[Security Solution][Serverless] Manage/restrict endpoint exceptions on serverless via PLI definitions

[ashokaditya]

Summary

WIP
blocked by /pull/163759

Adds kibana sub-features to manage endpoint exceptions for alerts and rules.

Checklist

• Any text added follows EUI's writing guidelines, uses sentence case text and includes i18n support
• Documentation was added for features that require explanation or tutorials
• Unit or functional tests were updated or added to match the most common scenarios
• Any UI touched in this PR is usable by keyboard only (learn more about keyboard accessibility)
• Any UI touched in this PR does not create any new axe failures (run axe in browser: FF, Chrome)
• If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the docker list
• This renders correctly on smaller devices using a responsive layout. (You can test this in your browser)
• This was checked for cross-browser compatibility

Risk Matrix

Delete this section if it is not applicable to this PR.

Before closing this PR, invite QA, stakeholders, and other developers to identify risks that should be tested prior to the change/feature release.

When forming the risk matrix, consider some of the following examples and how they may potentially impact the change:

Risk	Probability	Severity	Mitigation/Notes
Multiple Spaces—unexpected behavior in non-default Kibana Space.	Low	High	Integration tests will verify that all features are still supported in non-default Kibana Space and when user switches between spaces.
Multiple nodes—Elasticsearch polling might have race conditions when multiple Kibana nodes are polling for the same tasks.	High	Low	Tasks are idempotent, so executing them multiple times will not result in logical error, but will degrade performance. To test for this case we add plenty of unit tests around this logic and document manual testing procedure.
Code should gracefully handle cases when feature X or plugin Y are disabled.	Medium	High	Unit tests will verify that any feature flag or plugin combination still results in our service operational.
See more potential risk examples

For maintainers

• This was checked for breaking API changes and was labeled appropriately

[kibana-ci]

💔 Build Failed

• Buildkite Build
• Commit: 8dc444b
• Interpreting CI Failures

Failed CI Steps

• Jest Tests #2
• Jest Tests #19
• FTR Configs #8
• Security Solution Cypress Tests #3
• Security Solution Cypress Tests #3
• Security Solution Cypress Tests #6
• Security Solution Cypress Tests #6
• Defend Workflows Cypress Tests #1
• Defend Workflows Cypress Tests #1
• Defend Workflows Endpoint Cypress Tests #3

Test Failures

• [job] [logs] Jest Tests #19 / Actions Alert context menu enabled? it disables for event.kind: alert and agent.type: endpoint
• [job] [logs] Jest Tests #19 / Actions Alert context menu enabled? it disables for event.kind: undefined and agent.type: endpoint
• [job] [logs] Jest Tests #19 / Actions Alert context menu enabled? it disables for eventType=raw
• [job] [logs] Jest Tests #19 / Actions Alert context menu enabled? it does not render the analyze event button when the event is from an unsupported source
• [job] [logs] Jest Tests #19 / Actions Alert context menu enabled? it enables for event.kind: event and agent.type: endpoint
• [job] [logs] Jest Tests #19 / Actions Alert context menu enabled? it enables for eventType=signal
• [job] [logs] Jest Tests #19 / Actions Alert context menu enabled? it should not show session view button on action tabs for basic users
• [job] [logs] Jest Tests #19 / Actions Alert context menu enabled? it shows the analyze event button when the event is from an endpoint
• [job] [logs] Jest Tests #19 / Actions Guided Onboarding Step if all conditions make isTourAnchor=true, SecurityTourStep is active
• [job] [logs] Jest Tests #19 / Actions Guided Onboarding Step if isTourAnchor=false, SecurityTourStep is not active
• [job] [logs] Jest Tests #19 / Actions Guided Onboarding Step if isTourShown is false [isTourAnchor=false], SecurityTourStep is not active
• [job] [logs] Jest Tests #19 / Actions Guided Onboarding Step on expand event click and SecurityTourStep is active, but step is not 2, do not incrementStep
• [job] [logs] Jest Tests #19 / Actions Guided Onboarding Step on expand event click and SecurityTourStep is active, incrementStep
• [job] [logs] Jest Tests #19 / Actions Guided Onboarding Step on expand event click and SecurityTourStep is not active, do not incrementStep
• [job] [logs] Jest Tests #19 / Actions Guided Onboarding Step tour condition true: ariaRowindex Single condition does not make tour step exist
• [job] [logs] Jest Tests #19 / Actions Guided Onboarding Step tour condition true: ecsData Single condition does not make tour step exist
• [job] [logs] Jest Tests #19 / Actions Guided Onboarding Step tour condition true: timelineId Single condition does not make tour step exist
• [job] [logs] Jest Tests #19 / Actions it does NOT render a checkbox for selecting the event when showCheckboxes is false
• [job] [logs] Jest Tests #19 / Actions it does NOT render a checkbox for selecting the event when tGridEnabled is true
• [job] [logs] Jest Tests #19 / Actions it renders a checkbox for selecting the event when showCheckboxes is true
• [job] [logs] Security Solution Cypress Tests #6 / Endpoint Exceptions workflows from Alert Should be able to create and close single Endpoint exception from overflow menu Should be able to create and close single Endpoint exception from overflow menu
• [job] [logs] Security Solution Cypress Tests #6 / Endpoint Exceptions workflows from Alert Should be able to create and close single Endpoint exception from overflow menu Should be able to create and close single Endpoint exception from overflow menu
• [job] [logs] Security Solution Cypress Tests #6 / Endpoint Exceptions workflows from Alert Should be able to create Endpoint exception from Alerts take action button, and change multiple exception items without resetting to initial auto-prefilled entries Should be able to create Endpoint exception from Alerts take action button, and change multiple exception items without resetting to initial auto-prefilled entries
• [job] [logs] Security Solution Cypress Tests #6 / Endpoint Exceptions workflows from Alert Should be able to create Endpoint exception from Alerts take action button, and change multiple exception items without resetting to initial auto-prefilled entries Should be able to create Endpoint exception from Alerts take action button, and change multiple exception items without resetting to initial auto-prefilled entries
• [job] [logs] Defend Workflows Endpoint Cypress Tests #3 / Endpoint generated alerts "before all" hook for "should create a Detection Engine alert from an endpoint alert" "before all" hook for "should create a Detection Engine alert from an endpoint alert"
• [job] [logs] FTR Configs #8 / endpoint Response Actions Responder from timeline should show Responder from alert in a timeline
• [job] [logs] Jest Tests #2 / event details footer component it renders the take action dropdown
• [job] [logs] Jest Tests #2 / EventColumnView it does NOT render a notes button when isEventsViewer is true
• [job] [logs] Jest Tests #2 / EventColumnView it does NOT render a pin button when isEventViewer is true
• [job] [logs] Jest Tests #2 / EventColumnView it invokes toggleShowNotes when the button for adding notes is clicked
• [job] [logs] Jest Tests #2 / EventColumnView it renders a custom control column in addition to the default control column
• [job] [logs] Jest Tests #2 / EventColumnView it renders correct tooltip for NotesButton - timeline
• [job] [logs] Jest Tests #2 / EventColumnView it renders correct tooltip for NotesButton - timeline template
• [job] [logs] Security Solution Cypress Tests #3 / Manage lists from "Shared Exception Lists" page Create/Export/Delete List Export exception list Export exception list
• [job] [logs] Security Solution Cypress Tests #3 / Manage lists from "Shared Exception Lists" page Create/Export/Delete List Export exception list Export exception list
• [job] [logs] Defend Workflows Cypress Tests #1 / When defining a kibana role for Endpoint security access should display RBAC entries with expected controls should display RBAC entries with expected controls
• [job] [logs] Defend Workflows Cypress Tests #1 / When defining a kibana role for Endpoint security access should display RBAC entries with expected controls should display RBAC entries with expected controls

Metrics [docs]

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id	before	after	diff
securitySolution	15.6MB	15.6MB	+1.7KB

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id	before	after	diff
securitySolution	62.2KB	62.3KB	+43.0B
securitySolutionServerless	37.9KB	38.0KB	+70.0B
total			+113.0B

History

• 💔 Build #150414 failed f66f917
• 💔 Build #150053 failed 8b34931
• 💔 Build #150039 failed 89d14cd
• 💔 Build #149657 failed 7f14fec

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @ashokaditya

[ashokaditya]

closed in favour of /pull/164107