minor fixes

kfirpeled · kfirpeled · commit aaed0133bd5a · 2025-08-07T16:19:08.000+03:00
diff --git a/x-pack/solutions/security/plugins/cloud_security_posture/server/routes/graph/fetch_graph.ts b/x-pack/solutions/security/plugins/cloud_security_posture/server/routes/graph/fetch_graph.ts
@@ -74,15 +74,6 @@ export const fetchGraph = async ({
     "\\"id\\":\\"", _id, "\\"",
     ",\\"type\\":\\"", docType, "\\"",
     ",\\"index\\":\\"", _index, "\\"",
-    ${
-      // Incase we don't fetch from alerts index, ESQL will complain about missing field's mapping
-      alertsMappingsIncluded
-        ? `CASE (isAlert, CONCAT(",\\"alert\\":", "{",
-      "\\"ruleName\\":\\"", kibana.alert.rule.name, "\\"",
-    "}"), ""),`
-        : ''
-    }
-  "}")
     ${
       // ESQL complains about missing field's mapping when we don't fetch from alerts index
       alertsMappingsIncluded
@@ -91,6 +82,7 @@ export const fetchGraph = async ({
     "}"), ""),`
         : ''
     }
+  "}")
 | STATS badge = COUNT(*),
   docs = VALUES(docData),
   ips = VALUES(related.ip),
diff --git a/x-pack/solutions/security/test/cloud_security_posture_api/es_archives/security_alerts/mappings.json b/x-pack/solutions/security/test/cloud_security_posture_api/es_archives/security_alerts/mappings.json
@@ -24,6 +24,30 @@
           "ignore_malformed": false,
           "type": "date"
         },
+        "actor": {
+          "properties": {
+            "entity": {
+              "properties": {
+                "id": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            }
+          }
+        },
+        "target": {
+          "properties": {
+            "entity": {
+              "properties": {
+                "id": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            }
+          }
+        },
         "agent": {
           "properties": {
             "build": {
diff --git a/x-pack/solutions/security/test/cloud_security_posture_functional/es_archives/security_alerts/mappings.json b/x-pack/solutions/security/test/cloud_security_posture_functional/es_archives/security_alerts/mappings.json
@@ -24,6 +24,30 @@
           "ignore_malformed": false,
           "type": "date"
         },
+        "actor": {
+          "properties": {
+            "entity": {
+              "properties": {
+                "id": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            }
+          }
+        },
+        "target": {
+          "properties": {
+            "entity": {
+              "properties": {
+                "id": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                }
+              }
+            }
+          }
+        },
         "agent": {
           "properties": {
             "build": {
@@ -8664,4 +8688,4 @@
       }
     }
   }
-}
+}
