[Security Solution][threat hunting explore] EUI refresh: Remove custom color hex

[angorayc]

Summary

#202498
#202503

1. This PR does Not include the severity color change. It will be implemented in a follow up PR once color tokens have been decided.
2. This PR updates the type GetLensAttributes to accept euiTheme, so all the functions in this type are updated accordingly.
   https://github.com/elastic/kibana/pull/204631/files#diff-abe20658865cad59eadcff945552b40832d96da0264ed89ddd5ab25ded1420a3R30

---

To test:

Please verify if visualizations are displayed properly.

Running Kibana with the Borealis theme

In order to run Kibana with Borealis, you'll need to do the following:

1. Set the following in kibana.dev.yml: uiSettings.experimental.themeSwitcherEnabled: true

2. Run Kibana with the following environment variable set:
   KBN_OPTIMIZER_THEMES="borealislight,borealisdark,v8light,v8dark" yarn start

3. This will expose a toggle under Stack Management > Advanced Settings > Theme version, which you can use to toggle between Amsterdam and Borealis.

---

Explore

---

Dashboards

---

Alerts

---

Rules preview

---

[maxcold]

The change in getSeverityColor logic will change the color palette in Borealis quite drastically (medium severity will become pink for example). I don't think that's how we should handle the migration. We should rely on the new severity palette elastic/eui#8247 and decide what to do about the missing green color in this palette. Either continue using euiColorVis0 or accept our low severity alerts/vulnerabilities to be in blue, as "info" severity signals

[maxcold]

The Borealis data viz color palette changed, see https://docs.google.com/document/d/1IAKbasq1nDfqd2IU3KdP8cwD3uCCAwkIekKRq7zgyWg/edit?tab=t.0#heading=h.lgyarxm75dlu , so that vis9 is not red but yellow and vis5 is not yellow but pink. These colors don't work for severity
There is Severity Palette introduced by the EUI team #203387 , but it is missing green color, which is currently how our low severity alerts/vulnerabilities are being show. There is a discussion with Security solution on how to go about it, see https://elastic.slack.com/archives/C060SDYTZ96/p1734636026436679

[angorayc]

Thanks @maxcold , I could find that we are adding more euiColorSeverity color for different severity levels. This PR might have to wait until those colors becomes available. Have we got a clear idea of which euiColorSeverity token should be used for critical, high, medium and low?

I thought this (Security/Vulnerability) was the mapping, but they were not in the list of euiColorSeverity

[maxcold]

@angorayc the team is moving from the variety of colors illustrated by your screenshot to a unified palette available here elastic/eui#8247 , but I haven't seen exact colors defined for Security severity levels from this palette. If I understand correctly, it's what @codearos is doing currently with the design team

[angorayc]

Given that we are still waiting for the severity colors, I have dropped the changes for severity color in this PR. Will do that in a separate PR when the decision is made.

[PhilippeOberti]

I see that @CAWilson94 is doing a similar work here, so I wonder if there would be a value in extracting this logic into a more generic function/hook that could be moved into our common folder.

[angorayc]

@PhilippeOberti @CAWilson94
It seems that the new severity colors are still pending for decision, do you think it's worthwhile if I revert the severity color changes in our PRs, and open another pr especially for severity color changes?
So that we can also move the getSeverityColor hook into a common color and use it from there? and it won't block changes that doesn't involved the severity colors?

[PhilippeOberti]

Yup I like the idea!

[angorayc]

I have dropped the changes for severity colors in this PR. Let's do that in a separate PR when the decision is made.

[angorayc]

defaultLegendColors is removed as we don't want hard coded colors:
x-pack/solutions/security/plugins/security_solution/public/common/components/matrix_histogram/utils.ts

[angorayc]

Hosts

The current color for destination is a hard coded color hex, which is not included in the color tokens, replacing it with blue token (euiColorVis2 - #61A2FF) in Borealis but it appears as pinkish in Amsterdam.

Current	Amsterdam	Borealis

Network

The current color for destination is a hard coded color hex, which is not included in the color tokens, replacing it with blue token (euiColorVis2 - #61A2FF) in Borealis but it appears as pinkish in Amsterdam.

Current	Amsterdam	Borealis

Users

Both euiColorVis4 and euiColorVis6 are red. Using euiColorVis4 #EE72A6 for Borealis instead of euiColorVis6 #F6726A as euiColorVis6 appear as grey in the Amsterdam.

Current	Amsterdam	Borealis

[jbudz]

packages/kbn-babel-preset/styled_components_files.js LGTM

[CAWilson94]

Nice work! Thanks for all the collab on severity colours also 🚀

[agusruidiazgd]

LGTM! Thanks for this changes Angela 😎 💘

[elasticmachine]

💚 Build Succeeded

• Buildkite Build
• Commit: 97996ea
• Cloud Deployment

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id	before	after	diff
securitySolution	6536	6534	-2

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id	before	after	diff
securitySolution	22.2MB	22.2MB	-5.4KB

History

• 💔 Build #265313 failed d8fe7ee
• 💚 Build #264424 succeeded 78d3884
• 💛 Build #264099 was flaky acf2576
• 💔 Build #264041 failed 955ef20
• 💚 Build #263751 succeeded d4722cc

[codearos]

LGTM, thank you Angela!