elastic
diff --git a/‎x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/install_prebuilt_rules_and_timelines/legacy_create_prepackaged_rules.ts‎
Lines changed: 15 additions & 44 deletions b/‎x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/install_prebuilt_rules_and_timelines/legacy_create_prepackaged_rules.ts‎
Lines changed: 15 additions & 44 deletions
diff --git a/‎x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/perform_rule_installation/perform_rule_installation_handler.ts‎
Lines changed: 7 additions & 96 deletions b/‎x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/perform_rule_installation/perform_rule_installation_handler.ts‎
Lines changed: 7 additions & 96 deletions
@@ -10,15 +10,9 @@ import type { RulesClient } from '@kbn/alerting-plugin/server';
 import type { ExceptionListClient } from '@kbn/lists-plugin/server';
 import type { InstallPrebuiltRulesAndTimelinesResponse } from '../../../../../../common/api/detection_engine/prebuilt_rules';
 import type { SecuritySolutionApiRequestHandlerContext } from '../../../../../types';
-import { getExistingPrepackagedRules } from '../../../rule_management/logic/search/get_existing_prepackaged_rules';
 import { ensureLatestRulesPackageInstalled } from '../../logic/integrations/ensure_latest_rules_package_installed';
-import { getRulesToInstall } from '../../logic/get_rules_to_install';
-import { getRulesToUpdate } from '../../logic/get_rules_to_update';
 import { performTimelinesInstallation } from '../../logic/perform_timelines_installation';
 import { createPrebuiltRuleAssetsClient } from '../../logic/rule_assets/prebuilt_rule_assets_client';
-import { createPrebuiltRules } from '../../logic/rule_objects/create_prebuilt_rules';
-import { upgradePrebuiltRules } from '../../logic/rule_objects/upgrade_prebuilt_rules';
-import { rulesToMap } from '../../logic/utils';
 
 export class PrepackagedRulesError extends Error {
   public readonly statusCode: number;
@@ -31,7 +25,7 @@ export class PrepackagedRulesError extends Error {
 /**
  * @deprecated This method is incompatible with prebuilt rules customization as
  * it upgrades prebuilt rules to their 'target' version erasing any
- * customizations. Use createPrebuiltRules instead.
+ * customizations. Use DetectionRulesClient.installPrebuiltRules instead.
  */
 export const legacyCreatePrepackagedRules = async (
   context: SecuritySolutionApiRequestHandlerContext,
@@ -44,7 +38,6 @@ export const legacyCreatePrepackagedRules = async (
   const exceptionsListClient = context.getExceptionListClient() ?? exceptionsClient;
   const detectionRulesClient = context.getDetectionRulesClient();
   const ruleAssetsClient = createPrebuiltRuleAssetsClient(savedObjectsClient);
-  const mlAuthz = context.getMlAuthz();
 
   if (!siemClient || !rulesClient) {
     throw new PrepackagedRulesError('', 404);
@@ -57,49 +50,27 @@ export const legacyCreatePrepackagedRules = async (
 
   await ensureLatestRulesPackageInstalled(ruleAssetsClient, context, logger);
 
-  const latestPrebuiltRules = await ruleAssetsClient.fetchLatestAssets();
-  const installedPrebuiltRules = rulesToMap(
-    await getExistingPrepackagedRules({ rulesClient, logger })
-  );
-  const rulesToInstall = await getRulesToInstall(
-    latestPrebuiltRules,
-    installedPrebuiltRules,
-    mlAuthz
-  );
-  const rulesToUpdate = await getRulesToUpdate(
-    latestPrebuiltRules,
-    installedPrebuiltRules,
-    mlAuthz
-  );
+  const { installedRules, errors: installErrors } =
+    await detectionRulesClient.installAllPrebuiltRules();
 
-  const installChangeTracking = {
-    metadata: {
-      bulkCount: rulesToInstall.length,
-    },
-  };
-  const ruleCreationResult = await createPrebuiltRules(
-    detectionRulesClient,
-    rulesToInstall,
-    installChangeTracking,
-    logger
-  );
-
-  if (ruleCreationResult.errors.length > 0) {
-    throw new AggregateError(ruleCreationResult.errors, 'Error installing new prebuilt rules');
+  if (installErrors.length > 0) {
+    throw new AggregateError(
+      installErrors.map((e) => e.error),
+      'Error installing new prebuilt rules'
+    );
   }
 
   const { result: timelinesResult } = await performTimelinesInstallation(context);
 
-  const upgradeChangeTracking = {
-    metadata: {
-      bulkCount: rulesToUpdate.length,
-    },
-  };
-  await upgradePrebuiltRules(detectionRulesClient, rulesToUpdate, upgradeChangeTracking, logger);
+  const { updatedRules } = await detectionRulesClient.upgradeAllPrebuiltRules({
+    onConflict: 'UPGRADE_SOLVABLE',
+    defaultPickVersion: 'TARGET',
+    isDryRun: false,
+  });
 
   return {
-    rules_installed: rulesToInstall.length,
-    rules_updated: rulesToUpdate.length,
+    rules_installed: installedRules.length,
+    rules_updated: updatedRules.length,
     timelines_installed: timelinesResult?.timelines_installed ?? 0,
     timelines_updated: timelinesResult?.timelines_updated ?? 0,
   };
 
@@ -5,27 +5,18 @@
  * 2.0.
  */
 
-import { pick } from 'lodash';
 import { transformError } from '@kbn/securitysolution-es-utils';
 import type { Logger, KibanaRequest, KibanaResponseFactory } from '@kbn/core/server';
-import { SkipRuleInstallReason } from '../../../../../../common/api/detection_engine/prebuilt_rules';
 import type {
   PerformRuleInstallationResponseBody,
-  SkippedRuleInstall,
   PerformRuleInstallationRequestBody,
-  InstalledRuleBasicInfo,
 } from '../../../../../../common/api/detection_engine/prebuilt_rules';
 import type { SecuritySolutionRequestHandlerContext } from '../../../../../types';
 import { buildSiemResponse } from '../../../routes/utils';
 import { aggregatePrebuiltRuleErrors } from '../../logic/aggregate_prebuilt_rule_errors';
 import { ensureLatestRulesPackageInstalled } from '../../logic/integrations/ensure_latest_rules_package_installed';
 import { createPrebuiltRuleAssetsClient } from '../../logic/rule_assets/prebuilt_rule_assets_client';
-import { PREBUILT_RULE_BATCH_SIZE } from '../../constants';
-import { createPrebuiltRules } from '../../logic/rule_objects/create_prebuilt_rules';
-import { createPrebuiltRuleObjectsClient } from '../../logic/rule_objects/prebuilt_rule_objects_client';
 import { performTimelinesInstallation } from '../../logic/perform_timelines_installation';
-import type { RuleSignatureId, RuleVersion } from '../../../../../../common/api/detection_engine';
-import { excludeLicenseRestrictedRules } from '../../logic/utils';
 
 export const performRuleInstallationHandler = async (
   context: SecuritySolutionRequestHandlerContext,
@@ -38,12 +29,9 @@ export const performRuleInstallationHandler = async (
   try {
     const ctx = await context.resolve(['core', 'alerting', 'securitySolution']);
     const soClient = ctx.core.savedObjects.client;
-    const rulesClient = await ctx.alerting.getRulesClient();
     const detectionRulesClient = ctx.securitySolution.getDetectionRulesClient();
     const ruleAssetsClient = createPrebuiltRuleAssetsClient(soClient);
-    const ruleObjectsClient = createPrebuiltRuleObjectsClient(rulesClient);
     const exceptionsListClient = ctx.securitySolution.getExceptionListClient();
-    const mlAuthz = ctx.securitySolution.getMlAuthz();
 
     const { mode } = request.body;
 
@@ -54,93 +42,16 @@ export const performRuleInstallationHandler = async (
     // pages first, the rules package might be missing.
     await ensureLatestRulesPackageInstalled(ruleAssetsClient, ctx.securitySolution, logger);
 
-    const ruleInstallQueue: Array<{
-      rule_id: RuleSignatureId;
-      version: RuleVersion;
-    }> = [];
-    const ruleErrors = [];
-    const installedRules: InstalledRuleBasicInfo[] = [];
-    const skippedRules: SkippedRuleInstall[] = [];
-
-    // Perform all the checks we can before we start the upgrade process
-    if (mode === 'SPECIFIC_RULES') {
-      const requestedRuleIds = request.body.rules.map((rule) => rule.rule_id);
-      const [latestVersions, installedVersions] = await Promise.all([
-        ruleAssetsClient.fetchLatestVersions({ ruleIds: requestedRuleIds }),
-        ruleObjectsClient.fetchInstalledRuleVersionsByIds({ ruleIds: requestedRuleIds }),
-      ]);
-      const installedRuleIds = new Set(installedVersions.map((version) => version.rule_id));
-      const installableRuleIds = new Set(
-        latestVersions
-          .filter((version) => !installedRuleIds.has(version.rule_id))
-          .map((version) => version.rule_id)
-      );
-
-      request.body.rules.forEach((rule) => {
-        // Check that the requested rule is not installed yet
-        if (installedRuleIds.has(rule.rule_id)) {
-          skippedRules.push({
-            rule_id: rule.rule_id,
-            reason: SkipRuleInstallReason.ALREADY_INSTALLED,
-          });
-          return;
-        }
-
-        // Check that the requested rule is installable
-        if (!installableRuleIds.has(rule.rule_id)) {
-          ruleErrors.push({
-            error: new Error(
-              `Rule with ID "${rule.rule_id}" and version "${rule.version}" not found`
-            ),
-            item: rule,
-          });
-          return;
-        }
-
-        ruleInstallQueue.push(rule);
-      });
-    } else if (mode === 'ALL_RULES') {
-      const allLatestVersions = await ruleAssetsClient.fetchLatestVersions();
-      const currentRuleVersions = await ruleObjectsClient.fetchInstalledRuleVersions();
-      const currentRuleVersionsMap = new Map(
-        currentRuleVersions.map((version) => [version.rule_id, version])
-      );
-      const allInstallableRules = allLatestVersions.filter(
-        (latestVersion) => !currentRuleVersionsMap.has(latestVersion.rule_id)
-      );
-      ruleInstallQueue.push(...(await excludeLicenseRestrictedRules(allInstallableRules, mlAuthz)));
-    }
-
-    const changeTracking = {
-      metadata: {
-        bulkCount: ruleInstallQueue.length,
-      },
-    };
-
-    while (ruleInstallQueue.length > 0) {
-      const rulesToInstall = ruleInstallQueue.splice(0, PREBUILT_RULE_BATCH_SIZE);
-      const { assets: ruleAssets } = await ruleAssetsClient.fetchAssetsByVersion(rulesToInstall);
-
-      const { results, errors } = await createPrebuiltRules(
-        detectionRulesClient,
-        ruleAssets,
-        changeTracking,
-        logger
-      );
-
-      const batchInstalledRules = results.map(({ result: rule }) =>
-        pick(rule, ['id', 'rule_id', 'version'])
-      );
-
-      installedRules.push(...batchInstalledRules);
-      ruleErrors.push(...errors);
-    }
+    const { installedRules, skippedRules, errors } =
+      mode === 'SPECIFIC_RULES'
+        ? await detectionRulesClient.installPrebuiltRules({ ruleSpecifiers: request.body.rules })
+        : await detectionRulesClient.installAllPrebuiltRules();
 
     const { error: timelineInstallationError } = await performTimelinesInstallation(
       ctx.securitySolution
     );
 
-    const allErrors = aggregatePrebuiltRuleErrors(ruleErrors);
+    const allErrors = aggregatePrebuiltRuleErrors(errors);
     if (timelineInstallationError) {
       allErrors.push({
         message: timelineInstallationError,
@@ -150,10 +61,10 @@ export const performRuleInstallationHandler = async (
 
     const body: PerformRuleInstallationResponseBody = {
       summary: {
-        total: installedRules.length + skippedRules.length + ruleErrors.length,
+        total: installedRules.length + skippedRules.length + errors.length,
         succeeded: installedRules.length,
         skipped: skippedRules.length,
-        failed: ruleErrors.length,
+        failed: errors.length,
       },
       results: {
         created: installedRules,