[Security Solution][Detections] Adds Bulk edit API (#120472)

[Security Solution][Detections] Adds Bulk edit API (#120472)

x-pack/plugins/security_solution/common/constants.ts

@@ -375,3 +375,30 @@ export const WARNING_TRANSFORM_STATES = new Set([
   TRANSFORM_STATES.STOPPED,
   TRANSFORM_STATES.STOPPING,
 ]);
+
+/**
+ * How many rules to update at a time is set to 50 from errors coming from
+ * the slow environments such as cloud when the rule updates are > 100 we were
+ * seeing timeout issues.
+ *
+ * Since there is not timeout options at the alerting API level right now, we are
+ * at the mercy of the Elasticsearch server client/server default timeouts and what
+ * we are doing could be considered a workaround to not being able to increase the timeouts.
+ *
+ * However, other bad effects and saturation of connections beyond 50 makes this a "noisy neighbor"
+ * if we don't limit its number of connections as we increase the number of rules that can be
+ * installed at a time.
+ *
+ * Lastly, we saw weird issues where Chrome on upstream 408 timeouts will re-call the REST route
+ * which in turn could create additional connections we want to avoid.
+ *
+ * See file import_rules_route.ts for another area where 50 was chosen, therefore I chose
+ * 50 here to mimic it as well. If you see this re-opened or what similar to it, consider
+ * reducing the 50 above to a lower number.
+ *
+ * See the original ticket here:
+ * https://github.com/elastic/kibana/issues/94418
+ */
+export const MAX_RULES_TO_UPDATE_IN_PARALLEL = 50;
+
+export const LIMITED_CONCURRENCY_ROUTE_TAG_PREFIX = `${APP_ID}:limitedConcurrency`;

x-pack/plugins/security_solution/common/detection_engine/schemas/common/schemas.ts

@@ -453,6 +453,53 @@ export enum BulkAction {
   'export' = 'export',
   'delete' = 'delete',
   'duplicate' = 'duplicate',
+  'edit' = 'edit',
 }
 
 export const bulkAction = enumeration('BulkAction', BulkAction);
+
+export enum BulkActionEditType {
+  'add_tags' = 'add_tags',
+  'delete_tags' = 'delete_tags',
+  'set_tags' = 'set_tags',
+  'add_index_patterns' = 'add_index_patterns',
+  'delete_index_patterns' = 'delete_index_patterns',
+  'set_index_patterns' = 'set_index_patterns',
+  'set_timeline' = 'set_timeline',
+}
+
+export const bulkActionEditType = enumeration('BulkActionEditType', BulkActionEditType);
+
+const bulkActionEditPayloadTags = t.type({
+  type: t.union([
+    t.literal(BulkActionEditType.add_tags),
+    t.literal(BulkActionEditType.delete_tags),
+    t.literal(BulkActionEditType.set_tags),
+  ]),
+  value: tags,
+});
+
+const bulkActionEditPayloadIndexPatterns = t.type({
+  type: t.union([
+    t.literal(BulkActionEditType.add_index_patterns),
+    t.literal(BulkActionEditType.delete_index_patterns),
+    t.literal(BulkActionEditType.set_index_patterns),
+  ]),
+  value: index,
+});
+
+const bulkActionEditPayloadTimeline = t.type({
+  type: t.literal(BulkActionEditType.set_timeline),
+  value: t.type({
+    timeline_id,
+    timeline_title,
+  }),
+});
+
+export const bulkActionEditPayload = t.union([
+  bulkActionEditPayloadTags,
+  bulkActionEditPayloadIndexPatterns,
+  bulkActionEditPayloadTimeline,
+]);
+
+export type BulkActionEditPayload = t.TypeOf<typeof bulkActionEditPayload>;

x-pack/plugins/security_solution/common/detection_engine/schemas/request/perform_bulk_action_schema.mock.ts

@@ -5,10 +5,16 @@
  * 2.0.
  */
 
-import { BulkAction } from '../common/schemas';
+import { BulkAction, BulkActionEditType } from '../common/schemas';
 import { PerformBulkActionSchema } from './perform_bulk_action_schema';
 
 export const getPerformBulkActionSchemaMock = (): PerformBulkActionSchema => ({
   query: '',
   action: BulkAction.disable,
 });
+
+export const getPerformBulkActionEditSchemaMock = (): PerformBulkActionSchema => ({
+  query: '',
+  action: BulkAction.edit,
+  [BulkAction.edit]: [{ type: BulkActionEditType.add_tags, value: ['tag1'] }],
+});