diff --git a/src/platform/plugins/shared/discover/public/context_awareness/profile_providers/security/constants.ts b/src/platform/plugins/shared/discover/public/context_awareness/profile_providers/security/constants.ts
index 09b2a3e1a5bb8..38e5f1ed1974e 100644
--- a/src/platform/plugins/shared/discover/public/context_awareness/profile_providers/security/constants.ts
+++ b/src/platform/plugins/shared/discover/public/context_awareness/profile_providers/security/constants.ts
@@ -19,9 +19,14 @@ export const SIGNAL_RULE_NAME_FIELD_NAME = 'kibana.alert.rule.name';
 export const LEGACY_SIGNAL_RULE_NAME_FIELD_NAME = 'signal.rule.name';
 export const ALERT_WORKFLOW_STATUS_FIELD_NAME = 'kibana.alert.workflow_status';
 
+export const HOST_NAME_FIELD = 'host.name';
+export const HOST_HOSTNAME_FIELD = 'host.hostname';
+
 // Also see: x-pack/solutions/security/plugins/security_solution/public/one_discover/cell_renderers/cell_renderers.tsx
 export const ALLOWED_CELL_RENDER_FIELDS = [
   ALERT_WORKFLOW_STATUS_FIELD_NAME,
   SIGNAL_RULE_NAME_FIELD_NAME,
   LEGACY_SIGNAL_RULE_NAME_FIELD_NAME,
+  HOST_NAME_FIELD,
+  HOST_HOSTNAME_FIELD,
 ];
diff --git a/x-pack/solutions/security/plugins/security_solution/public/agent_builder/components/entity_card_flyout_overview_canvas.tsx b/x-pack/solutions/security/plugins/security_solution/public/agent_builder/components/entity_card_flyout_overview_canvas.tsx
index 4c61a7b5165a0..1d0a7ce794b67 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/agent_builder/components/entity_card_flyout_overview_canvas.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/agent_builder/components/entity_card_flyout_overview_canvas.tsx
@@ -35,9 +35,9 @@ import {
   type RiskStats,
 } from '../../../common/search_strategy';
 import { useUiSetting, useKibana } from '../../common/lib/kibana';
-import { HostPanelContent } from '../../flyout/entity_details/host_right/content';
-import { HostPanelHeader } from '../../flyout/entity_details/host_right/header';
-import { useObservedHost } from '../../flyout/entity_details/host_right/hooks/use_observed_host';
+import { Content as HostPanelContent } from '../../flyout_v2/entity/host/main/content';
+import { Header as HostPanelHeader } from '../../flyout_v2/entity/host/main/header';
+import { useObservedHost } from '../../flyout_v2/entity/host/main/hooks/use_observed_host';
 import { EntityType } from '../../../common/entity_analytics/types';
 import {
   buildRiskScoreStateFromEntityRecord,
@@ -49,8 +49,9 @@ import {
   mergeLegacyIdentityWhenStoreEntityMissing,
   type IdentityFields,
 } from '../../flyout/document_details/shared/utils';
-import { HOST_PANEL_RISK_SCORE_QUERY_ID } from '../../flyout/entity_details/host_right/constants';
+import { HOST_PANEL_RISK_SCORE_QUERY_ID } from '../../flyout_v2/entity/host/main/constants';
 import { FlyoutBody } from '../../flyout/shared/components/flyout_body';
+import { FlyoutHeader } from '../../flyout/shared/components/flyout_header';
 import {
   useEntityPanelTabs,
   TABLE_TAB_ID,
@@ -464,19 +465,21 @@ const HostEntityFlyoutOverviewCanvas: React.FC<{
 
   return (
     <>
-      <HostPanelHeader
-        hostName={hostName}
-        lastSeen={observedHost.lastSeen}
-        entityId={panelDisplayEntityId}
-        identityFields={documentEntityIdentifiers}
-        isEntityInStore={!!observedHost.entityRecord}
-        riskLevel={
-          observedHost.entityRecord
-            ? ((getRiskFromEntityRecord(observedHost.entityRecord)?.calculated_level ??
-                'Unknown') as RiskSeverity)
-            : undefined
-        }
-      />
+      <FlyoutHeader>
+        <HostPanelHeader
+          hostName={hostName}
+          lastSeen={observedHost.lastSeen}
+          entityId={panelDisplayEntityId}
+          identityFields={documentEntityIdentifiers}
+          isEntityInStore={!!observedHost.entityRecord}
+          riskLevel={
+            observedHost.entityRecord
+              ? ((getRiskFromEntityRecord(observedHost.entityRecord)?.calculated_level ??
+                  'Unknown') as RiskSeverity)
+              : undefined
+          }
+        />
+      </FlyoutHeader>
       <FlyoutBody>
         {observedHost.entityRecord && (
           <EntitySummaryGrid
diff --git a/x-pack/solutions/security/plugins/security_solution/public/cloud_security_posture/components/flyout_v2/alerts/alerts_preview.test.tsx b/x-pack/solutions/security/plugins/security_solution/public/cloud_security_posture/components/flyout_v2/alerts/alerts_preview.test.tsx
new file mode 100644
index 0000000000000..203da19f8c8e8
--- /dev/null
+++ b/x-pack/solutions/security/plugins/security_solution/public/cloud_security_posture/components/flyout_v2/alerts/alerts_preview.test.tsx
@@ -0,0 +1,80 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React from 'react';
+import { render } from '@testing-library/react';
+import { AlertsPreview } from './alerts_preview';
+import { TestProviders } from '../../../../common/mock/test_providers';
+import type { ParsedAlertsData } from '../../../../overview/components/detection_response/alerts_by_status/types';
+import { useMisconfigurationPreview } from '@kbn/cloud-security-posture/src/hooks/use_misconfiguration_preview';
+import { useVulnerabilitiesPreview } from '@kbn/cloud-security-posture/src/hooks/use_vulnerabilities_preview';
+
+const mockAlertsData: ParsedAlertsData = {
+  open: {
+    total: 3,
+    severities: [
+      { key: 'low', value: 2, label: 'Low' },
+      { key: 'medium', value: 1, label: 'Medium' },
+    ],
+  },
+  acknowledged: {
+    total: 2,
+    severities: [
+      { key: 'low', value: 1, label: 'Low' },
+      { key: 'high', value: 1, label: 'High' },
+    ],
+  },
+};
+
+jest.mock('@kbn/cloud-security-posture/src/hooks/use_misconfiguration_preview');
+jest.mock('@kbn/cloud-security-posture/src/hooks/use_vulnerabilities_preview');
+
+describe('AlertsPreview (v2)', () => {
+  const mockOpenDetailsPanel = jest.fn();
+
+  beforeEach(() => {
+    (useVulnerabilitiesPreview as jest.Mock).mockReturnValue({
+      data: { count: { CRITICAL: 0, HIGH: 1, MEDIUM: 1, LOW: 0, UNKNOWN: 0 } },
+    });
+    (useMisconfigurationPreview as jest.Mock).mockReturnValue({
+      data: { count: { passed: 1, failed: 1 } },
+    });
+  });
+  afterEach(() => {
+    jest.clearAllMocks();
+  });
+
+  it('renders', () => {
+    const { getByTestId } = render(
+      <TestProviders>
+        <AlertsPreview alertsData={mockAlertsData} openDetailsPanel={mockOpenDetailsPanel} />
+      </TestProviders>
+    );
+
+    expect(getByTestId('securitySolutionFlyoutInsightsAlertsTitleLink')).toBeInTheDocument();
+  });
+
+  it('renders correct alerts number', () => {
+    const { getByTestId } = render(
+      <TestProviders>
+        <AlertsPreview alertsData={mockAlertsData} openDetailsPanel={mockOpenDetailsPanel} />
+      </TestProviders>
+    );
+
+    expect(getByTestId('securitySolutionFlyoutInsightsAlertsCount').textContent).toEqual('5');
+  });
+
+  it('should render the correct number of distribution bar section based on the number of severities', () => {
+    const { queryAllByTestId } = render(
+      <TestProviders>
+        <AlertsPreview alertsData={mockAlertsData} openDetailsPanel={mockOpenDetailsPanel} />
+      </TestProviders>
+    );
+
+    expect(queryAllByTestId('AlertsPreviewDistributionBarTestId__part').length).toEqual(3);
+  });
+});
diff --git a/x-pack/solutions/security/plugins/security_solution/public/cloud_security_posture/components/flyout_v2/alerts/alerts_preview.tsx b/x-pack/solutions/security/plugins/security_solution/public/cloud_security_posture/components/flyout_v2/alerts/alerts_preview.tsx
new file mode 100644
index 0000000000000..faa6f498f4a13
--- /dev/null
+++ b/x-pack/solutions/security/plugins/security_solution/public/cloud_security_posture/components/flyout_v2/alerts/alerts_preview.tsx
@@ -0,0 +1,157 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React, { useCallback, useMemo } from 'react';
+import { css } from '@emotion/react';
+import { capitalize } from 'lodash';
+import type { EuiThemeComputed } from '@elastic/eui';
+import { EuiFlexGroup, EuiFlexItem, EuiSpacer, EuiText, EuiTitle, useEuiTheme } from '@elastic/eui';
+import { FormattedMessage } from '@kbn/i18n-react';
+import { DistributionBar } from '@kbn/security-solution-distribution-bar';
+import { getAbbreviatedNumber } from '@kbn/cloud-security-posture-common';
+import type {
+  AlertsByStatus,
+  ParsedAlertsData,
+} from '../../../../overview/components/detection_response/alerts_by_status/types';
+import { ExpandablePanel } from '../../../../flyout_v2/shared/components/expandable_panel';
+import { getSeverityColor } from '../../../../detections/components/alerts_kpis/severity_level_panel/helpers';
+import type { EntityDetailsPath } from '../../../../flyout/entity_details/shared/components/left_panel/left_panel_header';
+import {
+  CspInsightLeftPanelSubTab,
+  EntityDetailsLeftPanelTab,
+} from '../../../../flyout/entity_details/shared/components/left_panel/left_panel_header';
+
+const AlertsCount = ({
+  alertsTotal,
+  euiTheme,
+}: {
+  alertsTotal: number;
+  euiTheme: EuiThemeComputed<{}>;
+}) => {
+  return (
+    <EuiFlexItem>
+      <EuiFlexGroup direction="column" gutterSize="none">
+        <EuiFlexItem>
+          <EuiTitle size="s">
+            <h3 data-test-subj={'securitySolutionFlyoutInsightsAlertsCount'}>
+              {getAbbreviatedNumber(alertsTotal)}
+            </h3>
+          </EuiTitle>
+        </EuiFlexItem>
+        <EuiFlexItem>
+          <EuiText
+            size="xs"
+            css={css`
+              font-weight: ${euiTheme.font.weight.semiBold};
+            `}
+          >
+            <FormattedMessage
+              id="xpack.securitySolution.flyout.right.insights.alerts.alertsCountDescription"
+              defaultMessage="Alerts"
+            />
+          </EuiText>
+        </EuiFlexItem>
+      </EuiFlexGroup>
+    </EuiFlexItem>
+  );
+};
+
+export const AlertsPreview = ({
+  alertsData,
+  openDetailsPanel,
+}: {
+  alertsData: ParsedAlertsData;
+  openDetailsPanel: (path: EntityDetailsPath) => void;
+}) => {
+  const { euiTheme } = useEuiTheme();
+
+  const severityMap = new Map<string, number>();
+  const severityRank: Record<string, number> = {
+    critical: 4,
+    high: 3,
+    medium: 2,
+    low: 1,
+  };
+
+  (Object.keys(alertsData || {}) as AlertsByStatus[]).forEach((status) => {
+    if (alertsData?.[status]?.severities) {
+      alertsData?.[status]?.severities.forEach((severity) => {
+        const currentSeverity = severityMap.get(severity.key) || 0;
+        severityMap.set(severity.key, currentSeverity + severity.value);
+      });
+    }
+  });
+
+  const alertStats = Array.from(severityMap, ([key, count]: [string, number]) => ({
+    key: capitalize(key),
+    count,
+    color: getSeverityColor(key, euiTheme),
+    sort: severityRank[key.toLowerCase()] || 0,
+  })).sort((a, b) => b.sort - a.sort);
+
+  const totalAlertsCount = alertStats.reduce((total, item) => total + item.count, 0);
+
+  const goToEntityInsightTab = useCallback(
+    () =>
+      openDetailsPanel({
+        tab: EntityDetailsLeftPanelTab.CSP_INSIGHTS,
+        subTab: CspInsightLeftPanelSubTab.ALERTS,
+      }),
+    [openDetailsPanel]
+  );
+
+  const link = useMemo(
+    () => ({
+      callback: goToEntityInsightTab,
+      tooltip: (
+        <FormattedMessage
+          id="xpack.securitySolution.flyout.right.insights.alerts.alertsTooltip"
+          defaultMessage="Show all alerts"
+        />
+      ),
+    }),
+    [goToEntityInsightTab]
+  );
+  return (
+    <ExpandablePanel
+      header={{
+        iconType: '',
+        title: (
+          <EuiText
+            size="xs"
+            css={{
+              fontWeight: euiTheme.font.weight.bold,
+            }}
+          >
+            <FormattedMessage
+              id="xpack.securitySolution.flyout.right.insights.alerts.alertsTitle"
+              defaultMessage="Alerts"
+            />
+          </EuiText>
+        ),
+        link: totalAlertsCount > 0 ? link : undefined,
+      }}
+      data-test-subj={'securitySolutionFlyoutInsightsAlerts'}
+    >
+      <EuiFlexGroup gutterSize="none">
+        <AlertsCount alertsTotal={totalAlertsCount} euiTheme={euiTheme} />
+        <EuiFlexItem grow={2}>
+          <EuiFlexGroup direction="column" gutterSize="none">
+            <EuiFlexItem />
+            <EuiFlexItem>
+              <EuiSpacer />
+              <DistributionBar
+                stats={alertStats}
+                data-test-subj="AlertsPreviewDistributionBarTestId"
+              />
+            </EuiFlexItem>
+          </EuiFlexGroup>
+        </EuiFlexItem>
+      </EuiFlexGroup>
+    </ExpandablePanel>
+  );
+};
diff --git a/x-pack/solutions/security/plugins/security_solution/public/cloud_security_posture/components/flyout_v2/csp_details/alerts_findings_details_table.test.tsx b/x-pack/solutions/security/plugins/security_solution/public/cloud_security_posture/components/flyout_v2/csp_details/alerts_findings_details_table.test.tsx
new file mode 100644
index 0000000000000..068e107113a3e
--- /dev/null
+++ b/x-pack/solutions/security/plugins/security_solution/public/cloud_security_posture/components/flyout_v2/csp_details/alerts_findings_details_table.test.tsx
@@ -0,0 +1,97 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React from 'react';
+import { render } from '@testing-library/react';
+import { AlertsDetailsTable } from './alerts_findings_details_table';
+import { TestProviders } from '../../../../common/mock/test_providers';
+import { EntityIdentifierFields } from '../../../../../common/entity_analytics/types';
+
+jest.mock('@kbn/entity-store/public', () => ({
+  ...jest.requireActual('@kbn/entity-store/public'),
+  useEntityStoreEuidApi: jest.fn().mockReturnValue({ euid: null }),
+}));
+
+jest.mock('../../../../common/lib/kibana', () => ({
+  useUiSetting: jest.fn().mockReturnValue(false),
+  useKibana: jest.fn().mockReturnValue({ services: {} }),
+}));
+
+jest.mock('../../../../common/containers/use_global_time', () => ({
+  useGlobalTime: jest.fn().mockReturnValue({ to: '2023-01-01', from: '2022-01-01' }),
+}));
+
+jest.mock('../../../../detections/containers/detection_engine/alerts/use_query', () => ({
+  useQueryAlerts: jest.fn().mockReturnValue({
+    loading: false,
+    data: null,
+    setQuery: jest.fn(),
+    response: '',
+    request: '',
+    refetch: jest.fn(),
+  }),
+}));
+
+jest.mock('../../../../detections/containers/detection_engine/alerts/use_signal_index', () => ({
+  useSignalIndex: jest.fn().mockReturnValue({
+    loading: false,
+    signalIndexName: '.alerts-security',
+  }),
+}));
+
+jest.mock('../../../../flyout/entity_details/shared/hooks/use_entity_from_store', () => ({
+  useEntityFromStore: jest.fn().mockReturnValue({ entityRecord: null, isLoading: false }),
+}));
+
+jest.mock('../../../hooks/use_non_closed_alerts', () => ({
+  useNonClosedAlerts: jest.fn().mockReturnValue({
+    hasNonClosedAlerts: false,
+    filteredAlertsData: null,
+  }),
+}));
+
+jest.mock('../../../../common/hooks/use_navigate_to_alerts_page_with_filters', () => ({
+  useNavigateToAlertsPageWithFilters: jest.fn().mockReturnValue(jest.fn()),
+}));
+
+describe('AlertsDetailsTable (v2)', () => {
+  const mockOnShowAlert = jest.fn();
+
+  beforeEach(() => {
+    jest.clearAllMocks();
+  });
+
+  it('renders without crashing', () => {
+    const { getByTestId } = render(
+      <TestProviders>
+        <AlertsDetailsTable
+          field={EntityIdentifierFields.hostName}
+          value="my-host"
+          onShowAlert={mockOnShowAlert}
+        />
+      </TestProviders>
+    );
+
+    expect(getByTestId('securitySolutionFlyoutMisconfigurationFindingsTable')).toBeInTheDocument();
+  });
+
+  it('accepts required onShowAlert callback without throwing', () => {
+    expect(() =>
+      render(
+        <TestProviders>
+          <AlertsDetailsTable
+            field={EntityIdentifierFields.hostName}
+            value="my-host"
+            entityId="host-entity-id"
+            entityType="host"
+            onShowAlert={mockOnShowAlert}
+          />
+        </TestProviders>
+      )
+    ).not.toThrow();
+  });
+});
diff --git a/x-pack/solutions/security/plugins/security_solution/public/cloud_security_posture/components/flyout_v2/csp_details/alerts_findings_details_table.tsx b/x-pack/solutions/security/plugins/security_solution/public/cloud_security_posture/components/flyout_v2/csp_details/alerts_findings_details_table.tsx
new file mode 100644
index 0000000000000..9c6d4fe22327d
--- /dev/null
+++ b/x-pack/solutions/security/plugins/security_solution/public/cloud_security_posture/components/flyout_v2/csp_details/alerts_findings_details_table.tsx
@@ -0,0 +1,444 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React, { memo, useCallback, useEffect, useMemo, useState } from 'react';
+import { encode } from '@kbn/rison';
+import { capitalize } from 'lodash';
+import type { Criteria, EuiBasicTableColumn, EuiTableSortingType } from '@elastic/eui';
+import {
+  EuiSpacer,
+  EuiPanel,
+  EuiText,
+  EuiBasicTable,
+  EuiIcon,
+  EuiLink,
+  useEuiTheme,
+} from '@elastic/eui';
+import { i18n } from '@kbn/i18n';
+import { DistributionBar } from '@kbn/security-solution-distribution-bar';
+import {
+  ENTITY_FLYOUT_EXPAND_MISCONFIGURATION_VIEW_VISITS,
+  uiMetricService,
+} from '@kbn/cloud-security-posture-common/utils/ui_metrics';
+import { METRIC_TYPE } from '@kbn/analytics';
+import { buildEntityAlertsQuery } from '@kbn/cloud-security-posture-common/utils/helpers';
+import type { QueryDslQueryContainer } from '@kbn/data-views-plugin/common/types';
+import { FF_ENABLE_ENTITY_STORE_V2, useEntityStoreEuidApi } from '@kbn/entity-store/public';
+import type { AlertsByStatus } from '../../../../overview/components/detection_response/alerts_by_status/types';
+import { DETECTION_RESPONSE_ALERTS_BY_STATUS_ID } from '../../../../overview/components/detection_response/alerts_by_status/types';
+import {
+  OPEN_IN_ALERTS_TITLE_HOSTNAME,
+  OPEN_IN_ALERTS_TITLE_STATUS,
+  OPEN_IN_ALERTS_TITLE_USERNAME,
+} from '../../../../overview/components/detection_response/translations';
+import { URL_PARAM_KEY } from '../../../../common/hooks/use_url_state';
+import { useNavigateToAlertsPageWithFilters } from '../../../../common/hooks/use_navigate_to_alerts_page_with_filters';
+import type { ESBoolQuery } from '../../../../../common/typed_json';
+import { useGlobalTime } from '../../../../common/containers/use_global_time';
+import { useUiSetting } from '../../../../common/lib/kibana';
+import { useQueryAlerts } from '../../../../detections/containers/detection_engine/alerts/use_query';
+import { ALERTS_QUERY_NAMES } from '../../../../detections/containers/detection_engine/alerts/constants';
+import { useSignalIndex } from '../../../../detections/containers/detection_engine/alerts/use_signal_index';
+import { getSeverityColor } from '../../../../detections/components/alerts_kpis/severity_level_panel/helpers';
+import { SeverityBadge } from '../../../../common/components/severity_badge';
+import { FILTER_OPEN, FILTER_ACKNOWLEDGED } from '../../../../../common/types';
+import { useNonClosedAlerts } from '../../../hooks/use_non_closed_alerts';
+import { useEntityFromStore } from '../../../../flyout/entity_details/shared/hooks/use_entity_from_store';
+import type { CloudPostureEntityIdentifier } from '../../entity_insight';
+
+enum KIBANA_ALERTS {
+  SEVERITY = 'kibana.alert.severity',
+  RULE_NAME = 'kibana.alert.rule.name',
+  WORKFLOW_STATUS = 'kibana.alert.workflow_status',
+}
+
+type AlertSeverity = 'low' | 'medium' | 'high' | 'critical';
+
+type AlertsSortFieldType =
+  | 'id'
+  | 'index'
+  | KIBANA_ALERTS.SEVERITY
+  | KIBANA_ALERTS.WORKFLOW_STATUS
+  | KIBANA_ALERTS.RULE_NAME;
+
+interface ResultAlertsField {
+  _id: string[];
+  _index: string[];
+  [KIBANA_ALERTS.SEVERITY]: AlertSeverity[];
+  [KIBANA_ALERTS.RULE_NAME]: string[];
+  [KIBANA_ALERTS.WORKFLOW_STATUS]: string[];
+}
+
+interface ContextualFlyoutAlertsField {
+  id: string;
+  index: string;
+  [KIBANA_ALERTS.SEVERITY]: AlertSeverity;
+  [KIBANA_ALERTS.RULE_NAME]: string;
+  [KIBANA_ALERTS.WORKFLOW_STATUS]: string;
+}
+
+interface AlertsDetailsFields {
+  fields: ResultAlertsField;
+}
+
+export const AlertsDetailsTable = memo(
+  ({
+    field,
+    value,
+    entityId,
+    entityType,
+    onShowAlert,
+  }: {
+    field: CloudPostureEntityIdentifier;
+    value: string;
+    /** Canonical entity store id (`host.entity.id` / `user.entity.id`); when set with Entity Store v2, identity is loaded from the store for EUID DSL. */
+    entityId?: string;
+    entityType?: 'host' | 'user';
+    onShowAlert: (eventId: string, indexName: string) => void;
+  }) => {
+    const { euiTheme } = useEuiTheme();
+
+    useEffect(() => {
+      uiMetricService.trackUiMetric(
+        METRIC_TYPE.COUNT,
+        ENTITY_FLYOUT_EXPAND_MISCONFIGURATION_VIEW_VISITS
+      );
+    }, []);
+
+    const [currentFilter, setCurrentFilter] = useState<string>('');
+
+    const [pageIndex, setPageIndex] = useState(0);
+    const [pageSize, setPageSize] = useState(10);
+
+    const [sortField, setSortField] = useState<AlertsSortFieldType>(KIBANA_ALERTS.SEVERITY);
+    const [sortDirection, setSortDirection] = useState<'asc' | 'desc'>('asc');
+
+    const sorting: EuiTableSortingType<ContextualFlyoutAlertsField> = {
+      sort: {
+        field: sortField,
+        direction: sortDirection,
+      },
+    };
+
+    const alertsPagination = (alerts: ContextualFlyoutAlertsField[]) => {
+      let pageOfItems;
+
+      if (!pageIndex && !pageSize) {
+        pageOfItems = alerts;
+      } else {
+        const startIndex = pageIndex * pageSize;
+        pageOfItems = alerts?.slice(startIndex, Math.min(startIndex + pageSize, alerts?.length));
+      }
+
+      return {
+        pageOfItems,
+        totalItemCount: alerts?.length,
+      };
+    };
+
+    const { to, from } = useGlobalTime();
+    const timerange = encode({
+      global: {
+        [URL_PARAM_KEY.timerange]: {
+          kind: 'absolute',
+          from,
+          to,
+        },
+      },
+    });
+
+    const entityStoreV2Enabled = useUiSetting<boolean>(FF_ENABLE_ENTITY_STORE_V2);
+    const entityTypeResolved: 'host' | 'user' =
+      entityType ?? (field === 'user.name' ? 'user' : 'host');
+
+    const { entityRecord, isLoading: entityFromStoreLoading } = useEntityFromStore({
+      entityId,
+      entityType: entityTypeResolved,
+      skip: !entityStoreV2Enabled || !entityId,
+    });
+
+    const euidApi = useEntityStoreEuidApi();
+    const euidEntityFilter = useMemo((): QueryDslQueryContainer | undefined => {
+      if (!euidApi?.euid) {
+        return undefined;
+      }
+      return euidApi.euid.dsl.getEuidFilterBasedOnDocument(entityTypeResolved, entityRecord);
+    }, [euidApi?.euid, entityTypeResolved, entityRecord]);
+
+    const filterAlertsByEuid = Boolean(euidApi?.euid && euidEntityFilter);
+    /** Wait for entity-store lookup when `entityId` is set; after it finishes with no record, fall back to field/value filters. */
+    const skipEntityResolution =
+      entityStoreV2Enabled && Boolean(entityId) && entityFromStoreLoading;
+
+    const entityFilterForQuery: QueryDslQueryContainer | undefined = filterAlertsByEuid
+      ? euidEntityFilter
+      : undefined;
+
+    const buildAlertsListQuery = useCallback(
+      (opts: {
+        severity?: string;
+        sortField?: AlertsSortFieldType;
+        sortDirection?: 'asc' | 'desc';
+      }) =>
+        buildEntityAlertsQuery({
+          field,
+          to,
+          from,
+          queryValue: value,
+          size: 500,
+          severity: opts.severity ?? '',
+          sortField: opts.sortField ?? sortField,
+          sortDirection: opts.sortDirection ?? sortDirection,
+          entityFilter: entityFilterForQuery,
+        }),
+      [entityFilterForQuery, field, from, sortDirection, sortField, to, value]
+    );
+
+    const alertsListQuery = useMemo(
+      () =>
+        buildEntityAlertsQuery({
+          field,
+          to,
+          from,
+          queryValue: value,
+          size: 500,
+          severity: currentFilter,
+          sortField,
+          sortDirection,
+          entityFilter: entityFilterForQuery,
+        }),
+      [currentFilter, entityFilterForQuery, field, from, sortDirection, sortField, to, value]
+    );
+
+    const { signalIndexName } = useSignalIndex();
+    const { data, setQuery } = useQueryAlerts({
+      query: alertsListQuery,
+      queryName: ALERTS_QUERY_NAMES.BY_RULE_BY_STATUS,
+      indexName: signalIndexName,
+      skip: skipEntityResolution,
+    });
+
+    useEffect(() => {
+      setQuery(alertsListQuery);
+    }, [alertsListQuery, setQuery]);
+
+    const alertsByStatusIdentityFields = useMemo((): Record<string, string> => {
+      if (filterAlertsByEuid) {
+        return {};
+      }
+      return { [field]: value };
+    }, [field, filterAlertsByEuid, value]);
+
+    const alertsByStatusAdditionalFilters = useMemo((): ESBoolQuery[] | undefined => {
+      if (!filterAlertsByEuid || !euidEntityFilter) {
+        return undefined;
+      }
+      return [euidEntityFilter] as ESBoolQuery[];
+    }, [euidEntityFilter, filterAlertsByEuid]);
+
+    const { filteredAlertsData: alertsData } = useNonClosedAlerts({
+      identityFields: alertsByStatusIdentityFields,
+      additionalFilters: alertsByStatusAdditionalFilters,
+      skip: skipEntityResolution,
+      to,
+      from,
+      queryId: `${DETECTION_RESPONSE_ALERTS_BY_STATUS_ID}`,
+    });
+
+    const severityMap = new Map<string, number>();
+    (Object.keys(alertsData || {}) as AlertsByStatus[]).forEach((status) => {
+      if (alertsData?.[status]?.severities) {
+        alertsData?.[status]?.severities.forEach((severity) => {
+          const currentSeverity = severityMap.get(severity.key) || 0;
+          severityMap.set(severity.key, currentSeverity + severity.value);
+        });
+      }
+    });
+
+    const alertStats = Array.from(severityMap, ([key, count]) => ({
+      key: capitalize(key),
+      count,
+      color: getSeverityColor(key, euiTheme),
+      filter: () => {
+        setCurrentFilter(key);
+        setQuery(
+          buildAlertsListQuery({
+            severity: key,
+            sortField,
+            sortDirection,
+          })
+        );
+      },
+      isCurrentFilter: currentFilter === key,
+      reset: (event: React.MouseEvent<SVGElement, MouseEvent>) => {
+        setCurrentFilter('');
+        setQuery(buildAlertsListQuery({ severity: '' }));
+        event?.stopPropagation();
+      },
+    }));
+
+    const alertDataResults = (data?.hits?.hits as AlertsDetailsFields[])?.map(
+      (item: AlertsDetailsFields) => {
+        return {
+          id: item.fields?._id?.[0],
+          index: item.fields?._index?.[0],
+          [KIBANA_ALERTS.RULE_NAME]: item.fields?.[KIBANA_ALERTS.RULE_NAME]?.[0],
+          [KIBANA_ALERTS.SEVERITY]: item.fields?.[KIBANA_ALERTS.SEVERITY]?.[0],
+          [KIBANA_ALERTS.WORKFLOW_STATUS]: item.fields?.[KIBANA_ALERTS.WORKFLOW_STATUS]?.[0],
+        };
+      }
+    );
+
+    const { pageOfItems, totalItemCount } = alertsPagination(alertDataResults || []);
+
+    const pagination = {
+      pageIndex,
+      pageSize,
+      totalItemCount,
+      pageSizeOptions: [10, 25, 100],
+    };
+
+    const onTableChange = useCallback(
+      ({ page, sort }: Criteria<ContextualFlyoutAlertsField>) => {
+        if (page) {
+          const { index, size } = page;
+          setPageIndex(index);
+          setPageSize(size);
+        }
+
+        if (sort) {
+          const { field: fieldSort, direction } = sort;
+          setSortField(fieldSort);
+          setSortDirection(direction);
+          setQuery(
+            buildAlertsListQuery({
+              severity: currentFilter,
+              sortField: fieldSort,
+              sortDirection: direction,
+            })
+          );
+        }
+      },
+      [buildAlertsListQuery, currentFilter, setQuery]
+    );
+
+    const columns: Array<EuiBasicTableColumn<ContextualFlyoutAlertsField>> = [
+      {
+        field: 'id',
+        name: '',
+        width: '5%',
+        render: (id: string, alert: ContextualFlyoutAlertsField) => (
+          <EuiLink onClick={() => onShowAlert(id, alert.index)}>
+            <EuiIcon type={'expand'} aria-hidden={true} />
+          </EuiLink>
+        ),
+      },
+      {
+        field: KIBANA_ALERTS.RULE_NAME,
+        render: (ruleName: string) => <EuiText size="s">{ruleName}</EuiText>,
+        name: i18n.translate(
+          'xpack.securitySolution.flyout.left.insights.alerts.table.ruleNameColumnName',
+          {
+            defaultMessage: 'Rule',
+          }
+        ),
+        width: '55%',
+        sortable: true,
+      },
+      {
+        field: KIBANA_ALERTS.SEVERITY,
+        render: (severity: AlertSeverity) => (
+          <EuiText size="s">
+            <SeverityBadge value={severity} data-test-subj="severityPropertyValue" />
+          </EuiText>
+        ),
+        name: i18n.translate(
+          'xpack.securitySolution.flyout.left.insights.alerts.table.severityColumnName',
+          {
+            defaultMessage: 'Severity',
+          }
+        ),
+        width: '20%',
+        sortable: true,
+      },
+      {
+        field: KIBANA_ALERTS.WORKFLOW_STATUS,
+        render: (status: string) => <EuiText size="s">{capitalize(status)}</EuiText>,
+        name: i18n.translate(
+          'xpack.securitySolution.flyout.left.insights.alerts.table.statusColumnName',
+          {
+            defaultMessage: 'Status',
+          }
+        ),
+        width: '20%',
+        sortable: true,
+      },
+    ];
+
+    const openAlertsPageWithFilters = useNavigateToAlertsPageWithFilters();
+
+    const openAlertsInAlertsPage = useCallback(
+      () =>
+        openAlertsPageWithFilters(
+          [
+            {
+              title:
+                field === 'host.name'
+                  ? OPEN_IN_ALERTS_TITLE_HOSTNAME
+                  : OPEN_IN_ALERTS_TITLE_USERNAME,
+              selected_options: [value],
+              field_name: field,
+            },
+            {
+              title: OPEN_IN_ALERTS_TITLE_STATUS,
+              selected_options: [FILTER_OPEN, FILTER_ACKNOWLEDGED],
+              field_name: 'kibana.alert.workflow_status',
+            },
+          ],
+          true,
+          timerange
+        ),
+      [field, openAlertsPageWithFilters, timerange, value]
+    );
+
+    return (
+      <>
+        <EuiPanel hasShadow={false}>
+          <EuiLink onClick={() => openAlertsInAlertsPage()}>
+            <h1 data-test-subj={'securitySolutionFlyoutInsightsAlertsCount'}>
+              {i18n.translate('xpack.securitySolution.flyout.left.insights.alerts.tableTitle', {
+                defaultMessage: 'Alerts ',
+              })}
+              <EuiIcon type="external" aria-hidden={true} />
+            </h1>
+          </EuiLink>
+
+          <EuiSpacer size="xl" />
+          <DistributionBar stats={alertStats.reverse()} />
+          <EuiSpacer size="l" />
+          <EuiBasicTable
+            items={pageOfItems || []}
+            rowHeader="result"
+            columns={columns}
+            pagination={pagination}
+            onChange={onTableChange}
+            data-test-subj={'securitySolutionFlyoutMisconfigurationFindingsTable'}
+            sorting={sorting}
+            tableCaption={i18n.translate(
+              'xpack.securitySolution.flyout.left.insights.alerts.tableCaption',
+              {
+                defaultMessage: 'Alerts details',
+              }
+            )}
+          />
+        </EuiPanel>
+      </>
+    );
+  }
+);
+
+AlertsDetailsTable.displayName = 'AlertsDetailsTable';
diff --git a/x-pack/solutions/security/plugins/security_solution/public/cloud_security_posture/components/flyout_v2/csp_details/misconfiguration_findings_details_table.test.tsx b/x-pack/solutions/security/plugins/security_solution/public/cloud_security_posture/components/flyout_v2/csp_details/misconfiguration_findings_details_table.test.tsx
new file mode 100644
index 0000000000000..fa3e3e9646743
--- /dev/null
+++ b/x-pack/solutions/security/plugins/security_solution/public/cloud_security_posture/components/flyout_v2/csp_details/misconfiguration_findings_details_table.test.tsx
@@ -0,0 +1,87 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React from 'react';
+import { render } from '@testing-library/react';
+import { MisconfigurationFindingsDetailsTable } from './misconfiguration_findings_details_table';
+import { TestProviders } from '../../../../common/mock/test_providers';
+import { EntityIdentifierFields } from '../../../../../common/entity_analytics/types';
+
+jest.mock('@kbn/cloud-security-posture', () => ({
+  useMisconfigurationFindings: jest.fn().mockReturnValue({ data: { page: [] }, isLoading: false }),
+  useHasMisconfigurations: jest.fn().mockReturnValue({
+    hasMisconfigurationFindings: false,
+    passedFindings: 0,
+    failedFindings: 0,
+  }),
+  useGetMisconfigurationStatusColor: jest.fn().mockReturnValue({
+    getMisconfigurationStatusColor: jest.fn().mockReturnValue('#000'),
+  }),
+  useGetNavigationUrlParams: jest.fn().mockReturnValue(jest.fn().mockReturnValue('')),
+  CspEvaluationBadge: ({ type }: { type: string }) => <span>{type}</span>,
+  MISCONFIGURATION: { RESULT_EVALUATION: 'result.evaluation', RULE_NAME: 'rule.name' },
+}));
+
+jest.mock('@kbn/entity-store/public', () => ({
+  ...jest.requireActual('@kbn/entity-store/public'),
+  useEntityStoreEuidApi: jest.fn().mockReturnValue({ euid: null }),
+}));
+
+jest.mock('../../../../common/lib/kibana', () => ({
+  useUiSetting: jest.fn().mockReturnValue(false),
+  useKibana: jest.fn().mockReturnValue({ services: {} }),
+}));
+
+jest.mock('../../../../flyout/entity_details/shared/hooks/use_entity_from_store', () => ({
+  useEntityFromStore: jest.fn().mockReturnValue({ entityRecord: null, isLoading: false }),
+}));
+
+jest.mock('../../../../common/components/links', () => ({
+  SecuritySolutionLinkAnchor: ({ children }: { children: React.ReactNode }) => (
+    <a href="/">{children}</a>
+  ),
+}));
+
+describe('MisconfigurationFindingsDetailsTable (v2)', () => {
+  const mockOnShowFinding = jest.fn();
+
+  beforeEach(() => {
+    jest.clearAllMocks();
+  });
+
+  it('renders without crashing', () => {
+    const { getByTestId } = render(
+      <TestProviders>
+        <MisconfigurationFindingsDetailsTable
+          field={EntityIdentifierFields.hostName}
+          value="my-host"
+          scopeId="scope-id"
+          onShowFinding={mockOnShowFinding}
+        />
+      </TestProviders>
+    );
+
+    expect(getByTestId('securitySolutionFlyoutMisconfigurationFindingsTable')).toBeInTheDocument();
+  });
+
+  it('accepts required onShowFinding callback without throwing', () => {
+    expect(() =>
+      render(
+        <TestProviders>
+          <MisconfigurationFindingsDetailsTable
+            field={EntityIdentifierFields.hostName}
+            value="my-host"
+            scopeId="scope-id"
+            entityId="host-entity-id"
+            entityType="host"
+            onShowFinding={mockOnShowFinding}
+          />
+        </TestProviders>
+      )
+    ).not.toThrow();
+  });
+});
diff --git a/x-pack/solutions/security/plugins/security_solution/public/cloud_security_posture/components/flyout_v2/csp_details/misconfiguration_findings_details_table.tsx b/x-pack/solutions/security/plugins/security_solution/public/cloud_security_posture/components/flyout_v2/csp_details/misconfiguration_findings_details_table.tsx
new file mode 100644
index 0000000000000..bdfea3d823a8c
--- /dev/null
+++ b/x-pack/solutions/security/plugins/security_solution/public/cloud_security_posture/components/flyout_v2/csp_details/misconfiguration_findings_details_table.tsx
@@ -0,0 +1,440 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React, { memo, useCallback, useEffect, useMemo, useState } from 'react';
+import type { Criteria, EuiBasicTableColumn, EuiTableSortingType } from '@elastic/eui';
+import {
+  EuiSpacer,
+  EuiPanel,
+  EuiText,
+  EuiBasicTable,
+  EuiIcon,
+  EuiButtonIcon,
+  EuiToolTip,
+} from '@elastic/eui';
+import { i18n } from '@kbn/i18n';
+import type { CspFindingResult } from '@kbn/cloud-security-posture-common';
+import { MISCONFIGURATION_STATUS } from '@kbn/cloud-security-posture-common';
+import { DistributionBar } from '@kbn/security-solution-distribution-bar';
+import type { CspBenchmarkRuleMetadata } from '@kbn/cloud-security-posture-common/schema/rules/latest';
+import type { MisconfigurationFindingDetailFields } from '@kbn/cloud-security-posture';
+import {
+  CspEvaluationBadge,
+  MISCONFIGURATION,
+  useGetMisconfigurationStatusColor,
+  useGetNavigationUrlParams,
+  useHasMisconfigurations,
+  useMisconfigurationFindings,
+} from '@kbn/cloud-security-posture';
+
+import {
+  ENTITY_FLYOUT_EXPAND_MISCONFIGURATION_VIEW_VISITS,
+  NAV_TO_FINDINGS_BY_HOST_NAME_FROM_ENTITY_FLYOUT,
+  NAV_TO_FINDINGS_BY_RULE_NAME_FROM_ENTITY_FLYOUT,
+  uiMetricService,
+} from '@kbn/cloud-security-posture-common/utils/ui_metrics';
+import { METRIC_TYPE } from '@kbn/analytics';
+import { SecurityPageName } from '@kbn/deeplinks-security';
+import type { QueryDslQueryContainer } from '@kbn/data-views-plugin/common/types';
+import type { EntityType } from '@kbn/entity-store/public';
+import { FF_ENABLE_ENTITY_STORE_V2, useEntityStoreEuidApi } from '@kbn/entity-store/public';
+import type { UseCspOptions } from '@kbn/cloud-security-posture-common/types/findings';
+import { SecuritySolutionLinkAnchor } from '../../../../common/components/links';
+import { useUiSetting } from '../../../../common/lib/kibana';
+import { useEntityFromStore } from '../../../../flyout/entity_details/shared/hooks/use_entity_from_store';
+import type { CloudPostureEntityIdentifier } from '../../entity_insight';
+
+type MisconfigurationSortFieldType =
+  | MISCONFIGURATION.RESULT_EVALUATION
+  | MISCONFIGURATION.RULE_NAME
+  | 'resource'
+  | 'rule';
+
+interface MisconfigurationDetailsDistributionBarProps {
+  key: string;
+  count: number;
+  color: string;
+  filter: () => void;
+  isCurrentFilter: boolean;
+  reset: (event: React.MouseEvent<SVGElement, MouseEvent>) => void;
+}
+
+const useGetFindingsStats = () => {
+  const { getMisconfigurationStatusColor } = useGetMisconfigurationStatusColor();
+
+  const getFindingsStats = (
+    passedFindingsStats: number,
+    failedFindingsStats: number,
+    filterFunction: (filter: string) => void,
+    currentFilter: string
+  ) => {
+    const misconfigurationStats: MisconfigurationDetailsDistributionBarProps[] = [];
+    if (passedFindingsStats === 0 && failedFindingsStats === 0) return [];
+    if (passedFindingsStats > 0) {
+      misconfigurationStats.push({
+        key: i18n.translate(
+          'xpack.securitySolution.flyout.right.insights.misconfigurations.passedFindingsText',
+          {
+            defaultMessage: '{count, plural, one {Passed finding} other {Passed findings}}',
+            values: { count: passedFindingsStats },
+          }
+        ),
+        count: passedFindingsStats,
+        color: getMisconfigurationStatusColor(MISCONFIGURATION_STATUS.PASSED),
+        filter: () => {
+          filterFunction(MISCONFIGURATION_STATUS.PASSED);
+        },
+        isCurrentFilter: currentFilter === MISCONFIGURATION_STATUS.PASSED,
+        reset: (event: React.MouseEvent<SVGElement, MouseEvent>) => {
+          filterFunction('');
+          event?.stopPropagation();
+        },
+      });
+    }
+    if (failedFindingsStats > 0) {
+      misconfigurationStats.push({
+        key: i18n.translate(
+          'xpack.securitySolution.flyout.right.insights.misconfigurations.failedFindingsText',
+          {
+            defaultMessage: '{count, plural, one {Failed finding} other {Failed findings}}',
+            values: { count: failedFindingsStats },
+          }
+        ),
+        count: failedFindingsStats,
+        color: getMisconfigurationStatusColor(MISCONFIGURATION_STATUS.FAILED),
+        filter: () => {
+          filterFunction(MISCONFIGURATION_STATUS.FAILED);
+        },
+        isCurrentFilter: currentFilter === MISCONFIGURATION_STATUS.FAILED,
+        reset: (event: React.MouseEvent<SVGElement, MouseEvent>) => {
+          filterFunction('');
+          event?.stopPropagation();
+        },
+      });
+    }
+    return misconfigurationStats;
+  };
+
+  return { getFindingsStats };
+};
+
+const buildMisconfigurationCspOptions = ({
+  euidEntityFilter,
+  sort,
+  enabled,
+  pageSize,
+  currentFilter,
+  includeStatusFilter,
+}: {
+  euidEntityFilter: QueryDslQueryContainer | undefined;
+  sort: UseCspOptions['sort'];
+  enabled: boolean;
+  pageSize: number;
+  currentFilter: string;
+  includeStatusFilter: boolean;
+}): UseCspOptions => {
+  const filters: QueryDslQueryContainer[] = [];
+  if (euidEntityFilter) {
+    filters.push(euidEntityFilter);
+  }
+  if (includeStatusFilter && currentFilter) {
+    filters.push({
+      bool: {
+        should: [
+          {
+            term: {
+              'result.evaluation': {
+                value: currentFilter,
+                case_insensitive: true,
+              },
+            },
+          },
+        ],
+        minimum_should_match: 1,
+      },
+    });
+  }
+  return {
+    query: { bool: { filter: filters } },
+    sort: sort ?? [],
+    enabled,
+    pageSize,
+  };
+};
+
+/**
+ * Insights view displayed in the host entity v2 flyout — misconfiguration findings tab.
+ */
+export const MisconfigurationFindingsDetailsTable = memo(
+  ({
+    field,
+    value,
+    scopeId,
+    entityId,
+    entityType,
+    onShowFinding,
+  }: {
+    field: CloudPostureEntityIdentifier;
+    value: string;
+    scopeId: string;
+    /** Canonical entity store id (`host.entity.id` / `user.entity.id`); when set with v2 FF, identity fields are loaded from the store for EUID DSL. */
+    entityId?: string;
+    entityType?: string;
+    onShowFinding: (resourceId: string, ruleId: string) => void;
+  }) => {
+    useEffect(() => {
+      uiMetricService.trackUiMetric(
+        METRIC_TYPE.COUNT,
+        ENTITY_FLYOUT_EXPAND_MISCONFIGURATION_VIEW_VISITS
+      );
+    }, []);
+
+    const [currentFilter, setCurrentFilter] = useState<string>('');
+
+    const [sortField, setSortField] = useState<MisconfigurationSortFieldType>(
+      MISCONFIGURATION.RESULT_EVALUATION
+    );
+    const [sortDirection, setSortDirection] = useState<'asc' | 'desc'>('asc');
+
+    const sortFieldDirection: { [key: string]: string } = {};
+    sortFieldDirection[sortField] = sortDirection;
+
+    const entityStoreV2Enabled = useUiSetting<boolean>(FF_ENABLE_ENTITY_STORE_V2);
+
+    const { entityRecord, isLoading: isEntityRecordLoading } = useEntityFromStore({
+      entityId,
+      entityType,
+      skip: !entityStoreV2Enabled || !entityId,
+    });
+
+    const euidApi = useEntityStoreEuidApi();
+    const euidEntityFilter = useMemo(() => {
+      if (!euidApi?.euid || entityRecord == null || entityType == null) {
+        return undefined;
+      }
+      return euidApi.euid.dsl.getEuidFilterBasedOnDocument(entityType as EntityType, entityRecord);
+    }, [euidApi?.euid, entityType, entityRecord]);
+
+    const cspQueriesEnabled =
+      entityRecord !== null && Boolean(euidEntityFilter) && Boolean(euidApi?.euid);
+
+    const { data, isLoading } = useMisconfigurationFindings(
+      buildMisconfigurationCspOptions({
+        euidEntityFilter,
+        sort: [sortFieldDirection],
+        enabled: cspQueriesEnabled,
+        pageSize: 1,
+        currentFilter,
+        includeStatusFilter: true,
+      })
+    );
+
+    const { passedFindings, failedFindings } = useHasMisconfigurations(
+      buildMisconfigurationCspOptions({
+        euidEntityFilter,
+        sort: [],
+        enabled: cspQueriesEnabled,
+        pageSize: 1,
+        currentFilter: '',
+        includeStatusFilter: false,
+      })
+    );
+
+    const [pageIndex, setPageIndex] = useState(0);
+    const [pageSize, setPageSize] = useState(10);
+
+    const sorting: EuiTableSortingType<MisconfigurationFindingDetailFields> = {
+      sort: {
+        field: sortField,
+        direction: sortDirection,
+      },
+    };
+
+    const findingsPagination = (findings: MisconfigurationFindingDetailFields[]) => {
+      let pageOfItems;
+
+      if (!pageIndex && !pageSize) {
+        pageOfItems = findings;
+      } else {
+        const startIndex = pageIndex * pageSize;
+        pageOfItems = findings?.slice(
+          startIndex,
+          Math.min(startIndex + pageSize, findings?.length)
+        );
+      }
+
+      return {
+        pageOfItems,
+        totalItemCount: findings?.length,
+      };
+    };
+
+    const { pageOfItems, totalItemCount } = findingsPagination(
+      (data?.rows as MisconfigurationFindingDetailFields[]) || []
+    );
+
+    const pagination = {
+      pageIndex,
+      pageSize,
+      totalItemCount,
+      pageSizeOptions: [10, 25, 100],
+    };
+    const onTableChange = useCallback(
+      ({ page, sort }: Criteria<MisconfigurationFindingDetailFields>) => {
+        if (page) {
+          const { index, size } = page;
+          setPageIndex(index);
+          setPageSize(size);
+        }
+        if (sort) {
+          const { field: fieldSort, direction } = sort;
+          if (
+            fieldSort === MISCONFIGURATION.RESULT_EVALUATION ||
+            fieldSort === MISCONFIGURATION.RULE_NAME ||
+            fieldSort === 'resource' ||
+            fieldSort === 'rule'
+          ) {
+            setSortField(fieldSort);
+            setSortDirection(direction);
+          }
+        }
+      },
+      []
+    );
+
+    const getNavUrlParams = useGetNavigationUrlParams();
+
+    const getFindingsPageUrl = (name: string, queryField: CloudPostureEntityIdentifier) => {
+      return getNavUrlParams({ [queryField]: name }, 'configurations', ['rule.name']);
+    };
+
+    const linkWidth = 40;
+    const resultWidth = 74;
+
+    const { getFindingsStats } = useGetFindingsStats();
+    const misconfigurationStats = getFindingsStats(
+      passedFindings,
+      failedFindings,
+      setCurrentFilter,
+      currentFilter
+    );
+
+    const columns: Array<EuiBasicTableColumn<MisconfigurationFindingDetailFields>> = [
+      {
+        field: 'rule',
+        name: '',
+        width: `${linkWidth}`,
+        render: (rule: CspBenchmarkRuleMetadata, finding: MisconfigurationFindingDetailFields) => (
+          <EuiToolTip
+            content={i18n.translate(
+              'xpack.securitySolution.flyout.left.insights.misconfigurations.previewButtonAriaLabel',
+              {
+                defaultMessage: 'Preview finding details',
+              }
+            )}
+            disableScreenReaderOutput
+          >
+            <EuiButtonIcon
+              aria-label={i18n.translate(
+                'xpack.securitySolution.flyout.left.insights.misconfigurations.previewButtonAriaLabel',
+                {
+                  defaultMessage: 'Preview finding details',
+                }
+              )}
+              iconType="maximize"
+              onClick={() => {
+                uiMetricService.trackUiMetric(
+                  METRIC_TYPE.CLICK,
+                  NAV_TO_FINDINGS_BY_RULE_NAME_FROM_ENTITY_FLYOUT
+                );
+                onShowFinding(finding.resource.id, finding.rule.id);
+              }}
+            />
+          </EuiToolTip>
+        ),
+      },
+      {
+        field: MISCONFIGURATION.RESULT_EVALUATION,
+        render: (result: CspFindingResult['evaluation'] | undefined) => (
+          <CspEvaluationBadge type={result} />
+        ),
+        name: i18n.translate(
+          'xpack.securitySolution.flyout.left.insights.misconfigurations.table.resultColumnName',
+          {
+            defaultMessage: 'Result',
+          }
+        ),
+        width: `${resultWidth}px`,
+        sortable: true,
+      },
+      {
+        field: MISCONFIGURATION.RULE_NAME,
+        render: (ruleName: CspBenchmarkRuleMetadata['name']) => (
+          <EuiText size="s">{ruleName}</EuiText>
+        ),
+        name: i18n.translate(
+          'xpack.securitySolution.flyout.left.insights.misconfigurations.table.ruleColumnName',
+          {
+            defaultMessage: 'Rule',
+          }
+        ),
+        width: `calc(100% - ${linkWidth + resultWidth}px)`,
+        sortable: true,
+      },
+    ];
+
+    return (
+      <>
+        <EuiPanel hasShadow={false}>
+          <SecuritySolutionLinkAnchor
+            deepLinkId={SecurityPageName.cloudSecurityPostureFindings}
+            path={`${getFindingsPageUrl(value, field)}`}
+            target={'_blank'}
+            external={false}
+            onClick={() => {
+              uiMetricService.trackUiMetric(
+                METRIC_TYPE.CLICK,
+                NAV_TO_FINDINGS_BY_HOST_NAME_FROM_ENTITY_FLYOUT
+              );
+            }}
+          >
+            {i18n.translate(
+              'xpack.securitySolution.flyout.left.insights.misconfigurations.tableTitle',
+              {
+                defaultMessage: 'Misconfigurations ',
+              }
+            )}
+            <EuiIcon type="external" aria-hidden={true} />
+          </SecuritySolutionLinkAnchor>
+          <EuiSpacer size="xl" />
+          <DistributionBar stats={misconfigurationStats} />
+          <EuiSpacer size="l" />
+          <EuiBasicTable
+            items={pageOfItems || []}
+            rowHeader="result"
+            columns={columns}
+            pagination={pagination}
+            onChange={onTableChange}
+            data-test-subj={'securitySolutionFlyoutMisconfigurationFindingsTable'}
+            sorting={sorting}
+            loading={
+              isLoading || (entityStoreV2Enabled && Boolean(entityId) && isEntityRecordLoading)
+            }
+            tableCaption={i18n.translate(
+              'xpack.securitySolution.flyout.left.insights.misconfigurations.tableCaption',
+              {
+                defaultMessage: 'Misconfiguration findings',
+              }
+            )}
+          />
+        </EuiPanel>
+      </>
+    );
+  }
+);
+
+MisconfigurationFindingsDetailsTable.displayName = 'MisconfigurationFindingsDetailsTable';
diff --git a/x-pack/solutions/security/plugins/security_solution/public/cloud_security_posture/components/flyout_v2/csp_details/vulnerabilities_findings_details_table.test.tsx b/x-pack/solutions/security/plugins/security_solution/public/cloud_security_posture/components/flyout_v2/csp_details/vulnerabilities_findings_details_table.test.tsx
new file mode 100644
index 0000000000000..39a7c7bd62583
--- /dev/null
+++ b/x-pack/solutions/security/plugins/security_solution/public/cloud_security_posture/components/flyout_v2/csp_details/vulnerabilities_findings_details_table.test.tsx
@@ -0,0 +1,95 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React from 'react';
+import { render } from '@testing-library/react';
+import { VulnerabilitiesFindingsDetailsTable } from './vulnerabilities_findings_details_table';
+import { TestProviders } from '../../../../common/mock/test_providers';
+import { EntityIdentifierFields } from '../../../../../common/entity_analytics/types';
+
+jest.mock('@kbn/cloud-security-posture', () => ({
+  useVulnerabilitiesFindings: jest.fn().mockReturnValue({ data: { page: [] }, isLoading: false }),
+  getVulnerabilityStats: jest.fn().mockReturnValue([]),
+  hasVulnerabilitiesData: jest.fn().mockReturnValue(false),
+  SecuritySolutionLinkAnchor: ({ children }: { children: React.ReactNode }) => (
+    <a href="/">{children}</a>
+  ),
+}));
+
+jest.mock('@kbn/cloud-security-posture/src/hooks/use_has_vulnerabilities', () => ({
+  useHasVulnerabilities: jest.fn().mockReturnValue({ hasVulnerabilitiesFindings: false }),
+}));
+
+jest.mock('@kbn/cloud-security-posture/src/hooks/use_get_navigation_url_params', () => ({
+  useGetNavigationUrlParams: jest.fn().mockReturnValue(jest.fn().mockReturnValue('')),
+}));
+
+jest.mock('@kbn/cloud-security-posture/src/hooks/use_get_severity_status_color', () => ({
+  useGetSeverityStatusColor: jest
+    .fn()
+    .mockReturnValue({ getSeverityStatusColor: jest.fn().mockReturnValue('#000') }),
+}));
+
+jest.mock('@kbn/entity-store/public', () => ({
+  ...jest.requireActual('@kbn/entity-store/public'),
+  useEntityStoreEuidApi: jest.fn().mockReturnValue({ euid: null }),
+}));
+
+jest.mock('../../../../common/lib/kibana', () => ({
+  useUiSetting: jest.fn().mockReturnValue(false),
+  useKibana: jest.fn().mockReturnValue({ services: {} }),
+}));
+
+jest.mock('../../../../flyout/entity_details/shared/hooks/use_entity_from_store', () => ({
+  useEntityFromStore: jest.fn().mockReturnValue({ entityRecord: null, isLoading: false }),
+}));
+
+jest.mock('../../../../common/components/links', () => ({
+  SecuritySolutionLinkAnchor: ({ children }: { children: React.ReactNode }) => (
+    <a href="/">{children}</a>
+  ),
+}));
+
+describe('VulnerabilitiesFindingsDetailsTable (v2)', () => {
+  const mockOnShowVulnerability = jest.fn();
+
+  beforeEach(() => {
+    jest.clearAllMocks();
+  });
+
+  it('renders without crashing', () => {
+    const { getByTestId } = render(
+      <TestProviders>
+        <VulnerabilitiesFindingsDetailsTable
+          identityField={EntityIdentifierFields.hostName}
+          value="my-host"
+          scopeId="scope-id"
+          onShowVulnerability={mockOnShowVulnerability}
+        />
+      </TestProviders>
+    );
+
+    expect(getByTestId('securitySolutionFlyoutVulnerabilitiesFindingsTable')).toBeInTheDocument();
+  });
+
+  it('accepts required onShowVulnerability callback without throwing', () => {
+    expect(() =>
+      render(
+        <TestProviders>
+          <VulnerabilitiesFindingsDetailsTable
+            identityField={EntityIdentifierFields.hostName}
+            value="my-host"
+            scopeId="scope-id"
+            entityId="host-entity-id"
+            entityType="host"
+            onShowVulnerability={mockOnShowVulnerability}
+          />
+        </TestProviders>
+      )
+    ).not.toThrow();
+  });
+});
diff --git a/x-pack/solutions/security/plugins/security_solution/public/cloud_security_posture/components/flyout_v2/csp_details/vulnerabilities_findings_details_table.tsx b/x-pack/solutions/security/plugins/security_solution/public/cloud_security_posture/components/flyout_v2/csp_details/vulnerabilities_findings_details_table.tsx
new file mode 100644
index 0000000000000..c8508204534b4
--- /dev/null
+++ b/x-pack/solutions/security/plugins/security_solution/public/cloud_security_posture/components/flyout_v2/csp_details/vulnerabilities_findings_details_table.tsx
@@ -0,0 +1,487 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React, { memo, useCallback, useEffect, useMemo, useState } from 'react';
+import type { Criteria, EuiBasicTableColumn, EuiTableSortingType } from '@elastic/eui';
+import {
+  EuiSpacer,
+  EuiPanel,
+  EuiText,
+  EuiBasicTable,
+  EuiIcon,
+  EuiButtonIcon,
+  EuiToolTip,
+} from '@elastic/eui';
+import { i18n } from '@kbn/i18n';
+import { DistributionBar } from '@kbn/security-solution-distribution-bar';
+import type {
+  VulnerabilitiesFindingDetailFields,
+  VulnerabilitiesPackage,
+} from '@kbn/cloud-security-posture/src/hooks/use_vulnerabilities_findings';
+import {
+  useVulnerabilitiesFindings,
+  VULNERABILITY_FINDING,
+} from '@kbn/cloud-security-posture/src/hooks/use_vulnerabilities_findings';
+import type { MultiValueCellAction } from '@kbn/cloud-security-posture';
+import {
+  getVulnerabilityStats,
+  CVSScoreBadge,
+  SeverityStatusBadge,
+  getNormalizedSeverity,
+  ActionableBadge,
+  MultiValueCellPopover,
+  findReferenceLink,
+} from '@kbn/cloud-security-posture';
+import {
+  ENTITY_FLYOUT_EXPAND_VULNERABILITY_VIEW_VISITS,
+  NAV_TO_FINDINGS_BY_HOST_NAME_FROM_ENTITY_FLYOUT,
+  uiMetricService,
+} from '@kbn/cloud-security-posture-common/utils/ui_metrics';
+import { METRIC_TYPE } from '@kbn/analytics';
+import { SecurityPageName } from '@kbn/deeplinks-security';
+import { useGetNavigationUrlParams } from '@kbn/cloud-security-posture/src/hooks/use_get_navigation_url_params';
+import { useGetSeverityStatusColor } from '@kbn/cloud-security-posture/src/hooks/use_get_severity_status_color';
+import { useHasVulnerabilities } from '@kbn/cloud-security-posture/src/hooks/use_has_vulnerabilities';
+import { get } from 'lodash/fp';
+import type { QueryDslQueryContainer } from '@kbn/data-views-plugin/common/types';
+
+import type { EntityType } from '@kbn/entity-store/public';
+import { FF_ENABLE_ENTITY_STORE_V2, useEntityStoreEuidApi } from '@kbn/entity-store/public';
+import type { UseCspOptions } from '@kbn/cloud-security-posture-common/types/findings';
+import { SecuritySolutionLinkAnchor } from '../../../../common/components/links';
+import { useUiSetting } from '../../../../common/lib/kibana';
+import { useEntityFromStore } from '../../../../flyout/entity_details/shared/hooks/use_entity_from_store';
+import type { CloudPostureEntityIdentifier } from '../../entity_insight';
+
+type VulnerabilitySortFieldType =
+  | 'score'
+  | 'vulnerability'
+  | 'resource'
+  | VULNERABILITY_FINDING.SEVERITY
+  | VULNERABILITY_FINDING.ID
+  | VULNERABILITY_FINDING.PACKAGE_NAME
+  | VULNERABILITY_FINDING.TITLE
+  | 'event'
+  | VULNERABILITY_FINDING.PACKAGE_VERSION;
+
+const EMPTY_VALUE = '-';
+
+const buildVulnerabilityCspOptions = ({
+  euidEntityFilter,
+  sort,
+  enabled,
+  pageSize,
+  currentFilter,
+  includeSeverityFilter,
+}: {
+  euidEntityFilter: QueryDslQueryContainer | undefined;
+  sort: UseCspOptions['sort'];
+  enabled: boolean;
+  pageSize: number;
+  currentFilter: string;
+  includeSeverityFilter: boolean;
+}): UseCspOptions => {
+  const filters: QueryDslQueryContainer[] = [];
+  if (euidEntityFilter) {
+    filters.push(euidEntityFilter);
+  }
+  if (includeSeverityFilter && currentFilter) {
+    filters.push({
+      bool: {
+        should: [
+          {
+            term: {
+              'vulnerability.severity': {
+                value: currentFilter,
+                case_insensitive: true,
+              },
+            },
+          },
+        ],
+        minimum_should_match: 1,
+      },
+    });
+  }
+  return {
+    query: { bool: { filter: filters } },
+    sort: sort ?? [],
+    enabled,
+    pageSize,
+  };
+};
+
+export const VulnerabilitiesFindingsDetailsTable = memo(
+  ({
+    identityField,
+    value,
+    scopeId,
+    entityId,
+    entityType,
+    onShowVulnerability,
+  }: {
+    identityField: CloudPostureEntityIdentifier;
+    value: string;
+    scopeId: string;
+    entityId?: string;
+    entityType?: string;
+    onShowVulnerability: (params: {
+      vulnerabilityId: string;
+      resourceId: string;
+      packageName: string;
+      packageVersion: string;
+      eventId: string;
+    }) => void;
+  }) => {
+    const { getSeverityStatusColor } = useGetSeverityStatusColor();
+
+    useEffect(() => {
+      uiMetricService.trackUiMetric(
+        METRIC_TYPE.COUNT,
+        ENTITY_FLYOUT_EXPAND_VULNERABILITY_VIEW_VISITS
+      );
+    }, []);
+
+    const [currentFilter, setCurrentFilter] = useState<string>('');
+    const [sortField, setSortField] = useState<VulnerabilitySortFieldType>(
+      VULNERABILITY_FINDING.SEVERITY
+    );
+    const [sortDirection, setSortDirection] = useState<'asc' | 'desc'>('asc');
+
+    const sortFieldDirection: { [key: string]: string } = {};
+    sortFieldDirection[sortField === 'score' ? 'vulnerability.score.base' : sortField] =
+      sortDirection;
+
+    const sorting: EuiTableSortingType<VulnerabilitiesFindingDetailFields> = {
+      sort: {
+        field: sortField,
+        direction: sortDirection,
+      },
+    };
+
+    const entityStoreV2Enabled = useUiSetting<boolean>(FF_ENABLE_ENTITY_STORE_V2);
+
+    const { entityRecord, isLoading: isEntityRecordLoading } = useEntityFromStore({
+      entityId,
+      entityType,
+      skip: !entityStoreV2Enabled || !entityId,
+    });
+
+    const euidApi = useEntityStoreEuidApi();
+    const euidEntityFilter = useMemo(() => {
+      if (!euidApi?.euid || entityRecord == null || entityType == null) {
+        return undefined;
+      }
+      return euidApi.euid.dsl.getEuidFilterBasedOnDocument(entityType as EntityType, entityRecord);
+    }, [euidApi?.euid, entityType, entityRecord]);
+
+    const cspQueriesEnabled =
+      entityRecord !== null && Boolean(euidEntityFilter) && Boolean(euidApi?.euid);
+
+    const { data, isLoading } = useVulnerabilitiesFindings(
+      buildVulnerabilityCspOptions({
+        euidEntityFilter,
+        sort: [sortFieldDirection],
+        enabled: cspQueriesEnabled,
+        pageSize: 1,
+        currentFilter,
+        includeSeverityFilter: true,
+      })
+    );
+
+    const { counts } = useHasVulnerabilities(
+      buildVulnerabilityCspOptions({
+        euidEntityFilter,
+        sort: [],
+        enabled: cspQueriesEnabled,
+        pageSize: 1,
+        currentFilter: '',
+        includeSeverityFilter: false,
+      })
+    );
+
+    const { critical = 0, high = 0, medium = 0, low = 0, none = 0 } = counts || {};
+
+    const [pageIndex, setPageIndex] = useState(0);
+    const [pageSize, setPageSize] = useState(10);
+
+    const findingsPagination = (findings: VulnerabilitiesFindingDetailFields[]) => {
+      let pageOfItems;
+
+      if (!pageIndex && !pageSize) {
+        pageOfItems = findings;
+      } else {
+        const startIndex = pageIndex * pageSize;
+        pageOfItems = findings?.slice(
+          startIndex,
+          Math.min(startIndex + pageSize, findings?.length)
+        );
+      }
+
+      return {
+        pageOfItems,
+        totalItemCount: findings?.length,
+      };
+    };
+
+    const { pageOfItems, totalItemCount } = findingsPagination(data?.rows || []);
+
+    const pagination = {
+      pageIndex,
+      pageSize,
+      totalItemCount,
+      pageSizeOptions: [10, 25, 100],
+    };
+
+    const onTableChange = ({ page, sort }: Criteria<VulnerabilitiesFindingDetailFields>) => {
+      if (page) {
+        const { index, size } = page;
+        setPageIndex(index);
+        setPageSize(size);
+      }
+      if (sort) {
+        const { field: fieldSort, direction } = sort;
+        setSortField(fieldSort);
+        setSortDirection(direction);
+      }
+    };
+
+    const getNavUrlParams: ReturnType<typeof useGetNavigationUrlParams> =
+      useGetNavigationUrlParams();
+
+    const getVulnerabilityUrl = (name: string, queryField: CloudPostureEntityIdentifier) => {
+      return getNavUrlParams({ [queryField]: name }, 'vulnerabilities');
+    };
+
+    const vulnerabilityStats = getVulnerabilityStats(
+      {
+        critical,
+        high,
+        medium,
+        low,
+        none,
+      },
+      getSeverityStatusColor,
+      setCurrentFilter,
+      currentFilter
+    );
+
+    const renderItem = useCallback(
+      (item: string, i: number, field: string, object: VulnerabilitiesFindingDetailFields) => {
+        const references = Array.isArray(object.vulnerability.reference)
+          ? object.vulnerability.reference
+          : [object.vulnerability.reference];
+
+        const url = findReferenceLink(references, item);
+
+        const actions: MultiValueCellAction[] = [
+          ...(field === 'vulnerability.id' && url
+            ? [
+                {
+                  onClick: () => window.open(url, '_blank'),
+                  iconType: 'external',
+                  ariaLabel: i18n.translate(
+                    'xpack.securitySolution.vulnerabilities.findingsDetailsTable.openUrlInWindow',
+                    {
+                      defaultMessage: 'Open URL in window',
+                    }
+                  ),
+                  title: i18n.translate(
+                    'xpack.securitySolution.vulnerabilities.findingsDetailsTable.openUrlInWindow',
+                    {
+                      defaultMessage: 'Open URL in window',
+                    }
+                  ),
+                },
+              ]
+            : []),
+        ];
+
+        return <ActionableBadge key={`${item}-${i}`} item={item} index={i} actions={actions} />;
+      },
+      []
+    );
+
+    const renderMultiValueCell = (field: string, finding: VulnerabilitiesFindingDetailFields) => {
+      const cellValue = get(field, finding);
+      if (!Array.isArray(cellValue)) {
+        return <EuiText size="s">{cellValue || EMPTY_VALUE}</EuiText>;
+      }
+
+      return (
+        <MultiValueCellPopover<VulnerabilitiesFindingDetailFields>
+          items={cellValue}
+          field={field}
+          object={finding}
+          renderItem={renderItem}
+          firstItemRenderer={(item) => <EuiText size="s">{item}</EuiText>}
+        />
+      );
+    };
+
+    const columns: Array<EuiBasicTableColumn<VulnerabilitiesFindingDetailFields>> = [
+      {
+        field: 'vulnerability',
+        name: '',
+        width: '5%',
+        render: (
+          vulnerability: VulnerabilitiesPackage,
+          finding: VulnerabilitiesFindingDetailFields
+        ) => (
+          <EuiToolTip
+            content={i18n.translate(
+              'xpack.securitySolution.flyout.left.insights.vulnerability.table.previewDetailsButtonTooltip',
+              {
+                defaultMessage: 'Preview vulnerability details',
+              }
+            )}
+            disableScreenReaderOutput
+          >
+            <EuiButtonIcon
+              iconType="maximize"
+              onClick={() => {
+                const vulnerabilityId = Array.isArray(vulnerability?.id)
+                  ? vulnerability.id[0]
+                  : vulnerability?.id;
+                onShowVulnerability({
+                  vulnerabilityId: vulnerabilityId ?? '',
+                  resourceId: finding?.resource?.id ?? '',
+                  packageName: finding?.[VULNERABILITY_FINDING.PACKAGE_NAME],
+                  packageVersion: finding?.[VULNERABILITY_FINDING.PACKAGE_VERSION],
+                  eventId: finding?.event?.id ?? '',
+                });
+              }}
+              aria-label={i18n.translate(
+                'xpack.securitySolution.flyout.left.insights.vulnerability.table.previewDetailsButtonAriaLabel',
+                {
+                  defaultMessage: 'Preview vulnerability details',
+                }
+              )}
+            />
+          </EuiToolTip>
+        ),
+      },
+      {
+        field: 'score',
+        render: (score: { version?: string; base?: number }) => (
+          <EuiText size="s">
+            <CVSScoreBadge version={score?.version} score={score?.base} />
+          </EuiText>
+        ),
+        name: i18n.translate(
+          'xpack.securitySolution.flyout.left.insights.vulnerability.table.ruleColumnName',
+          { defaultMessage: 'CVSS' }
+        ),
+        width: '10%',
+        sortable: true,
+      },
+      {
+        field: VULNERABILITY_FINDING.TITLE,
+        render: (title: string) => {
+          if (Array.isArray(title)) {
+            return <EuiText size="s">{title.join(', ')}</EuiText>;
+          }
+
+          return <EuiText size="s">{title || EMPTY_VALUE}</EuiText>;
+        },
+        name: i18n.translate(
+          'xpack.securitySolution.flyout.left.insights.vulnerability.table.vulnerabilityTitleColumnName',
+          { defaultMessage: 'Vulnerability Title' }
+        ),
+        width: '25%',
+        sortable: true,
+      },
+      {
+        field: VULNERABILITY_FINDING.ID,
+        render: (id: string, finding: VulnerabilitiesFindingDetailFields) =>
+          renderMultiValueCell(VULNERABILITY_FINDING.ID, finding),
+        name: i18n.translate(
+          'xpack.securitySolution.flyout.left.insights.vulnerability.table.vulnerabilityIdColumnName',
+          { defaultMessage: 'CVE ID' }
+        ),
+        width: '20%',
+        sortable: true,
+      },
+      {
+        field: VULNERABILITY_FINDING.SEVERITY,
+        render: (severity: string) => (
+          <>
+            <EuiText size="s">
+              <SeverityStatusBadge severity={getNormalizedSeverity(severity)} />
+            </EuiText>
+          </>
+        ),
+        name: i18n.translate(
+          'xpack.securitySolution.flyout.left.insights.vulnerability.table.ruleColumnName',
+          { defaultMessage: 'Severity' }
+        ),
+        width: '10%',
+        sortable: true,
+      },
+      {
+        field: VULNERABILITY_FINDING.PACKAGE_NAME,
+        render: (packageName: string, finding: VulnerabilitiesFindingDetailFields) =>
+          renderMultiValueCell(VULNERABILITY_FINDING.PACKAGE_NAME, finding),
+        name: i18n.translate(
+          'xpack.securitySolution.flyout.left.insights.vulnerability.table.ruleColumnName',
+          { defaultMessage: 'Package' }
+        ),
+        width: '30%',
+        sortable: true,
+      },
+    ];
+
+    return (
+      <>
+        <EuiPanel hasShadow={false}>
+          <SecuritySolutionLinkAnchor
+            deepLinkId={SecurityPageName.cloudSecurityPostureFindings}
+            path={`${getVulnerabilityUrl(value, identityField)}`}
+            target={'_blank'}
+            external={false}
+            onClick={() => {
+              uiMetricService.trackUiMetric(
+                METRIC_TYPE.CLICK,
+                NAV_TO_FINDINGS_BY_HOST_NAME_FROM_ENTITY_FLYOUT
+              );
+            }}
+          >
+            {i18n.translate(
+              'xpack.securitySolution.flyout.left.insights.vulnerability.tableTitle',
+              {
+                defaultMessage: 'Vulnerability ',
+              }
+            )}
+            <EuiIcon type="external" aria-hidden={true} />
+          </SecuritySolutionLinkAnchor>
+          <EuiSpacer size="xl" />
+          <DistributionBar stats={vulnerabilityStats} />
+          <EuiSpacer size="l" />
+          <EuiBasicTable
+            items={pageOfItems || []}
+            rowHeader="result"
+            columns={columns}
+            pagination={pagination}
+            onChange={onTableChange}
+            data-test-subj={'securitySolutionFlyoutVulnerabilitiesFindingsTable'}
+            sorting={sorting}
+            loading={
+              isLoading || (entityStoreV2Enabled && Boolean(entityId) && isEntityRecordLoading)
+            }
+            tableCaption={i18n.translate(
+              'xpack.securitySolution.flyout.left.insights.vulnerability.findingsTableCaption',
+              {
+                defaultMessage: 'List of vulnerability findings',
+              }
+            )}
+          />
+        </EuiPanel>
+      </>
+    );
+  }
+);
+
+VulnerabilitiesFindingsDetailsTable.displayName = 'VulnerabilitiesFindingsDetailsTable';
diff --git a/x-pack/solutions/security/plugins/security_solution/public/cloud_security_posture/components/flyout_v2/entity_insight.test.tsx b/x-pack/solutions/security/plugins/security_solution/public/cloud_security_posture/components/flyout_v2/entity_insight.test.tsx
new file mode 100644
index 0000000000000..28355e8b9ef25
--- /dev/null
+++ b/x-pack/solutions/security/plugins/security_solution/public/cloud_security_posture/components/flyout_v2/entity_insight.test.tsx
@@ -0,0 +1,117 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React from 'react';
+import { render } from '@testing-library/react';
+import { EntityInsight } from './entity_insight';
+import { TestProviders } from '../../../common/mock/test_providers';
+
+jest.mock('@kbn/cloud-security-posture/src/hooks/use_has_misconfigurations', () => ({
+  useHasMisconfigurations: jest.fn().mockReturnValue({
+    hasMisconfigurationFindings: false,
+    passedFindings: 0,
+    failedFindings: 0,
+  }),
+}));
+
+jest.mock('@kbn/cloud-security-posture/src/hooks/use_has_vulnerabilities', () => ({
+  useHasVulnerabilities: jest.fn().mockReturnValue({ hasVulnerabilitiesFindings: false }),
+}));
+
+jest.mock('@kbn/entity-store/public', () => ({
+  ...jest.requireActual('@kbn/entity-store/public'),
+  useEntityStoreEuidApi: jest.fn().mockReturnValue({ euid: null }),
+}));
+
+jest.mock('../../../common/containers/use_global_time', () => ({
+  useGlobalTime: jest.fn().mockReturnValue({ to: '2023-01-01', from: '2022-01-01' }),
+}));
+
+jest.mock('../../hooks/use_non_closed_alerts', () => ({
+  useNonClosedAlerts: jest.fn().mockReturnValue({
+    hasNonClosedAlerts: false,
+    filteredAlertsData: null,
+  }),
+}));
+
+jest.mock('../../../common/lib/kibana', () => ({
+  useUiSetting: jest.fn().mockReturnValue(false),
+  useKibana: jest.fn().mockReturnValue({ services: {} }),
+}));
+
+import { useHasMisconfigurations } from '@kbn/cloud-security-posture/src/hooks/use_has_misconfigurations';
+import { useNonClosedAlerts } from '../../hooks/use_non_closed_alerts';
+
+describe('EntityInsight (v2)', () => {
+  const mockOpenDetailsPanel = jest.fn();
+
+  beforeEach(() => {
+    jest.clearAllMocks();
+    (useHasMisconfigurations as jest.Mock).mockReturnValue({
+      hasMisconfigurationFindings: false,
+      passedFindings: 0,
+      failedFindings: 0,
+    });
+    (useNonClosedAlerts as jest.Mock).mockReturnValue({
+      hasNonClosedAlerts: false,
+      filteredAlertsData: null,
+    });
+  });
+
+  it('does not render the accordion when there are no insights', () => {
+    const { queryByTestId } = render(
+      <TestProviders>
+        <EntityInsight
+          identityFields={{ 'host.name': 'my-host' }}
+          openDetailsPanel={mockOpenDetailsPanel}
+          entityType="host"
+        />
+      </TestProviders>
+    );
+
+    expect(queryByTestId('entityInsightTestSubj')).not.toBeInTheDocument();
+  });
+
+  it('renders the accordion when there are misconfiguration insights', () => {
+    (useHasMisconfigurations as jest.Mock).mockReturnValue({
+      hasMisconfigurationFindings: true,
+      passedFindings: 2,
+      failedFindings: 1,
+    });
+
+    const { getByTestId } = render(
+      <TestProviders>
+        <EntityInsight
+          identityFields={{ 'host.name': 'my-host' }}
+          openDetailsPanel={mockOpenDetailsPanel}
+          entityType="host"
+        />
+      </TestProviders>
+    );
+
+    expect(getByTestId('entityInsightTestSubj')).toBeInTheDocument();
+  });
+
+  it('renders the accordion when there are alert insights', () => {
+    (useNonClosedAlerts as jest.Mock).mockReturnValue({
+      hasNonClosedAlerts: true,
+      filteredAlertsData: { open: { total: 3, severities: [] } },
+    });
+
+    const { getByTestId } = render(
+      <TestProviders>
+        <EntityInsight
+          identityFields={{ 'host.name': 'my-host' }}
+          openDetailsPanel={mockOpenDetailsPanel}
+          entityType="host"
+        />
+      </TestProviders>
+    );
+
+    expect(getByTestId('entityInsightTestSubj')).toBeInTheDocument();
+  });
+});
diff --git a/x-pack/solutions/security/plugins/security_solution/public/cloud_security_posture/components/flyout_v2/entity_insight.tsx b/x-pack/solutions/security/plugins/security_solution/public/cloud_security_posture/components/flyout_v2/entity_insight.tsx
new file mode 100644
index 0000000000000..372cd5149d4d7
--- /dev/null
+++ b/x-pack/solutions/security/plugins/security_solution/public/cloud_security_posture/components/flyout_v2/entity_insight.tsx
@@ -0,0 +1,153 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { EuiAccordion, EuiHorizontalRule, EuiSpacer, EuiTitle, useEuiTheme } from '@elastic/eui';
+import React from 'react';
+import { css } from '@emotion/react';
+import { FormattedMessage } from '@kbn/i18n-react';
+import { useHasVulnerabilities } from '@kbn/cloud-security-posture/src/hooks/use_has_vulnerabilities';
+import { useHasMisconfigurations } from '@kbn/cloud-security-posture/src/hooks/use_has_misconfigurations';
+import { FF_ENABLE_ENTITY_STORE_V2, useEntityStoreEuidApi } from '@kbn/entity-store/public';
+import {
+  buildEuidCspPreviewOptions,
+  inferEntityTypeFromIdentityFields,
+} from '../../utils/build_euid_csp_preview_options';
+import type { EntityIdentifierFields } from '../../../../common/entity_analytics/types';
+import type { IdentityFields } from '../../../flyout/document_details/shared/utils';
+import { MisconfigurationsPreview } from './misconfiguration/misconfiguration_preview';
+import { VulnerabilitiesPreview } from './vulnerabilities/vulnerabilities_preview';
+import { AlertsPreview } from './alerts/alerts_preview';
+import { useGlobalTime } from '../../../common/containers/use_global_time';
+import { DETECTION_RESPONSE_ALERTS_BY_STATUS_ID } from '../../../overview/components/detection_response/alerts_by_status/types';
+import { useNonClosedAlerts } from '../../hooks/use_non_closed_alerts';
+import type { EntityDetailsPath } from '../../../flyout/entity_details/shared/components/left_panel/left_panel_header';
+import { useUiSetting } from '../../../common/lib/kibana';
+import type { EntityStoreRecord } from '../../../flyout/entity_details/shared/hooks/use_entity_from_store';
+
+export type CloudPostureEntityIdentifier =
+  | Extract<
+      EntityIdentifierFields,
+      | EntityIdentifierFields.hostName
+      | EntityIdentifierFields.userName
+      | EntityIdentifierFields.generic
+    >
+  | 'related.entity'; // related.entity is not an entity identifier field, but it includes entity ids which we use to filter for related entities
+
+export const EntityInsight = <T,>({
+  identityFields,
+  openDetailsPanel,
+  entityType,
+  entityRecord,
+}: {
+  identityFields: IdentityFields;
+  openDetailsPanel: (path: EntityDetailsPath) => void;
+  /** Host or user when the flyout represents that entity; enables v2 alerts resolution by `entity.id`. */
+  entityType?: string;
+  entityRecord?: EntityStoreRecord | null;
+}) => {
+  const { euiTheme } = useEuiTheme();
+  const euidApi = useEntityStoreEuidApi();
+  const entityStoreV2Enabled = useUiSetting<boolean>(FF_ENABLE_ENTITY_STORE_V2);
+  const insightContent: React.ReactElement[] = [];
+
+  const cspPreviewEntityType = inferEntityTypeFromIdentityFields(identityFields);
+  const {
+    hasMisconfigurationFindings: showMisconfigurationsPreview,
+    passedFindings,
+    failedFindings,
+  } = useHasMisconfigurations(
+    buildEuidCspPreviewOptions(cspPreviewEntityType, entityRecord, euidApi, {
+      entityStoreV2Enabled,
+      legacyIdentityFields: identityFields,
+    })
+  );
+
+  const { hasVulnerabilitiesFindings } = useHasVulnerabilities(
+    buildEuidCspPreviewOptions(cspPreviewEntityType, entityRecord, euidApi, {
+      entityStoreV2Enabled,
+      legacyIdentityFields: identityFields,
+    })
+  );
+
+  const showVulnerabilitiesPreview =
+    hasVulnerabilitiesFindings && Object.keys(identityFields).length > 0;
+
+  const { to, from } = useGlobalTime();
+
+  const { hasNonClosedAlerts: showAlertsPreview, filteredAlertsData } = useNonClosedAlerts({
+    identityFields,
+    entityRecord,
+    entityType,
+    to,
+    from,
+    queryId: DETECTION_RESPONSE_ALERTS_BY_STATUS_ID,
+  });
+
+  if (showAlertsPreview) {
+    insightContent.push(
+      <>
+        <AlertsPreview alertsData={filteredAlertsData} openDetailsPanel={openDetailsPanel} />
+        <EuiSpacer size="s" />
+      </>
+    );
+  }
+  if (showMisconfigurationsPreview)
+    insightContent.push(
+      <>
+        <MisconfigurationsPreview
+          passedFindings={passedFindings}
+          failedFindings={failedFindings}
+          openDetailsPanel={openDetailsPanel}
+        />
+        <EuiSpacer size="s" />
+      </>
+    );
+  if (showVulnerabilitiesPreview)
+    insightContent.push(
+      <>
+        <VulnerabilitiesPreview
+          identityFields={identityFields}
+          entityRecord={entityRecord}
+          openDetailsPanel={openDetailsPanel}
+        />
+        <EuiSpacer size="s" />
+      </>
+    );
+  return (
+    <>
+      {insightContent.length > 0 && (
+        <>
+          <EuiAccordion
+            initialIsOpen={true}
+            id="entityInsight-accordion"
+            data-test-subj="entityInsightTestSubj"
+            buttonProps={{
+              'data-test-subj': 'entityInsight-accordion-button',
+              css: css`
+                color: ${euiTheme.colors.primary};
+              `,
+            }}
+            buttonContent={
+              <EuiTitle size="xs">
+                <h3>
+                  <FormattedMessage
+                    id="xpack.securitySolution.flyout.entityDetails.insightsTitle"
+                    defaultMessage="Insights"
+                  />
+                </h3>
+              </EuiTitle>
+            }
+          >
+            <EuiSpacer size="m" />
+            {insightContent}
+          </EuiAccordion>
+          <EuiHorizontalRule />
+        </>
+      )}
+    </>
+  );
+};
diff --git a/x-pack/solutions/security/plugins/security_solution/public/cloud_security_posture/components/flyout_v2/misconfiguration/misconfiguration_preview.test.tsx b/x-pack/solutions/security/plugins/security_solution/public/cloud_security_posture/components/flyout_v2/misconfiguration/misconfiguration_preview.test.tsx
new file mode 100644
index 0000000000000..e196c07fb7a7e
--- /dev/null
+++ b/x-pack/solutions/security/plugins/security_solution/public/cloud_security_posture/components/flyout_v2/misconfiguration/misconfiguration_preview.test.tsx
@@ -0,0 +1,31 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React from 'react';
+import { render } from '@testing-library/react';
+import { MisconfigurationsPreview } from './misconfiguration_preview';
+import { TestProviders } from '../../../../common/mock/test_providers';
+
+describe('MisconfigurationsPreview (v2)', () => {
+  const mockOpenDetailsPanel = jest.fn();
+
+  it('renders', () => {
+    const { getByTestId } = render(
+      <TestProviders>
+        <MisconfigurationsPreview
+          passedFindings={1}
+          failedFindings={1}
+          openDetailsPanel={mockOpenDetailsPanel}
+        />
+      </TestProviders>
+    );
+
+    expect(
+      getByTestId('securitySolutionFlyoutInsightsMisconfigurationsTitleLink')
+    ).toBeInTheDocument();
+  });
+});
diff --git a/x-pack/solutions/security/plugins/security_solution/public/cloud_security_posture/components/flyout_v2/misconfiguration/misconfiguration_preview.tsx b/x-pack/solutions/security/plugins/security_solution/public/cloud_security_posture/components/flyout_v2/misconfiguration/misconfiguration_preview.tsx
new file mode 100644
index 0000000000000..a19a908202322
--- /dev/null
+++ b/x-pack/solutions/security/plugins/security_solution/public/cloud_security_posture/components/flyout_v2/misconfiguration/misconfiguration_preview.tsx
@@ -0,0 +1,181 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React, { useCallback, useEffect, useMemo } from 'react';
+import { css } from '@emotion/react';
+import { EuiFlexGroup, EuiFlexItem, EuiSpacer, EuiText, EuiTitle, useEuiTheme } from '@elastic/eui';
+import { FormattedMessage } from '@kbn/i18n-react';
+import { DistributionBar } from '@kbn/security-solution-distribution-bar';
+import { i18n } from '@kbn/i18n';
+import { useGetMisconfigurationStatusColor } from '@kbn/cloud-security-posture';
+import { MISCONFIGURATION_STATUS } from '@kbn/cloud-security-posture-common';
+import { METRIC_TYPE } from '@kbn/analytics';
+import {
+  ENTITY_FLYOUT_WITH_MISCONFIGURATION_VISIT,
+  uiMetricService,
+} from '@kbn/cloud-security-posture-common/utils/ui_metrics';
+import { ExpandablePanel } from '../../../../flyout_v2/shared/components/expandable_panel';
+import type { EntityDetailsPath } from '../../../../flyout/entity_details/shared/components/left_panel/left_panel_header';
+import {
+  CspInsightLeftPanelSubTab,
+  EntityDetailsLeftPanelTab,
+} from '../../../../flyout/entity_details/shared/components/left_panel/left_panel_header';
+
+interface MisconfigurationPreviewDistributionBarProps {
+  key: string;
+  count: number;
+  color: string;
+}
+
+export const useGetFindingsStats = (passedFindingsStats: number, failedFindingsStats: number) => {
+  const { getMisconfigurationStatusColor } = useGetMisconfigurationStatusColor();
+
+  return useMemo(() => {
+    const misconfigurationStats: MisconfigurationPreviewDistributionBarProps[] = [];
+    if (passedFindingsStats === 0 && failedFindingsStats === 0) return [];
+    if (passedFindingsStats > 0) {
+      misconfigurationStats.push({
+        key: i18n.translate(
+          'xpack.securitySolution.flyout.right.insights.misconfigurations.passedFindingsText',
+          {
+            defaultMessage: '{count, plural, one {Passed finding} other {Passed findings}}',
+            values: { count: passedFindingsStats },
+          }
+        ),
+        count: passedFindingsStats,
+        color: getMisconfigurationStatusColor(MISCONFIGURATION_STATUS.PASSED),
+      });
+    }
+    if (failedFindingsStats > 0) {
+      misconfigurationStats.push({
+        key: i18n.translate(
+          'xpack.securitySolution.flyout.right.insights.misconfigurations.failedFindingsText',
+          {
+            defaultMessage: '{count, plural, one {Failed finding} other {Failed findings}}',
+            values: { count: failedFindingsStats },
+          }
+        ),
+        count: failedFindingsStats,
+        color: getMisconfigurationStatusColor(MISCONFIGURATION_STATUS.FAILED),
+      });
+    }
+    return misconfigurationStats;
+  }, [passedFindingsStats, failedFindingsStats, getMisconfigurationStatusColor]);
+};
+
+const MisconfigurationPreviewScore = ({
+  passedFindings,
+  failedFindings,
+}: {
+  passedFindings: number;
+  failedFindings: number;
+}) => {
+  const { euiTheme } = useEuiTheme();
+
+  return (
+    <EuiFlexItem>
+      <EuiFlexGroup direction="column" gutterSize="none">
+        <EuiFlexItem>
+          <EuiTitle size="s">
+            <h3>{`${Math.round((passedFindings / (passedFindings + failedFindings)) * 100)}%`}</h3>
+          </EuiTitle>
+        </EuiFlexItem>
+        <EuiFlexItem>
+          <EuiText
+            size="xs"
+            css={css`
+              font-weight: ${euiTheme.font.weight.semiBold};
+            `}
+          >
+            <FormattedMessage
+              id="xpack.securitySolution.flyout.right.insights.misconfigurations.postureScoreDescription"
+              defaultMessage="Posture score"
+            />
+          </EuiText>
+        </EuiFlexItem>
+      </EuiFlexGroup>
+    </EuiFlexItem>
+  );
+};
+
+export const MisconfigurationsPreview = ({
+  openDetailsPanel,
+  passedFindings,
+  failedFindings,
+}: {
+  passedFindings: number;
+  failedFindings: number;
+  openDetailsPanel: (path: EntityDetailsPath) => void;
+}) => {
+  const findingsStats = useGetFindingsStats(passedFindings, failedFindings);
+
+  useEffect(() => {
+    uiMetricService.trackUiMetric(METRIC_TYPE.CLICK, ENTITY_FLYOUT_WITH_MISCONFIGURATION_VISIT);
+  }, []);
+  const { euiTheme } = useEuiTheme();
+
+  const goToEntityInsightTab = useCallback(
+    () =>
+      openDetailsPanel({
+        tab: EntityDetailsLeftPanelTab.CSP_INSIGHTS,
+        subTab: CspInsightLeftPanelSubTab.MISCONFIGURATIONS,
+      }),
+    [openDetailsPanel]
+  );
+
+  const link = useMemo(
+    () => ({
+      callback: goToEntityInsightTab,
+      tooltip: (
+        <FormattedMessage
+          id="xpack.securitySolution.flyout.right.insights.misconfiguration.misconfigurationTooltip"
+          defaultMessage="Show all misconfiguration findings"
+        />
+      ),
+    }),
+    [goToEntityInsightTab]
+  );
+  return (
+    <ExpandablePanel
+      header={{
+        iconType: '',
+        title: (
+          <EuiTitle
+            css={css`
+              font-weight: ${euiTheme.font.weight.semiBold};
+            `}
+            data-test-subj={'securitySolutionFlyoutInsightsMisconfigurationsTitleText'}
+          >
+            <FormattedMessage
+              id="xpack.securitySolution.flyout.right.insights.misconfigurations.misconfigurationsTitle"
+              defaultMessage="Misconfigurations"
+            />
+          </EuiTitle>
+        ),
+        link,
+      }}
+      data-test-subj={'securitySolutionFlyoutInsightsMisconfigurations'}
+    >
+      <EuiFlexGroup gutterSize="none">
+        <MisconfigurationPreviewScore
+          passedFindings={passedFindings}
+          failedFindings={failedFindings}
+        />
+
+        <EuiFlexItem grow={2}>
+          <EuiFlexGroup direction="column" gutterSize="none">
+            <EuiFlexItem />
+            <EuiFlexItem>
+              <EuiSpacer />
+              <DistributionBar stats={findingsStats} />
+            </EuiFlexItem>
+          </EuiFlexGroup>
+        </EuiFlexItem>
+      </EuiFlexGroup>
+    </ExpandablePanel>
+  );
+};
diff --git a/x-pack/solutions/security/plugins/security_solution/public/cloud_security_posture/components/flyout_v2/vulnerabilities/vulnerabilities_preview.test.tsx b/x-pack/solutions/security/plugins/security_solution/public/cloud_security_posture/components/flyout_v2/vulnerabilities/vulnerabilities_preview.test.tsx
new file mode 100644
index 0000000000000..4109042b6600e
--- /dev/null
+++ b/x-pack/solutions/security/plugins/security_solution/public/cloud_security_posture/components/flyout_v2/vulnerabilities/vulnerabilities_preview.test.tsx
@@ -0,0 +1,39 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React from 'react';
+import { render } from '@testing-library/react';
+import { VulnerabilitiesPreview } from './vulnerabilities_preview';
+import { useVulnerabilitiesPreview } from '@kbn/cloud-security-posture/src/hooks/use_vulnerabilities_preview';
+import { TestProviders } from '../../../../common/mock/test_providers';
+
+jest.mock('@kbn/cloud-security-posture/src/hooks/use_vulnerabilities_preview');
+
+describe('VulnerabilitiesPreview (v2)', () => {
+  const mockOpenDetailsPanel = jest.fn();
+
+  beforeEach(() => {
+    (useVulnerabilitiesPreview as jest.Mock).mockReturnValue({
+      data: { count: { CRITICAL: 0, HIGH: 1, MEDIUM: 1, LOW: 0, UNKNOWN: 0 } },
+    });
+  });
+
+  it('renders', () => {
+    const { getByTestId } = render(
+      <TestProviders>
+        <VulnerabilitiesPreview
+          identityFields={{ 'host.name': 'host1' }}
+          openDetailsPanel={mockOpenDetailsPanel}
+        />
+      </TestProviders>
+    );
+
+    expect(
+      getByTestId('securitySolutionFlyoutInsightsVulnerabilitiesTitleLink')
+    ).toBeInTheDocument();
+  });
+});
diff --git a/x-pack/solutions/security/plugins/security_solution/public/cloud_security_posture/components/flyout_v2/vulnerabilities/vulnerabilities_preview.tsx b/x-pack/solutions/security/plugins/security_solution/public/cloud_security_posture/components/flyout_v2/vulnerabilities/vulnerabilities_preview.tsx
new file mode 100644
index 0000000000000..f07fdd5f655ce
--- /dev/null
+++ b/x-pack/solutions/security/plugins/security_solution/public/cloud_security_posture/components/flyout_v2/vulnerabilities/vulnerabilities_preview.tsx
@@ -0,0 +1,178 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React, { useCallback, useEffect, useMemo } from 'react';
+import { css } from '@emotion/react';
+import { EuiFlexGroup, EuiFlexItem, EuiSpacer, EuiText, EuiTitle, useEuiTheme } from '@elastic/eui';
+import { FormattedMessage } from '@kbn/i18n-react';
+import { DistributionBar } from '@kbn/security-solution-distribution-bar';
+import { useVulnerabilitiesPreview } from '@kbn/cloud-security-posture/src/hooks/use_vulnerabilities_preview';
+import { useGetSeverityStatusColor } from '@kbn/cloud-security-posture/src/hooks/use_get_severity_status_color';
+import { getAbbreviatedNumber } from '@kbn/cloud-security-posture-common';
+import { getVulnerabilityStats, hasVulnerabilitiesData } from '@kbn/cloud-security-posture';
+import {
+  ENTITY_FLYOUT_WITH_VULNERABILITY_PREVIEW,
+  uiMetricService,
+} from '@kbn/cloud-security-posture-common/utils/ui_metrics';
+import { METRIC_TYPE } from '@kbn/analytics';
+import { FF_ENABLE_ENTITY_STORE_V2, useEntityStoreEuidApi } from '@kbn/entity-store/public';
+import type { EntityStoreRecord } from '../../../../flyout/entity_details/shared/hooks/use_entity_from_store';
+import {
+  buildEuidCspPreviewOptions,
+  inferEntityTypeFromIdentityFields,
+} from '../../../utils/build_euid_csp_preview_options';
+import { ExpandablePanel } from '../../../../flyout_v2/shared/components/expandable_panel';
+import type { EntityDetailsPath } from '../../../../flyout/entity_details/shared/components/left_panel/left_panel_header';
+import {
+  CspInsightLeftPanelSubTab,
+  EntityDetailsLeftPanelTab,
+} from '../../../../flyout/entity_details/shared/components/left_panel/left_panel_header';
+import type { IdentityFields } from '../../../../flyout/document_details/shared/utils';
+import { useUiSetting } from '../../../../common/lib/kibana';
+
+const VulnerabilitiesCount = ({
+  vulnerabilitiesTotal,
+}: {
+  vulnerabilitiesTotal: string | number;
+}) => {
+  const { euiTheme } = useEuiTheme();
+
+  return (
+    <EuiFlexItem>
+      <EuiFlexGroup direction="column" gutterSize="none">
+        <EuiFlexItem>
+          <EuiTitle size="s">
+            <h3>{vulnerabilitiesTotal}</h3>
+          </EuiTitle>
+        </EuiFlexItem>
+        <EuiFlexItem>
+          <EuiText
+            size="xs"
+            css={css`
+              font-weight: ${euiTheme.font.weight.semiBold};
+            `}
+          >
+            <FormattedMessage
+              id="xpack.securitySolution.flyout.right.insights.vulnerabilities.vulnerabilitiesCountDescription"
+              defaultMessage="Vulnerabilities"
+            />
+          </EuiText>
+        </EuiFlexItem>
+      </EuiFlexGroup>
+    </EuiFlexItem>
+  );
+};
+
+export const VulnerabilitiesPreview = ({
+  identityFields,
+  entityRecord,
+  openDetailsPanel,
+}: {
+  identityFields: IdentityFields;
+  entityRecord?: EntityStoreRecord | null;
+  openDetailsPanel: (path: EntityDetailsPath) => void;
+}) => {
+  useEffect(() => {
+    uiMetricService.trackUiMetric(METRIC_TYPE.CLICK, ENTITY_FLYOUT_WITH_VULNERABILITY_PREVIEW);
+  }, []);
+
+  const euidApi = useEntityStoreEuidApi();
+  const entityStoreV2Enabled = useUiSetting<boolean>(FF_ENABLE_ENTITY_STORE_V2);
+  const entityType = inferEntityTypeFromIdentityFields(identityFields);
+  const cspPreviewOptions = useMemo(
+    () =>
+      buildEuidCspPreviewOptions(entityType, entityRecord, euidApi, {
+        entityStoreV2Enabled,
+        legacyIdentityFields: identityFields,
+      }),
+    [entityType, entityRecord, euidApi, entityStoreV2Enabled, identityFields]
+  );
+  const { data } = useVulnerabilitiesPreview(cspPreviewOptions);
+
+  const { CRITICAL = 0, HIGH = 0, MEDIUM = 0, LOW = 0, NONE = 0 } = data?.count || {};
+
+  const totalVulnerabilities = CRITICAL + HIGH + MEDIUM + LOW + NONE;
+
+  const hasVulnerabilitiesFindings = hasVulnerabilitiesData({
+    critical: CRITICAL,
+    high: HIGH,
+    medium: MEDIUM,
+    low: LOW,
+    none: NONE,
+  });
+
+  const { euiTheme } = useEuiTheme();
+  const { getSeverityStatusColor } = useGetSeverityStatusColor();
+
+  const goToEntityInsightTab = useCallback(
+    () =>
+      openDetailsPanel({
+        tab: EntityDetailsLeftPanelTab.CSP_INSIGHTS,
+        subTab: CspInsightLeftPanelSubTab.VULNERABILITIES,
+      }),
+    [openDetailsPanel]
+  );
+
+  const link = useMemo(
+    () => ({
+      callback: goToEntityInsightTab,
+      tooltip: (
+        <FormattedMessage
+          id="xpack.securitySolution.flyout.right.insights.vulnerabilities.vulnerabilitiesTooltip"
+          defaultMessage="Show all vulnerabilities findings"
+        />
+      ),
+    }),
+    [goToEntityInsightTab]
+  );
+
+  const vulnerabilityStats = getVulnerabilityStats(
+    {
+      critical: CRITICAL,
+      high: HIGH,
+      medium: MEDIUM,
+      low: LOW,
+      none: NONE,
+    },
+    getSeverityStatusColor
+  );
+
+  return (
+    <ExpandablePanel
+      header={{
+        iconType: '',
+        title: (
+          <EuiTitle
+            css={css`
+              font-weight: ${euiTheme.font.weight.semiBold};
+            `}
+          >
+            <FormattedMessage
+              id="xpack.securitySolution.flyout.right.insights.vulnerabilities.vulnerabilitiesTitle"
+              defaultMessage="Vulnerabilities"
+            />
+          </EuiTitle>
+        ),
+        link: hasVulnerabilitiesFindings ? link : undefined,
+      }}
+      data-test-subj={'securitySolutionFlyoutInsightsVulnerabilities'}
+    >
+      <EuiFlexGroup gutterSize="none">
+        <VulnerabilitiesCount vulnerabilitiesTotal={getAbbreviatedNumber(totalVulnerabilities)} />
+        <EuiFlexItem grow={2}>
+          <EuiFlexGroup direction="column" gutterSize="none">
+            <EuiFlexItem />
+            <EuiFlexItem>
+              <EuiSpacer />
+              <DistributionBar stats={vulnerabilityStats} />
+            </EuiFlexItem>
+          </EuiFlexGroup>
+        </EuiFlexItem>
+      </EuiFlexGroup>
+    </ExpandablePanel>
+  );
+};
diff --git a/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/entity_details_flyout/hooks/use_risk_input_actions_panels.test.tsx b/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/entity_details_flyout/hooks/use_risk_input_actions_panels.test.tsx
index 59d88072efe1d..95e2cb84f23fc 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/entity_details_flyout/hooks/use_risk_input_actions_panels.test.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/entity_details_flyout/hooks/use_risk_input_actions_panels.test.tsx
@@ -16,6 +16,7 @@ import { useRiskInputActionsPanels } from './use_risk_input_actions_panels';
 import { useSendBulkToTimeline } from '../../../../detections/components/alerts_table/timeline_actions/use_send_bulk_to_timeline';
 import { useUserPrivileges } from '../../../../common/components/user_privileges';
 import { EntityEventTypes } from '../../../../common/lib/telemetry';
+import { useIsInSecurityApp } from '../../../../common/hooks/is_in_security_app';
 
 const casesServiceMock = casesPluginMock.createStartContract();
 const mockCanUseCases = jest.fn();
@@ -50,9 +51,11 @@ jest.mock(
   '../../../../detections/components/alerts_table/timeline_actions/use_send_bulk_to_timeline'
 );
 jest.mock('../../../../common/components/user_privileges');
+jest.mock('../../../../common/hooks/is_in_security_app');
 
 const mockUseSendBulkToTimeline = useSendBulkToTimeline as jest.Mock;
 const mockUseUserPrivileges = useUserPrivileges as jest.Mock;
+const mockUseIsInSecurityApp = useIsInSecurityApp as jest.Mock;
 
 const TestMenu = ({ panels }: { panels: EuiContextMenuPanelDescriptor[] }) => (
   <EuiContextMenu initialPanelId={0} panels={panels} />
@@ -83,6 +86,7 @@ describe('useRiskInputActionsPanels', () => {
     mockUseUserPrivileges.mockReturnValue({
       timelinePrivileges: { read: false },
     });
+    mockUseIsInSecurityApp.mockReturnValue(true);
   });
 
   it('displays the rule name when only one alert is selected', () => {
diff --git a/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/entity_details_flyout/hooks/use_risk_input_actions_panels.tsx b/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/entity_details_flyout/hooks/use_risk_input_actions_panels.tsx
index bddf26b8bf52f..25da74d022e6e 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/entity_details_flyout/hooks/use_risk_input_actions_panels.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/entity_details_flyout/hooks/use_risk_input_actions_panels.tsx
@@ -20,6 +20,7 @@ import { useSendBulkToTimeline } from '../../../../detections/components/alerts_
 import { useUserPrivileges } from '../../../../common/components/user_privileges';
 import { EntityEventTypes } from '../../../../common/lib/telemetry';
 import { useKibana } from '../../../../common/lib/kibana/kibana_react';
+import { useIsInSecurityApp } from '../../../../common/hooks/is_in_security_app';
 
 export const useRiskInputActionsPanels = (inputs: InputAlert[], closePopover: () => void) => {
   const { cases: casesService, telemetry } = useKibana().services;
@@ -28,6 +29,7 @@ export const useRiskInputActionsPanels = (inputs: InputAlert[], closePopover: ()
   const {
     timelinePrivileges: { read: canReadTimelines },
   } = useUserPrivileges();
+  const isInSecurityApp = useIsInSecurityApp();
   const userCasesPermissions = casesService?.helpers.canUseCases([SECURITY_SOLUTION_OWNER]);
   const hasCasesPermissions = userCasesPermissions?.create && userCasesPermissions?.read;
 
@@ -37,7 +39,7 @@ export const useRiskInputActionsPanels = (inputs: InputAlert[], closePopover: ()
     tableId: TableId.riskInputs,
   });
   const timelineActions = useMemo(() => {
-    if (!canReadTimelines) {
+    if (!canReadTimelines || !isInSecurityApp) {
       return [];
     }
 
@@ -71,7 +73,14 @@ export const useRiskInputActionsPanels = (inputs: InputAlert[], closePopover: ()
         },
       },
     ];
-  }, [canReadTimelines, inputs, sendBulkEventsToTimelineHandler, closePopover, telemetry]);
+  }, [
+    canReadTimelines,
+    isInSecurityApp,
+    inputs,
+    sendBulkEventsToTimelineHandler,
+    closePopover,
+    telemetry,
+  ]);
 
   return useMemo(() => {
     const ruleName = get(['alert', ALERT_RULE_NAME], inputs[0]) ?? '';
diff --git a/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/flyout_v2/constants.ts b/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/flyout_v2/constants.ts
new file mode 100644
index 0000000000000..74b20561ba130
--- /dev/null
+++ b/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/flyout_v2/constants.ts
@@ -0,0 +1,8 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export const RISK_INPUTS_TAB_QUERY_ID = 'RiskInputsTabQuery';
diff --git a/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/flyout_v2/risk_inputs_tab.test.tsx b/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/flyout_v2/risk_inputs_tab.test.tsx
new file mode 100644
index 0000000000000..20633bdd62cb2
--- /dev/null
+++ b/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/flyout_v2/risk_inputs_tab.test.tsx
@@ -0,0 +1,946 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { fireEvent, render } from '@testing-library/react';
+import React from 'react';
+import { TestProviders } from '../../../common/mock';
+import { times } from 'lodash/fp';
+import { EXPAND_ALERT_TEST_ID, RiskInputsTab } from './risk_inputs_tab';
+import { alertInputDataMock } from '../entity_details_flyout/mocks';
+import { RiskSeverity } from '../../../../common/search_strategy';
+import { EntityType } from '../../../../common/entity_analytics/types';
+import {
+  EntityDetailsLeftPanelTab,
+  RiskScoreLeftPanelSubTab,
+} from '../../../flyout/entity_details/shared/components/left_panel/left_panel_header';
+
+const mockUseRiskContributingAlerts = jest.fn().mockReturnValue({ loading: false, data: [] });
+const mockGetEuidFromObject = jest.fn().mockReturnValue('user:entity-1');
+
+jest.mock('../../hooks/use_risk_contributing_alerts', () => ({
+  useRiskContributingAlerts: () => mockUseRiskContributingAlerts(),
+}));
+
+jest.mock('@kbn/entity-store/public', () => ({
+  useEntityStoreEuidApi: () => ({
+    euid: {
+      getEuidFromObject: (...args: unknown[]) => mockGetEuidFromObject(...args),
+    },
+  }),
+}));
+
+const mockUseUiSetting = jest.fn().mockReturnValue([false]);
+
+jest.mock('@kbn/kibana-react-plugin/public', () => {
+  const original = jest.requireActual('@kbn/kibana-react-plugin/public');
+  return {
+    ...original,
+    useUiSetting$: () => mockUseUiSetting(),
+  };
+});
+
+const mockUseRiskScore = jest.fn().mockReturnValue({ loading: false, data: [] });
+
+jest.mock('../../api/hooks/use_risk_score', () => ({
+  useRiskScore: (params: unknown) => mockUseRiskScore(params),
+}));
+
+const mockUseGetWatchlists = jest.fn().mockReturnValue({ data: [] });
+
+jest.mock('../../api/hooks/use_get_watchlists', () => ({
+  useGetWatchlists: () => mockUseGetWatchlists(),
+}));
+
+const mockUseResolutionGroup = jest.fn().mockReturnValue({ data: undefined });
+
+jest.mock('../entity_resolution/hooks/use_resolution_group', () => ({
+  useResolutionGroup: (entityId: string) => mockUseResolutionGroup(entityId),
+}));
+
+const mockUseStableExpandableFlyoutState = jest.fn().mockReturnValue({});
+
+jest.mock('../../../flyout/shared/hooks/use_stable_expandable_flyout_state', () => ({
+  useStableExpandableFlyoutState: () => mockUseStableExpandableFlyoutState(),
+}));
+
+const riskScore = {
+  '@timestamp': '2021-08-19T16:00:00.000Z',
+  user: {
+    name: 'elastic',
+    risk: {
+      rule_risks: [],
+      calculated_score_norm: 100,
+      multipliers: [],
+      calculated_level: RiskSeverity.Critical,
+    },
+  },
+};
+
+const riskScoreWithAssetCriticalityContribution = (contribution: number) => {
+  const score = JSON.parse(JSON.stringify(riskScore));
+  score.user.risk.modifiers = [
+    {
+      type: 'asset_criticality',
+      contribution,
+      metadata: {
+        criticality_level: 'high_impact',
+      },
+    },
+  ];
+  score.user.risk.category_2_score = contribution;
+  return score;
+};
+
+describe('RiskInputsTab (v2)', () => {
+  const isResolutionFilter = (params?: { filterQuery?: unknown }): boolean => {
+    const filters = (
+      params?.filterQuery as
+        | {
+            bool?: { filter?: Array<{ term?: Record<string, string> }> };
+          }
+        | undefined
+    )?.bool?.filter;
+
+    if (!Array.isArray(filters)) {
+      return false;
+    }
+
+    return filters.some((clause) => Object.values(clause.term ?? {}).includes('resolution'));
+  };
+
+  beforeEach(() => {
+    jest.clearAllMocks();
+    mockGetEuidFromObject.mockReturnValue('user:entity-1');
+    mockUseResolutionGroup.mockReturnValue({ data: undefined });
+    mockUseGetWatchlists.mockReturnValue({ data: [] });
+    mockUseStableExpandableFlyoutState.mockReturnValue({});
+    mockUseRiskScore.mockImplementation((params?: { filterQuery?: unknown; skip?: boolean }) =>
+      params?.skip
+        ? {
+            loading: false,
+            error: false,
+            data: [],
+          }
+        : isResolutionFilter(params)
+        ? {
+            loading: false,
+            error: false,
+            data: [],
+          }
+        : {
+            loading: false,
+            error: false,
+            data: [riskScore],
+          }
+    );
+  });
+
+  it('renders', () => {
+    mockUseRiskContributingAlerts.mockReturnValue({
+      loading: false,
+      error: false,
+      data: [alertInputDataMock],
+    });
+    mockUseRiskScore.mockReturnValue({
+      loading: false,
+      error: false,
+      data: [riskScore],
+    });
+
+    const { getByTestId, queryByTestId } = render(
+      <TestProviders>
+        <RiskInputsTab entityType={EntityType.user} entityName="elastic" scopeId={'scopeId'} />
+      </TestProviders>
+    );
+
+    expect(queryByTestId('risk-input-asset-criticality-title')).not.toBeInTheDocument();
+    expect(getByTestId('risk-input-table-description-cell')).toHaveTextContent('Rule Name');
+  });
+
+  it('Does not render the context section if enabled but no asset criticality', () => {
+    mockUseUiSetting.mockReturnValue([true]);
+
+    const { queryByTestId } = render(
+      <TestProviders>
+        <RiskInputsTab entityType={EntityType.user} entityName="elastic" scopeId={'scopeId'} />
+      </TestProviders>
+    );
+
+    expect(queryByTestId('risk-input-asset-criticality-title')).not.toBeInTheDocument();
+  });
+
+  it('Renders the context section if enabled and risks contains asset criticality', () => {
+    mockUseUiSetting.mockReturnValue([true]);
+
+    const riskScoreWithAssetCriticality = {
+      '@timestamp': '2021-08-19T16:00:00.000Z',
+      user: {
+        name: 'elastic',
+        risk: {
+          ...riskScore.user.risk,
+          criticality_level: 'extreme_impact',
+          modifiers: [
+            {
+              type: 'asset_criticality',
+              contribution: 5,
+              metadata: {
+                criticality_level: 'extreme_impact',
+              },
+            },
+          ],
+        },
+      },
+    };
+
+    mockUseRiskScore.mockReturnValue({
+      loading: false,
+      error: false,
+      data: [riskScoreWithAssetCriticality],
+    });
+
+    const { queryByTestId } = render(
+      <TestProviders>
+        <RiskInputsTab entityType={EntityType.user} entityName="elastic" scopeId={'scopeId'} />
+      </TestProviders>
+    );
+
+    expect(queryByTestId('risk-input-contexts-title')).toBeInTheDocument();
+  });
+
+  it('it renders alert preview button', () => {
+    mockUseRiskScore.mockReturnValue({
+      loading: false,
+      error: false,
+      data: [riskScore],
+    });
+    mockUseRiskContributingAlerts.mockReturnValue({
+      loading: false,
+      error: false,
+      data: [alertInputDataMock],
+    });
+
+    const { getByTestId } = render(
+      <TestProviders>
+        <RiskInputsTab entityType={EntityType.user} entityName="elastic" scopeId={'scopeId'} />
+      </TestProviders>
+    );
+
+    expect(getByTestId(EXPAND_ALERT_TEST_ID)).toBeInTheDocument();
+  });
+
+  it('Displays 0.00 for the asset criticality contribution if the contribution value is less than -0.01', () => {
+    mockUseUiSetting.mockReturnValue([true]);
+
+    mockUseRiskScore.mockReturnValue({
+      loading: false,
+      error: false,
+      data: [riskScoreWithAssetCriticalityContribution(-0.0000001)],
+    });
+
+    const { getByTestId } = render(
+      <TestProviders>
+        <RiskInputsTab entityType={EntityType.user} entityName="elastic" scopeId={'scopeId'} />
+      </TestProviders>
+    );
+    const contextsTable = getByTestId('risk-input-contexts-table');
+    expect(contextsTable).not.toHaveTextContent('-0.00');
+    expect(contextsTable).toHaveTextContent('0.00');
+  });
+
+  it('Displays 0.00 for the asset criticality contribution if the contribution value is less than 0.01', () => {
+    mockUseUiSetting.mockReturnValue([true]);
+
+    mockUseRiskScore.mockReturnValue({
+      loading: false,
+      error: false,
+      data: [riskScoreWithAssetCriticalityContribution(0.0000001)],
+    });
+
+    const { getByTestId } = render(
+      <TestProviders>
+        <RiskInputsTab entityType={EntityType.user} entityName="elastic" scopeId={'scopeId'} />
+      </TestProviders>
+    );
+    const contextsTable = getByTestId('risk-input-contexts-table');
+    expect(contextsTable).not.toHaveTextContent('+0.00');
+    expect(contextsTable).toHaveTextContent('0.00');
+  });
+
+  it('Adds a plus to positive asset criticality contribution scores', () => {
+    mockUseUiSetting.mockReturnValue([true]);
+
+    mockUseRiskScore.mockReturnValue({
+      loading: false,
+      error: false,
+      data: [riskScoreWithAssetCriticalityContribution(2.22)],
+    });
+
+    const { getByTestId } = render(
+      <TestProviders>
+        <RiskInputsTab entityType={EntityType.user} entityName="elastic" scopeId={'scopeId'} />
+      </TestProviders>
+    );
+
+    expect(getByTestId('risk-input-contexts-table')).toHaveTextContent('+2.22');
+  });
+
+  it('shows extra alerts contribution message', () => {
+    const alerts = times(
+      (number) => ({
+        ...alertInputDataMock,
+        _id: number.toString(),
+      }),
+      11
+    );
+
+    mockUseRiskContributingAlerts.mockReturnValue({
+      loading: false,
+      error: false,
+      data: alerts,
+    });
+    mockUseRiskScore.mockReturnValue({
+      loading: false,
+      error: false,
+      data: [riskScore],
+    });
+
+    const { queryByTestId } = render(
+      <TestProviders>
+        <RiskInputsTab entityType={EntityType.user} entityName="elastic" scopeId={'scopeId'} />
+      </TestProviders>
+    );
+
+    expect(queryByTestId('risk-input-extra-alerts-message')).toBeInTheDocument();
+  });
+
+  it('does not show score view toggle without resolution score', () => {
+    const { queryByTestId } = render(
+      <TestProviders>
+        <RiskInputsTab
+          entityType={EntityType.user}
+          entityName="elastic"
+          scopeId={'scopeId'}
+          entityId="user:elastic"
+        />
+      </TestProviders>
+    );
+
+    expect(queryByTestId('risk-input-score-view-toggle')).not.toBeInTheDocument();
+  });
+
+  it('does not show score view toggle when resolution group has a single member', () => {
+    const resolutionRiskScore = {
+      '@timestamp': '2021-08-19T16:00:00.000Z',
+      user: {
+        name: 'elastic',
+        risk: {
+          ...riskScore.user.risk,
+        },
+      },
+    };
+
+    mockUseResolutionGroup.mockReturnValue({
+      data: {
+        target: {
+          entity: { id: 'user:elastic', name: 'elastic', attributes: { watchlists: [] } },
+        },
+        aliases: [],
+        group_size: 1,
+      },
+    });
+    mockUseRiskScore.mockImplementation((params?: { filterQuery?: unknown }) =>
+      isResolutionFilter(params)
+        ? {
+            loading: false,
+            error: false,
+            data: [resolutionRiskScore],
+          }
+        : {
+            loading: false,
+            error: false,
+            data: [riskScore],
+          }
+    );
+
+    const { queryByTestId } = render(
+      <TestProviders>
+        <RiskInputsTab
+          entityType={EntityType.user}
+          entityName="elastic"
+          scopeId={'scopeId'}
+          entityId="user:elastic"
+        />
+      </TestProviders>
+    );
+
+    expect(queryByTestId('risk-input-score-view-toggle')).not.toBeInTheDocument();
+  });
+
+  it('shows score view toggle and switches to resolution contributions', () => {
+    const resolutionRiskScore = {
+      '@timestamp': '2021-08-19T16:00:00.000Z',
+      user: {
+        name: 'elastic',
+        risk: {
+          ...riskScore.user.risk,
+          category_1_count: 2,
+          category_1_score: 11,
+          modifiers: [
+            {
+              type: 'watchlist',
+              contribution: 1.25,
+              metadata: { watchlist_id: 'wl-123' },
+            },
+          ],
+          inputs: [
+            {
+              ...alertInputDataMock.input,
+              id: 'resolution-alert-id',
+            },
+          ],
+        },
+      },
+    };
+
+    mockUseResolutionGroup.mockReturnValue({
+      data: {
+        target: {
+          entity: { id: 'user:elastic', name: 'elastic', attributes: { watchlists: [] } },
+          asset: { criticality: 'high_impact' },
+        },
+        aliases: [
+          {
+            entity: {
+              id: 'user:entity-1',
+              name: 'entity-1',
+              attributes: { watchlists: ['wl-123'] },
+            },
+            asset: { criticality: 'extreme_impact' },
+          },
+        ],
+        group_size: 2,
+      },
+    });
+    mockUseRiskScore.mockImplementation((params?: { filterQuery?: unknown }) =>
+      isResolutionFilter(params)
+        ? {
+            loading: false,
+            error: false,
+            data: [resolutionRiskScore],
+          }
+        : {
+            loading: false,
+            error: false,
+            data: [riskScore],
+          }
+    );
+
+    mockUseRiskContributingAlerts.mockReturnValue({
+      loading: false,
+      error: false,
+      data: [alertInputDataMock],
+    });
+
+    const { getByTestId, getByText } = render(
+      <TestProviders>
+        <RiskInputsTab
+          entityType={EntityType.user}
+          entityName="elastic"
+          scopeId={'scopeId'}
+          entityId="user:elastic"
+        />
+      </TestProviders>
+    );
+
+    expect(getByTestId('risk-input-score-view-toggle')).toBeInTheDocument();
+
+    fireEvent.click(getByText('Resolution group risk score'));
+
+    expect(getByTestId('risk-input-contexts-table')).toHaveTextContent('Entity');
+    expect(getByTestId('risk-input-contexts-table')).toHaveTextContent('entity-1');
+    expect(getByTestId('risk-input-alert-title').parentElement).toHaveTextContent('Entity');
+    expect(getByTestId('risk-input-table-description-cell')).toHaveTextContent('Rule Name');
+  });
+
+  it('shows entity attribution for alerts in resolution view', () => {
+    const resolutionRiskScore = {
+      '@timestamp': '2021-08-19T16:00:00.000Z',
+      user: {
+        name: 'elastic',
+        risk: {
+          ...riskScore.user.risk,
+          category_1_count: 1,
+          category_1_score: 10,
+          inputs: [{ ...alertInputDataMock.input, id: 'resolution-alert-id' }],
+        },
+      },
+    };
+
+    mockUseResolutionGroup.mockReturnValue({
+      data: {
+        target: {
+          entity: { id: 'user:elastic', name: 'elastic', attributes: { watchlists: [] } },
+        },
+        aliases: [
+          {
+            entity: { id: 'user:entity-1', name: 'entity-1', attributes: { watchlists: [] } },
+          },
+        ],
+        group_size: 2,
+      },
+    });
+    mockUseRiskScore.mockImplementation((params?: { filterQuery?: unknown }) =>
+      isResolutionFilter(params)
+        ? {
+            loading: false,
+            error: false,
+            data: [resolutionRiskScore],
+          }
+        : {
+            loading: false,
+            error: false,
+            data: [riskScore],
+          }
+    );
+    mockUseRiskContributingAlerts.mockReturnValue({
+      loading: false,
+      error: false,
+      data: [{ ...alertInputDataMock, _id: 'resolution-alert-id' }],
+    });
+
+    const { getByText, getByTestId } = render(
+      <TestProviders>
+        <RiskInputsTab
+          entityType={EntityType.user}
+          entityName="elastic"
+          scopeId={'scopeId'}
+          entityId="user:elastic"
+        />
+      </TestProviders>
+    );
+
+    fireEvent.click(getByText('Resolution group risk score'));
+
+    expect(getByTestId('risk-input-alert-title').parentElement).toHaveTextContent('entity-1');
+  });
+
+  it('shows entity attribution for context rows in resolution view', () => {
+    const resolutionRiskScore = {
+      '@timestamp': '2021-08-19T16:00:00.000Z',
+      user: {
+        name: 'elastic',
+        risk: {
+          ...riskScore.user.risk,
+          modifiers: [
+            {
+              type: 'asset_criticality',
+              contribution: 4.5,
+              metadata: { criticality_level: 'high_impact' },
+            },
+            {
+              type: 'watchlist',
+              contribution: 2.5,
+              metadata: { watchlist_id: 'wl-123' },
+            },
+          ],
+          category_1_count: 1,
+          category_1_score: 10,
+          inputs: [{ ...alertInputDataMock.input, id: 'resolution-alert-id' }],
+        },
+      },
+    };
+
+    mockUseResolutionGroup.mockReturnValue({
+      data: {
+        target: {
+          entity: {
+            id: 'user:elastic',
+            name: 'elastic',
+            attributes: { watchlists: ['wl-123'] },
+          },
+          asset: { criticality: 'high_impact' },
+        },
+        aliases: [
+          {
+            entity: {
+              id: 'user:entity-1',
+              name: 'entity-1',
+              attributes: { watchlists: ['wl-123'] },
+            },
+            asset: { criticality: 'medium_impact' },
+          },
+        ],
+        group_size: 2,
+      },
+    });
+    mockUseRiskScore.mockImplementation((params?: { filterQuery?: unknown }) =>
+      isResolutionFilter(params)
+        ? {
+            loading: false,
+            error: false,
+            data: [resolutionRiskScore],
+          }
+        : {
+            loading: false,
+            error: false,
+            data: [riskScore],
+          }
+    );
+
+    const { getByText, getByTestId } = render(
+      <TestProviders>
+        <RiskInputsTab
+          entityType={EntityType.user}
+          entityName="elastic"
+          scopeId={'scopeId'}
+          entityId="user:elastic"
+        />
+      </TestProviders>
+    );
+
+    fireEvent.click(getByText('Resolution group risk score'));
+
+    expect(getByTestId('risk-input-contexts-table')).toHaveTextContent('Entity');
+    expect(getByTestId('risk-input-contexts-table')).toHaveTextContent('elastic');
+    expect(getByTestId('risk-input-contexts-table')).toHaveTextContent('entity-1');
+  });
+
+  it('initializes to resolution view when flyout state subTab is "resolution"', () => {
+    mockUseStableExpandableFlyoutState.mockReturnValue({
+      left: {
+        params: {
+          path: {
+            tab: EntityDetailsLeftPanelTab.RISK_INPUTS,
+            subTab: RiskScoreLeftPanelSubTab.RESOLUTION,
+          },
+        },
+      },
+    });
+    mockUseResolutionGroup.mockReturnValue({
+      data: {
+        target: {
+          entity: { id: 'user:elastic', name: 'elastic', attributes: { watchlists: [] } },
+        },
+        aliases: [
+          {
+            entity: { id: 'user:entity-1', name: 'entity-1', attributes: { watchlists: [] } },
+          },
+        ],
+        group_size: 2,
+      },
+    });
+    mockUseRiskScore.mockImplementation((params?: { filterQuery?: unknown; skip?: boolean }) =>
+      params?.skip
+        ? { loading: false, error: false, data: [] }
+        : { loading: false, error: false, data: [riskScore] }
+    );
+
+    const { getByRole } = render(
+      <TestProviders>
+        <RiskInputsTab
+          entityType={EntityType.user}
+          entityName="elastic"
+          scopeId="scopeId"
+          entityId="user:elastic"
+        />
+      </TestProviders>
+    );
+
+    expect(getByRole('button', { name: 'Resolution group risk score' })).toHaveAttribute(
+      'aria-pressed',
+      'true'
+    );
+  });
+
+  it('auto-switches to resolution view when there is no entity risk score but a resolution score exists', () => {
+    mockUseResolutionGroup.mockReturnValue({
+      data: {
+        target: {
+          entity: { id: 'user:elastic', name: 'elastic', attributes: { watchlists: [] } },
+        },
+        aliases: [
+          {
+            entity: { id: 'user:entity-1', name: 'entity-1', attributes: { watchlists: [] } },
+          },
+        ],
+        group_size: 2,
+      },
+    });
+    mockUseRiskScore.mockImplementation((params?: { filterQuery?: unknown; skip?: boolean }) =>
+      params?.skip
+        ? { loading: false, error: false, data: [] }
+        : isResolutionFilter(params)
+        ? { loading: false, error: false, data: [riskScore] }
+        : { loading: false, error: false, data: [] }
+    );
+
+    const { getByRole } = render(
+      <TestProviders>
+        <RiskInputsTab
+          entityType={EntityType.user}
+          entityName="elastic"
+          scopeId="scopeId"
+          entityId="user:elastic"
+        />
+      </TestProviders>
+    );
+
+    expect(getByRole('button', { name: 'Resolution group risk score' })).toHaveAttribute(
+      'aria-pressed',
+      'true'
+    );
+  });
+
+  it('switches from entity view to resolution view and back', () => {
+    mockUseResolutionGroup.mockReturnValue({
+      data: {
+        target: {
+          entity: { id: 'user:elastic', name: 'elastic', attributes: { watchlists: [] } },
+        },
+        aliases: [
+          {
+            entity: { id: 'user:entity-1', name: 'entity-1', attributes: { watchlists: [] } },
+          },
+        ],
+        group_size: 2,
+      },
+    });
+    mockUseRiskScore.mockImplementation((params?: { filterQuery?: unknown; skip?: boolean }) =>
+      params?.skip
+        ? { loading: false, error: false, data: [] }
+        : isResolutionFilter(params)
+        ? { loading: false, error: false, data: [riskScore] }
+        : { loading: false, error: false, data: [riskScore] }
+    );
+
+    const { getByText, getByRole, getByTestId } = render(
+      <TestProviders>
+        <RiskInputsTab
+          entityType={EntityType.user}
+          entityName="elastic"
+          scopeId="scopeId"
+          entityId="user:elastic"
+        />
+      </TestProviders>
+    );
+
+    expect(getByTestId('risk-input-score-view-toggle')).toBeInTheDocument();
+    expect(getByRole('button', { name: 'Entity risk score' })).toHaveAttribute(
+      'aria-pressed',
+      'true'
+    );
+
+    fireEvent.click(getByRole('button', { name: 'Resolution group risk score' }));
+    expect(getByRole('button', { name: 'Resolution group risk score' })).toHaveAttribute(
+      'aria-pressed',
+      'true'
+    );
+
+    fireEvent.click(getByText('Entity risk score'));
+    expect(getByRole('button', { name: 'Entity risk score' })).toHaveAttribute(
+      'aria-pressed',
+      'true'
+    );
+  });
+
+  it('content changes when switching between entity and resolution views', () => {
+    const entityScore = {
+      '@timestamp': '2021-08-19T16:00:00.000Z',
+      user: {
+        name: 'elastic',
+        risk: {
+          ...riskScore.user.risk,
+          modifiers: [
+            { type: 'watchlist', contribution: 5, metadata: { watchlist_id: 'wl-entity' } },
+          ],
+        },
+      },
+    };
+    const resolutionScore = {
+      '@timestamp': '2021-08-19T16:00:00.000Z',
+      user: {
+        name: 'elastic',
+        risk: {
+          ...riskScore.user.risk,
+          modifiers: [
+            { type: 'watchlist', contribution: 3, metadata: { watchlist_id: 'wl-resolution' } },
+          ],
+        },
+      },
+    };
+
+    mockUseResolutionGroup.mockReturnValue({
+      data: {
+        target: {
+          entity: { id: 'user:elastic', name: 'elastic', attributes: { watchlists: [] } },
+        },
+        aliases: [
+          {
+            entity: { id: 'user:entity-1', name: 'entity-1', attributes: { watchlists: [] } },
+          },
+        ],
+        group_size: 2,
+      },
+    });
+    mockUseRiskScore.mockImplementation((params?: { filterQuery?: unknown; skip?: boolean }) =>
+      params?.skip
+        ? { loading: false, error: false, data: [] }
+        : isResolutionFilter(params)
+        ? { loading: false, error: false, data: [resolutionScore] }
+        : { loading: false, error: false, data: [entityScore] }
+    );
+
+    const { getByText, getByTestId } = render(
+      <TestProviders>
+        <RiskInputsTab
+          entityType={EntityType.user}
+          entityName="elastic"
+          scopeId="scopeId"
+          entityId="user:elastic"
+        />
+      </TestProviders>
+    );
+
+    expect(getByTestId('risk-input-contexts-table')).toHaveTextContent('wl-entity');
+    expect(getByTestId('risk-input-contexts-table')).not.toHaveTextContent('wl-resolution');
+
+    fireEvent.click(getByText('Resolution group risk score'));
+
+    expect(getByTestId('risk-input-contexts-table')).not.toHaveTextContent('wl-entity');
+    expect(getByTestId('risk-input-contexts-table')).toHaveTextContent('wl-resolution');
+  });
+
+  it('user tab selection overrides initial subTab from URL', () => {
+    mockUseStableExpandableFlyoutState.mockReturnValue({
+      left: {
+        params: {
+          path: {
+            tab: EntityDetailsLeftPanelTab.RISK_INPUTS,
+            subTab: RiskScoreLeftPanelSubTab.RESOLUTION,
+          },
+        },
+      },
+    });
+    mockUseResolutionGroup.mockReturnValue({
+      data: {
+        target: {
+          entity: { id: 'user:elastic', name: 'elastic', attributes: { watchlists: [] } },
+        },
+        aliases: [
+          {
+            entity: { id: 'user:entity-1', name: 'entity-1', attributes: { watchlists: [] } },
+          },
+        ],
+        group_size: 2,
+      },
+    });
+    mockUseRiskScore.mockImplementation((params?: { filterQuery?: unknown; skip?: boolean }) =>
+      params?.skip
+        ? { loading: false, error: false, data: [] }
+        : { loading: false, error: false, data: [riskScore] }
+    );
+
+    const { getByRole } = render(
+      <TestProviders>
+        <RiskInputsTab
+          entityType={EntityType.user}
+          entityName="elastic"
+          scopeId="scopeId"
+          entityId="user:elastic"
+        />
+      </TestProviders>
+    );
+
+    expect(getByRole('button', { name: 'Resolution group risk score' })).toHaveAttribute(
+      'aria-pressed',
+      'true'
+    );
+
+    fireEvent.click(getByRole('button', { name: 'Entity risk score' }));
+
+    expect(getByRole('button', { name: 'Entity risk score' })).toHaveAttribute(
+      'aria-pressed',
+      'true'
+    );
+  });
+
+  it('renders watchlist modifiers in context section', () => {
+    const riskScoreWithWatchlistModifier = {
+      '@timestamp': '2021-08-19T16:00:00.000Z',
+      user: {
+        name: 'elastic',
+        risk: {
+          ...riskScore.user.risk,
+          modifiers: [
+            {
+              type: 'watchlist',
+              contribution: 8.75,
+              metadata: {
+                watchlist_id: 'wl-123',
+              },
+            },
+          ],
+        },
+      },
+    };
+
+    mockUseRiskScore.mockReturnValue({
+      loading: false,
+      error: false,
+      data: [riskScoreWithWatchlistModifier],
+    });
+
+    const { getByTestId } = render(
+      <TestProviders>
+        <RiskInputsTab entityType={EntityType.user} entityName="elastic" scopeId={'scopeId'} />
+      </TestProviders>
+    );
+
+    expect(getByTestId('risk-input-contexts-table')).toHaveTextContent('Watchlist');
+    expect(getByTestId('risk-input-contexts-table')).toHaveTextContent('wl-123');
+    expect(getByTestId('risk-input-contexts-table')).toHaveTextContent('+8.75');
+  });
+
+  it('renders custom watchlist name from watchlists API data', () => {
+    mockUseGetWatchlists.mockReturnValue({
+      data: [{ id: 'wl-123', name: 'High Risk Vendors', managed: false, riskModifier: 1.5 }],
+    });
+
+    const riskScoreWithWatchlistModifier = {
+      '@timestamp': '2021-08-19T16:00:00.000Z',
+      user: {
+        name: 'elastic',
+        risk: {
+          ...riskScore.user.risk,
+          modifiers: [
+            {
+              type: 'watchlist',
+              contribution: 2.5,
+              metadata: {
+                watchlist_id: 'wl-123',
+              },
+            },
+          ],
+        },
+      },
+    };
+
+    mockUseRiskScore.mockReturnValue({
+      loading: false,
+      error: false,
+      data: [riskScoreWithWatchlistModifier],
+    });
+
+    const { getByTestId } = render(
+      <TestProviders>
+        <RiskInputsTab entityType={EntityType.user} entityName="elastic" scopeId={'scopeId'} />
+      </TestProviders>
+    );
+
+    expect(getByTestId('risk-input-contexts-table')).toHaveTextContent('High Risk Vendors');
+  });
+});
diff --git a/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/flyout_v2/risk_inputs_tab.tsx b/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/flyout_v2/risk_inputs_tab.tsx
new file mode 100644
index 0000000000000..278600dac4612
--- /dev/null
+++ b/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/flyout_v2/risk_inputs_tab.tsx
@@ -0,0 +1,914 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { i18n } from '@kbn/i18n';
+import { useEntityStoreEuidApi } from '@kbn/entity-store/public';
+import type { EuiBasicTableColumn } from '@elastic/eui';
+import {
+  EuiButtonGroup,
+  EuiButtonIcon,
+  EuiCallOut,
+  EuiFlexGroup,
+  EuiFlexItem,
+  EuiInMemoryTable,
+  EuiSpacer,
+  EuiTitle,
+  EuiToolTip,
+} from '@elastic/eui';
+import type { FlyoutPanelProps } from '@kbn/expandable-flyout';
+import type { ReactNode } from 'react';
+import React, { useCallback, useMemo, useState } from 'react';
+import { FormattedMessage } from '@kbn/i18n-react';
+import { ALERT_RULE_NAME } from '@kbn/rule-data-utils';
+import { get, noop } from 'lodash/fp';
+import { DOC_VIEWER_FLYOUT_HISTORY_KEY } from '@kbn/unified-doc-viewer';
+import { useHistory } from 'react-router-dom';
+import { useStore } from 'react-redux';
+import {
+  EntityDetailsLeftPanelTab,
+  RiskScoreLeftPanelSubTab,
+} from '../../../flyout/entity_details/shared/components/left_panel/left_panel_header';
+import type { CriticalityLevel } from '../../../../common/entity_analytics/asset_criticality/types';
+import { getWatchlistName } from '../../../../common/entity_analytics/watchlists/constants';
+import { useGlobalTime } from '../../../common/containers/use_global_time';
+import { useQueryInspector } from '../../../common/components/page/manage_query';
+import { formatRiskScore } from '../../common';
+import type {
+  InputAlert,
+  UseRiskContributingAlertsResult,
+} from '../../hooks/use_risk_contributing_alerts';
+import { useRiskContributingAlerts } from '../../hooks/use_risk_contributing_alerts';
+import { PreferenceFormattedDate } from '../../../common/components/formatted_date';
+
+import { useRiskScore } from '../../api/hooks/use_risk_score';
+import type { RiskScoreState } from '../../api/hooks/use_risk_score';
+import { useGetWatchlists } from '../../api/hooks/use_get_watchlists';
+import type { EntityRiskScore, EntityType } from '../../../../common/search_strategy';
+import type { ESQuery } from '../../../../common/typed_json';
+import { buildEntityNameFilter } from '../../../../common/search_strategy';
+import { AssetCriticalityBadge } from '../asset_criticality';
+import { RiskInputsUtilityBar } from '../entity_details_flyout/components/utility_bar';
+import { ActionColumn } from '../entity_details_flyout/components/action_column';
+import { AiAssistantButton } from '../ai_assistant_button/ai_assistant_button';
+import { useIsExperimentalFeatureEnabled } from '../../../common/hooks/use_experimental_features';
+import { useAgentBuilderAvailability } from '../../../agent_builder/hooks/use_agent_builder_availability';
+import { useResolutionGroup } from '../entity_resolution/hooks/use_resolution_group';
+import { getEntityId, getEntityField, getEntityName } from '../entity_resolution/helpers';
+import { useStableExpandableFlyoutState } from '../../../flyout/shared/hooks/use_stable_expandable_flyout_state';
+import { useKibana } from '../../../common/lib/kibana';
+import { useIsInSecurityApp } from '../../../common/hooks/is_in_security_app';
+import { flyoutProviders } from '../../../flyout_v2/shared/components/flyout_provider';
+import { useDefaultDocumentFlyoutProperties } from '../../../flyout_v2/shared/hooks/use_default_flyout_properties';
+import { documentFlyoutHistoryKey } from '../../../flyout_v2/shared/constants/flyout_history';
+import { DocumentFlyoutWrapper } from '../../../flyout_v2/document/main/document_flyout_wrapper';
+import { cellActionRenderer } from '../../../flyout_v2/shared/components/cell_actions';
+import { RISK_INPUTS_TAB_QUERY_ID } from './constants';
+
+export interface RiskInputsTabProps<T extends EntityType> {
+  entityType: T;
+  entityName: string;
+  scopeId: string;
+  entityId?: string;
+}
+
+const FIRST_RECORD_PAGINATION = {
+  cursorStart: 0,
+  querySize: 1,
+};
+
+export const EXPAND_ALERT_TEST_ID = 'risk-input-alert-preview-button';
+
+interface RiskScorePanelProps extends FlyoutPanelProps {
+  params: {
+    path: {
+      tab: EntityDetailsLeftPanelTab.RISK_INPUTS;
+      subTab?: RiskScoreLeftPanelSubTab;
+    };
+  };
+}
+
+function isRiskScoreFlyoutPanelProps(
+  panelLeft: FlyoutPanelProps | undefined
+): panelLeft is RiskScorePanelProps {
+  const params = panelLeft?.params;
+  if (!params || typeof params !== 'object' || !('path' in params)) {
+    return false;
+  }
+
+  const path = params.path as { tab?: unknown; subTab?: unknown };
+  if (path?.tab !== EntityDetailsLeftPanelTab.RISK_INPUTS) {
+    return false;
+  }
+
+  return (
+    path.subTab === undefined ||
+    (typeof path.subTab === 'string' &&
+      Object.values(RiskScoreLeftPanelSubTab).includes(path.subTab as RiskScoreLeftPanelSubTab))
+  );
+}
+
+export const RiskInputsTab = <T extends EntityType>({
+  entityType,
+  entityName,
+  scopeId,
+  entityId,
+}: RiskInputsTabProps<T>) => {
+  const panels = useStableExpandableFlyoutState();
+  const subTab = isRiskScoreFlyoutPanelProps(panels.left)
+    ? panels.left.params.path.subTab
+    : undefined;
+
+  const { data: watchlists } = useGetWatchlists();
+
+  const entityFilterQuery = useMemo(
+    () =>
+      entityId
+        ? ({
+            bool: {
+              filter: [{ term: { [`${entityType}.risk.id_value`]: entityId } }],
+              must_not: [{ term: { [`${entityType}.risk.score_type`]: 'resolution' } }],
+            },
+          } as ESQuery)
+        : buildEntityNameFilter(entityType, [entityName]),
+    [entityId, entityName, entityType]
+  );
+
+  const {
+    data: riskScoreData,
+    error: riskScoreError,
+    loading: loadingRiskScore,
+    inspect: inspectRiskScore,
+    refetch,
+  } = useRiskScore<T>({
+    riskEntity: entityType,
+    filterQuery: entityFilterQuery,
+    onlyLatest: false,
+    pagination: FIRST_RECORD_PAGINATION,
+    skip: entityFilterQuery === undefined,
+  });
+
+  const { data: resolutionGroup } = useResolutionGroup(entityId ?? '', {
+    enabled: Boolean(entityId),
+  });
+  const hasRealResolutionGroup = (resolutionGroup?.group_size ?? 0) > 1;
+  const resolutionTargetEntityId = useMemo(
+    () => (resolutionGroup?.target ? getEntityId(resolutionGroup.target) : undefined),
+    [resolutionGroup?.target]
+  );
+  const shouldFetchResolutionRiskScore =
+    hasRealResolutionGroup && Boolean(resolutionTargetEntityId);
+  const resolutionFilterQuery = useMemo(
+    () =>
+      shouldFetchResolutionRiskScore && resolutionTargetEntityId
+        ? ({
+            bool: {
+              filter: [
+                { term: { [`${entityType}.risk.id_value`]: resolutionTargetEntityId } },
+                { term: { [`${entityType}.risk.score_type`]: 'resolution' } },
+              ],
+            },
+          } as ESQuery)
+        : undefined,
+    [entityType, resolutionTargetEntityId, shouldFetchResolutionRiskScore]
+  );
+  const {
+    data: resolutionRiskScoreData,
+    loading: loadingResolutionRiskScore,
+    inspect: inspectResolutionRiskScore,
+    refetch: refetchResolutionRiskScore,
+  } = useRiskScore<T>({
+    riskEntity: entityType,
+    filterQuery: resolutionFilterQuery,
+    onlyLatest: false,
+    pagination: FIRST_RECORD_PAGINATION,
+    skip: !shouldFetchResolutionRiskScore,
+  });
+
+  const entityRiskScore = riskScoreData && riskScoreData.length > 0 ? riskScoreData[0] : undefined;
+  const resolutionRiskScore =
+    resolutionRiskScoreData && resolutionRiskScoreData.length > 0
+      ? resolutionRiskScoreData[0]
+      : undefined;
+  const hasResolutionScore = hasRealResolutionGroup && Boolean(resolutionRiskScore);
+
+  const watchlistNamesById = useMemo(() => {
+    const map = new Map<string, string>();
+    (watchlists ?? []).forEach((watchlist) => {
+      if (watchlist.id) {
+        map.set(watchlist.id, watchlist.name);
+      }
+    });
+    return map;
+  }, [watchlists]);
+
+  if (riskScoreError) {
+    return (
+      <EuiCallOut
+        announceOnMount
+        title={
+          <FormattedMessage
+            id="xpack.securitySolution.flyout.entityDetails.riskInputs.errorTitle"
+            defaultMessage="Something went wrong"
+          />
+        }
+        color="danger"
+        iconType="error"
+      >
+        <p>
+          <FormattedMessage
+            id="xpack.securitySolution.flyout.entityDetails.riskInputs.errorBody"
+            defaultMessage="Error while fetching risk inputs. Please try again later."
+          />
+        </p>
+      </EuiCallOut>
+    );
+  }
+
+  return (
+    <RiskInputsTabContent
+      // using subTab as key to force re-render the tab content when the subTab changes
+      key={subTab}
+      subTab={subTab}
+      entityType={entityType}
+      entityName={entityName}
+      scopeId={scopeId}
+      entityRiskScore={entityRiskScore}
+      resolutionRiskScore={resolutionRiskScore}
+      hasResolutionScore={hasResolutionScore}
+      loadingRiskScore={loadingRiskScore}
+      loadingResolutionRiskScore={loadingResolutionRiskScore}
+      inspectRiskScore={inspectRiskScore}
+      inspectResolutionRiskScore={inspectResolutionRiskScore}
+      refetch={refetch}
+      refetchResolutionRiskScore={refetchResolutionRiskScore}
+      resolutionGroup={resolutionGroup}
+      watchlistNamesById={watchlistNamesById}
+    />
+  );
+};
+
+RiskInputsTab.displayName = 'RiskInputsTab';
+
+interface RiskInputsTabContentProps<T extends EntityType> {
+  subTab?: RiskScoreLeftPanelSubTab;
+  entityType: T;
+  entityName: string;
+  scopeId: string;
+  entityRiskScore: EntityRiskScore<T> | undefined;
+  resolutionRiskScore: EntityRiskScore<T> | undefined;
+  hasResolutionScore: boolean;
+  loadingRiskScore: boolean;
+  loadingResolutionRiskScore: boolean;
+  inspectRiskScore: RiskScoreState<EntityType>['inspect'];
+  inspectResolutionRiskScore: RiskScoreState<EntityType>['inspect'];
+  refetch: RiskScoreState<EntityType>['refetch'];
+  refetchResolutionRiskScore: RiskScoreState<EntityType>['refetch'];
+  resolutionGroup: ReturnType<typeof useResolutionGroup>['data'];
+  watchlistNamesById: Map<string, string>;
+}
+
+const RiskInputsTabContent = <T extends EntityType>({
+  subTab,
+  entityType,
+  entityName,
+  scopeId,
+  entityRiskScore,
+  resolutionRiskScore,
+  hasResolutionScore,
+  loadingRiskScore,
+  loadingResolutionRiskScore,
+  inspectRiskScore,
+  inspectResolutionRiskScore,
+  refetch,
+  refetchResolutionRiskScore,
+  resolutionGroup,
+  watchlistNamesById,
+}: RiskInputsTabContentProps<T>) => {
+  const { setQuery, deleteQuery } = useGlobalTime();
+  const euidApi = useEntityStoreEuidApi();
+  const [selectedItems, setSelectedItems] = useState<InputAlert[]>([]);
+  const [userSelectedView, setUserSelectedView] = useState(subTab);
+  const isAssistantToolDisabled = useIsExperimentalFeatureEnabled('riskScoreAssistantToolDisabled');
+  const { isAgentBuilderEnabled } = useAgentBuilderAvailability();
+  const showAiAssistantButton = !isAssistantToolDisabled || isAgentBuilderEnabled;
+
+  const { services } = useKibana();
+  const store = useStore();
+  const history = useHistory();
+  const defaultDocumentFlyoutProperties = useDefaultDocumentFlyoutProperties();
+  const isInSecurityApp = useIsInSecurityApp();
+  const historyKey = isInSecurityApp ? documentFlyoutHistoryKey : DOC_VIEWER_FLYOUT_HISTORY_KEY;
+
+  const defaultView =
+    !loadingRiskScore && !entityRiskScore && hasResolutionScore
+      ? RiskScoreLeftPanelSubTab.RESOLUTION
+      : RiskScoreLeftPanelSubTab.ENTITY;
+  const selectedView = userSelectedView ?? defaultView;
+
+  const openAlertPreview = useCallback(
+    (id: string, indexName: string) => {
+      services.overlays.openSystemFlyout(
+        flyoutProviders({
+          services,
+          store,
+          history,
+          children: (
+            <DocumentFlyoutWrapper
+              documentId={id}
+              indexName={indexName}
+              renderCellActions={cellActionRenderer}
+              onAlertUpdated={noop}
+            />
+          ),
+        }),
+        {
+          ...defaultDocumentFlyoutProperties,
+          historyKey,
+          session: 'inherit',
+        }
+      );
+    },
+    [services, store, history, defaultDocumentFlyoutProperties, historyKey]
+  );
+
+  const isResolutionView =
+    selectedView === RiskScoreLeftPanelSubTab.RESOLUTION && hasResolutionScore;
+  const activeRiskScore = isResolutionView ? resolutionRiskScore : entityRiskScore;
+  const activeInspectRiskScore = isResolutionView ? inspectResolutionRiskScore : inspectRiskScore;
+  const activeRiskScoreLoading = isResolutionView ? loadingResolutionRiskScore : loadingRiskScore;
+  const activeRiskScoreRefetch = isResolutionView ? refetchResolutionRiskScore : refetch;
+
+  useQueryInspector({
+    deleteQuery,
+    inspect: activeInspectRiskScore,
+    loading: activeRiskScoreLoading,
+    queryId: RISK_INPUTS_TAB_QUERY_ID,
+    refetch: activeRiskScoreRefetch,
+    setQuery,
+  });
+
+  const alerts = useRiskContributingAlerts<T>({ riskScore: activeRiskScore, entityType });
+
+  const entityNameByEuid = useMemo(() => {
+    const map = new Map<string, string>();
+    if (!resolutionGroup) return map;
+    [resolutionGroup.target, ...resolutionGroup.aliases].forEach((entity) => {
+      const entityIdValue = getEntityId(entity);
+      if (entityIdValue) {
+        map.set(entityIdValue, getEntityName(entity) || entityIdValue);
+      }
+    });
+    return map;
+  }, [resolutionGroup]);
+
+  const alertEntityById = useMemo(() => {
+    const map = new Map<string, string>();
+    if (!isResolutionView || !euidApi || !alerts.data) return map;
+    alerts.data.forEach((alert) => {
+      const sourceEntityId =
+        alert.input.entity_id ?? euidApi.euid.getEuidFromObject(entityType, alert.rawSource);
+      if (sourceEntityId) {
+        map.set(alert._id, entityNameByEuid.get(sourceEntityId) ?? sourceEntityId);
+      }
+    });
+    return map;
+  }, [alerts.data, entityNameByEuid, entityType, euidApi, isResolutionView]);
+
+  const euiTableSelectionProps = useMemo(
+    () => ({
+      initialSelected: [],
+      selectable: () => true,
+      onSelectionChange: setSelectedItems,
+    }),
+    []
+  );
+
+  const inputColumns: Array<EuiBasicTableColumn<InputAlert>> = useMemo(() => {
+    const columns: Array<EuiBasicTableColumn<InputAlert>> = [
+      {
+        render: (data: InputAlert) => (
+          <EuiToolTip
+            content={i18n.translate('xpack.securitySolution.flyout.right.alertPreview.tooltip', {
+              defaultMessage: 'Preview alert with id {id}',
+              values: { id: data._id },
+            })}
+            disableScreenReaderOutput
+          >
+            <EuiButtonIcon
+              iconType="expand"
+              data-test-subj={EXPAND_ALERT_TEST_ID}
+              onClick={() => openAlertPreview(data._id, data.input.index)}
+              aria-label={i18n.translate(
+                'xpack.securitySolution.flyout.right.alertPreview.ariaLabel',
+                {
+                  defaultMessage: 'Preview alert with id {id}',
+                  values: { id: data._id },
+                }
+              )}
+            />
+          </EuiToolTip>
+        ),
+        width: '5%',
+      },
+      {
+        name: (
+          <FormattedMessage
+            id="xpack.securitySolution.flyout.entityDetails.riskInputs.actionsColumn"
+            defaultMessage="Actions"
+          />
+        ),
+        width: '80px',
+        render: (data: InputAlert) => <ActionColumn input={data} />,
+      },
+      {
+        field: 'input.timestamp',
+        name: (
+          <FormattedMessage
+            id="xpack.securitySolution.flyout.entityDetails.riskInputs.dateColumn"
+            defaultMessage="Date"
+          />
+        ),
+        truncateText: false,
+        mobileOptions: { show: true },
+        sortable: true,
+        width: isResolutionView ? '20%' : '30%',
+        render: (timestamp: string) => <PreferenceFormattedDate value={new Date(timestamp)} />,
+      },
+      {
+        field: 'alert',
+        'data-test-subj': 'risk-input-table-description-cell',
+        name: (
+          <FormattedMessage
+            id="xpack.securitySolution.flyout.entityDetails.riskInputs.riskInputColumn"
+            defaultMessage="Rule name"
+          />
+        ),
+        truncateText: true,
+        mobileOptions: { show: true },
+        sortable: true,
+        render: (alert: InputAlert['alert']) => get(ALERT_RULE_NAME, alert),
+      },
+      {
+        field: 'input.contribution_score',
+        'data-test-subj': 'risk-input-table-contribution-cell',
+        name: (
+          <FormattedMessage
+            id="xpack.securitySolution.flyout.entityDetails.riskInputs.contributionColumn"
+            defaultMessage="Contribution"
+          />
+        ),
+        truncateText: false,
+        mobileOptions: { show: true },
+        sortable: true,
+        align: 'right',
+        render: formatContribution,
+      },
+    ];
+
+    if (isResolutionView) {
+      columns.splice(4, 0, {
+        name: (
+          <FormattedMessage
+            id="xpack.securitySolution.flyout.entityDetails.riskInputs.entityColumn"
+            defaultMessage="Entity"
+          />
+        ),
+        width: '25%',
+        render: (data: InputAlert) => alertEntityById.get(data._id) ?? '-',
+      });
+    }
+
+    return columns;
+  }, [alertEntityById, isResolutionView, openAlertPreview]);
+
+  const riskInputsAlertSection = (
+    <>
+      <EuiTitle size="xs" data-test-subj="risk-input-alert-title">
+        <h3>
+          <FormattedMessage
+            id="xpack.securitySolution.flyout.entityDetails.riskInputs.alertsTitle"
+            defaultMessage="Alerts"
+          />
+        </h3>
+      </EuiTitle>
+      <EuiSpacer size="xs" />
+      <RiskInputsUtilityBar riskInputs={selectedItems} />
+      <EuiInMemoryTable
+        compressed
+        loading={(activeRiskScoreLoading || alerts.loading) && (alerts.data?.length ?? 0) === 0}
+        items={alerts.data || []}
+        columns={inputColumns}
+        sorting
+        selection={euiTableSelectionProps}
+        itemId="_id"
+        tableCaption={i18n.translate(
+          'xpack.securitySolution.flyout.entityDetails.riskInputs.alertsTableCaption',
+          {
+            defaultMessage: 'Alerts contributing to the risk score',
+          }
+        )}
+      />
+      <EuiSpacer size="s" />
+      <ExtraAlertsMessage<T> riskScore={activeRiskScore} alerts={alerts} entityType={entityType} />
+    </>
+  );
+
+  return (
+    <>
+      {hasResolutionScore && (
+        <>
+          <EuiButtonGroup
+            color="primary"
+            isFullWidth
+            legend={i18n.translate(
+              'xpack.securitySolution.flyout.entityDetails.riskInputs.scoreViewLegend',
+              { defaultMessage: 'Risk score view' }
+            )}
+            buttonSize="compressed"
+            options={[
+              {
+                id: RiskScoreLeftPanelSubTab.ENTITY,
+                label: i18n.translate(
+                  'xpack.securitySolution.flyout.entityDetails.riskInputs.entityScoreViewLabel',
+                  { defaultMessage: 'Entity risk score' }
+                ),
+              },
+              {
+                id: RiskScoreLeftPanelSubTab.RESOLUTION,
+                label: i18n.translate(
+                  'xpack.securitySolution.flyout.entityDetails.riskInputs.resolutionScoreViewLabel',
+                  { defaultMessage: 'Resolution group risk score' }
+                ),
+              },
+            ]}
+            idSelected={selectedView}
+            onChange={(id) => setUserSelectedView(id as RiskScoreLeftPanelSubTab)}
+            data-test-subj="risk-input-score-view-toggle"
+          />
+          <EuiSpacer size="m" />
+        </>
+      )}
+      <ContextsSection<T>
+        loading={activeRiskScoreLoading}
+        riskScore={activeRiskScore}
+        entityType={entityType}
+        isResolutionView={isResolutionView}
+        resolutionGroup={resolutionGroup}
+        watchlistNamesById={watchlistNamesById}
+      />
+      <EuiSpacer size="m" />
+      {riskInputsAlertSection}
+      {showAiAssistantButton && (
+        <>
+          <EuiSpacer size="m" />
+          <EuiFlexGroup justifyContent="flexEnd">
+            <EuiFlexItem grow={false}>
+              <AiAssistantButton
+                entityType={entityType}
+                entityName={entityName}
+                telemetryPathway="entity_risk_contribution"
+              />
+            </EuiFlexItem>
+          </EuiFlexGroup>
+        </>
+      )}
+    </>
+  );
+};
+
+interface ContextsSectionProps<T extends EntityType> {
+  riskScore?: EntityRiskScore<T>;
+  entityType: T;
+  loading: boolean;
+  isResolutionView: boolean;
+  resolutionGroup?: {
+    target: Record<string, unknown>;
+    aliases: Array<Record<string, unknown>>;
+  };
+  watchlistNamesById: Map<string, string>;
+}
+
+const ContextsSection = <T extends EntityType>({
+  riskScore,
+  loading,
+  entityType,
+  isResolutionView,
+  resolutionGroup,
+  watchlistNamesById,
+}: ContextsSectionProps<T>) => {
+  const memberEntities = useMemo(
+    () => (resolutionGroup ? [resolutionGroup.target, ...resolutionGroup.aliases] : []),
+    [resolutionGroup]
+  );
+  const watchlistEntityNames = useMemo(() => {
+    const map = new Map<string, string[]>();
+
+    if (!isResolutionView) {
+      return map;
+    }
+
+    memberEntities.forEach((member) => {
+      const entityName = getEntityName(member) || getEntityId(member) || '-';
+      const watchlistsValue = getEntityField(member, 'entity.attributes.watchlists');
+      if (!Array.isArray(watchlistsValue)) {
+        return;
+      }
+
+      watchlistsValue.forEach((watchlistId) => {
+        if (typeof watchlistId !== 'string') {
+          return;
+        }
+
+        const matchingEntities = map.get(watchlistId) ?? [];
+        if (!matchingEntities.includes(entityName)) {
+          matchingEntities.push(entityName);
+        }
+        map.set(watchlistId, matchingEntities);
+      });
+    });
+
+    return map;
+  }, [isResolutionView, memberEntities]);
+  const criticalityEntityNames = useMemo(() => {
+    const map = new Map<string, string[]>();
+
+    if (!isResolutionView) {
+      return map;
+    }
+
+    memberEntities.forEach((member) => {
+      const entityName = getEntityName(member) || getEntityId(member) || '-';
+      const criticalityLevel = getEntityField(member, 'asset.criticality');
+
+      if (typeof criticalityLevel !== 'string') {
+        return;
+      }
+
+      const matchingEntities = map.get(criticalityLevel) ?? [];
+      if (!matchingEntities.includes(entityName)) {
+        matchingEntities.push(entityName);
+      }
+      map.set(criticalityLevel, matchingEntities);
+    });
+
+    return map;
+  }, [isResolutionView, memberEntities]);
+  const contributions = useMemo(() => {
+    if (!riskScore) {
+      return undefined;
+    }
+
+    const modifiers = riskScore[entityType].risk.modifiers ?? [];
+    const criticality = riskScore[entityType].risk.modifiers?.find(
+      (mod) => mod.type === 'asset_criticality'
+    );
+    const watchlists = modifiers.filter((mod) => mod.type === 'watchlist');
+
+    if (!criticality && watchlists.length === 0) {
+      return undefined;
+    }
+
+    return {
+      criticality: {
+        level: (criticality?.metadata?.criticality_level as CriticalityLevel) ?? null,
+        contribution: criticality?.contribution,
+      },
+      watchlists,
+    };
+  }, [entityType, riskScore]);
+
+  if (contributions === undefined) {
+    return null;
+  }
+  const { criticality, watchlists } = contributions;
+
+  const items: ContextRow[] = [];
+
+  if (criticality.level != null && criticality.contribution != null) {
+    const relatedEntities = isResolutionView
+      ? criticalityEntityNames.get(criticality.level)?.join(', ') ?? '-'
+      : '';
+    items.push({
+      field: (
+        <FormattedMessage
+          id="xpack.securitySolution.flyout.entityDetails.riskInputs.assetCriticalityField"
+          defaultMessage="Asset Criticality Level"
+        />
+      ),
+      value: (
+        <AssetCriticalityBadge
+          criticalityLevel={criticality.level}
+          dataTestSubj="risk-inputs-asset-criticality-badge"
+          textSize="xs"
+        />
+      ),
+      contribution: formatContribution(criticality.contribution),
+      entities: relatedEntities,
+    });
+  }
+
+  watchlists.forEach((watchlist) => {
+    const watchlistMetadata = watchlist.metadata as
+      | {
+          watchlist_id?: string;
+          is_privileged_user?: boolean;
+        }
+      | undefined;
+    const watchlistId =
+      typeof watchlistMetadata?.watchlist_id === 'string' ? watchlistMetadata.watchlist_id : '';
+    const watchlistLabel = watchlistId
+      ? watchlistNamesById.get(watchlistId) ?? getWatchlistName(watchlistId)
+      : i18n.translate(
+          'xpack.securitySolution.flyout.entityDetails.riskInputs.unknownWatchlistLabel',
+          {
+            defaultMessage: 'Unknown watchlist',
+          }
+        );
+
+    items.push({
+      field: (
+        <FormattedMessage
+          id="xpack.securitySolution.flyout.entityDetails.riskInputs.watchlistField"
+          defaultMessage="Watchlist"
+        />
+      ),
+      value: (
+        <FormattedMessage
+          id="xpack.securitySolution.flyout.entityDetails.riskInputs.watchlistValue"
+          defaultMessage="{watchlistName}{privilegedTag}"
+          values={{
+            watchlistName: watchlistLabel,
+            privilegedTag: watchlistMetadata?.is_privileged_user
+              ? i18n.translate(
+                  'xpack.securitySolution.flyout.entityDetails.riskInputs.privilegedWatchlistSuffix',
+                  {
+                    defaultMessage: ' (privileged user)',
+                  }
+                )
+              : '',
+          }}
+        />
+      ),
+      contribution: formatContribution(watchlist.contribution),
+      entities: isResolutionView ? watchlistEntityNames.get(watchlistId)?.join(', ') ?? '-' : '',
+    });
+  });
+
+  if (items.length === 0) {
+    return null;
+  }
+
+  return (
+    <>
+      <EuiTitle size="xs" data-test-subj="risk-input-contexts-title">
+        <h3>
+          <FormattedMessage
+            id="xpack.securitySolution.flyout.entityDetails.riskInputs.contextsTitle"
+            defaultMessage="Contexts"
+          />
+        </h3>
+      </EuiTitle>
+      <EuiSpacer size="xs" />
+      <EuiInMemoryTable
+        compressed={true}
+        loading={loading && items.length === 0}
+        data-test-subj="risk-input-contexts-table"
+        columns={getContextColumns(isResolutionView)}
+        items={items}
+        tableCaption={i18n.translate(
+          'xpack.securitySolution.flyout.entityDetails.riskInputs.contextsTableCaption',
+          {
+            defaultMessage: 'Contextual contributions to the risk score',
+          }
+        )}
+      />
+    </>
+  );
+};
+
+interface ContextRow {
+  field: ReactNode;
+  value: ReactNode;
+  contribution: string;
+  entities: string;
+}
+
+const getContextColumns = (isResolutionView: boolean): Array<EuiBasicTableColumn<ContextRow>> => {
+  const columns: Array<EuiBasicTableColumn<ContextRow>> = [
+    {
+      field: 'field',
+      name: (
+        <FormattedMessage
+          id="xpack.securitySolution.flyout.entityDetails.riskInputs.fieldColumn"
+          defaultMessage="Field"
+        />
+      ),
+      width: '25%',
+      render: (field: ContextRow['field']) => field,
+    },
+    {
+      field: 'value',
+      name: (
+        <FormattedMessage
+          id="xpack.securitySolution.flyout.entityDetails.riskInputs.valueColumn"
+          defaultMessage="Value"
+        />
+      ),
+      width: isResolutionView ? '30%' : '35%',
+      render: (val: ContextRow['value']) => val,
+    },
+  ];
+
+  if (isResolutionView) {
+    columns.push({
+      field: 'entities',
+      name: (
+        <FormattedMessage
+          id="xpack.securitySolution.flyout.entityDetails.riskInputs.entityColumn"
+          defaultMessage="Entity"
+        />
+      ),
+      width: '25%',
+      render: (entities: ContextRow['entities']) => entities || '-',
+    });
+  }
+
+  columns.push({
+    field: 'contribution',
+    width: isResolutionView ? '20%' : '40%',
+    align: 'right',
+    name: (
+      <FormattedMessage
+        id="xpack.securitySolution.flyout.entityDetails.riskInputs.contributionColumn"
+        defaultMessage="Contribution"
+      />
+    ),
+    render: (score: ContextRow['contribution']) => score,
+  });
+
+  return columns;
+};
+
+interface ExtraAlertsMessageProps<T extends EntityType> {
+  riskScore?: EntityRiskScore<T>;
+  alerts: UseRiskContributingAlertsResult;
+  entityType: T;
+}
+
+const ExtraAlertsMessage = <T extends EntityType>({
+  riskScore,
+  alerts,
+  entityType,
+}: ExtraAlertsMessageProps<T>) => {
+  const totals = !riskScore
+    ? { count: 0, score: 0 }
+    : {
+        count: riskScore[entityType].risk.category_1_count,
+        score: riskScore[entityType].risk.category_1_score,
+      };
+
+  const displayed = {
+    count: alerts.data?.length || 0,
+    score: alerts.data?.reduce((sum, { input }) => sum + (input.contribution_score || 0), 0) || 0,
+  };
+
+  if (displayed.count >= totals.count) {
+    return null;
+  }
+  return (
+    <EuiCallOut
+      data-test-subj="risk-input-extra-alerts-message"
+      size="s"
+      title={
+        <FormattedMessage
+          id="xpack.securitySolution.flyout.entityDetails.riskInputs.extraAlertsMessage"
+          defaultMessage="{count} more alerts contributed {score} to the calculated risk score"
+          values={{
+            count: totals.count - displayed.count,
+            score: formatContribution(totals.score - displayed.score),
+          }}
+        />
+      }
+      iconType="annotation"
+    />
+  );
+};
+
+const formatContribution = (value: number): string => {
+  const fixedValue = formatRiskScore(value);
+
+  // prevent +0.00 for values like 0.0001
+  if (fixedValue === '0.00') {
+    return fixedValue;
+  }
+
+  if (value > 0) {
+    return `+${fixedValue}`;
+  }
+
+  return fixedValue;
+};
diff --git a/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/flyout_v2/risk_summary.test.tsx b/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/flyout_v2/risk_summary.test.tsx
new file mode 100644
index 0000000000000..b5383fe7c34cb
--- /dev/null
+++ b/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/flyout_v2/risk_summary.test.tsx
@@ -0,0 +1,518 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import {
+  mockHostRiskScoreState,
+  mockUserRiskScoreState,
+} from '../../../flyout/entity_details/mocks';
+import { fireEvent, render } from '@testing-library/react';
+import React from 'react';
+import { TestProviders } from '../../../common/mock';
+import { FlyoutRiskSummary } from './risk_summary';
+import type {
+  LensAttributes,
+  VisualizationEmbeddableProps,
+} from '../../../common/components/visualization_actions/types';
+import type { Query } from '@kbn/es-query';
+import { EntityType } from '../../../../common/search_strategy';
+import type { RiskScoreState } from '../../api/hooks/use_risk_score';
+import {
+  EntityDetailsLeftPanelTab,
+  RiskScoreLeftPanelSubTab,
+} from '../../../flyout/entity_details/shared/components/left_panel/left_panel_header';
+
+const mockVisualizationEmbeddable = jest
+  .fn()
+  .mockReturnValue(<div data-test-subj="visualization-embeddable" />);
+const mockUseRiskScore = jest.fn();
+const mockUseResolutionGroup = jest.fn();
+
+jest.mock('../../../common/components/visualization_actions/visualization_embeddable', () => ({
+  VisualizationEmbeddable: (props: VisualizationEmbeddableProps) =>
+    mockVisualizationEmbeddable(props),
+}));
+
+jest.mock('../../api/hooks/use_risk_score', () => {
+  const actual = jest.requireActual('../../api/hooks/use_risk_score');
+  return {
+    ...actual,
+    useRiskScore: (params: unknown) => mockUseRiskScore(params),
+  };
+});
+
+jest.mock('../entity_resolution/hooks/use_resolution_group', () => ({
+  useResolutionGroup: (entityId: string) => mockUseResolutionGroup(entityId),
+}));
+
+describe('FlyoutRiskSummary (v2)', () => {
+  beforeEach(() => {
+    mockVisualizationEmbeddable.mockClear();
+    mockUseResolutionGroup.mockReturnValue({
+      data: undefined,
+      isLoading: false,
+      isFetching: false,
+      isError: false,
+    });
+    mockUseRiskScore.mockReturnValue({
+      ...(mockHostRiskScoreState as RiskScoreState<EntityType.host>),
+      data: undefined,
+    });
+  });
+
+  it('renders risk summary table with context and totals', () => {
+    const { getByTestId, queryByTestId } = render(
+      <TestProviders>
+        <FlyoutRiskSummary
+          riskScoreData={mockHostRiskScoreState}
+          queryId={'testQuery'}
+          openDetailsPanel={() => {}}
+          recalculatingScore={false}
+          entityType={EntityType.host}
+        />
+      </TestProviders>
+    );
+
+    expect(getByTestId('risk-summary-table')).toBeInTheDocument();
+
+    // Alerts
+    expect(getByTestId('risk-summary-table')).toHaveTextContent(
+      `${mockHostRiskScoreState.data?.[0].host.risk.category_1_count}`
+    );
+
+    // Result
+    expect(getByTestId('risk-summary-result-count')).toHaveTextContent(
+      `${mockHostRiskScoreState.data?.[0].host.risk.category_1_count}`
+    );
+
+    expect(getByTestId('risk-summary-result-score')).toHaveTextContent(
+      `${
+        (mockHostRiskScoreState.data?.[0].host.risk.category_1_score ?? 0) +
+        (mockHostRiskScoreState.data?.[0].host.risk.category_2_score ?? 0)
+      }`
+    );
+
+    expect(getByTestId('entityRiskInputsTitleLink')).toBeInTheDocument();
+    // v2: icon is always hidden (no isPreviewMode prop)
+    expect(queryByTestId('entityRiskInputsTitleIcon')).not.toBeInTheDocument();
+  });
+
+  it('renders risk summary table when riskScoreData is empty', () => {
+    const { getByTestId } = render(
+      <TestProviders>
+        <FlyoutRiskSummary
+          riskScoreData={{ ...mockHostRiskScoreState, data: undefined }}
+          queryId={'testQuery'}
+          openDetailsPanel={() => {}}
+          recalculatingScore={false}
+          entityType={EntityType.host}
+        />
+      </TestProviders>
+    );
+    expect(getByTestId('risk-summary-table')).toBeInTheDocument();
+  });
+
+  it('risk summary header does not render link when riskScoreData is loading', () => {
+    const { queryByTestId } = render(
+      <TestProviders>
+        <FlyoutRiskSummary
+          riskScoreData={{ ...mockHostRiskScoreState, data: undefined, loading: true }}
+          queryId={'testQuery'}
+          openDetailsPanel={() => {}}
+          recalculatingScore={false}
+          entityType={EntityType.host}
+        />
+      </TestProviders>
+    );
+
+    expect(queryByTestId('entityRiskInputsTitleLink')).not.toBeInTheDocument();
+  });
+
+  it('renders visualization embeddable', () => {
+    const { getByTestId } = render(
+      <TestProviders>
+        <FlyoutRiskSummary
+          riskScoreData={mockHostRiskScoreState}
+          queryId={'testQuery'}
+          openDetailsPanel={() => {}}
+          recalculatingScore={false}
+          entityType={EntityType.host}
+        />
+      </TestProviders>
+    );
+
+    expect(getByTestId('visualization-embeddable')).toBeInTheDocument();
+  });
+
+  it('renders updated at', () => {
+    const { getByTestId } = render(
+      <TestProviders>
+        <FlyoutRiskSummary
+          riskScoreData={mockHostRiskScoreState}
+          queryId={'testQuery'}
+          openDetailsPanel={() => {}}
+          recalculatingScore={false}
+          entityType={EntityType.host}
+        />
+      </TestProviders>
+    );
+
+    expect(getByTestId('risk-summary-updatedAt')).toHaveTextContent('Updated Nov 8, 1989');
+  });
+
+  it('builds lens attributes for host risk score', () => {
+    render(
+      <TestProviders>
+        <FlyoutRiskSummary
+          riskScoreData={mockHostRiskScoreState}
+          queryId={'testQuery'}
+          openDetailsPanel={() => {}}
+          recalculatingScore={false}
+          entityType={EntityType.host}
+        />
+      </TestProviders>
+    );
+
+    const lensAttributes: LensAttributes =
+      mockVisualizationEmbeddable.mock.calls[0][0].lensAttributes;
+    const datasourceLayers = Object.values(
+      lensAttributes.state.datasourceStates.formBased?.layers ?? {}
+    );
+    const firstColumn = Object.values(datasourceLayers[0].columns)[0];
+
+    expect((lensAttributes.state.query as Query).query).toEqual(
+      'host.name: "test" AND NOT host.risk.score_type: "resolution"'
+    );
+    expect(firstColumn).toEqual(
+      expect.objectContaining({
+        sourceField: 'host.risk.calculated_score_norm',
+      })
+    );
+  });
+
+  it('builds lens cases attachment metadata for host risk score', () => {
+    render(
+      <TestProviders>
+        <FlyoutRiskSummary
+          riskScoreData={mockHostRiskScoreState}
+          queryId={'testQuery'}
+          openDetailsPanel={() => {}}
+          recalculatingScore={false}
+          entityType={EntityType.host}
+        />
+      </TestProviders>
+    );
+
+    const lensMetadata: LensAttributes =
+      mockVisualizationEmbeddable.mock.calls[0][0].casesAttachmentMetadata;
+
+    expect(lensMetadata).toMatchInlineSnapshot(`
+      Object {
+        "description": "Risk score for host test",
+      }
+    `);
+  });
+
+  it('builds lens cases attachment metadata for user risk score', () => {
+    render(
+      <TestProviders>
+        <FlyoutRiskSummary
+          riskScoreData={mockUserRiskScoreState}
+          queryId={'testQuery'}
+          openDetailsPanel={() => {}}
+          recalculatingScore={false}
+          entityType={EntityType.user}
+        />
+      </TestProviders>
+    );
+
+    const lensMetadata: LensAttributes =
+      mockVisualizationEmbeddable.mock.calls[0][0].casesAttachmentMetadata;
+
+    expect(lensMetadata).toMatchInlineSnapshot(`
+      Object {
+        "description": "Risk score for user test",
+      }
+    `);
+  });
+
+  it('builds lens attributes for user risk score', () => {
+    render(
+      <TestProviders>
+        <FlyoutRiskSummary
+          riskScoreData={mockUserRiskScoreState}
+          queryId={'testQuery'}
+          openDetailsPanel={() => {}}
+          recalculatingScore={false}
+          entityType={EntityType.user}
+        />
+      </TestProviders>
+    );
+
+    const lensAttributes: LensAttributes =
+      mockVisualizationEmbeddable.mock.calls[0][0].lensAttributes;
+    const datasourceLayers = Object.values(
+      lensAttributes.state.datasourceStates.formBased?.layers ?? {}
+    );
+    const firstColumn = Object.values(datasourceLayers[0].columns)[0];
+
+    expect((lensAttributes.state.query as Query).query).toEqual(
+      'user.name: "test" AND NOT user.risk.score_type: "resolution"'
+    );
+    expect(firstColumn).toEqual(
+      expect.objectContaining({
+        sourceField: 'user.risk.calculated_score_norm',
+      })
+    );
+  });
+
+  it('entity risk inputs link calls openDetailsPanel with entity sub-tab', () => {
+    const openDetailsPanel = jest.fn();
+    const { getByTestId } = render(
+      <TestProviders>
+        <FlyoutRiskSummary
+          riskScoreData={mockHostRiskScoreState}
+          queryId={'testQuery'}
+          openDetailsPanel={openDetailsPanel}
+          recalculatingScore={false}
+          entityType={EntityType.host}
+        />
+      </TestProviders>
+    );
+
+    fireEvent.click(getByTestId('entityRiskInputsTitleLink'));
+
+    expect(openDetailsPanel).toHaveBeenCalledWith({
+      tab: EntityDetailsLeftPanelTab.RISK_INPUTS,
+      subTab: RiskScoreLeftPanelSubTab.ENTITY,
+    });
+  });
+
+  it('resolution risk inputs link calls openDetailsPanel with resolution sub-tab', () => {
+    const openDetailsPanel = jest.fn();
+    mockUseResolutionGroup.mockReturnValue({
+      data: {
+        target: { entity: { id: 'host:target-entity' } },
+        aliases: [],
+        group_size: 2,
+      },
+      isLoading: false,
+      isFetching: false,
+      isError: false,
+    });
+    mockUseRiskScore.mockReturnValue({
+      ...(mockHostRiskScoreState as RiskScoreState<EntityType.host>),
+      data: mockHostRiskScoreState.data,
+      loading: false,
+    });
+
+    const { getByTestId } = render(
+      <TestProviders>
+        <FlyoutRiskSummary
+          riskScoreData={mockHostRiskScoreState}
+          queryId={'testQuery'}
+          openDetailsPanel={openDetailsPanel}
+          recalculatingScore={false}
+          entityType={EntityType.host}
+          entityId="host:alias-entity"
+        />
+      </TestProviders>
+    );
+
+    fireEvent.click(getByTestId('resolutionRiskInputsTitleLink'));
+
+    expect(openDetailsPanel).toHaveBeenCalledWith({
+      tab: EntityDetailsLeftPanelTab.RISK_INPUTS,
+      subTab: RiskScoreLeftPanelSubTab.RESOLUTION,
+    });
+  });
+
+  it('does not render resolution risk inputs link when resolution score is loading', () => {
+    mockUseResolutionGroup.mockReturnValue({
+      data: {
+        target: { entity: { id: 'host:target-entity' } },
+        aliases: [],
+        group_size: 2,
+      },
+      isLoading: false,
+      isFetching: false,
+      isError: false,
+    });
+    mockUseRiskScore.mockReturnValue({
+      ...(mockHostRiskScoreState as RiskScoreState<EntityType.host>),
+      data: mockHostRiskScoreState.data,
+      loading: true,
+    });
+
+    const { queryByTestId } = render(
+      <TestProviders>
+        <FlyoutRiskSummary
+          riskScoreData={mockHostRiskScoreState}
+          queryId={'testQuery'}
+          openDetailsPanel={() => {}}
+          recalculatingScore={false}
+          entityType={EntityType.host}
+          entityId="host:alias-entity"
+        />
+      </TestProviders>
+    );
+
+    expect(queryByTestId('resolutionRiskInputsTitleLink')).not.toBeInTheDocument();
+  });
+
+  it('renders resolution risk score block when resolution score exists', () => {
+    mockUseResolutionGroup.mockReturnValue({
+      data: {
+        target: {
+          entity: {
+            id: 'host:target-entity',
+          },
+        },
+        aliases: [],
+        group_size: 2,
+      },
+      isLoading: false,
+      isFetching: false,
+      isError: false,
+    });
+    mockUseRiskScore.mockReturnValue({
+      ...(mockHostRiskScoreState as RiskScoreState<EntityType.host>),
+      data: mockHostRiskScoreState.data,
+      loading: false,
+    });
+
+    const { getByTestId, getAllByTestId } = render(
+      <TestProviders>
+        <FlyoutRiskSummary
+          riskScoreData={mockHostRiskScoreState}
+          queryId={'testQuery'}
+          openDetailsPanel={() => {}}
+          recalculatingScore={false}
+          entityType={EntityType.host}
+          entityId="host:alias-entity"
+        />
+      </TestProviders>
+    );
+
+    expect(getByTestId('resolution-risk-summary-table')).toBeInTheDocument();
+    expect(getAllByTestId('visualization-embeddable')).toHaveLength(2);
+    expect(mockUseRiskScore).toHaveBeenCalledWith(
+      expect.objectContaining({
+        filterQuery: expect.objectContaining({
+          bool: expect.objectContaining({
+            filter: expect.arrayContaining([
+              expect.objectContaining({
+                term: expect.objectContaining({
+                  'host.risk.id_value': 'host:target-entity',
+                }),
+              }),
+              expect.objectContaining({
+                term: expect.objectContaining({
+                  'host.risk.score_type': 'resolution',
+                }),
+              }),
+            ]),
+          }),
+        }),
+      })
+    );
+  });
+
+  it('falls back to prefetchedResolutionRisk when the inner risk-index lookup returns no data', () => {
+    mockUseResolutionGroup.mockReturnValue({
+      data: {
+        target: { entity: { id: 'host:target-entity' } },
+        aliases: [],
+        group_size: 2,
+      },
+      isLoading: false,
+      isFetching: false,
+      isError: false,
+    });
+    const prefetchedResolutionRisk = mockHostRiskScoreState.data?.[0];
+
+    const { getByTestId } = render(
+      <TestProviders>
+        <FlyoutRiskSummary
+          riskScoreData={mockHostRiskScoreState}
+          queryId={'testQuery'}
+          openDetailsPanel={() => {}}
+          recalculatingScore={false}
+          entityType={EntityType.host}
+          entityId="host:alias-entity"
+          prefetchedResolutionRisk={prefetchedResolutionRisk}
+        />
+      </TestProviders>
+    );
+
+    expect(getByTestId('resolution-risk-summary-table')).toBeInTheDocument();
+  });
+
+  it('does not render resolution risk block when neither the lookup nor prefetchedResolutionRisk has data', () => {
+    mockUseResolutionGroup.mockReturnValue({
+      data: {
+        target: { entity: { id: 'host:target-entity' } },
+        aliases: [],
+        group_size: 2,
+      },
+      isLoading: false,
+      isFetching: false,
+      isError: false,
+    });
+
+    const { queryByTestId } = render(
+      <TestProviders>
+        <FlyoutRiskSummary
+          riskScoreData={mockHostRiskScoreState}
+          queryId={'testQuery'}
+          openDetailsPanel={() => {}}
+          recalculatingScore={false}
+          entityType={EntityType.host}
+          entityId="host:alias-entity"
+        />
+      </TestProviders>
+    );
+
+    expect(queryByTestId('resolution-risk-summary-table')).not.toBeInTheDocument();
+  });
+
+  it('does not render resolution risk score block for standalone entities', () => {
+    mockUseResolutionGroup.mockReturnValue({
+      data: {
+        target: {
+          entity: {
+            id: 'host:target-entity',
+          },
+        },
+        aliases: [],
+        group_size: 1,
+      },
+      isLoading: false,
+      isFetching: false,
+      isError: false,
+    });
+    mockUseRiskScore.mockReturnValue({
+      ...(mockHostRiskScoreState as RiskScoreState<EntityType.host>),
+      data: mockHostRiskScoreState.data,
+      loading: false,
+    });
+
+    const { queryByTestId } = render(
+      <TestProviders>
+        <FlyoutRiskSummary
+          riskScoreData={mockHostRiskScoreState}
+          queryId={'testQuery'}
+          openDetailsPanel={() => {}}
+          recalculatingScore={false}
+          entityType={EntityType.host}
+          entityId="host:alias-entity"
+        />
+      </TestProviders>
+    );
+
+    expect(queryByTestId('resolution-risk-summary-table')).not.toBeInTheDocument();
+  });
+});
diff --git a/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/flyout_v2/risk_summary.tsx b/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/flyout_v2/risk_summary.tsx
new file mode 100644
index 0000000000000..a5da26311c30b
--- /dev/null
+++ b/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/flyout_v2/risk_summary.tsx
@@ -0,0 +1,530 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React, { useCallback, useMemo } from 'react';
+import {
+  EuiAccordion,
+  EuiBasicTable,
+  EuiFlexGroup,
+  EuiFlexItem,
+  EuiSpacer,
+  EuiTitle,
+  useEuiFontSize,
+  useEuiTheme,
+} from '@elastic/eui';
+import { css } from '@emotion/react';
+import { FormattedMessage } from '@kbn/i18n-react';
+import dateMath from '@kbn/datemath';
+import { i18n } from '@kbn/i18n';
+import { capitalize } from 'lodash/fp';
+import { useIsExperimentalFeatureEnabled } from '../../../common/hooks/use_experimental_features';
+import type { EntityType } from '../../../../common/entity_analytics/types';
+import { EntityTypeToIdentifierField } from '../../../../common/entity_analytics/types';
+import { useKibana } from '../../../common/lib/kibana/kibana_react';
+import type { EntityDetailsPath } from '../../../flyout/entity_details/shared/components/left_panel/left_panel_header';
+import {
+  EntityDetailsLeftPanelTab,
+  RiskScoreLeftPanelSubTab,
+} from '../../../flyout/entity_details/shared/components/left_panel/left_panel_header';
+import { InspectButton, InspectButtonContainer } from '../../../common/components/inspect';
+import { ONE_WEEK_IN_HOURS } from '../../../flyout/entity_details/shared/constants';
+import { FormattedRelativePreferenceDate } from '../../../common/components/formatted_date';
+import { VisualizationEmbeddable } from '../../../common/components/visualization_actions/visualization_embeddable';
+import { ExpandablePanel } from '../../../flyout_v2/shared/components/expandable_panel';
+import type { RiskScoreState } from '../../api/hooks/use_risk_score';
+import { useRiskScore } from '../../api/hooks/use_risk_score';
+import type { EntityRiskScore } from '../../../../common/search_strategy';
+import { getRiskScoreSummaryAttributes } from '../../lens_attributes/risk_score_summary';
+import { useSpaceId } from '../../../common/hooks/use_space_id';
+import { useResolutionGroup } from '../entity_resolution/hooks/use_resolution_group';
+import { getEntityId } from '../entity_resolution/helpers';
+
+import {
+  columnsArray,
+  getEntityData,
+  getItems,
+  LAST_30_DAYS,
+  LENS_VISUALIZATION_HEIGHT,
+  LENS_VISUALIZATION_MIN_WIDTH,
+  SUMMARY_TABLE_MIN_WIDTH,
+} from '../risk_summary_flyout/common';
+import { EntityEventTypes } from '../../../common/lib/telemetry';
+
+const FIRST_RECORD_PAGINATION = {
+  cursorStart: 0,
+  querySize: 1,
+};
+
+export interface RiskSummaryProps<T extends EntityType> {
+  riskScoreData: RiskScoreState<T>;
+  entityType: T;
+  recalculatingScore: boolean;
+  queryId: string;
+  openDetailsPanel: (path: EntityDetailsPath) => void;
+  entityId?: string;
+  /** Optional prefetched resolution-group risk; used when the internal risk-index lookup returns no doc. */
+  prefetchedResolutionRisk?: EntityRiskScore<T>;
+}
+
+const FlyoutRiskSummaryComponent = <T extends EntityType>({
+  riskScoreData,
+  entityType,
+  entityId,
+  recalculatingScore,
+  queryId,
+  openDetailsPanel,
+  prefetchedResolutionRisk,
+}: RiskSummaryProps<T>) => {
+  const { telemetry } = useKibana().services;
+  const { data } = riskScoreData;
+  const fallbackRiskData = data && data.length > 0 ? data[0] : undefined;
+  const { euiTheme } = useEuiTheme();
+  const spaceId = useSpaceId();
+  const entityRiskFilterQueryDsl = useMemo(
+    () =>
+      entityId
+        ? {
+            bool: {
+              filter: [{ term: { [`${entityType}.risk.id_value`]: entityId } }],
+              must_not: [{ term: { [`${entityType}.risk.score_type`]: 'resolution' } }],
+            },
+          }
+        : undefined,
+    [entityId, entityType]
+  );
+  const nonResolutionRiskScoreData = useRiskScore({
+    riskEntity: entityType,
+    filterQuery: entityRiskFilterQueryDsl,
+    onlyLatest: false,
+    pagination: FIRST_RECORD_PAGINATION,
+    skip: !entityId,
+  });
+  const nonResolutionRiskData =
+    nonResolutionRiskScoreData.data && nonResolutionRiskScoreData.data.length > 0
+      ? nonResolutionRiskScoreData.data[0]
+      : undefined;
+  const riskData = nonResolutionRiskData ?? fallbackRiskData;
+  const entityData = getEntityData<T>(entityType, riskData);
+  const lensAttributes = useMemo(() => {
+    const entityName = entityData?.name ?? '';
+    const query = entityId
+      ? `${entityType}.risk.id_value: "${entityId}" AND NOT ${entityType}.risk.score_type: "resolution"`
+      : `${EntityTypeToIdentifierField[entityType]}: "${entityName}" AND NOT ${entityType}.risk.score_type: "resolution"`;
+
+    return getRiskScoreSummaryAttributes({
+      severity: entityData?.risk?.calculated_level,
+      query,
+      spaceId,
+      riskEntity: entityType,
+      dataSource: 'risk_index',
+      metricLabel: i18n.translate(
+        'xpack.securitySolution.flyout.entityDetails.riskSummary.entityRiskScoreLabel',
+        {
+          defaultMessage: 'Entity risk score',
+        }
+      ),
+    });
+  }, [entityData?.name, entityData?.risk?.calculated_level, entityType, entityId, spaceId]);
+
+  const xsFontSize = useEuiFontSize('xxs').fontSize;
+  const isPrivmonModifierEnabled = useIsExperimentalFeatureEnabled(
+    'enableRiskScorePrivmonModifier'
+  );
+  const isWatchlistEnabled = useIsExperimentalFeatureEnabled('entityAnalyticsWatchlistEnabled');
+  const rows = useMemo(
+    () => getItems(entityData, isPrivmonModifierEnabled, isWatchlistEnabled),
+    [entityData, isPrivmonModifierEnabled, isWatchlistEnabled]
+  );
+
+  const onToggle = useCallback(
+    (isOpen: boolean) => {
+      telemetry.reportEvent(EntityEventTypes.ToggleRiskSummaryClicked, {
+        entity: entityType,
+        action: isOpen ? 'show' : 'hide',
+      });
+    },
+    [entityType, telemetry]
+  );
+
+  const casesAttachmentMetadata = useMemo(
+    () => ({
+      description: i18n.translate(
+        'xpack.securitySolution.flyout.entityDetails.riskSummary.casesAttachmentLabel',
+        {
+          defaultMessage:
+            'Risk score for {entityType, select, user {user} other {host}} {entityName}',
+          values: {
+            entityName: entityData?.name,
+            entityType,
+          },
+        }
+      ),
+    }),
+    [entityData?.name, entityType]
+  );
+
+  const riskDataTimestamp = riskData?.['@timestamp'];
+  const timerange = useMemo(() => {
+    const from = dateMath.parse(LAST_30_DAYS.from)?.toISOString() ?? LAST_30_DAYS.from;
+    const to = dateMath.parse(LAST_30_DAYS.to)?.toISOString() ?? LAST_30_DAYS.to;
+    return { from, to };
+    // eslint-disable-next-line react-hooks/exhaustive-deps
+  }, [riskDataTimestamp]); // Update the timerange whenever the risk score timestamp changes to include new entries
+
+  const goToEntityInsightsTab = useCallback(
+    (subTab?: RiskScoreLeftPanelSubTab) =>
+      openDetailsPanel({ tab: EntityDetailsLeftPanelTab.RISK_INPUTS, subTab }),
+    [openDetailsPanel]
+  );
+
+  const entityTabLink = useMemo(
+    () => ({
+      callback: () => goToEntityInsightsTab(RiskScoreLeftPanelSubTab.ENTITY),
+      tooltip: (
+        <FormattedMessage
+          id="xpack.securitySolution.flyout.entityDetails.showAllEntityRiskInputs"
+          defaultMessage="Show all entity risk inputs"
+        />
+      ),
+    }),
+    [goToEntityInsightsTab]
+  );
+
+  const resolutionTabLink = useMemo(
+    () => ({
+      callback: () => goToEntityInsightsTab(RiskScoreLeftPanelSubTab.RESOLUTION),
+      tooltip: (
+        <FormattedMessage
+          id="xpack.securitySolution.flyout.entityDetails.showAllResolutionRiskInputs"
+          defaultMessage="Show all resolution group risk inputs"
+        />
+      ),
+    }),
+    [goToEntityInsightsTab]
+  );
+
+  const { data: resolutionGroup } = useResolutionGroup(entityId ?? '', {
+    enabled: Boolean(entityId),
+  });
+  const hasRealResolutionGroup = (resolutionGroup?.group_size ?? 0) > 1;
+  const resolutionTargetEntityId = useMemo(
+    () => (resolutionGroup?.target ? getEntityId(resolutionGroup.target) : undefined),
+    [resolutionGroup?.target]
+  );
+  const shouldFetchResolutionRiskScore =
+    hasRealResolutionGroup && Boolean(resolutionTargetEntityId);
+  const resolutionRiskFilterQueryDsl = useMemo(
+    () =>
+      shouldFetchResolutionRiskScore && resolutionTargetEntityId
+        ? {
+            bool: {
+              filter: [
+                { term: { [`${entityType}.risk.id_value`]: resolutionTargetEntityId } },
+                { term: { [`${entityType}.risk.score_type`]: 'resolution' } },
+              ],
+            },
+          }
+        : undefined,
+    [entityType, resolutionTargetEntityId, shouldFetchResolutionRiskScore]
+  );
+  const resolutionRiskScoreData = useRiskScore({
+    riskEntity: entityType,
+    filterQuery: resolutionRiskFilterQueryDsl,
+    onlyLatest: false,
+    pagination: FIRST_RECORD_PAGINATION,
+    skip: !shouldFetchResolutionRiskScore,
+  });
+  const resolutionRiskData =
+    (resolutionRiskScoreData.data && resolutionRiskScoreData.data.length > 0
+      ? resolutionRiskScoreData.data[0]
+      : undefined) ?? prefetchedResolutionRisk;
+  const resolutionEntityData = getEntityData<T>(entityType, resolutionRiskData);
+  const resolutionRows = useMemo(
+    () => getItems(resolutionEntityData, isPrivmonModifierEnabled, isWatchlistEnabled),
+    [resolutionEntityData, isPrivmonModifierEnabled, isWatchlistEnabled]
+  );
+  const showResolutionRiskSummary = hasRealResolutionGroup && Boolean(resolutionEntityData?.risk);
+  const resolutionLensAttributes = useMemo(() => {
+    if (!resolutionTargetEntityId) {
+      return undefined;
+    }
+
+    return getRiskScoreSummaryAttributes({
+      severity: resolutionEntityData?.risk?.calculated_level,
+      query: `${entityType}.risk.id_value: "${resolutionTargetEntityId}" AND ${entityType}.risk.score_type: "resolution"`,
+      spaceId,
+      riskEntity: entityType,
+      dataSource: 'risk_index',
+      metricLabel: i18n.translate(
+        'xpack.securitySolution.flyout.entityDetails.riskSummary.resolutionGroupRiskScoreLabel',
+        {
+          defaultMessage: 'Resolution group risk score',
+        }
+      ),
+    });
+  }, [entityType, resolutionEntityData?.risk?.calculated_level, resolutionTargetEntityId, spaceId]);
+  const resolutionCasesAttachmentMetadata = useMemo(
+    () => ({
+      description: i18n.translate(
+        'xpack.securitySolution.flyout.entityDetails.resolutionRiskSummary.casesAttachmentLabel',
+        {
+          defaultMessage:
+            'Resolution group risk score for {entityType, select, user {user} other {host}} {entityName}',
+          values: {
+            entityName: resolutionEntityData?.name,
+            entityType,
+          },
+        }
+      ),
+    }),
+    [entityType, resolutionEntityData?.name]
+  );
+  const resolutionTimerange = useMemo(() => {
+    const from = dateMath.parse(LAST_30_DAYS.from)?.toISOString() ?? LAST_30_DAYS.from;
+    const to = dateMath.parse(LAST_30_DAYS.to)?.toISOString() ?? LAST_30_DAYS.to;
+    return { from, to };
+    // eslint-disable-next-line react-hooks/exhaustive-deps
+  }, [resolutionRiskData?.['@timestamp']]);
+
+  return (
+    <EuiAccordion
+      onToggle={onToggle}
+      initialIsOpen
+      id={'risk_summary'}
+      buttonProps={{
+        css: css`
+          color: ${euiTheme.colors.primary};
+        `,
+      }}
+      buttonContent={
+        <EuiTitle size="xs">
+          <h3>
+            <FormattedMessage
+              id="xpack.securitySolution.flyout.riskScore.title"
+              defaultMessage="Risk score"
+            />
+          </h3>
+        </EuiTitle>
+      }
+      extraAction={
+        <span
+          data-test-subj="risk-summary-updatedAt"
+          css={css`
+            font-size: ${xsFontSize};
+          `}
+        >
+          {riskData && (
+            <FormattedMessage
+              id="xpack.securitySolution.flyout.entityDetails.riskUpdatedTime"
+              defaultMessage="Updated {time}"
+              values={{
+                time: (
+                  <FormattedRelativePreferenceDate
+                    value={riskData['@timestamp']}
+                    dateFormat="MMM D, YYYY"
+                    relativeThresholdInHrs={ONE_WEEK_IN_HOURS}
+                  />
+                ),
+              }}
+            />
+          )}
+        </span>
+      }
+    >
+      <EuiSpacer size="m" />
+
+      <ExpandablePanel
+        data-test-subj="entityRiskInputs"
+        header={{
+          title: (
+            <FormattedMessage
+              id="xpack.securitySolution.flyout.entityDetails.entityRiskInputs"
+              defaultMessage="Entity risk contributions"
+            />
+          ),
+          link: riskScoreData.loading ? undefined : entityTabLink,
+          iconType: undefined,
+        }}
+        expand={{
+          expandable: false,
+        }}
+      >
+        <EuiFlexGroup gutterSize="m" direction="row" wrap>
+          <EuiFlexItem grow={1}>
+            <div
+              // Improve Visualization loading state by predefining the size
+              // Set min-width for a fluid layout
+              css={css`
+                height: ${LENS_VISUALIZATION_HEIGHT}px;
+                min-width: ${LENS_VISUALIZATION_MIN_WIDTH}px;
+              `}
+            >
+              {riskData && (
+                <VisualizationEmbeddable
+                  applyGlobalQueriesAndFilters={false}
+                  applyPageAndTabsFilters={false}
+                  lensAttributes={lensAttributes}
+                  id={`RiskSummary-risk_score_metric`}
+                  timerange={timerange}
+                  width={'100%'}
+                  height={LENS_VISUALIZATION_HEIGHT}
+                  disableOnClickFilter
+                  inspectTitle={
+                    <FormattedMessage
+                      id="xpack.securitySolution.flyout.entityDetails.inspectVisualizationTitle"
+                      defaultMessage="Risk Summary Visualization"
+                    />
+                  }
+                  casesAttachmentMetadata={casesAttachmentMetadata}
+                />
+              )}
+            </div>
+          </EuiFlexItem>
+          <EuiFlexItem
+            grow={3}
+            css={css`
+              min-width: ${SUMMARY_TABLE_MIN_WIDTH}px;
+            `}
+          >
+            <InspectButtonContainer>
+              <div
+                // Anchors the position absolute inspect button (nearest positioned ancestor)
+                css={css`
+                  position: relative;
+                `}
+              >
+                <div
+                  // Position the inspect button above the table
+                  css={css`
+                    position: absolute;
+                    right: 0;
+                    top: -${euiTheme.size.base};
+                  `}
+                >
+                  <InspectButton
+                    queryId={queryId}
+                    title={
+                      <FormattedMessage
+                        id="xpack.securitySolution.flyout.entityDetails.inspectTableTitle"
+                        defaultMessage="Risk Summary Table"
+                      />
+                    }
+                  />
+                </div>
+                <EuiBasicTable
+                  tableCaption={i18n.translate(
+                    'xpack.securitySolution.flyout.entityDetails.riskSummaryTableCaption',
+                    {
+                      defaultMessage: 'Risk summary for {entity}',
+                      values: {
+                        entity: capitalize(entityType),
+                      },
+                    }
+                  )}
+                  data-test-subj="risk-summary-table"
+                  responsiveBreakpoint={false}
+                  columns={columnsArray}
+                  items={rows}
+                  compressed
+                  loading={
+                    riskScoreData.loading ||
+                    nonResolutionRiskScoreData.loading ||
+                    recalculatingScore
+                  }
+                />
+              </div>
+            </InspectButtonContainer>
+          </EuiFlexItem>
+        </EuiFlexGroup>
+      </ExpandablePanel>
+      {showResolutionRiskSummary && (
+        <>
+          <EuiSpacer size="m" />
+          <ExpandablePanel
+            data-test-subj="resolutionRiskInputs"
+            header={{
+              title: (
+                <FormattedMessage
+                  id="xpack.securitySolution.flyout.entityDetails.resolutionRiskInputs"
+                  defaultMessage="Resolution group risk contributions"
+                />
+              ),
+              link: resolutionRiskScoreData.loading ? undefined : resolutionTabLink,
+              iconType: undefined,
+            }}
+            expand={{
+              expandable: false,
+            }}
+          >
+            <EuiFlexGroup gutterSize="m" direction="row" wrap>
+              <EuiFlexItem grow={1}>
+                <div
+                  // Improve Visualization loading state by predefining the size
+                  // Set min-width for a fluid layout
+                  css={css`
+                    height: ${LENS_VISUALIZATION_HEIGHT}px;
+                    min-width: ${LENS_VISUALIZATION_MIN_WIDTH}px;
+                  `}
+                >
+                  {resolutionRiskData && resolutionLensAttributes && (
+                    <VisualizationEmbeddable
+                      applyGlobalQueriesAndFilters={false}
+                      applyPageAndTabsFilters={false}
+                      lensAttributes={resolutionLensAttributes}
+                      id={`RiskSummary-resolution_risk_score_metric`}
+                      timerange={resolutionTimerange}
+                      width={'100%'}
+                      height={LENS_VISUALIZATION_HEIGHT}
+                      disableOnClickFilter
+                      inspectTitle={
+                        <FormattedMessage
+                          id="xpack.securitySolution.flyout.entityDetails.inspectResolutionVisualizationTitle"
+                          defaultMessage="Resolution Risk Summary Visualization"
+                        />
+                      }
+                      casesAttachmentMetadata={resolutionCasesAttachmentMetadata}
+                    />
+                  )}
+                </div>
+              </EuiFlexItem>
+              <EuiFlexItem
+                grow={3}
+                css={css`
+                  min-width: ${SUMMARY_TABLE_MIN_WIDTH}px;
+                `}
+              >
+                <EuiBasicTable
+                  tableCaption={i18n.translate(
+                    'xpack.securitySolution.flyout.entityDetails.resolutionRiskSummaryTableCaption',
+                    {
+                      defaultMessage: 'Resolution risk summary for {entity}',
+                      values: {
+                        entity: capitalize(entityType),
+                      },
+                    }
+                  )}
+                  data-test-subj="resolution-risk-summary-table"
+                  responsiveBreakpoint={false}
+                  columns={columnsArray}
+                  items={resolutionRows}
+                  compressed
+                  loading={resolutionRiskScoreData.loading || recalculatingScore}
+                />
+              </EuiFlexItem>
+            </EuiFlexGroup>
+          </ExpandablePanel>
+        </>
+      )}
+      <EuiSpacer size="s" />
+    </EuiAccordion>
+  );
+};
+
+export const FlyoutRiskSummary = React.memo(
+  FlyoutRiskSummaryComponent
+) as typeof FlyoutRiskSummaryComponent & { displayName: string }; // This is needed to make React.memo work with generic
+FlyoutRiskSummary.displayName = 'RiskSummary';
diff --git a/x-pack/solutions/security/plugins/security_solution/public/explore/hosts/pages/details/index.tsx b/x-pack/solutions/security/plugins/security_solution/public/explore/hosts/pages/details/index.tsx
index 14046f3c29b75..208c53c1e588e 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/explore/hosts/pages/details/index.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/explore/hosts/pages/details/index.tsx
@@ -80,9 +80,9 @@ import {
   useEntityFromStore,
   type EntityStoreRecord,
 } from '../../../../flyout/entity_details/shared/hooks/use_entity_from_store';
-import { ObservedDataSection as HostObservedDataSection } from '../../../../flyout/entity_details/host_right/components/observed_data_section';
+import { ObservedDataSection as HostObservedDataSection } from '../../../../flyout_v2/entity/host/main/components/observed_data_section';
 import { HOST_PANEL_OBSERVED_HOST_QUERY_ID } from '../../../../flyout/entity_details/host_right';
-import { useObservedHost } from '../../../../flyout/entity_details/host_right/hooks/use_observed_host';
+import { useObservedHost } from '../../../../flyout_v2/entity/host/main/hooks/use_observed_host';
 import { buildRiskScoreStateFromEntityRecord } from '../../../../flyout/entity_details/shared/entity_store_risk_utils';
 import { NO_CORRESPONDING_ENTITY_EXISTS } from '../../../../flyout/entity_details/shared/translations';
 import { useSecurityDefaultPatterns } from '../../../../data_view_manager/hooks/use_security_default_patterns';
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/left/components/host_details.test.tsx b/x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/left/components/host_details.test.tsx
index 8d189bfb2ed19..b115aa629ac41 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/left/components/host_details.test.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/left/components/host_details.test.tsx
@@ -15,7 +15,7 @@ import { TestProviders } from '../../../../common/mock';
 import { HostDetails } from './host_details';
 import { useMlCapabilities } from '../../../../common/components/ml/hooks/use_ml_capabilities';
 import { mockAnomalies } from '../../../../common/components/ml/mock';
-import { useObservedHost } from '../../../entity_details/host_right/hooks/use_observed_host';
+import { useObservedHost } from '../../../../flyout_v2/entity/host/main/hooks/use_observed_host';
 import { useHostRelatedUsers } from '../../../../common/containers/related_entities/related_users';
 import { RiskSeverity } from '../../../../../common/search_strategy';
 import {
@@ -97,7 +97,7 @@ jest.mock('../../../../common/components/ml/anomaly/anomaly_table_provider', ()
   }) => children({ anomaliesData: mockAnomalies, isLoadingAnomaliesData: false, jobNameById: {} }),
 }));
 
-jest.mock('../../../entity_details/host_right/hooks/use_observed_host');
+jest.mock('../../../../flyout_v2/entity/host/main/hooks/use_observed_host');
 const mockUseObservedHost = useObservedHost as jest.Mock;
 
 jest.mock('../../../../common/containers/related_entities/related_users');
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/left/components/host_details.tsx b/x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/left/components/host_details.tsx
index 9204e3920c21a..d2c85c409251c 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/left/components/host_details.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/left/components/host_details.tsx
@@ -90,7 +90,7 @@ import { useSelectedPatterns } from '../../../../data_view_manager/hooks/use_sel
 import { useSecurityDefaultPatterns } from '../../../../data_view_manager/hooks/use_security_default_patterns';
 import { useSpaceId } from '../../../../common/hooks/use_space_id';
 import type { EntityFromStoreResult } from '../../../entity_details/shared/hooks/use_entity_from_store';
-import { useObservedHost } from '../../../entity_details/host_right/hooks/use_observed_host';
+import { useObservedHost } from '../../../../flyout_v2/entity/host/main/hooks/use_observed_host';
 import {
   buildRiskScoreStateFromEntityRecord,
   getRiskFromEntityRecord,
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/host_right/footer.tsx b/x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/host_right/footer.tsx
deleted file mode 100644
index f93a513a44c95..0000000000000
--- a/x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/host_right/footer.tsx
+++ /dev/null
@@ -1,59 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import React, { useMemo } from 'react';
-import { EuiFlyoutFooter, EuiPanel, EuiFlexGroup, EuiFlexItem } from '@elastic/eui';
-import { useEntityStoreEuidApi } from '@kbn/entity-store/public';
-import { TakeAction } from '../shared/components/take_action';
-import { EntityIdentifierFields, EntityType } from '../../../../common/entity_analytics/types';
-import type { IdentityFields } from '../../document_details/shared/utils';
-import type { EntityStoreRecord } from '../shared/hooks/use_entity_from_store';
-import { AiAssistantButton } from '../../../entity_analytics/components/ai_assistant_button/ai_assistant_button';
-
-export const HostPanelFooter = ({
-  identityFields,
-  entity,
-}: {
-  identityFields: IdentityFields;
-  /** When entity store v2 is enabled: entity record from the store. */
-  entity?: EntityStoreRecord;
-}) => {
-  const hostName = useMemo(
-    () => identityFields[EntityIdentifierFields.hostName] || Object.values(identityFields)[0] || '',
-    [identityFields]
-  );
-
-  const euidApi = useEntityStoreEuidApi();
-  const euidEntityFilter = useMemo((): string | undefined => {
-    if (!euidApi?.euid || !entity) {
-      return undefined;
-    }
-    return euidApi.euid.kql.getEuidFilterBasedOnDocument('host', entity);
-  }, [euidApi?.euid, entity]);
-
-  return (
-    <EuiFlyoutFooter>
-      <EuiPanel color="transparent">
-        <EuiFlexGroup justifyContent="flexEnd" alignItems="center">
-          <EuiFlexItem grow={false}>
-            <AiAssistantButton
-              entityType={EntityType.host}
-              entityName={hostName}
-              telemetryPathway="entity_flyout"
-            />
-          </EuiFlexItem>
-          <EuiFlexItem grow={false}>
-            <TakeAction
-              isDisabled={!hostName}
-              kqlQuery={euidEntityFilter ?? `host.name: "${hostName}"`}
-            />
-          </EuiFlexItem>
-        </EuiFlexGroup>
-      </EuiPanel>
-    </EuiFlyoutFooter>
-  );
-};
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/host_right/index.test.tsx b/x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/host_right/index.test.tsx
index c527a56146561..373e539f2fd96 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/host_right/index.test.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/host_right/index.test.tsx
@@ -38,7 +38,7 @@ jest.mock('../../../entity_analytics/api/hooks/use_risk_score', () => ({
 
 const mockedUseObservedHost = jest.fn().mockReturnValue(mockObservedHostData);
 
-jest.mock('./hooks/use_observed_host', () => ({
+jest.mock('../../../flyout_v2/entity/host/main/hooks/use_observed_host', () => ({
   useObservedHost: () => mockedUseObservedHost(),
 }));
 
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/host_right/index.tsx b/x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/host_right/index.tsx
index d79837e0554d5..62f54c61de4dc 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/host_right/index.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/host_right/index.tsx
@@ -11,7 +11,7 @@ import { useHasMisconfigurations } from '@kbn/cloud-security-posture/src/hooks/u
 import { useHasVulnerabilities } from '@kbn/cloud-security-posture/src/hooks/use_has_vulnerabilities';
 import { TableId } from '@kbn/securitysolution-data-table';
 import { FF_ENABLE_ENTITY_STORE_V2, useEntityStoreEuidApi } from '@kbn/entity-store/public';
-import { EuiSpacer } from '@elastic/eui';
+import { EuiFlyoutFooter, EuiSpacer } from '@elastic/eui';
 import { useAssetCriticalityPrivileges } from '../../../entity_analytics/components/asset_criticality/use_asset_criticality';
 import { useUpdateAssetCriticality } from '../../../entity_analytics/api/hooks/use_update_asset_criticality';
 import { buildEuidCspPreviewOptions } from '../../../cloud_security_posture/utils/build_euid_csp_preview_options';
@@ -27,14 +27,14 @@ import { useGlobalTime } from '../../../common/containers/use_global_time';
 import { buildHostNamesFilter, type RiskSeverity } from '../../../../common/search_strategy';
 import { useUiSetting, useKibana } from '../../../common/lib/kibana';
 import { FlyoutNavigation } from '../../shared/components/flyout_navigation';
-import { HostPanelFooter } from './footer';
-import { HostPanelContent } from './content';
-import { HostPanelHeader } from './header';
+import { Footer } from '../../../flyout_v2/entity/host/main/footer';
+import { Content } from '../../../flyout_v2/entity/host/main/content';
+import { Header } from '../../../flyout_v2/entity/host/main/header';
 import { EntityDetailsLeftPanelTab } from '../shared/components/left_panel/left_panel_header';
 import { HostPreviewPanelFooter } from '../host_preview/footer';
 import { useNavigateToHostDetails } from './hooks/use_navigate_to_host_details';
 import { EntityType } from '../../../../common/entity_analytics/types';
-import { useObservedHost } from './hooks/use_observed_host';
+import { useObservedHost } from '../../../flyout_v2/entity/host/main/hooks/use_observed_host';
 import {
   buildRiskScoreStateFromEntityRecord,
   getRiskFromEntityRecord,
@@ -46,7 +46,11 @@ import {
   mergeLegacyIdentityWhenStoreEntityMissing,
   type IdentityFields,
 } from '../../document_details/shared/utils';
-import { HOST_PANEL_RISK_SCORE_QUERY_ID, HOST_PANEL_OBSERVED_HOST_QUERY_ID } from './constants';
+import {
+  HOST_PANEL_RISK_SCORE_QUERY_ID,
+  HOST_PANEL_OBSERVED_HOST_QUERY_ID,
+} from '../../../flyout_v2/entity/host/main/constants';
+import { FlyoutHeader } from '../../shared/components/flyout_header';
 import { FlyoutBody } from '../../shared/components/flyout_body';
 import { useEntityPanelTabs, TABLE_TAB_ID } from '../shared/hooks/use_entity_panel_tabs';
 import { EntityPanelHeaderTabs } from '../shared/components/entity_panel_tabs';
@@ -297,19 +301,21 @@ export const HostPanel = memo(function HostPanel({
         isPreviewMode={isPreviewMode}
         isRulePreview={scopeId === TableId.rulePreview}
       />
-      <HostPanelHeader
-        hostName={hostName}
-        lastSeen={observedHost.lastSeen}
-        entityId={panelDisplayEntityId}
-        identityFields={documentEntityIdentifiers}
-        isEntityInStore={!!observedHost.entityRecord}
-        riskLevel={
-          observedHost.entityRecord
-            ? ((getRiskFromEntityRecord(observedHost.entityRecord)?.calculated_level ??
-                'Unknown') as RiskSeverity)
-            : undefined
-        }
-      />
+      <FlyoutHeader>
+        <Header
+          hostName={hostName}
+          lastSeen={observedHost.lastSeen}
+          entityId={panelDisplayEntityId}
+          identityFields={documentEntityIdentifiers}
+          isEntityInStore={!!observedHost.entityRecord}
+          riskLevel={
+            observedHost.entityRecord
+              ? ((getRiskFromEntityRecord(observedHost.entityRecord)?.calculated_level ??
+                  'Unknown') as RiskSeverity)
+              : undefined
+          }
+        />
+      </FlyoutHeader>
       <FlyoutBody>
         {observedHost.entityRecord && (
           <EntitySummaryGrid
@@ -323,7 +329,7 @@ export const HostPanel = memo(function HostPanel({
         {tabs && selectedTabId === TABLE_TAB_ID && observedHost.entityRecord ? (
           <EntityStoreTableTab entityRecord={observedHost.entityRecord} />
         ) : (
-          <HostPanelContent
+          <Content
             identityFields={documentEntityIdentifiers}
             observedHost={observedHost}
             riskScoreState={effectiveRiskScoreState}
@@ -348,7 +354,9 @@ export const HostPanel = memo(function HostPanel({
         />
       )}
       {!isPreviewMode && assetInventoryEnabled && (
-        <HostPanelFooter identityFields={documentEntityIdentifiers} entity={entityFromStore} />
+        <EuiFlyoutFooter>
+          <Footer identityFields={documentEntityIdentifiers} entity={entityFromStore} />
+        </EuiFlyoutFooter>
       )}
     </>
   );
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/shared/components/entity_table/columns.tsx b/x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/shared/components/entity_table/columns.tsx
index 5e1d8454f8369..386823c5924ea 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/shared/components/entity_table/columns.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/shared/components/entity_table/columns.tsx
@@ -14,14 +14,15 @@ import {
   toFieldRendererItems,
 } from '../../../../../timelines/components/field_renderers/default_renderer';
 import { getEmptyTagValue } from '../../../../../common/components/empty_value';
-import type { BasicEntityData, EntityTableColumns } from './types';
+import type { BasicEntityData, EntityTableColumns, EntityTableLinkRenderer } from './types';
 import { isFlyoutLink } from '../../../../shared/utils/link_utils';
 import { PreviewLink } from '../../../../shared/components/preview_link';
 
 export const getEntityTableColumns = <T extends BasicEntityData>(
   contextID: string,
   scopeId: string,
-  data: T
+  data: T,
+  linkRenderer?: EntityTableLinkRenderer
 ): EntityTableColumns<T> => [
   {
     name: (
@@ -55,17 +56,28 @@ export const getEntityTableColumns = <T extends BasicEntityData>(
       const values = getValues && getValues(data);
 
       if (field) {
-        const showPreviewLink = values && isFlyoutLink({ field, scopeId });
-        const renderPreviewLink = (value: string) => (
-          <PreviewLink field={field} value={value} entityId={data.entityId} scopeId={scopeId} />
-        );
+        let renderLink: ((value: string) => JSX.Element) | undefined;
+        if (linkRenderer) {
+          const LinkRenderer = linkRenderer;
+          renderLink = (value: string) => (
+            <LinkRenderer field={field} value={value}>
+              {value}
+            </LinkRenderer>
+          );
+        } else if (values && isFlyoutLink({ field, scopeId })) {
+          renderLink = (value: string) => (
+            <PreviewLink field={field} value={value} entityId={data.entityId} scopeId={scopeId} />
+          );
+        } else {
+          renderLink = renderField;
+        }
         return (
           <DefaultFieldRenderer
             rowItems={toFieldRendererItems(values)}
             attrName={field}
             idPrefix={contextID ? `entityTable-${contextID}` : 'entityTable'}
             scopeId={scopeId}
-            render={showPreviewLink ? renderPreviewLink : renderField}
+            render={renderLink}
             data-test-subj="entity-table-value"
           />
         );
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/shared/components/entity_table/index.tsx b/x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/shared/components/entity_table/index.tsx
index 8d5448be95745..4c25ffe90a7b3 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/shared/components/entity_table/index.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/shared/components/entity_table/index.tsx
@@ -8,13 +8,14 @@
 import React, { useMemo } from 'react';
 import { BasicTable } from '../../../../../common/components/ml/tables/basic_table';
 import { getEntityTableColumns } from './columns';
-import type { BasicEntityData, EntityTableRows } from './types';
+import type { BasicEntityData, EntityTableLinkRenderer, EntityTableRows } from './types';
 
 interface EntityTableProps<T extends BasicEntityData> {
   contextID: string;
   scopeId: string;
   data: T;
   entityFields: EntityTableRows<T>;
+  linkRenderer?: EntityTableLinkRenderer;
 }
 
 export const EntityTable = <T extends BasicEntityData>({
@@ -22,6 +23,7 @@ export const EntityTable = <T extends BasicEntityData>({
   scopeId,
   data,
   entityFields,
+  linkRenderer,
 }: EntityTableProps<T>) => {
   const items = useMemo(
     () => entityFields.filter(({ isVisible }) => (isVisible ? isVisible(data) : true)),
@@ -29,8 +31,8 @@ export const EntityTable = <T extends BasicEntityData>({
   );
 
   const entityTableColumns = useMemo(
-    () => getEntityTableColumns<T>(contextID, scopeId, data),
-    [contextID, scopeId, data]
+    () => getEntityTableColumns<T>(contextID, scopeId, data, linkRenderer),
+    [contextID, scopeId, data, linkRenderer]
   );
   return (
     <BasicTable
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/shared/components/entity_table/types.ts b/x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/shared/components/entity_table/types.ts
index 85a2d73443ddd..9f1a440a03fcc 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/shared/components/entity_table/types.ts
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/shared/components/entity_table/types.ts
@@ -5,9 +5,21 @@
  * 2.0.
  */
 
+import type { ComponentType, ReactNode } from 'react';
 import type { EuiBasicTableColumn } from '@elastic/eui';
 import type { XOR } from '../../../../../../common/utility_types';
 
+/**
+ * Optional renderer for entity table values that wraps the value in a link
+ * (e.g., a v2 flyout link). Receives the field name and value, and may render `children`
+ * as the visible content.
+ */
+export type EntityTableLinkRenderer = ComponentType<{
+  field: string;
+  value: string;
+  children?: ReactNode;
+}>;
+
 export type EntityTableRow<T extends BasicEntityData> = XOR<
   {
     label: string;
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/shared/components/observed_entity/index.tsx b/x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/shared/components/observed_entity/index.tsx
index d75e80edbaba9..e8b83d6f8edb3 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/shared/components/observed_entity/index.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/shared/components/observed_entity/index.tsx
@@ -10,7 +10,7 @@ import { EuiSpacer } from '@elastic/eui';
 import React from 'react';
 import { EntityTable } from '../entity_table';
 import { InspectButtonContainer } from '../../../../../common/components/inspect';
-import type { EntityTableRows } from '../entity_table/types';
+import type { EntityTableLinkRenderer, EntityTableRows } from '../entity_table/types';
 import type { ObservedEntityData } from './types';
 
 export const ObservedEntity = <T,>({
@@ -18,11 +18,13 @@ export const ObservedEntity = <T,>({
   contextID,
   scopeId,
   observedFields,
+  linkRenderer,
 }: {
   observedData: ObservedEntityData<T>;
   contextID: string;
   scopeId: string;
   observedFields: EntityTableRows<ObservedEntityData<T>>;
+  linkRenderer?: EntityTableLinkRenderer;
 }) => {
   return (
     <InspectButtonContainer>
@@ -32,6 +34,7 @@ export const ObservedEntity = <T,>({
         scopeId={scopeId}
         data={observedData}
         entityFields={observedFields}
+        linkRenderer={linkRenderer}
       />
     </InspectButtonContainer>
   );
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/csp_details/misconfiguration_panel.test.tsx b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/csp_details/misconfiguration_panel.test.tsx
new file mode 100644
index 0000000000000..7f2c690db3a6a
--- /dev/null
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/csp_details/misconfiguration_panel.test.tsx
@@ -0,0 +1,108 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React from 'react';
+import { render } from '@testing-library/react';
+import { useMisconfigurationFinding } from '@kbn/cloud-security-posture/src/hooks/use_misconfiguration_finding';
+import { MisconfigurationPanel } from './misconfiguration_panel';
+
+jest.mock('@kbn/cloud-security-posture/src/hooks/use_misconfiguration_finding', () => ({
+  useMisconfigurationFinding: jest.fn(),
+}));
+
+jest.mock('../shared/components/flyout_error', () => ({
+  FlyoutError: () => <div data-test-subj="mockFlyoutError" />,
+}));
+
+jest.mock('../shared/components/flyout_loading', () => ({
+  FlyoutLoading: ({ 'data-test-subj': dataTestSubj }: { 'data-test-subj'?: string }) => (
+    <div data-test-subj={dataTestSubj ?? 'mockFlyoutLoading'} />
+  ),
+}));
+
+jest.mock('@kbn/cloud-security-posture', () => ({
+  CspEvaluationBadge: ({ type }: { type?: string }) => (
+    <div data-test-subj="mockCspEvaluationBadge" data-type={type} />
+  ),
+}));
+
+jest.mock('../shared/components/flyout_title', () => ({
+  FlyoutTitle: ({ title }: { title: string }) => (
+    <div data-test-subj="mockFlyoutTitle">{title}</div>
+  ),
+}));
+
+jest.mock('../../common/components/formatted_date', () => ({
+  PreferenceFormattedDate: () => <span data-test-subj="mockFormattedDate" />,
+}));
+
+const mockCspHeader = jest.fn(() => <div data-test-subj="mockCspFlyoutHeader" />);
+const mockCspBody = jest.fn(() => <div data-test-subj="mockCspFlyoutBody" />);
+
+jest.mock('../../common/lib/kibana', () => ({
+  useKibana: () => ({
+    services: {
+      cloudSecurityPosture: {
+        getCloudSecurityPostureMisconfigurationFlyout: () => ({
+          Header: mockCspHeader,
+          Body: mockCspBody,
+        }),
+      },
+    },
+  }),
+}));
+
+const useMisconfigurationFindingMock = useMisconfigurationFinding as jest.Mock;
+
+const renderPanel = () => render(<MisconfigurationPanel resourceId="resource-1" ruleId="rule-1" />);
+
+describe('<MisconfigurationPanel />', () => {
+  beforeEach(() => {
+    jest.clearAllMocks();
+  });
+
+  it('renders the loading state while fetching the finding', () => {
+    useMisconfigurationFindingMock.mockReturnValue({ data: undefined, isLoading: true });
+    const { getByTestId } = renderPanel();
+    expect(getByTestId('misconfiguration-panel-loading')).toBeInTheDocument();
+  });
+
+  it('renders the error state when the request fails', () => {
+    useMisconfigurationFindingMock.mockReturnValue({ data: undefined, isError: true });
+    const { getByTestId } = renderPanel();
+    expect(getByTestId('mockFlyoutError')).toBeInTheDocument();
+  });
+
+  it('renders the error state when no finding is returned', () => {
+    useMisconfigurationFindingMock.mockReturnValue({ data: { result: { hits: [] } } });
+    const { getByTestId } = renderPanel();
+    expect(getByTestId('mockFlyoutError')).toBeInTheDocument();
+  });
+
+  it('renders header and body when a finding is available', () => {
+    useMisconfigurationFindingMock.mockReturnValue({
+      data: {
+        result: {
+          hits: [
+            {
+              _source: {
+                '@timestamp': '2024-01-15T10:30:00.000Z',
+                result: { evaluation: 'failed' },
+                rule: { name: 'My Rule' },
+              },
+            },
+          ],
+        },
+      },
+    });
+    const { getByTestId } = renderPanel();
+    expect(getByTestId('mockCspEvaluationBadge')).toHaveAttribute('data-type', 'failed');
+    expect(getByTestId('mockFlyoutTitle')).toHaveTextContent('My Rule');
+    expect(getByTestId('mockCspFlyoutHeader')).toBeInTheDocument();
+    expect(getByTestId('mockCspFlyoutBody')).toBeInTheDocument();
+  });
+});
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/csp_details/misconfiguration_panel.tsx b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/csp_details/misconfiguration_panel.tsx
new file mode 100644
index 0000000000000..068cce8cd4682
--- /dev/null
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/csp_details/misconfiguration_panel.tsx
@@ -0,0 +1,95 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React, { memo } from 'react';
+import {
+  EuiFlexGroup,
+  EuiFlexItem,
+  EuiText,
+  EuiSpacer,
+  EuiFlyoutHeader,
+  EuiFlyoutBody,
+} from '@elastic/eui';
+import { CspEvaluationBadge } from '@kbn/cloud-security-posture';
+import { useMisconfigurationFinding } from '@kbn/cloud-security-posture/src/hooks/use_misconfiguration_finding';
+import { createMisconfigurationFindingsQuery } from '@kbn/cloud-security-posture-common/utils/findings_query_builders';
+import { i18n } from '@kbn/i18n';
+import { useKibana } from '../../common/lib/kibana';
+import { PreferenceFormattedDate } from '../../common/components/formatted_date';
+import { FlyoutError } from '../shared/components/flyout_error';
+import { FlyoutLoading } from '../shared/components/flyout_loading';
+import { FlyoutTitle } from '../shared/components/flyout_title';
+
+export interface MisconfigurationPanelProps {
+  /**
+   * The unique identifier of the cloud resource associated with the misconfiguration.
+   */
+  resourceId: string;
+  /**
+   * The unique identifier of the CSP rule that was evaluated.
+   */
+  ruleId: string;
+}
+
+/**
+ * V2 system-flyout compatible misconfiguration finding panel.
+ * This is a simplified version that doesn't use expandable flyout components.
+ */
+export const MisconfigurationPanel = memo(({ resourceId, ruleId }: MisconfigurationPanelProps) => {
+  const { cloudSecurityPosture } = useKibana().services;
+  const CspFlyout = cloudSecurityPosture.getCloudSecurityPostureMisconfigurationFlyout();
+
+  const { data, isLoading, isError } = useMisconfigurationFinding({
+    query: createMisconfigurationFindingsQuery(resourceId, ruleId),
+    enabled: true,
+    pageSize: 1,
+  });
+
+  const finding = data?.result.hits[0]?._source;
+
+  if (isLoading) {
+    return <FlyoutLoading data-test-subj="misconfiguration-panel-loading" />;
+  }
+
+  if (isError || !finding) {
+    return <FlyoutError />;
+  }
+
+  return (
+    <>
+      <EuiFlyoutHeader hasBorder>
+        <EuiFlexGroup gutterSize="xs" responsive={false} direction="column">
+          <EuiFlexItem grow={false}>
+            <CspEvaluationBadge type={finding?.result?.evaluation} />
+          </EuiFlexItem>
+          {finding['@timestamp'] && (
+            <EuiFlexItem grow={false}>
+              <EuiText size="xs">
+                <b>
+                  {i18n.translate('xpack.securitySolution.csp.findingsFlyout.evaluatedAt', {
+                    defaultMessage: 'Evaluated at ',
+                  })}
+                </b>
+                <PreferenceFormattedDate value={new Date(finding['@timestamp'])} />
+                <EuiSpacer size="xs" />
+              </EuiText>
+            </EuiFlexItem>
+          )}
+          <EuiFlexItem>
+            <FlyoutTitle title={finding.rule.name} />
+          </EuiFlexItem>
+        </EuiFlexGroup>
+        <CspFlyout.Header finding={finding} />
+      </EuiFlyoutHeader>
+      <EuiFlyoutBody>
+        <CspFlyout.Body finding={finding} />
+      </EuiFlyoutBody>
+    </>
+  );
+});
+
+MisconfigurationPanel.displayName = 'MisconfigurationPanel';
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/csp_details/vulnerability_panel.test.tsx b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/csp_details/vulnerability_panel.test.tsx
new file mode 100644
index 0000000000000..3897cb7f81c8c
--- /dev/null
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/csp_details/vulnerability_panel.test.tsx
@@ -0,0 +1,142 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React from 'react';
+import { render } from '@testing-library/react';
+import { useVulnerabilityFinding } from '@kbn/cloud-security-posture/src/hooks/use_vulnerability_finding';
+import { VulnerabilityPanel } from './vulnerability_panel';
+
+jest.mock('@kbn/cloud-security-posture/src/hooks/use_vulnerability_finding', () => ({
+  useVulnerabilityFinding: jest.fn(),
+}));
+
+jest.mock('../shared/components/flyout_error', () => ({
+  FlyoutError: () => <div data-test-subj="mockFlyoutError" />,
+}));
+
+jest.mock('../shared/components/flyout_loading', () => ({
+  FlyoutLoading: ({ 'data-test-subj': dataTestSubj }: { 'data-test-subj'?: string }) => (
+    <div data-test-subj={dataTestSubj ?? 'mockFlyoutLoading'} />
+  ),
+}));
+
+jest.mock('@kbn/cloud-security-posture', () => ({
+  SeverityStatusBadge: ({ severity }: { severity?: string }) => (
+    <div data-test-subj="mockSeverityStatusBadge" data-severity={severity} />
+  ),
+  getNormalizedSeverity: (severity?: string) => severity ?? 'unknown',
+}));
+
+jest.mock('../shared/components/flyout_title', () => ({
+  FlyoutTitle: ({ title }: { title: string }) => (
+    <div data-test-subj="mockFlyoutTitle">{title}</div>
+  ),
+}));
+
+jest.mock('../../common/components/formatted_date', () => ({
+  PreferenceFormattedDate: () => <span data-test-subj="mockFormattedDate" />,
+}));
+
+const mockCspVulnerabilityHeader = jest.fn(() => (
+  <div data-test-subj="mockCspVulnerabilityHeader" />
+));
+const mockCspVulnerabilityBody = jest.fn(() => <div data-test-subj="mockCspVulnerabilityBody" />);
+
+jest.mock('../../common/lib/kibana', () => ({
+  useKibana: () => ({
+    services: {
+      cloudSecurityPosture: {
+        getCloudSecurityPostureVulnerabilityFlyout: () => ({
+          Header: mockCspVulnerabilityHeader,
+          Body: mockCspVulnerabilityBody,
+        }),
+      },
+    },
+  }),
+}));
+
+const useVulnerabilityFindingMock = useVulnerabilityFinding as jest.Mock;
+
+const renderPanel = () =>
+  render(
+    <VulnerabilityPanel
+      vulnerabilityId="CVE-1"
+      resourceId="resource-1"
+      packageName="pkg"
+      packageVersion="1.0.0"
+      eventId="event-1"
+    />
+  );
+
+describe('<VulnerabilityPanel />', () => {
+  beforeEach(() => {
+    jest.clearAllMocks();
+  });
+
+  it('renders the loading state while fetching the finding', () => {
+    useVulnerabilityFindingMock.mockReturnValue({ data: undefined, isLoading: true });
+    const { getByTestId } = renderPanel();
+    expect(getByTestId('vulnerability-panel-loading')).toBeInTheDocument();
+  });
+
+  it('renders the error state when the request fails', () => {
+    useVulnerabilityFindingMock.mockReturnValue({ data: undefined, isError: true });
+    const { getByTestId } = renderPanel();
+    expect(getByTestId('mockFlyoutError')).toBeInTheDocument();
+  });
+
+  it('renders the error state when no finding is returned', () => {
+    useVulnerabilityFindingMock.mockReturnValue({ data: { result: { hits: [] } } });
+    const { getByTestId } = renderPanel();
+    expect(getByTestId('mockFlyoutError')).toBeInTheDocument();
+  });
+
+  it('renders the vulnerability title and CSP header/body when a finding is available', () => {
+    useVulnerabilityFindingMock.mockReturnValue({
+      data: {
+        result: {
+          hits: [
+            {
+              _source: {
+                '@timestamp': '2024-01-15T10:30:00.000Z',
+                vulnerability: {
+                  title: 'Log4Shell',
+                  severity: 'high',
+                  published_date: '2024-01-01T00:00:00.000Z',
+                },
+              },
+            },
+          ],
+        },
+      },
+    });
+    const { getByTestId } = renderPanel();
+    expect(getByTestId('mockSeverityStatusBadge')).toHaveAttribute('data-severity', 'high');
+    expect(getByTestId('mockFlyoutTitle')).toHaveTextContent('Log4Shell');
+    expect(getByTestId('mockCspVulnerabilityHeader')).toBeInTheDocument();
+    expect(getByTestId('mockCspVulnerabilityBody')).toBeInTheDocument();
+  });
+
+  it('falls back to the empty-title message when the vulnerability has no title', () => {
+    useVulnerabilityFindingMock.mockReturnValue({
+      data: {
+        result: {
+          hits: [
+            {
+              _source: {
+                '@timestamp': '2024-01-15T10:30:00.000Z',
+                vulnerability: { severity: 'low' },
+              },
+            },
+          ],
+        },
+      },
+    });
+    const { getByTestId } = renderPanel();
+    expect(getByTestId('mockFlyoutTitle')).toHaveTextContent('No title available');
+  });
+});
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/csp_details/vulnerability_panel.tsx b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/csp_details/vulnerability_panel.tsx
new file mode 100644
index 0000000000000..366f0be3a6d87
--- /dev/null
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/csp_details/vulnerability_panel.tsx
@@ -0,0 +1,132 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React, { memo } from 'react';
+import { SeverityStatusBadge, getNormalizedSeverity } from '@kbn/cloud-security-posture';
+import { EuiFlexGroup, EuiFlexItem, EuiFlyoutHeader, EuiSpacer, EuiText } from '@elastic/eui';
+import { i18n } from '@kbn/i18n';
+import moment from 'moment';
+import { useVulnerabilityFinding } from '@kbn/cloud-security-posture/src/hooks/use_vulnerability_finding';
+import { createGetVulnerabilityFindingsQuery } from '@kbn/cloud-security-posture-common/utils/findings_query_builders';
+import { PreferenceFormattedDate } from '../../common/components/formatted_date';
+import { useKibana } from '../../common/lib/kibana';
+import { FlyoutBody } from '../../flyout/shared/components/flyout_body';
+import { FlyoutError } from '../shared/components/flyout_error';
+import { FlyoutLoading } from '../shared/components/flyout_loading';
+import { FlyoutTitle } from '../shared/components/flyout_title';
+
+export interface VulnerabilityPanelProps {
+  /**
+   * The CVE or vulnerability identifier (e.g., CVE-2021-44228).
+   */
+  vulnerabilityId: string;
+  /**
+   * The unique identifier of the cloud resource affected by the vulnerability.
+   */
+  resourceId: string;
+  /**
+   * The name of the vulnerable package.
+   */
+  packageName: string;
+  /**
+   * The version of the vulnerable package.
+   */
+  packageVersion: string;
+  /**
+   * The unique identifier of the finding event.
+   */
+  eventId: string;
+}
+
+/**
+ * V2 system-flyout compatible vulnerability finding panel.
+ * This is a simplified version that doesn't use expandable flyout components.
+ */
+export const VulnerabilityPanel = memo(
+  ({
+    vulnerabilityId,
+    resourceId,
+    packageName,
+    packageVersion,
+    eventId,
+  }: VulnerabilityPanelProps) => {
+    const { cloudSecurityPosture } = useKibana().services;
+    const CspVulnerabilityFlyout =
+      cloudSecurityPosture.getCloudSecurityPostureVulnerabilityFlyout();
+
+    const { data, isLoading, isError } = useVulnerabilityFinding({
+      query: createGetVulnerabilityFindingsQuery(
+        vulnerabilityId,
+        resourceId,
+        packageName,
+        packageVersion,
+        eventId
+      ),
+      enabled: true,
+      pageSize: 1,
+    });
+
+    const finding = data?.result.hits[0]?._source;
+
+    if (isLoading) {
+      return <FlyoutLoading data-test-subj="vulnerability-panel-loading" />;
+    }
+
+    if (isError || !finding) {
+      return <FlyoutError />;
+    }
+
+    const vulnerabilityTitle =
+      finding?.vulnerability?.title ??
+      i18n.translate('xpack.securitySolution.csp.vulnerabilitiesFlyout.emptyTitleHolder', {
+        defaultMessage: 'No title available',
+      });
+
+    return (
+      <>
+        <EuiFlyoutHeader hasBorder>
+          <EuiFlexGroup gutterSize="xs" responsive={false} direction="column">
+            <EuiFlexItem>
+              <SeverityStatusBadge
+                severity={getNormalizedSeverity(finding?.vulnerability?.severity)}
+              />
+              <EuiSpacer size="m" />
+            </EuiFlexItem>
+            {finding?.vulnerability?.published_date && (
+              <EuiFlexItem grow={false}>
+                <EuiText size="xs">
+                  <b>
+                    {i18n.translate('xpack.securitySolution.csp.vulnerabilitiesFlyout.published', {
+                      defaultMessage: 'Published ',
+                    })}
+                  </b>
+                  {moment(finding?.vulnerability?.published_date).format('LL').toString()}
+                  {' | '}
+                  <b>
+                    {i18n.translate('xpack.securitySolution.csp.vulnerabilitiesFlyout.firstFound', {
+                      defaultMessage: 'First found ',
+                    })}
+                  </b>
+                  <PreferenceFormattedDate value={new Date(finding['@timestamp'])} />
+                  <EuiSpacer size="xs" />
+                </EuiText>
+              </EuiFlexItem>
+            )}
+          </EuiFlexGroup>
+          <FlyoutTitle title={vulnerabilityTitle} />
+          <EuiSpacer size="xs" />
+          <CspVulnerabilityFlyout.Header finding={finding} />
+        </EuiFlyoutHeader>
+        <FlyoutBody>
+          <CspVulnerabilityFlyout.Body finding={finding} />
+        </FlyoutBody>
+      </>
+    );
+  }
+);
+
+VulnerabilityPanel.displayName = 'VulnerabilityPanel';
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/main/components/highlighted_fields.tsx b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/main/components/highlighted_fields.tsx
index c1100753d2862..89eb92dd4c85a 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/main/components/highlighted_fields.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/main/components/highlighted_fields.tsx
@@ -15,7 +15,7 @@ import { FF_ENABLE_ENTITY_STORE_V2, useEntityStoreEuidApi } from '@kbn/entity-st
 import { useUiSetting } from '@kbn/kibana-react-plugin/public';
 import { convertHighlightedFieldsToTableRow } from '../utils/highlighted_fields_helpers';
 import { HighlightedFieldsCell } from './highlighted_fields_cell';
-import type { ChildLinkRenderer } from './highlighted_fields_cell';
+import type { OpenFlyoutLinkRenderer } from './highlighted_fields_cell';
 import type { CellActionRenderer } from '../../../shared/components/cell_actions';
 import { HIGHLIGHTED_FIELDS_DETAILS_TEST_ID, HIGHLIGHTED_FIELDS_TITLE_TEST_ID } from './test_ids';
 import { useHighlightedFields } from '../hooks/use_highlighted_fields';
@@ -85,7 +85,7 @@ export interface HighlightedFieldsProps {
    */
   ancestorsIndexName?: string;
   /**
-   * If true, certain field values render as a ChildLink opening a child flyout.
+   * If true, certain field values render as a PreviewLink opening a preview flyout.
    * False by default — only enable where preview panels exist (old flyout).
    */
   showPreview?: boolean;
@@ -93,7 +93,7 @@ export interface HighlightedFieldsProps {
    * Optional wrapper that renders a preview link for supported field types (e.g. IP).
    * Injected by the caller so each flyout context controls its own navigation.
    */
-  renderChildLink?: ChildLinkRenderer;
+  renderFlyoutLink?: OpenFlyoutLinkRenderer;
 }
 
 /**
@@ -109,7 +109,7 @@ export const HighlightedFields = memo(
     hideEditButton = false,
     ancestorsIndexName,
     showPreview = false,
-    renderChildLink,
+    renderFlyoutLink,
   }: HighlightedFieldsProps) => {
     const [isEditLoading, setIsEditLoading] = useState(false);
 
@@ -222,14 +222,15 @@ export const HighlightedFields = memo(
                   scopeId={description.scopeId}
                   showPreview={showPreview}
                   ancestorsIndexName={description.ancestorsIndexName}
+                  hit={hit}
                   entityId={entityId}
-                  renderChildLink={renderChildLink}
+                  renderFlyoutLink={renderFlyoutLink}
                 />
               ),
             }),
         },
       ],
-      [renderCellActions, showPreview, entityId, renderChildLink]
+      [renderCellActions, showPreview, hit, entityId, renderFlyoutLink]
     );
 
     return (
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/main/components/highlighted_fields_cell.test.tsx b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/main/components/highlighted_fields_cell.test.tsx
index 75fc4e123caaf..1d263535900ba 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/main/components/highlighted_fields_cell.test.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/main/components/highlighted_fields_cell.test.tsx
@@ -23,7 +23,7 @@ import { HOST_PREVIEW_BANNER } from './host_entity_overview';
 import { UserPreviewPanelKey } from '../../../../flyout/entity_details/user_right';
 import { USER_PREVIEW_BANNER } from './user_entity_overview';
 import { createTelemetryServiceMock } from '../../../../common/lib/telemetry/telemetry_service.mock';
-import { ChildLink } from '../../../shared/components/child_link';
+import { OpenFlyoutLink } from '../../../shared/components/open_flyout_link';
 
 jest.mock('../../../../management/hooks');
 jest.mock('../../../../management/hooks/agents/use_get_agent_status');
@@ -141,19 +141,19 @@ describe('<HighlightedFieldsCell />', () => {
     });
   });
 
-  it('should open network details flyout when click on ip with renderChildLink', () => {
+  it('should open network details flyout when click on ip with renderFlyoutLink', () => {
     const { getByTestId } = render(
       <TestProviders>
         <HighlightedFieldsCell
           values={['100:XXX:XXX']}
           field="source.ip"
           scopeId={SCOPE_ID}
-          renderChildLink={ChildLink}
+          renderFlyoutLink={OpenFlyoutLink}
         />
       </TestProviders>
     );
 
-    getByTestId('securitySolutionFlyoutChildLink').click();
+    getByTestId('securitySolutionFlyoutOpenFlyoutLink').click();
     expect(mockOpenSystemFlyout).toHaveBeenCalled();
   });
 
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/main/components/highlighted_fields_cell.tsx b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/main/components/highlighted_fields_cell.tsx
index 6cbf9e9a99075..fde9719bcd940 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/main/components/highlighted_fields_cell.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/main/components/highlighted_fields_cell.tsx
@@ -9,6 +9,7 @@ import type { FC } from 'react';
 import React, { useCallback, useMemo, useState } from 'react';
 import { css } from '@emotion/react';
 import { EuiButtonEmpty, useEuiTheme } from '@elastic/eui';
+import type { DataTableRecord } from '@kbn/discover-utils';
 import { FormattedMessage } from '@kbn/i18n-react';
 import { getAgentTypeForAgentIdField } from '../../../../common/lib/endpoint/utils/get_agent_type_for_agent_id_field';
 import type { ResponseActionAgentType } from '../../../../../common/endpoint/service/response_actions/constants';
@@ -22,15 +23,19 @@ import {
 } from './test_ids';
 import { isFlyoutLink } from '../../../../flyout/shared/utils/link_utils';
 import { PreviewLink } from '../../../../flyout/shared/components/preview_link';
-import type { ChildLinkProps } from '../../../shared/components/child_link';
+import type { OpenFlyoutLinkProps } from '../../../shared/components/open_flyout_link';
 
 const EMPTY_ARRAY: string[] = [];
 
-export type ChildLinkRenderer = React.FC<ChildLinkProps>;
+export type OpenFlyoutLinkRenderer = React.FC<OpenFlyoutLinkProps>;
 
 export interface HighlightedFieldsCellProps {
   /**
-   * Entity id to use for the preview panel
+   * The source document record for entity resolution in new v2 flyouts.
+   */
+  hit?: DataTableRecord;
+  /**
+   * Entity id for legacy PreviewLink (v1 expandable flyout).
    */
   entityId?: string;
   /**
@@ -47,11 +52,11 @@ export interface HighlightedFieldsCellProps {
   values: string[] | null | undefined;
   /**
    * Maintain backwards compatibility // TODO remove when possible
-   * Only needed if alerts page flyout (which has ChildLink), NOT in EASE alert summary flyout.
+   * Only needed if alerts page flyout (which has OpenFlyoutLink), NOT in EASE alert summary flyout.
    */
   scopeId?: string;
   /**
-   * If true, we show a ChildLink for some specific fields.
+   * If true, we show a link for some specific fields.
    * This is false by default (for EASE alert summary page) and will be true for the alerts page.
    */
   showPreview?: boolean;
@@ -70,7 +75,7 @@ export interface HighlightedFieldsCellProps {
    * When provided, wraps each cell value. If the wrapper handles the field
    * (e.g. IP), it renders its own link; otherwise it passes through children.
    */
-  renderChildLink?: ChildLinkRenderer;
+  renderFlyoutLink?: OpenFlyoutLinkRenderer;
 }
 
 /**
@@ -84,8 +89,9 @@ export const HighlightedFieldsCell: FC<HighlightedFieldsCellProps> = ({
   showPreview = false,
   ancestorsIndexName,
   displayValuesLimit = 2,
+  hit,
   entityId,
-  renderChildLink: RenderChildLink,
+  renderFlyoutLink: RenderFlyoutLink,
 }) => {
   const agentType: ResponseActionAgentType = useMemo(() => {
     return getAgentTypeForAgentIdField(originalField);
@@ -160,17 +166,17 @@ export const HighlightedFieldsCell: FC<HighlightedFieldsCellProps> = ({
 
       return (
         <div key={`${i}-${value}`} data-test-subj={`${value}-${HIGHLIGHTED_FIELDS_CELL_TEST_ID}`}>
-          {RenderChildLink ? (
-            <RenderChildLink field={field} value={value}>
+          {RenderFlyoutLink ? (
+            <RenderFlyoutLink field={field} value={value} hit={hit}>
               {content}
-            </RenderChildLink>
+            </RenderFlyoutLink>
           ) : (
             content
           )}
         </div>
       );
     },
-    [agentType, ancestorsIndexName, field, scopeId, showPreview, entityId, RenderChildLink]
+    [agentType, ancestorsIndexName, field, scopeId, showPreview, hit, entityId, RenderFlyoutLink]
   );
 
   if (values === null) return null;
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/main/components/insights_section.tsx b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/main/components/insights_section.tsx
index c3008ec52c110..a96958bed001f 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/main/components/insights_section.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/main/components/insights_section.tsx
@@ -32,11 +32,13 @@ import { flyoutProviders } from '../../../shared/components/flyout_provider';
 import { useIsInSecurityApp } from '../../../../common/hooks/is_in_security_app';
 import { CorrelationsDetails } from '../../tools/correlations';
 import { ThreatIntelligenceDetails } from '../../tools/threat_intelligence';
-import { ChildLink } from '../../../shared/components/child_link';
 import {
   defaultToolsFlyoutProperties,
   useDefaultDocumentFlyoutProperties,
 } from '../../../shared/hooks/use_default_flyout_properties';
+import type { OpenFlyoutLinkProps } from '../../../shared/components/open_flyout_link';
+import { OpenFlyoutLink } from '../../../shared/components/open_flyout_link';
+import { HOST_NAME_FIELD_NAME } from '../../../../timelines/components/timeline/body/renderers/constants';
 
 export const INSIGHTS_SECTION_TEST_ID = `${PREFIX}InsightsSection` as const;
 
@@ -172,6 +174,13 @@ export const InsightsSection = memo(
       );
     }, [history, historyKey, hit, onShowAlert, overlays, services, store]);
 
+    const renderFlyoutLink = useCallback(
+      (props: OpenFlyoutLinkProps) => (
+        <OpenFlyoutLink {...props} asParent={props.field === HOST_NAME_FIELD_NAME} />
+      ),
+      []
+    );
+
     const onShowPrevalenceDetails = useCallback(() => {
       overlays.openSystemFlyout(
         flyoutProviders({
@@ -183,7 +192,7 @@ export const InsightsSection = memo(
               hit={hit}
               investigationFields={investigationFields}
               scopeId={''}
-              columns={getColumns(renderCellActions, isInSecurityApp, '', ChildLink)}
+              columns={getColumns(renderCellActions, isInSecurityApp, '', renderFlyoutLink)}
             />
           ),
         }),
@@ -203,6 +212,7 @@ export const InsightsSection = memo(
       overlays,
       services,
       store,
+      renderFlyoutLink,
     ]);
 
     return (
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/main/components/investigation_section.tsx b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/main/components/investigation_section.tsx
index 5294e0b6e409e..6431ad6c5cb4a 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/main/components/investigation_section.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/main/components/investigation_section.tsx
@@ -29,7 +29,9 @@ import { flyoutProviders } from '../../../shared/components/flyout_provider';
 import { HighlightedFields } from './highlighted_fields';
 import { useRuleWithFallback } from '../../../../detection_engine/rule_management/logic/use_rule_with_fallback';
 import { useIsInSecurityApp } from '../../../../common/hooks/is_in_security_app';
-import { ChildLink } from '../../../shared/components/child_link';
+import type { OpenFlyoutLinkProps } from '../../../shared/components/open_flyout_link';
+import { OpenFlyoutLink } from '../../../shared/components/open_flyout_link';
+import { HOST_NAME_FIELD_NAME } from '../../../../timelines/components/timeline/body/renderers/constants';
 
 export const INVESTIGATION_SECTION_TEST_ID = `${PREFIX}InvestigationSection` as const;
 
@@ -114,6 +116,13 @@ export const InvestigationSection = memo(
       );
     }, [history, historyKey, hit, overlays, services, store]);
 
+    const renderFlyoutLink = useCallback(
+      (props: OpenFlyoutLinkProps) => (
+        <OpenFlyoutLink {...props} asParent={props.field === HOST_NAME_FIELD_NAME} />
+      ),
+      []
+    );
+
     return (
       <ExpandableSection
         data-test-subj={INVESTIGATION_SECTION_TEST_ID}
@@ -136,7 +145,7 @@ export const InvestigationSection = memo(
           ancestorsIndexName={ancestorsIndexName}
           renderCellActions={renderCellActions}
           hideEditButton={isRemoteDocument}
-          renderChildLink={ChildLink}
+          renderFlyoutLink={renderFlyoutLink}
         />
       </ExpandableSection>
     );
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/tools/analyzer/index.tsx b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/tools/analyzer/index.tsx
index 3c5c67f4cfa19..99dd82388b7b5 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/tools/analyzer/index.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/tools/analyzer/index.tsx
@@ -11,7 +11,7 @@ import { EuiFlyoutBody, EuiFlyoutHeader, useEuiTheme } from '@elastic/eui';
 import { i18n } from '@kbn/i18n';
 import type { DataTableRecord } from '@kbn/discover-utils';
 import type { CellActionRenderer } from '../../../shared/components/cell_actions';
-import { ToolsFlyoutHeader } from '../../../shared/components/tools_flyout_header';
+import { DocumentToolsFlyoutHeader } from '../../../shared/components/document_tools_flyout_header';
 import { PREFIX } from '../../../../flyout/shared/test_ids';
 import { PageScope } from '../../../../data_view_manager/constants';
 import { useSelectedPatterns } from '../../../../data_view_manager/hooks/use_selected_patterns';
@@ -66,9 +66,9 @@ export const AnalyzerGraph = memo(
             padding-block: ${euiTheme.size.s} !important;
           `}
         >
-          <ToolsFlyoutHeader
-            hit={hit}
+          <DocumentToolsFlyoutHeader
             title={TITLE}
+            hit={hit}
             renderCellActions={renderCellActions}
             onAlertUpdated={onAlertUpdated}
           />
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/tools/correlations/components/correlations_details_view.tsx b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/tools/correlations/components/correlations_details_view.tsx
index 9792966eb9c8e..5bb202a8a9f85 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/tools/correlations/components/correlations_details_view.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/tools/correlations/components/correlations_details_view.tsx
@@ -47,7 +47,7 @@ export interface CorrelationsDetailsViewProps {
    */
   onShowAttack?: (id: string, indexName: string) => void;
   /**
-   * Whether to render rule links as PreviewLink (legacy expandable flyout) instead of ChildLink (new flyout system)
+   * Whether to render rule links as PreviewLink (legacy expandable flyout) instead of OpenFlyoutLink (new flyout system)
    */
   useLegacyExpandableFlyout: boolean;
 }
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/tools/correlations/components/related_alerts_by_ancestry.tsx b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/tools/correlations/components/related_alerts_by_ancestry.tsx
index 7a51b03089655..e540cc917ad93 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/tools/correlations/components/related_alerts_by_ancestry.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/tools/correlations/components/related_alerts_by_ancestry.tsx
@@ -27,7 +27,7 @@ export interface RelatedAlertsByAncestryProps {
    */
   onShowAlert: (id: string, indexName: string) => void;
   /**
-   * Whether to render rule links as PreviewLink (legacy expandable flyout) instead of ChildLink (new flyout system)
+   * Whether to render rule links as PreviewLink (legacy expandable flyout) instead of OpenFlyoutLink (new flyout system)
    */
   useLegacyExpandableFlyout: boolean;
 }
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/tools/correlations/components/related_alerts_by_same_source_event.tsx b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/tools/correlations/components/related_alerts_by_same_source_event.tsx
index d667857914714..154e82fa00e9b 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/tools/correlations/components/related_alerts_by_same_source_event.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/tools/correlations/components/related_alerts_by_same_source_event.tsx
@@ -30,7 +30,7 @@ export interface RelatedAlertsBySameSourceEventProps {
    */
   onShowAlert: (id: string, indexName: string) => void;
   /**
-   * Whether to render rule links as PreviewLink (legacy expandable flyout) instead of ChildLink (new flyout system)
+   * Whether to render rule links as PreviewLink (legacy expandable flyout) instead of OpenFlyoutLink (new flyout system)
    */
   useLegacyExpandableFlyout: boolean;
 }
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/tools/correlations/components/related_alerts_by_session.tsx b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/tools/correlations/components/related_alerts_by_session.tsx
index 13c3d89faf97c..73619bdf178c7 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/tools/correlations/components/related_alerts_by_session.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/tools/correlations/components/related_alerts_by_session.tsx
@@ -30,7 +30,7 @@ export interface RelatedAlertsBySessionProps {
    */
   onShowAlert: (id: string, indexName: string) => void;
   /**
-   * Whether to render rule links as PreviewLink (legacy expandable flyout) instead of ChildLink (new flyout system)
+   * Whether to render rule links as PreviewLink (legacy expandable flyout) instead of OpenFlyoutLink (new flyout system)
    */
   useLegacyExpandableFlyout: boolean;
 }
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/tools/correlations/index.tsx b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/tools/correlations/index.tsx
index 0258f6f233312..a5e55c68a5dbe 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/tools/correlations/index.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/tools/correlations/index.tsx
@@ -10,7 +10,7 @@ import { css } from '@emotion/react';
 import { EuiFlyoutBody, EuiFlyoutHeader, useEuiTheme } from '@elastic/eui';
 import { i18n } from '@kbn/i18n';
 import type { DataTableRecord } from '@kbn/discover-utils';
-import { ToolsFlyoutHeader } from '../../../shared/components/tools_flyout_header';
+import { DocumentToolsFlyoutHeader } from '../../../shared/components/document_tools_flyout_header';
 import { CorrelationsDetailsView } from './components/correlations_details_view';
 
 const TITLE = i18n.translate('xpack.securitySolution.flyout.correlations.title', {
@@ -58,7 +58,7 @@ export const CorrelationsDetails = memo(
             padding-block: ${euiTheme.size.s} !important;
           `}
         >
-          <ToolsFlyoutHeader hit={hit} title={TITLE} />
+          <DocumentToolsFlyoutHeader title={TITLE} hit={hit} />
         </EuiFlyoutHeader>
         <EuiFlyoutBody>
           <CorrelationsDetailsView
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/tools/correlations/utils/get_columns.test.tsx b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/tools/correlations/utils/get_columns.test.tsx
index 67f8b31170b48..e479ade313c8f 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/tools/correlations/utils/get_columns.test.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/tools/correlations/utils/get_columns.test.tsx
@@ -19,6 +19,9 @@ import { getColumns, TIMESTAMP_DATE_FORMAT } from './get_columns';
 
 jest.mock('@kbn/expandable-flyout');
 jest.mock('../../../../../common/components/user_privileges');
+jest.mock('../../../../../common/hooks/is_in_security_app', () => ({
+  useIsInSecurityApp: () => false,
+}));
 jest.mock('../../../../../common/lib/kibana', () => ({
   useKibana: () => ({
     services: {
@@ -152,7 +155,7 @@ describe('getColumns', () => {
       expect(screen.getByTestId(`${dataTestSubj}RulePreview`)).toBeInTheDocument();
     });
 
-    it('renders rule name as a ChildLink when useLegacyExpandableFlyout is false', () => {
+    it('renders rule name as an OpenFlyoutLink when useLegacyExpandableFlyout is false', () => {
       const [, , ruleColumn] = getColumns({
         scopeId,
         dataTestSubj,
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/tools/correlations/utils/get_columns.tsx b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/tools/correlations/utils/get_columns.tsx
index bc1e7dd67af89..2e7bced9f77ac 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/tools/correlations/utils/get_columns.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/tools/correlations/utils/get_columns.tsx
@@ -14,7 +14,7 @@ import { FormattedMessage } from '@kbn/i18n-react';
 import { i18n } from '@kbn/i18n';
 import { SeverityBadge } from '../../../../../common/components/severity_badge';
 import { PreviewLink } from '../../../../../flyout/shared/components/preview_link';
-import { ChildLink } from '../../../../shared/components/child_link';
+import { OpenFlyoutLink } from '../../../../shared/components/open_flyout_link';
 
 export const TIMESTAMP_DATE_FORMAT = 'MMM D, YYYY @ HH:mm:ss.SSS';
 
@@ -34,18 +34,29 @@ export const getColumns = ({
 }): Array<EuiBasicTableColumn<Record<string, unknown>>> => [
   {
     render: (row: Record<string, unknown>) => (
-      <EuiButtonIcon
-        iconType="expand"
-        data-test-subj={`${dataTestSubj}AlertPreviewButton`}
-        onClick={() => onShowAlert(row.id as string, row.index as string)}
-        aria-label={i18n.translate(
+      <EuiToolTip
+        content={i18n.translate(
           'xpack.securitySolution.flyout.correlations.alertPreview.ariaLabel',
           {
             defaultMessage: 'Preview alert with id {id}',
             values: { id: row.id as string },
           }
         )}
-      />
+        disableScreenReaderOutput
+      >
+        <EuiButtonIcon
+          iconType="expand"
+          data-test-subj={`${dataTestSubj}AlertPreviewButton`}
+          onClick={() => onShowAlert(row.id as string, row.index as string)}
+          aria-label={i18n.translate(
+            'xpack.securitySolution.flyout.correlations.alertPreview.ariaLabel',
+            {
+              defaultMessage: 'Preview alert with id {id}',
+              values: { id: row.id as string },
+            }
+          )}
+        />
+      </EuiToolTip>
     ),
     width: '5%',
   },
@@ -92,13 +103,13 @@ export const getColumns = ({
               <span>{ruleName}</span>
             </PreviewLink>
           ) : (
-            <ChildLink
+            <OpenFlyoutLink
               field={ALERT_RULE_NAME}
               value={ruleId}
               data-test-subj={`${dataTestSubj}RuleLink`}
             >
               <span>{ruleName}</span>
-            </ChildLink>
+            </OpenFlyoutLink>
           )}
         </EuiToolTip>
       );
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/tools/investigation_guide/index.test.tsx b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/tools/investigation_guide/index.test.tsx
index badb06d4ec851..936e381adcc3c 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/tools/investigation_guide/index.test.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/tools/investigation_guide/index.test.tsx
@@ -14,9 +14,9 @@ import { mockContextValue } from '../../../../flyout/document_details/shared/moc
 import { useRuleWithFallback } from '../../../../detection_engine/rule_management/logic/use_rule_with_fallback';
 
 jest.mock('../../../../detection_engine/rule_management/logic/use_rule_with_fallback');
-jest.mock('../../../shared/components/tools_flyout_header', () => ({
-  ToolsFlyoutHeader: ({ title }: { title: string }) => (
-    <div data-test-subj="mockToolsFlyoutHeader">{title}</div>
+jest.mock('../../../shared/components/document_tools_flyout_header', () => ({
+  DocumentToolsFlyoutHeader: ({ title }: { title: string }) => (
+    <div data-test-subj="mockDocumentToolsFlyoutHeader">{title}</div>
   ),
 }));
 
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/tools/investigation_guide/index.tsx b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/tools/investigation_guide/index.tsx
index 1e012ba11c785..a1ce65e937a0d 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/tools/investigation_guide/index.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/tools/investigation_guide/index.tsx
@@ -19,7 +19,7 @@ import { i18n } from '@kbn/i18n';
 import type { DataTableRecord } from '@kbn/discover-utils';
 import { getFieldValue } from '@kbn/discover-utils';
 import { useRuleWithFallback } from '../../../../detection_engine/rule_management/logic/use_rule_with_fallback';
-import { ToolsFlyoutHeader } from '../../../shared/components/tools_flyout_header';
+import { DocumentToolsFlyoutHeader } from '../../../shared/components/document_tools_flyout_header';
 import { InvestigationGuideView } from './components/investigation_guide_view';
 
 export interface InvestigationGuideProps {
@@ -63,7 +63,7 @@ export const InvestigationGuide = memo(({ hit }: InvestigationGuideProps) => {
           padding-block: ${euiTheme.size.s} !important;
         `}
       >
-        <ToolsFlyoutHeader hit={hit} title={TITLE} />
+        <DocumentToolsFlyoutHeader title={TITLE} hit={hit} />
       </EuiFlyoutHeader>
       <EuiFlyoutBody>
         {loading ? (
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/tools/prevalence/index.test.tsx b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/tools/prevalence/index.test.tsx
index 9625f5eb8cc3c..f94abd5434f13 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/tools/prevalence/index.test.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/tools/prevalence/index.test.tsx
@@ -34,6 +34,11 @@ import { createTelemetryServiceMock } from '../../../../common/lib/telemetry/tel
 import { useUserPrivileges } from '../../../../common/components/user_privileges';
 
 jest.mock('../../../../common/components/user_privileges');
+jest.mock('../../../shared/components/document_tools_flyout_header', () => ({
+  DocumentToolsFlyoutHeader: ({ title }: { title: string }) => (
+    <div data-test-subj="mockDocumentToolsFlyoutHeader">{title}</div>
+  ),
+}));
 
 const mockedTelemetry = createTelemetryServiceMock();
 const mockStorage = jest.fn();
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/tools/prevalence/index.tsx b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/tools/prevalence/index.tsx
index ef3c686f4fa8e..1cced35370ff6 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/tools/prevalence/index.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/tools/prevalence/index.tsx
@@ -11,7 +11,7 @@ import { i18n } from '@kbn/i18n';
 import type { EuiBasicTableColumn } from '@elastic/eui';
 import { EuiFlyoutBody, EuiFlyoutHeader, useEuiTheme } from '@elastic/eui';
 import type { DataTableRecord } from '@kbn/discover-utils';
-import { ToolsFlyoutHeader } from '../../../shared/components/tools_flyout_header';
+import { DocumentToolsFlyoutHeader } from '../../../shared/components/document_tools_flyout_header';
 import type { PrevalenceDetailsRow } from './utils/get_columns';
 import { PrevalenceDetailsView } from './components/prevalence_details_view';
 
@@ -57,7 +57,7 @@ export const PrevalenceDetails: React.FC<PrevalenceDetailsProps> = ({
           padding-block: ${euiTheme.size.s} !important;
         `}
       >
-        <ToolsFlyoutHeader hit={hit} title={TITLE} />
+        <DocumentToolsFlyoutHeader title={TITLE} hit={hit} />
       </EuiFlyoutHeader>
       <EuiFlyoutBody>
         <PrevalenceDetailsView
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/tools/prevalence/utils/get_columns.tsx b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/tools/prevalence/utils/get_columns.tsx
index 1373538e183c0..e51d495db91be 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/tools/prevalence/utils/get_columns.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/tools/prevalence/utils/get_columns.tsx
@@ -31,7 +31,7 @@ import {
 import { FormattedCount } from '../../../../../common/components/formatted_number';
 import { getEmptyTagValue } from '../../../../../common/components/empty_value';
 import { InvestigateInTimelineButton } from '../../../../../common/components/event_details/investigate_in_timeline_button';
-import type { ChildLinkRenderer } from '../../../main/components/highlighted_fields_cell';
+import type { OpenFlyoutLinkRenderer } from '../../../main/components/highlighted_fields_cell';
 
 /**
  * Component that renders a grey box to indicate the user doesn't have proper license to view the actual data
@@ -319,7 +319,7 @@ export const getColumns = (
   /**
    * Optional component to render preview links for supported field types (e.g. IP fields)
    */
-  RenderChildLink?: ChildLinkRenderer
+  RenderFlyoutLink?: OpenFlyoutLinkRenderer
 ): Array<EuiBasicTableColumn<PrevalenceDetailsRow>> => [
   fieldColumn,
   {
@@ -333,11 +333,11 @@ export const getColumns = (
     render: (data: PrevalenceDetailsRow) => {
       const renderValue = (value: string) => {
         const text = <EuiText size="xs">{value}</EuiText>;
-        if (RenderChildLink) {
+        if (RenderFlyoutLink) {
           return (
-            <RenderChildLink field={data.field} value={value}>
+            <RenderFlyoutLink field={data.field} value={value}>
               {text}
-            </RenderChildLink>
+            </RenderFlyoutLink>
           );
         }
         return text;
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/tools/response/index.tsx b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/tools/response/index.tsx
index 0684a20723504..9ac4de6706d07 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/tools/response/index.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/tools/response/index.tsx
@@ -10,7 +10,7 @@ import React, { memo } from 'react';
 import { EuiFlyoutBody, EuiFlyoutHeader, useEuiTheme } from '@elastic/eui';
 import type { DataTableRecord } from '@kbn/discover-utils';
 import { i18n } from '@kbn/i18n';
-import { ToolsFlyoutHeader } from '../../../shared/components/tools_flyout_header';
+import { DocumentToolsFlyoutHeader } from '../../../shared/components/document_tools_flyout_header';
 import { ResponseDetailsContent } from './components/response_details';
 
 const TITLE = i18n.translate('xpack.securitySolution.flyout.response.title', {
@@ -38,7 +38,7 @@ export const ResponseDetails = memo(({ hit }: ResponseDetailsProps) => {
           padding-block: ${euiTheme.size.s} !important;
         `}
       >
-        <ToolsFlyoutHeader hit={hit} title={TITLE} />
+        <DocumentToolsFlyoutHeader title={TITLE} hit={hit} />
       </EuiFlyoutHeader>
       <EuiFlyoutBody>
         <ResponseDetailsContent hit={hit} />
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/tools/session_view/index.tsx b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/tools/session_view/index.tsx
index bc69a55242faf..ae1dea5915328 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/tools/session_view/index.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/tools/session_view/index.tsx
@@ -14,7 +14,7 @@ import { type DataTableRecord } from '@kbn/discover-utils';
 import type { Process, ProcessEvent } from '@kbn/session-view-plugin/common';
 import { useHistory } from 'react-router-dom';
 import { useStore } from 'react-redux';
-import { ToolsFlyoutHeader } from '../../../shared/components/tools_flyout_header';
+import { DocumentToolsFlyoutHeader } from '../../../shared/components/document_tools_flyout_header';
 import type { CellActionRenderer } from '../../../shared/components/cell_actions';
 import type { SessionViewConfig } from '../../../../../common/types/session_view';
 import { DocumentFlyoutWrapper } from '../../main/document_flyout_wrapper';
@@ -211,9 +211,9 @@ export const SessionView: FC<SessionViewProps> = memo(
             padding-block: ${euiTheme.size.s} !important;
           `}
         >
-          <ToolsFlyoutHeader
-            hit={hit}
+          <DocumentToolsFlyoutHeader
             title={TITLE}
+            hit={hit}
             renderCellActions={renderCellActions}
             onAlertUpdated={onAlertUpdated}
           />
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/tools/threat_intelligence/index.tsx b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/tools/threat_intelligence/index.tsx
index e460cf236b59f..cd0512882b245 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/tools/threat_intelligence/index.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/document/tools/threat_intelligence/index.tsx
@@ -10,7 +10,7 @@ import React, { memo } from 'react';
 import { EuiFlyoutBody, EuiFlyoutHeader, useEuiTheme } from '@elastic/eui';
 import { i18n } from '@kbn/i18n';
 import type { DataTableRecord } from '@kbn/discover-utils';
-import { ToolsFlyoutHeader } from '../../../shared/components/tools_flyout_header';
+import { DocumentToolsFlyoutHeader } from '../../../shared/components/document_tools_flyout_header';
 import { ThreatIntelligenceDetailsView } from './components/threat_intelligence_details_view';
 
 export const THREAT_INTELLIGENCE_TAB_ID = 'threatIntelligence';
@@ -40,7 +40,7 @@ export const ThreatIntelligenceDetails = memo(({ hit }: ThreatIntelligenceDetail
           padding-block: ${euiTheme.size.s} !important;
         `}
       >
-        <ToolsFlyoutHeader hit={hit} title={TITLE} />
+        <DocumentToolsFlyoutHeader title={TITLE} hit={hit} />
       </EuiFlyoutHeader>
       <EuiFlyoutBody>
         <ThreatIntelligenceDetailsView hit={hit} />
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/host_right/components/observed_data_section.tsx b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/main/components/observed_data_section.tsx
similarity index 78%
rename from x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/host_right/components/observed_data_section.tsx
rename to x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/main/components/observed_data_section.tsx
index 02c67008662ab..9087b122e4482 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/host_right/components/observed_data_section.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/main/components/observed_data_section.tsx
@@ -13,24 +13,26 @@ import {
   useEuiTheme,
 } from '@elastic/eui';
 
-import React, { memo, useMemo } from 'react';
+import React, { memo, useCallback, useMemo } from 'react';
 import { css } from '@emotion/react';
 import { FormattedMessage } from '@kbn/i18n-react';
 import { useEntityStoreEuidApi } from '@kbn/entity-store/public';
-import { hostToCriteria } from '../../../../common/components/ml/criteria/host_to_criteria';
-import { useGlobalTime } from '../../../../common/containers/use_global_time';
-import { useInstalledSecurityJobNameById } from '../../../../common/components/ml/hooks/use_installed_security_jobs';
-import type { ObservedEntityData } from '../../shared/components/observed_entity/types';
-import { ONE_WEEK_IN_HOURS } from '../../shared/constants';
-import { ObservedEntity } from '../../shared/components/observed_entity';
+import { hostToCriteria } from '../../../../../common/components/ml/criteria/host_to_criteria';
+import { useGlobalTime } from '../../../../../common/containers/use_global_time';
+import { useInstalledSecurityJobNameById } from '../../../../../common/components/ml/hooks/use_installed_security_jobs';
+import type { ObservedEntityData } from '../../../../../flyout/entity_details/shared/components/observed_entity/types';
+import { ONE_WEEK_IN_HOURS } from '../../../../../flyout/entity_details/shared/constants';
+import { ObservedEntity } from '../../../../../flyout/entity_details/shared/components/observed_entity';
 import { useObservedHostFields } from '../hooks/use_observed_host_fields';
-import { FormattedRelativePreferenceDate } from '../../../../common/components/formatted_date';
-import { InspectButton, InspectButtonContainer } from '../../../../common/components/inspect';
-import type { HostItem } from '../../../../../common/search_strategy';
-import { buildAnomaliesTableInfluencersFilterQuery } from '../../../../common/components/ml/anomaly/anomaly_table_euid';
-import { useAnomaliesTableData } from '../../../../common/components/ml/anomaly/use_anomalies_table_data';
-import type { IdentityFields } from '../../../document_details/shared/utils';
-import type { EntityStoreRecord } from '../../shared/hooks/use_entity_from_store';
+import type { OpenFlyoutLinkProps } from '../../../../shared/components/open_flyout_link';
+import { OpenFlyoutLink } from '../../../../shared/components/open_flyout_link';
+import { FormattedRelativePreferenceDate } from '../../../../../common/components/formatted_date';
+import { InspectButton, InspectButtonContainer } from '../../../../../common/components/inspect';
+import type { HostItem } from '../../../../../../common/search_strategy';
+import { buildAnomaliesTableInfluencersFilterQuery } from '../../../../../common/components/ml/anomaly/anomaly_table_euid';
+import { useAnomaliesTableData } from '../../../../../common/components/ml/anomaly/use_anomalies_table_data';
+import type { IdentityFields } from '../../../../../flyout/document_details/shared/utils';
+import type { EntityStoreRecord } from '../../../../../flyout/entity_details/shared/hooks/use_entity_from_store';
 
 type ObservedHostData = Omit<ObservedEntityData<HostItem>, 'anomalies'> & {
   entityRecord?: EntityStoreRecord | null;
@@ -200,12 +202,18 @@ const ObservedDataSectionContent = memo(
     );
     const observedFields = useObservedHostFields(observedHostWithAnomalies);
 
+    const renderFlyoutLink = useCallback(
+      (props: OpenFlyoutLinkProps) => <OpenFlyoutLink {...props} asParent={false} />,
+      []
+    );
+
     return (
       <ObservedEntity
         observedData={observedHostWithAnomalies}
         contextID={contextID}
         scopeId={scopeId}
         observedFields={observedFields}
+        linkRenderer={renderFlyoutLink}
       />
     );
   }
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/host_right/constants.ts b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/main/constants.ts
similarity index 100%
rename from x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/host_right/constants.ts
rename to x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/main/constants.ts
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/host_right/content.stories.tsx b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/main/content.stories.tsx
similarity index 90%
rename from x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/host_right/content.stories.tsx
rename to x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/main/content.stories.tsx
index a67921b24d5a1..2e9419aa50510 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/host_right/content.stories.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/main/content.stories.tsx
@@ -9,10 +9,10 @@ import React from 'react';
 import type { Meta } from '@storybook/react';
 import { EuiFlyout } from '@elastic/eui';
 import { TestProvider } from '@kbn/expandable-flyout/src/test/provider';
-import { StorybookProviders } from '../../../common/mock/storybook_providers';
-import { mockRiskScoreState } from '../../shared/mocks';
-import { HostPanelContent } from './content';
-import { mockObservedHostData, mockEntityRecord } from '../mocks';
+import { StorybookProviders } from '../../../../common/mock/storybook_providers';
+import { mockRiskScoreState } from '../../../../flyout/shared/mocks';
+import { Content } from './content';
+import { mockObservedHostData, mockEntityRecord } from '../../../../flyout/entity_details/mocks';
 
 const riskScoreData = { ...mockRiskScoreState, data: [] };
 
@@ -34,7 +34,7 @@ export default {
 
 export const Default = {
   render: () => (
-    <HostPanelContent
+    <Content
       observedHost={mockObservedHostData}
       riskScoreState={riskScoreData}
       contextID={'test-host-details'}
@@ -52,7 +52,7 @@ export const Default = {
 
 export const WithGraphVisualization = {
   render: () => (
-    <HostPanelContent
+    <Content
       observedHost={mockObservedHostData}
       riskScoreState={riskScoreData}
       contextID={'test-host-details'}
@@ -72,7 +72,7 @@ export const WithGraphVisualization = {
 
 export const NoObservedData = {
   render: () => (
-    <HostPanelContent
+    <Content
       observedHost={{
         details: {},
         isLoading: false,
@@ -101,7 +101,7 @@ export const NoObservedData = {
 
 export const Loading = {
   render: () => (
-    <HostPanelContent
+    <Content
       observedHost={{
         details: {},
         isLoading: true,
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/host_right/content.tsx b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/main/content.tsx
similarity index 65%
rename from x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/host_right/content.tsx
rename to x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/main/content.tsx
index 853089fbbf5c8..8790d0b49fc08 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/host_right/content.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/main/content.tsx
@@ -7,45 +7,58 @@
 
 import React from 'react';
 import { EuiHorizontalRule } from '@elastic/eui';
-import type { Entity } from '../../../../common/api/entity_analytics';
+import type { Entity } from '../../../../../common/api/entity_analytics';
 import { ObservedDataSection } from './components/observed_data_section';
-import { useHasEntityResolutionLicense } from '../../../common/hooks/use_has_entity_resolution_license';
-import { EntityHighlightsAccordion } from '../../../entity_analytics/components/entity_details_flyout/components/entity_highlights';
-import { EntityInsight } from '../../../cloud_security_posture/components/entity_insight';
-import { AssetCriticalityAccordion } from '../../../entity_analytics/components/asset_criticality/asset_criticality_selector';
-import { FlyoutRiskSummary } from '../../../entity_analytics/components/risk_summary_flyout/risk_summary';
-import type { RiskScoreState } from '../../../entity_analytics/api/hooks/use_risk_score';
-import { EntityIdentifierFields, EntityType } from '../../../../common/entity_analytics/types';
+import { useHasEntityResolutionLicense } from '../../../../common/hooks/use_has_entity_resolution_license';
+import { EntityHighlightsAccordion } from '../../../../entity_analytics/components/entity_details_flyout/components/entity_highlights';
+import { EntityInsight } from '../../../../cloud_security_posture/components/flyout_v2/entity_insight';
+import { AssetCriticalityAccordion } from '../../../../entity_analytics/components/asset_criticality/asset_criticality_selector';
+import { FlyoutRiskSummary } from '../../../../entity_analytics/components/flyout_v2/risk_summary';
+import type { RiskScoreState } from '../../../../entity_analytics/api/hooks/use_risk_score';
+import { EntityIdentifierFields, EntityType } from '../../../../../common/entity_analytics/types';
 import { HOST_PANEL_OBSERVED_HOST_QUERY_ID, HOST_PANEL_RISK_SCORE_QUERY_ID } from './constants';
-import type { EntityDetailsPath } from '../shared/components/left_panel/left_panel_header';
-import type { IdentityFields } from '../../document_details/shared/utils';
-import type { ObservedEntityData } from '../shared/components/observed_entity/types';
-import type { EntityRiskScore, HostItem } from '../../../../common/search_strategy';
-import { VisualizationsSection } from '../shared/components/right/visualizations_section';
-import { ResolutionSection } from '../../../entity_analytics/components/entity_resolution/resolution_section';
+import type { EntityDetailsPath } from '../../../../flyout/entity_details/shared/components/left_panel/left_panel_header';
+import type { IdentityFields } from '../../../../flyout/document_details/shared/utils';
+import type { ObservedEntityData } from '../../../../flyout/entity_details/shared/components/observed_entity/types';
+import type { EntityRiskScore, HostItem } from '../../../../../common/search_strategy';
+import { VisualizationsSection } from '../../../../flyout/entity_details/shared/components/right/visualizations_section';
+import { ResolutionSection } from '../../../../entity_analytics/components/entity_resolution/resolution_section';
 
 type ObservedHostData = Omit<ObservedEntityData<HostItem>, 'anomalies'>;
 
-interface HostPanelContentProps {
+export interface ContentProps {
+  /** Observed host data (anomalies excluded). */
   observedHost: ObservedHostData;
+  /** Current risk score state for the host. */
   riskScoreState: RiskScoreState<EntityType.host>;
+  /** Unique context ID passed to child queries. */
   contextID: string;
+  /** Scope ID for the timeline or table that opened this flyout. */
   scopeId: string;
+  /** Callback to navigate to a detail panel (e.g. risk inputs, asset criticality). */
   openDetailsPanel: (path: EntityDetailsPath) => void;
+  /** Key-value map of identity fields used to resolve the host. */
   identityFields: IdentityFields;
+  /** Callback invoked after asset criticality is updated. */
   onAssetCriticalityChange: () => void;
+  /** Whether the risk score is currently being recalculated. */
   recalculatingScore: boolean;
+  /** Whether the flyout is rendered in preview mode. */
   isPreviewMode: boolean;
   /** When using Entity Store v2: entity record for asset criticality upsert. */
   entityRecord?: Entity;
   /** When true (e.g. entity store v2 enabled but no entity found), hide risk score and asset criticality. */
   skipRiskAndCriticality?: boolean;
+  /** Entity store entity ID for the host. */
   entityStoreEntityId?: string;
   /** See {@link RiskSummaryProps.prefetchedResolutionRisk}. */
   prefetchedResolutionRisk?: EntityRiskScore<EntityType.host>;
 }
 
-export const HostPanelContent = ({
+/**
+ * Host details flyout content section.
+ */
+export const Content = ({
   identityFields,
   observedHost,
   riskScoreState,
@@ -59,7 +72,7 @@ export const HostPanelContent = ({
   skipRiskAndCriticality = false,
   entityStoreEntityId,
   prefetchedResolutionRisk,
-}: HostPanelContentProps) => {
+}: ContentProps) => {
   const hasEntityResolutionLicense = useHasEntityResolutionLicense();
 
   // Extract hostName from identityFields for components that need a string
@@ -85,7 +98,6 @@ export const HostPanelContent = ({
               recalculatingScore={recalculatingScore}
               queryId={HOST_PANEL_RISK_SCORE_QUERY_ID}
               openDetailsPanel={openDetailsPanel}
-              isPreviewMode={isPreviewMode}
               entityId={entityRecord?.entity.id}
               prefetchedResolutionRisk={prefetchedResolutionRisk}
             />
@@ -123,7 +135,6 @@ export const HostPanelContent = ({
       <EntityInsight
         entityRecord={entityRecord}
         identityFields={identityFields}
-        isPreviewMode={isPreviewMode}
         openDetailsPanel={openDetailsPanel}
         entityType={EntityType.host}
       />
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/host_right/fields/basic_host_fields.tsx b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/main/fields/basic_host_fields.tsx
similarity index 79%
rename from x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/host_right/fields/basic_host_fields.tsx
rename to x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/main/fields/basic_host_fields.tsx
index 1229a08e7c956..d5d62ed95d038 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/host_right/fields/basic_host_fields.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/main/fields/basic_host_fields.tsx
@@ -7,13 +7,13 @@
 
 import React from 'react';
 
-import { getEmptyTagValue } from '../../../../common/components/empty_value';
-import type { HostItem } from '../../../../../common/search_strategy';
-import { FormattedRelativePreferenceDate } from '../../../../common/components/formatted_date';
-import { NetworkDetailsLink } from '../../../../common/components/links';
+import { getEmptyTagValue } from '../../../../../common/components/empty_value';
+import type { HostItem } from '../../../../../../common/search_strategy';
+import { FormattedRelativePreferenceDate } from '../../../../../common/components/formatted_date';
+import { NetworkDetailsLink } from '../../../../../common/components/links';
 import * as i18n from './translations';
-import type { ObservedEntityData } from '../../shared/components/observed_entity/types';
-import type { EntityTableRows } from '../../shared/components/entity_table/types';
+import type { ObservedEntityData } from '../../../../../flyout/entity_details/shared/components/observed_entity/types';
+import type { EntityTableRows } from '../../../../../flyout/entity_details/shared/components/entity_table/types';
 
 export const basicHostFields: EntityTableRows<ObservedEntityData<HostItem>> = [
   {
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/host_right/fields/cloud_fields.ts b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/main/fields/cloud_fields.ts
similarity index 76%
rename from x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/host_right/fields/cloud_fields.ts
rename to x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/main/fields/cloud_fields.ts
index c4ea144a7db06..cf6e40565bb64 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/host_right/fields/cloud_fields.ts
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/main/fields/cloud_fields.ts
@@ -5,9 +5,9 @@
  * 2.0.
  */
 
-import type { HostItem } from '../../../../../common/search_strategy';
-import type { EntityTableRows } from '../../shared/components/entity_table/types';
-import type { ObservedEntityData } from '../../shared/components/observed_entity/types';
+import type { HostItem } from '../../../../../../common/search_strategy';
+import type { EntityTableRows } from '../../../../../flyout/entity_details/shared/components/entity_table/types';
+import type { ObservedEntityData } from '../../../../../flyout/entity_details/shared/components/observed_entity/types';
 import * as i18n from './translations';
 
 export const cloudFields: EntityTableRows<ObservedEntityData<HostItem>> = [
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/host_right/fields/endpoint_policy_fields.test.tsx b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/main/fields/endpoint_policy_fields.test.tsx
similarity index 79%
rename from x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/host_right/fields/endpoint_policy_fields.test.tsx
rename to x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/main/fields/endpoint_policy_fields.test.tsx
index 690a2972c4a2e..d665abc41fd7e 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/host_right/fields/endpoint_policy_fields.test.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/main/fields/endpoint_policy_fields.test.tsx
@@ -5,21 +5,21 @@
  * 2.0.
  */
 
-import { TestProviders } from '../../../../common/mock';
+import { TestProviders } from '../../../../../common/mock';
 import { render } from '@testing-library/react';
 import React from 'react';
-import { mockObservedHostData } from '../../mocks';
+import { mockObservedHostData } from '../../../../../flyout/entity_details/mocks';
 import { policyFields } from './endpoint_policy_fields';
 
-jest.mock('../../../../management/hooks/agents/use_get_agent_status');
+jest.mock('../../../../../management/hooks/agents/use_get_agent_status');
 
 const TestWrapper = ({ el }: { el: JSX.Element | undefined }) => <>{el}</>;
 
 jest.mock(
-  '../../../../management/hooks/response_actions/use_get_endpoint_pending_actions_summary',
+  '../../../../../management/hooks/response_actions/use_get_endpoint_pending_actions_summary',
   () => {
     const original = jest.requireActual(
-      '../../../../management/hooks/response_actions/use_get_endpoint_pending_actions_summary'
+      '../../../../../management/hooks/response_actions/use_get_endpoint_pending_actions_summary'
     );
     return {
       ...original,
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/host_right/fields/endpoint_policy_fields.tsx b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/main/fields/endpoint_policy_fields.tsx
similarity index 80%
rename from x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/host_right/fields/endpoint_policy_fields.tsx
rename to x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/main/fields/endpoint_policy_fields.tsx
index 1132b89563162..2c22d61d543be 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/host_right/fields/endpoint_policy_fields.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/main/fields/endpoint_policy_fields.tsx
@@ -8,12 +8,12 @@
 import React from 'react';
 import { EuiHealth } from '@elastic/eui';
 
-import type { EntityTableRows } from '../../shared/components/entity_table/types';
-import type { ObservedEntityData } from '../../shared/components/observed_entity/types';
-import { AgentStatus } from '../../../../common/components/endpoint/agents/agent_status';
-import { getEmptyTagValue } from '../../../../common/components/empty_value';
-import type { HostItem } from '../../../../../common/search_strategy';
-import { HostPolicyResponseActionStatus } from '../../../../../common/search_strategy';
+import type { EntityTableRows } from '../../../../../flyout/entity_details/shared/components/entity_table/types';
+import type { ObservedEntityData } from '../../../../../flyout/entity_details/shared/components/observed_entity/types';
+import { AgentStatus } from '../../../../../common/components/endpoint/agents/agent_status';
+import { getEmptyTagValue } from '../../../../../common/components/empty_value';
+import type { HostItem } from '../../../../../../common/search_strategy';
+import { HostPolicyResponseActionStatus } from '../../../../../../common/search_strategy';
 import * as i18n from './translations';
 
 export const policyFields: EntityTableRows<ObservedEntityData<HostItem>> = [
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/host_right/fields/translations.ts b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/main/fields/translations.ts
similarity index 100%
rename from x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/host_right/fields/translations.ts
rename to x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/main/fields/translations.ts
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/main/footer.tsx b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/main/footer.tsx
new file mode 100644
index 0000000000000..a71a909996e5d
--- /dev/null
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/main/footer.tsx
@@ -0,0 +1,61 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React, { useMemo } from 'react';
+import { EuiFlexGroup, EuiFlexItem, EuiPanel } from '@elastic/eui';
+import { useEntityStoreEuidApi } from '@kbn/entity-store/public';
+import { TakeAction } from '../../../../flyout/entity_details/shared/components/take_action';
+import { EntityIdentifierFields, EntityType } from '../../../../../common/entity_analytics/types';
+import type { IdentityFields } from '../../../../flyout/document_details/shared/utils';
+import type { EntityStoreRecord } from '../../../../flyout/entity_details/shared/hooks/use_entity_from_store';
+import { useIsInSecurityApp } from '../../../../common/hooks/is_in_security_app';
+import { AiAssistantButton } from '../../../../entity_analytics/components/ai_assistant_button/ai_assistant_button';
+
+export interface FooterProps {
+  identityFields: IdentityFields;
+  /** When entity store v2 is enabled: entity record from the store. */
+  entity?: EntityStoreRecord;
+}
+
+/**
+ * Footer for the host details flyout containing the asset-inventory TakeAction button.
+ */
+export const Footer = ({ identityFields, entity }: FooterProps) => {
+  const isInSecurityApp = useIsInSecurityApp();
+  const hostName = useMemo(
+    () => identityFields[EntityIdentifierFields.hostName] || Object.values(identityFields)[0] || '',
+    [identityFields]
+  );
+
+  const euidApi = useEntityStoreEuidApi();
+  const euidEntityFilter = useMemo((): string | undefined => {
+    if (!euidApi?.euid || !entity) {
+      return undefined;
+    }
+    return euidApi.euid.kql.getEuidFilterBasedOnDocument('host', entity);
+  }, [euidApi?.euid, entity]);
+
+  return (
+    <EuiPanel color="transparent">
+      <EuiFlexGroup justifyContent="flexEnd" alignItems="center">
+        <EuiFlexItem grow={false}>
+          <AiAssistantButton
+            entityType={EntityType.host}
+            entityName={hostName}
+            telemetryPathway="entity_flyout"
+          />
+        </EuiFlexItem>
+        <EuiFlexItem grow={false}>
+          <TakeAction
+            isDisabled={!hostName || !isInSecurityApp}
+            kqlQuery={euidEntityFilter ?? `host.name: "${hostName}"`}
+          />
+        </EuiFlexItem>
+      </EuiFlexGroup>
+    </EuiPanel>
+  );
+};
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/host_right/header.test.tsx b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/main/header.test.tsx
similarity index 77%
rename from x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/host_right/header.test.tsx
rename to x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/main/header.test.tsx
index f175d29ebdb3e..f414cefacd636 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/host_right/header.test.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/main/header.test.tsx
@@ -7,9 +7,9 @@
 
 import { render } from '@testing-library/react';
 import React from 'react';
-import { TestProviders } from '../../../common/mock';
-import { HostPanelHeader } from './header';
-import { RiskSeverity } from '../../../../common/search_strategy';
+import { TestProviders } from '../../../../common/mock';
+import { Header } from './header';
+import { RiskSeverity } from '../../../../../common/search_strategy';
 
 const defaultLastSeen = {
   date: '2023-02-23T20:03:17.489Z',
@@ -22,13 +22,13 @@ const mockProps = {
   lastSeen: defaultLastSeen,
 };
 
-jest.mock('../../../common/components/visualization_actions/visualization_embeddable');
+jest.mock('../../../../common/components/visualization_actions/visualization_embeddable');
 
-describe('HostPanelHeader', () => {
+describe('Header', () => {
   it('renders', () => {
     const { getByTestId } = render(
       <TestProviders>
-        <HostPanelHeader {...mockProps} />
+        <Header {...mockProps} />
       </TestProviders>
     );
 
@@ -39,7 +39,7 @@ describe('HostPanelHeader', () => {
     const futureDay = '2989-03-07T20:00:00.000Z';
     const { getByTestId } = render(
       <TestProviders>
-        <HostPanelHeader {...mockProps} lastSeen={{ date: futureDay, isLoading: false }} />
+        <Header {...mockProps} lastSeen={{ date: futureDay, isLoading: false }} />
       </TestProviders>
     );
 
@@ -49,7 +49,7 @@ describe('HostPanelHeader', () => {
   it('renders observed badge when lastSeen is defined', () => {
     const { getByTestId } = render(
       <TestProviders>
-        <HostPanelHeader {...mockProps} />
+        <Header {...mockProps} />
       </TestProviders>
     );
 
@@ -59,7 +59,7 @@ describe('HostPanelHeader', () => {
   it('does not render observed badge when lastSeen date is undefined', () => {
     const { queryByTestId } = render(
       <TestProviders>
-        <HostPanelHeader {...mockProps} lastSeen={{ date: undefined, isLoading: false }} />
+        <Header {...mockProps} lastSeen={{ date: undefined, isLoading: false }} />
       </TestProviders>
     );
 
@@ -69,7 +69,7 @@ describe('HostPanelHeader', () => {
   it('renders skeleton when loading', () => {
     const { getByTestId, queryByTestId } = render(
       <TestProviders>
-        <HostPanelHeader {...mockProps} lastSeen={{ date: undefined, isLoading: true }} />
+        <Header {...mockProps} lastSeen={{ date: undefined, isLoading: true }} />
       </TestProviders>
     );
 
@@ -81,7 +81,7 @@ describe('HostPanelHeader', () => {
   it('does not render lastSeen element when isEntityInStore is true', () => {
     const { queryByTestId } = render(
       <TestProviders>
-        <HostPanelHeader {...mockProps} isEntityInStore />
+        <Header {...mockProps} isEntityInStore />
       </TestProviders>
     );
 
@@ -91,7 +91,7 @@ describe('HostPanelHeader', () => {
   it('renders entity store badge when isEntityInStore is true', () => {
     const { getByTestId } = render(
       <TestProviders>
-        <HostPanelHeader {...mockProps} isEntityInStore />
+        <Header {...mockProps} isEntityInStore />
       </TestProviders>
     );
 
@@ -101,7 +101,7 @@ describe('HostPanelHeader', () => {
   it('renders observed badge text when isEntityInStore is false', () => {
     const { getByTestId } = render(
       <TestProviders>
-        <HostPanelHeader {...mockProps} />
+        <Header {...mockProps} />
       </TestProviders>
     );
 
@@ -111,7 +111,7 @@ describe('HostPanelHeader', () => {
   it('renders risk level badge when isEntityInStore and riskLevel are provided', () => {
     const { getByText } = render(
       <TestProviders>
-        <HostPanelHeader {...mockProps} isEntityInStore riskLevel={RiskSeverity.High} />
+        <Header {...mockProps} isEntityInStore riskLevel={RiskSeverity.High} />
       </TestProviders>
     );
 
@@ -121,7 +121,7 @@ describe('HostPanelHeader', () => {
   it('does not render risk level badge when isEntityInStore is false', () => {
     const { queryByText } = render(
       <TestProviders>
-        <HostPanelHeader {...mockProps} riskLevel={RiskSeverity.High} />
+        <Header {...mockProps} riskLevel={RiskSeverity.High} />
       </TestProviders>
     );
 
@@ -131,7 +131,7 @@ describe('HostPanelHeader', () => {
   it('renders the host name as a link to the details page when isEntityInStore is false', () => {
     const { getByTestId } = render(
       <TestProviders>
-        <HostPanelHeader {...mockProps} isEntityInStore={false} />
+        <Header {...mockProps} isEntityInStore={false} />
       </TestProviders>
     );
 
@@ -141,7 +141,7 @@ describe('HostPanelHeader', () => {
   it('renders the host name without a link when isEntityInStore is true', () => {
     const { queryByTestId } = render(
       <TestProviders>
-        <HostPanelHeader {...mockProps} isEntityInStore />
+        <Header {...mockProps} isEntityInStore />
       </TestProviders>
     );
 
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/host_right/header.tsx b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/main/header.tsx
similarity index 76%
rename from x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/host_right/header.tsx
rename to x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/main/header.tsx
index aba58abfe69b0..7a2996c28ace2 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/host_right/header.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/main/header.tsx
@@ -13,41 +13,48 @@ import {
   EuiSpacer,
   EuiText,
 } from '@elastic/eui';
-import { css } from '@emotion/react';
 import { FormattedMessage } from '@kbn/i18n-react';
 import React, { useMemo } from 'react';
 import { SecurityPageName } from '@kbn/security-solution-navigation';
-import { getHostDetailsUrl } from '../../../common/components/link_to';
-import { SecuritySolutionLinkAnchor } from '../../../common/components/links';
-import { PreferenceFormattedDate } from '../../../common/components/formatted_date';
-import { FlyoutHeader } from '../../shared/components/flyout_header';
-import { FlyoutTitle } from '../../../flyout_v2/shared/components/flyout_title';
-import type { FirstLastSeenData } from '../shared/components/observed_entity/types';
-import type { IdentityFields } from '../../document_details/shared/utils';
-import type { RiskSeverity } from '../../../../common/search_strategy';
-import { EntitySourceBadge } from '../shared/components/entity_source_badge';
-import { RiskLevelBadge } from '../shared/components/risk_level_badge';
+import { getHostDetailsUrl } from '../../../../common/components/link_to';
+import { SecuritySolutionLinkAnchor } from '../../../../common/components/links';
+import { PreferenceFormattedDate } from '../../../../common/components/formatted_date';
+import { FlyoutTitle } from '../../../shared/components/flyout_title';
+import type { FirstLastSeenData } from '../../../../flyout/entity_details/shared/components/observed_entity/types';
+import type { IdentityFields } from '../../../../flyout/document_details/shared/utils';
+import type { RiskSeverity } from '../../../../../common/search_strategy';
+import { EntitySourceBadge } from '../../../../flyout/entity_details/shared/components/entity_source_badge';
+import { RiskLevelBadge } from '../../../../flyout/entity_details/shared/components/risk_level_badge';
 
-interface HostPanelHeaderProps {
+export interface HeaderProps {
+  /** Host name displayed as the flyout title. */
   hostName: string;
+  /** First/last seen timestamps for the host. */
   lastSeen: FirstLastSeenData;
+  /** Entity store entity ID, used for the entity source badge. */
   entityId?: string;
+  /** Key-value map of identity fields used to resolve the host. */
   identityFields?: IdentityFields;
+  /** Whether the host exists in the entity store. */
   isEntityInStore?: boolean;
+  /** Risk severity level for the host. */
   riskLevel?: RiskSeverity;
 }
 
 const linkTitleCSS = { width: 'fit-content' };
 const urlParamOverride = { timeline: { isOpen: false } };
 
-export const HostPanelHeader = ({
+/**
+ * Header component for the host details flyout.
+ */
+export const Header = ({
   hostName,
   lastSeen,
   entityId,
   identityFields,
   isEntityInStore,
   riskLevel,
-}: HostPanelHeaderProps) => {
+}: HeaderProps) => {
   const lastSeenDate = lastSeen?.date;
   const isLoading = lastSeen?.isLoading ?? false;
   const lastSeenDateFormatted = useMemo(
@@ -55,15 +62,7 @@ export const HostPanelHeader = ({
     [lastSeenDate]
   );
   return (
-    <FlyoutHeader
-      data-test-subj="host-panel-header"
-      hasBorder={false}
-      css={css`
-        & > .euiPanel {
-          padding-bottom: 0;
-        }
-      `}
-    >
+    <div data-test-subj="host-panel-header">
       <EuiFlexGroup gutterSize="s" responsive={false} direction="column">
         {!isEntityInStore && (
           <EuiFlexItem grow={false}>
@@ -148,6 +147,6 @@ export const HostPanelHeader = ({
           </EuiFlexItem>
         )}
       </EuiFlexGroup>
-    </FlyoutHeader>
+    </div>
   );
 };
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/host_right/hooks/use_observed_host.ts b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/main/hooks/use_observed_host.ts
similarity index 78%
rename from x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/host_right/hooks/use_observed_host.ts
rename to x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/main/hooks/use_observed_host.ts
index 93137ae727cd1..710baf6ee38a2 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/host_right/hooks/use_observed_host.ts
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/main/hooks/use_observed_host.ts
@@ -7,24 +7,24 @@
 
 import { useMemo } from 'react';
 import deepmerge from 'deepmerge';
-import { useDeepEqualSelector } from '../../../../common/hooks/use_selector';
-import type { inputsModel } from '../../../../common/store';
-import { inputsSelectors } from '../../../../common/store';
-import { useHostDetails } from '../../../../explore/hosts/containers/hosts/details';
-import { useFirstLastSeen } from '../../../../common/containers/use_first_last_seen';
-import { useGlobalTime } from '../../../../common/containers/use_global_time';
-import type { HostItem } from '../../../../../common/search_strategy';
-import { Direction, NOT_EVENT_KIND_ASSET_FILTER } from '../../../../../common/search_strategy';
+import { useDeepEqualSelector } from '../../../../../common/hooks/use_selector';
+import type { inputsModel } from '../../../../../common/store';
+import { inputsSelectors } from '../../../../../common/store';
+import { useHostDetails } from '../../../../../explore/hosts/containers/hosts/details';
+import { useFirstLastSeen } from '../../../../../common/containers/use_first_last_seen';
+import { useGlobalTime } from '../../../../../common/containers/use_global_time';
+import type { HostItem } from '../../../../../../common/search_strategy';
+import { Direction, NOT_EVENT_KIND_ASSET_FILTER } from '../../../../../../common/search_strategy';
 import { HOST_PANEL_OBSERVED_HOST_QUERY_ID, HOST_PANEL_RISK_SCORE_QUERY_ID } from '../constants';
-import { useQueryInspector } from '../../../../common/components/page/manage_query';
-import type { InspectResponse } from '../../../../types';
+import { useQueryInspector } from '../../../../../common/components/page/manage_query';
+import type { InspectResponse } from '../../../../../types';
 import type {
   EntityFromStoreResult,
   EntityStoreRecord,
-} from '../../shared/hooks/use_entity_from_store';
-import type { ObservedEntityData } from '../../shared/components/observed_entity/types';
-import { isActiveTimeline } from '../../../../helpers';
-import { useSecurityDefaultPatterns } from '../../../../data_view_manager/hooks/use_security_default_patterns';
+} from '../../../../../flyout/entity_details/shared/hooks/use_entity_from_store';
+import type { ObservedEntityData } from '../../../../../flyout/entity_details/shared/components/observed_entity/types';
+import { isActiveTimeline } from '../../../../../helpers';
+import { useSecurityDefaultPatterns } from '../../../../../data_view_manager/hooks/use_security_default_patterns';
 
 export type ObservedHostResult = Omit<ObservedEntityData<HostItem>, 'anomalies'> & {
   entityRecord?: EntityStoreRecord | null;
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/host_right/hooks/use_observed_host_fields.test.ts b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/main/hooks/use_observed_host_fields.test.ts
similarity index 96%
rename from x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/host_right/hooks/use_observed_host_fields.test.ts
rename to x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/main/hooks/use_observed_host_fields.test.ts
index 11cf670ba24a0..14dc3e5aa1d77 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/host_right/hooks/use_observed_host_fields.test.ts
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/main/hooks/use_observed_host_fields.test.ts
@@ -7,8 +7,8 @@
 
 import { renderHook } from '@testing-library/react';
 import { useObservedHostFields } from './use_observed_host_fields';
-import { mockObservedHostData } from '../../mocks';
-import { TestProviders } from '../../../../common/mock';
+import { mockObservedHostData } from '../../../../../flyout/entity_details/mocks';
+import { TestProviders } from '../../../../../common/mock';
 
 describe('useObservedHostFields', () => {
   it('returns managed host items for Entra host', () => {
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/host_right/hooks/use_observed_host_fields.ts b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/main/hooks/use_observed_host_fields.ts
similarity index 64%
rename from x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/host_right/hooks/use_observed_host_fields.ts
rename to x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/main/hooks/use_observed_host_fields.ts
index 255bb54c2c58a..2861abbb1def7 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/flyout/entity_details/host_right/hooks/use_observed_host_fields.ts
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/main/hooks/use_observed_host_fields.ts
@@ -6,11 +6,11 @@
  */
 
 import { useMemo } from 'react';
-import { useMlCapabilities } from '../../../../common/components/ml/hooks/use_ml_capabilities';
-import type { HostItem } from '../../../../../common/search_strategy';
-import { getAnomaliesFields } from '../../shared/common';
-import type { EntityTableRows } from '../../shared/components/entity_table/types';
-import type { ObservedEntityData } from '../../shared/components/observed_entity/types';
+import { useMlCapabilities } from '../../../../../common/components/ml/hooks/use_ml_capabilities';
+import type { HostItem } from '../../../../../../common/search_strategy';
+import { getAnomaliesFields } from '../../../../../flyout/entity_details/shared/common';
+import type { EntityTableRows } from '../../../../../flyout/entity_details/shared/components/entity_table/types';
+import type { ObservedEntityData } from '../../../../../flyout/entity_details/shared/components/observed_entity/types';
 import { policyFields } from '../fields/endpoint_policy_fields';
 import { basicHostFields } from '../fields/basic_host_fields';
 import { cloudFields } from '../fields/cloud_fields';
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/main/index.test.tsx b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/main/index.test.tsx
new file mode 100644
index 0000000000000..1b05275990980
--- /dev/null
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/main/index.test.tsx
@@ -0,0 +1,73 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { render } from '@testing-library/react';
+import React from 'react';
+import { TestProviders } from '../../../../common/mock';
+import {
+  mockHostRiskScoreState,
+  mockObservedHostData,
+} from '../../../../flyout/entity_details/mocks';
+import { Host } from '.';
+
+const mockProps = {
+  hostName: 'test',
+  scopeId: 'test-scope-id',
+  contextID: 'test-host-panel',
+};
+
+jest.mock('../../../../common/components/visualization_actions/visualization_embeddable');
+
+const mockedHostRiskScore = jest.fn().mockReturnValue(mockHostRiskScoreState);
+jest.mock('../../../../entity_analytics/api/hooks/use_risk_score', () => ({
+  useRiskScore: () => mockedHostRiskScore(),
+}));
+
+const mockedUseObservedHost = jest.fn().mockReturnValue(mockObservedHostData);
+jest.mock('./hooks/use_observed_host', () => ({
+  useObservedHost: () => mockedUseObservedHost(),
+}));
+
+describe('<Host />', () => {
+  beforeEach(() => {
+    mockedHostRiskScore.mockReturnValue(mockHostRiskScoreState);
+    mockedUseObservedHost.mockReturnValue(mockObservedHostData);
+  });
+
+  it('renders header, content, and footer', () => {
+    const { getByTestId } = render(
+      <TestProviders>
+        <Host {...mockProps} />
+      </TestProviders>
+    );
+
+    expect(getByTestId('host-panel-header')).toBeInTheDocument();
+    expect(getByTestId('observedEntity-accordion')).toBeInTheDocument();
+  });
+
+  it('does not render an expand-details navigation button (no v2 left panel yet)', () => {
+    const { queryByTestId } = render(
+      <TestProviders>
+        <Host {...mockProps} />
+      </TestProviders>
+    );
+
+    expect(
+      queryByTestId('securitySolutionFlyoutNavigationExpandDetailButton')
+    ).not.toBeInTheDocument();
+  });
+
+  it('does not render a preview footer', () => {
+    const { queryByTestId } = render(
+      <TestProviders>
+        <Host {...mockProps} />
+      </TestProviders>
+    );
+
+    expect(queryByTestId('host-preview-footer')).not.toBeInTheDocument();
+  });
+});
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/main/index.tsx b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/main/index.tsx
new file mode 100644
index 0000000000000..c8bfc32a88677
--- /dev/null
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/main/index.tsx
@@ -0,0 +1,398 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { FC } from 'react';
+import React, { memo, useCallback, useMemo } from 'react';
+import { noop } from 'lodash/fp';
+import { useHistory } from 'react-router-dom';
+import { useStore } from 'react-redux';
+import { EuiFlyoutHeader, EuiFlyoutBody, EuiSpacer } from '@elastic/eui';
+import type { DataTableRecord } from '@kbn/discover-utils';
+import { FF_ENABLE_ENTITY_STORE_V2, useEntityStoreEuidApi } from '@kbn/entity-store/public';
+import { DOC_VIEWER_FLYOUT_HISTORY_KEY } from '@kbn/unified-doc-viewer';
+import { useUpdateAssetCriticality } from '../../../../entity_analytics/api/hooks/use_update_asset_criticality';
+import { useRefetchQueryById } from '../../../../entity_analytics/api/hooks/use_refetch_query_by_id';
+import { RISK_INPUTS_TAB_QUERY_ID } from '../../../../entity_analytics/components/flyout_v2/constants';
+import type { Refetch } from '../../../../common/types';
+import { useCalculateEntityRiskScore } from '../../../../entity_analytics/api/hooks/use_calculate_entity_risk_score';
+import { useRiskScore } from '../../../../entity_analytics/api/hooks/use_risk_score';
+import { useQueryInspector } from '../../../../common/components/page/manage_query';
+import { useGlobalTime } from '../../../../common/containers/use_global_time';
+import { buildHostNamesFilter, type RiskSeverity } from '../../../../../common/search_strategy';
+import { useUiSetting, useKibana } from '../../../../common/lib/kibana';
+import { useIsInSecurityApp } from '../../../../common/hooks/is_in_security_app';
+import type { EntityDetailsPath } from '../../../../flyout/entity_details/shared/components/left_panel/left_panel_header';
+import {
+  CspInsightLeftPanelSubTab,
+  EntityDetailsLeftPanelTab,
+} from '../../../../flyout/entity_details/shared/components/left_panel/left_panel_header';
+import { flyoutProviders } from '../../../shared/components/flyout_provider';
+import {
+  defaultToolsFlyoutProperties,
+  useDefaultDocumentFlyoutProperties,
+} from '../../../shared/hooks/use_default_flyout_properties';
+import { documentFlyoutHistoryKey } from '../../../shared/constants/flyout_history';
+import { RiskInputs } from '../tools/risk_inputs';
+import { MisconfigurationInsights } from '../tools/misconfiguration_insights';
+import { VulnerabilityInsights } from '../tools/vulnerability_insights';
+import { AlertsInsights } from '../tools/alerts_insights';
+import { Header } from './header';
+import { Content } from './content';
+import { Footer } from './footer';
+import { useObservedHost } from './hooks/use_observed_host';
+import { EntityType } from '../../../../../common/entity_analytics/types';
+import {
+  buildRiskScoreStateFromEntityRecord,
+  getRiskFromEntityRecord,
+} from '../../../../flyout/entity_details/shared/entity_store_risk_utils';
+import {
+  useEntityFromStore,
+  type EntityStoreRecord,
+} from '../../../../flyout/entity_details/shared/hooks/use_entity_from_store';
+import type { CriticalityLevelWithUnassigned } from '../../../../../common/entity_analytics/asset_criticality/types';
+import { ENABLE_ASSET_INVENTORY_SETTING } from '../../../../../common/constants';
+import {
+  mergeLegacyIdentityWhenStoreEntityMissing,
+  type IdentityFields,
+} from '../../../../flyout/document_details/shared/utils';
+import { HOST_PANEL_RISK_SCORE_QUERY_ID } from './constants';
+import {
+  useEntityPanelTabs,
+  TABLE_TAB_ID,
+} from '../../../../flyout/entity_details/shared/hooks/use_entity_panel_tabs';
+import { EntityPanelHeaderTabs } from '../../../../flyout/entity_details/shared/components/entity_panel_tabs';
+import { EntityStoreTableTab } from '../../../../flyout/entity_details/shared/components/entity_store_table_tab';
+import { EntitySummaryGrid } from '../../../../flyout/entity_details/shared/components/entity_summary_grid';
+
+export interface HostProps {
+  /**
+   * Display name from the source row / document (typically `host.name`).
+   */
+  hostName: string;
+  /**
+   * The source document record. When provided, entityId is computed from the document's
+   * host identity fields using the EUID API. Falls back to the `entityId` prop if the
+   * EUID API returns no value.
+   */
+  hit?: DataTableRecord;
+  /**
+   * Canonical Entity Store v2 id (`entity.id`) when already resolved (e.g. from alerts/events table).
+   * Used directly when `hit` is not provided, or as a fallback when EUID resolution from `hit` yields no value.
+   */
+  entityId?: string;
+  /**
+   * Scope id (timeline id, table id, etc.) — used for downstream containers and queries.
+   */
+  scopeId?: string;
+  /**
+   * Stable identifier for the host panel context (defaults to `scopeId` or a static fallback).
+   */
+  contextID?: string;
+}
+
+const FIRST_RECORD_PAGINATION = {
+  cursorStart: 0,
+  querySize: 1,
+};
+
+/**
+ * Standalone host details flyout content (for use with `overlays.openSystemFlyout`).
+ *
+ * Runs the same data hooks as the v1 `HostPanel`, but without the expandable-flyout
+ * navigation or preview-mode handling. Detail panels (risk inputs, graph view, etc.)
+ * open as separate system flyouts via `overlays.openSystemFlyout`.
+ */
+export const Host: FC<HostProps> = memo(function Host({
+  hostName,
+  hit,
+  entityId: entityIdProp,
+  scopeId = '',
+  contextID,
+}) {
+  const { services } = useKibana();
+  const { uiSettings, overlays } = services;
+  const store = useStore();
+  const history = useHistory();
+  const euidApi = useEntityStoreEuidApi();
+
+  // Compute entityId from hit when provided, otherwise use the prop
+  const entityId = useMemo(
+    () => (hit ? euidApi?.euid?.getEuidFromObject('host', hit.flattened) : entityIdProp),
+    [hit, euidApi, entityIdProp]
+  );
+  const assetInventoryEnabled = uiSettings.get(ENABLE_ASSET_INVENTORY_SETTING, true);
+  const entityStoreV2Enabled = useUiSetting<boolean>(FF_ENABLE_ENTITY_STORE_V2, false);
+  const isInSecurityApp = useIsInSecurityApp();
+  const historyKey = isInSecurityApp ? documentFlyoutHistoryKey : DOC_VIEWER_FLYOUT_HISTORY_KEY;
+  const defaultDocumentFlyoutProperties = useDefaultDocumentFlyoutProperties();
+
+  const safeContextID = contextID ?? scopeId ?? 'host-panel';
+  const { setQuery, deleteQuery, isInitializing } = useGlobalTime();
+
+  const hostStoreIdentityFields = useMemo(
+    () => (!entityId && hostName ? { 'host.name': hostName } : undefined),
+    [entityId, hostName]
+  );
+
+  const entityFromStoreResult = useEntityFromStore({
+    entityId,
+    identityFields: hostStoreIdentityFields,
+    entityType: 'host',
+    skip: !entityStoreV2Enabled || isInitializing,
+  });
+
+  const documentEntityIdentifiers = useMemo<IdentityFields>(() => {
+    const legacyFields =
+      hostName != null && hostName !== '' ? { 'host.name': hostName } : ({} as IdentityFields);
+    if (entityStoreV2Enabled) {
+      const fromStore =
+        euidApi?.euid?.getEntityIdentifiersFromDocument(
+          'host',
+          entityFromStoreResult.entityRecord
+        ) ?? {};
+      return mergeLegacyIdentityWhenStoreEntityMissing(fromStore, legacyFields);
+    }
+    return legacyFields;
+  }, [entityStoreV2Enabled, euidApi?.euid, entityFromStoreResult.entityRecord, hostName]);
+
+  const hostNameFilterQuery = useMemo(
+    () => (hostName ? buildHostNamesFilter([hostName]) : undefined),
+    [hostName]
+  );
+
+  const riskScoreState = useRiskScore({
+    riskEntity: EntityType.host,
+    filterQuery: hostNameFilterQuery,
+    onlyLatest: false,
+    pagination: FIRST_RECORD_PAGINATION,
+    skip: entityStoreV2Enabled,
+  });
+
+  const { inspect: inspectRiskScore, refetch, loading } = riskScoreState;
+
+  const refetchRiskInputsTab = useRefetchQueryById(RISK_INPUTS_TAB_QUERY_ID);
+  const refetchRiskScore = useCallback(() => {
+    refetch();
+    (refetchRiskInputsTab as Refetch | null)?.();
+  }, [refetch, refetchRiskInputsTab]);
+
+  const { isLoading: recalculatingScore, calculateEntityRiskScore } = useCalculateEntityRiskScore(
+    EntityType.host,
+    hostName,
+    { onSuccess: refetchRiskScore }
+  );
+
+  const { updateAssetCriticalityLevel } = useUpdateAssetCriticality('host', {
+    onSuccess: calculateEntityRiskScore,
+  });
+
+  const observedHost = useObservedHost(
+    hostName,
+    scopeId,
+    entityStoreV2Enabled ? entityFromStoreResult : undefined
+  );
+
+  const panelDisplayEntityId = useMemo(
+    () => (entityStoreV2Enabled ? observedHost.entityRecord?.entity?.id : entityId),
+    [entityId, entityStoreV2Enabled, observedHost.entityRecord?.entity?.id]
+  );
+
+  const useEntityStoreInspectForRisk = entityStoreV2Enabled && observedHost.entityRecord != null;
+
+  useQueryInspector({
+    deleteQuery,
+    inspect: useEntityStoreInspectForRisk
+      ? entityFromStoreResult?.inspect ?? null
+      : inspectRiskScore,
+    loading: useEntityStoreInspectForRisk ? entityFromStoreResult?.isLoading ?? false : loading,
+    queryId: HOST_PANEL_RISK_SCORE_QUERY_ID,
+    refetch: useEntityStoreInspectForRisk ? entityFromStoreResult?.refetch ?? noop : refetch,
+    setQuery,
+  });
+
+  const entityFromStore: EntityStoreRecord | undefined = entityStoreV2Enabled
+    ? observedHost.entityRecord ?? undefined
+    : undefined;
+  const riskScoreStateFromStore =
+    entityStoreV2Enabled && observedHost.entityRecord
+      ? buildRiskScoreStateFromEntityRecord(EntityType.host, observedHost.entityRecord, {
+          refetch: observedHost.refetchEntityStore ?? noop,
+          isLoading: observedHost.isLoading,
+          error: null,
+          inspect: entityFromStoreResult?.inspect,
+        })
+      : null;
+
+  const effectiveRiskScoreState = riskScoreStateFromStore ?? riskScoreState;
+
+  const onCriticalitySave =
+    entityFromStoreResult.entityRecord && observedHost.entityRecord
+      ? (level: CriticalityLevelWithUnassigned) =>
+          updateAssetCriticalityLevel(level, observedHost.entityRecord)
+      : undefined;
+
+  const entityStoreEntityId = entityStoreV2Enabled
+    ? observedHost.entityRecord?.entity?.id
+    : undefined;
+
+  const noEntityInStore =
+    entityStoreV2Enabled && !entityFromStoreResult.isLoading && !observedHost.entityRecord;
+
+  const { tabs, selectedTabId, setSelectedTabId } = useEntityPanelTabs({
+    entityRecord: observedHost.entityRecord ?? null,
+  });
+
+  const tabsNode = tabs ? (
+    <EntityPanelHeaderTabs
+      tabs={tabs}
+      selectedTabId={selectedTabId}
+      setSelectedTabId={setSelectedTabId}
+    />
+  ) : undefined;
+
+  const onOpenHost = useCallback(() => {
+    overlays.openSystemFlyout(
+      flyoutProviders({
+        services,
+        store,
+        history,
+        children: <Host hostName={hostName} entityId={entityId} scopeId={scopeId} />,
+      }),
+      { ...defaultDocumentFlyoutProperties, title: hostName, historyKey, session: 'inherit' }
+    );
+  }, [
+    overlays,
+    services,
+    store,
+    history,
+    historyKey,
+    hostName,
+    entityId,
+    scopeId,
+    defaultDocumentFlyoutProperties,
+  ]);
+
+  const openDetailsPanel = useCallback(
+    (path: EntityDetailsPath) => {
+      const common = {
+        ...defaultToolsFlyoutProperties,
+        title: hostName,
+        historyKey,
+        session: 'start' as const,
+      };
+      const wrap = (children: React.ReactNode) =>
+        overlays.openSystemFlyout(flyoutProviders({ services, store, history, children }), common);
+
+      switch (path.tab) {
+        case EntityDetailsLeftPanelTab.RISK_INPUTS:
+          return wrap(
+            <RiskInputs
+              entityName={hostName}
+              entityId={entityStoreEntityId}
+              scopeId={scopeId}
+              onOpenHost={onOpenHost}
+            />
+          );
+        case EntityDetailsLeftPanelTab.CSP_INSIGHTS:
+          switch (path.subTab) {
+            case CspInsightLeftPanelSubTab.VULNERABILITIES:
+              return wrap(
+                <VulnerabilityInsights
+                  value={hostName}
+                  entityId={panelDisplayEntityId}
+                  scopeId={scopeId}
+                  onOpenHost={onOpenHost}
+                />
+              );
+            case CspInsightLeftPanelSubTab.ALERTS:
+              return wrap(
+                <AlertsInsights
+                  value={hostName}
+                  entityId={panelDisplayEntityId}
+                  onOpenHost={onOpenHost}
+                />
+              );
+            case CspInsightLeftPanelSubTab.MISCONFIGURATIONS:
+              return wrap(
+                <MisconfigurationInsights
+                  value={hostName}
+                  entityId={panelDisplayEntityId}
+                  scopeId={scopeId}
+                  onOpenHost={onOpenHost}
+                />
+              );
+          }
+      }
+    },
+    [
+      overlays,
+      services,
+      store,
+      history,
+      historyKey,
+      hostName,
+      panelDisplayEntityId,
+      scopeId,
+      entityStoreEntityId,
+      onOpenHost,
+    ]
+  );
+
+  const riskLevel = observedHost.entityRecord
+    ? ((getRiskFromEntityRecord(observedHost.entityRecord)?.calculated_level ??
+        'Unknown') as RiskSeverity)
+    : undefined;
+
+  return (
+    <>
+      <EuiFlyoutHeader hasBorder>
+        <Header
+          hostName={hostName}
+          lastSeen={observedHost.lastSeen}
+          entityId={panelDisplayEntityId}
+          identityFields={documentEntityIdentifiers}
+          isEntityInStore={!!observedHost.entityRecord}
+          riskLevel={riskLevel}
+        />
+      </EuiFlyoutHeader>
+      <EuiFlyoutBody>
+        {observedHost.entityRecord && (
+          <EntitySummaryGrid
+            entityRecord={observedHost.entityRecord}
+            criticalityLevel={entityFromStoreResult.entityRecord?.asset?.criticality}
+            onCriticalitySave={onCriticalitySave}
+          />
+        )}
+        {tabsNode}
+        {tabs && <EuiSpacer size="l" />}
+        {tabs && selectedTabId === TABLE_TAB_ID && observedHost.entityRecord ? (
+          <EntityStoreTableTab entityRecord={observedHost.entityRecord} />
+        ) : (
+          <Content
+            identityFields={documentEntityIdentifiers}
+            observedHost={observedHost}
+            riskScoreState={effectiveRiskScoreState}
+            contextID={safeContextID}
+            scopeId={scopeId}
+            openDetailsPanel={openDetailsPanel}
+            recalculatingScore={recalculatingScore}
+            onAssetCriticalityChange={calculateEntityRiskScore}
+            isPreviewMode={false}
+            entityRecord={entityStoreV2Enabled ? observedHost.entityRecord ?? undefined : undefined}
+            skipRiskAndCriticality={noEntityInStore}
+            entityStoreEntityId={entityStoreEntityId}
+          />
+        )}
+      </EuiFlyoutBody>
+      {assetInventoryEnabled && (
+        <Footer identityFields={documentEntityIdentifiers} entity={entityFromStore} />
+      )}
+    </>
+  );
+});
+
+Host.displayName = 'Host';
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/tools/alerts_insights/index.test.tsx b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/tools/alerts_insights/index.test.tsx
new file mode 100644
index 0000000000000..6e9a543061940
--- /dev/null
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/tools/alerts_insights/index.test.tsx
@@ -0,0 +1,144 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React from 'react';
+import { render } from '@testing-library/react';
+import { AlertsInsights } from '.';
+
+const mockOpenSystemFlyout = jest.fn();
+
+jest.mock('../../../../shared/components/tools_flyout_header', () => ({
+  ToolsFlyoutHeader: ({
+    title,
+    label,
+    iconType,
+    onTitleClick,
+  }: {
+    title: string;
+    label?: string;
+    iconType?: string;
+    onTitleClick?: () => void;
+  }) => (
+    <button
+      type="button"
+      data-test-subj="mockToolsFlyoutHeader"
+      data-title={title}
+      data-label={label}
+      data-icon-type={iconType}
+      onClick={onTitleClick}
+    />
+  ),
+}));
+
+jest.mock(
+  '../../../../../cloud_security_posture/components/flyout_v2/csp_details/alerts_findings_details_table',
+  () => ({
+    AlertsDetailsTable: ({
+      field,
+      value,
+      entityId,
+      entityType,
+      onShowAlert,
+    }: {
+      field: string;
+      value: string;
+      entityId?: string;
+      entityType?: string;
+      onShowAlert?: (eventId: string, indexName: string) => void;
+    }) => (
+      <button
+        type="button"
+        data-test-subj="mockAlertsDetailsTable"
+        data-field={field}
+        data-value={value}
+        data-entity-id={entityId ?? ''}
+        data-entity-type={entityType ?? ''}
+        onClick={() => onShowAlert?.('event-1', '.alerts-security')}
+      >
+        {'alerts-table'}
+      </button>
+    ),
+  })
+);
+
+jest.mock('../../../../shared/components/flyout_provider', () => ({
+  flyoutProviders: ({ children }: { children: React.ReactNode }) => <>{children}</>,
+}));
+
+jest.mock('../../../../document/main/document_flyout_wrapper', () => ({
+  DocumentFlyoutWrapper: () => <div data-test-subj="mockDocumentFlyoutWrapper" />,
+}));
+
+jest.mock('../../../../shared/components/cell_actions', () => ({
+  cellActionRenderer: jest.fn(),
+}));
+
+jest.mock('../../../../shared/hooks/use_default_flyout_properties', () => ({
+  useDefaultDocumentFlyoutProperties: () => ({ size: 'm' }),
+}));
+
+jest.mock('../../../../../common/hooks/is_in_security_app', () => ({
+  useIsInSecurityApp: () => true,
+}));
+
+jest.mock('react-redux', () => ({
+  ...jest.requireActual('react-redux'),
+  useStore: () => ({}),
+}));
+
+jest.mock('react-router-dom', () => ({
+  ...jest.requireActual('react-router-dom'),
+  useHistory: () => ({ push: jest.fn() }),
+}));
+
+jest.mock('../../../../../common/lib/kibana', () => ({
+  useKibana: () => ({
+    services: {
+      overlays: { openSystemFlyout: mockOpenSystemFlyout },
+    },
+  }),
+}));
+
+describe('<AlertsInsights />', () => {
+  beforeEach(() => {
+    jest.clearAllMocks();
+  });
+
+  it('renders the header with the title, host label and entity icon', () => {
+    const { getByTestId } = render(<AlertsInsights value="my-host" />);
+    const header = getByTestId('mockToolsFlyoutHeader');
+    expect(header).toHaveAttribute('data-title', 'Alerts');
+    expect(header).toHaveAttribute('data-label', 'my-host');
+    expect(header).toHaveAttribute('data-icon-type', 'storage');
+  });
+
+  it('forwards the host name and entity id to the alerts table', () => {
+    const { getByTestId } = render(<AlertsInsights value="my-host" entityId="euid-123" />);
+    const table = getByTestId('mockAlertsDetailsTable');
+    expect(table).toHaveAttribute('data-field', 'host.name');
+    expect(table).toHaveAttribute('data-value', 'my-host');
+    expect(table).toHaveAttribute('data-entity-id', 'euid-123');
+    expect(table).toHaveAttribute('data-entity-type', 'host');
+  });
+
+  it('forwards onOpenHost to the header click handler', () => {
+    const onOpenHost = jest.fn();
+    const { getByTestId } = render(<AlertsInsights value="my-host" onOpenHost={onOpenHost} />);
+    getByTestId('mockToolsFlyoutHeader').click();
+    expect(onOpenHost).toHaveBeenCalledTimes(1);
+  });
+
+  it('opens a child system flyout when an alert row is expanded', () => {
+    const { getByTestId } = render(<AlertsInsights value="my-host" />);
+    getByTestId('mockAlertsDetailsTable').click();
+    expect(mockOpenSystemFlyout).toHaveBeenCalledTimes(1);
+    expect(mockOpenSystemFlyout).toHaveBeenCalledWith(
+      expect.anything(),
+      expect.objectContaining({ session: 'inherit' })
+    );
+  });
+});
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/tools/alerts_insights/index.tsx b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/tools/alerts_insights/index.tsx
new file mode 100644
index 0000000000000..105fab1e821e9
--- /dev/null
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/tools/alerts_insights/index.tsx
@@ -0,0 +1,101 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React, { memo, useCallback } from 'react';
+import { EuiFlyoutHeader } from '@elastic/eui';
+import { i18n } from '@kbn/i18n';
+import { useHistory } from 'react-router-dom';
+import { useStore } from 'react-redux';
+import { noop } from 'lodash/fp';
+import { DOC_VIEWER_FLYOUT_HISTORY_KEY } from '@kbn/unified-doc-viewer';
+import {
+  EntityIdentifierFields,
+  EntityType,
+} from '../../../../../../common/entity_analytics/types';
+import { ToolsFlyoutHeader } from '../../../../shared/components/tools_flyout_header';
+import { AlertsDetailsTable } from '../../../../../cloud_security_posture/components/flyout_v2/csp_details/alerts_findings_details_table';
+import { useKibana } from '../../../../../common/lib/kibana';
+import { flyoutProviders } from '../../../../shared/components/flyout_provider';
+import { useDefaultDocumentFlyoutProperties } from '../../../../shared/hooks/use_default_flyout_properties';
+import { DocumentFlyoutWrapper } from '../../../../document/main/document_flyout_wrapper';
+import { cellActionRenderer } from '../../../../shared/components/cell_actions';
+import { useIsInSecurityApp } from '../../../../../common/hooks/is_in_security_app';
+import { documentFlyoutHistoryKey } from '../../../../shared/constants/flyout_history';
+
+const TITLE = i18n.translate(
+  'xpack.securitySolution.flyout.entityDetails.host.alertsInsights.title',
+  { defaultMessage: 'Alerts' }
+);
+
+export interface AlertsInsightsProps {
+  /** The host name used to query alerts (`host.name` field value). */
+  value: string;
+  /** Canonical Entity Store v2 id (`entity.id`) when already resolved. */
+  entityId?: string;
+  /** Opens the originating host flyout as a child. */
+  onOpenHost?: () => void;
+}
+
+/**
+ * Tool flyout displaying alert findings for a host entity.
+ */
+export const AlertsInsights = memo(({ value, entityId, onOpenHost }: AlertsInsightsProps) => {
+  const { services } = useKibana();
+  const store = useStore();
+  const history = useHistory();
+  const defaultFlyoutProperties = useDefaultDocumentFlyoutProperties();
+  const isInSecurityApp = useIsInSecurityApp();
+  const historyKey = isInSecurityApp ? documentFlyoutHistoryKey : DOC_VIEWER_FLYOUT_HISTORY_KEY;
+
+  const onShowAlert = useCallback(
+    (eventId: string, indexName: string) => {
+      services.overlays.openSystemFlyout(
+        flyoutProviders({
+          services,
+          store,
+          history,
+          children: (
+            <DocumentFlyoutWrapper
+              documentId={eventId}
+              indexName={indexName}
+              renderCellActions={cellActionRenderer}
+              onAlertUpdated={noop}
+            />
+          ),
+        }),
+        {
+          ...defaultFlyoutProperties,
+          historyKey,
+          session: 'inherit',
+        }
+      );
+    },
+    [services, store, history, defaultFlyoutProperties, historyKey]
+  );
+
+  return (
+    <>
+      <EuiFlyoutHeader hasBorder>
+        <ToolsFlyoutHeader
+          title={TITLE}
+          onTitleClick={onOpenHost}
+          label={value}
+          iconType="storage"
+        />
+      </EuiFlyoutHeader>
+      <AlertsDetailsTable
+        field={EntityIdentifierFields.hostName}
+        value={value}
+        entityId={entityId}
+        entityType={EntityType.host}
+        onShowAlert={onShowAlert}
+      />
+    </>
+  );
+});
+
+AlertsInsights.displayName = 'AlertsInsights';
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/tools/alerts_insights/test_ids.ts b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/tools/alerts_insights/test_ids.ts
new file mode 100644
index 0000000000000..c10dc22fc2325
--- /dev/null
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/tools/alerts_insights/test_ids.ts
@@ -0,0 +1,8 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export const ALERTS_INSIGHTS_TOOL_TEST_ID = 'alertsInsightsTool';
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/tools/misconfiguration_insights/index.test.tsx b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/tools/misconfiguration_insights/index.test.tsx
new file mode 100644
index 0000000000000..926f48ddf21e9
--- /dev/null
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/tools/misconfiguration_insights/index.test.tsx
@@ -0,0 +1,144 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React from 'react';
+import { render } from '@testing-library/react';
+import { MisconfigurationInsights } from '.';
+
+const mockOpenSystemFlyout = jest.fn();
+
+jest.mock('../../../../shared/components/tools_flyout_header', () => ({
+  ToolsFlyoutHeader: ({
+    title,
+    label,
+    iconType,
+    onTitleClick,
+  }: {
+    title: string;
+    label?: string;
+    iconType?: string;
+    onTitleClick?: () => void;
+  }) => (
+    <button
+      type="button"
+      data-test-subj="mockToolsFlyoutHeader"
+      data-title={title}
+      data-label={label}
+      data-icon-type={iconType}
+      onClick={onTitleClick}
+    />
+  ),
+}));
+
+jest.mock(
+  '../../../../../cloud_security_posture/components/flyout_v2/csp_details/misconfiguration_findings_details_table',
+  () => ({
+    MisconfigurationFindingsDetailsTable: ({
+      field,
+      value,
+      scopeId,
+      entityId,
+      entityType,
+      onShowFinding,
+    }: {
+      field: string;
+      value: string;
+      scopeId: string;
+      entityId?: string;
+      entityType?: string;
+      onShowFinding?: (resourceId: string, ruleId: string) => void;
+    }) => (
+      <button
+        type="button"
+        data-test-subj="mockMisconfigurationFindingsDetailsTable"
+        data-field={field}
+        data-value={value}
+        data-scope-id={scopeId}
+        data-entity-id={entityId ?? ''}
+        data-entity-type={entityType ?? ''}
+        onClick={() => onShowFinding?.('resource-1', 'rule-1')}
+      >
+        {'misconfiguration-table'}
+      </button>
+    ),
+  })
+);
+
+jest.mock('../../../../csp_details/misconfiguration_panel', () => ({
+  MisconfigurationPanel: () => <div data-test-subj="mockMisconfigurationPanel" />,
+}));
+
+jest.mock('../../../../shared/components/flyout_provider', () => ({
+  flyoutProviders: ({ children }: { children: React.ReactNode }) => <>{children}</>,
+}));
+
+jest.mock('../../../../shared/hooks/use_default_flyout_properties', () => ({
+  useDefaultDocumentFlyoutProperties: () => ({ size: 'm' }),
+}));
+
+jest.mock('react-redux', () => ({
+  ...jest.requireActual('react-redux'),
+  useStore: () => ({}),
+}));
+
+jest.mock('react-router-dom', () => ({
+  ...jest.requireActual('react-router-dom'),
+  useHistory: () => ({ push: jest.fn() }),
+}));
+
+jest.mock('../../../../../common/lib/kibana', () => ({
+  useKibana: () => ({
+    services: {
+      overlays: { openSystemFlyout: mockOpenSystemFlyout },
+    },
+  }),
+}));
+
+describe('<MisconfigurationInsights />', () => {
+  beforeEach(() => {
+    jest.clearAllMocks();
+  });
+
+  it('renders the header with the title, host label and entity icon', () => {
+    const { getByTestId } = render(<MisconfigurationInsights value="my-host" scopeId="scope" />);
+    const header = getByTestId('mockToolsFlyoutHeader');
+    expect(header).toHaveAttribute('data-title', 'Misconfigurations');
+    expect(header).toHaveAttribute('data-label', 'my-host');
+    expect(header).toHaveAttribute('data-icon-type', 'storage');
+  });
+
+  it('forwards the host name, scope and entity id to the findings table', () => {
+    const { getByTestId } = render(
+      <MisconfigurationInsights value="my-host" scopeId="my-scope" entityId="euid-123" />
+    );
+    const table = getByTestId('mockMisconfigurationFindingsDetailsTable');
+    expect(table).toHaveAttribute('data-field', 'host.name');
+    expect(table).toHaveAttribute('data-value', 'my-host');
+    expect(table).toHaveAttribute('data-scope-id', 'my-scope');
+    expect(table).toHaveAttribute('data-entity-id', 'euid-123');
+    expect(table).toHaveAttribute('data-entity-type', 'host');
+  });
+
+  it('forwards onOpenHost to the header click handler', () => {
+    const onOpenHost = jest.fn();
+    const { getByTestId } = render(
+      <MisconfigurationInsights value="my-host" scopeId="scope" onOpenHost={onOpenHost} />
+    );
+    getByTestId('mockToolsFlyoutHeader').click();
+    expect(onOpenHost).toHaveBeenCalledTimes(1);
+  });
+
+  it('opens a child system flyout when a finding row is expanded', () => {
+    const { getByTestId } = render(<MisconfigurationInsights value="my-host" scopeId="scope" />);
+    getByTestId('mockMisconfigurationFindingsDetailsTable').click();
+    expect(mockOpenSystemFlyout).toHaveBeenCalledTimes(1);
+    expect(mockOpenSystemFlyout).toHaveBeenCalledWith(
+      expect.anything(),
+      expect.objectContaining({ session: 'inherit', title: 'my-host' })
+    );
+  });
+});
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/tools/misconfiguration_insights/index.tsx b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/tools/misconfiguration_insights/index.tsx
new file mode 100644
index 0000000000000..cff33b09b4f14
--- /dev/null
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/tools/misconfiguration_insights/index.tsx
@@ -0,0 +1,89 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React, { memo, useCallback } from 'react';
+import { EuiFlyoutHeader } from '@elastic/eui';
+import { i18n } from '@kbn/i18n';
+import { useHistory } from 'react-router-dom';
+import { useStore } from 'react-redux';
+import {
+  EntityIdentifierFields,
+  EntityType,
+} from '../../../../../../common/entity_analytics/types';
+import { useKibana } from '../../../../../common/lib/kibana';
+import { flyoutProviders } from '../../../../shared/components/flyout_provider';
+import { useDefaultDocumentFlyoutProperties } from '../../../../shared/hooks/use_default_flyout_properties';
+import { MisconfigurationPanel } from '../../../../csp_details/misconfiguration_panel';
+import { ToolsFlyoutHeader } from '../../../../shared/components/tools_flyout_header';
+import { MisconfigurationFindingsDetailsTable } from '../../../../../cloud_security_posture/components/flyout_v2/csp_details/misconfiguration_findings_details_table';
+
+const TITLE = i18n.translate(
+  'xpack.securitySolution.flyout.entityDetails.host.misconfigurationInsights.title',
+  { defaultMessage: 'Misconfigurations' }
+);
+
+export interface MisconfigurationInsightsProps {
+  /** The host name used to query misconfigurations (`host.name` field value). */
+  value: string;
+  /** Canonical Entity Store v2 id (`entity.id`) when already resolved. */
+  entityId?: string;
+  /** Scope id passed to downstream containers. */
+  scopeId: string;
+  /** Opens the originating host flyout as a child. */
+  onOpenHost?: () => void;
+}
+
+/**
+ * Tool flyout displaying CSP misconfiguration findings for a host entity.
+ */
+export const MisconfigurationInsights = memo(
+  ({ value, entityId, scopeId, onOpenHost }: MisconfigurationInsightsProps) => {
+    const { services } = useKibana();
+    const { overlays } = services;
+    const store = useStore();
+    const history = useHistory();
+    const defaultDocumentFlyoutProperties = useDefaultDocumentFlyoutProperties();
+
+    const onShowFinding = useCallback(
+      (resourceId: string, ruleId: string) => {
+        overlays.openSystemFlyout(
+          flyoutProviders({
+            services,
+            store,
+            history,
+            children: <MisconfigurationPanel resourceId={resourceId} ruleId={ruleId} />,
+          }),
+          { ...defaultDocumentFlyoutProperties, title: value, session: 'inherit' }
+        );
+      },
+      [overlays, services, store, history, defaultDocumentFlyoutProperties, value]
+    );
+
+    return (
+      <>
+        <EuiFlyoutHeader hasBorder>
+          <ToolsFlyoutHeader
+            title={TITLE}
+            onTitleClick={onOpenHost}
+            label={value}
+            iconType="storage"
+          />
+        </EuiFlyoutHeader>
+        <MisconfigurationFindingsDetailsTable
+          field={EntityIdentifierFields.hostName}
+          value={value}
+          scopeId={scopeId}
+          entityId={entityId}
+          entityType={EntityType.host}
+          onShowFinding={onShowFinding}
+        />
+      </>
+    );
+  }
+);
+
+MisconfigurationInsights.displayName = 'MisconfigurationInsights';
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/tools/misconfiguration_insights/test_ids.ts b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/tools/misconfiguration_insights/test_ids.ts
new file mode 100644
index 0000000000000..a1da88e524fbe
--- /dev/null
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/tools/misconfiguration_insights/test_ids.ts
@@ -0,0 +1,8 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export const MISCONFIGURATION_INSIGHTS_TOOL_TEST_ID = 'misconfigurationInsightsTool';
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/tools/risk_inputs/index.test.tsx b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/tools/risk_inputs/index.test.tsx
new file mode 100644
index 0000000000000..a1657c1bac183
--- /dev/null
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/tools/risk_inputs/index.test.tsx
@@ -0,0 +1,91 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React from 'react';
+import { render } from '@testing-library/react';
+import { RiskInputs } from '.';
+import { RISK_INPUTS_TOOL_TEST_ID } from './test_ids';
+
+jest.mock('../../../../shared/components/tools_flyout_header', () => ({
+  ToolsFlyoutHeader: ({
+    title,
+    label,
+    iconType,
+    onTitleClick,
+  }: {
+    title: string;
+    label?: string;
+    iconType?: string;
+    onTitleClick?: () => void;
+  }) => (
+    <button
+      type="button"
+      data-test-subj="mockToolsFlyoutHeader"
+      data-title={title}
+      data-label={label}
+      data-icon-type={iconType}
+      onClick={onTitleClick}
+    />
+  ),
+}));
+
+jest.mock('../../../../../entity_analytics/components/flyout_v2/risk_inputs_tab', () => ({
+  RiskInputsTab: ({
+    entityType,
+    entityName,
+    scopeId,
+    entityId,
+  }: {
+    entityType: string;
+    entityName: string;
+    scopeId: string;
+    entityId?: string;
+  }) => (
+    <div
+      data-test-subj="mockRiskInputsTab"
+      data-entity-type={entityType}
+      data-entity-name={entityName}
+      data-scope-id={scopeId}
+      data-entity-id={entityId ?? ''}
+    />
+  ),
+}));
+
+describe('<RiskInputs />', () => {
+  it('renders the header with the "Risk score" title and host label', () => {
+    const { getByTestId } = render(<RiskInputs entityName="my-host" scopeId="scope" />);
+    const header = getByTestId('mockToolsFlyoutHeader');
+    expect(header).toHaveAttribute('data-title', 'Risk score');
+    expect(header).toHaveAttribute('data-label', 'my-host');
+    expect(header).toHaveAttribute('data-icon-type', 'storage');
+  });
+
+  it('renders the risk inputs body container', () => {
+    const { getByTestId } = render(<RiskInputs entityName="my-host" scopeId="scope" />);
+    expect(getByTestId(RISK_INPUTS_TOOL_TEST_ID)).toBeInTheDocument();
+  });
+
+  it('passes entity context to the underlying RiskInputsTab', () => {
+    const { getByTestId } = render(
+      <RiskInputs entityName="my-host" scopeId="my-scope" entityId="euid-123" />
+    );
+    const tab = getByTestId('mockRiskInputsTab');
+    expect(tab).toHaveAttribute('data-entity-type', 'host');
+    expect(tab).toHaveAttribute('data-entity-name', 'my-host');
+    expect(tab).toHaveAttribute('data-scope-id', 'my-scope');
+    expect(tab).toHaveAttribute('data-entity-id', 'euid-123');
+  });
+
+  it('forwards onOpenHost to the header click handler', () => {
+    const onOpenHost = jest.fn();
+    const { getByTestId } = render(
+      <RiskInputs entityName="my-host" scopeId="scope" onOpenHost={onOpenHost} />
+    );
+    getByTestId('mockToolsFlyoutHeader').click();
+    expect(onOpenHost).toHaveBeenCalledTimes(1);
+  });
+});
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/tools/risk_inputs/index.tsx b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/tools/risk_inputs/index.tsx
new file mode 100644
index 0000000000000..3cdf987cb4d07
--- /dev/null
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/tools/risk_inputs/index.tsx
@@ -0,0 +1,54 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React, { memo } from 'react';
+import { EuiFlyoutBody, EuiFlyoutHeader } from '@elastic/eui';
+import { i18n } from '@kbn/i18n';
+import { EntityType } from '../../../../../../common/entity_analytics/types';
+import { RiskInputsTab } from '../../../../../entity_analytics/components/flyout_v2/risk_inputs_tab';
+import { ToolsFlyoutHeader } from '../../../../shared/components/tools_flyout_header';
+import { RISK_INPUTS_TOOL_TEST_ID } from './test_ids';
+
+const TITLE = i18n.translate('xpack.securitySolution.flyout.entityDetails.host.riskInputs.title', {
+  defaultMessage: 'Risk score',
+});
+
+export interface RiskInputsProps {
+  /** Display name of the host (typically `host.name`). */
+  entityName: string;
+  /** Scope id (timeline id, table id, etc.) passed to downstream containers. */
+  scopeId: string;
+  /** Canonical Entity Store v2 id (`entity.id`) when already resolved. */
+  entityId?: string;
+  /** Opens the originating host flyout as a child. */
+  onOpenHost?: () => void;
+}
+
+export const RiskInputs = memo(({ entityName, scopeId, entityId, onOpenHost }: RiskInputsProps) => {
+  return (
+    <>
+      <EuiFlyoutHeader hasBorder>
+        <ToolsFlyoutHeader
+          title={TITLE}
+          onTitleClick={onOpenHost}
+          label={entityName}
+          iconType="storage"
+        />
+      </EuiFlyoutHeader>
+      <EuiFlyoutBody data-test-subj={RISK_INPUTS_TOOL_TEST_ID}>
+        <RiskInputsTab
+          entityType={EntityType.host}
+          entityName={entityName}
+          scopeId={scopeId}
+          entityId={entityId}
+        />
+      </EuiFlyoutBody>
+    </>
+  );
+});
+
+RiskInputs.displayName = 'RiskInputs';
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/tools/risk_inputs/test_ids.ts b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/tools/risk_inputs/test_ids.ts
new file mode 100644
index 0000000000000..bb34b73049bfe
--- /dev/null
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/tools/risk_inputs/test_ids.ts
@@ -0,0 +1,10 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { PREFIX } from '../../../../../flyout/shared/test_ids';
+
+export const RISK_INPUTS_TOOL_TEST_ID = `${PREFIX}HostRiskInputsTool` as const;
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/tools/vulnerability_insights/index.test.tsx b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/tools/vulnerability_insights/index.test.tsx
new file mode 100644
index 0000000000000..2693054472ec4
--- /dev/null
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/tools/vulnerability_insights/index.test.tsx
@@ -0,0 +1,151 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React from 'react';
+import { render } from '@testing-library/react';
+import { VulnerabilityInsights } from '.';
+
+const mockOpenSystemFlyout = jest.fn();
+const vulnerabilityRowParams = {
+  vulnerabilityId: 'CVE-1',
+  resourceId: 'resource-1',
+  packageName: 'pkg',
+  packageVersion: '1.0.0',
+  eventId: 'event-1',
+};
+
+jest.mock('../../../../shared/components/tools_flyout_header', () => ({
+  ToolsFlyoutHeader: ({
+    title,
+    label,
+    iconType,
+    onTitleClick,
+  }: {
+    title: string;
+    label?: string;
+    iconType?: string;
+    onTitleClick?: () => void;
+  }) => (
+    <button
+      type="button"
+      data-test-subj="mockToolsFlyoutHeader"
+      data-title={title}
+      data-label={label}
+      data-icon-type={iconType}
+      onClick={onTitleClick}
+    />
+  ),
+}));
+
+jest.mock(
+  '../../../../../cloud_security_posture/components/flyout_v2/csp_details/vulnerabilities_findings_details_table',
+  () => ({
+    VulnerabilitiesFindingsDetailsTable: ({
+      identityField,
+      value,
+      scopeId,
+      entityId,
+      entityType,
+      onShowVulnerability,
+    }: {
+      identityField: string;
+      value: string;
+      scopeId: string;
+      entityId?: string;
+      entityType?: string;
+      onShowVulnerability?: (params: typeof vulnerabilityRowParams) => void;
+    }) => (
+      <button
+        type="button"
+        data-test-subj="mockVulnerabilitiesFindingsDetailsTable"
+        data-identity-field={identityField}
+        data-value={value}
+        data-scope-id={scopeId}
+        data-entity-id={entityId ?? ''}
+        data-entity-type={entityType ?? ''}
+        onClick={() => onShowVulnerability?.(vulnerabilityRowParams)}
+      >
+        {'vulnerabilities-table'}
+      </button>
+    ),
+  })
+);
+
+jest.mock('../../../../csp_details/vulnerability_panel', () => ({
+  VulnerabilityPanel: () => <div data-test-subj="mockVulnerabilityPanel" />,
+}));
+
+jest.mock('../../../../shared/components/flyout_provider', () => ({
+  flyoutProviders: ({ children }: { children: React.ReactNode }) => <>{children}</>,
+}));
+
+jest.mock('../../../../shared/hooks/use_default_flyout_properties', () => ({
+  useDefaultDocumentFlyoutProperties: () => ({ size: 'm' }),
+}));
+
+jest.mock('react-redux', () => ({
+  ...jest.requireActual('react-redux'),
+  useStore: () => ({}),
+}));
+
+jest.mock('react-router-dom', () => ({
+  ...jest.requireActual('react-router-dom'),
+  useHistory: () => ({ push: jest.fn() }),
+}));
+
+jest.mock('../../../../../common/lib/kibana', () => ({
+  useKibana: () => ({
+    services: {
+      overlays: { openSystemFlyout: mockOpenSystemFlyout },
+    },
+  }),
+}));
+
+describe('<VulnerabilityInsights />', () => {
+  beforeEach(() => {
+    jest.clearAllMocks();
+  });
+
+  it('renders the header with the title, host label and entity icon', () => {
+    const { getByTestId } = render(<VulnerabilityInsights value="my-host" scopeId="scope" />);
+    const header = getByTestId('mockToolsFlyoutHeader');
+    expect(header).toHaveAttribute('data-title', 'Vulnerabilities');
+    expect(header).toHaveAttribute('data-label', 'my-host');
+    expect(header).toHaveAttribute('data-icon-type', 'storage');
+  });
+
+  it('forwards the host name, scope and entity id to the findings table', () => {
+    const { getByTestId } = render(
+      <VulnerabilityInsights value="my-host" scopeId="my-scope" entityId="euid-123" />
+    );
+    const table = getByTestId('mockVulnerabilitiesFindingsDetailsTable');
+    expect(table).toHaveAttribute('data-identity-field', 'host.name');
+    expect(table).toHaveAttribute('data-value', 'my-host');
+    expect(table).toHaveAttribute('data-scope-id', 'my-scope');
+    expect(table).toHaveAttribute('data-entity-id', 'euid-123');
+    expect(table).toHaveAttribute('data-entity-type', 'host');
+  });
+
+  it('forwards onOpenHost to the header click handler', () => {
+    const onOpenHost = jest.fn();
+    const { getByTestId } = render(
+      <VulnerabilityInsights value="my-host" scopeId="scope" onOpenHost={onOpenHost} />
+    );
+    getByTestId('mockToolsFlyoutHeader').click();
+    expect(onOpenHost).toHaveBeenCalledTimes(1);
+  });
+
+  it('opens a child system flyout when a vulnerability row is expanded', () => {
+    const { getByTestId } = render(<VulnerabilityInsights value="my-host" scopeId="scope" />);
+    getByTestId('mockVulnerabilitiesFindingsDetailsTable').click();
+    expect(mockOpenSystemFlyout).toHaveBeenCalledTimes(1);
+    expect(mockOpenSystemFlyout).toHaveBeenCalledWith(
+      expect.anything(),
+      expect.objectContaining({ session: 'inherit', title: 'my-host' })
+    );
+  });
+});
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/tools/vulnerability_insights/index.tsx b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/tools/vulnerability_insights/index.tsx
new file mode 100644
index 0000000000000..f1bf9dce7d550
--- /dev/null
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/tools/vulnerability_insights/index.tsx
@@ -0,0 +1,95 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React, { memo, useCallback } from 'react';
+import { EuiFlyoutHeader } from '@elastic/eui';
+import { i18n } from '@kbn/i18n';
+import { useHistory } from 'react-router-dom';
+import { useStore } from 'react-redux';
+import {
+  EntityIdentifierFields,
+  EntityType,
+} from '../../../../../../common/entity_analytics/types';
+import { useKibana } from '../../../../../common/lib/kibana';
+import { flyoutProviders } from '../../../../shared/components/flyout_provider';
+import { useDefaultDocumentFlyoutProperties } from '../../../../shared/hooks/use_default_flyout_properties';
+import { VulnerabilityPanel } from '../../../../csp_details/vulnerability_panel';
+import { ToolsFlyoutHeader } from '../../../../shared/components/tools_flyout_header';
+import { VulnerabilitiesFindingsDetailsTable } from '../../../../../cloud_security_posture/components/flyout_v2/csp_details/vulnerabilities_findings_details_table';
+
+const TITLE = i18n.translate(
+  'xpack.securitySolution.flyout.entityDetails.host.vulnerabilityInsights.title',
+  { defaultMessage: 'Vulnerabilities' }
+);
+
+export interface VulnerabilityInsightsProps {
+  /** The host name used to query vulnerabilities (`host.name` field value). */
+  value: string;
+  /** Canonical Entity Store v2 id (`entity.id`) when already resolved. */
+  entityId?: string;
+  /** Scope id passed to downstream containers. */
+  scopeId: string;
+  /** Opens the originating host flyout as a child. */
+  onOpenHost?: () => void;
+}
+
+/**
+ * Tool flyout displaying vulnerability findings for a host entity.
+ */
+export const VulnerabilityInsights = memo(
+  ({ value, entityId, scopeId, onOpenHost }: VulnerabilityInsightsProps) => {
+    const { services } = useKibana();
+    const { overlays } = services;
+    const store = useStore();
+    const history = useHistory();
+    const defaultDocumentFlyoutProperties = useDefaultDocumentFlyoutProperties();
+
+    const onShowVulnerability = useCallback(
+      (params: {
+        vulnerabilityId: string;
+        resourceId: string;
+        packageName: string;
+        packageVersion: string;
+        eventId: string;
+      }) => {
+        overlays.openSystemFlyout(
+          flyoutProviders({
+            services,
+            store,
+            history,
+            children: <VulnerabilityPanel {...params} />,
+          }),
+          { ...defaultDocumentFlyoutProperties, title: value, session: 'inherit' }
+        );
+      },
+      [overlays, services, store, history, defaultDocumentFlyoutProperties, value]
+    );
+
+    return (
+      <>
+        <EuiFlyoutHeader hasBorder>
+          <ToolsFlyoutHeader
+            title={TITLE}
+            onTitleClick={onOpenHost}
+            label={value}
+            iconType="storage"
+          />
+        </EuiFlyoutHeader>
+        <VulnerabilitiesFindingsDetailsTable
+          identityField={EntityIdentifierFields.hostName}
+          value={value}
+          scopeId={scopeId}
+          entityId={entityId}
+          entityType={EntityType.host}
+          onShowVulnerability={onShowVulnerability}
+        />
+      </>
+    );
+  }
+);
+
+VulnerabilityInsights.displayName = 'VulnerabilityInsights';
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/tools/vulnerability_insights/test_ids.ts b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/tools/vulnerability_insights/test_ids.ts
new file mode 100644
index 0000000000000..1d1d798fff556
--- /dev/null
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/entity/host/tools/vulnerability_insights/test_ids.ts
@@ -0,0 +1,8 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export const VULNERABILITY_INSIGHTS_TOOL_TEST_ID = 'vulnerabilityInsightsTool';
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/shared/components/document_tools_flyout_header.tsx b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/shared/components/document_tools_flyout_header.tsx
new file mode 100644
index 0000000000000..7355b7891629d
--- /dev/null
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/shared/components/document_tools_flyout_header.tsx
@@ -0,0 +1,60 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { FC, ReactNode } from 'react';
+import React, { memo } from 'react';
+import type { DataTableRecord } from '@kbn/discover-utils';
+import type { CellActionRenderer } from './cell_actions';
+import { ToolsFlyoutHeader } from './tools_flyout_header';
+import { useDocumentFlyoutTitle } from '../hooks/use_document_flyout_title';
+
+export interface DocumentToolsFlyoutHeaderProps {
+  /**
+   * Title for the tool panel (e.g. "Correlations", "Investigation guide").
+   */
+  title: ReactNode;
+  /**
+   * Source document used to derive the context title button label, icon,
+   * severity badge, timestamp, and the child flyout opened on click.
+   */
+  hit: DataTableRecord;
+  /**
+   * Cell action renderer forwarded to the child document flyout.
+   */
+  renderCellActions?: CellActionRenderer;
+  /**
+   * Callback invoked after alert mutations in the child document flyout.
+   */
+  onAlertUpdated?: () => void;
+}
+
+/**
+ * Wrapper around the ToolsFlyoutHeader that uses the useDocumentFlyoutTitle hook to
+ * compute all relevant values.
+ * */
+export const DocumentToolsFlyoutHeader: FC<DocumentToolsFlyoutHeaderProps> = memo(
+  ({ title, hit, renderCellActions, onAlertUpdated }) => {
+    const { label, iconType, onTitleClick, badge, timestamp } = useDocumentFlyoutTitle({
+      hit,
+      renderCellActions,
+      onAlertUpdated,
+    });
+
+    return (
+      <ToolsFlyoutHeader
+        title={title}
+        onTitleClick={onTitleClick}
+        label={label}
+        iconType={iconType}
+        badge={badge}
+        timestamp={timestamp}
+      />
+    );
+  }
+);
+
+DocumentToolsFlyoutHeader.displayName = 'DocumentToolsFlyoutHeader';
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/shared/components/flyout_provider.test.tsx b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/shared/components/flyout_provider.test.tsx
index 8d4f194f9ece4..321d016af9209 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/shared/components/flyout_provider.test.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/shared/components/flyout_provider.test.tsx
@@ -19,6 +19,7 @@ import { flyoutProviders } from './flyout_provider';
 jest.mock('../../../common/components/user_privileges/user_privileges_context', () => ({
   UserPrivilegesProvider: ({ children }: { children: React.ReactNode }) => <>{children}</>,
 }));
+
 jest.mock('../../../common/components/discover_in_timeline/provider', () => ({
   DiscoverInTimelineContextProvider: ({ children }: { children: React.ReactNode }) => (
     <>{children}</>
@@ -36,6 +37,13 @@ const services = {
     getTriggerCompatibleActions: jest.fn().mockResolvedValue([]),
   },
   upselling: new UpsellingService(),
+  data: {
+    query: {
+      timefilter: {
+        timefilter: { getAbsoluteTime: () => ({ from: '2024-01-01', to: '2024-01-02' }) },
+      },
+    },
+  },
   application: {
     capabilities: {
       [SECURITY_FEATURE_ID]: {
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/shared/components/flyout_provider.tsx b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/shared/components/flyout_provider.tsx
index 8e8132c1b89b7..dac7c7fa0be47 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/shared/components/flyout_provider.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/shared/components/flyout_provider.tsx
@@ -5,24 +5,43 @@
  * 2.0.
  */
 
-import type { ReactElement, ReactNode } from 'react';
-import React from 'react';
+import type { FC, ReactElement, ReactNode } from 'react';
+import React, { useEffect } from 'react';
 import type { History } from 'history';
 import { Router } from '@kbn/shared-ux-router';
 import type { Store } from 'redux';
-import { Provider } from 'react-redux';
+import { Provider, useStore } from 'react-redux';
 import { CellActionsProvider } from '@kbn/cell-actions';
 import { ExpandableFlyoutProvider } from '@kbn/expandable-flyout';
 import { NavigationProvider } from '@kbn/security-solution-navigation';
 import { EntityStoreEuidApiProvider } from '@kbn/entity-store/public';
 import type { StartServices } from '../../../types';
 import { ReactQueryClientProvider } from '../../../common/containers/query_client/query_client_provider';
-import { KibanaContextProvider } from '../../../common/lib/kibana';
+import { KibanaContextProvider, useKibana } from '../../../common/lib/kibana';
 import { UserPrivilegesProvider } from '../../../common/components/user_privileges/user_privileges_context';
 import { UpsellingProvider } from '../../../common/components/upselling_provider';
 import { DiscoverInTimelineContextProvider } from '../../../common/components/discover_in_timeline/provider';
 import { AssistantProvider } from '../../../assistant/provider';
 import { CaseProvider } from '../../../cases/components/provider/provider';
+import { MlCapabilitiesProvider } from '../../../common/components/ml/permissions/ml_capabilities_provider';
+import { setAbsoluteRangeDatePicker } from '../../../common/store/inputs/actions';
+import { InputsModelId } from '../../../common/store/inputs/constants';
+
+/**
+ * Syncs Kibana's global time filter to the Security Solution Redux store on mount.
+ */
+const TimeRangeSync: FC<{ children: ReactNode }> = ({ children }) => {
+  const { services } = useKibana();
+  const store = useStore();
+
+  useEffect(() => {
+    const tf = services.data.query.timefilter.timefilter;
+    const { from, to } = tf.getAbsoluteTime();
+    store.dispatch(setAbsoluteRangeDatePicker({ id: InputsModelId.global, from, to }));
+  }, [services, store]);
+
+  return <>{children}</>;
+};
 
 export const flyoutProviders = ({
   services,
@@ -58,7 +77,11 @@ export const flyoutProviders = ({
                   <DiscoverInTimelineContextProvider>
                     <CaseProvider>
                       <EntityStoreEuidApiProvider>
-                        <AssistantProvider>{flyoutContent}</AssistantProvider>
+                        <MlCapabilitiesProvider>
+                          <AssistantProvider>
+                            <TimeRangeSync>{flyoutContent}</TimeRangeSync>
+                          </AssistantProvider>
+                        </MlCapabilitiesProvider>
                       </EntityStoreEuidApiProvider>
                     </CaseProvider>
                   </DiscoverInTimelineContextProvider>
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/shared/components/child_link.test.tsx b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/shared/components/open_flyout_link.test.tsx
similarity index 62%
rename from x-pack/solutions/security/plugins/security_solution/public/flyout_v2/shared/components/child_link.test.tsx
rename to x-pack/solutions/security/plugins/security_solution/public/flyout_v2/shared/components/open_flyout_link.test.tsx
index 1c23706f66a18..0b3939e3bfca5 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/shared/components/child_link.test.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/shared/components/open_flyout_link.test.tsx
@@ -8,8 +8,8 @@
 import React from 'react';
 import { render } from '@testing-library/react';
 import { TestProviders } from '../../../common/mock';
-import { ChildLink } from './child_link';
-import { CHILD_LINK_TEST_ID } from './test_ids';
+import { OpenFlyoutLink } from './open_flyout_link';
+import { OPEN_FLYOUT_LINK_TEST_ID } from './test_ids';
 import { buildFlyoutContent } from '../utils/build_flyout_content';
 
 jest.mock('../utils/build_flyout_content');
@@ -40,16 +40,16 @@ jest.mock('../../../common/lib/kibana', () => {
 
 const buildFlyoutContentMock = buildFlyoutContent as jest.Mock;
 
-const renderChildLink = (props: Partial<React.ComponentProps<typeof ChildLink>> = {}) =>
+const renderOpenFlyoutLink = (props: Partial<React.ComponentProps<typeof OpenFlyoutLink>> = {}) =>
   render(
     <TestProviders>
-      <ChildLink field="source.ip" value="10.0.0.1" {...props}>
+      <OpenFlyoutLink field="source.ip" value="10.0.0.1" {...props}>
         <span data-test-subj="fallbackChild">{'fallback'}</span>
-      </ChildLink>
+      </OpenFlyoutLink>
     </TestProviders>
   );
 
-describe('<ChildLink />', () => {
+describe('<OpenFlyoutLink />', () => {
   beforeEach(() => {
     jest.clearAllMocks();
   });
@@ -62,32 +62,52 @@ describe('<ChildLink />', () => {
     it('should render a link with the value as text when no children are provided', () => {
       const { getByTestId } = render(
         <TestProviders>
-          <ChildLink field="source.ip" value="10.0.0.1" />
+          <OpenFlyoutLink field="source.ip" value="10.0.0.1" />
         </TestProviders>
       );
 
-      const link = getByTestId(CHILD_LINK_TEST_ID);
+      const link = getByTestId(OPEN_FLYOUT_LINK_TEST_ID);
       expect(link).toBeInTheDocument();
       expect(link).toHaveTextContent('10.0.0.1');
     });
 
     it('should render children inside the link when children are provided', () => {
-      const { getByTestId } = renderChildLink();
+      const { getByTestId } = renderOpenFlyoutLink();
 
-      const link = getByTestId(CHILD_LINK_TEST_ID);
+      const link = getByTestId(OPEN_FLYOUT_LINK_TEST_ID);
       expect(link).toBeInTheDocument();
       expect(link).toHaveTextContent('fallback');
     });
 
     it('should call openSystemFlyout when clicked', () => {
-      const { getByTestId } = renderChildLink();
+      const { getByTestId } = renderOpenFlyoutLink();
 
-      getByTestId(CHILD_LINK_TEST_ID).click();
+      getByTestId(OPEN_FLYOUT_LINK_TEST_ID).click();
       expect(mockOpenSystemFlyout).toHaveBeenCalled();
     });
 
+    it('should open as child flyout by default', () => {
+      const { getByTestId } = renderOpenFlyoutLink();
+
+      getByTestId(OPEN_FLYOUT_LINK_TEST_ID).click();
+      expect(mockOpenSystemFlyout).toHaveBeenCalledWith(
+        expect.anything(),
+        expect.objectContaining({ session: 'inherit', outsideClickCloses: false })
+      );
+    });
+
+    it('should open as standalone flyout when asParent is true', () => {
+      const { getByTestId } = renderOpenFlyoutLink({ asParent: true });
+
+      getByTestId(OPEN_FLYOUT_LINK_TEST_ID).click();
+      expect(mockOpenSystemFlyout).toHaveBeenCalledWith(
+        expect.anything(),
+        expect.objectContaining({ session: 'start', outsideClickCloses: true })
+      );
+    });
+
     it('should use a custom data-test-subj when provided', () => {
-      const { getByTestId } = renderChildLink({ 'data-test-subj': 'customTestId' });
+      const { getByTestId } = renderOpenFlyoutLink({ 'data-test-subj': 'customTestId' });
 
       expect(getByTestId('customTestId')).toBeInTheDocument();
     });
@@ -99,14 +119,14 @@ describe('<ChildLink />', () => {
     });
 
     it('should render children as fallback', () => {
-      const { getByTestId, queryByTestId } = renderChildLink();
+      const { getByTestId, queryByTestId } = renderOpenFlyoutLink();
 
       expect(getByTestId('fallbackChild')).toBeInTheDocument();
-      expect(queryByTestId(CHILD_LINK_TEST_ID)).not.toBeInTheDocument();
+      expect(queryByTestId(OPEN_FLYOUT_LINK_TEST_ID)).not.toBeInTheDocument();
     });
 
     it('should not call openSystemFlyout', () => {
-      renderChildLink();
+      renderOpenFlyoutLink();
 
       expect(mockOpenSystemFlyout).not.toHaveBeenCalled();
     });
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/shared/components/child_link.tsx b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/shared/components/open_flyout_link.tsx
similarity index 56%
rename from x-pack/solutions/security/plugins/security_solution/public/flyout_v2/shared/components/child_link.tsx
rename to x-pack/solutions/security/plugins/security_solution/public/flyout_v2/shared/components/open_flyout_link.tsx
index 8c9e32092cfd2..3f97a0e7540ac 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/shared/components/child_link.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/shared/components/open_flyout_link.tsx
@@ -10,13 +10,20 @@ import React, { useCallback, useMemo } from 'react';
 import { EuiLink } from '@elastic/eui';
 import { useHistory } from 'react-router-dom';
 import { useStore } from 'react-redux';
+import type { DataTableRecord } from '@kbn/discover-utils';
+import { DOC_VIEWER_FLYOUT_HISTORY_KEY } from '@kbn/unified-doc-viewer';
 import { flyoutProviders } from './flyout_provider';
-import { useDefaultDocumentFlyoutProperties } from '../hooks/use_default_flyout_properties';
+import {
+  defaultToolsFlyoutProperties,
+  useDefaultDocumentFlyoutProperties,
+} from '../hooks/use_default_flyout_properties';
 import { useKibana } from '../../../common/lib/kibana';
-import { CHILD_LINK_TEST_ID } from './test_ids';
+import { useIsInSecurityApp } from '../../../common/hooks/is_in_security_app';
+import { documentFlyoutHistoryKey } from '../constants/flyout_history';
+import { OPEN_FLYOUT_LINK_TEST_ID } from './test_ids';
 import { buildFlyoutContent } from '../utils/build_flyout_content';
 
-export interface ChildLinkProps {
+export interface OpenFlyoutLinkProps {
   /**
    * Field name used to determine which flyout to open
    */
@@ -25,6 +32,15 @@ export interface ChildLinkProps {
    * Field value
    */
   value: string;
+  /**
+   * The source document record. When provided, enables entity resolution for host/user flyouts.
+   */
+  hit?: DataTableRecord;
+  /**
+   * When true, opens as a parent flyout starting a new session.
+   * When false (default), opens as a child flyout inheriting the parent session.
+   */
+  asParent?: boolean;
   /**
    * Optional data-test-subj value
    */
@@ -37,28 +53,34 @@ export interface ChildLinkProps {
 
 /**
  * Renders a clickable link that opens a system flyout for supported field types.
- * Currently supports IP fields (opens the network details flyout).
  *
  * When the field is supported, the link is rendered with `value` as the link text.
  * When the field is not supported, the `children` are rendered as-is (pass-through),
  * allowing callers to wrap fallback rendering inside this component.
  */
-export const ChildLink: FC<ChildLinkProps> = ({
+export const OpenFlyoutLink: FC<OpenFlyoutLinkProps> = ({
   field,
   value,
+  hit,
+  asParent = false,
   children,
-  'data-test-subj': dataTestSubj = CHILD_LINK_TEST_ID,
+  'data-test-subj': dataTestSubj = OPEN_FLYOUT_LINK_TEST_ID,
 }) => {
   const { services } = useKibana();
   const { overlays } = services;
   const store = useStore();
   const history = useHistory();
   const defaultDocumentFlyoutProperties = useDefaultDocumentFlyoutProperties();
+  const isInSecurityApp = useIsInSecurityApp();
+  const historyKey = isInSecurityApp ? documentFlyoutHistoryKey : DOC_VIEWER_FLYOUT_HISTORY_KEY;
 
-  const flyoutContent = useMemo(() => buildFlyoutContent(field, value), [field, value]);
+  const flyoutContent = useMemo(() => buildFlyoutContent(field, value, hit), [field, value, hit]);
 
   const onClick = useCallback(() => {
     if (flyoutContent) {
+      const baseFlyoutProperties = asParent
+        ? defaultToolsFlyoutProperties
+        : defaultDocumentFlyoutProperties;
       overlays.openSystemFlyout(
         flyoutProviders({
           services,
@@ -67,12 +89,23 @@ export const ChildLink: FC<ChildLinkProps> = ({
           children: flyoutContent,
         }),
         {
-          ...defaultDocumentFlyoutProperties,
-          session: 'inherit',
+          ...baseFlyoutProperties,
+          historyKey,
+          session: asParent ? 'start' : 'inherit',
+          outsideClickCloses: asParent,
         }
       );
     }
-  }, [defaultDocumentFlyoutProperties, overlays, services, store, history, flyoutContent]);
+  }, [
+    defaultDocumentFlyoutProperties,
+    overlays,
+    services,
+    store,
+    history,
+    flyoutContent,
+    asParent,
+    historyKey,
+  ]);
 
   if (!flyoutContent) {
     return <>{children}</>;
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/shared/components/test_ids.ts b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/shared/components/test_ids.ts
index d3ab517f0762b..1cd17752acd93 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/shared/components/test_ids.ts
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/shared/components/test_ids.ts
@@ -40,7 +40,7 @@ export const NOTES_LOADING_TEST_ID = `${PREFIX}HeaderNotesLoading` as const;
 export const TOOLS_FLYOUT_HEADER_TEST_ID = `${PREFIX}ToolsFlyoutHeader` as const;
 export const TOOLS_FLYOUT_HEADER_TITLE_TEST_ID = `${PREFIX}ToolsFlyoutHeaderTitle` as const;
 
-export const CHILD_LINK_TEST_ID = `${PREFIX}ChildLink` as const;
+export const OPEN_FLYOUT_LINK_TEST_ID = `${PREFIX}OpenFlyoutLink` as const;
 
 export const FLYOUT_LOADING_TEST_ID = `${PREFIX}Loading` as const;
 export const FLYOUT_ERROR_TEST_ID = `${PREFIX}Error` as const;
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/shared/components/tools_flyout_header.test.tsx b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/shared/components/tools_flyout_header.test.tsx
index 9c850d6d1aa11..cee3feddf009e 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/shared/components/tools_flyout_header.test.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/shared/components/tools_flyout_header.test.tsx
@@ -8,69 +8,63 @@
 import React from 'react';
 import { render } from '@testing-library/react';
 import { __IntlProvider as IntlProvider } from '@kbn/i18n-react';
-import type { DataTableRecord } from '@kbn/discover-utils';
 import { ToolsFlyoutHeader } from './tools_flyout_header';
 import { TOOLS_FLYOUT_HEADER_TEST_ID } from './test_ids';
 
 jest.mock('./tools_flyout_title', () => ({
-  ToolsFlyoutTitle: ({ hit }: { hit: DataTableRecord }) => (
-    <div data-test-subj="mockToolsFlyoutTitle">{String(hit.id)}</div>
+  ToolsFlyoutTitle: ({ label }: { label: string }) => (
+    <div data-test-subj="mockToolsFlyoutTitle">{label}</div>
   ),
 }));
 
-jest.mock('../../document/main/components/severity', () => ({
-  DocumentSeverity: () => <div data-test-subj="mockDocumentSeverity" />,
-}));
-
-jest.mock('./timestamp', () => ({
-  Timestamp: ({ hit }: { hit: { id: string; flattened: Record<string, unknown> } }) => (
-    <div data-test-subj="mockTimestamp" data-hit-id={hit.id} />
-  ),
-}));
-
-const createMockHit = (
-  flattened: DataTableRecord['flattened'] = { '@timestamp': '2024-01-15T10:30:00.000Z' }
-): DataTableRecord =>
-  ({
-    id: 'hit-1',
-    raw: {},
-    flattened,
-    isAnchor: false,
-  } as DataTableRecord);
-
-const renderHeader = (props: Partial<Parameters<typeof ToolsFlyoutHeader>[0]> = {}) => {
-  const hit = createMockHit();
-  return render(
+const renderHeader = (props: Partial<Parameters<typeof ToolsFlyoutHeader>[0]> = {}) =>
+  render(
     <IntlProvider locale="en">
-      <ToolsFlyoutHeader hit={hit} title={<span>{'Correlations'}</span>} {...props} />
+      <ToolsFlyoutHeader title={<span>{'Correlations'}</span>} {...props} />
     </IntlProvider>
   );
+
+const sourceProps = {
+  onTitleClick: jest.fn(),
+  label: 'Test Rule',
+  iconType: 'warning',
 };
 
 describe('<ToolsFlyoutHeader />', () => {
-  it('should render the header container', () => {
+  it('renders the header container', () => {
     const { getByTestId } = renderHeader();
     expect(getByTestId(TOOLS_FLYOUT_HEADER_TEST_ID)).toBeInTheDocument();
   });
 
-  it('should render the tool title', () => {
+  it('renders the tool title', () => {
     const { getByText } = renderHeader({ title: <span>{'Session view'}</span> });
     expect(getByText('Session view')).toBeInTheDocument();
   });
 
-  it('should render ToolsFlyoutTitle', () => {
-    const { getByTestId } = renderHeader();
+  it('renders ToolsFlyoutTitle when onTitleClick, label and iconType are provided', () => {
+    const { getByTestId } = renderHeader(sourceProps);
     expect(getByTestId('mockToolsFlyoutTitle')).toBeInTheDocument();
+    expect(getByTestId('mockToolsFlyoutTitle')).toHaveTextContent('Test Rule');
   });
 
-  it('should render the document severity', () => {
-    const { getByTestId } = renderHeader();
-    expect(getByTestId('mockDocumentSeverity')).toBeInTheDocument();
+  it('does not render source context when props are missing', () => {
+    const { queryByTestId } = renderHeader();
+    expect(queryByTestId('mockToolsFlyoutTitle')).not.toBeInTheDocument();
   });
 
-  it('should render the document timestamp', () => {
-    const { getByTestId } = renderHeader();
+  it('renders badge when provided', () => {
+    const { getByTestId } = renderHeader({
+      ...sourceProps,
+      badge: <div data-test-subj="mockBadge" />,
+    });
+    expect(getByTestId('mockBadge')).toBeInTheDocument();
+  });
+
+  it('renders timestamp when provided', () => {
+    const { getByTestId } = renderHeader({
+      ...sourceProps,
+      timestamp: <div data-test-subj="mockTimestamp" />,
+    });
     expect(getByTestId('mockTimestamp')).toBeInTheDocument();
-    expect(getByTestId('mockTimestamp')).toHaveAttribute('data-hit-id', 'hit-1');
   });
 });
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/shared/components/tools_flyout_header.tsx b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/shared/components/tools_flyout_header.tsx
index b3d6259ba49c3..4fef0bed4f406 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/shared/components/tools_flyout_header.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/shared/components/tools_flyout_header.tsx
@@ -8,41 +8,46 @@
 import type { FC, ReactNode } from 'react';
 import React, { memo } from 'react';
 import { EuiFlexGroup, EuiFlexItem, EuiTitle } from '@elastic/eui';
-import { type DataTableRecord } from '@kbn/discover-utils';
-import { Timestamp } from './timestamp';
-import { DocumentSeverity } from '../../document/main/components/severity';
-import type { CellActionRenderer } from './cell_actions';
-import { noopCellActionRenderer } from './cell_actions';
 import { ToolsFlyoutTitle } from './tools_flyout_title';
 import { TOOLS_FLYOUT_HEADER_TEST_ID } from './test_ids';
 
-const noop = () => {};
-
 export interface ToolsFlyoutHeaderProps {
   /**
-   * The document to display
+   * Title for the tools flyout (e.g. "Correlations", "Risk score", "Insights").
    */
-  hit: DataTableRecord;
+  title: ReactNode;
   /**
-   * Title for the tools flyout (e.g. "Correlations", "Analyzer", "Session view")
+   * Called when the context title button is clicked. Should open the originating
+   * document or entity flyout as a child via `overlays.openSystemFlyout` with
+   * `session: 'inherit'`.
    */
-  title: ReactNode;
+  onTitleClick?: () => void;
+  /**
+   * Label shown in the context title button (e.g. rule name or entity name).
+   */
+  label?: string;
   /**
-   * Optional cell action renderer passed to the child document flyout.
+   * EUI icon type shown next to the label.
    */
-  renderCellActions?: CellActionRenderer;
+  iconType?: string;
   /**
-   * Optional callback invoked after alert mutations in the child document flyout.
+   * Optional badge rendered alongside the title button (e.g. severity badge for documents).
    */
-  onAlertUpdated?: () => void;
+  badge?: ReactNode;
+  /**
+   * Optional metadata rendered below the title row (e.g. timestamp for documents).
+   */
+  timestamp?: ReactNode;
 }
 
 /**
- * Shared header for all tools flyouts. Renders the tool title on the left and document
- * context (expand button, rule name, severity, timestamp) on the right.
+ * Shared header for all tools flyouts. Renders the tool title on the left and optional
+ * source context on the right (expand button, label, badge, timestamp).
  */
 export const ToolsFlyoutHeader: FC<ToolsFlyoutHeaderProps> = memo(
-  ({ hit, title, renderCellActions = noopCellActionRenderer, onAlertUpdated = noop }) => {
+  ({ title, onTitleClick, label, iconType, badge, timestamp }) => {
+    const showSourceContext = !!onTitleClick && !!label && !!iconType;
+
     return (
       <EuiFlexGroup
         justifyContent="spaceBetween"
@@ -56,27 +61,25 @@ export const ToolsFlyoutHeader: FC<ToolsFlyoutHeaderProps> = memo(
             <h4>{title}</h4>
           </EuiTitle>
         </EuiFlexItem>
-        <EuiFlexItem grow={false}>
-          <EuiFlexGroup alignItems="flexEnd" direction="column" gutterSize="none">
-            <EuiFlexItem>
-              <EuiFlexGroup alignItems="center" gutterSize="xs" responsive={false} wrap={false}>
-                <EuiFlexItem grow={false}>
-                  <ToolsFlyoutTitle
-                    hit={hit}
-                    renderCellActions={renderCellActions}
-                    onAlertUpdated={onAlertUpdated}
-                  />
-                </EuiFlexItem>
-                <EuiFlexItem grow={false}>
-                  <DocumentSeverity hit={hit} />
-                </EuiFlexItem>
-              </EuiFlexGroup>
-            </EuiFlexItem>
-            <EuiFlexItem>
-              <Timestamp hit={hit} size={'xs'} />
-            </EuiFlexItem>
-          </EuiFlexGroup>
-        </EuiFlexItem>
+        {showSourceContext && (
+          <EuiFlexItem grow={false}>
+            <EuiFlexGroup alignItems="flexEnd" direction="column" gutterSize="none">
+              <EuiFlexItem>
+                <EuiFlexGroup alignItems="center" gutterSize="xs" responsive={false} wrap={false}>
+                  <EuiFlexItem grow={false}>
+                    <ToolsFlyoutTitle
+                      onTitleClick={onTitleClick}
+                      label={label}
+                      iconType={iconType}
+                    />
+                  </EuiFlexItem>
+                  {badge && <EuiFlexItem grow={false}>{badge}</EuiFlexItem>}
+                </EuiFlexGroup>
+              </EuiFlexItem>
+              {timestamp && <EuiFlexItem>{timestamp}</EuiFlexItem>}
+            </EuiFlexGroup>
+          </EuiFlexItem>
+        )}
       </EuiFlexGroup>
     );
   }
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/shared/components/tools_flyout_title.test.tsx b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/shared/components/tools_flyout_title.test.tsx
index 3e7688972f7fb..5979a3c9ec49e 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/shared/components/tools_flyout_title.test.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/shared/components/tools_flyout_title.test.tsx
@@ -7,83 +7,23 @@
 
 import React from 'react';
 import { render, fireEvent } from '@testing-library/react';
-import type { DataTableRecord } from '@kbn/discover-utils';
 import { ToolsFlyoutTitle } from './tools_flyout_title';
 import { TOOLS_FLYOUT_HEADER_TITLE_TEST_ID } from './test_ids';
 
-const mockOpenSystemFlyout = jest.fn();
-
-jest.mock('../../../common/lib/kibana', () => ({
-  useKibana: () => ({
-    services: {
-      overlays: {
-        openSystemFlyout: mockOpenSystemFlyout,
-      },
-    },
-  }),
-}));
-
-jest.mock('react-redux', () => ({
-  ...jest.requireActual('react-redux'),
-  useStore: () => ({}),
-}));
-
-jest.mock('react-router-dom', () => ({
-  ...jest.requireActual('react-router-dom'),
-  useHistory: () => ({ push: jest.fn() }),
-}));
-
-jest.mock('../hooks/use_default_flyout_properties', () => ({
-  useDefaultDocumentFlyoutProperties: () => ({ size: 'm' }),
-}));
-
-jest.mock('./flyout_provider', () => ({
-  flyoutProviders: jest.fn(({ children }: { children: React.ReactNode }) => children),
-}));
-
-jest.mock('../../document/main', () => ({
-  DocumentFlyout: () => <div data-test-subj="mockDocumentFlyout" />,
-}));
-
-const createMockHit = (flattened: DataTableRecord['flattened']): DataTableRecord =>
-  ({
-    id: '1',
-    raw: {},
-    flattened,
-    isAnchor: false,
-  } as DataTableRecord);
-
-const alertHit = createMockHit({
-  'event.kind': 'signal',
-  'kibana.alert.rule.name': 'Test Rule Name',
-});
-
-const eventHit = createMockHit({
-  'event.kind': 'event',
-  'event.category': 'process',
-  'process.name': 'test-process',
-});
-
-const renderToolsFlyoutTitle = (hit: DataTableRecord) => render(<ToolsFlyoutTitle hit={hit} />);
-
 describe('<ToolsFlyoutTitle />', () => {
-  beforeEach(() => {
-    jest.clearAllMocks();
-  });
-
-  it('should render the alert title', () => {
-    const { getByTestId } = renderToolsFlyoutTitle(alertHit);
-    expect(getByTestId(TOOLS_FLYOUT_HEADER_TITLE_TEST_ID)).toHaveTextContent('Test Rule Name');
-  });
-
-  it('should render the event title', () => {
-    const { getByTestId } = renderToolsFlyoutTitle(eventHit);
-    expect(getByTestId(TOOLS_FLYOUT_HEADER_TITLE_TEST_ID)).toHaveTextContent('test-process');
+  it('renders the label', () => {
+    const { getByTestId } = render(
+      <ToolsFlyoutTitle onTitleClick={jest.fn()} label="my-host" iconType="storage" />
+    );
+    expect(getByTestId(TOOLS_FLYOUT_HEADER_TITLE_TEST_ID)).toHaveTextContent('my-host');
   });
 
-  it('should open the document flyout when clicked', () => {
-    const { getByTestId } = renderToolsFlyoutTitle(alertHit);
+  it('calls onTitleClick when clicked', () => {
+    const onTitleClick = jest.fn();
+    const { getByTestId } = render(
+      <ToolsFlyoutTitle onTitleClick={onTitleClick} label="my-host" iconType="storage" />
+    );
     fireEvent.click(getByTestId(TOOLS_FLYOUT_HEADER_TITLE_TEST_ID));
-    expect(mockOpenSystemFlyout).toHaveBeenCalledTimes(1);
+    expect(onTitleClick).toHaveBeenCalledTimes(1);
   });
 });
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/shared/components/tools_flyout_title.tsx b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/shared/components/tools_flyout_title.tsx
index b65dd60691273..578886d51e60a 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/shared/components/tools_flyout_title.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/shared/components/tools_flyout_title.tsx
@@ -6,80 +6,36 @@
  */
 
 import type { FC } from 'react';
-import React, { memo, useCallback, useMemo } from 'react';
+import React, { memo } from 'react';
 import { EuiButtonEmpty, EuiIcon, useEuiTheme } from '@elastic/eui';
-import type { DataTableRecord } from '@kbn/discover-utils';
-import { getFieldValue } from '@kbn/discover-utils';
-import { EVENT_KIND } from '@kbn/rule-data-utils';
-import { useHistory } from 'react-router-dom';
-import { useStore } from 'react-redux';
-import { EventKind } from '../../document/main/constants/event_kinds';
-import { getDocumentTitle } from '../../document/main/utils/get_header_title';
-import { useKibana } from '../../../common/lib/kibana';
-import type { CellActionRenderer } from './cell_actions';
-import { noopCellActionRenderer } from './cell_actions';
-import { flyoutProviders } from './flyout_provider';
-import { DocumentFlyout } from '../../document/main';
-import { useDefaultDocumentFlyoutProperties } from '../hooks/use_default_flyout_properties';
 import { TOOLS_FLYOUT_HEADER_TITLE_TEST_ID } from './test_ids';
 
-const noop = () => {};
-
 export interface ToolsFlyoutTitleProps {
   /**
-   * The document to display
+   * Callback invoked when the title is clicked.
    */
-  hit: DataTableRecord;
+  onTitleClick: () => void;
   /**
-   * Optional cell action renderer passed to the document flyout.
+   * Text label displayed in the title.
    */
-  renderCellActions?: CellActionRenderer;
+  label: string;
   /**
-   * Optional callback invoked after alert mutations in the document flyout.
+   * EUI icon type rendered next to the label.
    */
-  onAlertUpdated?: () => void;
+  iconType: string;
 }
 
 /**
- * Clickable title used in tools flyout headers. Renders an expand icon followed by the
- * document type icon and title. Clicking any part of the component opens the document flyout.
+ * Clickable title used in tools flyout headers. Renders an expand icon followed by a
+ * context icon and label. Clicking opens the originating document or entity flyout.
  */
 export const ToolsFlyoutTitle: FC<ToolsFlyoutTitleProps> = memo(
-  ({ hit, renderCellActions = noopCellActionRenderer, onAlertUpdated = noop }) => {
+  ({ onTitleClick, label, iconType }) => {
     const { euiTheme } = useEuiTheme();
-    const { services } = useKibana();
-    const store = useStore();
-    const history = useHistory();
-    const defaultFlyoutProperties = useDefaultDocumentFlyoutProperties();
-
-    const isAlert = useMemo(
-      () => (getFieldValue(hit, EVENT_KIND) as string) === EventKind.signal,
-      [hit]
-    );
-    const title = useMemo(() => getDocumentTitle(hit), [hit]);
-    const iconType = isAlert ? 'warning' : 'analyzeEvent';
-
-    const onShowDocument = useCallback(() => {
-      services.overlays?.openSystemFlyout(
-        flyoutProviders({
-          services,
-          store,
-          history,
-          children: (
-            <DocumentFlyout
-              hit={hit}
-              renderCellActions={renderCellActions}
-              onAlertUpdated={onAlertUpdated}
-            />
-          ),
-        }),
-        { ...defaultFlyoutProperties, session: 'inherit' }
-      );
-    }, [defaultFlyoutProperties, history, hit, onAlertUpdated, renderCellActions, services, store]);
 
     return (
       <EuiButtonEmpty
-        onClick={onShowDocument}
+        onClick={onTitleClick}
         iconType="expand"
         size="xs"
         flush="left"
@@ -91,7 +47,7 @@ export const ToolsFlyoutTitle: FC<ToolsFlyoutTitleProps> = memo(
           aria-hidden={true}
           css={{ marginRight: euiTheme.size.xs }}
         />
-        {title}
+        {label}
       </EuiButtonEmpty>
     );
   }
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/shared/hooks/use_document_flyout_title.test.tsx b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/shared/hooks/use_document_flyout_title.test.tsx
new file mode 100644
index 0000000000000..deb8e70ef983c
--- /dev/null
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/shared/hooks/use_document_flyout_title.test.tsx
@@ -0,0 +1,129 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React from 'react';
+import { renderHook, act } from '@testing-library/react';
+import type { DataTableRecord } from '@kbn/discover-utils';
+import { DOC_VIEWER_FLYOUT_HISTORY_KEY } from '@kbn/unified-doc-viewer';
+import { useDocumentFlyoutTitle } from './use_document_flyout_title';
+import { useKibana } from '../../../common/lib/kibana';
+import { useIsInSecurityApp } from '../../../common/hooks/is_in_security_app';
+import { documentFlyoutHistoryKey } from '../constants/flyout_history';
+
+jest.mock('react-redux', () => ({
+  ...jest.requireActual('react-redux'),
+  useStore: () => ({ getState: jest.fn(), dispatch: jest.fn(), subscribe: jest.fn() }),
+}));
+jest.mock('react-router-dom', () => ({
+  ...jest.requireActual('react-router-dom'),
+  useHistory: () => ({}),
+}));
+jest.mock('../../../common/lib/kibana');
+jest.mock('../../../common/hooks/is_in_security_app');
+jest.mock('../components/flyout_provider', () => ({
+  flyoutProviders: ({ children }: { children: React.ReactNode }) => <>{children}</>,
+}));
+jest.mock('../../document/main', () => ({
+  DocumentFlyout: () => <div data-test-subj="documentFlyoutMock" />,
+}));
+jest.mock('../../document/main/components/severity', () => ({
+  DocumentSeverity: () => <div data-test-subj="documentSeverityMock" />,
+}));
+jest.mock('../components/timestamp', () => ({
+  Timestamp: () => <div data-test-subj="timestampMock" />,
+}));
+
+const createHit = (flattened: DataTableRecord['flattened']): DataTableRecord =>
+  ({
+    id: '1',
+    raw: { _id: '1', _index: 'test', _source: {} },
+    flattened,
+    isAnchor: false,
+  } as DataTableRecord);
+
+const alertHit = createHit({
+  'event.kind': 'signal',
+  'kibana.alert.rule.name': 'My Rule',
+});
+
+const eventHit = createHit({
+  'event.kind': 'event',
+  'event.category': 'host',
+  'host.name': 'host-1',
+});
+
+describe('useDocumentFlyoutTitle', () => {
+  const mockUseKibana = jest.mocked(useKibana);
+  const mockUseIsInSecurityApp = jest.mocked(useIsInSecurityApp);
+  const openSystemFlyout = jest.fn();
+
+  beforeEach(() => {
+    jest.clearAllMocks();
+    mockUseIsInSecurityApp.mockReturnValue(true);
+    mockUseKibana.mockReturnValue({
+      services: {
+        overlays: { openSystemFlyout },
+      },
+    } as unknown as ReturnType<typeof useKibana>);
+  });
+
+  it('derives label and warning icon for alerts', () => {
+    const { result } = renderHook(() => useDocumentFlyoutTitle({ hit: alertHit }));
+
+    expect(result.current.label).toBe('My Rule');
+    expect(result.current.iconType).toBe('warning');
+  });
+
+  it('derives label and analyzeEvent icon for non-alert events', () => {
+    const { result } = renderHook(() => useDocumentFlyoutTitle({ hit: eventHit }));
+
+    expect(result.current.label).toBe('host-1');
+    expect(result.current.iconType).toBe('analyzeEvent');
+  });
+
+  it('opens the document flyout with documentFlyoutHistoryKey and session inherit when in the Security app', () => {
+    const { result } = renderHook(() => useDocumentFlyoutTitle({ hit: alertHit }));
+
+    act(() => {
+      result.current.onTitleClick();
+    });
+
+    expect(openSystemFlyout).toHaveBeenCalledTimes(1);
+    expect(openSystemFlyout).toHaveBeenCalledWith(
+      expect.anything(),
+      expect.objectContaining({
+        historyKey: documentFlyoutHistoryKey,
+        session: 'inherit',
+      })
+    );
+  });
+
+  it('uses DOC_VIEWER_FLYOUT_HISTORY_KEY when not in the Security app', () => {
+    mockUseIsInSecurityApp.mockReturnValue(false);
+
+    const { result } = renderHook(() => useDocumentFlyoutTitle({ hit: eventHit }));
+
+    act(() => {
+      result.current.onTitleClick();
+    });
+
+    expect(openSystemFlyout).toHaveBeenCalledWith(
+      expect.anything(),
+      expect.objectContaining({
+        historyKey: DOC_VIEWER_FLYOUT_HISTORY_KEY,
+        session: 'inherit',
+      })
+    );
+  });
+
+  it('returns badge and timestamp nodes derived from the hit', () => {
+    const { result } = renderHook(() => useDocumentFlyoutTitle({ hit: alertHit }));
+
+    expect(result.current.badge).toBeTruthy();
+    expect(result.current.timestamp).toBeTruthy();
+  });
+});
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/shared/hooks/use_document_flyout_title.tsx b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/shared/hooks/use_document_flyout_title.tsx
new file mode 100644
index 0000000000000..bc7cb10991b80
--- /dev/null
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/shared/hooks/use_document_flyout_title.tsx
@@ -0,0 +1,105 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React, { useCallback, useMemo } from 'react';
+import type { DataTableRecord } from '@kbn/discover-utils';
+import { getFieldValue } from '@kbn/discover-utils';
+import { EVENT_KIND } from '@kbn/rule-data-utils';
+import { useHistory } from 'react-router-dom';
+import { useStore } from 'react-redux';
+import { noop } from 'lodash/fp';
+import { DOC_VIEWER_FLYOUT_HISTORY_KEY } from '@kbn/unified-doc-viewer';
+import { EventKind } from '../../document/main/constants/event_kinds';
+import { getDocumentTitle } from '../../document/main/utils/get_header_title';
+import { useKibana } from '../../../common/lib/kibana';
+import { useIsInSecurityApp } from '../../../common/hooks/is_in_security_app';
+import type { CellActionRenderer } from '../components/cell_actions';
+import { noopCellActionRenderer } from '../components/cell_actions';
+import { flyoutProviders } from '../components/flyout_provider';
+import { DocumentFlyout } from '../../document/main';
+import { useDefaultDocumentFlyoutProperties } from './use_default_flyout_properties';
+import { documentFlyoutHistoryKey } from '../constants/flyout_history';
+import { DocumentSeverity } from '../../document/main/components/severity';
+import { Timestamp } from '../components/timestamp';
+
+export interface UseDocumentFlyoutTitleOptions {
+  /** The source document to derive display values from. */
+  hit: DataTableRecord;
+  /** Cell action renderer forwarded to the child document flyout. */
+  renderCellActions?: CellActionRenderer;
+  /** Callback invoked after alert mutations in the child document flyout. */
+  onAlertUpdated?: () => void;
+}
+
+export interface DocumentFlyoutTitleResult {
+  /** Document title derived from the hit. */
+  label: string;
+  /** Icon type: `'warning'` for alerts, `'analyzeEvent'` for other documents. */
+  iconType: string;
+  /** Opens the source document as a child flyout. */
+  onTitleClick: () => void;
+  /** Severity badge for the document. */
+  badge: React.ReactNode;
+  /** Formatted timestamp for the document. */
+  timestamp: React.ReactNode;
+}
+
+/**
+ * Derives all `ToolsFlyoutHeader` display values from a source document hit.
+ */
+export const useDocumentFlyoutTitle = ({
+  hit,
+  renderCellActions = noopCellActionRenderer,
+  onAlertUpdated = noop,
+}: UseDocumentFlyoutTitleOptions): DocumentFlyoutTitleResult => {
+  const { services } = useKibana();
+  const store = useStore();
+  const history = useHistory();
+  const defaultFlyoutProperties = useDefaultDocumentFlyoutProperties();
+  const isInSecurityApp = useIsInSecurityApp();
+  const historyKey = isInSecurityApp ? documentFlyoutHistoryKey : DOC_VIEWER_FLYOUT_HISTORY_KEY;
+
+  const isAlert = useMemo(
+    () => (getFieldValue(hit, EVENT_KIND) as string) === EventKind.signal,
+    [hit]
+  );
+
+  const label = useMemo(() => getDocumentTitle(hit), [hit]);
+  const iconType = isAlert ? 'warning' : 'analyzeEvent';
+
+  const onTitleClick = useCallback(() => {
+    services.overlays?.openSystemFlyout(
+      flyoutProviders({
+        services,
+        store,
+        history,
+        children: (
+          <DocumentFlyout
+            hit={hit}
+            renderCellActions={renderCellActions}
+            onAlertUpdated={onAlertUpdated}
+          />
+        ),
+      }),
+      { ...defaultFlyoutProperties, historyKey, session: 'inherit' }
+    );
+  }, [
+    defaultFlyoutProperties,
+    history,
+    historyKey,
+    hit,
+    onAlertUpdated,
+    renderCellActions,
+    services,
+    store,
+  ]);
+
+  const badge = <DocumentSeverity hit={hit} />;
+  const timestamp = <Timestamp hit={hit} size="xs" />;
+
+  return { label, iconType, onTitleClick, badge, timestamp };
+};
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/shared/tools/notes/index.tsx b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/shared/tools/notes/index.tsx
index 292fae7de5eba..3b4be524b93b7 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/shared/tools/notes/index.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/shared/tools/notes/index.tsx
@@ -11,7 +11,7 @@ import type { DataTableRecord } from '@kbn/discover-utils';
 import { EuiFlyoutBody, EuiFlyoutHeader, useEuiTheme } from '@elastic/eui';
 import { i18n } from '@kbn/i18n';
 import { useSelector } from 'react-redux';
-import { ToolsFlyoutHeader } from '../../components/tools_flyout_header';
+import { DocumentToolsFlyoutHeader } from '../../components/document_tools_flyout_header';
 import { useTimelineConfig } from './hooks/use_timeline_config';
 import { useIsInSecurityApp } from '../../../../common/hooks/is_in_security_app';
 import type { State } from '../../../../common/store';
@@ -68,7 +68,7 @@ export const NotesDetails = memo(({ hit }: NotesDetailsProps) => {
           padding-block: ${euiTheme.size.s} !important;
         `}
       >
-        <ToolsFlyoutHeader hit={hit} title={TITLE} />
+        <DocumentToolsFlyoutHeader title={TITLE} hit={hit} />
       </EuiFlyoutHeader>
       <EuiFlyoutBody data-test-subj={NOTES_DETAILS_TEST_ID}>
         <NotesDetailsContent
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/shared/utils/build_flyout_content.test.tsx b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/shared/utils/build_flyout_content.test.tsx
index 74fe11ce92621..5c79216f94ca8 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/shared/utils/build_flyout_content.test.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/shared/utils/build_flyout_content.test.tsx
@@ -27,6 +27,14 @@ jest.mock('../../network/main', () => ({
   ),
 }));
 
+jest.mock('../../entity/host/main', () => ({
+  Host: ({ hostName, hit }: { hostName: string; hit?: { flattened: Record<string, unknown> } }) => (
+    <div data-test-subj="mockHost" data-has-hit={hit ? 'true' : 'false'}>
+      {hostName}
+    </div>
+  ),
+}));
+
 jest.mock(
   '../../../one_discover/alert_flyout_overview_tab_component/data_view_manager_bootstrap',
   () => ({
@@ -35,30 +43,50 @@ jest.mock(
 );
 
 describe('buildFlyoutContent', () => {
-  it('should return a Network element for a source IP field', () => {
+  it('should return a Network element for a source IP field', async () => {
     const result = buildFlyoutContent('source.ip', '10.0.0.1');
 
     expect(result).not.toBeNull();
 
-    const { getByTestId } = render(result!);
-    expect(getByTestId('mockNetwork')).toHaveTextContent(`10.0.0.1-${FlowTargetSourceDest.source}`);
+    const { findByTestId } = render(result!);
+    expect(await findByTestId('mockNetwork')).toHaveTextContent(
+      `10.0.0.1-${FlowTargetSourceDest.source}`
+    );
   });
 
-  it('should return a Network element for a destination IP field', () => {
+  it('should return a Network element for a destination IP field', async () => {
     const result = buildFlyoutContent('destination.ip', '192.168.1.1');
 
     expect(result).not.toBeNull();
 
-    const { getByTestId } = render(result!);
-    expect(getByTestId('mockNetwork')).toHaveTextContent(
+    const { findByTestId } = render(result!);
+    expect(await findByTestId('mockNetwork')).toHaveTextContent(
       `192.168.1.1-${FlowTargetSourceDest.destination}`
     );
   });
 
-  it('should return null for a non-IP field', () => {
+  it('should return a Host element for a host.name field', async () => {
     const result = buildFlyoutContent('host.name', 'my-host');
 
-    expect(result).toBeNull();
+    expect(result).not.toBeNull();
+
+    const { findByTestId } = render(result!);
+    expect(await findByTestId('mockHost')).toHaveTextContent('my-host');
+  });
+
+  it('should pass hit to Host element when provided', async () => {
+    const mockHit = {
+      id: 'test-doc-id',
+      raw: { _id: 'test-doc-id', _index: 'test-index' },
+      flattened: { 'host.name': 'my-host' },
+    } as unknown as Parameters<typeof buildFlyoutContent>[2];
+
+    const result = buildFlyoutContent('host.name', 'my-host', mockHit);
+
+    expect(result).not.toBeNull();
+
+    const { findByTestId } = render(result!);
+    expect(await findByTestId('mockHost')).toHaveAttribute('data-has-hit', 'true');
   });
 
   it('should return null for an unknown field', () => {
diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/shared/utils/build_flyout_content.tsx b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/shared/utils/build_flyout_content.tsx
index 3623dde976fb2..982a65dad97e9 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/shared/utils/build_flyout_content.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/flyout_v2/shared/utils/build_flyout_content.tsx
@@ -5,16 +5,23 @@
  * 2.0.
  */
 
-import React from 'react';
+import React, { lazy, Suspense } from 'react';
+import type { DataTableRecord } from '@kbn/discover-utils';
 import { getEcsField } from '../../../flyout/document_details/right/components/table_field_name_cell';
 import {
+  HOST_NAME_FIELD_NAME,
   IP_FIELD_TYPE,
   LEGACY_SIGNAL_RULE_NAME_FIELD_NAME,
   SIGNAL_RULE_NAME_FIELD_NAME,
 } from '../../../timelines/components/timeline/body/renderers/constants';
 import { FlowTargetSourceDest } from '../../../../common/search_strategy/security_solution/network';
-import { Network } from '../../network/main';
-import { RuleDetails } from '../../rule/main';
+import { FlyoutLoading } from '../components/flyout_loading';
+
+const Host = lazy(() => import('../../entity/host/main').then((m) => ({ default: m.Host })));
+const Network = lazy(() => import('../../network/main').then((m) => ({ default: m.Network })));
+const RuleDetails = lazy(() => import('../../rule/main').then((m) => ({ default: m.RuleDetails })));
+
+const SuspenseFallback = <FlyoutLoading />;
 
 /**
  * Returns the React element to render inside the system flyout for the given field/value,
@@ -23,8 +30,13 @@ import { RuleDetails } from '../../rule/main';
  * Currently supports:
  * - IP fields → Network details flyout (value = IP address)
  * - Rule name field → Rule details flyout (value = rule ID)
+ * - Host name → Host details flyout (pass hit for entity resolution)
  */
-export const buildFlyoutContent = (field: string, value: string): React.ReactElement | null => {
+export const buildFlyoutContent = (
+  field: string,
+  value: string,
+  hit?: DataTableRecord
+): React.ReactElement | null => {
   const ecsField = getEcsField(field);
 
   if (ecsField?.type === IP_FIELD_TYPE) {
@@ -32,11 +44,27 @@ export const buildFlyoutContent = (field: string, value: string): React.ReactEle
       ? FlowTargetSourceDest.destination
       : FlowTargetSourceDest.source;
 
-    return <Network ip={value} flowTarget={flowTarget} />;
+    return (
+      <Suspense fallback={SuspenseFallback}>
+        <Network ip={value} flowTarget={flowTarget} />
+      </Suspense>
+    );
   }
 
   if (field === SIGNAL_RULE_NAME_FIELD_NAME || field === LEGACY_SIGNAL_RULE_NAME_FIELD_NAME) {
-    return <RuleDetails ruleId={value} />;
+    return (
+      <Suspense fallback={SuspenseFallback}>
+        <RuleDetails ruleId={value} />
+      </Suspense>
+    );
+  }
+
+  if (field === HOST_NAME_FIELD_NAME) {
+    return (
+      <Suspense fallback={SuspenseFallback}>
+        <Host hostName={value} hit={hit} />
+      </Suspense>
+    );
   }
 
   return null;
diff --git a/x-pack/solutions/security/plugins/security_solution/public/one_discover/alert_flyout_header_component/index.test.tsx b/x-pack/solutions/security/plugins/security_solution/public/one_discover/alert_flyout_header_component/index.test.tsx
index fe1fab3084f5a..cff623edd8762 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/one_discover/alert_flyout_header_component/index.test.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/one_discover/alert_flyout_header_component/index.test.tsx
@@ -59,6 +59,9 @@ jest.mock('../../cases/components/provider/provider', () => ({
 jest.mock('../../assistant/provider', () => ({
   AssistantProvider: ({ children }: { children: React.ReactNode }) => <>{children}</>,
 }));
+jest.mock('../../common/components/ml/permissions/ml_capabilities_provider', () => ({
+  MlCapabilitiesProvider: ({ children }: { children: React.ReactNode }) => <>{children}</>,
+}));
 jest.mock('../../common/hooks/is_in_security_app', () => ({
   useIsInSecurityApp: jest.fn(),
 }));
@@ -82,6 +85,21 @@ describe('AlertFlyoutHeader', () => {
       },
     },
     upselling: {},
+    data: {
+      query: {
+        timefilter: {
+          timefilter: {
+            getAbsoluteTime: jest.fn().mockReturnValue({
+              from: '2023-01-01T00:00:00.000Z',
+              to: '2023-12-31T23:59:59.999Z',
+            }),
+          },
+        },
+      },
+    },
+    notifications: {
+      toasts: { addError: jest.fn(), addDanger: jest.fn(), addSuccess: jest.fn() },
+    },
   } as unknown as StartServices;
 
   it('wraps the header in KibanaContextProvider and ReactQueryClientProvider', async () => {
diff --git a/x-pack/solutions/security/plugins/security_solution/public/one_discover/alert_flyout_overview_tab_component/index.test.tsx b/x-pack/solutions/security/plugins/security_solution/public/one_discover/alert_flyout_overview_tab_component/index.test.tsx
index a297010557ba3..643c9fdfa5bc8 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/one_discover/alert_flyout_overview_tab_component/index.test.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/one_discover/alert_flyout_overview_tab_component/index.test.tsx
@@ -43,6 +43,9 @@ jest.mock('../../cases/components/provider/provider', () => ({
 jest.mock('../../assistant/provider', () => ({
   AssistantProvider: ({ children }: { children: React.ReactNode }) => <>{children}</>,
 }));
+jest.mock('../../common/components/ml/permissions/ml_capabilities_provider', () => ({
+  MlCapabilitiesProvider: ({ children }: { children: React.ReactNode }) => <>{children}</>,
+}));
 
 const mockUseInitDataViewManager = jest.fn();
 jest.mock('../../data_view_manager/hooks/use_init_data_view_manager', () => ({
@@ -73,6 +76,21 @@ describe('AlertFlyoutOverviewTab', () => {
       },
     },
     upselling: {},
+    data: {
+      query: {
+        timefilter: {
+          timefilter: {
+            getAbsoluteTime: jest.fn().mockReturnValue({
+              from: '2023-01-01T00:00:00.000Z',
+              to: '2023-12-31T23:59:59.999Z',
+            }),
+          },
+        },
+      },
+    },
+    notifications: {
+      toasts: { addError: jest.fn(), addDanger: jest.fn(), addSuccess: jest.fn() },
+    },
   } as unknown as StartServices;
 
   beforeEach(() => {
diff --git a/x-pack/solutions/security/plugins/security_solution/public/one_discover/cell_renderers/cell_renderers.tsx b/x-pack/solutions/security/plugins/security_solution/public/one_discover/cell_renderers/cell_renderers.tsx
index 917a5837263f2..fc5de0b995c55 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/one_discover/cell_renderers/cell_renderers.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/one_discover/cell_renderers/cell_renderers.tsx
@@ -23,6 +23,7 @@ import type { StartServices } from '../../types';
 import type { SecurityAppStore } from '../../common/store/types';
 import { IpCellRenderer } from './ip_cell_renderer';
 import { RuleNameCellRenderer } from './rule_name_cell_renderer';
+import { HostCellRenderer, HOST_CELL_RENDERER_FIELDS } from './host_cell_renderer';
 import { ONE_DISCOVER_SCOPE_ID } from '../constants';
 
 export type SecuritySolutionRowCellRendererGetter = Awaited<
@@ -35,18 +36,19 @@ export type SecuritySolutionRowCellRendererGetter = Awaited<
  * in Discover's contextual View
  * Also see: src/platform/plugins/shared/discover/public/context_awareness/profile_providers/security/constants.ts
  */
-const ALLOWED_DISCOVER_RENDERED_FIELDS = [
+const ALLOWED_DISCOVER_RENDERED_FIELDS = new Set([
   SIGNAL_STATUS_FIELD_NAME,
   SIGNAL_RULE_NAME_FIELD_NAME,
   LEGACY_SIGNAL_RULE_NAME_FIELD_NAME,
-];
+  ...HOST_CELL_RENDERER_FIELDS,
+]);
 
 export const getCellRendererForGivenRecord = (
   services: StartServices,
   store: SecurityAppStore
 ): SecuritySolutionRowCellRendererGetter => {
   return (fieldName: string) => {
-    if (ALLOWED_DISCOVER_RENDERED_FIELDS.includes(fieldName)) {
+    if (ALLOWED_DISCOVER_RENDERED_FIELDS.has(fieldName)) {
       if (
         fieldName === SIGNAL_RULE_NAME_FIELD_NAME ||
         fieldName === LEGACY_SIGNAL_RULE_NAME_FIELD_NAME
@@ -56,6 +58,12 @@ export const getCellRendererForGivenRecord = (
         };
       }
 
+      if (HOST_CELL_RENDERER_FIELDS.has(fieldName)) {
+        return function HostFieldRenderer(props: DataGridCellValueElementProps) {
+          return <HostCellRenderer {...props} services={services} store={store} />;
+        };
+      }
+
       return function UnifiedFieldRenderBySecuritySolution(props: DataGridCellValueElementProps) {
         // convert discover data format to timeline data format
         const data: TimelineNonEcsData[] = useMemo(
diff --git a/x-pack/solutions/security/plugins/security_solution/public/one_discover/cell_renderers/host_cell_renderer.tsx b/x-pack/solutions/security/plugins/security_solution/public/one_discover/cell_renderers/host_cell_renderer.tsx
new file mode 100644
index 0000000000000..4023027b6f681
--- /dev/null
+++ b/x-pack/solutions/security/plugins/security_solution/public/one_discover/cell_renderers/host_cell_renderer.tsx
@@ -0,0 +1,103 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React, { useCallback, useMemo } from 'react';
+import { EuiLink } from '@elastic/eui';
+import type { DataGridCellValueElementProps } from '@kbn/unified-data-table';
+import { useHistory } from 'react-router-dom';
+import { DOC_VIEWER_FLYOUT_HISTORY_KEY } from '@kbn/unified-doc-viewer';
+import { getOrEmptyTagFromValue } from '../../common/components/empty_value';
+import { flyoutProviders } from '../../flyout_v2/shared/components/flyout_provider';
+import { useDefaultDocumentFlyoutProperties } from '../../flyout_v2/shared/hooks/use_default_flyout_properties';
+import { documentFlyoutHistoryKey } from '../../flyout_v2/shared/constants/flyout_history';
+import { DataViewManagerBootstrap } from '../alert_flyout_overview_tab_component/data_view_manager_bootstrap';
+import { Host } from '../../flyout_v2/entity/host/main';
+import type { StartServices } from '../../types';
+import type { SecurityAppStore } from '../../common/store/types';
+import { useIsInSecurityApp } from '../../common/hooks/is_in_security_app';
+
+export const HOST_CELL_RENDERER_FIELDS = new Set(['host.name', 'host.hostname']);
+
+export interface HostCellRendererProps extends DataGridCellValueElementProps {
+  services: StartServices;
+  store: SecurityAppStore;
+}
+
+/**
+ * Cell renderer for host-related columns in One Discover.
+ * Renders each value as a clickable link that opens the host details flyout.
+ */
+export const HostCellRenderer = React.memo<HostCellRendererProps>(
+  ({ services, store, ...props }) => {
+    const history = useHistory();
+    const isInSecurityApp = useIsInSecurityApp();
+    const historyKey = isInSecurityApp ? documentFlyoutHistoryKey : DOC_VIEWER_FLYOUT_HISTORY_KEY;
+    const { overlays } = services;
+    const defaultDocumentFlyoutProperties = useDefaultDocumentFlyoutProperties();
+    const rawValue = props.row.flattened[props.columnId];
+
+    const values: string[] = useMemo(() => {
+      if (Array.isArray(rawValue)) return rawValue.map(String);
+      if (rawValue != null) return [String(rawValue)];
+      return [];
+    }, [rawValue]);
+
+    const handleClick = useCallback(
+      (hostName: string) => {
+        if (!hostName) return;
+
+        overlays.openSystemFlyout(
+          flyoutProviders({
+            services,
+            store,
+            history,
+            children: (
+              <>
+                {!isInSecurityApp && <DataViewManagerBootstrap />}
+                <Host hostName={hostName} hit={props.row} />
+              </>
+            ),
+          }),
+          {
+            ...defaultDocumentFlyoutProperties,
+            historyKey,
+            session: 'start',
+          }
+        );
+      },
+      [
+        overlays,
+        services,
+        store,
+        history,
+        isInSecurityApp,
+        historyKey,
+        props.row,
+        defaultDocumentFlyoutProperties,
+      ]
+    );
+
+    if (values.length === 0) {
+      return getOrEmptyTagFromValue(null);
+    }
+
+    return (
+      <>
+        {values.map((val, idx) => (
+          <React.Fragment key={`${val}-${idx}`}>
+            {idx > 0 && ', '}
+            <EuiLink onClick={() => handleClick(val)} data-test-subj="one-discover-host-link">
+              {val}
+            </EuiLink>
+          </React.Fragment>
+        ))}
+      </>
+    );
+  }
+);
+
+HostCellRenderer.displayName = 'HostCellRenderer';
diff --git a/x-pack/solutions/security/plugins/security_solution/public/one_discover/cell_renderers/ip_cell_renderer.test.tsx b/x-pack/solutions/security/plugins/security_solution/public/one_discover/cell_renderers/ip_cell_renderer.test.tsx
index 4abb8e090e02a..106fac51ef241 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/one_discover/cell_renderers/ip_cell_renderer.test.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/one_discover/cell_renderers/ip_cell_renderer.test.tsx
@@ -24,6 +24,10 @@ jest.mock('../../common/lib/kibana', () => ({
   }),
 }));
 
+jest.mock('../../common/hooks/is_in_security_app', () => ({
+  useIsInSecurityApp: () => false,
+}));
+
 jest.mock('react-router-dom', () => ({
   ...jest.requireActual('react-router-dom'),
   useHistory: () => ({ push: jest.fn(), location: { pathname: '/' } }),
diff --git a/x-pack/solutions/security/plugins/security_solution/public/one_discover/cell_renderers/ip_cell_renderer.tsx b/x-pack/solutions/security/plugins/security_solution/public/one_discover/cell_renderers/ip_cell_renderer.tsx
index 85ce0047d0a73..8481526a1fd85 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/one_discover/cell_renderers/ip_cell_renderer.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/one_discover/cell_renderers/ip_cell_renderer.tsx
@@ -9,6 +9,7 @@ import React, { useCallback, useMemo } from 'react';
 import { EuiLink } from '@elastic/eui';
 import type { DataGridCellValueElementProps } from '@kbn/unified-data-table';
 import { useHistory } from 'react-router-dom';
+import { useIsInSecurityApp } from '../../common/hooks/is_in_security_app';
 import { getOrEmptyTagFromValue } from '../../common/components/empty_value';
 import { flyoutProviders } from '../../flyout_v2/shared/components/flyout_provider';
 import { useDefaultDocumentFlyoutProperties } from '../../flyout_v2/shared/hooks/use_default_flyout_properties';
@@ -30,6 +31,7 @@ export interface IpCellRendererProps extends DataGridCellValueElementProps {
  */
 export const IpCellRenderer = React.memo<IpCellRendererProps>(({ services, store, ...props }) => {
   const history = useHistory();
+  const isInSecurityApp = useIsInSecurityApp();
   const defaultDocumentFlyoutProperties = useDefaultDocumentFlyoutProperties();
   const { overlays } = services;
   const rawValue = props.row.flattened[props.columnId];
@@ -51,7 +53,7 @@ export const IpCellRenderer = React.memo<IpCellRendererProps>(({ services, store
             history,
             children: (
               <>
-                <DataViewManagerBootstrap />
+                {!isInSecurityApp && <DataViewManagerBootstrap />}
                 {flyoutContent}
               </>
             ),
@@ -63,7 +65,15 @@ export const IpCellRenderer = React.memo<IpCellRendererProps>(({ services, store
         );
       }
     },
-    [defaultDocumentFlyoutProperties, overlays, services, store, history, props.columnId]
+    [
+      props.columnId,
+      overlays,
+      services,
+      store,
+      history,
+      isInSecurityApp,
+      defaultDocumentFlyoutProperties,
+    ]
   );
 
   if (addresses.length === 0) {
diff --git a/x-pack/solutions/security/plugins/security_solution/public/timelines/components/formatted_ip/index.tsx b/x-pack/solutions/security/plugins/security_solution/public/timelines/components/formatted_ip/index.tsx
index b6b8923c77246..c1644d94ea0f7 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/timelines/components/formatted_ip/index.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/timelines/components/formatted_ip/index.tsx
@@ -20,7 +20,7 @@ import { useKibana } from '../../../common/lib/kibana';
 import { NetworkDetailsLink } from '../../../common/components/links';
 import { NetworkPanelKey } from '../../../flyout/network_details';
 import { FlyoutLink } from '../../../flyout/shared/components/flyout_link';
-import { ChildLink } from '../../../flyout_v2/shared/components/child_link';
+import { OpenFlyoutLink } from '../../../flyout_v2/shared/components/open_flyout_link';
 import { Network } from '../../../flyout_v2/network/main';
 import { flyoutProviders } from '../../../flyout_v2/shared/components/flyout_provider';
 import { useDefaultDocumentFlyoutProperties } from '../../../flyout_v2/shared/hooks/use_default_flyout_properties';
@@ -134,7 +134,12 @@ const AddressLinksItemComponent: React.FC<AddressLinksItemProps> = ({
           title={title}
         />
       ) : newFlyoutSystemEnabled ? (
-        <ChildLink field={fieldName} value={address} data-test-subj="network-details" />
+        <OpenFlyoutLink
+          field={fieldName}
+          value={address}
+          asParent
+          data-test-subj="network-details"
+        />
       ) : (
         <FlyoutLink
           field={fieldName}
diff --git a/x-pack/solutions/security/plugins/security_solution/public/timelines/components/timeline/body/renderers/host_name.tsx b/x-pack/solutions/security/plugins/security_solution/public/timelines/components/timeline/body/renderers/host_name.tsx
index 3bc4add206d4c..c55fa2d3fd8d3 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/timelines/components/timeline/body/renderers/host_name.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/timelines/components/timeline/body/renderers/host_name.tsx
@@ -9,12 +9,21 @@ import React, { useCallback, useContext, useMemo } from 'react';
 import type { EuiButtonEmpty, EuiButtonIcon } from '@elastic/eui';
 import { isString } from 'lodash/fp';
 import { useExpandableFlyoutApi } from '@kbn/expandable-flyout';
+import { useHistory } from 'react-router-dom';
+import { useStore } from 'react-redux';
+import { DOC_VIEWER_FLYOUT_HISTORY_KEY } from '@kbn/unified-doc-viewer';
 import { HostPanelKey } from '../../../../../flyout/entity_details/shared/constants';
 import { StatefulEventContext } from '../../../../../common/components/events_viewer/stateful_event_context';
 import { HostDetailsLink } from '../../../../../common/components/links';
 import { getEmptyTagValue } from '../../../../../common/components/empty_value';
 import { TruncatableText } from '../../../../../common/components/truncatable_text';
 import { useIsInSecurityApp } from '../../../../../common/hooks/is_in_security_app';
+import { useIsExperimentalFeatureEnabled } from '../../../../../common/hooks/use_experimental_features';
+import { useKibana } from '../../../../../common/lib/kibana';
+import { Host } from '../../../../../flyout_v2/entity/host/main';
+import { flyoutProviders } from '../../../../../flyout_v2/shared/components/flyout_provider';
+import { useDefaultDocumentFlyoutProperties } from '../../../../../flyout_v2/shared/hooks/use_default_flyout_properties';
+import { documentFlyoutHistoryKey } from '../../../../../flyout_v2/shared/constants/flyout_history';
 
 interface Props {
   contextId: string;
@@ -36,9 +45,17 @@ const HostNameComponent: React.FC<Props> = ({
   entityId,
 }) => {
   const { openFlyout } = useExpandableFlyoutApi();
+  const { services } = useKibana();
+  const { overlays } = services;
+  const store = useStore();
+  const history = useHistory();
+  const newFlyoutSystemEnabled = useIsExperimentalFeatureEnabled('newFlyoutSystemEnabled');
+  const defaultDocumentFlyoutProperties = useDefaultDocumentFlyoutProperties();
 
   const isInSecurityApp = useIsInSecurityApp();
 
+  const historyKey = isInSecurityApp ? documentFlyoutHistoryKey : DOC_VIEWER_FLYOUT_HISTORY_KEY;
+
   const eventContext = useContext(StatefulEventContext);
   const hostName = `${value}`;
   const isInTimelineContext = hostName && eventContext?.timelineID;
@@ -51,28 +68,55 @@ const HostNameComponent: React.FC<Props> = ({
         onClick();
       }
 
-      /*
-       * if and only if renderer is running inside security solution app
-       * we check for event and timeline context
-       * */
       if (!eventContext || !isInTimelineContext || !eventContext.enableHostDetailsFlyout) {
         return;
       }
 
-      const { timelineID } = eventContext;
-      openFlyout({
-        right: {
-          id: HostPanelKey,
-          params: {
-            hostName,
-            entityId,
-            contextID: contextId,
-            scopeId: timelineID,
+      if (newFlyoutSystemEnabled) {
+        overlays.openSystemFlyout(
+          flyoutProviders({
+            services,
+            store,
+            history,
+            children: <Host hostName={hostName} entityId={entityId} />,
+          }),
+          {
+            ...defaultDocumentFlyoutProperties,
+            historyKey,
+            session: 'start',
+          }
+        );
+      } else {
+        const { timelineID } = eventContext;
+        openFlyout({
+          right: {
+            id: HostPanelKey,
+            params: {
+              hostName,
+              entityId,
+              contextID: contextId,
+              scopeId: timelineID,
+            },
           },
-        },
-      });
+        });
+      }
     },
-    [onClick, eventContext, isInTimelineContext, hostName, entityId, openFlyout, contextId]
+    [
+      onClick,
+      eventContext,
+      isInTimelineContext,
+      hostName,
+      entityId,
+      openFlyout,
+      contextId,
+      newFlyoutSystemEnabled,
+      overlays,
+      services,
+      store,
+      history,
+      historyKey,
+      defaultDocumentFlyoutProperties,
+    ]
   );
 
   // The below is explicitly defined this way as the onClick takes precedence when it and the href are both defined
diff --git a/x-pack/solutions/security/plugins/security_solution/public/timelines/components/timeline/body/renderers/system/generic_row_renderer.test.tsx b/x-pack/solutions/security/plugins/security_solution/public/timelines/components/timeline/body/renderers/system/generic_row_renderer.test.tsx
index 2275a53d67d96..29ad3ac7e8f70 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/timelines/components/timeline/body/renderers/system/generic_row_renderer.test.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/timelines/components/timeline/body/renderers/system/generic_row_renderer.test.tsx
@@ -90,6 +90,10 @@ const extractEuiIconText = (str: string) => {
 
 jest.mock('../../../../../../common/lib/kibana');
 
+jest.mock('../host_name', () => ({
+  HostName: () => null,
+}));
+
 jest.mock('@elastic/eui', () => {
   const original = jest.requireActual('@elastic/eui');
   return {