[9.0] [SecurirySolution] Fix risk score visu fails when entity name contains backslash (#237757) (#237936)

# Backport

This will backport the following commits from `main` to `9.0`:
- [[SecurirySolution] Fix risk score visu fails when entity name
contains backslash
(#237757)](#237757)

<!--- Backport version: 9.6.6 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT [{"author":{"name":"Pablo
Machado","email":"pablo.nevesmachado@elastic.co"},"sourceCommit":{"committedDate":"2025-10-07T21:33:09Z","message":"[SecurirySolution]
Fix risk score visu fails when entity name contains backslash
(#237757)\n\n## Summary\n\nAdd `\"` around the entity name so Lens know
that it has to escape\nspecial characters.\n\n\n<img width=\"3440\"
height=\"1340\" alt=\"Screenshot 2025-10-07 at 08 19
44\"\nsrc=\"https://github.com/user-attachments/assets/6c0b6896-5529-430e-964b-afba1de37d95\"\n/>\n<img
width=\"1078\" height=\"666\" alt=\"Screenshot 2025-10-07 at 08 30
44\"\nsrc=\"https://github.com/user-attachments/assets/1ffd4dfd-c89f-42d9-ad26-9a39c5be835f\"\n/>\n\n\n###
How to test it?\n* Start Kibana\n* Create an event with `user.name:
EC2AMAZ-R2R92FT\\Administrator`\n* Run the risk score engine\n* Open the
entity
flyout","sha":"ff7d8327bd1615c5586bfdc037087169ce4f77a1","branchLabelMapping":{"^v9.3.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","backport","release_note:fix","Team:
SecuritySolution","backport:all-open","Theme:
entity_analytics","Feature:Entity Analytics","Team:Entity
Analytics","v9.2.0","v9.3.0"],"title":"[SecurirySolution] Fix risk score
visu fails when entity name contains
backslash","number":237757,"url":"https://github.com/elastic/kibana/pull/237757","mergeCommit":{"message":"[SecurirySolution]
Fix risk score visu fails when entity name contains backslash
(#237757)\n\n## Summary\n\nAdd `\"` around the entity name so Lens know
that it has to escape\nspecial characters.\n\n\n<img width=\"3440\"
height=\"1340\" alt=\"Screenshot 2025-10-07 at 08 19
44\"\nsrc=\"https://github.com/user-attachments/assets/6c0b6896-5529-430e-964b-afba1de37d95\"\n/>\n<img
width=\"1078\" height=\"666\" alt=\"Screenshot 2025-10-07 at 08 30
44\"\nsrc=\"https://github.com/user-attachments/assets/1ffd4dfd-c89f-42d9-ad26-9a39c5be835f\"\n/>\n\n\n###
How to test it?\n* Start Kibana\n* Create an event with `user.name:
EC2AMAZ-R2R92FT\\Administrator`\n* Run the risk score engine\n* Open the
entity
flyout","sha":"ff7d8327bd1615c5586bfdc037087169ce4f77a1"}},"sourceBranch":"main","suggestedTargetBranches":["9.2"],"targetPullRequestStates":[{"branch":"9.2","label":"v9.2.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.3.0","branchLabelMappingKey":"^v9.3.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/237757","number":237757,"mergeCommit":{"message":"[SecurirySolution]
Fix risk score visu fails when entity name contains backslash
(#237757)\n\n## Summary\n\nAdd `\"` around the entity name so Lens know
that it has to escape\nspecial characters.\n\n\n<img width=\"3440\"
height=\"1340\" alt=\"Screenshot 2025-10-07 at 08 19
44\"\nsrc=\"https://github.com/user-attachments/assets/6c0b6896-5529-430e-964b-afba1de37d95\"\n/>\n<img
width=\"1078\" height=\"666\" alt=\"Screenshot 2025-10-07 at 08 30
44\"\nsrc=\"https://github.com/user-attachments/assets/1ffd4dfd-c89f-42d9-ad26-9a39c5be835f\"\n/>\n\n\n###
How to test it?\n* Start Kibana\n* Create an event with `user.name:
EC2AMAZ-R2R92FT\\Administrator`\n* Run the risk score engine\n* Open the
entity flyout","sha":"ff7d8327bd1615c5586bfdc037087169ce4f77a1"}}]}]
BACKPORT-->

Co-authored-by: Pablo Machado <pablo.nevesmachado@elastic.co>

Author: kibanamachine

x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/risk_summary_flyout/risk_summary.test.tsx

@@ -197,7 +197,7 @@ describe('FlyoutRiskSummary', () => {
     );
     const firstColumn = Object.values(datasourceLayers[0].columns)[0];
 
-    expect((lensAttributes.state.query as Query).query).toEqual('host.name: test');
+    expect((lensAttributes.state.query as Query).query).toEqual('host.name: "test"');
     expect(firstColumn).toEqual(
       expect.objectContaining({
         sourceField: 'host.risk.calculated_score_norm',
@@ -274,7 +274,7 @@ describe('FlyoutRiskSummary', () => {
     );
     const firstColumn = Object.values(datasourceLayers[0].columns)[0];
 
-    expect((lensAttributes.state.query as Query).query).toEqual('user.name: test');
+    expect((lensAttributes.state.query as Query).query).toEqual('user.name: "test"');
     expect(firstColumn).toEqual(
       expect.objectContaining({
         sourceField: 'user.risk.calculated_score_norm',

x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/risk_summary_flyout/risk_summary.tsx

@@ -78,7 +78,7 @@ const FlyoutRiskSummaryComponent = <T extends EntityType>({
 
     return getRiskScoreSummaryAttributes({
       severity: entityData?.risk?.calculated_level,
-      query: `${fieldName}: ${entityName}`,
+      query: `${fieldName}: "${entityName}"`,
       spaceId,
       riskEntity: entityType,
       // TODO: add in riskColors when severity palette agreed on.