[Security Solution][Attacks/Alerts][Navigation] detections top level link (elastic#232578) (elastic#242384)

## Summary

Epic: elastic#232342
Tickets:
* elastic#232578
* elastic#232581
* elastic#237175

These changes introduce a navigation for the new Alerts/Attacks
alignment work. Instead of having a root level "Alerts" navigation item
we add a new "Detections" item that will be a container for the all
alerts detections relevant pages.

This new "Detections" navigation item will allow users to navigate to
either the "Alerts" or the "Attacks" page.

### Key changes

**URL paths**:
* Alerts page: `/app/security/alerts`
* Attacks page: `/app/security/attacks`
* Links landing page: `/app/security/alert_detections`.

> [!NOTE]
> Since `detections` path has already been used in the past, we need to
keep reserved for the back compatibility. Also, for the same reason, I
did not change alerts page URL for the users to be able to use existing
alert details URLs and to avoid redirection logic.

**UPDATE**: Agreed that we gonna look into the possibility to reuse
`detections` in the URL path before removing the FF
elastic#242434

**Feature flag**:

Instead of using experimental feature flag configs, I switched to a
[FeatureFlag
service](https://github.com/elastic/kibana/blob/main/src/core/packages/feature-flags/README.mdx).
It is a core service and allows easy access to feature flags in various
parts of the kibana - including navigation, without us bringing extra
configs parsing/setup code into the plugins where we need to use it.

Right now, the experimental feature configs are not available in the
`security_solution_ess` plugin and we will need to setup experimental
feature flags there in order to be able to show/hide navigation changes.

Besides that, the FeatureFlag service allows dynamically evaluate FF -
somthing we can use later if needed.

### Global navigation

<img width="1830" height="1298" alt="Screenshot 2025-11-10 at 10 48 17"
src="https://github.com/user-attachments/assets/68b83eea-4ea9-44a5-9d98-2513fbdabf36"
/>

### v1 navigation

<img width="1830" height="1298" alt="Screenshot 2025-11-10 at 10 48 26"
src="https://github.com/user-attachments/assets/1ed488f2-3f66-47b3-8b62-bc96252173e0"
/>

### v2 navigation

<img width="1830" height="1298" alt="Screenshot 2025-11-10 at 10 48 43"
src="https://github.com/user-attachments/assets/6ffbfd24-4de3-437b-8685-d1fa12adc125"
/>

### Links landing page

<img width="1830" height="1298" alt="Screenshot 2025-11-10 at 10 48 22"
src="https://github.com/user-attachments/assets/07af9289-5aa0-4522-81f6-14382c084bb0"
/>

### Empty "Attacks" page

<img width="1830" height="1298" alt="Screenshot 2025-11-10 at 10 48 10"
src="https://github.com/user-attachments/assets/25f3a14c-1e43-4c95-9540-067ca2afe116"
/>

## Feature Flag

> [!NOTE]
> The feature is hidden behind the feature flag (in `kibana.dev.yml`):

```
feature_flags.overrides:
  securitySolution.attacksAlertsAlignment: true
```

---------

Co-authored-by: kibanamachine <[email protected]>

Author: e40pud

src/platform/packages/shared/deeplinks/security/deep_links.ts

@@ -10,10 +10,16 @@
 export enum SecurityPageName {
   administration = 'administration',
   alerts = 'alerts',
+  attacks = 'attacks',
   aiValue = 'ai_value',
   assetInventory = 'asset_inventory',
   attackDiscovery = 'attack_discovery',
   blocklist = 'blocklist',
+
+  // TODO: https://github.com/elastic/kibana/issues/242434
+  // Investigate possibility of using `detections` instead
+  alertDetections = 'alert_detections',
+
   /*
    * Warning: Computed values are not permitted in an enum with string valued members
    * All Cases page names must match `CasesDeepLinkId` in x-pack/platform/plugins/shared/cases/public/common/navigation/deep_links.ts

x-pack/solutions/security/packages/navigation/index.ts

@@ -13,5 +13,6 @@ export {
   SecurityGroupName,
   LinkCategoryType,
   SECURITY_UI_APP_ID,
+  ATTACKS_ALERTS_ALIGNMENT_ENABLED,
 } from './src/constants';
 export * from './src/types';

x-pack/solutions/security/packages/navigation/src/constants.ts

@@ -30,4 +30,11 @@ export enum SecurityGroupName {
   entityAnalytics = 'securityGroup:entityAnalytics',
   machineLearning = 'securityGroup:machineLearning',
   launchpad = 'securityGroup:launchpad',
+
+  // TODO: https://github.com/elastic/kibana/issues/242434
+  // Investigate possibility of using `detections` instead
+  alertDetections = 'securityGroup:alertDetections',
 }
+
+/** Feature flag for the alerts and attacks alignment feature */
+export const ATTACKS_ALERTS_ALIGNMENT_ENABLED = 'securitySolution.attacksAlertsAlignment' as const;

x-pack/solutions/security/packages/navigation/src/i18n_strings.ts

@@ -8,6 +8,16 @@
 import { i18n } from '@kbn/i18n';
 
 export const i18nStrings = {
+  alertDetections: {
+    title: i18n.translate('securitySolutionPackages.navLinks.alertDetections', {
+      defaultMessage: 'Detections',
+    }),
+    views: {
+      title: i18n.translate('securitySolutionPackages.navLinks.rules.views', {
+        defaultMessage: 'Views',
+      }),
+    },
+  },
   rules: {
     title: i18n.translate('securitySolutionPackages.navLinks.rules', {
       defaultMessage: 'Rules',

x-pack/solutions/security/packages/navigation/src/link_groups.ts

@@ -14,6 +14,7 @@ export interface SecurityLinkGroupDefinition {
 
 export const SecurityLinkGroup: Record<SecurityGroupName, SecurityLinkGroupDefinition> =
   Object.freeze({
+    [SecurityGroupName.alertDetections]: { title: i18nStrings.alertDetections.title },
     [SecurityGroupName.rules]: { title: i18nStrings.rules.title },
     [SecurityGroupName.explore]: { title: i18nStrings.explore.title },
     [SecurityGroupName.investigations]: { title: i18nStrings.investigations.title },

x-pack/solutions/security/packages/navigation/src/navigation_tree/alert_detections_navigation_tree.ts

@@ -0,0 +1,40 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { NodeDefinition } from '@kbn/core-chrome-browser';
+import { SecurityPageName, SecurityGroupName } from '../constants';
+import { SecurityLinkGroup } from '../link_groups';
+import { securityLink } from '../links';
+import { i18nStrings } from '../i18n_strings';
+
+export const createAlertDetectionsNavigationTree = (
+  { sideNavVersion }: { sideNavVersion?: NodeDefinition['sideNavVersion'] } = {
+    sideNavVersion: 'v1',
+  }
+): NodeDefinition => ({
+  id: SecurityGroupName.alertDetections,
+  title: SecurityLinkGroup[SecurityGroupName.alertDetections].title,
+  iconV2: 'warning',
+  renderAs: 'panelOpener',
+  sideNavVersion,
+  children: [
+    {
+      title: i18nStrings.alertDetections.views.title,
+      breadcrumbStatus: 'hidden',
+      children: [
+        {
+          id: SecurityPageName.attacks,
+          link: securityLink(SecurityPageName.attacks),
+        },
+        {
+          id: SecurityPageName.alerts,
+          link: securityLink(SecurityPageName.alerts),
+        },
+      ],
+    },
+  ],
+});

x-pack/solutions/security/packages/navigation/src/navigation_tree/index.ts

@@ -14,8 +14,10 @@ import { createAssetsNavigationTree } from './assets_navigation_tree';
 import { createEntityAnalyticsNavigationTree } from './entity_analytics_navigation_tree';
 import { createMachineLearningNavigationTree } from './ml_navigation_tree';
 import { createV2NavigationTree } from './v2_navigation_tree';
+import { createAlertDetectionsNavigationTree } from './alert_detections_navigation_tree';
 
 export const defaultNavigationTree = {
+  alertDetections: createAlertDetectionsNavigationTree,
   dashboards: createDashboardsNavigationTree,
   rules: createRulesNavigationTree,
   cases: createCasesNavigationTree,

x-pack/solutions/security/packages/navigation/src/navigation_tree/v2_navigation_tree.ts

@@ -11,6 +11,7 @@ import { defaultNavigationTree } from '../../navigation_tree';
 
 import { SecurityPageName } from '../..';
 import { i18nStrings, securityLink } from '../../links';
+import { ATTACKS_ALERTS_ALIGNMENT_ENABLED } from '../constants';
 
 const LazyIconWorkflow = lazy(() =>
   import('./v2_icons/workflow').then(({ iconWorkflow }) => ({ default: iconWorkflow }))
@@ -34,12 +35,14 @@ export const createV2NavigationTree = (core: CoreStart): NodeDefinition[] => [
   },
   defaultNavigationTree.dashboards({ sideNavVersion: 'v2' }),
   defaultNavigationTree.rules({ sideNavVersion: 'v2' }),
-  {
-    id: SecurityPageName.alerts,
-    iconV2: 'warning',
-    link: securityLink(SecurityPageName.alerts),
-    sideNavVersion: 'v2',
-  },
+  core.featureFlags.getBooleanValue(ATTACKS_ALERTS_ALIGNMENT_ENABLED, false)
+    ? defaultNavigationTree.alertDetections({ sideNavVersion: 'v2' })
+    : {
+        id: SecurityPageName.alerts,
+        iconV2: 'warning',
+        link: securityLink(SecurityPageName.alerts),
+        sideNavVersion: 'v2',
+      },
   {
     // TODO: update icon from EUI
     iconV2: LazyIconWorkflow,

x-pack/solutions/security/plugins/security_solution/common/constants.ts

@@ -9,7 +9,10 @@ import { RuleNotifyWhen } from '@kbn/alerting-plugin/common';
 import type { FilterControlConfig } from '@kbn/alerts-ui-shared';
 import * as i18n from './translations';
 
-export { SecurityPageName } from '@kbn/security-solution-navigation';
+export {
+  SecurityPageName,
+  ATTACKS_ALERTS_ALIGNMENT_ENABLED,
+} from '@kbn/security-solution-navigation';
 /**
  * as const
  *
@@ -97,7 +100,13 @@ export const REPORTS_PATH = '/reports' as const;
 export const AI_VALUE_PATH = `${REPORTS_PATH}/ai_value` as const;
 export const DETECTION_RESPONSE_PATH = '/detection_response' as const;
 export const DETECTIONS_PATH = '/detections' as const;
+
+// TODO: https://github.com/elastic/kibana/issues/242434
+// Investigate possibility of using `detections` instead
 export const ALERTS_PATH = '/alerts' as const;
+export const ATTACKS_PATH = '/attacks' as const;
+export const ALERT_DETECTIONS = '/alert_detections' as const;
+
 export const ALERT_DETAILS_REDIRECT_PATH = `${ALERTS_PATH}/redirect` as const;
 export const ALERT_SUMMARY_PATH = `/alert_summary` as const;
 export const RULES_PATH = '/rules' as const;

x-pack/solutions/security/plugins/security_solution/common/experimental_features.ts

@@ -175,10 +175,6 @@ export const allowedExperimentalValues = Object.freeze({
    * Release: 9.2.0
    */
   microsoftDefenderEndpointCancelEnabled: true,
-  /**
-   * Protects all the work related to the attacks and alerts alignment effort
-   */
-  attacksAlertsAlignment: false,
 });
 
 type ExperimentalConfigKeys = Array<keyof ExperimentalFeatures>;