[8.x] [Security Solution][Siem migrations] Swap experimental flag for ESS (#208541) (#208782)

# Backport

This will backport the following commits from `main` to `8.x`:
- [[Security Solution][Siem migrations] Swap experimental flag for ESS
(#208541)](https://github.com/elastic/kibana/pull/208541)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Sergi
Massaneda","email":"sergi.massaneda@elastic.co"},"sourceCommit":{"committedDate":"2025-01-29T15:32:04Z","message":"[Security
Solution][Siem migrations] Swap experimental flag for ESS
(#208541)\n\n## Summary\r\n\r\nThis PR enables the SIEM migrations
experimental flag by default in\r\nESS/on-prem.\r\nWe keep the
experimental flag disabled in serverless
(using\r\n`config/serverless.security.yml`) since we don't want to
release it yet.\r\n\r\nCo-authored-by: Elastic Machine
<elasticmachine@users.noreply.github.com>","sha":"93f67462d25cf795dfad76ed4cf3d723dcc90e66","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:Threat
Hunting","backport:version","v8.18.0"],"title":"[Security Solution][Siem
migrations] Swap experimental flag for
ESS","number":208541,"url":"https://github.com/elastic/kibana/pull/208541","mergeCommit":{"message":"[Security
Solution][Siem migrations] Swap experimental flag for ESS
(#208541)\n\n## Summary\r\n\r\nThis PR enables the SIEM migrations
experimental flag by default in\r\nESS/on-prem.\r\nWe keep the
experimental flag disabled in serverless
(using\r\n`config/serverless.security.yml`) since we don't want to
release it yet.\r\n\r\nCo-authored-by: Elastic Machine
<elasticmachine@users.noreply.github.com>","sha":"93f67462d25cf795dfad76ed4cf3d723dcc90e66"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/208541","number":208541,"mergeCommit":{"message":"[Security
Solution][Siem migrations] Swap experimental flag for ESS
(#208541)\n\n## Summary\r\n\r\nThis PR enables the SIEM migrations
experimental flag by default in\r\nESS/on-prem.\r\nWe keep the
experimental flag disabled in serverless
(using\r\n`config/serverless.security.yml`) since we don't want to
release it yet.\r\n\r\nCo-authored-by: Elastic Machine
<elasticmachine@users.noreply.github.com>","sha":"93f67462d25cf795dfad76ed4cf3d723dcc90e66"}},{"branch":"8.x","label":"v8.18.0","branchLabelMappingKey":"^v8.18.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: Sergi Massaneda <sergi.massaneda@elastic.co>

config/serverless.security.yml

@@ -153,5 +153,7 @@ xpack.index_management.enableProjectLevelRetentionChecks: true
 
 # Experimental Security Solution features
 
-# This feature is disabled in Serverless until fully performance tested within a Serverless environment
-xpack.securitySolution.enableExperimental: ['entityStoreDisabled']
+# These features are disabled in Serverless until fully tested
+xpack.securitySolution.enableExperimental: 
+  - entityStoreDisabled
+  - siemMigrationsDisabled

x-pack/solutions/security/plugins/security_solution/common/experimental_features.ts

@@ -237,9 +237,9 @@ export const allowedExperimentalValues = Object.freeze({
   serviceEntityStoreEnabled: true,
 
   /**
-   * Enables the siem migrations feature
+   * Disables the siem migrations feature
    */
-  siemMigrationsEnabled: false,
+  siemMigrationsDisabled: false,
 
   /**
    * Enables the Defend Insights feature

x-pack/solutions/security/plugins/security_solution/public/onboarding/components/onboarding_context.tsx

@@ -72,6 +72,12 @@ const useFilteredConfig = (): OnboardingConfig => {
       if (item.experimentalFlagRequired && !experimentalFeatures[item.experimentalFlagRequired]) {
         return false;
       }
+      if (
+        item.disabledExperimentalFlagRequired &&
+        experimentalFeatures[item.disabledExperimentalFlagRequired]
+      ) {
+        return false;
+      }
       if (item.licenseTypeRequired && !license.isAtLeast(item.licenseTypeRequired)) {
         return false;
       }

x-pack/solutions/security/plugins/security_solution/public/onboarding/config.ts

@@ -28,6 +28,6 @@ export const onboardingConfig: TopicConfig[] = [
     }),
     body: siemMigrationsBodyConfig,
     licenseTypeRequired: 'enterprise',
-    experimentalFlagRequired: 'siemMigrationsEnabled',
+    disabledExperimentalFlagRequired: 'siemMigrationsDisabled',
   },
 ];

x-pack/solutions/security/plugins/security_solution/public/onboarding/types.ts

@@ -108,6 +108,10 @@ export interface OnboardingConfigAvailabilityProps {
    * The experimental features required to enable the item.
    */
   experimentalFlagRequired?: keyof ExperimentalFeatures;
+  /**
+   * The disabled experimental features required to enable the item.
+   */
+  disabledExperimentalFlagRequired?: keyof ExperimentalFeatures;
 }
 
 export interface OnboardingCardConfig<TMetadata extends {} = {}>

x-pack/solutions/security/plugins/security_solution/public/plugin.tsx

@@ -282,7 +282,7 @@ export class Plugin implements IPlugin<PluginSetup, PluginStart, SetupPlugins, S
       investigations: subPlugins.investigations.start(),
       machineLearning: subPlugins.machineLearning.start(),
       siemMigrations: subPlugins.siemMigrations.start(
-        this.experimentalFeatures.siemMigrationsEnabled
+        !this.experimentalFeatures.siemMigrationsDisabled
       ),
     };
   }

x-pack/solutions/security/plugins/security_solution/public/siem_migrations/links.ts

@@ -32,6 +32,6 @@ export const siemMigrationsLinks: LinkItem = {
       defaultMessage: 'SIEM Rule Migrations',
     }),
   ],
-  experimentalKey: 'siemMigrationsEnabled',
+  hideWhenExperimentalKey: 'siemMigrationsDisabled',
   isBeta: true,
 };

x-pack/solutions/security/plugins/security_solution/public/siem_migrations/rules/service/rule_migrations_service.ts

@@ -77,7 +77,9 @@ export class SiemRulesMigrationsService {
   }
 
   public isAvailable() {
-    return ExperimentalFeaturesService.get().siemMigrationsEnabled && licenseService.isEnterprise();
+    return (
+      !ExperimentalFeaturesService.get().siemMigrationsDisabled && licenseService.isEnterprise()
+    );
   }
 
   public startPolling() {

x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/routes.ts

@@ -15,7 +15,7 @@ export const registerSiemMigrationsRoutes = (
   config: ConfigType,
   logger: Logger
 ) => {
-  if (config.experimentalFeatures.siemMigrationsEnabled) {
+  if (!config.experimentalFeatures.siemMigrationsDisabled) {
     registerSiemRuleMigrationsRoutes(router, logger);
   }
 };

x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/siem_migrations_service.test.ts

@@ -42,10 +42,10 @@ describe('SiemMigrationsService', () => {
     jest.clearAllMocks();
   });
 
-  describe('with siemMigrationsEnabled flag', () => {
+  describe('with experimental flag enabled', () => {
     beforeEach(() => {
       siemMigrationsService = new SiemMigrationsService(
-        { experimentalFeatures: { siemMigrationsEnabled: true } } as ConfigType,
+        { experimentalFeatures: { siemMigrationsDisabled: false } } as ConfigType,
         logger,
         kibanaVersion
       );
@@ -90,10 +90,10 @@ describe('SiemMigrationsService', () => {
     });
   });
 
-  describe('without siemMigrationsEnabled flag', () => {
+  describe('without experimental flag disabled', () => {
     beforeEach(() => {
       siemMigrationsService = new SiemMigrationsService(
-        { experimentalFeatures: { siemMigrationsEnabled: false } } as ConfigType,
+        { experimentalFeatures: { siemMigrationsDisabled: true } } as ConfigType,
         logger,
         kibanaVersion
       );

x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/siem_migrations_service.ts

@@ -25,7 +25,7 @@ export class SiemMigrationsService {
   }
 
   setup(params: SiemMigrationsSetupParams) {
-    if (this.config.experimentalFeatures.siemMigrationsEnabled) {
+    if (!this.config.experimentalFeatures.siemMigrationsDisabled) {
       this.rules.setup({ ...params, pluginStop$: this.pluginStop$ });
     }
   }

x-pack/test/security_solution_api_integration/test_suites/siem_migrations/rules/trial_license_complete_tier/configs/ess.config.ts

@@ -13,13 +13,6 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) {
 
   return {
     ...functionalConfig.getAll(),
-    kbnTestServer: {
-      ...functionalConfig.get('kbnTestServer'),
-      serverArgs: [
-        ...functionalConfig.get('kbnTestServer.serverArgs'),
-        `--xpack.securitySolution.enableExperimental=${JSON.stringify(['siemMigrationsEnabled'])}`,
-      ],
-    },
     testFiles: [require.resolve('..')],
     junit: {
       reportName: 'SIEM Migrations Integration Tests - ESS Env - Trial License',

x-pack/test/security_solution_api_integration/test_suites/siem_migrations/rules/trial_license_complete_tier/configs/serverless.config.ts

@@ -9,7 +9,7 @@ import { createTestConfig } from '../../../../../config/serverless/config.base';
 
 export default createTestConfig({
   kbnTestServerArgs: [
-    `--xpack.securitySolution.enableExperimental=${JSON.stringify(['siemMigrationsEnabled'])}`,
+    `--xpack.securitySolution.enableExperimental=${JSON.stringify([])}`, // override to empty array so the flag is not disabled
     `--xpack.securitySolutionServerless.productTypes=${JSON.stringify([
       { product_line: 'security', product_tier: 'complete' },
       { product_line: 'endpoint', product_tier: 'complete' },