[EDR Workflows][Move endpoint exceptions] Endpoint Exceptions page added (#232388)

## Summary

This PR adds the Endpoint Exceptions list page:
- accessible from
  - Manage sidebar (ess classic solution view) / Endpoint Exceptions
- Administration landing page (ess classic solution view) / Endpoint
Exceptions
  - Assets sidebar (serverless, ess security solution view)
  - or directly: `/app/security/administration/endpoint_exceptions`
- it lists existing Endpoint Exceptions
- items are searchable
- items are deletable
- add/edit form is only a placeholder so far, they can be created/edited
under Rules / Shared exception lists

> [!important]
> Moving Endpoint Exceptions is behind feature flag, so until it is not
released, existing behavior (accessing EE from shared exception lists
page etc.) should be intact. This is hopefully enforced by existing
tests (e.g. #229469) and new ones
in
`x-pack/solutions/security/plugins/security_solution/public/management/cypress/e2e/artifacts/endpoint_exceptions.no_ff.cy.ts`

## Dev notes
- Endpoint exceptions are already added to `ENDPOINT_ARTIFACT_LISTS`
(c8560ca), to allow artifact list page
creating the list on page load in case it does not exist. It exists
usually, created by
[`TelemetryReceiver`](https://github.com/elastic/kibana/blob/main/x-pack/solutions/security/plugins/security_solution/server/lib/telemetry/receiver.ts#L691)
class.
- To keep existing behavior, Endpoint exceptions are removed on-the-fly
from the array, see the same commit.
- I didn't add a lot of tests testing the new functionalities - I plan
to have them tested with the existing
[`artifacts_rbac_runner.ts`](https://github.com/elastic/kibana/blob/main/x-pack/solutions/security/plugins/security_solution/public/management/cypress/support/artifacts_rbac_runner.ts),
similarly to other artifacts. This is possible after having the form and
separate Endpoint Exceptions sub-feature privilege in place.

## Testing
Enable feature flag in `kibana.dev.yml`:
```
xpack.securitySolution.enableExperimental:
  - endpointExceptionsMovedUnderManagement
```

## Screenshots

<img width="1110" height="792" alt="image"
src="https://github.com/user-attachments/assets/a392a082-64d9-4c1e-b55c-8d4e730ce13c"
/>

<img width="1185" height="818" alt="image"
src="https://github.com/user-attachments/assets/dd7111b4-deb5-4940-82c8-b6eb19987496"
/>

<img width="1183" height="815" alt="image"
src="https://github.com/user-attachments/assets/53dfed0a-92ab-4ca1-8772-0f0e95703972"
/>


### Checklist

Check the PR satisfies following conditions. 

Reviewers should verify this PR satisfies this list as well.

- [x] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)
- [x]
[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)
was added for features that require explanation or tutorials
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios

---------

Co-authored-by: kibanamachine <[email protected]>

Author: gergoabraham

src/core/server/integration_tests/ci_checks/saved_objects/check_registered_types.test.ts

@@ -616,14 +616,14 @@ describe('checking migration metadata changes on all registered SO types', () =>
         "exception-list|global: 2fc362be1e05f3e803d39cb797e9ea43e9478345",
         "exception-list|mappings: 1f3416248aa7578d5991d999e03203cc58baa672",
         "exception-list|schemas: da39a3ee5e6b4b0d3255bfef95601890afd80709",
-        "exception-list|7.12.0: 3cffb58252bde867d70b355d53761c24ef628037",
-        "exception-list|7.10.0: 8387f4bc4f3cf15a5f7bb2d2ddb8615c48d367a6",
+        "exception-list|7.12.0: 8fb1a0cfe64b45f6d2f0381d1423a8729ce25b33",
+        "exception-list|7.10.0: d2e0295e197370f4f1ea94c42123de72a4743cc7",
         "===============================================================",
         "exception-list-agnostic|global: 1ffcd5258404959329b6eae33af667176d823b33",
         "exception-list-agnostic|mappings: 1f3416248aa7578d5991d999e03203cc58baa672",
         "exception-list-agnostic|schemas: da39a3ee5e6b4b0d3255bfef95601890afd80709",
-        "exception-list-agnostic|7.12.0: 3cffb58252bde867d70b355d53761c24ef628037",
-        "exception-list-agnostic|7.10.0: 8387f4bc4f3cf15a5f7bb2d2ddb8615c48d367a6",
+        "exception-list-agnostic|7.12.0: 8fb1a0cfe64b45f6d2f0381d1423a8729ce25b33",
+        "exception-list-agnostic|7.10.0: d2e0295e197370f4f1ea94c42123de72a4743cc7",
         "========================================================================",
         "favorites|global: 220670249bb4ea98fc6f412e6712a6ae1404585e",
         "favorites|mappings: 0632fece42d46938b33f6d3f76a4d9951ce29d4e",

x-pack/solutions/security/packages/kbn-securitysolution-list-constants/index.ts

@@ -53,18 +53,6 @@ export const ENDPOINT_LIST_URL = '/api/endpoint_list';
  */
 export const ENDPOINT_LIST_ITEM_URL = '/api/endpoint_list/items';
 
-/**
- * This ID is used for _both_ the Saved Object ID and for the list_id
- * for the single global space agnostic endpoint list
- */
-export const ENDPOINT_LIST_ID = 'endpoint_list';
-
-/** The name of the single global space agnostic endpoint list */
-export const ENDPOINT_LIST_NAME = 'Endpoint Security Exception List';
-
-/** The description of the single global space agnostic endpoint list */
-export const ENDPOINT_LIST_DESCRIPTION = 'Endpoint Security Exception List';
-
 export const MAX_EXCEPTION_LIST_SIZE = 10000;
 
 export const MAXIMUM_SMALL_VALUE_LIST_SIZE = 65536;
@@ -75,6 +63,11 @@ export const MAXIMUM_SMALL_IP_RANGE_VALUE_LIST_DASH_SIZE = 200;
  * List definitions for Endpoint Artifact
  */
 export const ENDPOINT_ARTIFACT_LISTS = deepFreeze({
+  endpointExceptions: {
+    id: 'endpoint_list',
+    name: 'Endpoint Security Exception List',
+    description: 'Endpoint Security Exception List',
+  },
   trustedApps: {
     id: 'endpoint_trusted_apps',
     name: 'Endpoint Security Trusted Apps List',
@@ -109,6 +102,13 @@ export const ENDPOINT_ARTIFACT_LIST_IDS = Object.freeze(
   Object.values(ENDPOINT_ARTIFACT_LISTS).map(({ id }) => id)
 );
 
+/** @deprecated Use `ENDPOINT_ARTIFACT_LISTS` instead.
+ *
+ * This ID is used for _both_ the Saved Object ID and for the list_id
+ * for the single global space agnostic endpoint list
+ */
+export const ENDPOINT_LIST_ID = ENDPOINT_ARTIFACT_LISTS.endpointExceptions.id;
+
 /** @deprecated Use `ENDPOINT_ARTIFACT_LISTS` instead */
 export const ENDPOINT_TRUSTED_APPS_LIST_ID = ENDPOINT_ARTIFACT_LISTS.trustedApps.id;
 

x-pack/solutions/security/plugins/lists/server/saved_objects/migrations.ts

@@ -14,10 +14,7 @@ import type {
   entry,
 } from '@kbn/securitysolution-io-ts-list-types';
 import { entriesNested } from '@kbn/securitysolution-io-ts-list-types';
-import {
-  ENDPOINT_LIST_ID,
-  ENDPOINT_TRUSTED_APPS_LIST_ID,
-} from '@kbn/securitysolution-list-constants';
+import { ENDPOINT_ARTIFACT_LISTS } from '@kbn/securitysolution-list-constants';
 
 import type { ExceptionListSoSchema } from '../schemas/saved_objects';
 
@@ -58,7 +55,12 @@ export const migrations = {
       attributes: {
         ...doc.attributes,
         ...(doc.attributes.entries &&
-          [ENDPOINT_LIST_ID, ENDPOINT_TRUSTED_APPS_LIST_ID].includes(doc.attributes.list_id) && {
+          (
+            [
+              ENDPOINT_ARTIFACT_LISTS.endpointExceptions.id,
+              ENDPOINT_ARTIFACT_LISTS.trustedApps.id,
+            ] as string[]
+          ).includes(doc.attributes.list_id) && {
             entries: (doc.attributes.entries as EntriesArray).map<EntryType>(migrateEntry),
           }),
         ...(doc.attributes._tags &&
@@ -72,7 +74,7 @@ export const migrations = {
   '7.12.0': (
     doc: SavedObjectUnsanitizedDoc<ExceptionListSoSchema>
   ): SavedObjectSanitizedDoc<ExceptionListSoSchema> => {
-    if (doc.attributes.list_id === ENDPOINT_TRUSTED_APPS_LIST_ID) {
+    if (doc.attributes.list_id === ENDPOINT_ARTIFACT_LISTS.trustedApps.id) {
       return {
         ...doc,
         ...{

x-pack/solutions/security/plugins/lists/server/services/exception_lists/create_endpoint_list.ts

@@ -11,11 +11,7 @@ import { v4 as uuidv4 } from 'uuid';
 import type { Version } from '@kbn/securitysolution-io-ts-types';
 import type { ExceptionListSchema } from '@kbn/securitysolution-io-ts-list-types';
 import { getSavedObjectType } from '@kbn/securitysolution-list-utils';
-import {
-  ENDPOINT_LIST_DESCRIPTION,
-  ENDPOINT_LIST_ID,
-  ENDPOINT_LIST_NAME,
-} from '@kbn/securitysolution-list-constants';
+import { ENDPOINT_ARTIFACT_LISTS } from '@kbn/securitysolution-list-constants';
 
 import type { ExceptionListSoSchema } from '../../schemas/saved_objects';
 
@@ -43,15 +39,15 @@ export const createEndpointList = async ({
         comments: undefined,
         created_at: dateNow,
         created_by: user,
-        description: ENDPOINT_LIST_DESCRIPTION,
+        description: ENDPOINT_ARTIFACT_LISTS.endpointExceptions.description,
         entries: undefined,
         expire_time: undefined,
         immutable: false,
         item_id: undefined,
-        list_id: ENDPOINT_LIST_ID,
+        list_id: ENDPOINT_ARTIFACT_LISTS.endpointExceptions.id,
         list_type: 'list',
         meta: undefined,
-        name: ENDPOINT_LIST_NAME,
+        name: ENDPOINT_ARTIFACT_LISTS.endpointExceptions.name,
         os_types: [],
         tags: [],
         tie_breaker_id: tieBreaker ?? uuidv4(),
@@ -61,7 +57,7 @@ export const createEndpointList = async ({
       },
       {
         // We intentionally hard coding the id so that there can only be one exception list within the space
-        id: ENDPOINT_LIST_ID,
+        id: ENDPOINT_ARTIFACT_LISTS.endpointExceptions.id,
       }
     );
     return transformSavedObjectToExceptionList({ savedObject });

x-pack/solutions/security/plugins/security_solution/common/constants.ts

@@ -139,6 +139,8 @@ export const APP_ALERTS_PATH = `${APP_PATH}${ALERTS_PATH}` as const;
 export const APP_CASES_PATH = `${APP_PATH}${CASES_PATH}` as const;
 export const APP_ENDPOINTS_PATH = `${APP_PATH}${ENDPOINTS_PATH}` as const;
 export const APP_POLICIES_PATH = `${APP_PATH}${POLICIES_PATH}` as const;
+export const APP_ENDPOINT_EXCEPTIONS_PATH = `${APP_PATH}${ENDPOINT_EXCEPTIONS_PATH}` as const;
+export const APP_MANAGE_PATH = `${APP_PATH}${MANAGE_PATH}` as const;
 export const APP_TRUSTED_APPS_PATH = `${APP_PATH}${TRUSTED_APPS_PATH}` as const;
 export const APP_EVENT_FILTERS_PATH = `${APP_PATH}${EVENT_FILTERS_PATH}` as const;
 export const APP_HOST_ISOLATION_EXCEPTIONS_PATH =

x-pack/solutions/security/plugins/security_solution/public/exceptions/api/list_api.ts

@@ -11,6 +11,7 @@ import type { HttpSetup } from '@kbn/core-http-browser';
 import { getFilters } from '@kbn/securitysolution-list-utils';
 import type { List, ListArray } from '@kbn/securitysolution-io-ts-list-types';
 import { asyncForEach } from '@kbn/std';
+import { ENDPOINT_ARTIFACT_LISTS } from '@kbn/securitysolution-list-constants';
 import { ALL_ENDPOINT_ARTIFACT_LIST_IDS } from '../../../common/endpoint/service/artifacts/constants';
 import type {
   FetchListById,
@@ -27,7 +28,9 @@ export const getListById = async ({ id, http }: FetchListById) => {
     const filters = getFilters({
       filters: { list_id: id },
       namespaceTypes: ['single', 'agnostic'],
-      hideLists: ALL_ENDPOINT_ARTIFACT_LIST_IDS,
+      hideLists: ALL_ENDPOINT_ARTIFACT_LIST_IDS.filter(
+        (listId) => listId !== ENDPOINT_ARTIFACT_LISTS.endpointExceptions.id // todo: remove when removing endpoint exceptions from detections pages
+      ),
     });
     const namespaceTypes = ['single', 'agnostic'].join();
 

x-pack/solutions/security/plugins/security_solution/public/exceptions/hooks/use_list_detail_view/index.ts

@@ -14,6 +14,7 @@ import { ViewerStatus } from '@kbn/securitysolution-exception-list-components';
 import type { ExceptionListSchema, NamespaceType } from '@kbn/securitysolution-io-ts-list-types';
 import { useApi } from '@kbn/securitysolution-list-hooks';
 import { isEqual } from 'lodash';
+import { ENDPOINT_ARTIFACT_LISTS } from '@kbn/securitysolution-list-constants';
 import { ALL_ENDPOINT_ARTIFACT_LIST_IDS } from '../../../../common/endpoint/service/artifacts/constants';
 import { useUserData } from '../../../detections/components/user_info';
 import { APP_UI_ID, SecurityPageName } from '../../../../common/constants';
@@ -114,7 +115,10 @@ export const useListDetailsView = (exceptionListId: string) => {
 
   const initializeList = useCallback(async () => {
     try {
-      if ((ALL_ENDPOINT_ARTIFACT_LIST_IDS as string[]).includes(exceptionListId))
+      const endpointArtifactIds = ALL_ENDPOINT_ARTIFACT_LIST_IDS.filter(
+        (listId) => listId !== ENDPOINT_ARTIFACT_LISTS.endpointExceptions.id
+      );
+      if ((endpointArtifactIds as string[]).includes(exceptionListId))
         return setInvalidListId(true);
       setIsLoading(true);
 

x-pack/solutions/security/plugins/security_solution/public/exceptions/pages/shared_lists/index.tsx

@@ -29,6 +29,7 @@ import { ExceptionListTypeEnum } from '@kbn/securitysolution-io-ts-list-types';
 import { useApi, useExceptionLists } from '@kbn/securitysolution-list-hooks';
 import { EmptyViewerState, ViewerStatus } from '@kbn/securitysolution-exception-list-components';
 
+import { ENDPOINT_ARTIFACT_LISTS } from '@kbn/securitysolution-list-constants';
 import { AutoDownload } from '../../../common/components/auto_download/auto_download';
 import { useKibana } from '../../../common/lib/kibana';
 import { useAppToasts } from '../../../common/hooks/use_app_toasts';
@@ -133,7 +134,9 @@ export const SharedLists = React.memo(() => {
     http,
     namespaceTypes: ['single', 'agnostic'],
     notifications,
-    hideLists: ALL_ENDPOINT_ARTIFACT_LIST_IDS,
+    hideLists: ALL_ENDPOINT_ARTIFACT_LIST_IDS.filter(
+      (listId) => listId !== ENDPOINT_ARTIFACT_LISTS.endpointExceptions.id
+    ),
   });
   const [loadingTableInfo, exceptionListsWithRuleRefs, exceptionsListsRef] = useAllExceptionLists({
     exceptionLists: exceptions ?? [],

x-pack/solutions/security/plugins/security_solution/public/management/common/breadcrumbs.ts

@@ -11,6 +11,7 @@ import {
   ENDPOINTS_TAB,
   EVENT_FILTERS_TAB,
   POLICIES_TAB,
+  ENDPOINT_EXCEPTIONS_TAB,
   TRUSTED_APPS_TAB,
   TRUSTED_DEVICES_TAB,
 } from './translations';
@@ -26,6 +27,7 @@ import {
 const TabNameMappedToI18nKey: Record<AdministrationSubTab, string> = {
   [AdministrationSubTab.endpoints]: ENDPOINTS_TAB,
   [AdministrationSubTab.policies]: POLICIES_TAB,
+  [AdministrationSubTab.endpointExceptions]: ENDPOINT_EXCEPTIONS_TAB,
   [AdministrationSubTab.trustedApps]: TRUSTED_APPS_TAB,
   [AdministrationSubTab.trustedDevices]: TRUSTED_DEVICES_TAB,
   [AdministrationSubTab.eventFilters]: EVENT_FILTERS_TAB,

x-pack/solutions/security/plugins/security_solution/public/management/common/constants.ts

@@ -22,6 +22,7 @@ export const MANAGEMENT_ROUTING_POLICY_DETAILS_PROTECTION_UPDATES_PATH = `${MANA
 export const MANAGEMENT_ROUTING_NOTES_PATH = `${MANAGEMENT_PATH}/:tabName(${AdministrationSubTab.notes})`;
 /** @deprecated use the paths defined above instead */
 export const MANAGEMENT_ROUTING_POLICY_DETAILS_PATH_OLD = `${MANAGEMENT_PATH}/:tabName(${AdministrationSubTab.policies})/:policyId`;
+export const MANAGEMENT_ROUTING_ENDPOINT_EXCEPTIONS_PATH = `${MANAGEMENT_PATH}/:tabName(${AdministrationSubTab.endpointExceptions})`;
 export const MANAGEMENT_ROUTING_TRUSTED_APPS_PATH = `${MANAGEMENT_PATH}/:tabName(${AdministrationSubTab.trustedApps})`;
 export const MANAGEMENT_ROUTING_TRUSTED_DEVICES_PATH = `${MANAGEMENT_PATH}/:tabName(${AdministrationSubTab.trustedDevices})`;
 export const MANAGEMENT_ROUTING_EVENT_FILTERS_PATH = `${MANAGEMENT_PATH}/:tabName(${AdministrationSubTab.eventFilters})`;