[8.x] [Rules migration][Integration test] Get Prebuilt Rules APIs (#11232) (#211403) (#211427)

# Backport

This will backport the following commits from `main` to `8.x`:
- [[Rules migration][Integration test] Get Prebuilt Rules APIs (#11232)
(#211403)](#211403)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Ievgen
Sorokopud","email":"[email protected]"},"sourceCommit":{"committedDate":"2025-02-17T12:31:30Z","message":"[Rules
migration][Integration test] Get Prebuilt Rules APIs (#11232)
(#211403)\n\n## Summary\r\n\r\n[Internal
link](https://github.com/elastic/security-team/issues/10820)\r\nto the
feature details\r\n\r\nPart of
https://github.com/elastic/security-team/issues/11232\r\n\r\nThis PR
covers SIEM Migrations Get prebuilt rules API (route:
`GET\r\n/internal/siem_migrations/rules/{migration_id}/prebuilt_rules`)\r\nintegration
test:\r\n* get all prebuilt rules matched by migration rules\r\n* return
empty response when migration rules did not match
prebuilt\r\nrules","sha":"0adce7a3dbdfc8d6a6bbdff3765da1d05e12c0fb","branchLabelMapping":{"^v9.1.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:Threat
Hunting","Team:
SecuritySolution","backport:version","v8.18.0","v9.1.0","v8.19.0"],"title":"[Rules
migration][Integration test] Get Prebuilt Rules APIs
(#11232)","number":211403,"url":"https://github.com/elastic/kibana/pull/211403","mergeCommit":{"message":"[Rules
migration][Integration test] Get Prebuilt Rules APIs (#11232)
(#211403)\n\n## Summary\r\n\r\n[Internal
link](https://github.com/elastic/security-team/issues/10820)\r\nto the
feature details\r\n\r\nPart of
https://github.com/elastic/security-team/issues/11232\r\n\r\nThis PR
covers SIEM Migrations Get prebuilt rules API (route:
`GET\r\n/internal/siem_migrations/rules/{migration_id}/prebuilt_rules`)\r\nintegration
test:\r\n* get all prebuilt rules matched by migration rules\r\n* return
empty response when migration rules did not match
prebuilt\r\nrules","sha":"0adce7a3dbdfc8d6a6bbdff3765da1d05e12c0fb"}},"sourceBranch":"main","suggestedTargetBranches":["9.0","8.18","8.x"],"targetPullRequestStates":[{"branch":"9.0","label":"v9.0.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.18","label":"v8.18.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/211403","number":211403,"mergeCommit":{"message":"[Rules
migration][Integration test] Get Prebuilt Rules APIs (#11232)
(#211403)\n\n## Summary\r\n\r\n[Internal
link](https://github.com/elastic/security-team/issues/10820)\r\nto the
feature details\r\n\r\nPart of
https://github.com/elastic/security-team/issues/11232\r\n\r\nThis PR
covers SIEM Migrations Get prebuilt rules API (route:
`GET\r\n/internal/siem_migrations/rules/{migration_id}/prebuilt_rules`)\r\nintegration
test:\r\n* get all prebuilt rules matched by migration rules\r\n* return
empty response when migration rules did not match
prebuilt\r\nrules","sha":"0adce7a3dbdfc8d6a6bbdff3765da1d05e12c0fb"}},{"branch":"8.x","label":"v8.19.0","branchLabelMappingKey":"^v8.19.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: Ievgen Sorokopud <[email protected]>

Author: kibanamachine

x-pack/test/security_solution_api_integration/test_suites/siem_migrations/rules/trial_license_complete_tier/get_prebuilt_rules.ts

@@ -0,0 +1,84 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import expect from 'expect';
+import { v4 as uuidv4 } from 'uuid';
+import { RuleTranslationResult } from '@kbn/security-solution-plugin/common/siem_migrations/constants';
+import { deleteAllRules } from '../../../../../common/utils/security_solution';
+import {
+  RuleMigrationDocument,
+  createMigrationRules,
+  defaultElasticRule,
+  deleteAllMigrationRules,
+  getMigrationRuleDocuments,
+  migrationRulesRouteHelpersFactory,
+} from '../../utils';
+import { FtrProviderContext } from '../../../../ftr_provider_context';
+import {
+  createPrebuiltRuleAssetSavedObjects,
+  createRuleAssetSavedObject,
+  deleteAllPrebuiltRuleAssets,
+  deleteAllTimelines,
+} from '../../../detections_response/utils';
+
+export default ({ getService }: FtrProviderContext) => {
+  const es = getService('es');
+  const log = getService('log');
+  const supertest = getService('supertest');
+  const migrationRulesRoutes = migrationRulesRouteHelpersFactory(supertest);
+
+  describe('@ess @serverless @serverlessQA Get Prebuilt Rules API', () => {
+    beforeEach(async () => {
+      await deleteAllRules(supertest, log);
+      await deleteAllTimelines(es, log);
+      await deleteAllPrebuiltRuleAssets(es, log);
+      await deleteAllMigrationRules(es);
+
+      // Add some prebuilt rules
+      const ruleAssetSavedObjects = [
+        createRuleAssetSavedObject({ rule_id: 'rule-1', version: 1 }),
+        createRuleAssetSavedObject({ rule_id: 'rule-2', version: 1 }),
+        createRuleAssetSavedObject({ rule_id: 'rule-3', version: 1 }),
+        createRuleAssetSavedObject({ rule_id: 'rule-4', version: 1 }),
+        createRuleAssetSavedObject({ rule_id: 'rule-5', version: 1 }),
+      ];
+      await createPrebuiltRuleAssetSavedObjects(es, ruleAssetSavedObjects);
+    });
+
+    it('should return all prebuilt rules matched by migration rules', async () => {
+      const migrationId = uuidv4();
+
+      const overrideCallback = (index: number): Partial<RuleMigrationDocument> => {
+        const { query_language: queryLanguage, query, ...rest } = defaultElasticRule;
+        return {
+          migration_id: migrationId,
+          elastic_rule: index < 2 ? { ...rest, prebuilt_rule_id: `rule-${index + 1}` } : undefined,
+          translation_result: index < 2 ? RuleTranslationResult.FULL : undefined,
+        };
+      };
+      const migrationRuleDocuments = getMigrationRuleDocuments(4, overrideCallback);
+      await createMigrationRules(es, migrationRuleDocuments);
+
+      const response = await migrationRulesRoutes.getPrebuiltRules({ migrationId });
+
+      const prebuiltRulesIds = Object.keys(response.body).sort();
+      expect(prebuiltRulesIds).toEqual(['rule-1', 'rule-2']);
+    });
+
+    it('should return empty response when migration rules did not match prebuilt rules', async () => {
+      const migrationId = uuidv4();
+
+      const migrationRuleDocuments = getMigrationRuleDocuments(10, () => ({
+        migration_id: migrationId,
+      }));
+      await createMigrationRules(es, migrationRuleDocuments);
+
+      const response = await migrationRulesRoutes.getPrebuiltRules({ migrationId });
+      expect(response.body).toEqual({});
+    });
+  });
+};

x-pack/test/security_solution_api_integration/test_suites/siem_migrations/rules/trial_license_complete_tier/index.ts

@@ -9,6 +9,7 @@ import { FtrProviderContext } from '../../../../ftr_provider_context';
 export default function ({ loadTestFile }: FtrProviderContext) {
   describe('@ess SecuritySolution SIEM Migrations', () => {
     loadTestFile(require.resolve('./create'));
+    loadTestFile(require.resolve('./get_prebuilt_rules'));
     loadTestFile(require.resolve('./get'));
     loadTestFile(require.resolve('./install'));
     loadTestFile(require.resolve('./stats'));

x-pack/test/security_solution_api_integration/test_suites/siem_migrations/utils/rules.ts

@@ -15,6 +15,7 @@ import { replaceParams } from '@kbn/openapi-common/shared';
 import {
   SIEM_RULE_MIGRATIONS_ALL_STATS_PATH,
   SIEM_RULE_MIGRATIONS_PATH,
+  SIEM_RULE_MIGRATIONS_PREBUILT_RULES_PATH,
   SIEM_RULE_MIGRATION_INSTALL_PATH,
   SIEM_RULE_MIGRATION_PATH,
   SIEM_RULE_MIGRATION_STATS_PATH,
@@ -23,6 +24,7 @@ import {
 import {
   CreateRuleMigrationResponse,
   GetAllStatsRuleMigrationResponse,
+  GetRuleMigrationPrebuiltRulesResponse,
   GetRuleMigrationRequestQuery,
   GetRuleMigrationResponse,
   GetRuleMigrationStatsResponse,
@@ -184,5 +186,21 @@ export const migrationRulesRouteHelpersFactory = (supertest: SuperTest.Agent) =>
 
       return response;
     },
+
+    getPrebuiltRules: async ({
+      migrationId,
+      expectStatusCode = 200,
+    }: MigrationRequestParams): Promise<{ body: GetRuleMigrationPrebuiltRulesResponse }> => {
+      const response = await supertest
+        .get(replaceParams(SIEM_RULE_MIGRATIONS_PREBUILT_RULES_PATH, { migration_id: migrationId }))
+        .set('kbn-xsrf', 'true')
+        .set(ELASTIC_HTTP_VERSION_HEADER, API_VERSIONS.internal.v1)
+        .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
+        .send();
+
+      assertStatusCode(expectStatusCode, response);
+
+      return response;
+    },
   };
 };