[Security app] Take Action Detection view option could have full list of options if single Alert is selected

[EricDavisX]

[Security app] Take Action Detection view option should have full list of options if single Alert is selected - I recognize it is designed primarily as a 'bulk actions' menu item for processing alerts. But if only 1 is selected, it would be nice if the options a user expects will be there instead of making them go to the overflow '...' 'More Actions' button to find them. The 'take action' menu is in my opinion much more prominent in the UI and will be the first place users go to ... take an action! So, if its possible to support it, it would be great.

The problem may be exacerbated by the fact that the overflow ... button didn't have a hover over name so I didn't know what it was and didn't click it to find out the option (like to create an Exception) was there.
That is logged here https://github.com/elastic/kibana/issues/74140

screenshots: take action menu:

overflow, which is significantly more hidden in the app:

[EricDavisX]

@peluja1012 we had discussed this briefly in chat, can you help make sure its tagged right to get to which ever team is best?

[mchopda]

• 'add exception' not showing up for a single select, looks like a 7.9.1 bug fix to me.
• also can we chance the label to 'bulk action' instead of take action so that is consistent with rules list page. Thats what it is doing.

[elasticmachine]

Pinging @elastic/siem (Team:SIEM)

[spong]

'add exception' not showing up for a single select, looks like a 7.9.1 bug fix to me.

Adding this to the backlog -- since it's been present as of the initial DE release in 7.6 we can probably tackle it with the other scheduled UX enhancements. There will be a little bit to change here as the bulk action's operate via update by query instead of just an individual ID, and we'll also want to expose the 'exception actions' as well for consistency, but shouldn't been too much.

also can we chance the label to 'bulk action' instead of take action so that is consistent with rules list page. Thats what it is doing.

Good catch! Design actually requested this be changed to Take action and was implemented in https://github.com/elastic/kibana/pull/68569, but we should definitely be consistent between this and the rules table (and I think the Case table uses this verbiage as well). Would be nice to do an audit between the Alerts and Rules table to iron out some of the other inconsistencies as well (like popover/font sizes, action icons, etc) . cc @marrasherrier

[peluja1012]

This is still applicable as of 7.16.

[elasticmachine]

Pinging @elastic/security-threat-hunting (Team:Threat Hunting)

[michaelolo24]

Closing as outdated since the options have been added to the Take Action menu