[8.6] Fix close alerts from flyout (#145939) (#146196)

# Backport

This will backport the following commits from `main` to `8.6`:
- [Fix close alerts from flyout
(#145939)](https://github.com/elastic/kibana/pull/145939)

<!--- Backport version: 8.9.7 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Khristinin
Nikita","email":"nikita.khristinin@elastic.co"},"sourceCommit":{"committedDate":"2022-11-23T17:21:04Z","message":"Fix
close alerts from flyout (#145939)\n\n## Closing alerts from flyout
effect only alerts related to this rule\r\n\r\nFix:
https://github.com/elastic/kibana/issues/145675\r\n\r\nFor the
exceptions component, we need to have `rule.rule_id` which\r\nwasn't
initially in the timeline response.\r\nWe can't safely use `rule.id`, it
is
[described\r\nhere](https://github.com/elastic/kibana/pull/120053).\r\n\r\nCo-authored-by:
Kibana Machine
<42973632+kibanamachine@users.noreply.github.com>","sha":"6102f0e39b1b4053886e1dc6ccd8696fe1bf6967","branchLabelMapping":{"^v8.7.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:Security
Solution
Platform","backport:prev-minor","v8.7.0"],"number":145939,"url":"https://github.com/elastic/kibana/pull/145939","mergeCommit":{"message":"Fix
close alerts from flyout (#145939)\n\n## Closing alerts from flyout
effect only alerts related to this rule\r\n\r\nFix:
https://github.com/elastic/kibana/issues/145675\r\n\r\nFor the
exceptions component, we need to have `rule.rule_id` which\r\nwasn't
initially in the timeline response.\r\nWe can't safely use `rule.id`, it
is
[described\r\nhere](https://github.com/elastic/kibana/pull/120053).\r\n\r\nCo-authored-by:
Kibana Machine
<42973632+kibanamachine@users.noreply.github.com>","sha":"6102f0e39b1b4053886e1dc6ccd8696fe1bf6967"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v8.7.0","labelRegex":"^v8.7.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/145939","number":145939,"mergeCommit":{"message":"Fix
close alerts from flyout (#145939)\n\n## Closing alerts from flyout
effect only alerts related to this rule\r\n\r\nFix:
https://github.com/elastic/kibana/issues/145675\r\n\r\nFor the
exceptions component, we need to have `rule.rule_id` which\r\nwasn't
initially in the timeline response.\r\nWe can't safely use `rule.id`, it
is
[described\r\nhere](https://github.com/elastic/kibana/pull/120053).\r\n\r\nCo-authored-by:
Kibana Machine
<42973632+kibanamachine@users.noreply.github.com>","sha":"6102f0e39b1b4053886e1dc6ccd8696fe1bf6967"}}]}]
BACKPORT-->

Co-authored-by: Khristinin Nikita <nikita.khristinin@elastic.co>

x-pack/plugins/security_solution/public/detection_engine/rule_exceptions/components/add_exception_flyout/index.tsx

@@ -114,7 +114,6 @@ export const AddExceptionFlyout = memo(function AddExceptionFlyout({
   const { isLoading, indexPatterns } = useFetchIndexPatterns(rules);
   const [isSubmitting, submitNewExceptionItems] = useAddNewExceptionItems();
   const [isClosingAlerts, closeAlerts] = useCloseAlertsFromExceptions();
-
   const allowLargeValueLists = useMemo((): boolean => {
     if (rules != null && rules.length === 1) {
       // We'll only block this when we know what rule we're dealing with.

x-pack/plugins/security_solution/public/detections/components/alerts_table/default_config.tsx

@@ -182,6 +182,7 @@ export const requiredFieldsForActions = [
   'kibana.alert.rule.name',
   'kibana.alert.rule.to',
   'kibana.alert.rule.uuid',
+  'kibana.alert.rule.rule_id',
   'kibana.alert.rule.type',
   'kibana.alert.suppression.docs_count',
   'kibana.alert.original_event.kind',

x-pack/plugins/security_solution/public/detections/components/alerts_table/timeline_actions/alert_context_menu.tsx

@@ -77,6 +77,7 @@ const AlertContextMenuComponent: React.FC<AlertContextMenuProps & PropsFromRedux
   const getAlertId = () => (ecsRowData?.kibana?.alert ? ecsRowData?._id : null);
   const alertId = getAlertId();
   const ruleId = get(0, ecsRowData?.kibana?.alert?.rule?.uuid);
+  const ruleRuleId = get(0, ecsRowData?.kibana?.alert?.rule?.rule_id);
   const ruleName = get(0, ecsRowData?.kibana?.alert?.rule?.name);
   const isInDetections = [TableId.alertsOnAlertsPage, TableId.alertsOnRuleDetailsPage].includes(
     scopeId as TableId
@@ -262,19 +263,24 @@ const AlertContextMenuComponent: React.FC<AlertContextMenuProps & PropsFromRedux
           </EventsTdContent>
         </div>
       )}
-      {openAddExceptionFlyout && ruleId != null && ruleName != null && ecsRowData?._id != null && (
-        <AddExceptionFlyoutWrapper
-          ruleId={ruleId}
-          ruleIndices={ruleIndex}
-          ruleDataViewId={ruleDataViewId}
-          ruleName={ruleName}
-          exceptionListType={exceptionFlyoutType}
-          eventId={ecsRowData?._id}
-          onCancel={onAddExceptionCancel}
-          onConfirm={onAddExceptionConfirm}
-          alertStatus={alertStatus}
-        />
-      )}
+      {openAddExceptionFlyout &&
+        ruleId &&
+        ruleRuleId &&
+        ruleName != null &&
+        ecsRowData?._id != null && (
+          <AddExceptionFlyoutWrapper
+            ruleId={ruleId}
+            ruleRuleId={ruleRuleId}
+            ruleIndices={ruleIndex}
+            ruleDataViewId={ruleDataViewId}
+            ruleName={ruleName}
+            exceptionListType={exceptionFlyoutType}
+            eventId={ecsRowData?._id}
+            onCancel={onAddExceptionCancel}
+            onConfirm={onAddExceptionConfirm}
+            alertStatus={alertStatus}
+          />
+        )}
       {isAddEventFilterModalOpen && ecsRowData != null && (
         <EventFiltersFlyout data={ecsRowData} onCancel={closeAddEventFilterModal} />
       )}
@@ -319,6 +325,7 @@ type AddExceptionFlyoutWrapperProps = Omit<
 > & {
   eventId?: string;
   ruleId: Rule['id'];
+  ruleRuleId: Rule['rule_id'];
   ruleIndices: Rule['index'];
   ruleDataViewId: Rule['data_view_id'];
   ruleName: Rule['name'];
@@ -332,6 +339,7 @@ type AddExceptionFlyoutWrapperProps = Omit<
  */
 export const AddExceptionFlyoutWrapper: React.FC<AddExceptionFlyoutWrapperProps> = ({
   ruleId,
+  ruleRuleId,
   ruleIndices,
   ruleDataViewId,
   ruleName,
@@ -395,6 +403,7 @@ export const AddExceptionFlyoutWrapper: React.FC<AddExceptionFlyoutWrapperProps>
         {
           ...enrichedAlert['kibana.alert.rule.parameters'],
           id: ruleId,
+          rule_id: ruleRuleId,
           name: ruleName,
           index: memoRuleIndices,
           data_view_id: memoDataViewId,
@@ -405,12 +414,13 @@ export const AddExceptionFlyoutWrapper: React.FC<AddExceptionFlyoutWrapperProps>
     return [
       {
         id: ruleId,
+        rule_id: ruleRuleId,
         name: ruleName,
         index: memoRuleIndices,
         data_view_id: memoDataViewId,
       },
     ] as Rule[];
-  }, [enrichedAlert, memoDataViewId, memoRuleIndices, ruleId, ruleName]);
+  }, [enrichedAlert, memoDataViewId, memoRuleIndices, ruleId, ruleName, ruleRuleId]);
 
   const isLoading =
     (isLoadingAlertData && isSignalIndexLoading) ||

x-pack/plugins/security_solution/public/timelines/components/side_panel/event_details/flyout/footer.tsx

@@ -44,6 +44,7 @@ interface AddExceptionModalWrapperData {
   alertStatus: Status;
   eventId: string;
   ruleId: string;
+  ruleRuleId: string;
   ruleName: string;
 }
 
@@ -93,6 +94,7 @@ export const FlyoutFooterComponent = React.memo(
       () =>
         [
           { category: 'signal', field: 'signal.rule.id', name: 'ruleId' },
+          { category: 'signal', field: 'signal.rule.rule_id', name: 'ruleRuleId' },
           { category: 'signal', field: 'signal.rule.name', name: 'ruleName' },
           { category: 'signal', field: 'kibana.alert.workflow_status', name: 'alertStatus' },
           { category: '_id', field: '_id', name: 'eventId' },
@@ -173,6 +175,7 @@ export const FlyoutFooterComponent = React.memo(
       */}
         {openAddExceptionFlyout &&
           addExceptionModalWrapperData.ruleId != null &&
+          addExceptionModalWrapperData.ruleRuleId != null &&
           addExceptionModalWrapperData.eventId != null && (
             <AddExceptionFlyoutWrapper
               {...addExceptionModalWrapperData}

x-pack/plugins/timelines/server/search_strategy/timeline/factory/helpers/constants.ts

@@ -51,6 +51,7 @@ export const TIMELINE_EVENTS_FIELDS = [
   'kibana.alert.rule.name',
   'kibana.alert.rule.to',
   'kibana.alert.rule.uuid',
+  'kibana.alert.rule.rule_id',
   'kibana.alert.rule.type',
   'kibana.alert.original_event.kind',
   'kibana.alert.original_event.module',