From 065ec29611a0e20b536dcd1c57757e6ee4a79a5a Mon Sep 17 00:00:00 2001
From: Maxim Palenov <maxim.palenov@elastic.co>
Date: Wed, 1 Feb 2023 19:56:32 +0100
Subject: [PATCH] avoid exporting execution_summary rules field

---
 .../logic/export/get_export_by_object_ids.ts               | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/export/get_export_by_object_ids.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/export/get_export_by_object_ids.ts
index 60a7ec4c8185c..e15ab98e0d0ca 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/export/get_export_by_object_ids.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/export/get_export_by_object_ids.ts
@@ -118,9 +118,14 @@ export const getRulesFromObjects = async (
       isAlertType(matchingRule) &&
       matchingRule.params.immutable !== true
     ) {
+      const rule = internalRuleToAPIResponse(matchingRule, legacyActions[matchingRule.id]);
+
+      // Fields containing runtime information shouldn't be exported. It causes import failures.
+      delete rule.execution_summary;
+
       return {
         statusCode: 200,
-        rule: internalRuleToAPIResponse(matchingRule, legacyActions[matchingRule.id]),
+        rule,
       };
     } else {
       return {