[EDR Workflows][Serverless] Enable Endpoint exceptions move feature flag

[gergoabraham]

Summary

This PR enables the Security Solution feature flag endpointExceptionsMovedUnderManagement on Serverless.

Note

Dear reviewers, this PR is the cherry-pick of the PR you already reviewed for 9.4 ESS release:

• [EDR Workflows][‼️ v9.4 ‼️] Enable Endpoint exceptions move feature flag #260983

Original description

This PR enables the Security Solution feature flag endpointExceptionsMovedUnderManagement to:

• hide Endpoint exceptions from Detections and Shared exception list pages,
• instead, show Endpoint exceptions under Endpoint / Artifacts,
• add an opt-in mechanism to allow users to opt-in to per-policy usage for Endpoint exceptions,
• and add export/import functionality to all Endpoint artifacts

And in order to do this, it:

• adapts some of the tests,
• deletes some obsolete ones, including fixtures,
• removes Endpoint exception privilege condition for showing Shared exception list page (see this
  comment)
• enables API documentation (see this comment)

Checklist

Check the PR satisfies following conditions.

Reviewers should verify this PR satisfies this list as well.

• Documentation was added for features that require explanation or tutorials
• Unit or functional tests were updated or added to match the most common scenarios
• The PR description includes the appropriate Release Notes section, and the correct release_note:* label is applied per the guidelines

Release Notes

• Moves Endpoint exceptions from the Shared exception lists and Rules pages to the Endpoint Artifacts page, in order to separate them from Rule exceptions, and emphasize their connection to other Endpoint artifacts.
• Adds the possibility for users to opt-in to a per-policy usage for Endpoint exceptions, allowing them to assign Endpoint exceptions to Defend package policies, with the additional result of not evaluating Endpoint exceptions on rule execution anymore.
• Adds export/import functionality to all Endpoint artifacts, like Trusted applications, Trusted devices, Event filters, Blocklists, Host isolation exceptions.

(Note: this is the same as in #260983. If one is updated, update the other one as well.)

[elasticmachine]

⏳ Build in-progress, with failures

• Buildkite Build
• Commit: 056fd5a

Failed CI Steps

• Defend Workflows Cypress Tests #19
• Defend Workflows Cypress Tests #19
• Defend Workflows Cypress Tests #20
• Defend Workflows Cypress Tests #20
• Defend Workflows Cypress Tests on Serverless #3
• Defend Workflows Cypress Tests on Serverless #3

Test Failures

• [job] [logs] Defend Workflows Cypress Tests #19 / Automated Response Actions should have been called against a created host should have been called against a created host
• [job] [logs] Defend Workflows Cypress Tests on Serverless #3 / Automated Response Actions should have been called against a created host should have been called against a created host
• [job] [logs] Defend Workflows Cypress Tests #19 / Automated Response Actions should have been called against a created host should have been called against a created host
• [job] [logs] Defend Workflows Cypress Tests on Serverless #3 / Automated Response Actions should have been called against a created host should have been called against a created host
• [job] [logs] Defend Workflows Cypress Tests #20 / Automated Response Actions should not show the response when no action history privilege should not show the response when no action history privilege
• [job] [logs] Defend Workflows Cypress Tests #20 / Automated Response Actions should not show the response when no action history privilege should not show the response when no action history privilege

History

cc @gergoabraham

[elasticmachine]

Pinging @elastic/security-defend-workflows (Team:Defend Workflows)

[macroscopeapp]

Catch flakiness early (recommended)

Recommended before merge: run the flaky test runner against this PR to catch flakiness early.

Trigger a run with the Flaky Test Runner UI or post this comment on the PR:

/flaky ftrConfig:x-pack/solutions/security/test/security_solution_api_integration/test_suites/edr_workflows/artifacts/trial_license_complete_tier/configs/ess.config.ts:30 ftrConfig:x-pack/solutions/security/test/security_solution_api_integration/test_suites/edr_workflows/artifacts/trial_license_complete_tier/configs/serverless.config.ts:30 ftrConfig:x-pack/solutions/security/test/security_solution_cypress/cli_config.ts:30 ftrConfig:x-pack/solutions/security/test/security_solution_cypress/serverless_config.ts:30

This check is experimental. Share your feedback in the #appex-qa channel.

^{Posted via Macroscope — Flaky Test Runner nudge}

[PhilippeOberti]

Code review only, LGTM for the @elastic/security-threat-hunting-investigations team