Merge branch 'main' into eui-v87.1.x

.github/CODEOWNERS

@@ -1227,6 +1227,8 @@ x-pack/plugins/cloud_integrations/cloud_full_story/server/config.ts @elastic/kib
 /x-pack/plugins/security_solution/server/lib/sourcerer @elastic/security-detection-engine
 
 /x-pack/test/security_solution_cypress/cypress/e2e/data_sources @elastic/security-detection-engine
+/x-pack/test/security_solution_cypress/cypress/e2e/detection_alerts @elastic/security-detection-engine
+/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_actions @elastic/security-detection-engine
 /x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_creation @elastic/security-detection-engine
 /x-pack/test/security_solution_cypress/cypress/e2e/detection_response/value_lists @elastic/security-detection-engine
 /x-pack/test/security_solution_cypress/cypress/e2e/entity_analytics @elastic/security-detection-engine

x-pack/plugins/security_solution/common/experimental_features.ts

@@ -92,11 +92,11 @@ export const allowedExperimentalValues = Object.freeze({
   /**
    * Enables Protections/Detections Coverage Overview page (Epic link https://github.com/elastic/security-team/issues/2905)
    *
-   * This flag aims to facilitate the development process as the feature may not make it to 8.9 release.
+   * This flag aims to facilitate the development process as the feature may not make it to 8.10 release.
    *
    * The flag doesn't have to be documented and has to be removed after the feature is ready to release.
    */
-  detectionsCoverageOverview: false,
+  detectionsCoverageOverview: true,
 
   /**
    * Enable risk engine client and initialisation of datastream, component templates and mappings

x-pack/plugins/security_solution/server/lib/telemetry/filterlists/index.test.ts

@@ -255,5 +255,28 @@ describe('Security Telemetry filters', () => {
         'kubernetes.pod.ip': '10-245-0-5',
       });
     });
+
+    it('copies over threat indicator fields', () => {
+      const event = {
+        not_event: 'much data, much wow',
+        threat: {
+          feed: {
+            name: 'test_feed',
+            reference: 'test',
+            description: 'this is a test description',
+            dashboard_id: '69c33c01-f856-42c6-b23f-4a6e1c98fe82',
+          },
+        },
+      };
+      expect(copyAllowlistedFields(prebuiltRuleAllowlistFields, event)).toStrictEqual({
+        threat: {
+          feed: {
+            name: 'test_feed',
+            reference: 'test',
+            description: 'this is a test description',
+          },
+        },
+      });
+    });
   });
 });

x-pack/plugins/security_solution/server/lib/telemetry/filterlists/prebuilt_rules_alerts.ts

@@ -205,6 +205,52 @@ export const prebuiltRuleAllowlistFields: AllowlistFields = {
     name: true,
   },
   source: true,
+  threat: {
+    enrichments: {
+      indicator: {
+        confidence: true,
+        description: true,
+        email: {
+          address: true,
+        },
+        first_seen: true,
+        ip: true,
+        last_seen: true,
+        marking: {
+          tlp: true,
+          tlp_version: true,
+        },
+        modified_at: true,
+        name: true,
+        port: true,
+        provider: true,
+        reference: true,
+        scanner_stats: true,
+        sightings: true,
+        type: true,
+        matched: {
+          atomic: true,
+          field: true,
+          id: true,
+          index: true,
+          occurred: true,
+          type: true,
+        },
+      },
+    },
+    feed: {
+      description: true,
+      name: true,
+      reference: true,
+    },
+    framework: true,
+    group: {
+      alias: true,
+      id: true,
+      name: true,
+      reference: true,
+    },
+  },
   tls: {
     server: {
       hash: true,