[Security Solutions] [Alerts] Alert Displays Filtering and Sorting Icons for Non-ECS Fields

[WafaaNasr]

Kibana version: recent

Describe the bug: The Alert details flyout displays the icon for filtering and sorting for non-ECS fields. However, clicking these icons leads to a blank page, and the associated API requests fail to provide the expected results.

Steps to reproduce:

1. If using the Windows integration is not feasible, employ the winlog mappings as an alternative.
2. Install the prebuilt rule Potential Credential Access via DCSync.

3. Create an index containing a non-ecs field using the following POST request:

    POST winlogbeat-test/_doc
       {
         "@timestamp":"2023-09-11T12:17:29.753Z",
         "event":{
           "action":"Directory Service Access",
           "code":"4662",
           "ingested":"2023-09-11T12:17:29.753Z"
         },
         "winlog":{
           "event_data":{
             "Properties":"DS-Replication-Get-Changes",
             "AccessMask":"0x100",
             "SubjectUserName":"subject username " <=== non-ecs fields
           }
         }
       }

Expected behavior:

The Alerts UI should avoid indicating that users have the ability to filter on fields that are absent from the Alerts mapping.

[elasticmachine]

Pinging @elastic/security-solution (Team: SecuritySolution)

[elasticmachine]

Pinging @elastic/security-threat-hunting (Team:Threat Hunting)

[elasticmachine]

Pinging @elastic/security-threat-hunting-investigations (Team:Threat Hunting:Investigations)

[michaelolo24]

@WafaaNasr - Thank you for opening this issue! If you don't mind, can you check if this is also happening for the new expandable flyout as well?

[michaelolo24]

Linking this related issue: https://github.com/elastic/kibana/issues/170167

[christineweng]

@michaelolo24 it appears this is happening in the new flyout as well.

Opening an endpoint event and filter in a field in table tab