[Security Solution] [Epic] One Discover Custom Cell Rendering for Security Solution

[logeekal]

Blockers 🔴

• [x] Do we need kibana.alert.rule.name as Link to a Flyout or as a redirection ? [ Yes, we will want Rule Name to act as link to the rule details page so that users can navigate appropriately. ]
• [x] Do we need to customize kibana.alert.severity to show as badges ? [ Anyways an enhancement. Ask Paul but we can move forward without it as well. ]

🔴 Open questions

• What happens when there is no metadata available record.
  • Yes, we do show the flyout with basic JSON and Table tab.
    • There are 2 options to go about it, we can simple returns discover's flyout in the extension point when metadata is not available. See if there is that capability available.

Describe the feature:

According to the One Discover Program, Discover now has a support for custom cell Rendering in Unified Data Table. This enabled security solution to provide a consistent experience to its users.

[!Note] This issue is only applicable to representation of the table cells and not the Security Cell Actions.

### Dependencies
- [ ] https://github.com/elastic/kibana/issues/189151
- [ ] https://github.com/elastic/kibana/issues/191998
- [ ] https://github.com/elastic/kibana/issues/196667
- [ ] https://github.com/elastic/kibana/issues/199660

Entity Flyout Interactions

1. Link to HostName/User name leads to new tab with corresponding Entity details.

Hover Actions on Observed Data

1. Filter In
2. Filter Out
3. TopN
4. Copy to Clipboard
5. Toggle Column in Table

Expandable Section

1. Risk Contribution
   • This Leads to Alert Listing and further Alert Actions such as
   • Alert Detail
   • Add to New/Existing Case

Preview Section

1. Alert Details
   • Can lead to complete Alert Flyout ( Refer to Alert Flyout Ticket )

🟡 Caveats

1. There are some actions within cell flyouts such as Host Details flyout where user can perform actions on certain entities.
   • Until Discover enables the ability to add those actions, those actions should be disabled.

✅ Acceptance Criteria

Below columns in Unified Data table should custmized as given below and very similar to how they are today in security solution.

host.name

• Should be a link
• Should open a Entity Flyout for hosts.
• Ability to change Asset Criticality in Flyouts

user.name

• Should be a link
• Should open a Entity Flyout for hosts.
• Ability to change Asset Criticality in Flyouts

source.ip

• Should be a link
• Should open a Entity Flyout for hosts.

destination.ip

• Should be a link
• Should open a Entity Flyredout for hosts.

kibana.alert.rule.name

• should be link to Entity Flyout for Rule? ( Create as a separate ticket @logeekal )

[elasticmachine]

Pinging @elastic/security-threat-hunting-investigations (Team:Threat Hunting:Investigations)