Add related alerts support

[kfirpeled]

Motivation

The current graph API is hardcoded to query the logs-* index pattern. This limits its flexibility and makes it difficult to adapt to different datasets or environments. By allowing the index pattern to be passed as an optional parameter, we enable broader use cases and improve integration with user-defined data sources.
Additionally, we want to ensure that relevant alerts are identified and returned clearly as part of the response to enhance the context of graph-based investigations.

Definition of done

• Add optional indexPattern parameter to the graph API (default to logs-*)
• Ensure alerts within the result set are correctly identified and marked as alerts
• Make sure we use the security data view in the graph visualization component

Out of scope

• Support for non-logs indices that require schema transformation

Related tasks/epics

• Apply new mappings to alerts index #221036

Team tag

@elastic/kibana-cloud-security-posture

[jeniawhite]

Verified 9.2.0 BC3

Notice that Graph preview doesn't work but there is a graph, is this expected behavior? @kfirpeled

Maybe related to the fact that the request end and start are the same time and based on alert timestamp? This doesn't look right to me.

Might be related to the timestamp but this creates a very weird behavior with an empty graph

Screen.Recording.2025-10-09.at.22.08.19.mov

[jeniawhite]

Opened ticket:

• [Graph] Graph preview and search uses alert timestamps instead of underlying logs timestamps #239244