[Cloud Security] [Alerts] Fix alerts telemetry collector (elastic#164757

)
kibanamachine · Aug 26, 2023 · d18ef2f · d18ef2f
1 parent 5cac49a
commit d18ef2f
Showing 1 changed file with 36 additions and 56 deletions.
diff --git a/...k/plugins/cloud_security_posture/server/lib/telemetry/collectors/alert_stats_collector.ts b/...k/plugins/cloud_security_posture/server/lib/telemetry/collectors/alert_stats_collector.ts
@@ -9,53 +9,28 @@ import type { ElasticsearchClient } from '@kbn/core-elasticsearch-server';
 import type { CloudSecurityAlertsStats } from './types';
 import { DETECTION_ENGINE_ALERTS_INDEX_DEFAULT } from '../../../../common/constants';
 
-interface AlertsStats {
-  aggregations: {
-    cspm: {
-      rules_count: {
-        value: number;
-      };
-      alerts_open: {
-        doc_count: number;
-      };
-      alerts_acknowledged: {
-        doc_count: number;
-      };
-      alerts_closed: {
-        doc_count: number;
-      };
-    };
-    kspm: {
-      rules_count: {
-        value: number;
-      };
-      alerts_open: {
-        doc_count: number;
-      };
-      alerts_acknowledged: {
-        doc_count: number;
-      };
-      alerts_closed: {
-        doc_count: number;
-      };
-    };
-    vuln_mgmt: {
-      rules_count: {
-        value: number;
-      };
-      alerts_open: {
-        doc_count: number;
-      };
-      alerts_acknowledged: {
-        doc_count: number;
-      };
-      alerts_closed: {
-        doc_count: number;
-      };
-    };
+interface AlertStat {
+  doc_count: number;
+  rules_count: {
+    value: number;
+  };
+  alerts_open: {
+    doc_count: number;
+  };
+  alerts_acknowledged: {
+    doc_count: number;
+  };
+  alerts_closed: {
+    doc_count: number;
   };
 }
 
+interface AlertsStats {
+  cspm: AlertStat;
+  kspm: AlertStat;
+  vuln_mgmt: AlertStat;
+}
+
 const getAlertsStatsQuery = (index: string) => ({
   size: 0,
   query: {
@@ -187,20 +162,25 @@ export const getAlertsStats = async (
 
     if (isIndexExists) {
       const alertsStats = await esClient.search<unknown, AlertsStats>(getAlertsStatsQuery(index));
-
       const postureTypes = ['cspm', 'kspm', 'vuln_mgmt'] as const;
 
-      return postureTypes.map((postureType) => ({
-        posture_type: postureType,
-        rules_count: alertsStats.aggregations?.aggregations[postureType].rules_count.value,
-        alerts_count: alertsStats.aggregations?.aggregations[postureType].alerts_open.doc_count,
-        alerts_open_count:
-          alertsStats.aggregations?.aggregations[postureType].alerts_open.doc_count,
-        alerts_acknowledged_count:
-          alertsStats.aggregations?.aggregations[postureType].alerts_acknowledged.doc_count,
-        alerts_closed_count:
-          alertsStats.aggregations?.aggregations[postureType].alerts_closed.doc_count,
-      })) as CloudSecurityAlertsStats[];
+      return postureTypes
+        .filter(
+          (postureType) =>
+            alertsStats?.aggregations?.[postureType]?.doc_count &&
+            alertsStats.aggregations[postureType].doc_count > 0
+        )
+        .map((postureType): CloudSecurityAlertsStats => {
+          const postureTypeData = alertsStats!.aggregations![postureType];
+          return {
+            posture_type: postureType,
+            rules_count: postureTypeData.rules_count?.value,
+            alerts_count: postureTypeData.doc_count,
+            alerts_open_count: postureTypeData.alerts_open?.doc_count,
+            alerts_acknowledged_count: postureTypeData.alerts_acknowledged?.doc_count,
+            alerts_closed_count: postureTypeData.alerts_closed?.doc_count,
+          };
+        });
     }
     return [];
   } catch (e) {