diff --git a/x-pack/plugins/cloud_security_posture/server/create_indices/latest_findings_mapping.ts b/x-pack/plugins/cloud_security_posture/server/create_indices/latest_findings_mapping.ts index 57305fd2df7c4..eb7ae78b61624 100644 --- a/x-pack/plugins/cloud_security_posture/server/create_indices/latest_findings_mapping.ts +++ b/x-pack/plugins/cloud_security_posture/server/create_indices/latest_findings_mapping.ts @@ -107,6 +107,10 @@ export const latestFindingsMapping: MappingTypeMapping = { }, }, }, + id: { + ignore_above: 1024, + type: 'keyword', + }, benchmark: { properties: { name: { diff --git a/x-pack/plugins/cloud_security_posture/server/create_transforms/benchmark_score_transform.ts b/x-pack/plugins/cloud_security_posture/server/create_transforms/benchmark_score_transform.ts deleted file mode 100644 index 19528d42f09af..0000000000000 --- a/x-pack/plugins/cloud_security_posture/server/create_transforms/benchmark_score_transform.ts +++ /dev/null @@ -1,96 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import type { TransformPutTransformRequest } from '@elastic/elasticsearch/lib/api/types'; -import { - LATEST_FINDINGS_INDEX_DEFAULT_NS, - BENCHMARK_SCORE_INDEX_DEFAULT_NS, -} from '../../common/constants'; - -export const benchmarkScoreTransform: TransformPutTransformRequest = { - transform_id: 'cloud_security_posture.score-default-0.0.1', - description: 'Calculate latest findings score', - source: { - index: LATEST_FINDINGS_INDEX_DEFAULT_NS, - }, - dest: { - index: BENCHMARK_SCORE_INDEX_DEFAULT_NS, - }, - frequency: '30m', - sync: { - time: { - field: 'event.ingested', - delay: '60s', - }, - }, - retention_policy: { - time: { - field: '@timestamp', - max_age: '30d', - }, - }, - pivot: { - group_by: { - '@timestamp': { - date_histogram: { - field: '@timestamp', - calendar_interval: '1m', - }, - }, - }, - aggregations: { - total_findings: { - value_count: { - field: 'result.evaluation.keyword', - }, - }, - passed_findings: { - filter: { - term: { - 'result.evaluation.keyword': 'passed', - }, - }, - }, - failed_findings: { - filter: { - term: { - 'result.evaluation.keyword': 'failed', - }, - }, - }, - score_by_cluster_id: { - terms: { - field: 'cluster_id.keyword', - }, - aggregations: { - total_findings: { - value_count: { - field: 'result.evaluation.keyword', - }, - }, - passed_findings: { - filter: { - term: { - 'result.evaluation.keyword': 'passed', - }, - }, - }, - failed_findings: { - filter: { - term: { - 'result.evaluation.keyword': 'failed', - }, - }, - }, - }, - }, - }, - }, - _meta: { - managed: 'true', - }, -}; diff --git a/x-pack/plugins/cloud_security_posture/server/create_transforms/latest_findings_transform.ts b/x-pack/plugins/cloud_security_posture/server/create_transforms/latest_findings_transform.ts index 38247357990d6..88202c032f85c 100644 --- a/x-pack/plugins/cloud_security_posture/server/create_transforms/latest_findings_transform.ts +++ b/x-pack/plugins/cloud_security_posture/server/create_transforms/latest_findings_transform.ts @@ -31,7 +31,7 @@ export const latestFindingsTransform: TransformPutTransformRequest = { }, latest: { sort: '@timestamp', - unique_key: ['resource_id.keyword', 'rule.name.keyword', 'agent.id.keyword'], + unique_key: ['resource.id.keyword', 'rule.id'], }, _meta: { managed: 'true',