[Cloud Security] Severity trend graph (#159460)

elastic · Jun 19, 2023 · 821818e · 821818e
1 parent 6789969
commit 821818e
Show file tree

Hide file tree

Showing 18 changed files with 775 additions and 118 deletions.
diff --git a/x-pack/plugins/cloud_security_posture/common/types.ts b/x-pack/plugins/cloud_security_posture/common/types.ts
@@ -131,6 +131,15 @@ export interface GetCspRuleTemplateResponse {
 
 // CNVM DASHBOARD
 
+export interface VulnScoreTrend {
+  '@timestamp': string;
+  policy_template: 'vuln_mgmt';
+  critical: number;
+  high: number;
+  medium: number;
+  low: number;
+}
+
 export interface CnvmStatistics {
   criticalCount: number | undefined;
   highCount: number | undefined;
@@ -141,6 +150,7 @@ export interface CnvmStatistics {
 
 export interface CnvmDashboardData {
   cnvmStatistics: CnvmStatistics;
+  vulnTrends: VulnScoreTrend[];
   topVulnerableResources: VulnerableResourceStat[];
   topPatchableVulnerabilities: PatchableVulnerabilityStat[];
   topVulnerabilities: VulnerabilityStat[];

diff --git a/...mmon/api/use_vulnerabilities_stats_api.ts → ...on/api/use_vulnerability_dashboard_api.ts b/...mmon/api/use_vulnerabilities_stats_api.ts → ...on/api/use_vulnerability_dashboard_api.ts
@@ -10,9 +10,9 @@ import { CnvmDashboardData } from '../../../common/types';
 import { useKibana } from '../hooks/use_kibana';
 import { VULNERABILITIES_DASHBOARD_ROUTE_PATH } from '../../../common/constants';
 
-const cnvmKey = 'use-cnvm-statistics-api-key';
+const cnvmKey = 'use-vulnerability-dashboard-api-key';
 
-export const useCnvmStatisticsApi = (
+export const useVulnerabilityDashboardApi = (
   options?: UseQueryOptions<unknown, unknown, CnvmDashboardData, string[]>
 ) => {
   const { http } = useKibana().services;

diff --git a/x-pack/plugins/cloud_security_posture/public/components/chart_panel.tsx b/x-pack/plugins/cloud_security_posture/public/components/chart_panel.tsx
@@ -5,7 +5,7 @@
  * 2.0.
  */
 
-import React from 'react';
+import React, { ReactNode } from 'react';
 import {
   EuiPanel,
   EuiText,
@@ -22,6 +22,7 @@ interface ChartPanelProps {
   hasBorder?: boolean;
   isLoading?: boolean;
   isError?: boolean;
+  rightSideItems?: ReactNode[];
 }
 
 const Loading = () => (
@@ -52,6 +53,7 @@ export const ChartPanel: React.FC<ChartPanelProps> = ({
   isLoading,
   isError,
   children,
+  rightSideItems,
 }) => {
   const { euiTheme } = useEuiTheme();
   const renderChart = () => {
@@ -64,13 +66,18 @@ export const ChartPanel: React.FC<ChartPanelProps> = ({
     <EuiPanel hasBorder={hasBorder} hasShadow={false} data-test-subj="chart-panel">
       <EuiFlexGroup direction="column" gutterSize="m" style={{ height: '100%' }}>
         <EuiFlexItem grow={false}>
-          {title && (
-            <EuiTitle size="xs">
-              <h3 style={{ lineHeight: 'initial', paddingLeft: euiTheme.size.s }}>{title}</h3>
-            </EuiTitle>
-          )}
+          <EuiFlexGroup justifyContent={'spaceBetween'}>
+            <EuiFlexItem grow={false} style={{ justifyContent: 'center' }}>
+              {title && (
+                <EuiTitle size="s">
+                  <h3 style={{ lineHeight: 'initial', paddingLeft: euiTheme.size.s }}>{title}</h3>
+                </EuiTitle>
+              )}
+            </EuiFlexItem>
+            <EuiFlexItem grow={false}>{rightSideItems}</EuiFlexItem>
+          </EuiFlexGroup>
         </EuiFlexItem>
-        <EuiFlexItem>{renderChart()}</EuiFlexItem>
+        <EuiFlexItem style={{ height: '100%' }}>{renderChart()}</EuiFlexItem>
       </EuiFlexGroup>
     </EuiPanel>
   );

diff --git a/...rity_posture/public/pages/vulnerability_dashboard/_mocks_/vulnerability_dashboard.mock.ts b/...rity_posture/public/pages/vulnerability_dashboard/_mocks_/vulnerability_dashboard.mock.ts
@@ -0,0 +1,278 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { CnvmDashboardData } from '../../../../common/types';
+
+export const mockCnvmDashboardData: CnvmDashboardData = {
+  cnvmStatistics: {
+    criticalCount: 84,
+    highCount: 4595,
+    mediumCount: 12125,
+    resourcesScanned: 81,
+    cloudRegions: 1,
+  },
+  vulnTrends: [
+    {
+      high: 4634,
+      policy_template: 'vuln_mgmt',
+      medium: 12522,
+      '@timestamp': '2023-06-15T23:49:46.563935Z',
+      critical: 84,
+      low: 4147,
+    },
+    {
+      high: 4634,
+      policy_template: 'vuln_mgmt',
+      medium: 12522,
+      '@timestamp': '2023-06-16T23:50:14.640737Z',
+      critical: 84,
+      low: 4147,
+    },
+    {
+      high: 4634,
+      policy_template: 'vuln_mgmt',
+      medium: 12522,
+      '@timestamp': '2023-06-17T23:53:51.851500Z',
+      critical: 84,
+      low: 4147,
+    },
+    {
+      high: 4634,
+      policy_template: 'vuln_mgmt',
+      medium: 12522,
+      '@timestamp': '2023-06-18T23:53:50.831704Z',
+      critical: 84,
+      low: 4147,
+    },
+    {
+      high: 4634,
+      policy_template: 'vuln_mgmt',
+      medium: 12522,
+      '@timestamp': '2023-06-19T08:28:22.830830Z',
+      critical: 84,
+      low: 4147,
+    },
+  ],
+  topVulnerableResources: [
+    {
+      resource: { id: '01dfb5ad43724b411', name: 'dima-sanity-FQj' },
+      vulnerabilityCount: 2030,
+      cloudRegion: 'eu-west-1',
+    },
+    {
+      resource: { id: '09aa0a3d51dae9820', name: 'dima-sanity-FQj' },
+      vulnerabilityCount: 2030,
+      cloudRegion: 'eu-west-1',
+    },
+    {
+      resource: { id: '042985d76403bab90', name: 'kfir3-june12-8-8-0-41B' },
+      vulnerabilityCount: 1551,
+      cloudRegion: 'eu-west-1',
+    },
+    {
+      resource: { id: '0ba9cce1f0984b413', name: 'daily-env-8.7-vanilla' },
+      vulnerabilityCount: 894,
+      cloudRegion: 'eu-west-1',
+    },
+    {
+      resource: { id: '0a2dc4a316cdefd0a', name: 'TrackLiveEnvironment' },
+      vulnerabilityCount: 679,
+      cloudRegion: 'eu-west-1',
+    },
+    {
+      resource: {
+        id: '0bcb81dda72d6d86a',
+        name: 'elastic-agent-instance-36c7f8d0-fd41-11ed-b093-02daf9c5eb3d',
+      },
+      vulnerabilityCount: 383,
+      cloudRegion: 'eu-west-1',
+    },
+    {
+      resource: {
+        id: '0413fc81a8f190eda',
+        name: 'elastic-agent-instance-19770570-e7b9-11ed-a680-02315045ab2d',
+      },
+      vulnerabilityCount: 340,
+      cloudRegion: 'eu-west-1',
+    },
+    {
+      resource: {
+        id: '006ea5239813449ee',
+        name: 'elastic-agent-instance-b32cdc60-091c-11ee-818e-06cae4cbdef5',
+      },
+      vulnerabilityCount: 334,
+      cloudRegion: 'eu-west-1',
+    },
+    {
+      resource: {
+        id: '0f2dec779a9b6df40',
+        name: 'elastic-agent-instance-9fb90e20-fb1a-11ed-ac6c-02d320ffd109',
+      },
+      vulnerabilityCount: 321,
+      cloudRegion: 'eu-west-1',
+    },
+    {
+      resource: { id: '089a865e3fe1fe29b', name: 'cloudbeat-tf-5jA-2' },
+      vulnerabilityCount: 314,
+      cloudRegion: 'eu-west-1',
+    },
+  ],
+  topPatchableVulnerabilities: [
+    {
+      cve: 'CVE-2022-41723',
+      cvss: { score: 7.5, version: '3.1' },
+      packageFixVersion: '0.7.0',
+      vulnerabilityCount: 384,
+    },
+    {
+      cve: 'CVE-2022-41717',
+      cvss: { score: 5.300000190734863, version: '3.1' },
+      packageFixVersion: '0.4.0',
+      vulnerabilityCount: 335,
+    },
+    {
+      cve: 'CVE-2022-27664',
+      cvss: { score: 7.5, version: '3.1' },
+      packageFixVersion: '0.0.0-20220906165146-f3363e06e74c',
+      vulnerabilityCount: 237,
+    },
+    {
+      cve: 'CVE-2021-37600',
+      cvss: { score: 5.5, version: '3.1' },
+      packageFixVersion: '2.30.2-2.amzn2.0.11',
+      vulnerabilityCount: 168,
+    },
+    {
+      cve: 'CVE-2023-2253',
+      cvss: { score: 7.5, version: '3.1' },
+      packageFixVersion: '2.8.2-beta.1',
+      vulnerabilityCount: 157,
+    },
+    {
+      cve: 'CVE-2023-2609',
+      cvss: { score: 7.800000190734863, version: '3.1' },
+      packageFixVersion: '2:9.0.1592-1.amzn2.0.1',
+      vulnerabilityCount: 154,
+    },
+    {
+      cve: 'CVE-2023-2610',
+      cvss: { score: 7.800000190734863, version: '3.1' },
+      packageFixVersion: '2:9.0.1592-1.amzn2.0.1',
+      vulnerabilityCount: 154,
+    },
+    {
+      cve: 'CVE-2023-28840',
+      cvss: { score: 7.5, version: '3.1' },
+      packageFixVersion: '23.0.3, 20.10.24',
+      vulnerabilityCount: 152,
+    },
+    {
+      cve: 'CVE-2023-28841',
+      cvss: { score: 6.800000190734863, version: '3.1' },
+      packageFixVersion: '23.0.3, 20.10.24',
+      vulnerabilityCount: 152,
+    },
+    {
+      cve: 'CVE-2023-28842',
+      cvss: { score: 6.800000190734863, version: '3.1' },
+      packageFixVersion: '23.0.3, 20.10.24',
+      vulnerabilityCount: 152,
+    },
+  ],
+  topVulnerabilities: [
+    {
+      cve: 'CVE-2022-41723',
+      packageFixVersion: '0.7.0',
+      packageName: 'golang.org/x/net',
+      packageVersion: 'v0.0.0-20220809184613-07c6da5e1ced',
+      severity: 'HIGH',
+      vulnerabilityCount: 384,
+      cvss: { score: 7.5, version: '3.1' },
+    },
+    {
+      cve: 'CVE-2022-41717',
+      packageFixVersion: '0.4.0',
+      packageName: 'golang.org/x/net',
+      packageVersion: 'v0.0.0-20220809184613-07c6da5e1ced',
+      severity: 'MEDIUM',
+      vulnerabilityCount: 335,
+      cvss: { score: 5.300000190734863, version: '3.1' },
+    },
+    {
+      cve: 'CVE-2020-8911',
+      packageFixVersion: '',
+      packageName: 'github.com/aws/aws-sdk-go',
+      packageVersion: 'v1.38.60',
+      severity: 'MEDIUM',
+      vulnerabilityCount: 334,
+      cvss: { score: 5.599999904632568, version: '3.1' },
+    },
+    {
+      cve: 'CVE-2020-8912',
+      packageFixVersion: '',
+      packageName: 'github.com/aws/aws-sdk-go',
+      packageVersion: 'v1.38.60',
+      severity: 'LOW',
+      vulnerabilityCount: 334,
+      cvss: { score: 2.5, version: '3.1' },
+    },
+    {
+      cve: 'CVE-2022-27664',
+      packageFixVersion: '0.0.0-20220906165146-f3363e06e74c',
+      packageName: 'golang.org/x/net',
+      packageVersion: 'v0.0.0-20220809184613-07c6da5e1ced',
+      severity: 'HIGH',
+      vulnerabilityCount: 237,
+      cvss: { score: 7.5, version: '3.1' },
+    },
+    {
+      cve: 'CVE-2023-2609',
+      packageFixVersion: '2:9.0.1592-1.amzn2.0.1',
+      packageName: 'vim-data',
+      packageVersion: '2:8.2.3995-1ubuntu2.7',
+      severity: 'HIGH',
+      vulnerabilityCount: 199,
+      cvss: { score: 7.800000190734863, version: '3.1' },
+    },
+    {
+      cve: 'CVE-2023-2610',
+      packageFixVersion: '2:9.0.1592-1.amzn2.0.1',
+      packageName: 'vim-data',
+      packageVersion: '2:8.2.3995-1ubuntu2.7',
+      severity: 'HIGH',
+      vulnerabilityCount: 199,
+      cvss: { score: 7.800000190734863, version: '3.1' },
+    },
+    {
+      cve: 'CVE-2022-3219',
+      packageFixVersion: '',
+      packageName: 'dirmngr',
+      packageVersion: '2.2.27-3ubuntu2.1',
+      severity: 'LOW',
+      vulnerabilityCount: 176,
+      cvss: { score: 3.299999952316284, version: '3.1' },
+    },
+    {
+      cve: 'CVE-2021-37600',
+      packageFixVersion: '2.30.2-2.amzn2.0.11',
+      packageName: 'libblkid',
+      packageVersion: '2.30.2-2.amzn2.0.10',
+      severity: 'LOW',
+      vulnerabilityCount: 168,
+      cvss: { score: 5.5, version: '3.1' },
+    },
+    {
+      cve: 'CVE-2023-2253',
+      packageFixVersion: '2.8.2-beta.1',
+      packageName: 'github.com/docker/distribution',
+      packageVersion: 'v2.8.1+incompatible',
+      severity: 'HIGH',
+      vulnerabilityCount: 157,
+      cvss: { score: 7.5, version: '3.1' },
+    },
+  ],
+};
diff --git a/...ud_security_posture/public/pages/vulnerability_dashboard/vulnerability_dashboard.test.tsx b/...ud_security_posture/public/pages/vulnerability_dashboard/vulnerability_dashboard.test.tsx
@@ -29,13 +29,16 @@ import { sharePluginMock } from '@kbn/share-plugin/public/mocks';
 import { useLicenseManagementLocatorApi } from '../../common/api/use_license_management_locator_api';
 import { VulnerabilityDashboard } from './vulnerability_dashboard';
 import { VULNERABILITY_DASHBOARD_CONTAINER } from '../compliance_dashboard/test_subjects';
+import { useVulnerabilityDashboardApi } from '../../common/api/use_vulnerability_dashboard_api';
+import { mockCnvmDashboardData } from './_mocks_/vulnerability_dashboard.mock';
 
 jest.mock('../../common/api/use_latest_findings_data_view');
 jest.mock('../../common/api/use_setup_status_api');
 jest.mock('../../common/api/use_license_management_locator_api');
 jest.mock('../../common/hooks/use_subscription_status');
 jest.mock('../../common/navigation/use_navigate_to_cis_integration_policies');
 jest.mock('../../common/navigation/use_csp_integration_link');
+jest.mock('../../common/api/use_vulnerability_dashboard_api');
 
 const chance = new Chance();
 
@@ -190,6 +193,12 @@ describe('<VulnerabilityDashboard />', () => {
       })
     );
     (useCspIntegrationLink as jest.Mock).mockImplementation(() => chance.url());
+    (useVulnerabilityDashboardApi as jest.Mock).mockImplementation(() =>
+      createReactQueryResponse({
+        status: 'success',
+        data: mockCnvmDashboardData,
+      })
+    );
 
     renderVulnerabilityDashboardPage();