[Security Solution] insights overview flyout v2 (elastic#268538)

## Summary

elastic#251817

First of two PRs. This one adds the entities overview to the Flyout v2
Insights section as a **render-only** change — every click handler is
just text for now. The follow-up PR wires those handlers to the
entity-details, alerts, misconfigurations and vulnerabilities tools
flyouts.

### Code changes

- `git mv` the `EntitiesOverview`, `HostEntityOverview`, and
`UserEntityOverview` components from
`flyout/document_details/right/components/` into
`flyout_v2/document/components/`.
- Decouple the components from `useDocumentDetailsContext`: inputs are
passed through props (`hit: DataTableRecord`, `scopeId`,
`renderCellActions`, optional `onShow*` callbacks). `dataAsNestedObject`
is fetched internally via `useEventDetails` when not supplied so the
legacy expandable flyout keeps avoiding the duplicate fetch.
- Render `EntitiesOverview` inside the Flyout v2 `InsightsSection` as
text (no links).
- Update the legacy expandable flyout's right `InsightsSection` and the
`HOST_PREVIEW_BANNER` / `USER_PREVIEW_BANNER` consumers
(`{host,user}_details.tsx`, `link_utils.ts`, related test files) to
import from the new location.
- Move the related `test_ids` constants from
`document_details/right/components/test_ids.ts` to
`flyout_v2/document/components/test_ids.ts`.



https://github.com/user-attachments/assets/7920f3fa-120c-4566-8009-464c9a5aeda1



### UI changes

- **Legacy expandable flyout (flag off):** Insights → Entities renders
identically to `main`. Clicking the section title still opens the
left-panel Entities tab; clicking host/user names still opens the legacy
preview panel.
- **Flyout v2 (flag on):** the Insights section now contains the
entities sub-panel showing host/user data, alert counts,
misconfigurations and vulnerabilities chips. **Every click on this
sub-panel is just text** A follow-up PR will wire them.
- **Discover:** same render-only behavior as Flyout v2.

## How to test

Add to `kibana.dev.yml`:

```
xpack.securitySolution.enableExperimental: [ 'newFlyoutSystemEnabled' ]
```

## What to look for when testing

- Insights → Entities section in the legacy expandable flyout renders
identically to main and all legacy click behaviors still work (flag
off).
- New flyout Insights section renders the entities sub-panel; clicking
the section title, host name, user name, alerts chip, misconfig chip,
and vulnerability chip does nothing (no console errors, no overlay
opens).
- Discover shows the entities sub-panel; clicks are inert.

---------

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
Co-authored-by: Cursor <cursoragent@cursor.com>

Author: 4 people

x-pack/platform/plugins/private/translations/translations/de-DE.json

@@ -44258,15 +44258,9 @@
     "xpack.securitySolution.flyout.right.header.shareButtonToolTip": "Alert teilen",
     "xpack.securitySolution.flyout.right.header.statusTitle": "Status",
     "xpack.securitySolution.flyout.right.header.tableTabLabel": "Tabelle",
-    "xpack.securitySolution.flyout.right.host.hostPreviewTitle": "Hostdetails anzeigen",
     "xpack.securitySolution.flyout.right.insights.alerts.alertsCountDescription": "Alerts",
     "xpack.securitySolution.flyout.right.insights.alerts.alertsTitle": "Alerts",
     "xpack.securitySolution.flyout.right.insights.alerts.alertsTooltip": "Alle Warnungen anzeigen",
-    "xpack.securitySolution.flyout.right.insights.entities.entitiesTitle": "Entitäten",
-    "xpack.securitySolution.flyout.right.insights.entities.entitiesTooltip": "Alle Entitäten anzeigen",
-    "xpack.securitySolution.flyout.right.insights.entities.hostLoadingAriaLabel": "Host-Überblick",
-    "xpack.securitySolution.flyout.right.insights.entities.noDataDescription": "Host- und Nutzerinformationen sind für diese Warnung nicht verfügbar.",
-    "xpack.securitySolution.flyout.right.insights.entities.userLoadingAriaLabel": "Nutzerübersicht",
     "xpack.securitySolution.flyout.right.insights.misconfiguration.misconfigurationTooltip": "Alle Fehlkonfigurationsbefunde anzeigen",
     "xpack.securitySolution.flyout.right.insights.misconfigurations.failedFindingsText": "{count, plural, one {Failed finding} other {Failed findings}}",
     "xpack.securitySolution.flyout.right.insights.misconfigurations.misconfigurationsTitle": "Fehlkonfigurationen",
@@ -44280,7 +44274,9 @@
     "xpack.securitySolution.flyout.right.network.networkPreviewTitle": "Netzwerkdetails anzeigen",
     "xpack.securitySolution.flyout.right.overview.overviewContentAriaLabel": "Überblick",
     "xpack.securitySolution.flyout.right.rule.rulePreviewTitle": "Vorschau der Regeldetails",
-    "xpack.securitySolution.flyout.right.user.userPreviewTitle": "Nutzerdetails in der Vorschau anzeigen",
+    "xpack.securitySolution.flyout.right.visualizations.graphPreview.errorDescription": "Ein Fehler verhindert, dass diese Warnung visualisiert wird.",
+    "xpack.securitySolution.flyout.right.visualizations.graphPreview.graphAriaLabel": "Graph-Vorschau",
+    "xpack.securitySolution.flyout.right.visualizations.graphPreview.loadingAriaLabel": "Graph-Vorschau",
     "xpack.securitySolution.flyout.right.vulnerabilityFinding.PreviewTitle": "Vorschau der Schwachstellendetails",
     "xpack.securitySolution.flyout.sessionView.title": "Sitzungsansicht",
     "xpack.securitySolution.flyout.sessionViewer.noDataDescription": "Sie können die Details der Linux-Sitzung nur einsehen, wenn Sie die Einstellung {setting} in Ihrer Elastic Defend-Integrationsrichtlinie aktiviert haben. Weitere Informationen finden Sie unter {link}.",

x-pack/platform/plugins/private/translations/translations/fr-FR.json

@@ -44107,15 +44107,9 @@
     "xpack.securitySolution.flyout.right.header.shareButtonToolTip": "Partager l'alerte",
     "xpack.securitySolution.flyout.right.header.statusTitle": "Statut",
     "xpack.securitySolution.flyout.right.header.tableTabLabel": "Tableau",
-    "xpack.securitySolution.flyout.right.host.hostPreviewTitle": "Afficher un aperçu des détails de l'hôte",
     "xpack.securitySolution.flyout.right.insights.alerts.alertsCountDescription": "Alertes",
     "xpack.securitySolution.flyout.right.insights.alerts.alertsTitle": "Alertes",
     "xpack.securitySolution.flyout.right.insights.alerts.alertsTooltip": "Afficher toutes les alertes",
-    "xpack.securitySolution.flyout.right.insights.entities.entitiesTitle": "Entités",
-    "xpack.securitySolution.flyout.right.insights.entities.entitiesTooltip": "Afficher toutes les entités",
-    "xpack.securitySolution.flyout.right.insights.entities.hostLoadingAriaLabel": "aperçu de l'hôte",
-    "xpack.securitySolution.flyout.right.insights.entities.noDataDescription": "Les informations de l'hôte et de l'utilisateur ne sont pas disponibles pour cette alerte.",
-    "xpack.securitySolution.flyout.right.insights.entities.userLoadingAriaLabel": "aperçu de l'utilisateur",
     "xpack.securitySolution.flyout.right.insights.misconfiguration.misconfigurationTooltip": "Afficher tous les résultats de mauvaise configuration",
     "xpack.securitySolution.flyout.right.insights.misconfigurations.misconfigurationsTitle": "Configurations incorrectes",
     "xpack.securitySolution.flyout.right.insights.misconfigurations.postureScoreDescription": "Score du niveau",
@@ -44127,7 +44121,9 @@
     "xpack.securitySolution.flyout.right.network.networkPreviewTitle": "Aperçu des détails du réseau",
     "xpack.securitySolution.flyout.right.overview.overviewContentAriaLabel": "Aperçu",
     "xpack.securitySolution.flyout.right.rule.rulePreviewTitle": "Afficher les détails de la règle",
-    "xpack.securitySolution.flyout.right.user.userPreviewTitle": "Aperçu des détails de l'utilisateur",
+    "xpack.securitySolution.flyout.right.visualizations.graphPreview.errorDescription": "Une erreur empêche la visualisation de cette alerte.",
+    "xpack.securitySolution.flyout.right.visualizations.graphPreview.graphAriaLabel": "Aperçu du graphique",
+    "xpack.securitySolution.flyout.right.visualizations.graphPreview.loadingAriaLabel": "aperçu du graphique",
     "xpack.securitySolution.flyout.right.vulnerabilityFinding.PreviewTitle": "Prévisualiser les détails de la vulnérabilité",
     "xpack.securitySolution.flyout.sessionView.title": "Vue de session",
     "xpack.securitySolution.flyout.sessionViewer.noDataDescription": "Vous ne pouvez afficher les détails de la session Linux que si vous avez activé le paramètre {setting} dans votre politique d'intégration Elastic Defend. Pour en savoir plus, consultez {link}.",

x-pack/platform/plugins/private/translations/translations/ja-JP.json

@@ -44423,15 +44423,9 @@
     "xpack.securitySolution.flyout.right.header.shareButtonToolTip": "アラートを共有",
     "xpack.securitySolution.flyout.right.header.statusTitle": "ステータス",
     "xpack.securitySolution.flyout.right.header.tableTabLabel": "表",
-    "xpack.securitySolution.flyout.right.host.hostPreviewTitle": "ホスト詳細をプレビュー",
     "xpack.securitySolution.flyout.right.insights.alerts.alertsCountDescription": "アラート",
     "xpack.securitySolution.flyout.right.insights.alerts.alertsTitle": "アラート",
     "xpack.securitySolution.flyout.right.insights.alerts.alertsTooltip": "すべてのアラートを表示",
-    "xpack.securitySolution.flyout.right.insights.entities.entitiesTitle": "エンティティ",
-    "xpack.securitySolution.flyout.right.insights.entities.entitiesTooltip": "すべてのエンティティを表示",
-    "xpack.securitySolution.flyout.right.insights.entities.hostLoadingAriaLabel": "ホスト概要",
-    "xpack.securitySolution.flyout.right.insights.entities.noDataDescription": "このアラートでは、ホストとユーザーの情報は利用できません。",
-    "xpack.securitySolution.flyout.right.insights.entities.userLoadingAriaLabel": "ユーザー概要",
     "xpack.securitySolution.flyout.right.insights.misconfiguration.misconfigurationTooltip": "すべての構成エラー調査結果を表示",
     "xpack.securitySolution.flyout.right.insights.misconfigurations.failedFindingsText": "{count, plural, one {Failed finding} other {失敗した調査結果}}",
     "xpack.securitySolution.flyout.right.insights.misconfigurations.misconfigurationsTitle": "構成エラー",
@@ -44445,7 +44439,9 @@
     "xpack.securitySolution.flyout.right.network.networkPreviewTitle": "ネットワーク詳細をプレビュー",
     "xpack.securitySolution.flyout.right.overview.overviewContentAriaLabel": "概要",
     "xpack.securitySolution.flyout.right.rule.rulePreviewTitle": "ルール詳細をプレビュー",
-    "xpack.securitySolution.flyout.right.user.userPreviewTitle": "ユーザー詳細をプレビュー",
+    "xpack.securitySolution.flyout.right.visualizations.graphPreview.errorDescription": "エラーが発生したため、このアラートを可視化できません。",
+    "xpack.securitySolution.flyout.right.visualizations.graphPreview.graphAriaLabel": "グラフプレビュー",
+    "xpack.securitySolution.flyout.right.visualizations.graphPreview.loadingAriaLabel": "グラフプレビュー",
     "xpack.securitySolution.flyout.right.vulnerabilityFinding.PreviewTitle": "脆弱性の詳細をプレビュー",
     "xpack.securitySolution.flyout.sessionView.title": "セッションビュー",
     "xpack.securitySolution.flyout.sessionViewer.noDataDescription": "Linuxセッションの詳細を表示できるのは、Elastic Defendの統合ポリシーで{setting}設定を有効にしている場合のみです。詳細については、{link}を参照してください。",

x-pack/platform/plugins/private/translations/translations/zh-CN.json

@@ -44416,15 +44416,9 @@
     "xpack.securitySolution.flyout.right.header.shareButtonToolTip": "共享告警",
     "xpack.securitySolution.flyout.right.header.statusTitle": "状态",
     "xpack.securitySolution.flyout.right.header.tableTabLabel": "表",
-    "xpack.securitySolution.flyout.right.host.hostPreviewTitle": "预览主机详情",
     "xpack.securitySolution.flyout.right.insights.alerts.alertsCountDescription": "告警",
     "xpack.securitySolution.flyout.right.insights.alerts.alertsTitle": "告警",
     "xpack.securitySolution.flyout.right.insights.alerts.alertsTooltip": "显示所有告警",
-    "xpack.securitySolution.flyout.right.insights.entities.entitiesTitle": "实体",
-    "xpack.securitySolution.flyout.right.insights.entities.entitiesTooltip": "显示所有实体",
-    "xpack.securitySolution.flyout.right.insights.entities.hostLoadingAriaLabel": "主机概览",
-    "xpack.securitySolution.flyout.right.insights.entities.noDataDescription": "主机和用户信息对此告警不可用。",
-    "xpack.securitySolution.flyout.right.insights.entities.userLoadingAriaLabel": "用户概览",
     "xpack.securitySolution.flyout.right.insights.misconfiguration.misconfigurationTooltip": "显示所有错误配置结果",
     "xpack.securitySolution.flyout.right.insights.misconfigurations.failedFindingsText": "{count, plural, one {Failed finding} other {未通过的检测结果}}",
     "xpack.securitySolution.flyout.right.insights.misconfigurations.misconfigurationsTitle": "错误配置",
@@ -44438,7 +44432,9 @@
     "xpack.securitySolution.flyout.right.network.networkPreviewTitle": "预览网络详情",
     "xpack.securitySolution.flyout.right.overview.overviewContentAriaLabel": "概览",
     "xpack.securitySolution.flyout.right.rule.rulePreviewTitle": "预览规则详情",
-    "xpack.securitySolution.flyout.right.user.userPreviewTitle": "预览用户详情",
+    "xpack.securitySolution.flyout.right.visualizations.graphPreview.errorDescription": "阻止对此告警进行可视化时出错。",
+    "xpack.securitySolution.flyout.right.visualizations.graphPreview.graphAriaLabel": "图表预览",
+    "xpack.securitySolution.flyout.right.visualizations.graphPreview.loadingAriaLabel": "图表预览",
     "xpack.securitySolution.flyout.right.vulnerabilityFinding.PreviewTitle": "漏洞预览详情",
     "xpack.securitySolution.flyout.sessionView.title": "会话视图",
     "xpack.securitySolution.flyout.sessionViewer.noDataDescription": "如果已在 Elastic Defend 集成策略中启用 {setting} 设置，则您只能查看 Linux 会话详情。请参阅 {link} 了解更多信息。",

x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/home/entity_alerts_cell.tsx

@@ -43,7 +43,7 @@ import {
   getAlertsByStatusQuery,
   parseAlertsData,
 } from '../../../overview/components/detection_response/alerts_by_status/use_alerts_by_status';
-import { getFormattedAlertStats } from '../../../flyout/document_details/shared/components/alert_count_insight';
+import { getFormattedAlertStats } from '../../../flyout_v2/document/main/components/alert_count_insight';
 
 const QUERY_KEY_ENTITY_ALERTS_BY_STATUS = 'entity-analytics-alerts-by-status';
 

x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/privileged_user_monitoring/components/privileged_users_table/columns.tsx

@@ -46,7 +46,7 @@ import {
 } from '../../../../../overview/components/detection_response/translations';
 import { FILTER_ACKNOWLEDGED, FILTER_OPEN } from '../../../../../../common/types';
 import type { CriticalityLevelWithUnassigned } from '../../../../../../common/entity_analytics/asset_criticality/types';
-import { getFormattedAlertStats } from '../../../../../flyout/document_details/shared/components/alert_count_insight';
+import { getFormattedAlertStats } from '../../../../../flyout_v2/document/main/components/alert_count_insight';
 import { SCOPE_ID } from '../../constants';
 
 const COLUMN_WIDTHS = { actions: '5%', '@timestamp': '20%', privileged_user: '15%' };

x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/left/components/host_details.test.tsx

@@ -35,9 +35,9 @@ import { mockContextValue } from '../../shared/mocks/mock_context';
 import { mockFlyoutApi } from '../../shared/mocks/mock_flyout_context';
 import { useExpandableFlyoutApi } from '@kbn/expandable-flyout';
 import { HostPreviewPanelKey } from '../../../entity_details/host_right';
-import { HOST_PREVIEW_BANNER } from '../../right/components/host_entity_overview';
+import { HOST_PREVIEW_BANNER } from '../../../../flyout_v2/document/main/components/host_entity_overview';
 import { UserPreviewPanelKey } from '../../../entity_details/user_right';
-import { USER_PREVIEW_BANNER } from '../../right/components/user_entity_overview';
+import { USER_PREVIEW_BANNER } from '../../../../flyout_v2/document/main/components/user_entity_overview';
 import { NetworkPreviewPanelKey, NETWORK_PREVIEW_BANNER } from '../../../network_details';
 import { useAlertsByStatus } from '../../../../overview/components/detection_response/alerts_by_status/use_alerts_by_status';
 import { useDataView } from '../../../../data_view_manager/hooks/use_data_view';

x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/left/components/host_details.tsx

@@ -79,11 +79,11 @@ import { ENTITY_RISK_LEVEL } from '../../../../entity_analytics/components/risk_
 import { useHasSecurityCapability } from '../../../../helper_hooks';
 import { PreviewLink } from '../../../shared/components/preview_link';
 import { HostPreviewPanelKey } from '../../../entity_details/host_right';
-import { HOST_PREVIEW_BANNER } from '../../right/components/host_entity_overview';
+import { HOST_PREVIEW_BANNER } from '../../../../flyout_v2/document/main/components/host_entity_overview';
 import type { NarrowDateRange } from '../../../../common/components/ml/types';
-import { MisconfigurationsInsight } from '../../shared/components/misconfiguration_insight';
-import { VulnerabilitiesInsight } from '../../shared/components/vulnerabilities_insight';
-import { AlertCountInsight } from '../../shared/components/alert_count_insight';
+import { MisconfigurationsInsight } from '../../../../flyout_v2/document/main/components/misconfiguration_insight';
+import { VulnerabilitiesInsight } from '../../../../flyout_v2/document/main/components/vulnerabilities_insight';
+import { AlertCountInsight } from '../../../../flyout_v2/document/main/components/alert_count_insight';
 import { DocumentEventTypes } from '../../../../common/lib/telemetry';
 import { DETECTION_RESPONSE_ALERTS_BY_STATUS_ID } from '../../../../overview/components/detection_response/alerts_by_status/types';
 import { useNavigateToHostDetails } from '../../../entity_details/host_right/hooks/use_navigate_to_host_details';
@@ -98,6 +98,10 @@ import {
   buildRiskScoreStateFromEntityRecord,
   getRiskFromEntityRecord,
 } from '../../../entity_details/shared/entity_store_risk_utils';
+import {
+  CspInsightLeftPanelSubTab,
+  EntityDetailsLeftPanelTab,
+} from '../../../entity_details/shared/components/left_panel/left_panel_header';
 import { mergeLegacyIdentityWhenStoreEntityMissing, type IdentityFields } from '../../shared/utils';
 
 const HOST_DETAILS_ID = 'entities-hosts-details';
@@ -549,20 +553,35 @@ export const HostDetails: React.FC<HostDetailsProps> = ({
           entityType={EntityType.host}
           queryId={`${DETECTION_RESPONSE_ALERTS_BY_STATUS_ID}-document-details-host-entities`}
           direction="column"
-          openDetailsPanel={openDetailsPanel}
+          onShowAlertCountDetails={() =>
+            openDetailsPanel({
+              tab: EntityDetailsLeftPanelTab.CSP_INSIGHTS,
+              subTab: CspInsightLeftPanelSubTab.ALERTS,
+            })
+          }
           data-test-subj={HOST_DETAILS_ALERT_COUNT_TEST_ID}
         />
         <MisconfigurationsInsight
           identityFields={hostInsightsIdentityFields}
           direction="column"
-          openDetailsPanel={openDetailsPanel}
+          onShowMisconfigurationsDetails={() =>
+            openDetailsPanel({
+              tab: EntityDetailsLeftPanelTab.CSP_INSIGHTS,
+              subTab: CspInsightLeftPanelSubTab.MISCONFIGURATIONS,
+            })
+          }
           data-test-subj={HOST_DETAILS_MISCONFIGURATIONS_TEST_ID}
           telemetryKey={MISCONFIGURATION_INSIGHT_HOST_DETAILS}
         />
         <VulnerabilitiesInsight
           identityFields={hostInsightsIdentityFields}
           direction="column"
-          openDetailsPanel={openDetailsPanel}
+          onShowVulnerabilitiesDetails={() =>
+            openDetailsPanel({
+              tab: EntityDetailsLeftPanelTab.CSP_INSIGHTS,
+              subTab: CspInsightLeftPanelSubTab.VULNERABILITIES,
+            })
+          }
           data-test-subj={HOST_DETAILS_VULNERABILITIES_TEST_ID}
           telemetryKey={VULNERABILITIES_INSIGHT_HOST_DETAILS}
         />

x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/left/components/prevalence_details.test.tsx

@@ -32,9 +32,9 @@ import { mockContextValue } from '../../shared/mocks/mock_context';
 import { mockFlyoutApi } from '../../shared/mocks/mock_flyout_context';
 import { useExpandableFlyoutApi } from '@kbn/expandable-flyout';
 import { HostPreviewPanelKey } from '../../../entity_details/host_right';
-import { HOST_PREVIEW_BANNER } from '../../right/components/host_entity_overview';
+import { HOST_PREVIEW_BANNER } from '../../../../flyout_v2/document/main/components/host_entity_overview';
 import { UserPreviewPanelKey } from '../../../entity_details/user_right';
-import { USER_PREVIEW_BANNER } from '../../right/components/user_entity_overview';
+import { USER_PREVIEW_BANNER } from '../../../../flyout_v2/document/main/components/user_entity_overview';
 import { createTelemetryServiceMock } from '../../../../common/lib/telemetry/telemetry_service.mock';
 import { useUserPrivileges } from '../../../../common/components/user_privileges';
 import { mockGetFieldsData } from '../../shared/mocks/mock_get_fields_data';

x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/left/components/user_details.test.tsx

@@ -33,9 +33,9 @@ import { mockContextValue } from '../../shared/mocks/mock_context';
 import { mockFlyoutApi } from '../../shared/mocks/mock_flyout_context';
 import { useExpandableFlyoutApi } from '@kbn/expandable-flyout';
 import { HostPreviewPanelKey } from '../../../entity_details/host_right';
-import { HOST_PREVIEW_BANNER } from '../../right/components/host_entity_overview';
+import { HOST_PREVIEW_BANNER } from '../../../../flyout_v2/document/main/components/host_entity_overview';
 import { UserPreviewPanelKey } from '../../../entity_details/user_right';
-import { USER_PREVIEW_BANNER } from '../../right/components/user_entity_overview';
+import { USER_PREVIEW_BANNER } from '../../../../flyout_v2/document/main/components/user_entity_overview';
 import { NetworkPreviewPanelKey, NETWORK_PREVIEW_BANNER } from '../../../network_details';
 import { useAlertsByStatus } from '../../../../overview/components/detection_response/alerts_by_status/use_alerts_by_status';
 import { useDataView } from '../../../../data_view_manager/hooks/use_data_view';