[Cloud Security][Telemetry] Create a unified cloud accounts collector (…

…elastic#167203) ## Summary Summarize your PR. If it involves visual changes include a screenshot or gif. Adds Cloud Security Telemetry to track all cloud accounts from products `CSPM`,`KSPM`, and`CNVM` --------- Co-authored-by: kibanamachine <[email protected]>
kibanamachine · Oct 4, 2023 · fc434d1 · fc434d1
1 parent 620ee8d
commit fc434d1
Show file tree

Hide file tree

Showing 9 changed files with 699 additions and 5 deletions.
diff --git a/.../plugins/cloud_security_posture/common/runtime_mappings/get_identifier_runtime_mapping.ts b/.../plugins/cloud_security_posture/common/runtime_mappings/get_identifier_runtime_mapping.ts
@@ -20,7 +20,6 @@ export const getIdentifierRuntimeMapping = (): MappingRuntimeFields => ({
           !doc["rule.benchmark.posture_type"].empty;
         def orchestratorIdAvailable = doc.containsKey("orchestrator.cluster.id") &&
           !doc["orchestrator.cluster.id"].empty;
-
         if (!postureTypeAvailable) {
           def identifier = orchestratorIdAvailable ?
             doc["orchestrator.cluster.id"].value : doc["cluster_id"].value;

diff --git a/...k/plugins/cloud_security_posture/common/runtime_mappings/get_package_policy_id_mapping.ts b/...k/plugins/cloud_security_posture/common/runtime_mappings/get_package_policy_id_mapping.ts
@@ -0,0 +1,23 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { MappingRuntimeFields } from '@elastic/elasticsearch/lib/api/typesWithBodyKey';
+
+export const getPackagePolicyIdRuntimeMapping = (): MappingRuntimeFields => ({
+  package_policy_identifier: {
+    type: 'keyword',
+    script: {
+      source: `
+        def packagePolicyIdAvailable = doc.containsKey("cloud_security_posture.package_policy.id") &&
+          !doc["cloud_security_posture.package_policy.id"].empty;
+        if (packagePolicyIdAvailable) {
+          emit(doc["cloud_security_posture.package_policy.id"].value);
+        }
+        `,
+    },
+  },
+});
diff --git a/...loud_security_posture/common/runtime_mappings/get_safe_kspm_cluster_id_runtime_mapping.ts b/...loud_security_posture/common/runtime_mappings/get_safe_kspm_cluster_id_runtime_mapping.ts
@@ -20,7 +20,7 @@ export const getSafeKspmClusterIdRuntimeMapping = (): MappingRuntimeFields => ({
           !doc["orchestrator.cluster.id"].empty;
         def clusterIdAvailable = doc.containsKey("cluster_id") &&
           !doc["cluster_id"].empty;
-
+          
         if (orchestratorIdAvailable) {
           emit(doc["orchestrator.cluster.id"].value);
         } else if (clusterIdAvailable) {