From d18ef2f9797787b481345694b512dd56f40c0b48 Mon Sep 17 00:00:00 2001 From: Paulo Henrique Date: Fri, 25 Aug 2023 21:25:52 -0700 Subject: [PATCH] [Cloud Security] [Alerts] Fix alerts telemetry collector (#164757) --- .../collectors/alert_stats_collector.ts | 92 ++++++++----------- 1 file changed, 36 insertions(+), 56 deletions(-) diff --git a/x-pack/plugins/cloud_security_posture/server/lib/telemetry/collectors/alert_stats_collector.ts b/x-pack/plugins/cloud_security_posture/server/lib/telemetry/collectors/alert_stats_collector.ts index 7e63af4fb1320..1edd6ca731c3e 100644 --- a/x-pack/plugins/cloud_security_posture/server/lib/telemetry/collectors/alert_stats_collector.ts +++ b/x-pack/plugins/cloud_security_posture/server/lib/telemetry/collectors/alert_stats_collector.ts @@ -9,53 +9,28 @@ import type { ElasticsearchClient } from '@kbn/core-elasticsearch-server'; import type { CloudSecurityAlertsStats } from './types'; import { DETECTION_ENGINE_ALERTS_INDEX_DEFAULT } from '../../../../common/constants'; -interface AlertsStats { - aggregations: { - cspm: { - rules_count: { - value: number; - }; - alerts_open: { - doc_count: number; - }; - alerts_acknowledged: { - doc_count: number; - }; - alerts_closed: { - doc_count: number; - }; - }; - kspm: { - rules_count: { - value: number; - }; - alerts_open: { - doc_count: number; - }; - alerts_acknowledged: { - doc_count: number; - }; - alerts_closed: { - doc_count: number; - }; - }; - vuln_mgmt: { - rules_count: { - value: number; - }; - alerts_open: { - doc_count: number; - }; - alerts_acknowledged: { - doc_count: number; - }; - alerts_closed: { - doc_count: number; - }; - }; +interface AlertStat { + doc_count: number; + rules_count: { + value: number; + }; + alerts_open: { + doc_count: number; + }; + alerts_acknowledged: { + doc_count: number; + }; + alerts_closed: { + doc_count: number; }; } +interface AlertsStats { + cspm: AlertStat; + kspm: AlertStat; + vuln_mgmt: AlertStat; +} + const getAlertsStatsQuery = (index: string) => ({ size: 0, query: { @@ -187,20 +162,25 @@ export const getAlertsStats = async ( if (isIndexExists) { const alertsStats = await esClient.search(getAlertsStatsQuery(index)); - const postureTypes = ['cspm', 'kspm', 'vuln_mgmt'] as const; - return postureTypes.map((postureType) => ({ - posture_type: postureType, - rules_count: alertsStats.aggregations?.aggregations[postureType].rules_count.value, - alerts_count: alertsStats.aggregations?.aggregations[postureType].alerts_open.doc_count, - alerts_open_count: - alertsStats.aggregations?.aggregations[postureType].alerts_open.doc_count, - alerts_acknowledged_count: - alertsStats.aggregations?.aggregations[postureType].alerts_acknowledged.doc_count, - alerts_closed_count: - alertsStats.aggregations?.aggregations[postureType].alerts_closed.doc_count, - })) as CloudSecurityAlertsStats[]; + return postureTypes + .filter( + (postureType) => + alertsStats?.aggregations?.[postureType]?.doc_count && + alertsStats.aggregations[postureType].doc_count > 0 + ) + .map((postureType): CloudSecurityAlertsStats => { + const postureTypeData = alertsStats!.aggregations![postureType]; + return { + posture_type: postureType, + rules_count: postureTypeData.rules_count?.value, + alerts_count: postureTypeData.doc_count, + alerts_open_count: postureTypeData.alerts_open?.doc_count, + alerts_acknowledged_count: postureTypeData.alerts_acknowledged?.doc_count, + alerts_closed_count: postureTypeData.alerts_closed?.doc_count, + }; + }); } return []; } catch (e) {