[9.4] [Entity Analytics] Fix user details page for users in the entity store (#267728)#268323
Merged
kibanamachine merged 1 commit intoelastic:9.4from May 8, 2026
Merged
Conversation
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
elastic#267728) ## Summary Similar to elastic#265887, the user details page was using `documentEntityIdentifiers` to generate the various queries used to populate the page components. For the user entity, these identifiers were often incorrect as they returned computed fields (like `entity.namespace`) that do not exist in the source event documents, so the queries would return no data. > [!NOTE] > To limit the size of this PR, only the user details page is addressed. There will be a followup PR for the host details page. ## To Verify 1. Start ES and Kibana with all the V2 feature flags 2. Verify the entity store is enabled and generate some source data using `yarn start org-data --size medium` 3. Wait for the entity store to get some entities 4. Create a detection rule that queries the default security indices and generates alerts 5. Manually kick off the risk engine so that some entity store entities have risk scores 6. Modify the following file so that clicking a user from the All Users page navigates to the user details page: ``` --- a/x-pack/solutions/security/plugins/security_solution/public/explore/users/components/all_users/index.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/explore/users/components/all_users/index.tsx @@ -116,7 +116,6 @@ const getUsersColumns = ( userName={name} entityId={user.entityId} identityFields={user.identityFields} - onClick={onClick} /> ``` ### Verify No Regressions in Explore Users Page 7. Navigate to `Explore -> Users` and verify that all the tabs are correctly populated (Authentications and Anomalies may be empty depending on what test data you have). There should be no regressions on this page from this PR ### Verify User Details page for User in Entity Store is populated 8. From the `All Users` tab, click on a user to go to the user details page 9. At a minimum, the events tab should have some events. Depending on your source data, you may have data in the Authentications tab. If the user has a risk score, there should be risk score inputs in the User Risk tab and alerts shown in the alerts components. Inspecting the queries, the DSL queries should include a EUID DSL filter (without any entity.namespace fields in the filter). https://github.com/user-attachments/assets/5484ff73-1c7f-427b-be57-8c5467e04a78 ### Verify No Regressions for User Details page for User not in Entity Store 10. From the Alerts page, find a user that is not in the entity store and navigate to their details page. Inspect the queries on this page. They should all use the `user.name` fallback since this user is not in the entity store. https://github.com/user-attachments/assets/e65332f2-3953-4c1c-924c-cc3feb95d276 (cherry picked from commit 3f53f7b)
kibanamachine
force-pushed
the
backport/9.4/pr-267728
branch
from
145afbb to
2edc7b6
Compare
Contributor
Author
💛 Build succeeded, but was flaky
Failed CI StepsMetrics [docs]Module Count
Async chunks
cc @ymao1 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Backport
This will backport the following commits from
mainto9.4:Questions ?
Please refer to the Backport tool documentation