[Security Solution][Detections] -Fixes rule edit flow bug with max_signals (#92748)

[yctercero]

Summary

Fixes a bug where max_signals was being reverted to it's default value when the rule was edited via the UI.

This PR fixes that and adds tests around the various scenarios.

To test, follow the below steps:

1. cd x-pack/plugins/security_solution/server/lib/detection_engine/scripts
2. ./post_rule.sh ./rules/queries/query_with_max_signals.json (creates a rule with max_signals of 500)
3. Via UI, enable/disable rule

• ./get_rules.sh - check to see that rule continues to have max_signals: 500

4. Via UI, add an action to prepackaged rule

• ./get_rules.sh - check to see that rule continues to have max_signals: 500

5. Via UI, edit rule

• ./get_rules.sh - check to see that rule continues to have max_signals: 500

6. Via UI, add an exception

• ./get_rules.sh - check to see that rule continues to have max_signals: 500

NOTE: The exceptions flow was not previously breaking max_signals but I added it as something to test as it had previously caused some issues on the PATCH.

Checklist

• Unit or functional tests were updated or added to match the most common scenarios

[yctercero]

not being used anywhere.

[elasticmachine]

Pinging @elastic/security-solution (Team: SecuritySolution)

[elasticmachine]

Pinging @elastic/security-detections-response (Team:Detections and Resp)

[spong]

😎

[spong]

Checked out, tested locally and all scenarios worked! Thanks for the fix and test coverage to boot! 🙂 LGTM! 👍

[kibanamachine]

💛 Build succeeded, but was flaky

• continuous-integration/kibana-ci/pull-request

• Commit: 4fecd10

• Storybooks Preview

• Flaky suites:

  • xpack-securitySolutionCypressChrome

---

Test Failures

Kibana Pipeline / general / "before all" hook for "should contain notes".Timeline notes tab "before all" hook for "should contain notes"

Link to Jenkins

Stack Trace

Failed Tests Reporter:
  - Test has not failed recently on tracked branches

AssertionError: Timed out retrying after 60000ms: Expected to find element: `[data-test-subj="title-999e5df0-7aee-11eb-9ab8-09b681cd86fc"]`, but never found it.

Because this error occurred during a `before all` hook we are skipping the remaining tests in the current suite: `Timeline notes tab`

Although you have test retries enabled, we do not retry tests when `before all` or `after all` hooks fail
    at Object.openTimelineById (http://localhost:6121/__cypress/tests?p=cypress/integration/timelines/notes_tab.spec.ts:16007:15)
    at Context.eval (http://localhost:6121/__cypress/tests?p=cypress/integration/timelines/notes_tab.spec.ts:15041:24)

---

Kibana Pipeline / general / "after all" hook for "should contain notes".Timeline notes tab "after all" hook for "should contain notes"

Link to Jenkins

Stack Trace

Failed Tests Reporter:
  - Test has not failed recently on tracked branches

CypressError: `cy.filter()` failed because it requires a DOM element.

The subject received was:

  > `undefined`

The previous command that ran was:

  > `cy.get()`

All 2 subject validations failed on this subject.

Because this error occurred during a `after all` hook we are skipping the remaining tests in the current suite: `Timeline notes tab`

Although you have test retries enabled, we do not retry tests when `before all` or `after all` hooks fail
    at ensureElement (http://elastic:changeme@localhost:6121/__cypress/runner/cypress_runner.js:161322:24)
    at validateType (http://elastic:changeme@localhost:6121/__cypress/runner/cypress_runner.js:161159:16)
    at Object.ensureSubjectByType (http://elastic:changeme@localhost:6121/__cypress/runner/cypress_runner.js:161195:9)
    at pushSubjectAndValidate (http://elastic:changeme@localhost:6121/__cypress/runner/cypress_runner.js:169888:15)
    at Context.<anonymous> (http://elastic:changeme@localhost:6121/__cypress/runner/cypress_runner.js:170225:18)
From Your Spec Code:
    at Object.closeTimeline (http://localhost:6121/__cypress/tests?p=cypress/integration/timelines/notes_tab.spec.ts:15959:43)
    at Context.eval (http://localhost:6121/__cypress/tests?p=cypress/integration/timelines/notes_tab.spec.ts:15051:20)

---

Kibana Pipeline / general / "before all" hook for "should contain the right query".Timeline query tab Query tab "before all" hook for "should contain the right query"

Link to Jenkins

Stack Trace

Failed Tests Reporter:
  - Test has not failed recently on tracked branches

AssertionError: Timed out retrying after 60000ms: Expected to find element: `[data-test-subj="title-e1699410-7aee-11eb-9ab8-09b681cd86fc"]`, but never found it.

Because this error occurred during a `before all` hook we are skipping the remaining tests in the current suite: `Timeline query tab`

Although you have test retries enabled, we do not retry tests when `before all` or `after all` hooks fail
    at Object.openTimelineById (http://localhost:6121/__cypress/tests?p=cypress/integration/timelines/query_tab.spec.ts:16058:15)
    at Context.eval (http://localhost:6121/__cypress/tests?p=cypress/integration/timelines/query_tab.spec.ts:15045:28)

---

Metrics [docs]

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id	before	after	diff
securitySolution	7.8MB	7.8MB	+48.0B
triggersActionsUi	1.6MB	1.5MB	-23.9KB
total			-23.9KB

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id	before	after	diff
triggersActionsUi	104.0KB	104.1KB	+82.0B

Unknown metric groups

async chunk count

id	before	after	diff
triggersActionsUi	41	42	+1

History

• 💔 Build #110016 failed 0cce882
• 💔 Build #109289 failed f9bb686

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @yctercero

[kibanamachine]

💔 Backport failed

❌ 7.11: Commit could not be cherrypicked due to conflicts
✅ 7.12 / #93157
✅ 7.x / #93158

Successful backport PRs will be merged automatically after passing CI.

To backport manually, check out the target branch and run:
node scripts/backport --pr 92748