[Security Solution] Refactor prebuilt rules integration tests (#219831)

**Related Epic:** https://github.com/elastic/kibana/issues/179907 ## Summary This PR refactors prebuilt rules integration tests structure to streamline the implementation of test plans targeted [Prebuilt Rules Customization Milestone 4](https://github.com/elastic/kibana/issues/179907). ## Details Existing integration tests structure have prebuilt rules related integration tests scattered around rules management area. Due to historical reasons and pace of the prebuilt rules customization development some old tests were updated, some new were added as random spots as well as some new tests structure was suggested. This PR moves files and some tests around to the following structure - `test_suites/detection_response/rules_management/prebuilt_rules` is the root folder for prebuilt rules related integration tests - `customization_disabled` subfolder contains prebuilt rules integration tests covering scenarios when users have **insufficient** for customization license level (basic/essentials) - `customization_enabled` subfolder contains prebuilt rules integration tests covering scenarios when users have **sufficient** for customization license level - `customization_disabled` and `customization_enabled` subfoldera have test suites grouped by sub domains - `prebuilt_rules_package` - contains integration tests related to detection rules Fleet package installation and updating, bootstrap is also belong to here - `install_prebuilt_rules` - contains tests related to prebuilt rules installation from prebuilt rule assets - `upgrade_prebuilt_rules` - contains tests related to prebuilt rules upgrade workflow - `customization` - contains tests related to prebuilt rules customization including `is_customized` calculation - `import_export` - contains tests related to exporting and importing customized and non-customized prebuilt rules - `status` - contain status endpoints related tests
2025-06-27 10:40:07 -04:00 · 2025-05-30 12:23:45 +02:00 · 2025-05-30 12:23:45 +02:00 · 3ea69afa83
commit 3ea69afa83
parent 24492f19fc
116 changed files with 1276 additions and 1635 deletions
--- a/.buildkite/ftr_security_serverless_configs.yml
+++ b/.buildkite/ftr_security_serverless_configs.yml
@ -19,7 +19,7 @@ disabled:
  # MKI only configs files
  - x-pack/test_serverless/functional/test_suites/security/config.mki_only.ts

-defaultQueue: "n2-4-spot"
+defaultQueue: 'n2-4-spot'
 enabled:
  - x-pack/test_serverless/api_integration/test_suites/security/config.ts
  - x-pack/test_serverless/api_integration/test_suites/security/config.feature_flags.ts
@ -76,22 +76,15 @@ enabled:
  - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_patch/basic_license_essentials_tier/configs/serverless.config.ts
  - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/trial_license_complete_tier/configs/serverless.config.ts
  - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/basic_license_essentials_tier/configs/serverless.config.ts
-  - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/bundled_prebuilt_rules_package/trial_license_complete_tier/configs/serverless.config.ts
-  - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/large_prebuilt_rules_package/trial_license_complete_tier/configs/serverless.config.ts
-  - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/configs/serverless.config.ts
-  - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/update_prebuilt_rules_package/trial_license_complete_tier/configs/serverless.config.ts
-  - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/configs/serverless.config.ts
-  - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/configs/serverless.config.ts
-  - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/configs/serverless.config.ts
-  - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/configs/serverless_essentials_tier.config.ts
+  - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/configs/serverless_essentials_tier.config.ts
+  - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/configs/serverless.config.ts
+  - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/configs/serverless.config.ts
+  - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/configs/serverless.config.ts
  - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/configs/serverless.config.ts
  - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/trial_license_complete_tier/configs/serverless.config.ts
  - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/basic_license_essentials_tier/configs/serverless.config.ts
  - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/trial_license_complete_tier/configs/serverless.config.ts
  - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/basic_license_essentials_tier/configs/serverless.config.ts
-  - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_enabled/configs/serverless_essentials_tier.config.ts
-  - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_enabled/configs/serverless_complete_tier.config.ts
-  - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/configs/serverless_essentials_tier.config.ts
  - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_management/basic_license_essentials_tier/configs/serverless.config.ts
  - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_management/trial_license_complete_tier/configs/serverless.config.ts
  - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/trial_license_complete_tier/configs/serverless.config.ts
--- a/.buildkite/ftr_security_stateful_configs.yml
+++ b/.buildkite/ftr_security_stateful_configs.yml
@ -59,23 +59,18 @@ enabled:
  - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_patch/basic_license_essentials_tier/configs/ess.config.ts
  - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/trial_license_complete_tier/configs/ess.config.ts
  - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/basic_license_essentials_tier/configs/ess.config.ts
-  - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/bundled_prebuilt_rules_package/trial_license_complete_tier/configs/ess.config.ts
-  - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/large_prebuilt_rules_package/trial_license_complete_tier/configs/ess.config.ts
-  - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/configs/ess.config.ts
-  - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/update_prebuilt_rules_package/trial_license_complete_tier/configs/ess.config.ts
-  - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/configs/ess.config.ts
-  - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/configs/ess.config.ts
-  - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/configs/ess.config.ts
-  - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/configs/ess_basic_license.config.ts
+  - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/configs/ess_basic_license.config.ts
+  - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/configs/ess.config.ts
+  - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/configs/ess.config.ts
+  - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/configs/ess.config.ts
+  - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/air_gapped/configs/ess_air_gapped_large_package.config.ts
+  - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/air_gapped/configs/ess_air_gapped.config.ts
  - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/configs/ess.config.ts
  - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/trial_license_complete_tier/configs/ess.config.ts
  - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/basic_license_essentials_tier/configs/ess.config.ts
  - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/trial_license_complete_tier/configs/ess.config.ts
  - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/basic_license_essentials_tier/configs/ess.config.ts
  - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_management/basic_license_essentials_tier/configs/ess.config.ts
-  - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_enabled/configs/ess_basic_license.config.ts
-  - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_enabled/configs/ess_enterprise_license.config.ts
-  - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/configs/ess_basic_license.config.ts
  - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_management/trial_license_complete_tier/configs/ess.config.ts
  - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/trial_license_complete_tier/configs/ess.config.ts
  - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/basic_license_essentials_tier/configs/ess.config.ts
--- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/model/rule_assets/prebuilt_rule_asset.mock.ts
+++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/model/rule_assets/prebuilt_rule_asset.mock.ts
@ -33,6 +33,7 @@ export const getPrebuiltRuleMock = (rewrites?: Partial<PrebuiltRuleAsset>): Preb
    version: 1,
    author: [],
    license: 'Elastic License v2',
+    index: ['index-1', 'index-2'],
    ...rewrites,
  });
 };
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/bundled_prebuilt_rules_package/trial_license_complete_tier/configs/serverless.config.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/bundled_prebuilt_rules_package/trial_license_complete_tier/configs/serverless.config.ts
@ -1,29 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import path from 'path';
-import { createTestConfig } from '../../../../../../../config/serverless/config.base';
-
-export const BUNDLED_PACKAGE_DIR = path.join(
-  path.dirname(__filename),
-  './../fleet_bundled_packages/fixtures'
-);
-export default createTestConfig({
-  testFiles: [require.resolve('..')],
-  junit: {
-    reportName:
-      'Rules Management - Bundled Prebuilt Rules Integration Tests - Serverless Env - Complete License',
-  },
-  kbnTestServerArgs: [
-    /*  Tests in this directory simulate an air-gapped environment in which the instance doesn't have access to EPR.
-     *  To do that, we point the Fleet url to an invalid URL, and instruct Fleet to fetch bundled packages at the
-     *  location defined in BUNDLED_PACKAGE_DIR.
-     */
-    `--xpack.fleet.registryUrl=http://invalidURL:8080`,
-    `--xpack.fleet.developer.bundledPackageLocation=${BUNDLED_PACKAGE_DIR}`,
-  ],
-});
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/configs/ess_basic_license.config.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/configs/ess_basic_license.config.ts
@ -9,7 +9,7 @@ import { FtrConfigProviderContext } from '@kbn/test';

 export default async function ({ readConfigFile }: FtrConfigProviderContext) {
  const functionalConfig = await readConfigFile(
-    require.resolve('../../../../../../../config/ess/config.base.trial')
+    require.resolve('../../../../../../config/ess/config.base.basic')
  );

  const testConfig = {
@ -17,7 +17,7 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) {
    testFiles: [require.resolve('..')],
    junit: {
      reportName:
-        'Rules Management - Prebuilt Rule Export Integration Tests - Customization enabled - ESS Env',
+        'Rules Management - Prebuilt Rules (Customization Disabled) Integration Tests - ESS Env Basic License',
    },
  };

--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/configs/serverless_essentials_tier.config.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/configs/serverless_essentials_tier.config.ts
@ -5,12 +5,12 @@
 * 2.0.
 */

-import { createTestConfig } from '../../../../../../../config/serverless/config.base.essentials';
+import { createTestConfig } from '../../../../../../config/serverless/config.base.essentials';

 export default createTestConfig({
  testFiles: [require.resolve('..')],
  junit: {
    reportName:
-      'Rules Management - Prebuilt Rule Export Integration Tests - Customization enabled - Serverless Env',
+      'Rules Management - Prebuilt Rules (Customization Disabled) Integration Tests - Serverless Env Essentials Tier',
  },
 });
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/is_customized_calculation.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/is_customized_calculation.ts
@ -29,7 +29,7 @@ export default ({ getService }: FtrProviderContext) => {
    rule_id: 'test-rule-id',
  });

-  describe('@ess @serverless @skipInServerlessMKI is_customized calculation with disabled customization', () => {
+  describe('@ess @serverless @skipInServerlessMKI Calculate "is_customized"', () => {
    beforeEach(async () => {
      await deleteAllRules(supertest, log);
      await deleteAllPrebuiltRuleAssets(es, log);
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/customization/customize_via_bulk_editing.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/customization/customize_via_bulk_editing.ts
@ -0,0 +1,165 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import expect from 'expect';
+import {
+  BulkActionTypeEnum,
+  BulkActionEditTypeEnum,
+  BulkActionEditPayload,
+} from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management';
+import { installMockPrebuiltRules } from '../../../../utils';
+import { FtrProviderContext } from '../../../../../../ftr_provider_context';
+
+export default ({ getService }: FtrProviderContext): void => {
+  const supertest = getService('supertest');
+  const es = getService('es');
+  const securitySolutionApi = getService('securitySolutionApi');
+
+  const fetchPrebuiltRule = async () => {
+    const {
+      body: {
+        data: [prebuiltRule],
+      },
+    } = await securitySolutionApi.findRules({
+      query: {
+        filter: 'alert.attributes.params.immutable: true',
+        per_page: 1,
+      },
+    });
+
+    return prebuiltRule;
+  };
+
+  describe('@ess @serverless @skipInServerless Customize via bulk editing', () => {
+    const bulkEditingCases = [
+      {
+        type: BulkActionEditTypeEnum.add_tags,
+        value: ['new-tag'],
+      },
+      {
+        type: BulkActionEditTypeEnum.set_tags,
+        value: ['new-tag'],
+      },
+      {
+        type: BulkActionEditTypeEnum.delete_tags,
+        value: ['new-tag'],
+      },
+      {
+        type: BulkActionEditTypeEnum.add_index_patterns,
+        value: ['test-*'],
+      },
+      {
+        type: BulkActionEditTypeEnum.set_index_patterns,
+        value: ['test-*'],
+      },
+      {
+        type: BulkActionEditTypeEnum.delete_index_patterns,
+        // We have to make sure rule has non empty index patterns after this action
+        // otherwise API returns 500 error
+        value: ['unknown-*'],
+      },
+      {
+        type: BulkActionEditTypeEnum.set_timeline,
+        value: { timeline_id: 'mock-id', timeline_title: 'mock-title' },
+      },
+      {
+        type: BulkActionEditTypeEnum.set_schedule,
+        value: { interval: '1m', lookback: '1m' },
+      },
+    ];
+
+    bulkEditingCases.forEach(({ type, value }) => {
+      it(`returns an error after applying "${type}" bulk edit action to prebuilt rules`, async () => {
+        await installMockPrebuiltRules(supertest, es);
+
+        const prebuiltRule = await fetchPrebuiltRule();
+
+        await securitySolutionApi
+          .performRulesBulkAction({
+            query: {},
+            body: {
+              ids: [prebuiltRule.id],
+              action: BulkActionTypeEnum.edit,
+              [BulkActionTypeEnum.edit]: [
+                {
+                  type,
+                  value,
+                } as BulkActionEditPayload,
+              ],
+            },
+          })
+          .expect(500);
+      });
+    });
+
+    // if rule action is applied together with another edit action, that can't be applied to prebuilt rule (for example: tags action)
+    // bulk edit request should return error
+    it(`returns an error if one of edit action is not eligible for prebuilt rule`, async () => {
+      const webHookAction = {
+        // Higher license level is required for creating connectors
+        // Using the pre-configured connector for testing
+        id: 'my-test-email',
+        group: 'default',
+        params: {
+          body: '{"test":"action to be saved in a rule"}',
+        },
+      };
+
+      await installMockPrebuiltRules(supertest, es);
+      const prebuiltRule = await fetchPrebuiltRule();
+
+      const { body } = await securitySolutionApi
+        .performRulesBulkAction({
+          query: {},
+          body: {
+            ids: [prebuiltRule.id],
+            action: BulkActionTypeEnum.edit,
+            [BulkActionTypeEnum.edit]: [
+              {
+                type: BulkActionEditTypeEnum.set_rule_actions,
+                value: {
+                  throttle: '1h',
+                  actions: [webHookAction],
+                },
+              },
+              {
+                type: BulkActionEditTypeEnum.set_tags,
+                value: ['tag-1'],
+              },
+            ],
+          },
+        })
+        .expect(500);
+
+      expect(body.attributes.summary).toEqual({
+        failed: 1,
+        skipped: 0,
+        succeeded: 0,
+        total: 1,
+      });
+      expect(body.attributes.errors[0]).toEqual({
+        message: "Elastic rule can't be edited",
+        status_code: 500,
+        rules: [
+          {
+            id: prebuiltRule.id,
+            name: prebuiltRule.name,
+          },
+        ],
+      });
+
+      // Check that the updates were not made
+      const { body: readRule } = await securitySolutionApi
+        .readRule({ query: { rule_id: prebuiltRule.rule_id } })
+        .expect(200);
+
+      expect(readRule.actions).toEqual(prebuiltRule.actions);
+      expect(readRule.tags).toEqual(prebuiltRule.tags);
+      expect(readRule.version).toBe(prebuiltRule.version);
+    });
+  });
+};
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/update_prebuilt_rules_package/trial_license_complete_tier/index.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/update_prebuilt_rules_package/trial_license_complete_tier/index.ts
@ -8,7 +8,6 @@
 import { FtrProviderContext } from '../../../../../../ftr_provider_context';

 export default ({ loadTestFile }: FtrProviderContext): void => {
-  describe('Rules Management - Prebuilt Rules - Update Prebuilt Rules Package', function () {
-    loadTestFile(require.resolve('./update_prebuilt_rules_package'));
-  });
+  loadTestFile(require.resolve('./calculate_is_customized'));
+  loadTestFile(require.resolve('./customize_via_bulk_editing'));
 };
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/rules_export/export_prebuilt_rules.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/rules_export/export_prebuilt_rules.ts
@ -7,7 +7,7 @@

 import expect from 'expect';
 import { BulkActionTypeEnum } from '@kbn/security-solution-plugin/common/api/detection_engine';
-import { FtrProviderContext } from '../../../../../../../ftr_provider_context';
+import { FtrProviderContext } from '../../../../../../ftr_provider_context';
 import {
  binaryToString,
  createPrebuiltRuleAssetSavedObjects,
@ -15,8 +15,8 @@ import {
  deleteAllPrebuiltRuleAssets,
  installPrebuiltRules,
  parseNdJson,
-} from '../../../../../utils';
-import { deleteAllRules } from '../../../../../../../../common/utils/security_solution';
+} from '../../../../utils';
+import { deleteAllRules } from '../../../../../../../common/utils/security_solution';

 export default ({ getService }: FtrProviderContext): void => {
  const es = getService('es');
@ -24,7 +24,7 @@ export default ({ getService }: FtrProviderContext): void => {
  const supertest = getService('supertest');
  const log = getService('log');

-  describe('@ess @serverless @skipInServerlessMKI Prebuilt rule export - feature disabled', () => {
+  describe('@ess @serverless @skipInServerlessMKI Prebuilt rules export', () => {
    beforeEach(async () => {
      await deleteAllRules(supertest, log);
      await deleteAllPrebuiltRuleAssets(es, log);
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/large_prebuilt_rules_package/trial_license_complete_tier/index.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/large_prebuilt_rules_package/trial_license_complete_tier/index.ts
@ -8,7 +8,5 @@
 import { FtrProviderContext } from '../../../../../../ftr_provider_context';

 export default ({ loadTestFile }: FtrProviderContext): void => {
-  describe('Rules Management - Prebuilt Rules - Large Prebuilt Rules Package', function () {
-    loadTestFile(require.resolve('./install_large_prebuilt_rules_package'));
-  });
+  loadTestFile(require.resolve('./export_prebuilt_rules'));
 };
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/index.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/index.ts
@ -0,0 +1,17 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { FtrProviderContext } from '../../../../../ftr_provider_context';
+
+export default ({ loadTestFile }: FtrProviderContext): void => {
+  describe('Rules Management - Prebuilt Rules - Prebuilt Rule (Customization Disabled)', function () {
+    this.tags('skipFIPS');
+    loadTestFile(require.resolve('./customization'));
+    loadTestFile(require.resolve('./import_export'));
+    loadTestFile(require.resolve('./upgrade_prebuilt_rules'));
+  });
+};
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/upgrade_prebuilt_rules/index.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/upgrade_prebuilt_rules/index.ts
@ -7,8 +7,6 @@

 import { FtrProviderContext } from '../../../../../../ftr_provider_context';

-export default function ({ loadTestFile }: FtrProviderContext) {
-  describe('Rules Management - Prebuilt rule export', function () {
-    loadTestFile(require.resolve('./export_prebuilt_rules_feature_enabled'));
-  });
-}
+export default ({ loadTestFile }: FtrProviderContext): void => {
+  loadTestFile(require.resolve('./upgrade_prebuilt_rules'));
+};
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/upgrade_perform_prebuilt_rules.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/upgrade_perform_prebuilt_rules.ts
@ -43,7 +43,7 @@ export default ({ getService }: FtrProviderContext): void => {
  const supertest = getService('supertest');
  const log = getService('log');

-  describe('@ess @serverless @skipInServerlessMKI Perform Prebuilt Rule Upgrades - Customization Disabled', () => {
+  describe('@ess @serverless @skipInServerlessMKI Upgrade prebuilt rules', () => {
    beforeEach(async () => {
      await deleteAllRules(supertest, log);
      await deleteAllPrebuiltRuleAssets(es, log);
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/configs/ess.config.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/configs/ess.config.ts
@ -9,7 +9,7 @@ import { FtrConfigProviderContext } from '@kbn/test';

 export default async function ({ readConfigFile }: FtrConfigProviderContext) {
  const functionalConfig = await readConfigFile(
-    require.resolve('../../../../../../../config/ess/config.base.trial')
+    require.resolve('../../../../../../config/ess/config.base.trial')
  );

  const testConfig = {
@ -17,7 +17,7 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) {
    testFiles: [require.resolve('..')],
    junit: {
      reportName:
-        'Rules Management - Prebuilt Rule Customization Enabled Integration Tests - ESS Env',
+        'Rules Management - Prebuilt Rules (Customization Enabled) Integration Tests - ESS Env',
    },
  };

--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/configs/serverless.config.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/configs/serverless.config.ts
@ -5,12 +5,12 @@
 * 2.0.
 */

-import { createTestConfig } from '../../../../../../../config/serverless/config.base';
+import { createTestConfig } from '../../../../../../config/serverless/config.base';

 export default createTestConfig({
  testFiles: [require.resolve('..')],
  junit: {
    reportName:
-      'Rules Management - Prebuilt Rule Customization Enabled Integration Tests - Serverless Env',
+      'Rules Management - Prebuilt Rules (Customization Enabled) Integration Tests - Serverless Env',
  },
 });
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/customization/calculate_is_customized.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/customization/calculate_is_customized.ts
@ -0,0 +1,199 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import expect from 'expect';
+import {
+  BulkActionEditTypeEnum,
+  BulkActionTypeEnum,
+} from '@kbn/security-solution-plugin/common/api/detection_engine';
+import { deleteAllRules } from '../../../../../../../common/utils/security_solution';
+import { FtrProviderContext } from '../../../../../../ftr_provider_context';
+import {
+  createPrebuiltRuleAssetSavedObjects,
+  createRuleAssetSavedObject,
+  deleteAllPrebuiltRuleAssets,
+  installPrebuiltRules,
+} from '../../../../utils';
+
+export default ({ getService }: FtrProviderContext): void => {
+  const es = getService('es');
+  const supertest = getService('supertest');
+  const securitySolutionApi = getService('securitySolutionApi');
+  const log = getService('log');
+
+  const ruleAsset = createRuleAssetSavedObject({
+    rule_id: '000047bb-b27a-47ec-8b62-ef1a5d2c9e19',
+    tags: ['test-tag'],
+  });
+
+  describe('@ess @serverless @skipInServerlessMKI Calculate "is_customized"', () => {
+    beforeEach(async () => {
+      await deleteAllRules(supertest, log);
+      await deleteAllPrebuiltRuleAssets(es, log);
+    });
+
+    it('sets "is_customized" to true on bulk prebuilt rule modification', async () => {
+      await createPrebuiltRuleAssetSavedObjects(es, [ruleAsset]);
+      await installPrebuiltRules(es, supertest);
+
+      const { body: findResult } = await securitySolutionApi
+        .findRules({
+          query: {
+            per_page: 1,
+            filter: `alert.attributes.params.immutable: true`,
+          },
+        })
+        .expect(200);
+      const prebuiltRule = findResult.data[0];
+      expect(prebuiltRule).toBeDefined();
+      expect(prebuiltRule.rule_source.is_customized).toEqual(false);
+
+      const { body: bulkResult } = await securitySolutionApi
+        .performRulesBulkAction({
+          query: {},
+          body: {
+            ids: [prebuiltRule.id],
+            action: BulkActionTypeEnum.edit,
+            [BulkActionTypeEnum.edit]: [
+              {
+                type: BulkActionEditTypeEnum.add_tags,
+                value: ['new-tag'],
+              },
+            ],
+          },
+        })
+        .expect(200);
+
+      expect(bulkResult.attributes.summary).toEqual({
+        failed: 0,
+        skipped: 0,
+        succeeded: 1,
+        total: 1,
+      });
+      expect(bulkResult.attributes.results.updated[0].rule_source.is_customized).toEqual(true);
+    });
+
+    it('leaves "is_customized" intact if the change has been skipped', async () => {
+      await createPrebuiltRuleAssetSavedObjects(es, [ruleAsset]);
+      await installPrebuiltRules(es, supertest);
+
+      const { body: findResult } = await securitySolutionApi
+        .findRules({
+          query: {
+            per_page: 1,
+            filter: `alert.attributes.params.immutable: true`,
+          },
+        })
+        .expect(200);
+      const prebuiltRule = findResult.data[0];
+      expect(prebuiltRule).toBeDefined();
+      expect(prebuiltRule.rule_source.is_customized).toEqual(false);
+
+      const { body: bulkResult } = await securitySolutionApi
+        .performRulesBulkAction({
+          query: {},
+          body: {
+            ids: [prebuiltRule.id],
+            action: BulkActionTypeEnum.edit,
+            [BulkActionTypeEnum.edit]: [
+              {
+                type: BulkActionEditTypeEnum.add_tags,
+                // This tag is already present on the rule, so the change will be skipped
+                value: [prebuiltRule.tags[0]],
+              },
+            ],
+          },
+        })
+        .expect(200);
+
+      expect(bulkResult.attributes.summary).toEqual({
+        failed: 0,
+        skipped: 1,
+        succeeded: 0,
+        total: 1,
+      });
+
+      // Check that the rule has not been customized
+      const { body: findResultAfter } = await securitySolutionApi
+        .findRules({
+          query: {
+            per_page: 1,
+            filter: `alert.attributes.params.immutable: true`,
+          },
+        })
+        .expect(200);
+      expect(findResultAfter.data[0].rule_source.is_customized).toEqual(false);
+    });
+
+    it('sets "is_customized" to false if the change has been reverted', async () => {
+      await createPrebuiltRuleAssetSavedObjects(es, [ruleAsset]);
+      await installPrebuiltRules(es, supertest);
+
+      const { body: findResult } = await securitySolutionApi
+        .findRules({
+          query: {
+            per_page: 1,
+            filter: `alert.attributes.params.immutable: true`,
+          },
+        })
+        .expect(200);
+      const prebuiltRule = findResult.data[0];
+      expect(prebuiltRule).toBeDefined();
+      expect(prebuiltRule.rule_source.is_customized).toEqual(false);
+
+      // Add a tag to the rule
+      const { body: bulkResult } = await securitySolutionApi
+        .performRulesBulkAction({
+          query: {},
+          body: {
+            ids: [prebuiltRule.id],
+            action: BulkActionTypeEnum.edit,
+            [BulkActionTypeEnum.edit]: [
+              {
+                type: BulkActionEditTypeEnum.add_tags,
+                value: ['new-tag'],
+              },
+            ],
+          },
+        })
+        .expect(200);
+
+      expect(bulkResult.attributes.summary).toEqual({
+        failed: 0,
+        skipped: 0,
+        succeeded: 1,
+        total: 1,
+      });
+
+      // Remove the added tag
+      const { body: revertResult } = await securitySolutionApi
+        .performRulesBulkAction({
+          query: {},
+          body: {
+            ids: [prebuiltRule.id],
+            action: BulkActionTypeEnum.edit,
+            [BulkActionTypeEnum.edit]: [
+              {
+                type: BulkActionEditTypeEnum.delete_tags,
+                value: ['new-tag'],
+              },
+            ],
+          },
+        })
+        .expect(200);
+
+      expect(revertResult.attributes.summary).toEqual({
+        failed: 0,
+        skipped: 0,
+        succeeded: 1,
+        total: 1,
+      });
+
+      expect(revertResult.attributes.results.updated[0].rule_source.is_customized).toEqual(false);
+    });
+  });
+};
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/rule_customization.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/rule_customization.ts
@ -29,7 +29,7 @@ export default ({ getService }: FtrProviderContext): void => {
    rule_id: 'rule_1',
  });

-  describe('@ess @serverless @skipInServerlessMKI rule customization', () => {
+  describe('@ess @serverless @skipInServerlessMKI Customize prebuilt rules', () => {
    before(async () => {
      await deleteAllRules(supertest, log);
      await deleteAllPrebuiltRuleAssets(es, log);
@ -389,7 +389,7 @@ export default ({ getService }: FtrProviderContext): void => {
        it('data_view_id field', async () => {
          const { body } = await securitySolutionApi
            .patchRule({
-              body: { rule_id: 'rule_1', data_view_id: 'new-data-view', index: undefined },
+              body: { rule_id: 'rule_1', data_view_id: 'new-data-view', index: [] },
            })
            .expect(200);

--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/customization/customize_via_bulk_editing.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/customization/customize_via_bulk_editing.ts
@ -0,0 +1,106 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import expect from 'expect';
+import {
+  BulkActionTypeEnum,
+  BulkActionEditTypeEnum,
+  BulkActionEditPayload,
+} from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management';
+import { deleteAllRules } from '../../../../../../../common/utils/security_solution';
+import { deleteAllPrebuiltRuleAssets, installMockPrebuiltRules } from '../../../../utils';
+import { FtrProviderContext } from '../../../../../../ftr_provider_context';
+
+export default ({ getService }: FtrProviderContext): void => {
+  const supertest = getService('supertest');
+  const es = getService('es');
+  const securitySolutionApi = getService('securitySolutionApi');
+  const log = getService('log');
+
+  describe('@ess @serverless @skipInServerless Customize via bulk editing', () => {
+    before(async () => {
+      await deleteAllRules(supertest, log);
+      await deleteAllPrebuiltRuleAssets(es, log);
+    });
+
+    const bulkEditingCases = [
+      {
+        type: BulkActionEditTypeEnum.add_tags,
+        value: ['new-tag'],
+      },
+      {
+        type: BulkActionEditTypeEnum.set_tags,
+        value: ['new-tag'],
+      },
+      {
+        type: BulkActionEditTypeEnum.delete_tags,
+        value: ['test-tag'],
+      },
+      {
+        type: BulkActionEditTypeEnum.delete_index_patterns,
+        // Testing index pattern removal requires as minimum of two index patterns
+        // to have a valid rule after the edit.
+        value: ['index-1'],
+      },
+      {
+        type: BulkActionEditTypeEnum.add_index_patterns,
+        value: ['test-*'],
+      },
+      {
+        type: BulkActionEditTypeEnum.set_index_patterns,
+        value: ['test-*'],
+      },
+      {
+        type: BulkActionEditTypeEnum.set_timeline,
+        value: { timeline_id: 'mock-id', timeline_title: 'mock-title' },
+      },
+      {
+        type: BulkActionEditTypeEnum.set_schedule,
+        value: { interval: '1m', lookback: '1m' },
+      },
+    ];
+
+    bulkEditingCases.forEach(({ type, value }) => {
+      it(`applies "${type}" bulk edit action to prebuilt rules`, async () => {
+        await installMockPrebuiltRules(supertest, es);
+
+        const {
+          body: {
+            data: [prebuiltRule],
+          },
+        } = await securitySolutionApi.findRules({
+          query: {
+            filter: 'alert.attributes.params.immutable: true',
+            per_page: 1,
+          },
+        });
+
+        const { body } = await securitySolutionApi
+          .performRulesBulkAction({
+            query: {},
+            body: {
+              ids: [prebuiltRule.id],
+              action: BulkActionTypeEnum.edit,
+              [BulkActionTypeEnum.edit]: [
+                {
+                  type,
+                  value,
+                } as BulkActionEditPayload,
+              ],
+            },
+          })
+          .expect(200);
+
+        expect(body).toMatchObject({
+          success: true,
+          rules_count: 1,
+        });
+        expect(body.attributes.summary).toMatchObject({ succeeded: 1, total: 1 });
+      });
+    });
+  });
+};
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/customization/index.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/customization/index.ts
@ -0,0 +1,14 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { FtrProviderContext } from '../../../../../../ftr_provider_context';
+
+export default ({ loadTestFile }: FtrProviderContext): void => {
+  loadTestFile(require.resolve('./calculate_is_customized'));
+  loadTestFile(require.resolve('./customize_prebuilt_rules'));
+  loadTestFile(require.resolve('./customize_via_bulk_editing'));
+};
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/rules_export.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/rules_export.ts
@ -39,13 +39,13 @@ export default ({ getService }: FtrProviderContext): void => {
   * This test suite is skipped in Serverless MKI environments due to reliance on the
   * feature flag for prebuilt rule customization.
   */
-  describe('@ess @serverless @skipInServerlessMKI Exporting Rules with Prebuilt Rule Customization', () => {
+  describe('@ess @serverless @skipInServerlessMKI Export prebuilt rules', () => {
    beforeEach(async () => {
      await deleteAllPrebuiltRuleAssets(es, log);
      await deleteAllRules(supertest, log);
    });

-    it('exports a set of custom installed rules via the _export API', async () => {
+    it('exports a set of custom rules via the _export API', async () => {
      await Promise.all([
        securitySolutionApi
          .createRule({ body: getCustomQueryRuleParams({ rule_id: 'rule-id-1' }) })
@ -98,7 +98,7 @@ export default ({ getService }: FtrProviderContext): void => {
        await installPrebuiltRules(es, supertest);
      });

-      it('exports a set of prebuilt installed rules via the _export API', async () => {
+      it('exports a set of non-customized prebuilt rules via the _export API', async () => {
        const { body: exportResult } = await securitySolutionApi
          .exportRules({ query: {}, body: null })
          .expect(200)
@ -124,17 +124,18 @@ export default ({ getService }: FtrProviderContext): void => {
            }),
          ])
        );
+      });

-        const [firstExportedRule, secondExportedRule] = parsedExportResult as Array<{
-          id: string;
-          rule_id: string;
-        }>;
+      it('exports a set of customized prebuilt rules via the _export API', async () => {
+        const {
+          body: { data: rules },
+        } = await securitySolutionApi.findRules({ query: {} }).expect(200);

        const { body: bulkEditResult } = await securitySolutionApi
          .performRulesBulkAction({
            query: {},
            body: {
-              ids: [firstExportedRule.id],
+              ids: [rules[0].id],
              action: BulkActionTypeEnum.edit,
              [BulkActionTypeEnum.edit]: [
                {
@ -164,14 +165,14 @@ export default ({ getService }: FtrProviderContext): void => {
        expect(parseNdJson(secondExportResult)).toEqual(
          expect.arrayContaining([
            expect.objectContaining({
-              rule_id: firstExportedRule.rule_id,
+              rule_id: rules[0].rule_id,
              rule_source: {
                type: 'external',
                is_customized: true,
              },
            }),
            expect.objectContaining({
-              rule_id: secondExportedRule.rule_id,
+              rule_id: rules[1].rule_id,
              rule_source: {
                type: 'external',
                is_customized: false,
@ -181,7 +182,7 @@ export default ({ getService }: FtrProviderContext): void => {
        );
      });

-      it('exports a set of custom and prebuilt installed rules via the _export API', async () => {
+      it('exports a set of custom and prebuilt rules via the _export API', async () => {
        await Promise.all([
          securitySolutionApi
            .createRule({ body: getCustomQueryRuleParams({ rule_id: 'rule-id-1' }) })
@ -276,7 +277,74 @@ export default ({ getService }: FtrProviderContext): void => {
        );
      });

-      it('exports a set of custom and prebuilt installed rules via the bulk_actions API', async () => {
+      it('exports all prebuilt rules via _export API', async () => {
+        const { body } = await securitySolutionApi
+          .exportRules({ query: {}, body: null })
+          .expect(200)
+          .parse(binaryToString);
+
+        const exportJson = parseNdJson(body);
+
+        expect(exportJson).toEqual(
+          expect.arrayContaining([
+            expect.objectContaining({
+              rule_id: ruleAssets[0]['security-rule'].rule_id,
+              rule_source: {
+                type: 'external',
+                is_customized: false,
+              },
+            }),
+            expect.objectContaining({
+              rule_id: ruleAssets[1]['security-rule'].rule_id,
+              rule_source: {
+                type: 'external',
+                is_customized: false,
+              },
+            }),
+          ])
+        );
+
+        const exportStats = exportJson.at(-1);
+
+        expect(exportStats).toMatchObject({
+          exported_rules_count: 2,
+          missing_rules: [],
+        });
+      });
+
+      it('exports a set of prebuilt rules via the bulk_actions API', async () => {
+        const ruleAsset = createRuleAssetSavedObject({ rule_id: 'prebuilt-rule-1', version: 1 });
+
+        await createPrebuiltRuleAssetSavedObjects(es, [ruleAsset]);
+        await installPrebuiltRules(es, supertest);
+
+        const findResponse = await securitySolutionApi.findRules({ query: {} });
+        const installedRule = findResponse.body.data[0];
+
+        const { body } = await securitySolutionApi
+          .performRulesBulkAction({
+            query: {},
+            body: { action: BulkActionTypeEnum.export, ids: [installedRule.id] },
+          })
+          .expect(200)
+          .parse(binaryToString);
+
+        const [ruleJson, exportDetailsJson] = parseNdJson(body);
+
+        expect(ruleJson).toMatchObject({
+          id: installedRule.id,
+          rule_source: {
+            type: 'external',
+            is_customized: false,
+          },
+        });
+
+        expect(exportDetailsJson).toMatchObject({
+          missing_rules: [],
+        });
+      });
+
+      it('exports a set of custom and prebuilt rules via the bulk_actions API', async () => {
        await Promise.all([
          securitySolutionApi
            .createRule({ body: getCustomQueryRuleParams({ rule_id: 'rule-id-1' }) })
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/import_rules.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/import_rules.ts
@ -47,7 +47,7 @@ export default ({ getService }: FtrProviderContext): void => {
  );
  const prebuiltRuleIds = [...new Set(prebuiltRules.map((rule) => rule.rule_id))];

-  describe('@ess @serverless @skipInServerlessMKI import_rules', () => {
+  describe('@ess @serverless @skipInServerlessMKI Import prebuilt rules', () => {
    before(async () => {
      await deleteAllPrebuiltRuleAssets(es, log);
      await createHistoricalPrebuiltRuleAssetSavedObjects(
@ -318,6 +318,7 @@ export default ({ getService }: FtrProviderContext): void => {
            expect.objectContaining({
              rule_id: 'rule-1',
              version: 2,
+              name: 'Customized prebuilt rule',
              rule_source: { type: 'external', is_customized: true },
              immutable: true,
            }),
@ -331,6 +332,53 @@ export default ({ getService }: FtrProviderContext): void => {
        );
      });

+      it('accepts rules with "immutable: true"', async () => {
+        const rule = getCustomQueryRuleParams({
+          rule_id: 'rule-immutable',
+          // @ts-expect-error the API supports this param, but we only need it in {@link RuleToImport}
+          immutable: true,
+        });
+
+        const { body } = await importRules([rule]);
+
+        expect(body).toMatchObject({
+          success: true,
+        });
+      });
+
+      it('allows (but ignores) rules with a value for rule_source', async () => {
+        const rule = getCustomQueryRuleParams({
+          rule_id: 'with-rule-source',
+          // @ts-expect-error the API supports this param, but we only need it in {@link RuleToImport}
+          rule_source: {
+            type: 'ignored',
+          },
+        });
+
+        const { body } = await importRules([rule]);
+
+        expect(body).toMatchObject({
+          success: true,
+          success_count: 1,
+        });
+
+        const importedRule = await fetchRule(supertest, { ruleId: 'with-rule-source' });
+
+        expect(importedRule.rule_source).toMatchObject({ type: 'internal' });
+      });
+
+      it('rejects rules without a rule_id', async () => {
+        const rule = getCustomQueryRuleParams({});
+        delete rule.rule_id;
+
+        const { body } = await importRules([rule]);
+
+        expect(body.errors).toHaveLength(1);
+        expect(body.errors[0]).toMatchObject({
+          error: { message: 'rule_id: Required', status_code: 400 },
+        });
+      });
+
      // TODO: Fix the test setup https://github.com/elastic/kibana/pull/206893#discussion_r1966170712
      it.skip('imports prebuilt rules when the rules package is not installed', async () => {
        await deletePrebuiltRulesFleetPackage({ supertest, es, log, retryService }); // First we delete the rule package
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/import_export/index.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/import_export/index.ts
@ -0,0 +1,13 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { FtrProviderContext } from '../../../../../../ftr_provider_context';
+
+export default ({ loadTestFile }: FtrProviderContext): void => {
+  loadTestFile(require.resolve('./export_prebuilt_rules'));
+  loadTestFile(require.resolve('./import_prebuilt_rules'));
+};
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/index.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/index.ts
@ -0,0 +1,18 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { FtrProviderContext } from '../../../../../ftr_provider_context';
+
+export default ({ loadTestFile }: FtrProviderContext): void => {
+  describe('Rules Management - Prebuilt Rules (Customization Enabled)', function () {
+    loadTestFile(require.resolve('./customization'));
+    loadTestFile(require.resolve('./import_export'));
+    loadTestFile(require.resolve('./install_prebuilt_rules'));
+    loadTestFile(require.resolve('./status'));
+    loadTestFile(require.resolve('./upgrade_prebuilt_rules'));
+  });
+};
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/install_prebuilt_rules/index.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/install_prebuilt_rules/index.ts
@ -0,0 +1,12 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { FtrProviderContext } from '../../../../../../ftr_provider_context';
+
+export default ({ loadTestFile }: FtrProviderContext): void => {
+  loadTestFile(require.resolve('./install_mocked_prebuilt_rule_assets'));
+};
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/install_prebuilt_rules_with_historical_versions.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/install_prebuilt_rules_with_historical_versions.ts
@ -4,12 +4,14 @@
 * 2.0; you may not use this file except in compliance with the Elastic License
 * 2.0.
 */
+
 import expect from 'expect';
 import { FtrProviderContext } from '../../../../../../ftr_provider_context';
 import {
  deleteAllTimelines,
  deleteAllPrebuiltRuleAssets,
  createRuleAssetSavedObject,
+  createPrebuiltRuleAssetSavedObjects,
  installPrebuiltRulesAndTimelines,
  getPrebuiltRulesAndTimelinesStatus,
  createHistoricalPrebuiltRuleAssetSavedObjects,
@ -26,41 +28,135 @@ export default ({ getService }: FtrProviderContext): void => {
  const log = getService('log');
  const securitySolutionApi = getService('securitySolutionApi');

-  describe('@ess @serverless @skipInServerlessMKI install prebuilt rules from package with historical versions with mock rule assets', () => {
-    const getRuleAssetSavedObjects = () => [
-      createRuleAssetSavedObject({ rule_id: 'rule-1', version: 1 }),
-      createRuleAssetSavedObject({ rule_id: 'rule-1', version: 2 }),
-      createRuleAssetSavedObject({ rule_id: 'rule-2', version: 1 }),
-      createRuleAssetSavedObject({ rule_id: 'rule-2', version: 2 }),
-      createRuleAssetSavedObject({ rule_id: 'rule-2', version: 3 }),
-    ];
-    const RULES_COUNT = 2;
-
+  describe('@ess @serverless @skipInServerlessMKI Install from mocked prebuilt rule assets', () => {
    beforeEach(async () => {
      await deleteAllRules(supertest, log);
      await deleteAllTimelines(es, log);
      await deleteAllPrebuiltRuleAssets(es, log);
    });

-    describe('using legacy endpoint', () => {
+    describe('without historical versions', () => {
+      const getRuleAssetSavedObjects = () => [
+        createRuleAssetSavedObject({ rule_id: 'rule-1', version: 1 }),
+        createRuleAssetSavedObject({ rule_id: 'rule-2', version: 2 }),
+        createRuleAssetSavedObject({ rule_id: 'rule-3', version: 3 }),
+        createRuleAssetSavedObject({ rule_id: 'rule-4', version: 4 }),
+      ];
+      const RULES_COUNT = getRuleAssetSavedObjects().length;
+
+      it('installs prebuilt rules', async () => {
+        await createPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects());
+        const body = await installPrebuiltRules(es, supertest);
+
+        expect(body.summary.succeeded).toBe(RULES_COUNT);
+        expect(body.summary.failed).toBe(0);
+        expect(body.summary.skipped).toBe(0);
+      });
+
+      it('installs correct prebuilt rule versions', async () => {
+        await createPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects());
+        const body = await installPrebuiltRules(es, supertest);
+
+        // Check that all prebuilt rules were actually installed and their versions match the latest
+        expect(body.results.created).toEqual(
+          expect.arrayContaining([
+            expect.objectContaining({ rule_id: 'rule-1', version: 1 }),
+            expect.objectContaining({ rule_id: 'rule-2', version: 2 }),
+            expect.objectContaining({ rule_id: 'rule-3', version: 3 }),
+            expect.objectContaining({ rule_id: 'rule-4', version: 4 }),
+          ])
+        );
+      });
+
+      it('installs missing prebuilt rules', async () => {
+        // Install all prebuilt detection rules
+        await createPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects());
+        await installPrebuiltRules(es, supertest);
+
+        // Delete one of the installed rules
+        await deleteRule(supertest, 'rule-1');
+
+        // Check that one prebuilt rule is missing
+        const statusResponse = await getPrebuiltRulesStatus(es, supertest);
+        expect(statusResponse.stats.num_prebuilt_rules_to_install).toBe(1);
+
+        // Call the install prebuilt rules again and check that the missing rule was installed
+        const response = await installPrebuiltRules(es, supertest);
+        expect(response.summary.succeeded).toBe(1);
+      });
+
+      describe('legacy (PUT /api/detection_engine/rules/prepackaged)', () => {
+        it('installs prebuilt rules', async () => {
+          await createPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects());
+          const body = await installPrebuiltRulesAndTimelines(es, supertest);
+
+          expect(body.rules_installed).toBe(RULES_COUNT);
+          expect(body.rules_updated).toBe(0);
+        });
+
+        it('installs correct prebuilt rule versions', async () => {
+          await createPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects());
+          await installPrebuiltRulesAndTimelines(es, supertest);
+
+          // Get installed rules
+          const rulesResponse = await getInstalledRules(supertest);
+
+          // Check that all prebuilt rules were actually installed and their versions match the latest
+          expect(rulesResponse.total).toBe(RULES_COUNT);
+          expect(rulesResponse.data).toEqual(
+            expect.arrayContaining([
+              expect.objectContaining({ rule_id: 'rule-1', version: 1 }),
+              expect.objectContaining({ rule_id: 'rule-2', version: 2 }),
+              expect.objectContaining({ rule_id: 'rule-3', version: 3 }),
+              expect.objectContaining({ rule_id: 'rule-4', version: 4 }),
+            ])
+          );
+        });
+
+        it('installs missing prebuilt rules', async () => {
+          // Install all prebuilt detection rules
+          await createPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects());
+          await installPrebuiltRulesAndTimelines(es, supertest);
+
+          // Delete one of the installed rules
+          await deleteRule(supertest, 'rule-1');
+
+          // Check that one prebuilt rule is missing
+          const statusResponse = await getPrebuiltRulesAndTimelinesStatus(es, supertest);
+          expect(statusResponse.rules_not_installed).toBe(1);
+
+          // Call the install prebuilt rules again and check that the missing rule was installed
+          const response = await installPrebuiltRulesAndTimelines(es, supertest);
+          expect(response.rules_installed).toBe(1);
+          expect(response.rules_updated).toBe(0);
+        });
+      });
+    });
+
+    describe('with historical versions', () => {
+      const getRuleAssetSavedObjects = () => [
+        createRuleAssetSavedObject({ rule_id: 'rule-1', version: 1 }),
+        createRuleAssetSavedObject({ rule_id: 'rule-1', version: 2 }),
+        createRuleAssetSavedObject({ rule_id: 'rule-2', version: 1 }),
+        createRuleAssetSavedObject({ rule_id: 'rule-2', version: 2 }),
+        createRuleAssetSavedObject({ rule_id: 'rule-2', version: 3 }),
+      ];
+      const RULES_COUNT = 2;
+
      it('should install prebuilt rules', async () => {
        await createHistoricalPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects());
-        const body = await installPrebuiltRulesAndTimelines(es, supertest);
+        const body = await installPrebuiltRules(es, supertest);

-        expect(body.rules_installed).toBe(RULES_COUNT);
-        expect(body.rules_updated).toBe(0);
+        expect(body.summary.succeeded).toBe(RULES_COUNT);
      });

      it('should install correct prebuilt rule versions', async () => {
        await createHistoricalPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects());
-        await installPrebuiltRulesAndTimelines(es, supertest);
-
-        // Get installed rules
-        const rulesResponse = await getInstalledRules(supertest);
+        const response = await installPrebuiltRules(es, supertest);

        // Check that all prebuilt rules were actually installed and their versions match the latest
-        expect(rulesResponse.total).toBe(RULES_COUNT);
-        expect(rulesResponse.data).toEqual(
+        expect(response.summary.succeeded).toBe(RULES_COUNT);
+        expect(response.results.created).toEqual(
          expect.arrayContaining([
            expect.objectContaining({ rule_id: 'rule-1', version: 2 }),
            expect.objectContaining({ rule_id: 'rule-2', version: 3 }),
@ -71,37 +167,37 @@ export default ({ getService }: FtrProviderContext): void => {
      it('should not install prebuilt rules if they are up to date', async () => {
        // Install all prebuilt detection rules
        await createHistoricalPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects());
-        await installPrebuiltRulesAndTimelines(es, supertest);
+        await installPrebuiltRules(es, supertest);

        // Check that all prebuilt rules were installed
-        const statusResponse = await getPrebuiltRulesAndTimelinesStatus(es, supertest);
-        expect(statusResponse.rules_not_installed).toBe(0);
+        const statusResponse = await getPrebuiltRulesStatus(es, supertest);
+        expect(statusResponse.stats.num_prebuilt_rules_to_install).toBe(0);

        // Call the install prebuilt rules again and check that no rules were installed
-        const response = await installPrebuiltRulesAndTimelines(es, supertest);
-        expect(response.rules_installed).toBe(0);
-        expect(response.rules_updated).toBe(0);
+        const response = await installPrebuiltRules(es, supertest);
+        expect(response.summary.succeeded).toBe(0);
+        expect(response.summary.total).toBe(0);
      });

      it('should install missing prebuilt rules', async () => {
        // Install all prebuilt detection rules
        await createHistoricalPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects());
-        await installPrebuiltRulesAndTimelines(es, supertest);
+        await installPrebuiltRules(es, supertest);

        // Delete one of the installed rules
        await deleteRule(supertest, 'rule-1');

        // Check that one prebuilt rule is missing
-        const statusResponse = await getPrebuiltRulesAndTimelinesStatus(es, supertest);
-        expect(statusResponse.rules_not_installed).toBe(1);
+        const statusResponse = await getPrebuiltRulesStatus(es, supertest);
+        expect(statusResponse.stats.num_prebuilt_rules_to_install).toBe(1);

        // Call the install prebuilt rules endpoint again and check that the missing rule was installed
-        const response = await installPrebuiltRulesAndTimelines(es, supertest);
-        expect(response.rules_installed).toBe(1);
-        expect(response.rules_updated).toBe(0);
+        const response = await installPrebuiltRules(es, supertest);
+        expect(response.summary.succeeded).toBe(1);
+        expect(response.summary.total).toBe(1);
      });

-      it('should not overwrite existing actions', async () => {
+      it('should NOT overwrite existing actions', async () => {
        // Install prebuilt detection rule
        await createHistoricalPrebuiltRuleAssetSavedObjects(es, [
          createRuleAssetSavedObject({ rule_id: 'rule-1', version: 1 }),
@ -156,7 +252,7 @@ export default ({ getService }: FtrProviderContext): void => {
        ]);
      });

-      it('should not overwrite existing exceptions lists', async () => {
+      it('should NOT overwrite existing exceptions lists', async () => {
        // Install prebuilt detection rule
        await createHistoricalPrebuiltRuleAssetSavedObjects(es, [
          createRuleAssetSavedObject({ rule_id: 'rule-1', version: 1 }),
@ -203,61 +299,65 @@ export default ({ getService }: FtrProviderContext): void => {
          }),
        ]);
      });
-    });

-    describe('using current endpoint', () => {
-      it('should install prebuilt rules', async () => {
-        await createHistoricalPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects());
-        const body = await installPrebuiltRules(es, supertest);
+      describe('legacy (PUT /api/detection_engine/rules/prepackaged)', () => {
+        it('should install prebuilt rules', async () => {
+          await createHistoricalPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects());
+          const body = await installPrebuiltRulesAndTimelines(es, supertest);

-        expect(body.summary.succeeded).toBe(RULES_COUNT);
-      });
+          expect(body.rules_installed).toBe(RULES_COUNT);
+          expect(body.rules_updated).toBe(0);
+        });

-      it('should install correct prebuilt rule versions', async () => {
-        await createHistoricalPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects());
-        const response = await installPrebuiltRules(es, supertest);
+        it('should install correct prebuilt rule versions', async () => {
+          await createHistoricalPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects());
+          await installPrebuiltRulesAndTimelines(es, supertest);

-        // Check that all prebuilt rules were actually installed and their versions match the latest
-        expect(response.summary.succeeded).toBe(RULES_COUNT);
-        expect(response.results.created).toEqual(
-          expect.arrayContaining([
-            expect.objectContaining({ rule_id: 'rule-1', version: 2 }),
-            expect.objectContaining({ rule_id: 'rule-2', version: 3 }),
-          ])
-        );
-      });
+          // Get installed rules
+          const rulesResponse = await getInstalledRules(supertest);

-      it('should not install prebuilt rules if they are up to date', async () => {
-        // Install all prebuilt detection rules
-        await createHistoricalPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects());
-        await installPrebuiltRules(es, supertest);
+          // Check that all prebuilt rules were actually installed and their versions match the latest
+          expect(rulesResponse.total).toBe(RULES_COUNT);
+          expect(rulesResponse.data).toEqual(
+            expect.arrayContaining([
+              expect.objectContaining({ rule_id: 'rule-1', version: 2 }),
+              expect.objectContaining({ rule_id: 'rule-2', version: 3 }),
+            ])
+          );
+        });

-        // Check that all prebuilt rules were installed
-        const statusResponse = await getPrebuiltRulesStatus(es, supertest);
-        expect(statusResponse.stats.num_prebuilt_rules_to_install).toBe(0);
+        it('should not install prebuilt rules if they are up to date', async () => {
+          // Install all prebuilt detection rules
+          await createHistoricalPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects());
+          await installPrebuiltRulesAndTimelines(es, supertest);

-        // Call the install prebuilt rules again and check that no rules were installed
-        const response = await installPrebuiltRules(es, supertest);
-        expect(response.summary.succeeded).toBe(0);
-        expect(response.summary.total).toBe(0);
-      });
+          // Check that all prebuilt rules were installed
+          const statusResponse = await getPrebuiltRulesAndTimelinesStatus(es, supertest);
+          expect(statusResponse.rules_not_installed).toBe(0);

-      it('should install missing prebuilt rules', async () => {
-        // Install all prebuilt detection rules
-        await createHistoricalPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects());
-        await installPrebuiltRules(es, supertest);
+          // Call the install prebuilt rules again and check that no rules were installed
+          const response = await installPrebuiltRulesAndTimelines(es, supertest);
+          expect(response.rules_installed).toBe(0);
+          expect(response.rules_updated).toBe(0);
+        });

-        // Delete one of the installed rules
-        await deleteRule(supertest, 'rule-1');
+        it('should install missing prebuilt rules', async () => {
+          // Install all prebuilt detection rules
+          await createHistoricalPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects());
+          await installPrebuiltRulesAndTimelines(es, supertest);

-        // Check that one prebuilt rule is missing
-        const statusResponse = await getPrebuiltRulesStatus(es, supertest);
-        expect(statusResponse.stats.num_prebuilt_rules_to_install).toBe(1);
+          // Delete one of the installed rules
+          await deleteRule(supertest, 'rule-1');

-        // Call the install prebuilt rules endpoint again and check that the missing rule was installed
-        const response = await installPrebuiltRules(es, supertest);
-        expect(response.summary.succeeded).toBe(1);
-        expect(response.summary.total).toBe(1);
+          // Check that one prebuilt rule is missing
+          const statusResponse = await getPrebuiltRulesAndTimelinesStatus(es, supertest);
+          expect(statusResponse.rules_not_installed).toBe(1);
+
+          // Call the install prebuilt rules endpoint again and check that the missing rule was installed
+          const response = await installPrebuiltRulesAndTimelines(es, supertest);
+          expect(response.rules_installed).toBe(1);
+          expect(response.rules_updated).toBe(0);
+        });
      });
    });
  });
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/air_gapped/configs/ess_air_gapped.config.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/air_gapped/configs/ess_air_gapped.config.ts
@ -8,23 +8,14 @@
 import { FtrConfigProviderContext } from '@kbn/test';
 import path from 'path';

-export const BUNDLED_PACKAGE_DIR = path.join(
-  path.dirname(__filename),
-  './../fleet_bundled_packages/fixtures'
-);
+export const BUNDLED_PACKAGE_DIR = path.join(path.dirname(__filename), './../fixtures/packages');

 export default async function ({ readConfigFile }: FtrConfigProviderContext) {
-  const functionalConfig = await readConfigFile(
-    require.resolve('../../../../../../../config/ess/config.base.trial')
-  );
+  const functionalConfig = await readConfigFile(require.resolve('../../../configs/ess.config'));

  return {
    ...functionalConfig.getAll(),
    testFiles: [require.resolve('..')],
-    junit: {
-      reportName:
-        'Rules Management - Bundled Prebuilt Rules Integration Tests - ESS Env - Trial License',
-    },
    kbnTestServer: {
      ...functionalConfig.get('kbnTestServer'),
      serverArgs: [
@ -33,7 +24,7 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) {
         *  To do that, we point the Fleet url to an invalid URL, and instruct Fleet to fetch bundled packages at the
         *  location defined in BUNDLED_PACKAGE_DIR.
         */
-        `--xpack.fleet.registryUrl=http://invalidURL:8080`,
+        `--xpack.fleet.isAirGapped=true`,
        `--xpack.fleet.developer.bundledPackageLocation=${BUNDLED_PACKAGE_DIR}`,
      ],
    },
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/air_gapped/configs/ess_air_gapped_large_package.config.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/air_gapped/configs/ess_air_gapped_large_package.config.ts
@ -10,21 +10,15 @@ import path from 'path';

 export const BUNDLED_PACKAGE_DIR = path.join(
  path.dirname(__filename),
-  './../fleet_bundled_packages/fixtures'
+  './../fixtures/packages/large'
 );

 export default async function ({ readConfigFile }: FtrConfigProviderContext) {
-  const functionalConfig = await readConfigFile(
-    require.resolve('../../../../../../../config/ess/config.base.trial')
-  );
+  const functionalConfig = await readConfigFile(require.resolve('../../../configs/ess.config'));

  return {
    ...functionalConfig.getAll(),
-    testFiles: [require.resolve('..')],
-    junit: {
-      reportName:
-        'Rules Management - Large Prebuilt Rules Package Integration Tests - ESS Env - Trial License',
-    },
+    testFiles: [require.resolve('../install_large_bundled_package')],
    kbnTestServer: {
      ...functionalConfig.get('kbnTestServer'),
      serverArgs: [
@ -35,15 +29,9 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) {
         *  Since we want to test the installation of a large package, we created a specific package `security_detection_engine-100.0.0`
         *  which contains 15000 rules assets and 750 unique rules, and attempt to install it.
         */
-        `--xpack.fleet.registryUrl=http://invalidURL:8080`,
+        `--xpack.fleet.isAirGapped=true`,
        `--xpack.fleet.developer.bundledPackageLocation=${BUNDLED_PACKAGE_DIR}`,
      ],
-      env: {
-        /*  Limit the heap memory to the lowest amount with which Kibana doesn't crash with an out of memory error
-         *  when installing the large package.
-         */
-        NODE_OPTIONS: '--max-old-space-size=800',
-      },
    },
  };
 }
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/large_prebuilt_rules_package/trial_license_complete_tier/fleet_bundled_packages/fixtures/security_detection_engine-100.0.0.zip
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/large_prebuilt_rules_package/trial_license_complete_tier/fleet_bundled_packages/fixtures/security_detection_engine-100.0.0.zip
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/bundled_prebuilt_rules_package/trial_license_complete_tier/fleet_bundled_packages/fixtures/security_detection_engine-99.0.0.zip
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/bundled_prebuilt_rules_package/trial_license_complete_tier/fleet_bundled_packages/fixtures/security_detection_engine-99.0.0.zip
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/bundled_prebuilt_rules_package/trial_license_complete_tier/fleet_bundled_packages/fixtures/security_detection_engine-99.0.1-beta.1.zip
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/bundled_prebuilt_rules_package/trial_license_complete_tier/fleet_bundled_packages/fixtures/security_detection_engine-99.0.1-beta.1.zip
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/air_gapped/index.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/air_gapped/index.ts
@ -0,0 +1,15 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { FtrProviderContext } from '../../../../../../../ftr_provider_context';
+
+export default ({ loadTestFile }: FtrProviderContext): void => {
+  describe('Air-gapped environment with pre-bundled packages', () => {
+    loadTestFile(require.resolve('./install_bundled_package'));
+    loadTestFile(require.resolve('./prerelease_packages'));
+  });
+};
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/bundled_prebuilt_rules_package/trial_license_complete_tier/install_latest_bundled_prebuilt_rules.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/bundled_prebuilt_rules_package/trial_license_complete_tier/install_latest_bundled_prebuilt_rules.ts
@ -4,6 +4,7 @@
 * 2.0; you may not use this file except in compliance with the Elastic License
 * 2.0.
 */
+
 import fs from 'fs/promises';
 import path from 'path';
 import { REPO_ROOT } from '@kbn/repo-info';
@ -11,13 +12,14 @@ import JSON5 from 'json5';
 import expect from 'expect';
 import { PackageSpecManifest } from '@kbn/fleet-plugin/common';
 import { ALL_SAVED_OBJECT_INDICES } from '@kbn/core-saved-objects-server';
-import { FtrProviderContext } from '../../../../../../ftr_provider_context';
+import { FtrProviderContext } from '../../../../../../../ftr_provider_context';
 import {
  deleteAllPrebuiltRuleAssets,
  getPrebuiltRulesStatus,
  installPrebuiltRulesPackageByVersion,
-} from '../../../../utils';
-import { deleteAllRules } from '../../../../../../../common/utils/security_solution';
+} from '../../../../../utils';
+import { deleteAllRules } from '../../../../../../../../common/utils/security_solution';
+
 export default ({ getService }: FtrProviderContext): void => {
  const es = getService('es');
  const supertest = getService('supertest');
@ -31,7 +33,7 @@ export default ({ getService }: FtrProviderContext): void => {
  /* from a package that was bundled with Kibana */
  //
  // FLAKY: https://github.com/elastic/kibana/issues/180087
-  describe.skip('@ess @serverless @skipInServerlessMKI install_bundled_prebuilt_rules', () => {
+  describe.skip('@ess @serverless @skipInServerlessMKI Install bundled package', () => {
    beforeEach(async () => {
      await deleteAllRules(supertest, log);
      await deleteAllPrebuiltRuleAssets(es, log);
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/large_prebuilt_rules_package/trial_license_complete_tier/install_large_prebuilt_rules_package.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/large_prebuilt_rules_package/trial_license_complete_tier/install_large_prebuilt_rules_package.ts
@ -5,20 +5,20 @@
 * 2.0.
 */
 import expect from 'expect';
-import { FtrProviderContext } from '../../../../../../ftr_provider_context';
+import { FtrProviderContext } from '../../../../../../../ftr_provider_context';
 import {
  deleteAllPrebuiltRuleAssets,
  getPrebuiltRulesAndTimelinesStatus,
  installPrebuiltRulesAndTimelines,
-} from '../../../../utils';
-import { deleteAllRules } from '../../../../../../../common/utils/security_solution';
+} from '../../../../../utils';
+import { deleteAllRules } from '../../../../../../../../common/utils/security_solution';

 export default ({ getService }: FtrProviderContext): void => {
  const es = getService('es');
  const supertest = getService('supertest');
  const log = getService('log');

-  describe('@ess @serverless @skipInServerlessMKI install_large_prebuilt_rules_package', () => {
+  describe('@ess @serverless @skipInServerlessMKI Install large bundled package', () => {
    beforeEach(async () => {
      await deleteAllRules(supertest, log);
      await deleteAllPrebuiltRuleAssets(es, log);
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/bundled_prebuilt_rules_package/trial_license_complete_tier/prerelease_packages.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/bundled_prebuilt_rules_package/trial_license_complete_tier/prerelease_packages.ts
@ -4,9 +4,9 @@
 * 2.0; you may not use this file except in compliance with the Elastic License
 * 2.0.
 */
-import expect from 'expect';

-import { FtrProviderContext } from '../../../../../../ftr_provider_context';
+import expect from 'expect';
+import { FtrProviderContext } from '../../../../../../../ftr_provider_context';
 import {
  deleteAllPrebuiltRuleAssets,
  deletePrebuiltRulesFleetPackage,
@ -15,8 +15,8 @@ import {
  getPrebuiltRulesStatus,
  installPrebuiltRules,
  installPrebuiltRulesPackageViaFleetAPI,
-} from '../../../../utils';
-import { deleteAllRules } from '../../../../../../../common/utils/security_solution';
+} from '../../../../../utils';
+import { deleteAllRules } from '../../../../../../../../common/utils/security_solution';

 export default ({ getService }: FtrProviderContext): void => {
  const es = getService('es');
@ -31,14 +31,14 @@ export default ({ getService }: FtrProviderContext): void => {
  /* (We use high mock version numbers to prevent clashes with real packages downloaded in other tests.)
  /* To do assertions on which packages have been installed, 99.0.0 has a single rule to install,
  /* while 99.0.1-beta.1 has 2 rules to install. Also, both packages have the version as part of the rule names. */
-  describe('@ess @serverless @skipInServerlessMKI prerelease_packages', () => {
+  describe('@ess @serverless @skipInServerlessMKI Prerelease packages', () => {
    beforeEach(async () => {
      await deleteAllRules(supertest, log);
      await deleteAllPrebuiltRuleAssets(es, log);
      await deletePrebuiltRulesFleetPackage({ supertest, es, log, retryService });
    });

-    it('should install latest stable version and ignore prerelease packages', async () => {
+    it('installs the latest stable version ignoring prerelease packages', async () => {
      // Verify that status is empty before package installation
      const statusBeforePackageInstallation = await getPrebuiltRulesStatus(es, supertest);
      expect(statusBeforePackageInstallation.stats.num_prebuilt_rules_installed).toBe(0);
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/bootstrap_prebuilt_rules.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/bootstrap_prebuilt_rules.ts
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/bundled_prebuilt_rules_package/trial_license_complete_tier/index.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/bundled_prebuilt_rules_package/trial_license_complete_tier/index.ts
@ -8,8 +8,9 @@
 import { FtrProviderContext } from '../../../../../../ftr_provider_context';

 export default ({ loadTestFile }: FtrProviderContext): void => {
-  describe('Rules Management - Prebuilt Rules - Bundled Prebuilt Rules Package', function () {
-    loadTestFile(require.resolve('./install_latest_bundled_prebuilt_rules'));
-    loadTestFile(require.resolve('./prerelease_packages'));
+  describe('Prebuilt rules package', function () {
+    loadTestFile(require.resolve('./bootstrap_prebuilt_rules'));
+    loadTestFile(require.resolve('./install_package_from_epr'));
+    loadTestFile(require.resolve('./update_package'));
  });
 };
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/install_package_from_epr.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/install_package_from_epr.ts
@ -22,7 +22,7 @@ export default ({ getService }: FtrProviderContext): void => {
  const log = getService('log');
  const retryService = getService('retry');

-  describe('@ess @serverless @skipInServerlessMKI install_prebuilt_rules_from_real_package', () => {
+  describe('@ess @serverless @skipInServerlessMKI Install prebuilt rules from EPR', () => {
    beforeEach(async () => {
      await deletePrebuiltRulesFleetPackage({ supertest, es, log, retryService });
      await deleteAllRules(supertest, log);
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/update_prebuilt_rules_package/trial_license_complete_tier/update_prebuilt_rules_package.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/update_prebuilt_rules_package/trial_license_complete_tier/update_prebuilt_rules_package.ts
@ -61,7 +61,7 @@ export default ({ getService }: FtrProviderContext): void => {
    return getPackageResponse.body.item.version ?? '';
  };

-  describe('@ess @serverless @skipInServerlessMKI update_prebuilt_rules_package', () => {
+  describe('@ess @serverless @skipInServerlessMKI Update package', () => {
    before(async () => {
      const configFilePath = path.resolve(REPO_ROOT, 'fleet_packages.json');
      const fleetPackages = await fs.readFile(configFilePath, 'utf8');
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/get_prebuilt_rules_status.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/get_prebuilt_rules_status.ts
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/status/index.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/status/index.ts
@ -0,0 +1,13 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { FtrProviderContext } from '../../../../../../ftr_provider_context';
+
+export default ({ loadTestFile }: FtrProviderContext): void => {
+  loadTestFile(require.resolve('./get_prebuilt_rules_status'));
+  loadTestFile(require.resolve('./legacy/get_prebuilt_timelines_status'));
+};
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/get_prebuilt_timelines_status.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/get_prebuilt_timelines_status.ts
@ -6,12 +6,12 @@
 */

 import expect from 'expect';
-import { FtrProviderContext } from '../../../../../../ftr_provider_context';
+import { FtrProviderContext } from '../../../../../../../ftr_provider_context';
 import {
  deleteAllTimelines,
  getPrebuiltRulesAndTimelinesStatus,
  installPrebuiltRulesAndTimelines,
-} from '../../../../utils';
+} from '../../../../../utils';

 export default ({ getService }: FtrProviderContext): void => {
  const supertest = getService('supertest');
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/upgrade_prebuilt_rules/bulk_upgrade_all_prebuilt_rules.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/upgrade_prebuilt_rules/bulk_upgrade_all_prebuilt_rules.ts
@ -7,11 +7,12 @@

 import expect from 'expect';
 import { ModeEnum } from '@kbn/security-solution-plugin/common/api/detection_engine';
-import { setUpRuleUpgrade } from '../../../../../utils/rules/prebuilt_rules/set_up_rule_upgrade';
-import { FtrProviderContext } from '../../../../../../../ftr_provider_context';
-import { performUpgradePrebuiltRules } from '../../../../../utils';
+import { deleteAllRules } from '../../../../../../../common/utils/security_solution';
+import { setUpRuleUpgrade } from '../../../../utils/rules/prebuilt_rules/set_up_rule_upgrade';
+import { FtrProviderContext } from '../../../../../../ftr_provider_context';
+import { deleteAllPrebuiltRuleAssets, performUpgradePrebuiltRules } from '../../../../utils';

-export function bulkUpgradeAllPrebuiltRules({ getService }: FtrProviderContext): void {
+export default ({ getService }: FtrProviderContext): void => {
  const es = getService('es');
  const supertest = getService('supertest');
  const log = getService('log');
@ -21,7 +22,12 @@ export function bulkUpgradeAllPrebuiltRules({ getService }: FtrProviderContext):
    log,
  };

-  describe('all rules', () => {
+  describe('@ess @serverless @skipInServerlessMKI Bulk upgrade all prebuilt rules', () => {
+    beforeEach(async () => {
+      await deleteAllRules(supertest, log);
+      await deleteAllPrebuiltRuleAssets(es, log);
+    });
+
    describe('with historical versions', () => {
      const TEST_DATA = [
        { pickVersion: 'BASE', expectedTags: ['tagA'] },
@ -365,4 +371,4 @@ export function bulkUpgradeAllPrebuiltRules({ getService }: FtrProviderContext):
      }
    });
  });
-}
+};
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/upgrade_prebuilt_rules/bulk_upgrade_selected_prebuilt_rules.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/upgrade_prebuilt_rules/bulk_upgrade_selected_prebuilt_rules.ts
@ -7,11 +7,12 @@

 import expect from 'expect';
 import { ModeEnum } from '@kbn/security-solution-plugin/common/api/detection_engine';
-import { setUpRuleUpgrade } from '../../../../../utils/rules/prebuilt_rules/set_up_rule_upgrade';
-import { FtrProviderContext } from '../../../../../../../ftr_provider_context';
-import { performUpgradePrebuiltRules } from '../../../../../utils';
+import { deleteAllRules } from '../../../../../../../common/utils/security_solution';
+import { setUpRuleUpgrade } from '../../../../utils/rules/prebuilt_rules/set_up_rule_upgrade';
+import { FtrProviderContext } from '../../../../../../ftr_provider_context';
+import { deleteAllPrebuiltRuleAssets, performUpgradePrebuiltRules } from '../../../../utils';

-export function bulkUpgradeSelectedPrebuiltRules({ getService }: FtrProviderContext): void {
+export default ({ getService }: FtrProviderContext): void => {
  const es = getService('es');
  const supertest = getService('supertest');
  const log = getService('log');
@ -21,7 +22,12 @@ export function bulkUpgradeSelectedPrebuiltRules({ getService }: FtrProviderCont
    log,
  };

-  describe('selected rules', () => {
+  describe('@ess @serverless @skipInServerlessMKI Bulk upgrade selected prebuilt rules', () => {
+    beforeEach(async () => {
+      await deleteAllRules(supertest, log);
+      await deleteAllPrebuiltRuleAssets(es, log);
+    });
+
    describe('with historical versions', () => {
      describe('without customizations', () => {
        beforeEach(async () => {
@ -500,4 +506,4 @@ export function bulkUpgradeSelectedPrebuiltRules({ getService }: FtrProviderCont
      }
    });
  });
-}
+};
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/alert_suppression.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/alert_suppression.ts
@ -16,7 +16,7 @@ import {

 export function alertSuppressionField({ getService }: FtrProviderContext): void {
  describe('"alert_suppression"', () => {
-    describe('non-customized w/o an upgrade (AAA diff case)', () => {
+    describe('non-customized without an upgrade (AAA diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -49,7 +49,7 @@ export function alertSuppressionField({ getService }: FtrProviderContext): void
      );
    });

-    describe('non-customized w/ an upgrade (AAB diff case)', () => {
+    describe('non-customized with an upgrade (AAB diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -97,7 +97,7 @@ export function alertSuppressionField({ getService }: FtrProviderContext): void
      );
    });

-    describe('customized w/o an upgrade (ABA diff case)', () => {
+    describe('customized without an upgrade (ABA diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -147,7 +147,7 @@ export function alertSuppressionField({ getService }: FtrProviderContext): void
      );
    });

-    describe('customized w/ the matching upgrade (ABB diff case)', () => {
+    describe('customized with the matching upgrade (ABB diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -197,7 +197,7 @@ export function alertSuppressionField({ getService }: FtrProviderContext): void
      );
    });

-    describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => {
+    describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -240,7 +240,7 @@ export function alertSuppressionField({ getService }: FtrProviderContext): void
    });

    describe('without historical versions', () => {
-      describe('customized w/ the matching upgrade (-AA diff case)', () => {
+      describe('customized with the matching upgrade (-AA diff case)', () => {
        const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
          installed: {
            type: 'query',
@ -276,7 +276,7 @@ export function alertSuppressionField({ getService }: FtrProviderContext): void
        );
      });

-      describe('customized w/ an upgrade (-AB diff case)', () => {
+      describe('customized with an upgrade (-AB diff case)', () => {
        const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
          installed: {
            type: 'query',
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/building_block.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/building_block.ts
@ -16,7 +16,7 @@ import {

 export function buildingBlockField({ getService }: FtrProviderContext): void {
  describe('"building_block"', () => {
-    describe('non-customized w/o an upgrade (AAA diff case)', () => {
+    describe('non-customized without an upgrade (AAA diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -49,7 +49,7 @@ export function buildingBlockField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('non-customized w/ an upgrade (AAB diff case)', () => {
+    describe('non-customized with an upgrade (AAB diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -97,7 +97,7 @@ export function buildingBlockField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('customized w/o an upgrade (ABA diff case)', () => {
+    describe('customized without an upgrade (ABA diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -147,7 +147,7 @@ export function buildingBlockField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('customized w/ the matching upgrade (ABB diff case)', () => {
+    describe('customized with the matching upgrade (ABB diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -197,7 +197,7 @@ export function buildingBlockField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => {
+    describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -240,7 +240,7 @@ export function buildingBlockField({ getService }: FtrProviderContext): void {
    });

    describe('without historical versions', () => {
-      describe('customized w/ the matching upgrade (-AA diff case)', () => {
+      describe('customized with the matching upgrade (-AA diff case)', () => {
        const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
          installed: {
            type: 'query',
@ -276,7 +276,7 @@ export function buildingBlockField({ getService }: FtrProviderContext): void {
        );
      });

-      describe('customized w/ an upgrade (-AB diff case)', () => {
+      describe('customized with an upgrade (-AB diff case)', () => {
        const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
          installed: {
            type: 'query',
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/configs/ess.config.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/configs/ess.config.ts
@ -9,7 +9,7 @@ import { FtrConfigProviderContext } from '@kbn/test';

 export default async function ({ readConfigFile }: FtrConfigProviderContext) {
  const functionalConfig = await readConfigFile(
-    require.resolve('../../../../../../../../../config/ess/config.base.trial')
+    require.resolve('../../../../../../../../../config/ess/config.base.trial.ts')
  );

  const testConfig = {
@ -17,7 +17,7 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) {
    testFiles: [require.resolve('..')],
    junit: {
      reportName:
-        'Rules Management - Prebuilt Rule Customization Enabled Per Field Integration Tests - ESS Env',
+        'Rules Management - Prebuilt Rule (Customization Enabled) Per Field Integration Tests - ESS Env',
    },
  };

--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/configs/serverless.config.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/configs/serverless.config.ts
@ -11,6 +11,6 @@ export default createTestConfig({
  testFiles: [require.resolve('..')],
  junit: {
    reportName:
-      'Rules Management - Prebuilt Rule Customization Enabled Per Field Integration Tests - Serverless Env',
+      'Rules Management - Prebuilt Rule (Customization Enabled) Per Field Integration Tests - Serverless Env',
  },
 });
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/data_source.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/data_source.ts
@ -19,7 +19,7 @@ import {

 export function dataSourceField({ getService }: FtrProviderContext): void {
  describe('"data_source" with index patterns', () => {
-    describe('non-customized w/o an upgrade (AAA diff case)', () => {
+    describe('non-customized without an upgrade (AAA diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -55,7 +55,7 @@ export function dataSourceField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('non-customized w/ an upgrade (AAB diff case)', () => {
+    describe('non-customized with an upgrade (AAB diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -106,7 +106,7 @@ export function dataSourceField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('customized w/o an upgrade (ABA diff case)', () => {
+    describe('customized without an upgrade (ABA diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -160,7 +160,7 @@ export function dataSourceField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('customized w/ the matching upgrade (ABB diff case)', () => {
+    describe('customized with the matching upgrade (ABB diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -213,7 +213,7 @@ export function dataSourceField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('customized w/ an upgrade resulting in a conflict (ABC diff case, solvable conflict)', () => {
+    describe('customized with an upgrade resulting in a conflict (ABC diff case, solvable conflict)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -265,7 +265,7 @@ export function dataSourceField({ getService }: FtrProviderContext): void {
    });

    describe('without historical versions', () => {
-      describe('customized w/ the matching upgrade (-AA diff case)', () => {
+      describe('customized with the matching upgrade (-AA diff case)', () => {
        const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
          installed: {
            type: 'query',
@ -304,7 +304,7 @@ export function dataSourceField({ getService }: FtrProviderContext): void {
        );
      });

-      describe('customized w/ an upgrade (-AB diff case)', () => {
+      describe('customized with an upgrade (-AB diff case)', () => {
        const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
          installed: {
            type: 'query',
@ -357,7 +357,7 @@ export function dataSourceField({ getService }: FtrProviderContext): void {
  });

  describe('"data_source" with data view', () => {
-    describe('non-customized w/o an upgrade (AAA diff case)', () => {
+    describe('non-customized without an upgrade (AAA diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -393,7 +393,7 @@ export function dataSourceField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('non-customized w/ an upgrade (AAB diff case)', () => {
+    describe('non-customized with an upgrade (AAB diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -444,7 +444,7 @@ export function dataSourceField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('customized w/o an upgrade (ABA diff case)', () => {
+    describe('customized without an upgrade (ABA diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -498,7 +498,7 @@ export function dataSourceField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('customized w/ the matching upgrade (ABB diff case)', () => {
+    describe('customized with the matching upgrade (ABB diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -551,7 +551,7 @@ export function dataSourceField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => {
+    describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -597,7 +597,7 @@ export function dataSourceField({ getService }: FtrProviderContext): void {
    });

    describe('without historical versions', () => {
-      describe('customized w/ the matching upgrade (-AA diff case)', () => {
+      describe('customized with the matching upgrade (-AA diff case)', () => {
        const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
          installed: {
            type: 'query',
@ -636,7 +636,7 @@ export function dataSourceField({ getService }: FtrProviderContext): void {
        );
      });

-      describe('customized w/ an upgrade (-AB diff case)', () => {
+      describe('customized with an upgrade (-AB diff case)', () => {
        const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
          installed: {
            type: 'query',
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/description.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/description.ts
@ -16,7 +16,7 @@ import {

 export function descriptionField({ getService }: FtrProviderContext): void {
  describe('"description"', () => {
-    describe('non-customized w/o an upgrade (AAA diff case)', () => {
+    describe('non-customized without an upgrade (AAA diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -49,7 +49,7 @@ export function descriptionField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('non-customized w/ an upgrade (AAB diff case)', () => {
+    describe('non-customized with an upgrade (AAB diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -99,7 +99,7 @@ export function descriptionField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('customized w/o an upgrade (ABA diff case)', () => {
+    describe('customized without an upgrade (ABA diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -155,7 +155,7 @@ export function descriptionField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('customized w/ the matching upgrade (ABB diff case)', () => {
+    describe('customized with the matching upgrade (ABB diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -205,7 +205,7 @@ export function descriptionField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('customized w/ an upgrade resulting in a conflict (ABC diff case, solvable conflict)', () => {
+    describe('customized with an upgrade resulting in a conflict (ABC diff case, solvable conflict)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -251,7 +251,7 @@ export function descriptionField({ getService }: FtrProviderContext): void {
    });

    describe('without historical versions', () => {
-      describe('customized w/ the matching upgrade (-AA diff case)', () => {
+      describe('customized with the matching upgrade (-AA diff case)', () => {
        const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
          installed: {
            type: 'query',
@ -287,7 +287,7 @@ export function descriptionField({ getService }: FtrProviderContext): void {
        );
      });

-      describe('customized w/ an upgrade (-AB diff case)', () => {
+      describe('customized with an upgrade (-AB diff case)', () => {
        const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
          installed: {
            type: 'query',
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/false_positives.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/false_positives.ts
@ -16,7 +16,7 @@ import {

 export function falsePositivesField({ getService }: FtrProviderContext): void {
  describe('"false_positives"', () => {
-    describe('non-customized w/o an upgrade (AAA diff case)', () => {
+    describe('non-customized without an upgrade (AAA diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -49,7 +49,7 @@ export function falsePositivesField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('non-customized w/ an upgrade (AAB diff case)', () => {
+    describe('non-customized with an upgrade (AAB diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -97,7 +97,7 @@ export function falsePositivesField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('customized w/o an upgrade (ABA diff case)', () => {
+    describe('customized without an upgrade (ABA diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -147,7 +147,7 @@ export function falsePositivesField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('customized w/ the matching upgrade (ABB diff case)', () => {
+    describe('customized with the matching upgrade (ABB diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -197,7 +197,7 @@ export function falsePositivesField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => {
+    describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -240,7 +240,7 @@ export function falsePositivesField({ getService }: FtrProviderContext): void {
    });

    describe('without historical versions', () => {
-      describe('customized w/ the matching upgrade (-AA diff case)', () => {
+      describe('customized with the matching upgrade (-AA diff case)', () => {
        const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
          installed: {
            type: 'query',
@ -276,7 +276,7 @@ export function falsePositivesField({ getService }: FtrProviderContext): void {
        );
      });

-      describe('customized w/ an upgrade (-AB diff case)', () => {
+      describe('customized with an upgrade (-AB diff case)', () => {
        const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
          installed: {
            type: 'query',
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/index.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/index.ts
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/investigation_fields.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/investigation_fields.ts
@ -16,7 +16,7 @@ import {

 export function investigationFieldsField({ getService }: FtrProviderContext): void {
  describe('"investigation_fields"', () => {
-    describe('non-customized w/o an upgrade (AAA diff case)', () => {
+    describe('non-customized without an upgrade (AAA diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -49,7 +49,7 @@ export function investigationFieldsField({ getService }: FtrProviderContext): vo
      );
    });

-    describe('non-customized w/ an upgrade (AAB diff case)', () => {
+    describe('non-customized with an upgrade (AAB diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -97,7 +97,7 @@ export function investigationFieldsField({ getService }: FtrProviderContext): vo
      );
    });

-    describe('customized w/o an upgrade (ABA diff case)', () => {
+    describe('customized without an upgrade (ABA diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -147,7 +147,7 @@ export function investigationFieldsField({ getService }: FtrProviderContext): vo
      );
    });

-    describe('customized w/ the matching upgrade (ABB diff case)', () => {
+    describe('customized with the matching upgrade (ABB diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -197,7 +197,7 @@ export function investigationFieldsField({ getService }: FtrProviderContext): vo
      );
    });

-    describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => {
+    describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -240,7 +240,7 @@ export function investigationFieldsField({ getService }: FtrProviderContext): vo
    });

    describe('without historical versions', () => {
-      describe('customized w/ the matching upgrade (-AA diff case)', () => {
+      describe('customized with the matching upgrade (-AA diff case)', () => {
        const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
          installed: {
            type: 'query',
@ -276,7 +276,7 @@ export function investigationFieldsField({ getService }: FtrProviderContext): vo
        );
      });

-      describe('customized w/ an upgrade (-AB diff case)', () => {
+      describe('customized with an upgrade (-AB diff case)', () => {
        const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
          installed: {
            type: 'query',
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/max_signals.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/max_signals.ts
@ -16,7 +16,7 @@ import {

 export function maxSignalsField({ getService }: FtrProviderContext): void {
  describe('"max_signals"', () => {
-    describe('non-customized w/o an upgrade (AAA diff case)', () => {
+    describe('non-customized without an upgrade (AAA diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -49,7 +49,7 @@ export function maxSignalsField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('non-customized w/ an upgrade (AAB diff case)', () => {
+    describe('non-customized with an upgrade (AAB diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -97,7 +97,7 @@ export function maxSignalsField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('customized w/o an upgrade (ABA diff case)', () => {
+    describe('customized without an upgrade (ABA diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -147,7 +147,7 @@ export function maxSignalsField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('customized w/ the matching upgrade (ABB diff case)', () => {
+    describe('customized with the matching upgrade (ABB diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -197,7 +197,7 @@ export function maxSignalsField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => {
+    describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -240,7 +240,7 @@ export function maxSignalsField({ getService }: FtrProviderContext): void {
    });

    describe('without historical versions', () => {
-      describe('customized w/ the matching upgrade (-AA diff case)', () => {
+      describe('customized with the matching upgrade (-AA diff case)', () => {
        const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
          installed: {
            type: 'query',
@ -276,7 +276,7 @@ export function maxSignalsField({ getService }: FtrProviderContext): void {
        );
      });

-      describe('customized w/ an upgrade (-AB diff case)', () => {
+      describe('customized with an upgrade (-AB diff case)', () => {
        const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
          installed: {
            type: 'query',
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/name.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/name.ts
@ -16,7 +16,7 @@ import {

 export function nameField({ getService }: FtrProviderContext): void {
  describe('"name"', () => {
-    describe('non-customized w/o an upgrade (AAA diff case)', () => {
+    describe('non-customized without an upgrade (AAA diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -49,7 +49,7 @@ export function nameField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('non-customized w/ an upgrade (AAB diff case)', () => {
+    describe('non-customized with an upgrade (AAB diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -97,7 +97,7 @@ export function nameField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('customized w/o an upgrade (ABA diff case)', () => {
+    describe('customized without an upgrade (ABA diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -147,7 +147,7 @@ export function nameField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('customized w/ the matching upgrade (ABB diff case)', () => {
+    describe('customized with the matching upgrade (ABB diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -197,7 +197,7 @@ export function nameField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => {
+    describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -240,7 +240,7 @@ export function nameField({ getService }: FtrProviderContext): void {
    });

    describe('without historical versions', () => {
-      describe('customized w/ the matching upgrade (-AA diff case)', () => {
+      describe('customized with the matching upgrade (-AA diff case)', () => {
        const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
          installed: {
            type: 'query',
@ -276,7 +276,7 @@ export function nameField({ getService }: FtrProviderContext): void {
        );
      });

-      describe('customized w/ an upgrade (-AB diff case)', () => {
+      describe('customized with an upgrade (-AB diff case)', () => {
        const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
          installed: {
            type: 'query',
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/note.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/note.ts
@ -16,7 +16,7 @@ import {

 export function noteField({ getService }: FtrProviderContext): void {
  describe('"note"', () => {
-    describe('non-customized w/o an upgrade (AAA diff case)', () => {
+    describe('non-customized without an upgrade (AAA diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -49,7 +49,7 @@ export function noteField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('non-customized w/ an upgrade (AAB diff case)', () => {
+    describe('non-customized with an upgrade (AAB diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -97,7 +97,7 @@ export function noteField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('customized w/o an upgrade (ABA diff case)', () => {
+    describe('customized without an upgrade (ABA diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -147,7 +147,7 @@ export function noteField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('customized w/ the matching upgrade (ABB diff case)', () => {
+    describe('customized with the matching upgrade (ABB diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -197,7 +197,7 @@ export function noteField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('customized w/ an upgrade resulting in a conflict (ABC diff case, solvable conflict)', () => {
+    describe('customized with an upgrade resulting in a conflict (ABC diff case, solvable conflict)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -240,7 +240,7 @@ export function noteField({ getService }: FtrProviderContext): void {
    });

    describe('without historical versions', () => {
-      describe('customized w/ the matching upgrade (-AA diff case)', () => {
+      describe('customized with the matching upgrade (-AA diff case)', () => {
        const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
          installed: {
            type: 'query',
@ -276,7 +276,7 @@ export function noteField({ getService }: FtrProviderContext): void {
        );
      });

-      describe('customized w/ an upgrade (-AB diff case)', () => {
+      describe('customized with an upgrade (-AB diff case)', () => {
        const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
          installed: {
            type: 'query',
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/references.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/references.ts
@ -16,7 +16,7 @@ import {

 export function referencesField({ getService }: FtrProviderContext): void {
  describe('"references"', () => {
-    describe('non-customized w/o an upgrade (AAA diff case)', () => {
+    describe('non-customized without an upgrade (AAA diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -49,7 +49,7 @@ export function referencesField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('non-customized w/ an upgrade (AAB diff case)', () => {
+    describe('non-customized with an upgrade (AAB diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -97,7 +97,7 @@ export function referencesField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('customized w/o an upgrade (ABA diff case)', () => {
+    describe('customized without an upgrade (ABA diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -147,7 +147,7 @@ export function referencesField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('customized w/ the matching upgrade (ABB diff case)', () => {
+    describe('customized with the matching upgrade (ABB diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -197,7 +197,7 @@ export function referencesField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('customized w/ an upgrade resulting in a conflict (ABC diff case, solvable conflict)', () => {
+    describe('customized with an upgrade resulting in a conflict (ABC diff case, solvable conflict)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -240,7 +240,7 @@ export function referencesField({ getService }: FtrProviderContext): void {
    });

    describe('without historical versions', () => {
-      describe('customized w/ the matching upgrade (-AA diff case)', () => {
+      describe('customized with the matching upgrade (-AA diff case)', () => {
        const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
          installed: {
            type: 'query',
@ -276,7 +276,7 @@ export function referencesField({ getService }: FtrProviderContext): void {
        );
      });

-      describe('customized w/ an upgrade (-AB diff case)', () => {
+      describe('customized with an upgrade (-AB diff case)', () => {
        const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
          installed: {
            type: 'query',
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/related_integrations.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/related_integrations.ts
@ -16,7 +16,7 @@ import {

 export function relatedIntegrationsField({ getService }: FtrProviderContext): void {
  describe('"related_integrations"', () => {
-    describe('non-customized w/o an upgrade (AAA diff case)', () => {
+    describe('non-customized without an upgrade (AAA diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -71,7 +71,7 @@ export function relatedIntegrationsField({ getService }: FtrProviderContext): vo
      );
    });

-    describe('non-customized w/ an upgrade (AAB diff case)', () => {
+    describe('non-customized with an upgrade (AAB diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -184,7 +184,7 @@ export function relatedIntegrationsField({ getService }: FtrProviderContext): vo
      );
    });

-    describe('customized w/o an upgrade (ABA diff case)', () => {
+    describe('customized without an upgrade (ABA diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -288,7 +288,7 @@ export function relatedIntegrationsField({ getService }: FtrProviderContext): vo
      );
    });

-    describe('customized w/ the matching upgrade (ABB diff case)', () => {
+    describe('customized with the matching upgrade (ABB diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -392,7 +392,7 @@ export function relatedIntegrationsField({ getService }: FtrProviderContext): vo
      );
    });

-    describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => {
+    describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -490,7 +490,7 @@ export function relatedIntegrationsField({ getService }: FtrProviderContext): vo
    });

    describe('without historical versions', () => {
-      describe('customized w/ the matching upgrade (-AA diff case)', () => {
+      describe('customized with the matching upgrade (-AA diff case)', () => {
        const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
          installed: {
            type: 'query',
@ -553,7 +553,7 @@ export function relatedIntegrationsField({ getService }: FtrProviderContext): vo
        );
      });

-      describe('customized w/ an upgrade (-AB diff case)', () => {
+      describe('customized with an upgrade (-AB diff case)', () => {
        const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
          installed: {
            type: 'query',
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/required_fields.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/required_fields.ts
@ -16,7 +16,7 @@ import {

 export function requiredFieldsField({ getService }: FtrProviderContext): void {
  describe('"required_fields"', () => {
-    describe('non-customized w/o an upgrade (AAA diff case)', () => {
+    describe('non-customized without an upgrade (AAA diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -73,7 +73,7 @@ export function requiredFieldsField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('non-customized w/ an upgrade (AAB diff case)', () => {
+    describe('non-customized with an upgrade (AAB diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -177,7 +177,7 @@ export function requiredFieldsField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('customized w/o an upgrade (ABA diff case)', () => {
+    describe('customized without an upgrade (ABA diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -289,7 +289,7 @@ export function requiredFieldsField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('customized w/ the matching upgrade (ABB diff case)', () => {
+    describe('customized with the matching upgrade (ABB diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -401,7 +401,7 @@ export function requiredFieldsField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => {
+    describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -498,7 +498,7 @@ export function requiredFieldsField({ getService }: FtrProviderContext): void {
    });

    describe('without historical versions', () => {
-      describe('customized w/ the matching upgrade (-AA diff case)', () => {
+      describe('customized with the matching upgrade (-AA diff case)', () => {
        const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
          installed: {
            type: 'query',
@ -564,7 +564,7 @@ export function requiredFieldsField({ getService }: FtrProviderContext): void {
        );
      });

-      describe('customized w/ an upgrade (-AB diff case)', () => {
+      describe('customized with an upgrade (-AB diff case)', () => {
        const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
          installed: {
            type: 'query',
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/risk_score.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/risk_score.ts
@ -16,7 +16,7 @@ import {

 export function riskScoreField({ getService }: FtrProviderContext): void {
  describe('"risk_score"', () => {
-    describe('non-customized w/o an upgrade (AAA diff case)', () => {
+    describe('non-customized without an upgrade (AAA diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -49,7 +49,7 @@ export function riskScoreField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('non-customized w/ an upgrade (AAB diff case)', () => {
+    describe('non-customized with an upgrade (AAB diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -97,7 +97,7 @@ export function riskScoreField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('customized w/o an upgrade (ABA diff case)', () => {
+    describe('customized without an upgrade (ABA diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -147,7 +147,7 @@ export function riskScoreField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('customized w/ the matching upgrade (ABB diff case)', () => {
+    describe('customized with the matching upgrade (ABB diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -197,7 +197,7 @@ export function riskScoreField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => {
+    describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -240,7 +240,7 @@ export function riskScoreField({ getService }: FtrProviderContext): void {
    });

    describe('without historical versions', () => {
-      describe('customized w/ the matching upgrade (-AA diff case)', () => {
+      describe('customized with the matching upgrade (-AA diff case)', () => {
        const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
          installed: {
            type: 'query',
@ -276,7 +276,7 @@ export function riskScoreField({ getService }: FtrProviderContext): void {
        );
      });

-      describe('customized w/ an upgrade (-AB diff case)', () => {
+      describe('customized with an upgrade (-AB diff case)', () => {
        const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
          installed: {
            type: 'query',
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/risk_score_mapping.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/risk_score_mapping.ts
@ -16,7 +16,7 @@ import {

 export function riskScoreMappingField({ getService }: FtrProviderContext): void {
  describe('"risk_score_mapping"', () => {
-    describe('non-customized w/o an upgrade (AAA diff case)', () => {
+    describe('non-customized without an upgrade (AAA diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -79,7 +79,7 @@ export function riskScoreMappingField({ getService }: FtrProviderContext): void
      );
    });

-    describe('non-customized w/ an upgrade (AAB diff case)', () => {
+    describe('non-customized with an upgrade (AAB diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -194,7 +194,7 @@ export function riskScoreMappingField({ getService }: FtrProviderContext): void
      );
    });

-    describe('customized w/o an upgrade (ABA diff case)', () => {
+    describe('customized without an upgrade (ABA diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -318,7 +318,7 @@ export function riskScoreMappingField({ getService }: FtrProviderContext): void
      );
    });

-    describe('customized w/ the matching upgrade (ABB diff case)', () => {
+    describe('customized with the matching upgrade (ABB diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -442,7 +442,7 @@ export function riskScoreMappingField({ getService }: FtrProviderContext): void
      );
    });

-    describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => {
+    describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -550,7 +550,7 @@ export function riskScoreMappingField({ getService }: FtrProviderContext): void
    });

    describe('without historical versions', () => {
-      describe('customized w/ the matching upgrade (-AA diff case)', () => {
+      describe('customized with the matching upgrade (-AA diff case)', () => {
        const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
          installed: {
            type: 'query',
@ -623,7 +623,7 @@ export function riskScoreMappingField({ getService }: FtrProviderContext): void
        );
      });

-      describe('customized w/ an upgrade (-AB diff case)', () => {
+      describe('customized with an upgrade (-AB diff case)', () => {
        const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
          installed: {
            type: 'query',
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/rule_name_override.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/rule_name_override.ts
@ -16,7 +16,7 @@ import {

 export function ruleNameOverrideField({ getService }: FtrProviderContext): void {
  describe('"rule_name_override"', () => {
-    describe('non-customized w/o an upgrade (AAA diff case)', () => {
+    describe('non-customized without an upgrade (AAA diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -49,7 +49,7 @@ export function ruleNameOverrideField({ getService }: FtrProviderContext): void
      );
    });

-    describe('non-customized w/ an upgrade (AAB diff case)', () => {
+    describe('non-customized with an upgrade (AAB diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -97,7 +97,7 @@ export function ruleNameOverrideField({ getService }: FtrProviderContext): void
      );
    });

-    describe('customized w/o an upgrade (ABA diff case)', () => {
+    describe('customized without an upgrade (ABA diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -147,7 +147,7 @@ export function ruleNameOverrideField({ getService }: FtrProviderContext): void
      );
    });

-    describe('customized w/ the matching upgrade (ABB diff case)', () => {
+    describe('customized with the matching upgrade (ABB diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -197,7 +197,7 @@ export function ruleNameOverrideField({ getService }: FtrProviderContext): void
      );
    });

-    describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => {
+    describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -240,7 +240,7 @@ export function ruleNameOverrideField({ getService }: FtrProviderContext): void
    });

    describe('without historical versions', () => {
-      describe('customized w/ the matching upgrade (-AA diff case)', () => {
+      describe('customized with the matching upgrade (-AA diff case)', () => {
        const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
          installed: {
            type: 'query',
@ -276,7 +276,7 @@ export function ruleNameOverrideField({ getService }: FtrProviderContext): void
        );
      });

-      describe('customized w/ an upgrade (-AB diff case)', () => {
+      describe('customized with an upgrade (-AB diff case)', () => {
        const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
          installed: {
            type: 'query',
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/rule_schedule.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/rule_schedule.ts
@ -16,7 +16,7 @@ import {

 export function ruleScheduleField({ getService }: FtrProviderContext): void {
  describe('"rule_schedule"', () => {
-    describe('non-customized w/o an upgrade (AAA diff case)', () => {
+    describe('non-customized without an upgrade (AAA diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -57,7 +57,7 @@ export function ruleScheduleField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('non-customized w/ an upgrade (AAB diff case)', () => {
+    describe('non-customized with an upgrade (AAB diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -129,7 +129,7 @@ export function ruleScheduleField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('customized w/o an upgrade (ABA diff case)', () => {
+    describe('customized without an upgrade (ABA diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -204,7 +204,7 @@ export function ruleScheduleField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('customized w/ the matching upgrade (ABB diff case)', () => {
+    describe('customized with the matching upgrade (ABB diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -278,7 +278,7 @@ export function ruleScheduleField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => {
+    describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -345,7 +345,7 @@ export function ruleScheduleField({ getService }: FtrProviderContext): void {
    });

    describe('without historical versions', () => {
-      describe('customized w/ the matching upgrade (-AA diff case)', () => {
+      describe('customized with the matching upgrade (-AA diff case)', () => {
        const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
          installed: {
            type: 'query',
@ -389,7 +389,7 @@ export function ruleScheduleField({ getService }: FtrProviderContext): void {
        );
      });

-      describe('customized w/ an upgrade (-AB diff case)', () => {
+      describe('customized with an upgrade (-AB diff case)', () => {
        const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
          installed: {
            type: 'query',
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/setup.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/setup.ts
@ -16,7 +16,7 @@ import {

 export function setupField({ getService }: FtrProviderContext): void {
  describe('"setup"', () => {
-    describe('non-customized w/o an upgrade (AAA diff case)', () => {
+    describe('non-customized without an upgrade (AAA diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -49,7 +49,7 @@ export function setupField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('non-customized w/ an upgrade (AAB diff case)', () => {
+    describe('non-customized with an upgrade (AAB diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -97,7 +97,7 @@ export function setupField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('customized w/o an upgrade (ABA diff case)', () => {
+    describe('customized without an upgrade (ABA diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -147,7 +147,7 @@ export function setupField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('customized w/ the matching upgrade (ABB diff case)', () => {
+    describe('customized with the matching upgrade (ABB diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -197,7 +197,7 @@ export function setupField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('customized w/ an upgrade resulting in a conflict (ABC diff case, solvable conflict)', () => {
+    describe('customized with an upgrade resulting in a conflict (ABC diff case, solvable conflict)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -240,7 +240,7 @@ export function setupField({ getService }: FtrProviderContext): void {
    });

    describe('without historical versions', () => {
-      describe('customized w/ the matching upgrade (-AA diff case)', () => {
+      describe('customized with the matching upgrade (-AA diff case)', () => {
        const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
          installed: {
            type: 'query',
@ -276,7 +276,7 @@ export function setupField({ getService }: FtrProviderContext): void {
        );
      });

-      describe('customized w/ an upgrade (-AB diff case)', () => {
+      describe('customized with an upgrade (-AB diff case)', () => {
        const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
          installed: {
            type: 'query',
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/severity.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/severity.ts
@ -16,7 +16,7 @@ import {

 export function severityField({ getService }: FtrProviderContext): void {
  describe('"severity"', () => {
-    describe('non-customized w/o an upgrade (AAA diff case)', () => {
+    describe('non-customized without an upgrade (AAA diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -49,7 +49,7 @@ export function severityField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('non-customized w/ an upgrade (AAB diff case)', () => {
+    describe('non-customized with an upgrade (AAB diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -97,7 +97,7 @@ export function severityField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('customized w/o an upgrade (ABA diff case)', () => {
+    describe('customized without an upgrade (ABA diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -147,7 +147,7 @@ export function severityField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('customized w/ the matching upgrade (ABB diff case)', () => {
+    describe('customized with the matching upgrade (ABB diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -197,7 +197,7 @@ export function severityField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => {
+    describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -240,7 +240,7 @@ export function severityField({ getService }: FtrProviderContext): void {
    });

    describe('without historical versions', () => {
-      describe('customized w/ the matching upgrade (-AA diff case)', () => {
+      describe('customized with the matching upgrade (-AA diff case)', () => {
        const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
          installed: {
            type: 'query',
@ -276,7 +276,7 @@ export function severityField({ getService }: FtrProviderContext): void {
        );
      });

-      describe('customized w/ an upgrade (-AB diff case)', () => {
+      describe('customized with an upgrade (-AB diff case)', () => {
        const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
          installed: {
            type: 'query',
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/severity_mapping.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/severity_mapping.ts
@ -16,7 +16,7 @@ import {

 export function severityMappingField({ getService }: FtrProviderContext): void {
  describe('"severity_mapping"', () => {
-    describe('non-customized w/o an upgrade (AAA diff case)', () => {
+    describe('non-customized without an upgrade (AAA diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -79,7 +79,7 @@ export function severityMappingField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('non-customized w/ an upgrade (AAB diff case)', () => {
+    describe('non-customized with an upgrade (AAB diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -194,7 +194,7 @@ export function severityMappingField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('customized w/o an upgrade (ABA diff case)', () => {
+    describe('customized without an upgrade (ABA diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -318,7 +318,7 @@ export function severityMappingField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('customized w/ the matching upgrade (ABB diff case)', () => {
+    describe('customized with the matching upgrade (ABB diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -442,7 +442,7 @@ export function severityMappingField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => {
+    describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -550,7 +550,7 @@ export function severityMappingField({ getService }: FtrProviderContext): void {
    });

    describe('without historical versions', () => {
-      describe('customized w/ the matching upgrade (-AA diff case)', () => {
+      describe('customized with the matching upgrade (-AA diff case)', () => {
        const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
          installed: {
            type: 'query',
@ -623,7 +623,7 @@ export function severityMappingField({ getService }: FtrProviderContext): void {
        );
      });

-      describe('customized w/ an upgrade (-AB diff case)', () => {
+      describe('customized with an upgrade (-AB diff case)', () => {
        const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
          installed: {
            type: 'query',
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/tags.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/tags.ts
@ -16,7 +16,7 @@ import {

 export function tagsField({ getService }: FtrProviderContext): void {
  describe('"tags"', () => {
-    describe('non-customized w/o an upgrade (AAA diff case)', () => {
+    describe('non-customized without an upgrade (AAA diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -49,7 +49,7 @@ export function tagsField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('non-customized w/ an upgrade (AAB diff case)', () => {
+    describe('non-customized with an upgrade (AAB diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -97,7 +97,7 @@ export function tagsField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('customized w/o an upgrade (ABA diff case)', () => {
+    describe('customized without an upgrade (ABA diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -147,7 +147,7 @@ export function tagsField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('customized w/ the matching upgrade (ABB diff case)', () => {
+    describe('customized with the matching upgrade (ABB diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -197,7 +197,7 @@ export function tagsField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('customized w/ an upgrade resulting in a conflict (ABC diff case, solvable conflict)', () => {
+    describe('customized with an upgrade resulting in a conflict (ABC diff case, solvable conflict)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -240,7 +240,7 @@ export function tagsField({ getService }: FtrProviderContext): void {
    });

    describe('without historical versions', () => {
-      describe('customized w/ the matching upgrade (-AA diff case)', () => {
+      describe('customized with the matching upgrade (-AA diff case)', () => {
        const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
          installed: {
            type: 'query',
@ -276,7 +276,7 @@ export function tagsField({ getService }: FtrProviderContext): void {
        );
      });

-      describe('customized w/ an upgrade (-AB diff case)', () => {
+      describe('customized with an upgrade (-AB diff case)', () => {
        const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
          installed: {
            type: 'query',
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/threat.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/threat.ts
@ -16,7 +16,7 @@ import {

 export function threatField({ getService }: FtrProviderContext): void {
  describe('"threat"', () => {
-    describe('non-customized w/o an upgrade (AAA diff case)', () => {
+    describe('non-customized without an upgrade (AAA diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -87,7 +87,7 @@ export function threatField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('non-customized w/ an upgrade (AAB diff case)', () => {
+    describe('non-customized with an upgrade (AAB diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -220,7 +220,7 @@ export function threatField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('customized w/o an upgrade (ABA diff case)', () => {
+    describe('customized without an upgrade (ABA diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -364,7 +364,7 @@ export function threatField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('customized w/ the matching upgrade (ABB diff case)', () => {
+    describe('customized with the matching upgrade (ABB diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -508,7 +508,7 @@ export function threatField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => {
+    describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -634,7 +634,7 @@ export function threatField({ getService }: FtrProviderContext): void {
    });

    describe('without historical versions', () => {
-      describe('customized w/ the matching upgrade (-AA diff case)', () => {
+      describe('customized with the matching upgrade (-AA diff case)', () => {
        const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
          installed: {
            type: 'query',
@ -717,7 +717,7 @@ export function threatField({ getService }: FtrProviderContext): void {
        );
      });

-      describe('customized w/ an upgrade (-AB diff case)', () => {
+      describe('customized with an upgrade (-AB diff case)', () => {
        const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
          installed: {
            type: 'query',
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/timeline_template.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/timeline_template.ts
@ -16,7 +16,7 @@ import {

 export function timelineTemplateField({ getService }: FtrProviderContext): void {
  describe('"timeline_template"', () => {
-    describe('non-customized w/o an upgrade (AAA diff case)', () => {
+    describe('non-customized without an upgrade (AAA diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -54,7 +54,7 @@ export function timelineTemplateField({ getService }: FtrProviderContext): void
      );
    });

-    describe('non-customized w/ an upgrade (AAB diff case)', () => {
+    describe('non-customized with an upgrade (AAB diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -107,7 +107,7 @@ export function timelineTemplateField({ getService }: FtrProviderContext): void
      );
    });

-    describe('customized w/o an upgrade (ABA diff case)', () => {
+    describe('customized without an upgrade (ABA diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -163,7 +163,7 @@ export function timelineTemplateField({ getService }: FtrProviderContext): void
      );
    });

-    describe('customized w/ the matching upgrade (ABB diff case)', () => {
+    describe('customized with the matching upgrade (ABB diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -219,7 +219,7 @@ export function timelineTemplateField({ getService }: FtrProviderContext): void
      );
    });

-    describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => {
+    describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -268,7 +268,7 @@ export function timelineTemplateField({ getService }: FtrProviderContext): void
    });

    describe('without historical versions', () => {
-      describe('customized w/ the matching upgrade (-AA diff case)', () => {
+      describe('customized with the matching upgrade (-AA diff case)', () => {
        const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
          installed: {
            type: 'query',
@ -310,7 +310,7 @@ export function timelineTemplateField({ getService }: FtrProviderContext): void
        );
      });

-      describe('customized w/ an upgrade (-AB diff case)', () => {
+      describe('customized with an upgrade (-AB diff case)', () => {
        const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
          installed: {
            type: 'query',
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/timestamp_override.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/timestamp_override.ts
@ -16,7 +16,7 @@ import {

 export function timestampOverrideField({ getService }: FtrProviderContext): void {
  describe('"timestamp_override"', () => {
-    describe('non-customized w/o an upgrade (AAA diff case)', () => {
+    describe('non-customized without an upgrade (AAA diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -49,7 +49,7 @@ export function timestampOverrideField({ getService }: FtrProviderContext): void
      );
    });

-    describe('non-customized w/ an upgrade (AAB diff case)', () => {
+    describe('non-customized with an upgrade (AAB diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -97,7 +97,7 @@ export function timestampOverrideField({ getService }: FtrProviderContext): void
      );
    });

-    describe('customized w/o an upgrade (ABA diff case)', () => {
+    describe('customized without an upgrade (ABA diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -147,7 +147,7 @@ export function timestampOverrideField({ getService }: FtrProviderContext): void
      );
    });

-    describe('customized w/ the matching upgrade (ABB diff case)', () => {
+    describe('customized with the matching upgrade (ABB diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -197,7 +197,7 @@ export function timestampOverrideField({ getService }: FtrProviderContext): void
      );
    });

-    describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => {
+    describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'query',
@ -240,7 +240,7 @@ export function timestampOverrideField({ getService }: FtrProviderContext): void
    });

    describe('without historical versions', () => {
-      describe('customized w/ the matching upgrade (-AA diff case)', () => {
+      describe('customized with the matching upgrade (-AA diff case)', () => {
        const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
          installed: {
            type: 'query',
@ -276,7 +276,7 @@ export function timestampOverrideField({ getService }: FtrProviderContext): void
        );
      });

-      describe('customized w/ an upgrade (-AB diff case)', () => {
+      describe('customized with an upgrade (-AB diff case)', () => {
        const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
          installed: {
            type: 'query',
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/test_helpers.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/test_helpers.ts
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/anomaly_threshold.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/anomaly_threshold.ts
@ -16,7 +16,7 @@ import {

 export function anomalyThresholdField({ getService }: FtrProviderContext): void {
  describe('"anomaly_threshold"', () => {
-    describe('non-customized w/o an upgrade (AAA diff case)', () => {
+    describe('non-customized without an upgrade (AAA diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'machine_learning',
@ -49,7 +49,7 @@ export function anomalyThresholdField({ getService }: FtrProviderContext): void
      );
    });

-    describe('non-customized w/ an upgrade (AAB diff case)', () => {
+    describe('non-customized with an upgrade (AAB diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'machine_learning',
@ -97,7 +97,7 @@ export function anomalyThresholdField({ getService }: FtrProviderContext): void
      );
    });

-    describe('customized w/o an upgrade (ABA diff case)', () => {
+    describe('customized without an upgrade (ABA diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'machine_learning',
@ -148,7 +148,7 @@ export function anomalyThresholdField({ getService }: FtrProviderContext): void
      );
    });

-    describe('customized w/ the matching upgrade (ABB diff case)', () => {
+    describe('customized with the matching upgrade (ABB diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'machine_learning',
@ -199,7 +199,7 @@ export function anomalyThresholdField({ getService }: FtrProviderContext): void
      );
    });

-    describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => {
+    describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'machine_learning',
@ -243,7 +243,7 @@ export function anomalyThresholdField({ getService }: FtrProviderContext): void
    });

    describe('without historical versions', () => {
-      describe('customized w/ the matching upgrade (-AA diff case)', () => {
+      describe('customized with the matching upgrade (-AA diff case)', () => {
        const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
          installed: {
            type: 'machine_learning',
@ -280,7 +280,7 @@ export function anomalyThresholdField({ getService }: FtrProviderContext): void
        );
      });

-      describe('customized w/ an upgrade (-AB diff case)', () => {
+      describe('customized with an upgrade (-AB diff case)', () => {
        const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
          installed: {
            type: 'machine_learning',
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/configs/ess.config.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/configs/ess.config.ts
@ -9,7 +9,7 @@ import { FtrConfigProviderContext } from '@kbn/test';

 export default async function ({ readConfigFile }: FtrConfigProviderContext) {
  const functionalConfig = await readConfigFile(
-    require.resolve('../../../../../../../../../config/ess/config.base.trial')
+    require.resolve('../../../../../../../../../config/ess/config.base.trial.ts')
  );

  const testConfig = {
@ -17,7 +17,7 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) {
    testFiles: [require.resolve('..')],
    junit: {
      reportName:
-        'Rules Management - Prebuilt Rule Customization Enabled Per Field Integration Tests - ESS Env',
+        'Rules Management - Prebuilt Rule (Customization Enabled) Per Field Integration Tests - ESS Env',
    },
  };

--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/configs/serverless.config.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/configs/serverless.config.ts
@ -11,6 +11,6 @@ export default createTestConfig({
  testFiles: [require.resolve('..')],
  junit: {
    reportName:
-      'Rules Management - Prebuilt Rule Customization Enabled Per Field Integration Tests - Serverless Env',
+      'Rules Management - Prebuilt Rule (Customization Enabled) Per Field Integration Tests - Serverless Env',
  },
 });
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/eql_query.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/eql_query.ts
@ -16,7 +16,7 @@ import {

 export function eqlQueryField({ getService }: FtrProviderContext): void {
  describe('"eql_query"', () => {
-    describe('non-customized w/o an upgrade (AAA diff case)', () => {
+    describe('non-customized without an upgrade (AAA diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'eql',
@ -58,7 +58,7 @@ export function eqlQueryField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('non-customized w/ an upgrade (AAB diff case)', () => {
+    describe('non-customized with an upgrade (AAB diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'eql',
@ -134,7 +134,7 @@ export function eqlQueryField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('customized w/o an upgrade (ABA diff case)', () => {
+    describe('customized without an upgrade (ABA diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'eql',
@ -212,7 +212,7 @@ export function eqlQueryField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('customized w/ the matching upgrade (ABB diff case)', () => {
+    describe('customized with the matching upgrade (ABB diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'eql',
@ -290,7 +290,7 @@ export function eqlQueryField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => {
+    describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'eql',
@ -358,7 +358,7 @@ export function eqlQueryField({ getService }: FtrProviderContext): void {
    });

    describe('without historical versions', () => {
-      describe('customized w/ the matching upgrade (-AA diff case)', () => {
+      describe('customized with the matching upgrade (-AA diff case)', () => {
        const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
          installed: {
            type: 'eql',
@ -403,7 +403,7 @@ export function eqlQueryField({ getService }: FtrProviderContext): void {
        );
      });

-      describe('customized w/ an upgrade (-AB diff case)', () => {
+      describe('customized with an upgrade (-AB diff case)', () => {
        const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
          installed: {
            type: 'eql',
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/esql_query.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/esql_query.ts
@ -16,7 +16,7 @@ import {

 export function esqlQueryField({ getService }: FtrProviderContext): void {
  describe('"esql_query"', () => {
-    describe('non-customized w/o an upgrade (AAA diff case)', () => {
+    describe('non-customized without an upgrade (AAA diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'esql',
@ -51,7 +51,7 @@ export function esqlQueryField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('non-customized w/ an upgrade (AAB diff case)', () => {
+    describe('non-customized with an upgrade (AAB diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'esql',
@ -113,7 +113,7 @@ export function esqlQueryField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('customized w/o an upgrade (ABA diff case)', () => {
+    describe('customized without an upgrade (ABA diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'esql',
@ -179,7 +179,7 @@ export function esqlQueryField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('customized w/ the matching upgrade (ABB diff case)', () => {
+    describe('customized with the matching upgrade (ABB diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'esql',
@ -245,7 +245,7 @@ export function esqlQueryField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => {
+    describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'esql',
@ -304,7 +304,7 @@ export function esqlQueryField({ getService }: FtrProviderContext): void {
    });

    describe('without historical versions', () => {
-      describe('customized w/ the matching upgrade (-AA diff case)', () => {
+      describe('customized with the matching upgrade (-AA diff case)', () => {
        const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
          installed: {
            type: 'esql',
@ -344,7 +344,7 @@ export function esqlQueryField({ getService }: FtrProviderContext): void {
        );
      });

-      describe('customized w/ an upgrade (-AB diff case)', () => {
+      describe('customized with an upgrade (-AB diff case)', () => {
        const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
          installed: {
            type: 'esql',
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/history_window_start.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/history_window_start.ts
@ -16,7 +16,7 @@ import {

 export function historyWindowStartField({ getService }: FtrProviderContext): void {
  describe('"history_window_start"', () => {
-    describe('non-customized w/o an upgrade (AAA diff case)', () => {
+    describe('non-customized without an upgrade (AAA diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'new_terms',
@ -49,7 +49,7 @@ export function historyWindowStartField({ getService }: FtrProviderContext): voi
      );
    });

-    describe('non-customized w/ an upgrade (AAB diff case)', () => {
+    describe('non-customized with an upgrade (AAB diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'new_terms',
@ -97,7 +97,7 @@ export function historyWindowStartField({ getService }: FtrProviderContext): voi
      );
    });

-    describe('customized w/o an upgrade (ABA diff case)', () => {
+    describe('customized without an upgrade (ABA diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'new_terms',
@ -148,7 +148,7 @@ export function historyWindowStartField({ getService }: FtrProviderContext): voi
      );
    });

-    describe('customized w/ the matching upgrade (ABB diff case)', () => {
+    describe('customized with the matching upgrade (ABB diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'new_terms',
@ -199,7 +199,7 @@ export function historyWindowStartField({ getService }: FtrProviderContext): voi
      );
    });

-    describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => {
+    describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'new_terms',
@ -243,7 +243,7 @@ export function historyWindowStartField({ getService }: FtrProviderContext): voi
    });

    describe('without historical versions', () => {
-      describe('customized w/ the matching upgrade (-AA diff case)', () => {
+      describe('customized with the matching upgrade (-AA diff case)', () => {
        const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
          installed: {
            type: 'new_terms',
@ -280,7 +280,7 @@ export function historyWindowStartField({ getService }: FtrProviderContext): voi
        );
      });

-      describe('customized w/ an upgrade (-AB diff case)', () => {
+      describe('customized with an upgrade (-AB diff case)', () => {
        const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
          installed: {
            type: 'new_terms',
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/index.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/index.ts
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/kql_query.inline_query.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/kql_query.inline_query.ts
@ -22,7 +22,7 @@ const RULE_TYPES = ['query', 'threat_match', 'threshold', 'new_terms'] as const;
 export function inlineQueryKqlQueryField({ getService }: FtrProviderContext): void {
  for (const ruleType of RULE_TYPES) {
    describe(`"kql_query" with inline query for ${ruleType} rule`, () => {
-      describe('non-customized w/o an upgrade (AAA diff case)', () => {
+      describe('non-customized without an upgrade (AAA diff case)', () => {
        describe('without filters', () => {
          const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
            installed: {
@ -145,7 +145,7 @@ export function inlineQueryKqlQueryField({ getService }: FtrProviderContext): vo
        });
      });

-      describe('non-customized w/ an upgrade (AAB diff case)', () => {
+      describe('non-customized with an upgrade (AAB diff case)', () => {
        const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
          installed: {
            type: ruleType,
@ -228,7 +228,7 @@ export function inlineQueryKqlQueryField({ getService }: FtrProviderContext): vo
        );
      });

-      describe('customized w/o an upgrade (ABA diff case)', () => {
+      describe('customized without an upgrade (ABA diff case)', () => {
        const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
          installed: {
            type: ruleType,
@ -334,7 +334,7 @@ export function inlineQueryKqlQueryField({ getService }: FtrProviderContext): vo
        );
      });

-      describe('customized w/ the matching upgrade (ABB diff case)', () => {
+      describe('customized with the matching upgrade (ABB diff case)', () => {
        const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
          installed: {
            type: ruleType,
@ -440,7 +440,7 @@ export function inlineQueryKqlQueryField({ getService }: FtrProviderContext): vo
        );
      });

-      describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => {
+      describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => {
        const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
          installed: {
            type: ruleType,
@ -539,7 +539,7 @@ export function inlineQueryKqlQueryField({ getService }: FtrProviderContext): vo
      });

      describe('without historical versions', () => {
-        describe('customized w/ the matching upgrade (-AA diff case)', () => {
+        describe('customized with the matching upgrade (-AA diff case)', () => {
          const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
            installed: {
              type: ruleType,
@ -611,7 +611,7 @@ export function inlineQueryKqlQueryField({ getService }: FtrProviderContext): vo
          );
        });

-        describe('customized w/ an upgrade (-AB diff case)', () => {
+        describe('customized with an upgrade (-AB diff case)', () => {
          const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
            installed: {
              type: ruleType,
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/kql_query.saved_query.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/kql_query.saved_query.ts
@ -21,7 +21,7 @@ import {

 export function savedQueryKqlQueryField({ getService }: FtrProviderContext): void {
  describe('"kql_query" with saved query', () => {
-    describe('non-customized w/o an upgrade (AAA diff case)', () => {
+    describe('non-customized without an upgrade (AAA diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'saved_query',
@ -57,7 +57,7 @@ export function savedQueryKqlQueryField({ getService }: FtrProviderContext): voi
      );
    });

-    describe('non-customized w/ an upgrade (AAB diff case)', () => {
+    describe('non-customized with an upgrade (AAB diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'saved_query',
@ -116,7 +116,7 @@ export function savedQueryKqlQueryField({ getService }: FtrProviderContext): voi
      );
    });

-    describe('customized w/o an upgrade (ABA diff case)', () => {
+    describe('customized without an upgrade (ABA diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'saved_query',
@ -178,7 +178,7 @@ export function savedQueryKqlQueryField({ getService }: FtrProviderContext): voi
      );
    });

-    describe('customized w/ the matching upgrade (ABB diff case)', () => {
+    describe('customized with the matching upgrade (ABB diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'saved_query',
@ -240,7 +240,7 @@ export function savedQueryKqlQueryField({ getService }: FtrProviderContext): voi
      );
    });

-    describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => {
+    describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'saved_query',
@ -295,7 +295,7 @@ export function savedQueryKqlQueryField({ getService }: FtrProviderContext): voi
    });

    describe('without historical versions', () => {
-      describe('customized w/ the matching upgrade (-AA diff case)', () => {
+      describe('customized with the matching upgrade (-AA diff case)', () => {
        const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
          installed: {
            type: 'saved_query',
@ -335,7 +335,7 @@ export function savedQueryKqlQueryField({ getService }: FtrProviderContext): voi
        );
      });

-      describe('customized w/ an upgrade (-AB diff case)', () => {
+      describe('customized with an upgrade (-AB diff case)', () => {
        const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
          installed: {
            type: 'saved_query',
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/machine_learning_job_id.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/machine_learning_job_id.ts
@ -16,7 +16,7 @@ import {

 export function machineLearningJobIdField({ getService }: FtrProviderContext): void {
  describe('"machine_learning_job_id"', () => {
-    describe('non-customized w/o an upgrade (AAA diff case)', () => {
+    describe('non-customized without an upgrade (AAA diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'machine_learning',
@ -49,7 +49,7 @@ export function machineLearningJobIdField({ getService }: FtrProviderContext): v
      );
    });

-    describe('non-customized w/ an upgrade (AAB diff case)', () => {
+    describe('non-customized with an upgrade (AAB diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'machine_learning',
@ -97,7 +97,7 @@ export function machineLearningJobIdField({ getService }: FtrProviderContext): v
      );
    });

-    describe('customized w/o an upgrade (ABA diff case)', () => {
+    describe('customized without an upgrade (ABA diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'machine_learning',
@ -148,7 +148,7 @@ export function machineLearningJobIdField({ getService }: FtrProviderContext): v
      );
    });

-    describe('customized w/ the matching upgrade (ABB diff case)', () => {
+    describe('customized with the matching upgrade (ABB diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'machine_learning',
@ -199,7 +199,7 @@ export function machineLearningJobIdField({ getService }: FtrProviderContext): v
      );
    });

-    describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => {
+    describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'machine_learning',
@ -243,7 +243,7 @@ export function machineLearningJobIdField({ getService }: FtrProviderContext): v
    });

    describe('without historical versions', () => {
-      describe('customized w/ the matching upgrade (-AA diff case)', () => {
+      describe('customized with the matching upgrade (-AA diff case)', () => {
        const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
          installed: {
            type: 'machine_learning',
@ -280,7 +280,7 @@ export function machineLearningJobIdField({ getService }: FtrProviderContext): v
        );
      });

-      describe('customized w/ an upgrade (-AB diff case)', () => {
+      describe('customized with an upgrade (-AB diff case)', () => {
        const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
          installed: {
            type: 'machine_learning',
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/new_terms_fields.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/new_terms_fields.ts
@ -19,7 +19,7 @@ import {

 export function newTermsFieldsField({ getService }: FtrProviderContext): void {
  describe('"new_terms_fields"', () => {
-    describe('non-customized w/o an upgrade (AAA diff case)', () => {
+    describe('non-customized without an upgrade (AAA diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'new_terms',
@ -52,7 +52,7 @@ export function newTermsFieldsField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('non-customized w/ an upgrade (AAB diff case)', () => {
+    describe('non-customized with an upgrade (AAB diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'new_terms',
@ -100,7 +100,7 @@ export function newTermsFieldsField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('customized w/o an upgrade (ABA diff case)', () => {
+    describe('customized without an upgrade (ABA diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'new_terms',
@ -151,7 +151,7 @@ export function newTermsFieldsField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('customized w/ the matching upgrade (ABB diff case)', () => {
+    describe('customized with the matching upgrade (ABB diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'new_terms',
@ -202,7 +202,7 @@ export function newTermsFieldsField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('customized w/ an upgrade resulting in a conflict (ABC diff case, solvable conflict)', () => {
+    describe('customized with an upgrade resulting in a conflict (ABC diff case, solvable conflict)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'new_terms',
@ -246,7 +246,7 @@ export function newTermsFieldsField({ getService }: FtrProviderContext): void {
    });

    describe('without historical versions', () => {
-      describe('customized w/ the matching upgrade (-AA diff case)', () => {
+      describe('customized with the matching upgrade (-AA diff case)', () => {
        const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
          installed: {
            type: 'new_terms',
@ -283,7 +283,7 @@ export function newTermsFieldsField({ getService }: FtrProviderContext): void {
        );
      });

-      describe('customized w/ an upgrade (-AB diff case)', () => {
+      describe('customized with an upgrade (-AB diff case)', () => {
        const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
          installed: {
            type: 'new_terms',
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/threat_index.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/threat_index.ts
@ -19,7 +19,7 @@ import {

 export function threatIndexField({ getService }: FtrProviderContext): void {
  describe('"threat_index"', () => {
-    describe('non-customized w/o an upgrade (AAA diff case)', () => {
+    describe('non-customized without an upgrade (AAA diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'threat_match',
@ -52,7 +52,7 @@ export function threatIndexField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('non-customized w/ an upgrade (AAB diff case)', () => {
+    describe('non-customized with an upgrade (AAB diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'threat_match',
@ -100,7 +100,7 @@ export function threatIndexField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('customized w/o an upgrade (ABA diff case)', () => {
+    describe('customized without an upgrade (ABA diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'threat_match',
@ -151,7 +151,7 @@ export function threatIndexField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('customized w/ the matching upgrade (ABB diff case)', () => {
+    describe('customized with the matching upgrade (ABB diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'threat_match',
@ -202,7 +202,7 @@ export function threatIndexField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('customized w/ an upgrade resulting in a conflict (ABC diff case, solvable conflict)', () => {
+    describe('customized with an upgrade resulting in a conflict (ABC diff case, solvable conflict)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'threat_match',
@ -246,7 +246,7 @@ export function threatIndexField({ getService }: FtrProviderContext): void {
    });

    describe('without historical versions', () => {
-      describe('customized w/ the matching upgrade (-AA diff case)', () => {
+      describe('customized with the matching upgrade (-AA diff case)', () => {
        const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
          installed: {
            type: 'threat_match',
@ -283,7 +283,7 @@ export function threatIndexField({ getService }: FtrProviderContext): void {
        );
      });

-      describe('customized w/ an upgrade (-AB diff case)', () => {
+      describe('customized with an upgrade (-AB diff case)', () => {
        const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
          installed: {
            type: 'threat_match',
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/threat_indicator_path.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/threat_indicator_path.ts
@ -16,7 +16,7 @@ import {

 export function threatIndicatorPathField({ getService }: FtrProviderContext): void {
  describe('"threat_indicator_path"', () => {
-    describe('non-customized w/o an upgrade (AAA diff case)', () => {
+    describe('non-customized without an upgrade (AAA diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'threat_match',
@ -49,7 +49,7 @@ export function threatIndicatorPathField({ getService }: FtrProviderContext): vo
      );
    });

-    describe('non-customized w/ an upgrade (AAB diff case)', () => {
+    describe('non-customized with an upgrade (AAB diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'threat_match',
@ -97,7 +97,7 @@ export function threatIndicatorPathField({ getService }: FtrProviderContext): vo
      );
    });

-    describe('customized w/o an upgrade (ABA diff case)', () => {
+    describe('customized without an upgrade (ABA diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'threat_match',
@ -148,7 +148,7 @@ export function threatIndicatorPathField({ getService }: FtrProviderContext): vo
      );
    });

-    describe('customized w/ the matching upgrade (ABB diff case)', () => {
+    describe('customized with the matching upgrade (ABB diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'threat_match',
@ -199,7 +199,7 @@ export function threatIndicatorPathField({ getService }: FtrProviderContext): vo
      );
    });

-    describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => {
+    describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'threat_match',
@ -243,7 +243,7 @@ export function threatIndicatorPathField({ getService }: FtrProviderContext): vo
    });

    describe('without historical versions', () => {
-      describe('customized w/ the matching upgrade (-AA diff case)', () => {
+      describe('customized with the matching upgrade (-AA diff case)', () => {
        const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
          installed: {
            type: 'threat_match',
@ -280,7 +280,7 @@ export function threatIndicatorPathField({ getService }: FtrProviderContext): vo
        );
      });

-      describe('customized w/ an upgrade (-AB diff case)', () => {
+      describe('customized with an upgrade (-AB diff case)', () => {
        const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
          installed: {
            type: 'threat_match',
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/threat_mapping.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/threat_mapping.ts
@ -16,7 +16,7 @@ import {

 export function threatMappingField({ getService }: FtrProviderContext): void {
  describe('"threat_mapping"', () => {
-    describe('non-customized w/o an upgrade (AAA diff case)', () => {
+    describe('non-customized without an upgrade (AAA diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'threat_match',
@ -55,7 +55,7 @@ export function threatMappingField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('non-customized w/ an upgrade (AAB diff case)', () => {
+    describe('non-customized with an upgrade (AAB diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'threat_match',
@ -111,7 +111,7 @@ export function threatMappingField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('customized w/o an upgrade (ABA diff case)', () => {
+    describe('customized without an upgrade (ABA diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'threat_match',
@ -170,7 +170,7 @@ export function threatMappingField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('customized w/ the matching upgrade (ABB diff case)', () => {
+    describe('customized with the matching upgrade (ABB diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'threat_match',
@ -229,7 +229,7 @@ export function threatMappingField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => {
+    describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'threat_match',
@ -279,7 +279,7 @@ export function threatMappingField({ getService }: FtrProviderContext): void {
    });

    describe('without historical versions', () => {
-      describe('customized w/ the matching upgrade (-AA diff case)', () => {
+      describe('customized with the matching upgrade (-AA diff case)', () => {
        const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
          installed: {
            type: 'threat_match',
@ -322,7 +322,7 @@ export function threatMappingField({ getService }: FtrProviderContext): void {
        );
      });

-      describe('customized w/ an upgrade (-AB diff case)', () => {
+      describe('customized with an upgrade (-AB diff case)', () => {
        const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
          installed: {
            type: 'threat_match',
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/threat_query.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/threat_query.ts
@ -19,7 +19,7 @@ import {

 export function threatQueryField({ getService }: FtrProviderContext): void {
  describe('"threat_query"', () => {
-    describe('non-customized w/o an upgrade (AAA diff case)', () => {
+    describe('non-customized without an upgrade (AAA diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'threat_match',
@ -57,7 +57,7 @@ export function threatQueryField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('non-customized w/ an upgrade (AAB diff case)', () => {
+    describe('non-customized with an upgrade (AAB diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'threat_match',
@ -133,7 +133,7 @@ export function threatQueryField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('customized w/o an upgrade (ABA diff case)', () => {
+    describe('customized without an upgrade (ABA diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'threat_match',
@ -212,7 +212,7 @@ export function threatQueryField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('customized w/ the matching upgrade (ABB diff case)', () => {
+    describe('customized with the matching upgrade (ABB diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'threat_match',
@ -291,7 +291,7 @@ export function threatQueryField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => {
+    describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'threat_match',
@ -360,7 +360,7 @@ export function threatQueryField({ getService }: FtrProviderContext): void {
    });

    describe('without historical versions', () => {
-      describe('customized w/ the matching upgrade (-AA diff case)', () => {
+      describe('customized with the matching upgrade (-AA diff case)', () => {
        const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
          installed: {
            type: 'threat_match',
@ -402,7 +402,7 @@ export function threatQueryField({ getService }: FtrProviderContext): void {
        );
      });

-      describe('customized w/ an upgrade (-AB diff case)', () => {
+      describe('customized with an upgrade (-AB diff case)', () => {
        const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
          installed: {
            type: 'threat_match',
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/threshold.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/threshold.ts
@ -16,7 +16,7 @@ import {

 export function thresholdField({ getService }: FtrProviderContext): void {
  describe('"threshold"', () => {
-    describe('non-customized w/o an upgrade (AAA diff case)', () => {
+    describe('non-customized without an upgrade (AAA diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'threshold',
@ -49,7 +49,7 @@ export function thresholdField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('non-customized w/ an upgrade (AAB diff case)', () => {
+    describe('non-customized with an upgrade (AAB diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'threshold',
@ -97,7 +97,7 @@ export function thresholdField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('customized w/o an upgrade (ABA diff case)', () => {
+    describe('customized without an upgrade (ABA diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'threshold',
@ -148,7 +148,7 @@ export function thresholdField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('customized w/ the matching upgrade (ABB diff case)', () => {
+    describe('customized with the matching upgrade (ABB diff case)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'threshold',
@ -199,7 +199,7 @@ export function thresholdField({ getService }: FtrProviderContext): void {
      );
    });

-    describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => {
+    describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => {
      const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
        installed: {
          type: 'threshold',
@ -243,7 +243,7 @@ export function thresholdField({ getService }: FtrProviderContext): void {
    });

    describe('without historical versions', () => {
-      describe('customized w/ the matching upgrade (-AA diff case)', () => {
+      describe('customized with the matching upgrade (-AA diff case)', () => {
        const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
          installed: {
            type: 'threshold',
@ -280,7 +280,7 @@ export function thresholdField({ getService }: FtrProviderContext): void {
        );
      });

-      describe('customized w/ an upgrade (-AB diff case)', () => {
+      describe('customized with an upgrade (-AB diff case)', () => {
        const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = {
          installed: {
            type: 'threshold',
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/index.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/index.ts
@ -8,10 +8,10 @@
 import { FtrProviderContext } from '../../../../../../ftr_provider_context';

 export default ({ loadTestFile }: FtrProviderContext): void => {
-  describe('Rules Management - Prebuilt Rules - Prebuilt Rule Customization Disabled', function () {
-    this.tags('skipFIPS');
-    loadTestFile(require.resolve('./is_customized_calculation'));
-    loadTestFile(require.resolve('./upgrade_perform_prebuilt_rules'));
-    loadTestFile(require.resolve('./rules_export/export_prebuilt_rules'));
+  describe('Upgrade prebuilt rules', function () {
+    loadTestFile(require.resolve('./review_prebuilt_rules_upgrade'));
+    loadTestFile(require.resolve('./bulk_upgrade_all_prebuilt_rules'));
+    loadTestFile(require.resolve('./bulk_upgrade_selected_prebuilt_rules'));
+    loadTestFile(require.resolve('./upgrade_single_prebuilt_rule'));
  });
 };
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/preview_prebuilt_rules_upgrade.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/preview_prebuilt_rules_upgrade.ts
@ -18,14 +18,13 @@ export default ({ getService }: FtrProviderContext): void => {
  const es = getService('es');
  const supertest = getService('supertest');
  const log = getService('log');
-
  const deps = {
    es,
    supertest,
    log,
  };

-  describe('@ess @serverless @skipInServerlessMKI preview prebuilt rules upgrade', () => {
+  describe('@ess @serverless @skipInServerlessMKI review prebuilt rules upgrade', () => {
    beforeEach(async () => {
      await deleteAllRules(supertest, log);
      await deleteAllPrebuiltRuleAssets(es, log);
@ -190,7 +189,7 @@ export default ({ getService }: FtrProviderContext): void => {
              });
            });

-            it(`asserts "has_update" is ${!withHistoricalVersions} for customized fields w/o upgrades`, async () => {
+            it(`asserts "has_update" is ${!withHistoricalVersions} for customized fields without upgrades`, async () => {
              await setUpRuleUpgrade({
                assets: [
                  {
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/upgrade_prebuilt_rules/upgrade_single_prebuilt_rule.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/upgrade_prebuilt_rules/upgrade_single_prebuilt_rule.ts
@ -8,14 +8,19 @@
 import expect from 'expect';
 import type SuperTest from 'supertest';
 import { ModeEnum } from '@kbn/security-solution-plugin/common/api/detection_engine';
+import { deleteAllRules } from '../../../../../../../common/utils/security_solution';
 import {
  DEFAULT_TEST_RULE_ID,
  setUpRuleUpgrade,
-} from '../../../../../utils/rules/prebuilt_rules/set_up_rule_upgrade';
-import { FtrProviderContext } from '../../../../../../../ftr_provider_context';
-import { performUpgradePrebuiltRules, getWebHookAction } from '../../../../../utils';
+} from '../../../../utils/rules/prebuilt_rules/set_up_rule_upgrade';
+import { FtrProviderContext } from '../../../../../../ftr_provider_context';
+import {
+  deleteAllPrebuiltRuleAssets,
+  performUpgradePrebuiltRules,
+  getWebHookAction,
+} from '../../../../utils';

-export function upgradeSinglePrebuiltRule({ getService }: FtrProviderContext): void {
+export default ({ getService }: FtrProviderContext): void => {
  const es = getService('es');
  const supertest = getService('supertest');
  const log = getService('log');
@ -26,18 +31,23 @@ export function upgradeSinglePrebuiltRule({ getService }: FtrProviderContext): v
    log,
  };

-  const RULE_TYPES = [
-    'query',
-    'saved_query',
-    'eql',
-    'esql',
-    'threat_match',
-    'threshold',
-    'machine_learning',
-    'new_terms',
-  ] as const;
+  describe('@ess @serverless @skipInServerlessMKI Upgrade single prebuilt rule', () => {
+    beforeEach(async () => {
+      await deleteAllRules(supertest, log);
+      await deleteAllPrebuiltRuleAssets(es, log);
+    });
+
+    const RULE_TYPES = [
+      'query',
+      'saved_query',
+      'eql',
+      'esql',
+      'threat_match',
+      'threshold',
+      'machine_learning',
+      'new_terms',
+    ] as const;

-  describe('single rule', () => {
    for (const withHistoricalVersions of [true, false]) {
      describe(
        withHistoricalVersions ? 'with historical versions' : 'without historical versions',
@ -353,7 +363,7 @@ export function upgradeSinglePrebuiltRule({ getService }: FtrProviderContext): v
      );
    }
  });
-}
+};

 async function createAction(supertest: SuperTest.Agent) {
  const createConnector = async (payload: Record<string, unknown>) =>
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/large_prebuilt_rules_package/trial_license_complete_tier/configs/serverless.config.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/large_prebuilt_rules_package/trial_license_complete_tier/configs/serverless.config.ts
@ -1,37 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import path from 'path';
-import { createTestConfig } from '../../../../../../../config/serverless/config.base';
-
-export const BUNDLED_PACKAGE_DIR = path.join(
-  path.dirname(__filename),
-  './../fleet_bundled_packages/fixtures'
-);
-export default createTestConfig({
-  testFiles: [require.resolve('..')],
-  junit: {
-    reportName:
-      'Rules Management - Large Prebuilt Rules Package Installation Integration Tests - Serverless Env - Complete License',
-  },
-  kbnTestServerArgs: [
-    /*  Tests in this directory simulate an air-gapped environment in which the instance doesn't have access to EPR.
-     *  To do that, we point the Fleet url to an invalid URL, and instruct Fleet to fetch bundled packages at the
-     *  location defined in BUNDLED_PACKAGE_DIR.
-     *  Since we want to test the installation of a large package, we created a specific package `security_detection_engine-100.0.0`
-     *  which contains 15000 rules assets and 750 unique rules, and attempt to install it.
-     */
-    `--xpack.fleet.registryUrl=http://invalidURL:8080`,
-    `--xpack.fleet.developer.bundledPackageLocation=${BUNDLED_PACKAGE_DIR}`,
-  ],
-  kbnTestServerEnv: {
-    /*  Limit the heap memory to the lowest amount with which Kibana doesn't crash with an out of memory error
-     *  when installing the large package.
-     */
-    NODE_OPTIONS: '--max-old-space-size=800',
-  },
-});
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/configs/ess.config.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/configs/ess.config.ts
@ -1,23 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { FtrConfigProviderContext } from '@kbn/test';
-
-export default async function ({ readConfigFile }: FtrConfigProviderContext) {
-  const functionalConfig = await readConfigFile(
-    require.resolve('../../../../../../../config/ess/config.base.trial')
-  );
-
-  return {
-    ...functionalConfig.getAll(),
-    testFiles: [require.resolve('..')],
-    junit: {
-      reportName:
-        'Rules Management - Prebuilt Rules Management Integration Tests - ESS Env - Trial License',
-    },
-  };
-}
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/configs/serverless.config.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/configs/serverless.config.ts
@ -1,16 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { createTestConfig } from '../../../../../../../config/serverless/config.base';
-
-export default createTestConfig({
-  testFiles: [require.resolve('..')],
-  junit: {
-    reportName:
-      'Rules Management - Prebuilt Rules Management Integration Tests - Serverless Env - Complete License',
-  },
-});
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/index.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/index.ts
@ -1,19 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { FtrProviderContext } from '../../../../../../ftr_provider_context';
-
-export default ({ loadTestFile }: FtrProviderContext): void => {
-  describe('Rules Management - Prebuilt Rules - Prebuilt Rules Management', function () {
-    loadTestFile(require.resolve('./bootstrap_prebuilt_rules'));
-    loadTestFile(require.resolve('./get_prebuilt_rules_status'));
-    loadTestFile(require.resolve('./get_prebuilt_timelines_status'));
-    loadTestFile(require.resolve('./install_prebuilt_rules'));
-    loadTestFile(require.resolve('./install_prebuilt_rules_with_historical_versions'));
-    loadTestFile(require.resolve('./fleet_integration'));
-  });
-};
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/install_prebuilt_rules.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/install_prebuilt_rules.ts
@ -1,132 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-import expect from 'expect';
-import { FtrProviderContext } from '../../../../../../ftr_provider_context';
-import {
-  deleteAllTimelines,
-  deleteAllPrebuiltRuleAssets,
-  createRuleAssetSavedObject,
-  createPrebuiltRuleAssetSavedObjects,
-  installPrebuiltRulesAndTimelines,
-  getPrebuiltRulesAndTimelinesStatus,
-  getPrebuiltRulesStatus,
-  installPrebuiltRules,
-  getInstalledRules,
-} from '../../../../utils';
-import { deleteAllRules, deleteRule } from '../../../../../../../common/utils/security_solution';
-
-export default ({ getService }: FtrProviderContext): void => {
-  const es = getService('es');
-  const supertest = getService('supertest');
-  const log = getService('log');
-
-  describe('@ess @serverless @skipInServerlessMKI install prebuilt rules from package without historical versions with mock rule assets', () => {
-    const getRuleAssetSavedObjects = () => [
-      createRuleAssetSavedObject({ rule_id: 'rule-1', version: 1 }),
-      createRuleAssetSavedObject({ rule_id: 'rule-2', version: 2 }),
-      createRuleAssetSavedObject({ rule_id: 'rule-3', version: 3 }),
-      createRuleAssetSavedObject({ rule_id: 'rule-4', version: 4 }),
-    ];
-    const RULES_COUNT = getRuleAssetSavedObjects().length;
-
-    beforeEach(async () => {
-      await deleteAllRules(supertest, log);
-      await deleteAllTimelines(es, log);
-      await deleteAllPrebuiltRuleAssets(es, log);
-    });
-
-    describe('using current endpoint', () => {
-      it('should install prebuilt rules', async () => {
-        await createPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects());
-        const body = await installPrebuiltRules(es, supertest);
-
-        expect(body.summary.succeeded).toBe(RULES_COUNT);
-        expect(body.summary.failed).toBe(0);
-        expect(body.summary.skipped).toBe(0);
-      });
-
-      it('should install correct prebuilt rule versions', async () => {
-        await createPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects());
-        const body = await installPrebuiltRules(es, supertest);
-
-        // Check that all prebuilt rules were actually installed and their versions match the latest
-        expect(body.results.created).toEqual(
-          expect.arrayContaining([
-            expect.objectContaining({ rule_id: 'rule-1', version: 1 }),
-            expect.objectContaining({ rule_id: 'rule-2', version: 2 }),
-            expect.objectContaining({ rule_id: 'rule-3', version: 3 }),
-            expect.objectContaining({ rule_id: 'rule-4', version: 4 }),
-          ])
-        );
-      });
-
-      it('should install missing prebuilt rules', async () => {
-        // Install all prebuilt detection rules
-        await createPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects());
-        await installPrebuiltRules(es, supertest);
-
-        // Delete one of the installed rules
-        await deleteRule(supertest, 'rule-1');
-
-        // Check that one prebuilt rule is missing
-        const statusResponse = await getPrebuiltRulesStatus(es, supertest);
-        expect(statusResponse.stats.num_prebuilt_rules_to_install).toBe(1);
-
-        // Call the install prebuilt rules again and check that the missing rule was installed
-        const response = await installPrebuiltRules(es, supertest);
-        expect(response.summary.succeeded).toBe(1);
-      });
-    });
-
-    describe('using legacy endpoint', () => {
-      it('should install prebuilt rules', async () => {
-        await createPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects());
-        const body = await installPrebuiltRulesAndTimelines(es, supertest);
-
-        expect(body.rules_installed).toBe(RULES_COUNT);
-        expect(body.rules_updated).toBe(0);
-      });
-
-      it('should install correct prebuilt rule versions', async () => {
-        await createPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects());
-        await installPrebuiltRulesAndTimelines(es, supertest);
-
-        // Get installed rules
-        const rulesResponse = await getInstalledRules(supertest);
-
-        // Check that all prebuilt rules were actually installed and their versions match the latest
-        expect(rulesResponse.total).toBe(RULES_COUNT);
-        expect(rulesResponse.data).toEqual(
-          expect.arrayContaining([
-            expect.objectContaining({ rule_id: 'rule-1', version: 1 }),
-            expect.objectContaining({ rule_id: 'rule-2', version: 2 }),
-            expect.objectContaining({ rule_id: 'rule-3', version: 3 }),
-            expect.objectContaining({ rule_id: 'rule-4', version: 4 }),
-          ])
-        );
-      });
-
-      it('should install missing prebuilt rules', async () => {
-        // Install all prebuilt detection rules
-        await createPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects());
-        await installPrebuiltRulesAndTimelines(es, supertest);
-
-        // Delete one of the installed rules
-        await deleteRule(supertest, 'rule-1');
-
-        // Check that one prebuilt rule is missing
-        const statusResponse = await getPrebuiltRulesAndTimelinesStatus(es, supertest);
-        expect(statusResponse.rules_not_installed).toBe(1);
-
-        // Call the install prebuilt rules again and check that the missing rule was installed
-        const response = await installPrebuiltRulesAndTimelines(es, supertest);
-        expect(response.rules_installed).toBe(1);
-        expect(response.rules_updated).toBe(0);
-      });
-    });
-  });
-};
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/configs/ess_basic_license.config.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/configs/ess_basic_license.config.ts
@ -1,25 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { FtrConfigProviderContext } from '@kbn/test';
-
-export default async function ({ readConfigFile }: FtrConfigProviderContext) {
-  const functionalConfig = await readConfigFile(
-    require.resolve('../../../../../../../config/ess/config.base.basic')
-  );
-
-  const testConfig = {
-    ...functionalConfig.getAll(),
-    testFiles: [require.resolve('..')],
-    junit: {
-      reportName:
-        'Rules Management - Prebuilt Rule Customization Disabled Integration Tests - ESS Env Basic License',
-    },
-  };
-
-  return testConfig;
-}
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/configs/serverless_essentials_tier.config.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/configs/serverless_essentials_tier.config.ts
@ -1,16 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { createTestConfig } from '../../../../../../../config/serverless/config.base.essentials';
-
-export default createTestConfig({
-  testFiles: [require.resolve('..')],
-  junit: {
-    reportName:
-      'Rules Management - Prebuilt Rule Customization Disabled Integration Tests - Serverless Env Essentials Tier',
-  },
-});
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/index.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/index.ts
@ -1,19 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { FtrProviderContext } from '../../../../../../ftr_provider_context';
-
-export default ({ loadTestFile }: FtrProviderContext): void => {
-  describe('Rules Management - Prebuilt Rules - Prebuilt Rule Customization Enabled', function () {
-    loadTestFile(require.resolve('./is_customized_calculation'));
-    loadTestFile(require.resolve('./import_rules'));
-    loadTestFile(require.resolve('./rules_export'));
-    loadTestFile(require.resolve('./rule_customization'));
-    loadTestFile(require.resolve('./preview_prebuilt_rules_upgrade'));
-    loadTestFile(require.resolve('./upgrade_prebuilt_rules'));
-  });
-};
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/is_customized_calculation.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/is_customized_calculation.ts
@ -1,200 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-import {
-  BulkActionEditTypeEnum,
-  BulkActionTypeEnum,
-} from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/bulk_actions/bulk_actions_route.gen';
-import expect from 'expect';
-import { deleteAllRules } from '../../../../../../../common/utils/security_solution';
-import { FtrProviderContext } from '../../../../../../ftr_provider_context';
-import {
-  createPrebuiltRuleAssetSavedObjects,
-  createRuleAssetSavedObject,
-  deleteAllPrebuiltRuleAssets,
-  installPrebuiltRules,
-} from '../../../../utils';
-
-export default ({ getService }: FtrProviderContext): void => {
-  const es = getService('es');
-  const supertest = getService('supertest');
-  const securitySolutionApi = getService('securitySolutionApi');
-  const log = getService('log');
-
-  const ruleAsset = createRuleAssetSavedObject({
-    rule_id: '000047bb-b27a-47ec-8b62-ef1a5d2c9e19',
-    tags: ['test-tag'],
-  });
-
-  describe('@ess @serverless @skipInServerlessMKI is_customized calculation', () => {
-    beforeEach(async () => {
-      await deleteAllRules(supertest, log);
-      await deleteAllPrebuiltRuleAssets(es, log);
-    });
-
-    describe('prebuilt rules', () => {
-      it('should set is_customized to true on bulk rule modification', async () => {
-        await createPrebuiltRuleAssetSavedObjects(es, [ruleAsset]);
-        await installPrebuiltRules(es, supertest);
-
-        const { body: findResult } = await securitySolutionApi
-          .findRules({
-            query: {
-              per_page: 1,
-              filter: `alert.attributes.params.immutable: true`,
-            },
-          })
-          .expect(200);
-        const prebuiltRule = findResult.data[0];
-        expect(prebuiltRule).toBeDefined();
-        expect(prebuiltRule.rule_source.is_customized).toEqual(false);
-
-        const { body: bulkResult } = await securitySolutionApi
-          .performRulesBulkAction({
-            query: {},
-            body: {
-              ids: [prebuiltRule.id],
-              action: BulkActionTypeEnum.edit,
-              [BulkActionTypeEnum.edit]: [
-                {
-                  type: BulkActionEditTypeEnum.add_tags,
-                  value: ['new-tag'],
-                },
-              ],
-            },
-          })
-          .expect(200);
-
-        expect(bulkResult.attributes.summary).toEqual({
-          failed: 0,
-          skipped: 0,
-          succeeded: 1,
-          total: 1,
-        });
-        expect(bulkResult.attributes.results.updated[0].rule_source.is_customized).toEqual(true);
-      });
-
-      it('should leave is_customized intact if the change has been skipped', async () => {
-        await createPrebuiltRuleAssetSavedObjects(es, [ruleAsset]);
-        await installPrebuiltRules(es, supertest);
-
-        const { body: findResult } = await securitySolutionApi
-          .findRules({
-            query: {
-              per_page: 1,
-              filter: `alert.attributes.params.immutable: true`,
-            },
-          })
-          .expect(200);
-        const prebuiltRule = findResult.data[0];
-        expect(prebuiltRule).toBeDefined();
-        expect(prebuiltRule.rule_source.is_customized).toEqual(false);
-
-        const { body: bulkResult } = await securitySolutionApi
-          .performRulesBulkAction({
-            query: {},
-            body: {
-              ids: [prebuiltRule.id],
-              action: BulkActionTypeEnum.edit,
-              [BulkActionTypeEnum.edit]: [
-                {
-                  type: BulkActionEditTypeEnum.add_tags,
-                  // This tag is already present on the rule, so the change will be skipped
-                  value: [prebuiltRule.tags[0]],
-                },
-              ],
-            },
-          })
-          .expect(200);
-
-        expect(bulkResult.attributes.summary).toEqual({
-          failed: 0,
-          skipped: 1,
-          succeeded: 0,
-          total: 1,
-        });
-
-        // Check that the rule has not been customized
-        const { body: findResultAfter } = await securitySolutionApi
-          .findRules({
-            query: {
-              per_page: 1,
-              filter: `alert.attributes.params.immutable: true`,
-            },
-          })
-          .expect(200);
-        expect(findResultAfter.data[0].rule_source.is_customized).toEqual(false);
-      });
-
-      it('should set is_customized to false if the change has been reverted', async () => {
-        await createPrebuiltRuleAssetSavedObjects(es, [ruleAsset]);
-        await installPrebuiltRules(es, supertest);
-
-        const { body: findResult } = await securitySolutionApi
-          .findRules({
-            query: {
-              per_page: 1,
-              filter: `alert.attributes.params.immutable: true`,
-            },
-          })
-          .expect(200);
-        const prebuiltRule = findResult.data[0];
-        expect(prebuiltRule).toBeDefined();
-        expect(prebuiltRule.rule_source.is_customized).toEqual(false);
-
-        // Add a tag to the rule
-        const { body: bulkResult } = await securitySolutionApi
-          .performRulesBulkAction({
-            query: {},
-            body: {
-              ids: [prebuiltRule.id],
-              action: BulkActionTypeEnum.edit,
-              [BulkActionTypeEnum.edit]: [
-                {
-                  type: BulkActionEditTypeEnum.add_tags,
-                  value: ['new-tag'],
-                },
-              ],
-            },
-          })
-          .expect(200);
-
-        expect(bulkResult.attributes.summary).toEqual({
-          failed: 0,
-          skipped: 0,
-          succeeded: 1,
-          total: 1,
-        });
-
-        // Remove the added tag
-        const { body: revertResult } = await securitySolutionApi
-          .performRulesBulkAction({
-            query: {},
-            body: {
-              ids: [prebuiltRule.id],
-              action: BulkActionTypeEnum.edit,
-              [BulkActionTypeEnum.edit]: [
-                {
-                  type: BulkActionEditTypeEnum.delete_tags,
-                  value: ['new-tag'],
-                },
-              ],
-            },
-          })
-          .expect(200);
-
-        expect(revertResult.attributes.summary).toEqual({
-          failed: 0,
-          skipped: 0,
-          succeeded: 1,
-          total: 1,
-        });
-
-        expect(revertResult.attributes.results.updated[0].rule_source.is_customized).toEqual(false);
-      });
-    });
-  });
-};
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/upgrade_prebuilt_rules/index.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/upgrade_prebuilt_rules/index.ts
@ -1,30 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { FtrProviderContext } from '../../../../../../../ftr_provider_context';
-import { deleteAllPrebuiltRuleAssets } from '../../../../../utils';
-import { deleteAllRules } from '../../../../../../../../common/utils/security_solution';
-import { bulkUpgradeAllPrebuiltRules } from './bulk_upgrade_all_prebuilt_rules';
-import { bulkUpgradeSelectedPrebuiltRules } from './bulk_upgrade_selected_prebuilt_rules';
-import { upgradeSinglePrebuiltRule } from './upgrade_single_prebuilt_rule';
-
-export default (context: FtrProviderContext): void => {
-  const es = context.getService('es');
-  const supertest = context.getService('supertest');
-  const log = context.getService('log');
-
-  describe('@ess @serverless @skipInServerlessMKI upgrade prebuilt rules', () => {
-    beforeEach(async () => {
-      await deleteAllRules(supertest, log);
-      await deleteAllPrebuiltRuleAssets(es, log);
-    });
-
-    bulkUpgradeAllPrebuiltRules(context);
-    bulkUpgradeSelectedPrebuiltRules(context);
-    upgradeSinglePrebuiltRule(context);
-  });
-};
--- a/Show more
+++ b/Show more