[Entity Analytics] Explore - Removing link to details page for entities in the entity store#265132
Merged
ymao1 merged 3 commits intoelastic:mainfrom Apr 23, 2026
Merged
[Entity Analytics] Explore - Removing link to details page for entities in the entity store#265132ymao1 merged 3 commits intoelastic:mainfrom
ymao1 merged 3 commits intoelastic:mainfrom
Conversation
ymao1
changed the title
ymao1
added
release_note:skip
ymao1
changed the title
Contributor
💚 Build Succeeded
Metrics [docs]Async chunks
History
cc @ymao1 |
Contributor
|
Pinging @elastic/security-entity-analytics (Team:Entity Analytics) |
CAWilson94
approved these changes
Apr 23, 2026
Contributor
|
Starting backport for target branches: 9.4 https://github.com/elastic/kibana/actions/runs/24835336549 |
Contributor
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
kibanamachine
added a commit
that referenced
this pull request
Apr 23, 2026
…entities in the entity store (#265132) (#265279) # Backport This will backport the following commits from `main` to `9.4`: - [[Entity Analytics] Explore - Removing link to details page for entities in the entity store (#265132)](#265132) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Ying Mao","email":"ying.mao@elastic.co"},"sourceCommit":{"committedDate":"2026-04-23T12:31:14Z","message":"[Entity Analytics] Explore - Removing link to details page for entities in the entity store (#265132)\n\n## Summary\n\nThis PR removes the link to the user/host details page for entities in\nthe entity store\n\n* On the Explore pages, any link that used to go to user/host details\npage will now open the user/host flyout.\n* On the user/host flyout, if the entity IS in the entity store, the\nname will no longer link to the user details page\n* On the user/host flyout, if the entity IS NOT in the entity store,\nclicking the name will still open the user/host details page based on\nentity name.\n\n## To Verify\n\n1. Start ES and Kibana with all the V2 entity store feature flags\n2. Add data using `yarn start org-data`. Pick a medium sized org,\ndefault productivity suite, no detection rules\n3. Navigate to the entity analytics homepage and wait a little bit. You\nshould see entities show up after a short wait.\n4. Navigate to Explore -> Users and click on the \"All Users\" tab. Click\non a user. You should see the user flyout open. The flyout title should\nnot be clickable.\n5. Navigate to Explore -> Hosts and click on the \"All Hosts\" tab. Click\non a host. You should see the host flyout open. The flyout title should\nnot be clickable.\n6. Open an entity flyout from the entity analytics homepage. These\nflyouts should not have clickable titles.\n7. Generate some alerts and find a user on the alerts table that is not\nin the entity store. You should see the user flyout open. The flyout\ntitle SHOULD be clickable and open the user details page in a new tab.\n\n\n\nhttps://github.com/user-attachments/assets/22b7ff3b-ee69-4b24-9f2b-d1438527084d","sha":"43b0a5f332e5736564d32d515e3a4e559e5fd7ee","branchLabelMapping":{"^v9.5.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:Entity Analytics","backport:version","v9.4.0","v9.5.0"],"title":"[Entity Analytics] Explore - Removing link to details page for entities in the entity store","number":265132,"url":"https://github.com/elastic/kibana/pull/265132","mergeCommit":{"message":"[Entity Analytics] Explore - Removing link to details page for entities in the entity store (#265132)\n\n## Summary\n\nThis PR removes the link to the user/host details page for entities in\nthe entity store\n\n* On the Explore pages, any link that used to go to user/host details\npage will now open the user/host flyout.\n* On the user/host flyout, if the entity IS in the entity store, the\nname will no longer link to the user details page\n* On the user/host flyout, if the entity IS NOT in the entity store,\nclicking the name will still open the user/host details page based on\nentity name.\n\n## To Verify\n\n1. Start ES and Kibana with all the V2 entity store feature flags\n2. Add data using `yarn start org-data`. Pick a medium sized org,\ndefault productivity suite, no detection rules\n3. Navigate to the entity analytics homepage and wait a little bit. You\nshould see entities show up after a short wait.\n4. Navigate to Explore -> Users and click on the \"All Users\" tab. Click\non a user. You should see the user flyout open. The flyout title should\nnot be clickable.\n5. Navigate to Explore -> Hosts and click on the \"All Hosts\" tab. Click\non a host. You should see the host flyout open. The flyout title should\nnot be clickable.\n6. Open an entity flyout from the entity analytics homepage. These\nflyouts should not have clickable titles.\n7. Generate some alerts and find a user on the alerts table that is not\nin the entity store. You should see the user flyout open. The flyout\ntitle SHOULD be clickable and open the user details page in a new tab.\n\n\n\nhttps://github.com/user-attachments/assets/22b7ff3b-ee69-4b24-9f2b-d1438527084d","sha":"43b0a5f332e5736564d32d515e3a4e559e5fd7ee"}},"sourceBranch":"main","suggestedTargetBranches":["9.4"],"targetPullRequestStates":[{"branch":"9.4","label":"v9.4.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.5.0","branchLabelMappingKey":"^v9.5.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/265132","number":265132,"mergeCommit":{"message":"[Entity Analytics] Explore - Removing link to details page for entities in the entity store (#265132)\n\n## Summary\n\nThis PR removes the link to the user/host details page for entities in\nthe entity store\n\n* On the Explore pages, any link that used to go to user/host details\npage will now open the user/host flyout.\n* On the user/host flyout, if the entity IS in the entity store, the\nname will no longer link to the user details page\n* On the user/host flyout, if the entity IS NOT in the entity store,\nclicking the name will still open the user/host details page based on\nentity name.\n\n## To Verify\n\n1. Start ES and Kibana with all the V2 entity store feature flags\n2. Add data using `yarn start org-data`. Pick a medium sized org,\ndefault productivity suite, no detection rules\n3. Navigate to the entity analytics homepage and wait a little bit. You\nshould see entities show up after a short wait.\n4. Navigate to Explore -> Users and click on the \"All Users\" tab. Click\non a user. You should see the user flyout open. The flyout title should\nnot be clickable.\n5. Navigate to Explore -> Hosts and click on the \"All Hosts\" tab. Click\non a host. You should see the host flyout open. The flyout title should\nnot be clickable.\n6. Open an entity flyout from the entity analytics homepage. These\nflyouts should not have clickable titles.\n7. Generate some alerts and find a user on the alerts table that is not\nin the entity store. You should see the user flyout open. The flyout\ntitle SHOULD be clickable and open the user details page in a new tab.\n\n\n\nhttps://github.com/user-attachments/assets/22b7ff3b-ee69-4b24-9f2b-d1438527084d","sha":"43b0a5f332e5736564d32d515e3a4e559e5fd7ee"}}]}] BACKPORT--> Co-authored-by: Ying Mao <ying.mao@elastic.co>
smith
pushed a commit
to smith/kibana
that referenced
this pull request
Apr 23, 2026
…es in the entity store (elastic#265132) ## Summary This PR removes the link to the user/host details page for entities in the entity store * On the Explore pages, any link that used to go to user/host details page will now open the user/host flyout. * On the user/host flyout, if the entity IS in the entity store, the name will no longer link to the user details page * On the user/host flyout, if the entity IS NOT in the entity store, clicking the name will still open the user/host details page based on entity name. ## To Verify 1. Start ES and Kibana with all the V2 entity store feature flags 2. Add data using `yarn start org-data`. Pick a medium sized org, default productivity suite, no detection rules 3. Navigate to the entity analytics homepage and wait a little bit. You should see entities show up after a short wait. 4. Navigate to Explore -> Users and click on the "All Users" tab. Click on a user. You should see the user flyout open. The flyout title should not be clickable. 5. Navigate to Explore -> Hosts and click on the "All Hosts" tab. Click on a host. You should see the host flyout open. The flyout title should not be clickable. 6. Open an entity flyout from the entity analytics homepage. These flyouts should not have clickable titles. 7. Generate some alerts and find a user on the alerts table that is not in the entity store. You should see the user flyout open. The flyout title SHOULD be clickable and open the user details page in a new tab. https://github.com/user-attachments/assets/22b7ff3b-ee69-4b24-9f2b-d1438527084d
rbrtj
pushed a commit
to walterra/kibana
that referenced
this pull request
Apr 27, 2026
…es in the entity store (elastic#265132) ## Summary This PR removes the link to the user/host details page for entities in the entity store * On the Explore pages, any link that used to go to user/host details page will now open the user/host flyout. * On the user/host flyout, if the entity IS in the entity store, the name will no longer link to the user details page * On the user/host flyout, if the entity IS NOT in the entity store, clicking the name will still open the user/host details page based on entity name. ## To Verify 1. Start ES and Kibana with all the V2 entity store feature flags 2. Add data using `yarn start org-data`. Pick a medium sized org, default productivity suite, no detection rules 3. Navigate to the entity analytics homepage and wait a little bit. You should see entities show up after a short wait. 4. Navigate to Explore -> Users and click on the "All Users" tab. Click on a user. You should see the user flyout open. The flyout title should not be clickable. 5. Navigate to Explore -> Hosts and click on the "All Hosts" tab. Click on a host. You should see the host flyout open. The flyout title should not be clickable. 6. Open an entity flyout from the entity analytics homepage. These flyouts should not have clickable titles. 7. Generate some alerts and find a user on the alerts table that is not in the entity store. You should see the user flyout open. The flyout title SHOULD be clickable and open the user details page in a new tab. https://github.com/user-attachments/assets/22b7ff3b-ee69-4b24-9f2b-d1438527084d
SoniaSanzV
pushed a commit
to SoniaSanzV/kibana
that referenced
this pull request
Apr 27, 2026
…es in the entity store (elastic#265132) ## Summary This PR removes the link to the user/host details page for entities in the entity store * On the Explore pages, any link that used to go to user/host details page will now open the user/host flyout. * On the user/host flyout, if the entity IS in the entity store, the name will no longer link to the user details page * On the user/host flyout, if the entity IS NOT in the entity store, clicking the name will still open the user/host details page based on entity name. ## To Verify 1. Start ES and Kibana with all the V2 entity store feature flags 2. Add data using `yarn start org-data`. Pick a medium sized org, default productivity suite, no detection rules 3. Navigate to the entity analytics homepage and wait a little bit. You should see entities show up after a short wait. 4. Navigate to Explore -> Users and click on the "All Users" tab. Click on a user. You should see the user flyout open. The flyout title should not be clickable. 5. Navigate to Explore -> Hosts and click on the "All Hosts" tab. Click on a host. You should see the host flyout open. The flyout title should not be clickable. 6. Open an entity flyout from the entity analytics homepage. These flyouts should not have clickable titles. 7. Generate some alerts and find a user on the alerts table that is not in the entity store. You should see the user flyout open. The flyout title SHOULD be clickable and open the user details page in a new tab. https://github.com/user-attachments/assets/22b7ff3b-ee69-4b24-9f2b-d1438527084d
ymao1
added a commit
that referenced
this pull request
Apr 29, 2026
…user/host flyout (#265887) ## Summary This PR addresses 2 items: * Updates the click behavior in the User Risk and Host Risk tabs on the User/Host Explore pages to open in a flyout instead of redirecting to the details page. This tab was missed in the first PR: #265132. * Audits usages of `documentEntityIdentifiers` in the User and Host right flyouts. These identifiers are generated [here (user)](https://github.com/elastic/kibana/blob/1b2ff3f8bb198c259a5155f1bf486f6e4e084078/x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/user_right/index.tsx#L112) and [here (host)](https://github.com/elastic/kibana/blob/1b2ff3f8bb198c259a5155f1bf486f6e4e084078/x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/host_right/index.tsx#L110) and used throughout the flyouts in the EUID `getEuidFilterBasedOnDocument` helper function, however, the document identifiers for user are incorrect as they return an `entity.namespace` field that exists in the entity store but does not exist in any source log/alert document. This PR replaces the input to `getEuidFilterBasedOnDocument` from the `documentEntityIdentifiers` to the full entity store record to ensure that a correct EUID filter is generated for queries against source documents. **User Risk/Host Risk tab click behavior** https://github.com/user-attachments/assets/39049641-91b5-457e-a859-4bf2783aae48 --------- Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
ymao1
added a commit
that referenced
this pull request
Apr 29, 2026
…s` in user/host flyout (#265887) (#266439) # Backport This will backport the following commits from `main` to `9.4`: - [[Entity Analytics] Auditing usages of `documentEntityIdentifiers` in user/host flyout (#265887)](#265887) <!--- Backport version: 11.0.2 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Ying Mao","email":"ying.mao@elastic.co"},"sourceCommit":{"committedDate":"2026-04-29T14:38:06Z","message":"[Entity Analytics] Auditing usages of `documentEntityIdentifiers` in user/host flyout (#265887)\n\n## Summary\n\nThis PR addresses 2 items:\n* Updates the click behavior in the User Risk and Host Risk tabs on the\nUser/Host Explore pages to open in a flyout instead of redirecting to\nthe details page. This tab was missed in the first PR:\nhttps://github.com//pull/265132.\n* Audits usages of `documentEntityIdentifiers` in the User and Host\nright flyouts. These identifiers are generated [here\n(user)](https://github.com/elastic/kibana/blob/1b2ff3f8bb198c259a5155f1bf486f6e4e084078/x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/user_right/index.tsx#L112)\nand [here\n(host)](https://github.com/elastic/kibana/blob/1b2ff3f8bb198c259a5155f1bf486f6e4e084078/x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/host_right/index.tsx#L110)\nand used throughout the flyouts in the EUID\n`getEuidFilterBasedOnDocument` helper function, however, the document\nidentifiers for user are incorrect as they return an `entity.namespace`\nfield that exists in the entity store but does not exist in any source\nlog/alert document. This PR replaces the input to\n`getEuidFilterBasedOnDocument` from the `documentEntityIdentifiers` to\nthe full entity store record to ensure that a correct EUID filter is\ngenerated for queries against source documents.\n\n**User Risk/Host Risk tab click behavior**\n\n\nhttps://github.com/user-attachments/assets/39049641-91b5-457e-a859-4bf2783aae48\n\n---------\n\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"812ff1b1338bc7434d1bc55835e25b81b823848b","branchLabelMapping":{"^v9.5.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:Entity Analytics","backport:version","v9.4.0","v9.5.0"],"title":"[Entity Analytics] Auditing usages of `documentEntityIdentifiers` in user/host flyout","number":265887,"url":"https://github.com/elastic/kibana/pull/265887","mergeCommit":{"message":"[Entity Analytics] Auditing usages of `documentEntityIdentifiers` in user/host flyout (#265887)\n\n## Summary\n\nThis PR addresses 2 items:\n* Updates the click behavior in the User Risk and Host Risk tabs on the\nUser/Host Explore pages to open in a flyout instead of redirecting to\nthe details page. This tab was missed in the first PR:\nhttps://github.com//pull/265132.\n* Audits usages of `documentEntityIdentifiers` in the User and Host\nright flyouts. These identifiers are generated [here\n(user)](https://github.com/elastic/kibana/blob/1b2ff3f8bb198c259a5155f1bf486f6e4e084078/x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/user_right/index.tsx#L112)\nand [here\n(host)](https://github.com/elastic/kibana/blob/1b2ff3f8bb198c259a5155f1bf486f6e4e084078/x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/host_right/index.tsx#L110)\nand used throughout the flyouts in the EUID\n`getEuidFilterBasedOnDocument` helper function, however, the document\nidentifiers for user are incorrect as they return an `entity.namespace`\nfield that exists in the entity store but does not exist in any source\nlog/alert document. This PR replaces the input to\n`getEuidFilterBasedOnDocument` from the `documentEntityIdentifiers` to\nthe full entity store record to ensure that a correct EUID filter is\ngenerated for queries against source documents.\n\n**User Risk/Host Risk tab click behavior**\n\n\nhttps://github.com/user-attachments/assets/39049641-91b5-457e-a859-4bf2783aae48\n\n---------\n\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"812ff1b1338bc7434d1bc55835e25b81b823848b"}},"sourceBranch":"main","suggestedTargetBranches":["9.4"],"targetPullRequestStates":[{"branch":"9.4","label":"v9.4.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.5.0","branchLabelMappingKey":"^v9.5.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/265887","number":265887,"mergeCommit":{"message":"[Entity Analytics] Auditing usages of `documentEntityIdentifiers` in user/host flyout (#265887)\n\n## Summary\n\nThis PR addresses 2 items:\n* Updates the click behavior in the User Risk and Host Risk tabs on the\nUser/Host Explore pages to open in a flyout instead of redirecting to\nthe details page. This tab was missed in the first PR:\nhttps://github.com//pull/265132.\n* Audits usages of `documentEntityIdentifiers` in the User and Host\nright flyouts. These identifiers are generated [here\n(user)](https://github.com/elastic/kibana/blob/1b2ff3f8bb198c259a5155f1bf486f6e4e084078/x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/user_right/index.tsx#L112)\nand [here\n(host)](https://github.com/elastic/kibana/blob/1b2ff3f8bb198c259a5155f1bf486f6e4e084078/x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/host_right/index.tsx#L110)\nand used throughout the flyouts in the EUID\n`getEuidFilterBasedOnDocument` helper function, however, the document\nidentifiers for user are incorrect as they return an `entity.namespace`\nfield that exists in the entity store but does not exist in any source\nlog/alert document. This PR replaces the input to\n`getEuidFilterBasedOnDocument` from the `documentEntityIdentifiers` to\nthe full entity store record to ensure that a correct EUID filter is\ngenerated for queries against source documents.\n\n**User Risk/Host Risk tab click behavior**\n\n\nhttps://github.com/user-attachments/assets/39049641-91b5-457e-a859-4bf2783aae48\n\n---------\n\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"812ff1b1338bc7434d1bc55835e25b81b823848b"}}]}] BACKPORT-->
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR removes the link to the user/host details page for entities in the entity store
To Verify
yarn start org-data. Pick a medium sized org, default productivity suite, no detection rulesScreen.Recording.2026-04-22.at.2.55.37.PM.mov