[8.x] [Detection Engine] Remove technical preview for certain rule ty…

…pes of alert suppression (#195425) (#195694)

# Backport

This will backport the following commits from `main` to `8.x`:
- [[Detection Engine] Remove technical preview for certain rule types of
alert suppression
(#195425)](#195425)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Yara
Tercero","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-10-10T00:14:03Z","message":"[Detection
Engine] Remove technical preview for certain rule types of alert
suppression (#195425)\n\n## Summary\r\n\r\nGA-ing alert suppression for
IM rule, ML rule, Threshold rule, ES|QL\r\nrule and New Terms rule.
Thanks to @vitaliidm for setting up the\r\ngroundwork to easily update
which rules GA.\r\n\r\nRules that remain in technical preview are:
EQL.","sha":"65ed9899de2733ec7017ef7277bd24723131684a","branchLabelMapping":{"^v9.0.0$":"main","^v8.16.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:Detection
Engine","v8.16.0","backport:version"],"title":"[Detection Engine] Remove
technical preview for certain rule types of alert
suppression","number":195425,"url":"https://github.com/elastic/kibana/pull/195425","mergeCommit":{"message":"[Detection
Engine] Remove technical preview for certain rule types of alert
suppression (#195425)\n\n## Summary\r\n\r\nGA-ing alert suppression for
IM rule, ML rule, Threshold rule, ES|QL\r\nrule and New Terms rule.
Thanks to @vitaliidm for setting up the\r\ngroundwork to easily update
which rules GA.\r\n\r\nRules that remain in technical preview are:
EQL.","sha":"65ed9899de2733ec7017ef7277bd24723131684a"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/195425","number":195425,"mergeCommit":{"message":"[Detection
Engine] Remove technical preview for certain rule types of alert
suppression (#195425)\n\n## Summary\r\n\r\nGA-ing alert suppression for
IM rule, ML rule, Threshold rule, ES|QL\r\nrule and New Terms rule.
Thanks to @vitaliidm for setting up the\r\ngroundwork to easily update
which rules GA.\r\n\r\nRules that remain in technical preview are:
EQL.","sha":"65ed9899de2733ec7017ef7277bd24723131684a"}},{"branch":"8.x","label":"v8.16.0","branchLabelMappingKey":"^v8.16.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: Yara Tercero <[email protected]>

x-pack/plugins/security_solution/common/detection_engine/constants.ts

@@ -51,4 +51,12 @@ export const SUPPRESSIBLE_ALERT_RULES: Type[] = [
   'machine_learning',
 ];
 
-export const SUPPRESSIBLE_ALERT_RULES_GA: Type[] = ['saved_query', 'query'];
+export const SUPPRESSIBLE_ALERT_RULES_GA: Type[] = [
+  'threshold',
+  'esql',
+  'saved_query',
+  'query',
+  'new_terms',
+  'threat_match',
+  'machine_learning',
+];

x-pack/plugins/security_solution/common/detection_engine/utils.test.ts

@@ -250,14 +250,14 @@ describe('Alert Suppression Rules', () => {
     test('should return true for rule type suppression in global availability', () => {
       expect(isSuppressionRuleInGA('saved_query')).toBe(true);
       expect(isSuppressionRuleInGA('query')).toBe(true);
+      expect(isSuppressionRuleInGA('esql')).toBe(true);
+      expect(isSuppressionRuleInGA('threshold')).toBe(true);
+      expect(isSuppressionRuleInGA('threat_match')).toBe(true);
+      expect(isSuppressionRuleInGA('new_terms')).toBe(true);
+      expect(isSuppressionRuleInGA('machine_learning')).toBe(true);
     });
 
     test('should return false for rule type suppression in tech preview', () => {
-      expect(isSuppressionRuleInGA('machine_learning')).toBe(false);
-      expect(isSuppressionRuleInGA('esql')).toBe(false);
-      expect(isSuppressionRuleInGA('threshold')).toBe(false);
-      expect(isSuppressionRuleInGA('threat_match')).toBe(false);
-      expect(isSuppressionRuleInGA('new_terms')).toBe(false);
       expect(isSuppressionRuleInGA('eql')).toBe(false);
     });
   });

x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/step_define_rule/translations.tsx

@@ -205,15 +205,15 @@ export const THRESHOLD_SUPPRESSION_PER_RULE_EXECUTION_WARNING = i18n.translate(
 export const getEnableThresholdSuppressionLabel = (fields: string[] | undefined) =>
   fields?.length ? (
     <FormattedMessage
-      id="xpack.securitySolution.detectionEngine.createRule.stepDefineRule.enableThresholdSuppressionForFieldsLabel"
-      defaultMessage="Suppress alerts by selected fields: {fieldsString} (Technical Preview)"
+      id="xpack.securitySolution.detectionEngine.createRule.stepDefineRule.ga.enableThresholdSuppressionForFieldsLabel"
+      defaultMessage="Suppress alerts by selected fields: {fieldsString}"
       values={{ fieldsString: <strong>{fields.join(', ')}</strong> }}
     />
   ) : (
     i18n.translate(
-      'xpack.securitySolution.detectionEngine.createRule.stepDefineRule.enableThresholdSuppressionLabel',
+      'xpack.securitySolution.detectionEngine.createRule.stepDefineRule.ga.enableThresholdSuppressionLabel',
       {
-        defaultMessage: 'Suppress alerts (Technical Preview)',
+        defaultMessage: 'Suppress alerts',
       }
     )
   );

x-pack/plugins/translations/translations/fr-FR.json

@@ -36145,8 +36145,6 @@
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.customThreatQueryFieldRequiredEmptyError": "Toutes les correspondances requièrent un champ et un champ d'index des menaces.",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.customThreatQueryFieldRequiredError": "Au moins une correspondance d'indicateur est requise.",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.dataViewSelectorFieldRequired": "Veuillez sélectionner une vue des données ou un modèle d'index disponible.",
-    "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.enableThresholdSuppressionForFieldsLabel": "Supprimer les alertes par champs sélectionnés : {fieldsString} (version d'évaluation technique)",
-    "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.enableThresholdSuppressionLabel": "Supprimer les alertes (version d'évaluation technique)",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.EqlQueryBarLabel": "Requête EQL",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.eqlQueryFieldRequiredError": "Une requête EQL est requise.",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.eqlSequenceSuppressionDisableText": "La suppression n'est pas prise en charge pour les requêtes de séquence EQL.",

x-pack/plugins/translations/translations/ja-JP.json

@@ -35889,8 +35889,6 @@
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.customThreatQueryFieldRequiredEmptyError": "すべての一致には、フィールドと脅威インデックスフィールドの両方が必要です。",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.customThreatQueryFieldRequiredError": "1 つ以上のインジケーター一致が必要です。",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.dataViewSelectorFieldRequired": "使用可能なデータビューまたはインデックスパターンを選択してください。",
-    "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.enableThresholdSuppressionForFieldsLabel": "選択したフィールドでアラートを非表示：{fieldsString}（テクニカルプレビュー）",
-    "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.enableThresholdSuppressionLabel": "アラートを抑制（テクニカルプレビュー）",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.EqlQueryBarLabel": "EQL クエリ",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.eqlQueryFieldRequiredError": "EQLクエリは必須です。",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.eqlSequenceSuppressionDisableText": "EQLシーケンスクエリでは抑制はサポートされていません。",

x-pack/plugins/translations/translations/zh-CN.json

@@ -35933,8 +35933,6 @@
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.customThreatQueryFieldRequiredEmptyError": "所有匹配项都需要字段和威胁索引字段。",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.customThreatQueryFieldRequiredError": "至少需要一个指标匹配。",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.dataViewSelectorFieldRequired": "请选择可用的数据视图或索引模式。",
-    "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.enableThresholdSuppressionForFieldsLabel": "选定字段阻止告警：{fieldsString}（技术预览）",
-    "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.enableThresholdSuppressionLabel": "阻止告警（技术预览）",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.EqlQueryBarLabel": "EQL 查询",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.eqlQueryFieldRequiredError": "EQL 查询必填。",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.eqlSequenceSuppressionDisableText": "EQL 序列查询不支持阻止。",

x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/indicator_match_rule_suppression.cy.ts

@@ -12,7 +12,6 @@ import {
   SUPPRESS_FOR_DETAILS,
   SUPPRESS_BY_DETAILS,
   SUPPRESS_MISSING_FIELD,
-  DETAILS_TITLE,
 } from '../../../../screens/rule_details';
 
 import {
@@ -67,9 +66,6 @@ describe(
           'have.text',
           'Suppress and group alerts for events with missing fields'
         );
-
-        // suppression functionality should be under Tech Preview
-        cy.contains(DETAILS_TITLE, SUPPRESS_FOR_DETAILS).contains('Technical Preview');
       });
 
       fillAboutRuleMinimumAndContinue(rule);

x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/indicator_match_rule_suppression_ess_basic.cy.ts

@@ -9,7 +9,6 @@ import { getNewThreatIndicatorRule } from '../../../../objects/rule';
 
 import {
   SUPPRESS_FOR_DETAILS,
-  DETAILS_TITLE,
   SUPPRESS_BY_DETAILS,
   SUPPRESS_MISSING_FIELD,
   DEFINITION_DETAILS,
@@ -62,9 +61,6 @@ describe(
               'have.text',
               'Do not suppress alerts for events with missing fields'
             );
-
-            // suppression functionality should be under Tech Preview
-            cy.contains(DETAILS_TITLE, SUPPRESS_FOR_DETAILS).contains('Technical Preview');
           });
 
           // Platinum license is required for configuration to apply

x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/machine_learning_rule_suppression.cy.ts

@@ -13,7 +13,6 @@ import {
 } from '../../../../screens/create_new_rule';
 import {
   DEFINITION_DETAILS,
-  DETAILS_TITLE,
   SUPPRESS_BY_DETAILS,
   SUPPRESS_FOR_DETAILS,
   SUPPRESS_MISSING_FIELD,
@@ -129,9 +128,6 @@ describe(
                 'have.text',
                 'Suppress and group alerts for events with missing fields'
               );
-
-              // suppression functionality should be under Tech Preview
-              cy.contains(DETAILS_TITLE, SUPPRESS_FOR_DETAILS).contains('Technical Preview');
             });
 
             fillAboutRuleMinimumAndContinue(mlRule);
@@ -163,9 +159,6 @@ describe(
                 'have.text',
                 'Do not suppress alerts for events with missing fields'
               );
-
-              // suppression functionality should be under Tech Preview
-              cy.contains(DETAILS_TITLE, SUPPRESS_FOR_DETAILS).contains('Technical Preview');
             });
 
             fillAboutRuleMinimumAndContinue(mlRule);

x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_edit/esql_rule.cy.ts

@@ -14,7 +14,6 @@ import {
   DEFINITION_DETAILS,
   SUPPRESS_MISSING_FIELD,
   SUPPRESS_BY_DETAILS,
-  DETAILS_TITLE,
 } from '../../../../screens/rule_details';
 
 import {
@@ -191,9 +190,6 @@ describe(
             'have.text',
             'Suppress and group alerts for events with missing fields'
           );
-
-          // suppression functionality should be under Tech Preview
-          cy.contains(DETAILS_TITLE, SUPPRESS_FOR_DETAILS).contains('Technical Preview');
         });
       });
     });

x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_edit/indicator_match_rule.cy.ts

@@ -9,7 +9,6 @@ import { getNewThreatIndicatorRule } from '../../../../objects/rule';
 
 import {
   SUPPRESS_FOR_DETAILS,
-  DETAILS_TITLE,
   SUPPRESS_BY_DETAILS,
   SUPPRESS_MISSING_FIELD,
   DEFINITION_DETAILS,
@@ -81,9 +80,6 @@ describe(
             'have.text',
             'Suppress and group alerts for events with missing fields'
           );
-
-          // suppression functionality should be under Tech Preview
-          cy.contains(DETAILS_TITLE, SUPPRESS_FOR_DETAILS).contains('Technical Preview');
         });
       });
     });

x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_edit/machine_learning_rule.cy.ts

@@ -13,7 +13,6 @@ import {
 } from '../../../../screens/create_new_rule';
 import {
   DEFINITION_DETAILS,
-  DETAILS_TITLE,
   SUPPRESS_BY_DETAILS,
   SUPPRESS_FOR_DETAILS,
   SUPPRESS_MISSING_FIELD,
@@ -88,9 +87,6 @@ describe(
             'have.text',
             'Suppress and group alerts for events with missing fields'
           );
-
-          // suppression functionality should be under Tech Preview
-          cy.contains(DETAILS_TITLE, SUPPRESS_FOR_DETAILS).contains('Technical Preview');
         });
       });
     });

x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_edit/threshold_rule.cy.ts

@@ -9,7 +9,6 @@ import { getNewThresholdRule } from '../../../../objects/rule';
 
 import {
   SUPPRESS_FOR_DETAILS,
-  DETAILS_TITLE,
   SUPPRESS_BY_DETAILS,
   SUPPRESS_MISSING_FIELD,
 } from '../../../../screens/rule_details';
@@ -63,8 +62,6 @@ describe(
 
         // ensure typed interval is displayed on details page
         getDetails(SUPPRESS_FOR_DETAILS).should('have.text', '60m');
-        // suppression functionality should be under Tech Preview
-        cy.contains(DETAILS_TITLE, SUPPRESS_FOR_DETAILS).contains('Technical Preview');
 
         // the rest of suppress properties do not exist for threshold rule
         assertDetailsNotExist(SUPPRESS_BY_DETAILS);