[Detection Engine] Remove technical preview for certain rule types of…

… alert suppression (elastic#195425)

## Summary

GA-ing alert suppression for IM rule, ML rule, Threshold rule, ES|QL
rule and New Terms rule. Thanks to @vitaliidm for setting up the
groundwork to easily update which rules GA.

Rules that remain in technical preview are: EQL.

x-pack/plugins/security_solution/common/detection_engine/constants.ts

@@ -51,4 +51,12 @@ export const SUPPRESSIBLE_ALERT_RULES: Type[] = [
   'machine_learning',
 ];
 
-export const SUPPRESSIBLE_ALERT_RULES_GA: Type[] = ['saved_query', 'query'];
+export const SUPPRESSIBLE_ALERT_RULES_GA: Type[] = [
+  'threshold',
+  'esql',
+  'saved_query',
+  'query',
+  'new_terms',
+  'threat_match',
+  'machine_learning',
+];

x-pack/plugins/security_solution/common/detection_engine/utils.test.ts

@@ -250,14 +250,14 @@ describe('Alert Suppression Rules', () => {
     test('should return true for rule type suppression in global availability', () => {
       expect(isSuppressionRuleInGA('saved_query')).toBe(true);
       expect(isSuppressionRuleInGA('query')).toBe(true);
+      expect(isSuppressionRuleInGA('esql')).toBe(true);
+      expect(isSuppressionRuleInGA('threshold')).toBe(true);
+      expect(isSuppressionRuleInGA('threat_match')).toBe(true);
+      expect(isSuppressionRuleInGA('new_terms')).toBe(true);
+      expect(isSuppressionRuleInGA('machine_learning')).toBe(true);
     });
 
     test('should return false for rule type suppression in tech preview', () => {
-      expect(isSuppressionRuleInGA('machine_learning')).toBe(false);
-      expect(isSuppressionRuleInGA('esql')).toBe(false);
-      expect(isSuppressionRuleInGA('threshold')).toBe(false);
-      expect(isSuppressionRuleInGA('threat_match')).toBe(false);
-      expect(isSuppressionRuleInGA('new_terms')).toBe(false);
       expect(isSuppressionRuleInGA('eql')).toBe(false);
     });
   });

x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/step_define_rule/translations.tsx

@@ -205,15 +205,15 @@ export const THRESHOLD_SUPPRESSION_PER_RULE_EXECUTION_WARNING = i18n.translate(
 export const getEnableThresholdSuppressionLabel = (fields: string[] | undefined) =>
   fields?.length ? (
     <FormattedMessage
-      id="xpack.securitySolution.detectionEngine.createRule.stepDefineRule.enableThresholdSuppressionForFieldsLabel"
-      defaultMessage="Suppress alerts by selected fields: {fieldsString} (Technical Preview)"
+      id="xpack.securitySolution.detectionEngine.createRule.stepDefineRule.ga.enableThresholdSuppressionForFieldsLabel"
+      defaultMessage="Suppress alerts by selected fields: {fieldsString}"
       values={{ fieldsString: <strong>{fields.join(', ')}</strong> }}
     />
   ) : (
     i18n.translate(
-      'xpack.securitySolution.detectionEngine.createRule.stepDefineRule.enableThresholdSuppressionLabel',
+      'xpack.securitySolution.detectionEngine.createRule.stepDefineRule.ga.enableThresholdSuppressionLabel',
       {
-        defaultMessage: 'Suppress alerts (Technical Preview)',
+        defaultMessage: 'Suppress alerts',
       }
     )
   );

x-pack/plugins/translations/translations/fr-FR.json

@@ -36129,8 +36129,6 @@
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.customThreatQueryFieldRequiredEmptyError": "Toutes les correspondances requièrent un champ et un champ d'index des menaces.",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.customThreatQueryFieldRequiredError": "Au moins une correspondance d'indicateur est requise.",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.dataViewSelectorFieldRequired": "Veuillez sélectionner une vue des données ou un modèle d'index disponible.",
-    "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.enableThresholdSuppressionForFieldsLabel": "Supprimer les alertes par champs sélectionnés : {fieldsString} (version d'évaluation technique)",
-    "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.enableThresholdSuppressionLabel": "Supprimer les alertes (version d'évaluation technique)",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.EqlQueryBarLabel": "Requête EQL",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.eqlQueryFieldRequiredError": "Une requête EQL est requise.",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.eqlSequenceSuppressionDisableText": "La suppression n'est pas prise en charge pour les requêtes de séquence EQL.",

x-pack/plugins/translations/translations/ja-JP.json

@@ -35873,8 +35873,6 @@
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.customThreatQueryFieldRequiredEmptyError": "すべての一致には、フィールドと脅威インデックスフィールドの両方が必要です。",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.customThreatQueryFieldRequiredError": "1 つ以上のインジケーター一致が必要です。",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.dataViewSelectorFieldRequired": "使用可能なデータビューまたはインデックスパターンを選択してください。",
-    "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.enableThresholdSuppressionForFieldsLabel": "選択したフィールドでアラートを非表示：{fieldsString}（テクニカルプレビュー）",
-    "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.enableThresholdSuppressionLabel": "アラートを抑制（テクニカルプレビュー）",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.EqlQueryBarLabel": "EQL クエリ",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.eqlQueryFieldRequiredError": "EQLクエリは必須です。",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.eqlSequenceSuppressionDisableText": "EQLシーケンスクエリでは抑制はサポートされていません。",

x-pack/plugins/translations/translations/zh-CN.json

@@ -35917,8 +35917,6 @@
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.customThreatQueryFieldRequiredEmptyError": "所有匹配项都需要字段和威胁索引字段。",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.customThreatQueryFieldRequiredError": "至少需要一个指标匹配。",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.dataViewSelectorFieldRequired": "请选择可用的数据视图或索引模式。",
-    "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.enableThresholdSuppressionForFieldsLabel": "选定字段阻止告警：{fieldsString}（技术预览）",
-    "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.enableThresholdSuppressionLabel": "阻止告警（技术预览）",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.EqlQueryBarLabel": "EQL 查询",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.eqlQueryFieldRequiredError": "EQL 查询必填。",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.eqlSequenceSuppressionDisableText": "EQL 序列查询不支持阻止。",

x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/indicator_match_rule_suppression.cy.ts

@@ -12,7 +12,6 @@ import {
   SUPPRESS_FOR_DETAILS,
   SUPPRESS_BY_DETAILS,
   SUPPRESS_MISSING_FIELD,
-  DETAILS_TITLE,
 } from '../../../../screens/rule_details';
 
 import {
@@ -67,9 +66,6 @@ describe(
           'have.text',
           'Suppress and group alerts for events with missing fields'
         );
-
-        // suppression functionality should be under Tech Preview
-        cy.contains(DETAILS_TITLE, SUPPRESS_FOR_DETAILS).contains('Technical Preview');
       });
 
       fillAboutRuleMinimumAndContinue(rule);

x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/indicator_match_rule_suppression_ess_basic.cy.ts

@@ -9,7 +9,6 @@ import { getNewThreatIndicatorRule } from '../../../../objects/rule';
 
 import {
   SUPPRESS_FOR_DETAILS,
-  DETAILS_TITLE,
   SUPPRESS_BY_DETAILS,
   SUPPRESS_MISSING_FIELD,
   DEFINITION_DETAILS,
@@ -62,9 +61,6 @@ describe(
               'have.text',
               'Do not suppress alerts for events with missing fields'
             );
-
-            // suppression functionality should be under Tech Preview
-            cy.contains(DETAILS_TITLE, SUPPRESS_FOR_DETAILS).contains('Technical Preview');
           });
 
           // Platinum license is required for configuration to apply

x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/machine_learning_rule_suppression.cy.ts

@@ -13,7 +13,6 @@ import {
 } from '../../../../screens/create_new_rule';
 import {
   DEFINITION_DETAILS,
-  DETAILS_TITLE,
   SUPPRESS_BY_DETAILS,
   SUPPRESS_FOR_DETAILS,
   SUPPRESS_MISSING_FIELD,
@@ -129,9 +128,6 @@ describe(
                 'have.text',
                 'Suppress and group alerts for events with missing fields'
               );
-
-              // suppression functionality should be under Tech Preview
-              cy.contains(DETAILS_TITLE, SUPPRESS_FOR_DETAILS).contains('Technical Preview');
             });
 
             fillAboutRuleMinimumAndContinue(mlRule);
@@ -163,9 +159,6 @@ describe(
                 'have.text',
                 'Do not suppress alerts for events with missing fields'
               );
-
-              // suppression functionality should be under Tech Preview
-              cy.contains(DETAILS_TITLE, SUPPRESS_FOR_DETAILS).contains('Technical Preview');
             });
 
             fillAboutRuleMinimumAndContinue(mlRule);

x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_edit/esql_rule.cy.ts

@@ -14,7 +14,6 @@ import {
   DEFINITION_DETAILS,
   SUPPRESS_MISSING_FIELD,
   SUPPRESS_BY_DETAILS,
-  DETAILS_TITLE,
 } from '../../../../screens/rule_details';
 
 import {
@@ -191,9 +190,6 @@ describe(
             'have.text',
             'Suppress and group alerts for events with missing fields'
           );
-
-          // suppression functionality should be under Tech Preview
-          cy.contains(DETAILS_TITLE, SUPPRESS_FOR_DETAILS).contains('Technical Preview');
         });
       });
     });

x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_edit/indicator_match_rule.cy.ts

@@ -9,7 +9,6 @@ import { getNewThreatIndicatorRule } from '../../../../objects/rule';
 
 import {
   SUPPRESS_FOR_DETAILS,
-  DETAILS_TITLE,
   SUPPRESS_BY_DETAILS,
   SUPPRESS_MISSING_FIELD,
   DEFINITION_DETAILS,
@@ -81,9 +80,6 @@ describe(
             'have.text',
             'Suppress and group alerts for events with missing fields'
           );
-
-          // suppression functionality should be under Tech Preview
-          cy.contains(DETAILS_TITLE, SUPPRESS_FOR_DETAILS).contains('Technical Preview');
         });
       });
     });

x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_edit/machine_learning_rule.cy.ts

@@ -13,7 +13,6 @@ import {
 } from '../../../../screens/create_new_rule';
 import {
   DEFINITION_DETAILS,
-  DETAILS_TITLE,
   SUPPRESS_BY_DETAILS,
   SUPPRESS_FOR_DETAILS,
   SUPPRESS_MISSING_FIELD,
@@ -88,9 +87,6 @@ describe(
             'have.text',
             'Suppress and group alerts for events with missing fields'
           );
-
-          // suppression functionality should be under Tech Preview
-          cy.contains(DETAILS_TITLE, SUPPRESS_FOR_DETAILS).contains('Technical Preview');
         });
       });
     });

x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_edit/threshold_rule.cy.ts

@@ -9,7 +9,6 @@ import { getNewThresholdRule } from '../../../../objects/rule';
 
 import {
   SUPPRESS_FOR_DETAILS,
-  DETAILS_TITLE,
   SUPPRESS_BY_DETAILS,
   SUPPRESS_MISSING_FIELD,
 } from '../../../../screens/rule_details';
@@ -63,8 +62,6 @@ describe(
 
         // ensure typed interval is displayed on details page
         getDetails(SUPPRESS_FOR_DETAILS).should('have.text', '60m');
-        // suppression functionality should be under Tech Preview
-        cy.contains(DETAILS_TITLE, SUPPRESS_FOR_DETAILS).contains('Technical Preview');
 
         // the rest of suppress properties do not exist for threshold rule
         assertDetailsNotExist(SUPPRESS_BY_DETAILS);