[8.x] [Detection Engine][FTRs] Break down long running FTR groups and fix threshold preview bug (#197368) (#198419)

# Backport

This will backport the following commits from `main` to `8.x`:
- [[Detection Engine][FTRs] Break down long running FTR groups and fix
threshold preview bug
(#197368)](https://github.com/elastic/kibana/pull/197368)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Yara
Tercero","email":"yctercero@users.noreply.github.com"},"sourceCommit":{"committedDate":"2024-10-30T17:44:09Z","message":"[Detection
Engine][FTRs] Break down long running FTR groups and fix threshold
preview bug (#197368)\n\n## Summary\r\n\r\nThis PR breaks down long
running FTR groups into smaller chunks that now\r\nrun in <~15 min.\r\n-
Addresses https://github.com/elastic/kibana/issues/192109\r\n- There is
no existing ticket but rule_execution group tests are taking\r\n~55m to
run and will soon be a bottle neck for us.\r\n- No edits made to any
existing tests.\r\n- Purely just a reshuffle of the tests.\r\n\r\nSee
https://github.com/elastic/kibana/issues/198209 for details on
bug.","sha":"cd1fafea15cc61797ead1796e9705bdad3350714","branchLabelMapping":{"^v9.0.0$":"main","^v8.17.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:
SecuritySolution","Team:Detection
Engine","backport:version","v8.17.0"],"title":"[Detection Engine][FTRs]
Break down long running FTR groups and fix threshold preview
bug","number":197368,"url":"https://github.com/elastic/kibana/pull/197368","mergeCommit":{"message":"[Detection
Engine][FTRs] Break down long running FTR groups and fix threshold
preview bug (#197368)\n\n## Summary\r\n\r\nThis PR breaks down long
running FTR groups into smaller chunks that now\r\nrun in <~15 min.\r\n-
Addresses https://github.com/elastic/kibana/issues/192109\r\n- There is
no existing ticket but rule_execution group tests are taking\r\n~55m to
run and will soon be a bottle neck for us.\r\n- No edits made to any
existing tests.\r\n- Purely just a reshuffle of the tests.\r\n\r\nSee
https://github.com/elastic/kibana/issues/198209 for details on
bug.","sha":"cd1fafea15cc61797ead1796e9705bdad3350714"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/197368","number":197368,"mergeCommit":{"message":"[Detection
Engine][FTRs] Break down long running FTR groups and fix threshold
preview bug (#197368)\n\n## Summary\r\n\r\nThis PR breaks down long
running FTR groups into smaller chunks that now\r\nrun in <~15 min.\r\n-
Addresses https://github.com/elastic/kibana/issues/192109\r\n- There is
no existing ticket but rule_execution group tests are taking\r\n~55m to
run and will soon be a bottle neck for us.\r\n- No edits made to any
existing tests.\r\n- Purely just a reshuffle of the tests.\r\n\r\nSee
https://github.com/elastic/kibana/issues/198209 for details on
bug.","sha":"cd1fafea15cc61797ead1796e9705bdad3350714"}},{"branch":"8.x","label":"v8.17.0","branchLabelMappingKey":"^v8.17.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: Yara Tercero <yctercero@users.noreply.github.com>

.buildkite/ftr_security_serverless_configs.yml

@@ -42,13 +42,23 @@ disabled:
   - x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/actions/trial_license_complete_tier/configs/serverless.config.ts
   - x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/basic_license_essentials_tier/configs/serverless.config.ts
   - x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/trial_license_complete_tier/configs/serverless.config.ts
-  - x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/exceptions/operators_data_types/date_numeric_types/basic_license_essentials_tier/configs/serverless.config.ts
+  - x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/exceptions/operators_data_types/date_types/basic_license_essentials_tier/configs/serverless.config.ts
+  - x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/exceptions/operators_data_types/float/basic_license_essentials_tier/configs/serverless.config.ts
+  - x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/exceptions/operators_data_types/integer/basic_license_essentials_tier/configs/serverless.config.ts
+  - x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/exceptions/operators_data_types/double/basic_license_essentials_tier/configs/serverless.config.ts
   - x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/exceptions/operators_data_types/ips/basic_license_essentials_tier/configs/serverless.config.ts
   - x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/exceptions/operators_data_types/keyword/basic_license_essentials_tier/configs/serverless.config.ts
   - x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/exceptions/operators_data_types/long/basic_license_essentials_tier/configs/serverless.config.ts
   - x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/exceptions/operators_data_types/text/basic_license_essentials_tier/configs/serverless.config.ts
   - x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/exceptions/workflows/basic_license_essentials_tier/configs/serverless.config.ts
-  - x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/configs/serverless.config.ts
+  - x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/eql/trial_license_complete_tier/configs/serverless.config.ts
+  - x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/esql/trial_license_complete_tier/configs/serverless.config.ts
+  - x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/general_logic/trial_license_complete_tier/configs/serverless.config.ts
+  - x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/indicator_match/trial_license_complete_tier/configs/serverless.config.ts
+  - x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/machine_learning/trial_license_complete_tier/configs/serverless.config.ts
+  - x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/new_terms/trial_license_complete_tier/configs/serverless.config.ts
+  - x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/query/trial_license_complete_tier/configs/serverless.config.ts
+  - x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/threshold/trial_license_complete_tier/configs/serverless.config.ts
   - x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_gaps/trial_license_complete_tier/configs/serverless.config.ts
   - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_creation/basic_license_essentials_tier/configs/serverless.config.ts
   - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_creation/trial_license_complete_tier/configs/serverless.config.ts

.buildkite/ftr_security_stateful_configs.yml

@@ -30,13 +30,23 @@ enabled:
   - x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/actions/trial_license_complete_tier/configs/ess.config.ts
   - x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/basic_license_essentials_tier/configs/ess.config.ts
   - x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/trial_license_complete_tier/configs/ess.config.ts
-  - x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/exceptions/operators_data_types/date_numeric_types/basic_license_essentials_tier/configs/ess.config.ts
+  - x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/exceptions/operators_data_types/date_types/basic_license_essentials_tier/configs/ess.config.ts
+  - x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/exceptions/operators_data_types/float/basic_license_essentials_tier/configs/ess.config.ts
+  - x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/exceptions/operators_data_types/integer/basic_license_essentials_tier/configs/ess.config.ts
+  - x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/exceptions/operators_data_types/double/basic_license_essentials_tier/configs/ess.config.ts
   - x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/exceptions/operators_data_types/ips/basic_license_essentials_tier/configs/ess.config.ts
   - x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/exceptions/operators_data_types/keyword/basic_license_essentials_tier/configs/ess.config.ts
   - x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/exceptions/operators_data_types/long/basic_license_essentials_tier/configs/ess.config.ts
   - x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/exceptions/operators_data_types/text/basic_license_essentials_tier/configs/ess.config.ts
   - x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/exceptions/workflows/basic_license_essentials_tier/configs/ess.config.ts
-  - x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/configs/ess.config.ts
+  - x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/eql/trial_license_complete_tier/configs/ess.config.ts
+  - x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/esql/trial_license_complete_tier/configs/ess.config.ts
+  - x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/general_logic/trial_license_complete_tier/configs/ess.config.ts
+  - x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/indicator_match/trial_license_complete_tier/configs/ess.config.ts
+  - x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/machine_learning/trial_license_complete_tier/configs/ess.config.ts
+  - x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/new_terms/trial_license_complete_tier/configs/ess.config.ts
+  - x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/query/trial_license_complete_tier/configs/ess.config.ts
+  - x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/threshold/trial_license_complete_tier/configs/ess.config.ts
   - x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_gaps/trial_license_complete_tier/configs/ess.config.ts
   - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_creation/basic_license_essentials_tier/configs/ess.config.ts
   - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_creation/trial_license_complete_tier/configs/ess.config.ts

.buildkite/pipelines/security_solution_quality_gate/mki_periodic/mki_periodic_detection_engine.yml

@@ -1,12 +1,12 @@
 steps:
-  - group: "Cypress MKI - Detection Engine"
+  - group: 'Cypress MKI - Detection Engine'
     key: cypress_test_detections_engine
     steps:
       - command: .buildkite/scripts/pipelines/security_solution_quality_gate/security_solution_cypress/mki_security_solution_cypress.sh cypress:run:qa:serverless:detection_engine
-        label: "Cypress MKI - Detection Engine"
+        label: 'Cypress MKI - Detection Engine'
         key: test_detection_engine
         env:
-          BK_TEST_SUITE_KEY: "serverless-cypress-detection-engine"
+          BK_TEST_SUITE_KEY: 'serverless-cypress-detection-engine'
         agents:
           image: family/kibana-ubuntu-2004
           imageProject: elastic-images-prod
@@ -18,10 +18,10 @@ steps:
         parallelism: 8
 
       - command: .buildkite/scripts/pipelines/security_solution_quality_gate/security_solution_cypress/mki_security_solution_cypress.sh cypress:run:qa:serverless:detection_engine:exceptions
-        label: "Cypress MKI - Detection Engine - Exceptions"
+        label: 'Cypress MKI - Detection Engine - Exceptions'
         key: test_detection_engine_exceptions
         env:
-          BK_TEST_SUITE_KEY: "serverless-cypress-detection-engine"
+          BK_TEST_SUITE_KEY: 'serverless-cypress-detection-engine'
         agents:
           image: family/kibana-ubuntu-2004
           imageProject: elastic-images-prod
@@ -32,7 +32,7 @@ steps:
         timeout_in_minutes: 300
         parallelism: 6
 
-  - group: "API MKI - Detection Engine - "
+  - group: 'API MKI - Detection Engine - '
     key: api_test_detections_engine
     steps:
       - label: Running exception_lists_items:qa:serverless
@@ -47,7 +47,7 @@ steps:
         timeout_in_minutes: 120
         retry:
           automatic:
-            - exit_status: "1"
+            - exit_status: '1'
               limit: 2
 
       - label: Running lists_items:qa:serverless
@@ -62,7 +62,7 @@ steps:
         timeout_in_minutes: 120
         retry:
           automatic:
-            - exit_status: "1"
+            - exit_status: '1'
               limit: 2
 
       - label: Running user_roles:qa:serverless
@@ -77,7 +77,7 @@ steps:
         timeout_in_minutes: 120
         retry:
           automatic:
-            - exit_status: "1"
+            - exit_status: '1'
               limit: 2
 
       - label: Running telemetry:qa:serverless
@@ -92,7 +92,7 @@ steps:
         timeout_in_minutes: 120
         retry:
           automatic:
-            - exit_status: "1"
+            - exit_status: '1'
               limit: 2
 
       - label: Running exception_workflows:essentials:qa:serverless
@@ -107,12 +107,12 @@ steps:
         timeout_in_minutes: 120
         retry:
           automatic:
-            - exit_status: "1"
+            - exit_status: '1'
               limit: 2
 
-      - label: Running exception_operators_date_numeric_types:essentials:qa:serverless
-        command: .buildkite/scripts/pipelines/security_solution_quality_gate/api_integration/api-integration-tests.sh exception_operators_date_numeric_types:essentials:qa:serverless
-        key: exception_operators_date_numeric_types:essentials:qa:serverless
+      - label: Running exception_operators_date_types:essentials:qa:serverless
+        command: .buildkite/scripts/pipelines/security_solution_quality_gate/api_integration/api-integration-tests.sh exception_operators_date_types:essentials:qa:serverless
+        key: exception_operators_date_types:essentials:qa:serverless
         agents:
           image: family/kibana-ubuntu-2004
           imageProject: elastic-images-prod
@@ -122,7 +122,52 @@ steps:
         timeout_in_minutes: 120
         retry:
           automatic:
-            - exit_status: "1"
+            - exit_status: '1'
+              limit: 2
+
+      - label: Running exception_operators_double:essentials:qa:serverless
+        command: .buildkite/scripts/pipelines/security_solution_quality_gate/api_integration/api-integration-tests.sh exception_operators_double:essentials:qa:serverless
+        key: exception_operators_double:essentials:qa:serverless
+        agents:
+          image: family/kibana-ubuntu-2004
+          imageProject: elastic-images-prod
+          provider: gcp
+          machineType: n2-standard-4
+          preemptible: true
+        timeout_in_minutes: 120
+        retry:
+          automatic:
+            - exit_status: '1'
+              limit: 2
+
+      - label: Running exception_operators_float:essentials:qa:serverless
+        command: .buildkite/scripts/pipelines/security_solution_quality_gate/api_integration/api-integration-tests.sh exception_operators_float:essentials:qa:serverless
+        key: exception_operators_float:essentials:qa:serverless
+        agents:
+          image: family/kibana-ubuntu-2004
+          imageProject: elastic-images-prod
+          provider: gcp
+          machineType: n2-standard-4
+          preemptible: true
+        timeout_in_minutes: 120
+        retry:
+          automatic:
+            - exit_status: '1'
+              limit: 2
+
+      - label: Running exception_operators_integer:essentials:qa:serverless
+        command: .buildkite/scripts/pipelines/security_solution_quality_gate/api_integration/api-integration-tests.sh exception_operators_integer:essentials:qa:serverless
+        key: exception_operators_integer:essentials:qa:serverless
+        agents:
+          image: family/kibana-ubuntu-2004
+          imageProject: elastic-images-prod
+          provider: gcp
+          machineType: n2-standard-4
+          preemptible: true
+        timeout_in_minutes: 120
+        retry:
+          automatic:
+            - exit_status: '1'
               limit: 2
 
       - label: Running exception_operators_keyword:essentials:qa:serverless
@@ -137,7 +182,7 @@ steps:
         timeout_in_minutes: 120
         retry:
           automatic:
-            - exit_status: "1"
+            - exit_status: '1'
               limit: 2
 
       - label: Running exception_operators_ips:essentials:qa:serverless
@@ -152,7 +197,7 @@ steps:
         timeout_in_minutes: 120
         retry:
           automatic:
-            - exit_status: "1"
+            - exit_status: '1'
               limit: 2
 
       - label: Running exception_operators_long:essentials:qa:serverless
@@ -167,7 +212,7 @@ steps:
         timeout_in_minutes: 120
         retry:
           automatic:
-            - exit_status: "1"
+            - exit_status: '1'
               limit: 2
 
       - label: Running exception_operators_text:essentials:qa:serverless
@@ -182,7 +227,7 @@ steps:
         timeout_in_minutes: 120
         retry:
           automatic:
-            - exit_status: "1"
+            - exit_status: '1'
               limit: 2
 
       - label: Running actions:qa:serverless
@@ -197,7 +242,7 @@ steps:
         timeout_in_minutes: 120
         retry:
           automatic:
-            - exit_status: "1"
+            - exit_status: '1'
               limit: 2
 
       - label: Running alerts:qa:serverless
@@ -212,7 +257,7 @@ steps:
         timeout_in_minutes: 120
         retry:
           automatic:
-            - exit_status: "1"
+            - exit_status: '1'
               limit: 2
 
       - label: Running alerts:essentials:qa:serverless
@@ -227,12 +272,12 @@ steps:
         timeout_in_minutes: 120
         retry:
           automatic:
-            - exit_status: "1"
+            - exit_status: '1'
               limit: 2
 
-      - label: Running rule_execution_logic:qa:serverless
-        command: .buildkite/scripts/pipelines/security_solution_quality_gate/api_integration/api-integration-tests.sh rule_execution_logic:qa:serverless
-        key: rule_execution_logic:qa:serverless
+      - label: Running rule_execution_logic:eql:qa:serverless
+        command: .buildkite/scripts/pipelines/security_solution_quality_gate/api_integration/api-integration-tests.sh rule_execution_logic:eql:qa:serverless
+        key: rule_execution_logic:eql:qa:serverless
         agents:
           image: family/kibana-ubuntu-2004
           imageProject: elastic-images-prod
@@ -242,5 +287,110 @@ steps:
         timeout_in_minutes: 120
         retry:
           automatic:
-            - exit_status: "1"
+            - exit_status: '1'
+              limit: 2
+
+      - label: Running rule_execution_logic:esql:qa:serverless
+        command: .buildkite/scripts/pipelines/security_solution_quality_gate/api_integration/api-integration-tests.sh rule_execution_logic:esql:qa:serverless
+        key: rule_execution_logic:esql:qa:serverless
+        agents:
+          image: family/kibana-ubuntu-2004
+          imageProject: elastic-images-prod
+          provider: gcp
+          machineType: n2-standard-4
+          preemptible: true
+        timeout_in_minutes: 120
+        retry:
+          automatic:
+            - exit_status: '1'
+              limit: 2
+
+      - label: Running rule_execution_logic:general_logic:qa:serverless
+        command: .buildkite/scripts/pipelines/security_solution_quality_gate/api_integration/api-integration-tests.sh rule_execution_logic:general_logic:qa:serverless
+        key: rule_execution_logic:general_logic:qa:serverless
+        agents:
+          image: family/kibana-ubuntu-2004
+          imageProject: elastic-images-prod
+          provider: gcp
+          machineType: n2-standard-4
+          preemptible: true
+        timeout_in_minutes: 120
+        retry:
+          automatic:
+            - exit_status: '1'
+              limit: 2
+
+      - label: Running rule_execution_logic:indicator_match:qa:serverless
+        command: .buildkite/scripts/pipelines/security_solution_quality_gate/api_integration/api-integration-tests.sh rule_execution_logic:indicator_match:qa:serverless
+        key: rule_execution_logic:indicator_match:qa:serverless
+        agents:
+          image: family/kibana-ubuntu-2004
+          imageProject: elastic-images-prod
+          provider: gcp
+          machineType: n2-standard-4
+          preemptible: true
+        timeout_in_minutes: 120
+        retry:
+          automatic:
+            - exit_status: '1'
+              limit: 2
+
+      - label: Running rule_execution_logic:machine_learning:qa:serverless
+        command: .buildkite/scripts/pipelines/security_solution_quality_gate/api_integration/api-integration-tests.sh rule_execution_logic:machine_learning:qa:serverless
+        key: rule_execution_logic:machine_learning:qa:serverless
+        agents:
+          image: family/kibana-ubuntu-2004
+          imageProject: elastic-images-prod
+          provider: gcp
+          machineType: n2-standard-4
+          preemptible: true
+        timeout_in_minutes: 120
+        retry:
+          automatic:
+            - exit_status: '1'
+              limit: 2
+
+      - label: Running rule_execution_logic:new_terms:qa:serverless
+        command: .buildkite/scripts/pipelines/security_solution_quality_gate/api_integration/api-integration-tests.sh rule_execution_logic:new_terms:qa:serverless
+        key: rule_execution_logic:new_terms:qa:serverless
+        agents:
+          image: family/kibana-ubuntu-2004
+          imageProject: elastic-images-prod
+          provider: gcp
+          machineType: n2-standard-4
+          preemptible: true
+        timeout_in_minutes: 120
+        retry:
+          automatic:
+            - exit_status: '1'
+              limit: 2
+
+      - label: Running rule_execution_logic:query:qa:serverless
+        command: .buildkite/scripts/pipelines/security_solution_quality_gate/api_integration/api-integration-tests.sh rule_execution_logic:query:qa:serverless
+        key: rule_execution_logic:query:qa:serverless
+        agents:
+          image: family/kibana-ubuntu-2004
+          imageProject: elastic-images-prod
+          provider: gcp
+          machineType: n2-standard-4
+          preemptible: true
+        timeout_in_minutes: 120
+        retry:
+          automatic:
+            - exit_status: '1'
+              limit: 2
+
+      - label: Running rule_execution_logic:threshold:qa:serverless
+        command: .buildkite/scripts/pipelines/security_solution_quality_gate/api_integration/api-integration-tests.sh rule_execution_logic:threshold:qa:serverless
+        key: rule_execution_logic:threshold:qa:serverless
+        agents:
+          image: family/kibana-ubuntu-2004
+          imageProject: elastic-images-prod
+          provider: gcp
+          machineType: n2-standard-4
+          preemptible: true
+        timeout_in_minutes: 120
+        retry:
+          automatic:
+            - exit_status: '1'
               limit: 2

.buildkite/pipelines/security_solution_quality_gate/mki_quality_gate/mki_quality_gate_detection_engine.yml

@@ -103,9 +103,51 @@ steps:
             - exit_status: "1"
               limit: 2
 
-      - label: Running exception_operators_date_numeric_types:essentials:qa:serverless:release
-        command: .buildkite/scripts/pipelines/security_solution_quality_gate/api_integration/api-integration-tests.sh exception_operators_date_numeric_types:essentials:qa:serverless:release
-        key: exception_operators_date_numeric_types:essentials:qa:serverless:release
+      - label: Running exception_operators_date_types:essentials:qa:serverless:release
+        command: .buildkite/scripts/pipelines/security_solution_quality_gate/api_integration/api-integration-tests.sh exception_operators_date_types:essentials:qa:serverless:release
+        key: exception_operators_date_types:essentials:qa:serverless:release
+        agents:
+          image: family/kibana-ubuntu-2004
+          imageProject: elastic-images-prod
+          provider: gcp
+          machineType: n2-standard-4
+        timeout_in_minutes: 120
+        retry:
+          automatic:
+            - exit_status: "1"
+              limit: 2
+
+      - label: Running exception_operators_double:essentials:qa:serverless:release
+        command: .buildkite/scripts/pipelines/security_solution_quality_gate/api_integration/api-integration-tests.sh exception_operators_double:essentials:qa:serverless:release
+        key: exception_operators_double:essentials:qa:serverless:release
+        agents:
+          image: family/kibana-ubuntu-2004
+          imageProject: elastic-images-prod
+          provider: gcp
+          machineType: n2-standard-4
+        timeout_in_minutes: 120
+        retry:
+          automatic:
+            - exit_status: "1"
+              limit: 2
+
+      - label: Running exception_operators_float:essentials:qa:serverless:release
+        command: .buildkite/scripts/pipelines/security_solution_quality_gate/api_integration/api-integration-tests.sh exception_operators_float:essentials:qa:serverless:release
+        key: exception_operators_float:essentials:qa:serverless:release
+        agents:
+          image: family/kibana-ubuntu-2004
+          imageProject: elastic-images-prod
+          provider: gcp
+          machineType: n2-standard-4
+        timeout_in_minutes: 120
+        retry:
+          automatic:
+            - exit_status: "1"
+              limit: 2
+
+      - label: Running exception_operators_integer:essentials:qa:serverless:release
+        command: .buildkite/scripts/pipelines/security_solution_quality_gate/api_integration/api-integration-tests.sh exception_operators_integer:essentials:qa:serverless:release
+        key: exception_operators_integer:essentials:qa:serverless:release
         agents:
           image: family/kibana-ubuntu-2004
           imageProject: elastic-images-prod
@@ -215,9 +257,107 @@ steps:
             - exit_status: "1"
               limit: 2
 
-      - label: Running rule_execution_logic:qa:serverless:release
-        command: .buildkite/scripts/pipelines/security_solution_quality_gate/api_integration/api-integration-tests.sh rule_execution_logic:qa:serverless:release
-        key: rule_execution_logic:qa:serverless:release
+      - label: Running rule_execution_logic:eql:qa:serverless:release
+        command: .buildkite/scripts/pipelines/security_solution_quality_gate/api_integration/api-integration-tests.sh rule_execution_logic:eql:qa:serverless:release
+        key: rule_execution_logic:eql:qa:serverless:release
+        agents:
+          image: family/kibana-ubuntu-2004
+          imageProject: elastic-images-prod
+          provider: gcp
+          machineType: n2-standard-4
+        timeout_in_minutes: 120
+        retry:
+          automatic:
+            - exit_status: "1"
+              limit: 2
+
+- label: Running rule_execution_logic:esql:qa:serverless:release
+        command: .buildkite/scripts/pipelines/security_solution_quality_gate/api_integration/api-integration-tests.sh rule_execution_logic:esql:qa:serverless:release
+        key: rule_execution_logic:esql:qa:serverless:release
+        agents:
+          image: family/kibana-ubuntu-2004
+          imageProject: elastic-images-prod
+          provider: gcp
+          machineType: n2-standard-4
+        timeout_in_minutes: 120
+        retry:
+          automatic:
+            - exit_status: "1"
+              limit: 2
+
+- label: Running rule_execution_logic:general_logic:qa:serverless:release
+        command: .buildkite/scripts/pipelines/security_solution_quality_gate/api_integration/api-integration-tests.sh rule_execution_logic:general_logic:qa:serverless:release
+        key: rule_execution_logic:general_logic:qa:serverless:release
+        agents:
+          image: family/kibana-ubuntu-2004
+          imageProject: elastic-images-prod
+          provider: gcp
+          machineType: n2-standard-4
+        timeout_in_minutes: 120
+        retry:
+          automatic:
+            - exit_status: "1"
+              limit: 2
+
+- label: Running rule_execution_logic:indicator_match:qa:serverless:release
+        command: .buildkite/scripts/pipelines/security_solution_quality_gate/api_integration/api-integration-tests.sh rule_execution_logic:indicator_match:qa:serverless:release
+        key: rule_execution_logic:indicator_match:qa:serverless:release
+        agents:
+          image: family/kibana-ubuntu-2004
+          imageProject: elastic-images-prod
+          provider: gcp
+          machineType: n2-standard-4
+        timeout_in_minutes: 120
+        retry:
+          automatic:
+            - exit_status: "1"
+              limit: 2
+
+- label: Running rule_execution_logic:machine_learning:qa:serverless:release
+        command: .buildkite/scripts/pipelines/security_solution_quality_gate/api_integration/api-integration-tests.sh rule_execution_logic:machine_learning:qa:serverless:release
+        key: rule_execution_logic:machine_learning:qa:serverless:release
+        agents:
+          image: family/kibana-ubuntu-2004
+          imageProject: elastic-images-prod
+          provider: gcp
+          machineType: n2-standard-4
+        timeout_in_minutes: 120
+        retry:
+          automatic:
+            - exit_status: "1"
+              limit: 2
+
+- label: Running rule_execution_logic:new_terms:qa:serverless:release
+        command: .buildkite/scripts/pipelines/security_solution_quality_gate/api_integration/api-integration-tests.sh rule_execution_logic:new_terms:qa:serverless:release
+        key: rule_execution_logic:new_terms:qa:serverless:release
+        agents:
+          image: family/kibana-ubuntu-2004
+          imageProject: elastic-images-prod
+          provider: gcp
+          machineType: n2-standard-4
+        timeout_in_minutes: 120
+        retry:
+          automatic:
+            - exit_status: "1"
+              limit: 2
+
+- label: Running rule_execution_logic:query:qa:serverless:release
+        command: .buildkite/scripts/pipelines/security_solution_quality_gate/api_integration/api-integration-tests.sh rule_execution_logic:query:qa:serverless:release
+        key: rule_execution_logic:query:qa:serverless:release
+        agents:
+          image: family/kibana-ubuntu-2004
+          imageProject: elastic-images-prod
+          provider: gcp
+          machineType: n2-standard-4
+        timeout_in_minutes: 120
+        retry:
+          automatic:
+            - exit_status: "1"
+              limit: 2
+
+- label: Running rule_execution_logic:threshold:qa:serverless:release
+        command: .buildkite/scripts/pipelines/security_solution_quality_gate/api_integration/api-integration-tests.sh rule_execution_logic:threshold:qa:serverless:release
+        key: rule_execution_logic:threshold:qa:serverless:release
         agents:
           image: family/kibana-ubuntu-2004
           imageProject: elastic-images-prod

x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/threshold/get_threshold_signal_history.ts

@@ -46,6 +46,9 @@ export const getThresholdSignalHistory = async ({
   const response = await esClient.search({
     ...request,
     index: indexPattern,
+    // If alerts index is not yet created,
+    // do not throw a 404
+    ignore_unavailable: true,
   });
   return {
     signalHistory: buildThresholdSignalHistory({ alerts: response.hits.hits }),

x-pack/test/security_solution_api_integration/package.json

@@ -171,12 +171,33 @@
     "exception_workflows:basic:server:ess": "npm run initialize-server:de:basic_essentials exceptions/workflows ess",
     "exception_workflows:basic:runner:ess": "npm run run-tests:de:basic_essentials exceptions/workflows ess essEnv",
 
-    "exception_operators_date_numeric_types:essentials:server:serverless": "npm run initialize-server:de:basic_essentials exceptions/operators_data_types/date_numeric_types serverless",
-    "exception_operators_date_numeric_types:essentials:runner:serverless": "npm run run-tests:de:basic_essentials exceptions/operators_data_types/date_numeric_types serverless serverlessEnv",
-    "exception_operators_date_numeric_types:essentials:qa:serverless": "npm run run-tests:de:basic_essentials exceptions/operators_data_types/date_numeric_types serverless qaPeriodicEnv",
-    "exception_operators_date_numeric_types:essentials:qa:serverless:release": "npm run run-tests:de:basic_essentials exceptions/operators_data_types/date_numeric_types serverless qaEnv",
-    "exception_operators_date_numeric_types:basic:server:ess": "npm run initialize-server:de:basic_essentials exceptions/operators_data_types/date_numeric_types ess",
-    "exception_operators_date_numeric_types:basic:runner:ess": "npm run run-tests:de:basic_essentials exceptions/operators_data_types/date_numeric_types ess essEnv",
+    "exception_operators_date_types:essentials:server:serverless": "npm run initialize-server:de:basic_essentials exceptions/operators_data_types/date_types serverless",
+    "exception_operators_date_types:essentials:runner:serverless": "npm run run-tests:de:basic_essentials exceptions/operators_data_types/date_types serverless serverlessEnv",
+    "exception_operators_date_types:essentials:qa:serverless": "npm run run-tests:de:basic_essentials exceptions/operators_data_types/date_types serverless qaPeriodicEnv",
+    "exception_operators_date_types:essentials:qa:serverless:release": "npm run run-tests:de:basic_essentials exceptions/operators_data_types/date_types serverless qaEnv",
+    "exception_operators_date_types:basic:server:ess": "npm run initialize-server:de:basic_essentials exceptions/operators_data_types/date_types ess",
+    "exception_operators_date_types:basic:runner:ess": "npm run run-tests:de:basic_essentials exceptions/operators_data_types/date_types ess essEnv",
+
+    "exception_operators_double:essentials:server:serverless": "npm run initialize-server:de:basic_essentials exceptions/operators_data_types/double serverless",
+    "exception_operators_double:essentials:runner:serverless": "npm run run-tests:de:basic_essentials exceptions/operators_data_types/double serverless serverlessEnv",
+    "exception_operators_double:essentials:qa:serverless": "npm run run-tests:de:basic_essentials exceptions/operators_data_types/double serverless qaPeriodicEnv",
+    "exception_operators_double:essentials:qa:serverless:release": "npm run run-tests:de:basic_essentials exceptions/operators_data_types/double serverless qaEnv",
+    "exception_operators_double:basic:server:ess": "npm run initialize-server:de:basic_essentials exceptions/operators_data_types/double ess",
+    "exception_operators_double:basic:runner:ess": "npm run run-tests:de:basic_essentials exceptions/operators_data_types/double ess essEnv",
+
+    "exception_operators_float:essentials:server:serverless": "npm run initialize-server:de:basic_essentials exceptions/operators_data_types/float serverless",
+    "exception_operators_float:essentials:runner:serverless": "npm run run-tests:de:basic_essentials exceptions/operators_data_types/float serverless serverlessEnv",
+    "exception_operators_float:essentials:qa:serverless": "npm run run-tests:de:basic_essentials exceptions/operators_data_types/float serverless qaPeriodicEnv",
+    "exception_operators_float:essentials:qa:serverless:release": "npm run run-tests:de:basic_essentials exceptions/operators_data_types/float serverless qaEnv",
+    "exception_operators_float:basic:server:ess": "npm run initialize-server:de:basic_essentials exceptions/operators_data_types/float ess",
+    "exception_operators_float:basic:runner:ess": "npm run run-tests:de:basic_essentials exceptions/operators_data_types/float ess essEnv",
+
+    "exception_operators_integer:essentials:server:serverless": "npm run initialize-server:de:basic_essentials exceptions/operators_data_types/integer serverless",
+    "exception_operators_integer:essentials:runner:serverless": "npm run run-tests:de:basic_essentials exceptions/operators_data_types/integer serverless serverlessEnv",
+    "exception_operators_integer:essentials:qa:serverless": "npm run run-tests:de:basic_essentials exceptions/operators_data_types/integer serverless qaPeriodicEnv",
+    "exception_operators_integer:essentials:qa:serverless:release": "npm run run-tests:de:basic_essentials exceptions/operators_data_types/integer serverless qaEnv",
+    "exception_operators_integer:basic:server:ess": "npm run initialize-server:de:basic_essentials exceptions/operators_data_types/integer ess",
+    "exception_operators_integer:basic:runner:ess": "npm run run-tests:de:basic_essentials exceptions/operators_data_types/integer ess essEnv",
 
     "exception_operators_keyword:essentials:server:serverless": "npm run initialize-server:de:basic_essentials exceptions/operators_data_types/keyword serverless",
     "exception_operators_keyword:essentials:runner:serverless": "npm run run-tests:de:basic_essentials  exceptions/operators_data_types/keyword serverless serverlessEnv",
@@ -227,12 +248,61 @@
     "alerts:basic:server:ess": "npm run initialize-server:de:basic_essentials alerts ess",
     "alerts:basic:runner:ess": "npm run run-tests:de:basic_essentials alerts ess essEnv",
 
-    "rule_execution_logic:server:serverless": "npm run initialize-server:de rule_execution_logic serverless",
-    "rule_execution_logic:runner:serverless": "npm run run-tests:de rule_execution_logic serverless serverlessEnv",
-    "rule_execution_logic:qa:serverless": "npm run run-tests:de rule_execution_logic serverless qaPeriodicEnv",
-    "rule_execution_logic:qa:serverless:release": "npm run run-tests:de rule_execution_logic serverless qaEnv",
-    "rule_execution_logic:server:ess": "npm run initialize-server:de rule_execution_logic ess",
-    "rule_execution_logic:runner:ess": "npm run run-tests:de rule_execution_logic ess essEnv",
+    "rule_execution_logic:eql:server:serverless": "npm run initialize-server:de rule_execution_logic/eql serverless",
+    "rule_execution_logic:eql:runner:serverless": "npm run run-tests:de rule_execution_logic/eql serverless serverlessEnv",
+    "rule_execution_logic:eql:qa:serverless": "npm run run-tests:de rule_execution_logic/eql serverless qaPeriodicEnv",
+    "rule_execution_logic:eql:qa:serverless:release": "npm run run-tests:de rule_execution_logic/eql serverless qaEnv",
+    "rule_execution_logic:eql:server:ess": "npm run initialize-server:de rule_execution_logic/eql ess",
+    "rule_execution_logic:eql:runner:ess": "npm run run-tests:de rule_execution_logic/eql ess essEnv",
+
+    "rule_execution_logic:esql:server:serverless": "npm run initialize-server:de rule_execution_logic/esql serverless",
+    "rule_execution_logic:esql:runner:serverless": "npm run run-tests:de rule_execution_logic/esql serverless serverlessEnv",
+    "rule_execution_logic:esql:qa:serverless": "npm run run-tests:de rule_execution_logic/esql serverless qaPeriodicEnv",
+    "rule_execution_logic:esql:qa:serverless:release": "npm run run-tests:de rule_execution_logic/esql serverless qaEnv",
+    "rule_execution_logic:esql:server:ess": "npm run initialize-server:de rule_execution_logic/esql ess",
+    "rule_execution_logic:esql:runner:ess": "npm run run-tests:de rule_execution_logic/esql ess essEnv",
+
+    "rule_execution_logic:general_logic:server:serverless": "npm run initialize-server:de rule_execution_logic/general_logic serverless",
+    "rule_execution_logic:general_logic:runner:serverless": "npm run run-tests:de rule_execution_logic/general_logic serverless serverlessEnv",
+    "rule_execution_logic:general_logic:qa:serverless": "npm run run-tests:de rule_execution_logic/general_logic serverless qaPeriodicEnv",
+    "rule_execution_logic:general_logic:qa:serverless:release": "npm run run-tests:de rule_execution_logic/general_logic serverless qaEnv",
+    "rule_execution_logic:general_logic:server:ess": "npm run initialize-server:de rule_execution_logic/general_logic ess",
+    "rule_execution_logic:general_logic:runner:ess": "npm run run-tests:de rule_execution_logic/general_logic ess essEnv",
+
+    "rule_execution_logic:indicator_match:server:serverless": "npm run initialize-server:de rule_execution_logic/indicator_match serverless",
+    "rule_execution_logic:indicator_match:runner:serverless": "npm run run-tests:de rule_execution_logic/indicator_match serverless serverlessEnv",
+    "rule_execution_logic:indicator_match:qa:serverless": "npm run run-tests:de rule_execution_logic/indicator_match serverless qaPeriodicEnv",
+    "rule_execution_logic:indicator_match:qa:serverless:release": "npm run run-tests:de rule_execution_logic/indicator_match serverless qaEnv",
+    "rule_execution_logic:indicator_match:server:ess": "npm run initialize-server:de rule_execution_logic/indicator_match ess",
+    "rule_execution_logic:indicator_match:runner:ess": "npm run run-tests:de rule_execution_logic/indicator_match ess essEnv",
+
+    "rule_execution_logic:machine_learning:server:serverless": "npm run initialize-server:de rule_execution_logic/machine_learning serverless",
+    "rule_execution_logic:machine_learning:runner:serverless": "npm run run-tests:de rule_execution_logic/machine_learning serverless serverlessEnv",
+    "rule_execution_logic:machine_learning:qa:serverless": "npm run run-tests:de rule_execution_logic/machine_learning serverless qaPeriodicEnv",
+    "rule_execution_logic:machine_learning:qa:serverless:release": "npm run run-tests:de rule_execution_logic/machine_learning serverless qaEnv",
+    "rule_execution_logic:machine_learning:server:ess": "npm run initialize-server:de rule_execution_logic/machine_learning ess",
+    "rule_execution_logic:machine_learning:runner:ess": "npm run run-tests:de rule_execution_logic/machine_learning ess essEnv",
+
+    "rule_execution_logic:new_terms:server:serverless": "npm run initialize-server:de rule_execution_logic/new_terms serverless",
+    "rule_execution_logic:new_terms:runner:serverless": "npm run run-tests:de rule_execution_logic/new_terms serverless serverlessEnv",
+    "rule_execution_logic:new_terms:qa:serverless": "npm run run-tests:de rule_execution_logic/new_terms serverless qaPeriodicEnv",
+    "rule_execution_logic:new_terms:qa:serverless:release": "npm run run-tests:de rule_execution_logic/new_terms serverless qaEnv",
+    "rule_execution_logic:new_terms:server:ess": "npm run initialize-server:de rule_execution_logic/new_terms ess",
+    "rule_execution_logic:new_terms:runner:ess": "npm run run-tests:de rule_execution_logic/new_terms ess essEnv",
+
+    "rule_execution_logic:query:server:serverless": "npm run initialize-server:de rule_execution_logic/query serverless",
+    "rule_execution_logic:query:runner:serverless": "npm run run-tests:de rule_execution_logic/query serverless serverlessEnv",
+    "rule_execution_logic:query:qa:serverless": "npm run run-tests:de rule_execution_logic/query serverless qaPeriodicEnv",
+    "rule_execution_logic:query:qa:serverless:release": "npm run run-tests:de rule_execution_logic/query serverless qaEnv",
+    "rule_execution_logic:query:server:ess": "npm run initialize-server:de rule_execution_logic/query ess",
+    "rule_execution_logic:query:runner:ess": "npm run run-tests:de rule_execution_logic/query ess essEnv",
+
+    "rule_execution_logic:threshold:server:serverless": "npm run initialize-server:de rule_execution_logic/threshold serverless",
+    "rule_execution_logic:threshold:runner:serverless": "npm run run-tests:de rule_execution_logic/threshold serverless serverlessEnv",
+    "rule_execution_logic:threshold:qa:serverless": "npm run run-tests:de rule_execution_logic/threshold serverless qaPeriodicEnv",
+    "rule_execution_logic:threshold:qa:serverless:release": "npm run run-tests:de rule_execution_logic/threshold serverless qaEnv",
+    "rule_execution_logic:threshold:server:ess": "npm run initialize-server:de rule_execution_logic/threshold ess",
+    "rule_execution_logic:threshold:runner:ess": "npm run run-tests:de rule_execution_logic/threshold ess essEnv",
 
     "rule_gaps:server:serverless": "npm run initialize-server:de rule_gaps serverless",
     "rule_gaps:runner:serverless": "npm run run-tests:de rule_gaps serverless serverlessEnv",

x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/exceptions/operators_data_types/date_types/basic_license_essentials_tier/configs/ess.config.ts

@@ -17,7 +17,7 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) {
     testFiles: [require.resolve('..')],
     junit: {
       reportName:
-        'Detection Engine - Exception Operators Date & Numeric Types Integration Tests - ESS Env - Basic License',
+        'Detection Engine - Exception Operators Date Types Integration Tests - ESS Env - Basic License',
     },
   };
 }

x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/exceptions/operators_data_types/date_types/basic_license_essentials_tier/configs/serverless.config.ts

@@ -11,6 +11,6 @@ export default createTestConfig({
   testFiles: [require.resolve('..')],
   junit: {
     reportName:
-      'Detection Engine - Exception Operators Date & Numeric Types Integration Tests - Serverless Env - Essentials Tier',
+      'Detection Engine - Exception Operators Date Types Integration Tests - Serverless Env - Essentials Tier',
   },
 });

x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/exceptions/operators_data_types/date_types/basic_license_essentials_tier/index.ts

@@ -0,0 +1,13 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import { FtrProviderContext } from '../../../../../../../ftr_provider_context';
+
+export default ({ loadTestFile }: FtrProviderContext): void => {
+  describe('Detection Engine - Exceptions data types', function () {
+    loadTestFile(require.resolve('./date'));
+  });
+};

x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/exceptions/operators_data_types/double/basic_license_essentials_tier/configs/ess.config.ts

@@ -0,0 +1,23 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { FtrConfigProviderContext } from '@kbn/test';
+
+export default async function ({ readConfigFile }: FtrConfigProviderContext) {
+  const functionalConfig = await readConfigFile(
+    require.resolve('../../../../../../../../config/ess/config.base.basic')
+  );
+
+  return {
+    ...functionalConfig.getAll(),
+    testFiles: [require.resolve('..')],
+    junit: {
+      reportName:
+        'Detection Engine - Exception Operators Double Types Integration Tests - ESS Env - Basic License',
+    },
+  };
+}

x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/exceptions/operators_data_types/double/basic_license_essentials_tier/configs/serverless.config.ts

@@ -0,0 +1,16 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { createTestConfig } from '../../../../../../../../config/serverless/config.base.essentials';
+
+export default createTestConfig({
+  testFiles: [require.resolve('..')],
+  junit: {
+    reportName:
+      'Detection Engine - Exception Operators Double Types Integration Tests - Serverless Env - Essentials Tier',
+  },
+});

x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/exceptions/operators_data_types/double/basic_license_essentials_tier/index.ts

@@ -0,0 +1,13 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import { FtrProviderContext } from '../../../../../../../ftr_provider_context';
+
+export default ({ loadTestFile }: FtrProviderContext): void => {
+  describe('Detection Engine - Exceptions double types', function () {
+    loadTestFile(require.resolve('./double'));
+  });
+};

x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/exceptions/operators_data_types/float/basic_license_essentials_tier/configs/ess.config.ts

@@ -0,0 +1,23 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { FtrConfigProviderContext } from '@kbn/test';
+
+export default async function ({ readConfigFile }: FtrConfigProviderContext) {
+  const functionalConfig = await readConfigFile(
+    require.resolve('../../../../../../../../config/ess/config.base.basic')
+  );
+
+  return {
+    ...functionalConfig.getAll(),
+    testFiles: [require.resolve('..')],
+    junit: {
+      reportName:
+        'Detection Engine - Exception Operators Float Types Integration Tests - ESS Env - Basic License',
+    },
+  };
+}

x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/exceptions/operators_data_types/float/basic_license_essentials_tier/configs/serverless.config.ts

@@ -0,0 +1,16 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { createTestConfig } from '../../../../../../../../config/serverless/config.base.essentials';
+
+export default createTestConfig({
+  testFiles: [require.resolve('..')],
+  junit: {
+    reportName:
+      'Detection Engine - Exception Operators Float Types Integration Tests - Serverless Env - Essentials Tier',
+  },
+});

x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/exceptions/operators_data_types/float/basic_license_essentials_tier/index.ts

@@ -0,0 +1,13 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import { FtrProviderContext } from '../../../../../../../ftr_provider_context';
+
+export default ({ loadTestFile }: FtrProviderContext): void => {
+  describe('Detection Engine - Exceptions float types', function () {
+    loadTestFile(require.resolve('./float'));
+  });
+};

x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/exceptions/operators_data_types/integer/basic_license_essentials_tier/configs/ess.config.ts

@@ -0,0 +1,23 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { FtrConfigProviderContext } from '@kbn/test';
+
+export default async function ({ readConfigFile }: FtrConfigProviderContext) {
+  const functionalConfig = await readConfigFile(
+    require.resolve('../../../../../../../../config/ess/config.base.basic')
+  );
+
+  return {
+    ...functionalConfig.getAll(),
+    testFiles: [require.resolve('..')],
+    junit: {
+      reportName:
+        'Detection Engine - Exception Operators Integer Types Integration Tests - ESS Env - Basic License',
+    },
+  };
+}

x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/exceptions/operators_data_types/integer/basic_license_essentials_tier/configs/serverless.config.ts

@@ -0,0 +1,16 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { createTestConfig } from '../../../../../../../../config/serverless/config.base.essentials';
+
+export default createTestConfig({
+  testFiles: [require.resolve('..')],
+  junit: {
+    reportName:
+      'Detection Engine - Exception Operators Integer Types Integration Tests - Serverless Env - Essentials Tier',
+  },
+});

x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/exceptions/operators_data_types/integer/basic_license_essentials_tier/index.ts

@@ -7,10 +7,7 @@
 import { FtrProviderContext } from '../../../../../../../ftr_provider_context';
 
 export default ({ loadTestFile }: FtrProviderContext): void => {
-  describe('Detection Engine - Exceptions data and numeric types', function () {
-    loadTestFile(require.resolve('./date'));
-    loadTestFile(require.resolve('./double'));
-    loadTestFile(require.resolve('./float'));
+  describe('Detection Engine - Exceptions integer types', function () {
     loadTestFile(require.resolve('./integer'));
   });
 };

x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/eql/trial_license_complete_tier/configs/ess.config.ts

@@ -0,0 +1,23 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { FtrConfigProviderContext } from '@kbn/test';
+
+export default async function ({ readConfigFile }: FtrConfigProviderContext) {
+  const functionalConfig = await readConfigFile(
+    require.resolve('../../../../../../../config/ess/config.base.trial')
+  );
+
+  return {
+    ...functionalConfig.getAll(),
+    testFiles: [require.resolve('..')],
+    junit: {
+      reportName:
+        'Detection Engine - EQL Rule Execution Logic Integration Tests - ESS Env - Trial License',
+    },
+  };
+}

x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/eql/trial_license_complete_tier/configs/serverless.config.ts

@@ -0,0 +1,21 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import { createTestConfig } from '../../../../../../../config/serverless/config.base';
+
+export default createTestConfig({
+  testFiles: [require.resolve('..')],
+  junit: {
+    reportName:
+      'Detection Engine - EQL Rule Execution Logic Integration Tests - Serverless Env - Complete Tier',
+  },
+  kbnTestServerArgs: [
+    `--xpack.securitySolution.alertIgnoreFields=${JSON.stringify([
+      'testing_ignored.constant',
+      '/testing_regex*/',
+    ])}`, // See tests within the file "ignore_fields.ts" which use these values in "alertIgnoreFields"
+  ],
+});

x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/eql/trial_license_complete_tier/eql.ts

@@ -55,7 +55,7 @@ import {
 } from '../../../../../../../common/utils/security_solution';
 import { FtrProviderContext } from '../../../../../../ftr_provider_context';
 import { EsArchivePathBuilder } from '../../../../../../es_archive_path_builder';
-import { getMetricsRequest, getMetricsWithRetry } from './utils';
+import { getMetricsRequest, getMetricsWithRetry } from '../../utils';
 
 /**
  * Specific AGENT_ID to use for some of the tests. If the archiver changes and you see errors

x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/eql/trial_license_complete_tier/index.ts

@@ -0,0 +1,15 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { FtrProviderContext } from '../../../../../../ftr_provider_context';
+
+export default function ({ loadTestFile }: FtrProviderContext) {
+  describe('EQL execution logic API', function () {
+    loadTestFile(require.resolve('./eql'));
+    loadTestFile(require.resolve('./eql_alert_suppression'));
+  });
+}

x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/esql/trial_license_complete_tier/configs/ess.config.ts

@@ -0,0 +1,23 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { FtrConfigProviderContext } from '@kbn/test';
+
+export default async function ({ readConfigFile }: FtrConfigProviderContext) {
+  const functionalConfig = await readConfigFile(
+    require.resolve('../../../../../../../config/ess/config.base.trial')
+  );
+
+  return {
+    ...functionalConfig.getAll(),
+    testFiles: [require.resolve('..')],
+    junit: {
+      reportName:
+        'Detection Engine - ESQL Rule Execution Logic Integration Tests - ESS Env - Trial License',
+    },
+  };
+}

x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/esql/trial_license_complete_tier/configs/serverless.config.ts

@@ -0,0 +1,21 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import { createTestConfig } from '../../../../../../../config/serverless/config.base';
+
+export default createTestConfig({
+  testFiles: [require.resolve('..')],
+  junit: {
+    reportName:
+      'Detection Engine - ESQL Rule Execution Logic Integration Tests - Serverless Env - Complete Tier',
+  },
+  kbnTestServerArgs: [
+    `--xpack.securitySolution.alertIgnoreFields=${JSON.stringify([
+      'testing_ignored.constant',
+      '/testing_regex*/',
+    ])}`, // See tests within the file "ignore_fields.ts" which use these values in "alertIgnoreFields"
+  ],
+});

x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/esql/trial_license_complete_tier/index.ts

@@ -0,0 +1,15 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { FtrProviderContext } from '../../../../../../ftr_provider_context';
+
+export default function ({ loadTestFile }: FtrProviderContext) {
+  describe('ESQL execution logic API', function () {
+    loadTestFile(require.resolve('./esql'));
+    loadTestFile(require.resolve('./esql_suppression'));
+  });
+}

x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/general_logic/trial_license_complete_tier/configs/ess.config.ts

@@ -9,7 +9,7 @@ import { FtrConfigProviderContext } from '@kbn/test';
 
 export default async function ({ readConfigFile }: FtrConfigProviderContext) {
   const functionalConfig = await readConfigFile(
-    require.resolve('../../../../../../config/ess/config.base.trial')
+    require.resolve('../../../../../../../config/ess/config.base.trial')
   );
 
   return {
@@ -17,7 +17,7 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) {
     testFiles: [require.resolve('..')],
     junit: {
       reportName:
-        'Detection Engine - Rule Execution Logic Integration Tests - ESS Env - Trial License',
+        'Detection Engine - General Execution Logic Integration Tests - ESS Env - Trial License',
     },
   };
 }

x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/general_logic/trial_license_complete_tier/configs/serverless.config.ts

@@ -4,13 +4,13 @@
  * 2.0; you may not use this file except in compliance with the Elastic License
  * 2.0.
  */
-import { createTestConfig } from '../../../../../../config/serverless/config.base';
+import { createTestConfig } from '../../../../../../../config/serverless/config.base';
 
 export default createTestConfig({
   testFiles: [require.resolve('..')],
   junit: {
     reportName:
-      'Detection Engine - Rule Execution Logic Integration Tests - Serverless Env - Complete Tier',
+      'Detection Engine - General Execution Logic Integration Tests - Serverless Env - Complete Tier',
   },
   kbnTestServerArgs: [
     `--xpack.securitySolution.alertIgnoreFields=${JSON.stringify([

x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/general_logic/trial_license_complete_tier/ignore_fields.ts

@@ -7,7 +7,6 @@
 
 import expect from '@kbn/expect';
 
-import { getEqlRuleForAlertTesting } from '../../../utils';
 import {
   createRule,
   createAlertsIndex,
@@ -16,7 +15,7 @@ import {
   getAlertsById,
   waitForRuleSuccess,
   waitForAlertsToBePresent,
-} from '../../../../../../common/utils/security_solution';
+} from '../../../../../../../common/utils/security_solution';
 
 interface Ignore {
   normal_constant?: string;
@@ -25,7 +24,8 @@ interface Ignore {
   testing_regex?: string;
 }
 
-import { FtrProviderContext } from '../../../../../ftr_provider_context';
+import { FtrProviderContext } from '../../../../../../ftr_provider_context';
+import { getEqlRuleForAlertTesting } from '../../../../utils';
 export default ({ getService }: FtrProviderContext): void => {
   /**
    * See the config file (config.ts) for which field values were added to be ignored

x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/general_logic/trial_license_complete_tier/index.ts

@@ -5,14 +5,15 @@
  * 2.0.
  */
 
-import { FtrProviderContext } from '../../../../../ftr_provider_context';
+import { FtrProviderContext } from '../../../../../../ftr_provider_context';
 
 export default function ({ loadTestFile }: FtrProviderContext) {
   describe('Rule execution logic API', function () {
     loadTestFile(require.resolve('./keyword_family'));
     loadTestFile(require.resolve('./ignore_fields'));
     loadTestFile(require.resolve('./runtime'));
-    loadTestFile(require.resolve('./execution_logic'));
+    loadTestFile(require.resolve('./non_ecs_fields'));
+    loadTestFile(require.resolve('./synthetic_source'));
     loadTestFile(require.resolve('./timestamps'));
   });
 }

x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/general_logic/trial_license_complete_tier/keyword_family/const_keyword.ts

@@ -13,7 +13,7 @@ import {
 } from '@kbn/security-solution-plugin/common/api/detection_engine';
 import { ALERT_THRESHOLD_RESULT } from '@kbn/security-solution-plugin/common/field_maps/field_names';
 
-import { getEqlRuleForAlertTesting, getThresholdRuleForAlertTesting } from '../../../../utils';
+import { getEqlRuleForAlertTesting, getThresholdRuleForAlertTesting } from '../../../../../utils';
 import {
   createRule,
   createAlertsIndex,
@@ -23,8 +23,8 @@ import {
   getAlertsById,
   waitForRuleSuccess,
   waitForAlertsToBePresent,
-} from '../../../../../../../common/utils/security_solution';
-import { FtrProviderContext } from '../../../../../../ftr_provider_context';
+} from '../../../../../../../../common/utils/security_solution';
+import { FtrProviderContext } from '../../../../../../../ftr_provider_context';
 
 export default ({ getService }: FtrProviderContext) => {
   const supertest = getService('supertest');

x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/general_logic/trial_license_complete_tier/keyword_family/index.ts

@@ -5,7 +5,7 @@
  * 2.0.
  */
 
-import { FtrProviderContext } from '../../../../../../ftr_provider_context';
+import { FtrProviderContext } from '../../../../../../../ftr_provider_context';
 
 export default ({ loadTestFile }: FtrProviderContext): void => {
   describe('Detection Engine - Execution Logic - keyword family data types', function () {

x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/general_logic/trial_license_complete_tier/keyword_family/keyword.ts

@@ -14,7 +14,7 @@ import {
   ThresholdRuleCreateProps,
 } from '@kbn/security-solution-plugin/common/api/detection_engine';
 import { ALERT_THRESHOLD_RESULT } from '@kbn/security-solution-plugin/common/field_maps/field_names';
-import { getEqlRuleForAlertTesting, getThresholdRuleForAlertTesting } from '../../../../utils';
+import { getEqlRuleForAlertTesting, getThresholdRuleForAlertTesting } from '../../../../../utils';
 import {
   createRule,
   createAlertsIndex,
@@ -24,8 +24,8 @@ import {
   getAlertsById,
   waitForRuleSuccess,
   waitForAlertsToBePresent,
-} from '../../../../../../../common/utils/security_solution';
-import { FtrProviderContext } from '../../../../../../ftr_provider_context';
+} from '../../../../../../../../common/utils/security_solution';
+import { FtrProviderContext } from '../../../../../../../ftr_provider_context';
 
 export default ({ getService }: FtrProviderContext) => {
   const supertest = getService('supertest');

x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/general_logic/trial_license_complete_tier/keyword_family/keyword_mixed_with_const.ts

@@ -13,7 +13,7 @@ import {
 } from '@kbn/security-solution-plugin/common/api/detection_engine';
 import { ALERT_THRESHOLD_RESULT } from '@kbn/security-solution-plugin/common/field_maps/field_names';
 
-import { getEqlRuleForAlertTesting } from '../../../../utils';
+import { getEqlRuleForAlertTesting } from '../../../../../utils';
 import {
   createRule,
   createAlertsIndex,
@@ -23,8 +23,8 @@ import {
   getAlertsById,
   waitForRuleSuccess,
   waitForAlertsToBePresent,
-} from '../../../../../../../common/utils/security_solution';
-import { FtrProviderContext } from '../../../../../../ftr_provider_context';
+} from '../../../../../../../../common/utils/security_solution';
+import { FtrProviderContext } from '../../../../../../../ftr_provider_context';
 
 export default ({ getService }: FtrProviderContext) => {
   const supertest = getService('supertest');

x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/general_logic/trial_license_complete_tier/runtime.ts

@@ -17,8 +17,8 @@ import {
   getAlertsById,
   waitForRuleSuccess,
   waitForAlertsToBePresent,
-} from '../../../../../../common/utils/security_solution';
-import { FtrProviderContext } from '../../../../../ftr_provider_context';
+} from '../../../../../../../common/utils/security_solution';
+import { FtrProviderContext } from '../../../../../../ftr_provider_context';
 
 export default ({ getService }: FtrProviderContext) => {
   const supertest = getService('supertest');

x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/general_logic/trial_license_complete_tier/timestamps.ts

@@ -14,7 +14,7 @@ import {
 } from '@kbn/security-solution-plugin/common/api/detection_engine';
 import { ALERT_ORIGINAL_TIME } from '@kbn/security-solution-plugin/common/field_maps/field_names';
 
-import { getAlerts, getEqlRuleForAlertTesting } from '../../../utils';
+import { getAlerts, getEqlRuleForAlertTesting } from '../../../../utils';
 import {
   createAlertsIndex,
   deleteAllRules,
@@ -25,9 +25,9 @@ import {
   getRuleForAlertTesting,
   getAlertsByIds,
   waitForRulePartialFailure,
-} from '../../../../../../common/utils/security_solution';
-import { FtrProviderContext } from '../../../../../ftr_provider_context';
-import { EsArchivePathBuilder } from '../../../../../es_archive_path_builder';
+} from '../../../../../../../common/utils/security_solution';
+import { FtrProviderContext } from '../../../../../../ftr_provider_context';
+import { EsArchivePathBuilder } from '../../../../../../es_archive_path_builder';
 
 export default ({ getService }: FtrProviderContext) => {
   const supertest = getService('supertest');

x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/indicator_match/trial_license_complete_tier/configs/ess.config.ts

@@ -0,0 +1,23 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { FtrConfigProviderContext } from '@kbn/test';
+
+export default async function ({ readConfigFile }: FtrConfigProviderContext) {
+  const functionalConfig = await readConfigFile(
+    require.resolve('../../../../../../../config/ess/config.base.trial')
+  );
+
+  return {
+    ...functionalConfig.getAll(),
+    testFiles: [require.resolve('..')],
+    junit: {
+      reportName:
+        'Detection Engine - IM Rule Execution Logic Integration Tests - ESS Env - Trial License',
+    },
+  };
+}

x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/indicator_match/trial_license_complete_tier/configs/serverless.config.ts

@@ -0,0 +1,21 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import { createTestConfig } from '../../../../../../../config/serverless/config.base';
+
+export default createTestConfig({
+  testFiles: [require.resolve('..')],
+  junit: {
+    reportName:
+      'Detection Engine - IM Rule Execution Logic Integration Tests - Serverless Env - Complete Tier',
+  },
+  kbnTestServerArgs: [
+    `--xpack.securitySolution.alertIgnoreFields=${JSON.stringify([
+      'testing_ignored.constant',
+      '/testing_regex*/',
+    ])}`, // See tests within the file "ignore_fields.ts" which use these values in "alertIgnoreFields"
+  ],
+});

x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/indicator_match/trial_license_complete_tier/index.ts

@@ -0,0 +1,15 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { FtrProviderContext } from '../../../../../../ftr_provider_context';
+
+export default function ({ loadTestFile }: FtrProviderContext) {
+  describe('Indicator match execution logic API', function () {
+    loadTestFile(require.resolve('./indicator_match'));
+    loadTestFile(require.resolve('./indicator_match_alert_suppression'));
+  });
+}

x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/machine_learning/trial_license_complete_tier/configs/ess.config.ts

@@ -0,0 +1,23 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { FtrConfigProviderContext } from '@kbn/test';
+
+export default async function ({ readConfigFile }: FtrConfigProviderContext) {
+  const functionalConfig = await readConfigFile(
+    require.resolve('../../../../../../../config/ess/config.base.trial')
+  );
+
+  return {
+    ...functionalConfig.getAll(),
+    testFiles: [require.resolve('..')],
+    junit: {
+      reportName:
+        'Detection Engine - Machine Learning Rule Execution Logic Integration Tests - ESS Env - Trial License',
+    },
+  };
+}

x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/machine_learning/trial_license_complete_tier/configs/serverless.config.ts

@@ -0,0 +1,21 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import { createTestConfig } from '../../../../../../../config/serverless/config.base';
+
+export default createTestConfig({
+  testFiles: [require.resolve('..')],
+  junit: {
+    reportName:
+      'Detection Engine - Machine Learning Rule Execution Logic Integration Tests - Serverless Env - Complete Tier',
+  },
+  kbnTestServerArgs: [
+    `--xpack.securitySolution.alertIgnoreFields=${JSON.stringify([
+      'testing_ignored.constant',
+      '/testing_regex*/',
+    ])}`, // See tests within the file "ignore_fields.ts" which use these values in "alertIgnoreFields"
+  ],
+});

x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/machine_learning/trial_license_complete_tier/index.ts

@@ -0,0 +1,16 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { FtrProviderContext } from '../../../../../../ftr_provider_context';
+
+export default function ({ loadTestFile }: FtrProviderContext) {
+  describe('Machine learning rule execution logic API', function () {
+    loadTestFile(require.resolve('./machine_learning'));
+    loadTestFile(require.resolve('./machine_learning_alert_suppression'));
+    loadTestFile(require.resolve('./machine_learning_manual_run'));
+  });
+}

x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/machine_learning/trial_license_complete_tier/machine_learning.ts

@@ -53,7 +53,7 @@ import {
 } from '../../../../../../../common/utils/security_solution';
 import { FtrProviderContext } from '../../../../../../ftr_provider_context';
 import { EsArchivePathBuilder } from '../../../../../../es_archive_path_builder';
-import { getMetricsRequest, getMetricsWithRetry } from './utils';
+import { getMetricsRequest, getMetricsWithRetry } from '../../utils';
 
 export default ({ getService }: FtrProviderContext) => {
   const supertest = getService('supertest');

x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/new_terms/trial_license_complete_tier/configs/ess.config.ts

@@ -0,0 +1,23 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { FtrConfigProviderContext } from '@kbn/test';
+
+export default async function ({ readConfigFile }: FtrConfigProviderContext) {
+  const functionalConfig = await readConfigFile(
+    require.resolve('../../../../../../../config/ess/config.base.trial')
+  );
+
+  return {
+    ...functionalConfig.getAll(),
+    testFiles: [require.resolve('..')],
+    junit: {
+      reportName:
+        'Detection Engine - New Terms Rule Execution Logic Integration Tests - ESS Env - Trial License',
+    },
+  };
+}

x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/new_terms/trial_license_complete_tier/configs/serverless.config.ts

@@ -0,0 +1,21 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import { createTestConfig } from '../../../../../../../config/serverless/config.base';
+
+export default createTestConfig({
+  testFiles: [require.resolve('..')],
+  junit: {
+    reportName:
+      'Detection Engine - New Terms Rule Execution Logic Integration Tests - Serverless Env - Complete Tier',
+  },
+  kbnTestServerArgs: [
+    `--xpack.securitySolution.alertIgnoreFields=${JSON.stringify([
+      'testing_ignored.constant',
+      '/testing_regex*/',
+    ])}`, // See tests within the file "ignore_fields.ts" which use these values in "alertIgnoreFields"
+  ],
+});

x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/new_terms/trial_license_complete_tier/index.ts

@@ -0,0 +1,15 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { FtrProviderContext } from '../../../../../../ftr_provider_context';
+
+export default function ({ loadTestFile }: FtrProviderContext) {
+  describe('New terms rule execution logic API', function () {
+    loadTestFile(require.resolve('./new_terms'));
+    loadTestFile(require.resolve('./new_terms_alert_suppression'));
+  });
+}

x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/query/trial_license_complete_tier/configs/ess.config.ts

@@ -0,0 +1,23 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { FtrConfigProviderContext } from '@kbn/test';
+
+export default async function ({ readConfigFile }: FtrConfigProviderContext) {
+  const functionalConfig = await readConfigFile(
+    require.resolve('../../../../../../../config/ess/config.base.trial')
+  );
+
+  return {
+    ...functionalConfig.getAll(),
+    testFiles: [require.resolve('..')],
+    junit: {
+      reportName:
+        'Detection Engine - Query Rule Execution Logic Integration Tests - ESS Env - Trial License',
+    },
+  };
+}

x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/query/trial_license_complete_tier/configs/serverless.config.ts

@@ -0,0 +1,21 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import { createTestConfig } from '../../../../../../../config/serverless/config.base';
+
+export default createTestConfig({
+  testFiles: [require.resolve('..')],
+  junit: {
+    reportName:
+      'Detection Engine - Query Rule Execution Logic Integration Tests - Serverless Env - Complete Tier',
+  },
+  kbnTestServerArgs: [
+    `--xpack.securitySolution.alertIgnoreFields=${JSON.stringify([
+      'testing_ignored.constant',
+      '/testing_regex*/',
+    ])}`, // See tests within the file "ignore_fields.ts" which use these values in "alertIgnoreFields"
+  ],
+});

x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/query/trial_license_complete_tier/index.ts

@@ -0,0 +1,15 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { FtrProviderContext } from '../../../../../../ftr_provider_context';
+
+export default function ({ loadTestFile }: FtrProviderContext) {
+  describe('Query rule execution logic API', function () {
+    loadTestFile(require.resolve('./custom_query'));
+    loadTestFile(require.resolve('./saved_query'));
+  });
+}

x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/threshold/trial_license_complete_tier/configs/ess.config.ts

@@ -0,0 +1,23 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { FtrConfigProviderContext } from '@kbn/test';
+
+export default async function ({ readConfigFile }: FtrConfigProviderContext) {
+  const functionalConfig = await readConfigFile(
+    require.resolve('../../../../../../../config/ess/config.base.trial')
+  );
+
+  return {
+    ...functionalConfig.getAll(),
+    testFiles: [require.resolve('..')],
+    junit: {
+      reportName:
+        'Detection Engine - Threshold Rule Execution Logic Integration Tests - ESS Env - Trial License',
+    },
+  };
+}

x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/threshold/trial_license_complete_tier/configs/serverless.config.ts

@@ -0,0 +1,21 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import { createTestConfig } from '../../../../../../../config/serverless/config.base';
+
+export default createTestConfig({
+  testFiles: [require.resolve('..')],
+  junit: {
+    reportName:
+      'Detection Engine - Threshold Rule Execution Logic Integration Tests - Serverless Env - Complete Tier',
+  },
+  kbnTestServerArgs: [
+    `--xpack.securitySolution.alertIgnoreFields=${JSON.stringify([
+      'testing_ignored.constant',
+      '/testing_regex*/',
+    ])}`, // See tests within the file "ignore_fields.ts" which use these values in "alertIgnoreFields"
+  ],
+});

x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/threshold/trial_license_complete_tier/index.ts

@@ -0,0 +1,15 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { FtrProviderContext } from '../../../../../../ftr_provider_context';
+
+export default function ({ loadTestFile }: FtrProviderContext) {
+  describe('Threshold rule execution logic API', function () {
+    loadTestFile(require.resolve('./threshold'));
+    loadTestFile(require.resolve('./threshold_alert_suppression'));
+  });
+}

x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/index.ts

@@ -1,30 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { FtrProviderContext } from '../../../../../../ftr_provider_context';
-
-export default ({ loadTestFile }: FtrProviderContext): void => {
-  describe('Detection Engine - Execution logic', function () {
-    loadTestFile(require.resolve('./eql'));
-    loadTestFile(require.resolve('./eql_alert_suppression'));
-    loadTestFile(require.resolve('./esql'));
-    loadTestFile(require.resolve('./esql_suppression'));
-    loadTestFile(require.resolve('./machine_learning'));
-    loadTestFile(require.resolve('./machine_learning_alert_suppression'));
-    loadTestFile(require.resolve('./machine_learning_manual_run'));
-    loadTestFile(require.resolve('./new_terms'));
-    loadTestFile(require.resolve('./new_terms_alert_suppression'));
-    loadTestFile(require.resolve('./saved_query'));
-    loadTestFile(require.resolve('./indicator_match'));
-    loadTestFile(require.resolve('./indicator_match_alert_suppression'));
-    loadTestFile(require.resolve('./threshold'));
-    loadTestFile(require.resolve('./threshold_alert_suppression'));
-    loadTestFile(require.resolve('./synthetic_source'));
-    loadTestFile(require.resolve('./non_ecs_fields'));
-    loadTestFile(require.resolve('./custom_query'));
-  });
-};