[9.0] [Security Solution] Fix session view error from alerts tab (#214887) (#214892)

# Backport

This will backport the following commits from `main` to `9.0`:
- [[Security Solution] Fix session view error from alerts tab
(#214887)](https://github.com/elastic/kibana/pull/214887)

<!--- Backport version: 9.6.6 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT
[{"author":{"name":"christineweng","email":"18648970+christineweng@users.noreply.github.com"},"sourceCommit":{"committedDate":"2025-03-18T03:57:36Z","message":"[Security
Solution] Fix session view error from alerts tab (#214887)\n\n##
Summary\n\nRelated:
https://github.com/elastic/kibana/issues/130641\n\nWhen session view is
opened on non-alert pages, if alert index is not\npassed, an error shows
up when opening alert
flyout.\nhttps://github.com/elastic/kibana/pull/196422 addressed this by
passing\nan `alertsIndex` to the index name. However, it only addressed
the\nalerts from the canvas area, when clicking view alerts from the
alert\npanel, the error still occurs. This PR fixed that by passing
alerts\nindex in the panel as well.\n\nThe bug only applies to alerts
opened from alerts tab, and when\n`visualizationinFlyout` is enabled.
This video shows the alerts flyout\nis showing correctly with the
advanced setting on and
off.\n\n\nhttps://github.com/user-attachments/assets/8dca4568-4645-4718-9605-17baa0691ed0\n\n-
[x] The PR description includes the appropriate Release Notes
section,\nand the correct `release_note:*` label is applied per
the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)","sha":"48df091c719331b46f5d5373ce67547a43c132a1","branchLabelMapping":{"^v9.1.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:fix","v9.0.0","Team:Threat
Hunting:Investigations","backport:version","v8.18.0","v9.1.0"],"title":"[Security
Solution] Fix session view error from alerts
tab","number":214887,"url":"https://github.com/elastic/kibana/pull/214887","mergeCommit":{"message":"[Security
Solution] Fix session view error from alerts tab (#214887)\n\n##
Summary\n\nRelated:
https://github.com/elastic/kibana/issues/130641\n\nWhen session view is
opened on non-alert pages, if alert index is not\npassed, an error shows
up when opening alert
flyout.\nhttps://github.com/elastic/kibana/pull/196422 addressed this by
passing\nan `alertsIndex` to the index name. However, it only addressed
the\nalerts from the canvas area, when clicking view alerts from the
alert\npanel, the error still occurs. This PR fixed that by passing
alerts\nindex in the panel as well.\n\nThe bug only applies to alerts
opened from alerts tab, and when\n`visualizationinFlyout` is enabled.
This video shows the alerts flyout\nis showing correctly with the
advanced setting on and
off.\n\n\nhttps://github.com/user-attachments/assets/8dca4568-4645-4718-9605-17baa0691ed0\n\n-
[x] The PR description includes the appropriate Release Notes
section,\nand the correct `release_note:*` label is applied per
the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)","sha":"48df091c719331b46f5d5373ce67547a43c132a1"}},"sourceBranch":"main","suggestedTargetBranches":["9.0","8.18"],"targetPullRequestStates":[{"branch":"9.0","label":"v9.0.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.18","label":"v8.18.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/214887","number":214887,"mergeCommit":{"message":"[Security
Solution] Fix session view error from alerts tab (#214887)\n\n##
Summary\n\nRelated:
https://github.com/elastic/kibana/issues/130641\n\nWhen session view is
opened on non-alert pages, if alert index is not\npassed, an error shows
up when opening alert
flyout.\nhttps://github.com/elastic/kibana/pull/196422 addressed this by
passing\nan `alertsIndex` to the index name. However, it only addressed
the\nalerts from the canvas area, when clicking view alerts from the
alert\npanel, the error still occurs. This PR fixed that by passing
alerts\nindex in the panel as well.\n\nThe bug only applies to alerts
opened from alerts tab, and when\n`visualizationinFlyout` is enabled.
This video shows the alerts flyout\nis showing correctly with the
advanced setting on and
off.\n\n\nhttps://github.com/user-attachments/assets/8dca4568-4645-4718-9605-17baa0691ed0\n\n-
[x] The PR description includes the appropriate Release Notes
section,\nand the correct `release_note:*` label is applied per
the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)","sha":"48df091c719331b46f5d5373ce67547a43c132a1"}}]}]
BACKPORT-->

Co-authored-by: christineweng <18648970+christineweng@users.noreply.github.com>

x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/left/components/session_view.tsx

@@ -60,7 +60,7 @@ export const SessionView: FC = memo(() => {
   const isEnabled = sessionViewConfig && isEnterprisePlus;
 
   const { selectedPatterns } = useSourcererDataView(SourcererScopeName.detections);
-  const eventDetailsIndex = useMemo(() => selectedPatterns.join(','), [selectedPatterns]);
+  const alertsIndex = useMemo(() => selectedPatterns.join(','), [selectedPatterns]);
 
   const { openPreviewPanel, closePreviewPanel } = useExpandableFlyoutApi();
   const openAlertDetailsPreview = useCallback(
@@ -75,7 +75,7 @@ export const SessionView: FC = memo(() => {
           id: DocumentDetailsPreviewPanelKey,
           params: {
             id: evtId,
-            indexName: eventDetailsIndex,
+            indexName: alertsIndex,
             scopeId,
             banner: ALERT_PREVIEW_BANNER,
             isPreviewMode: true,
@@ -87,7 +87,7 @@ export const SessionView: FC = memo(() => {
         panel: 'preview',
       });
     },
-    [openPreviewPanel, eventDetailsIndex, scopeId, telemetry]
+    [openPreviewPanel, alertsIndex, scopeId, telemetry]
   );
 
   const openDetailsInPreview = useCallback(

x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/session_view/tabs/alerts_tab.tsx

@@ -18,7 +18,8 @@ import {
 } from '../../shared/constants/panel_keys';
 import { ALERT_PREVIEW_BANNER } from '../../preview/constants';
 import { useSessionViewPanelContext } from '../context';
-
+import { SourcererScopeName } from '../../../../sourcerer/store/model';
+import { useSourcererDataView } from '../../../../sourcerer/containers';
 /**
  * Tab displayed in the SessionView preview panel, shows alerts related to the session.
  */
@@ -33,6 +34,9 @@ export const AlertsTab = memo(() => {
     hasNextPage: hasNextPageAlerts,
   } = useFetchSessionViewAlerts(sessionEntityId, sessionStartTime, investigatedAlertId);
 
+  const { selectedPatterns } = useSourcererDataView(SourcererScopeName.detections);
+  const alertsIndex = useMemo(() => selectedPatterns.join(','), [selectedPatterns]);
+
   // this code mimics what is being done in the x-pack/plugins/session_view/public/components/session_view/index.tsx file
   const alerts = useMemo(() => {
     let events: ProcessEvent[] = [];
@@ -53,14 +57,14 @@ export const AlertsTab = memo(() => {
         id: DocumentDetailsPreviewPanelKey,
         params: {
           id: evtId,
-          indexName,
+          indexName: alertsIndex,
           scopeId,
           banner: ALERT_PREVIEW_BANNER,
           isPreviewMode: true,
         },
       });
     },
-    [openPreviewPanel, indexName, scopeId]
+    [openPreviewPanel, scopeId, alertsIndex]
   );
 
   // this code mimics what is being done in the x-pack/plugins/session_view/public/components/session_view/index.tsx file