[Cloud Security] Backport 221247 backport qualys related changes (#221302)

## Summary

This PR backports changes related to Qualys VMDR added integration
support that were merged to version 9.1.0.

PRs backported:

- #213039
- #216411


### Identify risks

Thorough sanity check need to be made before merging since a lot of
conflicts were fixed manually.

---------

Co-authored-by: kibanamachine <[email protected]>
Co-authored-by: Maxim Kholod <[email protected]>

Author: 3 people

x-pack/platform/packages/shared/kbn-cloud-security-posture/common/constants.ts

@@ -52,3 +52,16 @@ export const MISCONFIGURATION_STATUS: Record<string, string> = {
   PASSED: 'passed',
   FAILED: 'failed',
 };
+
+export const CSP_MOMENT_FORMAT = 'MMMM D, YYYY @ HH:mm:ss.SSS';
+
+// A mapping of in-development features to their status. These features should be hidden from users but can be easily
+// activated via a simple code change in a single location.
+export const INTERNAL_FEATURE_FLAGS = {
+  showManageRulesMock: false,
+  showFindingFlyoutEvidence: true,
+} as const;
+
+export const DETECTION_RULE_RULES_API_CURRENT_VERSION = '2023-10-31';
+
+export const FINDINGS_INDEX_PATTERN = 'logs-cloud_security_posture.findings-default*';

x-pack/platform/packages/shared/kbn-cloud-security-posture/common/schema/vulnerabilities/csp_vulnerability_finding.ts

@@ -71,9 +71,9 @@ export interface CspVulnerabilityFinding {
     commit_time: string;
   };
   package: {
-    version?: string;
-    name?: string;
-    fixed_version?: string;
+    version?: string | string[];
+    name?: string | string[];
+    fixed_version?: string | string[];
   };
   data_stream: EcsDataStream;
   observer: EcsObserver;
@@ -86,9 +86,9 @@ export interface Vulnerability {
     base?: number;
   };
   cwe: string[];
-  id: string;
+  id: string | string[];
   title: string;
-  reference: string;
+  reference: string | string[];
   severity?: VulnSeverity;
   cvss?: {
     nvd: VectorScoreBase;

x-pack/platform/plugins/private/translations/translations/fr-FR.json

@@ -15521,7 +15521,6 @@
     "xpack.csp.vulnerabilities.vulnerabilityOverviewTab.vulnerabilityScores": "Scores de vulnérabilité",
     "xpack.csp.vulnerabilities.vulnerabilityOverviewTile.cvsScore": "CVSS",
     "xpack.csp.vulnerabilities.vulnerabilityOverviewTile.dataSource": "Source de données",
-    "xpack.csp.vulnerabilities.vulnerabilityOverviewTile.publishedDate": "Date de publication",
     "xpack.csp.vulnerabilities.vulnerabilityOverviewTile.publishedDateText": "{date}",
     "xpack.csp.vulnerabilitiesByResource.severityMap.tooltipTitle": "Carte des degrés de gravité",
     "xpack.csp.vulnerability_dashboard.cspPageTemplate.pageTitle": "Gestion des vulnérabilités natives du cloud",
@@ -41993,7 +41992,6 @@
     "xpack.securitySolution.flyout.left.insights.tabLabel": "Informations exploitables",
     "xpack.securitySolution.flyout.left.insights.threatIntelligenceButtonLabel": "Threat Intelligence",
     "xpack.securitySolution.flyout.left.insights.vulnerabilitiesButtonLabel": "Vulnérabilités",
-    "xpack.securitySolution.flyout.left.insights.vulnerability.table.resultColumnName": "Vulnérabilité",
     "xpack.securitySolution.flyout.left.insights.vulnerability.table.ruleColumnName": "Pack",
     "xpack.securitySolution.flyout.left.insights.vulnerability.tableTitle": "Vulnérabilité",
     "xpack.securitySolution.flyout.left.investigation.noDataDescription": "Il n'existe pas de guide d'investigation pour cette règle. {documentation} pour en ajouter un.",

x-pack/platform/plugins/private/translations/translations/ja-JP.json

@@ -15500,7 +15500,6 @@
     "xpack.csp.vulnerabilities.vulnerabilityOverviewTab.vulnerabilityScores": "脆弱性スコア",
     "xpack.csp.vulnerabilities.vulnerabilityOverviewTile.cvsScore": "CVSS",
     "xpack.csp.vulnerabilities.vulnerabilityOverviewTile.dataSource": "データソース",
-    "xpack.csp.vulnerabilities.vulnerabilityOverviewTile.publishedDate": "公開日",
     "xpack.csp.vulnerabilities.vulnerabilityOverviewTile.publishedDateText": "{date}",
     "xpack.csp.vulnerabilitiesByResource.severityMap.tooltipTitle": "重要度マップ",
     "xpack.csp.vulnerability_dashboard.cspPageTemplate.pageTitle": "Cloud Native Vulnerability Management",
@@ -41961,7 +41960,6 @@
     "xpack.securitySolution.flyout.left.insights.tabLabel": "インサイト",
     "xpack.securitySolution.flyout.left.insights.threatIntelligenceButtonLabel": "脅威インテリジェンス",
     "xpack.securitySolution.flyout.left.insights.vulnerabilitiesButtonLabel": "脆弱性",
-    "xpack.securitySolution.flyout.left.insights.vulnerability.table.resultColumnName": "脆弱性",
     "xpack.securitySolution.flyout.left.insights.vulnerability.table.ruleColumnName": "パッケージ",
     "xpack.securitySolution.flyout.left.insights.vulnerability.tableTitle": "脆弱性",
     "xpack.securitySolution.flyout.left.investigation.noDataDescription": "このルールに関する調査ガイドはありません。追加するには、{documentation}。",

x-pack/platform/plugins/private/translations/translations/zh-CN.json

@@ -15537,7 +15537,6 @@
     "xpack.csp.vulnerabilities.vulnerabilityOverviewTab.vulnerabilityScores": "漏洞分数",
     "xpack.csp.vulnerabilities.vulnerabilityOverviewTile.cvsScore": "CVSS",
     "xpack.csp.vulnerabilities.vulnerabilityOverviewTile.dataSource": "数据源",
-    "xpack.csp.vulnerabilities.vulnerabilityOverviewTile.publishedDate": "发布日期",
     "xpack.csp.vulnerabilities.vulnerabilityOverviewTile.publishedDateText": "{date}",
     "xpack.csp.vulnerabilitiesByResource.severityMap.tooltipTitle": "严重性映射",
     "xpack.csp.vulnerability_dashboard.cspPageTemplate.pageTitle": "云原生漏洞管理",
@@ -42033,7 +42032,6 @@
     "xpack.securitySolution.flyout.left.insights.tabLabel": "洞见",
     "xpack.securitySolution.flyout.left.insights.threatIntelligenceButtonLabel": "威胁情报",
     "xpack.securitySolution.flyout.left.insights.vulnerabilitiesButtonLabel": "漏洞",
-    "xpack.securitySolution.flyout.left.insights.vulnerability.table.resultColumnName": "漏洞",
     "xpack.securitySolution.flyout.left.insights.vulnerability.table.ruleColumnName": "软件包",
     "xpack.securitySolution.flyout.left.insights.vulnerability.tableTitle": "漏洞",
     "xpack.securitySolution.flyout.left.investigation.noDataDescription": "没有适用于此规则的调查指南。{documentation}以添加一个。",

x-pack/solutions/security/packages/kbn-cloud-security-posture/public/index.ts

@@ -16,3 +16,8 @@ export { getSeverityStatusColor, getCvsScoreColor } from './src/utils/get_vulner
 export { getSeverityText } from './src/utils/get_vulnerability_text';
 export { getVulnerabilityStats, hasVulnerabilitiesData } from './src/utils/vulnerability_helpers';
 export { CVSScoreBadge, SeverityStatusBadge } from './src/components/vulnerability_badges';
+export { getNormalizedSeverity } from './src/utils/get_normalized_severity';
+export { ActionableBadge, type MultiValueCellAction } from './src/components/actionable_badge';
+export { MultiValueCellPopover } from './src/components/multi_value_cell_popover';
+export { findReferenceLink } from './src/utils/find_reference_link.util';
+export { getVulnerabilitiesQuery } from './src/utils/findings_query_builders';

x-pack/solutions/security/packages/kbn-cloud-security-posture/public/src/components/actionable_badge.tsx

@@ -0,0 +1,160 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React, { useState, useRef } from 'react';
+import {
+  EuiBadge,
+  EuiText,
+  EuiButtonIcon,
+  EuiFlexGroup,
+  EuiFlexItem,
+  useEuiTheme,
+  EuiCopy,
+} from '@elastic/eui';
+import { i18n } from '@kbn/i18n';
+import { createPortal } from 'react-dom';
+import { css } from '@emotion/react';
+
+const copyItem = i18n.translate('securitySolutionPackages.csp.actionableBadge.copy', {
+  defaultMessage: 'Copy',
+});
+
+export interface MultiValueCellAction {
+  iconType: string;
+  onClick?: () => void;
+  ariaLabel: string;
+  title?: string;
+}
+
+interface ActionableBadgeProps {
+  item: string;
+  index: number;
+  actions?: MultiValueCellAction[];
+}
+
+export const ActionableBadge = ({ item, index, actions = [] }: ActionableBadgeProps) => {
+  const [showActions, setShowActions] = useState(false);
+  const { euiTheme } = useEuiTheme();
+  const buttonRef = useRef<HTMLDivElement | null>(null);
+  const iconsContainerRef = useRef<HTMLDivElement | null>(null);
+
+  const [buttonPosition, setButtonPosition] = useState({ bottom: 0, left: 0 });
+
+  const updatePosition = () => {
+    if (buttonRef.current && iconsContainerRef.current) {
+      const rect = buttonRef.current.getBoundingClientRect();
+      const myElement = iconsContainerRef.current.getBoundingClientRect();
+
+      setButtonPosition({
+        bottom: window.innerHeight - rect.top, // offset from the top of the badge
+        left: rect.right - myElement.width, // align with right edge
+      });
+    }
+  };
+
+  const buttonIconCss = css`
+    color: ${euiTheme.colors.plainLight};
+    inline-size: ${euiTheme.base}px;
+    block-size: ${euiTheme.base}px;
+    svg {
+      width: ${euiTheme.size.m};
+      height: ${euiTheme.size.m};
+  `;
+
+  React.useEffect(() => {
+    if (showActions) {
+      updatePosition();
+    }
+  }, [showActions]);
+
+  const handleMouseLeave = () => {
+    setShowActions(false);
+  };
+
+  const handleMouseEnter = () => {
+    setShowActions(true);
+  };
+
+  const actionButtons = createPortal(
+    <EuiFlexGroup
+      ref={iconsContainerRef}
+      gutterSize="xs"
+      alignItems="flexEnd"
+      onMouseEnter={handleMouseEnter}
+      responsive={false}
+      onMouseLeave={handleMouseLeave}
+      css={css`
+        position: fixed;
+        z-index: ${euiTheme.levels.modal};
+        background-color: ${euiTheme.colors.primary};
+        border-radius: ${euiTheme.size.xs};
+        padding: ${euiTheme.size.xxs};
+      `}
+      style={{
+        bottom: buttonPosition.bottom,
+        left: buttonPosition.left,
+      }}
+    >
+      {actions.map((action, actionIndex) => (
+        <EuiFlexItem grow={false} key={`${action.iconType}-${actionIndex}`}>
+          <EuiButtonIcon
+            css={buttonIconCss}
+            onClick={action.onClick}
+            iconType={action.iconType}
+            aria-label={action.ariaLabel}
+            title={action.title}
+          />
+        </EuiFlexItem>
+      ))}
+      <EuiFlexItem grow={false}>
+        <EuiCopy textToCopy={item}>
+          {(copy) => (
+            <EuiButtonIcon
+              onClick={(event: React.MouseEvent<HTMLAnchorElement>) => {
+                event.stopPropagation();
+                copy();
+              }}
+              iconType="copy"
+              css={buttonIconCss}
+              aria-label={copyItem}
+              title={copyItem}
+            />
+          )}
+        </EuiCopy>
+      </EuiFlexItem>
+    </EuiFlexGroup>,
+    document.body
+  );
+
+  return (
+    <div
+      ref={buttonRef}
+      css={css`
+        position: relative;
+        display: inline-block;
+      `}
+    >
+      {showActions && actionButtons}
+      <EuiBadge
+        onMouseEnter={handleMouseEnter}
+        onMouseLeave={handleMouseLeave}
+        color="hollow"
+        key={`${item}-${index}`}
+        data-test-subj={`multi-value-copy-badge-${index}`}
+      >
+        <EuiText
+          css={css`
+            text-overflow: ellipsis;
+          `}
+          size="m"
+        >
+          {item}
+        </EuiText>
+      </EuiBadge>
+    </div>
+  );
+};

x-pack/solutions/security/packages/kbn-cloud-security-posture/public/src/components/multi_value_cell_popover.test.tsx

@@ -0,0 +1,98 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React from 'react';
+import { act } from 'react-dom/test-utils';
+import { render, fireEvent, screen } from '@testing-library/react';
+import { MultiValueCellPopover } from './multi_value_cell_popover';
+import { EuiBadge, EuiText } from '@elastic/eui';
+import { MULTI_VALUE_CELL_FIRST_ITEM_VALUE, MULTI_VALUE_CELL_MORE_BUTTON } from '../constants';
+
+const RENDER_ITEM_TEST_ID = 'item-renderer-test-id';
+
+// Mock EUI theme hook
+jest.mock('@elastic/eui', () => ({
+  ...jest.requireActual('@elastic/eui'),
+  useEuiTheme: () => ({ euiTheme: { size: { s: '8px' } } }),
+}));
+
+describe('MultiValueCellPopover', () => {
+  const mockObject = { id: '1' };
+  const defaultRenderItem = (item: string) => (
+    <EuiBadge data-test-subj={RENDER_ITEM_TEST_ID}>{item}</EuiBadge>
+  );
+
+  it('renders single item without badge', () => {
+    render(
+      <MultiValueCellPopover
+        items={['item1']}
+        field="test"
+        object={mockObject}
+        renderItem={defaultRenderItem}
+      />
+    );
+
+    expect(screen.getByTestId(MULTI_VALUE_CELL_FIRST_ITEM_VALUE)).toBeInTheDocument();
+    expect(screen.getByTestId(MULTI_VALUE_CELL_FIRST_ITEM_VALUE)).toHaveTextContent('item1');
+    expect(screen.queryByTestId(MULTI_VALUE_CELL_MORE_BUTTON)).not.toBeInTheDocument();
+  });
+
+  it('renders multiple items with badge', () => {
+    render(
+      <MultiValueCellPopover
+        items={['item1', 'item2', 'item3']}
+        field="test"
+        object={mockObject}
+        renderItem={defaultRenderItem}
+      />
+    );
+
+    expect(screen.getByTestId(MULTI_VALUE_CELL_FIRST_ITEM_VALUE)).toBeInTheDocument();
+    expect(screen.getByTestId(MULTI_VALUE_CELL_FIRST_ITEM_VALUE)).toHaveTextContent('item1');
+    expect(screen.getByTestId(MULTI_VALUE_CELL_MORE_BUTTON)).toBeInTheDocument();
+    expect(screen.getByTestId(MULTI_VALUE_CELL_MORE_BUTTON)).toHaveTextContent('+ 2');
+  });
+
+  it('opens popover on badge click', async () => {
+    render(
+      <MultiValueCellPopover
+        items={['item1', 'item2']}
+        field="test"
+        object={mockObject}
+        renderItem={defaultRenderItem}
+      />
+    );
+
+    const badge = screen.getByText('+ 1');
+    act(() => {
+      fireEvent.click(badge);
+    });
+
+    expect(screen.getAllByTestId(RENDER_ITEM_TEST_ID)).toHaveLength(2);
+  });
+
+  it('uses custom firstItemRenderer when provided', () => {
+    const customRenderTestId = 'custom-renderer-test-id';
+
+    const customRenderer = (item: string) => (
+      <EuiText data-test-subj={customRenderTestId}>{`Custom ${item}`}</EuiText>
+    );
+
+    render(
+      <MultiValueCellPopover
+        items={['item1']}
+        field="test"
+        object={mockObject}
+        renderItem={defaultRenderItem}
+        firstItemRenderer={customRenderer}
+      />
+    );
+
+    expect(screen.getByTestId(customRenderTestId)).toBeInTheDocument();
+    expect(screen.getByTestId(customRenderTestId)).toHaveTextContent('Custom item1');
+  });
+});