[8.x] [EDR Workflows] Enable UI for Automated Actions in more rule ty…

…pes (#193390) (#194153)

# Backport

This will backport the following commits from `main` to `8.x`:
- [[EDR Workflows] Enable UI for Automated Actions in more rule types
(#193390)](#193390)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Tomasz
Ciecierski","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-09-26T13:56:42Z","message":"[EDR
Workflows] Enable UI for Automated Actions in more rule types
(#193390)","sha":"357a82c8a7ea15366450ba4761837d0f78eadd3b","branchLabelMapping":{"^v9.0.0$":"main","^v8.16.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:Defend
Workflows","v8.16.0","backport:version"],"title":"[EDR Workflows] Enable
UI for Automated Actions in more rule
types","number":193390,"url":"https://github.com/elastic/kibana/pull/193390","mergeCommit":{"message":"[EDR
Workflows] Enable UI for Automated Actions in more rule types
(#193390)","sha":"357a82c8a7ea15366450ba4761837d0f78eadd3b"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/193390","number":193390,"mergeCommit":{"message":"[EDR
Workflows] Enable UI for Automated Actions in more rule types
(#193390)","sha":"357a82c8a7ea15366450ba4761837d0f78eadd3b"}},{"branch":"8.x","label":"v8.16.0","branchLabelMappingKey":"^v8.16.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: Tomasz Ciecierski <[email protected]>

x-pack/plugins/security_solution/common/detection_engine/utils.ts

@@ -94,13 +94,8 @@ export const isSuppressionRuleInGA = (ruleType: Type): boolean => {
   return isSuppressibleAlertRule(ruleType) && SUPPRESSIBLE_ALERT_RULES_GA.includes(ruleType);
 };
 
-export const shouldShowResponseActions = (
-  ruleType: Type | undefined,
-  automatedResponseActionsForMoreRulesEnabled: boolean
-) => {
+export const shouldShowResponseActions = (ruleType: Type | undefined) => {
   return (
-    isQueryRule(ruleType) ||
-    (automatedResponseActionsForMoreRulesEnabled &&
-      (isEsqlRule(ruleType) || isEqlRule(ruleType) || isNewTermsRule(ruleType)))
+    isQueryRule(ruleType) || isEsqlRule(ruleType) || isEqlRule(ruleType) || isNewTermsRule(ruleType)
   );
 };

x-pack/plugins/security_solution/common/experimental_features.ts

@@ -52,11 +52,6 @@ export const allowedExperimentalValues = Object.freeze({
    */
   automatedProcessActionsEnabled: true,
 
-  /**
-   * Temporary feature flag to enable the Response Actions in Rules UI - intermediate release
-   */
-  automatedResponseActionsForMoreRulesEnabled: false,
-
   /**
    * Enables the ability to send Response actions to SentinelOne and persist the results
    * in ES. Adds API changes to support `agentType` and supports `isolate` and `release`

x-pack/plugins/security_solution/public/detection_engine/rule_creation/components/step_rule_actions/index.tsx

@@ -16,7 +16,6 @@ import type {
 } from '@kbn/triggers-actions-ui-plugin/public';
 import { UseArray } from '@kbn/es-ui-shared-plugin/static/forms/hook_form_lib';
 import type { Type } from '@kbn/securitysolution-io-ts-alerting-types';
-import { useIsExperimentalFeatureEnabled } from '../../../../common/hooks/use_experimental_features';
 import { shouldShowResponseActions } from '../../../../../common/detection_engine/utils';
 import type { RuleObjectId } from '../../../../../common/api/detection_engine/model/rule_schema';
 import { ResponseActionsForm } from '../../../rule_response_actions/response_actions_form';
@@ -85,9 +84,7 @@ const StepRuleActionsComponent: FC<StepRuleActionsProps> = ({
   const {
     services: { application },
   } = useKibana();
-  const automatedResponseActionsForMoreRulesEnabled = useIsExperimentalFeatureEnabled(
-    'automatedResponseActionsForMoreRulesEnabled'
-  );
+
   const displayActionsOptions = useMemo(
     () => (
       <>
@@ -105,15 +102,15 @@ const StepRuleActionsComponent: FC<StepRuleActionsProps> = ({
     [actionMessageParams, summaryActionMessageParams]
   );
   const displayResponseActionsOptions = useMemo(() => {
-    if (shouldShowResponseActions(ruleType, automatedResponseActionsForMoreRulesEnabled)) {
+    if (shouldShowResponseActions(ruleType)) {
       return (
         <UseArray path="responseActions" initialNumberOfItems={0}>
           {ResponseActionsForm}
         </UseArray>
       );
     }
     return null;
-  }, [ruleType, automatedResponseActionsForMoreRulesEnabled]);
+  }, [ruleType]);
   // only display the actions dropdown if the user has "read" privileges for actions
   const displayActionsDropDown = useMemo(() => {
     return application.capabilities.actions.show ? (

x-pack/plugins/security_solution/public/management/cypress/e2e/automated_response_actions/form.cy.ts

@@ -30,7 +30,6 @@ describe(
         kbnServerArgs: [
           `--xpack.securitySolution.enableExperimental=${JSON.stringify([
             'automatedProcessActionsEnabled',
-            'automatedResponseActionsForMoreRulesEnabled',
           ])}`,
         ],
       },

x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/utils/validate.ts

@@ -70,14 +70,7 @@ export const validateResponseActionsPermissions = async (
   ruleUpdate: RuleCreateProps | RuleUpdateProps,
   existingRule?: RuleAlertType | null
 ): Promise<void> => {
-  const { experimentalFeatures } = await securitySolution.getConfig();
-
-  if (
-    !shouldShowResponseActions(
-      ruleUpdate.type,
-      experimentalFeatures.automatedResponseActionsForMoreRulesEnabled
-    )
-  ) {
+  if (!shouldShowResponseActions(ruleUpdate.type)) {
     return;
   }