From cf3c3e6c7dd41d38490fee7025d298892dace58d Mon Sep 17 00:00:00 2001
From: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Date: Fri, 25 Oct 2024 02:44:57 +1100
Subject: [PATCH] [8.x] Security entity store host os fields (#197326)
 (#197655)

# Backport

This will backport the following commits from `main` to `8.x`:
- [Security entity store host os fields
(#197326)](https://github.com/elastic/kibana/pull/197326)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Jared
Burgett","email":"147995946+jaredburgettelastic@users.noreply.github.com"},"sourceCommit":{"committedDate":"2024-10-24T14:01:04Z","message":"Security
entity store host os fields (#197326)\n\n## Summary\r\n\r\nAdds the
`host.os.name` and `host.os.type` ECS fields to Security's\r\nentity
store definition. These fields, much like other `host.*` fields,\r\nare
collected up to a maximum number of 10 distinct
values.\r\n\r\n---------\r\n\r\nCo-authored-by: Elastic Machine
<elasticmachine@users.noreply.github.com>","sha":"a1a5db933bbd7b9d3a5da4ead05fae97dad392f4","branchLabelMapping":{"^v9.0.0$":"main","^v8.17.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:Entity
Analytics","v8.16.0","backport:version","v8.17.0"],"title":"Security
entity store host os
fields","number":197326,"url":"https://github.com/elastic/kibana/pull/197326","mergeCommit":{"message":"Security
entity store host os fields (#197326)\n\n## Summary\r\n\r\nAdds the
`host.os.name` and `host.os.type` ECS fields to Security's\r\nentity
store definition. These fields, much like other `host.*` fields,\r\nare
collected up to a maximum number of 10 distinct
values.\r\n\r\n---------\r\n\r\nCo-authored-by: Elastic Machine
<elasticmachine@users.noreply.github.com>","sha":"a1a5db933bbd7b9d3a5da4ead05fae97dad392f4"}},"sourceBranch":"main","suggestedTargetBranches":["8.16","8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/197326","number":197326,"mergeCommit":{"message":"Security
entity store host os fields (#197326)\n\n## Summary\r\n\r\nAdds the
`host.os.name` and `host.os.type` ECS fields to Security's\r\nentity
store definition. These fields, much like other `host.*` fields,\r\nare
collected up to a maximum number of 10 distinct
values.\r\n\r\n---------\r\n\r\nCo-authored-by: Elastic Machine
<elasticmachine@users.noreply.github.com>","sha":"a1a5db933bbd7b9d3a5da4ead05fae97dad392f4"}},{"branch":"8.16","label":"v8.16.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.x","label":"v8.17.0","branchLabelMappingKey":"^v8.17.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: Jared Burgett <147995946+jaredburgettelastic@users.noreply.github.com>
---
 .../entity_types/host.ts                      |  2 ++
 .../get_united_definition.test.ts             | 32 +++++++++++++++++++
 2 files changed, 34 insertions(+)

diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/united_entity_definitions/entity_types/host.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/united_entity_definitions/entity_types/host.ts
index e8d812d73ff27..db9266997743e 100644
--- a/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/united_entity_definitions/entity_types/host.ts
+++ b/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/united_entity_definitions/entity_types/host.ts
@@ -18,6 +18,8 @@ export const getHostUnitedDefinition: UnitedDefinitionBuilder = (fieldHistoryLen
       collect({ field: 'host.domain' }),
       collect({ field: 'host.hostname' }),
       collect({ field: 'host.id' }),
+      collect({ field: 'host.os.name' }),
+      collect({ field: 'host.os.type' }),
       collect({
         field: 'host.ip',
         mapping: {
diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/united_entity_definitions/get_united_definition.test.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/united_entity_definitions/get_united_definition.test.ts
index 81a381bc91873..d9c54e1fcd288 100644
--- a/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/united_entity_definitions/get_united_definition.test.ts
+++ b/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/united_entity_definitions/get_united_definition.test.ts
@@ -59,6 +59,12 @@ describe('getUnitedEntityDefinition', () => {
             "host.name": Object {
               "type": "keyword",
             },
+            "host.os.name": Object {
+              "type": "keyword",
+            },
+            "host.os.type": Object {
+              "type": "keyword",
+            },
             "host.risk.calculated_level": Object {
               "type": "keyword",
             },
@@ -95,6 +101,16 @@ describe('getUnitedEntityDefinition', () => {
               "maxLength": 10,
               "operation": "collect_values",
             },
+            Object {
+              "field": "host.os.name",
+              "maxLength": 10,
+              "operation": "collect_values",
+            },
+            Object {
+              "field": "host.os.type",
+              "maxLength": 10,
+              "operation": "collect_values",
+            },
             Object {
               "field": "host.ip",
               "maxLength": 10,
@@ -184,6 +200,22 @@ describe('getUnitedEntityDefinition', () => {
               "destination": "host.id",
               "source": "host.id",
             },
+            Object {
+              "aggregation": Object {
+                "limit": 10,
+                "type": "terms",
+              },
+              "destination": "host.os.name",
+              "source": "host.os.name",
+            },
+            Object {
+              "aggregation": Object {
+                "limit": 10,
+                "type": "terms",
+              },
+              "destination": "host.os.type",
+              "source": "host.os.type",
+            },
             Object {
               "aggregation": Object {
                 "limit": 10,