[Security Solution][Attacks/Alerts][Setup and miscellaneous] Unified Alerts: Hooks to work with the new endpoints (#247387)

[e40pud]

Summary

Closes #247387

This PR implements public-side logic to interact with the unified alerts management endpoints created in as part of this ticket in this PR. It provides React Query hooks and API wrappers that enable the frontend to perform bulk operations (search, tag updates, assignee updates, and workflow status changes) on both detection alerts and attack alerts through a unified interface.

Motivation

The new Attacks page requires a unified way to manage different types of alerts (detection engine alerts and attack discovery alerts) in a single view. This PR provides the frontend infrastructure needed to interact with the backend unified alerts endpoints, enabling consistent user experience across alert management operations.

Implementation Details

API Layer (api/index.ts)

• searchUnifiedAlerts: Wraps POST /internal/detection_engine/unified_alerts/search endpoint for searching unified alerts
• setUnifiedAlertsWorkflowStatus: Wraps POST /internal/detection_engine/unified_alerts/workflow_status endpoint
• setUnifiedAlertsTags: Wraps POST /internal/detection_engine/unified_alerts/tags endpoint
• setUnifiedAlertsAssignees: Wraps POST /internal/detection_engine/unified_alerts/assignees endpoint

React Query Hooks

Query Hook

• useSearchUnifiedAlerts: React Query hook for searching unified alerts
  • Accepts SearchUnifiedAlertsRequestBody as parameter
  • Provides automatic caching, error handling, and loading states
  • Includes cache invalidation support via useInvalidateSearchUnifiedAlerts

Mutation Hooks

• useSetUnifiedAlertsWorkflowStatus: Mutation hook for updating workflow status
• useSetUnifiedAlertsTags: Mutation hook for adding/removing tags
• useSetUnifiedAlertsAssignees: Mutation hook for adding/removing assignees

File Structure

x-pack/solutions/security/plugins/security_solution/public/common/containers/unified_alerts/
├── __mocks__/
│   ├── index.ts
│   ├── unified_alerts.ts
│   └── update_responses.ts
├── api/
│   ├── index.ts
│   └── index.test.ts
├── hooks/
│   ├── constants.ts
│   ├── translations.ts
│   ├── use_search_unified_alerts.ts
│   ├── use_search_unified_alerts.test.tsx
│   ├── use_set_unified_alerts_workflow_status.ts
│   ├── use_set_unified_alerts_workflow_status.test.tsx
│   ├── use_set_unified_alerts_tags.ts
│   ├── use_set_unified_alerts_tags.test.tsx
│   ├── use_set_unified_alerts_assignees.ts
│   └── use_set_unified_alerts_assignees.test.tsx
└── index.ts

Testing Instructions

1. Run unit tests:

   yarn test:jest x-pack/solutions/security/plugins/security_solution/public/common/containers/unified_alerts

2. Verify all tests pass (13 tests across 5 test suites)

[elasticmachine]

Pinging @elastic/security-threat-hunting (Team:Threat Hunting)

[elasticmachine]

Pinging @elastic/security-solution (Team: SecuritySolution)

[elasticmachine]

Pinging @elastic/security-threat-hunting-investigations (Team:Threat Hunting:Investigations)

[elasticmachine]

💛 Build succeeded, but was flaky

• Buildkite Build
• Commit: 9596e3e

Failed CI Steps

• x-pack/solutions/security/test/cloud_security_posture_functional/config.ts
• FTR Configs #50

Test Failures

• [job] [logs] x-pack/solutions/security/test/cloud_security_posture_functional/config.ts / Cloud Security Posture Security Network Page - Graph visualization ECS fields only expanded flyout - entity enrichment for multiple actors and targets

Metrics [docs]

Unknown metric groups

ESLint disabled line counts

id	before	after	diff
securitySolution	687	691	+4

References to deprecated APIs

id	before	after	diff
securitySolution	437	438	+1

Total ESLint disabled count

id	before	after	diff
securitySolution	791	795	+4

History

• 💛 Build #376562 was flaky e61f732
• 💔 Build #376531 failed a53d231

cc @e40pud

[PhilippeOberti]

Nice work! I like to see the all the error will show up in a toast!