[Security Solution][Detections] Provide ability to deep link into Detection views

[spong]

This enhancement is for providing the ability to deep link to specific views within the detection engine, exposing query parameters that allows users to create custom URL's within their actions (or elsewhere) to link to specific pages/views within Detections.

Below are example deep-linking parameters per page.

Main Detections Page

• stack by field on histogram
• alert status filter
• include building blocks additional filter on table
• alerts per page on table
• sort_column on table
• current_page on table

Note: KQL Query/Filters and Daterange are already available on the main detections page.

Rule Management Page

• Selected tab (Rules, Rule Monitoring, Exception Lists)
• Per each tab
  • query string
  • Elastic Rule/Custom Rule filters
  • Selected tags
  • Sort order
  • Current page on table
  • Rules per page on table
• Show Upload value lists modal on page load
• Show Import rule modal on page load

Rule Details Page

• Selected tab (Detection Alerts, Exception, Failure History)
• Selected tab within About section (either Details or Investigation guide)
• All parameters outlined in Main Detection Page section above
• Exceptions Table
  • query string
  • Detection list/Endpoint list filters
• Show Add Endpoint Exception modal
• Show Add Rule Exception modal

Create Rule Page

• Selected Rule Type (Custom Query, Machine Learning, Threshold, Event Correlation, Indicator Match)

Edit Rule Page

• Selected Tab (Definition, About, Schedule, Actions)

[elasticmachine]

Pinging @elastic/security-detections-response (Team:Detections and Resp)

[elasticmachine]

Pinging @elastic/security-solution (Team: SecuritySolution)

[approksiu]

@spong I would add for "Rule Details Page" the investigation guide section.