[Security Solution] [Bug] Only `Critical` and `High` label filters are highlighted for `Risk Scores` under Entity Analytics Dashboard

[arvindersingh-qasource]

Describe the bug Only Critical and High label filters are highlighted for Risk Scores under Entity Analytics Dashboard

Kibana/Elasticsearch Stack version

VERSION: 8.16.0
BUILD: 79314
COMMIT: 5575428dd3aef69366cddb4ccf07a2a26d30ce48

Pre Conditions

1. Kibana v8.16.0 build be must be available
2. AI Connector must be configured.
3. High count of Alerts should be present on Kibana (here - 3000+)
4. Below mentioned xpack must be enabled in Kibana

   xpack.securitySolution.enableExperimental:
   - 'assistantKnowledgeBaseByDefault'

Steps

1. Navigate to Security -> Dashboard - Entity Analytics
2. Under User Risk Scores , Click on User Risk Level dropdown.
3. Observe that, only Critical and High label filters are highlighted for Risk Scores
4. Click on View All option, Observe that on Risk Score table Critical and High label filters are highlighted for Risk Scores.

Expected Result Either all risk score label must be highlighted or else none of the labels must be highlighted

Screenshots

[elasticmachine]

Pinging @elastic/security-solution (Team: SecuritySolution)

[arvindersingh-qasource]

@muskangulati-qasource Please review this ticket

Thanks

[elasticmachine]

Pinging @elastic/security-entity-analytics (Team:Entity Analytics)

[MadameSheema]

@jaredburgettelastic correct me if I'm wrong, but, this is the expected behaviour, correct?

[muskangulati-qasource]

Secondary review is Done for this ticket!

[jaredburgettelastic]

Yes, this is the original desired behavior from when this feature was first introduced way back in 8.12. The idea is that, by default in a dashboard view, customers don't want to see moderate or low risk entities, only high or critical (but they can of course change that if they wish)

@joedatlive do you think we need to revisit this, or is this still the desired behavior?