Summary

Closes:

• https://github.com/elastic/security-team/issues/14574

Should be merged after:

• [Contextual Security] add support for new actor and target ECS schema fields #242376
• [Contextual Security] align graph visualization with ECS entity namespace fields for actor and target identification #243711

Add license tier (ESS/Self-Managed) and product tier (Serverless) checks to useGraphPreview to leverage the hasGraphRepresentation value that is used in multiple places to conditionally render the Graph in flyout and expandable flyout.

Also leveraged hasGraphRepresentation to check if feature is enabled via UI settings and simplified code.

Screenshots

Graph visible	Graph NOT visible

How to test

Self-Managed

1. Run ES: yarn es snapshot --license basic
2. Run Kibana: yarn start --no-base-path
3. Load fixtures:
   • node scripts/es_archiver load x-pack/solutions/security/test/cloud_security_posture_functional/es_archives/logs_gcp_audit --es-url http://elastic:changeme@localhost:9200 --kibana-url http://elastic:changeme@localhost:5601
   • node scripts/es_archiver load x-pack/solutions/security/test/cloud_security_posture_functional/es_archives/security_alerts_modified_mappings --es-url http://elastic:changeme@localhost:9200 --kibana-url http://elastic:changeme@localhost:5601
4. Go to Alerts page, set timerange from 3 years ago until now
5. Check Graph Visualization is NOT visible in flyout
6. Stop ES and run again with: yarn es snapshot --license trial
7. Check Graph Visualization is visible in flyout

Serverless

1. Authenticate in docker: docker login -u <username> -p <password> docker.elastic.co and run Docker app. If it prompts for signing-in, use SSO
2. Run ES: yarn es serverless --projectType security --kill
3. Add these lines into kibana.dev.yml:

server.basePath: "/kbn"

xpack.securitySolutionServerless.productTypes:
  [
    { product_line: "security", product_tier: "essentials" },
    { product_line: "endpoint", product_tier: "essentials" },
    { product_line: "cloud", product_tier: "essentials" },
  ]

4. Run Kibana: yarn serverless-security
5. Load fixtures running this script: load_serverless_fixtures.sh (Do chmod +x ./load_serverless_fixtures.sh first ofc)
6. Login with username elastic_serverless and password changeme
7. Go to Alerts page, set timerange from 3 years ago until now
8. Check Graph Visualization is NOT visible in flyout
9. In kibana.dev.yml, comment out all lines under xpack.securitySolutionServerless.productTypes
10. Check Graph Visualization is visible in flyout

Checklist

• Any text added follows EUI's writing guidelines, uses sentence case text and includes i18n support
• Documentation was added for features that require explanation or tutorials
• Unit or functional tests were updated or added to match the most common scenarios
• If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the docker list
• This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The release_note:breaking label should be applied in these situations.
• Flaky Test Runner was used on any tests changed
• The PR description includes the appropriate Release Notes section, and the correct release_note:* label is applied per the guidelines
• Review the backport guidelines and apply applicable backport:* labels.

Identify risks

No risks. Feature is not public yet.