Enable Security Entity Analytics Privileged user monitoring feature (#224638)

# Overview

This pull request enables the Security Entity Analytics Privileged user
monitoring feature. This feature has many accompanying PRs, that have
until now been kept behind an experimental feature flag. The feature is
currently slated to ship as a Technical Preview.

Instead of removing the feature flag, we will be allowing for a
"disabled" version of the experimental flag, which allows this feature
to remain disabled in Serverless, until fully tested during the 9.1
release cycle. Disabling in Serverless is accomplished via setting the
configuration to disabled in the `config/serverless.security.yml` file.

---------

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>

config/serverless.security.yml

@@ -205,3 +205,9 @@ xpack.alerting.rules.run.ruleTypeOverrides:
     timeout: 5m
   - id: attack-discovery
     timeout: 10m
+
+# Experimental Security Solution features
+
+# These features are disabled in Serverless until fully tested
+xpack.securitySolution.enableExperimental:
+  - privilegedUserMonitoringDisabled

x-pack/solutions/security/plugins/security_solution/common/experimental_features.ts

@@ -227,7 +227,7 @@ export const allowedExperimentalValues = Object.freeze({
   /**
    * Enables Privilege Monitoring
    */
-  privilegeMonitoringEnabled: false,
+  privilegedUserMonitoringDisabled: false,
 
   /**
    * Disables the siem migrations feature

x-pack/solutions/security/plugins/security_solution/public/entity_analytics/links.ts

@@ -41,7 +41,7 @@ const privMonLinks: LinkItem = {
       defaultMessage: 'Privileged user monitoring',
     }),
   ],
-  experimentalKey: 'privilegeMonitoringEnabled',
+  hideWhenExperimentalKey: 'privilegedUserMonitoringDisabled',
   hideTimeline: false,
   skipUrlState: false,
   capabilities: [`${SECURITY_FEATURE_ID}.entity-analytics`],
@@ -86,7 +86,7 @@ export const entityAnalyticsLinks: LinkItem = {
   links: [eaOverviewLinks, privMonLinks],
   hideTimeline: true,
   skipUrlState: true,
-  experimentalKey: 'privilegeMonitoringEnabled',
+  hideWhenExperimentalKey: 'privilegedUserMonitoringDisabled',
   capabilities: [`${SECURITY_FEATURE_ID}.entity-analytics`],
   licenseType: 'platinum',
 };

x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/register_entity_analytics_routes.ts

@@ -22,7 +22,7 @@ export const registerEntityAnalyticsRoutes = (routeDeps: EntityAnalyticsRoutesDe
     registerEntityStoreRoutes(routeDeps);
   }
 
-  if (routeDeps.config.experimentalFeatures.privilegeMonitoringEnabled) {
+  if (!routeDeps.config.experimentalFeatures.privilegedUserMonitoringDisabled) {
     registerPrivilegeMonitoringRoutes(routeDeps);
   }
 };

x-pack/test/security_solution_api_integration/test_suites/entity_analytics/monitoring/trial_license_complete_tier/configs/ess.config.ts

@@ -15,12 +15,7 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) {
     ...functionalConfig.getAll(),
     kbnTestServer: {
       ...functionalConfig.get('kbnTestServer'),
-      serverArgs: [
-        ...functionalConfig.get('kbnTestServer.serverArgs'),
-        `--xpack.securitySolution.enableExperimental=${JSON.stringify([
-          'privilegeMonitoringEnabled',
-        ])}`,
-      ],
+      serverArgs: [...functionalConfig.get('kbnTestServer.serverArgs')],
     },
     testFiles: [require.resolve('..')],
     junit: {

x-pack/test/security_solution_api_integration/test_suites/entity_analytics/monitoring/trial_license_complete_tier/configs/serverless.config.ts

@@ -9,7 +9,6 @@ import { createTestConfig } from '../../../../../config/serverless/config.base';
 
 export default createTestConfig({
   kbnTestServerArgs: [
-    `--xpack.securitySolution.enableExperimental=${JSON.stringify(['privilegeMonitoringEnabled'])}`,
     `--xpack.securitySolutionServerless.productTypes=${JSON.stringify([
       { product_line: 'security', product_tier: 'complete' },
       { product_line: 'endpoint', product_tier: 'complete' },