[Security Solution] [Bug] Asset criticality can be assigned via bulk upload for non existing users or hosts

[muskangulati-qasource]

Describe the bug Asset criticality can be assigned via bulk upload for non existing users or hosts

Kibana/Elasticsearch Stack version

VERSION: 8.16.0
BUILD: 78613
COMMIT: 86dbb8542821cd398090d8fbb9dc5dfaefd4e0a4

Steps

1. Kibana version 8.16.0 or above should exist without endpoints
2. securitySolution:enableAssetCriticality flag should be enabled for Asset Criticality
3. Navigate to Security >> Manage >> Asset criticality
4. Create a file according to the example given
5. Click on ‘select or drag and drop a file’
6. Add the file created
7. Click on assign
8. Observe, the asset criticality is assigned for non existing users/hosts

Expected Result

• Asset criticality should not be assigned via bulk upload for non existing users or hosts

Screen Recording

https://github.com/user-attachments/assets/d58e4cff-f32c-4c5c-aacd-57fb934327a2

[elasticmachine]

Pinging @elastic/security-solution (Team: SecuritySolution)

[muskangulati-qasource]

@amolnater-qasource please review!

[amolnater-qasource]

Reviewed & assigned to @MadameSheema

[elasticmachine]

Pinging @elastic/security-entity-analytics (Team:Entity Analytics)

[jaredburgettelastic]

👋 Hey there, @muskangulati-qasource !

This behavior is intentional and desired, as customers are able to track asset criticality for entities that have never been observed in their environment before. We have workflows upcoming in 8.16 where some customers will be able to see asset criticality assignments for these entities as well, as part of our entity store efforts.

cc @joedatlive

[muskangulati-qasource]

Hi @jaredburgettelastic,

Thank you for sharing all the details.

We are closing this issue as it is working as designed.

Thanks!