elastic · nikitaindik · Aug 6, 2025 · Aug 5, 2025 · Aug 6, 2025 · Aug 6, 2025
@@ -30,6 +30,7 @@ export enum RULE_PREVIEW_FROM {
 
 export const PREBUILT_RULES_PACKAGE_NAME = 'security_detection_engine';
 export const ENDPOINT_PACKAGE_NAME = 'endpoint';
+export const SECURITY_AI_PROMPTS_PACKAGE_NAME = 'security_ai_prompts';
 
 /**
  * Rule signature id (`rule.rule_id`) of the prebuilt "Endpoint Security" rule.

@@ -5,6 +5,7 @@
  * 2.0.
  */
 
+import type { Logger } from '@kbn/core/server';
 import { transformError } from '@kbn/securitysolution-es-utils';
 import { SO_SEARCH_LIMIT } from '@kbn/fleet-plugin/common/constants';
 import { PREBUILT_RULES_PACKAGE_NAME } from '../../../../../../common/detection_engine/constants';
@@ -15,11 +16,13 @@ import { GET_ALL_INTEGRATIONS_URL } from '../../../../../../common/api/detection
 import { extractIntegrations } from './extract_integrations';
 import { sortPackagesBySecurityCategory } from './sort_packages_by_security_category';
 import { sortIntegrationsByStatus } from './sort_integrations_by_status';
+import { getFleetPackages } from '../../logic/get_fleet_packages';
+import { getFleetPackagePolicies } from '../../logic/get_package_policies';
 
 /**
  * Returns an array of Fleet integrations and their packages
  */
-export const getAllIntegrationsRoute = (router: SecuritySolutionPluginRouter) => {
+export const getAllIntegrationsRoute = (router: SecuritySolutionPluginRouter, logger: Logger) => {
   router.versioned
     .get({
       access: 'internal',
@@ -43,8 +46,8 @@ export const getAllIntegrationsRoute = (router: SecuritySolutionPluginRouter) =>
           const fleet = ctx.securitySolution.getInternalFleetServices();
 
           const [packages, packagePolicies] = await Promise.all([
-            fleet.packages.getPackages(),
-            fleet.packagePolicy.list(fleet.savedObjects.createInternalScopedSoClient(), {
+            getFleetPackages(fleet, logger),
+            getFleetPackagePolicies(fleet, logger, {
               perPage: SO_SEARCH_LIMIT,
             }),
           ]);

@@ -5,18 +5,24 @@
  * 2.0.
  */
 
+import type { Logger } from '@kbn/core/server';
 import { transformError } from '@kbn/securitysolution-es-utils';
 import { buildSiemResponse } from '../../../routes/utils';
 import type { SecuritySolutionPluginRouter } from '../../../../../types';
 
 import type { GetInstalledIntegrationsResponse } from '../../../../../../common/api/detection_engine/fleet_integrations';
 import { GET_INSTALLED_INTEGRATIONS_URL } from '../../../../../../common/api/detection_engine/fleet_integrations';
 import { createInstalledIntegrationSet } from './installed_integration_set';
+import { getFleetPackages } from '../../logic/get_fleet_packages';
+import { getFleetPackagePolicies } from '../../logic/get_package_policies';
 
 /**
  * Returns an array of installed Fleet integrations and their packages.
  */
-export const getInstalledIntegrationsRoute = (router: SecuritySolutionPluginRouter) => {
+export const getInstalledIntegrationsRoute = (
+  router: SecuritySolutionPluginRouter,
+  logger: Logger
+) => {
   router.versioned
     .get({
       access: 'internal',
@@ -42,15 +48,12 @@ export const getInstalledIntegrationsRoute = (router: SecuritySolutionPluginRout
 
           // Pulls all packages into memory just like the main fleet landing page
           // No pagination support currently, so cannot batch this call
-          const allThePackages = await fleet.packages.getPackages();
+          const allThePackages = await getFleetPackages(fleet, logger);
           allThePackages.forEach((fleetPackage) => {
             set.addPackage(fleetPackage);
           });
 
-          const packagePolicies = await fleet.packagePolicy.list(
-            fleet.savedObjects.createInternalScopedSoClient(),
-            {}
-          );
+          const packagePolicies = await getFleetPackagePolicies(fleet, logger);
           packagePolicies.items.forEach((policy) => {
             set.addPackagePolicy(policy);
           });

@@ -5,11 +5,15 @@
  * 2.0.
  */
 
+import type { Logger } from '@kbn/core/server';
 import type { SecuritySolutionPluginRouter } from '../../../../types';
 import { getAllIntegrationsRoute } from './get_all_integrations/route';
 import { getInstalledIntegrationsRoute } from './get_installed_integrations/route';
 
-export const registerFleetIntegrationsRoutes = (router: SecuritySolutionPluginRouter) => {
-  getAllIntegrationsRoute(router);
-  getInstalledIntegrationsRoute(router);
+export const registerFleetIntegrationsRoutes = (
+  router: SecuritySolutionPluginRouter,
+  logger: Logger
+) => {
+  getAllIntegrationsRoute(router, logger);
+  getInstalledIntegrationsRoute(router, logger);
 };
@@ -0,0 +1,24 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { Logger } from '@kbn/core/server';
+import type { EndpointInternalFleetServicesInterface } from '../../../../endpoint/services/fleet';
+
+export async function getFleetPackages(
+  fleet: EndpointInternalFleetServicesInterface,
+  logger: Logger
+) {
+  try {
+    logger.debug('getFleetPackages: Fetching Fleet packages');
+    const packages = await fleet.packages.getPackages();
+    logger.debug(`getFleetPackages: Fetched Fleet packages: ${packages.length} items`);
+    return packages;
+  } catch (error) {
+    logger.error(`getFleetPackages: Error fetching Fleet packages`, error);
+    throw error;
+  }
+}
@@ -0,0 +1,29 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { Logger } from '@kbn/core/server';
+import type { ListWithKuery } from '@kbn/fleet-plugin/common';
+import type { EndpointInternalFleetServicesInterface } from '../../../../endpoint/services/fleet';
+
+export async function getFleetPackagePolicies(
+  fleet: EndpointInternalFleetServicesInterface,
+  logger: Logger,
+  options: ListWithKuery & { spaceId?: string } = {}
+) {
+  try {
+    logger.debug('getFleetPackagePolicies: Fetching Fleet package policies');
+    const soClient = fleet.savedObjects.createInternalScopedSoClient();
+    const packagePolicies = await fleet.packagePolicy.list(soClient, options);
+    logger.debug(
+      `getFleetPackagePolicies: Fetched Fleet package policies: ${packagePolicies.total} items`
+    );
+    return packagePolicies;
+  } catch (error) {
+    logger.error(`getFleetPackagePolicies: Error fetching Fleet package policies`, error);
+    throw error;
+  }
+}
@@ -44,7 +44,7 @@ describe('bootstrap_prebuilt_rules_route', () => {
     server = serverMock.create();
     ({ clients, context } = requestContextMock.createTools());
 
-    bootstrapPrebuiltRulesRoute(server.router);
+    bootstrapPrebuiltRulesRoute(server.router, clients.logger);
   });
 
   it('returns information about installed packages', async () => {

@@ -5,13 +5,17 @@
  * 2.0.
  */
 
+import type { Logger } from '@kbn/core/server';
 import { BOOTSTRAP_PREBUILT_RULES_URL } from '../../../../../../common/api/detection_engine/prebuilt_rules';
 import type { SecuritySolutionPluginRouter } from '../../../../../types';
 import { PREBUILT_RULES_OPERATION_SOCKET_TIMEOUT_MS } from '../../constants';
 import { bootstrapPrebuiltRulesHandler } from './bootstrap_prebuilt_rules_handler';
 import { throttleRequests } from '../../../../../utils/throttle_requests';
 
-export const bootstrapPrebuiltRulesRoute = (router: SecuritySolutionPluginRouter) => {
+export const bootstrapPrebuiltRulesRoute = (
+  router: SecuritySolutionPluginRouter,
+  logger: Logger
+) => {
   router.versioned
     .post({
       access: 'internal',
@@ -32,6 +36,8 @@ export const bootstrapPrebuiltRulesRoute = (router: SecuritySolutionPluginRouter
         version: '1',
         validate: {},
       },
-      throttleRequests(bootstrapPrebuiltRulesHandler)
+      throttleRequests((context, request, response) => {
+        return bootstrapPrebuiltRulesHandler(context, request, response, logger);
+      })
     );
 };
@@ -5,30 +5,33 @@
  * 2.0.
  */
 
-import type { IKibanaResponse, KibanaRequest, KibanaResponseFactory } from '@kbn/core/server';
+import type {
+  Logger,
+  IKibanaResponse,
+  KibanaRequest,
+  KibanaResponseFactory,
+} from '@kbn/core/server';
 import { transformError } from '@kbn/securitysolution-es-utils';
 import type { BootstrapPrebuiltRulesResponse } from '../../../../../../common/api/detection_engine/prebuilt_rules/bootstrap_prebuilt_rules/bootstrap_prebuilt_rules.gen';
 import type { SecuritySolutionRequestHandlerContext } from '../../../../../types';
 import { buildSiemResponse } from '../../../routes/utils';
-import {
-  installEndpointPackage,
-  installPrebuiltRulesPackage,
-} from '../install_prebuilt_rules_and_timelines/install_prebuilt_rules_package';
+import { installPrebuiltRulesPackage } from '../../logic/integrations/install_prebuilt_rules_package';
+import { installEndpointPackage } from '../../logic/integrations/install_endpoint_package';
 
 export const bootstrapPrebuiltRulesHandler = async (
   context: SecuritySolutionRequestHandlerContext,
   _: KibanaRequest,
-  response: KibanaResponseFactory
+  response: KibanaResponseFactory,
+  logger: Logger
 ): Promise<IKibanaResponse<BootstrapPrebuiltRulesResponse>> => {
   const siemResponse = buildSiemResponse(response);
 
   try {
     const ctx = await context.resolve(['securitySolution']);
     const securityContext = ctx.securitySolution;
-    const config = securityContext.getConfig();
 
-    const prebuiltRulesResult = await installPrebuiltRulesPackage(config, securityContext);
-    const endpointResult = await installEndpointPackage(config, securityContext);
+    const prebuiltRulesResult = await installPrebuiltRulesPackage(securityContext, logger);
+    const endpointResult = await installEndpointPackage(securityContext, logger);
 
     const responseBody: BootstrapPrebuiltRulesResponse = {
       packages: [

@@ -13,16 +13,16 @@ import {
   getBasicEmptySearchResponse,
 } from '../../../routes/__mocks__/request_responses';
 import { requestContextMock, serverMock } from '../../../routes/__mocks__';
-import {
-  installPrebuiltRulesAndTimelinesRoute,
-  createPrepackagedRules,
-} from './install_prebuilt_rules_and_timelines_route';
+import { installPrebuiltRulesAndTimelinesRoute } from './install_prebuilt_rules_and_timelines_route';
 import { listMock } from '@kbn/lists-plugin/server/mocks';
 import type { ExceptionListClient } from '@kbn/lists-plugin/server';
 import { installPrepackagedTimelines } from '../../../../timeline/routes/prepackaged_timelines/install_prepackaged_timelines';
 import { elasticsearchClientMock } from '@kbn/core-elasticsearch-client-server-mocks';
 import { getQueryRuleParams } from '../../../rule_schema/mocks';
 
+// eslint-disable-next-line no-restricted-imports
+import { legacyCreatePrepackagedRules } from './legacy_create_prepackaged_rules';
+
 jest.mock('../../logic/rule_assets/prebuilt_rule_assets_client', () => {
   return {
     createPrebuiltRuleAssetsClient: () => {
@@ -100,7 +100,7 @@ describe('add_prepackaged_rules_route', () => {
     context.core.elasticsearch.client.asCurrentUser.search.mockResolvedValue(
       elasticsearchClientMock.createSuccessTransportRequestPromise(getBasicEmptySearchResponse())
     );
-    installPrebuiltRulesAndTimelinesRoute(server.router);
+    installPrebuiltRulesAndTimelinesRoute(server.router, clients.logger);
   });
 
   describe('status codes', () => {
@@ -235,9 +235,10 @@ describe('add_prepackaged_rules_route', () => {
 
   describe('createPrepackagedRules', () => {
     test('uses exception lists client from context when available', async () => {
-      await createPrepackagedRules(
+      await legacyCreatePrepackagedRules(
         context.securitySolution,
         clients.rulesClient,
+        clients.logger,
         mockExceptionsClient
       );
 
@@ -248,9 +249,10 @@ describe('add_prepackaged_rules_route', () => {
     test('uses passed in exceptions list client when lists client not available in context', async () => {
       context.securitySolution.getExceptionListClient.mockImplementation(() => null);
 
-      await createPrepackagedRules(
+      await legacyCreatePrepackagedRules(
         context.securitySolution,
         clients.rulesClient,
+        clients.logger,
         mockExceptionsClient
       );