Updated endpoint hosts indexer to now include the initial policy id r…

…eported by endpoint in the data indexed
elastic · Oct 9, 2024 · c9f8c7e · c9f8c7e
1 parent 38b0a93
commit c9f8c7e
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 3 deletions.
diff --git a/x-pack/plugins/security_solution/common/endpoint/data_loaders/index_endpoint_hosts.ts b/x-pack/plugins/security_solution/common/endpoint/data_loaders/index_endpoint_hosts.ts
@@ -143,7 +143,7 @@ export const indexEndpointHostDocs = usageTracker.track(
 
     for (let j = 0; j < numDocs; j++) {
       generator.updateHostData();
-      generator.updateHostPolicyData();
+      generator.updateHostPolicyData({ excludeInitialPolicy: true });
 
       hostMetadata = generator.generateHostMetadata(
         timestamp - timeBetweenDocs * (numDocs - j - 1),

diff --git a/x-pack/plugins/security_solution/common/endpoint/generate_data.ts b/x-pack/plugins/security_solution/common/endpoint/generate_data.ts
@@ -400,10 +400,20 @@ export class EndpointDocGenerator extends BaseDataGenerator {
   /**
    * Updates the current Host common record applied Policy to a different one from the list
    * of random choices and gives it a random policy response status.
+   *
    */
-  public updateHostPolicyData() {
+  public updateHostPolicyData({
+    excludeInitialPolicy = false,
+  }: Partial<{
+    /** Excludes the initial policy id (non-existent) that endpoint reports when it first is installed */
+    excludeInitialPolicy: boolean;
+  }> = {}) {
     const newInfo = this.commonInfo;
-    newInfo.Endpoint.policy.applied = this.randomChoice(APPLIED_POLICIES);
+    newInfo.Endpoint.policy.applied = this.randomChoice(
+      excludeInitialPolicy
+        ? APPLIED_POLICIES.filter(({ id }) => id !== '00000000-0000-0000-0000-000000000000')
+        : APPLIED_POLICIES
+    );
     newInfo.Endpoint.policy.applied.status = this.randomChoice(POLICY_RESPONSE_STATUSES);
     this.commonInfo = newInfo;
   }

diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/policy/handlers.ts b/x-pack/plugins/security_solution/server/endpoint/routes/policy/handlers.ts
@@ -42,6 +42,8 @@ export const getHostPolicyResponseHandler = function (
         return response.ok({ body: doc });
       }
 
+      logger.debug(`Agent id [${agentId}] has no policy response documents indexed yet`);
+
       throw new NotFoundError(`Policy response for endpoint id [${agentId}] not found`);
     } catch (err) {
       return errorHandler(logger, response, err);