Merge remote-tracking branch 'upstream/main' into total-number-cases-…

…update

x-pack/performance/journeys/cloud_security_dashboard.ts

@@ -14,6 +14,7 @@ export const journey = new Journey({
       const response = await kibanaServer.request({
         path: '/internal/cloud_security_posture/status?check=init',
         method: 'GET',
+        headers: { 'elastic-api-version': '1' },
       });
       expect(response.status).to.eql(200);
       expect(response.data).to.eql({ isPluginInitialized: true });

x-pack/plugins/cloud_security_posture/common/constants.ts

@@ -8,6 +8,8 @@
 import { PostureTypes, VulnSeverity } from './types';
 
 export const STATUS_ROUTE_PATH = '/internal/cloud_security_posture/status';
+export const STATUS_API_CURRENT_VERSION = '1';
+
 export const STATS_ROUTE_PATH = '/internal/cloud_security_posture/stats/{policy_template}';
 
 export const VULNERABILITIES_DASHBOARD_ROUTE_PATH =

x-pack/plugins/cloud_security_posture/public/common/api/use_setup_status_api.ts

@@ -8,7 +8,7 @@
 import { useQuery, type UseQueryOptions } from '@tanstack/react-query';
 import { useKibana } from '../hooks/use_kibana';
 import { type CspSetupStatus } from '../../../common/types';
-import { STATUS_ROUTE_PATH } from '../../../common/constants';
+import { STATUS_API_CURRENT_VERSION, STATUS_ROUTE_PATH } from '../../../common/constants';
 
 const getCspSetupStatusQueryKey = 'csp_status_key';
 
@@ -18,7 +18,7 @@ export const useCspSetupStatusApi = (
   const { http } = useKibana().services;
   return useQuery<CspSetupStatus, unknown, CspSetupStatus>(
     [getCspSetupStatusQueryKey],
-    () => http.get<CspSetupStatus>(STATUS_ROUTE_PATH),
+    () => http.get<CspSetupStatus>(STATUS_ROUTE_PATH, { version: STATUS_API_CURRENT_VERSION }),
     options
   );
 };

x-pack/plugins/cloud_security_posture/server/routes/csp_rule_template/get_csp_rule_template.ts

@@ -7,7 +7,6 @@
 
 import { NewPackagePolicy } from '@kbn/fleet-plugin/common';
 import { SavedObjectsClientContract } from '@kbn/core-saved-objects-api-server';
-import pMap from 'p-map';
 import { transformError } from '@kbn/securitysolution-es-utils';
 import { GetCspRuleTemplateRequest, GetCspRuleTemplateResponse } from '../../../common/types';
 import { CspRuleTemplate } from '../../../common/schemas';
@@ -61,13 +60,9 @@ const findCspRuleTemplateHandler = async (
     filter: getBenchmarkTypeFilter(benchmarkId),
   });
 
-  const cspRulesTemplates = await pMap(
-    cspRulesTemplatesSo.saved_objects,
-    async (cspRuleTemplate) => {
-      return { ...cspRuleTemplate.attributes };
-    },
-    { concurrency: 50 }
-  );
+  const cspRulesTemplates = cspRulesTemplatesSo.saved_objects.map((cspRuleTemplate) => {
+    return { ...cspRuleTemplate.attributes };
+  });
 
   return {
     items: cspRulesTemplates,

x-pack/plugins/cloud_security_posture/server/routes/status/status.ts

@@ -16,6 +16,7 @@ import type {
 import moment from 'moment';
 import { Installation, PackagePolicy } from '@kbn/fleet-plugin/common';
 import { schema } from '@kbn/config-schema';
+import { VersionedRoute } from '@kbn/core-http-server/src/versioning/types';
 import {
   CLOUD_SECURITY_POSTURE_PACKAGE_NAME,
   STATUS_ROUTE_PATH,
@@ -29,7 +30,12 @@ import {
   LATEST_VULNERABILITIES_INDEX_DEFAULT_NS,
   VULN_MGMT_POLICY_TEMPLATE,
 } from '../../../common/constants';
-import type { CspApiRequestHandlerContext, CspRouter, StatusResponseInfo } from '../../types';
+import type {
+  CspApiRequestHandlerContext,
+  CspRequestHandlerContext,
+  CspRouter,
+  StatusResponseInfo,
+} from '../../types';
 import type {
   CspSetupStatus,
   CspStatusCode,
@@ -328,44 +334,55 @@ export const statusQueryParamsSchema = schema.object({
   check: schema.oneOf([schema.literal('all'), schema.literal('init')], { defaultValue: 'all' }),
 });
 
-export const defineGetCspStatusRoute = (router: CspRouter): void =>
-  router.get(
-    {
+export const defineGetCspStatusRoute = (
+  router: CspRouter
+): VersionedRoute<'get', CspRequestHandlerContext> =>
+  router.versioned
+    .get({
+      access: 'internal',
       path: STATUS_ROUTE_PATH,
-      validate: { query: statusQueryParamsSchema },
       options: {
         tags: ['access:cloud-security-posture-read'],
       },
-    },
-    async (context, request, response) => {
-      const cspContext = await context.csp;
-      try {
-        if (request.query.check === 'init') {
+    })
+    .addVersion(
+      {
+        version: '1',
+        validate: {
+          request: {
+            query: statusQueryParamsSchema,
+          },
+        },
+      },
+      async (context, request, response) => {
+        const cspContext = await context.csp;
+        try {
+          if (request.query.check === 'init') {
+            return response.ok({
+              body: {
+                isPluginInitialized: cspContext.isPluginInitialized(),
+              },
+            });
+          }
+          const status: CspSetupStatus = await getCspStatus({
+            ...cspContext,
+            esClient: cspContext.esClient.asCurrentUser,
+          });
           return response.ok({
-            body: {
-              isPluginInitialized: cspContext.isPluginInitialized(),
-            },
+            body: status,
+          });
+        } catch (err) {
+          cspContext.logger.error(`Error getting csp status`);
+          cspContext.logger.error(err);
+
+          const error = transformError(err);
+          return response.customError({
+            body: { message: error.message },
+            statusCode: error.statusCode,
           });
         }
-        const status = await getCspStatus({
-          ...cspContext,
-          esClient: cspContext.esClient.asCurrentUser,
-        });
-        return response.ok({
-          body: status,
-        });
-      } catch (err) {
-        cspContext.logger.error(`Error getting csp status`);
-        cspContext.logger.error(err);
-
-        const error = transformError(err);
-        return response.customError({
-          body: { message: error.message },
-          statusCode: error.statusCode,
-        });
       }
-    }
-  );
+    );
 
 const getStatusResponse = (statusResponseInfo: StatusResponseInfo) => {
   const {

x-pack/plugins/cloud_security_posture/tsconfig.json

@@ -48,6 +48,7 @@
     "@kbn/shared-ux-router",
     "@kbn/core-saved-objects-server",
     "@kbn/share-plugin",
+    "@kbn/core-http-server",
   ],
   "exclude": [
     "target/**/*",

x-pack/plugins/security_solution/common/endpoint/data_generators/endpoint_metadata_generator.ts

@@ -215,6 +215,7 @@ export class EndpointMetadataGenerator extends BaseDataGenerator {
           },
         },
       },
+      last_checkin: new Date().toISOString(),
     };
     return merge(hostInfo, overrides);
   }

x-pack/plugins/security_solution/common/endpoint/data_loaders/index_endpoint_hosts.ts

@@ -211,7 +211,7 @@ export async function indexEndpointHostDocs({
     await client
       .index({
         index: metadataIndex,
-        body: hostMetadata,
+        document: hostMetadata,
         op_type: 'create',
         refresh: 'wait_for',
       })
@@ -225,7 +225,7 @@ export async function indexEndpointHostDocs({
     await client
       .index({
         index: policyResponseIndex,
-        body: hostPolicyResponse,
+        document: hostPolicyResponse,
         op_type: 'create',
         refresh: 'wait_for',
       })
@@ -281,19 +281,17 @@ export const deleteIndexedEndpointHosts = async (
   };
 
   if (indexedData.hosts.length) {
-    const body = {
-      query: {
-        bool: {
-          filter: [{ terms: { 'agent.id': indexedData.hosts.map((host) => host.agent.id) } }],
-        },
+    const query = {
+      bool: {
+        filter: [{ terms: { 'agent.id': indexedData.hosts.map((host) => host.agent.id) } }],
       },
     };
 
     response.hosts = await esClient
       .deleteByQuery({
         index: indexedData.metadataIndex,
         wait_for_completion: true,
-        body,
+        query,
       })
       .catch(wrapErrorAndRejectPromise);
 
@@ -302,7 +300,7 @@ export const deleteIndexedEndpointHosts = async (
       .deleteByQuery({
         index: metadataCurrentIndexPattern,
         wait_for_completion: true,
-        body,
+        query,
       })
       .catch(wrapErrorAndRejectPromise);
   }
@@ -312,19 +310,17 @@ export const deleteIndexedEndpointHosts = async (
       .deleteByQuery({
         index: indexedData.policyResponseIndex,
         wait_for_completion: true,
-        body: {
-          query: {
-            bool: {
-              filter: [
-                {
-                  terms: {
-                    'agent.id': indexedData.policyResponses.map(
-                      (policyResponse) => policyResponse.agent.id
-                    ),
-                  },
+        query: {
+          bool: {
+            filter: [
+              {
+                terms: {
+                  'agent.id': indexedData.policyResponses.map(
+                    (policyResponse) => policyResponse.agent.id
+                  ),
                 },
-              ],
-            },
+              },
+            ],
           },
         },
       })

x-pack/plugins/security_solution/common/endpoint/types/index.ts

@@ -474,7 +474,7 @@ export type PolicyInfo = Immutable<{
 }>;
 
 // Host Information as returned by the Host Details API.
-// NOTE:  `HostInfo` type is the original and defined as Immutable.
+// NOTE:The `HostInfo` type is the original and defined as Immutable.
 export interface HostInfoInterface {
   metadata: HostMetadataInterface;
   host_status: HostStatus;
@@ -485,7 +485,7 @@ export interface HostInfoInterface {
        */
       configured: PolicyInfo;
       /**
-       * Last reported running in agent (may lag behind configured)
+       * Last reported running in agent (might lag behind configured)
        */
       applied: PolicyInfo;
     };
@@ -494,14 +494,22 @@ export interface HostInfoInterface {
      */
     endpoint: PolicyInfo;
   };
+  /**
+   * The time when the Elastic Agent associated with this Endpoint host checked in with fleet
+   * Conceptually the value is the same as Agent['last_checkin'] if present, but we fall back to
+   * UnitedAgentMetadataPersistedData['united']['endpoint']['metadata']['@timestamp']
+   * if `Agent.last_checkin` value is `undefined`
+   */
+  last_checkin: string;
 }
 
 export type HostInfo = Immutable<HostInfoInterface>;
 
 // Host metadata document streamed up to ES by the Endpoint running on host machines.
-// NOTE:  `HostMetadata` type is the original and defined as Immutable. If needing to
+// NOTE: The `HostMetadata` type is the original and defined as Immutable. If you need to
 //        work with metadata that is not mutable, use `HostMetadataInterface`
 export type HostMetadata = Immutable<HostMetadataInterface>;
+
 export interface HostMetadataInterface {
   '@timestamp': number;
   event: {

x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/integration_tests/status_action.test.tsx

@@ -53,9 +53,10 @@ describe('When using processes action from response actions console', () => {
   };
 
   const endpointDetailsMock = () => {
+    const newDate = new Date('2023-04-20T09:37:40.309Z');
     const endpointMetadata = new EndpointMetadataGenerator('seed').generateHostInfo({
       metadata: {
-        '@timestamp': new Date('2023-04-20T09:37:40.309Z').getTime(),
+        '@timestamp': newDate.getTime(),
         agent: {
           id: agentId,
           version: '8.8.0',
@@ -69,6 +70,7 @@ describe('When using processes action from response actions console', () => {
           },
         },
       },
+      last_checkin: newDate.toISOString(),
     });
     useGetEndpointDetailsMock.mockReturnValue({
       data: endpointMetadata,

x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/status_action.tsx

@@ -5,7 +5,7 @@
  * 2.0.
  */
 
-import React, { memo, useEffect, useMemo, useCallback } from 'react';
+import React, { memo, useCallback, useEffect, useMemo } from 'react';
 import { EuiDescriptionList } from '@elastic/eui';
 import { v4 as uuidV4 } from 'uuid';
 import { i18n } from '@kbn/i18n';
@@ -242,7 +242,7 @@ export const EndpointStatusActionResult = memo<
                 'xpack.securitySolution.endpointResponseActions.status.lastActive',
                 { defaultMessage: 'Last active' }
               )}
-              value={endpointDetails.metadata['@timestamp']}
+              value={endpointDetails.last_checkin}
             />
           </ConsoleCodeBlock>
         ),

x-pack/plugins/security_solution/public/management/components/endpoint_responder/components/header_endpoint_info.test.tsx

@@ -58,7 +58,7 @@ describe('Responder header endpoint info', () => {
     );
     expect(agentStatus.textContent).toBe(`UnhealthyIsolating`);
   });
-  it('should show last updated time', async () => {
+  it('should show last checkin time', async () => {
     const lastUpdated = await renderResult.findByTestId('responderHeaderLastSeen');
     expect(lastUpdated).toBeTruthy();
   });

x-pack/plugins/security_solution/public/management/components/endpoint_responder/components/header_endpoint_info.tsx

@@ -9,10 +9,10 @@ import React, { memo } from 'react';
 import {
   EuiFlexGroup,
   EuiFlexItem,
-  EuiText,
   EuiSkeletonText,
-  EuiToolTip,
   EuiSpacer,
+  EuiText,
+  EuiToolTip,
 } from '@elastic/eui';
 import { euiStyled } from '@kbn/kibana-react-plugin/common';
 import { FormattedMessage, FormattedRelative } from '@kbn/i18n-react';
@@ -88,7 +88,7 @@ export const HeaderEndpointInfo = memo<HeaderEndpointInfoProps>(({ endpointId })
                 id="xpack.securitySolution.responder.header.lastSeen"
                 defaultMessage="Last seen {date}"
                 values={{
-                  date: <FormattedRelative value={endpointDetails.metadata['@timestamp']} />,
+                  date: <FormattedRelative value={endpointDetails.last_checkin} />,
                 }}
               />
             </EuiText>