[Entity Analytics] Fix host details page for hosts in the entity store

[ymao1]

Summary

Followup to #267728, this PR fixes the host details page to correctly generate the queries used to populate the page components

To Verify

1. Start ES and Kibana with all the V2 feature flags
2. Verify the entity store is enabled and generate some source data using yarn start org-data --size medium
3. Wait for the entity store to get some entities
4. Create a detection rule that queries the default security indices and generates alerts
5. Manually kick off the risk engine so that some entity store entities have risk scores
6. Modify the following file so that clicking a host from the All Hosts page navigates to the host details page:

--- a/x-pack/solutions/security/plugins/security_solution/public/explore/hosts/components/hosts_table/columns.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/explore/hosts/components/hosts_table/columns.tsx
@@ -56,7 +56,7 @@ export const getHostsColumns = (
               field: 'host.name',
             }}
           >
-            <HostDetailsLink hostName={name} entityId={entityId} onClick={onClick} />
+            <HostDetailsLink hostName={name} entityId={entityId} />
           </SecurityCellActions>

Verify No Regressions in Explore Hosts Page

7. Navigate to Explore -> Hosts and verify that all the tabs are correctly populated (some may be empty depending on what test data you have). There should be no regressions on this page from this PR

Verify Host Details page for Host in Entity Store is populated

8. From the All Hosts tab, click on a host to go to the host details page
9. At a minimum, the events tab should have some events. Depending on your source data, you may have data in the Authentications tab. If the host has a risk score, there should be risk score inputs in the Host Risk tab and alerts shown in the alerts components. Inspecting the queries, the DSL queries should include a EUID DSL filter (sometimes the EUID DSL filter will just be a host.name filter but you may also see host.id filters.

Screen.Recording.2026-05-07.at.1.31.50.PM.mov

Verify No Regressions for Host Details page for Host not in Entity Store

10. From the Alerts page, find a host that is not in the entity store and navigate to their details page. Inspect the queries on this page. They should all use the host.name fallback since this host is not in the entity store.

Screen.Recording.2026-05-07.at.1.32.20.PM.mov

[infra-vault-gh-plugin-prod]

Pinging @elastic/security-entity-analytics (Team:Entity Analytics)

[kibanamachine]

💚 Build Succeeded

• Buildkite Build
• Commit: 384a4de

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id	before	after	diff
securitySolution	9400	9401	+1

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id	before	after	diff
securitySolution	12.0MB	12.0MB	-263.0B

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id	before	after	diff
securitySolution	153.4KB	153.4KB	+1.0B

History

• 💛 Build #439693 was flaky e86522c

cc @ymao1

[tcalopes]

euidDslFilterToPageFilters was moved to explore/helpers.ts, but the original definition still lives in users/pages/details/helpers.ts and it's no longer imported anywhere. Can we remove it?

[tcalopes]

small suggestion: I see that entityType and entityRecord props were introduced in #267728, but I think it could be useful to have a comment on AlertsByStatusProps saying when entityType + entityRecord is preferred over entityFilter, or not sure if entityFilter will be deprecated afterwards