[Security Solution][Detection Engine] adds simplified bulk edit for alert suppression (#223090)

## Summary

- addresses https://github.com/elastic/security-team/issues/9190
(issue's description does not contain details, for product requirements
refer to
https://github.com/elastic/security-team/issues/9190#issuecomment-2943723763)
- adds simplified bulk editing, when user can only overwrite or remove
alert suppression for multiple rules

### DEMO



https://github.com/user-attachments/assets/88dc2953-e3fa-44c3-b896-ff533c66553f

### Feature flag

```yml
xpack.securitySolution.enableExperimental:
  - bulkEditAlertSuppressionEnabled
```

### Flaky test runner

FTR -
https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/8360
Cypress -
https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/8361

### Docs issue

https://github.com/elastic/docs-content/issues/1719

### Test plan

https://github.com/elastic/security-team/pull/12813

---------

Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Maxim Palenov <maxim.palenov@elastic.co>

oas_docs/output/kibana.serverless.yaml

@@ -8395,6 +8395,47 @@ paths:
                   ids:
                     - 9e946bfc-3118-4c77-bb25-67d781191921
               example27:
+                description: The following request set alert suppression to the rules with the specified IDs.
+                summary: Edit - Set alert suppression to rules (idempotent)
+                value:
+                  action: edit
+                  edit:
+                    - type: set_alert_suppression
+                      value:
+                        duration:
+                          unit: h
+                          value: 1
+                        group_by:
+                          - source.ip
+                        missing_fields_strategy: suppress
+                  ids:
+                    - 12345678-1234-1234-1234-1234567890ab
+                    - 87654321-4321-4321-4321-0987654321ba
+              example28:
+                description: The following request set alert suppression to threshold rules with the specified IDs.
+                summary: Edit - Set alert suppression to threshold rules (idempotent)
+                value:
+                  action: edit
+                  edit:
+                    - type: set_alert_suppression_for_threshold
+                      value:
+                        duration:
+                          unit: h
+                          value: 1
+                  ids:
+                    - 12345678-1234-1234-1234-1234567890ab
+                    - 87654321-4321-4321-4321-0987654321ba
+              example29:
+                description: The following request removes alert suppression from the rules with the specified IDs. If the rules do not have alert suppression, no changes are made.
+                summary: Edit - Removes alert suppression from rules (idempotent)
+                value:
+                  action: edit
+                  edit:
+                    - type: delete_alert_suppression
+                  ids:
+                    - 12345678-1234-1234-1234-1234567890ab
+                    - 87654321-4321-4321-4321-0987654321ba
+              example30:
                 description: The following request triggers the filling of gaps for the specified rule ids and time range
                 summary: Fill Gaps - Manually trigger the filling of gaps for specified rules
                 value:
@@ -58896,6 +58937,21 @@ components:
         - $ref: '#/components/schemas/Security_Detections_API_BulkActionEditPayloadTimeline'
         - $ref: '#/components/schemas/Security_Detections_API_BulkActionEditPayloadRuleActions'
         - $ref: '#/components/schemas/Security_Detections_API_BulkActionEditPayloadSchedule'
+        - $ref: '#/components/schemas/Security_Detections_API_BulkActionEditPayloadAlertSuppression'
+    Security_Detections_API_BulkActionEditPayloadAlertSuppression:
+      anyOf:
+        - $ref: '#/components/schemas/Security_Detections_API_BulkActionEditPayloadSetAlertSuppression'
+        - $ref: '#/components/schemas/Security_Detections_API_BulkActionEditPayloadSetAlertSuppressionForThreshold'
+        - $ref: '#/components/schemas/Security_Detections_API_BulkActionEditPayloadDeleteAlertSuppression'
+    Security_Detections_API_BulkActionEditPayloadDeleteAlertSuppression:
+      type: object
+      properties:
+        type:
+          enum:
+            - delete_alert_suppression
+          type: string
+      required:
+        - type
     Security_Detections_API_BulkActionEditPayloadIndexPatterns:
       description: |
         Edits index patterns of rulesClient.
@@ -59001,6 +59057,30 @@ components:
       required:
         - type
         - value
+    Security_Detections_API_BulkActionEditPayloadSetAlertSuppression:
+      type: object
+      properties:
+        type:
+          enum:
+            - set_alert_suppression
+          type: string
+        value:
+          $ref: '#/components/schemas/Security_Detections_API_AlertSuppression'
+      required:
+        - type
+        - value
+    Security_Detections_API_BulkActionEditPayloadSetAlertSuppressionForThreshold:
+      type: object
+      properties:
+        type:
+          enum:
+            - set_alert_suppression_for_threshold
+          type: string
+        value:
+          $ref: '#/components/schemas/Security_Detections_API_ThresholdAlertSuppression'
+      required:
+        - type
+        - value
     Security_Detections_API_BulkActionEditPayloadTags:
       description: |
         Edits tags of rules.
@@ -59054,6 +59134,8 @@ components:
         - ESQL_INDEX_PATTERN
         - MANUAL_RULE_RUN_FEATURE
         - MANUAL_RULE_RUN_DISABLED_RULE
+        - THRESHOLD_RULE_TYPE_IN_SUPPRESSION
+        - UNSUPPORTED_RULE_IN_SUPPRESSION_FOR_THRESHOLD
         - RULE_FILL_GAPS_DISABLED_RULE
       type: string
     Security_Detections_API_BulkActionSkipResult:

oas_docs/output/kibana.yaml

@@ -10070,6 +10070,47 @@ paths:
                   ids:
                     - 9e946bfc-3118-4c77-bb25-67d781191921
               example27:
+                description: The following request set alert suppression to the rules with the specified IDs.
+                summary: Edit - Set alert suppression to rules (idempotent)
+                value:
+                  action: edit
+                  edit:
+                    - type: set_alert_suppression
+                      value:
+                        duration:
+                          unit: h
+                          value: 1
+                        group_by:
+                          - source.ip
+                        missing_fields_strategy: suppress
+                  ids:
+                    - 12345678-1234-1234-1234-1234567890ab
+                    - 87654321-4321-4321-4321-0987654321ba
+              example28:
+                description: The following request set alert suppression to threshold rules with the specified IDs.
+                summary: Edit - Set alert suppression to threshold rules (idempotent)
+                value:
+                  action: edit
+                  edit:
+                    - type: set_alert_suppression_for_threshold
+                      value:
+                        duration:
+                          unit: h
+                          value: 1
+                  ids:
+                    - 12345678-1234-1234-1234-1234567890ab
+                    - 87654321-4321-4321-4321-0987654321ba
+              example29:
+                description: The following request removes alert suppression from the rules with the specified IDs. If the rules do not have alert suppression, no changes are made.
+                summary: Edit - Removes alert suppression from rules (idempotent)
+                value:
+                  action: edit
+                  edit:
+                    - type: delete_alert_suppression
+                  ids:
+                    - 12345678-1234-1234-1234-1234567890ab
+                    - 87654321-4321-4321-4321-0987654321ba
+              example30:
                 description: The following request triggers the filling of gaps for the specified rule ids and time range
                 summary: Fill Gaps - Manually trigger the filling of gaps for specified rules
                 value:
@@ -68268,6 +68309,21 @@ components:
         - $ref: '#/components/schemas/Security_Detections_API_BulkActionEditPayloadTimeline'
         - $ref: '#/components/schemas/Security_Detections_API_BulkActionEditPayloadRuleActions'
         - $ref: '#/components/schemas/Security_Detections_API_BulkActionEditPayloadSchedule'
+        - $ref: '#/components/schemas/Security_Detections_API_BulkActionEditPayloadAlertSuppression'
+    Security_Detections_API_BulkActionEditPayloadAlertSuppression:
+      anyOf:
+        - $ref: '#/components/schemas/Security_Detections_API_BulkActionEditPayloadSetAlertSuppression'
+        - $ref: '#/components/schemas/Security_Detections_API_BulkActionEditPayloadSetAlertSuppressionForThreshold'
+        - $ref: '#/components/schemas/Security_Detections_API_BulkActionEditPayloadDeleteAlertSuppression'
+    Security_Detections_API_BulkActionEditPayloadDeleteAlertSuppression:
+      type: object
+      properties:
+        type:
+          enum:
+            - delete_alert_suppression
+          type: string
+      required:
+        - type
     Security_Detections_API_BulkActionEditPayloadIndexPatterns:
       description: |
         Edits index patterns of rulesClient.
@@ -68373,6 +68429,30 @@ components:
       required:
         - type
         - value
+    Security_Detections_API_BulkActionEditPayloadSetAlertSuppression:
+      type: object
+      properties:
+        type:
+          enum:
+            - set_alert_suppression
+          type: string
+        value:
+          $ref: '#/components/schemas/Security_Detections_API_AlertSuppression'
+      required:
+        - type
+        - value
+    Security_Detections_API_BulkActionEditPayloadSetAlertSuppressionForThreshold:
+      type: object
+      properties:
+        type:
+          enum:
+            - set_alert_suppression_for_threshold
+          type: string
+        value:
+          $ref: '#/components/schemas/Security_Detections_API_ThresholdAlertSuppression'
+      required:
+        - type
+        - value
     Security_Detections_API_BulkActionEditPayloadTags:
       description: |
         Edits tags of rules.
@@ -68426,6 +68506,8 @@ components:
         - ESQL_INDEX_PATTERN
         - MANUAL_RULE_RUN_FEATURE
         - MANUAL_RULE_RUN_DISABLED_RULE
+        - THRESHOLD_RULE_TYPE_IN_SUPPRESSION
+        - UNSUPPORTED_RULE_IN_SUPPRESSION_FOR_THRESHOLD
         - RULE_FILL_GAPS_DISABLED_RULE
       type: string
     Security_Detections_API_BulkActionSkipResult: