From a768f1cb2a17bb53e34af219f1e10c27e7bf5c85 Mon Sep 17 00:00:00 2001 From: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> Date: Fri, 25 Aug 2023 17:52:18 -0400 Subject: [PATCH] [8.10] [Cloud Security] [Alerts] Fix Misconfigurations Flyout navigation to detection rule (#164654) (#164899) # Backport This will backport the following commits from `main` to `8.10`: - [[Cloud Security] [Alerts] Fix Misconfigurations Flyout navigation to detection rule (#164654)](https://github.com/elastic/kibana/pull/164654) ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) Co-authored-by: Paulo Henrique --- .../findings_detection_rule_counter.tsx | 10 ++++++++-- .../utils/create_detection_rule_from_finding.ts | 16 +++++++++++++++- 2 files changed, 23 insertions(+), 3 deletions(-) diff --git a/x-pack/plugins/cloud_security_posture/public/pages/configurations/findings_flyout/findings_detection_rule_counter.tsx b/x-pack/plugins/cloud_security_posture/public/pages/configurations/findings_flyout/findings_detection_rule_counter.tsx index 5586f2a20126c..f39379f8c4ddd 100644 --- a/x-pack/plugins/cloud_security_posture/public/pages/configurations/findings_flyout/findings_detection_rule_counter.tsx +++ b/x-pack/plugins/cloud_security_posture/public/pages/configurations/findings_flyout/findings_detection_rule_counter.tsx @@ -9,13 +9,19 @@ import type { HttpSetup } from '@kbn/core/public'; import React from 'react'; import { CspFinding } from '../../../../common/schemas/csp_finding'; import { DetectionRuleCounter } from '../../../components/detection_rule_counter'; -import { createDetectionRuleFromFinding } from '../utils/create_detection_rule_from_finding'; +import { + createDetectionRuleFromFinding, + getFindingsDetectionRuleSearchTags, +} from '../utils/create_detection_rule_from_finding'; export const FindingsDetectionRuleCounter = ({ finding }: { finding: CspFinding }) => { const createMisconfigurationRuleFn = async (http: HttpSetup) => await createDetectionRuleFromFinding(http, finding); return ( - + ); }; diff --git a/x-pack/plugins/cloud_security_posture/public/pages/configurations/utils/create_detection_rule_from_finding.ts b/x-pack/plugins/cloud_security_posture/public/pages/configurations/utils/create_detection_rule_from_finding.ts index 778c222d2f5e1..a1f8ac3fa5fcc 100644 --- a/x-pack/plugins/cloud_security_posture/public/pages/configurations/utils/create_detection_rule_from_finding.ts +++ b/x-pack/plugins/cloud_security_posture/public/pages/configurations/utils/create_detection_rule_from_finding.ts @@ -50,9 +50,23 @@ const CSP_RULE_TAG_DATA_SOURCE_PREFIX = 'Data Source: '; const STATIC_RULE_TAGS = [CSP_RULE_TAG, CSP_RULE_TAG_USE_CASE]; +/* + * Returns an array of CspFinding tags that can be used to search and filter a detection rule + */ +export const getFindingsDetectionRuleSearchTags = ({ rule }: CspFinding) => { + // ex: cis_gcp to ['CIS', 'GCP'] + const benchmarkIdTags = rule.benchmark.id.split('_').map((tag) => tag.toUpperCase()); + // ex: 'CIS GCP 1.1' + const benchmarkRuleNumberTag = `${rule.benchmark.id.replace('_', ' ').toUpperCase()} ${ + rule.benchmark.rule_number + }`; + + return benchmarkIdTags.concat([benchmarkRuleNumberTag]); +}; + const generateFindingsTags = (finding: CspFinding) => { return [STATIC_RULE_TAGS] - .concat(finding.rule.tags) + .concat(getFindingsDetectionRuleSearchTags(finding)) .concat( finding.rule.benchmark.posture_type ? [