[Security Solution][Detection Engine] removes feature flag for ES|QL suppression in 8.15 (#188296)

## Summary

- removes feature flag `alertSuppressionForEsqlRuleEnabled` for ES|QL
suppression in 8.15 for ESS

x-pack/plugins/security_solution/common/experimental_features.ts

@@ -159,11 +159,6 @@ export const allowedExperimentalValues = Object.freeze({
    */
   disableTimelineSaveTour: false,
 
-  /**
-   * Enables alerts suppression for ES|QL rules
-   */
-  alertSuppressionForEsqlRuleEnabled: false,
-
   /**
    * Enables the risk engine privileges route
    * and associated callout in the UI

x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/step_define_rule/use_experimental_feature_fields_transform.ts

@@ -8,7 +8,7 @@
 import { useCallback } from 'react';
 import type { DefineStepRule } from '../../../../detections/pages/detection_engine/rules/types';
 import { useIsExperimentalFeatureEnabled } from '../../../../common/hooks/use_experimental_features';
-import { isEsqlRule, isMlRule } from '../../../../../common/detection_engine/utils';
+import { isMlRule } from '../../../../../common/detection_engine/utils';
 
 /**
  * transforms  DefineStepRule fields according to experimental feature flags
@@ -19,15 +19,11 @@ export const useExperimentalFeatureFieldsTransform = <T extends Partial<DefineSt
   const isAlertSuppressionForMachineLearningRuleEnabled = useIsExperimentalFeatureEnabled(
     'alertSuppressionForMachineLearningRuleEnabled'
   );
-  const isAlertSuppressionForEsqlRuleEnabled = useIsExperimentalFeatureEnabled(
-    'alertSuppressionForEsqlRuleEnabled'
-  );
 
   const transformer = useCallback(
     (fields: T) => {
       const isSuppressionDisabled =
-        (isMlRule(fields.ruleType) && !isAlertSuppressionForMachineLearningRuleEnabled) ||
-        (isEsqlRule(fields.ruleType) && !isAlertSuppressionForEsqlRuleEnabled);
+        isMlRule(fields.ruleType) && !isAlertSuppressionForMachineLearningRuleEnabled;
 
       // reset any alert suppression values hidden behind feature flag
       if (isSuppressionDisabled) {
@@ -42,7 +38,7 @@ export const useExperimentalFeatureFieldsTransform = <T extends Partial<DefineSt
 
       return fields;
     },
-    [isAlertSuppressionForEsqlRuleEnabled, isAlertSuppressionForMachineLearningRuleEnabled]
+    [isAlertSuppressionForMachineLearningRuleEnabled]
   );
 
   return transformer;

x-pack/plugins/security_solution/public/detection_engine/rule_management/logic/use_alert_suppression.test.tsx

@@ -16,15 +16,15 @@ describe('useAlertSuppression', () => {
       .mockReturnValue(false);
   });
 
-  (['new_terms', 'threat_match', 'saved_query', 'query', 'threshold', 'eql'] as Type[]).forEach(
-    (ruleType) => {
-      it(`should return the isSuppressionEnabled true for ${ruleType} rule type that exists in SUPPRESSIBLE_ALERT_RULES`, () => {
-        const { result } = renderHook(() => useAlertSuppression(ruleType));
+  (
+    ['new_terms', 'threat_match', 'saved_query', 'query', 'threshold', 'eql', 'esql'] as Type[]
+  ).forEach((ruleType) => {
+    it(`should return the isSuppressionEnabled true for ${ruleType} rule type that exists in SUPPRESSIBLE_ALERT_RULES`, () => {
+      const { result } = renderHook(() => useAlertSuppression(ruleType));
 
-        expect(result.current.isSuppressionEnabled).toBe(true);
-      });
-    }
-  );
+      expect(result.current.isSuppressionEnabled).toBe(true);
+    });
+  });
 
   it('should return false if rule type is undefined', () => {
     const { result } = renderHook(() => useAlertSuppression(undefined));
@@ -54,21 +54,4 @@ describe('useAlertSuppression', () => {
       expect(result.current.isSuppressionEnabled).toBe(false);
     });
   });
-
-  describe('ES|QL rules', () => {
-    it('should return isSuppressionEnabled false if ES|QL Feature Flag is disabled', () => {
-      const { result } = renderHook(() => useAlertSuppression('esql'));
-
-      expect(result.current.isSuppressionEnabled).toBe(false);
-    });
-
-    it('should return isSuppressionEnabled true if ES|QL Feature Flag is enabled', () => {
-      jest
-        .spyOn(useIsExperimentalFeatureEnabledMock, 'useIsExperimentalFeatureEnabled')
-        .mockImplementation((flag) => flag === 'alertSuppressionForEsqlRuleEnabled');
-      const { result } = renderHook(() => useAlertSuppression('esql'));
-
-      expect(result.current.isSuppressionEnabled).toBe(true);
-    });
-  });
 });

x-pack/plugins/security_solution/public/detection_engine/rule_management/logic/use_alert_suppression.tsx

@@ -17,29 +17,18 @@ export const useAlertSuppression = (ruleType: Type | undefined): UseAlertSuppres
   const isAlertSuppressionForMachineLearningRuleEnabled = useIsExperimentalFeatureEnabled(
     'alertSuppressionForMachineLearningRuleEnabled'
   );
-  const isAlertSuppressionForEsqlRuleEnabled = useIsExperimentalFeatureEnabled(
-    'alertSuppressionForEsqlRuleEnabled'
-  );
 
   const isSuppressionEnabledForRuleType = useCallback(() => {
     if (!ruleType) {
       return false;
     }
-    // Remove this condition when the Feature Flag for enabling Suppression in the New terms rule is removed.
-    if (ruleType === 'esql') {
-      return isSuppressibleAlertRule(ruleType) && isAlertSuppressionForEsqlRuleEnabled;
-    }
 
     if (isMlRule(ruleType)) {
       return isSuppressibleAlertRule(ruleType) && isAlertSuppressionForMachineLearningRuleEnabled;
     }
 
     return isSuppressibleAlertRule(ruleType);
-  }, [
-    isAlertSuppressionForEsqlRuleEnabled,
-    isAlertSuppressionForMachineLearningRuleEnabled,
-    ruleType,
-  ]);
+  }, [isAlertSuppressionForMachineLearningRuleEnabled, ruleType]);
 
   return {
     isSuppressionEnabled: isSuppressionEnabledForRuleType(),

x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/esql/esql.ts

@@ -135,7 +135,6 @@ export const esqlExecutor = async ({
       const isAlertSuppressionActive = await getIsAlertSuppressionActive({
         alertSuppression: completeRule.ruleParams.alertSuppression,
         licensing,
-        isFeatureDisabled: !experimentalFeatures?.alertSuppressionForEsqlRuleEnabled,
       });
 
       const wrapHits = (events: Array<estypes.SearchHit<SignalSource>>) =>

x-pack/test/security_solution_api_integration/config/ess/config.base.ts

@@ -80,7 +80,6 @@ export function createTestConfig(options: CreateTestConfigOptions, testFiles?: s
           '--xpack.ruleRegistry.unsafe.legacyMultiTenancy.enabled=true',
           `--xpack.securitySolution.enableExperimental=${JSON.stringify([
             'previewTelemetryUrlEnabled',
-            'alertSuppressionForEsqlRuleEnabled',
             'riskScoringPersistence',
             'riskScoringRoutesEnabled',
             'bulkCustomHighlightedFieldsEnabled',

x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/configs/serverless.config.ts

@@ -20,7 +20,6 @@ export default createTestConfig({
     `--xpack.securitySolution.enableExperimental=${JSON.stringify([
       'bulkCustomHighlightedFieldsEnabled',
       'alertSuppressionForMachineLearningRuleEnabled',
-      'alertSuppressionForEsqlRuleEnabled',
     ])}`,
   ],
 });

x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/esql_suppression.ts

@@ -64,8 +64,7 @@ export default ({ getService }: FtrProviderContext) => {
   const getNonAggRuleQueryWithMetadata = (id: string) =>
     `from ecs_compliant metadata _id, _index, _version ${internalIdPipe(id)}`;
 
-  // skipped in MKI as it depends on feature flag alertSuppressionForEsqlRuleEnabled
-  describe('@ess @serverless @skipInServerlessMKI ES|QL rule type, alert suppression', () => {
+  describe('@ess @serverless ES|QL rule type, alert suppression', () => {
     before(async () => {
       await esArchiver.load('x-pack/test/functional/es_archives/security_solution/ecs_compliant');
     });

x-pack/test/security_solution_cypress/config.ts

@@ -45,7 +45,6 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) {
         '--xpack.alerting.rules.minimumScheduleInterval.value=1s',
         '--xpack.ruleRegistry.unsafe.legacyMultiTenancy.enabled=true',
         `--xpack.securitySolution.enableExperimental=${JSON.stringify([
-          'alertSuppressionForEsqlRuleEnabled',
           'bulkCustomHighlightedFieldsEnabled',
           'alertSuppressionForMachineLearningRuleEnabled',
           'manualRuleRunEnabled',

x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/common_flows_suppression_serverless_essentials.cy.ts

@@ -23,7 +23,7 @@ import { CREATE_RULE_URL } from '../../../../urls/navigation';
 describe(
   'Detection rules, Alert Suppression for Essentials tier',
   {
-    // skipped in MKI as it depends on feature flag alertSuppressionForEsqlRuleEnabled, alertSuppressionForMachineLearningRuleEnabled
+    // skipped in MKI as it depends on feature flag, alertSuppressionForMachineLearningRuleEnabled
     tags: ['@serverless', '@skipInServerlessMKI'],
     env: {
       ftrConfig: {
@@ -32,10 +32,8 @@ describe(
           { product_line: 'endpoint', product_tier: 'essentials' },
         ],
       },
-      // alertSuppressionForEsqlRuleEnabled feature flag is also enabled in a global config
       kbnServerArgs: [
         `--xpack.securitySolution.enableExperimental=${JSON.stringify([
-          'alertSuppressionForEsqlRuleEnabled',
           'alertSuppressionForMachineLearningRuleEnabled',
         ])}`,
       ],

x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/esql_rule.cy.ts

@@ -70,16 +70,7 @@ const workaroundForResizeObserver = () =>
 describe(
   'Detection ES|QL rules, creation',
   {
-    // skipped in MKI as it depends on feature flag alertSuppressionForEsqlRuleEnabled
-    // alertSuppressionForEsqlRuleEnabled feature flag is also enabled in a global config
-    tags: ['@ess', '@serverless', '@skipInServerlessMKI'],
-    env: {
-      kbnServerArgs: [
-        `--xpack.securitySolution.enableExperimental=${JSON.stringify([
-          'alertSuppressionForEsqlRuleEnabled',
-        ])}`,
-      ],
-    },
+    tags: ['@ess', '@serverless'],
   },
   () => {
     const rule = getEsqlRule();

x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_edit/esql_rule.cy.ts

@@ -52,19 +52,10 @@ const rule = getEsqlRule();
 const expectedValidEsqlQuery =
   'from auditbeat* | stats _count=count(event.category) by event.category';
 
-// skipped in MKI as it depends on feature flag alertSuppressionForEsqlRuleEnabled
-// alertSuppressionForEsqlRuleEnabled feature flag is also enabled in a global config
 describe(
   'Detection ES|QL rules, edit',
   {
-    tags: ['@ess', '@serverless', '@skipInServerlessMKI'],
-    env: {
-      kbnServerArgs: [
-        `--xpack.securitySolution.enableExperimental=${JSON.stringify([
-          'alertSuppressionForEsqlRuleEnabled',
-        ])}`,
-      ],
-    },
+    tags: ['@ess', '@serverless'],
   },
   () => {
     beforeEach(() => {

x-pack/test/security_solution_cypress/serverless_config.ts

@@ -35,7 +35,6 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) {
           { product_line: 'cloud', product_tier: 'complete' },
         ])}`,
         `--xpack.securitySolution.enableExperimental=${JSON.stringify([
-          'alertSuppressionForEsqlRuleEnabled',
           'bulkCustomHighlightedFieldsEnabled',
           'alertSuppressionForMachineLearningRuleEnabled',
           'manualRuleRunEnabled',