Merge branch 'main' into create-categorization-job-from-pattern-analysis

.github/CODEOWNERS

@@ -1467,6 +1467,7 @@ x-pack/plugins/security_solution/public/overview/components/entity_analytics
 x-pack/plugins/security_solution/server/lib/entity_analytics @elastic/security-entity-analytics
 x-pack/plugins/security_solution/server/lib/risk_score @elastic/security-entity-analytics
 x-pack/test/security_solution_api_integration/test_suites/entity_analytics @elastic/security-entity-analytics
+x-pack/plugins/security_solution/public/flyout/entity_details @elastic/security-entity-analytics
 
 # Security Defend Workflows - OSQuery Ownership
 /x-pack/plugins/security_solution/common/api/detection_engine/model/rule_response_actions @elastic/security-defend-workflows

x-pack/packages/security-solution/data_table/common/types/data_table/index.ts

@@ -31,6 +31,8 @@ export enum TableId {
   kubernetesPageSessions = 'kubernetes-page-sessions',
   alertsOnCasePage = 'alerts-case-page',
   alertsRiskInputs = 'alerts-risk-inputs',
+  // New version of `alertsRiskInputs` designed to support multiple kinds of risk inputs
+  riskInputs = 'risk-inputs',
 }
 
 export enum TableEntityType {
@@ -52,6 +54,7 @@ export const tableEntity: Record<TableId, TableEntityType> = {
   [TableId.hostsPageSessions]: TableEntityType.session,
   [TableId.kubernetesPageSessions]: TableEntityType.session,
   [TableId.alertsRiskInputs]: TableEntityType.alert,
+  [TableId.riskInputs]: TableEntityType.alert,
 } as const;
 
 const TableIdLiteralRt = runtimeTypes.union([

x-pack/plugins/security_solution/common/risk_engine/indices.ts

@@ -13,3 +13,6 @@ export const latestRiskScoreIndexPattern = 'risk-score.risk-score-latest-*';
 
 export const getRiskScoreLatestIndex = (spaceId = 'default') =>
   `${riskScoreBaseIndexName}.risk-score-latest-${spaceId}`;
+
+export const getRiskScoreTimeSeriesIndex = (spaceId = 'default') =>
+  `${riskScoreBaseIndexName}.risk-score-${spaceId}`;

x-pack/plugins/security_solution/common/search_strategy/security_solution/risk_score/all/index.ts

@@ -103,11 +103,3 @@ export const EMPTY_SEVERITY_COUNT = {
   [RiskSeverity.moderate]: 0,
   [RiskSeverity.unknown]: 0,
 };
-
-export const SEVERITY_UI_SORT_ORDER = [
-  RiskSeverity.unknown,
-  RiskSeverity.low,
-  RiskSeverity.moderate,
-  RiskSeverity.high,
-  RiskSeverity.critical,
-];

x-pack/plugins/security_solution/common/search_strategy/security_solution/risk_score/common/index.ts

@@ -7,7 +7,11 @@
 
 import type { ESQuery } from '../../../../typed_json';
 import { RISKY_HOSTS_INDEX_PREFIX, RISKY_USERS_INDEX_PREFIX } from '../../../../constants';
-import { RiskScoreEntity, getRiskScoreLatestIndex } from '../../../../risk_engine';
+import {
+  RiskScoreEntity,
+  getRiskScoreLatestIndex,
+  getRiskScoreTimeSeriesIndex,
+} from '../../../../risk_engine';
 export { RiskQueries } from '../../../../api/search_strategy';
 
 /**
@@ -30,7 +34,9 @@ export const getUserRiskIndex = (
   isNewRiskScoreModuleInstalled: boolean
 ): string => {
   return isNewRiskScoreModuleInstalled
-    ? getRiskScoreLatestIndex(spaceId)
+    ? onlyLatest
+      ? getRiskScoreLatestIndex(spaceId)
+      : getRiskScoreTimeSeriesIndex(spaceId)
     : `${RISKY_USERS_INDEX_PREFIX}${onlyLatest ? 'latest_' : ''}${spaceId}`;
 };
 

x-pack/plugins/security_solution/public/cases/pages/index.tsx

@@ -11,7 +11,7 @@ import type { CaseViewRefreshPropInterface } from '@kbn/cases-plugin/common';
 import { CaseMetricsFeature } from '@kbn/cases-plugin/common';
 import { useUiSetting$ } from '@kbn/kibana-react-plugin/public';
 import { useExpandableFlyoutContext } from '@kbn/expandable-flyout';
-import { RightPanelKey } from '../../flyout/document_details/right';
+import { DocumentDetailsRightPanelKey } from '../../flyout/document_details/right';
 import { useTourContext } from '../../common/components/guided_onboarding_tour';
 import {
   AlertsCasesTourSteps,
@@ -74,7 +74,7 @@ const CaseContainerComponent: React.FC = () => {
       if (isSecurityFlyoutEnabled) {
         openFlyout({
           right: {
-            id: RightPanelKey,
+            id: DocumentDetailsRightPanelKey,
             params: {
               id: alertId,
               indexName: index,

x-pack/plugins/security_solution/public/common/components/control_columns/row_action/index.tsx

@@ -13,7 +13,7 @@ import { dataTableActions, TableId } from '@kbn/securitysolution-data-table';
 import { useUiSetting$ } from '@kbn/kibana-react-plugin/public';
 import { timelineActions } from '../../../../timelines/store/timeline';
 import { ENABLE_EXPANDABLE_FLYOUT_SETTING } from '../../../../../common/constants';
-import { RightPanelKey } from '../../../../flyout/document_details/right';
+import { DocumentDetailsRightPanelKey } from '../../../../flyout/document_details/right';
 import type {
   SetEventsDeleted,
   SetEventsLoading,
@@ -103,7 +103,7 @@ const RowActionComponent = ({
     if (isSecurityFlyoutEnabled && tableId !== TableId.rulePreview) {
       openFlyout({
         right: {
-          id: RightPanelKey,
+          id: DocumentDetailsRightPanelKey,
           params: {
             id: eventId,
             indexName,

x-pack/plugins/security_solution/public/common/components/visualization_actions/lens_attributes/common/risk_scores/risk_score_summary.test.ts

@@ -0,0 +1,82 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { RiskScoreEntity } from '../../../../../../../common/risk_engine';
+import { renderHook } from '@testing-library/react-hooks';
+import { wrapper } from '../../../mocks';
+import { useLensAttributes } from '../../../use_lens_attributes';
+import { getRiskScoreSummaryAttributes } from './risk_score_summary';
+import { RiskSeverity } from '../../../../../../../common/search_strategy';
+import type { MetricVisualizationState } from '@kbn/lens-plugin/public';
+
+jest.mock('../../../../../containers/sourcerer', () => ({
+  useSourcererDataView: jest.fn().mockReturnValue({
+    selectedPatterns: ['auditbeat-mytest-*'],
+    dataViewId: 'security-solution-my-test',
+    indicesExist: true,
+  }),
+}));
+
+jest.mock('uuid', () => ({
+  v4: jest.fn().mockReturnValue('2cc5663b-f062-43f8-8688-fc8166c2ca8e'),
+}));
+
+describe('getRiskScoreSummaryAttributes', () => {
+  it('should render', () => {
+    const { result } = renderHook(
+      () =>
+        useLensAttributes({
+          lensAttributes: getRiskScoreSummaryAttributes({
+            severity: RiskSeverity.low,
+            query: `user.name: test.user`,
+            spaceId: 'default',
+            riskEntity: RiskScoreEntity.user,
+          }),
+        }),
+      { wrapper }
+    );
+
+    expect(result?.current).toMatchSnapshot();
+  });
+
+  it('renders the subtitle', () => {
+    const { result } = renderHook(
+      () =>
+        useLensAttributes({
+          lensAttributes: getRiskScoreSummaryAttributes({
+            severity: RiskSeverity.low,
+            query: `user.name: test.user`,
+            spaceId: 'default',
+            riskEntity: RiskScoreEntity.user,
+          }),
+        }),
+      { wrapper }
+    );
+
+    expect((result?.current?.state.visualization as MetricVisualizationState).subtitle).toBe('Low');
+  });
+
+  it('renders the query when applyGlobalQueriesAndFilters is false', () => {
+    const query = `test.field: test.user`;
+
+    const { result } = renderHook(
+      () =>
+        useLensAttributes({
+          lensAttributes: getRiskScoreSummaryAttributes({
+            severity: RiskSeverity.low,
+            query,
+            spaceId: 'default',
+            riskEntity: RiskScoreEntity.user,
+          }),
+          applyGlobalQueriesAndFilters: false,
+        }),
+      { wrapper }
+    );
+
+    expect(result?.current?.state.query.query).toBe(query);
+  });
+});