[Security Solution] Recommended Endpoint exceptions cannot close all alerts by default but should

[ferullo]

Describe the bug: By default recommended Endpoint Exceptions for Malicious Behavior alerts have a grayed out checkbox for Close all alerts that match this exception and were generated by this rule (Lists and non-ECS fields are not supported) even though they can be closed and there is a simple workaround to make that happen.

Kibana/Elasticsearch Stack version: 8.15.3

Server OS version: N/A

Browser and Browser OS versions: Firefox 132.0.1

Elastic Endpoint version: N/A

Original install method (e.g. download page, yum, from source, etc.): ECH

Functional Area (e.g. Endpoint management, timelines, resolver, etc.): Endpoint Exceptions

Steps to reproduce:

1. Generate an Endpoint Malicious Behavior alert on Windows
2. Open the alert and select Take action -> Add Endpoint exception
3. See the Close all alerts ... option is greyed out (this is the bug)
4. Change the process.executable.caseless field to process.executable then back to process.executable.caseless
5. See the Close all alerts ... option is now available and works if clicked

Current behavior: See above

Expected behavior: The option should work without any user edits

Screenshots (if relevant): I hope my explaination is good enough

Errors in browser console (if relevant): N/A

Provide logs and/or server output (if relevant): N/A

Any additional context (logs, chat logs, magical formulas, etc.): N/A

[elasticmachine]

Pinging @elastic/security-solution (Team: SecuritySolution)

[elasticmachine]

Pinging @elastic/security-detection-engine (Team:Detection Engine)

[elasticmachine]

Pinging @elastic/security-detections-response (Team:Detections and Resp)