elastic · e40pud · May 27, 2026 · May 29, 2026 · May 29, 2026 · May 29, 2026
diff --git a/x-pack/platform/plugins/private/translations/translations/de-DE.json b/x-pack/platform/plugins/private/translations/translations/de-DE.json
@@ -38810,8 +38810,6 @@
     "xpack.securitySolution.attackDiscovery.results.attackDiscoveryPanel.panelHeader.badges.sharedBadge.visibilityDropdownLabel": "Sichtbarkeit",
     "xpack.securitySolution.attackDiscovery.results.attackDiscoveryPanel.panelHeader.badges.sharedBadge.visibleToYourTeamLabel": "Sichtbar für Ihr Team",
     "xpack.securitySolution.attackDiscovery.results.attackDiscoveryPanel.panelHeader.primaryInteractions.accordionButton.aiConnectorTooltipTitle": "KI-Connector",
-    "xpack.securitySolution.attackDiscovery.results.attackDiscoveryPanel.panelHeader.primaryInteractions.title.openScheduleDetailsLabel": "Zeitplandetails öffnen",
-    "xpack.securitySolution.attackDiscovery.results.attackDiscoveryPanel.panelHeader.primaryInteractions.title.scheduledAttackDiscoveryTooltipTitle": "Geplante Angriffserkennung",
     "xpack.securitySolution.attackDiscovery.results.attackDiscoveryPanel.panelHeader.subtitle.createdByUserLabel": "Erstellt von: {user}",
     "xpack.securitySolution.attackDiscovery.results.attackDiscoveryPanel.panelHeader.summaryActions.alertsLabel": "Alerts:",
     "xpack.securitySolution.attackDiscovery.results.attackDiscoveryPanel.panelHeader.summaryActions.attackChainLabel": "Angriffskette:",

diff --git a/x-pack/platform/plugins/private/translations/translations/fr-FR.json b/x-pack/platform/plugins/private/translations/translations/fr-FR.json
@@ -38727,8 +38727,6 @@
     "xpack.securitySolution.attackDiscovery.results.attackDiscoveryPanel.panelHeader.badges.sharedBadge.visibilityDropdownLabel": "Visibilité",
     "xpack.securitySolution.attackDiscovery.results.attackDiscoveryPanel.panelHeader.badges.sharedBadge.visibleToYourTeamLabel": "Visible pour votre équipe",
     "xpack.securitySolution.attackDiscovery.results.attackDiscoveryPanel.panelHeader.primaryInteractions.accordionButton.aiConnectorTooltipTitle": "Connecteur IA",
-    "xpack.securitySolution.attackDiscovery.results.attackDiscoveryPanel.panelHeader.primaryInteractions.title.openScheduleDetailsLabel": "Ouvrir les détails du planning",
-    "xpack.securitySolution.attackDiscovery.results.attackDiscoveryPanel.panelHeader.primaryInteractions.title.scheduledAttackDiscoveryTooltipTitle": "Détection planifiée d'attaques",
     "xpack.securitySolution.attackDiscovery.results.attackDiscoveryPanel.panelHeader.subtitle.createdByUserLabel": "Créé par : {user}",
     "xpack.securitySolution.attackDiscovery.results.attackDiscoveryPanel.panelHeader.summaryActions.alertsLabel": "Alertes :",
     "xpack.securitySolution.attackDiscovery.results.attackDiscoveryPanel.panelHeader.summaryActions.attackChainLabel": "Chaîne d'attaque :",

diff --git a/x-pack/platform/plugins/private/translations/translations/ja-JP.json b/x-pack/platform/plugins/private/translations/translations/ja-JP.json
@@ -38930,8 +38930,6 @@
     "xpack.securitySolution.attackDiscovery.results.attackDiscoveryPanel.panelHeader.badges.sharedBadge.visibilityDropdownLabel": "可視性",
     "xpack.securitySolution.attackDiscovery.results.attackDiscoveryPanel.panelHeader.badges.sharedBadge.visibleToYourTeamLabel": "チームに表示",
     "xpack.securitySolution.attackDiscovery.results.attackDiscoveryPanel.panelHeader.primaryInteractions.accordionButton.aiConnectorTooltipTitle": "AIコネクター",
-    "xpack.securitySolution.attackDiscovery.results.attackDiscoveryPanel.panelHeader.primaryInteractions.title.openScheduleDetailsLabel": "スケジュールの詳細を開く",
-    "xpack.securitySolution.attackDiscovery.results.attackDiscoveryPanel.panelHeader.primaryInteractions.title.scheduledAttackDiscoveryTooltipTitle": "スケジュールされた攻撃検出",
     "xpack.securitySolution.attackDiscovery.results.attackDiscoveryPanel.panelHeader.subtitle.createdByUserLabel": "作成者: {user}",
     "xpack.securitySolution.attackDiscovery.results.attackDiscoveryPanel.panelHeader.summaryActions.alertsLabel": "アラート：",
     "xpack.securitySolution.attackDiscovery.results.attackDiscoveryPanel.panelHeader.summaryActions.attackChainLabel": "攻撃チェーン：",

diff --git a/x-pack/platform/plugins/private/translations/translations/zh-CN.json b/x-pack/platform/plugins/private/translations/translations/zh-CN.json
@@ -38936,8 +38936,6 @@
     "xpack.securitySolution.attackDiscovery.results.attackDiscoveryPanel.panelHeader.badges.sharedBadge.visibilityDropdownLabel": "可见性",
     "xpack.securitySolution.attackDiscovery.results.attackDiscoveryPanel.panelHeader.badges.sharedBadge.visibleToYourTeamLabel": "对您的团队可见",
     "xpack.securitySolution.attackDiscovery.results.attackDiscoveryPanel.panelHeader.primaryInteractions.accordionButton.aiConnectorTooltipTitle": "AI 连接器",
-    "xpack.securitySolution.attackDiscovery.results.attackDiscoveryPanel.panelHeader.primaryInteractions.title.openScheduleDetailsLabel": "打开日程详情",
-    "xpack.securitySolution.attackDiscovery.results.attackDiscoveryPanel.panelHeader.primaryInteractions.title.scheduledAttackDiscoveryTooltipTitle": "计划的攻击发现",
     "xpack.securitySolution.attackDiscovery.results.attackDiscoveryPanel.panelHeader.subtitle.createdByUserLabel": "创建者：{user}",
     "xpack.securitySolution.attackDiscovery.results.attackDiscoveryPanel.panelHeader.summaryActions.alertsLabel": "告警：",
     "xpack.securitySolution.attackDiscovery.results.attackDiscoveryPanel.panelHeader.summaryActions.attackChainLabel": "攻击链：",

@@ -39,36 +39,42 @@ const ATTACK_DETAILS_FLYOUT_BODY_TEST_ID = 'attack-details-flyout-body';
 const FILTER_BY_ASSIGNEES_BUTTON_TEST_ID = 'filter-popover-button-assignees';
 const CONNECTOR_FILTER_BUTTON_TEST_ID = 'connectorFilterButton';
 const EXPAND_ATTACK_BUTTON_TEST_ID = 'expand-attack-button';
+const SCHEDULE_BUTTON_TEST_ID_TABLE = 'scheduleButton';
+const SCHEDULE_DETAILS_FLYOUT_TEST_ID = 'scheduleDetailsFlyout';
+const QUERY_TOGGLE_HEADER_TEST_ID = 'query-toggle-header';
 
 export class DetectionsAttackDiscoveryPage {
-  public standaloneAlertsNavItem: Locator;
-  public detectionsNavItem: Locator;
-  public detectionsPanelAlertsNavItem: Locator;
-  public detectionsPanelAttacksNavItem: Locator;
-  public detectionsNavItemButton: Locator;
-  public attacksPageContent: Locator;
-  public attacksPageActions: Locator;
-  public attacksPageSearchBar: Locator;
-  public attacksPageStandardFilters: Locator;
-  public attacksPageAssigneeFilter: Locator;
-  public attacksPageConnectorFilter: Locator;
-  public attacksKpisSection: Locator;
-  public attacksSummaryView: Locator;
-  public attacksListPanel: Locator;
-  public attacksVolumePanel: Locator;
-  public attacksListTable: Locator;
-  public attacksTableSection: Locator;
-  public scheduleButton: Locator;
-  public settingsFlyout: Locator;
-  public schedulesTable: Locator;
-  public attackDetailsFlyoutBody: Locator;
-  public assigneesFilterButton: Locator;
-  public connectorFilterButton: Locator;
-  public tableExpandAttackDetailsButtons: Locator;
-  public settingsButton: Locator;
-  public generateButton: Locator;
-  public runButton: Locator;
-  public globalToastList: Locator;
+  public readonly standaloneAlertsNavItem: Locator;
+  public readonly detectionsNavItem: Locator;
+  public readonly detectionsPanelAlertsNavItem: Locator;
+  public readonly detectionsPanelAttacksNavItem: Locator;
+  public readonly detectionsNavItemButton: Locator;
+  public readonly attacksPageContent: Locator;
+  public readonly attacksPageActions: Locator;
+  public readonly attacksPageSearchBar: Locator;
+  public readonly attacksPageStandardFilters: Locator;
+  public readonly attacksPageAssigneeFilter: Locator;
+  public readonly attacksPageConnectorFilter: Locator;
+  public readonly attacksKpisSection: Locator;
+  public readonly kpisSectionToggleButton: Locator;
+  public readonly attacksSummaryView: Locator;
+  public readonly attacksListPanel: Locator;
+  public readonly attacksVolumePanel: Locator;
+  public readonly attacksListTable: Locator;
+  public readonly attacksTableSection: Locator;
+  public readonly scheduleButton: Locator;
+  public readonly settingsFlyout: Locator;
+  public readonly scheduleDetailsFlyout: Locator;
+  public readonly schedulesTable: Locator;
+  public readonly attackDetailsFlyoutBody: Locator;
+  public readonly assigneesFilterButton: Locator;
+  public readonly connectorFilterButton: Locator;
+  public readonly tableExpandAttackDetailsButtons: Locator;
+  public readonly tableScheduleButtons: Locator;
+  public readonly settingsButton: Locator;
+  public readonly generateButton: Locator;
+  public readonly runButton: Locator;
+  public readonly globalToastList: Locator;
 
   constructor(private readonly page: ScoutPage, _config: ScoutTestConfig) {
     this.attacksPageContent = this.page.testSubj.locator(ATTACKS_PAGE_CONTENT_TEST_ID);
@@ -84,20 +90,23 @@ export class DetectionsAttackDiscoveryPage {
       ATTACKS_PAGE_CONNECTOR_FILTER_TEST_ID
     );
     this.attacksKpisSection = this.page.testSubj.locator(ATTACKS_KPIS_SECTION_TEST_ID);
+    this.kpisSectionToggleButton = this.attacksKpisSection.getByTestId(QUERY_TOGGLE_HEADER_TEST_ID);
     this.attacksSummaryView = this.page.testSubj.locator(ATTACKS_SUMMARY_VIEW_TEST_ID);
     this.attacksListPanel = this.page.testSubj.locator(ATTACKS_LIST_PANEL_TEST_ID);
     this.attacksVolumePanel = this.page.testSubj.locator(ATTACKS_VOLUME_PANEL_TEST_ID);
     this.attacksListTable = this.page.testSubj.locator(ATTACKS_LIST_TABLE_TEST_ID);
     this.attacksTableSection = this.page.testSubj.locator(ATTACKS_PAGE_TABLE_SECTION_TEST_ID);
     this.scheduleButton = this.page.testSubj.locator(SCHEDULE_BUTTON_TEST_ID);
     this.settingsFlyout = this.page.testSubj.locator(SETTINGS_FLYOUT_TEST_ID);
+    this.scheduleDetailsFlyout = this.page.testSubj.locator(SCHEDULE_DETAILS_FLYOUT_TEST_ID);
     this.schedulesTable = this.page.testSubj.locator(SCHEDULES_TABLE_TEST_ID);
     this.attackDetailsFlyoutBody = this.page.testSubj.locator(ATTACK_DETAILS_FLYOUT_BODY_TEST_ID);
     this.assigneesFilterButton = this.page.testSubj.locator(FILTER_BY_ASSIGNEES_BUTTON_TEST_ID);
     this.connectorFilterButton = this.page.testSubj.locator(CONNECTOR_FILTER_BUTTON_TEST_ID);
-    this.tableExpandAttackDetailsButtons = this.attacksTableSection.locator(
-      `[data-test-subj="${EXPAND_ATTACK_BUTTON_TEST_ID}"]`
+    this.tableExpandAttackDetailsButtons = this.attacksTableSection.getByTestId(
+      EXPAND_ATTACK_BUTTON_TEST_ID
     );
+    this.tableScheduleButtons = this.attacksTableSection.getByTestId(SCHEDULE_BUTTON_TEST_ID_TABLE);
     this.settingsButton = this.page.testSubj.locator('settings');
     this.generateButton = this.page.testSubj.locator('generate');
     this.runButton = this.page.testSubj.locator('run');
@@ -161,6 +170,13 @@ export class DetectionsAttackDiscoveryPage {
     await this.detectionsNavItem.click();
   }
 
+  async collapseKpisSection() {
+    if (await this.attacksSummaryView.isVisible()) {
+      await this.kpisSectionToggleButton.click();
+      await this.attacksSummaryView.waitFor({ state: 'hidden' });
+    }
+  }
+
   async openScheduleFlyout() {
     await this.scheduleButton.click();
     await this.settingsFlyout.waitFor({ state: 'visible' });
@@ -177,4 +193,15 @@ export class DetectionsAttackDiscoveryPage {
     await firstExpandAttackButton.click();
     await this.attackDetailsFlyoutBody.waitFor({ state: 'visible' });
   }
+
+  async openFirstScheduleDetailsFromTable() {
+    const [firstScheduleButton] = await this.tableScheduleButtons.all();
+
+    if (!firstScheduleButton) {
+      throw new Error('No schedule button found');
+    }
+
+    await firstScheduleButton.click();
+    await this.scheduleDetailsFlyout.waitFor({ state: 'visible' });
+  }
 }
@@ -10,9 +10,30 @@ import { render, screen } from '@testing-library/react';
 import userEvent from '@testing-library/user-event';
 import React from 'react';
 
+import { AttacksEventTypes } from '../../../../../../../common/lib/telemetry';
 import { Title } from '.';
 import { TestProviders } from '../../../../../../../common/mock';
 
+const mockReportEvent = jest.fn();
+jest.mock('../../../../../../../common/lib/kibana', () => {
+  const original = jest.requireActual('../../../../../../../common/lib/kibana');
+  return {
+    ...original,
+    useKibana: () => {
+      const actual = original.useKibana();
+      return {
+        ...actual,
+        services: {
+          ...actual.services,
+          telemetry: {
+            reportEvent: mockReportEvent,
+          },
+        },
+      };
+    },
+  };
+});
+
 jest.mock('@kbn/elastic-assistant-common', () => ({
   ATTACK_DISCOVERY_AD_HOC_RULE_ID: 'ad-hoc-rule-id',
   API_VERSIONS: {
@@ -167,7 +188,7 @@ describe('Title', () => {
   });
 
   describe('schedule detection', () => {
-    it('renders DetailsFlyout when attack discovery has alertRuleUuid that is not ad-hoc', async () => {
+    it('renders DetailsFlyout and sends telemetry when attack discovery has alertRuleUuid that is not ad-hoc', async () => {
       const discoveryWithSchedule = {
         ...mockRawResponse,
         alertRuleUuid: 'scheduled-rule-id',
@@ -183,6 +204,9 @@ describe('Title', () => {
       await userEvent.click(screen.getByTestId('scheduleButton'));
 
       expect(screen.getByTestId('detailsFlyout')).toHaveTextContent('scheduled-rule-id');
+      expect(mockReportEvent).toHaveBeenCalledWith(AttacksEventTypes.ScheduleDetailsFlyoutOpened, {
+        source: 'attack_discovery_page',
+      });
     });
 
     it('does NOT render the schedule button when attack discovery has no alertRuleUuid', () => {

@@ -7,11 +7,9 @@
 
 import {
   EuiAccordion,
-  EuiButtonIcon,
   EuiCheckbox,
   EuiFlexGroup,
   EuiFlexItem,
-  EuiToolTip,
   useEuiTheme,
   useGeneratedHtmlId,
 } from '@elastic/eui';
@@ -27,8 +25,10 @@ import React, { useCallback, useMemo, useState } from 'react';
 import { AccordionButton } from '../accordion_button';
 import { Badges } from '../badges';
 import { DetailsFlyout } from '../../../../../settings_flyout/schedule/details_flyout';
-import * as i18n from './translations';
+import { ScheduleDetailsButton } from '../../../../../../../detections/components/attacks/schedule_details_button/schedule_details_button';
 import { isAttackDiscoveryAlert } from '../../../../../utils/is_attack_discovery_alert';
+import { useKibana } from '../../../../../../../common/lib/kibana';
+import { AttacksEventTypes } from '../../../../../../../common/lib/telemetry';
 
 interface Props {
   attackDiscovery: AttackDiscovery | AttackDiscoveryAlert;
@@ -51,6 +51,10 @@ const TitleComponent: React.FC<Props> = ({
   setIsSelected,
   showAnonymized = false,
 }) => {
+  const {
+    services: { telemetry },
+  } = useKibana();
+
   const { euiTheme } = useEuiTheme();
 
   const htmlId = useGeneratedHtmlId({
@@ -88,7 +92,10 @@ const TitleComponent: React.FC<Props> = ({
 
   const openScheduleDetails = useCallback(() => {
     setScheduleDetailsId(alertRuleUuid);
-  }, [alertRuleUuid]);
+    telemetry.reportEvent(AttacksEventTypes.ScheduleDetailsFlyoutOpened, {
+      source: 'attack_discovery_page',
+    });
+  }, [alertRuleUuid, telemetry]);
 
   const onClose = useCallback(() => setScheduleDetailsId(undefined), []);
 
@@ -144,23 +151,7 @@ const TitleComponent: React.FC<Props> = ({
           </EuiAccordion>
         </EuiFlexItem>
 
-        {isScheduled && (
-          <EuiFlexItem grow={false}>
-            <EuiToolTip
-              content={i18n.SCHEDULED_ATTACK_DISCOVERY}
-              data-test-subj="scheduledTooltip"
-              position="top"
-            >
-              <EuiButtonIcon
-                aria-label={i18n.OPEN_SCHEDULE_DETAILS}
-                data-test-subj="scheduleButton"
-                iconType="calendar"
-                onClick={openScheduleDetails}
-                size="xs"
-              />
-            </EuiToolTip>
-          </EuiFlexItem>
-        )}
+        {isScheduled && <ScheduleDetailsButton onClick={openScheduleDetails} />}
 
         <EuiFlexItem grow={false}>
           <Badges attackDiscovery={attackDiscovery} />

@@ -152,6 +152,16 @@ export const attacksScheduleFlyoutOpenedEvent: AttacksTelemetryEvent = {
   },
 };
 
+export const attacksScheduleDetailsFlyoutOpenedEvent: AttacksTelemetryEvent = {
+  eventType: AttacksEventTypes.ScheduleDetailsFlyoutOpened,
+  schema: {
+    source: {
+      type: 'keyword',
+      _meta: { description: 'The source of the schedule details flyout open', optional: false },
+    },
+  },
+};
+
 export const attacksFeaturePromotionCalloutActionEvent: AttacksTelemetryEvent = {
   eventType: AttacksEventTypes.FeaturePromotionCalloutAction,
   schema: {
@@ -183,6 +193,7 @@ export const attacksTelemetryEvents = [
   attacksDetailsFlyoutOpenedEvent,
   attacksExpandedViewTabClickedEvent,
   attacksScheduleFlyoutOpenedEvent,
+  attacksScheduleDetailsFlyoutOpenedEvent,
   attacksFeaturePromotionCalloutActionEvent,
   attacksWorkflowRunTriggeredEvent,
 ];
@@ -20,6 +20,7 @@ export enum AttacksEventTypes {
   DetailsFlyoutOpened = 'Attacks Details Flyout Opened',
   ExpandedViewTabClicked = 'Attacks Expanded View Tab Clicked',
   ScheduleFlyoutOpened = 'Attacks Schedule Flyout Opened',
+  ScheduleDetailsFlyoutOpened = 'Attacks Schedule Details Flyout Opened',
   FeaturePromotionCalloutAction = 'Attacks Feature Promotion Callout Action',
   WorkflowRunTriggered = 'Attacks Workflow Run Triggered',
 }
@@ -54,6 +55,10 @@ interface AttacksScheduleFlyoutOpenedParams {
   source: 'attacks_page_header' | 'attacks_page_empty_state';
 }
 
+interface AttacksScheduleDetailsFlyoutOpenedParams {
+  source: 'attacks_page_table' | 'attack_discovery_page';
+}
+
 interface AttacksActionStatusUpdatedParams extends AttacksActionBaseParams {
   status: string;
   scope?: AttacksUpdateScope;
@@ -97,6 +102,7 @@ export interface AttacksTelemetryEventsMap {
   [AttacksEventTypes.DetailsFlyoutOpened]: AttacksDetailsFlyoutOpenedParams;
   [AttacksEventTypes.ExpandedViewTabClicked]: AttacksExpandedViewTabClickedParams;
   [AttacksEventTypes.ScheduleFlyoutOpened]: AttacksScheduleFlyoutOpenedParams;
+  [AttacksEventTypes.ScheduleDetailsFlyoutOpened]: AttacksScheduleDetailsFlyoutOpenedParams;
   [AttacksEventTypes.FeaturePromotionCalloutAction]: AttacksFeaturePromotionCalloutActionParams;
   [AttacksEventTypes.WorkflowRunTriggered]: AttacksActionBaseParams;
 }

@@ -0,0 +1,32 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React from 'react';
+import { render, fireEvent } from '@testing-library/react';
+
+import { ScheduleDetailsButton } from './schedule_details_button';
+
+describe('ScheduleDetailsButton', () => {
+  it('renders the button and tooltip', () => {
+    const onClickMock = jest.fn();
+    const { getByTestId, getByLabelText } = render(<ScheduleDetailsButton onClick={onClickMock} />);
+
+    const button = getByTestId('scheduleButton');
+    expect(button).toBeInTheDocument();
+    expect(getByLabelText('Open schedule details')).toBeInTheDocument();
+  });
+
+  it('calls onClick when the button is clicked', () => {
+    const onClickMock = jest.fn();
+    const { getByTestId } = render(<ScheduleDetailsButton onClick={onClickMock} />);
+
+    const button = getByTestId('scheduleButton');
+    fireEvent.click(button);
+
+    expect(onClickMock).toHaveBeenCalledTimes(1);
+  });
+});