diff --git a/packages/cloud_security_posture/changelog.yml b/packages/cloud_security_posture/changelog.yml index c489251f904..72089181c51 100644 --- a/packages/cloud_security_posture/changelog.yml +++ b/packages/cloud_security_posture/changelog.yml @@ -11,6 +11,9 @@ link: https://github.com/elastic/integrations/pull/7379 - version: "1.5.0-preview31" changes: + - description: Add vulnerability mappings + type: enhancement + link: https://github.com/elastic/integrations/pull/1176 - description: Ensure event.kind is correctly set for pipeline errors. type: enhancement link: https://github.com/elastic/integrations/pull/7048 diff --git a/packages/cloud_security_posture/data_stream/vulnerabilities/elasticsearch/ingest_pipeline/default.yml b/packages/cloud_security_posture/data_stream/vulnerabilities/elasticsearch/ingest_pipeline/default.yml index ffcabdea1c4..bcf1fe5c8c3 100644 --- a/packages/cloud_security_posture/data_stream/vulnerabilities/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cloud_security_posture/data_stream/vulnerabilities/elasticsearch/ingest_pipeline/default.yml @@ -1,13 +1,18 @@ --- description: Pipeline for cloudbeat vulnerabilities processors: -- set: - field: ecs.version - value: '8.6.0' + - set: + field: ecs.version + value: "8.6.0" + - set: + field: cloud.service.name + value: "AWS EC2" + description: "Adding vulnerability type for cloudbeat version < 8.10" + if: ctx.cloud?.service?.name == null on_failure: - set: field: event.kind value: pipeline_error - append: field: error.message - value: '{{{ _ingest.on_failure_message }}}' + value: "{{{ _ingest.on_failure_message }}}" diff --git a/packages/cloud_security_posture/data_stream/vulnerabilities/fields/cloud.yml b/packages/cloud_security_posture/data_stream/vulnerabilities/fields/cloud.yml new file mode 100644 index 00000000000..e9739f464fc --- /dev/null +++ b/packages/cloud_security_posture/data_stream/vulnerabilities/fields/cloud.yml @@ -0,0 +1,19 @@ +- name: cloud + type: group + fields: + - name: service.name + type: keyword + - name: machine.type + type: keyword + - name: machine.Authentication.key + type: keyword + - name: machine.Launch_time + type: keyword + - name: machine.Image + type: keyword + - name: Tags + type: keyword + - name: availability_zone + type: keyword + - name: Security.security_groups + type: object diff --git a/packages/cloud_security_posture/data_stream/vulnerabilities/fields/ecs.yml b/packages/cloud_security_posture/data_stream/vulnerabilities/fields/ecs.yml index a58b8a3064a..05d199513c1 100644 --- a/packages/cloud_security_posture/data_stream/vulnerabilities/fields/ecs.yml +++ b/packages/cloud_security_posture/data_stream/vulnerabilities/fields/ecs.yml @@ -80,6 +80,10 @@ external: ecs - name: cloud.account.name external: ecs +- name: cloud.instance.name + external: ecs +- name: cloud.instance.id + external: ecs - name: cloud.provider external: ecs - name: cloud.region diff --git a/packages/cloud_security_posture/data_stream/vulnerabilities/fields/network.yml b/packages/cloud_security_posture/data_stream/vulnerabilities/fields/network.yml new file mode 100644 index 00000000000..3152379d5c5 --- /dev/null +++ b/packages/cloud_security_posture/data_stream/vulnerabilities/fields/network.yml @@ -0,0 +1,9 @@ +- name: network + type: group + fields: + - name: Private_ip + type: keyword + - name: Public_ip + type: keyword + - name: Mac_addresses + type: keyword diff --git a/packages/cloud_security_posture/data_stream/vulnerabilities/fields/resource.yml b/packages/cloud_security_posture/data_stream/vulnerabilities/fields/resource.yml index 425eb9530e9..91525c1d26b 100644 --- a/packages/cloud_security_posture/data_stream/vulnerabilities/fields/resource.yml +++ b/packages/cloud_security_posture/data_stream/vulnerabilities/fields/resource.yml @@ -1,3 +1,4 @@ +# Deprecated replaced by cloud.instance fields - name: resource type: group fields: diff --git a/packages/cloud_security_posture/data_stream/vulnerabilities/fields/vulnerability.yml b/packages/cloud_security_posture/data_stream/vulnerabilities/fields/vulnerability.yml index 1ee67cb12db..517b6721173 100644 --- a/packages/cloud_security_posture/data_stream/vulnerabilities/fields/vulnerability.yml +++ b/packages/cloud_security_posture/data_stream/vulnerabilities/fields/vulnerability.yml @@ -1,6 +1,7 @@ - name: vulnerability type: group fields: + # Deprecated replaced by category - name: class type: keyword - name: package.version @@ -9,7 +10,7 @@ type: keyword - name: package.fixed_version type: keyword - - name: title + - name: Title type: keyword - name: data_source.ID type: keyword