[Security Solution] Should not require EPR access in air-gapped environments

[bczifra]

Describe the bug: The Kibana Security app requires access to EPR (Elastic Package Registry) even in air-gapped environment not using Fleet/Agent, even with xpack.fleet.isAirGapped set to true.

If EPR isn't available, the browser will have a growing number of long-running requests to EPR that never succeed.

A workaround is to host a local EPR.

Kibana/Elasticsearch Stack version: 8.8.1

Server OS version:

Browser and Browser OS versions:

Elastic Endpoint version:

Original install method (e.g. download page, yum, from source, etc.):

Functional Area (e.g. Endpoint management, timelines, resolver, etc.):

Steps to reproduce:

1. Air-gapped environment without access to EPR
2. Open the Security App in Kibana
3. Observe long-running requests like: When loading the Security App - Rules page in $space https://kibana.domain/s/$space/internal/detection_engine/fleet/integrations/installed?packages= Stalled 4.0 min Status Finished

https://kibana.domain/s//internal/detection_engine/fleet/integrations/installed?packages= Stalled 172.95 ms Initial Connection 4.0 min Status Finished

https://kibana.domain/s/$space/internal/detection_engine/rules/prepackaged/_status Stalled 9.42 ms Request Sent 0.92 ms Waiting for Server Response 1.0 min Content Download 0.74 ms Status 200 OK

When loading the Security App - Timelines page in $space https://kibana.domain/s/$space/api/fleet/setup Stalled 1.07 ms Request Sent 0.21 ms Waiting for Server Response 41.01 s Content Download 2.24 ms Status 200 OK

https://kibana.domain/s/$space/api/fleet/epm/packages/_bulk?prerelease=false Stalled 3.48 ms Request Send 0.43 ms Waiting for server response 1.1 min Content Download 6.82 ms Status 200 OK

When loading the Security App - Alerts page https://kibana.domain/s/$space/api/fleet/epm/packages/_bulk?prerelease=false Stalled 68.97 ms Request sent 0.14 ms Waiting for Server Response 57.16 s Content Download 0 Status 200 OK

Current behavior: Requires access to EPR

Expected behavior: Should not require access to EPR

Screenshots (if relevant):

Errors in browser console (if relevant):

Provide logs and/or server output (if relevant):

Any additional context (logs, chat logs, magical formulas, etc.):

[elasticmachine]

Pinging @elastic/security-solution (Team: SecuritySolution)

[elasticmachine]

Pinging @elastic/fleet (Team:Fleet)

[elasticmachine]

Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management)

[elasticmachine]

Pinging @elastic/security-detections-response (Team:Detections and Resp)