[9.1] [Security Solution] Stop showing ML rule installation and upgrade errors on Basic license (#224676) (#226352)

# Backport

This will backport the following commits from `main` to `9.1`:
- [[Security Solution] Stop showing ML rule installation and upgrade
errors on Basic license
(#224676)](#224676)

<!--- Backport version: 9.6.6 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT [{"author":{"name":"Nikita
Indik","email":"[email protected]"},"sourceCommit":{"committedDate":"2025-07-03T08:43:07Z","message":"[Security
Solution] Stop showing ML rule installation and upgrade errors on Basic
license (#224676)\n\n**Resolves:
https://github.com/elastic/kibana/issues/197246**\n**Resolves:
https://github.com/elastic/kibana/issues/190753**\n\n**Flaky test
runner**:\nhttps://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/8483\n\n\n\n##
Summary\nThis PR addresses an issue where users with Basic or Essentials
licenses\nencountered errors when attempting to install ML rules. This
problem\narose because Basic and Essentials licenses do not permit
the\ninstallation or upgrading of ML rules. The PR resolves this by
excluding\nML rules from the installation and upgrade `_review` endpoint
responses\nfor users with insufficient license.\n\n## Changes\n-
`installation/_review` and `upgrade/_review` don't return ML rules
for\nusers on Basic/Essentials.\n- `prebuilt_rules/status` does not
include ML rules in the count of\nrules to install or upgrade.\n-
`installation/_perform` and `upgrade/_perform` now skip ML rules
when\ncalled with `ALL_RULES` mode if the license is insufficient.\n-
Added API integration tests for installing and upgrading prebuilt\nrules
on Basic and Essentials, as well as for checking their status.\n- Now,
installation and upgrade errors are displayed in a separate
\"red\"\ntoast if any rules fail to install or upgrade.\n- Added tests
for toasts as well.\n\n## Screenshots and screen recordings\n###
Installing all prebuilt rules\n\n<details>\n <summary>Click to see
screen recordings</summary>\n
<b>Before</b>\n\n\nhttps://github.com/user-attachments/assets/4e68d4c8-5523-495f-9157-41a5f037d261\n\n
<b>After</b>\n\n\nhttps://github.com/user-attachments/assets/465a2bc0-fd89-49cc-9bdb-78d45a6545ea\n\n</details>\n\n###
Upgrading all prebuilt rules\n<details>\n <summary>Click to see screen
recordings</summary>\n
<b>Before</b>\n\n\nhttps://github.com/user-attachments/assets/6e7e4299-2348-43b3-b5f6-ed31cf350a69\n\n
<b>After</b>\n\n\nhttps://github.com/user-attachments/assets/84303135-2ed0-4014-a677-d182f2a105c9\n\n</details>\n\n###
Errors during installation (unrelated to ML rules)\n<details>\n
<summary>Click to see screenshots</summary>\n\n **Before: a green toast
with combined success and error text**\n \n<img width=\"2561\"
alt=\"installation_toast_before\"\nsrc=\"https://github.com/user-attachments/assets/35d4134b-643b-4e91-8971-de8d63a4c885\"\n/>\n\n\n
**After: two toasts – one for success, one for errors**\n\n<img
width=\"2561\"
alt=\"installation_toast_after_1\"\nsrc=\"https://github.com/user-attachments/assets/cc967445-e8fc-4508-a39d-a13116c4087b\"\n/>\n<img
width=\"2561\"
alt=\"installation_toast_after_2\"\nsrc=\"https://github.com/user-attachments/assets/0c2fcbae-484f-4458-8151-29de2a09e243\"\n/>\n\n\n</details>\n\n---------\n\nCo-authored-by:
kibanamachine
<[email protected]>","sha":"e19fdf8dd600e849413b680c730b03ac9aa2f725","branchLabelMapping":{"^v9.2.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:fix","Team:Detections
and Resp","Team: SecuritySolution","Team:Detection Rule
Management","Feature:Prebuilt Detection
Rules","backport:version","v9.1.0","v8.19.0","v9.2.0","v8.18.4","v9.0.4"],"title":"[Security
Solution] Stop showing ML rule installation and upgrade errors on Basic
license","number":224676,"url":"https://github.com/elastic/kibana/pull/224676","mergeCommit":{"message":"[Security
Solution] Stop showing ML rule installation and upgrade errors on Basic
license (#224676)\n\n**Resolves:
https://github.com/elastic/kibana/issues/197246**\n**Resolves:
https://github.com/elastic/kibana/issues/190753**\n\n**Flaky test
runner**:\nhttps://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/8483\n\n\n\n##
Summary\nThis PR addresses an issue where users with Basic or Essentials
licenses\nencountered errors when attempting to install ML rules. This
problem\narose because Basic and Essentials licenses do not permit
the\ninstallation or upgrading of ML rules. The PR resolves this by
excluding\nML rules from the installation and upgrade `_review` endpoint
responses\nfor users with insufficient license.\n\n## Changes\n-
`installation/_review` and `upgrade/_review` don't return ML rules
for\nusers on Basic/Essentials.\n- `prebuilt_rules/status` does not
include ML rules in the count of\nrules to install or upgrade.\n-
`installation/_perform` and `upgrade/_perform` now skip ML rules
when\ncalled with `ALL_RULES` mode if the license is insufficient.\n-
Added API integration tests for installing and upgrading prebuilt\nrules
on Basic and Essentials, as well as for checking their status.\n- Now,
installation and upgrade errors are displayed in a separate
\"red\"\ntoast if any rules fail to install or upgrade.\n- Added tests
for toasts as well.\n\n## Screenshots and screen recordings\n###
Installing all prebuilt rules\n\n<details>\n <summary>Click to see
screen recordings</summary>\n
<b>Before</b>\n\n\nhttps://github.com/user-attachments/assets/4e68d4c8-5523-495f-9157-41a5f037d261\n\n
<b>After</b>\n\n\nhttps://github.com/user-attachments/assets/465a2bc0-fd89-49cc-9bdb-78d45a6545ea\n\n</details>\n\n###
Upgrading all prebuilt rules\n<details>\n <summary>Click to see screen
recordings</summary>\n
<b>Before</b>\n\n\nhttps://github.com/user-attachments/assets/6e7e4299-2348-43b3-b5f6-ed31cf350a69\n\n
<b>After</b>\n\n\nhttps://github.com/user-attachments/assets/84303135-2ed0-4014-a677-d182f2a105c9\n\n</details>\n\n###
Errors during installation (unrelated to ML rules)\n<details>\n
<summary>Click to see screenshots</summary>\n\n **Before: a green toast
with combined success and error text**\n \n<img width=\"2561\"
alt=\"installation_toast_before\"\nsrc=\"https://github.com/user-attachments/assets/35d4134b-643b-4e91-8971-de8d63a4c885\"\n/>\n\n\n
**After: two toasts – one for success, one for errors**\n\n<img
width=\"2561\"
alt=\"installation_toast_after_1\"\nsrc=\"https://github.com/user-attachments/assets/cc967445-e8fc-4508-a39d-a13116c4087b\"\n/>\n<img
width=\"2561\"
alt=\"installation_toast_after_2\"\nsrc=\"https://github.com/user-attachments/assets/0c2fcbae-484f-4458-8151-29de2a09e243\"\n/>\n\n\n</details>\n\n---------\n\nCo-authored-by:
kibanamachine
<[email protected]>","sha":"e19fdf8dd600e849413b680c730b03ac9aa2f725"}},"sourceBranch":"main","suggestedTargetBranches":["9.1","8.19","8.18","9.0"],"targetPullRequestStates":[{"branch":"9.1","label":"v9.1.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.19","label":"v8.19.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.2.0","branchLabelMappingKey":"^v9.2.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/224676","number":224676,"mergeCommit":{"message":"[Security
Solution] Stop showing ML rule installation and upgrade errors on Basic
license (#224676)\n\n**Resolves:
https://github.com/elastic/kibana/issues/197246**\n**Resolves:
https://github.com/elastic/kibana/issues/190753**\n\n**Flaky test
runner**:\nhttps://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/8483\n\n\n\n##
Summary\nThis PR addresses an issue where users with Basic or Essentials
licenses\nencountered errors when attempting to install ML rules. This
problem\narose because Basic and Essentials licenses do not permit
the\ninstallation or upgrading of ML rules. The PR resolves this by
excluding\nML rules from the installation and upgrade `_review` endpoint
responses\nfor users with insufficient license.\n\n## Changes\n-
`installation/_review` and `upgrade/_review` don't return ML rules
for\nusers on Basic/Essentials.\n- `prebuilt_rules/status` does not
include ML rules in the count of\nrules to install or upgrade.\n-
`installation/_perform` and `upgrade/_perform` now skip ML rules
when\ncalled with `ALL_RULES` mode if the license is insufficient.\n-
Added API integration tests for installing and upgrading prebuilt\nrules
on Basic and Essentials, as well as for checking their status.\n- Now,
installation and upgrade errors are displayed in a separate
\"red\"\ntoast if any rules fail to install or upgrade.\n- Added tests
for toasts as well.\n\n## Screenshots and screen recordings\n###
Installing all prebuilt rules\n\n<details>\n <summary>Click to see
screen recordings</summary>\n
<b>Before</b>\n\n\nhttps://github.com/user-attachments/assets/4e68d4c8-5523-495f-9157-41a5f037d261\n\n
<b>After</b>\n\n\nhttps://github.com/user-attachments/assets/465a2bc0-fd89-49cc-9bdb-78d45a6545ea\n\n</details>\n\n###
Upgrading all prebuilt rules\n<details>\n <summary>Click to see screen
recordings</summary>\n
<b>Before</b>\n\n\nhttps://github.com/user-attachments/assets/6e7e4299-2348-43b3-b5f6-ed31cf350a69\n\n
<b>After</b>\n\n\nhttps://github.com/user-attachments/assets/84303135-2ed0-4014-a677-d182f2a105c9\n\n</details>\n\n###
Errors during installation (unrelated to ML rules)\n<details>\n
<summary>Click to see screenshots</summary>\n\n **Before: a green toast
with combined success and error text**\n \n<img width=\"2561\"
alt=\"installation_toast_before\"\nsrc=\"https://github.com/user-attachments/assets/35d4134b-643b-4e91-8971-de8d63a4c885\"\n/>\n\n\n
**After: two toasts – one for success, one for errors**\n\n<img
width=\"2561\"
alt=\"installation_toast_after_1\"\nsrc=\"https://github.com/user-attachments/assets/cc967445-e8fc-4508-a39d-a13116c4087b\"\n/>\n<img
width=\"2561\"
alt=\"installation_toast_after_2\"\nsrc=\"https://github.com/user-attachments/assets/0c2fcbae-484f-4458-8151-29de2a09e243\"\n/>\n\n\n</details>\n\n---------\n\nCo-authored-by:
kibanamachine
<[email protected]>","sha":"e19fdf8dd600e849413b680c730b03ac9aa2f725"}},{"branch":"8.18","label":"v8.18.4","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"9.0","label":"v9.0.4","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: Nikita Indik <[email protected]>

Author: kibanamachine

.buildkite/ftr_security_serverless_configs.yml

@@ -81,6 +81,7 @@ enabled:
   - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/configs/serverless.config.ts
   - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/configs/serverless.config.ts
   - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/configs/serverless.config.ts
+  - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/ml_disabled/configs/serverless_essentials_tier.config.ts
   - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/configs/serverless.config.ts
   - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/trial_license_complete_tier/configs/serverless.config.ts
   - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/basic_license_essentials_tier/configs/serverless.config.ts

.buildkite/ftr_security_stateful_configs.yml

@@ -67,6 +67,7 @@ enabled:
   - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/configs/ess.config.ts
   - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/configs/ess.config.ts
   - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/configs/ess.config.ts
+  - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/ml_disabled/configs/ess_basic_license.config.ts
   - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/configs/ess.config.ts
   - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/trial_license_complete_tier/configs/ess.config.ts
   - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/basic_license_essentials_tier/configs/ess.config.ts

x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/prebuilt_rules/perform_rule_upgrade/perform_rule_upgrade_route.test.ts

@@ -261,7 +261,7 @@ describe('Perform Rule Upgrade Route Schemas', () => {
       );
     });
 
-    test('rejects paylaod with missing rules array', () => {
+    test('rejects payload with missing rules array', () => {
       const invalid = { ...validRequest, rules: undefined };
       const result = UpgradeSpecificRulesRequest.safeParse(invalid);
       expectParseError(result);

x-pack/solutions/security/plugins/security_solution/public/common/components/utils.ts

@@ -10,6 +10,7 @@ import { useMemo, useState } from 'react';
 import useResizeObserver from 'use-resize-observer/polyfilled';
 import { niceTimeFormatByDay, timeFormatter } from '@elastic/charts';
 import moment from 'moment-timezone';
+import type { IToasts } from '@kbn/core/public';
 
 export const getDaysDiff = (minDate: moment.Moment, maxDate: moment.Moment) => {
   const diff = maxDate.diff(minDate, 'days');
@@ -35,3 +36,32 @@ export const useThrottledResizeObserver = (wait = 100) => {
 
   return { ref, ...size };
 };
+
+/**
+ * Displays an error toast with a specified title and a short message.
+ * Also allows to set a detailed message that will appear in the modal when user clicks the "See full error" button.
+ *
+ * @param title The title of the toast notification. Appears in both the toast header and the modal header.
+ * @param shortMessage An optional short message. Appears under toast header.
+ * @param fullMessage The full error message. Appears in the modal when user clicks the "See full error" button.
+ * @param toasts The toasts service instance.
+ */
+export function showErrorToast({
+  title,
+  shortMessage,
+  fullMessage,
+  toasts,
+}: {
+  title: string;
+  shortMessage?: string;
+  fullMessage: string;
+  toasts: IToasts;
+}) {
+  const error = new Error('Error details');
+  error.stack = fullMessage;
+  toasts.addError(error, {
+    title,
+    // Fall back to a space to ensure that the toast component does not render its default message
+    toastMessage: shortMessage ?? ' ',
+  });
+}

x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management/logic/prebuilt_rules/translations.ts

@@ -16,7 +16,7 @@ export const RULE_INSTALLATION_FAILED = i18n.translate(
 
 export const INSTALL_RULE_SUCCESS = (succeeded: number) =>
   i18n.translate('xpack.securitySolution.detectionEngine.prebuiltRules.toast.installRuleSuccess', {
-    defaultMessage: '{succeeded, plural, one {# rule} other {# rules}} installed successfully.',
+    defaultMessage: '{succeeded, plural, one {# rule} other {# rules}} installed successfully',
     values: { succeeded },
   });
 
@@ -29,7 +29,7 @@ export const INSTALL_RULE_SKIPPED = (skipped: number) =>
 
 export const INSTALL_RULE_FAILED = (failed: number) =>
   i18n.translate('xpack.securitySolution.detectionEngine.prebuiltRules.toast.installRuleFailed', {
-    defaultMessage: '{failed, plural, one {# rule} other {# rules}} failed to install.',
+    defaultMessage: '{failed, plural, one {# rule} other {# rules}} failed to install',
     values: { failed },
   });
 
@@ -42,7 +42,7 @@ export const RULE_UPGRADE_FAILED = i18n.translate(
 
 export const UPGRADE_RULE_SUCCESS = (succeeded: number) =>
   i18n.translate('xpack.securitySolution.detectionEngine.prebuiltRules.toast.upgradeRuleSuccess', {
-    defaultMessage: '{succeeded, plural, one {# rule} other {# rules}} updated successfully.',
+    defaultMessage: '{succeeded, plural, one {# rule} other {# rules}} updated successfully',
     values: { succeeded },
   });
 
@@ -55,7 +55,7 @@ export const UPGRADE_RULE_SKIPPED = (skipped: number) =>
 
 export const UPGRADE_RULE_FAILED = (failed: number) =>
   i18n.translate('xpack.securitySolution.detectionEngine.prebuiltRules.toast.upgradeRuleFailed', {
-    defaultMessage: '{failed, plural, one {# rule} other {# rules}} failed to update.',
+    defaultMessage: '{failed, plural, one {# rule} other {# rules}} failed to update',
     values: { failed },
   });
 

x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management/logic/prebuilt_rules/use_perform_rule_install.ts

@@ -4,58 +4,81 @@
  * 2.0; you may not use this file except in compliance with the Elastic License
  * 2.0.
  */
-import { useAppToasts } from '../../../../common/hooks/use_app_toasts';
+import type { IToasts } from '@kbn/core/public';
+import type { PerformRuleInstallationResponseBody } from '../../../../../common/api/detection_engine';
+import { useToasts } from '../../../../common/lib/kibana';
 import { usePerformAllRulesInstallMutation } from '../../api/hooks/prebuilt_rules/use_perform_all_rules_install_mutation';
 import { usePerformSpecificRulesInstallMutation } from '../../api/hooks/prebuilt_rules/use_perform_specific_rules_install_mutation';
 
 import * as i18n from './translations';
+import { showErrorToast } from '../../../../common/components/utils';
 
 export const usePerformInstallAllRules = () => {
-  const { addError, addSuccess } = useAppToasts();
+  const toasts = useToasts();
 
   return usePerformAllRulesInstallMutation({
-    onError: (err) => {
-      addError(err, { title: i18n.RULE_INSTALLATION_FAILED });
+    onError: (error) => {
+      handleErrorResponse(error, toasts);
     },
     onSuccess: (result) => {
-      addSuccess(getSuccessToastMessage(result));
+      handleSuccessResponse(result, toasts);
     },
   });
 };
 
 export const usePerformInstallSpecificRules = () => {
-  const { addError, addSuccess } = useAppToasts();
+  const toasts = useToasts();
 
   return usePerformSpecificRulesInstallMutation({
-    onError: (err) => {
-      addError(err, { title: i18n.RULE_INSTALLATION_FAILED });
+    onError: (error) => {
+      handleErrorResponse(error, toasts);
     },
     onSuccess: (result) => {
-      addSuccess(getSuccessToastMessage(result));
+      handleSuccessResponse(result, toasts);
     },
   });
 };
 
-const getSuccessToastMessage = (result: {
+function handleErrorResponse(error: unknown, toasts: IToasts) {
+  showErrorToast({
+    title: i18n.RULE_INSTALLATION_FAILED,
+    fullMessage: JSON.stringify(error, null, 2),
+    toasts,
+  });
+}
+
+function handleSuccessResponse(result: PerformRuleInstallationResponseBody, toasts: IToasts) {
+  const successToastMessage = getSuccessToastMessage(result);
+  if (successToastMessage) {
+    toasts.addSuccess(successToastMessage);
+  }
+
+  if (result.summary.failed > 0) {
+    showErrorToast({
+      title: i18n.INSTALL_RULE_FAILED(result.summary.failed),
+      fullMessage: JSON.stringify(result.errors, null, 2),
+      toasts,
+    });
+  }
+}
+
+function getSuccessToastMessage(result: {
   summary: {
     total: number;
     succeeded: number;
     skipped: number;
     failed: number;
   };
-}) => {
+}): string {
   const toastMessages: string[] = [];
   const {
-    summary: { succeeded, skipped, failed },
+    summary: { succeeded, skipped },
   } = result;
   if (succeeded > 0) {
     toastMessages.push(i18n.INSTALL_RULE_SUCCESS(succeeded));
   }
   if (skipped > 0) {
     toastMessages.push(i18n.INSTALL_RULE_SKIPPED(skipped));
   }
-  if (failed > 0) {
-    toastMessages.push(i18n.INSTALL_RULE_FAILED(failed));
-  }
   return toastMessages.join(' ');
-};
+}

x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management/logic/prebuilt_rules/use_perform_rule_upgrade.ts

@@ -4,24 +4,42 @@
  * 2.0; you may not use this file except in compliance with the Elastic License
  * 2.0.
  */
-import { useAppToasts } from '../../../../common/hooks/use_app_toasts';
+
+import { showErrorToast } from '../../../../common/components/utils';
+import { useToasts } from '../../../../common/lib/kibana';
 import { usePerformRulesUpgradeMutation } from '../../api/hooks/prebuilt_rules/use_perform_rules_upgrade_mutation';
 
 import * as i18n from './translations';
 
 export const usePerformUpgradeRules = () => {
-  const { addError, addSuccess } = useAppToasts();
+  const toasts = useToasts();
 
   return usePerformRulesUpgradeMutation({
-    onError: (err) => {
-      addError(err, { title: i18n.RULE_UPGRADE_FAILED });
+    onError: (error) => {
+      showErrorToast({
+        title: i18n.RULE_UPGRADE_FAILED,
+        fullMessage: JSON.stringify(error, null, 2),
+        toasts,
+      });
     },
     onSuccess: (result, vars) => {
       if (vars.dry_run) {
         // This is a preflight check, no need to show toast
         return;
       }
-      addSuccess(getSuccessToastMessage(result));
+
+      const successToastMessage = getSuccessToastMessage(result);
+      if (successToastMessage) {
+        toasts.addSuccess(getSuccessToastMessage(result));
+      }
+
+      if (result.summary.failed > 0) {
+        showErrorToast({
+          title: i18n.UPGRADE_RULE_FAILED(result.summary.failed),
+          fullMessage: JSON.stringify(result.errors, null, 2),
+          toasts,
+        });
+      }
     },
   });
 };
@@ -36,16 +54,13 @@ const getSuccessToastMessage = (result: {
 }) => {
   const toastMessage: string[] = [];
   const {
-    summary: { succeeded, skipped, failed },
+    summary: { succeeded, skipped },
   } = result;
   if (succeeded > 0) {
     toastMessage.push(i18n.UPGRADE_RULE_SUCCESS(succeeded));
   }
   if (skipped > 0) {
     toastMessage.push(i18n.UPGRADE_RULE_SKIPPED(skipped));
   }
-  if (failed > 0) {
-    toastMessage.push(i18n.UPGRADE_RULE_FAILED(failed));
-  }
   return toastMessage.join(' ');
 };

x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/components/rule_import_modal/utils.ts

@@ -11,6 +11,7 @@ import type { IToasts } from '@kbn/core/public';
 import * as i18n from './translations';
 
 import type { ErrorSchema, ImportRulesResponse } from '../../../../../common/api/detection_engine';
+import { showErrorToast } from '../../../../common/components/utils';
 
 export function getFailedConnectorsCount(actionConnectorsErrors: ErrorSchema[]) {
   const connectorIds = new Set(
@@ -46,25 +47,6 @@ function getUserFriendlyConnectorMessages(actionConnectorsErrors: ErrorSchema[])
   return mappedErrors;
 }
 
-function showErrorToast({
-  title,
-  shortMessage,
-  fullMessage,
-  toasts,
-}: {
-  title: string;
-  shortMessage: string;
-  fullMessage: string;
-  toasts: IToasts;
-}) {
-  const error = new Error('Error details');
-  error.stack = fullMessage;
-  toasts.addError(error, {
-    title,
-    toastMessage: shortMessage,
-  });
-}
-
 export function showToast({
   importResponse,
   toasts,

x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/get_prebuilt_rules_status/get_prebuilt_rules_status_route.ts

@@ -12,6 +12,7 @@ import type { SecuritySolutionPluginRouter } from '../../../../../types';
 import { buildSiemResponse } from '../../../routes/utils';
 import { createPrebuiltRuleAssetsClient } from '../../logic/rule_assets/prebuilt_rule_assets_client';
 import { createPrebuiltRuleObjectsClient } from '../../logic/rule_objects/prebuilt_rule_objects_client';
+import { excludeLicenseRestrictedRules, getPossibleUpgrades } from '../../logic/utils';
 
 export const getPrebuiltRulesStatusRoute = (router: SecuritySolutionPluginRouter) => {
   router.versioned
@@ -33,11 +34,12 @@ export const getPrebuiltRulesStatusRoute = (router: SecuritySolutionPluginRouter
         const siemResponse = buildSiemResponse(response);
 
         try {
-          const ctx = await context.resolve(['core', 'alerting']);
+          const ctx = await context.resolve(['core', 'alerting', 'securitySolution']);
           const soClient = ctx.core.savedObjects.client;
           const rulesClient = await ctx.alerting.getRulesClient();
           const ruleAssetsClient = createPrebuiltRuleAssetsClient(soClient);
           const ruleObjectsClient = createPrebuiltRuleObjectsClient(rulesClient);
+          const mlAuthz = ctx.securitySolution.getMlAuthz();
 
           const currentRuleVersions = await ruleObjectsClient.fetchInstalledRuleVersions();
           const latestRuleVersions = await ruleAssetsClient.fetchLatestVersions();
@@ -47,24 +49,39 @@ export const getPrebuiltRulesStatusRoute = (router: SecuritySolutionPluginRouter
           const latestRuleVersionsMap = new Map(
             latestRuleVersions.map((rule) => [rule.rule_id, rule])
           );
-          const installableRules = latestRuleVersions.filter(
+          const allInstallableRules = latestRuleVersions.filter(
             (rule) => !currentRuleVersionsMap.has(rule.rule_id)
           );
-          const upgradeableRules = currentRuleVersions.filter((rule) => {
-            const latestVersion = latestRuleVersionsMap.get(rule.rule_id);
-            return latestVersion != null && rule.version < latestVersion.version;
-          });
+
+          const installableRuleAssets = await excludeLicenseRestrictedRules(
+            allInstallableRules,
+            mlAuthz
+          );
+
+          const upgradableRules = await getPossibleUpgrades(
+            currentRuleVersions,
+            latestRuleVersionsMap,
+            mlAuthz
+          );
+
+          const upgradeableRulesTags = upgradableRules.reduce<string[]>((tags, rule) => {
+            const ruleTags = currentRuleVersionsMap.get(rule.rule_id)?.tags;
+            if (ruleTags) {
+              tags.push(...ruleTags);
+            }
+            return tags;
+          }, []);
 
           const body: GetPrebuiltRulesStatusResponseBody = {
             stats: {
               num_prebuilt_rules_installed: currentRuleVersions.length,
-              num_prebuilt_rules_to_install: installableRules.length,
-              num_prebuilt_rules_to_upgrade: upgradeableRules.length,
+              num_prebuilt_rules_to_install: installableRuleAssets.length,
+              num_prebuilt_rules_to_upgrade: upgradableRules.length,
               num_prebuilt_rules_total_in_package: latestRuleVersions.length,
             },
             aggregated_fields: {
               upgradeable_rules: {
-                tags: [...new Set(upgradeableRules.flatMap((rule) => rule.tags))],
+                tags: [...new Set(upgradeableRulesTags)],
               },
             },
           };