[Security Solutions] Investigate risk score feature UX inconsistencies

[machadoum]

@angorayc reported several UX inconsistencies with the risk score feature here.

The goal of this ticket is to analyze each reported issue and fix the ones that will improve the UX consistency.

In host overview we have no information icon:

The contents in the tooltips are different:

In host risk table we have colour and risk level with a hover action view unknown risk host:

In alerts table, the behaviour host risk classification seems to have different behaviour: We could consider (in the future) display the column name as Host risk classification and have the same content rendered in the cell with an extra hover action.

We have host classification here but no hover action to filter by severity:

An additional inconsistency reported here:

• Change the field label <Host/User> Risk Classification to <Host/User> Risk Level in every workflow.

[elasticmachine]

Pinging @elastic/security-threat-hunting (Team:Threat Hunting)

[machadoum]

@jaredburgettelastic I found this old ticket. I am assigning it to Pavel.

[elasticmachine]

Pinging @elastic/security-entity-analytics (Team:Entity Analytics)