[8.18] [Security Solution] Siem migrations/copy changes rule translations (#214437) (#214607)

# Backport

This will backport the following commits from `main` to `8.18`:
- [[Security Solution] Siem migrations/copy changes rule translations
(#214437)](https://github.com/elastic/kibana/pull/214437)

<!--- Backport version: 9.6.6 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT [{"author":{"name":"Sergi
Massaneda","email":"sergi.massaneda@elastic.co"},"sourceCommit":{"committedDate":"2025-03-14T16:15:09Z","message":"[Security
Solution] Siem migrations/copy changes rule translations (#214437)\n\n##
Summary\n\n3/3 of
https://github.com/elastic/security-team/issues/11696\n\n**Done**\n- UI
changes in the onboarding cards\n- UI changes in the upload form\n- UI
changes in the translated rules page\n\n### Screenshots\n\nInstalled ML
prebuilt rule\n![Captura de pantalla 2025-03-13 a les 17
10\n23](https://github.com/user-attachments/assets/89090e48-343d-4f84-ae07-7cacfbf3c39b)\n\nKQL
prebuilt rule\n![Captura de pantalla 2025-03-13 a les 17
09\n22](https://github.com/user-attachments/assets/cd7807df-50ba-49d9-846e-5879e5bc1794)\n\nCustom
translated rule\n![Captura de pantalla 2025-03-13 a les 17
09\n39](https://github.com/user-attachments/assets/712d4df0-0968-4b91-afe3-53f1e86058dc)\n\nCustom
partially translated rule\n![Captura de pantalla 2025-03-13 a les 17
10\n12](https://github.com/user-attachments/assets/63bd05a5-7066-464a-ac17-4a0754cd781a)\n\nCustom
not translated rule\n![Captura de pantalla 2025-03-13 a les 17
11\n32](https://github.com/user-attachments/assets/05439b43-2a9d-44dd-8ca6-502da743a3c3)\n\n####
Other\n\nInstalled badge updated\n![Captura de pantalla 2025-03-13 a les
17
12\n25](https://github.com/user-attachments/assets/a1c1fdd0-99e0-44c7-8f73-066ce74199da)\n\nStatus
tooltip updated\n![Captura de pantalla 2025-03-13 a les 17
12\n54](https://github.com/user-attachments/assets/bf9d05d0-048a-4672-a78b-decb6db36ad4)\n\nTour
step 2 updated\n![Captura de pantalla 2025-03-13 a les 17
13\n49](https://github.com/user-attachments/assets/7c9312fa-f73c-4a8d-a3e9-4a9ab19a3169)\n\n---------\n\nCo-authored-by:
Elastic Machine
<elasticmachine@users.noreply.github.com>","sha":"9e13b5594a628b79b711af6e2b05819c3f07b8a0","branchLabelMapping":{"^v9.1.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:Threat
Hunting","backport:version","v8.18.0","v9.1.0","v8.19.0"],"title":"[Security
Solution] Siem migrations/copy changes rule
translations","number":214437,"url":"https://github.com/elastic/kibana/pull/214437","mergeCommit":{"message":"[Security
Solution] Siem migrations/copy changes rule translations (#214437)\n\n##
Summary\n\n3/3 of
https://github.com/elastic/security-team/issues/11696\n\n**Done**\n- UI
changes in the onboarding cards\n- UI changes in the upload form\n- UI
changes in the translated rules page\n\n### Screenshots\n\nInstalled ML
prebuilt rule\n![Captura de pantalla 2025-03-13 a les 17
10\n23](https://github.com/user-attachments/assets/89090e48-343d-4f84-ae07-7cacfbf3c39b)\n\nKQL
prebuilt rule\n![Captura de pantalla 2025-03-13 a les 17
09\n22](https://github.com/user-attachments/assets/cd7807df-50ba-49d9-846e-5879e5bc1794)\n\nCustom
translated rule\n![Captura de pantalla 2025-03-13 a les 17
09\n39](https://github.com/user-attachments/assets/712d4df0-0968-4b91-afe3-53f1e86058dc)\n\nCustom
partially translated rule\n![Captura de pantalla 2025-03-13 a les 17
10\n12](https://github.com/user-attachments/assets/63bd05a5-7066-464a-ac17-4a0754cd781a)\n\nCustom
not translated rule\n![Captura de pantalla 2025-03-13 a les 17
11\n32](https://github.com/user-attachments/assets/05439b43-2a9d-44dd-8ca6-502da743a3c3)\n\n####
Other\n\nInstalled badge updated\n![Captura de pantalla 2025-03-13 a les
17
12\n25](https://github.com/user-attachments/assets/a1c1fdd0-99e0-44c7-8f73-066ce74199da)\n\nStatus
tooltip updated\n![Captura de pantalla 2025-03-13 a les 17
12\n54](https://github.com/user-attachments/assets/bf9d05d0-048a-4672-a78b-decb6db36ad4)\n\nTour
step 2 updated\n![Captura de pantalla 2025-03-13 a les 17
13\n49](https://github.com/user-attachments/assets/7c9312fa-f73c-4a8d-a3e9-4a9ab19a3169)\n\n---------\n\nCo-authored-by:
Elastic Machine
<elasticmachine@users.noreply.github.com>","sha":"9e13b5594a628b79b711af6e2b05819c3f07b8a0"}},"sourceBranch":"main","suggestedTargetBranches":["9.0","8.18","8.x"],"targetPullRequestStates":[{"branch":"9.0","label":"v9.0.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.18","label":"v8.18.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/214437","number":214437,"mergeCommit":{"message":"[Security
Solution] Siem migrations/copy changes rule translations (#214437)\n\n##
Summary\n\n3/3 of
https://github.com/elastic/security-team/issues/11696\n\n**Done**\n- UI
changes in the onboarding cards\n- UI changes in the upload form\n- UI
changes in the translated rules page\n\n### Screenshots\n\nInstalled ML
prebuilt rule\n![Captura de pantalla 2025-03-13 a les 17
10\n23](https://github.com/user-attachments/assets/89090e48-343d-4f84-ae07-7cacfbf3c39b)\n\nKQL
prebuilt rule\n![Captura de pantalla 2025-03-13 a les 17
09\n22](https://github.com/user-attachments/assets/cd7807df-50ba-49d9-846e-5879e5bc1794)\n\nCustom
translated rule\n![Captura de pantalla 2025-03-13 a les 17
09\n39](https://github.com/user-attachments/assets/712d4df0-0968-4b91-afe3-53f1e86058dc)\n\nCustom
partially translated rule\n![Captura de pantalla 2025-03-13 a les 17
10\n12](https://github.com/user-attachments/assets/63bd05a5-7066-464a-ac17-4a0754cd781a)\n\nCustom
not translated rule\n![Captura de pantalla 2025-03-13 a les 17
11\n32](https://github.com/user-attachments/assets/05439b43-2a9d-44dd-8ca6-502da743a3c3)\n\n####
Other\n\nInstalled badge updated\n![Captura de pantalla 2025-03-13 a les
17
12\n25](https://github.com/user-attachments/assets/a1c1fdd0-99e0-44c7-8f73-066ce74199da)\n\nStatus
tooltip updated\n![Captura de pantalla 2025-03-13 a les 17
12\n54](https://github.com/user-attachments/assets/bf9d05d0-048a-4672-a78b-decb6db36ad4)\n\nTour
step 2 updated\n![Captura de pantalla 2025-03-13 a les 17
13\n49](https://github.com/user-attachments/assets/7c9312fa-f73c-4a8d-a3e9-4a9ab19a3169)\n\n---------\n\nCo-authored-by:
Elastic Machine
<elasticmachine@users.noreply.github.com>","sha":"9e13b5594a628b79b711af6e2b05819c3f07b8a0"}},{"branch":"8.x","label":"v8.19.0","branchLabelMappingKey":"^v8.19.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: Sergi Massaneda <sergi.massaneda@elastic.co>

x-pack/platform/plugins/private/translations/translations/fr-FR.json

@@ -44153,7 +44153,6 @@
     "xpack.securitySolution.siemMigrations.rules.translationDetails.translationTab.title": "Traduction",
     "xpack.securitySolution.siemMigrations.rules.translationDetails.translationTab.translatedRuleCalloutTitle": "Cette règle a été pleinement traduite. Installez la règle pour finir la migration. Une fois la règle installée, vous pourrez la paramétrer.",
     "xpack.securitySolution.siemMigrations.rules.translationDetails.translationTab.translationQuery.queryPlaceholder": "Cette règle n'a pas été traduite. Cliquez sur modifier pour commencer à écrire.",
-    "xpack.securitySolution.siemMigrations.rules.translationDetails.translationTab.translationQuery.title": "Requête {queryLanguage}",
     "xpack.securitySolution.siemMigrations.rules.translationDetails.translationTabLabel": "Traduction",
     "xpack.securitySolution.siemMigrations.rules.translationDetails.unknownMigrationRuleTitle": "Règle de migration inconnue",
     "xpack.securitySolution.siemMigrations.rules.translationDetails.updatedByLabel": "{updated} : {by} le {date}",

x-pack/platform/plugins/private/translations/translations/ja-JP.json

@@ -44124,7 +44124,6 @@
     "xpack.securitySolution.siemMigrations.rules.translationDetails.translationTab.title": "変換",
     "xpack.securitySolution.siemMigrations.rules.translationDetails.translationTab.translatedRuleCalloutTitle": "このルールは完全に変換されました。ルールをインストールして移行を完了します。インストールが完了すると、ルールを微調整できます。",
     "xpack.securitySolution.siemMigrations.rules.translationDetails.translationTab.translationQuery.queryPlaceholder": "このルールは変換されていません。編集をクリックすると、書き込みを開始します。",
-    "xpack.securitySolution.siemMigrations.rules.translationDetails.translationTab.translationQuery.title": "{queryLanguage}クエリ",
     "xpack.securitySolution.siemMigrations.rules.translationDetails.translationTabLabel": "変換",
     "xpack.securitySolution.siemMigrations.rules.translationDetails.unknownMigrationRuleTitle": "不明な移行ルール",
     "xpack.securitySolution.siemMigrations.rules.translationDetails.updatedByLabel": "{updated}：{by} 日付：{date}",

x-pack/platform/plugins/private/translations/translations/zh-CN.json

@@ -44196,7 +44196,6 @@
     "xpack.securitySolution.siemMigrations.rules.translationDetails.translationTab.title": "转换",
     "xpack.securitySolution.siemMigrations.rules.translationDetails.translationTab.translatedRuleCalloutTitle": "此规则已完全转换。安装规则以完成迁移。安装后，您即可微调该规则。",
     "xpack.securitySolution.siemMigrations.rules.translationDetails.translationTab.translationQuery.queryPlaceholder": "尚未转换此规则。单击“编辑”以开始写入。",
-    "xpack.securitySolution.siemMigrations.rules.translationDetails.translationTab.translationQuery.title": "{queryLanguage} 查询",
     "xpack.securitySolution.siemMigrations.rules.translationDetails.translationTabLabel": "转换",
     "xpack.securitySolution.siemMigrations.rules.translationDetails.unknownMigrationRuleTitle": "未知迁移规则",
     "xpack.securitySolution.siemMigrations.rules.translationDetails.updatedByLabel": "{updated}：{by} 于 {date}",

x-pack/solutions/security/plugins/security_solution/public/siem_migrations/rules/components/rule_details_flyout/tabs/translation/index.tsx

@@ -75,8 +75,6 @@ export const TranslationTab: React.FC<TranslationTabProps> = React.memo(
                   <EuiFlexItem grow={false}>
                     <EuiBadge
                       color={convertTranslationResultIntoColor(ruleMigration.translation_result)}
-                      onClick={() => {}}
-                      onClickAriaLabel={'Translation status badge'}
                     >
                       {isInstalled
                         ? i18n.INSTALLED_LABEL
@@ -109,19 +107,20 @@ export const TranslationTab: React.FC<TranslationTabProps> = React.memo(
             </EuiSplitPanel.Outer>
           </EuiFlexItem>
         </EuiAccordion>
-        {ruleMigration.translation_result === RuleTranslationResult.FULL && (
-          <>
-            <EuiSpacer size="m" />
-            <EuiCallOut
-              color={'primary'}
-              title={i18n.CALLOUT_TRANSLATED_RULE_INFO_TITLE}
-              iconType={'iInCircle'}
-              size={'s'}
-            >
-              {i18n.CALLOUT_TRANSLATED_RULE_INFO_DESCRIPTION}
-            </EuiCallOut>
-          </>
-        )}
+        {ruleMigration.translation_result === RuleTranslationResult.FULL &&
+          !ruleMigration.elastic_rule?.id && (
+            <>
+              <EuiSpacer size="m" />
+              <EuiCallOut
+                color={'primary'}
+                title={i18n.CALLOUT_TRANSLATED_RULE_INFO_TITLE}
+                iconType={'iInCircle'}
+                size={'s'}
+              >
+                {i18n.CALLOUT_TRANSLATED_RULE_INFO_DESCRIPTION}
+              </EuiCallOut>
+            </>
+          )}
       </>
     );
   }

x-pack/solutions/security/plugins/security_solution/public/siem_migrations/rules/components/rule_details_flyout/tabs/translation/query_details/translated_rule_query.tsx

@@ -45,46 +45,38 @@ export const TranslatedRuleQuery: React.FC<TranslatedRuleQueryProps> = React.mem
     const isInstalled = !!ruleMigration.elastic_rule?.id;
     const canEdit = !matchedPrebuiltRule && !isInstalled;
 
-    const ruleName = useMemo(
-      () => matchedPrebuiltRule?.name ?? ruleMigration.elastic_rule?.title ?? '',
-      [matchedPrebuiltRule?.name, ruleMigration.elastic_rule?.title]
-    );
-
     const translatedData = useMemo(() => {
-      let title = i18n.TRANSLATION_QUERY_TITLE('ES|QL');
+      let ruleName = ruleMigration.elastic_rule?.title ?? '';
+      let title = i18n.CUSTOM_TRANSLATION_TITLE;
       let titleTooltip = i18n.TRANSLATION_QUERY_TOOLTIP;
       let query = ruleMigration.elastic_rule?.query ?? '';
       let language = ruleMigration.elastic_rule?.query_language ?? '';
       let queryPlaceholder = i18n.TRANSLATION_QUERY_PLACEHOLDER;
       if (matchedPrebuiltRule) {
+        ruleName = matchedPrebuiltRule.name;
         if (matchedPrebuiltRule.type === 'machine_learning') {
           title = i18n.MACHINE_LEARNING_RULE_TITLE;
           titleTooltip = i18n.MACHINE_LEARNING_RULE_TOOLTIP;
           queryPlaceholder = i18n.MACHINE_LEARNING_RULE_QUERY_PLACEHOLDER;
         } else {
-          title = i18n.TRANSLATION_QUERY_TITLE(
-            transformQueryLanguage(matchedPrebuiltRule.language)
-          );
+          title = i18n.PREBUILT_RULE_TITLE(transformQueryLanguage(matchedPrebuiltRule.language));
           query = matchedPrebuiltRule.query ?? '';
           language = matchedPrebuiltRule.language;
         }
       }
       return {
+        ruleName,
         title,
         titleTooltip,
         query,
         language,
         queryPlaceholder,
       };
-    }, [
-      matchedPrebuiltRule,
-      ruleMigration.elastic_rule?.query,
-      ruleMigration.elastic_rule?.query_language,
-    ]);
+    }, [matchedPrebuiltRule, ruleMigration.elastic_rule]);
 
     const formDefaultValue: RuleTranslationSchema = useMemo(() => {
       return {
-        ruleName,
+        ruleName: translatedData.ruleName,
         queryBar: {
           query: {
             query: translatedData.query,
@@ -92,7 +84,7 @@ export const TranslatedRuleQuery: React.FC<TranslatedRuleQueryProps> = React.mem
           },
         },
       };
-    }, [ruleName, translatedData.query]);
+    }, [translatedData.query, translatedData.ruleName]);
     const { form } = useFormWithWarnings<RuleTranslationSchema>({
       defaultValue: formDefaultValue,
       options: { stripEmptyFields: false, warningValidationCodes: VALIDATION_WARNING_CODES },
@@ -119,14 +111,14 @@ export const TranslatedRuleQuery: React.FC<TranslatedRuleQueryProps> = React.mem
         <EuiHorizontalRule margin="xs" />
         {isEditing ? (
           <QueryEditor
+            ruleName={translatedData.ruleName}
             query={translatedData.query}
-            ruleName={ruleName}
             onSave={onSave}
             onCancel={onCancel}
           />
         ) : (
           <QueryViewer
-            ruleName={ruleName}
+            ruleName={translatedData.ruleName}
             language={translatedData.language}
             query={translatedData.query}
             queryPlaceholder={translatedData.queryPlaceholder}

x-pack/solutions/security/plugins/security_solution/public/siem_migrations/rules/components/rule_details_flyout/tabs/translation/query_details/translations.ts

@@ -21,15 +21,19 @@ export const SPLUNK_QUERY_TOOLTIP = i18n.translate(
   }
 );
 
-export const TRANSLATION_QUERY_TITLE = (queryLanguage: string) => {
-  return i18n.translate(
-    'xpack.securitySolution.siemMigrations.rules.translationDetails.translationTab.translationQuery.title',
+export const CUSTOM_TRANSLATION_TITLE = i18n.translate(
+  'xpack.securitySolution.siemMigrations.rules.translationDetails.translationTab.customTranslation.title',
+  { defaultMessage: 'ES|QL translation' }
+);
+
+export const PREBUILT_RULE_TITLE = (queryLanguage: string) =>
+  i18n.translate(
+    'xpack.securitySolution.siemMigrations.rules.translationDetails.translationTab.prebuiltRule.title',
     {
-      defaultMessage: '{queryLanguage} query',
+      defaultMessage: 'Mapped to Elastic authored {queryLanguage} rule  ',
       values: { queryLanguage },
     }
   );
-};
 
 export const TRANSLATION_QUERY_PLACEHOLDER = i18n.translate(
   'xpack.securitySolution.siemMigrations.rules.translationDetails.translationTab.translationQuery.queryPlaceholder',
@@ -49,7 +53,7 @@ export const TRANSLATION_QUERY_TOOLTIP = i18n.translate(
 export const MACHINE_LEARNING_RULE_TITLE = i18n.translate(
   'xpack.securitySolution.siemMigrations.rules.translationDetails.translationTab.machineLearningRule.title',
   {
-    defaultMessage: 'Machine learning rule',
+    defaultMessage: 'Mapped to Elastic authored machine learning rule',
   }
 );
 

x-pack/solutions/security/plugins/security_solution/public/siem_migrations/rules/components/rules_table/filters/translations.ts

@@ -24,7 +24,7 @@ export const STATUS_FILTER_ARIAL_LABEL = i18n.translate(
 export const INSTALL_FILTER_OPTION = i18n.translate(
   'xpack.securitySolution.siemMigrations.rules.filters.statusInstallOption',
   {
-    defaultMessage: 'Install',
+    defaultMessage: 'Installed',
   }
 );
 

x-pack/solutions/security/plugins/security_solution/public/siem_migrations/rules/components/rules_table_columns/status.tsx

@@ -28,11 +28,11 @@ export const createStatusColumn = (): TableColumn => {
         tooltipContent={
           <FormattedMessage
             id="xpack.securitySolution.siemMigrations.rules.tableColumn.statusTooltip"
-            defaultMessage="{title}
-            {installed} - already added to Elastic SIEM. Click View to manage and enable it. {lineBreak}
-            {translated} - rule is ready to install. Rules with matching capabilities have been mapped to Elastic Authored rules. If not match was detected, an AI translation was provided. {lineBreak}
-            {partiallyTranslated} - part of the original query could not be translated. Make sure you’ve uploaded all macros and lookups, and resolved all syntax errors. {lineBreak}
-            {notTranslated} - none of the original query could be translated."
+            defaultMessage={`{title}
+            {installed} - already added to Elastic SIEM. Click "View" to manage and enable it.{lineBreak}
+            {translated} - ready to install. This rule was mapped to an Elastic Authored rule if possible, or translated by AI.{lineBreak}
+            {partiallyTranslated} - part of the query could not be translated. Upload any missing macros or lookups and check your syntax.{lineBreak}
+            {notTranslated} - none of the original query could be translated.`}
             values={{
               lineBreak: <br />,
               title: (

x-pack/solutions/security/plugins/security_solution/public/siem_migrations/rules/components/tours/translation_guide/step_config.tsx

@@ -44,7 +44,7 @@ export const tourSteps: {
     content: (
       <FormattedMessage
         id="xpack.securitySolution.siemMigrations.rules.tour.statusStepContent"
-        defaultMessage="{installed} rules have a check mark. Click {view} to access rule details. {translated} rules are ready to {install}, or for your to {edit}. Rules with errors can be {reprocessed}. Learn more about our AI Translations here.
+        defaultMessage="{installed} rules have a check mark. Click {view} to access rule details. {translated} rules are ready to {install}, or for your to {edit}. Rules with errors can be {reprocessed}.
         {lineBreak}{lineBreak}
         Learn more about our {link}"
         values={{