logs-cloud_security_posture.vulnerabilities-default';
 
 export const LATEST_VULNERABILITIES_INDEX_TEMPLATE_NAME =
   'logs-cloud_security_posture.vulnerabilities_latest';
-export const LATEST_VULNERABILITIES_INDEX_PATTERN =
-  'logs-cloud_security_posture.vulnerabilities_latest*';
-export const LATEST_VULNERABILITIES_INDEX_DEFAULT_NS =
+
+export const CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN =
   'logs-cloud_security_posture.vulnerabilities_latest-default';
+export const CDR_LATEST_THIRD_PARTY_VULNERABILITIES_INDEX_PATTERN =
+  'security_solution-*.vulnerability_latest';
+export const CDR_VULNERABILITIES_INDEX_PATTERN = `${CDR_LATEST_THIRD_PARTY_VULNERABILITIES_INDEX_PATTERN},${CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN}`;
+
 export const LATEST_VULNERABILITIES_RETENTION_POLICY = '3d';
 
 export const SECURITY_DEFAULT_DATA_VIEW_ID = 'security-solution-default';

diff --git a/...cloud_security_posture/public/pages/vulnerabilities/hooks/use_grouped_vulnerabilities.tsx b/...cloud_security_posture/public/pages/vulnerabilities/hooks/use_grouped_vulnerabilities.tsx
@@ -11,7 +11,7 @@ import { GenericBuckets, GroupingQuery, RootAggregation } from '@kbn/grouping/sr
 import { useQuery } from '@tanstack/react-query';
 import { lastValueFrom } from 'rxjs';
 import { showErrorToast } from '@kbn/cloud-security-posture';
-import { LATEST_VULNERABILITIES_INDEX_PATTERN } from '../../../../common/constants';
+import { CDR_VULNERABILITIES_INDEX_PATTERN } from '../../../../common/constants';
 import { useKibana } from '../../../common/hooks/use_kibana';
 
 // Elasticsearch returns `null` when a sub-aggregation cannot be computed
@@ -56,7 +56,7 @@ export type VulnerabilitiesRootGroupingAggregation =
 
 export const getGroupedVulnerabilitiesQuery = (query: GroupingQuery) => ({
   ...query,
-  index: LATEST_VULNERABILITIES_INDEX_PATTERN,
+  index: CDR_VULNERABILITIES_INDEX_PATTERN,
   size: 0,
 });
 

diff --git a/.../cloud_security_posture/public/pages/vulnerabilities/hooks/use_latest_vulnerabilities.tsx b/.../cloud_security_posture/public/pages/vulnerabilities/hooks/use_latest_vulnerabilities.tsx
@@ -21,7 +21,7 @@ import { FindingsBaseEsQuery, showErrorToast } from '@kbn/cloud-security-posture
 import { VULNERABILITY_FIELDS } from '../../../common/constants';
 import { CspVulnerabilityFinding } from '../../../../common/schemas';
 import {
-  LATEST_VULNERABILITIES_INDEX_PATTERN,
+  CDR_VULNERABILITIES_INDEX_PATTERN,
   LATEST_VULNERABILITIES_RETENTION_POLICY,
 } from '../../../../common/constants';
 import { useKibana } from '../../../common/hooks/use_kibana';
@@ -56,7 +56,7 @@ export const getVulnerabilitiesQuery = (
   { query, sort }: VulnerabilitiesQuery,
   pageParam: number
 ) => ({
-  index: LATEST_VULNERABILITIES_INDEX_PATTERN,
+  index: CDR_VULNERABILITIES_INDEX_PATTERN,
   sort: getMultiFieldsSort(sort),
   size: MAX_FINDINGS_TO_LOAD,
   query: {
@@ -91,7 +91,7 @@ export const useLatestVulnerabilities = (options: VulnerabilitiesQuery) => {
    * the last loaded record to be used as a from parameter to fetch the next chunk of data.
    */
   return useInfiniteQuery(
-    [LATEST_VULNERABILITIES_INDEX_PATTERN, options],
+    [CDR_VULNERABILITIES_INDEX_PATTERN, options],
     async ({ pageParam }) => {
       const {
         rawResponse: { hits },

diff --git a/x-pack/plugins/cloud_security_posture/public/pages/vulnerabilities/vulnerabilties.test.tsx b/x-pack/plugins/cloud_security_posture/public/pages/vulnerabilities/vulnerabilties.test.tsx
@@ -9,7 +9,7 @@ import Chance from 'chance';
 import { Vulnerabilities } from './vulnerabilities';
 import {
   CDR_MISCONFIGURATIONS_DATA_VIEW_ID_PREFIX,
-  LATEST_VULNERABILITIES_INDEX_DEFAULT_NS,
+  CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
   VULN_MGMT_POLICY_TEMPLATE,
 } from '../../../common/constants';
 import { useCspSetupStatusApi } from '@kbn/cloud-security-posture/src/hooks/use_csp_setup_status_api';
@@ -71,7 +71,9 @@ describe('<Vulnerabilities />', () => {
         status: 'success',
         data: {
           [VULN_MGMT_POLICY_TEMPLATE]: { status: 'not-deployed' },
-          indicesDetails: [{ index: LATEST_VULNERABILITIES_INDEX_DEFAULT_NS, status: 'empty' }],
+          indicesDetails: [
+            { index: CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN, status: 'empty' },
+          ],
         },
       })
     );
@@ -97,7 +99,9 @@ describe('<Vulnerabilities />', () => {
         status: 'success',
         data: {
           [VULN_MGMT_POLICY_TEMPLATE]: { status: 'indexing' },
-          indicesDetails: [{ index: LATEST_VULNERABILITIES_INDEX_DEFAULT_NS, status: 'empty' }],
+          indicesDetails: [
+            { index: CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN, status: 'empty' },
+          ],
         },
       })
     );
@@ -121,7 +125,9 @@ describe('<Vulnerabilities />', () => {
         status: 'success',
         data: {
           [VULN_MGMT_POLICY_TEMPLATE]: { status: 'index-timeout' },
-          indicesDetails: [{ index: LATEST_VULNERABILITIES_INDEX_DEFAULT_NS, status: 'empty' }],
+          indicesDetails: [
+            { index: CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN, status: 'empty' },
+          ],
         },
       })
     );
@@ -144,7 +150,9 @@ describe('<Vulnerabilities />', () => {
         status: 'success',
         data: {
           [VULN_MGMT_POLICY_TEMPLATE]: { status: 'unprivileged' },
-          indicesDetails: [{ index: LATEST_VULNERABILITIES_INDEX_DEFAULT_NS, status: 'empty' }],
+          indicesDetails: [
+            { index: CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN, status: 'empty' },
+          ],
         },
       })
     );
@@ -177,7 +185,7 @@ describe('<Vulnerabilities />', () => {
           indicesDetails: [
             { index: 'logs-cloud_security_posture.findings_latest-default', status: 'empty' },
             { index: 'logs-cloud_security_posture.findings-default*', status: 'empty' },
-            { index: LATEST_VULNERABILITIES_INDEX_DEFAULT_NS, status: 'empty' },
+            { index: CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN, status: 'empty' },
           ],
         },
       })

diff --git a/...ud_security_posture/public/pages/vulnerability_dashboard/vulnerability_dashboard.test.tsx b/...ud_security_posture/public/pages/vulnerability_dashboard/vulnerability_dashboard.test.tsx
@@ -9,7 +9,7 @@ import Chance from 'chance';
 import { dataPluginMock } from '@kbn/data-plugin/public/mocks';
 import { unifiedSearchPluginMock } from '@kbn/unified-search-plugin/public/mocks';
 import {
-  LATEST_VULNERABILITIES_INDEX_DEFAULT_NS,
+  CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
   VULN_MGMT_POLICY_TEMPLATE,
 } from '../../../common/constants';
 import { chartPluginMock } from '@kbn/charts-plugin/public/mocks';
@@ -79,7 +79,9 @@ describe('<VulnerabilityDashboard />', () => {
         status: 'success',
         data: {
           [VULN_MGMT_POLICY_TEMPLATE]: { status: 'not-installed' },
-          indicesDetails: [{ index: LATEST_VULNERABILITIES_INDEX_DEFAULT_NS, status: 'empty' }],
+          indicesDetails: [
+            { index: CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN, status: 'empty' },
+          ],
         },
       })
     );
@@ -100,7 +102,9 @@ describe('<VulnerabilityDashboard />', () => {
         status: 'success',
         data: {
           [VULN_MGMT_POLICY_TEMPLATE]: { status: 'not-deployed' },
-          indicesDetails: [{ index: LATEST_VULNERABILITIES_INDEX_DEFAULT_NS, status: 'empty' }],
+          indicesDetails: [
+            { index: CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN, status: 'empty' },
+          ],
         },
       })
     );
@@ -121,7 +125,9 @@ describe('<VulnerabilityDashboard />', () => {
         status: 'success',
         data: {
           [VULN_MGMT_POLICY_TEMPLATE]: { status: 'indexing' },
-          indicesDetails: [{ index: LATEST_VULNERABILITIES_INDEX_DEFAULT_NS, status: 'empty' }],
+          indicesDetails: [
+            { index: CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN, status: 'empty' },
+          ],
         },
       })
     );
@@ -141,7 +147,9 @@ describe('<VulnerabilityDashboard />', () => {
         status: 'success',
         data: {
           [VULN_MGMT_POLICY_TEMPLATE]: { status: 'index-timeout' },
-          indicesDetails: [{ index: LATEST_VULNERABILITIES_INDEX_DEFAULT_NS, status: 'empty' }],
+          indicesDetails: [
+            { index: CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN, status: 'empty' },
+          ],
         },
       })
     );
@@ -160,7 +168,9 @@ describe('<VulnerabilityDashboard />', () => {
         status: 'success',
         data: {
           [VULN_MGMT_POLICY_TEMPLATE]: { status: 'unprivileged' },
-          indicesDetails: [{ index: LATEST_VULNERABILITIES_INDEX_DEFAULT_NS, status: 'empty' }],
+          indicesDetails: [
+            { index: CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN, status: 'empty' },
+          ],
         },
       })
     );
@@ -180,7 +190,9 @@ describe('<VulnerabilityDashboard />', () => {
         status: 'success',
         data: {
           [VULN_MGMT_POLICY_TEMPLATE]: { status: 'indexed' },
-          indicesDetails: [{ index: LATEST_VULNERABILITIES_INDEX_DEFAULT_NS, status: 'not-empty' }],
+          indicesDetails: [
+            { index: CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN, status: 'not-empty' },
+          ],
         },
       })
     );

diff --git a/x-pack/plugins/cloud_security_posture/server/create_indices/latest_indices.ts b/x-pack/plugins/cloud_security_posture/server/create_indices/latest_indices.ts
@@ -11,9 +11,8 @@ import {
   LATEST_FINDINGS_INDEX_TEMPLATE_NAME,
   LATEST_FINDINGS_INDEX_DEFAULT_NS,
   VULNERABILITIES_INDEX_NAME,
-  LATEST_VULNERABILITIES_INDEX_PATTERN,
+  CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
   LATEST_VULNERABILITIES_INDEX_TEMPLATE_NAME,
-  LATEST_VULNERABILITIES_INDEX_DEFAULT_NS,
 } from '../../common/constants';
 import { LatestIndexConfig } from './types';
 
@@ -26,8 +25,8 @@ export const latestIndexConfigs: LatestIndexConfig = {
   },
   vulnerabilities: {
     indexName: VULNERABILITIES_INDEX_NAME,
-    indexPattern: LATEST_VULNERABILITIES_INDEX_PATTERN,
+    indexPattern: CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
     indexTemplateName: LATEST_VULNERABILITIES_INDEX_TEMPLATE_NAME,
-    indexDefaultName: LATEST_VULNERABILITIES_INDEX_DEFAULT_NS,
+    indexDefaultName: CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
   },
 };
diff --git a/...gins/cloud_security_posture/server/create_transforms/latest_vulnerabilities_transforms.ts b/...gins/cloud_security_posture/server/create_transforms/latest_vulnerabilities_transforms.ts
@@ -8,7 +8,7 @@
 import { TransformPutTransformRequest } from '@elastic/elasticsearch/lib/api/types';
 import {
   CLOUD_SECURITY_POSTURE_PACKAGE_NAME,
-  LATEST_VULNERABILITIES_INDEX_DEFAULT_NS,
+  CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
   LATEST_VULNERABILITIES_RETENTION_POLICY,
   VULNERABILITIES_INDEX_PATTERN,
 } from '../../common/constants';
@@ -28,7 +28,7 @@ export const latestVulnerabilitiesTransform: TransformPutTransformRequest = {
     index: VULNERABILITIES_INDEX_PATTERN,
   },
   dest: {
-    index: LATEST_VULNERABILITIES_INDEX_DEFAULT_NS,
+    index: CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
   },
   frequency: '5m',
   sync: {

diff --git a/.../cloud_security_posture/server/lib/telemetry/collectors/cloud_accounts_stats_collector.ts b/.../cloud_security_posture/server/lib/telemetry/collectors/cloud_accounts_stats_collector.ts
@@ -19,7 +19,7 @@ import type {
 } from './types';
 import {
   LATEST_FINDINGS_INDEX_DEFAULT_NS,
-  LATEST_VULNERABILITIES_INDEX_DEFAULT_NS,
+  CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
   VULN_MGMT_POLICY_TEMPLATE,
 } from '../../../../common/constants';
 import {
@@ -438,7 +438,10 @@ export const getAllCloudAccountsStats = async (
   logger: Logger
 ): Promise<CloudSecurityAccountsStats[]> => {
   try {
-    const indices = [LATEST_FINDINGS_INDEX_DEFAULT_NS, LATEST_VULNERABILITIES_INDEX_DEFAULT_NS];
+    const indices = [
+      LATEST_FINDINGS_INDEX_DEFAULT_NS,
+      CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
+    ];
     const [findingIndex, vulnerabilitiesIndex] = await Promise.all(
       indices.map(async (index) => ({
         exists: await esClient.indices.exists({

diff --git a/...plugins/cloud_security_posture/server/lib/telemetry/collectors/indices_stats_collector.ts b/...plugins/cloud_security_posture/server/lib/telemetry/collectors/indices_stats_collector.ts
@@ -14,7 +14,7 @@ import {
   BENCHMARK_SCORE_INDEX_DEFAULT_NS,
   FINDINGS_INDEX_DEFAULT_NS,
   LATEST_FINDINGS_INDEX_DEFAULT_NS,
-  LATEST_VULNERABILITIES_INDEX_DEFAULT_NS,
+  CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
   VULNERABILITIES_INDEX_DEFAULT_NS,
 } from '../../../../common/constants';
 
@@ -82,7 +82,7 @@ export const getIndicesStats = async (
     getIndexStats(esClient, FINDINGS_INDEX_DEFAULT_NS, logger),
     getIndexStats(esClient, LATEST_FINDINGS_INDEX_DEFAULT_NS, logger),
     getIndexStats(esClient, VULNERABILITIES_INDEX_DEFAULT_NS, logger),
-    getIndexStats(esClient, LATEST_VULNERABILITIES_INDEX_DEFAULT_NS, logger),
+    getIndexStats(esClient, CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN, logger),
     getIndexStats(esClient, BENCHMARK_SCORE_INDEX_DEFAULT_NS, logger),
   ]);
 

diff --git a/x-pack/plugins/cloud_security_posture/server/routes/status/status.ts b/x-pack/plugins/cloud_security_posture/server/routes/status/status.ts
@@ -36,7 +36,7 @@ import {
   BENCHMARK_SCORE_INDEX_DEFAULT_NS,
   VULNERABILITIES_INDEX_PATTERN,
   POSTURE_TYPES,
-  LATEST_VULNERABILITIES_INDEX_DEFAULT_NS,
+  CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
   VULN_MGMT_POLICY_TEMPLATE,
   POSTURE_TYPE_ALL,
   LATEST_VULNERABILITIES_RETENTION_POLICY,
@@ -257,7 +257,7 @@ export const getCspStatus = async ({
       retentionTime: LATEST_FINDINGS_RETENTION_POLICY,
     }),
 
-    checkIndexStatus(esClient, LATEST_VULNERABILITIES_INDEX_DEFAULT_NS, logger, {
+    checkIndexStatus(esClient, CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN, logger, {
       postureType: VULN_MGMT_POLICY_TEMPLATE,
       retentionTime: LATEST_VULNERABILITIES_RETENTION_POLICY,
     }),
@@ -342,7 +342,7 @@ export const getCspStatus = async ({
       status: scoreIndexStatus,
     },
     {
-      index: LATEST_VULNERABILITIES_INDEX_DEFAULT_NS,
+      index: CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
       status: vulnerabilitiesLatestIndexStatus,
     },
   ];

diff --git a/...rity_posture/server/routes/vulnerabilities_dashboard/get_top_patchable_vulnerabilities.ts b/...rity_posture/server/routes/vulnerabilities_dashboard/get_top_patchable_vulnerabilities.ts
@@ -8,7 +8,7 @@
 import { SearchRequest } from '@elastic/elasticsearch/lib/api/types';
 import { ElasticsearchClient } from '@kbn/core-elasticsearch-server';
 import { AggFieldBucket, PatchableVulnerabilityStat } from '../../../common/types_old';
-import { LATEST_VULNERABILITIES_INDEX_DEFAULT_NS } from '../../../common/constants';
+import { CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN } from '../../../common/constants';
 
 interface VulnerabilityBucket {
   key: string | undefined;
@@ -39,7 +39,7 @@ const getPatchableVulnerabilitiesQuery = (): SearchRequest => ({
       ],
     },
   },
-  index: LATEST_VULNERABILITIES_INDEX_DEFAULT_NS,
+  index: CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
   aggs: {
     patchable_vulnerabilities: {
       terms: {

diff --git a/...cloud_security_posture/server/routes/vulnerabilities_dashboard/get_top_vulnerabilities.ts b/...cloud_security_posture/server/routes/vulnerabilities_dashboard/get_top_vulnerabilities.ts
@@ -8,7 +8,7 @@
 import { SearchRequest } from '@elastic/elasticsearch/lib/api/types';
 import { ElasticsearchClient } from '@kbn/core-elasticsearch-server';
 import { VulnerabilityStat } from '../../../common/types_old';
-import { LATEST_VULNERABILITIES_INDEX_DEFAULT_NS } from '../../../common/constants';
+import { CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN } from '../../../common/constants';
 
 interface VulnerabilityBucket {
   key: string | undefined;
@@ -77,7 +77,7 @@ const getVulnerabilitiesQuery = (): SearchRequest => ({
   query: {
     match_all: {},
   },
-  index: LATEST_VULNERABILITIES_INDEX_DEFAULT_NS,
+  index: CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
   aggs: {
     vulnerabilities: {
       terms: {

diff --git a/..._security_posture/server/routes/vulnerabilities_dashboard/get_top_vulnerable_resources.ts b/..._security_posture/server/routes/vulnerabilities_dashboard/get_top_vulnerable_resources.ts
@@ -8,7 +8,7 @@
 import { SearchRequest } from '@elastic/elasticsearch/lib/api/types';
 import { ElasticsearchClient } from '@kbn/core-elasticsearch-server';
 import { AggFieldBucket, VulnerableResourceStat } from '../../../common/types_old';
-import { LATEST_VULNERABILITIES_INDEX_DEFAULT_NS } from '../../../common/constants';
+import { CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN } from '../../../common/constants';
 
 interface ResourceBucket {
   key: string | undefined;
@@ -28,7 +28,7 @@ const getVulnerabilitiesResourcesQuery = (): SearchRequest => ({
   query: {
     match_all: {},
   },
-  index: LATEST_VULNERABILITIES_INDEX_DEFAULT_NS,
+  index: CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
   aggs: {
     vulnerable_resources: {
       terms: {