[Security Solution] [BUG] Legacy risk score is not displayed on Entity Analytics Dashboard

[machadoum]

Describe the bug:
Legacy risk score is not displayed on the Entity Analytics Dashboard

Kibana/Elasticsearch Stack version:
8.18.0 (8.x branch)

Steps to reproduce:

1. Install the legacy risk score (by document generator or using and old kibana version and upgrading)
2. Open entity analytics dashboard
3. The Risk score panels should show the legacy risk score values

Current behavior:
It shows empty panels

Expected behavior:
The Risk score panels should show the legacy risk score values

Screenshots (if relevant):

[elasticmachine]

Pinging @elastic/security-solution (Team: SecuritySolution)

[elasticmachine]

Pinging @elastic/security-entity-analytics (Team:Entity Analytics)

[jaredburgettelastic]

@machadoum can you please test this one now that the fix has been merged

[muskangulati-qasource]

Hi @machadoum,

We have tested this ticket on the 8.18.0 BC5 build. Please find below the testing details:

Build details:

VERSION: 8.18.0
BUILD: 82557
COMMIT: b1da764d7db918082e4b9b82a8df5007f555e9b0

Observations and screen shots
When entity store is disabled and risk score is enabled:

When entity store is enabled and risk score is disabled:

When both entity store and risk score are disabled:

When both entity store and risk score are enabled:

Please let us know if anything else is required from our end.

Thank you!

[machadoum]

@muskangulati-qasource Have you Installed the legacy risk score for these tests?

[muskangulati-qasource]

Hi @machadoum,

We have validated this issue on 8.5.3 release build and below are our observations:

Build details:

VERSION: 8.5.3
BUILD: 57217
COMMIT: 93852c98d9e9902fe166302fae10bc8c5f3502fb

8.5.3:

• User and host risk enabled:

• User risk enabled, host risk disabled:

• User risk disabled, host risk enabled:

• User risk disabled, host risk disabled:

8.18.0:
After upgrade, we see the below UI in every space:

After clicking on 'Manage', the user is navigated to the Entity Risk score tab and is asked to update :

And, we are successfully able to view the risk scores data generated before upgrade:

Everything seems to be working fine on the Entity Analytics dashboard:

Please let us know if anything else is required from our end.

Thank you!

[machadoum]

@muskangulati-qasource It looks like you were able to reproduce the bug here:

@hop-dev will dig into it.

[hop-dev]

@muskangulati-qasource am I able to access this test environment to run some searches? Thanks

[muskangulati-qasource]

Hi @hop-dev,

Please find the credentials here for the environment that is now upgraded to 8.18.0: https://p.elstc.co/paste/tjkckfIw#+7Drx3ENAbtMeYGNQVlcxOypzRVE0PeO77iPLLfgppx

Thanks!

[hop-dev]

Thanks @muskangulati-qasource this is a case of a missed backport, I have put the PR in now #213249

[MadameSheema]

@hop-dev please add the fixed label once the backport PR is merged. I would deeply appreciate if you can add the labels of the versions where the fix is availalble.

Thanks!! :)