[9.2] [Security Solution][Detection Engine] Fix threshold rule logic with no group by fields defined (#241022)

[kibanamachine]

Backport

This will backport the following commits from main to 9.2:

• [Security Solution][Detection Engine] Fix threshold rule logic with no group by fields defined (#241022)

Questions ?

Please refer to the Backport tool documentation

[elasticmachine]

💛 Build succeeded, but was flaky

• Buildkite Build
• Commit: a306e61

Failed CI Steps

• Jest Integration Tests #5
• x-pack/platform/test/alerting_api_integration/spaces_only/tests/alerting/group1/config.ts

Test Failures

• [job] [logs] x-pack/platform/test/alerting_api_integration/spaces_only/tests/alerting/group1/config.ts / Alerting getActionErrorLog get and filter action error logs for rules with multiple action errors
• [job] [logs] Jest Integration Tests #5 / SavedObjects Internal Client Integration Basic Operations creates objects with internal privileges
• [job] [logs] Jest Integration Tests #5 / SavedObjects Internal Client Integration Basic Operations deletes objects with internal access
• [job] [logs] Jest Integration Tests #5 / SavedObjects Internal Client Integration Basic Operations finds objects without security filtering
• [job] [logs] Jest Integration Tests #5 / SavedObjects Internal Client Integration Basic Operations performs CRUD operations without user authentication
• [job] [logs] Jest Integration Tests #5 / SavedObjects Internal Client Integration Basic Operations updates objects without user context
• [job] [logs] Jest Integration Tests #5 / SavedObjects Internal Client Integration Error Handling and Edge Cases handles invalid parameters gracefully
• [job] [logs] Jest Integration Tests #5 / SavedObjects Internal Client Integration Error Handling and Edge Cases handles non-existent objects gracefully
• [job] [logs] Jest Integration Tests #5 / SavedObjects Internal Client Integration Error Handling and Edge Cases maintains consistency across operations
• [job] [logs] Jest Integration Tests #5 / SavedObjects Internal Client Integration Extension Functionality excludes security extension automatically
• [job] [logs] Jest Integration Tests #5 / SavedObjects Internal Client Integration Extension Functionality handles extension factories gracefully when undefined
• [job] [logs] Jest Integration Tests #5 / SavedObjects Internal Client Integration Extension Functionality respects custom extension exclusions
• [job] [logs] Jest Integration Tests #5 / SavedObjects Internal Client Integration Hidden Types Access accesses hidden types when includedHiddenTypes specified
• [job] [logs] Jest Integration Tests #5 / SavedObjects Internal Client Integration Hidden Types Access cannot access hidden types when not specified
• [job] [logs] Jest Integration Tests #5 / SavedObjects Internal Client Integration Hidden Types Access works with multiple hidden types
• [job] [logs] Jest Integration Tests #5 / SavedObjects Internal Client Integration Security Validation accesses restricted objects internally
• [job] [logs] Jest Integration Tests #5 / SavedObjects Internal Client Integration Security Validation bypasses user-based security filtering
• [job] [logs] Jest Integration Tests #5 / SavedObjects Internal Client Integration Security Validation operates with system-level privileges

Metrics [docs]

✅ unchanged

cc @marshallmain