[Entity Analytics] Migrate explore pages (hosts/users) to use EUID #255428

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged

YulNaumenko merged 28 commits into elastic:main from YulNaumenko:migrate-explore-euid-pr2-explore

Apr 2, 2026

x-pack/platform/plugins/private/translations/translations/de-DE.json

-Original file line number
+Diff line change
@@ Expand Up / @@ -35820,7 +35820,6 @@ @@
         "xpack.securitySolution.entityAnalytics.entityStore.entitiesList.tableTitle": "Entitäten",
         "xpack.securitySolution.entityAnalytics.entityStore.entitiesList.tableTooltip": "Es kann einige Minuten dauern, bis Entitätsdaten angezeigt werden",
         "xpack.securitySolution.entityAnalytics.entityStore.entitySource.filterTitle": "Quelle",
-        "xpack.securitySolution.entityAnalytics.entityStore.helpers.sourceField.criticalityDescription": "Kritikalität von Assets",
         "xpack.securitySolution.entityAnalytics.entityStore.helpers.sourceField.eventDescription": "Ereignisse",
         "xpack.securitySolution.entityAnalytics.entityStore.helpers.sourceField.riskDescription": "Risiko",
         "xpack.securitySolution.entityAnalytics.header.anomalies": "Anomalien",
@@ Expand Down @@

x-pack/platform/plugins/private/translations/translations/fr-FR.json

-Original file line number
+Diff line change
@@ Expand Up / @@ -36198,7 +36198,6 @@ @@
         "xpack.securitySolution.entityAnalytics.entityStore.entitiesList.tableTitle": "Entités",
         "xpack.securitySolution.entityAnalytics.entityStore.entitiesList.tableTooltip": "L’affichage des données d'entité peut prendre quelques minutes",
         "xpack.securitySolution.entityAnalytics.entityStore.entitySource.filterTitle": "Source",
-        "xpack.securitySolution.entityAnalytics.entityStore.helpers.sourceField.criticalityDescription": "Criticité des ressources",
         "xpack.securitySolution.entityAnalytics.entityStore.helpers.sourceField.eventDescription": "Événements",
         "xpack.securitySolution.entityAnalytics.entityStore.helpers.sourceField.riskDescription": "Risque",
         "xpack.securitySolution.entityAnalytics.header.anomalies": "Anomalies",
@@ Expand Down @@

x-pack/platform/plugins/private/translations/translations/ja-JP.json

-Original file line number
+Diff line change
@@ Expand Up / @@ -36253,7 +36253,6 @@ @@
         "xpack.securitySolution.entityAnalytics.entityStore.entitiesList.tableTitle": "エンティティ",
         "xpack.securitySolution.entityAnalytics.entityStore.entitiesList.tableTooltip": "エンティティデータが表示されるまでに数分かかる場合があります",
         "xpack.securitySolution.entityAnalytics.entityStore.entitySource.filterTitle": "送信元",
-        "xpack.securitySolution.entityAnalytics.entityStore.helpers.sourceField.criticalityDescription": "アセット重要度",
         "xpack.securitySolution.entityAnalytics.entityStore.helpers.sourceField.eventDescription": "イベント",
         "xpack.securitySolution.entityAnalytics.entityStore.helpers.sourceField.riskDescription": "リスク",
         "xpack.securitySolution.entityAnalytics.header.anomalies": "異常",
@@ Expand Down @@

x-pack/platform/plugins/private/translations/translations/zh-CN.json

-Original file line number
+Diff line change
@@ Expand Up / @@ -36233,7 +36233,6 @@ @@
         "xpack.securitySolution.entityAnalytics.entityStore.entitiesList.tableTitle": "实体",
         "xpack.securitySolution.entityAnalytics.entityStore.entitiesList.tableTooltip": "实体数据可能需要几分钟才能显示",
         "xpack.securitySolution.entityAnalytics.entityStore.entitySource.filterTitle": "源",
-        "xpack.securitySolution.entityAnalytics.entityStore.helpers.sourceField.criticalityDescription": "资产关键度",
         "xpack.securitySolution.entityAnalytics.entityStore.helpers.sourceField.eventDescription": "事件",
         "xpack.securitySolution.entityAnalytics.entityStore.helpers.sourceField.riskDescription": "风险",
         "xpack.securitySolution.entityAnalytics.header.anomalies": "异常",
@@ Expand Down @@

...y_solution/common/entity_analytics/entity_store/sanitize_entity_record_for_upsert.test.ts

-Original file line number
+Diff line change
@@ -0,0 +1,117 @@
+    /*
+     * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+     * or more contributor license agreements. Licensed under the Elastic License
+     * 2.0; you may not use this file except in compliance with the Elastic License
+     * 2.0.
+     */
+    import { z } from '@kbn/zod/v4';
+    import type { HostEntity } from '../../api/entity_analytics/entity_store/entities/common.gen';
+    import { UpsertEntitiesBulkRequestBody } from '../../api/entity_analytics/entity_store/entities/upsert_entities_bulk.gen';
+    import {
+      preprocessUpsertEntitiesBulkRequestBody,
+      sanitizeEntityRecordForUpsert,
+    } from './sanitize_entity_record_for_upsert';
+    const bulkBodySchema = z.preprocess(
+      preprocessUpsertEntitiesBulkRequestBody,
+      UpsertEntitiesBulkRequestBody
+    );
+    describe('sanitize_entity_record_for_upsert', () => {
+      it('coerces host.risk.inputs object to array and notes string to array', () => {
+        const record = {
+          entity: {
+            id: 'host:test',
+            type: 'host',
+            attributes: { watchlists: ['wl-1'], asset: true },
+            behaviors: { rule_names: ['a'], brute_force_victim: true },
+            relationships: {
+              communicates_with: ['host:a'],
+              resolution: { risk: { calculated_level: 'Low' } },
+            },
+          },
+          host: {
+            name: 'h1',
+            risk: {
+              '@timestamp': '2026-03-28T01:41:12.286Z',
+              id_field: 'host.name',
+              id_value: 'h1',
+              calculated_level: 'Moderate',
+              calculated_score: 42.5,
+              calculated_score_norm: 55,
+              category_1_score: 30,
+              category_1_count: 3,
+              inputs: {
+                id: 'alert-1',
+                index: '.alerts',
+                category: 'category_1',
+                description: 'demo',
+                risk_score: 65,
+                timestamp: '2026-03-28T01:41:12.286Z',
+                contribution_score: 12,
+              },
+              notes: 'one note',
+              criticality_level: 'medium_impact',
+            },
+          },
+          event: { ingested: '2026-03-28T01:41:12.286Z' },
+        };
+        const out = sanitizeEntityRecordForUpsert(record as never);
+        expect(
+          (out as { host?: { risk?: { inputs?: unknown; notes?: unknown } } }).host?.risk?.inputs
+        ).toEqual([
+          {
+            id: 'alert-1',
+            index: '.alerts',
+            category: 'category_1',
+            description: 'demo',
+            risk_score: 65,
+            timestamp: '2026-03-28T01:41:12.286Z',
+            contribution_score: 12,
+          },
+        ]);
+        expect((out as { host?: { risk?: { notes?: string[] } } }).host?.risk?.notes).toEqual([
+          'one note',
+        ]);
+        expect(
+          (out as { entity?: { attributes?: { watchlists?: unknown } } }).entity?.attributes
+        ).toEqual({
+          asset: true,
+        });
+        expect(
+          (out as { entity?: { behaviors?: { rule_names?: unknown; brute_force_victim?: boolean } } })
+            .entity?.behaviors
+        ).toEqual({ brute_force_victim: true });
+        expect(
+          (
+            out as {
+              entity?: { relationships?: { communicates_with?: string[]; resolution?: unknown } };
+            }
+          ).entity?.relationships
+        ).toEqual({ communicates_with: ['host:a'] });
+      });
+      it('accepts bulk body with doc instead of record after preprocess + Zod', () => {
+        const raw = {
+          entities: [
+            {
+              type: 'host',
+              doc: {
+                entity: { id: 'host:x', type: 'host' },
+                host: { name: 'host-a' },
+              },
+            },
+          ],
+        };
+        const parsed = bulkBodySchema.safeParse(raw);
+        expect(parsed.success).toBe(true);
+        if (parsed.success) {
+          const record = parsed.data.entities[0].record as HostEntity;
+          expect(record.host?.name).toBe('host-a');
+        }
+      });
+    });

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Entity Analytics] Migrate explore pages (hosts/users) to use EUID #255428

Uh oh!

Diff view

Diff view

There are no files selected for viewing

Uh oh!

Uh oh!