diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/elasticsearch_assets/enrich_policy.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/elasticsearch_assets/enrich_policy.ts index e849eb0b447a5..7d6fc6fd8bc24 100644 --- a/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/elasticsearch_assets/enrich_policy.ts +++ b/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/elasticsearch_assets/enrich_policy.ts @@ -10,11 +10,13 @@ import type { EnrichPutPolicyRequest } from '@elastic/elasticsearch/lib/api/type import { getEntitiesIndexName } from '../utils'; import type { UnitedEntityDefinition } from '../united_entity_definitions'; +type DefinitionMetadata = Pick; + export const getFieldRetentionEnrichPolicyName = ({ namespace, entityType, version, -}: Pick): string => { +}: DefinitionMetadata): string => { return `entity_store_field_retention_${entityType}_${namespace}_v${version}`; }; @@ -48,7 +50,7 @@ export const executeFieldRetentionEnrichPolicy = async ({ unitedDefinition, logger, }: { - unitedDefinition: UnitedEntityDefinition; + unitedDefinition: DefinitionMetadata; esClient: ElasticsearchClient; logger: Logger; }): Promise<{ executed: boolean }> => { @@ -72,7 +74,7 @@ export const deleteFieldRetentionEnrichPolicy = async ({ esClient, }: { esClient: ElasticsearchClient; - unitedDefinition: UnitedEntityDefinition; + unitedDefinition: DefinitionMetadata; }) => { const name = getFieldRetentionEnrichPolicyName(unitedDefinition); return esClient.enrich.deletePolicy({ name }, { ignore: [404] }); diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/task/field_retention_enrichment_task.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/task/field_retention_enrichment_task.ts index f7dac247dd9fd..d008c3afe6f17 100644 --- a/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/task/field_retention_enrichment_task.ts +++ b/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/task/field_retention_enrichment_task.ts @@ -20,7 +20,10 @@ import { } from './state'; import { INTERVAL, SCOPE, TIMEOUT, TYPE, VERSION } from './constants'; import type { EntityAnalyticsRoutesDeps } from '../../types'; -import { getAvailableEntityTypes, getUnitedEntityDefinition } from '../united_entity_definitions'; +import { + getAvailableEntityTypes, + getUnitedEntityDefinitionVersion, +} from '../united_entity_definitions'; import { executeFieldRetentionEnrichPolicy } from '../elasticsearch_assets'; const logFactory = @@ -63,13 +66,10 @@ export const registerEntityStoreFieldRetentionEnrichTask = ({ const [coreStart, _] = await getStartServices(); const esClient = coreStart.elasticsearch.client.asInternalUser; - const unitedDefinition = getUnitedEntityDefinition({ - namespace, - entityType, - fieldHistoryLength: 10, // we are not using this value so it can be anything - }); + const unitedDefinitionVersion = getUnitedEntityDefinitionVersion(entityType); + return executeFieldRetentionEnrichPolicy({ - unitedDefinition, + unitedDefinition: { namespace, entityType, version: unitedDefinitionVersion }, esClient, logger, }); diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/united_entity_definitions/entity_types/host.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/united_entity_definitions/entity_types/host.ts index ee39ffff529ff..e8d812d73ff27 100644 --- a/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/united_entity_definitions/entity_types/host.ts +++ b/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/united_entity_definitions/entity_types/host.ts @@ -8,11 +8,12 @@ import { collectValuesWithLength } from '../definition_utils'; import type { UnitedDefinitionBuilder } from '../types'; +export const HOST_DEFINITION_VERSION = '1.0.0'; export const getHostUnitedDefinition: UnitedDefinitionBuilder = (fieldHistoryLength: number) => { const collect = collectValuesWithLength(fieldHistoryLength); return { entityType: 'host', - version: '1.0.0', + version: HOST_DEFINITION_VERSION, fields: [ collect({ field: 'host.domain' }), collect({ field: 'host.hostname' }), diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/united_entity_definitions/entity_types/index.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/united_entity_definitions/entity_types/index.ts index c0600d45fa8b5..4193c07f308fb 100644 --- a/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/united_entity_definitions/entity_types/index.ts +++ b/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/united_entity_definitions/entity_types/index.ts @@ -5,6 +5,6 @@ * 2.0. */ -export { getHostUnitedDefinition } from './host'; -export { getUserUnitedDefinition } from './user'; +export * from './host'; +export * from './user'; export { getCommonUnitedFieldDefinitions } from './common'; diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/united_entity_definitions/entity_types/user.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/united_entity_definitions/entity_types/user.ts index 8d99a6be11912..632d1a685b992 100644 --- a/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/united_entity_definitions/entity_types/user.ts +++ b/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/united_entity_definitions/entity_types/user.ts @@ -7,11 +7,12 @@ import { collectValuesWithLength } from '../definition_utils'; import type { UnitedDefinitionBuilder } from '../types'; +export const USER_DEFINITION_VERSION = '1.0.0'; export const getUserUnitedDefinition: UnitedDefinitionBuilder = (fieldHistoryLength: number) => { const collect = collectValuesWithLength(fieldHistoryLength); return { entityType: 'user', - version: '1.0.0', + version: USER_DEFINITION_VERSION, fields: [ collect({ field: 'user.domain' }), collect({ field: 'user.email' }), diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/united_entity_definitions/get_united_definition.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/united_entity_definitions/get_united_definition.ts index f6afcba8b3589..21214f1bf95fb 100644 --- a/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/united_entity_definitions/get_united_definition.ts +++ b/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/united_entity_definitions/get_united_definition.ts @@ -10,6 +10,8 @@ import { getHostUnitedDefinition, getUserUnitedDefinition, getCommonUnitedFieldDefinitions, + USER_DEFINITION_VERSION, + HOST_DEFINITION_VERSION, } from './entity_types'; import type { UnitedDefinitionBuilder } from './types'; import { UnitedEntityDefinition } from './united_entity_definition'; @@ -44,5 +46,8 @@ export const getUnitedEntityDefinition = memoize( `${entityType}-${namespace}-${fieldHistoryLength}` ); +export const getUnitedEntityDefinitionVersion = (entityType: EntityType): string => + entityType === 'host' ? HOST_DEFINITION_VERSION : USER_DEFINITION_VERSION; + export const getAvailableEntityTypes = (): EntityType[] => Object.keys(unitedDefinitionBuilders) as EntityType[];