[Cloud Security] Use CDR data views

x-pack/plugins/cloud_security_posture/common/constants.ts

@@ -45,24 +45,23 @@ export const CLOUD_SECURITY_POSTURE_PACKAGE_NAME = 'cloud_security_posture';
 export const CDR_MISCONFIGURATIONS_DATA_VIEW_NAME = 'Latest Cloud Security Misconfigurations';
 export const CDR_MISCONFIGURATIONS_DATA_VIEW_ID_PREFIX =
   'security_solution_cdr_latest_misconfigurations';
-export const CDR_MISCONFIGURATIONS_INDEX_PATTERN =
-  'logs-*_latest_misconfigurations_cdr,logs-cloud_security_posture.findings_latest-default';
+export const CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_PATTERN =
+  'logs-cloud_security_posture.findings_latest-default';
+export const CDR_LATEST_THIRD_PARTY_MISCONFIGURATIONS_INDEX_PATTERN =
+  'logs-*_latest_misconfigurations_cdr';
+export const CDR_MISCONFIGURATIONS_INDEX_PATTERN = `${CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_PATTERN},${CDR_LATEST_THIRD_PARTY_MISCONFIGURATIONS_INDEX_PATTERN}`;
 
 export const CDR_VULNERABILITIES_DATA_VIEW_NAME = 'Latest Cloud Security Vulnerabilities';
 export const CDR_VULNERABILITIES_DATA_VIEW_ID_PREFIX =
   'security_solution_cdr_latest_vulnerabilities';
 export const CDR_VULNERABILITIES_INDEX_PATTERN =
   'logs-*_latest_vulnerabilities_cdr,logs-cloud_security_posture.vulnerabilities_latest-default';
 
-// TODO: REMOVE CSP_LATEST_FINDINGS_DATA_VIEW and replace it with LATEST_FINDINGS_INDEX_PATTERN
-export const CSP_LATEST_FINDINGS_DATA_VIEW = 'logs-cloud_security_posture.findings_latest-*';
-
 export const FINDINGS_INDEX_NAME = 'logs-cloud_security_posture.findings';
 export const FINDINGS_INDEX_PATTERN = 'logs-cloud_security_posture.findings-default*';
 export const FINDINGS_INDEX_DEFAULT_NS = 'logs-cloud_security_posture.findings-default';
 
 export const LATEST_FINDINGS_INDEX_TEMPLATE_NAME = 'logs-cloud_security_posture.findings_latest';
-export const LATEST_FINDINGS_INDEX_PATTERN = 'logs-cloud_security_posture.findings_latest-*';
 export const LATEST_FINDINGS_INDEX_DEFAULT_NS =
   'logs-cloud_security_posture.findings_latest-default';
 

x-pack/plugins/cloud_security_posture/public/common/api/use_data_view.ts

@@ -7,21 +7,24 @@
 
 import { useQuery } from '@tanstack/react-query';
 import { useKibana } from '@kbn/kibana-react-plugin/public';
+import { DEFAULT_SPACE_ID } from '@kbn/spaces-plugin/common';
 import { CspClientPluginStartDeps } from '../../types';
 
 /**
  * Hook to retrieve a Data View by it's Index Pattern title
  */
-export const useDataView = (indexPattern: string) => {
+export const useDataView = (dataViewId: string) => {
   const {
     data: { dataViews },
+    spaces,
   } = useKibana<CspClientPluginStartDeps>().services;
-
-  return useQuery(['useDataView', indexPattern], async () => {
-    const [dataView] = await dataViews.find(indexPattern);
-
+  return useQuery(['useDataView', dataViewId], async () => {
+    // Using default space if spaces is not available or for serverless projects where spaces are not enabled.
+    const currentSpaceId = spaces ? (await spaces.getActiveSpace()).id : DEFAULT_SPACE_ID;
+    const dataViewIdCurrentSpace = `${dataViewId}-${currentSpaceId}`;
+    const dataView = await dataViews.get(dataViewIdCurrentSpace);
     if (!dataView) {
-      throw new Error(`Data view not found [${indexPattern}]`);
+      throw new Error(`Data view not found [${dataViewIdCurrentSpace}]`);
     }
 
     return dataView;

x-pack/plugins/cloud_security_posture/public/common/hooks/use_navigate_findings.ts

@@ -9,7 +9,7 @@ import { useCallback } from 'react';
 import { useHistory } from 'react-router-dom';
 import { Filter } from '@kbn/es-query';
 import {
-  LATEST_FINDINGS_INDEX_PATTERN,
+  CDR_MISCONFIGURATIONS_DATA_VIEW_ID_PREFIX,
   SECURITY_DEFAULT_DATA_VIEW_ID,
 } from '../../../common/constants';
 import { findingsNavigation } from '../navigation/constants';
@@ -77,7 +77,7 @@ const useNavigate = (pathname: string, dataViewId = SECURITY_DEFAULT_DATA_VIEW_I
 };
 
 export const useNavigateFindings = () => {
-  const { data } = useDataView(LATEST_FINDINGS_INDEX_PATTERN);
+  const { data } = useDataView(CDR_MISCONFIGURATIONS_DATA_VIEW_ID_PREFIX);
   return useNavigate(findingsNavigation.findings_default.path, data?.id);
 };
 

x-pack/plugins/cloud_security_posture/public/pages/configurations/configurations.tsx

@@ -8,7 +8,7 @@ import React from 'react';
 import { Redirect, useLocation } from 'react-router-dom';
 import { Routes, Route } from '@kbn/shared-ux-router';
 import { TrackApplicationView } from '@kbn/usage-collection-plugin/public';
-import { LATEST_FINDINGS_INDEX_PATTERN } from '../../../common/constants';
+import { CDR_MISCONFIGURATIONS_DATA_VIEW_ID_PREFIX } from '../../../common/constants';
 import { useCspSetupStatusApi } from '../../common/api/use_setup_status_api';
 import { NoFindingsStates } from '../../components/no_findings_states';
 import { CloudPosturePage, defaultLoadingRenderer } from '../../components/cloud_posture_page';
@@ -19,7 +19,7 @@ import { DataViewContext } from '../../common/contexts/data_view_context';
 
 export const Configurations = () => {
   const location = useLocation();
-  const dataViewQuery = useDataView(LATEST_FINDINGS_INDEX_PATTERN);
+  const dataViewQuery = useDataView(CDR_MISCONFIGURATIONS_DATA_VIEW_ID_PREFIX);
   const { data: getSetupStatus, isLoading: getSetupStatusIsLoading } = useCspSetupStatusApi();
   const hasConfigurationFindings =
     getSetupStatus?.kspm.status === 'indexed' || getSetupStatus?.cspm.status === 'indexed';

x-pack/plugins/cloud_security_posture/public/pages/configurations/findings_flyout/findings_flyout.test.tsx

@@ -9,8 +9,8 @@ import userEvent from '@testing-library/user-event';
 import { FindingsRuleFlyout } from './findings_flyout';
 import { render, screen } from '@testing-library/react';
 import { TestProvider } from '../../../test/test_provider';
+import { CDR_MISCONFIGURATIONS_INDEX_PATTERN } from '../../../../common/constants';
 import { mockFindingsHit, mockWizFinding } from '../__mocks__/findings';
-import { LATEST_FINDINGS_INDEX_DEFAULT_NS } from '../../../../common/constants';
 
 const onPaginate = jest.fn();
 
@@ -43,7 +43,7 @@ describe('<FindingsFlyout/>', () => {
       getByText(mockFindingsHit.resource.id);
       getByText(mockFindingsHit.resource.name);
       getAllByText(mockFindingsHit.rule.section);
-      getByText(LATEST_FINDINGS_INDEX_DEFAULT_NS);
+      getByText(CDR_MISCONFIGURATIONS_INDEX_PATTERN);
       mockFindingsHit.rule.tags.forEach((tag) => {
         getAllByText(tag);
       });

x-pack/plugins/cloud_security_posture/public/pages/configurations/findings_flyout/overview_tab.tsx

@@ -25,8 +25,8 @@ import { truthy } from '../../../../common/utils/helpers';
 import { CSP_MOMENT_FORMAT } from '../../../common/constants';
 import {
   INTERNAL_FEATURE_FLAGS,
-  LATEST_FINDINGS_INDEX_DEFAULT_NS,
-  LATEST_FINDINGS_INDEX_PATTERN,
+  CDR_MISCONFIGURATIONS_DATA_VIEW_ID_PREFIX,
+  CDR_MISCONFIGURATIONS_INDEX_PATTERN,
 } from '../../../../common/constants';
 import { useDataView } from '../../../common/api/use_data_view';
 import { useKibana } from '../../../common/hooks/use_kibana';
@@ -114,13 +114,13 @@ const getDetailsList = (
       getDatasetDisplayName(data.data_stream?.dataset) || data.data_stream?.dataset || EMPTY_VALUE,
   },
   {
-    title: i18n.translate('xpack.csp.findings.findingsFlyout.overviewTab.indexTitle', {
-      defaultMessage: 'Index',
+    title: i18n.translate('xpack.csp.findings.findingsFlyout.overviewTab.dataViewTitle', {
+      defaultMessage: 'Data View',
     }),
     description: discoverDataViewLink ? (
-      <EuiLink href={discoverDataViewLink}>{LATEST_FINDINGS_INDEX_DEFAULT_NS}</EuiLink>
+      <EuiLink href={discoverDataViewLink}>{CDR_MISCONFIGURATIONS_INDEX_PATTERN}</EuiLink>
     ) : (
-      LATEST_FINDINGS_INDEX_DEFAULT_NS
+      CDR_MISCONFIGURATIONS_INDEX_PATTERN
     ),
   },
 ];
@@ -189,13 +189,13 @@ export const OverviewTab = ({
   ruleFlyoutLink?: string;
 }) => {
   const { discover } = useKibana().services;
-  const latestFindingsDataView = useDataView(LATEST_FINDINGS_INDEX_PATTERN);
+  const cdrMisconfigurationsDataView = useDataView(CDR_MISCONFIGURATIONS_DATA_VIEW_ID_PREFIX);
 
   // link will navigate to our dataview in discover, filtered by the data source of the finding
   const discoverDataViewLink = useMemo(
     () =>
       discover.locator?.getRedirectUrl({
-        dataViewId: latestFindingsDataView.data?.id,
+        dataViewId: cdrMisconfigurationsDataView.data?.id,
         ...(data.data_stream?.dataset && {
           filters: [
             {
@@ -212,7 +212,7 @@ export const OverviewTab = ({
           ],
         }),
       }),
-    [data.data_stream?.dataset, discover.locator, latestFindingsDataView.data?.id]
+    [data.data_stream?.dataset, discover.locator, cdrMisconfigurationsDataView.data?.id]
   );
 
   const hasEvidence = !isEmpty(data.result?.evidence);

x-pack/plugins/cloud_security_posture/public/pages/configurations/latest_findings/use_grouped_findings.tsx

@@ -10,7 +10,7 @@ import type { IKibanaSearchResponse } from '@kbn/search-types';
 import { GenericBuckets, GroupingQuery, RootAggregation } from '@kbn/grouping/src';
 import { useQuery } from '@tanstack/react-query';
 import { lastValueFrom } from 'rxjs';
-import { CSP_LATEST_FINDINGS_DATA_VIEW } from '../../../../common/constants';
+import { CDR_MISCONFIGURATIONS_INDEX_PATTERN } from '../../../../common/constants';
 import { useKibana } from '../../../common/hooks/use_kibana';
 import { showErrorToast } from '../../../common/utils/show_error_toast';
 
@@ -69,7 +69,7 @@ export interface FindingsGroupingAggregation {
 
 export const getGroupedFindingsQuery = (query: GroupingQuery) => ({
   ...query,
-  index: CSP_LATEST_FINDINGS_DATA_VIEW,
+  index: CDR_MISCONFIGURATIONS_INDEX_PATTERN,
   size: 0,
 });
 

x-pack/plugins/cloud_security_posture/public/pages/configurations/latest_findings/use_latest_findings.ts

@@ -16,7 +16,7 @@ import { useKibana } from '../../../common/hooks/use_kibana';
 import type { FindingsBaseEsQuery } from '../../../common/types';
 import { getAggregationCount, getFindingsCountAggQuery } from '../utils/utils';
 import {
-  CSP_LATEST_FINDINGS_DATA_VIEW,
+  CDR_MISCONFIGURATIONS_INDEX_PATTERN,
   LATEST_FINDINGS_RETENTION_POLICY,
 } from '../../../../common/constants';
 import { MAX_FINDINGS_TO_LOAD } from '../../../common/constants';
@@ -48,7 +48,7 @@ export const getFindingsQuery = (
   const mutedRulesFilterQuery = buildMutedRulesFilter(rulesStates);
 
   return {
-    index: CSP_LATEST_FINDINGS_DATA_VIEW,
+    index: CDR_MISCONFIGURATIONS_INDEX_PATTERN,
     sort: getMultiFieldsSort(sort),
     size: MAX_FINDINGS_TO_LOAD,
     aggs: getFindingsCountAggQuery(),

x-pack/plugins/cloud_security_posture/public/pages/configurations/utils/get_filters.test.ts

@@ -4,7 +4,7 @@
  * 2.0; you may not use this file except in compliance with the Elastic License
  * 2.0.
  */
-import { CSP_LATEST_FINDINGS_DATA_VIEW } from '../../../../common/constants';
+import { CDR_MISCONFIGURATIONS_DATA_VIEW_ID_PREFIX } from '../../../../common/constants';
 import { createStubDataView } from '@kbn/data-views-plugin/common/stubs';
 import { DataView } from '@kbn/data-views-plugin/common';
 import { getFilters } from './get_filters';
@@ -16,7 +16,7 @@ describe('Get Filters', () => {
   beforeEach(() => {
     dataViewMock = createStubDataView({
       spec: {
-        id: CSP_LATEST_FINDINGS_DATA_VIEW,
+        id: CDR_MISCONFIGURATIONS_DATA_VIEW_ID_PREFIX,
         fields: {
           a: {
             searchable: false,

x-pack/plugins/cloud_security_posture/public/pages/vulnerabilities/vulnerabilities.tsx

@@ -6,7 +6,7 @@
  */
 import React from 'react';
 import { Routes, Route } from '@kbn/shared-ux-router';
-import { LATEST_VULNERABILITIES_INDEX_PATTERN } from '../../../common/constants';
+import { CDR_VULNERABILITIES_DATA_VIEW_ID_PREFIX } from '../../../common/constants';
 import { NoVulnerabilitiesStates } from '../../components/no_vulnerabilities_states';
 import { useCspSetupStatusApi } from '../../common/api/use_setup_status_api';
 import { CloudPosturePage } from '../../components/cloud_posture_page';
@@ -16,7 +16,7 @@ import { LatestVulnerabilitiesContainer } from './latest_vulnerabilities_contain
 import { DataViewContext } from '../../common/contexts/data_view_context';
 
 export const Vulnerabilities = () => {
-  const dataViewQuery = useDataView(LATEST_VULNERABILITIES_INDEX_PATTERN);
+  const dataViewQuery = useDataView(CDR_VULNERABILITIES_DATA_VIEW_ID_PREFIX);
 
   const getSetupStatus = useCspSetupStatusApi();
 

x-pack/plugins/cloud_security_posture/public/pages/vulnerabilities/vulnerabilties.test.tsx

@@ -8,7 +8,7 @@ import React from 'react';
 import Chance from 'chance';
 import { Vulnerabilities } from './vulnerabilities';
 import {
-  CSP_LATEST_FINDINGS_DATA_VIEW,
+  CDR_MISCONFIGURATIONS_DATA_VIEW_ID_PREFIX,
   LATEST_VULNERABILITIES_INDEX_DEFAULT_NS,
   VULN_MGMT_POLICY_TEMPLATE,
 } from '../../../common/constants';
@@ -58,7 +58,7 @@ beforeEach(() => {
     status: 'success',
     data: createStubDataView({
       spec: {
-        id: CSP_LATEST_FINDINGS_DATA_VIEW,
+        id: CDR_MISCONFIGURATIONS_DATA_VIEW_ID_PREFIX,
       },
     }),
   });

x-pack/plugins/cloud_security_posture/public/test/mock_server/handlers/dataview.handlers.mock.ts

@@ -6,6 +6,10 @@
  */
 
 import { http, HttpResponse } from 'msw';
+import {
+  CDR_MISCONFIGURATIONS_DATA_VIEW_ID_PREFIX,
+  CDR_MISCONFIGURATIONS_INDEX_PATTERN,
+} from '../../../../common/constants';
 
 const generateDataViewField = (name: string, type: 'string' | 'date' = 'string') => ({
   name,
@@ -45,3 +49,33 @@ export const defaultDataViewFindHandler = http.get(
     });
   }
 );
+
+export const defaultDataViewGetHandler = http.get(
+  'http://localhost/internal/data_views/',
+  ({ request }) => {
+    const url = new URL(request.url);
+    const id = url.searchParams.get('id');
+
+    // if (id?.includes('logs-cloud_security_posture.findings_latest-*')) {
+    if (id?.includes(CDR_MISCONFIGURATIONS_DATA_VIEW_ID_PREFIX)) {
+      return HttpResponse.json({
+        fields: [
+          generateDataViewField('@timestamp', 'date'),
+          generateDataViewField('resource.id'),
+          generateDataViewField('resource.name'),
+          generateDataViewField('resource.sub_type'),
+          generateDataViewField('result.evaluation'),
+          generateDataViewField('rule.benchmark.rule_number'),
+          generateDataViewField('rule.name'),
+          generateDataViewField('rule.section'),
+        ],
+        indices: [CDR_MISCONFIGURATIONS_INDEX_PATTERN],
+      });
+    }
+
+    return HttpResponse.json({
+      fields: [],
+      indices: [],
+    });
+  }
+);

x-pack/plugins/cloud_security_posture/public/test/mock_server/handlers/index.ts

@@ -5,7 +5,7 @@
  * 2.0.
  */
 
-import { defaultDataViewFindHandler } from './dataview.handlers.mock';
+import { defaultDataViewFindHandler, defaultDataViewGetHandler } from './dataview.handlers.mock';
 import { defaultFleetCspPackageHandler } from './fleet.handlers.mock';
 import { defaultApiLicensingInfo } from './licensing.handlers.mock';
 
@@ -18,4 +18,5 @@ export const defaultHandlers = [
   defaultApiLicensingInfo,
   defaultDataViewFindHandler,
   defaultFleetCspPackageHandler,
+  defaultDataViewGetHandler,
 ];

x-pack/plugins/cloud_security_posture/public/test/mock_server/mock_server.ts

@@ -131,6 +131,26 @@ export const getMockServerDependencies = () => {
 
             return [dataView];
           },
+          get: async (id: string) => {
+            const response = await fetch(`${MOCK_SERVER_BASE_URL}/internal/data_views/?id=${id}`);
+
+            const responseJson = await response.json();
+
+            const fields = responseJson.fields.reduce((acc: any, field: any) => {
+              acc[field.name] = field;
+              return acc;
+            }, {});
+
+            const dataView = createStubDataView({
+              spec: {
+                id,
+                title: responseJson.indices[0],
+                fields,
+              },
+            });
+
+            return dataView;
+          },
         },
       },
       licensing: {

x-pack/plugins/cloud_security_posture/public/types.ts

@@ -25,6 +25,7 @@ import type {
   UsageCollectionStart,
 } from '@kbn/usage-collection-plugin/public';
 import { SharePluginStart } from '@kbn/share-plugin/public';
+import { SpacesPluginStart } from '@kbn/spaces-plugin/public';
 import type { CspRouterProps } from './application/csp_router';
 import type { CloudSecurityPosturePageId } from './common/navigation/types';
 
@@ -67,6 +68,7 @@ export interface CspClientPluginStartDeps {
   licensing: LicensingPluginStart;
   share: SharePluginStart;
   storage: Storage;
+  spaces: SpacesPluginStart;
 
   // optional
   usageCollection?: UsageCollectionStart;

x-pack/plugins/cloud_security_posture/server/create_indices/latest_indices.ts

@@ -7,7 +7,7 @@
 
 import {
   FINDINGS_INDEX_NAME,
-  LATEST_FINDINGS_INDEX_PATTERN,
+  CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_PATTERN,
   LATEST_FINDINGS_INDEX_TEMPLATE_NAME,
   LATEST_FINDINGS_INDEX_DEFAULT_NS,
   VULNERABILITIES_INDEX_NAME,
@@ -20,7 +20,7 @@ import { LatestIndexConfig } from './types';
 export const latestIndexConfigs: LatestIndexConfig = {
   findings: {
     indexName: FINDINGS_INDEX_NAME,
-    indexPattern: LATEST_FINDINGS_INDEX_PATTERN,
+    indexPattern: CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_PATTERN,
     indexTemplateName: LATEST_FINDINGS_INDEX_TEMPLATE_NAME,
     indexDefaultName: LATEST_FINDINGS_INDEX_DEFAULT_NS,
   },