Summary

Threshold rules were broken after merging #112113 because the UI was referencing the signal.* fields, whereas new alerts are generated using the AAD schema. Additionally, threshold alerts were being generated incorrectly, placing threshold.result at the top level of the document instead of under kibana.alert.threshold_result where it belongs.

This PR:

• Adjusts post-migration Threshold Rules to generate correct documents (using kibana.alert.threshold_result)
• Reenables Threshold Rule tests
• Removes unused code (nonEcsData, getFilterAndRuleBounds)
• Changes threshold field references in UI to use new AAD fields and fall back to legacy signal.* fields

Checklist

Delete any items that are not applicable to this PR.

• Any text added follows EUI's writing guidelines, uses sentence case text and includes i18n support
• Documentation was added for features that require explanation or tutorials
• Unit or functional tests were updated or added to match the most common scenarios
• Any UI touched in this PR is usable by keyboard only (learn more about keyboard accessibility)
• Any UI touched in this PR does not create any new axe failures (run axe in browser: FF, Chrome)
• If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the docker list
• This renders correctly on smaller devices using a responsive layout. (You can test this in your browser)
• This was checked for cross-browser compatibility

Risk Matrix

Delete this section if it is not applicable to this PR.

Before closing this PR, invite QA, stakeholders, and other developers to identify risks that should be tested prior to the change/feature release.

When forming the risk matrix, consider some of the following examples and how they may potentially impact the change:

For maintainers

• This was checked for breaking API changes and was labeled appropriately