[8.10] [Security Solution] expandable flyout - Opt in to data anonymi…

…zation for the Elastic AI Assistant (#164384) (#164490)

# Backport

This will backport the following commits from `main` to `8.10`:
- [[Security Solution] expandable flyout - Opt in to data anonymization
for the Elastic AI Assistant
(#164384)](#164384)

<!--- Backport version: 8.9.7 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Andrew
Macri","email":"[email protected]"},"sourceCommit":{"committedDate":"2023-08-22T17:33:20Z","message":"[Security
Solution] expandable flyout - Opt in to data anonymization for the
Elastic AI Assistant (#164384)\n\n## [Security Solution] expandable
flyout - Opt in to data anonymization for the Elastic AI
Assistant\r\n\r\nThis PR fixes an issue where the new expandable flyout
wasn't opting in to data anonymization when passing alerts as context to
the Elastic AI Assistant.\r\n\r\nAs a result:\r\n\r\n- A stat that reads
`0 Anonymized` indicates the alert data will NOT be anonymized\r\n- NO
toggle buttons to allow specific fields and enable / disable
anonymization are displayed\r\n\r\n### Reproduction steps\r\n\r\nTo
reproduce:\r\n\r\n1. Navigate to Security > Alerts\r\n\r\n2. Click the
`View details` action on any row in the Alerts table to view the new
expandable flyout\r\n\r\n3. Click the `Chat` button, which appears next
to the `Expand details` button in the flyout\r\n\r\n4. Expand the `Alert
(from summary)` context\r\n\r\n**Expected results**\r\n\r\n- Stats for
the number of fields that will be `Allowed`, `Anonymized`, and the total
number of fields `Available` are displayed\r\n- Toggle buttons to allow
specific fields and enable / disable anonymization on each field are
displayed\r\n\r\n**Actual results**\r\n\r\n- A stat that reads `0
Anonymized` indicates the alert data will NOT be anonymized\r\n- NO
toggle buttons to allow specific fields and enable / disable
anonymization are displayed\r\n- The plain-text, non-anonymized context
data is displayed in the preview, per the screenshot
below:\r\n\r\n![0_anonymized](https://github.com/elastic/kibana/assets/4459398/e881bb4a-caa4-43c4-8b31-cf3deb354cf7)\r\n\r\n##
Desk testing\r\n\r\n1. Reproduce the issue per the steps above\r\n\r\n2.
Verify the expected results are displayed when testing the fix, per the
screenshot
below:\r\n\r\n![anonymization-opt-in](https://github.com/elastic/kibana/assets/4459398/79a8228d-c5a6-4ea5-a6ab-4bd992e6b7ef)\r\n\r\n_Above:
After the fix, the expected stats and field level anonymization toggles
are
displayed_","sha":"c1fde765b98b980e5244f33e5b3651f70b3ce88b","branchLabelMapping":{"^v8.11.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:Threat
Hunting:Investigations","v8.10.0","v8.11.0"],"number":164384,"url":"https://github.com/elastic/kibana/pull/164384","mergeCommit":{"message":"[Security
Solution] expandable flyout - Opt in to data anonymization for the
Elastic AI Assistant (#164384)\n\n## [Security Solution] expandable
flyout - Opt in to data anonymization for the Elastic AI
Assistant\r\n\r\nThis PR fixes an issue where the new expandable flyout
wasn't opting in to data anonymization when passing alerts as context to
the Elastic AI Assistant.\r\n\r\nAs a result:\r\n\r\n- A stat that reads
`0 Anonymized` indicates the alert data will NOT be anonymized\r\n- NO
toggle buttons to allow specific fields and enable / disable
anonymization are displayed\r\n\r\n### Reproduction steps\r\n\r\nTo
reproduce:\r\n\r\n1. Navigate to Security > Alerts\r\n\r\n2. Click the
`View details` action on any row in the Alerts table to view the new
expandable flyout\r\n\r\n3. Click the `Chat` button, which appears next
to the `Expand details` button in the flyout\r\n\r\n4. Expand the `Alert
(from summary)` context\r\n\r\n**Expected results**\r\n\r\n- Stats for
the number of fields that will be `Allowed`, `Anonymized`, and the total
number of fields `Available` are displayed\r\n- Toggle buttons to allow
specific fields and enable / disable anonymization on each field are
displayed\r\n\r\n**Actual results**\r\n\r\n- A stat that reads `0
Anonymized` indicates the alert data will NOT be anonymized\r\n- NO
toggle buttons to allow specific fields and enable / disable
anonymization are displayed\r\n- The plain-text, non-anonymized context
data is displayed in the preview, per the screenshot
below:\r\n\r\n![0_anonymized](https://github.com/elastic/kibana/assets/4459398/e881bb4a-caa4-43c4-8b31-cf3deb354cf7)\r\n\r\n##
Desk testing\r\n\r\n1. Reproduce the issue per the steps above\r\n\r\n2.
Verify the expected results are displayed when testing the fix, per the
screenshot
below:\r\n\r\n![anonymization-opt-in](https://github.com/elastic/kibana/assets/4459398/79a8228d-c5a6-4ea5-a6ab-4bd992e6b7ef)\r\n\r\n_Above:
After the fix, the expected stats and field level anonymization toggles
are
displayed_","sha":"c1fde765b98b980e5244f33e5b3651f70b3ce88b"}},"sourceBranch":"main","suggestedTargetBranches":["8.10"],"targetPullRequestStates":[{"branch":"8.10","label":"v8.10.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.11.0","labelRegex":"^v8.11.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/164384","number":164384,"mergeCommit":{"message":"[Security
Solution] expandable flyout - Opt in to data anonymization for the
Elastic AI Assistant (#164384)\n\n## [Security Solution] expandable
flyout - Opt in to data anonymization for the Elastic AI
Assistant\r\n\r\nThis PR fixes an issue where the new expandable flyout
wasn't opting in to data anonymization when passing alerts as context to
the Elastic AI Assistant.\r\n\r\nAs a result:\r\n\r\n- A stat that reads
`0 Anonymized` indicates the alert data will NOT be anonymized\r\n- NO
toggle buttons to allow specific fields and enable / disable
anonymization are displayed\r\n\r\n### Reproduction steps\r\n\r\nTo
reproduce:\r\n\r\n1. Navigate to Security > Alerts\r\n\r\n2. Click the
`View details` action on any row in the Alerts table to view the new
expandable flyout\r\n\r\n3. Click the `Chat` button, which appears next
to the `Expand details` button in the flyout\r\n\r\n4. Expand the `Alert
(from summary)` context\r\n\r\n**Expected results**\r\n\r\n- Stats for
the number of fields that will be `Allowed`, `Anonymized`, and the total
number of fields `Available` are displayed\r\n- Toggle buttons to allow
specific fields and enable / disable anonymization on each field are
displayed\r\n\r\n**Actual results**\r\n\r\n- A stat that reads `0
Anonymized` indicates the alert data will NOT be anonymized\r\n- NO
toggle buttons to allow specific fields and enable / disable
anonymization are displayed\r\n- The plain-text, non-anonymized context
data is displayed in the preview, per the screenshot
below:\r\n\r\n![0_anonymized](https://github.com/elastic/kibana/assets/4459398/e881bb4a-caa4-43c4-8b31-cf3deb354cf7)\r\n\r\n##
Desk testing\r\n\r\n1. Reproduce the issue per the steps above\r\n\r\n2.
Verify the expected results are displayed when testing the fix, per the
screenshot
below:\r\n\r\n![anonymization-opt-in](https://github.com/elastic/kibana/assets/4459398/79a8228d-c5a6-4ea5-a6ab-4bd992e6b7ef)\r\n\r\n_Above:
After the fix, the expected stats and field level anonymization toggles
are displayed_","sha":"c1fde765b98b980e5244f33e5b3651f70b3ce88b"}}]}]
BACKPORT-->

Co-authored-by: Andrew Macri <[email protected]>

x-pack/plugins/security_solution/public/flyout/right/hooks/use_assistant.test.tsx

@@ -54,4 +54,28 @@ describe('useAssistant', () => {
     expect(hookResult.result.current.showAssistant).toEqual(false);
     expect(hookResult.result.current.promptContextId).toEqual('');
   });
+
+  it('returns anonymized prompt context data', async () => {
+    jest
+      .mocked(useAssistantAvailability)
+      .mockReturnValue({ hasAssistantPrivilege: true, isAssistantEnabled: true });
+    jest
+      .mocked(useAssistantOverlay)
+      .mockReturnValue({ showAssistantOverlay: jest.fn, promptContextId: '123' });
+
+    hookResult = renderUseAssistant();
+
+    const getPromptContext = (useAssistantOverlay as jest.Mock).mock.calls[0][3];
+
+    expect(await getPromptContext()).toEqual({
+      '@timestamp': ['2023-01-01T01:01:01.000Z'],
+      'kibana.alert.ancestors.id': ['ancestors-id'],
+      'kibana.alert.rule.description': ['rule-description'],
+      'kibana.alert.rule.name': ['rule-name'],
+      'kibana.alert.rule.parameters.index': ['rule-parameters-index'],
+      'kibana.alert.rule.uuid': ['rule-uuid'],
+      'kibana.alert.workflow_status': ['open'],
+      'process.entity_id': ['process-entity_id'],
+    });
+  });
 });

x-pack/plugins/security_solution/public/flyout/right/hooks/use_assistant.ts

@@ -9,7 +9,7 @@ import type { TimelineEventsDetailsItem } from '@kbn/timelines-plugin/common';
 import { useAssistantOverlay } from '@kbn/elastic-assistant';
 import { useCallback } from 'react';
 import { useAssistantAvailability } from '../../../assistant/use_assistant_availability';
-import { getPromptContextFromEventDetailsItem } from '../../../assistant/helpers';
+import { getRawData } from '../../../assistant/helpers';
 import {
   ALERT_SUMMARY_CONTEXT_DESCRIPTION,
   ALERT_SUMMARY_CONVERSATION_ID,
@@ -59,7 +59,7 @@ export const useAssistant = ({
   const { hasAssistantPrivilege } = useAssistantAvailability();
   const useAssistantHook = hasAssistantPrivilege ? useAssistantOverlay : useAssistantNoop;
   const getPromptContext = useCallback(
-    async () => getPromptContextFromEventDetailsItem(dataFormattedForFieldBrowser ?? []),
+    async () => getRawData(dataFormattedForFieldBrowser ?? []),
     [dataFormattedForFieldBrowser]
   );
   const { promptContextId } = useAssistantHook(