Open JordanSh opened 1 year ago
Pinging @elastic/kibana-cloud-security-posture (Team:Cloud Security)
Note that we need to support BC, for example cloudbeat version 8.6 does not send findings with posture_type nor rule_number fields
@kfirpeled - should we remove the 8.8 label? since sprint 23 is the last one for before 8.8 feature freeze..
Moving this back into Todo and assigning to @JordanSh.
I am leaving the branch I created for @JordanSh to reference.
After the changes introduced in CIS AWS, a
finding
can have different fields based on its posture type. We should rewrite the type forCspFinding
as a discriminating union that uses therule.benchmark.posture_type
field as a discriminator. posture type ofcspm
contains thecloud
field. whilekspm
will contain thecluster
field instead.It's important to verify if the
cis_eks
can contain both fields, if that's the case, therule.benchmark.id
should be used as the discriminator