diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_exceptions/components/add_exception_flyout/index.tsx b/x-pack/plugins/security_solution/public/detection_engine/rule_exceptions/components/add_exception_flyout/index.tsx
index ad0876736fce7..f6e3513c59c07 100644
--- a/x-pack/plugins/security_solution/public/detection_engine/rule_exceptions/components/add_exception_flyout/index.tsx
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_exceptions/components/add_exception_flyout/index.tsx
@@ -114,7 +114,6 @@ export const AddExceptionFlyout = memo(function AddExceptionFlyout({
   const { isLoading, indexPatterns } = useFetchIndexPatterns(rules);
   const [isSubmitting, submitNewExceptionItems] = useAddNewExceptionItems();
   const [isClosingAlerts, closeAlerts] = useCloseAlertsFromExceptions();
-
   const allowLargeValueLists = useMemo((): boolean => {
     if (rules != null && rules.length === 1) {
       // We'll only block this when we know what rule we're dealing with.
diff --git a/x-pack/plugins/security_solution/public/detections/components/alerts_table/default_config.tsx b/x-pack/plugins/security_solution/public/detections/components/alerts_table/default_config.tsx
index fcaad7017ca47..13ee471cae37e 100644
--- a/x-pack/plugins/security_solution/public/detections/components/alerts_table/default_config.tsx
+++ b/x-pack/plugins/security_solution/public/detections/components/alerts_table/default_config.tsx
@@ -182,6 +182,7 @@ export const requiredFieldsForActions = [
   'kibana.alert.rule.name',
   'kibana.alert.rule.to',
   'kibana.alert.rule.uuid',
+  'kibana.alert.rule.rule_id',
   'kibana.alert.rule.type',
   'kibana.alert.suppression.docs_count',
   'kibana.alert.original_event.kind',
diff --git a/x-pack/plugins/security_solution/public/detections/components/alerts_table/timeline_actions/alert_context_menu.tsx b/x-pack/plugins/security_solution/public/detections/components/alerts_table/timeline_actions/alert_context_menu.tsx
index 9d8aac03daea3..d19921eb616ea 100644
--- a/x-pack/plugins/security_solution/public/detections/components/alerts_table/timeline_actions/alert_context_menu.tsx
+++ b/x-pack/plugins/security_solution/public/detections/components/alerts_table/timeline_actions/alert_context_menu.tsx
@@ -77,6 +77,7 @@ const AlertContextMenuComponent: React.FC<AlertContextMenuProps & PropsFromRedux
   const getAlertId = () => (ecsRowData?.kibana?.alert ? ecsRowData?._id : null);
   const alertId = getAlertId();
   const ruleId = get(0, ecsRowData?.kibana?.alert?.rule?.uuid);
+  const ruleRuleId = get(0, ecsRowData?.kibana?.alert?.rule?.rule_id);
   const ruleName = get(0, ecsRowData?.kibana?.alert?.rule?.name);
   const isInDetections = [TableId.alertsOnAlertsPage, TableId.alertsOnRuleDetailsPage].includes(
     scopeId as TableId
@@ -262,19 +263,24 @@ const AlertContextMenuComponent: React.FC<AlertContextMenuProps & PropsFromRedux
           </EventsTdContent>
         </div>
       )}
-      {openAddExceptionFlyout && ruleId != null && ruleName != null && ecsRowData?._id != null && (
-        <AddExceptionFlyoutWrapper
-          ruleId={ruleId}
-          ruleIndices={ruleIndex}
-          ruleDataViewId={ruleDataViewId}
-          ruleName={ruleName}
-          exceptionListType={exceptionFlyoutType}
-          eventId={ecsRowData?._id}
-          onCancel={onAddExceptionCancel}
-          onConfirm={onAddExceptionConfirm}
-          alertStatus={alertStatus}
-        />
-      )}
+      {openAddExceptionFlyout &&
+        ruleId &&
+        ruleRuleId &&
+        ruleName != null &&
+        ecsRowData?._id != null && (
+          <AddExceptionFlyoutWrapper
+            ruleId={ruleId}
+            ruleRuleId={ruleRuleId}
+            ruleIndices={ruleIndex}
+            ruleDataViewId={ruleDataViewId}
+            ruleName={ruleName}
+            exceptionListType={exceptionFlyoutType}
+            eventId={ecsRowData?._id}
+            onCancel={onAddExceptionCancel}
+            onConfirm={onAddExceptionConfirm}
+            alertStatus={alertStatus}
+          />
+        )}
       {isAddEventFilterModalOpen && ecsRowData != null && (
         <EventFiltersFlyout data={ecsRowData} onCancel={closeAddEventFilterModal} />
       )}
@@ -319,6 +325,7 @@ type AddExceptionFlyoutWrapperProps = Omit<
 > & {
   eventId?: string;
   ruleId: Rule['id'];
+  ruleRuleId: Rule['rule_id'];
   ruleIndices: Rule['index'];
   ruleDataViewId: Rule['data_view_id'];
   ruleName: Rule['name'];
@@ -332,6 +339,7 @@ type AddExceptionFlyoutWrapperProps = Omit<
  */
 export const AddExceptionFlyoutWrapper: React.FC<AddExceptionFlyoutWrapperProps> = ({
   ruleId,
+  ruleRuleId,
   ruleIndices,
   ruleDataViewId,
   ruleName,
@@ -395,6 +403,7 @@ export const AddExceptionFlyoutWrapper: React.FC<AddExceptionFlyoutWrapperProps>
         {
           ...enrichedAlert['kibana.alert.rule.parameters'],
           id: ruleId,
+          rule_id: ruleRuleId,
           name: ruleName,
           index: memoRuleIndices,
           data_view_id: memoDataViewId,
@@ -405,12 +414,13 @@ export const AddExceptionFlyoutWrapper: React.FC<AddExceptionFlyoutWrapperProps>
     return [
       {
         id: ruleId,
+        rule_id: ruleRuleId,
         name: ruleName,
         index: memoRuleIndices,
         data_view_id: memoDataViewId,
       },
     ] as Rule[];
-  }, [enrichedAlert, memoDataViewId, memoRuleIndices, ruleId, ruleName]);
+  }, [enrichedAlert, memoDataViewId, memoRuleIndices, ruleId, ruleName, ruleRuleId]);
 
   const isLoading =
     (isLoadingAlertData && isSignalIndexLoading) ||
diff --git a/x-pack/plugins/security_solution/public/timelines/components/side_panel/event_details/flyout/footer.tsx b/x-pack/plugins/security_solution/public/timelines/components/side_panel/event_details/flyout/footer.tsx
index 5a7b0c9530213..7029a908c3d82 100644
--- a/x-pack/plugins/security_solution/public/timelines/components/side_panel/event_details/flyout/footer.tsx
+++ b/x-pack/plugins/security_solution/public/timelines/components/side_panel/event_details/flyout/footer.tsx
@@ -44,6 +44,7 @@ interface AddExceptionModalWrapperData {
   alertStatus: Status;
   eventId: string;
   ruleId: string;
+  ruleRuleId: string;
   ruleName: string;
 }
 
@@ -93,6 +94,7 @@ export const FlyoutFooterComponent = React.memo(
       () =>
         [
           { category: 'signal', field: 'signal.rule.id', name: 'ruleId' },
+          { category: 'signal', field: 'signal.rule.rule_id', name: 'ruleRuleId' },
           { category: 'signal', field: 'signal.rule.name', name: 'ruleName' },
           { category: 'signal', field: 'kibana.alert.workflow_status', name: 'alertStatus' },
           { category: '_id', field: '_id', name: 'eventId' },
@@ -173,6 +175,7 @@ export const FlyoutFooterComponent = React.memo(
       */}
         {openAddExceptionFlyout &&
           addExceptionModalWrapperData.ruleId != null &&
+          addExceptionModalWrapperData.ruleRuleId != null &&
           addExceptionModalWrapperData.eventId != null && (
             <AddExceptionFlyoutWrapper
               {...addExceptionModalWrapperData}
diff --git a/x-pack/plugins/timelines/server/search_strategy/timeline/factory/helpers/constants.ts b/x-pack/plugins/timelines/server/search_strategy/timeline/factory/helpers/constants.ts
index 574418ed2758f..09cd43a5dad34 100644
--- a/x-pack/plugins/timelines/server/search_strategy/timeline/factory/helpers/constants.ts
+++ b/x-pack/plugins/timelines/server/search_strategy/timeline/factory/helpers/constants.ts
@@ -51,6 +51,7 @@ export const TIMELINE_EVENTS_FIELDS = [
   'kibana.alert.rule.name',
   'kibana.alert.rule.to',
   'kibana.alert.rule.uuid',
+  'kibana.alert.rule.rule_id',
   'kibana.alert.rule.type',
   'kibana.alert.original_event.kind',
   'kibana.alert.original_event.module',