[8.x] [Entity Analytics] Removing the prevention mechanism for enabli…

…ng risk score in multiple spaces (#192671) (#193843)

# Backport

This will backport the following commits from `main` to `8.x`:
- [[Entity Analytics] Removing the prevention mechanism for enabling
risk score in multiple spaces
(#192671)](#192671)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Abhishek
Bhatia","email":"117628830+abhishekbhatia1710@users.noreply.github.com"},"sourceCommit":{"committedDate":"2024-09-24T10:08:27Z","message":"[Entity
Analytics] Removing the prevention mechanism for enabling risk score in
multiple spaces (#192671)\n\n## Summary\r\n\r\n\r\nThis PR removes the
restriction that prevents the risk engine from being\r\nenabled across
multiple spaces in the UI.\r\n\r\nCurrent UI prevention mechanism :
\r\n\r\n![image](https://github.com/user-attachments/assets/e79fbc70-57bc-497d-98da-1076f758d211)\r\n\r\n\r\nNote:
This change applies only to the UI, as the feature is
already\r\nimplemented in the backend.\r\n\r\n###
Checklist\r\n\r\nDelete any items that are not applicable to this
PR.\r\n\r\n- [x] Any UI touched in this PR is usable by keyboard only
(learn more\r\nabout [keyboard
accessibility](https://webaim.org/techniques/keyboard/))\r\n- [x] Any UI
touched in this PR does not create any new axe failures\r\n(run axe in
browser:\r\n[FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/),\r\n[Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US))\r\n-
[x] If a plugin configuration key changed, check if it needs to
be\r\nallowlisted in the cloud and added to the
[docker\r\nlist](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)\r\n-
[x] This renders correctly on smaller devices using a
responsive\r\nlayout. (You can test this [in
your\r\nbrowser](https://www.browserstack.com/guide/responsive-testing-on-local-server))\r\n-
[x] This was checked for
[cross-browser\r\ncompatibility](https://www.elastic.co/support/matrix#matrix_browsers)\r\n\r\n\r\n###
For maintainers\r\n\r\n- [ ] This was checked for breaking API changes
and was
[labeled\r\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\r\n\r\n---------\r\n\r\nCo-authored-by:
kibanamachine
<42973632+kibanamachine@users.noreply.github.com>","sha":"e1a88b641a9c974142f5bacc29762b02b656635b","branchLabelMapping":{"^v9.0.0$":"main","^v8.16.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["v9.0.0","release_note:feature","backport:prev-minor","Feature:Entity
Analytics","Team:Entity Analytics"],"title":"[Entity Analytics] Removing
the prevention mechanism for enabling risk score in multiple
spaces","number":192671,"url":"#192671
Analytics] Removing the prevention mechanism for enabling risk score in
multiple spaces (#192671)\n\n## Summary\r\n\r\n\r\nThis PR removes the
restriction that prevents the risk engine from being\r\nenabled across
multiple spaces in the UI.\r\n\r\nCurrent UI prevention mechanism :
\r\n\r\n![image](https://github.com/user-attachments/assets/e79fbc70-57bc-497d-98da-1076f758d211)\r\n\r\n\r\nNote:
This change applies only to the UI, as the feature is
already\r\nimplemented in the backend.\r\n\r\n###
Checklist\r\n\r\nDelete any items that are not applicable to this
PR.\r\n\r\n- [x] Any UI touched in this PR is usable by keyboard only
(learn more\r\nabout [keyboard
accessibility](https://webaim.org/techniques/keyboard/))\r\n- [x] Any UI
touched in this PR does not create any new axe failures\r\n(run axe in
browser:\r\n[FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/),\r\n[Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US))\r\n-
[x] If a plugin configuration key changed, check if it needs to
be\r\nallowlisted in the cloud and added to the
[docker\r\nlist](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)\r\n-
[x] This renders correctly on smaller devices using a
responsive\r\nlayout. (You can test this [in
your\r\nbrowser](https://www.browserstack.com/guide/responsive-testing-on-local-server))\r\n-
[x] This was checked for
[cross-browser\r\ncompatibility](https://www.elastic.co/support/matrix#matrix_browsers)\r\n\r\n\r\n###
For maintainers\r\n\r\n- [ ] This was checked for breaking API changes
and was
[labeled\r\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\r\n\r\n---------\r\n\r\nCo-authored-by:
kibanamachine
<42973632+kibanamachine@users.noreply.github.com>","sha":"e1a88b641a9c974142f5bacc29762b02b656635b"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"#192671
Analytics] Removing the prevention mechanism for enabling risk score in
multiple spaces (#192671)\n\n## Summary\r\n\r\n\r\nThis PR removes the
restriction that prevents the risk engine from being\r\nenabled across
multiple spaces in the UI.\r\n\r\nCurrent UI prevention mechanism :
\r\n\r\n![image](https://github.com/user-attachments/assets/e79fbc70-57bc-497d-98da-1076f758d211)\r\n\r\n\r\nNote:
This change applies only to the UI, as the feature is
already\r\nimplemented in the backend.\r\n\r\n###
Checklist\r\n\r\nDelete any items that are not applicable to this
PR.\r\n\r\n- [x] Any UI touched in this PR is usable by keyboard only
(learn more\r\nabout [keyboard
accessibility](https://webaim.org/techniques/keyboard/))\r\n- [x] Any UI
touched in this PR does not create any new axe failures\r\n(run axe in
browser:\r\n[FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/),\r\n[Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US))\r\n-
[x] If a plugin configuration key changed, check if it needs to
be\r\nallowlisted in the cloud and added to the
[docker\r\nlist](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)\r\n-
[x] This renders correctly on smaller devices using a
responsive\r\nlayout. (You can test this [in
your\r\nbrowser](https://www.browserstack.com/guide/responsive-testing-on-local-server))\r\n-
[x] This was checked for
[cross-browser\r\ncompatibility](https://www.elastic.co/support/matrix#matrix_browsers)\r\n\r\n\r\n###
For maintainers\r\n\r\n- [ ] This was checked for breaking API changes
and was
[labeled\r\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\r\n\r\n---------\r\n\r\nCo-authored-by:
kibanamachine
<42973632+kibanamachine@users.noreply.github.com>","sha":"e1a88b641a9c974142f5bacc29762b02b656635b"}}]}]
BACKPORT-->

Co-authored-by: Abhishek Bhatia <117628830+abhishekbhatia1710@users.noreply.github.com>

x-pack/plugins/security_solution/common/api/entity_analytics/risk_engine/engine_status_route.gen.ts

@@ -45,10 +45,6 @@ export type RiskEngineStatusResponse = z.infer<typeof RiskEngineStatusResponse>;
 export const RiskEngineStatusResponse = z.object({
   legacy_risk_engine_status: RiskEngineStatus,
   risk_engine_status: RiskEngineStatus,
-  /**
-   * Indicates whether the maximum amount of risk engines has been reached
-   */
-  is_max_amount_of_risk_engines_reached: z.boolean(),
   risk_engine_task_status: RiskEngineTaskStatus.optional(),
 });
 

x-pack/plugins/security_solution/common/api/entity_analytics/risk_engine/engine_status_route.schema.yaml

@@ -59,14 +59,10 @@ components:
       required:
         - legacy_risk_engine_status
         - risk_engine_status
-        - is_max_amount_of_risk_engines_reached
       properties:
         legacy_risk_engine_status:
           $ref: '#/components/schemas/RiskEngineStatus'
         risk_engine_status:
           $ref: '#/components/schemas/RiskEngineStatus'
-        is_max_amount_of_risk_engines_reached:
-          description: Indicates whether the maximum amount of risk engines has been reached
-          type: boolean
         risk_engine_task_status:
           $ref: '#/components/schemas/RiskEngineTaskStatus'

x-pack/plugins/security_solution/common/entity_analytics/risk_engine/constants.ts

@@ -17,8 +17,6 @@ export const RISK_ENGINE_SETTINGS_URL = `${RISK_ENGINE_URL}/settings` as const;
 export const PUBLIC_RISK_ENGINE_URL = `${PUBLIC_RISK_SCORE_URL}/engine` as const;
 export const RISK_ENGINE_SCHEDULE_NOW_URL = `${RISK_ENGINE_URL}/schedule_now` as const;
 
-export const MAX_SPACES_COUNT = 1;
-
 type ClusterPrivilege = 'manage_index_templates' | 'manage_transform';
 export const RISK_ENGINE_REQUIRED_ES_CLUSTER_PRIVILEGES = [
   'manage_index_templates',

x-pack/plugins/security_solution/public/entity_analytics/api/hooks/use_risk_engine_status.ts

@@ -62,7 +62,6 @@ export const useRiskEngineStatus = (
           isNewRiskScoreModuleAvailable,
           risk_engine_status: null,
           legacy_risk_engine_status: null,
-          is_max_amount_of_risk_engines_reached: false,
           risk_engine_task_status: null,
         };
       }

x-pack/plugins/security_solution/public/entity_analytics/components/risk_score_enable_section.tsx

@@ -37,7 +37,6 @@ import { useRiskEngineStatus } from '../api/hooks/use_risk_engine_status';
 import { useInitRiskEngineMutation } from '../api/hooks/use_init_risk_engine_mutation';
 import { useEnableRiskEngineMutation } from '../api/hooks/use_enable_risk_engine_mutation';
 import { useDisableRiskEngineMutation } from '../api/hooks/use_disable_risk_engine_mutation';
-import { MAX_SPACES_COUNT } from '../../../common/entity_analytics/risk_engine';
 import { useAppToasts } from '../../common/hooks/use_app_toasts';
 import { RiskInformationFlyout } from './risk_information';
 import { useOnOpenCloseHandler } from '../../helper_hooks';
@@ -252,22 +251,6 @@ export const RiskScoreEnableSection: React.FC<{
     const errorBody = initRiskEngineMutation.error.body;
     initRiskEngineErrors = [errorBody.message];
   }
-
-  if (
-    currentRiskEngineStatus !== RiskEngineStatusEnum.ENABLED &&
-    riskEngineStatus?.is_max_amount_of_risk_engines_reached
-  ) {
-    return (
-      <EuiCallOut
-        title={i18n.getMaxSpaceTitle(MAX_SPACES_COUNT)}
-        color="warning"
-        iconType="error"
-        data-test-subj="risk-score-warning-panel"
-      >
-        <p>{i18n.MAX_SPACE_PANEL_MESSAGE}</p>
-      </EuiCallOut>
-    );
-  }
   return (
     <>
       <>

x-pack/plugins/security_solution/server/lib/entity_analytics/risk_engine/risk_engine_data_client.ts

@@ -10,13 +10,12 @@ import type { TaskManagerStartContract } from '@kbn/task-manager-plugin/server';
 import type { AuditLogger } from '@kbn/security-plugin-types-server';
 import { RiskEngineStatusEnum } from '../../../../common/api/entity_analytics';
 import type { InitRiskEngineResult } from '../../../../common/entity_analytics/risk_engine';
-import { MAX_SPACES_COUNT, RiskScoreEntity } from '../../../../common/entity_analytics/risk_engine';
+import { RiskScoreEntity } from '../../../../common/entity_analytics/risk_engine';
 import { removeLegacyTransforms, getLegacyTransforms } from '../utils/transforms';
 import {
   updateSavedObjectAttribute,
   getConfiguration,
   initSavedObjects,
-  getEnabledRiskEngineAmount,
   deleteSavedObjects,
 } from './utils/saved_object_configuration';
 import { bulkDeleteSavedObjects } from '../../risk_score/prebuilt_saved_objects/helpers/bulk_delete_saved_objects';
@@ -119,7 +118,6 @@ export class RiskEngineDataClient {
   }) {
     const riskEngineStatus = await this.getCurrentStatus();
     const legacyRiskEngineStatus = await this.getLegacyStatus({ namespace });
-    const isMaxAmountOfRiskEnginesReached = await this.getIsMaxAmountOfRiskEnginesReached();
 
     const taskStatus =
       riskEngineStatus === 'ENABLED' && taskManager
@@ -139,7 +137,6 @@ export class RiskEngineDataClient {
     return {
       riskEngineStatus,
       legacyRiskEngineStatus,
-      isMaxAmountOfRiskEnginesReached,
       taskStatus,
     };
   }
@@ -303,29 +300,6 @@ export class RiskEngineDataClient {
     return RiskEngineStatusEnum.NOT_INSTALLED;
   }
 
-  private async getIsMaxAmountOfRiskEnginesReached() {
-    try {
-      const amountOfEnabledConfigurations = await getEnabledRiskEngineAmount({
-        savedObjectsClient: this.options.soClient,
-      });
-
-      this.options.auditLogger?.log({
-        message: 'System checked if the risk engine is enabled in each space',
-        event: {
-          action: RiskEngineAuditActions.RISK_ENGINE_STATUS_FOR_ALL_SPACES_GET,
-          category: AUDIT_CATEGORY.DATABASE,
-          type: AUDIT_TYPE.ACCESS,
-          outcome: AUDIT_OUTCOME.SUCCESS,
-        },
-      });
-
-      return amountOfEnabledConfigurations >= MAX_SPACES_COUNT;
-    } catch (e) {
-      this.options.logger.error(`Error while getting amount of enabled risk engines: ${e.message}`);
-      return false;
-    }
-  }
-
   private async getLegacyStatus({ namespace }: { namespace: string }) {
     const transforms = await getLegacyTransforms({ namespace, esClient: this.options.esClient });
 

x-pack/plugins/security_solution/server/lib/entity_analytics/risk_engine/routes/status.ts

@@ -35,20 +35,15 @@ export const riskEngineStatusRoute = (
         const [_, { taskManager }] = await getStartServices();
 
         try {
-          const {
-            riskEngineStatus,
-            legacyRiskEngineStatus,
-            isMaxAmountOfRiskEnginesReached,
-            taskStatus,
-          } = await riskEngineClient.getStatus({
-            namespace: spaceId,
-            taskManager,
-          });
+          const { riskEngineStatus, legacyRiskEngineStatus, taskStatus } =
+            await riskEngineClient.getStatus({
+              namespace: spaceId,
+              taskManager,
+            });
 
           const body: RiskEngineStatusResponse = {
             risk_engine_status: riskEngineStatus,
             legacy_risk_engine_status: legacyRiskEngineStatus,
-            is_max_amount_of_risk_engines_reached: isMaxAmountOfRiskEnginesReached,
             risk_engine_task_status: taskStatus,
           };
 

x-pack/plugins/security_solution/server/lib/entity_analytics/risk_engine/utils/saved_object_configuration.ts

@@ -37,18 +37,6 @@ const getConfigurationSavedObject = async ({
   return savedObjectsResponse.saved_objects?.[0];
 };
 
-export const getEnabledRiskEngineAmount = async ({
-  savedObjectsClient,
-}: SavedObjectsClientArg): Promise<number> => {
-  const savedObjectsResponse = await savedObjectsClient.find<RiskEngineConfiguration>({
-    type: riskEngineConfigurationTypeName,
-    namespaces: ['*'],
-  });
-
-  return savedObjectsResponse.saved_objects?.filter((config) => config?.attributes?.enabled)
-    ?.length;
-};
-
 export const updateSavedObjectAttribute = async ({
   savedObjectsClient,
   attributes,

x-pack/test/security_solution_api_integration/test_suites/entity_analytics/risk_engine/trial_license_complete_tier/init_and_status_apis.ts

@@ -347,7 +347,6 @@ export default ({ getService }: FtrProviderContext) => {
         expect(status1.body).to.eql({
           risk_engine_status: 'NOT_INSTALLED',
           legacy_risk_engine_status: 'NOT_INSTALLED',
-          is_max_amount_of_risk_engines_reached: false,
         });
 
         await riskEngineRoutes.init();
@@ -356,7 +355,6 @@ export default ({ getService }: FtrProviderContext) => {
 
         expect(status2.body.risk_engine_status).to.be('ENABLED');
         expect(status2.body.legacy_risk_engine_status).to.be('NOT_INSTALLED');
-        expect(status2.body.is_max_amount_of_risk_engines_reached).to.be(true);
 
         expect(status2.body.risk_engine_task_status.runAt).to.be.a('string');
         expect(status2.body.risk_engine_task_status.status).to.be('idle');
@@ -368,15 +366,13 @@ export default ({ getService }: FtrProviderContext) => {
         expect(status3.body).to.eql({
           risk_engine_status: 'DISABLED',
           legacy_risk_engine_status: 'NOT_INSTALLED',
-          is_max_amount_of_risk_engines_reached: false,
         });
 
         await riskEngineRoutes.enable();
         const status4 = await riskEngineRoutes.getStatus();
 
         expect(status4.body.risk_engine_status).to.be('ENABLED');
         expect(status4.body.legacy_risk_engine_status).to.be('NOT_INSTALLED');
-        expect(status4.body.is_max_amount_of_risk_engines_reached).to.be(true);
 
         expect(status4.body.risk_engine_task_status.runAt).to.be.a('string');
         expect(status4.body.risk_engine_task_status.status).to.be('idle');
@@ -390,7 +386,6 @@ export default ({ getService }: FtrProviderContext) => {
         expect(status1.body).to.eql({
           risk_engine_status: 'NOT_INSTALLED',
           legacy_risk_engine_status: 'ENABLED',
-          is_max_amount_of_risk_engines_reached: false,
         });
 
         await riskEngineRoutes.init();
@@ -399,7 +394,6 @@ export default ({ getService }: FtrProviderContext) => {
 
         expect(status2.body.risk_engine_status).to.be('ENABLED');
         expect(status2.body.legacy_risk_engine_status).to.be('NOT_INSTALLED');
-        expect(status2.body.is_max_amount_of_risk_engines_reached).to.be(true);
 
         expect(status2.body.risk_engine_task_status.runAt).to.be.a('string');
         expect(status2.body.risk_engine_task_status.status).to.be('idle');

x-pack/test/security_solution_cypress/cypress/tasks/entity_analytics.ts

@@ -65,7 +65,6 @@ export const mockRiskEngineEnabled = () => {
     body: {
       risk_engine_status: 'ENABLED',
       legacy_risk_engine_status: 'INSTALLED',
-      is_max_amount_of_risk_engines_reached: false,
     },
   }).as('riskEngineStatus');