[Security Solution][PoC] AI 4 SOC navigation approach 2

x-pack/platform/plugins/shared/features/server/feature_registry.ts

@@ -108,6 +108,7 @@ export class FeatureRegistry {
     for (const [featureId, featureOverride] of Object.entries(overrides)) {
       const feature = this.kibanaFeatures[featureId];
       if (!feature) {
+        continue;
         throw new Error(
           `Cannot override feature "${featureId}" since feature with such ID is not registered.`
         );

x-pack/solutions/security/packages/features/config.ts

@@ -9,8 +9,14 @@ export { securityDefaultProductFeaturesConfig } from './src/security/product_fea
 export { getCasesDefaultProductFeaturesConfig } from './src/cases/product_feature_config';
 export { assistantDefaultProductFeaturesConfig } from './src/assistant/product_feature_config';
 export { attackDiscoveryDefaultProductFeaturesConfig } from './src/attack_discovery/product_feature_config';
-export { timelineDefaultProductFeaturesConfig } from './src/timeline/product_feature_config';
-export { notesDefaultProductFeaturesConfig } from './src/notes/product_feature_config';
+export {
+  timelineDefaultProductFeaturesConfig,
+  nonTimelineDefaultProductFeaturesConfig,
+} from './src/timeline/product_feature_config';
+export {
+  notesDefaultProductFeaturesConfig,
+  nonNotesDefaultProductFeaturesConfig,
+} from './src/notes/product_feature_config';
 export { siemMigrationsDefaultProductFeaturesConfig } from './src/siem_migrations/product_feature_config';
 
 export { createEnabledProductFeaturesConfigMap } from './src/helpers';

x-pack/solutions/security/packages/features/src/helpers.ts

@@ -20,7 +20,7 @@ export const createEnabledProductFeaturesConfigMap = <
 >(
   productFeatures: Record<K, ProductFeatureKibanaConfig<T>>,
   enabledProductFeaturesKeys: ProductFeatureKeys
-) =>
+): Map<K, ProductFeatureKibanaConfig<T>> =>
   new Map(
     Object.entries<ProductFeatureKibanaConfig<T>>(productFeatures).reduce<
       Array<[K, ProductFeatureKibanaConfig<T>]>

x-pack/solutions/security/packages/features/src/notes/product_feature_config.ts

@@ -35,3 +35,10 @@ export const notesDefaultProductFeaturesConfig: Record<
     },
   },
 };
+
+export const nonNotesDefaultProductFeaturesConfig: Record<
+  ProductFeatureNotesFeatureKey,
+  ProductFeatureKibanaConfig
+> = {
+  [ProductFeatureNotesFeatureKey.notes]: {},
+};

x-pack/solutions/security/packages/features/src/product_features_keys.ts

@@ -6,6 +6,10 @@
  */
 
 export enum ProductFeatureSecurityKey {
+  /** Elastic endpoint detections, includes alerts, rules, investigations */
+  detections = 'detections',
+  /** External detections that don't use Elastic endpoint */
+  externalDetections = 'external_detections',
   /** Enables Advanced Insights (Entity Risk, GenAI) */
   advancedInsights = 'advanced_insights',
   /**

x-pack/solutions/security/packages/features/src/security/product_feature_config.ts

@@ -20,6 +20,40 @@ import type { DefaultSecurityProductFeaturesConfig } from './types';
  * - `subFeaturesPrivileges`: the privileges that will be added into the existing Security subFeature with the privilege `id` specified.
  */
 export const securityDefaultProductFeaturesConfig: DefaultSecurityProductFeaturesConfig = {
+  [ProductFeatureSecurityKey.detections]: {
+    privileges: {
+      all: {
+        ui: ['show', 'crud'],
+        api: [
+          APP_ID,
+          'lists-all',
+          'lists-read',
+          'lists-summary',
+          'rac',
+          'cloud-security-posture-all',
+          'cloud-security-posture-read',
+          'cloud-defend-all',
+          'cloud-defend-read',
+        ],
+      },
+      read: {
+        ui: ['show'],
+        api: [APP_ID, 'lists-read', 'rac', 'cloud-security-posture-read', 'cloud-defend-read'],
+      },
+    },
+  },
+  [ProductFeatureSecurityKey.externalDetections]: {
+    privileges: {
+      all: {
+        ui: ['alerts_summary', 'basic_rule_management'],
+        api: [`${APP_ID}-external`],
+      },
+      read: {
+        ui: ['alerts_summary_read', 'basic_rule_management_read'],
+        api: [`${APP_ID}-external`],
+      },
+    },
+  },
   [ProductFeatureSecurityKey.advancedInsights]: {
     privileges: {
       all: {

x-pack/solutions/security/packages/features/src/security/v1_features/kibana_features.ts

@@ -104,21 +104,6 @@ export const getSecurityBaseKibanaFeature = ({
       },
       app: [APP_ID, CLOUD_POSTURE_APP_ID, CLOUD_DEFEND_APP_ID, 'kibana'],
       catalogue: [APP_ID],
-      api: [
-        APP_ID,
-        'lists-all',
-        'lists-read',
-        'lists-summary',
-        'rac',
-        'cloud-security-posture-all',
-        'cloud-security-posture-read',
-        'cloud-defend-all',
-        'cloud-defend-read',
-        'timeline_write',
-        'timeline_read',
-        'notes_write',
-        'notes_read',
-      ],
       savedObject: {
         all: ['alert', ...savedObjects],
         read: [],
@@ -134,7 +119,9 @@ export const getSecurityBaseKibanaFeature = ({
       management: {
         insightsAndAlerting: ['triggersActions'],
       },
-      ui: ['show', 'crud'],
+
+      api: [],
+      ui: [],
     },
     read: {
       replacedBy: {
@@ -151,15 +138,6 @@ export const getSecurityBaseKibanaFeature = ({
       },
       app: [APP_ID, CLOUD_POSTURE_APP_ID, CLOUD_DEFEND_APP_ID, 'kibana'],
       catalogue: [APP_ID],
-      api: [
-        APP_ID,
-        'lists-read',
-        'rac',
-        'cloud-security-posture-read',
-        'cloud-defend-read',
-        'timeline_read',
-        'notes_read',
-      ],
       savedObject: {
         all: [],
         read: [...savedObjects],
@@ -175,7 +153,8 @@ export const getSecurityBaseKibanaFeature = ({
       management: {
         insightsAndAlerting: ['triggersActions'],
       },
-      ui: ['show'],
+      api: [],
+      ui: [],
     },
   },
 });

x-pack/solutions/security/packages/features/src/security/v2_features/kibana_features.ts

@@ -77,17 +77,6 @@ export const getSecurityV2BaseKibanaFeature = ({
     all: {
       app: [APP_ID, CLOUD_POSTURE_APP_ID, CLOUD_DEFEND_APP_ID, 'kibana'],
       catalogue: [APP_ID],
-      api: [
-        APP_ID,
-        'lists-all',
-        'lists-read',
-        'lists-summary',
-        'rac',
-        'cloud-security-posture-all',
-        'cloud-security-posture-read',
-        'cloud-defend-all',
-        'cloud-defend-read',
-      ],
       savedObject: {
         all: ['alert', ...savedObjects],
         read: [],
@@ -99,12 +88,12 @@ export const getSecurityV2BaseKibanaFeature = ({
       management: {
         insightsAndAlerting: ['triggersActions'],
       },
-      ui: ['show', 'crud'],
+      api: [],
+      ui: [],
     },
     read: {
       app: [APP_ID, CLOUD_POSTURE_APP_ID, CLOUD_DEFEND_APP_ID, 'kibana'],
       catalogue: [APP_ID],
-      api: [APP_ID, 'lists-read', 'rac', 'cloud-security-posture-read', 'cloud-defend-read'],
       savedObject: {
         all: [],
         read: [...savedObjects],
@@ -120,7 +109,8 @@ export const getSecurityV2BaseKibanaFeature = ({
       management: {
         insightsAndAlerting: ['triggersActions'],
       },
-      ui: ['show'],
+      api: [],
+      ui: [],
     },
   },
 });

x-pack/solutions/security/packages/features/src/timeline/product_feature_config.ts

@@ -35,3 +35,10 @@ export const timelineDefaultProductFeaturesConfig: Record<
     },
   },
 };
+
+export const nonTimelineDefaultProductFeaturesConfig: Record<
+  ProductFeatureTimelineFeatureKey,
+  ProductFeatureKibanaConfig
+> = {
+  [ProductFeatureTimelineFeatureKey.timeline]: {},
+};

x-pack/solutions/security/packages/features/src/types.ts

@@ -84,11 +84,13 @@ export interface ProductFeatureParams<T extends string = string> {
 }
 
 export interface ProductFeaturesConfigurator {
-  security: () => ProductFeaturesConfig<SecuritySubFeatureId>;
-  cases: () => ProductFeaturesConfig<CasesSubFeatureId>;
-  securityAssistant: () => ProductFeaturesConfig<AssistantSubFeatureId>;
-  attackDiscovery: () => ProductFeaturesConfig;
-  timeline: () => ProductFeaturesConfig;
-  notes: () => ProductFeaturesConfig;
-  siemMigrations: () => ProductFeaturesConfig;
+  security?: () => ProductFeaturesConfig<SecuritySubFeatureId>;
+  cases?: () => ProductFeaturesConfig<CasesSubFeatureId>;
+  securityAssistant?: () => ProductFeaturesConfig<AssistantSubFeatureId>;
+  attackDiscovery?: () => ProductFeaturesConfig;
+  timeline?: () => ProductFeaturesConfig;
+  notes?: () => ProductFeaturesConfig;
+  siemMigrations?: () => ProductFeaturesConfig;
 }
+
+export type ProductFeatureConfiguratorName = keyof ProductFeaturesConfigurator;

x-pack/solutions/security/plugins/security_solution/public/app/solution_navigation/links/sections/assets_links.ts

@@ -6,7 +6,11 @@
  */
 
 import { SecurityPageName, ExternalPageName } from '@kbn/security-solution-navigation';
-import { ASSETS_PATH, CLOUD_DEFEND_PATH } from '../../../../../common/constants';
+import {
+  ASSETS_PATH,
+  ATTACK_DISCOVERY_FEATURE_ID,
+  CLOUD_DEFEND_PATH,
+} from '../../../../../common/constants';
 import { SECURITY_FEATURE_ID } from '../../../../../common';
 import type { LinkItem } from '../../../../common/links/types';
 import type { SolutionNavLink } from '../../../../common/links';
@@ -18,7 +22,7 @@ const assetsAppLink: LinkItem = {
   id: SecurityPageName.assets,
   title: i18n.ASSETS_TITLE,
   path: ASSETS_PATH,
-  capabilities: [`${SECURITY_FEATURE_ID}.show`],
+  capabilities: [`${SECURITY_FEATURE_ID}.show`, `${ATTACK_DISCOVERY_FEATURE_ID}.attack-discovery`],
   hideTimeline: true,
   skipUrlState: true,
   links: [], // endpoints and cloudDefend links are added in createAssetsLinkFromManage

x-pack/solutions/security/plugins/security_solution/public/attack_discovery/links.ts

@@ -12,14 +12,11 @@ import {
   ATTACK_DISCOVERY_FEATURE_ID,
   ATTACK_DISCOVERY_PATH,
   SecurityPageName,
-  SECURITY_FEATURE_ID,
 } from '../../common/constants';
 import type { LinkItem } from '../common/links/types';
 
 export const links: LinkItem = {
-  capabilities: [
-    [`${SECURITY_FEATURE_ID}.show`, `${ATTACK_DISCOVERY_FEATURE_ID}.attack-discovery`],
-  ], // This is an AND condition via the nested array
+  capabilities: `${ATTACK_DISCOVERY_FEATURE_ID}.attack-discovery`,
   globalNavPosition: 4,
   globalSearchKeywords: [
     i18n.translate('xpack.securitySolution.appLinks.attackDiscovery', {

x-pack/solutions/security/plugins/security_solution/public/common/components/user_privileges/user_privileges_context.tsx

@@ -45,8 +45,8 @@ export const UserPrivilegesProvider = ({
   kibanaCapabilities,
   children,
 }: UserPrivilegesProviderProps) => {
-  const crud: boolean = kibanaCapabilities[SECURITY_FEATURE_ID].crud === true;
-  const read: boolean = kibanaCapabilities[SECURITY_FEATURE_ID].show === true;
+  const crud: boolean = kibanaCapabilities[SECURITY_FEATURE_ID]?.crud === true;
+  const read: boolean = kibanaCapabilities[SECURITY_FEATURE_ID]?.show === true;
   const [kibanaSecuritySolutionsPrivileges, setKibanaSecuritySolutionsPrivileges] = useState({
     crud,
     read,

x-pack/solutions/security/plugins/security_solution/public/helpers.tsx

@@ -232,7 +232,7 @@ export const getSubPluginRoutesByCapabilities = (
 
 export const isSubPluginAvailable = (pluginKey: string, capabilities: Capabilities): boolean => {
   if (CASES_SUB_PLUGIN_KEY === pluginKey) {
-    return capabilities[CASES_FEATURE_ID].read_cases === true;
+    return capabilities[CASES_FEATURE_ID]?.read_cases === true;
   }
   return hasAccessToSecuritySolution(capabilities);
 };

x-pack/solutions/security/plugins/security_solution/public/helpers_access.ts

@@ -7,9 +7,11 @@
 import type { Capabilities } from '@kbn/core/public';
 import { SECURITY_FEATURE_ID } from '../common/constants';
 
-export function hasAccessToSecuritySolution(capabilities: Capabilities) {
-  return (
+export function hasAccessToSecuritySolution(capabilities: Capabilities): boolean {
+  return Boolean(
     // Using `siemV2`
-    capabilities[SECURITY_FEATURE_ID]?.show === true
+    capabilities[SECURITY_FEATURE_ID]?.show ||
+      capabilities.securitySolutionCasesV2?.read_cases ||
+      capabilities.securitySolutionAttackDiscovery?.['attack-discovery']
   );
 }

x-pack/solutions/security/plugins/security_solution/public/onboarding/components/onboarding_body/cards/alerts/index.ts

@@ -6,6 +6,7 @@
  */
 
 import React from 'react';
+import { SECURITY_FEATURE_ID } from '../../../../../../common';
 import type { OnboardingCardConfig } from '../../../../types';
 import { OnboardingCardId } from '../../../../constants';
 import { ALERTS_CARD_TITLE } from './translations';
@@ -22,4 +23,5 @@ export const alertsCardConfig: OnboardingCardConfig = {
         './alerts_card'
       )
   ),
+  capabilitiesRequired: [`${SECURITY_FEATURE_ID}.show`],
 };

x-pack/solutions/security/plugins/security_solution/public/onboarding/components/onboarding_body/cards/integrations/index.ts

@@ -12,6 +12,7 @@ import { checkIntegrationsCardComplete } from './integrations_check_complete';
 import { OnboardingCardId } from '../../../../constants';
 import type { IntegrationCardMetadata } from './types';
 import { getCardIcon } from '../common/card_icon';
+import { SECURITY_FEATURE_ID } from '../../../../../../common';
 
 export const integrationsCardConfig: OnboardingCardConfig<IntegrationCardMetadata> = {
   id: OnboardingCardId.integrations,
@@ -27,5 +28,5 @@ export const integrationsCardConfig: OnboardingCardConfig<IntegrationCardMetadat
       )
   ),
   checkComplete: checkIntegrationsCardComplete,
-  capabilitiesRequired: 'fleet.read',
+  capabilitiesRequired: [[`${SECURITY_FEATURE_ID}.show`, 'fleet.read']],
 };

x-pack/solutions/security/plugins/security_solution/public/onboarding/components/onboarding_body/cards/rules/index.ts

@@ -10,6 +10,7 @@ import type { OnboardingCardConfig } from '../../../../types';
 import { OnboardingCardId } from '../../../../constants';
 import { RULES_CARD_TITLE } from './translations';
 import { checkRulesComplete } from './rules_check_complete';
+import { SECURITY_FEATURE_ID } from '../../../../../../common';
 import { getCardIcon } from '../common/card_icon';
 
 export const rulesCardConfig: OnboardingCardConfig = {
@@ -24,4 +25,5 @@ export const rulesCardConfig: OnboardingCardConfig = {
       )
   ),
   checkComplete: checkRulesComplete,
+  capabilitiesRequired: [`${SECURITY_FEATURE_ID}.show`],
 };

x-pack/solutions/security/plugins/security_solution/public/onboarding/links.ts

@@ -6,15 +6,14 @@
  */
 
 import { i18n } from '@kbn/i18n';
-import { ONBOARDING_PATH, SecurityPageName, SECURITY_FEATURE_ID } from '../../common/constants';
+import { ONBOARDING_PATH, SecurityPageName } from '../../common/constants';
 import { GETTING_STARTED } from '../app/translations';
 import type { LinkItem } from '../common/links/types';
 
 export const onboardingLinks: LinkItem = {
   id: SecurityPageName.landing,
   title: GETTING_STARTED,
   path: ONBOARDING_PATH,
-  capabilities: [`${SECURITY_FEATURE_ID}.show`],
   globalSearchKeywords: [
     i18n.translate('xpack.securitySolution.appLinks.getStarted', {
       defaultMessage: 'Getting started',

x-pack/solutions/security/plugins/security_solution/public/plugin.tsx

@@ -416,16 +416,11 @@ export class Plugin implements IPlugin<PluginSetup, PluginStart, SetupPlugins, S
     const { capabilities } = core.application;
     const { upsellingService, isSolutionNavigationEnabled$ } = this.contract;
 
-    // When the user does not have access to SIEM (main Security feature) nor Security Cases feature, the plugin must be inaccessible.
-    if (
-      !hasAccessToSecuritySolution(capabilities) &&
-      !capabilities.securitySolutionCasesV2?.read_cases
-    ) {
-      this.appUpdater$.next(() => ({
-        status: AppStatus.inaccessible,
-        visibleIn: [],
-      }));
-      // no need to register the links updater when the plugin is inaccessible
+    // When the user does not have any of the capabilities required to access security solution, the plugin should be inaccessible
+    // This is necessary to hide security solution from the selectable solutions in the spaces UI
+    if (!hasAccessToSecuritySolution(capabilities)) {
+      this.appUpdater$.next(() => ({ status: AppStatus.inaccessible, visibleIn: [] }));
+      // no need to register the links updater when the plugin is inaccessible. return early
       return;
     }