Skip to content

[Cloud Security] Backport 221247 backport qualys related changes #221302

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 46 commits into from
May 27, 2025
Merged

[Cloud Security] Backport 221247 backport qualys related changes #221302

merged 46 commits into from
May 27, 2025

Conversation

@alexreal1314
Copy link
Contributor

@alexreal1314 alexreal1314 commented May 22, 2025
edited
Loading

Summary

This PR backports changes related to Qualys VMDR added integration support that were merged to version 9.1.0.

PRs backported:

Identify risks

Thorough sanity check need to be made before merging since a lot of conflicts were fixed manually.

alexreal1314 added 30 commits May 22, 2025 13:03
@alexreal1314
add handling of missing vulnerability.id in the data grid and fix fly…
476473f 
…out not opening
@alexreal1314
add handling of severity to be case insensitive in vulnerabilities da…
23a5477 
…tagrid and flyout
@alexreal1314
update vulnerabilities data grid - add title column and rename Vulner…
249335c 
…ability to CVE ID column header
@alexreal1314
add support for multiple cve in the flyout header
3dece0c 
update flyout overview tab to support multiple cves, published date move to be above alerts section
@alexreal1314
fix i18n translation files and create util function
6a11ca3
@alexreal1314
fix vulnerabilities serverity flyout display, add test ids and fix un…
096a3c6 
…it tests
@alexreal1314
add normalizeSeverity function unit tests
4123bd4
@alexreal1314
fix check types errors
8a1f1fe
@alexreal1314
update contextual flyout severity mapping to handle inensitive case v…
a1c5bb7 
…alues

update insights tab vulnerabilities column names

fix redirect from insights tab to vulnerabilties findings page
@alexreal1314
fix conflicts and update insights tab vulnerabilities table id and ti…
f8c0efb 
…tle cell render
@alexreal1314
add unit tests to composeQueryFilters and normalizeSeverity utility f…
9745523 
…unctions
@alexreal1314
fix barrel imports and fix types of utility function used by Severity…
087e503 
…StatusBadge
@alexreal1314
fix finding matching refernce in case of multiple vulnerability.id va…
7dd29aa 
…lues
@alexreal1314
add handling of missing vulnerability.id in the data grid and fix fly…
3fd2b7a 
…out not opening
@alexreal1314
add handling of severity to be case insensitive in vulnerabilities da…
f69eab4 
…tagrid and flyout
@alexreal1314
update vulnerabilities data grid - add title column and rename Vulner…
35a4ac6 
…ability to CVE ID column header
@alexreal1314
add support for multiple cve in the flyout header
09f1c54 
update flyout overview tab to support multiple cves, published date move to be above alerts section
@alexreal1314
fix i18n translation files and create util function
40add3c
@alexreal1314
fix vulnerabilities serverity flyout display, add test ids and fix un…
59bf54f 
…it tests
@alexreal1314
add normalizeSeverity function unit tests
3d62632
@alexreal1314
fix check types errors
89bf2aa
@alexreal1314
update contextual flyout severity mapping to handle inensitive case v…
e8e5055 
…alues

update insights tab vulnerabilities column names

fix redirect from insights tab to vulnerabilties findings page
@alexreal1314
add unit tests to composeQueryFilters and normalizeSeverity utility f…
47e5f14 
…unctions
@alexreal1314
update grouping package to flattern results based on params - usefull…
99f638b 
… for multil values fields

fix severity utility function types
@alexreal1314
remove barrel imports and rename hooks file name
fac8df9
@alexreal1314
remove runetime mapping casting when grouping
0e8fc47
@alexreal1314
move flattening logic to kbn-grouping package
c27ec9e
@alexreal1314
add component that renders multi value fields in vulnerability data-grid
f5acb04
@alexreal1314
add filter and copy action to popver badges for multi value fields
4d4a106
@alexreal1314
create popver table items component to display multi value fields in …
6d08921 
…vulnerabilities data table
@kibanamachine kibanamachine requested a review from a team May 22, 2025 18:14
@alexreal1314 alexreal1314 changed the base branch from main to 8.19 May 22, 2025 18:15
@alexreal1314 alexreal1314 added Team:Cloud Security Cloud Security team related ci:cloud-deploy Create or update a Cloud deployment Feature:Cloud-Security Cloud Security related features labels May 22, 2025
@alexreal1314 alexreal1314 force-pushed the backport-221247-backport-qualys-related-changes branch from a5801f9 to f4250c3 Compare May 22, 2025 21:20
@kibanamachine
Copy link
Contributor

kibanamachine commented May 22, 2025

Cloud deployment initiated, see credentials at: https://buildkite.com/elastic/kibana-deploy-cloud-from-pr/builds/187

@alexreal1314 alexreal1314 marked this pull request as ready for review May 23, 2025 10:04
@elasticmachine
Copy link
Contributor

elasticmachine commented May 23, 2025

Pinging @elastic/kibana-cloud-security-posture (Team:Cloud Security)

@alexreal1314 alexreal1314 added backport:skip This PR does not require backporting release_note:skip Skip the PR/issue when compiling release notes labels May 23, 2025
@alexreal1314 alexreal1314 mentioned this pull request May 23, 2025
Closed
@kc13greiner kc13greiner requested review from a team and removed request for a team May 23, 2025 12:58
@kc13greiner
Copy link
Contributor

kc13greiner commented May 23, 2025

Kibana Security was tagged for review (Im not sure why KB machine tagged us 🤷‍♂️ ) and the PR LGTM, but I figured this would be best for Cloud Security to review

@maxcold
Copy link
Contributor

maxcold commented May 23, 2025

Tested with Qualys data, found one issue which might be related to backporting: the filtering of the page by CVE id sometimes (not for all CVEs and I couldn't find a pattern) crashes the page. Refreshing the page with the same filter then works fine. I will investigate if Alex won't be available

Screenshot 2025-05-23 at 14 50 37

@alexreal1314 alexreal1314 force-pushed the backport-221247-backport-qualys-related-changes branch from f3def2a to 62e273c Compare May 24, 2025 07:20
@alexreal1314 alexreal1314 force-pushed the backport-221247-backport-qualys-related-changes branch from 9bdc1ec to fae2ccd Compare May 25, 2025 14:43
maxcold
maxcold approved these changes May 27, 2025
View reviewed changes
Copy link
Contributor

@maxcold maxcold left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

changes introduced in the backport are tested, the backport should be ready to be merged

...plugins/cloud_security_posture/public/pages/vulnerabilities/latest_vulnerabilities_table.tsx

const createVulnerabilityRuleFn = (rowIndex: number) => {
const vulnerabilityFinding = getCspVulnerabilityFinding(rows[rowIndex].raw._source);
const vulnerabilityFinding = getCspVulnerabilityFinding(rows[rowIndex]?.raw._source);
Copy link
Contributor

@maxcold maxcold May 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This fixes the issue I brought up in the comments, now the backport should be ready to go

@maxcold maxcold requested review from a team and removed request for kibanamachine May 27, 2025 08:35
@elasticmachine
Copy link
Contributor

elasticmachine commented May 27, 2025
edited
Loading

💚 Build Succeeded

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id before after diff
cloudSecurityPosture 696 707 +11
securitySolution 7283 7292 +9
total +20

Public APIs missing comments

Total count of every public API that lacks a comment. Target amount is 0. Run node scripts/build_api_docs --plugin [yourplugin] --stats comments for more detailed information.

id before after diff
@kbn/cloud-security-posture 93 109 +16
@kbn/cloud-security-posture-common 120 124 +4
total +20

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
cloudSecurityPosture 492.7KB 504.1KB +11.4KB
securitySolution 9.2MB 9.2MB +4.7KB
total +16.1KB
Unknown metric groups

API count

id before after diff
@kbn/cloud-security-posture 93 110 +17
@kbn/cloud-security-posture-common 122 126 +4
total +21

History

@maxcold maxcold merged commit de8e153 into 8.19 May 27, 2025
8 checks passed
@maxcold maxcold deleted the backport-221247-backport-qualys-related-changes branch May 27, 2025 10:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@maxcold maxcold maxcold approved these changes

Assignees

No one assigned

Labels

backport:skip This PR does not require backporting ci:cloud-deploy Create or update a Cloud deployment Feature:Cloud-Security Cloud Security related features release_note:skip Skip the PR/issue when compiling release notes Team:Cloud Security Cloud Security team related

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Cloud Security] backport Qualys related changes to 8.19

6 participants

@alexreal1314 @kibanamachine @elasticmachine @kc13greiner @maxcold