TEMP COMMIT. REBASE ME

x-pack/plugins/security_solution/common/constants.ts

@@ -260,7 +260,6 @@ export const DETECTION_ENGINE_RULES_PREVIEW = `${DETECTION_ENGINE_RULES_URL}/pre
 /**
  * Internal detection engine routes
  */
-// TODO: https://github.com/elastic/kibana/pull/121644 clean up
 export const INTERNAL_DETECTION_ENGINE_URL = '/internal/detection_engine' as const;
 export const DETECTION_ENGINE_RULE_EXECUTION_EVENTS_URL =
   `${INTERNAL_DETECTION_ENGINE_URL}/rules/{ruleId}/execution/events` as const;

x-pack/plugins/security_solution/public/detections/containers/detection_engine/rules/types.ts

@@ -30,7 +30,6 @@ import {
   timestamp_override,
   threshold,
   BulkAction,
-  RuleExecutionStatus,
   ruleExecutionSummary,
 } from '../../../../../common/detection_engine/schemas/common';
 import {
@@ -84,7 +83,6 @@ const MetaRule = t.intersection([
 ]);
 
 // TODO: make a ticket
-// TODO: https://github.com/elastic/kibana/pull/121644 clean up
 export const RuleSchema = t.intersection([
   t.type({
     author,
@@ -143,6 +141,7 @@ export const RuleSchema = t.intersection([
     exceptions_list: listArray,
     uuid: t.string,
     version: t.number,
+    // TODO: https://github.com/elastic/kibana/pull/121644 clean up
     execution_summary: ruleExecutionSummary,
   }),
 ]);
@@ -283,30 +282,6 @@ export interface ExportDocumentsProps {
   signal?: AbortSignal;
 }
 
-// TODO: https://github.com/elastic/kibana/pull/121644 clean up
-export interface RuleStatus {
-  current_status: RuleInfoStatus;
-  failures: RuleInfoStatus[];
-}
-
-// TODO: https://github.com/elastic/kibana/pull/121644 clean up
-export interface RuleInfoStatus {
-  alert_id: string;
-  status_date: string;
-  status: RuleExecutionStatus | null;
-  last_failure_at: string | null;
-  last_success_at: string | null;
-  last_failure_message: string | null;
-  last_success_message: string | null;
-  last_look_back_date: string | null | undefined; // NOTE: This is no longer used on the UI, but left here in case users are using it within the API
-  gap: string | null | undefined;
-  bulk_create_time_durations: string[] | null | undefined;
-  search_after_time_durations: string[] | null | undefined;
-}
-
-// TODO: https://github.com/elastic/kibana/pull/121644 clean up
-export type RuleStatusResponse = Record<string, RuleStatus>;
-
 export interface PrePackagedRulesStatusResponse {
   rules_custom_installed: number;
   rules_installed: number;

x-pack/plugins/security_solution/public/detections/containers/detection_engine/rules/use_rule_execution_events.test.tsx

@@ -77,7 +77,6 @@ describe('useRuleStatus', () => {
     //   });
     // });
 
-    // TODO: https://github.com/elastic/kibana/pull/121644 clean up
     // test('fetch rule status', async () => {
     //   await act(async () => {
     //     const { result, waitForNextUpdate } = renderHook(() =>
@@ -91,7 +90,6 @@ describe('useRuleStatus', () => {
     //     expect(result.current).toEqual([
     //       false,
     //       {
-    //         // TODO: https://github.com/elastic/kibana/pull/121644 clean up
     //         current_status: {
     //           alert_id: 'alertId',
     //           last_failure_at: null,
@@ -112,7 +110,6 @@ describe('useRuleStatus', () => {
     //   });
     // });
 
-    // TODO: https://github.com/elastic/kibana/pull/121644 clean up
     // test('re-fetch rule status', async () => {
     //   await act(async () => {
     //     const { result, waitForNextUpdate } = renderHook(() =>

x-pack/plugins/security_solution/server/lib/detection_engine/routes/__mocks__/request_responses.ts

@@ -225,8 +225,7 @@ export const getFindResultWithMultiHits = ({
   };
 };
 
-// TODO: https://github.com/elastic/kibana/pull/121644 clean up
-export const internalRuleStatusRequest = () =>
+export const getRuleExecutionEventsRequest = () =>
   requestMock.create({
     method: 'get',
     path: detectionEngineRuleExecutionEventsUrl('04128c15-0d1b-4716-a4c5-46997ac7f3bd'),

x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/get_rule_execution_events_route.test.ts

@@ -6,7 +6,7 @@
  */
 
 import { serverMock, requestContextMock } from '../__mocks__';
-import { internalRuleStatusRequest, getLastFailures } from '../__mocks__/request_responses';
+import { getRuleExecutionEventsRequest, getLastFailures } from '../__mocks__/request_responses';
 import { getRuleExecutionEventsRoute } from './get_rule_execution_events_route';
 
 // TODO: https://github.com/elastic/kibana/pull/121644 clean up
@@ -25,13 +25,13 @@ describe('getRuleExecutionEventsRoute', () => {
 
   describe('status codes with actionClient and alertClient', () => {
     test('returns 200 when finding a single rule status with a valid rulesClient', async () => {
-      const response = await server.inject(internalRuleStatusRequest(), context);
+      const response = await server.inject(getRuleExecutionEventsRequest(), context);
       expect(response.status).toEqual(200);
     });
 
     test('returns 404 if alertClient is not available on the route', async () => {
       context.alerting.getRulesClient = jest.fn();
-      const response = await server.inject(internalRuleStatusRequest(), context);
+      const response = await server.inject(getRuleExecutionEventsRequest(), context);
       expect(response.status).toEqual(404);
       expect(response.body).toEqual({ message: 'Not Found', status_code: 404 });
     });
@@ -40,7 +40,7 @@ describe('getRuleExecutionEventsRoute', () => {
       clients.ruleExecutionLogClient.getLastFailures.mockImplementation(async () => {
         throw new Error('Test error');
       });
-      const response = await server.inject(internalRuleStatusRequest(), context);
+      const response = await server.inject(getRuleExecutionEventsRequest(), context);
       expect(response.status).toEqual(500);
       expect(response.body).toEqual({
         message: 'Test error',

x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/get_rule_execution_events_route.ts

@@ -16,15 +16,11 @@ import { GetRuleExecutionEventsResponse } from '../../../../../common/detection_
 
 // TODO: https://github.com/elastic/kibana/pull/121644 clean up
 /**
- * Returns the current execution status and metrics + last five failed statuses of a given rule.
- * Accepts a rule id.
+ * Returns execution events of a given rule (e.g. status changes) from Event Log.
+ * Accepts rule's saved object ID (`rule.id`).
  *
- * NOTE: This endpoint is a raw implementation of an endpoint for reading rule execution
- * status and logs for a given rule (e.g. for use on the Rule Details page). It will be reworked.
- * See the plan in https://github.com/elastic/kibana/pull/115574
- *
- * @param router
- * @returns RuleStatusResponse containing data only for the given rule (normally it contains data for N rules).
+ * NOTE: This endpoint is under construction. It will be extended and finalized.
+ * https://github.com/elastic/kibana/issues/119598
  */
 export const getRuleExecutionEventsRoute = (router: SecuritySolutionPluginRouter) => {
   router.get(

x-pack/plugins/security_solution/server/lib/detection_engine/rule_execution_log/index.ts

@@ -5,6 +5,9 @@
  * 2.0.
  */
 
+// eslint-disable-next-line no-restricted-imports
+export { legacyRuleStatusType } from './legacy_rule_status/legacy_rule_status_saved_object_mappings';
+
 export {
   RuleExecutionInfoSavedObject,
   RuleExecutionInfoAttributes,

x-pack/plugins/security_solution/server/lib/detection_engine/rules/legacy_rule_status/legacy_migrations.ts → x-pack/plugins/security_solution/server/lib/detection_engine/rule_execution_log/legacy_rule_status/legacy_migrations.ts

@@ -5,19 +5,32 @@
  * 2.0.
  */
 
+import { isString } from 'lodash/fp';
 import {
+  SavedObjectAttributes,
   SavedObjectMigrationFn,
   SavedObjectReference,
   SavedObjectSanitizedDoc,
   SavedObjectUnsanitizedDoc,
 } from 'kibana/server';
-import { isString } from 'lodash/fp';
-import { truncateMessage } from '../../rule_execution_log';
-import { IRuleSavedAttributesSavedObjectAttributes } from '../types';
-// eslint-disable-next-line no-restricted-imports
-import { legacyGetRuleReference } from './legacy_utils';
 
-export const truncateMessageFields: SavedObjectMigrationFn<Record<string, unknown>> = (doc) => {
+import { RuleExecutionStatus } from '../../../../../common/detection_engine/schemas/common';
+import { truncateMessage } from '../utils/normalization';
+
+interface RuleStatusAttributes extends SavedObjectAttributes {
+  statusDate: string;
+  lastFailureAt: string | null | undefined;
+  lastFailureMessage: string | null | undefined;
+  lastSuccessAt: string | null | undefined;
+  lastSuccessMessage: string | null | undefined;
+  status: RuleExecutionStatus | null | undefined;
+  lastLookBackDate: string | null | undefined;
+  gap: string | null | undefined;
+  bulkCreateTimeDurations: string[] | null | undefined;
+  searchAfterTimeDurations: string[] | null | undefined;
+}
+
+export const truncateMessageFields: SavedObjectMigrationFn<RuleStatusAttributes> = (doc) => {
   const { lastFailureMessage, lastSuccessMessage, ...otherAttributes } = doc.attributes;
 
   return {
@@ -45,8 +58,8 @@ export const truncateMessageFields: SavedObjectMigrationFn<Record<string, unknow
  * @returns The document migrated with saved object references
  */
 export const legacyMigrateRuleAlertIdSOReferences = (
-  doc: SavedObjectUnsanitizedDoc<IRuleSavedAttributesSavedObjectAttributes>
-): SavedObjectSanitizedDoc<IRuleSavedAttributesSavedObjectAttributes> => {
+  doc: SavedObjectUnsanitizedDoc<RuleStatusAttributes>
+): SavedObjectSanitizedDoc<RuleStatusAttributes> => {
   const { alertId, ...otherAttributes } = doc.attributes;
   const existingReferences = doc.references ?? [];
 
@@ -98,6 +111,17 @@ export const legacyMigrateAlertId = ({
   }
 };
 
+/**
+ * Given an id this returns a legacy rule reference.
+ * @param id The id of the alert
+ * @deprecated Remove this once we've fully migrated to event-log and no longer require addition status SO (8.x)
+ */
+export const legacyGetRuleReference = (id: string) => ({
+  id,
+  type: 'alert',
+  name: 'alert_0',
+});
+
 /**
  * This side-car rule status SO is deprecated and is to be replaced by the RuleExecutionLog on Event-Log and
  * additional fields on the Alerting Framework Rule SO.

x-pack/plugins/security_solution/server/lib/detection_engine/rules/legacy_rule_status/legacy_rule_status_saved_object_mappings.ts → x-pack/plugins/security_solution/server/lib/detection_engine/rule_execution_log/legacy_rule_status/legacy_rule_status_saved_object_mappings.ts

@@ -58,6 +58,7 @@ export const ruleStatusSavedObjectMappings: SavedObjectsType['mappings'] = {
   },
 };
 
+// TODO: https://github.com/elastic/kibana/pull/121644 clean up
 /**
  * This side-car rule status SO is deprecated and is to be replaced by the RuleExecutionLog on Event-Log and
  * additional fields on the Alerting Framework Rule SO.

x-pack/plugins/security_solution/server/lib/detection_engine/rules/types.ts

@@ -83,7 +83,6 @@ import {
   QueryFilterOrUndefined,
   FieldsOrUndefined,
   SortOrderOrUndefined,
-  RuleExecutionStatus,
   Author,
   AuthorOrUndefined,
   LicenseOrUndefined,
@@ -102,40 +101,6 @@ import { IRuleExecutionLogClient } from '../rule_execution_log';
 
 export type RuleAlertType = SanitizedAlert<RuleParams>;
 
-// TODO: https://github.com/elastic/kibana/pull/121644 clean up
-// eslint-disable-next-line @typescript-eslint/no-explicit-any
-export interface IRuleStatusSOAttributes extends Record<string, any> {
-  statusDate: string;
-  lastFailureAt: string | null | undefined;
-  lastFailureMessage: string | null | undefined;
-  lastSuccessAt: string | null | undefined;
-  lastSuccessMessage: string | null | undefined;
-  status: RuleExecutionStatus | null | undefined;
-  lastLookBackDate: string | null | undefined;
-  gap: string | null | undefined;
-  bulkCreateTimeDurations: string[] | null | undefined;
-  searchAfterTimeDurations: string[] | null | undefined;
-}
-
-// TODO: https://github.com/elastic/kibana/pull/121644 clean up
-export interface IRuleStatusResponseAttributes {
-  status_date: string;
-  last_failure_at: string | null | undefined;
-  last_failure_message: string | null | undefined;
-  last_success_at: string | null | undefined;
-  last_success_message: string | null | undefined;
-  status: RuleExecutionStatus | null | undefined;
-  last_look_back_date: string | null | undefined; // NOTE: This is no longer used on the UI, but left here in case users are using it within the API
-  gap: string | null | undefined;
-  bulk_create_time_durations: string[] | null | undefined;
-  search_after_time_durations: string[] | null | undefined;
-}
-
-// TODO: https://github.com/elastic/kibana/pull/121644 clean up
-export interface IRuleSavedAttributesSavedObjectAttributes
-  extends IRuleStatusSOAttributes,
-    SavedObjectAttributes {}
-
 // eslint-disable-next-line @typescript-eslint/no-explicit-any
 export interface IRuleAssetSOAttributes extends Record<string, any> {
   rule_id: string | null | undefined;

x-pack/plugins/security_solution/server/routes/index.ts

@@ -86,7 +86,7 @@ export const initRoutes = (
 ) => {
   const isRuleRegistryEnabled = ruleDataClient != null;
   // Detection Engine Rule routes that have the REST endpoints of /api/detection_engine/rules
-  // All REST rule creation, deletion, updating, etc......
+  // All REST rule creation, deletion, updating, etc
   createRulesRoute(router, ml, isRuleRegistryEnabled);
   readRulesRoute(router, logger, isRuleRegistryEnabled);
   updateRulesRoute(router, ml, isRuleRegistryEnabled);
@@ -114,6 +114,8 @@ export const initRoutes = (
   deleteRulesBulkRoute(router, isRuleRegistryEnabled);
   performBulkActionRoute(router, ml, logger, isRuleRegistryEnabled);
 
+  getRuleExecutionEventsRoute(router);
+
   createTimelinesRoute(router, config, security);
   patchTimelinesRoute(router, config, security);
   importRulesRoute(router, config, ml, isRuleRegistryEnabled);
@@ -134,9 +136,6 @@ export const initRoutes = (
   persistNoteRoute(router, config, security);
   persistPinnedEventRoute(router, config, security);
 
-  // TODO: https://github.com/elastic/kibana/pull/121644 clean up
-  getRuleExecutionEventsRoute(router);
-
   // Detection Engine Signals routes that have the REST endpoints of /api/detection_engine/signals
   // POST /api/detection_engine/signals/status
   // Example usage can be found in security_solution/server/lib/detection_engine/scripts/signals

x-pack/plugins/security_solution/server/saved_objects.ts

@@ -9,11 +9,12 @@ import { CoreSetup } from '../../../../src/core/server';
 
 import { noteType, pinnedEventType, timelineType } from './lib/timeline/saved_object_mappings';
 // eslint-disable-next-line no-restricted-imports
-import { legacyRuleStatusType } from './lib/detection_engine/rules/legacy_rule_status/legacy_rule_status_saved_object_mappings';
-import { ruleExecutionInfoType } from './lib/detection_engine/rule_execution_log';
-import { ruleAssetType } from './lib/detection_engine/rules/rule_asset/rule_asset_saved_object_mappings';
-// eslint-disable-next-line no-restricted-imports
 import { legacyType as legacyRuleActionsType } from './lib/detection_engine/rule_actions/legacy_saved_object_mappings';
+import {
+  legacyRuleStatusType,
+  ruleExecutionInfoType,
+} from './lib/detection_engine/rule_execution_log';
+import { ruleAssetType } from './lib/detection_engine/rules/rule_asset/rule_asset_saved_object_mappings';
 import { type as signalsMigrationType } from './lib/detection_engine/migrations/saved_objects';
 import {
   exceptionsArtifactType,