test fixes

.buildkite/ftr_security_serverless_configs.yml

@@ -81,7 +81,6 @@ enabled:
   - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/configs/serverless.config.ts
   - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/configs/serverless.config.ts
   - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/configs/serverless.config.ts
-  - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/configs/serverless_complete_tier.config.ts
   - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/configs/serverless_essentials_tier.config.ts
   - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/configs/serverless.config.ts
   - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/trial_license_complete_tier/configs/serverless.config.ts

.buildkite/ftr_security_stateful_configs.yml

@@ -63,7 +63,6 @@ enabled:
   - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/configs/ess.config.ts
   - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/configs/ess.config.ts
   - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/configs/ess_basic_license.config.ts
-  - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/configs/ess_trial_license.config.ts
   - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/configs/ess.config.ts
   - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/trial_license_complete_tier/configs/ess.config.ts
   - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/basic_license_essentials_tier/configs/ess.config.ts

x-pack/platform/plugins/private/translations/translations/fr-FR.json

@@ -35712,7 +35712,6 @@
     "xpack.securitySolution.detectionEngine.queryPreview.rulePreviewError": "Impossible d'afficher un aperçu de la règle",
     "xpack.securitySolution.detectionEngine.queryPreview.viewDetailsAriaLabel": "Afficher les détails",
     "xpack.securitySolution.detectionEngine.queryPreview.viewDetailsForRowAriaLabel": "Afficher les détails pour l'alerte ou l'événement de la ligne {ariaRowindex}, avec les colonnes {columnValues}",
-    "xpack.securitySolution.detectionEngine.relatedIntegrations.badgeTitle": "intégrations",
     "xpack.securitySolution.detectionEngine.relatedIntegrations.disabledTitle": "Désactivé",
     "xpack.securitySolution.detectionEngine.relatedIntegrations.enabledTitle": "Activé",
     "xpack.securitySolution.detectionEngine.relatedIntegrations.enabledTooltip": "L'intégration est installée et une politique d'intégration avec la configuration requise existe. Assurez-vous que des agents Elastic sont affectés à cette politique pour ingérer des événements compatibles.",

x-pack/platform/plugins/private/translations/translations/ja-JP.json

@@ -35573,7 +35573,6 @@
     "xpack.securitySolution.detectionEngine.queryPreview.rulePreviewError": "ルールをプレビューできませんでした",
     "xpack.securitySolution.detectionEngine.queryPreview.viewDetailsAriaLabel": "詳細を表示",
     "xpack.securitySolution.detectionEngine.queryPreview.viewDetailsForRowAriaLabel": "行 {ariaRowindex}、列 {columnValues} のアラートまたはイベントの詳細を表示",
-    "xpack.securitySolution.detectionEngine.relatedIntegrations.badgeTitle": "統合",
     "xpack.securitySolution.detectionEngine.relatedIntegrations.disabledTitle": "無効",
     "xpack.securitySolution.detectionEngine.relatedIntegrations.enabledTitle": "有効",
     "xpack.securitySolution.detectionEngine.relatedIntegrations.enabledTooltip": "統合はインストールされ、必要な構成が行われている統合ポリシーが存在します。Elasticエージェントにこのポリシーが割り当てられていることを確認し、互換性があるイベントを取り込みます。",

x-pack/platform/plugins/private/translations/translations/zh-CN.json

@@ -35042,7 +35042,6 @@
     "xpack.securitySolution.detectionEngine.queryPreview.rulePreviewError": "无法预览规则",
     "xpack.securitySolution.detectionEngine.queryPreview.viewDetailsAriaLabel": "查看详情",
     "xpack.securitySolution.detectionEngine.queryPreview.viewDetailsForRowAriaLabel": "查看第 {ariaRowindex} 行的告警或事件的详细信息，其中列为 {columnValues}",
-    "xpack.securitySolution.detectionEngine.relatedIntegrations.badgeTitle": "集成",
     "xpack.securitySolution.detectionEngine.relatedIntegrations.disabledTitle": "已禁用",
     "xpack.securitySolution.detectionEngine.relatedIntegrations.enabledTitle": "已启用",
     "xpack.securitySolution.detectionEngine.relatedIntegrations.enabledTooltip": "集成已安装，并且存在具有所需配置的集成策略。确保 Elastic 代理已分配此策略以采集兼容的事件。",

x-pack/solutions/security/plugins/security_solution/common/experimental_features.ts

@@ -184,17 +184,6 @@ export const allowedExperimentalValues = Object.freeze({
    */
   jamfDataInAnalyzerEnabled: true,
 
-  /**
-   * Enables an ability to customize Elastic prebuilt rules.
-   *
-   * Ticket: https://github.com/elastic/kibana/issues/174168
-   * Owners: https://github.com/orgs/elastic/teams/security-detection-rule-management
-   * Added: on Jun 24, 2024 in https://github.com/elastic/kibana/pull/186823
-   * Turned: TBD
-   * Expires: TBD
-   */
-  prebuiltRulesCustomizationEnabled: true,
-
   /**
    * Makes Elastic Defend integration's Malware On-Write Scan option available to edit.
    */

x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/use_rules_table_actions.tsx

@@ -26,7 +26,6 @@ import { useHasActionsPrivileges } from './use_has_actions_privileges';
 import type { TimeRange } from '../../../rule_gaps/types';
 import { useScheduleRuleRun } from '../../../rule_gaps/logic/use_schedule_rule_run';
 import { ManualRuleRunEventTypes } from '../../../../common/lib/telemetry';
-import { useIsExperimentalFeatureEnabled } from '../../../../common/hooks/use_experimental_features';
 
 export const useRulesTableActions = ({
   showExceptionsDuplicateConfirmation,
@@ -47,9 +46,6 @@ export const useRulesTableActions = ({
   const { bulkExport } = useBulkExport();
   const downloadExportedRules = useDownloadExportedRules();
   const { scheduleRuleRun } = useScheduleRuleRun();
-  const isPrebuiltRulesCustomizationFeatureFlagEnabled = useIsExperimentalFeatureEnabled(
-    'prebuiltRulesCustomizationEnabled'
-  );
 
   return [
     {
@@ -120,7 +116,6 @@ export const useRulesTableActions = ({
           await downloadExportedRules(response);
         }
       },
-      enabled: (rule: Rule) => isPrebuiltRulesCustomizationFeatureFlagEnabled || !rule.immutable,
     },
     {
       type: 'icon',

x-pack/solutions/security/plugins/security_solution/public/detections/components/rules/related_integrations/integrations_popover/index.tsx

@@ -15,8 +15,6 @@ import {
   EuiText,
   EuiSpacer,
 } from '@elastic/eui';
-
-import { usePrebuiltRulesCustomizationStatus } from '../../../../../detection_engine/rule_management/logic/prebuilt_rules/use_prebuilt_rules_customization_status';
 import type { RelatedIntegrationArray } from '../../../../../../common/api/detection_engine/model/rule_schema';
 import { IntegrationDescription } from '../integrations_description';
 import { useRelatedIntegrations } from '../use_related_integrations';
@@ -55,7 +53,6 @@ const IntegrationListItem = styled('li')`
 const IntegrationsPopoverComponent = ({ relatedIntegrations }: IntegrationsPopoverProps) => {
   const [isPopoverOpen, setPopoverOpen] = useState(false);
   const { integrations, isLoaded } = useRelatedIntegrations(relatedIntegrations);
-  const { isRulesCustomizationEnabled } = usePrebuiltRulesCustomizationStatus();
 
   const enabledIntegrations = useMemo(() => {
     return integrations.filter(
@@ -66,14 +63,10 @@ const IntegrationsPopoverComponent = ({ relatedIntegrations }: IntegrationsPopov
   const numIntegrations = integrations.length;
   const numIntegrationsEnabled = enabledIntegrations.length;
 
-  const badgeTitle = useMemo(() => {
-    if (isRulesCustomizationEnabled) {
-      return isLoaded ? `${numIntegrationsEnabled}/${numIntegrations}` : `${numIntegrations}`;
-    }
-    return isLoaded
-      ? `${numIntegrationsEnabled}/${numIntegrations} ${i18n.INTEGRATIONS_BADGE}`
-      : `${numIntegrations} ${i18n.INTEGRATIONS_BADGE}`;
-  }, [isLoaded, isRulesCustomizationEnabled, numIntegrations, numIntegrationsEnabled]);
+  const badgeTitle = useMemo(
+    () => (isLoaded ? `${numIntegrationsEnabled}/${numIntegrations}` : `${numIntegrations}`),
+    [isLoaded, numIntegrations, numIntegrationsEnabled]
+  );
 
   return (
     <IntegrationsPopoverWrapper

x-pack/solutions/security/plugins/security_solution/public/detections/components/rules/related_integrations/translations.ts

@@ -52,13 +52,6 @@ export const INTEGRATIONS_ENABLED_TOOLTIP = i18n.translate(
   }
 );
 
-export const INTEGRATIONS_BADGE = i18n.translate(
-  'xpack.securitySolution.detectionEngine.relatedIntegrations.badgeTitle',
-  {
-    defaultMessage: 'integrations',
-  }
-);
-
 export const INTEGRATIONS_POPOVER_TITLE = (integrationsCount: number) =>
   i18n.translate('xpack.securitySolution.detectionEngine.relatedIntegrations.popoverTitle', {
     values: { integrationsCount },

x-pack/solutions/security/plugins/security_solution/public/detections/components/rules/rule_actions_overflow/index.tsx

@@ -35,7 +35,6 @@ import { useDownloadExportedRules } from '../../../../detection_engine/rule_mana
 import * as i18nActions from '../../../pages/detection_engine/rules/translations';
 import * as i18n from './translations';
 import { ManualRuleRunEventTypes } from '../../../../common/lib/telemetry';
-import { useIsExperimentalFeatureEnabled } from '../../../../common/hooks/use_experimental_features';
 
 const MyEuiButtonIcon = styled(EuiButtonIcon)`
   &.euiButtonIcon {
@@ -73,9 +72,6 @@ const RuleActionsOverflowComponent = ({
     application: { navigateToApp },
     telemetry,
   } = useKibana().services;
-  const isPrebuiltRulesCustomizationFeatureFlagEnabled = useIsExperimentalFeatureEnabled(
-    'prebuiltRulesCustomizationEnabled'
-  );
   const { startTransaction } = useStartTransaction();
   const { executeBulkAction } = useExecuteBulkAction({ suppressSuccessToast: true });
   const { bulkExport } = useBulkExport();
@@ -141,10 +137,7 @@ const RuleActionsOverflowComponent = ({
             <EuiContextMenuItem
               key={i18nActions.EXPORT_RULE}
               icon="exportAction"
-              disabled={
-                !userHasPermissions ||
-                (isPrebuiltRulesCustomizationFeatureFlagEnabled === false && rule.immutable)
-              }
+              disabled={!userHasPermissions}
               data-test-subj="rules-details-export-rule"
               onClick={async () => {
                 startTransaction({ name: SINGLE_RULE_ACTIONS.EXPORT });
@@ -213,7 +206,6 @@ const RuleActionsOverflowComponent = ({
       rule,
       canDuplicateRuleWithActions,
       userHasPermissions,
-      isPrebuiltRulesCustomizationFeatureFlagEnabled,
       startTransaction,
       closePopover,
       showBulkDuplicateExceptionsConfirmation,

x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/import_rules/route.test.ts

@@ -31,7 +31,6 @@ import { getQueryRuleParams } from '../../../../rule_schema/mocks';
 import { importRulesRoute } from './route';
 import { HttpAuthzError } from '../../../../../machine_learning/validation';
 import { createPrebuiltRuleAssetsClient as createPrebuiltRuleAssetsClientMock } from '../../../../prebuilt_rules/logic/rule_assets/__mocks__/prebuilt_rule_assets_client';
-import { PrebuiltRulesCustomizationDisabledReason } from '../../../../../../../common/detection_engine/prebuilt_rules/prebuilt_rule_customization_status';
 
 jest.mock('../../../../../machine_learning/authz');
 
@@ -41,7 +40,11 @@ jest.mock('../../../../prebuilt_rules/logic/rule_assets/prebuilt_rule_assets_cli
   createPrebuiltRuleAssetsClient: () => mockPrebuiltRuleAssetsClient,
 }));
 
-describe('Import rules route', () => {
+// Skipped in https://github.com/elastic/kibana/pull/212761
+// We have to find a way to use original detectionRulesClient.importRules() while mocking detectionRulesClient.importRule().
+// detectionRulesClient.importRules() uses detectionRulesClient.importRule() under the hood.
+// Without proper mocking this test suite will test the mock.
+describe.skip('Import rules route', () => {
   let config: ReturnType<typeof configMock.createDefault>;
   let server: ReturnType<typeof serverMock.create>;
   let request: ReturnType<typeof requestMock.create>;
@@ -58,10 +61,6 @@ describe('Import rules route', () => {
     clients.rulesClient.update.mockResolvedValue(getRuleMock(getQueryRuleParams()));
     clients.detectionRulesClient.createCustomRule.mockResolvedValue(getRulesSchemaMock());
     clients.detectionRulesClient.importRule.mockResolvedValue(getRulesSchemaMock());
-    clients.detectionRulesClient.getRuleCustomizationStatus.mockReturnValue({
-      isRulesCustomizationEnabled: false,
-      customizationDisabledReason: PrebuiltRulesCustomizationDisabledReason.FeatureFlag,
-    });
     clients.actionsClient.getAll.mockResolvedValue([]);
     context.core.elasticsearch.client.asCurrentUser.search.mockResolvedValue(
       elasticsearchClientMock.createSuccessTransportRequestPromise(getBasicEmptySearchResponse())

x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/import_rules/route.ts

@@ -18,7 +18,6 @@ import {
 import { DETECTION_ENGINE_RULES_IMPORT_URL } from '../../../../../../../common/constants';
 import type { ConfigType } from '../../../../../../config';
 import type { HapiReadableStream, SecuritySolutionPluginRouter } from '../../../../../../types';
-import type { ImportRuleResponse } from '../../../../routes/utils';
 import {
   buildSiemResponse,
   createBulkErrorObject,
@@ -29,8 +28,7 @@ import { createPrebuiltRuleAssetsClient } from '../../../../prebuilt_rules/logic
 import { importRuleActionConnectors } from '../../../logic/import/action_connectors/import_rule_action_connectors';
 import { createRuleSourceImporter } from '../../../logic/import/rule_source_importer';
 import { importRules } from '../../../logic/import/import_rules';
-// eslint-disable-next-line no-restricted-imports
-import { importRulesLegacy } from '../../../logic/import/import_rules_legacy';
+
 import { createPromiseFromRuleImportStream } from '../../../logic/import/create_promise_from_rule_import_stream';
 import { importRuleExceptions } from '../../../logic/import/import_rule_exceptions';
 import { isRuleToImport } from '../../../logic/import/utils';
@@ -39,7 +37,6 @@ import {
   migrateLegacyActionsIds,
 } from '../../../utils/utils';
 import { RULE_MANAGEMENT_IMPORT_EXPORT_SOCKET_TIMEOUT_MS } from '../../timeouts';
-import { PrebuiltRulesCustomizationDisabledReason } from '../../../../../../../common/detection_engine/prebuilt_rules/prebuilt_rule_customization_status';
 import { createPrebuiltRuleObjectsClient } from '../../../../prebuilt_rules/logic/rule_objects/prebuilt_rule_objects_client';
 
 const CHUNK_PARSED_OBJECT_SIZE = 50;
@@ -89,7 +86,6 @@ export const importRulesRoute = (router: SecuritySolutionPluginRouter, config: C
 
           const rulesClient = await ctx.alerting.getRulesClient();
           const detectionRulesClient = ctx.securitySolution.getDetectionRulesClient();
-          const ruleCustomizationStatus = detectionRulesClient.getRuleCustomizationStatus();
           const actionsClient = ctx.actions.getActionsClient();
           const actionSOClient = ctx.core.savedObjects.getClient({
             includedHiddenTypes: ['action'],
@@ -168,28 +164,13 @@ export const importRulesRoute = (router: SecuritySolutionPluginRouter, config: C
           const [parsedRules, parsedRuleErrors] = partition(isRuleToImport, parsedRuleStream);
           const ruleChunks = chunk(CHUNK_PARSED_OBJECT_SIZE, parsedRules);
 
-          let importRuleResponse: ImportRuleResponse[] = [];
-
-          if (
-            ruleCustomizationStatus.customizationDisabledReason ===
-            PrebuiltRulesCustomizationDisabledReason.FeatureFlag
-          ) {
-            importRuleResponse = await importRulesLegacy({
-              ruleChunks,
-              overwriteRules: request.query.overwrite,
-              allowMissingConnectorSecrets: !!actionConnectors.length,
-              detectionRulesClient,
-              savedObjectsClient,
-            });
-          } else {
-            importRuleResponse = await importRules({
-              ruleChunks,
-              overwriteRules: request.query.overwrite,
-              allowMissingConnectorSecrets: !!actionConnectors.length,
-              ruleSourceImporter,
-              detectionRulesClient,
-            });
-          }
+          const importRuleResponse = await importRules({
+            ruleChunks,
+            overwriteRules: request.query.overwrite,
+            allowMissingConnectorSecrets: !!actionConnectors.length,
+            ruleSourceImporter,
+            detectionRulesClient,
+          });
 
           const parseErrors = parsedRuleErrors.map((error) =>
             createBulkErrorObject({

x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/bulk_actions/bulk_edit_rules.ts

@@ -96,7 +96,6 @@ export const bulkEditRules = async ({
           baseRule: baseVersionsMap.get(nextRule.rule_id),
           currentRule: convertAlertingRuleToRuleResponse(currentRule),
           nextRule,
-          ruleCustomizationStatus,
         });
       }
 

x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/bulk_actions/validations.ts

@@ -15,7 +15,6 @@ import {
   BulkActionsDryRunErrCodeEnum,
 } from '../../../../../../common/api/detection_engine/rule_management';
 import type { PrebuiltRulesCustomizationStatus } from '../../../../../../common/detection_engine/prebuilt_rules/prebuilt_rule_customization_status';
-import { PrebuiltRulesCustomizationDisabledReason } from '../../../../../../common/detection_engine/prebuilt_rules/prebuilt_rule_customization_status';
 import { isEsqlRule } from '../../../../../../common/detection_engine/utils';
 import { isMlRule } from '../../../../../../common/machine_learning/helpers';
 import { invariant } from '../../../../../../common/utils/invariant';
@@ -108,10 +107,7 @@ export const validateBulkEditRule = async ({
     if (!canRuleBeEdited) {
       await throwDryRunError(
         () => invariant(canRuleBeEdited, "Elastic rule can't be edited"),
-        ruleCustomizationStatus.customizationDisabledReason ===
-          PrebuiltRulesCustomizationDisabledReason.FeatureFlag
-          ? BulkActionsDryRunErrCodeEnum.IMMUTABLE
-          : BulkActionsDryRunErrCodeEnum.PREBUILT_CUSTOMIZATION_LICENSE
+        BulkActionsDryRunErrCodeEnum.PREBUILT_CUSTOMIZATION_LICENSE
       );
     }
   }