[Security Solution]Analyzer data view affects entity flyouts and alert insights

[christineweng]

Describe the bug:
Changing analyzer data view effects results in entity flyouts and alert insights

Kibana/Elasticsearch Stack version:
8.19/9.1

Cause

• The hook useTimelineDataFilter fetches analyzer scope for the selectedPatterns. Analyzer uses the security default data view by default, so in most cases if user does not change the analyzer data view. the returned selectedPatterns is correct. However, when the data view in analyzer changes, it impacts areas that user is not aware of.

kibana/x-pack/solutions/security/plugins/security_solution/public/timelines/containers/use_timeline_data_filters.ts

Line 51 in 94c0008

const experimentalAnalyzerPatterns = useSelectedPatterns(SourcererScopeName.analyzer);

Screen.Recording.2025-07-02.at.5.52.18.PM.mov

Steps to reproduce:

1. Generate some alert data, expand an alert to see the flyout
2. Click on a host and inspect the query
3. Go to Visualize -> Analyzer, select a different data view
4. Inspect the query again, observe the indices changed. Similar observations in prevalence and ancestry correlations

Current behavior:
When analyzer data view changes, other features are impacted

Expected behavior:
Analyzer data view should only impact analyzer

[elasticmachine]

Pinging @elastic/security-solution (Team: SecuritySolution)

[elasticmachine]

Pinging @elastic/security-threat-hunting-investigations (Team:Threat Hunting:Investigations)

[elasticmachine]

Pinging @elastic/security-threat-hunting (Team:Threat Hunting)