[Internal]: Advanced setting for ES|QL risk scoring #3418
Description
Description
We've introduced a backend change to how we calculate Entity risk scores, now leveraging ES|QL instead of scripted metric aggregations. This change has no user impact or user-facing docs impact; however, as part of this, we are introducing an advanced setting that can allow customers to revert back to the previous behavior if necessary. We currently expect to only have this advanced setting available for a single release (9.2).
Resources
Advanced setting raw name: securitySolution:enableEsqlRiskScoring
Advanced setting human-readable name: Enable ESQL-based risk scoring
Advanced setting description: Enables risk scoring based on ESQL queries. Disabling this will revert to using scripted metrics
Which documentation set does this change impact?
Elastic On-Prem and Cloud (all)
Feature differences
N/A
What release is this request related to?
9.2
Serverless release
Likely to coincide with 9.2 release
Collaboration model
The documentation team
Point of contact.
Engineering contacts: @jaredburgettelastic @tiansivive
Product contacts: Erik Huang
Documentation contact: @natasha-moore-elastic