diff --git a/x-pack/plugins/security_solution/public/cloud_posture/common/api/index.ts b/x-pack/plugins/security_solution/public/cloud_posture/common/api/index.ts index 2bb0af66eb2ac3..915881e2ab9b23 100644 --- a/x-pack/plugins/security_solution/public/cloud_posture/common/api/index.ts +++ b/x-pack/plugins/security_solution/public/cloud_posture/common/api/index.ts @@ -5,4 +5,4 @@ * 2.0. */ -export * from './use_cloud_posture_findings_api'; +export * from './use_cloud_posture_stats_api'; diff --git a/x-pack/plugins/security_solution/public/cloud_posture/common/api/use_cloud_posture_findings_api.ts b/x-pack/plugins/security_solution/public/cloud_posture/common/api/use_cloud_posture_findings_api.ts deleted file mode 100644 index 8f7d9e27b89739..00000000000000 --- a/x-pack/plugins/security_solution/public/cloud_posture/common/api/use_cloud_posture_findings_api.ts +++ /dev/null @@ -1,15 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { useQuery } from 'react-query'; -import { useKibana } from '../../../common/lib/kibana'; - -export const useCloudPostureFindingsApi = () => { - const { http } = useKibana().services; - // TODO: add response types - return useQuery(['csp_findings'], () => http.get('/api/csp/findings')); -}; diff --git a/x-pack/plugins/security_solution/server/cloud_posture/routes/findings.tsx b/x-pack/plugins/security_solution/server/cloud_posture/routes/findings.tsx deleted file mode 100644 index b2525e4da010fb..00000000000000 --- a/x-pack/plugins/security_solution/server/cloud_posture/routes/findings.tsx +++ /dev/null @@ -1,79 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -/* eslint-disable @typescript-eslint/no-explicit-any */ - -import { Logger } from 'src/core/server'; -import { AggregationsFiltersAggregate, SearchRequest } from '@elastic/elasticsearch/lib/api/types'; -import type { SecuritySolutionPluginRouter } from '../../types'; - -const FINDINGS_INDEX = `findings*`; -const AGENT_LOGS_INDEX = `agent_log_2*`; - -const getFindingsEsQuery = ({ runIds }: { runIds: string[] }): SearchRequest => ({ - index: FINDINGS_INDEX, - query: { terms: { 'run_id.keyword': runIds } }, -}); - -const getAgentLogsEsQuery = (): SearchRequest => ({ - index: AGENT_LOGS_INDEX, - size: 0, - query: { - bool: { - filter: [ - { term: { 'event_status.keyword': 'end' } }, - { term: { 'compliance.keyword': 'k8s cis' } }, - ], - }, - }, - aggs: { - group: { - terms: { field: 'agent.keyword' }, - aggs: { - group_docs: { - top_hits: { - size: 1, - sort: [{ timestamp: { order: 'desc' } }], - }, - }, - }, - }, - }, - fields: ['run_id.keyword', 'agent.keyword'], - _source: false, -}); - -// TODO: types -const getRunId = (v: any) => v.group_docs.hits.hits?.[0]?.fields['run_id.keyword'][0]; - -export const createFindingsRoute = (router: SecuritySolutionPluginRouter, logger: Logger): void => - router.get({ path: '/api/csp/findings', validate: false }, async (context, _, response) => { - try { - const esClient = context.core.elasticsearch.client.asCurrentUser; - const agentLogs = await esClient.search(getAgentLogsEsQuery()); - - const aggregations = agentLogs.body.aggregations; - if (!aggregations) { - logger.error(`Missing 'aggregations' in agent logs query response`); - return response.notFound(); - } - - const buckets = (aggregations.group as Record).buckets; - - if (!Array.isArray(buckets)) { - logger.error(`Missing 'buckets' in agent logs query response`); - return response.notFound(); - } - - const findings = await esClient.search(getFindingsEsQuery({ runIds: buckets.map(getRunId) })); - - const hits = findings.body.hits.hits; - return response.ok({ body: hits }); - } catch (err) { - return response.customError({ body: { message: 'Unknown error' }, statusCode: 500 }); - } - }); diff --git a/x-pack/plugins/security_solution/server/cloud_posture/routes/index.tsx b/x-pack/plugins/security_solution/server/cloud_posture/routes/index.tsx index 9ababb28b8a8c1..8c2aacc499f224 100644 --- a/x-pack/plugins/security_solution/server/cloud_posture/routes/index.tsx +++ b/x-pack/plugins/security_solution/server/cloud_posture/routes/index.tsx @@ -5,5 +5,4 @@ * 2.0. */ -export * from './findings'; export * from './score';