diff --git a/config/serverless.security.yml b/config/serverless.security.yml
index 5ebb22486dc4317..88770178a34934f 100644
--- a/config/serverless.security.yml
+++ b/config/serverless.security.yml
@@ -23,7 +23,6 @@ xpack.securitySolutionServerless.productTypes:
 
 xpack.securitySolution.offeringSettings: {
   ILMEnabled: false, # Index Lifecycle Management (ILM) functionalities disabled, not supported by serverless Elasticsearch
-  ESQLEnabled: false, # ES|QL disabled, not supported by serverless Elasticsearch
 }
 
 newsfeed.enabled: true
diff --git a/packages/serverless/settings/security_project/index.ts b/packages/serverless/settings/security_project/index.ts
index 70b2305610aea90..fcc5f15c26fc4c7 100644
--- a/packages/serverless/settings/security_project/index.ts
+++ b/packages/serverless/settings/security_project/index.ts
@@ -7,8 +7,10 @@
  */
 
 import * as settings from '@kbn/management-settings-ids';
+import * as discoverSettings from '@kbn/discover-utils';
 
 export const SECURITY_PROJECT_SETTINGS = [
+  discoverSettings.ENABLE_ESQL,
   settings.ML_ANOMALY_DETECTION_RESULTS_ENABLE_TIME_DEFAULTS_ID,
   settings.ML_ANOMALY_DETECTION_RESULTS_TIME_DEFAULTS_ID,
   settings.SECURITY_SOLUTION_REFRESH_INTERVAL_DEFAULTS_ID,
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_preview/api/preview_rules/route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_preview/api/preview_rules/route.ts
index 9281c317ab2e0b9..75b75b34139acc7 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_preview/api/preview_rules/route.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_preview/api/preview_rules/route.ts
@@ -430,7 +430,7 @@ export const previewRulesRoute = async (
               );
               break;
             case 'esql':
-              if (!config.settings.ESQLEnabled || config.experimentalFeatures.esqlRulesDisabled) {
+              if (config.experimentalFeatures.esqlRulesDisabled) {
                 throw Error('ES|QL rule type is not supported');
               }
               const esqlAlertType = previewRuleTypeWrapper(createEsqlAlertType(ruleOptions));
diff --git a/x-pack/plugins/security_solution/server/plugin.ts b/x-pack/plugins/security_solution/server/plugin.ts
index 1b282771a608abc..24266d1fa935e0c 100644
--- a/x-pack/plugins/security_solution/server/plugin.ts
+++ b/x-pack/plugins/security_solution/server/plugin.ts
@@ -320,7 +320,7 @@ export class Plugin implements ISecuritySolutionPlugin {
     const securityRuleTypeWrapper = createSecurityRuleTypeWrapper(securityRuleTypeOptions);
 
     plugins.alerting.registerType(securityRuleTypeWrapper(createEqlAlertType(ruleOptions)));
-    if (config.settings.ESQLEnabled && !experimentalFeatures.esqlRulesDisabled) {
+    if (!experimentalFeatures.esqlRulesDisabled) {
       plugins.alerting.registerType(securityRuleTypeWrapper(createEsqlAlertType(ruleOptions)));
     }
     plugins.alerting.registerType(