From 891ed01a20e2ccd7e26077efcfc1186cd8e7247a Mon Sep 17 00:00:00 2001
From: Tomasz Ciecierski <tomasz.ciecierski@elastic.co>
Date: Wed, 19 Mar 2025 12:53:17 +0100
Subject: [PATCH 01/23] change alerts_summary capabilities

---
 .../features/src/product_features_keys.ts     |  2 +
 .../src/security/product_feature_config.ts    | 40 +++++++++++++++----
 .../security/v2_features/kibana_features.ts   | 15 +------
 .../public/detections/links.ts                |  2 +-
 .../common/pli/pli_config.ts                  |  2 +
 5 files changed, 39 insertions(+), 22 deletions(-)

diff --git a/x-pack/solutions/security/packages/features/src/product_features_keys.ts b/x-pack/solutions/security/packages/features/src/product_features_keys.ts
index b46dfee142bda..8202c00887493 100644
--- a/x-pack/solutions/security/packages/features/src/product_features_keys.ts
+++ b/x-pack/solutions/security/packages/features/src/product_features_keys.ts
@@ -10,6 +10,8 @@ export enum ProductFeatureSecurityKey {
   advancedInsights = 'advanced_insights',
   /** Enables Alerts Summary page for AI SOC */
   alertsSummary = 'alerts_summary',
+  /** Elastic endpoint detections, includes alerts, rules, investigations */
+  detections = 'detections',
   /**
    * Enables Investigation guide in Timeline
    */
diff --git a/x-pack/solutions/security/packages/features/src/security/product_feature_config.ts b/x-pack/solutions/security/packages/features/src/security/product_feature_config.ts
index 3346e527e8310..8641ffb0c372c 100644
--- a/x-pack/solutions/security/packages/features/src/security/product_feature_config.ts
+++ b/x-pack/solutions/security/packages/features/src/security/product_feature_config.ts
@@ -32,25 +32,49 @@ export const securityDefaultProductFeaturesConfig: DefaultSecurityProductFeature
       },
     },
   },
-  [ProductFeatureSecurityKey.investigationGuide]: {
+
+  [ProductFeatureSecurityKey.alertsSummary]: {
     privileges: {
       all: {
-        ui: ['investigation-guide'],
+        ui: ['alerts_summary'],
+        api: [`${APP_ID}-alert-summary`],
       },
       read: {
-        ui: ['investigation-guide'],
+        ui: ['alerts_summary_read'],
+        api: [`${APP_ID}-alert-summary`],
       },
     },
   },
-  [ProductFeatureSecurityKey.alertsSummary]: {
+  [ProductFeatureSecurityKey.detections]: {
     privileges: {
       all: {
-        ui: ['alerts_summary'],
-        api: [`${APP_ID}-alert-summary`],
+        ui: ['show', 'crud'],
+        api: [
+          APP_ID,
+          'lists-all',
+          'lists-read',
+          'lists-summary',
+          'rac',
+          'cloud-security-posture-all',
+          'cloud-security-posture-read',
+          'cloud-defend-all',
+          'cloud-defend-read',
+        ],
       },
       read: {
-        ui: ['alerts_summary_read'],
-        api: [`${APP_ID}-alert-summary`],
+        ui: ['show'],
+        api: [APP_ID, 'lists-read', 'rac', 'cloud-security-posture-read', 'cloud-defend-read'],
+      },
+    },
+  },
+
+  [ProductFeatureSecurityKey.investigationGuide]: {
+    privileges: {
+      all: {
+        ui: ['investigation-guide'],
+      },
+      read: {
+        ui: ['investigation-guide'],
       },
     },
   },
diff --git a/x-pack/solutions/security/packages/features/src/security/v2_features/kibana_features.ts b/x-pack/solutions/security/packages/features/src/security/v2_features/kibana_features.ts
index 7cc4ebae77ddd..2af2160e3c65a 100644
--- a/x-pack/solutions/security/packages/features/src/security/v2_features/kibana_features.ts
+++ b/x-pack/solutions/security/packages/features/src/security/v2_features/kibana_features.ts
@@ -76,18 +76,6 @@ export const getSecurityV2BaseKibanaFeature = ({
     all: {
       app: [APP_ID, CLOUD_POSTURE_APP_ID, 'kibana'],
       catalogue: [APP_ID],
-      api: [
-        APP_ID,
-        'lists-all',
-        'lists-read',
-        'lists-summary',
-        'rac',
-        'cloud-security-posture-all',
-        'cloud-security-posture-read',
-        'cloud-defend-all',
-        'cloud-defend-read',
-        'bulkGetUserProfiles',
-      ],
       savedObject: {
         all: ['alert', ...savedObjects],
         read: [],
@@ -99,7 +87,8 @@ export const getSecurityV2BaseKibanaFeature = ({
       management: {
         insightsAndAlerting: ['triggersActions'],
       },
-      ui: ['show', 'crud'],
+      api: [],
+      ui: [],
     },
     read: {
       app: [APP_ID, CLOUD_POSTURE_APP_ID, 'kibana'],
diff --git a/x-pack/solutions/security/plugins/security_solution/public/detections/links.ts b/x-pack/solutions/security/plugins/security_solution/public/detections/links.ts
index 982df1c5a6f8c..97a2e49204e06 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/detections/links.ts
+++ b/x-pack/solutions/security/plugins/security_solution/public/detections/links.ts
@@ -31,7 +31,7 @@ export const alertSummaryLink: LinkItem = {
   id: SecurityPageName.alertSummary,
   path: ALERT_SUMMARY_PATH,
   title: 'Alert summary',
-  capabilities: [[`${SECURITY_FEATURE_ID}.show`, `${SECURITY_FEATURE_ID}.alerts_summary`]],
+  capabilities: `${SECURITY_FEATURE_ID}.alerts_summary_read`,
   globalNavPosition: 3,
   globalSearchKeywords: [
     i18n.translate('xpack.securitySolution.appLinks.alertSummary', {
diff --git a/x-pack/solutions/security/plugins/security_solution_serverless/common/pli/pli_config.ts b/x-pack/solutions/security/plugins/security_solution_serverless/common/pli/pli_config.ts
index 2938270cbc153..f4ffc4f76ecf6 100644
--- a/x-pack/solutions/security/plugins/security_solution_serverless/common/pli/pli_config.ts
+++ b/x-pack/solutions/security/plugins/security_solution_serverless/common/pli/pli_config.ts
@@ -27,10 +27,12 @@ export const PLI_PRODUCT_FEATURES: PliProductFeatures = {
   [ProductLine.security]: {
     search_ai_lake: [],
     essentials: [
+      ProductFeatureKey.detections,
       ProductFeatureKey.endpointHostManagement,
       ProductFeatureKey.endpointPolicyManagement,
     ],
     complete: [
+      ProductFeatureKey.detections,
       ProductFeatureKey.endpointHostManagement,
       ProductFeatureKey.endpointPolicyManagement,
       ProductFeatureKey.advancedInsights,

From 330698add865f0d61f45110c4e0e14e71cb39608 Mon Sep 17 00:00:00 2001
From: Tomasz Ciecierski <tomasz.ciecierski@elastic.co>
Date: Tue, 1 Apr 2025 10:59:20 +0200
Subject: [PATCH 02/23] hide rules and alerts behind detections capability

---
 .../src/security/product_feature_config.ts    |  4 ++--
 .../security_route_page_wrapper/index.tsx     | 11 ++++++++--
 .../public/detections/links.ts                |  3 +--
 .../public/detections/routes.tsx              | 20 +++++++++++++++----
 .../security_solution/public/rules/links.ts   |  2 +-
 .../security_solution/public/rules/routes.tsx | 17 +++++++++++++---
 6 files changed, 43 insertions(+), 14 deletions(-)

diff --git a/x-pack/solutions/security/packages/features/src/security/product_feature_config.ts b/x-pack/solutions/security/packages/features/src/security/product_feature_config.ts
index 8641ffb0c372c..202cdd8ef79d5 100644
--- a/x-pack/solutions/security/packages/features/src/security/product_feature_config.ts
+++ b/x-pack/solutions/security/packages/features/src/security/product_feature_config.ts
@@ -48,7 +48,7 @@ export const securityDefaultProductFeaturesConfig: DefaultSecurityProductFeature
   [ProductFeatureSecurityKey.detections]: {
     privileges: {
       all: {
-        ui: ['show', 'crud'],
+        ui: ['show', 'crud', 'detections'],
         api: [
           APP_ID,
           'lists-all',
@@ -62,7 +62,7 @@ export const securityDefaultProductFeaturesConfig: DefaultSecurityProductFeature
         ],
       },
       read: {
-        ui: ['show'],
+        ui: ['show', 'detections'],
         api: [APP_ID, 'lists-read', 'rac', 'cloud-security-posture-read', 'cloud-defend-read'],
       },
     },
diff --git a/x-pack/solutions/security/plugins/security_solution/public/common/components/security_route_page_wrapper/index.tsx b/x-pack/solutions/security/plugins/security_solution/public/common/components/security_route_page_wrapper/index.tsx
index aca57b1726083..6d5e33494c55a 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/common/components/security_route_page_wrapper/index.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/common/components/security_route_page_wrapper/index.tsx
@@ -102,11 +102,18 @@ export const SecurityRoutePageWrapper: FC<PropsWithChildren<SecurityRoutePageWra
 export const withSecurityRoutePageWrapper = <T extends {}>(
   Component: React.ComponentType<T>,
   pageName: SecurityPageName,
-  redirectOnMissing?: boolean
+  {
+    redirectOnMissing,
+    redirectIfUnauthorized,
+  }: { redirectOnMissing?: boolean; redirectIfUnauthorized?: boolean } = {}
 ) => {
   return function WithSecurityRoutePageWrapper(props: T) {
     return (
-      <SecurityRoutePageWrapper pageName={pageName} redirectOnMissing={redirectOnMissing}>
+      <SecurityRoutePageWrapper
+        pageName={pageName}
+        redirectOnMissing={redirectOnMissing}
+        redirectIfUnauthorized={redirectIfUnauthorized}
+      >
         <Component {...props} />
       </SecurityRoutePageWrapper>
     );
diff --git a/x-pack/solutions/security/plugins/security_solution/public/detections/links.ts b/x-pack/solutions/security/plugins/security_solution/public/detections/links.ts
index 3dd1e8b8a3637..47b949eadbbea 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/detections/links.ts
+++ b/x-pack/solutions/security/plugins/security_solution/public/detections/links.ts
@@ -16,7 +16,7 @@ import { ALERT_SUMMARY, ALERTS } from '../app/translations';
 import type { LinkItem } from '../common/links/types';
 
 export const alertsLink: LinkItem = {
-  capabilities: [`${SECURITY_FEATURE_ID}.show`],
+  capabilities: [[`${SECURITY_FEATURE_ID}.show`, `${SECURITY_FEATURE_ID}.detections`]],
   globalNavPosition: 3,
   globalSearchKeywords: [
     i18n.translate('xpack.securitySolution.appLinks.alerts', {
@@ -40,5 +40,4 @@ export const alertSummaryLink: LinkItem = {
     }),
   ],
   hideTimeline: true,
-  
 };
diff --git a/x-pack/solutions/security/plugins/security_solution/public/detections/routes.tsx b/x-pack/solutions/security/plugins/security_solution/public/detections/routes.tsx
index aa5691593fa9a..349f4a8eff0c6 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/detections/routes.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/detections/routes.tsx
@@ -9,9 +9,15 @@ import React from 'react';
 import type { RouteComponentProps, RouteProps } from 'react-router-dom';
 import { Redirect } from 'react-router-dom';
 import { AlertSummaryContainer } from './pages/alert_summary';
-import { ALERT_SUMMARY_PATH, ALERTS_PATH, DETECTIONS_PATH } from '../../common/constants';
+import {
+  ALERT_SUMMARY_PATH,
+  ALERTS_PATH,
+  DETECTIONS_PATH,
+  SecurityPageName,
+} from '../../common/constants';
 import { PluginTemplateWrapper } from '../common/components/plugin_template_wrapper';
 import { Alerts } from './pages/alerts';
+import { withSecurityRoutePageWrapper } from '../common/components/security_route_page_wrapper';
 
 const AlertsRoutes = () => (
   <PluginTemplateWrapper>
@@ -29,14 +35,20 @@ const DetectionsRedirects = ({ location }: RouteComponentProps) =>
 export const routes: RouteProps[] = [
   {
     path: DETECTIONS_PATH,
-    render: DetectionsRedirects,
+    render: withSecurityRoutePageWrapper(DetectionsRedirects, SecurityPageName.detections, {
+      redirectOnMissing: true,
+    }),
   },
   {
     path: ALERTS_PATH,
-    component: AlertsRoutes,
+    component: withSecurityRoutePageWrapper(AlertsRoutes, SecurityPageName.alerts, {
+      redirectOnMissing: true,
+    }),
   },
   {
     path: ALERT_SUMMARY_PATH,
-    component: AlertSummaryContainer,
+    component: withSecurityRoutePageWrapper(AlertSummaryContainer, SecurityPageName.alertSummary, {
+      redirectOnMissing: true,
+    }),
   },
 ];
diff --git a/x-pack/solutions/security/plugins/security_solution/public/rules/links.ts b/x-pack/solutions/security/plugins/security_solution/public/rules/links.ts
index 28f44585d3037..2b113abc85212 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/rules/links.ts
+++ b/x-pack/solutions/security/plugins/security_solution/public/rules/links.ts
@@ -38,7 +38,7 @@ export const links: LinkItem = {
   hideTimeline: true,
   skipUrlState: true,
   globalNavPosition: 2,
-  capabilities: [`${SECURITY_FEATURE_ID}.show`],
+  capabilities: [[`${SECURITY_FEATURE_ID}.show`, `${SECURITY_FEATURE_ID}.detections`]],
   links: [
     {
       id: SecurityPageName.rules,
diff --git a/x-pack/solutions/security/plugins/security_solution/public/rules/routes.tsx b/x-pack/solutions/security/plugins/security_solution/public/rules/routes.tsx
index add8a5911df21..6c3707b3513ba 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/rules/routes.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/rules/routes.tsx
@@ -30,6 +30,7 @@ import type { SecuritySubPluginRoutes } from '../app/types';
 import { RulesLandingPage } from './landing';
 import { CoverageOverviewPage } from '../detection_engine/rule_management_ui/pages/coverage_overview';
 import { RuleDetailTabs } from '../detection_engine/rule_details_ui/pages/rule_details/use_rule_details_tabs';
+import { withSecurityRoutePageWrapper } from '../common/components/security_route_page_wrapper';
 
 const RulesSubRoutes = [
   {
@@ -117,14 +118,24 @@ const CoverageOverviewRoutes = () => (
 export const routes: SecuritySubPluginRoutes = [
   {
     path: RULES_LANDING_PATH,
-    component: RulesLandingPage,
+    component: withSecurityRoutePageWrapper(RulesLandingPage, SecurityPageName.rulesLanding, {
+      redirectOnMissing: true,
+    }),
   },
   {
     path: RULES_PATH,
-    component: Rules,
+    component: withSecurityRoutePageWrapper(Rules, SecurityPageName.rules, {
+      redirectOnMissing: true,
+    }),
   },
   {
     path: COVERAGE_OVERVIEW_PATH,
-    component: CoverageOverviewRoutes,
+    component: withSecurityRoutePageWrapper(
+      CoverageOverviewRoutes,
+      SecurityPageName.coverageOverview,
+      {
+        redirectOnMissing: true,
+      }
+    ),
   },
 ];

From 16dd9c97df418bbd2ea3b2ecf35098e61dc30bd2 Mon Sep 17 00:00:00 2001
From: Tomasz Ciecierski <tomasz.ciecierski@elastic.co>
Date: Tue, 1 Apr 2025 16:53:56 +0200
Subject: [PATCH 03/23] fix tests

---
 .../src/security/product_feature_config.ts    | 10 +++++++++-
 .../security/v2_features/kibana_features.ts   | 11 ++--------
 .../utils/timeline/use_show_timeline.test.tsx |  1 +
 .../platform_security/authorization.ts        | 20 +++++++++++--------
 4 files changed, 24 insertions(+), 18 deletions(-)

diff --git a/x-pack/solutions/security/packages/features/src/security/product_feature_config.ts b/x-pack/solutions/security/packages/features/src/security/product_feature_config.ts
index 202cdd8ef79d5..f90540fc0f18e 100644
--- a/x-pack/solutions/security/packages/features/src/security/product_feature_config.ts
+++ b/x-pack/solutions/security/packages/features/src/security/product_feature_config.ts
@@ -59,11 +59,19 @@ export const securityDefaultProductFeaturesConfig: DefaultSecurityProductFeature
           'cloud-security-posture-read',
           'cloud-defend-all',
           'cloud-defend-read',
+          'bulkGetUserProfiles',
         ],
       },
       read: {
         ui: ['show', 'detections'],
-        api: [APP_ID, 'lists-read', 'rac', 'cloud-security-posture-read', 'cloud-defend-read'],
+        api: [
+          APP_ID,
+          'lists-read',
+          'rac',
+          'cloud-security-posture-read',
+          'cloud-defend-read',
+          'bulkGetUserProfiles',
+        ],
       },
     },
   },
diff --git a/x-pack/solutions/security/packages/features/src/security/v2_features/kibana_features.ts b/x-pack/solutions/security/packages/features/src/security/v2_features/kibana_features.ts
index 2af2160e3c65a..bbc383425859a 100644
--- a/x-pack/solutions/security/packages/features/src/security/v2_features/kibana_features.ts
+++ b/x-pack/solutions/security/packages/features/src/security/v2_features/kibana_features.ts
@@ -93,14 +93,7 @@ export const getSecurityV2BaseKibanaFeature = ({
     read: {
       app: [APP_ID, CLOUD_POSTURE_APP_ID, 'kibana'],
       catalogue: [APP_ID],
-      api: [
-        APP_ID,
-        'lists-read',
-        'rac',
-        'cloud-security-posture-read',
-        'cloud-defend-read',
-        'bulkGetUserProfiles',
-      ],
+      api: [],
       savedObject: {
         all: [],
         read: [...savedObjects],
@@ -116,7 +109,7 @@ export const getSecurityV2BaseKibanaFeature = ({
       management: {
         insightsAndAlerting: ['triggersActions'],
       },
-      ui: ['show'],
+      ui: [],
     },
   },
 });
diff --git a/x-pack/solutions/security/plugins/security_solution/public/common/utils/timeline/use_show_timeline.test.tsx b/x-pack/solutions/security/plugins/security_solution/public/common/utils/timeline/use_show_timeline.test.tsx
index 9bc192880ea89..c5ec57afb0cc9 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/common/utils/timeline/use_show_timeline.test.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/common/utils/timeline/use_show_timeline.test.tsx
@@ -76,6 +76,7 @@ describe('use show timeline', () => {
         siemV2: {
           show: true,
           crud: true,
+          detections: true,
         },
       },
       upselling: mockUpselling,
diff --git a/x-pack/test_serverless/api_integration/test_suites/security/platform_security/authorization.ts b/x-pack/test_serverless/api_integration/test_suites/security/platform_security/authorization.ts
index bbbb22a4e51ed..6517313d27413 100644
--- a/x-pack/test_serverless/api_integration/test_suites/security/platform_security/authorization.ts
+++ b/x-pack/test_serverless/api_integration/test_suites/security/platform_security/authorization.ts
@@ -220,6 +220,7 @@ export default function ({ getService }: FtrProviderContext) {
               ],
               "all": Array [
                 "login:",
+                "api:securitySolution-entity-analytics",
                 "api:securitySolution",
                 "api:lists-all",
                 "api:lists-read",
@@ -230,7 +231,6 @@ export default function ({ getService }: FtrProviderContext) {
                 "api:cloud-defend-all",
                 "api:cloud-defend-read",
                 "api:bulkGetUserProfiles",
-                "api:securitySolution-entity-analytics",
                 "api:securitySolution-threat-intelligence",
                 "api:securitySolution-showEndpointExceptions",
                 "api:securitySolution-crudEndpointExceptions",
@@ -471,9 +471,10 @@ export default function ({ getService }: FtrProviderContext) {
                 "saved_object:cloud/find",
                 "saved_object:cloud/open_point_in_time",
                 "saved_object:cloud/close_point_in_time",
+                "ui:siemV2/entity-analytics",
                 "ui:siemV2/show",
                 "ui:siemV2/crud",
-                "ui:siemV2/entity-analytics",
+                "ui:siemV2/detections",
                 "ui:siemV2/investigation-guide",
                 "ui:siemV2/investigation-guide-interactions",
                 "ui:siemV2/threat-intelligence",
@@ -1065,6 +1066,7 @@ export default function ({ getService }: FtrProviderContext) {
               ],
               "minimal_all": Array [
                 "login:",
+                "api:securitySolution-entity-analytics",
                 "api:securitySolution",
                 "api:lists-all",
                 "api:lists-read",
@@ -1075,7 +1077,6 @@ export default function ({ getService }: FtrProviderContext) {
                 "api:cloud-defend-all",
                 "api:cloud-defend-read",
                 "api:bulkGetUserProfiles",
-                "api:securitySolution-entity-analytics",
                 "api:securitySolution-threat-intelligence",
                 "app:securitySolution",
                 "app:csp",
@@ -1314,9 +1315,10 @@ export default function ({ getService }: FtrProviderContext) {
                 "saved_object:cloud/find",
                 "saved_object:cloud/open_point_in_time",
                 "saved_object:cloud/close_point_in_time",
+                "ui:siemV2/entity-analytics",
                 "ui:siemV2/show",
                 "ui:siemV2/crud",
-                "ui:siemV2/entity-analytics",
+                "ui:siemV2/detections",
                 "ui:siemV2/investigation-guide",
                 "ui:siemV2/investigation-guide-interactions",
                 "ui:siemV2/threat-intelligence",
@@ -1772,13 +1774,13 @@ export default function ({ getService }: FtrProviderContext) {
               ],
               "minimal_read": Array [
                 "login:",
+                "api:securitySolution-entity-analytics",
                 "api:securitySolution",
                 "api:lists-read",
                 "api:rac",
                 "api:cloud-security-posture-read",
                 "api:cloud-defend-read",
                 "api:bulkGetUserProfiles",
-                "api:securitySolution-entity-analytics",
                 "api:securitySolution-threat-intelligence",
                 "app:securitySolution",
                 "app:csp",
@@ -1893,8 +1895,9 @@ export default function ({ getService }: FtrProviderContext) {
                 "saved_object:cloud/find",
                 "saved_object:cloud/open_point_in_time",
                 "saved_object:cloud/close_point_in_time",
-                "ui:siemV2/show",
                 "ui:siemV2/entity-analytics",
+                "ui:siemV2/show",
+                "ui:siemV2/detections",
                 "ui:siemV2/investigation-guide",
                 "ui:siemV2/investigation-guide-interactions",
                 "ui:siemV2/threat-intelligence",
@@ -2139,13 +2142,13 @@ export default function ({ getService }: FtrProviderContext) {
               ],
               "read": Array [
                 "login:",
+                "api:securitySolution-entity-analytics",
                 "api:securitySolution",
                 "api:lists-read",
                 "api:rac",
                 "api:cloud-security-posture-read",
                 "api:cloud-defend-read",
                 "api:bulkGetUserProfiles",
-                "api:securitySolution-entity-analytics",
                 "api:securitySolution-threat-intelligence",
                 "api:securitySolution-showEndpointExceptions",
                 "app:securitySolution",
@@ -2261,8 +2264,9 @@ export default function ({ getService }: FtrProviderContext) {
                 "saved_object:cloud/find",
                 "saved_object:cloud/open_point_in_time",
                 "saved_object:cloud/close_point_in_time",
-                "ui:siemV2/show",
                 "ui:siemV2/entity-analytics",
+                "ui:siemV2/show",
+                "ui:siemV2/detections",
                 "ui:siemV2/investigation-guide",
                 "ui:siemV2/investigation-guide-interactions",
                 "ui:siemV2/threat-intelligence",

From aa07440f1c9d36fc7132861e2757a30e164604d0 Mon Sep 17 00:00:00 2001
From: Tomasz Ciecierski <tomasz.ciecierski@elastic.co>
Date: Wed, 2 Apr 2025 14:25:27 +0200
Subject: [PATCH 04/23] renderSpyRoute conditionally

---
 .../security_route_page_wrapper/index.tsx     | 21 +++++++++++++++++--
 .../security_solution/public/rules/routes.tsx |  1 +
 2 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/x-pack/solutions/security/plugins/security_solution/public/common/components/security_route_page_wrapper/index.tsx b/x-pack/solutions/security/plugins/security_solution/public/common/components/security_route_page_wrapper/index.tsx
index 6d5e33494c55a..b66b561463273 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/common/components/security_route_page_wrapper/index.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/common/components/security_route_page_wrapper/index.tsx
@@ -22,6 +22,8 @@ interface SecurityRoutePageWrapperProps {
    * Used primarily in the AI for SOC tier, to allow redirecting to the home page instead of showing the NoPrivileges page.
    */
   redirectIfUnauthorized?: boolean;
+  // Used to disable the SpyRoute for the page if page's children have their own specified.
+  renderSpyRoute?: boolean;
 }
 
 /**
@@ -46,6 +48,7 @@ export const SecurityRoutePageWrapper: FC<PropsWithChildren<SecurityRoutePageWra
   pageName,
   redirectIfUnauthorized,
   redirectOnMissing,
+  renderSpyRoute = true,
 }) => {
   const link = useLinkInfo(pageName);
 
@@ -53,6 +56,8 @@ export const SecurityRoutePageWrapper: FC<PropsWithChildren<SecurityRoutePageWra
   // When it is defined it must be rendered, no need to check anything else.
   const UpsellingPage = useUpsellingPage(pageName);
   if (UpsellingPage) {
+    console.log('0');
+
     return (
       <>
         <SpyRoute pageName={pageName} />
@@ -63,6 +68,7 @@ export const SecurityRoutePageWrapper: FC<PropsWithChildren<SecurityRoutePageWra
 
   // Allows a redirect to the home page.
   if (redirectOnMissing && link == null) {
+    console.log('1');
     return <Redirect to="" />;
   }
 
@@ -71,11 +77,15 @@ export const SecurityRoutePageWrapper: FC<PropsWithChildren<SecurityRoutePageWra
   // Allows a redirect to the home page if the link is undefined or unauthorized.
   // This is used in the AI for SOC tier (for the Alert Summary page for example), as it does not make sense to show the NoPrivilegesPage.
   if (redirectIfUnauthorized && !isAuthorized) {
+    console.log('2');
+
     return <Redirect to="" />;
   }
 
   // Show the no privileges page if the link is undefined or unauthorized.
   if (!isAuthorized) {
+    console.log('3');
+
     return (
       <>
         <SpyRoute pageName={pageName} />
@@ -86,12 +96,13 @@ export const SecurityRoutePageWrapper: FC<PropsWithChildren<SecurityRoutePageWra
       </>
     );
   }
+  console.log('poszlo', pageName);
 
   // Show the actual application page.
   return (
     <TrackApplicationView viewId={pageName}>
       {children}
-      <SpyRoute pageName={pageName} />
+      {renderSpyRoute && <SpyRoute pageName={pageName} />}
     </TrackApplicationView>
   );
 };
@@ -105,7 +116,12 @@ export const withSecurityRoutePageWrapper = <T extends {}>(
   {
     redirectOnMissing,
     redirectIfUnauthorized,
-  }: { redirectOnMissing?: boolean; redirectIfUnauthorized?: boolean } = {}
+    renderSpyRoute,
+  }: {
+    redirectOnMissing?: boolean;
+    redirectIfUnauthorized?: boolean;
+    renderSpyRoute?: boolean;
+  } = {}
 ) => {
   return function WithSecurityRoutePageWrapper(props: T) {
     return (
@@ -113,6 +129,7 @@ export const withSecurityRoutePageWrapper = <T extends {}>(
         pageName={pageName}
         redirectOnMissing={redirectOnMissing}
         redirectIfUnauthorized={redirectIfUnauthorized}
+        renderSpyRoute={renderSpyRoute}
       >
         <Component {...props} />
       </SecurityRoutePageWrapper>
diff --git a/x-pack/solutions/security/plugins/security_solution/public/rules/routes.tsx b/x-pack/solutions/security/plugins/security_solution/public/rules/routes.tsx
index 6c3707b3513ba..9a417b285ec4f 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/rules/routes.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/rules/routes.tsx
@@ -126,6 +126,7 @@ export const routes: SecuritySubPluginRoutes = [
     path: RULES_PATH,
     component: withSecurityRoutePageWrapper(Rules, SecurityPageName.rules, {
       redirectOnMissing: true,
+      renderSpyRoute: false,
     }),
   },
   {

From 5d2d066409e68b1c63cf8c58bea13dcc5c3d3b75 Mon Sep 17 00:00:00 2001
From: Tomasz Ciecierski <tomasz.ciecierski@elastic.co>
Date: Wed, 2 Apr 2025 15:05:51 +0200
Subject: [PATCH 05/23] add omitSpyRoutes conditionally

---
 .../security_route_page_wrapper/index.tsx     | 20 ++++++-------------
 .../security_solution/public/rules/routes.tsx | 14 ++++++-------
 2 files changed, 13 insertions(+), 21 deletions(-)

diff --git a/x-pack/solutions/security/plugins/security_solution/public/common/components/security_route_page_wrapper/index.tsx b/x-pack/solutions/security/plugins/security_solution/public/common/components/security_route_page_wrapper/index.tsx
index b66b561463273..10a9cc4ff2874 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/common/components/security_route_page_wrapper/index.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/common/components/security_route_page_wrapper/index.tsx
@@ -23,7 +23,7 @@ interface SecurityRoutePageWrapperProps {
    */
   redirectIfUnauthorized?: boolean;
   // Used to disable the SpyRoute for the page if page's children have their own specified.
-  renderSpyRoute?: boolean;
+  omitSpyRoute?: boolean;
 }
 
 /**
@@ -48,7 +48,7 @@ export const SecurityRoutePageWrapper: FC<PropsWithChildren<SecurityRoutePageWra
   pageName,
   redirectIfUnauthorized,
   redirectOnMissing,
-  renderSpyRoute = true,
+  omitSpyRoute,
 }) => {
   const link = useLinkInfo(pageName);
 
@@ -56,8 +56,6 @@ export const SecurityRoutePageWrapper: FC<PropsWithChildren<SecurityRoutePageWra
   // When it is defined it must be rendered, no need to check anything else.
   const UpsellingPage = useUpsellingPage(pageName);
   if (UpsellingPage) {
-    console.log('0');
-
     return (
       <>
         <SpyRoute pageName={pageName} />
@@ -68,7 +66,6 @@ export const SecurityRoutePageWrapper: FC<PropsWithChildren<SecurityRoutePageWra
 
   // Allows a redirect to the home page.
   if (redirectOnMissing && link == null) {
-    console.log('1');
     return <Redirect to="" />;
   }
 
@@ -77,15 +74,11 @@ export const SecurityRoutePageWrapper: FC<PropsWithChildren<SecurityRoutePageWra
   // Allows a redirect to the home page if the link is undefined or unauthorized.
   // This is used in the AI for SOC tier (for the Alert Summary page for example), as it does not make sense to show the NoPrivilegesPage.
   if (redirectIfUnauthorized && !isAuthorized) {
-    console.log('2');
-
     return <Redirect to="" />;
   }
 
   // Show the no privileges page if the link is undefined or unauthorized.
   if (!isAuthorized) {
-    console.log('3');
-
     return (
       <>
         <SpyRoute pageName={pageName} />
@@ -96,13 +89,12 @@ export const SecurityRoutePageWrapper: FC<PropsWithChildren<SecurityRoutePageWra
       </>
     );
   }
-  console.log('poszlo', pageName);
 
   // Show the actual application page.
   return (
     <TrackApplicationView viewId={pageName}>
       {children}
-      {renderSpyRoute && <SpyRoute pageName={pageName} />}
+      {!omitSpyRoute && <SpyRoute pageName={pageName} />}
     </TrackApplicationView>
   );
 };
@@ -116,11 +108,11 @@ export const withSecurityRoutePageWrapper = <T extends {}>(
   {
     redirectOnMissing,
     redirectIfUnauthorized,
-    renderSpyRoute,
+    omitSpyRoute,
   }: {
     redirectOnMissing?: boolean;
     redirectIfUnauthorized?: boolean;
-    renderSpyRoute?: boolean;
+    omitSpyRoute?: boolean;
   } = {}
 ) => {
   return function WithSecurityRoutePageWrapper(props: T) {
@@ -129,7 +121,7 @@ export const withSecurityRoutePageWrapper = <T extends {}>(
         pageName={pageName}
         redirectOnMissing={redirectOnMissing}
         redirectIfUnauthorized={redirectIfUnauthorized}
-        renderSpyRoute={renderSpyRoute}
+        omitSpyRoute={omitSpyRoute}
       >
         <Component {...props} />
       </SecurityRoutePageWrapper>
diff --git a/x-pack/solutions/security/plugins/security_solution/public/rules/routes.tsx b/x-pack/solutions/security/plugins/security_solution/public/rules/routes.tsx
index 9a417b285ec4f..a08be19ac327e 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/rules/routes.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/rules/routes.tsx
@@ -30,7 +30,10 @@ import type { SecuritySubPluginRoutes } from '../app/types';
 import { RulesLandingPage } from './landing';
 import { CoverageOverviewPage } from '../detection_engine/rule_management_ui/pages/coverage_overview';
 import { RuleDetailTabs } from '../detection_engine/rule_details_ui/pages/rule_details/use_rule_details_tabs';
-import { withSecurityRoutePageWrapper } from '../common/components/security_route_page_wrapper';
+import {
+  SecurityRoutePageWrapper,
+  withSecurityRoutePageWrapper,
+} from '../common/components/security_route_page_wrapper';
 
 const RulesSubRoutes = [
   {
@@ -65,7 +68,7 @@ const RulesContainerComponent: React.FC = () => {
 
   return (
     <PluginTemplateWrapper>
-      <TrackApplicationView viewId={SecurityPageName.rules}>
+      <SecurityRoutePageWrapper pageName={SecurityPageName.rules} redirectOnMissing omitSpyRoute>
         <Routes>
           <Route // Redirect to first tab if none specified
             path="/rules/id/:detailName"
@@ -100,7 +103,7 @@ const RulesContainerComponent: React.FC = () => {
           <Route component={NotFoundPage} />
           <SpyRoute pageName={SecurityPageName.rules} />
         </Routes>
-      </TrackApplicationView>
+      </SecurityRoutePageWrapper>
     </PluginTemplateWrapper>
   );
 };
@@ -124,10 +127,7 @@ export const routes: SecuritySubPluginRoutes = [
   },
   {
     path: RULES_PATH,
-    component: withSecurityRoutePageWrapper(Rules, SecurityPageName.rules, {
-      redirectOnMissing: true,
-      renderSpyRoute: false,
-    }),
+    component: Rules,
   },
   {
     path: COVERAGE_OVERVIEW_PATH,

From df33a7b5a9eeaed8a2d8266dea68bf516a727267 Mon Sep 17 00:00:00 2001
From: Tomasz Ciecierski <tomasz.ciecierski@elastic.co>
Date: Wed, 2 Apr 2025 17:07:49 +0200
Subject: [PATCH 06/23] bring back permissions

---
 .../src/security/v2_features/kibana_features.ts | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/x-pack/solutions/security/packages/features/src/security/v2_features/kibana_features.ts b/x-pack/solutions/security/packages/features/src/security/v2_features/kibana_features.ts
index bbc383425859a..67f676a61aaa6 100644
--- a/x-pack/solutions/security/packages/features/src/security/v2_features/kibana_features.ts
+++ b/x-pack/solutions/security/packages/features/src/security/v2_features/kibana_features.ts
@@ -76,6 +76,18 @@ export const getSecurityV2BaseKibanaFeature = ({
     all: {
       app: [APP_ID, CLOUD_POSTURE_APP_ID, 'kibana'],
       catalogue: [APP_ID],
+      api: [
+        APP_ID,
+        'lists-all',
+        'lists-read',
+        'lists-summary',
+        'rac',
+        'cloud-security-posture-all',
+        'cloud-security-posture-read',
+        'cloud-defend-all',
+        'cloud-defend-read',
+        'bulkGetUserProfiles',
+      ],
       savedObject: {
         all: ['alert', ...savedObjects],
         read: [],
@@ -87,8 +99,7 @@ export const getSecurityV2BaseKibanaFeature = ({
       management: {
         insightsAndAlerting: ['triggersActions'],
       },
-      api: [],
-      ui: [],
+      ui: ['show', 'crud'],
     },
     read: {
       app: [APP_ID, CLOUD_POSTURE_APP_ID, 'kibana'],
@@ -109,7 +120,7 @@ export const getSecurityV2BaseKibanaFeature = ({
       management: {
         insightsAndAlerting: ['triggersActions'],
       },
-      ui: [],
+      ui: ['show'],
     },
   },
 });

From 721a91511fd3857c0fde634f05dffec6395b7c97 Mon Sep 17 00:00:00 2001
From: Tomasz Ciecierski <tomasz.ciecierski@elastic.co>
Date: Thu, 3 Apr 2025 09:51:36 +0200
Subject: [PATCH 07/23] fix snapshot

---
 .../security/platform_security/authorization.ts  | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/x-pack/test_serverless/api_integration/test_suites/security/platform_security/authorization.ts b/x-pack/test_serverless/api_integration/test_suites/security/platform_security/authorization.ts
index 6517313d27413..daaca9718a6b2 100644
--- a/x-pack/test_serverless/api_integration/test_suites/security/platform_security/authorization.ts
+++ b/x-pack/test_serverless/api_integration/test_suites/security/platform_security/authorization.ts
@@ -220,7 +220,6 @@ export default function ({ getService }: FtrProviderContext) {
               ],
               "all": Array [
                 "login:",
-                "api:securitySolution-entity-analytics",
                 "api:securitySolution",
                 "api:lists-all",
                 "api:lists-read",
@@ -231,6 +230,7 @@ export default function ({ getService }: FtrProviderContext) {
                 "api:cloud-defend-all",
                 "api:cloud-defend-read",
                 "api:bulkGetUserProfiles",
+                "api:securitySolution-entity-analytics",
                 "api:securitySolution-threat-intelligence",
                 "api:securitySolution-showEndpointExceptions",
                 "api:securitySolution-crudEndpointExceptions",
@@ -471,9 +471,9 @@ export default function ({ getService }: FtrProviderContext) {
                 "saved_object:cloud/find",
                 "saved_object:cloud/open_point_in_time",
                 "saved_object:cloud/close_point_in_time",
-                "ui:siemV2/entity-analytics",
                 "ui:siemV2/show",
                 "ui:siemV2/crud",
+                "ui:siemV2/entity-analytics",
                 "ui:siemV2/detections",
                 "ui:siemV2/investigation-guide",
                 "ui:siemV2/investigation-guide-interactions",
@@ -1066,7 +1066,6 @@ export default function ({ getService }: FtrProviderContext) {
               ],
               "minimal_all": Array [
                 "login:",
-                "api:securitySolution-entity-analytics",
                 "api:securitySolution",
                 "api:lists-all",
                 "api:lists-read",
@@ -1077,6 +1076,7 @@ export default function ({ getService }: FtrProviderContext) {
                 "api:cloud-defend-all",
                 "api:cloud-defend-read",
                 "api:bulkGetUserProfiles",
+                "api:securitySolution-entity-analytics",
                 "api:securitySolution-threat-intelligence",
                 "app:securitySolution",
                 "app:csp",
@@ -1315,9 +1315,9 @@ export default function ({ getService }: FtrProviderContext) {
                 "saved_object:cloud/find",
                 "saved_object:cloud/open_point_in_time",
                 "saved_object:cloud/close_point_in_time",
-                "ui:siemV2/entity-analytics",
                 "ui:siemV2/show",
                 "ui:siemV2/crud",
+                "ui:siemV2/entity-analytics",
                 "ui:siemV2/detections",
                 "ui:siemV2/investigation-guide",
                 "ui:siemV2/investigation-guide-interactions",
@@ -1774,13 +1774,13 @@ export default function ({ getService }: FtrProviderContext) {
               ],
               "minimal_read": Array [
                 "login:",
-                "api:securitySolution-entity-analytics",
                 "api:securitySolution",
                 "api:lists-read",
                 "api:rac",
                 "api:cloud-security-posture-read",
                 "api:cloud-defend-read",
                 "api:bulkGetUserProfiles",
+                "api:securitySolution-entity-analytics",
                 "api:securitySolution-threat-intelligence",
                 "app:securitySolution",
                 "app:csp",
@@ -1895,8 +1895,8 @@ export default function ({ getService }: FtrProviderContext) {
                 "saved_object:cloud/find",
                 "saved_object:cloud/open_point_in_time",
                 "saved_object:cloud/close_point_in_time",
-                "ui:siemV2/entity-analytics",
                 "ui:siemV2/show",
+
                 "ui:siemV2/detections",
                 "ui:siemV2/investigation-guide",
                 "ui:siemV2/investigation-guide-interactions",
@@ -2142,13 +2142,13 @@ export default function ({ getService }: FtrProviderContext) {
               ],
               "read": Array [
                 "login:",
-                "api:securitySolution-entity-analytics",
                 "api:securitySolution",
                 "api:lists-read",
                 "api:rac",
                 "api:cloud-security-posture-read",
                 "api:cloud-defend-read",
                 "api:bulkGetUserProfiles",
+                "api:securitySolution-entity-analytics",
                 "api:securitySolution-threat-intelligence",
                 "api:securitySolution-showEndpointExceptions",
                 "app:securitySolution",
@@ -2264,8 +2264,8 @@ export default function ({ getService }: FtrProviderContext) {
                 "saved_object:cloud/find",
                 "saved_object:cloud/open_point_in_time",
                 "saved_object:cloud/close_point_in_time",
-                "ui:siemV2/entity-analytics",
                 "ui:siemV2/show",
+                "ui:siemV2/entity-analytics",
                 "ui:siemV2/detections",
                 "ui:siemV2/investigation-guide",
                 "ui:siemV2/investigation-guide-interactions",

From 4018e97032e3d615785655a2fe3c8e4503a4ed09 Mon Sep 17 00:00:00 2001
From: Tomasz Ciecierski <tomasz.ciecierski@elastic.co>
Date: Thu, 3 Apr 2025 09:54:57 +0200
Subject: [PATCH 08/23] bring back missing privileges

---
 .../features/src/security/v2_features/kibana_features.ts | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/x-pack/solutions/security/packages/features/src/security/v2_features/kibana_features.ts b/x-pack/solutions/security/packages/features/src/security/v2_features/kibana_features.ts
index 67f676a61aaa6..7cc4ebae77ddd 100644
--- a/x-pack/solutions/security/packages/features/src/security/v2_features/kibana_features.ts
+++ b/x-pack/solutions/security/packages/features/src/security/v2_features/kibana_features.ts
@@ -104,7 +104,14 @@ export const getSecurityV2BaseKibanaFeature = ({
     read: {
       app: [APP_ID, CLOUD_POSTURE_APP_ID, 'kibana'],
       catalogue: [APP_ID],
-      api: [],
+      api: [
+        APP_ID,
+        'lists-read',
+        'rac',
+        'cloud-security-posture-read',
+        'cloud-defend-read',
+        'bulkGetUserProfiles',
+      ],
       savedObject: {
         all: [],
         read: [...savedObjects],

From fa805ffe29c002794b427483176095a44ba255ea Mon Sep 17 00:00:00 2001
From: Tomasz Ciecierski <tomasz.ciecierski@elastic.co>
Date: Thu, 3 Apr 2025 12:45:13 +0200
Subject: [PATCH 09/23] add external_detections

---
 .../features/src/product_features_keys.ts     | 11 +++++---
 .../src/security/product_feature_config.ts    | 10 +++----
 .../security/v2_features/kibana_features.ts   | 26 +++----------------
 .../public/detections/links.ts                |  2 +-
 .../security_solution_ess/common/constants.ts |  2 +-
 .../common/pli/pli_config.ts                  |  2 +-
 6 files changed, 19 insertions(+), 34 deletions(-)

diff --git a/x-pack/solutions/security/packages/features/src/product_features_keys.ts b/x-pack/solutions/security/packages/features/src/product_features_keys.ts
index 5c83d014f2fe0..e6b1c1e5733f0 100644
--- a/x-pack/solutions/security/packages/features/src/product_features_keys.ts
+++ b/x-pack/solutions/security/packages/features/src/product_features_keys.ts
@@ -8,12 +8,15 @@
 export enum ProductFeatureSecurityKey {
   /** Enables Advanced Insights (Entity Risk, GenAI) */
   advancedInsights = 'advanced_insights',
-  /** Enables Alerts Summary page for AI SOC */
-  alertsSummary = 'alerts_summary',
-  /** Elastic endpoint detections, includes alerts, rules, investigations */
-  detections = 'detections',
+
   /** Enables Configurations page for AI SOC */
   configurations = 'configurations',
+
+  /** Elastic endpoint detections, includes alerts, rules, investigations */
+  detections = 'detections',
+
+  /** Enables external detections for AI SOC, includes alerts_summary, basic_rules*/
+  externalDetections = 'external_detections',
   /**
    * Enables Investigation guide in Timeline
    */
diff --git a/x-pack/solutions/security/packages/features/src/security/product_feature_config.ts b/x-pack/solutions/security/packages/features/src/security/product_feature_config.ts
index cf73a74d6c0a2..19479a2437551 100644
--- a/x-pack/solutions/security/packages/features/src/security/product_feature_config.ts
+++ b/x-pack/solutions/security/packages/features/src/security/product_feature_config.ts
@@ -33,15 +33,15 @@ export const securityDefaultProductFeaturesConfig: DefaultSecurityProductFeature
     },
   },
 
-  [ProductFeatureSecurityKey.alertsSummary]: {
+  [ProductFeatureSecurityKey.externalDetections]: {
     privileges: {
       all: {
-        ui: ['alerts_summary'],
-        api: [`${APP_ID}-alert-summary`],
+        ui: ['show', 'external_detections'],
+        api: [APP_ID, 'lists-all', 'lists-read', 'lists-summary', 'rac'],
       },
       read: {
-        ui: ['alerts_summary_read'],
-        api: [`${APP_ID}-alert-summary`],
+        ui: ['show', 'external_detections'],
+        api: [APP_ID, 'lists-read', 'rac'],
       },
     },
   },
diff --git a/x-pack/solutions/security/packages/features/src/security/v2_features/kibana_features.ts b/x-pack/solutions/security/packages/features/src/security/v2_features/kibana_features.ts
index 7cc4ebae77ddd..9e7fd1cb73a14 100644
--- a/x-pack/solutions/security/packages/features/src/security/v2_features/kibana_features.ts
+++ b/x-pack/solutions/security/packages/features/src/security/v2_features/kibana_features.ts
@@ -76,18 +76,7 @@ export const getSecurityV2BaseKibanaFeature = ({
     all: {
       app: [APP_ID, CLOUD_POSTURE_APP_ID, 'kibana'],
       catalogue: [APP_ID],
-      api: [
-        APP_ID,
-        'lists-all',
-        'lists-read',
-        'lists-summary',
-        'rac',
-        'cloud-security-posture-all',
-        'cloud-security-posture-read',
-        'cloud-defend-all',
-        'cloud-defend-read',
-        'bulkGetUserProfiles',
-      ],
+      api: [],
       savedObject: {
         all: ['alert', ...savedObjects],
         read: [],
@@ -99,19 +88,12 @@ export const getSecurityV2BaseKibanaFeature = ({
       management: {
         insightsAndAlerting: ['triggersActions'],
       },
-      ui: ['show', 'crud'],
+      ui: [],
     },
     read: {
       app: [APP_ID, CLOUD_POSTURE_APP_ID, 'kibana'],
       catalogue: [APP_ID],
-      api: [
-        APP_ID,
-        'lists-read',
-        'rac',
-        'cloud-security-posture-read',
-        'cloud-defend-read',
-        'bulkGetUserProfiles',
-      ],
+      api: [],
       savedObject: {
         all: [],
         read: [...savedObjects],
@@ -127,7 +109,7 @@ export const getSecurityV2BaseKibanaFeature = ({
       management: {
         insightsAndAlerting: ['triggersActions'],
       },
-      ui: ['show'],
+      ui: [],
     },
   },
 });
diff --git a/x-pack/solutions/security/plugins/security_solution/public/detections/links.ts b/x-pack/solutions/security/plugins/security_solution/public/detections/links.ts
index 47b949eadbbea..6ab7612ea87bd 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/detections/links.ts
+++ b/x-pack/solutions/security/plugins/security_solution/public/detections/links.ts
@@ -32,7 +32,7 @@ export const alertSummaryLink: LinkItem = {
   id: SecurityPageName.alertSummary,
   path: ALERT_SUMMARY_PATH,
   title: ALERT_SUMMARY,
-  capabilities: [[`${SECURITY_FEATURE_ID}.show`, `${SECURITY_FEATURE_ID}.alerts_summary_read`]],
+  capabilities: [[`${SECURITY_FEATURE_ID}.show`, `${SECURITY_FEATURE_ID}.external_detections`]],
   globalNavPosition: 3,
   globalSearchKeywords: [
     i18n.translate('xpack.securitySolution.appLinks.alertSummary', {
diff --git a/x-pack/solutions/security/plugins/security_solution_ess/common/constants.ts b/x-pack/solutions/security/plugins/security_solution_ess/common/constants.ts
index ea539eae7a9d4..0d0bfcd80d70d 100644
--- a/x-pack/solutions/security/plugins/security_solution_ess/common/constants.ts
+++ b/x-pack/solutions/security/plugins/security_solution_ess/common/constants.ts
@@ -13,7 +13,7 @@ import {
 
 // List of product features that are disabled in different offering (eg. Serverless).
 const DISABLED_PRODUCT_FEATURES: ProductFeatureKeyType[] = [
-  ProductFeatureSecurityKey.alertsSummary,
+  ProductFeatureSecurityKey.externalDetections,
   ProductFeatureSecurityKey.configurations,
 ];
 
diff --git a/x-pack/solutions/security/plugins/security_solution_serverless/common/pli/pli_config.ts b/x-pack/solutions/security/plugins/security_solution_serverless/common/pli/pli_config.ts
index d9d7eec4874be..6f774f6b5da31 100644
--- a/x-pack/solutions/security/plugins/security_solution_serverless/common/pli/pli_config.ts
+++ b/x-pack/solutions/security/plugins/security_solution_serverless/common/pli/pli_config.ts
@@ -19,8 +19,8 @@ export const PLI_PRODUCT_FEATURES: PliProductFeatures = {
     search_ai_lake: [
       ProductFeatureKey.attackDiscovery,
       ProductFeatureKey.assistant,
-      ProductFeatureKey.alertsSummary,
       ProductFeatureKey.configurations,
+      ProductFeatureKey.externalDetections,
     ],
     essentials: [ProductFeatureKey.attackDiscovery, ProductFeatureKey.assistant],
     complete: [ProductFeatureKey.attackDiscovery, ProductFeatureKey.assistant],

From 4902e2b548e0153dcb7b14f6a9b7969892eaf890 Mon Sep 17 00:00:00 2001
From: Tomasz Ciecierski <tomasz.ciecierski@elastic.co>
Date: Thu, 3 Apr 2025 14:26:52 +0200
Subject: [PATCH 10/23] Revert "fix snapshot"

This reverts commit 721a91511fd3857c0fde634f05dffec6395b7c97.
---
 .../security/platform_security/authorization.ts  | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/x-pack/test_serverless/api_integration/test_suites/security/platform_security/authorization.ts b/x-pack/test_serverless/api_integration/test_suites/security/platform_security/authorization.ts
index daaca9718a6b2..6517313d27413 100644
--- a/x-pack/test_serverless/api_integration/test_suites/security/platform_security/authorization.ts
+++ b/x-pack/test_serverless/api_integration/test_suites/security/platform_security/authorization.ts
@@ -220,6 +220,7 @@ export default function ({ getService }: FtrProviderContext) {
               ],
               "all": Array [
                 "login:",
+                "api:securitySolution-entity-analytics",
                 "api:securitySolution",
                 "api:lists-all",
                 "api:lists-read",
@@ -230,7 +231,6 @@ export default function ({ getService }: FtrProviderContext) {
                 "api:cloud-defend-all",
                 "api:cloud-defend-read",
                 "api:bulkGetUserProfiles",
-                "api:securitySolution-entity-analytics",
                 "api:securitySolution-threat-intelligence",
                 "api:securitySolution-showEndpointExceptions",
                 "api:securitySolution-crudEndpointExceptions",
@@ -471,9 +471,9 @@ export default function ({ getService }: FtrProviderContext) {
                 "saved_object:cloud/find",
                 "saved_object:cloud/open_point_in_time",
                 "saved_object:cloud/close_point_in_time",
+                "ui:siemV2/entity-analytics",
                 "ui:siemV2/show",
                 "ui:siemV2/crud",
-                "ui:siemV2/entity-analytics",
                 "ui:siemV2/detections",
                 "ui:siemV2/investigation-guide",
                 "ui:siemV2/investigation-guide-interactions",
@@ -1066,6 +1066,7 @@ export default function ({ getService }: FtrProviderContext) {
               ],
               "minimal_all": Array [
                 "login:",
+                "api:securitySolution-entity-analytics",
                 "api:securitySolution",
                 "api:lists-all",
                 "api:lists-read",
@@ -1076,7 +1077,6 @@ export default function ({ getService }: FtrProviderContext) {
                 "api:cloud-defend-all",
                 "api:cloud-defend-read",
                 "api:bulkGetUserProfiles",
-                "api:securitySolution-entity-analytics",
                 "api:securitySolution-threat-intelligence",
                 "app:securitySolution",
                 "app:csp",
@@ -1315,9 +1315,9 @@ export default function ({ getService }: FtrProviderContext) {
                 "saved_object:cloud/find",
                 "saved_object:cloud/open_point_in_time",
                 "saved_object:cloud/close_point_in_time",
+                "ui:siemV2/entity-analytics",
                 "ui:siemV2/show",
                 "ui:siemV2/crud",
-                "ui:siemV2/entity-analytics",
                 "ui:siemV2/detections",
                 "ui:siemV2/investigation-guide",
                 "ui:siemV2/investigation-guide-interactions",
@@ -1774,13 +1774,13 @@ export default function ({ getService }: FtrProviderContext) {
               ],
               "minimal_read": Array [
                 "login:",
+                "api:securitySolution-entity-analytics",
                 "api:securitySolution",
                 "api:lists-read",
                 "api:rac",
                 "api:cloud-security-posture-read",
                 "api:cloud-defend-read",
                 "api:bulkGetUserProfiles",
-                "api:securitySolution-entity-analytics",
                 "api:securitySolution-threat-intelligence",
                 "app:securitySolution",
                 "app:csp",
@@ -1895,8 +1895,8 @@ export default function ({ getService }: FtrProviderContext) {
                 "saved_object:cloud/find",
                 "saved_object:cloud/open_point_in_time",
                 "saved_object:cloud/close_point_in_time",
+                "ui:siemV2/entity-analytics",
                 "ui:siemV2/show",
-
                 "ui:siemV2/detections",
                 "ui:siemV2/investigation-guide",
                 "ui:siemV2/investigation-guide-interactions",
@@ -2142,13 +2142,13 @@ export default function ({ getService }: FtrProviderContext) {
               ],
               "read": Array [
                 "login:",
+                "api:securitySolution-entity-analytics",
                 "api:securitySolution",
                 "api:lists-read",
                 "api:rac",
                 "api:cloud-security-posture-read",
                 "api:cloud-defend-read",
                 "api:bulkGetUserProfiles",
-                "api:securitySolution-entity-analytics",
                 "api:securitySolution-threat-intelligence",
                 "api:securitySolution-showEndpointExceptions",
                 "app:securitySolution",
@@ -2264,8 +2264,8 @@ export default function ({ getService }: FtrProviderContext) {
                 "saved_object:cloud/find",
                 "saved_object:cloud/open_point_in_time",
                 "saved_object:cloud/close_point_in_time",
-                "ui:siemV2/show",
                 "ui:siemV2/entity-analytics",
+                "ui:siemV2/show",
                 "ui:siemV2/detections",
                 "ui:siemV2/investigation-guide",
                 "ui:siemV2/investigation-guide-interactions",

From 9c67d360ce5a6481cf0e66e99aa5c11803d1975d Mon Sep 17 00:00:00 2001
From: Tomasz Ciecierski <tomasz.ciecierski@elastic.co>
Date: Fri, 4 Apr 2025 10:28:01 +0200
Subject: [PATCH 11/23] skip test

---
 .../security/ftr/cloud_security_posture/compliance_dashboard.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/x-pack/test_serverless/functional/test_suites/security/ftr/cloud_security_posture/compliance_dashboard.ts b/x-pack/test_serverless/functional/test_suites/security/ftr/cloud_security_posture/compliance_dashboard.ts
index cc170f5806095..b6e697bf861bb 100644
--- a/x-pack/test_serverless/functional/test_suites/security/ftr/cloud_security_posture/compliance_dashboard.ts
+++ b/x-pack/test_serverless/functional/test_suites/security/ftr/cloud_security_posture/compliance_dashboard.ts
@@ -39,7 +39,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) {
     },
   ];
 
-  describe('Cloud Posture Dashboard Page', function () {
+  describe.skip('Cloud Posture Dashboard Page', function () {
     // TODO: we need to check if the tests are running on MKI. There is a suspicion that installing csp package via Kibana server args is not working on MKI.
     this.tags(['skipMKI', 'cloud_security_posture_compliance_dashboard']);
     let cspDashboard: typeof pageObjects.cloudPostureDashboard;

From 1a39746e2af2cb8757ffae3a53712ad81db2fe88 Mon Sep 17 00:00:00 2001
From: Tomasz Ciecierski <tomasz.ciecierski@elastic.co>
Date: Fri, 4 Apr 2025 11:25:29 +0200
Subject: [PATCH 12/23] fix test

---
 .../security/config.cloud_security_posture.basic.ts           | 4 +++-
 .../ftr/cloud_security_posture/compliance_dashboard.ts        | 2 +-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/x-pack/test_serverless/functional/test_suites/security/config.cloud_security_posture.basic.ts b/x-pack/test_serverless/functional/test_suites/security/config.cloud_security_posture.basic.ts
index ee788c7117f6f..3f6cc68e164b1 100644
--- a/x-pack/test_serverless/functional/test_suites/security/config.cloud_security_posture.basic.ts
+++ b/x-pack/test_serverless/functional/test_suites/security/config.cloud_security_posture.basic.ts
@@ -18,7 +18,9 @@ export default createTestConfig({
     `--xpack.fleet.packages.0.name=cloud_security_posture`,
     `--xpack.fleet.packages.0.version=${CLOUD_SECURITY_PLUGIN_VERSION}`,
     // configs the environment to run on the basic product tier, which may include PLI block components or messages
-    `--xpack.securitySolutionServerless.productTypes=${JSON.stringify([])}`,
+    `--xpack.securitySolutionServerless.productTypes=${JSON.stringify([
+      { product_line: 'security', product_tier: 'essentials' },
+    ])}`,
   ],
   // load tests in the index file
   testFiles: [require.resolve('./ftr/cloud_security_posture')],
diff --git a/x-pack/test_serverless/functional/test_suites/security/ftr/cloud_security_posture/compliance_dashboard.ts b/x-pack/test_serverless/functional/test_suites/security/ftr/cloud_security_posture/compliance_dashboard.ts
index b6e697bf861bb..cc170f5806095 100644
--- a/x-pack/test_serverless/functional/test_suites/security/ftr/cloud_security_posture/compliance_dashboard.ts
+++ b/x-pack/test_serverless/functional/test_suites/security/ftr/cloud_security_posture/compliance_dashboard.ts
@@ -39,7 +39,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) {
     },
   ];
 
-  describe.skip('Cloud Posture Dashboard Page', function () {
+  describe('Cloud Posture Dashboard Page', function () {
     // TODO: we need to check if the tests are running on MKI. There is a suspicion that installing csp package via Kibana server args is not working on MKI.
     this.tags(['skipMKI', 'cloud_security_posture_compliance_dashboard']);
     let cspDashboard: typeof pageObjects.cloudPostureDashboard;

From 29b44c83ae5338d2f88359301e0c3c0f79f4f40b Mon Sep 17 00:00:00 2001
From: Tomasz Ciecierski <tomasz.ciecierski@elastic.co>
Date: Fri, 4 Apr 2025 15:25:05 +0200
Subject: [PATCH 13/23] move features and add test

---
 .../src/security/product_feature_config.ts    | 67 ++++++++++++++++---
 .../security/v1_features/kibana_features.ts   | 54 ---------------
 .../security/v2_features/kibana_features.ts   | 65 ++----------------
 .../index.test.tsx                            | 18 +++++
 4 files changed, 79 insertions(+), 125 deletions(-)

diff --git a/x-pack/solutions/security/packages/features/src/security/product_feature_config.ts b/x-pack/solutions/security/packages/features/src/security/product_feature_config.ts
index 19479a2437551..ca6fd548ef4ed 100644
--- a/x-pack/solutions/security/packages/features/src/security/product_feature_config.ts
+++ b/x-pack/solutions/security/packages/features/src/security/product_feature_config.ts
@@ -5,10 +5,36 @@
  * 2.0.
  */
 
+import {
+  EQL_RULE_TYPE_ID,
+  ESQL_RULE_TYPE_ID,
+  INDICATOR_RULE_TYPE_ID,
+  ML_RULE_TYPE_ID,
+  NEW_TERMS_RULE_TYPE_ID,
+  QUERY_RULE_TYPE_ID,
+  SAVED_QUERY_RULE_TYPE_ID,
+  THRESHOLD_RULE_TYPE_ID,
+} from '@kbn/securitysolution-rules';
 import { ProductFeatureSecurityKey, SecuritySubFeatureId } from '../product_features_keys';
-import { APP_ID } from '../constants';
+import { APP_ID, LEGACY_NOTIFICATIONS_ID, SERVER_APP_ID } from '../constants';
 import type { DefaultSecurityProductFeaturesConfig } from './types';
 
+const SECURITY_RULE_TYPES = [
+  LEGACY_NOTIFICATIONS_ID,
+  ESQL_RULE_TYPE_ID,
+  EQL_RULE_TYPE_ID,
+  INDICATOR_RULE_TYPE_ID,
+  ML_RULE_TYPE_ID,
+  QUERY_RULE_TYPE_ID,
+  SAVED_QUERY_RULE_TYPE_ID,
+  THRESHOLD_RULE_TYPE_ID,
+  NEW_TERMS_RULE_TYPE_ID,
+];
+
+const alertingFeatures = SECURITY_RULE_TYPES.map((ruleTypeId) => ({
+  ruleTypeId,
+  consumers: [SERVER_APP_ID],
+}));
 /**
  * App features privileges configuration for the Security Solution Kibana Feature app.
  * These are the configs that are shared between both offering types (ess and serverless).
@@ -19,6 +45,7 @@ import type { DefaultSecurityProductFeaturesConfig } from './types';
  * - `subFeatureIds`: the ids of the sub-features that will be added into the Security subFeatures entry.
  * - `subFeaturesPrivileges`: the privileges that will be added into the existing Security subFeature with the privilege `id` specified.
  */
+
 export const securityDefaultProductFeaturesConfig: DefaultSecurityProductFeaturesConfig = {
   [ProductFeatureSecurityKey.advancedInsights]: {
     privileges: {
@@ -36,42 +63,60 @@ export const securityDefaultProductFeaturesConfig: DefaultSecurityProductFeature
   [ProductFeatureSecurityKey.externalDetections]: {
     privileges: {
       all: {
-        ui: ['show', 'external_detections'],
-        api: [APP_ID, 'lists-all', 'lists-read', 'lists-summary', 'rac'],
+        ui: ['external_detections'],
+        api: [],
       },
       read: {
-        ui: ['show', 'external_detections'],
-        api: [APP_ID, 'lists-read', 'rac'],
+        ui: ['external_detections'],
+        api: [],
       },
     },
   },
   [ProductFeatureSecurityKey.detections]: {
+    management: {
+      insightsAndAlerting: ['triggersActions'],
+    },
+    alerting: alertingFeatures,
     privileges: {
       all: {
-        ui: ['show', 'crud', 'detections'],
+        ui: ['detections'],
         api: [
-          APP_ID,
           'lists-all',
           'lists-read',
           'lists-summary',
-          'rac',
           'cloud-security-posture-all',
           'cloud-security-posture-read',
           'cloud-defend-all',
           'cloud-defend-read',
           'bulkGetUserProfiles',
         ],
+        alerting: {
+          rule: { all: alertingFeatures },
+          alert: { all: alertingFeatures },
+        },
+        management: {
+          insightsAndAlerting: ['triggersActions'],
+        },
       },
       read: {
-        ui: ['show', 'detections'],
+        ui: ['detections'],
         api: [
-          APP_ID,
           'lists-read',
-          'rac',
           'cloud-security-posture-read',
           'cloud-defend-read',
           'bulkGetUserProfiles',
         ],
+        alerting: {
+          rule: {
+            read: alertingFeatures,
+          },
+          alert: {
+            all: alertingFeatures,
+          },
+        },
+        management: {
+          insightsAndAlerting: ['triggersActions'],
+        },
       },
     },
   },
diff --git a/x-pack/solutions/security/packages/features/src/security/v1_features/kibana_features.ts b/x-pack/solutions/security/packages/features/src/security/v1_features/kibana_features.ts
index f4cbe0bdf1b4f..c7314c32a729b 100644
--- a/x-pack/solutions/security/packages/features/src/security/v1_features/kibana_features.ts
+++ b/x-pack/solutions/security/packages/features/src/security/v1_features/kibana_features.ts
@@ -9,20 +9,9 @@ import { i18n } from '@kbn/i18n';
 import { KibanaFeatureScope } from '@kbn/features-plugin/common';
 
 import { DEFAULT_APP_CATEGORIES } from '@kbn/core-application-common';
-import {
-  EQL_RULE_TYPE_ID,
-  ESQL_RULE_TYPE_ID,
-  INDICATOR_RULE_TYPE_ID,
-  ML_RULE_TYPE_ID,
-  NEW_TERMS_RULE_TYPE_ID,
-  QUERY_RULE_TYPE_ID,
-  SAVED_QUERY_RULE_TYPE_ID,
-  THRESHOLD_RULE_TYPE_ID,
-} from '@kbn/securitysolution-rules';
 import {
   APP_ID,
   SERVER_APP_ID,
-  LEGACY_NOTIFICATIONS_ID,
   CLOUD_POSTURE_APP_ID,
   SECURITY_FEATURE_ID_V2,
   TIMELINE_FEATURE_ID,
@@ -31,23 +20,6 @@ import {
 import type { SecurityFeatureParams } from '../types';
 import type { BaseKibanaFeatureConfig } from '../../types';
 
-const SECURITY_RULE_TYPES = [
-  LEGACY_NOTIFICATIONS_ID,
-  ESQL_RULE_TYPE_ID,
-  EQL_RULE_TYPE_ID,
-  INDICATOR_RULE_TYPE_ID,
-  ML_RULE_TYPE_ID,
-  QUERY_RULE_TYPE_ID,
-  SAVED_QUERY_RULE_TYPE_ID,
-  THRESHOLD_RULE_TYPE_ID,
-  NEW_TERMS_RULE_TYPE_ID,
-];
-
-const alertingFeatures = SECURITY_RULE_TYPES.map((ruleTypeId) => ({
-  ruleTypeId,
-  consumers: [SERVER_APP_ID],
-}));
-
 export const getSecurityBaseKibanaFeature = ({
   savedObjects,
 }: SecurityFeatureParams): BaseKibanaFeatureConfig => ({
@@ -76,10 +48,6 @@ export const getSecurityBaseKibanaFeature = ({
   scope: [KibanaFeatureScope.Spaces, KibanaFeatureScope.Security],
   app: [APP_ID, CLOUD_POSTURE_APP_ID, 'kibana'],
   catalogue: [APP_ID],
-  management: {
-    insightsAndAlerting: ['triggersActions'],
-  },
-  alerting: alertingFeatures,
   description: i18n.translate(
     'securitySolutionPackages.features.featureRegistry.securityGroupDescription',
     {
@@ -123,17 +91,6 @@ export const getSecurityBaseKibanaFeature = ({
         all: ['alert', ...savedObjects],
         read: [],
       },
-      alerting: {
-        rule: {
-          all: alertingFeatures,
-        },
-        alert: {
-          all: alertingFeatures,
-        },
-      },
-      management: {
-        insightsAndAlerting: ['triggersActions'],
-      },
       ui: ['show', 'crud'],
     },
     read: {
@@ -165,17 +122,6 @@ export const getSecurityBaseKibanaFeature = ({
         all: [],
         read: [...savedObjects],
       },
-      alerting: {
-        rule: {
-          read: alertingFeatures,
-        },
-        alert: {
-          all: alertingFeatures,
-        },
-      },
-      management: {
-        insightsAndAlerting: ['triggersActions'],
-      },
       ui: ['show'],
     },
   },
diff --git a/x-pack/solutions/security/packages/features/src/security/v2_features/kibana_features.ts b/x-pack/solutions/security/packages/features/src/security/v2_features/kibana_features.ts
index 9e7fd1cb73a14..c8039b174bfd8 100644
--- a/x-pack/solutions/security/packages/features/src/security/v2_features/kibana_features.ts
+++ b/x-pack/solutions/security/packages/features/src/security/v2_features/kibana_features.ts
@@ -9,43 +9,10 @@ import { i18n } from '@kbn/i18n';
 import { KibanaFeatureScope } from '@kbn/features-plugin/common';
 
 import { DEFAULT_APP_CATEGORIES } from '@kbn/core-application-common';
-import {
-  EQL_RULE_TYPE_ID,
-  ESQL_RULE_TYPE_ID,
-  INDICATOR_RULE_TYPE_ID,
-  ML_RULE_TYPE_ID,
-  NEW_TERMS_RULE_TYPE_ID,
-  QUERY_RULE_TYPE_ID,
-  SAVED_QUERY_RULE_TYPE_ID,
-  THRESHOLD_RULE_TYPE_ID,
-} from '@kbn/securitysolution-rules';
-import {
-  APP_ID,
-  SECURITY_FEATURE_ID_V2,
-  LEGACY_NOTIFICATIONS_ID,
-  CLOUD_POSTURE_APP_ID,
-  SERVER_APP_ID,
-} from '../../constants';
+import { APP_ID, SECURITY_FEATURE_ID_V2, CLOUD_POSTURE_APP_ID } from '../../constants';
 import type { SecurityFeatureParams } from '../types';
 import type { BaseKibanaFeatureConfig } from '../../types';
 
-const SECURITY_RULE_TYPES = [
-  LEGACY_NOTIFICATIONS_ID,
-  ESQL_RULE_TYPE_ID,
-  EQL_RULE_TYPE_ID,
-  INDICATOR_RULE_TYPE_ID,
-  ML_RULE_TYPE_ID,
-  QUERY_RULE_TYPE_ID,
-  SAVED_QUERY_RULE_TYPE_ID,
-  THRESHOLD_RULE_TYPE_ID,
-  NEW_TERMS_RULE_TYPE_ID,
-];
-
-const alertingFeatures = SECURITY_RULE_TYPES.map((ruleTypeId) => ({
-  ruleTypeId,
-  consumers: [SERVER_APP_ID],
-}));
-
 export const getSecurityV2BaseKibanaFeature = ({
   savedObjects,
 }: SecurityFeatureParams): BaseKibanaFeatureConfig => ({
@@ -61,10 +28,6 @@ export const getSecurityV2BaseKibanaFeature = ({
   scope: [KibanaFeatureScope.Spaces, KibanaFeatureScope.Security],
   app: [APP_ID, CLOUD_POSTURE_APP_ID, 'kibana'],
   catalogue: [APP_ID],
-  management: {
-    insightsAndAlerting: ['triggersActions'],
-  },
-  alerting: alertingFeatures,
   description: i18n.translate(
     'securitySolutionPackages.features.featureRegistry.securityGroupDescription',
     {
@@ -76,40 +39,22 @@ export const getSecurityV2BaseKibanaFeature = ({
     all: {
       app: [APP_ID, CLOUD_POSTURE_APP_ID, 'kibana'],
       catalogue: [APP_ID],
-      api: [],
+      api: [APP_ID, 'rac'],
       savedObject: {
         all: ['alert', ...savedObjects],
         read: [],
       },
-      alerting: {
-        rule: { all: alertingFeatures },
-        alert: { all: alertingFeatures },
-      },
-      management: {
-        insightsAndAlerting: ['triggersActions'],
-      },
-      ui: [],
+      ui: ['show', 'crud'],
     },
     read: {
       app: [APP_ID, CLOUD_POSTURE_APP_ID, 'kibana'],
       catalogue: [APP_ID],
-      api: [],
+      api: [APP_ID, 'rac'],
       savedObject: {
         all: [],
         read: [...savedObjects],
       },
-      alerting: {
-        rule: {
-          read: alertingFeatures,
-        },
-        alert: {
-          all: alertingFeatures,
-        },
-      },
-      management: {
-        insightsAndAlerting: ['triggersActions'],
-      },
-      ui: [],
+      ui: ['show'],
     },
   },
 });
diff --git a/x-pack/solutions/security/plugins/security_solution/public/common/components/security_route_page_wrapper/index.test.tsx b/x-pack/solutions/security/plugins/security_solution/public/common/components/security_route_page_wrapper/index.test.tsx
index 8db6d69faf5ad..e33b8860c2f73 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/common/components/security_route_page_wrapper/index.test.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/common/components/security_route_page_wrapper/index.test.tsx
@@ -15,9 +15,13 @@ import { generateHistoryMock } from '../../utils/route/mocks';
 import type { LinkInfo } from '../../links';
 import { useLinkInfo } from '../../links';
 import { useUpsellingPage } from '../../hooks/use_upselling';
+import { SpyRoute } from '../../utils/route/spy_routes';
 
 jest.mock('../../links');
 jest.mock('../../hooks/use_upselling');
+jest.mock('../../utils/route/spy_routes', () => ({
+  SpyRoute: jest.fn(() => null),
+}));
 
 const defaultLinkInfo: LinkInfo = {
   id: SecurityPageName.exploreLanding,
@@ -147,4 +151,18 @@ describe('SecurityRoutePageWrapper', () => {
 
     expect(getByTestId(TEST_COMPONENT_SUBJ)).toBeInTheDocument();
   });
+  it('should not render SpyRoute when omitSpyRoute is set to true', () => {
+    (useLinkInfo as jest.Mock).mockReturnValue(defaultLinkInfo);
+    (useUpsellingPage as jest.Mock).mockReturnValue(undefined);
+
+    render(
+      <SecurityRoutePageWrapper pageName={SecurityPageName.exploreLanding} omitSpyRoute>
+        <TestComponent />
+      </SecurityRoutePageWrapper>,
+      { wrapper: Wrapper }
+    );
+
+    // SpyRoute was mocked, so if omitSpyRoute worked, it should not have been called
+    expect(SpyRoute).not.toHaveBeenCalled();
+  });
 });

From f04f3756b2065ea733fe8415a854f5ed7fccba25 Mon Sep 17 00:00:00 2001
From: Tomasz Ciecierski <tomasz.ciecierski@elastic.co>
Date: Fri, 4 Apr 2025 18:31:03 +0200
Subject: [PATCH 14/23] fix snapshots

---
 .../platform_security/authorization.ts        | 24 +++++++++----------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/x-pack/test_serverless/api_integration/test_suites/security/platform_security/authorization.ts b/x-pack/test_serverless/api_integration/test_suites/security/platform_security/authorization.ts
index 6517313d27413..1c74ada89091d 100644
--- a/x-pack/test_serverless/api_integration/test_suites/security/platform_security/authorization.ts
+++ b/x-pack/test_serverless/api_integration/test_suites/security/platform_security/authorization.ts
@@ -220,12 +220,12 @@ export default function ({ getService }: FtrProviderContext) {
               ],
               "all": Array [
                 "login:",
-                "api:securitySolution-entity-analytics",
                 "api:securitySolution",
+                "api:rac",
+                "api:securitySolution-entity-analytics",
                 "api:lists-all",
                 "api:lists-read",
                 "api:lists-summary",
-                "api:rac",
                 "api:cloud-security-posture-all",
                 "api:cloud-security-posture-read",
                 "api:cloud-defend-all",
@@ -471,9 +471,9 @@ export default function ({ getService }: FtrProviderContext) {
                 "saved_object:cloud/find",
                 "saved_object:cloud/open_point_in_time",
                 "saved_object:cloud/close_point_in_time",
-                "ui:siemV2/entity-analytics",
                 "ui:siemV2/show",
                 "ui:siemV2/crud",
+                "ui:siemV2/entity-analytics",
                 "ui:siemV2/detections",
                 "ui:siemV2/investigation-guide",
                 "ui:siemV2/investigation-guide-interactions",
@@ -1066,12 +1066,12 @@ export default function ({ getService }: FtrProviderContext) {
               ],
               "minimal_all": Array [
                 "login:",
-                "api:securitySolution-entity-analytics",
                 "api:securitySolution",
+                "api:rac",
+                "api:securitySolution-entity-analytics",
                 "api:lists-all",
                 "api:lists-read",
                 "api:lists-summary",
-                "api:rac",
                 "api:cloud-security-posture-all",
                 "api:cloud-security-posture-read",
                 "api:cloud-defend-all",
@@ -1315,9 +1315,9 @@ export default function ({ getService }: FtrProviderContext) {
                 "saved_object:cloud/find",
                 "saved_object:cloud/open_point_in_time",
                 "saved_object:cloud/close_point_in_time",
-                "ui:siemV2/entity-analytics",
                 "ui:siemV2/show",
                 "ui:siemV2/crud",
+                "ui:siemV2/entity-analytics",
                 "ui:siemV2/detections",
                 "ui:siemV2/investigation-guide",
                 "ui:siemV2/investigation-guide-interactions",
@@ -1774,10 +1774,10 @@ export default function ({ getService }: FtrProviderContext) {
               ],
               "minimal_read": Array [
                 "login:",
-                "api:securitySolution-entity-analytics",
                 "api:securitySolution",
-                "api:lists-read",
                 "api:rac",
+                "api:securitySolution-entity-analytics",
+                "api:lists-read",
                 "api:cloud-security-posture-read",
                 "api:cloud-defend-read",
                 "api:bulkGetUserProfiles",
@@ -1895,8 +1895,8 @@ export default function ({ getService }: FtrProviderContext) {
                 "saved_object:cloud/find",
                 "saved_object:cloud/open_point_in_time",
                 "saved_object:cloud/close_point_in_time",
-                "ui:siemV2/entity-analytics",
                 "ui:siemV2/show",
+                "ui:siemV2/entity-analytics",
                 "ui:siemV2/detections",
                 "ui:siemV2/investigation-guide",
                 "ui:siemV2/investigation-guide-interactions",
@@ -2142,10 +2142,10 @@ export default function ({ getService }: FtrProviderContext) {
               ],
               "read": Array [
                 "login:",
-                "api:securitySolution-entity-analytics",
                 "api:securitySolution",
-                "api:lists-read",
                 "api:rac",
+                "api:securitySolution-entity-analytics",
+                "api:lists-read",
                 "api:cloud-security-posture-read",
                 "api:cloud-defend-read",
                 "api:bulkGetUserProfiles",
@@ -2264,8 +2264,8 @@ export default function ({ getService }: FtrProviderContext) {
                 "saved_object:cloud/find",
                 "saved_object:cloud/open_point_in_time",
                 "saved_object:cloud/close_point_in_time",
-                "ui:siemV2/entity-analytics",
                 "ui:siemV2/show",
+                "ui:siemV2/entity-analytics",
                 "ui:siemV2/detections",
                 "ui:siemV2/investigation-guide",
                 "ui:siemV2/investigation-guide-interactions",

From bcc26326dcbb1393d2a12e91478d941e6353051c Mon Sep 17 00:00:00 2001
From: Tomasz Ciecierski <tomasz.ciecierski@elastic.co>
Date: Mon, 7 Apr 2025 12:47:37 +0200
Subject: [PATCH 15/23] move back lists api privileges to kibana features

---
 .../features/src/security/product_feature_config.ts    | 10 +---------
 .../src/security/v2_features/kibana_features.ts        |  4 ++--
 2 files changed, 3 insertions(+), 11 deletions(-)

diff --git a/x-pack/solutions/security/packages/features/src/security/product_feature_config.ts b/x-pack/solutions/security/packages/features/src/security/product_feature_config.ts
index ca6fd548ef4ed..e5c0a5ecf60cf 100644
--- a/x-pack/solutions/security/packages/features/src/security/product_feature_config.ts
+++ b/x-pack/solutions/security/packages/features/src/security/product_feature_config.ts
@@ -81,9 +81,6 @@ export const securityDefaultProductFeaturesConfig: DefaultSecurityProductFeature
       all: {
         ui: ['detections'],
         api: [
-          'lists-all',
-          'lists-read',
-          'lists-summary',
           'cloud-security-posture-all',
           'cloud-security-posture-read',
           'cloud-defend-all',
@@ -100,12 +97,7 @@ export const securityDefaultProductFeaturesConfig: DefaultSecurityProductFeature
       },
       read: {
         ui: ['detections'],
-        api: [
-          'lists-read',
-          'cloud-security-posture-read',
-          'cloud-defend-read',
-          'bulkGetUserProfiles',
-        ],
+        api: ['cloud-security-posture-read', 'cloud-defend-read', 'bulkGetUserProfiles'],
         alerting: {
           rule: {
             read: alertingFeatures,
diff --git a/x-pack/solutions/security/packages/features/src/security/v2_features/kibana_features.ts b/x-pack/solutions/security/packages/features/src/security/v2_features/kibana_features.ts
index c8039b174bfd8..3b4c4186b2c12 100644
--- a/x-pack/solutions/security/packages/features/src/security/v2_features/kibana_features.ts
+++ b/x-pack/solutions/security/packages/features/src/security/v2_features/kibana_features.ts
@@ -39,7 +39,7 @@ export const getSecurityV2BaseKibanaFeature = ({
     all: {
       app: [APP_ID, CLOUD_POSTURE_APP_ID, 'kibana'],
       catalogue: [APP_ID],
-      api: [APP_ID, 'rac'],
+      api: [APP_ID, 'rac', 'lists-all', 'lists-read', 'lists-summary'],
       savedObject: {
         all: ['alert', ...savedObjects],
         read: [],
@@ -49,7 +49,7 @@ export const getSecurityV2BaseKibanaFeature = ({
     read: {
       app: [APP_ID, CLOUD_POSTURE_APP_ID, 'kibana'],
       catalogue: [APP_ID],
-      api: [APP_ID, 'rac'],
+      api: [APP_ID, 'rac', 'lists-read'],
       savedObject: {
         all: [],
         read: [...savedObjects],

From c40981a39a492245fab9e8d9e64286c72c11667e Mon Sep 17 00:00:00 2001
From: Tomasz Ciecierski <tomasz.ciecierski@elastic.co>
Date: Mon, 7 Apr 2025 14:28:54 +0200
Subject: [PATCH 16/23] initial e2e tests, reorder navigation items

---
 .../navigation/ai_soc/ai_soc_navigation.ts    | 161 ++----------------
 .../e2e/ai4dsoc/capabilities/access.cy.ts     |  31 ++++
 .../cypress/e2e/ai4dsoc/constants.ts          |  11 ++
 .../e2e/ai4dsoc/navigation/dummy_test.cy.ts   |  17 --
 .../e2e/ai4dsoc/navigation/navigation.cy.ts   |  41 +++++
 .../cypress/support/e2e.ts                    |   5 +
 .../cypress/support/index.d.ts                |   4 +
 .../cypress/urls/navigation.ts                |   1 +
 8 files changed, 106 insertions(+), 165 deletions(-)
 create mode 100644 x-pack/test/security_solution_cypress/cypress/e2e/ai4dsoc/capabilities/access.cy.ts
 create mode 100644 x-pack/test/security_solution_cypress/cypress/e2e/ai4dsoc/constants.ts
 delete mode 100644 x-pack/test/security_solution_cypress/cypress/e2e/ai4dsoc/navigation/dummy_test.cy.ts
 create mode 100644 x-pack/test/security_solution_cypress/cypress/e2e/ai4dsoc/navigation/navigation.cy.ts

diff --git a/x-pack/solutions/security/plugins/security_solution_serverless/public/navigation/ai_soc/ai_soc_navigation.ts b/x-pack/solutions/security/plugins/security_solution_serverless/public/navigation/ai_soc/ai_soc_navigation.ts
index 40e3b4a5da48b..d8e6bef3dfa85 100644
--- a/x-pack/solutions/security/plugins/security_solution_serverless/public/navigation/ai_soc/ai_soc_navigation.ts
+++ b/x-pack/solutions/security/plugins/security_solution_serverless/public/navigation/ai_soc/ai_soc_navigation.ts
@@ -39,15 +39,18 @@ export const createAiSocNavigationTree$ = (): Rx.Observable<NavigationTreeDefini
         isCollapsible: false,
         children: [
           {
-            id: 'discover:',
-            link: 'discover',
+            id: 'alert_summary',
+            link: securityLink(SecurityPageName.alertSummary),
+            spaceBefore: 's',
           },
+
           {
             id: 'attack_discovery',
             link: securityLink(SecurityPageName.attackDiscovery),
           },
           {
             id: 'cases',
+            spaceBefore: 'm',
             link: securityLink(SecurityPageName.case),
             children: [
               {
@@ -62,155 +65,12 @@ export const createAiSocNavigationTree$ = (): Rx.Observable<NavigationTreeDefini
               },
             ],
             renderAs: 'panelOpener',
+            spaceAfter: null,
           },
-          {
-            id: 'machine_learning-landing',
-            link: securityLink(SecurityPageName.mlLanding),
-            children: [
-              {
-                breadcrumbStatus: 'hidden',
-                children: [
-                  {
-                    id: 'ml:overview',
-                    link: 'ml:overview',
-                    title: i18nStrings.ml.overview,
-                  },
-                  {
-                    id: 'ml:notifications',
-                    link: 'ml:notifications',
-                    title: i18nStrings.ml.notifications,
-                  },
-                  {
-                    id: 'ml:memoryUsage',
-                    link: 'ml:memoryUsage',
-                    title: i18nStrings.ml.memoryUsage,
-                  },
-                ],
-              },
-              {
-                id: 'category-anomaly_detection',
-                title: i18nStrings.ml.anomalyDetection.title,
-                breadcrumbStatus: 'hidden',
-                children: [
-                  {
-                    id: 'ml:anomalyDetection',
-                    link: 'ml:anomalyDetection',
-                    title: i18nStrings.ml.anomalyDetection.jobs,
-                  },
-                  {
-                    id: 'ml:anomalyExplorer',
-                    link: 'ml:anomalyExplorer',
-                    title: i18nStrings.ml.anomalyDetection.anomalyExplorer,
-                  },
-                  {
-                    id: 'ml:singleMetricViewer',
-                    link: 'ml:singleMetricViewer',
-                    title: i18nStrings.ml.anomalyDetection.singleMetricViewer,
-                  },
-                  {
-                    id: 'ml:suppliedConfigurations',
-                    link: 'ml:suppliedConfigurations',
-                    title: i18nStrings.ml.anomalyDetection.suppliedConfigurations,
-                  },
-                  {
-                    id: 'ml:settings',
-                    link: 'ml:settings',
-                    title: i18nStrings.ml.anomalyDetection.settings,
-                  },
-                ],
-              },
-              {
-                id: 'category-data_frame analytics',
-                title: i18nStrings.ml.dataFrameAnalytics.title,
-                breadcrumbStatus: 'hidden',
-                children: [
-                  {
-                    id: 'ml:dataFrameAnalytics',
-                    link: 'ml:dataFrameAnalytics',
-                    title: i18nStrings.ml.dataFrameAnalytics.jobs,
-                  },
-                  {
-                    id: 'ml:resultExplorer',
-                    link: 'ml:resultExplorer',
-                    title: i18nStrings.ml.dataFrameAnalytics.resultExplorer,
-                  },
-                  {
-                    id: 'ml:analyticsMap',
-                    link: 'ml:analyticsMap',
-                    title: i18nStrings.ml.dataFrameAnalytics.analyticsMap,
-                  },
-                ],
-              },
-              {
-                id: 'category-model_management',
-                title: i18nStrings.ml.modelManagement.title,
-                breadcrumbStatus: 'hidden',
-                children: [
-                  {
-                    id: 'ml:nodesOverview',
-                    link: 'ml:nodesOverview',
-                    title: i18nStrings.ml.modelManagement.trainedModels,
-                  },
-                ],
-              },
-              {
-                id: 'category-data_visualizer',
-                title: i18nStrings.ml.dataVisualizer.title,
-                breadcrumbStatus: 'hidden',
-                children: [
-                  {
-                    id: 'ml:fileUpload',
-                    link: 'ml:fileUpload',
-                    title: i18nStrings.ml.dataVisualizer.fileDataVisualizer,
-                  },
-                  {
-                    id: 'ml:indexDataVisualizer',
-                    link: 'ml:indexDataVisualizer',
-                    title: i18nStrings.ml.dataVisualizer.dataViewDataVisualizer,
-                  },
-                  {
-                    id: 'ml:esqlDataVisualizer',
-                    link: 'ml:esqlDataVisualizer',
-                    title: i18nStrings.ml.dataVisualizer.esqlDataVisualizer,
-                  },
-                  {
-                    id: 'ml:dataDrift',
-                    link: 'ml:dataDrift',
-                    title: i18nStrings.ml.dataVisualizer.dataDrift,
-                  },
-                ],
-              },
-              {
-                id: 'category-aiops_labs',
-                title: i18nStrings.ml.aiopsLabs.title,
-                breadcrumbStatus: 'hidden',
-                children: [
-                  {
-                    id: 'ml:logRateAnalysis',
-                    link: 'ml:logRateAnalysis',
-                    title: i18nStrings.ml.aiopsLabs.logRateAnalysis,
-                  },
-                  {
-                    id: 'ml:logPatternAnalysis',
-                    link: 'ml:logPatternAnalysis',
-                    title: i18nStrings.ml.aiopsLabs.logPatternAnalysis,
-                  },
-                  {
-                    id: 'ml:changePointDetections',
-                    link: 'ml:changePointDetections',
-                    title: i18nStrings.ml.aiopsLabs.changePointDetection,
-                  },
-                ],
-              },
-            ],
-            renderAs: 'panelOpener',
-          },
-          {
-            id: 'alert_summary',
-            link: securityLink(SecurityPageName.alertSummary),
-          },
+
           {
             id: 'configurations',
+            spaceBefore: null,
             link: securityLink(SecurityPageName.configurations),
             renderAs: 'panelOpener',
             children: [
@@ -225,6 +85,11 @@ export const createAiSocNavigationTree$ = (): Rx.Observable<NavigationTreeDefini
               },
             ],
           },
+          {
+            id: 'discover:',
+            link: 'discover',
+            spaceBefore: 'm',
+          },
         ],
       },
     ],
diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/ai4dsoc/capabilities/access.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/ai4dsoc/capabilities/access.cy.ts
new file mode 100644
index 0000000000000..dcd2ba069ff0b
--- /dev/null
+++ b/x-pack/test/security_solution_cypress/cypress/e2e/ai4dsoc/capabilities/access.cy.ts
@@ -0,0 +1,31 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { login } from '../../../tasks/login';
+import { visit } from '../../../tasks/navigation';
+import { ALERTS_SUMMARY_PROMPT, GET_STARTED_PAGE } from '../constants';
+import { ALERT_SUMMARY_URL, ALERTS_URL, RULES_LANDING_URL } from '../../../urls/navigation';
+
+describe('Cababilities', { tags: '@serverless' }, () => {
+  beforeEach(() => {
+    login('admin');
+  });
+  describe('are set properly in order to visit pages', () => {
+    it('alerts_summary', () => {
+      visit(ALERT_SUMMARY_URL);
+      cy.get(ALERTS_SUMMARY_PROMPT).should('exist');
+    });
+    it('alerts - should get redirected', () => {
+      visit(ALERTS_URL);
+      cy.get(GET_STARTED_PAGE).should('exist');
+    });
+    it('rules - should get redirected', () => {
+      visit(RULES_LANDING_URL);
+      cy.get(GET_STARTED_PAGE).should('exist');
+    });
+  });
+});
diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/ai4dsoc/constants.ts b/x-pack/test/security_solution_cypress/cypress/e2e/ai4dsoc/constants.ts
new file mode 100644
index 0000000000000..1a270e381dbee
--- /dev/null
+++ b/x-pack/test/security_solution_cypress/cypress/e2e/ai4dsoc/constants.ts
@@ -0,0 +1,11 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export const ALERTS_SUMMARY_PROMPT = '[data-test-subj="alert-summary-landing-page-prompt"]';
+export const GET_STARTED_PAGE = '[data-test-subj="onboarding-hub-page"]';
+export const AI_SOC_NAVIGATION =
+  '[data-test-subj="nav-item nav-item-security_solution_ai_nav nav-item-id-security_solution_ai_nav"]';
diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/ai4dsoc/navigation/dummy_test.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/ai4dsoc/navigation/dummy_test.cy.ts
deleted file mode 100644
index 82a9f63026b57..0000000000000
--- a/x-pack/test/security_solution_cypress/cypress/e2e/ai4dsoc/navigation/dummy_test.cy.ts
+++ /dev/null
@@ -1,17 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { login } from '../../../tasks/login';
-import { visit } from '../../../tasks/navigation';
-import { GET_STARTED_URL } from '../../../urls/navigation';
-
-describe('Dummy Test ', { tags: '@serverless' }, () => {
-  beforeEach(() => {
-    login();
-    visit(GET_STARTED_URL);
-  });
-});
diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/ai4dsoc/navigation/navigation.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/ai4dsoc/navigation/navigation.cy.ts
new file mode 100644
index 0000000000000..ee21c38ba03ff
--- /dev/null
+++ b/x-pack/test/security_solution_cypress/cypress/e2e/ai4dsoc/navigation/navigation.cy.ts
@@ -0,0 +1,41 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { login } from '../../../tasks/login';
+import { visit } from '../../../tasks/navigation';
+import { GET_STARTED_URL } from '../../../urls/navigation';
+import { AI_SOC_NAVIGATION } from '../constants';
+
+const visibleLinks = ['discover', 'attack_discovery', 'case', 'alert_summary', 'configurations'];
+
+const notVisibleLinks = [
+  // 'machine_learning-landing', -- TODO comment out when ML is turned off
+  'alerts',
+  'rules',
+];
+
+describe('AI$DSOC Navigation', { tags: '@serverless' }, () => {
+  beforeEach(() => {
+    login('admin');
+    visit(GET_STARTED_URL);
+  });
+  describe('renders links correctly', () => {
+    it('should contain the specified links', () => {
+      cy.get(AI_SOC_NAVIGATION)
+        .should('exist')
+        .within(() => {
+          visibleLinks.map((link) => {
+            cy.getByTestSubjContains(`nav-item-id-${link}`).should('exist');
+          });
+
+          notVisibleLinks.map((link) => {
+            cy.getByTestSubjContains(`nav-item-id-${link}`).should('not.exist');
+          });
+        });
+    });
+  });
+});
diff --git a/x-pack/test/security_solution_cypress/cypress/support/e2e.ts b/x-pack/test/security_solution_cypress/cypress/support/e2e.ts
index b0961b77a2bba..b811afecd4746 100644
--- a/x-pack/test/security_solution_cypress/cypress/support/e2e.ts
+++ b/x-pack/test/security_solution_cypress/cypress/support/e2e.ts
@@ -37,3 +37,8 @@ registerCypressGrep();
 Cypress.on('uncaught:exception', () => {
   return false;
 });
+
+// finds elements that contain the given selector
+Cypress.Commands.add('getByTestSubjContains', (selector, ...args) =>
+  cy.get(`[data-test-subj*="${selector}"]`, ...args)
+);
diff --git a/x-pack/test/security_solution_cypress/cypress/support/index.d.ts b/x-pack/test/security_solution_cypress/cypress/support/index.d.ts
index 5473e3ac7132d..d57f040fcc4f1 100644
--- a/x-pack/test/security_solution_cypress/cypress/support/index.d.ts
+++ b/x-pack/test/security_solution_cypress/cypress/support/index.d.ts
@@ -24,6 +24,10 @@ declare namespace Cypress {
      * Reads current space id value. `undefined` is returned for default space.
      */
     currentSpace(): Chainable<string>;
+
+    getByTestSubjContains(
+      ...args: Parameters<Cypress.Chainable['get']>
+    ): Chainable<JQuery<HTMLElement>>;
   }
 }
 
diff --git a/x-pack/test/security_solution_cypress/cypress/urls/navigation.ts b/x-pack/test/security_solution_cypress/cypress/urls/navigation.ts
index a6b1900f94070..79cb498eb1374 100644
--- a/x-pack/test/security_solution_cypress/cypress/urls/navigation.ts
+++ b/x-pack/test/security_solution_cypress/cypress/urls/navigation.ts
@@ -65,6 +65,7 @@ export const MACHINE_LEARNING_LANDING_URL = '/app/security/ml';
 // Detection and Response
 export const DETECTION_AND_RESPONSE_URL = '/app/security/detection_response';
 export const ALERTS_URL = '/app/security/alerts';
+export const ALERT_SUMMARY_URL = '/app/security/alert_summary';
 export const EXCEPTIONS_URL = '/app/security/exceptions';
 export const CREATE_RULE_URL = '/app/security/rules/create';
 export const ENTITY_ANALYTICS_MANAGEMENT_URL = '/app/security/entity_analytics_management';

From 0c480202eba5a20ddc723691641c14e2acae6213 Mon Sep 17 00:00:00 2001
From: Tomasz Ciecierski <tomasz.ciecierski@elastic.co>
Date: Mon, 7 Apr 2025 18:12:08 +0200
Subject: [PATCH 17/23] fix

---
 .../side_navigation.test.tsx.snap             | 159 ++----------------
 .../cypress/support/commands.js               |   5 +
 .../cypress/support/e2e.ts                    |   5 -
 .../platform_security/authorization.ts        |   8 +-
 4 files changed, 20 insertions(+), 157 deletions(-)

diff --git a/x-pack/solutions/security/plugins/security_solution_serverless/public/navigation/__snapshots__/side_navigation.test.tsx.snap b/x-pack/solutions/security/plugins/security_solution_serverless/public/navigation/__snapshots__/side_navigation.test.tsx.snap
index 6bc20dbd86aff..9d00e2d990a9f 100644
--- a/x-pack/solutions/security/plugins/security_solution_serverless/public/navigation/__snapshots__/side_navigation.test.tsx.snap
+++ b/x-pack/solutions/security/plugins/security_solution_serverless/public/navigation/__snapshots__/side_navigation.test.tsx.snap
@@ -698,8 +698,9 @@ Object {
       "breadcrumbStatus": "hidden",
       "children": Array [
         Object {
-          "id": "discover:",
-          "link": "discover",
+          "id": "alert_summary",
+          "link": "securitySolutionUI:alert_summary",
+          "spaceBefore": "s",
         },
         Object {
           "id": "attack_discovery",
@@ -721,152 +722,8 @@ Object {
           "id": "cases",
           "link": "securitySolutionUI:cases",
           "renderAs": "panelOpener",
-        },
-        Object {
-          "children": Array [
-            Object {
-              "breadcrumbStatus": "hidden",
-              "children": Array [
-                Object {
-                  "id": "ml:overview",
-                  "link": "ml:overview",
-                  "title": "Overview",
-                },
-                Object {
-                  "id": "ml:notifications",
-                  "link": "ml:notifications",
-                  "title": "Notifications",
-                },
-                Object {
-                  "id": "ml:memoryUsage",
-                  "link": "ml:memoryUsage",
-                  "title": "Memory usage",
-                },
-              ],
-            },
-            Object {
-              "breadcrumbStatus": "hidden",
-              "children": Array [
-                Object {
-                  "id": "ml:anomalyDetection",
-                  "link": "ml:anomalyDetection",
-                  "title": "Jobs",
-                },
-                Object {
-                  "id": "ml:anomalyExplorer",
-                  "link": "ml:anomalyExplorer",
-                  "title": "Anomaly explorer",
-                },
-                Object {
-                  "id": "ml:singleMetricViewer",
-                  "link": "ml:singleMetricViewer",
-                  "title": "Single metric viewer",
-                },
-                Object {
-                  "id": "ml:suppliedConfigurations",
-                  "link": "ml:suppliedConfigurations",
-                  "title": "Supplied configurations",
-                },
-                Object {
-                  "id": "ml:settings",
-                  "link": "ml:settings",
-                  "title": "Settings",
-                },
-              ],
-              "id": "category-anomaly_detection",
-              "title": "Anomaly detection",
-            },
-            Object {
-              "breadcrumbStatus": "hidden",
-              "children": Array [
-                Object {
-                  "id": "ml:dataFrameAnalytics",
-                  "link": "ml:dataFrameAnalytics",
-                  "title": "Jobs",
-                },
-                Object {
-                  "id": "ml:resultExplorer",
-                  "link": "ml:resultExplorer",
-                  "title": "Result explorer",
-                },
-                Object {
-                  "id": "ml:analyticsMap",
-                  "link": "ml:analyticsMap",
-                  "title": "Analytics map",
-                },
-              ],
-              "id": "category-data_frame analytics",
-              "title": "Data frame analytics",
-            },
-            Object {
-              "breadcrumbStatus": "hidden",
-              "children": Array [
-                Object {
-                  "id": "ml:nodesOverview",
-                  "link": "ml:nodesOverview",
-                  "title": "Trained models",
-                },
-              ],
-              "id": "category-model_management",
-              "title": "Model management",
-            },
-            Object {
-              "breadcrumbStatus": "hidden",
-              "children": Array [
-                Object {
-                  "id": "ml:fileUpload",
-                  "link": "ml:fileUpload",
-                  "title": "File data visualizer",
-                },
-                Object {
-                  "id": "ml:indexDataVisualizer",
-                  "link": "ml:indexDataVisualizer",
-                  "title": "Data view data visualizer",
-                },
-                Object {
-                  "id": "ml:esqlDataVisualizer",
-                  "link": "ml:esqlDataVisualizer",
-                  "title": "ES|QL data visualizer",
-                },
-                Object {
-                  "id": "ml:dataDrift",
-                  "link": "ml:dataDrift",
-                  "title": "Data drift",
-                },
-              ],
-              "id": "category-data_visualizer",
-              "title": "Data visualizer",
-            },
-            Object {
-              "breadcrumbStatus": "hidden",
-              "children": Array [
-                Object {
-                  "id": "ml:logRateAnalysis",
-                  "link": "ml:logRateAnalysis",
-                  "title": "Log rate analysis",
-                },
-                Object {
-                  "id": "ml:logPatternAnalysis",
-                  "link": "ml:logPatternAnalysis",
-                  "title": "Log pattern analysis",
-                },
-                Object {
-                  "id": "ml:changePointDetections",
-                  "link": "ml:changePointDetections",
-                  "title": "Change point detection",
-                },
-              ],
-              "id": "category-aiops_labs",
-              "title": "Aiops labs",
-            },
-          ],
-          "id": "machine_learning-landing",
-          "link": "securitySolutionUI:machine_learning-landing",
-          "renderAs": "panelOpener",
-        },
-        Object {
-          "id": "alert_summary",
-          "link": "securitySolutionUI:alert_summary",
+          "spaceAfter": null,
+          "spaceBefore": "m",
         },
         Object {
           "children": Array [
@@ -883,6 +740,12 @@ Object {
           "id": "configurations",
           "link": "securitySolutionUI:configurations",
           "renderAs": "panelOpener",
+          "spaceBefore": null,
+        },
+        Object {
+          "id": "discover:",
+          "link": "discover",
+          "spaceBefore": "m",
         },
       ],
       "defaultIsCollapsed": false,
diff --git a/x-pack/test/security_solution_cypress/cypress/support/commands.js b/x-pack/test/security_solution_cypress/cypress/support/commands.js
index 413473f29e6d6..002f05b5b3dfa 100644
--- a/x-pack/test/security_solution_cypress/cypress/support/commands.js
+++ b/x-pack/test/security_solution_cypress/cypress/support/commands.js
@@ -89,3 +89,8 @@ Cypress.Commands.add('waitUntil', { prevSubject: 'optional' }, waitUntil);
 Cypress.Commands.add('setCurrentSpace', (spaceId) => cy.state('currentSpaceId', spaceId));
 // Reads non-default space id
 Cypress.Commands.add('currentSpace', () => cy.state('currentSpaceId'));
+
+// finds elements that contain the given selector
+Cypress.Commands.add('getByTestSubjContains', (selector, ...args) =>
+  cy.get(`[data-test-subj*="${selector}"]`, ...args)
+);
diff --git a/x-pack/test/security_solution_cypress/cypress/support/e2e.ts b/x-pack/test/security_solution_cypress/cypress/support/e2e.ts
index b811afecd4746..b0961b77a2bba 100644
--- a/x-pack/test/security_solution_cypress/cypress/support/e2e.ts
+++ b/x-pack/test/security_solution_cypress/cypress/support/e2e.ts
@@ -37,8 +37,3 @@ registerCypressGrep();
 Cypress.on('uncaught:exception', () => {
   return false;
 });
-
-// finds elements that contain the given selector
-Cypress.Commands.add('getByTestSubjContains', (selector, ...args) =>
-  cy.get(`[data-test-subj*="${selector}"]`, ...args)
-);
diff --git a/x-pack/test_serverless/api_integration/test_suites/security/platform_security/authorization.ts b/x-pack/test_serverless/api_integration/test_suites/security/platform_security/authorization.ts
index 1c74ada89091d..182871e2e9163 100644
--- a/x-pack/test_serverless/api_integration/test_suites/security/platform_security/authorization.ts
+++ b/x-pack/test_serverless/api_integration/test_suites/security/platform_security/authorization.ts
@@ -222,10 +222,10 @@ export default function ({ getService }: FtrProviderContext) {
                 "login:",
                 "api:securitySolution",
                 "api:rac",
-                "api:securitySolution-entity-analytics",
                 "api:lists-all",
                 "api:lists-read",
                 "api:lists-summary",
+                "api:securitySolution-entity-analytics",
                 "api:cloud-security-posture-all",
                 "api:cloud-security-posture-read",
                 "api:cloud-defend-all",
@@ -1068,10 +1068,10 @@ export default function ({ getService }: FtrProviderContext) {
                 "login:",
                 "api:securitySolution",
                 "api:rac",
-                "api:securitySolution-entity-analytics",
                 "api:lists-all",
                 "api:lists-read",
                 "api:lists-summary",
+                "api:securitySolution-entity-analytics",
                 "api:cloud-security-posture-all",
                 "api:cloud-security-posture-read",
                 "api:cloud-defend-all",
@@ -1776,8 +1776,8 @@ export default function ({ getService }: FtrProviderContext) {
                 "login:",
                 "api:securitySolution",
                 "api:rac",
-                "api:securitySolution-entity-analytics",
                 "api:lists-read",
+                "api:securitySolution-entity-analytics",
                 "api:cloud-security-posture-read",
                 "api:cloud-defend-read",
                 "api:bulkGetUserProfiles",
@@ -2144,8 +2144,8 @@ export default function ({ getService }: FtrProviderContext) {
                 "login:",
                 "api:securitySolution",
                 "api:rac",
-                "api:securitySolution-entity-analytics",
                 "api:lists-read",
+                "api:securitySolution-entity-analytics",
                 "api:cloud-security-posture-read",
                 "api:cloud-defend-read",
                 "api:bulkGetUserProfiles",

From cb5f3ff7f8268d96d5273a00767d33ad482a3bc4 Mon Sep 17 00:00:00 2001
From: Tomasz Ciecierski <tomasz.ciecierski@elastic.co>
Date: Tue, 8 Apr 2025 12:55:35 +0200
Subject: [PATCH 18/23] bring back alerting privileges

---
 .../src/security/product_feature_config.ts    | 50 +---------------
 .../security/v1_features/kibana_features.ts   | 54 ++++++++++++++++++
 .../security/v2_features/kibana_features.ts   | 57 ++++++++++++++++++-
 3 files changed, 111 insertions(+), 50 deletions(-)

diff --git a/x-pack/solutions/security/packages/features/src/security/product_feature_config.ts b/x-pack/solutions/security/packages/features/src/security/product_feature_config.ts
index e5c0a5ecf60cf..63d010ce7c274 100644
--- a/x-pack/solutions/security/packages/features/src/security/product_feature_config.ts
+++ b/x-pack/solutions/security/packages/features/src/security/product_feature_config.ts
@@ -5,36 +5,10 @@
  * 2.0.
  */
 
-import {
-  EQL_RULE_TYPE_ID,
-  ESQL_RULE_TYPE_ID,
-  INDICATOR_RULE_TYPE_ID,
-  ML_RULE_TYPE_ID,
-  NEW_TERMS_RULE_TYPE_ID,
-  QUERY_RULE_TYPE_ID,
-  SAVED_QUERY_RULE_TYPE_ID,
-  THRESHOLD_RULE_TYPE_ID,
-} from '@kbn/securitysolution-rules';
 import { ProductFeatureSecurityKey, SecuritySubFeatureId } from '../product_features_keys';
-import { APP_ID, LEGACY_NOTIFICATIONS_ID, SERVER_APP_ID } from '../constants';
+import { APP_ID } from '../constants';
 import type { DefaultSecurityProductFeaturesConfig } from './types';
 
-const SECURITY_RULE_TYPES = [
-  LEGACY_NOTIFICATIONS_ID,
-  ESQL_RULE_TYPE_ID,
-  EQL_RULE_TYPE_ID,
-  INDICATOR_RULE_TYPE_ID,
-  ML_RULE_TYPE_ID,
-  QUERY_RULE_TYPE_ID,
-  SAVED_QUERY_RULE_TYPE_ID,
-  THRESHOLD_RULE_TYPE_ID,
-  NEW_TERMS_RULE_TYPE_ID,
-];
-
-const alertingFeatures = SECURITY_RULE_TYPES.map((ruleTypeId) => ({
-  ruleTypeId,
-  consumers: [SERVER_APP_ID],
-}));
 /**
  * App features privileges configuration for the Security Solution Kibana Feature app.
  * These are the configs that are shared between both offering types (ess and serverless).
@@ -73,10 +47,6 @@ export const securityDefaultProductFeaturesConfig: DefaultSecurityProductFeature
     },
   },
   [ProductFeatureSecurityKey.detections]: {
-    management: {
-      insightsAndAlerting: ['triggersActions'],
-    },
-    alerting: alertingFeatures,
     privileges: {
       all: {
         ui: ['detections'],
@@ -87,28 +57,10 @@ export const securityDefaultProductFeaturesConfig: DefaultSecurityProductFeature
           'cloud-defend-read',
           'bulkGetUserProfiles',
         ],
-        alerting: {
-          rule: { all: alertingFeatures },
-          alert: { all: alertingFeatures },
-        },
-        management: {
-          insightsAndAlerting: ['triggersActions'],
-        },
       },
       read: {
         ui: ['detections'],
         api: ['cloud-security-posture-read', 'cloud-defend-read', 'bulkGetUserProfiles'],
-        alerting: {
-          rule: {
-            read: alertingFeatures,
-          },
-          alert: {
-            all: alertingFeatures,
-          },
-        },
-        management: {
-          insightsAndAlerting: ['triggersActions'],
-        },
       },
     },
   },
diff --git a/x-pack/solutions/security/packages/features/src/security/v1_features/kibana_features.ts b/x-pack/solutions/security/packages/features/src/security/v1_features/kibana_features.ts
index c7314c32a729b..f4cbe0bdf1b4f 100644
--- a/x-pack/solutions/security/packages/features/src/security/v1_features/kibana_features.ts
+++ b/x-pack/solutions/security/packages/features/src/security/v1_features/kibana_features.ts
@@ -9,9 +9,20 @@ import { i18n } from '@kbn/i18n';
 import { KibanaFeatureScope } from '@kbn/features-plugin/common';
 
 import { DEFAULT_APP_CATEGORIES } from '@kbn/core-application-common';
+import {
+  EQL_RULE_TYPE_ID,
+  ESQL_RULE_TYPE_ID,
+  INDICATOR_RULE_TYPE_ID,
+  ML_RULE_TYPE_ID,
+  NEW_TERMS_RULE_TYPE_ID,
+  QUERY_RULE_TYPE_ID,
+  SAVED_QUERY_RULE_TYPE_ID,
+  THRESHOLD_RULE_TYPE_ID,
+} from '@kbn/securitysolution-rules';
 import {
   APP_ID,
   SERVER_APP_ID,
+  LEGACY_NOTIFICATIONS_ID,
   CLOUD_POSTURE_APP_ID,
   SECURITY_FEATURE_ID_V2,
   TIMELINE_FEATURE_ID,
@@ -20,6 +31,23 @@ import {
 import type { SecurityFeatureParams } from '../types';
 import type { BaseKibanaFeatureConfig } from '../../types';
 
+const SECURITY_RULE_TYPES = [
+  LEGACY_NOTIFICATIONS_ID,
+  ESQL_RULE_TYPE_ID,
+  EQL_RULE_TYPE_ID,
+  INDICATOR_RULE_TYPE_ID,
+  ML_RULE_TYPE_ID,
+  QUERY_RULE_TYPE_ID,
+  SAVED_QUERY_RULE_TYPE_ID,
+  THRESHOLD_RULE_TYPE_ID,
+  NEW_TERMS_RULE_TYPE_ID,
+];
+
+const alertingFeatures = SECURITY_RULE_TYPES.map((ruleTypeId) => ({
+  ruleTypeId,
+  consumers: [SERVER_APP_ID],
+}));
+
 export const getSecurityBaseKibanaFeature = ({
   savedObjects,
 }: SecurityFeatureParams): BaseKibanaFeatureConfig => ({
@@ -48,6 +76,10 @@ export const getSecurityBaseKibanaFeature = ({
   scope: [KibanaFeatureScope.Spaces, KibanaFeatureScope.Security],
   app: [APP_ID, CLOUD_POSTURE_APP_ID, 'kibana'],
   catalogue: [APP_ID],
+  management: {
+    insightsAndAlerting: ['triggersActions'],
+  },
+  alerting: alertingFeatures,
   description: i18n.translate(
     'securitySolutionPackages.features.featureRegistry.securityGroupDescription',
     {
@@ -91,6 +123,17 @@ export const getSecurityBaseKibanaFeature = ({
         all: ['alert', ...savedObjects],
         read: [],
       },
+      alerting: {
+        rule: {
+          all: alertingFeatures,
+        },
+        alert: {
+          all: alertingFeatures,
+        },
+      },
+      management: {
+        insightsAndAlerting: ['triggersActions'],
+      },
       ui: ['show', 'crud'],
     },
     read: {
@@ -122,6 +165,17 @@ export const getSecurityBaseKibanaFeature = ({
         all: [],
         read: [...savedObjects],
       },
+      alerting: {
+        rule: {
+          read: alertingFeatures,
+        },
+        alert: {
+          all: alertingFeatures,
+        },
+      },
+      management: {
+        insightsAndAlerting: ['triggersActions'],
+      },
       ui: ['show'],
     },
   },
diff --git a/x-pack/solutions/security/packages/features/src/security/v2_features/kibana_features.ts b/x-pack/solutions/security/packages/features/src/security/v2_features/kibana_features.ts
index 3b4c4186b2c12..0bfc3f7e79920 100644
--- a/x-pack/solutions/security/packages/features/src/security/v2_features/kibana_features.ts
+++ b/x-pack/solutions/security/packages/features/src/security/v2_features/kibana_features.ts
@@ -9,10 +9,43 @@ import { i18n } from '@kbn/i18n';
 import { KibanaFeatureScope } from '@kbn/features-plugin/common';
 
 import { DEFAULT_APP_CATEGORIES } from '@kbn/core-application-common';
-import { APP_ID, SECURITY_FEATURE_ID_V2, CLOUD_POSTURE_APP_ID } from '../../constants';
+import {
+  EQL_RULE_TYPE_ID,
+  ESQL_RULE_TYPE_ID,
+  INDICATOR_RULE_TYPE_ID,
+  ML_RULE_TYPE_ID,
+  NEW_TERMS_RULE_TYPE_ID,
+  QUERY_RULE_TYPE_ID,
+  SAVED_QUERY_RULE_TYPE_ID,
+  THRESHOLD_RULE_TYPE_ID,
+} from '@kbn/securitysolution-rules';
+import {
+  APP_ID,
+  SECURITY_FEATURE_ID_V2,
+  LEGACY_NOTIFICATIONS_ID,
+  CLOUD_POSTURE_APP_ID,
+  SERVER_APP_ID,
+} from '../../constants';
 import type { SecurityFeatureParams } from '../types';
 import type { BaseKibanaFeatureConfig } from '../../types';
 
+const SECURITY_RULE_TYPES = [
+  LEGACY_NOTIFICATIONS_ID,
+  ESQL_RULE_TYPE_ID,
+  EQL_RULE_TYPE_ID,
+  INDICATOR_RULE_TYPE_ID,
+  ML_RULE_TYPE_ID,
+  QUERY_RULE_TYPE_ID,
+  SAVED_QUERY_RULE_TYPE_ID,
+  THRESHOLD_RULE_TYPE_ID,
+  NEW_TERMS_RULE_TYPE_ID,
+];
+
+const alertingFeatures = SECURITY_RULE_TYPES.map((ruleTypeId) => ({
+  ruleTypeId,
+  consumers: [SERVER_APP_ID],
+}));
+
 export const getSecurityV2BaseKibanaFeature = ({
   savedObjects,
 }: SecurityFeatureParams): BaseKibanaFeatureConfig => ({
@@ -28,6 +61,10 @@ export const getSecurityV2BaseKibanaFeature = ({
   scope: [KibanaFeatureScope.Spaces, KibanaFeatureScope.Security],
   app: [APP_ID, CLOUD_POSTURE_APP_ID, 'kibana'],
   catalogue: [APP_ID],
+  management: {
+    insightsAndAlerting: ['triggersActions'],
+  },
+  alerting: alertingFeatures,
   description: i18n.translate(
     'securitySolutionPackages.features.featureRegistry.securityGroupDescription',
     {
@@ -44,6 +81,13 @@ export const getSecurityV2BaseKibanaFeature = ({
         all: ['alert', ...savedObjects],
         read: [],
       },
+      alerting: {
+        rule: { all: alertingFeatures },
+        alert: { all: alertingFeatures },
+      },
+      management: {
+        insightsAndAlerting: ['triggersActions'],
+      },
       ui: ['show', 'crud'],
     },
     read: {
@@ -54,6 +98,17 @@ export const getSecurityV2BaseKibanaFeature = ({
         all: [],
         read: [...savedObjects],
       },
+      alerting: {
+        rule: {
+          read: alertingFeatures,
+        },
+        alert: {
+          all: alertingFeatures,
+        },
+      },
+      management: {
+        insightsAndAlerting: ['triggersActions'],
+      },
       ui: ['show'],
     },
   },

From 24fe4832c7aeee7d544f2f089887839e810a097c Mon Sep 17 00:00:00 2001
From: Tomasz Ciecierski <tomasz.ciecierski@elastic.co>
Date: Tue, 8 Apr 2025 17:57:01 +0200
Subject: [PATCH 19/23] revert order change

---
 .../plugins/security_solution/public/detections/links.ts    | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/x-pack/solutions/security/plugins/security_solution/public/detections/links.ts b/x-pack/solutions/security/plugins/security_solution/public/detections/links.ts
index 6ab7612ea87bd..1e00e863f3db1 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/detections/links.ts
+++ b/x-pack/solutions/security/plugins/security_solution/public/detections/links.ts
@@ -29,9 +29,6 @@ export const alertsLink: LinkItem = {
 };
 
 export const alertSummaryLink: LinkItem = {
-  id: SecurityPageName.alertSummary,
-  path: ALERT_SUMMARY_PATH,
-  title: ALERT_SUMMARY,
   capabilities: [[`${SECURITY_FEATURE_ID}.show`, `${SECURITY_FEATURE_ID}.external_detections`]],
   globalNavPosition: 3,
   globalSearchKeywords: [
@@ -40,4 +37,7 @@ export const alertSummaryLink: LinkItem = {
     }),
   ],
   hideTimeline: true,
+  id: SecurityPageName.alertSummary,
+  path: ALERT_SUMMARY_PATH,
+  title: ALERT_SUMMARY,
 };

From cea21178b0a9d049dcbc656a570d5df703de294b Mon Sep 17 00:00:00 2001
From: Tomasz Ciecierski <tomasz.ciecierski@elastic.co>
Date: Tue, 8 Apr 2025 20:57:04 +0200
Subject: [PATCH 20/23] fix snapshot

---
 .../navigation/__snapshots__/side_navigation.test.tsx.snap       | 1 -
 1 file changed, 1 deletion(-)

diff --git a/x-pack/solutions/security/plugins/security_solution_serverless/public/navigation/__snapshots__/side_navigation.test.tsx.snap b/x-pack/solutions/security/plugins/security_solution_serverless/public/navigation/__snapshots__/side_navigation.test.tsx.snap
index 726ad942b5f30..4cb59b8e617bc 100644
--- a/x-pack/solutions/security/plugins/security_solution_serverless/public/navigation/__snapshots__/side_navigation.test.tsx.snap
+++ b/x-pack/solutions/security/plugins/security_solution_serverless/public/navigation/__snapshots__/side_navigation.test.tsx.snap
@@ -679,7 +679,6 @@ Object {
           "id": "cases",
           "link": "securitySolutionUI:cases",
           "renderAs": "panelOpener",
-          "spaceAfter": null,
           "spaceBefore": "m",
         },
         Object {

From e9c9770a1458de24755f2b911401519072cf6ec3 Mon Sep 17 00:00:00 2001
From: Tomasz Ciecierski <tomasz.ciecierski@elastic.co>
Date: Tue, 8 Apr 2025 21:24:36 +0200
Subject: [PATCH 21/23] test access with v1 and v2 roles

---
 .../e2e/ai4dsoc/capabilities/access.cy.ts     | 121 +++++++++++++++---
 1 file changed, 106 insertions(+), 15 deletions(-)

diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/ai4dsoc/capabilities/access.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/ai4dsoc/capabilities/access.cy.ts
index dcd2ba069ff0b..08938ba5761a5 100644
--- a/x-pack/test/security_solution_cypress/cypress/e2e/ai4dsoc/capabilities/access.cy.ts
+++ b/x-pack/test/security_solution_cypress/cypress/e2e/ai4dsoc/capabilities/access.cy.ts
@@ -10,22 +10,113 @@ import { visit } from '../../../tasks/navigation';
 import { ALERTS_SUMMARY_PROMPT, GET_STARTED_PAGE } from '../constants';
 import { ALERT_SUMMARY_URL, ALERTS_URL, RULES_LANDING_URL } from '../../../urls/navigation';
 
-describe('Cababilities', { tags: '@serverless' }, () => {
-  beforeEach(() => {
-    login('admin');
+const testPageAccess = () => {
+  it('should display the alerts summary prompt when visiting the Alerts Summary page', () => {
+    visit(ALERT_SUMMARY_URL);
+    cy.get(ALERTS_SUMMARY_PROMPT).should('exist');
   });
-  describe('are set properly in order to visit pages', () => {
-    it('alerts_summary', () => {
-      visit(ALERT_SUMMARY_URL);
-      cy.get(ALERTS_SUMMARY_PROMPT).should('exist');
-    });
-    it('alerts - should get redirected', () => {
-      visit(ALERTS_URL);
-      cy.get(GET_STARTED_PAGE).should('exist');
-    });
-    it('rules - should get redirected', () => {
-      visit(RULES_LANDING_URL);
-      cy.get(GET_STARTED_PAGE).should('exist');
+
+  it('should redirect to Get Started page when visiting the Alerts page', () => {
+    visit(ALERTS_URL);
+    cy.get(GET_STARTED_PAGE).should('exist');
+  });
+
+  it('should redirect to Get Started page when visiting the Rules page', () => {
+    visit(RULES_LANDING_URL);
+    cy.get(GET_STARTED_PAGE).should('exist');
+  });
+};
+
+describe('Capabilities', { tags: '@serverless' }, () => {
+  describe('Admin user capabilities', () => {
+    beforeEach(() => {
+      login('admin');
+    });
+
+    describe('Page access checks', () => {
+      testPageAccess();
+    });
+  });
+
+  describe('User with siem v1 role', () => {
+    const v1Role = {
+      elasticsearch: {
+        indices: [
+          {
+            names: ['*'],
+            privileges: ['all'],
+          },
+        ],
+      },
+      kibana: [
+        {
+          feature: {
+            siem: ['all'],
+            fleet: ['all'],
+          },
+          spaces: ['*'],
+        },
+      ],
+    };
+
+    before(() => {
+      cy.task('createServerlessCustomRole', {
+        v1Role,
+        roleName: 'siemv1',
+      });
+    });
+
+    beforeEach(() => {
+      login('siemv1');
+    });
+
+    after(() => {
+      cy.task('deleteServerlessCustomRole', 'siemv1');
+    });
+
+    describe('Page access checks', () => {
+      testPageAccess();
+    });
+  });
+
+  describe('User with siem v2 role', () => {
+    const v2Role = {
+      elasticsearch: {
+        indices: [
+          {
+            names: ['*'],
+            privileges: ['all'],
+          },
+        ],
+      },
+      kibana: [
+        {
+          feature: {
+            siemV2: ['all'],
+            fleet: ['all'],
+          },
+          spaces: ['*'],
+        },
+      ],
+    };
+
+    before(() => {
+      cy.task('createServerlessCustomRole', {
+        v2Role,
+        roleName: 'siemV2',
+      });
+    });
+
+    beforeEach(() => {
+      login('siemV2');
+    });
+
+    after(() => {
+      cy.task('deleteServerlessCustomRole', 'siemV2');
+    });
+
+    describe('Page access checks', () => {
+      testPageAccess();
     });
   });
 });

From 32d9466d8f6db93f650cb29d1bf45e0793292f2d Mon Sep 17 00:00:00 2001
From: Tomasz Ciecierski <tomasz.ciecierski@elastic.co>
Date: Tue, 8 Apr 2025 22:10:16 +0200
Subject: [PATCH 22/23] fix

---
 .../e2e/ai4dsoc/capabilities/access.cy.ts     | 28 +++++++------------
 1 file changed, 10 insertions(+), 18 deletions(-)

diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/ai4dsoc/capabilities/access.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/ai4dsoc/capabilities/access.cy.ts
index 08938ba5761a5..e7fe8eac926f8 100644
--- a/x-pack/test/security_solution_cypress/cypress/e2e/ai4dsoc/capabilities/access.cy.ts
+++ b/x-pack/test/security_solution_cypress/cypress/e2e/ai4dsoc/capabilities/access.cy.ts
@@ -11,17 +11,15 @@ import { ALERTS_SUMMARY_PROMPT, GET_STARTED_PAGE } from '../constants';
 import { ALERT_SUMMARY_URL, ALERTS_URL, RULES_LANDING_URL } from '../../../urls/navigation';
 
 const testPageAccess = () => {
-  it('should display the alerts summary prompt when visiting the Alerts Summary page', () => {
+  it('should show page or redirect depending on capabilities', () => {
     visit(ALERT_SUMMARY_URL);
     cy.get(ALERTS_SUMMARY_PROMPT).should('exist');
-  });
 
-  it('should redirect to Get Started page when visiting the Alerts page', () => {
+    // should redirect out from alerts to get started page
     visit(ALERTS_URL);
     cy.get(GET_STARTED_PAGE).should('exist');
-  });
 
-  it('should redirect to Get Started page when visiting the Rules page', () => {
+    // should redirect out from rules to get started page
     visit(RULES_LANDING_URL);
     cy.get(GET_STARTED_PAGE).should('exist');
   });
@@ -33,13 +31,11 @@ describe('Capabilities', { tags: '@serverless' }, () => {
       login('admin');
     });
 
-    describe('Page access checks', () => {
-      testPageAccess();
-    });
+    testPageAccess();
   });
 
   describe('User with siem v1 role', () => {
-    const v1Role = {
+    const roleDescriptor = {
       elasticsearch: {
         indices: [
           {
@@ -61,7 +57,7 @@ describe('Capabilities', { tags: '@serverless' }, () => {
 
     before(() => {
       cy.task('createServerlessCustomRole', {
-        v1Role,
+        roleDescriptor,
         roleName: 'siemv1',
       });
     });
@@ -74,13 +70,11 @@ describe('Capabilities', { tags: '@serverless' }, () => {
       cy.task('deleteServerlessCustomRole', 'siemv1');
     });
 
-    describe('Page access checks', () => {
-      testPageAccess();
-    });
+    testPageAccess();
   });
 
   describe('User with siem v2 role', () => {
-    const v2Role = {
+    const roleDescriptor = {
       elasticsearch: {
         indices: [
           {
@@ -102,7 +96,7 @@ describe('Capabilities', { tags: '@serverless' }, () => {
 
     before(() => {
       cy.task('createServerlessCustomRole', {
-        v2Role,
+        roleDescriptor,
         roleName: 'siemV2',
       });
     });
@@ -115,8 +109,6 @@ describe('Capabilities', { tags: '@serverless' }, () => {
       cy.task('deleteServerlessCustomRole', 'siemV2');
     });
 
-    describe('Page access checks', () => {
-      testPageAccess();
-    });
+    testPageAccess();
   });
 });

From 009754080f9563b820a81aa47f342a577f990b7f Mon Sep 17 00:00:00 2001
From: Tomasz Ciecierski <tomasz.ciecierski@elastic.co>
Date: Wed, 9 Apr 2025 08:56:00 +0200
Subject: [PATCH 23/23] Update
 x-pack/solutions/security/plugins/security_solution/public/common/components/security_route_page_wrapper/index.tsx

Co-authored-by: Ryland Herrick <ryalnd@gmail.com>
---
 .../common/components/security_route_page_wrapper/index.tsx     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/x-pack/solutions/security/plugins/security_solution/public/common/components/security_route_page_wrapper/index.tsx b/x-pack/solutions/security/plugins/security_solution/public/common/components/security_route_page_wrapper/index.tsx
index 10a9cc4ff2874..3f132a192351b 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/common/components/security_route_page_wrapper/index.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/common/components/security_route_page_wrapper/index.tsx
@@ -22,7 +22,7 @@ interface SecurityRoutePageWrapperProps {
    * Used primarily in the AI for SOC tier, to allow redirecting to the home page instead of showing the NoPrivileges page.
    */
   redirectIfUnauthorized?: boolean;
-  // Used to disable the SpyRoute for the page if page's children have their own specified.
+  // Used to disable the SpyRoute for the page, if e.g. the page's children have their own SpyRoute specified.
   omitSpyRoute?: boolean;
 }