[Entity Store v2] Add helpers required for ID based risk scoring#253826
Merged
hop-dev merged 5 commits intoelastic:mainfrom Feb 19, 2026
Merged
[Entity Store v2] Add helpers required for ID based risk scoring#253826hop-dev merged 5 commits intoelastic:mainfrom
hop-dev merged 5 commits intoelastic:mainfrom
Conversation
hop-dev
commented
Feb 18, 2026
hop-dev
commented
Feb 18, 2026
hop-dev
commented
Feb 18, 2026
romulets
reviewed
Feb 19, 2026
hop-dev
added
release_note:skip
Contributor
|
Pinging @elastic/security-entity-analytics (Team:Entity Analytics) |
romulets
approved these changes
Feb 19, 2026
Contributor
💛 Build succeeded, but was flaky
Failed CI StepsTest Failures
Metrics [docs]Module Count
Public APIs missing comments
History
cc @hop-dev |
ersin-erdal
pushed a commit
to ersin-erdal/kibana
that referenced
this pull request
Feb 19, 2026
…stic#253826) ## Summary These are the utils I added as part of developing ID based risk scoring (the PR for that is not ready yet). - Added `getEuidPainlessRuntimeMapping(entityType)` for a ready-to-use runtime_mappings field - Added `getEuidSourceFields(entityType)` to expose: - `requiresOneOf` - minimum EUID field requirements to allow filtering down docs to just those with the right ID fields - deduped `identitySourceFields` used to build EUIDs - allows maintainers to bring back the ID fields needed to upsert an entity - Updated unit tests & the Scout API painless translation test to use the new runtime mapping helper directly
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
These are the utils I added as part of developing ID based risk scoring (the PR for that is not ready yet).
Added
getEuidPainlessRuntimeMapping(entityType)for a ready-to-use runtime_mappings fieldAdded
getEuidSourceFields(entityType)to expose:requiresOneOf- minimum EUID field requirements to allow filtering down docs to just those with the right ID fieldsidentitySourceFieldsused to build EUIDs - allows maintainers to bring back the ID fields needed to upsert an entityUpdated unit tests & the Scout API painless translation test to use the new runtime mapping helper directly