From c9f8c7e406bd715fc40354323f95516f5b9c342a Mon Sep 17 00:00:00 2001
From: Paul Tavares <paul.tavares@elastic.co>
Date: Wed, 9 Oct 2024 11:12:07 -0400
Subject: [PATCH] Updated endpoint hosts indexer to now include the initial
 policy id reported by endpoint in the data indexed

---
 .../endpoint/data_loaders/index_endpoint_hosts.ts  |  2 +-
 .../common/endpoint/generate_data.ts               | 14 ++++++++++++--
 .../server/endpoint/routes/policy/handlers.ts      |  2 ++
 3 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/x-pack/plugins/security_solution/common/endpoint/data_loaders/index_endpoint_hosts.ts b/x-pack/plugins/security_solution/common/endpoint/data_loaders/index_endpoint_hosts.ts
index c286024c1cc260..8f1f9c7e21c083 100644
--- a/x-pack/plugins/security_solution/common/endpoint/data_loaders/index_endpoint_hosts.ts
+++ b/x-pack/plugins/security_solution/common/endpoint/data_loaders/index_endpoint_hosts.ts
@@ -143,7 +143,7 @@ export const indexEndpointHostDocs = usageTracker.track(
 
     for (let j = 0; j < numDocs; j++) {
       generator.updateHostData();
-      generator.updateHostPolicyData();
+      generator.updateHostPolicyData({ excludeInitialPolicy: true });
 
       hostMetadata = generator.generateHostMetadata(
         timestamp - timeBetweenDocs * (numDocs - j - 1),
diff --git a/x-pack/plugins/security_solution/common/endpoint/generate_data.ts b/x-pack/plugins/security_solution/common/endpoint/generate_data.ts
index 50ae6b40697701..b4ee20f3d5ba27 100644
--- a/x-pack/plugins/security_solution/common/endpoint/generate_data.ts
+++ b/x-pack/plugins/security_solution/common/endpoint/generate_data.ts
@@ -400,10 +400,20 @@ export class EndpointDocGenerator extends BaseDataGenerator {
   /**
    * Updates the current Host common record applied Policy to a different one from the list
    * of random choices and gives it a random policy response status.
+   *
    */
-  public updateHostPolicyData() {
+  public updateHostPolicyData({
+    excludeInitialPolicy = false,
+  }: Partial<{
+    /** Excludes the initial policy id (non-existent) that endpoint reports when it first is installed */
+    excludeInitialPolicy: boolean;
+  }> = {}) {
     const newInfo = this.commonInfo;
-    newInfo.Endpoint.policy.applied = this.randomChoice(APPLIED_POLICIES);
+    newInfo.Endpoint.policy.applied = this.randomChoice(
+      excludeInitialPolicy
+        ? APPLIED_POLICIES.filter(({ id }) => id !== '00000000-0000-0000-0000-000000000000')
+        : APPLIED_POLICIES
+    );
     newInfo.Endpoint.policy.applied.status = this.randomChoice(POLICY_RESPONSE_STATUSES);
     this.commonInfo = newInfo;
   }
diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/policy/handlers.ts b/x-pack/plugins/security_solution/server/endpoint/routes/policy/handlers.ts
index 054a4d8422d954..7367201f5883a2 100644
--- a/x-pack/plugins/security_solution/server/endpoint/routes/policy/handlers.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/routes/policy/handlers.ts
@@ -42,6 +42,8 @@ export const getHostPolicyResponseHandler = function (
         return response.ok({ body: doc });
       }
 
+      logger.debug(`Agent id [${agentId}] has no policy response documents indexed yet`);
+
       throw new NotFoundError(`Policy response for endpoint id [${agentId}] not found`);
     } catch (err) {
       return errorHandler(logger, response, err);