[8.x] [Entity Analytics] Removing the prevention mechanism for enabling risk score in multiple spaces (#192671)

x-pack/plugins/security_solution/common/api/entity_analytics/risk_engine/engine_status_route.gen.ts

@@ -45,10 +45,6 @@ export type RiskEngineStatusResponse = z.infer<typeof RiskEngineStatusResponse>;
 export const RiskEngineStatusResponse = z.object({
   legacy_risk_engine_status: RiskEngineStatus,
   risk_engine_status: RiskEngineStatus,
-  /**
-   * Indicates whether the maximum amount of risk engines has been reached
-   */
-  is_max_amount_of_risk_engines_reached: z.boolean(),
   risk_engine_task_status: RiskEngineTaskStatus.optional(),
 });
 

x-pack/plugins/security_solution/common/api/entity_analytics/risk_engine/engine_status_route.schema.yaml

@@ -59,14 +59,10 @@ components:
       required:
         - legacy_risk_engine_status
         - risk_engine_status
-        - is_max_amount_of_risk_engines_reached
       properties:
         legacy_risk_engine_status:
           $ref: '#/components/schemas/RiskEngineStatus'
         risk_engine_status:
           $ref: '#/components/schemas/RiskEngineStatus'
-        is_max_amount_of_risk_engines_reached:
-          description: Indicates whether the maximum amount of risk engines has been reached
-          type: boolean
         risk_engine_task_status:
           $ref: '#/components/schemas/RiskEngineTaskStatus'

x-pack/plugins/security_solution/common/entity_analytics/risk_engine/constants.ts

@@ -17,8 +17,6 @@ export const RISK_ENGINE_SETTINGS_URL = `${RISK_ENGINE_URL}/settings` as const;
 export const PUBLIC_RISK_ENGINE_URL = `${PUBLIC_RISK_SCORE_URL}/engine` as const;
 export const RISK_ENGINE_SCHEDULE_NOW_URL = `${RISK_ENGINE_URL}/schedule_now` as const;
 
-export const MAX_SPACES_COUNT = 1;
-
 type ClusterPrivilege = 'manage_index_templates' | 'manage_transform';
 export const RISK_ENGINE_REQUIRED_ES_CLUSTER_PRIVILEGES = [
   'manage_index_templates',

x-pack/plugins/security_solution/public/entity_analytics/api/hooks/use_risk_engine_status.ts

@@ -62,7 +62,6 @@ export const useRiskEngineStatus = (
           isNewRiskScoreModuleAvailable,
           risk_engine_status: null,
           legacy_risk_engine_status: null,
-          is_max_amount_of_risk_engines_reached: false,
           risk_engine_task_status: null,
         };
       }

x-pack/plugins/security_solution/public/entity_analytics/components/risk_score_enable_section.tsx

@@ -37,7 +37,6 @@ import { useRiskEngineStatus } from '../api/hooks/use_risk_engine_status';
 import { useInitRiskEngineMutation } from '../api/hooks/use_init_risk_engine_mutation';
 import { useEnableRiskEngineMutation } from '../api/hooks/use_enable_risk_engine_mutation';
 import { useDisableRiskEngineMutation } from '../api/hooks/use_disable_risk_engine_mutation';
-import { MAX_SPACES_COUNT } from '../../../common/entity_analytics/risk_engine';
 import { useAppToasts } from '../../common/hooks/use_app_toasts';
 import { RiskInformationFlyout } from './risk_information';
 import { useOnOpenCloseHandler } from '../../helper_hooks';
@@ -252,22 +251,6 @@ export const RiskScoreEnableSection: React.FC<{
     const errorBody = initRiskEngineMutation.error.body;
     initRiskEngineErrors = [errorBody.message];
   }
-
-  if (
-    currentRiskEngineStatus !== RiskEngineStatusEnum.ENABLED &&
-    riskEngineStatus?.is_max_amount_of_risk_engines_reached
-  ) {
-    return (
-      <EuiCallOut
-        title={i18n.getMaxSpaceTitle(MAX_SPACES_COUNT)}
-        color="warning"
-        iconType="error"
-        data-test-subj="risk-score-warning-panel"
-      >
-        <p>{i18n.MAX_SPACE_PANEL_MESSAGE}</p>
-      </EuiCallOut>
-    );
-  }
   return (
     <>
       <>

x-pack/plugins/security_solution/server/lib/entity_analytics/risk_engine/risk_engine_data_client.ts

@@ -10,13 +10,12 @@ import type { TaskManagerStartContract } from '@kbn/task-manager-plugin/server';
 import type { AuditLogger } from '@kbn/security-plugin-types-server';
 import { RiskEngineStatusEnum } from '../../../../common/api/entity_analytics';
 import type { InitRiskEngineResult } from '../../../../common/entity_analytics/risk_engine';
-import { MAX_SPACES_COUNT, RiskScoreEntity } from '../../../../common/entity_analytics/risk_engine';
+import { RiskScoreEntity } from '../../../../common/entity_analytics/risk_engine';
 import { removeLegacyTransforms, getLegacyTransforms } from '../utils/transforms';
 import {
   updateSavedObjectAttribute,
   getConfiguration,
   initSavedObjects,
-  getEnabledRiskEngineAmount,
   deleteSavedObjects,
 } from './utils/saved_object_configuration';
 import { bulkDeleteSavedObjects } from '../../risk_score/prebuilt_saved_objects/helpers/bulk_delete_saved_objects';
@@ -119,7 +118,6 @@ export class RiskEngineDataClient {
   }) {
     const riskEngineStatus = await this.getCurrentStatus();
     const legacyRiskEngineStatus = await this.getLegacyStatus({ namespace });
-    const isMaxAmountOfRiskEnginesReached = await this.getIsMaxAmountOfRiskEnginesReached();
 
     const taskStatus =
       riskEngineStatus === 'ENABLED' && taskManager
@@ -139,7 +137,6 @@ export class RiskEngineDataClient {
     return {
       riskEngineStatus,
       legacyRiskEngineStatus,
-      isMaxAmountOfRiskEnginesReached,
       taskStatus,
     };
   }
@@ -303,29 +300,6 @@ export class RiskEngineDataClient {
     return RiskEngineStatusEnum.NOT_INSTALLED;
   }
 
-  private async getIsMaxAmountOfRiskEnginesReached() {
-    try {
-      const amountOfEnabledConfigurations = await getEnabledRiskEngineAmount({
-        savedObjectsClient: this.options.soClient,
-      });
-
-      this.options.auditLogger?.log({
-        message: 'System checked if the risk engine is enabled in each space',
-        event: {
-          action: RiskEngineAuditActions.RISK_ENGINE_STATUS_FOR_ALL_SPACES_GET,
-          category: AUDIT_CATEGORY.DATABASE,
-          type: AUDIT_TYPE.ACCESS,
-          outcome: AUDIT_OUTCOME.SUCCESS,
-        },
-      });
-
-      return amountOfEnabledConfigurations >= MAX_SPACES_COUNT;
-    } catch (e) {
-      this.options.logger.error(`Error while getting amount of enabled risk engines: ${e.message}`);
-      return false;
-    }
-  }
-
   private async getLegacyStatus({ namespace }: { namespace: string }) {
     const transforms = await getLegacyTransforms({ namespace, esClient: this.options.esClient });
 

x-pack/plugins/security_solution/server/lib/entity_analytics/risk_engine/routes/status.ts

@@ -35,20 +35,15 @@ export const riskEngineStatusRoute = (
         const [_, { taskManager }] = await getStartServices();
 
         try {
-          const {
-            riskEngineStatus,
-            legacyRiskEngineStatus,
-            isMaxAmountOfRiskEnginesReached,
-            taskStatus,
-          } = await riskEngineClient.getStatus({
-            namespace: spaceId,
-            taskManager,
-          });
+          const { riskEngineStatus, legacyRiskEngineStatus, taskStatus } =
+            await riskEngineClient.getStatus({
+              namespace: spaceId,
+              taskManager,
+            });
 
           const body: RiskEngineStatusResponse = {
             risk_engine_status: riskEngineStatus,
             legacy_risk_engine_status: legacyRiskEngineStatus,
-            is_max_amount_of_risk_engines_reached: isMaxAmountOfRiskEnginesReached,
             risk_engine_task_status: taskStatus,
           };
 

x-pack/plugins/security_solution/server/lib/entity_analytics/risk_engine/utils/saved_object_configuration.ts

@@ -37,18 +37,6 @@ const getConfigurationSavedObject = async ({
   return savedObjectsResponse.saved_objects?.[0];
 };
 
-export const getEnabledRiskEngineAmount = async ({
-  savedObjectsClient,
-}: SavedObjectsClientArg): Promise<number> => {
-  const savedObjectsResponse = await savedObjectsClient.find<RiskEngineConfiguration>({
-    type: riskEngineConfigurationTypeName,
-    namespaces: ['*'],
-  });
-
-  return savedObjectsResponse.saved_objects?.filter((config) => config?.attributes?.enabled)
-    ?.length;
-};
-
 export const updateSavedObjectAttribute = async ({
   savedObjectsClient,
   attributes,

x-pack/test/security_solution_api_integration/test_suites/entity_analytics/risk_engine/trial_license_complete_tier/init_and_status_apis.ts

@@ -347,7 +347,6 @@ export default ({ getService }: FtrProviderContext) => {
         expect(status1.body).to.eql({
           risk_engine_status: 'NOT_INSTALLED',
           legacy_risk_engine_status: 'NOT_INSTALLED',
-          is_max_amount_of_risk_engines_reached: false,
         });
 
         await riskEngineRoutes.init();
@@ -356,7 +355,6 @@ export default ({ getService }: FtrProviderContext) => {
 
         expect(status2.body.risk_engine_status).to.be('ENABLED');
         expect(status2.body.legacy_risk_engine_status).to.be('NOT_INSTALLED');
-        expect(status2.body.is_max_amount_of_risk_engines_reached).to.be(true);
 
         expect(status2.body.risk_engine_task_status.runAt).to.be.a('string');
         expect(status2.body.risk_engine_task_status.status).to.be('idle');
@@ -368,15 +366,13 @@ export default ({ getService }: FtrProviderContext) => {
         expect(status3.body).to.eql({
           risk_engine_status: 'DISABLED',
           legacy_risk_engine_status: 'NOT_INSTALLED',
-          is_max_amount_of_risk_engines_reached: false,
         });
 
         await riskEngineRoutes.enable();
         const status4 = await riskEngineRoutes.getStatus();
 
         expect(status4.body.risk_engine_status).to.be('ENABLED');
         expect(status4.body.legacy_risk_engine_status).to.be('NOT_INSTALLED');
-        expect(status4.body.is_max_amount_of_risk_engines_reached).to.be(true);
 
         expect(status4.body.risk_engine_task_status.runAt).to.be.a('string');
         expect(status4.body.risk_engine_task_status.status).to.be('idle');
@@ -390,7 +386,6 @@ export default ({ getService }: FtrProviderContext) => {
         expect(status1.body).to.eql({
           risk_engine_status: 'NOT_INSTALLED',
           legacy_risk_engine_status: 'ENABLED',
-          is_max_amount_of_risk_engines_reached: false,
         });
 
         await riskEngineRoutes.init();
@@ -399,7 +394,6 @@ export default ({ getService }: FtrProviderContext) => {
 
         expect(status2.body.risk_engine_status).to.be('ENABLED');
         expect(status2.body.legacy_risk_engine_status).to.be('NOT_INSTALLED');
-        expect(status2.body.is_max_amount_of_risk_engines_reached).to.be(true);
 
         expect(status2.body.risk_engine_task_status.runAt).to.be.a('string');
         expect(status2.body.risk_engine_task_status.status).to.be('idle');

x-pack/test/security_solution_cypress/cypress/tasks/entity_analytics.ts

@@ -65,7 +65,6 @@ export const mockRiskEngineEnabled = () => {
     body: {
       risk_engine_status: 'ENABLED',
       legacy_risk_engine_status: 'INSTALLED',
-      is_max_amount_of_risk_engines_reached: false,
     },
   }).as('riskEngineStatus');