[Cloud Security] update score trendline to support muting rules #173987
Conversation
CohenIdo
force-pushed
the
index-custom-posture-score
branch
from
8626e1f to
7346b3d
Compare
CohenIdo
added
the
release_note:skip
| @@ -157,25 +157,33 @@ export type CspBenchmarkRulesBulkActionRequestSchema = TypeOf< | |||
| typeof cspBenchmarkRulesBulkActionRequestSchema | |||
There was a problem hiding this comment.
the latest version now is v4 introduced in #173345 . Though I'm not sure if we need a v4 tbh. If we don't really need v4, let's consider reverting to having v3
| @@ -10,6 +10,7 @@ import { | |||
| CspBenchmarkRulesBulkActionRequestSchema, | |||
| CspBenchmarkRulesStates, | |||
| cspBenchmarkRulesBulkActionRequestSchema, | |||
| CspBenchmarkRulesBulkActionResponse, | |||
| } from '../../../../common/types/rules/v3'; | |||
There was a problem hiding this comment.
any reason not to import from latest? now when we have v4 I'm lost in the version tbh :)
There was a problem hiding this comment.
So now I import from v4, since the response is coupled with the api version we don't want to import it from latest
| @@ -47,5 +47,8 @@ export const benchmarkScoreMapping: MappingTypeMapping = { | |||
| low: { | |||
| type: 'long', | |||
| }, | |||
| is_custom_score: { | |||
There was a problem hiding this comment.
what about is_unmuted_score ? custom to me is very generic name, which might be good if we plan to add more 'signals' to the same score, but otherwise it's hard to undertand what custom refers to without knowing the history
There was a problem hiding this comment.
I renamed it to is_enabled_rules_score
There was a problem hiding this comment.
I think it's better than custom but how do you decide when to use mute/unmute and when enable/disabled. I think we should settle on one term and use it consistently, otherwise in the future it might get very confusing. I also thought that we decided to go with mute/unmute but I might be missing smth. Wouldn't block the pr on the naming ofc, but consider the renaming in the follow up if you think it makes sense
x-pack/plugins/cloud_security_posture/server/routes/benchmark_rules/bulk_action/utils.ts
Outdated
Show resolved
Hide resolved
x-pack/plugins/cloud_security_posture/server/routes/benchmark_rules/bulk_action/v1.ts
Outdated
Show resolved
Hide resolved
x-pack/plugins/cloud_security_posture/server/routes/benchmark_rules/get_states/v1.ts
Outdated
Show resolved
Hide resolved
x-pack/plugins/cloud_security_posture/server/routes/benchmark_rules/get_states/v1.ts
Outdated
Show resolved
Hide resolved
x-pack/plugins/cloud_security_posture/server/tasks/findings_stats_task.ts
Outdated
Show resolved
Hide resolved
| @@ -100,6 +102,9 @@ export default function ({ getService }: FtrProviderContext) { | |||
| await kibanaServer.savedObjects.clean({ | |||
| types: ['cloud-security-posture-settings'], | |||
| }); | |||
| await kibanaServer.savedObjects.clean({ | |||
There was a problem hiding this comment.
can it be joined with the prev clean call? Like
await kibanaServer.savedObjects.clean({
types: ['cloud-security-posture-settings', 'alert'],
});
💛 Build succeeded, but was flaky
Failed CI StepsTest Failures
Metrics [docs]
History
To update your PR or re-run it, just comment with: |
kibanamachine
added
v8.13.0
backport:skip
|
Pinging @elastic/kibana-cloud-security-posture (Team:Cloud Security) |
|
Hey team, bunch of PRs were missing the team label. I added the labels in. Thanks! |
Summary
solves:
This PR modifies the score trendline, reflecting it based on muted rules. If rules are muted, the dashboard displays the custom compliance score trendline, which is derived from the disabled rules.
It's done by indexing score documents with a flag
is_custom_scorethat indicates if the score is calculated based on all findings or for findings of enabled rules.We continue to calculate the complete score anyway for future product requirements that will enable the user to compare between his custom score the the full compliance score.
It is the first step to making the compliance dashboard compatible with muting rules and contains only the score trendline.
In the next task, https://github.com/elastic/security-team/issues/7958, we will cover the whole dashboard page to support muting rules and then tests will be added.
For now, as long as the muting rules functionality is not exposed the current behavior will remain the same.
Demo
score.trendline.mp4