[ResponseOps] Allow bulk snoozing of Security Rules (#169180)

Fixes: #169131

## Summary

Bulk snoozing of SIEM (Security Rules) was previously silently skipped
in the Rules Client when bulk editing rules to snooze scheduling a rule.

Since then, the snoozing functionality was introduced in the Security
Solution, but the check that silently skipped this update was never
removed in the Rules Client side.

The issue was only noticeable when bulk editing Rules to add snoozing in
the **Alerts and Insights > Rules** page, since Security Solution
doesn't allow bulk snoozing (as of yet) and all other areas of the UI do
not use bulk but single snoozing.

Removing the check to skip SIEM rules sufficed to fix the issue.

### For maintainers

- [ ] This was checked for breaking API changes and was [labeled
appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)

x-pack/plugins/alerting/server/application/rule/methods/bulk_edit/bulk_edit_rules.test.ts

@@ -1458,40 +1458,6 @@ describe('bulkEdit()', () => {
         'Error updating rule: could not add snooze - Rule cannot have more than 5 snooze schedules'
       );
     });
-
-    test('should ignore siem rules when bulk editing snooze', async () => {
-      mockCreatePointInTimeFinderAsInternalUser({
-        saved_objects: [
-          {
-            ...existingDecryptedRule,
-            // eslint-disable-next-line @typescript-eslint/no-explicit-any
-            attributes: { ...existingDecryptedRule.attributes, consumer: 'siem' } as any,
-          },
-        ],
-      });
-
-      unsecuredSavedObjectsClient.bulkCreate.mockResolvedValue(getMockAttribute());
-
-      const snoozePayload = getSnoozeSchedule();
-
-      await rulesClient.bulkEdit({
-        filter: '',
-        operations: [
-          {
-            operation: 'set',
-            field: 'snoozeSchedule',
-            value: snoozePayload,
-          },
-        ],
-      });
-
-      expect(unsecuredSavedObjectsClient.bulkCreate).toHaveBeenCalledTimes(1);
-      expect(
-        // eslint-disable-next-line @typescript-eslint/no-explicit-any
-        (unsecuredSavedObjectsClient.bulkCreate.mock.calls[0][0][0].attributes as any)
-          .snoozeSchedule
-      ).toEqual([]);
-    });
   });
 
   describe('apiKey operations', () => {

x-pack/plugins/alerting/server/application/rule/methods/bulk_edit/bulk_edit_rules.ts

@@ -8,7 +8,6 @@
 import pMap from 'p-map';
 import Boom from '@hapi/boom';
 import { cloneDeep } from 'lodash';
-import { AlertConsumers } from '@kbn/rule-data-utils';
 import { KueryNode, nodeBuilder } from '@kbn/es-query';
 import {
   SavedObjectsBulkUpdateObject,
@@ -670,15 +669,6 @@ async function getUpdatedAttributesFromOperations<Params extends RuleParams>({
         break;
       }
       case 'snoozeSchedule': {
-        // Silently skip adding snooze or snooze schedules on security
-        // rules until we implement snoozing of their rules
-        if (updatedRule.consumer === AlertConsumers.SIEM) {
-          // While the rule is technically not updated, we are still marking
-          // the rule as updated in case of snoozing, until support
-          // for snoozing is added.
-          isAttributesUpdateSkipped = false;
-          break;
-        }
         if (operation.operation === 'set') {
           const snoozeAttributes = getBulkSnooze<Params>(
             updatedRule,

x-pack/plugins/triggers_actions_ui/public/application/sections/rules_list/components/rules_list_table.tsx

@@ -8,7 +8,6 @@ import React, { useCallback, useMemo, useState } from 'react';
 import moment from 'moment';
 import numeral from '@elastic/numeral';
 import { i18n } from '@kbn/i18n';
-import { AlertConsumers } from '@kbn/rule-data-utils';
 import { useUiSetting$ } from '@kbn/kibana-react-plugin/public';
 import {
   EuiBasicTable,
@@ -482,7 +481,7 @@ export const RulesListTable = (props: RulesListTableProps) => {
         width: '14%',
         'data-test-subj': 'rulesTableCell-rulesListNotify',
         render: (rule: RuleTableItem) => {
-          if (rule.consumer === AlertConsumers.SIEM || !rule.enabled) {
+          if (!rule.enabled) {
             return null;
           }
           return (

x-pack/test/alerting_api_integration/spaces_only/tests/alerting/group4/bulk_edit.ts

@@ -422,45 +422,6 @@ export default function createUpdateTests({ getService }: FtrProviderContext) {
       });
     });
 
-    it('should ignore bulk snooze and snooze schedule rule for SIEM rules', async () => {
-      const { body: createdRule } = await supertest
-        .post(`${getUrlPrefix(Spaces.space1.id)}/api/alerting/rule`)
-        .set('kbn-xsrf', 'foo')
-        .send(getTestRuleData({ enabled: false, consumer: 'siem' }));
-
-      objectRemover.add(Spaces.space1.id, createdRule.id, 'rule', 'alerting');
-
-      const payload = {
-        ids: [createdRule.id],
-        operations: [
-          {
-            operation: 'set',
-            field: 'snoozeSchedule',
-            value: getSnoozeSchedule(),
-          },
-        ],
-      };
-
-      const bulkSnoozeResponse = await supertest
-        .post(`${getUrlPrefix(Spaces.space1.id)}/internal/alerting/rules/_bulk_edit`)
-        .set('kbn-xsrf', 'foo')
-        .send(payload);
-
-      expect(bulkSnoozeResponse.body.errors).to.have.length(0);
-      expect(bulkSnoozeResponse.body.rules).to.have.length(1);
-      expect(bulkSnoozeResponse.body.rules[0].snooze_schedule).empty();
-      // Ensure revision is NOT updated
-      expect(bulkSnoozeResponse.body.rules[0].revision).to.eql(0);
-
-      // Ensure AAD isn't broken
-      await checkAAD({
-        supertest,
-        spaceId: Spaces.space1.id,
-        type: 'alert',
-        id: createdRule.id,
-      });
-    });
-
     it('should not bulk update API key with apiKey operation', async () => {
       const { body: createdRule } = await supertest
         .post(`${getUrlPrefix(Spaces.space1.id)}/api/alerting/rule`)