[Request] Visualizations in alert flyout - technical preview + advanced setting

[christineweng]

Description

We are introducing a new feature in 8.16 under technical preview with an advanced setting. When the securitySolution:enableVisualizationsInFlyout setting is on, user can access analyzer graph and session viewer in a new section called Visualize in the alert and event flyout.

• As of October 1, 2024, the feature has been merged in main. However, the advanced setting is only available in ESS
• Plan to add the setting to Serverless on or before feature freeze (Oct 15)
• Currently the setting is default to false. But subject to change based on PM feedback

Background & resources

• PRs: All related PRs are listed in the issues below. Notable ones with releasenote:feature are:
  • https://github.com/elastic/kibana/pull/192531
  • https://github.com/elastic/kibana/pull/194012
• Issues/metas:
  • https://github.com/elastic/security-team/issues/7032
  • https://github.com/elastic/security-team/issues/10656
• Point of contact: @christineweng @paulewing
• Test environments:

Which documentation set does this change impact?

ESS

• [x] Configure advanced settings: Create a new section for the securitySolution:enableVisualizationsInFlyout advanced setting. Place it after the "Exclude cold and frozen tier data from analyzer queries" section.
• [x] View alert details | Visualizations: Add a subsection that describes the Visualization tab. Note that the tab only appears if the securitySolution:enableVisualizationsInFlyout advanced setting is turned on. Name the new section "Expanded visualizations view".
• [x] Visual event analyzer: Revise step 3 to show where event analyzer can be accessed. For example, "Event analyzer is accessible from the Hosts, Alerts, and Timelines pages, as well as the alert details flyout if the securitySolution:enableVisualizationsInFlyout advanced setting is turned on.

Serverless

• Same changes

ESS release

8.16

Serverless release

The week of October 28, 2024

Feature differences

No difference

API docs impact

N/A

Prerequisites, privileges, feature flags

Advanced setting securitySolution:enableVisualizationsInFlyout must be enabled

[nastasha-solomon]

Assigning this task to the next sprint (Sprint 22) since the current sprint is already full.