[EDR Workflows] Enable UI for Automated Actions in more rule types (#193390)

x-pack/plugins/security_solution/common/detection_engine/utils.ts

@@ -94,13 +94,8 @@ export const isSuppressionRuleInGA = (ruleType: Type): boolean => {
   return isSuppressibleAlertRule(ruleType) && SUPPRESSIBLE_ALERT_RULES_GA.includes(ruleType);
 };
 
-export const shouldShowResponseActions = (
-  ruleType: Type | undefined,
-  automatedResponseActionsForMoreRulesEnabled: boolean
-) => {
+export const shouldShowResponseActions = (ruleType: Type | undefined) => {
   return (
-    isQueryRule(ruleType) ||
-    (automatedResponseActionsForMoreRulesEnabled &&
-      (isEsqlRule(ruleType) || isEqlRule(ruleType) || isNewTermsRule(ruleType)))
+    isQueryRule(ruleType) || isEsqlRule(ruleType) || isEqlRule(ruleType) || isNewTermsRule(ruleType)
   );
 };

x-pack/plugins/security_solution/common/experimental_features.ts

@@ -52,11 +52,6 @@ export const allowedExperimentalValues = Object.freeze({
    */
   automatedProcessActionsEnabled: true,
 
-  /**
-   * Temporary feature flag to enable the Response Actions in Rules UI - intermediate release
-   */
-  automatedResponseActionsForMoreRulesEnabled: false,
-
   /**
    * Enables the ability to send Response actions to SentinelOne and persist the results
    * in ES. Adds API changes to support `agentType` and supports `isolate` and `release`

x-pack/plugins/security_solution/public/detection_engine/rule_creation/components/step_rule_actions/index.tsx

@@ -16,7 +16,6 @@ import type {
 } from '@kbn/triggers-actions-ui-plugin/public';
 import { UseArray } from '@kbn/es-ui-shared-plugin/static/forms/hook_form_lib';
 import type { Type } from '@kbn/securitysolution-io-ts-alerting-types';
-import { useIsExperimentalFeatureEnabled } from '../../../../common/hooks/use_experimental_features';
 import { shouldShowResponseActions } from '../../../../../common/detection_engine/utils';
 import type { RuleObjectId } from '../../../../../common/api/detection_engine/model/rule_schema';
 import { ResponseActionsForm } from '../../../rule_response_actions/response_actions_form';
@@ -85,9 +84,7 @@ const StepRuleActionsComponent: FC<StepRuleActionsProps> = ({
   const {
     services: { application },
   } = useKibana();
-  const automatedResponseActionsForMoreRulesEnabled = useIsExperimentalFeatureEnabled(
-    'automatedResponseActionsForMoreRulesEnabled'
-  );
+
   const displayActionsOptions = useMemo(
     () => (
       <>
@@ -105,7 +102,7 @@ const StepRuleActionsComponent: FC<StepRuleActionsProps> = ({
     [actionMessageParams, summaryActionMessageParams]
   );
   const displayResponseActionsOptions = useMemo(() => {
-    if (shouldShowResponseActions(ruleType, automatedResponseActionsForMoreRulesEnabled)) {
+    if (shouldShowResponseActions(ruleType)) {
       return (
         <UseArray path="responseActions" initialNumberOfItems={0}>
           {ResponseActionsForm}
@@ -113,7 +110,7 @@ const StepRuleActionsComponent: FC<StepRuleActionsProps> = ({
       );
     }
     return null;
-  }, [ruleType, automatedResponseActionsForMoreRulesEnabled]);
+  }, [ruleType]);
   // only display the actions dropdown if the user has "read" privileges for actions
   const displayActionsDropDown = useMemo(() => {
     return application.capabilities.actions.show ? (

x-pack/plugins/security_solution/public/management/cypress/e2e/automated_response_actions/form.cy.ts

@@ -30,7 +30,6 @@ describe(
         kbnServerArgs: [
           `--xpack.securitySolution.enableExperimental=${JSON.stringify([
             'automatedProcessActionsEnabled',
-            'automatedResponseActionsForMoreRulesEnabled',
           ])}`,
         ],
       },

x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/utils/validate.ts

@@ -70,14 +70,7 @@ export const validateResponseActionsPermissions = async (
   ruleUpdate: RuleCreateProps | RuleUpdateProps,
   existingRule?: RuleAlertType | null
 ): Promise<void> => {
-  const { experimentalFeatures } = await securitySolution.getConfig();
-
-  if (
-    !shouldShowResponseActions(
-      ruleUpdate.type,
-      experimentalFeatures.automatedResponseActionsForMoreRulesEnabled
-    )
-  ) {
+  if (!shouldShowResponseActions(ruleUpdate.type)) {
     return;
   }