Skip to content

Commit

Permalink
[Cloud Security] do not filter out CNVM documents with missing or unk…
Browse files Browse the repository at this point in the history 
…nown severity (elastic#163419)

## Summary

This PR removes filtering vulnerabilities where the `severity` field is
missing or is different from CRITICAL, HIGH, MEDIUM or LOW. Right now
this is handled ok in the data grid but won't be reflected in the
severity map or trend chart components.
<img width="1728" alt="Screenshot 2023-08-08 at 17 42 46"
src="https://github.com/elastic/kibana/assets/478762/45ccf860-0cb7-4b03-ab51-5720dd7f90f9">



fixes
- elastic/security-team#7289
  • Loading branch information
@maxcold
maxcold authored Aug 15, 2023
1 parent 560c871 commit efbee18
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 18 deletions.
13 changes: 0 additions & 13 deletions x-pack/plugins/cloud_security_posture/common/utils/get_safe_vulnerabilities_query_filter.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,28 +5,15 @@
* 2.0.
*/
import { QueryDslQueryContainer } from '@elastic/elasticsearch/lib/api/types';
import { VULNERABILITIES_SEVERITY } from '../constants';

export const getSafeVulnerabilitiesQueryFilter = (query?: QueryDslQueryContainer) => ({
...query,
bool: {
...query?.bool,
filter: [
...((query?.bool?.filter as []) || []),
{
bool: {
minimum_should_match: 1,
should: [
{ match_phrase: { 'vulnerability.severity': VULNERABILITIES_SEVERITY.CRITICAL } },
{ match_phrase: { 'vulnerability.severity': VULNERABILITIES_SEVERITY.HIGH } },
{ match_phrase: { 'vulnerability.severity': VULNERABILITIES_SEVERITY.MEDIUM } },
{ match_phrase: { 'vulnerability.severity': VULNERABILITIES_SEVERITY.LOW } },
],
},
},
{ exists: { field: 'vulnerability.score.base' } },
{ exists: { field: 'vulnerability.score.version' } },
{ exists: { field: 'vulnerability.severity' } },
{ exists: { field: 'resource.id' } },
{ exists: { field: 'resource.name' } },
],
Expand Down
10 changes: 5 additions & 5 deletions ...k/plugins/cloud_security_posture/public/pages/vulnerabilities/utils/custom_sort_script.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,13 +28,13 @@ export const severitySortScript = (direction: string) => ({
script: {
lang: 'painless',
inline:
"if(params.scores.containsKey(doc['vulnerability.severity'].value)) { return params.scores[doc['vulnerability.severity'].value];} return 1000;",
"if(doc.containsKey('vulnerability.severity') && !doc['vulnerability.severity'].empty && doc['vulnerability.severity'].size()!=0 && doc['vulnerability.severity'].value!=null && params.scores.containsKey(doc['vulnerability.severity'].value)) { return params.scores[doc['vulnerability.severity'].value];} return 0;",
params: {
scores: {
LOW: 0,
MEDIUM: 1,
HIGH: 2,
CRITICAL: 3,
LOW: 1,
MEDIUM: 2,
HIGH: 3,
CRITICAL: 4,
},
},
},
Expand Down

0 comments on commit efbee18

Please sign in to comment.