diff --git a/x-pack/plugins/cloud_security_posture/common/runtime_mappings/get_safe_posture_type_runtime_mapping.ts b/x-pack/plugins/cloud_security_posture/common/runtime_mappings/get_safe_posture_type_runtime_mapping.ts index 29c42402ad8dc..568829356cf82 100644 --- a/x-pack/plugins/cloud_security_posture/common/runtime_mappings/get_safe_posture_type_runtime_mapping.ts +++ b/x-pack/plugins/cloud_security_posture/common/runtime_mappings/get_safe_posture_type_runtime_mapping.ts @@ -16,14 +16,16 @@ export const getSafePostureTypeRuntimeMapping = (): MappingRuntimeFields => ({ type: 'keyword', script: { source: ` - def postureTypeAvailable = doc.containsKey("rule.benchmark.posture_type") && - !doc["rule.benchmark.posture_type"].empty; + def postureTypeAvailable = doc.containsKey("rule.benchmark.posture_type") && !doc["rule.benchmark.posture_type"].empty; + boolean isNativeCsp = doc.containsKey("data_stream.dataset") && !doc["data_stream.dataset"].empty && doc["data_stream.dataset"].value == "cloud_security_posture.findings"; - if (!postureTypeAvailable) { - // Before 8.7 release - emit("kspm"); - } else { - emit(doc["rule.benchmark.posture_type"].value); + if (isNativeCsp) { + if (!postureTypeAvailable) { + // Before 8.7 release + emit("kspm"); + } else { + emit(doc["rule.benchmark.posture_type"].value); + } } `, }, diff --git a/x-pack/plugins/cloud_security_posture/server/lib/check_index_status.ts b/x-pack/plugins/cloud_security_posture/server/lib/check_index_status.ts index 85d4a7f76a5c9..b7594da9df76e 100644 --- a/x-pack/plugins/cloud_security_posture/server/lib/check_index_status.ts +++ b/x-pack/plugins/cloud_security_posture/server/lib/check_index_status.ts @@ -49,6 +49,7 @@ export const checkIndexStatus = async ( ], }, }; + try { const queryResult = await esClient.search({ index, diff --git a/x-pack/test/api_integration/apis/cloud_security_posture/mock_data.ts b/x-pack/test/api_integration/apis/cloud_security_posture/mock_data.ts index b4daf5172b164..beb425c2318ea 100644 --- a/x-pack/test/api_integration/apis/cloud_security_posture/mock_data.ts +++ b/x-pack/test/api_integration/apis/cloud_security_posture/mock_data.ts @@ -28,6 +28,9 @@ export const findingsMockData = [ ingested: '2023-08-19T18:20:41Z', created: '2023-08-19T18:17:15.609124281Z', }, + data_stream: { + dataset: 'cloud_security_posture.findings', + }, }, { resource: { id: chance.guid(), name: `Pod`, sub_type: 'Upper case sub type' }, @@ -48,6 +51,9 @@ export const findingsMockData = [ ingested: '2023-08-19T18:20:41Z', created: '2023-08-19T18:17:15.609124281Z', }, + data_stream: { + dataset: 'cloud_security_posture.findings', + }, }, ]; diff --git a/x-pack/test/cloud_security_posture_api/routes/mocks/findings_mock.ts b/x-pack/test/cloud_security_posture_api/routes/mocks/findings_mock.ts index 92ca03b1e4789..ca8da65b79a6f 100644 --- a/x-pack/test/cloud_security_posture_api/routes/mocks/findings_mock.ts +++ b/x-pack/test/cloud_security_posture_api/routes/mocks/findings_mock.ts @@ -32,6 +32,9 @@ export const findingsMockData = [ orchestrator: { cluster: { id: 'Upper case cluster id' }, }, + data_stream: { + dataset: 'cloud_security_posture.findings', + }, }, { '@timestamp': '2023-06-29T02:08:44.993Z', @@ -55,5 +58,8 @@ export const findingsMockData = [ cloud: { account: { id: 'Another Upper case account id' }, }, + data_stream: { + dataset: 'cloud_security_posture.findings', + }, }, ]; diff --git a/x-pack/test_serverless/functional/test_suites/security/ftr/cloud_security_posture/compliance_dashboard.ts b/x-pack/test_serverless/functional/test_suites/security/ftr/cloud_security_posture/compliance_dashboard.ts index 3df7c76707e78..37c6a4aa2d2c0 100644 --- a/x-pack/test_serverless/functional/test_suites/security/ftr/cloud_security_posture/compliance_dashboard.ts +++ b/x-pack/test_serverless/functional/test_suites/security/ftr/cloud_security_posture/compliance_dashboard.ts @@ -33,6 +33,9 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) { }, }, cluster_id: 'Upper case cluster id', + data_stream: { + dataset: 'cloud_security_posture.findings', + }, }, ];