Add Host Risk metadata data to alerts flyout (#113274) (#114238)

* Filter out empty values from alert flyout overview

* Add Host Risk metadata data to alerts flyout

* Add feature flag to host risk data query

* Swap investigation guide and enrichment data places in the UI

* Migrate alert_summary_view.test to react testing library

* Refactor threat summary by extracting components and renaming

Co-authored-by: Pablo Machado <[email protected]>

x-pack/plugins/security_solution/common/constants.ts

@@ -333,7 +333,7 @@ export const ELASTIC_NAME = 'estc';
 
 export const METADATA_TRANSFORM_STATS_URL = `/api/transform/transforms/${METADATA_TRANSFORMS_PATTERN}/_stats`;
 
-export const RISKY_HOSTS_INDEX = 'ml_host_risk_score_latest';
+export const HOST_RISK_SCORES_INDEX = 'ml_host_risk_score_latest';
 
 export const TRANSFORM_STATES = {
   ABORTING: 'aborting',

x-pack/plugins/security_solution/common/search_strategy/security_solution/hosts/index.ts

@@ -11,7 +11,7 @@ export * from './common';
 export * from './details';
 export * from './first_last_seen';
 export * from './kpi';
-export * from './risky_hosts';
+export * from './risk_score';
 export * from './overview';
 export * from './uncommon_processes';
 
@@ -23,6 +23,6 @@ export enum HostsQueries {
   hosts = 'hosts',
   hostsEntities = 'hostsEntities',
   overview = 'overviewHost',
-  riskyHosts = 'riskyHosts',
+  hostsRiskScore = 'hostsRiskScore',
   uncommonProcesses = 'uncommonProcesses',
 }

x-pack/plugins/security_solution/common/search_strategy/security_solution/hosts/risk_score/index.ts

@@ -0,0 +1,32 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { FactoryQueryTypes } from '../..';
+import {
+  IEsSearchRequest,
+  IEsSearchResponse,
+} from '../../../../../../../../src/plugins/data/common';
+import { Inspect, Maybe, TimerangeInput } from '../../../common';
+
+export interface HostsRiskScoreRequestOptions extends IEsSearchRequest {
+  defaultIndex: string[];
+  factoryQueryType?: FactoryQueryTypes;
+  hostName?: string;
+  timerange?: TimerangeInput;
+}
+
+export interface HostsRiskScoreStrategyResponse extends IEsSearchResponse {
+  inspect?: Maybe<Inspect>;
+}
+
+export interface HostsRiskScore {
+  host: {
+    name: string;
+  };
+  risk_score: number;
+  risk: string;
+}

x-pack/plugins/security_solution/common/search_strategy/security_solution/index.ts

@@ -28,8 +28,8 @@ import {
   HostsKpiUniqueIpsStrategyResponse,
   HostsKpiUniqueIpsRequestOptions,
   HostFirstLastSeenRequestOptions,
-  HostsRiskyHostsStrategyResponse,
-  HostsRiskyHostsRequestOptions,
+  HostsRiskScoreStrategyResponse,
+  HostsRiskScoreRequestOptions,
 } from './hosts';
 import {
   NetworkQueries,
@@ -126,8 +126,8 @@ export type StrategyResponseType<T extends FactoryQueryTypes> = T extends HostsQ
   ? HostDetailsStrategyResponse
   : T extends UebaQueries.riskScore
   ? RiskScoreStrategyResponse
-  : T extends HostsQueries.riskyHosts
-  ? HostsRiskyHostsStrategyResponse
+  : T extends HostsQueries.hostsRiskScore
+  ? HostsRiskScoreStrategyResponse
   : T extends UebaQueries.hostRules
   ? HostRulesStrategyResponse
   : T extends UebaQueries.userRules
@@ -182,8 +182,8 @@ export type StrategyResponseType<T extends FactoryQueryTypes> = T extends HostsQ
 
 export type StrategyRequestType<T extends FactoryQueryTypes> = T extends HostsQueries.hosts
   ? HostsRequestOptions
-  : T extends HostsQueries.riskyHosts
-  ? HostsRiskyHostsRequestOptions
+  : T extends HostsQueries.hostsRiskScore
+  ? HostsRiskScoreRequestOptions
   : T extends HostsQueries.details
   ? HostDetailsRequestOptions
   : T extends HostsQueries.overview