[Security Solution][Endpoint] Return exceptionable fields on suggestions api (#154062)

## Summary

- Return exceptionable event filters fields on suggestions api
- Adds new test case

x-pack/plugins/security_solution/server/endpoint/routes/suggestions/index.test.ts

@@ -41,6 +41,7 @@ import { getEndpointAuthzInitialStateMock } from '../../../../common/endpoint/se
 import { eventsIndexPattern, SUGGESTIONS_ROUTE } from '../../../../common/endpoint/constants';
 import { EndpointAppContextService } from '../../endpoint_app_context_services';
 import { parseExperimentalConfigValue } from '../../../../common/experimental_features';
+import { EXCEPTIONABLE_ENDPOINT_EVENT_FIELDS } from '../../../../common/endpoint/exceptions/exceptionable_endpoint_event_fields';
 
 jest.mock('@kbn/unified-search-plugin/server/autocomplete/terms_enum', () => {
   return {
@@ -92,6 +93,7 @@ describe('when calling the Suggestions route handler', () => {
         createRouteHandlerContext(mockScopedEsClient, mockSavedObjectClient)
       );
 
+      const fieldName = EXCEPTIONABLE_ENDPOINT_EVENT_FIELDS[0];
       const mockRequest = httpServerMock.createKibanaRequest<
         TypeOf<typeof EndpointSuggestionsSchema.params>,
         never,
@@ -99,7 +101,7 @@ describe('when calling the Suggestions route handler', () => {
       >({
         params: { suggestion_type: 'eventFilters' },
         body: {
-          field: 'test-field',
+          field: fieldName,
           query: 'test-query',
           filters: 'test-filters',
           fieldMeta: 'test-field-meta',
@@ -114,7 +116,7 @@ describe('when calling the Suggestions route handler', () => {
         expect.any(Object),
         expect.any(Object),
         eventsIndexPattern,
-        'test-field',
+        fieldName,
         'test-query',
         'test-filters',
         'test-field-meta',
@@ -147,6 +149,36 @@ describe('when calling the Suggestions route handler', () => {
         body: 'Invalid suggestion_type: any',
       });
     });
+
+    it('should respond with bad request if wrong field name', async () => {
+      applyActionsEsSearchMock(
+        mockScopedEsClient.asInternalUser,
+        new EndpointActionGenerator().toEsSearchResponse([])
+      );
+
+      const mockContext = requestContextMock.convertContext(
+        createRouteHandlerContext(mockScopedEsClient, mockSavedObjectClient)
+      );
+      const mockRequest = httpServerMock.createKibanaRequest<
+        TypeOf<typeof EndpointSuggestionsSchema.params>,
+        never,
+        never
+      >({
+        params: { suggestion_type: 'eventFilters' },
+        body: {
+          field: 'test-field',
+          query: 'test-query',
+          filters: 'test-filters',
+          fieldMeta: 'test-field-meta',
+        },
+      });
+
+      await suggestionsRouteHandler(mockContext, mockRequest, mockResponse);
+
+      expect(mockResponse.badRequest).toHaveBeenCalledWith({
+        body: 'Unsupported field name: test-field',
+      });
+    });
   });
   describe('without having right privileges', () => {
     beforeEach(() => {

x-pack/plugins/security_solution/server/endpoint/routes/suggestions/index.ts

@@ -12,6 +12,7 @@ import type { TypeOf } from '@kbn/config-schema';
 import { getRequestAbortedSignal } from '@kbn/data-plugin/server';
 import type { ConfigSchema } from '@kbn/unified-search-plugin/config';
 import { termsEnumSuggestions } from '@kbn/unified-search-plugin/server/autocomplete/terms_enum';
+import { EXCEPTIONABLE_ENDPOINT_EVENT_FIELDS } from '../../../../common/endpoint/exceptions/exceptionable_endpoint_event_fields';
 import {
   type EndpointSuggestionsBody,
   EndpointSuggestionsSchema,
@@ -62,6 +63,11 @@ export const getEndpointSuggestionsRequestHandler = (
     let index = '';
 
     if (request.params.suggestion_type === 'eventFilters') {
+      if (!EXCEPTIONABLE_ENDPOINT_EVENT_FIELDS.includes(fieldName)) {
+        return response.badRequest({
+          body: `Unsupported field name: ${fieldName}`,
+        });
+      }
       index = eventsIndexPattern;
     } else {
       return response.badRequest({