[Defend Workflows] Event Filter added from Host>Events Page always defaults to Windows OS, even for Linux or macOS hosts

[sukhwindersingh-qasource]

Describe the bug:

• When user attempts to add an event filter from the Host Page, the option to select the operating system (OS) is not available.
• Additionally, no matter if the user navigates to the Host Details page of a Linux or macOS host and tries to add an event filter from those hosts, the OS is still automatically selected as Windows, which is not the correct behavior.

Login Credentials:

• https://p.elstc.co/paste/cuf87KVK#BazFPooHb4Z-gaGMxf3KYcxuQ0D4/sr3wBRf/4maYmA

Testing Details:

Build Details:

VERSION: 9.2.0 BC3
BUILD: 91544
COMMIT: 0c40a02e995201d9395473309adda6cd020d56ca

Preconditions:

• Kibana version 9.2.0
• User must have access to add Event Filter.

Steps to Reproduce:

1. Login with the user having above privileges.
2. Navigate to "Explore Page"
3. Click on "Host".
4. Navigate to an event where analyzer button is present and then click on three dots of that event.
5. Click on "Add Endpoint event filter" button.

Actual Result:

• The option to select the OS filter is missing, and the default OS is set to Windows.

Expected Result:

• An option to select the OS should be present when adding a filter from the Host Page.

Occurring on Old stacks:

• yes it is occurring on the 9.1.1 as well ✔️

Screen Capture:

Endpoints.-.Kibana.Mozilla.Firefox.2025-10-15.09-11-19.mp4

Logs:
N/A

[elasticmachine]

Pinging @elastic/security-solution (Team: SecuritySolution)

[elasticmachine]

Pinging @elastic/security-defend-workflows (Team:Defend Workflows)

[sukhwindersingh-qasource]

@muskangulati-qasource Please review this

[muskangulati-qasource]

Reviewed and assigned to @dasansol92