[8.7] [Security Solution] When adding an Exception and Source value on the Severity override option, are not offering suggestions (#150701) (#151099)

# Backport

This will backport the following commits from `main` to `8.7`:
- [[Security Solution] When adding an Exception and Source value on the
Severity override option, are not offering suggestions
(#150701)](https://github.com/elastic/kibana/pull/150701)

<!--- Backport version: 8.9.7 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Ievgen
Sorokopud","email":"ievgen.sorokopud@elastic.co"},"sourceCommit":{"committedDate":"2023-02-14T08:41:29Z","message":"[Security
Solution] When adding an Exception and Source value on the Severity
override option, are not offering suggestions (#150701)\n\n##
Summary\r\n\r\nThese changes fixes the issue with the broken field
source value\r\nauto-suggestion which was caused by
[this\r\nPR](https://github.com/elastic/kibana/pull/149149/files#diff-2b9142306df119b8c31e8a66c9b93b2a83f74239b1655919881165ac06398623R148).\r\n\r\nThe
problem is that the `stringifyIndices` variable is used to:\r\n1.
represent all indices down the road where we request suggestions
for\r\na field
in\r\n`src/plugins/unified_search/public/autocomplete/providers/value_suggestion_provider.ts`\r\n2.
be a parameter to check whether we should memoize the results
of\r\n`getIndexFields` and `getDataViewStateFromIndexFields`
methods\r\n\r\nBy modifying it to include the notion of whether we
should include\r\nunmapped information, solves the second point but
breaks the first one.\r\nThus, suggestion request stopped
working.\r\n\r\nThe fix is to revert changes to `stringifyIndices`
variable and add\r\nextra parameter to `getIndexFields`
and\r\n`getDataViewStateFromIndexFields` methods, so that we can take
into\r\naccount `includeUnmapped` flag during memoization.\r\n\r\nBug
ticket #150663\r\n\r\n---------\r\n\r\nCo-authored-by: Kibana Machine
<42973632+kibanamachine@users.noreply.github.com>","sha":"ace5c10c2c3ef8a594a637e59ae7f11169ce9b0c","branchLabelMapping":{"^v8.8.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:Detections
and Resp","Team: SecuritySolution","Team:Detection
Alerts","backport:prev-minor","v8.8.0"],"number":150701,"url":"https://github.com/elastic/kibana/pull/150701","mergeCommit":{"message":"[Security
Solution] When adding an Exception and Source value on the Severity
override option, are not offering suggestions (#150701)\n\n##
Summary\r\n\r\nThese changes fixes the issue with the broken field
source value\r\nauto-suggestion which was caused by
[this\r\nPR](https://github.com/elastic/kibana/pull/149149/files#diff-2b9142306df119b8c31e8a66c9b93b2a83f74239b1655919881165ac06398623R148).\r\n\r\nThe
problem is that the `stringifyIndices` variable is used to:\r\n1.
represent all indices down the road where we request suggestions
for\r\na field
in\r\n`src/plugins/unified_search/public/autocomplete/providers/value_suggestion_provider.ts`\r\n2.
be a parameter to check whether we should memoize the results
of\r\n`getIndexFields` and `getDataViewStateFromIndexFields`
methods\r\n\r\nBy modifying it to include the notion of whether we
should include\r\nunmapped information, solves the second point but
breaks the first one.\r\nThus, suggestion request stopped
working.\r\n\r\nThe fix is to revert changes to `stringifyIndices`
variable and add\r\nextra parameter to `getIndexFields`
and\r\n`getDataViewStateFromIndexFields` methods, so that we can take
into\r\naccount `includeUnmapped` flag during memoization.\r\n\r\nBug
ticket #150663\r\n\r\n---------\r\n\r\nCo-authored-by: Kibana Machine
<42973632+kibanamachine@users.noreply.github.com>","sha":"ace5c10c2c3ef8a594a637e59ae7f11169ce9b0c"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v8.8.0","labelRegex":"^v8.8.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/150701","number":150701,"mergeCommit":{"message":"[Security
Solution] When adding an Exception and Source value on the Severity
override option, are not offering suggestions (#150701)\n\n##
Summary\r\n\r\nThese changes fixes the issue with the broken field
source value\r\nauto-suggestion which was caused by
[this\r\nPR](https://github.com/elastic/kibana/pull/149149/files#diff-2b9142306df119b8c31e8a66c9b93b2a83f74239b1655919881165ac06398623R148).\r\n\r\nThe
problem is that the `stringifyIndices` variable is used to:\r\n1.
represent all indices down the road where we request suggestions
for\r\na field
in\r\n`src/plugins/unified_search/public/autocomplete/providers/value_suggestion_provider.ts`\r\n2.
be a parameter to check whether we should memoize the results
of\r\n`getIndexFields` and `getDataViewStateFromIndexFields`
methods\r\n\r\nBy modifying it to include the notion of whether we
should include\r\nunmapped information, solves the second point but
breaks the first one.\r\nThus, suggestion request stopped
working.\r\n\r\nThe fix is to revert changes to `stringifyIndices`
variable and add\r\nextra parameter to `getIndexFields`
and\r\n`getDataViewStateFromIndexFields` methods, so that we can take
into\r\naccount `includeUnmapped` flag during memoization.\r\n\r\nBug
ticket #150663\r\n\r\n---------\r\n\r\nCo-authored-by: Kibana Machine
<42973632+kibanamachine@users.noreply.github.com>","sha":"ace5c10c2c3ef8a594a637e59ae7f11169ce9b0c"}}]}]
BACKPORT-->

Co-authored-by: Ievgen Sorokopud <ievgen.sorokopud@elastic.co>

x-pack/plugins/security_solution/cypress/e2e/exceptions/add_edit_flyout/flyout_validation.cy.ts

@@ -74,7 +74,7 @@ describe('Exceptions flyout', () => {
     createExceptionList(getExceptionList(), getExceptionList().list_id).then((response) =>
       createCustomRule({
         ...getNewRule(),
-        dataSource: { index: ['exceptions-*'], type: 'indexPatterns' },
+        dataSource: { index: ['auditbeat-*', 'exceptions-*'], type: 'indexPatterns' },
         exceptionLists: [
           {
             id: response.body.id,
@@ -289,11 +289,28 @@ describe('Exceptions flyout', () => {
     openExceptionFlyoutFromEmptyViewerPrompt();
 
     cy.get(FIELD_INPUT).eq(0).click({ force: true });
+    cy.get(FIELD_INPUT).eq(0).type('unique');
     cy.get(EXCEPTION_FIELD_LIST).contains('unique_value.test');
 
     closeExceptionBuilderFlyout();
   });
 
+  it('Validates auto-suggested fields correctly', () => {
+    // open add exception modal
+    openExceptionFlyoutFromEmptyViewerPrompt();
+
+    // add exception item name
+    addExceptionFlyoutItemName('My item name');
+
+    // add an entry with a value and submit button should enable
+    addExceptionEntryFieldValue('agent.type', 0);
+    cy.get(VALUES_INPUT).eq(0).type(`{enter}`);
+    cy.get(VALUES_INPUT).eq(0).type(`{downarrow}{enter}`);
+    cy.get(CONFIRM_BTN).should('be.enabled');
+
+    closeExceptionBuilderFlyout();
+  });
+
   // TODO - Add back in error states into modal
   describe.skip('flyout errors', () => {
     beforeEach(() => {

x-pack/plugins/security_solution/public/common/containers/source/index.tsx

@@ -43,7 +43,7 @@ export const getAllFieldsByName = (
   keyBy('name', getAllBrowserFields(browserFields));
 
 export const getIndexFields = memoizeOne(
-  (title: string, fields: IndexField[]): DataViewBase =>
+  (title: string, fields: IndexField[], _includeUnmapped: boolean = false): DataViewBase =>
     fields && fields.length > 0
       ? {
           fields: fields.map((field) =>
@@ -63,7 +63,10 @@ export const getIndexFields = memoizeOne(
           title,
         }
       : { fields: [], title },
-  (newArgs, lastArgs) => newArgs[0] === lastArgs[0] && newArgs[1].length === lastArgs[1].length
+  (newArgs, lastArgs) =>
+    newArgs[0] === lastArgs[0] &&
+    newArgs[1].length === lastArgs[1].length &&
+    newArgs[2] === lastArgs[2]
 );
 
 /**
@@ -145,21 +148,24 @@ export const useFetchIndex = (
               if (isCompleteResponse(response)) {
                 Promise.resolve().then(() => {
                   ReactDOM.unstable_batchedUpdates(() => {
-                    const stringifyIndices = `${response.indicesExist
-                      .sort()
-                      .join()} (includeUnmapped: ${includeUnmapped})`;
+                    const stringifyIndices = response.indicesExist.sort().join();
 
                     previousIndexesName.current = response.indicesExist;
                     const { browserFields } = getDataViewStateFromIndexFields(
                       stringifyIndices,
-                      response.indexFields
+                      response.indexFields,
+                      includeUnmapped
                     );
                     setLoading(false);
                     setState({
                       browserFields,
                       indexes: response.indicesExist,
                       indexExists: response.indicesExist.length > 0,
-                      indexPatterns: getIndexFields(stringifyIndices, response.indexFields),
+                      indexPatterns: getIndexFields(
+                        stringifyIndices,
+                        response.indexFields,
+                        includeUnmapped
+                      ),
                     });
 
                     searchSubscription$.current.unsubscribe();

x-pack/plugins/security_solution/public/common/containers/source/use_data_view.tsx

@@ -50,7 +50,7 @@ interface DataViewInfo {
  * VERY mutatious on purpose to improve the performance of the transform.
  */
 export const getDataViewStateFromIndexFields = memoizeOne(
-  (_title: string, fields: IndexField[]): DataViewInfo => {
+  (_title: string, fields: IndexField[], _includeUnmapped: boolean = false): DataViewInfo => {
     // Adds two dangerous casts to allow for mutations within this function
     type DangerCastForMutation = Record<string, {}>;
 
@@ -78,7 +78,10 @@ export const getDataViewStateFromIndexFields = memoizeOne(
       }
     );
   },
-  (newArgs, lastArgs) => newArgs[0] === lastArgs[0] && newArgs[1].length === lastArgs[1].length
+  (newArgs, lastArgs) =>
+    newArgs[0] === lastArgs[0] &&
+    newArgs[1].length === lastArgs[1].length &&
+    newArgs[2] === lastArgs[2]
 );
 
 export const useDataView = (): {