[8.11] [Security Solutions] Update risk score tables to filter by timerange (#168826) (#170928)

# Backport

This will backport the following commits from `main` to `8.11`:
- [[Security Solutions] Update risk score tables to filter by timerange
(#168826)](https://github.com/elastic/kibana/pull/168826)

Now that the 8.11.0 release is closed
https://github.com/elastic/dev/issues/2367 we can merge #168826 to
8.11.1



<!--- Backport version: 8.9.8 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Pablo
Machado","email":"machadoum@gmail.com"},"sourceCommit":{"committedDate":"2023-10-19T10:30:28Z","message":"[Security
Solutions] Update risk score tables to filter by timerange
(#168826)\n\nissue:
https://github.com/elastic/kibana/issues/162451\r\n\r\n##
Summary\r\n\r\n* Update Entity analytics dashboard to filter by
timerange and to\r\ndisplay timestamp field\r\n* Update Users risk score
tab to filter by timerange and to display\r\ntimestamp field\r\n* Update
Hosts risk score tab to filter by timerange and to display\r\ntimestamp
field\r\n* Delete tooltip that used to warn users that risk tables din't
filter\r\nby timerange\r\n\r\n\r\n<img width=\"1501\" alt=\"Screenshot
2023-10-13 at 11 54
19\"\r\nsrc=\"a99e6ec7-0cbd-44a9-b1b1-b2dc9f4ad7cf\">\r\n<img
width=\"1506\" alt=\"Screenshot 2023-10-13 at 11 54
38\"\r\nsrc=\"78f59c54-9210-4d09-8e22-bdab1b2103c5\">\r\n<img
width=\"1497\" alt=\"Screenshot 2023-10-13 at 11 54
53\"\r\nsrc=\"35c19ee4-3cbc-42f5-96c1-1c63dc47300b\">\r\n\r\n\r\n\r\n###
How to test\r\n* Create alerts and enable the risk engine\r\n* Check if
the Entity analytics dashboard filters by timerange\r\n* Check if the
Users risk score tab filters by timerange\r\n* Check if the Hosts risk
score tab filters by timerange\r\n* Check if the risk score on top of
the user details page does NOT\r\nfilter by timerange\r\n* Check if the
risk score inside flyouts (Alerts, users and hosts) does\r\nNOT filter
by timerange\r\n* Check if the info tooltips about the timerange filter
were removed\r\n\r\n\r\n\r\n### Checklist\r\n\r\n- [x] Any text added
follows [EUI's
writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing),
uses\r\nsentence case text and includes
[i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n-
[x] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common
scenarios","sha":"e12cfc157ec255a2d3655168c0ec0a08182ac444","branchLabelMapping":{"^v8.12.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:enhancement","backport:skip","Team:Threat
Hunting","Team: SecuritySolution","Theme:
entity_analytics","Feature:Entity
Analytics","v8.12.0","v8.11.1"],"number":168826,"url":"https://github.com/elastic/kibana/pull/168826","mergeCommit":{"message":"[Security
Solutions] Update risk score tables to filter by timerange
(#168826)\n\nissue:
https://github.com/elastic/kibana/issues/162451\r\n\r\n##
Summary\r\n\r\n* Update Entity analytics dashboard to filter by
timerange and to\r\ndisplay timestamp field\r\n* Update Users risk score
tab to filter by timerange and to display\r\ntimestamp field\r\n* Update
Hosts risk score tab to filter by timerange and to display\r\ntimestamp
field\r\n* Delete tooltip that used to warn users that risk tables din't
filter\r\nby timerange\r\n\r\n\r\n<img width=\"1501\" alt=\"Screenshot
2023-10-13 at 11 54
19\"\r\nsrc=\"a99e6ec7-0cbd-44a9-b1b1-b2dc9f4ad7cf\">\r\n<img
width=\"1506\" alt=\"Screenshot 2023-10-13 at 11 54
38\"\r\nsrc=\"78f59c54-9210-4d09-8e22-bdab1b2103c5\">\r\n<img
width=\"1497\" alt=\"Screenshot 2023-10-13 at 11 54
53\"\r\nsrc=\"35c19ee4-3cbc-42f5-96c1-1c63dc47300b\">\r\n\r\n\r\n\r\n###
How to test\r\n* Create alerts and enable the risk engine\r\n* Check if
the Entity analytics dashboard filters by timerange\r\n* Check if the
Users risk score tab filters by timerange\r\n* Check if the Hosts risk
score tab filters by timerange\r\n* Check if the risk score on top of
the user details page does NOT\r\nfilter by timerange\r\n* Check if the
risk score inside flyouts (Alerts, users and hosts) does\r\nNOT filter
by timerange\r\n* Check if the info tooltips about the timerange filter
were removed\r\n\r\n\r\n\r\n### Checklist\r\n\r\n- [x] Any text added
follows [EUI's
writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing),
uses\r\nsentence case text and includes
[i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n-
[x] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common
scenarios","sha":"e12cfc157ec255a2d3655168c0ec0a08182ac444"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v8.12.0","labelRegex":"^v8.12.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/168826","number":168826,"mergeCommit":{"message":"[Security
Solutions] Update risk score tables to filter by timerange
(#168826)\n\nissue:
https://github.com/elastic/kibana/issues/162451\r\n\r\n##
Summary\r\n\r\n* Update Entity analytics dashboard to filter by
timerange and to\r\ndisplay timestamp field\r\n* Update Users risk score
tab to filter by timerange and to display\r\ntimestamp field\r\n* Update
Hosts risk score tab to filter by timerange and to display\r\ntimestamp
field\r\n* Delete tooltip that used to warn users that risk tables din't
filter\r\nby timerange\r\n\r\n\r\n<img width=\"1501\" alt=\"Screenshot
2023-10-13 at 11 54
19\"\r\nsrc=\"a99e6ec7-0cbd-44a9-b1b1-b2dc9f4ad7cf\">\r\n<img
width=\"1506\" alt=\"Screenshot 2023-10-13 at 11 54
38\"\r\nsrc=\"78f59c54-9210-4d09-8e22-bdab1b2103c5\">\r\n<img
width=\"1497\" alt=\"Screenshot 2023-10-13 at 11 54
53\"\r\nsrc=\"35c19ee4-3cbc-42f5-96c1-1c63dc47300b\">\r\n\r\n\r\n\r\n###
How to test\r\n* Create alerts and enable the risk engine\r\n* Check if
the Entity analytics dashboard filters by timerange\r\n* Check if the
Users risk score tab filters by timerange\r\n* Check if the Hosts risk
score tab filters by timerange\r\n* Check if the risk score on top of
the user details page does NOT\r\nfilter by timerange\r\n* Check if the
risk score inside flyouts (Alerts, users and hosts) does\r\nNOT filter
by timerange\r\n* Check if the info tooltips about the timerange filter
were removed\r\n\r\n\r\n\r\n### Checklist\r\n\r\n- [x] Any text added
follows [EUI's
writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing),
uses\r\nsentence case text and includes
[i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n-
[x] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common
scenarios","sha":"e12cfc157ec255a2d3655168c0ec0a08182ac444"}},{"branch":"8.11","label":"v8.11.1","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"url":"https://github.com/elastic/kibana/pull/169502","number":169502,"state":"MERGED","mergeCommit":{"sha":"0fea774ea1c4fcf4424c44c1e4aa8d312ff2252a","message":"[8.11]
[Security Solutions] Update risk score tables to filter by timerange
(#168826) (#169502)\n\n# Backport\r\n\r\nThis will backport the
following commits from `main` to `8.11`:\r\n- [[Security Solutions]
Update risk score tables to filter by
timerange\r\n(#168826)](https://github.com/elastic/kibana/pull/168826)\r\n\r\n<!---
Backport version: 8.9.8 -->\r\n\r\n### Questions ?\r\nPlease refer to
the [Backport
tool\r\ndocumentation](https://github.com/sqren/backport)\r\n\r\n<!--BACKPORT
[{\"author\":{\"name\":\"Pablo\r\nMachado\",\"email\":\"machadoum@gmail.com\"},\"sourceCommit\":{\"committedDate\":\"2023-10-19T10:30:28Z\",\"message\":\"[Security\r\nSolutions]
Update risk score tables to filter by
timerange\r\n(#168826)\\n\\nissue:\r\nhttps://github.com/elastic/kibana/issues/162451\\r\\n\\r\\n##\r\nSummary\\r\\n\\r\\n*
Update Entity analytics dashboard to filter by\r\ntimerange and
to\\r\\ndisplay timestamp field\\r\\n* Update Users risk score\r\ntab to
filter by timerange and to display\\r\\ntimestamp field\\r\\n*
Update\r\nHosts risk score tab to filter by timerange and to
display\\r\\ntimestamp\r\nfield\\r\\n* Delete tooltip that used to warn
users that risk tables din't\r\nfilter\\r\\nby
timerange\\r\\n\\r\\n\\r\\n<img width=\\\"1501\\\"
alt=\\\"Screenshot\r\n2023-10-13 at 11
54\r\n19\\\"\\r\\nsrc=\\\"a99e6ec7-0cbd-44a9-b1b1-b2dc9f4ad7cf\\\">\\r\\n<img\r\nwidth=\\\"1506\\\"
alt=\\\"Screenshot 2023-10-13 at 11
54\r\n38\\\"\\r\\nsrc=\\\"78f59c54-9210-4d09-8e22-bdab1b2103c5\\\">\\r\\n<img\r\nwidth=\\\"1497\\\"
alt=\\\"Screenshot 2023-10-13 at 11
54\r\n53\\\"\\r\\nsrc=\\\"35c19ee4-3cbc-42f5-96c1-1c63dc47300b\\\">\\r\\n\\r\\n\\r\\n\\r\\n###\r\nHow
to test\\r\\n* Create alerts and enable the risk engine\\r\\n* Check
if\r\nthe Entity analytics dashboard filters by timerange\\r\\n* Check
if the\r\nUsers risk score tab filters by timerange\\r\\n* Check if the
Hosts risk\r\nscore tab filters by timerange\\r\\n* Check if the risk
score on top of\r\nthe user details page does NOT\\r\\nfilter by
timerange\\r\\n* Check if the\r\nrisk score inside flyouts (Alerts,
users and hosts) does\\r\\nNOT filter\r\nby timerange\\r\\n* Check if
the info tooltips about the timerange filter\r\nwere
removed\\r\\n\\r\\n\\r\\n\\r\\n### Checklist\\r\\n\\r\\n- [x] Any text
added\r\nfollows
[EUI's\r\nwriting\\r\\nguidelines](https://elastic.github.io/eui/#/guidelines/writing),\r\nuses\\r\\nsentence
case text and
includes\r\n[i18n\\r\\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\\r\\n-\r\n[x]
[Unit
or\r\nfunctional\\r\\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\\r\\nwere\r\nupdated
or added to match the most
common\r\nscenarios\",\"sha\":\"e12cfc157ec255a2d3655168c0ec0a08182ac444\",\"branchLabelMapping\":{\"^v8.12.0$\":\"main\",\"^v(\\\\d+).(\\\\d+).\\\\d+$\":\"$1.$2\"}},\"sourcePullRequest\":{\"labels\":[\"release_note:enhancement\",\"backport:skip\",\"Team:Threat\r\nHunting\",\"Team:
SecuritySolution\",\"Theme:\r\nentity_analytics\",\"Feature:Entity\r\nAnalytics\",\"v8.12.0\"],\"number\":168826,\"url\":\"https://github.com/elastic/kibana/pull/168826\",\"mergeCommit\":{\"message\":\"[Security\r\nSolutions]
Update risk score tables to filter by
timerange\r\n(#168826)\\n\\nissue:\r\nhttps://github.com/elastic/kibana/issues/162451\\r\\n\\r\\n##\r\nSummary\\r\\n\\r\\n*
Update Entity analytics dashboard to filter by\r\ntimerange and
to\\r\\ndisplay timestamp field\\r\\n* Update Users risk score\r\ntab to
filter by timerange and to display\\r\\ntimestamp field\\r\\n*
Update\r\nHosts risk score tab to filter by timerange and to
display\\r\\ntimestamp\r\nfield\\r\\n* Delete tooltip that used to warn
users that risk tables din't\r\nfilter\\r\\nby
timerange\\r\\n\\r\\n\\r\\n<img width=\\\"1501\\\"
alt=\\\"Screenshot\r\n2023-10-13 at 11
54\r\n19\\\"\\r\\nsrc=\\\"a99e6ec7-0cbd-44a9-b1b1-b2dc9f4ad7cf\\\">\\r\\n<img\r\nwidth=\\\"1506\\\"
alt=\\\"Screenshot 2023-10-13 at 11
54\r\n38\\\"\\r\\nsrc=\\\"78f59c54-9210-4d09-8e22-bdab1b2103c5\\\">\\r\\n<img\r\nwidth=\\\"1497\\\"
alt=\\\"Screenshot 2023-10-13 at 11
54\r\n53\\\"\\r\\nsrc=\\\"35c19ee4-3cbc-42f5-96c1-1c63dc47300b\\\">\\r\\n\\r\\n\\r\\n\\r\\n###\r\nHow
to test\\r\\n* Create alerts and enable the risk engine\\r\\n* Check
if\r\nthe Entity analytics dashboard filters by timerange\\r\\n* Check
if the\r\nUsers risk score tab filters by timerange\\r\\n* Check if the
Hosts risk\r\nscore tab filters by timerange\\r\\n* Check if the risk
score on top of\r\nthe user details page does NOT\\r\\nfilter by
timerange\\r\\n* Check if the\r\nrisk score inside flyouts (Alerts,
users and hosts) does\\r\\nNOT filter\r\nby timerange\\r\\n* Check if
the info tooltips about the timerange filter\r\nwere
removed\\r\\n\\r\\n\\r\\n\\r\\n### Checklist\\r\\n\\r\\n- [x] Any text
added\r\nfollows
[EUI's\r\nwriting\\r\\nguidelines](https://elastic.github.io/eui/#/guidelines/writing),\r\nuses\\r\\nsentence
case text and
includes\r\n[i18n\\r\\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\\r\\n-\r\n[x]
[Unit
or\r\nfunctional\\r\\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\\r\\nwere\r\nupdated
or added to match the most
common\r\nscenarios\",\"sha\":\"e12cfc157ec255a2d3655168c0ec0a08182ac444\"}},\"sourceBranch\":\"main\",\"suggestedTargetBranches\":[],\"targetPullRequestStates\":[{\"branch\":\"main\",\"label\":\"v8.12.0\",\"labelRegex\":\"^v8.12.0$\",\"isSourceBranch\":true,\"state\":\"MERGED\",\"url\":\"https://github.com/elastic/kibana/pull/168826\",\"number\":168826,\"mergeCommit\":{\"message\":\"[Security\r\nSolutions]
Update risk score tables to filter by
timerange\r\n(#168826)\\n\\nissue:\r\nhttps://github.com/elastic/kibana/issues/162451\\r\\n\\r\\n##\r\nSummary\\r\\n\\r\\n*
Update Entity analytics dashboard to filter by\r\ntimerange and
to\\r\\ndisplay timestamp field\\r\\n* Update Users risk score\r\ntab to
filter by timerange and to display\\r\\ntimestamp field\\r\\n*
Update\r\nHosts risk score tab to filter by timerange and to
display\\r\\ntimestamp\r\nfield\\r\\n* Delete tooltip that used to warn
users that risk tables din't\r\nfilter\\r\\nby
timerange\\r\\n\\r\\n\\r\\n<img width=\\\"1501\\\"
alt=\\\"Screenshot\r\n2023-10-13 at 11
54\r\n19\\\"\\r\\nsrc=\\\"a99e6ec7-0cbd-44a9-b1b1-b2dc9f4ad7cf\\\">\\r\\n<img\r\nwidth=\\\"1506\\\"
alt=\\\"Screenshot 2023-10-13 at 11
54\r\n38\\\"\\r\\nsrc=\\\"78f59c54-9210-4d09-8e22-bdab1b2103c5\\\">\\r\\n<img\r\nwidth=\\\"1497\\\"
alt=\\\"Screenshot 2023-10-13 at 11
54\r\n53\\\"\\r\\nsrc=\\\"35c19ee4-3cbc-42f5-96c1-1c63dc47300b\\\">\\r\\n\\r\\n\\r\\n\\r\\n###\r\nHow
to test\\r\\n* Create alerts and enable the risk engine\\r\\n* Check
if\r\nthe Entity analytics dashboard filters by timerange\\r\\n* Check
if the\r\nUsers risk score tab filters by timerange\\r\\n* Check if the
Hosts risk\r\nscore tab filters by timerange\\r\\n* Check if the risk
score on top of\r\nthe user details page does NOT\\r\\nfilter by
timerange\\r\\n* Check if the\r\nrisk score inside flyouts (Alerts,
users and hosts) does\\r\\nNOT filter\r\nby timerange\\r\\n* Check if
the info tooltips about the timerange filter\r\nwere
removed\\r\\n\\r\\n\\r\\n\\r\\n### Checklist\\r\\n\\r\\n- [x] Any text
added\r\nfollows
[EUI's\r\nwriting\\r\\nguidelines](https://elastic.github.io/eui/#/guidelines/writing),\r\nuses\\r\\nsentence
case text and
includes\r\n[i18n\\r\\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\\r\\n-\r\n[x]
[Unit
or\r\nfunctional\\r\\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\\r\\nwere\r\nupdated
or added to match the most
common\r\nscenarios\",\"sha\":\"e12cfc157ec255a2d3655168c0ec0a08182ac444\"}}]}]\r\nBACKPORT-->"}}]}]
BACKPORT-->

---------

Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>

x-pack/plugins/security_solution/common/search_strategy/security_solution/risk_score/all/index.ts

@@ -74,6 +74,8 @@ export interface RiskScoreItem {
   [RiskScoreFields.hostName]: Maybe<string>;
   [RiskScoreFields.userName]: Maybe<string>;
 
+  [RiskScoreFields.timestamp]: Maybe<string>;
+
   [RiskScoreFields.hostRisk]: Maybe<RiskSeverity>;
   [RiskScoreFields.userRisk]: Maybe<RiskSeverity>;
 

x-pack/plugins/security_solution/common/search_strategy/security_solution/users/common/index.ts

@@ -11,6 +11,7 @@ import type { CommonFields, Maybe, RiskScoreFields, RiskSeverity, SortField } fr
 export interface UserRiskScoreItem {
   _id?: Maybe<string>;
   [RiskScoreFields.userName]: Maybe<string>;
+  [RiskScoreFields.timestamp]: Maybe<string>;
   [RiskScoreFields.userRisk]: Maybe<RiskSeverity>;
   [RiskScoreFields.userRiskScore]: Maybe<number>;
 }

x-pack/plugins/security_solution/public/explore/components/risk_score/risk_score_onboarding/risk_score_no_data_detected.tsx

@@ -14,7 +14,6 @@ import * as i18n from './translations';
 import { RiskScoreHeaderTitle } from './risk_score_header_title';
 import { RiskScoreRestartButton } from './risk_score_restart_button';
 import type { inputsModel } from '../../../../common/store';
-import * as overviewI18n from '../../../../overview/components/entity_analytics/common/translations';
 import { useIsNewRiskScoreModuleInstalled } from '../../../../entity_analytics/api/hooks/use_risk_engine_status';
 
 const RiskScoresNoDataDetectedComponent = ({
@@ -37,15 +36,7 @@ const RiskScoresNoDataDetectedComponent = ({
 
   return (
     <EuiPanel data-test-subj={`${entityType}-risk-score-no-data-detected`} hasBorder>
-      <HeaderSection
-        title={<RiskScoreHeaderTitle riskScoreEntity={entityType} />}
-        titleSize="s"
-        tooltip={
-          entityType === RiskScoreEntity.user
-            ? overviewI18n.USER_RISK_TABLE_TOOLTIP
-            : overviewI18n.HOST_RISK_TABLE_TOOLTIP
-        }
-      />
+      <HeaderSection title={<RiskScoreHeaderTitle riskScoreEntity={entityType} />} titleSize="s" />
       <EuiEmptyPrompt
         title={<h2>{translations.title}</h2>}
         body={translations.body}

x-pack/plugins/security_solution/public/explore/containers/risk_score/all/index.tsx

@@ -125,13 +125,6 @@ export const useRiskScore = <T extends RiskScoreEntity.host | RiskScoreEntity.us
     }
   }, [defaultIndex, refetch, refetchDeprecated]);
 
-  // since query does not take timerange arg, we need to manually refetch when time range updates
-  // the results can be different if the user has run the ML for the first time since pressing refresh
-  useEffect(() => {
-    refetchAll();
-    // eslint-disable-next-line react-hooks/exhaustive-deps
-  }, [timerange?.to, timerange?.from]);
-
   const riskScoreResponse = useMemo(
     () => ({
       data: response.data,
@@ -168,7 +161,7 @@ export const useRiskScore = <T extends RiskScoreEntity.host | RiskScoreEntity.us
                   }
                 : undefined,
             sort,
-            timerange: onlyLatest ? undefined : requestTimerange,
+            timerange: requestTimerange,
             alertsTimerange: includeAlertsCount ? requestTimerange : undefined,
           }
         : null,
@@ -180,7 +173,6 @@ export const useRiskScore = <T extends RiskScoreEntity.host | RiskScoreEntity.us
       querySize,
       sort,
       requestTimerange,
-      onlyLatest,
       riskEntity,
       includeAlertsCount,
     ]

x-pack/plugins/security_solution/public/explore/containers/risk_score/kpi/index.tsx

@@ -5,7 +5,7 @@
  * 2.0.
  */
 
-import { useEffect, useMemo } from 'react';
+import { useCallback, useEffect, useMemo } from 'react';
 
 import {
   getHostRiskIndex,
@@ -20,12 +20,12 @@ import { isIndexNotFoundError } from '../../../../common/utils/exceptions';
 import type { ESQuery } from '../../../../../common/typed_json';
 import type { SeverityCount } from '../../../components/risk_score/severity/types';
 import { useSpaceId } from '../../../../common/hooks/use_space_id';
-import { useMlCapabilities } from '../../../../common/components/ml/hooks/use_ml_capabilities';
 import { useSearchStrategy } from '../../../../common/containers/use_search_strategy';
 import type { InspectResponse } from '../../../../types';
 import type { inputsModel } from '../../../../common/store';
 import { useAppToasts } from '../../../../common/hooks/use_app_toasts';
 import { useIsNewRiskScoreModuleInstalled } from '../../../../entity_analytics/api/hooks/use_risk_engine_status';
+import { useRiskScoreFeatureStatus } from '../feature_status';
 
 interface RiskScoreKpi {
   error: unknown;
@@ -52,7 +52,7 @@ export const useRiskScoreKpi = ({
 }: UseRiskScoreKpiProps): RiskScoreKpi => {
   const { addError } = useAppToasts();
   const spaceId = useSpaceId();
-  const featureEnabled = useMlCapabilities().isPlatinumOrTrialLicense;
+
   const isNewRiskScoreModuleInstalled = useIsNewRiskScoreModuleInstalled();
   const defaultIndex = spaceId
     ? riskEntity === RiskScoreEntity.host
@@ -60,6 +60,14 @@ export const useRiskScoreKpi = ({
       : getUserRiskIndex(spaceId, true, isNewRiskScoreModuleInstalled)
     : undefined;
 
+  const {
+    isDeprecated,
+    isEnabled,
+    isAuthorized,
+    isLoading: isDeprecatedLoading,
+    refetch: refetchFeatureStatus,
+  } = useRiskScoreFeatureStatus(riskEntity, defaultIndex);
+
   const { loading, result, search, refetch, inspect, error } =
     useSearchStrategy<RiskQueries.kpiRiskScore>({
       factoryQueryType: RiskQueries.kpiRiskScore,
@@ -72,21 +80,46 @@ export const useRiskScoreKpi = ({
 
   const isModuleDisabled = !!error && isIndexNotFoundError(error);
 
+  const requestTimerange = useMemo(
+    () => (timerange ? { to: timerange.to, from: timerange.from, interval: '' } : undefined),
+    [timerange]
+  );
+
   useEffect(() => {
-    if (!skip && defaultIndex && featureEnabled) {
+    if (
+      !skip &&
+      !isDeprecatedLoading &&
+      defaultIndex &&
+      isAuthorized &&
+      isEnabled &&
+      !isDeprecated
+    ) {
       search({
         filterQuery,
         defaultIndex: [defaultIndex],
         entity: riskEntity,
+        timerange: requestTimerange,
       });
     }
-  }, [defaultIndex, search, filterQuery, skip, riskEntity, featureEnabled]);
+  }, [
+    defaultIndex,
+    search,
+    filterQuery,
+    skip,
+    riskEntity,
+    requestTimerange,
+    isEnabled,
+    isDeprecated,
+    isDeprecatedLoading,
+    isAuthorized,
+  ]);
 
-  // since query does not take timerange arg, we need to manually refetch when time range updates
-  useEffect(() => {
-    refetch();
-    // eslint-disable-next-line react-hooks/exhaustive-deps
-  }, [timerange?.to, timerange?.from]);
+  const refetchAll = useCallback(() => {
+    if (defaultIndex) {
+      refetchFeatureStatus(defaultIndex);
+      refetch();
+    }
+  }, [defaultIndex, refetch, refetchFeatureStatus]);
 
   useEffect(() => {
     if (error) {
@@ -110,5 +143,5 @@ export const useRiskScoreKpi = ({
     };
   }, [result, loading, error]);
 
-  return { error, severityCount, loading, isModuleDisabled, refetch, inspect };
+  return { error, severityCount, loading, isModuleDisabled, refetch: refetchAll, inspect };
 };

x-pack/plugins/security_solution/public/explore/hosts/components/host_risk_score_table/columns.test.tsx

@@ -17,7 +17,7 @@ describe('getHostRiskScoreColumns', () => {
     });
 
     const riskScore = 10.11111111;
-    const riskScoreColumn = columns[1];
+    const riskScoreColumn = columns[2];
     const renderedColumn = riskScoreColumn.render!(riskScore, null);
 
     const { queryByTestId } = render(<TestProviders>{renderedColumn}</TestProviders>);

x-pack/plugins/security_solution/public/explore/hosts/components/host_risk_score_table/columns.tsx

@@ -17,11 +17,12 @@ import { HostDetailsLink } from '../../../../common/components/links';
 import type { HostRiskScoreColumns } from '.';
 import * as i18n from './translations';
 import { HostsTableType } from '../../store/model';
-import type { RiskSeverity } from '../../../../../common/search_strategy';
+import type { Maybe, RiskSeverity } from '../../../../../common/search_strategy';
 import { RiskScoreFields, RiskScoreEntity } from '../../../../../common/search_strategy';
 import { RiskScoreLevel } from '../../../components/risk_score/severity/common';
 import { ENTITY_RISK_LEVEL } from '../../../components/risk_score/translations';
 import { CELL_ACTIONS_TELEMETRY } from '../../../components/risk_score/constants';
+import { FormattedRelativePreferenceDate } from '../../../../common/components/formatted_date';
 
 export const getHostRiskScoreColumns = ({
   dispatchSeverityUpdate,
@@ -34,6 +35,7 @@ export const getHostRiskScoreColumns = ({
     truncateText: false,
     mobileOptions: { show: true },
     sortable: true,
+    width: '35%',
     render: (hostName) => {
       if (hostName != null && hostName.length > 0) {
         return (
@@ -57,6 +59,19 @@ export const getHostRiskScoreColumns = ({
       return getEmptyTagValue();
     },
   },
+  {
+    field: RiskScoreFields.timestamp,
+    name: i18n.LAST_UPDATED,
+    truncateText: false,
+    mobileOptions: { show: true },
+    sortable: true,
+    render: (lastSeen: Maybe<string>) => {
+      if (lastSeen != null) {
+        return <FormattedRelativePreferenceDate value={lastSeen} />;
+      }
+      return getEmptyTagValue();
+    },
+  },
   {
     field: RiskScoreFields.hostRiskScore,
     name: i18n.HOST_RISK_SCORE,

x-pack/plugins/security_solution/public/explore/hosts/components/host_risk_score_table/index.tsx

@@ -60,6 +60,7 @@ interface HostRiskScoreTableProps {
 
 export type HostRiskScoreColumns = [
   Columns<RiskScoreItem[RiskScoreFields.hostName]>,
+  Columns<RiskScoreItem[RiskScoreFields.timestamp]>,
   Columns<RiskScoreItem[RiskScoreFields.hostRiskScore]>,
   Columns<RiskScoreItem[RiskScoreFields.hostRisk]>
 ];
@@ -191,7 +192,6 @@ const HostRiskScoreTableComponent: React.FC<HostRiskScoreTableProps> = ({
       headerSupplement={risk}
       headerTitle={i18nHosts.HOST_RISK_TITLE}
       headerUnit={i18n.UNIT(totalCount)}
-      headerTooltip={i18nHosts.HOST_RISK_TABLE_TOOLTIP}
       id={id}
       isInspect={isInspect}
       itemsPerRow={rowItems}

x-pack/plugins/security_solution/public/explore/hosts/components/host_risk_score_table/translations.ts

@@ -28,16 +28,15 @@ export const HOST_RISK_TITLE = i18n.translate(
   }
 );
 
-export const HOST_RISK_TABLE_TOOLTIP = i18n.translate(
-  'xpack.securitySolution.hostsRiskTable.hostsTableTooltip',
-  {
-    defaultMessage:
-      'The host risk table is not affected by the KQL time range. This table shows the latest recorded risk score for each host.',
-  }
-);
-
 export const VIEW_HOSTS_BY_SEVERITY = (severity: string) =>
   i18n.translate('xpack.securitySolution.hostsRiskTable.filteredHostsTitle', {
     values: { severity },
     defaultMessage: 'View {severity} risk hosts',
   });
+
+export const LAST_UPDATED = i18n.translate(
+  'xpack.securitySolution.hostsRiskTable.lastUpdatedTitle',
+  {
+    defaultMessage: 'Last updated',
+  }
+);

x-pack/plugins/security_solution/public/explore/users/components/user_risk_score_table/columns.test.tsx

@@ -20,8 +20,9 @@ describe('getUserRiskScoreColumns', () => {
     const columns = getUserRiskScoreColumns(defaultProps);
 
     expect(columns[0].field).toBe('user.name');
-    expect(columns[1].field).toBe(RiskScoreFields.userRiskScore);
-    expect(columns[2].field).toBe(RiskScoreFields.userRisk);
+    expect(columns[1].field).toBe(RiskScoreFields.timestamp);
+    expect(columns[2].field).toBe(RiskScoreFields.userRiskScore);
+    expect(columns[3].field).toBe(RiskScoreFields.userRisk);
 
     columns.forEach((column) => {
       expect(column).toHaveProperty('name');
@@ -45,7 +46,7 @@ describe('getUserRiskScoreColumns', () => {
     const columns: UserRiskScoreColumns = getUserRiskScoreColumns(defaultProps);
 
     const riskScore = 10.11111111;
-    const riskScoreColumn = columns[1];
+    const riskScoreColumn = columns[2];
     const renderedColumn = riskScoreColumn.render!(riskScore, null);
 
     const { queryByTestId } = render(<TestProviders>{renderedColumn}</TestProviders>);

x-pack/plugins/security_solution/public/explore/users/components/user_risk_score_table/columns.tsx

@@ -17,12 +17,13 @@ import { getEmptyTagValue } from '../../../../common/components/empty_value';
 import type { UserRiskScoreColumns } from '.';
 import * as i18n from './translations';
 import { RiskScoreLevel } from '../../../components/risk_score/severity/common';
-import type { RiskSeverity } from '../../../../../common/search_strategy';
+import type { Maybe, RiskSeverity } from '../../../../../common/search_strategy';
 import { RiskScoreEntity, RiskScoreFields } from '../../../../../common/search_strategy';
 import { UserDetailsLink } from '../../../../common/components/links';
 import { UsersTableType } from '../../store/model';
 import { ENTITY_RISK_LEVEL } from '../../../components/risk_score/translations';
 import { CELL_ACTIONS_TELEMETRY } from '../../../components/risk_score/constants';
+import { FormattedRelativePreferenceDate } from '../../../../common/components/formatted_date';
 
 export const getUserRiskScoreColumns = ({
   dispatchSeverityUpdate,
@@ -35,6 +36,7 @@ export const getUserRiskScoreColumns = ({
     truncateText: false,
     mobileOptions: { show: true },
     sortable: true,
+    width: '35%',
     render: (userName) => {
       if (userName != null && userName.length > 0) {
         const id = escapeDataProviderId(`user-risk-score-table-userName-${userName}`);
@@ -60,6 +62,19 @@ export const getUserRiskScoreColumns = ({
       return getEmptyTagValue();
     },
   },
+  {
+    field: RiskScoreFields.timestamp,
+    name: i18n.LAST_UPDATED,
+    truncateText: false,
+    mobileOptions: { show: true },
+    sortable: true,
+    render: (lastSeen: Maybe<string>) => {
+      if (lastSeen != null) {
+        return <FormattedRelativePreferenceDate value={lastSeen} />;
+      }
+      return getEmptyTagValue();
+    },
+  },
   {
     field: RiskScoreFields.userRiskScore,
     name: i18n.USER_RISK_SCORE,

x-pack/plugins/security_solution/public/explore/users/components/user_risk_score_table/index.tsx

@@ -60,6 +60,7 @@ interface UserRiskScoreTableProps {
 
 export type UserRiskScoreColumns = [
   Columns<UserRiskScoreItem[RiskScoreFields.userName]>,
+  Columns<UserRiskScoreItem[RiskScoreFields.timestamp]>,
   Columns<UserRiskScoreItem[RiskScoreFields.userRiskScore]>,
   Columns<UserRiskScoreItem[RiskScoreFields.userRisk]>
 ];
@@ -191,7 +192,6 @@ const UserRiskScoreTableComponent: React.FC<UserRiskScoreTableProps> = ({
       }
       headerSupplement={risk}
       headerTitle={i18nUsers.NAVIGATION_RISK_TITLE}
-      headerTooltip={i18n.USER_RISK_TABLE_TOOLTIP}
       headerUnit={i18n.UNIT(totalCount)}
       id={id}
       isInspect={isInspect}

x-pack/plugins/security_solution/public/explore/users/components/user_risk_score_table/translations.ts

@@ -39,10 +39,6 @@ export const ROWS_10 = i18n.translate('xpack.securitySolution.usersTable.rows',
   defaultMessage: '{numRows} {numRows, plural, =0 {rows} =1 {row} other {rows}}',
 });
 
-export const USER_RISK_TABLE_TOOLTIP = i18n.translate(
-  'xpack.securitySolution.hostsRiskTable.usersTableTooltip',
-  {
-    defaultMessage:
-      'The user risk table is not affected by the KQL time range. This table shows the latest recorded risk score for each user.',
-  }
-);
+export const LAST_UPDATED = i18n.translate('xpack.securitySolution.usersTable.lastUpdatedTitle', {
+  defaultMessage: 'Last updated',
+});

x-pack/plugins/security_solution/public/overview/components/entity_analytics/common/translations.ts

@@ -24,19 +24,3 @@ export const USER_RISK_TITLE = i18n.translate(
     defaultMessage: 'User Risk Scores',
   }
 );
-
-export const HOST_RISK_TABLE_TOOLTIP = i18n.translate(
-  'xpack.securitySolution.entityAnalytics.hostsRiskDashboard.hostsTableTooltip',
-  {
-    defaultMessage:
-      'The host risk table is not affected by the time range. This table shows the latest recorded risk score for each host.',
-  }
-);
-
-export const USER_RISK_TABLE_TOOLTIP = i18n.translate(
-  'xpack.securitySolution.entityAnalytics.usersRiskDashboard.usersTableTooltip',
-  {
-    defaultMessage:
-      'The user risk table is not affected by the time range. This table shows the latest recorded risk score for each user.',
-  }
-);

x-pack/plugins/security_solution/public/overview/components/entity_analytics/risk_score/columns.tsx

@@ -17,6 +17,7 @@ import { RiskScoreLevel } from '../../../../explore/components/risk_score/severi
 import { CELL_ACTIONS_TELEMETRY } from '../../../../explore/components/risk_score/constants';
 import type {
   HostRiskScore,
+  Maybe,
   RiskSeverity,
   UserRiskScore,
 } from '../../../../../common/search_strategy';
@@ -29,6 +30,7 @@ import {
   SecurityCellActionsTrigger,
   SecurityCellActionType,
 } from '../../../../common/components/cell_actions';
+import { FormattedRelativePreferenceDate } from '../../../../common/components/formatted_date';
 
 type HostRiskScoreColumns = Array<EuiBasicTableColumn<HostRiskScore & UserRiskScore>>;
 
@@ -91,6 +93,21 @@ export const getRiskScoreColumns = (
       return getEmptyTagValue();
     },
   },
+
+  {
+    field: RiskScoreFields.timestamp,
+    name: i18n.LAST_UPDATED,
+    truncateText: false,
+    mobileOptions: { show: true },
+    sortable: true,
+    width: '20%',
+    render: (lastSeen: Maybe<string>) => {
+      if (lastSeen != null) {
+        return <FormattedRelativePreferenceDate value={lastSeen} />;
+      }
+      return getEmptyTagValue();
+    },
+  },
   {
     field:
       riskEntity === RiskScoreEntity.host
@@ -114,7 +131,7 @@ export const getRiskScoreColumns = (
   {
     field:
       riskEntity === RiskScoreEntity.host ? RiskScoreFields.hostRisk : RiskScoreFields.userRisk,
-    width: '30%',
+    width: '25%',
     name: i18n.ENTITY_RISK_LEVEL(riskEntity),
     truncateText: false,
     mobileOptions: { show: true },

x-pack/plugins/security_solution/public/overview/components/entity_analytics/risk_score/index.tsx

@@ -26,7 +26,6 @@ import { RiskScoresNoDataDetected } from '../../../../explore/components/risk_sc
 import { useRefetchQueries } from '../../../../common/hooks/use_refetch_queries';
 import { Loader } from '../../../../common/components/loader';
 import { Panel } from '../../../../common/components/panel';
-import * as i18n from './translations';
 import { useEntityInfo } from './use_entity';
 import { RiskScoreHeaderContent } from './header_content';
 import { ChartContent } from './chart_content';
@@ -175,11 +174,6 @@ const EntityAnalyticsRiskScoresComponent = ({ riskEntity }: { riskEntity: RiskSc
           id={entity.tableQueryId}
           toggleStatus={toggleStatus}
           toggleQuery={setToggleStatus}
-          tooltip={
-            riskEntity === RiskScoreEntity.host
-              ? i18n.HOST_RISK_TABLE_TOOLTIP
-              : i18n.USER_RISK_TABLE_TOOLTIP
-          }
         >
           <RiskScoreHeaderContent
             entityLinkProps={entity.linkProps}

x-pack/plugins/security_solution/public/overview/components/entity_analytics/risk_score/translations.ts

@@ -33,18 +33,9 @@ export const LEARN_MORE = (riskEntity: RiskScoreEntity) =>
     },
   });
 
-export const HOST_RISK_TABLE_TOOLTIP = i18n.translate(
-  'xpack.securitySolution.entityAnalytics.riskDashboard.hostsTableTooltip',
+export const LAST_UPDATED = i18n.translate(
+  'xpack.securitySolution.entityAnalytics.riskDashboard.lastUpdatedTitle',
   {
-    defaultMessage:
-      'The Host Risk Score panel displays the list of risky hosts and their latest risk score. You may filter this list using global filters in the KQL search bar. The time-range picker filter will display Alerts within the selected time range only and does not filter the list of risky hosts.',
-  }
-);
-
-export const USER_RISK_TABLE_TOOLTIP = i18n.translate(
-  'xpack.securitySolution.entityAnalytics.riskDashboard.usersTableTooltip',
-  {
-    defaultMessage:
-      'The User Risk Score panel displays the list of risky users and their latest risk score. You may filter this list using global filters in the KQL search bar. The time-range picker filter will display Alerts within the selected time range only and does not filter the list of risky users.',
+    defaultMessage: 'Last updated',
   }
 );

x-pack/plugins/security_solution/public/overview/components/host_overview/index.tsx

@@ -10,7 +10,6 @@ import { euiDarkVars as darkTheme, euiLightVars as lightTheme } from '@kbn/ui-th
 import { getOr } from 'lodash/fp';
 import React, { useCallback, useMemo } from 'react';
 import styled from 'styled-components';
-import { useGlobalTime } from '../../../common/containers/use_global_time';
 import type { HostItem } from '../../../../common/search_strategy';
 import { buildHostNamesFilter, RiskScoreEntity } from '../../../../common/search_strategy';
 import { DEFAULT_DARK_MODE } from '../../../../common/constants';
@@ -90,20 +89,11 @@ export const HostOverview = React.memo<HostSummaryProps>(
       () => (hostName ? buildHostNamesFilter([hostName]) : undefined),
       [hostName]
     );
-    const { from, to } = useGlobalTime();
 
-    const timerange = useMemo(
-      () => ({
-        from,
-        to,
-      }),
-      [from, to]
-    );
     const { data: hostRisk, isAuthorized } = useRiskScore({
       filterQuery,
       riskEntity: RiskScoreEntity.host,
       skip: hostName == null,
-      timerange,
     });
 
     const getDefaultRenderer = useCallback(

x-pack/plugins/security_solution/public/overview/components/user_overview/index.tsx

@@ -10,7 +10,6 @@ import { euiDarkVars as darkTheme, euiLightVars as lightTheme } from '@kbn/ui-th
 import { getOr } from 'lodash/fp';
 import React, { useCallback, useMemo } from 'react';
 import styled from 'styled-components';
-import { useGlobalTime } from '../../../common/containers/use_global_time';
 import { buildUserNamesFilter, RiskScoreEntity } from '../../../../common/search_strategy';
 import { DEFAULT_DARK_MODE } from '../../../../common/constants';
 import type { DescriptionList } from '../../../../common/utility_types';
@@ -89,20 +88,9 @@ export const UserOverview = React.memo<UserSummaryProps>(
       [userName]
     );
 
-    const { from, to } = useGlobalTime();
-
-    const timerange = useMemo(
-      () => ({
-        from,
-        to,
-      }),
-      [from, to]
-    );
-
     const { data: userRisk, isAuthorized } = useRiskScore({
       filterQuery,
       skip: userName == null,
-      timerange,
       riskEntity: RiskScoreEntity.user,
     });
 

x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/risk_score/kpi/query.kpi_risk_score.dsl.ts

@@ -13,9 +13,22 @@ export const buildKpiRiskScoreQuery = ({
   defaultIndex,
   filterQuery,
   entity,
+  timerange,
 }: RiskScoreKpiRequestOptions) => {
   const filter = [...createQueryFilterClauses(filterQuery)];
 
+  if (timerange) {
+    filter.push({
+      range: {
+        '@timestamp': {
+          gte: timerange.from,
+          lte: timerange.to,
+          format: 'strict_date_optional_time',
+        },
+      },
+    });
+  }
+
   const dslQuery = {
     index: defaultIndex,
     allow_no_indices: false,

x-pack/plugins/translations/translations/fr-FR.json

@@ -35590,15 +35590,11 @@
     "xpack.securitySolution.entityAnalytics.header.anomalies": "Anomalies",
     "xpack.securitySolution.entityAnalytics.header.criticalHosts": "Hôtes critiques",
     "xpack.securitySolution.entityAnalytics.header.criticalUsers": "Utilisateurs critiques",
-    "xpack.securitySolution.entityAnalytics.hostsRiskDashboard.hostsTableTooltip": "Le tableau des risques de l'hôte n'est pas affecté par la plage temporelle. Ce tableau montre le dernier score de risque enregistré pour chaque hôte.",
     "xpack.securitySolution.entityAnalytics.hostsRiskDashboard.title": "Scores de risque de l'hôte",
-    "xpack.securitySolution.entityAnalytics.riskDashboard.hostsTableTooltip": "Le panneau de Score de risque de l'hôte affiche la liste des hôtes à risque ainsi que leur dernier score de risque. Vous pouvez filtrer cette liste à l’aide de filtres globaux dans la barre de recherche KQL. Le filtre de sélecteur de plage temporelle affiche les alertes dans l’intervalle de temps sélectionné uniquement et ne filtre pas la liste des hôtes à risque.",
-    "xpack.securitySolution.entityAnalytics.riskDashboard.usersTableTooltip": "Le panneau de score de risque de l'utilisateur affiche la liste des utilisateurs à risque et leur dernier score de risque. Vous pouvez filtrer cette liste à l’aide de filtres globaux dans la barre de recherche KQL. Le filtre de sélecteur de plage temporelle affiche uniquement les alertes dans l’intervalle de temps sélectionné et ne filtre pas la liste des utilisateurs à risque.",
     "xpack.securitySolution.entityAnalytics.riskDashboard.viewAllLabel": "Afficher tout",
     "xpack.securitySolution.entityAnalytics.technicalPreviewLabel": "Version d'évaluation technique",
     "xpack.securitySolution.entityAnalytics.totalLabel": "Total",
     "xpack.securitySolution.entityAnalytics.usersRiskDashboard.title": "Scores de risque de l'utilisateur",
-    "xpack.securitySolution.entityAnalytics.usersRiskDashboard.usersTableTooltip": "Le tableau des risques de l'utilisateur n'est pas affecté par la plage temporelle. Ce tableau montre le dernier score de risque enregistré pour chaque utilisateur.",
     "xpack.securitySolution.event.module.linkToElasticEndpointSecurityDescription": "Ouvrir dans Endpoint Security",
     "xpack.securitySolution.event.summary.threat_indicator.modal.allMatches": "Toutes les correspondances d'indicateur",
     "xpack.securitySolution.event.summary.threat_indicator.modal.close": "Fermer",
@@ -36147,10 +36143,8 @@
     "xpack.securitySolution.hostsRiskTable.hostNameTitle": "Nom d'hôte",
     "xpack.securitySolution.hostsRiskTable.hostRiskScoreTitle": "Score de risque de l'hôte",
     "xpack.securitySolution.hostsRiskTable.hostRiskTitle": "Risque de l'hôte",
-    "xpack.securitySolution.hostsRiskTable.hostsTableTooltip": "Le tableau des risques de l'hôte n'est pas affecté par la plage temporelle KQL. Ce tableau montre le dernier score de risque enregistré pour chaque hôte.",
     "xpack.securitySolution.hostsRiskTable.riskTitle": "Niveau de risque de l'hôte",
     "xpack.securitySolution.hostsRiskTable.tableTitle": "Risque de l'hôte",
-    "xpack.securitySolution.hostsRiskTable.usersTableTooltip": "Le tableau des risques de l'utilisateur n'est pas affecté par la plage temporelle KQL. Ce tableau montre le dernier score de risque enregistré pour chaque utilisateur.",
     "xpack.securitySolution.hostsTable.firstLastSeenToolTip": "Par rapport à la plage de dates sélectionnée",
     "xpack.securitySolution.hostsTable.hostsTitle": "Tous les hôtes",
     "xpack.securitySolution.hostsTable.lastSeenTitle": "Vu en dernier",

x-pack/plugins/translations/translations/ja-JP.json

@@ -35588,15 +35588,11 @@
     "xpack.securitySolution.entityAnalytics.header.anomalies": "異常",
     "xpack.securitySolution.entityAnalytics.header.criticalHosts": "重要なホスト",
     "xpack.securitySolution.entityAnalytics.header.criticalUsers": "重要なユーザー",
-    "xpack.securitySolution.entityAnalytics.hostsRiskDashboard.hostsTableTooltip": "ホストリスク表は時間範囲の影響を受けません。この表は、各ホストの最後に記録されたリスクスコアを示します。",
     "xpack.securitySolution.entityAnalytics.hostsRiskDashboard.title": "ホストリスクスコア",
-    "xpack.securitySolution.entityAnalytics.riskDashboard.hostsTableTooltip": "ホストリスクスコアパネルには、リスクのあるホストの一覧と最新のリスクスコアが表示されます。KQL検索バーのグローバルフィルターを使って、この一覧をフィルタリングできます。時間範囲ピッカーフィルターは、選択した時間範囲内のアラートのみを表示し、リスクのあるホストの一覧をフィルタリングしません。",
-    "xpack.securitySolution.entityAnalytics.riskDashboard.usersTableTooltip": "ユーザーリスクスコアパネルには、リスクのあるユーザーの一覧と最新のリスクスコアが表示されます。KQL検索バーのグローバルフィルターを使って、この一覧をフィルタリングできます。時間範囲ピッカーフィルターは、選択した時間範囲内のアラートのみを表示し、リスクのあるユーザーの一覧をフィルタリングしません。",
     "xpack.securitySolution.entityAnalytics.riskDashboard.viewAllLabel": "すべて表示",
     "xpack.securitySolution.entityAnalytics.technicalPreviewLabel": "テクニカルプレビュー",
     "xpack.securitySolution.entityAnalytics.totalLabel": "合計",
     "xpack.securitySolution.entityAnalytics.usersRiskDashboard.title": "ユーザーリスクスコア",
-    "xpack.securitySolution.entityAnalytics.usersRiskDashboard.usersTableTooltip": "ユーザーリスク表は時間範囲の影響を受けません。この表は、各ユーザーの最後に記録されたリスクスコアを示します。",
     "xpack.securitySolution.event.module.linkToElasticEndpointSecurityDescription": "Endpoint Securityで開く",
     "xpack.securitySolution.event.summary.threat_indicator.modal.allMatches": "すべてのインジケーター一致",
     "xpack.securitySolution.event.summary.threat_indicator.modal.close": "閉じる",
@@ -36145,10 +36141,8 @@
     "xpack.securitySolution.hostsRiskTable.hostNameTitle": "ホスト名",
     "xpack.securitySolution.hostsRiskTable.hostRiskScoreTitle": "ホストリスクスコア",
     "xpack.securitySolution.hostsRiskTable.hostRiskTitle": "ホストリスク",
-    "xpack.securitySolution.hostsRiskTable.hostsTableTooltip": "ホストリスク表はKQL時間範囲の影響を受けません。この表は、各ホストの最後に記録されたリスクスコアを示します。",
     "xpack.securitySolution.hostsRiskTable.riskTitle": "ホストリスクレベル",
     "xpack.securitySolution.hostsRiskTable.tableTitle": "ホストリスク",
-    "xpack.securitySolution.hostsRiskTable.usersTableTooltip": "ユーザーリスク表はKQL時間範囲の影響を受けません。この表は、各ユーザーの最後に記録されたリスクスコアを示します。",
     "xpack.securitySolution.hostsTable.firstLastSeenToolTip": "選択された日付範囲との相関付けです",
     "xpack.securitySolution.hostsTable.hostsTitle": "すべてのホスト",
     "xpack.securitySolution.hostsTable.lastSeenTitle": "前回の認識",

x-pack/plugins/translations/translations/zh-CN.json

@@ -35584,15 +35584,11 @@
     "xpack.securitySolution.entityAnalytics.header.anomalies": "异常",
     "xpack.securitySolution.entityAnalytics.header.criticalHosts": "关键主机",
     "xpack.securitySolution.entityAnalytics.header.criticalUsers": "关键用户",
-    "xpack.securitySolution.entityAnalytics.hostsRiskDashboard.hostsTableTooltip": "主机风险表不受时间范围影响。本表显示每台主机最新记录的风险分数。",
     "xpack.securitySolution.entityAnalytics.hostsRiskDashboard.title": "主机风险分数",
-    "xpack.securitySolution.entityAnalytics.riskDashboard.hostsTableTooltip": "“主机风险分数”面板显示有风险主机及其最新风险分数的列表。可以在 KQL 搜索栏中使用全局筛选来筛选此列表。时间范围选取器筛选将仅显示选定时间范围内的告警，并且不筛选有风险主机列表。",
-    "xpack.securitySolution.entityAnalytics.riskDashboard.usersTableTooltip": "“用户风险分数”面板显示有风险用户及其最新风险分数的列表。可以在 KQL 搜索栏中使用全局筛选来筛选此列表。时间范围选取器筛选将仅显示选定时间范围内的告警，并且不筛选有风险用户列表。",
     "xpack.securitySolution.entityAnalytics.riskDashboard.viewAllLabel": "查看全部",
     "xpack.securitySolution.entityAnalytics.technicalPreviewLabel": "技术预览",
     "xpack.securitySolution.entityAnalytics.totalLabel": "合计",
     "xpack.securitySolution.entityAnalytics.usersRiskDashboard.title": "用户风险分数",
-    "xpack.securitySolution.entityAnalytics.usersRiskDashboard.usersTableTooltip": "用户风险表不受时间范围影响。本表显示每个用户最新记录的风险分数。",
     "xpack.securitySolution.event.module.linkToElasticEndpointSecurityDescription": "在 Endpoint Security 中打开",
     "xpack.securitySolution.event.summary.threat_indicator.modal.allMatches": "所有指标匹配",
     "xpack.securitySolution.event.summary.threat_indicator.modal.close": "关闭",
@@ -36141,10 +36137,8 @@
     "xpack.securitySolution.hostsRiskTable.hostNameTitle": "主机名",
     "xpack.securitySolution.hostsRiskTable.hostRiskScoreTitle": "主机风险分数",
     "xpack.securitySolution.hostsRiskTable.hostRiskTitle": "主机风险",
-    "xpack.securitySolution.hostsRiskTable.hostsTableTooltip": "主机风险表不受 KQL 时间范围影响。本表显示每台主机最新记录的风险分数。",
     "xpack.securitySolution.hostsRiskTable.riskTitle": "主机风险级别",
     "xpack.securitySolution.hostsRiskTable.tableTitle": "主机风险",
-    "xpack.securitySolution.hostsRiskTable.usersTableTooltip": "用户风险表不受 KQL 时间范围影响。本表显示每个用户最新记录的风险分数。",
     "xpack.securitySolution.hostsTable.firstLastSeenToolTip": "相对于选定日期范围",
     "xpack.securitySolution.hostsTable.hostsTitle": "所有主机",
     "xpack.securitySolution.hostsTable.lastSeenTitle": "最后看到时间",

x-pack/test/security_solution_cypress/cypress/e2e/explore/dashboards/entity_analytics.cy.ts

@@ -5,6 +5,7 @@
  * 2.0.
  */
 
+import moment from 'moment';
 import { login } from '../../../tasks/login';
 import { visitWithTimeRange } from '../../../tasks/navigation';
 
@@ -47,7 +48,7 @@ import { clickOnFirstHostsAlerts, clickOnFirstUsersAlerts } from '../../../tasks
 import { OPTION_LIST_LABELS, OPTION_LIST_VALUES } from '../../../screens/common/filter_group';
 import { setRowsPerPageTo } from '../../../tasks/table_pagination';
 import { clearSearchBar, kqlSearch } from '../../../tasks/security_header';
-import { setEndDate, setEndDateNow, updateDates } from '../../../tasks/date_picker';
+import { setEndDate, setEndDateNow, updateDates, setStartDate } from '../../../tasks/date_picker';
 import {
   enableJob,
   navigateToNextPage,
@@ -60,7 +61,9 @@ const TEST_USER_ALERTS = 2;
 const TEST_USER_NAME = 'test';
 const SIEM_KIBANA_HOST_ALERTS = 2;
 const SIEM_KIBANA_HOST_NAME = 'siem-kibana';
-const END_DATE = 'Jan 19, 2019 @ 20:33:29.186';
+const DATE_FORMAT = 'MMM D, YYYY @ HH:mm:ss.SSS';
+const DATE_BEFORE_ALERT_CREATION = moment().format(DATE_FORMAT);
+const OLDEST_DATE = moment('2019-01-19T16:22:56.217Z').format(DATE_FORMAT);
 
 describe('Entity Analytics Dashboard', { tags: ['@ess', '@brokenInServerless'] }, () => {
   before(() => {
@@ -201,7 +204,8 @@ describe('Entity Analytics Dashboard', { tags: ['@ess', '@brokenInServerless'] }
         });
 
         it('filters the alerts count with time range', () => {
-          setEndDate(END_DATE);
+          setEndDate(DATE_BEFORE_ALERT_CREATION);
+
           updateDates();
 
           cy.get(HOSTS_TABLE_ALERT_CELL).first().should('include.text', 0);
@@ -289,7 +293,7 @@ describe('Entity Analytics Dashboard', { tags: ['@ess', '@brokenInServerless'] }
         });
 
         it('filters the alerts count with time range', () => {
-          setEndDate(END_DATE);
+          setEndDate(DATE_BEFORE_ALERT_CREATION);
           updateDates();
 
           cy.get(USERS_TABLE_ALERT_CELL).first().should('include.text', 0);
@@ -422,7 +426,7 @@ describe('Entity Analytics Dashboard', { tags: ['@ess', '@brokenInServerless'] }
         });
 
         it('filters the alerts count with time range', () => {
-          setEndDate(END_DATE);
+          setEndDate(DATE_BEFORE_ALERT_CREATION);
           updateDates();
 
           cy.get(HOSTS_TABLE_ALERT_CELL).first().should('include.text', 0);
@@ -432,6 +436,18 @@ describe('Entity Analytics Dashboard', { tags: ['@ess', '@brokenInServerless'] }
           updateDates();
         });
 
+        it('filters risk scores with time range', () => {
+          const now = moment().format(DATE_FORMAT);
+          setStartDate(now);
+          updateDates();
+
+          cy.get(HOST_RISK_SCORE_NO_DATA_DETECTED).should('be.visible');
+
+          // CLEAR DATES
+          setStartDate(OLDEST_DATE);
+          updateDates();
+        });
+
         it('opens alerts page when alerts count is clicked', () => {
           clickOnFirstHostsAlerts();
           cy.url().should('include', ALERTS_URL);
@@ -515,7 +531,7 @@ describe('Entity Analytics Dashboard', { tags: ['@ess', '@brokenInServerless'] }
         });
 
         it('filters the alerts count with time range', () => {
-          setEndDate(END_DATE);
+          setEndDate(DATE_BEFORE_ALERT_CREATION);
           updateDates();
 
           cy.get(USERS_TABLE_ALERT_CELL).first().should('include.text', 0);
@@ -525,6 +541,18 @@ describe('Entity Analytics Dashboard', { tags: ['@ess', '@brokenInServerless'] }
           updateDates();
         });
 
+        it('filters risk scores with time range', () => {
+          const now = moment().format(DATE_FORMAT);
+          setStartDate(now);
+          updateDates();
+
+          cy.get(USER_RISK_SCORE_NO_DATA_DETECTED).should('be.visible');
+
+          // CLEAR DATES
+          setStartDate(OLDEST_DATE);
+          updateDates();
+        });
+
         it('opens alerts page when alerts count is clicked', () => {
           clickOnFirstUsersAlerts();
 

x-pack/test/security_solution_cypress/cypress/e2e/explore/hosts/host_risk_tab.cy.ts

@@ -49,9 +49,10 @@ describe('risk tab', { tags: ['@ess', '@serverless'] }, () => {
 
     it('renders the table', () => {
       kqlSearch('host.name: "siem-kibana" {enter}');
-      cy.get(HOST_BY_RISK_TABLE_CELL).eq(3).should('have.text', 'siem-kibana');
-      cy.get(HOST_BY_RISK_TABLE_CELL).eq(4).should('have.text', '21');
-      cy.get(HOST_BY_RISK_TABLE_CELL).eq(5).should('have.text', 'Low');
+      cy.get(HOST_BY_RISK_TABLE_CELL).eq(4).should('have.text', 'siem-kibana');
+      cy.get(HOST_BY_RISK_TABLE_CELL).eq(5).should('have.text', 'Mar 10, 2021 @ 14:51:05.766');
+      cy.get(HOST_BY_RISK_TABLE_CELL).eq(6).should('have.text', '21');
+      cy.get(HOST_BY_RISK_TABLE_CELL).eq(7).should('have.text', 'Low');
     });
 
     it.skip('filters the table', () => {
@@ -99,9 +100,10 @@ describe('risk tab', { tags: ['@ess', '@serverless'] }, () => {
 
     it('renders the table', () => {
       kqlSearch('host.name: "siem-kibana" {enter}');
-      cy.get(HOST_BY_RISK_TABLE_CELL).eq(3).should('have.text', 'siem-kibana');
-      cy.get(HOST_BY_RISK_TABLE_CELL).eq(4).should('have.text', '90');
-      cy.get(HOST_BY_RISK_TABLE_CELL).eq(5).should('have.text', 'Critical');
+      cy.get(HOST_BY_RISK_TABLE_CELL).eq(4).should('have.text', 'siem-kibana');
+      cy.get(HOST_BY_RISK_TABLE_CELL).eq(5).should('have.text', 'Mar 10, 2021 @ 14:51:05.766');
+      cy.get(HOST_BY_RISK_TABLE_CELL).eq(6).should('have.text', '90');
+      cy.get(HOST_BY_RISK_TABLE_CELL).eq(7).should('have.text', 'Critical');
     });
 
     it.skip('filters the table', () => {

x-pack/test/security_solution_cypress/cypress/e2e/inspect/inspect_button.cy.ts

@@ -17,7 +17,7 @@ import {
   openTableInspectModal,
 } from '../../tasks/inspect';
 import { login } from '../../tasks/login';
-import { visit } from '../../tasks/navigation';
+import { visitWithTimeRange } from '../../tasks/navigation';
 import { postDataView, waitForWelcomePanelToBeLoaded } from '../../tasks/common';
 import { selectDataView } from '../../tasks/sourcerer';
 
@@ -46,7 +46,7 @@ describe('Inspect Explore pages', { tags: ['@ess', '@serverless', '@brokenInServ
     it(`inspect ${pageName} page`, () => {
       login();
 
-      visit(url, {
+      visitWithTimeRange(url, {
         visitOptions: {
           onLoad: () => {
             waitForWelcomePanelToBeLoaded();

x-pack/test/security_solution_cypress/cypress/screens/inspect.ts

@@ -86,7 +86,6 @@ export const INSPECT_BUTTONS_IN_SECURITY: InspectButtonMetadata[] = [
         altInspectId: '[data-test-subj="events-viewer-panel"]',
         id: EVENT_CONTAINER_TABLE_NOT_LOADING,
       },
-
       {
         title: 'Host risk',
         tab: RISK_DETAILS_NAV,