Revert "[8.11] [Security Solutions] Update risk score tables to filte… (#169751)

## Summary

It was backported too soon. Let's wait for
[8.11.0](https://github.com/elastic/dev/issues/2367) release and merge
it to 8.11.1

x-pack/plugins/security_solution/common/search_strategy/security_solution/risk_score/all/index.ts

@@ -74,8 +74,6 @@ export interface RiskScoreItem {
   [RiskScoreFields.hostName]: Maybe<string>;
   [RiskScoreFields.userName]: Maybe<string>;
 
-  [RiskScoreFields.timestamp]: Maybe<string>;
-
   [RiskScoreFields.hostRisk]: Maybe<RiskSeverity>;
   [RiskScoreFields.userRisk]: Maybe<RiskSeverity>;
 

x-pack/plugins/security_solution/common/search_strategy/security_solution/users/common/index.ts

@@ -11,7 +11,6 @@ import type { CommonFields, Maybe, RiskScoreFields, RiskSeverity, SortField } fr
 export interface UserRiskScoreItem {
   _id?: Maybe<string>;
   [RiskScoreFields.userName]: Maybe<string>;
-  [RiskScoreFields.timestamp]: Maybe<string>;
   [RiskScoreFields.userRisk]: Maybe<RiskSeverity>;
   [RiskScoreFields.userRiskScore]: Maybe<number>;
 }

x-pack/plugins/security_solution/public/explore/components/risk_score/risk_score_onboarding/risk_score_no_data_detected.tsx

@@ -14,6 +14,7 @@ import * as i18n from './translations';
 import { RiskScoreHeaderTitle } from './risk_score_header_title';
 import { RiskScoreRestartButton } from './risk_score_restart_button';
 import type { inputsModel } from '../../../../common/store';
+import * as overviewI18n from '../../../../overview/components/entity_analytics/common/translations';
 import { useIsNewRiskScoreModuleInstalled } from '../../../../entity_analytics/api/hooks/use_risk_engine_status';
 
 const RiskScoresNoDataDetectedComponent = ({
@@ -36,7 +37,15 @@ const RiskScoresNoDataDetectedComponent = ({
 
   return (
     <EuiPanel data-test-subj={`${entityType}-risk-score-no-data-detected`} hasBorder>
-      <HeaderSection title={<RiskScoreHeaderTitle riskScoreEntity={entityType} />} titleSize="s" />
+      <HeaderSection
+        title={<RiskScoreHeaderTitle riskScoreEntity={entityType} />}
+        titleSize="s"
+        tooltip={
+          entityType === RiskScoreEntity.user
+            ? overviewI18n.USER_RISK_TABLE_TOOLTIP
+            : overviewI18n.HOST_RISK_TABLE_TOOLTIP
+        }
+      />
       <EuiEmptyPrompt
         title={<h2>{translations.title}</h2>}
         body={translations.body}

x-pack/plugins/security_solution/public/explore/containers/risk_score/all/index.tsx

@@ -125,6 +125,13 @@ export const useRiskScore = <T extends RiskScoreEntity.host | RiskScoreEntity.us
     }
   }, [defaultIndex, refetch, refetchDeprecated]);
 
+  // since query does not take timerange arg, we need to manually refetch when time range updates
+  // the results can be different if the user has run the ML for the first time since pressing refresh
+  useEffect(() => {
+    refetchAll();
+    // eslint-disable-next-line react-hooks/exhaustive-deps
+  }, [timerange?.to, timerange?.from]);
+
   const riskScoreResponse = useMemo(
     () => ({
       data: response.data,
@@ -161,7 +168,7 @@ export const useRiskScore = <T extends RiskScoreEntity.host | RiskScoreEntity.us
                   }
                 : undefined,
             sort,
-            timerange: requestTimerange,
+            timerange: onlyLatest ? undefined : requestTimerange,
             alertsTimerange: includeAlertsCount ? requestTimerange : undefined,
           }
         : null,
@@ -173,6 +180,7 @@ export const useRiskScore = <T extends RiskScoreEntity.host | RiskScoreEntity.us
       querySize,
       sort,
       requestTimerange,
+      onlyLatest,
       riskEntity,
       includeAlertsCount,
     ]

x-pack/plugins/security_solution/public/explore/containers/risk_score/kpi/index.tsx

@@ -5,7 +5,7 @@
  * 2.0.
  */
 
-import { useEffect, useMemo, useCallback } from 'react';
+import { useEffect, useMemo } from 'react';
 
 import {
   getHostRiskIndex,
@@ -26,7 +26,6 @@ import type { InspectResponse } from '../../../../types';
 import type { inputsModel } from '../../../../common/store';
 import { useAppToasts } from '../../../../common/hooks/use_app_toasts';
 import { useIsNewRiskScoreModuleInstalled } from '../../../../entity_analytics/api/hooks/use_risk_engine_status';
-import { useRiskScoreFeatureStatus } from '../feature_status';
 
 interface RiskScoreKpi {
   error: unknown;
@@ -61,14 +60,6 @@ export const useRiskScoreKpi = ({
       : getUserRiskIndex(spaceId, true, isNewRiskScoreModuleInstalled)
     : undefined;
 
-  const {
-    isDeprecated,
-    isEnabled,
-    isAuthorized,
-    isLoading: isDeprecatedLoading,
-    refetch: refetchFeatureStatus,
-  } = useRiskScoreFeatureStatus(riskEntity, defaultIndex);
-
   const { loading, result, search, refetch, inspect, error } =
     useSearchStrategy<RiskQueries.kpiRiskScore>({
       factoryQueryType: RiskQueries.kpiRiskScore,
@@ -81,40 +72,21 @@ export const useRiskScoreKpi = ({
 
   const isModuleDisabled = !!error && isIndexNotFoundError(error);
 
-  const requestTimerange = useMemo(
-    () => (timerange ? { to: timerange.to, from: timerange.from, interval: '' } : undefined),
-    [timerange]
-  );
-
   useEffect(() => {
     if (!skip && defaultIndex && featureEnabled) {
       search({
         filterQuery,
         defaultIndex: [defaultIndex],
         entity: riskEntity,
-        timerange: requestTimerange,
       });
     }
-  }, [
-    defaultIndex,
-    search,
-    filterQuery,
-    skip,
-    riskEntity,
-    requestTimerange,
-    isEnabled,
-    isDeprecated,
-    isAuthorized,
-    isDeprecatedLoading,
-    featureEnabled,
-  ]);
+  }, [defaultIndex, search, filterQuery, skip, riskEntity, featureEnabled]);
 
-  const refetchAll = useCallback(() => {
-    if (defaultIndex) {
-      refetchFeatureStatus(defaultIndex);
-      refetch();
-    }
-  }, [defaultIndex, refetch, refetchFeatureStatus]);
+  // since query does not take timerange arg, we need to manually refetch when time range updates
+  useEffect(() => {
+    refetch();
+    // eslint-disable-next-line react-hooks/exhaustive-deps
+  }, [timerange?.to, timerange?.from]);
 
   useEffect(() => {
     if (error) {
@@ -138,5 +110,5 @@ export const useRiskScoreKpi = ({
     };
   }, [result, loading, error]);
 
-  return { error, severityCount, loading, isModuleDisabled, refetch: refetchAll, inspect };
+  return { error, severityCount, loading, isModuleDisabled, refetch, inspect };
 };

x-pack/plugins/security_solution/public/explore/hosts/components/host_risk_score_table/columns.test.tsx

@@ -17,7 +17,7 @@ describe('getHostRiskScoreColumns', () => {
     });
 
     const riskScore = 10.11111111;
-    const riskScoreColumn = columns[2];
+    const riskScoreColumn = columns[1];
     const renderedColumn = riskScoreColumn.render!(riskScore, null);
 
     const { queryByTestId } = render(<TestProviders>{renderedColumn}</TestProviders>);

x-pack/plugins/security_solution/public/explore/hosts/components/host_risk_score_table/columns.tsx

@@ -17,12 +17,11 @@ import { HostDetailsLink } from '../../../../common/components/links';
 import type { HostRiskScoreColumns } from '.';
 import * as i18n from './translations';
 import { HostsTableType } from '../../store/model';
-import type { Maybe, RiskSeverity } from '../../../../../common/search_strategy';
+import type { RiskSeverity } from '../../../../../common/search_strategy';
 import { RiskScoreFields, RiskScoreEntity } from '../../../../../common/search_strategy';
 import { RiskScoreLevel } from '../../../components/risk_score/severity/common';
 import { ENTITY_RISK_LEVEL } from '../../../components/risk_score/translations';
 import { CELL_ACTIONS_TELEMETRY } from '../../../components/risk_score/constants';
-import { FormattedRelativePreferenceDate } from '../../../../common/components/formatted_date';
 
 export const getHostRiskScoreColumns = ({
   dispatchSeverityUpdate,
@@ -35,7 +34,6 @@ export const getHostRiskScoreColumns = ({
     truncateText: false,
     mobileOptions: { show: true },
     sortable: true,
-    width: '35%',
     render: (hostName) => {
       if (hostName != null && hostName.length > 0) {
         return (
@@ -59,19 +57,6 @@ export const getHostRiskScoreColumns = ({
       return getEmptyTagValue();
     },
   },
-  {
-    field: RiskScoreFields.timestamp,
-    name: i18n.LAST_UPDATED,
-    truncateText: false,
-    mobileOptions: { show: true },
-    sortable: true,
-    render: (lastSeen: Maybe<string>) => {
-      if (lastSeen != null) {
-        return <FormattedRelativePreferenceDate value={lastSeen} />;
-      }
-      return getEmptyTagValue();
-    },
-  },
   {
     field: RiskScoreFields.hostRiskScore,
     name: i18n.HOST_RISK_SCORE,

x-pack/plugins/security_solution/public/explore/hosts/components/host_risk_score_table/index.tsx

@@ -60,7 +60,6 @@ interface HostRiskScoreTableProps {
 
 export type HostRiskScoreColumns = [
   Columns<RiskScoreItem[RiskScoreFields.hostName]>,
-  Columns<RiskScoreItem[RiskScoreFields.timestamp]>,
   Columns<RiskScoreItem[RiskScoreFields.hostRiskScore]>,
   Columns<RiskScoreItem[RiskScoreFields.hostRisk]>
 ];
@@ -192,6 +191,7 @@ const HostRiskScoreTableComponent: React.FC<HostRiskScoreTableProps> = ({
       headerSupplement={risk}
       headerTitle={i18nHosts.HOST_RISK_TITLE}
       headerUnit={i18n.UNIT(totalCount)}
+      headerTooltip={i18nHosts.HOST_RISK_TABLE_TOOLTIP}
       id={id}
       isInspect={isInspect}
       itemsPerRow={rowItems}

x-pack/plugins/security_solution/public/explore/hosts/components/host_risk_score_table/translations.ts

@@ -28,15 +28,16 @@ export const HOST_RISK_TITLE = i18n.translate(
   }
 );
 
+export const HOST_RISK_TABLE_TOOLTIP = i18n.translate(
+  'xpack.securitySolution.hostsRiskTable.hostsTableTooltip',
+  {
+    defaultMessage:
+      'The host risk table is not affected by the KQL time range. This table shows the latest recorded risk score for each host.',
+  }
+);
+
 export const VIEW_HOSTS_BY_SEVERITY = (severity: string) =>
   i18n.translate('xpack.securitySolution.hostsRiskTable.filteredHostsTitle', {
     values: { severity },
     defaultMessage: 'View {severity} risk hosts',
   });
-
-export const LAST_UPDATED = i18n.translate(
-  'xpack.securitySolution.hostsRiskTable.lastUpdatedTitle',
-  {
-    defaultMessage: 'Last updated',
-  }
-);

x-pack/plugins/security_solution/public/explore/users/components/user_risk_score_table/columns.test.tsx

@@ -20,9 +20,8 @@ describe('getUserRiskScoreColumns', () => {
     const columns = getUserRiskScoreColumns(defaultProps);
 
     expect(columns[0].field).toBe('user.name');
-    expect(columns[1].field).toBe(RiskScoreFields.timestamp);
-    expect(columns[2].field).toBe(RiskScoreFields.userRiskScore);
-    expect(columns[3].field).toBe(RiskScoreFields.userRisk);
+    expect(columns[1].field).toBe(RiskScoreFields.userRiskScore);
+    expect(columns[2].field).toBe(RiskScoreFields.userRisk);
 
     columns.forEach((column) => {
       expect(column).toHaveProperty('name');
@@ -46,7 +45,7 @@ describe('getUserRiskScoreColumns', () => {
     const columns: UserRiskScoreColumns = getUserRiskScoreColumns(defaultProps);
 
     const riskScore = 10.11111111;
-    const riskScoreColumn = columns[2];
+    const riskScoreColumn = columns[1];
     const renderedColumn = riskScoreColumn.render!(riskScore, null);
 
     const { queryByTestId } = render(<TestProviders>{renderedColumn}</TestProviders>);

x-pack/plugins/security_solution/public/explore/users/components/user_risk_score_table/columns.tsx

@@ -17,13 +17,12 @@ import { getEmptyTagValue } from '../../../../common/components/empty_value';
 import type { UserRiskScoreColumns } from '.';
 import * as i18n from './translations';
 import { RiskScoreLevel } from '../../../components/risk_score/severity/common';
-import type { Maybe, RiskSeverity } from '../../../../../common/search_strategy';
+import type { RiskSeverity } from '../../../../../common/search_strategy';
 import { RiskScoreEntity, RiskScoreFields } from '../../../../../common/search_strategy';
 import { UserDetailsLink } from '../../../../common/components/links';
 import { UsersTableType } from '../../store/model';
 import { ENTITY_RISK_LEVEL } from '../../../components/risk_score/translations';
 import { CELL_ACTIONS_TELEMETRY } from '../../../components/risk_score/constants';
-import { FormattedRelativePreferenceDate } from '../../../../common/components/formatted_date';
 
 export const getUserRiskScoreColumns = ({
   dispatchSeverityUpdate,
@@ -36,7 +35,6 @@ export const getUserRiskScoreColumns = ({
     truncateText: false,
     mobileOptions: { show: true },
     sortable: true,
-    width: '35%',
     render: (userName) => {
       if (userName != null && userName.length > 0) {
         const id = escapeDataProviderId(`user-risk-score-table-userName-${userName}`);
@@ -62,19 +60,6 @@ export const getUserRiskScoreColumns = ({
       return getEmptyTagValue();
     },
   },
-  {
-    field: RiskScoreFields.timestamp,
-    name: i18n.LAST_UPDATED,
-    truncateText: false,
-    mobileOptions: { show: true },
-    sortable: true,
-    render: (lastSeen: Maybe<string>) => {
-      if (lastSeen != null) {
-        return <FormattedRelativePreferenceDate value={lastSeen} />;
-      }
-      return getEmptyTagValue();
-    },
-  },
   {
     field: RiskScoreFields.userRiskScore,
     name: i18n.USER_RISK_SCORE,

x-pack/plugins/security_solution/public/explore/users/components/user_risk_score_table/index.tsx

@@ -60,7 +60,6 @@ interface UserRiskScoreTableProps {
 
 export type UserRiskScoreColumns = [
   Columns<UserRiskScoreItem[RiskScoreFields.userName]>,
-  Columns<UserRiskScoreItem[RiskScoreFields.timestamp]>,
   Columns<UserRiskScoreItem[RiskScoreFields.userRiskScore]>,
   Columns<UserRiskScoreItem[RiskScoreFields.userRisk]>
 ];
@@ -192,6 +191,7 @@ const UserRiskScoreTableComponent: React.FC<UserRiskScoreTableProps> = ({
       }
       headerSupplement={risk}
       headerTitle={i18nUsers.NAVIGATION_RISK_TITLE}
+      headerTooltip={i18n.USER_RISK_TABLE_TOOLTIP}
       headerUnit={i18n.UNIT(totalCount)}
       id={id}
       isInspect={isInspect}

x-pack/plugins/security_solution/public/explore/users/components/user_risk_score_table/translations.ts

@@ -39,6 +39,10 @@ export const ROWS_10 = i18n.translate('xpack.securitySolution.usersTable.rows',
   defaultMessage: '{numRows} {numRows, plural, =0 {rows} =1 {row} other {rows}}',
 });
 
-export const LAST_UPDATED = i18n.translate('xpack.securitySolution.usersTable.lastUpdatedTitle', {
-  defaultMessage: 'Last updated',
-});
+export const USER_RISK_TABLE_TOOLTIP = i18n.translate(
+  'xpack.securitySolution.hostsRiskTable.usersTableTooltip',
+  {
+    defaultMessage:
+      'The user risk table is not affected by the KQL time range. This table shows the latest recorded risk score for each user.',
+  }
+);

x-pack/plugins/security_solution/public/overview/components/entity_analytics/common/translations.ts

@@ -24,3 +24,19 @@ export const USER_RISK_TITLE = i18n.translate(
     defaultMessage: 'User Risk Scores',
   }
 );
+
+export const HOST_RISK_TABLE_TOOLTIP = i18n.translate(
+  'xpack.securitySolution.entityAnalytics.hostsRiskDashboard.hostsTableTooltip',
+  {
+    defaultMessage:
+      'The host risk table is not affected by the time range. This table shows the latest recorded risk score for each host.',
+  }
+);
+
+export const USER_RISK_TABLE_TOOLTIP = i18n.translate(
+  'xpack.securitySolution.entityAnalytics.usersRiskDashboard.usersTableTooltip',
+  {
+    defaultMessage:
+      'The user risk table is not affected by the time range. This table shows the latest recorded risk score for each user.',
+  }
+);

x-pack/plugins/security_solution/public/overview/components/entity_analytics/risk_score/columns.tsx

@@ -17,7 +17,6 @@ import { RiskScoreLevel } from '../../../../explore/components/risk_score/severi
 import { CELL_ACTIONS_TELEMETRY } from '../../../../explore/components/risk_score/constants';
 import type {
   HostRiskScore,
-  Maybe,
   RiskSeverity,
   UserRiskScore,
 } from '../../../../../common/search_strategy';
@@ -30,7 +29,6 @@ import {
   SecurityCellActionsTrigger,
   SecurityCellActionType,
 } from '../../../../common/components/cell_actions';
-import { FormattedRelativePreferenceDate } from '../../../../common/components/formatted_date';
 
 type HostRiskScoreColumns = Array<EuiBasicTableColumn<HostRiskScore & UserRiskScore>>;
 
@@ -93,21 +91,6 @@ export const getRiskScoreColumns = (
       return getEmptyTagValue();
     },
   },
-
-  {
-    field: RiskScoreFields.timestamp,
-    name: i18n.LAST_UPDATED,
-    truncateText: false,
-    mobileOptions: { show: true },
-    sortable: true,
-    width: '20%',
-    render: (lastSeen: Maybe<string>) => {
-      if (lastSeen != null) {
-        return <FormattedRelativePreferenceDate value={lastSeen} />;
-      }
-      return getEmptyTagValue();
-    },
-  },
   {
     field:
       riskEntity === RiskScoreEntity.host
@@ -131,7 +114,7 @@ export const getRiskScoreColumns = (
   {
     field:
       riskEntity === RiskScoreEntity.host ? RiskScoreFields.hostRisk : RiskScoreFields.userRisk,
-    width: '25%',
+    width: '30%',
     name: i18n.ENTITY_RISK_LEVEL(riskEntity),
     truncateText: false,
     mobileOptions: { show: true },

x-pack/plugins/security_solution/public/overview/components/entity_analytics/risk_score/index.tsx

@@ -26,6 +26,7 @@ import { RiskScoresNoDataDetected } from '../../../../explore/components/risk_sc
 import { useRefetchQueries } from '../../../../common/hooks/use_refetch_queries';
 import { Loader } from '../../../../common/components/loader';
 import { Panel } from '../../../../common/components/panel';
+import * as i18n from './translations';
 import { useEntityInfo } from './use_entity';
 import { RiskScoreHeaderContent } from './header_content';
 import { ChartContent } from './chart_content';
@@ -174,6 +175,11 @@ const EntityAnalyticsRiskScoresComponent = ({ riskEntity }: { riskEntity: RiskSc
           id={entity.tableQueryId}
           toggleStatus={toggleStatus}
           toggleQuery={setToggleStatus}
+          tooltip={
+            riskEntity === RiskScoreEntity.host
+              ? i18n.HOST_RISK_TABLE_TOOLTIP
+              : i18n.USER_RISK_TABLE_TOOLTIP
+          }
         >
           <RiskScoreHeaderContent
             entityLinkProps={entity.linkProps}

x-pack/plugins/security_solution/public/overview/components/entity_analytics/risk_score/translations.ts

@@ -33,9 +33,18 @@ export const LEARN_MORE = (riskEntity: RiskScoreEntity) =>
     },
   });
 
-export const LAST_UPDATED = i18n.translate(
-  'xpack.securitySolution.entityAnalytics.riskDashboard.lastUpdatedTitle',
+export const HOST_RISK_TABLE_TOOLTIP = i18n.translate(
+  'xpack.securitySolution.entityAnalytics.riskDashboard.hostsTableTooltip',
   {
-    defaultMessage: 'Last updated',
+    defaultMessage:
+      'The Host Risk Score panel displays the list of risky hosts and their latest risk score. You may filter this list using global filters in the KQL search bar. The time-range picker filter will display Alerts within the selected time range only and does not filter the list of risky hosts.',
+  }
+);
+
+export const USER_RISK_TABLE_TOOLTIP = i18n.translate(
+  'xpack.securitySolution.entityAnalytics.riskDashboard.usersTableTooltip',
+  {
+    defaultMessage:
+      'The User Risk Score panel displays the list of risky users and their latest risk score. You may filter this list using global filters in the KQL search bar. The time-range picker filter will display Alerts within the selected time range only and does not filter the list of risky users.',
   }
 );

x-pack/plugins/security_solution/public/overview/components/host_overview/index.tsx

@@ -10,6 +10,7 @@ import { euiDarkVars as darkTheme, euiLightVars as lightTheme } from '@kbn/ui-th
 import { getOr } from 'lodash/fp';
 import React, { useCallback, useMemo } from 'react';
 import styled from 'styled-components';
+import { useGlobalTime } from '../../../common/containers/use_global_time';
 import type { HostItem } from '../../../../common/search_strategy';
 import { buildHostNamesFilter, RiskScoreEntity } from '../../../../common/search_strategy';
 import { DEFAULT_DARK_MODE } from '../../../../common/constants';
@@ -89,11 +90,20 @@ export const HostOverview = React.memo<HostSummaryProps>(
       () => (hostName ? buildHostNamesFilter([hostName]) : undefined),
       [hostName]
     );
+    const { from, to } = useGlobalTime();
 
+    const timerange = useMemo(
+      () => ({
+        from,
+        to,
+      }),
+      [from, to]
+    );
     const { data: hostRisk, isAuthorized } = useRiskScore({
       filterQuery,
       riskEntity: RiskScoreEntity.host,
       skip: hostName == null,
+      timerange,
     });
 
     const getDefaultRenderer = useCallback(

x-pack/plugins/security_solution/public/overview/components/user_overview/index.tsx

@@ -10,6 +10,7 @@ import { euiDarkVars as darkTheme, euiLightVars as lightTheme } from '@kbn/ui-th
 import { getOr } from 'lodash/fp';
 import React, { useCallback, useMemo } from 'react';
 import styled from 'styled-components';
+import { useGlobalTime } from '../../../common/containers/use_global_time';
 import { buildUserNamesFilter, RiskScoreEntity } from '../../../../common/search_strategy';
 import { DEFAULT_DARK_MODE } from '../../../../common/constants';
 import type { DescriptionList } from '../../../../common/utility_types';
@@ -88,9 +89,20 @@ export const UserOverview = React.memo<UserSummaryProps>(
       [userName]
     );
 
+    const { from, to } = useGlobalTime();
+
+    const timerange = useMemo(
+      () => ({
+        from,
+        to,
+      }),
+      [from, to]
+    );
+
     const { data: userRisk, isAuthorized } = useRiskScore({
       filterQuery,
       skip: userName == null,
+      timerange,
       riskEntity: RiskScoreEntity.user,
     });
 

x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/risk_score/kpi/query.kpi_risk_score.dsl.ts

@@ -13,22 +13,9 @@ export const buildKpiRiskScoreQuery = ({
   defaultIndex,
   filterQuery,
   entity,
-  timerange,
 }: RiskScoreKpiRequestOptions) => {
   const filter = [...createQueryFilterClauses(filterQuery)];
 
-  if (timerange) {
-    filter.push({
-      range: {
-        '@timestamp': {
-          gte: timerange.from,
-          lte: timerange.to,
-          format: 'strict_date_optional_time',
-        },
-      },
-    });
-  }
-
   const dslQuery = {
     index: defaultIndex,
     allow_no_indices: false,

x-pack/plugins/translations/translations/fr-FR.json

@@ -32402,11 +32402,15 @@
     "xpack.securitySolution.entityAnalytics.header.anomalies": "Anomalies",
     "xpack.securitySolution.entityAnalytics.header.criticalHosts": "Hôtes critiques",
     "xpack.securitySolution.entityAnalytics.header.criticalUsers": "Utilisateurs critiques",
+    "xpack.securitySolution.entityAnalytics.hostsRiskDashboard.hostsTableTooltip": "Le tableau des risques de l'hôte n'est pas affecté par la plage temporelle. Ce tableau montre le dernier score de risque enregistré pour chaque hôte.",
     "xpack.securitySolution.entityAnalytics.hostsRiskDashboard.title": "Scores de risque de l'hôte",
+    "xpack.securitySolution.entityAnalytics.riskDashboard.hostsTableTooltip": "Le panneau de Score de risque de l'hôte affiche la liste des hôtes à risque ainsi que leur dernier score de risque. Vous pouvez filtrer cette liste à l’aide de filtres globaux dans la barre de recherche KQL. Le filtre de sélecteur de plage temporelle affiche les alertes dans l’intervalle de temps sélectionné uniquement et ne filtre pas la liste des hôtes à risque.",
+    "xpack.securitySolution.entityAnalytics.riskDashboard.usersTableTooltip": "Le panneau de score de risque de l'utilisateur affiche la liste des utilisateurs à risque et leur dernier score de risque. Vous pouvez filtrer cette liste à l’aide de filtres globaux dans la barre de recherche KQL. Le filtre de sélecteur de plage temporelle affiche uniquement les alertes dans l’intervalle de temps sélectionné et ne filtre pas la liste des utilisateurs à risque.",
     "xpack.securitySolution.entityAnalytics.riskDashboard.viewAllLabel": "Afficher tout",
     "xpack.securitySolution.entityAnalytics.technicalPreviewLabel": "Version d'évaluation technique",
     "xpack.securitySolution.entityAnalytics.totalLabel": "Total",
     "xpack.securitySolution.entityAnalytics.usersRiskDashboard.title": "Scores de risque de l'utilisateur",
+    "xpack.securitySolution.entityAnalytics.usersRiskDashboard.usersTableTooltip": "Le tableau des risques de l'utilisateur n'est pas affecté par la plage temporelle. Ce tableau montre le dernier score de risque enregistré pour chaque utilisateur.",
     "xpack.securitySolution.event.module.linkToElasticEndpointSecurityDescription": "Ouvrir dans Endpoint Security",
     "xpack.securitySolution.event.summary.threat_indicator.modal.allMatches": "Toutes les correspondances d'indicateur",
     "xpack.securitySolution.event.summary.threat_indicator.modal.close": "Fermer",
@@ -32814,8 +32818,10 @@
     "xpack.securitySolution.hostsRiskTable.hostNameTitle": "Nom d'hôte",
     "xpack.securitySolution.hostsRiskTable.hostRiskScoreTitle": "Score de risque de l'hôte",
     "xpack.securitySolution.hostsRiskTable.hostRiskTitle": "Risque de l'hôte",
+    "xpack.securitySolution.hostsRiskTable.hostsTableTooltip": "Le tableau des risques de l'hôte n'est pas affecté par la plage temporelle KQL. Ce tableau montre le dernier score de risque enregistré pour chaque hôte.",
     "xpack.securitySolution.hostsRiskTable.riskTitle": "Classification de risque de l'hôte",
     "xpack.securitySolution.hostsRiskTable.tableTitle": "Risque de l'hôte",
+    "xpack.securitySolution.hostsRiskTable.usersTableTooltip": "Le tableau des risques de l'utilisateur n'est pas affecté par la plage temporelle KQL. Ce tableau montre le dernier score de risque enregistré pour chaque utilisateur.",
     "xpack.securitySolution.hostsTable.firstLastSeenToolTip": "Par rapport à la plage de dates sélectionnée",
     "xpack.securitySolution.hostsTable.hostsTitle": "Tous les hôtes",
     "xpack.securitySolution.hostsTable.lastSeenTitle": "Vu en dernier",

x-pack/plugins/translations/translations/ja-JP.json

@@ -32401,11 +32401,15 @@
     "xpack.securitySolution.entityAnalytics.header.anomalies": "異常",
     "xpack.securitySolution.entityAnalytics.header.criticalHosts": "重要なホスト",
     "xpack.securitySolution.entityAnalytics.header.criticalUsers": "重要なユーザー",
+    "xpack.securitySolution.entityAnalytics.hostsRiskDashboard.hostsTableTooltip": "ホストリスク表は時間範囲の影響を受けません。この表は、各ホストの最後に記録されたリスクスコアを示します。",
     "xpack.securitySolution.entityAnalytics.hostsRiskDashboard.title": "ホストリスクスコア",
+    "xpack.securitySolution.entityAnalytics.riskDashboard.hostsTableTooltip": "ホストリスクスコアパネルには、リスクのあるホストの一覧と最新のリスクスコアが表示されます。KQL検索バーのグローバルフィルターを使って、この一覧をフィルタリングできます。時間範囲ピッカーフィルターは、選択した時間範囲内のアラートのみを表示し、リスクのあるホストの一覧をフィルタリングしません。",
+    "xpack.securitySolution.entityAnalytics.riskDashboard.usersTableTooltip": "ユーザーリスクスコアパネルには、リスクのあるユーザーの一覧と最新のリスクスコアが表示されます。KQL検索バーのグローバルフィルターを使って、この一覧をフィルタリングできます。時間範囲ピッカーフィルターは、選択した時間範囲内のアラートのみを表示し、リスクのあるユーザーの一覧をフィルタリングしません。",
     "xpack.securitySolution.entityAnalytics.riskDashboard.viewAllLabel": "すべて表示",
     "xpack.securitySolution.entityAnalytics.technicalPreviewLabel": "テクニカルプレビュー",
     "xpack.securitySolution.entityAnalytics.totalLabel": "合計",
     "xpack.securitySolution.entityAnalytics.usersRiskDashboard.title": "ユーザーリスクスコア",
+    "xpack.securitySolution.entityAnalytics.usersRiskDashboard.usersTableTooltip": "ユーザーリスク表は時間範囲の影響を受けません。この表は、各ユーザーの最後に記録されたリスクスコアを示します。",
     "xpack.securitySolution.event.module.linkToElasticEndpointSecurityDescription": "Endpoint Securityで開く",
     "xpack.securitySolution.event.summary.threat_indicator.modal.allMatches": "すべてのインジケーター一致",
     "xpack.securitySolution.event.summary.threat_indicator.modal.close": "閉じる",
@@ -32813,8 +32817,10 @@
     "xpack.securitySolution.hostsRiskTable.hostNameTitle": "ホスト名",
     "xpack.securitySolution.hostsRiskTable.hostRiskScoreTitle": "ホストリスクスコア",
     "xpack.securitySolution.hostsRiskTable.hostRiskTitle": "ホストリスク",
+    "xpack.securitySolution.hostsRiskTable.hostsTableTooltip": "ホストリスク表はKQL時間範囲の影響を受けません。この表は、各ホストの最後に記録されたリスクスコアを示します。",
     "xpack.securitySolution.hostsRiskTable.riskTitle": "ホストリスク分類",
     "xpack.securitySolution.hostsRiskTable.tableTitle": "ホストリスク",
+    "xpack.securitySolution.hostsRiskTable.usersTableTooltip": "ユーザーリスク表はKQL時間範囲の影響を受けません。この表は、各ユーザーの最後に記録されたリスクスコアを示します。",
     "xpack.securitySolution.hostsTable.firstLastSeenToolTip": "選択された日付範囲との相関付けです",
     "xpack.securitySolution.hostsTable.hostsTitle": "すべてのホスト",
     "xpack.securitySolution.hostsTable.lastSeenTitle": "前回の認識",

x-pack/plugins/translations/translations/zh-CN.json

@@ -32397,11 +32397,15 @@
     "xpack.securitySolution.entityAnalytics.header.anomalies": "异常",
     "xpack.securitySolution.entityAnalytics.header.criticalHosts": "关键主机",
     "xpack.securitySolution.entityAnalytics.header.criticalUsers": "关键用户",
+    "xpack.securitySolution.entityAnalytics.hostsRiskDashboard.hostsTableTooltip": "主机风险表不受时间范围影响。本表显示每台主机最新记录的风险分数。",
     "xpack.securitySolution.entityAnalytics.hostsRiskDashboard.title": "主机风险分数",
+    "xpack.securitySolution.entityAnalytics.riskDashboard.hostsTableTooltip": "“主机风险分数”面板显示有风险主机及其最新风险分数的列表。可以在 KQL 搜索栏中使用全局筛选来筛选此列表。时间范围选取器筛选将仅显示选定时间范围内的告警，并且不筛选有风险主机列表。",
+    "xpack.securitySolution.entityAnalytics.riskDashboard.usersTableTooltip": "“用户风险分数”面板显示有风险用户及其最新风险分数的列表。可以在 KQL 搜索栏中使用全局筛选来筛选此列表。时间范围选取器筛选将仅显示选定时间范围内的告警，并且不筛选有风险用户列表。",
     "xpack.securitySolution.entityAnalytics.riskDashboard.viewAllLabel": "查看全部",
     "xpack.securitySolution.entityAnalytics.technicalPreviewLabel": "技术预览",
     "xpack.securitySolution.entityAnalytics.totalLabel": "合计",
     "xpack.securitySolution.entityAnalytics.usersRiskDashboard.title": "用户风险分数",
+    "xpack.securitySolution.entityAnalytics.usersRiskDashboard.usersTableTooltip": "用户风险表不受时间范围影响。本表显示每个用户最新记录的风险分数。",
     "xpack.securitySolution.event.module.linkToElasticEndpointSecurityDescription": "在 Endpoint Security 中打开",
     "xpack.securitySolution.event.summary.threat_indicator.modal.allMatches": "所有指标匹配",
     "xpack.securitySolution.event.summary.threat_indicator.modal.close": "关闭",
@@ -32809,8 +32813,10 @@
     "xpack.securitySolution.hostsRiskTable.hostNameTitle": "主机名",
     "xpack.securitySolution.hostsRiskTable.hostRiskScoreTitle": "主机风险分数",
     "xpack.securitySolution.hostsRiskTable.hostRiskTitle": "主机风险",
+    "xpack.securitySolution.hostsRiskTable.hostsTableTooltip": "主机风险表不受 KQL 时间范围影响。本表显示每台主机最新记录的风险分数。",
     "xpack.securitySolution.hostsRiskTable.riskTitle": "主机风险分类",
     "xpack.securitySolution.hostsRiskTable.tableTitle": "主机风险",
+    "xpack.securitySolution.hostsRiskTable.usersTableTooltip": "用户风险表不受 KQL 时间范围影响。本表显示每个用户最新记录的风险分数。",
     "xpack.securitySolution.hostsTable.firstLastSeenToolTip": "相对于选定日期范围",
     "xpack.securitySolution.hostsTable.hostsTitle": "所有主机",
     "xpack.securitySolution.hostsTable.lastSeenTitle": "最后看到时间",

x-pack/test/security_solution_cypress/cypress/e2e/explore/dashboards/entity_analytics.cy.ts

@@ -5,7 +5,6 @@
  * 2.0.
  */
 
-import moment from 'moment';
 import { login } from '../../../tasks/login';
 import { visitWithTimeRange } from '../../../tasks/navigation';
 
@@ -47,9 +46,8 @@ import { getNewRule } from '../../../objects/rule';
 import { clickOnFirstHostsAlerts, clickOnFirstUsersAlerts } from '../../../tasks/risk_scores';
 import { OPTION_LIST_LABELS, OPTION_LIST_VALUES } from '../../../screens/common/filter_group';
 import { setRowsPerPageTo } from '../../../tasks/table_pagination';
-
 import { clearSearchBar, kqlSearch } from '../../../tasks/security_header';
-import { setEndDate, setStartDate, setEndDateNow, updateDates } from '../../../tasks/date_picker';
+import { setEndDate, setEndDateNow, updateDates } from '../../../tasks/date_picker';
 import {
   enableJob,
   navigateToNextPage,
@@ -62,9 +60,7 @@ const TEST_USER_ALERTS = 2;
 const TEST_USER_NAME = 'test';
 const SIEM_KIBANA_HOST_ALERTS = 2;
 const SIEM_KIBANA_HOST_NAME = 'siem-kibana';
-const DATE_FORMAT = 'MMM D, YYYY @ HH:mm:ss.SSS';
-const DATE_BEFORE_ALERT_CREATION = moment().format(DATE_FORMAT);
-const OLDEST_DATE = moment('2019-01-19T16:22:56.217Z').format(DATE_FORMAT);
+const END_DATE = 'Jan 19, 2019 @ 20:33:29.186';
 
 describe('Entity Analytics Dashboard', { tags: ['@ess', '@brokenInServerless'] }, () => {
   before(() => {
@@ -205,8 +201,7 @@ describe('Entity Analytics Dashboard', { tags: ['@ess', '@brokenInServerless'] }
         });
 
         it('filters the alerts count with time range', () => {
-          setEndDate(DATE_BEFORE_ALERT_CREATION);
-
+          setEndDate(END_DATE);
           updateDates();
 
           cy.get(HOSTS_TABLE_ALERT_CELL).first().should('include.text', 0);
@@ -294,7 +289,7 @@ describe('Entity Analytics Dashboard', { tags: ['@ess', '@brokenInServerless'] }
         });
 
         it('filters the alerts count with time range', () => {
-          setEndDate(DATE_BEFORE_ALERT_CREATION);
+          setEndDate(END_DATE);
           updateDates();
 
           cy.get(USERS_TABLE_ALERT_CELL).first().should('include.text', 0);
@@ -427,7 +422,7 @@ describe('Entity Analytics Dashboard', { tags: ['@ess', '@brokenInServerless'] }
         });
 
         it('filters the alerts count with time range', () => {
-          setEndDate(DATE_BEFORE_ALERT_CREATION);
+          setEndDate(END_DATE);
           updateDates();
 
           cy.get(HOSTS_TABLE_ALERT_CELL).first().should('include.text', 0);
@@ -437,18 +432,6 @@ describe('Entity Analytics Dashboard', { tags: ['@ess', '@brokenInServerless'] }
           updateDates();
         });
 
-        it('filters risk scores with time range', () => {
-          const now = moment().format(DATE_FORMAT);
-          setStartDate(now);
-          updateDates();
-
-          cy.get(HOST_RISK_SCORE_NO_DATA_DETECTED).should('be.visible');
-
-          // CLEAR DATES
-          setStartDate(OLDEST_DATE);
-          updateDates();
-        });
-
         it('opens alerts page when alerts count is clicked', () => {
           clickOnFirstHostsAlerts();
           cy.url().should('include', ALERTS_URL);
@@ -532,7 +515,7 @@ describe('Entity Analytics Dashboard', { tags: ['@ess', '@brokenInServerless'] }
         });
 
         it('filters the alerts count with time range', () => {
-          setEndDate(DATE_BEFORE_ALERT_CREATION);
+          setEndDate(END_DATE);
           updateDates();
 
           cy.get(USERS_TABLE_ALERT_CELL).first().should('include.text', 0);
@@ -542,18 +525,6 @@ describe('Entity Analytics Dashboard', { tags: ['@ess', '@brokenInServerless'] }
           updateDates();
         });
 
-        it('filters risk scores with time range', () => {
-          const now = moment().format(DATE_FORMAT);
-          setStartDate(now);
-          updateDates();
-
-          cy.get(USER_RISK_SCORE_NO_DATA_DETECTED).should('be.visible');
-
-          // CLEAR DATES
-          setStartDate(OLDEST_DATE);
-          updateDates();
-        });
-
         it('opens alerts page when alerts count is clicked', () => {
           clickOnFirstUsersAlerts();
 

x-pack/test/security_solution_cypress/cypress/e2e/explore/hosts/host_risk_tab.cy.ts

@@ -49,10 +49,9 @@ describe('risk tab', { tags: ['@ess', '@serverless'] }, () => {
 
     it('renders the table', () => {
       kqlSearch('host.name: "siem-kibana" {enter}');
-      cy.get(HOST_BY_RISK_TABLE_CELL).eq(4).should('have.text', 'siem-kibana');
-      cy.get(HOST_BY_RISK_TABLE_CELL).eq(5).should('have.text', 'Mar 10, 2021 @ 14:51:05.766');
-      cy.get(HOST_BY_RISK_TABLE_CELL).eq(6).should('have.text', '21');
-      cy.get(HOST_BY_RISK_TABLE_CELL).eq(7).should('have.text', 'Low');
+      cy.get(HOST_BY_RISK_TABLE_CELL).eq(3).should('have.text', 'siem-kibana');
+      cy.get(HOST_BY_RISK_TABLE_CELL).eq(4).should('have.text', '21');
+      cy.get(HOST_BY_RISK_TABLE_CELL).eq(5).should('have.text', 'Low');
     });
 
     it.skip('filters the table', () => {
@@ -100,10 +99,9 @@ describe('risk tab', { tags: ['@ess', '@serverless'] }, () => {
 
     it('renders the table', () => {
       kqlSearch('host.name: "siem-kibana" {enter}');
-      cy.get(HOST_BY_RISK_TABLE_CELL).eq(4).should('have.text', 'siem-kibana');
-      cy.get(HOST_BY_RISK_TABLE_CELL).eq(5).should('have.text', 'Mar 10, 2021 @ 14:51:05.766');
-      cy.get(HOST_BY_RISK_TABLE_CELL).eq(6).should('have.text', '90');
-      cy.get(HOST_BY_RISK_TABLE_CELL).eq(7).should('have.text', 'Critical');
+      cy.get(HOST_BY_RISK_TABLE_CELL).eq(3).should('have.text', 'siem-kibana');
+      cy.get(HOST_BY_RISK_TABLE_CELL).eq(4).should('have.text', '90');
+      cy.get(HOST_BY_RISK_TABLE_CELL).eq(5).should('have.text', 'Critical');
     });
 
     it.skip('filters the table', () => {

x-pack/test/security_solution_cypress/cypress/e2e/inspect/inspect_button.cy.ts

@@ -17,7 +17,7 @@ import {
   openTableInspectModal,
 } from '../../tasks/inspect';
 import { login } from '../../tasks/login';
-import { visitWithTimeRange } from '../../tasks/navigation';
+import { visit } from '../../tasks/navigation';
 import { postDataView, waitForWelcomePanelToBeLoaded } from '../../tasks/common';
 import { selectDataView } from '../../tasks/sourcerer';
 
@@ -46,7 +46,7 @@ describe('Inspect Explore pages', { tags: ['@ess', '@serverless', '@brokenInServ
     it(`inspect ${pageName} page`, () => {
       login();
 
-      visitWithTimeRange(url, {
+      visit(url, {
         visitOptions: {
           onLoad: () => {
             waitForWelcomePanelToBeLoaded();

x-pack/test/security_solution_cypress/cypress/screens/inspect.ts

@@ -86,6 +86,7 @@ export const INSPECT_BUTTONS_IN_SECURITY: InspectButtonMetadata[] = [
         altInspectId: '[data-test-subj="events-viewer-panel"]',
         id: EVENT_CONTAINER_TABLE_NOT_LOADING,
       },
+
       {
         title: 'Host risk',
         tab: RISK_DETAILS_NAV,