[Entity Analytics][9.0] Remove all legacy risk engine code and features #201810
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
… when engine has been installed
hop-dev
changed the title
hop-dev
added
release_note:deprecation
backport:skip
|
/ci |
|
/ci |
|
/ci |
|
/ci |
… into delete-legacy-risk-engine
angorayc
approved these changes
Jan 6, 2025
Ikuni17
approved these changes
Jan 7, 2025
MadameSheema
reviewed
Jan 9, 2025
...ty_solution_cypress/cypress/e2e/entity_analytics/dashboards/enable_risk_score_redirect.cy.ts
Show resolved
Hide resolved
| cy.get(ENABLE_HOST_RISK_SCORE_BUTTON).should('be.visible'); | ||
|
|
||
| cy.get(ENABLE_USER_RISK_SCORE_BUTTON).should('be.visible'); | ||
| it('shows enable risk button', () => { |
There was a problem hiding this comment.
It would be great if we can invest time to try to unskip this spec file :)
| }); | ||
|
|
||
| after(() => { | ||
| cy.task('esArchiverUnload', { archiveName: 'risk_users' }); | ||
| }); | ||
|
|
||
| describe('Custom query rule', () => { |
There was a problem hiding this comment.
Same as before, it would be great to try to unskip the test :)
x-pack/test/security_solution_cypress/cypress/e2e/entity_analytics/host_details/risk_tab.cy.ts
Outdated
Show resolved
Hide resolved
x-pack/test/security_solution_cypress/cypress/e2e/entity_analytics/hosts/host_risk_tab.cy.ts
Outdated
Show resolved
Hide resolved
...ck/test/security_solution_cypress/cypress/e2e/entity_analytics/hosts/hosts_risk_column.cy.ts
Outdated
Show resolved
Hide resolved
MadameSheema
approved these changes
Jan 10, 2025
This reverts commit 818cbdd.
|
@elasticmachine merge upstream |
💚 Build Succeeded
Metrics [docs]Module Count
Async chunks
Page load bundle
Unknown metric groupsESLint disabled line counts
References to deprecated APIs
Total ESLint disabled count
History
cc @hop-dev |
viduni94
pushed a commit
to viduni94/kibana
that referenced
this pull request
Jan 23, 2025
machadoum
added a commit
that referenced
this pull request
May 6, 2025
…219858) ## Summary Closes #219490 Fix an error toast appearing when changing an entities asset criticality from the entity flyout. See video on issue above for more detail. We were seeing the risk score request be aborted and this was creating the error toast. - Do not toast if an abort error is thrown - Do not abort the request unless the component receives `skip:true` ### Test Steps 1. Use the security document generator `yarn start entity-store` command to load entities and enable the risk engine 2. Enable the entity store 3. from the entities table open the entity flyout 4. Assign/change asset criticality 5. observe the error is not present ### Why did the bug happen? The risk score component stops rendering because the conditions for aborting and searching differ. So we aborted the HTTP call but didn't search again. I believe this PR #201810 introduced the bug --------- Co-authored-by: machadoum <pablo.nevesmachado@elastic.co>
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
May 6, 2025
…lastic#219858) ## Summary Closes elastic#219490 Fix an error toast appearing when changing an entities asset criticality from the entity flyout. See video on issue above for more detail. We were seeing the risk score request be aborted and this was creating the error toast. - Do not toast if an abort error is thrown - Do not abort the request unless the component receives `skip:true` ### Test Steps 1. Use the security document generator `yarn start entity-store` command to load entities and enable the risk engine 2. Enable the entity store 3. from the entities table open the entity flyout 4. Assign/change asset criticality 5. observe the error is not present ### Why did the bug happen? The risk score component stops rendering because the conditions for aborting and searching differ. So we aborted the HTTP call but didn't search again. I believe this PR elastic#201810 introduced the bug --------- Co-authored-by: machadoum <pablo.nevesmachado@elastic.co> (cherry picked from commit 64d20bb)
akowalska622
pushed a commit
to akowalska622/kibana
that referenced
this pull request
May 29, 2025
…lastic#219858) ## Summary Closes elastic#219490 Fix an error toast appearing when changing an entities asset criticality from the entity flyout. See video on issue above for more detail. We were seeing the risk score request be aborted and this was creating the error toast. - Do not toast if an abort error is thrown - Do not abort the request unless the component receives `skip:true` ### Test Steps 1. Use the security document generator `yarn start entity-store` command to load entities and enable the risk engine 2. Enable the entity store 3. from the entities table open the entity flyout 4. Assign/change asset criticality 5. observe the error is not present ### Why did the bug happen? The risk score component stops rendering because the conditions for aborting and searching differ. So we aborted the HTTP call but didn't search again. I believe this PR elastic#201810 introduced the bug --------- Co-authored-by: machadoum <pablo.nevesmachado@elastic.co>
qn895
pushed a commit
to qn895/kibana
that referenced
this pull request
Jun 3, 2025
…lastic#219858) ## Summary Closes elastic#219490 Fix an error toast appearing when changing an entities asset criticality from the entity flyout. See video on issue above for more detail. We were seeing the risk score request be aborted and this was creating the error toast. - Do not toast if an abort error is thrown - Do not abort the request unless the component receives `skip:true` ### Test Steps 1. Use the security document generator `yarn start entity-store` command to load entities and enable the risk engine 2. Enable the entity store 3. from the entities table open the entity flyout 4. Assign/change asset criticality 5. observe the error is not present ### Why did the bug happen? The risk score component stops rendering because the conditions for aborting and searching differ. So we aborted the HTTP call but didn't search again. I believe this PR elastic#201810 introduced the bug --------- Co-authored-by: machadoum <pablo.nevesmachado@elastic.co>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Closes https://github.com/elastic/security-team/issues/11253
Breaking change proposal: https://github.com/elastic/dev/issues/2822
The host and user risk scoring modules or "legacy risk engine" as we often call it internally, has been superseded since v8.10.0 by the risk engine. We submitted a breaking change proposal for v9.0.0 to remove all support to this legacy approach which was approved.
In 8.18 users will be given a warning if they are still using the legacy risk engine and directed to upgrade, this is implemented in #202775.
Changes
Deletions
ml_risk_score*indices