[Security Solution][One Discover] Migrate user flyout and related subcomponents

src/platform/plugins/shared/discover/public/context_awareness/profile_providers/security/constants.ts

@@ -21,6 +21,7 @@ export const ALERT_WORKFLOW_STATUS_FIELD_NAME = 'kibana.alert.workflow_status';
 
 export const HOST_NAME_FIELD = 'host.name';
 export const HOST_HOSTNAME_FIELD = 'host.hostname';
+export const USER_NAME_FIELD = 'user.name';
 
 // Also see: x-pack/solutions/security/plugins/security_solution/public/one_discover/cell_renderers/cell_renderers.tsx
 export const ALLOWED_CELL_RENDER_FIELDS = [
@@ -29,4 +30,5 @@ export const ALLOWED_CELL_RENDER_FIELDS = [
   LEGACY_SIGNAL_RULE_NAME_FIELD_NAME,
   HOST_NAME_FIELD,
   HOST_HOSTNAME_FIELD,
+  USER_NAME_FIELD,
 ];

src/platform/plugins/shared/discover/public/context_awareness/profile_providers/security/security_root_profile/profile.test.ts

@@ -103,6 +103,17 @@ describe('createSecurityRootProfileProvider', () => {
       expect(result['kibana.alert.workflow_status']).toBeDefined();
     });
 
+    it('should add user.name cell renderer for alerts index', async () => {
+      const { provider, context } = await resolveSecurityContext((fieldName) =>
+        fieldName === 'user.name' ? MockComponent : undefined
+      );
+      const getCellRenderers = provider.profile.getCellRenderers!(() => ({}), { context });
+      const result = getCellRenderers({
+        dataView: createMockDataView(`${ALERTS_INDEX_PATTERN}default`),
+      } as Parameters<typeof getCellRenderers>[0]);
+      expect(result['user.name']).toBeDefined();
+    });
+
     it('should add cell renderers for IP fields without overriding existing ones', async () => {
       const ExistingRenderer: FunctionComponent<DataGridCellValueElementProps> = () => null;
       const { provider, context } = await resolveSecurityContext(() => MockComponent);

x-pack/platform/plugins/private/translations/translations/de-DE.json

@@ -43789,7 +43789,6 @@
     "xpack.securitySolution.flyout.entityDetails.service.stateLabel": "Zustand",
     "xpack.securitySolution.flyout.entityDetails.service.typeLabel": "Typ",
     "xpack.securitySolution.flyout.entityDetails.service.versionLabel": "Version",
-    "xpack.securitySolution.flyout.entityDetails.showAssetDocument": "Asset-Details anzeigen",
     "xpack.securitySolution.flyout.entityDetails.summaryView": "Zusammenfassung",
     "xpack.securitySolution.flyout.entityDetails.table.documentFieldsCaption": "Entitätsfelder",
     "xpack.securitySolution.flyout.entityDetails.table.fieldCellLabel": "Feld",
@@ -46498,7 +46497,6 @@
     "xpack.securitySolution.timeline.toggleEventDetailsTitle": "Ereignisdetails erweitern",
     "xpack.securitySolution.timeline.unsavedWorkMessage": "Möchten Sie die Zeitleiste mit nicht gespeicherter Arbeit verlassen?",
     "xpack.securitySolution.timeline.unsavedWorkTitle": "Nicht gespeicherte Änderungen",
-    "xpack.securitySolution.timeline.userDetails.updatedTime": "Aktualisiert {time}",
     "xpack.securitySolution.timeline.youAreInAnEventRendererScreenReaderOnly": "Sie befinden sich in einem Ereignis-Renderer für Zeile {row}. Drücken Sie die Aufwärtspfeiltaste, um die Bearbeitung zu beenden und zur aktuellen Zeile zurückzukehren, oder die Abwärtspfeiltaste, um die Bearbeitung zu beenden und zur nächsten Zeile zu gelangen.",
     "xpack.securitySolution.timelines.allTimelines.errorFetchingTimelinesTitle": "Fehler beim Abfragen aller Zeitleistendaten",
     "xpack.securitySolution.timelines.allTimelines.importTimelineTitle": "Import",

x-pack/platform/plugins/private/translations/translations/fr-FR.json

@@ -43641,7 +43641,6 @@
     "xpack.securitySolution.flyout.entityDetails.service.stateLabel": "État",
     "xpack.securitySolution.flyout.entityDetails.service.typeLabel": "Type",
     "xpack.securitySolution.flyout.entityDetails.service.versionLabel": "Version",
-    "xpack.securitySolution.flyout.entityDetails.showAssetDocument": "Montrer les détails de ressource",
     "xpack.securitySolution.flyout.entityDetails.summaryView": "résumé",
     "xpack.securitySolution.flyout.entityDetails.table.documentFieldsCaption": "Champs d'entités",
     "xpack.securitySolution.flyout.entityDetails.table.fieldCellLabel": "Champ",
@@ -46335,7 +46334,6 @@
     "xpack.securitySolution.timeline.toggleEventDetailsTitle": "Développer les détails de l'événement",
     "xpack.securitySolution.timeline.unsavedWorkMessage": "Quitter Timeline avec un travail non enregistré ?",
     "xpack.securitySolution.timeline.unsavedWorkTitle": "Modifications non enregistrées",
-    "xpack.securitySolution.timeline.userDetails.updatedTime": "Mis à jour le {time}",
     "xpack.securitySolution.timeline.youAreInAnEventRendererScreenReaderOnly": "Vous êtes dans un outil de rendu d'événement pour la ligne : {row}. Appuyez sur la touche fléchée vers le haut pour quitter et revenir à la ligne en cours, ou sur la touche fléchée vers le bas pour quitter et passer à la ligne suivante.",
     "xpack.securitySolution.timelines.allTimelines.errorFetchingTimelinesTitle": "Impossible d'interroger les données de toutes les chronologies",
     "xpack.securitySolution.timelines.allTimelines.importTimelineTitle": "Importer",

x-pack/platform/plugins/private/translations/translations/ja-JP.json

@@ -43954,7 +43954,6 @@
     "xpack.securitySolution.flyout.entityDetails.service.stateLabel": "ステータス",
     "xpack.securitySolution.flyout.entityDetails.service.typeLabel": "型",
     "xpack.securitySolution.flyout.entityDetails.service.versionLabel": "バージョン",
-    "xpack.securitySolution.flyout.entityDetails.showAssetDocument": "アセット詳細を表示",
     "xpack.securitySolution.flyout.entityDetails.summaryView": "まとめ",
     "xpack.securitySolution.flyout.entityDetails.table.documentFieldsCaption": "エンティティフィールド",
     "xpack.securitySolution.flyout.entityDetails.table.fieldCellLabel": "フィールド",
@@ -46671,7 +46670,6 @@
     "xpack.securitySolution.timeline.toggleEventDetailsTitle": "イベントの詳細を展開",
     "xpack.securitySolution.timeline.unsavedWorkMessage": "作業を保存せずにタイムラインから移動しますか？",
     "xpack.securitySolution.timeline.unsavedWorkTitle": "保存されていない変更",
-    "xpack.securitySolution.timeline.userDetails.updatedTime": "更新日時{time}",
     "xpack.securitySolution.timeline.youAreInAnEventRendererScreenReaderOnly": "行{row}のイベントレンダラーを表示しています。上矢印キーを押すと、終了して現在の行に戻ります。下矢印キーを押すと、終了して次の行に進みます。",
     "xpack.securitySolution.timelines.allTimelines.errorFetchingTimelinesTitle": "すべてのタイムラインデータをクエリできませんでした",
     "xpack.securitySolution.timelines.allTimelines.importTimelineTitle": "インポート",

x-pack/platform/plugins/private/translations/translations/zh-CN.json

@@ -43947,7 +43947,6 @@
     "xpack.securitySolution.flyout.entityDetails.service.stateLabel": "状态",
     "xpack.securitySolution.flyout.entityDetails.service.typeLabel": "类型",
     "xpack.securitySolution.flyout.entityDetails.service.versionLabel": "版本",
-    "xpack.securitySolution.flyout.entityDetails.showAssetDocument": "显示资产详情",
     "xpack.securitySolution.flyout.entityDetails.summaryView": "摘要",
     "xpack.securitySolution.flyout.entityDetails.table.documentFieldsCaption": "实体字段",
     "xpack.securitySolution.flyout.entityDetails.table.fieldCellLabel": "字段",
@@ -46661,7 +46660,6 @@
     "xpack.securitySolution.timeline.toggleEventDetailsTitle": "展开事件详情",
     "xpack.securitySolution.timeline.unsavedWorkMessage": "离开有未保存工作的时间线？",
     "xpack.securitySolution.timeline.unsavedWorkTitle": "未保存的更改",
-    "xpack.securitySolution.timeline.userDetails.updatedTime": "更新于 {time}",
     "xpack.securitySolution.timeline.youAreInAnEventRendererScreenReaderOnly": "您正处于第 {row} 行的事件呈现器中。按向上箭头键退出并返回当前行，或按向下箭头键退出并前进到下一行。",
     "xpack.securitySolution.timelines.allTimelines.errorFetchingTimelinesTitle": "无法查询所有时间线数据",
     "xpack.securitySolution.timelines.allTimelines.importTimelineTitle": "导入",

x-pack/solutions/security/plugins/security_solution/public/agent_builder/components/entity_card_flyout_overview_canvas.tsx

@@ -67,11 +67,11 @@ import {
 } from '../../flyout/entity_details/shared/constants';
 import type { EntityDetailsPath } from '../../flyout/entity_details/shared/components/left_panel/left_panel_header';
 import { EntityEventTypes } from '../../common/lib/telemetry';
-import { UserPanelContent } from '../../flyout/entity_details/user_right/content';
-import { UserPanelHeader } from '../../flyout/entity_details/user_right/header';
-import { useObservedUser } from '../../flyout/entity_details/user_right/hooks/use_observed_user';
+import { Content as UserPanelContent } from '../../flyout_v2/entity/user/main/content';
+import { Header as UserPanelHeader } from '../../flyout_v2/entity/user/main/header';
+import { useObservedUser } from '../../flyout_v2/entity/user/main/hooks/use_observed_user';
 import { useManagedUser } from '../../flyout/entity_details/shared/hooks/use_managed_user';
-import { USER_PANEL_RISK_SCORE_QUERY_ID } from '../../flyout/entity_details/user_right/constants';
+import { USER_PANEL_RISK_SCORE_QUERY_ID } from '../../flyout_v2/entity/user/main/constants';
 import { UserDetailsPanelKey } from '../../flyout/entity_details/user_details_left';
 import { ServicePanelContent } from '../../flyout/entity_details/service_right/content';
 import { ServicePanelHeader } from '../../flyout/entity_details/service_right/header';

x-pack/solutions/security/plugins/security_solution/public/explore/hosts/pages/details/index.tsx

@@ -80,7 +80,7 @@ import {
   useEntityFromStore,
   type EntityStoreRecord,
 } from '../../../../flyout/entity_details/shared/hooks/use_entity_from_store';
-import { ObservedDataSection as HostObservedDataSection } from '../../../../flyout_v2/entity/host/main/components/observed_data_section';
+import { ObservedDataSection as HostObservedDataSection } from '../../../../flyout_v2/entity/shared/components/observed_data_section';
 import { HOST_PANEL_OBSERVED_HOST_QUERY_ID } from '../../../../flyout/entity_details/host_right';
 import { useObservedHost } from '../../../../flyout_v2/entity/host/main/hooks/use_observed_host';
 import { buildRiskScoreStateFromEntityRecord } from '../../../../flyout/entity_details/shared/entity_store_risk_utils';
@@ -403,8 +403,9 @@ const HostDetailsComponent: React.FC<HostDetailsProps> = ({
                   />
                   <EuiSpacer size="m" />
                   <HostObservedDataSection
+                    entityType={EntityType.host}
                     identityFields={resolvedIdentityFields}
-                    observedHost={observedHost}
+                    observedData={observedHost}
                     contextID={PageScope.explore}
                     scopeId={PageScope.explore}
                     queryId={HOST_PANEL_OBSERVED_HOST_QUERY_ID}

x-pack/solutions/security/plugins/security_solution/public/explore/users/pages/details/index.tsx

@@ -78,9 +78,9 @@ import {
   useEntityFromStore,
   type EntityStoreRecord,
 } from '../../../../flyout/entity_details/shared/hooks/use_entity_from_store';
-import { ObservedDataSection as UserObservedDataSection } from '../../../../flyout/entity_details/user_right/components/observed_data_section';
+import { ObservedDataSection as UserObservedDataSection } from '../../../../flyout_v2/entity/shared/components/observed_data_section';
 import { USER_PANEL_OBSERVED_USER_QUERY_ID } from '../../../../flyout/entity_details/user_right';
-import { useObservedUser } from '../../../../flyout/entity_details/user_right/hooks/use_observed_user';
+import { useObservedUser } from '../../../../flyout_v2/entity/user/main/hooks/use_observed_user';
 import { buildRiskScoreStateFromEntityRecord } from '../../../../flyout/entity_details/shared/entity_store_risk_utils';
 import { NO_CORRESPONDING_ENTITY_EXISTS } from '../../../../flyout/entity_details/shared/translations';
 import { useSecurityDefaultPatterns } from '../../../../data_view_manager/hooks/use_security_default_patterns';
@@ -396,9 +396,9 @@ const UsersDetailsComponent: React.FC<UsersDetailsProps> = ({
                   />
                   <EuiSpacer size="m" />
                   <UserObservedDataSection
-                    userName={detailName}
+                    entityType={EntityType.user}
                     identityFields={resolvedIdentityFields}
-                    observedUser={observedUser}
+                    observedData={observedUser}
                     contextID={PageScope.explore}
                     scopeId={PageScope.explore}
                     queryId={USER_PANEL_OBSERVED_USER_QUERY_ID}

x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/left/components/entities_details.tsx

@@ -5,7 +5,7 @@
  * 2.0.
  */
 
-import React from 'react';
+import React, { useMemo } from 'react';
 import { EuiFlexGroup, EuiFlexItem, EuiSpacer, EuiTitle } from '@elastic/eui';
 import { FormattedMessage } from '@kbn/i18n-react';
 import { FF_ENABLE_ENTITY_STORE_V2, useEntityStoreEuidApi } from '@kbn/entity-store/public';
@@ -22,9 +22,25 @@ import { ENTITIES_DETAILS_TEST_ID } from './test_ids';
 import { useUiSetting } from '../../../../common/lib/kibana';
 import { useEntityFromStore } from '../../../entity_details/shared/hooks/use_entity_from_store';
 import type { GetFieldsData } from '../../shared/hooks/use_get_fields_data';
+import type { CspInsightLeftPanelSubTab } from '../../../entity_details/shared/components/left_panel/left_panel_header';
+import type { FieldLinkRenderer } from '../../../entity_details/shared/components/entity_table/types';
 
 export const ENTITIES_TAB_ID = 'entity';
 
+export interface EntitySectionOverrides {
+  /** Called when the user clicks to preview the entity in a side panel instead of navigating away. */
+  onPreviewEntity?: () => void;
+  /** Called when the user clicks a tab that opens a CSP insight sub-panel. */
+  onShowDetailsPanel?: (subTab: CspInsightLeftPanelSubTab) => void;
+  /** Custom renderer for entity link fields; receives the field name, raw value, and optional children. */
+  linkRenderer?: FieldLinkRenderer;
+}
+
+export interface EntitySectionOverrideBuilders {
+  buildUserOverrides?: (entity: { name: string; entityId?: string }) => EntitySectionOverrides;
+  buildHostOverrides?: (entity: { name: string; entityId?: string }) => EntitySectionOverrides;
+}
+
 const resolveUserDisplayForEntities = (
   identityFields: IdentityFields | undefined,
   getFieldsData: GetFieldsData
@@ -44,7 +60,10 @@ const resolveHostDisplayForEntities = (
 /**
  * Entities displayed in the document details expandable flyout left section under the Insights tab
  */
-export const EntitiesDetails: React.FC = () => {
+export const EntitiesDetails: React.FC<EntitySectionOverrideBuilders> = ({
+  buildUserOverrides,
+  buildHostOverrides,
+}) => {
   const { getFieldsData, scopeId, dataAsNestedObject } = useDocumentDetailsContext();
   const timestamp = getField(getFieldsData('@timestamp'));
 
@@ -103,6 +122,25 @@ export const EntitiesDetails: React.FC = () => {
   const userDisplayName = userEntityFromStore.entityRecord?.entity?.name ?? resolvedUserName;
   const hostDisplayName = hostEntityFromStore.entityRecord?.entity?.name ?? resolvedHostName;
 
+  const userStoreEntityId = userEntityFromStore?.entityRecord?.entity?.id;
+  const hostStoreEntityId = hostEntityFromStore?.entityRecord?.entity?.id;
+
+  const userOverrides = useMemo(
+    () =>
+      userDisplayName != null
+        ? buildUserOverrides?.({ name: userDisplayName, entityId: userStoreEntityId })
+        : undefined,
+    [buildUserOverrides, userDisplayName, userStoreEntityId]
+  );
+
+  const hostOverrides = useMemo(
+    () =>
+      hostDisplayName != null
+        ? buildHostOverrides?.({ name: hostDisplayName, entityId: hostStoreEntityId })
+        : undefined,
+    [buildHostOverrides, hostDisplayName, hostStoreEntityId]
+  );
+
   const showUserDetails = timestamp != null && userDisplayName != null;
   const showHostDetails =
     hostEntityIdentifiers != null && timestamp != null && hostDisplayName != null;
@@ -125,9 +163,10 @@ export const EntitiesDetails: React.FC = () => {
               <EuiSpacer size="s" />
               <UserDetails
                 userName={userDisplayName}
-                entityId={userEntityFromStore?.entityRecord?.entity?.id}
+                entityId={userStoreEntityId}
                 timestamp={timestamp}
                 scopeId={scopeId}
+                {...userOverrides}
               />
             </EuiFlexItem>
           )}
@@ -145,10 +184,11 @@ export const EntitiesDetails: React.FC = () => {
 
               <HostDetails
                 hostName={hostDisplayName}
-                entityId={hostEntityFromStore?.entityRecord?.entity?.id}
+                entityId={hostStoreEntityId}
                 timestamp={timestamp}
                 scopeId={scopeId}
                 hostEntityFromStoreResult={entityStoreV2Enabled ? hostEntityFromStore : undefined}
+                {...hostOverrides}
               />
             </EuiFlexItem>
           )}