From bc79b994d1f26c13f09cfe538476b1ad59d51efe Mon Sep 17 00:00:00 2001
From: Mark Hopkin <mark.hopkin@elastic.co>
Date: Fri, 2 Aug 2024 16:58:32 +0100
Subject: [PATCH] [Entity Analytics] Add return types to all our routes
 (#189726)

## Summary
Add return types to all of our route handlers.

Before we did things like this in _some_ APIs:

```
const resBody: CreateAssetCriticalityRecordResponse = { blah : 'blah'};
```

And I have moved to this style:

```
      async (
        context,
        request,
        response
      ): Promise<IKibanaResponse<CreateAssetCriticalityRecordResponse>> => {
```

This keeps the API docs in sync, I saw that this is how they do it in
the elastic assistant plugin and liked it. I think it is clearer to have
this stuff in the route definition, near the URL and request validation.

---------

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
---
 .../get_asset_criticality_privileges.gen.ts   |  33 +----
 ...t_asset_criticality_privileges.schema.yaml |  43 +------
 .../api/entity_analytics/common/common.gen.ts |  26 ++++
 .../common/common.schema.yaml                 |  36 ++++++
 .../common/api/entity_analytics/index.ts      |   1 +
 .../get_risk_engine_privileges.gen.ts         |  22 ++++
 .../get_risk_engine_privileges.schema.yaml    |  26 ++++
 .../api/entity_analytics/risk_engine/index.ts |   1 +
 .../risk_engine/privileges.test.ts            |   2 +-
 .../risk_engine/privileges.ts                 |   2 +-
 .../public/entity_analytics/api/api.ts        |   2 +-
 .../asset_criticality/routes/bulk_upload.ts   |  18 ++-
 .../asset_criticality/routes/get.ts           |  13 +-
 .../asset_criticality/routes/list.ts          |  10 +-
 .../asset_criticality/routes/privileges.ts    |   9 +-
 .../asset_criticality/routes/status.ts        |  15 ++-
 .../asset_criticality/routes/upload_csv.ts    |   8 +-
 .../asset_criticality/routes/upsert.ts        |  13 +-
 .../risk_engine/routes/disable.ts             |  86 +++++++------
 .../risk_engine/routes/enable.ts              |  81 ++++++------
 .../risk_engine/routes/init.ts                | 120 +++++++++---------
 .../risk_engine/routes/privileges.ts          |  60 +++++----
 .../risk_engine/routes/settings.ts            |  71 ++++++-----
 .../risk_engine/routes/status.ts              |  54 ++++----
 .../risk_score/routes/entity_calculation.ts   |   4 +-
 .../risk_score/routes/preview.ts              |   5 +-
 .../services/security_solution_api.gen.ts     |  14 ++
 27 files changed, 454 insertions(+), 321 deletions(-)
 create mode 100644 x-pack/plugins/security_solution/common/api/entity_analytics/risk_engine/get_risk_engine_privileges.gen.ts
 create mode 100644 x-pack/plugins/security_solution/common/api/entity_analytics/risk_engine/get_risk_engine_privileges.schema.yaml

diff --git a/x-pack/plugins/security_solution/common/api/entity_analytics/asset_criticality/get_asset_criticality_privileges.gen.ts b/x-pack/plugins/security_solution/common/api/entity_analytics/asset_criticality/get_asset_criticality_privileges.gen.ts
index 3d828e0e38a7a0..8f53ab8c558c3f 100644
--- a/x-pack/plugins/security_solution/common/api/entity_analytics/asset_criticality/get_asset_criticality_privileges.gen.ts
+++ b/x-pack/plugins/security_solution/common/api/entity_analytics/asset_criticality/get_asset_criticality_privileges.gen.ts
@@ -14,30 +14,11 @@
  *   version: 1
  */
 
-import { z } from 'zod';
+import type { z } from 'zod';
 
-export type EntityAnalyticsPrivileges = z.infer<typeof EntityAnalyticsPrivileges>;
-export const EntityAnalyticsPrivileges = z.object({
-  has_all_required: z.boolean(),
-  has_read_permissions: z.boolean().optional(),
-  has_write_permissions: z.boolean().optional(),
-  privileges: z.object({
-    elasticsearch: z.object({
-      cluster: z
-        .object({
-          manage_index_templates: z.boolean().optional(),
-          manage_transform: z.boolean().optional(),
-        })
-        .optional(),
-      index: z
-        .object({})
-        .catchall(
-          z.object({
-            read: z.boolean().optional(),
-            write: z.boolean().optional(),
-          })
-        )
-        .optional(),
-    }),
-  }),
-});
+import { EntityAnalyticsPrivileges } from '../common/common.gen';
+
+export type AssetCriticalityGetPrivilegesResponse = z.infer<
+  typeof AssetCriticalityGetPrivilegesResponse
+>;
+export const AssetCriticalityGetPrivilegesResponse = EntityAnalyticsPrivileges;
diff --git a/x-pack/plugins/security_solution/common/api/entity_analytics/asset_criticality/get_asset_criticality_privileges.schema.yaml b/x-pack/plugins/security_solution/common/api/entity_analytics/asset_criticality/get_asset_criticality_privileges.schema.yaml
index 548237265d0fbb..267665613b7c75 100644
--- a/x-pack/plugins/security_solution/common/api/entity_analytics/asset_criticality/get_asset_criticality_privileges.schema.yaml
+++ b/x-pack/plugins/security_solution/common/api/entity_analytics/asset_criticality/get_asset_criticality_privileges.schema.yaml
@@ -7,6 +7,7 @@ paths:
     get:
       x-labels: [ess, serverless]
       x-internal: true
+      x-codegen-enabled: true
       operationId: AssetCriticalityGetPrivileges
       summary: Get Asset Criticality Privileges
       responses:
@@ -15,49 +16,11 @@ paths:
           content:
             application/json:
               schema:
-                $ref: '#/components/schemas/EntityAnalyticsPrivileges'
+                $ref: '../common/common.schema.yaml#/components/schemas/EntityAnalyticsPrivileges'
               example:
                 elasticsearch:
                   index:
                     '.asset-criticality.asset-criticality-*':
                       read: true
                       write: false
-                has_all_required: false
-components:
-  schemas:
-    EntityAnalyticsPrivileges:
-      type: object
-      properties:
-        has_all_required:
-          type: boolean
-        has_read_permissions:
-          type: boolean
-        has_write_permissions:
-          type: boolean
-        privileges:
-          type: object
-          properties:
-            elasticsearch:
-              type: object
-              properties:
-                cluster:
-                  type: object
-                  properties:
-                    manage_index_templates:
-                      type: boolean
-                    manage_transform:
-                      type: boolean
-                index:
-                  type: object
-                  additionalProperties:
-                    type: object
-                    properties:
-                      read:
-                        type: boolean
-                      write:
-                        type: boolean
-          required:
-            - elasticsearch
-      required:
-        - has_all_required
-        - privileges
+                has_all_required: false
\ No newline at end of file
diff --git a/x-pack/plugins/security_solution/common/api/entity_analytics/common/common.gen.ts b/x-pack/plugins/security_solution/common/api/entity_analytics/common/common.gen.ts
index 5b3538917f78cf..8e6f3841b8f6d8 100644
--- a/x-pack/plugins/security_solution/common/api/entity_analytics/common/common.gen.ts
+++ b/x-pack/plugins/security_solution/common/api/entity_analytics/common/common.gen.ts
@@ -18,6 +18,32 @@ import { z } from 'zod';
 
 import { AssetCriticalityLevel } from '../asset_criticality/common.gen';
 
+export type EntityAnalyticsPrivileges = z.infer<typeof EntityAnalyticsPrivileges>;
+export const EntityAnalyticsPrivileges = z.object({
+  has_all_required: z.boolean(),
+  has_read_permissions: z.boolean().optional(),
+  has_write_permissions: z.boolean().optional(),
+  privileges: z.object({
+    elasticsearch: z.object({
+      cluster: z
+        .object({
+          manage_index_templates: z.boolean().optional(),
+          manage_transform: z.boolean().optional(),
+        })
+        .optional(),
+      index: z
+        .object({})
+        .catchall(
+          z.object({
+            read: z.boolean().optional(),
+            write: z.boolean().optional(),
+          })
+        )
+        .optional(),
+    }),
+  }),
+});
+
 export type EntityAfterKey = z.infer<typeof EntityAfterKey>;
 export const EntityAfterKey = z.object({}).catchall(z.string());
 
diff --git a/x-pack/plugins/security_solution/common/api/entity_analytics/common/common.schema.yaml b/x-pack/plugins/security_solution/common/api/entity_analytics/common/common.schema.yaml
index 63aa739d2133d0..67428b261a0f98 100644
--- a/x-pack/plugins/security_solution/common/api/entity_analytics/common/common.schema.yaml
+++ b/x-pack/plugins/security_solution/common/api/entity_analytics/common/common.schema.yaml
@@ -6,6 +6,42 @@ info:
 paths: {}
 components:
   schemas:
+    EntityAnalyticsPrivileges:
+      type: object
+      properties:
+        has_all_required:
+          type: boolean
+        has_read_permissions:
+          type: boolean
+        has_write_permissions:
+          type: boolean
+        privileges:
+          type: object
+          properties:
+            elasticsearch:
+              type: object
+              properties:
+                cluster:
+                  type: object
+                  properties:
+                    manage_index_templates:
+                      type: boolean
+                    manage_transform:
+                      type: boolean
+                index:
+                  type: object
+                  additionalProperties:
+                    type: object
+                    properties:
+                      read:
+                        type: boolean
+                      write:
+                        type: boolean
+          required:
+            - elasticsearch
+      required:
+        - has_all_required
+        - privileges
     EntityAfterKey:
       type: object
       additionalProperties:
diff --git a/x-pack/plugins/security_solution/common/api/entity_analytics/index.ts b/x-pack/plugins/security_solution/common/api/entity_analytics/index.ts
index afb71bbd5bb17e..9d3c3a29bdebfa 100644
--- a/x-pack/plugins/security_solution/common/api/entity_analytics/index.ts
+++ b/x-pack/plugins/security_solution/common/api/entity_analytics/index.ts
@@ -8,3 +8,4 @@
 export * from './asset_criticality';
 export * from './risk_engine';
 export * from './risk_score';
+export { EntityAnalyticsPrivileges } from './common';
diff --git a/x-pack/plugins/security_solution/common/api/entity_analytics/risk_engine/get_risk_engine_privileges.gen.ts b/x-pack/plugins/security_solution/common/api/entity_analytics/risk_engine/get_risk_engine_privileges.gen.ts
new file mode 100644
index 00000000000000..db07db331e4776
--- /dev/null
+++ b/x-pack/plugins/security_solution/common/api/entity_analytics/risk_engine/get_risk_engine_privileges.gen.ts
@@ -0,0 +1,22 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+/*
+ * NOTICE: Do not edit this file manually.
+ * This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator.
+ *
+ * info:
+ *   title: Get Risk Engine Privileges Schema
+ *   version: 1
+ */
+
+import type { z } from 'zod';
+
+import { EntityAnalyticsPrivileges } from '../common/common.gen';
+
+export type RiskEngineGetPrivilegesResponse = z.infer<typeof RiskEngineGetPrivilegesResponse>;
+export const RiskEngineGetPrivilegesResponse = EntityAnalyticsPrivileges;
diff --git a/x-pack/plugins/security_solution/common/api/entity_analytics/risk_engine/get_risk_engine_privileges.schema.yaml b/x-pack/plugins/security_solution/common/api/entity_analytics/risk_engine/get_risk_engine_privileges.schema.yaml
new file mode 100644
index 00000000000000..0fcaf08f10c166
--- /dev/null
+++ b/x-pack/plugins/security_solution/common/api/entity_analytics/risk_engine/get_risk_engine_privileges.schema.yaml
@@ -0,0 +1,26 @@
+openapi: 3.0.0
+info:
+  title: Get Risk Engine Privileges Schema
+  version: '1'
+paths:
+  /internal/risk_engine/privileges:
+    get:
+      x-labels: [ess, serverless]
+      x-internal: true
+      x-codegen-enabled: true
+      operationId: RiskEngineGetPrivileges
+      summary: Get Risk Engine Privileges
+      responses:
+        '200':
+          description: Successful response
+          content:
+            application/json:
+              schema:
+                $ref: '../common/common.schema.yaml#/components/schemas/EntityAnalyticsPrivileges'
+              example:
+                elasticsearch:
+                  index:
+                    'risk-score.risk-score-*':
+                      read: true
+                      write: false
+                has_all_required: false
\ No newline at end of file
diff --git a/x-pack/plugins/security_solution/common/api/entity_analytics/risk_engine/index.ts b/x-pack/plugins/security_solution/common/api/entity_analytics/risk_engine/index.ts
index 97f11da2ef0907..94d587cd2bfc7c 100644
--- a/x-pack/plugins/security_solution/common/api/entity_analytics/risk_engine/index.ts
+++ b/x-pack/plugins/security_solution/common/api/entity_analytics/risk_engine/index.ts
@@ -14,3 +14,4 @@ export * from './engine_status_route.gen';
 export * from './calculation_route.gen';
 export * from './preview_route.gen';
 export * from './entity_calculation_route.gen';
+export * from './get_risk_engine_privileges.gen';
diff --git a/x-pack/plugins/security_solution/common/entity_analytics/risk_engine/privileges.test.ts b/x-pack/plugins/security_solution/common/entity_analytics/risk_engine/privileges.test.ts
index e0111b3d678719..caf7b640582a69 100644
--- a/x-pack/plugins/security_solution/common/entity_analytics/risk_engine/privileges.test.ts
+++ b/x-pack/plugins/security_solution/common/entity_analytics/risk_engine/privileges.test.ts
@@ -5,7 +5,7 @@
  * 2.0.
  */
 
-import type { EntityAnalyticsPrivileges } from '../../api/entity_analytics/asset_criticality/get_asset_criticality_privileges.gen';
+import type { EntityAnalyticsPrivileges } from '../../api/entity_analytics';
 import { getMissingRiskEnginePrivileges } from './privileges';
 
 describe('getMissingRiskEnginePrivileges', () => {
diff --git a/x-pack/plugins/security_solution/common/entity_analytics/risk_engine/privileges.ts b/x-pack/plugins/security_solution/common/entity_analytics/risk_engine/privileges.ts
index b0bbc39609b3b1..b03b9e2921325c 100644
--- a/x-pack/plugins/security_solution/common/entity_analytics/risk_engine/privileges.ts
+++ b/x-pack/plugins/security_solution/common/entity_analytics/risk_engine/privileges.ts
@@ -6,7 +6,7 @@
  */
 
 import type { NonEmptyArray } from 'fp-ts/NonEmptyArray';
-import type { EntityAnalyticsPrivileges } from '../../api/entity_analytics/asset_criticality/get_asset_criticality_privileges.gen';
+import type { EntityAnalyticsPrivileges } from '../../api/entity_analytics';
 import type { RiskEngineIndexPrivilege } from './constants';
 import {
   RISK_ENGINE_REQUIRED_ES_CLUSTER_PRIVILEGES,
diff --git a/x-pack/plugins/security_solution/public/entity_analytics/api/api.ts b/x-pack/plugins/security_solution/public/entity_analytics/api/api.ts
index 500c327d86b0c2..9351e34ab4b5bc 100644
--- a/x-pack/plugins/security_solution/public/entity_analytics/api/api.ts
+++ b/x-pack/plugins/security_solution/public/entity_analytics/api/api.ts
@@ -22,7 +22,7 @@ import type {
 import type {
   AssetCriticalityRecord,
   EntityAnalyticsPrivileges,
-} from '../../../common/api/entity_analytics/asset_criticality';
+} from '../../../common/api/entity_analytics';
 import type { RiskScoreEntity } from '../../../common/search_strategy';
 import {
   RISK_ENGINE_STATUS_URL,
diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/routes/bulk_upload.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/routes/bulk_upload.ts
index 822c8a644d9b3c..960f6c87be2834 100644
--- a/x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/routes/bulk_upload.ts
+++ b/x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/routes/bulk_upload.ts
@@ -4,13 +4,15 @@
  * 2.0; you may not use this file except in compliance with the Elastic License
  * 2.0.
  */
-import type { Logger } from '@kbn/core/server';
+import type { IKibanaResponse, Logger } from '@kbn/core/server';
 import { buildSiemResponse } from '@kbn/lists-plugin/server/routes/utils';
 import { transformError } from '@kbn/securitysolution-es-utils';
 import { Readable } from 'node:stream';
 import { buildRouteValidationWithZod } from '@kbn/zod-helpers';
-import type { BulkUpsertAssetCriticalityRecordsResponse } from '../../../../../common/api/entity_analytics';
-import { BulkUpsertAssetCriticalityRecordsRequestBody } from '../../../../../common/api/entity_analytics';
+import {
+  BulkUpsertAssetCriticalityRecordsRequestBody,
+  type BulkUpsertAssetCriticalityRecordsResponse,
+} from '../../../../../common/api/entity_analytics';
 import type { ConfigType } from '../../../../config';
 import {
   ASSET_CRITICALITY_PUBLIC_BULK_UPLOAD_URL,
@@ -46,7 +48,11 @@ export const assetCriticalityPublicBulkUploadRoute = (
           },
         },
       },
-      async (context, request, response) => {
+      async (
+        context,
+        request,
+        response
+      ): Promise<IKibanaResponse<BulkUpsertAssetCriticalityRecordsResponse>> => {
         const { errorRetries, maxBulkRequestBodySizeBytes } =
           config.entityAnalytics.assetCriticality.csvUpload;
         const { records } = request.body;
@@ -90,9 +96,7 @@ export const assetCriticalityPublicBulkUploadRoute = (
             () => `Asset criticality Bulk upload completed in ${tookMs}ms ${JSON.stringify(stats)}`
           );
 
-          const resBody: BulkUpsertAssetCriticalityRecordsResponse = { errors, stats };
-
-          return response.ok({ body: resBody });
+          return response.ok({ body: { errors, stats } });
         } catch (e) {
           logger.error(`Error during asset criticality bulk upload: ${e}`);
           const error = transformError(e);
diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/routes/get.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/routes/get.ts
index 99f7d3ff97ae44..ed63f6207fec1c 100644
--- a/x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/routes/get.ts
+++ b/x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/routes/get.ts
@@ -4,11 +4,14 @@
  * 2.0; you may not use this file except in compliance with the Elastic License
  * 2.0.
  */
-import type { Logger } from '@kbn/core/server';
+import type { IKibanaResponse, Logger } from '@kbn/core/server';
 import { buildSiemResponse } from '@kbn/lists-plugin/server/routes/utils';
 import { transformError } from '@kbn/securitysolution-es-utils';
 import { buildRouteValidationWithZod } from '@kbn/zod-helpers';
-import { GetAssetCriticalityRecordRequestQuery } from '../../../../../common/api/entity_analytics';
+import {
+  GetAssetCriticalityRecordRequestQuery,
+  type GetAssetCriticalityRecordResponse,
+} from '../../../../../common/api/entity_analytics';
 import {
   ASSET_CRITICALITY_PUBLIC_URL,
   APP_ID,
@@ -42,7 +45,11 @@ export const assetCriticalityPublicGetRoute = (
           },
         },
       },
-      async (context, request, response) => {
+      async (
+        context,
+        request,
+        response
+      ): Promise<IKibanaResponse<GetAssetCriticalityRecordResponse>> => {
         const siemResponse = buildSiemResponse(response);
         try {
           await assertAdvancedSettingsEnabled(await context.core, ENABLE_ASSET_CRITICALITY_SETTING);
diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/routes/list.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/routes/list.ts
index 711426e4df5103..64bbca127ed77c 100644
--- a/x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/routes/list.ts
+++ b/x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/routes/list.ts
@@ -4,7 +4,7 @@
  * 2.0; you may not use this file except in compliance with the Elastic License
  * 2.0.
  */
-import type { Logger } from '@kbn/core/server';
+import type { IKibanaResponse, Logger } from '@kbn/core/server';
 import { buildSiemResponse } from '@kbn/lists-plugin/server/routes/utils';
 import { transformError } from '@kbn/securitysolution-es-utils';
 import { buildRouteValidationWithZod } from '@kbn/zod-helpers';
@@ -43,7 +43,11 @@ export const assetCriticalityPublicListRoute = (
           },
         },
       },
-      async (context, request, response) => {
+      async (
+        context,
+        request,
+        response
+      ): Promise<IKibanaResponse<FindAssetCriticalityRecordsResponse>> => {
         const siemResponse = buildSiemResponse(response);
         try {
           await assertAdvancedSettingsEnabled(await context.core, ENABLE_ASSET_CRITICALITY_SETTING);
@@ -81,7 +85,7 @@ export const assetCriticalityPublicListRoute = (
             },
           });
 
-          const body: FindAssetCriticalityRecordsResponse = {
+          const body = {
             records,
             total,
             page,
diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/routes/privileges.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/routes/privileges.ts
index a3b4c48d828df5..7f6b80dd92909e 100644
--- a/x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/routes/privileges.ts
+++ b/x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/routes/privileges.ts
@@ -4,9 +4,10 @@
  * 2.0; you may not use this file except in compliance with the Elastic License
  * 2.0.
  */
-import type { Logger } from '@kbn/core/server';
+import type { IKibanaResponse, Logger } from '@kbn/core/server';
 import { buildSiemResponse } from '@kbn/lists-plugin/server/routes/utils';
 import { transformError } from '@kbn/securitysolution-es-utils';
+import type { AssetCriticalityGetPrivilegesResponse } from '../../../../../common/api/entity_analytics';
 import {
   ASSET_CRITICALITY_INTERNAL_PRIVILEGES_URL,
   APP_ID,
@@ -38,7 +39,11 @@ export const assetCriticalityInternalPrivilegesRoute = (
         version: API_VERSIONS.internal.v1,
         validate: false,
       },
-      async (context, request, response) => {
+      async (
+        context,
+        request,
+        response
+      ): Promise<IKibanaResponse<AssetCriticalityGetPrivilegesResponse>> => {
         const siemResponse = buildSiemResponse(response);
         try {
           await assertAdvancedSettingsEnabled(await context.core, ENABLE_ASSET_CRITICALITY_SETTING);
diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/routes/status.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/routes/status.ts
index 9d77817a20d98f..a0070503a3f8c6 100644
--- a/x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/routes/status.ts
+++ b/x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/routes/status.ts
@@ -4,7 +4,7 @@
  * 2.0; you may not use this file except in compliance with the Elastic License
  * 2.0.
  */
-import type { Logger } from '@kbn/core/server';
+import type { IKibanaResponse, Logger } from '@kbn/core/server';
 import { buildSiemResponse } from '@kbn/lists-plugin/server/routes/utils';
 import { transformError } from '@kbn/securitysolution-es-utils';
 import type { GetAssetCriticalityStatusResponse } from '../../../../../common/api/entity_analytics';
@@ -34,7 +34,11 @@ export const assetCriticalityInternalStatusRoute = (
     })
     .addVersion(
       { version: API_VERSIONS.internal.v1, validate: {} },
-      async (context, request, response) => {
+      async (
+        context,
+        request,
+        response
+      ): Promise<IKibanaResponse<GetAssetCriticalityStatusResponse>> => {
         const siemResponse = buildSiemResponse(response);
         try {
           await assertAdvancedSettingsEnabled(await context.core, ENABLE_ASSET_CRITICALITY_SETTING);
@@ -55,11 +59,10 @@ export const assetCriticalityInternalStatusRoute = (
             },
           });
 
-          const body: GetAssetCriticalityStatusResponse = {
-            asset_criticality_resources_installed: result.isAssetCriticalityResourcesInstalled,
-          };
           return response.ok({
-            body,
+            body: {
+              asset_criticality_resources_installed: result.isAssetCriticalityResourcesInstalled,
+            },
           });
         } catch (e) {
           const error = transformError(e);
diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/routes/upload_csv.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/routes/upload_csv.ts
index 6f69695f20a74e..cbe434ccb25cfa 100644
--- a/x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/routes/upload_csv.ts
+++ b/x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/routes/upload_csv.ts
@@ -4,7 +4,7 @@
  * 2.0; you may not use this file except in compliance with the Elastic License
  * 2.0.
  */
-import type { Logger } from '@kbn/core/server';
+import type { IKibanaResponse, Logger } from '@kbn/core/server';
 import { buildSiemResponse } from '@kbn/lists-plugin/server/routes/utils';
 import { schema } from '@kbn/config-schema';
 import Papa from 'papaparse';
@@ -57,7 +57,11 @@ export const assetCriticalityPublicCSVUploadRoute = (
           },
         },
       },
-      async (context, request, response) => {
+      async (
+        context,
+        request,
+        response
+      ): Promise<IKibanaResponse<UploadAssetCriticalityRecordsResponse>> => {
         const { errorRetries, maxBulkRequestBodySizeBytes } =
           config.entityAnalytics.assetCriticality.csvUpload;
 
diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/routes/upsert.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/routes/upsert.ts
index 02ff12b1b91d3b..8feeb822bdddfb 100644
--- a/x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/routes/upsert.ts
+++ b/x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/routes/upsert.ts
@@ -4,11 +4,14 @@
  * 2.0; you may not use this file except in compliance with the Elastic License
  * 2.0.
  */
-import type { Logger } from '@kbn/core/server';
+import type { IKibanaResponse, Logger } from '@kbn/core/server';
 import { buildSiemResponse } from '@kbn/lists-plugin/server/routes/utils';
 import { transformError } from '@kbn/securitysolution-es-utils';
 import { buildRouteValidationWithZod } from '@kbn/zod-helpers';
-import { CreateAssetCriticalityRecordRequestBody } from '../../../../../common/api/entity_analytics';
+import {
+  CreateAssetCriticalityRecordRequestBody,
+  type CreateAssetCriticalityRecordResponse,
+} from '../../../../../common/api/entity_analytics';
 import {
   ASSET_CRITICALITY_PUBLIC_URL,
   APP_ID,
@@ -42,7 +45,11 @@ export const assetCriticalityPublicUpsertRoute = (
           },
         },
       },
-      async (context, request, response) => {
+      async (
+        context,
+        request,
+        response
+      ): Promise<IKibanaResponse<CreateAssetCriticalityRecordResponse>> => {
         const siemResponse = buildSiemResponse(response);
         try {
           await assertAdvancedSettingsEnabled(await context.core, ENABLE_ASSET_CRITICALITY_SETTING);
diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_engine/routes/disable.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_engine/routes/disable.ts
index df45eb4ddb934d..59b4b4f77537ef 100644
--- a/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_engine/routes/disable.ts
+++ b/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_engine/routes/disable.ts
@@ -7,6 +7,7 @@
 
 import { buildSiemResponse } from '@kbn/lists-plugin/server/routes/utils';
 import { transformError } from '@kbn/securitysolution-es-utils';
+import type { IKibanaResponse } from '@kbn/core-http-server';
 import type { DisableRiskEngineResponse } from '../../../../../common/api/entity_analytics';
 import { RISK_ENGINE_DISABLE_URL, APP_ID } from '../../../../../common/constants';
 import { TASK_MANAGER_UNAVAILABLE_ERROR } from './translations';
@@ -29,59 +30,60 @@ export const riskEngineDisableRoute = (
     })
     .addVersion(
       { version: '1', validate: {} },
-      withRiskEnginePrivilegeCheck(getStartServices, async (context, request, response) => {
-        const securitySolution = await context.securitySolution;
+      withRiskEnginePrivilegeCheck(
+        getStartServices,
+        async (context, request, response): Promise<IKibanaResponse<DisableRiskEngineResponse>> => {
+          const securitySolution = await context.securitySolution;
 
-        securitySolution.getAuditLogger()?.log({
-          message: 'User attempted to disable the risk engine.',
-          event: {
-            action: RiskEngineAuditActions.RISK_ENGINE_DISABLE,
-            category: AUDIT_CATEGORY.DATABASE,
-            type: AUDIT_TYPE.CHANGE,
-            outcome: AUDIT_OUTCOME.UNKNOWN,
-          },
-        });
-
-        const siemResponse = buildSiemResponse(response);
-        const [_, { taskManager }] = await getStartServices();
-
-        const riskEngineClient = securitySolution.getRiskEngineDataClient();
-
-        if (!taskManager) {
           securitySolution.getAuditLogger()?.log({
-            message:
-              'User attempted to disable the risk engine, but the Kibana Task Manager was unavailable',
+            message: 'User attempted to disable the risk engine.',
             event: {
               action: RiskEngineAuditActions.RISK_ENGINE_DISABLE,
               category: AUDIT_CATEGORY.DATABASE,
               type: AUDIT_TYPE.CHANGE,
-              outcome: AUDIT_OUTCOME.FAILURE,
-            },
-            error: {
-              message:
-                'User attempted to disable the risk engine, but the Kibana Task Manager was unavailable',
+              outcome: AUDIT_OUTCOME.UNKNOWN,
             },
           });
 
-          return siemResponse.error({
-            statusCode: 400,
-            body: TASK_MANAGER_UNAVAILABLE_ERROR,
-          });
-        }
+          const siemResponse = buildSiemResponse(response);
+          const [_, { taskManager }] = await getStartServices();
 
-        try {
-          await riskEngineClient.disableRiskEngine({ taskManager });
-          const body: DisableRiskEngineResponse = { success: true };
-          return response.ok({ body });
-        } catch (e) {
-          const error = transformError(e);
+          const riskEngineClient = securitySolution.getRiskEngineDataClient();
 
-          return siemResponse.error({
-            statusCode: error.statusCode,
-            body: { message: error.message, full_error: JSON.stringify(e) },
-            bypassErrorFormat: true,
-          });
+          if (!taskManager) {
+            securitySolution.getAuditLogger()?.log({
+              message:
+                'User attempted to disable the risk engine, but the Kibana Task Manager was unavailable',
+              event: {
+                action: RiskEngineAuditActions.RISK_ENGINE_DISABLE,
+                category: AUDIT_CATEGORY.DATABASE,
+                type: AUDIT_TYPE.CHANGE,
+                outcome: AUDIT_OUTCOME.FAILURE,
+              },
+              error: {
+                message:
+                  'User attempted to disable the risk engine, but the Kibana Task Manager was unavailable',
+              },
+            });
+
+            return siemResponse.error({
+              statusCode: 400,
+              body: TASK_MANAGER_UNAVAILABLE_ERROR,
+            });
+          }
+
+          try {
+            await riskEngineClient.disableRiskEngine({ taskManager });
+            return response.ok({ body: { success: true } });
+          } catch (e) {
+            const error = transformError(e);
+            return siemResponse.error({
+              statusCode: error.statusCode,
+              body: { message: error.message, full_error: JSON.stringify(e) },
+              bypassErrorFormat: true,
+            });
+          }
         }
-      })
+      )
     );
 };
diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_engine/routes/enable.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_engine/routes/enable.ts
index e537a49b498a8c..24b3c3816440da 100644
--- a/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_engine/routes/enable.ts
+++ b/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_engine/routes/enable.ts
@@ -7,6 +7,7 @@
 
 import { buildSiemResponse } from '@kbn/lists-plugin/server/routes/utils';
 import { transformError } from '@kbn/securitysolution-es-utils';
+import type { IKibanaResponse } from '@kbn/core-http-server';
 import type { EnableRiskEngineResponse } from '../../../../../common/api/entity_analytics';
 import { RISK_ENGINE_ENABLE_URL, APP_ID } from '../../../../../common/constants';
 import { TASK_MANAGER_UNAVAILABLE_ERROR } from './translations';
@@ -29,57 +30,59 @@ export const riskEngineEnableRoute = (
     })
     .addVersion(
       { version: '1', validate: {} },
-      withRiskEnginePrivilegeCheck(getStartServices, async (context, request, response) => {
-        const securitySolution = await context.securitySolution;
+      withRiskEnginePrivilegeCheck(
+        getStartServices,
+        async (context, request, response): Promise<IKibanaResponse<EnableRiskEngineResponse>> => {
+          const securitySolution = await context.securitySolution;
 
-        securitySolution.getAuditLogger()?.log({
-          message: 'User attempted to enable the risk engine',
-          event: {
-            action: RiskEngineAuditActions.RISK_ENGINE_ENABLE,
-            category: AUDIT_CATEGORY.DATABASE,
-            type: AUDIT_TYPE.CHANGE,
-            outcome: AUDIT_OUTCOME.UNKNOWN,
-          },
-        });
-
-        const siemResponse = buildSiemResponse(response);
-        const [_, { taskManager }] = await getStartServices();
-        const riskEngineClient = securitySolution.getRiskEngineDataClient();
-        if (!taskManager) {
           securitySolution.getAuditLogger()?.log({
-            message:
-              'User attempted to enable the risk engine, but the Kibana Task Manager was unavailable',
+            message: 'User attempted to enable the risk engine',
             event: {
               action: RiskEngineAuditActions.RISK_ENGINE_ENABLE,
               category: AUDIT_CATEGORY.DATABASE,
               type: AUDIT_TYPE.CHANGE,
-              outcome: AUDIT_OUTCOME.FAILURE,
+              outcome: AUDIT_OUTCOME.UNKNOWN,
             },
-            error: {
+          });
+
+          const siemResponse = buildSiemResponse(response);
+          const [_, { taskManager }] = await getStartServices();
+          const riskEngineClient = securitySolution.getRiskEngineDataClient();
+          if (!taskManager) {
+            securitySolution.getAuditLogger()?.log({
               message:
                 'User attempted to enable the risk engine, but the Kibana Task Manager was unavailable',
-            },
-          });
+              event: {
+                action: RiskEngineAuditActions.RISK_ENGINE_ENABLE,
+                category: AUDIT_CATEGORY.DATABASE,
+                type: AUDIT_TYPE.CHANGE,
+                outcome: AUDIT_OUTCOME.FAILURE,
+              },
+              error: {
+                message:
+                  'User attempted to enable the risk engine, but the Kibana Task Manager was unavailable',
+              },
+            });
 
-          return siemResponse.error({
-            statusCode: 400,
-            body: TASK_MANAGER_UNAVAILABLE_ERROR,
-          });
-        }
+            return siemResponse.error({
+              statusCode: 400,
+              body: TASK_MANAGER_UNAVAILABLE_ERROR,
+            });
+          }
 
-        try {
-          await riskEngineClient.enableRiskEngine({ taskManager });
-          const body: EnableRiskEngineResponse = { success: true };
-          return response.ok({ body });
-        } catch (e) {
-          const error = transformError(e);
+          try {
+            await riskEngineClient.enableRiskEngine({ taskManager });
+            return response.ok({ body: { success: true } });
+          } catch (e) {
+            const error = transformError(e);
 
-          return siemResponse.error({
-            statusCode: error.statusCode,
-            body: { message: error.message, full_error: JSON.stringify(e) },
-            bypassErrorFormat: true,
-          });
+            return siemResponse.error({
+              statusCode: error.statusCode,
+              body: { message: error.message, full_error: JSON.stringify(e) },
+              bypassErrorFormat: true,
+            });
+          }
         }
-      })
+      )
     );
 };
diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_engine/routes/init.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_engine/routes/init.ts
index 160d040f6d9fc5..4657d21cbcbe04 100644
--- a/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_engine/routes/init.ts
+++ b/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_engine/routes/init.ts
@@ -7,6 +7,7 @@
 
 import { buildSiemResponse } from '@kbn/lists-plugin/server/routes/utils';
 import { transformError } from '@kbn/securitysolution-es-utils';
+import type { IKibanaResponse } from '@kbn/core-http-server';
 import type {
   InitRiskEngineResponse,
   InitRiskEngineResult,
@@ -31,75 +32,78 @@ export const riskEngineInitRoute = (
     })
     .addVersion(
       { version: '1', validate: {} },
-      withRiskEnginePrivilegeCheck(getStartServices, async (context, request, response) => {
-        const securitySolution = await context.securitySolution;
+      withRiskEnginePrivilegeCheck(
+        getStartServices,
+        async (context, request, response): Promise<IKibanaResponse<InitRiskEngineResponse>> => {
+          const securitySolution = await context.securitySolution;
 
-        securitySolution.getAuditLogger()?.log({
-          message: 'User attempted to initialize the risk engine',
-          event: {
-            action: RiskEngineAuditActions.RISK_ENGINE_INIT,
-            category: AUDIT_CATEGORY.DATABASE,
-            type: AUDIT_TYPE.CHANGE,
-            outcome: AUDIT_OUTCOME.UNKNOWN,
-          },
-        });
+          securitySolution.getAuditLogger()?.log({
+            message: 'User attempted to initialize the risk engine',
+            event: {
+              action: RiskEngineAuditActions.RISK_ENGINE_INIT,
+              category: AUDIT_CATEGORY.DATABASE,
+              type: AUDIT_TYPE.CHANGE,
+              outcome: AUDIT_OUTCOME.UNKNOWN,
+            },
+          });
 
-        const siemResponse = buildSiemResponse(response);
-        const [_, { taskManager }] = await getStartServices();
-        const riskEngineDataClient = securitySolution.getRiskEngineDataClient();
-        const riskScoreDataClient = securitySolution.getRiskScoreDataClient();
-        const spaceId = securitySolution.getSpaceId();
+          const siemResponse = buildSiemResponse(response);
+          const [_, { taskManager }] = await getStartServices();
+          const riskEngineDataClient = securitySolution.getRiskEngineDataClient();
+          const riskScoreDataClient = securitySolution.getRiskScoreDataClient();
+          const spaceId = securitySolution.getSpaceId();
 
-        try {
-          if (!taskManager) {
-            return siemResponse.error({
-              statusCode: 400,
-              body: TASK_MANAGER_UNAVAILABLE_ERROR,
-            });
-          }
+          try {
+            if (!taskManager) {
+              return siemResponse.error({
+                statusCode: 400,
+                body: TASK_MANAGER_UNAVAILABLE_ERROR,
+              });
+            }
 
-          const initResult = await riskEngineDataClient.init({
-            taskManager,
-            namespace: spaceId,
-            riskScoreDataClient,
-          });
-
-          const result: InitRiskEngineResult = {
-            risk_engine_enabled: initResult.riskEngineEnabled,
-            risk_engine_resources_installed: initResult.riskEngineResourcesInstalled,
-            risk_engine_configuration_created: initResult.riskEngineConfigurationCreated,
-            legacy_risk_engine_disabled: initResult.legacyRiskEngineDisabled,
-            errors: initResult.errors,
-          };
+            const initResult = await riskEngineDataClient.init({
+              taskManager,
+              namespace: spaceId,
+              riskScoreDataClient,
+            });
 
-          const initResponse: InitRiskEngineResponse = {
-            result,
-          };
+            const result: InitRiskEngineResult = {
+              risk_engine_enabled: initResult.riskEngineEnabled,
+              risk_engine_resources_installed: initResult.riskEngineResourcesInstalled,
+              risk_engine_configuration_created: initResult.riskEngineConfigurationCreated,
+              legacy_risk_engine_disabled: initResult.legacyRiskEngineDisabled,
+              errors: initResult.errors,
+            };
 
-          if (
-            !initResult.riskEngineEnabled ||
-            !initResult.riskEngineResourcesInstalled ||
-            !initResult.riskEngineConfigurationCreated
-          ) {
-            return siemResponse.error({
-              statusCode: 400,
+            if (
+              !initResult.riskEngineEnabled ||
+              !initResult.riskEngineResourcesInstalled ||
+              !initResult.riskEngineConfigurationCreated
+            ) {
+              return siemResponse.error({
+                statusCode: 400,
+                body: {
+                  message: result.errors.join('\n'),
+                  full_error: result,
+                },
+                bypassErrorFormat: true,
+              });
+            }
+            return response.ok({
               body: {
-                message: result.errors.join('\n'),
-                full_error: result,
+                result,
               },
+            });
+          } catch (e) {
+            const error = transformError(e);
+
+            return siemResponse.error({
+              statusCode: error.statusCode,
+              body: { message: error.message, full_error: JSON.stringify(e) },
               bypassErrorFormat: true,
             });
           }
-          return response.ok({ body: initResponse });
-        } catch (e) {
-          const error = transformError(e);
-
-          return siemResponse.error({
-            statusCode: error.statusCode,
-            body: { message: error.message, full_error: JSON.stringify(e) },
-            bypassErrorFormat: true,
-          });
         }
-      })
+      )
     );
 };
diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_engine/routes/privileges.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_engine/routes/privileges.ts
index 38b48aca7e5ab0..f14e06fa728681 100644
--- a/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_engine/routes/privileges.ts
+++ b/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_engine/routes/privileges.ts
@@ -7,7 +7,8 @@
 
 import { buildSiemResponse } from '@kbn/lists-plugin/server/routes/utils';
 import { transformError } from '@kbn/securitysolution-es-utils';
-import type { EntityAnalyticsPrivileges } from '../../../../../common/api/entity_analytics';
+import type { IKibanaResponse } from '@kbn/core-http-server';
+import type { RiskEngineGetPrivilegesResponse } from '../../../../../common/api/entity_analytics';
 import { RISK_ENGINE_PRIVILEGES_URL, APP_ID } from '../../../../../common/constants';
 import { AUDIT_CATEGORY, AUDIT_OUTCOME, AUDIT_TYPE } from '../../audit';
 import { RiskScoreAuditActions } from '../../risk_score/audit';
@@ -27,34 +28,41 @@ export const riskEnginePrivilegesRoute = (
         tags: ['access:securitySolution', `access:${APP_ID}-entity-analytics`],
       },
     })
-    .addVersion({ version: '1', validate: false }, async (context, request, response) => {
-      const siemResponse = buildSiemResponse(response);
-      const [_, { security }] = await getStartServices();
-      const securitySolution = await context.securitySolution;
+    .addVersion(
+      { version: '1', validate: false },
+      async (
+        context,
+        request,
+        response
+      ): Promise<IKibanaResponse<RiskEngineGetPrivilegesResponse>> => {
+        const siemResponse = buildSiemResponse(response);
+        const [_, { security }] = await getStartServices();
+        const securitySolution = await context.securitySolution;
 
-      const body: EntityAnalyticsPrivileges = await getUserRiskEnginePrivileges(request, security);
+        const body = await getUserRiskEnginePrivileges(request, security);
 
-      securitySolution.getAuditLogger()?.log({
-        message: 'User checked if they have the required privileges to configure the risk engine',
-        event: {
-          action: RiskScoreAuditActions.RISK_ENGINE_PRIVILEGES_GET,
-          category: AUDIT_CATEGORY.AUTHENTICATION,
-          type: AUDIT_TYPE.ACCESS,
-          outcome: AUDIT_OUTCOME.SUCCESS,
-        },
-      });
-
-      try {
-        return response.ok({
-          body,
+        securitySolution.getAuditLogger()?.log({
+          message: 'User checked if they have the required privileges to configure the risk engine',
+          event: {
+            action: RiskScoreAuditActions.RISK_ENGINE_PRIVILEGES_GET,
+            category: AUDIT_CATEGORY.AUTHENTICATION,
+            type: AUDIT_TYPE.ACCESS,
+            outcome: AUDIT_OUTCOME.SUCCESS,
+          },
         });
-      } catch (e) {
-        const error = transformError(e);
 
-        return siemResponse.error({
-          statusCode: error.statusCode,
-          body: error.message,
-        });
+        try {
+          return response.ok({
+            body,
+          });
+        } catch (e) {
+          const error = transformError(e);
+
+          return siemResponse.error({
+            statusCode: error.statusCode,
+            body: error.message,
+          });
+        }
       }
-    });
+    );
 };
diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_engine/routes/settings.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_engine/routes/settings.ts
index 1d39fbaf184206..e300f012b86cf1 100644
--- a/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_engine/routes/settings.ts
+++ b/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_engine/routes/settings.ts
@@ -7,6 +7,7 @@
 
 import { buildSiemResponse } from '@kbn/lists-plugin/server/routes/utils';
 import { transformError } from '@kbn/securitysolution-es-utils';
+import type { IKibanaResponse } from '@kbn/core-http-server';
 import type { ReadRiskEngineSettingsResponse } from '../../../../../common/api/entity_analytics/risk_engine';
 import { RISK_ENGINE_SETTINGS_URL, APP_ID } from '../../../../../common/constants';
 import { AUDIT_CATEGORY, AUDIT_OUTCOME, AUDIT_TYPE } from '../../audit';
@@ -22,41 +23,47 @@ export const riskEngineSettingsRoute = (router: EntityAnalyticsRoutesDeps['route
         tags: ['access:securitySolution', `access:${APP_ID}-entity-analytics`],
       },
     })
-    .addVersion({ version: '1', validate: {} }, async (context, request, response) => {
-      const siemResponse = buildSiemResponse(response);
+    .addVersion(
+      { version: '1', validate: {} },
+      async (
+        context,
+        request,
+        response
+      ): Promise<IKibanaResponse<ReadRiskEngineSettingsResponse>> => {
+        const siemResponse = buildSiemResponse(response);
 
-      const securitySolution = await context.securitySolution;
-      const riskEngineClient = securitySolution.getRiskEngineDataClient();
+        const securitySolution = await context.securitySolution;
+        const riskEngineClient = securitySolution.getRiskEngineDataClient();
 
-      try {
-        const result = await riskEngineClient.getConfiguration();
-        securitySolution.getAuditLogger()?.log({
-          message: 'User accessed risk engine configuration information',
-          event: {
-            action: RiskEngineAuditActions.RISK_ENGINE_CONFIGURATION_GET,
-            category: AUDIT_CATEGORY.DATABASE,
-            type: AUDIT_TYPE.ACCESS,
-            outcome: AUDIT_OUTCOME.SUCCESS,
-          },
-        });
+        try {
+          const result = await riskEngineClient.getConfiguration();
+          securitySolution.getAuditLogger()?.log({
+            message: 'User accessed risk engine configuration information',
+            event: {
+              action: RiskEngineAuditActions.RISK_ENGINE_CONFIGURATION_GET,
+              category: AUDIT_CATEGORY.DATABASE,
+              type: AUDIT_TYPE.ACCESS,
+              outcome: AUDIT_OUTCOME.SUCCESS,
+            },
+          });
 
-        if (!result) {
-          throw new Error('Unable to get risk engine configuration');
-        }
-        const body: ReadRiskEngineSettingsResponse = {
-          range: result.range,
-        };
-        return response.ok({
-          body,
-        });
-      } catch (e) {
-        const error = transformError(e);
+          if (!result) {
+            throw new Error('Unable to get risk engine configuration');
+          }
+          return response.ok({
+            body: {
+              range: result.range,
+            },
+          });
+        } catch (e) {
+          const error = transformError(e);
 
-        return siemResponse.error({
-          statusCode: error.statusCode,
-          body: { message: error.message, full_error: JSON.stringify(e) },
-          bypassErrorFormat: true,
-        });
+          return siemResponse.error({
+            statusCode: error.statusCode,
+            body: { message: error.message, full_error: JSON.stringify(e) },
+            bypassErrorFormat: true,
+          });
+        }
       }
-    });
+    );
 };
diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_engine/routes/status.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_engine/routes/status.ts
index 00806bfd437208..b3d0cc40824460 100644
--- a/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_engine/routes/status.ts
+++ b/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_engine/routes/status.ts
@@ -7,6 +7,7 @@
 
 import { buildSiemResponse } from '@kbn/lists-plugin/server/routes/utils';
 import { transformError } from '@kbn/securitysolution-es-utils';
+import type { IKibanaResponse } from '@kbn/core-http-server';
 import type { RiskEngineStatusResponse } from '../../../../../common/api/entity_analytics';
 import { RISK_ENGINE_STATUS_URL, APP_ID } from '../../../../../common/constants';
 import type { EntityAnalyticsRoutesDeps } from '../../types';
@@ -20,34 +21,37 @@ export const riskEngineStatusRoute = (router: EntityAnalyticsRoutesDeps['router'
         tags: ['access:securitySolution', `access:${APP_ID}-entity-analytics`],
       },
     })
-    .addVersion({ version: '1', validate: {} }, async (context, request, response) => {
-      const siemResponse = buildSiemResponse(response);
+    .addVersion(
+      { version: '1', validate: {} },
+      async (context, request, response): Promise<IKibanaResponse<RiskEngineStatusResponse>> => {
+        const siemResponse = buildSiemResponse(response);
 
-      const securitySolution = await context.securitySolution;
-      const riskEngineClient = securitySolution.getRiskEngineDataClient();
-      const spaceId = securitySolution.getSpaceId();
+        const securitySolution = await context.securitySolution;
+        const riskEngineClient = securitySolution.getRiskEngineDataClient();
+        const spaceId = securitySolution.getSpaceId();
 
-      try {
-        const { riskEngineStatus, legacyRiskEngineStatus, isMaxAmountOfRiskEnginesReached } =
-          await riskEngineClient.getStatus({
-            namespace: spaceId,
-          });
-
-        const body: RiskEngineStatusResponse = {
-          risk_engine_status: riskEngineStatus,
-          legacy_risk_engine_status: legacyRiskEngineStatus,
-          is_max_amount_of_risk_engines_reached: isMaxAmountOfRiskEnginesReached,
-        };
+        try {
+          const { riskEngineStatus, legacyRiskEngineStatus, isMaxAmountOfRiskEnginesReached } =
+            await riskEngineClient.getStatus({
+              namespace: spaceId,
+            });
 
-        return response.ok({ body });
-      } catch (e) {
-        const error = transformError(e);
+          return response.ok({
+            body: {
+              risk_engine_status: riskEngineStatus,
+              legacy_risk_engine_status: legacyRiskEngineStatus,
+              is_max_amount_of_risk_engines_reached: isMaxAmountOfRiskEnginesReached,
+            },
+          });
+        } catch (e) {
+          const error = transformError(e);
 
-        return siemResponse.error({
-          statusCode: error.statusCode,
-          body: { message: error.message, full_error: JSON.stringify(e) },
-          bypassErrorFormat: true,
-        });
+          return siemResponse.error({
+            statusCode: error.statusCode,
+            body: { message: error.message, full_error: JSON.stringify(e) },
+            bypassErrorFormat: true,
+          });
+        }
       }
-    });
+    );
 };
diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_score/routes/entity_calculation.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_score/routes/entity_calculation.ts
index c72a1706f089e5..4b1cf773a572b5 100644
--- a/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_score/routes/entity_calculation.ts
+++ b/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_score/routes/entity_calculation.ts
@@ -33,7 +33,7 @@ type Handler = (
   context: SecuritySolutionRequestHandlerContext,
   request: KibanaRequest<unknown, unknown, RiskScoresEntityCalculationRequest>,
   response: KibanaResponseFactory
-) => Promise<IKibanaResponse>;
+) => Promise<IKibanaResponse<RiskScoresCalculationResponse>>;
 
 const handler: (logger: Logger) => Handler = (logger) => async (context, request, response) => {
   const securityContext = await context.securitySolution;
@@ -101,7 +101,7 @@ const handler: (logger: Logger) => Handler = (logger) => async (context, request
 
     const filter = isEmpty(userFilter) ? [identifierFilter] : [userFilter, identifierFilter];
 
-    const result: RiskScoresCalculationResponse = await riskScoreService.calculateAndPersistScores({
+    const result = await riskScoreService.calculateAndPersistScores({
       pageSize,
       identifierType,
       index,
diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_score/routes/preview.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_score/routes/preview.ts
index 68e7f2fc50b74d..ae265d415288a0 100644
--- a/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_score/routes/preview.ts
+++ b/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_score/routes/preview.ts
@@ -5,10 +5,11 @@
  * 2.0.
  */
 
-import type { Logger } from '@kbn/core/server';
+import type { IKibanaResponse, Logger } from '@kbn/core/server';
 import { buildSiemResponse } from '@kbn/lists-plugin/server/routes/utils';
 import { transformError } from '@kbn/securitysolution-es-utils';
 import { buildRouteValidationWithZod } from '@kbn/zod-helpers';
+import type { RiskScoresPreviewResponse } from '../../../../../common/api/entity_analytics';
 import { RiskScoresPreviewRequest } from '../../../../../common/api/entity_analytics';
 import {
   APP_ID,
@@ -40,7 +41,7 @@ export const riskScorePreviewRoute = (
           request: { body: buildRouteValidationWithZod(RiskScoresPreviewRequest) },
         },
       },
-      async (context, request, response) => {
+      async (context, request, response): Promise<IKibanaResponse<RiskScoresPreviewResponse>> => {
         const siemResponse = buildSiemResponse(response);
         const securityContext = await context.securitySolution;
         const coreContext = await context.core;
diff --git a/x-pack/test/api_integration/services/security_solution_api.gen.ts b/x-pack/test/api_integration/services/security_solution_api.gen.ts
index 3877bb3faa6dd1..7d545b6d9ebb2b 100644
--- a/x-pack/test/api_integration/services/security_solution_api.gen.ts
+++ b/x-pack/test/api_integration/services/security_solution_api.gen.ts
@@ -122,6 +122,13 @@ after 30 days. It also deletes other artifacts specific to the migration impleme
         .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
         .send(props.body as object);
     },
+    assetCriticalityGetPrivileges() {
+      return supertest
+        .get('/internal/asset_criticality/privileges')
+        .set('kbn-xsrf', 'true')
+        .set(ELASTIC_HTTP_VERSION_HEADER, '1')
+        .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana');
+    },
     /**
      * Create new detection rules in bulk.
      */
@@ -730,6 +737,13 @@ detection engine rules.
         .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
         .query(props.query);
     },
+    riskEngineGetPrivileges() {
+      return supertest
+        .get('/internal/risk_engine/privileges')
+        .set('kbn-xsrf', 'true')
+        .set(ELASTIC_HTTP_VERSION_HEADER, '1')
+        .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana');
+    },
     rulePreview(props: RulePreviewProps) {
       return supertest
         .post('/api/detection_engine/rules/preview')