[Cloud Security][Tech Debt] Use DataView instead of latest index for querying misconfigurations #179628
Labels
Team:Cloud Security
Cloud Security team related
technical debt
Improvement of the software architecture and operational architecture
Motivation
While we use DataViews to get data for our Findings page, we still use
logs-cloud_security_posture.findings_latest-*
index pattern directly in some places. We need to use DataView to get findings data consistently, this will support our plans to bring 3rd party data into our flows.Technical details
look for the usages of
CSP_LATEST_FINDINGS_DATA_VIEW
, which disregard of the name, used to query data by the index pattern, not via a Data View. In contrast look forLATEST_FINDINGS_INDEX_PATTERN
to see the examples of the DataView usage.getGroupedFindingsQuery
andgetFindingsQuery
will need to be changed to leverage DataView searchDefinition of done
logs-cloud_security_posture.findings_latest-*
is not used as an index pattern to get findings data, all the data should be queried through a DataViewOut of scope
logs-cloud_security_posture.findings_latest-default
to get data from a specific index for telemetry, score calculation and status checks for indexes.logs-cloud_security_posture.findings_latest-*
to search for a DataView instead of the use of dataView idRelated tasks/epics
Team tag
@elastic/kibana-cloud-security-posture
The text was updated successfully, but these errors were encountered: