[Security Solution][Exceptions] - Fixes up some bugs in the all exception items view

[yctercero]

Summary

Addresses #140709, #141056, #141421, #141042

• Removed the option of selecting a single row - not sure there's much use there.

• Updated text under exception tabs to indicate to user where each exception type is evaluated

• Updated the exception lists management page search placeholder

• Fixed some jank occurring on changing rows per page in the exception tabs

rowChange.mov

Checklist

• Any text added follows EUI's writing guidelines, uses sentence case text and includes i18n support
• Documentation was added for features that require explanation or tutorials
• Unit or functional tests were updated or added to match the most common scenarios
• Any UI touched in this PR is usable by keyboard only (learn more about keyboard accessibility)
• Any UI touched in this PR does not create any new axe failures (run axe in browser: FF, Chrome)
• If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the docker list
• This renders correctly on smaller devices using a responsive layout. (You can test this in your browser)
• This was checked for cross-browser compatibility

[elasticmachine]

Pinging @elastic/security-solution (Team: SecuritySolution)

[yctercero]

@elasticmachine merge upstream

[dhurley14]

Looks great thanks for the fixes!

[xcrzx]

It looks like there's a bug somewhere in the exception pagination. I just opened a random rule and saw "Showing 1-0 of 0":

[nastasha-solomon]

@yctercero thanks for tagging the docs team for the UI copy review! Please find my comments and questions below.

Recommend capitalizing "id" in the placeholder text.

Couple notes/questions about this image:

• If the sentence at the top always displays (i.e., it shows regardless of whether endpoint/rule exceptions exist) you can probably remove "Endpoint exceptions are applied to the endpoint and the rule detection" from the center text.
• Can we change the sentence at the top to align it with the language we use in our docs? For example, "Endpoint exceptions are added to both the detection rule and the Elastic Endpoint agent on your hosts." I feel like this explanation is pretty clear (shoutout to @joepeeples for the lang)
• Where is the second sentence linking to? In its current state, I'm not quite sure what it's recommending.

A few suggestions for the text in this image:

• Swap "e.g." with "for example". We try to avoid using abbreviations like i.e. and e.g. to accomodate ESL folks.
• Is the query in the placeholder text KQL? If it is, what are your thoughts on the following revision:
  Filter exceptions using Kibana Query Language (KQL), for example, name:"my list"

[yctercero]

@yctercero thanks for tagging the docs team for the UI copy review! Please find my comments and questions below.

Recommend capitalizing "id" in the placeholder text.

I updated it to specify that it was meant to be list_id, not the list ID. Does that make sense?

Couple notes/questions about this image:

• If the sentence at the top always displays (i.e., it shows regardless of whether endpoint/rule exceptions exist) you can probably remove "Endpoint exceptions are applied to the endpoint and the rule detection" from the center text.

Done!

• Can we change the sentence at the top to align it with the language we use in our docs? For example, "Endpoint exceptions are added to both the detection rule and the Elastic Endpoint agent on your hosts." I feel like this explanation is pretty clear (shoutout to @joepeeples for the lang)
• Where is the second sentence linking to? In its current state, I'm not quite sure what it's recommending.

Yea, I like that. I updated the text and removed that link - it was confusing. I was trying to give guidance as to how to link the endpoint list to the rule, but it's super not clear.

A few suggestions for the text in this image:

• Swap "e.g." with "for example". We try to avoid using abbreviations like i.e. and e.g. to accomodate ESL folks.
• Is the query in the placeholder text KQL? If it is, what are your thoughts on the following revision:
  Filter exceptions using Kibana Query Language (KQL), for example, name:"my list"

Updated the text! It's not KQL, it's simple query syntax - I updated it to try to reflect that - let me know what you think.

[yctercero]

It looks like there's a bug somewhere in the exception pagination. I just opened a random rule and saw "Showing 1-0 of 0":

Thanks for finding this! It's a result of an empty exception list being linked to a rule. Pushed up a fix.

[kibana-ci]

💚 Build Succeeded

• Buildkite Build
• Commit: e4da812

Metrics [docs]

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id	before	after	diff
securitySolution	6.6MB	6.6MB	+1.6KB

History

• 💔 Build #75395 failed 1b9a011
• 💔 Build #75374 failed 8848cf6

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @yctercero

[xcrzx]

Thank you for the fixes, LGTM 👍

[yctercero]

@nastasha-solomon I'm going to merge, but please still comment if changes are needed to copy and I will follow up with them.

[nastasha-solomon]

Just left one comment. Thanks!

[nastasha-solomon]

Sorry for the delayed response. Feel free to revert this to list id or list ID so that it matches the way you're representing the name field in this helper text. That's all - everything else looks good. :) Thank you!

[yctercero]

All good! I'll update and post follow up PR

[yctercero]

Fixed here - #142258

[kibanamachine]

💚 All backports created successfully

Status	Branch	Result
✅	8.5

Note: Successful backport PRs will be merged automatically after passing CI.

Questions ?

Please refer to the Backport tool documentation