[Security Solution][AI4DSOC] Remove code check that decides which alerts table and which flyout to show in Cases

[PhilippeOberti]

Description

Shortly before the RSA conference, we realized that the Cases page was showing the alerts table from the alerts page (under the Alerts tab), instead of the alerts table from the AI4DSOC alert summary page. Also in the main Activity tab, the flyout for the alert details was not the one for AI4DSOC. The proper implementation should be done at a high level, probably leveraging configurations.
Because of time constraints, it was decided to implement a check in the code, as follow:

const AIForSOC = capabilities[SECURITY_FEATURE_ID].configurations;
if (AIForSOC) {
  // show alerts summary table or flyout
} else {
  // show alerts page table or flyout
}

This should be revisited and cleaned up.

Acceptance Criteria

• there should not be any checks in the code at run time

[elasticmachine]

Pinging @elastic/security-threat-hunting-investigations (Team:Threat Hunting:Investigations)

[elasticmachine]

Pinging @elastic/security-solution (Team: SecuritySolution)

[elasticmachine]

Pinging @elastic/response-ops (Team:ResponseOps)

[elasticmachine]

Pinging @elastic/security-threat-hunting (Team:Threat Hunting)

[semd]

I don't understand why this code checks the configurations capability.

Wouldn't it make more sense to check the detections or external_detections capabilities?

const hasExternalDetections = capabilities[SECURITY_FEATURE_ID].external_detections;
if (hasExternalDetections) {
  // do ai4soc alert summary (external_detections) stuff
} else {
  // do regular alerts (regular detections) stuff
}

They are configured here:

kibana/x-pack/solutions/security/packages/features/src/security/product_feature_config.ts

Lines 37 to 66 in 6d69aad

	[ProductFeatureSecurityKey.externalDetections]: {
	privileges: {
	all: {
	ui: ['external_detections'],
	api: [],
	},
	read: {
	ui: ['external_detections'],
	api: [],
	},
	},
	},
	[ProductFeatureSecurityKey.detections]: {
	privileges: {
	all: {
	ui: ['detections'],
	api: [
	'cloud-security-posture-all',
	'cloud-security-posture-read',
	'cloud-defend-all',
	'cloud-defend-read',
	'bulkGetUserProfiles',
	],
	},
	read: {
	ui: ['detections'],
	api: ['cloud-security-posture-read', 'cloud-defend-read', 'bulkGetUserProfiles'],
	},
	},
	},

[PhilippeOberti]

external_detections

I guess I could make more sense yes. I was looking at how the @elastic/security-generative-ai team was doing the check for the Assistant flyout, and they were using configurations. I looked at the documentation and it seemed that it would work here. I did not see nor know about the external_detections capability...

@semd do you think I should change it now? To me this code is very temporary (hopefully). As soon as we have a separate plugin this shouldn't be needed anymore and should be removed.