[8.12] [Security Solution] Adds feature flag to enable/disable ESQL i…

…n timeline (#174029) (#174110)

# Backport

This will backport the following commits from `main` to `8.12`:
- [[Security Solution] Adds feature flag to enable/disable ESQL in
timeline (#174029)](#174029)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Jatin
Kathuria","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-01-02T16:53:12Z","message":"[Security
Solution] Adds feature flag to enable/disable ESQL in timeline
(#174029)\n\n## Summary\r\n\r\nThis PR introduces a feature flag
`timelineEsqlTabDisabled` which is by\r\ndefault `false`. This gives
customer ability to disable the esql tab by\r\nenabling this
experimental feature flag as below in
`kibana.yml`\r\n\r\n```yaml\r\nxpack.securitySolution.enableExperimental:\r\n
- timelineEsqlTabDisabled\r\n\r\n```\r\n\r\nThe availability of ESQL Tab
in timeline also affects `AI Assistant` as\r\nit facilities re-directing
user to timeline with an esql query. That\r\n`redirect` button should
not be available for `esql` query if ESQL Tab\r\nis disabled.\r\n\r\n##
Desk Testing\r\n\r\n1. ESQL Tab Presence\r\n - timelineEsqlTabDisabled :
true\r\n- If Tab is disabled, `ESQL` Tab should not show when timeline
is open.\r\nTimeline should also not fire any `bsearch` requests with
`esql`\r\nstrategy.\r\n- ESQL tab is enabled i.e.
`timelineEsqlTabDisabled : true` is present\r\nin kibana.dev.yml\r\n-
User should be able to use ESQL queries without any issue.
Below\r\nshould be the default query in both `8.12` and `8.11.4`\r\n
```esql\r\nfrom\r\n.alerts-security.alerts-default,apm-*-transaction*,auditbeat-*,endgame-*,filebeat-*,logs-*,packetbeat-*,traces-apm*,winlogbeat-*,-*elastic-cloud-logs-*\r\n|
limit 10 | keep @timestamp, message, event.category,
event.action,\r\nhost.name, source.ip, destination.ip, user.name\r\n
```\r\n2. Open ESQL Tab from URL\r\n 1. Enable ESQL tab and Activate it
when in timeline\r\n2. Now change `kibana.dev.yml` to add experimental
flag\r\n`timelineEsqlTabDisabled` to disable ESQL Tab.\r\n 3. Restart
kibana server\r\n 4. Refresh the page in step 1 where `ESQL` tab was
active\r\n 5. User should automatically be redirected to `Query`
tab.\r\n \r\n3. AI Assistant\r\nToday AI Assistant can help user add an
ESQL query to the timeline as\r\nshown in below video.\r\nWe need to
make sure that `Send to timeline` button is not available\r\nonly for
`esql` queries when above experimental flag is enabled.\r\n
\r\n\r\nhttps://github.com/elastic/kibana/assets/7485038/e452a6c6-cf97-462e-a5dc-bd8c0fd38d58\r\n\r\n---------\r\n\r\nCo-authored-by:
Gloria Hornero <[email protected]>\r\nCo-authored-by:
kibanamachine
<[email protected]>","sha":"da0370eafb49f15fe655d0e2b8d254e09c9f814a","branchLabelMapping":{"^v8.13.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:fix","Team:Threat
Hunting:Investigations","v8.11.0","v8.12.0","v8.13.0"],"title":"[Security
Solution] Adds feature flag to enable/disable ESQL in
timeline","number":174029,"url":"https://github.com/elastic/kibana/pull/174029","mergeCommit":{"message":"[Security
Solution] Adds feature flag to enable/disable ESQL in timeline
(#174029)\n\n## Summary\r\n\r\nThis PR introduces a feature flag
`timelineEsqlTabDisabled` which is by\r\ndefault `false`. This gives
customer ability to disable the esql tab by\r\nenabling this
experimental feature flag as below in
`kibana.yml`\r\n\r\n```yaml\r\nxpack.securitySolution.enableExperimental:\r\n
- timelineEsqlTabDisabled\r\n\r\n```\r\n\r\nThe availability of ESQL Tab
in timeline also affects `AI Assistant` as\r\nit facilities re-directing
user to timeline with an esql query. That\r\n`redirect` button should
not be available for `esql` query if ESQL Tab\r\nis disabled.\r\n\r\n##
Desk Testing\r\n\r\n1. ESQL Tab Presence\r\n - timelineEsqlTabDisabled :
true\r\n- If Tab is disabled, `ESQL` Tab should not show when timeline
is open.\r\nTimeline should also not fire any `bsearch` requests with
`esql`\r\nstrategy.\r\n- ESQL tab is enabled i.e.
`timelineEsqlTabDisabled : true` is present\r\nin kibana.dev.yml\r\n-
User should be able to use ESQL queries without any issue.
Below\r\nshould be the default query in both `8.12` and `8.11.4`\r\n
```esql\r\nfrom\r\n.alerts-security.alerts-default,apm-*-transaction*,auditbeat-*,endgame-*,filebeat-*,logs-*,packetbeat-*,traces-apm*,winlogbeat-*,-*elastic-cloud-logs-*\r\n|
limit 10 | keep @timestamp, message, event.category,
event.action,\r\nhost.name, source.ip, destination.ip, user.name\r\n
```\r\n2. Open ESQL Tab from URL\r\n 1. Enable ESQL tab and Activate it
when in timeline\r\n2. Now change `kibana.dev.yml` to add experimental
flag\r\n`timelineEsqlTabDisabled` to disable ESQL Tab.\r\n 3. Restart
kibana server\r\n 4. Refresh the page in step 1 where `ESQL` tab was
active\r\n 5. User should automatically be redirected to `Query`
tab.\r\n \r\n3. AI Assistant\r\nToday AI Assistant can help user add an
ESQL query to the timeline as\r\nshown in below video.\r\nWe need to
make sure that `Send to timeline` button is not available\r\nonly for
`esql` queries when above experimental flag is enabled.\r\n
\r\n\r\nhttps://github.com/elastic/kibana/assets/7485038/e452a6c6-cf97-462e-a5dc-bd8c0fd38d58\r\n\r\n---------\r\n\r\nCo-authored-by:
Gloria Hornero <[email protected]>\r\nCo-authored-by:
kibanamachine
<[email protected]>","sha":"da0370eafb49f15fe655d0e2b8d254e09c9f814a"}},"sourceBranch":"main","suggestedTargetBranches":["8.11","8.12"],"targetPullRequestStates":[{"branch":"8.11","label":"v8.11.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.12","label":"v8.12.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.13.0","branchLabelMappingKey":"^v8.13.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/174029","number":174029,"mergeCommit":{"message":"[Security
Solution] Adds feature flag to enable/disable ESQL in timeline
(#174029)\n\n## Summary\r\n\r\nThis PR introduces a feature flag
`timelineEsqlTabDisabled` which is by\r\ndefault `false`. This gives
customer ability to disable the esql tab by\r\nenabling this
experimental feature flag as below in
`kibana.yml`\r\n\r\n```yaml\r\nxpack.securitySolution.enableExperimental:\r\n
- timelineEsqlTabDisabled\r\n\r\n```\r\n\r\nThe availability of ESQL Tab
in timeline also affects `AI Assistant` as\r\nit facilities re-directing
user to timeline with an esql query. That\r\n`redirect` button should
not be available for `esql` query if ESQL Tab\r\nis disabled.\r\n\r\n##
Desk Testing\r\n\r\n1. ESQL Tab Presence\r\n - timelineEsqlTabDisabled :
true\r\n- If Tab is disabled, `ESQL` Tab should not show when timeline
is open.\r\nTimeline should also not fire any `bsearch` requests with
`esql`\r\nstrategy.\r\n- ESQL tab is enabled i.e.
`timelineEsqlTabDisabled : true` is present\r\nin kibana.dev.yml\r\n-
User should be able to use ESQL queries without any issue.
Below\r\nshould be the default query in both `8.12` and `8.11.4`\r\n
```esql\r\nfrom\r\n.alerts-security.alerts-default,apm-*-transaction*,auditbeat-*,endgame-*,filebeat-*,logs-*,packetbeat-*,traces-apm*,winlogbeat-*,-*elastic-cloud-logs-*\r\n|
limit 10 | keep @timestamp, message, event.category,
event.action,\r\nhost.name, source.ip, destination.ip, user.name\r\n
```\r\n2. Open ESQL Tab from URL\r\n 1. Enable ESQL tab and Activate it
when in timeline\r\n2. Now change `kibana.dev.yml` to add experimental
flag\r\n`timelineEsqlTabDisabled` to disable ESQL Tab.\r\n 3. Restart
kibana server\r\n 4. Refresh the page in step 1 where `ESQL` tab was
active\r\n 5. User should automatically be redirected to `Query`
tab.\r\n \r\n3. AI Assistant\r\nToday AI Assistant can help user add an
ESQL query to the timeline as\r\nshown in below video.\r\nWe need to
make sure that `Send to timeline` button is not available\r\nonly for
`esql` queries when above experimental flag is enabled.\r\n
\r\n\r\nhttps://github.com/elastic/kibana/assets/7485038/e452a6c6-cf97-462e-a5dc-bd8c0fd38d58\r\n\r\n---------\r\n\r\nCo-authored-by:
Gloria Hornero <[email protected]>\r\nCo-authored-by:
kibanamachine
<[email protected]>","sha":"da0370eafb49f15fe655d0e2b8d254e09c9f814a"}}]}]
BACKPORT-->

Co-authored-by: Jatin Kathuria <[email protected]>

x-pack/plugins/security_solution/common/experimental_features.ts

@@ -153,6 +153,11 @@ export const allowedExperimentalValues = Object.freeze({
    * version and the latest available version.
    */
   jsonPrebuiltRulesDiffingEnabled: true,
+  /*
+   * Disables discover esql tab within timeline
+   *
+   */
+  timelineEsqlTabDisabled: false,
 });
 
 type ExperimentalConfigKeys = Array<keyof ExperimentalFeatures>;

x-pack/plugins/security_solution/public/assistant/send_to_timeline/index.tsx

@@ -36,6 +36,7 @@ import {
 } from '../../timelines/store/timeline/actions';
 import { useDiscoverInTimelineContext } from '../../common/components/discover_in_timeline/use_discover_in_timeline_context';
 import { useShowTimeline } from '../../common/utils/timeline/use_show_timeline';
+import { useIsExperimentalFeatureEnabled } from '../../common/hooks/use_experimental_features';
 
 export interface SendToTimelineButtonProps {
   asEmptyButton: boolean;
@@ -60,6 +61,8 @@ export const SendToTimelineButton: React.FunctionComponent<SendToTimelineButtonP
   const [isTimelineBottomBarVisible] = useShowTimeline();
   const { discoverStateContainer } = useDiscoverInTimelineContext();
 
+  const isEsqlTabInTimelineDisabled = useIsExperimentalFeatureEnabled('timelineEsqlTabDisabled');
+
   const getDataViewsSelector = useMemo(
     () => sourcererSelectors.getSourcererDataViewsSelector(),
     []
@@ -226,6 +229,13 @@ export const SendToTimelineButton: React.FunctionComponent<SendToTimelineButtonP
     : ACTION_CANNOT_INVESTIGATE_IN_TIMELINE;
   const isDisabled = !isTimelineBottomBarVisible;
 
+  if (
+    (dataProviders?.[0]?.queryType === 'esql' || dataProviders?.[0]?.queryType === 'sql') &&
+    isEsqlTabInTimelineDisabled
+  ) {
+    return null;
+  }
+
   return asEmptyButton ? (
     <EuiButtonEmpty
       aria-label={toolTipText}

x-pack/plugins/security_solution/public/common/hooks/timeline/use_init_timeline_url_param.ts

@@ -10,6 +10,7 @@ import { safeDecode } from '@kbn/rison';
 
 import { useDispatch } from 'react-redux';
 
+import { TimelineTabs } from '../../../../common/types';
 import { useInitializeUrlParam } from '../../utils/global_query_string';
 import {
   dispatchUpdateTimeline,
@@ -18,15 +19,21 @@ import {
 import type { TimelineUrl } from '../../../timelines/store/timeline/model';
 import { timelineActions } from '../../../timelines/store/timeline';
 import { URL_PARAM_KEY } from '../use_url_state';
+import { useIsExperimentalFeatureEnabled } from '../use_experimental_features';
 
 export const useInitTimelineFromUrlParam = () => {
   const dispatch = useDispatch();
 
+  const isEsqlTabDisabled = useIsExperimentalFeatureEnabled('timelineEsqlTabDisabled');
+
   const onInitialize = useCallback(
     (initialState: TimelineUrl | null) => {
       if (initialState != null) {
         queryTimelineById({
-          activeTimelineTab: initialState.activeTab,
+          activeTimelineTab:
+            initialState.activeTab === TimelineTabs.esql && isEsqlTabDisabled
+              ? TimelineTabs.query
+              : initialState.activeTab,
           duplicate: false,
           graphEventId: initialState.graphEventId,
           timelineId: initialState.id,
@@ -38,7 +45,7 @@ export const useInitTimelineFromUrlParam = () => {
         });
       }
     },
-    [dispatch]
+    [dispatch, isEsqlTabDisabled]
   );
 
   useEffect(() => {

x-pack/plugins/security_solution/public/timelines/components/timeline/tabs_content/index.tsx

@@ -15,6 +15,7 @@ import { useDispatch } from 'react-redux';
 import styled from 'styled-components';
 
 import { FormattedMessage } from '@kbn/i18n-react';
+import { useIsExperimentalFeatureEnabled } from '../../../../common/hooks/use_experimental_features';
 import { useKibana } from '../../../../common/lib/kibana';
 import { useAssistantTelemetry } from '../../../../assistant/use_assistant_telemetry';
 import { useConversationStore } from '../../../../assistant/use_conversation_store';
@@ -290,6 +291,7 @@ const TabsContentComponent: React.FC<BasicTimelineTab> = ({
   sessionViewConfig,
   timelineDescription,
 }) => {
+  const isEsqlTabInTimelineDisabled = useIsExperimentalFeatureEnabled('timelineEsqlTabDisabled');
   const isEsqlSettingEnabled = useKibana().services.configSettings.ESQLEnabled;
   const { hasAssistantPrivilege } = useAssistantAvailability();
   const dispatch = useDispatch();
@@ -404,7 +406,7 @@ const TabsContentComponent: React.FC<BasicTimelineTab> = ({
             <span>{i18n.QUERY_TAB}</span>
             {showTimeline && <TimelineEventsCountBadge />}
           </StyledEuiTab>
-          {isEsqlSettingEnabled && (
+          {!isEsqlTabInTimelineDisabled && isEsqlSettingEnabled && (
             <StyledEuiTab
               data-test-subj={`timelineTabs-${TimelineTabs.esql}`}
               onClick={setEsqlAsActiveTab}