[8.19] Add UI for bulk fill gaps (elastic#224585) (elastic#224959)

# Backport

This will backport the following commits from `main` to `8.19`:
- [Add UI for bulk fill gaps
(elastic#224585)](elastic#224585)

<!--- Backport version: 9.6.6 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT [{"author":{"name":"Edgar
Santos","email":"[email protected]"},"sourceCommit":{"committedDate":"2025-06-23T21:00:17Z","message":"Add
UI for bulk fill gaps (elastic#224585)\n\n## Summary\n\nThis draft PR adds the
UI to bulk gap filling gaps. This action can be\ntriggered from the
\"rules management\" table as well as from the gaps\ntable in the
\"execution results\" tab for any rule.\n\n# How to test\nMake sure your
`kibana.dev.yaml` contains the following feature
flags:\n`storeGapsInEventLogEnabled` and
`bulkFillRuleGapsEnabled`.\n\nYou can just paste this string in the
file:\n```\nxpack.securitySolution.enableExperimental: [
'storeGapsInEventLogEnabled', 'bulkFillRuleGapsEnabled' ]\n```\n## Bulk
gap filling from the \"rules management\" table\n1. Generate 100 rules,
each with 1000 gaps using
[this\ntool](https://github.com/elastic/security-documents-generator).\n`yarn
start rules --rules 100 -g 1000 -c -i\"5m\"`\n2. Navigate to the rules
management table at\n`/app/security/rules/management`\n3. Select some
rules, click on \"Bulk actions\" and then on \"Fill
gaps\"\n\n![image](https://github.com/user-attachments/assets/f5d9bcb6-9139-43cb-b023-f1f63a9b8b7a)\n4.
Select the time window and click on
\"Run\"\n\n![image](https://github.com/user-attachments/assets/0269d00a-2750-4b2d-975e-0ebfbac27e16)\n5.
You should see a confirmation toast showing that 3 rules
were\nsuccessfully
scheduled\n\n![image](https://github.com/user-attachments/assets/9800c9e2-3c3e-4b87-96e4-17c84f1b024a)\n6.
Click on any of the rules for which you just executed a gaps fill
and\ncheck its gaps by going to \"Execution results\" and scrolling down
to the\n\"Gaps\" table. You can see that the gaps covering the time
range you\nselected are marked as \"in
progress\"\n\n![image](https://github.com/user-attachments/assets/850dea1c-12cc-46c5-8675-d11445218c24)\n\nIf
you select one or more rules that are disabled, you should see
this\nmodal:\n\n![image](https://github.com/user-attachments/assets/4a820b92-a9f0-4529-93ee-1fbaf7552888)\n\n\n##
Bulk filling from a rule gaps table\n1. From the \"rules management\"
table, click on any rule that has gaps.\n2. Click on the \"execution
results\" tab\n3. Scroll down to the gaps table, you should see a \"Fill
all gaps\"\nbutton.\n4. Click on it and select the time
range.\n\n![image](https://github.com/user-attachments/assets/375b0677-9b49-43e4-8820-5186c9343891)\n5.
If you select a big time range, you should see a toast indicating\nthat
the scheduling is in progress after 5 seconds (you can hit this\ncase by
generating 10000 gaps for 1
rule)\n\n![image](https://github.com/user-attachments/assets/6d6345d9-fbc6-4c14-9c2d-04f40941fd17)\n\n6.
You should see a success toast once it is
done\n\n![image](https://github.com/user-attachments/assets/089ec2b9-daa5-44df-bfc0-84c69e2f6eec)\n\n---------\n\nCo-authored-by:
Khristinin Nikita
<[email protected]>","sha":"e585c2223d734cd74d596a04003783ef964a4260","branchLabelMapping":{"^v9.1.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:feature","Team:Detection
Engine","backport:version","v9.1.0","v8.19.0"],"title":"Add UI for bulk
fill
gaps","number":224585,"url":"https://github.com/elastic/kibana/pull/224585","mergeCommit":{"message":"Add
UI for bulk fill gaps (elastic#224585)\n\n## Summary\n\nThis draft PR adds the
UI to bulk gap filling gaps. This action can be\ntriggered from the
\"rules management\" table as well as from the gaps\ntable in the
\"execution results\" tab for any rule.\n\n# How to test\nMake sure your
`kibana.dev.yaml` contains the following feature
flags:\n`storeGapsInEventLogEnabled` and
`bulkFillRuleGapsEnabled`.\n\nYou can just paste this string in the
file:\n```\nxpack.securitySolution.enableExperimental: [
'storeGapsInEventLogEnabled', 'bulkFillRuleGapsEnabled' ]\n```\n## Bulk
gap filling from the \"rules management\" table\n1. Generate 100 rules,
each with 1000 gaps using
[this\ntool](https://github.com/elastic/security-documents-generator).\n`yarn
start rules --rules 100 -g 1000 -c -i\"5m\"`\n2. Navigate to the rules
management table at\n`/app/security/rules/management`\n3. Select some
rules, click on \"Bulk actions\" and then on \"Fill
gaps\"\n\n![image](https://github.com/user-attachments/assets/f5d9bcb6-9139-43cb-b023-f1f63a9b8b7a)\n4.
Select the time window and click on
\"Run\"\n\n![image](https://github.com/user-attachments/assets/0269d00a-2750-4b2d-975e-0ebfbac27e16)\n5.
You should see a confirmation toast showing that 3 rules
were\nsuccessfully
scheduled\n\n![image](https://github.com/user-attachments/assets/9800c9e2-3c3e-4b87-96e4-17c84f1b024a)\n6.
Click on any of the rules for which you just executed a gaps fill
and\ncheck its gaps by going to \"Execution results\" and scrolling down
to the\n\"Gaps\" table. You can see that the gaps covering the time
range you\nselected are marked as \"in
progress\"\n\n![image](https://github.com/user-attachments/assets/850dea1c-12cc-46c5-8675-d11445218c24)\n\nIf
you select one or more rules that are disabled, you should see
this\nmodal:\n\n![image](https://github.com/user-attachments/assets/4a820b92-a9f0-4529-93ee-1fbaf7552888)\n\n\n##
Bulk filling from a rule gaps table\n1. From the \"rules management\"
table, click on any rule that has gaps.\n2. Click on the \"execution
results\" tab\n3. Scroll down to the gaps table, you should see a \"Fill
all gaps\"\nbutton.\n4. Click on it and select the time
range.\n\n![image](https://github.com/user-attachments/assets/375b0677-9b49-43e4-8820-5186c9343891)\n5.
If you select a big time range, you should see a toast indicating\nthat
the scheduling is in progress after 5 seconds (you can hit this\ncase by
generating 10000 gaps for 1
rule)\n\n![image](https://github.com/user-attachments/assets/6d6345d9-fbc6-4c14-9c2d-04f40941fd17)\n\n6.
You should see a success toast once it is
done\n\n![image](https://github.com/user-attachments/assets/089ec2b9-daa5-44df-bfc0-84c69e2f6eec)\n\n---------\n\nCo-authored-by:
Khristinin Nikita
<[email protected]>","sha":"e585c2223d734cd74d596a04003783ef964a4260"}},"sourceBranch":"main","suggestedTargetBranches":["8.19"],"targetPullRequestStates":[{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/224585","number":224585,"mergeCommit":{"message":"Add
UI for bulk fill gaps (elastic#224585)\n\n## Summary\n\nThis draft PR adds the
UI to bulk gap filling gaps. This action can be\ntriggered from the
\"rules management\" table as well as from the gaps\ntable in the
\"execution results\" tab for any rule.\n\n# How to test\nMake sure your
`kibana.dev.yaml` contains the following feature
flags:\n`storeGapsInEventLogEnabled` and
`bulkFillRuleGapsEnabled`.\n\nYou can just paste this string in the
file:\n```\nxpack.securitySolution.enableExperimental: [
'storeGapsInEventLogEnabled', 'bulkFillRuleGapsEnabled' ]\n```\n## Bulk
gap filling from the \"rules management\" table\n1. Generate 100 rules,
each with 1000 gaps using
[this\ntool](https://github.com/elastic/security-documents-generator).\n`yarn
start rules --rules 100 -g 1000 -c -i\"5m\"`\n2. Navigate to the rules
management table at\n`/app/security/rules/management`\n3. Select some
rules, click on \"Bulk actions\" and then on \"Fill
gaps\"\n\n![image](https://github.com/user-attachments/assets/f5d9bcb6-9139-43cb-b023-f1f63a9b8b7a)\n4.
Select the time window and click on
\"Run\"\n\n![image](https://github.com/user-attachments/assets/0269d00a-2750-4b2d-975e-0ebfbac27e16)\n5.
You should see a confirmation toast showing that 3 rules
were\nsuccessfully
scheduled\n\n![image](https://github.com/user-attachments/assets/9800c9e2-3c3e-4b87-96e4-17c84f1b024a)\n6.
Click on any of the rules for which you just executed a gaps fill
and\ncheck its gaps by going to \"Execution results\" and scrolling down
to the\n\"Gaps\" table. You can see that the gaps covering the time
range you\nselected are marked as \"in
progress\"\n\n![image](https://github.com/user-attachments/assets/850dea1c-12cc-46c5-8675-d11445218c24)\n\nIf
you select one or more rules that are disabled, you should see
this\nmodal:\n\n![image](https://github.com/user-attachments/assets/4a820b92-a9f0-4529-93ee-1fbaf7552888)\n\n\n##
Bulk filling from a rule gaps table\n1. From the \"rules management\"
table, click on any rule that has gaps.\n2. Click on the \"execution
results\" tab\n3. Scroll down to the gaps table, you should see a \"Fill
all gaps\"\nbutton.\n4. Click on it and select the time
range.\n\n![image](https://github.com/user-attachments/assets/375b0677-9b49-43e4-8820-5186c9343891)\n5.
If you select a big time range, you should see a toast indicating\nthat
the scheduling is in progress after 5 seconds (you can hit this\ncase by
generating 10000 gaps for 1
rule)\n\n![image](https://github.com/user-attachments/assets/6d6345d9-fbc6-4c14-9c2d-04f40941fd17)\n\n6.
You should see a success toast once it is
done\n\n![image](https://github.com/user-attachments/assets/089ec2b9-daa5-44df-bfc0-84c69e2f6eec)\n\n---------\n\nCo-authored-by:
Khristinin Nikita
<[email protected]>","sha":"e585c2223d734cd74d596a04003783ef964a4260"}},{"branch":"8.19","label":"v8.19.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: Edgar Santos <[email protected]>
Co-authored-by: Khristinin Nikita <[email protected]>

Author: 3 people

packages/kbn-optimizer/limits.yml

@@ -145,7 +145,7 @@ pageLoadAssetSize:
   searchQueryRules: 19708
   searchSynonyms: 20262
   security: 81771
-  securitySolution: 98429
+  securitySolution: 99000
   securitySolutionEss: 36000
   securitySolutionServerless: 62488
   serverless: 16573

x-pack/solutions/security/plugins/security_solution/common/constants.ts

@@ -525,6 +525,8 @@ export const CASE_ATTACHMENT_ENDPOINT_TYPE_ID = 'endpoint' as const;
  */
 export const MAX_MANUAL_RULE_RUN_LOOKBACK_WINDOW_DAYS = 90;
 export const MAX_MANUAL_RULE_RUN_BULK_SIZE = 100;
+export const MAX_BULK_FILL_RULE_GAPS_LOOKBACK_WINDOW_DAYS = 90;
+export const MAX_BULK_FILL_RULE_GAPS_BULK_SIZE = 100;
 
 /*
  * Whether it is a Jest environment

x-pack/solutions/security/plugins/security_solution/common/experimental_features.ts

@@ -193,6 +193,11 @@ export const allowedExperimentalValues = Object.freeze({
    */
   storeGapsInEventLogEnabled: true,
 
+  /**
+   * Enables scheduling gap fills for rules
+   */
+  bulkFillRuleGapsEnabled: false,
+
   /**
    * Adds a new option to filter descendants of a process for Management / Event Filters
    */

x-pack/solutions/security/plugins/security_solution/public/attack_discovery/pages/index.test.tsx

@@ -187,6 +187,7 @@ jest.mock('../../common/lib/kibana', () => {
       addError: jest.fn(),
       addSuccess: jest.fn(),
       addWarning: jest.fn(),
+      addInfo: jest.fn(),
       remove: jest.fn(),
     }),
     useUiSetting$: jest.fn().mockReturnValue([]),

x-pack/solutions/security/plugins/security_solution/public/common/components/header_actions/actions.test.tsx

@@ -88,6 +88,7 @@ jest.mock('../../lib/kibana', () => {
       addError: jest.fn(),
       addSuccess: jest.fn(),
       addWarning: jest.fn(),
+      addInfo: jest.fn(),
       remove: jest.fn(),
     }),
     useNavigateTo: jest.fn().mockReturnValue({

x-pack/solutions/security/plugins/security_solution/public/common/containers/events/last_event_time/index.test.ts

@@ -34,6 +34,7 @@ jest.mock('../../../lib/kibana', () => ({
     addError: jest.fn(),
     addSuccess: jest.fn(),
     addWarning: jest.fn(),
+    addInfo: jest.fn(),
     remove: jest.fn(),
   }),
 }));

x-pack/solutions/security/plugins/security_solution/public/common/hooks/use_app_toasts.mock.ts

@@ -11,6 +11,7 @@ const createAppToastsMock = (): jest.Mocked<UseAppToasts> => ({
   addError: jest.fn(),
   addSuccess: jest.fn(),
   addWarning: jest.fn(),
+  addInfo: jest.fn(),
   remove: jest.fn(),
   api: {
     get$: jest.fn(),

x-pack/solutions/security/plugins/security_solution/public/common/hooks/use_app_toasts.test.ts

@@ -30,17 +30,20 @@ describe('useAppToasts', () => {
   let addErrorMock: jest.Mock;
   let addSuccessMock: jest.Mock;
   let addWarningMock: jest.Mock;
+  let addInfoMock: jest.Mock;
   let removeMock: jest.Mock;
 
   beforeEach(() => {
     addErrorMock = jest.fn();
     addSuccessMock = jest.fn();
     addWarningMock = jest.fn();
+    addInfoMock = jest.fn();
     removeMock = jest.fn();
     (useToasts as jest.Mock).mockImplementation(() => ({
       addError: addErrorMock,
       addSuccess: addSuccessMock,
       addWarning: addWarningMock,
+      addInfo: addInfoMock,
       remove: removeMock,
     }));
   });

x-pack/solutions/security/plugins/security_solution/public/common/hooks/use_app_toasts.ts

@@ -15,7 +15,7 @@ import { type IEsError, isEsError } from '@kbn/search-errors';
 import type { ErrorToastOptions, ToastsStart, Toast } from '@kbn/core/public';
 import { useToasts } from '../lib/kibana';
 
-export type UseAppToasts = Pick<ToastsStart, 'addSuccess' | 'addWarning' | 'remove'> & {
+export type UseAppToasts = Pick<ToastsStart, 'addSuccess' | 'addWarning' | 'addInfo' | 'remove'> & {
   api: ToastsStart;
   addError: (error: unknown, options: ErrorToastOptions) => Toast;
 };
@@ -32,6 +32,8 @@ export const useAppToasts = (): UseAppToasts => {
   const addError = useRef(toasts.addError.bind(toasts)).current;
   const addSuccess = useRef(toasts.addSuccess.bind(toasts)).current;
   const addWarning = useRef(toasts.addWarning.bind(toasts)).current;
+  const addInfo = useRef(toasts.addInfo.bind(toasts)).current;
+
   const remove = useRef(toasts.remove.bind(toasts)).current;
 
   const _addError = useCallback(
@@ -43,8 +45,8 @@ export const useAppToasts = (): UseAppToasts => {
   );
 
   return useMemo(
-    () => ({ api: toasts, addError: _addError, addSuccess, addWarning, remove }),
-    [_addError, addSuccess, addWarning, remove, toasts]
+    () => ({ api: toasts, addError: _addError, addSuccess, addWarning, addInfo, remove }),
+    [_addError, addSuccess, addWarning, addInfo, remove, toasts]
   );
 };
 

x-pack/solutions/security/plugins/security_solution/public/common/lib/apm/user_actions.ts

@@ -24,6 +24,7 @@ export const BULK_RULE_ACTIONS = {
   DUPLICATE: `${APP_UI_ID} bulkRuleActions duplicate`,
   EXPORT: `${APP_UI_ID} bulkRuleActions export`,
   MANUAL_RULE_RUN: `${APP_UI_ID} bulkRuleActions manual rule run`,
+  FILL_GAPS: `${APP_UI_ID} bulkRuleActions fill gaps`,
   DELETE: `${APP_UI_ID} bulkRuleActions delete`,
   EDIT: `${APP_UI_ID} bulkRuleActions edit`,
 };