diff --git a/.buildkite/ftr_platform_stateful_configs.yml b/.buildkite/ftr_platform_stateful_configs.yml
index b015b1c96c73a..3db1d194e59aa 100644
--- a/.buildkite/ftr_platform_stateful_configs.yml
+++ b/.buildkite/ftr_platform_stateful_configs.yml
@@ -183,6 +183,7 @@ enabled:
   - x-pack/test/fleet_api_integration/config.agent.ts
   - x-pack/test/fleet_api_integration/config.agent_policy.ts
   - x-pack/test/fleet_api_integration/config.epm.ts
+  - x-pack/test/fleet_api_integration/config.event_ingested.ts
   - x-pack/test/fleet_api_integration/config.fleet.ts
   - x-pack/test/fleet_api_integration/config.package_policy.ts
   - x-pack/test/fleet_api_integration/config.space_awareness.ts
diff --git a/.buildkite/package-lock.json b/.buildkite/package-lock.json
index 8d10b3c2b7bc1..92231d27ea50f 100644
--- a/.buildkite/package-lock.json
+++ b/.buildkite/package-lock.json
@@ -1515,9 +1515,9 @@
       }
     },
     "node_modules/tslib": {
-      "version": "2.4.0",
-      "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.4.0.tgz",
-      "integrity": "sha512-d6xOpEDfsi2CZVlPQzGeux8XMwLT9hssAsaPYExaQMuYskwb+x1x7J371tWlbBdWHroy99KnVB6qIkUbs5X3UQ=="
+      "version": "2.8.0",
+      "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.8.0.tgz",
+      "integrity": "sha512-jWVzBLplnCmoaTr13V9dYbiQ99wvZRd0vNWaDRg+aVYRcjDF3nDksxFDE/+fkXnKhpnUUkmx5pK/v8mCtLVqZA=="
     },
     "node_modules/type-detect": {
       "version": "4.0.8",
@@ -2742,9 +2742,9 @@
       }
     },
     "tslib": {
-      "version": "2.4.0",
-      "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.4.0.tgz",
-      "integrity": "sha512-d6xOpEDfsi2CZVlPQzGeux8XMwLT9hssAsaPYExaQMuYskwb+x1x7J371tWlbBdWHroy99KnVB6qIkUbs5X3UQ=="
+      "version": "2.8.0",
+      "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.8.0.tgz",
+      "integrity": "sha512-jWVzBLplnCmoaTr13V9dYbiQ99wvZRd0vNWaDRg+aVYRcjDF3nDksxFDE/+fkXnKhpnUUkmx5pK/v8mCtLVqZA=="
     },
     "type-detect": {
       "version": "4.0.8",
diff --git a/.buildkite/pipelines/on_merge.yml b/.buildkite/pipelines/on_merge.yml
index e5d28465b2dc3..87bb71c312688 100644
--- a/.buildkite/pipelines/on_merge.yml
+++ b/.buildkite/pipelines/on_merge.yml
@@ -493,6 +493,21 @@ steps:
         - exit_status: '-1'
           limit: 3
 
+  - command: .buildkite/scripts/steps/openapi_publishing/publish_oas_docs.sh
+    label: 'Publish OAS docs to bump.sh'
+    agents:
+      image: family/kibana-ubuntu-2004
+      imageProject: elastic-images-prod
+      provider: gcp
+      machineType: n2-standard-2
+      preemptible: true
+    timeout_in_minutes: 60
+    continue_on_failure: true
+    retry:
+      automatic:
+        - exit_status: '-1'
+          limit: 3
+
   - command: .buildkite/scripts/steps/bazel_cache/bootstrap_linux.sh
     label: 'Populate local dev bazel cache (Linux)'
     agents:
diff --git a/.buildkite/scripts/steps/openapi_bundling/final_merge.sh b/.buildkite/scripts/steps/openapi_bundling/final_merge.sh
index 83dba04c350d2..fdd6a17e778fd 100755
--- a/.buildkite/scripts/steps/openapi_bundling/final_merge.sh
+++ b/.buildkite/scripts/steps/openapi_bundling/final_merge.sh
@@ -4,8 +4,16 @@ set -euo pipefail
 
 source .buildkite/scripts/common/util.sh
 
+cur_dir=$(pwd)
+cd oas_docs
+
+echo --- Installing NPM modules
+npm install
+
 echo --- Merge Kibana OpenAPI specs
+make api-docs
+# make api-docs-lint <-- Relies on JSONPath version with RCE vulnerabilities based on `npm audit`, https://github.com/advisories/GHSA-pppg-cpfq-h7wr
 
-(cd oas_docs && make api-docs && make api-docs-lint)
+cd "$cur_dir"
 
 check_for_changed_files "make api-docs" true
diff --git a/.buildkite/scripts/steps/openapi_publishing/package-lock.json b/.buildkite/scripts/steps/openapi_publishing/package-lock.json
new file mode 100644
index 0000000000000..de64cc35aded2
--- /dev/null
+++ b/.buildkite/scripts/steps/openapi_publishing/package-lock.json
@@ -0,0 +1,1841 @@
+{
+  "name": "serverless",
+  "version": "1.0.0",
+  "lockfileVersion": 3,
+  "requires": true,
+  "packages": {
+    "": {
+      "name": "serverless",
+      "version": "1.0.0",
+      "license": "ISC",
+      "dependencies": {
+        "bump-cli": "^2.8.4"
+      }
+    },
+    "node_modules/@apidevtools/json-schema-ref-parser": {
+      "version": "9.1.2",
+      "resolved": "https://registry.npmjs.org/@apidevtools/json-schema-ref-parser/-/json-schema-ref-parser-9.1.2.tgz",
+      "integrity": "sha512-r1w81DpR+KyRWd3f+rk6TNqMgedmAxZP5v5KWlXQWlgMUUtyEJch0DKEci1SorPMiSeM8XPl7MZ3miJ60JIpQg==",
+      "dependencies": {
+        "@jsdevtools/ono": "^7.1.3",
+        "@types/json-schema": "^7.0.6",
+        "call-me-maybe": "^1.0.1",
+        "js-yaml": "^4.1.0"
+      }
+    },
+    "node_modules/@asyncapi/specs": {
+      "version": "5.1.0",
+      "resolved": "https://registry.npmjs.org/@asyncapi/specs/-/specs-5.1.0.tgz",
+      "integrity": "sha512-yffhETqehkim43luMnPKOwzY0D0YtU4bKpORIXIaid6p5Y5kDLrMGJaEPkNieQp03HMjhjFrnUPtT8kvqe0+aQ==",
+      "dependencies": {
+        "@types/json-schema": "^7.0.11"
+      }
+    },
+    "node_modules/@clack/core": {
+      "version": "0.3.4",
+      "resolved": "https://registry.npmjs.org/@clack/core/-/core-0.3.4.tgz",
+      "integrity": "sha512-H4hxZDXgHtWTwV3RAVenqcC4VbJZNegbBjlPvzOzCouXtS2y3sDvlO3IsbrPNWuLWPPlYVYPghQdSF64683Ldw==",
+      "dependencies": {
+        "picocolors": "^1.0.0",
+        "sisteransi": "^1.0.5"
+      }
+    },
+    "node_modules/@clack/prompts": {
+      "version": "0.6.3",
+      "resolved": "https://registry.npmjs.org/@clack/prompts/-/prompts-0.6.3.tgz",
+      "integrity": "sha512-AM+kFmAHawpUQv2q9+mcB6jLKxXGjgu/r2EQjEwujgpCdzrST6BJqYw00GRn56/L/Izw5U7ImoLmy00X/r80Pw==",
+      "bundleDependencies": [
+        "is-unicode-supported"
+      ],
+      "dependencies": {
+        "@clack/core": "^0.3.2",
+        "is-unicode-supported": "*",
+        "picocolors": "^1.0.0",
+        "sisteransi": "^1.0.5"
+      }
+    },
+    "node_modules/@clack/prompts/node_modules/is-unicode-supported": {
+      "version": "1.3.0",
+      "inBundle": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/@cspotcode/source-map-support": {
+      "version": "0.8.1",
+      "resolved": "https://registry.npmjs.org/@cspotcode/source-map-support/-/source-map-support-0.8.1.tgz",
+      "integrity": "sha512-IchNf6dN4tHoMFIn/7OE8LWZ19Y6q/67Bmf6vnGREv8RSbBVb9LPJxEcnwrcwX6ixSvaiGoomAUvu4YSxXrVgw==",
+      "dependencies": {
+        "@jridgewell/trace-mapping": "0.3.9"
+      },
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/@jridgewell/resolve-uri": {
+      "version": "3.1.2",
+      "resolved": "https://registry.npmjs.org/@jridgewell/resolve-uri/-/resolve-uri-3.1.2.tgz",
+      "integrity": "sha512-bRISgCIjP20/tbWSPWMEi54QVPRZExkuD9lJL+UIxUKtwVJA8wW1Trb1jMs1RFXo1CBTNZ/5hpC9QvmKWdopKw==",
+      "engines": {
+        "node": ">=6.0.0"
+      }
+    },
+    "node_modules/@jridgewell/sourcemap-codec": {
+      "version": "1.5.0",
+      "resolved": "https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.5.0.tgz",
+      "integrity": "sha512-gv3ZRaISU3fjPAgNsriBRqGWQL6quFx04YMPW/zD8XMLsU32mhCCbfbO6KZFLjvYpCZ8zyDEgqsgf+PwPaM7GQ=="
+    },
+    "node_modules/@jridgewell/trace-mapping": {
+      "version": "0.3.9",
+      "resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.9.tgz",
+      "integrity": "sha512-3Belt6tdc8bPgAtbcmdtNJlirVoTmEb5e2gC94PnkwEW9jI6CAHUeoG85tjWP5WquqfavoMtMwiG4P926ZKKuQ==",
+      "dependencies": {
+        "@jridgewell/resolve-uri": "^3.0.3",
+        "@jridgewell/sourcemap-codec": "^1.4.10"
+      }
+    },
+    "node_modules/@jsdevtools/ono": {
+      "version": "7.1.3",
+      "resolved": "https://registry.npmjs.org/@jsdevtools/ono/-/ono-7.1.3.tgz",
+      "integrity": "sha512-4JQNk+3mVzK3xh2rqd6RB4J46qUR19azEHBneZyTZM+c456qOrbbM/5xcR8huNCCcbVt7+UmizG6GuUvPvKUYg=="
+    },
+    "node_modules/@nodelib/fs.scandir": {
+      "version": "2.1.5",
+      "resolved": "https://registry.npmjs.org/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz",
+      "integrity": "sha512-vq24Bq3ym5HEQm2NKCr3yXDwjc7vTsEThRDnkp2DK9p1uqLR+DHurm/NOTo0KG7HYHU7eppKZj3MyqYuMBf62g==",
+      "dependencies": {
+        "@nodelib/fs.stat": "2.0.5",
+        "run-parallel": "^1.1.9"
+      },
+      "engines": {
+        "node": ">= 8"
+      }
+    },
+    "node_modules/@nodelib/fs.stat": {
+      "version": "2.0.5",
+      "resolved": "https://registry.npmjs.org/@nodelib/fs.stat/-/fs.stat-2.0.5.tgz",
+      "integrity": "sha512-RkhPPp2zrqDAQA/2jNhnztcPAlv64XdhIp7a7454A5ovI7Bukxgt7MX7udwAu3zg1DcpPU0rz3VV1SeaqvY4+A==",
+      "engines": {
+        "node": ">= 8"
+      }
+    },
+    "node_modules/@nodelib/fs.walk": {
+      "version": "1.2.8",
+      "resolved": "https://registry.npmjs.org/@nodelib/fs.walk/-/fs.walk-1.2.8.tgz",
+      "integrity": "sha512-oGB+UxlgWcgQkgwo8GcEGwemoTFt3FIO9ababBmaGwXIoBKZ+GTy0pP185beGg7Llih/NSHSV2XAs1lnznocSg==",
+      "dependencies": {
+        "@nodelib/fs.scandir": "2.1.5",
+        "fastq": "^1.6.0"
+      },
+      "engines": {
+        "node": ">= 8"
+      }
+    },
+    "node_modules/@oclif/command": {
+      "version": "1.8.36",
+      "resolved": "https://registry.npmjs.org/@oclif/command/-/command-1.8.36.tgz",
+      "integrity": "sha512-/zACSgaYGtAQRzc7HjzrlIs14FuEYAZrMOEwicRoUnZVyRunG4+t5iSEeQu0Xy2bgbCD0U1SP/EdeNZSTXRwjQ==",
+      "deprecated": "Package no longer supported. Contact Support at https://www.npmjs.com/support for more info.",
+      "dependencies": {
+        "@oclif/config": "^1.18.2",
+        "@oclif/errors": "^1.3.6",
+        "@oclif/help": "^1.0.1",
+        "@oclif/parser": "^3.8.17",
+        "debug": "^4.1.1",
+        "semver": "^7.5.4"
+      },
+      "engines": {
+        "node": ">=12.0.0"
+      },
+      "peerDependencies": {
+        "@oclif/config": "^1"
+      }
+    },
+    "node_modules/@oclif/config": {
+      "version": "1.18.17",
+      "resolved": "https://registry.npmjs.org/@oclif/config/-/config-1.18.17.tgz",
+      "integrity": "sha512-k77qyeUvjU8qAJ3XK3fr/QVAqsZO8QOBuESnfeM5HHtPNLSyfVcwiMM2zveSW5xRdLSG3MfV8QnLVkuyCL2ENg==",
+      "deprecated": "Package no longer supported. Contact Support at https://www.npmjs.com/support for more info.",
+      "dependencies": {
+        "@oclif/errors": "^1.3.6",
+        "@oclif/parser": "^3.8.17",
+        "debug": "^4.3.4",
+        "globby": "^11.1.0",
+        "is-wsl": "^2.1.1",
+        "tslib": "^2.6.1"
+      },
+      "engines": {
+        "node": ">=8.0.0"
+      }
+    },
+    "node_modules/@oclif/core": {
+      "version": "1.20.4",
+      "resolved": "https://registry.npmjs.org/@oclif/core/-/core-1.20.4.tgz",
+      "integrity": "sha512-giug32M4YhSYNYKQwE1L57/+k5gp1+Bq3/0vKNQmzAY1tizFGhvBJc6GIRZasHjU+xtZLutQvrVrJo7chX3hxg==",
+      "dependencies": {
+        "@oclif/linewrap": "^1.0.0",
+        "@oclif/screen": "^3.0.3",
+        "ansi-escapes": "^4.3.2",
+        "ansi-styles": "^4.3.0",
+        "cardinal": "^2.1.1",
+        "chalk": "^4.1.2",
+        "clean-stack": "^3.0.1",
+        "cli-progress": "^3.10.0",
+        "debug": "^4.3.4",
+        "ejs": "^3.1.6",
+        "fs-extra": "^9.1.0",
+        "get-package-type": "^0.1.0",
+        "globby": "^11.1.0",
+        "hyperlinker": "^1.0.0",
+        "indent-string": "^4.0.0",
+        "is-wsl": "^2.2.0",
+        "js-yaml": "^3.14.1",
+        "natural-orderby": "^2.0.3",
+        "object-treeify": "^1.1.33",
+        "password-prompt": "^1.1.2",
+        "semver": "^7.3.7",
+        "string-width": "^4.2.3",
+        "strip-ansi": "^6.0.1",
+        "supports-color": "^8.1.1",
+        "supports-hyperlinks": "^2.2.0",
+        "tslib": "^2.4.1",
+        "widest-line": "^3.1.0",
+        "wrap-ansi": "^7.0.0"
+      },
+      "engines": {
+        "node": ">=14.0.0"
+      }
+    },
+    "node_modules/@oclif/core/node_modules/argparse": {
+      "version": "1.0.10",
+      "resolved": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz",
+      "integrity": "sha512-o5Roy6tNG4SL/FOkCAN6RzjiakZS25RLYFrcMttJqbdd8BWrnA+fGz57iN5Pb06pvBGvl5gQ0B48dJlslXvoTg==",
+      "dependencies": {
+        "sprintf-js": "~1.0.2"
+      }
+    },
+    "node_modules/@oclif/core/node_modules/esprima": {
+      "version": "4.0.1",
+      "resolved": "https://registry.npmjs.org/esprima/-/esprima-4.0.1.tgz",
+      "integrity": "sha512-eGuFFw7Upda+g4p+QHvnW0RyTX/SVeJBDM/gCtMARO0cLuT2HcEKnTPvhjV6aGeqrCB/sbNop0Kszm0jsaWU4A==",
+      "bin": {
+        "esparse": "bin/esparse.js",
+        "esvalidate": "bin/esvalidate.js"
+      },
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/@oclif/core/node_modules/js-yaml": {
+      "version": "3.14.1",
+      "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz",
+      "integrity": "sha512-okMH7OXXJ7YrN9Ok3/SXrnu4iX9yOk+25nqX4imS2npuvTYDmo/QEZoqwZkYaIDk3jVvBOTOIEgEhaLOynBS9g==",
+      "dependencies": {
+        "argparse": "^1.0.7",
+        "esprima": "^4.0.0"
+      },
+      "bin": {
+        "js-yaml": "bin/js-yaml.js"
+      }
+    },
+    "node_modules/@oclif/errors": {
+      "version": "1.3.6",
+      "resolved": "https://registry.npmjs.org/@oclif/errors/-/errors-1.3.6.tgz",
+      "integrity": "sha512-fYaU4aDceETd89KXP+3cLyg9EHZsLD3RxF2IU9yxahhBpspWjkWi3Dy3bTgcwZ3V47BgxQaGapzJWDM33XIVDQ==",
+      "deprecated": "Package no longer supported. Contact Support at https://www.npmjs.com/support for more info.",
+      "dependencies": {
+        "clean-stack": "^3.0.0",
+        "fs-extra": "^8.1",
+        "indent-string": "^4.0.0",
+        "strip-ansi": "^6.0.1",
+        "wrap-ansi": "^7.0.0"
+      },
+      "engines": {
+        "node": ">=8.0.0"
+      }
+    },
+    "node_modules/@oclif/errors/node_modules/fs-extra": {
+      "version": "8.1.0",
+      "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-8.1.0.tgz",
+      "integrity": "sha512-yhlQgA6mnOJUKOsRUFsgJdQCvkKhcz8tlZG5HBQfReYZy46OwLcY+Zia0mtdHsOo9y/hP+CxMN0TU9QxoOtG4g==",
+      "dependencies": {
+        "graceful-fs": "^4.2.0",
+        "jsonfile": "^4.0.0",
+        "universalify": "^0.1.0"
+      },
+      "engines": {
+        "node": ">=6 <7 || >=8"
+      }
+    },
+    "node_modules/@oclif/errors/node_modules/jsonfile": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/jsonfile/-/jsonfile-4.0.0.tgz",
+      "integrity": "sha512-m6F1R3z8jjlf2imQHS2Qez5sjKWQzbuuhuJ/FKYFRZvPE3PuHcSMVZzfsLhGVOkfd20obL5SWEBew5ShlquNxg==",
+      "optionalDependencies": {
+        "graceful-fs": "^4.1.6"
+      }
+    },
+    "node_modules/@oclif/errors/node_modules/universalify": {
+      "version": "0.1.2",
+      "resolved": "https://registry.npmjs.org/universalify/-/universalify-0.1.2.tgz",
+      "integrity": "sha512-rBJeI5CXAlmy1pV+617WB9J63U6XcazHHF2f2dbJix4XzpUF0RS3Zbj0FGIOCAva5P/d/GBOYaACQ1w+0azUkg==",
+      "engines": {
+        "node": ">= 4.0.0"
+      }
+    },
+    "node_modules/@oclif/help": {
+      "version": "1.0.15",
+      "resolved": "https://registry.npmjs.org/@oclif/help/-/help-1.0.15.tgz",
+      "integrity": "sha512-Yt8UHoetk/XqohYX76DfdrUYLsPKMc5pgkzsZVHDyBSkLiGRzujVaGZdjr32ckVZU9q3a47IjhWxhip7Dz5W/g==",
+      "deprecated": "Package no longer supported. Contact Support at https://www.npmjs.com/support for more info.",
+      "dependencies": {
+        "@oclif/config": "1.18.16",
+        "@oclif/errors": "1.3.6",
+        "chalk": "^4.1.2",
+        "indent-string": "^4.0.0",
+        "lodash": "^4.17.21",
+        "string-width": "^4.2.0",
+        "strip-ansi": "^6.0.0",
+        "widest-line": "^3.1.0",
+        "wrap-ansi": "^6.2.0"
+      },
+      "engines": {
+        "node": ">=8.0.0"
+      }
+    },
+    "node_modules/@oclif/help/node_modules/@oclif/config": {
+      "version": "1.18.16",
+      "resolved": "https://registry.npmjs.org/@oclif/config/-/config-1.18.16.tgz",
+      "integrity": "sha512-VskIxVcN22qJzxRUq+raalq6Q3HUde7sokB7/xk5TqRZGEKRVbFeqdQBxDWwQeudiJEgcNiMvIFbMQ43dY37FA==",
+      "deprecated": "Package no longer supported. Contact Support at https://www.npmjs.com/support for more info.",
+      "dependencies": {
+        "@oclif/errors": "^1.3.6",
+        "@oclif/parser": "^3.8.16",
+        "debug": "^4.3.4",
+        "globby": "^11.1.0",
+        "is-wsl": "^2.1.1",
+        "tslib": "^2.6.1"
+      },
+      "engines": {
+        "node": ">=8.0.0"
+      }
+    },
+    "node_modules/@oclif/help/node_modules/wrap-ansi": {
+      "version": "6.2.0",
+      "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-6.2.0.tgz",
+      "integrity": "sha512-r6lPcBGxZXlIcymEu7InxDMhdW0KDxpLgoFLcguasxCaJ/SOIZwINatK9KY/tf+ZrlywOKU0UDj3ATXUBfxJXA==",
+      "dependencies": {
+        "ansi-styles": "^4.0.0",
+        "string-width": "^4.1.0",
+        "strip-ansi": "^6.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/@oclif/linewrap": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/@oclif/linewrap/-/linewrap-1.0.0.tgz",
+      "integrity": "sha512-Ups2dShK52xXa8w6iBWLgcjPJWjais6KPJQq3gQ/88AY6BXoTX+MIGFPrWQO1KLMiQfoTpcLnUwloN4brrVUHw=="
+    },
+    "node_modules/@oclif/parser": {
+      "version": "3.8.17",
+      "resolved": "https://registry.npmjs.org/@oclif/parser/-/parser-3.8.17.tgz",
+      "integrity": "sha512-l04iSd0xoh/16TGVpXb81Gg3z7tlQGrEup16BrVLsZBK6SEYpYHRJZnM32BwZrHI97ZSFfuSwVlzoo6HdsaK8A==",
+      "deprecated": "Package no longer supported. Contact Support at https://www.npmjs.com/support for more info.",
+      "dependencies": {
+        "@oclif/errors": "^1.3.6",
+        "@oclif/linewrap": "^1.0.0",
+        "chalk": "^4.1.0",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=8.0.0"
+      }
+    },
+    "node_modules/@oclif/plugin-help": {
+      "version": "5.2.20",
+      "resolved": "https://registry.npmjs.org/@oclif/plugin-help/-/plugin-help-5.2.20.tgz",
+      "integrity": "sha512-u+GXX/KAGL9S10LxAwNUaWdzbEBARJ92ogmM7g3gDVud2HioCmvWQCDohNRVZ9GYV9oKwZ/M8xwd6a1d95rEKQ==",
+      "dependencies": {
+        "@oclif/core": "^2.15.0"
+      },
+      "engines": {
+        "node": ">=12.0.0"
+      }
+    },
+    "node_modules/@oclif/plugin-help/node_modules/@oclif/core": {
+      "version": "2.16.0",
+      "resolved": "https://registry.npmjs.org/@oclif/core/-/core-2.16.0.tgz",
+      "integrity": "sha512-dL6atBH0zCZl1A1IXCKJgLPrM/wR7K+Wi401E/IvqsK8m2iCHW+0TEOGrans/cuN3oTW+uxIyJFHJ8Im0k4qBw==",
+      "dependencies": {
+        "@types/cli-progress": "^3.11.0",
+        "ansi-escapes": "^4.3.2",
+        "ansi-styles": "^4.3.0",
+        "cardinal": "^2.1.1",
+        "chalk": "^4.1.2",
+        "clean-stack": "^3.0.1",
+        "cli-progress": "^3.12.0",
+        "debug": "^4.3.4",
+        "ejs": "^3.1.8",
+        "get-package-type": "^0.1.0",
+        "globby": "^11.1.0",
+        "hyperlinker": "^1.0.0",
+        "indent-string": "^4.0.0",
+        "is-wsl": "^2.2.0",
+        "js-yaml": "^3.14.1",
+        "natural-orderby": "^2.0.3",
+        "object-treeify": "^1.1.33",
+        "password-prompt": "^1.1.2",
+        "slice-ansi": "^4.0.0",
+        "string-width": "^4.2.3",
+        "strip-ansi": "^6.0.1",
+        "supports-color": "^8.1.1",
+        "supports-hyperlinks": "^2.2.0",
+        "ts-node": "^10.9.1",
+        "tslib": "^2.5.0",
+        "widest-line": "^3.1.0",
+        "wordwrap": "^1.0.0",
+        "wrap-ansi": "^7.0.0"
+      },
+      "engines": {
+        "node": ">=14.0.0"
+      }
+    },
+    "node_modules/@oclif/plugin-help/node_modules/argparse": {
+      "version": "1.0.10",
+      "resolved": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz",
+      "integrity": "sha512-o5Roy6tNG4SL/FOkCAN6RzjiakZS25RLYFrcMttJqbdd8BWrnA+fGz57iN5Pb06pvBGvl5gQ0B48dJlslXvoTg==",
+      "dependencies": {
+        "sprintf-js": "~1.0.2"
+      }
+    },
+    "node_modules/@oclif/plugin-help/node_modules/esprima": {
+      "version": "4.0.1",
+      "resolved": "https://registry.npmjs.org/esprima/-/esprima-4.0.1.tgz",
+      "integrity": "sha512-eGuFFw7Upda+g4p+QHvnW0RyTX/SVeJBDM/gCtMARO0cLuT2HcEKnTPvhjV6aGeqrCB/sbNop0Kszm0jsaWU4A==",
+      "bin": {
+        "esparse": "bin/esparse.js",
+        "esvalidate": "bin/esvalidate.js"
+      },
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/@oclif/plugin-help/node_modules/js-yaml": {
+      "version": "3.14.1",
+      "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz",
+      "integrity": "sha512-okMH7OXXJ7YrN9Ok3/SXrnu4iX9yOk+25nqX4imS2npuvTYDmo/QEZoqwZkYaIDk3jVvBOTOIEgEhaLOynBS9g==",
+      "dependencies": {
+        "argparse": "^1.0.7",
+        "esprima": "^4.0.0"
+      },
+      "bin": {
+        "js-yaml": "bin/js-yaml.js"
+      }
+    },
+    "node_modules/@oclif/screen": {
+      "version": "3.0.8",
+      "resolved": "https://registry.npmjs.org/@oclif/screen/-/screen-3.0.8.tgz",
+      "integrity": "sha512-yx6KAqlt3TAHBduS2fMQtJDL2ufIHnDRArrJEOoTTuizxqmjLT+psGYOHpmMl3gvQpFJ11Hs76guUUktzAF9Bg==",
+      "deprecated": "Package no longer supported. Contact Support at https://www.npmjs.com/support for more info.",
+      "engines": {
+        "node": ">=12.0.0"
+      }
+    },
+    "node_modules/@stoplight/ordered-object-literal": {
+      "version": "1.0.5",
+      "resolved": "https://registry.npmjs.org/@stoplight/ordered-object-literal/-/ordered-object-literal-1.0.5.tgz",
+      "integrity": "sha512-COTiuCU5bgMUtbIFBuyyh2/yVVzlr5Om0v5utQDgBCuQUOPgU1DwoffkTfg4UBQOvByi5foF4w4T+H9CoRe5wg==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/@stoplight/types": {
+      "version": "14.1.1",
+      "resolved": "https://registry.npmjs.org/@stoplight/types/-/types-14.1.1.tgz",
+      "integrity": "sha512-/kjtr+0t0tjKr+heVfviO9FrU/uGLc+QNX3fHJc19xsCNYqU7lVhaXxDmEID9BZTjG+/r9pK9xP/xU02XGg65g==",
+      "dependencies": {
+        "@types/json-schema": "^7.0.4",
+        "utility-types": "^3.10.0"
+      },
+      "engines": {
+        "node": "^12.20 || >=14.13"
+      }
+    },
+    "node_modules/@stoplight/yaml": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/@stoplight/yaml/-/yaml-4.3.0.tgz",
+      "integrity": "sha512-JZlVFE6/dYpP9tQmV0/ADfn32L9uFarHWxfcRhReKUnljz1ZiUM5zpX+PH8h5CJs6lao3TuFqnPm9IJJCEkE2w==",
+      "dependencies": {
+        "@stoplight/ordered-object-literal": "^1.0.5",
+        "@stoplight/types": "^14.1.1",
+        "@stoplight/yaml-ast-parser": "0.0.50",
+        "tslib": "^2.2.0"
+      },
+      "engines": {
+        "node": ">=10.8"
+      }
+    },
+    "node_modules/@stoplight/yaml-ast-parser": {
+      "version": "0.0.50",
+      "resolved": "https://registry.npmjs.org/@stoplight/yaml-ast-parser/-/yaml-ast-parser-0.0.50.tgz",
+      "integrity": "sha512-Pb6M8TDO9DtSVla9yXSTAxmo9GVEouq5P40DWXdOie69bXogZTkgvopCq+yEvTMA0F6PEvdJmbtTV3ccIp11VQ=="
+    },
+    "node_modules/@tsconfig/node10": {
+      "version": "1.0.11",
+      "resolved": "https://registry.npmjs.org/@tsconfig/node10/-/node10-1.0.11.tgz",
+      "integrity": "sha512-DcRjDCujK/kCk/cUe8Xz8ZSpm8mS3mNNpta+jGCA6USEDfktlNvm1+IuZ9eTcDbNk41BHwpHHeW+N1lKCz4zOw=="
+    },
+    "node_modules/@tsconfig/node12": {
+      "version": "1.0.11",
+      "resolved": "https://registry.npmjs.org/@tsconfig/node12/-/node12-1.0.11.tgz",
+      "integrity": "sha512-cqefuRsh12pWyGsIoBKJA9luFu3mRxCA+ORZvA4ktLSzIuCUtWVxGIuXigEwO5/ywWFMZ2QEGKWvkZG1zDMTag=="
+    },
+    "node_modules/@tsconfig/node14": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/@tsconfig/node14/-/node14-1.0.3.tgz",
+      "integrity": "sha512-ysT8mhdixWK6Hw3i1V2AeRqZ5WfXg1G43mqoYlM2nc6388Fq5jcXyr5mRsqViLx/GJYdoL0bfXD8nmF+Zn/Iow=="
+    },
+    "node_modules/@tsconfig/node16": {
+      "version": "1.0.4",
+      "resolved": "https://registry.npmjs.org/@tsconfig/node16/-/node16-1.0.4.tgz",
+      "integrity": "sha512-vxhUy4J8lyeyinH7Azl1pdd43GJhZH/tP2weN8TntQblOY+A0XbT8DJk1/oCPuOOyg/Ja757rG0CgHcWC8OfMA=="
+    },
+    "node_modules/@types/cli-progress": {
+      "version": "3.11.6",
+      "resolved": "https://registry.npmjs.org/@types/cli-progress/-/cli-progress-3.11.6.tgz",
+      "integrity": "sha512-cE3+jb9WRlu+uOSAugewNpITJDt1VF8dHOopPO4IABFc3SXYL5WE/+PTz/FCdZRRfIujiWW3n3aMbv1eIGVRWA==",
+      "dependencies": {
+        "@types/node": "*"
+      }
+    },
+    "node_modules/@types/json-schema": {
+      "version": "7.0.15",
+      "resolved": "https://registry.npmjs.org/@types/json-schema/-/json-schema-7.0.15.tgz",
+      "integrity": "sha512-5+fP8P8MFNC+AyZCDxrB2pkZFPGzqQWUzpSeuuVLvm8VMcorNYavBqoFcxK8bQz4Qsbn4oUEEem4wDLfcysGHA=="
+    },
+    "node_modules/@types/node": {
+      "version": "22.8.1",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-22.8.1.tgz",
+      "integrity": "sha512-k6Gi8Yyo8EtrNtkHXutUu2corfDf9su95VYVP10aGYMMROM6SAItZi0w1XszA6RtWTHSVp5OeFof37w0IEqCQg==",
+      "dependencies": {
+        "undici-types": "~6.19.8"
+      }
+    },
+    "node_modules/acorn": {
+      "version": "8.14.0",
+      "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.14.0.tgz",
+      "integrity": "sha512-cl669nCJTZBsL97OF4kUQm5g5hC2uihk0NxY3WENAC0TYdILVkAyHymAntgxGkl7K+t0cXIrH5siy5S4XkFycA==",
+      "bin": {
+        "acorn": "bin/acorn"
+      },
+      "engines": {
+        "node": ">=0.4.0"
+      }
+    },
+    "node_modules/acorn-walk": {
+      "version": "8.3.4",
+      "resolved": "https://registry.npmjs.org/acorn-walk/-/acorn-walk-8.3.4.tgz",
+      "integrity": "sha512-ueEepnujpqee2o5aIYnvHU6C0A42MNdsIDeqy5BydrkuC5R1ZuUFnm27EeFJGoEHJQgn3uleRvmTXaJgfXbt4g==",
+      "dependencies": {
+        "acorn": "^8.11.0"
+      },
+      "engines": {
+        "node": ">=0.4.0"
+      }
+    },
+    "node_modules/ansi-escapes": {
+      "version": "4.3.2",
+      "resolved": "https://registry.npmjs.org/ansi-escapes/-/ansi-escapes-4.3.2.tgz",
+      "integrity": "sha512-gKXj5ALrKWQLsYG9jlTRmR/xKluxHV+Z9QEwNIgCfM1/uwPMCuzVVnh5mwTd+OuBZcwSIMbqssNWRm1lE51QaQ==",
+      "dependencies": {
+        "type-fest": "^0.21.3"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/ansi-regex": {
+      "version": "5.0.1",
+      "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz",
+      "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/ansi-styles": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
+      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
+      "dependencies": {
+        "color-convert": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      }
+    },
+    "node_modules/ansicolors": {
+      "version": "0.3.2",
+      "resolved": "https://registry.npmjs.org/ansicolors/-/ansicolors-0.3.2.tgz",
+      "integrity": "sha512-QXu7BPrP29VllRxH8GwB7x5iX5qWKAAMLqKQGWTeLWVlNHNOpVMJ91dsxQAIWXpjuW5wqvxu3Jd/nRjrJ+0pqg=="
+    },
+    "node_modules/arg": {
+      "version": "4.1.3",
+      "resolved": "https://registry.npmjs.org/arg/-/arg-4.1.3.tgz",
+      "integrity": "sha512-58S9QDqG0Xx27YwPSt9fJxivjYl432YCwfDMfZ+71RAqUrZef7LrKQZ3LHLOwCS4FLNBplP533Zx895SeOCHvA=="
+    },
+    "node_modules/argparse": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz",
+      "integrity": "sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q=="
+    },
+    "node_modules/array-union": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/array-union/-/array-union-2.1.0.tgz",
+      "integrity": "sha512-HGyxoOTYUyCM6stUe6EJgnd4EoewAI7zMdfqO+kGjnlZmBDz/cR5pf8r/cR4Wq60sL/p0IkcjUEEPwS3GFrIyw==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/astral-regex": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/astral-regex/-/astral-regex-2.0.0.tgz",
+      "integrity": "sha512-Z7tMw1ytTXt5jqMcOP+OQteU1VuNK9Y02uuJtKQ1Sv69jXQKKg5cibLwGJow8yzZP+eAc18EmLGPal0bp36rvQ==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/async": {
+      "version": "3.2.6",
+      "resolved": "https://registry.npmjs.org/async/-/async-3.2.6.tgz",
+      "integrity": "sha512-htCUDlxyyCLMgaM3xXg0C0LW2xqfuQ6p05pCEIsXuyQ+a1koYKTuBMzRNwmybfLgvJDMd0r1LTn4+E0Ti6C2AA=="
+    },
+    "node_modules/async-mutex": {
+      "version": "0.4.1",
+      "resolved": "https://registry.npmjs.org/async-mutex/-/async-mutex-0.4.1.tgz",
+      "integrity": "sha512-WfoBo4E/TbCX1G95XTjbWTE3X2XLG0m1Xbv2cwOtuPdyH9CZvnaA5nCt1ucjaKEgW2A5IF71hxrRhr83Je5xjA==",
+      "dependencies": {
+        "tslib": "^2.4.0"
+      }
+    },
+    "node_modules/asynckit": {
+      "version": "0.4.0",
+      "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz",
+      "integrity": "sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q=="
+    },
+    "node_modules/at-least-node": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/at-least-node/-/at-least-node-1.0.0.tgz",
+      "integrity": "sha512-+q/t7Ekv1EDY2l6Gda6LLiX14rU9TV20Wa3ofeQmwPFZbOMo9DXrLbOjFaaclkXKWidIaopwAObQDqwWtGUjqg==",
+      "engines": {
+        "node": ">= 4.0.0"
+      }
+    },
+    "node_modules/axios": {
+      "version": "1.7.7",
+      "resolved": "https://registry.npmjs.org/axios/-/axios-1.7.7.tgz",
+      "integrity": "sha512-S4kL7XrjgBmvdGut0sN3yJxqYzrDOnivkBiN0OFs6hLiUam3UPvswUo0kqGyhqUZGEOytHyumEdXsAkgCOUf3Q==",
+      "dependencies": {
+        "follow-redirects": "^1.15.6",
+        "form-data": "^4.0.0",
+        "proxy-from-env": "^1.1.0"
+      }
+    },
+    "node_modules/balanced-match": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz",
+      "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw=="
+    },
+    "node_modules/brace-expansion": {
+      "version": "1.1.11",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz",
+      "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==",
+      "dependencies": {
+        "balanced-match": "^1.0.0",
+        "concat-map": "0.0.1"
+      }
+    },
+    "node_modules/braces": {
+      "version": "3.0.3",
+      "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.3.tgz",
+      "integrity": "sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==",
+      "dependencies": {
+        "fill-range": "^7.1.1"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/bump-cli": {
+      "version": "2.8.4",
+      "resolved": "https://registry.npmjs.org/bump-cli/-/bump-cli-2.8.4.tgz",
+      "integrity": "sha512-FwcsaY1jmCtwXkuIhkPxGLysLrxCJKnl54PHutb7N4FIuO9Hq8Xjn1giEfO3ZK8UGVZ9DiAb11H9ypFP6WNnhQ==",
+      "dependencies": {
+        "@apidevtools/json-schema-ref-parser": "^9.0.7",
+        "@asyncapi/specs": "^5.1.0",
+        "@clack/prompts": "^0.6.3",
+        "@oclif/command": "^1.8.36",
+        "@oclif/config": "^1.18.17",
+        "@oclif/core": "1.20.4",
+        "@oclif/plugin-help": "^5.1.10",
+        "@stoplight/yaml": "^4.2.3",
+        "async-mutex": "^0.4.0",
+        "axios": "^1.6.4",
+        "debug": "^4.3.1",
+        "jsonpath": "^1.1.1",
+        "mergician": "^1.0.3",
+        "oas-schemas": "git+https://git@github.com/OAI/OpenAPI-Specification.git#0f9d3ec7c033fef184ec54e1ffc201b2d61ce023",
+        "tslib": "^2.3.0"
+      },
+      "bin": {
+        "bump": "bin/run"
+      },
+      "engines": {
+        "node": ">=16.0.0"
+      }
+    },
+    "node_modules/call-me-maybe": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/call-me-maybe/-/call-me-maybe-1.0.2.tgz",
+      "integrity": "sha512-HpX65o1Hnr9HH25ojC1YGs7HCQLq0GCOibSaWER0eNpgJ/Z1MZv2mTc7+xh6WOPxbRVcmgbv4hGU+uSQ/2xFZQ=="
+    },
+    "node_modules/cardinal": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/cardinal/-/cardinal-2.1.1.tgz",
+      "integrity": "sha512-JSr5eOgoEymtYHBjNWyjrMqet9Am2miJhlfKNdqLp6zoeAh0KN5dRAcxlecj5mAJrmQomgiOBj35xHLrFjqBpw==",
+      "dependencies": {
+        "ansicolors": "~0.3.2",
+        "redeyed": "~2.1.0"
+      },
+      "bin": {
+        "cdl": "bin/cdl.js"
+      }
+    },
+    "node_modules/chalk": {
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
+      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
+      "dependencies": {
+        "ansi-styles": "^4.1.0",
+        "supports-color": "^7.1.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/chalk?sponsor=1"
+      }
+    },
+    "node_modules/chalk/node_modules/supports-color": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
+      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
+      "dependencies": {
+        "has-flag": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/clean-stack": {
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/clean-stack/-/clean-stack-3.0.1.tgz",
+      "integrity": "sha512-lR9wNiMRcVQjSB3a7xXGLuz4cr4wJuuXlaAEbRutGowQTmlp7R72/DOgN21e8jdwblMWl9UOJMJXarX94pzKdg==",
+      "dependencies": {
+        "escape-string-regexp": "4.0.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/cli-progress": {
+      "version": "3.12.0",
+      "resolved": "https://registry.npmjs.org/cli-progress/-/cli-progress-3.12.0.tgz",
+      "integrity": "sha512-tRkV3HJ1ASwm19THiiLIXLO7Im7wlTuKnvkYaTkyoAPefqjNg7W7DHKUlGRxy9vxDvbyCYQkQozvptuMkGCg8A==",
+      "dependencies": {
+        "string-width": "^4.2.3"
+      },
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/color-convert": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+      "dependencies": {
+        "color-name": "~1.1.4"
+      },
+      "engines": {
+        "node": ">=7.0.0"
+      }
+    },
+    "node_modules/color-name": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
+    },
+    "node_modules/combined-stream": {
+      "version": "1.0.8",
+      "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz",
+      "integrity": "sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==",
+      "dependencies": {
+        "delayed-stream": "~1.0.0"
+      },
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/concat-map": {
+      "version": "0.0.1",
+      "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz",
+      "integrity": "sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg=="
+    },
+    "node_modules/create-require": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/create-require/-/create-require-1.1.1.tgz",
+      "integrity": "sha512-dcKFX3jn0MpIaXjisoRvexIJVEKzaq7z2rZKxf+MSr9TkdmHmsU4m2lcLojrj/FHl8mk5VxMmYA+ftRkP/3oKQ=="
+    },
+    "node_modules/cross-spawn": {
+      "version": "7.0.3",
+      "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz",
+      "integrity": "sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==",
+      "dependencies": {
+        "path-key": "^3.1.0",
+        "shebang-command": "^2.0.0",
+        "which": "^2.0.1"
+      },
+      "engines": {
+        "node": ">= 8"
+      }
+    },
+    "node_modules/debug": {
+      "version": "4.3.7",
+      "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.7.tgz",
+      "integrity": "sha512-Er2nc/H7RrMXZBFCEim6TCmMk02Z8vLC2Rbi1KEBggpo0fS6l0S1nnapwmIi3yW/+GOJap1Krg4w0Hg80oCqgQ==",
+      "dependencies": {
+        "ms": "^2.1.3"
+      },
+      "engines": {
+        "node": ">=6.0"
+      },
+      "peerDependenciesMeta": {
+        "supports-color": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/deep-is": {
+      "version": "0.1.4",
+      "resolved": "https://registry.npmjs.org/deep-is/-/deep-is-0.1.4.tgz",
+      "integrity": "sha512-oIPzksmTg4/MriiaYGO+okXDT7ztn/w3Eptv/+gSIdMdKsJo0u4CfYNFJPy+4SKMuCqGw2wxnA+URMg3t8a/bQ=="
+    },
+    "node_modules/delayed-stream": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz",
+      "integrity": "sha512-ZySD7Nf91aLB0RxL4KGrKHBXl7Eds1DAmEdcoVawXnLD7SDhpNgtuII2aAkg7a7QS41jxPSZ17p4VdGnMHk3MQ==",
+      "engines": {
+        "node": ">=0.4.0"
+      }
+    },
+    "node_modules/diff": {
+      "version": "4.0.2",
+      "resolved": "https://registry.npmjs.org/diff/-/diff-4.0.2.tgz",
+      "integrity": "sha512-58lmxKSA4BNyLz+HHMUzlOEpg09FV+ev6ZMe3vJihgdxzgcwZ8VoEEPmALCZG9LmqfVoNMMKpttIYTVG6uDY7A==",
+      "engines": {
+        "node": ">=0.3.1"
+      }
+    },
+    "node_modules/dir-glob": {
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/dir-glob/-/dir-glob-3.0.1.tgz",
+      "integrity": "sha512-WkrWp9GR4KXfKGYzOLmTuGVi1UWFfws377n9cc55/tb6DuqyF6pcQ5AbiHEshaDpY9v6oaSr2XCDidGmMwdzIA==",
+      "dependencies": {
+        "path-type": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/ejs": {
+      "version": "3.1.10",
+      "resolved": "https://registry.npmjs.org/ejs/-/ejs-3.1.10.tgz",
+      "integrity": "sha512-UeJmFfOrAQS8OJWPZ4qtgHyWExa088/MtK5UEyoJGFH67cDEXkZSviOiKRCZ4Xij0zxI3JECgYs3oKx+AizQBA==",
+      "dependencies": {
+        "jake": "^10.8.5"
+      },
+      "bin": {
+        "ejs": "bin/cli.js"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/emoji-regex": {
+      "version": "8.0.0",
+      "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz",
+      "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A=="
+    },
+    "node_modules/escape-string-regexp": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-4.0.0.tgz",
+      "integrity": "sha512-TtpcNJ3XAzx3Gq8sWRzJaVajRs0uVxA2YAkdb1jm2YkPz4G6egUFAyA3n5vtEIZefPk5Wa4UXbKuS5fKkJWdgA==",
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/escodegen": {
+      "version": "1.14.3",
+      "resolved": "https://registry.npmjs.org/escodegen/-/escodegen-1.14.3.tgz",
+      "integrity": "sha512-qFcX0XJkdg+PB3xjZZG/wKSuT1PnQWx57+TVSjIMmILd2yC/6ByYElPwJnslDsuWuSAp4AwJGumarAAmJch5Kw==",
+      "dependencies": {
+        "esprima": "^4.0.1",
+        "estraverse": "^4.2.0",
+        "esutils": "^2.0.2",
+        "optionator": "^0.8.1"
+      },
+      "bin": {
+        "escodegen": "bin/escodegen.js",
+        "esgenerate": "bin/esgenerate.js"
+      },
+      "engines": {
+        "node": ">=4.0"
+      },
+      "optionalDependencies": {
+        "source-map": "~0.6.1"
+      }
+    },
+    "node_modules/escodegen/node_modules/esprima": {
+      "version": "4.0.1",
+      "resolved": "https://registry.npmjs.org/esprima/-/esprima-4.0.1.tgz",
+      "integrity": "sha512-eGuFFw7Upda+g4p+QHvnW0RyTX/SVeJBDM/gCtMARO0cLuT2HcEKnTPvhjV6aGeqrCB/sbNop0Kszm0jsaWU4A==",
+      "bin": {
+        "esparse": "bin/esparse.js",
+        "esvalidate": "bin/esvalidate.js"
+      },
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/esprima": {
+      "version": "1.2.2",
+      "resolved": "https://registry.npmjs.org/esprima/-/esprima-1.2.2.tgz",
+      "integrity": "sha512-+JpPZam9w5DuJ3Q67SqsMGtiHKENSMRVoxvArfJZK01/BfLEObtZ6orJa/MtoGNR/rfMgp5837T41PAmTwAv/A==",
+      "bin": {
+        "esparse": "bin/esparse.js",
+        "esvalidate": "bin/esvalidate.js"
+      },
+      "engines": {
+        "node": ">=0.4.0"
+      }
+    },
+    "node_modules/estraverse": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/estraverse/-/estraverse-4.3.0.tgz",
+      "integrity": "sha512-39nnKffWz8xN1BU/2c79n9nB9HDzo0niYUqx6xyqUnyoAnQyyWpOTdZEeiCch8BBu515t4wp9ZmgVfVhn9EBpw==",
+      "engines": {
+        "node": ">=4.0"
+      }
+    },
+    "node_modules/esutils": {
+      "version": "2.0.3",
+      "resolved": "https://registry.npmjs.org/esutils/-/esutils-2.0.3.tgz",
+      "integrity": "sha512-kVscqXk4OCp68SZ0dkgEKVi6/8ij300KBWTJq32P/dYeWTSwK41WyTxalN1eRmA5Z9UU/LX9D7FWSmV9SAYx6g==",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/fast-glob": {
+      "version": "3.3.2",
+      "resolved": "https://registry.npmjs.org/fast-glob/-/fast-glob-3.3.2.tgz",
+      "integrity": "sha512-oX2ruAFQwf/Orj8m737Y5adxDQO0LAB7/S5MnxCdTNDd4p6BsyIVsv9JQsATbTSq8KHRpLwIHbVlUNatxd+1Ow==",
+      "dependencies": {
+        "@nodelib/fs.stat": "^2.0.2",
+        "@nodelib/fs.walk": "^1.2.3",
+        "glob-parent": "^5.1.2",
+        "merge2": "^1.3.0",
+        "micromatch": "^4.0.4"
+      },
+      "engines": {
+        "node": ">=8.6.0"
+      }
+    },
+    "node_modules/fast-levenshtein": {
+      "version": "2.0.6",
+      "resolved": "https://registry.npmjs.org/fast-levenshtein/-/fast-levenshtein-2.0.6.tgz",
+      "integrity": "sha512-DCXu6Ifhqcks7TZKY3Hxp3y6qphY5SJZmrWMDrKcERSOXWQdMhU9Ig/PYrzyw/ul9jOIyh0N4M0tbC5hodg8dw=="
+    },
+    "node_modules/fastq": {
+      "version": "1.17.1",
+      "resolved": "https://registry.npmjs.org/fastq/-/fastq-1.17.1.tgz",
+      "integrity": "sha512-sRVD3lWVIXWg6By68ZN7vho9a1pQcN/WBFaAAsDDFzlJjvoGx0P8z7V1t72grFJfJhu3YPZBuu25f7Kaw2jN1w==",
+      "dependencies": {
+        "reusify": "^1.0.4"
+      }
+    },
+    "node_modules/filelist": {
+      "version": "1.0.4",
+      "resolved": "https://registry.npmjs.org/filelist/-/filelist-1.0.4.tgz",
+      "integrity": "sha512-w1cEuf3S+DrLCQL7ET6kz+gmlJdbq9J7yXCSjK/OZCPA+qEN1WyF4ZAf0YYJa4/shHJra2t/d/r8SV4Ji+x+8Q==",
+      "dependencies": {
+        "minimatch": "^5.0.1"
+      }
+    },
+    "node_modules/filelist/node_modules/brace-expansion": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
+      "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
+      "dependencies": {
+        "balanced-match": "^1.0.0"
+      }
+    },
+    "node_modules/filelist/node_modules/minimatch": {
+      "version": "5.1.6",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.6.tgz",
+      "integrity": "sha512-lKwV/1brpG6mBUFHtb7NUmtABCb2WZZmm2wNiOA5hAb8VdCS4B3dtMWyvcoViccwAW/COERjXLt0zP1zXUN26g==",
+      "dependencies": {
+        "brace-expansion": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/fill-range": {
+      "version": "7.1.1",
+      "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz",
+      "integrity": "sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==",
+      "dependencies": {
+        "to-regex-range": "^5.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/follow-redirects": {
+      "version": "1.15.9",
+      "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.9.tgz",
+      "integrity": "sha512-gew4GsXizNgdoRyqmyfMHyAmXsZDk6mHkSxZFCzW9gwlbtOW44CDtYavM+y+72qD/Vq2l550kMF52DT8fOLJqQ==",
+      "funding": [
+        {
+          "type": "individual",
+          "url": "https://github.com/sponsors/RubenVerborgh"
+        }
+      ],
+      "engines": {
+        "node": ">=4.0"
+      },
+      "peerDependenciesMeta": {
+        "debug": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/form-data": {
+      "version": "4.0.1",
+      "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.1.tgz",
+      "integrity": "sha512-tzN8e4TX8+kkxGPK8D5u0FNmjPUjw3lwC9lSLxxoB/+GtsJG91CO8bSWy73APlgAZzZbXEYZJuxjkHH2w+Ezhw==",
+      "dependencies": {
+        "asynckit": "^0.4.0",
+        "combined-stream": "^1.0.8",
+        "mime-types": "^2.1.12"
+      },
+      "engines": {
+        "node": ">= 6"
+      }
+    },
+    "node_modules/fs-extra": {
+      "version": "9.1.0",
+      "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-9.1.0.tgz",
+      "integrity": "sha512-hcg3ZmepS30/7BSFqRvoo3DOMQu7IjqxO5nCDt+zM9XWjb33Wg7ziNT+Qvqbuc3+gWpzO02JubVyk2G4Zvo1OQ==",
+      "dependencies": {
+        "at-least-node": "^1.0.0",
+        "graceful-fs": "^4.2.0",
+        "jsonfile": "^6.0.1",
+        "universalify": "^2.0.0"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/get-package-type": {
+      "version": "0.1.0",
+      "resolved": "https://registry.npmjs.org/get-package-type/-/get-package-type-0.1.0.tgz",
+      "integrity": "sha512-pjzuKtY64GYfWizNAJ0fr9VqttZkNiK2iS430LtIHzjBEr6bX8Am2zm4sW4Ro5wjWW5cAlRL1qAMTcXbjNAO2Q==",
+      "engines": {
+        "node": ">=8.0.0"
+      }
+    },
+    "node_modules/glob-parent": {
+      "version": "5.1.2",
+      "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz",
+      "integrity": "sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==",
+      "dependencies": {
+        "is-glob": "^4.0.1"
+      },
+      "engines": {
+        "node": ">= 6"
+      }
+    },
+    "node_modules/globby": {
+      "version": "11.1.0",
+      "resolved": "https://registry.npmjs.org/globby/-/globby-11.1.0.tgz",
+      "integrity": "sha512-jhIXaOzy1sb8IyocaruWSn1TjmnBVs8Ayhcy83rmxNJ8q2uWKCAj3CnJY+KpGSXCueAPc0i05kVvVKtP1t9S3g==",
+      "dependencies": {
+        "array-union": "^2.1.0",
+        "dir-glob": "^3.0.1",
+        "fast-glob": "^3.2.9",
+        "ignore": "^5.2.0",
+        "merge2": "^1.4.1",
+        "slash": "^3.0.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/graceful-fs": {
+      "version": "4.2.11",
+      "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.11.tgz",
+      "integrity": "sha512-RbJ5/jmFcNNCcDV5o9eTnBLJ/HszWV0P73bc+Ff4nS/rJj+YaS6IGyiOL0VoBYX+l1Wrl3k63h/KrH+nhJ0XvQ=="
+    },
+    "node_modules/has-flag": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
+      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/hyperlinker": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/hyperlinker/-/hyperlinker-1.0.0.tgz",
+      "integrity": "sha512-Ty8UblRWFEcfSuIaajM34LdPXIhbs1ajEX/BBPv24J+enSVaEVY63xQ6lTO9VRYS5LAoghIG0IDJ+p+IPzKUQQ==",
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/ignore": {
+      "version": "5.3.2",
+      "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.3.2.tgz",
+      "integrity": "sha512-hsBTNUqQTDwkWtcdYI2i06Y/nUBEsNEDJKjWdigLvegy8kDuJAS8uRlpkkcQpyEXL0Z/pjDy5HBmMjRCJ2gq+g==",
+      "engines": {
+        "node": ">= 4"
+      }
+    },
+    "node_modules/indent-string": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/indent-string/-/indent-string-4.0.0.tgz",
+      "integrity": "sha512-EdDDZu4A2OyIK7Lr/2zG+w5jmbuk1DVBnEwREQvBzspBJkCEbRa8GxU1lghYcaGJCnRWibjDXlq779X1/y5xwg==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/is-docker": {
+      "version": "2.2.1",
+      "resolved": "https://registry.npmjs.org/is-docker/-/is-docker-2.2.1.tgz",
+      "integrity": "sha512-F+i2BKsFrH66iaUFc0woD8sLy8getkwTwtOBjvs56Cx4CgJDeKQeqfz8wAYiSb8JOprWhHH5p77PbmYCvvUuXQ==",
+      "bin": {
+        "is-docker": "cli.js"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/is-extglob": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz",
+      "integrity": "sha512-SbKbANkN603Vi4jEZv49LeVJMn4yGwsbzZworEoyEiutsN3nJYdbO36zfhGJ6QEDpOZIFkDtnq5JRxmvl3jsoQ==",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/is-fullwidth-code-point": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz",
+      "integrity": "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/is-glob": {
+      "version": "4.0.3",
+      "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.3.tgz",
+      "integrity": "sha512-xelSayHH36ZgE7ZWhli7pW34hNbNl8Ojv5KVmkJD4hBdD3th8Tfk9vYasLM+mXWOZhFkgZfxhLSnrwRr4elSSg==",
+      "dependencies": {
+        "is-extglob": "^2.1.1"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/is-number": {
+      "version": "7.0.0",
+      "resolved": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz",
+      "integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==",
+      "engines": {
+        "node": ">=0.12.0"
+      }
+    },
+    "node_modules/is-wsl": {
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/is-wsl/-/is-wsl-2.2.0.tgz",
+      "integrity": "sha512-fKzAra0rGJUUBwGBgNkHZuToZcn+TtXHpeCgmkMJMMYx1sQDYaCSyjJBSCa2nH1DGm7s3n1oBnohoVTBaN7Lww==",
+      "dependencies": {
+        "is-docker": "^2.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/isexe": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz",
+      "integrity": "sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw=="
+    },
+    "node_modules/jake": {
+      "version": "10.9.2",
+      "resolved": "https://registry.npmjs.org/jake/-/jake-10.9.2.tgz",
+      "integrity": "sha512-2P4SQ0HrLQ+fw6llpLnOaGAvN2Zu6778SJMrCUwns4fOoG9ayrTiZk3VV8sCPkVZF8ab0zksVpS8FDY5pRCNBA==",
+      "dependencies": {
+        "async": "^3.2.3",
+        "chalk": "^4.0.2",
+        "filelist": "^1.0.4",
+        "minimatch": "^3.1.2"
+      },
+      "bin": {
+        "jake": "bin/cli.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/js-yaml": {
+      "version": "4.1.0",
+      "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz",
+      "integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==",
+      "dependencies": {
+        "argparse": "^2.0.1"
+      },
+      "bin": {
+        "js-yaml": "bin/js-yaml.js"
+      }
+    },
+    "node_modules/jsonfile": {
+      "version": "6.1.0",
+      "resolved": "https://registry.npmjs.org/jsonfile/-/jsonfile-6.1.0.tgz",
+      "integrity": "sha512-5dgndWOriYSm5cnYaJNhalLNDKOqFwyDB/rr1E9ZsGciGvKPs8R2xYGCacuf3z6K1YKDz182fd+fY3cn3pMqXQ==",
+      "dependencies": {
+        "universalify": "^2.0.0"
+      },
+      "optionalDependencies": {
+        "graceful-fs": "^4.1.6"
+      }
+    },
+    "node_modules/jsonpath": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/jsonpath/-/jsonpath-1.1.1.tgz",
+      "integrity": "sha512-l6Cg7jRpixfbgoWgkrl77dgEj8RPvND0wMH6TwQmi9Qs4TFfS9u5cUFnbeKTwj5ga5Y3BTGGNI28k117LJ009w==",
+      "dependencies": {
+        "esprima": "1.2.2",
+        "static-eval": "2.0.2",
+        "underscore": "1.12.1"
+      }
+    },
+    "node_modules/levn": {
+      "version": "0.3.0",
+      "resolved": "https://registry.npmjs.org/levn/-/levn-0.3.0.tgz",
+      "integrity": "sha512-0OO4y2iOHix2W6ujICbKIaEQXvFQHue65vUG3pb5EUomzPI90z9hsA1VsO/dbIIpC53J8gxM9Q4Oho0jrCM/yA==",
+      "dependencies": {
+        "prelude-ls": "~1.1.2",
+        "type-check": "~0.3.2"
+      },
+      "engines": {
+        "node": ">= 0.8.0"
+      }
+    },
+    "node_modules/lodash": {
+      "version": "4.17.21",
+      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz",
+      "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg=="
+    },
+    "node_modules/make-error": {
+      "version": "1.3.6",
+      "resolved": "https://registry.npmjs.org/make-error/-/make-error-1.3.6.tgz",
+      "integrity": "sha512-s8UhlNe7vPKomQhC1qFelMokr/Sc3AgNbso3n74mVPA5LTZwkB9NlXf4XPamLxJE8h0gh73rM94xvwRT2CVInw=="
+    },
+    "node_modules/merge2": {
+      "version": "1.4.1",
+      "resolved": "https://registry.npmjs.org/merge2/-/merge2-1.4.1.tgz",
+      "integrity": "sha512-8q7VEgMJW4J8tcfVPy8g09NcQwZdbwFEqhe/WZkoIzjn/3TGDwtOCYtXGxA3O8tPzpczCCDgv+P2P5y00ZJOOg==",
+      "engines": {
+        "node": ">= 8"
+      }
+    },
+    "node_modules/mergician": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/mergician/-/mergician-1.1.0.tgz",
+      "integrity": "sha512-FXbxzU6BBhGkV8XtUr8Sk015ZRaAALviit8Lle6OEgd1udX8wlu6tBeUMLGQGdz1MfHpAVNNQkXowyDnJuhXpA==",
+      "engines": {
+        "node": ">=10.0.0"
+      }
+    },
+    "node_modules/micromatch": {
+      "version": "4.0.8",
+      "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.8.tgz",
+      "integrity": "sha512-PXwfBhYu0hBCPw8Dn0E+WDYb7af3dSLVWKi3HGv84IdF4TyFoC0ysxFd0Goxw7nSv4T/PzEJQxsYsEiFCKo2BA==",
+      "dependencies": {
+        "braces": "^3.0.3",
+        "picomatch": "^2.3.1"
+      },
+      "engines": {
+        "node": ">=8.6"
+      }
+    },
+    "node_modules/mime-db": {
+      "version": "1.52.0",
+      "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz",
+      "integrity": "sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/mime-types": {
+      "version": "2.1.35",
+      "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz",
+      "integrity": "sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==",
+      "dependencies": {
+        "mime-db": "1.52.0"
+      },
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/minimatch": {
+      "version": "3.1.2",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
+      "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==",
+      "dependencies": {
+        "brace-expansion": "^1.1.7"
+      },
+      "engines": {
+        "node": "*"
+      }
+    },
+    "node_modules/ms": {
+      "version": "2.1.3",
+      "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz",
+      "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA=="
+    },
+    "node_modules/natural-orderby": {
+      "version": "2.0.3",
+      "resolved": "https://registry.npmjs.org/natural-orderby/-/natural-orderby-2.0.3.tgz",
+      "integrity": "sha512-p7KTHxU0CUrcOXe62Zfrb5Z13nLvPhSWR/so3kFulUQU0sgUll2Z0LwpsLN351eOOD+hRGu/F1g+6xDfPeD++Q==",
+      "engines": {
+        "node": "*"
+      }
+    },
+    "node_modules/oas-schemas": {
+      "version": "2.0.0",
+      "resolved": "git+https://git@github.com/OAI/OpenAPI-Specification.git#0f9d3ec7c033fef184ec54e1ffc201b2d61ce023",
+      "integrity": "sha512-B0izsjJFhgA/KCQExAt7cfLyw42KD+r3NE7hKbkmGSqoe3gb57eMUXTlN4MwEicFR86Gno+h3OSnRcHfUlVubQ=="
+    },
+    "node_modules/object-treeify": {
+      "version": "1.1.33",
+      "resolved": "https://registry.npmjs.org/object-treeify/-/object-treeify-1.1.33.tgz",
+      "integrity": "sha512-EFVjAYfzWqWsBMRHPMAXLCDIJnpMhdWAqR7xG6M6a2cs6PMFpl/+Z20w9zDW4vkxOFfddegBKq9Rehd0bxWE7A==",
+      "engines": {
+        "node": ">= 10"
+      }
+    },
+    "node_modules/optionator": {
+      "version": "0.8.3",
+      "resolved": "https://registry.npmjs.org/optionator/-/optionator-0.8.3.tgz",
+      "integrity": "sha512-+IW9pACdk3XWmmTXG8m3upGUJst5XRGzxMRjXzAuJ1XnIFNvfhjjIuYkDvysnPQ7qzqVzLt78BCruntqRhWQbA==",
+      "dependencies": {
+        "deep-is": "~0.1.3",
+        "fast-levenshtein": "~2.0.6",
+        "levn": "~0.3.0",
+        "prelude-ls": "~1.1.2",
+        "type-check": "~0.3.2",
+        "word-wrap": "~1.2.3"
+      },
+      "engines": {
+        "node": ">= 0.8.0"
+      }
+    },
+    "node_modules/password-prompt": {
+      "version": "1.1.3",
+      "resolved": "https://registry.npmjs.org/password-prompt/-/password-prompt-1.1.3.tgz",
+      "integrity": "sha512-HkrjG2aJlvF0t2BMH0e2LB/EHf3Lcq3fNMzy4GYHcQblAvOl+QQji1Lx7WRBMqpVK8p+KR7bCg7oqAMXtdgqyw==",
+      "dependencies": {
+        "ansi-escapes": "^4.3.2",
+        "cross-spawn": "^7.0.3"
+      }
+    },
+    "node_modules/path-key": {
+      "version": "3.1.1",
+      "resolved": "https://registry.npmjs.org/path-key/-/path-key-3.1.1.tgz",
+      "integrity": "sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/path-type": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/path-type/-/path-type-4.0.0.tgz",
+      "integrity": "sha512-gDKb8aZMDeD/tZWs9P6+q0J9Mwkdl6xMV8TjnGP3qJVJ06bdMgkbBlLU8IdfOsIsFz2BW1rNVT3XuNEl8zPAvw==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/picocolors": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/picocolors/-/picocolors-1.1.1.tgz",
+      "integrity": "sha512-xceH2snhtb5M9liqDsmEw56le376mTZkEX/jEb/RxNFyegNul7eNslCXP9FDj/Lcu0X8KEyMceP2ntpaHrDEVA=="
+    },
+    "node_modules/picomatch": {
+      "version": "2.3.1",
+      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz",
+      "integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==",
+      "engines": {
+        "node": ">=8.6"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/jonschlinkert"
+      }
+    },
+    "node_modules/prelude-ls": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/prelude-ls/-/prelude-ls-1.1.2.tgz",
+      "integrity": "sha512-ESF23V4SKG6lVSGZgYNpbsiaAkdab6ZgOxe52p7+Kid3W3u3bxR4Vfd/o21dmN7jSt0IwgZ4v5MUd26FEtXE9w==",
+      "engines": {
+        "node": ">= 0.8.0"
+      }
+    },
+    "node_modules/proxy-from-env": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-1.1.0.tgz",
+      "integrity": "sha512-D+zkORCbA9f1tdWRK0RaCR3GPv50cMxcrz4X8k5LTSUD1Dkw47mKJEZQNunItRTkWwgtaUSo1RVFRIG9ZXiFYg=="
+    },
+    "node_modules/queue-microtask": {
+      "version": "1.2.3",
+      "resolved": "https://registry.npmjs.org/queue-microtask/-/queue-microtask-1.2.3.tgz",
+      "integrity": "sha512-NuaNSa6flKT5JaSYQzJok04JzTL1CA6aGhv5rfLW3PgqA+M2ChpZQnAC8h8i4ZFkBS8X5RqkDBHA7r4hej3K9A==",
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/feross"
+        },
+        {
+          "type": "patreon",
+          "url": "https://www.patreon.com/feross"
+        },
+        {
+          "type": "consulting",
+          "url": "https://feross.org/support"
+        }
+      ]
+    },
+    "node_modules/redeyed": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/redeyed/-/redeyed-2.1.1.tgz",
+      "integrity": "sha512-FNpGGo1DycYAdnrKFxCMmKYgo/mILAqtRYbkdQD8Ep/Hk2PQ5+aEAEx+IU713RTDmuBaH0c8P5ZozurNu5ObRQ==",
+      "dependencies": {
+        "esprima": "~4.0.0"
+      }
+    },
+    "node_modules/redeyed/node_modules/esprima": {
+      "version": "4.0.1",
+      "resolved": "https://registry.npmjs.org/esprima/-/esprima-4.0.1.tgz",
+      "integrity": "sha512-eGuFFw7Upda+g4p+QHvnW0RyTX/SVeJBDM/gCtMARO0cLuT2HcEKnTPvhjV6aGeqrCB/sbNop0Kszm0jsaWU4A==",
+      "bin": {
+        "esparse": "bin/esparse.js",
+        "esvalidate": "bin/esvalidate.js"
+      },
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/reusify": {
+      "version": "1.0.4",
+      "resolved": "https://registry.npmjs.org/reusify/-/reusify-1.0.4.tgz",
+      "integrity": "sha512-U9nH88a3fc/ekCF1l0/UP1IosiuIjyTh7hBvXVMHYgVcfGvt897Xguj2UOLDeI5BG2m7/uwyaLVT6fbtCwTyzw==",
+      "engines": {
+        "iojs": ">=1.0.0",
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/run-parallel": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/run-parallel/-/run-parallel-1.2.0.tgz",
+      "integrity": "sha512-5l4VyZR86LZ/lDxZTR6jqL8AFE2S0IFLMP26AbjsLVADxHdhB/c0GUsH+y39UfCi3dzz8OlQuPmnaJOMoDHQBA==",
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/feross"
+        },
+        {
+          "type": "patreon",
+          "url": "https://www.patreon.com/feross"
+        },
+        {
+          "type": "consulting",
+          "url": "https://feross.org/support"
+        }
+      ],
+      "dependencies": {
+        "queue-microtask": "^1.2.2"
+      }
+    },
+    "node_modules/semver": {
+      "version": "7.6.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/shebang-command": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/shebang-command/-/shebang-command-2.0.0.tgz",
+      "integrity": "sha512-kHxr2zZpYtdmrN1qDjrrX/Z1rR1kG8Dx+gkpK1G4eXmvXswmcE1hTWBWYUzlraYw1/yZp6YuDY77YtvbN0dmDA==",
+      "dependencies": {
+        "shebang-regex": "^3.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/shebang-regex": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/shebang-regex/-/shebang-regex-3.0.0.tgz",
+      "integrity": "sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/sisteransi": {
+      "version": "1.0.5",
+      "resolved": "https://registry.npmjs.org/sisteransi/-/sisteransi-1.0.5.tgz",
+      "integrity": "sha512-bLGGlR1QxBcynn2d5YmDX4MGjlZvy2MRBDRNHLJ8VI6l6+9FUiyTFNJ0IveOSP0bcXgVDPRcfGqA0pjaqUpfVg=="
+    },
+    "node_modules/slash": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/slash/-/slash-3.0.0.tgz",
+      "integrity": "sha512-g9Q1haeby36OSStwb4ntCGGGaKsaVSjQ68fBxoQcutl5fS1vuY18H3wSt3jFyFtrkx+Kz0V1G85A4MyAdDMi2Q==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/slice-ansi": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/slice-ansi/-/slice-ansi-4.0.0.tgz",
+      "integrity": "sha512-qMCMfhY040cVHT43K9BFygqYbUPFZKHOg7K73mtTWJRb8pyP3fzf4Ixd5SzdEJQ6MRUg/WBnOLxghZtKKurENQ==",
+      "dependencies": {
+        "ansi-styles": "^4.0.0",
+        "astral-regex": "^2.0.0",
+        "is-fullwidth-code-point": "^3.0.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/slice-ansi?sponsor=1"
+      }
+    },
+    "node_modules/source-map": {
+      "version": "0.6.1",
+      "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz",
+      "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==",
+      "optional": true,
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/sprintf-js": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz",
+      "integrity": "sha512-D9cPgkvLlV3t3IzL0D0YLvGA9Ahk4PcvVwUbN0dSGr1aP0Nrt4AEnTUbuGvquEC0mA64Gqt1fzirlRs5ibXx8g=="
+    },
+    "node_modules/static-eval": {
+      "version": "2.0.2",
+      "resolved": "https://registry.npmjs.org/static-eval/-/static-eval-2.0.2.tgz",
+      "integrity": "sha512-N/D219Hcr2bPjLxPiV+TQE++Tsmrady7TqAJugLy7Xk1EumfDWS/f5dtBbkRCGE7wKKXuYockQoj8Rm2/pVKyg==",
+      "dependencies": {
+        "escodegen": "^1.8.1"
+      }
+    },
+    "node_modules/string-width": {
+      "version": "4.2.3",
+      "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz",
+      "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==",
+      "dependencies": {
+        "emoji-regex": "^8.0.0",
+        "is-fullwidth-code-point": "^3.0.0",
+        "strip-ansi": "^6.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/strip-ansi": {
+      "version": "6.0.1",
+      "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz",
+      "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==",
+      "dependencies": {
+        "ansi-regex": "^5.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/supports-color": {
+      "version": "8.1.1",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-8.1.1.tgz",
+      "integrity": "sha512-MpUEN2OodtUzxvKQl72cUF7RQ5EiHsGvSsVG0ia9c5RbWGL2CI4C7EpPS8UTBIplnlzZiNuV56w+FuNxy3ty2Q==",
+      "dependencies": {
+        "has-flag": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/supports-color?sponsor=1"
+      }
+    },
+    "node_modules/supports-hyperlinks": {
+      "version": "2.3.0",
+      "resolved": "https://registry.npmjs.org/supports-hyperlinks/-/supports-hyperlinks-2.3.0.tgz",
+      "integrity": "sha512-RpsAZlpWcDwOPQA22aCH4J0t7L8JmAvsCxfOSEwm7cQs3LshN36QaTkwd70DnBOXDWGssw2eUoc8CaRWT0XunA==",
+      "dependencies": {
+        "has-flag": "^4.0.0",
+        "supports-color": "^7.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/supports-hyperlinks/node_modules/supports-color": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
+      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
+      "dependencies": {
+        "has-flag": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/to-regex-range": {
+      "version": "5.0.1",
+      "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz",
+      "integrity": "sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==",
+      "dependencies": {
+        "is-number": "^7.0.0"
+      },
+      "engines": {
+        "node": ">=8.0"
+      }
+    },
+    "node_modules/ts-node": {
+      "version": "10.9.2",
+      "resolved": "https://registry.npmjs.org/ts-node/-/ts-node-10.9.2.tgz",
+      "integrity": "sha512-f0FFpIdcHgn8zcPSbf1dRevwt047YMnaiJM3u2w2RewrB+fob/zePZcrOyQoLMMO7aBIddLcQIEK5dYjkLnGrQ==",
+      "dependencies": {
+        "@cspotcode/source-map-support": "^0.8.0",
+        "@tsconfig/node10": "^1.0.7",
+        "@tsconfig/node12": "^1.0.7",
+        "@tsconfig/node14": "^1.0.0",
+        "@tsconfig/node16": "^1.0.2",
+        "acorn": "^8.4.1",
+        "acorn-walk": "^8.1.1",
+        "arg": "^4.1.0",
+        "create-require": "^1.1.0",
+        "diff": "^4.0.1",
+        "make-error": "^1.1.1",
+        "v8-compile-cache-lib": "^3.0.1",
+        "yn": "3.1.1"
+      },
+      "bin": {
+        "ts-node": "dist/bin.js",
+        "ts-node-cwd": "dist/bin-cwd.js",
+        "ts-node-esm": "dist/bin-esm.js",
+        "ts-node-script": "dist/bin-script.js",
+        "ts-node-transpile-only": "dist/bin-transpile.js",
+        "ts-script": "dist/bin-script-deprecated.js"
+      },
+      "peerDependencies": {
+        "@swc/core": ">=1.2.50",
+        "@swc/wasm": ">=1.2.50",
+        "@types/node": "*",
+        "typescript": ">=2.7"
+      },
+      "peerDependenciesMeta": {
+        "@swc/core": {
+          "optional": true
+        },
+        "@swc/wasm": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/tslib": {
+      "version": "2.8.0",
+      "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.8.0.tgz",
+      "integrity": "sha512-jWVzBLplnCmoaTr13V9dYbiQ99wvZRd0vNWaDRg+aVYRcjDF3nDksxFDE/+fkXnKhpnUUkmx5pK/v8mCtLVqZA=="
+    },
+    "node_modules/type-check": {
+      "version": "0.3.2",
+      "resolved": "https://registry.npmjs.org/type-check/-/type-check-0.3.2.tgz",
+      "integrity": "sha512-ZCmOJdvOWDBYJlzAoFkC+Q0+bUyEOS1ltgp1MGU03fqHG+dbi9tBFU2Rd9QKiDZFAYrhPh2JUf7rZRIuHRKtOg==",
+      "dependencies": {
+        "prelude-ls": "~1.1.2"
+      },
+      "engines": {
+        "node": ">= 0.8.0"
+      }
+    },
+    "node_modules/type-fest": {
+      "version": "0.21.3",
+      "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-0.21.3.tgz",
+      "integrity": "sha512-t0rzBq87m3fVcduHDUFhKmyyX+9eo6WQjZvf51Ea/M0Q7+T374Jp1aUiyUl0GKxp8M/OETVHSDvmkyPgvX+X2w==",
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/typescript": {
+      "version": "5.6.3",
+      "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.6.3.tgz",
+      "integrity": "sha512-hjcS1mhfuyi4WW8IWtjP7brDrG2cuDZukyrYrSauoXGNgx0S7zceP07adYkJycEr56BOUTNPzbInooiN3fn1qw==",
+      "peer": true,
+      "bin": {
+        "tsc": "bin/tsc",
+        "tsserver": "bin/tsserver"
+      },
+      "engines": {
+        "node": ">=14.17"
+      }
+    },
+    "node_modules/underscore": {
+      "version": "1.12.1",
+      "resolved": "https://registry.npmjs.org/underscore/-/underscore-1.12.1.tgz",
+      "integrity": "sha512-hEQt0+ZLDVUMhebKxL4x1BTtDY7bavVofhZ9KZ4aI26X9SRaE+Y3m83XUL1UP2jn8ynjndwCCpEHdUG+9pP1Tw=="
+    },
+    "node_modules/undici-types": {
+      "version": "6.19.8",
+      "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-6.19.8.tgz",
+      "integrity": "sha512-ve2KP6f/JnbPBFyobGHuerC9g1FYGn/F8n1LWTwNxCEzd6IfqTwUQcNXgEtmmQ6DlRrC1hrSrBnCZPokRrDHjw=="
+    },
+    "node_modules/universalify": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/universalify/-/universalify-2.0.1.tgz",
+      "integrity": "sha512-gptHNQghINnc/vTGIk0SOFGFNXw7JVrlRUtConJRlvaw6DuX0wO5Jeko9sWrMBhh+PsYAZ7oXAiOnf/UKogyiw==",
+      "engines": {
+        "node": ">= 10.0.0"
+      }
+    },
+    "node_modules/utility-types": {
+      "version": "3.11.0",
+      "resolved": "https://registry.npmjs.org/utility-types/-/utility-types-3.11.0.tgz",
+      "integrity": "sha512-6Z7Ma2aVEWisaL6TvBCy7P8rm2LQoPv6dJ7ecIaIixHcwfbJ0x7mWdbcwlIM5IGQxPZSFYeqRCqlOOeKoJYMkw==",
+      "engines": {
+        "node": ">= 4"
+      }
+    },
+    "node_modules/v8-compile-cache-lib": {
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/v8-compile-cache-lib/-/v8-compile-cache-lib-3.0.1.tgz",
+      "integrity": "sha512-wa7YjyUGfNZngI/vtK0UHAN+lgDCxBPCylVXGp0zu59Fz5aiGtNXaq3DhIov063MorB+VfufLh3JlF2KdTK3xg=="
+    },
+    "node_modules/which": {
+      "version": "2.0.2",
+      "resolved": "https://registry.npmjs.org/which/-/which-2.0.2.tgz",
+      "integrity": "sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA==",
+      "dependencies": {
+        "isexe": "^2.0.0"
+      },
+      "bin": {
+        "node-which": "bin/node-which"
+      },
+      "engines": {
+        "node": ">= 8"
+      }
+    },
+    "node_modules/widest-line": {
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/widest-line/-/widest-line-3.1.0.tgz",
+      "integrity": "sha512-NsmoXalsWVDMGupxZ5R08ka9flZjjiLvHVAWYOKtiKM8ujtZWr9cRffak+uSE48+Ob8ObalXpwyeUiyDD6QFgg==",
+      "dependencies": {
+        "string-width": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/word-wrap": {
+      "version": "1.2.5",
+      "resolved": "https://registry.npmjs.org/word-wrap/-/word-wrap-1.2.5.tgz",
+      "integrity": "sha512-BN22B5eaMMI9UMtjrGd5g5eCYPpCPDUy0FJXbYsaT5zYxjFOckS53SQDE3pWkVoWpHXVb3BrYcEN4Twa55B5cA==",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/wordwrap": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/wordwrap/-/wordwrap-1.0.0.tgz",
+      "integrity": "sha512-gvVzJFlPycKc5dZN4yPkP8w7Dc37BtP1yczEneOb4uq34pXZcvrtRTmWV8W+Ume+XCxKgbjM+nevkyFPMybd4Q=="
+    },
+    "node_modules/wrap-ansi": {
+      "version": "7.0.0",
+      "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz",
+      "integrity": "sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==",
+      "dependencies": {
+        "ansi-styles": "^4.0.0",
+        "string-width": "^4.1.0",
+        "strip-ansi": "^6.0.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/wrap-ansi?sponsor=1"
+      }
+    },
+    "node_modules/yn": {
+      "version": "3.1.1",
+      "resolved": "https://registry.npmjs.org/yn/-/yn-3.1.1.tgz",
+      "integrity": "sha512-Ux4ygGWsu2c7isFWe8Yu1YluJmqVhxqK2cLXNQA5AcC3QfbGNpM7fu0Y8b/z16pXLnFxZYvWhd3fhBY9DLmC6Q==",
+      "engines": {
+        "node": ">=6"
+      }
+    }
+  }
+}
diff --git a/.buildkite/scripts/steps/openapi_publishing/package.json b/.buildkite/scripts/steps/openapi_publishing/package.json
new file mode 100644
index 0000000000000..fa60b97905b14
--- /dev/null
+++ b/.buildkite/scripts/steps/openapi_publishing/package.json
@@ -0,0 +1,15 @@
+{
+  "name": "serverless",
+  "version": "1.0.0",
+  "main": "index.js",
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "keywords": [],
+  "author": "",
+  "license": "ISC",
+  "description": "",
+  "dependencies": {
+    "bump-cli": "^2.8.4"
+  }
+}
diff --git a/.buildkite/scripts/steps/openapi_publishing/publish_oas_docs.sh b/.buildkite/scripts/steps/openapi_publishing/publish_oas_docs.sh
new file mode 100755
index 0000000000000..2791f9519afd9
--- /dev/null
+++ b/.buildkite/scripts/steps/openapi_publishing/publish_oas_docs.sh
@@ -0,0 +1,56 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+source .buildkite/scripts/common/util.sh
+
+echo "--- Publish OAS docs"
+
+echo "--- Installing NPM modules"
+
+deploy_to_bump() {
+  local file_path="${1:-}"
+  local doc_name="${2:-}"
+  local doc_token="${3:-}"
+  local branch="${4:-}"
+  local cur_dir=$(pwd)
+
+  cd "$(dirname "${BASH_SOURCE[0]}")"
+  npm install
+
+  echo "Checking diff for doc '$doc_name' against file '$file_path' on branch '$branch'..."
+  local result=$(npx bump diff $file_path --doc $doc_name --token $doc_token --branch $branch --format=json)
+  local change_count=$(jq '. | length' <<<$result)
+  if [[ ! -z $change_count && $change_count -gt 0 ]]; then
+    echo "Found $change_count changes..."
+    echo "About to deploy file '$file_path' to doc '$doc_name' to '$branch' on bump.sh..."
+    npx bump deploy $file_path \
+      --branch $branch \
+      --doc $doc_name \
+      --token $doc_token ;
+    echo ""
+    echo "Note: if there is a warning of unchanged docs we probably have unpublished deployments waiting."
+    echo "Go to https://bump.sh/elastic/dashboard to see all the docs in the hub."
+  else
+    echo "Did not detect changes for '$file_path'; not deploying. Got response: '$result'"
+  fi
+
+  echo "Switch back to dir '$cur_dir'"
+  cd $cur_dir
+}
+
+if [[ "$BUILDKITE_BRANCH" == "main" ]]; then
+  BUMP_KIBANA_DOC_NAME="$(vault_get kibana-bump-sh kibana-doc-name)"
+  BUMP_KIBANA_DOC_TOKEN="$(vault_get kibana-bump-sh kibana-token)"
+  deploy_to_bump "$(pwd)/oas_docs/output/kibana.yaml" $BUMP_KIBANA_DOC_NAME $BUMP_KIBANA_DOC_TOKEN main;
+  exit 0;
+fi
+
+if [[ "$BUILDKITE_BRANCH" == "8.x" ]]; then
+  BUMP_KIBANA_DOC_NAME="$(vault_get kibana-bump-sh kibana-doc-name)"
+  BUMP_KIBANA_DOC_TOKEN="$(vault_get kibana-bump-sh kibana-token)"
+  deploy_to_bump "$(pwd)/oas_docs/output/kibana.yaml" $BUMP_KIBANA_DOC_NAME $BUMP_KIBANA_DOC_TOKEN 8x-unreleased;
+  exit 0;
+fi
+
+echo "No branches found to push to; stopping here."
\ No newline at end of file
diff --git a/.eslintrc.js b/.eslintrc.js
index 730c9599f23f9..e2d02c33288a7 100644
--- a/.eslintrc.js
+++ b/.eslintrc.js
@@ -1995,9 +1995,6 @@ module.exports = {
         // logsShared depends on o11y/private plugins, but platform plugins depend on it
         'x-pack/plugins/observability_solution/logs_shared/**',
 
-        // this plugin depends on visTypeTimeseries plugin (for TSVB viz) which is platform/private ATM
-        'x-pack/plugins/observability_solution/infra/**',
-
         // TODO @kibana/operations
         'scripts/create_observability_rules.js', // is importing "@kbn/observability-alerting-test-data" (observability/private)
         'src/cli_setup/**', // is importing "@kbn/interactive-setup-plugin" (platform/private)
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
index ef265cf7c569a..06f8a9c6d05a1 100644
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -324,7 +324,7 @@ packages/kbn-custom-icons @elastic/obs-ux-logs-team
 packages/kbn-custom-integrations @elastic/obs-ux-logs-team
 packages/kbn-cypress-config @elastic/kibana-operations
 packages/kbn-data-service @elastic/kibana-visualizations @elastic/kibana-data-discovery
-packages/kbn-data-stream-adapter @elastic/security-threat-hunting-explore
+packages/kbn-data-stream-adapter @elastic/security-threat-hunting
 packages/kbn-data-view-utils @elastic/kibana-data-discovery
 packages/kbn-datemath @elastic/kibana-data-discovery
 packages/kbn-dev-cli-errors @elastic/kibana-operations
@@ -380,6 +380,7 @@ packages/kbn-i18n @elastic/kibana-core
 packages/kbn-i18n-react @elastic/kibana-core
 packages/kbn-import-locator @elastic/kibana-operations
 packages/kbn-import-resolver @elastic/kibana-operations
+packages/kbn-index-adapter @elastic/security-threat-hunting
 packages/kbn-interpreter @elastic/kibana-visualizations
 packages/kbn-investigation-shared @elastic/obs-ux-management-team
 packages/kbn-io-ts-utils @elastic/obs-knowledge-team
@@ -830,7 +831,9 @@ x-pack/packages/observability/alerting_rule_utils @elastic/obs-ux-management-tea
 x-pack/packages/observability/alerting_test_data @elastic/obs-ux-management-team
 x-pack/packages/observability/get_padded_alert_time_range_util @elastic/obs-ux-management-team
 x-pack/packages/observability/logs_overview @elastic/obs-ux-logs-team
-x-pack/packages/observability/observability_utils @elastic/observability-ui
+x-pack/packages/observability/observability_utils/observability_utils_browser @elastic/observability-ui
+x-pack/packages/observability/observability_utils/observability_utils_common @elastic/observability-ui
+x-pack/packages/observability/observability_utils/observability_utils_server @elastic/observability-ui
 x-pack/packages/observability/synthetics_test_data @elastic/obs-ux-management-team
 x-pack/packages/rollup @elastic/kibana-management
 x-pack/packages/search/shared_ui @elastic/search-kibana
@@ -966,6 +969,7 @@ x-pack/plugins/snapshot_restore @elastic/kibana-management
 x-pack/plugins/spaces @elastic/kibana-security
 x-pack/plugins/stack_alerts @elastic/response-ops
 x-pack/plugins/stack_connectors @elastic/response-ops
+x-pack/plugins/streams @simianhacker @flash1293 @dgieselaar
 x-pack/plugins/task_manager @elastic/response-ops
 x-pack/plugins/telemetry_collection_xpack @elastic/kibana-core
 x-pack/plugins/threat_intelligence @elastic/security-threat-hunting-investigations
@@ -1230,7 +1234,7 @@ x-pack/test_serverless/**/test_suites/observability/ai_assistant @elastic/obs-ai
 /x-pack/test_serverless/**/test_suites/observability/custom_threshold_rule/ @elastic/obs-ux-management-team
 /x-pack/test_serverless/**/test_suites/observability/slos/ @elastic/obs-ux-management-team
 /x-pack/test_serverless/api_integration/test_suites/observability/es_query_rule @elastic/obs-ux-management-team
-/x-pack/test/api_integration/deployment_agnostic/apis/observability/alerting/burn_rate_rule @elastic/obs-ux-management-team
+/x-pack/test/api_integration/deployment_agnostic/apis/observability/alerting @elastic/obs-ux-management-team
 /x-pack/test/api_integration/deployment_agnostic/services/alerting_api @elastic/obs-ux-management-team
 /x-pack/test/api_integration/deployment_agnostic/services/slo_api @elastic/obs-ux-management-team
 /x-pack/test_serverless/**/test_suites/observability/infra/ @elastic/obs-ux-infra_services-team
diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
index 737eedabadfa0..8ed73aa521aff 100644
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -5,37 +5,26 @@ Summarize your PR. If it involves visual changes include a screenshot or gif.
 
 ### Checklist
 
-Delete any items that are not applicable to this PR.
+Check the PR satisfies following conditions. 
+
+Reviewers should verify this PR satisfies this list as well.
 
 - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)
 - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials
 - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
-- [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed
-- [ ] Any UI touched in this PR is usable by keyboard only (learn more about [keyboard accessibility](https://webaim.org/techniques/keyboard/))
-- [ ] Any UI touched in this PR does not create any new axe failures (run axe in browser: [FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/), [Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US))
 - [ ] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)
-- [ ] This renders correctly on smaller devices using a responsive layout. (You can test this [in your browser](https://www.browserstack.com/guide/responsive-testing-on-local-server))
-- [ ] This was checked for [cross-browser compatibility](https://www.elastic.co/support/matrix#matrix_browsers)
-
-
-### Risk Matrix
-
-Delete this section if it is not applicable to this PR.
+- [ ] This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The `release_note:breaking` label should be applied in these situations.
+- [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed
+- [ ] The PR  description includes the appropriate Release Notes section, and the correct `release_node:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
 
-Before closing this PR, invite QA, stakeholders, and other developers to identify risks that should be tested prior to the change/feature release.
+### Identify risks
 
-When forming the risk matrix, consider some of the following examples and how they may potentially impact the change:
+Does this PR introduce any risks? For example, consider risks like hard to test bugs, performance regression, potential of data loss.
 
-| Risk                      | Probability | Severity | Mitigation/Notes        |
-|---------------------------|-------------|----------|-------------------------|
-| Multiple Spaces&mdash;unexpected behavior in non-default Kibana Space. | Low | High | Integration tests will verify that all features are still supported in non-default Kibana Space and when user switches between spaces. |
-| Multiple nodes&mdash;Elasticsearch polling might have race conditions when multiple Kibana nodes are polling for the same tasks. | High | Low | Tasks are idempotent, so executing them multiple times will not result in logical error, but will degrade performance. To test for this case we add plenty of unit tests around this logic and document manual testing procedure. |
-| Code should gracefully handle cases when feature X or plugin Y are disabled. | Medium | High | Unit tests will verify that any feature flag or plugin combination still results in our service operational. |
-| [See more potential risk examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) |
+Describe the risk, its severity, and mitigation for each identified risk. Invite stakeholders and evaluate how to proceed before merging.
 
+- [ ] [See some risk examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx)
+- [ ] ...
 
-### For maintainers
 
-- [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#_add_your_labels)
-- [ ] This will appear in the **Release Notes** and follow the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
 
diff --git a/api_docs/actions.mdx b/api_docs/actions.mdx
index 8213690c68bbc..35cf5ca247ace 100644
--- a/api_docs/actions.mdx
+++ b/api_docs/actions.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/actions
 title: "actions"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the actions plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'actions']
 ---
 import actionsObj from './actions.devdocs.json';
diff --git a/api_docs/advanced_settings.mdx b/api_docs/advanced_settings.mdx
index 6ff23feb1abea..ac79b8ccc8d12 100644
--- a/api_docs/advanced_settings.mdx
+++ b/api_docs/advanced_settings.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/advancedSettings
 title: "advancedSettings"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the advancedSettings plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'advancedSettings']
 ---
 import advancedSettingsObj from './advanced_settings.devdocs.json';
diff --git a/api_docs/ai_assistant_management_selection.mdx b/api_docs/ai_assistant_management_selection.mdx
index 903d7bb8564d7..b6362552d9ead 100644
--- a/api_docs/ai_assistant_management_selection.mdx
+++ b/api_docs/ai_assistant_management_selection.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/aiAssistantManagementSelection
 title: "aiAssistantManagementSelection"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the aiAssistantManagementSelection plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'aiAssistantManagementSelection']
 ---
 import aiAssistantManagementSelectionObj from './ai_assistant_management_selection.devdocs.json';
diff --git a/api_docs/aiops.mdx b/api_docs/aiops.mdx
index 2dbb911712afe..c52912446a33d 100644
--- a/api_docs/aiops.mdx
+++ b/api_docs/aiops.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/aiops
 title: "aiops"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the aiops plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'aiops']
 ---
 import aiopsObj from './aiops.devdocs.json';
diff --git a/api_docs/alerting.mdx b/api_docs/alerting.mdx
index f1c95bf42eee4..47478b1f560b5 100644
--- a/api_docs/alerting.mdx
+++ b/api_docs/alerting.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/alerting
 title: "alerting"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the alerting plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'alerting']
 ---
 import alertingObj from './alerting.devdocs.json';
diff --git a/api_docs/apm.mdx b/api_docs/apm.mdx
index d0518c5574ce6..cae9138db830c 100644
--- a/api_docs/apm.mdx
+++ b/api_docs/apm.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/apm
 title: "apm"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the apm plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'apm']
 ---
 import apmObj from './apm.devdocs.json';
diff --git a/api_docs/apm_data_access.mdx b/api_docs/apm_data_access.mdx
index 76949f4388791..25d60856b10f9 100644
--- a/api_docs/apm_data_access.mdx
+++ b/api_docs/apm_data_access.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/apmDataAccess
 title: "apmDataAccess"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the apmDataAccess plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'apmDataAccess']
 ---
 import apmDataAccessObj from './apm_data_access.devdocs.json';
diff --git a/api_docs/banners.mdx b/api_docs/banners.mdx
index 4c8900cf3582a..02bd931b56203 100644
--- a/api_docs/banners.mdx
+++ b/api_docs/banners.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/banners
 title: "banners"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the banners plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'banners']
 ---
 import bannersObj from './banners.devdocs.json';
diff --git a/api_docs/bfetch.mdx b/api_docs/bfetch.mdx
index a9e8cc610f7b8..254197ac57793 100644
--- a/api_docs/bfetch.mdx
+++ b/api_docs/bfetch.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/bfetch
 title: "bfetch"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the bfetch plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'bfetch']
 ---
 import bfetchObj from './bfetch.devdocs.json';
diff --git a/api_docs/canvas.mdx b/api_docs/canvas.mdx
index 477390c3afae8..007f3040e943c 100644
--- a/api_docs/canvas.mdx
+++ b/api_docs/canvas.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/canvas
 title: "canvas"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the canvas plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'canvas']
 ---
 import canvasObj from './canvas.devdocs.json';
diff --git a/api_docs/cases.mdx b/api_docs/cases.mdx
index dd96643533e4d..97d8b5995a25e 100644
--- a/api_docs/cases.mdx
+++ b/api_docs/cases.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/cases
 title: "cases"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the cases plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'cases']
 ---
 import casesObj from './cases.devdocs.json';
diff --git a/api_docs/charts.mdx b/api_docs/charts.mdx
index 52e0f0e1b1e73..0b386f3ac20c8 100644
--- a/api_docs/charts.mdx
+++ b/api_docs/charts.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/charts
 title: "charts"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the charts plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'charts']
 ---
 import chartsObj from './charts.devdocs.json';
diff --git a/api_docs/cloud.mdx b/api_docs/cloud.mdx
index 05c7d8e004883..947ed636a62bf 100644
--- a/api_docs/cloud.mdx
+++ b/api_docs/cloud.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/cloud
 title: "cloud"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the cloud plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'cloud']
 ---
 import cloudObj from './cloud.devdocs.json';
diff --git a/api_docs/cloud_data_migration.mdx b/api_docs/cloud_data_migration.mdx
index edb6f7038849f..bf94950b6e5b4 100644
--- a/api_docs/cloud_data_migration.mdx
+++ b/api_docs/cloud_data_migration.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/cloudDataMigration
 title: "cloudDataMigration"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the cloudDataMigration plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'cloudDataMigration']
 ---
 import cloudDataMigrationObj from './cloud_data_migration.devdocs.json';
diff --git a/api_docs/cloud_defend.mdx b/api_docs/cloud_defend.mdx
index 3d811c99930f9..03b9c0ae5b9d6 100644
--- a/api_docs/cloud_defend.mdx
+++ b/api_docs/cloud_defend.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/cloudDefend
 title: "cloudDefend"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the cloudDefend plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'cloudDefend']
 ---
 import cloudDefendObj from './cloud_defend.devdocs.json';
diff --git a/api_docs/cloud_security_posture.mdx b/api_docs/cloud_security_posture.mdx
index eb53334573259..9e03bf53d9f80 100644
--- a/api_docs/cloud_security_posture.mdx
+++ b/api_docs/cloud_security_posture.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/cloudSecurityPosture
 title: "cloudSecurityPosture"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the cloudSecurityPosture plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'cloudSecurityPosture']
 ---
 import cloudSecurityPostureObj from './cloud_security_posture.devdocs.json';
diff --git a/api_docs/console.mdx b/api_docs/console.mdx
index 0d6bbaaeed5ff..a9088191b0a2a 100644
--- a/api_docs/console.mdx
+++ b/api_docs/console.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/console
 title: "console"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the console plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'console']
 ---
 import consoleObj from './console.devdocs.json';
diff --git a/api_docs/content_management.mdx b/api_docs/content_management.mdx
index 458f4f5f71079..9cc863123f3ac 100644
--- a/api_docs/content_management.mdx
+++ b/api_docs/content_management.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/contentManagement
 title: "contentManagement"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the contentManagement plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'contentManagement']
 ---
 import contentManagementObj from './content_management.devdocs.json';
diff --git a/api_docs/controls.mdx b/api_docs/controls.mdx
index eb98a295545b8..db80a8ce7e034 100644
--- a/api_docs/controls.mdx
+++ b/api_docs/controls.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/controls
 title: "controls"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the controls plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'controls']
 ---
 import controlsObj from './controls.devdocs.json';
diff --git a/api_docs/custom_integrations.mdx b/api_docs/custom_integrations.mdx
index bb64c3093d652..03e338889999d 100644
--- a/api_docs/custom_integrations.mdx
+++ b/api_docs/custom_integrations.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/customIntegrations
 title: "customIntegrations"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the customIntegrations plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'customIntegrations']
 ---
 import customIntegrationsObj from './custom_integrations.devdocs.json';
diff --git a/api_docs/dashboard.mdx b/api_docs/dashboard.mdx
index d16af22e2b35c..41e1b88da96cf 100644
--- a/api_docs/dashboard.mdx
+++ b/api_docs/dashboard.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/dashboard
 title: "dashboard"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the dashboard plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'dashboard']
 ---
 import dashboardObj from './dashboard.devdocs.json';
diff --git a/api_docs/dashboard_enhanced.mdx b/api_docs/dashboard_enhanced.mdx
index d751d31185d18..82605eead5f08 100644
--- a/api_docs/dashboard_enhanced.mdx
+++ b/api_docs/dashboard_enhanced.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/dashboardEnhanced
 title: "dashboardEnhanced"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the dashboardEnhanced plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'dashboardEnhanced']
 ---
 import dashboardEnhancedObj from './dashboard_enhanced.devdocs.json';
diff --git a/api_docs/data.mdx b/api_docs/data.mdx
index 0951e09a7e459..6f60ca56261b7 100644
--- a/api_docs/data.mdx
+++ b/api_docs/data.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/data
 title: "data"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the data plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'data']
 ---
 import dataObj from './data.devdocs.json';
diff --git a/api_docs/data_quality.mdx b/api_docs/data_quality.mdx
index 0d5b37eda3c08..04237f56b79f6 100644
--- a/api_docs/data_quality.mdx
+++ b/api_docs/data_quality.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/dataQuality
 title: "dataQuality"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the dataQuality plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'dataQuality']
 ---
 import dataQualityObj from './data_quality.devdocs.json';
diff --git a/api_docs/data_query.mdx b/api_docs/data_query.mdx
index a524ed87dd39c..c23ecd501f4ee 100644
--- a/api_docs/data_query.mdx
+++ b/api_docs/data_query.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/data-query
 title: "data.query"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the data.query plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'data.query']
 ---
 import dataQueryObj from './data_query.devdocs.json';
diff --git a/api_docs/data_search.mdx b/api_docs/data_search.mdx
index 4801aeb146871..cd520822ed511 100644
--- a/api_docs/data_search.mdx
+++ b/api_docs/data_search.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/data-search
 title: "data.search"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the data.search plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'data.search']
 ---
 import dataSearchObj from './data_search.devdocs.json';
diff --git a/api_docs/data_usage.mdx b/api_docs/data_usage.mdx
index ca09f822938cc..111b8f1a92bb5 100644
--- a/api_docs/data_usage.mdx
+++ b/api_docs/data_usage.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/dataUsage
 title: "dataUsage"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the dataUsage plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'dataUsage']
 ---
 import dataUsageObj from './data_usage.devdocs.json';
diff --git a/api_docs/data_view_editor.mdx b/api_docs/data_view_editor.mdx
index 287eeb2826c4d..120112e3cd0f1 100644
--- a/api_docs/data_view_editor.mdx
+++ b/api_docs/data_view_editor.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/dataViewEditor
 title: "dataViewEditor"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the dataViewEditor plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'dataViewEditor']
 ---
 import dataViewEditorObj from './data_view_editor.devdocs.json';
diff --git a/api_docs/data_view_field_editor.mdx b/api_docs/data_view_field_editor.mdx
index 97d8efb2e4f7f..83011617474b0 100644
--- a/api_docs/data_view_field_editor.mdx
+++ b/api_docs/data_view_field_editor.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/dataViewFieldEditor
 title: "dataViewFieldEditor"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the dataViewFieldEditor plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'dataViewFieldEditor']
 ---
 import dataViewFieldEditorObj from './data_view_field_editor.devdocs.json';
diff --git a/api_docs/data_view_management.mdx b/api_docs/data_view_management.mdx
index d9bfe3d162572..86115d9ab2737 100644
--- a/api_docs/data_view_management.mdx
+++ b/api_docs/data_view_management.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/dataViewManagement
 title: "dataViewManagement"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the dataViewManagement plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'dataViewManagement']
 ---
 import dataViewManagementObj from './data_view_management.devdocs.json';
diff --git a/api_docs/data_views.mdx b/api_docs/data_views.mdx
index e06438b19b31f..0f2b19b741e14 100644
--- a/api_docs/data_views.mdx
+++ b/api_docs/data_views.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/dataViews
 title: "dataViews"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the dataViews plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'dataViews']
 ---
 import dataViewsObj from './data_views.devdocs.json';
diff --git a/api_docs/data_visualizer.devdocs.json b/api_docs/data_visualizer.devdocs.json
index 801c326f72a76..10ecc44843d87 100644
--- a/api_docs/data_visualizer.devdocs.json
+++ b/api_docs/data_visualizer.devdocs.json
@@ -493,7 +493,7 @@
         "Props",
         ">>; getDataDriftComponent: () => Promise<() => React.FC<",
         "DataDriftDetectionAppStateProps",
-        ">>; getMaxBytesFormatted: () => string; FieldStatisticsTable: React.ForwardRefExoticComponent<",
+        ">>; getMaxBytesFormatted: () => string; FieldStatsUnavailableMessage: React.ForwardRefExoticComponent<{ id?: string | undefined; title?: string | undefined; } & React.RefAttributes<{}>>; FieldStatisticsTable: React.ForwardRefExoticComponent<",
         "FieldStatisticTableEmbeddableProps",
         " & React.RefAttributes<{}>>; }"
       ],
diff --git a/api_docs/data_visualizer.mdx b/api_docs/data_visualizer.mdx
index 92e6d765b7712..272d3fbc87066 100644
--- a/api_docs/data_visualizer.mdx
+++ b/api_docs/data_visualizer.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/dataVisualizer
 title: "dataVisualizer"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the dataVisualizer plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'dataVisualizer']
 ---
 import dataVisualizerObj from './data_visualizer.devdocs.json';
diff --git a/api_docs/dataset_quality.mdx b/api_docs/dataset_quality.mdx
index 781077b90fbde..dcdc9466ca0a8 100644
--- a/api_docs/dataset_quality.mdx
+++ b/api_docs/dataset_quality.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/datasetQuality
 title: "datasetQuality"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the datasetQuality plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'datasetQuality']
 ---
 import datasetQualityObj from './dataset_quality.devdocs.json';
diff --git a/api_docs/deprecations_by_api.mdx b/api_docs/deprecations_by_api.mdx
index b8625def2dbb2..8aea34b48a206 100644
--- a/api_docs/deprecations_by_api.mdx
+++ b/api_docs/deprecations_by_api.mdx
@@ -7,7 +7,7 @@ id: kibDevDocsDeprecationsByApi
 slug: /kibana-dev-docs/api-meta/deprecated-api-list-by-api
 title: Deprecated API usage by API
 description: A list of deprecated APIs, which plugins are still referencing them, and when they need to be removed by.
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana']
 ---
 
diff --git a/api_docs/deprecations_by_plugin.mdx b/api_docs/deprecations_by_plugin.mdx
index efc3f2961fa62..c65ca0c7b290b 100644
--- a/api_docs/deprecations_by_plugin.mdx
+++ b/api_docs/deprecations_by_plugin.mdx
@@ -7,7 +7,7 @@ id: kibDevDocsDeprecationsByPlugin
 slug: /kibana-dev-docs/api-meta/deprecated-api-list-by-plugin
 title: Deprecated API usage by plugin
 description: A list of deprecated APIs, which plugins are still referencing them, and when they need to be removed by.
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana']
 ---
 
diff --git a/api_docs/deprecations_by_team.mdx b/api_docs/deprecations_by_team.mdx
index 5c53f577e6b0d..11a11ef4571a9 100644
--- a/api_docs/deprecations_by_team.mdx
+++ b/api_docs/deprecations_by_team.mdx
@@ -7,7 +7,7 @@ id: kibDevDocsDeprecationsDueByTeam
 slug: /kibana-dev-docs/api-meta/deprecations-due-by-team
 title: Deprecated APIs due to be removed, by team
 description: Lists the teams that are referencing deprecated APIs with a remove by date.
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana']
 ---
 
diff --git a/api_docs/dev_tools.mdx b/api_docs/dev_tools.mdx
index 4b27de358490f..b27c88f2a3609 100644
--- a/api_docs/dev_tools.mdx
+++ b/api_docs/dev_tools.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/devTools
 title: "devTools"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the devTools plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'devTools']
 ---
 import devToolsObj from './dev_tools.devdocs.json';
diff --git a/api_docs/discover.mdx b/api_docs/discover.mdx
index e160bb054f6e9..6a205392a1da0 100644
--- a/api_docs/discover.mdx
+++ b/api_docs/discover.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/discover
 title: "discover"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the discover plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'discover']
 ---
 import discoverObj from './discover.devdocs.json';
diff --git a/api_docs/discover_enhanced.mdx b/api_docs/discover_enhanced.mdx
index 29651f5536a56..a7480a8dd150c 100644
--- a/api_docs/discover_enhanced.mdx
+++ b/api_docs/discover_enhanced.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/discoverEnhanced
 title: "discoverEnhanced"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the discoverEnhanced plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'discoverEnhanced']
 ---
 import discoverEnhancedObj from './discover_enhanced.devdocs.json';
diff --git a/api_docs/discover_shared.mdx b/api_docs/discover_shared.mdx
index e739cfef4d204..12b30336a1e35 100644
--- a/api_docs/discover_shared.mdx
+++ b/api_docs/discover_shared.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/discoverShared
 title: "discoverShared"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the discoverShared plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'discoverShared']
 ---
 import discoverSharedObj from './discover_shared.devdocs.json';
diff --git a/api_docs/ecs_data_quality_dashboard.mdx b/api_docs/ecs_data_quality_dashboard.mdx
index a5890f386a494..0f0729104cdc6 100644
--- a/api_docs/ecs_data_quality_dashboard.mdx
+++ b/api_docs/ecs_data_quality_dashboard.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/ecsDataQualityDashboard
 title: "ecsDataQualityDashboard"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the ecsDataQualityDashboard plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'ecsDataQualityDashboard']
 ---
 import ecsDataQualityDashboardObj from './ecs_data_quality_dashboard.devdocs.json';
diff --git a/api_docs/elastic_assistant.mdx b/api_docs/elastic_assistant.mdx
index d15d05811d128..70e6b0a277a50 100644
--- a/api_docs/elastic_assistant.mdx
+++ b/api_docs/elastic_assistant.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/elasticAssistant
 title: "elasticAssistant"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the elasticAssistant plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'elasticAssistant']
 ---
 import elasticAssistantObj from './elastic_assistant.devdocs.json';
diff --git a/api_docs/embeddable.mdx b/api_docs/embeddable.mdx
index 99fe95318c4d7..0c25a55d52181 100644
--- a/api_docs/embeddable.mdx
+++ b/api_docs/embeddable.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/embeddable
 title: "embeddable"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the embeddable plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'embeddable']
 ---
 import embeddableObj from './embeddable.devdocs.json';
diff --git a/api_docs/embeddable_enhanced.mdx b/api_docs/embeddable_enhanced.mdx
index 38e3f8964dbff..191210f811e00 100644
--- a/api_docs/embeddable_enhanced.mdx
+++ b/api_docs/embeddable_enhanced.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/embeddableEnhanced
 title: "embeddableEnhanced"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the embeddableEnhanced plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'embeddableEnhanced']
 ---
 import embeddableEnhancedObj from './embeddable_enhanced.devdocs.json';
diff --git a/api_docs/encrypted_saved_objects.mdx b/api_docs/encrypted_saved_objects.mdx
index 01184c77221c1..70de9736bacde 100644
--- a/api_docs/encrypted_saved_objects.mdx
+++ b/api_docs/encrypted_saved_objects.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/encryptedSavedObjects
 title: "encryptedSavedObjects"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the encryptedSavedObjects plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'encryptedSavedObjects']
 ---
 import encryptedSavedObjectsObj from './encrypted_saved_objects.devdocs.json';
diff --git a/api_docs/enterprise_search.mdx b/api_docs/enterprise_search.mdx
index 6e845c5eacbc6..7d70b6af80495 100644
--- a/api_docs/enterprise_search.mdx
+++ b/api_docs/enterprise_search.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/enterpriseSearch
 title: "enterpriseSearch"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the enterpriseSearch plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'enterpriseSearch']
 ---
 import enterpriseSearchObj from './enterprise_search.devdocs.json';
diff --git a/api_docs/entities_data_access.mdx b/api_docs/entities_data_access.mdx
index 3aa1ca62de527..9a749196ebe53 100644
--- a/api_docs/entities_data_access.mdx
+++ b/api_docs/entities_data_access.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/entitiesDataAccess
 title: "entitiesDataAccess"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the entitiesDataAccess plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'entitiesDataAccess']
 ---
 import entitiesDataAccessObj from './entities_data_access.devdocs.json';
diff --git a/api_docs/entity_manager.mdx b/api_docs/entity_manager.mdx
index 6eed6037e5596..79a6f7970ba96 100644
--- a/api_docs/entity_manager.mdx
+++ b/api_docs/entity_manager.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/entityManager
 title: "entityManager"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the entityManager plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'entityManager']
 ---
 import entityManagerObj from './entity_manager.devdocs.json';
diff --git a/api_docs/es_ui_shared.mdx b/api_docs/es_ui_shared.mdx
index dcbbd723d4788..d69bcecae128f 100644
--- a/api_docs/es_ui_shared.mdx
+++ b/api_docs/es_ui_shared.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/esUiShared
 title: "esUiShared"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the esUiShared plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'esUiShared']
 ---
 import esUiSharedObj from './es_ui_shared.devdocs.json';
diff --git a/api_docs/esql.mdx b/api_docs/esql.mdx
index 9ba78a7576131..5829563361a64 100644
--- a/api_docs/esql.mdx
+++ b/api_docs/esql.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/esql
 title: "esql"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the esql plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'esql']
 ---
 import esqlObj from './esql.devdocs.json';
diff --git a/api_docs/esql_data_grid.mdx b/api_docs/esql_data_grid.mdx
index 4127d6baa15d0..f6f9acc477104 100644
--- a/api_docs/esql_data_grid.mdx
+++ b/api_docs/esql_data_grid.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/esqlDataGrid
 title: "esqlDataGrid"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the esqlDataGrid plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'esqlDataGrid']
 ---
 import esqlDataGridObj from './esql_data_grid.devdocs.json';
diff --git a/api_docs/event_annotation.mdx b/api_docs/event_annotation.mdx
index 4b25969e72390..a693cdd1ecbf5 100644
--- a/api_docs/event_annotation.mdx
+++ b/api_docs/event_annotation.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/eventAnnotation
 title: "eventAnnotation"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the eventAnnotation plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'eventAnnotation']
 ---
 import eventAnnotationObj from './event_annotation.devdocs.json';
diff --git a/api_docs/event_annotation_listing.mdx b/api_docs/event_annotation_listing.mdx
index 253efc5daaec6..de25b6e18ccdb 100644
--- a/api_docs/event_annotation_listing.mdx
+++ b/api_docs/event_annotation_listing.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/eventAnnotationListing
 title: "eventAnnotationListing"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the eventAnnotationListing plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'eventAnnotationListing']
 ---
 import eventAnnotationListingObj from './event_annotation_listing.devdocs.json';
diff --git a/api_docs/event_log.mdx b/api_docs/event_log.mdx
index 3e9e78585d719..340349ea5dfa4 100644
--- a/api_docs/event_log.mdx
+++ b/api_docs/event_log.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/eventLog
 title: "eventLog"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the eventLog plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'eventLog']
 ---
 import eventLogObj from './event_log.devdocs.json';
diff --git a/api_docs/exploratory_view.mdx b/api_docs/exploratory_view.mdx
index 6a8a5f76c1627..73d48d86ae944 100644
--- a/api_docs/exploratory_view.mdx
+++ b/api_docs/exploratory_view.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/exploratoryView
 title: "exploratoryView"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the exploratoryView plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'exploratoryView']
 ---
 import exploratoryViewObj from './exploratory_view.devdocs.json';
diff --git a/api_docs/expression_error.mdx b/api_docs/expression_error.mdx
index eebaeb3c69fcf..b88003dc2e039 100644
--- a/api_docs/expression_error.mdx
+++ b/api_docs/expression_error.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionError
 title: "expressionError"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the expressionError plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionError']
 ---
 import expressionErrorObj from './expression_error.devdocs.json';
diff --git a/api_docs/expression_gauge.mdx b/api_docs/expression_gauge.mdx
index fc1020122f579..9558ffcb7ea44 100644
--- a/api_docs/expression_gauge.mdx
+++ b/api_docs/expression_gauge.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionGauge
 title: "expressionGauge"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the expressionGauge plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionGauge']
 ---
 import expressionGaugeObj from './expression_gauge.devdocs.json';
diff --git a/api_docs/expression_heatmap.mdx b/api_docs/expression_heatmap.mdx
index 91104c370d99c..7c20a75cbdf10 100644
--- a/api_docs/expression_heatmap.mdx
+++ b/api_docs/expression_heatmap.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionHeatmap
 title: "expressionHeatmap"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the expressionHeatmap plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionHeatmap']
 ---
 import expressionHeatmapObj from './expression_heatmap.devdocs.json';
diff --git a/api_docs/expression_image.mdx b/api_docs/expression_image.mdx
index ed1c4f3b36823..241cbf3ec3e00 100644
--- a/api_docs/expression_image.mdx
+++ b/api_docs/expression_image.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionImage
 title: "expressionImage"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the expressionImage plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionImage']
 ---
 import expressionImageObj from './expression_image.devdocs.json';
diff --git a/api_docs/expression_legacy_metric_vis.mdx b/api_docs/expression_legacy_metric_vis.mdx
index f020c2fbac32a..95fbb8245ba6e 100644
--- a/api_docs/expression_legacy_metric_vis.mdx
+++ b/api_docs/expression_legacy_metric_vis.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionLegacyMetricVis
 title: "expressionLegacyMetricVis"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the expressionLegacyMetricVis plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionLegacyMetricVis']
 ---
 import expressionLegacyMetricVisObj from './expression_legacy_metric_vis.devdocs.json';
diff --git a/api_docs/expression_metric.mdx b/api_docs/expression_metric.mdx
index 7b41cedd0de58..74edf376e0dcd 100644
--- a/api_docs/expression_metric.mdx
+++ b/api_docs/expression_metric.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionMetric
 title: "expressionMetric"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the expressionMetric plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionMetric']
 ---
 import expressionMetricObj from './expression_metric.devdocs.json';
diff --git a/api_docs/expression_metric_vis.mdx b/api_docs/expression_metric_vis.mdx
index e26c63b99c972..0329e043231b5 100644
--- a/api_docs/expression_metric_vis.mdx
+++ b/api_docs/expression_metric_vis.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionMetricVis
 title: "expressionMetricVis"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the expressionMetricVis plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionMetricVis']
 ---
 import expressionMetricVisObj from './expression_metric_vis.devdocs.json';
diff --git a/api_docs/expression_partition_vis.mdx b/api_docs/expression_partition_vis.mdx
index c9b73f9a57e97..61336fcc2e748 100644
--- a/api_docs/expression_partition_vis.mdx
+++ b/api_docs/expression_partition_vis.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionPartitionVis
 title: "expressionPartitionVis"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the expressionPartitionVis plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionPartitionVis']
 ---
 import expressionPartitionVisObj from './expression_partition_vis.devdocs.json';
diff --git a/api_docs/expression_repeat_image.mdx b/api_docs/expression_repeat_image.mdx
index c77344c8f7daa..cb931f610d2ca 100644
--- a/api_docs/expression_repeat_image.mdx
+++ b/api_docs/expression_repeat_image.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionRepeatImage
 title: "expressionRepeatImage"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the expressionRepeatImage plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionRepeatImage']
 ---
 import expressionRepeatImageObj from './expression_repeat_image.devdocs.json';
diff --git a/api_docs/expression_reveal_image.mdx b/api_docs/expression_reveal_image.mdx
index 5a6f58e76de97..9bba85ad80242 100644
--- a/api_docs/expression_reveal_image.mdx
+++ b/api_docs/expression_reveal_image.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionRevealImage
 title: "expressionRevealImage"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the expressionRevealImage plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionRevealImage']
 ---
 import expressionRevealImageObj from './expression_reveal_image.devdocs.json';
diff --git a/api_docs/expression_shape.mdx b/api_docs/expression_shape.mdx
index f4e196a5756be..f3d6a7486622d 100644
--- a/api_docs/expression_shape.mdx
+++ b/api_docs/expression_shape.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionShape
 title: "expressionShape"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the expressionShape plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionShape']
 ---
 import expressionShapeObj from './expression_shape.devdocs.json';
diff --git a/api_docs/expression_tagcloud.mdx b/api_docs/expression_tagcloud.mdx
index 379cad7b3b684..45911a4abd241 100644
--- a/api_docs/expression_tagcloud.mdx
+++ b/api_docs/expression_tagcloud.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionTagcloud
 title: "expressionTagcloud"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the expressionTagcloud plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionTagcloud']
 ---
 import expressionTagcloudObj from './expression_tagcloud.devdocs.json';
diff --git a/api_docs/expression_x_y.mdx b/api_docs/expression_x_y.mdx
index e98d44b5029a5..1884116cc1396 100644
--- a/api_docs/expression_x_y.mdx
+++ b/api_docs/expression_x_y.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionXY
 title: "expressionXY"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the expressionXY plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionXY']
 ---
 import expressionXYObj from './expression_x_y.devdocs.json';
diff --git a/api_docs/expressions.mdx b/api_docs/expressions.mdx
index 955e3bd1bb776..72e89800540ac 100644
--- a/api_docs/expressions.mdx
+++ b/api_docs/expressions.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressions
 title: "expressions"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the expressions plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressions']
 ---
 import expressionsObj from './expressions.devdocs.json';
diff --git a/api_docs/features.mdx b/api_docs/features.mdx
index 0411c023a941d..c37475e1e9f15 100644
--- a/api_docs/features.mdx
+++ b/api_docs/features.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/features
 title: "features"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the features plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'features']
 ---
 import featuresObj from './features.devdocs.json';
diff --git a/api_docs/field_formats.mdx b/api_docs/field_formats.mdx
index 2152f8c9eb64e..a8a932bb99ff8 100644
--- a/api_docs/field_formats.mdx
+++ b/api_docs/field_formats.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/fieldFormats
 title: "fieldFormats"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the fieldFormats plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'fieldFormats']
 ---
 import fieldFormatsObj from './field_formats.devdocs.json';
diff --git a/api_docs/fields_metadata.mdx b/api_docs/fields_metadata.mdx
index 182306396fd24..c4af8c4911133 100644
--- a/api_docs/fields_metadata.mdx
+++ b/api_docs/fields_metadata.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/fieldsMetadata
 title: "fieldsMetadata"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the fieldsMetadata plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'fieldsMetadata']
 ---
 import fieldsMetadataObj from './fields_metadata.devdocs.json';
diff --git a/api_docs/file_upload.mdx b/api_docs/file_upload.mdx
index 2ac8c1ad62ae3..6bedb9a7ba368 100644
--- a/api_docs/file_upload.mdx
+++ b/api_docs/file_upload.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/fileUpload
 title: "fileUpload"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the fileUpload plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'fileUpload']
 ---
 import fileUploadObj from './file_upload.devdocs.json';
diff --git a/api_docs/files.mdx b/api_docs/files.mdx
index 25d75fea904e0..1d480621d69c8 100644
--- a/api_docs/files.mdx
+++ b/api_docs/files.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/files
 title: "files"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the files plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'files']
 ---
 import filesObj from './files.devdocs.json';
diff --git a/api_docs/files_management.mdx b/api_docs/files_management.mdx
index e7259ba5ea618..e016845326b44 100644
--- a/api_docs/files_management.mdx
+++ b/api_docs/files_management.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/filesManagement
 title: "filesManagement"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the filesManagement plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'filesManagement']
 ---
 import filesManagementObj from './files_management.devdocs.json';
diff --git a/api_docs/fleet.mdx b/api_docs/fleet.mdx
index f9f9b010bdb5a..3367997720ed1 100644
--- a/api_docs/fleet.mdx
+++ b/api_docs/fleet.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/fleet
 title: "fleet"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the fleet plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'fleet']
 ---
 import fleetObj from './fleet.devdocs.json';
diff --git a/api_docs/global_search.mdx b/api_docs/global_search.mdx
index bd4663eb054b5..17440ebb8e171 100644
--- a/api_docs/global_search.mdx
+++ b/api_docs/global_search.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/globalSearch
 title: "globalSearch"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the globalSearch plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'globalSearch']
 ---
 import globalSearchObj from './global_search.devdocs.json';
diff --git a/api_docs/guided_onboarding.mdx b/api_docs/guided_onboarding.mdx
index e0a6f3f5deddc..82280dad2c89a 100644
--- a/api_docs/guided_onboarding.mdx
+++ b/api_docs/guided_onboarding.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/guidedOnboarding
 title: "guidedOnboarding"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the guidedOnboarding plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'guidedOnboarding']
 ---
 import guidedOnboardingObj from './guided_onboarding.devdocs.json';
diff --git a/api_docs/home.mdx b/api_docs/home.mdx
index 1750cc9c48396..8e6b2c7c66226 100644
--- a/api_docs/home.mdx
+++ b/api_docs/home.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/home
 title: "home"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the home plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'home']
 ---
 import homeObj from './home.devdocs.json';
diff --git a/api_docs/image_embeddable.mdx b/api_docs/image_embeddable.mdx
index b27ee510657c0..dda151b64ad85 100644
--- a/api_docs/image_embeddable.mdx
+++ b/api_docs/image_embeddable.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/imageEmbeddable
 title: "imageEmbeddable"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the imageEmbeddable plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'imageEmbeddable']
 ---
 import imageEmbeddableObj from './image_embeddable.devdocs.json';
diff --git a/api_docs/index_lifecycle_management.mdx b/api_docs/index_lifecycle_management.mdx
index 2ac0dcfaf98a6..e772892bfcb95 100644
--- a/api_docs/index_lifecycle_management.mdx
+++ b/api_docs/index_lifecycle_management.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/indexLifecycleManagement
 title: "indexLifecycleManagement"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the indexLifecycleManagement plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'indexLifecycleManagement']
 ---
 import indexLifecycleManagementObj from './index_lifecycle_management.devdocs.json';
diff --git a/api_docs/index_management.mdx b/api_docs/index_management.mdx
index 3cbc9017267c4..a5d1a9a37b505 100644
--- a/api_docs/index_management.mdx
+++ b/api_docs/index_management.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/indexManagement
 title: "indexManagement"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the indexManagement plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'indexManagement']
 ---
 import indexManagementObj from './index_management.devdocs.json';
diff --git a/api_docs/inference.mdx b/api_docs/inference.mdx
index 5889e24b72ce6..103ad5f3e5b6d 100644
--- a/api_docs/inference.mdx
+++ b/api_docs/inference.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/inference
 title: "inference"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the inference plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'inference']
 ---
 import inferenceObj from './inference.devdocs.json';
diff --git a/api_docs/infra.mdx b/api_docs/infra.mdx
index bb0c9357874cb..561102058d0b3 100644
--- a/api_docs/infra.mdx
+++ b/api_docs/infra.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/infra
 title: "infra"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the infra plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'infra']
 ---
 import infraObj from './infra.devdocs.json';
diff --git a/api_docs/ingest_pipelines.mdx b/api_docs/ingest_pipelines.mdx
index 8b52232dfdde9..99f16b9adeb19 100644
--- a/api_docs/ingest_pipelines.mdx
+++ b/api_docs/ingest_pipelines.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/ingestPipelines
 title: "ingestPipelines"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the ingestPipelines plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'ingestPipelines']
 ---
 import ingestPipelinesObj from './ingest_pipelines.devdocs.json';
diff --git a/api_docs/inspector.mdx b/api_docs/inspector.mdx
index 27ac4506fff07..d99f9347296fc 100644
--- a/api_docs/inspector.mdx
+++ b/api_docs/inspector.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/inspector
 title: "inspector"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the inspector plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'inspector']
 ---
 import inspectorObj from './inspector.devdocs.json';
diff --git a/api_docs/integration_assistant.mdx b/api_docs/integration_assistant.mdx
index ce73de5a54c48..6d2c883b7e4a1 100644
--- a/api_docs/integration_assistant.mdx
+++ b/api_docs/integration_assistant.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/integrationAssistant
 title: "integrationAssistant"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the integrationAssistant plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'integrationAssistant']
 ---
 import integrationAssistantObj from './integration_assistant.devdocs.json';
diff --git a/api_docs/interactive_setup.mdx b/api_docs/interactive_setup.mdx
index fc5f400d8fcf2..0bda961d212e8 100644
--- a/api_docs/interactive_setup.mdx
+++ b/api_docs/interactive_setup.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/interactiveSetup
 title: "interactiveSetup"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the interactiveSetup plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'interactiveSetup']
 ---
 import interactiveSetupObj from './interactive_setup.devdocs.json';
diff --git a/api_docs/inventory.devdocs.json b/api_docs/inventory.devdocs.json
index 0e858f8be04a1..00f3e7b5b9b81 100644
--- a/api_docs/inventory.devdocs.json
+++ b/api_docs/inventory.devdocs.json
@@ -82,11 +82,9 @@
           "PartialC",
           "<{ query: ",
           "PartialC",
-          "<{ kuery: ",
-          "StringC",
-          "; entityTypes: ",
+          "<{ esQuery: ",
           "Type",
-          "<string[], string, unknown>; }>; }>]>, ",
+          "<{ [key: string]: unknown; }, string, unknown>; }>; }>]>, ",
           "InventoryRouteHandlerResources",
           ", { groupBy: \"entity.type\"; groups: ",
           "EntityGroup",
@@ -122,11 +120,11 @@
           "UnionC",
           "<[",
           "LiteralC",
-          "<\"entity.display_name\">, ",
+          "<\"entityDisplayName\">, ",
           "LiteralC",
-          "<\"entity.last_seen_timestamp\">, ",
+          "<\"entityLastSeenTimestamp\">, ",
           "LiteralC",
-          "<\"entity.type\">, ",
+          "<\"entityType\">, ",
           "LiteralC",
           "<\"alertsCount\">, ",
           "LiteralC",
@@ -138,14 +136,14 @@
           "LiteralC",
           "<\"desc\">]>; }>, ",
           "PartialC",
-          "<{ entityTypes: ",
+          "<{ esQuery: ",
           "Type",
-          "<string[], string, unknown>; kuery: ",
-          "StringC",
-          "; }>]>; }>, ",
+          "<{ [key: string]: unknown; }, string, unknown>; entityTypes: ",
+          "Type",
+          "<string[], string, unknown>; }>]>; }>, ",
           "InventoryRouteHandlerResources",
           ", { entities: ",
-          "Entity",
+          "InventoryEntity",
           "[]; }, ",
           "InventoryRouteCreateOptions",
           ">; }"
diff --git a/api_docs/inventory.mdx b/api_docs/inventory.mdx
index a990a02009d58..e79d7d4910251 100644
--- a/api_docs/inventory.mdx
+++ b/api_docs/inventory.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/inventory
 title: "inventory"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the inventory plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'inventory']
 ---
 import inventoryObj from './inventory.devdocs.json';
diff --git a/api_docs/investigate.mdx b/api_docs/investigate.mdx
index 741c6e1c5114b..70450f0bb2c32 100644
--- a/api_docs/investigate.mdx
+++ b/api_docs/investigate.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/investigate
 title: "investigate"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the investigate plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'investigate']
 ---
 import investigateObj from './investigate.devdocs.json';
diff --git a/api_docs/investigate_app.devdocs.json b/api_docs/investigate_app.devdocs.json
index 017a1cf94181c..c33e115dd7cc8 100644
--- a/api_docs/investigate_app.devdocs.json
+++ b/api_docs/investigate_app.devdocs.json
@@ -84,7 +84,7 @@
           },
           "<\"GET /api/observability/investigation/entities 2023-10-31\", Zod.ZodObject<{ query: Zod.ZodOptional<Zod.ZodObject<{ 'service.name': Zod.ZodOptional<Zod.ZodString>; 'service.environment': Zod.ZodOptional<Zod.ZodString>; 'host.name': Zod.ZodOptional<Zod.ZodString>; 'container.id': Zod.ZodOptional<Zod.ZodString>; }, \"strip\", Zod.ZodTypeAny, { 'container.id'?: string | undefined; 'host.name'?: string | undefined; 'service.environment'?: string | undefined; 'service.name'?: string | undefined; }, { 'container.id'?: string | undefined; 'host.name'?: string | undefined; 'service.environment'?: string | undefined; 'service.name'?: string | undefined; }>>; }, \"strip\", Zod.ZodTypeAny, { query?: { 'container.id'?: string | undefined; 'host.name'?: string | undefined; 'service.environment'?: string | undefined; 'service.name'?: string | undefined; } | undefined; }, { query?: { 'container.id'?: string | undefined; 'host.name'?: string | undefined; 'service.environment'?: string | undefined; 'service.name'?: string | undefined; } | undefined; }>, ",
           "InvestigateAppRouteHandlerResources",
-          ", { entities: ({ id: string; type: string; metrics: { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logErrorRate?: number | undefined; logRate?: number | undefined; }; schema_version: string; definition_id: string; definition_version: string; display_name: string; last_seen_timestamp: string; identity_fields: string[]; } & { sources: { dataStream?: string | undefined; }[]; })[]; }, ",
+          ", { entities: ({ id: string; type: string; metrics: { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logErrorRate?: number | undefined; logRate?: number | undefined; }; schema_version: string; identity_fields: string[]; display_name: string; definition_version: string; definition_id: string; last_seen_timestamp: string; } & { sources: { dataStream?: string | undefined; }[]; })[]; }, ",
           "InvestigateAppRouteCreateOptions",
           ">; \"GET /api/observability/events 2023-10-31\": ",
           {
diff --git a/api_docs/investigate_app.mdx b/api_docs/investigate_app.mdx
index f0ae814454ee3..dbd9be76d1c90 100644
--- a/api_docs/investigate_app.mdx
+++ b/api_docs/investigate_app.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/investigateApp
 title: "investigateApp"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the investigateApp plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'investigateApp']
 ---
 import investigateAppObj from './investigate_app.devdocs.json';
diff --git a/api_docs/kbn_actions_types.mdx b/api_docs/kbn_actions_types.mdx
index 323a0f2db579c..6938c2dc819ad 100644
--- a/api_docs/kbn_actions_types.mdx
+++ b/api_docs/kbn_actions_types.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-actions-types
 title: "@kbn/actions-types"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/actions-types plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/actions-types']
 ---
 import kbnActionsTypesObj from './kbn_actions_types.devdocs.json';
diff --git a/api_docs/kbn_ai_assistant.mdx b/api_docs/kbn_ai_assistant.mdx
index b507eb315eda5..51396ac06b537 100644
--- a/api_docs/kbn_ai_assistant.mdx
+++ b/api_docs/kbn_ai_assistant.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ai-assistant
 title: "@kbn/ai-assistant"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/ai-assistant plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ai-assistant']
 ---
 import kbnAiAssistantObj from './kbn_ai_assistant.devdocs.json';
diff --git a/api_docs/kbn_ai_assistant_common.mdx b/api_docs/kbn_ai_assistant_common.mdx
index edacea1dc39f0..27e42573904eb 100644
--- a/api_docs/kbn_ai_assistant_common.mdx
+++ b/api_docs/kbn_ai_assistant_common.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ai-assistant-common
 title: "@kbn/ai-assistant-common"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/ai-assistant-common plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ai-assistant-common']
 ---
 import kbnAiAssistantCommonObj from './kbn_ai_assistant_common.devdocs.json';
diff --git a/api_docs/kbn_aiops_components.mdx b/api_docs/kbn_aiops_components.mdx
index cc29b5ba5dfa6..6c69304ecff62 100644
--- a/api_docs/kbn_aiops_components.mdx
+++ b/api_docs/kbn_aiops_components.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-aiops-components
 title: "@kbn/aiops-components"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/aiops-components plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/aiops-components']
 ---
 import kbnAiopsComponentsObj from './kbn_aiops_components.devdocs.json';
diff --git a/api_docs/kbn_aiops_log_pattern_analysis.mdx b/api_docs/kbn_aiops_log_pattern_analysis.mdx
index 6a83be2ef6cc4..c5f8fe20678cc 100644
--- a/api_docs/kbn_aiops_log_pattern_analysis.mdx
+++ b/api_docs/kbn_aiops_log_pattern_analysis.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-aiops-log-pattern-analysis
 title: "@kbn/aiops-log-pattern-analysis"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/aiops-log-pattern-analysis plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/aiops-log-pattern-analysis']
 ---
 import kbnAiopsLogPatternAnalysisObj from './kbn_aiops_log_pattern_analysis.devdocs.json';
diff --git a/api_docs/kbn_aiops_log_rate_analysis.mdx b/api_docs/kbn_aiops_log_rate_analysis.mdx
index b6d2c0ec0a601..450c9bf3a273e 100644
--- a/api_docs/kbn_aiops_log_rate_analysis.mdx
+++ b/api_docs/kbn_aiops_log_rate_analysis.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-aiops-log-rate-analysis
 title: "@kbn/aiops-log-rate-analysis"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/aiops-log-rate-analysis plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/aiops-log-rate-analysis']
 ---
 import kbnAiopsLogRateAnalysisObj from './kbn_aiops_log_rate_analysis.devdocs.json';
diff --git a/api_docs/kbn_alerting_api_integration_helpers.mdx b/api_docs/kbn_alerting_api_integration_helpers.mdx
index a0a848dc35bd4..afcc61433d8ba 100644
--- a/api_docs/kbn_alerting_api_integration_helpers.mdx
+++ b/api_docs/kbn_alerting_api_integration_helpers.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-alerting-api-integration-helpers
 title: "@kbn/alerting-api-integration-helpers"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/alerting-api-integration-helpers plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/alerting-api-integration-helpers']
 ---
 import kbnAlertingApiIntegrationHelpersObj from './kbn_alerting_api_integration_helpers.devdocs.json';
diff --git a/api_docs/kbn_alerting_comparators.mdx b/api_docs/kbn_alerting_comparators.mdx
index 73454eb6b033b..f4a8841a60a4b 100644
--- a/api_docs/kbn_alerting_comparators.mdx
+++ b/api_docs/kbn_alerting_comparators.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-alerting-comparators
 title: "@kbn/alerting-comparators"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/alerting-comparators plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/alerting-comparators']
 ---
 import kbnAlertingComparatorsObj from './kbn_alerting_comparators.devdocs.json';
diff --git a/api_docs/kbn_alerting_state_types.mdx b/api_docs/kbn_alerting_state_types.mdx
index 69d5ec23230a4..a02699fd2c95e 100644
--- a/api_docs/kbn_alerting_state_types.mdx
+++ b/api_docs/kbn_alerting_state_types.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-alerting-state-types
 title: "@kbn/alerting-state-types"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/alerting-state-types plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/alerting-state-types']
 ---
 import kbnAlertingStateTypesObj from './kbn_alerting_state_types.devdocs.json';
diff --git a/api_docs/kbn_alerting_types.mdx b/api_docs/kbn_alerting_types.mdx
index 84c78d006a983..745974ba10c71 100644
--- a/api_docs/kbn_alerting_types.mdx
+++ b/api_docs/kbn_alerting_types.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-alerting-types
 title: "@kbn/alerting-types"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/alerting-types plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/alerting-types']
 ---
 import kbnAlertingTypesObj from './kbn_alerting_types.devdocs.json';
diff --git a/api_docs/kbn_alerts_as_data_utils.mdx b/api_docs/kbn_alerts_as_data_utils.mdx
index c52f50b5e9959..fb5f0d1a41520 100644
--- a/api_docs/kbn_alerts_as_data_utils.mdx
+++ b/api_docs/kbn_alerts_as_data_utils.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-alerts-as-data-utils
 title: "@kbn/alerts-as-data-utils"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/alerts-as-data-utils plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/alerts-as-data-utils']
 ---
 import kbnAlertsAsDataUtilsObj from './kbn_alerts_as_data_utils.devdocs.json';
diff --git a/api_docs/kbn_alerts_grouping.mdx b/api_docs/kbn_alerts_grouping.mdx
index 9b7d661ebb624..b73bd8832150c 100644
--- a/api_docs/kbn_alerts_grouping.mdx
+++ b/api_docs/kbn_alerts_grouping.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-alerts-grouping
 title: "@kbn/alerts-grouping"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/alerts-grouping plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/alerts-grouping']
 ---
 import kbnAlertsGroupingObj from './kbn_alerts_grouping.devdocs.json';
diff --git a/api_docs/kbn_alerts_ui_shared.mdx b/api_docs/kbn_alerts_ui_shared.mdx
index d57b0582b6a6d..a710870bce766 100644
--- a/api_docs/kbn_alerts_ui_shared.mdx
+++ b/api_docs/kbn_alerts_ui_shared.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-alerts-ui-shared
 title: "@kbn/alerts-ui-shared"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/alerts-ui-shared plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/alerts-ui-shared']
 ---
 import kbnAlertsUiSharedObj from './kbn_alerts_ui_shared.devdocs.json';
diff --git a/api_docs/kbn_analytics.mdx b/api_docs/kbn_analytics.mdx
index b2ee2ae503c52..59c66445a7086 100644
--- a/api_docs/kbn_analytics.mdx
+++ b/api_docs/kbn_analytics.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-analytics
 title: "@kbn/analytics"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/analytics plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/analytics']
 ---
 import kbnAnalyticsObj from './kbn_analytics.devdocs.json';
diff --git a/api_docs/kbn_analytics_collection_utils.mdx b/api_docs/kbn_analytics_collection_utils.mdx
index d82b56b24aeb0..f67988bd173a3 100644
--- a/api_docs/kbn_analytics_collection_utils.mdx
+++ b/api_docs/kbn_analytics_collection_utils.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-analytics-collection-utils
 title: "@kbn/analytics-collection-utils"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/analytics-collection-utils plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/analytics-collection-utils']
 ---
 import kbnAnalyticsCollectionUtilsObj from './kbn_analytics_collection_utils.devdocs.json';
diff --git a/api_docs/kbn_apm_config_loader.mdx b/api_docs/kbn_apm_config_loader.mdx
index 62d47b008ad51..ecf6280be0077 100644
--- a/api_docs/kbn_apm_config_loader.mdx
+++ b/api_docs/kbn_apm_config_loader.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-apm-config-loader
 title: "@kbn/apm-config-loader"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/apm-config-loader plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/apm-config-loader']
 ---
 import kbnApmConfigLoaderObj from './kbn_apm_config_loader.devdocs.json';
diff --git a/api_docs/kbn_apm_data_view.mdx b/api_docs/kbn_apm_data_view.mdx
index 065e099e353a7..5816a667d69f8 100644
--- a/api_docs/kbn_apm_data_view.mdx
+++ b/api_docs/kbn_apm_data_view.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-apm-data-view
 title: "@kbn/apm-data-view"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/apm-data-view plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/apm-data-view']
 ---
 import kbnApmDataViewObj from './kbn_apm_data_view.devdocs.json';
diff --git a/api_docs/kbn_apm_synthtrace.mdx b/api_docs/kbn_apm_synthtrace.mdx
index 9edda86620a6d..5731cd398be9c 100644
--- a/api_docs/kbn_apm_synthtrace.mdx
+++ b/api_docs/kbn_apm_synthtrace.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-apm-synthtrace
 title: "@kbn/apm-synthtrace"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/apm-synthtrace plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/apm-synthtrace']
 ---
 import kbnApmSynthtraceObj from './kbn_apm_synthtrace.devdocs.json';
diff --git a/api_docs/kbn_apm_synthtrace_client.mdx b/api_docs/kbn_apm_synthtrace_client.mdx
index b22847579b95d..df06afdc0ac02 100644
--- a/api_docs/kbn_apm_synthtrace_client.mdx
+++ b/api_docs/kbn_apm_synthtrace_client.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-apm-synthtrace-client
 title: "@kbn/apm-synthtrace-client"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/apm-synthtrace-client plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/apm-synthtrace-client']
 ---
 import kbnApmSynthtraceClientObj from './kbn_apm_synthtrace_client.devdocs.json';
diff --git a/api_docs/kbn_apm_types.mdx b/api_docs/kbn_apm_types.mdx
index f018b4dc4f250..a69315250154a 100644
--- a/api_docs/kbn_apm_types.mdx
+++ b/api_docs/kbn_apm_types.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-apm-types
 title: "@kbn/apm-types"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/apm-types plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/apm-types']
 ---
 import kbnApmTypesObj from './kbn_apm_types.devdocs.json';
diff --git a/api_docs/kbn_apm_utils.devdocs.json b/api_docs/kbn_apm_utils.devdocs.json
index a2f6a020ccaba..56a7f3581459d 100644
--- a/api_docs/kbn_apm_utils.devdocs.json
+++ b/api_docs/kbn_apm_utils.devdocs.json
@@ -92,7 +92,9 @@
           },
           ", cb: (span?: ",
           "Span",
-          " | undefined) => Promise<T>) => Promise<T>"
+          " | undefined) => Promise<T>, logger: ",
+          "Logger",
+          " | undefined) => Promise<T>"
         ],
         "path": "packages/kbn-apm-utils/index.ts",
         "deprecated": false,
@@ -136,6 +138,22 @@
             "deprecated": false,
             "trackAdoption": false,
             "isRequired": true
+          },
+          {
+            "parentPluginId": "@kbn/apm-utils",
+            "id": "def-common.withSpan.$3",
+            "type": "Object",
+            "tags": [],
+            "label": "logger",
+            "description": [],
+            "signature": [
+              "Logger",
+              " | undefined"
+            ],
+            "path": "packages/kbn-apm-utils/index.ts",
+            "deprecated": false,
+            "trackAdoption": false,
+            "isRequired": false
           }
         ],
         "returnComment": [],
diff --git a/api_docs/kbn_apm_utils.mdx b/api_docs/kbn_apm_utils.mdx
index 5b84cbd3e3213..4bbb2bbec1c48 100644
--- a/api_docs/kbn_apm_utils.mdx
+++ b/api_docs/kbn_apm_utils.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-apm-utils
 title: "@kbn/apm-utils"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/apm-utils plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/apm-utils']
 ---
 import kbnApmUtilsObj from './kbn_apm_utils.devdocs.json';
@@ -21,7 +21,7 @@ Contact [@elastic/obs-ux-infra_services-team](https://github.com/orgs/elastic/te
 
 | Public API count  | Any count | Items lacking comments | Missing exports |
 |-------------------|-----------|------------------------|-----------------|
-| 11 | 0 | 11 | 0 |
+| 12 | 0 | 12 | 0 |
 
 ## Common
 
diff --git a/api_docs/kbn_avc_banner.mdx b/api_docs/kbn_avc_banner.mdx
index 964a8d376ae00..651b5500ca7e5 100644
--- a/api_docs/kbn_avc_banner.mdx
+++ b/api_docs/kbn_avc_banner.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-avc-banner
 title: "@kbn/avc-banner"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/avc-banner plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/avc-banner']
 ---
 import kbnAvcBannerObj from './kbn_avc_banner.devdocs.json';
diff --git a/api_docs/kbn_axe_config.mdx b/api_docs/kbn_axe_config.mdx
index e93dd4df949e5..fefe18782c6c8 100644
--- a/api_docs/kbn_axe_config.mdx
+++ b/api_docs/kbn_axe_config.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-axe-config
 title: "@kbn/axe-config"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/axe-config plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/axe-config']
 ---
 import kbnAxeConfigObj from './kbn_axe_config.devdocs.json';
diff --git a/api_docs/kbn_bfetch_error.mdx b/api_docs/kbn_bfetch_error.mdx
index 3b4644bfed2bc..0180f89506840 100644
--- a/api_docs/kbn_bfetch_error.mdx
+++ b/api_docs/kbn_bfetch_error.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-bfetch-error
 title: "@kbn/bfetch-error"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/bfetch-error plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/bfetch-error']
 ---
 import kbnBfetchErrorObj from './kbn_bfetch_error.devdocs.json';
diff --git a/api_docs/kbn_calculate_auto.mdx b/api_docs/kbn_calculate_auto.mdx
index e20024ebcc43b..a53aa155d485c 100644
--- a/api_docs/kbn_calculate_auto.mdx
+++ b/api_docs/kbn_calculate_auto.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-calculate-auto
 title: "@kbn/calculate-auto"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/calculate-auto plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/calculate-auto']
 ---
 import kbnCalculateAutoObj from './kbn_calculate_auto.devdocs.json';
diff --git a/api_docs/kbn_calculate_width_from_char_count.mdx b/api_docs/kbn_calculate_width_from_char_count.mdx
index 4e2600cb02f1c..313295c715ef6 100644
--- a/api_docs/kbn_calculate_width_from_char_count.mdx
+++ b/api_docs/kbn_calculate_width_from_char_count.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-calculate-width-from-char-count
 title: "@kbn/calculate-width-from-char-count"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/calculate-width-from-char-count plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/calculate-width-from-char-count']
 ---
 import kbnCalculateWidthFromCharCountObj from './kbn_calculate_width_from_char_count.devdocs.json';
diff --git a/api_docs/kbn_cases_components.mdx b/api_docs/kbn_cases_components.mdx
index e1f2327ed7322..9ca1db0e582a9 100644
--- a/api_docs/kbn_cases_components.mdx
+++ b/api_docs/kbn_cases_components.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-cases-components
 title: "@kbn/cases-components"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/cases-components plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/cases-components']
 ---
 import kbnCasesComponentsObj from './kbn_cases_components.devdocs.json';
diff --git a/api_docs/kbn_cbor.mdx b/api_docs/kbn_cbor.mdx
index d183f1aefe14b..2611c9cc91ca3 100644
--- a/api_docs/kbn_cbor.mdx
+++ b/api_docs/kbn_cbor.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-cbor
 title: "@kbn/cbor"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/cbor plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/cbor']
 ---
 import kbnCborObj from './kbn_cbor.devdocs.json';
diff --git a/api_docs/kbn_cell_actions.mdx b/api_docs/kbn_cell_actions.mdx
index 320ae236f19c9..e9ae0b38193f2 100644
--- a/api_docs/kbn_cell_actions.mdx
+++ b/api_docs/kbn_cell_actions.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-cell-actions
 title: "@kbn/cell-actions"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/cell-actions plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/cell-actions']
 ---
 import kbnCellActionsObj from './kbn_cell_actions.devdocs.json';
diff --git a/api_docs/kbn_chart_expressions_common.mdx b/api_docs/kbn_chart_expressions_common.mdx
index 1804025bc6e2a..754d25e9913a8 100644
--- a/api_docs/kbn_chart_expressions_common.mdx
+++ b/api_docs/kbn_chart_expressions_common.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-chart-expressions-common
 title: "@kbn/chart-expressions-common"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/chart-expressions-common plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/chart-expressions-common']
 ---
 import kbnChartExpressionsCommonObj from './kbn_chart_expressions_common.devdocs.json';
diff --git a/api_docs/kbn_chart_icons.mdx b/api_docs/kbn_chart_icons.mdx
index 2abd21bd4910e..b25dcd2280a75 100644
--- a/api_docs/kbn_chart_icons.mdx
+++ b/api_docs/kbn_chart_icons.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-chart-icons
 title: "@kbn/chart-icons"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/chart-icons plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/chart-icons']
 ---
 import kbnChartIconsObj from './kbn_chart_icons.devdocs.json';
diff --git a/api_docs/kbn_ci_stats_core.mdx b/api_docs/kbn_ci_stats_core.mdx
index f2165c99ee6a0..18e2f8b7cbc30 100644
--- a/api_docs/kbn_ci_stats_core.mdx
+++ b/api_docs/kbn_ci_stats_core.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ci-stats-core
 title: "@kbn/ci-stats-core"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/ci-stats-core plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ci-stats-core']
 ---
 import kbnCiStatsCoreObj from './kbn_ci_stats_core.devdocs.json';
diff --git a/api_docs/kbn_ci_stats_performance_metrics.mdx b/api_docs/kbn_ci_stats_performance_metrics.mdx
index ca26b29a55040..1771cf61e9d55 100644
--- a/api_docs/kbn_ci_stats_performance_metrics.mdx
+++ b/api_docs/kbn_ci_stats_performance_metrics.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ci-stats-performance-metrics
 title: "@kbn/ci-stats-performance-metrics"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/ci-stats-performance-metrics plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ci-stats-performance-metrics']
 ---
 import kbnCiStatsPerformanceMetricsObj from './kbn_ci_stats_performance_metrics.devdocs.json';
diff --git a/api_docs/kbn_ci_stats_reporter.mdx b/api_docs/kbn_ci_stats_reporter.mdx
index 0716b421c75d7..f89d94f0520b7 100644
--- a/api_docs/kbn_ci_stats_reporter.mdx
+++ b/api_docs/kbn_ci_stats_reporter.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ci-stats-reporter
 title: "@kbn/ci-stats-reporter"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/ci-stats-reporter plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ci-stats-reporter']
 ---
 import kbnCiStatsReporterObj from './kbn_ci_stats_reporter.devdocs.json';
diff --git a/api_docs/kbn_cli_dev_mode.mdx b/api_docs/kbn_cli_dev_mode.mdx
index 6d608449b7e06..c647fa0d85bc4 100644
--- a/api_docs/kbn_cli_dev_mode.mdx
+++ b/api_docs/kbn_cli_dev_mode.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-cli-dev-mode
 title: "@kbn/cli-dev-mode"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/cli-dev-mode plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/cli-dev-mode']
 ---
 import kbnCliDevModeObj from './kbn_cli_dev_mode.devdocs.json';
diff --git a/api_docs/kbn_cloud_security_posture.mdx b/api_docs/kbn_cloud_security_posture.mdx
index 5a39b4863ce86..2af52b51b25e0 100644
--- a/api_docs/kbn_cloud_security_posture.mdx
+++ b/api_docs/kbn_cloud_security_posture.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-cloud-security-posture
 title: "@kbn/cloud-security-posture"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/cloud-security-posture plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/cloud-security-posture']
 ---
 import kbnCloudSecurityPostureObj from './kbn_cloud_security_posture.devdocs.json';
diff --git a/api_docs/kbn_cloud_security_posture_common.mdx b/api_docs/kbn_cloud_security_posture_common.mdx
index 980f1e79d34c0..902eb258da009 100644
--- a/api_docs/kbn_cloud_security_posture_common.mdx
+++ b/api_docs/kbn_cloud_security_posture_common.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-cloud-security-posture-common
 title: "@kbn/cloud-security-posture-common"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/cloud-security-posture-common plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/cloud-security-posture-common']
 ---
 import kbnCloudSecurityPostureCommonObj from './kbn_cloud_security_posture_common.devdocs.json';
diff --git a/api_docs/kbn_cloud_security_posture_graph.devdocs.json b/api_docs/kbn_cloud_security_posture_graph.devdocs.json
index 3731714f817a9..eb1a40b17d3c6 100644
--- a/api_docs/kbn_cloud_security_posture_graph.devdocs.json
+++ b/api_docs/kbn_cloud_security_posture_graph.devdocs.json
@@ -15,7 +15,7 @@
           "\nGraph component renders a graph visualization using ReactFlow.\nIt takes nodes and edges as input and provides interactive controls\nfor panning, zooming, and manipulating the graph.\n"
         ],
         "signature": [
-          "({ nodes, edges, interactive, ...rest }: ",
+          "({ nodes, edges, interactive, isLocked, ...rest }: ",
           {
             "pluginId": "@kbn/cloud-security-posture-graph",
             "scope": "public",
@@ -34,7 +34,7 @@
             "id": "def-public.Graph.$1",
             "type": "Object",
             "tags": [],
-            "label": "{ nodes, edges, interactive, ...rest }",
+            "label": "{\n  nodes,\n  edges,\n  interactive,\n  isLocked = false,\n  ...rest\n}",
             "description": [],
             "signature": [
               {
@@ -55,6 +55,75 @@
           "The rendered Graph component."
         ],
         "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/cloud-security-posture-graph",
+        "id": "def-public.GraphPopover",
+        "type": "Function",
+        "tags": [],
+        "label": "GraphPopover",
+        "description": [],
+        "signature": [
+          "({ isOpen, anchorElement, closePopover, children, ...rest }: ",
+          "GraphPopoverProps",
+          ") => React.JSX.Element | null"
+        ],
+        "path": "x-pack/packages/kbn-cloud-security-posture/graph/src/components/graph/graph_popover.tsx",
+        "deprecated": false,
+        "trackAdoption": false,
+        "children": [
+          {
+            "parentPluginId": "@kbn/cloud-security-posture-graph",
+            "id": "def-public.GraphPopover.$1",
+            "type": "Object",
+            "tags": [],
+            "label": "{\n  isOpen,\n  anchorElement,\n  closePopover,\n  children,\n  ...rest\n}",
+            "description": [],
+            "signature": [
+              "GraphPopoverProps"
+            ],
+            "path": "x-pack/packages/kbn-cloud-security-posture/graph/src/components/graph/graph_popover.tsx",
+            "deprecated": false,
+            "trackAdoption": false,
+            "isRequired": true
+          }
+        ],
+        "returnComment": [],
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/cloud-security-posture-graph",
+        "id": "def-public.useGraphPopover",
+        "type": "Function",
+        "tags": [],
+        "label": "useGraphPopover",
+        "description": [],
+        "signature": [
+          "(id: string) => ",
+          "GraphPopoverState"
+        ],
+        "path": "x-pack/packages/kbn-cloud-security-posture/graph/src/components/graph/use_graph_popover.tsx",
+        "deprecated": false,
+        "trackAdoption": false,
+        "children": [
+          {
+            "parentPluginId": "@kbn/cloud-security-posture-graph",
+            "id": "def-public.useGraphPopover.$1",
+            "type": "string",
+            "tags": [],
+            "label": "id",
+            "description": [],
+            "signature": [
+              "string"
+            ],
+            "path": "x-pack/packages/kbn-cloud-security-posture/graph/src/components/graph/use_graph_popover.tsx",
+            "deprecated": false,
+            "trackAdoption": false,
+            "isRequired": true
+          }
+        ],
+        "returnComment": [],
+        "initialIsOpen": false
       }
     ],
     "interfaces": [
@@ -110,58 +179,27 @@
             "label": "expandButtonClick",
             "description": [],
             "signature": [
-              "((e: React.MouseEvent<HTMLElement, MouseEvent>, node: ",
-              {
-                "pluginId": "@kbn/cloud-security-posture-graph",
-                "scope": "public",
-                "docId": "kibKbnCloudSecurityPostureGraphPluginApi",
-                "section": "def-public.NodeProps",
-                "text": "NodeProps"
-              },
-              ") => void) | undefined"
+              "ExpandButtonClickCallback",
+              " | undefined"
             ],
             "path": "x-pack/packages/kbn-cloud-security-posture/graph/src/components/types.ts",
             "deprecated": false,
-            "trackAdoption": false,
-            "children": [
-              {
-                "parentPluginId": "@kbn/cloud-security-posture-graph",
-                "id": "def-public.EntityNodeViewModel.expandButtonClick.$1",
-                "type": "Object",
-                "tags": [],
-                "label": "e",
-                "description": [],
-                "signature": [
-                  "React.MouseEvent<HTMLElement, MouseEvent>"
-                ],
-                "path": "x-pack/packages/kbn-cloud-security-posture/graph/src/components/types.ts",
-                "deprecated": false,
-                "trackAdoption": false,
-                "isRequired": true
-              },
-              {
-                "parentPluginId": "@kbn/cloud-security-posture-graph",
-                "id": "def-public.EntityNodeViewModel.expandButtonClick.$2",
-                "type": "CompoundType",
-                "tags": [],
-                "label": "node",
-                "description": [],
-                "signature": [
-                  {
-                    "pluginId": "@kbn/cloud-security-posture-graph",
-                    "scope": "public",
-                    "docId": "kibKbnCloudSecurityPostureGraphPluginApi",
-                    "section": "def-public.NodeProps",
-                    "text": "NodeProps"
-                  }
-                ],
-                "path": "x-pack/packages/kbn-cloud-security-posture/graph/src/components/types.ts",
-                "deprecated": false,
-                "trackAdoption": false,
-                "isRequired": true
-              }
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "@kbn/cloud-security-posture-graph",
+            "id": "def-public.EntityNodeViewModel.nodeClick",
+            "type": "Function",
+            "tags": [],
+            "label": "nodeClick",
+            "description": [],
+            "signature": [
+              "NodeClickCallback",
+              " | undefined"
             ],
-            "returnComment": []
+            "path": "x-pack/packages/kbn-cloud-security-posture/graph/src/components/types.ts",
+            "deprecated": false,
+            "trackAdoption": false
           }
         ],
         "initialIsOpen": false
@@ -194,7 +232,9 @@
             "type": "Array",
             "tags": [],
             "label": "nodes",
-            "description": [],
+            "description": [
+              "\nArray of node view models to be rendered in the graph."
+            ],
             "signature": [
               {
                 "pluginId": "@kbn/cloud-security-posture-graph",
@@ -215,7 +255,9 @@
             "type": "Array",
             "tags": [],
             "label": "edges",
-            "description": [],
+            "description": [
+              "\nArray of edge view models to be rendered in the graph."
+            ],
             "signature": [
               {
                 "pluginId": "@kbn/cloud-security-posture-graph",
@@ -236,7 +278,25 @@
             "type": "boolean",
             "tags": [],
             "label": "interactive",
-            "description": [],
+            "description": [
+              "\nDetermines whether the graph is interactive (allows panning, zooming, etc.).\nWhen set to false, the graph is locked and user interactions are disabled, effectively putting it in view-only mode."
+            ],
+            "path": "x-pack/packages/kbn-cloud-security-posture/graph/src/components/graph/graph.tsx",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "@kbn/cloud-security-posture-graph",
+            "id": "def-public.GraphProps.isLocked",
+            "type": "CompoundType",
+            "tags": [],
+            "label": "isLocked",
+            "description": [
+              "\nDetermines whether the graph is locked. Nodes and edges are still interactive, but the graph itself is not."
+            ],
+            "signature": [
+              "boolean | undefined"
+            ],
             "path": "x-pack/packages/kbn-cloud-security-posture/graph/src/components/graph/graph.tsx",
             "deprecated": false,
             "trackAdoption": false
@@ -296,58 +356,12 @@
             "label": "expandButtonClick",
             "description": [],
             "signature": [
-              "((e: React.MouseEvent<HTMLElement, MouseEvent>, node: ",
-              {
-                "pluginId": "@kbn/cloud-security-posture-graph",
-                "scope": "public",
-                "docId": "kibKbnCloudSecurityPostureGraphPluginApi",
-                "section": "def-public.NodeProps",
-                "text": "NodeProps"
-              },
-              ") => void) | undefined"
+              "ExpandButtonClickCallback",
+              " | undefined"
             ],
             "path": "x-pack/packages/kbn-cloud-security-posture/graph/src/components/types.ts",
             "deprecated": false,
-            "trackAdoption": false,
-            "children": [
-              {
-                "parentPluginId": "@kbn/cloud-security-posture-graph",
-                "id": "def-public.LabelNodeViewModel.expandButtonClick.$1",
-                "type": "Object",
-                "tags": [],
-                "label": "e",
-                "description": [],
-                "signature": [
-                  "React.MouseEvent<HTMLElement, MouseEvent>"
-                ],
-                "path": "x-pack/packages/kbn-cloud-security-posture/graph/src/components/types.ts",
-                "deprecated": false,
-                "trackAdoption": false,
-                "isRequired": true
-              },
-              {
-                "parentPluginId": "@kbn/cloud-security-posture-graph",
-                "id": "def-public.LabelNodeViewModel.expandButtonClick.$2",
-                "type": "CompoundType",
-                "tags": [],
-                "label": "node",
-                "description": [],
-                "signature": [
-                  {
-                    "pluginId": "@kbn/cloud-security-posture-graph",
-                    "scope": "public",
-                    "docId": "kibKbnCloudSecurityPostureGraphPluginApi",
-                    "section": "def-public.NodeProps",
-                    "text": "NodeProps"
-                  }
-                ],
-                "path": "x-pack/packages/kbn-cloud-security-posture/graph/src/components/types.ts",
-                "deprecated": false,
-                "trackAdoption": false,
-                "isRequired": true
-              }
-            ],
-            "returnComment": []
+            "trackAdoption": false
           }
         ],
         "initialIsOpen": false
diff --git a/api_docs/kbn_cloud_security_posture_graph.mdx b/api_docs/kbn_cloud_security_posture_graph.mdx
index a9807078c1778..de7433fc727ab 100644
--- a/api_docs/kbn_cloud_security_posture_graph.mdx
+++ b/api_docs/kbn_cloud_security_posture_graph.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-cloud-security-posture-graph
 title: "@kbn/cloud-security-posture-graph"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/cloud-security-posture-graph plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/cloud-security-posture-graph']
 ---
 import kbnCloudSecurityPostureGraphObj from './kbn_cloud_security_posture_graph.devdocs.json';
@@ -21,7 +21,7 @@ Contact [@elastic/kibana-cloud-security-posture](https://github.com/orgs/elastic
 
 | Public API count  | Any count | Items lacking comments | Missing exports |
 |-------------------|-----------|------------------------|-----------------|
-| 18 | 0 | 17 | 0 |
+| 20 | 0 | 15 | 4 |
 
 ## Client
 
diff --git a/api_docs/kbn_code_editor.mdx b/api_docs/kbn_code_editor.mdx
index 353c1146fc6e3..2b7be4bfa474d 100644
--- a/api_docs/kbn_code_editor.mdx
+++ b/api_docs/kbn_code_editor.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-code-editor
 title: "@kbn/code-editor"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/code-editor plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/code-editor']
 ---
 import kbnCodeEditorObj from './kbn_code_editor.devdocs.json';
diff --git a/api_docs/kbn_code_editor_mock.mdx b/api_docs/kbn_code_editor_mock.mdx
index 7b994f1c7fe5a..b1006905a03b2 100644
--- a/api_docs/kbn_code_editor_mock.mdx
+++ b/api_docs/kbn_code_editor_mock.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-code-editor-mock
 title: "@kbn/code-editor-mock"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/code-editor-mock plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/code-editor-mock']
 ---
 import kbnCodeEditorMockObj from './kbn_code_editor_mock.devdocs.json';
diff --git a/api_docs/kbn_code_owners.mdx b/api_docs/kbn_code_owners.mdx
index c0502db23115e..e071c4f409a80 100644
--- a/api_docs/kbn_code_owners.mdx
+++ b/api_docs/kbn_code_owners.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-code-owners
 title: "@kbn/code-owners"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/code-owners plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/code-owners']
 ---
 import kbnCodeOwnersObj from './kbn_code_owners.devdocs.json';
diff --git a/api_docs/kbn_coloring.mdx b/api_docs/kbn_coloring.mdx
index c38e34841f10d..ee81fcde01dea 100644
--- a/api_docs/kbn_coloring.mdx
+++ b/api_docs/kbn_coloring.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-coloring
 title: "@kbn/coloring"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/coloring plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/coloring']
 ---
 import kbnColoringObj from './kbn_coloring.devdocs.json';
diff --git a/api_docs/kbn_config.mdx b/api_docs/kbn_config.mdx
index 36df67b11013f..77edb8a670bbd 100644
--- a/api_docs/kbn_config.mdx
+++ b/api_docs/kbn_config.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-config
 title: "@kbn/config"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/config plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/config']
 ---
 import kbnConfigObj from './kbn_config.devdocs.json';
diff --git a/api_docs/kbn_config_mocks.mdx b/api_docs/kbn_config_mocks.mdx
index 64dc10df0c3a7..cd1bbd18df89a 100644
--- a/api_docs/kbn_config_mocks.mdx
+++ b/api_docs/kbn_config_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-config-mocks
 title: "@kbn/config-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/config-mocks plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/config-mocks']
 ---
 import kbnConfigMocksObj from './kbn_config_mocks.devdocs.json';
diff --git a/api_docs/kbn_config_schema.mdx b/api_docs/kbn_config_schema.mdx
index b150c48b02ad7..24be0bb50f81c 100644
--- a/api_docs/kbn_config_schema.mdx
+++ b/api_docs/kbn_config_schema.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-config-schema
 title: "@kbn/config-schema"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/config-schema plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/config-schema']
 ---
 import kbnConfigSchemaObj from './kbn_config_schema.devdocs.json';
diff --git a/api_docs/kbn_content_management_content_editor.mdx b/api_docs/kbn_content_management_content_editor.mdx
index d23fabc9adf00..a0f0149f25b5c 100644
--- a/api_docs/kbn_content_management_content_editor.mdx
+++ b/api_docs/kbn_content_management_content_editor.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-content-management-content-editor
 title: "@kbn/content-management-content-editor"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/content-management-content-editor plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/content-management-content-editor']
 ---
 import kbnContentManagementContentEditorObj from './kbn_content_management_content_editor.devdocs.json';
diff --git a/api_docs/kbn_content_management_content_insights_public.mdx b/api_docs/kbn_content_management_content_insights_public.mdx
index 1c65dad73ba53..44b7c4ff8ae67 100644
--- a/api_docs/kbn_content_management_content_insights_public.mdx
+++ b/api_docs/kbn_content_management_content_insights_public.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-content-management-content-insights-public
 title: "@kbn/content-management-content-insights-public"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/content-management-content-insights-public plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/content-management-content-insights-public']
 ---
 import kbnContentManagementContentInsightsPublicObj from './kbn_content_management_content_insights_public.devdocs.json';
diff --git a/api_docs/kbn_content_management_content_insights_server.mdx b/api_docs/kbn_content_management_content_insights_server.mdx
index 12a392966e5c7..896bfaf11c980 100644
--- a/api_docs/kbn_content_management_content_insights_server.mdx
+++ b/api_docs/kbn_content_management_content_insights_server.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-content-management-content-insights-server
 title: "@kbn/content-management-content-insights-server"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/content-management-content-insights-server plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/content-management-content-insights-server']
 ---
 import kbnContentManagementContentInsightsServerObj from './kbn_content_management_content_insights_server.devdocs.json';
diff --git a/api_docs/kbn_content_management_favorites_public.mdx b/api_docs/kbn_content_management_favorites_public.mdx
index 1bd4a4c16c00e..3a13f4886b4cb 100644
--- a/api_docs/kbn_content_management_favorites_public.mdx
+++ b/api_docs/kbn_content_management_favorites_public.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-content-management-favorites-public
 title: "@kbn/content-management-favorites-public"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/content-management-favorites-public plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/content-management-favorites-public']
 ---
 import kbnContentManagementFavoritesPublicObj from './kbn_content_management_favorites_public.devdocs.json';
diff --git a/api_docs/kbn_content_management_favorites_server.mdx b/api_docs/kbn_content_management_favorites_server.mdx
index 1b8425c4c2983..51b54fd2ca7a9 100644
--- a/api_docs/kbn_content_management_favorites_server.mdx
+++ b/api_docs/kbn_content_management_favorites_server.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-content-management-favorites-server
 title: "@kbn/content-management-favorites-server"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/content-management-favorites-server plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/content-management-favorites-server']
 ---
 import kbnContentManagementFavoritesServerObj from './kbn_content_management_favorites_server.devdocs.json';
diff --git a/api_docs/kbn_content_management_tabbed_table_list_view.mdx b/api_docs/kbn_content_management_tabbed_table_list_view.mdx
index 609458b5331d6..947a7bb2fd8f1 100644
--- a/api_docs/kbn_content_management_tabbed_table_list_view.mdx
+++ b/api_docs/kbn_content_management_tabbed_table_list_view.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-content-management-tabbed-table-list-view
 title: "@kbn/content-management-tabbed-table-list-view"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/content-management-tabbed-table-list-view plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/content-management-tabbed-table-list-view']
 ---
 import kbnContentManagementTabbedTableListViewObj from './kbn_content_management_tabbed_table_list_view.devdocs.json';
diff --git a/api_docs/kbn_content_management_table_list_view.mdx b/api_docs/kbn_content_management_table_list_view.mdx
index dc11375e8a814..304a4816f52be 100644
--- a/api_docs/kbn_content_management_table_list_view.mdx
+++ b/api_docs/kbn_content_management_table_list_view.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-content-management-table-list-view
 title: "@kbn/content-management-table-list-view"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/content-management-table-list-view plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/content-management-table-list-view']
 ---
 import kbnContentManagementTableListViewObj from './kbn_content_management_table_list_view.devdocs.json';
diff --git a/api_docs/kbn_content_management_table_list_view_common.mdx b/api_docs/kbn_content_management_table_list_view_common.mdx
index c03a1ec3197c6..3f6ac1dbab5e9 100644
--- a/api_docs/kbn_content_management_table_list_view_common.mdx
+++ b/api_docs/kbn_content_management_table_list_view_common.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-content-management-table-list-view-common
 title: "@kbn/content-management-table-list-view-common"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/content-management-table-list-view-common plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/content-management-table-list-view-common']
 ---
 import kbnContentManagementTableListViewCommonObj from './kbn_content_management_table_list_view_common.devdocs.json';
diff --git a/api_docs/kbn_content_management_table_list_view_table.mdx b/api_docs/kbn_content_management_table_list_view_table.mdx
index db646bd362929..f2caee429ca99 100644
--- a/api_docs/kbn_content_management_table_list_view_table.mdx
+++ b/api_docs/kbn_content_management_table_list_view_table.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-content-management-table-list-view-table
 title: "@kbn/content-management-table-list-view-table"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/content-management-table-list-view-table plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/content-management-table-list-view-table']
 ---
 import kbnContentManagementTableListViewTableObj from './kbn_content_management_table_list_view_table.devdocs.json';
diff --git a/api_docs/kbn_content_management_user_profiles.mdx b/api_docs/kbn_content_management_user_profiles.mdx
index 74795dd1d8906..f30e2d296aeba 100644
--- a/api_docs/kbn_content_management_user_profiles.mdx
+++ b/api_docs/kbn_content_management_user_profiles.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-content-management-user-profiles
 title: "@kbn/content-management-user-profiles"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/content-management-user-profiles plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/content-management-user-profiles']
 ---
 import kbnContentManagementUserProfilesObj from './kbn_content_management_user_profiles.devdocs.json';
diff --git a/api_docs/kbn_content_management_utils.mdx b/api_docs/kbn_content_management_utils.mdx
index d00fea0e055b3..05e359f29c970 100644
--- a/api_docs/kbn_content_management_utils.mdx
+++ b/api_docs/kbn_content_management_utils.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-content-management-utils
 title: "@kbn/content-management-utils"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/content-management-utils plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/content-management-utils']
 ---
 import kbnContentManagementUtilsObj from './kbn_content_management_utils.devdocs.json';
diff --git a/api_docs/kbn_core_analytics_browser.devdocs.json b/api_docs/kbn_core_analytics_browser.devdocs.json
index 16e5bf6680c4d..962fabc7e1efd 100644
--- a/api_docs/kbn_core_analytics_browser.devdocs.json
+++ b/api_docs/kbn_core_analytics_browser.devdocs.json
@@ -926,10 +926,6 @@
                 "plugin": "inventory",
                 "path": "x-pack/plugins/observability_solution/inventory/public/services/telemetry/telemetry_client.ts"
               },
-              {
-                "plugin": "inventory",
-                "path": "x-pack/plugins/observability_solution/inventory/public/services/telemetry/telemetry_client.ts"
-              },
               {
                 "plugin": "observabilityLogsExplorer",
                 "path": "x-pack/plugins/observability_solution/observability_logs_explorer/public/state_machines/observability_logs_explorer/src/telemetry_events.ts"
@@ -982,14 +978,6 @@
                 "plugin": "observabilityAIAssistant",
                 "path": "x-pack/plugins/observability_solution/observability_ai_assistant/public/service/create_chat_service.test.ts"
               },
-              {
-                "plugin": "elasticAssistant",
-                "path": "x-pack/plugins/elastic_assistant/server/lib/langchain/elasticsearch_store/elasticsearch_store.ts"
-              },
-              {
-                "plugin": "elasticAssistant",
-                "path": "x-pack/plugins/elastic_assistant/server/lib/langchain/elasticsearch_store/elasticsearch_store.ts"
-              },
               {
                 "plugin": "securitySolution",
                 "path": "x-pack/plugins/security_solution/server/endpoint/services/actions/clients/lib/base_response_actions_client.test.ts"
@@ -1394,14 +1382,6 @@
                 "plugin": "inventory",
                 "path": "x-pack/plugins/observability_solution/inventory/public/services/telemetry/telemetry_service.test.ts"
               },
-              {
-                "plugin": "inventory",
-                "path": "x-pack/plugins/observability_solution/inventory/public/services/telemetry/telemetry_service.test.ts"
-              },
-              {
-                "plugin": "inventory",
-                "path": "x-pack/plugins/observability_solution/inventory/public/services/telemetry/telemetry_service.test.ts"
-              },
               {
                 "plugin": "securitySolution",
                 "path": "x-pack/plugins/security_solution/public/common/lib/telemetry/telemetry_service.test.ts"
diff --git a/api_docs/kbn_core_analytics_browser.mdx b/api_docs/kbn_core_analytics_browser.mdx
index 9259732156ac4..31da6beebcb75 100644
--- a/api_docs/kbn_core_analytics_browser.mdx
+++ b/api_docs/kbn_core_analytics_browser.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-analytics-browser
 title: "@kbn/core-analytics-browser"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-analytics-browser plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-analytics-browser']
 ---
 import kbnCoreAnalyticsBrowserObj from './kbn_core_analytics_browser.devdocs.json';
diff --git a/api_docs/kbn_core_analytics_browser_internal.mdx b/api_docs/kbn_core_analytics_browser_internal.mdx
index aa45f95180ae4..d0491b5611843 100644
--- a/api_docs/kbn_core_analytics_browser_internal.mdx
+++ b/api_docs/kbn_core_analytics_browser_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-analytics-browser-internal
 title: "@kbn/core-analytics-browser-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-analytics-browser-internal plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-analytics-browser-internal']
 ---
 import kbnCoreAnalyticsBrowserInternalObj from './kbn_core_analytics_browser_internal.devdocs.json';
diff --git a/api_docs/kbn_core_analytics_browser_mocks.mdx b/api_docs/kbn_core_analytics_browser_mocks.mdx
index c0bd6d0cd5713..26e90190f0dc2 100644
--- a/api_docs/kbn_core_analytics_browser_mocks.mdx
+++ b/api_docs/kbn_core_analytics_browser_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-analytics-browser-mocks
 title: "@kbn/core-analytics-browser-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-analytics-browser-mocks plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-analytics-browser-mocks']
 ---
 import kbnCoreAnalyticsBrowserMocksObj from './kbn_core_analytics_browser_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_analytics_server.devdocs.json b/api_docs/kbn_core_analytics_server.devdocs.json
index f4eedf0c5ca75..d9bdd2cd16864 100644
--- a/api_docs/kbn_core_analytics_server.devdocs.json
+++ b/api_docs/kbn_core_analytics_server.devdocs.json
@@ -934,10 +934,6 @@
                 "plugin": "inventory",
                 "path": "x-pack/plugins/observability_solution/inventory/public/services/telemetry/telemetry_client.ts"
               },
-              {
-                "plugin": "inventory",
-                "path": "x-pack/plugins/observability_solution/inventory/public/services/telemetry/telemetry_client.ts"
-              },
               {
                 "plugin": "observabilityLogsExplorer",
                 "path": "x-pack/plugins/observability_solution/observability_logs_explorer/public/state_machines/observability_logs_explorer/src/telemetry_events.ts"
@@ -990,14 +986,6 @@
                 "plugin": "observabilityAIAssistant",
                 "path": "x-pack/plugins/observability_solution/observability_ai_assistant/public/service/create_chat_service.test.ts"
               },
-              {
-                "plugin": "elasticAssistant",
-                "path": "x-pack/plugins/elastic_assistant/server/lib/langchain/elasticsearch_store/elasticsearch_store.ts"
-              },
-              {
-                "plugin": "elasticAssistant",
-                "path": "x-pack/plugins/elastic_assistant/server/lib/langchain/elasticsearch_store/elasticsearch_store.ts"
-              },
               {
                 "plugin": "securitySolution",
                 "path": "x-pack/plugins/security_solution/server/endpoint/services/actions/clients/lib/base_response_actions_client.test.ts"
@@ -1402,14 +1390,6 @@
                 "plugin": "inventory",
                 "path": "x-pack/plugins/observability_solution/inventory/public/services/telemetry/telemetry_service.test.ts"
               },
-              {
-                "plugin": "inventory",
-                "path": "x-pack/plugins/observability_solution/inventory/public/services/telemetry/telemetry_service.test.ts"
-              },
-              {
-                "plugin": "inventory",
-                "path": "x-pack/plugins/observability_solution/inventory/public/services/telemetry/telemetry_service.test.ts"
-              },
               {
                 "plugin": "securitySolution",
                 "path": "x-pack/plugins/security_solution/public/common/lib/telemetry/telemetry_service.test.ts"
diff --git a/api_docs/kbn_core_analytics_server.mdx b/api_docs/kbn_core_analytics_server.mdx
index ed1a968c83f5f..a8349c042d5f5 100644
--- a/api_docs/kbn_core_analytics_server.mdx
+++ b/api_docs/kbn_core_analytics_server.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-analytics-server
 title: "@kbn/core-analytics-server"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-analytics-server plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-analytics-server']
 ---
 import kbnCoreAnalyticsServerObj from './kbn_core_analytics_server.devdocs.json';
diff --git a/api_docs/kbn_core_analytics_server_internal.mdx b/api_docs/kbn_core_analytics_server_internal.mdx
index a439349d60a63..7fc98ea098394 100644
--- a/api_docs/kbn_core_analytics_server_internal.mdx
+++ b/api_docs/kbn_core_analytics_server_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-analytics-server-internal
 title: "@kbn/core-analytics-server-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-analytics-server-internal plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-analytics-server-internal']
 ---
 import kbnCoreAnalyticsServerInternalObj from './kbn_core_analytics_server_internal.devdocs.json';
diff --git a/api_docs/kbn_core_analytics_server_mocks.mdx b/api_docs/kbn_core_analytics_server_mocks.mdx
index 04e2124bb9c97..4f69c64339ed7 100644
--- a/api_docs/kbn_core_analytics_server_mocks.mdx
+++ b/api_docs/kbn_core_analytics_server_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-analytics-server-mocks
 title: "@kbn/core-analytics-server-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-analytics-server-mocks plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-analytics-server-mocks']
 ---
 import kbnCoreAnalyticsServerMocksObj from './kbn_core_analytics_server_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_application_browser.mdx b/api_docs/kbn_core_application_browser.mdx
index c5bc8ea96ebb9..ff483096da473 100644
--- a/api_docs/kbn_core_application_browser.mdx
+++ b/api_docs/kbn_core_application_browser.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-application-browser
 title: "@kbn/core-application-browser"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-application-browser plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-application-browser']
 ---
 import kbnCoreApplicationBrowserObj from './kbn_core_application_browser.devdocs.json';
diff --git a/api_docs/kbn_core_application_browser_internal.mdx b/api_docs/kbn_core_application_browser_internal.mdx
index 8ca3a84902b6c..7da141c4e78b1 100644
--- a/api_docs/kbn_core_application_browser_internal.mdx
+++ b/api_docs/kbn_core_application_browser_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-application-browser-internal
 title: "@kbn/core-application-browser-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-application-browser-internal plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-application-browser-internal']
 ---
 import kbnCoreApplicationBrowserInternalObj from './kbn_core_application_browser_internal.devdocs.json';
diff --git a/api_docs/kbn_core_application_browser_mocks.mdx b/api_docs/kbn_core_application_browser_mocks.mdx
index b092910766ce2..8fcbee5c8ea46 100644
--- a/api_docs/kbn_core_application_browser_mocks.mdx
+++ b/api_docs/kbn_core_application_browser_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-application-browser-mocks
 title: "@kbn/core-application-browser-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-application-browser-mocks plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-application-browser-mocks']
 ---
 import kbnCoreApplicationBrowserMocksObj from './kbn_core_application_browser_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_application_common.mdx b/api_docs/kbn_core_application_common.mdx
index 8fbc068a47068..bef589feb8685 100644
--- a/api_docs/kbn_core_application_common.mdx
+++ b/api_docs/kbn_core_application_common.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-application-common
 title: "@kbn/core-application-common"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-application-common plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-application-common']
 ---
 import kbnCoreApplicationCommonObj from './kbn_core_application_common.devdocs.json';
diff --git a/api_docs/kbn_core_apps_browser_internal.mdx b/api_docs/kbn_core_apps_browser_internal.mdx
index 437494990ec64..4a6410e00ab8c 100644
--- a/api_docs/kbn_core_apps_browser_internal.mdx
+++ b/api_docs/kbn_core_apps_browser_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-apps-browser-internal
 title: "@kbn/core-apps-browser-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-apps-browser-internal plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-apps-browser-internal']
 ---
 import kbnCoreAppsBrowserInternalObj from './kbn_core_apps_browser_internal.devdocs.json';
diff --git a/api_docs/kbn_core_apps_browser_mocks.mdx b/api_docs/kbn_core_apps_browser_mocks.mdx
index 8360e30d68902..ee11faf3cf860 100644
--- a/api_docs/kbn_core_apps_browser_mocks.mdx
+++ b/api_docs/kbn_core_apps_browser_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-apps-browser-mocks
 title: "@kbn/core-apps-browser-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-apps-browser-mocks plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-apps-browser-mocks']
 ---
 import kbnCoreAppsBrowserMocksObj from './kbn_core_apps_browser_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_apps_server_internal.mdx b/api_docs/kbn_core_apps_server_internal.mdx
index cad169815e480..1aa70b5189a52 100644
--- a/api_docs/kbn_core_apps_server_internal.mdx
+++ b/api_docs/kbn_core_apps_server_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-apps-server-internal
 title: "@kbn/core-apps-server-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-apps-server-internal plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-apps-server-internal']
 ---
 import kbnCoreAppsServerInternalObj from './kbn_core_apps_server_internal.devdocs.json';
diff --git a/api_docs/kbn_core_base_browser_mocks.mdx b/api_docs/kbn_core_base_browser_mocks.mdx
index 74026cbd53e94..71a6e9e219fb6 100644
--- a/api_docs/kbn_core_base_browser_mocks.mdx
+++ b/api_docs/kbn_core_base_browser_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-base-browser-mocks
 title: "@kbn/core-base-browser-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-base-browser-mocks plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-base-browser-mocks']
 ---
 import kbnCoreBaseBrowserMocksObj from './kbn_core_base_browser_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_base_common.mdx b/api_docs/kbn_core_base_common.mdx
index 0240046659dea..74b429525b0b9 100644
--- a/api_docs/kbn_core_base_common.mdx
+++ b/api_docs/kbn_core_base_common.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-base-common
 title: "@kbn/core-base-common"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-base-common plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-base-common']
 ---
 import kbnCoreBaseCommonObj from './kbn_core_base_common.devdocs.json';
diff --git a/api_docs/kbn_core_base_server_internal.mdx b/api_docs/kbn_core_base_server_internal.mdx
index dd4240e077be4..1b1308c3902bf 100644
--- a/api_docs/kbn_core_base_server_internal.mdx
+++ b/api_docs/kbn_core_base_server_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-base-server-internal
 title: "@kbn/core-base-server-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-base-server-internal plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-base-server-internal']
 ---
 import kbnCoreBaseServerInternalObj from './kbn_core_base_server_internal.devdocs.json';
diff --git a/api_docs/kbn_core_base_server_mocks.mdx b/api_docs/kbn_core_base_server_mocks.mdx
index 672f23c9f90df..e7f4d95030c3a 100644
--- a/api_docs/kbn_core_base_server_mocks.mdx
+++ b/api_docs/kbn_core_base_server_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-base-server-mocks
 title: "@kbn/core-base-server-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-base-server-mocks plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-base-server-mocks']
 ---
 import kbnCoreBaseServerMocksObj from './kbn_core_base_server_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_capabilities_browser_mocks.mdx b/api_docs/kbn_core_capabilities_browser_mocks.mdx
index c785a618c178f..93c0cd113599f 100644
--- a/api_docs/kbn_core_capabilities_browser_mocks.mdx
+++ b/api_docs/kbn_core_capabilities_browser_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-capabilities-browser-mocks
 title: "@kbn/core-capabilities-browser-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-capabilities-browser-mocks plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-capabilities-browser-mocks']
 ---
 import kbnCoreCapabilitiesBrowserMocksObj from './kbn_core_capabilities_browser_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_capabilities_common.mdx b/api_docs/kbn_core_capabilities_common.mdx
index 746a4b1c76639..e977b415d341f 100644
--- a/api_docs/kbn_core_capabilities_common.mdx
+++ b/api_docs/kbn_core_capabilities_common.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-capabilities-common
 title: "@kbn/core-capabilities-common"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-capabilities-common plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-capabilities-common']
 ---
 import kbnCoreCapabilitiesCommonObj from './kbn_core_capabilities_common.devdocs.json';
diff --git a/api_docs/kbn_core_capabilities_server.mdx b/api_docs/kbn_core_capabilities_server.mdx
index aee86b1904408..0bec20f3c30ef 100644
--- a/api_docs/kbn_core_capabilities_server.mdx
+++ b/api_docs/kbn_core_capabilities_server.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-capabilities-server
 title: "@kbn/core-capabilities-server"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-capabilities-server plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-capabilities-server']
 ---
 import kbnCoreCapabilitiesServerObj from './kbn_core_capabilities_server.devdocs.json';
diff --git a/api_docs/kbn_core_capabilities_server_mocks.mdx b/api_docs/kbn_core_capabilities_server_mocks.mdx
index 7cf4a32d639c7..b364e0c4afc57 100644
--- a/api_docs/kbn_core_capabilities_server_mocks.mdx
+++ b/api_docs/kbn_core_capabilities_server_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-capabilities-server-mocks
 title: "@kbn/core-capabilities-server-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-capabilities-server-mocks plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-capabilities-server-mocks']
 ---
 import kbnCoreCapabilitiesServerMocksObj from './kbn_core_capabilities_server_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_chrome_browser.mdx b/api_docs/kbn_core_chrome_browser.mdx
index 8032ac6405445..374adb633902c 100644
--- a/api_docs/kbn_core_chrome_browser.mdx
+++ b/api_docs/kbn_core_chrome_browser.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-chrome-browser
 title: "@kbn/core-chrome-browser"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-chrome-browser plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-chrome-browser']
 ---
 import kbnCoreChromeBrowserObj from './kbn_core_chrome_browser.devdocs.json';
diff --git a/api_docs/kbn_core_chrome_browser_mocks.mdx b/api_docs/kbn_core_chrome_browser_mocks.mdx
index 75e2407cd10ac..f7cece5eea8cb 100644
--- a/api_docs/kbn_core_chrome_browser_mocks.mdx
+++ b/api_docs/kbn_core_chrome_browser_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-chrome-browser-mocks
 title: "@kbn/core-chrome-browser-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-chrome-browser-mocks plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-chrome-browser-mocks']
 ---
 import kbnCoreChromeBrowserMocksObj from './kbn_core_chrome_browser_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_config_server_internal.mdx b/api_docs/kbn_core_config_server_internal.mdx
index a433a292166db..25a952340bb2a 100644
--- a/api_docs/kbn_core_config_server_internal.mdx
+++ b/api_docs/kbn_core_config_server_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-config-server-internal
 title: "@kbn/core-config-server-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-config-server-internal plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-config-server-internal']
 ---
 import kbnCoreConfigServerInternalObj from './kbn_core_config_server_internal.devdocs.json';
diff --git a/api_docs/kbn_core_custom_branding_browser.mdx b/api_docs/kbn_core_custom_branding_browser.mdx
index c55f6aebf24e0..72b768e44316b 100644
--- a/api_docs/kbn_core_custom_branding_browser.mdx
+++ b/api_docs/kbn_core_custom_branding_browser.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-custom-branding-browser
 title: "@kbn/core-custom-branding-browser"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-custom-branding-browser plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-custom-branding-browser']
 ---
 import kbnCoreCustomBrandingBrowserObj from './kbn_core_custom_branding_browser.devdocs.json';
diff --git a/api_docs/kbn_core_custom_branding_browser_internal.mdx b/api_docs/kbn_core_custom_branding_browser_internal.mdx
index 264a15c21f091..ec479db3a81ad 100644
--- a/api_docs/kbn_core_custom_branding_browser_internal.mdx
+++ b/api_docs/kbn_core_custom_branding_browser_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-custom-branding-browser-internal
 title: "@kbn/core-custom-branding-browser-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-custom-branding-browser-internal plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-custom-branding-browser-internal']
 ---
 import kbnCoreCustomBrandingBrowserInternalObj from './kbn_core_custom_branding_browser_internal.devdocs.json';
diff --git a/api_docs/kbn_core_custom_branding_browser_mocks.mdx b/api_docs/kbn_core_custom_branding_browser_mocks.mdx
index bc0608681fd2c..ea48de3511dbe 100644
--- a/api_docs/kbn_core_custom_branding_browser_mocks.mdx
+++ b/api_docs/kbn_core_custom_branding_browser_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-custom-branding-browser-mocks
 title: "@kbn/core-custom-branding-browser-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-custom-branding-browser-mocks plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-custom-branding-browser-mocks']
 ---
 import kbnCoreCustomBrandingBrowserMocksObj from './kbn_core_custom_branding_browser_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_custom_branding_common.mdx b/api_docs/kbn_core_custom_branding_common.mdx
index d737e6e6ca443..36d8868c2d0a4 100644
--- a/api_docs/kbn_core_custom_branding_common.mdx
+++ b/api_docs/kbn_core_custom_branding_common.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-custom-branding-common
 title: "@kbn/core-custom-branding-common"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-custom-branding-common plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-custom-branding-common']
 ---
 import kbnCoreCustomBrandingCommonObj from './kbn_core_custom_branding_common.devdocs.json';
diff --git a/api_docs/kbn_core_custom_branding_server.mdx b/api_docs/kbn_core_custom_branding_server.mdx
index 6ac8945bd5ed0..ef251794debf7 100644
--- a/api_docs/kbn_core_custom_branding_server.mdx
+++ b/api_docs/kbn_core_custom_branding_server.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-custom-branding-server
 title: "@kbn/core-custom-branding-server"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-custom-branding-server plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-custom-branding-server']
 ---
 import kbnCoreCustomBrandingServerObj from './kbn_core_custom_branding_server.devdocs.json';
diff --git a/api_docs/kbn_core_custom_branding_server_internal.mdx b/api_docs/kbn_core_custom_branding_server_internal.mdx
index c1b509be36d7a..0989aa2fb1b13 100644
--- a/api_docs/kbn_core_custom_branding_server_internal.mdx
+++ b/api_docs/kbn_core_custom_branding_server_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-custom-branding-server-internal
 title: "@kbn/core-custom-branding-server-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-custom-branding-server-internal plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-custom-branding-server-internal']
 ---
 import kbnCoreCustomBrandingServerInternalObj from './kbn_core_custom_branding_server_internal.devdocs.json';
diff --git a/api_docs/kbn_core_custom_branding_server_mocks.mdx b/api_docs/kbn_core_custom_branding_server_mocks.mdx
index 58a80bf9bfa88..466251c5d513f 100644
--- a/api_docs/kbn_core_custom_branding_server_mocks.mdx
+++ b/api_docs/kbn_core_custom_branding_server_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-custom-branding-server-mocks
 title: "@kbn/core-custom-branding-server-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-custom-branding-server-mocks plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-custom-branding-server-mocks']
 ---
 import kbnCoreCustomBrandingServerMocksObj from './kbn_core_custom_branding_server_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_deprecations_browser.devdocs.json b/api_docs/kbn_core_deprecations_browser.devdocs.json
index dafe27078a16e..a1485f133f34b 100644
--- a/api_docs/kbn_core_deprecations_browser.devdocs.json
+++ b/api_docs/kbn_core_deprecations_browser.devdocs.json
@@ -35,7 +35,15 @@
                 "section": "def-common.DomainDeprecationDetails",
                 "text": "DomainDeprecationDetails"
               },
-              "[]>"
+              "<",
+              {
+                "pluginId": "@kbn/core-deprecations-common",
+                "scope": "common",
+                "docId": "kibKbnCoreDeprecationsCommonPluginApi",
+                "section": "def-common.DeprecationsDetails",
+                "text": "DeprecationsDetails"
+              },
+              ">[]>"
             ],
             "path": "packages/core/deprecations/core-deprecations-browser/src/contracts.ts",
             "deprecated": false,
@@ -61,7 +69,15 @@
                 "section": "def-common.DomainDeprecationDetails",
                 "text": "DomainDeprecationDetails"
               },
-              "[]>"
+              "<",
+              {
+                "pluginId": "@kbn/core-deprecations-common",
+                "scope": "common",
+                "docId": "kibKbnCoreDeprecationsCommonPluginApi",
+                "section": "def-common.DeprecationsDetails",
+                "text": "DeprecationsDetails"
+              },
+              ">[]>"
             ],
             "path": "packages/core/deprecations/core-deprecations-browser/src/contracts.ts",
             "deprecated": false,
@@ -103,7 +119,15 @@
                 "section": "def-common.DomainDeprecationDetails",
                 "text": "DomainDeprecationDetails"
               },
-              ") => boolean"
+              "<",
+              {
+                "pluginId": "@kbn/core-deprecations-common",
+                "scope": "common",
+                "docId": "kibKbnCoreDeprecationsCommonPluginApi",
+                "section": "def-common.DeprecationsDetails",
+                "text": "DeprecationsDetails"
+              },
+              ">) => boolean"
             ],
             "path": "packages/core/deprecations/core-deprecations-browser/src/contracts.ts",
             "deprecated": false,
@@ -123,7 +147,16 @@
                     "docId": "kibKbnCoreDeprecationsCommonPluginApi",
                     "section": "def-common.DomainDeprecationDetails",
                     "text": "DomainDeprecationDetails"
-                  }
+                  },
+                  "<",
+                  {
+                    "pluginId": "@kbn/core-deprecations-common",
+                    "scope": "common",
+                    "docId": "kibKbnCoreDeprecationsCommonPluginApi",
+                    "section": "def-common.DeprecationsDetails",
+                    "text": "DeprecationsDetails"
+                  },
+                  ">"
                 ],
                 "path": "packages/core/deprecations/core-deprecations-browser/src/contracts.ts",
                 "deprecated": false,
@@ -151,7 +184,15 @@
                 "section": "def-common.DomainDeprecationDetails",
                 "text": "DomainDeprecationDetails"
               },
-              ") => Promise<",
+              "<",
+              {
+                "pluginId": "@kbn/core-deprecations-common",
+                "scope": "common",
+                "docId": "kibKbnCoreDeprecationsCommonPluginApi",
+                "section": "def-common.DeprecationsDetails",
+                "text": "DeprecationsDetails"
+              },
+              ">) => Promise<",
               {
                 "pluginId": "@kbn/core-deprecations-browser",
                 "scope": "public",
@@ -179,7 +220,16 @@
                     "docId": "kibKbnCoreDeprecationsCommonPluginApi",
                     "section": "def-common.DomainDeprecationDetails",
                     "text": "DomainDeprecationDetails"
-                  }
+                  },
+                  "<",
+                  {
+                    "pluginId": "@kbn/core-deprecations-common",
+                    "scope": "common",
+                    "docId": "kibKbnCoreDeprecationsCommonPluginApi",
+                    "section": "def-common.DeprecationsDetails",
+                    "text": "DeprecationsDetails"
+                  },
+                  ">"
                 ],
                 "path": "packages/core/deprecations/core-deprecations-browser/src/contracts.ts",
                 "deprecated": false,
diff --git a/api_docs/kbn_core_deprecations_browser.mdx b/api_docs/kbn_core_deprecations_browser.mdx
index 2ae00993441dc..4d485b0a9035b 100644
--- a/api_docs/kbn_core_deprecations_browser.mdx
+++ b/api_docs/kbn_core_deprecations_browser.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-deprecations-browser
 title: "@kbn/core-deprecations-browser"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-deprecations-browser plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-deprecations-browser']
 ---
 import kbnCoreDeprecationsBrowserObj from './kbn_core_deprecations_browser.devdocs.json';
diff --git a/api_docs/kbn_core_deprecations_browser_internal.mdx b/api_docs/kbn_core_deprecations_browser_internal.mdx
index 9242b3fdfeab4..68fc1301c2f3a 100644
--- a/api_docs/kbn_core_deprecations_browser_internal.mdx
+++ b/api_docs/kbn_core_deprecations_browser_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-deprecations-browser-internal
 title: "@kbn/core-deprecations-browser-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-deprecations-browser-internal plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-deprecations-browser-internal']
 ---
 import kbnCoreDeprecationsBrowserInternalObj from './kbn_core_deprecations_browser_internal.devdocs.json';
diff --git a/api_docs/kbn_core_deprecations_browser_mocks.mdx b/api_docs/kbn_core_deprecations_browser_mocks.mdx
index 0bf08b8931220..10bebb1a0c4ae 100644
--- a/api_docs/kbn_core_deprecations_browser_mocks.mdx
+++ b/api_docs/kbn_core_deprecations_browser_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-deprecations-browser-mocks
 title: "@kbn/core-deprecations-browser-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-deprecations-browser-mocks plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-deprecations-browser-mocks']
 ---
 import kbnCoreDeprecationsBrowserMocksObj from './kbn_core_deprecations_browser_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_deprecations_common.devdocs.json b/api_docs/kbn_core_deprecations_common.devdocs.json
index 59c42fc7e5ed2..5d0eb866c4850 100644
--- a/api_docs/kbn_core_deprecations_common.devdocs.json
+++ b/api_docs/kbn_core_deprecations_common.devdocs.json
@@ -20,6 +20,62 @@
     "classes": [],
     "functions": [],
     "interfaces": [
+      {
+        "parentPluginId": "@kbn/core-deprecations-common",
+        "id": "def-common.ApiDeprecationDetails",
+        "type": "Interface",
+        "tags": [],
+        "label": "ApiDeprecationDetails",
+        "description": [],
+        "signature": [
+          {
+            "pluginId": "@kbn/core-deprecations-common",
+            "scope": "common",
+            "docId": "kibKbnCoreDeprecationsCommonPluginApi",
+            "section": "def-common.ApiDeprecationDetails",
+            "text": "ApiDeprecationDetails"
+          },
+          " extends ",
+          {
+            "pluginId": "@kbn/core-deprecations-common",
+            "scope": "common",
+            "docId": "kibKbnCoreDeprecationsCommonPluginApi",
+            "section": "def-common.BaseDeprecationDetails",
+            "text": "BaseDeprecationDetails"
+          }
+        ],
+        "path": "packages/core/deprecations/core-deprecations-common/src/types.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "children": [
+          {
+            "parentPluginId": "@kbn/core-deprecations-common",
+            "id": "def-common.ApiDeprecationDetails.apiId",
+            "type": "string",
+            "tags": [],
+            "label": "apiId",
+            "description": [],
+            "path": "packages/core/deprecations/core-deprecations-common/src/types.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "@kbn/core-deprecations-common",
+            "id": "def-common.ApiDeprecationDetails.deprecationType",
+            "type": "string",
+            "tags": [],
+            "label": "deprecationType",
+            "description": [],
+            "signature": [
+              "\"api\""
+            ],
+            "path": "packages/core/deprecations/core-deprecations-common/src/types.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          }
+        ],
+        "initialIsOpen": false
+      },
       {
         "parentPluginId": "@kbn/core-deprecations-common",
         "id": "def-common.BaseDeprecationDetails",
@@ -227,7 +283,15 @@
                 "section": "def-common.DomainDeprecationDetails",
                 "text": "DomainDeprecationDetails"
               },
-              "[]"
+              "<",
+              {
+                "pluginId": "@kbn/core-deprecations-common",
+                "scope": "common",
+                "docId": "kibKbnCoreDeprecationsCommonPluginApi",
+                "section": "def-common.DeprecationsDetails",
+                "text": "DeprecationsDetails"
+              },
+              ">[]"
             ],
             "path": "packages/core/deprecations/core-deprecations-common/src/types.ts",
             "deprecated": false,
@@ -300,7 +364,13 @@
             "text": "ConfigDeprecationDetails"
           },
           " | ",
-          "ApiDeprecationDetails",
+          {
+            "pluginId": "@kbn/core-deprecations-common",
+            "scope": "common",
+            "docId": "kibKbnCoreDeprecationsCommonPluginApi",
+            "section": "def-common.ApiDeprecationDetails",
+            "text": "ApiDeprecationDetails"
+          },
           " | ",
           {
             "pluginId": "@kbn/core-deprecations-common",
@@ -323,14 +393,7 @@
         "label": "DomainDeprecationDetails",
         "description": [],
         "signature": [
-          {
-            "pluginId": "@kbn/core-deprecations-common",
-            "scope": "common",
-            "docId": "kibKbnCoreDeprecationsCommonPluginApi",
-            "section": "def-common.DeprecationsDetails",
-            "text": "DeprecationsDetails"
-          },
-          " & { domainId: string; }"
+          "ExtendedDetails & { domainId: string; }"
         ],
         "path": "packages/core/deprecations/core-deprecations-common/src/types.ts",
         "deprecated": false,
diff --git a/api_docs/kbn_core_deprecations_common.mdx b/api_docs/kbn_core_deprecations_common.mdx
index 1f739c5487f5f..5a5d4db5a2605 100644
--- a/api_docs/kbn_core_deprecations_common.mdx
+++ b/api_docs/kbn_core_deprecations_common.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-deprecations-common
 title: "@kbn/core-deprecations-common"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-deprecations-common plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-deprecations-common']
 ---
 import kbnCoreDeprecationsCommonObj from './kbn_core_deprecations_common.devdocs.json';
@@ -21,7 +21,7 @@ Contact [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core
 
 | Public API count  | Any count | Items lacking comments | Missing exports |
 |-------------------|-----------|------------------------|-----------------|
-| 17 | 0 | 9 | 1 |
+| 20 | 0 | 12 | 0 |
 
 ## Common
 
diff --git a/api_docs/kbn_core_deprecations_server.devdocs.json b/api_docs/kbn_core_deprecations_server.devdocs.json
index 04474ff3a07fc..7bc0576b69422 100644
--- a/api_docs/kbn_core_deprecations_server.devdocs.json
+++ b/api_docs/kbn_core_deprecations_server.devdocs.json
@@ -94,7 +94,15 @@
                 "section": "def-common.DomainDeprecationDetails",
                 "text": "DomainDeprecationDetails"
               },
-              "[]>"
+              "<",
+              {
+                "pluginId": "@kbn/core-deprecations-common",
+                "scope": "common",
+                "docId": "kibKbnCoreDeprecationsCommonPluginApi",
+                "section": "def-common.DeprecationsDetails",
+                "text": "DeprecationsDetails"
+              },
+              ">[]>"
             ],
             "path": "packages/core/deprecations/core-deprecations-server/src/request_handler_context.ts",
             "deprecated": false,
diff --git a/api_docs/kbn_core_deprecations_server.mdx b/api_docs/kbn_core_deprecations_server.mdx
index a5cccdd0d5a02..76feefc618f7d 100644
--- a/api_docs/kbn_core_deprecations_server.mdx
+++ b/api_docs/kbn_core_deprecations_server.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-deprecations-server
 title: "@kbn/core-deprecations-server"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-deprecations-server plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-deprecations-server']
 ---
 import kbnCoreDeprecationsServerObj from './kbn_core_deprecations_server.devdocs.json';
diff --git a/api_docs/kbn_core_deprecations_server_internal.mdx b/api_docs/kbn_core_deprecations_server_internal.mdx
index 551be6ea02180..d34135f853906 100644
--- a/api_docs/kbn_core_deprecations_server_internal.mdx
+++ b/api_docs/kbn_core_deprecations_server_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-deprecations-server-internal
 title: "@kbn/core-deprecations-server-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-deprecations-server-internal plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-deprecations-server-internal']
 ---
 import kbnCoreDeprecationsServerInternalObj from './kbn_core_deprecations_server_internal.devdocs.json';
diff --git a/api_docs/kbn_core_deprecations_server_mocks.mdx b/api_docs/kbn_core_deprecations_server_mocks.mdx
index 9a65ae1e2c5b9..fa053977591d5 100644
--- a/api_docs/kbn_core_deprecations_server_mocks.mdx
+++ b/api_docs/kbn_core_deprecations_server_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-deprecations-server-mocks
 title: "@kbn/core-deprecations-server-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-deprecations-server-mocks plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-deprecations-server-mocks']
 ---
 import kbnCoreDeprecationsServerMocksObj from './kbn_core_deprecations_server_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_doc_links_browser.mdx b/api_docs/kbn_core_doc_links_browser.mdx
index 4de0ca0c9cfbe..6ac899c6d2925 100644
--- a/api_docs/kbn_core_doc_links_browser.mdx
+++ b/api_docs/kbn_core_doc_links_browser.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-doc-links-browser
 title: "@kbn/core-doc-links-browser"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-doc-links-browser plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-doc-links-browser']
 ---
 import kbnCoreDocLinksBrowserObj from './kbn_core_doc_links_browser.devdocs.json';
diff --git a/api_docs/kbn_core_doc_links_browser_mocks.mdx b/api_docs/kbn_core_doc_links_browser_mocks.mdx
index 80b3e3e26641d..8b927554e1236 100644
--- a/api_docs/kbn_core_doc_links_browser_mocks.mdx
+++ b/api_docs/kbn_core_doc_links_browser_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-doc-links-browser-mocks
 title: "@kbn/core-doc-links-browser-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-doc-links-browser-mocks plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-doc-links-browser-mocks']
 ---
 import kbnCoreDocLinksBrowserMocksObj from './kbn_core_doc_links_browser_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_doc_links_server.mdx b/api_docs/kbn_core_doc_links_server.mdx
index b882e55e28682..10bef509d3bc3 100644
--- a/api_docs/kbn_core_doc_links_server.mdx
+++ b/api_docs/kbn_core_doc_links_server.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-doc-links-server
 title: "@kbn/core-doc-links-server"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-doc-links-server plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-doc-links-server']
 ---
 import kbnCoreDocLinksServerObj from './kbn_core_doc_links_server.devdocs.json';
diff --git a/api_docs/kbn_core_doc_links_server_mocks.mdx b/api_docs/kbn_core_doc_links_server_mocks.mdx
index 3c8ea9e8c4663..841d93440a777 100644
--- a/api_docs/kbn_core_doc_links_server_mocks.mdx
+++ b/api_docs/kbn_core_doc_links_server_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-doc-links-server-mocks
 title: "@kbn/core-doc-links-server-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-doc-links-server-mocks plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-doc-links-server-mocks']
 ---
 import kbnCoreDocLinksServerMocksObj from './kbn_core_doc_links_server_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_elasticsearch_client_server_internal.mdx b/api_docs/kbn_core_elasticsearch_client_server_internal.mdx
index 84df80a37f93b..8ab2a94d7e97e 100644
--- a/api_docs/kbn_core_elasticsearch_client_server_internal.mdx
+++ b/api_docs/kbn_core_elasticsearch_client_server_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-elasticsearch-client-server-internal
 title: "@kbn/core-elasticsearch-client-server-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-elasticsearch-client-server-internal plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-elasticsearch-client-server-internal']
 ---
 import kbnCoreElasticsearchClientServerInternalObj from './kbn_core_elasticsearch_client_server_internal.devdocs.json';
diff --git a/api_docs/kbn_core_elasticsearch_client_server_mocks.mdx b/api_docs/kbn_core_elasticsearch_client_server_mocks.mdx
index f50ca818415f6..19a4d3047a657 100644
--- a/api_docs/kbn_core_elasticsearch_client_server_mocks.mdx
+++ b/api_docs/kbn_core_elasticsearch_client_server_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-elasticsearch-client-server-mocks
 title: "@kbn/core-elasticsearch-client-server-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-elasticsearch-client-server-mocks plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-elasticsearch-client-server-mocks']
 ---
 import kbnCoreElasticsearchClientServerMocksObj from './kbn_core_elasticsearch_client_server_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_elasticsearch_server.mdx b/api_docs/kbn_core_elasticsearch_server.mdx
index c5826d2034756..64456c11a6534 100644
--- a/api_docs/kbn_core_elasticsearch_server.mdx
+++ b/api_docs/kbn_core_elasticsearch_server.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-elasticsearch-server
 title: "@kbn/core-elasticsearch-server"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-elasticsearch-server plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-elasticsearch-server']
 ---
 import kbnCoreElasticsearchServerObj from './kbn_core_elasticsearch_server.devdocs.json';
diff --git a/api_docs/kbn_core_elasticsearch_server_internal.mdx b/api_docs/kbn_core_elasticsearch_server_internal.mdx
index 2f73e097f7c9c..768aa0b461a09 100644
--- a/api_docs/kbn_core_elasticsearch_server_internal.mdx
+++ b/api_docs/kbn_core_elasticsearch_server_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-elasticsearch-server-internal
 title: "@kbn/core-elasticsearch-server-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-elasticsearch-server-internal plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-elasticsearch-server-internal']
 ---
 import kbnCoreElasticsearchServerInternalObj from './kbn_core_elasticsearch_server_internal.devdocs.json';
diff --git a/api_docs/kbn_core_elasticsearch_server_mocks.mdx b/api_docs/kbn_core_elasticsearch_server_mocks.mdx
index fa7781332cfaa..c11a8d3a57390 100644
--- a/api_docs/kbn_core_elasticsearch_server_mocks.mdx
+++ b/api_docs/kbn_core_elasticsearch_server_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-elasticsearch-server-mocks
 title: "@kbn/core-elasticsearch-server-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-elasticsearch-server-mocks plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-elasticsearch-server-mocks']
 ---
 import kbnCoreElasticsearchServerMocksObj from './kbn_core_elasticsearch_server_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_environment_server_internal.mdx b/api_docs/kbn_core_environment_server_internal.mdx
index 4c36b5581b46c..acefed3222cfc 100644
--- a/api_docs/kbn_core_environment_server_internal.mdx
+++ b/api_docs/kbn_core_environment_server_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-environment-server-internal
 title: "@kbn/core-environment-server-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-environment-server-internal plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-environment-server-internal']
 ---
 import kbnCoreEnvironmentServerInternalObj from './kbn_core_environment_server_internal.devdocs.json';
diff --git a/api_docs/kbn_core_environment_server_mocks.mdx b/api_docs/kbn_core_environment_server_mocks.mdx
index a0e64301bb793..7e82e3b66a5f6 100644
--- a/api_docs/kbn_core_environment_server_mocks.mdx
+++ b/api_docs/kbn_core_environment_server_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-environment-server-mocks
 title: "@kbn/core-environment-server-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-environment-server-mocks plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-environment-server-mocks']
 ---
 import kbnCoreEnvironmentServerMocksObj from './kbn_core_environment_server_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_execution_context_browser.mdx b/api_docs/kbn_core_execution_context_browser.mdx
index 6c9755570d2d5..35e22e38f645d 100644
--- a/api_docs/kbn_core_execution_context_browser.mdx
+++ b/api_docs/kbn_core_execution_context_browser.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-execution-context-browser
 title: "@kbn/core-execution-context-browser"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-execution-context-browser plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-execution-context-browser']
 ---
 import kbnCoreExecutionContextBrowserObj from './kbn_core_execution_context_browser.devdocs.json';
diff --git a/api_docs/kbn_core_execution_context_browser_internal.mdx b/api_docs/kbn_core_execution_context_browser_internal.mdx
index 127df174a3bca..f25955c1f48ca 100644
--- a/api_docs/kbn_core_execution_context_browser_internal.mdx
+++ b/api_docs/kbn_core_execution_context_browser_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-execution-context-browser-internal
 title: "@kbn/core-execution-context-browser-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-execution-context-browser-internal plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-execution-context-browser-internal']
 ---
 import kbnCoreExecutionContextBrowserInternalObj from './kbn_core_execution_context_browser_internal.devdocs.json';
diff --git a/api_docs/kbn_core_execution_context_browser_mocks.mdx b/api_docs/kbn_core_execution_context_browser_mocks.mdx
index 30d224c196688..ba91bfcb2bba3 100644
--- a/api_docs/kbn_core_execution_context_browser_mocks.mdx
+++ b/api_docs/kbn_core_execution_context_browser_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-execution-context-browser-mocks
 title: "@kbn/core-execution-context-browser-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-execution-context-browser-mocks plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-execution-context-browser-mocks']
 ---
 import kbnCoreExecutionContextBrowserMocksObj from './kbn_core_execution_context_browser_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_execution_context_common.mdx b/api_docs/kbn_core_execution_context_common.mdx
index b9c20af8150dc..a79903e7d0e4f 100644
--- a/api_docs/kbn_core_execution_context_common.mdx
+++ b/api_docs/kbn_core_execution_context_common.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-execution-context-common
 title: "@kbn/core-execution-context-common"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-execution-context-common plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-execution-context-common']
 ---
 import kbnCoreExecutionContextCommonObj from './kbn_core_execution_context_common.devdocs.json';
diff --git a/api_docs/kbn_core_execution_context_server.mdx b/api_docs/kbn_core_execution_context_server.mdx
index d47ddada7166f..321912c2693f1 100644
--- a/api_docs/kbn_core_execution_context_server.mdx
+++ b/api_docs/kbn_core_execution_context_server.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-execution-context-server
 title: "@kbn/core-execution-context-server"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-execution-context-server plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-execution-context-server']
 ---
 import kbnCoreExecutionContextServerObj from './kbn_core_execution_context_server.devdocs.json';
diff --git a/api_docs/kbn_core_execution_context_server_internal.mdx b/api_docs/kbn_core_execution_context_server_internal.mdx
index 6ee19e86b582d..519b030eaadb5 100644
--- a/api_docs/kbn_core_execution_context_server_internal.mdx
+++ b/api_docs/kbn_core_execution_context_server_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-execution-context-server-internal
 title: "@kbn/core-execution-context-server-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-execution-context-server-internal plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-execution-context-server-internal']
 ---
 import kbnCoreExecutionContextServerInternalObj from './kbn_core_execution_context_server_internal.devdocs.json';
diff --git a/api_docs/kbn_core_execution_context_server_mocks.mdx b/api_docs/kbn_core_execution_context_server_mocks.mdx
index 310c9bf7bd3ef..69aa11bd7f0a7 100644
--- a/api_docs/kbn_core_execution_context_server_mocks.mdx
+++ b/api_docs/kbn_core_execution_context_server_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-execution-context-server-mocks
 title: "@kbn/core-execution-context-server-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-execution-context-server-mocks plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-execution-context-server-mocks']
 ---
 import kbnCoreExecutionContextServerMocksObj from './kbn_core_execution_context_server_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_fatal_errors_browser.mdx b/api_docs/kbn_core_fatal_errors_browser.mdx
index 679920d6b3dbc..3df1747c4b552 100644
--- a/api_docs/kbn_core_fatal_errors_browser.mdx
+++ b/api_docs/kbn_core_fatal_errors_browser.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-fatal-errors-browser
 title: "@kbn/core-fatal-errors-browser"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-fatal-errors-browser plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-fatal-errors-browser']
 ---
 import kbnCoreFatalErrorsBrowserObj from './kbn_core_fatal_errors_browser.devdocs.json';
diff --git a/api_docs/kbn_core_fatal_errors_browser_mocks.mdx b/api_docs/kbn_core_fatal_errors_browser_mocks.mdx
index 3e0bfcaa83047..b6328d432d635 100644
--- a/api_docs/kbn_core_fatal_errors_browser_mocks.mdx
+++ b/api_docs/kbn_core_fatal_errors_browser_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-fatal-errors-browser-mocks
 title: "@kbn/core-fatal-errors-browser-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-fatal-errors-browser-mocks plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-fatal-errors-browser-mocks']
 ---
 import kbnCoreFatalErrorsBrowserMocksObj from './kbn_core_fatal_errors_browser_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_feature_flags_browser.mdx b/api_docs/kbn_core_feature_flags_browser.mdx
index 793b33b79ab0e..4b4aad329fb4e 100644
--- a/api_docs/kbn_core_feature_flags_browser.mdx
+++ b/api_docs/kbn_core_feature_flags_browser.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-feature-flags-browser
 title: "@kbn/core-feature-flags-browser"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-feature-flags-browser plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-feature-flags-browser']
 ---
 import kbnCoreFeatureFlagsBrowserObj from './kbn_core_feature_flags_browser.devdocs.json';
diff --git a/api_docs/kbn_core_feature_flags_browser_internal.mdx b/api_docs/kbn_core_feature_flags_browser_internal.mdx
index db78d3fe60e69..00b41f398ff3f 100644
--- a/api_docs/kbn_core_feature_flags_browser_internal.mdx
+++ b/api_docs/kbn_core_feature_flags_browser_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-feature-flags-browser-internal
 title: "@kbn/core-feature-flags-browser-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-feature-flags-browser-internal plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-feature-flags-browser-internal']
 ---
 import kbnCoreFeatureFlagsBrowserInternalObj from './kbn_core_feature_flags_browser_internal.devdocs.json';
diff --git a/api_docs/kbn_core_feature_flags_browser_mocks.mdx b/api_docs/kbn_core_feature_flags_browser_mocks.mdx
index 7d1fa5abe7686..2873104dca4f4 100644
--- a/api_docs/kbn_core_feature_flags_browser_mocks.mdx
+++ b/api_docs/kbn_core_feature_flags_browser_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-feature-flags-browser-mocks
 title: "@kbn/core-feature-flags-browser-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-feature-flags-browser-mocks plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-feature-flags-browser-mocks']
 ---
 import kbnCoreFeatureFlagsBrowserMocksObj from './kbn_core_feature_flags_browser_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_feature_flags_server.mdx b/api_docs/kbn_core_feature_flags_server.mdx
index bbde0e51faadb..5ac4b39f155bd 100644
--- a/api_docs/kbn_core_feature_flags_server.mdx
+++ b/api_docs/kbn_core_feature_flags_server.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-feature-flags-server
 title: "@kbn/core-feature-flags-server"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-feature-flags-server plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-feature-flags-server']
 ---
 import kbnCoreFeatureFlagsServerObj from './kbn_core_feature_flags_server.devdocs.json';
diff --git a/api_docs/kbn_core_feature_flags_server_internal.mdx b/api_docs/kbn_core_feature_flags_server_internal.mdx
index a8258021ff782..8141a294839c3 100644
--- a/api_docs/kbn_core_feature_flags_server_internal.mdx
+++ b/api_docs/kbn_core_feature_flags_server_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-feature-flags-server-internal
 title: "@kbn/core-feature-flags-server-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-feature-flags-server-internal plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-feature-flags-server-internal']
 ---
 import kbnCoreFeatureFlagsServerInternalObj from './kbn_core_feature_flags_server_internal.devdocs.json';
diff --git a/api_docs/kbn_core_feature_flags_server_mocks.mdx b/api_docs/kbn_core_feature_flags_server_mocks.mdx
index e91372be66864..47437cab5ef3a 100644
--- a/api_docs/kbn_core_feature_flags_server_mocks.mdx
+++ b/api_docs/kbn_core_feature_flags_server_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-feature-flags-server-mocks
 title: "@kbn/core-feature-flags-server-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-feature-flags-server-mocks plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-feature-flags-server-mocks']
 ---
 import kbnCoreFeatureFlagsServerMocksObj from './kbn_core_feature_flags_server_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_http_browser.mdx b/api_docs/kbn_core_http_browser.mdx
index db7d253044782..ed5c3e930b27f 100644
--- a/api_docs/kbn_core_http_browser.mdx
+++ b/api_docs/kbn_core_http_browser.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-browser
 title: "@kbn/core-http-browser"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-http-browser plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-browser']
 ---
 import kbnCoreHttpBrowserObj from './kbn_core_http_browser.devdocs.json';
diff --git a/api_docs/kbn_core_http_browser_internal.mdx b/api_docs/kbn_core_http_browser_internal.mdx
index 10cbd80fa71e6..134e231ddae78 100644
--- a/api_docs/kbn_core_http_browser_internal.mdx
+++ b/api_docs/kbn_core_http_browser_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-browser-internal
 title: "@kbn/core-http-browser-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-http-browser-internal plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-browser-internal']
 ---
 import kbnCoreHttpBrowserInternalObj from './kbn_core_http_browser_internal.devdocs.json';
diff --git a/api_docs/kbn_core_http_browser_mocks.mdx b/api_docs/kbn_core_http_browser_mocks.mdx
index 9e0719fd6226d..3cd4d19aa3a48 100644
--- a/api_docs/kbn_core_http_browser_mocks.mdx
+++ b/api_docs/kbn_core_http_browser_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-browser-mocks
 title: "@kbn/core-http-browser-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-http-browser-mocks plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-browser-mocks']
 ---
 import kbnCoreHttpBrowserMocksObj from './kbn_core_http_browser_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_http_common.mdx b/api_docs/kbn_core_http_common.mdx
index f0cbb937bd0fc..72fcec8879580 100644
--- a/api_docs/kbn_core_http_common.mdx
+++ b/api_docs/kbn_core_http_common.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-common
 title: "@kbn/core-http-common"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-http-common plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-common']
 ---
 import kbnCoreHttpCommonObj from './kbn_core_http_common.devdocs.json';
diff --git a/api_docs/kbn_core_http_context_server_mocks.mdx b/api_docs/kbn_core_http_context_server_mocks.mdx
index 22a6fb73a4aea..24cf8fc09cf44 100644
--- a/api_docs/kbn_core_http_context_server_mocks.mdx
+++ b/api_docs/kbn_core_http_context_server_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-context-server-mocks
 title: "@kbn/core-http-context-server-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-http-context-server-mocks plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-context-server-mocks']
 ---
 import kbnCoreHttpContextServerMocksObj from './kbn_core_http_context_server_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_http_request_handler_context_server.mdx b/api_docs/kbn_core_http_request_handler_context_server.mdx
index 555a50af31ce1..6de3156b8cf03 100644
--- a/api_docs/kbn_core_http_request_handler_context_server.mdx
+++ b/api_docs/kbn_core_http_request_handler_context_server.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-request-handler-context-server
 title: "@kbn/core-http-request-handler-context-server"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-http-request-handler-context-server plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-request-handler-context-server']
 ---
 import kbnCoreHttpRequestHandlerContextServerObj from './kbn_core_http_request_handler_context_server.devdocs.json';
diff --git a/api_docs/kbn_core_http_resources_server.mdx b/api_docs/kbn_core_http_resources_server.mdx
index a5a3777f62ce2..9433226251fd1 100644
--- a/api_docs/kbn_core_http_resources_server.mdx
+++ b/api_docs/kbn_core_http_resources_server.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-resources-server
 title: "@kbn/core-http-resources-server"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-http-resources-server plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-resources-server']
 ---
 import kbnCoreHttpResourcesServerObj from './kbn_core_http_resources_server.devdocs.json';
diff --git a/api_docs/kbn_core_http_resources_server_internal.mdx b/api_docs/kbn_core_http_resources_server_internal.mdx
index 8a68b71510141..f82e3da0677fd 100644
--- a/api_docs/kbn_core_http_resources_server_internal.mdx
+++ b/api_docs/kbn_core_http_resources_server_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-resources-server-internal
 title: "@kbn/core-http-resources-server-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-http-resources-server-internal plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-resources-server-internal']
 ---
 import kbnCoreHttpResourcesServerInternalObj from './kbn_core_http_resources_server_internal.devdocs.json';
diff --git a/api_docs/kbn_core_http_resources_server_mocks.mdx b/api_docs/kbn_core_http_resources_server_mocks.mdx
index 1e3c7b50cb546..e719c5fe02dcd 100644
--- a/api_docs/kbn_core_http_resources_server_mocks.mdx
+++ b/api_docs/kbn_core_http_resources_server_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-resources-server-mocks
 title: "@kbn/core-http-resources-server-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-http-resources-server-mocks plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-resources-server-mocks']
 ---
 import kbnCoreHttpResourcesServerMocksObj from './kbn_core_http_resources_server_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_http_router_server_internal.mdx b/api_docs/kbn_core_http_router_server_internal.mdx
index 02094a11da015..bfffda01af8d4 100644
--- a/api_docs/kbn_core_http_router_server_internal.mdx
+++ b/api_docs/kbn_core_http_router_server_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-router-server-internal
 title: "@kbn/core-http-router-server-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-http-router-server-internal plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-router-server-internal']
 ---
 import kbnCoreHttpRouterServerInternalObj from './kbn_core_http_router_server_internal.devdocs.json';
diff --git a/api_docs/kbn_core_http_router_server_mocks.mdx b/api_docs/kbn_core_http_router_server_mocks.mdx
index 4e72693fbcae2..cb8dd2bc43c77 100644
--- a/api_docs/kbn_core_http_router_server_mocks.mdx
+++ b/api_docs/kbn_core_http_router_server_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-router-server-mocks
 title: "@kbn/core-http-router-server-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-http-router-server-mocks plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-router-server-mocks']
 ---
 import kbnCoreHttpRouterServerMocksObj from './kbn_core_http_router_server_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_http_server.devdocs.json b/api_docs/kbn_core_http_server.devdocs.json
index 8211b20d63c72..3c8f746e5dd97 100644
--- a/api_docs/kbn_core_http_server.devdocs.json
+++ b/api_docs/kbn_core_http_server.devdocs.json
@@ -2340,7 +2340,7 @@
             "tags": [],
             "label": "getDeprecatedRoutes",
             "description": [
-              "\nProvides a list of all registered deprecated routes {{@link RouterDeprecatedRouteDetails | information}}.\nThe routers will be evaluated everytime this function gets called to\naccommodate for any late route registrations"
+              "\nProvides a list of all registered deprecated routes {{@link RouterDeprecatedApiDetails | information}}.\nThe routers will be evaluated everytime this function gets called to\naccommodate for any late route registrations"
             ],
             "signature": [
               "() => ",
@@ -2348,8 +2348,8 @@
                 "pluginId": "@kbn/core-http-server",
                 "scope": "server",
                 "docId": "kibKbnCoreHttpServerPluginApi",
-                "section": "def-server.RouterDeprecatedRouteDetails",
-                "text": "RouterDeprecatedRouteDetails"
+                "section": "def-server.RouterDeprecatedApiDetails",
+                "text": "RouterDeprecatedApiDetails"
               },
               "[]"
             ],
@@ -12902,6 +12902,65 @@
         ],
         "initialIsOpen": false
       },
+      {
+        "parentPluginId": "@kbn/core-http-server",
+        "id": "def-server.PostValidationMetadata",
+        "type": "Interface",
+        "tags": [],
+        "label": "PostValidationMetadata",
+        "description": [
+          "\nPost Validation Route emitter metadata."
+        ],
+        "path": "packages/core/http/core-http-server/src/router/route.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "children": [
+          {
+            "parentPluginId": "@kbn/core-http-server",
+            "id": "def-server.PostValidationMetadata.deprecated",
+            "type": "Object",
+            "tags": [],
+            "label": "deprecated",
+            "description": [],
+            "signature": [
+              {
+                "pluginId": "@kbn/core-http-server",
+                "scope": "server",
+                "docId": "kibKbnCoreHttpServerPluginApi",
+                "section": "def-server.RouteDeprecationInfo",
+                "text": "RouteDeprecationInfo"
+              },
+              " | undefined"
+            ],
+            "path": "packages/core/http/core-http-server/src/router/route.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "@kbn/core-http-server",
+            "id": "def-server.PostValidationMetadata.isInternalApiRequest",
+            "type": "boolean",
+            "tags": [],
+            "label": "isInternalApiRequest",
+            "description": [],
+            "path": "packages/core/http/core-http-server/src/router/route.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "@kbn/core-http-server",
+            "id": "def-server.PostValidationMetadata.isPublicAccess",
+            "type": "boolean",
+            "tags": [],
+            "label": "isPublicAccess",
+            "description": [],
+            "path": "packages/core/http/core-http-server/src/router/route.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          }
+        ],
+        "initialIsOpen": false
+      },
       {
         "parentPluginId": "@kbn/core-http-server",
         "id": "def-server.PrivilegeSet",
@@ -13589,10 +13648,76 @@
       },
       {
         "parentPluginId": "@kbn/core-http-server",
-        "id": "def-server.RouterDeprecatedRouteDetails",
+        "id": "def-server.RouterAccessDeprecatedApiDetails",
+        "type": "Interface",
+        "tags": [],
+        "label": "RouterAccessDeprecatedApiDetails",
+        "description": [],
+        "signature": [
+          {
+            "pluginId": "@kbn/core-http-server",
+            "scope": "server",
+            "docId": "kibKbnCoreHttpServerPluginApi",
+            "section": "def-server.RouterAccessDeprecatedApiDetails",
+            "text": "RouterAccessDeprecatedApiDetails"
+          },
+          " extends ",
+          {
+            "pluginId": "@kbn/core-http-server",
+            "scope": "server",
+            "docId": "kibKbnCoreHttpServerPluginApi",
+            "section": "def-server.RouterDeprecatedApiDetails",
+            "text": "RouterDeprecatedApiDetails"
+          }
+        ],
+        "path": "packages/core/http/core-http-server/src/router/router.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "children": [
+          {
+            "parentPluginId": "@kbn/core-http-server",
+            "id": "def-server.RouterAccessDeprecatedApiDetails.routeAccess",
+            "type": "string",
+            "tags": [],
+            "label": "routeAccess",
+            "description": [],
+            "signature": [
+              "\"internal\""
+            ],
+            "path": "packages/core/http/core-http-server/src/router/router.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "@kbn/core-http-server",
+            "id": "def-server.RouterAccessDeprecatedApiDetails.routeDeprecationOptions",
+            "type": "Object",
+            "tags": [],
+            "label": "routeDeprecationOptions",
+            "description": [],
+            "signature": [
+              {
+                "pluginId": "@kbn/core-http-server",
+                "scope": "server",
+                "docId": "kibKbnCoreHttpServerPluginApi",
+                "section": "def-server.RouteDeprecationInfo",
+                "text": "RouteDeprecationInfo"
+              },
+              " | undefined"
+            ],
+            "path": "packages/core/http/core-http-server/src/router/router.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          }
+        ],
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/core-http-server",
+        "id": "def-server.RouterDeprecatedApiDetails",
         "type": "Interface",
         "tags": [],
-        "label": "RouterDeprecatedRouteDetails",
+        "label": "RouterDeprecatedApiDetails",
         "description": [],
         "path": "packages/core/http/core-http-server/src/router/router.ts",
         "deprecated": false,
@@ -13600,7 +13725,7 @@
         "children": [
           {
             "parentPluginId": "@kbn/core-http-server",
-            "id": "def-server.RouterDeprecatedRouteDetails.routeDeprecationOptions",
+            "id": "def-server.RouterDeprecatedApiDetails.routeDeprecationOptions",
             "type": "Object",
             "tags": [],
             "label": "routeDeprecationOptions",
@@ -13612,7 +13737,8 @@
                 "docId": "kibKbnCoreHttpServerPluginApi",
                 "section": "def-server.RouteDeprecationInfo",
                 "text": "RouteDeprecationInfo"
-              }
+              },
+              " | undefined"
             ],
             "path": "packages/core/http/core-http-server/src/router/router.ts",
             "deprecated": false,
@@ -13620,7 +13746,7 @@
           },
           {
             "parentPluginId": "@kbn/core-http-server",
-            "id": "def-server.RouterDeprecatedRouteDetails.routeMethod",
+            "id": "def-server.RouterDeprecatedApiDetails.routeMethod",
             "type": "CompoundType",
             "tags": [],
             "label": "routeMethod",
@@ -13648,7 +13774,7 @@
           },
           {
             "parentPluginId": "@kbn/core-http-server",
-            "id": "def-server.RouterDeprecatedRouteDetails.routePath",
+            "id": "def-server.RouterDeprecatedApiDetails.routePath",
             "type": "string",
             "tags": [],
             "label": "routePath",
@@ -13659,7 +13785,7 @@
           },
           {
             "parentPluginId": "@kbn/core-http-server",
-            "id": "def-server.RouterDeprecatedRouteDetails.routeVersion",
+            "id": "def-server.RouterDeprecatedApiDetails.routeVersion",
             "type": "string",
             "tags": [],
             "label": "routeVersion",
@@ -13670,6 +13796,27 @@
             "path": "packages/core/http/core-http-server/src/router/router.ts",
             "deprecated": false,
             "trackAdoption": false
+          },
+          {
+            "parentPluginId": "@kbn/core-http-server",
+            "id": "def-server.RouterDeprecatedApiDetails.routeAccess",
+            "type": "CompoundType",
+            "tags": [],
+            "label": "routeAccess",
+            "description": [],
+            "signature": [
+              {
+                "pluginId": "@kbn/core-http-server",
+                "scope": "server",
+                "docId": "kibKbnCoreHttpServerPluginApi",
+                "section": "def-server.RouteAccess",
+                "text": "RouteAccess"
+              },
+              " | undefined"
+            ],
+            "path": "packages/core/http/core-http-server/src/router/router.ts",
+            "deprecated": false,
+            "trackAdoption": false
           }
         ],
         "initialIsOpen": false
@@ -13883,6 +14030,71 @@
         ],
         "initialIsOpen": false
       },
+      {
+        "parentPluginId": "@kbn/core-http-server",
+        "id": "def-server.RouterRouteDeprecatedApiDetails",
+        "type": "Interface",
+        "tags": [],
+        "label": "RouterRouteDeprecatedApiDetails",
+        "description": [],
+        "signature": [
+          {
+            "pluginId": "@kbn/core-http-server",
+            "scope": "server",
+            "docId": "kibKbnCoreHttpServerPluginApi",
+            "section": "def-server.RouterRouteDeprecatedApiDetails",
+            "text": "RouterRouteDeprecatedApiDetails"
+          },
+          " extends ",
+          {
+            "pluginId": "@kbn/core-http-server",
+            "scope": "server",
+            "docId": "kibKbnCoreHttpServerPluginApi",
+            "section": "def-server.RouterDeprecatedApiDetails",
+            "text": "RouterDeprecatedApiDetails"
+          }
+        ],
+        "path": "packages/core/http/core-http-server/src/router/router.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "children": [
+          {
+            "parentPluginId": "@kbn/core-http-server",
+            "id": "def-server.RouterRouteDeprecatedApiDetails.routeAccess",
+            "type": "string",
+            "tags": [],
+            "label": "routeAccess",
+            "description": [],
+            "signature": [
+              "\"public\""
+            ],
+            "path": "packages/core/http/core-http-server/src/router/router.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "@kbn/core-http-server",
+            "id": "def-server.RouterRouteDeprecatedApiDetails.routeDeprecationOptions",
+            "type": "Object",
+            "tags": [],
+            "label": "routeDeprecationOptions",
+            "description": [],
+            "signature": [
+              {
+                "pluginId": "@kbn/core-http-server",
+                "scope": "server",
+                "docId": "kibKbnCoreHttpServerPluginApi",
+                "section": "def-server.RouteDeprecationInfo",
+                "text": "RouteDeprecationInfo"
+              }
+            ],
+            "path": "packages/core/http/core-http-server/src/router/router.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          }
+        ],
+        "initialIsOpen": false
+      },
       {
         "parentPluginId": "@kbn/core-http-server",
         "id": "def-server.RouteSecurity",
@@ -13908,16 +14120,16 @@
                 "pluginId": "@kbn/core-http-server",
                 "scope": "server",
                 "docId": "kibKbnCoreHttpServerPluginApi",
-                "section": "def-server.AuthzDisabled",
-                "text": "AuthzDisabled"
+                "section": "def-server.AuthzEnabled",
+                "text": "AuthzEnabled"
               },
               " | ",
               {
                 "pluginId": "@kbn/core-http-server",
                 "scope": "server",
                 "docId": "kibKbnCoreHttpServerPluginApi",
-                "section": "def-server.AuthzEnabled",
-                "text": "AuthzEnabled"
+                "section": "def-server.AuthzDisabled",
+                "text": "AuthzDisabled"
               }
             ],
             "path": "packages/core/http/core-http-server/src/router/route.ts",
@@ -15812,14 +16024,6 @@
                 "plugin": "securitySolution",
                 "path": "x-pack/plugins/security_solution/server/endpoint/routes/metadata/index.ts"
               },
-              {
-                "plugin": "securitySolution",
-                "path": "x-pack/plugins/security_solution/server/endpoint/routes/metadata/index.ts"
-              },
-              {
-                "plugin": "securitySolution",
-                "path": "x-pack/plugins/security_solution/server/endpoint/routes/policy/index.ts"
-              },
               {
                 "plugin": "securitySolution",
                 "path": "x-pack/plugins/security_solution/server/endpoint/routes/policy/index.ts"
@@ -15844,10 +16048,6 @@
                 "plugin": "securitySolution",
                 "path": "x-pack/plugins/security_solution/server/endpoint/routes/actions/state.ts"
               },
-              {
-                "plugin": "securitySolution",
-                "path": "x-pack/plugins/security_solution/server/endpoint/routes/actions/audit_log.ts"
-              },
               {
                 "plugin": "securitySolution",
                 "path": "x-pack/plugins/security_solution/server/endpoint/routes/actions/list.ts"
@@ -16630,6 +16830,10 @@
                 "plugin": "dataVisualizer",
                 "path": "x-pack/plugins/data_visualizer/server/routes.ts"
               },
+              {
+                "plugin": "dataVisualizer",
+                "path": "x-pack/plugins/data_visualizer/server/routes.ts"
+              },
               {
                 "plugin": "ecsDataQualityDashboard",
                 "path": "x-pack/plugins/ecs_data_quality_dashboard/server/routes/get_unallowed_field_values.ts"
@@ -17374,18 +17578,6 @@
                 "plugin": "securitySolution",
                 "path": "x-pack/plugins/security_solution/server/endpoint/routes/actions/response_actions.ts"
               },
-              {
-                "plugin": "securitySolution",
-                "path": "x-pack/plugins/security_solution/server/endpoint/routes/actions/response_actions.ts"
-              },
-              {
-                "plugin": "securitySolution",
-                "path": "x-pack/plugins/security_solution/server/endpoint/routes/actions/response_actions.ts"
-              },
-              {
-                "plugin": "securitySolution",
-                "path": "x-pack/plugins/security_solution/server/endpoint/routes/suggestions/index.ts"
-              },
               {
                 "plugin": "securitySolution",
                 "path": "x-pack/plugins/security_solution/server/endpoint/routes/suggestions/index.ts"
@@ -17948,10 +18140,6 @@
                 "plugin": "securitySolution",
                 "path": "x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/routes/delete.ts"
               },
-              {
-                "plugin": "elasticAssistant",
-                "path": "x-pack/plugins/elastic_assistant/server/routes/knowledge_base/delete_knowledge_base.ts"
-              },
               {
                 "plugin": "synthetics",
                 "path": "x-pack/plugins/observability_solution/synthetics/server/server.ts"
@@ -20483,16 +20671,16 @@
             "pluginId": "@kbn/core-http-server",
             "scope": "server",
             "docId": "kibKbnCoreHttpServerPluginApi",
-            "section": "def-server.AuthzDisabled",
-            "text": "AuthzDisabled"
+            "section": "def-server.AuthzEnabled",
+            "text": "AuthzEnabled"
           },
           " | ",
           {
             "pluginId": "@kbn/core-http-server",
             "scope": "server",
             "docId": "kibKbnCoreHttpServerPluginApi",
-            "section": "def-server.AuthzEnabled",
-            "text": "AuthzEnabled"
+            "section": "def-server.AuthzDisabled",
+            "text": "AuthzDisabled"
           }
         ],
         "path": "packages/core/http/core-http-server/src/router/route.ts",
diff --git a/api_docs/kbn_core_http_server.mdx b/api_docs/kbn_core_http_server.mdx
index c383d3d6e1964..e93a92c6849fa 100644
--- a/api_docs/kbn_core_http_server.mdx
+++ b/api_docs/kbn_core_http_server.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-server
 title: "@kbn/core-http-server"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-http-server plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-server']
 ---
 import kbnCoreHttpServerObj from './kbn_core_http_server.devdocs.json';
@@ -21,7 +21,7 @@ Contact [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core
 
 | Public API count  | Any count | Items lacking comments | Missing exports |
 |-------------------|-----------|------------------------|-----------------|
-| 557 | 2 | 232 | 0 |
+| 568 | 2 | 242 | 0 |
 
 ## Server
 
diff --git a/api_docs/kbn_core_http_server_internal.mdx b/api_docs/kbn_core_http_server_internal.mdx
index 83ee885d5b209..440a26d036381 100644
--- a/api_docs/kbn_core_http_server_internal.mdx
+++ b/api_docs/kbn_core_http_server_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-server-internal
 title: "@kbn/core-http-server-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-http-server-internal plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-server-internal']
 ---
 import kbnCoreHttpServerInternalObj from './kbn_core_http_server_internal.devdocs.json';
diff --git a/api_docs/kbn_core_http_server_mocks.devdocs.json b/api_docs/kbn_core_http_server_mocks.devdocs.json
index 4943ddf7d824d..5e2d0f91e58c4 100644
--- a/api_docs/kbn_core_http_server_mocks.devdocs.json
+++ b/api_docs/kbn_core_http_server_mocks.devdocs.json
@@ -337,8 +337,8 @@
             "pluginId": "@kbn/core-http-server",
             "scope": "server",
             "docId": "kibKbnCoreHttpServerPluginApi",
-            "section": "def-server.RouterDeprecatedRouteDetails",
-            "text": "RouterDeprecatedRouteDetails"
+            "section": "def-server.RouterDeprecatedApiDetails",
+            "text": "RouterDeprecatedApiDetails"
           },
           "[], [], unknown>; } & Omit<",
           {
@@ -632,20 +632,20 @@
             "pluginId": "@kbn/core-http-server",
             "scope": "server",
             "docId": "kibKbnCoreHttpServerPluginApi",
-            "section": "def-server.RouterDeprecatedRouteDetails",
-            "text": "RouterDeprecatedRouteDetails"
+            "section": "def-server.RouterDeprecatedApiDetails",
+            "text": "RouterDeprecatedApiDetails"
           },
           "[], [], unknown>; registerOnPostValidation: jest.MockInstance<void, [cb: (req: ",
           "CoreKibanaRequest",
-          "<unknown, unknown, unknown, any>, metadata: { deprecated: ",
+          "<unknown, unknown, unknown, any>, metadata: ",
           {
             "pluginId": "@kbn/core-http-server",
             "scope": "server",
             "docId": "kibKbnCoreHttpServerPluginApi",
-            "section": "def-server.RouteDeprecationInfo",
-            "text": "RouteDeprecationInfo"
+            "section": "def-server.PostValidationMetadata",
+            "text": "PostValidationMetadata"
           },
-          "; }) => void], unknown>; registerRouterAfterListening: jest.MockInstance<void, [router: ",
+          ") => void], unknown>; registerRouterAfterListening: jest.MockInstance<void, [router: ",
           {
             "pluginId": "@kbn/core-http-server",
             "scope": "server",
@@ -666,8 +666,8 @@
             "pluginId": "@kbn/core-http-server",
             "scope": "server",
             "docId": "kibKbnCoreHttpServerPluginApi",
-            "section": "def-server.RouterDeprecatedRouteDetails",
-            "text": "RouterDeprecatedRouteDetails"
+            "section": "def-server.RouterDeprecatedApiDetails",
+            "text": "RouterDeprecatedApiDetails"
           },
           "[], [], unknown>; } & Omit<",
           "InternalHttpServiceSetup",
diff --git a/api_docs/kbn_core_http_server_mocks.mdx b/api_docs/kbn_core_http_server_mocks.mdx
index a4b726599b132..c6374830657d2 100644
--- a/api_docs/kbn_core_http_server_mocks.mdx
+++ b/api_docs/kbn_core_http_server_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-server-mocks
 title: "@kbn/core-http-server-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-http-server-mocks plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-server-mocks']
 ---
 import kbnCoreHttpServerMocksObj from './kbn_core_http_server_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_i18n_browser.mdx b/api_docs/kbn_core_i18n_browser.mdx
index 05cc2952a4afc..f4568682219e9 100644
--- a/api_docs/kbn_core_i18n_browser.mdx
+++ b/api_docs/kbn_core_i18n_browser.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-i18n-browser
 title: "@kbn/core-i18n-browser"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-i18n-browser plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-i18n-browser']
 ---
 import kbnCoreI18nBrowserObj from './kbn_core_i18n_browser.devdocs.json';
diff --git a/api_docs/kbn_core_i18n_browser_mocks.mdx b/api_docs/kbn_core_i18n_browser_mocks.mdx
index f1b51bcfa87a1..49cd61e5f7ae3 100644
--- a/api_docs/kbn_core_i18n_browser_mocks.mdx
+++ b/api_docs/kbn_core_i18n_browser_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-i18n-browser-mocks
 title: "@kbn/core-i18n-browser-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-i18n-browser-mocks plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-i18n-browser-mocks']
 ---
 import kbnCoreI18nBrowserMocksObj from './kbn_core_i18n_browser_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_i18n_server.mdx b/api_docs/kbn_core_i18n_server.mdx
index a65144f8ba302..5cdd400da7c3b 100644
--- a/api_docs/kbn_core_i18n_server.mdx
+++ b/api_docs/kbn_core_i18n_server.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-i18n-server
 title: "@kbn/core-i18n-server"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-i18n-server plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-i18n-server']
 ---
 import kbnCoreI18nServerObj from './kbn_core_i18n_server.devdocs.json';
diff --git a/api_docs/kbn_core_i18n_server_internal.mdx b/api_docs/kbn_core_i18n_server_internal.mdx
index adc74ef1f06dc..399b9ca09a891 100644
--- a/api_docs/kbn_core_i18n_server_internal.mdx
+++ b/api_docs/kbn_core_i18n_server_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-i18n-server-internal
 title: "@kbn/core-i18n-server-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-i18n-server-internal plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-i18n-server-internal']
 ---
 import kbnCoreI18nServerInternalObj from './kbn_core_i18n_server_internal.devdocs.json';
diff --git a/api_docs/kbn_core_i18n_server_mocks.mdx b/api_docs/kbn_core_i18n_server_mocks.mdx
index 11894e83ad03a..ed629e8690e5c 100644
--- a/api_docs/kbn_core_i18n_server_mocks.mdx
+++ b/api_docs/kbn_core_i18n_server_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-i18n-server-mocks
 title: "@kbn/core-i18n-server-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-i18n-server-mocks plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-i18n-server-mocks']
 ---
 import kbnCoreI18nServerMocksObj from './kbn_core_i18n_server_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_injected_metadata_browser_mocks.mdx b/api_docs/kbn_core_injected_metadata_browser_mocks.mdx
index 55bc934440b3b..e4a1c7253ef76 100644
--- a/api_docs/kbn_core_injected_metadata_browser_mocks.mdx
+++ b/api_docs/kbn_core_injected_metadata_browser_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-injected-metadata-browser-mocks
 title: "@kbn/core-injected-metadata-browser-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-injected-metadata-browser-mocks plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-injected-metadata-browser-mocks']
 ---
 import kbnCoreInjectedMetadataBrowserMocksObj from './kbn_core_injected_metadata_browser_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_integrations_browser_internal.mdx b/api_docs/kbn_core_integrations_browser_internal.mdx
index 54c00e630fb75..6ead8021ac7ea 100644
--- a/api_docs/kbn_core_integrations_browser_internal.mdx
+++ b/api_docs/kbn_core_integrations_browser_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-integrations-browser-internal
 title: "@kbn/core-integrations-browser-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-integrations-browser-internal plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-integrations-browser-internal']
 ---
 import kbnCoreIntegrationsBrowserInternalObj from './kbn_core_integrations_browser_internal.devdocs.json';
diff --git a/api_docs/kbn_core_integrations_browser_mocks.mdx b/api_docs/kbn_core_integrations_browser_mocks.mdx
index 63f3d37559beb..9aefc5877e330 100644
--- a/api_docs/kbn_core_integrations_browser_mocks.mdx
+++ b/api_docs/kbn_core_integrations_browser_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-integrations-browser-mocks
 title: "@kbn/core-integrations-browser-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-integrations-browser-mocks plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-integrations-browser-mocks']
 ---
 import kbnCoreIntegrationsBrowserMocksObj from './kbn_core_integrations_browser_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_lifecycle_browser.mdx b/api_docs/kbn_core_lifecycle_browser.mdx
index 40bd1317d3c24..ae62b59daf1e8 100644
--- a/api_docs/kbn_core_lifecycle_browser.mdx
+++ b/api_docs/kbn_core_lifecycle_browser.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-lifecycle-browser
 title: "@kbn/core-lifecycle-browser"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-lifecycle-browser plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-lifecycle-browser']
 ---
 import kbnCoreLifecycleBrowserObj from './kbn_core_lifecycle_browser.devdocs.json';
diff --git a/api_docs/kbn_core_lifecycle_browser_mocks.mdx b/api_docs/kbn_core_lifecycle_browser_mocks.mdx
index b4ea8da0ef01d..14724cc59a85c 100644
--- a/api_docs/kbn_core_lifecycle_browser_mocks.mdx
+++ b/api_docs/kbn_core_lifecycle_browser_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-lifecycle-browser-mocks
 title: "@kbn/core-lifecycle-browser-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-lifecycle-browser-mocks plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-lifecycle-browser-mocks']
 ---
 import kbnCoreLifecycleBrowserMocksObj from './kbn_core_lifecycle_browser_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_lifecycle_server.mdx b/api_docs/kbn_core_lifecycle_server.mdx
index f3538ffa4dac0..08772d8429c0e 100644
--- a/api_docs/kbn_core_lifecycle_server.mdx
+++ b/api_docs/kbn_core_lifecycle_server.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-lifecycle-server
 title: "@kbn/core-lifecycle-server"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-lifecycle-server plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-lifecycle-server']
 ---
 import kbnCoreLifecycleServerObj from './kbn_core_lifecycle_server.devdocs.json';
diff --git a/api_docs/kbn_core_lifecycle_server_mocks.mdx b/api_docs/kbn_core_lifecycle_server_mocks.mdx
index 2c2a6c5b177e1..32342d4b332be 100644
--- a/api_docs/kbn_core_lifecycle_server_mocks.mdx
+++ b/api_docs/kbn_core_lifecycle_server_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-lifecycle-server-mocks
 title: "@kbn/core-lifecycle-server-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-lifecycle-server-mocks plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-lifecycle-server-mocks']
 ---
 import kbnCoreLifecycleServerMocksObj from './kbn_core_lifecycle_server_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_logging_browser_mocks.mdx b/api_docs/kbn_core_logging_browser_mocks.mdx
index b452533735095..c2319eb9b5109 100644
--- a/api_docs/kbn_core_logging_browser_mocks.mdx
+++ b/api_docs/kbn_core_logging_browser_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-logging-browser-mocks
 title: "@kbn/core-logging-browser-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-logging-browser-mocks plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-logging-browser-mocks']
 ---
 import kbnCoreLoggingBrowserMocksObj from './kbn_core_logging_browser_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_logging_common_internal.mdx b/api_docs/kbn_core_logging_common_internal.mdx
index 1c3a7d408a4b8..f9ad1e217b3e4 100644
--- a/api_docs/kbn_core_logging_common_internal.mdx
+++ b/api_docs/kbn_core_logging_common_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-logging-common-internal
 title: "@kbn/core-logging-common-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-logging-common-internal plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-logging-common-internal']
 ---
 import kbnCoreLoggingCommonInternalObj from './kbn_core_logging_common_internal.devdocs.json';
diff --git a/api_docs/kbn_core_logging_server.mdx b/api_docs/kbn_core_logging_server.mdx
index 834f1f36f6126..e8e03431282c7 100644
--- a/api_docs/kbn_core_logging_server.mdx
+++ b/api_docs/kbn_core_logging_server.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-logging-server
 title: "@kbn/core-logging-server"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-logging-server plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-logging-server']
 ---
 import kbnCoreLoggingServerObj from './kbn_core_logging_server.devdocs.json';
diff --git a/api_docs/kbn_core_logging_server_internal.mdx b/api_docs/kbn_core_logging_server_internal.mdx
index 831056b508fc6..e8700cc6e5597 100644
--- a/api_docs/kbn_core_logging_server_internal.mdx
+++ b/api_docs/kbn_core_logging_server_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-logging-server-internal
 title: "@kbn/core-logging-server-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-logging-server-internal plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-logging-server-internal']
 ---
 import kbnCoreLoggingServerInternalObj from './kbn_core_logging_server_internal.devdocs.json';
diff --git a/api_docs/kbn_core_logging_server_mocks.mdx b/api_docs/kbn_core_logging_server_mocks.mdx
index 5d992ebf8c7e9..7028a9c570d28 100644
--- a/api_docs/kbn_core_logging_server_mocks.mdx
+++ b/api_docs/kbn_core_logging_server_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-logging-server-mocks
 title: "@kbn/core-logging-server-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-logging-server-mocks plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-logging-server-mocks']
 ---
 import kbnCoreLoggingServerMocksObj from './kbn_core_logging_server_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_metrics_collectors_server_internal.mdx b/api_docs/kbn_core_metrics_collectors_server_internal.mdx
index 288efd553f05b..144fc61bb1802 100644
--- a/api_docs/kbn_core_metrics_collectors_server_internal.mdx
+++ b/api_docs/kbn_core_metrics_collectors_server_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-metrics-collectors-server-internal
 title: "@kbn/core-metrics-collectors-server-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-metrics-collectors-server-internal plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-metrics-collectors-server-internal']
 ---
 import kbnCoreMetricsCollectorsServerInternalObj from './kbn_core_metrics_collectors_server_internal.devdocs.json';
diff --git a/api_docs/kbn_core_metrics_collectors_server_mocks.mdx b/api_docs/kbn_core_metrics_collectors_server_mocks.mdx
index 236a8d2d7dde1..a2e8d78d1f2cd 100644
--- a/api_docs/kbn_core_metrics_collectors_server_mocks.mdx
+++ b/api_docs/kbn_core_metrics_collectors_server_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-metrics-collectors-server-mocks
 title: "@kbn/core-metrics-collectors-server-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-metrics-collectors-server-mocks plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-metrics-collectors-server-mocks']
 ---
 import kbnCoreMetricsCollectorsServerMocksObj from './kbn_core_metrics_collectors_server_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_metrics_server.mdx b/api_docs/kbn_core_metrics_server.mdx
index dcbecaf76180b..dbd73cfcda935 100644
--- a/api_docs/kbn_core_metrics_server.mdx
+++ b/api_docs/kbn_core_metrics_server.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-metrics-server
 title: "@kbn/core-metrics-server"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-metrics-server plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-metrics-server']
 ---
 import kbnCoreMetricsServerObj from './kbn_core_metrics_server.devdocs.json';
diff --git a/api_docs/kbn_core_metrics_server_internal.mdx b/api_docs/kbn_core_metrics_server_internal.mdx
index 594b3db1ef9d6..45376f77a53e8 100644
--- a/api_docs/kbn_core_metrics_server_internal.mdx
+++ b/api_docs/kbn_core_metrics_server_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-metrics-server-internal
 title: "@kbn/core-metrics-server-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-metrics-server-internal plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-metrics-server-internal']
 ---
 import kbnCoreMetricsServerInternalObj from './kbn_core_metrics_server_internal.devdocs.json';
diff --git a/api_docs/kbn_core_metrics_server_mocks.mdx b/api_docs/kbn_core_metrics_server_mocks.mdx
index fa8a2e37ef0e0..fdf228fde8293 100644
--- a/api_docs/kbn_core_metrics_server_mocks.mdx
+++ b/api_docs/kbn_core_metrics_server_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-metrics-server-mocks
 title: "@kbn/core-metrics-server-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-metrics-server-mocks plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-metrics-server-mocks']
 ---
 import kbnCoreMetricsServerMocksObj from './kbn_core_metrics_server_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_mount_utils_browser.mdx b/api_docs/kbn_core_mount_utils_browser.mdx
index 4d73bf4d98a2f..cf6a8054c7937 100644
--- a/api_docs/kbn_core_mount_utils_browser.mdx
+++ b/api_docs/kbn_core_mount_utils_browser.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-mount-utils-browser
 title: "@kbn/core-mount-utils-browser"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-mount-utils-browser plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-mount-utils-browser']
 ---
 import kbnCoreMountUtilsBrowserObj from './kbn_core_mount_utils_browser.devdocs.json';
diff --git a/api_docs/kbn_core_node_server.mdx b/api_docs/kbn_core_node_server.mdx
index 012eda39beccd..d07bd9b3abf8a 100644
--- a/api_docs/kbn_core_node_server.mdx
+++ b/api_docs/kbn_core_node_server.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-node-server
 title: "@kbn/core-node-server"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-node-server plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-node-server']
 ---
 import kbnCoreNodeServerObj from './kbn_core_node_server.devdocs.json';
diff --git a/api_docs/kbn_core_node_server_internal.mdx b/api_docs/kbn_core_node_server_internal.mdx
index c7faa587a4df8..f17c87158c98b 100644
--- a/api_docs/kbn_core_node_server_internal.mdx
+++ b/api_docs/kbn_core_node_server_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-node-server-internal
 title: "@kbn/core-node-server-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-node-server-internal plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-node-server-internal']
 ---
 import kbnCoreNodeServerInternalObj from './kbn_core_node_server_internal.devdocs.json';
diff --git a/api_docs/kbn_core_node_server_mocks.mdx b/api_docs/kbn_core_node_server_mocks.mdx
index 0a0c46759a1e1..d4e55ca46e9b4 100644
--- a/api_docs/kbn_core_node_server_mocks.mdx
+++ b/api_docs/kbn_core_node_server_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-node-server-mocks
 title: "@kbn/core-node-server-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-node-server-mocks plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-node-server-mocks']
 ---
 import kbnCoreNodeServerMocksObj from './kbn_core_node_server_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_notifications_browser.mdx b/api_docs/kbn_core_notifications_browser.mdx
index 50e0d2ca27119..43bd0cc423813 100644
--- a/api_docs/kbn_core_notifications_browser.mdx
+++ b/api_docs/kbn_core_notifications_browser.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-notifications-browser
 title: "@kbn/core-notifications-browser"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-notifications-browser plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-notifications-browser']
 ---
 import kbnCoreNotificationsBrowserObj from './kbn_core_notifications_browser.devdocs.json';
diff --git a/api_docs/kbn_core_notifications_browser_internal.mdx b/api_docs/kbn_core_notifications_browser_internal.mdx
index a9b42a446f338..4c8eda8d566a3 100644
--- a/api_docs/kbn_core_notifications_browser_internal.mdx
+++ b/api_docs/kbn_core_notifications_browser_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-notifications-browser-internal
 title: "@kbn/core-notifications-browser-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-notifications-browser-internal plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-notifications-browser-internal']
 ---
 import kbnCoreNotificationsBrowserInternalObj from './kbn_core_notifications_browser_internal.devdocs.json';
diff --git a/api_docs/kbn_core_notifications_browser_mocks.mdx b/api_docs/kbn_core_notifications_browser_mocks.mdx
index 037504f5764f2..419d847cec160 100644
--- a/api_docs/kbn_core_notifications_browser_mocks.mdx
+++ b/api_docs/kbn_core_notifications_browser_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-notifications-browser-mocks
 title: "@kbn/core-notifications-browser-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-notifications-browser-mocks plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-notifications-browser-mocks']
 ---
 import kbnCoreNotificationsBrowserMocksObj from './kbn_core_notifications_browser_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_overlays_browser.mdx b/api_docs/kbn_core_overlays_browser.mdx
index 29787d92e125f..41133cd806326 100644
--- a/api_docs/kbn_core_overlays_browser.mdx
+++ b/api_docs/kbn_core_overlays_browser.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-overlays-browser
 title: "@kbn/core-overlays-browser"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-overlays-browser plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-overlays-browser']
 ---
 import kbnCoreOverlaysBrowserObj from './kbn_core_overlays_browser.devdocs.json';
diff --git a/api_docs/kbn_core_overlays_browser_internal.mdx b/api_docs/kbn_core_overlays_browser_internal.mdx
index 47f2713f6ce27..e85c90f45e9eb 100644
--- a/api_docs/kbn_core_overlays_browser_internal.mdx
+++ b/api_docs/kbn_core_overlays_browser_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-overlays-browser-internal
 title: "@kbn/core-overlays-browser-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-overlays-browser-internal plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-overlays-browser-internal']
 ---
 import kbnCoreOverlaysBrowserInternalObj from './kbn_core_overlays_browser_internal.devdocs.json';
diff --git a/api_docs/kbn_core_overlays_browser_mocks.mdx b/api_docs/kbn_core_overlays_browser_mocks.mdx
index 9a01acebf0229..30dbc44b999bf 100644
--- a/api_docs/kbn_core_overlays_browser_mocks.mdx
+++ b/api_docs/kbn_core_overlays_browser_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-overlays-browser-mocks
 title: "@kbn/core-overlays-browser-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-overlays-browser-mocks plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-overlays-browser-mocks']
 ---
 import kbnCoreOverlaysBrowserMocksObj from './kbn_core_overlays_browser_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_plugins_browser.mdx b/api_docs/kbn_core_plugins_browser.mdx
index ce9178e7537a7..d76d30ad092cf 100644
--- a/api_docs/kbn_core_plugins_browser.mdx
+++ b/api_docs/kbn_core_plugins_browser.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-plugins-browser
 title: "@kbn/core-plugins-browser"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-plugins-browser plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-plugins-browser']
 ---
 import kbnCorePluginsBrowserObj from './kbn_core_plugins_browser.devdocs.json';
diff --git a/api_docs/kbn_core_plugins_browser_mocks.mdx b/api_docs/kbn_core_plugins_browser_mocks.mdx
index 33bd5fa638783..5ad28400b0fac 100644
--- a/api_docs/kbn_core_plugins_browser_mocks.mdx
+++ b/api_docs/kbn_core_plugins_browser_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-plugins-browser-mocks
 title: "@kbn/core-plugins-browser-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-plugins-browser-mocks plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-plugins-browser-mocks']
 ---
 import kbnCorePluginsBrowserMocksObj from './kbn_core_plugins_browser_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_plugins_contracts_browser.mdx b/api_docs/kbn_core_plugins_contracts_browser.mdx
index 7f60209675cdd..6ee4734cebec7 100644
--- a/api_docs/kbn_core_plugins_contracts_browser.mdx
+++ b/api_docs/kbn_core_plugins_contracts_browser.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-plugins-contracts-browser
 title: "@kbn/core-plugins-contracts-browser"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-plugins-contracts-browser plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-plugins-contracts-browser']
 ---
 import kbnCorePluginsContractsBrowserObj from './kbn_core_plugins_contracts_browser.devdocs.json';
diff --git a/api_docs/kbn_core_plugins_contracts_server.mdx b/api_docs/kbn_core_plugins_contracts_server.mdx
index 56baf81f1aa17..0ca20465cf697 100644
--- a/api_docs/kbn_core_plugins_contracts_server.mdx
+++ b/api_docs/kbn_core_plugins_contracts_server.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-plugins-contracts-server
 title: "@kbn/core-plugins-contracts-server"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-plugins-contracts-server plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-plugins-contracts-server']
 ---
 import kbnCorePluginsContractsServerObj from './kbn_core_plugins_contracts_server.devdocs.json';
diff --git a/api_docs/kbn_core_plugins_server.mdx b/api_docs/kbn_core_plugins_server.mdx
index 508a9fdbbe398..1155d494305ee 100644
--- a/api_docs/kbn_core_plugins_server.mdx
+++ b/api_docs/kbn_core_plugins_server.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-plugins-server
 title: "@kbn/core-plugins-server"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-plugins-server plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-plugins-server']
 ---
 import kbnCorePluginsServerObj from './kbn_core_plugins_server.devdocs.json';
diff --git a/api_docs/kbn_core_plugins_server_mocks.mdx b/api_docs/kbn_core_plugins_server_mocks.mdx
index 957f6cb6ae9f3..a0b3d5e76533b 100644
--- a/api_docs/kbn_core_plugins_server_mocks.mdx
+++ b/api_docs/kbn_core_plugins_server_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-plugins-server-mocks
 title: "@kbn/core-plugins-server-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-plugins-server-mocks plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-plugins-server-mocks']
 ---
 import kbnCorePluginsServerMocksObj from './kbn_core_plugins_server_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_preboot_server.mdx b/api_docs/kbn_core_preboot_server.mdx
index 6cb81ba1b176e..87569264dcd8c 100644
--- a/api_docs/kbn_core_preboot_server.mdx
+++ b/api_docs/kbn_core_preboot_server.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-preboot-server
 title: "@kbn/core-preboot-server"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-preboot-server plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-preboot-server']
 ---
 import kbnCorePrebootServerObj from './kbn_core_preboot_server.devdocs.json';
diff --git a/api_docs/kbn_core_preboot_server_mocks.mdx b/api_docs/kbn_core_preboot_server_mocks.mdx
index e07fdc43eddc8..ac9bff00b0a4d 100644
--- a/api_docs/kbn_core_preboot_server_mocks.mdx
+++ b/api_docs/kbn_core_preboot_server_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-preboot-server-mocks
 title: "@kbn/core-preboot-server-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-preboot-server-mocks plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-preboot-server-mocks']
 ---
 import kbnCorePrebootServerMocksObj from './kbn_core_preboot_server_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_rendering_browser_mocks.mdx b/api_docs/kbn_core_rendering_browser_mocks.mdx
index e03db8dd11d72..182fdc1bfbc05 100644
--- a/api_docs/kbn_core_rendering_browser_mocks.mdx
+++ b/api_docs/kbn_core_rendering_browser_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-rendering-browser-mocks
 title: "@kbn/core-rendering-browser-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-rendering-browser-mocks plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-rendering-browser-mocks']
 ---
 import kbnCoreRenderingBrowserMocksObj from './kbn_core_rendering_browser_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_rendering_server_internal.mdx b/api_docs/kbn_core_rendering_server_internal.mdx
index e0db4f9df4527..fd14e2108f5fc 100644
--- a/api_docs/kbn_core_rendering_server_internal.mdx
+++ b/api_docs/kbn_core_rendering_server_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-rendering-server-internal
 title: "@kbn/core-rendering-server-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-rendering-server-internal plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-rendering-server-internal']
 ---
 import kbnCoreRenderingServerInternalObj from './kbn_core_rendering_server_internal.devdocs.json';
diff --git a/api_docs/kbn_core_rendering_server_mocks.mdx b/api_docs/kbn_core_rendering_server_mocks.mdx
index 2f9512345141d..a12d0bf81e02e 100644
--- a/api_docs/kbn_core_rendering_server_mocks.mdx
+++ b/api_docs/kbn_core_rendering_server_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-rendering-server-mocks
 title: "@kbn/core-rendering-server-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-rendering-server-mocks plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-rendering-server-mocks']
 ---
 import kbnCoreRenderingServerMocksObj from './kbn_core_rendering_server_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_root_server_internal.mdx b/api_docs/kbn_core_root_server_internal.mdx
index bd5a474c975d9..530ce9fa2932a 100644
--- a/api_docs/kbn_core_root_server_internal.mdx
+++ b/api_docs/kbn_core_root_server_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-root-server-internal
 title: "@kbn/core-root-server-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-root-server-internal plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-root-server-internal']
 ---
 import kbnCoreRootServerInternalObj from './kbn_core_root_server_internal.devdocs.json';
diff --git a/api_docs/kbn_core_saved_objects_api_browser.mdx b/api_docs/kbn_core_saved_objects_api_browser.mdx
index fd05514ecf0d1..5dae134893edf 100644
--- a/api_docs/kbn_core_saved_objects_api_browser.mdx
+++ b/api_docs/kbn_core_saved_objects_api_browser.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-api-browser
 title: "@kbn/core-saved-objects-api-browser"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-saved-objects-api-browser plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-api-browser']
 ---
 import kbnCoreSavedObjectsApiBrowserObj from './kbn_core_saved_objects_api_browser.devdocs.json';
diff --git a/api_docs/kbn_core_saved_objects_api_server.mdx b/api_docs/kbn_core_saved_objects_api_server.mdx
index 4e4f95947b23e..a0e8013fe75d8 100644
--- a/api_docs/kbn_core_saved_objects_api_server.mdx
+++ b/api_docs/kbn_core_saved_objects_api_server.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-api-server
 title: "@kbn/core-saved-objects-api-server"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-saved-objects-api-server plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-api-server']
 ---
 import kbnCoreSavedObjectsApiServerObj from './kbn_core_saved_objects_api_server.devdocs.json';
diff --git a/api_docs/kbn_core_saved_objects_api_server_mocks.mdx b/api_docs/kbn_core_saved_objects_api_server_mocks.mdx
index 5b4b09e5eb4b2..080ec68d080ba 100644
--- a/api_docs/kbn_core_saved_objects_api_server_mocks.mdx
+++ b/api_docs/kbn_core_saved_objects_api_server_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-api-server-mocks
 title: "@kbn/core-saved-objects-api-server-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-saved-objects-api-server-mocks plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-api-server-mocks']
 ---
 import kbnCoreSavedObjectsApiServerMocksObj from './kbn_core_saved_objects_api_server_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_saved_objects_base_server_internal.mdx b/api_docs/kbn_core_saved_objects_base_server_internal.mdx
index 3789f0ffd14b1..4d56c05b89056 100644
--- a/api_docs/kbn_core_saved_objects_base_server_internal.mdx
+++ b/api_docs/kbn_core_saved_objects_base_server_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-base-server-internal
 title: "@kbn/core-saved-objects-base-server-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-saved-objects-base-server-internal plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-base-server-internal']
 ---
 import kbnCoreSavedObjectsBaseServerInternalObj from './kbn_core_saved_objects_base_server_internal.devdocs.json';
diff --git a/api_docs/kbn_core_saved_objects_base_server_mocks.mdx b/api_docs/kbn_core_saved_objects_base_server_mocks.mdx
index 9f175b48961b6..acb6845b35c14 100644
--- a/api_docs/kbn_core_saved_objects_base_server_mocks.mdx
+++ b/api_docs/kbn_core_saved_objects_base_server_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-base-server-mocks
 title: "@kbn/core-saved-objects-base-server-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-saved-objects-base-server-mocks plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-base-server-mocks']
 ---
 import kbnCoreSavedObjectsBaseServerMocksObj from './kbn_core_saved_objects_base_server_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_saved_objects_browser.mdx b/api_docs/kbn_core_saved_objects_browser.mdx
index 57993e1bf6062..25605259aa15a 100644
--- a/api_docs/kbn_core_saved_objects_browser.mdx
+++ b/api_docs/kbn_core_saved_objects_browser.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-browser
 title: "@kbn/core-saved-objects-browser"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-saved-objects-browser plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-browser']
 ---
 import kbnCoreSavedObjectsBrowserObj from './kbn_core_saved_objects_browser.devdocs.json';
diff --git a/api_docs/kbn_core_saved_objects_browser_internal.mdx b/api_docs/kbn_core_saved_objects_browser_internal.mdx
index f49475ec5aaee..8f28c87ccdaa4 100644
--- a/api_docs/kbn_core_saved_objects_browser_internal.mdx
+++ b/api_docs/kbn_core_saved_objects_browser_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-browser-internal
 title: "@kbn/core-saved-objects-browser-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-saved-objects-browser-internal plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-browser-internal']
 ---
 import kbnCoreSavedObjectsBrowserInternalObj from './kbn_core_saved_objects_browser_internal.devdocs.json';
diff --git a/api_docs/kbn_core_saved_objects_browser_mocks.mdx b/api_docs/kbn_core_saved_objects_browser_mocks.mdx
index 7de2c4c3eabe6..4d60747dd8b2d 100644
--- a/api_docs/kbn_core_saved_objects_browser_mocks.mdx
+++ b/api_docs/kbn_core_saved_objects_browser_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-browser-mocks
 title: "@kbn/core-saved-objects-browser-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-saved-objects-browser-mocks plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-browser-mocks']
 ---
 import kbnCoreSavedObjectsBrowserMocksObj from './kbn_core_saved_objects_browser_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_saved_objects_common.mdx b/api_docs/kbn_core_saved_objects_common.mdx
index 911c0b4661aa9..1a585ec81159a 100644
--- a/api_docs/kbn_core_saved_objects_common.mdx
+++ b/api_docs/kbn_core_saved_objects_common.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-common
 title: "@kbn/core-saved-objects-common"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-saved-objects-common plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-common']
 ---
 import kbnCoreSavedObjectsCommonObj from './kbn_core_saved_objects_common.devdocs.json';
diff --git a/api_docs/kbn_core_saved_objects_import_export_server_internal.mdx b/api_docs/kbn_core_saved_objects_import_export_server_internal.mdx
index 65584cde18ee5..c4cc6994f235a 100644
--- a/api_docs/kbn_core_saved_objects_import_export_server_internal.mdx
+++ b/api_docs/kbn_core_saved_objects_import_export_server_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-import-export-server-internal
 title: "@kbn/core-saved-objects-import-export-server-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-saved-objects-import-export-server-internal plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-import-export-server-internal']
 ---
 import kbnCoreSavedObjectsImportExportServerInternalObj from './kbn_core_saved_objects_import_export_server_internal.devdocs.json';
diff --git a/api_docs/kbn_core_saved_objects_import_export_server_mocks.mdx b/api_docs/kbn_core_saved_objects_import_export_server_mocks.mdx
index 7cb1ffe660311..b8f0d29d28671 100644
--- a/api_docs/kbn_core_saved_objects_import_export_server_mocks.mdx
+++ b/api_docs/kbn_core_saved_objects_import_export_server_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-import-export-server-mocks
 title: "@kbn/core-saved-objects-import-export-server-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-saved-objects-import-export-server-mocks plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-import-export-server-mocks']
 ---
 import kbnCoreSavedObjectsImportExportServerMocksObj from './kbn_core_saved_objects_import_export_server_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_saved_objects_migration_server_internal.mdx b/api_docs/kbn_core_saved_objects_migration_server_internal.mdx
index 6cbf30d3ea641..e3328ef33f5da 100644
--- a/api_docs/kbn_core_saved_objects_migration_server_internal.mdx
+++ b/api_docs/kbn_core_saved_objects_migration_server_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-migration-server-internal
 title: "@kbn/core-saved-objects-migration-server-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-saved-objects-migration-server-internal plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-migration-server-internal']
 ---
 import kbnCoreSavedObjectsMigrationServerInternalObj from './kbn_core_saved_objects_migration_server_internal.devdocs.json';
diff --git a/api_docs/kbn_core_saved_objects_migration_server_mocks.mdx b/api_docs/kbn_core_saved_objects_migration_server_mocks.mdx
index 805dbd672bd21..5dbe96ee095ed 100644
--- a/api_docs/kbn_core_saved_objects_migration_server_mocks.mdx
+++ b/api_docs/kbn_core_saved_objects_migration_server_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-migration-server-mocks
 title: "@kbn/core-saved-objects-migration-server-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-saved-objects-migration-server-mocks plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-migration-server-mocks']
 ---
 import kbnCoreSavedObjectsMigrationServerMocksObj from './kbn_core_saved_objects_migration_server_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_saved_objects_server.mdx b/api_docs/kbn_core_saved_objects_server.mdx
index 2653391291952..f446196c0c5bf 100644
--- a/api_docs/kbn_core_saved_objects_server.mdx
+++ b/api_docs/kbn_core_saved_objects_server.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-server
 title: "@kbn/core-saved-objects-server"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-saved-objects-server plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-server']
 ---
 import kbnCoreSavedObjectsServerObj from './kbn_core_saved_objects_server.devdocs.json';
diff --git a/api_docs/kbn_core_saved_objects_server_internal.mdx b/api_docs/kbn_core_saved_objects_server_internal.mdx
index f842bc5c03f2b..6141c159dc6a2 100644
--- a/api_docs/kbn_core_saved_objects_server_internal.mdx
+++ b/api_docs/kbn_core_saved_objects_server_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-server-internal
 title: "@kbn/core-saved-objects-server-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-saved-objects-server-internal plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-server-internal']
 ---
 import kbnCoreSavedObjectsServerInternalObj from './kbn_core_saved_objects_server_internal.devdocs.json';
diff --git a/api_docs/kbn_core_saved_objects_server_mocks.mdx b/api_docs/kbn_core_saved_objects_server_mocks.mdx
index 483ac1602b82a..2095588365df1 100644
--- a/api_docs/kbn_core_saved_objects_server_mocks.mdx
+++ b/api_docs/kbn_core_saved_objects_server_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-server-mocks
 title: "@kbn/core-saved-objects-server-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-saved-objects-server-mocks plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-server-mocks']
 ---
 import kbnCoreSavedObjectsServerMocksObj from './kbn_core_saved_objects_server_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_saved_objects_utils_server.mdx b/api_docs/kbn_core_saved_objects_utils_server.mdx
index 403a2a37c2899..ad188b24e980c 100644
--- a/api_docs/kbn_core_saved_objects_utils_server.mdx
+++ b/api_docs/kbn_core_saved_objects_utils_server.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-utils-server
 title: "@kbn/core-saved-objects-utils-server"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-saved-objects-utils-server plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-utils-server']
 ---
 import kbnCoreSavedObjectsUtilsServerObj from './kbn_core_saved_objects_utils_server.devdocs.json';
diff --git a/api_docs/kbn_core_security_browser.mdx b/api_docs/kbn_core_security_browser.mdx
index 0dcb447e8fee6..fae7cc485d9cd 100644
--- a/api_docs/kbn_core_security_browser.mdx
+++ b/api_docs/kbn_core_security_browser.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-security-browser
 title: "@kbn/core-security-browser"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-security-browser plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-security-browser']
 ---
 import kbnCoreSecurityBrowserObj from './kbn_core_security_browser.devdocs.json';
diff --git a/api_docs/kbn_core_security_browser_internal.mdx b/api_docs/kbn_core_security_browser_internal.mdx
index e55d560824692..981bb18d7cf32 100644
--- a/api_docs/kbn_core_security_browser_internal.mdx
+++ b/api_docs/kbn_core_security_browser_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-security-browser-internal
 title: "@kbn/core-security-browser-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-security-browser-internal plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-security-browser-internal']
 ---
 import kbnCoreSecurityBrowserInternalObj from './kbn_core_security_browser_internal.devdocs.json';
diff --git a/api_docs/kbn_core_security_browser_mocks.mdx b/api_docs/kbn_core_security_browser_mocks.mdx
index fd8915f08c0c7..c75fd6edcf476 100644
--- a/api_docs/kbn_core_security_browser_mocks.mdx
+++ b/api_docs/kbn_core_security_browser_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-security-browser-mocks
 title: "@kbn/core-security-browser-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-security-browser-mocks plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-security-browser-mocks']
 ---
 import kbnCoreSecurityBrowserMocksObj from './kbn_core_security_browser_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_security_common.mdx b/api_docs/kbn_core_security_common.mdx
index e8d59c0a1a20f..7ad277c159a94 100644
--- a/api_docs/kbn_core_security_common.mdx
+++ b/api_docs/kbn_core_security_common.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-security-common
 title: "@kbn/core-security-common"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-security-common plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-security-common']
 ---
 import kbnCoreSecurityCommonObj from './kbn_core_security_common.devdocs.json';
diff --git a/api_docs/kbn_core_security_server.mdx b/api_docs/kbn_core_security_server.mdx
index 44f101b0964fd..275f1c0865c63 100644
--- a/api_docs/kbn_core_security_server.mdx
+++ b/api_docs/kbn_core_security_server.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-security-server
 title: "@kbn/core-security-server"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-security-server plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-security-server']
 ---
 import kbnCoreSecurityServerObj from './kbn_core_security_server.devdocs.json';
diff --git a/api_docs/kbn_core_security_server_internal.mdx b/api_docs/kbn_core_security_server_internal.mdx
index 5c61fb024f1b5..b44c84e2364b8 100644
--- a/api_docs/kbn_core_security_server_internal.mdx
+++ b/api_docs/kbn_core_security_server_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-security-server-internal
 title: "@kbn/core-security-server-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-security-server-internal plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-security-server-internal']
 ---
 import kbnCoreSecurityServerInternalObj from './kbn_core_security_server_internal.devdocs.json';
diff --git a/api_docs/kbn_core_security_server_mocks.mdx b/api_docs/kbn_core_security_server_mocks.mdx
index 10fb8ff1e098e..1fe6a104e74a3 100644
--- a/api_docs/kbn_core_security_server_mocks.mdx
+++ b/api_docs/kbn_core_security_server_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-security-server-mocks
 title: "@kbn/core-security-server-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-security-server-mocks plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-security-server-mocks']
 ---
 import kbnCoreSecurityServerMocksObj from './kbn_core_security_server_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_status_common.mdx b/api_docs/kbn_core_status_common.mdx
index 5ae33f1587141..e073da568a9c5 100644
--- a/api_docs/kbn_core_status_common.mdx
+++ b/api_docs/kbn_core_status_common.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-status-common
 title: "@kbn/core-status-common"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-status-common plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-status-common']
 ---
 import kbnCoreStatusCommonObj from './kbn_core_status_common.devdocs.json';
diff --git a/api_docs/kbn_core_status_common_internal.mdx b/api_docs/kbn_core_status_common_internal.mdx
index cef994182b972..eaadec3fd1f36 100644
--- a/api_docs/kbn_core_status_common_internal.mdx
+++ b/api_docs/kbn_core_status_common_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-status-common-internal
 title: "@kbn/core-status-common-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-status-common-internal plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-status-common-internal']
 ---
 import kbnCoreStatusCommonInternalObj from './kbn_core_status_common_internal.devdocs.json';
diff --git a/api_docs/kbn_core_status_server.mdx b/api_docs/kbn_core_status_server.mdx
index b2b2cb7b568f6..af83808773fa8 100644
--- a/api_docs/kbn_core_status_server.mdx
+++ b/api_docs/kbn_core_status_server.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-status-server
 title: "@kbn/core-status-server"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-status-server plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-status-server']
 ---
 import kbnCoreStatusServerObj from './kbn_core_status_server.devdocs.json';
diff --git a/api_docs/kbn_core_status_server_internal.mdx b/api_docs/kbn_core_status_server_internal.mdx
index ef527c950cd30..a3a3dfc3f56dd 100644
--- a/api_docs/kbn_core_status_server_internal.mdx
+++ b/api_docs/kbn_core_status_server_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-status-server-internal
 title: "@kbn/core-status-server-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-status-server-internal plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-status-server-internal']
 ---
 import kbnCoreStatusServerInternalObj from './kbn_core_status_server_internal.devdocs.json';
diff --git a/api_docs/kbn_core_status_server_mocks.mdx b/api_docs/kbn_core_status_server_mocks.mdx
index 938f83007fbcf..d9731632b4151 100644
--- a/api_docs/kbn_core_status_server_mocks.mdx
+++ b/api_docs/kbn_core_status_server_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-status-server-mocks
 title: "@kbn/core-status-server-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-status-server-mocks plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-status-server-mocks']
 ---
 import kbnCoreStatusServerMocksObj from './kbn_core_status_server_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_test_helpers_deprecations_getters.mdx b/api_docs/kbn_core_test_helpers_deprecations_getters.mdx
index a50c3b1828d6e..676d1056840bf 100644
--- a/api_docs/kbn_core_test_helpers_deprecations_getters.mdx
+++ b/api_docs/kbn_core_test_helpers_deprecations_getters.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-test-helpers-deprecations-getters
 title: "@kbn/core-test-helpers-deprecations-getters"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-test-helpers-deprecations-getters plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-test-helpers-deprecations-getters']
 ---
 import kbnCoreTestHelpersDeprecationsGettersObj from './kbn_core_test_helpers_deprecations_getters.devdocs.json';
diff --git a/api_docs/kbn_core_test_helpers_http_setup_browser.mdx b/api_docs/kbn_core_test_helpers_http_setup_browser.mdx
index 6a4b625285f0a..ab9b83fe8861c 100644
--- a/api_docs/kbn_core_test_helpers_http_setup_browser.mdx
+++ b/api_docs/kbn_core_test_helpers_http_setup_browser.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-test-helpers-http-setup-browser
 title: "@kbn/core-test-helpers-http-setup-browser"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-test-helpers-http-setup-browser plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-test-helpers-http-setup-browser']
 ---
 import kbnCoreTestHelpersHttpSetupBrowserObj from './kbn_core_test_helpers_http_setup_browser.devdocs.json';
diff --git a/api_docs/kbn_core_test_helpers_kbn_server.mdx b/api_docs/kbn_core_test_helpers_kbn_server.mdx
index 02c5352bd4d17..566a12c5fd812 100644
--- a/api_docs/kbn_core_test_helpers_kbn_server.mdx
+++ b/api_docs/kbn_core_test_helpers_kbn_server.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-test-helpers-kbn-server
 title: "@kbn/core-test-helpers-kbn-server"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-test-helpers-kbn-server plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-test-helpers-kbn-server']
 ---
 import kbnCoreTestHelpersKbnServerObj from './kbn_core_test_helpers_kbn_server.devdocs.json';
diff --git a/api_docs/kbn_core_test_helpers_model_versions.mdx b/api_docs/kbn_core_test_helpers_model_versions.mdx
index 8aaf6a5f2adf5..9746863eaca68 100644
--- a/api_docs/kbn_core_test_helpers_model_versions.mdx
+++ b/api_docs/kbn_core_test_helpers_model_versions.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-test-helpers-model-versions
 title: "@kbn/core-test-helpers-model-versions"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-test-helpers-model-versions plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-test-helpers-model-versions']
 ---
 import kbnCoreTestHelpersModelVersionsObj from './kbn_core_test_helpers_model_versions.devdocs.json';
diff --git a/api_docs/kbn_core_test_helpers_so_type_serializer.mdx b/api_docs/kbn_core_test_helpers_so_type_serializer.mdx
index 6aa9349a03527..0892a6f64804d 100644
--- a/api_docs/kbn_core_test_helpers_so_type_serializer.mdx
+++ b/api_docs/kbn_core_test_helpers_so_type_serializer.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-test-helpers-so-type-serializer
 title: "@kbn/core-test-helpers-so-type-serializer"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-test-helpers-so-type-serializer plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-test-helpers-so-type-serializer']
 ---
 import kbnCoreTestHelpersSoTypeSerializerObj from './kbn_core_test_helpers_so_type_serializer.devdocs.json';
diff --git a/api_docs/kbn_core_test_helpers_test_utils.mdx b/api_docs/kbn_core_test_helpers_test_utils.mdx
index 87b2f6d5c9396..b82f65b3aa587 100644
--- a/api_docs/kbn_core_test_helpers_test_utils.mdx
+++ b/api_docs/kbn_core_test_helpers_test_utils.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-test-helpers-test-utils
 title: "@kbn/core-test-helpers-test-utils"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-test-helpers-test-utils plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-test-helpers-test-utils']
 ---
 import kbnCoreTestHelpersTestUtilsObj from './kbn_core_test_helpers_test_utils.devdocs.json';
diff --git a/api_docs/kbn_core_theme_browser.mdx b/api_docs/kbn_core_theme_browser.mdx
index 32ecd45349e11..a07991f3a5b52 100644
--- a/api_docs/kbn_core_theme_browser.mdx
+++ b/api_docs/kbn_core_theme_browser.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-theme-browser
 title: "@kbn/core-theme-browser"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-theme-browser plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-theme-browser']
 ---
 import kbnCoreThemeBrowserObj from './kbn_core_theme_browser.devdocs.json';
diff --git a/api_docs/kbn_core_theme_browser_mocks.mdx b/api_docs/kbn_core_theme_browser_mocks.mdx
index 4cbeda7788db9..555b78073d0a6 100644
--- a/api_docs/kbn_core_theme_browser_mocks.mdx
+++ b/api_docs/kbn_core_theme_browser_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-theme-browser-mocks
 title: "@kbn/core-theme-browser-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-theme-browser-mocks plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-theme-browser-mocks']
 ---
 import kbnCoreThemeBrowserMocksObj from './kbn_core_theme_browser_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_ui_settings_browser.mdx b/api_docs/kbn_core_ui_settings_browser.mdx
index d953b935075ef..fa809a3887787 100644
--- a/api_docs/kbn_core_ui_settings_browser.mdx
+++ b/api_docs/kbn_core_ui_settings_browser.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-ui-settings-browser
 title: "@kbn/core-ui-settings-browser"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-ui-settings-browser plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-ui-settings-browser']
 ---
 import kbnCoreUiSettingsBrowserObj from './kbn_core_ui_settings_browser.devdocs.json';
diff --git a/api_docs/kbn_core_ui_settings_browser_internal.mdx b/api_docs/kbn_core_ui_settings_browser_internal.mdx
index fff46b5326d0d..8076358dfe071 100644
--- a/api_docs/kbn_core_ui_settings_browser_internal.mdx
+++ b/api_docs/kbn_core_ui_settings_browser_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-ui-settings-browser-internal
 title: "@kbn/core-ui-settings-browser-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-ui-settings-browser-internal plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-ui-settings-browser-internal']
 ---
 import kbnCoreUiSettingsBrowserInternalObj from './kbn_core_ui_settings_browser_internal.devdocs.json';
diff --git a/api_docs/kbn_core_ui_settings_browser_mocks.mdx b/api_docs/kbn_core_ui_settings_browser_mocks.mdx
index 53cf35bd07a40..e586325b0b756 100644
--- a/api_docs/kbn_core_ui_settings_browser_mocks.mdx
+++ b/api_docs/kbn_core_ui_settings_browser_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-ui-settings-browser-mocks
 title: "@kbn/core-ui-settings-browser-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-ui-settings-browser-mocks plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-ui-settings-browser-mocks']
 ---
 import kbnCoreUiSettingsBrowserMocksObj from './kbn_core_ui_settings_browser_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_ui_settings_common.mdx b/api_docs/kbn_core_ui_settings_common.mdx
index d038ab88a60af..f85eb8ecafeb3 100644
--- a/api_docs/kbn_core_ui_settings_common.mdx
+++ b/api_docs/kbn_core_ui_settings_common.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-ui-settings-common
 title: "@kbn/core-ui-settings-common"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-ui-settings-common plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-ui-settings-common']
 ---
 import kbnCoreUiSettingsCommonObj from './kbn_core_ui_settings_common.devdocs.json';
diff --git a/api_docs/kbn_core_ui_settings_server.mdx b/api_docs/kbn_core_ui_settings_server.mdx
index b3a3706f59145..8797a5c45ef26 100644
--- a/api_docs/kbn_core_ui_settings_server.mdx
+++ b/api_docs/kbn_core_ui_settings_server.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-ui-settings-server
 title: "@kbn/core-ui-settings-server"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-ui-settings-server plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-ui-settings-server']
 ---
 import kbnCoreUiSettingsServerObj from './kbn_core_ui_settings_server.devdocs.json';
diff --git a/api_docs/kbn_core_ui_settings_server_internal.mdx b/api_docs/kbn_core_ui_settings_server_internal.mdx
index a2556a776c144..129f4d179e27f 100644
--- a/api_docs/kbn_core_ui_settings_server_internal.mdx
+++ b/api_docs/kbn_core_ui_settings_server_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-ui-settings-server-internal
 title: "@kbn/core-ui-settings-server-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-ui-settings-server-internal plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-ui-settings-server-internal']
 ---
 import kbnCoreUiSettingsServerInternalObj from './kbn_core_ui_settings_server_internal.devdocs.json';
diff --git a/api_docs/kbn_core_ui_settings_server_mocks.mdx b/api_docs/kbn_core_ui_settings_server_mocks.mdx
index f5e222efbd2b2..18b4b001496cd 100644
--- a/api_docs/kbn_core_ui_settings_server_mocks.mdx
+++ b/api_docs/kbn_core_ui_settings_server_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-ui-settings-server-mocks
 title: "@kbn/core-ui-settings-server-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-ui-settings-server-mocks plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-ui-settings-server-mocks']
 ---
 import kbnCoreUiSettingsServerMocksObj from './kbn_core_ui_settings_server_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_usage_data_server.devdocs.json b/api_docs/kbn_core_usage_data_server.devdocs.json
index f9604e3bebfc9..4d27ab72c8e91 100644
--- a/api_docs/kbn_core_usage_data_server.devdocs.json
+++ b/api_docs/kbn_core_usage_data_server.devdocs.json
@@ -2332,6 +2332,34 @@
             "path": "packages/core/usage-data/core-usage-data-server/src/core_usage_stats.ts",
             "deprecated": false,
             "trackAdoption": false
+          },
+          {
+            "parentPluginId": "@kbn/core-usage-data-server",
+            "id": "def-server.CoreUsageStats.deprecated_api_calls_resolved.total",
+            "type": "number",
+            "tags": [],
+            "label": "'deprecated_api_calls_resolved.total'",
+            "description": [],
+            "signature": [
+              "number | undefined"
+            ],
+            "path": "packages/core/usage-data/core-usage-data-server/src/core_usage_stats.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "@kbn/core-usage-data-server",
+            "id": "def-server.CoreUsageStats.deprecated_api_calls.total",
+            "type": "number",
+            "tags": [],
+            "label": "'deprecated_api_calls.total'",
+            "description": [],
+            "signature": [
+              "number | undefined"
+            ],
+            "path": "packages/core/usage-data/core-usage-data-server/src/core_usage_stats.ts",
+            "deprecated": false,
+            "trackAdoption": false
           }
         ],
         "initialIsOpen": false
diff --git a/api_docs/kbn_core_usage_data_server.mdx b/api_docs/kbn_core_usage_data_server.mdx
index a4f5b11d8bdb1..490d89212c0f3 100644
--- a/api_docs/kbn_core_usage_data_server.mdx
+++ b/api_docs/kbn_core_usage_data_server.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-usage-data-server
 title: "@kbn/core-usage-data-server"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-usage-data-server plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-usage-data-server']
 ---
 import kbnCoreUsageDataServerObj from './kbn_core_usage_data_server.devdocs.json';
@@ -21,7 +21,7 @@ Contact [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core
 
 | Public API count  | Any count | Items lacking comments | Missing exports |
 |-------------------|-----------|------------------------|-----------------|
-| 165 | 0 | 154 | 0 |
+| 167 | 0 | 156 | 0 |
 
 ## Server
 
diff --git a/api_docs/kbn_core_usage_data_server_internal.mdx b/api_docs/kbn_core_usage_data_server_internal.mdx
index 54002865f12d3..2047a693c6561 100644
--- a/api_docs/kbn_core_usage_data_server_internal.mdx
+++ b/api_docs/kbn_core_usage_data_server_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-usage-data-server-internal
 title: "@kbn/core-usage-data-server-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-usage-data-server-internal plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-usage-data-server-internal']
 ---
 import kbnCoreUsageDataServerInternalObj from './kbn_core_usage_data_server_internal.devdocs.json';
diff --git a/api_docs/kbn_core_usage_data_server_mocks.mdx b/api_docs/kbn_core_usage_data_server_mocks.mdx
index 9e0390f9284c0..71e8b0316d9f6 100644
--- a/api_docs/kbn_core_usage_data_server_mocks.mdx
+++ b/api_docs/kbn_core_usage_data_server_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-usage-data-server-mocks
 title: "@kbn/core-usage-data-server-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-usage-data-server-mocks plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-usage-data-server-mocks']
 ---
 import kbnCoreUsageDataServerMocksObj from './kbn_core_usage_data_server_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_user_profile_browser.mdx b/api_docs/kbn_core_user_profile_browser.mdx
index c46f4f10e0e5e..c4104de431273 100644
--- a/api_docs/kbn_core_user_profile_browser.mdx
+++ b/api_docs/kbn_core_user_profile_browser.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-user-profile-browser
 title: "@kbn/core-user-profile-browser"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-user-profile-browser plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-user-profile-browser']
 ---
 import kbnCoreUserProfileBrowserObj from './kbn_core_user_profile_browser.devdocs.json';
diff --git a/api_docs/kbn_core_user_profile_browser_internal.mdx b/api_docs/kbn_core_user_profile_browser_internal.mdx
index f6e6a8b574207..8c046f1638a8a 100644
--- a/api_docs/kbn_core_user_profile_browser_internal.mdx
+++ b/api_docs/kbn_core_user_profile_browser_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-user-profile-browser-internal
 title: "@kbn/core-user-profile-browser-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-user-profile-browser-internal plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-user-profile-browser-internal']
 ---
 import kbnCoreUserProfileBrowserInternalObj from './kbn_core_user_profile_browser_internal.devdocs.json';
diff --git a/api_docs/kbn_core_user_profile_browser_mocks.mdx b/api_docs/kbn_core_user_profile_browser_mocks.mdx
index 9d342ea1d8698..c8c25927996b4 100644
--- a/api_docs/kbn_core_user_profile_browser_mocks.mdx
+++ b/api_docs/kbn_core_user_profile_browser_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-user-profile-browser-mocks
 title: "@kbn/core-user-profile-browser-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-user-profile-browser-mocks plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-user-profile-browser-mocks']
 ---
 import kbnCoreUserProfileBrowserMocksObj from './kbn_core_user_profile_browser_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_user_profile_common.mdx b/api_docs/kbn_core_user_profile_common.mdx
index c86d118151f0d..d97eeda3a2ea5 100644
--- a/api_docs/kbn_core_user_profile_common.mdx
+++ b/api_docs/kbn_core_user_profile_common.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-user-profile-common
 title: "@kbn/core-user-profile-common"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-user-profile-common plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-user-profile-common']
 ---
 import kbnCoreUserProfileCommonObj from './kbn_core_user_profile_common.devdocs.json';
diff --git a/api_docs/kbn_core_user_profile_server.mdx b/api_docs/kbn_core_user_profile_server.mdx
index 4e32a6961089c..8b7bd5cd3b662 100644
--- a/api_docs/kbn_core_user_profile_server.mdx
+++ b/api_docs/kbn_core_user_profile_server.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-user-profile-server
 title: "@kbn/core-user-profile-server"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-user-profile-server plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-user-profile-server']
 ---
 import kbnCoreUserProfileServerObj from './kbn_core_user_profile_server.devdocs.json';
diff --git a/api_docs/kbn_core_user_profile_server_internal.mdx b/api_docs/kbn_core_user_profile_server_internal.mdx
index b2e719a02d6b5..711d18b7678b0 100644
--- a/api_docs/kbn_core_user_profile_server_internal.mdx
+++ b/api_docs/kbn_core_user_profile_server_internal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-user-profile-server-internal
 title: "@kbn/core-user-profile-server-internal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-user-profile-server-internal plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-user-profile-server-internal']
 ---
 import kbnCoreUserProfileServerInternalObj from './kbn_core_user_profile_server_internal.devdocs.json';
diff --git a/api_docs/kbn_core_user_profile_server_mocks.mdx b/api_docs/kbn_core_user_profile_server_mocks.mdx
index 44c3d2ffb3452..0e2ab363dcfd7 100644
--- a/api_docs/kbn_core_user_profile_server_mocks.mdx
+++ b/api_docs/kbn_core_user_profile_server_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-user-profile-server-mocks
 title: "@kbn/core-user-profile-server-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-user-profile-server-mocks plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-user-profile-server-mocks']
 ---
 import kbnCoreUserProfileServerMocksObj from './kbn_core_user_profile_server_mocks.devdocs.json';
diff --git a/api_docs/kbn_core_user_settings_server.mdx b/api_docs/kbn_core_user_settings_server.mdx
index 88c82c120c85a..d52ef409d05f0 100644
--- a/api_docs/kbn_core_user_settings_server.mdx
+++ b/api_docs/kbn_core_user_settings_server.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-user-settings-server
 title: "@kbn/core-user-settings-server"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-user-settings-server plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-user-settings-server']
 ---
 import kbnCoreUserSettingsServerObj from './kbn_core_user_settings_server.devdocs.json';
diff --git a/api_docs/kbn_core_user_settings_server_mocks.mdx b/api_docs/kbn_core_user_settings_server_mocks.mdx
index 85949052d0c4a..77ef5735223ce 100644
--- a/api_docs/kbn_core_user_settings_server_mocks.mdx
+++ b/api_docs/kbn_core_user_settings_server_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-user-settings-server-mocks
 title: "@kbn/core-user-settings-server-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/core-user-settings-server-mocks plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-user-settings-server-mocks']
 ---
 import kbnCoreUserSettingsServerMocksObj from './kbn_core_user_settings_server_mocks.devdocs.json';
diff --git a/api_docs/kbn_crypto.mdx b/api_docs/kbn_crypto.mdx
index 46e178ce0b711..17572d702c326 100644
--- a/api_docs/kbn_crypto.mdx
+++ b/api_docs/kbn_crypto.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-crypto
 title: "@kbn/crypto"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/crypto plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/crypto']
 ---
 import kbnCryptoObj from './kbn_crypto.devdocs.json';
diff --git a/api_docs/kbn_crypto_browser.mdx b/api_docs/kbn_crypto_browser.mdx
index f118affa95cd0..b8302e2f3e858 100644
--- a/api_docs/kbn_crypto_browser.mdx
+++ b/api_docs/kbn_crypto_browser.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-crypto-browser
 title: "@kbn/crypto-browser"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/crypto-browser plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/crypto-browser']
 ---
 import kbnCryptoBrowserObj from './kbn_crypto_browser.devdocs.json';
diff --git a/api_docs/kbn_custom_icons.mdx b/api_docs/kbn_custom_icons.mdx
index e663abed4b7eb..37ebd6ce7dbe1 100644
--- a/api_docs/kbn_custom_icons.mdx
+++ b/api_docs/kbn_custom_icons.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-custom-icons
 title: "@kbn/custom-icons"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/custom-icons plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/custom-icons']
 ---
 import kbnCustomIconsObj from './kbn_custom_icons.devdocs.json';
diff --git a/api_docs/kbn_custom_integrations.mdx b/api_docs/kbn_custom_integrations.mdx
index c5bcf7da108b8..52db77b50e389 100644
--- a/api_docs/kbn_custom_integrations.mdx
+++ b/api_docs/kbn_custom_integrations.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-custom-integrations
 title: "@kbn/custom-integrations"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/custom-integrations plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/custom-integrations']
 ---
 import kbnCustomIntegrationsObj from './kbn_custom_integrations.devdocs.json';
diff --git a/api_docs/kbn_cypress_config.mdx b/api_docs/kbn_cypress_config.mdx
index 05a5dbabe2df5..1286fd1c1b98f 100644
--- a/api_docs/kbn_cypress_config.mdx
+++ b/api_docs/kbn_cypress_config.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-cypress-config
 title: "@kbn/cypress-config"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/cypress-config plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/cypress-config']
 ---
 import kbnCypressConfigObj from './kbn_cypress_config.devdocs.json';
diff --git a/api_docs/kbn_data_forge.mdx b/api_docs/kbn_data_forge.mdx
index a8388fdda54c1..0e15625c3470b 100644
--- a/api_docs/kbn_data_forge.mdx
+++ b/api_docs/kbn_data_forge.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-data-forge
 title: "@kbn/data-forge"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/data-forge plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/data-forge']
 ---
 import kbnDataForgeObj from './kbn_data_forge.devdocs.json';
diff --git a/api_docs/kbn_data_service.mdx b/api_docs/kbn_data_service.mdx
index ab42e4e762238..aa1ef983fd3c1 100644
--- a/api_docs/kbn_data_service.mdx
+++ b/api_docs/kbn_data_service.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-data-service
 title: "@kbn/data-service"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/data-service plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/data-service']
 ---
 import kbnDataServiceObj from './kbn_data_service.devdocs.json';
diff --git a/api_docs/kbn_data_stream_adapter.devdocs.json b/api_docs/kbn_data_stream_adapter.devdocs.json
index 1893c1919bcbd..cf11335f3beeb 100644
--- a/api_docs/kbn_data_stream_adapter.devdocs.json
+++ b/api_docs/kbn_data_stream_adapter.devdocs.json
@@ -9,191 +9,38 @@
     "objects": []
   },
   "server": {
-    "classes": [],
-    "functions": [],
-    "interfaces": [],
-    "enums": [],
-    "misc": [],
-    "objects": []
-  },
-  "common": {
     "classes": [
       {
         "parentPluginId": "@kbn/data-stream-adapter",
-        "id": "def-common.DataStreamAdapter",
+        "id": "def-server.DataStreamAdapter",
         "type": "Class",
         "tags": [],
         "label": "DataStreamAdapter",
         "description": [],
+        "signature": [
+          {
+            "pluginId": "@kbn/data-stream-adapter",
+            "scope": "server",
+            "docId": "kibKbnDataStreamAdapterPluginApi",
+            "section": "def-server.DataStreamAdapter",
+            "text": "DataStreamAdapter"
+          },
+          " extends ",
+          {
+            "pluginId": "@kbn/index-adapter",
+            "scope": "server",
+            "docId": "kibKbnIndexAdapterPluginApi",
+            "section": "def-server.IndexAdapter",
+            "text": "IndexAdapter"
+          }
+        ],
         "path": "packages/kbn-data-stream-adapter/src/data_stream_adapter.ts",
         "deprecated": false,
         "trackAdoption": false,
         "children": [
           {
             "parentPluginId": "@kbn/data-stream-adapter",
-            "id": "def-common.DataStreamAdapter.kibanaVersion",
-            "type": "string",
-            "tags": [],
-            "label": "kibanaVersion",
-            "description": [],
-            "path": "packages/kbn-data-stream-adapter/src/data_stream_adapter.ts",
-            "deprecated": false,
-            "trackAdoption": false
-          },
-          {
-            "parentPluginId": "@kbn/data-stream-adapter",
-            "id": "def-common.DataStreamAdapter.totalFieldsLimit",
-            "type": "number",
-            "tags": [],
-            "label": "totalFieldsLimit",
-            "description": [],
-            "path": "packages/kbn-data-stream-adapter/src/data_stream_adapter.ts",
-            "deprecated": false,
-            "trackAdoption": false
-          },
-          {
-            "parentPluginId": "@kbn/data-stream-adapter",
-            "id": "def-common.DataStreamAdapter.componentTemplates",
-            "type": "Array",
-            "tags": [],
-            "label": "componentTemplates",
-            "description": [],
-            "signature": [
-              "ClusterPutComponentTemplateRequest",
-              "[]"
-            ],
-            "path": "packages/kbn-data-stream-adapter/src/data_stream_adapter.ts",
-            "deprecated": false,
-            "trackAdoption": false
-          },
-          {
-            "parentPluginId": "@kbn/data-stream-adapter",
-            "id": "def-common.DataStreamAdapter.indexTemplates",
-            "type": "Array",
-            "tags": [],
-            "label": "indexTemplates",
-            "description": [],
-            "signature": [
-              "IndicesPutIndexTemplateRequest",
-              "[]"
-            ],
-            "path": "packages/kbn-data-stream-adapter/src/data_stream_adapter.ts",
-            "deprecated": false,
-            "trackAdoption": false
-          },
-          {
-            "parentPluginId": "@kbn/data-stream-adapter",
-            "id": "def-common.DataStreamAdapter.installed",
-            "type": "boolean",
-            "tags": [],
-            "label": "installed",
-            "description": [],
-            "path": "packages/kbn-data-stream-adapter/src/data_stream_adapter.ts",
-            "deprecated": false,
-            "trackAdoption": false
-          },
-          {
-            "parentPluginId": "@kbn/data-stream-adapter",
-            "id": "def-common.DataStreamAdapter.Unnamed",
-            "type": "Function",
-            "tags": [],
-            "label": "Constructor",
-            "description": [],
-            "signature": [
-              "any"
-            ],
-            "path": "packages/kbn-data-stream-adapter/src/data_stream_adapter.ts",
-            "deprecated": false,
-            "trackAdoption": false,
-            "children": [
-              {
-                "parentPluginId": "@kbn/data-stream-adapter",
-                "id": "def-common.DataStreamAdapter.Unnamed.$1",
-                "type": "string",
-                "tags": [],
-                "label": "name",
-                "description": [],
-                "signature": [
-                  "string"
-                ],
-                "path": "packages/kbn-data-stream-adapter/src/data_stream_adapter.ts",
-                "deprecated": false,
-                "trackAdoption": false,
-                "isRequired": true
-              },
-              {
-                "parentPluginId": "@kbn/data-stream-adapter",
-                "id": "def-common.DataStreamAdapter.Unnamed.$2",
-                "type": "Object",
-                "tags": [],
-                "label": "options",
-                "description": [],
-                "signature": [
-                  {
-                    "pluginId": "@kbn/data-stream-adapter",
-                    "scope": "common",
-                    "docId": "kibKbnDataStreamAdapterPluginApi",
-                    "section": "def-common.DataStreamAdapterParams",
-                    "text": "DataStreamAdapterParams"
-                  }
-                ],
-                "path": "packages/kbn-data-stream-adapter/src/data_stream_adapter.ts",
-                "deprecated": false,
-                "trackAdoption": false,
-                "isRequired": true
-              }
-            ],
-            "returnComment": []
-          },
-          {
-            "parentPluginId": "@kbn/data-stream-adapter",
-            "id": "def-common.DataStreamAdapter.setComponentTemplate",
-            "type": "Function",
-            "tags": [],
-            "label": "setComponentTemplate",
-            "description": [],
-            "signature": [
-              "(params: ",
-              {
-                "pluginId": "@kbn/data-stream-adapter",
-                "scope": "common",
-                "docId": "kibKbnDataStreamAdapterPluginApi",
-                "section": "def-common.SetComponentTemplateParams",
-                "text": "SetComponentTemplateParams"
-              },
-              ") => void"
-            ],
-            "path": "packages/kbn-data-stream-adapter/src/data_stream_adapter.ts",
-            "deprecated": false,
-            "trackAdoption": false,
-            "children": [
-              {
-                "parentPluginId": "@kbn/data-stream-adapter",
-                "id": "def-common.DataStreamAdapter.setComponentTemplate.$1",
-                "type": "Object",
-                "tags": [],
-                "label": "params",
-                "description": [],
-                "signature": [
-                  {
-                    "pluginId": "@kbn/data-stream-adapter",
-                    "scope": "common",
-                    "docId": "kibKbnDataStreamAdapterPluginApi",
-                    "section": "def-common.SetComponentTemplateParams",
-                    "text": "SetComponentTemplateParams"
-                  }
-                ],
-                "path": "packages/kbn-data-stream-adapter/src/data_stream_adapter.ts",
-                "deprecated": false,
-                "trackAdoption": false,
-                "isRequired": true
-              }
-            ],
-            "returnComment": []
-          },
-          {
-            "parentPluginId": "@kbn/data-stream-adapter",
-            "id": "def-common.DataStreamAdapter.setIndexTemplate",
+            "id": "def-server.DataStreamAdapter.setIndexTemplate",
             "type": "Function",
             "tags": [],
             "label": "setIndexTemplate",
@@ -201,10 +48,10 @@
             "signature": [
               "(params: ",
               {
-                "pluginId": "@kbn/data-stream-adapter",
-                "scope": "common",
-                "docId": "kibKbnDataStreamAdapterPluginApi",
-                "section": "def-common.SetIndexTemplateParams",
+                "pluginId": "@kbn/index-adapter",
+                "scope": "server",
+                "docId": "kibKbnIndexAdapterPluginApi",
+                "section": "def-server.SetIndexTemplateParams",
                 "text": "SetIndexTemplateParams"
               },
               ") => void"
@@ -215,17 +62,17 @@
             "children": [
               {
                 "parentPluginId": "@kbn/data-stream-adapter",
-                "id": "def-common.DataStreamAdapter.setIndexTemplate.$1",
+                "id": "def-server.DataStreamAdapter.setIndexTemplate.$1",
                 "type": "Object",
                 "tags": [],
                 "label": "params",
                 "description": [],
                 "signature": [
                   {
-                    "pluginId": "@kbn/data-stream-adapter",
-                    "scope": "common",
-                    "docId": "kibKbnDataStreamAdapterPluginApi",
-                    "section": "def-common.SetIndexTemplateParams",
+                    "pluginId": "@kbn/index-adapter",
+                    "scope": "server",
+                    "docId": "kibKbnIndexAdapterPluginApi",
+                    "section": "def-server.SetIndexTemplateParams",
                     "text": "SetIndexTemplateParams"
                   }
                 ],
@@ -239,52 +86,18 @@
           },
           {
             "parentPluginId": "@kbn/data-stream-adapter",
-            "id": "def-common.DataStreamAdapter.getInstallFn",
-            "type": "Function",
-            "tags": [],
-            "label": "getInstallFn",
-            "description": [],
-            "signature": [
-              "({ logger, pluginStop$, tasksTimeoutMs }: ",
-              "GetInstallFnParams",
-              ") => (promise: Promise<void>, description?: string | undefined) => Promise<void>"
-            ],
-            "path": "packages/kbn-data-stream-adapter/src/data_stream_adapter.ts",
-            "deprecated": false,
-            "trackAdoption": false,
-            "children": [
-              {
-                "parentPluginId": "@kbn/data-stream-adapter",
-                "id": "def-common.DataStreamAdapter.getInstallFn.$1",
-                "type": "Object",
-                "tags": [],
-                "label": "{ logger, pluginStop$, tasksTimeoutMs }",
-                "description": [],
-                "signature": [
-                  "GetInstallFnParams"
-                ],
-                "path": "packages/kbn-data-stream-adapter/src/data_stream_adapter.ts",
-                "deprecated": false,
-                "trackAdoption": false,
-                "isRequired": true
-              }
-            ],
-            "returnComment": []
-          },
-          {
-            "parentPluginId": "@kbn/data-stream-adapter",
-            "id": "def-common.DataStreamAdapter.install",
+            "id": "def-server.DataStreamAdapter.install",
             "type": "Function",
             "tags": [],
             "label": "install",
             "description": [],
             "signature": [
-              "({ logger, esClient: esClientToResolve, pluginStop$, tasksTimeoutMs, }: ",
+              "(params: ",
               {
-                "pluginId": "@kbn/data-stream-adapter",
-                "scope": "common",
-                "docId": "kibKbnDataStreamAdapterPluginApi",
-                "section": "def-common.InstallParams",
+                "pluginId": "@kbn/index-adapter",
+                "scope": "server",
+                "docId": "kibKbnIndexAdapterPluginApi",
+                "section": "def-server.InstallParams",
                 "text": "InstallParams"
               },
               ") => Promise<void>"
@@ -295,17 +108,17 @@
             "children": [
               {
                 "parentPluginId": "@kbn/data-stream-adapter",
-                "id": "def-common.DataStreamAdapter.install.$1",
+                "id": "def-server.DataStreamAdapter.install.$1",
                 "type": "Object",
                 "tags": [],
-                "label": "{\n    logger,\n    esClient: esClientToResolve,\n    pluginStop$,\n    tasksTimeoutMs,\n  }",
+                "label": "params",
                 "description": [],
                 "signature": [
                   {
-                    "pluginId": "@kbn/data-stream-adapter",
-                    "scope": "common",
-                    "docId": "kibKbnDataStreamAdapterPluginApi",
-                    "section": "def-common.InstallParams",
+                    "pluginId": "@kbn/index-adapter",
+                    "scope": "server",
+                    "docId": "kibKbnIndexAdapterPluginApi",
+                    "section": "def-server.InstallParams",
                     "text": "InstallParams"
                   }
                 ],
@@ -322,7 +135,7 @@
       },
       {
         "parentPluginId": "@kbn/data-stream-adapter",
-        "id": "def-common.DataStreamSpacesAdapter",
+        "id": "def-server.DataStreamSpacesAdapter",
         "type": "Class",
         "tags": [],
         "label": "DataStreamSpacesAdapter",
@@ -330,18 +143,18 @@
         "signature": [
           {
             "pluginId": "@kbn/data-stream-adapter",
-            "scope": "common",
+            "scope": "server",
             "docId": "kibKbnDataStreamAdapterPluginApi",
-            "section": "def-common.DataStreamSpacesAdapter",
+            "section": "def-server.DataStreamSpacesAdapter",
             "text": "DataStreamSpacesAdapter"
           },
           " extends ",
           {
-            "pluginId": "@kbn/data-stream-adapter",
-            "scope": "common",
-            "docId": "kibKbnDataStreamAdapterPluginApi",
-            "section": "def-common.DataStreamAdapter",
-            "text": "DataStreamAdapter"
+            "pluginId": "@kbn/index-adapter",
+            "scope": "server",
+            "docId": "kibKbnIndexAdapterPluginApi",
+            "section": "def-server.IndexPatternAdapter",
+            "text": "IndexPatternAdapter"
           }
         ],
         "path": "packages/kbn-data-stream-adapter/src/data_stream_spaces_adapter.ts",
@@ -350,13 +163,21 @@
         "children": [
           {
             "parentPluginId": "@kbn/data-stream-adapter",
-            "id": "def-common.DataStreamSpacesAdapter.Unnamed",
+            "id": "def-server.DataStreamSpacesAdapter.setIndexTemplate",
             "type": "Function",
             "tags": [],
-            "label": "Constructor",
+            "label": "setIndexTemplate",
             "description": [],
             "signature": [
-              "any"
+              "(params: ",
+              {
+                "pluginId": "@kbn/index-adapter",
+                "scope": "server",
+                "docId": "kibKbnIndexAdapterPluginApi",
+                "section": "def-server.SetIndexTemplateParams",
+                "text": "SetIndexTemplateParams"
+              },
+              ") => void"
             ],
             "path": "packages/kbn-data-stream-adapter/src/data_stream_spaces_adapter.ts",
             "deprecated": false,
@@ -364,33 +185,18 @@
             "children": [
               {
                 "parentPluginId": "@kbn/data-stream-adapter",
-                "id": "def-common.DataStreamSpacesAdapter.Unnamed.$1",
-                "type": "string",
-                "tags": [],
-                "label": "prefix",
-                "description": [],
-                "signature": [
-                  "string"
-                ],
-                "path": "packages/kbn-data-stream-adapter/src/data_stream_spaces_adapter.ts",
-                "deprecated": false,
-                "trackAdoption": false,
-                "isRequired": true
-              },
-              {
-                "parentPluginId": "@kbn/data-stream-adapter",
-                "id": "def-common.DataStreamSpacesAdapter.Unnamed.$2",
+                "id": "def-server.DataStreamSpacesAdapter.setIndexTemplate.$1",
                 "type": "Object",
                 "tags": [],
-                "label": "options",
+                "label": "params",
                 "description": [],
                 "signature": [
                   {
-                    "pluginId": "@kbn/data-stream-adapter",
-                    "scope": "common",
-                    "docId": "kibKbnDataStreamAdapterPluginApi",
-                    "section": "def-common.DataStreamAdapterParams",
-                    "text": "DataStreamAdapterParams"
+                    "pluginId": "@kbn/index-adapter",
+                    "scope": "server",
+                    "docId": "kibKbnIndexAdapterPluginApi",
+                    "section": "def-server.SetIndexTemplateParams",
+                    "text": "SetIndexTemplateParams"
                   }
                 ],
                 "path": "packages/kbn-data-stream-adapter/src/data_stream_spaces_adapter.ts",
@@ -403,21 +209,29 @@
           },
           {
             "parentPluginId": "@kbn/data-stream-adapter",
-            "id": "def-common.DataStreamSpacesAdapter.install",
+            "id": "def-server.DataStreamSpacesAdapter._install",
             "type": "Function",
             "tags": [],
-            "label": "install",
+            "label": "_install",
             "description": [],
             "signature": [
-              "({ logger, esClient: esClientToResolve, pluginStop$, tasksTimeoutMs, }: ",
+              "(params: ",
               {
-                "pluginId": "@kbn/data-stream-adapter",
-                "scope": "common",
-                "docId": "kibKbnDataStreamAdapterPluginApi",
-                "section": "def-common.InstallParams",
+                "pluginId": "@kbn/index-adapter",
+                "scope": "server",
+                "docId": "kibKbnIndexAdapterPluginApi",
+                "section": "def-server.InstallParams",
                 "text": "InstallParams"
               },
-              ") => Promise<void>"
+              ") => Promise<",
+              {
+                "pluginId": "@kbn/index-adapter",
+                "scope": "server",
+                "docId": "kibKbnIndexAdapterPluginApi",
+                "section": "def-server.InstallIndex",
+                "text": "InstallIndex"
+              },
+              ">"
             ],
             "path": "packages/kbn-data-stream-adapter/src/data_stream_spaces_adapter.ts",
             "deprecated": false,
@@ -425,17 +239,17 @@
             "children": [
               {
                 "parentPluginId": "@kbn/data-stream-adapter",
-                "id": "def-common.DataStreamSpacesAdapter.install.$1",
+                "id": "def-server.DataStreamSpacesAdapter._install.$1",
                 "type": "Object",
                 "tags": [],
-                "label": "{\n    logger,\n    esClient: esClientToResolve,\n    pluginStop$,\n    tasksTimeoutMs,\n  }",
+                "label": "params",
                 "description": [],
                 "signature": [
                   {
-                    "pluginId": "@kbn/data-stream-adapter",
-                    "scope": "common",
-                    "docId": "kibKbnDataStreamAdapterPluginApi",
-                    "section": "def-common.InstallParams",
+                    "pluginId": "@kbn/index-adapter",
+                    "scope": "server",
+                    "docId": "kibKbnIndexAdapterPluginApi",
+                    "section": "def-server.InstallParams",
                     "text": "InstallParams"
                   }
                 ],
@@ -449,11 +263,13 @@
           },
           {
             "parentPluginId": "@kbn/data-stream-adapter",
-            "id": "def-common.DataStreamSpacesAdapter.installSpace",
+            "id": "def-server.DataStreamSpacesAdapter.installSpace",
             "type": "Function",
             "tags": [],
             "label": "installSpace",
-            "description": [],
+            "description": [
+              "\nMethod to create the data stream for a given space ID.\nIt resolves with the full data stream name."
+            ],
             "signature": [
               "(spaceId: string) => Promise<string>"
             ],
@@ -463,7 +279,7 @@
             "children": [
               {
                 "parentPluginId": "@kbn/data-stream-adapter",
-                "id": "def-common.DataStreamSpacesAdapter.installSpace.$1",
+                "id": "def-server.DataStreamSpacesAdapter.installSpace.$1",
                 "type": "string",
                 "tags": [],
                 "label": "spaceId",
@@ -481,7 +297,7 @@
           },
           {
             "parentPluginId": "@kbn/data-stream-adapter",
-            "id": "def-common.DataStreamSpacesAdapter.getInstalledSpaceName",
+            "id": "def-server.DataStreamSpacesAdapter.getInstalledSpaceName",
             "type": "Function",
             "tags": [],
             "label": "getInstalledSpaceName",
@@ -495,7 +311,7 @@
             "children": [
               {
                 "parentPluginId": "@kbn/data-stream-adapter",
-                "id": "def-common.DataStreamSpacesAdapter.getInstalledSpaceName.$1",
+                "id": "def-server.DataStreamSpacesAdapter.getInstalledSpaceName.$1",
                 "type": "string",
                 "tags": [],
                 "label": "spaceId",
@@ -518,7 +334,7 @@
     "functions": [
       {
         "parentPluginId": "@kbn/data-stream-adapter",
-        "id": "def-common.retryTransientEsErrors",
+        "id": "def-server.retryTransientEsErrors",
         "type": "Function",
         "tags": [],
         "label": "retryTransientEsErrors",
@@ -534,13 +350,13 @@
           },
           "; attempt?: number | undefined; }) => Promise<T>"
         ],
-        "path": "packages/kbn-data-stream-adapter/src/retry_transient_es_errors.ts",
+        "path": "packages/kbn-index-adapter/src/retry_transient_es_errors.ts",
         "deprecated": false,
         "trackAdoption": false,
         "children": [
           {
             "parentPluginId": "@kbn/data-stream-adapter",
-            "id": "def-common.retryTransientEsErrors.$1",
+            "id": "def-server.retryTransientEsErrors.$1",
             "type": "Function",
             "tags": [],
             "label": "esCall",
@@ -548,25 +364,25 @@
             "signature": [
               "() => Promise<T>"
             ],
-            "path": "packages/kbn-data-stream-adapter/src/retry_transient_es_errors.ts",
+            "path": "packages/kbn-index-adapter/src/retry_transient_es_errors.ts",
             "deprecated": false,
             "trackAdoption": false,
             "isRequired": true
           },
           {
             "parentPluginId": "@kbn/data-stream-adapter",
-            "id": "def-common.retryTransientEsErrors.$2",
+            "id": "def-server.retryTransientEsErrors.$2",
             "type": "Object",
             "tags": [],
             "label": "{ logger, attempt = 0 }",
             "description": [],
-            "path": "packages/kbn-data-stream-adapter/src/retry_transient_es_errors.ts",
+            "path": "packages/kbn-index-adapter/src/retry_transient_es_errors.ts",
             "deprecated": false,
             "trackAdoption": false,
             "children": [
               {
                 "parentPluginId": "@kbn/data-stream-adapter",
-                "id": "def-common.retryTransientEsErrors.$2.logger",
+                "id": "def-server.retryTransientEsErrors.$2.logger",
                 "type": "Object",
                 "tags": [],
                 "label": "logger",
@@ -580,13 +396,13 @@
                     "text": "Logger"
                   }
                 ],
-                "path": "packages/kbn-data-stream-adapter/src/retry_transient_es_errors.ts",
+                "path": "packages/kbn-index-adapter/src/retry_transient_es_errors.ts",
                 "deprecated": false,
                 "trackAdoption": false
               },
               {
                 "parentPluginId": "@kbn/data-stream-adapter",
-                "id": "def-common.retryTransientEsErrors.$2.attempt",
+                "id": "def-server.retryTransientEsErrors.$2.attempt",
                 "type": "number",
                 "tags": [],
                 "label": "attempt",
@@ -594,7 +410,7 @@
                 "signature": [
                   "number | undefined"
                 ],
-                "path": "packages/kbn-data-stream-adapter/src/retry_transient_es_errors.ts",
+                "path": "packages/kbn-index-adapter/src/retry_transient_es_errors.ts",
                 "deprecated": false,
                 "trackAdoption": false
               }
@@ -608,18 +424,18 @@
     "interfaces": [
       {
         "parentPluginId": "@kbn/data-stream-adapter",
-        "id": "def-common.AllowedValue",
+        "id": "def-server.AllowedValue",
         "type": "Interface",
         "tags": [],
         "label": "AllowedValue",
         "description": [],
-        "path": "packages/kbn-data-stream-adapter/src/field_maps/types.ts",
+        "path": "packages/kbn-index-adapter/src/field_maps/types.ts",
         "deprecated": false,
         "trackAdoption": false,
         "children": [
           {
             "parentPluginId": "@kbn/data-stream-adapter",
-            "id": "def-common.AllowedValue.description",
+            "id": "def-server.AllowedValue.description",
             "type": "string",
             "tags": [],
             "label": "description",
@@ -627,13 +443,13 @@
             "signature": [
               "string | undefined"
             ],
-            "path": "packages/kbn-data-stream-adapter/src/field_maps/types.ts",
+            "path": "packages/kbn-index-adapter/src/field_maps/types.ts",
             "deprecated": false,
             "trackAdoption": false
           },
           {
             "parentPluginId": "@kbn/data-stream-adapter",
-            "id": "def-common.AllowedValue.name",
+            "id": "def-server.AllowedValue.name",
             "type": "string",
             "tags": [],
             "label": "name",
@@ -641,46 +457,7 @@
             "signature": [
               "string | undefined"
             ],
-            "path": "packages/kbn-data-stream-adapter/src/field_maps/types.ts",
-            "deprecated": false,
-            "trackAdoption": false
-          }
-        ],
-        "initialIsOpen": false
-      },
-      {
-        "parentPluginId": "@kbn/data-stream-adapter",
-        "id": "def-common.DataStreamAdapterParams",
-        "type": "Interface",
-        "tags": [],
-        "label": "DataStreamAdapterParams",
-        "description": [],
-        "path": "packages/kbn-data-stream-adapter/src/data_stream_adapter.ts",
-        "deprecated": false,
-        "trackAdoption": false,
-        "children": [
-          {
-            "parentPluginId": "@kbn/data-stream-adapter",
-            "id": "def-common.DataStreamAdapterParams.kibanaVersion",
-            "type": "string",
-            "tags": [],
-            "label": "kibanaVersion",
-            "description": [],
-            "path": "packages/kbn-data-stream-adapter/src/data_stream_adapter.ts",
-            "deprecated": false,
-            "trackAdoption": false
-          },
-          {
-            "parentPluginId": "@kbn/data-stream-adapter",
-            "id": "def-common.DataStreamAdapterParams.totalFieldsLimit",
-            "type": "number",
-            "tags": [],
-            "label": "totalFieldsLimit",
-            "description": [],
-            "signature": [
-              "number | undefined"
-            ],
-            "path": "packages/kbn-data-stream-adapter/src/data_stream_adapter.ts",
+            "path": "packages/kbn-index-adapter/src/field_maps/types.ts",
             "deprecated": false,
             "trackAdoption": false
           }
@@ -689,61 +466,61 @@
       },
       {
         "parentPluginId": "@kbn/data-stream-adapter",
-        "id": "def-common.EcsMetadata",
+        "id": "def-server.EcsMetadata",
         "type": "Interface",
         "tags": [],
         "label": "EcsMetadata",
         "description": [],
-        "path": "packages/kbn-data-stream-adapter/src/field_maps/types.ts",
+        "path": "packages/kbn-index-adapter/src/field_maps/types.ts",
         "deprecated": false,
         "trackAdoption": false,
         "children": [
           {
             "parentPluginId": "@kbn/data-stream-adapter",
-            "id": "def-common.EcsMetadata.allowed_values",
+            "id": "def-server.EcsMetadata.allowed_values",
             "type": "Array",
             "tags": [],
             "label": "allowed_values",
             "description": [],
             "signature": [
               {
-                "pluginId": "@kbn/data-stream-adapter",
-                "scope": "common",
-                "docId": "kibKbnDataStreamAdapterPluginApi",
-                "section": "def-common.AllowedValue",
+                "pluginId": "@kbn/index-adapter",
+                "scope": "server",
+                "docId": "kibKbnIndexAdapterPluginApi",
+                "section": "def-server.AllowedValue",
                 "text": "AllowedValue"
               },
               "[] | undefined"
             ],
-            "path": "packages/kbn-data-stream-adapter/src/field_maps/types.ts",
+            "path": "packages/kbn-index-adapter/src/field_maps/types.ts",
             "deprecated": false,
             "trackAdoption": false
           },
           {
             "parentPluginId": "@kbn/data-stream-adapter",
-            "id": "def-common.EcsMetadata.dashed_name",
+            "id": "def-server.EcsMetadata.dashed_name",
             "type": "string",
             "tags": [],
             "label": "dashed_name",
             "description": [],
-            "path": "packages/kbn-data-stream-adapter/src/field_maps/types.ts",
+            "path": "packages/kbn-index-adapter/src/field_maps/types.ts",
             "deprecated": false,
             "trackAdoption": false
           },
           {
             "parentPluginId": "@kbn/data-stream-adapter",
-            "id": "def-common.EcsMetadata.description",
+            "id": "def-server.EcsMetadata.description",
             "type": "string",
             "tags": [],
             "label": "description",
             "description": [],
-            "path": "packages/kbn-data-stream-adapter/src/field_maps/types.ts",
+            "path": "packages/kbn-index-adapter/src/field_maps/types.ts",
             "deprecated": false,
             "trackAdoption": false
           },
           {
             "parentPluginId": "@kbn/data-stream-adapter",
-            "id": "def-common.EcsMetadata.doc_values",
+            "id": "def-server.EcsMetadata.doc_values",
             "type": "CompoundType",
             "tags": [],
             "label": "doc_values",
@@ -751,13 +528,13 @@
             "signature": [
               "boolean | undefined"
             ],
-            "path": "packages/kbn-data-stream-adapter/src/field_maps/types.ts",
+            "path": "packages/kbn-index-adapter/src/field_maps/types.ts",
             "deprecated": false,
             "trackAdoption": false
           },
           {
             "parentPluginId": "@kbn/data-stream-adapter",
-            "id": "def-common.EcsMetadata.example",
+            "id": "def-server.EcsMetadata.example",
             "type": "CompoundType",
             "tags": [],
             "label": "example",
@@ -765,24 +542,24 @@
             "signature": [
               "string | number | boolean | undefined"
             ],
-            "path": "packages/kbn-data-stream-adapter/src/field_maps/types.ts",
+            "path": "packages/kbn-index-adapter/src/field_maps/types.ts",
             "deprecated": false,
             "trackAdoption": false
           },
           {
             "parentPluginId": "@kbn/data-stream-adapter",
-            "id": "def-common.EcsMetadata.flat_name",
+            "id": "def-server.EcsMetadata.flat_name",
             "type": "string",
             "tags": [],
             "label": "flat_name",
             "description": [],
-            "path": "packages/kbn-data-stream-adapter/src/field_maps/types.ts",
+            "path": "packages/kbn-index-adapter/src/field_maps/types.ts",
             "deprecated": false,
             "trackAdoption": false
           },
           {
             "parentPluginId": "@kbn/data-stream-adapter",
-            "id": "def-common.EcsMetadata.ignore_above",
+            "id": "def-server.EcsMetadata.ignore_above",
             "type": "number",
             "tags": [],
             "label": "ignore_above",
@@ -790,13 +567,13 @@
             "signature": [
               "number | undefined"
             ],
-            "path": "packages/kbn-data-stream-adapter/src/field_maps/types.ts",
+            "path": "packages/kbn-index-adapter/src/field_maps/types.ts",
             "deprecated": false,
             "trackAdoption": false
           },
           {
             "parentPluginId": "@kbn/data-stream-adapter",
-            "id": "def-common.EcsMetadata.index",
+            "id": "def-server.EcsMetadata.index",
             "type": "CompoundType",
             "tags": [],
             "label": "index",
@@ -804,56 +581,56 @@
             "signature": [
               "boolean | undefined"
             ],
-            "path": "packages/kbn-data-stream-adapter/src/field_maps/types.ts",
+            "path": "packages/kbn-index-adapter/src/field_maps/types.ts",
             "deprecated": false,
             "trackAdoption": false
           },
           {
             "parentPluginId": "@kbn/data-stream-adapter",
-            "id": "def-common.EcsMetadata.level",
+            "id": "def-server.EcsMetadata.level",
             "type": "string",
             "tags": [],
             "label": "level",
             "description": [],
-            "path": "packages/kbn-data-stream-adapter/src/field_maps/types.ts",
+            "path": "packages/kbn-index-adapter/src/field_maps/types.ts",
             "deprecated": false,
             "trackAdoption": false
           },
           {
             "parentPluginId": "@kbn/data-stream-adapter",
-            "id": "def-common.EcsMetadata.multi_fields",
+            "id": "def-server.EcsMetadata.multi_fields",
             "type": "Array",
             "tags": [],
             "label": "multi_fields",
             "description": [],
             "signature": [
               {
-                "pluginId": "@kbn/data-stream-adapter",
-                "scope": "common",
-                "docId": "kibKbnDataStreamAdapterPluginApi",
-                "section": "def-common.MultiField",
+                "pluginId": "@kbn/index-adapter",
+                "scope": "server",
+                "docId": "kibKbnIndexAdapterPluginApi",
+                "section": "def-server.MultiField",
                 "text": "MultiField"
               },
               "[] | undefined"
             ],
-            "path": "packages/kbn-data-stream-adapter/src/field_maps/types.ts",
+            "path": "packages/kbn-index-adapter/src/field_maps/types.ts",
             "deprecated": false,
             "trackAdoption": false
           },
           {
             "parentPluginId": "@kbn/data-stream-adapter",
-            "id": "def-common.EcsMetadata.name",
+            "id": "def-server.EcsMetadata.name",
             "type": "string",
             "tags": [],
             "label": "name",
             "description": [],
-            "path": "packages/kbn-data-stream-adapter/src/field_maps/types.ts",
+            "path": "packages/kbn-index-adapter/src/field_maps/types.ts",
             "deprecated": false,
             "trackAdoption": false
           },
           {
             "parentPluginId": "@kbn/data-stream-adapter",
-            "id": "def-common.EcsMetadata.normalize",
+            "id": "def-server.EcsMetadata.normalize",
             "type": "Array",
             "tags": [],
             "label": "normalize",
@@ -861,13 +638,13 @@
             "signature": [
               "string[]"
             ],
-            "path": "packages/kbn-data-stream-adapter/src/field_maps/types.ts",
+            "path": "packages/kbn-index-adapter/src/field_maps/types.ts",
             "deprecated": false,
             "trackAdoption": false
           },
           {
             "parentPluginId": "@kbn/data-stream-adapter",
-            "id": "def-common.EcsMetadata.required",
+            "id": "def-server.EcsMetadata.required",
             "type": "CompoundType",
             "tags": [],
             "label": "required",
@@ -875,13 +652,13 @@
             "signature": [
               "boolean | undefined"
             ],
-            "path": "packages/kbn-data-stream-adapter/src/field_maps/types.ts",
+            "path": "packages/kbn-index-adapter/src/field_maps/types.ts",
             "deprecated": false,
             "trackAdoption": false
           },
           {
             "parentPluginId": "@kbn/data-stream-adapter",
-            "id": "def-common.EcsMetadata.scaling_factor",
+            "id": "def-server.EcsMetadata.scaling_factor",
             "type": "number",
             "tags": [],
             "label": "scaling_factor",
@@ -889,35 +666,35 @@
             "signature": [
               "number | undefined"
             ],
-            "path": "packages/kbn-data-stream-adapter/src/field_maps/types.ts",
+            "path": "packages/kbn-index-adapter/src/field_maps/types.ts",
             "deprecated": false,
             "trackAdoption": false
           },
           {
             "parentPluginId": "@kbn/data-stream-adapter",
-            "id": "def-common.EcsMetadata.short",
+            "id": "def-server.EcsMetadata.short",
             "type": "string",
             "tags": [],
             "label": "short",
             "description": [],
-            "path": "packages/kbn-data-stream-adapter/src/field_maps/types.ts",
+            "path": "packages/kbn-index-adapter/src/field_maps/types.ts",
             "deprecated": false,
             "trackAdoption": false
           },
           {
             "parentPluginId": "@kbn/data-stream-adapter",
-            "id": "def-common.EcsMetadata.type",
+            "id": "def-server.EcsMetadata.type",
             "type": "string",
             "tags": [],
             "label": "type",
             "description": [],
-            "path": "packages/kbn-data-stream-adapter/src/field_maps/types.ts",
+            "path": "packages/kbn-index-adapter/src/field_maps/types.ts",
             "deprecated": false,
             "trackAdoption": false
           },
           {
             "parentPluginId": "@kbn/data-stream-adapter",
-            "id": "def-common.EcsMetadata.properties",
+            "id": "def-server.EcsMetadata.properties",
             "type": "Object",
             "tags": [],
             "label": "properties",
@@ -925,7 +702,7 @@
             "signature": [
               "Record<string, { type: string; }> | undefined"
             ],
-            "path": "packages/kbn-data-stream-adapter/src/field_maps/types.ts",
+            "path": "packages/kbn-index-adapter/src/field_maps/types.ts",
             "deprecated": false,
             "trackAdoption": false
           }
@@ -934,18 +711,18 @@
       },
       {
         "parentPluginId": "@kbn/data-stream-adapter",
-        "id": "def-common.InstallParams",
+        "id": "def-server.InstallParams",
         "type": "Interface",
         "tags": [],
         "label": "InstallParams",
         "description": [],
-        "path": "packages/kbn-data-stream-adapter/src/data_stream_adapter.ts",
+        "path": "packages/kbn-index-adapter/src/index_adapter.ts",
         "deprecated": false,
         "trackAdoption": false,
         "children": [
           {
             "parentPluginId": "@kbn/data-stream-adapter",
-            "id": "def-common.InstallParams.logger",
+            "id": "def-server.InstallParams.logger",
             "type": "Object",
             "tags": [],
             "label": "logger",
@@ -959,13 +736,13 @@
                 "text": "Logger"
               }
             ],
-            "path": "packages/kbn-data-stream-adapter/src/data_stream_adapter.ts",
+            "path": "packages/kbn-index-adapter/src/index_adapter.ts",
             "deprecated": false,
             "trackAdoption": false
           },
           {
             "parentPluginId": "@kbn/data-stream-adapter",
-            "id": "def-common.InstallParams.esClient",
+            "id": "def-server.InstallParams.esClient",
             "type": "CompoundType",
             "tags": [],
             "label": "esClient",
@@ -988,13 +765,13 @@
               },
               ">"
             ],
-            "path": "packages/kbn-data-stream-adapter/src/data_stream_adapter.ts",
+            "path": "packages/kbn-index-adapter/src/index_adapter.ts",
             "deprecated": false,
             "trackAdoption": false
           },
           {
             "parentPluginId": "@kbn/data-stream-adapter",
-            "id": "def-common.InstallParams.pluginStop$",
+            "id": "def-server.InstallParams.pluginStop$",
             "type": "Object",
             "tags": [],
             "label": "pluginStop$",
@@ -1003,13 +780,13 @@
               "Subject",
               "<void>"
             ],
-            "path": "packages/kbn-data-stream-adapter/src/data_stream_adapter.ts",
+            "path": "packages/kbn-index-adapter/src/index_adapter.ts",
             "deprecated": false,
             "trackAdoption": false
           },
           {
             "parentPluginId": "@kbn/data-stream-adapter",
-            "id": "def-common.InstallParams.tasksTimeoutMs",
+            "id": "def-server.InstallParams.tasksTimeoutMs",
             "type": "number",
             "tags": [],
             "label": "tasksTimeoutMs",
@@ -1017,7 +794,7 @@
             "signature": [
               "number | undefined"
             ],
-            "path": "packages/kbn-data-stream-adapter/src/data_stream_adapter.ts",
+            "path": "packages/kbn-index-adapter/src/index_adapter.ts",
             "deprecated": false,
             "trackAdoption": false
           }
@@ -1026,203 +803,45 @@
       },
       {
         "parentPluginId": "@kbn/data-stream-adapter",
-        "id": "def-common.MultiField",
+        "id": "def-server.MultiField",
         "type": "Interface",
         "tags": [],
         "label": "MultiField",
         "description": [],
-        "path": "packages/kbn-data-stream-adapter/src/field_maps/types.ts",
+        "path": "packages/kbn-index-adapter/src/field_maps/types.ts",
         "deprecated": false,
         "trackAdoption": false,
         "children": [
           {
             "parentPluginId": "@kbn/data-stream-adapter",
-            "id": "def-common.MultiField.flat_name",
+            "id": "def-server.MultiField.flat_name",
             "type": "string",
             "tags": [],
             "label": "flat_name",
             "description": [],
-            "path": "packages/kbn-data-stream-adapter/src/field_maps/types.ts",
+            "path": "packages/kbn-index-adapter/src/field_maps/types.ts",
             "deprecated": false,
             "trackAdoption": false
           },
           {
             "parentPluginId": "@kbn/data-stream-adapter",
-            "id": "def-common.MultiField.name",
+            "id": "def-server.MultiField.name",
             "type": "string",
             "tags": [],
             "label": "name",
             "description": [],
-            "path": "packages/kbn-data-stream-adapter/src/field_maps/types.ts",
+            "path": "packages/kbn-index-adapter/src/field_maps/types.ts",
             "deprecated": false,
             "trackAdoption": false
           },
           {
             "parentPluginId": "@kbn/data-stream-adapter",
-            "id": "def-common.MultiField.type",
+            "id": "def-server.MultiField.type",
             "type": "string",
             "tags": [],
             "label": "type",
             "description": [],
-            "path": "packages/kbn-data-stream-adapter/src/field_maps/types.ts",
-            "deprecated": false,
-            "trackAdoption": false
-          }
-        ],
-        "initialIsOpen": false
-      },
-      {
-        "parentPluginId": "@kbn/data-stream-adapter",
-        "id": "def-common.SetComponentTemplateParams",
-        "type": "Interface",
-        "tags": [],
-        "label": "SetComponentTemplateParams",
-        "description": [],
-        "path": "packages/kbn-data-stream-adapter/src/data_stream_adapter.ts",
-        "deprecated": false,
-        "trackAdoption": false,
-        "children": [
-          {
-            "parentPluginId": "@kbn/data-stream-adapter",
-            "id": "def-common.SetComponentTemplateParams.name",
-            "type": "string",
-            "tags": [],
-            "label": "name",
-            "description": [],
-            "path": "packages/kbn-data-stream-adapter/src/data_stream_adapter.ts",
-            "deprecated": false,
-            "trackAdoption": false
-          },
-          {
-            "parentPluginId": "@kbn/data-stream-adapter",
-            "id": "def-common.SetComponentTemplateParams.fieldMap",
-            "type": "Object",
-            "tags": [],
-            "label": "fieldMap",
-            "description": [],
-            "signature": [
-              "{ [x: string]: { type: string; required: boolean; array?: boolean | undefined; doc_values?: boolean | undefined; enabled?: boolean | undefined; format?: string | undefined; ignore_above?: number | undefined; multi_fields?: ",
-              {
-                "pluginId": "@kbn/data-stream-adapter",
-                "scope": "common",
-                "docId": "kibKbnDataStreamAdapterPluginApi",
-                "section": "def-common.MultiField",
-                "text": "MultiField"
-              },
-              "[] | undefined; index?: boolean | undefined; path?: string | undefined; scaling_factor?: number | undefined; dynamic?: boolean | \"strict\" | undefined; properties?: Record<string, { type: string; }> | undefined; inference_id?: string | undefined; copy_to?: string | undefined; }; }"
-            ],
-            "path": "packages/kbn-data-stream-adapter/src/data_stream_adapter.ts",
-            "deprecated": false,
-            "trackAdoption": false
-          },
-          {
-            "parentPluginId": "@kbn/data-stream-adapter",
-            "id": "def-common.SetComponentTemplateParams.settings",
-            "type": "CompoundType",
-            "tags": [],
-            "label": "settings",
-            "description": [],
-            "signature": [
-              "IndicesIndexSettings",
-              " | undefined"
-            ],
-            "path": "packages/kbn-data-stream-adapter/src/data_stream_adapter.ts",
-            "deprecated": false,
-            "trackAdoption": false
-          },
-          {
-            "parentPluginId": "@kbn/data-stream-adapter",
-            "id": "def-common.SetComponentTemplateParams.dynamic",
-            "type": "CompoundType",
-            "tags": [],
-            "label": "dynamic",
-            "description": [],
-            "signature": [
-              "boolean | \"strict\" | undefined"
-            ],
-            "path": "packages/kbn-data-stream-adapter/src/data_stream_adapter.ts",
-            "deprecated": false,
-            "trackAdoption": false
-          }
-        ],
-        "initialIsOpen": false
-      },
-      {
-        "parentPluginId": "@kbn/data-stream-adapter",
-        "id": "def-common.SetIndexTemplateParams",
-        "type": "Interface",
-        "tags": [],
-        "label": "SetIndexTemplateParams",
-        "description": [],
-        "path": "packages/kbn-data-stream-adapter/src/data_stream_adapter.ts",
-        "deprecated": false,
-        "trackAdoption": false,
-        "children": [
-          {
-            "parentPluginId": "@kbn/data-stream-adapter",
-            "id": "def-common.SetIndexTemplateParams.name",
-            "type": "string",
-            "tags": [],
-            "label": "name",
-            "description": [],
-            "path": "packages/kbn-data-stream-adapter/src/data_stream_adapter.ts",
-            "deprecated": false,
-            "trackAdoption": false
-          },
-          {
-            "parentPluginId": "@kbn/data-stream-adapter",
-            "id": "def-common.SetIndexTemplateParams.componentTemplateRefs",
-            "type": "Array",
-            "tags": [],
-            "label": "componentTemplateRefs",
-            "description": [],
-            "signature": [
-              "string[] | undefined"
-            ],
-            "path": "packages/kbn-data-stream-adapter/src/data_stream_adapter.ts",
-            "deprecated": false,
-            "trackAdoption": false
-          },
-          {
-            "parentPluginId": "@kbn/data-stream-adapter",
-            "id": "def-common.SetIndexTemplateParams.namespace",
-            "type": "string",
-            "tags": [],
-            "label": "namespace",
-            "description": [],
-            "signature": [
-              "string | undefined"
-            ],
-            "path": "packages/kbn-data-stream-adapter/src/data_stream_adapter.ts",
-            "deprecated": false,
-            "trackAdoption": false
-          },
-          {
-            "parentPluginId": "@kbn/data-stream-adapter",
-            "id": "def-common.SetIndexTemplateParams.template",
-            "type": "Object",
-            "tags": [],
-            "label": "template",
-            "description": [],
-            "signature": [
-              "IndicesPutIndexTemplateIndexTemplateMapping",
-              " | undefined"
-            ],
-            "path": "packages/kbn-data-stream-adapter/src/data_stream_adapter.ts",
-            "deprecated": false,
-            "trackAdoption": false
-          },
-          {
-            "parentPluginId": "@kbn/data-stream-adapter",
-            "id": "def-common.SetIndexTemplateParams.hidden",
-            "type": "CompoundType",
-            "tags": [],
-            "label": "hidden",
-            "description": [],
-            "signature": [
-              "boolean | undefined"
-            ],
-            "path": "packages/kbn-data-stream-adapter/src/data_stream_adapter.ts",
+            "path": "packages/kbn-index-adapter/src/field_maps/types.ts",
             "deprecated": false,
             "trackAdoption": false
           }
@@ -1234,7 +853,7 @@
     "misc": [
       {
         "parentPluginId": "@kbn/data-stream-adapter",
-        "id": "def-common.EcsFieldMap",
+        "id": "def-server.EcsFieldMap",
         "type": "Type",
         "tags": [],
         "label": "EcsFieldMap",
@@ -1242,22 +861,22 @@
         "signature": [
           "{ [x: string]: { type: string; required: boolean; array?: boolean | undefined; doc_values?: boolean | undefined; enabled?: boolean | undefined; format?: string | undefined; ignore_above?: number | undefined; multi_fields?: ",
           {
-            "pluginId": "@kbn/data-stream-adapter",
-            "scope": "common",
-            "docId": "kibKbnDataStreamAdapterPluginApi",
-            "section": "def-common.MultiField",
+            "pluginId": "@kbn/index-adapter",
+            "scope": "server",
+            "docId": "kibKbnIndexAdapterPluginApi",
+            "section": "def-server.MultiField",
             "text": "MultiField"
           },
           "[] | undefined; index?: boolean | undefined; path?: string | undefined; scaling_factor?: number | undefined; dynamic?: boolean | \"strict\" | undefined; properties?: Record<string, { type: string; }> | undefined; inference_id?: string | undefined; copy_to?: string | undefined; }; }"
         ],
-        "path": "packages/kbn-data-stream-adapter/src/field_maps/ecs_field_map.ts",
+        "path": "packages/kbn-index-adapter/src/field_maps/ecs_field_map.ts",
         "deprecated": false,
         "trackAdoption": false,
         "initialIsOpen": false
       },
       {
         "parentPluginId": "@kbn/data-stream-adapter",
-        "id": "def-common.FieldMap",
+        "id": "def-server.FieldMap",
         "type": "Type",
         "tags": [],
         "label": "FieldMap",
@@ -1265,22 +884,22 @@
         "signature": [
           "{ [P in T]: { type: string; required: boolean; array?: boolean | undefined; doc_values?: boolean | undefined; enabled?: boolean | undefined; format?: string | undefined; ignore_above?: number | undefined; multi_fields?: ",
           {
-            "pluginId": "@kbn/data-stream-adapter",
-            "scope": "common",
-            "docId": "kibKbnDataStreamAdapterPluginApi",
-            "section": "def-common.MultiField",
+            "pluginId": "@kbn/index-adapter",
+            "scope": "server",
+            "docId": "kibKbnIndexAdapterPluginApi",
+            "section": "def-server.MultiField",
             "text": "MultiField"
           },
           "[] | undefined; index?: boolean | undefined; path?: string | undefined; scaling_factor?: number | undefined; dynamic?: boolean | \"strict\" | undefined; properties?: Record<string, { type: string; }> | undefined; inference_id?: string | undefined; copy_to?: string | undefined; }; }"
         ],
-        "path": "packages/kbn-data-stream-adapter/src/field_maps/types.ts",
+        "path": "packages/kbn-index-adapter/src/field_maps/types.ts",
         "deprecated": false,
         "trackAdoption": false,
         "initialIsOpen": false
       },
       {
         "parentPluginId": "@kbn/data-stream-adapter",
-        "id": "def-common.SchemaFieldMapKeys",
+        "id": "def-server.SchemaFieldMapKeys",
         "type": "Type",
         "tags": [],
         "label": "SchemaFieldMapKeys",
@@ -1288,15 +907,47 @@
         "signature": [
           "Key extends string ? NonNullable<T[Key]> extends Record<string, unknown> ? `${Key}` | `${Key}.${",
           {
-            "pluginId": "@kbn/data-stream-adapter",
-            "scope": "common",
-            "docId": "kibKbnDataStreamAdapterPluginApi",
-            "section": "def-common.SchemaFieldMapKeys",
+            "pluginId": "@kbn/index-adapter",
+            "scope": "server",
+            "docId": "kibKbnIndexAdapterPluginApi",
+            "section": "def-server.SchemaFieldMapKeys",
             "text": "SchemaFieldMapKeys"
           },
           "<NonNullable<T[Key]>, keyof NonNullable<T[Key]>>}` : `${Key}` : never"
         ],
-        "path": "packages/kbn-data-stream-adapter/src/field_maps/types.ts",
+        "path": "packages/kbn-index-adapter/src/field_maps/types.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/data-stream-adapter",
+        "id": "def-server.SetComponentTemplateParams",
+        "type": "Type",
+        "tags": [],
+        "label": "SetComponentTemplateParams",
+        "description": [],
+        "signature": [
+          "GetComponentTemplateOpts"
+        ],
+        "path": "packages/kbn-index-adapter/src/index_adapter.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/data-stream-adapter",
+        "id": "def-server.SetIndexTemplateParams",
+        "type": "Type",
+        "tags": [],
+        "label": "SetIndexTemplateParams",
+        "description": [],
+        "signature": [
+          "{ namespace?: string | undefined; name: string; hidden?: boolean | undefined; template?: ",
+          "IndicesPutIndexTemplateIndexTemplateMapping",
+          " | undefined; componentTemplateRefs?: string[] | undefined; isDataStream?: boolean | undefined; }"
+        ],
+        "path": "packages/kbn-index-adapter/src/index_adapter.ts",
         "deprecated": false,
         "trackAdoption": false,
         "initialIsOpen": false
@@ -1305,7 +956,7 @@
     "objects": [
       {
         "parentPluginId": "@kbn/data-stream-adapter",
-        "id": "def-common.ecsFieldMap",
+        "id": "def-server.ecsFieldMap",
         "type": "Object",
         "tags": [],
         "label": "ecsFieldMap",
@@ -1313,19 +964,27 @@
         "signature": [
           "{ [x: string]: { type: string; required: boolean; array?: boolean | undefined; doc_values?: boolean | undefined; enabled?: boolean | undefined; format?: string | undefined; ignore_above?: number | undefined; multi_fields?: ",
           {
-            "pluginId": "@kbn/data-stream-adapter",
-            "scope": "common",
-            "docId": "kibKbnDataStreamAdapterPluginApi",
-            "section": "def-common.MultiField",
+            "pluginId": "@kbn/index-adapter",
+            "scope": "server",
+            "docId": "kibKbnIndexAdapterPluginApi",
+            "section": "def-server.MultiField",
             "text": "MultiField"
           },
           "[] | undefined; index?: boolean | undefined; path?: string | undefined; scaling_factor?: number | undefined; dynamic?: boolean | \"strict\" | undefined; properties?: Record<string, { type: string; }> | undefined; inference_id?: string | undefined; copy_to?: string | undefined; }; }"
         ],
-        "path": "packages/kbn-data-stream-adapter/src/field_maps/ecs_field_map.ts",
+        "path": "packages/kbn-index-adapter/src/field_maps/ecs_field_map.ts",
         "deprecated": false,
         "trackAdoption": false,
         "initialIsOpen": false
       }
     ]
+  },
+  "common": {
+    "classes": [],
+    "functions": [],
+    "interfaces": [],
+    "enums": [],
+    "misc": [],
+    "objects": []
   }
 }
\ No newline at end of file
diff --git a/api_docs/kbn_data_stream_adapter.mdx b/api_docs/kbn_data_stream_adapter.mdx
index d4e94e43d07e2..5fef66e4793bc 100644
--- a/api_docs/kbn_data_stream_adapter.mdx
+++ b/api_docs/kbn_data_stream_adapter.mdx
@@ -8,35 +8,35 @@ slug: /kibana-dev-docs/api/kbn-data-stream-adapter
 title: "@kbn/data-stream-adapter"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/data-stream-adapter plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/data-stream-adapter']
 ---
 import kbnDataStreamAdapterObj from './kbn_data_stream_adapter.devdocs.json';
 
 
 
-Contact [@elastic/security-threat-hunting-explore](https://github.com/orgs/elastic/teams/security-threat-hunting-explore) for questions regarding this plugin.
+Contact [@elastic/security-threat-hunting](https://github.com/orgs/elastic/teams/security-threat-hunting) for questions regarding this plugin.
 
 **Code health stats**
 
 | Public API count  | Any count | Items lacking comments | Missing exports |
 |-------------------|-----------|------------------------|-----------------|
-| 80 | 0 | 80 | 1 |
+| 55 | 0 | 54 | 0 |
 
-## Common
+## Server
 
 ### Objects
-<DocDefinitionList data={kbnDataStreamAdapterObj.common.objects}/>
+<DocDefinitionList data={kbnDataStreamAdapterObj.server.objects}/>
 
 ### Functions
-<DocDefinitionList data={kbnDataStreamAdapterObj.common.functions}/>
+<DocDefinitionList data={kbnDataStreamAdapterObj.server.functions}/>
 
 ### Classes
-<DocDefinitionList data={kbnDataStreamAdapterObj.common.classes}/>
+<DocDefinitionList data={kbnDataStreamAdapterObj.server.classes}/>
 
 ### Interfaces
-<DocDefinitionList data={kbnDataStreamAdapterObj.common.interfaces}/>
+<DocDefinitionList data={kbnDataStreamAdapterObj.server.interfaces}/>
 
 ### Consts, variables and types
-<DocDefinitionList data={kbnDataStreamAdapterObj.common.misc}/>
+<DocDefinitionList data={kbnDataStreamAdapterObj.server.misc}/>
 
diff --git a/api_docs/kbn_data_view_utils.mdx b/api_docs/kbn_data_view_utils.mdx
index 44350ffee0018..0f137b5671715 100644
--- a/api_docs/kbn_data_view_utils.mdx
+++ b/api_docs/kbn_data_view_utils.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-data-view-utils
 title: "@kbn/data-view-utils"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/data-view-utils plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/data-view-utils']
 ---
 import kbnDataViewUtilsObj from './kbn_data_view_utils.devdocs.json';
diff --git a/api_docs/kbn_datemath.mdx b/api_docs/kbn_datemath.mdx
index 53b25850f8df7..946086721215f 100644
--- a/api_docs/kbn_datemath.mdx
+++ b/api_docs/kbn_datemath.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-datemath
 title: "@kbn/datemath"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/datemath plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/datemath']
 ---
 import kbnDatemathObj from './kbn_datemath.devdocs.json';
diff --git a/api_docs/kbn_deeplinks_analytics.mdx b/api_docs/kbn_deeplinks_analytics.mdx
index 9af32e7352b29..c3e9580ec1e60 100644
--- a/api_docs/kbn_deeplinks_analytics.mdx
+++ b/api_docs/kbn_deeplinks_analytics.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-deeplinks-analytics
 title: "@kbn/deeplinks-analytics"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/deeplinks-analytics plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/deeplinks-analytics']
 ---
 import kbnDeeplinksAnalyticsObj from './kbn_deeplinks_analytics.devdocs.json';
diff --git a/api_docs/kbn_deeplinks_devtools.mdx b/api_docs/kbn_deeplinks_devtools.mdx
index 7190eea79989f..a1cd06f5eb426 100644
--- a/api_docs/kbn_deeplinks_devtools.mdx
+++ b/api_docs/kbn_deeplinks_devtools.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-deeplinks-devtools
 title: "@kbn/deeplinks-devtools"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/deeplinks-devtools plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/deeplinks-devtools']
 ---
 import kbnDeeplinksDevtoolsObj from './kbn_deeplinks_devtools.devdocs.json';
diff --git a/api_docs/kbn_deeplinks_fleet.mdx b/api_docs/kbn_deeplinks_fleet.mdx
index 9b6d2bef5fca2..fb0202d089eb7 100644
--- a/api_docs/kbn_deeplinks_fleet.mdx
+++ b/api_docs/kbn_deeplinks_fleet.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-deeplinks-fleet
 title: "@kbn/deeplinks-fleet"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/deeplinks-fleet plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/deeplinks-fleet']
 ---
 import kbnDeeplinksFleetObj from './kbn_deeplinks_fleet.devdocs.json';
diff --git a/api_docs/kbn_deeplinks_management.mdx b/api_docs/kbn_deeplinks_management.mdx
index 64a284f83f05d..d61783ef18b7a 100644
--- a/api_docs/kbn_deeplinks_management.mdx
+++ b/api_docs/kbn_deeplinks_management.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-deeplinks-management
 title: "@kbn/deeplinks-management"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/deeplinks-management plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/deeplinks-management']
 ---
 import kbnDeeplinksManagementObj from './kbn_deeplinks_management.devdocs.json';
diff --git a/api_docs/kbn_deeplinks_ml.mdx b/api_docs/kbn_deeplinks_ml.mdx
index 46c0550d1e336..b84ed639a7077 100644
--- a/api_docs/kbn_deeplinks_ml.mdx
+++ b/api_docs/kbn_deeplinks_ml.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-deeplinks-ml
 title: "@kbn/deeplinks-ml"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/deeplinks-ml plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/deeplinks-ml']
 ---
 import kbnDeeplinksMlObj from './kbn_deeplinks_ml.devdocs.json';
diff --git a/api_docs/kbn_deeplinks_observability.mdx b/api_docs/kbn_deeplinks_observability.mdx
index 7dfd297037c53..255843f277572 100644
--- a/api_docs/kbn_deeplinks_observability.mdx
+++ b/api_docs/kbn_deeplinks_observability.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-deeplinks-observability
 title: "@kbn/deeplinks-observability"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/deeplinks-observability plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/deeplinks-observability']
 ---
 import kbnDeeplinksObservabilityObj from './kbn_deeplinks_observability.devdocs.json';
diff --git a/api_docs/kbn_deeplinks_search.mdx b/api_docs/kbn_deeplinks_search.mdx
index 595d9fe34f8da..43e1e5f4e1b4d 100644
--- a/api_docs/kbn_deeplinks_search.mdx
+++ b/api_docs/kbn_deeplinks_search.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-deeplinks-search
 title: "@kbn/deeplinks-search"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/deeplinks-search plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/deeplinks-search']
 ---
 import kbnDeeplinksSearchObj from './kbn_deeplinks_search.devdocs.json';
diff --git a/api_docs/kbn_deeplinks_security.mdx b/api_docs/kbn_deeplinks_security.mdx
index c8972591f99c2..3fb8c5507772e 100644
--- a/api_docs/kbn_deeplinks_security.mdx
+++ b/api_docs/kbn_deeplinks_security.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-deeplinks-security
 title: "@kbn/deeplinks-security"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/deeplinks-security plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/deeplinks-security']
 ---
 import kbnDeeplinksSecurityObj from './kbn_deeplinks_security.devdocs.json';
diff --git a/api_docs/kbn_deeplinks_shared.mdx b/api_docs/kbn_deeplinks_shared.mdx
index 3aaefdeed692e..0dde37df001d9 100644
--- a/api_docs/kbn_deeplinks_shared.mdx
+++ b/api_docs/kbn_deeplinks_shared.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-deeplinks-shared
 title: "@kbn/deeplinks-shared"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/deeplinks-shared plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/deeplinks-shared']
 ---
 import kbnDeeplinksSharedObj from './kbn_deeplinks_shared.devdocs.json';
diff --git a/api_docs/kbn_default_nav_analytics.mdx b/api_docs/kbn_default_nav_analytics.mdx
index 3ec8e4ffe178c..8fd3d7ff90515 100644
--- a/api_docs/kbn_default_nav_analytics.mdx
+++ b/api_docs/kbn_default_nav_analytics.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-default-nav-analytics
 title: "@kbn/default-nav-analytics"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/default-nav-analytics plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/default-nav-analytics']
 ---
 import kbnDefaultNavAnalyticsObj from './kbn_default_nav_analytics.devdocs.json';
diff --git a/api_docs/kbn_default_nav_devtools.mdx b/api_docs/kbn_default_nav_devtools.mdx
index 938aac32af481..23f041551455a 100644
--- a/api_docs/kbn_default_nav_devtools.mdx
+++ b/api_docs/kbn_default_nav_devtools.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-default-nav-devtools
 title: "@kbn/default-nav-devtools"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/default-nav-devtools plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/default-nav-devtools']
 ---
 import kbnDefaultNavDevtoolsObj from './kbn_default_nav_devtools.devdocs.json';
diff --git a/api_docs/kbn_default_nav_management.mdx b/api_docs/kbn_default_nav_management.mdx
index 6a1a579bcc4e2..6b84acac66c5b 100644
--- a/api_docs/kbn_default_nav_management.mdx
+++ b/api_docs/kbn_default_nav_management.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-default-nav-management
 title: "@kbn/default-nav-management"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/default-nav-management plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/default-nav-management']
 ---
 import kbnDefaultNavManagementObj from './kbn_default_nav_management.devdocs.json';
diff --git a/api_docs/kbn_default_nav_ml.mdx b/api_docs/kbn_default_nav_ml.mdx
index d68d42a1fbc39..a91a5cf30e094 100644
--- a/api_docs/kbn_default_nav_ml.mdx
+++ b/api_docs/kbn_default_nav_ml.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-default-nav-ml
 title: "@kbn/default-nav-ml"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/default-nav-ml plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/default-nav-ml']
 ---
 import kbnDefaultNavMlObj from './kbn_default_nav_ml.devdocs.json';
diff --git a/api_docs/kbn_dev_cli_errors.mdx b/api_docs/kbn_dev_cli_errors.mdx
index 864f684cd5d69..c20c9ff7ea245 100644
--- a/api_docs/kbn_dev_cli_errors.mdx
+++ b/api_docs/kbn_dev_cli_errors.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-dev-cli-errors
 title: "@kbn/dev-cli-errors"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/dev-cli-errors plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/dev-cli-errors']
 ---
 import kbnDevCliErrorsObj from './kbn_dev_cli_errors.devdocs.json';
diff --git a/api_docs/kbn_dev_cli_runner.mdx b/api_docs/kbn_dev_cli_runner.mdx
index 2f83a9993ece7..168ad30531831 100644
--- a/api_docs/kbn_dev_cli_runner.mdx
+++ b/api_docs/kbn_dev_cli_runner.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-dev-cli-runner
 title: "@kbn/dev-cli-runner"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/dev-cli-runner plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/dev-cli-runner']
 ---
 import kbnDevCliRunnerObj from './kbn_dev_cli_runner.devdocs.json';
diff --git a/api_docs/kbn_dev_proc_runner.mdx b/api_docs/kbn_dev_proc_runner.mdx
index dbf2659bfd26f..a0a043c2a92ad 100644
--- a/api_docs/kbn_dev_proc_runner.mdx
+++ b/api_docs/kbn_dev_proc_runner.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-dev-proc-runner
 title: "@kbn/dev-proc-runner"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/dev-proc-runner plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/dev-proc-runner']
 ---
 import kbnDevProcRunnerObj from './kbn_dev_proc_runner.devdocs.json';
diff --git a/api_docs/kbn_dev_utils.mdx b/api_docs/kbn_dev_utils.mdx
index 99b18514c257c..66a65c612f936 100644
--- a/api_docs/kbn_dev_utils.mdx
+++ b/api_docs/kbn_dev_utils.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-dev-utils
 title: "@kbn/dev-utils"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/dev-utils plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/dev-utils']
 ---
 import kbnDevUtilsObj from './kbn_dev_utils.devdocs.json';
diff --git a/api_docs/kbn_discover_contextual_components.mdx b/api_docs/kbn_discover_contextual_components.mdx
index 68e6317d384e2..c9f2f861b965a 100644
--- a/api_docs/kbn_discover_contextual_components.mdx
+++ b/api_docs/kbn_discover_contextual_components.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-discover-contextual-components
 title: "@kbn/discover-contextual-components"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/discover-contextual-components plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/discover-contextual-components']
 ---
 import kbnDiscoverContextualComponentsObj from './kbn_discover_contextual_components.devdocs.json';
diff --git a/api_docs/kbn_discover_utils.mdx b/api_docs/kbn_discover_utils.mdx
index ec4e0bd3901b7..4708970ef5b16 100644
--- a/api_docs/kbn_discover_utils.mdx
+++ b/api_docs/kbn_discover_utils.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-discover-utils
 title: "@kbn/discover-utils"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/discover-utils plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/discover-utils']
 ---
 import kbnDiscoverUtilsObj from './kbn_discover_utils.devdocs.json';
diff --git a/api_docs/kbn_doc_links.mdx b/api_docs/kbn_doc_links.mdx
index 0ef234ad26dcb..bab4132adb76d 100644
--- a/api_docs/kbn_doc_links.mdx
+++ b/api_docs/kbn_doc_links.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-doc-links
 title: "@kbn/doc-links"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/doc-links plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/doc-links']
 ---
 import kbnDocLinksObj from './kbn_doc_links.devdocs.json';
diff --git a/api_docs/kbn_docs_utils.mdx b/api_docs/kbn_docs_utils.mdx
index 100e0358119ec..1617cf9b67a29 100644
--- a/api_docs/kbn_docs_utils.mdx
+++ b/api_docs/kbn_docs_utils.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-docs-utils
 title: "@kbn/docs-utils"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/docs-utils plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/docs-utils']
 ---
 import kbnDocsUtilsObj from './kbn_docs_utils.devdocs.json';
diff --git a/api_docs/kbn_dom_drag_drop.mdx b/api_docs/kbn_dom_drag_drop.mdx
index 50724896d794e..fd880403c803b 100644
--- a/api_docs/kbn_dom_drag_drop.mdx
+++ b/api_docs/kbn_dom_drag_drop.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-dom-drag-drop
 title: "@kbn/dom-drag-drop"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/dom-drag-drop plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/dom-drag-drop']
 ---
 import kbnDomDragDropObj from './kbn_dom_drag_drop.devdocs.json';
diff --git a/api_docs/kbn_ebt_tools.mdx b/api_docs/kbn_ebt_tools.mdx
index 60105e01565f4..af6c98f8d4e7b 100644
--- a/api_docs/kbn_ebt_tools.mdx
+++ b/api_docs/kbn_ebt_tools.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ebt-tools
 title: "@kbn/ebt-tools"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/ebt-tools plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ebt-tools']
 ---
 import kbnEbtToolsObj from './kbn_ebt_tools.devdocs.json';
diff --git a/api_docs/kbn_ecs_data_quality_dashboard.mdx b/api_docs/kbn_ecs_data_quality_dashboard.mdx
index 2a958b1dc9ac6..56bf5e9a7eea9 100644
--- a/api_docs/kbn_ecs_data_quality_dashboard.mdx
+++ b/api_docs/kbn_ecs_data_quality_dashboard.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ecs-data-quality-dashboard
 title: "@kbn/ecs-data-quality-dashboard"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/ecs-data-quality-dashboard plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ecs-data-quality-dashboard']
 ---
 import kbnEcsDataQualityDashboardObj from './kbn_ecs_data_quality_dashboard.devdocs.json';
diff --git a/api_docs/kbn_elastic_agent_utils.mdx b/api_docs/kbn_elastic_agent_utils.mdx
index b9658cbf5597f..1708ba9827f29 100644
--- a/api_docs/kbn_elastic_agent_utils.mdx
+++ b/api_docs/kbn_elastic_agent_utils.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-elastic-agent-utils
 title: "@kbn/elastic-agent-utils"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/elastic-agent-utils plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/elastic-agent-utils']
 ---
 import kbnElasticAgentUtilsObj from './kbn_elastic_agent_utils.devdocs.json';
diff --git a/api_docs/kbn_elastic_assistant.mdx b/api_docs/kbn_elastic_assistant.mdx
index 81b029f25b45a..945c191490d39 100644
--- a/api_docs/kbn_elastic_assistant.mdx
+++ b/api_docs/kbn_elastic_assistant.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-elastic-assistant
 title: "@kbn/elastic-assistant"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/elastic-assistant plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/elastic-assistant']
 ---
 import kbnElasticAssistantObj from './kbn_elastic_assistant.devdocs.json';
diff --git a/api_docs/kbn_elastic_assistant_common.devdocs.json b/api_docs/kbn_elastic_assistant_common.devdocs.json
index 3a8972f18fd3a..47fac3d1e7809 100644
--- a/api_docs/kbn_elastic_assistant_common.devdocs.json
+++ b/api_docs/kbn_elastic_assistant_common.devdocs.json
@@ -997,7 +997,7 @@
           "\nInterface for features available to the elastic assistant"
         ],
         "signature": [
-          "{ readonly assistantKnowledgeBaseByDefault: boolean; readonly assistantModelEvaluation: boolean; }"
+          "{ readonly assistantModelEvaluation: boolean; }"
         ],
         "path": "x-pack/packages/kbn-elastic-assistant-common/impl/capabilities/index.ts",
         "deprecated": false,
@@ -1952,51 +1952,6 @@
         "trackAdoption": false,
         "initialIsOpen": false
       },
-      {
-        "parentPluginId": "@kbn/elastic-assistant-common",
-        "id": "def-common.DeleteKnowledgeBaseRequestParams",
-        "type": "Type",
-        "tags": [],
-        "label": "DeleteKnowledgeBaseRequestParams",
-        "description": [],
-        "signature": [
-          "{ resource?: string | undefined; }"
-        ],
-        "path": "x-pack/packages/kbn-elastic-assistant-common/impl/schemas/knowledge_base/crud_kb_route.gen.ts",
-        "deprecated": false,
-        "trackAdoption": false,
-        "initialIsOpen": false
-      },
-      {
-        "parentPluginId": "@kbn/elastic-assistant-common",
-        "id": "def-common.DeleteKnowledgeBaseRequestParamsInput",
-        "type": "Type",
-        "tags": [],
-        "label": "DeleteKnowledgeBaseRequestParamsInput",
-        "description": [],
-        "signature": [
-          "{ resource?: string | undefined; }"
-        ],
-        "path": "x-pack/packages/kbn-elastic-assistant-common/impl/schemas/knowledge_base/crud_kb_route.gen.ts",
-        "deprecated": false,
-        "trackAdoption": false,
-        "initialIsOpen": false
-      },
-      {
-        "parentPluginId": "@kbn/elastic-assistant-common",
-        "id": "def-common.DeleteKnowledgeBaseResponse",
-        "type": "Type",
-        "tags": [],
-        "label": "DeleteKnowledgeBaseResponse",
-        "description": [],
-        "signature": [
-          "{ success?: boolean | undefined; }"
-        ],
-        "path": "x-pack/packages/kbn-elastic-assistant-common/impl/schemas/knowledge_base/crud_kb_route.gen.ts",
-        "deprecated": false,
-        "trackAdoption": false,
-        "initialIsOpen": false
-      },
       {
         "parentPluginId": "@kbn/elastic-assistant-common",
         "id": "def-common.DocumentEntry",
@@ -2772,7 +2727,7 @@
         "label": "GetCapabilitiesResponse",
         "description": [],
         "signature": [
-          "{ assistantKnowledgeBaseByDefault: boolean; assistantModelEvaluation: boolean; }"
+          "{ assistantModelEvaluation: boolean; }"
         ],
         "path": "x-pack/packages/kbn-elastic-assistant-common/impl/schemas/capabilities/get_capabilities_route.gen.ts",
         "deprecated": false,
@@ -4767,7 +4722,7 @@
           "\nDefault features available to the elastic assistant"
         ],
         "signature": [
-          "{ readonly assistantKnowledgeBaseByDefault: true; readonly assistantModelEvaluation: false; }"
+          "{ readonly assistantModelEvaluation: false; }"
         ],
         "path": "x-pack/packages/kbn-elastic-assistant-common/impl/capabilities/index.ts",
         "deprecated": false,
@@ -4834,36 +4789,6 @@
         "trackAdoption": false,
         "initialIsOpen": false
       },
-      {
-        "parentPluginId": "@kbn/elastic-assistant-common",
-        "id": "def-common.DeleteKnowledgeBaseRequestParams",
-        "type": "Object",
-        "tags": [],
-        "label": "DeleteKnowledgeBaseRequestParams",
-        "description": [],
-        "signature": [
-          "Zod.ZodObject<{ resource: Zod.ZodOptional<Zod.ZodString>; }, \"strip\", Zod.ZodTypeAny, { resource?: string | undefined; }, { resource?: string | undefined; }>"
-        ],
-        "path": "x-pack/packages/kbn-elastic-assistant-common/impl/schemas/knowledge_base/crud_kb_route.gen.ts",
-        "deprecated": false,
-        "trackAdoption": false,
-        "initialIsOpen": false
-      },
-      {
-        "parentPluginId": "@kbn/elastic-assistant-common",
-        "id": "def-common.DeleteKnowledgeBaseResponse",
-        "type": "Object",
-        "tags": [],
-        "label": "DeleteKnowledgeBaseResponse",
-        "description": [],
-        "signature": [
-          "Zod.ZodObject<{ success: Zod.ZodOptional<Zod.ZodBoolean>; }, \"strip\", Zod.ZodTypeAny, { success?: boolean | undefined; }, { success?: boolean | undefined; }>"
-        ],
-        "path": "x-pack/packages/kbn-elastic-assistant-common/impl/schemas/knowledge_base/crud_kb_route.gen.ts",
-        "deprecated": false,
-        "trackAdoption": false,
-        "initialIsOpen": false
-      },
       {
         "parentPluginId": "@kbn/elastic-assistant-common",
         "id": "def-common.DocumentEntry",
@@ -5232,7 +5157,7 @@
         "label": "GetCapabilitiesResponse",
         "description": [],
         "signature": [
-          "Zod.ZodObject<{ assistantKnowledgeBaseByDefault: Zod.ZodBoolean; assistantModelEvaluation: Zod.ZodBoolean; }, \"strip\", Zod.ZodTypeAny, { assistantKnowledgeBaseByDefault: boolean; assistantModelEvaluation: boolean; }, { assistantKnowledgeBaseByDefault: boolean; assistantModelEvaluation: boolean; }>"
+          "Zod.ZodObject<{ assistantModelEvaluation: Zod.ZodBoolean; }, \"strip\", Zod.ZodTypeAny, { assistantModelEvaluation: boolean; }, { assistantModelEvaluation: boolean; }>"
         ],
         "path": "x-pack/packages/kbn-elastic-assistant-common/impl/schemas/capabilities/get_capabilities_route.gen.ts",
         "deprecated": false,
diff --git a/api_docs/kbn_elastic_assistant_common.mdx b/api_docs/kbn_elastic_assistant_common.mdx
index 1bd5f4dc78524..c19514cb9065e 100644
--- a/api_docs/kbn_elastic_assistant_common.mdx
+++ b/api_docs/kbn_elastic_assistant_common.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-elastic-assistant-common
 title: "@kbn/elastic-assistant-common"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/elastic-assistant-common plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/elastic-assistant-common']
 ---
 import kbnElasticAssistantCommonObj from './kbn_elastic_assistant_common.devdocs.json';
@@ -21,7 +21,7 @@ Contact [@elastic/security-generative-ai](https://github.com/orgs/elastic/teams/
 
 | Public API count  | Any count | Items lacking comments | Missing exports |
 |-------------------|-----------|------------------------|-----------------|
-| 406 | 0 | 375 | 0 |
+| 401 | 0 | 370 | 0 |
 
 ## Common
 
diff --git a/api_docs/kbn_entities_schema.devdocs.json b/api_docs/kbn_entities_schema.devdocs.json
index c77e0ae7ffeb1..ae8daadc3978e 100644
--- a/api_docs/kbn_entities_schema.devdocs.json
+++ b/api_docs/kbn_entities_schema.devdocs.json
@@ -277,6 +277,36 @@
         "trackAdoption": false,
         "initialIsOpen": false
       },
+      {
+        "parentPluginId": "@kbn/entities-schema",
+        "id": "def-common.EntityInstance",
+        "type": "Type",
+        "tags": [],
+        "label": "EntityInstance",
+        "description": [],
+        "signature": [
+          "{ entity: { id: string; type: string; schema_version: string; identity_fields: string | string[]; display_name: string; definition_version: string; definition_id: string; last_seen_timestamp: string; metrics?: Record<string, number> | undefined; }; } & Metadata"
+        ],
+        "path": "x-pack/packages/kbn-entities-schema/src/schema/entity.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/entities-schema",
+        "id": "def-common.EntityMetadata",
+        "type": "Type",
+        "tags": [],
+        "label": "EntityMetadata",
+        "description": [],
+        "signature": [
+          "Metadata"
+        ],
+        "path": "x-pack/packages/kbn-entities-schema/src/schema/entity.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "initialIsOpen": false
+      },
       {
         "parentPluginId": "@kbn/entities-schema",
         "id": "def-common.GetEntityDefinitionQuerySchema",
@@ -515,7 +545,7 @@
         "label": "entityBaseSchema",
         "description": [],
         "signature": [
-          "Zod.ZodObject<{ id: Zod.ZodString; type: Zod.ZodString; identity_fields: Zod.ZodArray<Zod.ZodString, \"many\">; display_name: Zod.ZodString; metrics: Zod.ZodRecord<Zod.ZodString, Zod.ZodNumber>; definition_version: Zod.ZodString; schema_version: Zod.ZodString; definition_id: Zod.ZodString; }, \"strip\", Zod.ZodTypeAny, { id: string; type: string; metrics: Record<string, number>; schema_version: string; definition_id: string; definition_version: string; display_name: string; identity_fields: string[]; }, { id: string; type: string; metrics: Record<string, number>; schema_version: string; definition_id: string; definition_version: string; display_name: string; identity_fields: string[]; }>"
+          "Zod.ZodObject<{ id: Zod.ZodString; type: Zod.ZodString; identity_fields: Zod.ZodUnion<[Zod.ZodArray<Zod.ZodString, \"many\">, Zod.ZodString]>; display_name: Zod.ZodString; metrics: Zod.ZodOptional<Zod.ZodRecord<Zod.ZodString, Zod.ZodNumber>>; definition_version: Zod.ZodString; schema_version: Zod.ZodString; definition_id: Zod.ZodString; }, \"strip\", Zod.ZodTypeAny, { id: string; type: string; schema_version: string; identity_fields: string | string[]; display_name: string; definition_version: string; definition_id: string; metrics?: Record<string, number> | undefined; }, { id: string; type: string; schema_version: string; identity_fields: string | string[]; display_name: string; definition_version: string; definition_id: string; metrics?: Record<string, number> | undefined; }>"
         ],
         "path": "x-pack/packages/kbn-entities-schema/src/schema/entity.ts",
         "deprecated": false,
@@ -672,7 +702,7 @@
         "label": "entityLatestSchema",
         "description": [],
         "signature": [
-          "Zod.ZodIntersection<Zod.ZodObject<{ entity: Zod.ZodObject<Zod.objectUtil.extendShape<{ id: Zod.ZodString; type: Zod.ZodString; identity_fields: Zod.ZodArray<Zod.ZodString, \"many\">; display_name: Zod.ZodString; metrics: Zod.ZodRecord<Zod.ZodString, Zod.ZodNumber>; definition_version: Zod.ZodString; schema_version: Zod.ZodString; definition_id: Zod.ZodString; }, { last_seen_timestamp: Zod.ZodString; }>, \"strip\", Zod.ZodTypeAny, { id: string; type: string; metrics: Record<string, number>; schema_version: string; definition_id: string; definition_version: string; display_name: string; last_seen_timestamp: string; identity_fields: string[]; }, { id: string; type: string; metrics: Record<string, number>; schema_version: string; definition_id: string; definition_version: string; display_name: string; last_seen_timestamp: string; identity_fields: string[]; }>; }, \"strip\", Zod.ZodTypeAny, { entity: { id: string; type: string; metrics: Record<string, number>; schema_version: string; definition_id: string; definition_version: string; display_name: string; last_seen_timestamp: string; identity_fields: string[]; }; }, { entity: { id: string; type: string; metrics: Record<string, number>; schema_version: string; definition_id: string; definition_version: string; display_name: string; last_seen_timestamp: string; identity_fields: string[]; }; }>, Zod.ZodType<Metadata, Zod.ZodTypeDef, Metadata>>"
+          "Zod.ZodIntersection<Zod.ZodObject<{ entity: Zod.ZodObject<Zod.objectUtil.extendShape<{ id: Zod.ZodString; type: Zod.ZodString; identity_fields: Zod.ZodUnion<[Zod.ZodArray<Zod.ZodString, \"many\">, Zod.ZodString]>; display_name: Zod.ZodString; metrics: Zod.ZodOptional<Zod.ZodRecord<Zod.ZodString, Zod.ZodNumber>>; definition_version: Zod.ZodString; schema_version: Zod.ZodString; definition_id: Zod.ZodString; }, { last_seen_timestamp: Zod.ZodString; }>, \"strip\", Zod.ZodTypeAny, { id: string; type: string; schema_version: string; identity_fields: string | string[]; display_name: string; definition_version: string; definition_id: string; last_seen_timestamp: string; metrics?: Record<string, number> | undefined; }, { id: string; type: string; schema_version: string; identity_fields: string | string[]; display_name: string; definition_version: string; definition_id: string; last_seen_timestamp: string; metrics?: Record<string, number> | undefined; }>; }, \"strip\", Zod.ZodTypeAny, { entity: { id: string; type: string; schema_version: string; identity_fields: string | string[]; display_name: string; definition_version: string; definition_id: string; last_seen_timestamp: string; metrics?: Record<string, number> | undefined; }; }, { entity: { id: string; type: string; schema_version: string; identity_fields: string | string[]; display_name: string; definition_version: string; definition_id: string; last_seen_timestamp: string; metrics?: Record<string, number> | undefined; }; }>, Zod.ZodType<Metadata, Zod.ZodTypeDef, Metadata>>"
         ],
         "path": "x-pack/packages/kbn-entities-schema/src/schema/entity.ts",
         "deprecated": false,
diff --git a/api_docs/kbn_entities_schema.mdx b/api_docs/kbn_entities_schema.mdx
index a1cae02d138d2..195eaf79a150f 100644
--- a/api_docs/kbn_entities_schema.mdx
+++ b/api_docs/kbn_entities_schema.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-entities-schema
 title: "@kbn/entities-schema"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/entities-schema plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/entities-schema']
 ---
 import kbnEntitiesSchemaObj from './kbn_entities_schema.devdocs.json';
@@ -21,7 +21,7 @@ Contact [@elastic/obs-entities](https://github.com/orgs/elastic/teams/obs-entiti
 
 | Public API count  | Any count | Items lacking comments | Missing exports |
 |-------------------|-----------|------------------------|-----------------|
-| 43 | 0 | 43 | 0 |
+| 45 | 0 | 45 | 0 |
 
 ## Common
 
diff --git a/api_docs/kbn_es.mdx b/api_docs/kbn_es.mdx
index 167bbfa298fda..d13d94197d149 100644
--- a/api_docs/kbn_es.mdx
+++ b/api_docs/kbn_es.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-es
 title: "@kbn/es"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/es plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/es']
 ---
 import kbnEsObj from './kbn_es.devdocs.json';
diff --git a/api_docs/kbn_es_archiver.mdx b/api_docs/kbn_es_archiver.mdx
index 2df4b2919483c..c76224e39f4eb 100644
--- a/api_docs/kbn_es_archiver.mdx
+++ b/api_docs/kbn_es_archiver.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-es-archiver
 title: "@kbn/es-archiver"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/es-archiver plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/es-archiver']
 ---
 import kbnEsArchiverObj from './kbn_es_archiver.devdocs.json';
diff --git a/api_docs/kbn_es_errors.mdx b/api_docs/kbn_es_errors.mdx
index 8cba7dad7d059..113d28a4c0a6e 100644
--- a/api_docs/kbn_es_errors.mdx
+++ b/api_docs/kbn_es_errors.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-es-errors
 title: "@kbn/es-errors"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/es-errors plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/es-errors']
 ---
 import kbnEsErrorsObj from './kbn_es_errors.devdocs.json';
diff --git a/api_docs/kbn_es_query.mdx b/api_docs/kbn_es_query.mdx
index 7e3765672afdb..16aec123e5410 100644
--- a/api_docs/kbn_es_query.mdx
+++ b/api_docs/kbn_es_query.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-es-query
 title: "@kbn/es-query"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/es-query plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/es-query']
 ---
 import kbnEsQueryObj from './kbn_es_query.devdocs.json';
diff --git a/api_docs/kbn_es_types.mdx b/api_docs/kbn_es_types.mdx
index 3008d09049256..dc83a7285a862 100644
--- a/api_docs/kbn_es_types.mdx
+++ b/api_docs/kbn_es_types.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-es-types
 title: "@kbn/es-types"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/es-types plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/es-types']
 ---
 import kbnEsTypesObj from './kbn_es_types.devdocs.json';
diff --git a/api_docs/kbn_eslint_plugin_imports.mdx b/api_docs/kbn_eslint_plugin_imports.mdx
index 9ad9028b3f58c..043b745a6f8a6 100644
--- a/api_docs/kbn_eslint_plugin_imports.mdx
+++ b/api_docs/kbn_eslint_plugin_imports.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-eslint-plugin-imports
 title: "@kbn/eslint-plugin-imports"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/eslint-plugin-imports plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/eslint-plugin-imports']
 ---
 import kbnEslintPluginImportsObj from './kbn_eslint_plugin_imports.devdocs.json';
diff --git a/api_docs/kbn_esql_ast.devdocs.json b/api_docs/kbn_esql_ast.devdocs.json
index 369dcc4b6cc15..2c8e443f45d05 100644
--- a/api_docs/kbn_esql_ast.devdocs.json
+++ b/api_docs/kbn_esql_ast.devdocs.json
@@ -896,7 +896,9 @@
         "type": "Class",
         "tags": [],
         "label": "EsqlQuery",
-        "description": [],
+        "description": [
+          "\nRepresents a parsed or programmatically created ES|QL query. Keeps track of\nthe AST, source code, and optionally lexer tokens."
+        ],
         "path": "packages/kbn-esql-ast/src/query/query.ts",
         "deprecated": false,
         "trackAdoption": false,
diff --git a/api_docs/kbn_esql_ast.mdx b/api_docs/kbn_esql_ast.mdx
index c1ec125936856..463e7e00b9e91 100644
--- a/api_docs/kbn_esql_ast.mdx
+++ b/api_docs/kbn_esql_ast.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-esql-ast
 title: "@kbn/esql-ast"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/esql-ast plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/esql-ast']
 ---
 import kbnEsqlAstObj from './kbn_esql_ast.devdocs.json';
@@ -21,7 +21,7 @@ Contact [@elastic/kibana-esql](https://github.com/orgs/elastic/teams/kibana-esql
 
 | Public API count  | Any count | Items lacking comments | Missing exports |
 |-------------------|-----------|------------------------|-----------------|
-| 277 | 1 | 217 | 36 |
+| 277 | 1 | 216 | 36 |
 
 ## Common
 
diff --git a/api_docs/kbn_esql_editor.mdx b/api_docs/kbn_esql_editor.mdx
index 0623f45442967..a5b97961dca86 100644
--- a/api_docs/kbn_esql_editor.mdx
+++ b/api_docs/kbn_esql_editor.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-esql-editor
 title: "@kbn/esql-editor"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/esql-editor plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/esql-editor']
 ---
 import kbnEsqlEditorObj from './kbn_esql_editor.devdocs.json';
diff --git a/api_docs/kbn_esql_utils.devdocs.json b/api_docs/kbn_esql_utils.devdocs.json
index e1a02ca0349f7..ae2c884b03d6f 100644
--- a/api_docs/kbn_esql_utils.devdocs.json
+++ b/api_docs/kbn_esql_utils.devdocs.json
@@ -1464,6 +1464,53 @@
         ],
         "initialIsOpen": false
       },
+      {
+        "parentPluginId": "@kbn/esql-utils",
+        "id": "def-common.isESQLFieldGroupable",
+        "type": "Function",
+        "tags": [],
+        "label": "isESQLFieldGroupable",
+        "description": [],
+        "signature": [
+          "(field: ",
+          {
+            "pluginId": "dataViews",
+            "scope": "common",
+            "docId": "kibDataViewsPluginApi",
+            "section": "def-common.FieldSpec",
+            "text": "FieldSpec"
+          },
+          ") => boolean"
+        ],
+        "path": "packages/kbn-esql-utils/src/utils/esql_fields_utils.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "children": [
+          {
+            "parentPluginId": "@kbn/esql-utils",
+            "id": "def-common.isESQLFieldGroupable.$1",
+            "type": "CompoundType",
+            "tags": [],
+            "label": "field",
+            "description": [],
+            "signature": [
+              {
+                "pluginId": "dataViews",
+                "scope": "common",
+                "docId": "kibDataViewsPluginApi",
+                "section": "def-common.FieldSpec",
+                "text": "FieldSpec"
+              }
+            ],
+            "path": "packages/kbn-esql-utils/src/utils/esql_fields_utils.ts",
+            "deprecated": false,
+            "trackAdoption": false,
+            "isRequired": true
+          }
+        ],
+        "returnComment": [],
+        "initialIsOpen": false
+      },
       {
         "parentPluginId": "@kbn/esql-utils",
         "id": "def-common.isQueryWrappedByPipes",
@@ -1545,6 +1592,72 @@
         "returnComment": [],
         "initialIsOpen": false
       },
+      {
+        "parentPluginId": "@kbn/esql-utils",
+        "id": "def-common.queryCannotBeSampled",
+        "type": "Function",
+        "tags": [],
+        "label": "queryCannotBeSampled",
+        "description": [
+          "\nCheck if the query contains any function that cannot be used after LIMIT clause"
+        ],
+        "signature": [
+          "(query: ",
+          {
+            "pluginId": "@kbn/es-query",
+            "scope": "common",
+            "docId": "kibKbnEsQueryPluginApi",
+            "section": "def-common.Query",
+            "text": "Query"
+          },
+          " | ",
+          {
+            "pluginId": "@kbn/es-query",
+            "scope": "common",
+            "docId": "kibKbnEsQueryPluginApi",
+            "section": "def-common.AggregateQuery",
+            "text": "AggregateQuery"
+          },
+          " | { [key: string]: any; } | null | undefined) => boolean"
+        ],
+        "path": "packages/kbn-esql-utils/src/utils/query_cannot_be_sampled.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "children": [
+          {
+            "parentPluginId": "@kbn/esql-utils",
+            "id": "def-common.queryCannotBeSampled.$1",
+            "type": "CompoundType",
+            "tags": [],
+            "label": "query",
+            "description": [],
+            "signature": [
+              {
+                "pluginId": "@kbn/es-query",
+                "scope": "common",
+                "docId": "kibKbnEsQueryPluginApi",
+                "section": "def-common.Query",
+                "text": "Query"
+              },
+              " | ",
+              {
+                "pluginId": "@kbn/es-query",
+                "scope": "common",
+                "docId": "kibKbnEsQueryPluginApi",
+                "section": "def-common.AggregateQuery",
+                "text": "AggregateQuery"
+              },
+              " | { [key: string]: any; } | null | undefined"
+            ],
+            "path": "packages/kbn-esql-utils/src/utils/query_cannot_be_sampled.ts",
+            "deprecated": false,
+            "trackAdoption": false,
+            "isRequired": false
+          }
+        ],
+        "returnComment": [],
+        "initialIsOpen": false
+      },
       {
         "parentPluginId": "@kbn/esql-utils",
         "id": "def-common.removeDropCommandsFromESQLQuery",
diff --git a/api_docs/kbn_esql_utils.mdx b/api_docs/kbn_esql_utils.mdx
index 606cd098419e4..209cd97da6af2 100644
--- a/api_docs/kbn_esql_utils.mdx
+++ b/api_docs/kbn_esql_utils.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-esql-utils
 title: "@kbn/esql-utils"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/esql-utils plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/esql-utils']
 ---
 import kbnEsqlUtilsObj from './kbn_esql_utils.devdocs.json';
@@ -21,7 +21,7 @@ Contact [@elastic/kibana-esql](https://github.com/orgs/elastic/teams/kibana-esql
 
 | Public API count  | Any count | Items lacking comments | Missing exports |
 |-------------------|-----------|------------------------|-----------------|
-| 79 | 0 | 71 | 0 |
+| 83 | 0 | 74 | 0 |
 
 ## Common
 
diff --git a/api_docs/kbn_esql_validation_autocomplete.devdocs.json b/api_docs/kbn_esql_validation_autocomplete.devdocs.json
index 78ca48d89df55..b0f095fcc852e 100644
--- a/api_docs/kbn_esql_validation_autocomplete.devdocs.json
+++ b/api_docs/kbn_esql_validation_autocomplete.devdocs.json
@@ -3322,6 +3322,20 @@
             "deprecated": false,
             "trackAdoption": false
           },
+          {
+            "parentPluginId": "@kbn/esql-validation-autocomplete",
+            "id": "def-common.FunctionDefinition.preview",
+            "type": "CompoundType",
+            "tags": [],
+            "label": "preview",
+            "description": [],
+            "signature": [
+              "boolean | undefined"
+            ],
+            "path": "packages/kbn-esql-validation-autocomplete/src/definitions/types.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
           {
             "parentPluginId": "@kbn/esql-validation-autocomplete",
             "id": "def-common.FunctionDefinition.ignoreAsSuggestion",
diff --git a/api_docs/kbn_esql_validation_autocomplete.mdx b/api_docs/kbn_esql_validation_autocomplete.mdx
index bdda8ed946225..a9230e54ee7e8 100644
--- a/api_docs/kbn_esql_validation_autocomplete.mdx
+++ b/api_docs/kbn_esql_validation_autocomplete.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-esql-validation-autocomplete
 title: "@kbn/esql-validation-autocomplete"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/esql-validation-autocomplete plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/esql-validation-autocomplete']
 ---
 import kbnEsqlValidationAutocompleteObj from './kbn_esql_validation_autocomplete.devdocs.json';
@@ -21,7 +21,7 @@ Contact [@elastic/kibana-esql](https://github.com/orgs/elastic/teams/kibana-esql
 
 | Public API count  | Any count | Items lacking comments | Missing exports |
 |-------------------|-----------|------------------------|-----------------|
-| 202 | 0 | 190 | 12 |
+| 203 | 0 | 191 | 12 |
 
 ## Common
 
diff --git a/api_docs/kbn_event_annotation_common.mdx b/api_docs/kbn_event_annotation_common.mdx
index 71ac2174e6918..30a95ee1fcd16 100644
--- a/api_docs/kbn_event_annotation_common.mdx
+++ b/api_docs/kbn_event_annotation_common.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-event-annotation-common
 title: "@kbn/event-annotation-common"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/event-annotation-common plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/event-annotation-common']
 ---
 import kbnEventAnnotationCommonObj from './kbn_event_annotation_common.devdocs.json';
diff --git a/api_docs/kbn_event_annotation_components.mdx b/api_docs/kbn_event_annotation_components.mdx
index ee224c8deeed9..0667a32b667fa 100644
--- a/api_docs/kbn_event_annotation_components.mdx
+++ b/api_docs/kbn_event_annotation_components.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-event-annotation-components
 title: "@kbn/event-annotation-components"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/event-annotation-components plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/event-annotation-components']
 ---
 import kbnEventAnnotationComponentsObj from './kbn_event_annotation_components.devdocs.json';
diff --git a/api_docs/kbn_expandable_flyout.mdx b/api_docs/kbn_expandable_flyout.mdx
index 5431633de2453..7fd6adafa1f7d 100644
--- a/api_docs/kbn_expandable_flyout.mdx
+++ b/api_docs/kbn_expandable_flyout.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-expandable-flyout
 title: "@kbn/expandable-flyout"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/expandable-flyout plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/expandable-flyout']
 ---
 import kbnExpandableFlyoutObj from './kbn_expandable_flyout.devdocs.json';
diff --git a/api_docs/kbn_field_types.mdx b/api_docs/kbn_field_types.mdx
index 69e7372f4de5e..89d19599040cd 100644
--- a/api_docs/kbn_field_types.mdx
+++ b/api_docs/kbn_field_types.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-field-types
 title: "@kbn/field-types"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/field-types plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/field-types']
 ---
 import kbnFieldTypesObj from './kbn_field_types.devdocs.json';
diff --git a/api_docs/kbn_field_utils.devdocs.json b/api_docs/kbn_field_utils.devdocs.json
index dbf48df734d64..4aa8b8c08607f 100644
--- a/api_docs/kbn_field_utils.devdocs.json
+++ b/api_docs/kbn_field_utils.devdocs.json
@@ -259,6 +259,53 @@
         "returnComment": [],
         "initialIsOpen": false
       },
+      {
+        "parentPluginId": "@kbn/field-utils",
+        "id": "def-common.fieldSupportsBreakdown",
+        "type": "Function",
+        "tags": [],
+        "label": "fieldSupportsBreakdown",
+        "description": [],
+        "signature": [
+          "(field: ",
+          {
+            "pluginId": "dataViews",
+            "scope": "common",
+            "docId": "kibDataViewsPluginApi",
+            "section": "def-common.DataViewField",
+            "text": "DataViewField"
+          },
+          ") => boolean"
+        ],
+        "path": "packages/kbn-field-utils/src/utils/field_supports_breakdown.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "children": [
+          {
+            "parentPluginId": "@kbn/field-utils",
+            "id": "def-common.fieldSupportsBreakdown.$1",
+            "type": "Object",
+            "tags": [],
+            "label": "field",
+            "description": [],
+            "signature": [
+              {
+                "pluginId": "dataViews",
+                "scope": "common",
+                "docId": "kibDataViewsPluginApi",
+                "section": "def-common.DataViewField",
+                "text": "DataViewField"
+              }
+            ],
+            "path": "packages/kbn-field-utils/src/utils/field_supports_breakdown.ts",
+            "deprecated": false,
+            "trackAdoption": false,
+            "isRequired": true
+          }
+        ],
+        "returnComment": [],
+        "initialIsOpen": false
+      },
       {
         "parentPluginId": "@kbn/field-utils",
         "id": "def-common.getFieldIconProps",
diff --git a/api_docs/kbn_field_utils.mdx b/api_docs/kbn_field_utils.mdx
index a69e347028788..f5c2ece91bd6d 100644
--- a/api_docs/kbn_field_utils.mdx
+++ b/api_docs/kbn_field_utils.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-field-utils
 title: "@kbn/field-utils"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/field-utils plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/field-utils']
 ---
 import kbnFieldUtilsObj from './kbn_field_utils.devdocs.json';
@@ -21,7 +21,7 @@ Contact [@elastic/kibana-data-discovery](https://github.com/orgs/elastic/teams/k
 
 | Public API count  | Any count | Items lacking comments | Missing exports |
 |-------------------|-----------|------------------------|-----------------|
-| 49 | 0 | 40 | 2 |
+| 51 | 0 | 42 | 2 |
 
 ## Common
 
diff --git a/api_docs/kbn_find_used_node_modules.mdx b/api_docs/kbn_find_used_node_modules.mdx
index dc8f6b7f3be16..39079914e6ff6 100644
--- a/api_docs/kbn_find_used_node_modules.mdx
+++ b/api_docs/kbn_find_used_node_modules.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-find-used-node-modules
 title: "@kbn/find-used-node-modules"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/find-used-node-modules plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/find-used-node-modules']
 ---
 import kbnFindUsedNodeModulesObj from './kbn_find_used_node_modules.devdocs.json';
diff --git a/api_docs/kbn_formatters.mdx b/api_docs/kbn_formatters.mdx
index 36d81b43db66d..b8716c9b81c6c 100644
--- a/api_docs/kbn_formatters.mdx
+++ b/api_docs/kbn_formatters.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-formatters
 title: "@kbn/formatters"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/formatters plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/formatters']
 ---
 import kbnFormattersObj from './kbn_formatters.devdocs.json';
diff --git a/api_docs/kbn_ftr_common_functional_services.mdx b/api_docs/kbn_ftr_common_functional_services.mdx
index a867f15a2ef95..9618ede097a0a 100644
--- a/api_docs/kbn_ftr_common_functional_services.mdx
+++ b/api_docs/kbn_ftr_common_functional_services.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ftr-common-functional-services
 title: "@kbn/ftr-common-functional-services"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/ftr-common-functional-services plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ftr-common-functional-services']
 ---
 import kbnFtrCommonFunctionalServicesObj from './kbn_ftr_common_functional_services.devdocs.json';
diff --git a/api_docs/kbn_ftr_common_functional_ui_services.mdx b/api_docs/kbn_ftr_common_functional_ui_services.mdx
index 723193f3ff8cb..43a5e16044901 100644
--- a/api_docs/kbn_ftr_common_functional_ui_services.mdx
+++ b/api_docs/kbn_ftr_common_functional_ui_services.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ftr-common-functional-ui-services
 title: "@kbn/ftr-common-functional-ui-services"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/ftr-common-functional-ui-services plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ftr-common-functional-ui-services']
 ---
 import kbnFtrCommonFunctionalUiServicesObj from './kbn_ftr_common_functional_ui_services.devdocs.json';
diff --git a/api_docs/kbn_generate.mdx b/api_docs/kbn_generate.mdx
index 431e1754c3d84..4d4433a6c32cf 100644
--- a/api_docs/kbn_generate.mdx
+++ b/api_docs/kbn_generate.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-generate
 title: "@kbn/generate"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/generate plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/generate']
 ---
 import kbnGenerateObj from './kbn_generate.devdocs.json';
diff --git a/api_docs/kbn_generate_console_definitions.mdx b/api_docs/kbn_generate_console_definitions.mdx
index 735ec74e591ca..01562b1d60f34 100644
--- a/api_docs/kbn_generate_console_definitions.mdx
+++ b/api_docs/kbn_generate_console_definitions.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-generate-console-definitions
 title: "@kbn/generate-console-definitions"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/generate-console-definitions plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/generate-console-definitions']
 ---
 import kbnGenerateConsoleDefinitionsObj from './kbn_generate_console_definitions.devdocs.json';
diff --git a/api_docs/kbn_generate_csv.mdx b/api_docs/kbn_generate_csv.mdx
index 993d1c37ed4fe..96bedcb2a5586 100644
--- a/api_docs/kbn_generate_csv.mdx
+++ b/api_docs/kbn_generate_csv.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-generate-csv
 title: "@kbn/generate-csv"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/generate-csv plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/generate-csv']
 ---
 import kbnGenerateCsvObj from './kbn_generate_csv.devdocs.json';
diff --git a/api_docs/kbn_grid_layout.mdx b/api_docs/kbn_grid_layout.mdx
index 57a3074656dc2..edb066cfb87cc 100644
--- a/api_docs/kbn_grid_layout.mdx
+++ b/api_docs/kbn_grid_layout.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-grid-layout
 title: "@kbn/grid-layout"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/grid-layout plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/grid-layout']
 ---
 import kbnGridLayoutObj from './kbn_grid_layout.devdocs.json';
diff --git a/api_docs/kbn_grouping.mdx b/api_docs/kbn_grouping.mdx
index 95cce0d41bab8..c2eed1d5f8fd8 100644
--- a/api_docs/kbn_grouping.mdx
+++ b/api_docs/kbn_grouping.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-grouping
 title: "@kbn/grouping"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/grouping plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/grouping']
 ---
 import kbnGroupingObj from './kbn_grouping.devdocs.json';
diff --git a/api_docs/kbn_guided_onboarding.mdx b/api_docs/kbn_guided_onboarding.mdx
index 567731d8779b5..9d8a044e44f53 100644
--- a/api_docs/kbn_guided_onboarding.mdx
+++ b/api_docs/kbn_guided_onboarding.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-guided-onboarding
 title: "@kbn/guided-onboarding"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/guided-onboarding plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/guided-onboarding']
 ---
 import kbnGuidedOnboardingObj from './kbn_guided_onboarding.devdocs.json';
diff --git a/api_docs/kbn_handlebars.mdx b/api_docs/kbn_handlebars.mdx
index 2124fcf4aed6a..898ad2d1c3e55 100644
--- a/api_docs/kbn_handlebars.mdx
+++ b/api_docs/kbn_handlebars.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-handlebars
 title: "@kbn/handlebars"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/handlebars plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/handlebars']
 ---
 import kbnHandlebarsObj from './kbn_handlebars.devdocs.json';
diff --git a/api_docs/kbn_hapi_mocks.mdx b/api_docs/kbn_hapi_mocks.mdx
index 320bed94d54a5..bfbfae8092c4b 100644
--- a/api_docs/kbn_hapi_mocks.mdx
+++ b/api_docs/kbn_hapi_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-hapi-mocks
 title: "@kbn/hapi-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/hapi-mocks plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/hapi-mocks']
 ---
 import kbnHapiMocksObj from './kbn_hapi_mocks.devdocs.json';
diff --git a/api_docs/kbn_health_gateway_server.mdx b/api_docs/kbn_health_gateway_server.mdx
index 1d262d68de226..d28ccdb3b1ae0 100644
--- a/api_docs/kbn_health_gateway_server.mdx
+++ b/api_docs/kbn_health_gateway_server.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-health-gateway-server
 title: "@kbn/health-gateway-server"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/health-gateway-server plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/health-gateway-server']
 ---
 import kbnHealthGatewayServerObj from './kbn_health_gateway_server.devdocs.json';
diff --git a/api_docs/kbn_home_sample_data_card.mdx b/api_docs/kbn_home_sample_data_card.mdx
index a706989eea5a6..6611c68bc281e 100644
--- a/api_docs/kbn_home_sample_data_card.mdx
+++ b/api_docs/kbn_home_sample_data_card.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-home-sample-data-card
 title: "@kbn/home-sample-data-card"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/home-sample-data-card plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/home-sample-data-card']
 ---
 import kbnHomeSampleDataCardObj from './kbn_home_sample_data_card.devdocs.json';
diff --git a/api_docs/kbn_home_sample_data_tab.mdx b/api_docs/kbn_home_sample_data_tab.mdx
index 26fe80f6e1c7a..c1a6f6925a6e5 100644
--- a/api_docs/kbn_home_sample_data_tab.mdx
+++ b/api_docs/kbn_home_sample_data_tab.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-home-sample-data-tab
 title: "@kbn/home-sample-data-tab"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/home-sample-data-tab plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/home-sample-data-tab']
 ---
 import kbnHomeSampleDataTabObj from './kbn_home_sample_data_tab.devdocs.json';
diff --git a/api_docs/kbn_i18n.mdx b/api_docs/kbn_i18n.mdx
index f4ce63cdc4391..0e814ca3fb7d9 100644
--- a/api_docs/kbn_i18n.mdx
+++ b/api_docs/kbn_i18n.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-i18n
 title: "@kbn/i18n"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/i18n plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/i18n']
 ---
 import kbnI18nObj from './kbn_i18n.devdocs.json';
diff --git a/api_docs/kbn_i18n_react.mdx b/api_docs/kbn_i18n_react.mdx
index 8b7f563d8da94..272c1715dd2b9 100644
--- a/api_docs/kbn_i18n_react.mdx
+++ b/api_docs/kbn_i18n_react.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-i18n-react
 title: "@kbn/i18n-react"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/i18n-react plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/i18n-react']
 ---
 import kbnI18nReactObj from './kbn_i18n_react.devdocs.json';
diff --git a/api_docs/kbn_import_resolver.mdx b/api_docs/kbn_import_resolver.mdx
index c776e26e543b7..d4178d5ddb1d6 100644
--- a/api_docs/kbn_import_resolver.mdx
+++ b/api_docs/kbn_import_resolver.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-import-resolver
 title: "@kbn/import-resolver"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/import-resolver plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/import-resolver']
 ---
 import kbnImportResolverObj from './kbn_import_resolver.devdocs.json';
diff --git a/api_docs/kbn_index_adapter.devdocs.json b/api_docs/kbn_index_adapter.devdocs.json
new file mode 100644
index 0000000000000..d87eeacf45bab
--- /dev/null
+++ b/api_docs/kbn_index_adapter.devdocs.json
@@ -0,0 +1,1466 @@
+{
+  "id": "@kbn/index-adapter",
+  "client": {
+    "classes": [],
+    "functions": [],
+    "interfaces": [],
+    "enums": [],
+    "misc": [],
+    "objects": []
+  },
+  "server": {
+    "classes": [
+      {
+        "parentPluginId": "@kbn/index-adapter",
+        "id": "def-server.IndexAdapter",
+        "type": "Class",
+        "tags": [],
+        "label": "IndexAdapter",
+        "description": [],
+        "path": "packages/kbn-index-adapter/src/index_adapter.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "children": [
+          {
+            "parentPluginId": "@kbn/index-adapter",
+            "id": "def-server.IndexAdapter.kibanaVersion",
+            "type": "string",
+            "tags": [],
+            "label": "kibanaVersion",
+            "description": [],
+            "path": "packages/kbn-index-adapter/src/index_adapter.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "@kbn/index-adapter",
+            "id": "def-server.IndexAdapter.totalFieldsLimit",
+            "type": "number",
+            "tags": [],
+            "label": "totalFieldsLimit",
+            "description": [],
+            "path": "packages/kbn-index-adapter/src/index_adapter.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "@kbn/index-adapter",
+            "id": "def-server.IndexAdapter.componentTemplates",
+            "type": "Array",
+            "tags": [],
+            "label": "componentTemplates",
+            "description": [],
+            "signature": [
+              "ClusterPutComponentTemplateRequest",
+              "[]"
+            ],
+            "path": "packages/kbn-index-adapter/src/index_adapter.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "@kbn/index-adapter",
+            "id": "def-server.IndexAdapter.indexTemplates",
+            "type": "Array",
+            "tags": [],
+            "label": "indexTemplates",
+            "description": [],
+            "signature": [
+              "IndicesPutIndexTemplateRequest",
+              "[]"
+            ],
+            "path": "packages/kbn-index-adapter/src/index_adapter.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "@kbn/index-adapter",
+            "id": "def-server.IndexAdapter.installed",
+            "type": "boolean",
+            "tags": [],
+            "label": "installed",
+            "description": [],
+            "path": "packages/kbn-index-adapter/src/index_adapter.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "@kbn/index-adapter",
+            "id": "def-server.IndexAdapter.Unnamed",
+            "type": "Function",
+            "tags": [],
+            "label": "Constructor",
+            "description": [],
+            "signature": [
+              "any"
+            ],
+            "path": "packages/kbn-index-adapter/src/index_adapter.ts",
+            "deprecated": false,
+            "trackAdoption": false,
+            "children": [
+              {
+                "parentPluginId": "@kbn/index-adapter",
+                "id": "def-server.IndexAdapter.Unnamed.$1",
+                "type": "string",
+                "tags": [],
+                "label": "name",
+                "description": [],
+                "signature": [
+                  "string"
+                ],
+                "path": "packages/kbn-index-adapter/src/index_adapter.ts",
+                "deprecated": false,
+                "trackAdoption": false,
+                "isRequired": true
+              },
+              {
+                "parentPluginId": "@kbn/index-adapter",
+                "id": "def-server.IndexAdapter.Unnamed.$2",
+                "type": "Object",
+                "tags": [],
+                "label": "options",
+                "description": [],
+                "signature": [
+                  {
+                    "pluginId": "@kbn/index-adapter",
+                    "scope": "server",
+                    "docId": "kibKbnIndexAdapterPluginApi",
+                    "section": "def-server.IndexAdapterParams",
+                    "text": "IndexAdapterParams"
+                  }
+                ],
+                "path": "packages/kbn-index-adapter/src/index_adapter.ts",
+                "deprecated": false,
+                "trackAdoption": false,
+                "isRequired": true
+              }
+            ],
+            "returnComment": []
+          },
+          {
+            "parentPluginId": "@kbn/index-adapter",
+            "id": "def-server.IndexAdapter.setComponentTemplate",
+            "type": "Function",
+            "tags": [],
+            "label": "setComponentTemplate",
+            "description": [],
+            "signature": [
+              "(params: ",
+              "GetComponentTemplateOpts",
+              ") => void"
+            ],
+            "path": "packages/kbn-index-adapter/src/index_adapter.ts",
+            "deprecated": false,
+            "trackAdoption": false,
+            "children": [
+              {
+                "parentPluginId": "@kbn/index-adapter",
+                "id": "def-server.IndexAdapter.setComponentTemplate.$1",
+                "type": "Object",
+                "tags": [],
+                "label": "params",
+                "description": [],
+                "signature": [
+                  "GetComponentTemplateOpts"
+                ],
+                "path": "packages/kbn-index-adapter/src/index_adapter.ts",
+                "deprecated": false,
+                "trackAdoption": false,
+                "isRequired": true
+              }
+            ],
+            "returnComment": []
+          },
+          {
+            "parentPluginId": "@kbn/index-adapter",
+            "id": "def-server.IndexAdapter.setIndexTemplate",
+            "type": "Function",
+            "tags": [],
+            "label": "setIndexTemplate",
+            "description": [],
+            "signature": [
+              "(params: ",
+              {
+                "pluginId": "@kbn/index-adapter",
+                "scope": "server",
+                "docId": "kibKbnIndexAdapterPluginApi",
+                "section": "def-server.SetIndexTemplateParams",
+                "text": "SetIndexTemplateParams"
+              },
+              ") => void"
+            ],
+            "path": "packages/kbn-index-adapter/src/index_adapter.ts",
+            "deprecated": false,
+            "trackAdoption": false,
+            "children": [
+              {
+                "parentPluginId": "@kbn/index-adapter",
+                "id": "def-server.IndexAdapter.setIndexTemplate.$1",
+                "type": "Object",
+                "tags": [],
+                "label": "params",
+                "description": [],
+                "signature": [
+                  {
+                    "pluginId": "@kbn/index-adapter",
+                    "scope": "server",
+                    "docId": "kibKbnIndexAdapterPluginApi",
+                    "section": "def-server.SetIndexTemplateParams",
+                    "text": "SetIndexTemplateParams"
+                  }
+                ],
+                "path": "packages/kbn-index-adapter/src/index_adapter.ts",
+                "deprecated": false,
+                "trackAdoption": false,
+                "isRequired": true
+              }
+            ],
+            "returnComment": []
+          },
+          {
+            "parentPluginId": "@kbn/index-adapter",
+            "id": "def-server.IndexAdapter.getInstallFn",
+            "type": "Function",
+            "tags": [],
+            "label": "getInstallFn",
+            "description": [],
+            "signature": [
+              "({ logger, pluginStop$, tasksTimeoutMs }: ",
+              "GetInstallFnParams",
+              ") => (promise: Promise<void>, description?: string | undefined) => Promise<void>"
+            ],
+            "path": "packages/kbn-index-adapter/src/index_adapter.ts",
+            "deprecated": false,
+            "trackAdoption": false,
+            "children": [
+              {
+                "parentPluginId": "@kbn/index-adapter",
+                "id": "def-server.IndexAdapter.getInstallFn.$1",
+                "type": "Object",
+                "tags": [],
+                "label": "{ logger, pluginStop$, tasksTimeoutMs }",
+                "description": [],
+                "signature": [
+                  "GetInstallFnParams"
+                ],
+                "path": "packages/kbn-index-adapter/src/index_adapter.ts",
+                "deprecated": false,
+                "trackAdoption": false,
+                "isRequired": true
+              }
+            ],
+            "returnComment": []
+          },
+          {
+            "parentPluginId": "@kbn/index-adapter",
+            "id": "def-server.IndexAdapter.installTemplates",
+            "type": "Function",
+            "tags": [],
+            "label": "installTemplates",
+            "description": [],
+            "signature": [
+              "(params: ",
+              {
+                "pluginId": "@kbn/index-adapter",
+                "scope": "server",
+                "docId": "kibKbnIndexAdapterPluginApi",
+                "section": "def-server.InstallParams",
+                "text": "InstallParams"
+              },
+              ") => Promise<void>"
+            ],
+            "path": "packages/kbn-index-adapter/src/index_adapter.ts",
+            "deprecated": false,
+            "trackAdoption": false,
+            "children": [
+              {
+                "parentPluginId": "@kbn/index-adapter",
+                "id": "def-server.IndexAdapter.installTemplates.$1",
+                "type": "Object",
+                "tags": [],
+                "label": "params",
+                "description": [],
+                "signature": [
+                  {
+                    "pluginId": "@kbn/index-adapter",
+                    "scope": "server",
+                    "docId": "kibKbnIndexAdapterPluginApi",
+                    "section": "def-server.InstallParams",
+                    "text": "InstallParams"
+                  }
+                ],
+                "path": "packages/kbn-index-adapter/src/index_adapter.ts",
+                "deprecated": false,
+                "trackAdoption": false,
+                "isRequired": true
+              }
+            ],
+            "returnComment": []
+          },
+          {
+            "parentPluginId": "@kbn/index-adapter",
+            "id": "def-server.IndexAdapter.install",
+            "type": "Function",
+            "tags": [],
+            "label": "install",
+            "description": [],
+            "signature": [
+              "(params: ",
+              {
+                "pluginId": "@kbn/index-adapter",
+                "scope": "server",
+                "docId": "kibKbnIndexAdapterPluginApi",
+                "section": "def-server.InstallParams",
+                "text": "InstallParams"
+              },
+              ") => Promise<void>"
+            ],
+            "path": "packages/kbn-index-adapter/src/index_adapter.ts",
+            "deprecated": false,
+            "trackAdoption": false,
+            "children": [
+              {
+                "parentPluginId": "@kbn/index-adapter",
+                "id": "def-server.IndexAdapter.install.$1",
+                "type": "Object",
+                "tags": [],
+                "label": "params",
+                "description": [],
+                "signature": [
+                  {
+                    "pluginId": "@kbn/index-adapter",
+                    "scope": "server",
+                    "docId": "kibKbnIndexAdapterPluginApi",
+                    "section": "def-server.InstallParams",
+                    "text": "InstallParams"
+                  }
+                ],
+                "path": "packages/kbn-index-adapter/src/index_adapter.ts",
+                "deprecated": false,
+                "trackAdoption": false,
+                "isRequired": true
+              }
+            ],
+            "returnComment": []
+          }
+        ],
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/index-adapter",
+        "id": "def-server.IndexPatternAdapter",
+        "type": "Class",
+        "tags": [],
+        "label": "IndexPatternAdapter",
+        "description": [],
+        "signature": [
+          {
+            "pluginId": "@kbn/index-adapter",
+            "scope": "server",
+            "docId": "kibKbnIndexAdapterPluginApi",
+            "section": "def-server.IndexPatternAdapter",
+            "text": "IndexPatternAdapter"
+          },
+          " extends ",
+          {
+            "pluginId": "@kbn/index-adapter",
+            "scope": "server",
+            "docId": "kibKbnIndexAdapterPluginApi",
+            "section": "def-server.IndexAdapter",
+            "text": "IndexAdapter"
+          }
+        ],
+        "path": "packages/kbn-index-adapter/src/index_pattern_adapter.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "children": [
+          {
+            "parentPluginId": "@kbn/index-adapter",
+            "id": "def-server.IndexPatternAdapter.installationPromises",
+            "type": "Object",
+            "tags": [],
+            "label": "installationPromises",
+            "description": [],
+            "signature": [
+              "Map<string, Promise<void>>"
+            ],
+            "path": "packages/kbn-index-adapter/src/index_pattern_adapter.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "@kbn/index-adapter",
+            "id": "def-server.IndexPatternAdapter.installIndexPromise",
+            "type": "Object",
+            "tags": [],
+            "label": "installIndexPromise",
+            "description": [],
+            "signature": [
+              "Promise<",
+              {
+                "pluginId": "@kbn/index-adapter",
+                "scope": "server",
+                "docId": "kibKbnIndexAdapterPluginApi",
+                "section": "def-server.InstallIndex",
+                "text": "InstallIndex"
+              },
+              "> | undefined"
+            ],
+            "path": "packages/kbn-index-adapter/src/index_pattern_adapter.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "@kbn/index-adapter",
+            "id": "def-server.IndexPatternAdapter.Unnamed",
+            "type": "Function",
+            "tags": [],
+            "label": "Constructor",
+            "description": [],
+            "signature": [
+              "any"
+            ],
+            "path": "packages/kbn-index-adapter/src/index_pattern_adapter.ts",
+            "deprecated": false,
+            "trackAdoption": false,
+            "children": [
+              {
+                "parentPluginId": "@kbn/index-adapter",
+                "id": "def-server.IndexPatternAdapter.Unnamed.$1",
+                "type": "string",
+                "tags": [],
+                "label": "prefix",
+                "description": [],
+                "signature": [
+                  "string"
+                ],
+                "path": "packages/kbn-index-adapter/src/index_pattern_adapter.ts",
+                "deprecated": false,
+                "trackAdoption": false,
+                "isRequired": true
+              },
+              {
+                "parentPluginId": "@kbn/index-adapter",
+                "id": "def-server.IndexPatternAdapter.Unnamed.$2",
+                "type": "Object",
+                "tags": [],
+                "label": "options",
+                "description": [],
+                "signature": [
+                  {
+                    "pluginId": "@kbn/index-adapter",
+                    "scope": "server",
+                    "docId": "kibKbnIndexAdapterPluginApi",
+                    "section": "def-server.IndexAdapterParams",
+                    "text": "IndexAdapterParams"
+                  }
+                ],
+                "path": "packages/kbn-index-adapter/src/index_pattern_adapter.ts",
+                "deprecated": false,
+                "trackAdoption": false,
+                "isRequired": true
+              }
+            ],
+            "returnComment": []
+          },
+          {
+            "parentPluginId": "@kbn/index-adapter",
+            "id": "def-server.IndexPatternAdapter.install",
+            "type": "Function",
+            "tags": [],
+            "label": "install",
+            "description": [
+              "Method to create/update the templates, update existing indices and setup internal state for the adapter."
+            ],
+            "signature": [
+              "(params: ",
+              {
+                "pluginId": "@kbn/index-adapter",
+                "scope": "server",
+                "docId": "kibKbnIndexAdapterPluginApi",
+                "section": "def-server.InstallParams",
+                "text": "InstallParams"
+              },
+              ") => Promise<void>"
+            ],
+            "path": "packages/kbn-index-adapter/src/index_pattern_adapter.ts",
+            "deprecated": false,
+            "trackAdoption": false,
+            "children": [
+              {
+                "parentPluginId": "@kbn/index-adapter",
+                "id": "def-server.IndexPatternAdapter.install.$1",
+                "type": "Object",
+                "tags": [],
+                "label": "params",
+                "description": [],
+                "signature": [
+                  {
+                    "pluginId": "@kbn/index-adapter",
+                    "scope": "server",
+                    "docId": "kibKbnIndexAdapterPluginApi",
+                    "section": "def-server.InstallParams",
+                    "text": "InstallParams"
+                  }
+                ],
+                "path": "packages/kbn-index-adapter/src/index_pattern_adapter.ts",
+                "deprecated": false,
+                "trackAdoption": false,
+                "isRequired": true
+              }
+            ],
+            "returnComment": []
+          },
+          {
+            "parentPluginId": "@kbn/index-adapter",
+            "id": "def-server.IndexPatternAdapter._install",
+            "type": "Function",
+            "tags": [],
+            "label": "_install",
+            "description": [],
+            "signature": [
+              "(params: ",
+              {
+                "pluginId": "@kbn/index-adapter",
+                "scope": "server",
+                "docId": "kibKbnIndexAdapterPluginApi",
+                "section": "def-server.InstallParams",
+                "text": "InstallParams"
+              },
+              ") => Promise<",
+              {
+                "pluginId": "@kbn/index-adapter",
+                "scope": "server",
+                "docId": "kibKbnIndexAdapterPluginApi",
+                "section": "def-server.InstallIndex",
+                "text": "InstallIndex"
+              },
+              ">"
+            ],
+            "path": "packages/kbn-index-adapter/src/index_pattern_adapter.ts",
+            "deprecated": false,
+            "trackAdoption": false,
+            "children": [
+              {
+                "parentPluginId": "@kbn/index-adapter",
+                "id": "def-server.IndexPatternAdapter._install.$1",
+                "type": "Object",
+                "tags": [],
+                "label": "params",
+                "description": [],
+                "signature": [
+                  {
+                    "pluginId": "@kbn/index-adapter",
+                    "scope": "server",
+                    "docId": "kibKbnIndexAdapterPluginApi",
+                    "section": "def-server.InstallParams",
+                    "text": "InstallParams"
+                  }
+                ],
+                "path": "packages/kbn-index-adapter/src/index_pattern_adapter.ts",
+                "deprecated": false,
+                "trackAdoption": false,
+                "isRequired": true
+              }
+            ],
+            "returnComment": []
+          },
+          {
+            "parentPluginId": "@kbn/index-adapter",
+            "id": "def-server.IndexPatternAdapter.createIndex",
+            "type": "Function",
+            "tags": [],
+            "label": "createIndex",
+            "description": [
+              "\nMethod to create the index for a given index suffix.\nStores the installations promises to avoid concurrent installations for the same index.\nIndex creation will only be attempted once per index suffix and existence will be checked before creating."
+            ],
+            "signature": [
+              "(indexSuffix: string) => Promise<void>"
+            ],
+            "path": "packages/kbn-index-adapter/src/index_pattern_adapter.ts",
+            "deprecated": false,
+            "trackAdoption": false,
+            "children": [
+              {
+                "parentPluginId": "@kbn/index-adapter",
+                "id": "def-server.IndexPatternAdapter.createIndex.$1",
+                "type": "string",
+                "tags": [],
+                "label": "indexSuffix",
+                "description": [],
+                "signature": [
+                  "string"
+                ],
+                "path": "packages/kbn-index-adapter/src/index_pattern_adapter.ts",
+                "deprecated": false,
+                "trackAdoption": false,
+                "isRequired": true
+              }
+            ],
+            "returnComment": []
+          },
+          {
+            "parentPluginId": "@kbn/index-adapter",
+            "id": "def-server.IndexPatternAdapter.getIndexName",
+            "type": "Function",
+            "tags": [],
+            "label": "getIndexName",
+            "description": [
+              "Method to get the full index name for a given index suffix."
+            ],
+            "signature": [
+              "(indexSuffix: string) => string"
+            ],
+            "path": "packages/kbn-index-adapter/src/index_pattern_adapter.ts",
+            "deprecated": false,
+            "trackAdoption": false,
+            "children": [
+              {
+                "parentPluginId": "@kbn/index-adapter",
+                "id": "def-server.IndexPatternAdapter.getIndexName.$1",
+                "type": "string",
+                "tags": [],
+                "label": "indexSuffix",
+                "description": [],
+                "signature": [
+                  "string"
+                ],
+                "path": "packages/kbn-index-adapter/src/index_pattern_adapter.ts",
+                "deprecated": false,
+                "trackAdoption": false,
+                "isRequired": true
+              }
+            ],
+            "returnComment": []
+          },
+          {
+            "parentPluginId": "@kbn/index-adapter",
+            "id": "def-server.IndexPatternAdapter.getInstalledIndexName",
+            "type": "Function",
+            "tags": [],
+            "label": "getInstalledIndexName",
+            "description": [
+              "Method to get the full index name for a given index suffix. It returns undefined if the index does not exist."
+            ],
+            "signature": [
+              "(indexSuffix: string) => Promise<string | undefined>"
+            ],
+            "path": "packages/kbn-index-adapter/src/index_pattern_adapter.ts",
+            "deprecated": false,
+            "trackAdoption": false,
+            "children": [
+              {
+                "parentPluginId": "@kbn/index-adapter",
+                "id": "def-server.IndexPatternAdapter.getInstalledIndexName.$1",
+                "type": "string",
+                "tags": [],
+                "label": "indexSuffix",
+                "description": [],
+                "signature": [
+                  "string"
+                ],
+                "path": "packages/kbn-index-adapter/src/index_pattern_adapter.ts",
+                "deprecated": false,
+                "trackAdoption": false,
+                "isRequired": true
+              }
+            ],
+            "returnComment": []
+          }
+        ],
+        "initialIsOpen": false
+      }
+    ],
+    "functions": [
+      {
+        "parentPluginId": "@kbn/index-adapter",
+        "id": "def-server.createOrUpdateComponentTemplate",
+        "type": "Function",
+        "tags": [],
+        "label": "createOrUpdateComponentTemplate",
+        "description": [],
+        "signature": [
+          "({ logger, esClient, template, totalFieldsLimit, }: CreateOrUpdateComponentTemplateOpts) => Promise<void>"
+        ],
+        "path": "packages/kbn-index-adapter/src/create_or_update_component_template.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "children": [
+          {
+            "parentPluginId": "@kbn/index-adapter",
+            "id": "def-server.createOrUpdateComponentTemplate.$1",
+            "type": "Object",
+            "tags": [],
+            "label": "{\n  logger,\n  esClient,\n  template,\n  totalFieldsLimit,\n}",
+            "description": [],
+            "signature": [
+              "CreateOrUpdateComponentTemplateOpts"
+            ],
+            "path": "packages/kbn-index-adapter/src/create_or_update_component_template.ts",
+            "deprecated": false,
+            "trackAdoption": false,
+            "isRequired": true
+          }
+        ],
+        "returnComment": [],
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/index-adapter",
+        "id": "def-server.createOrUpdateIndexTemplate",
+        "type": "Function",
+        "tags": [],
+        "label": "createOrUpdateIndexTemplate",
+        "description": [
+          "\nInstalls index template that uses installed component template\nPrior to installation, simulates the installation to check for possible\nconflicts. Simulate should return an empty mapping if a template\nconflicts with an already installed template."
+        ],
+        "signature": [
+          "({ logger, esClient, template, }: CreateOrUpdateIndexTemplateOpts) => Promise<void>"
+        ],
+        "path": "packages/kbn-index-adapter/src/create_or_update_index_template.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "children": [
+          {
+            "parentPluginId": "@kbn/index-adapter",
+            "id": "def-server.createOrUpdateIndexTemplate.$1",
+            "type": "Object",
+            "tags": [],
+            "label": "{\n  logger,\n  esClient,\n  template,\n}",
+            "description": [],
+            "signature": [
+              "CreateOrUpdateIndexTemplateOpts"
+            ],
+            "path": "packages/kbn-index-adapter/src/create_or_update_index_template.ts",
+            "deprecated": false,
+            "trackAdoption": false,
+            "isRequired": true
+          }
+        ],
+        "returnComment": [],
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/index-adapter",
+        "id": "def-server.retryTransientEsErrors",
+        "type": "Function",
+        "tags": [],
+        "label": "retryTransientEsErrors",
+        "description": [],
+        "signature": [
+          "<T>(esCall: () => Promise<T>, { logger, attempt }: { logger: ",
+          {
+            "pluginId": "@kbn/logging",
+            "scope": "common",
+            "docId": "kibKbnLoggingPluginApi",
+            "section": "def-common.Logger",
+            "text": "Logger"
+          },
+          "; attempt?: number | undefined; }) => Promise<T>"
+        ],
+        "path": "packages/kbn-index-adapter/src/retry_transient_es_errors.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "children": [
+          {
+            "parentPluginId": "@kbn/index-adapter",
+            "id": "def-server.retryTransientEsErrors.$1",
+            "type": "Function",
+            "tags": [],
+            "label": "esCall",
+            "description": [],
+            "signature": [
+              "() => Promise<T>"
+            ],
+            "path": "packages/kbn-index-adapter/src/retry_transient_es_errors.ts",
+            "deprecated": false,
+            "trackAdoption": false,
+            "isRequired": true
+          },
+          {
+            "parentPluginId": "@kbn/index-adapter",
+            "id": "def-server.retryTransientEsErrors.$2",
+            "type": "Object",
+            "tags": [],
+            "label": "{ logger, attempt = 0 }",
+            "description": [],
+            "path": "packages/kbn-index-adapter/src/retry_transient_es_errors.ts",
+            "deprecated": false,
+            "trackAdoption": false,
+            "children": [
+              {
+                "parentPluginId": "@kbn/index-adapter",
+                "id": "def-server.retryTransientEsErrors.$2.logger",
+                "type": "Object",
+                "tags": [],
+                "label": "logger",
+                "description": [],
+                "signature": [
+                  {
+                    "pluginId": "@kbn/logging",
+                    "scope": "common",
+                    "docId": "kibKbnLoggingPluginApi",
+                    "section": "def-common.Logger",
+                    "text": "Logger"
+                  }
+                ],
+                "path": "packages/kbn-index-adapter/src/retry_transient_es_errors.ts",
+                "deprecated": false,
+                "trackAdoption": false
+              },
+              {
+                "parentPluginId": "@kbn/index-adapter",
+                "id": "def-server.retryTransientEsErrors.$2.attempt",
+                "type": "number",
+                "tags": [],
+                "label": "attempt",
+                "description": [],
+                "signature": [
+                  "number | undefined"
+                ],
+                "path": "packages/kbn-index-adapter/src/retry_transient_es_errors.ts",
+                "deprecated": false,
+                "trackAdoption": false
+              }
+            ]
+          }
+        ],
+        "returnComment": [],
+        "initialIsOpen": false
+      }
+    ],
+    "interfaces": [
+      {
+        "parentPluginId": "@kbn/index-adapter",
+        "id": "def-server.AllowedValue",
+        "type": "Interface",
+        "tags": [],
+        "label": "AllowedValue",
+        "description": [],
+        "path": "packages/kbn-index-adapter/src/field_maps/types.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "children": [
+          {
+            "parentPluginId": "@kbn/index-adapter",
+            "id": "def-server.AllowedValue.description",
+            "type": "string",
+            "tags": [],
+            "label": "description",
+            "description": [],
+            "signature": [
+              "string | undefined"
+            ],
+            "path": "packages/kbn-index-adapter/src/field_maps/types.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "@kbn/index-adapter",
+            "id": "def-server.AllowedValue.name",
+            "type": "string",
+            "tags": [],
+            "label": "name",
+            "description": [],
+            "signature": [
+              "string | undefined"
+            ],
+            "path": "packages/kbn-index-adapter/src/field_maps/types.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          }
+        ],
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/index-adapter",
+        "id": "def-server.EcsMetadata",
+        "type": "Interface",
+        "tags": [],
+        "label": "EcsMetadata",
+        "description": [],
+        "path": "packages/kbn-index-adapter/src/field_maps/types.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "children": [
+          {
+            "parentPluginId": "@kbn/index-adapter",
+            "id": "def-server.EcsMetadata.allowed_values",
+            "type": "Array",
+            "tags": [],
+            "label": "allowed_values",
+            "description": [],
+            "signature": [
+              {
+                "pluginId": "@kbn/index-adapter",
+                "scope": "server",
+                "docId": "kibKbnIndexAdapterPluginApi",
+                "section": "def-server.AllowedValue",
+                "text": "AllowedValue"
+              },
+              "[] | undefined"
+            ],
+            "path": "packages/kbn-index-adapter/src/field_maps/types.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "@kbn/index-adapter",
+            "id": "def-server.EcsMetadata.dashed_name",
+            "type": "string",
+            "tags": [],
+            "label": "dashed_name",
+            "description": [],
+            "path": "packages/kbn-index-adapter/src/field_maps/types.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "@kbn/index-adapter",
+            "id": "def-server.EcsMetadata.description",
+            "type": "string",
+            "tags": [],
+            "label": "description",
+            "description": [],
+            "path": "packages/kbn-index-adapter/src/field_maps/types.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "@kbn/index-adapter",
+            "id": "def-server.EcsMetadata.doc_values",
+            "type": "CompoundType",
+            "tags": [],
+            "label": "doc_values",
+            "description": [],
+            "signature": [
+              "boolean | undefined"
+            ],
+            "path": "packages/kbn-index-adapter/src/field_maps/types.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "@kbn/index-adapter",
+            "id": "def-server.EcsMetadata.example",
+            "type": "CompoundType",
+            "tags": [],
+            "label": "example",
+            "description": [],
+            "signature": [
+              "string | number | boolean | undefined"
+            ],
+            "path": "packages/kbn-index-adapter/src/field_maps/types.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "@kbn/index-adapter",
+            "id": "def-server.EcsMetadata.flat_name",
+            "type": "string",
+            "tags": [],
+            "label": "flat_name",
+            "description": [],
+            "path": "packages/kbn-index-adapter/src/field_maps/types.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "@kbn/index-adapter",
+            "id": "def-server.EcsMetadata.ignore_above",
+            "type": "number",
+            "tags": [],
+            "label": "ignore_above",
+            "description": [],
+            "signature": [
+              "number | undefined"
+            ],
+            "path": "packages/kbn-index-adapter/src/field_maps/types.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "@kbn/index-adapter",
+            "id": "def-server.EcsMetadata.index",
+            "type": "CompoundType",
+            "tags": [],
+            "label": "index",
+            "description": [],
+            "signature": [
+              "boolean | undefined"
+            ],
+            "path": "packages/kbn-index-adapter/src/field_maps/types.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "@kbn/index-adapter",
+            "id": "def-server.EcsMetadata.level",
+            "type": "string",
+            "tags": [],
+            "label": "level",
+            "description": [],
+            "path": "packages/kbn-index-adapter/src/field_maps/types.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "@kbn/index-adapter",
+            "id": "def-server.EcsMetadata.multi_fields",
+            "type": "Array",
+            "tags": [],
+            "label": "multi_fields",
+            "description": [],
+            "signature": [
+              {
+                "pluginId": "@kbn/index-adapter",
+                "scope": "server",
+                "docId": "kibKbnIndexAdapterPluginApi",
+                "section": "def-server.MultiField",
+                "text": "MultiField"
+              },
+              "[] | undefined"
+            ],
+            "path": "packages/kbn-index-adapter/src/field_maps/types.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "@kbn/index-adapter",
+            "id": "def-server.EcsMetadata.name",
+            "type": "string",
+            "tags": [],
+            "label": "name",
+            "description": [],
+            "path": "packages/kbn-index-adapter/src/field_maps/types.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "@kbn/index-adapter",
+            "id": "def-server.EcsMetadata.normalize",
+            "type": "Array",
+            "tags": [],
+            "label": "normalize",
+            "description": [],
+            "signature": [
+              "string[]"
+            ],
+            "path": "packages/kbn-index-adapter/src/field_maps/types.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "@kbn/index-adapter",
+            "id": "def-server.EcsMetadata.required",
+            "type": "CompoundType",
+            "tags": [],
+            "label": "required",
+            "description": [],
+            "signature": [
+              "boolean | undefined"
+            ],
+            "path": "packages/kbn-index-adapter/src/field_maps/types.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "@kbn/index-adapter",
+            "id": "def-server.EcsMetadata.scaling_factor",
+            "type": "number",
+            "tags": [],
+            "label": "scaling_factor",
+            "description": [],
+            "signature": [
+              "number | undefined"
+            ],
+            "path": "packages/kbn-index-adapter/src/field_maps/types.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "@kbn/index-adapter",
+            "id": "def-server.EcsMetadata.short",
+            "type": "string",
+            "tags": [],
+            "label": "short",
+            "description": [],
+            "path": "packages/kbn-index-adapter/src/field_maps/types.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "@kbn/index-adapter",
+            "id": "def-server.EcsMetadata.type",
+            "type": "string",
+            "tags": [],
+            "label": "type",
+            "description": [],
+            "path": "packages/kbn-index-adapter/src/field_maps/types.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "@kbn/index-adapter",
+            "id": "def-server.EcsMetadata.properties",
+            "type": "Object",
+            "tags": [],
+            "label": "properties",
+            "description": [],
+            "signature": [
+              "Record<string, { type: string; }> | undefined"
+            ],
+            "path": "packages/kbn-index-adapter/src/field_maps/types.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          }
+        ],
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/index-adapter",
+        "id": "def-server.IndexAdapterParams",
+        "type": "Interface",
+        "tags": [],
+        "label": "IndexAdapterParams",
+        "description": [],
+        "path": "packages/kbn-index-adapter/src/index_adapter.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "children": [
+          {
+            "parentPluginId": "@kbn/index-adapter",
+            "id": "def-server.IndexAdapterParams.kibanaVersion",
+            "type": "string",
+            "tags": [],
+            "label": "kibanaVersion",
+            "description": [],
+            "path": "packages/kbn-index-adapter/src/index_adapter.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "@kbn/index-adapter",
+            "id": "def-server.IndexAdapterParams.totalFieldsLimit",
+            "type": "number",
+            "tags": [],
+            "label": "totalFieldsLimit",
+            "description": [],
+            "signature": [
+              "number | undefined"
+            ],
+            "path": "packages/kbn-index-adapter/src/index_adapter.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          }
+        ],
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/index-adapter",
+        "id": "def-server.InstallParams",
+        "type": "Interface",
+        "tags": [],
+        "label": "InstallParams",
+        "description": [],
+        "path": "packages/kbn-index-adapter/src/index_adapter.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "children": [
+          {
+            "parentPluginId": "@kbn/index-adapter",
+            "id": "def-server.InstallParams.logger",
+            "type": "Object",
+            "tags": [],
+            "label": "logger",
+            "description": [],
+            "signature": [
+              {
+                "pluginId": "@kbn/logging",
+                "scope": "common",
+                "docId": "kibKbnLoggingPluginApi",
+                "section": "def-common.Logger",
+                "text": "Logger"
+              }
+            ],
+            "path": "packages/kbn-index-adapter/src/index_adapter.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "@kbn/index-adapter",
+            "id": "def-server.InstallParams.esClient",
+            "type": "CompoundType",
+            "tags": [],
+            "label": "esClient",
+            "description": [],
+            "signature": [
+              {
+                "pluginId": "@kbn/core-elasticsearch-server",
+                "scope": "server",
+                "docId": "kibKbnCoreElasticsearchServerPluginApi",
+                "section": "def-server.ElasticsearchClient",
+                "text": "ElasticsearchClient"
+              },
+              " | Promise<",
+              {
+                "pluginId": "@kbn/core-elasticsearch-server",
+                "scope": "server",
+                "docId": "kibKbnCoreElasticsearchServerPluginApi",
+                "section": "def-server.ElasticsearchClient",
+                "text": "ElasticsearchClient"
+              },
+              ">"
+            ],
+            "path": "packages/kbn-index-adapter/src/index_adapter.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "@kbn/index-adapter",
+            "id": "def-server.InstallParams.pluginStop$",
+            "type": "Object",
+            "tags": [],
+            "label": "pluginStop$",
+            "description": [],
+            "signature": [
+              "Subject",
+              "<void>"
+            ],
+            "path": "packages/kbn-index-adapter/src/index_adapter.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "@kbn/index-adapter",
+            "id": "def-server.InstallParams.tasksTimeoutMs",
+            "type": "number",
+            "tags": [],
+            "label": "tasksTimeoutMs",
+            "description": [],
+            "signature": [
+              "number | undefined"
+            ],
+            "path": "packages/kbn-index-adapter/src/index_adapter.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          }
+        ],
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/index-adapter",
+        "id": "def-server.MultiField",
+        "type": "Interface",
+        "tags": [],
+        "label": "MultiField",
+        "description": [],
+        "path": "packages/kbn-index-adapter/src/field_maps/types.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "children": [
+          {
+            "parentPluginId": "@kbn/index-adapter",
+            "id": "def-server.MultiField.flat_name",
+            "type": "string",
+            "tags": [],
+            "label": "flat_name",
+            "description": [],
+            "path": "packages/kbn-index-adapter/src/field_maps/types.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "@kbn/index-adapter",
+            "id": "def-server.MultiField.name",
+            "type": "string",
+            "tags": [],
+            "label": "name",
+            "description": [],
+            "path": "packages/kbn-index-adapter/src/field_maps/types.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "@kbn/index-adapter",
+            "id": "def-server.MultiField.type",
+            "type": "string",
+            "tags": [],
+            "label": "type",
+            "description": [],
+            "path": "packages/kbn-index-adapter/src/field_maps/types.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          }
+        ],
+        "initialIsOpen": false
+      }
+    ],
+    "enums": [],
+    "misc": [
+      {
+        "parentPluginId": "@kbn/index-adapter",
+        "id": "def-server.EcsFieldMap",
+        "type": "Type",
+        "tags": [],
+        "label": "EcsFieldMap",
+        "description": [],
+        "signature": [
+          "{ [x: string]: { type: string; required: boolean; array?: boolean | undefined; doc_values?: boolean | undefined; enabled?: boolean | undefined; format?: string | undefined; ignore_above?: number | undefined; multi_fields?: ",
+          {
+            "pluginId": "@kbn/index-adapter",
+            "scope": "server",
+            "docId": "kibKbnIndexAdapterPluginApi",
+            "section": "def-server.MultiField",
+            "text": "MultiField"
+          },
+          "[] | undefined; index?: boolean | undefined; path?: string | undefined; scaling_factor?: number | undefined; dynamic?: boolean | \"strict\" | undefined; properties?: Record<string, { type: string; }> | undefined; inference_id?: string | undefined; copy_to?: string | undefined; }; }"
+        ],
+        "path": "packages/kbn-index-adapter/src/field_maps/ecs_field_map.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/index-adapter",
+        "id": "def-server.FieldMap",
+        "type": "Type",
+        "tags": [],
+        "label": "FieldMap",
+        "description": [],
+        "signature": [
+          "{ [P in T]: { type: string; required: boolean; array?: boolean | undefined; doc_values?: boolean | undefined; enabled?: boolean | undefined; format?: string | undefined; ignore_above?: number | undefined; multi_fields?: ",
+          {
+            "pluginId": "@kbn/index-adapter",
+            "scope": "server",
+            "docId": "kibKbnIndexAdapterPluginApi",
+            "section": "def-server.MultiField",
+            "text": "MultiField"
+          },
+          "[] | undefined; index?: boolean | undefined; path?: string | undefined; scaling_factor?: number | undefined; dynamic?: boolean | \"strict\" | undefined; properties?: Record<string, { type: string; }> | undefined; inference_id?: string | undefined; copy_to?: string | undefined; }; }"
+        ],
+        "path": "packages/kbn-index-adapter/src/field_maps/types.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/index-adapter",
+        "id": "def-server.InstallIndex",
+        "type": "Type",
+        "tags": [],
+        "label": "InstallIndex",
+        "description": [],
+        "signature": [
+          "(indexSuffix: string) => Promise<void>"
+        ],
+        "path": "packages/kbn-index-adapter/src/index_pattern_adapter.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "returnComment": [],
+        "children": [
+          {
+            "parentPluginId": "@kbn/index-adapter",
+            "id": "def-server.InstallIndex.$1",
+            "type": "string",
+            "tags": [],
+            "label": "indexSuffix",
+            "description": [],
+            "path": "packages/kbn-index-adapter/src/index_pattern_adapter.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          }
+        ],
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/index-adapter",
+        "id": "def-server.SchemaFieldMapKeys",
+        "type": "Type",
+        "tags": [],
+        "label": "SchemaFieldMapKeys",
+        "description": [],
+        "signature": [
+          "Key extends string ? NonNullable<T[Key]> extends Record<string, unknown> ? `${Key}` | `${Key}.${",
+          {
+            "pluginId": "@kbn/index-adapter",
+            "scope": "server",
+            "docId": "kibKbnIndexAdapterPluginApi",
+            "section": "def-server.SchemaFieldMapKeys",
+            "text": "SchemaFieldMapKeys"
+          },
+          "<NonNullable<T[Key]>, keyof NonNullable<T[Key]>>}` : `${Key}` : never"
+        ],
+        "path": "packages/kbn-index-adapter/src/field_maps/types.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/index-adapter",
+        "id": "def-server.SetComponentTemplateParams",
+        "type": "Type",
+        "tags": [],
+        "label": "SetComponentTemplateParams",
+        "description": [],
+        "signature": [
+          "GetComponentTemplateOpts"
+        ],
+        "path": "packages/kbn-index-adapter/src/index_adapter.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "@kbn/index-adapter",
+        "id": "def-server.SetIndexTemplateParams",
+        "type": "Type",
+        "tags": [],
+        "label": "SetIndexTemplateParams",
+        "description": [],
+        "signature": [
+          "{ namespace?: string | undefined; name: string; hidden?: boolean | undefined; template?: ",
+          "IndicesPutIndexTemplateIndexTemplateMapping",
+          " | undefined; componentTemplateRefs?: string[] | undefined; isDataStream?: boolean | undefined; }"
+        ],
+        "path": "packages/kbn-index-adapter/src/index_adapter.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "initialIsOpen": false
+      }
+    ],
+    "objects": [
+      {
+        "parentPluginId": "@kbn/index-adapter",
+        "id": "def-server.ecsFieldMap",
+        "type": "Object",
+        "tags": [],
+        "label": "ecsFieldMap",
+        "description": [],
+        "signature": [
+          "{ [x: string]: { type: string; required: boolean; array?: boolean | undefined; doc_values?: boolean | undefined; enabled?: boolean | undefined; format?: string | undefined; ignore_above?: number | undefined; multi_fields?: ",
+          {
+            "pluginId": "@kbn/index-adapter",
+            "scope": "server",
+            "docId": "kibKbnIndexAdapterPluginApi",
+            "section": "def-server.MultiField",
+            "text": "MultiField"
+          },
+          "[] | undefined; index?: boolean | undefined; path?: string | undefined; scaling_factor?: number | undefined; dynamic?: boolean | \"strict\" | undefined; properties?: Record<string, { type: string; }> | undefined; inference_id?: string | undefined; copy_to?: string | undefined; }; }"
+        ],
+        "path": "packages/kbn-index-adapter/src/field_maps/ecs_field_map.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "initialIsOpen": false
+      }
+    ]
+  },
+  "common": {
+    "classes": [],
+    "functions": [],
+    "interfaces": [],
+    "enums": [],
+    "misc": [],
+    "objects": []
+  }
+}
\ No newline at end of file
diff --git a/api_docs/kbn_index_adapter.mdx b/api_docs/kbn_index_adapter.mdx
new file mode 100644
index 0000000000000..4682d0b7c080b
--- /dev/null
+++ b/api_docs/kbn_index_adapter.mdx
@@ -0,0 +1,42 @@
+---
+####
+#### This document is auto-generated and is meant to be viewed inside our experimental, new docs system.
+#### Reach out in #docs-engineering for more info.
+####
+id: kibKbnIndexAdapterPluginApi
+slug: /kibana-dev-docs/api/kbn-index-adapter
+title: "@kbn/index-adapter"
+image: https://source.unsplash.com/400x175/?github
+description: API docs for the @kbn/index-adapter plugin
+date: 2024-11-14
+tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/index-adapter']
+---
+import kbnIndexAdapterObj from './kbn_index_adapter.devdocs.json';
+
+
+
+Contact [@elastic/security-threat-hunting](https://github.com/orgs/elastic/teams/security-threat-hunting) for questions regarding this plugin.
+
+**Code health stats**
+
+| Public API count  | Any count | Items lacking comments | Missing exports |
+|-------------------|-----------|------------------------|-----------------|
+| 85 | 0 | 80 | 2 |
+
+## Server
+
+### Objects
+<DocDefinitionList data={kbnIndexAdapterObj.server.objects}/>
+
+### Functions
+<DocDefinitionList data={kbnIndexAdapterObj.server.functions}/>
+
+### Classes
+<DocDefinitionList data={kbnIndexAdapterObj.server.classes}/>
+
+### Interfaces
+<DocDefinitionList data={kbnIndexAdapterObj.server.interfaces}/>
+
+### Consts, variables and types
+<DocDefinitionList data={kbnIndexAdapterObj.server.misc}/>
+
diff --git a/api_docs/kbn_index_lifecycle_management_common_shared.mdx b/api_docs/kbn_index_lifecycle_management_common_shared.mdx
index 0ed700c24a6e7..beada3a3129a7 100644
--- a/api_docs/kbn_index_lifecycle_management_common_shared.mdx
+++ b/api_docs/kbn_index_lifecycle_management_common_shared.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-index-lifecycle-management-common-shared
 title: "@kbn/index-lifecycle-management-common-shared"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/index-lifecycle-management-common-shared plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/index-lifecycle-management-common-shared']
 ---
 import kbnIndexLifecycleManagementCommonSharedObj from './kbn_index_lifecycle_management_common_shared.devdocs.json';
diff --git a/api_docs/kbn_index_management_shared_types.mdx b/api_docs/kbn_index_management_shared_types.mdx
index 8c28979c41e4a..a9d58e7c1f24c 100644
--- a/api_docs/kbn_index_management_shared_types.mdx
+++ b/api_docs/kbn_index_management_shared_types.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-index-management-shared-types
 title: "@kbn/index-management-shared-types"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/index-management-shared-types plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/index-management-shared-types']
 ---
 import kbnIndexManagementSharedTypesObj from './kbn_index_management_shared_types.devdocs.json';
diff --git a/api_docs/kbn_inference_common.devdocs.json b/api_docs/kbn_inference_common.devdocs.json
index f52a08c1b3907..e087e53be14e1 100644
--- a/api_docs/kbn_inference_common.devdocs.json
+++ b/api_docs/kbn_inference_common.devdocs.json
@@ -810,6 +810,54 @@
         "returnComment": [],
         "initialIsOpen": false
       },
+      {
+        "parentPluginId": "@kbn/inference-common",
+        "id": "def-common.truncateList",
+        "type": "Function",
+        "tags": [],
+        "label": "truncateList",
+        "description": [],
+        "signature": [
+          "(values: T[], limit: number) => (string | T)[]"
+        ],
+        "path": "x-pack/packages/ai-infra/inference-common/src/truncate_list.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "children": [
+          {
+            "parentPluginId": "@kbn/inference-common",
+            "id": "def-common.truncateList.$1",
+            "type": "Array",
+            "tags": [],
+            "label": "values",
+            "description": [],
+            "signature": [
+              "T[]"
+            ],
+            "path": "x-pack/packages/ai-infra/inference-common/src/truncate_list.ts",
+            "deprecated": false,
+            "trackAdoption": false,
+            "isRequired": true
+          },
+          {
+            "parentPluginId": "@kbn/inference-common",
+            "id": "def-common.truncateList.$2",
+            "type": "number",
+            "tags": [],
+            "label": "limit",
+            "description": [],
+            "signature": [
+              "number"
+            ],
+            "path": "x-pack/packages/ai-infra/inference-common/src/truncate_list.ts",
+            "deprecated": false,
+            "trackAdoption": false,
+            "isRequired": true
+          }
+        ],
+        "returnComment": [],
+        "initialIsOpen": false
+      },
       {
         "parentPluginId": "@kbn/inference-common",
         "id": "def-common.withoutChunkEvents",
diff --git a/api_docs/kbn_inference_common.mdx b/api_docs/kbn_inference_common.mdx
index 8724d9451e1da..b1ce685275fe5 100644
--- a/api_docs/kbn_inference_common.mdx
+++ b/api_docs/kbn_inference_common.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-inference-common
 title: "@kbn/inference-common"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/inference-common plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/inference-common']
 ---
 import kbnInferenceCommonObj from './kbn_inference_common.devdocs.json';
@@ -21,7 +21,7 @@ Contact [@elastic/appex-ai-infra](https://github.com/orgs/elastic/teams/appex-ai
 
 | Public API count  | Any count | Items lacking comments | Missing exports |
 |-------------------|-----------|------------------------|-----------------|
-| 121 | 0 | 38 | 1 |
+| 124 | 0 | 41 | 1 |
 
 ## Common
 
diff --git a/api_docs/kbn_inference_integration_flyout.mdx b/api_docs/kbn_inference_integration_flyout.mdx
index a8e658592606a..7fa00aab1811a 100644
--- a/api_docs/kbn_inference_integration_flyout.mdx
+++ b/api_docs/kbn_inference_integration_flyout.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-inference_integration_flyout
 title: "@kbn/inference_integration_flyout"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/inference_integration_flyout plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/inference_integration_flyout']
 ---
 import kbnInferenceIntegrationFlyoutObj from './kbn_inference_integration_flyout.devdocs.json';
diff --git a/api_docs/kbn_infra_forge.mdx b/api_docs/kbn_infra_forge.mdx
index ff578001a59f5..80ffeddee70bb 100644
--- a/api_docs/kbn_infra_forge.mdx
+++ b/api_docs/kbn_infra_forge.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-infra-forge
 title: "@kbn/infra-forge"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/infra-forge plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/infra-forge']
 ---
 import kbnInfraForgeObj from './kbn_infra_forge.devdocs.json';
diff --git a/api_docs/kbn_interpreter.mdx b/api_docs/kbn_interpreter.mdx
index 7a1f6e64c1750..d4e7e49d8e378 100644
--- a/api_docs/kbn_interpreter.mdx
+++ b/api_docs/kbn_interpreter.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-interpreter
 title: "@kbn/interpreter"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/interpreter plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/interpreter']
 ---
 import kbnInterpreterObj from './kbn_interpreter.devdocs.json';
diff --git a/api_docs/kbn_investigation_shared.devdocs.json b/api_docs/kbn_investigation_shared.devdocs.json
index 80d8b3d426e22..9d9586f583ec8 100644
--- a/api_docs/kbn_investigation_shared.devdocs.json
+++ b/api_docs/kbn_investigation_shared.devdocs.json
@@ -180,7 +180,7 @@
         "label": "EntityWithSource",
         "description": [],
         "signature": [
-          "{ id: string; type: string; metrics: { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logErrorRate?: number | undefined; logRate?: number | undefined; }; schema_version: string; definition_id: string; definition_version: string; display_name: string; last_seen_timestamp: string; identity_fields: string[]; } & { sources: { dataStream?: string | undefined; }[]; }"
+          "{ id: string; type: string; metrics: { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logErrorRate?: number | undefined; logRate?: number | undefined; }; schema_version: string; identity_fields: string[]; display_name: string; definition_version: string; definition_id: string; last_seen_timestamp: string; } & { sources: { dataStream?: string | undefined; }[]; }"
         ],
         "path": "packages/kbn-investigation-shared/src/rest_specs/entity.ts",
         "deprecated": false,
@@ -300,7 +300,7 @@
         "label": "GetEntitiesResponse",
         "description": [],
         "signature": [
-          "{ entities: ({ id: string; type: string; metrics: { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logErrorRate?: number | undefined; logRate?: number | undefined; }; schema_version: string; definition_id: string; definition_version: string; display_name: string; last_seen_timestamp: string; identity_fields: string[]; } & { sources: { dataStream?: string | undefined; }[]; })[]; }"
+          "{ entities: ({ id: string; type: string; metrics: { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logErrorRate?: number | undefined; logRate?: number | undefined; }; schema_version: string; identity_fields: string[]; display_name: string; definition_version: string; definition_id: string; last_seen_timestamp: string; } & { sources: { dataStream?: string | undefined; }[]; })[]; }"
         ],
         "path": "packages/kbn-investigation-shared/src/rest_specs/get_entities.ts",
         "deprecated": false,
@@ -752,7 +752,7 @@
         "label": "entitySchema",
         "description": [],
         "signature": [
-          "Zod.ZodObject<{ id: Zod.ZodString; definition_id: Zod.ZodString; definition_version: Zod.ZodString; display_name: Zod.ZodString; last_seen_timestamp: Zod.ZodString; identity_fields: Zod.ZodArray<Zod.ZodString, \"many\">; schema_version: Zod.ZodString; type: Zod.ZodString; metrics: Zod.ZodObject<{ failedTransactionRate: Zod.ZodOptional<Zod.ZodNumber>; latency: Zod.ZodOptional<Zod.ZodNumber>; throughput: Zod.ZodOptional<Zod.ZodNumber>; logErrorRate: Zod.ZodOptional<Zod.ZodNumber>; logRate: Zod.ZodOptional<Zod.ZodNumber>; }, \"strip\", Zod.ZodTypeAny, { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logErrorRate?: number | undefined; logRate?: number | undefined; }, { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logErrorRate?: number | undefined; logRate?: number | undefined; }>; }, \"strip\", Zod.ZodTypeAny, { id: string; type: string; metrics: { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logErrorRate?: number | undefined; logRate?: number | undefined; }; schema_version: string; definition_id: string; definition_version: string; display_name: string; last_seen_timestamp: string; identity_fields: string[]; }, { id: string; type: string; metrics: { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logErrorRate?: number | undefined; logRate?: number | undefined; }; schema_version: string; definition_id: string; definition_version: string; display_name: string; last_seen_timestamp: string; identity_fields: string[]; }>"
+          "Zod.ZodObject<{ id: Zod.ZodString; definition_id: Zod.ZodString; definition_version: Zod.ZodString; display_name: Zod.ZodString; last_seen_timestamp: Zod.ZodString; identity_fields: Zod.ZodArray<Zod.ZodString, \"many\">; schema_version: Zod.ZodString; type: Zod.ZodString; metrics: Zod.ZodObject<{ failedTransactionRate: Zod.ZodOptional<Zod.ZodNumber>; latency: Zod.ZodOptional<Zod.ZodNumber>; throughput: Zod.ZodOptional<Zod.ZodNumber>; logErrorRate: Zod.ZodOptional<Zod.ZodNumber>; logRate: Zod.ZodOptional<Zod.ZodNumber>; }, \"strip\", Zod.ZodTypeAny, { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logErrorRate?: number | undefined; logRate?: number | undefined; }, { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logErrorRate?: number | undefined; logRate?: number | undefined; }>; }, \"strip\", Zod.ZodTypeAny, { id: string; type: string; metrics: { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logErrorRate?: number | undefined; logRate?: number | undefined; }; schema_version: string; identity_fields: string[]; display_name: string; definition_version: string; definition_id: string; last_seen_timestamp: string; }, { id: string; type: string; metrics: { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logErrorRate?: number | undefined; logRate?: number | undefined; }; schema_version: string; identity_fields: string[]; display_name: string; definition_version: string; definition_id: string; last_seen_timestamp: string; }>"
         ],
         "path": "packages/kbn-investigation-shared/src/rest_specs/entity.ts",
         "deprecated": false,
@@ -767,7 +767,7 @@
         "label": "entityWithSourceSchema",
         "description": [],
         "signature": [
-          "Zod.ZodIntersection<Zod.ZodObject<{ id: Zod.ZodString; definition_id: Zod.ZodString; definition_version: Zod.ZodString; display_name: Zod.ZodString; last_seen_timestamp: Zod.ZodString; identity_fields: Zod.ZodArray<Zod.ZodString, \"many\">; schema_version: Zod.ZodString; type: Zod.ZodString; metrics: Zod.ZodObject<{ failedTransactionRate: Zod.ZodOptional<Zod.ZodNumber>; latency: Zod.ZodOptional<Zod.ZodNumber>; throughput: Zod.ZodOptional<Zod.ZodNumber>; logErrorRate: Zod.ZodOptional<Zod.ZodNumber>; logRate: Zod.ZodOptional<Zod.ZodNumber>; }, \"strip\", Zod.ZodTypeAny, { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logErrorRate?: number | undefined; logRate?: number | undefined; }, { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logErrorRate?: number | undefined; logRate?: number | undefined; }>; }, \"strip\", Zod.ZodTypeAny, { id: string; type: string; metrics: { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logErrorRate?: number | undefined; logRate?: number | undefined; }; schema_version: string; definition_id: string; definition_version: string; display_name: string; last_seen_timestamp: string; identity_fields: string[]; }, { id: string; type: string; metrics: { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logErrorRate?: number | undefined; logRate?: number | undefined; }; schema_version: string; definition_id: string; definition_version: string; display_name: string; last_seen_timestamp: string; identity_fields: string[]; }>, Zod.ZodObject<{ sources: Zod.ZodArray<Zod.ZodObject<{ dataStream: Zod.ZodOptional<Zod.ZodString>; }, \"strip\", Zod.ZodTypeAny, { dataStream?: string | undefined; }, { dataStream?: string | undefined; }>, \"many\">; }, \"strip\", Zod.ZodTypeAny, { sources: { dataStream?: string | undefined; }[]; }, { sources: { dataStream?: string | undefined; }[]; }>>"
+          "Zod.ZodIntersection<Zod.ZodObject<{ id: Zod.ZodString; definition_id: Zod.ZodString; definition_version: Zod.ZodString; display_name: Zod.ZodString; last_seen_timestamp: Zod.ZodString; identity_fields: Zod.ZodArray<Zod.ZodString, \"many\">; schema_version: Zod.ZodString; type: Zod.ZodString; metrics: Zod.ZodObject<{ failedTransactionRate: Zod.ZodOptional<Zod.ZodNumber>; latency: Zod.ZodOptional<Zod.ZodNumber>; throughput: Zod.ZodOptional<Zod.ZodNumber>; logErrorRate: Zod.ZodOptional<Zod.ZodNumber>; logRate: Zod.ZodOptional<Zod.ZodNumber>; }, \"strip\", Zod.ZodTypeAny, { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logErrorRate?: number | undefined; logRate?: number | undefined; }, { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logErrorRate?: number | undefined; logRate?: number | undefined; }>; }, \"strip\", Zod.ZodTypeAny, { id: string; type: string; metrics: { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logErrorRate?: number | undefined; logRate?: number | undefined; }; schema_version: string; identity_fields: string[]; display_name: string; definition_version: string; definition_id: string; last_seen_timestamp: string; }, { id: string; type: string; metrics: { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logErrorRate?: number | undefined; logRate?: number | undefined; }; schema_version: string; identity_fields: string[]; display_name: string; definition_version: string; definition_id: string; last_seen_timestamp: string; }>, Zod.ZodObject<{ sources: Zod.ZodArray<Zod.ZodObject<{ dataStream: Zod.ZodOptional<Zod.ZodString>; }, \"strip\", Zod.ZodTypeAny, { dataStream?: string | undefined; }, { dataStream?: string | undefined; }>, \"many\">; }, \"strip\", Zod.ZodTypeAny, { sources: { dataStream?: string | undefined; }[]; }, { sources: { dataStream?: string | undefined; }[]; }>>"
         ],
         "path": "packages/kbn-investigation-shared/src/rest_specs/entity.ts",
         "deprecated": false,
@@ -917,7 +917,7 @@
         "label": "getEntitiesResponseSchema",
         "description": [],
         "signature": [
-          "Zod.ZodObject<{ entities: Zod.ZodArray<Zod.ZodIntersection<Zod.ZodObject<{ id: Zod.ZodString; definition_id: Zod.ZodString; definition_version: Zod.ZodString; display_name: Zod.ZodString; last_seen_timestamp: Zod.ZodString; identity_fields: Zod.ZodArray<Zod.ZodString, \"many\">; schema_version: Zod.ZodString; type: Zod.ZodString; metrics: Zod.ZodObject<{ failedTransactionRate: Zod.ZodOptional<Zod.ZodNumber>; latency: Zod.ZodOptional<Zod.ZodNumber>; throughput: Zod.ZodOptional<Zod.ZodNumber>; logErrorRate: Zod.ZodOptional<Zod.ZodNumber>; logRate: Zod.ZodOptional<Zod.ZodNumber>; }, \"strip\", Zod.ZodTypeAny, { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logErrorRate?: number | undefined; logRate?: number | undefined; }, { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logErrorRate?: number | undefined; logRate?: number | undefined; }>; }, \"strip\", Zod.ZodTypeAny, { id: string; type: string; metrics: { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logErrorRate?: number | undefined; logRate?: number | undefined; }; schema_version: string; definition_id: string; definition_version: string; display_name: string; last_seen_timestamp: string; identity_fields: string[]; }, { id: string; type: string; metrics: { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logErrorRate?: number | undefined; logRate?: number | undefined; }; schema_version: string; definition_id: string; definition_version: string; display_name: string; last_seen_timestamp: string; identity_fields: string[]; }>, Zod.ZodObject<{ sources: Zod.ZodArray<Zod.ZodObject<{ dataStream: Zod.ZodOptional<Zod.ZodString>; }, \"strip\", Zod.ZodTypeAny, { dataStream?: string | undefined; }, { dataStream?: string | undefined; }>, \"many\">; }, \"strip\", Zod.ZodTypeAny, { sources: { dataStream?: string | undefined; }[]; }, { sources: { dataStream?: string | undefined; }[]; }>>, \"many\">; }, \"strip\", Zod.ZodTypeAny, { entities: ({ id: string; type: string; metrics: { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logErrorRate?: number | undefined; logRate?: number | undefined; }; schema_version: string; definition_id: string; definition_version: string; display_name: string; last_seen_timestamp: string; identity_fields: string[]; } & { sources: { dataStream?: string | undefined; }[]; })[]; }, { entities: ({ id: string; type: string; metrics: { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logErrorRate?: number | undefined; logRate?: number | undefined; }; schema_version: string; definition_id: string; definition_version: string; display_name: string; last_seen_timestamp: string; identity_fields: string[]; } & { sources: { dataStream?: string | undefined; }[]; })[]; }>"
+          "Zod.ZodObject<{ entities: Zod.ZodArray<Zod.ZodIntersection<Zod.ZodObject<{ id: Zod.ZodString; definition_id: Zod.ZodString; definition_version: Zod.ZodString; display_name: Zod.ZodString; last_seen_timestamp: Zod.ZodString; identity_fields: Zod.ZodArray<Zod.ZodString, \"many\">; schema_version: Zod.ZodString; type: Zod.ZodString; metrics: Zod.ZodObject<{ failedTransactionRate: Zod.ZodOptional<Zod.ZodNumber>; latency: Zod.ZodOptional<Zod.ZodNumber>; throughput: Zod.ZodOptional<Zod.ZodNumber>; logErrorRate: Zod.ZodOptional<Zod.ZodNumber>; logRate: Zod.ZodOptional<Zod.ZodNumber>; }, \"strip\", Zod.ZodTypeAny, { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logErrorRate?: number | undefined; logRate?: number | undefined; }, { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logErrorRate?: number | undefined; logRate?: number | undefined; }>; }, \"strip\", Zod.ZodTypeAny, { id: string; type: string; metrics: { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logErrorRate?: number | undefined; logRate?: number | undefined; }; schema_version: string; identity_fields: string[]; display_name: string; definition_version: string; definition_id: string; last_seen_timestamp: string; }, { id: string; type: string; metrics: { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logErrorRate?: number | undefined; logRate?: number | undefined; }; schema_version: string; identity_fields: string[]; display_name: string; definition_version: string; definition_id: string; last_seen_timestamp: string; }>, Zod.ZodObject<{ sources: Zod.ZodArray<Zod.ZodObject<{ dataStream: Zod.ZodOptional<Zod.ZodString>; }, \"strip\", Zod.ZodTypeAny, { dataStream?: string | undefined; }, { dataStream?: string | undefined; }>, \"many\">; }, \"strip\", Zod.ZodTypeAny, { sources: { dataStream?: string | undefined; }[]; }, { sources: { dataStream?: string | undefined; }[]; }>>, \"many\">; }, \"strip\", Zod.ZodTypeAny, { entities: ({ id: string; type: string; metrics: { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logErrorRate?: number | undefined; logRate?: number | undefined; }; schema_version: string; identity_fields: string[]; display_name: string; definition_version: string; definition_id: string; last_seen_timestamp: string; } & { sources: { dataStream?: string | undefined; }[]; })[]; }, { entities: ({ id: string; type: string; metrics: { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logErrorRate?: number | undefined; logRate?: number | undefined; }; schema_version: string; identity_fields: string[]; display_name: string; definition_version: string; definition_id: string; last_seen_timestamp: string; } & { sources: { dataStream?: string | undefined; }[]; })[]; }>"
         ],
         "path": "packages/kbn-investigation-shared/src/rest_specs/get_entities.ts",
         "deprecated": false,
diff --git a/api_docs/kbn_investigation_shared.mdx b/api_docs/kbn_investigation_shared.mdx
index a1dd7ecaaf2be..2f2a08d5cf170 100644
--- a/api_docs/kbn_investigation_shared.mdx
+++ b/api_docs/kbn_investigation_shared.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-investigation-shared
 title: "@kbn/investigation-shared"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/investigation-shared plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/investigation-shared']
 ---
 import kbnInvestigationSharedObj from './kbn_investigation_shared.devdocs.json';
diff --git a/api_docs/kbn_io_ts_utils.mdx b/api_docs/kbn_io_ts_utils.mdx
index a104f3097eff9..f53f793f7145f 100644
--- a/api_docs/kbn_io_ts_utils.mdx
+++ b/api_docs/kbn_io_ts_utils.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-io-ts-utils
 title: "@kbn/io-ts-utils"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/io-ts-utils plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/io-ts-utils']
 ---
 import kbnIoTsUtilsObj from './kbn_io_ts_utils.devdocs.json';
diff --git a/api_docs/kbn_ipynb.mdx b/api_docs/kbn_ipynb.mdx
index 2b496ce99a8a9..a60b075ffd072 100644
--- a/api_docs/kbn_ipynb.mdx
+++ b/api_docs/kbn_ipynb.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ipynb
 title: "@kbn/ipynb"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/ipynb plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ipynb']
 ---
 import kbnIpynbObj from './kbn_ipynb.devdocs.json';
diff --git a/api_docs/kbn_item_buffer.mdx b/api_docs/kbn_item_buffer.mdx
index 38d654ba2bb8a..7489e1fc4e886 100644
--- a/api_docs/kbn_item_buffer.mdx
+++ b/api_docs/kbn_item_buffer.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-item-buffer
 title: "@kbn/item-buffer"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/item-buffer plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/item-buffer']
 ---
 import kbnItemBufferObj from './kbn_item_buffer.devdocs.json';
diff --git a/api_docs/kbn_jest_serializers.mdx b/api_docs/kbn_jest_serializers.mdx
index c2fec834962d7..8e8cc408a6ff4 100644
--- a/api_docs/kbn_jest_serializers.mdx
+++ b/api_docs/kbn_jest_serializers.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-jest-serializers
 title: "@kbn/jest-serializers"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/jest-serializers plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/jest-serializers']
 ---
 import kbnJestSerializersObj from './kbn_jest_serializers.devdocs.json';
diff --git a/api_docs/kbn_journeys.mdx b/api_docs/kbn_journeys.mdx
index d213ff07e87fd..d7a2e6efcf7ac 100644
--- a/api_docs/kbn_journeys.mdx
+++ b/api_docs/kbn_journeys.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-journeys
 title: "@kbn/journeys"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/journeys plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/journeys']
 ---
 import kbnJourneysObj from './kbn_journeys.devdocs.json';
diff --git a/api_docs/kbn_json_ast.mdx b/api_docs/kbn_json_ast.mdx
index 3fe23883d8cb7..9c5213acc4364 100644
--- a/api_docs/kbn_json_ast.mdx
+++ b/api_docs/kbn_json_ast.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-json-ast
 title: "@kbn/json-ast"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/json-ast plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/json-ast']
 ---
 import kbnJsonAstObj from './kbn_json_ast.devdocs.json';
diff --git a/api_docs/kbn_json_schemas.mdx b/api_docs/kbn_json_schemas.mdx
index 3a94e136d53e0..c91298e25347a 100644
--- a/api_docs/kbn_json_schemas.mdx
+++ b/api_docs/kbn_json_schemas.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-json-schemas
 title: "@kbn/json-schemas"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/json-schemas plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/json-schemas']
 ---
 import kbnJsonSchemasObj from './kbn_json_schemas.devdocs.json';
diff --git a/api_docs/kbn_kibana_manifest_schema.mdx b/api_docs/kbn_kibana_manifest_schema.mdx
index 9d4377358e123..75c67c4e7fd6e 100644
--- a/api_docs/kbn_kibana_manifest_schema.mdx
+++ b/api_docs/kbn_kibana_manifest_schema.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-kibana-manifest-schema
 title: "@kbn/kibana-manifest-schema"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/kibana-manifest-schema plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/kibana-manifest-schema']
 ---
 import kbnKibanaManifestSchemaObj from './kbn_kibana_manifest_schema.devdocs.json';
diff --git a/api_docs/kbn_language_documentation.mdx b/api_docs/kbn_language_documentation.mdx
index 85764d5c9825b..c82629d4b1b0b 100644
--- a/api_docs/kbn_language_documentation.mdx
+++ b/api_docs/kbn_language_documentation.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-language-documentation
 title: "@kbn/language-documentation"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/language-documentation plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/language-documentation']
 ---
 import kbnLanguageDocumentationObj from './kbn_language_documentation.devdocs.json';
diff --git a/api_docs/kbn_lens_embeddable_utils.mdx b/api_docs/kbn_lens_embeddable_utils.mdx
index 535c118c9dec2..34caa803c0fd9 100644
--- a/api_docs/kbn_lens_embeddable_utils.mdx
+++ b/api_docs/kbn_lens_embeddable_utils.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-lens-embeddable-utils
 title: "@kbn/lens-embeddable-utils"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/lens-embeddable-utils plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/lens-embeddable-utils']
 ---
 import kbnLensEmbeddableUtilsObj from './kbn_lens_embeddable_utils.devdocs.json';
diff --git a/api_docs/kbn_lens_formula_docs.mdx b/api_docs/kbn_lens_formula_docs.mdx
index 1069244918736..8b45df4bc99f1 100644
--- a/api_docs/kbn_lens_formula_docs.mdx
+++ b/api_docs/kbn_lens_formula_docs.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-lens-formula-docs
 title: "@kbn/lens-formula-docs"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/lens-formula-docs plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/lens-formula-docs']
 ---
 import kbnLensFormulaDocsObj from './kbn_lens_formula_docs.devdocs.json';
diff --git a/api_docs/kbn_logging.mdx b/api_docs/kbn_logging.mdx
index c3154b703fedc..b4059f9f5eb73 100644
--- a/api_docs/kbn_logging.mdx
+++ b/api_docs/kbn_logging.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-logging
 title: "@kbn/logging"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/logging plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/logging']
 ---
 import kbnLoggingObj from './kbn_logging.devdocs.json';
diff --git a/api_docs/kbn_logging_mocks.mdx b/api_docs/kbn_logging_mocks.mdx
index e6be28e24ce45..ca409add0da49 100644
--- a/api_docs/kbn_logging_mocks.mdx
+++ b/api_docs/kbn_logging_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-logging-mocks
 title: "@kbn/logging-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/logging-mocks plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/logging-mocks']
 ---
 import kbnLoggingMocksObj from './kbn_logging_mocks.devdocs.json';
diff --git a/api_docs/kbn_managed_content_badge.mdx b/api_docs/kbn_managed_content_badge.mdx
index 2e6ffa89d0043..93d31125d86bf 100644
--- a/api_docs/kbn_managed_content_badge.mdx
+++ b/api_docs/kbn_managed_content_badge.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-managed-content-badge
 title: "@kbn/managed-content-badge"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/managed-content-badge plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/managed-content-badge']
 ---
 import kbnManagedContentBadgeObj from './kbn_managed_content_badge.devdocs.json';
diff --git a/api_docs/kbn_managed_vscode_config.mdx b/api_docs/kbn_managed_vscode_config.mdx
index f152444c1f62a..b0d43b460e45f 100644
--- a/api_docs/kbn_managed_vscode_config.mdx
+++ b/api_docs/kbn_managed_vscode_config.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-managed-vscode-config
 title: "@kbn/managed-vscode-config"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/managed-vscode-config plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/managed-vscode-config']
 ---
 import kbnManagedVscodeConfigObj from './kbn_managed_vscode_config.devdocs.json';
diff --git a/api_docs/kbn_management_cards_navigation.mdx b/api_docs/kbn_management_cards_navigation.mdx
index 69e712b46815b..b5b42ebed231c 100644
--- a/api_docs/kbn_management_cards_navigation.mdx
+++ b/api_docs/kbn_management_cards_navigation.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-cards-navigation
 title: "@kbn/management-cards-navigation"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/management-cards-navigation plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-cards-navigation']
 ---
 import kbnManagementCardsNavigationObj from './kbn_management_cards_navigation.devdocs.json';
diff --git a/api_docs/kbn_management_settings_application.mdx b/api_docs/kbn_management_settings_application.mdx
index 16e99fc5cc94e..7f2689135962c 100644
--- a/api_docs/kbn_management_settings_application.mdx
+++ b/api_docs/kbn_management_settings_application.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-settings-application
 title: "@kbn/management-settings-application"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/management-settings-application plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-settings-application']
 ---
 import kbnManagementSettingsApplicationObj from './kbn_management_settings_application.devdocs.json';
diff --git a/api_docs/kbn_management_settings_components_field_category.mdx b/api_docs/kbn_management_settings_components_field_category.mdx
index a00641e9efbc4..77db1ff3fa84e 100644
--- a/api_docs/kbn_management_settings_components_field_category.mdx
+++ b/api_docs/kbn_management_settings_components_field_category.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-settings-components-field-category
 title: "@kbn/management-settings-components-field-category"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/management-settings-components-field-category plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-settings-components-field-category']
 ---
 import kbnManagementSettingsComponentsFieldCategoryObj from './kbn_management_settings_components_field_category.devdocs.json';
diff --git a/api_docs/kbn_management_settings_components_field_input.mdx b/api_docs/kbn_management_settings_components_field_input.mdx
index b071cbc096936..29670b75434c8 100644
--- a/api_docs/kbn_management_settings_components_field_input.mdx
+++ b/api_docs/kbn_management_settings_components_field_input.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-settings-components-field-input
 title: "@kbn/management-settings-components-field-input"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/management-settings-components-field-input plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-settings-components-field-input']
 ---
 import kbnManagementSettingsComponentsFieldInputObj from './kbn_management_settings_components_field_input.devdocs.json';
diff --git a/api_docs/kbn_management_settings_components_field_row.mdx b/api_docs/kbn_management_settings_components_field_row.mdx
index f79d711ca5216..da9156bc57ff5 100644
--- a/api_docs/kbn_management_settings_components_field_row.mdx
+++ b/api_docs/kbn_management_settings_components_field_row.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-settings-components-field-row
 title: "@kbn/management-settings-components-field-row"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/management-settings-components-field-row plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-settings-components-field-row']
 ---
 import kbnManagementSettingsComponentsFieldRowObj from './kbn_management_settings_components_field_row.devdocs.json';
diff --git a/api_docs/kbn_management_settings_components_form.mdx b/api_docs/kbn_management_settings_components_form.mdx
index de54101e88d05..628b9255012bd 100644
--- a/api_docs/kbn_management_settings_components_form.mdx
+++ b/api_docs/kbn_management_settings_components_form.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-settings-components-form
 title: "@kbn/management-settings-components-form"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/management-settings-components-form plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-settings-components-form']
 ---
 import kbnManagementSettingsComponentsFormObj from './kbn_management_settings_components_form.devdocs.json';
diff --git a/api_docs/kbn_management_settings_field_definition.mdx b/api_docs/kbn_management_settings_field_definition.mdx
index 940d0042bfc8d..0379589ec37f3 100644
--- a/api_docs/kbn_management_settings_field_definition.mdx
+++ b/api_docs/kbn_management_settings_field_definition.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-settings-field-definition
 title: "@kbn/management-settings-field-definition"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/management-settings-field-definition plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-settings-field-definition']
 ---
 import kbnManagementSettingsFieldDefinitionObj from './kbn_management_settings_field_definition.devdocs.json';
diff --git a/api_docs/kbn_management_settings_ids.mdx b/api_docs/kbn_management_settings_ids.mdx
index 0a46cd7571288..262556b34e779 100644
--- a/api_docs/kbn_management_settings_ids.mdx
+++ b/api_docs/kbn_management_settings_ids.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-settings-ids
 title: "@kbn/management-settings-ids"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/management-settings-ids plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-settings-ids']
 ---
 import kbnManagementSettingsIdsObj from './kbn_management_settings_ids.devdocs.json';
diff --git a/api_docs/kbn_management_settings_section_registry.mdx b/api_docs/kbn_management_settings_section_registry.mdx
index c4dba23025fd7..c3a77ed6e0398 100644
--- a/api_docs/kbn_management_settings_section_registry.mdx
+++ b/api_docs/kbn_management_settings_section_registry.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-settings-section-registry
 title: "@kbn/management-settings-section-registry"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/management-settings-section-registry plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-settings-section-registry']
 ---
 import kbnManagementSettingsSectionRegistryObj from './kbn_management_settings_section_registry.devdocs.json';
diff --git a/api_docs/kbn_management_settings_types.mdx b/api_docs/kbn_management_settings_types.mdx
index b52d09baa28e1..e81163e75f954 100644
--- a/api_docs/kbn_management_settings_types.mdx
+++ b/api_docs/kbn_management_settings_types.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-settings-types
 title: "@kbn/management-settings-types"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/management-settings-types plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-settings-types']
 ---
 import kbnManagementSettingsTypesObj from './kbn_management_settings_types.devdocs.json';
diff --git a/api_docs/kbn_management_settings_utilities.mdx b/api_docs/kbn_management_settings_utilities.mdx
index 03d44b1828809..cf83c35af2f2f 100644
--- a/api_docs/kbn_management_settings_utilities.mdx
+++ b/api_docs/kbn_management_settings_utilities.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-settings-utilities
 title: "@kbn/management-settings-utilities"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/management-settings-utilities plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-settings-utilities']
 ---
 import kbnManagementSettingsUtilitiesObj from './kbn_management_settings_utilities.devdocs.json';
diff --git a/api_docs/kbn_management_storybook_config.mdx b/api_docs/kbn_management_storybook_config.mdx
index a001d12638f02..5c3a81e37c6b8 100644
--- a/api_docs/kbn_management_storybook_config.mdx
+++ b/api_docs/kbn_management_storybook_config.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-storybook-config
 title: "@kbn/management-storybook-config"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/management-storybook-config plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-storybook-config']
 ---
 import kbnManagementStorybookConfigObj from './kbn_management_storybook_config.devdocs.json';
diff --git a/api_docs/kbn_manifest.mdx b/api_docs/kbn_manifest.mdx
index 8fd4aea6ac226..b9a5656380016 100644
--- a/api_docs/kbn_manifest.mdx
+++ b/api_docs/kbn_manifest.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-manifest
 title: "@kbn/manifest"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/manifest plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/manifest']
 ---
 import kbnManifestObj from './kbn_manifest.devdocs.json';
diff --git a/api_docs/kbn_mapbox_gl.mdx b/api_docs/kbn_mapbox_gl.mdx
index b0b5c6273ea94..e2c6a60a56fd1 100644
--- a/api_docs/kbn_mapbox_gl.mdx
+++ b/api_docs/kbn_mapbox_gl.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-mapbox-gl
 title: "@kbn/mapbox-gl"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/mapbox-gl plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/mapbox-gl']
 ---
 import kbnMapboxGlObj from './kbn_mapbox_gl.devdocs.json';
diff --git a/api_docs/kbn_maps_vector_tile_utils.mdx b/api_docs/kbn_maps_vector_tile_utils.mdx
index 2cc52ca631c68..cbd831ec2d872 100644
--- a/api_docs/kbn_maps_vector_tile_utils.mdx
+++ b/api_docs/kbn_maps_vector_tile_utils.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-maps-vector-tile-utils
 title: "@kbn/maps-vector-tile-utils"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/maps-vector-tile-utils plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/maps-vector-tile-utils']
 ---
 import kbnMapsVectorTileUtilsObj from './kbn_maps_vector_tile_utils.devdocs.json';
diff --git a/api_docs/kbn_ml_agg_utils.mdx b/api_docs/kbn_ml_agg_utils.mdx
index 7dcf7843651ca..fe74a73e715fa 100644
--- a/api_docs/kbn_ml_agg_utils.mdx
+++ b/api_docs/kbn_ml_agg_utils.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-agg-utils
 title: "@kbn/ml-agg-utils"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/ml-agg-utils plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-agg-utils']
 ---
 import kbnMlAggUtilsObj from './kbn_ml_agg_utils.devdocs.json';
diff --git a/api_docs/kbn_ml_anomaly_utils.mdx b/api_docs/kbn_ml_anomaly_utils.mdx
index 49bcc89d3d99e..ff8a1a17f0a8d 100644
--- a/api_docs/kbn_ml_anomaly_utils.mdx
+++ b/api_docs/kbn_ml_anomaly_utils.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-anomaly-utils
 title: "@kbn/ml-anomaly-utils"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/ml-anomaly-utils plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-anomaly-utils']
 ---
 import kbnMlAnomalyUtilsObj from './kbn_ml_anomaly_utils.devdocs.json';
diff --git a/api_docs/kbn_ml_cancellable_search.mdx b/api_docs/kbn_ml_cancellable_search.mdx
index a4d9b5a984f39..66b220248cc2c 100644
--- a/api_docs/kbn_ml_cancellable_search.mdx
+++ b/api_docs/kbn_ml_cancellable_search.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-cancellable-search
 title: "@kbn/ml-cancellable-search"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/ml-cancellable-search plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-cancellable-search']
 ---
 import kbnMlCancellableSearchObj from './kbn_ml_cancellable_search.devdocs.json';
diff --git a/api_docs/kbn_ml_category_validator.mdx b/api_docs/kbn_ml_category_validator.mdx
index a79a0aeaf53ef..84a7e79b63b73 100644
--- a/api_docs/kbn_ml_category_validator.mdx
+++ b/api_docs/kbn_ml_category_validator.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-category-validator
 title: "@kbn/ml-category-validator"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/ml-category-validator plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-category-validator']
 ---
 import kbnMlCategoryValidatorObj from './kbn_ml_category_validator.devdocs.json';
diff --git a/api_docs/kbn_ml_chi2test.mdx b/api_docs/kbn_ml_chi2test.mdx
index ff3a6ba6c48a4..c62f645fbef81 100644
--- a/api_docs/kbn_ml_chi2test.mdx
+++ b/api_docs/kbn_ml_chi2test.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-chi2test
 title: "@kbn/ml-chi2test"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/ml-chi2test plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-chi2test']
 ---
 import kbnMlChi2testObj from './kbn_ml_chi2test.devdocs.json';
diff --git a/api_docs/kbn_ml_data_frame_analytics_utils.mdx b/api_docs/kbn_ml_data_frame_analytics_utils.mdx
index 4c3f4b54e4640..63aa71602374b 100644
--- a/api_docs/kbn_ml_data_frame_analytics_utils.mdx
+++ b/api_docs/kbn_ml_data_frame_analytics_utils.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-data-frame-analytics-utils
 title: "@kbn/ml-data-frame-analytics-utils"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/ml-data-frame-analytics-utils plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-data-frame-analytics-utils']
 ---
 import kbnMlDataFrameAnalyticsUtilsObj from './kbn_ml_data_frame_analytics_utils.devdocs.json';
diff --git a/api_docs/kbn_ml_data_grid.mdx b/api_docs/kbn_ml_data_grid.mdx
index fddb315a8919a..9b44c4bda3ae8 100644
--- a/api_docs/kbn_ml_data_grid.mdx
+++ b/api_docs/kbn_ml_data_grid.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-data-grid
 title: "@kbn/ml-data-grid"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/ml-data-grid plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-data-grid']
 ---
 import kbnMlDataGridObj from './kbn_ml_data_grid.devdocs.json';
diff --git a/api_docs/kbn_ml_date_picker.mdx b/api_docs/kbn_ml_date_picker.mdx
index dbb7cc6c40ccf..8bbb98b8fd8ad 100644
--- a/api_docs/kbn_ml_date_picker.mdx
+++ b/api_docs/kbn_ml_date_picker.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-date-picker
 title: "@kbn/ml-date-picker"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/ml-date-picker plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-date-picker']
 ---
 import kbnMlDatePickerObj from './kbn_ml_date_picker.devdocs.json';
diff --git a/api_docs/kbn_ml_date_utils.mdx b/api_docs/kbn_ml_date_utils.mdx
index 7d6c510e34203..41972f093d059 100644
--- a/api_docs/kbn_ml_date_utils.mdx
+++ b/api_docs/kbn_ml_date_utils.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-date-utils
 title: "@kbn/ml-date-utils"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/ml-date-utils plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-date-utils']
 ---
 import kbnMlDateUtilsObj from './kbn_ml_date_utils.devdocs.json';
diff --git a/api_docs/kbn_ml_error_utils.mdx b/api_docs/kbn_ml_error_utils.mdx
index 14cfe80893adb..e2ec17a1301fa 100644
--- a/api_docs/kbn_ml_error_utils.mdx
+++ b/api_docs/kbn_ml_error_utils.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-error-utils
 title: "@kbn/ml-error-utils"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/ml-error-utils plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-error-utils']
 ---
 import kbnMlErrorUtilsObj from './kbn_ml_error_utils.devdocs.json';
diff --git a/api_docs/kbn_ml_field_stats_flyout.mdx b/api_docs/kbn_ml_field_stats_flyout.mdx
index 7d5b991fac89d..b48bb841d2719 100644
--- a/api_docs/kbn_ml_field_stats_flyout.mdx
+++ b/api_docs/kbn_ml_field_stats_flyout.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-field-stats-flyout
 title: "@kbn/ml-field-stats-flyout"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/ml-field-stats-flyout plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-field-stats-flyout']
 ---
 import kbnMlFieldStatsFlyoutObj from './kbn_ml_field_stats_flyout.devdocs.json';
diff --git a/api_docs/kbn_ml_in_memory_table.mdx b/api_docs/kbn_ml_in_memory_table.mdx
index adf618a7bc189..6789ae576f6da 100644
--- a/api_docs/kbn_ml_in_memory_table.mdx
+++ b/api_docs/kbn_ml_in_memory_table.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-in-memory-table
 title: "@kbn/ml-in-memory-table"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/ml-in-memory-table plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-in-memory-table']
 ---
 import kbnMlInMemoryTableObj from './kbn_ml_in_memory_table.devdocs.json';
diff --git a/api_docs/kbn_ml_is_defined.mdx b/api_docs/kbn_ml_is_defined.mdx
index b9a5f9259d431..bfc2148611f20 100644
--- a/api_docs/kbn_ml_is_defined.mdx
+++ b/api_docs/kbn_ml_is_defined.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-is-defined
 title: "@kbn/ml-is-defined"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/ml-is-defined plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-is-defined']
 ---
 import kbnMlIsDefinedObj from './kbn_ml_is_defined.devdocs.json';
diff --git a/api_docs/kbn_ml_is_populated_object.mdx b/api_docs/kbn_ml_is_populated_object.mdx
index 88020badbad19..fc0ab1713aefe 100644
--- a/api_docs/kbn_ml_is_populated_object.mdx
+++ b/api_docs/kbn_ml_is_populated_object.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-is-populated-object
 title: "@kbn/ml-is-populated-object"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/ml-is-populated-object plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-is-populated-object']
 ---
 import kbnMlIsPopulatedObjectObj from './kbn_ml_is_populated_object.devdocs.json';
diff --git a/api_docs/kbn_ml_kibana_theme.mdx b/api_docs/kbn_ml_kibana_theme.mdx
index db9949aeef209..7f2062b495337 100644
--- a/api_docs/kbn_ml_kibana_theme.mdx
+++ b/api_docs/kbn_ml_kibana_theme.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-kibana-theme
 title: "@kbn/ml-kibana-theme"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/ml-kibana-theme plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-kibana-theme']
 ---
 import kbnMlKibanaThemeObj from './kbn_ml_kibana_theme.devdocs.json';
diff --git a/api_docs/kbn_ml_local_storage.mdx b/api_docs/kbn_ml_local_storage.mdx
index 4986f6e22610c..38b0ae8d1b523 100644
--- a/api_docs/kbn_ml_local_storage.mdx
+++ b/api_docs/kbn_ml_local_storage.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-local-storage
 title: "@kbn/ml-local-storage"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/ml-local-storage plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-local-storage']
 ---
 import kbnMlLocalStorageObj from './kbn_ml_local_storage.devdocs.json';
diff --git a/api_docs/kbn_ml_nested_property.mdx b/api_docs/kbn_ml_nested_property.mdx
index 7bebcbd389657..d19b4b3496543 100644
--- a/api_docs/kbn_ml_nested_property.mdx
+++ b/api_docs/kbn_ml_nested_property.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-nested-property
 title: "@kbn/ml-nested-property"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/ml-nested-property plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-nested-property']
 ---
 import kbnMlNestedPropertyObj from './kbn_ml_nested_property.devdocs.json';
diff --git a/api_docs/kbn_ml_number_utils.mdx b/api_docs/kbn_ml_number_utils.mdx
index ffc7decec804e..b5d6bfcf697a7 100644
--- a/api_docs/kbn_ml_number_utils.mdx
+++ b/api_docs/kbn_ml_number_utils.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-number-utils
 title: "@kbn/ml-number-utils"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/ml-number-utils plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-number-utils']
 ---
 import kbnMlNumberUtilsObj from './kbn_ml_number_utils.devdocs.json';
diff --git a/api_docs/kbn_ml_parse_interval.mdx b/api_docs/kbn_ml_parse_interval.mdx
index 5c276242db361..277211384385f 100644
--- a/api_docs/kbn_ml_parse_interval.mdx
+++ b/api_docs/kbn_ml_parse_interval.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-parse-interval
 title: "@kbn/ml-parse-interval"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/ml-parse-interval plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-parse-interval']
 ---
 import kbnMlParseIntervalObj from './kbn_ml_parse_interval.devdocs.json';
diff --git a/api_docs/kbn_ml_query_utils.mdx b/api_docs/kbn_ml_query_utils.mdx
index 9a1bab0cc2bb6..bc9d4f5bee5dc 100644
--- a/api_docs/kbn_ml_query_utils.mdx
+++ b/api_docs/kbn_ml_query_utils.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-query-utils
 title: "@kbn/ml-query-utils"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/ml-query-utils plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-query-utils']
 ---
 import kbnMlQueryUtilsObj from './kbn_ml_query_utils.devdocs.json';
diff --git a/api_docs/kbn_ml_random_sampler_utils.mdx b/api_docs/kbn_ml_random_sampler_utils.mdx
index aafa96694cab7..2aa483ef7f9af 100644
--- a/api_docs/kbn_ml_random_sampler_utils.mdx
+++ b/api_docs/kbn_ml_random_sampler_utils.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-random-sampler-utils
 title: "@kbn/ml-random-sampler-utils"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/ml-random-sampler-utils plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-random-sampler-utils']
 ---
 import kbnMlRandomSamplerUtilsObj from './kbn_ml_random_sampler_utils.devdocs.json';
diff --git a/api_docs/kbn_ml_route_utils.mdx b/api_docs/kbn_ml_route_utils.mdx
index b07f25d73fce4..d5335ec63a7a1 100644
--- a/api_docs/kbn_ml_route_utils.mdx
+++ b/api_docs/kbn_ml_route_utils.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-route-utils
 title: "@kbn/ml-route-utils"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/ml-route-utils plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-route-utils']
 ---
 import kbnMlRouteUtilsObj from './kbn_ml_route_utils.devdocs.json';
diff --git a/api_docs/kbn_ml_runtime_field_utils.mdx b/api_docs/kbn_ml_runtime_field_utils.mdx
index 63076aa68f7e3..5ee15c43f3bf2 100644
--- a/api_docs/kbn_ml_runtime_field_utils.mdx
+++ b/api_docs/kbn_ml_runtime_field_utils.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-runtime-field-utils
 title: "@kbn/ml-runtime-field-utils"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/ml-runtime-field-utils plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-runtime-field-utils']
 ---
 import kbnMlRuntimeFieldUtilsObj from './kbn_ml_runtime_field_utils.devdocs.json';
diff --git a/api_docs/kbn_ml_string_hash.mdx b/api_docs/kbn_ml_string_hash.mdx
index 596110c694684..634b9da6ffc6b 100644
--- a/api_docs/kbn_ml_string_hash.mdx
+++ b/api_docs/kbn_ml_string_hash.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-string-hash
 title: "@kbn/ml-string-hash"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/ml-string-hash plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-string-hash']
 ---
 import kbnMlStringHashObj from './kbn_ml_string_hash.devdocs.json';
diff --git a/api_docs/kbn_ml_time_buckets.mdx b/api_docs/kbn_ml_time_buckets.mdx
index 77d3e0cdb27de..3cc1a1a39762b 100644
--- a/api_docs/kbn_ml_time_buckets.mdx
+++ b/api_docs/kbn_ml_time_buckets.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-time-buckets
 title: "@kbn/ml-time-buckets"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/ml-time-buckets plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-time-buckets']
 ---
 import kbnMlTimeBucketsObj from './kbn_ml_time_buckets.devdocs.json';
diff --git a/api_docs/kbn_ml_trained_models_utils.mdx b/api_docs/kbn_ml_trained_models_utils.mdx
index 60724e72677bf..51755e455f3dd 100644
--- a/api_docs/kbn_ml_trained_models_utils.mdx
+++ b/api_docs/kbn_ml_trained_models_utils.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-trained-models-utils
 title: "@kbn/ml-trained-models-utils"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/ml-trained-models-utils plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-trained-models-utils']
 ---
 import kbnMlTrainedModelsUtilsObj from './kbn_ml_trained_models_utils.devdocs.json';
diff --git a/api_docs/kbn_ml_ui_actions.mdx b/api_docs/kbn_ml_ui_actions.mdx
index 343401b698cfc..ded3f1335cb3d 100644
--- a/api_docs/kbn_ml_ui_actions.mdx
+++ b/api_docs/kbn_ml_ui_actions.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-ui-actions
 title: "@kbn/ml-ui-actions"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/ml-ui-actions plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-ui-actions']
 ---
 import kbnMlUiActionsObj from './kbn_ml_ui_actions.devdocs.json';
diff --git a/api_docs/kbn_ml_url_state.mdx b/api_docs/kbn_ml_url_state.mdx
index 6df0063365e7d..904b1750a81d8 100644
--- a/api_docs/kbn_ml_url_state.mdx
+++ b/api_docs/kbn_ml_url_state.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-url-state
 title: "@kbn/ml-url-state"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/ml-url-state plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-url-state']
 ---
 import kbnMlUrlStateObj from './kbn_ml_url_state.devdocs.json';
diff --git a/api_docs/kbn_ml_validators.mdx b/api_docs/kbn_ml_validators.mdx
index 23e597e2f0f43..0509273dc3766 100644
--- a/api_docs/kbn_ml_validators.mdx
+++ b/api_docs/kbn_ml_validators.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-validators
 title: "@kbn/ml-validators"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/ml-validators plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-validators']
 ---
 import kbnMlValidatorsObj from './kbn_ml_validators.devdocs.json';
diff --git a/api_docs/kbn_mock_idp_utils.mdx b/api_docs/kbn_mock_idp_utils.mdx
index 742d202cbcee7..16b8ab09da692 100644
--- a/api_docs/kbn_mock_idp_utils.mdx
+++ b/api_docs/kbn_mock_idp_utils.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-mock-idp-utils
 title: "@kbn/mock-idp-utils"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/mock-idp-utils plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/mock-idp-utils']
 ---
 import kbnMockIdpUtilsObj from './kbn_mock_idp_utils.devdocs.json';
diff --git a/api_docs/kbn_monaco.mdx b/api_docs/kbn_monaco.mdx
index a96e583d94e9f..04c701f2639fc 100644
--- a/api_docs/kbn_monaco.mdx
+++ b/api_docs/kbn_monaco.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-monaco
 title: "@kbn/monaco"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/monaco plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/monaco']
 ---
 import kbnMonacoObj from './kbn_monaco.devdocs.json';
diff --git a/api_docs/kbn_object_versioning.mdx b/api_docs/kbn_object_versioning.mdx
index 1defebd09d228..060b942583d76 100644
--- a/api_docs/kbn_object_versioning.mdx
+++ b/api_docs/kbn_object_versioning.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-object-versioning
 title: "@kbn/object-versioning"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/object-versioning plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/object-versioning']
 ---
 import kbnObjectVersioningObj from './kbn_object_versioning.devdocs.json';
diff --git a/api_docs/kbn_object_versioning_utils.mdx b/api_docs/kbn_object_versioning_utils.mdx
index 8a81cb4f518ae..1a583d14c5552 100644
--- a/api_docs/kbn_object_versioning_utils.mdx
+++ b/api_docs/kbn_object_versioning_utils.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-object-versioning-utils
 title: "@kbn/object-versioning-utils"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/object-versioning-utils plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/object-versioning-utils']
 ---
 import kbnObjectVersioningUtilsObj from './kbn_object_versioning_utils.devdocs.json';
diff --git a/api_docs/kbn_observability_alert_details.mdx b/api_docs/kbn_observability_alert_details.mdx
index 24b2d0f27bbdc..234ff6a568724 100644
--- a/api_docs/kbn_observability_alert_details.mdx
+++ b/api_docs/kbn_observability_alert_details.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-observability-alert-details
 title: "@kbn/observability-alert-details"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/observability-alert-details plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/observability-alert-details']
 ---
 import kbnObservabilityAlertDetailsObj from './kbn_observability_alert_details.devdocs.json';
diff --git a/api_docs/kbn_observability_alerting_rule_utils.mdx b/api_docs/kbn_observability_alerting_rule_utils.mdx
index c6067a685e93d..b2430e3392a0e 100644
--- a/api_docs/kbn_observability_alerting_rule_utils.mdx
+++ b/api_docs/kbn_observability_alerting_rule_utils.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-observability-alerting-rule-utils
 title: "@kbn/observability-alerting-rule-utils"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/observability-alerting-rule-utils plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/observability-alerting-rule-utils']
 ---
 import kbnObservabilityAlertingRuleUtilsObj from './kbn_observability_alerting_rule_utils.devdocs.json';
diff --git a/api_docs/kbn_observability_alerting_test_data.mdx b/api_docs/kbn_observability_alerting_test_data.mdx
index 5ad4d6d3f3602..e86738e7905e2 100644
--- a/api_docs/kbn_observability_alerting_test_data.mdx
+++ b/api_docs/kbn_observability_alerting_test_data.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-observability-alerting-test-data
 title: "@kbn/observability-alerting-test-data"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/observability-alerting-test-data plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/observability-alerting-test-data']
 ---
 import kbnObservabilityAlertingTestDataObj from './kbn_observability_alerting_test_data.devdocs.json';
diff --git a/api_docs/kbn_observability_get_padded_alert_time_range_util.mdx b/api_docs/kbn_observability_get_padded_alert_time_range_util.mdx
index d8207d81dc261..ab2ea3d25de29 100644
--- a/api_docs/kbn_observability_get_padded_alert_time_range_util.mdx
+++ b/api_docs/kbn_observability_get_padded_alert_time_range_util.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-observability-get-padded-alert-time-range-util
 title: "@kbn/observability-get-padded-alert-time-range-util"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/observability-get-padded-alert-time-range-util plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/observability-get-padded-alert-time-range-util']
 ---
 import kbnObservabilityGetPaddedAlertTimeRangeUtilObj from './kbn_observability_get_padded_alert_time_range_util.devdocs.json';
diff --git a/api_docs/kbn_observability_logs_overview.mdx b/api_docs/kbn_observability_logs_overview.mdx
index 58a812061ea3b..31aadf3b2202d 100644
--- a/api_docs/kbn_observability_logs_overview.mdx
+++ b/api_docs/kbn_observability_logs_overview.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-observability-logs-overview
 title: "@kbn/observability-logs-overview"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/observability-logs-overview plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/observability-logs-overview']
 ---
 import kbnObservabilityLogsOverviewObj from './kbn_observability_logs_overview.devdocs.json';
diff --git a/api_docs/kbn_observability_synthetics_test_data.mdx b/api_docs/kbn_observability_synthetics_test_data.mdx
index b10096eabf86f..a5595abac34d5 100644
--- a/api_docs/kbn_observability_synthetics_test_data.mdx
+++ b/api_docs/kbn_observability_synthetics_test_data.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-observability-synthetics-test-data
 title: "@kbn/observability-synthetics-test-data"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/observability-synthetics-test-data plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/observability-synthetics-test-data']
 ---
 import kbnObservabilitySyntheticsTestDataObj from './kbn_observability_synthetics_test_data.devdocs.json';
diff --git a/api_docs/kbn_openapi_bundler.mdx b/api_docs/kbn_openapi_bundler.mdx
index e24dad4ac4c38..6843e1dd9340c 100644
--- a/api_docs/kbn_openapi_bundler.mdx
+++ b/api_docs/kbn_openapi_bundler.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-openapi-bundler
 title: "@kbn/openapi-bundler"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/openapi-bundler plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/openapi-bundler']
 ---
 import kbnOpenapiBundlerObj from './kbn_openapi_bundler.devdocs.json';
diff --git a/api_docs/kbn_openapi_generator.mdx b/api_docs/kbn_openapi_generator.mdx
index bdb4b573a9f80..0aaa40dd52e5e 100644
--- a/api_docs/kbn_openapi_generator.mdx
+++ b/api_docs/kbn_openapi_generator.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-openapi-generator
 title: "@kbn/openapi-generator"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/openapi-generator plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/openapi-generator']
 ---
 import kbnOpenapiGeneratorObj from './kbn_openapi_generator.devdocs.json';
diff --git a/api_docs/kbn_optimizer.mdx b/api_docs/kbn_optimizer.mdx
index 928955cf42b7e..08e3f3edeac35 100644
--- a/api_docs/kbn_optimizer.mdx
+++ b/api_docs/kbn_optimizer.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-optimizer
 title: "@kbn/optimizer"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/optimizer plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/optimizer']
 ---
 import kbnOptimizerObj from './kbn_optimizer.devdocs.json';
diff --git a/api_docs/kbn_optimizer_webpack_helpers.mdx b/api_docs/kbn_optimizer_webpack_helpers.mdx
index b973e2fc28702..5a2f6c21d03ca 100644
--- a/api_docs/kbn_optimizer_webpack_helpers.mdx
+++ b/api_docs/kbn_optimizer_webpack_helpers.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-optimizer-webpack-helpers
 title: "@kbn/optimizer-webpack-helpers"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/optimizer-webpack-helpers plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/optimizer-webpack-helpers']
 ---
 import kbnOptimizerWebpackHelpersObj from './kbn_optimizer_webpack_helpers.devdocs.json';
diff --git a/api_docs/kbn_osquery_io_ts_types.mdx b/api_docs/kbn_osquery_io_ts_types.mdx
index b365a12c78ac1..c26b2dc6eeed8 100644
--- a/api_docs/kbn_osquery_io_ts_types.mdx
+++ b/api_docs/kbn_osquery_io_ts_types.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-osquery-io-ts-types
 title: "@kbn/osquery-io-ts-types"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/osquery-io-ts-types plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/osquery-io-ts-types']
 ---
 import kbnOsqueryIoTsTypesObj from './kbn_osquery_io_ts_types.devdocs.json';
diff --git a/api_docs/kbn_panel_loader.mdx b/api_docs/kbn_panel_loader.mdx
index e762e03721710..91c9957c586a7 100644
--- a/api_docs/kbn_panel_loader.mdx
+++ b/api_docs/kbn_panel_loader.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-panel-loader
 title: "@kbn/panel-loader"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/panel-loader plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/panel-loader']
 ---
 import kbnPanelLoaderObj from './kbn_panel_loader.devdocs.json';
diff --git a/api_docs/kbn_performance_testing_dataset_extractor.mdx b/api_docs/kbn_performance_testing_dataset_extractor.mdx
index 3165245e2fb97..3970a561b01dd 100644
--- a/api_docs/kbn_performance_testing_dataset_extractor.mdx
+++ b/api_docs/kbn_performance_testing_dataset_extractor.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-performance-testing-dataset-extractor
 title: "@kbn/performance-testing-dataset-extractor"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/performance-testing-dataset-extractor plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/performance-testing-dataset-extractor']
 ---
 import kbnPerformanceTestingDatasetExtractorObj from './kbn_performance_testing_dataset_extractor.devdocs.json';
diff --git a/api_docs/kbn_plugin_check.mdx b/api_docs/kbn_plugin_check.mdx
index 0ad957cfc5199..9ad26f45044cb 100644
--- a/api_docs/kbn_plugin_check.mdx
+++ b/api_docs/kbn_plugin_check.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-plugin-check
 title: "@kbn/plugin-check"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/plugin-check plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/plugin-check']
 ---
 import kbnPluginCheckObj from './kbn_plugin_check.devdocs.json';
diff --git a/api_docs/kbn_plugin_generator.mdx b/api_docs/kbn_plugin_generator.mdx
index 996544ca50192..731791749a1a8 100644
--- a/api_docs/kbn_plugin_generator.mdx
+++ b/api_docs/kbn_plugin_generator.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-plugin-generator
 title: "@kbn/plugin-generator"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/plugin-generator plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/plugin-generator']
 ---
 import kbnPluginGeneratorObj from './kbn_plugin_generator.devdocs.json';
diff --git a/api_docs/kbn_plugin_helpers.mdx b/api_docs/kbn_plugin_helpers.mdx
index a338af0b37863..0c8d0cdd3837a 100644
--- a/api_docs/kbn_plugin_helpers.mdx
+++ b/api_docs/kbn_plugin_helpers.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-plugin-helpers
 title: "@kbn/plugin-helpers"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/plugin-helpers plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/plugin-helpers']
 ---
 import kbnPluginHelpersObj from './kbn_plugin_helpers.devdocs.json';
diff --git a/api_docs/kbn_presentation_containers.mdx b/api_docs/kbn_presentation_containers.mdx
index 35c491dd3aa3c..38ae9db53a733 100644
--- a/api_docs/kbn_presentation_containers.mdx
+++ b/api_docs/kbn_presentation_containers.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-presentation-containers
 title: "@kbn/presentation-containers"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/presentation-containers plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/presentation-containers']
 ---
 import kbnPresentationContainersObj from './kbn_presentation_containers.devdocs.json';
diff --git a/api_docs/kbn_presentation_publishing.mdx b/api_docs/kbn_presentation_publishing.mdx
index ea63d73b73206..fe3e0137eefd7 100644
--- a/api_docs/kbn_presentation_publishing.mdx
+++ b/api_docs/kbn_presentation_publishing.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-presentation-publishing
 title: "@kbn/presentation-publishing"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/presentation-publishing plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/presentation-publishing']
 ---
 import kbnPresentationPublishingObj from './kbn_presentation_publishing.devdocs.json';
diff --git a/api_docs/kbn_product_doc_artifact_builder.mdx b/api_docs/kbn_product_doc_artifact_builder.mdx
index e737c606ba67d..a899f053c8e69 100644
--- a/api_docs/kbn_product_doc_artifact_builder.mdx
+++ b/api_docs/kbn_product_doc_artifact_builder.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-product-doc-artifact-builder
 title: "@kbn/product-doc-artifact-builder"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/product-doc-artifact-builder plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/product-doc-artifact-builder']
 ---
 import kbnProductDocArtifactBuilderObj from './kbn_product_doc_artifact_builder.devdocs.json';
diff --git a/api_docs/kbn_profiling_utils.mdx b/api_docs/kbn_profiling_utils.mdx
index 2461ac60f5b90..c6849a9846f71 100644
--- a/api_docs/kbn_profiling_utils.mdx
+++ b/api_docs/kbn_profiling_utils.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-profiling-utils
 title: "@kbn/profiling-utils"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/profiling-utils plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/profiling-utils']
 ---
 import kbnProfilingUtilsObj from './kbn_profiling_utils.devdocs.json';
diff --git a/api_docs/kbn_random_sampling.mdx b/api_docs/kbn_random_sampling.mdx
index 278a1b53b11ea..605a83778f229 100644
--- a/api_docs/kbn_random_sampling.mdx
+++ b/api_docs/kbn_random_sampling.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-random-sampling
 title: "@kbn/random-sampling"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/random-sampling plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/random-sampling']
 ---
 import kbnRandomSamplingObj from './kbn_random_sampling.devdocs.json';
diff --git a/api_docs/kbn_react_field.mdx b/api_docs/kbn_react_field.mdx
index 6cc9939a14c10..0387cfb06aed1 100644
--- a/api_docs/kbn_react_field.mdx
+++ b/api_docs/kbn_react_field.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-react-field
 title: "@kbn/react-field"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/react-field plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/react-field']
 ---
 import kbnReactFieldObj from './kbn_react_field.devdocs.json';
diff --git a/api_docs/kbn_react_hooks.mdx b/api_docs/kbn_react_hooks.mdx
index d0a86fc48bdaf..d4c4736d08f6e 100644
--- a/api_docs/kbn_react_hooks.mdx
+++ b/api_docs/kbn_react_hooks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-react-hooks
 title: "@kbn/react-hooks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/react-hooks plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/react-hooks']
 ---
 import kbnReactHooksObj from './kbn_react_hooks.devdocs.json';
diff --git a/api_docs/kbn_react_kibana_context_common.mdx b/api_docs/kbn_react_kibana_context_common.mdx
index fafac45b43fac..19c3b10e0d3a5 100644
--- a/api_docs/kbn_react_kibana_context_common.mdx
+++ b/api_docs/kbn_react_kibana_context_common.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-react-kibana-context-common
 title: "@kbn/react-kibana-context-common"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/react-kibana-context-common plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/react-kibana-context-common']
 ---
 import kbnReactKibanaContextCommonObj from './kbn_react_kibana_context_common.devdocs.json';
diff --git a/api_docs/kbn_react_kibana_context_render.mdx b/api_docs/kbn_react_kibana_context_render.mdx
index 268d249666adb..cf66e3f4b83d1 100644
--- a/api_docs/kbn_react_kibana_context_render.mdx
+++ b/api_docs/kbn_react_kibana_context_render.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-react-kibana-context-render
 title: "@kbn/react-kibana-context-render"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/react-kibana-context-render plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/react-kibana-context-render']
 ---
 import kbnReactKibanaContextRenderObj from './kbn_react_kibana_context_render.devdocs.json';
diff --git a/api_docs/kbn_react_kibana_context_root.mdx b/api_docs/kbn_react_kibana_context_root.mdx
index 89408f64335ad..81d720dfebdc4 100644
--- a/api_docs/kbn_react_kibana_context_root.mdx
+++ b/api_docs/kbn_react_kibana_context_root.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-react-kibana-context-root
 title: "@kbn/react-kibana-context-root"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/react-kibana-context-root plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/react-kibana-context-root']
 ---
 import kbnReactKibanaContextRootObj from './kbn_react_kibana_context_root.devdocs.json';
diff --git a/api_docs/kbn_react_kibana_context_styled.mdx b/api_docs/kbn_react_kibana_context_styled.mdx
index 642c0f510d32a..21f344f3ec05b 100644
--- a/api_docs/kbn_react_kibana_context_styled.mdx
+++ b/api_docs/kbn_react_kibana_context_styled.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-react-kibana-context-styled
 title: "@kbn/react-kibana-context-styled"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/react-kibana-context-styled plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/react-kibana-context-styled']
 ---
 import kbnReactKibanaContextStyledObj from './kbn_react_kibana_context_styled.devdocs.json';
diff --git a/api_docs/kbn_react_kibana_context_theme.mdx b/api_docs/kbn_react_kibana_context_theme.mdx
index 6d69b3e1feb57..a784c2665fe93 100644
--- a/api_docs/kbn_react_kibana_context_theme.mdx
+++ b/api_docs/kbn_react_kibana_context_theme.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-react-kibana-context-theme
 title: "@kbn/react-kibana-context-theme"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/react-kibana-context-theme plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/react-kibana-context-theme']
 ---
 import kbnReactKibanaContextThemeObj from './kbn_react_kibana_context_theme.devdocs.json';
diff --git a/api_docs/kbn_react_kibana_mount.mdx b/api_docs/kbn_react_kibana_mount.mdx
index 23d49b1d84a83..42b47dc905259 100644
--- a/api_docs/kbn_react_kibana_mount.mdx
+++ b/api_docs/kbn_react_kibana_mount.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-react-kibana-mount
 title: "@kbn/react-kibana-mount"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/react-kibana-mount plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/react-kibana-mount']
 ---
 import kbnReactKibanaMountObj from './kbn_react_kibana_mount.devdocs.json';
diff --git a/api_docs/kbn_recently_accessed.mdx b/api_docs/kbn_recently_accessed.mdx
index fb70861bf5c8e..f66b61c8b4a1a 100644
--- a/api_docs/kbn_recently_accessed.mdx
+++ b/api_docs/kbn_recently_accessed.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-recently-accessed
 title: "@kbn/recently-accessed"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/recently-accessed plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/recently-accessed']
 ---
 import kbnRecentlyAccessedObj from './kbn_recently_accessed.devdocs.json';
diff --git a/api_docs/kbn_repo_file_maps.mdx b/api_docs/kbn_repo_file_maps.mdx
index c3e6209fe0cba..1e95137257817 100644
--- a/api_docs/kbn_repo_file_maps.mdx
+++ b/api_docs/kbn_repo_file_maps.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-repo-file-maps
 title: "@kbn/repo-file-maps"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/repo-file-maps plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/repo-file-maps']
 ---
 import kbnRepoFileMapsObj from './kbn_repo_file_maps.devdocs.json';
diff --git a/api_docs/kbn_repo_linter.mdx b/api_docs/kbn_repo_linter.mdx
index 0a344992f3673..3e39434f04f9d 100644
--- a/api_docs/kbn_repo_linter.mdx
+++ b/api_docs/kbn_repo_linter.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-repo-linter
 title: "@kbn/repo-linter"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/repo-linter plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/repo-linter']
 ---
 import kbnRepoLinterObj from './kbn_repo_linter.devdocs.json';
diff --git a/api_docs/kbn_repo_path.mdx b/api_docs/kbn_repo_path.mdx
index d4593bb69ec11..f141bd0342272 100644
--- a/api_docs/kbn_repo_path.mdx
+++ b/api_docs/kbn_repo_path.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-repo-path
 title: "@kbn/repo-path"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/repo-path plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/repo-path']
 ---
 import kbnRepoPathObj from './kbn_repo_path.devdocs.json';
diff --git a/api_docs/kbn_repo_source_classifier.mdx b/api_docs/kbn_repo_source_classifier.mdx
index 4bc026939319e..bd1b5024056af 100644
--- a/api_docs/kbn_repo_source_classifier.mdx
+++ b/api_docs/kbn_repo_source_classifier.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-repo-source-classifier
 title: "@kbn/repo-source-classifier"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/repo-source-classifier plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/repo-source-classifier']
 ---
 import kbnRepoSourceClassifierObj from './kbn_repo_source_classifier.devdocs.json';
diff --git a/api_docs/kbn_reporting_common.mdx b/api_docs/kbn_reporting_common.mdx
index 495a620eed089..487fd1ac2d06c 100644
--- a/api_docs/kbn_reporting_common.mdx
+++ b/api_docs/kbn_reporting_common.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-common
 title: "@kbn/reporting-common"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/reporting-common plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-common']
 ---
 import kbnReportingCommonObj from './kbn_reporting_common.devdocs.json';
diff --git a/api_docs/kbn_reporting_csv_share_panel.mdx b/api_docs/kbn_reporting_csv_share_panel.mdx
index fcdbcff994406..ecae897223426 100644
--- a/api_docs/kbn_reporting_csv_share_panel.mdx
+++ b/api_docs/kbn_reporting_csv_share_panel.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-csv-share-panel
 title: "@kbn/reporting-csv-share-panel"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/reporting-csv-share-panel plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-csv-share-panel']
 ---
 import kbnReportingCsvSharePanelObj from './kbn_reporting_csv_share_panel.devdocs.json';
diff --git a/api_docs/kbn_reporting_export_types_csv.mdx b/api_docs/kbn_reporting_export_types_csv.mdx
index bd9f21e11dc53..c353324f64adb 100644
--- a/api_docs/kbn_reporting_export_types_csv.mdx
+++ b/api_docs/kbn_reporting_export_types_csv.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-export-types-csv
 title: "@kbn/reporting-export-types-csv"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/reporting-export-types-csv plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-export-types-csv']
 ---
 import kbnReportingExportTypesCsvObj from './kbn_reporting_export_types_csv.devdocs.json';
diff --git a/api_docs/kbn_reporting_export_types_csv_common.mdx b/api_docs/kbn_reporting_export_types_csv_common.mdx
index a733ea5344aab..5c54baf6d1d34 100644
--- a/api_docs/kbn_reporting_export_types_csv_common.mdx
+++ b/api_docs/kbn_reporting_export_types_csv_common.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-export-types-csv-common
 title: "@kbn/reporting-export-types-csv-common"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/reporting-export-types-csv-common plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-export-types-csv-common']
 ---
 import kbnReportingExportTypesCsvCommonObj from './kbn_reporting_export_types_csv_common.devdocs.json';
diff --git a/api_docs/kbn_reporting_export_types_pdf.mdx b/api_docs/kbn_reporting_export_types_pdf.mdx
index 1511dd22eeb34..0aa4fcf731f2b 100644
--- a/api_docs/kbn_reporting_export_types_pdf.mdx
+++ b/api_docs/kbn_reporting_export_types_pdf.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-export-types-pdf
 title: "@kbn/reporting-export-types-pdf"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/reporting-export-types-pdf plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-export-types-pdf']
 ---
 import kbnReportingExportTypesPdfObj from './kbn_reporting_export_types_pdf.devdocs.json';
diff --git a/api_docs/kbn_reporting_export_types_pdf_common.mdx b/api_docs/kbn_reporting_export_types_pdf_common.mdx
index bff1a6c5a2981..0885ca8c94509 100644
--- a/api_docs/kbn_reporting_export_types_pdf_common.mdx
+++ b/api_docs/kbn_reporting_export_types_pdf_common.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-export-types-pdf-common
 title: "@kbn/reporting-export-types-pdf-common"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/reporting-export-types-pdf-common plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-export-types-pdf-common']
 ---
 import kbnReportingExportTypesPdfCommonObj from './kbn_reporting_export_types_pdf_common.devdocs.json';
diff --git a/api_docs/kbn_reporting_export_types_png.mdx b/api_docs/kbn_reporting_export_types_png.mdx
index d9948ebfb004b..33a4b2b828850 100644
--- a/api_docs/kbn_reporting_export_types_png.mdx
+++ b/api_docs/kbn_reporting_export_types_png.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-export-types-png
 title: "@kbn/reporting-export-types-png"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/reporting-export-types-png plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-export-types-png']
 ---
 import kbnReportingExportTypesPngObj from './kbn_reporting_export_types_png.devdocs.json';
diff --git a/api_docs/kbn_reporting_export_types_png_common.mdx b/api_docs/kbn_reporting_export_types_png_common.mdx
index cc2af3e7afe08..260170c5bd674 100644
--- a/api_docs/kbn_reporting_export_types_png_common.mdx
+++ b/api_docs/kbn_reporting_export_types_png_common.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-export-types-png-common
 title: "@kbn/reporting-export-types-png-common"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/reporting-export-types-png-common plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-export-types-png-common']
 ---
 import kbnReportingExportTypesPngCommonObj from './kbn_reporting_export_types_png_common.devdocs.json';
diff --git a/api_docs/kbn_reporting_mocks_server.mdx b/api_docs/kbn_reporting_mocks_server.mdx
index 823e66dde25cd..73542ac71ca4c 100644
--- a/api_docs/kbn_reporting_mocks_server.mdx
+++ b/api_docs/kbn_reporting_mocks_server.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-mocks-server
 title: "@kbn/reporting-mocks-server"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/reporting-mocks-server plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-mocks-server']
 ---
 import kbnReportingMocksServerObj from './kbn_reporting_mocks_server.devdocs.json';
diff --git a/api_docs/kbn_reporting_public.mdx b/api_docs/kbn_reporting_public.mdx
index adb3de1a0cdce..35ecb94add771 100644
--- a/api_docs/kbn_reporting_public.mdx
+++ b/api_docs/kbn_reporting_public.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-public
 title: "@kbn/reporting-public"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/reporting-public plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-public']
 ---
 import kbnReportingPublicObj from './kbn_reporting_public.devdocs.json';
diff --git a/api_docs/kbn_reporting_server.mdx b/api_docs/kbn_reporting_server.mdx
index 18dfc6adf3e47..e5686ac11312e 100644
--- a/api_docs/kbn_reporting_server.mdx
+++ b/api_docs/kbn_reporting_server.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-server
 title: "@kbn/reporting-server"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/reporting-server plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-server']
 ---
 import kbnReportingServerObj from './kbn_reporting_server.devdocs.json';
diff --git a/api_docs/kbn_resizable_layout.mdx b/api_docs/kbn_resizable_layout.mdx
index d6fcf1550c508..9333ce55fb1fe 100644
--- a/api_docs/kbn_resizable_layout.mdx
+++ b/api_docs/kbn_resizable_layout.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-resizable-layout
 title: "@kbn/resizable-layout"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/resizable-layout plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/resizable-layout']
 ---
 import kbnResizableLayoutObj from './kbn_resizable_layout.devdocs.json';
diff --git a/api_docs/kbn_response_ops_feature_flag_service.mdx b/api_docs/kbn_response_ops_feature_flag_service.mdx
index b22e6a15fe0e3..fce23a6cbda00 100644
--- a/api_docs/kbn_response_ops_feature_flag_service.mdx
+++ b/api_docs/kbn_response_ops_feature_flag_service.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-response-ops-feature-flag-service
 title: "@kbn/response-ops-feature-flag-service"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/response-ops-feature-flag-service plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/response-ops-feature-flag-service']
 ---
 import kbnResponseOpsFeatureFlagServiceObj from './kbn_response_ops_feature_flag_service.devdocs.json';
diff --git a/api_docs/kbn_response_ops_rule_params.mdx b/api_docs/kbn_response_ops_rule_params.mdx
index 4d2c8f2bf2825..8aadc99320e39 100644
--- a/api_docs/kbn_response_ops_rule_params.mdx
+++ b/api_docs/kbn_response_ops_rule_params.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-response-ops-rule-params
 title: "@kbn/response-ops-rule-params"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/response-ops-rule-params plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/response-ops-rule-params']
 ---
 import kbnResponseOpsRuleParamsObj from './kbn_response_ops_rule_params.devdocs.json';
diff --git a/api_docs/kbn_rison.mdx b/api_docs/kbn_rison.mdx
index a3f6b6cc34ccc..1aae2074abdf4 100644
--- a/api_docs/kbn_rison.mdx
+++ b/api_docs/kbn_rison.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-rison
 title: "@kbn/rison"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/rison plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/rison']
 ---
 import kbnRisonObj from './kbn_rison.devdocs.json';
diff --git a/api_docs/kbn_rollup.mdx b/api_docs/kbn_rollup.mdx
index f5b6092d25570..35619e9bd4537 100644
--- a/api_docs/kbn_rollup.mdx
+++ b/api_docs/kbn_rollup.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-rollup
 title: "@kbn/rollup"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/rollup plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/rollup']
 ---
 import kbnRollupObj from './kbn_rollup.devdocs.json';
diff --git a/api_docs/kbn_router_to_openapispec.mdx b/api_docs/kbn_router_to_openapispec.mdx
index fe7d8a3d6799a..e8d8a6ecaa1ac 100644
--- a/api_docs/kbn_router_to_openapispec.mdx
+++ b/api_docs/kbn_router_to_openapispec.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-router-to-openapispec
 title: "@kbn/router-to-openapispec"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/router-to-openapispec plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/router-to-openapispec']
 ---
 import kbnRouterToOpenapispecObj from './kbn_router_to_openapispec.devdocs.json';
diff --git a/api_docs/kbn_router_utils.mdx b/api_docs/kbn_router_utils.mdx
index db74246897a4c..11294e4c7f994 100644
--- a/api_docs/kbn_router_utils.mdx
+++ b/api_docs/kbn_router_utils.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-router-utils
 title: "@kbn/router-utils"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/router-utils plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/router-utils']
 ---
 import kbnRouterUtilsObj from './kbn_router_utils.devdocs.json';
diff --git a/api_docs/kbn_rrule.mdx b/api_docs/kbn_rrule.mdx
index b7e99dcb1c428..a8874c686cdff 100644
--- a/api_docs/kbn_rrule.mdx
+++ b/api_docs/kbn_rrule.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-rrule
 title: "@kbn/rrule"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/rrule plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/rrule']
 ---
 import kbnRruleObj from './kbn_rrule.devdocs.json';
diff --git a/api_docs/kbn_rule_data_utils.mdx b/api_docs/kbn_rule_data_utils.mdx
index 7fad45ddc2667..c4134ecc32a49 100644
--- a/api_docs/kbn_rule_data_utils.mdx
+++ b/api_docs/kbn_rule_data_utils.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-rule-data-utils
 title: "@kbn/rule-data-utils"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/rule-data-utils plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/rule-data-utils']
 ---
 import kbnRuleDataUtilsObj from './kbn_rule_data_utils.devdocs.json';
diff --git a/api_docs/kbn_saved_objects_settings.mdx b/api_docs/kbn_saved_objects_settings.mdx
index 0171494294254..3f627a62a2b15 100644
--- a/api_docs/kbn_saved_objects_settings.mdx
+++ b/api_docs/kbn_saved_objects_settings.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-saved-objects-settings
 title: "@kbn/saved-objects-settings"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/saved-objects-settings plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/saved-objects-settings']
 ---
 import kbnSavedObjectsSettingsObj from './kbn_saved_objects_settings.devdocs.json';
diff --git a/api_docs/kbn_screenshotting_server.mdx b/api_docs/kbn_screenshotting_server.mdx
index 61e0f8fbcff1b..02d74905c4a85 100644
--- a/api_docs/kbn_screenshotting_server.mdx
+++ b/api_docs/kbn_screenshotting_server.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-screenshotting-server
 title: "@kbn/screenshotting-server"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/screenshotting-server plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/screenshotting-server']
 ---
 import kbnScreenshottingServerObj from './kbn_screenshotting_server.devdocs.json';
diff --git a/api_docs/kbn_search_api_keys_components.mdx b/api_docs/kbn_search_api_keys_components.mdx
index ed9420b3658c1..d486bd962f88c 100644
--- a/api_docs/kbn_search_api_keys_components.mdx
+++ b/api_docs/kbn_search_api_keys_components.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-search-api-keys-components
 title: "@kbn/search-api-keys-components"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/search-api-keys-components plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/search-api-keys-components']
 ---
 import kbnSearchApiKeysComponentsObj from './kbn_search_api_keys_components.devdocs.json';
diff --git a/api_docs/kbn_search_api_keys_server.mdx b/api_docs/kbn_search_api_keys_server.mdx
index 79819d9fc6fc8..5bba687ecdcba 100644
--- a/api_docs/kbn_search_api_keys_server.mdx
+++ b/api_docs/kbn_search_api_keys_server.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-search-api-keys-server
 title: "@kbn/search-api-keys-server"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/search-api-keys-server plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/search-api-keys-server']
 ---
 import kbnSearchApiKeysServerObj from './kbn_search_api_keys_server.devdocs.json';
diff --git a/api_docs/kbn_search_api_panels.mdx b/api_docs/kbn_search_api_panels.mdx
index c5f4e270e01d1..3938d447bd130 100644
--- a/api_docs/kbn_search_api_panels.mdx
+++ b/api_docs/kbn_search_api_panels.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-search-api-panels
 title: "@kbn/search-api-panels"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/search-api-panels plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/search-api-panels']
 ---
 import kbnSearchApiPanelsObj from './kbn_search_api_panels.devdocs.json';
diff --git a/api_docs/kbn_search_connectors.mdx b/api_docs/kbn_search_connectors.mdx
index 1acdad3338824..c9214d349d2b7 100644
--- a/api_docs/kbn_search_connectors.mdx
+++ b/api_docs/kbn_search_connectors.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-search-connectors
 title: "@kbn/search-connectors"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/search-connectors plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/search-connectors']
 ---
 import kbnSearchConnectorsObj from './kbn_search_connectors.devdocs.json';
diff --git a/api_docs/kbn_search_errors.mdx b/api_docs/kbn_search_errors.mdx
index 5c32759e084fe..0002026ca74be 100644
--- a/api_docs/kbn_search_errors.mdx
+++ b/api_docs/kbn_search_errors.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-search-errors
 title: "@kbn/search-errors"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/search-errors plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/search-errors']
 ---
 import kbnSearchErrorsObj from './kbn_search_errors.devdocs.json';
diff --git a/api_docs/kbn_search_index_documents.mdx b/api_docs/kbn_search_index_documents.mdx
index 1c2ca8ebe1217..fea3eae60eaf3 100644
--- a/api_docs/kbn_search_index_documents.mdx
+++ b/api_docs/kbn_search_index_documents.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-search-index-documents
 title: "@kbn/search-index-documents"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/search-index-documents plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/search-index-documents']
 ---
 import kbnSearchIndexDocumentsObj from './kbn_search_index_documents.devdocs.json';
diff --git a/api_docs/kbn_search_response_warnings.mdx b/api_docs/kbn_search_response_warnings.mdx
index b783e3a2eaf03..a900a2fd20fdc 100644
--- a/api_docs/kbn_search_response_warnings.mdx
+++ b/api_docs/kbn_search_response_warnings.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-search-response-warnings
 title: "@kbn/search-response-warnings"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/search-response-warnings plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/search-response-warnings']
 ---
 import kbnSearchResponseWarningsObj from './kbn_search_response_warnings.devdocs.json';
diff --git a/api_docs/kbn_search_shared_ui.mdx b/api_docs/kbn_search_shared_ui.mdx
index 0b2b651652dc0..b00d916e87659 100644
--- a/api_docs/kbn_search_shared_ui.mdx
+++ b/api_docs/kbn_search_shared_ui.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-search-shared-ui
 title: "@kbn/search-shared-ui"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/search-shared-ui plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/search-shared-ui']
 ---
 import kbnSearchSharedUiObj from './kbn_search_shared_ui.devdocs.json';
diff --git a/api_docs/kbn_search_types.mdx b/api_docs/kbn_search_types.mdx
index 248eb3a1df12b..613598b305c6d 100644
--- a/api_docs/kbn_search_types.mdx
+++ b/api_docs/kbn_search_types.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-search-types
 title: "@kbn/search-types"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/search-types plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/search-types']
 ---
 import kbnSearchTypesObj from './kbn_search_types.devdocs.json';
diff --git a/api_docs/kbn_security_api_key_management.mdx b/api_docs/kbn_security_api_key_management.mdx
index dbb86b136acbf..167658e0a20db 100644
--- a/api_docs/kbn_security_api_key_management.mdx
+++ b/api_docs/kbn_security_api_key_management.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-api-key-management
 title: "@kbn/security-api-key-management"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/security-api-key-management plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-api-key-management']
 ---
 import kbnSecurityApiKeyManagementObj from './kbn_security_api_key_management.devdocs.json';
diff --git a/api_docs/kbn_security_authorization_core.mdx b/api_docs/kbn_security_authorization_core.mdx
index 20e1cbf0e18ab..f40438b901ace 100644
--- a/api_docs/kbn_security_authorization_core.mdx
+++ b/api_docs/kbn_security_authorization_core.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-authorization-core
 title: "@kbn/security-authorization-core"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/security-authorization-core plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-authorization-core']
 ---
 import kbnSecurityAuthorizationCoreObj from './kbn_security_authorization_core.devdocs.json';
diff --git a/api_docs/kbn_security_authorization_core_common.mdx b/api_docs/kbn_security_authorization_core_common.mdx
index fe630c194a159..60421d47e0bf0 100644
--- a/api_docs/kbn_security_authorization_core_common.mdx
+++ b/api_docs/kbn_security_authorization_core_common.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-authorization-core-common
 title: "@kbn/security-authorization-core-common"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/security-authorization-core-common plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-authorization-core-common']
 ---
 import kbnSecurityAuthorizationCoreCommonObj from './kbn_security_authorization_core_common.devdocs.json';
diff --git a/api_docs/kbn_security_form_components.mdx b/api_docs/kbn_security_form_components.mdx
index 0ed1baaaded6e..5985a525d2ba8 100644
--- a/api_docs/kbn_security_form_components.mdx
+++ b/api_docs/kbn_security_form_components.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-form-components
 title: "@kbn/security-form-components"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/security-form-components plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-form-components']
 ---
 import kbnSecurityFormComponentsObj from './kbn_security_form_components.devdocs.json';
diff --git a/api_docs/kbn_security_hardening.mdx b/api_docs/kbn_security_hardening.mdx
index 84392a1922482..000b8881a74d6 100644
--- a/api_docs/kbn_security_hardening.mdx
+++ b/api_docs/kbn_security_hardening.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-hardening
 title: "@kbn/security-hardening"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/security-hardening plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-hardening']
 ---
 import kbnSecurityHardeningObj from './kbn_security_hardening.devdocs.json';
diff --git a/api_docs/kbn_security_plugin_types_common.mdx b/api_docs/kbn_security_plugin_types_common.mdx
index fd13c63ea575a..014cb8a66bf5d 100644
--- a/api_docs/kbn_security_plugin_types_common.mdx
+++ b/api_docs/kbn_security_plugin_types_common.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-plugin-types-common
 title: "@kbn/security-plugin-types-common"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/security-plugin-types-common plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-plugin-types-common']
 ---
 import kbnSecurityPluginTypesCommonObj from './kbn_security_plugin_types_common.devdocs.json';
diff --git a/api_docs/kbn_security_plugin_types_public.mdx b/api_docs/kbn_security_plugin_types_public.mdx
index e7fdb4d05fd5e..fca578d00e733 100644
--- a/api_docs/kbn_security_plugin_types_public.mdx
+++ b/api_docs/kbn_security_plugin_types_public.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-plugin-types-public
 title: "@kbn/security-plugin-types-public"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/security-plugin-types-public plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-plugin-types-public']
 ---
 import kbnSecurityPluginTypesPublicObj from './kbn_security_plugin_types_public.devdocs.json';
diff --git a/api_docs/kbn_security_plugin_types_server.mdx b/api_docs/kbn_security_plugin_types_server.mdx
index 206a5972bd9df..54e0dfa0a85ab 100644
--- a/api_docs/kbn_security_plugin_types_server.mdx
+++ b/api_docs/kbn_security_plugin_types_server.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-plugin-types-server
 title: "@kbn/security-plugin-types-server"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/security-plugin-types-server plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-plugin-types-server']
 ---
 import kbnSecurityPluginTypesServerObj from './kbn_security_plugin_types_server.devdocs.json';
diff --git a/api_docs/kbn_security_role_management_model.mdx b/api_docs/kbn_security_role_management_model.mdx
index 0a310c07fb5d5..f0a907b5c8c8b 100644
--- a/api_docs/kbn_security_role_management_model.mdx
+++ b/api_docs/kbn_security_role_management_model.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-role-management-model
 title: "@kbn/security-role-management-model"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/security-role-management-model plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-role-management-model']
 ---
 import kbnSecurityRoleManagementModelObj from './kbn_security_role_management_model.devdocs.json';
diff --git a/api_docs/kbn_security_solution_distribution_bar.mdx b/api_docs/kbn_security_solution_distribution_bar.mdx
index ed1ff48e2f75f..a933bffce8ae2 100644
--- a/api_docs/kbn_security_solution_distribution_bar.mdx
+++ b/api_docs/kbn_security_solution_distribution_bar.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-solution-distribution-bar
 title: "@kbn/security-solution-distribution-bar"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/security-solution-distribution-bar plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-solution-distribution-bar']
 ---
 import kbnSecuritySolutionDistributionBarObj from './kbn_security_solution_distribution_bar.devdocs.json';
diff --git a/api_docs/kbn_security_solution_features.mdx b/api_docs/kbn_security_solution_features.mdx
index 0b1037a379453..6cbe58759c954 100644
--- a/api_docs/kbn_security_solution_features.mdx
+++ b/api_docs/kbn_security_solution_features.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-solution-features
 title: "@kbn/security-solution-features"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/security-solution-features plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-solution-features']
 ---
 import kbnSecuritySolutionFeaturesObj from './kbn_security_solution_features.devdocs.json';
diff --git a/api_docs/kbn_security_solution_navigation.mdx b/api_docs/kbn_security_solution_navigation.mdx
index 56252d485c862..d04b845640406 100644
--- a/api_docs/kbn_security_solution_navigation.mdx
+++ b/api_docs/kbn_security_solution_navigation.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-solution-navigation
 title: "@kbn/security-solution-navigation"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/security-solution-navigation plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-solution-navigation']
 ---
 import kbnSecuritySolutionNavigationObj from './kbn_security_solution_navigation.devdocs.json';
diff --git a/api_docs/kbn_security_solution_side_nav.mdx b/api_docs/kbn_security_solution_side_nav.mdx
index be7ebd0a51bed..6d45e3507b94b 100644
--- a/api_docs/kbn_security_solution_side_nav.mdx
+++ b/api_docs/kbn_security_solution_side_nav.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-solution-side-nav
 title: "@kbn/security-solution-side-nav"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/security-solution-side-nav plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-solution-side-nav']
 ---
 import kbnSecuritySolutionSideNavObj from './kbn_security_solution_side_nav.devdocs.json';
diff --git a/api_docs/kbn_security_solution_storybook_config.mdx b/api_docs/kbn_security_solution_storybook_config.mdx
index ab1043d3a23ee..f113783c3744d 100644
--- a/api_docs/kbn_security_solution_storybook_config.mdx
+++ b/api_docs/kbn_security_solution_storybook_config.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-solution-storybook-config
 title: "@kbn/security-solution-storybook-config"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/security-solution-storybook-config plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-solution-storybook-config']
 ---
 import kbnSecuritySolutionStorybookConfigObj from './kbn_security_solution_storybook_config.devdocs.json';
diff --git a/api_docs/kbn_security_ui_components.mdx b/api_docs/kbn_security_ui_components.mdx
index 7fa49d6c162bc..b6826a04e6232 100644
--- a/api_docs/kbn_security_ui_components.mdx
+++ b/api_docs/kbn_security_ui_components.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-ui-components
 title: "@kbn/security-ui-components"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/security-ui-components plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-ui-components']
 ---
 import kbnSecurityUiComponentsObj from './kbn_security_ui_components.devdocs.json';
diff --git a/api_docs/kbn_securitysolution_autocomplete.devdocs.json b/api_docs/kbn_securitysolution_autocomplete.devdocs.json
index c3846fad18e5e..35104d76f2098 100644
--- a/api_docs/kbn_securitysolution_autocomplete.devdocs.json
+++ b/api_docs/kbn_securitysolution_autocomplete.devdocs.json
@@ -137,7 +137,7 @@
             "id": "def-common.AutocompleteFieldMatchComponent.$1",
             "type": "Object",
             "tags": [],
-            "label": "{\n  placeholder,\n  rowLabel,\n  selectedField,\n  selectedValue,\n  indexPattern,\n  isLoading,\n  isDisabled = false,\n  isClearable = false,\n  isRequired = false,\n  fieldInputWidth,\n  autocompleteService,\n  onChange,\n  onError,\n  onWarning,\n  warning,\n  'aria-label': ariaLabel,\n}",
+            "label": "{\n  placeholder,\n  rowLabel,\n  selectedField,\n  selectedValue,\n  indexPattern,\n  isLoading = false,\n  isDisabled = false,\n  isClearable = false,\n  isRequired = false,\n  fieldInputWidth,\n  autocompleteService,\n  onChange,\n  onError,\n  onWarning,\n  warning,\n  'aria-label': ariaLabel,\n}",
             "description": [],
             "signature": [
               "AutocompleteFieldMatchProps"
@@ -294,31 +294,29 @@
       },
       {
         "parentPluginId": "@kbn/securitysolution-autocomplete",
-        "id": "def-common.FieldComponent",
+        "id": "def-common.EsFieldSelector",
         "type": "Function",
         "tags": [],
-        "label": "FieldComponent",
+        "label": "EsFieldSelector",
         "description": [],
         "signature": [
-          "{ ({ fieldInputWidth, fieldTypeFilter, indexPattern, isClearable, isDisabled, isLoading, isRequired, onChange, placeholder, selectedField, acceptsCustomOptions, showMappingConflicts, \"aria-label\": ariaLabel, }: ",
-          "FieldProps",
-          "): JSX.Element; displayName: string | undefined; }"
+          "({\n  fieldInputWidth,\n  fieldTypeFilter = [],\n  indexPattern,\n  isClearable = false,\n  isDisabled = false,\n  isLoading = false,\n  isRequired = false,\n  onChange,\n  placeholder,\n  selectedField,\n  acceptsCustomOptions = false,\n  showMappingConflicts = false,\n  'aria-label': ariaLabel,\n}: EsFieldSelectorProps) => JSX.Element"
         ],
-        "path": "packages/kbn-securitysolution-autocomplete/src/field/index.tsx",
+        "path": "packages/kbn-securitysolution-autocomplete/src/es_field_selector/index.tsx",
         "deprecated": false,
         "trackAdoption": false,
         "children": [
           {
             "parentPluginId": "@kbn/securitysolution-autocomplete",
-            "id": "def-common.FieldComponent.$1",
+            "id": "def-common.EsFieldSelector.$1",
             "type": "Object",
             "tags": [],
             "label": "{\n  fieldInputWidth,\n  fieldTypeFilter = [],\n  indexPattern,\n  isClearable = false,\n  isDisabled = false,\n  isLoading = false,\n  isRequired = false,\n  onChange,\n  placeholder,\n  selectedField,\n  acceptsCustomOptions = false,\n  showMappingConflicts = false,\n  'aria-label': ariaLabel,\n}",
             "description": [],
             "signature": [
-              "FieldProps"
+              "EsFieldSelectorProps"
             ],
-            "path": "packages/kbn-securitysolution-autocomplete/src/field/index.tsx",
+            "path": "packages/kbn-securitysolution-autocomplete/src/es_field_selector/index.tsx",
             "deprecated": false,
             "trackAdoption": false,
             "isRequired": true
diff --git a/api_docs/kbn_securitysolution_autocomplete.mdx b/api_docs/kbn_securitysolution_autocomplete.mdx
index 3f42189484f91..1aa074874d378 100644
--- a/api_docs/kbn_securitysolution_autocomplete.mdx
+++ b/api_docs/kbn_securitysolution_autocomplete.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-autocomplete
 title: "@kbn/securitysolution-autocomplete"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/securitysolution-autocomplete plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-autocomplete']
 ---
 import kbnSecuritysolutionAutocompleteObj from './kbn_securitysolution_autocomplete.devdocs.json';
@@ -21,7 +21,7 @@ Contact [@elastic/security-detection-engine](https://github.com/orgs/elastic/tea
 
 | Public API count  | Any count | Items lacking comments | Missing exports |
 |-------------------|-----------|------------------------|-----------------|
-| 56 | 1 | 41 | 1 |
+| 56 | 1 | 41 | 0 |
 
 ## Common
 
diff --git a/api_docs/kbn_securitysolution_data_table.mdx b/api_docs/kbn_securitysolution_data_table.mdx
index e53c5eed42c89..61546884e55ef 100644
--- a/api_docs/kbn_securitysolution_data_table.mdx
+++ b/api_docs/kbn_securitysolution_data_table.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-data-table
 title: "@kbn/securitysolution-data-table"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/securitysolution-data-table plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-data-table']
 ---
 import kbnSecuritysolutionDataTableObj from './kbn_securitysolution_data_table.devdocs.json';
diff --git a/api_docs/kbn_securitysolution_ecs.mdx b/api_docs/kbn_securitysolution_ecs.mdx
index cf035893cf017..9a7b15a294c12 100644
--- a/api_docs/kbn_securitysolution_ecs.mdx
+++ b/api_docs/kbn_securitysolution_ecs.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-ecs
 title: "@kbn/securitysolution-ecs"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/securitysolution-ecs plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-ecs']
 ---
 import kbnSecuritysolutionEcsObj from './kbn_securitysolution_ecs.devdocs.json';
diff --git a/api_docs/kbn_securitysolution_es_utils.mdx b/api_docs/kbn_securitysolution_es_utils.mdx
index aad0fae8d8e16..dccb3cee633d4 100644
--- a/api_docs/kbn_securitysolution_es_utils.mdx
+++ b/api_docs/kbn_securitysolution_es_utils.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-es-utils
 title: "@kbn/securitysolution-es-utils"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/securitysolution-es-utils plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-es-utils']
 ---
 import kbnSecuritysolutionEsUtilsObj from './kbn_securitysolution_es_utils.devdocs.json';
diff --git a/api_docs/kbn_securitysolution_exception_list_components.mdx b/api_docs/kbn_securitysolution_exception_list_components.mdx
index 5633cc6d7e029..bdb919928e0f2 100644
--- a/api_docs/kbn_securitysolution_exception_list_components.mdx
+++ b/api_docs/kbn_securitysolution_exception_list_components.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-exception-list-components
 title: "@kbn/securitysolution-exception-list-components"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/securitysolution-exception-list-components plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-exception-list-components']
 ---
 import kbnSecuritysolutionExceptionListComponentsObj from './kbn_securitysolution_exception_list_components.devdocs.json';
diff --git a/api_docs/kbn_securitysolution_hook_utils.mdx b/api_docs/kbn_securitysolution_hook_utils.mdx
index 8f657380a69ac..5661b4becd805 100644
--- a/api_docs/kbn_securitysolution_hook_utils.mdx
+++ b/api_docs/kbn_securitysolution_hook_utils.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-hook-utils
 title: "@kbn/securitysolution-hook-utils"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/securitysolution-hook-utils plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-hook-utils']
 ---
 import kbnSecuritysolutionHookUtilsObj from './kbn_securitysolution_hook_utils.devdocs.json';
diff --git a/api_docs/kbn_securitysolution_io_ts_alerting_types.mdx b/api_docs/kbn_securitysolution_io_ts_alerting_types.mdx
index ec3f360c09e26..fe0d3334e760d 100644
--- a/api_docs/kbn_securitysolution_io_ts_alerting_types.mdx
+++ b/api_docs/kbn_securitysolution_io_ts_alerting_types.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-io-ts-alerting-types
 title: "@kbn/securitysolution-io-ts-alerting-types"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/securitysolution-io-ts-alerting-types plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-io-ts-alerting-types']
 ---
 import kbnSecuritysolutionIoTsAlertingTypesObj from './kbn_securitysolution_io_ts_alerting_types.devdocs.json';
diff --git a/api_docs/kbn_securitysolution_io_ts_list_types.mdx b/api_docs/kbn_securitysolution_io_ts_list_types.mdx
index 2b217fc98c400..59056313d0dcd 100644
--- a/api_docs/kbn_securitysolution_io_ts_list_types.mdx
+++ b/api_docs/kbn_securitysolution_io_ts_list_types.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-io-ts-list-types
 title: "@kbn/securitysolution-io-ts-list-types"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/securitysolution-io-ts-list-types plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-io-ts-list-types']
 ---
 import kbnSecuritysolutionIoTsListTypesObj from './kbn_securitysolution_io_ts_list_types.devdocs.json';
diff --git a/api_docs/kbn_securitysolution_io_ts_types.mdx b/api_docs/kbn_securitysolution_io_ts_types.mdx
index 878a65839bfeb..5444daf7256a4 100644
--- a/api_docs/kbn_securitysolution_io_ts_types.mdx
+++ b/api_docs/kbn_securitysolution_io_ts_types.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-io-ts-types
 title: "@kbn/securitysolution-io-ts-types"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/securitysolution-io-ts-types plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-io-ts-types']
 ---
 import kbnSecuritysolutionIoTsTypesObj from './kbn_securitysolution_io_ts_types.devdocs.json';
diff --git a/api_docs/kbn_securitysolution_io_ts_utils.mdx b/api_docs/kbn_securitysolution_io_ts_utils.mdx
index ea0ff84683317..4ed29bce72533 100644
--- a/api_docs/kbn_securitysolution_io_ts_utils.mdx
+++ b/api_docs/kbn_securitysolution_io_ts_utils.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-io-ts-utils
 title: "@kbn/securitysolution-io-ts-utils"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/securitysolution-io-ts-utils plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-io-ts-utils']
 ---
 import kbnSecuritysolutionIoTsUtilsObj from './kbn_securitysolution_io_ts_utils.devdocs.json';
diff --git a/api_docs/kbn_securitysolution_list_api.mdx b/api_docs/kbn_securitysolution_list_api.mdx
index 0488ac71876c5..3657ad3bf6539 100644
--- a/api_docs/kbn_securitysolution_list_api.mdx
+++ b/api_docs/kbn_securitysolution_list_api.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-list-api
 title: "@kbn/securitysolution-list-api"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/securitysolution-list-api plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-list-api']
 ---
 import kbnSecuritysolutionListApiObj from './kbn_securitysolution_list_api.devdocs.json';
diff --git a/api_docs/kbn_securitysolution_list_constants.mdx b/api_docs/kbn_securitysolution_list_constants.mdx
index f7ad8bea1f46b..fca10cdf49681 100644
--- a/api_docs/kbn_securitysolution_list_constants.mdx
+++ b/api_docs/kbn_securitysolution_list_constants.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-list-constants
 title: "@kbn/securitysolution-list-constants"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/securitysolution-list-constants plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-list-constants']
 ---
 import kbnSecuritysolutionListConstantsObj from './kbn_securitysolution_list_constants.devdocs.json';
diff --git a/api_docs/kbn_securitysolution_list_hooks.mdx b/api_docs/kbn_securitysolution_list_hooks.mdx
index 0367555d973d1..92d42204def4a 100644
--- a/api_docs/kbn_securitysolution_list_hooks.mdx
+++ b/api_docs/kbn_securitysolution_list_hooks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-list-hooks
 title: "@kbn/securitysolution-list-hooks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/securitysolution-list-hooks plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-list-hooks']
 ---
 import kbnSecuritysolutionListHooksObj from './kbn_securitysolution_list_hooks.devdocs.json';
diff --git a/api_docs/kbn_securitysolution_list_utils.mdx b/api_docs/kbn_securitysolution_list_utils.mdx
index 9d0cc192b6099..b78e737e56911 100644
--- a/api_docs/kbn_securitysolution_list_utils.mdx
+++ b/api_docs/kbn_securitysolution_list_utils.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-list-utils
 title: "@kbn/securitysolution-list-utils"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/securitysolution-list-utils plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-list-utils']
 ---
 import kbnSecuritysolutionListUtilsObj from './kbn_securitysolution_list_utils.devdocs.json';
diff --git a/api_docs/kbn_securitysolution_rules.mdx b/api_docs/kbn_securitysolution_rules.mdx
index b240f2c990ec2..e02118714bc6d 100644
--- a/api_docs/kbn_securitysolution_rules.mdx
+++ b/api_docs/kbn_securitysolution_rules.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-rules
 title: "@kbn/securitysolution-rules"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/securitysolution-rules plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-rules']
 ---
 import kbnSecuritysolutionRulesObj from './kbn_securitysolution_rules.devdocs.json';
diff --git a/api_docs/kbn_securitysolution_t_grid.mdx b/api_docs/kbn_securitysolution_t_grid.mdx
index 9be0aebca5bb4..a52c620e2fb7e 100644
--- a/api_docs/kbn_securitysolution_t_grid.mdx
+++ b/api_docs/kbn_securitysolution_t_grid.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-t-grid
 title: "@kbn/securitysolution-t-grid"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/securitysolution-t-grid plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-t-grid']
 ---
 import kbnSecuritysolutionTGridObj from './kbn_securitysolution_t_grid.devdocs.json';
diff --git a/api_docs/kbn_securitysolution_utils.mdx b/api_docs/kbn_securitysolution_utils.mdx
index d5283e51a4cc6..f9332768f2d92 100644
--- a/api_docs/kbn_securitysolution_utils.mdx
+++ b/api_docs/kbn_securitysolution_utils.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-utils
 title: "@kbn/securitysolution-utils"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/securitysolution-utils plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-utils']
 ---
 import kbnSecuritysolutionUtilsObj from './kbn_securitysolution_utils.devdocs.json';
diff --git a/api_docs/kbn_server_http_tools.mdx b/api_docs/kbn_server_http_tools.mdx
index b8ee887107519..4710b8ead7abc 100644
--- a/api_docs/kbn_server_http_tools.mdx
+++ b/api_docs/kbn_server_http_tools.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-server-http-tools
 title: "@kbn/server-http-tools"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/server-http-tools plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/server-http-tools']
 ---
 import kbnServerHttpToolsObj from './kbn_server_http_tools.devdocs.json';
diff --git a/api_docs/kbn_server_route_repository.mdx b/api_docs/kbn_server_route_repository.mdx
index 8ceead4e3a7f2..3dd4ee1f8750c 100644
--- a/api_docs/kbn_server_route_repository.mdx
+++ b/api_docs/kbn_server_route_repository.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-server-route-repository
 title: "@kbn/server-route-repository"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/server-route-repository plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/server-route-repository']
 ---
 import kbnServerRouteRepositoryObj from './kbn_server_route_repository.devdocs.json';
diff --git a/api_docs/kbn_server_route_repository_client.mdx b/api_docs/kbn_server_route_repository_client.mdx
index 6dba800e4fdb8..d89799716045b 100644
--- a/api_docs/kbn_server_route_repository_client.mdx
+++ b/api_docs/kbn_server_route_repository_client.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-server-route-repository-client
 title: "@kbn/server-route-repository-client"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/server-route-repository-client plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/server-route-repository-client']
 ---
 import kbnServerRouteRepositoryClientObj from './kbn_server_route_repository_client.devdocs.json';
diff --git a/api_docs/kbn_server_route_repository_utils.mdx b/api_docs/kbn_server_route_repository_utils.mdx
index 2196a4bc7b4c7..76a90c639e272 100644
--- a/api_docs/kbn_server_route_repository_utils.mdx
+++ b/api_docs/kbn_server_route_repository_utils.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-server-route-repository-utils
 title: "@kbn/server-route-repository-utils"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/server-route-repository-utils plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/server-route-repository-utils']
 ---
 import kbnServerRouteRepositoryUtilsObj from './kbn_server_route_repository_utils.devdocs.json';
diff --git a/api_docs/kbn_serverless_common_settings.mdx b/api_docs/kbn_serverless_common_settings.mdx
index 0c5fe48102b3e..c6d1aad8c0008 100644
--- a/api_docs/kbn_serverless_common_settings.mdx
+++ b/api_docs/kbn_serverless_common_settings.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-serverless-common-settings
 title: "@kbn/serverless-common-settings"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/serverless-common-settings plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/serverless-common-settings']
 ---
 import kbnServerlessCommonSettingsObj from './kbn_serverless_common_settings.devdocs.json';
diff --git a/api_docs/kbn_serverless_observability_settings.mdx b/api_docs/kbn_serverless_observability_settings.mdx
index c53bdd719a679..6ca9e243bd418 100644
--- a/api_docs/kbn_serverless_observability_settings.mdx
+++ b/api_docs/kbn_serverless_observability_settings.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-serverless-observability-settings
 title: "@kbn/serverless-observability-settings"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/serverless-observability-settings plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/serverless-observability-settings']
 ---
 import kbnServerlessObservabilitySettingsObj from './kbn_serverless_observability_settings.devdocs.json';
diff --git a/api_docs/kbn_serverless_project_switcher.mdx b/api_docs/kbn_serverless_project_switcher.mdx
index cb345cadee06f..93190ef86c9d4 100644
--- a/api_docs/kbn_serverless_project_switcher.mdx
+++ b/api_docs/kbn_serverless_project_switcher.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-serverless-project-switcher
 title: "@kbn/serverless-project-switcher"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/serverless-project-switcher plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/serverless-project-switcher']
 ---
 import kbnServerlessProjectSwitcherObj from './kbn_serverless_project_switcher.devdocs.json';
diff --git a/api_docs/kbn_serverless_search_settings.mdx b/api_docs/kbn_serverless_search_settings.mdx
index a98951ad472d1..4d60bc3b37b1a 100644
--- a/api_docs/kbn_serverless_search_settings.mdx
+++ b/api_docs/kbn_serverless_search_settings.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-serverless-search-settings
 title: "@kbn/serverless-search-settings"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/serverless-search-settings plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/serverless-search-settings']
 ---
 import kbnServerlessSearchSettingsObj from './kbn_serverless_search_settings.devdocs.json';
diff --git a/api_docs/kbn_serverless_security_settings.mdx b/api_docs/kbn_serverless_security_settings.mdx
index 6277489025c9b..7e590f7cf525f 100644
--- a/api_docs/kbn_serverless_security_settings.mdx
+++ b/api_docs/kbn_serverless_security_settings.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-serverless-security-settings
 title: "@kbn/serverless-security-settings"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/serverless-security-settings plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/serverless-security-settings']
 ---
 import kbnServerlessSecuritySettingsObj from './kbn_serverless_security_settings.devdocs.json';
diff --git a/api_docs/kbn_serverless_storybook_config.mdx b/api_docs/kbn_serverless_storybook_config.mdx
index d401be14dd287..494a432a3d953 100644
--- a/api_docs/kbn_serverless_storybook_config.mdx
+++ b/api_docs/kbn_serverless_storybook_config.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-serverless-storybook-config
 title: "@kbn/serverless-storybook-config"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/serverless-storybook-config plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/serverless-storybook-config']
 ---
 import kbnServerlessStorybookConfigObj from './kbn_serverless_storybook_config.devdocs.json';
diff --git a/api_docs/kbn_shared_svg.mdx b/api_docs/kbn_shared_svg.mdx
index bc6f940e801ed..66eb9c70d3cea 100644
--- a/api_docs/kbn_shared_svg.mdx
+++ b/api_docs/kbn_shared_svg.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-svg
 title: "@kbn/shared-svg"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/shared-svg plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-svg']
 ---
 import kbnSharedSvgObj from './kbn_shared_svg.devdocs.json';
diff --git a/api_docs/kbn_shared_ux_avatar_solution.mdx b/api_docs/kbn_shared_ux_avatar_solution.mdx
index 4df27618fc84c..7abf58da50686 100644
--- a/api_docs/kbn_shared_ux_avatar_solution.mdx
+++ b/api_docs/kbn_shared_ux_avatar_solution.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-avatar-solution
 title: "@kbn/shared-ux-avatar-solution"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/shared-ux-avatar-solution plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-avatar-solution']
 ---
 import kbnSharedUxAvatarSolutionObj from './kbn_shared_ux_avatar_solution.devdocs.json';
diff --git a/api_docs/kbn_shared_ux_button_exit_full_screen.mdx b/api_docs/kbn_shared_ux_button_exit_full_screen.mdx
index 52ac2d321f70c..779a5f9b2e582 100644
--- a/api_docs/kbn_shared_ux_button_exit_full_screen.mdx
+++ b/api_docs/kbn_shared_ux_button_exit_full_screen.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-button-exit-full-screen
 title: "@kbn/shared-ux-button-exit-full-screen"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/shared-ux-button-exit-full-screen plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-button-exit-full-screen']
 ---
 import kbnSharedUxButtonExitFullScreenObj from './kbn_shared_ux_button_exit_full_screen.devdocs.json';
diff --git a/api_docs/kbn_shared_ux_button_toolbar.mdx b/api_docs/kbn_shared_ux_button_toolbar.mdx
index bcd7c251dc328..8a3e278ad1ba0 100644
--- a/api_docs/kbn_shared_ux_button_toolbar.mdx
+++ b/api_docs/kbn_shared_ux_button_toolbar.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-button-toolbar
 title: "@kbn/shared-ux-button-toolbar"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/shared-ux-button-toolbar plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-button-toolbar']
 ---
 import kbnSharedUxButtonToolbarObj from './kbn_shared_ux_button_toolbar.devdocs.json';
diff --git a/api_docs/kbn_shared_ux_card_no_data.mdx b/api_docs/kbn_shared_ux_card_no_data.mdx
index 2d1a9fba09bcd..226405cf18e10 100644
--- a/api_docs/kbn_shared_ux_card_no_data.mdx
+++ b/api_docs/kbn_shared_ux_card_no_data.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-card-no-data
 title: "@kbn/shared-ux-card-no-data"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/shared-ux-card-no-data plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-card-no-data']
 ---
 import kbnSharedUxCardNoDataObj from './kbn_shared_ux_card_no_data.devdocs.json';
diff --git a/api_docs/kbn_shared_ux_card_no_data_mocks.mdx b/api_docs/kbn_shared_ux_card_no_data_mocks.mdx
index 2e1eebaeeb407..8666e0cf9bef3 100644
--- a/api_docs/kbn_shared_ux_card_no_data_mocks.mdx
+++ b/api_docs/kbn_shared_ux_card_no_data_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-card-no-data-mocks
 title: "@kbn/shared-ux-card-no-data-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/shared-ux-card-no-data-mocks plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-card-no-data-mocks']
 ---
 import kbnSharedUxCardNoDataMocksObj from './kbn_shared_ux_card_no_data_mocks.devdocs.json';
diff --git a/api_docs/kbn_shared_ux_chrome_navigation.mdx b/api_docs/kbn_shared_ux_chrome_navigation.mdx
index 49efcf650726b..bca83580777ba 100644
--- a/api_docs/kbn_shared_ux_chrome_navigation.mdx
+++ b/api_docs/kbn_shared_ux_chrome_navigation.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-chrome-navigation
 title: "@kbn/shared-ux-chrome-navigation"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/shared-ux-chrome-navigation plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-chrome-navigation']
 ---
 import kbnSharedUxChromeNavigationObj from './kbn_shared_ux_chrome_navigation.devdocs.json';
diff --git a/api_docs/kbn_shared_ux_error_boundary.mdx b/api_docs/kbn_shared_ux_error_boundary.mdx
index 4005ee46a345c..1a9a0e0a6bdc2 100644
--- a/api_docs/kbn_shared_ux_error_boundary.mdx
+++ b/api_docs/kbn_shared_ux_error_boundary.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-error-boundary
 title: "@kbn/shared-ux-error-boundary"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/shared-ux-error-boundary plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-error-boundary']
 ---
 import kbnSharedUxErrorBoundaryObj from './kbn_shared_ux_error_boundary.devdocs.json';
diff --git a/api_docs/kbn_shared_ux_file_context.mdx b/api_docs/kbn_shared_ux_file_context.mdx
index 2eb3dd62aaab9..63a19e12ccb4f 100644
--- a/api_docs/kbn_shared_ux_file_context.mdx
+++ b/api_docs/kbn_shared_ux_file_context.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-file-context
 title: "@kbn/shared-ux-file-context"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/shared-ux-file-context plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-file-context']
 ---
 import kbnSharedUxFileContextObj from './kbn_shared_ux_file_context.devdocs.json';
diff --git a/api_docs/kbn_shared_ux_file_image.mdx b/api_docs/kbn_shared_ux_file_image.mdx
index 7bc7d631581f6..01a9788de8107 100644
--- a/api_docs/kbn_shared_ux_file_image.mdx
+++ b/api_docs/kbn_shared_ux_file_image.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-file-image
 title: "@kbn/shared-ux-file-image"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/shared-ux-file-image plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-file-image']
 ---
 import kbnSharedUxFileImageObj from './kbn_shared_ux_file_image.devdocs.json';
diff --git a/api_docs/kbn_shared_ux_file_image_mocks.mdx b/api_docs/kbn_shared_ux_file_image_mocks.mdx
index 12ae3a987c046..9e2a01d0e42a3 100644
--- a/api_docs/kbn_shared_ux_file_image_mocks.mdx
+++ b/api_docs/kbn_shared_ux_file_image_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-file-image-mocks
 title: "@kbn/shared-ux-file-image-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/shared-ux-file-image-mocks plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-file-image-mocks']
 ---
 import kbnSharedUxFileImageMocksObj from './kbn_shared_ux_file_image_mocks.devdocs.json';
diff --git a/api_docs/kbn_shared_ux_file_mocks.mdx b/api_docs/kbn_shared_ux_file_mocks.mdx
index 58741471353f1..8bc48ee8f2964 100644
--- a/api_docs/kbn_shared_ux_file_mocks.mdx
+++ b/api_docs/kbn_shared_ux_file_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-file-mocks
 title: "@kbn/shared-ux-file-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/shared-ux-file-mocks plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-file-mocks']
 ---
 import kbnSharedUxFileMocksObj from './kbn_shared_ux_file_mocks.devdocs.json';
diff --git a/api_docs/kbn_shared_ux_file_picker.mdx b/api_docs/kbn_shared_ux_file_picker.mdx
index e12e520c65aa9..27ae793171c21 100644
--- a/api_docs/kbn_shared_ux_file_picker.mdx
+++ b/api_docs/kbn_shared_ux_file_picker.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-file-picker
 title: "@kbn/shared-ux-file-picker"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/shared-ux-file-picker plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-file-picker']
 ---
 import kbnSharedUxFilePickerObj from './kbn_shared_ux_file_picker.devdocs.json';
diff --git a/api_docs/kbn_shared_ux_file_types.mdx b/api_docs/kbn_shared_ux_file_types.mdx
index f594b69d93e59..4a5423e9dc315 100644
--- a/api_docs/kbn_shared_ux_file_types.mdx
+++ b/api_docs/kbn_shared_ux_file_types.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-file-types
 title: "@kbn/shared-ux-file-types"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/shared-ux-file-types plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-file-types']
 ---
 import kbnSharedUxFileTypesObj from './kbn_shared_ux_file_types.devdocs.json';
diff --git a/api_docs/kbn_shared_ux_file_upload.mdx b/api_docs/kbn_shared_ux_file_upload.mdx
index 69c62f3469c29..99358cb732845 100644
--- a/api_docs/kbn_shared_ux_file_upload.mdx
+++ b/api_docs/kbn_shared_ux_file_upload.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-file-upload
 title: "@kbn/shared-ux-file-upload"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/shared-ux-file-upload plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-file-upload']
 ---
 import kbnSharedUxFileUploadObj from './kbn_shared_ux_file_upload.devdocs.json';
diff --git a/api_docs/kbn_shared_ux_file_util.mdx b/api_docs/kbn_shared_ux_file_util.mdx
index fe4e8b4500579..b07d76d34f028 100644
--- a/api_docs/kbn_shared_ux_file_util.mdx
+++ b/api_docs/kbn_shared_ux_file_util.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-file-util
 title: "@kbn/shared-ux-file-util"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/shared-ux-file-util plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-file-util']
 ---
 import kbnSharedUxFileUtilObj from './kbn_shared_ux_file_util.devdocs.json';
diff --git a/api_docs/kbn_shared_ux_link_redirect_app.mdx b/api_docs/kbn_shared_ux_link_redirect_app.mdx
index 5b9d0f3e97072..b29cf91899237 100644
--- a/api_docs/kbn_shared_ux_link_redirect_app.mdx
+++ b/api_docs/kbn_shared_ux_link_redirect_app.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-link-redirect-app
 title: "@kbn/shared-ux-link-redirect-app"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/shared-ux-link-redirect-app plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-link-redirect-app']
 ---
 import kbnSharedUxLinkRedirectAppObj from './kbn_shared_ux_link_redirect_app.devdocs.json';
diff --git a/api_docs/kbn_shared_ux_link_redirect_app_mocks.mdx b/api_docs/kbn_shared_ux_link_redirect_app_mocks.mdx
index 366b13fad7000..c1c1abccb81a2 100644
--- a/api_docs/kbn_shared_ux_link_redirect_app_mocks.mdx
+++ b/api_docs/kbn_shared_ux_link_redirect_app_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-link-redirect-app-mocks
 title: "@kbn/shared-ux-link-redirect-app-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/shared-ux-link-redirect-app-mocks plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-link-redirect-app-mocks']
 ---
 import kbnSharedUxLinkRedirectAppMocksObj from './kbn_shared_ux_link_redirect_app_mocks.devdocs.json';
diff --git a/api_docs/kbn_shared_ux_markdown.mdx b/api_docs/kbn_shared_ux_markdown.mdx
index 90438320f47b4..bab2a53b96dcf 100644
--- a/api_docs/kbn_shared_ux_markdown.mdx
+++ b/api_docs/kbn_shared_ux_markdown.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-markdown
 title: "@kbn/shared-ux-markdown"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/shared-ux-markdown plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-markdown']
 ---
 import kbnSharedUxMarkdownObj from './kbn_shared_ux_markdown.devdocs.json';
diff --git a/api_docs/kbn_shared_ux_markdown_mocks.mdx b/api_docs/kbn_shared_ux_markdown_mocks.mdx
index 123431a8be248..4df2556262d5c 100644
--- a/api_docs/kbn_shared_ux_markdown_mocks.mdx
+++ b/api_docs/kbn_shared_ux_markdown_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-markdown-mocks
 title: "@kbn/shared-ux-markdown-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/shared-ux-markdown-mocks plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-markdown-mocks']
 ---
 import kbnSharedUxMarkdownMocksObj from './kbn_shared_ux_markdown_mocks.devdocs.json';
diff --git a/api_docs/kbn_shared_ux_page_analytics_no_data.mdx b/api_docs/kbn_shared_ux_page_analytics_no_data.mdx
index d601c44e161ce..4902d7ef6fe3e 100644
--- a/api_docs/kbn_shared_ux_page_analytics_no_data.mdx
+++ b/api_docs/kbn_shared_ux_page_analytics_no_data.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-analytics-no-data
 title: "@kbn/shared-ux-page-analytics-no-data"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/shared-ux-page-analytics-no-data plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-analytics-no-data']
 ---
 import kbnSharedUxPageAnalyticsNoDataObj from './kbn_shared_ux_page_analytics_no_data.devdocs.json';
diff --git a/api_docs/kbn_shared_ux_page_analytics_no_data_mocks.mdx b/api_docs/kbn_shared_ux_page_analytics_no_data_mocks.mdx
index ce5b632cc677e..9320239d8eb25 100644
--- a/api_docs/kbn_shared_ux_page_analytics_no_data_mocks.mdx
+++ b/api_docs/kbn_shared_ux_page_analytics_no_data_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-analytics-no-data-mocks
 title: "@kbn/shared-ux-page-analytics-no-data-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/shared-ux-page-analytics-no-data-mocks plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-analytics-no-data-mocks']
 ---
 import kbnSharedUxPageAnalyticsNoDataMocksObj from './kbn_shared_ux_page_analytics_no_data_mocks.devdocs.json';
diff --git a/api_docs/kbn_shared_ux_page_kibana_no_data.mdx b/api_docs/kbn_shared_ux_page_kibana_no_data.mdx
index 868bc47939dd8..d2f3d463c0526 100644
--- a/api_docs/kbn_shared_ux_page_kibana_no_data.mdx
+++ b/api_docs/kbn_shared_ux_page_kibana_no_data.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-kibana-no-data
 title: "@kbn/shared-ux-page-kibana-no-data"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/shared-ux-page-kibana-no-data plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-kibana-no-data']
 ---
 import kbnSharedUxPageKibanaNoDataObj from './kbn_shared_ux_page_kibana_no_data.devdocs.json';
diff --git a/api_docs/kbn_shared_ux_page_kibana_no_data_mocks.mdx b/api_docs/kbn_shared_ux_page_kibana_no_data_mocks.mdx
index 6a30f35b896a1..5ff6736c0e560 100644
--- a/api_docs/kbn_shared_ux_page_kibana_no_data_mocks.mdx
+++ b/api_docs/kbn_shared_ux_page_kibana_no_data_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-kibana-no-data-mocks
 title: "@kbn/shared-ux-page-kibana-no-data-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/shared-ux-page-kibana-no-data-mocks plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-kibana-no-data-mocks']
 ---
 import kbnSharedUxPageKibanaNoDataMocksObj from './kbn_shared_ux_page_kibana_no_data_mocks.devdocs.json';
diff --git a/api_docs/kbn_shared_ux_page_kibana_template.mdx b/api_docs/kbn_shared_ux_page_kibana_template.mdx
index ae3ebda7ccc35..85ae17da2e460 100644
--- a/api_docs/kbn_shared_ux_page_kibana_template.mdx
+++ b/api_docs/kbn_shared_ux_page_kibana_template.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-kibana-template
 title: "@kbn/shared-ux-page-kibana-template"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/shared-ux-page-kibana-template plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-kibana-template']
 ---
 import kbnSharedUxPageKibanaTemplateObj from './kbn_shared_ux_page_kibana_template.devdocs.json';
diff --git a/api_docs/kbn_shared_ux_page_kibana_template_mocks.mdx b/api_docs/kbn_shared_ux_page_kibana_template_mocks.mdx
index b08c2aeeb6b43..7a302ba26bbe6 100644
--- a/api_docs/kbn_shared_ux_page_kibana_template_mocks.mdx
+++ b/api_docs/kbn_shared_ux_page_kibana_template_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-kibana-template-mocks
 title: "@kbn/shared-ux-page-kibana-template-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/shared-ux-page-kibana-template-mocks plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-kibana-template-mocks']
 ---
 import kbnSharedUxPageKibanaTemplateMocksObj from './kbn_shared_ux_page_kibana_template_mocks.devdocs.json';
diff --git a/api_docs/kbn_shared_ux_page_no_data.mdx b/api_docs/kbn_shared_ux_page_no_data.mdx
index e7ad6701c0ec2..b19128b51fe3e 100644
--- a/api_docs/kbn_shared_ux_page_no_data.mdx
+++ b/api_docs/kbn_shared_ux_page_no_data.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-no-data
 title: "@kbn/shared-ux-page-no-data"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/shared-ux-page-no-data plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-no-data']
 ---
 import kbnSharedUxPageNoDataObj from './kbn_shared_ux_page_no_data.devdocs.json';
diff --git a/api_docs/kbn_shared_ux_page_no_data_config.mdx b/api_docs/kbn_shared_ux_page_no_data_config.mdx
index 3b530e1d35043..97115af5be120 100644
--- a/api_docs/kbn_shared_ux_page_no_data_config.mdx
+++ b/api_docs/kbn_shared_ux_page_no_data_config.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-no-data-config
 title: "@kbn/shared-ux-page-no-data-config"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/shared-ux-page-no-data-config plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-no-data-config']
 ---
 import kbnSharedUxPageNoDataConfigObj from './kbn_shared_ux_page_no_data_config.devdocs.json';
diff --git a/api_docs/kbn_shared_ux_page_no_data_config_mocks.mdx b/api_docs/kbn_shared_ux_page_no_data_config_mocks.mdx
index 9bde826c30867..82b73c8bd4592 100644
--- a/api_docs/kbn_shared_ux_page_no_data_config_mocks.mdx
+++ b/api_docs/kbn_shared_ux_page_no_data_config_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-no-data-config-mocks
 title: "@kbn/shared-ux-page-no-data-config-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/shared-ux-page-no-data-config-mocks plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-no-data-config-mocks']
 ---
 import kbnSharedUxPageNoDataConfigMocksObj from './kbn_shared_ux_page_no_data_config_mocks.devdocs.json';
diff --git a/api_docs/kbn_shared_ux_page_no_data_mocks.mdx b/api_docs/kbn_shared_ux_page_no_data_mocks.mdx
index 6dae878b9b366..8b68225e3ac48 100644
--- a/api_docs/kbn_shared_ux_page_no_data_mocks.mdx
+++ b/api_docs/kbn_shared_ux_page_no_data_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-no-data-mocks
 title: "@kbn/shared-ux-page-no-data-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/shared-ux-page-no-data-mocks plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-no-data-mocks']
 ---
 import kbnSharedUxPageNoDataMocksObj from './kbn_shared_ux_page_no_data_mocks.devdocs.json';
diff --git a/api_docs/kbn_shared_ux_page_solution_nav.mdx b/api_docs/kbn_shared_ux_page_solution_nav.mdx
index e7e40f4946999..b59f0b6f0bcde 100644
--- a/api_docs/kbn_shared_ux_page_solution_nav.mdx
+++ b/api_docs/kbn_shared_ux_page_solution_nav.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-solution-nav
 title: "@kbn/shared-ux-page-solution-nav"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/shared-ux-page-solution-nav plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-solution-nav']
 ---
 import kbnSharedUxPageSolutionNavObj from './kbn_shared_ux_page_solution_nav.devdocs.json';
diff --git a/api_docs/kbn_shared_ux_prompt_no_data_views.mdx b/api_docs/kbn_shared_ux_prompt_no_data_views.mdx
index 7e8fb4207f484..aa1497842124d 100644
--- a/api_docs/kbn_shared_ux_prompt_no_data_views.mdx
+++ b/api_docs/kbn_shared_ux_prompt_no_data_views.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-prompt-no-data-views
 title: "@kbn/shared-ux-prompt-no-data-views"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/shared-ux-prompt-no-data-views plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-prompt-no-data-views']
 ---
 import kbnSharedUxPromptNoDataViewsObj from './kbn_shared_ux_prompt_no_data_views.devdocs.json';
diff --git a/api_docs/kbn_shared_ux_prompt_no_data_views_mocks.mdx b/api_docs/kbn_shared_ux_prompt_no_data_views_mocks.mdx
index 3c65e02bc8af9..a82a53ce9900a 100644
--- a/api_docs/kbn_shared_ux_prompt_no_data_views_mocks.mdx
+++ b/api_docs/kbn_shared_ux_prompt_no_data_views_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-prompt-no-data-views-mocks
 title: "@kbn/shared-ux-prompt-no-data-views-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/shared-ux-prompt-no-data-views-mocks plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-prompt-no-data-views-mocks']
 ---
 import kbnSharedUxPromptNoDataViewsMocksObj from './kbn_shared_ux_prompt_no_data_views_mocks.devdocs.json';
diff --git a/api_docs/kbn_shared_ux_prompt_not_found.mdx b/api_docs/kbn_shared_ux_prompt_not_found.mdx
index 3da736728a335..274377c477356 100644
--- a/api_docs/kbn_shared_ux_prompt_not_found.mdx
+++ b/api_docs/kbn_shared_ux_prompt_not_found.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-prompt-not-found
 title: "@kbn/shared-ux-prompt-not-found"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/shared-ux-prompt-not-found plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-prompt-not-found']
 ---
 import kbnSharedUxPromptNotFoundObj from './kbn_shared_ux_prompt_not_found.devdocs.json';
diff --git a/api_docs/kbn_shared_ux_router.mdx b/api_docs/kbn_shared_ux_router.mdx
index 13337242d1f92..c5d5997cbd0c4 100644
--- a/api_docs/kbn_shared_ux_router.mdx
+++ b/api_docs/kbn_shared_ux_router.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-router
 title: "@kbn/shared-ux-router"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/shared-ux-router plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-router']
 ---
 import kbnSharedUxRouterObj from './kbn_shared_ux_router.devdocs.json';
diff --git a/api_docs/kbn_shared_ux_router_mocks.mdx b/api_docs/kbn_shared_ux_router_mocks.mdx
index 12fd4e5b08cff..e88fb223dfb35 100644
--- a/api_docs/kbn_shared_ux_router_mocks.mdx
+++ b/api_docs/kbn_shared_ux_router_mocks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-router-mocks
 title: "@kbn/shared-ux-router-mocks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/shared-ux-router-mocks plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-router-mocks']
 ---
 import kbnSharedUxRouterMocksObj from './kbn_shared_ux_router_mocks.devdocs.json';
diff --git a/api_docs/kbn_shared_ux_storybook_config.mdx b/api_docs/kbn_shared_ux_storybook_config.mdx
index 2154e28257be1..9a2ed392018b7 100644
--- a/api_docs/kbn_shared_ux_storybook_config.mdx
+++ b/api_docs/kbn_shared_ux_storybook_config.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-storybook-config
 title: "@kbn/shared-ux-storybook-config"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/shared-ux-storybook-config plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-storybook-config']
 ---
 import kbnSharedUxStorybookConfigObj from './kbn_shared_ux_storybook_config.devdocs.json';
diff --git a/api_docs/kbn_shared_ux_storybook_mock.mdx b/api_docs/kbn_shared_ux_storybook_mock.mdx
index 0213b6758069d..a52109eae71a8 100644
--- a/api_docs/kbn_shared_ux_storybook_mock.mdx
+++ b/api_docs/kbn_shared_ux_storybook_mock.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-storybook-mock
 title: "@kbn/shared-ux-storybook-mock"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/shared-ux-storybook-mock plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-storybook-mock']
 ---
 import kbnSharedUxStorybookMockObj from './kbn_shared_ux_storybook_mock.devdocs.json';
diff --git a/api_docs/kbn_shared_ux_tabbed_modal.mdx b/api_docs/kbn_shared_ux_tabbed_modal.mdx
index c62fa01ec55fb..a548e2c95ed39 100644
--- a/api_docs/kbn_shared_ux_tabbed_modal.mdx
+++ b/api_docs/kbn_shared_ux_tabbed_modal.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-tabbed-modal
 title: "@kbn/shared-ux-tabbed-modal"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/shared-ux-tabbed-modal plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-tabbed-modal']
 ---
 import kbnSharedUxTabbedModalObj from './kbn_shared_ux_tabbed_modal.devdocs.json';
diff --git a/api_docs/kbn_shared_ux_table_persist.mdx b/api_docs/kbn_shared_ux_table_persist.mdx
index e7f71b4202e16..aee1b7cbf8101 100644
--- a/api_docs/kbn_shared_ux_table_persist.mdx
+++ b/api_docs/kbn_shared_ux_table_persist.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-table-persist
 title: "@kbn/shared-ux-table-persist"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/shared-ux-table-persist plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-table-persist']
 ---
 import kbnSharedUxTablePersistObj from './kbn_shared_ux_table_persist.devdocs.json';
diff --git a/api_docs/kbn_shared_ux_utility.mdx b/api_docs/kbn_shared_ux_utility.mdx
index a1dd4752be3c4..8fb7333bdeaf4 100644
--- a/api_docs/kbn_shared_ux_utility.mdx
+++ b/api_docs/kbn_shared_ux_utility.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-utility
 title: "@kbn/shared-ux-utility"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/shared-ux-utility plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-utility']
 ---
 import kbnSharedUxUtilityObj from './kbn_shared_ux_utility.devdocs.json';
diff --git a/api_docs/kbn_slo_schema.mdx b/api_docs/kbn_slo_schema.mdx
index 65288d331330a..f89532a5d04c2 100644
--- a/api_docs/kbn_slo_schema.mdx
+++ b/api_docs/kbn_slo_schema.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-slo-schema
 title: "@kbn/slo-schema"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/slo-schema plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/slo-schema']
 ---
 import kbnSloSchemaObj from './kbn_slo_schema.devdocs.json';
diff --git a/api_docs/kbn_some_dev_log.mdx b/api_docs/kbn_some_dev_log.mdx
index 4ce54ed82db65..1a980abb8d7de 100644
--- a/api_docs/kbn_some_dev_log.mdx
+++ b/api_docs/kbn_some_dev_log.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-some-dev-log
 title: "@kbn/some-dev-log"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/some-dev-log plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/some-dev-log']
 ---
 import kbnSomeDevLogObj from './kbn_some_dev_log.devdocs.json';
diff --git a/api_docs/kbn_sort_predicates.mdx b/api_docs/kbn_sort_predicates.mdx
index bb4311fbbe760..dfb838a91db6d 100644
--- a/api_docs/kbn_sort_predicates.mdx
+++ b/api_docs/kbn_sort_predicates.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-sort-predicates
 title: "@kbn/sort-predicates"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/sort-predicates plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/sort-predicates']
 ---
 import kbnSortPredicatesObj from './kbn_sort_predicates.devdocs.json';
diff --git a/api_docs/kbn_sse_utils.mdx b/api_docs/kbn_sse_utils.mdx
index 5f1f5f18cde6c..93571dd9a509c 100644
--- a/api_docs/kbn_sse_utils.mdx
+++ b/api_docs/kbn_sse_utils.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-sse-utils
 title: "@kbn/sse-utils"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/sse-utils plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/sse-utils']
 ---
 import kbnSseUtilsObj from './kbn_sse_utils.devdocs.json';
diff --git a/api_docs/kbn_sse_utils_client.mdx b/api_docs/kbn_sse_utils_client.mdx
index 3d544b8d6aec1..738f125e2d53c 100644
--- a/api_docs/kbn_sse_utils_client.mdx
+++ b/api_docs/kbn_sse_utils_client.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-sse-utils-client
 title: "@kbn/sse-utils-client"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/sse-utils-client plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/sse-utils-client']
 ---
 import kbnSseUtilsClientObj from './kbn_sse_utils_client.devdocs.json';
diff --git a/api_docs/kbn_sse_utils_server.mdx b/api_docs/kbn_sse_utils_server.mdx
index fba0e8dac86a5..1661bc5b44b69 100644
--- a/api_docs/kbn_sse_utils_server.mdx
+++ b/api_docs/kbn_sse_utils_server.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-sse-utils-server
 title: "@kbn/sse-utils-server"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/sse-utils-server plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/sse-utils-server']
 ---
 import kbnSseUtilsServerObj from './kbn_sse_utils_server.devdocs.json';
diff --git a/api_docs/kbn_std.mdx b/api_docs/kbn_std.mdx
index 91f1966b71162..8f281f07bdc9e 100644
--- a/api_docs/kbn_std.mdx
+++ b/api_docs/kbn_std.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-std
 title: "@kbn/std"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/std plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/std']
 ---
 import kbnStdObj from './kbn_std.devdocs.json';
diff --git a/api_docs/kbn_stdio_dev_helpers.mdx b/api_docs/kbn_stdio_dev_helpers.mdx
index 2acd7cb283d4b..ccb95d695f0b6 100644
--- a/api_docs/kbn_stdio_dev_helpers.mdx
+++ b/api_docs/kbn_stdio_dev_helpers.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-stdio-dev-helpers
 title: "@kbn/stdio-dev-helpers"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/stdio-dev-helpers plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/stdio-dev-helpers']
 ---
 import kbnStdioDevHelpersObj from './kbn_stdio_dev_helpers.devdocs.json';
diff --git a/api_docs/kbn_storybook.mdx b/api_docs/kbn_storybook.mdx
index 1ccfe00076c40..5484193c96775 100644
--- a/api_docs/kbn_storybook.mdx
+++ b/api_docs/kbn_storybook.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-storybook
 title: "@kbn/storybook"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/storybook plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/storybook']
 ---
 import kbnStorybookObj from './kbn_storybook.devdocs.json';
diff --git a/api_docs/kbn_synthetics_e2e.mdx b/api_docs/kbn_synthetics_e2e.mdx
index bbe9eaf09a287..fc0d05a36d1c6 100644
--- a/api_docs/kbn_synthetics_e2e.mdx
+++ b/api_docs/kbn_synthetics_e2e.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-synthetics-e2e
 title: "@kbn/synthetics-e2e"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/synthetics-e2e plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/synthetics-e2e']
 ---
 import kbnSyntheticsE2eObj from './kbn_synthetics_e2e.devdocs.json';
diff --git a/api_docs/kbn_synthetics_private_location.mdx b/api_docs/kbn_synthetics_private_location.mdx
index bdfd0bec4dcc5..5a0541fae0fc8 100644
--- a/api_docs/kbn_synthetics_private_location.mdx
+++ b/api_docs/kbn_synthetics_private_location.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-synthetics-private-location
 title: "@kbn/synthetics-private-location"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/synthetics-private-location plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/synthetics-private-location']
 ---
 import kbnSyntheticsPrivateLocationObj from './kbn_synthetics_private_location.devdocs.json';
diff --git a/api_docs/kbn_telemetry_tools.mdx b/api_docs/kbn_telemetry_tools.mdx
index 55dce0b7c0d93..fcf8ff5896839 100644
--- a/api_docs/kbn_telemetry_tools.mdx
+++ b/api_docs/kbn_telemetry_tools.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-telemetry-tools
 title: "@kbn/telemetry-tools"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/telemetry-tools plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/telemetry-tools']
 ---
 import kbnTelemetryToolsObj from './kbn_telemetry_tools.devdocs.json';
diff --git a/api_docs/kbn_test.mdx b/api_docs/kbn_test.mdx
index 832fc1690f204..7124da08fcd9b 100644
--- a/api_docs/kbn_test.mdx
+++ b/api_docs/kbn_test.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-test
 title: "@kbn/test"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/test plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/test']
 ---
 import kbnTestObj from './kbn_test.devdocs.json';
diff --git a/api_docs/kbn_test_eui_helpers.mdx b/api_docs/kbn_test_eui_helpers.mdx
index 7fafe9cc32bc6..21c05ea2c7a3e 100644
--- a/api_docs/kbn_test_eui_helpers.mdx
+++ b/api_docs/kbn_test_eui_helpers.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-test-eui-helpers
 title: "@kbn/test-eui-helpers"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/test-eui-helpers plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/test-eui-helpers']
 ---
 import kbnTestEuiHelpersObj from './kbn_test_eui_helpers.devdocs.json';
diff --git a/api_docs/kbn_test_jest_helpers.mdx b/api_docs/kbn_test_jest_helpers.mdx
index 7639c4112a4e1..ec968713b56d9 100644
--- a/api_docs/kbn_test_jest_helpers.mdx
+++ b/api_docs/kbn_test_jest_helpers.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-test-jest-helpers
 title: "@kbn/test-jest-helpers"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/test-jest-helpers plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/test-jest-helpers']
 ---
 import kbnTestJestHelpersObj from './kbn_test_jest_helpers.devdocs.json';
diff --git a/api_docs/kbn_test_subj_selector.mdx b/api_docs/kbn_test_subj_selector.mdx
index ea6395982a6ae..5f4fd46c50e24 100644
--- a/api_docs/kbn_test_subj_selector.mdx
+++ b/api_docs/kbn_test_subj_selector.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-test-subj-selector
 title: "@kbn/test-subj-selector"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/test-subj-selector plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/test-subj-selector']
 ---
 import kbnTestSubjSelectorObj from './kbn_test_subj_selector.devdocs.json';
diff --git a/api_docs/kbn_timerange.mdx b/api_docs/kbn_timerange.mdx
index cc2e82ac91114..4c3de06452550 100644
--- a/api_docs/kbn_timerange.mdx
+++ b/api_docs/kbn_timerange.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-timerange
 title: "@kbn/timerange"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/timerange plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/timerange']
 ---
 import kbnTimerangeObj from './kbn_timerange.devdocs.json';
diff --git a/api_docs/kbn_tooling_log.mdx b/api_docs/kbn_tooling_log.mdx
index 7ddfe1478e1b6..2e177b8dc9314 100644
--- a/api_docs/kbn_tooling_log.mdx
+++ b/api_docs/kbn_tooling_log.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-tooling-log
 title: "@kbn/tooling-log"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/tooling-log plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/tooling-log']
 ---
 import kbnToolingLogObj from './kbn_tooling_log.devdocs.json';
diff --git a/api_docs/kbn_transpose_utils.mdx b/api_docs/kbn_transpose_utils.mdx
index 0b021a32c85dd..e946bcb70e42c 100644
--- a/api_docs/kbn_transpose_utils.mdx
+++ b/api_docs/kbn_transpose_utils.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-transpose-utils
 title: "@kbn/transpose-utils"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/transpose-utils plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/transpose-utils']
 ---
 import kbnTransposeUtilsObj from './kbn_transpose_utils.devdocs.json';
diff --git a/api_docs/kbn_triggers_actions_ui_types.mdx b/api_docs/kbn_triggers_actions_ui_types.mdx
index 8e9a63dcc0f7f..779e3e6e6760b 100644
--- a/api_docs/kbn_triggers_actions_ui_types.mdx
+++ b/api_docs/kbn_triggers_actions_ui_types.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-triggers-actions-ui-types
 title: "@kbn/triggers-actions-ui-types"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/triggers-actions-ui-types plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/triggers-actions-ui-types']
 ---
 import kbnTriggersActionsUiTypesObj from './kbn_triggers_actions_ui_types.devdocs.json';
diff --git a/api_docs/kbn_try_in_console.mdx b/api_docs/kbn_try_in_console.mdx
index e5ac85142a29c..2960e509a74dc 100644
--- a/api_docs/kbn_try_in_console.mdx
+++ b/api_docs/kbn_try_in_console.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-try-in-console
 title: "@kbn/try-in-console"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/try-in-console plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/try-in-console']
 ---
 import kbnTryInConsoleObj from './kbn_try_in_console.devdocs.json';
diff --git a/api_docs/kbn_ts_projects.mdx b/api_docs/kbn_ts_projects.mdx
index 9d25fd3becb9e..639f58946165d 100644
--- a/api_docs/kbn_ts_projects.mdx
+++ b/api_docs/kbn_ts_projects.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ts-projects
 title: "@kbn/ts-projects"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/ts-projects plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ts-projects']
 ---
 import kbnTsProjectsObj from './kbn_ts_projects.devdocs.json';
diff --git a/api_docs/kbn_typed_react_router_config.mdx b/api_docs/kbn_typed_react_router_config.mdx
index ba163cb944ab7..0d85889682a70 100644
--- a/api_docs/kbn_typed_react_router_config.mdx
+++ b/api_docs/kbn_typed_react_router_config.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-typed-react-router-config
 title: "@kbn/typed-react-router-config"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/typed-react-router-config plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/typed-react-router-config']
 ---
 import kbnTypedReactRouterConfigObj from './kbn_typed_react_router_config.devdocs.json';
diff --git a/api_docs/kbn_ui_actions_browser.mdx b/api_docs/kbn_ui_actions_browser.mdx
index 3b6e4c73abd2d..d93c5b4da5931 100644
--- a/api_docs/kbn_ui_actions_browser.mdx
+++ b/api_docs/kbn_ui_actions_browser.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ui-actions-browser
 title: "@kbn/ui-actions-browser"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/ui-actions-browser plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ui-actions-browser']
 ---
 import kbnUiActionsBrowserObj from './kbn_ui_actions_browser.devdocs.json';
diff --git a/api_docs/kbn_ui_shared_deps_src.mdx b/api_docs/kbn_ui_shared_deps_src.mdx
index ac4fe48f450b9..8643ead25a8cf 100644
--- a/api_docs/kbn_ui_shared_deps_src.mdx
+++ b/api_docs/kbn_ui_shared_deps_src.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ui-shared-deps-src
 title: "@kbn/ui-shared-deps-src"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/ui-shared-deps-src plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ui-shared-deps-src']
 ---
 import kbnUiSharedDepsSrcObj from './kbn_ui_shared_deps_src.devdocs.json';
diff --git a/api_docs/kbn_ui_theme.mdx b/api_docs/kbn_ui_theme.mdx
index d245f4f80669d..2620661a8c560 100644
--- a/api_docs/kbn_ui_theme.mdx
+++ b/api_docs/kbn_ui_theme.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ui-theme
 title: "@kbn/ui-theme"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/ui-theme plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ui-theme']
 ---
 import kbnUiThemeObj from './kbn_ui_theme.devdocs.json';
diff --git a/api_docs/kbn_unified_data_table.mdx b/api_docs/kbn_unified_data_table.mdx
index 2b1f1237bba83..f743edb047f5c 100644
--- a/api_docs/kbn_unified_data_table.mdx
+++ b/api_docs/kbn_unified_data_table.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-unified-data-table
 title: "@kbn/unified-data-table"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/unified-data-table plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/unified-data-table']
 ---
 import kbnUnifiedDataTableObj from './kbn_unified_data_table.devdocs.json';
diff --git a/api_docs/kbn_unified_doc_viewer.mdx b/api_docs/kbn_unified_doc_viewer.mdx
index 271b511cb9d62..f71136ca24ee2 100644
--- a/api_docs/kbn_unified_doc_viewer.mdx
+++ b/api_docs/kbn_unified_doc_viewer.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-unified-doc-viewer
 title: "@kbn/unified-doc-viewer"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/unified-doc-viewer plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/unified-doc-viewer']
 ---
 import kbnUnifiedDocViewerObj from './kbn_unified_doc_viewer.devdocs.json';
diff --git a/api_docs/kbn_unified_field_list.devdocs.json b/api_docs/kbn_unified_field_list.devdocs.json
index b62b99adafb76..09eff21c8fa75 100644
--- a/api_docs/kbn_unified_field_list.devdocs.json
+++ b/api_docs/kbn_unified_field_list.devdocs.json
@@ -371,7 +371,7 @@
         "label": "FieldPopoverHeader",
         "description": [],
         "signature": [
-          "({ field, closePopover, buttonAddFieldToWorkspaceProps, buttonAddFilterProps, buttonEditFieldProps, buttonDeleteFieldProps, onAddFieldToWorkspace, onAddFilter, onEditField, onDeleteField, services, }: ",
+          "({ field, closePopover, buttonAddFieldToWorkspaceProps, buttonAddFilterProps, buttonEditFieldProps, buttonDeleteFieldProps, onAddBreakdownField, onAddFieldToWorkspace, onAddFilter, onEditField, onDeleteField, services, }: ",
           {
             "pluginId": "@kbn/unified-field-list",
             "scope": "public",
@@ -390,7 +390,7 @@
             "id": "def-public.FieldPopoverHeader.$1",
             "type": "Object",
             "tags": [],
-            "label": "{\n  field,\n  closePopover,\n  buttonAddFieldToWorkspaceProps,\n  buttonAddFilterProps,\n  buttonEditFieldProps,\n  buttonDeleteFieldProps,\n  onAddFieldToWorkspace,\n  onAddFilter,\n  onEditField,\n  onDeleteField,\n  services,\n}",
+            "label": "{\n  field,\n  closePopover,\n  buttonAddFieldToWorkspaceProps,\n  buttonAddFilterProps,\n  buttonEditFieldProps,\n  buttonDeleteFieldProps,\n  onAddBreakdownField,\n  onAddFieldToWorkspace,\n  onAddFilter,\n  onEditField,\n  onDeleteField,\n  services,\n}",
             "description": [],
             "signature": [
               {
@@ -3691,6 +3691,53 @@
             "deprecated": false,
             "trackAdoption": false
           },
+          {
+            "parentPluginId": "@kbn/unified-field-list",
+            "id": "def-public.FieldPopoverHeaderProps.onAddBreakdownField",
+            "type": "Function",
+            "tags": [],
+            "label": "onAddBreakdownField",
+            "description": [],
+            "signature": [
+              "((field: ",
+              {
+                "pluginId": "dataViews",
+                "scope": "common",
+                "docId": "kibDataViewsPluginApi",
+                "section": "def-common.DataViewField",
+                "text": "DataViewField"
+              },
+              " | undefined) => void) | undefined"
+            ],
+            "path": "packages/kbn-unified-field-list/src/components/field_popover/field_popover_header.tsx",
+            "deprecated": false,
+            "trackAdoption": false,
+            "children": [
+              {
+                "parentPluginId": "@kbn/unified-field-list",
+                "id": "def-public.FieldPopoverHeaderProps.onAddBreakdownField.$1",
+                "type": "Object",
+                "tags": [],
+                "label": "field",
+                "description": [],
+                "signature": [
+                  {
+                    "pluginId": "dataViews",
+                    "scope": "common",
+                    "docId": "kibDataViewsPluginApi",
+                    "section": "def-common.DataViewField",
+                    "text": "DataViewField"
+                  },
+                  " | undefined"
+                ],
+                "path": "packages/kbn-unified-field-list/src/components/field_popover/field_popover_header.tsx",
+                "deprecated": false,
+                "trackAdoption": false,
+                "isRequired": false
+              }
+            ],
+            "returnComment": []
+          },
           {
             "parentPluginId": "@kbn/unified-field-list",
             "id": "def-public.FieldPopoverHeaderProps.onAddFieldToWorkspace",
diff --git a/api_docs/kbn_unified_field_list.mdx b/api_docs/kbn_unified_field_list.mdx
index a583a291cd4db..3e1221871bb88 100644
--- a/api_docs/kbn_unified_field_list.mdx
+++ b/api_docs/kbn_unified_field_list.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-unified-field-list
 title: "@kbn/unified-field-list"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/unified-field-list plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/unified-field-list']
 ---
 import kbnUnifiedFieldListObj from './kbn_unified_field_list.devdocs.json';
@@ -21,7 +21,7 @@ Contact [@elastic/kibana-data-discovery](https://github.com/orgs/elastic/teams/k
 
 | Public API count  | Any count | Items lacking comments | Missing exports |
 |-------------------|-----------|------------------------|-----------------|
-| 315 | 0 | 286 | 8 |
+| 317 | 0 | 288 | 8 |
 
 ## Client
 
diff --git a/api_docs/kbn_unsaved_changes_badge.mdx b/api_docs/kbn_unsaved_changes_badge.mdx
index 780d1c23c8570..7074829950d0d 100644
--- a/api_docs/kbn_unsaved_changes_badge.mdx
+++ b/api_docs/kbn_unsaved_changes_badge.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-unsaved-changes-badge
 title: "@kbn/unsaved-changes-badge"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/unsaved-changes-badge plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/unsaved-changes-badge']
 ---
 import kbnUnsavedChangesBadgeObj from './kbn_unsaved_changes_badge.devdocs.json';
diff --git a/api_docs/kbn_unsaved_changes_prompt.mdx b/api_docs/kbn_unsaved_changes_prompt.mdx
index 1e082896894bf..21587519c6653 100644
--- a/api_docs/kbn_unsaved_changes_prompt.mdx
+++ b/api_docs/kbn_unsaved_changes_prompt.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-unsaved-changes-prompt
 title: "@kbn/unsaved-changes-prompt"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/unsaved-changes-prompt plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/unsaved-changes-prompt']
 ---
 import kbnUnsavedChangesPromptObj from './kbn_unsaved_changes_prompt.devdocs.json';
diff --git a/api_docs/kbn_use_tracked_promise.mdx b/api_docs/kbn_use_tracked_promise.mdx
index 7d089c37cc761..df1cd520ea7f6 100644
--- a/api_docs/kbn_use_tracked_promise.mdx
+++ b/api_docs/kbn_use_tracked_promise.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-use-tracked-promise
 title: "@kbn/use-tracked-promise"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/use-tracked-promise plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/use-tracked-promise']
 ---
 import kbnUseTrackedPromiseObj from './kbn_use_tracked_promise.devdocs.json';
diff --git a/api_docs/kbn_user_profile_components.mdx b/api_docs/kbn_user_profile_components.mdx
index 2b4c62622c353..266941df7ded2 100644
--- a/api_docs/kbn_user_profile_components.mdx
+++ b/api_docs/kbn_user_profile_components.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-user-profile-components
 title: "@kbn/user-profile-components"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/user-profile-components plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/user-profile-components']
 ---
 import kbnUserProfileComponentsObj from './kbn_user_profile_components.devdocs.json';
diff --git a/api_docs/kbn_utility_types.mdx b/api_docs/kbn_utility_types.mdx
index 7f39d6141feb8..eb961e33e2365 100644
--- a/api_docs/kbn_utility_types.mdx
+++ b/api_docs/kbn_utility_types.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-utility-types
 title: "@kbn/utility-types"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/utility-types plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/utility-types']
 ---
 import kbnUtilityTypesObj from './kbn_utility_types.devdocs.json';
diff --git a/api_docs/kbn_utility_types_jest.mdx b/api_docs/kbn_utility_types_jest.mdx
index 179be86445e8c..2ed8237bbad7a 100644
--- a/api_docs/kbn_utility_types_jest.mdx
+++ b/api_docs/kbn_utility_types_jest.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-utility-types-jest
 title: "@kbn/utility-types-jest"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/utility-types-jest plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/utility-types-jest']
 ---
 import kbnUtilityTypesJestObj from './kbn_utility_types_jest.devdocs.json';
diff --git a/api_docs/kbn_utils.mdx b/api_docs/kbn_utils.mdx
index 72cd73d2eae2e..1d98cd8333021 100644
--- a/api_docs/kbn_utils.mdx
+++ b/api_docs/kbn_utils.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-utils
 title: "@kbn/utils"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/utils plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/utils']
 ---
 import kbnUtilsObj from './kbn_utils.devdocs.json';
diff --git a/api_docs/kbn_visualization_ui_components.mdx b/api_docs/kbn_visualization_ui_components.mdx
index 2f130e29b5a2f..57fb9c583bb7b 100644
--- a/api_docs/kbn_visualization_ui_components.mdx
+++ b/api_docs/kbn_visualization_ui_components.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-visualization-ui-components
 title: "@kbn/visualization-ui-components"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/visualization-ui-components plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/visualization-ui-components']
 ---
 import kbnVisualizationUiComponentsObj from './kbn_visualization_ui_components.devdocs.json';
diff --git a/api_docs/kbn_visualization_utils.mdx b/api_docs/kbn_visualization_utils.mdx
index 6b20d18642144..95a0aeeb9b034 100644
--- a/api_docs/kbn_visualization_utils.mdx
+++ b/api_docs/kbn_visualization_utils.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-visualization-utils
 title: "@kbn/visualization-utils"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/visualization-utils plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/visualization-utils']
 ---
 import kbnVisualizationUtilsObj from './kbn_visualization_utils.devdocs.json';
diff --git a/api_docs/kbn_xstate_utils.mdx b/api_docs/kbn_xstate_utils.mdx
index 10c94ea7b0f6a..0a71dfaa87b7e 100644
--- a/api_docs/kbn_xstate_utils.mdx
+++ b/api_docs/kbn_xstate_utils.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-xstate-utils
 title: "@kbn/xstate-utils"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/xstate-utils plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/xstate-utils']
 ---
 import kbnXstateUtilsObj from './kbn_xstate_utils.devdocs.json';
diff --git a/api_docs/kbn_yarn_lock_validator.mdx b/api_docs/kbn_yarn_lock_validator.mdx
index 51ce17a089cf7..bc41b15a79465 100644
--- a/api_docs/kbn_yarn_lock_validator.mdx
+++ b/api_docs/kbn_yarn_lock_validator.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-yarn-lock-validator
 title: "@kbn/yarn-lock-validator"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/yarn-lock-validator plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/yarn-lock-validator']
 ---
 import kbnYarnLockValidatorObj from './kbn_yarn_lock_validator.devdocs.json';
diff --git a/api_docs/kbn_zod.devdocs.json b/api_docs/kbn_zod.devdocs.json
index d0a32cdaf8ff5..4fbf59e5edf59 100644
--- a/api_docs/kbn_zod.devdocs.json
+++ b/api_docs/kbn_zod.devdocs.json
@@ -19198,7 +19198,7 @@
         "label": "ZodFirstPartySchemaTypes",
         "description": [],
         "signature": [
-          "Zod.ZodString | Zod.ZodBoolean | Zod.ZodNumber | Zod.ZodUnknown | Zod.ZodAny | Zod.ZodUndefined | Zod.ZodNull | Zod.ZodBigInt | Zod.ZodDate | Zod.ZodSymbol | Zod.ZodNever | Zod.ZodVoid | Zod.ZodTuple<any, any> | Zod.ZodNaN | Zod.ZodArray<any, any> | Zod.ZodObject<any, any, any, { [x: string]: any; }, { [x: string]: any; }> | Zod.ZodUnion<any> | Zod.ZodDiscriminatedUnion<any, any> | Zod.ZodIntersection<any, any> | Zod.ZodRecord<any, any> | Zod.ZodMap<any, Zod.ZodTypeAny> | Zod.ZodSet<any> | Zod.ZodFunction<any, any> | Zod.ZodLazy<any> | Zod.ZodLiteral<any> | Zod.ZodEnum<any> | Zod.ZodEffects<any, any, any> | Zod.ZodNativeEnum<any> | Zod.ZodOptional<any> | Zod.ZodNullable<any> | Zod.ZodDefault<any> | Zod.ZodCatch<any> | Zod.ZodPromise<any> | Zod.ZodBranded<any, any> | Zod.ZodPipeline<any, any> | Zod.ZodReadonly<any>"
+          "Zod.ZodString | Zod.ZodBoolean | Zod.ZodNumber | Zod.ZodUnknown | Zod.ZodNull | Zod.ZodAny | Zod.ZodUndefined | Zod.ZodBigInt | Zod.ZodDate | Zod.ZodSymbol | Zod.ZodNever | Zod.ZodVoid | Zod.ZodTuple<any, any> | Zod.ZodNaN | Zod.ZodArray<any, any> | Zod.ZodObject<any, any, any, { [x: string]: any; }, { [x: string]: any; }> | Zod.ZodUnion<any> | Zod.ZodDiscriminatedUnion<any, any> | Zod.ZodIntersection<any, any> | Zod.ZodRecord<any, any> | Zod.ZodMap<any, Zod.ZodTypeAny> | Zod.ZodSet<any> | Zod.ZodFunction<any, any> | Zod.ZodLazy<any> | Zod.ZodLiteral<any> | Zod.ZodEnum<any> | Zod.ZodEffects<any, any, any> | Zod.ZodNativeEnum<any> | Zod.ZodOptional<any> | Zod.ZodNullable<any> | Zod.ZodDefault<any> | Zod.ZodCatch<any> | Zod.ZodPromise<any> | Zod.ZodBranded<any, any> | Zod.ZodPipeline<any, any> | Zod.ZodReadonly<any>"
         ],
         "path": "node_modules/zod/lib/types.d.ts",
         "deprecated": false,
diff --git a/api_docs/kbn_zod.mdx b/api_docs/kbn_zod.mdx
index dc1b61dbfbb5e..4b2a076774dfd 100644
--- a/api_docs/kbn_zod.mdx
+++ b/api_docs/kbn_zod.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-zod
 title: "@kbn/zod"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/zod plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/zod']
 ---
 import kbnZodObj from './kbn_zod.devdocs.json';
diff --git a/api_docs/kbn_zod_helpers.mdx b/api_docs/kbn_zod_helpers.mdx
index 0e7e77b864251..45112be490a20 100644
--- a/api_docs/kbn_zod_helpers.mdx
+++ b/api_docs/kbn_zod_helpers.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-zod-helpers
 title: "@kbn/zod-helpers"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the @kbn/zod-helpers plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/zod-helpers']
 ---
 import kbnZodHelpersObj from './kbn_zod_helpers.devdocs.json';
diff --git a/api_docs/kibana_overview.mdx b/api_docs/kibana_overview.mdx
index a000a37f295da..fdeb3213325e6 100644
--- a/api_docs/kibana_overview.mdx
+++ b/api_docs/kibana_overview.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kibanaOverview
 title: "kibanaOverview"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the kibanaOverview plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'kibanaOverview']
 ---
 import kibanaOverviewObj from './kibana_overview.devdocs.json';
diff --git a/api_docs/kibana_react.mdx b/api_docs/kibana_react.mdx
index 9ebcc9e719fc6..4b37e4bccef02 100644
--- a/api_docs/kibana_react.mdx
+++ b/api_docs/kibana_react.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kibanaReact
 title: "kibanaReact"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the kibanaReact plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'kibanaReact']
 ---
 import kibanaReactObj from './kibana_react.devdocs.json';
diff --git a/api_docs/kibana_utils.mdx b/api_docs/kibana_utils.mdx
index 2fe3520d4c92e..d17bc9ccc4268 100644
--- a/api_docs/kibana_utils.mdx
+++ b/api_docs/kibana_utils.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kibanaUtils
 title: "kibanaUtils"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the kibanaUtils plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'kibanaUtils']
 ---
 import kibanaUtilsObj from './kibana_utils.devdocs.json';
diff --git a/api_docs/kubernetes_security.mdx b/api_docs/kubernetes_security.mdx
index 74785e1f3c45c..97241b136ca04 100644
--- a/api_docs/kubernetes_security.mdx
+++ b/api_docs/kubernetes_security.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kubernetesSecurity
 title: "kubernetesSecurity"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the kubernetesSecurity plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'kubernetesSecurity']
 ---
 import kubernetesSecurityObj from './kubernetes_security.devdocs.json';
diff --git a/api_docs/lens.mdx b/api_docs/lens.mdx
index 88907c0c2aa35..fce825c33c4ac 100644
--- a/api_docs/lens.mdx
+++ b/api_docs/lens.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/lens
 title: "lens"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the lens plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'lens']
 ---
 import lensObj from './lens.devdocs.json';
diff --git a/api_docs/license_api_guard.mdx b/api_docs/license_api_guard.mdx
index f0bd2cba1b4d7..315ae2683ed80 100644
--- a/api_docs/license_api_guard.mdx
+++ b/api_docs/license_api_guard.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/licenseApiGuard
 title: "licenseApiGuard"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the licenseApiGuard plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'licenseApiGuard']
 ---
 import licenseApiGuardObj from './license_api_guard.devdocs.json';
diff --git a/api_docs/license_management.mdx b/api_docs/license_management.mdx
index f588ac6cfb03e..5be079a4e005f 100644
--- a/api_docs/license_management.mdx
+++ b/api_docs/license_management.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/licenseManagement
 title: "licenseManagement"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the licenseManagement plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'licenseManagement']
 ---
 import licenseManagementObj from './license_management.devdocs.json';
diff --git a/api_docs/licensing.mdx b/api_docs/licensing.mdx
index fa6c7db355334..6a438571932f4 100644
--- a/api_docs/licensing.mdx
+++ b/api_docs/licensing.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/licensing
 title: "licensing"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the licensing plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'licensing']
 ---
 import licensingObj from './licensing.devdocs.json';
diff --git a/api_docs/links.mdx b/api_docs/links.mdx
index 163751aa731ee..d82ee97d8b0c8 100644
--- a/api_docs/links.mdx
+++ b/api_docs/links.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/links
 title: "links"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the links plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'links']
 ---
 import linksObj from './links.devdocs.json';
diff --git a/api_docs/lists.mdx b/api_docs/lists.mdx
index 94d15e8c5f6ec..74e15a50afc92 100644
--- a/api_docs/lists.mdx
+++ b/api_docs/lists.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/lists
 title: "lists"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the lists plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'lists']
 ---
 import listsObj from './lists.devdocs.json';
diff --git a/api_docs/logs_data_access.mdx b/api_docs/logs_data_access.mdx
index 63c4c4f9e505e..1d6fa793021bd 100644
--- a/api_docs/logs_data_access.mdx
+++ b/api_docs/logs_data_access.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/logsDataAccess
 title: "logsDataAccess"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the logsDataAccess plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'logsDataAccess']
 ---
 import logsDataAccessObj from './logs_data_access.devdocs.json';
diff --git a/api_docs/logs_explorer.mdx b/api_docs/logs_explorer.mdx
index 842751cc70614..0bde90a40e26d 100644
--- a/api_docs/logs_explorer.mdx
+++ b/api_docs/logs_explorer.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/logsExplorer
 title: "logsExplorer"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the logsExplorer plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'logsExplorer']
 ---
 import logsExplorerObj from './logs_explorer.devdocs.json';
diff --git a/api_docs/logs_shared.mdx b/api_docs/logs_shared.mdx
index 9e20b24209010..445dcdffc852a 100644
--- a/api_docs/logs_shared.mdx
+++ b/api_docs/logs_shared.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/logsShared
 title: "logsShared"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the logsShared plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'logsShared']
 ---
 import logsSharedObj from './logs_shared.devdocs.json';
diff --git a/api_docs/management.mdx b/api_docs/management.mdx
index cafd766bbda8f..e92568a6737be 100644
--- a/api_docs/management.mdx
+++ b/api_docs/management.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/management
 title: "management"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the management plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'management']
 ---
 import managementObj from './management.devdocs.json';
diff --git a/api_docs/maps.mdx b/api_docs/maps.mdx
index 64d97c626dfae..b351de5a8ddae 100644
--- a/api_docs/maps.mdx
+++ b/api_docs/maps.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/maps
 title: "maps"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the maps plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'maps']
 ---
 import mapsObj from './maps.devdocs.json';
diff --git a/api_docs/maps_ems.mdx b/api_docs/maps_ems.mdx
index 4d1e7c47ecb23..ffbaf5e035391 100644
--- a/api_docs/maps_ems.mdx
+++ b/api_docs/maps_ems.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/mapsEms
 title: "mapsEms"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the mapsEms plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'mapsEms']
 ---
 import mapsEmsObj from './maps_ems.devdocs.json';
diff --git a/api_docs/metrics_data_access.mdx b/api_docs/metrics_data_access.mdx
index a488a2a2ce572..aa533973e4836 100644
--- a/api_docs/metrics_data_access.mdx
+++ b/api_docs/metrics_data_access.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/metricsDataAccess
 title: "metricsDataAccess"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the metricsDataAccess plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'metricsDataAccess']
 ---
 import metricsDataAccessObj from './metrics_data_access.devdocs.json';
diff --git a/api_docs/ml.mdx b/api_docs/ml.mdx
index 27a3ee59e88be..144330bd57215 100644
--- a/api_docs/ml.mdx
+++ b/api_docs/ml.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/ml
 title: "ml"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the ml plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'ml']
 ---
 import mlObj from './ml.devdocs.json';
diff --git a/api_docs/mock_idp_plugin.mdx b/api_docs/mock_idp_plugin.mdx
index 06337aff0be66..5d21d3512501a 100644
--- a/api_docs/mock_idp_plugin.mdx
+++ b/api_docs/mock_idp_plugin.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/mockIdpPlugin
 title: "mockIdpPlugin"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the mockIdpPlugin plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'mockIdpPlugin']
 ---
 import mockIdpPluginObj from './mock_idp_plugin.devdocs.json';
diff --git a/api_docs/monitoring.mdx b/api_docs/monitoring.mdx
index 73db763eb563d..0ec6f14420cbe 100644
--- a/api_docs/monitoring.mdx
+++ b/api_docs/monitoring.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/monitoring
 title: "monitoring"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the monitoring plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'monitoring']
 ---
 import monitoringObj from './monitoring.devdocs.json';
diff --git a/api_docs/monitoring_collection.mdx b/api_docs/monitoring_collection.mdx
index 214d0b97b97ef..ea78606171226 100644
--- a/api_docs/monitoring_collection.mdx
+++ b/api_docs/monitoring_collection.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/monitoringCollection
 title: "monitoringCollection"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the monitoringCollection plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'monitoringCollection']
 ---
 import monitoringCollectionObj from './monitoring_collection.devdocs.json';
diff --git a/api_docs/navigation.mdx b/api_docs/navigation.mdx
index e504b3e070741..82d77435912e7 100644
--- a/api_docs/navigation.mdx
+++ b/api_docs/navigation.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/navigation
 title: "navigation"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the navigation plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'navigation']
 ---
 import navigationObj from './navigation.devdocs.json';
diff --git a/api_docs/newsfeed.mdx b/api_docs/newsfeed.mdx
index fd03c00cdd3d6..28b72a4635a82 100644
--- a/api_docs/newsfeed.mdx
+++ b/api_docs/newsfeed.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/newsfeed
 title: "newsfeed"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the newsfeed plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'newsfeed']
 ---
 import newsfeedObj from './newsfeed.devdocs.json';
diff --git a/api_docs/no_data_page.mdx b/api_docs/no_data_page.mdx
index 52f5b9d9abed9..7d2986ed29357 100644
--- a/api_docs/no_data_page.mdx
+++ b/api_docs/no_data_page.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/noDataPage
 title: "noDataPage"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the noDataPage plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'noDataPage']
 ---
 import noDataPageObj from './no_data_page.devdocs.json';
diff --git a/api_docs/notifications.mdx b/api_docs/notifications.mdx
index 32bf27d609643..be05b4a9daee3 100644
--- a/api_docs/notifications.mdx
+++ b/api_docs/notifications.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/notifications
 title: "notifications"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the notifications plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'notifications']
 ---
 import notificationsObj from './notifications.devdocs.json';
diff --git a/api_docs/observability.mdx b/api_docs/observability.mdx
index 9f014ee4f504b..d9efa68e891fc 100644
--- a/api_docs/observability.mdx
+++ b/api_docs/observability.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/observability
 title: "observability"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the observability plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'observability']
 ---
 import observabilityObj from './observability.devdocs.json';
diff --git a/api_docs/observability_a_i_assistant.mdx b/api_docs/observability_a_i_assistant.mdx
index a5697831bc673..5cd4d9f7ff444 100644
--- a/api_docs/observability_a_i_assistant.mdx
+++ b/api_docs/observability_a_i_assistant.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/observabilityAIAssistant
 title: "observabilityAIAssistant"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the observabilityAIAssistant plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'observabilityAIAssistant']
 ---
 import observabilityAIAssistantObj from './observability_a_i_assistant.devdocs.json';
diff --git a/api_docs/observability_a_i_assistant_app.mdx b/api_docs/observability_a_i_assistant_app.mdx
index 074b939139663..202b71bd4eae8 100644
--- a/api_docs/observability_a_i_assistant_app.mdx
+++ b/api_docs/observability_a_i_assistant_app.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/observabilityAIAssistantApp
 title: "observabilityAIAssistantApp"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the observabilityAIAssistantApp plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'observabilityAIAssistantApp']
 ---
 import observabilityAIAssistantAppObj from './observability_a_i_assistant_app.devdocs.json';
diff --git a/api_docs/observability_ai_assistant_management.mdx b/api_docs/observability_ai_assistant_management.mdx
index 7db6d8acbec8b..c09019847ce02 100644
--- a/api_docs/observability_ai_assistant_management.mdx
+++ b/api_docs/observability_ai_assistant_management.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/observabilityAiAssistantManagement
 title: "observabilityAiAssistantManagement"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the observabilityAiAssistantManagement plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'observabilityAiAssistantManagement']
 ---
 import observabilityAiAssistantManagementObj from './observability_ai_assistant_management.devdocs.json';
diff --git a/api_docs/observability_logs_explorer.mdx b/api_docs/observability_logs_explorer.mdx
index 096d438580b03..6bd8126e169ce 100644
--- a/api_docs/observability_logs_explorer.mdx
+++ b/api_docs/observability_logs_explorer.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/observabilityLogsExplorer
 title: "observabilityLogsExplorer"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the observabilityLogsExplorer plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'observabilityLogsExplorer']
 ---
 import observabilityLogsExplorerObj from './observability_logs_explorer.devdocs.json';
diff --git a/api_docs/observability_onboarding.mdx b/api_docs/observability_onboarding.mdx
index 49e61b7484f5d..02796fa6b90bc 100644
--- a/api_docs/observability_onboarding.mdx
+++ b/api_docs/observability_onboarding.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/observabilityOnboarding
 title: "observabilityOnboarding"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the observabilityOnboarding plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'observabilityOnboarding']
 ---
 import observabilityOnboardingObj from './observability_onboarding.devdocs.json';
diff --git a/api_docs/observability_shared.devdocs.json b/api_docs/observability_shared.devdocs.json
index 96ca1e9e5e328..972e399f0af9f 100644
--- a/api_docs/observability_shared.devdocs.json
+++ b/api_docs/observability_shared.devdocs.json
@@ -1721,6 +1721,69 @@
         "returnComment": [],
         "initialIsOpen": false
       },
+      {
+        "parentPluginId": "observabilityShared",
+        "id": "def-public.useControlPanels",
+        "type": "Function",
+        "tags": [],
+        "label": "useControlPanels",
+        "description": [],
+        "signature": [
+          "(controlPanelConfigs: { [x: string]: { order: number; type: string; } & { width?: \"small\" | \"medium\" | \"large\" | undefined; grow?: boolean | undefined; dataViewId?: string | undefined; fieldName?: string | undefined; title?: string | undefined; selectedOptions?: string[] | undefined; }; }, dataView: ",
+          {
+            "pluginId": "dataViews",
+            "scope": "common",
+            "docId": "kibDataViewsPluginApi",
+            "section": "def-common.DataView",
+            "text": "DataView"
+          },
+          " | undefined) => [{ [x: string]: { order: number; type: string; } & { width?: \"small\" | \"medium\" | \"large\" | undefined; grow?: boolean | undefined; dataViewId?: string | undefined; fieldName?: string | undefined; title?: string | undefined; selectedOptions?: string[] | undefined; }; }, (state: { [x: string]: { order: number; type: string; } & { width?: \"small\" | \"medium\" | \"large\" | undefined; grow?: boolean | undefined; dataViewId?: string | undefined; fieldName?: string | undefined; title?: string | undefined; selectedOptions?: string[] | undefined; }; }) => void]"
+        ],
+        "path": "x-pack/plugins/observability_solution/observability_shared/public/hooks/use_control_panels_url_state.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "children": [
+          {
+            "parentPluginId": "observabilityShared",
+            "id": "def-public.useControlPanels.$1",
+            "type": "Object",
+            "tags": [],
+            "label": "controlPanelConfigs",
+            "description": [],
+            "signature": [
+              "{ [x: string]: { order: number; type: string; } & { width?: \"small\" | \"medium\" | \"large\" | undefined; grow?: boolean | undefined; dataViewId?: string | undefined; fieldName?: string | undefined; title?: string | undefined; selectedOptions?: string[] | undefined; }; }"
+            ],
+            "path": "x-pack/plugins/observability_solution/observability_shared/public/hooks/use_control_panels_url_state.ts",
+            "deprecated": false,
+            "trackAdoption": false,
+            "isRequired": true
+          },
+          {
+            "parentPluginId": "observabilityShared",
+            "id": "def-public.useControlPanels.$2",
+            "type": "Object",
+            "tags": [],
+            "label": "dataView",
+            "description": [],
+            "signature": [
+              {
+                "pluginId": "dataViews",
+                "scope": "common",
+                "docId": "kibDataViewsPluginApi",
+                "section": "def-common.DataView",
+                "text": "DataView"
+              },
+              " | undefined"
+            ],
+            "path": "x-pack/plugins/observability_solution/observability_shared/public/hooks/use_control_panels_url_state.ts",
+            "deprecated": false,
+            "trackAdoption": false,
+            "isRequired": false
+          }
+        ],
+        "returnComment": [],
+        "initialIsOpen": false
+      },
       {
         "parentPluginId": "observabilityShared",
         "id": "def-public.useEditableSettings",
@@ -2014,6 +2077,30 @@
         "returnComment": [],
         "initialIsOpen": false
       },
+      {
+        "parentPluginId": "observabilityShared",
+        "id": "def-public.useKibanaQuerySettings",
+        "type": "Function",
+        "tags": [],
+        "label": "useKibanaQuerySettings",
+        "description": [],
+        "signature": [
+          "() => ",
+          {
+            "pluginId": "@kbn/es-query",
+            "scope": "common",
+            "docId": "kibKbnEsQueryPluginApi",
+            "section": "def-common.EsQueryConfig",
+            "text": "EsQueryConfig"
+          }
+        ],
+        "path": "x-pack/plugins/observability_solution/observability_shared/public/hooks/use_kibana_query_settings.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "children": [],
+        "returnComment": [],
+        "initialIsOpen": false
+      },
       {
         "parentPluginId": "observabilityShared",
         "id": "def-public.useKibanaSpace",
@@ -2345,6 +2432,179 @@
         "returnComment": [],
         "initialIsOpen": false
       },
+      {
+        "parentPluginId": "observabilityShared",
+        "id": "def-public.useUrlState",
+        "type": "Function",
+        "tags": [],
+        "label": "useUrlState",
+        "description": [],
+        "signature": [
+          "<State>({ defaultState, decodeUrlState, encodeUrlState, urlStateKey, writeDefaultState, }: { defaultState: State; decodeUrlState: (value: ",
+          {
+            "pluginId": "@kbn/rison",
+            "scope": "common",
+            "docId": "kibKbnRisonPluginApi",
+            "section": "def-common.RisonValue",
+            "text": "RisonValue"
+          },
+          " | undefined) => State | undefined; encodeUrlState: (value: State) => ",
+          {
+            "pluginId": "@kbn/rison",
+            "scope": "common",
+            "docId": "kibKbnRisonPluginApi",
+            "section": "def-common.RisonValue",
+            "text": "RisonValue"
+          },
+          " | undefined; urlStateKey: string; writeDefaultState?: boolean | undefined; }) => [State, (patch: State | ((prevState: State) => State) | undefined) => void]"
+        ],
+        "path": "x-pack/plugins/observability_solution/observability_shared/public/hooks/use_url_state.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "children": [
+          {
+            "parentPluginId": "observabilityShared",
+            "id": "def-public.useUrlState.$1",
+            "type": "Object",
+            "tags": [],
+            "label": "{\n  defaultState,\n  decodeUrlState,\n  encodeUrlState,\n  urlStateKey,\n  writeDefaultState = false,\n}",
+            "description": [],
+            "path": "x-pack/plugins/observability_solution/observability_shared/public/hooks/use_url_state.ts",
+            "deprecated": false,
+            "trackAdoption": false,
+            "children": [
+              {
+                "parentPluginId": "observabilityShared",
+                "id": "def-public.useUrlState.$1.defaultState",
+                "type": "Uncategorized",
+                "tags": [],
+                "label": "defaultState",
+                "description": [],
+                "signature": [
+                  "State"
+                ],
+                "path": "x-pack/plugins/observability_solution/observability_shared/public/hooks/use_url_state.ts",
+                "deprecated": false,
+                "trackAdoption": false
+              },
+              {
+                "parentPluginId": "observabilityShared",
+                "id": "def-public.useUrlState.$1.decodeUrlState",
+                "type": "Function",
+                "tags": [],
+                "label": "decodeUrlState",
+                "description": [],
+                "signature": [
+                  "(value: ",
+                  {
+                    "pluginId": "@kbn/rison",
+                    "scope": "common",
+                    "docId": "kibKbnRisonPluginApi",
+                    "section": "def-common.RisonValue",
+                    "text": "RisonValue"
+                  },
+                  " | undefined) => State | undefined"
+                ],
+                "path": "x-pack/plugins/observability_solution/observability_shared/public/hooks/use_url_state.ts",
+                "deprecated": false,
+                "trackAdoption": false,
+                "children": [
+                  {
+                    "parentPluginId": "observabilityShared",
+                    "id": "def-public.useUrlState.$1.decodeUrlState.$1",
+                    "type": "CompoundType",
+                    "tags": [],
+                    "label": "value",
+                    "description": [],
+                    "signature": [
+                      {
+                        "pluginId": "@kbn/rison",
+                        "scope": "common",
+                        "docId": "kibKbnRisonPluginApi",
+                        "section": "def-common.RisonValue",
+                        "text": "RisonValue"
+                      },
+                      " | undefined"
+                    ],
+                    "path": "x-pack/plugins/observability_solution/observability_shared/public/hooks/use_url_state.ts",
+                    "deprecated": false,
+                    "trackAdoption": false,
+                    "isRequired": false
+                  }
+                ],
+                "returnComment": []
+              },
+              {
+                "parentPluginId": "observabilityShared",
+                "id": "def-public.useUrlState.$1.encodeUrlState",
+                "type": "Function",
+                "tags": [],
+                "label": "encodeUrlState",
+                "description": [],
+                "signature": [
+                  "(value: State) => ",
+                  {
+                    "pluginId": "@kbn/rison",
+                    "scope": "common",
+                    "docId": "kibKbnRisonPluginApi",
+                    "section": "def-common.RisonValue",
+                    "text": "RisonValue"
+                  },
+                  " | undefined"
+                ],
+                "path": "x-pack/plugins/observability_solution/observability_shared/public/hooks/use_url_state.ts",
+                "deprecated": false,
+                "trackAdoption": false,
+                "children": [
+                  {
+                    "parentPluginId": "observabilityShared",
+                    "id": "def-public.useUrlState.$1.encodeUrlState.$1",
+                    "type": "Uncategorized",
+                    "tags": [],
+                    "label": "value",
+                    "description": [],
+                    "signature": [
+                      "State"
+                    ],
+                    "path": "x-pack/plugins/observability_solution/observability_shared/public/hooks/use_url_state.ts",
+                    "deprecated": false,
+                    "trackAdoption": false,
+                    "isRequired": true
+                  }
+                ],
+                "returnComment": []
+              },
+              {
+                "parentPluginId": "observabilityShared",
+                "id": "def-public.useUrlState.$1.urlStateKey",
+                "type": "string",
+                "tags": [],
+                "label": "urlStateKey",
+                "description": [],
+                "path": "x-pack/plugins/observability_solution/observability_shared/public/hooks/use_url_state.ts",
+                "deprecated": false,
+                "trackAdoption": false
+              },
+              {
+                "parentPluginId": "observabilityShared",
+                "id": "def-public.useUrlState.$1.writeDefaultState",
+                "type": "CompoundType",
+                "tags": [],
+                "label": "writeDefaultState",
+                "description": [],
+                "signature": [
+                  "boolean | undefined"
+                ],
+                "path": "x-pack/plugins/observability_solution/observability_shared/public/hooks/use_url_state.ts",
+                "deprecated": false,
+                "trackAdoption": false
+              }
+            ]
+          }
+        ],
+        "returnComment": [],
+        "initialIsOpen": false
+      },
       {
         "parentPluginId": "observabilityShared",
         "id": "def-public.useValuesList",
@@ -3519,6 +3779,21 @@
         "trackAdoption": false,
         "initialIsOpen": false
       },
+      {
+        "parentPluginId": "observabilityShared",
+        "id": "def-public.ControlPanels",
+        "type": "Type",
+        "tags": [],
+        "label": "ControlPanels",
+        "description": [],
+        "signature": [
+          "{ [x: string]: { order: number; type: string; } & { width?: \"small\" | \"medium\" | \"large\" | undefined; grow?: boolean | undefined; dataViewId?: string | undefined; fieldName?: string | undefined; title?: string | undefined; selectedOptions?: string[] | undefined; }; }"
+        ],
+        "path": "x-pack/plugins/observability_solution/observability_shared/public/hooks/use_control_panels_url_state.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "initialIsOpen": false
+      },
       {
         "parentPluginId": "observabilityShared",
         "id": "def-public.EMBEDDABLE_FLAMEGRAPH",
diff --git a/api_docs/observability_shared.mdx b/api_docs/observability_shared.mdx
index 9c817ee1958b4..22f0b9107b170 100644
--- a/api_docs/observability_shared.mdx
+++ b/api_docs/observability_shared.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/observabilityShared
 title: "observabilityShared"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the observabilityShared plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'observabilityShared']
 ---
 import observabilitySharedObj from './observability_shared.devdocs.json';
@@ -21,7 +21,7 @@ Contact [@elastic/observability-ui](https://github.com/orgs/elastic/teams/observ
 
 | Public API count  | Any count | Items lacking comments | Missing exports |
 |-------------------|-----------|------------------------|-----------------|
-| 508 | 1 | 502 | 19 |
+| 522 | 1 | 516 | 19 |
 
 ## Client
 
diff --git a/api_docs/osquery.mdx b/api_docs/osquery.mdx
index d8542324ad381..8299907271f45 100644
--- a/api_docs/osquery.mdx
+++ b/api_docs/osquery.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/osquery
 title: "osquery"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the osquery plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'osquery']
 ---
 import osqueryObj from './osquery.devdocs.json';
diff --git a/api_docs/painless_lab.mdx b/api_docs/painless_lab.mdx
index 5e4cdb40148c5..1ddcc6cc22ad1 100644
--- a/api_docs/painless_lab.mdx
+++ b/api_docs/painless_lab.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/painlessLab
 title: "painlessLab"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the painlessLab plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'painlessLab']
 ---
 import painlessLabObj from './painless_lab.devdocs.json';
diff --git a/api_docs/plugin_directory.mdx b/api_docs/plugin_directory.mdx
index 450e68bfc2f45..2706ac73e5382 100644
--- a/api_docs/plugin_directory.mdx
+++ b/api_docs/plugin_directory.mdx
@@ -7,7 +7,7 @@ id: kibDevDocsPluginDirectory
 slug: /kibana-dev-docs/api-meta/plugin-api-directory
 title: Directory
 description: Directory of public APIs available through plugins or packages.
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana']
 ---
 
@@ -15,13 +15,13 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana']
 
 | Count | Plugins or Packages with a <br /> public API | Number of teams |
 |--------------|----------|------------------------|
-| 879 | 751 | 45 |
+| 883 | 753 | 47 |
 
 ### Public API health stats
 
 | API Count | Any Count | Missing comments | Missing exports |
 |--------------|----------|-----------------|--------|
-| 54217 | 240 | 40700 | 2000 |
+| 54314 | 247 | 40784 | 2007 |
 
 ## Plugin Directory
 
@@ -158,7 +158,7 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana']
 | <DocLink id="kibObservabilityAiAssistantManagementPluginApi" text="observabilityAiAssistantManagement"/> | [@elastic/obs-ai-assistant](https://github.com/orgs/elastic/teams/obs-ai-assistant) | - | 2 | 0 | 2 | 0 |
 | <DocLink id="kibObservabilityLogsExplorerPluginApi" text="observabilityLogsExplorer"/> | [@elastic/obs-ux-logs-team](https://github.com/orgs/elastic/teams/obs-ux-logs-team) | This plugin exposes and registers observability log consumption features. | 19 | 0 | 19 | 1 |
 | <DocLink id="kibObservabilityOnboardingPluginApi" text="observabilityOnboarding"/> | [@elastic/obs-ux-logs-team](https://github.com/orgs/elastic/teams/obs-ux-logs-team) | - | 24 | 0 | 24 | 0 |
-| <DocLink id="kibObservabilitySharedPluginApi" text="observabilityShared"/> | [@elastic/observability-ui](https://github.com/orgs/elastic/teams/observability-ui) | - | 508 | 1 | 502 | 19 |
+| <DocLink id="kibObservabilitySharedPluginApi" text="observabilityShared"/> | [@elastic/observability-ui](https://github.com/orgs/elastic/teams/observability-ui) | - | 522 | 1 | 516 | 19 |
 | <DocLink id="kibOsqueryPluginApi" text="osquery"/> | [@elastic/security-defend-workflows](https://github.com/orgs/elastic/teams/security-defend-workflows) | - | 23 | 0 | 23 | 7 |
 | <DocLink id="kibPainlessLabPluginApi" text="painlessLab"/> | [@elastic/kibana-management](https://github.com/orgs/elastic/teams/kibana-management) | - | 2 | 0 | 2 | 0 |
 | <DocLink id="kibPresentationPanelPluginApi" text="presentationPanel"/> | [@elastic/kibana-presentation](https://github.com/orgs/elastic/teams/kibana-presentation) | Adds a standardized Presentation panel which allows any forward ref component to interface with various Kibana systems. | 11 | 0 | 11 | 4 |
@@ -195,11 +195,12 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana']
 | <DocLink id="kibServerlessSearchPluginApi" text="serverlessSearch"/> | [@elastic/search-kibana](https://github.com/orgs/elastic/teams/search-kibana) | Serverless customizations for search. | 7 | 0 | 7 | 0 |
 | <DocLink id="kibSessionViewPluginApi" text="sessionView"/> | [@elastic/kibana-cloud-security-posture](https://github.com/orgs/elastic/teams/kibana-cloud-security-posture) | - | 134 | 0 | 134 | 8 |
 | <DocLink id="kibSharePluginApi" text="share"/> | [@elastic/appex-sharedux](https://github.com/orgs/elastic/teams/appex-sharedux) | Adds URL Service and sharing capabilities to Kibana | 136 | 0 | 73 | 15 |
-| <DocLink id="kibSloPluginApi" text="slo"/> | [@elastic/obs-ux-management-team](https://github.com/orgs/elastic/teams/obs-ux-management-team) | - | 59 | 0 | 59 | 1 |
+| <DocLink id="kibSloPluginApi" text="slo"/> | [@elastic/obs-ux-management-team](https://github.com/orgs/elastic/teams/obs-ux-management-team) | - | 44 | 0 | 44 | 3 |
 | <DocLink id="kibSnapshotRestorePluginApi" text="snapshotRestore"/> | [@elastic/kibana-management](https://github.com/orgs/elastic/teams/kibana-management) | - | 22 | 1 | 22 | 1 |
 | <DocLink id="kibSpacesPluginApi" text="spaces"/> | [@elastic/kibana-security](https://github.com/orgs/elastic/teams/kibana-security) | This plugin provides the Spaces feature, which allows saved objects to be organized into meaningful categories. | 269 | 0 | 73 | 1 |
 | <DocLink id="kibStackAlertsPluginApi" text="stackAlerts"/> | [@elastic/response-ops](https://github.com/orgs/elastic/teams/response-ops) | - | 25 | 0 | 25 | 3 |
 | <DocLink id="kibStackConnectorsPluginApi" text="stackConnectors"/> | [@elastic/response-ops](https://github.com/orgs/elastic/teams/response-ops) | - | 10 | 0 | 10 | 0 |
+| <DocLink id="kibStreamsPluginApi" text="streams"/> | @simianhacker @flash1293 @dgieselaar | A manager for Streams | 12 | 7 | 12 | 2 |
 | synthetics | [@elastic/obs-ux-management-team](https://github.com/orgs/elastic/teams/obs-ux-management-team) | This plugin visualizes data from Synthetics and Heartbeat, and integrates with other Observability solutions. | 0 | 0 | 0 | 1 |
 | <DocLink id="kibTaskManagerPluginApi" text="taskManager"/> | [@elastic/response-ops](https://github.com/orgs/elastic/teams/response-ops) | - | 108 | 0 | 64 | 7 |
 | <DocLink id="kibTelemetryPluginApi" text="telemetry"/> | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 45 | 0 | 1 | 0 |
@@ -214,7 +215,7 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana']
 | <DocLink id="kibUiActionsPluginApi" text="uiActions"/> | [@elastic/appex-sharedux](https://github.com/orgs/elastic/teams/appex-sharedux) | Adds UI Actions service to Kibana | 156 | 0 | 110 | 9 |
 | <DocLink id="kibUiActionsEnhancedPluginApi" text="uiActionsEnhanced"/> | [@elastic/appex-sharedux](https://github.com/orgs/elastic/teams/appex-sharedux) | Extends UI Actions plugin with more functionality | 212 | 0 | 145 | 11 |
 | <DocLink id="kibUnifiedDocViewerPluginApi" text="unifiedDocViewer"/> | [@elastic/kibana-data-discovery](https://github.com/orgs/elastic/teams/kibana-data-discovery) | This plugin contains services reliant on the plugin lifecycle for the unified doc viewer component (see @kbn/unified-doc-viewer). | 15 | 0 | 10 | 3 |
-| <DocLink id="kibUnifiedHistogramPluginApi" text="unifiedHistogram"/> | [@elastic/kibana-data-discovery](https://github.com/orgs/elastic/teams/kibana-data-discovery) | The `unifiedHistogram` plugin provides UI components to create a layout including a resizable histogram and a main display. | 72 | 0 | 37 | 6 |
+| <DocLink id="kibUnifiedHistogramPluginApi" text="unifiedHistogram"/> | [@elastic/kibana-data-discovery](https://github.com/orgs/elastic/teams/kibana-data-discovery) | The `unifiedHistogram` plugin provides UI components to create a layout including a resizable histogram and a main display. | 70 | 0 | 35 | 6 |
 | <DocLink id="kibUnifiedSearchPluginApi" text="unifiedSearch"/> | [@elastic/kibana-visualizations](https://github.com/orgs/elastic/teams/kibana-visualizations) | Contains all the key functionality of Kibana's unified search experience.Contains all the key functionality of Kibana's unified search experience. | 149 | 2 | 112 | 21 |
 | upgradeAssistant | [@elastic/kibana-management](https://github.com/orgs/elastic/teams/kibana-management) | - | 0 | 0 | 0 | 0 |
 | <DocLink id="kibUptimePluginApi" text="uptime"/> | [@elastic/obs-ux-management-team](https://github.com/orgs/elastic/teams/obs-ux-management-team) | This plugin visualizes data from Heartbeat, and integrates with other Observability solutions. | 1 | 0 | 1 | 0 |
@@ -262,7 +263,7 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana']
 | <DocLink id="kibKbnApmSynthtracePluginApi" text="@kbn/apm-synthtrace"/> | [@elastic/obs-ux-infra_services-team](https://github.com/orgs/elastic/teams/obs-ux-infra_services-team) | - | 87 | 0 | 87 | 11 |
 | <DocLink id="kibKbnApmSynthtraceClientPluginApi" text="@kbn/apm-synthtrace-client"/> | [@elastic/obs-ux-infra_services-team](https://github.com/orgs/elastic/teams/obs-ux-infra_services-team) | - | 268 | 0 | 268 | 38 |
 | <DocLink id="kibKbnApmTypesPluginApi" text="@kbn/apm-types"/> | [@elastic/obs-ux-infra_services-team](https://github.com/orgs/elastic/teams/obs-ux-infra_services-team) | - | 337 | 0 | 336 | 0 |
-| <DocLink id="kibKbnApmUtilsPluginApi" text="@kbn/apm-utils"/> | [@elastic/obs-ux-infra_services-team](https://github.com/orgs/elastic/teams/obs-ux-infra_services-team) | - | 11 | 0 | 11 | 0 |
+| <DocLink id="kibKbnApmUtilsPluginApi" text="@kbn/apm-utils"/> | [@elastic/obs-ux-infra_services-team](https://github.com/orgs/elastic/teams/obs-ux-infra_services-team) | - | 12 | 0 | 12 | 0 |
 | <DocLink id="kibKbnAvcBannerPluginApi" text="@kbn/avc-banner"/> | [@elastic/security-defend-workflows](https://github.com/orgs/elastic/teams/security-defend-workflows) | - | 3 | 0 | 3 | 0 |
 | <DocLink id="kibKbnAxeConfigPluginApi" text="@kbn/axe-config"/> | [@elastic/kibana-qa](https://github.com/orgs/elastic/teams/kibana-qa) | - | 12 | 0 | 12 | 0 |
 | <DocLink id="kibKbnBfetchErrorPluginApi" text="@kbn/bfetch-error"/> | [@elastic/appex-sharedux](https://github.com/orgs/elastic/teams/appex-sharedux) | - | 4 | 0 | 1 | 0 |
@@ -279,7 +280,7 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana']
 | <DocLink id="kibKbnCliDevModePluginApi" text="@kbn/cli-dev-mode"/> | [@elastic/kibana-operations](https://github.com/orgs/elastic/teams/kibana-operations) | - | 2 | 0 | 2 | 0 |
 | <DocLink id="kibKbnCloudSecurityPosturePluginApi" text="@kbn/cloud-security-posture"/> | [@elastic/kibana-cloud-security-posture](https://github.com/orgs/elastic/teams/kibana-cloud-security-posture) | - | 89 | 1 | 89 | 0 |
 | <DocLink id="kibKbnCloudSecurityPostureCommonPluginApi" text="@kbn/cloud-security-posture-common"/> | [@elastic/kibana-cloud-security-posture](https://github.com/orgs/elastic/teams/kibana-cloud-security-posture) | - | 109 | 0 | 107 | 1 |
-| <DocLink id="kibKbnCloudSecurityPostureGraphPluginApi" text="@kbn/cloud-security-posture-graph"/> | [@elastic/kibana-cloud-security-posture](https://github.com/orgs/elastic/teams/kibana-cloud-security-posture) | - | 18 | 0 | 17 | 0 |
+| <DocLink id="kibKbnCloudSecurityPostureGraphPluginApi" text="@kbn/cloud-security-posture-graph"/> | [@elastic/kibana-cloud-security-posture](https://github.com/orgs/elastic/teams/kibana-cloud-security-posture) | - | 20 | 0 | 15 | 4 |
 | <DocLink id="kibKbnCodeEditorPluginApi" text="@kbn/code-editor"/> | [@elastic/appex-sharedux](https://github.com/orgs/elastic/teams/appex-sharedux) | - | 41 | 0 | 17 | 0 |
 | <DocLink id="kibKbnCodeEditorMockPluginApi" text="@kbn/code-editor-mock"/> | [@elastic/appex-sharedux](https://github.com/orgs/elastic/teams/appex-sharedux) | - | 2 | 0 | 2 | 0 |
 | <DocLink id="kibKbnCodeOwnersPluginApi" text="@kbn/code-owners"/> | [@elastic/appex-qa](https://github.com/orgs/elastic/teams/appex-qa) | - | 9 | 0 | 4 | 0 |
@@ -332,7 +333,7 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana']
 | <DocLink id="kibKbnCoreDeprecationsBrowserPluginApi" text="@kbn/core-deprecations-browser"/> | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 9 | 0 | 3 | 0 |
 | <DocLink id="kibKbnCoreDeprecationsBrowserInternalPluginApi" text="@kbn/core-deprecations-browser-internal"/> | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 6 | 0 | 6 | 0 |
 | <DocLink id="kibKbnCoreDeprecationsBrowserMocksPluginApi" text="@kbn/core-deprecations-browser-mocks"/> | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 4 | 0 | 4 | 0 |
-| <DocLink id="kibKbnCoreDeprecationsCommonPluginApi" text="@kbn/core-deprecations-common"/> | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 17 | 0 | 9 | 1 |
+| <DocLink id="kibKbnCoreDeprecationsCommonPluginApi" text="@kbn/core-deprecations-common"/> | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 20 | 0 | 12 | 0 |
 | <DocLink id="kibKbnCoreDeprecationsServerPluginApi" text="@kbn/core-deprecations-server"/> | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 16 | 0 | 13 | 0 |
 | <DocLink id="kibKbnCoreDeprecationsServerInternalPluginApi" text="@kbn/core-deprecations-server-internal"/> | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 4 | 0 | 3 | 0 |
 | <DocLink id="kibKbnCoreDeprecationsServerMocksPluginApi" text="@kbn/core-deprecations-server-mocks"/> | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 6 | 0 | 6 | 0 |
@@ -373,7 +374,7 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana']
 | <DocLink id="kibKbnCoreHttpResourcesServerMocksPluginApi" text="@kbn/core-http-resources-server-mocks"/> | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 7 | 0 | 7 | 0 |
 | <DocLink id="kibKbnCoreHttpRouterServerInternalPluginApi" text="@kbn/core-http-router-server-internal"/> | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 54 | 7 | 54 | 6 |
 | <DocLink id="kibKbnCoreHttpRouterServerMocksPluginApi" text="@kbn/core-http-router-server-mocks"/> | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 15 | 0 | 15 | 1 |
-| <DocLink id="kibKbnCoreHttpServerPluginApi" text="@kbn/core-http-server"/> | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 557 | 2 | 232 | 0 |
+| <DocLink id="kibKbnCoreHttpServerPluginApi" text="@kbn/core-http-server"/> | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 568 | 2 | 242 | 0 |
 | <DocLink id="kibKbnCoreHttpServerInternalPluginApi" text="@kbn/core-http-server-internal"/> | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 96 | 0 | 83 | 10 |
 | <DocLink id="kibKbnCoreHttpServerMocksPluginApi" text="@kbn/core-http-server-mocks"/> | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 46 | 0 | 45 | 0 |
 | <DocLink id="kibKbnCoreI18nBrowserPluginApi" text="@kbn/core-i18n-browser"/> | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 4 | 0 | 2 | 0 |
@@ -464,7 +465,7 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana']
 | <DocLink id="kibKbnCoreUiSettingsServerPluginApi" text="@kbn/core-ui-settings-server"/> | [@elastic/appex-sharedux](https://github.com/orgs/elastic/teams/appex-sharedux) | - | 42 | 1 | 24 | 0 |
 | <DocLink id="kibKbnCoreUiSettingsServerInternalPluginApi" text="@kbn/core-ui-settings-server-internal"/> | [@elastic/appex-sharedux](https://github.com/orgs/elastic/teams/appex-sharedux) | - | 20 | 1 | 19 | 3 |
 | <DocLink id="kibKbnCoreUiSettingsServerMocksPluginApi" text="@kbn/core-ui-settings-server-mocks"/> | [@elastic/appex-sharedux](https://github.com/orgs/elastic/teams/appex-sharedux) | - | 6 | 0 | 6 | 0 |
-| <DocLink id="kibKbnCoreUsageDataServerPluginApi" text="@kbn/core-usage-data-server"/> | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 165 | 0 | 154 | 0 |
+| <DocLink id="kibKbnCoreUsageDataServerPluginApi" text="@kbn/core-usage-data-server"/> | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 167 | 0 | 156 | 0 |
 | <DocLink id="kibKbnCoreUsageDataServerInternalPluginApi" text="@kbn/core-usage-data-server-internal"/> | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 8 | 0 | 8 | 2 |
 | <DocLink id="kibKbnCoreUsageDataServerMocksPluginApi" text="@kbn/core-usage-data-server-mocks"/> | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 7 | 0 | 7 | 0 |
 | <DocLink id="kibKbnCoreUserProfileBrowserPluginApi" text="@kbn/core-user-profile-browser"/> | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 29 | 0 | 4 | 0 |
@@ -483,7 +484,7 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana']
 | <DocLink id="kibKbnCypressConfigPluginApi" text="@kbn/cypress-config"/> | [@elastic/kibana-operations](https://github.com/orgs/elastic/teams/kibana-operations) | - | 2 | 0 | 2 | 0 |
 | <DocLink id="kibKbnDataForgePluginApi" text="@kbn/data-forge"/> | [@elastic/obs-ux-management-team](https://github.com/orgs/elastic/teams/obs-ux-management-team) | - | 52 | 0 | 52 | 1 |
 | <DocLink id="kibKbnDataServicePluginApi" text="@kbn/data-service"/> | [@elastic/kibana-visualizations](https://github.com/orgs/elastic/teams/kibana-visualizations) | - | 19 | 0 | 14 | 0 |
-| <DocLink id="kibKbnDataStreamAdapterPluginApi" text="@kbn/data-stream-adapter"/> | [@elastic/security-threat-hunting-explore](https://github.com/orgs/elastic/teams/security-threat-hunting-explore) | - | 80 | 0 | 80 | 1 |
+| <DocLink id="kibKbnDataStreamAdapterPluginApi" text="@kbn/data-stream-adapter"/> | [@elastic/security-threat-hunting](https://github.com/orgs/elastic/teams/security-threat-hunting) | - | 55 | 0 | 54 | 0 |
 | <DocLink id="kibKbnDataViewUtilsPluginApi" text="@kbn/data-view-utils"/> | [@elastic/kibana-data-discovery](https://github.com/orgs/elastic/teams/kibana-data-discovery) | - | 7 | 0 | 5 | 0 |
 | <DocLink id="kibKbnDatemathPluginApi" text="@kbn/datemath"/> | [@elastic/kibana-data-discovery](https://github.com/orgs/elastic/teams/kibana-data-discovery) | - | 44 | 0 | 43 | 0 |
 | <DocLink id="kibKbnDeeplinksAnalyticsPluginApi" text="@kbn/deeplinks-analytics"/> | [@elastic/kibana-data-discovery](https://github.com/orgs/elastic/teams/kibana-data-discovery) | - | 7 | 0 | 7 | 0 |
@@ -512,23 +513,23 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana']
 | <DocLink id="kibKbnEcsDataQualityDashboardPluginApi" text="@kbn/ecs-data-quality-dashboard"/> | [@elastic/security-threat-hunting-explore](https://github.com/orgs/elastic/teams/security-threat-hunting-explore) | - | 16 | 0 | 8 | 0 |
 | <DocLink id="kibKbnElasticAgentUtilsPluginApi" text="@kbn/elastic-agent-utils"/> | [@elastic/obs-ux-logs-team](https://github.com/orgs/elastic/teams/obs-ux-logs-team) | - | 42 | 0 | 41 | 0 |
 | <DocLink id="kibKbnElasticAssistantPluginApi" text="@kbn/elastic-assistant"/> | [@elastic/security-generative-ai](https://github.com/orgs/elastic/teams/security-generative-ai) | - | 169 | 0 | 140 | 10 |
-| <DocLink id="kibKbnElasticAssistantCommonPluginApi" text="@kbn/elastic-assistant-common"/> | [@elastic/security-generative-ai](https://github.com/orgs/elastic/teams/security-generative-ai) | - | 406 | 0 | 375 | 0 |
-| <DocLink id="kibKbnEntitiesSchemaPluginApi" text="@kbn/entities-schema"/> | [@elastic/obs-entities](https://github.com/orgs/elastic/teams/obs-entities) | - | 43 | 0 | 43 | 0 |
+| <DocLink id="kibKbnElasticAssistantCommonPluginApi" text="@kbn/elastic-assistant-common"/> | [@elastic/security-generative-ai](https://github.com/orgs/elastic/teams/security-generative-ai) | - | 401 | 0 | 370 | 0 |
+| <DocLink id="kibKbnEntitiesSchemaPluginApi" text="@kbn/entities-schema"/> | [@elastic/obs-entities](https://github.com/orgs/elastic/teams/obs-entities) | - | 45 | 0 | 45 | 0 |
 | <DocLink id="kibKbnEsPluginApi" text="@kbn/es"/> | [@elastic/kibana-operations](https://github.com/orgs/elastic/teams/kibana-operations) | - | 55 | 0 | 40 | 7 |
 | <DocLink id="kibKbnEsArchiverPluginApi" text="@kbn/es-archiver"/> | [@elastic/kibana-operations](https://github.com/orgs/elastic/teams/kibana-operations) | - | 32 | 0 | 19 | 1 |
 | <DocLink id="kibKbnEsErrorsPluginApi" text="@kbn/es-errors"/> | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 11 | 0 | 6 | 0 |
 | <DocLink id="kibKbnEsQueryPluginApi" text="@kbn/es-query"/> | [@elastic/kibana-data-discovery](https://github.com/orgs/elastic/teams/kibana-data-discovery) | - | 271 | 1 | 210 | 14 |
 | <DocLink id="kibKbnEsTypesPluginApi" text="@kbn/es-types"/> | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 30 | 0 | 30 | 1 |
 | <DocLink id="kibKbnEslintPluginImportsPluginApi" text="@kbn/eslint-plugin-imports"/> | [@elastic/kibana-operations](https://github.com/orgs/elastic/teams/kibana-operations) | - | 2 | 0 | 1 | 0 |
-| <DocLink id="kibKbnEsqlAstPluginApi" text="@kbn/esql-ast"/> | [@elastic/kibana-esql](https://github.com/orgs/elastic/teams/kibana-esql) | - | 277 | 1 | 217 | 36 |
+| <DocLink id="kibKbnEsqlAstPluginApi" text="@kbn/esql-ast"/> | [@elastic/kibana-esql](https://github.com/orgs/elastic/teams/kibana-esql) | - | 277 | 1 | 216 | 36 |
 | <DocLink id="kibKbnEsqlEditorPluginApi" text="@kbn/esql-editor"/> | [@elastic/kibana-esql](https://github.com/orgs/elastic/teams/kibana-esql) | - | 29 | 0 | 12 | 0 |
-| <DocLink id="kibKbnEsqlUtilsPluginApi" text="@kbn/esql-utils"/> | [@elastic/kibana-esql](https://github.com/orgs/elastic/teams/kibana-esql) | - | 79 | 0 | 71 | 0 |
-| <DocLink id="kibKbnEsqlValidationAutocompletePluginApi" text="@kbn/esql-validation-autocomplete"/> | [@elastic/kibana-esql](https://github.com/orgs/elastic/teams/kibana-esql) | - | 202 | 0 | 190 | 12 |
+| <DocLink id="kibKbnEsqlUtilsPluginApi" text="@kbn/esql-utils"/> | [@elastic/kibana-esql](https://github.com/orgs/elastic/teams/kibana-esql) | - | 83 | 0 | 74 | 0 |
+| <DocLink id="kibKbnEsqlValidationAutocompletePluginApi" text="@kbn/esql-validation-autocomplete"/> | [@elastic/kibana-esql](https://github.com/orgs/elastic/teams/kibana-esql) | - | 203 | 0 | 191 | 12 |
 | <DocLink id="kibKbnEventAnnotationCommonPluginApi" text="@kbn/event-annotation-common"/> | [@elastic/kibana-visualizations](https://github.com/orgs/elastic/teams/kibana-visualizations) | - | 40 | 0 | 40 | 0 |
 | <DocLink id="kibKbnEventAnnotationComponentsPluginApi" text="@kbn/event-annotation-components"/> | [@elastic/kibana-visualizations](https://github.com/orgs/elastic/teams/kibana-visualizations) | - | 52 | 0 | 52 | 1 |
 | <DocLink id="kibKbnExpandableFlyoutPluginApi" text="@kbn/expandable-flyout"/> | [@elastic/security-threat-hunting-investigations](https://github.com/orgs/elastic/teams/security-threat-hunting-investigations) | - | 44 | 0 | 17 | 3 |
 | <DocLink id="kibKbnFieldTypesPluginApi" text="@kbn/field-types"/> | [@elastic/kibana-data-discovery](https://github.com/orgs/elastic/teams/kibana-data-discovery) | - | 22 | 0 | 18 | 0 |
-| <DocLink id="kibKbnFieldUtilsPluginApi" text="@kbn/field-utils"/> | [@elastic/kibana-data-discovery](https://github.com/orgs/elastic/teams/kibana-data-discovery) | - | 49 | 0 | 40 | 2 |
+| <DocLink id="kibKbnFieldUtilsPluginApi" text="@kbn/field-utils"/> | [@elastic/kibana-data-discovery](https://github.com/orgs/elastic/teams/kibana-data-discovery) | - | 51 | 0 | 42 | 2 |
 | <DocLink id="kibKbnFindUsedNodeModulesPluginApi" text="@kbn/find-used-node-modules"/> | [@elastic/kibana-operations](https://github.com/orgs/elastic/teams/kibana-operations) | - | 2 | 0 | 0 | 0 |
 | <DocLink id="kibKbnFormattersPluginApi" text="@kbn/formatters"/> | [@elastic/obs-ux-logs-team](https://github.com/orgs/elastic/teams/obs-ux-logs-team) | - | 3 | 0 | 3 | 0 |
 | <DocLink id="kibKbnFtrCommonFunctionalServicesPluginApi" text="@kbn/ftr-common-functional-services"/> | [@elastic/kibana-operations](https://github.com/orgs/elastic/teams/kibana-operations) | - | 111 | 2 | 86 | 1 |
@@ -547,9 +548,10 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana']
 | <DocLink id="kibKbnI18nPluginApi" text="@kbn/i18n"/> | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 37 | 0 | 27 | 2 |
 | <DocLink id="kibKbnI18nReactPluginApi" text="@kbn/i18n-react"/> | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 36 | 0 | 7 | 0 |
 | <DocLink id="kibKbnImportResolverPluginApi" text="@kbn/import-resolver"/> | [@elastic/kibana-operations](https://github.com/orgs/elastic/teams/kibana-operations) | - | 47 | 0 | 40 | 0 |
+| <DocLink id="kibKbnIndexAdapterPluginApi" text="@kbn/index-adapter"/> | [@elastic/security-threat-hunting](https://github.com/orgs/elastic/teams/security-threat-hunting) | - | 85 | 0 | 80 | 2 |
 | <DocLink id="kibKbnIndexLifecycleManagementCommonSharedPluginApi" text="@kbn/index-lifecycle-management-common-shared"/> | [@elastic/kibana-management](https://github.com/orgs/elastic/teams/kibana-management) | - | 75 | 0 | 73 | 0 |
 | <DocLink id="kibKbnIndexManagementSharedTypesPluginApi" text="@kbn/index-management-shared-types"/> | [@elastic/kibana-management](https://github.com/orgs/elastic/teams/kibana-management) | - | 124 | 3 | 124 | 0 |
-| <DocLink id="kibKbnInferenceCommonPluginApi" text="@kbn/inference-common"/> | [@elastic/appex-ai-infra](https://github.com/orgs/elastic/teams/appex-ai-infra) | - | 121 | 0 | 38 | 1 |
+| <DocLink id="kibKbnInferenceCommonPluginApi" text="@kbn/inference-common"/> | [@elastic/appex-ai-infra](https://github.com/orgs/elastic/teams/appex-ai-infra) | - | 124 | 0 | 41 | 1 |
 | <DocLink id="kibKbnInferenceIntegrationFlyoutPluginApi" text="@kbn/inference_integration_flyout"/> | [@elastic/ml-ui](https://github.com/orgs/elastic/teams/ml-ui) | - | 7 | 1 | 7 | 1 |
 | <DocLink id="kibKbnInfraForgePluginApi" text="@kbn/infra-forge"/> | [@elastic/obs-ux-management-team](https://github.com/orgs/elastic/teams/obs-ux-management-team) | - | 9 | 0 | 9 | 0 |
 | <DocLink id="kibKbnInterpreterPluginApi" text="@kbn/interpreter"/> | [@elastic/kibana-visualizations](https://github.com/orgs/elastic/teams/kibana-visualizations) | - | 52 | 12 | 43 | 0 |
@@ -697,7 +699,7 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana']
 | <DocLink id="kibKbnSecuritySolutionSideNavPluginApi" text="@kbn/security-solution-side-nav"/> | [@elastic/security-threat-hunting-explore](https://github.com/orgs/elastic/teams/security-threat-hunting-explore) | - | 29 | 0 | 23 | 0 |
 | <DocLink id="kibKbnSecuritySolutionStorybookConfigPluginApi" text="@kbn/security-solution-storybook-config"/> | [@elastic/security-threat-hunting-explore](https://github.com/orgs/elastic/teams/security-threat-hunting-explore) | - | 2 | 0 | 0 | 0 |
 | <DocLink id="kibKbnSecurityUiComponentsPluginApi" text="@kbn/security-ui-components"/> | [@elastic/kibana-security](https://github.com/orgs/elastic/teams/kibana-security) | - | 48 | 0 | 13 | 0 |
-| <DocLink id="kibKbnSecuritysolutionAutocompletePluginApi" text="@kbn/securitysolution-autocomplete"/> | [@elastic/security-detection-engine](https://github.com/orgs/elastic/teams/security-detection-engine) | - | 56 | 1 | 41 | 1 |
+| <DocLink id="kibKbnSecuritysolutionAutocompletePluginApi" text="@kbn/securitysolution-autocomplete"/> | [@elastic/security-detection-engine](https://github.com/orgs/elastic/teams/security-detection-engine) | - | 56 | 1 | 41 | 0 |
 | <DocLink id="kibKbnSecuritysolutionDataTablePluginApi" text="@kbn/securitysolution-data-table"/> | [@elastic/security-threat-hunting-investigations](https://github.com/orgs/elastic/teams/security-threat-hunting-investigations) | - | 92 | 0 | 70 | 6 |
 | <DocLink id="kibKbnSecuritysolutionEcsPluginApi" text="@kbn/securitysolution-ecs"/> | [@elastic/security-threat-hunting-explore](https://github.com/orgs/elastic/teams/security-threat-hunting-explore) | - | 341 | 1 | 337 | 32 |
 | <DocLink id="kibKbnSecuritysolutionEsUtilsPluginApi" text="@kbn/securitysolution-es-utils"/> | [@elastic/security-detection-engine](https://github.com/orgs/elastic/teams/security-detection-engine) | - | 87 | 0 | 76 | 1 |
@@ -793,7 +795,7 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana']
 | <DocLink id="kibKbnUiThemePluginApi" text="@kbn/ui-theme"/> | [@elastic/kibana-operations](https://github.com/orgs/elastic/teams/kibana-operations) | - | 9 | 0 | 8 | 0 |
 | <DocLink id="kibKbnUnifiedDataTablePluginApi" text="@kbn/unified-data-table"/> | [@elastic/kibana-data-discovery](https://github.com/orgs/elastic/teams/kibana-data-discovery) | Contains functionality for the unified data table which can be integrated into apps | 184 | 0 | 108 | 1 |
 | <DocLink id="kibKbnUnifiedDocViewerPluginApi" text="@kbn/unified-doc-viewer"/> | [@elastic/kibana-data-discovery](https://github.com/orgs/elastic/teams/kibana-data-discovery) | - | 18 | 0 | 17 | 5 |
-| <DocLink id="kibKbnUnifiedFieldListPluginApi" text="@kbn/unified-field-list"/> | [@elastic/kibana-data-discovery](https://github.com/orgs/elastic/teams/kibana-data-discovery) | Contains functionality for the field list and field stats which can be integrated into apps | 315 | 0 | 286 | 8 |
+| <DocLink id="kibKbnUnifiedFieldListPluginApi" text="@kbn/unified-field-list"/> | [@elastic/kibana-data-discovery](https://github.com/orgs/elastic/teams/kibana-data-discovery) | Contains functionality for the field list and field stats which can be integrated into apps | 317 | 0 | 288 | 8 |
 | <DocLink id="kibKbnUnsavedChangesBadgePluginApi" text="@kbn/unsaved-changes-badge"/> | [@elastic/kibana-data-discovery](https://github.com/orgs/elastic/teams/kibana-data-discovery) | - | 13 | 0 | 9 | 0 |
 | <DocLink id="kibKbnUnsavedChangesPromptPluginApi" text="@kbn/unsaved-changes-prompt"/> | [@elastic/kibana-management](https://github.com/orgs/elastic/teams/kibana-management) | - | 2 | 0 | 2 | 0 |
 | <DocLink id="kibKbnUseTrackedPromisePluginApi" text="@kbn/use-tracked-promise"/> | [@elastic/obs-ux-logs-team](https://github.com/orgs/elastic/teams/obs-ux-logs-team) | - | 3 | 0 | 2 | 1 |
diff --git a/api_docs/presentation_panel.mdx b/api_docs/presentation_panel.mdx
index 0b7f9c31a9eab..206136ba856c3 100644
--- a/api_docs/presentation_panel.mdx
+++ b/api_docs/presentation_panel.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/presentationPanel
 title: "presentationPanel"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the presentationPanel plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'presentationPanel']
 ---
 import presentationPanelObj from './presentation_panel.devdocs.json';
diff --git a/api_docs/presentation_util.mdx b/api_docs/presentation_util.mdx
index 206ed505ff730..23f46bb5be12c 100644
--- a/api_docs/presentation_util.mdx
+++ b/api_docs/presentation_util.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/presentationUtil
 title: "presentationUtil"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the presentationUtil plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'presentationUtil']
 ---
 import presentationUtilObj from './presentation_util.devdocs.json';
diff --git a/api_docs/profiling.mdx b/api_docs/profiling.mdx
index bf012bba8d611..78a424bc041e1 100644
--- a/api_docs/profiling.mdx
+++ b/api_docs/profiling.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/profiling
 title: "profiling"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the profiling plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'profiling']
 ---
 import profilingObj from './profiling.devdocs.json';
diff --git a/api_docs/profiling_data_access.mdx b/api_docs/profiling_data_access.mdx
index d369f956a35ec..c82a0f769b270 100644
--- a/api_docs/profiling_data_access.mdx
+++ b/api_docs/profiling_data_access.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/profilingDataAccess
 title: "profilingDataAccess"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the profilingDataAccess plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'profilingDataAccess']
 ---
 import profilingDataAccessObj from './profiling_data_access.devdocs.json';
diff --git a/api_docs/remote_clusters.mdx b/api_docs/remote_clusters.mdx
index 90127ece37af0..4be6882be308b 100644
--- a/api_docs/remote_clusters.mdx
+++ b/api_docs/remote_clusters.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/remoteClusters
 title: "remoteClusters"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the remoteClusters plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'remoteClusters']
 ---
 import remoteClustersObj from './remote_clusters.devdocs.json';
diff --git a/api_docs/reporting.mdx b/api_docs/reporting.mdx
index fe3bdc4f656c6..451f89e11dacb 100644
--- a/api_docs/reporting.mdx
+++ b/api_docs/reporting.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/reporting
 title: "reporting"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the reporting plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'reporting']
 ---
 import reportingObj from './reporting.devdocs.json';
diff --git a/api_docs/rollup.mdx b/api_docs/rollup.mdx
index 2f5444d4041c0..7e181e444282f 100644
--- a/api_docs/rollup.mdx
+++ b/api_docs/rollup.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/rollup
 title: "rollup"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the rollup plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'rollup']
 ---
 import rollupObj from './rollup.devdocs.json';
diff --git a/api_docs/rule_registry.mdx b/api_docs/rule_registry.mdx
index 33ff7e05af807..b8aa5c1af5702 100644
--- a/api_docs/rule_registry.mdx
+++ b/api_docs/rule_registry.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/ruleRegistry
 title: "ruleRegistry"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the ruleRegistry plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'ruleRegistry']
 ---
 import ruleRegistryObj from './rule_registry.devdocs.json';
diff --git a/api_docs/runtime_fields.mdx b/api_docs/runtime_fields.mdx
index 12e54ddd24952..1a826f4741724 100644
--- a/api_docs/runtime_fields.mdx
+++ b/api_docs/runtime_fields.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/runtimeFields
 title: "runtimeFields"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the runtimeFields plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'runtimeFields']
 ---
 import runtimeFieldsObj from './runtime_fields.devdocs.json';
diff --git a/api_docs/saved_objects.mdx b/api_docs/saved_objects.mdx
index 3e3a002659d57..ffb8a90d04814 100644
--- a/api_docs/saved_objects.mdx
+++ b/api_docs/saved_objects.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/savedObjects
 title: "savedObjects"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the savedObjects plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'savedObjects']
 ---
 import savedObjectsObj from './saved_objects.devdocs.json';
diff --git a/api_docs/saved_objects_finder.mdx b/api_docs/saved_objects_finder.mdx
index 5d82125c05cc0..9a3c9fb9b6abc 100644
--- a/api_docs/saved_objects_finder.mdx
+++ b/api_docs/saved_objects_finder.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/savedObjectsFinder
 title: "savedObjectsFinder"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the savedObjectsFinder plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'savedObjectsFinder']
 ---
 import savedObjectsFinderObj from './saved_objects_finder.devdocs.json';
diff --git a/api_docs/saved_objects_management.mdx b/api_docs/saved_objects_management.mdx
index 393bb25c35ec8..09b4ad10d1868 100644
--- a/api_docs/saved_objects_management.mdx
+++ b/api_docs/saved_objects_management.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/savedObjectsManagement
 title: "savedObjectsManagement"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the savedObjectsManagement plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'savedObjectsManagement']
 ---
 import savedObjectsManagementObj from './saved_objects_management.devdocs.json';
diff --git a/api_docs/saved_objects_tagging.mdx b/api_docs/saved_objects_tagging.mdx
index fb96c0c1637c8..d29ad2c9b2f67 100644
--- a/api_docs/saved_objects_tagging.mdx
+++ b/api_docs/saved_objects_tagging.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/savedObjectsTagging
 title: "savedObjectsTagging"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the savedObjectsTagging plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'savedObjectsTagging']
 ---
 import savedObjectsTaggingObj from './saved_objects_tagging.devdocs.json';
diff --git a/api_docs/saved_objects_tagging_oss.mdx b/api_docs/saved_objects_tagging_oss.mdx
index 9a86f855006d1..cbe828831ee66 100644
--- a/api_docs/saved_objects_tagging_oss.mdx
+++ b/api_docs/saved_objects_tagging_oss.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/savedObjectsTaggingOss
 title: "savedObjectsTaggingOss"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the savedObjectsTaggingOss plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'savedObjectsTaggingOss']
 ---
 import savedObjectsTaggingOssObj from './saved_objects_tagging_oss.devdocs.json';
diff --git a/api_docs/saved_search.mdx b/api_docs/saved_search.mdx
index 7aa957856f6f9..83b557df62549 100644
--- a/api_docs/saved_search.mdx
+++ b/api_docs/saved_search.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/savedSearch
 title: "savedSearch"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the savedSearch plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'savedSearch']
 ---
 import savedSearchObj from './saved_search.devdocs.json';
diff --git a/api_docs/screenshot_mode.mdx b/api_docs/screenshot_mode.mdx
index ecc45f81df2a7..34c559b139def 100644
--- a/api_docs/screenshot_mode.mdx
+++ b/api_docs/screenshot_mode.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/screenshotMode
 title: "screenshotMode"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the screenshotMode plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'screenshotMode']
 ---
 import screenshotModeObj from './screenshot_mode.devdocs.json';
diff --git a/api_docs/screenshotting.mdx b/api_docs/screenshotting.mdx
index 658acfa48d511..e6b7afb766836 100644
--- a/api_docs/screenshotting.mdx
+++ b/api_docs/screenshotting.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/screenshotting
 title: "screenshotting"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the screenshotting plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'screenshotting']
 ---
 import screenshottingObj from './screenshotting.devdocs.json';
diff --git a/api_docs/search_assistant.mdx b/api_docs/search_assistant.mdx
index ad278f7e27145..cb5aad5be4737 100644
--- a/api_docs/search_assistant.mdx
+++ b/api_docs/search_assistant.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/searchAssistant
 title: "searchAssistant"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the searchAssistant plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'searchAssistant']
 ---
 import searchAssistantObj from './search_assistant.devdocs.json';
diff --git a/api_docs/search_connectors.mdx b/api_docs/search_connectors.mdx
index 5c9b12c2ad9ca..406fee9996bdd 100644
--- a/api_docs/search_connectors.mdx
+++ b/api_docs/search_connectors.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/searchConnectors
 title: "searchConnectors"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the searchConnectors plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'searchConnectors']
 ---
 import searchConnectorsObj from './search_connectors.devdocs.json';
diff --git a/api_docs/search_homepage.mdx b/api_docs/search_homepage.mdx
index b19d497edcd82..dccd1d2f53ea3 100644
--- a/api_docs/search_homepage.mdx
+++ b/api_docs/search_homepage.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/searchHomepage
 title: "searchHomepage"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the searchHomepage plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'searchHomepage']
 ---
 import searchHomepageObj from './search_homepage.devdocs.json';
diff --git a/api_docs/search_indices.mdx b/api_docs/search_indices.mdx
index 9f24d98efc5ee..6ca15696c5636 100644
--- a/api_docs/search_indices.mdx
+++ b/api_docs/search_indices.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/searchIndices
 title: "searchIndices"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the searchIndices plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'searchIndices']
 ---
 import searchIndicesObj from './search_indices.devdocs.json';
diff --git a/api_docs/search_inference_endpoints.mdx b/api_docs/search_inference_endpoints.mdx
index 2f982d4bd9f2f..d72007cc82a51 100644
--- a/api_docs/search_inference_endpoints.mdx
+++ b/api_docs/search_inference_endpoints.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/searchInferenceEndpoints
 title: "searchInferenceEndpoints"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the searchInferenceEndpoints plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'searchInferenceEndpoints']
 ---
 import searchInferenceEndpointsObj from './search_inference_endpoints.devdocs.json';
diff --git a/api_docs/search_notebooks.mdx b/api_docs/search_notebooks.mdx
index 9c6cc120f9d5c..7a8317b086dca 100644
--- a/api_docs/search_notebooks.mdx
+++ b/api_docs/search_notebooks.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/searchNotebooks
 title: "searchNotebooks"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the searchNotebooks plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'searchNotebooks']
 ---
 import searchNotebooksObj from './search_notebooks.devdocs.json';
diff --git a/api_docs/search_playground.mdx b/api_docs/search_playground.mdx
index e4f76b15cc210..f3b203eecf078 100644
--- a/api_docs/search_playground.mdx
+++ b/api_docs/search_playground.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/searchPlayground
 title: "searchPlayground"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the searchPlayground plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'searchPlayground']
 ---
 import searchPlaygroundObj from './search_playground.devdocs.json';
diff --git a/api_docs/security.mdx b/api_docs/security.mdx
index f2a9ff6f5a85a..370cb25002126 100644
--- a/api_docs/security.mdx
+++ b/api_docs/security.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/security
 title: "security"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the security plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'security']
 ---
 import securityObj from './security.devdocs.json';
diff --git a/api_docs/security_solution.devdocs.json b/api_docs/security_solution.devdocs.json
index 608baf2669dfc..34c21c3ec482d 100644
--- a/api_docs/security_solution.devdocs.json
+++ b/api_docs/security_solution.devdocs.json
@@ -420,7 +420,7 @@
               "\nExperimental flag needed to enable the link"
             ],
             "signature": [
-              "\"assistantKnowledgeBaseByDefault\" | \"assistantModelEvaluation\" | \"excludePoliciesInFilterEnabled\" | \"kubernetesEnabled\" | \"donutChartEmbeddablesEnabled\" | \"previewTelemetryUrlEnabled\" | \"extendedRuleExecutionLoggingEnabled\" | \"socTrendsEnabled\" | \"responseActionUploadEnabled\" | \"automatedProcessActionsEnabled\" | \"responseActionsSentinelOneV1Enabled\" | \"responseActionsSentinelOneV2Enabled\" | \"responseActionsSentinelOneGetFileEnabled\" | \"responseActionsSentinelOneKillProcessEnabled\" | \"responseActionsSentinelOneProcessesEnabled\" | \"responseActionsCrowdstrikeManualHostIsolationEnabled\" | \"endpointManagementSpaceAwarenessEnabled\" | \"securitySolutionNotesDisabled\" | \"entityAlertPreviewDisabled\" | \"newUserDetailsFlyoutManagedUser\" | \"riskScoringPersistence\" | \"riskScoringRoutesEnabled\" | \"esqlRulesDisabled\" | \"protectionUpdatesEnabled\" | \"disableTimelineSaveTour\" | \"riskEnginePrivilegesRouteEnabled\" | \"sentinelOneDataInAnalyzerEnabled\" | \"sentinelOneManualHostActionsEnabled\" | \"crowdstrikeDataInAnalyzerEnabled\" | \"responseActionsTelemetryEnabled\" | \"jamfDataInAnalyzerEnabled\" | \"timelineEsqlTabDisabled\" | \"analyzerDatePickersAndSourcererDisabled\" | \"graphVisualizationInFlyoutEnabled\" | \"prebuiltRulesCustomizationEnabled\" | \"malwareOnWriteScanOptionAvailable\" | \"unifiedManifestEnabled\" | \"valueListItemsModalEnabled\" | \"filterProcessDescendantsForEventFiltersEnabled\" | \"dataIngestionHubEnabled\" | \"entityStoreDisabled\" | \"siemMigrationsEnabled\" | undefined"
+              "\"assistantModelEvaluation\" | \"excludePoliciesInFilterEnabled\" | \"kubernetesEnabled\" | \"donutChartEmbeddablesEnabled\" | \"previewTelemetryUrlEnabled\" | \"extendedRuleExecutionLoggingEnabled\" | \"socTrendsEnabled\" | \"responseActionUploadEnabled\" | \"automatedProcessActionsEnabled\" | \"responseActionsSentinelOneV1Enabled\" | \"responseActionsSentinelOneV2Enabled\" | \"responseActionsSentinelOneGetFileEnabled\" | \"responseActionsSentinelOneKillProcessEnabled\" | \"responseActionsSentinelOneProcessesEnabled\" | \"responseActionsCrowdstrikeManualHostIsolationEnabled\" | \"endpointManagementSpaceAwarenessEnabled\" | \"securitySolutionNotesDisabled\" | \"entityAlertPreviewDisabled\" | \"newUserDetailsFlyoutManagedUser\" | \"riskScoringPersistence\" | \"riskScoringRoutesEnabled\" | \"esqlRulesDisabled\" | \"protectionUpdatesEnabled\" | \"disableTimelineSaveTour\" | \"riskEnginePrivilegesRouteEnabled\" | \"sentinelOneDataInAnalyzerEnabled\" | \"sentinelOneManualHostActionsEnabled\" | \"crowdstrikeDataInAnalyzerEnabled\" | \"responseActionsTelemetryEnabled\" | \"jamfDataInAnalyzerEnabled\" | \"timelineEsqlTabDisabled\" | \"analyzerDatePickersAndSourcererDisabled\" | \"graphVisualizationInFlyoutEnabled\" | \"prebuiltRulesCustomizationEnabled\" | \"malwareOnWriteScanOptionAvailable\" | \"unifiedManifestEnabled\" | \"valueListItemsModalEnabled\" | \"filterProcessDescendantsForEventFiltersEnabled\" | \"dataIngestionHubEnabled\" | \"entityStoreDisabled\" | \"siemMigrationsEnabled\" | undefined"
             ],
             "path": "x-pack/plugins/security_solution/public/common/links/types.ts",
             "deprecated": false,
@@ -500,7 +500,7 @@
               "\nExperimental flag needed to disable the link. Opposite of experimentalKey"
             ],
             "signature": [
-              "\"assistantKnowledgeBaseByDefault\" | \"assistantModelEvaluation\" | \"excludePoliciesInFilterEnabled\" | \"kubernetesEnabled\" | \"donutChartEmbeddablesEnabled\" | \"previewTelemetryUrlEnabled\" | \"extendedRuleExecutionLoggingEnabled\" | \"socTrendsEnabled\" | \"responseActionUploadEnabled\" | \"automatedProcessActionsEnabled\" | \"responseActionsSentinelOneV1Enabled\" | \"responseActionsSentinelOneV2Enabled\" | \"responseActionsSentinelOneGetFileEnabled\" | \"responseActionsSentinelOneKillProcessEnabled\" | \"responseActionsSentinelOneProcessesEnabled\" | \"responseActionsCrowdstrikeManualHostIsolationEnabled\" | \"endpointManagementSpaceAwarenessEnabled\" | \"securitySolutionNotesDisabled\" | \"entityAlertPreviewDisabled\" | \"newUserDetailsFlyoutManagedUser\" | \"riskScoringPersistence\" | \"riskScoringRoutesEnabled\" | \"esqlRulesDisabled\" | \"protectionUpdatesEnabled\" | \"disableTimelineSaveTour\" | \"riskEnginePrivilegesRouteEnabled\" | \"sentinelOneDataInAnalyzerEnabled\" | \"sentinelOneManualHostActionsEnabled\" | \"crowdstrikeDataInAnalyzerEnabled\" | \"responseActionsTelemetryEnabled\" | \"jamfDataInAnalyzerEnabled\" | \"timelineEsqlTabDisabled\" | \"analyzerDatePickersAndSourcererDisabled\" | \"graphVisualizationInFlyoutEnabled\" | \"prebuiltRulesCustomizationEnabled\" | \"malwareOnWriteScanOptionAvailable\" | \"unifiedManifestEnabled\" | \"valueListItemsModalEnabled\" | \"filterProcessDescendantsForEventFiltersEnabled\" | \"dataIngestionHubEnabled\" | \"entityStoreDisabled\" | \"siemMigrationsEnabled\" | undefined"
+              "\"assistantModelEvaluation\" | \"excludePoliciesInFilterEnabled\" | \"kubernetesEnabled\" | \"donutChartEmbeddablesEnabled\" | \"previewTelemetryUrlEnabled\" | \"extendedRuleExecutionLoggingEnabled\" | \"socTrendsEnabled\" | \"responseActionUploadEnabled\" | \"automatedProcessActionsEnabled\" | \"responseActionsSentinelOneV1Enabled\" | \"responseActionsSentinelOneV2Enabled\" | \"responseActionsSentinelOneGetFileEnabled\" | \"responseActionsSentinelOneKillProcessEnabled\" | \"responseActionsSentinelOneProcessesEnabled\" | \"responseActionsCrowdstrikeManualHostIsolationEnabled\" | \"endpointManagementSpaceAwarenessEnabled\" | \"securitySolutionNotesDisabled\" | \"entityAlertPreviewDisabled\" | \"newUserDetailsFlyoutManagedUser\" | \"riskScoringPersistence\" | \"riskScoringRoutesEnabled\" | \"esqlRulesDisabled\" | \"protectionUpdatesEnabled\" | \"disableTimelineSaveTour\" | \"riskEnginePrivilegesRouteEnabled\" | \"sentinelOneDataInAnalyzerEnabled\" | \"sentinelOneManualHostActionsEnabled\" | \"crowdstrikeDataInAnalyzerEnabled\" | \"responseActionsTelemetryEnabled\" | \"jamfDataInAnalyzerEnabled\" | \"timelineEsqlTabDisabled\" | \"analyzerDatePickersAndSourcererDisabled\" | \"graphVisualizationInFlyoutEnabled\" | \"prebuiltRulesCustomizationEnabled\" | \"malwareOnWriteScanOptionAvailable\" | \"unifiedManifestEnabled\" | \"valueListItemsModalEnabled\" | \"filterProcessDescendantsForEventFiltersEnabled\" | \"dataIngestionHubEnabled\" | \"entityStoreDisabled\" | \"siemMigrationsEnabled\" | undefined"
             ],
             "path": "x-pack/plugins/security_solution/public/common/links/types.ts",
             "deprecated": false,
@@ -1791,7 +1791,7 @@
           "label": "experimentalFeatures",
           "description": [],
           "signature": [
-            "{ readonly excludePoliciesInFilterEnabled: boolean; readonly kubernetesEnabled: boolean; readonly donutChartEmbeddablesEnabled: boolean; readonly previewTelemetryUrlEnabled: boolean; readonly extendedRuleExecutionLoggingEnabled: boolean; readonly socTrendsEnabled: boolean; readonly responseActionUploadEnabled: boolean; readonly automatedProcessActionsEnabled: boolean; readonly responseActionsSentinelOneV1Enabled: boolean; readonly responseActionsSentinelOneV2Enabled: boolean; readonly responseActionsSentinelOneGetFileEnabled: boolean; readonly responseActionsSentinelOneKillProcessEnabled: boolean; readonly responseActionsSentinelOneProcessesEnabled: boolean; readonly responseActionsCrowdstrikeManualHostIsolationEnabled: boolean; readonly endpointManagementSpaceAwarenessEnabled: boolean; readonly securitySolutionNotesDisabled: boolean; readonly entityAlertPreviewDisabled: boolean; readonly assistantModelEvaluation: boolean; readonly assistantKnowledgeBaseByDefault: boolean; readonly newUserDetailsFlyoutManagedUser: boolean; readonly riskScoringPersistence: boolean; readonly riskScoringRoutesEnabled: boolean; readonly esqlRulesDisabled: boolean; readonly protectionUpdatesEnabled: boolean; readonly disableTimelineSaveTour: boolean; readonly riskEnginePrivilegesRouteEnabled: boolean; readonly sentinelOneDataInAnalyzerEnabled: boolean; readonly sentinelOneManualHostActionsEnabled: boolean; readonly crowdstrikeDataInAnalyzerEnabled: boolean; readonly responseActionsTelemetryEnabled: boolean; readonly jamfDataInAnalyzerEnabled: boolean; readonly timelineEsqlTabDisabled: boolean; readonly analyzerDatePickersAndSourcererDisabled: boolean; readonly graphVisualizationInFlyoutEnabled: boolean; readonly prebuiltRulesCustomizationEnabled: boolean; readonly malwareOnWriteScanOptionAvailable: boolean; readonly unifiedManifestEnabled: boolean; readonly valueListItemsModalEnabled: boolean; readonly filterProcessDescendantsForEventFiltersEnabled: boolean; readonly dataIngestionHubEnabled: boolean; readonly entityStoreDisabled: boolean; readonly siemMigrationsEnabled: boolean; }"
+            "{ readonly excludePoliciesInFilterEnabled: boolean; readonly kubernetesEnabled: boolean; readonly donutChartEmbeddablesEnabled: boolean; readonly previewTelemetryUrlEnabled: boolean; readonly extendedRuleExecutionLoggingEnabled: boolean; readonly socTrendsEnabled: boolean; readonly responseActionUploadEnabled: boolean; readonly automatedProcessActionsEnabled: boolean; readonly responseActionsSentinelOneV1Enabled: boolean; readonly responseActionsSentinelOneV2Enabled: boolean; readonly responseActionsSentinelOneGetFileEnabled: boolean; readonly responseActionsSentinelOneKillProcessEnabled: boolean; readonly responseActionsSentinelOneProcessesEnabled: boolean; readonly responseActionsCrowdstrikeManualHostIsolationEnabled: boolean; readonly endpointManagementSpaceAwarenessEnabled: boolean; readonly securitySolutionNotesDisabled: boolean; readonly entityAlertPreviewDisabled: boolean; readonly assistantModelEvaluation: boolean; readonly newUserDetailsFlyoutManagedUser: boolean; readonly riskScoringPersistence: boolean; readonly riskScoringRoutesEnabled: boolean; readonly esqlRulesDisabled: boolean; readonly protectionUpdatesEnabled: boolean; readonly disableTimelineSaveTour: boolean; readonly riskEnginePrivilegesRouteEnabled: boolean; readonly sentinelOneDataInAnalyzerEnabled: boolean; readonly sentinelOneManualHostActionsEnabled: boolean; readonly crowdstrikeDataInAnalyzerEnabled: boolean; readonly responseActionsTelemetryEnabled: boolean; readonly jamfDataInAnalyzerEnabled: boolean; readonly timelineEsqlTabDisabled: boolean; readonly analyzerDatePickersAndSourcererDisabled: boolean; readonly graphVisualizationInFlyoutEnabled: boolean; readonly prebuiltRulesCustomizationEnabled: boolean; readonly malwareOnWriteScanOptionAvailable: boolean; readonly unifiedManifestEnabled: boolean; readonly valueListItemsModalEnabled: boolean; readonly filterProcessDescendantsForEventFiltersEnabled: boolean; readonly dataIngestionHubEnabled: boolean; readonly entityStoreDisabled: boolean; readonly siemMigrationsEnabled: boolean; }"
           ],
           "path": "x-pack/plugins/security_solution/public/types.ts",
           "deprecated": false,
@@ -3039,7 +3039,7 @@
             "\nThe security solution generic experimental features"
           ],
           "signature": [
-            "{ readonly excludePoliciesInFilterEnabled: boolean; readonly kubernetesEnabled: boolean; readonly donutChartEmbeddablesEnabled: boolean; readonly previewTelemetryUrlEnabled: boolean; readonly extendedRuleExecutionLoggingEnabled: boolean; readonly socTrendsEnabled: boolean; readonly responseActionUploadEnabled: boolean; readonly automatedProcessActionsEnabled: boolean; readonly responseActionsSentinelOneV1Enabled: boolean; readonly responseActionsSentinelOneV2Enabled: boolean; readonly responseActionsSentinelOneGetFileEnabled: boolean; readonly responseActionsSentinelOneKillProcessEnabled: boolean; readonly responseActionsSentinelOneProcessesEnabled: boolean; readonly responseActionsCrowdstrikeManualHostIsolationEnabled: boolean; readonly endpointManagementSpaceAwarenessEnabled: boolean; readonly securitySolutionNotesDisabled: boolean; readonly entityAlertPreviewDisabled: boolean; readonly assistantModelEvaluation: boolean; readonly assistantKnowledgeBaseByDefault: boolean; readonly newUserDetailsFlyoutManagedUser: boolean; readonly riskScoringPersistence: boolean; readonly riskScoringRoutesEnabled: boolean; readonly esqlRulesDisabled: boolean; readonly protectionUpdatesEnabled: boolean; readonly disableTimelineSaveTour: boolean; readonly riskEnginePrivilegesRouteEnabled: boolean; readonly sentinelOneDataInAnalyzerEnabled: boolean; readonly sentinelOneManualHostActionsEnabled: boolean; readonly crowdstrikeDataInAnalyzerEnabled: boolean; readonly responseActionsTelemetryEnabled: boolean; readonly jamfDataInAnalyzerEnabled: boolean; readonly timelineEsqlTabDisabled: boolean; readonly analyzerDatePickersAndSourcererDisabled: boolean; readonly graphVisualizationInFlyoutEnabled: boolean; readonly prebuiltRulesCustomizationEnabled: boolean; readonly malwareOnWriteScanOptionAvailable: boolean; readonly unifiedManifestEnabled: boolean; readonly valueListItemsModalEnabled: boolean; readonly filterProcessDescendantsForEventFiltersEnabled: boolean; readonly dataIngestionHubEnabled: boolean; readonly entityStoreDisabled: boolean; readonly siemMigrationsEnabled: boolean; }"
+            "{ readonly excludePoliciesInFilterEnabled: boolean; readonly kubernetesEnabled: boolean; readonly donutChartEmbeddablesEnabled: boolean; readonly previewTelemetryUrlEnabled: boolean; readonly extendedRuleExecutionLoggingEnabled: boolean; readonly socTrendsEnabled: boolean; readonly responseActionUploadEnabled: boolean; readonly automatedProcessActionsEnabled: boolean; readonly responseActionsSentinelOneV1Enabled: boolean; readonly responseActionsSentinelOneV2Enabled: boolean; readonly responseActionsSentinelOneGetFileEnabled: boolean; readonly responseActionsSentinelOneKillProcessEnabled: boolean; readonly responseActionsSentinelOneProcessesEnabled: boolean; readonly responseActionsCrowdstrikeManualHostIsolationEnabled: boolean; readonly endpointManagementSpaceAwarenessEnabled: boolean; readonly securitySolutionNotesDisabled: boolean; readonly entityAlertPreviewDisabled: boolean; readonly assistantModelEvaluation: boolean; readonly newUserDetailsFlyoutManagedUser: boolean; readonly riskScoringPersistence: boolean; readonly riskScoringRoutesEnabled: boolean; readonly esqlRulesDisabled: boolean; readonly protectionUpdatesEnabled: boolean; readonly disableTimelineSaveTour: boolean; readonly riskEnginePrivilegesRouteEnabled: boolean; readonly sentinelOneDataInAnalyzerEnabled: boolean; readonly sentinelOneManualHostActionsEnabled: boolean; readonly crowdstrikeDataInAnalyzerEnabled: boolean; readonly responseActionsTelemetryEnabled: boolean; readonly jamfDataInAnalyzerEnabled: boolean; readonly timelineEsqlTabDisabled: boolean; readonly analyzerDatePickersAndSourcererDisabled: boolean; readonly graphVisualizationInFlyoutEnabled: boolean; readonly prebuiltRulesCustomizationEnabled: boolean; readonly malwareOnWriteScanOptionAvailable: boolean; readonly unifiedManifestEnabled: boolean; readonly valueListItemsModalEnabled: boolean; readonly filterProcessDescendantsForEventFiltersEnabled: boolean; readonly dataIngestionHubEnabled: boolean; readonly entityStoreDisabled: boolean; readonly siemMigrationsEnabled: boolean; }"
           ],
           "path": "x-pack/plugins/security_solution/server/plugin_contract.ts",
           "deprecated": false,
@@ -3212,7 +3212,7 @@
         "label": "ExperimentalFeatures",
         "description": [],
         "signature": [
-          "{ readonly excludePoliciesInFilterEnabled: boolean; readonly kubernetesEnabled: boolean; readonly donutChartEmbeddablesEnabled: boolean; readonly previewTelemetryUrlEnabled: boolean; readonly extendedRuleExecutionLoggingEnabled: boolean; readonly socTrendsEnabled: boolean; readonly responseActionUploadEnabled: boolean; readonly automatedProcessActionsEnabled: boolean; readonly responseActionsSentinelOneV1Enabled: boolean; readonly responseActionsSentinelOneV2Enabled: boolean; readonly responseActionsSentinelOneGetFileEnabled: boolean; readonly responseActionsSentinelOneKillProcessEnabled: boolean; readonly responseActionsSentinelOneProcessesEnabled: boolean; readonly responseActionsCrowdstrikeManualHostIsolationEnabled: boolean; readonly endpointManagementSpaceAwarenessEnabled: boolean; readonly securitySolutionNotesDisabled: boolean; readonly entityAlertPreviewDisabled: boolean; readonly assistantModelEvaluation: boolean; readonly assistantKnowledgeBaseByDefault: boolean; readonly newUserDetailsFlyoutManagedUser: boolean; readonly riskScoringPersistence: boolean; readonly riskScoringRoutesEnabled: boolean; readonly esqlRulesDisabled: boolean; readonly protectionUpdatesEnabled: boolean; readonly disableTimelineSaveTour: boolean; readonly riskEnginePrivilegesRouteEnabled: boolean; readonly sentinelOneDataInAnalyzerEnabled: boolean; readonly sentinelOneManualHostActionsEnabled: boolean; readonly crowdstrikeDataInAnalyzerEnabled: boolean; readonly responseActionsTelemetryEnabled: boolean; readonly jamfDataInAnalyzerEnabled: boolean; readonly timelineEsqlTabDisabled: boolean; readonly analyzerDatePickersAndSourcererDisabled: boolean; readonly graphVisualizationInFlyoutEnabled: boolean; readonly prebuiltRulesCustomizationEnabled: boolean; readonly malwareOnWriteScanOptionAvailable: boolean; readonly unifiedManifestEnabled: boolean; readonly valueListItemsModalEnabled: boolean; readonly filterProcessDescendantsForEventFiltersEnabled: boolean; readonly dataIngestionHubEnabled: boolean; readonly entityStoreDisabled: boolean; readonly siemMigrationsEnabled: boolean; }"
+          "{ readonly excludePoliciesInFilterEnabled: boolean; readonly kubernetesEnabled: boolean; readonly donutChartEmbeddablesEnabled: boolean; readonly previewTelemetryUrlEnabled: boolean; readonly extendedRuleExecutionLoggingEnabled: boolean; readonly socTrendsEnabled: boolean; readonly responseActionUploadEnabled: boolean; readonly automatedProcessActionsEnabled: boolean; readonly responseActionsSentinelOneV1Enabled: boolean; readonly responseActionsSentinelOneV2Enabled: boolean; readonly responseActionsSentinelOneGetFileEnabled: boolean; readonly responseActionsSentinelOneKillProcessEnabled: boolean; readonly responseActionsSentinelOneProcessesEnabled: boolean; readonly responseActionsCrowdstrikeManualHostIsolationEnabled: boolean; readonly endpointManagementSpaceAwarenessEnabled: boolean; readonly securitySolutionNotesDisabled: boolean; readonly entityAlertPreviewDisabled: boolean; readonly assistantModelEvaluation: boolean; readonly newUserDetailsFlyoutManagedUser: boolean; readonly riskScoringPersistence: boolean; readonly riskScoringRoutesEnabled: boolean; readonly esqlRulesDisabled: boolean; readonly protectionUpdatesEnabled: boolean; readonly disableTimelineSaveTour: boolean; readonly riskEnginePrivilegesRouteEnabled: boolean; readonly sentinelOneDataInAnalyzerEnabled: boolean; readonly sentinelOneManualHostActionsEnabled: boolean; readonly crowdstrikeDataInAnalyzerEnabled: boolean; readonly responseActionsTelemetryEnabled: boolean; readonly jamfDataInAnalyzerEnabled: boolean; readonly timelineEsqlTabDisabled: boolean; readonly analyzerDatePickersAndSourcererDisabled: boolean; readonly graphVisualizationInFlyoutEnabled: boolean; readonly prebuiltRulesCustomizationEnabled: boolean; readonly malwareOnWriteScanOptionAvailable: boolean; readonly unifiedManifestEnabled: boolean; readonly valueListItemsModalEnabled: boolean; readonly filterProcessDescendantsForEventFiltersEnabled: boolean; readonly dataIngestionHubEnabled: boolean; readonly entityStoreDisabled: boolean; readonly siemMigrationsEnabled: boolean; }"
         ],
         "path": "x-pack/plugins/security_solution/common/experimental_features.ts",
         "deprecated": false,
@@ -3278,7 +3278,7 @@
           "\nA list of allowed values that can be used in `xpack.securitySolution.enableExperimental`.\nThis object is then used to validate and parse the value entered."
         ],
         "signature": [
-          "{ readonly excludePoliciesInFilterEnabled: false; readonly kubernetesEnabled: true; readonly donutChartEmbeddablesEnabled: false; readonly previewTelemetryUrlEnabled: false; readonly extendedRuleExecutionLoggingEnabled: false; readonly socTrendsEnabled: false; readonly responseActionUploadEnabled: true; readonly automatedProcessActionsEnabled: true; readonly responseActionsSentinelOneV1Enabled: true; readonly responseActionsSentinelOneV2Enabled: true; readonly responseActionsSentinelOneGetFileEnabled: true; readonly responseActionsSentinelOneKillProcessEnabled: true; readonly responseActionsSentinelOneProcessesEnabled: true; readonly responseActionsCrowdstrikeManualHostIsolationEnabled: true; readonly endpointManagementSpaceAwarenessEnabled: false; readonly securitySolutionNotesDisabled: false; readonly entityAlertPreviewDisabled: false; readonly assistantModelEvaluation: false; readonly assistantKnowledgeBaseByDefault: true; readonly newUserDetailsFlyoutManagedUser: false; readonly riskScoringPersistence: true; readonly riskScoringRoutesEnabled: true; readonly esqlRulesDisabled: false; readonly protectionUpdatesEnabled: true; readonly disableTimelineSaveTour: false; readonly riskEnginePrivilegesRouteEnabled: true; readonly sentinelOneDataInAnalyzerEnabled: true; readonly sentinelOneManualHostActionsEnabled: true; readonly crowdstrikeDataInAnalyzerEnabled: true; readonly responseActionsTelemetryEnabled: false; readonly jamfDataInAnalyzerEnabled: true; readonly timelineEsqlTabDisabled: false; readonly analyzerDatePickersAndSourcererDisabled: false; readonly graphVisualizationInFlyoutEnabled: false; readonly prebuiltRulesCustomizationEnabled: false; readonly malwareOnWriteScanOptionAvailable: true; readonly unifiedManifestEnabled: true; readonly valueListItemsModalEnabled: true; readonly filterProcessDescendantsForEventFiltersEnabled: true; readonly dataIngestionHubEnabled: false; readonly entityStoreDisabled: false; readonly siemMigrationsEnabled: false; }"
+          "{ readonly excludePoliciesInFilterEnabled: false; readonly kubernetesEnabled: true; readonly donutChartEmbeddablesEnabled: false; readonly previewTelemetryUrlEnabled: false; readonly extendedRuleExecutionLoggingEnabled: false; readonly socTrendsEnabled: false; readonly responseActionUploadEnabled: true; readonly automatedProcessActionsEnabled: true; readonly responseActionsSentinelOneV1Enabled: true; readonly responseActionsSentinelOneV2Enabled: true; readonly responseActionsSentinelOneGetFileEnabled: true; readonly responseActionsSentinelOneKillProcessEnabled: true; readonly responseActionsSentinelOneProcessesEnabled: true; readonly responseActionsCrowdstrikeManualHostIsolationEnabled: true; readonly endpointManagementSpaceAwarenessEnabled: false; readonly securitySolutionNotesDisabled: false; readonly entityAlertPreviewDisabled: false; readonly assistantModelEvaluation: false; readonly newUserDetailsFlyoutManagedUser: false; readonly riskScoringPersistence: true; readonly riskScoringRoutesEnabled: true; readonly esqlRulesDisabled: false; readonly protectionUpdatesEnabled: true; readonly disableTimelineSaveTour: false; readonly riskEnginePrivilegesRouteEnabled: true; readonly sentinelOneDataInAnalyzerEnabled: true; readonly sentinelOneManualHostActionsEnabled: true; readonly crowdstrikeDataInAnalyzerEnabled: true; readonly responseActionsTelemetryEnabled: false; readonly jamfDataInAnalyzerEnabled: true; readonly timelineEsqlTabDisabled: false; readonly analyzerDatePickersAndSourcererDisabled: false; readonly graphVisualizationInFlyoutEnabled: false; readonly prebuiltRulesCustomizationEnabled: false; readonly malwareOnWriteScanOptionAvailable: true; readonly unifiedManifestEnabled: true; readonly valueListItemsModalEnabled: true; readonly filterProcessDescendantsForEventFiltersEnabled: true; readonly dataIngestionHubEnabled: false; readonly entityStoreDisabled: false; readonly siemMigrationsEnabled: false; }"
         ],
         "path": "x-pack/plugins/security_solution/common/experimental_features.ts",
         "deprecated": false,
diff --git a/api_docs/security_solution.mdx b/api_docs/security_solution.mdx
index 8c458c5dd5c90..168b458169a8d 100644
--- a/api_docs/security_solution.mdx
+++ b/api_docs/security_solution.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/securitySolution
 title: "securitySolution"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the securitySolution plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'securitySolution']
 ---
 import securitySolutionObj from './security_solution.devdocs.json';
diff --git a/api_docs/security_solution_ess.mdx b/api_docs/security_solution_ess.mdx
index 09498b8b44411..e12a24a3e52d2 100644
--- a/api_docs/security_solution_ess.mdx
+++ b/api_docs/security_solution_ess.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/securitySolutionEss
 title: "securitySolutionEss"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the securitySolutionEss plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'securitySolutionEss']
 ---
 import securitySolutionEssObj from './security_solution_ess.devdocs.json';
diff --git a/api_docs/security_solution_serverless.mdx b/api_docs/security_solution_serverless.mdx
index e85832e528bda..1c8fe5ce3cabf 100644
--- a/api_docs/security_solution_serverless.mdx
+++ b/api_docs/security_solution_serverless.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/securitySolutionServerless
 title: "securitySolutionServerless"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the securitySolutionServerless plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'securitySolutionServerless']
 ---
 import securitySolutionServerlessObj from './security_solution_serverless.devdocs.json';
diff --git a/api_docs/serverless.mdx b/api_docs/serverless.mdx
index 834b2849bf4fc..fe40ba7d24fde 100644
--- a/api_docs/serverless.mdx
+++ b/api_docs/serverless.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/serverless
 title: "serverless"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the serverless plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'serverless']
 ---
 import serverlessObj from './serverless.devdocs.json';
diff --git a/api_docs/serverless_observability.mdx b/api_docs/serverless_observability.mdx
index ab9d0dafee7dc..d67a110da9d0b 100644
--- a/api_docs/serverless_observability.mdx
+++ b/api_docs/serverless_observability.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/serverlessObservability
 title: "serverlessObservability"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the serverlessObservability plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'serverlessObservability']
 ---
 import serverlessObservabilityObj from './serverless_observability.devdocs.json';
diff --git a/api_docs/serverless_search.mdx b/api_docs/serverless_search.mdx
index 42e3a4a3621d1..ce080f5c6ffad 100644
--- a/api_docs/serverless_search.mdx
+++ b/api_docs/serverless_search.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/serverlessSearch
 title: "serverlessSearch"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the serverlessSearch plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'serverlessSearch']
 ---
 import serverlessSearchObj from './serverless_search.devdocs.json';
diff --git a/api_docs/session_view.mdx b/api_docs/session_view.mdx
index 0fe1099b64752..5349a0ba7a4fa 100644
--- a/api_docs/session_view.mdx
+++ b/api_docs/session_view.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/sessionView
 title: "sessionView"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the sessionView plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'sessionView']
 ---
 import sessionViewObj from './session_view.devdocs.json';
diff --git a/api_docs/share.mdx b/api_docs/share.mdx
index 9a754c7f4216a..2f71181da7f75 100644
--- a/api_docs/share.mdx
+++ b/api_docs/share.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/share
 title: "share"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the share plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'share']
 ---
 import shareObj from './share.devdocs.json';
diff --git a/api_docs/slo.devdocs.json b/api_docs/slo.devdocs.json
index e811ff753c84c..8c60a42bac56e 100644
--- a/api_docs/slo.devdocs.json
+++ b/api_docs/slo.devdocs.json
@@ -6,10 +6,10 @@
     "interfaces": [
       {
         "parentPluginId": "slo",
-        "id": "def-public.SloPublicPluginsSetup",
+        "id": "def-public.SLOPublicPluginsSetup",
         "type": "Interface",
         "tags": [],
-        "label": "SloPublicPluginsSetup",
+        "label": "SLOPublicPluginsSetup",
         "description": [],
         "path": "x-pack/plugins/observability_solution/slo/public/types.ts",
         "deprecated": false,
@@ -17,7 +17,7 @@
         "children": [
           {
             "parentPluginId": "slo",
-            "id": "def-public.SloPublicPluginsSetup.data",
+            "id": "def-public.SLOPublicPluginsSetup.data",
             "type": "Object",
             "tags": [],
             "label": "data",
@@ -37,7 +37,47 @@
           },
           {
             "parentPluginId": "slo",
-            "id": "def-public.SloPublicPluginsSetup.observability",
+            "id": "def-public.SLOPublicPluginsSetup.embeddable",
+            "type": "Object",
+            "tags": [],
+            "label": "embeddable",
+            "description": [],
+            "signature": [
+              {
+                "pluginId": "embeddable",
+                "scope": "public",
+                "docId": "kibEmbeddablePluginApi",
+                "section": "def-public.EmbeddableSetup",
+                "text": "EmbeddableSetup"
+              }
+            ],
+            "path": "x-pack/plugins/observability_solution/slo/public/types.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "slo",
+            "id": "def-public.SLOPublicPluginsSetup.licensing",
+            "type": "Object",
+            "tags": [],
+            "label": "licensing",
+            "description": [],
+            "signature": [
+              {
+                "pluginId": "licensing",
+                "scope": "public",
+                "docId": "kibLicensingPluginApi",
+                "section": "def-public.LicensingPluginSetup",
+                "text": "LicensingPluginSetup"
+              }
+            ],
+            "path": "x-pack/plugins/observability_solution/slo/public/types.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "slo",
+            "id": "def-public.SLOPublicPluginsSetup.observability",
             "type": "Object",
             "tags": [],
             "label": "observability",
@@ -127,7 +167,28 @@
           },
           {
             "parentPluginId": "slo",
-            "id": "def-public.SloPublicPluginsSetup.observabilityShared",
+            "id": "def-public.SLOPublicPluginsSetup.observabilityAIAssistant",
+            "type": "Object",
+            "tags": [],
+            "label": "observabilityAIAssistant",
+            "description": [],
+            "signature": [
+              {
+                "pluginId": "observabilityAIAssistant",
+                "scope": "public",
+                "docId": "kibObservabilityAIAssistantPluginApi",
+                "section": "def-public.ObservabilityAIAssistantPublicSetup",
+                "text": "ObservabilityAIAssistantPublicSetup"
+              },
+              " | undefined"
+            ],
+            "path": "x-pack/plugins/observability_solution/slo/public/types.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "slo",
+            "id": "def-public.SLOPublicPluginsSetup.observabilityShared",
             "type": "Object",
             "tags": [],
             "label": "observabilityShared",
@@ -151,18 +212,18 @@
           },
           {
             "parentPluginId": "slo",
-            "id": "def-public.SloPublicPluginsSetup.triggersActionsUi",
+            "id": "def-public.SLOPublicPluginsSetup.presentationUtil",
             "type": "Object",
             "tags": [],
-            "label": "triggersActionsUi",
+            "label": "presentationUtil",
             "description": [],
             "signature": [
               {
-                "pluginId": "triggersActionsUi",
+                "pluginId": "presentationUtil",
                 "scope": "public",
-                "docId": "kibTriggersActionsUiPluginApi",
-                "section": "def-public.TriggersAndActionsUIPublicPluginSetup",
-                "text": "TriggersAndActionsUIPublicPluginSetup"
+                "docId": "kibPresentationUtilPluginApi",
+                "section": "def-public.PresentationUtilPluginStart",
+                "text": "PresentationUtilPluginStart"
               }
             ],
             "path": "x-pack/plugins/observability_solution/slo/public/types.ts",
@@ -171,19 +232,20 @@
           },
           {
             "parentPluginId": "slo",
-            "id": "def-public.SloPublicPluginsSetup.licensing",
+            "id": "def-public.SLOPublicPluginsSetup.serverless",
             "type": "Object",
             "tags": [],
-            "label": "licensing",
+            "label": "serverless",
             "description": [],
             "signature": [
               {
-                "pluginId": "licensing",
+                "pluginId": "serverless",
                 "scope": "public",
-                "docId": "kibLicensingPluginApi",
-                "section": "def-public.LicensingPluginSetup",
-                "text": "LicensingPluginSetup"
-              }
+                "docId": "kibServerlessPluginApi",
+                "section": "def-public.ServerlessPluginSetup",
+                "text": "ServerlessPluginSetup"
+              },
+              " | undefined"
             ],
             "path": "x-pack/plugins/observability_solution/slo/public/types.ts",
             "deprecated": false,
@@ -191,7 +253,7 @@
           },
           {
             "parentPluginId": "slo",
-            "id": "def-public.SloPublicPluginsSetup.share",
+            "id": "def-public.SLOPublicPluginsSetup.share",
             "type": "CompoundType",
             "tags": [],
             "label": "share",
@@ -239,18 +301,18 @@
           },
           {
             "parentPluginId": "slo",
-            "id": "def-public.SloPublicPluginsSetup.embeddable",
+            "id": "def-public.SLOPublicPluginsSetup.triggersActionsUi",
             "type": "Object",
             "tags": [],
-            "label": "embeddable",
+            "label": "triggersActionsUi",
             "description": [],
             "signature": [
               {
-                "pluginId": "embeddable",
+                "pluginId": "triggersActionsUi",
                 "scope": "public",
-                "docId": "kibEmbeddablePluginApi",
-                "section": "def-public.EmbeddableSetup",
-                "text": "EmbeddableSetup"
+                "docId": "kibTriggersActionsUiPluginApi",
+                "section": "def-public.TriggersAndActionsUIPublicPluginSetup",
+                "text": "TriggersAndActionsUIPublicPluginSetup"
               }
             ],
             "path": "x-pack/plugins/observability_solution/slo/public/types.ts",
@@ -259,7 +321,7 @@
           },
           {
             "parentPluginId": "slo",
-            "id": "def-public.SloPublicPluginsSetup.uiActions",
+            "id": "def-public.SLOPublicPluginsSetup.uiActions",
             "type": "Object",
             "tags": [],
             "label": "uiActions",
@@ -305,69 +367,7 @@
           },
           {
             "parentPluginId": "slo",
-            "id": "def-public.SloPublicPluginsSetup.serverless",
-            "type": "Object",
-            "tags": [],
-            "label": "serverless",
-            "description": [],
-            "signature": [
-              {
-                "pluginId": "serverless",
-                "scope": "public",
-                "docId": "kibServerlessPluginApi",
-                "section": "def-public.ServerlessPluginSetup",
-                "text": "ServerlessPluginSetup"
-              },
-              " | undefined"
-            ],
-            "path": "x-pack/plugins/observability_solution/slo/public/types.ts",
-            "deprecated": false,
-            "trackAdoption": false
-          },
-          {
-            "parentPluginId": "slo",
-            "id": "def-public.SloPublicPluginsSetup.presentationUtil",
-            "type": "Object",
-            "tags": [],
-            "label": "presentationUtil",
-            "description": [],
-            "signature": [
-              {
-                "pluginId": "presentationUtil",
-                "scope": "public",
-                "docId": "kibPresentationUtilPluginApi",
-                "section": "def-public.PresentationUtilPluginStart",
-                "text": "PresentationUtilPluginStart"
-              }
-            ],
-            "path": "x-pack/plugins/observability_solution/slo/public/types.ts",
-            "deprecated": false,
-            "trackAdoption": false
-          },
-          {
-            "parentPluginId": "slo",
-            "id": "def-public.SloPublicPluginsSetup.observabilityAIAssistant",
-            "type": "Object",
-            "tags": [],
-            "label": "observabilityAIAssistant",
-            "description": [],
-            "signature": [
-              {
-                "pluginId": "observabilityAIAssistant",
-                "scope": "public",
-                "docId": "kibObservabilityAIAssistantPluginApi",
-                "section": "def-public.ObservabilityAIAssistantPublicSetup",
-                "text": "ObservabilityAIAssistantPublicSetup"
-              },
-              " | undefined"
-            ],
-            "path": "x-pack/plugins/observability_solution/slo/public/types.ts",
-            "deprecated": false,
-            "trackAdoption": false
-          },
-          {
-            "parentPluginId": "slo",
-            "id": "def-public.SloPublicPluginsSetup.usageCollection",
+            "id": "def-public.SLOPublicPluginsSetup.usageCollection",
             "type": "Object",
             "tags": [],
             "label": "usageCollection",
@@ -390,10 +390,10 @@
       },
       {
         "parentPluginId": "slo",
-        "id": "def-public.SloPublicPluginsStart",
+        "id": "def-public.SLOPublicPluginsStart",
         "type": "Interface",
         "tags": [],
-        "label": "SloPublicPluginsStart",
+        "label": "SLOPublicPluginsStart",
         "description": [],
         "path": "x-pack/plugins/observability_solution/slo/public/types.ts",
         "deprecated": false,
@@ -401,7 +401,7 @@
         "children": [
           {
             "parentPluginId": "slo",
-            "id": "def-public.SloPublicPluginsStart.aiops",
+            "id": "def-public.SLOPublicPluginsStart.aiops",
             "type": "Object",
             "tags": [],
             "label": "aiops",
@@ -421,7 +421,7 @@
           },
           {
             "parentPluginId": "slo",
-            "id": "def-public.SloPublicPluginsStart.cases",
+            "id": "def-public.SLOPublicPluginsStart.cases",
             "type": "Object",
             "tags": [],
             "label": "cases",
@@ -441,7 +441,30 @@
           },
           {
             "parentPluginId": "slo",
-            "id": "def-public.SloPublicPluginsStart.cloud",
+            "id": "def-public.SLOPublicPluginsStart.charts",
+            "type": "CompoundType",
+            "tags": [],
+            "label": "charts",
+            "description": [],
+            "signature": [
+              {
+                "pluginId": "charts",
+                "scope": "public",
+                "docId": "kibChartsPluginApi",
+                "section": "def-public.ChartsPluginSetup",
+                "text": "ChartsPluginSetup"
+              },
+              " & { activeCursor: ",
+              "ActiveCursor",
+              "; }"
+            ],
+            "path": "x-pack/plugins/observability_solution/slo/public/types.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "slo",
+            "id": "def-public.SLOPublicPluginsStart.cloud",
             "type": "Object",
             "tags": [],
             "label": "cloud",
@@ -462,7 +485,7 @@
           },
           {
             "parentPluginId": "slo",
-            "id": "def-public.SloPublicPluginsStart.dashboard",
+            "id": "def-public.SLOPublicPluginsStart.dashboard",
             "type": "Object",
             "tags": [],
             "label": "dashboard",
@@ -482,18 +505,18 @@
           },
           {
             "parentPluginId": "slo",
-            "id": "def-public.SloPublicPluginsStart.dataViewEditor",
+            "id": "def-public.SLOPublicPluginsStart.data",
             "type": "Object",
             "tags": [],
-            "label": "dataViewEditor",
+            "label": "data",
             "description": [],
             "signature": [
               {
-                "pluginId": "dataViewEditor",
+                "pluginId": "data",
                 "scope": "public",
-                "docId": "kibDataViewEditorPluginApi",
-                "section": "def-public.PluginStart",
-                "text": "PluginStart"
+                "docId": "kibDataPluginApi",
+                "section": "def-public.DataPublicPluginStart",
+                "text": "DataPublicPluginStart"
               }
             ],
             "path": "x-pack/plugins/observability_solution/slo/public/types.ts",
@@ -502,29 +525,19 @@
           },
           {
             "parentPluginId": "slo",
-            "id": "def-public.SloPublicPluginsStart.fieldFormats",
-            "type": "CompoundType",
+            "id": "def-public.SLOPublicPluginsStart.dataViewEditor",
+            "type": "Object",
             "tags": [],
-            "label": "fieldFormats",
+            "label": "dataViewEditor",
             "description": [],
             "signature": [
-              "Omit<",
-              {
-                "pluginId": "fieldFormats",
-                "scope": "common",
-                "docId": "kibFieldFormatsPluginApi",
-                "section": "def-common.FieldFormatsRegistry",
-                "text": "FieldFormatsRegistry"
-              },
-              ", \"init\" | \"register\"> & { deserialize: ",
               {
-                "pluginId": "fieldFormats",
-                "scope": "common",
-                "docId": "kibFieldFormatsPluginApi",
-                "section": "def-common.FormatFactory",
-                "text": "FormatFactory"
-              },
-              "; }"
+                "pluginId": "dataViewEditor",
+                "scope": "public",
+                "docId": "kibDataViewEditorPluginApi",
+                "section": "def-public.PluginStart",
+                "text": "PluginStart"
+              }
             ],
             "path": "x-pack/plugins/observability_solution/slo/public/types.ts",
             "deprecated": false,
@@ -532,47 +545,19 @@
           },
           {
             "parentPluginId": "slo",
-            "id": "def-public.SloPublicPluginsStart.observability",
+            "id": "def-public.SLOPublicPluginsStart.dataViewFieldEditor",
             "type": "Object",
             "tags": [],
-            "label": "observability",
+            "label": "dataViewFieldEditor",
             "description": [],
             "signature": [
-              "{ config: ",
-              {
-                "pluginId": "observability",
-                "scope": "public",
-                "docId": "kibObservabilityPluginApi",
-                "section": "def-public.ConfigSchema",
-                "text": "ConfigSchema"
-              },
-              "; observabilityRuleTypeRegistry: { register: (type: ",
-              {
-                "pluginId": "observability",
-                "scope": "public",
-                "docId": "kibObservabilityPluginApi",
-                "section": "def-public.ObservabilityRuleTypeModel",
-                "text": "ObservabilityRuleTypeModel"
-              },
-              "<any>) => void; getFormatter: (typeId: string) => ",
-              {
-                "pluginId": "observability",
-                "scope": "public",
-                "docId": "kibObservabilityPluginApi",
-                "section": "def-public.ObservabilityRuleTypeFormatter",
-                "text": "ObservabilityRuleTypeFormatter"
-              },
-              " | undefined; list: () => string[]; }; useRulesLink: (options?: ",
               {
-                "pluginId": "observabilityShared",
+                "pluginId": "dataViewFieldEditor",
                 "scope": "public",
-                "docId": "kibObservabilitySharedPluginApi",
-                "section": "def-public.Options",
-                "text": "Options"
-              },
-              ") => ",
-              "LinkProps",
-              "; }"
+                "docId": "kibDataViewFieldEditorPluginApi",
+                "section": "def-public.PluginStart",
+                "text": "PluginStart"
+              }
             ],
             "path": "x-pack/plugins/observability_solution/slo/public/types.ts",
             "deprecated": false,
@@ -580,19 +565,219 @@
           },
           {
             "parentPluginId": "slo",
-            "id": "def-public.SloPublicPluginsStart.observabilityShared",
+            "id": "def-public.SLOPublicPluginsStart.dataViews",
             "type": "Object",
             "tags": [],
-            "label": "observabilityShared",
+            "label": "dataViews",
             "description": [],
             "signature": [
-              "{ locators: ObservabilitySharedLocators; navigation: { PageTemplate: (pageTemplateProps: ",
-              "WrappedPageTemplateProps",
-              ") => React.JSX.Element; registerSections: (sections$: ",
-              "Observable",
-              "<",
               {
-                "pluginId": "observabilityShared",
+                "pluginId": "dataViews",
+                "scope": "public",
+                "docId": "kibDataViewsPluginApi",
+                "section": "def-public.DataViewsServicePublic",
+                "text": "DataViewsServicePublic"
+              }
+            ],
+            "path": "x-pack/plugins/observability_solution/slo/public/types.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "slo",
+            "id": "def-public.SLOPublicPluginsStart.discover",
+            "type": "Object",
+            "tags": [],
+            "label": "discover",
+            "description": [],
+            "signature": [
+              {
+                "pluginId": "discover",
+                "scope": "public",
+                "docId": "kibDiscoverPluginApi",
+                "section": "def-public.DiscoverStart",
+                "text": "DiscoverStart"
+              },
+              " | undefined"
+            ],
+            "path": "x-pack/plugins/observability_solution/slo/public/types.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "slo",
+            "id": "def-public.SLOPublicPluginsStart.embeddable",
+            "type": "Object",
+            "tags": [],
+            "label": "embeddable",
+            "description": [],
+            "signature": [
+              {
+                "pluginId": "embeddable",
+                "scope": "public",
+                "docId": "kibEmbeddablePluginApi",
+                "section": "def-public.EmbeddableStart",
+                "text": "EmbeddableStart"
+              }
+            ],
+            "path": "x-pack/plugins/observability_solution/slo/public/types.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "slo",
+            "id": "def-public.SLOPublicPluginsStart.fieldFormats",
+            "type": "CompoundType",
+            "tags": [],
+            "label": "fieldFormats",
+            "description": [],
+            "signature": [
+              "Omit<",
+              {
+                "pluginId": "fieldFormats",
+                "scope": "common",
+                "docId": "kibFieldFormatsPluginApi",
+                "section": "def-common.FieldFormatsRegistry",
+                "text": "FieldFormatsRegistry"
+              },
+              ", \"init\" | \"register\"> & { deserialize: ",
+              {
+                "pluginId": "fieldFormats",
+                "scope": "common",
+                "docId": "kibFieldFormatsPluginApi",
+                "section": "def-common.FormatFactory",
+                "text": "FormatFactory"
+              },
+              "; }"
+            ],
+            "path": "x-pack/plugins/observability_solution/slo/public/types.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "slo",
+            "id": "def-public.SLOPublicPluginsStart.lens",
+            "type": "Object",
+            "tags": [],
+            "label": "lens",
+            "description": [],
+            "signature": [
+              {
+                "pluginId": "lens",
+                "scope": "public",
+                "docId": "kibLensPluginApi",
+                "section": "def-public.LensPublicStart",
+                "text": "LensPublicStart"
+              }
+            ],
+            "path": "x-pack/plugins/observability_solution/slo/public/types.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "slo",
+            "id": "def-public.SLOPublicPluginsStart.licensing",
+            "type": "Object",
+            "tags": [],
+            "label": "licensing",
+            "description": [],
+            "signature": [
+              {
+                "pluginId": "licensing",
+                "scope": "public",
+                "docId": "kibLicensingPluginApi",
+                "section": "def-public.LicensingPluginStart",
+                "text": "LicensingPluginStart"
+              }
+            ],
+            "path": "x-pack/plugins/observability_solution/slo/public/types.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "slo",
+            "id": "def-public.SLOPublicPluginsStart.observability",
+            "type": "Object",
+            "tags": [],
+            "label": "observability",
+            "description": [],
+            "signature": [
+              "{ config: ",
+              {
+                "pluginId": "observability",
+                "scope": "public",
+                "docId": "kibObservabilityPluginApi",
+                "section": "def-public.ConfigSchema",
+                "text": "ConfigSchema"
+              },
+              "; observabilityRuleTypeRegistry: { register: (type: ",
+              {
+                "pluginId": "observability",
+                "scope": "public",
+                "docId": "kibObservabilityPluginApi",
+                "section": "def-public.ObservabilityRuleTypeModel",
+                "text": "ObservabilityRuleTypeModel"
+              },
+              "<any>) => void; getFormatter: (typeId: string) => ",
+              {
+                "pluginId": "observability",
+                "scope": "public",
+                "docId": "kibObservabilityPluginApi",
+                "section": "def-public.ObservabilityRuleTypeFormatter",
+                "text": "ObservabilityRuleTypeFormatter"
+              },
+              " | undefined; list: () => string[]; }; useRulesLink: (options?: ",
+              {
+                "pluginId": "observabilityShared",
+                "scope": "public",
+                "docId": "kibObservabilitySharedPluginApi",
+                "section": "def-public.Options",
+                "text": "Options"
+              },
+              ") => ",
+              "LinkProps",
+              "; }"
+            ],
+            "path": "x-pack/plugins/observability_solution/slo/public/types.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "slo",
+            "id": "def-public.SLOPublicPluginsStart.observabilityAIAssistant",
+            "type": "Object",
+            "tags": [],
+            "label": "observabilityAIAssistant",
+            "description": [],
+            "signature": [
+              {
+                "pluginId": "observabilityAIAssistant",
+                "scope": "public",
+                "docId": "kibObservabilityAIAssistantPluginApi",
+                "section": "def-public.ObservabilityAIAssistantPublicStart",
+                "text": "ObservabilityAIAssistantPublicStart"
+              },
+              " | undefined"
+            ],
+            "path": "x-pack/plugins/observability_solution/slo/public/types.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "slo",
+            "id": "def-public.SLOPublicPluginsStart.observabilityShared",
+            "type": "Object",
+            "tags": [],
+            "label": "observabilityShared",
+            "description": [],
+            "signature": [
+              "{ locators: ObservabilitySharedLocators; navigation: { PageTemplate: (pageTemplateProps: ",
+              "WrappedPageTemplateProps",
+              ") => React.JSX.Element; registerSections: (sections$: ",
+              "Observable",
+              "<",
+              {
+                "pluginId": "observabilityShared",
                 "scope": "public",
                 "docId": "kibObservabilitySharedPluginApi",
                 "section": "def-public.NavigationSection",
@@ -624,18 +809,18 @@
           },
           {
             "parentPluginId": "slo",
-            "id": "def-public.SloPublicPluginsStart.triggersActionsUi",
+            "id": "def-public.SLOPublicPluginsStart.presentationUtil",
             "type": "Object",
             "tags": [],
-            "label": "triggersActionsUi",
+            "label": "presentationUtil",
             "description": [],
             "signature": [
               {
-                "pluginId": "triggersActionsUi",
+                "pluginId": "presentationUtil",
                 "scope": "public",
-                "docId": "kibTriggersActionsUiPluginApi",
-                "section": "def-public.TriggersAndActionsUIPublicPluginStart",
-                "text": "TriggersAndActionsUIPublicPluginStart"
+                "docId": "kibPresentationUtilPluginApi",
+                "section": "def-public.PresentationUtilPluginStart",
+                "text": "PresentationUtilPluginStart"
               }
             ],
             "path": "x-pack/plugins/observability_solution/slo/public/types.ts",
@@ -644,18 +829,18 @@
           },
           {
             "parentPluginId": "slo",
-            "id": "def-public.SloPublicPluginsStart.spaces",
+            "id": "def-public.SLOPublicPluginsStart.serverless",
             "type": "Object",
             "tags": [],
-            "label": "spaces",
+            "label": "serverless",
             "description": [],
             "signature": [
               {
-                "pluginId": "spaces",
+                "pluginId": "serverless",
                 "scope": "public",
-                "docId": "kibSpacesPluginApi",
-                "section": "def-public.SpacesApi",
-                "text": "SpacesApi"
+                "docId": "kibServerlessPluginApi",
+                "section": "def-public.ServerlessPluginStart",
+                "text": "ServerlessPluginStart"
               },
               " | undefined"
             ],
@@ -665,7 +850,7 @@
           },
           {
             "parentPluginId": "slo",
-            "id": "def-public.SloPublicPluginsStart.share",
+            "id": "def-public.SLOPublicPluginsStart.share",
             "type": "CompoundType",
             "tags": [],
             "label": "share",
@@ -705,19 +890,20 @@
           },
           {
             "parentPluginId": "slo",
-            "id": "def-public.SloPublicPluginsStart.licensing",
+            "id": "def-public.SLOPublicPluginsStart.spaces",
             "type": "Object",
             "tags": [],
-            "label": "licensing",
+            "label": "spaces",
             "description": [],
             "signature": [
               {
-                "pluginId": "licensing",
+                "pluginId": "spaces",
                 "scope": "public",
-                "docId": "kibLicensingPluginApi",
-                "section": "def-public.LicensingPluginStart",
-                "text": "LicensingPluginStart"
-              }
+                "docId": "kibSpacesPluginApi",
+                "section": "def-public.SpacesApi",
+                "text": "SpacesApi"
+              },
+              " | undefined"
             ],
             "path": "x-pack/plugins/observability_solution/slo/public/types.ts",
             "deprecated": false,
@@ -725,18 +911,18 @@
           },
           {
             "parentPluginId": "slo",
-            "id": "def-public.SloPublicPluginsStart.embeddable",
+            "id": "def-public.SLOPublicPluginsStart.triggersActionsUi",
             "type": "Object",
             "tags": [],
-            "label": "embeddable",
+            "label": "triggersActionsUi",
             "description": [],
             "signature": [
               {
-                "pluginId": "embeddable",
+                "pluginId": "triggersActionsUi",
                 "scope": "public",
-                "docId": "kibEmbeddablePluginApi",
-                "section": "def-public.EmbeddableStart",
-                "text": "EmbeddableStart"
+                "docId": "kibTriggersActionsUiPluginApi",
+                "section": "def-public.TriggersAndActionsUIPublicPluginStart",
+                "text": "TriggersAndActionsUIPublicPluginStart"
               }
             ],
             "path": "x-pack/plugins/observability_solution/slo/public/types.ts",
@@ -745,7 +931,7 @@
           },
           {
             "parentPluginId": "slo",
-            "id": "def-public.SloPublicPluginsStart.uiActions",
+            "id": "def-public.SLOPublicPluginsStart.uiActions",
             "type": "Object",
             "tags": [],
             "label": "uiActions",
@@ -833,18 +1019,18 @@
           },
           {
             "parentPluginId": "slo",
-            "id": "def-public.SloPublicPluginsStart.presentationUtil",
+            "id": "def-public.SLOPublicPluginsStart.unifiedSearch",
             "type": "Object",
             "tags": [],
-            "label": "presentationUtil",
+            "label": "unifiedSearch",
             "description": [],
             "signature": [
               {
-                "pluginId": "presentationUtil",
+                "pluginId": "unifiedSearch",
                 "scope": "public",
-                "docId": "kibPresentationUtilPluginApi",
-                "section": "def-public.PresentationUtilPluginStart",
-                "text": "PresentationUtilPluginStart"
+                "docId": "kibUnifiedSearchPluginApi",
+                "section": "def-public.UnifiedSearchPublicPluginStart",
+                "text": "UnifiedSearchPublicPluginStart"
               }
             ],
             "path": "x-pack/plugins/observability_solution/slo/public/types.ts",
@@ -853,159 +1039,14 @@
           },
           {
             "parentPluginId": "slo",
-            "id": "def-public.SloPublicPluginsStart.serverless",
+            "id": "def-public.SLOPublicPluginsStart.usageCollection",
             "type": "Object",
             "tags": [],
-            "label": "serverless",
+            "label": "usageCollection",
             "description": [],
             "signature": [
               {
-                "pluginId": "serverless",
-                "scope": "public",
-                "docId": "kibServerlessPluginApi",
-                "section": "def-public.ServerlessPluginStart",
-                "text": "ServerlessPluginStart"
-              },
-              " | undefined"
-            ],
-            "path": "x-pack/plugins/observability_solution/slo/public/types.ts",
-            "deprecated": false,
-            "trackAdoption": false
-          },
-          {
-            "parentPluginId": "slo",
-            "id": "def-public.SloPublicPluginsStart.data",
-            "type": "Object",
-            "tags": [],
-            "label": "data",
-            "description": [],
-            "signature": [
-              {
-                "pluginId": "data",
-                "scope": "public",
-                "docId": "kibDataPluginApi",
-                "section": "def-public.DataPublicPluginStart",
-                "text": "DataPublicPluginStart"
-              }
-            ],
-            "path": "x-pack/plugins/observability_solution/slo/public/types.ts",
-            "deprecated": false,
-            "trackAdoption": false
-          },
-          {
-            "parentPluginId": "slo",
-            "id": "def-public.SloPublicPluginsStart.dataViews",
-            "type": "Object",
-            "tags": [],
-            "label": "dataViews",
-            "description": [],
-            "signature": [
-              {
-                "pluginId": "dataViews",
-                "scope": "public",
-                "docId": "kibDataViewsPluginApi",
-                "section": "def-public.DataViewsServicePublic",
-                "text": "DataViewsServicePublic"
-              }
-            ],
-            "path": "x-pack/plugins/observability_solution/slo/public/types.ts",
-            "deprecated": false,
-            "trackAdoption": false
-          },
-          {
-            "parentPluginId": "slo",
-            "id": "def-public.SloPublicPluginsStart.observabilityAIAssistant",
-            "type": "Object",
-            "tags": [],
-            "label": "observabilityAIAssistant",
-            "description": [],
-            "signature": [
-              {
-                "pluginId": "observabilityAIAssistant",
-                "scope": "public",
-                "docId": "kibObservabilityAIAssistantPluginApi",
-                "section": "def-public.ObservabilityAIAssistantPublicStart",
-                "text": "ObservabilityAIAssistantPublicStart"
-              },
-              " | undefined"
-            ],
-            "path": "x-pack/plugins/observability_solution/slo/public/types.ts",
-            "deprecated": false,
-            "trackAdoption": false
-          },
-          {
-            "parentPluginId": "slo",
-            "id": "def-public.SloPublicPluginsStart.lens",
-            "type": "Object",
-            "tags": [],
-            "label": "lens",
-            "description": [],
-            "signature": [
-              {
-                "pluginId": "lens",
-                "scope": "public",
-                "docId": "kibLensPluginApi",
-                "section": "def-public.LensPublicStart",
-                "text": "LensPublicStart"
-              }
-            ],
-            "path": "x-pack/plugins/observability_solution/slo/public/types.ts",
-            "deprecated": false,
-            "trackAdoption": false
-          },
-          {
-            "parentPluginId": "slo",
-            "id": "def-public.SloPublicPluginsStart.charts",
-            "type": "CompoundType",
-            "tags": [],
-            "label": "charts",
-            "description": [],
-            "signature": [
-              {
-                "pluginId": "charts",
-                "scope": "public",
-                "docId": "kibChartsPluginApi",
-                "section": "def-public.ChartsPluginSetup",
-                "text": "ChartsPluginSetup"
-              },
-              " & { activeCursor: ",
-              "ActiveCursor",
-              "; }"
-            ],
-            "path": "x-pack/plugins/observability_solution/slo/public/types.ts",
-            "deprecated": false,
-            "trackAdoption": false
-          },
-          {
-            "parentPluginId": "slo",
-            "id": "def-public.SloPublicPluginsStart.unifiedSearch",
-            "type": "Object",
-            "tags": [],
-            "label": "unifiedSearch",
-            "description": [],
-            "signature": [
-              {
-                "pluginId": "unifiedSearch",
-                "scope": "public",
-                "docId": "kibUnifiedSearchPluginApi",
-                "section": "def-public.UnifiedSearchPublicPluginStart",
-                "text": "UnifiedSearchPublicPluginStart"
-              }
-            ],
-            "path": "x-pack/plugins/observability_solution/slo/public/types.ts",
-            "deprecated": false,
-            "trackAdoption": false
-          },
-          {
-            "parentPluginId": "slo",
-            "id": "def-public.SloPublicPluginsStart.usageCollection",
-            "type": "Object",
-            "tags": [],
-            "label": "usageCollection",
-            "description": [],
-            "signature": [
-              {
-                "pluginId": "usageCollection",
+                "pluginId": "usageCollection",
                 "scope": "public",
                 "docId": "kibUsageCollectionPluginApi",
                 "section": "def-public.UsageCollectionStart",
@@ -1015,47 +1056,6 @@
             "path": "x-pack/plugins/observability_solution/slo/public/types.ts",
             "deprecated": false,
             "trackAdoption": false
-          },
-          {
-            "parentPluginId": "slo",
-            "id": "def-public.SloPublicPluginsStart.discover",
-            "type": "Object",
-            "tags": [],
-            "label": "discover",
-            "description": [],
-            "signature": [
-              {
-                "pluginId": "discover",
-                "scope": "public",
-                "docId": "kibDiscoverPluginApi",
-                "section": "def-public.DiscoverStart",
-                "text": "DiscoverStart"
-              },
-              " | undefined"
-            ],
-            "path": "x-pack/plugins/observability_solution/slo/public/types.ts",
-            "deprecated": false,
-            "trackAdoption": false
-          },
-          {
-            "parentPluginId": "slo",
-            "id": "def-public.SloPublicPluginsStart.dataViewFieldEditor",
-            "type": "Object",
-            "tags": [],
-            "label": "dataViewFieldEditor",
-            "description": [],
-            "signature": [
-              {
-                "pluginId": "dataViewFieldEditor",
-                "scope": "public",
-                "docId": "kibDataViewFieldEditorPluginApi",
-                "section": "def-public.PluginStart",
-                "text": "PluginStart"
-              }
-            ],
-            "path": "x-pack/plugins/observability_solution/slo/public/types.ts",
-            "deprecated": false,
-            "trackAdoption": false
           }
         ],
         "initialIsOpen": false
@@ -1066,345 +1066,73 @@
     "objects": [],
     "start": {
       "parentPluginId": "slo",
-      "id": "def-public.SloPublicStart",
+      "id": "def-public.SLOPublicStart",
       "type": "Type",
       "tags": [],
-      "label": "SloPublicStart",
+      "label": "SLOPublicStart",
       "description": [],
       "signature": [
-        "{ getCreateSLOFlyout: ({ onClose, initialValues, }: { onClose: () => void; initialValues?: ",
+        "{ getCreateSLOFlyout: React.FunctionComponent<{}>; }"
+      ],
+      "path": "x-pack/plugins/observability_solution/slo/public/types.ts",
+      "deprecated": false,
+      "trackAdoption": false,
+      "lifecycle": "start",
+      "initialIsOpen": true
+    },
+    "setup": {
+      "parentPluginId": "slo",
+      "id": "def-public.SLOPublicSetup",
+      "type": "Type",
+      "tags": [],
+      "label": "SLOPublicSetup",
+      "description": [],
+      "signature": [
+        "{ sloDetailsLocator: ",
         {
-          "pluginId": "@kbn/utility-types",
+          "pluginId": "share",
           "scope": "common",
-          "docId": "kibKbnUtilityTypesPluginApi",
-          "section": "def-common.RecursivePartial",
-          "text": "RecursivePartial"
+          "docId": "kibSharePluginApi",
+          "section": "def-common.LocatorPublic",
+          "text": "LocatorPublic"
         },
         "<",
-        "CreateSLOForm",
-        "<{ type: \"sli.apm.transactionDuration\"; params: { environment: string; service: string; transactionType: string; transactionName: string; threshold: number; index: string; } & { filter?: string | { kqlQuery: string; filters: { meta: { alias?: string | null | undefined; disabled?: boolean | undefined; negate?: boolean | undefined; controlledBy?: string | undefined; group?: string | undefined; index?: string | undefined; isMultiIndex?: boolean | undefined; type?: string | undefined; key?: string | undefined; field?: string | undefined; params?: any; value?: string | undefined; }; query: { [x: string]: any; }; }[]; } | undefined; dataViewId?: string | undefined; }; } | { type: \"sli.apm.transactionErrorRate\"; params: { environment: string; service: string; transactionType: string; transactionName: string; index: string; } & { filter?: string | { kqlQuery: string; filters: { meta: { alias?: string | null | undefined; disabled?: boolean | undefined; negate?: boolean | undefined; controlledBy?: string | undefined; group?: string | undefined; index?: string | undefined; isMultiIndex?: boolean | undefined; type?: string | undefined; key?: string | undefined; field?: string | undefined; params?: any; value?: string | undefined; }; query: { [x: string]: any; }; }[]; } | undefined; dataViewId?: string | undefined; }; } | { type: \"sli.synthetics.availability\"; params: { monitorIds: { value: string; label: string; }[]; index: string; } & { tags?: { value: string; label: string; }[] | undefined; projects?: { value: string; label: string; }[] | undefined; filter?: string | { kqlQuery: string; filters: { meta: { alias?: string | null | undefined; disabled?: boolean | undefined; negate?: boolean | undefined; controlledBy?: string | undefined; group?: string | undefined; index?: string | undefined; isMultiIndex?: boolean | undefined; type?: string | undefined; key?: string | undefined; field?: string | undefined; params?: any; value?: string | undefined; }; query: { [x: string]: any; }; }[]; } | undefined; dataViewId?: string | undefined; }; } | { type: \"sli.kql.custom\"; params: { index: string; good: string | { kqlQuery: string; filters: { meta: { alias?: string | null | undefined; disabled?: boolean | undefined; negate?: boolean | undefined; controlledBy?: string | undefined; group?: string | undefined; index?: string | undefined; isMultiIndex?: boolean | undefined; type?: string | undefined; key?: string | undefined; field?: string | undefined; params?: any; value?: string | undefined; }; query: { [x: string]: any; }; }[]; }; total: string | { kqlQuery: string; filters: { meta: { alias?: string | null | undefined; disabled?: boolean | undefined; negate?: boolean | undefined; controlledBy?: string | undefined; group?: string | undefined; index?: string | undefined; isMultiIndex?: boolean | undefined; type?: string | undefined; key?: string | undefined; field?: string | undefined; params?: any; value?: string | undefined; }; query: { [x: string]: any; }; }[]; }; timestampField: string; } & { filter?: string | { kqlQuery: string; filters: { meta: { alias?: string | null | undefined; disabled?: boolean | undefined; negate?: boolean | undefined; controlledBy?: string | undefined; group?: string | undefined; index?: string | undefined; isMultiIndex?: boolean | undefined; type?: string | undefined; key?: string | undefined; field?: string | undefined; params?: any; value?: string | undefined; }; query: { [x: string]: any; }; }[]; } | undefined; dataViewId?: string | undefined; }; } | { type: \"sli.metric.custom\"; params: { index: string; good: { metrics: (({ name: string; aggregation: \"sum\"; field: string; } & { filter?: string | { kqlQuery: string; filters: { meta: { alias?: string | null | undefined; disabled?: boolean | undefined; negate?: boolean | undefined; controlledBy?: string | undefined; group?: string | undefined; index?: string | undefined; isMultiIndex?: boolean | undefined; type?: string | undefined; key?: string | undefined; field?: string | undefined; params?: any; value?: string | undefined; }; query: { [x: string]: any; }; }[]; } | undefined; }) | ({ name: string; aggregation: \"doc_count\"; } & { filter?: string | { kqlQuery: string; filters: { meta: { alias?: string | null | undefined; disabled?: boolean | undefined; negate?: boolean | undefined; controlledBy?: string | undefined; group?: string | undefined; index?: string | undefined; isMultiIndex?: boolean | undefined; type?: string | undefined; key?: string | undefined; field?: string | undefined; params?: any; value?: string | undefined; }; query: { [x: string]: any; }; }[]; } | undefined; }))[]; equation: string; }; total: { metrics: (({ name: string; aggregation: \"sum\"; field: string; } & { filter?: string | { kqlQuery: string; filters: { meta: { alias?: string | null | undefined; disabled?: boolean | undefined; negate?: boolean | undefined; controlledBy?: string | undefined; group?: string | undefined; index?: string | undefined; isMultiIndex?: boolean | undefined; type?: string | undefined; key?: string | undefined; field?: string | undefined; params?: any; value?: string | undefined; }; query: { [x: string]: any; }; }[]; } | undefined; }) | ({ name: string; aggregation: \"doc_count\"; } & { filter?: string | { kqlQuery: string; filters: { meta: { alias?: string | null | undefined; disabled?: boolean | undefined; negate?: boolean | undefined; controlledBy?: string | undefined; group?: string | undefined; index?: string | undefined; isMultiIndex?: boolean | undefined; type?: string | undefined; key?: string | undefined; field?: string | undefined; params?: any; value?: string | undefined; }; query: { [x: string]: any; }; }[]; } | undefined; }))[]; equation: string; }; timestampField: string; } & { filter?: string | { kqlQuery: string; filters: { meta: { alias?: string | null | undefined; disabled?: boolean | undefined; negate?: boolean | undefined; controlledBy?: string | undefined; group?: string | undefined; index?: string | undefined; isMultiIndex?: boolean | undefined; type?: string | undefined; key?: string | undefined; field?: string | undefined; params?: any; value?: string | undefined; }; query: { [x: string]: any; }; }[]; } | undefined; dataViewId?: string | undefined; }; } | { type: \"sli.metric.timeslice\"; params: { index: string; metric: { metrics: (({ name: string; aggregation: \"min\" | \"max\" | \"sum\" | \"avg\" | \"cardinality\" | \"last_value\" | \"std_deviation\"; field: string; } & { filter?: string | { kqlQuery: string; filters: { meta: { alias?: string | null | undefined; disabled?: boolean | undefined; negate?: boolean | undefined; controlledBy?: string | undefined; group?: string | undefined; index?: string | undefined; isMultiIndex?: boolean | undefined; type?: string | undefined; key?: string | undefined; field?: string | undefined; params?: any; value?: string | undefined; }; query: { [x: string]: any; }; }[]; } | undefined; }) | ({ name: string; aggregation: \"doc_count\"; } & { filter?: string | { kqlQuery: string; filters: { meta: { alias?: string | null | undefined; disabled?: boolean | undefined; negate?: boolean | undefined; controlledBy?: string | undefined; group?: string | undefined; index?: string | undefined; isMultiIndex?: boolean | undefined; type?: string | undefined; key?: string | undefined; field?: string | undefined; params?: any; value?: string | undefined; }; query: { [x: string]: any; }; }[]; } | undefined; }) | ({ name: string; aggregation: \"percentile\"; field: string; percentile: number; } & { filter?: string | { kqlQuery: string; filters: { meta: { alias?: string | null | undefined; disabled?: boolean | undefined; negate?: boolean | undefined; controlledBy?: string | undefined; group?: string | undefined; index?: string | undefined; isMultiIndex?: boolean | undefined; type?: string | undefined; key?: string | undefined; field?: string | undefined; params?: any; value?: string | undefined; }; query: { [x: string]: any; }; }[]; } | undefined; }))[]; equation: string; threshold: number; comparator: \"GT\" | \"GTE\" | \"LT\" | \"LTE\"; }; timestampField: string; } & { filter?: string | { kqlQuery: string; filters: { meta: { alias?: string | null | undefined; disabled?: boolean | undefined; negate?: boolean | undefined; controlledBy?: string | undefined; group?: string | undefined; index?: string | undefined; isMultiIndex?: boolean | undefined; type?: string | undefined; key?: string | undefined; field?: string | undefined; params?: any; value?: string | undefined; }; query: { [x: string]: any; }; }[]; } | undefined; dataViewId?: string | undefined; }; } | { type: \"sli.histogram.custom\"; params: { index: string; timestampField: string; good: ({ field: string; aggregation: \"value_count\"; } & { filter?: string | { kqlQuery: string; filters: { meta: { alias?: string | null | undefined; disabled?: boolean | undefined; negate?: boolean | undefined; controlledBy?: string | undefined; group?: string | undefined; index?: string | undefined; isMultiIndex?: boolean | undefined; type?: string | undefined; key?: string | undefined; field?: string | undefined; params?: any; value?: string | undefined; }; query: { [x: string]: any; }; }[]; } | undefined; }) | ({ field: string; aggregation: \"range\"; from: number; to: number; } & { filter?: string | { kqlQuery: string; filters: { meta: { alias?: string | null | undefined; disabled?: boolean | undefined; negate?: boolean | undefined; controlledBy?: string | undefined; group?: string | undefined; index?: string | undefined; isMultiIndex?: boolean | undefined; type?: string | undefined; key?: string | undefined; field?: string | undefined; params?: any; value?: string | undefined; }; query: { [x: string]: any; }; }[]; } | undefined; }); total: ({ field: string; aggregation: \"value_count\"; } & { filter?: string | { kqlQuery: string; filters: { meta: { alias?: string | null | undefined; disabled?: boolean | undefined; negate?: boolean | undefined; controlledBy?: string | undefined; group?: string | undefined; index?: string | undefined; isMultiIndex?: boolean | undefined; type?: string | undefined; key?: string | undefined; field?: string | undefined; params?: any; value?: string | undefined; }; query: { [x: string]: any; }; }[]; } | undefined; }) | ({ field: string; aggregation: \"range\"; from: number; to: number; } & { filter?: string | { kqlQuery: string; filters: { meta: { alias?: string | null | undefined; disabled?: boolean | undefined; negate?: boolean | undefined; controlledBy?: string | undefined; group?: string | undefined; index?: string | undefined; isMultiIndex?: boolean | undefined; type?: string | undefined; key?: string | undefined; field?: string | undefined; params?: any; value?: string | undefined; }; query: { [x: string]: any; }; }[]; } | undefined; }); } & { filter?: string | { kqlQuery: string; filters: { meta: { alias?: string | null | undefined; disabled?: boolean | undefined; negate?: boolean | undefined; controlledBy?: string | undefined; group?: string | undefined; index?: string | undefined; isMultiIndex?: boolean | undefined; type?: string | undefined; key?: string | undefined; field?: string | undefined; params?: any; value?: string | undefined; }; query: { [x: string]: any; }; }[]; } | undefined; dataViewId?: string | undefined; }; }>> | undefined; }) => React.JSX.Element; }"
+        "SloDetailsLocatorParams",
+        ">; sloEditLocator: ",
+        {
+          "pluginId": "share",
+          "scope": "common",
+          "docId": "kibSharePluginApi",
+          "section": "def-common.LocatorPublic",
+          "text": "LocatorPublic"
+        },
+        "<",
+        "SloEditLocatorParams",
+        ">; sloListLocator: ",
+        {
+          "pluginId": "share",
+          "scope": "common",
+          "docId": "kibSharePluginApi",
+          "section": "def-common.LocatorPublic",
+          "text": "LocatorPublic"
+        },
+        "<",
+        "SloListLocatorParams",
+        ">; }"
       ],
       "path": "x-pack/plugins/observability_solution/slo/public/types.ts",
       "deprecated": false,
       "trackAdoption": false,
-      "lifecycle": "start",
+      "lifecycle": "setup",
       "initialIsOpen": true
     }
   },
   "server": {
     "classes": [],
     "functions": [],
-    "interfaces": [
-      {
-        "parentPluginId": "slo",
-        "id": "def-server.PluginSetup",
-        "type": "Interface",
-        "tags": [],
-        "label": "PluginSetup",
-        "description": [],
-        "path": "x-pack/plugins/observability_solution/slo/server/plugin.ts",
-        "deprecated": false,
-        "trackAdoption": false,
-        "children": [
-          {
-            "parentPluginId": "slo",
-            "id": "def-server.PluginSetup.alerting",
-            "type": "Object",
-            "tags": [],
-            "label": "alerting",
-            "description": [],
-            "signature": [
-              {
-                "pluginId": "alerting",
-                "scope": "server",
-                "docId": "kibAlertingPluginApi",
-                "section": "def-server.PluginSetupContract",
-                "text": "PluginSetupContract"
-              }
-            ],
-            "path": "x-pack/plugins/observability_solution/slo/server/plugin.ts",
-            "deprecated": false,
-            "trackAdoption": false
-          },
-          {
-            "parentPluginId": "slo",
-            "id": "def-server.PluginSetup.ruleRegistry",
-            "type": "Object",
-            "tags": [],
-            "label": "ruleRegistry",
-            "description": [],
-            "signature": [
-              {
-                "pluginId": "ruleRegistry",
-                "scope": "server",
-                "docId": "kibRuleRegistryPluginApi",
-                "section": "def-server.RuleRegistryPluginSetupContract",
-                "text": "RuleRegistryPluginSetupContract"
-              }
-            ],
-            "path": "x-pack/plugins/observability_solution/slo/server/plugin.ts",
-            "deprecated": false,
-            "trackAdoption": false
-          },
-          {
-            "parentPluginId": "slo",
-            "id": "def-server.PluginSetup.share",
-            "type": "Object",
-            "tags": [],
-            "label": "share",
-            "description": [],
-            "signature": [
-              {
-                "pluginId": "share",
-                "scope": "server",
-                "docId": "kibSharePluginApi",
-                "section": "def-server.SharePublicSetup",
-                "text": "SharePublicSetup"
-              }
-            ],
-            "path": "x-pack/plugins/observability_solution/slo/server/plugin.ts",
-            "deprecated": false,
-            "trackAdoption": false
-          },
-          {
-            "parentPluginId": "slo",
-            "id": "def-server.PluginSetup.features",
-            "type": "Object",
-            "tags": [],
-            "label": "features",
-            "description": [],
-            "signature": [
-              {
-                "pluginId": "features",
-                "scope": "server",
-                "docId": "kibFeaturesPluginApi",
-                "section": "def-server.FeaturesPluginSetup",
-                "text": "FeaturesPluginSetup"
-              }
-            ],
-            "path": "x-pack/plugins/observability_solution/slo/server/plugin.ts",
-            "deprecated": false,
-            "trackAdoption": false
-          },
-          {
-            "parentPluginId": "slo",
-            "id": "def-server.PluginSetup.taskManager",
-            "type": "Object",
-            "tags": [],
-            "label": "taskManager",
-            "description": [],
-            "signature": [
-              {
-                "pluginId": "taskManager",
-                "scope": "server",
-                "docId": "kibTaskManagerPluginApi",
-                "section": "def-server.TaskManagerSetupContract",
-                "text": "TaskManagerSetupContract"
-              }
-            ],
-            "path": "x-pack/plugins/observability_solution/slo/server/plugin.ts",
-            "deprecated": false,
-            "trackAdoption": false
-          },
-          {
-            "parentPluginId": "slo",
-            "id": "def-server.PluginSetup.spaces",
-            "type": "Object",
-            "tags": [],
-            "label": "spaces",
-            "description": [],
-            "signature": [
-              {
-                "pluginId": "spaces",
-                "scope": "server",
-                "docId": "kibSpacesPluginApi",
-                "section": "def-server.SpacesPluginSetup",
-                "text": "SpacesPluginSetup"
-              },
-              " | undefined"
-            ],
-            "path": "x-pack/plugins/observability_solution/slo/server/plugin.ts",
-            "deprecated": false,
-            "trackAdoption": false
-          },
-          {
-            "parentPluginId": "slo",
-            "id": "def-server.PluginSetup.cloud",
-            "type": "Object",
-            "tags": [],
-            "label": "cloud",
-            "description": [],
-            "signature": [
-              {
-                "pluginId": "cloud",
-                "scope": "server",
-                "docId": "kibCloudPluginApi",
-                "section": "def-server.CloudSetup",
-                "text": "CloudSetup"
-              },
-              " | undefined"
-            ],
-            "path": "x-pack/plugins/observability_solution/slo/server/plugin.ts",
-            "deprecated": false,
-            "trackAdoption": false
-          },
-          {
-            "parentPluginId": "slo",
-            "id": "def-server.PluginSetup.usageCollection",
-            "type": "CompoundType",
-            "tags": [],
-            "label": "usageCollection",
-            "description": [],
-            "signature": [
-              {
-                "pluginId": "usageCollection",
-                "scope": "server",
-                "docId": "kibUsageCollectionPluginApi",
-                "section": "def-server.ICollectorSet",
-                "text": "ICollectorSet"
-              },
-              " & ",
-              "UsageCountersServiceSetup"
-            ],
-            "path": "x-pack/plugins/observability_solution/slo/server/plugin.ts",
-            "deprecated": false,
-            "trackAdoption": false
-          }
-        ],
-        "initialIsOpen": false
-      },
-      {
-        "parentPluginId": "slo",
-        "id": "def-server.PluginStart",
-        "type": "Interface",
-        "tags": [],
-        "label": "PluginStart",
-        "description": [],
-        "path": "x-pack/plugins/observability_solution/slo/server/plugin.ts",
-        "deprecated": false,
-        "trackAdoption": false,
-        "children": [
-          {
-            "parentPluginId": "slo",
-            "id": "def-server.PluginStart.alerting",
-            "type": "Object",
-            "tags": [],
-            "label": "alerting",
-            "description": [],
-            "signature": [
-              {
-                "pluginId": "alerting",
-                "scope": "server",
-                "docId": "kibAlertingPluginApi",
-                "section": "def-server.PluginStartContract",
-                "text": "PluginStartContract"
-              }
-            ],
-            "path": "x-pack/plugins/observability_solution/slo/server/plugin.ts",
-            "deprecated": false,
-            "trackAdoption": false
-          },
-          {
-            "parentPluginId": "slo",
-            "id": "def-server.PluginStart.taskManager",
-            "type": "CompoundType",
-            "tags": [],
-            "label": "taskManager",
-            "description": [],
-            "signature": [
-              "Pick<",
-              "TaskScheduling",
-              ", \"schedule\" | \"runSoon\" | \"bulkEnable\" | \"ephemeralRunNow\" | \"ensureScheduled\" | \"bulkUpdateSchedules\" | \"bulkDisable\" | \"bulkSchedule\" | \"bulkUpdateState\"> & Pick<",
-              "TaskStore",
-              ", \"get\" | \"aggregate\" | \"fetch\" | \"remove\" | \"bulkRemove\"> & { removeIfExists: (id: string) => Promise<void>; } & { supportsEphemeralTasks: () => boolean; getRegisteredTypes: () => string[]; }"
-            ],
-            "path": "x-pack/plugins/observability_solution/slo/server/plugin.ts",
-            "deprecated": false,
-            "trackAdoption": false
-          },
-          {
-            "parentPluginId": "slo",
-            "id": "def-server.PluginStart.spaces",
-            "type": "Object",
-            "tags": [],
-            "label": "spaces",
-            "description": [],
-            "signature": [
-              {
-                "pluginId": "spaces",
-                "scope": "server",
-                "docId": "kibSpacesPluginApi",
-                "section": "def-server.SpacesPluginStart",
-                "text": "SpacesPluginStart"
-              },
-              " | undefined"
-            ],
-            "path": "x-pack/plugins/observability_solution/slo/server/plugin.ts",
-            "deprecated": false,
-            "trackAdoption": false
-          },
-          {
-            "parentPluginId": "slo",
-            "id": "def-server.PluginStart.ruleRegistry",
-            "type": "Object",
-            "tags": [],
-            "label": "ruleRegistry",
-            "description": [],
-            "signature": [
-              {
-                "pluginId": "ruleRegistry",
-                "scope": "server",
-                "docId": "kibRuleRegistryPluginApi",
-                "section": "def-server.RuleRegistryPluginStartContract",
-                "text": "RuleRegistryPluginStartContract"
-              }
-            ],
-            "path": "x-pack/plugins/observability_solution/slo/server/plugin.ts",
-            "deprecated": false,
-            "trackAdoption": false
-          },
-          {
-            "parentPluginId": "slo",
-            "id": "def-server.PluginStart.dataViews",
-            "type": "Object",
-            "tags": [],
-            "label": "dataViews",
-            "description": [],
-            "signature": [
-              {
-                "pluginId": "dataViews",
-                "scope": "server",
-                "docId": "kibDataViewsPluginApi",
-                "section": "def-server.DataViewsServerPluginStart",
-                "text": "DataViewsServerPluginStart"
-              }
-            ],
-            "path": "x-pack/plugins/observability_solution/slo/server/plugin.ts",
-            "deprecated": false,
-            "trackAdoption": false
-          }
-        ],
-        "initialIsOpen": false
-      }
-    ],
+    "interfaces": [],
     "enums": [],
-    "misc": [
-      {
-        "parentPluginId": "slo",
-        "id": "def-server.SloConfig",
-        "type": "Type",
-        "tags": [],
-        "label": "SloConfig",
-        "description": [],
-        "signature": [
-          "{ readonly experimental?: Readonly<{} & { ruleFormV2: Readonly<{} & { enabled: boolean; }>; }> | undefined; readonly enabled: boolean; readonly sloOrphanSummaryCleanUpTaskEnabled: boolean; }"
-        ],
-        "path": "x-pack/plugins/observability_solution/slo/common/config.ts",
-        "deprecated": false,
-        "trackAdoption": false,
-        "initialIsOpen": false
-      }
-    ],
+    "misc": [],
     "objects": []
   },
   "common": {
diff --git a/api_docs/slo.mdx b/api_docs/slo.mdx
index 25f86f6999c9d..8ad021169e1e5 100644
--- a/api_docs/slo.mdx
+++ b/api_docs/slo.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/slo
 title: "slo"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the slo plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'slo']
 ---
 import sloObj from './slo.devdocs.json';
@@ -21,24 +21,19 @@ Contact [@elastic/obs-ux-management-team](https://github.com/orgs/elastic/teams/
 
 | Public API count  | Any count | Items lacking comments | Missing exports |
 |-------------------|-----------|------------------------|-----------------|
-| 59 | 0 | 59 | 1 |
+| 44 | 0 | 44 | 3 |
 
 ## Client
 
+### Setup
+<DocDefinitionList data={[sloObj.client.setup]}/>
+
 ### Start
 <DocDefinitionList data={[sloObj.client.start]}/>
 
 ### Interfaces
 <DocDefinitionList data={sloObj.client.interfaces}/>
 
-## Server
-
-### Interfaces
-<DocDefinitionList data={sloObj.server.interfaces}/>
-
-### Consts, variables and types
-<DocDefinitionList data={sloObj.server.misc}/>
-
 ## Common
 
 ### Objects
diff --git a/api_docs/snapshot_restore.mdx b/api_docs/snapshot_restore.mdx
index 0db83bcf54f2f..f30bc1f6f037b 100644
--- a/api_docs/snapshot_restore.mdx
+++ b/api_docs/snapshot_restore.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/snapshotRestore
 title: "snapshotRestore"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the snapshotRestore plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'snapshotRestore']
 ---
 import snapshotRestoreObj from './snapshot_restore.devdocs.json';
diff --git a/api_docs/spaces.mdx b/api_docs/spaces.mdx
index b0cd89257784f..cd15ceb225006 100644
--- a/api_docs/spaces.mdx
+++ b/api_docs/spaces.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/spaces
 title: "spaces"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the spaces plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'spaces']
 ---
 import spacesObj from './spaces.devdocs.json';
diff --git a/api_docs/stack_alerts.mdx b/api_docs/stack_alerts.mdx
index ffe989d464af3..26aeaab24c3a9 100644
--- a/api_docs/stack_alerts.mdx
+++ b/api_docs/stack_alerts.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/stackAlerts
 title: "stackAlerts"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the stackAlerts plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'stackAlerts']
 ---
 import stackAlertsObj from './stack_alerts.devdocs.json';
diff --git a/api_docs/stack_connectors.mdx b/api_docs/stack_connectors.mdx
index 5c1c4923420bc..a98f06da5a58f 100644
--- a/api_docs/stack_connectors.mdx
+++ b/api_docs/stack_connectors.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/stackConnectors
 title: "stackConnectors"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the stackConnectors plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'stackConnectors']
 ---
 import stackConnectorsObj from './stack_connectors.devdocs.json';
diff --git a/api_docs/streams.devdocs.json b/api_docs/streams.devdocs.json
new file mode 100644
index 0000000000000..02800505b0823
--- /dev/null
+++ b/api_docs/streams.devdocs.json
@@ -0,0 +1,453 @@
+{
+  "id": "streams",
+  "client": {
+    "classes": [],
+    "functions": [],
+    "interfaces": [],
+    "enums": [],
+    "misc": [],
+    "objects": []
+  },
+  "server": {
+    "classes": [],
+    "functions": [],
+    "interfaces": [],
+    "enums": [],
+    "misc": [
+      {
+        "parentPluginId": "streams",
+        "id": "def-server.StreamsConfig",
+        "type": "Type",
+        "tags": [],
+        "label": "StreamsConfig",
+        "description": [],
+        "signature": [
+          "{}"
+        ],
+        "path": "x-pack/plugins/streams/common/config.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "initialIsOpen": false
+      },
+      {
+        "parentPluginId": "streams",
+        "id": "def-server.StreamsRouteRepository",
+        "type": "Type",
+        "tags": [],
+        "label": "StreamsRouteRepository",
+        "description": [],
+        "signature": [
+          "{ \"GET /api/streams 2023-10-31\": ",
+          {
+            "pluginId": "@kbn/server-route-repository-utils",
+            "scope": "common",
+            "docId": "kibKbnServerRouteRepositoryUtilsPluginApi",
+            "section": "def-common.ServerRoute",
+            "text": "ServerRoute"
+          },
+          "<\"GET /api/streams 2023-10-31\", Zod.ZodObject<{}, \"strip\", Zod.ZodTypeAny, {}, {}>, ",
+          "StreamsRouteHandlerResources",
+          ", ",
+          {
+            "pluginId": "@kbn/core-http-server",
+            "scope": "server",
+            "docId": "kibKbnCoreHttpServerPluginApi",
+            "section": "def-server.IKibanaResponse",
+            "text": "IKibanaResponse"
+          },
+          "<any>, ",
+          {
+            "pluginId": "@kbn/server-route-repository-utils",
+            "scope": "common",
+            "docId": "kibKbnServerRouteRepositoryUtilsPluginApi",
+            "section": "def-common.DefaultRouteCreateOptions",
+            "text": "DefaultRouteCreateOptions"
+          },
+          ">; \"DELETE /api/streams/{id} 2023-10-31\": ",
+          {
+            "pluginId": "@kbn/server-route-repository-utils",
+            "scope": "common",
+            "docId": "kibKbnServerRouteRepositoryUtilsPluginApi",
+            "section": "def-common.ServerRoute",
+            "text": "ServerRoute"
+          },
+          "<\"DELETE /api/streams/{id} 2023-10-31\", Zod.ZodObject<{ path: Zod.ZodObject<{ id: Zod.ZodString; }, \"strip\", Zod.ZodTypeAny, { id: string; }, { id: string; }>; }, \"strip\", Zod.ZodTypeAny, { path: { id: string; }; }, { path: { id: string; }; }>, ",
+          "StreamsRouteHandlerResources",
+          ", ",
+          {
+            "pluginId": "@kbn/core-http-server",
+            "scope": "server",
+            "docId": "kibKbnCoreHttpServerPluginApi",
+            "section": "def-server.IKibanaResponse",
+            "text": "IKibanaResponse"
+          },
+          "<any>, ",
+          {
+            "pluginId": "@kbn/server-route-repository-utils",
+            "scope": "common",
+            "docId": "kibKbnServerRouteRepositoryUtilsPluginApi",
+            "section": "def-common.DefaultRouteCreateOptions",
+            "text": "DefaultRouteCreateOptions"
+          },
+          ">; \"PUT /api/streams/{id} 2023-10-31\": ",
+          {
+            "pluginId": "@kbn/server-route-repository-utils",
+            "scope": "common",
+            "docId": "kibKbnServerRouteRepositoryUtilsPluginApi",
+            "section": "def-common.ServerRoute",
+            "text": "ServerRoute"
+          },
+          "<\"PUT /api/streams/{id} 2023-10-31\", Zod.ZodObject<{ path: Zod.ZodObject<{ id: Zod.ZodString; }, \"strip\", Zod.ZodTypeAny, { id: string; }, { id: string; }>; body: Zod.ZodObject<{ processing: Zod.ZodDefault<Zod.ZodArray<Zod.ZodObject<{ condition: Zod.ZodOptional<Zod.ZodType<",
+          "Condition",
+          ", Zod.ZodTypeDef, ",
+          "Condition",
+          ">>; config: Zod.ZodDiscriminatedUnion<\"type\", [Zod.ZodObject<{ type: Zod.ZodLiteral<\"grok\">; field: Zod.ZodString; patterns: Zod.ZodArray<Zod.ZodString, \"many\">; pattern_definitions: Zod.ZodOptional<Zod.ZodRecord<Zod.ZodString, Zod.ZodString>>; }, \"strip\", Zod.ZodTypeAny, { type: \"grok\"; field: string; patterns: string[]; pattern_definitions?: Record<string, string> | undefined; }, { type: \"grok\"; field: string; patterns: string[]; pattern_definitions?: Record<string, string> | undefined; }>, Zod.ZodObject<{ type: Zod.ZodLiteral<\"dissect\">; field: Zod.ZodString; pattern: Zod.ZodString; }, \"strip\", Zod.ZodTypeAny, { type: \"dissect\"; field: string; pattern: string; }, { type: \"dissect\"; field: string; pattern: string; }>]>; }, \"strip\", Zod.ZodTypeAny, { config: { type: \"grok\"; field: string; patterns: string[]; pattern_definitions?: Record<string, string> | undefined; } | { type: \"dissect\"; field: string; pattern: string; }; condition?: ",
+          "Condition",
+          "; }, { config: { type: \"grok\"; field: string; patterns: string[]; pattern_definitions?: Record<string, string> | undefined; } | { type: \"dissect\"; field: string; pattern: string; }; condition?: ",
+          "Condition",
+          "; }>, \"many\">>; fields: Zod.ZodDefault<Zod.ZodArray<Zod.ZodObject<{ name: Zod.ZodString; type: Zod.ZodEnum<[\"keyword\", \"match_only_text\", \"long\", \"double\", \"date\", \"boolean\", \"ip\"]>; }, \"strip\", Zod.ZodTypeAny, { type: \"boolean\" | \"ip\" | \"keyword\" | \"date\" | \"long\" | \"double\" | \"match_only_text\"; name: string; }, { type: \"boolean\" | \"ip\" | \"keyword\" | \"date\" | \"long\" | \"double\" | \"match_only_text\"; name: string; }>, \"many\">>; children: Zod.ZodDefault<Zod.ZodArray<Zod.ZodObject<{ id: Zod.ZodString; condition: Zod.ZodType<",
+          "Condition",
+          ", Zod.ZodTypeDef, ",
+          "Condition",
+          ">; }, \"strip\", Zod.ZodTypeAny, { id: string; condition?: ",
+          "Condition",
+          "; }, { id: string; condition?: ",
+          "Condition",
+          "; }>, \"many\">>; }, \"strip\", Zod.ZodTypeAny, { children: { id: string; condition?: ",
+          "Condition",
+          "; }[]; fields: { type: \"boolean\" | \"ip\" | \"keyword\" | \"date\" | \"long\" | \"double\" | \"match_only_text\"; name: string; }[]; processing: { config: { type: \"grok\"; field: string; patterns: string[]; pattern_definitions?: Record<string, string> | undefined; } | { type: \"dissect\"; field: string; pattern: string; }; condition?: ",
+          "Condition",
+          "; }[]; }, { children?: { id: string; condition?: ",
+          "Condition",
+          "; }[] | undefined; fields?: { type: \"boolean\" | \"ip\" | \"keyword\" | \"date\" | \"long\" | \"double\" | \"match_only_text\"; name: string; }[] | undefined; processing?: { config: { type: \"grok\"; field: string; patterns: string[]; pattern_definitions?: Record<string, string> | undefined; } | { type: \"dissect\"; field: string; pattern: string; }; condition?: ",
+          "Condition",
+          "; }[] | undefined; }>; }, \"strip\", Zod.ZodTypeAny, { path: { id: string; }; body: { children: { id: string; condition?: ",
+          "Condition",
+          "; }[]; fields: { type: \"boolean\" | \"ip\" | \"keyword\" | \"date\" | \"long\" | \"double\" | \"match_only_text\"; name: string; }[]; processing: { config: { type: \"grok\"; field: string; patterns: string[]; pattern_definitions?: Record<string, string> | undefined; } | { type: \"dissect\"; field: string; pattern: string; }; condition?: ",
+          "Condition",
+          "; }[]; }; }, { path: { id: string; }; body: { children?: { id: string; condition?: ",
+          "Condition",
+          "; }[] | undefined; fields?: { type: \"boolean\" | \"ip\" | \"keyword\" | \"date\" | \"long\" | \"double\" | \"match_only_text\"; name: string; }[] | undefined; processing?: { config: { type: \"grok\"; field: string; patterns: string[]; pattern_definitions?: Record<string, string> | undefined; } | { type: \"dissect\"; field: string; pattern: string; }; condition?: ",
+          "Condition",
+          "; }[] | undefined; }; }>, ",
+          "StreamsRouteHandlerResources",
+          ", ",
+          {
+            "pluginId": "@kbn/core-http-server",
+            "scope": "server",
+            "docId": "kibKbnCoreHttpServerPluginApi",
+            "section": "def-server.IKibanaResponse",
+            "text": "IKibanaResponse"
+          },
+          "<any>, ",
+          {
+            "pluginId": "@kbn/server-route-repository-utils",
+            "scope": "common",
+            "docId": "kibKbnServerRouteRepositoryUtilsPluginApi",
+            "section": "def-common.DefaultRouteCreateOptions",
+            "text": "DefaultRouteCreateOptions"
+          },
+          ">; \"GET /api/streams/{id} 2023-10-31\": ",
+          {
+            "pluginId": "@kbn/server-route-repository-utils",
+            "scope": "common",
+            "docId": "kibKbnServerRouteRepositoryUtilsPluginApi",
+            "section": "def-common.ServerRoute",
+            "text": "ServerRoute"
+          },
+          "<\"GET /api/streams/{id} 2023-10-31\", Zod.ZodObject<{ path: Zod.ZodObject<{ id: Zod.ZodString; }, \"strip\", Zod.ZodTypeAny, { id: string; }, { id: string; }>; }, \"strip\", Zod.ZodTypeAny, { path: { id: string; }; }, { path: { id: string; }; }>, ",
+          "StreamsRouteHandlerResources",
+          ", ",
+          {
+            "pluginId": "@kbn/core-http-server",
+            "scope": "server",
+            "docId": "kibKbnCoreHttpServerPluginApi",
+            "section": "def-server.IKibanaResponse",
+            "text": "IKibanaResponse"
+          },
+          "<any>, ",
+          {
+            "pluginId": "@kbn/server-route-repository-utils",
+            "scope": "common",
+            "docId": "kibKbnServerRouteRepositoryUtilsPluginApi",
+            "section": "def-common.DefaultRouteCreateOptions",
+            "text": "DefaultRouteCreateOptions"
+          },
+          ">; \"POST /api/streams/{id}/_fork 2023-10-31\": ",
+          {
+            "pluginId": "@kbn/server-route-repository-utils",
+            "scope": "common",
+            "docId": "kibKbnServerRouteRepositoryUtilsPluginApi",
+            "section": "def-common.ServerRoute",
+            "text": "ServerRoute"
+          },
+          "<\"POST /api/streams/{id}/_fork 2023-10-31\", Zod.ZodObject<{ path: Zod.ZodObject<{ id: Zod.ZodString; }, \"strip\", Zod.ZodTypeAny, { id: string; }, { id: string; }>; body: Zod.ZodObject<{ stream: Zod.ZodObject<Omit<Zod.objectUtil.extendShape<{ processing: Zod.ZodDefault<Zod.ZodArray<Zod.ZodObject<{ condition: Zod.ZodOptional<Zod.ZodType<",
+          "Condition",
+          ", Zod.ZodTypeDef, ",
+          "Condition",
+          ">>; config: Zod.ZodDiscriminatedUnion<\"type\", [Zod.ZodObject<{ type: Zod.ZodLiteral<\"grok\">; field: Zod.ZodString; patterns: Zod.ZodArray<Zod.ZodString, \"many\">; pattern_definitions: Zod.ZodOptional<Zod.ZodRecord<Zod.ZodString, Zod.ZodString>>; }, \"strip\", Zod.ZodTypeAny, { type: \"grok\"; field: string; patterns: string[]; pattern_definitions?: Record<string, string> | undefined; }, { type: \"grok\"; field: string; patterns: string[]; pattern_definitions?: Record<string, string> | undefined; }>, Zod.ZodObject<{ type: Zod.ZodLiteral<\"dissect\">; field: Zod.ZodString; pattern: Zod.ZodString; }, \"strip\", Zod.ZodTypeAny, { type: \"dissect\"; field: string; pattern: string; }, { type: \"dissect\"; field: string; pattern: string; }>]>; }, \"strip\", Zod.ZodTypeAny, { config: { type: \"grok\"; field: string; patterns: string[]; pattern_definitions?: Record<string, string> | undefined; } | { type: \"dissect\"; field: string; pattern: string; }; condition?: ",
+          "Condition",
+          "; }, { config: { type: \"grok\"; field: string; patterns: string[]; pattern_definitions?: Record<string, string> | undefined; } | { type: \"dissect\"; field: string; pattern: string; }; condition?: ",
+          "Condition",
+          "; }>, \"many\">>; fields: Zod.ZodDefault<Zod.ZodArray<Zod.ZodObject<{ name: Zod.ZodString; type: Zod.ZodEnum<[\"keyword\", \"match_only_text\", \"long\", \"double\", \"date\", \"boolean\", \"ip\"]>; }, \"strip\", Zod.ZodTypeAny, { type: \"boolean\" | \"ip\" | \"keyword\" | \"date\" | \"long\" | \"double\" | \"match_only_text\"; name: string; }, { type: \"boolean\" | \"ip\" | \"keyword\" | \"date\" | \"long\" | \"double\" | \"match_only_text\"; name: string; }>, \"many\">>; children: Zod.ZodDefault<Zod.ZodArray<Zod.ZodObject<{ id: Zod.ZodString; condition: Zod.ZodType<",
+          "Condition",
+          ", Zod.ZodTypeDef, ",
+          "Condition",
+          ">; }, \"strip\", Zod.ZodTypeAny, { id: string; condition?: ",
+          "Condition",
+          "; }, { id: string; condition?: ",
+          "Condition",
+          "; }>, \"many\">>; }, { id: Zod.ZodString; }>, \"children\">, \"strip\", Zod.ZodTypeAny, { id: string; fields: { type: \"boolean\" | \"ip\" | \"keyword\" | \"date\" | \"long\" | \"double\" | \"match_only_text\"; name: string; }[]; processing: { config: { type: \"grok\"; field: string; patterns: string[]; pattern_definitions?: Record<string, string> | undefined; } | { type: \"dissect\"; field: string; pattern: string; }; condition?: ",
+          "Condition",
+          "; }[]; }, { id: string; fields?: { type: \"boolean\" | \"ip\" | \"keyword\" | \"date\" | \"long\" | \"double\" | \"match_only_text\"; name: string; }[] | undefined; processing?: { config: { type: \"grok\"; field: string; patterns: string[]; pattern_definitions?: Record<string, string> | undefined; } | { type: \"dissect\"; field: string; pattern: string; }; condition?: ",
+          "Condition",
+          "; }[] | undefined; }>; condition: Zod.ZodType<",
+          "Condition",
+          ", Zod.ZodTypeDef, ",
+          "Condition",
+          ">; }, \"strip\", Zod.ZodTypeAny, { stream: { id: string; fields: { type: \"boolean\" | \"ip\" | \"keyword\" | \"date\" | \"long\" | \"double\" | \"match_only_text\"; name: string; }[]; processing: { config: { type: \"grok\"; field: string; patterns: string[]; pattern_definitions?: Record<string, string> | undefined; } | { type: \"dissect\"; field: string; pattern: string; }; condition?: ",
+          "Condition",
+          "; }[]; }; condition?: ",
+          "Condition",
+          "; }, { stream: { id: string; fields?: { type: \"boolean\" | \"ip\" | \"keyword\" | \"date\" | \"long\" | \"double\" | \"match_only_text\"; name: string; }[] | undefined; processing?: { config: { type: \"grok\"; field: string; patterns: string[]; pattern_definitions?: Record<string, string> | undefined; } | { type: \"dissect\"; field: string; pattern: string; }; condition?: ",
+          "Condition",
+          "; }[] | undefined; }; condition?: ",
+          "Condition",
+          "; }>; }, \"strip\", Zod.ZodTypeAny, { path: { id: string; }; body: { stream: { id: string; fields: { type: \"boolean\" | \"ip\" | \"keyword\" | \"date\" | \"long\" | \"double\" | \"match_only_text\"; name: string; }[]; processing: { config: { type: \"grok\"; field: string; patterns: string[]; pattern_definitions?: Record<string, string> | undefined; } | { type: \"dissect\"; field: string; pattern: string; }; condition?: ",
+          "Condition",
+          "; }[]; }; condition?: ",
+          "Condition",
+          "; }; }, { path: { id: string; }; body: { stream: { id: string; fields?: { type: \"boolean\" | \"ip\" | \"keyword\" | \"date\" | \"long\" | \"double\" | \"match_only_text\"; name: string; }[] | undefined; processing?: { config: { type: \"grok\"; field: string; patterns: string[]; pattern_definitions?: Record<string, string> | undefined; } | { type: \"dissect\"; field: string; pattern: string; }; condition?: ",
+          "Condition",
+          "; }[] | undefined; }; condition?: ",
+          "Condition",
+          "; }; }>, ",
+          "StreamsRouteHandlerResources",
+          ", ",
+          {
+            "pluginId": "@kbn/core-http-server",
+            "scope": "server",
+            "docId": "kibKbnCoreHttpServerPluginApi",
+            "section": "def-server.IKibanaResponse",
+            "text": "IKibanaResponse"
+          },
+          "<any>, ",
+          {
+            "pluginId": "@kbn/server-route-repository-utils",
+            "scope": "common",
+            "docId": "kibKbnServerRouteRepositoryUtilsPluginApi",
+            "section": "def-common.DefaultRouteCreateOptions",
+            "text": "DefaultRouteCreateOptions"
+          },
+          ">; \"POST /api/streams/_resync 2023-10-31\": ",
+          {
+            "pluginId": "@kbn/server-route-repository-utils",
+            "scope": "common",
+            "docId": "kibKbnServerRouteRepositoryUtilsPluginApi",
+            "section": "def-common.ServerRoute",
+            "text": "ServerRoute"
+          },
+          "<\"POST /api/streams/_resync 2023-10-31\", Zod.ZodObject<{}, \"strip\", Zod.ZodTypeAny, {}, {}>, ",
+          "StreamsRouteHandlerResources",
+          ", ",
+          {
+            "pluginId": "@kbn/core-http-server",
+            "scope": "server",
+            "docId": "kibKbnCoreHttpServerPluginApi",
+            "section": "def-server.IKibanaResponse",
+            "text": "IKibanaResponse"
+          },
+          "<any>, ",
+          {
+            "pluginId": "@kbn/server-route-repository-utils",
+            "scope": "common",
+            "docId": "kibKbnServerRouteRepositoryUtilsPluginApi",
+            "section": "def-common.DefaultRouteCreateOptions",
+            "text": "DefaultRouteCreateOptions"
+          },
+          ">; \"POST /api/streams/_enable 2023-10-31\": ",
+          {
+            "pluginId": "@kbn/server-route-repository-utils",
+            "scope": "common",
+            "docId": "kibKbnServerRouteRepositoryUtilsPluginApi",
+            "section": "def-common.ServerRoute",
+            "text": "ServerRoute"
+          },
+          "<\"POST /api/streams/_enable 2023-10-31\", Zod.ZodObject<{}, \"strip\", Zod.ZodTypeAny, {}, {}>, ",
+          "StreamsRouteHandlerResources",
+          ", ",
+          {
+            "pluginId": "@kbn/core-http-server",
+            "scope": "server",
+            "docId": "kibKbnCoreHttpServerPluginApi",
+            "section": "def-server.IKibanaResponse",
+            "text": "IKibanaResponse"
+          },
+          "<any>, ",
+          {
+            "pluginId": "@kbn/server-route-repository-utils",
+            "scope": "common",
+            "docId": "kibKbnServerRouteRepositoryUtilsPluginApi",
+            "section": "def-common.DefaultRouteCreateOptions",
+            "text": "DefaultRouteCreateOptions"
+          },
+          ">; }"
+        ],
+        "path": "x-pack/plugins/streams/server/routes/index.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "initialIsOpen": false
+      }
+    ],
+    "objects": [
+      {
+        "parentPluginId": "streams",
+        "id": "def-server.StreamsRouteRepository",
+        "type": "Object",
+        "tags": [],
+        "label": "StreamsRouteRepository",
+        "description": [],
+        "path": "x-pack/plugins/streams/server/routes/index.ts",
+        "deprecated": false,
+        "trackAdoption": false,
+        "children": [
+          {
+            "parentPluginId": "streams",
+            "id": "def-server.StreamsRouteRepository.Unnamed",
+            "type": "Any",
+            "tags": [],
+            "label": "Unnamed",
+            "description": [],
+            "signature": [
+              "any"
+            ],
+            "path": "x-pack/plugins/streams/server/routes/index.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "streams",
+            "id": "def-server.StreamsRouteRepository.Unnamed",
+            "type": "Any",
+            "tags": [],
+            "label": "Unnamed",
+            "description": [],
+            "signature": [
+              "any"
+            ],
+            "path": "x-pack/plugins/streams/server/routes/index.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "streams",
+            "id": "def-server.StreamsRouteRepository.Unnamed",
+            "type": "Any",
+            "tags": [],
+            "label": "Unnamed",
+            "description": [],
+            "signature": [
+              "any"
+            ],
+            "path": "x-pack/plugins/streams/server/routes/index.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "streams",
+            "id": "def-server.StreamsRouteRepository.Unnamed",
+            "type": "Any",
+            "tags": [],
+            "label": "Unnamed",
+            "description": [],
+            "signature": [
+              "any"
+            ],
+            "path": "x-pack/plugins/streams/server/routes/index.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "streams",
+            "id": "def-server.StreamsRouteRepository.Unnamed",
+            "type": "Any",
+            "tags": [],
+            "label": "Unnamed",
+            "description": [],
+            "signature": [
+              "any"
+            ],
+            "path": "x-pack/plugins/streams/server/routes/index.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "streams",
+            "id": "def-server.StreamsRouteRepository.Unnamed",
+            "type": "Any",
+            "tags": [],
+            "label": "Unnamed",
+            "description": [],
+            "signature": [
+              "any"
+            ],
+            "path": "x-pack/plugins/streams/server/routes/index.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          },
+          {
+            "parentPluginId": "streams",
+            "id": "def-server.StreamsRouteRepository.Unnamed",
+            "type": "Any",
+            "tags": [],
+            "label": "Unnamed",
+            "description": [],
+            "signature": [
+              "any"
+            ],
+            "path": "x-pack/plugins/streams/server/routes/index.ts",
+            "deprecated": false,
+            "trackAdoption": false
+          }
+        ],
+        "initialIsOpen": false
+      }
+    ],
+    "setup": {
+      "parentPluginId": "streams",
+      "id": "def-server.StreamsPluginSetup",
+      "type": "Interface",
+      "tags": [],
+      "label": "StreamsPluginSetup",
+      "description": [],
+      "path": "x-pack/plugins/streams/server/plugin.ts",
+      "deprecated": false,
+      "trackAdoption": false,
+      "children": [],
+      "lifecycle": "setup",
+      "initialIsOpen": true
+    },
+    "start": {
+      "parentPluginId": "streams",
+      "id": "def-server.StreamsPluginStart",
+      "type": "Interface",
+      "tags": [],
+      "label": "StreamsPluginStart",
+      "description": [],
+      "path": "x-pack/plugins/streams/server/plugin.ts",
+      "deprecated": false,
+      "trackAdoption": false,
+      "children": [],
+      "lifecycle": "start",
+      "initialIsOpen": true
+    }
+  },
+  "common": {
+    "classes": [],
+    "functions": [],
+    "interfaces": [],
+    "enums": [],
+    "misc": [],
+    "objects": []
+  }
+}
\ No newline at end of file
diff --git a/api_docs/streams.mdx b/api_docs/streams.mdx
new file mode 100644
index 0000000000000..822397621d905
--- /dev/null
+++ b/api_docs/streams.mdx
@@ -0,0 +1,39 @@
+---
+####
+#### This document is auto-generated and is meant to be viewed inside our experimental, new docs system.
+#### Reach out in #docs-engineering for more info.
+####
+id: kibStreamsPluginApi
+slug: /kibana-dev-docs/api/streams
+title: "streams"
+image: https://source.unsplash.com/400x175/?github
+description: API docs for the streams plugin
+date: 2024-11-14
+tags: ['contributor', 'dev', 'apidocs', 'kibana', 'streams']
+---
+import streamsObj from './streams.devdocs.json';
+
+A manager for Streams
+
+Contact @simianhacker @flash1293 @dgieselaar for questions regarding this plugin.
+
+**Code health stats**
+
+| Public API count  | Any count | Items lacking comments | Missing exports |
+|-------------------|-----------|------------------------|-----------------|
+| 12 | 7 | 12 | 2 |
+
+## Server
+
+### Setup
+<DocDefinitionList data={[streamsObj.server.setup]}/>
+
+### Start
+<DocDefinitionList data={[streamsObj.server.start]}/>
+
+### Objects
+<DocDefinitionList data={streamsObj.server.objects}/>
+
+### Consts, variables and types
+<DocDefinitionList data={streamsObj.server.misc}/>
+
diff --git a/api_docs/task_manager.mdx b/api_docs/task_manager.mdx
index 3c670603eb893..5a41cc2b55a8c 100644
--- a/api_docs/task_manager.mdx
+++ b/api_docs/task_manager.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/taskManager
 title: "taskManager"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the taskManager plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'taskManager']
 ---
 import taskManagerObj from './task_manager.devdocs.json';
diff --git a/api_docs/telemetry.mdx b/api_docs/telemetry.mdx
index 43819592c035e..ee17ea1f50d96 100644
--- a/api_docs/telemetry.mdx
+++ b/api_docs/telemetry.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/telemetry
 title: "telemetry"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the telemetry plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'telemetry']
 ---
 import telemetryObj from './telemetry.devdocs.json';
diff --git a/api_docs/telemetry_collection_manager.mdx b/api_docs/telemetry_collection_manager.mdx
index eca4387248451..886ca5c1830e7 100644
--- a/api_docs/telemetry_collection_manager.mdx
+++ b/api_docs/telemetry_collection_manager.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/telemetryCollectionManager
 title: "telemetryCollectionManager"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the telemetryCollectionManager plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'telemetryCollectionManager']
 ---
 import telemetryCollectionManagerObj from './telemetry_collection_manager.devdocs.json';
diff --git a/api_docs/telemetry_management_section.mdx b/api_docs/telemetry_management_section.mdx
index 1c5b7f448713a..7b78b81357bc0 100644
--- a/api_docs/telemetry_management_section.mdx
+++ b/api_docs/telemetry_management_section.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/telemetryManagementSection
 title: "telemetryManagementSection"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the telemetryManagementSection plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'telemetryManagementSection']
 ---
 import telemetryManagementSectionObj from './telemetry_management_section.devdocs.json';
diff --git a/api_docs/threat_intelligence.mdx b/api_docs/threat_intelligence.mdx
index b2ad8e21aff35..a14d5bc61314b 100644
--- a/api_docs/threat_intelligence.mdx
+++ b/api_docs/threat_intelligence.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/threatIntelligence
 title: "threatIntelligence"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the threatIntelligence plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'threatIntelligence']
 ---
 import threatIntelligenceObj from './threat_intelligence.devdocs.json';
diff --git a/api_docs/timelines.devdocs.json b/api_docs/timelines.devdocs.json
index 8b9294349ef3e..0904b1d8c25ab 100644
--- a/api_docs/timelines.devdocs.json
+++ b/api_docs/timelines.devdocs.json
@@ -4248,7 +4248,7 @@
             "section": "def-common.Direction",
             "text": "Direction"
           },
-          "; type?: string | undefined; esTypes?: string[] | undefined; }[]; language: \"eql\"; fieldRequested: string[]; params?: any; id?: string | undefined; size?: number | undefined; indexType?: string | undefined; timerange?: { interval: string; from: string; to: string; } | undefined; timestampField?: string | undefined; defaultIndex?: string[] | undefined; runtimeMappings?: Record<string, { type: \"boolean\" | \"geo_point\" | \"ip\" | \"keyword\" | \"date\" | \"long\" | \"double\" | \"lookup\"; format?: string | undefined; script?: string | { source: string; } | { params: Record<string, any>; id: string; } | undefined; fetch_fields?: string[] | undefined; input_field?: string | undefined; target_field?: string | undefined; target_index?: string | undefined; }> | undefined; filterQuery?: string | Record<string, any> | { range: Record<string, { format: string; gte: number; lte: number; }>; } | { query_string: { query: string; analyze_wildcard: boolean; }; } | { match: Record<string, { query: string; operator: string; zero_terms_query: string; }>; } | { term: Record<string, string>; } | { bool: { filter: {}[]; should: {}[]; must: {}[]; must_not: {}[]; }; } | undefined; entityType?: \"events\" | \"sessions\" | undefined; filterStatus?: \"open\" | \"closed\" | \"acknowledged\" | undefined; pagination?: Zod.objectInputType<{ activePage: Zod.ZodNumber; cursorStart: Zod.ZodOptional<Zod.ZodNumber>; querySize: Zod.ZodNumber; }, Zod.ZodTypeAny, \"passthrough\"> | undefined; eventCategoryField?: string | undefined; tiebreakerField?: string | undefined; runTimeMappings?: Record<string, { type: \"boolean\" | \"geo_point\" | \"ip\" | \"keyword\" | \"date\" | \"long\" | \"double\" | \"lookup\"; format?: string | undefined; script?: string | { source: string; } | { params: Record<string, any>; id: string; } | undefined; fetch_fields?: string[] | undefined; input_field?: string | undefined; target_field?: string | undefined; target_index?: string | undefined; }> | undefined; }"
+          "; type?: string | undefined; esTypes?: string[] | undefined; }[]; language: \"eql\"; fieldRequested: string[]; params?: any; id?: string | undefined; size?: number | undefined; indexType?: string | undefined; timerange?: { interval: string; from: string; to: string; } | undefined; timestampField?: string | undefined; defaultIndex?: string[] | undefined; entityType?: \"events\" | \"sessions\" | undefined; runtimeMappings?: Record<string, { type: \"boolean\" | \"geo_point\" | \"ip\" | \"keyword\" | \"date\" | \"long\" | \"double\" | \"lookup\"; format?: string | undefined; script?: string | { source: string; } | { params: Record<string, any>; id: string; } | undefined; fetch_fields?: string[] | undefined; input_field?: string | undefined; target_field?: string | undefined; target_index?: string | undefined; }> | undefined; filterQuery?: string | Record<string, any> | { range: Record<string, { format: string; gte: number; lte: number; }>; } | { query_string: { query: string; analyze_wildcard: boolean; }; } | { match: Record<string, { query: string; operator: string; zero_terms_query: string; }>; } | { term: Record<string, string>; } | { bool: { filter: {}[]; should: {}[]; must: {}[]; must_not: {}[]; }; } | undefined; filterStatus?: \"open\" | \"closed\" | \"acknowledged\" | undefined; pagination?: Zod.objectInputType<{ activePage: Zod.ZodNumber; cursorStart: Zod.ZodOptional<Zod.ZodNumber>; querySize: Zod.ZodNumber; }, Zod.ZodTypeAny, \"passthrough\"> | undefined; eventCategoryField?: string | undefined; tiebreakerField?: string | undefined; runTimeMappings?: Record<string, { type: \"boolean\" | \"geo_point\" | \"ip\" | \"keyword\" | \"date\" | \"long\" | \"double\" | \"lookup\"; format?: string | undefined; script?: string | { source: string; } | { params: Record<string, any>; id: string; } | undefined; fetch_fields?: string[] | undefined; input_field?: string | undefined; target_field?: string | undefined; target_index?: string | undefined; }> | undefined; }"
         ],
         "path": "x-pack/plugins/timelines/common/api/search_strategy/timeline/eql.ts",
         "deprecated": false,
@@ -4279,7 +4279,7 @@
             "section": "def-common.TimelineEventsQueries",
             "text": "TimelineEventsQueries"
           },
-          ".all; params?: any; id?: string | undefined; indexType?: string | undefined; timerange?: { interval: string; from: string; to: string; } | undefined; defaultIndex?: string[] | undefined; runtimeMappings?: Record<string, { type: \"boolean\" | \"geo_point\" | \"ip\" | \"keyword\" | \"date\" | \"long\" | \"double\" | \"lookup\"; format?: string | undefined; script?: string | { source: string; } | { params: Record<string, any>; id: string; } | undefined; fetch_fields?: string[] | undefined; input_field?: string | undefined; target_field?: string | undefined; target_index?: string | undefined; }> | undefined; filterQuery?: any; entityType?: \"events\" | \"sessions\" | undefined; filterStatus?: \"open\" | \"closed\" | \"acknowledged\" | undefined; pagination?: Zod.objectInputType<{ activePage: Zod.ZodNumber; cursorStart: Zod.ZodOptional<Zod.ZodNumber>; querySize: Zod.ZodNumber; }, Zod.ZodTypeAny, \"passthrough\"> | undefined; authFilter?: {} | undefined; excludeEcsData?: boolean | undefined; }"
+          ".all; params?: any; id?: string | undefined; indexType?: string | undefined; timerange?: { interval: string; from: string; to: string; } | undefined; defaultIndex?: string[] | undefined; entityType?: \"events\" | \"sessions\" | undefined; runtimeMappings?: Record<string, { type: \"boolean\" | \"geo_point\" | \"ip\" | \"keyword\" | \"date\" | \"long\" | \"double\" | \"lookup\"; format?: string | undefined; script?: string | { source: string; } | { params: Record<string, any>; id: string; } | undefined; fetch_fields?: string[] | undefined; input_field?: string | undefined; target_field?: string | undefined; target_index?: string | undefined; }> | undefined; filterQuery?: any; filterStatus?: \"open\" | \"closed\" | \"acknowledged\" | undefined; pagination?: Zod.objectInputType<{ activePage: Zod.ZodNumber; cursorStart: Zod.ZodOptional<Zod.ZodNumber>; querySize: Zod.ZodNumber; }, Zod.ZodTypeAny, \"passthrough\"> | undefined; authFilter?: {} | undefined; excludeEcsData?: boolean | undefined; }"
         ],
         "path": "x-pack/plugins/timelines/common/api/search_strategy/timeline/events_all.ts",
         "deprecated": false,
@@ -4302,7 +4302,7 @@
             "section": "def-common.TimelineEventsQueries",
             "text": "TimelineEventsQueries"
           },
-          ".details; params?: any; id?: string | undefined; indexType?: string | undefined; timerange?: { interval: string; from: string; to: string; } | undefined; defaultIndex?: string[] | undefined; runtimeMappings?: Record<string, { type: \"boolean\" | \"geo_point\" | \"ip\" | \"keyword\" | \"date\" | \"long\" | \"double\" | \"lookup\"; format?: string | undefined; script?: string | { source: string; } | { params: Record<string, any>; id: string; } | undefined; fetch_fields?: string[] | undefined; input_field?: string | undefined; target_field?: string | undefined; target_index?: string | undefined; }> | undefined; filterQuery?: string | Record<string, any> | { range: Record<string, { format: string; gte: number; lte: number; }>; } | { query_string: { query: string; analyze_wildcard: boolean; }; } | { match: Record<string, { query: string; operator: string; zero_terms_query: string; }>; } | { term: Record<string, string>; } | { bool: { filter: {}[]; should: {}[]; must: {}[]; must_not: {}[]; }; } | undefined; entityType?: \"events\" | \"sessions\" | undefined; filterStatus?: \"open\" | \"closed\" | \"acknowledged\" | undefined; pagination?: Zod.objectInputType<{ activePage: Zod.ZodNumber; cursorStart: Zod.ZodOptional<Zod.ZodNumber>; querySize: Zod.ZodNumber; }, Zod.ZodTypeAny, \"passthrough\"> | undefined; authFilter?: {} | undefined; }"
+          ".details; params?: any; id?: string | undefined; indexType?: string | undefined; timerange?: { interval: string; from: string; to: string; } | undefined; defaultIndex?: string[] | undefined; entityType?: \"events\" | \"sessions\" | undefined; runtimeMappings?: Record<string, { type: \"boolean\" | \"geo_point\" | \"ip\" | \"keyword\" | \"date\" | \"long\" | \"double\" | \"lookup\"; format?: string | undefined; script?: string | { source: string; } | { params: Record<string, any>; id: string; } | undefined; fetch_fields?: string[] | undefined; input_field?: string | undefined; target_field?: string | undefined; target_index?: string | undefined; }> | undefined; filterQuery?: string | Record<string, any> | { range: Record<string, { format: string; gte: number; lte: number; }>; } | { query_string: { query: string; analyze_wildcard: boolean; }; } | { match: Record<string, { query: string; operator: string; zero_terms_query: string; }>; } | { term: Record<string, string>; } | { bool: { filter: {}[]; should: {}[]; must: {}[]; must_not: {}[]; }; } | undefined; filterStatus?: \"open\" | \"closed\" | \"acknowledged\" | undefined; pagination?: Zod.objectInputType<{ activePage: Zod.ZodNumber; cursorStart: Zod.ZodOptional<Zod.ZodNumber>; querySize: Zod.ZodNumber; }, Zod.ZodTypeAny, \"passthrough\"> | undefined; authFilter?: {} | undefined; }"
         ],
         "path": "x-pack/plugins/timelines/common/api/search_strategy/timeline/events_details.ts",
         "deprecated": false,
@@ -4356,7 +4356,7 @@
             "section": "def-common.TimelineEventsQueries",
             "text": "TimelineEventsQueries"
           },
-          ".kpi; params?: any; id?: string | undefined; indexType?: string | undefined; timerange?: { interval: string; from: string; to: string; } | undefined; defaultIndex?: string[] | undefined; runtimeMappings?: Record<string, { type: \"boolean\" | \"geo_point\" | \"ip\" | \"keyword\" | \"date\" | \"long\" | \"double\" | \"lookup\"; format?: string | undefined; script?: string | { source: string; } | { params: Record<string, any>; id: string; } | undefined; fetch_fields?: string[] | undefined; input_field?: string | undefined; target_field?: string | undefined; target_index?: string | undefined; }> | undefined; filterQuery?: string | Record<string, any> | { range: Record<string, { format: string; gte: number; lte: number; }>; } | { query_string: { query: string; analyze_wildcard: boolean; }; } | { match: Record<string, { query: string; operator: string; zero_terms_query: string; }>; } | { term: Record<string, string>; } | { bool: { filter: {}[]; should: {}[]; must: {}[]; must_not: {}[]; }; } | undefined; entityType?: \"events\" | \"sessions\" | undefined; filterStatus?: \"open\" | \"closed\" | \"acknowledged\" | undefined; }"
+          ".kpi; params?: any; id?: string | undefined; indexType?: string | undefined; timerange?: { interval: string; from: string; to: string; } | undefined; defaultIndex?: string[] | undefined; entityType?: \"events\" | \"sessions\" | undefined; runtimeMappings?: Record<string, { type: \"boolean\" | \"geo_point\" | \"ip\" | \"keyword\" | \"date\" | \"long\" | \"double\" | \"lookup\"; format?: string | undefined; script?: string | { source: string; } | { params: Record<string, any>; id: string; } | undefined; fetch_fields?: string[] | undefined; input_field?: string | undefined; target_field?: string | undefined; target_index?: string | undefined; }> | undefined; filterQuery?: string | Record<string, any> | { range: Record<string, { format: string; gte: number; lte: number; }>; } | { query_string: { query: string; analyze_wildcard: boolean; }; } | { match: Record<string, { query: string; operator: string; zero_terms_query: string; }>; } | { term: Record<string, string>; } | { bool: { filter: {}[]; should: {}[]; must: {}[]; must_not: {}[]; }; } | undefined; filterStatus?: \"open\" | \"closed\" | \"acknowledged\" | undefined; }"
         ],
         "path": "x-pack/plugins/timelines/common/api/search_strategy/timeline/kpi.ts",
         "deprecated": false,
diff --git a/api_docs/timelines.mdx b/api_docs/timelines.mdx
index fbacc1e90a620..3dbee6d87f18a 100644
--- a/api_docs/timelines.mdx
+++ b/api_docs/timelines.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/timelines
 title: "timelines"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the timelines plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'timelines']
 ---
 import timelinesObj from './timelines.devdocs.json';
diff --git a/api_docs/transform.mdx b/api_docs/transform.mdx
index 291701282c819..8582030b22b50 100644
--- a/api_docs/transform.mdx
+++ b/api_docs/transform.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/transform
 title: "transform"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the transform plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'transform']
 ---
 import transformObj from './transform.devdocs.json';
diff --git a/api_docs/triggers_actions_ui.mdx b/api_docs/triggers_actions_ui.mdx
index fffd0501602d6..72bd535ec0765 100644
--- a/api_docs/triggers_actions_ui.mdx
+++ b/api_docs/triggers_actions_ui.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/triggersActionsUi
 title: "triggersActionsUi"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the triggersActionsUi plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'triggersActionsUi']
 ---
 import triggersActionsUiObj from './triggers_actions_ui.devdocs.json';
diff --git a/api_docs/ui_actions.mdx b/api_docs/ui_actions.mdx
index 92773d1487397..c0c05f64eb73a 100644
--- a/api_docs/ui_actions.mdx
+++ b/api_docs/ui_actions.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/uiActions
 title: "uiActions"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the uiActions plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'uiActions']
 ---
 import uiActionsObj from './ui_actions.devdocs.json';
diff --git a/api_docs/ui_actions_enhanced.mdx b/api_docs/ui_actions_enhanced.mdx
index 1222419d87c9b..926fd0f1253b8 100644
--- a/api_docs/ui_actions_enhanced.mdx
+++ b/api_docs/ui_actions_enhanced.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/uiActionsEnhanced
 title: "uiActionsEnhanced"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the uiActionsEnhanced plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'uiActionsEnhanced']
 ---
 import uiActionsEnhancedObj from './ui_actions_enhanced.devdocs.json';
diff --git a/api_docs/unified_doc_viewer.mdx b/api_docs/unified_doc_viewer.mdx
index 6613e34f43657..836eff6512fc4 100644
--- a/api_docs/unified_doc_viewer.mdx
+++ b/api_docs/unified_doc_viewer.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/unifiedDocViewer
 title: "unifiedDocViewer"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the unifiedDocViewer plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'unifiedDocViewer']
 ---
 import unifiedDocViewerObj from './unified_doc_viewer.devdocs.json';
diff --git a/api_docs/unified_histogram.devdocs.json b/api_docs/unified_histogram.devdocs.json
index 11a74ad455f79..0e6073ee1cd56 100644
--- a/api_docs/unified_histogram.devdocs.json
+++ b/api_docs/unified_histogram.devdocs.json
@@ -36,53 +36,6 @@
         "returnComment": [],
         "initialIsOpen": false
       },
-      {
-        "parentPluginId": "unifiedHistogram",
-        "id": "def-public.fieldSupportsBreakdown",
-        "type": "Function",
-        "tags": [],
-        "label": "fieldSupportsBreakdown",
-        "description": [],
-        "signature": [
-          "(field: ",
-          {
-            "pluginId": "dataViews",
-            "scope": "common",
-            "docId": "kibDataViewsPluginApi",
-            "section": "def-common.DataViewField",
-            "text": "DataViewField"
-          },
-          ") => boolean"
-        ],
-        "path": "src/plugins/unified_histogram/public/utils/field_supports_breakdown.ts",
-        "deprecated": false,
-        "trackAdoption": false,
-        "children": [
-          {
-            "parentPluginId": "unifiedHistogram",
-            "id": "def-public.fieldSupportsBreakdown.$1",
-            "type": "Object",
-            "tags": [],
-            "label": "field",
-            "description": [],
-            "signature": [
-              {
-                "pluginId": "dataViews",
-                "scope": "common",
-                "docId": "kibDataViewsPluginApi",
-                "section": "def-common.DataViewField",
-                "text": "DataViewField"
-              }
-            ],
-            "path": "src/plugins/unified_histogram/public/utils/field_supports_breakdown.ts",
-            "deprecated": false,
-            "trackAdoption": false,
-            "isRequired": true
-          }
-        ],
-        "returnComment": [],
-        "initialIsOpen": false
-      },
       {
         "parentPluginId": "unifiedHistogram",
         "id": "def-public.getBreakdownField",
diff --git a/api_docs/unified_histogram.mdx b/api_docs/unified_histogram.mdx
index 14165a4707ea3..40eda63a42e2e 100644
--- a/api_docs/unified_histogram.mdx
+++ b/api_docs/unified_histogram.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/unifiedHistogram
 title: "unifiedHistogram"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the unifiedHistogram plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'unifiedHistogram']
 ---
 import unifiedHistogramObj from './unified_histogram.devdocs.json';
@@ -21,7 +21,7 @@ Contact [@elastic/kibana-data-discovery](https://github.com/orgs/elastic/teams/k
 
 | Public API count  | Any count | Items lacking comments | Missing exports |
 |-------------------|-----------|------------------------|-----------------|
-| 72 | 0 | 37 | 6 |
+| 70 | 0 | 35 | 6 |
 
 ## Client
 
diff --git a/api_docs/unified_search.mdx b/api_docs/unified_search.mdx
index 176451a11b83d..c6302f2ad472b 100644
--- a/api_docs/unified_search.mdx
+++ b/api_docs/unified_search.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/unifiedSearch
 title: "unifiedSearch"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the unifiedSearch plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'unifiedSearch']
 ---
 import unifiedSearchObj from './unified_search.devdocs.json';
diff --git a/api_docs/unified_search_autocomplete.mdx b/api_docs/unified_search_autocomplete.mdx
index 7f85dc30a86de..f46366832eeb2 100644
--- a/api_docs/unified_search_autocomplete.mdx
+++ b/api_docs/unified_search_autocomplete.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/unifiedSearch-autocomplete
 title: "unifiedSearch.autocomplete"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the unifiedSearch.autocomplete plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'unifiedSearch.autocomplete']
 ---
 import unifiedSearchAutocompleteObj from './unified_search_autocomplete.devdocs.json';
diff --git a/api_docs/uptime.mdx b/api_docs/uptime.mdx
index 868b1e28155df..af0b30a017d72 100644
--- a/api_docs/uptime.mdx
+++ b/api_docs/uptime.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/uptime
 title: "uptime"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the uptime plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'uptime']
 ---
 import uptimeObj from './uptime.devdocs.json';
diff --git a/api_docs/url_forwarding.mdx b/api_docs/url_forwarding.mdx
index 45c1fcb5ea0b0..5b82198b315d0 100644
--- a/api_docs/url_forwarding.mdx
+++ b/api_docs/url_forwarding.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/urlForwarding
 title: "urlForwarding"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the urlForwarding plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'urlForwarding']
 ---
 import urlForwardingObj from './url_forwarding.devdocs.json';
diff --git a/api_docs/usage_collection.mdx b/api_docs/usage_collection.mdx
index fbd8706e92a6a..87d7f1b494a3e 100644
--- a/api_docs/usage_collection.mdx
+++ b/api_docs/usage_collection.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/usageCollection
 title: "usageCollection"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the usageCollection plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'usageCollection']
 ---
 import usageCollectionObj from './usage_collection.devdocs.json';
diff --git a/api_docs/ux.mdx b/api_docs/ux.mdx
index b623525fb2cf1..3f3a4291e6158 100644
--- a/api_docs/ux.mdx
+++ b/api_docs/ux.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/ux
 title: "ux"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the ux plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'ux']
 ---
 import uxObj from './ux.devdocs.json';
diff --git a/api_docs/vis_default_editor.mdx b/api_docs/vis_default_editor.mdx
index 2860a5adf69ce..bd8aee0391973 100644
--- a/api_docs/vis_default_editor.mdx
+++ b/api_docs/vis_default_editor.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visDefaultEditor
 title: "visDefaultEditor"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the visDefaultEditor plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visDefaultEditor']
 ---
 import visDefaultEditorObj from './vis_default_editor.devdocs.json';
diff --git a/api_docs/vis_type_gauge.mdx b/api_docs/vis_type_gauge.mdx
index 717b780a8b2b2..ff22a8d43c5db 100644
--- a/api_docs/vis_type_gauge.mdx
+++ b/api_docs/vis_type_gauge.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visTypeGauge
 title: "visTypeGauge"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the visTypeGauge plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visTypeGauge']
 ---
 import visTypeGaugeObj from './vis_type_gauge.devdocs.json';
diff --git a/api_docs/vis_type_heatmap.mdx b/api_docs/vis_type_heatmap.mdx
index e15ce6607d5e8..16b0e1c51a83b 100644
--- a/api_docs/vis_type_heatmap.mdx
+++ b/api_docs/vis_type_heatmap.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visTypeHeatmap
 title: "visTypeHeatmap"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the visTypeHeatmap plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visTypeHeatmap']
 ---
 import visTypeHeatmapObj from './vis_type_heatmap.devdocs.json';
diff --git a/api_docs/vis_type_pie.mdx b/api_docs/vis_type_pie.mdx
index cdc9a04b9baa7..4ca5f0dd1d111 100644
--- a/api_docs/vis_type_pie.mdx
+++ b/api_docs/vis_type_pie.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visTypePie
 title: "visTypePie"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the visTypePie plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visTypePie']
 ---
 import visTypePieObj from './vis_type_pie.devdocs.json';
diff --git a/api_docs/vis_type_table.mdx b/api_docs/vis_type_table.mdx
index dae1914194af1..1f2af64c377b1 100644
--- a/api_docs/vis_type_table.mdx
+++ b/api_docs/vis_type_table.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visTypeTable
 title: "visTypeTable"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the visTypeTable plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visTypeTable']
 ---
 import visTypeTableObj from './vis_type_table.devdocs.json';
diff --git a/api_docs/vis_type_timelion.mdx b/api_docs/vis_type_timelion.mdx
index cfa2d3463f782..c320cebb6c593 100644
--- a/api_docs/vis_type_timelion.mdx
+++ b/api_docs/vis_type_timelion.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visTypeTimelion
 title: "visTypeTimelion"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the visTypeTimelion plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visTypeTimelion']
 ---
 import visTypeTimelionObj from './vis_type_timelion.devdocs.json';
diff --git a/api_docs/vis_type_timeseries.mdx b/api_docs/vis_type_timeseries.mdx
index 4baff6787751d..16c4e14201102 100644
--- a/api_docs/vis_type_timeseries.mdx
+++ b/api_docs/vis_type_timeseries.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visTypeTimeseries
 title: "visTypeTimeseries"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the visTypeTimeseries plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visTypeTimeseries']
 ---
 import visTypeTimeseriesObj from './vis_type_timeseries.devdocs.json';
diff --git a/api_docs/vis_type_vega.mdx b/api_docs/vis_type_vega.mdx
index d21887d0ab6a8..91783be3c11e0 100644
--- a/api_docs/vis_type_vega.mdx
+++ b/api_docs/vis_type_vega.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visTypeVega
 title: "visTypeVega"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the visTypeVega plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visTypeVega']
 ---
 import visTypeVegaObj from './vis_type_vega.devdocs.json';
diff --git a/api_docs/vis_type_vislib.mdx b/api_docs/vis_type_vislib.mdx
index 11f32e53b40e4..94a247636dd98 100644
--- a/api_docs/vis_type_vislib.mdx
+++ b/api_docs/vis_type_vislib.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visTypeVislib
 title: "visTypeVislib"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the visTypeVislib plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visTypeVislib']
 ---
 import visTypeVislibObj from './vis_type_vislib.devdocs.json';
diff --git a/api_docs/vis_type_xy.mdx b/api_docs/vis_type_xy.mdx
index bb4c1e7c59b19..b05acef43855b 100644
--- a/api_docs/vis_type_xy.mdx
+++ b/api_docs/vis_type_xy.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visTypeXy
 title: "visTypeXy"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the visTypeXy plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visTypeXy']
 ---
 import visTypeXyObj from './vis_type_xy.devdocs.json';
diff --git a/api_docs/visualizations.mdx b/api_docs/visualizations.mdx
index 78840e906c6ac..2e5748e1afc1e 100644
--- a/api_docs/visualizations.mdx
+++ b/api_docs/visualizations.mdx
@@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visualizations
 title: "visualizations"
 image: https://source.unsplash.com/400x175/?github
 description: API docs for the visualizations plugin
-date: 2024-11-12
+date: 2024-11-14
 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visualizations']
 ---
 import visualizationsObj from './visualizations.devdocs.json';
diff --git a/config/serverless.oblt.yml b/config/serverless.oblt.yml
index 059094ac87cdd..55e7fec7a3d39 100644
--- a/config/serverless.oblt.yml
+++ b/config/serverless.oblt.yml
@@ -129,6 +129,9 @@ xpack.serverless.plugin.developer.projectSwitcher.currentType: 'observability'
 ## Disable adding the component template `.fleet_agent_id_verification-1` to every index template for each datastream for each integration
 xpack.fleet.agentIdVerificationEnabled: false
 
+## Enable event.ingested separately because agentIdVerification is disabled
+xpack.fleet.eventIngestedEnabled: true
+
 ## Enable the capability for the observability feature ID in the serverless environment to take ownership of the rules.
 ## The value need to be a featureId observability Or stackAlerts Or siem
 xpack.alerting.rules.overwriteProducer: 'observability'
diff --git a/docs/CHANGELOG.asciidoc b/docs/CHANGELOG.asciidoc
index dccad6f918c6a..0c9bd6ada3904 100644
--- a/docs/CHANGELOG.asciidoc
+++ b/docs/CHANGELOG.asciidoc
@@ -85,6 +85,48 @@ include::upgrade-notes.asciidoc[]
 
 For information about the {kib} 8.16.0 release, review the following information.
 
+The 8.16.0 release includes the following known issues.
+
+[float]
+[[known-issues-8.16.0]]
+=== Known issues
+
+[discrete]
+[[known-199902]]
+.Stack Monitoring shows "Unable to load page error"
+[%collapsible]
+====
+*Details* +
+The Stack Monitoring pages Overview, Nodes, Logs can stop working with the error "Unable to load page error". The Stack trace mentions `TypeError: Cannot read properties of undefined (reading 'logsLocator')`.
+
+*Workaround* +
+Disabling the `Set feature visibility > Logs` feature at Kibana Space settings level will prevent the error to occur. Please note the `Logs` feature will not be available on such space.
+
+It's also possible to `Observability > Logs` feature privilege to `None` on the role level - this will hide the `Logs` feature for individual users and prevent the error for these users as well.
+
+For more information, refer to {kibana-issue}199902[#199902].
+====
+
+[discrete]
+[[known-199891-199892]]
+.Onboarding, tutorial of APM and OpenTelemetry and some "Beats Only" integrations will show the error "Unable to load page error"
+[%collapsible]
+====
+*Details* +
+Tutorials linked from the {kib} home page show an error "Unable to load page error". The Stack trace mentions `The above error occurred in tutorial_TutorialUi`.
+
+*Workaround* +
+The APM / OpenTelemetry tutorials represented a shortcut to get important parameters to use in the configuration files quickly.
+It is still possible to obtain the same parameters following the documentation tutorials of APM.
+
+More information can be found in the {observability-guide}/apm-collect-application-data.html[APM documentation] and the {observability-guide}/get-started-with-fleet-apm-server.html[Fleet documentation].
+
+For information about how to create APM API keys, please check the {observability-guide}/apm-api-key.html#apm-create-an-api-key[API key documentation].
+
+
+For more information, refer to {kibana-issue}199891[#199891] and {kibana-issue}199892[#199892].
+====
+
 [float]
 [[deprecations-8.16.0]]
 === Deprecations
@@ -154,7 +196,6 @@ Discover::
 * Adds density settings to allow further customization of the Documents table layout ({kibana-pull}188495[#188495]).
 * Enables the time picker for indices without the @timestamp field when editing ES|QL queries ({kibana-pull}184361[#184361]).
 Elastic Observability solution::
-* Show monitors from all permitted spaces !! ({kibana-pull}196109[#196109]).
 * Adds experimental logs overview to the observability hosts and service overviews ({kibana-pull}195673[#195673]).
 * Show alerts for entities ({kibana-pull}195250[#195250]).
 * Create sub-feature role to manage APM settings write permissions ({kibana-pull}194419[#194419]).
diff --git a/docs/developer/advanced/legacy-url-aliases.asciidoc b/docs/developer/advanced/legacy-url-aliases.asciidoc
index 3e441dd582123..a92902d674a15 100644
--- a/docs/developer/advanced/legacy-url-aliases.asciidoc
+++ b/docs/developer/advanced/legacy-url-aliases.asciidoc
@@ -13,11 +13,20 @@ type are *globally unique across all spaces*.
 {kib} creates a special entity called a **legacy URL alias** for each saved object that requires a new ID. This legacy URL alias allows
 {kib} to preserve any deep link URLs that exist for these objects.
 
-[[legacy-url-aliases-example]]
-=== Example
+There are two cases where a legacy URL alias will get generated.
+
+1. During migration, when an object's namespace type is being converted from the single-namespace type to a multi-namespace type. If
+the object resides in a non-default space, it gets a new ID and a legacy URL alias is generated.
 
-Consider the following scenario:
+2. During copy/import of saved objects, when any object requires a new ID **and the compatibilityMode option is enabled** (see the
+<<spaces-api-copy-saved-objects, copy saved objects to space>> API and https://github.com/elastic/kibana/pull/149021[PR #149021] 
+for more information).
+
+[[legacy-url-aliases-example]]
+=== Examples
+Consider the following scenarios:
 
+==== Migration scenario
 You have {kib} 7.16, and you create a new dashboard.The ID of this dashboard is "123". You create a new space called "Bill's space" and
 <<managing-saved-objects-copy-to-space,copy>> your dashboard to the other space. Now you have two different dashboards that can be accessed
 at the following URLs:
@@ -33,6 +42,19 @@ If you use your bookmark to access that dashboard using its old URL, {kib} detec
 ID. If you navigate to `http://localhost:5601/s/bills-space/app/dashboards#/view/123`, you'll see a message indicating that the dashboard
 has a new URL, and you're automatically redirected to `http://localhost:5601/s/bills-space/app/dashboards#/view/456`.
 
+==== Copy scenario (weak links)
+You have a data view and two dashboards in the default space, but you would also like to have them in another space. One of the dashboards
+includes a Markdown visualization with a link to the other dashboard - a so-called **weak link**. This is a weak link because the ID of the
+referenced object is not added to the object's references array, and therefore there is no explicit relationship between the objects.
+
+If you were to use the <<spaces-api-copy-saved-objects, copy saved objects to space>> API to create new copies of these assets in another 
+space **without the `compatibilityMode` option set to true**, the Markdown link would be broken. The copied objects created in the target
+space receive a new ID, and the weak link in the Markdown visualization would point to the ID of the source object from the originating space.
+
+By setting `compatibilityMode` to true when using the copy API, legacy aliases will be generated for any objects that require a new ID. This
+allows the weak link to the second dashboard to be resolved. Though a dashboard with the ID from the weak link will not be found, a legacy
+alias with this source ID will have been generated, and it will contain a target ID of the new local copy of the dashboard.
+
 [[legacy-url-aliases-handling-errors]]
 === Handling errors
 
diff --git a/docs/developer/plugin-list.asciidoc b/docs/developer/plugin-list.asciidoc
index b6ba24df78976..71ab26400f496 100644
--- a/docs/developer/plugin-list.asciidoc
+++ b/docs/developer/plugin-list.asciidoc
@@ -897,6 +897,10 @@ routes, etc.
 |The stack_connectors plugin provides connector types shipped with Kibana, built on top of the framework provided in the actions plugin.
 
 
+|{kib-repo}blob/{branch}/x-pack/plugins/streams/README.md[streams]
+|This plugin provides an interface to manage streams
+
+
 |{kib-repo}blob/{branch}/x-pack/plugins/observability_solution/synthetics/README.md[synthetics]
 |The purpose of this plugin is to provide users of Heartbeat more visibility of what's happening
 in their infrastructure.
diff --git a/docs/management/action-types.asciidoc b/docs/management/action-types.asciidoc
index 1357af980d278..e3b01ba0afcf7 100644
--- a/docs/management/action-types.asciidoc
+++ b/docs/management/action-types.asciidoc
@@ -8,6 +8,12 @@ Actions are instantiations of a connector that are linked to rules and run as ba
 [cols="2"]
 |===
 
+// ifeval::["featureAIConnector"=="true"]
+// a| <<inference-action-type,{infer}>>
+
+// | Send a request to {infer}.
+// endif::[]
+
 a| <<bedrock-action-type,{bedrock}>>
 
 | Send a request to {bedrock}.
@@ -28,10 +34,6 @@ a| <<gemini-action-type,{gemini}>>
 
 | Send a request to {gemini}.
 
-a| <<inference-action-type,{infer}>>
-
-| Send a request to {infer}.
-
 a| <<email-action-type,Email>>
 
 | Send email from your server.
diff --git a/docs/management/connectors/action-types/inference.asciidoc b/docs/management/connectors/action-types/inference.asciidoc
index ea8a0be675e18..d47374e9b4cdd 100644
--- a/docs/management/connectors/action-types/inference.asciidoc
+++ b/docs/management/connectors/action-types/inference.asciidoc
@@ -1,13 +1,14 @@
 [[inference-action-type]]
-== {infer-cap} connector and action
+== AI connector and action
 ++++
-<titleabbrev>{infer-cap}</titleabbrev>
+<titleabbrev>AI</titleabbrev>
 ++++
 :frontmatter-description: Add a connector that can send requests to {inference}.
 :frontmatter-tags-products: [kibana] 
 :frontmatter-tags-content-type: [how-to] 
 :frontmatter-tags-user-goals: [configure]
 
+coming::[]
 
 The {infer} connector uses the {es} client to send requests to an {infer} service.
 The connector uses the <<execute-connector-api,run connector API>> to send the request.
@@ -16,6 +17,7 @@ The connector uses the <<execute-connector-api,run connector API>> to send the r
 [[define-inference-ui]]
 === Create connectors in {kib}
 
+// TBD After you set the `xpack.stack_connectors.enableExperimental` to include `inferenceConnectorOn`,
 You can create connectors in *{stack-manage-app} > {connectors-ui}*. For example:
 
 [role="screenshot"]
diff --git a/docs/management/connectors/index.asciidoc b/docs/management/connectors/index.asciidoc
index c5233ad4f4934..c5c1ce4600c5d 100644
--- a/docs/management/connectors/index.asciidoc
+++ b/docs/management/connectors/index.asciidoc
@@ -4,7 +4,9 @@ include::action-types/crowdstrike.asciidoc[leveloffset=+1]
 include::action-types/d3security.asciidoc[leveloffset=+1]
 include::action-types/email.asciidoc[leveloffset=+1]
 include::action-types/gemini.asciidoc[leveloffset=+1]
-include::action-types/inference.asciidoc[leveloffset=+1]
+// ifeval::["featureAIConnector"=="true"]
+// include::action-types/inference.asciidoc[leveloffset=+1]
+// endif::[]
 include::action-types/resilient.asciidoc[leveloffset=+1]
 include::action-types/index.asciidoc[leveloffset=+1]
 include::action-types/jira.asciidoc[leveloffset=+1]
diff --git a/docs/settings/alert-action-settings.asciidoc b/docs/settings/alert-action-settings.asciidoc
index e0fa3f0aab860..0f4987822dc32 100644
--- a/docs/settings/alert-action-settings.asciidoc
+++ b/docs/settings/alert-action-settings.asciidoc
@@ -269,7 +269,6 @@ A configuration URL that varies by connector:
 --
 * For an <<bedrock-action-type,{bedrock} connector>>, specifies the {bedrock} request URL.
 * For an <<gemini-action-type,{gemini} connector>>, specifies the {gemini} request URL.
-* For an <<inference-action-type,{inference} connector>>, specifies the Elastic {inference} request.
 * For a <<openai-action-type,OpenAI connector>>, specifies the OpenAI request URL.
 * For a <<resilient-action-type,{ibm-r} connector>>, specifies the {ibm-r} instance URL.
 * For a <<jira-action-type,Jira connector>>, specifies the Jira instance URL.
@@ -277,7 +276,9 @@ A configuration URL that varies by connector:
 * For a <<pagerduty-action-type,PagerDuty connector>>, specifies the PagerDuty event URL. Defaults to `https://events.pagerduty.com/v2/enqueue`.
 * For a <<servicenow-action-type,{sn-itsm}>>, <<servicenow-sir-action-type,{sn-sir}>>, or <<servicenow-itom-action-type,{sn-itom} connector>> specifies the ServiceNow instance URL.
 * For a <<swimlane-action-type,{swimlane} connector>>, specifies the {swimlane} instance URL.
-
+// ifeval::["featureAIConnector"=="true"]
+// * For an <<inference-action-type,AI connector>>, specifies the Elastic {inference} request.
+// endif::[]
 NOTE: If you are using the `xpack.actions.allowedHosts` setting, make sure the hostname in the URL is added to the allowed hosts.
 --
 
diff --git a/oas_docs/README.md b/oas_docs/README.md
index 3312bc60771e0..cec4dcb9af441 100644
--- a/oas_docs/README.md
+++ b/oas_docs/README.md
@@ -39,13 +39,4 @@ The `oas_docs/output` folder contains the final resulting Kibana OpenAPI bundles
 
 ## Bundling commands
 
-Besides the scripts in the `oas_docs/scripts` folder, there is an `oas_docs/makefile` to simplify the workflow. The following makefile targets are available:
-
-| Command                    | Description                                                                                                                                                                                                        |
-| -------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
-| `api-docs`                 | Builds ESS Kibana OpenAPI bundle                                                                                                                                                                                   |
-| `api-docs-serverless`      | Builds Serverless Kibana OpenAPI bundle                                                                                                                                                                            |
-| `api-docs-lint`            | Lints built result bundles              |
-| `api-docs-preview`         | Generates (ESS + Serverless) Kibana OpenAPI bundles preview                                                                                                                                                        |
-| `api-docs-overlay`         | Applies [overlays](https://docs.bump.sh/help/specification-support/overlays/) from `overlays` folder to the Kibana OpenAPI bundles and generate `*.new.yaml` files. Overlays help to fine tune the result bundles. |
-| `api-docs-overlay-preview` | Generates a preview for bundles produced by `api-docs-overlay`                                                                                                                                                     |
+Besides the scripts in the `oas_docs/scripts` folder, there is an `oas_docs/makefile` to simplify the workflow. Use `make help` to see available commands.
diff --git a/oas_docs/examples/get_connector_types_generativeai_response.yaml b/oas_docs/examples/get_connector_types_generativeai_response.yaml
index 8299da3558150..a97199e0a3927 100644
--- a/oas_docs/examples/get_connector_types_generativeai_response.yaml
+++ b/oas_docs/examples/get_connector_types_generativeai_response.yaml
@@ -31,14 +31,3 @@ value:
     supported_feature_ids:
       - generativeAIForSecurity
     is_system_action_type: false
-  - id: .inference
-    name: Inference API
-    enabled: true
-    enabled_in_config: true
-    enabled_in_license: true
-    minimum_license_required: enterprise
-    supported_feature_ids:
-      - generativeAIForSecurity
-      - generativeAIForObservability
-      - generativeAIForSearchPlayground
-    is_system_action_type: false
diff --git a/oas_docs/makefile b/oas_docs/makefile
index 2ea80877771c3..355a7db9ef14e 100644
--- a/oas_docs/makefile
+++ b/oas_docs/makefile
@@ -14,16 +14,21 @@
 # permission is obtained from Elasticsearch B.V.
 
 .PHONY: api-docs
-api-docs: ## Generate Serverless and ESS Kibana OpenAPI bundles with kbn-openapi-bundler
+api-docs: ## Generate Serverless and ESS Kibana OpenAPI bundles
+	$(MAKE) merge-api-docs
+	$(MAKE) api-docs-overlay
+
+.PHONY: merge-api-docs
+merge-api-docs: ## Merge Serverless and ESS Kibana OpenAPI bundles with kbn-openapi-bundler
 	@node scripts/merge_serverless_oas.js
 	@node scripts/merge_ess_oas.js
 
-.PHONY: api-docs-stateful
-api-docs-stateful: ## Generate only kibana.yaml
+.PHONY: merge-api-docs-stateful
+merge-api-docs-stateful: ## Merge only kibana.yaml
 	@node scripts/merge_ess_oas.js
 
-.PHONY: api-docs-serverless
-api-docs-serverless: ## Generate only kibana.serverless.yaml
+.PHONY: merge-api-docs-serverless
+merge-api-docs-serverless: ## Merge only kibana.serverless.yaml
 	@node scripts/merge_serverless_oas.js
 
 .PHONY: api-docs-lint
@@ -39,33 +44,29 @@ api-docs-lint-serverless: ## Run redocly API docs linter on kibana.serverless.ya
 	@npx @redocly/cli lint "output/kibana.serverless.yaml" --config "linters/redocly.yaml" --format stylish --max-problems 500
 
 .PHONY: api-docs-overlay
-api-docs-overlay: ## Run spectral API docs linter on kibana.serverless.yaml
-	@npx bump overlay "output/kibana.serverless.yaml" "overlays/kibana.overlays.serverless.yaml" > "output/kibana.serverless.tmp1.yaml"
-	@npx bump overlay "output/kibana.serverless.tmp1.yaml" "overlays/alerting.overlays.yaml" > "output/kibana.serverless.tmp2.yaml"
-	@npx bump overlay "output/kibana.serverless.tmp2.yaml" "overlays/connectors.overlays.yaml" > "output/kibana.serverless.tmp3.yaml"
-	@npx bump overlay "output/kibana.serverless.tmp3.yaml" "overlays/kibana.overlays.shared.yaml" > "output/kibana.serverless.tmp4.yaml"
-	@npx bump overlay "output/kibana.yaml" "overlays/kibana.overlays.yaml" > "output/kibana.tmp1.yaml"
-	@npx bump overlay "output/kibana.tmp1.yaml" "overlays/alerting.overlays.yaml" > "output/kibana.tmp2.yaml"
-	@npx bump overlay "output/kibana.tmp2.yaml" "overlays/connectors.overlays.yaml" > "output/kibana.tmp3.yaml"
-	@npx bump overlay "output/kibana.tmp3.yaml" "overlays/kibana.overlays.shared.yaml" > "output/kibana.tmp4.yaml"
-	@npx @redocly/cli bundle output/kibana.serverless.tmp4.yaml --ext yaml -o output/kibana.serverless.new.yaml
-	@npx @redocly/cli bundle output/kibana.tmp4.yaml --ext yaml -o output/kibana.new.yaml
+api-docs-overlay: ## Apply all overlays
+	@npx bump-cli overlay "output/kibana.serverless.yaml" "overlays/kibana.overlays.serverless.yaml" > "output/kibana.serverless.tmp1.yaml"
+	@npx bump-cli overlay "output/kibana.serverless.tmp1.yaml" "overlays/alerting.overlays.yaml" > "output/kibana.serverless.tmp2.yaml"
+	@npx bump-cli overlay "output/kibana.serverless.tmp2.yaml" "overlays/connectors.overlays.yaml" > "output/kibana.serverless.tmp3.yaml"
+	@npx bump-cli overlay "output/kibana.serverless.tmp3.yaml" "overlays/kibana.overlays.shared.yaml" > "output/kibana.serverless.tmp4.yaml"
+	@npx bump-cli overlay "output/kibana.yaml" "overlays/kibana.overlays.yaml" > "output/kibana.tmp1.yaml"
+	@npx bump-cli overlay "output/kibana.tmp1.yaml" "overlays/alerting.overlays.yaml" > "output/kibana.tmp2.yaml"
+	@npx bump-cli overlay "output/kibana.tmp2.yaml" "overlays/connectors.overlays.yaml" > "output/kibana.tmp3.yaml"
+	@npx bump-cli overlay "output/kibana.tmp3.yaml" "overlays/kibana.overlays.shared.yaml" > "output/kibana.tmp4.yaml"
+	@npx @redocly/cli bundle output/kibana.serverless.tmp4.yaml --ext yaml -o output/kibana.serverless.yaml
+	@npx @redocly/cli bundle output/kibana.tmp4.yaml --ext yaml -o output/kibana.yaml
 	rm output/kibana.tmp*.yaml
 	rm output/kibana.serverless.tmp*.yaml
 
 .PHONY: api-docs-preview
 api-docs-preview: ## Generate a preview for kibana.yaml and kibana.serverless.yaml
-	@npx bump preview "output/kibana.yaml"
-	@npx bump preview "output/kibana.serverless.yaml"
-
-.PHONY: api-docs-overlay-preview
-api-docs-overlay-preview: ## Generate a preview for kibana.new.yaml and kibana.serverless.new.yaml
-	@npx bump preview "output/kibana.new.yaml"
-	@npx bump preview "output/kibana.serverless.new.yaml"
+	@echo "Rendering stateful docs preview..."
+	@npx bump-cli preview "output/kibana.yaml"
+	@echo "Rendering serverless docs preview..."
+	@npx bump-cli preview "output/kibana.serverless.yaml"
 
 help:  ## Display help
 	@awk 'BEGIN {FS = ":.*##"; printf "Usage:\n  make \033[36m<target>\033[0m\n"} /^[a-zA-Z_-]+:.*?##/ { printf "  \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
 #------------- <https://suva.sh/posts/well-documented-makefiles> --------------
 
-.DEFAULT_GOAL := help
-
+.DEFAULT_GOAL := help
\ No newline at end of file
diff --git a/oas_docs/output/kibana.serverless.yaml b/oas_docs/output/kibana.serverless.yaml
index 5f18154db449d..10dbdbe44e26a 100644
--- a/oas_docs/output/kibana.serverless.yaml
+++ b/oas_docs/output/kibana.serverless.yaml
@@ -2,61 +2,36 @@ openapi: 3.0.3
 info:
   contact:
     name: Kibana Team
-  description: >
+  description: |
     **Technical preview**  
-
-    This functionality is in technical preview and may be changed or removed in
-    a future release.
-
-    Elastic will work to fix any issues, but features in technical preview are
-    not subject to the support SLA of official GA features.
-
+    This functionality is in technical preview and may be changed or removed in a future release.
+    Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
 
     The Kibana REST APIs for Elastic serverless enable you to manage resources
-
     such as connectors, data views, and saved objects. The API calls are
-
     stateless. Each request that you make happens in isolation from other calls
-
     and must include all of the necessary information for Kibana to fulfill the
-
     request. API requests return JSON output, which is a format that is
-
     machine-readable and works well for automation.
 
-
     To interact with Kibana APIs, use the following operations:
 
-
     - GET: Fetches the information.
-
     - POST: Adds new information.
-
     - PUT: Updates the existing information.
-
     - DELETE: Removes the information.
 
-
     You can prepend any Kibana API endpoint with `kbn:` and run the request in
-
     **Dev Tools → Console**. For example:
 
-
     ```
-
     GET kbn:/api/data_views
-
     ```
 
-
     ## Documentation source and versions
 
-
-    This documentation is derived from the `main` branch of the
-    [kibana](https://github.com/elastic/kibana) repository.
-
-    It is provided under license [Attribution-NonCommercial-NoDerivatives 4.0
-    International](https://creativecommons.org/licenses/by-nc-nd/4.0/).
+    This documentation is derived from the `main` branch of the [kibana](https://github.com/elastic/kibana) repository.
+    It is provided under license [Attribution-NonCommercial-NoDerivatives 4.0 International](https://creativecommons.org/licenses/by-nc-nd/4.0/).
   title: Kibana Serverless APIs
   version: 1.0.2
   x-doc-license:
@@ -64,23 +39,118 @@ info:
     url: https://creativecommons.org/licenses/by-nc-nd/4.0/
   x-feedbackLink:
     label: Feedback
-    url: >-
-      https://github.com/elastic/docs-content/issues/new?assignees=&labels=feedback%2Ccommunity&projects=&template=api-feedback.yaml&title=%5BFeedback%5D%3A+
+    url: https://github.com/elastic/docs-content/issues/new?assignees=&labels=feedback%2Ccommunity&projects=&template=api-feedback.yaml&title=%5BFeedback%5D%3A+
 servers:
-  - url: http://{kibana_host}:{port}
-    variables:
-      kibana_host:
-        default: localhost
-      port:
-        default: '5601'
-  - url: http://localhost:5622
   - url: https://{kibana_url}
     variables:
       kibana_url:
         default: localhost:5601
-  - url: /
-  - description: local
-    url: http://localhost:5601
+security:
+  - apiKeyAuth: []
+tags:
+  - name: alerting
+    description: |
+      Alerting enables you to define rules, which detect complex conditions within your data. When a condition is met, the rule tracks it as an alert and runs the actions that are defined in the rule.  Actions typically involve the use of connectors to interact with Kibana services or third party integrations.
+    externalDocs:
+      description: Alerting documentation
+      url: https://www.elastic.co/docs/current/serverless/rules
+    x-displayName: Alerting
+  - description: |
+      Adjust APM agent configuration without need to redeploy your application.
+    name: APM agent configuration
+  - description: |
+      Configure APM agent keys to authorize requests from APM agents to the APM Server.
+    name: APM agent keys
+  - description: |
+      Annotate visualizations in the APM app with significant events. Annotations enable you to easily see how events are impacting the performance of your applications.
+    name: APM annotations
+  - description: Create APM fleet server schema.
+    name: APM server schema
+  - description: Configure APM source maps.
+    name: APM sourcemaps
+  - name: connectors
+    description: |
+      Connectors provide a central place to store connection information for services and integrations with Elastic or third party systems. Alerting rules can use connectors to run actions when rule conditions are met.
+    externalDocs:
+      description: Connector documentation
+      url: https://www.elastic.co/docs/current/serverless/action-connectors
+    x-displayName: Connectors
+  - name: Data streams
+  - description: Data view APIs enable you to manage data views, formerly known as Kibana index patterns.
+    name: data views
+    x-displayName: Data views
+  - name: Elastic Agent actions
+  - name: Elastic Agent binary download sources
+  - name: Elastic Agent policies
+  - name: Elastic Agent status
+  - name: Elastic Agents
+  - name: Elastic Package Manager (EPM)
+  - name: Fleet enrollment API keys
+  - name: Fleet internals
+  - name: Fleet outputs
+  - name: Fleet package policies
+  - name: Fleet proxies
+  - name: Fleet Server hosts
+  - name: Fleet service tokens
+  - name: Fleet uninstall tokens
+  - name: Message Signing Service
+  - description: Machine learning
+    name: ml
+    x-displayName: Machine learning
+  - name: roles
+    x-displayName: Roles
+    description: Manage the roles that grant Elasticsearch and Kibana privileges.
+    externalDocs:
+      description: Kibana role management
+      url: https://www.elastic.co/guide/en/kibana/master/kibana-role-management.html
+  - description: |
+      Export sets of saved objects that you want to import into Kibana, resolve import errors, and rotate an encryption key for encrypted saved objects with the saved objects APIs.
+
+      To manage a specific type of saved object, use the corresponding APIs.
+      For example, use:
+
+      [Data views](../group/endpoint-data-views)
+
+      Warning: Do not write documents directly to the `.kibana` index. When you write directly to the `.kibana` index, the data becomes corrupted and permanently breaks future Kibana versions.
+    name: saved objects
+    x-displayName: Saved objects
+  - description: Manage and interact with Security Assistant resources.
+    name: Security AI Assistant API
+    x-displayName: Security AI assistant
+  - description: You can create rules that automatically turn events and external alerts sent to Elastic Security into detection alerts. These alerts are displayed on the Detections page.
+    name: Security Detections API
+    x-displayName: Security detections
+  - description: Endpoint Exceptions API allows you to manage detection rule endpoint exceptions to prevent a rule from generating an alert from incoming events even when the rule's other criteria are met.
+    name: Security Endpoint Exceptions API
+    x-displayName: Security endpoint exceptions
+  - description: Interact with and manage endpoints running the Elastic Defend integration.
+    name: Security Endpoint Management API
+    x-displayName: Security endpoint management
+  - description: ''
+    name: Security Entity Analytics API
+    x-displayName: Security entity analytics
+  - description: Exceptions API allows you to manage detection rule exceptions to prevent a rule from generating an alert from incoming events even when the rule's other criteria are met.
+    name: Security Exceptions API
+    x-displayName: Security exceptions
+  - description: Lists API allows you to manage lists of keywords, IPs or IP ranges items.
+    name: Security Lists API
+    x-displayName: Security lists
+  - description: Run live queries, manage packs and saved queries.
+    name: Security Osquery API
+    x-displayName: Security Osquery
+  - description: You can create Timelines and Timeline templates via the API, as well as import new Timelines from an ndjson file.
+    name: Security Timeline API
+    x-displayName: Security timeline
+  - description: SLO APIs enable you to define, manage and track service-level objectives
+    name: slo
+    x-displayName: Service level objectives
+  - name: spaces
+    x-displayName: Spaces
+    description: Manage your Kibana spaces.
+  - name: system
+    x-displayName: System
+    description: |
+      Get information about the system status, resource usage, and installed plugins.
 paths:
   /api/actions/connector_types:
     get:
@@ -95,18 +165,24 @@ paths:
             enum:
               - '2023-10-31'
             type: string
-        - description: >-
-            A filter to limit the retrieved connector types to those that
-            support a specific feature (such as alerting or cases).
+        - description: A filter to limit the retrieved connector types to those that support a specific feature (such as alerting or cases).
           in: query
           name: feature_id
           required: false
           schema:
             type: string
-      responses: {}
+      responses:
+        '200':
+          description: Indicates a successful call.
+          content:
+            application/json; Elastic-Api-Version=2023-10-31:
+              examples:
+                getConnectorTypesServerlessResponse:
+                  $ref: '#/components/examples/get_connector_types_generativeai_response'
       summary: Get connector types
       tags:
         - connectors
+      x-beta: true
   /api/actions/connector/{id}:
     delete:
       description: 'WARNING: When you delete a connector, it cannot be recovered.'
@@ -139,6 +215,7 @@ paths:
       summary: Delete a connector
       tags:
         - connectors
+      x-beta: true
     get:
       operationId: get-actions-connector-id
       parameters:
@@ -180,15 +257,10 @@ paths:
                     description: Indicates whether the connector is missing secrets.
                     type: boolean
                   is_preconfigured:
-                    description: >-
-                      Indicates whether the connector is preconfigured. If true,
-                      the `config` and `is_missing_secrets` properties are
-                      omitted from the response. 
+                    description: 'Indicates whether the connector is preconfigured. If true, the `config` and `is_missing_secrets` properties are omitted from the response. '
                     type: boolean
                   is_system_action:
-                    description: >-
-                      Indicates whether the connector is used for system
-                      actions.
+                    description: Indicates whether the connector is used for system actions.
                     type: boolean
                   name:
                     description: ' The name of the rule.'
@@ -200,10 +272,14 @@ paths:
                   - is_preconfigured
                   - is_deprecated
                   - is_system_action
+              examples:
+                getConnectorResponse:
+                  $ref: '#/components/examples/get_connector_response'
           description: Indicates a successful call.
       summary: Get connector information
       tags:
         - connectors
+      x-beta: true
     post:
       operationId: post-actions-connector-id
       parameters:
@@ -225,7 +301,7 @@ paths:
         - description: An identifier for the connector.
           in: path
           name: id
-          required: false
+          required: true
           schema:
             type: string
       requestBody:
@@ -235,23 +311,77 @@ paths:
               additionalProperties: false
               type: object
               properties:
-                config:
-                  additionalProperties: {}
-                  default: {}
-                  type: object
                 connector_type_id:
                   description: The type of connector.
                   type: string
                 name:
                   description: The display name for the connector.
                   type: string
+                config:
+                  additionalProperties: {}
+                  default: {}
+                  description: The connector configuration details.
+                  oneOf:
+                    - $ref: '#/components/schemas/bedrock_config'
+                    - $ref: '#/components/schemas/crowdstrike_config'
+                    - $ref: '#/components/schemas/d3security_config'
+                    - $ref: '#/components/schemas/email_config'
+                    - $ref: '#/components/schemas/gemini_config'
+                    - $ref: '#/components/schemas/resilient_config'
+                    - $ref: '#/components/schemas/index_config'
+                    - $ref: '#/components/schemas/jira_config'
+                    - $ref: '#/components/schemas/genai_azure_config'
+                    - $ref: '#/components/schemas/genai_openai_config'
+                    - $ref: '#/components/schemas/opsgenie_config'
+                    - $ref: '#/components/schemas/pagerduty_config'
+                    - $ref: '#/components/schemas/sentinelone_config'
+                    - $ref: '#/components/schemas/servicenow_config'
+                    - $ref: '#/components/schemas/servicenow_itom_config'
+                    - $ref: '#/components/schemas/slack_api_config'
+                    - $ref: '#/components/schemas/swimlane_config'
+                    - $ref: '#/components/schemas/thehive_config'
+                    - $ref: '#/components/schemas/tines_config'
+                    - $ref: '#/components/schemas/torq_config'
+                    - $ref: '#/components/schemas/webhook_config'
+                    - $ref: '#/components/schemas/cases_webhook_config'
+                    - $ref: '#/components/schemas/xmatters_config'
                 secrets:
                   additionalProperties: {}
                   default: {}
-                  type: object
+                  oneOf:
+                    - $ref: '#/components/schemas/bedrock_secrets'
+                    - $ref: '#/components/schemas/crowdstrike_secrets'
+                    - $ref: '#/components/schemas/d3security_secrets'
+                    - $ref: '#/components/schemas/email_secrets'
+                    - $ref: '#/components/schemas/gemini_secrets'
+                    - $ref: '#/components/schemas/resilient_secrets'
+                    - $ref: '#/components/schemas/jira_secrets'
+                    - $ref: '#/components/schemas/teams_secrets'
+                    - $ref: '#/components/schemas/genai_secrets'
+                    - $ref: '#/components/schemas/opsgenie_secrets'
+                    - $ref: '#/components/schemas/pagerduty_secrets'
+                    - $ref: '#/components/schemas/sentinelone_secrets'
+                    - $ref: '#/components/schemas/servicenow_secrets'
+                    - $ref: '#/components/schemas/slack_api_secrets'
+                    - $ref: '#/components/schemas/swimlane_secrets'
+                    - $ref: '#/components/schemas/thehive_secrets'
+                    - $ref: '#/components/schemas/tines_secrets'
+                    - $ref: '#/components/schemas/torq_secrets'
+                    - $ref: '#/components/schemas/webhook_secrets'
+                    - $ref: '#/components/schemas/cases_webhook_secrets'
+                    - $ref: '#/components/schemas/xmatters_secrets'
               required:
                 - name
                 - connector_type_id
+            examples:
+              createEmailConnectorRequest:
+                $ref: '#/components/examples/create_email_connector_request'
+              createIndexConnectorRequest:
+                $ref: '#/components/examples/create_index_connector_request'
+              createWebhookConnectorRequest:
+                $ref: '#/components/examples/create_webhook_connector_request'
+              createXmattersConnectorRequest:
+                $ref: '#/components/examples/create_xmatters_connector_request'
       responses:
         '200':
           content:
@@ -276,15 +406,10 @@ paths:
                     description: Indicates whether the connector is missing secrets.
                     type: boolean
                   is_preconfigured:
-                    description: >-
-                      Indicates whether the connector is preconfigured. If true,
-                      the `config` and `is_missing_secrets` properties are
-                      omitted from the response. 
+                    description: 'Indicates whether the connector is preconfigured. If true, the `config` and `is_missing_secrets` properties are omitted from the response. '
                     type: boolean
                   is_system_action:
-                    description: >-
-                      Indicates whether the connector is used for system
-                      actions.
+                    description: Indicates whether the connector is used for system actions.
                     type: boolean
                   name:
                     description: ' The name of the rule.'
@@ -296,10 +421,20 @@ paths:
                   - is_preconfigured
                   - is_deprecated
                   - is_system_action
+              examples:
+                createEmailConnectorResponse:
+                  $ref: '#/components/examples/create_email_connector_response'
+                createIndexConnectorResponse:
+                  $ref: '#/components/examples/create_index_connector_response'
+                createWebhookConnectorResponse:
+                  $ref: '#/components/examples/create_webhook_connector_response'
+                createXmattersConnectorResponse:
+                  $ref: '#/components/examples/get_connector_response'
           description: Indicates a successful call.
       summary: Create a connector
       tags:
         - connectors
+      x-beta: true
     put:
       operationId: put-actions-connector-id
       parameters:
@@ -331,19 +466,67 @@ paths:
               additionalProperties: false
               type: object
               properties:
-                config:
-                  additionalProperties: {}
-                  default: {}
-                  type: object
                 name:
                   description: The display name for the connector.
                   type: string
+                config:
+                  additionalProperties: {}
+                  default: {}
+                  description: The connector configuration details.
+                  oneOf:
+                    - $ref: '#/components/schemas/bedrock_config'
+                    - $ref: '#/components/schemas/crowdstrike_config'
+                    - $ref: '#/components/schemas/d3security_config'
+                    - $ref: '#/components/schemas/email_config'
+                    - $ref: '#/components/schemas/gemini_config'
+                    - $ref: '#/components/schemas/resilient_config'
+                    - $ref: '#/components/schemas/index_config'
+                    - $ref: '#/components/schemas/jira_config'
+                    - $ref: '#/components/schemas/genai_azure_config'
+                    - $ref: '#/components/schemas/genai_openai_config'
+                    - $ref: '#/components/schemas/opsgenie_config'
+                    - $ref: '#/components/schemas/pagerduty_config'
+                    - $ref: '#/components/schemas/sentinelone_config'
+                    - $ref: '#/components/schemas/servicenow_config'
+                    - $ref: '#/components/schemas/servicenow_itom_config'
+                    - $ref: '#/components/schemas/slack_api_config'
+                    - $ref: '#/components/schemas/swimlane_config'
+                    - $ref: '#/components/schemas/thehive_config'
+                    - $ref: '#/components/schemas/tines_config'
+                    - $ref: '#/components/schemas/torq_config'
+                    - $ref: '#/components/schemas/webhook_config'
+                    - $ref: '#/components/schemas/cases_webhook_config'
+                    - $ref: '#/components/schemas/xmatters_config'
                 secrets:
                   additionalProperties: {}
                   default: {}
-                  type: object
+                  oneOf:
+                    - $ref: '#/components/schemas/bedrock_secrets'
+                    - $ref: '#/components/schemas/crowdstrike_secrets'
+                    - $ref: '#/components/schemas/d3security_secrets'
+                    - $ref: '#/components/schemas/email_secrets'
+                    - $ref: '#/components/schemas/gemini_secrets'
+                    - $ref: '#/components/schemas/resilient_secrets'
+                    - $ref: '#/components/schemas/jira_secrets'
+                    - $ref: '#/components/schemas/teams_secrets'
+                    - $ref: '#/components/schemas/genai_secrets'
+                    - $ref: '#/components/schemas/opsgenie_secrets'
+                    - $ref: '#/components/schemas/pagerduty_secrets'
+                    - $ref: '#/components/schemas/sentinelone_secrets'
+                    - $ref: '#/components/schemas/servicenow_secrets'
+                    - $ref: '#/components/schemas/slack_api_secrets'
+                    - $ref: '#/components/schemas/swimlane_secrets'
+                    - $ref: '#/components/schemas/thehive_secrets'
+                    - $ref: '#/components/schemas/tines_secrets'
+                    - $ref: '#/components/schemas/torq_secrets'
+                    - $ref: '#/components/schemas/webhook_secrets'
+                    - $ref: '#/components/schemas/cases_webhook_secrets'
+                    - $ref: '#/components/schemas/xmatters_secrets'
               required:
                 - name
+            examples:
+              updateIndexConnectorRequest:
+                $ref: '#/components/examples/update_index_connector_request'
       responses:
         '200':
           content:
@@ -368,15 +551,10 @@ paths:
                     description: Indicates whether the connector is missing secrets.
                     type: boolean
                   is_preconfigured:
-                    description: >-
-                      Indicates whether the connector is preconfigured. If true,
-                      the `config` and `is_missing_secrets` properties are
-                      omitted from the response. 
+                    description: 'Indicates whether the connector is preconfigured. If true, the `config` and `is_missing_secrets` properties are omitted from the response. '
                     type: boolean
                   is_system_action:
-                    description: >-
-                      Indicates whether the connector is used for system
-                      actions.
+                    description: Indicates whether the connector is used for system actions.
                     type: boolean
                   name:
                     description: ' The name of the rule.'
@@ -392,11 +570,10 @@ paths:
       summary: Update a connector
       tags:
         - connectors
+      x-beta: true
   /api/actions/connector/{id}/_execute:
     post:
-      description: >-
-        You can use this API to test an action that involves interaction with
-        Kibana services or integrations with third-party systems.
+      description: You can use this API to test an action that involves interaction with Kibana services or integrations with third-party systems.
       operationId: post-actions-connector-id-execute
       parameters:
         - description: The version of the API to use
@@ -429,9 +606,40 @@ paths:
               properties:
                 params:
                   additionalProperties: {}
-                  type: object
+                  oneOf:
+                    - $ref: '#/components/schemas/run_acknowledge_resolve_pagerduty'
+                    - $ref: '#/components/schemas/run_documents'
+                    - $ref: '#/components/schemas/run_message_email'
+                    - $ref: '#/components/schemas/run_message_serverlog'
+                    - $ref: '#/components/schemas/run_message_slack'
+                    - $ref: '#/components/schemas/run_trigger_pagerduty'
+                    - $ref: '#/components/schemas/run_addevent'
+                    - $ref: '#/components/schemas/run_closealert'
+                    - $ref: '#/components/schemas/run_closeincident'
+                    - $ref: '#/components/schemas/run_createalert'
+                    - $ref: '#/components/schemas/run_fieldsbyissuetype'
+                    - $ref: '#/components/schemas/run_getchoices'
+                    - $ref: '#/components/schemas/run_getfields'
+                    - $ref: '#/components/schemas/run_getincident'
+                    - $ref: '#/components/schemas/run_issue'
+                    - $ref: '#/components/schemas/run_issues'
+                    - $ref: '#/components/schemas/run_issuetypes'
+                    - $ref: '#/components/schemas/run_postmessage'
+                    - $ref: '#/components/schemas/run_pushtoservice'
+                    - $ref: '#/components/schemas/run_validchannelid'
               required:
                 - params
+            examples:
+              runIndexConnectorRequest:
+                $ref: '#/components/examples/run_index_connector_request'
+              runJiraConnectorRequest:
+                $ref: '#/components/examples/run_jira_connector_request'
+              runServerLogConnectorRequest:
+                $ref: '#/components/examples/run_servicenow_itom_connector_request'
+              runSlackConnectorRequest:
+                $ref: '#/components/examples/run_slack_api_connector_request'
+              runSwimlaneConnectorRequest:
+                $ref: '#/components/examples/run_swimlane_connector_request'
       responses:
         '200':
           content:
@@ -456,15 +664,10 @@ paths:
                     description: Indicates whether the connector is missing secrets.
                     type: boolean
                   is_preconfigured:
-                    description: >-
-                      Indicates whether the connector is preconfigured. If true,
-                      the `config` and `is_missing_secrets` properties are
-                      omitted from the response. 
+                    description: 'Indicates whether the connector is preconfigured. If true, the `config` and `is_missing_secrets` properties are omitted from the response. '
                     type: boolean
                   is_system_action:
-                    description: >-
-                      Indicates whether the connector is used for system
-                      actions.
+                    description: Indicates whether the connector is used for system actions.
                     type: boolean
                   name:
                     description: ' The name of the rule.'
@@ -476,10 +679,24 @@ paths:
                   - is_preconfigured
                   - is_deprecated
                   - is_system_action
+              examples:
+                runIndexConnectorResponse:
+                  $ref: '#/components/examples/run_index_connector_response'
+                runJiraConnectorResponse:
+                  $ref: '#/components/examples/run_jira_connector_response'
+                runServerLogConnectorResponse:
+                  $ref: '#/components/examples/run_server_log_connector_response'
+                runServiceNowITOMConnectorResponse:
+                  $ref: '#/components/examples/run_servicenow_itom_connector_response'
+                runSlackConnectorResponse:
+                  $ref: '#/components/examples/run_slack_api_connector_response'
+                runSwimlaneConnectorResponse:
+                  $ref: '#/components/examples/run_swimlane_connector_response'
           description: Indicates a successful call.
       summary: Run a connector
       tags:
         - connectors
+      x-beta: true
   /api/actions/connectors:
     get:
       operationId: get-actions-connectors
@@ -492,10 +709,18 @@ paths:
             enum:
               - '2023-10-31'
             type: string
-      responses: {}
+      responses:
+        '200':
+          description: Indicates a successful call.
+          content:
+            application/json; Elastic-Api-Version=2023-10-31:
+              examples:
+                getConnectorsResponse:
+                  $ref: '#/components/examples/get_connectors_response'
       summary: Get all connectors
       tags:
         - connectors
+      x-beta: true
   /api/alerting/rule/{id}:
     delete:
       operationId: delete-alerting-rule-id
@@ -533,6 +758,7 @@ paths:
       summary: Delete a rule
       tags:
         - alerting
+      x-beta: true
     get:
       operationId: get-alerting-rule-id
       parameters:
@@ -565,9 +791,7 @@ paths:
                       properties:
                         alerts_filter:
                           additionalProperties: false
-                          description: >-
-                            Defines a period that limits whether the action
-                            runs.
+                          description: Defines a period that limits whether the action runs.
                           type: object
                           properties:
                             query:
@@ -575,15 +799,10 @@ paths:
                               type: object
                               properties:
                                 dsl:
-                                  description: >-
-                                    A filter written in Elasticsearch Query
-                                    Domain Specific Language (DSL).
+                                  description: A filter written in Elasticsearch Query Domain Specific Language (DSL).
                                   type: string
                                 filters:
-                                  description: >-
-                                    A filter written in Elasticsearch Query
-                                    Domain Specific Language (DSL) as defined in
-                                    the `kbn-es-query` package.
+                                  description: A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package.
                                   items:
                                     additionalProperties: false
                                     type: object
@@ -593,9 +812,7 @@ paths:
                                         type: object
                                         properties:
                                           store:
-                                            description: >-
-                                              A filter can be either specific to an
-                                              application context or applied globally.
+                                            description: A filter can be either specific to an application context or applied globally.
                                             enum:
                                               - appState
                                               - globalState
@@ -612,9 +829,7 @@ paths:
                                       - meta
                                   type: array
                                 kql:
-                                  description: >-
-                                    A filter written in Kibana Query Language
-                                    (KQL).
+                                  description: A filter written in Kibana Query Language (KQL).
                                   type: string
                               required:
                                 - kql
@@ -624,12 +839,7 @@ paths:
                               type: object
                               properties:
                                 days:
-                                  description: >-
-                                    Defines the days of the week that the action
-                                    can run, represented as an array of numbers.
-                                    For example, `1` represents Monday. An empty
-                                    array is equivalent to specifying all the
-                                    days of the week.
+                                  description: Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week.
                                   items:
                                     enum:
                                       - 1
@@ -646,55 +856,30 @@ paths:
                                   type: object
                                   properties:
                                     end:
-                                      description: >-
-                                        The end of the time frame in 24-hour
-                                        notation (`hh:mm`).
+                                      description: The end of the time frame in 24-hour notation (`hh:mm`).
                                       type: string
                                     start:
-                                      description: >-
-                                        The start of the time frame in 24-hour
-                                        notation (`hh:mm`).
+                                      description: The start of the time frame in 24-hour notation (`hh:mm`).
                                       type: string
                                   required:
                                     - start
                                     - end
                                 timezone:
-                                  description: >-
-                                    The ISO time zone for the `hours` values.
-                                    Values such as `UTC` and `UTC+1` also work
-                                    but lack built-in daylight savings time
-                                    support and are not recommended.
+                                  description: The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended.
                                   type: string
                               required:
                                 - days
                                 - hours
                                 - timezone
                         connector_type_id:
-                          description: >-
-                            The type of connector. This property appears in
-                            responses but cannot be set in requests.
+                          description: The type of connector. This property appears in responses but cannot be set in requests.
                           type: string
                         frequency:
                           additionalProperties: false
                           type: object
                           properties:
                             notify_when:
-                              description: >-
-                                Indicates how often alerts generate actions.
-                                Valid values include: `onActionGroupChange`:
-                                Actions run when the alert status changes;
-                                `onActiveAlert`: Actions run when the alert
-                                becomes active and at each check interval while
-                                the rule conditions are met;
-                                `onThrottleInterval`: Actions run when the alert
-                                becomes active and at the interval specified in
-                                the throttle property while the rule conditions
-                                are met. NOTE: You cannot specify `notify_when`
-                                at both the rule and action level. The
-                                recommended method is to set it for each action.
-                                If you set it at the rule level then update the
-                                rule in Kibana, it is automatically changed to
-                                use action-specific values.
+                              description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.'
                               enum:
                                 - onActionGroupChange
                                 - onActiveAlert
@@ -704,18 +889,7 @@ paths:
                               description: Indicates whether the action is a summary.
                               type: boolean
                             throttle:
-                              description: >-
-                                The throttle interval, which defines how often
-                                an alert generates repeated actions. It is
-                                specified in seconds, minutes, hours, or days
-                                and is applicable only if 'notify_when' is set
-                                to 'onThrottleInterval'. NOTE: You cannot
-                                specify the throttle interval at both the rule
-                                and action level. The recommended method is to
-                                set it for each action. If you set it at the
-                                rule level then update the rule in Kibana, it is
-                                automatically changed to use action-specific
-                                values.
+                              description: 'The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if ''notify_when'' is set to ''onThrottleInterval''. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.'
                               nullable: true
                               type: string
                           required:
@@ -723,30 +897,20 @@ paths:
                             - notify_when
                             - throttle
                         group:
-                          description: >-
-                            The group name, which affects when the action runs
-                            (for example, when the threshold is met or when the
-                            alert is recovered). Each rule type has a list of
-                            valid action group names. If you don't need to group
-                            actions, set to `default`.
+                          description: The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`.
                           type: string
                         id:
                           description: The identifier for the connector saved object.
                           type: string
                         params:
                           additionalProperties: {}
-                          description: >-
-                            The parameters for the action, which are sent to the
-                            connector. The `params` are handled as Mustache
-                            templates and passed a default set of context.
+                          description: The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context.
                           type: object
                         use_alert_data_for_template:
                           description: Indicates whether to use alert data as a template.
                           type: boolean
                         uuid:
-                          description: >-
-                            A universally unique identifier (UUID) for the
-                            action.
+                          description: A universally unique identifier (UUID) for the action.
                           type: string
                       required:
                         - id
@@ -760,36 +924,24 @@ paths:
                     type: array
                   alert_delay:
                     additionalProperties: false
-                    description: >-
-                      Indicates that an alert occurs only when the specified
-                      number of consecutive runs met the rule conditions.
+                    description: Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions.
                     type: object
                     properties:
                       active:
-                        description: >-
-                          The number of consecutive runs that must meet the rule
-                          conditions.
+                        description: The number of consecutive runs that must meet the rule conditions.
                         type: number
                     required:
                       - active
                   api_key_created_by_user:
-                    description: >-
-                      Indicates whether the API key that is associated with the
-                      rule was created by the user.
+                    description: Indicates whether the API key that is associated with the rule was created by the user.
                     nullable: true
                     type: boolean
                   api_key_owner:
-                    description: >-
-                      The owner of the API key that is associated with the rule
-                      and used to run background tasks.
+                    description: The owner of the API key that is associated with the rule and used to run background tasks.
                     nullable: true
                     type: string
                   consumer:
-                    description: >-
-                      The name of the application or feature that owns the rule.
-                      For example: `alerts`, `apm`, `discover`,
-                      `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`,
-                      `securitySolution`, `siem`, `stackAlerts`, or `uptime`.
+                    description: 'The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.'
                     type: string
                   created_at:
                     description: The date and time that the rule was created.
@@ -799,9 +951,7 @@ paths:
                     nullable: true
                     type: string
                   enabled:
-                    description: >-
-                      Indicates whether you want to run the rule on an interval
-                      basis after it is created.
+                    description: Indicates whether you want to run the rule on an interval basis after it is created.
                     type: boolean
                   execution_status:
                     additionalProperties: false
@@ -915,9 +1065,7 @@ paths:
                             nullable: true
                             type: number
                       outcome:
-                        description: >-
-                          Outcome of last run of the rule. Value could be
-                          succeeded, warning or failed.
+                        description: Outcome of last run of the rule. Value could be succeeded, warning or failed.
                         enum:
                           - succeeded
                           - warning
@@ -967,9 +1115,7 @@ paths:
                         properties:
                           calculated_metrics:
                             additionalProperties: false
-                            description: >-
-                              Calculation of different percentiles and success
-                              ratio.
+                            description: Calculation of different percentiles and success ratio.
                             type: object
                             properties:
                               p50:
@@ -992,18 +1138,14 @@ paths:
                                   description: Duration of the rule run.
                                   type: number
                                 outcome:
-                                  description: >-
-                                    Outcome of last run of the rule. Value could
-                                    be succeeded, warning or failed.
+                                  description: Outcome of last run of the rule. Value could be succeeded, warning or failed.
                                   enum:
                                     - succeeded
                                     - warning
                                     - failed
                                   type: string
                                 success:
-                                  description: >-
-                                    Indicates whether the rule run was
-                                    successful.
+                                  description: Indicates whether the rule run was successful.
                                   type: boolean
                                 timestamp:
                                   description: Time of rule run.
@@ -1028,29 +1170,19 @@ paths:
                                     nullable: true
                                     type: number
                                   total_alerts_created:
-                                    description: >-
-                                      Total number of alerts created during last
-                                      rule run.
+                                    description: Total number of alerts created during last rule run.
                                     nullable: true
                                     type: number
                                   total_alerts_detected:
-                                    description: >-
-                                      Total number of alerts detected during
-                                      last rule run.
+                                    description: Total number of alerts detected during last rule run.
                                     nullable: true
                                     type: number
                                   total_indexing_duration_ms:
-                                    description: >-
-                                      Total time spent indexing documents during
-                                      last rule run in milliseconds.
+                                    description: Total time spent indexing documents during last rule run in milliseconds.
                                     nullable: true
                                     type: number
                                   total_search_duration_ms:
-                                    description: >-
-                                      Total time spent performing Elasticsearch
-                                      searches as measured by Kibana; includes
-                                      network latency and time spent serializing
-                                      or deserializing the request and response.
+                                    description: Total time spent performing Elasticsearch searches as measured by Kibana; includes network latency and time spent serializing or deserializing the request and response.
                                     nullable: true
                                     type: number
                               timestamp:
@@ -1081,19 +1213,7 @@ paths:
                     nullable: true
                     type: string
                   notify_when:
-                    description: >-
-                      Indicates how often alerts generate actions. Valid values
-                      include: `onActionGroupChange`: Actions run when the alert
-                      status changes; `onActiveAlert`: Actions run when the
-                      alert becomes active and at each check interval while the
-                      rule conditions are met; `onThrottleInterval`: Actions run
-                      when the alert becomes active and at the interval
-                      specified in the throttle property while the rule
-                      conditions are met. NOTE: You cannot specify `notify_when`
-                      at both the rule and action level. The recommended method
-                      is to set it for each action. If you set it at the rule
-                      level then update the rule in Kibana, it is automatically
-                      changed to use action-specific values.
+                    description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.'
                     enum:
                       - onActionGroupChange
                       - onActiveAlert
@@ -1119,9 +1239,7 @@ paths:
                     type: object
                     properties:
                       interval:
-                        description: >-
-                          The interval is specified in seconds, minutes, hours,
-                          or days.
+                        description: The interval is specified in seconds, minutes, hours, or days.
                         type: string
                     required:
                       - interval
@@ -1157,9 +1275,7 @@ paths:
                               type: array
                             bymonth:
                               items:
-                                description: >-
-                                  Indicates months of the year that this rule
-                                  should recur.
+                                description: Indicates months of the year that this rule should recur.
                                 type: number
                               nullable: true
                               type: array
@@ -1177,12 +1293,7 @@ paths:
                               type: array
                             bysetpos:
                               items:
-                                description: >-
-                                  A positive or negative integer affecting the
-                                  nth day of the month. For example, -2 combined
-                                  with `byweekday` of FR is 2nd to last Friday
-                                  of the month. It is recommended to not set
-                                  this manually and just use `byweekday`.
+                                description: A positive or negative integer affecting the nth day of the month. For example, -2 combined with `byweekday` of FR is 2nd to last Friday of the month. It is recommended to not set this manually and just use `byweekday`.
                                 type: number
                               nullable: true
                               type: array
@@ -1191,13 +1302,7 @@ paths:
                                 anyOf:
                                   - type: string
                                   - type: number
-                                description: >-
-                                  Indicates the days of the week to recur or
-                                  else nth-day-of-month strings. For example,
-                                  "+2TU" second Tuesday of month, "-1FR" last
-                                  Friday of the month, which are internally
-                                  converted to a `byweekday/bysetpos`
-                                  combination.
+                                description: Indicates the days of the week to recur or else nth-day-of-month strings. For example, "+2TU" second Tuesday of month, "-1FR" last Friday of the month, which are internally converted to a `byweekday/bysetpos` combination.
                               nullable: true
                               type: array
                             byweekno:
@@ -1208,26 +1313,18 @@ paths:
                               type: array
                             byyearday:
                               items:
-                                description: >-
-                                  Indicates the days of the year that this rule
-                                  should recur.
+                                description: Indicates the days of the year that this rule should recur.
                                 type: number
                               nullable: true
                               type: array
                             count:
-                              description: >-
-                                Number of times the rule should recur until it
-                                stops.
+                              description: Number of times the rule should recur until it stops.
                               type: number
                             dtstart:
-                              description: >-
-                                Rule start date in Coordinated Universal Time
-                                (UTC).
+                              description: Rule start date in Coordinated Universal Time (UTC).
                               type: string
                             freq:
-                              description: >-
-                                Indicates frequency of the rule. Options are
-                                YEARLY, MONTHLY, WEEKLY, DAILY.
+                              description: Indicates frequency of the rule. Options are YEARLY, MONTHLY, WEEKLY, DAILY.
                               enum:
                                 - 0
                                 - 1
@@ -1238,10 +1335,7 @@ paths:
                                 - 6
                               type: integer
                             interval:
-                              description: >-
-                                Indicates the interval of frequency. For
-                                example, 1 and YEARLY is every 1 year, 2 and
-                                WEEKLY is every 2 weeks.
+                              description: Indicates the interval of frequency. For example, 1 and YEARLY is every 1 year, 2 and WEEKLY is every 2 weeks.
                               type: number
                             tzid:
                               description: Indicates timezone abbreviation.
@@ -1279,23 +1373,14 @@ paths:
                     type: array
                   throttle:
                     deprecated: true
-                    description: >-
-                      Deprecated in 8.13.0. Use the `throttle` property in the
-                      action `frequency` object instead. The throttle interval,
-                      which defines how often an alert generates repeated
-                      actions. NOTE: You cannot specify the throttle interval at
-                      both the rule and action level. If you set it at the rule
-                      level then update the rule in Kibana, it is automatically
-                      changed to use action-specific values.
+                    description: 'Deprecated in 8.13.0. Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.'
                     nullable: true
                     type: string
                   updated_at:
                     description: The date and time that the rule was updated most recently.
                     type: string
                   updated_by:
-                    description: >-
-                      The identifier for the user that updated this rule most
-                      recently.
+                    description: The identifier for the user that updated this rule most recently.
                     nullable: true
                     type: string
                   view_in_app_relative_url:
@@ -1331,6 +1416,7 @@ paths:
       summary: Get rule details
       tags:
         - alerting
+      x-beta: true
     post:
       operationId: post-alerting-rule-id
       parameters:
@@ -1349,12 +1435,10 @@ paths:
           schema:
             example: 'true'
             type: string
-        - description: >-
-            The identifier for the rule. If it is omitted, an ID is randomly
-            generated.
+        - description: The identifier for the rule. If it is omitted, an ID is randomly generated.
           in: path
           name: id
-          required: false
+          required: true
           schema:
             type: string
       requestBody:
@@ -1373,12 +1457,7 @@ paths:
                     properties:
                       alerts_filter:
                         additionalProperties: false
-                        description: >-
-                          Conditions that affect whether the action runs. If you
-                          specify multiple conditions, all conditions must be
-                          met for the action to run. For example, if an alert
-                          occurs within the specified time frame and matches the
-                          query, the action runs.
+                        description: Conditions that affect whether the action runs. If you specify multiple conditions, all conditions must be met for the action to run. For example, if an alert occurs within the specified time frame and matches the query, the action runs.
                         type: object
                         properties:
                           query:
@@ -1386,15 +1465,10 @@ paths:
                             type: object
                             properties:
                               dsl:
-                                description: >-
-                                  A filter written in Elasticsearch Query Domain
-                                  Specific Language (DSL).
+                                description: A filter written in Elasticsearch Query Domain Specific Language (DSL).
                                 type: string
                               filters:
-                                description: >-
-                                  A filter written in Elasticsearch Query Domain
-                                  Specific Language (DSL) as defined in the
-                                  `kbn-es-query` package.
+                                description: A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package.
                                 items:
                                   additionalProperties: false
                                   type: object
@@ -1404,9 +1478,7 @@ paths:
                                       type: object
                                       properties:
                                         store:
-                                          description: >-
-                                            A filter can be either specific to an
-                                            application context or applied globally.
+                                          description: A filter can be either specific to an application context or applied globally.
                                           enum:
                                             - appState
                                             - globalState
@@ -1423,27 +1495,18 @@ paths:
                                     - meta
                                 type: array
                               kql:
-                                description: >-
-                                  A filter written in Kibana Query Language
-                                  (KQL).
+                                description: A filter written in Kibana Query Language (KQL).
                                 type: string
                             required:
                               - kql
                               - filters
                           timeframe:
                             additionalProperties: false
-                            description: >-
-                              Defines a period that limits whether the action
-                              runs.
+                            description: Defines a period that limits whether the action runs.
                             type: object
                             properties:
                               days:
-                                description: >-
-                                  Defines the days of the week that the action
-                                  can run, represented as an array of numbers.
-                                  For example, `1` represents Monday. An empty
-                                  array is equivalent to specifying all the days
-                                  of the week.
+                                description: Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week.
                                 items:
                                   enum:
                                     - 1
@@ -1457,32 +1520,20 @@ paths:
                                 type: array
                               hours:
                                 additionalProperties: false
-                                description: >-
-                                  Defines the range of time in a day that the
-                                  action can run. If the `start` value is
-                                  `00:00` and the `end` value is `24:00`,
-                                  actions be generated all day.
+                                description: Defines the range of time in a day that the action can run. If the `start` value is `00:00` and the `end` value is `24:00`, actions be generated all day.
                                 type: object
                                 properties:
                                   end:
-                                    description: >-
-                                      The end of the time frame in 24-hour
-                                      notation (`hh:mm`).
+                                    description: The end of the time frame in 24-hour notation (`hh:mm`).
                                     type: string
                                   start:
-                                    description: >-
-                                      The start of the time frame in 24-hour
-                                      notation (`hh:mm`).
+                                    description: The start of the time frame in 24-hour notation (`hh:mm`).
                                     type: string
                                 required:
                                   - start
                                   - end
                               timezone:
-                                description: >-
-                                  The ISO time zone for the `hours` values.
-                                  Values such as `UTC` and `UTC+1` also work but
-                                  lack built-in daylight savings time support
-                                  and are not recommended.
+                                description: The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended.
                                 type: string
                             required:
                               - days
@@ -1493,21 +1544,7 @@ paths:
                         type: object
                         properties:
                           notify_when:
-                            description: >-
-                              Indicates how often alerts generate actions. Valid
-                              values include: `onActionGroupChange`: Actions run
-                              when the alert status changes; `onActiveAlert`:
-                              Actions run when the alert becomes active and at
-                              each check interval while the rule conditions are
-                              met; `onThrottleInterval`: Actions run when the
-                              alert becomes active and at the interval specified
-                              in the throttle property while the rule conditions
-                              are met. NOTE: You cannot specify `notify_when` at
-                              both the rule and action level. The recommended
-                              method is to set it for each action. If you set it
-                              at the rule level then update the rule in Kibana,
-                              it is automatically changed to use action-specific
-                              values.
+                            description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.'
                             enum:
                               - onActionGroupChange
                               - onActiveAlert
@@ -1517,17 +1554,7 @@ paths:
                             description: Indicates whether the action is a summary.
                             type: boolean
                           throttle:
-                            description: >-
-                              The throttle interval, which defines how often an
-                              alert generates repeated actions. It is specified
-                              in seconds, minutes, hours, or days and is
-                              applicable only if `notify_when` is set to
-                              `onThrottleInterval`. NOTE: You cannot specify the
-                              throttle interval at both the rule and action
-                              level. The recommended method is to set it for
-                              each action. If you set it at the rule level then
-                              update the rule in Kibana, it is automatically
-                              changed to use action-specific values.
+                            description: 'The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if `notify_when` is set to `onThrottleInterval`. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.'
                             nullable: true
                             type: string
                         required:
@@ -1535,12 +1562,7 @@ paths:
                           - notify_when
                           - throttle
                       group:
-                        description: >-
-                          The group name, which affects when the action runs
-                          (for example, when the threshold is met or when the
-                          alert is recovered). Each rule type has a list of
-                          valid action group names. If you don't need to group
-                          actions, set to `default`.
+                        description: The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`.
                         type: string
                       id:
                         description: The identifier for the connector saved object.
@@ -1548,10 +1570,7 @@ paths:
                       params:
                         additionalProperties: {}
                         default: {}
-                        description: >-
-                          The parameters for the action, which are sent to the
-                          connector. The `params` are handled as Mustache
-                          templates and passed a default set of context.
+                        description: The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context.
                         type: object
                       use_alert_data_for_template:
                         description: Indicates whether to use alert data as a template.
@@ -1564,30 +1583,20 @@ paths:
                   type: array
                 alert_delay:
                   additionalProperties: false
-                  description: >-
-                    Indicates that an alert occurs only when the specified
-                    number of consecutive runs met the rule conditions.
+                  description: Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions.
                   type: object
                   properties:
                     active:
-                      description: >-
-                        The number of consecutive runs that must meet the rule
-                        conditions.
+                      description: The number of consecutive runs that must meet the rule conditions.
                       type: number
                   required:
                     - active
                 consumer:
-                  description: >-
-                    The name of the application or feature that owns the rule.
-                    For example: `alerts`, `apm`, `discover`, `infrastructure`,
-                    `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`,
-                    `siem`, `stackAlerts`, or `uptime`.
+                  description: 'The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.'
                   type: string
                 enabled:
                   default: true
-                  description: >-
-                    Indicates whether you want to run the rule on an interval
-                    basis after it is created.
+                  description: Indicates whether you want to run the rule on an interval basis after it is created.
                   type: boolean
                 flapping:
                   additionalProperties: false
@@ -1606,49 +1615,26 @@ paths:
                     - look_back_window
                     - status_change_threshold
                 name:
-                  description: >-
-                    The name of the rule. While this name does not have to be
-                    unique, a distinctive name can help you identify a rule.
+                  description: The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule.
                   type: string
                 notify_when:
-                  description: >-
-                    Indicates how often alerts generate actions. Valid values
-                    include: `onActionGroupChange`: Actions run when the alert
-                    status changes; `onActiveAlert`: Actions run when the alert
-                    becomes active and at each check interval while the rule
-                    conditions are met; `onThrottleInterval`: Actions run when
-                    the alert becomes active and at the interval specified in
-                    the throttle property while the rule conditions are met.
-                    NOTE: You cannot specify `notify_when` at both the rule and
-                    action level. The recommended method is to set it for each
-                    action. If you set it at the rule level then update the rule
-                    in Kibana, it is automatically changed to use
-                    action-specific values.
+                  description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.'
                   enum:
                     - onActionGroupChange
                     - onActiveAlert
                     - onThrottleInterval
                   nullable: true
                   type: string
-                params:
-                  additionalProperties: {}
-                  default: {}
-                  description: The parameters for the rule.
-                  type: object
                 rule_type_id:
                   description: The rule type identifier.
                   type: string
                 schedule:
                   additionalProperties: false
-                  description: >-
-                    The check interval, which specifies how frequently the rule
-                    conditions are checked.
+                  description: The check interval, which specifies how frequently the rule conditions are checked.
                   type: object
                   properties:
                     interval:
-                      description: >-
-                        The interval is specified in seconds, minutes, hours, or
-                        days.
+                      description: The interval is specified in seconds, minutes, hours, or days.
                       type: string
                   required:
                     - interval
@@ -1659,20 +1645,44 @@ paths:
                     type: string
                   type: array
                 throttle:
-                  description: >-
-                    Use the `throttle` property in the action `frequency` object
-                    instead. The throttle interval, which defines how often an
-                    alert generates repeated actions. NOTE: You cannot specify
-                    the throttle interval at both the rule and action level. If
-                    you set it at the rule level then update the rule in Kibana,
-                    it is automatically changed to use action-specific values.
+                  description: 'Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.'
                   nullable: true
                   type: string
+                params:
+                  additionalProperties: {}
+                  default: {}
+                  description: The parameters for the rule.
+                  anyOf:
+                    - $ref: '#/components/schemas/params_property_apm_anomaly'
+                    - $ref: '#/components/schemas/params_property_apm_error_count'
+                    - $ref: '#/components/schemas/params_property_apm_transaction_duration'
+                    - $ref: '#/components/schemas/params_property_apm_transaction_error_rate'
+                    - $ref: '#/components/schemas/params_es_query_dsl_rule'
+                    - $ref: '#/components/schemas/params_es_query_esql_rule'
+                    - $ref: '#/components/schemas/params_es_query_kql_rule'
+                    - $ref: '#/components/schemas/params_index_threshold_rule'
+                    - $ref: '#/components/schemas/params_property_infra_inventory'
+                    - $ref: '#/components/schemas/params_property_log_threshold'
+                    - $ref: '#/components/schemas/params_property_infra_metric_threshold'
+                    - $ref: '#/components/schemas/params_property_slo_burn_rate'
+                    - $ref: '#/components/schemas/params_property_synthetics_uptime_tls'
+                    - $ref: '#/components/schemas/params_property_synthetics_monitor_status'
               required:
                 - name
                 - rule_type_id
                 - consumer
                 - schedule
+            examples:
+              createEsQueryEsqlRuleRequest:
+                $ref: '#/components/examples/create_es_query_esql_rule_request'
+              createEsQueryRuleRequest:
+                $ref: '#/components/examples/create_es_query_rule_request'
+              createEsQueryKqlRuleRequest:
+                $ref: '#/components/examples/create_es_query_kql_rule_request'
+              createIndexThresholdRuleRequest:
+                $ref: '#/components/examples/create_index_threshold_rule_request'
+              createTrackingContainmentRuleRequest:
+                $ref: '#/components/examples/create_tracking_containment_rule_request'
       responses:
         '200':
           content:
@@ -1688,9 +1698,7 @@ paths:
                       properties:
                         alerts_filter:
                           additionalProperties: false
-                          description: >-
-                            Defines a period that limits whether the action
-                            runs.
+                          description: Defines a period that limits whether the action runs.
                           type: object
                           properties:
                             query:
@@ -1698,15 +1706,10 @@ paths:
                               type: object
                               properties:
                                 dsl:
-                                  description: >-
-                                    A filter written in Elasticsearch Query
-                                    Domain Specific Language (DSL).
+                                  description: A filter written in Elasticsearch Query Domain Specific Language (DSL).
                                   type: string
                                 filters:
-                                  description: >-
-                                    A filter written in Elasticsearch Query
-                                    Domain Specific Language (DSL) as defined in
-                                    the `kbn-es-query` package.
+                                  description: A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package.
                                   items:
                                     additionalProperties: false
                                     type: object
@@ -1716,9 +1719,7 @@ paths:
                                         type: object
                                         properties:
                                           store:
-                                            description: >-
-                                              A filter can be either specific to an
-                                              application context or applied globally.
+                                            description: A filter can be either specific to an application context or applied globally.
                                             enum:
                                               - appState
                                               - globalState
@@ -1735,9 +1736,7 @@ paths:
                                       - meta
                                   type: array
                                 kql:
-                                  description: >-
-                                    A filter written in Kibana Query Language
-                                    (KQL).
+                                  description: A filter written in Kibana Query Language (KQL).
                                   type: string
                               required:
                                 - kql
@@ -1747,12 +1746,7 @@ paths:
                               type: object
                               properties:
                                 days:
-                                  description: >-
-                                    Defines the days of the week that the action
-                                    can run, represented as an array of numbers.
-                                    For example, `1` represents Monday. An empty
-                                    array is equivalent to specifying all the
-                                    days of the week.
+                                  description: Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week.
                                   items:
                                     enum:
                                       - 1
@@ -1769,55 +1763,30 @@ paths:
                                   type: object
                                   properties:
                                     end:
-                                      description: >-
-                                        The end of the time frame in 24-hour
-                                        notation (`hh:mm`).
+                                      description: The end of the time frame in 24-hour notation (`hh:mm`).
                                       type: string
                                     start:
-                                      description: >-
-                                        The start of the time frame in 24-hour
-                                        notation (`hh:mm`).
+                                      description: The start of the time frame in 24-hour notation (`hh:mm`).
                                       type: string
                                   required:
                                     - start
                                     - end
                                 timezone:
-                                  description: >-
-                                    The ISO time zone for the `hours` values.
-                                    Values such as `UTC` and `UTC+1` also work
-                                    but lack built-in daylight savings time
-                                    support and are not recommended.
+                                  description: The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended.
                                   type: string
                               required:
                                 - days
                                 - hours
                                 - timezone
                         connector_type_id:
-                          description: >-
-                            The type of connector. This property appears in
-                            responses but cannot be set in requests.
+                          description: The type of connector. This property appears in responses but cannot be set in requests.
                           type: string
                         frequency:
                           additionalProperties: false
                           type: object
                           properties:
                             notify_when:
-                              description: >-
-                                Indicates how often alerts generate actions.
-                                Valid values include: `onActionGroupChange`:
-                                Actions run when the alert status changes;
-                                `onActiveAlert`: Actions run when the alert
-                                becomes active and at each check interval while
-                                the rule conditions are met;
-                                `onThrottleInterval`: Actions run when the alert
-                                becomes active and at the interval specified in
-                                the throttle property while the rule conditions
-                                are met. NOTE: You cannot specify `notify_when`
-                                at both the rule and action level. The
-                                recommended method is to set it for each action.
-                                If you set it at the rule level then update the
-                                rule in Kibana, it is automatically changed to
-                                use action-specific values.
+                              description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.'
                               enum:
                                 - onActionGroupChange
                                 - onActiveAlert
@@ -1827,18 +1796,7 @@ paths:
                               description: Indicates whether the action is a summary.
                               type: boolean
                             throttle:
-                              description: >-
-                                The throttle interval, which defines how often
-                                an alert generates repeated actions. It is
-                                specified in seconds, minutes, hours, or days
-                                and is applicable only if 'notify_when' is set
-                                to 'onThrottleInterval'. NOTE: You cannot
-                                specify the throttle interval at both the rule
-                                and action level. The recommended method is to
-                                set it for each action. If you set it at the
-                                rule level then update the rule in Kibana, it is
-                                automatically changed to use action-specific
-                                values.
+                              description: 'The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if ''notify_when'' is set to ''onThrottleInterval''. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.'
                               nullable: true
                               type: string
                           required:
@@ -1846,30 +1804,20 @@ paths:
                             - notify_when
                             - throttle
                         group:
-                          description: >-
-                            The group name, which affects when the action runs
-                            (for example, when the threshold is met or when the
-                            alert is recovered). Each rule type has a list of
-                            valid action group names. If you don't need to group
-                            actions, set to `default`.
+                          description: The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`.
                           type: string
                         id:
                           description: The identifier for the connector saved object.
                           type: string
                         params:
                           additionalProperties: {}
-                          description: >-
-                            The parameters for the action, which are sent to the
-                            connector. The `params` are handled as Mustache
-                            templates and passed a default set of context.
+                          description: The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context.
                           type: object
                         use_alert_data_for_template:
                           description: Indicates whether to use alert data as a template.
                           type: boolean
                         uuid:
-                          description: >-
-                            A universally unique identifier (UUID) for the
-                            action.
+                          description: A universally unique identifier (UUID) for the action.
                           type: string
                       required:
                         - id
@@ -1883,36 +1831,24 @@ paths:
                     type: array
                   alert_delay:
                     additionalProperties: false
-                    description: >-
-                      Indicates that an alert occurs only when the specified
-                      number of consecutive runs met the rule conditions.
+                    description: Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions.
                     type: object
                     properties:
                       active:
-                        description: >-
-                          The number of consecutive runs that must meet the rule
-                          conditions.
+                        description: The number of consecutive runs that must meet the rule conditions.
                         type: number
                     required:
                       - active
                   api_key_created_by_user:
-                    description: >-
-                      Indicates whether the API key that is associated with the
-                      rule was created by the user.
+                    description: Indicates whether the API key that is associated with the rule was created by the user.
                     nullable: true
                     type: boolean
                   api_key_owner:
-                    description: >-
-                      The owner of the API key that is associated with the rule
-                      and used to run background tasks.
+                    description: The owner of the API key that is associated with the rule and used to run background tasks.
                     nullable: true
                     type: string
                   consumer:
-                    description: >-
-                      The name of the application or feature that owns the rule.
-                      For example: `alerts`, `apm`, `discover`,
-                      `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`,
-                      `securitySolution`, `siem`, `stackAlerts`, or `uptime`.
+                    description: 'The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.'
                     type: string
                   created_at:
                     description: The date and time that the rule was created.
@@ -1922,9 +1858,7 @@ paths:
                     nullable: true
                     type: string
                   enabled:
-                    description: >-
-                      Indicates whether you want to run the rule on an interval
-                      basis after it is created.
+                    description: Indicates whether you want to run the rule on an interval basis after it is created.
                     type: boolean
                   execution_status:
                     additionalProperties: false
@@ -2038,9 +1972,7 @@ paths:
                             nullable: true
                             type: number
                       outcome:
-                        description: >-
-                          Outcome of last run of the rule. Value could be
-                          succeeded, warning or failed.
+                        description: Outcome of last run of the rule. Value could be succeeded, warning or failed.
                         enum:
                           - succeeded
                           - warning
@@ -2090,9 +2022,7 @@ paths:
                         properties:
                           calculated_metrics:
                             additionalProperties: false
-                            description: >-
-                              Calculation of different percentiles and success
-                              ratio.
+                            description: Calculation of different percentiles and success ratio.
                             type: object
                             properties:
                               p50:
@@ -2115,18 +2045,14 @@ paths:
                                   description: Duration of the rule run.
                                   type: number
                                 outcome:
-                                  description: >-
-                                    Outcome of last run of the rule. Value could
-                                    be succeeded, warning or failed.
+                                  description: Outcome of last run of the rule. Value could be succeeded, warning or failed.
                                   enum:
                                     - succeeded
                                     - warning
                                     - failed
                                   type: string
                                 success:
-                                  description: >-
-                                    Indicates whether the rule run was
-                                    successful.
+                                  description: Indicates whether the rule run was successful.
                                   type: boolean
                                 timestamp:
                                   description: Time of rule run.
@@ -2151,29 +2077,19 @@ paths:
                                     nullable: true
                                     type: number
                                   total_alerts_created:
-                                    description: >-
-                                      Total number of alerts created during last
-                                      rule run.
+                                    description: Total number of alerts created during last rule run.
                                     nullable: true
                                     type: number
                                   total_alerts_detected:
-                                    description: >-
-                                      Total number of alerts detected during
-                                      last rule run.
+                                    description: Total number of alerts detected during last rule run.
                                     nullable: true
                                     type: number
                                   total_indexing_duration_ms:
-                                    description: >-
-                                      Total time spent indexing documents during
-                                      last rule run in milliseconds.
+                                    description: Total time spent indexing documents during last rule run in milliseconds.
                                     nullable: true
                                     type: number
                                   total_search_duration_ms:
-                                    description: >-
-                                      Total time spent performing Elasticsearch
-                                      searches as measured by Kibana; includes
-                                      network latency and time spent serializing
-                                      or deserializing the request and response.
+                                    description: Total time spent performing Elasticsearch searches as measured by Kibana; includes network latency and time spent serializing or deserializing the request and response.
                                     nullable: true
                                     type: number
                               timestamp:
@@ -2204,19 +2120,7 @@ paths:
                     nullable: true
                     type: string
                   notify_when:
-                    description: >-
-                      Indicates how often alerts generate actions. Valid values
-                      include: `onActionGroupChange`: Actions run when the alert
-                      status changes; `onActiveAlert`: Actions run when the
-                      alert becomes active and at each check interval while the
-                      rule conditions are met; `onThrottleInterval`: Actions run
-                      when the alert becomes active and at the interval
-                      specified in the throttle property while the rule
-                      conditions are met. NOTE: You cannot specify `notify_when`
-                      at both the rule and action level. The recommended method
-                      is to set it for each action. If you set it at the rule
-                      level then update the rule in Kibana, it is automatically
-                      changed to use action-specific values.
+                    description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.'
                     enum:
                       - onActionGroupChange
                       - onActiveAlert
@@ -2242,9 +2146,7 @@ paths:
                     type: object
                     properties:
                       interval:
-                        description: >-
-                          The interval is specified in seconds, minutes, hours,
-                          or days.
+                        description: The interval is specified in seconds, minutes, hours, or days.
                         type: string
                     required:
                       - interval
@@ -2280,9 +2182,7 @@ paths:
                               type: array
                             bymonth:
                               items:
-                                description: >-
-                                  Indicates months of the year that this rule
-                                  should recur.
+                                description: Indicates months of the year that this rule should recur.
                                 type: number
                               nullable: true
                               type: array
@@ -2300,12 +2200,7 @@ paths:
                               type: array
                             bysetpos:
                               items:
-                                description: >-
-                                  A positive or negative integer affecting the
-                                  nth day of the month. For example, -2 combined
-                                  with `byweekday` of FR is 2nd to last Friday
-                                  of the month. It is recommended to not set
-                                  this manually and just use `byweekday`.
+                                description: A positive or negative integer affecting the nth day of the month. For example, -2 combined with `byweekday` of FR is 2nd to last Friday of the month. It is recommended to not set this manually and just use `byweekday`.
                                 type: number
                               nullable: true
                               type: array
@@ -2314,13 +2209,7 @@ paths:
                                 anyOf:
                                   - type: string
                                   - type: number
-                                description: >-
-                                  Indicates the days of the week to recur or
-                                  else nth-day-of-month strings. For example,
-                                  "+2TU" second Tuesday of month, "-1FR" last
-                                  Friday of the month, which are internally
-                                  converted to a `byweekday/bysetpos`
-                                  combination.
+                                description: Indicates the days of the week to recur or else nth-day-of-month strings. For example, "+2TU" second Tuesday of month, "-1FR" last Friday of the month, which are internally converted to a `byweekday/bysetpos` combination.
                               nullable: true
                               type: array
                             byweekno:
@@ -2331,26 +2220,18 @@ paths:
                               type: array
                             byyearday:
                               items:
-                                description: >-
-                                  Indicates the days of the year that this rule
-                                  should recur.
+                                description: Indicates the days of the year that this rule should recur.
                                 type: number
                               nullable: true
                               type: array
                             count:
-                              description: >-
-                                Number of times the rule should recur until it
-                                stops.
+                              description: Number of times the rule should recur until it stops.
                               type: number
                             dtstart:
-                              description: >-
-                                Rule start date in Coordinated Universal Time
-                                (UTC).
+                              description: Rule start date in Coordinated Universal Time (UTC).
                               type: string
                             freq:
-                              description: >-
-                                Indicates frequency of the rule. Options are
-                                YEARLY, MONTHLY, WEEKLY, DAILY.
+                              description: Indicates frequency of the rule. Options are YEARLY, MONTHLY, WEEKLY, DAILY.
                               enum:
                                 - 0
                                 - 1
@@ -2361,10 +2242,7 @@ paths:
                                 - 6
                               type: integer
                             interval:
-                              description: >-
-                                Indicates the interval of frequency. For
-                                example, 1 and YEARLY is every 1 year, 2 and
-                                WEEKLY is every 2 weeks.
+                              description: Indicates the interval of frequency. For example, 1 and YEARLY is every 1 year, 2 and WEEKLY is every 2 weeks.
                               type: number
                             tzid:
                               description: Indicates timezone abbreviation.
@@ -2402,23 +2280,14 @@ paths:
                     type: array
                   throttle:
                     deprecated: true
-                    description: >-
-                      Deprecated in 8.13.0. Use the `throttle` property in the
-                      action `frequency` object instead. The throttle interval,
-                      which defines how often an alert generates repeated
-                      actions. NOTE: You cannot specify the throttle interval at
-                      both the rule and action level. If you set it at the rule
-                      level then update the rule in Kibana, it is automatically
-                      changed to use action-specific values.
+                    description: 'Deprecated in 8.13.0. Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.'
                     nullable: true
                     type: string
                   updated_at:
                     description: The date and time that the rule was updated most recently.
                     type: string
                   updated_by:
-                    description: >-
-                      The identifier for the user that updated this rule most
-                      recently.
+                    description: The identifier for the user that updated this rule most recently.
                     nullable: true
                     type: string
                   view_in_app_relative_url:
@@ -2444,6 +2313,17 @@ paths:
                   - muted_alert_ids
                   - execution_status
                   - revision
+              examples:
+                createEsQueryEsqlRuleResponse:
+                  $ref: '#/components/examples/create_es_query_esql_rule_response'
+                createEsQueryRuleResponse:
+                  $ref: '#/components/examples/create_es_query_rule_response'
+                createEsQueryKqlRuleResponse:
+                  $ref: '#/components/examples/create_es_query_kql_rule_response'
+                createIndexThresholdRuleResponse:
+                  $ref: '#/components/examples/create_index_threshold_rule_response'
+                createTrackingContainmentRuleResponse:
+                  $ref: '#/components/examples/create_tracking_containment_rule_response'
           description: Indicates a successful call.
         '400':
           description: Indicates an invalid schema or parameters.
@@ -2454,6 +2334,7 @@ paths:
       summary: Create a rule
       tags:
         - alerting
+      x-beta: true
     put:
       operationId: put-alerting-rule-id
       parameters:
@@ -2501,15 +2382,10 @@ paths:
                             type: object
                             properties:
                               dsl:
-                                description: >-
-                                  A filter written in Elasticsearch Query Domain
-                                  Specific Language (DSL).
+                                description: A filter written in Elasticsearch Query Domain Specific Language (DSL).
                                 type: string
                               filters:
-                                description: >-
-                                  A filter written in Elasticsearch Query Domain
-                                  Specific Language (DSL) as defined in the
-                                  `kbn-es-query` package.
+                                description: A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package.
                                 items:
                                   additionalProperties: false
                                   type: object
@@ -2519,9 +2395,7 @@ paths:
                                       type: object
                                       properties:
                                         store:
-                                          description: >-
-                                            A filter can be either specific to an
-                                            application context or applied globally.
+                                          description: A filter can be either specific to an application context or applied globally.
                                           enum:
                                             - appState
                                             - globalState
@@ -2538,27 +2412,18 @@ paths:
                                     - meta
                                 type: array
                               kql:
-                                description: >-
-                                  A filter written in Kibana Query Language
-                                  (KQL).
+                                description: A filter written in Kibana Query Language (KQL).
                                 type: string
                             required:
                               - kql
                               - filters
                           timeframe:
                             additionalProperties: false
-                            description: >-
-                              Defines a period that limits whether the action
-                              runs.
+                            description: Defines a period that limits whether the action runs.
                             type: object
                             properties:
                               days:
-                                description: >-
-                                  Defines the days of the week that the action
-                                  can run, represented as an array of numbers.
-                                  For example, `1` represents Monday. An empty
-                                  array is equivalent to specifying all the days
-                                  of the week.
+                                description: Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week.
                                 items:
                                   enum:
                                     - 1
@@ -2572,32 +2437,20 @@ paths:
                                 type: array
                               hours:
                                 additionalProperties: false
-                                description: >-
-                                  Defines the range of time in a day that the
-                                  action can run. If the `start` value is
-                                  `00:00` and the `end` value is `24:00`,
-                                  actions be generated all day.
+                                description: Defines the range of time in a day that the action can run. If the `start` value is `00:00` and the `end` value is `24:00`, actions be generated all day.
                                 type: object
                                 properties:
                                   end:
-                                    description: >-
-                                      The end of the time frame in 24-hour
-                                      notation (`hh:mm`).
+                                    description: The end of the time frame in 24-hour notation (`hh:mm`).
                                     type: string
                                   start:
-                                    description: >-
-                                      The start of the time frame in 24-hour
-                                      notation (`hh:mm`).
+                                    description: The start of the time frame in 24-hour notation (`hh:mm`).
                                     type: string
                                 required:
                                   - start
                                   - end
                               timezone:
-                                description: >-
-                                  The ISO time zone for the `hours` values.
-                                  Values such as `UTC` and `UTC+1` also work but
-                                  lack built-in daylight savings time support
-                                  and are not recommended.
+                                description: The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended.
                                 type: string
                             required:
                               - days
@@ -2608,21 +2461,7 @@ paths:
                         type: object
                         properties:
                           notify_when:
-                            description: >-
-                              Indicates how often alerts generate actions. Valid
-                              values include: `onActionGroupChange`: Actions run
-                              when the alert status changes; `onActiveAlert`:
-                              Actions run when the alert becomes active and at
-                              each check interval while the rule conditions are
-                              met; `onThrottleInterval`: Actions run when the
-                              alert becomes active and at the interval specified
-                              in the throttle property while the rule conditions
-                              are met. NOTE: You cannot specify `notify_when` at
-                              both the rule and action level. The recommended
-                              method is to set it for each action. If you set it
-                              at the rule level then update the rule in Kibana,
-                              it is automatically changed to use action-specific
-                              values.
+                            description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.'
                             enum:
                               - onActionGroupChange
                               - onActiveAlert
@@ -2632,17 +2471,7 @@ paths:
                             description: Indicates whether the action is a summary.
                             type: boolean
                           throttle:
-                            description: >-
-                              The throttle interval, which defines how often an
-                              alert generates repeated actions. It is specified
-                              in seconds, minutes, hours, or days and is
-                              applicable only if `notify_when` is set to
-                              `onThrottleInterval`. NOTE: You cannot specify the
-                              throttle interval at both the rule and action
-                              level. The recommended method is to set it for
-                              each action. If you set it at the rule level then
-                              update the rule in Kibana, it is automatically
-                              changed to use action-specific values.
+                            description: 'The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if `notify_when` is set to `onThrottleInterval`. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.'
                             nullable: true
                             type: string
                         required:
@@ -2650,12 +2479,7 @@ paths:
                           - notify_when
                           - throttle
                       group:
-                        description: >-
-                          The group name, which affects when the action runs
-                          (for example, when the threshold is met or when the
-                          alert is recovered). Each rule type has a list of
-                          valid action group names. If you don't need to group
-                          actions, set to `default`.
+                        description: The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`.
                         type: string
                       id:
                         description: The identifier for the connector saved object.
@@ -2663,10 +2487,7 @@ paths:
                       params:
                         additionalProperties: {}
                         default: {}
-                        description: >-
-                          The parameters for the action, which are sent to the
-                          connector. The `params` are handled as Mustache
-                          templates and passed a default set of context.
+                        description: The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context.
                         type: object
                       use_alert_data_for_template:
                         description: Indicates whether to use alert data as a template.
@@ -2679,15 +2500,11 @@ paths:
                   type: array
                 alert_delay:
                   additionalProperties: false
-                  description: >-
-                    Indicates that an alert occurs only when the specified
-                    number of consecutive runs met the rule conditions.
+                  description: Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions.
                   type: object
                   properties:
                     active:
-                      description: >-
-                        The number of consecutive runs that must meet the rule
-                        conditions.
+                      description: The number of consecutive runs that must meet the rule conditions.
                       type: number
                   required:
                     - active
@@ -2708,24 +2525,10 @@ paths:
                     - look_back_window
                     - status_change_threshold
                 name:
-                  description: >-
-                    The name of the rule. While this name does not have to be
-                    unique, a distinctive name can help you identify a rule.
+                  description: The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule.
                   type: string
                 notify_when:
-                  description: >-
-                    Indicates how often alerts generate actions. Valid values
-                    include: `onActionGroupChange`: Actions run when the alert
-                    status changes; `onActiveAlert`: Actions run when the alert
-                    becomes active and at each check interval while the rule
-                    conditions are met; `onThrottleInterval`: Actions run when
-                    the alert becomes active and at the interval specified in
-                    the throttle property while the rule conditions are met.
-                    NOTE: You cannot specify `notify_when` at both the rule and
-                    action level. The recommended method is to set it for each
-                    action. If you set it at the rule level then update the rule
-                    in Kibana, it is automatically changed to use
-                    action-specific values.
+                  description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.'
                   enum:
                     - onActionGroupChange
                     - onActiveAlert
@@ -2742,9 +2545,7 @@ paths:
                   type: object
                   properties:
                     interval:
-                      description: >-
-                        The interval is specified in seconds, minutes, hours, or
-                        days.
+                      description: The interval is specified in seconds, minutes, hours, or days.
                       type: string
                   required:
                     - interval
@@ -2755,18 +2556,15 @@ paths:
                     type: string
                   type: array
                 throttle:
-                  description: >-
-                    Use the `throttle` property in the action `frequency` object
-                    instead. The throttle interval, which defines how often an
-                    alert generates repeated actions. NOTE: You cannot specify
-                    the throttle interval at both the rule and action level. If
-                    you set it at the rule level then update the rule in Kibana,
-                    it is automatically changed to use action-specific values.
+                  description: 'Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.'
                   nullable: true
                   type: string
               required:
                 - name
                 - schedule
+            examples:
+              updateRuleRequest:
+                $ref: '#/components/examples/update_rule_request'
       responses:
         '200':
           content:
@@ -2782,9 +2580,7 @@ paths:
                       properties:
                         alerts_filter:
                           additionalProperties: false
-                          description: >-
-                            Defines a period that limits whether the action
-                            runs.
+                          description: Defines a period that limits whether the action runs.
                           type: object
                           properties:
                             query:
@@ -2792,15 +2588,10 @@ paths:
                               type: object
                               properties:
                                 dsl:
-                                  description: >-
-                                    A filter written in Elasticsearch Query
-                                    Domain Specific Language (DSL).
+                                  description: A filter written in Elasticsearch Query Domain Specific Language (DSL).
                                   type: string
                                 filters:
-                                  description: >-
-                                    A filter written in Elasticsearch Query
-                                    Domain Specific Language (DSL) as defined in
-                                    the `kbn-es-query` package.
+                                  description: A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package.
                                   items:
                                     additionalProperties: false
                                     type: object
@@ -2810,9 +2601,7 @@ paths:
                                         type: object
                                         properties:
                                           store:
-                                            description: >-
-                                              A filter can be either specific to an
-                                              application context or applied globally.
+                                            description: A filter can be either specific to an application context or applied globally.
                                             enum:
                                               - appState
                                               - globalState
@@ -2829,9 +2618,7 @@ paths:
                                       - meta
                                   type: array
                                 kql:
-                                  description: >-
-                                    A filter written in Kibana Query Language
-                                    (KQL).
+                                  description: A filter written in Kibana Query Language (KQL).
                                   type: string
                               required:
                                 - kql
@@ -2841,12 +2628,7 @@ paths:
                               type: object
                               properties:
                                 days:
-                                  description: >-
-                                    Defines the days of the week that the action
-                                    can run, represented as an array of numbers.
-                                    For example, `1` represents Monday. An empty
-                                    array is equivalent to specifying all the
-                                    days of the week.
+                                  description: Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week.
                                   items:
                                     enum:
                                       - 1
@@ -2863,55 +2645,30 @@ paths:
                                   type: object
                                   properties:
                                     end:
-                                      description: >-
-                                        The end of the time frame in 24-hour
-                                        notation (`hh:mm`).
+                                      description: The end of the time frame in 24-hour notation (`hh:mm`).
                                       type: string
                                     start:
-                                      description: >-
-                                        The start of the time frame in 24-hour
-                                        notation (`hh:mm`).
+                                      description: The start of the time frame in 24-hour notation (`hh:mm`).
                                       type: string
                                   required:
                                     - start
                                     - end
                                 timezone:
-                                  description: >-
-                                    The ISO time zone for the `hours` values.
-                                    Values such as `UTC` and `UTC+1` also work
-                                    but lack built-in daylight savings time
-                                    support and are not recommended.
+                                  description: The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended.
                                   type: string
                               required:
                                 - days
                                 - hours
                                 - timezone
                         connector_type_id:
-                          description: >-
-                            The type of connector. This property appears in
-                            responses but cannot be set in requests.
+                          description: The type of connector. This property appears in responses but cannot be set in requests.
                           type: string
                         frequency:
                           additionalProperties: false
                           type: object
                           properties:
                             notify_when:
-                              description: >-
-                                Indicates how often alerts generate actions.
-                                Valid values include: `onActionGroupChange`:
-                                Actions run when the alert status changes;
-                                `onActiveAlert`: Actions run when the alert
-                                becomes active and at each check interval while
-                                the rule conditions are met;
-                                `onThrottleInterval`: Actions run when the alert
-                                becomes active and at the interval specified in
-                                the throttle property while the rule conditions
-                                are met. NOTE: You cannot specify `notify_when`
-                                at both the rule and action level. The
-                                recommended method is to set it for each action.
-                                If you set it at the rule level then update the
-                                rule in Kibana, it is automatically changed to
-                                use action-specific values.
+                              description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.'
                               enum:
                                 - onActionGroupChange
                                 - onActiveAlert
@@ -2921,18 +2678,7 @@ paths:
                               description: Indicates whether the action is a summary.
                               type: boolean
                             throttle:
-                              description: >-
-                                The throttle interval, which defines how often
-                                an alert generates repeated actions. It is
-                                specified in seconds, minutes, hours, or days
-                                and is applicable only if 'notify_when' is set
-                                to 'onThrottleInterval'. NOTE: You cannot
-                                specify the throttle interval at both the rule
-                                and action level. The recommended method is to
-                                set it for each action. If you set it at the
-                                rule level then update the rule in Kibana, it is
-                                automatically changed to use action-specific
-                                values.
+                              description: 'The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if ''notify_when'' is set to ''onThrottleInterval''. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.'
                               nullable: true
                               type: string
                           required:
@@ -2940,30 +2686,20 @@ paths:
                             - notify_when
                             - throttle
                         group:
-                          description: >-
-                            The group name, which affects when the action runs
-                            (for example, when the threshold is met or when the
-                            alert is recovered). Each rule type has a list of
-                            valid action group names. If you don't need to group
-                            actions, set to `default`.
+                          description: The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`.
                           type: string
                         id:
                           description: The identifier for the connector saved object.
                           type: string
                         params:
                           additionalProperties: {}
-                          description: >-
-                            The parameters for the action, which are sent to the
-                            connector. The `params` are handled as Mustache
-                            templates and passed a default set of context.
+                          description: The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context.
                           type: object
                         use_alert_data_for_template:
                           description: Indicates whether to use alert data as a template.
                           type: boolean
                         uuid:
-                          description: >-
-                            A universally unique identifier (UUID) for the
-                            action.
+                          description: A universally unique identifier (UUID) for the action.
                           type: string
                       required:
                         - id
@@ -2977,36 +2713,24 @@ paths:
                     type: array
                   alert_delay:
                     additionalProperties: false
-                    description: >-
-                      Indicates that an alert occurs only when the specified
-                      number of consecutive runs met the rule conditions.
+                    description: Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions.
                     type: object
                     properties:
                       active:
-                        description: >-
-                          The number of consecutive runs that must meet the rule
-                          conditions.
+                        description: The number of consecutive runs that must meet the rule conditions.
                         type: number
                     required:
                       - active
                   api_key_created_by_user:
-                    description: >-
-                      Indicates whether the API key that is associated with the
-                      rule was created by the user.
+                    description: Indicates whether the API key that is associated with the rule was created by the user.
                     nullable: true
                     type: boolean
                   api_key_owner:
-                    description: >-
-                      The owner of the API key that is associated with the rule
-                      and used to run background tasks.
+                    description: The owner of the API key that is associated with the rule and used to run background tasks.
                     nullable: true
                     type: string
                   consumer:
-                    description: >-
-                      The name of the application or feature that owns the rule.
-                      For example: `alerts`, `apm`, `discover`,
-                      `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`,
-                      `securitySolution`, `siem`, `stackAlerts`, or `uptime`.
+                    description: 'The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.'
                     type: string
                   created_at:
                     description: The date and time that the rule was created.
@@ -3016,9 +2740,7 @@ paths:
                     nullable: true
                     type: string
                   enabled:
-                    description: >-
-                      Indicates whether you want to run the rule on an interval
-                      basis after it is created.
+                    description: Indicates whether you want to run the rule on an interval basis after it is created.
                     type: boolean
                   execution_status:
                     additionalProperties: false
@@ -3132,9 +2854,7 @@ paths:
                             nullable: true
                             type: number
                       outcome:
-                        description: >-
-                          Outcome of last run of the rule. Value could be
-                          succeeded, warning or failed.
+                        description: Outcome of last run of the rule. Value could be succeeded, warning or failed.
                         enum:
                           - succeeded
                           - warning
@@ -3184,9 +2904,7 @@ paths:
                         properties:
                           calculated_metrics:
                             additionalProperties: false
-                            description: >-
-                              Calculation of different percentiles and success
-                              ratio.
+                            description: Calculation of different percentiles and success ratio.
                             type: object
                             properties:
                               p50:
@@ -3209,18 +2927,14 @@ paths:
                                   description: Duration of the rule run.
                                   type: number
                                 outcome:
-                                  description: >-
-                                    Outcome of last run of the rule. Value could
-                                    be succeeded, warning or failed.
+                                  description: Outcome of last run of the rule. Value could be succeeded, warning or failed.
                                   enum:
                                     - succeeded
                                     - warning
                                     - failed
                                   type: string
                                 success:
-                                  description: >-
-                                    Indicates whether the rule run was
-                                    successful.
+                                  description: Indicates whether the rule run was successful.
                                   type: boolean
                                 timestamp:
                                   description: Time of rule run.
@@ -3245,29 +2959,19 @@ paths:
                                     nullable: true
                                     type: number
                                   total_alerts_created:
-                                    description: >-
-                                      Total number of alerts created during last
-                                      rule run.
+                                    description: Total number of alerts created during last rule run.
                                     nullable: true
                                     type: number
                                   total_alerts_detected:
-                                    description: >-
-                                      Total number of alerts detected during
-                                      last rule run.
+                                    description: Total number of alerts detected during last rule run.
                                     nullable: true
                                     type: number
                                   total_indexing_duration_ms:
-                                    description: >-
-                                      Total time spent indexing documents during
-                                      last rule run in milliseconds.
+                                    description: Total time spent indexing documents during last rule run in milliseconds.
                                     nullable: true
                                     type: number
                                   total_search_duration_ms:
-                                    description: >-
-                                      Total time spent performing Elasticsearch
-                                      searches as measured by Kibana; includes
-                                      network latency and time spent serializing
-                                      or deserializing the request and response.
+                                    description: Total time spent performing Elasticsearch searches as measured by Kibana; includes network latency and time spent serializing or deserializing the request and response.
                                     nullable: true
                                     type: number
                               timestamp:
@@ -3298,19 +3002,7 @@ paths:
                     nullable: true
                     type: string
                   notify_when:
-                    description: >-
-                      Indicates how often alerts generate actions. Valid values
-                      include: `onActionGroupChange`: Actions run when the alert
-                      status changes; `onActiveAlert`: Actions run when the
-                      alert becomes active and at each check interval while the
-                      rule conditions are met; `onThrottleInterval`: Actions run
-                      when the alert becomes active and at the interval
-                      specified in the throttle property while the rule
-                      conditions are met. NOTE: You cannot specify `notify_when`
-                      at both the rule and action level. The recommended method
-                      is to set it for each action. If you set it at the rule
-                      level then update the rule in Kibana, it is automatically
-                      changed to use action-specific values.
+                    description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.'
                     enum:
                       - onActionGroupChange
                       - onActiveAlert
@@ -3336,9 +3028,7 @@ paths:
                     type: object
                     properties:
                       interval:
-                        description: >-
-                          The interval is specified in seconds, minutes, hours,
-                          or days.
+                        description: The interval is specified in seconds, minutes, hours, or days.
                         type: string
                     required:
                       - interval
@@ -3374,9 +3064,7 @@ paths:
                               type: array
                             bymonth:
                               items:
-                                description: >-
-                                  Indicates months of the year that this rule
-                                  should recur.
+                                description: Indicates months of the year that this rule should recur.
                                 type: number
                               nullable: true
                               type: array
@@ -3394,12 +3082,7 @@ paths:
                               type: array
                             bysetpos:
                               items:
-                                description: >-
-                                  A positive or negative integer affecting the
-                                  nth day of the month. For example, -2 combined
-                                  with `byweekday` of FR is 2nd to last Friday
-                                  of the month. It is recommended to not set
-                                  this manually and just use `byweekday`.
+                                description: A positive or negative integer affecting the nth day of the month. For example, -2 combined with `byweekday` of FR is 2nd to last Friday of the month. It is recommended to not set this manually and just use `byweekday`.
                                 type: number
                               nullable: true
                               type: array
@@ -3408,13 +3091,7 @@ paths:
                                 anyOf:
                                   - type: string
                                   - type: number
-                                description: >-
-                                  Indicates the days of the week to recur or
-                                  else nth-day-of-month strings. For example,
-                                  "+2TU" second Tuesday of month, "-1FR" last
-                                  Friday of the month, which are internally
-                                  converted to a `byweekday/bysetpos`
-                                  combination.
+                                description: Indicates the days of the week to recur or else nth-day-of-month strings. For example, "+2TU" second Tuesday of month, "-1FR" last Friday of the month, which are internally converted to a `byweekday/bysetpos` combination.
                               nullable: true
                               type: array
                             byweekno:
@@ -3425,26 +3102,18 @@ paths:
                               type: array
                             byyearday:
                               items:
-                                description: >-
-                                  Indicates the days of the year that this rule
-                                  should recur.
+                                description: Indicates the days of the year that this rule should recur.
                                 type: number
                               nullable: true
                               type: array
                             count:
-                              description: >-
-                                Number of times the rule should recur until it
-                                stops.
+                              description: Number of times the rule should recur until it stops.
                               type: number
                             dtstart:
-                              description: >-
-                                Rule start date in Coordinated Universal Time
-                                (UTC).
+                              description: Rule start date in Coordinated Universal Time (UTC).
                               type: string
                             freq:
-                              description: >-
-                                Indicates frequency of the rule. Options are
-                                YEARLY, MONTHLY, WEEKLY, DAILY.
+                              description: Indicates frequency of the rule. Options are YEARLY, MONTHLY, WEEKLY, DAILY.
                               enum:
                                 - 0
                                 - 1
@@ -3455,10 +3124,7 @@ paths:
                                 - 6
                               type: integer
                             interval:
-                              description: >-
-                                Indicates the interval of frequency. For
-                                example, 1 and YEARLY is every 1 year, 2 and
-                                WEEKLY is every 2 weeks.
+                              description: Indicates the interval of frequency. For example, 1 and YEARLY is every 1 year, 2 and WEEKLY is every 2 weeks.
                               type: number
                             tzid:
                               description: Indicates timezone abbreviation.
@@ -3496,23 +3162,14 @@ paths:
                     type: array
                   throttle:
                     deprecated: true
-                    description: >-
-                      Deprecated in 8.13.0. Use the `throttle` property in the
-                      action `frequency` object instead. The throttle interval,
-                      which defines how often an alert generates repeated
-                      actions. NOTE: You cannot specify the throttle interval at
-                      both the rule and action level. If you set it at the rule
-                      level then update the rule in Kibana, it is automatically
-                      changed to use action-specific values.
+                    description: 'Deprecated in 8.13.0. Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.'
                     nullable: true
                     type: string
                   updated_at:
                     description: The date and time that the rule was updated most recently.
                     type: string
                   updated_by:
-                    description: >-
-                      The identifier for the user that updated this rule most
-                      recently.
+                    description: The identifier for the user that updated this rule most recently.
                     nullable: true
                     type: string
                   view_in_app_relative_url:
@@ -3538,6 +3195,9 @@ paths:
                   - muted_alert_ids
                   - execution_status
                   - revision
+              examples:
+                updateRuleResponse:
+                  $ref: '#/components/examples/update_rule_response'
           description: Indicates a successful call.
         '400':
           description: Indicates an invalid schema or parameters.
@@ -3550,6 +3210,7 @@ paths:
       summary: Update a rule
       tags:
         - alerting
+      x-beta: true
   /api/alerting/rule/{id}/_disable:
     post:
       operationId: post-alerting-rule-id-disable
@@ -3599,6 +3260,7 @@ paths:
       summary: Disable a rule
       tags:
         - alerting
+      x-beta: true
   /api/alerting/rule/{id}/_enable:
     post:
       operationId: post-alerting-rule-id-enable
@@ -3636,6 +3298,7 @@ paths:
       summary: Enable a rule
       tags:
         - alerting
+      x-beta: true
   /api/alerting/rule/{id}/_mute_all:
     post:
       operationId: post-alerting-rule-id-mute-all
@@ -3673,6 +3336,7 @@ paths:
       summary: Mute all alerts
       tags:
         - alerting
+      x-beta: true
   /api/alerting/rule/{id}/_unmute_all:
     post:
       operationId: post-alerting-rule-id-unmute-all
@@ -3710,6 +3374,7 @@ paths:
       summary: Unmute all alerts
       tags:
         - alerting
+      x-beta: true
   /api/alerting/rule/{id}/_update_api_key:
     post:
       operationId: post-alerting-rule-id-update-api-key
@@ -3749,6 +3414,7 @@ paths:
       summary: Update the API key for a rule
       tags:
         - alerting
+      x-beta: true
   /api/alerting/rule/{rule_id}/alert/{alert_id}/_mute:
     post:
       operationId: post-alerting-rule-rule-id-alert-alert-id-mute
@@ -3792,6 +3458,7 @@ paths:
       summary: Mute an alert
       tags:
         - alerting
+      x-beta: true
   /api/alerting/rule/{rule_id}/alert/{alert_id}/_unmute:
     post:
       operationId: post-alerting-rule-rule-id-alert-alert-id-unmute
@@ -3835,6 +3502,7 @@ paths:
       summary: Unmute an alert
       tags:
         - alerting
+      x-beta: true
   /api/alerting/rules/_find:
     get:
       operationId: get-alerting-rules-find
@@ -3863,9 +3531,7 @@ paths:
             default: 1
             minimum: 1
             type: number
-        - description: >-
-            An Elasticsearch simple_query_string query that filters the objects
-            in the response.
+        - description: An Elasticsearch simple_query_string query that filters the objects in the response.
           in: query
           name: search
           required: false
@@ -3891,9 +3557,7 @@ paths:
                   type: string
                 type: array
               - type: string
-        - description: >-
-            Determines which field is used to sort the results. The field must
-            exist in the `attributes` key of the response.
+        - description: Determines which field is used to sort the results. The field must exist in the `attributes` key of the response.
           in: query
           name: sort_field
           required: false
@@ -3908,9 +3572,7 @@ paths:
               - asc
               - desc
             type: string
-        - description: >-
-            Filters the rules that have a relation with the reference objects
-            with a specific type and identifier.
+        - description: Filters the rules that have a relation with the reference objects with a specific type and identifier.
           in: query
           name: has_reference
           required: false
@@ -3934,12 +3596,7 @@ paths:
               description: The fields to return in the `attributes` key of the response.
               type: string
             type: array
-        - description: >-
-            A KQL string that you filter with an attribute from your saved
-            object. It should look like `savedObjectType.attributes.title:
-            "myTitle"`. However, if you used a direct attribute of a saved
-            object, such as `updatedAt`, you must define your filter, for
-            example, `savedObjectType.updatedAt > 2018-12-22`.
+        - description: 'A KQL string that you filter with an attribute from your saved object. It should look like `savedObjectType.attributes.title: "myTitle"`. However, if you used a direct attribute of a saved object, such as `updatedAt`, you must define your filter, for example, `savedObjectType.updatedAt > 2018-12-22`.'
           in: query
           name: filter
           required: false
@@ -3968,9 +3625,7 @@ paths:
                       properties:
                         alerts_filter:
                           additionalProperties: false
-                          description: >-
-                            Defines a period that limits whether the action
-                            runs.
+                          description: Defines a period that limits whether the action runs.
                           type: object
                           properties:
                             query:
@@ -3978,15 +3633,10 @@ paths:
                               type: object
                               properties:
                                 dsl:
-                                  description: >-
-                                    A filter written in Elasticsearch Query
-                                    Domain Specific Language (DSL).
+                                  description: A filter written in Elasticsearch Query Domain Specific Language (DSL).
                                   type: string
                                 filters:
-                                  description: >-
-                                    A filter written in Elasticsearch Query
-                                    Domain Specific Language (DSL) as defined in
-                                    the `kbn-es-query` package.
+                                  description: A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package.
                                   items:
                                     additionalProperties: false
                                     type: object
@@ -3996,9 +3646,7 @@ paths:
                                         type: object
                                         properties:
                                           store:
-                                            description: >-
-                                              A filter can be either specific to an
-                                              application context or applied globally.
+                                            description: A filter can be either specific to an application context or applied globally.
                                             enum:
                                               - appState
                                               - globalState
@@ -4015,9 +3663,7 @@ paths:
                                       - meta
                                   type: array
                                 kql:
-                                  description: >-
-                                    A filter written in Kibana Query Language
-                                    (KQL).
+                                  description: A filter written in Kibana Query Language (KQL).
                                   type: string
                               required:
                                 - kql
@@ -4027,12 +3673,7 @@ paths:
                               type: object
                               properties:
                                 days:
-                                  description: >-
-                                    Defines the days of the week that the action
-                                    can run, represented as an array of numbers.
-                                    For example, `1` represents Monday. An empty
-                                    array is equivalent to specifying all the
-                                    days of the week.
+                                  description: Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week.
                                   items:
                                     enum:
                                       - 1
@@ -4049,55 +3690,30 @@ paths:
                                   type: object
                                   properties:
                                     end:
-                                      description: >-
-                                        The end of the time frame in 24-hour
-                                        notation (`hh:mm`).
+                                      description: The end of the time frame in 24-hour notation (`hh:mm`).
                                       type: string
                                     start:
-                                      description: >-
-                                        The start of the time frame in 24-hour
-                                        notation (`hh:mm`).
+                                      description: The start of the time frame in 24-hour notation (`hh:mm`).
                                       type: string
                                   required:
                                     - start
                                     - end
                                 timezone:
-                                  description: >-
-                                    The ISO time zone for the `hours` values.
-                                    Values such as `UTC` and `UTC+1` also work
-                                    but lack built-in daylight savings time
-                                    support and are not recommended.
+                                  description: The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended.
                                   type: string
                               required:
                                 - days
                                 - hours
                                 - timezone
                         connector_type_id:
-                          description: >-
-                            The type of connector. This property appears in
-                            responses but cannot be set in requests.
+                          description: The type of connector. This property appears in responses but cannot be set in requests.
                           type: string
                         frequency:
                           additionalProperties: false
                           type: object
                           properties:
                             notify_when:
-                              description: >-
-                                Indicates how often alerts generate actions.
-                                Valid values include: `onActionGroupChange`:
-                                Actions run when the alert status changes;
-                                `onActiveAlert`: Actions run when the alert
-                                becomes active and at each check interval while
-                                the rule conditions are met;
-                                `onThrottleInterval`: Actions run when the alert
-                                becomes active and at the interval specified in
-                                the throttle property while the rule conditions
-                                are met. NOTE: You cannot specify `notify_when`
-                                at both the rule and action level. The
-                                recommended method is to set it for each action.
-                                If you set it at the rule level then update the
-                                rule in Kibana, it is automatically changed to
-                                use action-specific values.
+                              description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.'
                               enum:
                                 - onActionGroupChange
                                 - onActiveAlert
@@ -4107,18 +3723,7 @@ paths:
                               description: Indicates whether the action is a summary.
                               type: boolean
                             throttle:
-                              description: >-
-                                The throttle interval, which defines how often
-                                an alert generates repeated actions. It is
-                                specified in seconds, minutes, hours, or days
-                                and is applicable only if 'notify_when' is set
-                                to 'onThrottleInterval'. NOTE: You cannot
-                                specify the throttle interval at both the rule
-                                and action level. The recommended method is to
-                                set it for each action. If you set it at the
-                                rule level then update the rule in Kibana, it is
-                                automatically changed to use action-specific
-                                values.
+                              description: 'The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if ''notify_when'' is set to ''onThrottleInterval''. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.'
                               nullable: true
                               type: string
                           required:
@@ -4126,30 +3731,20 @@ paths:
                             - notify_when
                             - throttle
                         group:
-                          description: >-
-                            The group name, which affects when the action runs
-                            (for example, when the threshold is met or when the
-                            alert is recovered). Each rule type has a list of
-                            valid action group names. If you don't need to group
-                            actions, set to `default`.
+                          description: The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`.
                           type: string
                         id:
                           description: The identifier for the connector saved object.
                           type: string
                         params:
                           additionalProperties: {}
-                          description: >-
-                            The parameters for the action, which are sent to the
-                            connector. The `params` are handled as Mustache
-                            templates and passed a default set of context.
+                          description: The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context.
                           type: object
                         use_alert_data_for_template:
                           description: Indicates whether to use alert data as a template.
                           type: boolean
                         uuid:
-                          description: >-
-                            A universally unique identifier (UUID) for the
-                            action.
+                          description: A universally unique identifier (UUID) for the action.
                           type: string
                       required:
                         - id
@@ -4163,36 +3758,24 @@ paths:
                     type: array
                   alert_delay:
                     additionalProperties: false
-                    description: >-
-                      Indicates that an alert occurs only when the specified
-                      number of consecutive runs met the rule conditions.
+                    description: Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions.
                     type: object
                     properties:
                       active:
-                        description: >-
-                          The number of consecutive runs that must meet the rule
-                          conditions.
+                        description: The number of consecutive runs that must meet the rule conditions.
                         type: number
                     required:
                       - active
                   api_key_created_by_user:
-                    description: >-
-                      Indicates whether the API key that is associated with the
-                      rule was created by the user.
+                    description: Indicates whether the API key that is associated with the rule was created by the user.
                     nullable: true
                     type: boolean
                   api_key_owner:
-                    description: >-
-                      The owner of the API key that is associated with the rule
-                      and used to run background tasks.
+                    description: The owner of the API key that is associated with the rule and used to run background tasks.
                     nullable: true
                     type: string
                   consumer:
-                    description: >-
-                      The name of the application or feature that owns the rule.
-                      For example: `alerts`, `apm`, `discover`,
-                      `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`,
-                      `securitySolution`, `siem`, `stackAlerts`, or `uptime`.
+                    description: 'The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.'
                     type: string
                   created_at:
                     description: The date and time that the rule was created.
@@ -4202,9 +3785,7 @@ paths:
                     nullable: true
                     type: string
                   enabled:
-                    description: >-
-                      Indicates whether you want to run the rule on an interval
-                      basis after it is created.
+                    description: Indicates whether you want to run the rule on an interval basis after it is created.
                     type: boolean
                   execution_status:
                     additionalProperties: false
@@ -4318,9 +3899,7 @@ paths:
                             nullable: true
                             type: number
                       outcome:
-                        description: >-
-                          Outcome of last run of the rule. Value could be
-                          succeeded, warning or failed.
+                        description: Outcome of last run of the rule. Value could be succeeded, warning or failed.
                         enum:
                           - succeeded
                           - warning
@@ -4370,9 +3949,7 @@ paths:
                         properties:
                           calculated_metrics:
                             additionalProperties: false
-                            description: >-
-                              Calculation of different percentiles and success
-                              ratio.
+                            description: Calculation of different percentiles and success ratio.
                             type: object
                             properties:
                               p50:
@@ -4395,18 +3972,14 @@ paths:
                                   description: Duration of the rule run.
                                   type: number
                                 outcome:
-                                  description: >-
-                                    Outcome of last run of the rule. Value could
-                                    be succeeded, warning or failed.
+                                  description: Outcome of last run of the rule. Value could be succeeded, warning or failed.
                                   enum:
                                     - succeeded
                                     - warning
                                     - failed
                                   type: string
                                 success:
-                                  description: >-
-                                    Indicates whether the rule run was
-                                    successful.
+                                  description: Indicates whether the rule run was successful.
                                   type: boolean
                                 timestamp:
                                   description: Time of rule run.
@@ -4431,29 +4004,19 @@ paths:
                                     nullable: true
                                     type: number
                                   total_alerts_created:
-                                    description: >-
-                                      Total number of alerts created during last
-                                      rule run.
+                                    description: Total number of alerts created during last rule run.
                                     nullable: true
                                     type: number
                                   total_alerts_detected:
-                                    description: >-
-                                      Total number of alerts detected during
-                                      last rule run.
+                                    description: Total number of alerts detected during last rule run.
                                     nullable: true
                                     type: number
                                   total_indexing_duration_ms:
-                                    description: >-
-                                      Total time spent indexing documents during
-                                      last rule run in milliseconds.
+                                    description: Total time spent indexing documents during last rule run in milliseconds.
                                     nullable: true
                                     type: number
                                   total_search_duration_ms:
-                                    description: >-
-                                      Total time spent performing Elasticsearch
-                                      searches as measured by Kibana; includes
-                                      network latency and time spent serializing
-                                      or deserializing the request and response.
+                                    description: Total time spent performing Elasticsearch searches as measured by Kibana; includes network latency and time spent serializing or deserializing the request and response.
                                     nullable: true
                                     type: number
                               timestamp:
@@ -4484,19 +4047,7 @@ paths:
                     nullable: true
                     type: string
                   notify_when:
-                    description: >-
-                      Indicates how often alerts generate actions. Valid values
-                      include: `onActionGroupChange`: Actions run when the alert
-                      status changes; `onActiveAlert`: Actions run when the
-                      alert becomes active and at each check interval while the
-                      rule conditions are met; `onThrottleInterval`: Actions run
-                      when the alert becomes active and at the interval
-                      specified in the throttle property while the rule
-                      conditions are met. NOTE: You cannot specify `notify_when`
-                      at both the rule and action level. The recommended method
-                      is to set it for each action. If you set it at the rule
-                      level then update the rule in Kibana, it is automatically
-                      changed to use action-specific values.
+                    description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.'
                     enum:
                       - onActionGroupChange
                       - onActiveAlert
@@ -4522,9 +4073,7 @@ paths:
                     type: object
                     properties:
                       interval:
-                        description: >-
-                          The interval is specified in seconds, minutes, hours,
-                          or days.
+                        description: The interval is specified in seconds, minutes, hours, or days.
                         type: string
                     required:
                       - interval
@@ -4560,9 +4109,7 @@ paths:
                               type: array
                             bymonth:
                               items:
-                                description: >-
-                                  Indicates months of the year that this rule
-                                  should recur.
+                                description: Indicates months of the year that this rule should recur.
                                 type: number
                               nullable: true
                               type: array
@@ -4580,12 +4127,7 @@ paths:
                               type: array
                             bysetpos:
                               items:
-                                description: >-
-                                  A positive or negative integer affecting the
-                                  nth day of the month. For example, -2 combined
-                                  with `byweekday` of FR is 2nd to last Friday
-                                  of the month. It is recommended to not set
-                                  this manually and just use `byweekday`.
+                                description: A positive or negative integer affecting the nth day of the month. For example, -2 combined with `byweekday` of FR is 2nd to last Friday of the month. It is recommended to not set this manually and just use `byweekday`.
                                 type: number
                               nullable: true
                               type: array
@@ -4594,13 +4136,7 @@ paths:
                                 anyOf:
                                   - type: string
                                   - type: number
-                                description: >-
-                                  Indicates the days of the week to recur or
-                                  else nth-day-of-month strings. For example,
-                                  "+2TU" second Tuesday of month, "-1FR" last
-                                  Friday of the month, which are internally
-                                  converted to a `byweekday/bysetpos`
-                                  combination.
+                                description: Indicates the days of the week to recur or else nth-day-of-month strings. For example, "+2TU" second Tuesday of month, "-1FR" last Friday of the month, which are internally converted to a `byweekday/bysetpos` combination.
                               nullable: true
                               type: array
                             byweekno:
@@ -4611,26 +4147,18 @@ paths:
                               type: array
                             byyearday:
                               items:
-                                description: >-
-                                  Indicates the days of the year that this rule
-                                  should recur.
+                                description: Indicates the days of the year that this rule should recur.
                                 type: number
                               nullable: true
                               type: array
                             count:
-                              description: >-
-                                Number of times the rule should recur until it
-                                stops.
+                              description: Number of times the rule should recur until it stops.
                               type: number
                             dtstart:
-                              description: >-
-                                Rule start date in Coordinated Universal Time
-                                (UTC).
+                              description: Rule start date in Coordinated Universal Time (UTC).
                               type: string
                             freq:
-                              description: >-
-                                Indicates frequency of the rule. Options are
-                                YEARLY, MONTHLY, WEEKLY, DAILY.
+                              description: Indicates frequency of the rule. Options are YEARLY, MONTHLY, WEEKLY, DAILY.
                               enum:
                                 - 0
                                 - 1
@@ -4641,10 +4169,7 @@ paths:
                                 - 6
                               type: integer
                             interval:
-                              description: >-
-                                Indicates the interval of frequency. For
-                                example, 1 and YEARLY is every 1 year, 2 and
-                                WEEKLY is every 2 weeks.
+                              description: Indicates the interval of frequency. For example, 1 and YEARLY is every 1 year, 2 and WEEKLY is every 2 weeks.
                               type: number
                             tzid:
                               description: Indicates timezone abbreviation.
@@ -4682,23 +4207,14 @@ paths:
                     type: array
                   throttle:
                     deprecated: true
-                    description: >-
-                      Deprecated in 8.13.0. Use the `throttle` property in the
-                      action `frequency` object instead. The throttle interval,
-                      which defines how often an alert generates repeated
-                      actions. NOTE: You cannot specify the throttle interval at
-                      both the rule and action level. If you set it at the rule
-                      level then update the rule in Kibana, it is automatically
-                      changed to use action-specific values.
+                    description: 'Deprecated in 8.13.0. Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.'
                     nullable: true
                     type: string
                   updated_at:
                     description: The date and time that the rule was updated most recently.
                     type: string
                   updated_by:
-                    description: >-
-                      The identifier for the user that updated this rule most
-                      recently.
+                    description: The identifier for the user that updated this rule most recently.
                     nullable: true
                     type: string
                   view_in_app_relative_url:
@@ -4724,6 +4240,11 @@ paths:
                   - muted_alert_ids
                   - execution_status
                   - revision
+              examples:
+                findRulesResponse:
+                  $ref: '#/components/examples/find_rules_response'
+                findConditionalActionRulesResponse:
+                  $ref: '#/components/examples/find_rules_response_conditional_action'
           description: Indicates a successful call.
         '400':
           description: Indicates an invalid schema or parameters.
@@ -4732,6 +4253,7 @@ paths:
       summary: Get information about rules
       tags:
         - alerting
+      x-beta: true
   /api/apm/agent_keys:
     post:
       description: Create a new agent key for APM.
@@ -4779,6 +4301,7 @@ paths:
       summary: Create an APM agent key
       tags:
         - APM agent keys
+      x-beta: true
   /api/apm/fleet/apm_server_schema:
     post:
       operationId: saveApmServerSchema
@@ -4833,6 +4356,7 @@ paths:
       summary: Save APM server schema
       tags:
         - APM server schema
+      x-beta: true
   /api/apm/services/{serviceName}/annotation:
     post:
       description: Create a new annotation for a specific service.
@@ -4886,6 +4410,7 @@ paths:
       summary: Create a service annotation
       tags:
         - APM annotations
+      x-beta: true
   /api/apm/services/{serviceName}/annotation/search:
     get:
       description: Search for annotations related to a specific service.
@@ -4944,6 +4469,7 @@ paths:
       summary: Search for annotations
       tags:
         - APM annotations
+      x-beta: true
   /api/apm/settings/agent-configuration:
     delete:
       operationId: deleteAgentConfiguration
@@ -4961,8 +4487,7 @@ paths:
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/APM_UI_delete_agent_configurations_response
+                $ref: '#/components/schemas/APM_UI_delete_agent_configurations_response'
           description: Successful response
         '400':
           content:
@@ -4991,6 +4516,7 @@ paths:
       summary: Delete agent configuration
       tags:
         - APM agent configuration
+      x-beta: true
     get:
       operationId: getAgentConfigurations
       parameters:
@@ -5023,6 +4549,7 @@ paths:
       summary: Get a list of agent configurations
       tags:
         - APM agent configuration
+      x-beta: true
     put:
       operationId: createUpdateAgentConfiguration
       parameters:
@@ -5074,6 +4601,7 @@ paths:
       summary: Create or update agent configuration
       tags:
         - APM agent configuration
+      x-beta: true
   /api/apm/settings/agent-configuration/agent_name:
     get:
       description: Retrieve `agentName` for a service.
@@ -5115,6 +4643,7 @@ paths:
       summary: Get agent name for service
       tags:
         - APM agent configuration
+      x-beta: true
   /api/apm/settings/agent-configuration/environments:
     get:
       operationId: getEnvironmentsForService
@@ -5153,11 +4682,11 @@ paths:
       summary: Get environments for service
       tags:
         - APM agent configuration
+      x-beta: true
   /api/apm/settings/agent-configuration/search:
     post:
-      description: >
-        This endpoint allows to search for single agent configuration and update
-        'applied_by_agent' field.
+      description: |
+        This endpoint allows to search for single agent configuration and update 'applied_by_agent' field.
       operationId: searchSingleConfiguration
       parameters:
         - $ref: '#/components/parameters/APM_UI_elastic_api_version'
@@ -5173,8 +4702,7 @@ paths:
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/APM_UI_search_agent_configuration_response
+                $ref: '#/components/schemas/APM_UI_search_agent_configuration_response'
           description: Successful response
         '400':
           content:
@@ -5197,6 +4725,7 @@ paths:
       summary: Lookup single agent configuration
       tags:
         - APM agent configuration
+      x-beta: true
   /api/apm/settings/agent-configuration/view:
     get:
       operationId: getSingleAgentConfiguration
@@ -5219,8 +4748,7 @@ paths:
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/APM_UI_single_agent_configuration_response
+                $ref: '#/components/schemas/APM_UI_single_agent_configuration_response'
           description: Successful response
         '400':
           content:
@@ -5243,6 +4771,7 @@ paths:
       summary: Get single agent configuration
       tags:
         - APM agent configuration
+      x-beta: true
   /api/apm/sourcemaps:
     get:
       description: Returns an array of Fleet artifacts, including source map uploads.
@@ -5293,6 +4822,7 @@ paths:
       summary: Get source maps
       tags:
         - APM sourcemaps
+      x-beta: true
     post:
       description: Upload a source map for a specific service and version.
       operationId: uploadSourceMap
@@ -5345,6 +4875,7 @@ paths:
       summary: Upload source map
       tags:
         - APM sourcemaps
+      x-beta: true
   /api/apm/sourcemaps/{id}:
     delete:
       description: Delete a previously uploaded source map.
@@ -5399,6 +4930,7 @@ paths:
       summary: Delete source map
       tags:
         - APM sourcemaps
+      x-beta: true
   /api/asset_criticality:
     delete:
       description: Delete the asset criticality record for a specific entity.
@@ -5433,13 +4965,10 @@ paths:
                 type: object
                 properties:
                   deleted:
-                    description: >-
-                      True if the record was deleted or false if the record did
-                      not exist.
+                    description: True if the record was deleted or false if the record did not exist.
                     type: boolean
                   record:
-                    $ref: >-
-                      #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord
+                    $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord'
                     description: The deleted record if it existed.
                 required:
                   - deleted
@@ -5449,6 +4978,7 @@ paths:
       summary: Delete an asset criticality record
       tags:
         - Security Entity Analytics API
+      x-beta: true
     get:
       description: Get the asset criticality record for a specific entity.
       operationId: GetAssetCriticalityRecord
@@ -5471,8 +5001,7 @@ paths:
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord
+                $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord'
           description: Successful response
         '400':
           description: Invalid request
@@ -5481,28 +5010,23 @@ paths:
       summary: Get an asset criticality record
       tags:
         - Security Entity Analytics API
+      x-beta: true
     post:
-      description: >
+      description: |
         Create or update an asset criticality record for a specific entity.
 
-
-        If a record already exists for the specified entity, that record is
-        overwritten with the specified value. If a record doesn't exist for the
-        specified entity, a new record is created.
+        If a record already exists for the specified entity, that record is overwritten with the specified value. If a record doesn't exist for the specified entity, a new record is created.
       operationId: CreateAssetCriticalityRecord
       requestBody:
         content:
           application/json; Elastic-Api-Version=2023-10-31:
             schema:
               allOf:
-                - $ref: >-
-                    #/components/schemas/Security_Entity_Analytics_API_CreateAssetCriticalityRecord
+                - $ref: '#/components/schemas/Security_Entity_Analytics_API_CreateAssetCriticalityRecord'
                 - type: object
                   properties:
                     refresh:
-                      description: >-
-                        If 'wait_for' the request will wait for the index
-                        refresh.
+                      description: If 'wait_for' the request will wait for the index refresh.
                       enum:
                         - wait_for
                       type: string
@@ -5512,24 +5036,20 @@ paths:
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord
+                $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord'
           description: Successful response
         '400':
           description: Invalid request
       summary: Upsert an asset criticality record
       tags:
         - Security Entity Analytics API
+      x-beta: true
   /api/asset_criticality/bulk:
     post:
-      description: >
+      description: |
         Bulk upsert up to 1000 asset criticality records.
 
-
-        If asset criticality records already exist for the specified entities,
-        those records are overwritten with the specified values. If asset
-        criticality records don't exist for the specified entities, new records
-        are created.
+        If asset criticality records already exist for the specified entities, those records are overwritten with the specified values. If asset criticality records don't exist for the specified entities, new records are created.
       operationId: BulkUpsertAssetCriticalityRecords
       requestBody:
         content:
@@ -5547,8 +5067,7 @@ paths:
               properties:
                 records:
                   items:
-                    $ref: >-
-                      #/components/schemas/Security_Entity_Analytics_API_CreateAssetCriticalityRecord
+                    $ref: '#/components/schemas/Security_Entity_Analytics_API_CreateAssetCriticalityRecord'
                   maxItems: 1000
                   minItems: 1
                   type: array
@@ -5571,12 +5090,10 @@ paths:
                 properties:
                   errors:
                     items:
-                      $ref: >-
-                        #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityBulkUploadErrorItem
+                      $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityBulkUploadErrorItem'
                     type: array
                   stats:
-                    $ref: >-
-                      #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityBulkUploadStats
+                    $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityBulkUploadStats'
                 required:
                   - errors
                   - stats
@@ -5586,6 +5103,7 @@ paths:
       summary: Bulk upsert asset criticality records
       tags:
         - Security Entity Analytics API
+      x-beta: true
   /api/asset_criticality/list:
     get:
       description: List asset criticality records, paging, sorting and filtering as needed.
@@ -5648,8 +5166,7 @@ paths:
                     type: integer
                   records:
                     items:
-                      $ref: >-
-                        #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord
+                      $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord'
                     type: array
                   total:
                     minimum: 0
@@ -5663,6 +5180,7 @@ paths:
       summary: List asset criticality records
       tags:
         - Security Entity Analytics API
+      x-beta: true
   /api/data_views:
     get:
       operationId: getAllDataViewsDefault
@@ -5703,6 +5221,7 @@ paths:
       summary: Get all data views
       tags:
         - data views
+      x-beta: true
   /api/data_views/data_view:
     post:
       operationId: createDataViewDefaultw
@@ -5733,6 +5252,7 @@ paths:
       summary: Create a data view
       tags:
         - data views
+      x-beta: true
   /api/data_views/data_view/{viewId}:
     delete:
       description: |
@@ -5753,6 +5273,7 @@ paths:
       summary: Delete a data view
       tags:
         - data views
+      x-beta: true
     get:
       operationId: getDataViewDefault
       parameters:
@@ -5776,6 +5297,7 @@ paths:
       summary: Get a data view
       tags:
         - data views
+      x-beta: true
     post:
       operationId: updateDataViewDefault
       parameters:
@@ -5806,11 +5328,11 @@ paths:
       summary: Update a data view
       tags:
         - data views
+      x-beta: true
   /api/data_views/data_view/{viewId}/fields:
     post:
-      description: >
-        Update fields presentation metadata such as count, customLabel,
-        customDescription, and format.
+      description: |
+        Update fields presentation metadata such as count, customLabel, customDescription, and format.
       operationId: updateFieldsMetadataDefault
       parameters:
         - $ref: '#/components/parameters/Data_views_kbn_xsrf'
@@ -5849,6 +5371,7 @@ paths:
       summary: Update data view fields metadata
       tags:
         - data views
+      x-beta: true
   /api/data_views/data_view/{viewId}/runtime_field:
     post:
       operationId: createRuntimeFieldDefault
@@ -5886,6 +5409,7 @@ paths:
       summary: Create a runtime field
       tags:
         - data views
+      x-beta: true
     put:
       operationId: createUpdateRuntimeFieldDefault
       parameters:
@@ -5941,6 +5465,7 @@ paths:
       summary: Create or update a runtime field
       tags:
         - data views
+      x-beta: true
   /api/data_views/data_view/{viewId}/runtime_field/{fieldName}:
     delete:
       operationId: deleteRuntimeFieldDefault
@@ -5959,6 +5484,7 @@ paths:
       summary: Delete a runtime field from a data view
       tags:
         - data views
+      x-beta: true
     get:
       operationId: getRuntimeFieldDefault
       parameters:
@@ -5990,6 +5516,7 @@ paths:
       summary: Get a runtime field
       tags:
         - data views
+      x-beta: true
     post:
       operationId: updateRuntimeFieldDefault
       parameters:
@@ -6028,6 +5555,7 @@ paths:
       summary: Update a runtime field
       tags:
         - data views
+      x-beta: true
   /api/data_views/default:
     get:
       operationId: getDefaultDataViewDefault
@@ -6037,8 +5565,7 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               examples:
                 getDefaultDataViewResponse:
-                  $ref: >-
-                    #/components/examples/Data_views_get_default_data_view_response
+                  $ref: '#/components/examples/Data_views_get_default_data_view_response'
               schema:
                 type: object
                 properties:
@@ -6054,6 +5581,7 @@ paths:
       summary: Get the default data view
       tags:
         - data views
+      x-beta: true
     post:
       operationId: setDefaultDatailViewDefault
       parameters:
@@ -6068,10 +5596,8 @@ paths:
               type: object
               properties:
                 data_view_id:
-                  description: >
-                    The data view identifier. NOTE: The API does not validate
-                    whether it is a valid identifier. Use `null` to unset the
-                    default data view.
+                  description: |
+                    The data view identifier. NOTE: The API does not validate whether it is a valid identifier. Use `null` to unset the default data view.
                   nullable: true
                   type: string
                 force:
@@ -6100,12 +5626,11 @@ paths:
       summary: Set the default data view
       tags:
         - data views
+      x-beta: true
   /api/data_views/swap_references:
     post:
-      description: >
-        Changes saved object references from one data view identifier to
-        another. WARNING: Misuse can break large numbers of saved objects!
-        Practicing with a backup is recommended.
+      description: |
+        Changes saved object references from one data view identifier to another. WARNING: Misuse can break large numbers of saved objects! Practicing with a backup is recommended.
       operationId: swapDataViewsDefault
       parameters:
         - $ref: '#/components/parameters/Data_views_kbn_xsrf'
@@ -6147,11 +5672,11 @@ paths:
       summary: Swap saved object references
       tags:
         - data views
+      x-beta: true
   /api/data_views/swap_references/_preview:
     post:
-      description: >
-        Preview the impact of swapping saved object references from one data
-        view identifier to another.
+      description: |
+        Preview the impact of swapping saved object references from one data view identifier to another.
       operationId: previewSwapDataViewsDefault
       parameters:
         - $ref: '#/components/parameters/Data_views_kbn_xsrf'
@@ -6160,8 +5685,7 @@ paths:
           application/json; Elastic-Api-Version=2023-10-31:
             examples:
               previewSwapDataViewRequest:
-                $ref: >-
-                  #/components/examples/Data_views_preview_swap_data_view_request
+                $ref: '#/components/examples/Data_views_preview_swap_data_view_request'
             schema:
               $ref: '#/components/schemas/Data_views_swap_data_view_request_object'
         required: true
@@ -6187,16 +5711,13 @@ paths:
       summary: Preview a saved object reference swap
       tags:
         - data views
+      x-beta: true
   /api/detection_engine/privileges:
     get:
-      description: >
-        Retrieves whether or not the user is authenticated, and the user's
-        Kibana
-
+      description: |
+        Retrieves whether or not the user is authenticated, and the user's Kibana
         space and index privileges, which determine if the user can create an
-
         index for the Elastic Security alerts generated by
-
         detection engine rules.
       operationId: ReadPrivileges
       responses:
@@ -6218,8 +5739,7 @@ paths:
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse'
           description: Unsuccessful authentication response
         '500':
           content:
@@ -6230,7 +5750,7 @@ paths:
       summary: Returns user privileges for the Kibana space
       tags:
         - Security Detections API
-        - Privileges API
+      x-beta: true
   /api/detection_engine/rules:
     delete:
       description: Delete a detection rule using the `rule_id` or `id` field.
@@ -6258,7 +5778,7 @@ paths:
       summary: Delete a detection rule
       tags:
         - Security Detections API
-        - Rules API
+      x-beta: true
     get:
       description: Retrieve a detection rule using the `rule_id` or `id` field.
       operationId: ReadRule
@@ -6285,11 +5805,9 @@ paths:
       summary: Retrieve a detection rule
       tags:
         - Security Detections API
-        - Rules API
+      x-beta: true
     patch:
-      description: >-
-        Update specific fields of an existing detection rule using the `rule_id`
-        or `id` field.
+      description: Update specific fields of an existing detection rule using the `rule_id` or `id` field.
       operationId: PatchRule
       requestBody:
         content:
@@ -6307,7 +5825,7 @@ paths:
       summary: Patch a detection rule
       tags:
         - Security Detections API
-        - Rules API
+      x-beta: true
     post:
       description: Create a new detection rule.
       operationId: CreateRule
@@ -6327,14 +5845,11 @@ paths:
       summary: Create a detection rule
       tags:
         - Security Detections API
-        - Rules API
+      x-beta: true
     put:
-      description: >
-        Update a detection rule using the `rule_id` or `id` field. The original
-        rule is replaced, and all unspecified fields are deleted.
-
+      description: |
+        Update a detection rule using the `rule_id` or `id` field. The original rule is replaced, and all unspecified fields are deleted.
         > info
-
         > You cannot modify the `id` or `rule_id` values.
       operationId: UpdateRule
       requestBody:
@@ -6353,13 +5868,10 @@ paths:
       summary: Update a detection rule
       tags:
         - Security Detections API
-        - Rules API
+      x-beta: true
   /api/detection_engine/rules/_bulk_action:
     post:
-      description: >-
-        Apply a bulk action, such as bulk edit, duplicate, or delete, to
-        multiple detection rules. The bulk action is applied to all rules that
-        match the query or to the rules listed by their IDs.
+      description: Apply a bulk action, such as bulk edit, duplicate, or delete, to multiple detection rules. The bulk action is applied to all rules that match the query or to the rules listed by their IDs.
       operationId: PerformRulesBulkAction
       parameters:
         - description: Enables dry run mode for the request call.
@@ -6374,14 +5886,11 @@ paths:
             schema:
               oneOf:
                 - $ref: '#/components/schemas/Security_Detections_API_BulkDeleteRules'
-                - $ref: >-
-                    #/components/schemas/Security_Detections_API_BulkDisableRules
+                - $ref: '#/components/schemas/Security_Detections_API_BulkDisableRules'
                 - $ref: '#/components/schemas/Security_Detections_API_BulkEnableRules'
                 - $ref: '#/components/schemas/Security_Detections_API_BulkExportRules'
-                - $ref: >-
-                    #/components/schemas/Security_Detections_API_BulkDuplicateRules
-                - $ref: >-
-                    #/components/schemas/Security_Detections_API_BulkManualRuleRun
+                - $ref: '#/components/schemas/Security_Detections_API_BulkDuplicateRules'
+                - $ref: '#/components/schemas/Security_Detections_API_BulkManualRuleRun'
                 - $ref: '#/components/schemas/Security_Detections_API_BulkEditRules'
       responses:
         '200':
@@ -6389,27 +5898,20 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Detections_API_BulkEditActionResponse
-                  - $ref: >-
-                      #/components/schemas/Security_Detections_API_BulkExportActionResponse
+                  - $ref: '#/components/schemas/Security_Detections_API_BulkEditActionResponse'
+                  - $ref: '#/components/schemas/Security_Detections_API_BulkExportActionResponse'
           description: OK
       summary: Apply a bulk action to detection rules
       tags:
         - Security Detections API
-        - Bulk API
+      x-beta: true
   /api/detection_engine/rules/_export:
     post:
-      description: >
-        Export detection rules to an `.ndjson` file. The following configuration
-        items are also included in the `.ndjson` file:
-
+      description: |
+        Export detection rules to an `.ndjson` file. The following configuration items are also included in the `.ndjson` file:
         - Actions
-
         - Exception lists
-
         > info
-
         > You cannot export prebuilt rules.
       operationId: ExportRules
       parameters:
@@ -6435,15 +5937,12 @@ paths:
               type: object
               properties:
                 objects:
-                  description: >-
-                    Array of `rule_id` fields. Exports all rules when
-                    unspecified.
+                  description: Array of `rule_id` fields. Exports all rules when unspecified.
                   items:
                     type: object
                     properties:
                       rule_id:
-                        $ref: >-
-                          #/components/schemas/Security_Detections_API_RuleSignatureId
+                        $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId'
                     required:
                       - rule_id
                   type: array
@@ -6462,12 +5961,10 @@ paths:
       summary: Export detection rules
       tags:
         - Security Detections API
-        - Import/Export API
+      x-beta: true
   /api/detection_engine/rules/_find:
     get:
-      description: >-
-        Retrieve a paginated list of detection rules. By default, the first page
-        is returned, with 20 results per page.
+      description: Retrieve a paginated list of detection rules. By default, the first page is returned, with 20 results per page.
       operationId: FindRules
       parameters:
         - in: query
@@ -6520,8 +6017,7 @@ paths:
                 properties:
                   data:
                     items:
-                      $ref: >-
-                        #/components/schemas/Security_Detections_API_RuleResponse
+                      $ref: '#/components/schemas/Security_Detections_API_RuleResponse'
                     type: array
                   page:
                     type: integer
@@ -6538,39 +6034,30 @@ paths:
       summary: List all detection rules
       tags:
         - Security Detections API
-        - Rules API
+      x-beta: true
   /api/detection_engine/rules/_import:
     post:
-      description: >
-        Import detection rules from an `.ndjson` file, including actions and
-        exception lists. The request must include:
-
+      description: |
+        Import detection rules from an `.ndjson` file, including actions and exception lists. The request must include:
         - The `Content-Type: multipart/form-data` HTTP header.
-
         - A link to the `.ndjson` file containing the rules.
       operationId: ImportRules
       parameters:
-        - description: >-
-            Determines whether existing rules with the same `rule_id` are
-            overwritten.
+        - description: Determines whether existing rules with the same `rule_id` are overwritten.
           in: query
           name: overwrite
           required: false
           schema:
             default: false
             type: boolean
-        - description: >-
-            Determines whether existing exception lists with the same `list_id`
-            are overwritten.
+        - description: Determines whether existing exception lists with the same `list_id` are overwritten.
           in: query
           name: overwrite_exceptions
           required: false
           schema:
             default: false
             type: boolean
-        - description: >-
-            Determines whether existing actions with the same
-            `kibana.alert.rule.actions.id` are overwritten.
+        - description: Determines whether existing actions with the same `kibana.alert.rule.actions.id` are overwritten.
           in: query
           name: overwrite_action_connectors
           required: false
@@ -6614,8 +6101,7 @@ paths:
                     type: integer
                   action_connectors_warnings:
                     items:
-                      $ref: >-
-                        #/components/schemas/Security_Detections_API_WarningSchema
+                      $ref: '#/components/schemas/Security_Detections_API_WarningSchema'
                     type: array
                   errors:
                     items:
@@ -6654,7 +6140,7 @@ paths:
       summary: Import detection rules
       tags:
         - Security Detections API
-        - Import/Export API
+      x-beta: true
   /api/detection_engine/rules/{id}/exceptions:
     post:
       description: Create exception items that apply to a single detection rule.
@@ -6674,8 +6160,7 @@ paths:
               properties:
                 items:
                   items:
-                    $ref: >-
-                      #/components/schemas/Security_Exceptions_API_CreateRuleExceptionListItemProps
+                    $ref: '#/components/schemas/Security_Exceptions_API_CreateRuleExceptionListItemProps'
                   type: array
               required:
                 - items
@@ -6687,8 +6172,7 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 items:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_ExceptionListItem
+                  $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem'
                 type: array
           description: Successful response
         '400':
@@ -6696,24 +6180,20 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
-                  - $ref: >-
-                      #/components/schemas/Security_Exceptions_API_SiemErrorResponse
+                  - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
+                  - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse'
           description: Invalid input data response
         '401':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
           description: Unsuccessful authentication response
         '403':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
           description: Not enough privileges response
         '500':
           content:
@@ -6724,13 +6204,12 @@ paths:
       summary: Create rule exception list items
       tags:
         - Security Exceptions API
+      x-beta: true
   /api/detection_engine/rules/preview:
     post:
       operationId: RulePreview
       parameters:
-        - description: >-
-            Enables logging and returning in response ES queries, performed
-            during rule execution
+        - description: Enables logging and returning in response ES queries, performed during rule execution
           in: query
           name: enable_logged_requests
           required: false
@@ -6742,50 +6221,32 @@ paths:
             schema:
               anyOf:
                 - allOf:
-                    - $ref: >-
-                        #/components/schemas/Security_Detections_API_EqlRuleCreateProps
-                    - $ref: >-
-                        #/components/schemas/Security_Detections_API_RulePreviewParams
+                    - $ref: '#/components/schemas/Security_Detections_API_EqlRuleCreateProps'
+                    - $ref: '#/components/schemas/Security_Detections_API_RulePreviewParams'
                 - allOf:
-                    - $ref: >-
-                        #/components/schemas/Security_Detections_API_QueryRuleCreateProps
-                    - $ref: >-
-                        #/components/schemas/Security_Detections_API_RulePreviewParams
+                    - $ref: '#/components/schemas/Security_Detections_API_QueryRuleCreateProps'
+                    - $ref: '#/components/schemas/Security_Detections_API_RulePreviewParams'
                 - allOf:
-                    - $ref: >-
-                        #/components/schemas/Security_Detections_API_SavedQueryRuleCreateProps
-                    - $ref: >-
-                        #/components/schemas/Security_Detections_API_RulePreviewParams
+                    - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRuleCreateProps'
+                    - $ref: '#/components/schemas/Security_Detections_API_RulePreviewParams'
                 - allOf:
-                    - $ref: >-
-                        #/components/schemas/Security_Detections_API_ThresholdRuleCreateProps
-                    - $ref: >-
-                        #/components/schemas/Security_Detections_API_RulePreviewParams
+                    - $ref: '#/components/schemas/Security_Detections_API_ThresholdRuleCreateProps'
+                    - $ref: '#/components/schemas/Security_Detections_API_RulePreviewParams'
                 - allOf:
-                    - $ref: >-
-                        #/components/schemas/Security_Detections_API_ThreatMatchRuleCreateProps
-                    - $ref: >-
-                        #/components/schemas/Security_Detections_API_RulePreviewParams
+                    - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRuleCreateProps'
+                    - $ref: '#/components/schemas/Security_Detections_API_RulePreviewParams'
                 - allOf:
-                    - $ref: >-
-                        #/components/schemas/Security_Detections_API_MachineLearningRuleCreateProps
-                    - $ref: >-
-                        #/components/schemas/Security_Detections_API_RulePreviewParams
+                    - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRuleCreateProps'
+                    - $ref: '#/components/schemas/Security_Detections_API_RulePreviewParams'
                 - allOf:
-                    - $ref: >-
-                        #/components/schemas/Security_Detections_API_NewTermsRuleCreateProps
-                    - $ref: >-
-                        #/components/schemas/Security_Detections_API_RulePreviewParams
+                    - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleCreateProps'
+                    - $ref: '#/components/schemas/Security_Detections_API_RulePreviewParams'
                 - allOf:
-                    - $ref: >-
-                        #/components/schemas/Security_Detections_API_EsqlRuleCreateProps
-                    - $ref: >-
-                        #/components/schemas/Security_Detections_API_RulePreviewParams
+                    - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleCreateProps'
+                    - $ref: '#/components/schemas/Security_Detections_API_RulePreviewParams'
               discriminator:
                 propertyName: type
-        description: >-
-          An object containing tags to add or remove and alert ids the changes
-          will be applied
+        description: An object containing tags to add or remove and alert ids the changes will be applied
         required: true
       responses:
         '200':
@@ -6798,12 +6259,10 @@ paths:
                     type: boolean
                   logs:
                     items:
-                      $ref: >-
-                        #/components/schemas/Security_Detections_API_RulePreviewLogs
+                      $ref: '#/components/schemas/Security_Detections_API_RulePreviewLogs'
                     type: array
                   previewId:
-                    $ref: >-
-                      #/components/schemas/Security_Detections_API_NonEmptyString
+                    $ref: '#/components/schemas/Security_Detections_API_NonEmptyString'
                 required:
                   - logs
           description: Successful response
@@ -6812,17 +6271,14 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Detections_API_PlatformErrorResponse
-                  - $ref: >-
-                      #/components/schemas/Security_Detections_API_SiemErrorResponse
+                  - $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse'
+                  - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse'
           description: Invalid input data response
         '401':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse'
           description: Unsuccessful authentication response
         '500':
           content:
@@ -6833,7 +6289,7 @@ paths:
       summary: Preview rule alerts generated on specified time range
       tags:
         - Security Detections API
-        - Rule preview API
+      x-beta: true
   /api/detection_engine/signals/assignees:
     post:
       description: |
@@ -6865,6 +6321,7 @@ paths:
       summary: Assign and unassign users from detection alerts
       tags:
         - Security Detections API
+      x-beta: true
   /api/detection_engine/signals/search:
     post:
       description: Find and/or aggregate detection alerts that match the given query.
@@ -6919,17 +6376,14 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Detections_API_PlatformErrorResponse
-                  - $ref: >-
-                      #/components/schemas/Security_Detections_API_SiemErrorResponse
+                  - $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse'
+                  - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse'
           description: Invalid input data response
         '401':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse'
           description: Unsuccessful authentication response
         '500':
           content:
@@ -6940,7 +6394,7 @@ paths:
       summary: Find and/or aggregate detection alerts
       tags:
         - Security Detections API
-        - Alerts API
+      x-beta: true
   /api/detection_engine/signals/status:
     post:
       description: Set the status of one or more detection alerts.
@@ -6950,13 +6404,9 @@ paths:
           application/json; Elastic-Api-Version=2023-10-31:
             schema:
               oneOf:
-                - $ref: >-
-                    #/components/schemas/Security_Detections_API_SetAlertsStatusByIds
-                - $ref: >-
-                    #/components/schemas/Security_Detections_API_SetAlertsStatusByQuery
-        description: >-
-          An object containing desired status and explicit alert ids or a query
-          to select alerts
+                - $ref: '#/components/schemas/Security_Detections_API_SetAlertsStatusByIds'
+                - $ref: '#/components/schemas/Security_Detections_API_SetAlertsStatusByQuery'
+        description: An object containing desired status and explicit alert ids or a query to select alerts
         required: true
       responses:
         '200':
@@ -6972,17 +6422,14 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Detections_API_PlatformErrorResponse
-                  - $ref: >-
-                      #/components/schemas/Security_Detections_API_SiemErrorResponse
+                  - $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse'
+                  - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse'
           description: Invalid input data response
         '401':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse'
           description: Unsuccessful authentication response
         '500':
           content:
@@ -6993,7 +6440,7 @@ paths:
       summary: Set a detection alert status
       tags:
         - Security Detections API
-        - Alerts API
+      x-beta: true
   /api/detection_engine/signals/tags:
     post:
       description: |
@@ -7014,9 +6461,7 @@ paths:
               required:
                 - ids
                 - tags
-        description: >-
-          An object containing tags to add or remove and alert ids the changes
-          will be applied
+        description: An object containing tags to add or remove and alert ids the changes will be applied
         required: true
       responses:
         '200':
@@ -7032,17 +6477,14 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Detections_API_PlatformErrorResponse
-                  - $ref: >-
-                      #/components/schemas/Security_Detections_API_SiemErrorResponse
+                  - $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse'
+                  - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse'
           description: Invalid input data response
         '401':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse'
           description: Unsuccessful authentication response
         '500':
           content:
@@ -7053,7 +6495,7 @@ paths:
       summary: Add and remove detection alert tags
       tags:
         - Security Detections API
-        - Alerts API
+      x-beta: true
   /api/detection_engine/tags:
     get:
       description: List all unique tags from all detection rules.
@@ -7068,61 +6510,51 @@ paths:
       summary: List all detection rule tags
       tags:
         - Security Detections API
-        - Tags API
+      x-beta: true
   /api/endpoint_list:
     post:
-      description: >-
-        Create an endpoint exception list, which groups endpoint exception list
-        items. If an endpoint exception list already exists, an empty response
-        is returned.
+      description: Create an endpoint exception list, which groups endpoint exception list items. If an endpoint exception list already exists, an empty response is returned.
       operationId: CreateEndpointList
       responses:
         '200':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Exceptions_API_EndpointList
+                $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_EndpointList'
           description: Successful response
         '400':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse
-                  - $ref: >-
-                      #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse
+                  - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse'
+                  - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse'
           description: Invalid input data
         '401':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse'
           description: Unsuccessful authentication
         '403':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse'
           description: Insufficient privileges
         '500':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse
+                $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse'
           description: Internal server error
       summary: Create an endpoint exception list
       tags:
         - Security Endpoint Exceptions API
+      x-beta: true
   /api/endpoint_list/items:
     delete:
-      description: >-
-        Delete an endpoint exception list item using the `id` or `item_id`
-        field.
+      description: Delete an endpoint exception list item using the `id` or `item_id` field.
       operationId: DeleteEndpointListItem
       parameters:
         - description: Either `id` or `item_id` must be specified
@@ -7130,68 +6562,58 @@ paths:
           name: id
           required: false
           schema:
-            $ref: >-
-              #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemId
+            $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemId'
         - description: Either `id` or `item_id` must be specified
           in: query
           name: item_id
           required: false
           schema:
-            $ref: >-
-              #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId
+            $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId'
       responses:
         '200':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem
+                $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem'
           description: Successful response
         '400':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse
-                  - $ref: >-
-                      #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse
+                  - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse'
+                  - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse'
           description: Invalid input data
         '401':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse'
           description: Unsuccessful authentication
         '403':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse'
           description: Insufficient privileges
         '404':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse
+                $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse'
           description: Endpoint list item not found
         '500':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse
+                $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse'
           description: Internal server error
       summary: Delete an endpoint exception list item
       tags:
         - Security Endpoint Exceptions API
+      x-beta: true
     get:
-      description: >-
-        Get the details of an endpoint exception list item using the `id` or
-        `item_id` field.
+      description: Get the details of an endpoint exception list item using the `id` or `item_id` field.
       operationId: ReadEndpointListItem
       parameters:
         - description: Either `id` or `item_id` must be specified
@@ -7199,23 +6621,20 @@ paths:
           name: id
           required: false
           schema:
-            $ref: >-
-              #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemId
+            $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemId'
         - description: Either `id` or `item_id` must be specified
           in: query
           name: item_id
           required: false
           schema:
-            $ref: >-
-              #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId
+            $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId'
       responses:
         '200':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 items:
-                  $ref: >-
-                    #/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem
+                  $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem'
                 type: array
           description: Successful response
         '400':
@@ -7223,46 +6642,39 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse
-                  - $ref: >-
-                      #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse
+                  - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse'
+                  - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse'
           description: Invalid input data
         '401':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse'
           description: Unsuccessful authentication
         '403':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse'
           description: Insufficient privileges
         '404':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse
+                $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse'
           description: Endpoint list item not found
         '500':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse
+                $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse'
           description: Internal server error
       summary: Get an endpoint exception list item
       tags:
         - Security Endpoint Exceptions API
+      x-beta: true
     post:
-      description: >-
-        Create an endpoint exception list item, and associate it with the
-        endpoint exception list.
+      description: Create an endpoint exception list item, and associate it with the endpoint exception list.
       operationId: CreateEndpointListItem
       requestBody:
         content:
@@ -7271,35 +6683,26 @@ paths:
               type: object
               properties:
                 comments:
-                  $ref: >-
-                    #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemCommentArray
+                  $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemCommentArray'
                   default: []
                 description:
-                  $ref: >-
-                    #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemDescription
+                  $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemDescription'
                 entries:
-                  $ref: >-
-                    #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryArray
+                  $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryArray'
                 item_id:
-                  $ref: >-
-                    #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId
+                  $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId'
                 meta:
-                  $ref: >-
-                    #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemMeta
+                  $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemMeta'
                 name:
-                  $ref: >-
-                    #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemName
+                  $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemName'
                 os_types:
-                  $ref: >-
-                    #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray
+                  $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray'
                   default: []
                 tags:
-                  $ref: >-
-                    #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemTags
+                  $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemTags'
                   default: []
                 type:
-                  $ref: >-
-                    #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemType
+                  $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemType'
               required:
                 - type
                 - name
@@ -7312,54 +6715,46 @@ paths:
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem
+                $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem'
           description: Successful response
         '400':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse
-                  - $ref: >-
-                      #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse
+                  - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse'
+                  - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse'
           description: Invalid input data
         '401':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse'
           description: Unsuccessful authentication
         '403':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse'
           description: Insufficient privileges
         '409':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse
+                $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse'
           description: Endpoint list item already exists
         '500':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse
+                $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse'
           description: Internal server error
       summary: Create an endpoint exception list item
       tags:
         - Security Endpoint Exceptions API
+      x-beta: true
     put:
-      description: >-
-        Update an endpoint exception list item using the `id` or `item_id`
-        field.
+      description: Update an endpoint exception list item using the `id` or `item_id` field.
       operationId: UpdateEndpointListItem
       requestBody:
         content:
@@ -7370,39 +6765,29 @@ paths:
                 _version:
                   type: string
                 comments:
-                  $ref: >-
-                    #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemCommentArray
+                  $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemCommentArray'
                   default: []
                 description:
-                  $ref: >-
-                    #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemDescription
+                  $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemDescription'
                 entries:
-                  $ref: >-
-                    #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryArray
+                  $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryArray'
                 id:
-                  $ref: >-
-                    #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemId
+                  $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemId'
                   description: Either `id` or `item_id` must be specified
                 item_id:
-                  $ref: >-
-                    #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId
+                  $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId'
                   description: Either `id` or `item_id` must be specified
                 meta:
-                  $ref: >-
-                    #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemMeta
+                  $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemMeta'
                 name:
-                  $ref: >-
-                    #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemName
+                  $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemName'
                 os_types:
-                  $ref: >-
-                    #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray
+                  $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray'
                   default: []
                 tags:
-                  $ref: >-
-                    #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemTags
+                  $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemTags'
                 type:
-                  $ref: >-
-                    #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemType
+                  $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemType'
               required:
                 - type
                 - name
@@ -7415,66 +6800,57 @@ paths:
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem
+                $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem'
           description: Successful response
         '400':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse
-                  - $ref: >-
-                      #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse
+                  - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse'
+                  - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse'
           description: Invalid input data
         '401':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse'
           description: Unsuccessful authentication
         '403':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse'
           description: Insufficient privileges
         '404':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse
+                $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse'
           description: Endpoint list item not found
         '500':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse
+                $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse'
           description: Internal server error
       summary: Update an endpoint exception list item
       tags:
         - Security Endpoint Exceptions API
+      x-beta: true
   /api/endpoint_list/items/_find:
     get:
       description: Get a list of all endpoint exception list items.
       operationId: FindEndpointListItems
       parameters:
-        - description: >
-            Filters the returned results according to the value of the specified
-            field,
-
+        - description: |
+            Filters the returned results according to the value of the specified field,
             using the `<field name>:<field value>` syntax.
           in: query
           name: filter
           required: false
           schema:
-            $ref: >-
-              #/components/schemas/Security_Endpoint_Exceptions_API_FindEndpointListItemsFilter
+            $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_FindEndpointListItemsFilter'
         - description: The page number to return
           in: query
           name: page
@@ -7494,8 +6870,7 @@ paths:
           name: sort_field
           required: false
           schema:
-            $ref: >-
-              #/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString
+            $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString'
         - description: Determines the sort order, which can be `desc` or `asc`
           in: query
           name: sort_order
@@ -7514,8 +6889,7 @@ paths:
                 properties:
                   data:
                     items:
-                      $ref: >-
-                        #/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem
+                      $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem'
                     type: array
                   page:
                     minimum: 0
@@ -7539,42 +6913,37 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse
-                  - $ref: >-
-                      #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse
+                  - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse'
+                  - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse'
           description: Invalid input data
         '401':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse'
           description: Unsuccessful authentication
         '403':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse'
           description: Insufficient privileges
         '404':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse
+                $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse'
           description: Endpoint list not found
         '500':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse
+                $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse'
           description: Internal server error
       summary: Get endpoint exception list items
       tags:
         - Security Endpoint Exceptions API
+      x-beta: true
   /api/endpoint/action:
     get:
       description: Get a list of all response actions.
@@ -7584,47 +6953,18 @@ paths:
           name: query
           required: true
           schema:
-            $ref: >-
-              #/components/schemas/Security_Endpoint_Management_API_GetEndpointActionListRouteQuery
+            $ref: '#/components/schemas/Security_Endpoint_Management_API_GetEndpointActionListRouteQuery'
       responses:
         '200':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Management_API_SuccessResponse
+                $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse'
           description: OK
       summary: Get response actions
       tags:
         - Security Endpoint Management API
-  /api/endpoint/action_log/{agent_id}:
-    get:
-      deprecated: true
-      description: Get an action request log for the specified agent ID.
-      operationId: EndpointGetActionLog
-      parameters:
-        - in: path
-          name: agent_id
-          required: true
-          schema:
-            $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentId'
-        - in: query
-          name: query
-          required: true
-          schema:
-            $ref: >-
-              #/components/schemas/Security_Endpoint_Management_API_ActionLogRequestQuery
-      responses:
-        '200':
-          content:
-            application/json; Elastic-Api-Version=2023-10-31:
-              schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Management_API_SuccessResponse
-          description: OK
-      summary: Get an action request log
-      tags:
-        - Security Endpoint Management API
+      x-beta: true
   /api/endpoint/action_status:
     get:
       description: Get the status of response actions for the specified agent IDs.
@@ -7643,12 +6983,12 @@ paths:
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Management_API_ActionStatusSuccessResponse
+                $ref: '#/components/schemas/Security_Endpoint_Management_API_ActionStatusSuccessResponse'
           description: OK
       summary: Get response actions status
       tags:
         - Security Endpoint Management API
+      x-beta: true
   /api/endpoint/action/{action_id}:
     get:
       description: Get the details of a response action using the action ID.
@@ -7664,12 +7004,12 @@ paths:
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Management_API_SuccessResponse
+                $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse'
           description: OK
       summary: Get action details
       tags:
         - Security Endpoint Management API
+      x-beta: true
   /api/endpoint/action/{action_id}/file/{file_id}:
     get:
       description: Get information for the specified file using the file ID.
@@ -7690,12 +7030,12 @@ paths:
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Management_API_SuccessResponse
+                $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse'
           description: OK
       summary: Get file information
       tags:
         - Security Endpoint Management API
+      x-beta: true
   /api/endpoint/action/{action_id}/file/{file_id}/download:
     get:
       description: Download a file from an endpoint.
@@ -7716,12 +7056,12 @@ paths:
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Management_API_SuccessResponse
+                $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse'
           description: OK
       summary: Download a file
       tags:
         - Security Endpoint Management API
+      x-beta: true
   /api/endpoint/action/execute:
     post:
       description: Run a shell command on an endpoint.
@@ -7730,20 +7070,19 @@ paths:
         content:
           application/json; Elastic-Api-Version=2023-10-31:
             schema:
-              $ref: >-
-                #/components/schemas/Security_Endpoint_Management_API_ExecuteRouteRequestBody
+              $ref: '#/components/schemas/Security_Endpoint_Management_API_ExecuteRouteRequestBody'
         required: true
       responses:
         '200':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Management_API_SuccessResponse
+                $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse'
           description: OK
       summary: Run a command
       tags:
         - Security Endpoint Management API
+      x-beta: true
   /api/endpoint/action/get_file:
     post:
       description: Get a file from an endpoint.
@@ -7752,44 +7091,40 @@ paths:
         content:
           application/json; Elastic-Api-Version=2023-10-31:
             schema:
-              $ref: >-
-                #/components/schemas/Security_Endpoint_Management_API_GetFileRouteRequestBody
+              $ref: '#/components/schemas/Security_Endpoint_Management_API_GetFileRouteRequestBody'
         required: true
       responses:
         '200':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Management_API_SuccessResponse
+                $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse'
           description: OK
       summary: Get a file
       tags:
         - Security Endpoint Management API
+      x-beta: true
   /api/endpoint/action/isolate:
     post:
-      description: >-
-        Isolate an endpoint from the network. The endpoint remains isolated
-        until it's released.
+      description: Isolate an endpoint from the network. The endpoint remains isolated until it's released.
       operationId: EndpointIsolateAction
       requestBody:
         content:
           application/json; Elastic-Api-Version=2023-10-31:
             schema:
-              $ref: >-
-                #/components/schemas/Security_Endpoint_Management_API_IsolateRouteRequestBody
+              $ref: '#/components/schemas/Security_Endpoint_Management_API_IsolateRouteRequestBody'
         required: true
       responses:
         '200':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Management_API_SuccessResponse
+                $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse'
           description: OK
       summary: Isolate an endpoint
       tags:
         - Security Endpoint Management API
+      x-beta: true
   /api/endpoint/action/kill_process:
     post:
       description: Terminate a running process on an endpoint.
@@ -7798,20 +7133,19 @@ paths:
         content:
           application/json; Elastic-Api-Version=2023-10-31:
             schema:
-              $ref: >-
-                #/components/schemas/Security_Endpoint_Management_API_KillProcessRouteRequestBody
+              $ref: '#/components/schemas/Security_Endpoint_Management_API_KillProcessRouteRequestBody'
         required: true
       responses:
         '200':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Management_API_SuccessResponse
+                $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse'
           description: OK
       summary: Terminate a process
       tags:
         - Security Endpoint Management API
+      x-beta: true
   /api/endpoint/action/running_procs:
     post:
       description: Get a list of all processes running on an endpoint.
@@ -7820,20 +7154,19 @@ paths:
         content:
           application/json; Elastic-Api-Version=2023-10-31:
             schema:
-              $ref: >-
-                #/components/schemas/Security_Endpoint_Management_API_GetProcessesRouteRequestBody
+              $ref: '#/components/schemas/Security_Endpoint_Management_API_GetProcessesRouteRequestBody'
         required: true
       responses:
         '200':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Management_API_SuccessResponse
+                $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse'
           description: OK
       summary: Get running processes
       tags:
         - Security Endpoint Management API
+      x-beta: true
   /api/endpoint/action/scan:
     post:
       description: Scan a specific file or directory on an endpoint for malware.
@@ -7842,37 +7175,34 @@ paths:
         content:
           application/json; Elastic-Api-Version=2023-10-31:
             schema:
-              $ref: >-
-                #/components/schemas/Security_Endpoint_Management_API_ScanRouteRequestBody
+              $ref: '#/components/schemas/Security_Endpoint_Management_API_ScanRouteRequestBody'
         required: true
       responses:
         '200':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Management_API_SuccessResponse
+                $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse'
           description: OK
       summary: Scan a file or directory
       tags:
         - Security Endpoint Management API
+      x-beta: true
   /api/endpoint/action/state:
     get:
-      description: >-
-        Get a response actions state, which reports whether encryption is
-        enabled.
+      description: Get a response actions state, which reports whether encryption is enabled.
       operationId: EndpointGetActionsState
       responses:
         '200':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Management_API_ActionStateSuccessResponse
+                $ref: '#/components/schemas/Security_Endpoint_Management_API_ActionStateSuccessResponse'
           description: OK
       summary: Get actions state
       tags:
         - Security Endpoint Management API
+      x-beta: true
   /api/endpoint/action/suspend_process:
     post:
       description: Suspend a running process on an endpoint.
@@ -7881,20 +7211,19 @@ paths:
         content:
           application/json; Elastic-Api-Version=2023-10-31:
             schema:
-              $ref: >-
-                #/components/schemas/Security_Endpoint_Management_API_SuspendProcessRouteRequestBody
+              $ref: '#/components/schemas/Security_Endpoint_Management_API_SuspendProcessRouteRequestBody'
         required: true
       responses:
         '200':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Management_API_SuccessResponse
+                $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse'
           description: OK
       summary: Suspend a process
       tags:
         - Security Endpoint Management API
+      x-beta: true
   /api/endpoint/action/unisolate:
     post:
       description: Release an isolated endpoint, allowing it to rejoin a network.
@@ -7903,20 +7232,19 @@ paths:
         content:
           application/json; Elastic-Api-Version=2023-10-31:
             schema:
-              $ref: >-
-                #/components/schemas/Security_Endpoint_Management_API_UnisolateRouteRequestBody
+              $ref: '#/components/schemas/Security_Endpoint_Management_API_UnisolateRouteRequestBody'
         required: true
       responses:
         '200':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Management_API_SuccessResponse
+                $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse'
           description: OK
       summary: Release an isolated endpoint
       tags:
         - Security Endpoint Management API
+      x-beta: true
   /api/endpoint/action/upload:
     post:
       description: Upload a file to an endpoint.
@@ -7925,20 +7253,19 @@ paths:
         content:
           application/json; Elastic-Api-Version=2023-10-31:
             schema:
-              $ref: >-
-                #/components/schemas/Security_Endpoint_Management_API_UploadRouteRequestBody
+              $ref: '#/components/schemas/Security_Endpoint_Management_API_UploadRouteRequestBody'
         required: true
       responses:
         '200':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Management_API_SuccessResponse
+                $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse'
           description: OK
       summary: Upload a file
       tags:
         - Security Endpoint Management API
+      x-beta: true
   /api/endpoint/metadata:
     get:
       operationId: GetEndpointMetadataList
@@ -7947,19 +7274,18 @@ paths:
           name: query
           required: true
           schema:
-            $ref: >-
-              #/components/schemas/Security_Endpoint_Management_API_ListRequestQuery
+            $ref: '#/components/schemas/Security_Endpoint_Management_API_ListRequestQuery'
       responses:
         '200':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Management_API_SuccessResponse
+                $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse'
           description: OK
       summary: Get a metadata list
       tags:
         - Security Endpoint Management API
+      x-beta: true
   /api/endpoint/metadata/{id}:
     get:
       operationId: GetEndpointMetadata
@@ -7974,27 +7300,12 @@ paths:
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Management_API_SuccessResponse
+                $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse'
           description: OK
       summary: Get metadata
       tags:
         - Security Endpoint Management API
-  /api/endpoint/metadata/transforms:
-    get:
-      deprecated: true
-      operationId: GetEndpointMetadataTransform
-      responses:
-        '200':
-          content:
-            application/json; Elastic-Api-Version=2023-10-31:
-              schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Management_API_SuccessResponse
-          description: OK
-      summary: Get metadata transforms
-      tags:
-        - Security Endpoint Management API
+      x-beta: true
   /api/endpoint/policy_response:
     get:
       operationId: GetPolicyResponse
@@ -8012,39 +7323,12 @@ paths:
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Management_API_SuccessResponse
+                $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse'
           description: OK
       summary: Get a policy response
       tags:
         - Security Endpoint Management API
-  /api/endpoint/policy/summaries:
-    get:
-      deprecated: true
-      operationId: GetAgentPolicySummary
-      parameters:
-        - in: query
-          name: query
-          required: true
-          schema:
-            type: object
-            properties:
-              package_name:
-                type: string
-              policy_id:
-                nullable: true
-                type: string
-      responses:
-        '200':
-          content:
-            application/json; Elastic-Api-Version=2023-10-31:
-              schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Management_API_SuccessResponse
-          description: OK
-      summary: Get an agent policy summary
-      tags:
-        - Security Endpoint Management API
+      x-beta: true
   /api/endpoint/protection_updates_note/{package_policy_id}:
     get:
       operationId: GetProtectionUpdatesNote
@@ -8059,12 +7343,12 @@ paths:
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Management_API_ProtectionUpdatesNoteResponse
+                $ref: '#/components/schemas/Security_Endpoint_Management_API_ProtectionUpdatesNoteResponse'
           description: OK
       summary: Get a protection updates note
       tags:
         - Security Endpoint Management API
+      x-beta: true
     post:
       operationId: CreateUpdateProtectionUpdatesNote
       parameters:
@@ -8087,50 +7371,12 @@ paths:
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Management_API_ProtectionUpdatesNoteResponse
+                $ref: '#/components/schemas/Security_Endpoint_Management_API_ProtectionUpdatesNoteResponse'
           description: OK
       summary: Create or update a protection updates note
       tags:
         - Security Endpoint Management API
-  /api/endpoint/suggestions/{suggestion_type}:
-    post:
-      deprecated: true
-      operationId: GetEndpointSuggestions
-      parameters:
-        - in: path
-          name: suggestion_type
-          required: true
-          schema:
-            enum:
-              - eventFilters
-            type: string
-      requestBody:
-        content:
-          application/json; Elastic-Api-Version=2023-10-31:
-            schema:
-              type: object
-              properties:
-                field:
-                  type: string
-                fieldMeta: {}
-                filters: {}
-                query:
-                  type: string
-              required:
-                - parameters
-        required: true
-      responses:
-        '200':
-          content:
-            application/json; Elastic-Api-Version=2023-10-31:
-              schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Management_API_SuccessResponse
-          description: OK
-      summary: Get suggestions
-      tags:
-        - Security Endpoint Management API
+      x-beta: true
   /api/entity_store/engines:
     get:
       operationId: ListEntityEngines
@@ -8145,13 +7391,13 @@ paths:
                     type: integer
                   engines:
                     items:
-                      $ref: >-
-                        #/components/schemas/Security_Entity_Analytics_API_EngineDescriptor
+                      $ref: '#/components/schemas/Security_Entity_Analytics_API_EngineDescriptor'
                     type: array
           description: Successful response
       summary: List the Entity Engines
       tags:
         - Security Entity Analytics API
+      x-beta: true
   /api/entity_store/engines/{entityType}:
     delete:
       operationId: DeleteEntityEngine
@@ -8181,6 +7427,7 @@ paths:
       summary: Delete the Entity Engine
       tags:
         - Security Entity Analytics API
+      x-beta: true
     get:
       operationId: GetEntityEngine
       parameters:
@@ -8195,12 +7442,12 @@ paths:
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Entity_Analytics_API_EngineDescriptor
+                $ref: '#/components/schemas/Security_Entity_Analytics_API_EngineDescriptor'
           description: Successful response
       summary: Get an Entity Engine
       tags:
         - Security Entity Analytics API
+      x-beta: true
   /api/entity_store/engines/{entityType}/init:
     post:
       operationId: InitEntityEngine
@@ -8224,8 +7471,7 @@ paths:
                 filter:
                   type: string
                 indexPattern:
-                  $ref: >-
-                    #/components/schemas/Security_Entity_Analytics_API_IndexPattern
+                  $ref: '#/components/schemas/Security_Entity_Analytics_API_IndexPattern'
         description: Schema for the engine initialization
         required: true
       responses:
@@ -8233,12 +7479,12 @@ paths:
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Entity_Analytics_API_EngineDescriptor
+                $ref: '#/components/schemas/Security_Entity_Analytics_API_EngineDescriptor'
           description: Successful response
       summary: Initialize an Entity Engine
       tags:
         - Security Entity Analytics API
+      x-beta: true
   /api/entity_store/engines/{entityType}/start:
     post:
       operationId: StartEntityEngine
@@ -8262,6 +7508,7 @@ paths:
       summary: Start an Entity Engine
       tags:
         - Security Entity Analytics API
+      x-beta: true
   /api/entity_store/engines/{entityType}/stats:
     post:
       operationId: GetEntityEngineStats
@@ -8280,26 +7527,24 @@ paths:
                 type: object
                 properties:
                   indexPattern:
-                    $ref: >-
-                      #/components/schemas/Security_Entity_Analytics_API_IndexPattern
+                    $ref: '#/components/schemas/Security_Entity_Analytics_API_IndexPattern'
                   indices:
                     items:
                       type: object
                     type: array
                   status:
-                    $ref: >-
-                      #/components/schemas/Security_Entity_Analytics_API_EngineStatus
+                    $ref: '#/components/schemas/Security_Entity_Analytics_API_EngineStatus'
                   transforms:
                     items:
                       type: object
                     type: array
                   type:
-                    $ref: >-
-                      #/components/schemas/Security_Entity_Analytics_API_EntityType
+                    $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType'
           description: Successful response
       summary: Get Entity Engine stats
       tags:
         - Security Entity Analytics API
+      x-beta: true
   /api/entity_store/engines/{entityType}/stop:
     post:
       operationId: StopEntityEngine
@@ -8323,6 +7568,7 @@ paths:
       summary: Stop an Entity Engine
       tags:
         - Security Entity Analytics API
+      x-beta: true
   /api/entity_store/engines/apply_dataview_indices:
     post:
       operationId: ApplyEntityEngineDataviewIndices
@@ -8335,8 +7581,7 @@ paths:
                 properties:
                   result:
                     items:
-                      $ref: >-
-                        #/components/schemas/Security_Entity_Analytics_API_EngineDataviewUpdateResult
+                      $ref: '#/components/schemas/Security_Entity_Analytics_API_EngineDataviewUpdateResult'
                     type: array
                   success:
                     type: boolean
@@ -8353,8 +7598,7 @@ paths:
                     type: array
                   result:
                     items:
-                      $ref: >-
-                        #/components/schemas/Security_Entity_Analytics_API_EngineDataviewUpdateResult
+                      $ref: '#/components/schemas/Security_Entity_Analytics_API_EngineDataviewUpdateResult'
                     type: array
                   success:
                     type: boolean
@@ -8373,6 +7617,7 @@ paths:
       summary: Apply DataView indices to all installed engines
       tags:
         - Security Entity Analytics API
+      x-beta: true
   /api/entity_store/entities/list:
     get:
       description: List entities records, paging, sorting and filtering as needed.
@@ -8425,8 +7670,7 @@ paths:
                 type: object
                 properties:
                   inspect:
-                    $ref: >-
-                      #/components/schemas/Security_Entity_Analytics_API_InspectQuery
+                    $ref: '#/components/schemas/Security_Entity_Analytics_API_InspectQuery'
                   page:
                     minimum: 1
                     type: integer
@@ -8436,8 +7680,7 @@ paths:
                     type: integer
                   records:
                     items:
-                      $ref: >-
-                        #/components/schemas/Security_Entity_Analytics_API_Entity
+                      $ref: '#/components/schemas/Security_Entity_Analytics_API_Entity'
                     type: array
                   total:
                     minimum: 0
@@ -8451,6 +7694,7 @@ paths:
       summary: List Entity Store Entities
       tags:
         - Security Entity Analytics API
+      x-beta: true
   /api/exception_lists:
     delete:
       description: Delete an exception list using the `id` or `list_id` field.
@@ -8472,8 +7716,7 @@ paths:
           name: namespace_type
           required: false
           schema:
-            $ref: >-
-              #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType
+            $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType'
             default: single
       responses:
         '200':
@@ -8487,24 +7730,20 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
-                  - $ref: >-
-                      #/components/schemas/Security_Exceptions_API_SiemErrorResponse
+                  - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
+                  - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse'
           description: Invalid input data response
         '401':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
           description: Unsuccessful authentication response
         '403':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
           description: Not enough privileges response
         '404':
           content:
@@ -8521,6 +7760,7 @@ paths:
       summary: Delete an exception list
       tags:
         - Security Exceptions API
+      x-beta: true
     get:
       description: Get the details of an exception list using the `id` or `list_id` field.
       operationId: ReadExceptionList
@@ -8541,8 +7781,7 @@ paths:
           name: namespace_type
           required: false
           schema:
-            $ref: >-
-              #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType
+            $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType'
             default: single
       responses:
         '200':
@@ -8556,24 +7795,20 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
-                  - $ref: >-
-                      #/components/schemas/Security_Exceptions_API_SiemErrorResponse
+                  - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
+                  - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse'
           description: Invalid input data response
         '401':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
           description: Unsuccessful authentication response
         '403':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
           description: Not enough privileges response
         '404':
           content:
@@ -8590,20 +7825,12 @@ paths:
       summary: Get exception list details
       tags:
         - Security Exceptions API
+      x-beta: true
     post:
-      description: >
-        An exception list groups exception items and can be associated with
-        detection rules. You can assign detection rules with multiple exception
-        lists.
-
+      description: |
+        An exception list groups exception items and can be associated with detection rules. You can assign detection rules with multiple exception lists.
         > info
-
-        > All exception items added to the same list are evaluated using `OR`
-        logic. That is, if any of the items in a list evaluate to `true`, the
-        exception prevents the rule from generating an alert. Likewise, `OR`
-        logic is used for evaluating exceptions when more than one exception
-        list is assigned to a rule. To use the `AND` operator, you can define
-        multiple clauses (`entries`) in a single exception item.
+        > All exception items added to the same list are evaluated using `OR` logic. That is, if any of the items in a list evaluate to `true`, the exception prevents the rule from generating an alert. Likewise, `OR` logic is used for evaluating exceptions when more than one exception list is assigned to a rule. To use the `AND` operator, you can define multiple clauses (`entries`) in a single exception item.
       operationId: CreateExceptionList
       requestBody:
         content:
@@ -8612,34 +7839,25 @@ paths:
               type: object
               properties:
                 description:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_ExceptionListDescription
+                  $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListDescription'
                 list_id:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_ExceptionListHumanId
+                  $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId'
                 meta:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_ExceptionListMeta
+                  $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListMeta'
                 name:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_ExceptionListName
+                  $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListName'
                 namespace_type:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType
+                  $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType'
                   default: single
                 os_types:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_ExceptionListOsTypeArray
+                  $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListOsTypeArray'
                 tags:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_ExceptionListTags
+                  $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListTags'
                   default: []
                 type:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_ExceptionListType
+                  $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListType'
                 version:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_ExceptionListVersion
+                  $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListVersion'
                   default: 1
               required:
                 - name
@@ -8659,24 +7877,20 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
-                  - $ref: >-
-                      #/components/schemas/Security_Exceptions_API_SiemErrorResponse
+                  - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
+                  - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse'
           description: Invalid input data response
         '401':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
           description: Unsuccessful authentication response
         '403':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
           description: Not enough privileges response
         '409':
           content:
@@ -8693,6 +7907,7 @@ paths:
       summary: Create an exception list
       tags:
         - Security Exceptions API
+      x-beta: true
     put:
       description: Update an exception list using the `id` or `list_id` field.
       operationId: UpdateExceptionList
@@ -8705,36 +7920,27 @@ paths:
                 _version:
                   type: string
                 description:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_ExceptionListDescription
+                  $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListDescription'
                 id:
                   $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId'
                 list_id:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_ExceptionListHumanId
+                  $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId'
                 meta:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_ExceptionListMeta
+                  $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListMeta'
                 name:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_ExceptionListName
+                  $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListName'
                 namespace_type:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType
+                  $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType'
                   default: single
                 os_types:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_ExceptionListOsTypeArray
+                  $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListOsTypeArray'
                   default: []
                 tags:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_ExceptionListTags
+                  $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListTags'
                 type:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_ExceptionListType
+                  $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListType'
                 version:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_ExceptionListVersion
+                  $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListVersion'
               required:
                 - name
                 - description
@@ -8753,24 +7959,20 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
-                  - $ref: >-
-                      #/components/schemas/Security_Exceptions_API_SiemErrorResponse
+                  - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
+                  - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse'
           description: Invalid input data response
         '401':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
           description: Unsuccessful authentication response
         '403':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
           description: Not enough privileges response
         '404':
           content:
@@ -8787,6 +7989,7 @@ paths:
       summary: Update an exception list
       tags:
         - Security Exceptions API
+      x-beta: true
   /api/exception_lists/_duplicate:
     post:
       description: Duplicate an existing exception list.
@@ -8802,11 +8005,8 @@ paths:
           name: namespace_type
           required: true
           schema:
-            $ref: >-
-              #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType
-        - description: >-
-            Determines whether to include expired exceptions in the exported
-            list
+            $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType'
+        - description: Determines whether to include expired exceptions in the exported list
           in: query
           name: include_expired_exceptions
           required: true
@@ -8828,24 +8028,20 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
-                  - $ref: >-
-                      #/components/schemas/Security_Exceptions_API_SiemErrorResponse
+                  - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
+                  - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse'
           description: Invalid input data response
         '401':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
           description: Unsuccessful authentication response
         '403':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
           description: Not enough privileges response
         '405':
           content:
@@ -8862,6 +8058,7 @@ paths:
       summary: Duplicate an exception list
       tags:
         - Security Exceptions API
+      x-beta: true
   /api/exception_lists/_export:
     post:
       description: Export an exception list and its associated items to an NDJSON file.
@@ -8883,11 +8080,8 @@ paths:
           name: namespace_type
           required: true
           schema:
-            $ref: >-
-              #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType
-        - description: >-
-            Determines whether to include expired exceptions in the exported
-            list
+            $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType'
+        - description: Determines whether to include expired exceptions in the exported list
           in: query
           name: include_expired_exceptions
           required: true
@@ -8902,9 +8096,7 @@ paths:
           content:
             application/ndjson; Elastic-Api-Version=2023-10-31:
               schema:
-                description: >-
-                  A `.ndjson` file containing specified exception list and its
-                  items
+                description: A `.ndjson` file containing specified exception list and its items
                 format: binary
                 type: string
           description: Successful response
@@ -8913,24 +8105,20 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
-                  - $ref: >-
-                      #/components/schemas/Security_Exceptions_API_SiemErrorResponse
+                  - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
+                  - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse'
           description: Invalid input data response
         '401':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
           description: Unsuccessful authentication response
         '403':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
           description: Not enough privileges response
         '404':
           content:
@@ -8947,34 +8135,26 @@ paths:
       summary: Export an exception list
       tags:
         - Security Exceptions API
+      x-beta: true
   /api/exception_lists/_find:
     get:
       description: Get a list of all exception lists.
       operationId: FindExceptionLists
       parameters:
-        - description: >
-            Filters the returned results according to the value of the specified
-            field.
-
-
-            Uses the `so type.field name:field` value syntax, where `so type`
-            can be:
+        - description: |
+            Filters the returned results according to the value of the specified field.
 
+            Uses the `so type.field name:field` value syntax, where `so type` can be:
 
             - `exception-list`: Specify a space-aware exception list.
-
-            - `exception-list-agnostic`: Specify an exception list that is
-            shared across spaces.
+            - `exception-list-agnostic`: Specify an exception list that is shared across spaces.
           in: query
           name: filter
           required: false
           schema:
-            $ref: >-
-              #/components/schemas/Security_Exceptions_API_FindExceptionListsFilter
-        - description: >
-            Determines whether the returned containers are Kibana associated
-            with a Kibana space
-
+            $ref: '#/components/schemas/Security_Exceptions_API_FindExceptionListsFilter'
+        - description: |
+            Determines whether the returned containers are Kibana associated with a Kibana space
             or available in all spaces (`agnostic` or `single`)
           in: query
           name: namespace_type
@@ -8983,8 +8163,7 @@ paths:
             default:
               - single
             items:
-              $ref: >-
-                #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType
+              $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType'
             type: array
         - description: The page number to return
           in: query
@@ -9024,8 +8203,7 @@ paths:
                 properties:
                   data:
                     items:
-                      $ref: >-
-                        #/components/schemas/Security_Exceptions_API_ExceptionList
+                      $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList'
                     type: array
                   page:
                     minimum: 1
@@ -9047,24 +8225,20 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
-                  - $ref: >-
-                      #/components/schemas/Security_Exceptions_API_SiemErrorResponse
+                  - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
+                  - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse'
           description: Invalid input data response
         '401':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
           description: Unsuccessful authentication response
         '403':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
           description: Not enough privileges response
         '500':
           content:
@@ -9075,17 +8249,15 @@ paths:
       summary: Get exception lists
       tags:
         - Security Exceptions API
+      x-beta: true
   /api/exception_lists/_import:
     post:
       description: Import an exception list and its associated items from an NDJSON file.
       operationId: ImportExceptionList
       parameters:
-        - description: >
-            Determines whether existing exception lists with the same `list_id`
-            are overwritten.
-
-            If any exception items have the same `item_id`, those are also
-            overwritten.
+        - description: |
+            Determines whether existing exception lists with the same `list_id` are overwritten.
+            If any exception items have the same `item_id`, those are also overwritten.
           in: query
           name: overwrite
           required: false
@@ -9104,13 +8276,9 @@ paths:
           schema:
             default: false
             type: boolean
-        - description: >
-            Determines whether the list being imported will have a new `list_id`
-            generated.
-
-            Additional `item_id`'s are generated for each exception item. Both
-            the exception
-
+        - description: |
+            Determines whether the list being imported will have a new `list_id` generated.
+            Additional `item_id`'s are generated for each exception item. Both the exception
             list and its items are overwritten.
           in: query
           name: as_new_list
@@ -9137,8 +8305,7 @@ paths:
                 type: object
                 properties:
                   errors:
-                    $ref: >-
-                      #/components/schemas/Security_Exceptions_API_ExceptionListsImportBulkErrorArray
+                    $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListsImportBulkErrorArray'
                   success:
                     type: boolean
                   success_count:
@@ -9168,24 +8335,20 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
-                  - $ref: >-
-                      #/components/schemas/Security_Exceptions_API_SiemErrorResponse
+                  - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
+                  - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse'
           description: Invalid input data response
         '401':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
           description: Unsuccessful authentication response
         '403':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
           description: Not enough privileges response
         '500':
           content:
@@ -9196,6 +8359,7 @@ paths:
       summary: Import an exception list
       tags:
         - Security Exceptions API
+      x-beta: true
   /api/exception_lists/items:
     delete:
       description: Delete an exception list item using the `id` or `item_id` field.
@@ -9212,14 +8376,12 @@ paths:
           name: item_id
           required: false
           schema:
-            $ref: >-
-              #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId
+            $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId'
         - in: query
           name: namespace_type
           required: false
           schema:
-            $ref: >-
-              #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType
+            $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType'
             default: single
       responses:
         '200':
@@ -9233,24 +8395,20 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
-                  - $ref: >-
-                      #/components/schemas/Security_Exceptions_API_SiemErrorResponse
+                  - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
+                  - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse'
           description: Invalid input data response
         '401':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
           description: Unsuccessful authentication response
         '403':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
           description: Not enough privileges response
         '404':
           content:
@@ -9267,10 +8425,9 @@ paths:
       summary: Delete an exception list item
       tags:
         - Security Exceptions API
+      x-beta: true
     get:
-      description: >-
-        Get the details of an exception list item using the `id` or `item_id`
-        field.
+      description: Get the details of an exception list item using the `id` or `item_id` field.
       operationId: ReadExceptionListItem
       parameters:
         - description: Either `id` or `item_id` must be specified
@@ -9284,14 +8441,12 @@ paths:
           name: item_id
           required: false
           schema:
-            $ref: >-
-              #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId
+            $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId'
         - in: query
           name: namespace_type
           required: false
           schema:
-            $ref: >-
-              #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType
+            $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType'
             default: single
       responses:
         '200':
@@ -9305,24 +8460,20 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
-                  - $ref: >-
-                      #/components/schemas/Security_Exceptions_API_SiemErrorResponse
+                  - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
+                  - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse'
           description: Invalid input data response
         '401':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
           description: Unsuccessful authentication response
         '403':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
           description: Not enough privileges response
         '404':
           content:
@@ -9339,13 +8490,11 @@ paths:
       summary: Get an exception list item
       tags:
         - Security Exceptions API
+      x-beta: true
     post:
-      description: >
-        Create an exception item and associate it with the specified exception
-        list.
-
+      description: |
+        Create an exception item and associate it with the specified exception list.
         > info
-
         > Before creating exception items, you must create an exception list.
       operationId: CreateExceptionListItem
       requestBody:
@@ -9355,45 +8504,34 @@ paths:
               type: object
               properties:
                 comments:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_CreateExceptionListItemCommentArray
+                  $ref: '#/components/schemas/Security_Exceptions_API_CreateExceptionListItemCommentArray'
                   default: []
                 description:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_ExceptionListItemDescription
+                  $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemDescription'
                 entries:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray
+                  $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray'
                 expire_time:
                   format: date-time
                   type: string
                 item_id:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId
+                  $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId'
                 list_id:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_ExceptionListHumanId
+                  $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId'
                 meta:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_ExceptionListItemMeta
+                  $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemMeta'
                 name:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_ExceptionListItemName
+                  $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemName'
                 namespace_type:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType
+                  $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType'
                   default: single
                 os_types:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_ExceptionListItemOsTypeArray
+                  $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemOsTypeArray'
                   default: []
                 tags:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_ExceptionListItemTags
+                  $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemTags'
                   default: []
                 type:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_ExceptionListItemType
+                  $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemType'
               required:
                 - list_id
                 - type
@@ -9414,24 +8552,20 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
-                  - $ref: >-
-                      #/components/schemas/Security_Exceptions_API_SiemErrorResponse
+                  - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
+                  - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse'
           description: Invalid input data response
         '401':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
           description: Unsuccessful authentication response
         '403':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
           description: Not enough privileges response
         '409':
           content:
@@ -9448,6 +8582,7 @@ paths:
       summary: Create an exception list item
       tags:
         - Security Exceptions API
+      x-beta: true
     put:
       description: Update an exception list item using the `id` or `item_id` field.
       operationId: UpdateExceptionListItem
@@ -9460,49 +8595,37 @@ paths:
                 _version:
                   type: string
                 comments:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_UpdateExceptionListItemCommentArray
+                  $ref: '#/components/schemas/Security_Exceptions_API_UpdateExceptionListItemCommentArray'
                   default: []
                 description:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_ExceptionListItemDescription
+                  $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemDescription'
                 entries:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray
+                  $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray'
                 expire_time:
                   format: date-time
                   type: string
                 id:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_ExceptionListItemId
+                  $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemId'
                   description: Either `id` or `item_id` must be specified
                 item_id:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId
+                  $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId'
                   description: Either `id` or `item_id` must be specified
                 list_id:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_ExceptionListHumanId
+                  $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId'
                 meta:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_ExceptionListItemMeta
+                  $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemMeta'
                 name:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_ExceptionListItemName
+                  $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemName'
                 namespace_type:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType
+                  $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType'
                   default: single
                 os_types:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_ExceptionListItemOsTypeArray
+                  $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemOsTypeArray'
                   default: []
                 tags:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_ExceptionListItemTags
+                  $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemTags'
                 type:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_ExceptionListItemType
+                  $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemType'
               required:
                 - type
                 - name
@@ -9522,24 +8645,20 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
-                  - $ref: >-
-                      #/components/schemas/Security_Exceptions_API_SiemErrorResponse
+                  - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
+                  - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse'
           description: Invalid input data response
         '401':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
           description: Unsuccessful authentication response
         '403':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
           description: Not enough privileges response
         '404':
           content:
@@ -9556,6 +8675,7 @@ paths:
       summary: Update an exception list item
       tags:
         - Security Exceptions API
+      x-beta: true
   /api/exception_lists/items/_find:
     get:
       description: Get a list of all exception list items in the specified list.
@@ -9567,13 +8687,10 @@ paths:
           required: true
           schema:
             items:
-              $ref: >-
-                #/components/schemas/Security_Exceptions_API_ExceptionListHumanId
+              $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId'
             type: array
-        - description: >
-            Filters the returned results according to the value of the specified
-            field,
-
+        - description: |
+            Filters the returned results according to the value of the specified field,
             using the `<field name>:<field value>` syntax.
           in: query
           name: filter
@@ -9581,13 +8698,10 @@ paths:
           schema:
             default: []
             items:
-              $ref: >-
-                #/components/schemas/Security_Exceptions_API_FindExceptionListItemsFilter
+              $ref: '#/components/schemas/Security_Exceptions_API_FindExceptionListItemsFilter'
             type: array
-        - description: >
-            Determines whether the returned containers are Kibana associated
-            with a Kibana space
-
+        - description: |
+            Determines whether the returned containers are Kibana associated with a Kibana space
             or available in all spaces (`agnostic` or `single`)
           in: query
           name: namespace_type
@@ -9596,8 +8710,7 @@ paths:
             default:
               - single
             items:
-              $ref: >-
-                #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType
+              $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType'
             type: array
         - in: query
           name: search
@@ -9642,8 +8755,7 @@ paths:
                 properties:
                   data:
                     items:
-                      $ref: >-
-                        #/components/schemas/Security_Exceptions_API_ExceptionListItem
+                      $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem'
                     type: array
                   page:
                     minimum: 1
@@ -9667,24 +8779,20 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
-                  - $ref: >-
-                      #/components/schemas/Security_Exceptions_API_SiemErrorResponse
+                  - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
+                  - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse'
           description: Invalid input data response
         '401':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
           description: Unsuccessful authentication response
         '403':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
           description: Not enough privileges response
         '404':
           content:
@@ -9701,6 +8809,7 @@ paths:
       summary: Get exception list items
       tags:
         - Security Exceptions API
+      x-beta: true
   /api/exception_lists/summary:
     get:
       description: Get a summary of the specified exception list.
@@ -9722,8 +8831,7 @@ paths:
           name: namespace_type
           required: false
           schema:
-            $ref: >-
-              #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType
+            $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType'
             default: single
         - description: Search filter clause
           in: query
@@ -9756,24 +8864,20 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
-                  - $ref: >-
-                      #/components/schemas/Security_Exceptions_API_SiemErrorResponse
+                  - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
+                  - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse'
           description: Invalid input data response
         '401':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
           description: Unsuccessful authentication response
         '403':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
           description: Not enough privileges response
         '404':
           content:
@@ -9790,21 +8894,13 @@ paths:
       summary: Get an exception list summary
       tags:
         - Security Exceptions API
+      x-beta: true
   /api/exceptions/shared:
     post:
-      description: >
-        An exception list groups exception items and can be associated with
-        detection rules. A shared exception list can apply to multiple detection
-        rules.
-
+      description: |
+        An exception list groups exception items and can be associated with detection rules. A shared exception list can apply to multiple detection rules.
         > info
-
-        > All exception items added to the same list are evaluated using `OR`
-        logic. That is, if any of the items in a list evaluate to `true`, the
-        exception prevents the rule from generating an alert. Likewise, `OR`
-        logic is used for evaluating exceptions when more than one exception
-        list is assigned to a rule. To use the `AND` operator, you can define
-        multiple clauses (`entries`) in a single exception item.
+        > All exception items added to the same list are evaluated using `OR` logic. That is, if any of the items in a list evaluate to `true`, the exception prevents the rule from generating an alert. Likewise, `OR` logic is used for evaluating exceptions when more than one exception list is assigned to a rule. To use the `AND` operator, you can define multiple clauses (`entries`) in a single exception item.
       operationId: CreateSharedExceptionList
       requestBody:
         content:
@@ -9813,11 +8909,9 @@ paths:
               type: object
               properties:
                 description:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_ExceptionListDescription
+                  $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListDescription'
                 name:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_ExceptionListName
+                  $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListName'
               required:
                 - name
                 - description
@@ -9834,24 +8928,20 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
-                  - $ref: >-
-                      #/components/schemas/Security_Exceptions_API_SiemErrorResponse
+                  - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
+                  - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse'
           description: Invalid input data response
         '401':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
           description: Unsuccessful authentication response
         '403':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
           description: Not enough privileges response
         '409':
           content:
@@ -9868,6 +8958,7 @@ paths:
       summary: Create a shared exception list
       tags:
         - Security Exceptions API
+      x-beta: true
   /api/fleet/agent_download_sources:
     get:
       operationId: get-fleet-agent-download-sources
@@ -9904,9 +8995,7 @@ paths:
                         name:
                           type: string
                         proxy_id:
-                          description: >-
-                            The ID of the proxy to use for this download source.
-                            See the proxies API for more information.
+                          description: The ID of the proxy to use for this download source. See the proxies API for more information.
                           nullable: true
                           type: string
                       required:
@@ -9944,6 +9033,7 @@ paths:
       summary: Get agent binary download sources
       tags:
         - Elastic Agent binary download sources
+      x-beta: true
     post:
       operationId: post-fleet-agent-download-sources
       parameters:
@@ -9980,9 +9070,7 @@ paths:
                 name:
                   type: string
                 proxy_id:
-                  description: >-
-                    The ID of the proxy to use for this download source. See the
-                    proxies API for more information.
+                  description: The ID of the proxy to use for this download source. See the proxies API for more information.
                   nullable: true
                   type: string
               required:
@@ -10011,9 +9099,7 @@ paths:
                       name:
                         type: string
                       proxy_id:
-                        description: >-
-                          The ID of the proxy to use for this download source.
-                          See the proxies API for more information.
+                        description: The ID of the proxy to use for this download source. See the proxies API for more information.
                         nullable: true
                         type: string
                     required:
@@ -10041,6 +9127,7 @@ paths:
       summary: Create an agent binary download source
       tags:
         - Elastic Agent binary download sources
+      x-beta: true
   /api/fleet/agent_download_sources/{sourceId}:
     delete:
       description: Delete an agent binary download source by ID.
@@ -10097,6 +9184,7 @@ paths:
       summary: Delete an agent binary download source
       tags:
         - Elastic Agent binary download sources
+      x-beta: true
     get:
       description: Get an agent binary download source by ID.
       operationId: get-fleet-agent-download-sources-sourceid
@@ -10137,9 +9225,7 @@ paths:
                       name:
                         type: string
                       proxy_id:
-                        description: >-
-                          The ID of the proxy to use for this download source.
-                          See the proxies API for more information.
+                        description: The ID of the proxy to use for this download source. See the proxies API for more information.
                         nullable: true
                         type: string
                     required:
@@ -10167,6 +9253,7 @@ paths:
       summary: Get an agent binary download source
       tags:
         - Elastic Agent binary download sources
+      x-beta: true
     put:
       description: Update an agent binary download source by ID.
       operationId: put-fleet-agent-download-sources-sourceid
@@ -10209,9 +9296,7 @@ paths:
                 name:
                   type: string
                 proxy_id:
-                  description: >-
-                    The ID of the proxy to use for this download source. See the
-                    proxies API for more information.
+                  description: The ID of the proxy to use for this download source. See the proxies API for more information.
                   nullable: true
                   type: string
               required:
@@ -10240,9 +9325,7 @@ paths:
                       name:
                         type: string
                       proxy_id:
-                        description: >-
-                          The ID of the proxy to use for this download source.
-                          See the proxies API for more information.
+                        description: The ID of the proxy to use for this download source. See the proxies API for more information.
                         nullable: true
                         type: string
                     required:
@@ -10270,6 +9353,7 @@ paths:
       summary: Update an agent binary download source
       tags:
         - Elastic Agent binary download sources
+      x-beta: true
   /api/fleet/agent_policies:
     get:
       operationId: get-fleet-agent-policies
@@ -10399,9 +9483,7 @@ paths:
                           nullable: true
                           type: string
                         global_data_tags:
-                          description: >-
-                            User defined data tags that are added to all of the
-                            inputs. The values can be strings or numbers.
+                          description: User defined data tags that are added to all of the inputs. The values can be strings or numbers.
                           items:
                             additionalProperties: false
                             type: object
@@ -10433,15 +9515,11 @@ paths:
                         is_preconfigured:
                           type: boolean
                         is_protected:
-                          description: >-
-                            Indicates whether the agent policy has tamper
-                            protection enabled. Default false.
+                          description: Indicates whether the agent policy has tamper protection enabled. Default false.
                           type: boolean
                         keep_monitoring_alive:
                           default: false
-                          description: >-
-                            When set to true, monitoring will be enabled but
-                            logs/metrics collection will be disabled
+                          description: When set to true, monitoring will be enabled but logs/metrics collection will be disabled
                           nullable: true
                           type: boolean
                         monitoring_diagnostics:
@@ -10508,11 +9586,7 @@ paths:
                           type: string
                         overrides:
                           additionalProperties: {}
-                          description: >-
-                            Override settings that are defined in the agent
-                            policy. Input settings cannot be overridden. The
-                            override option should be used only in unusual
-                            circumstances and not as a routine procedure.
+                          description: Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure.
                           nullable: true
                           type: object
                         package_policies:
@@ -10520,10 +9594,7 @@ paths:
                             - items:
                                 type: string
                               type: array
-                            - description: >-
-                                This field is present only when retrieving a
-                                single agent policy, or when retrieving a list
-                                of agent policies with the ?full=true parameter
+                            - description: This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter
                               items:
                                 additionalProperties: false
                                 type: object
@@ -10569,9 +9640,7 @@ paths:
                                               value: {}
                                             required:
                                               - value
-                                          description: >-
-                                            Package variable (see integration
-                                            documentation for more information)
+                                          description: Package variable (see integration documentation for more information)
                                           type: object
                                         enabled:
                                           type: boolean
@@ -10599,9 +9668,7 @@ paths:
                                                     value: {}
                                                   required:
                                                     - value
-                                                description: >-
-                                                  Package variable (see integration
-                                                  documentation for more information)
+                                                description: Package variable (see integration documentation for more information)
                                                 type: object
                                               data_stream:
                                                 additionalProperties: false
@@ -10654,9 +9721,7 @@ paths:
                                                     value: {}
                                                   required:
                                                     - value
-                                                description: >-
-                                                  Package variable (see integration
-                                                  documentation for more information)
+                                                description: Package variable (see integration documentation for more information)
                                                 type: object
                                             required:
                                               - enabled
@@ -10677,9 +9742,7 @@ paths:
                                               value: {}
                                             required:
                                               - value
-                                          description: >-
-                                            Package variable (see integration
-                                            documentation for more information)
+                                          description: Package variable (see integration documentation for more information)
                                           type: object
                                       required:
                                         - type
@@ -10693,20 +9756,14 @@ paths:
                                     description: Package policy name (should be unique)
                                     type: string
                                   namespace:
-                                    description: >-
-                                      The package policy namespace. Leave blank
-                                      to inherit the agent policy's namespace.
+                                    description: The package policy namespace. Leave blank to inherit the agent policy's namespace.
                                     type: string
                                   output_id:
                                     nullable: true
                                     type: string
                                   overrides:
                                     additionalProperties: false
-                                    description: >-
-                                      Override settings that are defined in the
-                                      package policy. The override option should
-                                      be used only in unusual circumstances and
-                                      not as a routine procedure.
+                                    description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.
                                     nullable: true
                                     type: object
                                     properties:
@@ -10755,16 +9812,12 @@ paths:
                                       - version
                                   policy_id:
                                     deprecated: true
-                                    description: >-
-                                      Agent policy ID where that package policy
-                                      will be added
+                                    description: Agent policy ID where that package policy will be added
                                     nullable: true
                                     type: string
                                   policy_ids:
                                     items:
-                                      description: >-
-                                        Agent policy IDs where that package
-                                        policy will be added
+                                      description: Agent policy IDs where that package policy will be added
                                       type: string
                                     type: array
                                   revision:
@@ -10795,9 +9848,7 @@ paths:
                                         value: {}
                                       required:
                                         - value
-                                    description: >-
-                                      Package variable (see integration
-                                      documentation for more information)
+                                    description: Package variable (see integration documentation for more information)
                                     type: object
                                   version:
                                     type: string
@@ -10827,9 +9878,7 @@ paths:
                           type: string
                         supports_agentless:
                           default: false
-                          description: >-
-                            Indicates whether the agent policy supports
-                            agentless integrations.
+                          description: Indicates whether the agent policy supports agentless integrations.
                           nullable: true
                           type: boolean
                         unenroll_timeout:
@@ -10884,6 +9933,7 @@ paths:
       summary: Get agent policies
       tags:
         - Elastic Agent policies
+      x-beta: true
     post:
       operationId: post-fleet-agent-policies
       parameters:
@@ -10958,9 +10008,7 @@ paths:
                 force:
                   type: boolean
                 global_data_tags:
-                  description: >-
-                    User defined data tags that are added to all of the inputs.
-                    The values can be strings or numbers.
+                  description: User defined data tags that are added to all of the inputs. The values can be strings or numbers.
                   items:
                     additionalProperties: false
                     type: object
@@ -10993,9 +10041,7 @@ paths:
                   type: boolean
                 keep_monitoring_alive:
                   default: false
-                  description: >-
-                    When set to true, monitoring will be enabled but
-                    logs/metrics collection will be disabled
+                  description: When set to true, monitoring will be enabled but logs/metrics collection will be disabled
                   nullable: true
                   type: boolean
                 monitoring_diagnostics:
@@ -11062,11 +10108,7 @@ paths:
                   type: string
                 overrides:
                   additionalProperties: {}
-                  description: >-
-                    Override settings that are defined in the agent policy.
-                    Input settings cannot be overridden. The override option
-                    should be used only in unusual circumstances and not as a
-                    routine procedure.
+                  description: Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure.
                   nullable: true
                   type: object
                 space_ids:
@@ -11075,9 +10117,7 @@ paths:
                   type: array
                 supports_agentless:
                   default: false
-                  description: >-
-                    Indicates whether the agent policy supports agentless
-                    integrations.
+                  description: Indicates whether the agent policy supports agentless integrations.
                   nullable: true
                   type: boolean
                 unenroll_timeout:
@@ -11142,9 +10182,7 @@ paths:
                         nullable: true
                         type: string
                       global_data_tags:
-                        description: >-
-                          User defined data tags that are added to all of the
-                          inputs. The values can be strings or numbers.
+                        description: User defined data tags that are added to all of the inputs. The values can be strings or numbers.
                         items:
                           additionalProperties: false
                           type: object
@@ -11176,15 +10214,11 @@ paths:
                       is_preconfigured:
                         type: boolean
                       is_protected:
-                        description: >-
-                          Indicates whether the agent policy has tamper
-                          protection enabled. Default false.
+                        description: Indicates whether the agent policy has tamper protection enabled. Default false.
                         type: boolean
                       keep_monitoring_alive:
                         default: false
-                        description: >-
-                          When set to true, monitoring will be enabled but
-                          logs/metrics collection will be disabled
+                        description: When set to true, monitoring will be enabled but logs/metrics collection will be disabled
                         nullable: true
                         type: boolean
                       monitoring_diagnostics:
@@ -11251,11 +10285,7 @@ paths:
                         type: string
                       overrides:
                         additionalProperties: {}
-                        description: >-
-                          Override settings that are defined in the agent
-                          policy. Input settings cannot be overridden. The
-                          override option should be used only in unusual
-                          circumstances and not as a routine procedure.
+                        description: Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure.
                         nullable: true
                         type: object
                       package_policies:
@@ -11263,10 +10293,7 @@ paths:
                           - items:
                               type: string
                             type: array
-                          - description: >-
-                              This field is present only when retrieving a
-                              single agent policy, or when retrieving a list of
-                              agent policies with the ?full=true parameter
+                          - description: This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter
                             items:
                               additionalProperties: false
                               type: object
@@ -11312,9 +10339,7 @@ paths:
                                             value: {}
                                           required:
                                             - value
-                                        description: >-
-                                          Package variable (see integration
-                                          documentation for more information)
+                                        description: Package variable (see integration documentation for more information)
                                         type: object
                                       enabled:
                                         type: boolean
@@ -11342,9 +10367,7 @@ paths:
                                                   value: {}
                                                 required:
                                                   - value
-                                              description: >-
-                                                Package variable (see integration
-                                                documentation for more information)
+                                              description: Package variable (see integration documentation for more information)
                                               type: object
                                             data_stream:
                                               additionalProperties: false
@@ -11397,9 +10420,7 @@ paths:
                                                   value: {}
                                                 required:
                                                   - value
-                                              description: >-
-                                                Package variable (see integration
-                                                documentation for more information)
+                                              description: Package variable (see integration documentation for more information)
                                               type: object
                                           required:
                                             - enabled
@@ -11420,9 +10441,7 @@ paths:
                                             value: {}
                                           required:
                                             - value
-                                        description: >-
-                                          Package variable (see integration
-                                          documentation for more information)
+                                        description: Package variable (see integration documentation for more information)
                                         type: object
                                     required:
                                       - type
@@ -11436,20 +10455,14 @@ paths:
                                   description: Package policy name (should be unique)
                                   type: string
                                 namespace:
-                                  description: >-
-                                    The package policy namespace. Leave blank to
-                                    inherit the agent policy's namespace.
+                                  description: The package policy namespace. Leave blank to inherit the agent policy's namespace.
                                   type: string
                                 output_id:
                                   nullable: true
                                   type: string
                                 overrides:
                                   additionalProperties: false
-                                  description: >-
-                                    Override settings that are defined in the
-                                    package policy. The override option should
-                                    be used only in unusual circumstances and
-                                    not as a routine procedure.
+                                  description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.
                                   nullable: true
                                   type: object
                                   properties:
@@ -11498,16 +10511,12 @@ paths:
                                     - version
                                 policy_id:
                                   deprecated: true
-                                  description: >-
-                                    Agent policy ID where that package policy
-                                    will be added
+                                  description: Agent policy ID where that package policy will be added
                                   nullable: true
                                   type: string
                                 policy_ids:
                                   items:
-                                    description: >-
-                                      Agent policy IDs where that package policy
-                                      will be added
+                                    description: Agent policy IDs where that package policy will be added
                                     type: string
                                   type: array
                                 revision:
@@ -11538,9 +10547,7 @@ paths:
                                       value: {}
                                     required:
                                       - value
-                                  description: >-
-                                    Package variable (see integration
-                                    documentation for more information)
+                                  description: Package variable (see integration documentation for more information)
                                   type: object
                                 version:
                                   type: string
@@ -11570,9 +10577,7 @@ paths:
                         type: string
                       supports_agentless:
                         default: false
-                        description: >-
-                          Indicates whether the agent policy supports agentless
-                          integrations.
+                        description: Indicates whether the agent policy supports agentless integrations.
                         nullable: true
                         type: boolean
                       unenroll_timeout:
@@ -11617,6 +10622,7 @@ paths:
       summary: Create an agent policy
       tags:
         - Elastic Agent policies
+      x-beta: true
   /api/fleet/agent_policies/_bulk_get:
     post:
       operationId: post-fleet-agent-policies-bulk-get
@@ -11720,9 +10726,7 @@ paths:
                           nullable: true
                           type: string
                         global_data_tags:
-                          description: >-
-                            User defined data tags that are added to all of the
-                            inputs. The values can be strings or numbers.
+                          description: User defined data tags that are added to all of the inputs. The values can be strings or numbers.
                           items:
                             additionalProperties: false
                             type: object
@@ -11754,15 +10758,11 @@ paths:
                         is_preconfigured:
                           type: boolean
                         is_protected:
-                          description: >-
-                            Indicates whether the agent policy has tamper
-                            protection enabled. Default false.
+                          description: Indicates whether the agent policy has tamper protection enabled. Default false.
                           type: boolean
                         keep_monitoring_alive:
                           default: false
-                          description: >-
-                            When set to true, monitoring will be enabled but
-                            logs/metrics collection will be disabled
+                          description: When set to true, monitoring will be enabled but logs/metrics collection will be disabled
                           nullable: true
                           type: boolean
                         monitoring_diagnostics:
@@ -11829,11 +10829,7 @@ paths:
                           type: string
                         overrides:
                           additionalProperties: {}
-                          description: >-
-                            Override settings that are defined in the agent
-                            policy. Input settings cannot be overridden. The
-                            override option should be used only in unusual
-                            circumstances and not as a routine procedure.
+                          description: Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure.
                           nullable: true
                           type: object
                         package_policies:
@@ -11841,10 +10837,7 @@ paths:
                             - items:
                                 type: string
                               type: array
-                            - description: >-
-                                This field is present only when retrieving a
-                                single agent policy, or when retrieving a list
-                                of agent policies with the ?full=true parameter
+                            - description: This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter
                               items:
                                 additionalProperties: false
                                 type: object
@@ -11890,9 +10883,7 @@ paths:
                                               value: {}
                                             required:
                                               - value
-                                          description: >-
-                                            Package variable (see integration
-                                            documentation for more information)
+                                          description: Package variable (see integration documentation for more information)
                                           type: object
                                         enabled:
                                           type: boolean
@@ -11920,9 +10911,7 @@ paths:
                                                     value: {}
                                                   required:
                                                     - value
-                                                description: >-
-                                                  Package variable (see integration
-                                                  documentation for more information)
+                                                description: Package variable (see integration documentation for more information)
                                                 type: object
                                               data_stream:
                                                 additionalProperties: false
@@ -11975,9 +10964,7 @@ paths:
                                                     value: {}
                                                   required:
                                                     - value
-                                                description: >-
-                                                  Package variable (see integration
-                                                  documentation for more information)
+                                                description: Package variable (see integration documentation for more information)
                                                 type: object
                                             required:
                                               - enabled
@@ -11998,9 +10985,7 @@ paths:
                                               value: {}
                                             required:
                                               - value
-                                          description: >-
-                                            Package variable (see integration
-                                            documentation for more information)
+                                          description: Package variable (see integration documentation for more information)
                                           type: object
                                       required:
                                         - type
@@ -12014,20 +10999,14 @@ paths:
                                     description: Package policy name (should be unique)
                                     type: string
                                   namespace:
-                                    description: >-
-                                      The package policy namespace. Leave blank
-                                      to inherit the agent policy's namespace.
+                                    description: The package policy namespace. Leave blank to inherit the agent policy's namespace.
                                     type: string
                                   output_id:
                                     nullable: true
                                     type: string
                                   overrides:
                                     additionalProperties: false
-                                    description: >-
-                                      Override settings that are defined in the
-                                      package policy. The override option should
-                                      be used only in unusual circumstances and
-                                      not as a routine procedure.
+                                    description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.
                                     nullable: true
                                     type: object
                                     properties:
@@ -12076,16 +11055,12 @@ paths:
                                       - version
                                   policy_id:
                                     deprecated: true
-                                    description: >-
-                                      Agent policy ID where that package policy
-                                      will be added
+                                    description: Agent policy ID where that package policy will be added
                                     nullable: true
                                     type: string
                                   policy_ids:
                                     items:
-                                      description: >-
-                                        Agent policy IDs where that package
-                                        policy will be added
+                                      description: Agent policy IDs where that package policy will be added
                                       type: string
                                     type: array
                                   revision:
@@ -12116,9 +11091,7 @@ paths:
                                         value: {}
                                       required:
                                         - value
-                                    description: >-
-                                      Package variable (see integration
-                                      documentation for more information)
+                                    description: Package variable (see integration documentation for more information)
                                     type: object
                                   version:
                                     type: string
@@ -12148,9 +11121,7 @@ paths:
                           type: string
                         supports_agentless:
                           default: false
-                          description: >-
-                            Indicates whether the agent policy supports
-                            agentless integrations.
+                          description: Indicates whether the agent policy supports agentless integrations.
                           nullable: true
                           type: boolean
                         unenroll_timeout:
@@ -12196,6 +11167,7 @@ paths:
       summary: Bulk get agent policies
       tags:
         - Elastic Agent policies
+      x-beta: true
   /api/fleet/agent_policies/{agentPolicyId}:
     get:
       description: Get an agent policy by ID.
@@ -12278,9 +11250,7 @@ paths:
                         nullable: true
                         type: string
                       global_data_tags:
-                        description: >-
-                          User defined data tags that are added to all of the
-                          inputs. The values can be strings or numbers.
+                        description: User defined data tags that are added to all of the inputs. The values can be strings or numbers.
                         items:
                           additionalProperties: false
                           type: object
@@ -12312,15 +11282,11 @@ paths:
                       is_preconfigured:
                         type: boolean
                       is_protected:
-                        description: >-
-                          Indicates whether the agent policy has tamper
-                          protection enabled. Default false.
+                        description: Indicates whether the agent policy has tamper protection enabled. Default false.
                         type: boolean
                       keep_monitoring_alive:
                         default: false
-                        description: >-
-                          When set to true, monitoring will be enabled but
-                          logs/metrics collection will be disabled
+                        description: When set to true, monitoring will be enabled but logs/metrics collection will be disabled
                         nullable: true
                         type: boolean
                       monitoring_diagnostics:
@@ -12387,11 +11353,7 @@ paths:
                         type: string
                       overrides:
                         additionalProperties: {}
-                        description: >-
-                          Override settings that are defined in the agent
-                          policy. Input settings cannot be overridden. The
-                          override option should be used only in unusual
-                          circumstances and not as a routine procedure.
+                        description: Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure.
                         nullable: true
                         type: object
                       package_policies:
@@ -12399,10 +11361,7 @@ paths:
                           - items:
                               type: string
                             type: array
-                          - description: >-
-                              This field is present only when retrieving a
-                              single agent policy, or when retrieving a list of
-                              agent policies with the ?full=true parameter
+                          - description: This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter
                             items:
                               additionalProperties: false
                               type: object
@@ -12448,9 +11407,7 @@ paths:
                                             value: {}
                                           required:
                                             - value
-                                        description: >-
-                                          Package variable (see integration
-                                          documentation for more information)
+                                        description: Package variable (see integration documentation for more information)
                                         type: object
                                       enabled:
                                         type: boolean
@@ -12478,9 +11435,7 @@ paths:
                                                   value: {}
                                                 required:
                                                   - value
-                                              description: >-
-                                                Package variable (see integration
-                                                documentation for more information)
+                                              description: Package variable (see integration documentation for more information)
                                               type: object
                                             data_stream:
                                               additionalProperties: false
@@ -12533,9 +11488,7 @@ paths:
                                                   value: {}
                                                 required:
                                                   - value
-                                              description: >-
-                                                Package variable (see integration
-                                                documentation for more information)
+                                              description: Package variable (see integration documentation for more information)
                                               type: object
                                           required:
                                             - enabled
@@ -12556,9 +11509,7 @@ paths:
                                             value: {}
                                           required:
                                             - value
-                                        description: >-
-                                          Package variable (see integration
-                                          documentation for more information)
+                                        description: Package variable (see integration documentation for more information)
                                         type: object
                                     required:
                                       - type
@@ -12572,20 +11523,14 @@ paths:
                                   description: Package policy name (should be unique)
                                   type: string
                                 namespace:
-                                  description: >-
-                                    The package policy namespace. Leave blank to
-                                    inherit the agent policy's namespace.
+                                  description: The package policy namespace. Leave blank to inherit the agent policy's namespace.
                                   type: string
                                 output_id:
                                   nullable: true
                                   type: string
                                 overrides:
                                   additionalProperties: false
-                                  description: >-
-                                    Override settings that are defined in the
-                                    package policy. The override option should
-                                    be used only in unusual circumstances and
-                                    not as a routine procedure.
+                                  description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.
                                   nullable: true
                                   type: object
                                   properties:
@@ -12634,16 +11579,12 @@ paths:
                                     - version
                                 policy_id:
                                   deprecated: true
-                                  description: >-
-                                    Agent policy ID where that package policy
-                                    will be added
+                                  description: Agent policy ID where that package policy will be added
                                   nullable: true
                                   type: string
                                 policy_ids:
                                   items:
-                                    description: >-
-                                      Agent policy IDs where that package policy
-                                      will be added
+                                    description: Agent policy IDs where that package policy will be added
                                     type: string
                                   type: array
                                 revision:
@@ -12674,9 +11615,7 @@ paths:
                                       value: {}
                                     required:
                                       - value
-                                  description: >-
-                                    Package variable (see integration
-                                    documentation for more information)
+                                  description: Package variable (see integration documentation for more information)
                                   type: object
                                 version:
                                   type: string
@@ -12706,9 +11645,7 @@ paths:
                         type: string
                       supports_agentless:
                         default: false
-                        description: >-
-                          Indicates whether the agent policy supports agentless
-                          integrations.
+                        description: Indicates whether the agent policy supports agentless integrations.
                         nullable: true
                         type: boolean
                       unenroll_timeout:
@@ -12753,6 +11690,7 @@ paths:
       summary: Get an agent policy
       tags:
         - Elastic Agent policies
+      x-beta: true
     put:
       description: Update an agent policy by ID.
       operationId: put-fleet-agent-policies-agentpolicyid
@@ -12836,9 +11774,7 @@ paths:
                 force:
                   type: boolean
                 global_data_tags:
-                  description: >-
-                    User defined data tags that are added to all of the inputs.
-                    The values can be strings or numbers.
+                  description: User defined data tags that are added to all of the inputs. The values can be strings or numbers.
                   items:
                     additionalProperties: false
                     type: object
@@ -12871,9 +11807,7 @@ paths:
                   type: boolean
                 keep_monitoring_alive:
                   default: false
-                  description: >-
-                    When set to true, monitoring will be enabled but
-                    logs/metrics collection will be disabled
+                  description: When set to true, monitoring will be enabled but logs/metrics collection will be disabled
                   nullable: true
                   type: boolean
                 monitoring_diagnostics:
@@ -12940,11 +11874,7 @@ paths:
                   type: string
                 overrides:
                   additionalProperties: {}
-                  description: >-
-                    Override settings that are defined in the agent policy.
-                    Input settings cannot be overridden. The override option
-                    should be used only in unusual circumstances and not as a
-                    routine procedure.
+                  description: Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure.
                   nullable: true
                   type: object
                 space_ids:
@@ -12953,9 +11883,7 @@ paths:
                   type: array
                 supports_agentless:
                   default: false
-                  description: >-
-                    Indicates whether the agent policy supports agentless
-                    integrations.
+                  description: Indicates whether the agent policy supports agentless integrations.
                   nullable: true
                   type: boolean
                 unenroll_timeout:
@@ -13020,9 +11948,7 @@ paths:
                         nullable: true
                         type: string
                       global_data_tags:
-                        description: >-
-                          User defined data tags that are added to all of the
-                          inputs. The values can be strings or numbers.
+                        description: User defined data tags that are added to all of the inputs. The values can be strings or numbers.
                         items:
                           additionalProperties: false
                           type: object
@@ -13054,15 +11980,11 @@ paths:
                       is_preconfigured:
                         type: boolean
                       is_protected:
-                        description: >-
-                          Indicates whether the agent policy has tamper
-                          protection enabled. Default false.
+                        description: Indicates whether the agent policy has tamper protection enabled. Default false.
                         type: boolean
                       keep_monitoring_alive:
                         default: false
-                        description: >-
-                          When set to true, monitoring will be enabled but
-                          logs/metrics collection will be disabled
+                        description: When set to true, monitoring will be enabled but logs/metrics collection will be disabled
                         nullable: true
                         type: boolean
                       monitoring_diagnostics:
@@ -13129,11 +12051,7 @@ paths:
                         type: string
                       overrides:
                         additionalProperties: {}
-                        description: >-
-                          Override settings that are defined in the agent
-                          policy. Input settings cannot be overridden. The
-                          override option should be used only in unusual
-                          circumstances and not as a routine procedure.
+                        description: Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure.
                         nullable: true
                         type: object
                       package_policies:
@@ -13141,10 +12059,7 @@ paths:
                           - items:
                               type: string
                             type: array
-                          - description: >-
-                              This field is present only when retrieving a
-                              single agent policy, or when retrieving a list of
-                              agent policies with the ?full=true parameter
+                          - description: This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter
                             items:
                               additionalProperties: false
                               type: object
@@ -13190,9 +12105,7 @@ paths:
                                             value: {}
                                           required:
                                             - value
-                                        description: >-
-                                          Package variable (see integration
-                                          documentation for more information)
+                                        description: Package variable (see integration documentation for more information)
                                         type: object
                                       enabled:
                                         type: boolean
@@ -13220,9 +12133,7 @@ paths:
                                                   value: {}
                                                 required:
                                                   - value
-                                              description: >-
-                                                Package variable (see integration
-                                                documentation for more information)
+                                              description: Package variable (see integration documentation for more information)
                                               type: object
                                             data_stream:
                                               additionalProperties: false
@@ -13275,9 +12186,7 @@ paths:
                                                   value: {}
                                                 required:
                                                   - value
-                                              description: >-
-                                                Package variable (see integration
-                                                documentation for more information)
+                                              description: Package variable (see integration documentation for more information)
                                               type: object
                                           required:
                                             - enabled
@@ -13298,9 +12207,7 @@ paths:
                                             value: {}
                                           required:
                                             - value
-                                        description: >-
-                                          Package variable (see integration
-                                          documentation for more information)
+                                        description: Package variable (see integration documentation for more information)
                                         type: object
                                     required:
                                       - type
@@ -13314,20 +12221,14 @@ paths:
                                   description: Package policy name (should be unique)
                                   type: string
                                 namespace:
-                                  description: >-
-                                    The package policy namespace. Leave blank to
-                                    inherit the agent policy's namespace.
+                                  description: The package policy namespace. Leave blank to inherit the agent policy's namespace.
                                   type: string
                                 output_id:
                                   nullable: true
                                   type: string
                                 overrides:
                                   additionalProperties: false
-                                  description: >-
-                                    Override settings that are defined in the
-                                    package policy. The override option should
-                                    be used only in unusual circumstances and
-                                    not as a routine procedure.
+                                  description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.
                                   nullable: true
                                   type: object
                                   properties:
@@ -13376,16 +12277,12 @@ paths:
                                     - version
                                 policy_id:
                                   deprecated: true
-                                  description: >-
-                                    Agent policy ID where that package policy
-                                    will be added
+                                  description: Agent policy ID where that package policy will be added
                                   nullable: true
                                   type: string
                                 policy_ids:
                                   items:
-                                    description: >-
-                                      Agent policy IDs where that package policy
-                                      will be added
+                                    description: Agent policy IDs where that package policy will be added
                                     type: string
                                   type: array
                                 revision:
@@ -13416,9 +12313,7 @@ paths:
                                       value: {}
                                     required:
                                       - value
-                                  description: >-
-                                    Package variable (see integration
-                                    documentation for more information)
+                                  description: Package variable (see integration documentation for more information)
                                   type: object
                                 version:
                                   type: string
@@ -13448,9 +12343,7 @@ paths:
                         type: string
                       supports_agentless:
                         default: false
-                        description: >-
-                          Indicates whether the agent policy supports agentless
-                          integrations.
+                        description: Indicates whether the agent policy supports agentless integrations.
                         nullable: true
                         type: boolean
                       unenroll_timeout:
@@ -13495,6 +12388,7 @@ paths:
       summary: Update an agent policy
       tags:
         - Elastic Agent policies
+      x-beta: true
   /api/fleet/agent_policies/{agentPolicyId}/copy:
     post:
       description: Copy an agent policy by ID.
@@ -13598,9 +12492,7 @@ paths:
                         nullable: true
                         type: string
                       global_data_tags:
-                        description: >-
-                          User defined data tags that are added to all of the
-                          inputs. The values can be strings or numbers.
+                        description: User defined data tags that are added to all of the inputs. The values can be strings or numbers.
                         items:
                           additionalProperties: false
                           type: object
@@ -13632,15 +12524,11 @@ paths:
                       is_preconfigured:
                         type: boolean
                       is_protected:
-                        description: >-
-                          Indicates whether the agent policy has tamper
-                          protection enabled. Default false.
+                        description: Indicates whether the agent policy has tamper protection enabled. Default false.
                         type: boolean
                       keep_monitoring_alive:
                         default: false
-                        description: >-
-                          When set to true, monitoring will be enabled but
-                          logs/metrics collection will be disabled
+                        description: When set to true, monitoring will be enabled but logs/metrics collection will be disabled
                         nullable: true
                         type: boolean
                       monitoring_diagnostics:
@@ -13707,11 +12595,7 @@ paths:
                         type: string
                       overrides:
                         additionalProperties: {}
-                        description: >-
-                          Override settings that are defined in the agent
-                          policy. Input settings cannot be overridden. The
-                          override option should be used only in unusual
-                          circumstances and not as a routine procedure.
+                        description: Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure.
                         nullable: true
                         type: object
                       package_policies:
@@ -13719,10 +12603,7 @@ paths:
                           - items:
                               type: string
                             type: array
-                          - description: >-
-                              This field is present only when retrieving a
-                              single agent policy, or when retrieving a list of
-                              agent policies with the ?full=true parameter
+                          - description: This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter
                             items:
                               additionalProperties: false
                               type: object
@@ -13768,9 +12649,7 @@ paths:
                                             value: {}
                                           required:
                                             - value
-                                        description: >-
-                                          Package variable (see integration
-                                          documentation for more information)
+                                        description: Package variable (see integration documentation for more information)
                                         type: object
                                       enabled:
                                         type: boolean
@@ -13798,9 +12677,7 @@ paths:
                                                   value: {}
                                                 required:
                                                   - value
-                                              description: >-
-                                                Package variable (see integration
-                                                documentation for more information)
+                                              description: Package variable (see integration documentation for more information)
                                               type: object
                                             data_stream:
                                               additionalProperties: false
@@ -13853,9 +12730,7 @@ paths:
                                                   value: {}
                                                 required:
                                                   - value
-                                              description: >-
-                                                Package variable (see integration
-                                                documentation for more information)
+                                              description: Package variable (see integration documentation for more information)
                                               type: object
                                           required:
                                             - enabled
@@ -13876,9 +12751,7 @@ paths:
                                             value: {}
                                           required:
                                             - value
-                                        description: >-
-                                          Package variable (see integration
-                                          documentation for more information)
+                                        description: Package variable (see integration documentation for more information)
                                         type: object
                                     required:
                                       - type
@@ -13892,20 +12765,14 @@ paths:
                                   description: Package policy name (should be unique)
                                   type: string
                                 namespace:
-                                  description: >-
-                                    The package policy namespace. Leave blank to
-                                    inherit the agent policy's namespace.
+                                  description: The package policy namespace. Leave blank to inherit the agent policy's namespace.
                                   type: string
                                 output_id:
                                   nullable: true
                                   type: string
                                 overrides:
                                   additionalProperties: false
-                                  description: >-
-                                    Override settings that are defined in the
-                                    package policy. The override option should
-                                    be used only in unusual circumstances and
-                                    not as a routine procedure.
+                                  description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.
                                   nullable: true
                                   type: object
                                   properties:
@@ -13954,16 +12821,12 @@ paths:
                                     - version
                                 policy_id:
                                   deprecated: true
-                                  description: >-
-                                    Agent policy ID where that package policy
-                                    will be added
+                                  description: Agent policy ID where that package policy will be added
                                   nullable: true
                                   type: string
                                 policy_ids:
                                   items:
-                                    description: >-
-                                      Agent policy IDs where that package policy
-                                      will be added
+                                    description: Agent policy IDs where that package policy will be added
                                     type: string
                                   type: array
                                 revision:
@@ -13994,9 +12857,7 @@ paths:
                                       value: {}
                                     required:
                                       - value
-                                  description: >-
-                                    Package variable (see integration
-                                    documentation for more information)
+                                  description: Package variable (see integration documentation for more information)
                                   type: object
                                 version:
                                   type: string
@@ -14026,9 +12887,7 @@ paths:
                         type: string
                       supports_agentless:
                         default: false
-                        description: >-
-                          Indicates whether the agent policy supports agentless
-                          integrations.
+                        description: Indicates whether the agent policy supports agentless integrations.
                         nullable: true
                         type: boolean
                       unenroll_timeout:
@@ -14073,6 +12932,7 @@ paths:
       summary: Copy an agent policy
       tags:
         - Elastic Agent policies
+      x-beta: true
   /api/fleet/agent_policies/{agentPolicyId}/download:
     get:
       description: Download an agent policy by ID.
@@ -14147,6 +13007,7 @@ paths:
       summary: Download an agent policy
       tags:
         - Elastic Agent policies
+      x-beta: true
   /api/fleet/agent_policies/{agentPolicyId}/full:
     get:
       description: Get a full agent policy by ID.
@@ -14479,6 +13340,7 @@ paths:
       summary: Get a full agent policy
       tags:
         - Elastic Agent policies
+      x-beta: true
   /api/fleet/agent_policies/{agentPolicyId}/outputs:
     get:
       description: Get a list of outputs associated with agent policy by policy id.
@@ -14583,6 +13445,7 @@ paths:
       summary: Get outputs for an agent policy
       tags:
         - Elastic Agent policies
+      x-beta: true
   /api/fleet/agent_policies/delete:
     post:
       description: Delete an agent policy by ID.
@@ -14613,9 +13476,7 @@ paths:
                 agentPolicyId:
                   type: string
                 force:
-                  description: >-
-                    bypass validation checks that can prevent agent policy
-                    deletion
+                  description: bypass validation checks that can prevent agent policy deletion
                   type: boolean
               required:
                 - agentPolicyId
@@ -14653,6 +13514,7 @@ paths:
       summary: Delete an agent policy
       tags:
         - Elastic Agent policies
+      x-beta: true
   /api/fleet/agent_policies/outputs:
     post:
       description: Get a list of outputs associated with agent policies.
@@ -14775,6 +13637,7 @@ paths:
       summary: Get outputs for agent policies
       tags:
         - Elastic Agent policies
+      x-beta: true
   /api/fleet/agent_status:
     get:
       operationId: get-fleet-agent-status
@@ -14870,6 +13733,7 @@ paths:
       summary: Get an agent status summary
       tags:
         - Elastic Agent status
+      x-beta: true
   /api/fleet/agent_status/data:
     get:
       operationId: get-fleet-agent-status-data
@@ -14942,6 +13806,7 @@ paths:
       summary: Get incoming agent data
       tags:
         - Elastic Agents
+      x-beta: true
   /api/fleet/agents:
     get:
       operationId: get-fleet-agents
@@ -15328,6 +14193,7 @@ paths:
       summary: Get agents
       tags:
         - Elastic Agents
+      x-beta: true
     post:
       operationId: post-fleet-agents
       parameters:
@@ -15392,6 +14258,7 @@ paths:
       summary: Get agents by action ids
       tags:
         - Elastic Agents
+      x-beta: true
   /api/fleet/agents/{agentId}:
     delete:
       description: Delete an agent by ID.
@@ -15450,6 +14317,7 @@ paths:
       summary: Delete an agent
       tags:
         - Elastic Agents
+      x-beta: true
     get:
       description: Get an agent by ID.
       operationId: get-fleet-agents-agentid
@@ -15778,6 +14646,7 @@ paths:
       summary: Get an agent
       tags:
         - Elastic Agents
+      x-beta: true
     put:
       description: Update an agent by ID.
       operationId: put-fleet-agents-agentid
@@ -16121,6 +14990,7 @@ paths:
       summary: Update an agent
       tags:
         - Elastic Agents
+      x-beta: true
   /api/fleet/agents/{agentId}/actions:
     post:
       operationId: post-fleet-agents-agentid-actions
@@ -16265,6 +15135,7 @@ paths:
       summary: Create an agent action
       tags:
         - Elastic Agent actions
+      x-beta: true
   /api/fleet/agents/{agentId}/reassign:
     post:
       operationId: post-fleet-agents-agentid-reassign
@@ -16327,6 +15198,7 @@ paths:
       summary: Reassign an agent
       tags:
         - Elastic Agent actions
+      x-beta: true
   /api/fleet/agents/{agentId}/request_diagnostics:
     post:
       operationId: post-fleet-agents-agentid-request-diagnostics
@@ -16396,6 +15268,7 @@ paths:
       summary: Request agent diagnostics
       tags:
         - Elastic Agent actions
+      x-beta: true
   /api/fleet/agents/{agentId}/unenroll:
     post:
       operationId: post-fleet-agents-agentid-unenroll
@@ -16436,6 +15309,7 @@ paths:
       summary: Unenroll an agent
       tags:
         - Elastic Agent actions
+      x-beta: true
   /api/fleet/agents/{agentId}/upgrade:
     post:
       operationId: post-fleet-agents-agentid-upgrade
@@ -16504,6 +15378,7 @@ paths:
       summary: Upgrade an agent
       tags:
         - Elastic Agent actions
+      x-beta: true
   /api/fleet/agents/{agentId}/uploads:
     get:
       operationId: get-fleet-agents-agentid-uploads
@@ -16584,6 +15459,7 @@ paths:
       summary: Get agent uploads
       tags:
         - Elastic Agents
+      x-beta: true
   /api/fleet/agents/action_status:
     get:
       operationId: get-fleet-agents-action-status
@@ -16653,9 +15529,7 @@ paths:
                         latestErrors:
                           items:
                             additionalProperties: false
-                            description: >-
-                              latest errors that happened when the agents
-                              executed the action
+                            description: latest errors that happened when the agents executed the action
                             type: object
                             properties:
                               agentId:
@@ -16751,6 +15625,7 @@ paths:
       summary: Get an agent action status
       tags:
         - Elastic Agent actions
+      x-beta: true
   /api/fleet/agents/actions/{actionId}/cancel:
     post:
       operationId: post-fleet-agents-actions-actionid-cancel
@@ -16845,6 +15720,7 @@ paths:
       summary: Cancel an agent action
       tags:
         - Elastic Agent actions
+      x-beta: true
   /api/fleet/agents/available_versions:
     get:
       operationId: get-fleet-agents-available-versions
@@ -16890,6 +15766,7 @@ paths:
       summary: Get available agent versions
       tags:
         - Elastic Agents
+      x-beta: true
   /api/fleet/agents/bulk_reassign:
     post:
       operationId: post-fleet-agents-bulk-reassign
@@ -16963,6 +15840,7 @@ paths:
       summary: Bulk reassign agents
       tags:
         - Elastic Agent actions
+      x-beta: true
   /api/fleet/agents/bulk_request_diagnostics:
     post:
       operationId: post-fleet-agents-bulk-request-diagnostics
@@ -17036,6 +15914,7 @@ paths:
       summary: Bulk request diagnostics from agents
       tags:
         - Elastic Agent actions
+      x-beta: true
   /api/fleet/agents/bulk_unenroll:
     post:
       operationId: post-fleet-agents-bulk-unenroll
@@ -17076,9 +15955,7 @@ paths:
                   description: Unenrolls hosted agents too
                   type: boolean
                 includeInactive:
-                  description: >-
-                    When passing agents by KQL query, unenrolls inactive agents
-                    too
+                  description: When passing agents by KQL query, unenrolls inactive agents too
                   type: boolean
                 revoke:
                   description: Revokes API keys of agents
@@ -17116,6 +15993,7 @@ paths:
       summary: Bulk unenroll agents
       tags:
         - Elastic Agent actions
+      x-beta: true
   /api/fleet/agents/bulk_update_agent_tags:
     post:
       operationId: post-fleet-agents-bulk-update-agent-tags
@@ -17194,6 +16072,7 @@ paths:
       summary: Bulk update agent tags
       tags:
         - Elastic Agent actions
+      x-beta: true
   /api/fleet/agents/bulk_upgrade:
     post:
       operationId: post-fleet-agents-bulk-upgrade
@@ -17278,6 +16157,7 @@ paths:
       summary: Bulk upgrade agents
       tags:
         - Elastic Agent actions
+      x-beta: true
   /api/fleet/agents/files/{fileId}:
     delete:
       description: Delete a file uploaded by an agent.
@@ -17337,6 +16217,7 @@ paths:
       summary: Delete an uploaded file
       tags:
         - Elastic Agents
+      x-beta: true
   /api/fleet/agents/files/{fileId}/{fileName}:
     get:
       description: Get a file uploaded by an agent.
@@ -17385,6 +16266,7 @@ paths:
       summary: Get an uploaded file
       tags:
         - Elastic Agents
+      x-beta: true
   /api/fleet/agents/setup:
     get:
       operationId: get-fleet-agents-setup
@@ -17403,10 +16285,7 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 additionalProperties: false
-                description: >-
-                  A summary of the agent setup status. `isReady` indicates
-                  whether the setup is ready. If the setup is not ready,
-                  `missing_requirements` lists which requirements are missing.
+                description: A summary of the agent setup status. `isReady` indicates whether the setup is ready. If the setup is not ready, `missing_requirements` lists which requirements are missing.
                 type: object
                 properties:
                   is_secrets_storage_enabled:
@@ -17456,6 +16335,7 @@ paths:
       summary: Get agent setup info
       tags:
         - Elastic Agents
+      x-beta: true
     post:
       operationId: post-fleet-agents-setup
       parameters:
@@ -17480,11 +16360,7 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 additionalProperties: false
-                description: >-
-                  A summary of the result of Fleet's `setup` lifecycle. If
-                  `isInitialized` is true, Fleet is ready to accept agent
-                  enrollment. `nonFatalErrors` may include useful insight into
-                  non-blocking issues with Fleet setup.
+                description: A summary of the result of Fleet's `setup` lifecycle. If `isInitialized` is true, Fleet is ready to accept agent enrollment. `nonFatalErrors` may include useful insight into non-blocking issues with Fleet setup.
                 type: object
                 properties:
                   isInitialized:
@@ -17524,6 +16400,7 @@ paths:
       summary: Initiate agent setup
       tags:
         - Elastic Agents
+      x-beta: true
   /api/fleet/agents/tags:
     get:
       operationId: get-fleet-agents-tags
@@ -17580,6 +16457,7 @@ paths:
       summary: Get agent tags
       tags:
         - Elastic Agents
+      x-beta: true
   /api/fleet/check-permissions:
     get:
       operationId: get-fleet-check-permissions
@@ -17634,6 +16512,7 @@ paths:
       summary: Check permissions
       tags:
         - Fleet internals
+      x-beta: true
   /api/fleet/data_streams:
     get:
       operationId: get-fleet-data-streams
@@ -17738,6 +16617,7 @@ paths:
       summary: Get data streams
       tags:
         - Data streams
+      x-beta: true
   /api/fleet/enrollment_api_keys:
     get:
       operationId: get-fleet-enrollment-api-keys
@@ -17781,14 +16661,10 @@ paths:
                       type: object
                       properties:
                         active:
-                          description: >-
-                            When false, the enrollment API key is revoked and
-                            cannot be used for enrolling Elastic Agents.
+                          description: When false, the enrollment API key is revoked and cannot be used for enrolling Elastic Agents.
                           type: boolean
                         api_key:
-                          description: >-
-                            The enrollment API key (token) used for enrolling
-                            Elastic Agents.
+                          description: The enrollment API key (token) used for enrolling Elastic Agents.
                           type: string
                         api_key_id:
                           description: The ID of the API key in the Security API.
@@ -17801,9 +16677,7 @@ paths:
                           description: The name of the enrollment API key.
                           type: string
                         policy_id:
-                          description: >-
-                            The ID of the agent policy the Elastic Agent will be
-                            enrolled in.
+                          description: The ID of the agent policy the Elastic Agent will be enrolled in.
                           type: string
                       required:
                         - id
@@ -17842,6 +16716,7 @@ paths:
       summary: Get enrollment API keys
       tags:
         - Fleet enrollment API keys
+      x-beta: true
     post:
       operationId: post-fleet-enrollment-api-keys
       parameters:
@@ -17892,14 +16767,10 @@ paths:
                     type: object
                     properties:
                       active:
-                        description: >-
-                          When false, the enrollment API key is revoked and
-                          cannot be used for enrolling Elastic Agents.
+                        description: When false, the enrollment API key is revoked and cannot be used for enrolling Elastic Agents.
                         type: boolean
                       api_key:
-                        description: >-
-                          The enrollment API key (token) used for enrolling
-                          Elastic Agents.
+                        description: The enrollment API key (token) used for enrolling Elastic Agents.
                         type: string
                       api_key_id:
                         description: The ID of the API key in the Security API.
@@ -17912,9 +16783,7 @@ paths:
                         description: The name of the enrollment API key.
                         type: string
                       policy_id:
-                        description: >-
-                          The ID of the agent policy the Elastic Agent will be
-                          enrolled in.
+                        description: The ID of the agent policy the Elastic Agent will be enrolled in.
                         type: string
                     required:
                       - id
@@ -17944,6 +16813,7 @@ paths:
       summary: Create an enrollment API key
       tags:
         - Fleet enrollment API keys
+      x-beta: true
   /api/fleet/enrollment_api_keys/{keyId}:
     delete:
       description: Revoke an enrollment API key by ID by marking it as inactive.
@@ -18002,6 +16872,7 @@ paths:
       summary: Revoke an enrollment API key
       tags:
         - Fleet enrollment API keys
+      x-beta: true
     get:
       description: Get an enrollment API key by ID.
       operationId: get-fleet-enrollment-api-keys-keyid
@@ -18032,14 +16903,10 @@ paths:
                     type: object
                     properties:
                       active:
-                        description: >-
-                          When false, the enrollment API key is revoked and
-                          cannot be used for enrolling Elastic Agents.
+                        description: When false, the enrollment API key is revoked and cannot be used for enrolling Elastic Agents.
                         type: boolean
                       api_key:
-                        description: >-
-                          The enrollment API key (token) used for enrolling
-                          Elastic Agents.
+                        description: The enrollment API key (token) used for enrolling Elastic Agents.
                         type: string
                       api_key_id:
                         description: The ID of the API key in the Security API.
@@ -18052,9 +16919,7 @@ paths:
                         description: The name of the enrollment API key.
                         type: string
                       policy_id:
-                        description: >-
-                          The ID of the agent policy the Elastic Agent will be
-                          enrolled in.
+                        description: The ID of the agent policy the Elastic Agent will be enrolled in.
                         type: string
                     required:
                       - id
@@ -18083,6 +16948,7 @@ paths:
       summary: Get an enrollment API key
       tags:
         - Fleet enrollment API keys
+      x-beta: true
   /api/fleet/epm/bulk_assets:
     post:
       operationId: post-fleet-epm-bulk-assets
@@ -18181,6 +17047,7 @@ paths:
       summary: Bulk get assets
       tags:
         - Elastic Package Manager (EPM)
+      x-beta: true
   /api/fleet/epm/categories:
     get:
       operationId: get-fleet-epm-categories
@@ -18252,6 +17119,7 @@ paths:
       summary: Get package categories
       tags:
         - Elastic Package Manager (EPM)
+      x-beta: true
   /api/fleet/epm/custom_integrations:
     post:
       operationId: post-fleet-epm-custom-integrations
@@ -18394,6 +17262,7 @@ paths:
       summary: Create a custom integration
       tags:
         - Elastic Package Manager (EPM)
+      x-beta: true
   /api/fleet/epm/data_streams:
     get:
       operationId: get-fleet-epm-data-streams
@@ -18476,6 +17345,7 @@ paths:
       summary: Get data streams
       tags:
         - Data streams
+      x-beta: true
   /api/fleet/epm/packages:
     get:
       operationId: get-fleet-epm-packages
@@ -18876,6 +17746,7 @@ paths:
       summary: Get packages
       tags:
         - Elastic Package Manager (EPM)
+      x-beta: true
     post:
       operationId: post-fleet-epm-packages
       parameters:
@@ -19002,6 +17873,7 @@ paths:
       summary: Install a package by upload
       tags:
         - Elastic Package Manager (EPM)
+      x-beta: true
   /api/fleet/epm/packages/_bulk:
     post:
       operationId: post-fleet-epm-packages-bulk
@@ -19184,6 +18056,7 @@ paths:
       summary: Bulk install packages
       tags:
         - Elastic Package Manager (EPM)
+      x-beta: true
   /api/fleet/epm/packages/{pkgName}/{pkgVersion}:
     delete:
       operationId: delete-fleet-epm-packages-pkgname-pkgversion
@@ -19299,6 +18172,7 @@ paths:
       summary: Delete a package
       tags:
         - Elastic Package Manager (EPM)
+      x-beta: true
     get:
       operationId: get-fleet-epm-packages-pkgname-pkgversion
       parameters:
@@ -19778,6 +18652,7 @@ paths:
       summary: Get a package
       tags:
         - Elastic Package Manager (EPM)
+      x-beta: true
     post:
       operationId: post-fleet-epm-packages-pkgname-pkgversion
       parameters:
@@ -19927,6 +18802,7 @@ paths:
       summary: Install a package from the registry
       tags:
         - Elastic Package Manager (EPM)
+      x-beta: true
     put:
       operationId: put-fleet-epm-packages-pkgname-pkgversion
       parameters:
@@ -20395,6 +19271,7 @@ paths:
       summary: Update package settings
       tags:
         - Elastic Package Manager (EPM)
+      x-beta: true
   /api/fleet/epm/packages/{pkgName}/{pkgVersion}/{filePath*}:
     get:
       operationId: get-fleet-epm-packages-pkgname-pkgversion-filepath
@@ -20446,6 +19323,7 @@ paths:
       summary: Get a package file
       tags:
         - Elastic Package Manager (EPM)
+      x-beta: true
   /api/fleet/epm/packages/{pkgName}/{pkgVersion}/transforms/authorize:
     post:
       operationId: post-fleet-epm-packages-pkgname-pkgversion-transforms-authorize
@@ -20538,6 +19416,7 @@ paths:
       summary: Authorize transforms
       tags:
         - Elastic Package Manager (EPM)
+      x-beta: true
   /api/fleet/epm/packages/{pkgName}/stats:
     get:
       operationId: get-fleet-epm-packages-pkgname-stats
@@ -20592,6 +19471,7 @@ paths:
       summary: Get package stats
       tags:
         - Elastic Package Manager (EPM)
+      x-beta: true
   /api/fleet/epm/packages/installed:
     get:
       operationId: get-fleet-epm-packages-installed
@@ -20745,6 +19625,7 @@ paths:
       summary: Get installed packages
       tags:
         - Elastic Package Manager (EPM)
+      x-beta: true
   /api/fleet/epm/packages/limited:
     get:
       operationId: get-fleet-epm-packages-limited
@@ -20790,6 +19671,7 @@ paths:
       summary: Get a limited package list
       tags:
         - Elastic Package Manager (EPM)
+      x-beta: true
   /api/fleet/epm/templates/{pkgName}/{pkgVersion}/inputs:
     get:
       operationId: get-fleet-epm-templates-pkgname-pkgversion-inputs
@@ -20897,6 +19779,7 @@ paths:
       summary: Get an inputs template
       tags:
         - Elastic Package Manager (EPM)
+      x-beta: true
   /api/fleet/epm/verification_key_id:
     get:
       operationId: get-fleet-epm-verification-key-id
@@ -20941,6 +19824,7 @@ paths:
       summary: Get a package signature verification key ID
       tags:
         - Elastic Package Manager (EPM)
+      x-beta: true
   /api/fleet/fleet_server_hosts:
     get:
       operationId: get-fleet-fleet-server-hosts
@@ -21021,6 +19905,7 @@ paths:
       summary: Get Fleet Server hosts
       tags:
         - Fleet Server hosts
+      x-beta: true
     post:
       operationId: post-fleet-fleet-server-hosts
       parameters:
@@ -21126,6 +20011,7 @@ paths:
       summary: Create a Fleet Server host
       tags:
         - Fleet Server hosts
+      x-beta: true
   /api/fleet/fleet_server_hosts/{itemId}:
     delete:
       description: Delete a Fleet Server host by ID.
@@ -21182,6 +20068,7 @@ paths:
       summary: Delete a Fleet Server host
       tags:
         - Fleet Server hosts
+      x-beta: true
     get:
       description: Get a Fleet Server host by ID.
       operationId: get-fleet-fleet-server-hosts-itemid
@@ -21256,6 +20143,7 @@ paths:
       summary: Get a Fleet Server host
       tags:
         - Fleet Server hosts
+      x-beta: true
     put:
       description: Update a Fleet Server host by ID.
       operationId: put-fleet-fleet-server-hosts-itemid
@@ -21360,6 +20248,7 @@ paths:
       summary: Update a Fleet Server host
       tags:
         - Fleet Server hosts
+      x-beta: true
   /api/fleet/health_check:
     post:
       operationId: post-fleet-health-check
@@ -21441,6 +20330,7 @@ paths:
       summary: Check Fleet Server health
       tags:
         - Fleet internals
+      x-beta: true
   /api/fleet/kubernetes:
     get:
       operationId: get-fleet-kubernetes
@@ -21499,6 +20389,7 @@ paths:
       summary: Get a full K8s agent manifest
       tags:
         - Elastic Agent policies
+      x-beta: true
   /api/fleet/kubernetes/download:
     get:
       operationId: get-fleet-kubernetes-download
@@ -21567,6 +20458,7 @@ paths:
       summary: Download an agent manifest
       tags:
         - Elastic Agent policies
+      x-beta: true
   /api/fleet/logstash_api_keys:
     post:
       operationId: post-fleet-logstash-api-keys
@@ -21617,6 +20509,7 @@ paths:
       summary: Generate a Logstash API key
       tags:
         - Fleet outputs
+      x-beta: true
   /api/fleet/message_signing_service/rotate_key_pair:
     post:
       operationId: post-fleet-message-signing-service-rotate-key-pair
@@ -21689,6 +20582,7 @@ paths:
       summary: Rotate a Fleet message signing key pair
       tags:
         - Message Signing Service
+      x-beta: true
   /api/fleet/outputs:
     get:
       operationId: get-fleet-outputs
@@ -22422,6 +21316,7 @@ paths:
       summary: Get outputs
       tags:
         - Fleet outputs
+      x-beta: true
     post:
       operationId: post-fleet-outputs
       parameters:
@@ -23834,6 +22729,7 @@ paths:
       summary: Create output
       tags:
         - Fleet outputs
+      x-beta: true
   /api/fleet/outputs/{outputId}:
     delete:
       description: Delete output by ID.
@@ -23906,6 +22802,7 @@ paths:
       summary: Delete output
       tags:
         - Fleet outputs
+      x-beta: true
     get:
       description: Get output by ID.
       operationId: get-fleet-outputs-outputid
@@ -24633,6 +23530,7 @@ paths:
       summary: Get output
       tags:
         - Fleet outputs
+      x-beta: true
     put:
       description: Update output by ID.
       operationId: put-fleet-outputs-outputid
@@ -26030,6 +24928,7 @@ paths:
       summary: Update output
       tags:
         - Fleet outputs
+      x-beta: true
   /api/fleet/outputs/{outputId}/health:
     get:
       operationId: get-fleet-outputs-outputid-health
@@ -26087,6 +24986,7 @@ paths:
       summary: Get the latest output health
       tags:
         - Fleet outputs
+      x-beta: true
   /api/fleet/package_policies:
     get:
       operationId: get-fleet-package-policies
@@ -26202,9 +25102,7 @@ paths:
                                         value: {}
                                       required:
                                         - value
-                                    description: >-
-                                      Package variable (see integration
-                                      documentation for more information)
+                                    description: Package variable (see integration documentation for more information)
                                     type: object
                                   enabled:
                                     type: boolean
@@ -26232,9 +25130,7 @@ paths:
                                               value: {}
                                             required:
                                               - value
-                                          description: >-
-                                            Package variable (see integration
-                                            documentation for more information)
+                                          description: Package variable (see integration documentation for more information)
                                           type: object
                                         data_stream:
                                           additionalProperties: false
@@ -26287,9 +25183,7 @@ paths:
                                               value: {}
                                             required:
                                               - value
-                                          description: >-
-                                            Package variable (see integration
-                                            documentation for more information)
+                                          description: Package variable (see integration documentation for more information)
                                           type: object
                                       required:
                                         - enabled
@@ -26310,9 +25204,7 @@ paths:
                                         value: {}
                                       required:
                                         - value
-                                    description: >-
-                                      Package variable (see integration
-                                      documentation for more information)
+                                    description: Package variable (see integration documentation for more information)
                                     type: object
                                 required:
                                   - type
@@ -26325,9 +25217,7 @@ paths:
                                 type: object
                                 properties:
                                   enabled:
-                                    description: >-
-                                      enable or disable that input, (default to
-                                      true)
+                                    description: enable or disable that input, (default to true)
                                     type: boolean
                                   streams:
                                     additionalProperties:
@@ -26335,9 +25225,7 @@ paths:
                                       type: object
                                       properties:
                                         enabled:
-                                          description: >-
-                                            enable or disable that stream, (default
-                                            to true)
+                                          description: enable or disable that stream, (default to true)
                                           type: boolean
                                         vars:
                                           additionalProperties:
@@ -26362,15 +25250,9 @@ paths:
                                                   - id
                                                   - isSecretRef
                                             nullable: true
-                                          description: >-
-                                            Input/stream level variable (see
-                                            integration documentation for more
-                                            information)
+                                          description: Input/stream level variable (see integration documentation for more information)
                                           type: object
-                                    description: >-
-                                      Input streams (see integration
-                                      documentation to know what streams are
-                                      available)
+                                    description: Input streams (see integration documentation to know what streams are available)
                                     type: object
                                   vars:
                                     additionalProperties:
@@ -26395,14 +25277,9 @@ paths:
                                             - id
                                             - isSecretRef
                                       nullable: true
-                                    description: >-
-                                      Input/stream level variable (see
-                                      integration documentation for more
-                                      information)
+                                    description: Input/stream level variable (see integration documentation for more information)
                                     type: object
-                              description: >-
-                                Package policy inputs (see integration
-                                documentation to know what inputs are available)
+                              description: Package policy inputs (see integration documentation to know what inputs are available)
                               type: object
                               x-oas-optional: true
                         is_managed:
@@ -26411,20 +25288,14 @@ paths:
                           description: Package policy name (should be unique)
                           type: string
                         namespace:
-                          description: >-
-                            The package policy namespace. Leave blank to inherit
-                            the agent policy's namespace.
+                          description: The package policy namespace. Leave blank to inherit the agent policy's namespace.
                           type: string
                         output_id:
                           nullable: true
                           type: string
                         overrides:
                           additionalProperties: false
-                          description: >-
-                            Override settings that are defined in the package
-                            policy. The override option should be used only in
-                            unusual circumstances and not as a routine
-                            procedure.
+                          description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.
                           nullable: true
                           type: object
                           properties:
@@ -26473,16 +25344,12 @@ paths:
                             - version
                         policy_id:
                           deprecated: true
-                          description: >-
-                            Agent policy ID where that package policy will be
-                            added
+                          description: Agent policy ID where that package policy will be added
                           nullable: true
                           type: string
                         policy_ids:
                           items:
-                            description: >-
-                              Agent policy IDs where that package policy will be
-                              added
+                            description: Agent policy IDs where that package policy will be added
                             type: string
                           type: array
                         revision:
@@ -26518,9 +25385,7 @@ paths:
                                   value: {}
                                 required:
                                   - value
-                              description: >-
-                                Package variable (see integration documentation
-                                for more information)
+                              description: Package variable (see integration documentation for more information)
                               type: object
                             - additionalProperties:
                                 anyOf:
@@ -26544,9 +25409,7 @@ paths:
                                       - id
                                       - isSecretRef
                                 nullable: true
-                              description: >-
-                                Input/stream level variable (see integration
-                                documentation for more information)
+                              description: Input/stream level variable (see integration documentation for more information)
                               type: object
                               x-oas-optional: true
                         version:
@@ -26592,6 +25455,7 @@ paths:
       summary: Get package policies
       tags:
         - Fleet package policies
+      x-beta: true
     post:
       operationId: post-fleet-package-policies
       parameters:
@@ -26632,9 +25496,7 @@ paths:
                     enabled:
                       type: boolean
                     force:
-                      description: >-
-                        Force package policy creation even if package is not
-                        verified, or if the agent policy is managed.
+                      description: Force package policy creation even if package is not verified, or if the agent policy is managed.
                       type: boolean
                     id:
                       description: Package policy unique identifier
@@ -26656,9 +25518,7 @@ paths:
                                 value: {}
                               required:
                                 - value
-                            description: >-
-                              Package variable (see integration documentation
-                              for more information)
+                            description: Package variable (see integration documentation for more information)
                             type: object
                           enabled:
                             type: boolean
@@ -26686,9 +25546,7 @@ paths:
                                       value: {}
                                     required:
                                       - value
-                                  description: >-
-                                    Package variable (see integration
-                                    documentation for more information)
+                                  description: Package variable (see integration documentation for more information)
                                   type: object
                                 data_stream:
                                   additionalProperties: false
@@ -26741,9 +25599,7 @@ paths:
                                       value: {}
                                     required:
                                       - value
-                                  description: >-
-                                    Package variable (see integration
-                                    documentation for more information)
+                                  description: Package variable (see integration documentation for more information)
                                   type: object
                               required:
                                 - enabled
@@ -26764,9 +25620,7 @@ paths:
                                 value: {}
                               required:
                                 - value
-                            description: >-
-                              Package variable (see integration documentation
-                              for more information)
+                            description: Package variable (see integration documentation for more information)
                             type: object
                         required:
                           - type
@@ -26778,19 +25632,14 @@ paths:
                       description: Package policy name (should be unique)
                       type: string
                     namespace:
-                      description: >-
-                        The package policy namespace. Leave blank to inherit the
-                        agent policy's namespace.
+                      description: The package policy namespace. Leave blank to inherit the agent policy's namespace.
                       type: string
                     output_id:
                       nullable: true
                       type: string
                     overrides:
                       additionalProperties: false
-                      description: >-
-                        Override settings that are defined in the package
-                        policy. The override option should be used only in
-                        unusual circumstances and not as a routine procedure.
+                      description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.
                       nullable: true
                       type: object
                       properties:
@@ -26844,9 +25693,7 @@ paths:
                       type: string
                     policy_ids:
                       items:
-                        description: >-
-                          Agent policy IDs where that package policy will be
-                          added
+                        description: Agent policy IDs where that package policy will be added
                         type: string
                       type: array
                     vars:
@@ -26861,9 +25708,7 @@ paths:
                           value: {}
                         required:
                           - value
-                      description: >-
-                        Package variable (see integration documentation for more
-                        information)
+                      description: Package variable (see integration documentation for more information)
                       type: object
                   required:
                     - name
@@ -26891,9 +25736,7 @@ paths:
                               type: object
                               properties:
                                 enabled:
-                                  description: >-
-                                    enable or disable that stream, (default to
-                                    true)
+                                  description: enable or disable that stream, (default to true)
                                   type: boolean
                                 vars:
                                   additionalProperties:
@@ -26918,13 +25761,9 @@ paths:
                                           - id
                                           - isSecretRef
                                     nullable: true
-                                  description: >-
-                                    Input/stream level variable (see integration
-                                    documentation for more information)
+                                  description: Input/stream level variable (see integration documentation for more information)
                                   type: object
-                            description: >-
-                              Input streams (see integration documentation to
-                              know what streams are available)
+                            description: Input streams (see integration documentation to know what streams are available)
                             type: object
                           vars:
                             additionalProperties:
@@ -26949,13 +25788,9 @@ paths:
                                     - id
                                     - isSecretRef
                               nullable: true
-                            description: >-
-                              Input/stream level variable (see integration
-                              documentation for more information)
+                            description: Input/stream level variable (see integration documentation for more information)
                             type: object
-                      description: >-
-                        Package policy inputs (see integration documentation to
-                        know what inputs are available)
+                      description: Package policy inputs (see integration documentation to know what inputs are available)
                       type: object
                     name:
                       type: string
@@ -27034,16 +25869,12 @@ paths:
                               - id
                               - isSecretRef
                         nullable: true
-                      description: >-
-                        Input/stream level variable (see integration
-                        documentation for more information)
+                      description: Input/stream level variable (see integration documentation for more information)
                       type: object
                   required:
                     - name
                     - package
-              description: >-
-                You should use inputs as an object and not use the deprecated
-                inputs array.
+              description: You should use inputs as an object and not use the deprecated inputs array.
       responses:
         '200':
           content:
@@ -27100,9 +25931,7 @@ paths:
                                       value: {}
                                     required:
                                       - value
-                                  description: >-
-                                    Package variable (see integration
-                                    documentation for more information)
+                                  description: Package variable (see integration documentation for more information)
                                   type: object
                                 enabled:
                                   type: boolean
@@ -27130,9 +25959,7 @@ paths:
                                             value: {}
                                           required:
                                             - value
-                                        description: >-
-                                          Package variable (see integration
-                                          documentation for more information)
+                                        description: Package variable (see integration documentation for more information)
                                         type: object
                                       data_stream:
                                         additionalProperties: false
@@ -27185,9 +26012,7 @@ paths:
                                             value: {}
                                           required:
                                             - value
-                                        description: >-
-                                          Package variable (see integration
-                                          documentation for more information)
+                                        description: Package variable (see integration documentation for more information)
                                         type: object
                                     required:
                                       - enabled
@@ -27208,9 +26033,7 @@ paths:
                                       value: {}
                                     required:
                                       - value
-                                  description: >-
-                                    Package variable (see integration
-                                    documentation for more information)
+                                  description: Package variable (see integration documentation for more information)
                                   type: object
                               required:
                                 - type
@@ -27223,9 +26046,7 @@ paths:
                               type: object
                               properties:
                                 enabled:
-                                  description: >-
-                                    enable or disable that input, (default to
-                                    true)
+                                  description: enable or disable that input, (default to true)
                                   type: boolean
                                 streams:
                                   additionalProperties:
@@ -27233,9 +26054,7 @@ paths:
                                     type: object
                                     properties:
                                       enabled:
-                                        description: >-
-                                          enable or disable that stream, (default
-                                          to true)
+                                        description: enable or disable that stream, (default to true)
                                         type: boolean
                                       vars:
                                         additionalProperties:
@@ -27260,14 +26079,9 @@ paths:
                                                 - id
                                                 - isSecretRef
                                           nullable: true
-                                        description: >-
-                                          Input/stream level variable (see
-                                          integration documentation for more
-                                          information)
+                                        description: Input/stream level variable (see integration documentation for more information)
                                         type: object
-                                  description: >-
-                                    Input streams (see integration documentation
-                                    to know what streams are available)
+                                  description: Input streams (see integration documentation to know what streams are available)
                                   type: object
                                 vars:
                                   additionalProperties:
@@ -27292,13 +26106,9 @@ paths:
                                           - id
                                           - isSecretRef
                                     nullable: true
-                                  description: >-
-                                    Input/stream level variable (see integration
-                                    documentation for more information)
+                                  description: Input/stream level variable (see integration documentation for more information)
                                   type: object
-                            description: >-
-                              Package policy inputs (see integration
-                              documentation to know what inputs are available)
+                            description: Package policy inputs (see integration documentation to know what inputs are available)
                             type: object
                             x-oas-optional: true
                       is_managed:
@@ -27307,19 +26117,14 @@ paths:
                         description: Package policy name (should be unique)
                         type: string
                       namespace:
-                        description: >-
-                          The package policy namespace. Leave blank to inherit
-                          the agent policy's namespace.
+                        description: The package policy namespace. Leave blank to inherit the agent policy's namespace.
                         type: string
                       output_id:
                         nullable: true
                         type: string
                       overrides:
                         additionalProperties: false
-                        description: >-
-                          Override settings that are defined in the package
-                          policy. The override option should be used only in
-                          unusual circumstances and not as a routine procedure.
+                        description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.
                         nullable: true
                         type: object
                         properties:
@@ -27368,16 +26173,12 @@ paths:
                           - version
                       policy_id:
                         deprecated: true
-                        description: >-
-                          Agent policy ID where that package policy will be
-                          added
+                        description: Agent policy ID where that package policy will be added
                         nullable: true
                         type: string
                       policy_ids:
                         items:
-                          description: >-
-                            Agent policy IDs where that package policy will be
-                            added
+                          description: Agent policy IDs where that package policy will be added
                           type: string
                         type: array
                       revision:
@@ -27413,9 +26214,7 @@ paths:
                                 value: {}
                               required:
                                 - value
-                            description: >-
-                              Package variable (see integration documentation
-                              for more information)
+                            description: Package variable (see integration documentation for more information)
                             type: object
                           - additionalProperties:
                               anyOf:
@@ -27439,9 +26238,7 @@ paths:
                                     - id
                                     - isSecretRef
                               nullable: true
-                            description: >-
-                              Input/stream level variable (see integration
-                              documentation for more information)
+                            description: Input/stream level variable (see integration documentation for more information)
                             type: object
                             x-oas-optional: true
                       version:
@@ -27493,6 +26290,7 @@ paths:
       summary: Create a package policy
       tags:
         - Fleet package policies
+      x-beta: true
   /api/fleet/package_policies/_bulk_get:
     post:
       operationId: post-fleet-package-policies-bulk-get
@@ -27593,9 +26391,7 @@ paths:
                                         value: {}
                                       required:
                                         - value
-                                    description: >-
-                                      Package variable (see integration
-                                      documentation for more information)
+                                    description: Package variable (see integration documentation for more information)
                                     type: object
                                   enabled:
                                     type: boolean
@@ -27623,9 +26419,7 @@ paths:
                                               value: {}
                                             required:
                                               - value
-                                          description: >-
-                                            Package variable (see integration
-                                            documentation for more information)
+                                          description: Package variable (see integration documentation for more information)
                                           type: object
                                         data_stream:
                                           additionalProperties: false
@@ -27678,9 +26472,7 @@ paths:
                                               value: {}
                                             required:
                                               - value
-                                          description: >-
-                                            Package variable (see integration
-                                            documentation for more information)
+                                          description: Package variable (see integration documentation for more information)
                                           type: object
                                       required:
                                         - enabled
@@ -27701,9 +26493,7 @@ paths:
                                         value: {}
                                       required:
                                         - value
-                                    description: >-
-                                      Package variable (see integration
-                                      documentation for more information)
+                                    description: Package variable (see integration documentation for more information)
                                     type: object
                                 required:
                                   - type
@@ -27716,9 +26506,7 @@ paths:
                                 type: object
                                 properties:
                                   enabled:
-                                    description: >-
-                                      enable or disable that input, (default to
-                                      true)
+                                    description: enable or disable that input, (default to true)
                                     type: boolean
                                   streams:
                                     additionalProperties:
@@ -27726,9 +26514,7 @@ paths:
                                       type: object
                                       properties:
                                         enabled:
-                                          description: >-
-                                            enable or disable that stream, (default
-                                            to true)
+                                          description: enable or disable that stream, (default to true)
                                           type: boolean
                                         vars:
                                           additionalProperties:
@@ -27753,15 +26539,9 @@ paths:
                                                   - id
                                                   - isSecretRef
                                             nullable: true
-                                          description: >-
-                                            Input/stream level variable (see
-                                            integration documentation for more
-                                            information)
+                                          description: Input/stream level variable (see integration documentation for more information)
                                           type: object
-                                    description: >-
-                                      Input streams (see integration
-                                      documentation to know what streams are
-                                      available)
+                                    description: Input streams (see integration documentation to know what streams are available)
                                     type: object
                                   vars:
                                     additionalProperties:
@@ -27786,14 +26566,9 @@ paths:
                                             - id
                                             - isSecretRef
                                       nullable: true
-                                    description: >-
-                                      Input/stream level variable (see
-                                      integration documentation for more
-                                      information)
+                                    description: Input/stream level variable (see integration documentation for more information)
                                     type: object
-                              description: >-
-                                Package policy inputs (see integration
-                                documentation to know what inputs are available)
+                              description: Package policy inputs (see integration documentation to know what inputs are available)
                               type: object
                               x-oas-optional: true
                         is_managed:
@@ -27802,20 +26577,14 @@ paths:
                           description: Package policy name (should be unique)
                           type: string
                         namespace:
-                          description: >-
-                            The package policy namespace. Leave blank to inherit
-                            the agent policy's namespace.
+                          description: The package policy namespace. Leave blank to inherit the agent policy's namespace.
                           type: string
                         output_id:
                           nullable: true
                           type: string
                         overrides:
                           additionalProperties: false
-                          description: >-
-                            Override settings that are defined in the package
-                            policy. The override option should be used only in
-                            unusual circumstances and not as a routine
-                            procedure.
+                          description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.
                           nullable: true
                           type: object
                           properties:
@@ -27864,16 +26633,12 @@ paths:
                             - version
                         policy_id:
                           deprecated: true
-                          description: >-
-                            Agent policy ID where that package policy will be
-                            added
+                          description: Agent policy ID where that package policy will be added
                           nullable: true
                           type: string
                         policy_ids:
                           items:
-                            description: >-
-                              Agent policy IDs where that package policy will be
-                              added
+                            description: Agent policy IDs where that package policy will be added
                             type: string
                           type: array
                         revision:
@@ -27909,9 +26674,7 @@ paths:
                                   value: {}
                                 required:
                                   - value
-                              description: >-
-                                Package variable (see integration documentation
-                                for more information)
+                              description: Package variable (see integration documentation for more information)
                               type: object
                             - additionalProperties:
                                 anyOf:
@@ -27935,9 +26698,7 @@ paths:
                                       - id
                                       - isSecretRef
                                 nullable: true
-                              description: >-
-                                Input/stream level variable (see integration
-                                documentation for more information)
+                              description: Input/stream level variable (see integration documentation for more information)
                               type: object
                               x-oas-optional: true
                         version:
@@ -27985,6 +26746,7 @@ paths:
       summary: Bulk get package policies
       tags:
         - Fleet package policies
+      x-beta: true
   /api/fleet/package_policies/{packagePolicyId}:
     delete:
       description: Delete a package policy by ID.
@@ -28046,6 +26808,7 @@ paths:
       summary: Delete a package policy
       tags:
         - Fleet package policies
+      x-beta: true
     get:
       description: Get a package policy by ID.
       operationId: get-fleet-package-policies-packagepolicyid
@@ -28127,9 +26890,7 @@ paths:
                                       value: {}
                                     required:
                                       - value
-                                  description: >-
-                                    Package variable (see integration
-                                    documentation for more information)
+                                  description: Package variable (see integration documentation for more information)
                                   type: object
                                 enabled:
                                   type: boolean
@@ -28157,9 +26918,7 @@ paths:
                                             value: {}
                                           required:
                                             - value
-                                        description: >-
-                                          Package variable (see integration
-                                          documentation for more information)
+                                        description: Package variable (see integration documentation for more information)
                                         type: object
                                       data_stream:
                                         additionalProperties: false
@@ -28212,9 +26971,7 @@ paths:
                                             value: {}
                                           required:
                                             - value
-                                        description: >-
-                                          Package variable (see integration
-                                          documentation for more information)
+                                        description: Package variable (see integration documentation for more information)
                                         type: object
                                     required:
                                       - enabled
@@ -28235,9 +26992,7 @@ paths:
                                       value: {}
                                     required:
                                       - value
-                                  description: >-
-                                    Package variable (see integration
-                                    documentation for more information)
+                                  description: Package variable (see integration documentation for more information)
                                   type: object
                               required:
                                 - type
@@ -28250,9 +27005,7 @@ paths:
                               type: object
                               properties:
                                 enabled:
-                                  description: >-
-                                    enable or disable that input, (default to
-                                    true)
+                                  description: enable or disable that input, (default to true)
                                   type: boolean
                                 streams:
                                   additionalProperties:
@@ -28260,9 +27013,7 @@ paths:
                                     type: object
                                     properties:
                                       enabled:
-                                        description: >-
-                                          enable or disable that stream, (default
-                                          to true)
+                                        description: enable or disable that stream, (default to true)
                                         type: boolean
                                       vars:
                                         additionalProperties:
@@ -28287,14 +27038,9 @@ paths:
                                                 - id
                                                 - isSecretRef
                                           nullable: true
-                                        description: >-
-                                          Input/stream level variable (see
-                                          integration documentation for more
-                                          information)
+                                        description: Input/stream level variable (see integration documentation for more information)
                                         type: object
-                                  description: >-
-                                    Input streams (see integration documentation
-                                    to know what streams are available)
+                                  description: Input streams (see integration documentation to know what streams are available)
                                   type: object
                                 vars:
                                   additionalProperties:
@@ -28319,13 +27065,9 @@ paths:
                                           - id
                                           - isSecretRef
                                     nullable: true
-                                  description: >-
-                                    Input/stream level variable (see integration
-                                    documentation for more information)
+                                  description: Input/stream level variable (see integration documentation for more information)
                                   type: object
-                            description: >-
-                              Package policy inputs (see integration
-                              documentation to know what inputs are available)
+                            description: Package policy inputs (see integration documentation to know what inputs are available)
                             type: object
                             x-oas-optional: true
                       is_managed:
@@ -28334,19 +27076,14 @@ paths:
                         description: Package policy name (should be unique)
                         type: string
                       namespace:
-                        description: >-
-                          The package policy namespace. Leave blank to inherit
-                          the agent policy's namespace.
+                        description: The package policy namespace. Leave blank to inherit the agent policy's namespace.
                         type: string
                       output_id:
                         nullable: true
                         type: string
                       overrides:
                         additionalProperties: false
-                        description: >-
-                          Override settings that are defined in the package
-                          policy. The override option should be used only in
-                          unusual circumstances and not as a routine procedure.
+                        description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.
                         nullable: true
                         type: object
                         properties:
@@ -28395,16 +27132,12 @@ paths:
                           - version
                       policy_id:
                         deprecated: true
-                        description: >-
-                          Agent policy ID where that package policy will be
-                          added
+                        description: Agent policy ID where that package policy will be added
                         nullable: true
                         type: string
                       policy_ids:
                         items:
-                          description: >-
-                            Agent policy IDs where that package policy will be
-                            added
+                          description: Agent policy IDs where that package policy will be added
                           type: string
                         type: array
                       revision:
@@ -28440,9 +27173,7 @@ paths:
                                 value: {}
                               required:
                                 - value
-                            description: >-
-                              Package variable (see integration documentation
-                              for more information)
+                            description: Package variable (see integration documentation for more information)
                             type: object
                           - additionalProperties:
                               anyOf:
@@ -28466,9 +27197,7 @@ paths:
                                     - id
                                     - isSecretRef
                               nullable: true
-                            description: >-
-                              Input/stream level variable (see integration
-                              documentation for more information)
+                            description: Input/stream level variable (see integration documentation for more information)
                             type: object
                             x-oas-optional: true
                       version:
@@ -28515,6 +27244,7 @@ paths:
       summary: Get a package policy
       tags:
         - Fleet package policies
+      x-beta: true
     put:
       description: Update a package policy by ID.
       operationId: put-fleet-package-policies-packagepolicyid
@@ -28579,9 +27309,7 @@ paths:
                                 value: {}
                               required:
                                 - value
-                            description: >-
-                              Package variable (see integration documentation
-                              for more information)
+                            description: Package variable (see integration documentation for more information)
                             type: object
                           enabled:
                             type: boolean
@@ -28609,9 +27337,7 @@ paths:
                                       value: {}
                                     required:
                                       - value
-                                  description: >-
-                                    Package variable (see integration
-                                    documentation for more information)
+                                  description: Package variable (see integration documentation for more information)
                                   type: object
                                 data_stream:
                                   additionalProperties: false
@@ -28664,9 +27390,7 @@ paths:
                                       value: {}
                                     required:
                                       - value
-                                  description: >-
-                                    Package variable (see integration
-                                    documentation for more information)
+                                  description: Package variable (see integration documentation for more information)
                                   type: object
                               required:
                                 - enabled
@@ -28687,9 +27411,7 @@ paths:
                                 value: {}
                               required:
                                 - value
-                            description: >-
-                              Package variable (see integration documentation
-                              for more information)
+                            description: Package variable (see integration documentation for more information)
                             type: object
                         required:
                           - type
@@ -28700,19 +27422,14 @@ paths:
                     name:
                       type: string
                     namespace:
-                      description: >-
-                        The package policy namespace. Leave blank to inherit the
-                        agent policy's namespace.
+                      description: The package policy namespace. Leave blank to inherit the agent policy's namespace.
                       type: string
                     output_id:
                       nullable: true
                       type: string
                     overrides:
                       additionalProperties: false
-                      description: >-
-                        Override settings that are defined in the package
-                        policy. The override option should be used only in
-                        unusual circumstances and not as a routine procedure.
+                      description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.
                       nullable: true
                       type: object
                       properties:
@@ -28766,9 +27483,7 @@ paths:
                       type: string
                     policy_ids:
                       items:
-                        description: >-
-                          Agent policy IDs where that package policy will be
-                          added
+                        description: Agent policy IDs where that package policy will be added
                         type: string
                       type: array
                     vars:
@@ -28783,9 +27498,7 @@ paths:
                           value: {}
                         required:
                           - value
-                      description: >-
-                        Package variable (see integration documentation for more
-                        information)
+                      description: Package variable (see integration documentation for more information)
                       type: object
                     version:
                       type: string
@@ -28812,9 +27525,7 @@ paths:
                               type: object
                               properties:
                                 enabled:
-                                  description: >-
-                                    enable or disable that stream, (default to
-                                    true)
+                                  description: enable or disable that stream, (default to true)
                                   type: boolean
                                 vars:
                                   additionalProperties:
@@ -28839,13 +27550,9 @@ paths:
                                           - id
                                           - isSecretRef
                                     nullable: true
-                                  description: >-
-                                    Input/stream level variable (see integration
-                                    documentation for more information)
+                                  description: Input/stream level variable (see integration documentation for more information)
                                   type: object
-                            description: >-
-                              Input streams (see integration documentation to
-                              know what streams are available)
+                            description: Input streams (see integration documentation to know what streams are available)
                             type: object
                           vars:
                             additionalProperties:
@@ -28870,13 +27577,9 @@ paths:
                                     - id
                                     - isSecretRef
                               nullable: true
-                            description: >-
-                              Input/stream level variable (see integration
-                              documentation for more information)
+                            description: Input/stream level variable (see integration documentation for more information)
                             type: object
-                      description: >-
-                        Package policy inputs (see integration documentation to
-                        know what inputs are available)
+                      description: Package policy inputs (see integration documentation to know what inputs are available)
                       type: object
                     name:
                       type: string
@@ -28955,9 +27658,7 @@ paths:
                               - id
                               - isSecretRef
                         nullable: true
-                      description: >-
-                        Input/stream level variable (see integration
-                        documentation for more information)
+                      description: Input/stream level variable (see integration documentation for more information)
                       type: object
                   required:
                     - name
@@ -29018,9 +27719,7 @@ paths:
                                       value: {}
                                     required:
                                       - value
-                                  description: >-
-                                    Package variable (see integration
-                                    documentation for more information)
+                                  description: Package variable (see integration documentation for more information)
                                   type: object
                                 enabled:
                                   type: boolean
@@ -29048,9 +27747,7 @@ paths:
                                             value: {}
                                           required:
                                             - value
-                                        description: >-
-                                          Package variable (see integration
-                                          documentation for more information)
+                                        description: Package variable (see integration documentation for more information)
                                         type: object
                                       data_stream:
                                         additionalProperties: false
@@ -29103,9 +27800,7 @@ paths:
                                             value: {}
                                           required:
                                             - value
-                                        description: >-
-                                          Package variable (see integration
-                                          documentation for more information)
+                                        description: Package variable (see integration documentation for more information)
                                         type: object
                                     required:
                                       - enabled
@@ -29126,9 +27821,7 @@ paths:
                                       value: {}
                                     required:
                                       - value
-                                  description: >-
-                                    Package variable (see integration
-                                    documentation for more information)
+                                  description: Package variable (see integration documentation for more information)
                                   type: object
                               required:
                                 - type
@@ -29141,9 +27834,7 @@ paths:
                               type: object
                               properties:
                                 enabled:
-                                  description: >-
-                                    enable or disable that input, (default to
-                                    true)
+                                  description: enable or disable that input, (default to true)
                                   type: boolean
                                 streams:
                                   additionalProperties:
@@ -29151,9 +27842,7 @@ paths:
                                     type: object
                                     properties:
                                       enabled:
-                                        description: >-
-                                          enable or disable that stream, (default
-                                          to true)
+                                        description: enable or disable that stream, (default to true)
                                         type: boolean
                                       vars:
                                         additionalProperties:
@@ -29178,14 +27867,9 @@ paths:
                                                 - id
                                                 - isSecretRef
                                           nullable: true
-                                        description: >-
-                                          Input/stream level variable (see
-                                          integration documentation for more
-                                          information)
+                                        description: Input/stream level variable (see integration documentation for more information)
                                         type: object
-                                  description: >-
-                                    Input streams (see integration documentation
-                                    to know what streams are available)
+                                  description: Input streams (see integration documentation to know what streams are available)
                                   type: object
                                 vars:
                                   additionalProperties:
@@ -29210,13 +27894,9 @@ paths:
                                           - id
                                           - isSecretRef
                                     nullable: true
-                                  description: >-
-                                    Input/stream level variable (see integration
-                                    documentation for more information)
+                                  description: Input/stream level variable (see integration documentation for more information)
                                   type: object
-                            description: >-
-                              Package policy inputs (see integration
-                              documentation to know what inputs are available)
+                            description: Package policy inputs (see integration documentation to know what inputs are available)
                             type: object
                             x-oas-optional: true
                       is_managed:
@@ -29225,19 +27905,14 @@ paths:
                         description: Package policy name (should be unique)
                         type: string
                       namespace:
-                        description: >-
-                          The package policy namespace. Leave blank to inherit
-                          the agent policy's namespace.
+                        description: The package policy namespace. Leave blank to inherit the agent policy's namespace.
                         type: string
                       output_id:
                         nullable: true
                         type: string
                       overrides:
                         additionalProperties: false
-                        description: >-
-                          Override settings that are defined in the package
-                          policy. The override option should be used only in
-                          unusual circumstances and not as a routine procedure.
+                        description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.
                         nullable: true
                         type: object
                         properties:
@@ -29286,16 +27961,12 @@ paths:
                           - version
                       policy_id:
                         deprecated: true
-                        description: >-
-                          Agent policy ID where that package policy will be
-                          added
+                        description: Agent policy ID where that package policy will be added
                         nullable: true
                         type: string
                       policy_ids:
                         items:
-                          description: >-
-                            Agent policy IDs where that package policy will be
-                            added
+                          description: Agent policy IDs where that package policy will be added
                           type: string
                         type: array
                       revision:
@@ -29331,9 +28002,7 @@ paths:
                                 value: {}
                               required:
                                 - value
-                            description: >-
-                              Package variable (see integration documentation
-                              for more information)
+                            description: Package variable (see integration documentation for more information)
                             type: object
                           - additionalProperties:
                               anyOf:
@@ -29357,9 +28026,7 @@ paths:
                                     - id
                                     - isSecretRef
                               nullable: true
-                            description: >-
-                              Input/stream level variable (see integration
-                              documentation for more information)
+                            description: Input/stream level variable (see integration documentation for more information)
                             type: object
                             x-oas-optional: true
                       version:
@@ -29411,6 +28078,7 @@ paths:
       summary: Update a package policy
       tags:
         - Fleet package policies
+      x-beta: true
   /api/fleet/package_policies/delete:
     post:
       operationId: post-fleet-package-policies-delete
@@ -29547,6 +28215,7 @@ paths:
       summary: Bulk delete package policies
       tags:
         - Fleet package policies
+      x-beta: true
   /api/fleet/package_policies/upgrade:
     post:
       description: Upgrade a package policy to a newer package version.
@@ -29628,6 +28297,7 @@ paths:
       summary: Upgrade a package policy
       tags:
         - Fleet package policies
+      x-beta: true
   /api/fleet/package_policies/upgrade/dryrun:
     post:
       operationId: post-fleet-package-policies-upgrade-dryrun
@@ -29826,9 +28496,7 @@ paths:
                                               value: {}
                                             required:
                                               - value
-                                          description: >-
-                                            Package variable (see integration
-                                            documentation for more information)
+                                          description: Package variable (see integration documentation for more information)
                                           type: object
                                         enabled:
                                           type: boolean
@@ -29856,9 +28524,7 @@ paths:
                                                     value: {}
                                                   required:
                                                     - value
-                                                description: >-
-                                                  Package variable (see integration
-                                                  documentation for more information)
+                                                description: Package variable (see integration documentation for more information)
                                                 type: object
                                               data_stream:
                                                 additionalProperties: false
@@ -29911,9 +28577,7 @@ paths:
                                                     value: {}
                                                   required:
                                                     - value
-                                                description: >-
-                                                  Package variable (see integration
-                                                  documentation for more information)
+                                                description: Package variable (see integration documentation for more information)
                                                 type: object
                                             required:
                                               - enabled
@@ -29934,9 +28598,7 @@ paths:
                                               value: {}
                                             required:
                                               - value
-                                          description: >-
-                                            Package variable (see integration
-                                            documentation for more information)
+                                          description: Package variable (see integration documentation for more information)
                                           type: object
                                       required:
                                         - type
@@ -29949,9 +28611,7 @@ paths:
                                       type: object
                                       properties:
                                         enabled:
-                                          description: >-
-                                            enable or disable that input, (default
-                                            to true)
+                                          description: enable or disable that input, (default to true)
                                           type: boolean
                                         streams:
                                           additionalProperties:
@@ -29959,9 +28619,7 @@ paths:
                                             type: object
                                             properties:
                                               enabled:
-                                                description: >-
-                                                  enable or disable that stream, (default
-                                                  to true)
+                                                description: enable or disable that stream, (default to true)
                                                 type: boolean
                                               vars:
                                                 additionalProperties:
@@ -29986,15 +28644,9 @@ paths:
                                                         - id
                                                         - isSecretRef
                                                   nullable: true
-                                                description: >-
-                                                  Input/stream level variable (see
-                                                  integration documentation for more
-                                                  information)
+                                                description: Input/stream level variable (see integration documentation for more information)
                                                 type: object
-                                          description: >-
-                                            Input streams (see integration
-                                            documentation to know what streams are
-                                            available)
+                                          description: Input streams (see integration documentation to know what streams are available)
                                           type: object
                                         vars:
                                           additionalProperties:
@@ -30019,15 +28671,9 @@ paths:
                                                   - id
                                                   - isSecretRef
                                             nullable: true
-                                          description: >-
-                                            Input/stream level variable (see
-                                            integration documentation for more
-                                            information)
+                                          description: Input/stream level variable (see integration documentation for more information)
                                           type: object
-                                    description: >-
-                                      Package policy inputs (see integration
-                                      documentation to know what inputs are
-                                      available)
+                                    description: Package policy inputs (see integration documentation to know what inputs are available)
                                     type: object
                                     x-oas-optional: true
                               is_managed:
@@ -30036,20 +28682,14 @@ paths:
                                 description: Package policy name (should be unique)
                                 type: string
                               namespace:
-                                description: >-
-                                  The package policy namespace. Leave blank to
-                                  inherit the agent policy's namespace.
+                                description: The package policy namespace. Leave blank to inherit the agent policy's namespace.
                                 type: string
                               output_id:
                                 nullable: true
                                 type: string
                               overrides:
                                 additionalProperties: false
-                                description: >-
-                                  Override settings that are defined in the
-                                  package policy. The override option should be
-                                  used only in unusual circumstances and not as
-                                  a routine procedure.
+                                description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.
                                 nullable: true
                                 type: object
                                 properties:
@@ -30098,16 +28738,12 @@ paths:
                                   - version
                               policy_id:
                                 deprecated: true
-                                description: >-
-                                  Agent policy ID where that package policy will
-                                  be added
+                                description: Agent policy ID where that package policy will be added
                                 nullable: true
                                 type: string
                               policy_ids:
                                 items:
-                                  description: >-
-                                    Agent policy IDs where that package policy
-                                    will be added
+                                  description: Agent policy IDs where that package policy will be added
                                   type: string
                                 type: array
                               revision:
@@ -30143,9 +28779,7 @@ paths:
                                         value: {}
                                       required:
                                         - value
-                                    description: >-
-                                      Package variable (see integration
-                                      documentation for more information)
+                                    description: Package variable (see integration documentation for more information)
                                     type: object
                                   - additionalProperties:
                                       anyOf:
@@ -30169,10 +28803,7 @@ paths:
                                             - id
                                             - isSecretRef
                                       nullable: true
-                                    description: >-
-                                      Input/stream level variable (see
-                                      integration documentation for more
-                                      information)
+                                    description: Input/stream level variable (see integration documentation for more information)
                                     type: object
                                     x-oas-optional: true
                               version:
@@ -30227,9 +28858,7 @@ paths:
                                           value: {}
                                         required:
                                           - value
-                                      description: >-
-                                        Package variable (see integration
-                                        documentation for more information)
+                                      description: Package variable (see integration documentation for more information)
                                       type: object
                                     enabled:
                                       type: boolean
@@ -30257,9 +28886,7 @@ paths:
                                                 value: {}
                                               required:
                                                 - value
-                                            description: >-
-                                              Package variable (see integration
-                                              documentation for more information)
+                                            description: Package variable (see integration documentation for more information)
                                             type: object
                                           data_stream:
                                             additionalProperties: false
@@ -30312,9 +28939,7 @@ paths:
                                                 value: {}
                                               required:
                                                 - value
-                                            description: >-
-                                              Package variable (see integration
-                                              documentation for more information)
+                                            description: Package variable (see integration documentation for more information)
                                             type: object
                                         required:
                                           - enabled
@@ -30335,9 +28960,7 @@ paths:
                                           value: {}
                                         required:
                                           - value
-                                      description: >-
-                                        Package variable (see integration
-                                        documentation for more information)
+                                      description: Package variable (see integration documentation for more information)
                                       type: object
                                   required:
                                     - type
@@ -30354,20 +28977,14 @@ paths:
                                 description: Package policy name (should be unique)
                                 type: string
                               namespace:
-                                description: >-
-                                  The package policy namespace. Leave blank to
-                                  inherit the agent policy's namespace.
+                                description: The package policy namespace. Leave blank to inherit the agent policy's namespace.
                                 type: string
                               output_id:
                                 nullable: true
                                 type: string
                               overrides:
                                 additionalProperties: false
-                                description: >-
-                                  Override settings that are defined in the
-                                  package policy. The override option should be
-                                  used only in unusual circumstances and not as
-                                  a routine procedure.
+                                description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.
                                 nullable: true
                                 type: object
                                 properties:
@@ -30416,16 +29033,12 @@ paths:
                                   - version
                               policy_id:
                                 deprecated: true
-                                description: >-
-                                  Agent policy ID where that package policy will
-                                  be added
+                                description: Agent policy ID where that package policy will be added
                                 nullable: true
                                 type: string
                               policy_ids:
                                 items:
-                                  description: >-
-                                    Agent policy IDs where that package policy
-                                    will be added
+                                  description: Agent policy IDs where that package policy will be added
                                   type: string
                                 type: array
                               vars:
@@ -30440,9 +29053,7 @@ paths:
                                     value: {}
                                   required:
                                     - value
-                                description: >-
-                                  Package variable (see integration
-                                  documentation for more information)
+                                description: Package variable (see integration documentation for more information)
                                 type: object
                             required:
                               - name
@@ -30477,6 +29088,7 @@ paths:
       summary: Dry run a package policy upgrade
       tags:
         - Fleet package policies
+      x-beta: true
   /api/fleet/proxies:
     get:
       operationId: get-fleet-proxies
@@ -30563,6 +29175,7 @@ paths:
       summary: Get proxies
       tags:
         - Fleet proxies
+      x-beta: true
     post:
       operationId: post-fleet-proxies
       parameters:
@@ -30680,6 +29293,7 @@ paths:
       summary: Create a proxy
       tags:
         - Fleet proxies
+      x-beta: true
   /api/fleet/proxies/{itemId}:
     delete:
       description: Delete a proxy by ID
@@ -30736,6 +29350,7 @@ paths:
       summary: Delete a proxy
       tags:
         - Fleet proxies
+      x-beta: true
     get:
       description: Get a proxy by ID.
       operationId: get-fleet-proxies-itemid
@@ -30816,6 +29431,7 @@ paths:
       summary: Get a proxy
       tags:
         - Fleet proxies
+      x-beta: true
     put:
       description: Update a proxy by ID.
       operationId: put-fleet-proxies-itemid
@@ -30936,6 +29552,7 @@ paths:
       summary: Update a proxy
       tags:
         - Fleet proxies
+      x-beta: true
   /api/fleet/service_tokens:
     post:
       operationId: post-fleet-service-tokens
@@ -31000,6 +29617,7 @@ paths:
       summary: Create a service token
       tags:
         - Fleet service tokens
+      x-beta: true
   /api/fleet/settings:
     get:
       operationId: get-fleet-settings
@@ -31095,6 +29713,7 @@ paths:
       summary: Get settings
       tags:
         - Fleet internals
+      x-beta: true
     put:
       operationId: put-fleet-settings
       parameters:
@@ -31227,6 +29846,7 @@ paths:
       summary: Update settings
       tags:
         - Fleet internals
+      x-beta: true
   /api/fleet/setup:
     post:
       operationId: post-fleet-setup
@@ -31252,11 +29872,7 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 additionalProperties: false
-                description: >-
-                  A summary of the result of Fleet's `setup` lifecycle. If
-                  `isInitialized` is true, Fleet is ready to accept agent
-                  enrollment. `nonFatalErrors` may include useful insight into
-                  non-blocking issues with Fleet setup.
+                description: A summary of the result of Fleet's `setup` lifecycle. If `isInitialized` is true, Fleet is ready to accept agent enrollment. `nonFatalErrors` may include useful insight into non-blocking issues with Fleet setup.
                 type: object
                 properties:
                   isInitialized:
@@ -31308,6 +29924,7 @@ paths:
       summary: Initiate Fleet setup
       tags:
         - Fleet internals
+      x-beta: true
   /api/fleet/uninstall_tokens:
     get:
       description: List the metadata for the latest uninstall tokens per agent policy.
@@ -31408,6 +30025,7 @@ paths:
       summary: Get metadata for latest uninstall tokens
       tags:
         - Fleet uninstall tokens
+      x-beta: true
   /api/fleet/uninstall_tokens/{uninstallTokenId}:
     get:
       description: Get one decrypted uninstall token by its ID.
@@ -31479,6 +30097,7 @@ paths:
       summary: Get a decrypted uninstall token
       tags:
         - Fleet uninstall tokens
+      x-beta: true
   /api/lists:
     delete:
       description: |
@@ -31517,8 +30136,7 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Lists_API_PlatformErrorResponse
+                  - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse'
                   - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse'
           description: Invalid input data response
         '401':
@@ -31548,6 +30166,7 @@ paths:
       summary: Delete a list
       tags:
         - Security Lists API
+      x-beta: true
     get:
       description: Get the details of a list using the list ID.
       operationId: ReadList
@@ -31570,8 +30189,7 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Lists_API_PlatformErrorResponse
+                  - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse'
                   - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse'
           description: Invalid input data response
         '401':
@@ -31601,6 +30219,7 @@ paths:
       summary: Get list details
       tags:
         - Security Lists API
+      x-beta: true
     patch:
       description: Update specific fields of an existing list using the list ID.
       operationId: PatchList
@@ -31639,8 +30258,7 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Lists_API_PlatformErrorResponse
+                  - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse'
                   - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse'
           description: Invalid input data response
         '401':
@@ -31670,6 +30288,7 @@ paths:
       summary: Patch a list
       tags:
         - Security Lists API
+      x-beta: true
     post:
       description: Create a new list.
       operationId: CreateList
@@ -31715,8 +30334,7 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Lists_API_PlatformErrorResponse
+                  - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse'
                   - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse'
           description: Invalid input data response
         '401':
@@ -31746,13 +30364,11 @@ paths:
       summary: Create a list
       tags:
         - Security Lists API
+      x-beta: true
     put:
-      description: >
-        Update a list using the list ID. The original list is replaced, and all
-        unspecified fields are deleted.
-
+      description: |
+        Update a list using the list ID. The original list is replaced, and all unspecified fields are deleted.
         > info
-
         > You cannot modify the `id` value.
       operationId: UpdateList
       requestBody:
@@ -31792,8 +30408,7 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Lists_API_PlatformErrorResponse
+                  - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse'
                   - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse'
           description: Invalid input data response
         '401':
@@ -31823,11 +30438,10 @@ paths:
       summary: Update a list
       tags:
         - Security Lists API
+      x-beta: true
   /api/lists/_find:
     get:
-      description: >-
-        Get a paginated subset of lists. By default, the first page is returned,
-        with 20 results per page.
+      description: Get a paginated subset of lists. By default, the first page is returned, with 20 results per page.
       operationId: FindLists
       parameters:
         - description: The page number to return
@@ -31857,24 +30471,17 @@ paths:
               - desc
               - asc
             type: string
-        - description: >
-            Returns the list that come after the last list returned in the
-            previous call
-
-            (use the cursor value returned in the previous call). This parameter
-            uses
-
-            the `tie_breaker_id` field to ensure all lists are sorted and
-            returned correctly.
+        - description: |
+            Returns the list that come after the last list returned in the previous call
+            (use the cursor value returned in the previous call). This parameter uses
+            the `tie_breaker_id` field to ensure all lists are sorted and returned correctly.
           in: query
           name: cursor
           required: false
           schema:
             $ref: '#/components/schemas/Security_Lists_API_FindListsCursor'
-        - description: >
-            Filters the returned results according to the value of the specified
-            field,
-
+        - description: |
+            Filters the returned results according to the value of the specified field,
             using the <field name>:<field value> syntax.
           in: query
           name: filter
@@ -31915,8 +30522,7 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Lists_API_PlatformErrorResponse
+                  - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse'
                   - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse'
           description: Invalid input data response
         '401':
@@ -31940,6 +30546,7 @@ paths:
       summary: Get lists
       tags:
         - Security Lists API
+      x-beta: true
   /api/lists/index:
     delete:
       description: Delete the `.lists` and `.items` data streams.
@@ -31961,8 +30568,7 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Lists_API_PlatformErrorResponse
+                  - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse'
                   - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse'
           description: Invalid input data response
         '401':
@@ -31992,6 +30598,7 @@ paths:
       summary: Delete list data streams
       tags:
         - Security Lists API
+      x-beta: true
     get:
       description: Verify that `.lists` and `.items` data streams exist.
       operationId: ReadListIndex
@@ -32015,8 +30622,7 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Lists_API_PlatformErrorResponse
+                  - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse'
                   - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse'
           description: Invalid input data response
         '401':
@@ -32046,6 +30652,7 @@ paths:
       summary: Get status of list data streams
       tags:
         - Security Lists API
+      x-beta: true
     post:
       description: Create `.lists` and `.items` data streams in the relevant space.
       operationId: CreateListIndex
@@ -32066,8 +30673,7 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Lists_API_PlatformErrorResponse
+                  - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse'
                   - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse'
           description: Invalid input data response
         '401':
@@ -32097,6 +30703,7 @@ paths:
       summary: Create list data streams
       tags:
         - Security Lists API
+      x-beta: true
   /api/lists/items:
     delete:
       description: Delete a list item using its `id`, or its `list_id` and `value` fields.
@@ -32120,9 +30727,7 @@ paths:
           required: false
           schema:
             type: string
-        - description: >-
-            Determines when changes made by the request are made visible to
-            search
+        - description: Determines when changes made by the request are made visible to search
           in: query
           name: refresh
           required: false
@@ -32149,8 +30754,7 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Lists_API_PlatformErrorResponse
+                  - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse'
                   - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse'
           description: Invalid input data response
         '401':
@@ -32180,6 +30784,7 @@ paths:
       summary: Delete a list item
       tags:
         - Security Lists API
+      x-beta: true
     get:
       description: Get the details of a list item.
       operationId: ReadListItem
@@ -32218,8 +30823,7 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Lists_API_PlatformErrorResponse
+                  - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse'
                   - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse'
           description: Invalid input data response
         '401':
@@ -32249,6 +30853,7 @@ paths:
       summary: Get a list item
       tags:
         - Security Lists API
+      x-beta: true
     patch:
       description: Update specific fields of an existing list item using the list item ID.
       operationId: PatchListItem
@@ -32265,9 +30870,7 @@ paths:
                 meta:
                   $ref: '#/components/schemas/Security_Lists_API_ListItemMetadata'
                 refresh:
-                  description: >-
-                    Determines when changes made by the request are made visible
-                    to search
+                  description: Determines when changes made by the request are made visible to search
                   enum:
                     - 'true'
                     - 'false'
@@ -32291,8 +30894,7 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Lists_API_PlatformErrorResponse
+                  - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse'
                   - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse'
           description: Invalid input data response
         '401':
@@ -32322,16 +30924,13 @@ paths:
       summary: Patch a list item
       tags:
         - Security Lists API
+      x-beta: true
     post:
-      description: >
+      description: |
         Create a list item and associate it with the specified list.
 
-
-        All list items in the same list must be the same type. For example, each
-        list item in an `ip` list must define a specific IP address.
-
+        All list items in the same list must be the same type. For example, each list item in an `ip` list must define a specific IP address.
         > info
-
         > Before creating a list item, you must create a list.
       operationId: CreateListItem
       requestBody:
@@ -32347,9 +30946,7 @@ paths:
                 meta:
                   $ref: '#/components/schemas/Security_Lists_API_ListItemMetadata'
                 refresh:
-                  description: >-
-                    Determines when changes made by the request are made visible
-                    to search
+                  description: Determines when changes made by the request are made visible to search
                   enum:
                     - 'true'
                     - 'false'
@@ -32374,8 +30971,7 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Lists_API_PlatformErrorResponse
+                  - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse'
                   - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse'
           description: Invalid input data response
         '401':
@@ -32405,13 +31001,11 @@ paths:
       summary: Create a list item
       tags:
         - Security Lists API
+      x-beta: true
     put:
-      description: >
-        Update a list item using the list item ID. The original list item is
-        replaced, and all unspecified fields are deleted.
-
+      description: |
+        Update a list item using the list item ID. The original list item is replaced, and all unspecified fields are deleted.
         > info
-
         > You cannot modify the `id` value.
       operationId: UpdateListItem
       requestBody:
@@ -32445,8 +31039,7 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Lists_API_PlatformErrorResponse
+                  - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse'
                   - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse'
           description: Invalid input data response
         '401':
@@ -32476,6 +31069,7 @@ paths:
       summary: Update a list item
       tags:
         - Security Lists API
+      x-beta: true
   /api/lists/items/_export:
     post:
       description: Export list item values from the specified list.
@@ -32501,8 +31095,7 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Lists_API_PlatformErrorResponse
+                  - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse'
                   - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse'
           description: Invalid input data response
         '401':
@@ -32532,6 +31125,7 @@ paths:
       summary: Export list items
       tags:
         - Security Lists API
+      x-beta: true
   /api/lists/items/_find:
     get:
       description: Get all list items in the specified list.
@@ -32570,24 +31164,17 @@ paths:
               - desc
               - asc
             type: string
-        - description: >
-            Returns the list that come after the last list returned in the
-            previous call
-
-            (use the cursor value returned in the previous call). This parameter
-            uses
-
-            the `tie_breaker_id` field to ensure all lists are sorted and
-            returned correctly.
+        - description: |
+            Returns the list that come after the last list returned in the previous call
+            (use the cursor value returned in the previous call). This parameter uses
+            the `tie_breaker_id` field to ensure all lists are sorted and returned correctly.
           in: query
           name: cursor
           required: false
           schema:
             $ref: '#/components/schemas/Security_Lists_API_FindListItemsCursor'
-        - description: >
-            Filters the returned results according to the value of the specified
-            field,
-
+        - description: |
+            Filters the returned results according to the value of the specified field,
             using the <field name>:<field value> syntax.
           in: query
           name: filter
@@ -32602,8 +31189,7 @@ paths:
                 type: object
                 properties:
                   cursor:
-                    $ref: >-
-                      #/components/schemas/Security_Lists_API_FindListItemsCursor
+                    $ref: '#/components/schemas/Security_Lists_API_FindListItemsCursor'
                   data:
                     items:
                       $ref: '#/components/schemas/Security_Lists_API_ListItem'
@@ -32629,8 +31215,7 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Lists_API_PlatformErrorResponse
+                  - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse'
                   - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse'
           description: Invalid input data response
         '401':
@@ -32654,12 +31239,11 @@ paths:
       summary: Get list items
       tags:
         - Security Lists API
+      x-beta: true
   /api/lists/items/_import:
     post:
-      description: >
-        Import list items from a TXT or CSV file. The maximum file size is 9
-        million bytes.
-
+      description: |
+        Import list items from a TXT or CSV file. The maximum file size is 9 million bytes.
 
         You can import items to a new or existing list.
       operationId: ImportListItems
@@ -32673,12 +31257,10 @@ paths:
           required: false
           schema:
             $ref: '#/components/schemas/Security_Lists_API_ListId'
-        - description: >
+        - description: |
             Type of the importing list.
 
-
-            Required when importing a new list that is `list_id` is not
-            specified.
+            Required when importing a new list that is `list_id` is not specified.
           in: query
           name: type
           required: false
@@ -32694,9 +31276,7 @@ paths:
           required: false
           schema:
             type: string
-        - description: >-
-            Determines when changes made by the request are made visible to
-            search
+        - description: Determines when changes made by the request are made visible to search
           in: query
           name: refresh
           required: false
@@ -32713,9 +31293,7 @@ paths:
               type: object
               properties:
                 file:
-                  description: >-
-                    A `.txt` or `.csv` file containing newline separated list
-                    items
+                  description: A `.txt` or `.csv` file containing newline separated list items
                   format: binary
                   type: string
         required: true
@@ -32731,8 +31309,7 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Lists_API_PlatformErrorResponse
+                  - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse'
                   - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse'
           description: Invalid input data response
         '401':
@@ -32762,6 +31339,7 @@ paths:
       summary: Import list items
       tags:
         - Security Lists API
+      x-beta: true
   /api/lists/privileges:
     get:
       operationId: ReadListPrivileges
@@ -32788,8 +31366,7 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Lists_API_PlatformErrorResponse
+                  - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse'
                   - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse'
           description: Invalid input data response
         '401':
@@ -32813,12 +31390,11 @@ paths:
       summary: Get list privileges
       tags:
         - Security Lists API
+      x-beta: true
   /api/ml/saved_objects/sync:
     get:
-      description: >
-        Synchronizes Kibana saved objects for machine learning jobs and trained
-        models. This API runs automatically when you start Kibana and
-        periodically thereafter.
+      description: |
+        Synchronizes Kibana saved objects for machine learning jobs and trained models. This API runs automatically when you start Kibana and periodically thereafter.
       operationId: mlSync
       parameters:
         - $ref: '#/components/parameters/Machine_learning_APIs_simulateParam'
@@ -32841,6 +31417,7 @@ paths:
       summary: Sync machine learning saved objects
       tags:
         - ml
+      x-beta: true
   /api/note:
     delete:
       description: Delete a note from a Timeline using the note ID.
@@ -32882,7 +31459,7 @@ paths:
       summary: Delete a note
       tags:
         - Security Timeline API
-        - access:securitySolution
+      x-beta: true
     get:
       description: Get all notes for a given document.
       operationId: GetNotes
@@ -32946,7 +31523,7 @@ paths:
       summary: Get notes
       tags:
         - Security Timeline API
-        - access:securitySolution
+      x-beta: true
     patch:
       description: Add a note to a Timeline or update an existing note.
       operationId: PersistNoteRoute
@@ -32991,8 +31568,7 @@ paths:
                     type: object
                     properties:
                       persistNote:
-                        $ref: >-
-                          #/components/schemas/Security_Timeline_API_ResponseNote
+                        $ref: '#/components/schemas/Security_Timeline_API_ResponseNote'
                     required:
                       - persistNote
                 required:
@@ -33001,7 +31577,7 @@ paths:
       summary: Add or update a note
       tags:
         - Security Timeline API
-        - access:securitySolution
+      x-beta: true
   /api/osquery/live_queries:
     get:
       description: Get a list of all live queries.
@@ -33011,19 +31587,18 @@ paths:
           name: query
           required: true
           schema:
-            $ref: >-
-              #/components/schemas/Security_Osquery_API_FindLiveQueryRequestQuery
+            $ref: '#/components/schemas/Security_Osquery_API_FindLiveQueryRequestQuery'
       responses:
         '200':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Osquery_API_DefaultSuccessResponse
+                $ref: '#/components/schemas/Security_Osquery_API_DefaultSuccessResponse'
           description: OK
       summary: Get live queries
       tags:
         - Security Osquery API
+      x-beta: true
     post:
       description: Create and run a live query.
       operationId: OsqueryCreateLiveQuery
@@ -33031,20 +31606,19 @@ paths:
         content:
           application/json; Elastic-Api-Version=2023-10-31:
             schema:
-              $ref: >-
-                #/components/schemas/Security_Osquery_API_CreateLiveQueryRequestBody
+              $ref: '#/components/schemas/Security_Osquery_API_CreateLiveQueryRequestBody'
         required: true
       responses:
         '200':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Osquery_API_DefaultSuccessResponse
+                $ref: '#/components/schemas/Security_Osquery_API_DefaultSuccessResponse'
           description: OK
       summary: Create a live query
       tags:
         - Security Osquery API
+      x-beta: true
   /api/osquery/live_queries/{id}:
     get:
       description: Get the details of a live query using the query ID.
@@ -33065,12 +31639,12 @@ paths:
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Osquery_API_DefaultSuccessResponse
+                $ref: '#/components/schemas/Security_Osquery_API_DefaultSuccessResponse'
           description: OK
       summary: Get live query details
       tags:
         - Security Osquery API
+      x-beta: true
   /api/osquery/live_queries/{id}/results/{actionId}:
     get:
       description: Get the results of a live query using the query action ID.
@@ -33090,19 +31664,18 @@ paths:
           name: query
           required: true
           schema:
-            $ref: >-
-              #/components/schemas/Security_Osquery_API_GetLiveQueryResultsRequestQuery
+            $ref: '#/components/schemas/Security_Osquery_API_GetLiveQueryResultsRequestQuery'
       responses:
         '200':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Osquery_API_DefaultSuccessResponse
+                $ref: '#/components/schemas/Security_Osquery_API_DefaultSuccessResponse'
           description: OK
       summary: Get live query results
       tags:
         - Security Osquery API
+      x-beta: true
   /api/osquery/packs:
     get:
       description: Get a list of all query packs.
@@ -33118,12 +31691,12 @@ paths:
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Osquery_API_DefaultSuccessResponse
+                $ref: '#/components/schemas/Security_Osquery_API_DefaultSuccessResponse'
           description: OK
       summary: Get packs
       tags:
         - Security Osquery API
+      x-beta: true
     post:
       description: Create a query pack.
       operationId: OsqueryCreatePacks
@@ -33138,12 +31711,12 @@ paths:
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Osquery_API_DefaultSuccessResponse
+                $ref: '#/components/schemas/Security_Osquery_API_DefaultSuccessResponse'
           description: OK
       summary: Create a pack
       tags:
         - Security Osquery API
+      x-beta: true
   /api/osquery/packs/{id}:
     delete:
       description: Delete a query pack using the pack ID.
@@ -33159,12 +31732,12 @@ paths:
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Osquery_API_DefaultSuccessResponse
+                $ref: '#/components/schemas/Security_Osquery_API_DefaultSuccessResponse'
           description: OK
       summary: Delete a pack
       tags:
         - Security Osquery API
+      x-beta: true
     get:
       description: Get the details of a query pack using the pack ID.
       operationId: OsqueryGetPacksDetails
@@ -33179,12 +31752,12 @@ paths:
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Osquery_API_DefaultSuccessResponse
+                $ref: '#/components/schemas/Security_Osquery_API_DefaultSuccessResponse'
           description: OK
       summary: Get pack details
       tags:
         - Security Osquery API
+      x-beta: true
     put:
       description: |
         Update a query pack using the pack ID.
@@ -33208,12 +31781,12 @@ paths:
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Osquery_API_DefaultSuccessResponse
+                $ref: '#/components/schemas/Security_Osquery_API_DefaultSuccessResponse'
           description: OK
       summary: Update a pack
       tags:
         - Security Osquery API
+      x-beta: true
   /api/osquery/saved_queries:
     get:
       description: Get a list of all saved queries.
@@ -33223,19 +31796,18 @@ paths:
           name: query
           required: true
           schema:
-            $ref: >-
-              #/components/schemas/Security_Osquery_API_FindSavedQueryRequestQuery
+            $ref: '#/components/schemas/Security_Osquery_API_FindSavedQueryRequestQuery'
       responses:
         '200':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Osquery_API_DefaultSuccessResponse
+                $ref: '#/components/schemas/Security_Osquery_API_DefaultSuccessResponse'
           description: OK
       summary: Get saved queries
       tags:
         - Security Osquery API
+      x-beta: true
     post:
       description: Create and run a saved query.
       operationId: OsqueryCreateSavedQuery
@@ -33243,20 +31815,19 @@ paths:
         content:
           application/json; Elastic-Api-Version=2023-10-31:
             schema:
-              $ref: >-
-                #/components/schemas/Security_Osquery_API_CreateSavedQueryRequestBody
+              $ref: '#/components/schemas/Security_Osquery_API_CreateSavedQueryRequestBody'
         required: true
       responses:
         '200':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Osquery_API_DefaultSuccessResponse
+                $ref: '#/components/schemas/Security_Osquery_API_DefaultSuccessResponse'
           description: OK
       summary: Create a saved query
       tags:
         - Security Osquery API
+      x-beta: true
   /api/osquery/saved_queries/{id}:
     delete:
       description: Delete a saved query using the query ID.
@@ -33272,12 +31843,12 @@ paths:
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Osquery_API_DefaultSuccessResponse
+                $ref: '#/components/schemas/Security_Osquery_API_DefaultSuccessResponse'
           description: OK
       summary: Delete a saved query
       tags:
         - Security Osquery API
+      x-beta: true
     get:
       description: Get the details of a saved query using the query ID.
       operationId: OsqueryGetSavedQueryDetails
@@ -33292,12 +31863,12 @@ paths:
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Osquery_API_DefaultSuccessResponse
+                $ref: '#/components/schemas/Security_Osquery_API_DefaultSuccessResponse'
           description: OK
       summary: Get saved query details
       tags:
         - Security Osquery API
+      x-beta: true
     put:
       description: |
         Update a saved query using the query ID.
@@ -33314,20 +31885,19 @@ paths:
         content:
           application/json; Elastic-Api-Version=2023-10-31:
             schema:
-              $ref: >-
-                #/components/schemas/Security_Osquery_API_UpdateSavedQueryRequestBody
+              $ref: '#/components/schemas/Security_Osquery_API_UpdateSavedQueryRequestBody'
         required: true
       responses:
         '200':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Osquery_API_DefaultSuccessResponse
+                $ref: '#/components/schemas/Security_Osquery_API_DefaultSuccessResponse'
           description: OK
       summary: Update a saved query
       tags:
         - Security Osquery API
+      x-beta: true
   /api/pinned_event:
     patch:
       description: Pin an event to an existing Timeline.
@@ -33361,8 +31931,7 @@ paths:
                     type: object
                     properties:
                       persistPinnedEventOnTimeline:
-                        $ref: >-
-                          #/components/schemas/Security_Timeline_API_PersistPinnedEventResponse
+                        $ref: '#/components/schemas/Security_Timeline_API_PersistPinnedEventResponse'
                     required:
                       - persistPinnedEventOnTimeline
                 required:
@@ -33371,12 +31940,10 @@ paths:
       summary: Pin an event
       tags:
         - Security Timeline API
-        - access:securitySolution
+      x-beta: true
   /api/risk_score/engine/dangerously_delete_data:
     delete:
-      description: >-
-        Cleaning up the the Risk Engine by removing the indices, mapping and
-        transforms
+      description: Cleaning up the the Risk Engine by removing the indices, mapping and transforms
       operationId: CleanUpRiskEngine
       responses:
         '200':
@@ -33392,25 +31959,21 @@ paths:
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Entity_Analytics_API_TaskManagerUnavailableResponse
+                $ref: '#/components/schemas/Security_Entity_Analytics_API_TaskManagerUnavailableResponse'
           description: Task manager is unavailable
         default:
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Entity_Analytics_API_CleanUpRiskEngineErrorResponse
+                $ref: '#/components/schemas/Security_Entity_Analytics_API_CleanUpRiskEngineErrorResponse'
           description: Unexpected error
       summary: Cleanup the Risk Engine
       tags:
         - Security Entity Analytics API
+      x-beta: true
   /api/risk_score/engine/schedule_now:
     post:
-      description: >-
-        Schedule the risk scoring engine to run as soon as possible. You can use
-        this to recalculate entity risk scores after updating their asset
-        criticality.
+      description: Schedule the risk scoring engine to run as soon as possible. You can use this to recalculate entity risk scores after updating their asset criticality.
       operationId: ScheduleRiskEngineNow
       requestBody:
         content:
@@ -33420,46 +31983,35 @@ paths:
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Entity_Analytics_API_RiskEngineScheduleNowResponse
+                $ref: '#/components/schemas/Security_Entity_Analytics_API_RiskEngineScheduleNowResponse'
           description: Successful response
         '400':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Entity_Analytics_API_TaskManagerUnavailableResponse
+                $ref: '#/components/schemas/Security_Entity_Analytics_API_TaskManagerUnavailableResponse'
           description: Task manager is unavailable
         default:
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Entity_Analytics_API_RiskEngineScheduleNowErrorResponse
+                $ref: '#/components/schemas/Security_Entity_Analytics_API_RiskEngineScheduleNowErrorResponse'
           description: Unexpected error
       summary: Run the risk scoring engine
       tags:
         - Security Entity Analytics API
+      x-beta: true
   /api/saved_objects/_export:
     post:
-      description: >
+      description: |
         Retrieve sets of saved objects that you want to import into Kibana.
-
         You must include `type` or `objects` in the request body.
 
+        Exported saved objects are not backwards compatible and cannot be imported into an older version of Kibana.
 
-        Exported saved objects are not backwards compatible and cannot be
-        imported into an older version of Kibana.
-
+        NOTE: The `savedObjects.maxImportExportSize` configuration setting limits the number of saved objects which may be exported.
 
-        NOTE: The `savedObjects.maxImportExportSize` configuration setting
-        limits the number of saved objects which may be exported.
-
-
-        This functionality is in technical preview and may be changed or removed
-        in a future release. Elastic will work to fix any issues, but features
-        in technical preview are not subject to the support SLA of official GA
-        features.
+        This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
       operationId: exportSavedObjectsDefault
       parameters:
         - $ref: '#/components/parameters/Serverless_saved_objects_kbn_xsrf'
@@ -33468,8 +32020,7 @@ paths:
           application/json; Elastic-Api-Version=2023-10-31:
             examples:
               exportSavedObjectsRequest:
-                $ref: >-
-                  #/components/examples/Serverless_saved_objects_export_objects_request
+                $ref: '#/components/examples/Serverless_saved_objects_export_objects_request'
             schema:
               type: object
               properties:
@@ -33478,9 +32029,7 @@ paths:
                   description: Do not add export details entry at the end of the stream.
                   type: boolean
                 includeReferencesDeep:
-                  description: >-
-                    Includes all of the referenced objects in the exported
-                    objects.
+                  description: Includes all of the referenced objects in the exported objects.
                   type: boolean
                 objects:
                   description: A list of objects to export.
@@ -33488,9 +32037,7 @@ paths:
                     type: object
                   type: array
                 type:
-                  description: >-
-                    The saved object types to include in the export. Use `*` to
-                    export all the types.
+                  description: The saved object types to include in the export. Use `*` to export all the types.
                   oneOf:
                     - type: string
                     - items:
@@ -33503,8 +32050,7 @@ paths:
             application/x-ndjson; Elastic-Api-Version=2023-10-31:
               examples:
                 exportSavedObjectsResponse:
-                  $ref: >-
-                    #/components/examples/Serverless_saved_objects_export_objects_response
+                  $ref: '#/components/examples/Serverless_saved_objects_export_objects_response'
               schema:
                 additionalProperties: true
                 type: object
@@ -33518,51 +32064,33 @@ paths:
       summary: Export saved objects
       tags:
         - saved objects
+      x-beta: true
   /api/saved_objects/_import:
     post:
-      description: >
-        Create sets of Kibana saved objects from a file created by the export
-        API.
-
-        Saved objects can be imported only into the same version, a newer minor
-        on the same major, or the next major. Exported saved objects are not
-        backwards compatible and cannot be imported into an older version of
-        Kibana.
-
+      description: |
+        Create sets of Kibana saved objects from a file created by the export API.
+        Saved objects can be imported only into the same version, a newer minor on the same major, or the next major. Exported saved objects are not backwards compatible and cannot be imported into an older version of Kibana.
 
-        This functionality is in technical preview and may be changed or removed
-        in a future release. Elastic will work to fix any issues, but features
-        in technical preview are not subject to the support SLA of official GA
-        features.
+        This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
       operationId: importSavedObjectsDefault
       parameters:
         - $ref: '#/components/parameters/Serverless_saved_objects_kbn_xsrf'
-        - description: >
-            Creates copies of saved objects, regenerates each object ID, and
-            resets the origin. When used, potential conflict errors are avoided.
-            NOTE: This option cannot be used with the `overwrite` and
-            `compatibilityMode` options.
+        - description: |
+            Creates copies of saved objects, regenerates each object ID, and resets the origin. When used, potential conflict errors are avoided. NOTE: This option cannot be used with the `overwrite` and `compatibilityMode` options.
           in: query
           name: createNewCopies
           required: false
           schema:
             type: boolean
-        - description: >
-            Overwrites saved objects when they already exist. When used,
-            potential conflict errors are automatically resolved by overwriting
-            the destination object. NOTE: This option cannot be used with the
-            `createNewCopies` option.
+        - description: |
+            Overwrites saved objects when they already exist. When used, potential conflict errors are automatically resolved by overwriting the destination object. NOTE: This option cannot be used with the `createNewCopies` option.
           in: query
           name: overwrite
           required: false
           schema:
             type: boolean
-        - description: >
-            Applies various adjustments to the saved objects that are being
-            imported to maintain compatibility between different Kibana
-            versions. Use this option only if you encounter issues with imported
-            saved objects. NOTE: This option cannot be used with the
-            `createNewCopies` option.
+        - description: |
+            Applies various adjustments to the saved objects that are being imported to maintain compatibility between different Kibana versions. Use this option only if you encounter issues with imported saved objects. NOTE: This option cannot be used with the `createNewCopies` option.
           in: query
           name: compatibilityMode
           required: false
@@ -33573,19 +32101,13 @@ paths:
           multipart/form-data; Elastic-Api-Version=2023-10-31:
             examples:
               importObjectsRequest:
-                $ref: >-
-                  #/components/examples/Serverless_saved_objects_import_objects_request
+                $ref: '#/components/examples/Serverless_saved_objects_import_objects_request'
             schema:
               type: object
               properties:
                 file:
-                  description: >
-                    A file exported using the export API. NOTE: The
-                    `savedObjects.maxImportExportSize` configuration setting
-                    limits the number of saved objects which may be included in
-                    this file. Similarly, the
-                    `savedObjects.maxImportPayloadBytes` setting limits the
-                    overall size of the file that can be imported.
+                  description: |
+                    A file exported using the export API. NOTE: The `savedObjects.maxImportExportSize` configuration setting limits the number of saved objects which may be included in this file. Similarly, the `savedObjects.maxImportPayloadBytes` setting limits the overall size of the file that can be imported.
         required: true
       responses:
         '200':
@@ -33593,44 +32115,30 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               examples:
                 importObjectsResponse:
-                  $ref: >-
-                    #/components/examples/Serverless_saved_objects_import_objects_response
+                  $ref: '#/components/examples/Serverless_saved_objects_import_objects_response'
               schema:
                 type: object
                 properties:
                   errors:
-                    description: >
-                      Indicates the import was unsuccessful and specifies the
-                      objects that failed to import.
-
+                    description: |
+                      Indicates the import was unsuccessful and specifies the objects that failed to import.
 
-                      NOTE: One object may result in multiple errors, which
-                      requires separate steps to resolve. For instance, a
-                      `missing_references` error and conflict error.
+                      NOTE: One object may result in multiple errors, which requires separate steps to resolve. For instance, a `missing_references` error and conflict error.
                     items:
                       type: object
                     type: array
                   success:
-                    description: >
-                      Indicates when the import was successfully completed. When
-                      set to false, some objects may not have been created. For
-                      additional information, refer to the `errors` and
-                      `successResults` properties.
+                    description: |
+                      Indicates when the import was successfully completed. When set to false, some objects may not have been created. For additional information, refer to the `errors` and `successResults` properties.
                     type: boolean
                   successCount:
                     description: Indicates the number of successfully imported records.
                     type: integer
                   successResults:
-                    description: >
-                      Indicates the objects that are successfully imported, with
-                      any metadata if applicable.
+                    description: |
+                      Indicates the objects that are successfully imported, with any metadata if applicable.
 
-
-                      NOTE: Objects are created only when all resolvable errors
-                      are addressed, including conflicts and missing references.
-                      If objects are created as new copies, each entry in the
-                      `successResults` array includes a `destinationId`
-                      attribute.
+                      NOTE: Objects are created only when all resolvable errors are addressed, including conflicts and missing references. If objects are created as new copies, each entry in the `successResults` array includes a `destinationId` attribute.
                     items:
                       type: object
                     type: array
@@ -33652,12 +32160,10 @@ paths:
               -X POST api/saved_objects/_import?createNewCopies=true
               -H "kbn-xsrf: true"
               --form file=@file.ndjson
+      x-beta: true
   /api/security_ai_assistant/anonymization_fields/_bulk_action:
     post:
-      description: >-
-        Apply a bulk action to multiple anonymization fields. The bulk action is
-        applied to all anonymization fields that match the filter or to the list
-        of anonymization fields by their IDs.
+      description: Apply a bulk action to multiple anonymization fields. The bulk action is applied to all anonymization fields that match the filter or to the list of anonymization fields by their IDs.
       operationId: PerformAnonymizationFieldsBulkAction
       requestBody:
         content:
@@ -33667,8 +32173,7 @@ paths:
               properties:
                 create:
                   items:
-                    $ref: >-
-                      #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldCreateProps
+                    $ref: '#/components/schemas/Security_AI_Assistant_API_AnonymizationFieldCreateProps'
                   type: array
                 delete:
                   type: object
@@ -33684,16 +32189,14 @@ paths:
                       type: string
                 update:
                   items:
-                    $ref: >-
-                      #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldUpdateProps
+                    $ref: '#/components/schemas/Security_AI_Assistant_API_AnonymizationFieldUpdateProps'
                   type: array
       responses:
         '200':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldsBulkCrudActionResponse
+                $ref: '#/components/schemas/Security_AI_Assistant_API_AnonymizationFieldsBulkCrudActionResponse'
           description: Indicates a successful call.
         '400':
           content:
@@ -33711,7 +32214,7 @@ paths:
       summary: Apply a bulk action to anonymization fields
       tags:
         - Security AI Assistant API
-        - Bulk API
+      x-beta: true
   /api/security_ai_assistant/anonymization_fields/_find:
     get:
       description: Get a list of all anonymization fields.
@@ -33735,8 +32238,7 @@ paths:
           name: sort_field
           required: false
           schema:
-            $ref: >-
-              #/components/schemas/Security_AI_Assistant_API_FindAnonymizationFieldsSortField
+            $ref: '#/components/schemas/Security_AI_Assistant_API_FindAnonymizationFieldsSortField'
         - description: Sort order
           in: query
           name: sort_order
@@ -33768,8 +32270,7 @@ paths:
                 properties:
                   data:
                     items:
-                      $ref: >-
-                        #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldResponse
+                      $ref: '#/components/schemas/Security_AI_Assistant_API_AnonymizationFieldResponse'
                     type: array
                   page:
                     type: integer
@@ -33799,7 +32300,7 @@ paths:
       summary: Get anonymization fields
       tags:
         - Security AI Assistant API
-        - AnonymizationFields API
+      x-beta: true
   /api/security_ai_assistant/chat/complete:
     post:
       description: Create a model response for the given chat conversation.
@@ -33834,7 +32335,7 @@ paths:
       summary: Create a model response
       tags:
         - Security AI Assistant API
-        - Chat Complete API
+      x-beta: true
   /api/security_ai_assistant/current_user/conversations:
     post:
       description: Create a new Security AI Assistant conversation.
@@ -33843,16 +32344,14 @@ paths:
         content:
           application/json; Elastic-Api-Version=2023-10-31:
             schema:
-              $ref: >-
-                #/components/schemas/Security_AI_Assistant_API_ConversationCreateProps
+              $ref: '#/components/schemas/Security_AI_Assistant_API_ConversationCreateProps'
         required: true
       responses:
         '200':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_AI_Assistant_API_ConversationResponse
+                $ref: '#/components/schemas/Security_AI_Assistant_API_ConversationResponse'
           description: Indicates a successful call.
         '400':
           content:
@@ -33870,7 +32369,7 @@ paths:
       summary: Create a conversation
       tags:
         - Security AI Assistant API
-        - Conversation API
+      x-beta: true
   /api/security_ai_assistant/current_user/conversations/_find:
     get:
       description: Get a list of all conversations for the current user.
@@ -33894,8 +32393,7 @@ paths:
           name: sort_field
           required: false
           schema:
-            $ref: >-
-              #/components/schemas/Security_AI_Assistant_API_FindConversationsSortField
+            $ref: '#/components/schemas/Security_AI_Assistant_API_FindConversationsSortField'
         - description: Sort order
           in: query
           name: sort_order
@@ -33927,8 +32425,7 @@ paths:
                 properties:
                   data:
                     items:
-                      $ref: >-
-                        #/components/schemas/Security_AI_Assistant_API_ConversationResponse
+                      $ref: '#/components/schemas/Security_AI_Assistant_API_ConversationResponse'
                     type: array
                   page:
                     type: integer
@@ -33958,7 +32455,7 @@ paths:
       summary: Get conversations
       tags:
         - Security AI Assistant API
-        - Conversations API
+      x-beta: true
   /api/security_ai_assistant/current_user/conversations/{id}:
     delete:
       description: Delete an existing conversation using the conversation ID.
@@ -33975,8 +32472,7 @@ paths:
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_AI_Assistant_API_ConversationResponse
+                $ref: '#/components/schemas/Security_AI_Assistant_API_ConversationResponse'
           description: Indicates a successful call.
         '400':
           content:
@@ -33994,7 +32490,7 @@ paths:
       summary: Delete a conversation
       tags:
         - Security AI Assistant API
-        - Conversation API
+      x-beta: true
     get:
       description: Get the details of an existing conversation using the conversation ID.
       operationId: ReadConversation
@@ -34010,8 +32506,7 @@ paths:
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_AI_Assistant_API_ConversationResponse
+                $ref: '#/components/schemas/Security_AI_Assistant_API_ConversationResponse'
           description: Indicates a successful call.
         '400':
           content:
@@ -34029,7 +32524,7 @@ paths:
       summary: Get a conversation
       tags:
         - Security AI Assistant API
-        - Conversations API
+      x-beta: true
     put:
       description: Update an existing conversation using the conversation ID.
       operationId: UpdateConversation
@@ -34044,16 +32539,14 @@ paths:
         content:
           application/json; Elastic-Api-Version=2023-10-31:
             schema:
-              $ref: >-
-                #/components/schemas/Security_AI_Assistant_API_ConversationUpdateProps
+              $ref: '#/components/schemas/Security_AI_Assistant_API_ConversationUpdateProps'
         required: true
       responses:
         '200':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_AI_Assistant_API_ConversationResponse
+                $ref: '#/components/schemas/Security_AI_Assistant_API_ConversationResponse'
           description: Indicates a successful call.
         '400':
           content:
@@ -34071,13 +32564,10 @@ paths:
       summary: Update a conversation
       tags:
         - Security AI Assistant API
-        - Conversation API
+      x-beta: true
   /api/security_ai_assistant/prompts/_bulk_action:
     post:
-      description: >-
-        Apply a bulk action to multiple prompts. The bulk action is applied to
-        all prompts that match the filter or to the list of prompts by their
-        IDs.
+      description: Apply a bulk action to multiple prompts. The bulk action is applied to all prompts that match the filter or to the list of prompts by their IDs.
       operationId: PerformPromptsBulkAction
       requestBody:
         content:
@@ -34087,8 +32577,7 @@ paths:
               properties:
                 create:
                   items:
-                    $ref: >-
-                      #/components/schemas/Security_AI_Assistant_API_PromptCreateProps
+                    $ref: '#/components/schemas/Security_AI_Assistant_API_PromptCreateProps'
                   type: array
                 delete:
                   type: object
@@ -34104,16 +32593,14 @@ paths:
                       type: string
                 update:
                   items:
-                    $ref: >-
-                      #/components/schemas/Security_AI_Assistant_API_PromptUpdateProps
+                    $ref: '#/components/schemas/Security_AI_Assistant_API_PromptUpdateProps'
                   type: array
       responses:
         '200':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_AI_Assistant_API_PromptsBulkCrudActionResponse
+                $ref: '#/components/schemas/Security_AI_Assistant_API_PromptsBulkCrudActionResponse'
           description: Indicates a successful call.
         '400':
           content:
@@ -34131,7 +32618,7 @@ paths:
       summary: Apply a bulk action to prompts
       tags:
         - Security AI Assistant API
-        - Bulk API
+      x-beta: true
   /api/security_ai_assistant/prompts/_find:
     get:
       description: Get a list of all prompts.
@@ -34155,8 +32642,7 @@ paths:
           name: sort_field
           required: false
           schema:
-            $ref: >-
-              #/components/schemas/Security_AI_Assistant_API_FindPromptsSortField
+            $ref: '#/components/schemas/Security_AI_Assistant_API_FindPromptsSortField'
         - description: Sort order
           in: query
           name: sort_order
@@ -34188,8 +32674,7 @@ paths:
                 properties:
                   data:
                     items:
-                      $ref: >-
-                        #/components/schemas/Security_AI_Assistant_API_PromptResponse
+                      $ref: '#/components/schemas/Security_AI_Assistant_API_PromptResponse'
                     type: array
                   page:
                     type: integer
@@ -34219,7 +32704,7 @@ paths:
       summary: Get prompts
       tags:
         - Security AI Assistant API
-        - Prompts API
+      x-beta: true
   /api/security/role:
     get:
       operationId: get-security-role
@@ -34232,10 +32717,7 @@ paths:
             enum:
               - '2023-10-31'
             type: string
-        - description: >-
-            If `true` and the response contains any privileges that are
-            associated with deprecated features, they are omitted in favor of
-            details about the appropriate replacement feature privileges.
+        - description: If `true` and the response contains any privileges that are associated with deprecated features, they are omitted in favor of details about the appropriate replacement feature privileges.
           in: query
           name: replaceDeprecatedPrivileges
           required: false
@@ -34247,6 +32729,7 @@ paths:
       summary: Get all roles
       tags:
         - roles
+      x-beta: true
   /api/security/role/{name}:
     delete:
       operationId: delete-security-role-name
@@ -34278,6 +32761,7 @@ paths:
       summary: Delete a role
       tags:
         - roles
+      x-beta: true
     get:
       operationId: get-security-role-name
       parameters:
@@ -34296,10 +32780,7 @@ paths:
           schema:
             minLength: 1
             type: string
-        - description: >-
-            If `true` and the response contains any privileges that are
-            associated with deprecated features, they are omitted in favor of
-            details about the appropriate replacement feature privileges.
+        - description: If `true` and the response contains any privileges that are associated with deprecated features, they are omitted in favor of details about the appropriate replacement feature privileges.
           in: query
           name: replaceDeprecatedPrivileges
           required: false
@@ -34311,10 +32792,9 @@ paths:
       summary: Get a role
       tags:
         - roles
+      x-beta: true
     put:
-      description: >-
-        Create a new Kibana role or update the attributes of an existing role.
-        Kibana roles are stored in the Elasticsearch native realm.
+      description: Create a new Kibana role or update the attributes of an existing role. Kibana roles are stored in the Elasticsearch native realm.
       operationId: put-security-role-name
       parameters:
         - description: The version of the API to use
@@ -34364,9 +32844,7 @@ paths:
                   properties:
                     cluster:
                       items:
-                        description: >-
-                          Cluster privileges that define the cluster level
-                          actions that users can perform.
+                        description: Cluster privileges that define the cluster level actions that users can perform.
                         type: string
                       type: array
                     indices:
@@ -34375,55 +32853,29 @@ paths:
                         type: object
                         properties:
                           allow_restricted_indices:
-                            description: >-
-                              Restricted indices are a special category of
-                              indices that are used internally to store
-                              configuration data and should not be directly
-                              accessed. Only internal system roles should
-                              normally grant privileges over the restricted
-                              indices. Toggling this flag is very strongly
-                              discouraged because it could effectively grant
-                              unrestricted operations on critical data, making
-                              the entire system unstable or leaking sensitive
-                              information. If for administrative purposes you
-                              need to create a role with privileges covering
-                              restricted indices, however, you can set this
-                              property to true. In that case, the names field
-                              covers the restricted indices too.
+                            description: Restricted indices are a special category of indices that are used internally to store configuration data and should not be directly accessed. Only internal system roles should normally grant privileges over the restricted indices. Toggling this flag is very strongly discouraged because it could effectively grant unrestricted operations on critical data, making the entire system unstable or leaking sensitive information. If for administrative purposes you need to create a role with privileges covering restricted indices, however, you can set this property to true. In that case, the names field covers the restricted indices too.
                             type: boolean
                           field_security:
                             additionalProperties:
                               items:
-                                description: >-
-                                  The document fields that the role members have
-                                  read access to.
+                                description: The document fields that the role members have read access to.
                                 type: string
                               type: array
                             type: object
                           names:
                             items:
-                              description: >-
-                                The data streams, indices, and aliases to which
-                                the permissions in this entry apply. It supports
-                                wildcards (*).
+                              description: The data streams, indices, and aliases to which the permissions in this entry apply. It supports wildcards (*).
                               type: string
                             minItems: 1
                             type: array
                           privileges:
                             items:
-                              description: >-
-                                The index level privileges that the role members
-                                have for the data streams and indices.
+                              description: The index level privileges that the role members have for the data streams and indices.
                               type: string
                             minItems: 1
                             type: array
                           query:
-                            description: >-
-                              A search query that defines the documents the role
-                              members have read access to. A document within the
-                              specified data streams and indices must match this
-                              query in order for it to be accessible by the role
-                              members.
+                            description: A search query that defines the documents the role members have read access to. A document within the specified data streams and indices must match this query in order for it to be accessible by the role members.
                             type: string
                         required:
                           - names
@@ -34436,19 +32888,13 @@ paths:
                         properties:
                           clusters:
                             items:
-                              description: >-
-                                A list of remote cluster aliases. It supports
-                                literal strings as well as wildcards and regular
-                                expressions.
+                              description: A list of remote cluster aliases. It supports literal strings as well as wildcards and regular expressions.
                               type: string
                             minItems: 1
                             type: array
                           privileges:
                             items:
-                              description: >-
-                                The cluster level privileges for the remote
-                                cluster. The allowed values are a subset of the
-                                cluster privileges.
+                              description: The cluster level privileges for the remote cluster. The allowed values are a subset of the cluster privileges.
                               type: string
                             minItems: 1
                             type: array
@@ -34462,64 +32908,35 @@ paths:
                         type: object
                         properties:
                           allow_restricted_indices:
-                            description: >-
-                              Restricted indices are a special category of
-                              indices that are used internally to store
-                              configuration data and should not be directly
-                              accessed. Only internal system roles should
-                              normally grant privileges over the restricted
-                              indices. Toggling this flag is very strongly
-                              discouraged because it could effectively grant
-                              unrestricted operations on critical data, making
-                              the entire system unstable or leaking sensitive
-                              information. If for administrative purposes you
-                              need to create a role with privileges covering
-                              restricted indices, however, you can set this
-                              property to true. In that case, the names field
-                              will cover the restricted indices too.
+                            description: Restricted indices are a special category of indices that are used internally to store configuration data and should not be directly accessed. Only internal system roles should normally grant privileges over the restricted indices. Toggling this flag is very strongly discouraged because it could effectively grant unrestricted operations on critical data, making the entire system unstable or leaking sensitive information. If for administrative purposes you need to create a role with privileges covering restricted indices, however, you can set this property to true. In that case, the names field will cover the restricted indices too.
                             type: boolean
                           clusters:
                             items:
-                              description: >-
-                                A list of remote cluster aliases. It supports
-                                literal strings as well as wildcards and regular
-                                expressions.
+                              description: A list of remote cluster aliases. It supports literal strings as well as wildcards and regular expressions.
                               type: string
                             minItems: 1
                             type: array
                           field_security:
                             additionalProperties:
                               items:
-                                description: >-
-                                  The document fields that the role members have
-                                  read access to.
+                                description: The document fields that the role members have read access to.
                                 type: string
                               type: array
                             type: object
                           names:
                             items:
-                              description: >-
-                                A list of remote aliases, data streams, or
-                                indices to which the permissions apply. It
-                                supports wildcards (*).
+                              description: A list of remote aliases, data streams, or indices to which the permissions apply. It supports wildcards (*).
                               type: string
                             minItems: 1
                             type: array
                           privileges:
                             items:
-                              description: >-
-                                The index level privileges that role members
-                                have for the specified indices.
+                              description: The index level privileges that role members have for the specified indices.
                               type: string
                             minItems: 1
                             type: array
                           query:
-                            description: >-
-                              A search query that defines the documents the role
-                              members have read access to. A document within the
-                              specified data streams and indices must match this
-                              query in order for it to be accessible by the role
-                              members. 
+                            description: 'A search query that defines the documents the role members have read access to. A document within the specified data streams and indices must match this query in order for it to be accessible by the role members. '
                             type: string
                         required:
                           - clusters
@@ -34547,23 +32964,17 @@ paths:
                         nullable: true
                         oneOf:
                           - items:
-                              description: >-
-                                A base privilege that grants applies to all
-                                spaces.
+                              description: A base privilege that grants applies to all spaces.
                               type: string
                             type: array
                           - items:
-                              description: >-
-                                A base privilege that applies to specific
-                                spaces.
+                              description: A base privilege that applies to specific spaces.
                               type: string
                             type: array
                       feature:
                         additionalProperties:
                           items:
-                            description: >-
-                              The privileges that the role member has for the
-                              feature.
+                            description: The privileges that the role member has for the feature.
                             type: string
                           type: array
                         type: object
@@ -34596,6 +33007,7 @@ paths:
       summary: Create or update a role
       tags:
         - roles
+      x-beta: true
   /api/security/roles:
     post:
       operationId: post-security-roles
@@ -34637,9 +33049,7 @@ paths:
                         properties:
                           cluster:
                             items:
-                              description: >-
-                                Cluster privileges that define the cluster level
-                                actions that users can perform.
+                              description: Cluster privileges that define the cluster level actions that users can perform.
                               type: string
                             type: array
                           indices:
@@ -34648,58 +33058,29 @@ paths:
                               type: object
                               properties:
                                 allow_restricted_indices:
-                                  description: >-
-                                    Restricted indices are a special category of
-                                    indices that are used internally to store
-                                    configuration data and should not be
-                                    directly accessed. Only internal system
-                                    roles should normally grant privileges over
-                                    the restricted indices. Toggling this flag
-                                    is very strongly discouraged because it
-                                    could effectively grant unrestricted
-                                    operations on critical data, making the
-                                    entire system unstable or leaking sensitive
-                                    information. If for administrative purposes
-                                    you need to create a role with privileges
-                                    covering restricted indices, however, you
-                                    can set this property to true. In that case,
-                                    the names field covers the restricted
-                                    indices too.
+                                  description: Restricted indices are a special category of indices that are used internally to store configuration data and should not be directly accessed. Only internal system roles should normally grant privileges over the restricted indices. Toggling this flag is very strongly discouraged because it could effectively grant unrestricted operations on critical data, making the entire system unstable or leaking sensitive information. If for administrative purposes you need to create a role with privileges covering restricted indices, however, you can set this property to true. In that case, the names field covers the restricted indices too.
                                   type: boolean
                                 field_security:
                                   additionalProperties:
                                     items:
-                                      description: >-
-                                        The document fields that the role
-                                        members have read access to.
+                                      description: The document fields that the role members have read access to.
                                       type: string
                                     type: array
                                   type: object
                                 names:
                                   items:
-                                    description: >-
-                                      The data streams, indices, and aliases to
-                                      which the permissions in this entry apply.
-                                      It supports wildcards (*).
+                                    description: The data streams, indices, and aliases to which the permissions in this entry apply. It supports wildcards (*).
                                     type: string
                                   minItems: 1
                                   type: array
                                 privileges:
                                   items:
-                                    description: >-
-                                      The index level privileges that the role
-                                      members have for the data streams and
-                                      indices.
+                                    description: The index level privileges that the role members have for the data streams and indices.
                                     type: string
                                   minItems: 1
                                   type: array
                                 query:
-                                  description: >-
-                                    A search query that defines the documents
-                                    the role members have read access to. A
-                                    document within the specified data streams
-                                    and indices must match this query in order
-                                    for it to be accessible by the role members.
+                                  description: A search query that defines the documents the role members have read access to. A document within the specified data streams and indices must match this query in order for it to be accessible by the role members.
                                   type: string
                               required:
                                 - names
@@ -34712,19 +33093,13 @@ paths:
                               properties:
                                 clusters:
                                   items:
-                                    description: >-
-                                      A list of remote cluster aliases. It
-                                      supports literal strings as well as
-                                      wildcards and regular expressions.
+                                    description: A list of remote cluster aliases. It supports literal strings as well as wildcards and regular expressions.
                                     type: string
                                   minItems: 1
                                   type: array
                                 privileges:
                                   items:
-                                    description: >-
-                                      The cluster level privileges for the
-                                      remote cluster. The allowed values are a
-                                      subset of the cluster privileges.
+                                    description: The cluster level privileges for the remote cluster. The allowed values are a subset of the cluster privileges.
                                     type: string
                                   minItems: 1
                                   type: array
@@ -34738,67 +33113,35 @@ paths:
                               type: object
                               properties:
                                 allow_restricted_indices:
-                                  description: >-
-                                    Restricted indices are a special category of
-                                    indices that are used internally to store
-                                    configuration data and should not be
-                                    directly accessed. Only internal system
-                                    roles should normally grant privileges over
-                                    the restricted indices. Toggling this flag
-                                    is very strongly discouraged because it
-                                    could effectively grant unrestricted
-                                    operations on critical data, making the
-                                    entire system unstable or leaking sensitive
-                                    information. If for administrative purposes
-                                    you need to create a role with privileges
-                                    covering restricted indices, however, you
-                                    can set this property to true. In that case,
-                                    the names field will cover the restricted
-                                    indices too.
+                                  description: Restricted indices are a special category of indices that are used internally to store configuration data and should not be directly accessed. Only internal system roles should normally grant privileges over the restricted indices. Toggling this flag is very strongly discouraged because it could effectively grant unrestricted operations on critical data, making the entire system unstable or leaking sensitive information. If for administrative purposes you need to create a role with privileges covering restricted indices, however, you can set this property to true. In that case, the names field will cover the restricted indices too.
                                   type: boolean
                                 clusters:
                                   items:
-                                    description: >-
-                                      A list of remote cluster aliases. It
-                                      supports literal strings as well as
-                                      wildcards and regular expressions.
+                                    description: A list of remote cluster aliases. It supports literal strings as well as wildcards and regular expressions.
                                     type: string
                                   minItems: 1
                                   type: array
                                 field_security:
                                   additionalProperties:
                                     items:
-                                      description: >-
-                                        The document fields that the role
-                                        members have read access to.
+                                      description: The document fields that the role members have read access to.
                                       type: string
                                     type: array
                                   type: object
                                 names:
                                   items:
-                                    description: >-
-                                      A list of remote aliases, data streams, or
-                                      indices to which the permissions apply. It
-                                      supports wildcards (*).
+                                    description: A list of remote aliases, data streams, or indices to which the permissions apply. It supports wildcards (*).
                                     type: string
                                   minItems: 1
                                   type: array
                                 privileges:
                                   items:
-                                    description: >-
-                                      The index level privileges that role
-                                      members have for the specified indices.
+                                    description: The index level privileges that role members have for the specified indices.
                                     type: string
                                   minItems: 1
                                   type: array
                                 query:
-                                  description: >-
-                                    A search query that defines the documents
-                                    the role members have read access to. A
-                                    document within the specified data streams
-                                    and indices must match this query in order
-                                    for it to be accessible by the role
-                                    members. 
+                                  description: 'A search query that defines the documents the role members have read access to. A document within the specified data streams and indices must match this query in order for it to be accessible by the role members. '
                                   type: string
                               required:
                                 - clusters
@@ -34807,9 +33150,7 @@ paths:
                             type: array
                           run_as:
                             items:
-                              description: >-
-                                A user name that the role member can
-                                impersonate.
+                              description: A user name that the role member can impersonate.
                               type: string
                             type: array
                       kibana:
@@ -34828,23 +33169,17 @@ paths:
                               nullable: true
                               oneOf:
                                 - items:
-                                    description: >-
-                                      A base privilege that grants applies to
-                                      all spaces.
+                                    description: A base privilege that grants applies to all spaces.
                                     type: string
                                   type: array
                                 - items:
-                                    description: >-
-                                      A base privilege that applies to specific
-                                      spaces.
+                                    description: A base privilege that applies to specific spaces.
                                     type: string
                                   type: array
                             feature:
                               additionalProperties:
                                 items:
-                                  description: >-
-                                    The privileges that the role member has for
-                                    the feature.
+                                  description: The privileges that the role member has for the feature.
                                   type: string
                                 type: array
                               type: object
@@ -34880,6 +33215,7 @@ paths:
       summary: Create or update roles
       tags:
         - roles
+      x-beta: true
   /api/spaces/space:
     get:
       operationId: get-spaces-space
@@ -34892,9 +33228,7 @@ paths:
             enum:
               - '2023-10-31'
             type: string
-        - description: >-
-            Specifies which authorization checks are applied to the API call.
-            The default value is `any`.
+        - description: Specifies which authorization checks are applied to the API call. The default value is `any`.
           in: query
           name: purpose
           required: false
@@ -34904,14 +33238,7 @@ paths:
               - copySavedObjectsIntoSpace
               - shareSavedObjectsIntoSpace
             type: string
-        - description: >-
-            When enabled, the API returns any spaces that the user is authorized
-            to access in any capacity and each space will contain the purposes
-            for which the user is authorized. This can be useful to determine
-            which spaces a user can read but not take a specific action in. If
-            the security plugin is not enabled, this parameter has no effect,
-            since no authorization checks take place. This parameter cannot be
-            used in with the `purpose` parameter.
+        - description: When enabled, the API returns any spaces that the user is authorized to access in any capacity and each space will contain the purposes for which the user is authorized. This can be useful to determine which spaces a user can read but not take a specific action in. If the security plugin is not enabled, this parameter has no effect, since no authorization checks take place. This parameter cannot be used in with the `purpose` parameter.
           in: query
           name: include_authorized_purposes
           required: true
@@ -34934,9 +33261,17 @@ paths:
       responses:
         '200':
           description: Indicates a successful call.
+          content:
+            application/json; Elastic-Api-Version=2023-10-31:
+              examples:
+                getSpacesResponseExample1:
+                  $ref: '#/components/examples/get_spaces_response1'
+                getSpacesResponseExample2:
+                  $ref: '#/components/examples/get_spaces_response2'
       summary: Get all spaces
       tags:
         - spaces
+      x-beta: true
     post:
       operationId: post-spaces-space
       parameters:
@@ -34965,10 +33300,7 @@ paths:
                 _reserved:
                   type: boolean
                 color:
-                  description: >-
-                    The hexadecimal color code used in the space avatar. By
-                    default, the color is automatically generated from the space
-                    name.
+                  description: The hexadecimal color code used in the space avatar. By default, the color is automatically generated from the space name.
                   type: string
                 description:
                   description: A description for the space.
@@ -34980,26 +33312,13 @@ paths:
                     type: string
                   type: array
                 id:
-                  description: >-
-                    The space ID that is part of the Kibana URL when inside the
-                    space. Space IDs are limited to lowercase alphanumeric,
-                    underscore, and hyphen characters (a-z, 0-9, _, and -). You
-                    are cannot change the ID with the update operation.
+                  description: The space ID that is part of the Kibana URL when inside the space. Space IDs are limited to lowercase alphanumeric, underscore, and hyphen characters (a-z, 0-9, _, and -). You are cannot change the ID with the update operation.
                   type: string
                 imageUrl:
-                  description: >-
-                    The data-URL encoded image to display in the space avatar.
-                    If specified, initials will not be displayed and the color
-                    will be visible as the background color for transparent
-                    images. For best results, your image should be 64x64. Images
-                    will not be optimized by this API call, so care should be
-                    taken when using custom images.
+                  description: The data-URL encoded image to display in the space avatar. If specified, initials will not be displayed and the color will be visible as the background color for transparent images. For best results, your image should be 64x64. Images will not be optimized by this API call, so care should be taken when using custom images.
                   type: string
                 initials:
-                  description: >-
-                    One or two characters that are shown in the space avatar. By
-                    default, the initials are automatically generated from the
-                    space name.
+                  description: One or two characters that are shown in the space avatar. By default, the initials are automatically generated from the space name.
                   maxLength: 2
                   type: string
                 name:
@@ -35009,17 +33328,19 @@ paths:
               required:
                 - id
                 - name
+            examples:
+              createSpaceRequest:
+                $ref: '#/components/examples/create_space_request'
       responses:
         '200':
           description: Indicates a successful call.
       summary: Create a space
       tags:
         - spaces
+      x-beta: true
   /api/spaces/space/{id}:
     delete:
-      description: >-
-        When you delete a space, all saved objects that belong to the space are
-        automatically deleted, which is permanent and cannot be undone.
+      description: When you delete a space, all saved objects that belong to the space are automatically deleted, which is permanent and cannot be undone.
       operationId: delete-spaces-space-id
       parameters:
         - description: The version of the API to use
@@ -35051,6 +33372,7 @@ paths:
       summary: Delete a space
       tags:
         - spaces
+      x-beta: true
     get:
       operationId: get-spaces-space-id
       parameters:
@@ -35071,9 +33393,15 @@ paths:
       responses:
         '200':
           description: Indicates a successful call.
+          content:
+            application/json; Elastic-Api-Version=2023-10-31:
+              examples:
+                getSpaceResponseExample:
+                  $ref: '#/components/examples/get_space_response'
       summary: Get a space
       tags:
         - spaces
+      x-beta: true
     put:
       operationId: put-spaces-space-id
       parameters:
@@ -35092,9 +33420,7 @@ paths:
           schema:
             example: 'true'
             type: string
-        - description: >-
-            The space identifier. You are unable to change the ID with the
-            update operation.
+        - description: The space identifier. You are unable to change the ID with the update operation.
           in: path
           name: id
           required: true
@@ -35110,10 +33436,7 @@ paths:
                 _reserved:
                   type: boolean
                 color:
-                  description: >-
-                    The hexadecimal color code used in the space avatar. By
-                    default, the color is automatically generated from the space
-                    name.
+                  description: The hexadecimal color code used in the space avatar. By default, the color is automatically generated from the space name.
                   type: string
                 description:
                   description: A description for the space.
@@ -35125,26 +33448,13 @@ paths:
                     type: string
                   type: array
                 id:
-                  description: >-
-                    The space ID that is part of the Kibana URL when inside the
-                    space. Space IDs are limited to lowercase alphanumeric,
-                    underscore, and hyphen characters (a-z, 0-9, _, and -). You
-                    are cannot change the ID with the update operation.
+                  description: The space ID that is part of the Kibana URL when inside the space. Space IDs are limited to lowercase alphanumeric, underscore, and hyphen characters (a-z, 0-9, _, and -). You are cannot change the ID with the update operation.
                   type: string
                 imageUrl:
-                  description: >-
-                    The data-URL encoded image to display in the space avatar.
-                    If specified, initials will not be displayed and the color
-                    will be visible as the background color for transparent
-                    images. For best results, your image should be 64x64. Images
-                    will not be optimized by this API call, so care should be
-                    taken when using custom images.
+                  description: The data-URL encoded image to display in the space avatar. If specified, initials will not be displayed and the color will be visible as the background color for transparent images. For best results, your image should be 64x64. Images will not be optimized by this API call, so care should be taken when using custom images.
                   type: string
                 initials:
-                  description: >-
-                    One or two characters that are shown in the space avatar. By
-                    default, the initials are automatically generated from the
-                    space name.
+                  description: One or two characters that are shown in the space avatar. By default, the initials are automatically generated from the space name.
                   maxLength: 2
                   type: string
                 name:
@@ -35154,12 +33464,16 @@ paths:
               required:
                 - id
                 - name
+            examples:
+              updateSpaceRequest:
+                $ref: '#/components/examples/update_space_request'
       responses:
         '200':
           description: Indicates a successful call.
       summary: Update a space
       tags:
         - spaces
+      x-beta: true
   /api/status:
     get:
       operationId: get-status
@@ -35191,11 +33505,8 @@ paths:
               schema:
                 anyOf:
                   - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response'
-                  - $ref: >-
-                      #/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse
-                description: >-
-                  Kibana's operational status. A minimal response is sent for
-                  unauthorized users.
+                  - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse'
+                description: Kibana's operational status. A minimal response is sent for unauthorized users.
           description: Overall status is OK and Kibana should be functioning normally.
         '503':
           content:
@@ -35203,17 +33514,13 @@ paths:
               schema:
                 anyOf:
                   - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response'
-                  - $ref: >-
-                      #/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse
-                description: >-
-                  Kibana's operational status. A minimal response is sent for
-                  unauthorized users.
-          description: >-
-            Kibana or some of it's essential services are unavailable. Kibana
-            may be degraded or unavailable.
+                  - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse'
+                description: Kibana's operational status. A minimal response is sent for unauthorized users.
+          description: Kibana or some of it's essential services are unavailable. Kibana may be degraded or unavailable.
       summary: Get Kibana's current status
       tags:
         - system
+      x-beta: true
   /api/timeline:
     delete:
       description: Delete one or more Timelines or Timeline templates.
@@ -35229,9 +33536,7 @@ paths:
                     type: string
                   type: array
                 searchIds:
-                  description: >-
-                    Saved search ids that should be deleted alongside the
-                    timelines
+                  description: Saved search ids that should be deleted alongside the timelines
                   items:
                     type: string
                   type: array
@@ -35259,7 +33564,7 @@ paths:
       summary: Delete Timelines or Timeline templates
       tags:
         - Security Timeline API
-        - access:securitySolution
+      x-beta: true
     get:
       description: Get the details of an existing saved Timeline or Timeline template.
       operationId: GetTimeline
@@ -35286,8 +33591,7 @@ paths:
                         type: object
                         properties:
                           getOneTimeline:
-                            $ref: >-
-                              #/components/schemas/Security_Timeline_API_TimelineResponse
+                            $ref: '#/components/schemas/Security_Timeline_API_TimelineResponse'
                         required:
                           - getOneTimeline
                     required:
@@ -35298,12 +33602,9 @@ paths:
       summary: Get Timeline or Timeline template details
       tags:
         - Security Timeline API
-        - access:securitySolution
+      x-beta: true
     patch:
-      description: >-
-        Update an existing Timeline. You can update the title, description, date
-        range, pinned events, pinned queries, and/or pinned saved queries of an
-        existing Timeline.
+      description: Update an existing Timeline. You can update the title, description, date range, pinned events, pinned queries, and/or pinned saved queries of an existing Timeline.
       operationId: PatchTimeline
       requestBody:
         content:
@@ -35330,12 +33631,8 @@ paths:
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Timeline_API_PersistTimelineResponse
-          description: >-
-            Indicates that the draft Timeline was successfully created. In the
-            event the user already has a draft Timeline, the existing draft
-            Timeline is cleared and returned.
+                $ref: '#/components/schemas/Security_Timeline_API_PersistTimelineResponse'
+          description: Indicates that the draft Timeline was successfully created. In the event the user already has a draft Timeline, the existing draft Timeline is cleared and returned.
         '405':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
@@ -35346,13 +33643,11 @@ paths:
                     type: string
                   statusCode:
                     type: number
-          description: >-
-            Indicates that the user does not have the required access to create
-            a draft Timeline.
+          description: Indicates that the user does not have the required access to create a draft Timeline.
       summary: Update a Timeline
       tags:
         - Security Timeline API
-        - access:securitySolution
+      x-beta: true
     post:
       description: Create a new Timeline or Timeline template.
       operationId: CreateTimelines
@@ -35384,17 +33679,14 @@ paths:
                   type: string
               required:
                 - timeline
-        description: >-
-          The required Timeline fields used to create a new Timeline, along with
-          optional fields that will be created if not provided.
+        description: The required Timeline fields used to create a new Timeline, along with optional fields that will be created if not provided.
         required: true
       responses:
         '200':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Timeline_API_PersistTimelineResponse
+                $ref: '#/components/schemas/Security_Timeline_API_PersistTimelineResponse'
           description: Indicates the Timeline was successfully created.
         '405':
           content:
@@ -35410,7 +33702,7 @@ paths:
       summary: Create a Timeline or Timeline template
       tags:
         - Security Timeline API
-        - access:securitySolution
+      x-beta: true
   /api/timeline/_copy:
     get:
       description: |
@@ -35435,19 +33727,15 @@ paths:
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Timeline_API_PersistTimelineResponse
+                $ref: '#/components/schemas/Security_Timeline_API_PersistTimelineResponse'
           description: Indicates that the timeline has been successfully copied.
       summary: Copies timeline or timeline template
       tags:
         - Security Timeline API
-        - access:securitySolution
+      x-beta: true
   /api/timeline/_draft:
     get:
-      description: >-
-        Get the details of the draft Timeline  or Timeline template for the
-        current user. If the user doesn't have a draft Timeline, an empty
-        Timeline is returned.
+      description: Get the details of the draft Timeline  or Timeline template for the current user. If the user doesn't have a draft Timeline, an empty Timeline is returned.
       operationId: GetDraftTimelines
       parameters:
         - in: query
@@ -35460,8 +33748,7 @@ paths:
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Timeline_API_PersistTimelineResponse
+                $ref: '#/components/schemas/Security_Timeline_API_PersistTimelineResponse'
           description: Indicates that the draft Timeline was successfully retrieved.
         '403':
           content:
@@ -35473,10 +33760,7 @@ paths:
                     type: string
                   status_code:
                     type: number
-          description: >-
-            If a draft Timeline was not found and we attempted to create one, it
-            indicates that the user does not have the required permissions to
-            create a draft Timeline.
+          description: If a draft Timeline was not found and we attempted to create one, it indicates that the user does not have the required permissions to create a draft Timeline.
         '409':
           content:
             application:json; Elastic-Api-Version=2023-10-31:
@@ -35487,22 +33771,16 @@ paths:
                     type: string
                   status_code:
                     type: number
-          description: >-
-            This should never happen, but if a draft Timeline was not found and
-            we attempted to create one, it indicates that there is already a
-            draft Timeline with the given `timelineId`.
+          description: This should never happen, but if a draft Timeline was not found and we attempted to create one, it indicates that there is already a draft Timeline with the given `timelineId`.
       summary: Get draft Timeline or Timeline template details
       tags:
         - Security Timeline API
-        - access:securitySolution
+      x-beta: true
     post:
-      description: >
+      description: |
         Create a clean draft Timeline or Timeline template for the current user.
-
         > info
-
-        > If the user already has a draft Timeline, the existing draft Timeline
-        is cleared and returned.
+        > If the user already has a draft Timeline, the existing draft Timeline is cleared and returned.
       operationId: CleanDraftTimelines
       requestBody:
         content:
@@ -35514,21 +33792,15 @@ paths:
                   $ref: '#/components/schemas/Security_Timeline_API_TimelineType'
               required:
                 - timelineType
-        description: >-
-          The type of Timeline to create. Valid values are `default` and
-          `template`.
+        description: The type of Timeline to create. Valid values are `default` and `template`.
         required: true
       responses:
         '200':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Timeline_API_PersistTimelineResponse
-          description: >-
-            Indicates that the draft Timeline was successfully created. In the
-            event the user already has a draft Timeline, the existing draft
-            Timeline is cleared and returned.
+                $ref: '#/components/schemas/Security_Timeline_API_PersistTimelineResponse'
+          description: Indicates that the draft Timeline was successfully created. In the event the user already has a draft Timeline, the existing draft Timeline is cleared and returned.
         '403':
           content:
             application:json; Elastic-Api-Version=2023-10-31:
@@ -35539,9 +33811,7 @@ paths:
                     type: string
                   status_code:
                     type: number
-          description: >-
-            Indicates that the user does not have the required permissions to
-            create a draft Timeline.
+          description: Indicates that the user does not have the required permissions to create a draft Timeline.
         '409':
           content:
             application:json; Elastic-Api-Version=2023-10-31:
@@ -35552,13 +33822,11 @@ paths:
                     type: string
                   status_code:
                     type: number
-          description: >-
-            Indicates that there is already a draft Timeline with the given
-            `timelineId`.
+          description: Indicates that there is already a draft Timeline with the given `timelineId`.
       summary: Create a clean draft Timeline or Timeline template
       tags:
         - Security Timeline API
-        - access:securitySolution
+      x-beta: true
   /api/timeline/_export:
     post:
       description: Export Timelines as an NDJSON file.
@@ -35605,7 +33873,7 @@ paths:
       summary: Export Timelines
       tags:
         - Security Timeline API
-        - access:securitySolution
+      x-beta: true
   /api/timeline/_favorite:
     patch:
       description: Favorite a Timeline or Timeline template for the current user.
@@ -35646,8 +33914,7 @@ paths:
                     type: object
                     properties:
                       persistFavorite:
-                        $ref: >-
-                          #/components/schemas/Security_Timeline_API_FavoriteTimelineResponse
+                        $ref: '#/components/schemas/Security_Timeline_API_FavoriteTimelineResponse'
                     required:
                       - persistFavorite
                 required:
@@ -35663,13 +33930,11 @@ paths:
                     type: string
                   statusCode:
                     type: number
-          description: >-
-            Indicates the user does not have the required permissions to persist
-            the favorite status.
+          description: Indicates the user does not have the required permissions to persist the favorite status.
       summary: Favorite a Timeline or Timeline template
       tags:
         - Security Timeline API
-        - access:securitySolution
+      x-beta: true
   /api/timeline/_import:
     post:
       description: Import Timelines.
@@ -35695,8 +33960,7 @@ paths:
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Timeline_API_ImportTimelineResult
+                $ref: '#/components/schemas/Security_Timeline_API_ImportTimelineResult'
           description: Indicates the import of Timelines was successful.
         '400':
           content:
@@ -35710,9 +33974,7 @@ paths:
                     type: string
                   statusCode:
                     type: number
-          description: >-
-            Indicates the import of Timelines was unsuccessful because of an
-            invalid file extension.
+          description: Indicates the import of Timelines was unsuccessful because of an invalid file extension.
         '404':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
@@ -35723,9 +33985,7 @@ paths:
                     type: string
                   statusCode:
                     type: number
-          description: >-
-            Indicates that we were unable to locate the saved object client
-            necessary to handle the import.
+          description: Indicates that we were unable to locate the saved object client necessary to handle the import.
         '409':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
@@ -35742,7 +34002,7 @@ paths:
       summary: Import Timelines
       tags:
         - Security Timeline API
-        - access:securitySolution
+      x-beta: true
   /api/timeline/_prepackaged:
     post:
       description: Install or update prepackaged Timelines.
@@ -35755,8 +34015,7 @@ paths:
               properties:
                 prepackagedTimelines:
                   items:
-                    $ref: >-
-                      #/components/schemas/Security_Timeline_API_TimelineSavedToReturnObject
+                    $ref: '#/components/schemas/Security_Timeline_API_TimelineSavedToReturnObject'
                     nullable: true
                   type: array
                 timelinesToInstall:
@@ -35780,8 +34039,7 @@ paths:
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Timeline_API_ImportTimelineResult
+                $ref: '#/components/schemas/Security_Timeline_API_ImportTimelineResult'
           description: Indicates the installation of prepackaged Timelines was successful.
         '500':
           content:
@@ -35793,13 +34051,11 @@ paths:
                     type: string
                   statusCode:
                     type: number
-          description: >-
-            Indicates the installation of prepackaged Timelines was
-            unsuccessful.
+          description: Indicates the installation of prepackaged Timelines was unsuccessful.
       summary: Install prepackaged Timelines
       tags:
         - Security Timeline API
-        - access:securitySolution
+      x-beta: true
   /api/timeline/resolve:
     get:
       operationId: ResolveTimeline
@@ -35823,8 +34079,7 @@ paths:
                   - type: object
                     properties:
                       data:
-                        $ref: >-
-                          #/components/schemas/Security_Timeline_API_ResolvedTimeline
+                        $ref: '#/components/schemas/Security_Timeline_API_ResolvedTimeline'
                     required:
                       - data
                   - additionalProperties: false
@@ -35837,15 +34092,13 @@ paths:
       summary: Get an existing saved Timeline or Timeline template
       tags:
         - Security Timeline API
-        - access:securitySolution
+      x-beta: true
   /api/timelines:
     get:
       description: Get a list of all saved Timelines or Timeline templates.
       operationId: GetTimelines
       parameters:
-        - description: >-
-            If true, only timelines that are marked as favorites by the user are
-            returned.
+        - description: If true, only timelines that are marked as favorites by the user are returned.
           in: query
           name: only_user_favorite
           schema:
@@ -35909,8 +34162,7 @@ paths:
                     type: number
                   timeline:
                     items:
-                      $ref: >-
-                        #/components/schemas/Security_Timeline_API_TimelineResponse
+                      $ref: '#/components/schemas/Security_Timeline_API_TimelineResponse'
                     type: array
                   totalCount:
                     type: number
@@ -35932,12 +34184,11 @@ paths:
       summary: Get Timelines or Timeline templates
       tags:
         - Security Timeline API
-        - access:securitySolution
+      x-beta: true
   /s/{spaceId}/api/observability/slos:
     get:
-      description: >
-        You must have the `read` privileges for the **SLOs** feature in the
-        **Observability** section of the Kibana feature privileges.
+      description: |
+        You must have the `read` privileges for the **SLOs** feature in the **Observability** section of the Kibana feature privileges.
       operationId: findSlosOp
       parameters:
         - $ref: '#/components/parameters/SLOs_kbn_xsrf'
@@ -35985,9 +34236,7 @@ paths:
               - asc
               - desc
             type: string
-        - description: >-
-            Hide stale SLOs from the list as defined by stale SLO threshold in
-            SLO settings
+        - description: Hide stale SLOs from the list as defined by stale SLO threshold in SLO settings
           in: query
           name: hideStale
           schema:
@@ -36026,10 +34275,10 @@ paths:
       summary: Get a paginated list of SLOs
       tags:
         - slo
+      x-beta: true
     post:
-      description: >
-        You must have `all` privileges for the **SLOs** feature in the
-        **Observability** section of the Kibana feature privileges.
+      description: |
+        You must have `all` privileges for the **SLOs** feature in the **Observability** section of the Kibana feature privileges.
       operationId: createSloOp
       parameters:
         - $ref: '#/components/parameters/SLOs_kbn_xsrf'
@@ -36076,12 +34325,11 @@ paths:
       summary: Create an SLO
       tags:
         - slo
+      x-beta: true
   /s/{spaceId}/api/observability/slos/_delete_instances:
     post:
-      description: >
-        The deletion occurs for the specified list of `sloId` and `instanceId`.
-        You must have `all` privileges for the **SLOs** feature in the
-        **Observability** section of the Kibana feature privileges.
+      description: |
+        The deletion occurs for the specified list of `sloId` and `instanceId`. You must have `all` privileges for the **SLOs** feature in the **Observability** section of the Kibana feature privileges.
       operationId: deleteSloInstancesOp
       parameters:
         - $ref: '#/components/parameters/SLOs_kbn_xsrf'
@@ -36118,11 +34366,11 @@ paths:
       summary: Batch delete rollup and summary data
       tags:
         - slo
+      x-beta: true
   /s/{spaceId}/api/observability/slos/{sloId}:
     delete:
-      description: >
-        You must have the `write` privileges for the **SLOs** feature in the
-        **Observability** section of the Kibana feature privileges.
+      description: |
+        You must have the `write` privileges for the **SLOs** feature in the **Observability** section of the Kibana feature privileges.
       operationId: deleteSloOp
       parameters:
         - $ref: '#/components/parameters/SLOs_kbn_xsrf'
@@ -36158,10 +34406,10 @@ paths:
       summary: Delete an SLO
       tags:
         - slo
+      x-beta: true
     get:
-      description: >
-        You must have the `read` privileges for the **SLOs** feature in the
-        **Observability** section of the Kibana feature privileges.
+      description: |
+        You must have the `read` privileges for the **SLOs** feature in the **Observability** section of the Kibana feature privileges.
       operationId: getSloOp
       parameters:
         - $ref: '#/components/parameters/SLOs_kbn_xsrf'
@@ -36207,10 +34455,10 @@ paths:
       summary: Get an SLO
       tags:
         - slo
+      x-beta: true
     put:
-      description: >
-        You must have the `write` privileges for the **SLOs** feature in the
-        **Observability** section of the Kibana feature privileges.
+      description: |
+        You must have the `write` privileges for the **SLOs** feature in the **Observability** section of the Kibana feature privileges.
       operationId: updateSloOp
       parameters:
         - $ref: '#/components/parameters/SLOs_kbn_xsrf'
@@ -36256,18 +34504,18 @@ paths:
       summary: Update an SLO
       tags:
         - slo
+      x-beta: true
   /s/{spaceId}/api/observability/slos/{sloId}/_reset:
     post:
-      description: >
-        You must have the `write` privileges for the **SLOs** feature in the
-        **Observability** section of the Kibana feature privileges.
+      description: |
+        You must have the `write` privileges for the **SLOs** feature in the **Observability** section of the Kibana feature privileges.
       operationId: resetSloOp
       parameters:
         - $ref: '#/components/parameters/SLOs_kbn_xsrf'
         - $ref: '#/components/parameters/SLOs_space_id'
         - $ref: '#/components/parameters/SLOs_slo_id'
       responses:
-        '204':
+        '200':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
@@ -36300,18 +34548,18 @@ paths:
       summary: Reset an SLO
       tags:
         - slo
+      x-beta: true
   /s/{spaceId}/api/observability/slos/{sloId}/disable:
     post:
-      description: >
-        You must have the `write` privileges for the **SLOs** feature in the
-        **Observability** section of the Kibana feature privileges.
+      description: |
+        You must have the `write` privileges for the **SLOs** feature in the **Observability** section of the Kibana feature privileges.
       operationId: disableSloOp
       parameters:
         - $ref: '#/components/parameters/SLOs_kbn_xsrf'
         - $ref: '#/components/parameters/SLOs_space_id'
         - $ref: '#/components/parameters/SLOs_slo_id'
       responses:
-        '200':
+        '204':
           description: Successful request
         '400':
           content:
@@ -36340,11 +34588,11 @@ paths:
       summary: Disable an SLO
       tags:
         - slo
+      x-beta: true
   /s/{spaceId}/api/observability/slos/{sloId}/enable:
     post:
-      description: >
-        You must have the `write` privileges for the **SLOs** feature in the
-        **Observability** section of the Kibana feature privileges.
+      description: |
+        You must have the `write` privileges for the **SLOs** feature in the **Observability** section of the Kibana feature privileges.
       operationId: enableSloOp
       parameters:
         - $ref: '#/components/parameters/SLOs_kbn_xsrf'
@@ -36380,6 +34628,7 @@ paths:
       summary: Enable an SLO
       tags:
         - slo
+      x-beta: true
 components:
   examples:
     Data_views_create_data_view_request:
@@ -36402,9 +34651,7 @@ components:
             source: emit(doc["foo"].value)
           type: long
     Data_views_get_data_view_response:
-      summary: >-
-        The get data view API returns a JSON object that contains information
-        about the data view.
+      summary: The get data view API returns a JSON object that contains information about the data view.
       value:
         data_view:
           allowNoIndex: false
@@ -37355,10 +35602,7 @@ components:
       value:
         data_view_id: ff959d40-b880-11e8-a6d9-e546fe2bba5f
     Data_views_get_runtime_field_response:
-      summary: >-
-        The get runtime field API returns a JSON object that contains
-        information about the runtime field (`hour_of_day`) and the data view
-        (`d3d7af60-4c81-11e8-b3d7-01146121b73d`).
+      summary: The get runtime field API returns a JSON object that contains information about the runtime field (`hour_of_day`) and the data view (`d3d7af60-4c81-11e8-b3d7-01146121b73d`).
       value:
         data_view:
           allowNoIndex: false
@@ -37867,9 +36111,7 @@ components:
         data_view_id: ff959d40-b880-11e8-a6d9-e546fe2bba5f
         force: true
     Data_views_swap_data_view_request:
-      summary: >-
-        Swap references from data view ID "abcd-efg" to "xyz-123" and remove the
-        data view that is no longer referenced.
+      summary: Swap references from data view ID "abcd-efg" to "xyz-123" and remove the data view that is no longer referenced.
       value:
         delete: true
         fromId: abcd-efg
@@ -37920,25 +36162,12 @@ components:
           - id: de71f4f0-1902-11e9-919b-ffe5949a18d2
             type: map
     Serverless_saved_objects_export_objects_response:
-      summary: >-
-        The export objects API response contains a JSON record for each exported
-        object.
+      summary: The export objects API response contains a JSON record for each exported object.
       value:
         attributes:
           description: ''
-          layerListJSON: >-
-            [{"id":"0hmz5","alpha":1,"sourceDescriptor":{"type":"EMS_TMS","isAutoSelect":true,"lightModeDefault":"road_map_desaturated"},"visible":true,"style":{},"type":"EMS_VECTOR_TILE","minZoom":0,"maxZoom":24},{"id":"edh66","label":"Total
-            Requests by
-            Destination","minZoom":0,"maxZoom":24,"alpha":0.5,"sourceDescriptor":{"type":"EMS_FILE","id":"world_countries","tooltipProperties":["name","iso2"]},"visible":true,"style":{"type":"VECTOR","properties":{"fillColor":{"type":"DYNAMIC","options":{"field":{"name":"__kbnjoin__count__673ff994-fc75-4c67-909b-69fcb0e1060e","origin":"join"},"color":"Greys","fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"lineColor":{"type":"STATIC","options":{"color":"#FFFFFF"}},"lineWidth":{"type":"STATIC","options":{"size":1}},"iconSize":{"type":"STATIC","options":{"size":10}},"symbolizeAs":{"options":{"value":"circle"}},"icon":{"type":"STATIC","options":{"value":"marker"}}}},"type":"GEOJSON_VECTOR","joins":[{"leftField":"iso2","right":{"type":"ES_TERM_SOURCE","id":"673ff994-fc75-4c67-909b-69fcb0e1060e","indexPatternTitle":"kibana_sample_data_logs","term":"geo.dest","indexPatternRefName":"layer_1_join_0_index_pattern","metrics":[{"type":"count","label":"web
-            logs
-            count"}],"applyGlobalQuery":true}}]},{"id":"gaxya","label":"Actual
-            Requests","minZoom":9,"maxZoom":24,"alpha":1,"sourceDescriptor":{"id":"b7486535-171b-4d3b-bb2e-33c1a0a2854c","type":"ES_SEARCH","geoField":"geo.coordinates","limit":2048,"filterByMapBounds":true,"tooltipProperties":["clientip","timestamp","host","request","response","machine.os","agent","bytes"],"indexPatternRefName":"layer_2_source_index_pattern","applyGlobalQuery":true,"scalingType":"LIMIT"},"visible":true,"style":{"type":"VECTOR","properties":{"fillColor":{"type":"STATIC","options":{"color":"#2200ff"}},"lineColor":{"type":"STATIC","options":{"color":"#FFFFFF"}},"lineWidth":{"type":"STATIC","options":{"size":2}},"iconSize":{"type":"DYNAMIC","options":{"field":{"name":"bytes","origin":"source"},"minSize":1,"maxSize":23,"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"symbolizeAs":{"options":{"value":"circle"}},"icon":{"type":"STATIC","options":{"value":"marker"}}}},"type":"GEOJSON_VECTOR"},{"id":"tfi3f","label":"Total
-            Requests and
-            Bytes","minZoom":0,"maxZoom":9,"alpha":1,"sourceDescriptor":{"type":"ES_GEO_GRID","resolution":"COARSE","id":"8aaa65b5-a4e9-448b-9560-c98cb1c5ac5b","geoField":"geo.coordinates","requestType":"point","metrics":[{"type":"count","label":"web
-            logs
-            count"},{"type":"sum","field":"bytes"}],"indexPatternRefName":"layer_3_source_index_pattern","applyGlobalQuery":true},"visible":true,"style":{"type":"VECTOR","properties":{"fillColor":{"type":"DYNAMIC","options":{"field":{"name":"doc_count","origin":"source"},"color":"Blues","fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"lineColor":{"type":"STATIC","options":{"color":"#cccccc"}},"lineWidth":{"type":"STATIC","options":{"size":1}},"iconSize":{"type":"DYNAMIC","options":{"field":{"name":"sum_of_bytes","origin":"source"},"minSize":7,"maxSize":25,"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"labelText":{"type":"DYNAMIC","options":{"field":{"name":"doc_count","origin":"source"},"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"labelSize":{"type":"DYNAMIC","options":{"field":{"name":"doc_count","origin":"source"},"minSize":12,"maxSize":24,"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"symbolizeAs":{"options":{"value":"circle"}},"icon":{"type":"STATIC","options":{"value":"marker"}}}},"type":"GEOJSON_VECTOR"}]
-          mapStateJSON: >-
-            {"zoom":3.64,"center":{"lon":-88.92107,"lat":42.16337},"timeFilters":{"from":"now-7d","to":"now"},"refreshConfig":{"isPaused":true,"interval":0},"query":{"language":"kuery","query":""},"settings":{"autoFitToDataBounds":false}}
+          layerListJSON: '[{"id":"0hmz5","alpha":1,"sourceDescriptor":{"type":"EMS_TMS","isAutoSelect":true,"lightModeDefault":"road_map_desaturated"},"visible":true,"style":{},"type":"EMS_VECTOR_TILE","minZoom":0,"maxZoom":24},{"id":"edh66","label":"Total Requests by Destination","minZoom":0,"maxZoom":24,"alpha":0.5,"sourceDescriptor":{"type":"EMS_FILE","id":"world_countries","tooltipProperties":["name","iso2"]},"visible":true,"style":{"type":"VECTOR","properties":{"fillColor":{"type":"DYNAMIC","options":{"field":{"name":"__kbnjoin__count__673ff994-fc75-4c67-909b-69fcb0e1060e","origin":"join"},"color":"Greys","fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"lineColor":{"type":"STATIC","options":{"color":"#FFFFFF"}},"lineWidth":{"type":"STATIC","options":{"size":1}},"iconSize":{"type":"STATIC","options":{"size":10}},"symbolizeAs":{"options":{"value":"circle"}},"icon":{"type":"STATIC","options":{"value":"marker"}}}},"type":"GEOJSON_VECTOR","joins":[{"leftField":"iso2","right":{"type":"ES_TERM_SOURCE","id":"673ff994-fc75-4c67-909b-69fcb0e1060e","indexPatternTitle":"kibana_sample_data_logs","term":"geo.dest","indexPatternRefName":"layer_1_join_0_index_pattern","metrics":[{"type":"count","label":"web logs count"}],"applyGlobalQuery":true}}]},{"id":"gaxya","label":"Actual Requests","minZoom":9,"maxZoom":24,"alpha":1,"sourceDescriptor":{"id":"b7486535-171b-4d3b-bb2e-33c1a0a2854c","type":"ES_SEARCH","geoField":"geo.coordinates","limit":2048,"filterByMapBounds":true,"tooltipProperties":["clientip","timestamp","host","request","response","machine.os","agent","bytes"],"indexPatternRefName":"layer_2_source_index_pattern","applyGlobalQuery":true,"scalingType":"LIMIT"},"visible":true,"style":{"type":"VECTOR","properties":{"fillColor":{"type":"STATIC","options":{"color":"#2200ff"}},"lineColor":{"type":"STATIC","options":{"color":"#FFFFFF"}},"lineWidth":{"type":"STATIC","options":{"size":2}},"iconSize":{"type":"DYNAMIC","options":{"field":{"name":"bytes","origin":"source"},"minSize":1,"maxSize":23,"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"symbolizeAs":{"options":{"value":"circle"}},"icon":{"type":"STATIC","options":{"value":"marker"}}}},"type":"GEOJSON_VECTOR"},{"id":"tfi3f","label":"Total Requests and Bytes","minZoom":0,"maxZoom":9,"alpha":1,"sourceDescriptor":{"type":"ES_GEO_GRID","resolution":"COARSE","id":"8aaa65b5-a4e9-448b-9560-c98cb1c5ac5b","geoField":"geo.coordinates","requestType":"point","metrics":[{"type":"count","label":"web logs count"},{"type":"sum","field":"bytes"}],"indexPatternRefName":"layer_3_source_index_pattern","applyGlobalQuery":true},"visible":true,"style":{"type":"VECTOR","properties":{"fillColor":{"type":"DYNAMIC","options":{"field":{"name":"doc_count","origin":"source"},"color":"Blues","fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"lineColor":{"type":"STATIC","options":{"color":"#cccccc"}},"lineWidth":{"type":"STATIC","options":{"size":1}},"iconSize":{"type":"DYNAMIC","options":{"field":{"name":"sum_of_bytes","origin":"source"},"minSize":7,"maxSize":25,"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"labelText":{"type":"DYNAMIC","options":{"field":{"name":"doc_count","origin":"source"},"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"labelSize":{"type":"DYNAMIC","options":{"field":{"name":"doc_count","origin":"source"},"minSize":12,"maxSize":24,"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"symbolizeAs":{"options":{"value":"circle"}},"icon":{"type":"STATIC","options":{"value":"marker"}}}},"type":"GEOJSON_VECTOR"}]'
+          mapStateJSON: '{"zoom":3.64,"center":{"lon":-88.92107,"lat":42.16337},"timeFilters":{"from":"now-7d","to":"now"},"refreshConfig":{"isPaused":true,"interval":0},"query":{"language":"kuery","query":""},"settings":{"autoFitToDataBounds":false}}'
           title: '[Logs] Total Requests and Bytes'
           uiStateJSON: '{"isDarkMode":false}'
         coreMigrationVersion: 8.8.0
@@ -37963,10 +36192,7 @@ components:
       value:
         file: file.ndjson
     Serverless_saved_objects_import_objects_response:
-      summary: >-
-        The import objects API response indicates a successful import and the
-        objects are created. Since these objects are created as new copies, each
-        entry in the successResults array includes a destinationId attribute.
+      summary: The import objects API response indicates a successful import and the objects are created. Since these objects are created as new copies, each entry in the successResults array includes a destinationId attribute.
       value:
         success: true
         successCount: 1
@@ -37978,6 +36204,1191 @@ components:
               icon: indexPatternApp
               title: Kibana Sample Data Logs
             type: index-pattern
+    get_connector_types_generativeai_response:
+      summary: A list of connector types for the `generativeAI` feature.
+      value:
+        - id: .gen-ai
+          name: OpenAI
+          enabled: true
+          enabled_in_config: true
+          enabled_in_license: true
+          minimum_license_required: enterprise
+          supported_feature_ids:
+            - generativeAIForSecurity
+            - generativeAIForObservability
+            - generativeAIForSearchPlayground
+          is_system_action_type: false
+        - id: .bedrock
+          name: AWS Bedrock
+          enabled: true
+          enabled_in_config: true
+          enabled_in_license: true
+          minimum_license_required: enterprise
+          supported_feature_ids:
+            - generativeAIForSecurity
+            - generativeAIForObservability
+            - generativeAIForSearchPlayground
+          is_system_action_type: false
+        - id: .gemini
+          name: Google Gemini
+          enabled: true
+          enabled_in_config: true
+          enabled_in_license: true
+          minimum_license_required: enterprise
+          supported_feature_ids:
+            - generativeAIForSecurity
+          is_system_action_type: false
+    get_connector_response:
+      summary: Get connector details.
+      value:
+        id: df770e30-8b8b-11ed-a780-3b746c987a81
+        name: my_server_log_connector
+        config: {}
+        connector_type_id: .server-log
+        is_preconfigured: false
+        is_deprecated: false
+        is_missing_secrets: false
+        is_system_action: false
+    update_index_connector_request:
+      summary: Update an index connector.
+      value:
+        name: updated-connector
+        config:
+          index: updated-index
+    create_email_connector_request:
+      summary: Create an email connector.
+      value:
+        name: email-connector-1
+        connector_type_id: .email
+        config:
+          from: tester@example.com
+          hasAuth: true
+          host: https://example.com
+          port: 1025
+          secure: false
+          service: other
+        secrets:
+          user: username
+          password: password
+    create_index_connector_request:
+      summary: Create an index connector.
+      value:
+        name: my-connector
+        connector_type_id: .index
+        config:
+          index: test-index
+    create_webhook_connector_request:
+      summary: Create a webhook connector with SSL authentication.
+      value:
+        name: my-webhook-connector
+        connector_type_id: .webhook
+        config:
+          method: post
+          url: https://example.com
+          authType: webhook-authentication-ssl
+          certType: ssl-crt-key
+        secrets:
+          crt: QmFnIEF0dH...
+          key: LS0tLS1CRUdJ...
+          password: my-passphrase
+    create_xmatters_connector_request:
+      summary: Create an xMatters connector with URL authentication.
+      value:
+        name: my-xmatters-connector
+        connector_type_id: .xmatters
+        config:
+          usesBasic: false
+        secrets:
+          secretsUrl: https://example.com?apiKey=xxxxx
+    create_email_connector_response:
+      summary: A new email connector.
+      value:
+        id: 90a82c60-478f-11ee-a343-f98a117c727f
+        connector_type_id: .email
+        name: email-connector-1
+        config:
+          from: tester@example.com
+          service: other
+          host: https://example.com
+          port: 1025
+          secure: false
+          hasAuth: true
+          tenantId: null
+          clientId: null
+          oauthTokenUrl: null
+        is_preconfigured: false
+        is_deprecated: false
+        is_missing_secrets: false
+        is_system_action: false
+    create_index_connector_response:
+      summary: A new index connector.
+      value:
+        id: c55b6eb0-6bad-11eb-9f3b-611eebc6c3ad
+        connector_type_id: .index
+        name: my-connector
+        config:
+          index: test-index
+          refresh: false
+          executionTimeField: null
+        is_preconfigured: false
+        is_deprecated: false
+        is_missing_secrets: false
+        is_system_action: false
+    create_webhook_connector_response:
+      summary: A new webhook connector.
+      value:
+        id: 900eb010-3b9d-11ee-a642-8ffbb94e38bd
+        name: my-webhook-connector
+        config:
+          method: post
+          url: https://example.com
+          authType: webhook-authentication-ssl
+          certType: ssl-crt-key
+          verificationMode: full
+          headers: null
+          hasAuth: true
+        connector_type_id: .webhook
+        is_preconfigured: false
+        is_deprecated: false
+        is_missing_secrets: false
+        is_system_action: false
+    run_index_connector_request:
+      summary: Run an index connector.
+      value:
+        params:
+          documents:
+            - id: my_doc_id
+              name: my_doc_name
+              message: hello, world
+    run_jira_connector_request:
+      summary: Run a Jira connector to retrieve the list of issue types.
+      value:
+        params:
+          subAction: issueTypes
+    run_servicenow_itom_connector_request:
+      summary: Run a ServiceNow ITOM connector to retrieve the list of choices.
+      value:
+        params:
+          subAction: getChoices
+          subActionParams:
+            fields:
+              - severity
+              - urgency
+    run_slack_api_connector_request:
+      summary: Run a Slack connector that uses the web API method to post a message on a channel.
+      value:
+        params:
+          subAction: postMessage
+          subActionParams:
+            channelIds:
+              - C123ABC456
+            text: A test message.
+    run_swimlane_connector_request:
+      summary: Run a Swimlane connector to create an incident.
+      value:
+        params:
+          subAction: pushToService
+          subActionParams:
+            comments:
+              - commentId: 1
+                comment: A comment about the incident.
+            incident:
+              caseId: '1000'
+              caseName: Case name
+              description: Description of the incident.
+    run_index_connector_response:
+      summary: Response from running an index connector.
+      value:
+        connector_id: fd38c600-96a5-11ed-bb79-353b74189cba
+        data:
+          errors: false
+          items:
+            - create:
+                _id: 4JtvwYUBrcyxt2NnfW3y
+                _index: my-index
+                _primary_term: 1
+                _seq_no: 0
+                _shards:
+                  failed: 0
+                  successful: 1
+                  total: 2
+                _version: 1
+                result: created
+                status: 201
+          took: 135
+        status: ok
+    run_jira_connector_response:
+      summary: Response from retrieving the list of issue types for a Jira connector.
+      value:
+        connector_id: b3aad810-edbe-11ec-82d1-11348ecbf4a6
+        data:
+          - id: 10024
+            name: Improvement
+          - id: 10006
+            name: Task
+          - id: 10007
+            name: Sub-task
+          - id: 10025
+            name: New Feature
+          - id: 10023
+            name: Bug
+          - id: 10000
+            name: Epic
+        status: ok
+    run_server_log_connector_response:
+      summary: Response from running a server log connector.
+      value:
+        connector_id: 7fc7b9a0-ecc9-11ec-8736-e7d63118c907
+        status: ok
+    run_servicenow_itom_connector_response:
+      summary: Response from retrieving the list of choices for a ServiceNow ITOM connector.
+      value:
+        connector_id: 9d9be270-2fd2-11ed-b0e0-87533c532698
+        data:
+          - dependent_value: ''
+            element: severity
+            label: Critical
+            value: 1
+          - dependent_value: ''
+            element: severity
+            label: Major
+            value: 2
+          - dependent_value: ''
+            element: severity
+            label: Minor
+            value: 3
+          - dependent_value: ''
+            element: severity
+            label: Warning
+            value: 4
+          - dependent_value: ''
+            element: severity
+            label: OK
+            value: 5
+          - dependent_value: ''
+            element: severity
+            label: Clear
+            value: 0
+          - dependent_value: ''
+            element: urgency
+            label: 1 - High
+            value: 1
+          - dependent_value: ''
+            element: urgency
+            label: 2 - Medium
+            value: 2
+          - dependent_value: ''
+            element: urgency
+            label: 3 - Low
+            value: 3
+        status: ok
+    run_slack_api_connector_response:
+      summary: Response from posting a message with a Slack connector.
+      value:
+        status: ok
+        data:
+          ok: true
+          channel: C123ABC456
+          ts: '1234567890.123456'
+          message:
+            bot_id: B12BCDEFGHI
+            type: message
+            text: A test message
+            user: U12A345BC6D
+            ts: '1234567890.123456'
+            app_id: A01BC2D34EF
+            blocks:
+              - type: rich_text
+                block_id: /NXe
+                elements:
+                  - type: rich_text_section
+                    elements:
+                      - type: text
+                        text: A test message.
+            team: T01ABCDE2F
+            bot_profile:
+              id: B12BCDEFGHI
+              app_id: A01BC2D34EF
+              name: test
+              icons:
+                image_36: https://a.slack-edge.com/80588/img/plugins/app/bot_36.png
+              deleted: false
+              updated: 1672169705
+              team_id: T01ABCDE2F
+        connector_id: .slack_api
+    run_swimlane_connector_response:
+      summary: Response from creating a Swimlane incident.
+      value:
+        connector_id: a4746470-2f94-11ed-b0e0-87533c532698
+        data:
+          id: aKPmBHWzmdRQtx6Mx
+          title: TEST-457
+          url: https://elastic.swimlane.url.us/record/aNcL2xniGHGpa2AHb/aKPmBHWzmdRQtx6Mx
+          pushedDate: '2022-09-08T16:52:27.866Z'
+          comments:
+            - commentId: 1
+              pushedDate: '2022-09-08T16:52:27.865Z'
+        status: ok
+    get_connectors_response:
+      summary: A list of connectors
+      value:
+        - id: preconfigured-email-connector
+          name: my-preconfigured-email-notification
+          connector_type_id: .email
+          is_preconfigured: true
+          is_deprecated: false
+          referenced_by_count: 0
+          is_system_action: false
+        - id: e07d0c80-8b8b-11ed-a780-3b746c987a81
+          name: my-index-connector
+          config:
+            index: test-index
+            refresh: false
+            executionTimeField: null
+          connector_type_id: .index
+          is_preconfigured: false
+          is_deprecated: false
+          referenced_by_count: 2
+          is_missing_secrets: false
+          is_system_action: false
+    update_rule_request:
+      summary: Index threshold rule
+      description: Update an index threshold rule that uses a server log connector to send notifications when the threshold is met.
+      value:
+        actions:
+          - frequency:
+              summary: false
+              notify_when: onActionGroupChange
+            group: threshold met
+            id: 96b668d0-a1b6-11ed-afdf-d39a49596974
+            params:
+              level: info
+              message: |-
+                Rule {{rule.name}} is active for group {{context.group}}:
+
+                - Value: {{context.value}}
+                - Conditions Met: {{context.conditions}} over {{rule.params.timeWindowSize}}{{rule.params.timeWindowUnit}}
+                - Timestamp: {{context.date}}
+        params:
+          aggField: sheet.version
+          aggType: avg
+          index:
+            - .updated-index
+          groupBy: top
+          termField: name.keyword
+          termSize: 6
+          threshold:
+            - 1000
+          thresholdComparator: '>'
+          timeField: '@timestamp'
+          timeWindowSize: 5
+          timeWindowUnit: m
+        name: new name
+        schedule:
+          interval: 1m
+        tags: []
+    update_rule_response:
+      summary: Index threshold rule
+      description: The response for successfully updating an index threshold rule.
+      value:
+        id: ac4e6b90-6be7-11eb-ba0d-9b1c1f912d74
+        consumer: alerts
+        tags: []
+        name: new name
+        enabled: true
+        throttle: null
+        revision: 1
+        running: false
+        schedule:
+          interval: 1m
+        params:
+          index:
+            - .updated-index
+          timeField: '@timestamp'
+          groupBy: top
+          aggType: avg
+          timeWindowSize: 5
+          timeWindowUnit: m
+          thresholdComparator: '>'
+          threshold:
+            - 1000
+          aggField: sheet.version
+          termField: name.keyword
+          termSize: 6
+        api_key_owner: elastic
+        created_by: elastic
+        updated_by: elastic
+        rule_type_id: .index-threshold
+        scheduled_task_id: 4c5eda00-e74f-11ec-b72f-5b18752ff9ea
+        created_at: '2024-03-26T23:13:20.985Z'
+        updated_at: '2024-03-26T23:22:59.949Z'
+        mute_all: false
+        muted_alert_ids: []
+        execution_status:
+          status: ok
+          last_execution_date: '2024-03-26T23:22:51.390Z'
+          last_duration: 52
+        actions:
+          - group: threshold met
+            params:
+              level: info
+              message: |-
+                Rule {{rule.name}} is active for group {{context.group}}:
+
+                - Value: {{context.value}}
+                - Conditions Met: {{context.conditions}} over {{rule.params.timeWindowSize}}{{rule.params.timeWindowUnit}}
+                - Timestamp: {{context.date}
+            id: 96b668d0-a1b6-11ed-afdf-d39a49596974
+            uuid: 07aef2a0-9eed-4ef9-94ec-39ba58eb609d
+            connector_type_id: .server-log
+            frequency:
+              summary: false
+              throttle: null
+              notify_when: onActionGroupChange
+        last_run:
+          alerts_count:
+            new: 0
+            ignored: 0
+            recovered: 0
+            active: 0
+          outcome_msg: null
+          warning: null
+          outcome: succeeded
+        next_run: '2024-03-26T23:23:51.316Z'
+        api_key_created_by_user: false
+    create_es_query_esql_rule_request:
+      summary: Elasticsearch query rule (ES|QL)
+      description: |
+        Create an Elasticsearch query rule that uses Elasticsearch Query Language (ES|QL) to define its query and a server log connector to send notifications.
+      value:
+        name: my Elasticsearch query ESQL rule
+        params:
+          searchType: esqlQuery
+          esqlQuery:
+            esql: FROM kibana_sample_data_logs | KEEP bytes, clientip, host, geo.dest | where geo.dest != "GB" | STATS sumbytes = sum(bytes) by clientip, host | WHERE sumbytes > 5000 | SORT sumbytes desc | LIMIT 10
+          timeField: '@timestamp'
+          timeWindowSize: 1
+          timeWindowUnit: d
+          size: 0
+          thresholdComparator: '>'
+          threshold:
+            - 0
+        consumer: stackAlerts
+        rule_type_id: .es-query
+        schedule:
+          interval: 1d
+        actions:
+          - group: query matched
+            id: d0db1fe0-78d6-11ee-9177-f7d404c8c945
+            params:
+              level: info
+              message: |-
+                Elasticsearch query rule '{{rule.name}}' is active:
+                - Value: {{context.value}} - Conditions Met: {{context.conditions}} over {{rule.params.timeWindowSize}}{{rule.params.timeWindowUnit}} - Timestamp: {{context.date}} - Link: {{context.link}}
+            frequency:
+              summary: false
+              notify_when: onActiveAlert
+    create_es_query_rule_request:
+      summary: Elasticsearch query rule (DSL)
+      description: |
+        Create an Elasticsearch query rule that uses Elasticsearch query domain specific language (DSL) to define its query and a server log connector to send notifications.
+      value:
+        actions:
+          - group: query matched
+            params:
+              level: info
+              message: The system has detected {{alerts.new.count}} new, {{alerts.ongoing.count}} ongoing, and {{alerts.recovered.count}} recovered alerts.
+            id: fdbece50-406c-11ee-850e-c71febc4ca7f
+            frequency:
+              throttle: 1d
+              summary: true
+              notify_when: onThrottleInterval
+          - group: recovered
+            params:
+              level: info
+              message: Recovered
+            id: fdbece50-406c-11ee-850e-c71febc4ca7f
+            frequency:
+              summary: false
+              notify_when: onActionGroupChange
+        consumer: alerts
+        name: my Elasticsearch query rule
+        params:
+          esQuery: '"""{"query":{"match_all" : {}}}"""'
+          index:
+            - kibana_sample_data_logs
+          size: 100
+          threshold:
+            - 100
+          thresholdComparator: '>'
+          timeField: '@timestamp'
+          timeWindowSize: 1
+          timeWindowUnit: d
+        rule_type_id: .es-query
+        schedule:
+          interval: 1d
+    create_es_query_kql_rule_request:
+      summary: Elasticsearch query rule (KQL)
+      description: Create an Elasticsearch query rule that uses Kibana query language (KQL).
+      value:
+        consumer: alerts
+        name: my Elasticsearch query KQL rule
+        params:
+          aggType: count
+          excludeHitsFromPreviousRun: true
+          groupBy: all
+          searchConfiguration:
+            query:
+              query: '""geo.src : "US" ""'
+              language: kuery
+            index: 90943e30-9a47-11e8-b64d-95841ca0b247
+          searchType: searchSource
+          size: 100
+          threshold:
+            - 1000
+          thresholdComparator: '>'
+          timeWindowSize: 5
+          timeWindowUnit: m
+        rule_type_id: .es-query
+        schedule:
+          interval: 1m
+    create_index_threshold_rule_request:
+      summary: Index threshold rule
+      description: |
+        Create an index threshold rule that uses a server log connector to send notifications when the threshold is met.
+      value:
+        actions:
+          - id: 48de3460-f401-11ed-9f8e-399c75a2deeb
+            frequency:
+              notify_when: onActionGroupChange
+              summary: false
+            group: threshold met
+            params:
+              level: info
+              message: |-
+                Rule '{{rule.name}}' is active for group '{{context.group}}':
+
+                - Value: {{context.value}}
+                - Conditions Met: {{context.conditions}} over {{rule.params.timeWindowSize}}{{rule.params.timeWindowUnit}}
+                - Timestamp: {{context.date}}
+        alert_delay:
+          active: 3
+        consumer: alerts
+        name: my rule
+        params:
+          aggType: avg
+          termSize: 6
+          thresholdComparator: '>'
+          timeWindowSize: 5
+          timeWindowUnit: m
+          groupBy: top
+          threshold:
+            - 1000
+          index:
+            - .test-index
+          timeField: '@timestamp'
+          aggField: sheet.version
+          termField: name.keyword
+        rule_type_id: .index-threshold
+        schedule:
+          interval: 1m
+        tags:
+          - cpu
+    create_tracking_containment_rule_request:
+      summary: Tracking containment rule
+      description: |
+        Create a tracking containment rule that checks when an entity is contained or no longer contained within a boundary.
+      value:
+        consumer: alerts
+        name: my tracking rule
+        params:
+          index: kibana_sample_data_logs
+          dateField": '@timestamp'
+          geoField: geo.coordinates
+          entity: agent.keyword
+          boundaryType: entireIndex
+          boundaryIndexTitle: boundary*
+          boundaryGeoField: location
+          boundaryNameField: name
+          indexId: 90943e30-9a47-11e8-b64d-95841ca0b247
+          boundaryIndexId: 0cd90abf-abe7-44c7-909a-f621bbbcfefc
+        rule_type_id: .geo-containment
+        schedule:
+          interval: 1h
+    create_es_query_esql_rule_response:
+      summary: Elasticsearch query rule (ES|QL)
+      description: The response for successfully creating an Elasticsearch query rule that uses Elasticsearch Query Language (ES|QL).
+      value:
+        id: e0d62360-78e8-11ee-9177-f7d404c8c945
+        enabled: true
+        name: my Elasticsearch query ESQL rule
+        tags: []
+        rule_type_id: .es-query
+        consumer: stackAlerts
+        schedule:
+          interval: 1d
+        actions:
+          - group: query matched
+            id: d0db1fe0-78d6-11ee-9177-f7d404c8c945
+            params:
+              level: info
+              message: |-
+                Elasticsearch query rule '{{rule.name}}' is active:
+                - Value: {{context.value}} - Conditions Met: {{context.conditions}} over {{rule.params.timeWindowSize}}{{rule.params.timeWindowUnit}} - Timestamp: {{context.date}} - Link: {{context.link}}
+            connector_type_id: .server-log
+            frequency:
+              summary: false
+              notify_when: onActiveAlert
+              throttle: null
+            uuid: bfe370a3-531b-4855-bbe6-ad739f578844
+        params:
+          searchType: esqlQuery
+          esqlQuery:
+            esql: FROM kibana_sample_data_logs | keep bytes, clientip, host, geo.dest | WHERE geo.dest != "GB" | stats sumbytes = sum(bytes) by clientip, host | WHERE sumbytes > 5000 | sort sumbytes desc | limit 10
+          timeField: '@timestamp'
+          timeWindowSize: 1
+          timeWindowUnit: d
+          size: 0
+          thresholdComparator: '>'
+          threshold:
+            - 0
+          excludeHitsFromPreviousRun": true,
+          aggType: count
+          groupBy: all
+        scheduled_task_id: e0d62360-78e8-11ee-9177-f7d404c8c945
+        created_by: elastic
+        updated_by: elastic",
+        created_at: '2023-11-01T19:00:10.453Z'
+        updated_at: '2023-11-01T19:00:10.453Z'
+        api_key_owner: elastic
+        api_key_created_by_user: false
+        throttle: null
+        mute_all: false
+        notify_when: null
+        muted_alert_ids: []
+        execution_status:
+          status: pending
+          last_execution_date: '2023-11-01T19:00:10.453Z'
+        revision: 0
+        running: false
+    create_es_query_rule_response:
+      summary: Elasticsearch query rule (DSL)
+      description: The response for successfully creating an Elasticsearch query rule that uses Elasticsearch query domain specific language (DSL).
+      value:
+        id: 58148c70-407f-11ee-850e-c71febc4ca7f
+        enabled: true
+        name: my Elasticsearch query rule
+        tags: []
+        rule_type_id: .es-query
+        consumer: alerts
+        schedule:
+          interval: 1d
+        actions:
+          - group: query matched
+            id: fdbece50-406c-11ee-850e-c71febc4ca7f
+            params:
+              level: info
+              message: The system has detected {{alerts.new.count}} new, {{alerts.ongoing.count}} ongoing, and {{alerts.recovered.count}} recovered alerts.
+            connector_type_id: .server-log
+            frequency:
+              summary: true
+              notify_when: onThrottleInterval
+              throttle: 1d
+            uuid: 53f3c2a3-e5d0-4cfa-af3b-6f0881385e78
+          - group: recovered
+            id: fdbece50-406c-11ee-850e-c71febc4ca7f
+            params:
+              level: info
+              message: Recovered
+            connector_type_id: .server-log
+            frequency:
+              summary: false
+              notify_when: onActionGroupChange
+              throttle: null
+            uuid: 2324e45b-c0df-45c7-9d70-4993e30be758
+        params:
+          thresholdComparator: '>'
+          timeWindowSize: 1
+          timeWindowUnit: d
+          threshold:
+            - 100
+          size: 100
+          timeField: '@timestamp'
+          index:
+            - kibana_sample_data_logs
+          esQuery: '"""{"query":{"match_all" : {}}}"""'
+          excludeHitsFromPreviousRun: true
+          aggType: count
+          groupBy: all
+          searchType: esQuery
+        scheduled_task_id: 58148c70-407f-11ee-850e-c71febc4ca7f
+        created_by: elastic
+        updated_by: elastic
+        created_at: '2023-08-22T00:03:38.263Z'
+        updated_at: '2023-08-22T00:03:38.263Z'
+        api_key_owner: elastic
+        api_key_created_by_user: false
+        throttle: null
+        mute_all: false
+        notify_when: null
+        muted_alert_ids: []
+        execution_status:
+          status: pending
+          last_execution_date: '2023-08-22T00:03:38.263Z'
+        revision: 0
+        running: false
+    create_es_query_kql_rule_response:
+      summary: Elasticsearch query rule (KQL)
+      description: The response for successfully creating an Elasticsearch query rule that uses Kibana query language (KQL).
+      value:
+        id: 7bd506d0-2284-11ee-8fad-6101956ced88
+        enabled: true
+        name: my Elasticsearch query KQL rule"
+        tags: []
+        rule_type_id: .es-query
+        consumer: alerts
+        schedule:
+          interval: 1m
+        actions: []
+        params:
+          searchConfiguration:
+            query:
+              query: '""geo.src : "US" ""'
+              language: kuery
+            index: 90943e30-9a47-11e8-b64d-95841ca0b247
+          searchType: searchSource
+          timeWindowSize: 5
+          timeWindowUnit: m
+          threshold:
+            - 1000
+          thresholdComparator: '>'
+          size: 100
+          aggType: count
+          groupBy: all
+          excludeHitsFromPreviousRun: true
+        created_by: elastic
+        updated_by: elastic
+        created_at: '2023-07-14T20:24:50.729Z'
+        updated_at: '2023-07-14T20:24:50.729Z'
+        api_key_owner: elastic
+        api_key_created_by_user: false
+        throttle: null
+        notify_when: null
+        mute_all: false
+        muted_alert_ids: []
+        scheduled_task_id: 7bd506d0-2284-11ee-8fad-6101956ced88
+        execution_status:
+          status: pending
+          last_execution_date: '2023-07-14T20:24:50.729Z'
+        revision: 0
+        running: false
+    create_index_threshold_rule_response:
+      summary: Index threshold rule
+      description: The response for successfully creating an index threshold rule.
+      value:
+        actions:
+          - group: threshold met
+            id: dceeb5d0-6b41-11eb-802b-85b0c1bc8ba2
+            uuid: 07aef2a0-9eed-4ef9-94ec-39ba58eb609d
+            connector_type_id: .server-log
+            frequency:
+              notify_when: onActionGroupChange
+              summary: false
+              throttle: null
+            params:
+              level: info
+              message: |-
+                Rule {{rule.name}} is active for group {{context.group} :
+
+                - Value: {{context.value}}
+                - Conditions Met: {{context.conditions}} over {{rule.params.timeWindowSize}}{{rule.params.timeWindowUnit}}
+                - Timestamp: {{context.date}}
+        alert_delay:
+          active: 3
+        api_key_created_by_user: false
+        api_key_owner: elastic
+        consumer: alerts
+        created_at: '2022-06-08T17:20:31.632Z'
+        created_by: elastic
+        enabled: true
+        execution_status:
+          last_execution_date: '2022-06-08T17:20:31.632Z'
+          status: pending
+        id: 41893910-6bca-11eb-9e0d-85d233e3ee35
+        muted_alert_ids: []
+        mute_all: false
+        name: my rule
+        notify_when: null
+        params:
+          aggType: avg
+          termSize: 6
+          thresholdComparator: '>'
+          timeWindowSize: 5
+          timeWindowUnit: m
+          groupBy: top
+          threshold:
+            - 1000
+          index:
+            - .test-index
+          timeField: '@timestamp'
+          aggField: sheet.version
+          termField: name.keyword
+        revision: 0
+        rule_type_id: .index-threshold
+        running: false
+        schedule:
+          interval: 1m
+        scheduled_task_id: 425b0800-6bca-11eb-9e0d-85d233e3ee35
+        tags:
+          - cpu
+        throttle: null
+        updated_at: '2022-06-08T17:20:31.632Z'
+        updated_by: elastic
+    create_tracking_containment_rule_response:
+      summary: Tracking containment rule
+      description: The response for successfully creating a tracking containment rule.
+      value:
+        id: b6883f9d-5f70-4758-a66e-369d7c26012f
+        name: my tracking rule
+        tags: []
+        enabled: true
+        consumer: alerts
+        throttle: null
+        revision: 1
+        running: false
+        schedule:
+          interval: 1h
+        params:
+          index: kibana_sample_data_logs
+          dateField: '@timestamp'
+          geoField: geo.coordinates
+          entity: agent.keyword
+          boundaryType: entireIndex
+          boundaryIndexTitle: boundary*
+          boundaryGeoField: location
+          boundaryNameField: name
+          indexId: 90943e30-9a47-11e8-b64d-95841ca0b247
+          boundaryIndexId: 0cd90abf-abe7-44c7-909a-f621bbbcfefc
+        rule_type_id: .geo-containment
+        created_by: elastic
+        updated_by: elastic
+        created_at: '2024-02-14T19:52:55.920Z'
+        updated_at: '2024-02-15T03:24:32.574Z'
+        api_key_owner: elastic
+        notify_when: null
+        mute_all: false
+        muted_alert_ids: []
+        scheduled_task_id: b6883f9d-5f70-4758-a66e-369d7c26012f
+        execution_status:
+          status: ok
+          last_execution_date: '2024-02-15T03:25:38.125Z'
+          last_duration: 74
+        actions: []
+        last_run:
+          alerts_count:
+            active: 0
+            new: 0
+            recovered: 0
+            ignored: 0
+          outcome_msg: null
+          outcome_order: 0
+          outcome: succeeded
+          warning: null
+        next_run: '2024-02-15T03:26:38.033Z'
+        api_key_created_by_user: false
+    find_rules_response:
+      summary: Index threshold rule
+      description: A response that contains information about an index threshold rule.
+      value:
+        page: 1
+        total: 1
+        per_page: 10
+        data:
+          - id: 3583a470-74f6-11ed-9801-35303b735aef
+            consumer: alerts
+            tags:
+              - cpu
+            name: my alert
+            enabled: true
+            throttle: null
+            schedule:
+              interval: 1m
+            params:
+              aggType: avg
+              termSize: 6
+              thresholdComparator: '>'
+              timeWindowSize: 5
+              timeWindowUnit: m
+              groupBy: top
+              threshold:
+                - 1000
+              index:
+                - test-index
+              timeField: '@timestamp'
+              aggField: sheet.version
+              termField: name.keyword
+            revision: 1
+            rule_type_id: .index-threshold
+            created_by: elastic
+            updated_by: elastic
+            created_at: '2022-12-05T23:40:33.132Z'
+            updated_at: '2022-12-05T23:40:33.132Z'
+            api_key_owner: elastic
+            mute_all: false
+            muted_alert_ids: []
+            scheduled_task_id: 3583a470-74f6-11ed-9801-35303b735aef
+            execution_status:
+              status: ok
+              last_execution_date: '2022-12-06T01:44:23.983Z'
+              last_duration: 48
+            actions:
+              - id: 9dca3e00-74f5-11ed-9801-35303b735aef
+                group: threshold met
+                uuid: 1c7a1280-f28c-4e06-96b2-e4e5f05d1d61
+                params:
+                  level: info
+                  message: |-
+                    Rule {{rule.name}} is active for group {{context.group}}:
+
+                    - Value: {{context.value}}
+                    - Conditions Met: {{context.conditions}} over {{rule.params.timeWindowSize}}{{rule.params.timeWindowUnit}}
+                    - Timestamp: {{context.date}}
+                  connector_type_id: .server-log
+                frequency:
+                  summary: false
+                  notify_when: onActionGroupChange
+                  throttle: null
+            last_run:
+              alerts_count:
+                new: 0
+                ignored: 0
+                recovered: 0
+                active: 0
+              outcome_msg: null
+              warning: null
+              outcome: succeeded
+            next_run: '2022-12-06T01:45:23.912Z'
+            api_key_created_by_user: false
+    find_rules_response_conditional_action:
+      summary: Security rule
+      description: A response that contains information about a security rule that has conditional actions.
+      value:
+        page: 1
+        total: 1
+        per_page: 10
+        data:
+          - id: 6107a8f0-f401-11ed-9f8e-399c75a2deeb
+            name: security_rule
+            consumer: siem
+            enabled: true
+            tags: []
+            throttle: null
+            revision: 1
+            running: false
+            schedule:
+              interval: 1m
+            params:
+              author: []
+              description: A security threshold rule.
+              ruleId: an_internal_rule_id
+              falsePositives: []
+              from: now-3660s
+              immutable: false
+              license: ''
+              outputIndex: ''
+              meta:
+                from: 1h
+                kibana_siem_app_url: https://localhost:5601/app/security
+              maxSignals: 100
+              riskScore: 21
+              riskScoreMapping: []
+              severity: low
+              severityMapping: []
+              threat: []
+              to: now
+              references: []
+              version: 1
+              exceptionsList: []
+              type: threshold
+              language: kuery
+              index:
+                - kibana_sample_data_logs
+              query: '*'
+              filters: []
+              threshold:
+                field:
+                  - bytes
+                value: 1
+                cardinality: []
+            rule_type_id: siem.thresholdRule
+            created_by: elastic
+            updated_by: elastic
+            created_at: '2023-05-16T15:50:28.358Z'
+            updated_at: '2023-05-16T20:25:42.559Z'
+            api_key_owner: elastic
+            notify_when: null
+            mute_all: false
+            muted_alert_ids: []
+            scheduled_task_id: 6107a8f0-f401-11ed-9f8e-399c75a2deeb
+            execution_status:
+              status: ok
+              last_execution_date: '2023-05-16T20:26:49.590Z'
+              last_duration: 166
+            actions:
+              - group: default
+                id: 49eae970-f401-11ed-9f8e-399c75a2deeb
+                params:
+                  documents:
+                    - rule_id:
+                        '[object Object]': null
+                      rule_name:
+                        '[object Object]': null
+                      alert_id:
+                        '[object Object]': null
+                      context_message:
+                        '[object Object]': null
+                connector_type_id: .index
+                frequency:
+                  summary: true
+                  notify_when: onActiveAlert
+                  throttle: null
+                uuid: 1c7a1280-f28c-4e06-96b2-e4e5f05d1d61
+                alerts_filter:
+                  timeframe:
+                    days:
+                      - 7
+                    timezone: UTC
+                    hours:
+                      start: '08:00'
+                      end: '17:00'
+                  query:
+                    kql: ''
+                    filters:
+                      - meta:
+                          disabled: false
+                          negate: false
+                          alias: null
+                          index: c4bdca79-e69e-4d80-82a1-e5192c621bea
+                          key: client.geo.region_iso_code
+                          field: client.geo.region_iso_code
+                          params:
+                            query: CA-QC
+                            type: phrase
+                        $state:
+                          store: appState
+                        query:
+                          match_phrase:
+                            client.geo.region_iso_code: CA-QC
+            last_run:
+              alerts_count:
+                new: 0
+                ignored: 0
+                recovered: 0
+                active: 0
+              outcome_msg:
+                - Rule execution completed successfully
+              outcome_order: 0
+              warning: null
+              outcome: succeeded
+            next_run: '2023-05-16T20:27:49.507Z'
+            api_key_created_by_user: false
+    get_spaces_response1:
+      summary: Get all spaces
+      description: Get all spaces without specifying any options.
+      value:
+        - id: default
+          name: Default
+          description: This is the Default Space
+          disabledFeatures: []
+          imageUrl: ''
+          _reserved: true
+        - id: marketing
+          name: Marketing
+          description: This is the Marketing Space
+          color: null
+          disabledFeatures:
+            - apm
+          initials: MK
+          imageUrl: data:image/png;base64,iVBORw0KGgoAAAANSU
+        - id: sales
+          name: Sales
+          initials: MK
+          disabledFeatures:
+            - discover
+          imageUr": ''
+          solution: oblt
+    get_spaces_response2:
+      summary: Get all spaces with custom options
+      description: |
+        The user has read-only access to the Sales space. Get all spaces with the following query parameters: "purpose=shareSavedObjectsIntoSpace&include_authorized_purposes=true"
+      value:
+        - id: default
+          name: Default
+          description: This is the Default Space
+          disabledFeatures: []
+          imageUrl: ''
+          _reserved: true
+          authorizedPurposes:
+            any: true
+            copySavedObjectsIntoSpace: true
+            findSavedObjects: true
+            shareSavedObjectsIntoSpace: true
+        - id: marketing
+          name: Marketing
+          description: This is the Marketing Space
+          color: null
+          disabledFeatures:
+            - apm
+          initials: MK
+          imageUrl: data:image/png;base64,iVBORw0KGgoAAAANSU
+          authorizedPurposes:
+            any: true
+            copySavedObjectsIntoSpace: true
+            findSavedObjects: true
+            shareSavedObjectsIntoSpace: true
+        - id: sales
+          name: Sales
+          initials: MK
+          disabledFeatures:
+            - discover
+          imageUrl: ''
+          authorizedPurposes:
+            any: true
+            copySavedObjectsIntoSpace: false
+            findSavedObjects: true
+            shareSavedObjectsIntoSpace: false
+    create_space_request:
+      summary: Create a marketing space
+      value:
+        id: marketing
+        name: Marketing
+        description: This is the Marketing Space
+        color: null
+        initials: MK
+        disabledFeatures: []
+        imageUrl: data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAD4AAABACAYAAABC6cT1AAAGf0lEQVRoQ+3abYydRRUH8N882xYo0IqagEVjokQJKAiKBjXExC9G/aCkGowCIghCkRcrVSSKIu/FEiqgGL6gBIlAYrAqUTH6hZgQFVEMKlQFfItWoQWhZe8z5uzMLdvbfbkLxb13d+fbvfe588x/zpn/+Z9zJpmnI81T3BaAzzfLL1h8weLzZAcWXH2eGHo7zAWLL1h8nuzAjFw9G1N6Kzq8HnuM36MR8iibF3Fv4q+7cv8yDV6K13bYq2furSP8Ag8ncr/vnSnwRViJT2GfCV7yL1yHGxLb+l3EdM9lluNEnIC9xz+f2ZL4Er6Z2DrdXN3fZwp8CU7OfDHxggle8lTLbQ1nJ/7Z7yKmey5zYGZt4h2IzR8/trRc2PDlxJPTzfVcgJ+CC0wMPOa9F6cm7up3EVM9V9386MxliVdM8GwAv6hh/awCz/w7lY25OtF5ruBz4ZLP42NYNrDAFbC3YPWuILnMAfgq3oaRQQYea/stViV+sgssvjKzLvGySeaaNVfP4d7Btokgvxj/bblgpueuF1hmWcyTCmfE3J3M1lTcv0vMswM88zR+jpw4osu6me8kzkpsfLZWzxyRuabO22buxxOJ12FxnXfWgEe83pB5sOE47BsLymzscOoi7nw2JJfZreUjiUsTyzKPZm5NvBDvSuw268AzNzV8H5/Am+qCnsAXgpgSW2Zq9cyKlksbPlTd+te4quWNieMHBfiNDdciYnwsdI/MaOaWhnMTf54J8CqNj8x8JXFIZltYu+HqlmNT8YSBsHgAPw/vxvlVV4du/s0oaxbxg0TbL/jMni0nNcVjQq7+HZfgtpbzBg342TgQ63AkmsymxBW4IjE6A+D7Vzd/fyWxIM/VuCe+HzTgZ2Jpy/kNJ2FJLmLm24mPJ/42A+Bvrxt4SISwlhsaPodH26LZB8rVA3inwwebsrixJCZzX+KMxI/7AV61eVh3DV6Mx3EOvh4kN6jAg8nfUCXm4d1wE66OyxNPTQc+s3/o/MoXizL3JE5O3F3P/uBZPPF4Zr+Wi5uSO48ZPRdyCwn7YB/A35m5KhWNHox4fcNnIs0ddOCRSBxf8+cQG+Huf0l8NJVYP+nI7NXy2ar4QqIGm69JfKPOE2w/mBavCzwM11R2D+ChsUO7hyUfmwx55qDM1xJvqZ7y08TpifuGBfjeURVJnNIVGpkNiXNS0ds7jcySDitDCCWW56LJ10fRo8sNA+3qXUSZD2CtQlZh9T+1rB7h9oliembflnMbzqgSNZKbKGHdPm7OwXb1CvQ1metSETMpszmzvikCJNh/h5E5PHNl4qga/+/cxqrdeWDYgIe7X5L4cGJPJX2940lOX8pD41FnFnc4riluvQKbK0dcHJFi2IBHNTQSlguru4d2/wPOTNzRA3x5y+U1E1uqWDkETOT026XuUJzx6u7ReLhSYenQ7uHua0fKZmwfmcPqsQjxE5WVONcRxn7X89zgn/EKPMRMxOVQXmP18Mx3q3b/Y/0cQE/IhFtHESMsHFlZ1Ml3CH3DZPHImY+pxcKumNmYirtvqMBfhMuU6s3iqOQkTsMPe1tCQwO8Ajs0lxr7W+vnp1MJc9EgCNd/cy6x+9D4veXmprj5wxMw/3C4egW6zzgZOlYZzfwo3F2J7ael0pJamvlPKgWNKFft1AAcKotXoFEbD7kaoSoQPVKB35+5KHF0lai/rJo+up87jWEE/qqqwY+qrL21LWLm95lPJ16ppKw31XC3PXYPJauPEx7B6BHCgrSizRs18qiaRp8tlN3ueCTYPHH9RNaunjI8Z7wLYpT3jZSCYXQ8e9vTsRE/q+no3XMKeObgGtaintbb/AvXj4JDkNw/5hrwYPfIvlZFUbLn7G5q+eQIN09Vnho6cqvnM/Lt99RixH49wO8K0ZL41WTWHoQzvsNVkOheZqKhEGpsp3SzB+BBtZAYve7uOR9tuTaaB6l0XScdYfEQPpkTUyHEGP+XqyDBzu+NBCITUjNWHynkrbWKOuWFn1xKzqsyx0bdvS78odp0+N503Zao0uCsWuSIDku8/7EO60b41vN5+Ses9BKlTdvd8bhp9EBvJjWJAIn/vxwHe6b3tSk6JFPV4nq85oAOrx555v/x/rh3E6Lo+bnuNS4uB4Cuq0ZfvO8X1rM6q/+vnjLVqZq7v83onttc2oYF4HPJmv1gWbB4P7s0l55ZsPhcsmY/WBYs3s8uzaVn5q3F/wf70mRuBCtbjQAAAABJRU5ErkJggg==
+    get_space_response:
+      summary: Get details about a marketing space
+      value:
+        id: marketing
+        name: Marketing
+        description: This is the Marketing Space
+        color: null
+        initials: MK
+        disabledFeatures: []
+        imageUrl: ''
+        solution: es
+    update_space_request:
+      summary: Update a marketing space
+      description: Update the marketing space to remove the imageUrl.
+      value:
+        id: marketing
+        name: Marketing
+        description: This is the Marketing Space
+        color: null
+        initials: MK
+        disabledFeatures: []
+        imageUrl: ''
   parameters:
     APM_UI_elastic_api_version:
       description: The version of the API to use
@@ -38021,9 +37432,7 @@ components:
         example: ff959d40-b880-11e8-a6d9-e546fe2bba5f
         type: string
     Machine_learning_APIs_simulateParam:
-      description: >-
-        When true, simulates the synchronization by returning only the list of
-        actions that would be performed.
+      description: When true, simulates the synchronization by returning only the list of actions that would be performed.
       example: 'true'
       in: query
       name: simulate
@@ -38053,9 +37462,7 @@ components:
         example: 9c235211-6834-11ea-a78c-6feb38a34414
         type: string
     SLOs_space_id:
-      description: >-
-        An identifier for the space. If `/s/` and the identifier are omitted
-        from the path, the default space is used.
+      description: An identifier for the space. If `/s/` and the identifier are omitted from the path, the default space is used.
       in: path
       name: spaceId
       required: true
@@ -38380,10 +37787,8 @@ components:
           example: 0bc3b5ebf18fba8163fe4c96f491e3767a358f85
           type: string
         mark_as_applied_by_agent:
-          description: >
-            `markAsAppliedByAgent=true` means "force setting it to true
-            regardless of etag".
-
+          description: |
+            `markAsAppliedByAgent=true` means "force setting it to true regardless of etag".
             This is needed for Jaeger agent that doesn't have etags
           type: boolean
         service:
@@ -38498,9 +37903,7 @@ components:
       type: object
       properties:
         bundle_filepath:
-          description: >-
-            The absolute path of the final bundle as used in the web
-            application.
+          description: The absolute path of the final bundle as used in the web application.
           type: string
         service_name:
           description: The name of the service that the service map should apply to.
@@ -38509,11 +37912,9 @@ components:
           description: The version of the service that the service map should apply to.
           type: string
         sourcemap:
-          description: >
+          description: |
             The source map. String or file upload. It must follow the
-
-            [source map revision 3
-            proposal](https://docs.google.com/document/d/1U1RGAehQwRypUTovF1KRlpiOFze0b-_2gc6fAH0KY0k).
+            [source map revision 3 proposal](https://docs.google.com/document/d/1U1RGAehQwRypUTovF1KRlpiOFze0b-_2gc6fAH0KY0k).
           format: binary
           type: string
       required:
@@ -38553,9 +37954,7 @@ components:
           example: Not Found
           type: string
         message:
-          example: >-
-            Saved object [index-pattern/caaad6d0-920c-11ed-b36a-874bd1548a00]
-            not found
+          example: Saved object [index-pattern/caaad6d0-920c-11ed-b36a-874bd1548a00] not found
           type: string
         statusCode:
           enum:
@@ -38610,9 +38009,7 @@ components:
             - title
         override:
           default: false
-          description: >-
-            Override an existing data view if a data view with the provided
-            title already exists.
+          description: Override an existing data view if a data view with the provided title already exists.
           type: boolean
       required:
         - data_view
@@ -38674,9 +38071,7 @@ components:
       description: A map of field formats by field name.
       type: object
     Data_views_namespaces:
-      description: >-
-        An array of space identifiers for sharing the data view between multiple
-        spaces.
+      description: An array of space identifiers for sharing the data view between multiple spaces.
       items:
         default: default
         type: string
@@ -38728,9 +38123,8 @@ components:
           description: The saved object reference to change.
           type: string
         fromType:
-          description: >
-            Specify the type of the saved object reference to alter. The default
-            value is `index-pattern` for data views.
+          description: |
+            Specify the type of the saved object reference to alter. The default value is `index-pattern` for data views.
           type: string
         toId:
           description: New saved object reference value to replace the old value.
@@ -38742,17 +38136,13 @@ components:
       description: The timestamp field name, which you use for time-based data views.
       type: string
     Data_views_title:
-      description: >-
-        Comma-separated list of data streams, indices, and aliases that you want
-        to search. Supports wildcards (`*`).
+      description: Comma-separated list of data streams, indices, and aliases that you want to search. Supports wildcards (`*`).
       type: string
     Data_views_type:
       description: When set to `rollup`, identifies the rollup data views.
       type: string
     Data_views_typemeta:
-      description: >-
-        When you use rollup indices, contains the field list for the rollup data
-        view API endpoints.
+      description: When you use rollup indices, contains the field list for the rollup data view API endpoints.
       type: object
       properties:
         aggs:
@@ -38765,9 +38155,7 @@ components:
         - aggs
         - params
     Data_views_typemeta_response:
-      description: >-
-        When you use rollup indices, contains the field list for the rollup data
-        view API endpoints.
+      description: When you use rollup indices, contains the field list for the rollup data view API endpoints.
       nullable: true
       type: object
       properties:
@@ -38782,10 +38170,8 @@ components:
       type: object
       properties:
         data_view:
-          description: >
-            The data view properties you want to update. Only the specified
-            properties are updated in the data view. Unspecified fields stay as
-            they are persisted.
+          description: |
+            The data view properties you want to update. Only the specified properties are updated in the data view. Unspecified fields stay as they are persisted.
           type: object
           properties:
             allowNoIndex:
@@ -38845,10 +38231,7 @@ components:
         - status
     Kibana_HTTP_APIs_core_status_response:
       additionalProperties: false
-      description: >-
-        Kibana's operational status as well as a detailed breakdown of plugin
-        statuses indication of various loads (like event loop utilization and
-        network traffic) at time of request.
+      description: Kibana's operational status as well as a detailed breakdown of plugin statuses indication of various loads (like event loop utilization and network traffic) at time of request.
       type: object
       properties:
         metrics:
@@ -38907,9 +38290,7 @@ components:
                       description: A URL to further documentation regarding this service.
                       type: string
                     level:
-                      description: >-
-                        Service status levels as human and machine readable
-                        values.
+                      description: Service status levels as human and machine readable values.
                       enum:
                         - available
                         - degraded
@@ -38918,9 +38299,7 @@ components:
                       type: string
                     meta:
                       additionalProperties: {}
-                      description: >-
-                        An unstructured set of extra metadata about this
-                        service.
+                      description: An unstructured set of extra metadata about this service.
                       type: object
                     summary:
                       description: A human readable summary of the service status.
@@ -38940,9 +38319,7 @@ components:
                       description: A URL to further documentation regarding this service.
                       type: string
                     level:
-                      description: >-
-                        Service status levels as human and machine readable
-                        values.
+                      description: Service status levels as human and machine readable values.
                       enum:
                         - available
                         - degraded
@@ -38951,9 +38328,7 @@ components:
                       type: string
                     meta:
                       additionalProperties: {}
-                      description: >-
-                        An unstructured set of extra metadata about this
-                        service.
+                      description: An unstructured set of extra metadata about this service.
                       type: object
                     summary:
                       description: A human readable summary of the service status.
@@ -39006,9 +38381,7 @@ components:
                     description: A URL to further documentation regarding this service.
                     type: string
                   level:
-                    description: >-
-                      Service status levels as human and machine readable
-                      values.
+                    description: Service status levels as human and machine readable values.
                     enum:
                       - available
                       - degraded
@@ -39033,9 +38406,7 @@ components:
             - core
             - plugins
         uuid:
-          description: >-
-            Unique, generated Kibana instance UUID. This UUID should persist
-            even if the Kibana process restarts.
+          description: Unique, generated Kibana instance UUID. This UUID should persist even if the Kibana process restarts.
           type: string
         version:
           additionalProperties: false
@@ -39045,24 +38416,16 @@ components:
               description: The date and time of this build.
               type: string
             build_flavor:
-              description: >-
-                The build flavour determines configuration and behavior of
-                Kibana. On premise users will almost always run the
-                "traditional" flavour, while other flavours are reserved for
-                Elastic-specific use cases.
+              description: The build flavour determines configuration and behavior of Kibana. On premise users will almost always run the "traditional" flavour, while other flavours are reserved for Elastic-specific use cases.
               enum:
                 - serverless
                 - traditional
               type: string
             build_hash:
-              description: >-
-                A unique hash value representing the git commit of this Kibana
-                build.
+              description: A unique hash value representing the git commit of this Kibana build.
               type: string
             build_number:
-              description: >-
-                A monotonically increasing number, each subsequent build will
-                have a higher number.
+              description: A monotonically increasing number, each subsequent build will have a higher number.
               type: number
             build_snapshot:
               description: Whether this build is a snapshot build.
@@ -39088,25 +38451,17 @@ components:
         datafeedsAdded:
           additionalProperties:
             $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseDatafeeds'
-          description: >-
-            If a saved object for an anomaly detection job is missing a datafeed
-            identifier, it is added when you run the sync machine learning saved
-            objects API.
+          description: If a saved object for an anomaly detection job is missing a datafeed identifier, it is added when you run the sync machine learning saved objects API.
           type: object
         datafeedsRemoved:
           additionalProperties:
             $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseDatafeeds'
-          description: >-
-            If a saved object for an anomaly detection job references a datafeed
-            that no longer exists, it is deleted when you run the sync machine
-            learning saved objects API.
+          description: If a saved object for an anomaly detection job references a datafeed that no longer exists, it is deleted when you run the sync machine learning saved objects API.
           type: object
         savedObjectsCreated:
-          $ref: >-
-            #/components/schemas/Machine_learning_APIs_mlSyncResponseSavedObjectsCreated
+          $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSavedObjectsCreated'
         savedObjectsDeleted:
-          $ref: >-
-            #/components/schemas/Machine_learning_APIs_mlSyncResponseSavedObjectsDeleted
+          $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSavedObjectsDeleted'
       title: Successful sync API response
       type: object
     Machine_learning_APIs_mlSync4xxResponse:
@@ -39122,97 +38477,63 @@ components:
       title: Unsuccessful sync API response
       type: object
     Machine_learning_APIs_mlSyncResponseAnomalyDetectors:
-      description: >-
-        The sync machine learning saved objects API response contains this
-        object when there are anomaly detection jobs affected by the
-        synchronization. There is an object for each relevant job, which
-        contains the synchronization status.
+      description: The sync machine learning saved objects API response contains this object when there are anomaly detection jobs affected by the synchronization. There is an object for each relevant job, which contains the synchronization status.
       properties:
         success:
           $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSuccess'
       title: Sync API response for anomaly detection jobs
       type: object
     Machine_learning_APIs_mlSyncResponseDatafeeds:
-      description: >-
-        The sync machine learning saved objects API response contains this
-        object when there are datafeeds affected by the synchronization. There
-        is an object for each relevant datafeed, which contains the
-        synchronization status.
+      description: The sync machine learning saved objects API response contains this object when there are datafeeds affected by the synchronization. There is an object for each relevant datafeed, which contains the synchronization status.
       properties:
         success:
           $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSuccess'
       title: Sync API response for datafeeds
       type: object
     Machine_learning_APIs_mlSyncResponseDataFrameAnalytics:
-      description: >-
-        The sync machine learning saved objects API response contains this
-        object when there are data frame analytics jobs affected by the
-        synchronization. There is an object for each relevant job, which
-        contains the synchronization status.
+      description: The sync machine learning saved objects API response contains this object when there are data frame analytics jobs affected by the synchronization. There is an object for each relevant job, which contains the synchronization status.
       properties:
         success:
           $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSuccess'
       title: Sync API response for data frame analytics jobs
       type: object
     Machine_learning_APIs_mlSyncResponseSavedObjectsCreated:
-      description: >-
-        If saved objects are missing for machine learning jobs or trained
-        models, they are created when you run the sync machine learning saved
-        objects API.
+      description: If saved objects are missing for machine learning jobs or trained models, they are created when you run the sync machine learning saved objects API.
       properties:
         anomaly-detector:
           additionalProperties:
-            $ref: >-
-              #/components/schemas/Machine_learning_APIs_mlSyncResponseAnomalyDetectors
-          description: >-
-            If saved objects are missing for anomaly detection jobs, they are
-            created.
+            $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseAnomalyDetectors'
+          description: If saved objects are missing for anomaly detection jobs, they are created.
           type: object
         data-frame-analytics:
           additionalProperties:
-            $ref: >-
-              #/components/schemas/Machine_learning_APIs_mlSyncResponseDataFrameAnalytics
-          description: >-
-            If saved objects are missing for data frame analytics jobs, they are
-            created.
+            $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseDataFrameAnalytics'
+          description: If saved objects are missing for data frame analytics jobs, they are created.
           type: object
         trained-model:
           additionalProperties:
-            $ref: >-
-              #/components/schemas/Machine_learning_APIs_mlSyncResponseTrainedModels
+            $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseTrainedModels'
           description: If saved objects are missing for trained models, they are created.
           type: object
       title: Sync API response for created saved objects
       type: object
     Machine_learning_APIs_mlSyncResponseSavedObjectsDeleted:
-      description: >-
-        If saved objects exist for machine learning jobs or trained models that
-        no longer exist, they are deleted when you run the sync machine learning
-        saved objects API.
+      description: If saved objects exist for machine learning jobs or trained models that no longer exist, they are deleted when you run the sync machine learning saved objects API.
       properties:
         anomaly-detector:
           additionalProperties:
-            $ref: >-
-              #/components/schemas/Machine_learning_APIs_mlSyncResponseAnomalyDetectors
-          description: >-
-            If there are saved objects exist for nonexistent anomaly detection
-            jobs, they are deleted.
+            $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseAnomalyDetectors'
+          description: If there are saved objects exist for nonexistent anomaly detection jobs, they are deleted.
           type: object
         data-frame-analytics:
           additionalProperties:
-            $ref: >-
-              #/components/schemas/Machine_learning_APIs_mlSyncResponseDataFrameAnalytics
-          description: >-
-            If there are saved objects exist for nonexistent data frame
-            analytics jobs, they are deleted.
+            $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseDataFrameAnalytics'
+          description: If there are saved objects exist for nonexistent data frame analytics jobs, they are deleted.
           type: object
         trained-model:
           additionalProperties:
-            $ref: >-
-              #/components/schemas/Machine_learning_APIs_mlSyncResponseTrainedModels
-          description: >-
-            If there are saved objects exist for nonexistent trained models,
-            they are deleted.
+            $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseTrainedModels'
+          description: If there are saved objects exist for nonexistent trained models, they are deleted.
           type: object
       title: Sync API response for deleted saved objects
       type: object
@@ -39220,11 +38541,7 @@ components:
       description: The success or failure of the synchronization.
       type: boolean
     Machine_learning_APIs_mlSyncResponseTrainedModels:
-      description: >-
-        The sync machine learning saved objects API response contains this
-        object when there are trained models affected by the synchronization.
-        There is an object for each relevant trained model, which contains the
-        synchronization status.
+      description: The sync machine learning saved objects API response contains this object when there are trained models affected by the synchronization. There is an object for each relevant trained model, which contains the synchronization status.
       properties:
         success:
           $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSuccess'
@@ -39289,8 +38606,7 @@ components:
         name:
           type: string
         skip_reason:
-          $ref: >-
-            #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldsBulkActionSkipReason
+          $ref: '#/components/schemas/Security_AI_Assistant_API_AnonymizationFieldsBulkActionSkipReason'
       required:
         - id
         - skip_reason
@@ -39304,15 +38620,12 @@ components:
           properties:
             errors:
               items:
-                $ref: >-
-                  #/components/schemas/Security_AI_Assistant_API_NormalizedAnonymizationFieldError
+                $ref: '#/components/schemas/Security_AI_Assistant_API_NormalizedAnonymizationFieldError'
               type: array
             results:
-              $ref: >-
-                #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldsBulkCrudActionResults
+              $ref: '#/components/schemas/Security_AI_Assistant_API_AnonymizationFieldsBulkCrudActionResults'
             summary:
-              $ref: >-
-                #/components/schemas/Security_AI_Assistant_API_BulkCrudActionSummary
+              $ref: '#/components/schemas/Security_AI_Assistant_API_BulkCrudActionSummary'
           required:
             - results
             - summary
@@ -39329,8 +38642,7 @@ components:
       properties:
         created:
           items:
-            $ref: >-
-              #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldResponse
+            $ref: '#/components/schemas/Security_AI_Assistant_API_AnonymizationFieldResponse'
           type: array
         deleted:
           items:
@@ -39338,13 +38650,11 @@ components:
           type: array
         skipped:
           items:
-            $ref: >-
-              #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldsBulkActionSkipResult
+            $ref: '#/components/schemas/Security_AI_Assistant_API_AnonymizationFieldsBulkActionSkipResult'
           type: array
         updated:
           items:
-            $ref: >-
-              #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldResponse
+            $ref: '#/components/schemas/Security_AI_Assistant_API_AnonymizationFieldResponse'
           type: array
       required:
         - updated
@@ -39552,11 +38862,8 @@ components:
       type: object
       properties:
         confidence:
-          $ref: >-
-            #/components/schemas/Security_AI_Assistant_API_ConversationConfidence
-          description: >-
-            How confident you are about this being a correct and useful
-            learning.
+          $ref: '#/components/schemas/Security_AI_Assistant_API_ConversationConfidence'
+          description: How confident you are about this being a correct and useful learning.
         content:
           description: Summary text of the conversation over time.
           type: string
@@ -39662,8 +38969,7 @@ components:
       properties:
         anonymization_fields:
           items:
-            $ref: >-
-              #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldDetailsInError
+            $ref: '#/components/schemas/Security_AI_Assistant_API_AnonymizationFieldDetailsInError'
           type: array
         err_code:
           type: string
@@ -39684,8 +38990,7 @@ components:
           type: string
         prompts:
           items:
-            $ref: >-
-              #/components/schemas/Security_AI_Assistant_API_PromptDetailsInError
+            $ref: '#/components/schemas/Security_AI_Assistant_API_PromptDetailsInError'
           type: array
         status_code:
           type: integer
@@ -39784,8 +39089,7 @@ components:
         name:
           type: string
         skip_reason:
-          $ref: >-
-            #/components/schemas/Security_AI_Assistant_API_PromptsBulkActionSkipReason
+          $ref: '#/components/schemas/Security_AI_Assistant_API_PromptsBulkActionSkipReason'
       required:
         - id
         - skip_reason
@@ -39797,15 +39101,12 @@ components:
           properties:
             errors:
               items:
-                $ref: >-
-                  #/components/schemas/Security_AI_Assistant_API_NormalizedPromptError
+                $ref: '#/components/schemas/Security_AI_Assistant_API_NormalizedPromptError'
               type: array
             results:
-              $ref: >-
-                #/components/schemas/Security_AI_Assistant_API_PromptsBulkCrudActionResults
+              $ref: '#/components/schemas/Security_AI_Assistant_API_PromptsBulkCrudActionResults'
             summary:
-              $ref: >-
-                #/components/schemas/Security_AI_Assistant_API_BulkCrudActionSummary
+              $ref: '#/components/schemas/Security_AI_Assistant_API_BulkCrudActionSummary'
           required:
             - results
             - summary
@@ -39832,8 +39133,7 @@ components:
           type: array
         skipped:
           items:
-            $ref: >-
-              #/components/schemas/Security_AI_Assistant_API_PromptsBulkActionSkipResult
+            $ref: '#/components/schemas/Security_AI_Assistant_API_PromptsBulkActionSkipResult'
           type: array
         updated:
           items:
@@ -39944,8 +39244,7 @@ components:
       oneOf:
         - $ref: '#/components/schemas/Security_Detections_API_AlertsSortCombinations'
         - items:
-            $ref: >-
-              #/components/schemas/Security_Detections_API_AlertsSortCombinations
+            $ref: '#/components/schemas/Security_Detections_API_AlertsSortCombinations'
           type: array
     Security_Detections_API_AlertsSortCombinations:
       anyOf:
@@ -39963,30 +39262,30 @@ components:
       type: object
       properties:
         duration:
-          $ref: >-
-            #/components/schemas/Security_Detections_API_AlertSuppressionDuration
+          $ref: '#/components/schemas/Security_Detections_API_AlertSuppressionDuration'
         group_by:
           $ref: '#/components/schemas/Security_Detections_API_AlertSuppressionGroupBy'
         missing_fields_strategy:
-          $ref: >-
-            #/components/schemas/Security_Detections_API_AlertSuppressionMissingFieldsStrategy
+          $ref: '#/components/schemas/Security_Detections_API_AlertSuppressionMissingFieldsStrategy'
       required:
         - group_by
     Security_Detections_API_AlertSuppressionDuration:
       type: object
       properties:
         unit:
-          enum:
-            - s
-            - m
-            - h
-          type: string
+          $ref: '#/components/schemas/Security_Detections_API_AlertSuppressionDurationUnit'
         value:
           minimum: 1
           type: integer
       required:
         - value
         - unit
+    Security_Detections_API_AlertSuppressionDurationUnit:
+      enum:
+        - s
+        - m
+        - h
+      type: string
     Security_Detections_API_AlertSuppressionGroupBy:
       items:
         type: string
@@ -39994,12 +39293,9 @@ components:
       minItems: 1
       type: array
     Security_Detections_API_AlertSuppressionMissingFieldsStrategy:
-      description: >-
-        Describes how alerts will be generated for documents with missing
-        suppress by fields:
-
+      description: |-
+        Describes how alerts will be generated for documents with missing suppress by fields:
         doNotSuppress - per each document a separate alert will be created
-
         suppress - only alert will be created per suppress by bucket
       enum:
         - doNotSuppress
@@ -40016,26 +39312,16 @@ components:
       minimum: 0
       type: integer
     Security_Detections_API_BuildingBlockType:
-      description: >-
-        Determines if the rule acts as a building block. By default,
-        building-block alerts are not displayed in the UI. These rules are used
-        as a foundation for other rules that do generate alerts. Its value must
-        be default.
+      description: Determines if the rule acts as a building block. By default, building-block alerts are not displayed in the UI. These rules are used as a foundation for other rules that do generate alerts. Its value must be default.
       type: string
     Security_Detections_API_BulkActionEditPayload:
       anyOf:
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_BulkActionEditPayloadTags
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_BulkActionEditPayloadIndexPatterns
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_BulkActionEditPayloadInvestigationFields
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_BulkActionEditPayloadTimeline
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_BulkActionEditPayloadRuleActions
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_BulkActionEditPayloadSchedule
+        - $ref: '#/components/schemas/Security_Detections_API_BulkActionEditPayloadTags'
+        - $ref: '#/components/schemas/Security_Detections_API_BulkActionEditPayloadIndexPatterns'
+        - $ref: '#/components/schemas/Security_Detections_API_BulkActionEditPayloadInvestigationFields'
+        - $ref: '#/components/schemas/Security_Detections_API_BulkActionEditPayloadTimeline'
+        - $ref: '#/components/schemas/Security_Detections_API_BulkActionEditPayloadRuleActions'
+        - $ref: '#/components/schemas/Security_Detections_API_BulkActionEditPayloadSchedule'
     Security_Detections_API_BulkActionEditPayloadIndexPatterns:
       type: object
       properties:
@@ -40079,12 +39365,10 @@ components:
           properties:
             actions:
               items:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_NormalizedRuleAction
+                $ref: '#/components/schemas/Security_Detections_API_NormalizedRuleAction'
               type: array
             throttle:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_ThrottleForBulkActions
+              $ref: '#/components/schemas/Security_Detections_API_ThrottleForBulkActions'
           required:
             - actions
       required:
@@ -40101,9 +39385,7 @@ components:
           type: object
           properties:
             interval:
-              description: >-
-                Interval in which the rule runs. For example, `"1h"` means the
-                rule runs every hour.
+              description: Interval in which the rule runs. For example, `"1h"` means the rule runs every hour.
               example: 1h
               pattern: ^[1-9]\d*[smh]$
               type: string
@@ -40145,8 +39427,7 @@ components:
             timeline_id:
               $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId'
             timeline_title:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimelineTemplateTitle
+              $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle'
           required:
             - timeline_id
             - timeline_title
@@ -40248,15 +39529,12 @@ components:
           properties:
             errors:
               items:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_NormalizedRuleError
+                $ref: '#/components/schemas/Security_Detections_API_NormalizedRuleError'
               type: array
             results:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_BulkEditActionResults
+              $ref: '#/components/schemas/Security_Detections_API_BulkEditActionResults'
             summary:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_BulkEditActionSummary
+              $ref: '#/components/schemas/Security_Detections_API_BulkEditActionSummary'
           required:
             - results
             - summary
@@ -40498,11 +39776,9 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleAction'
               type: array
             alias_purpose:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose'
             alias_target_id:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId'
             author:
               $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray'
             building_block_type:
@@ -40516,8 +39792,7 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList'
               type: array
             false_positives:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RuleFalsePositiveArray
+              $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray'
             from:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom'
             interval:
@@ -40533,24 +39808,20 @@ components:
             name:
               $ref: '#/components/schemas/Security_Detections_API_RuleName'
             namespace:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_AlertsIndexNamespace
+              $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace'
             note:
               $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide'
             outcome:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome'
             output_index:
               $ref: '#/components/schemas/Security_Detections_API_AlertsIndex'
             references:
               $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray'
             related_integrations:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RelatedIntegrationArray
+              $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray'
             required_fields:
               items:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_RequiredFieldInput
+                $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput'
               type: array
             response_actions:
               items:
@@ -40577,13 +39848,11 @@ components:
             timeline_id:
               $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId'
             timeline_title:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimelineTemplateTitle
+              $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle'
             timestamp_override:
               $ref: '#/components/schemas/Security_Detections_API_TimestampOverride'
             timestamp_override_fallback_disabled:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled
+              $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled'
             to:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo'
             version:
@@ -40626,11 +39895,9 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleAction'
               type: array
             alias_purpose:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose'
             alias_target_id:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId'
             author:
               $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray'
             building_block_type:
@@ -40644,8 +39911,7 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList'
               type: array
             false_positives:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RuleFalsePositiveArray
+              $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray'
             from:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom'
             interval:
@@ -40661,24 +39927,20 @@ components:
             name:
               $ref: '#/components/schemas/Security_Detections_API_RuleName'
             namespace:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_AlertsIndexNamespace
+              $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace'
             note:
               $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide'
             outcome:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome'
             output_index:
               $ref: '#/components/schemas/Security_Detections_API_AlertsIndex'
             references:
               $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray'
             related_integrations:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RelatedIntegrationArray
+              $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray'
             required_fields:
               items:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_RequiredFieldInput
+                $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput'
               type: array
             response_actions:
               items:
@@ -40707,13 +39969,11 @@ components:
             timeline_id:
               $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId'
             timeline_title:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimelineTemplateTitle
+              $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle'
             timestamp_override:
               $ref: '#/components/schemas/Security_Detections_API_TimestampOverride'
             timestamp_override_fallback_disabled:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled
+              $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled'
             to:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo'
             version:
@@ -40749,11 +40009,9 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleAction'
               type: array
             alias_purpose:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose'
             alias_target_id:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId'
             author:
               $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray'
             building_block_type:
@@ -40767,8 +40025,7 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList'
               type: array
             false_positives:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RuleFalsePositiveArray
+              $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray'
             from:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom'
             id:
@@ -40786,24 +40043,20 @@ components:
             name:
               $ref: '#/components/schemas/Security_Detections_API_RuleName'
             namespace:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_AlertsIndexNamespace
+              $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace'
             note:
               $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide'
             outcome:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome'
             output_index:
               $ref: '#/components/schemas/Security_Detections_API_AlertsIndex'
             references:
               $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray'
             related_integrations:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RelatedIntegrationArray
+              $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray'
             required_fields:
               items:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_RequiredFieldInput
+                $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput'
               type: array
             response_actions:
               items:
@@ -40832,13 +40085,11 @@ components:
             timeline_id:
               $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId'
             timeline_title:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimelineTemplateTitle
+              $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle'
             timestamp_override:
               $ref: '#/components/schemas/Security_Detections_API_TimestampOverride'
             timestamp_override_fallback_disabled:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled
+              $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled'
             to:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo'
             version:
@@ -40857,11 +40108,9 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleAction'
               type: array
             alias_purpose:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose'
             alias_target_id:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId'
             author:
               $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray'
             building_block_type:
@@ -40875,8 +40124,7 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList'
               type: array
             false_positives:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RuleFalsePositiveArray
+              $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray'
             from:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom'
             id:
@@ -40894,24 +40142,20 @@ components:
             name:
               $ref: '#/components/schemas/Security_Detections_API_RuleName'
             namespace:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_AlertsIndexNamespace
+              $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace'
             note:
               $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide'
             outcome:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome'
             output_index:
               $ref: '#/components/schemas/Security_Detections_API_AlertsIndex'
             references:
               $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray'
             related_integrations:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RelatedIntegrationArray
+              $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray'
             required_fields:
               items:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_RequiredFieldInput
+                $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput'
               type: array
             response_actions:
               items:
@@ -40940,13 +40184,11 @@ components:
             timeline_id:
               $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId'
             timeline_title:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimelineTemplateTitle
+              $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle'
             timestamp_override:
               $ref: '#/components/schemas/Security_Detections_API_TimestampOverride'
             timestamp_override_fallback_disabled:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled
+              $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled'
             to:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo'
             version:
@@ -40997,11 +40239,9 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleAction'
               type: array
             alias_purpose:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose'
             alias_target_id:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId'
             author:
               $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray'
             building_block_type:
@@ -41015,8 +40255,7 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList'
               type: array
             false_positives:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RuleFalsePositiveArray
+              $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray'
             from:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom'
             interval:
@@ -41032,24 +40271,20 @@ components:
             name:
               $ref: '#/components/schemas/Security_Detections_API_RuleName'
             namespace:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_AlertsIndexNamespace
+              $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace'
             note:
               $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide'
             outcome:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome'
             output_index:
               $ref: '#/components/schemas/Security_Detections_API_AlertsIndex'
             references:
               $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray'
             related_integrations:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RelatedIntegrationArray
+              $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray'
             required_fields:
               items:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_RequiredFieldInput
+                $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput'
               type: array
             response_actions:
               items:
@@ -41076,13 +40311,11 @@ components:
             timeline_id:
               $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId'
             timeline_title:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimelineTemplateTitle
+              $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle'
             timestamp_override:
               $ref: '#/components/schemas/Security_Detections_API_TimestampOverride'
             timestamp_override_fallback_disabled:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled
+              $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled'
             to:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo'
             version:
@@ -41125,11 +40358,9 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleAction'
               type: array
             alias_purpose:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose'
             alias_target_id:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId'
             author:
               $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray'
             building_block_type:
@@ -41143,8 +40374,7 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList'
               type: array
             false_positives:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RuleFalsePositiveArray
+              $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray'
             from:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom'
             interval:
@@ -41160,24 +40390,20 @@ components:
             name:
               $ref: '#/components/schemas/Security_Detections_API_RuleName'
             namespace:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_AlertsIndexNamespace
+              $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace'
             note:
               $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide'
             outcome:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome'
             output_index:
               $ref: '#/components/schemas/Security_Detections_API_AlertsIndex'
             references:
               $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray'
             related_integrations:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RelatedIntegrationArray
+              $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray'
             required_fields:
               items:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_RequiredFieldInput
+                $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput'
               type: array
             response_actions:
               items:
@@ -41206,13 +40432,11 @@ components:
             timeline_id:
               $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId'
             timeline_title:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimelineTemplateTitle
+              $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle'
             timestamp_override:
               $ref: '#/components/schemas/Security_Detections_API_TimestampOverride'
             timestamp_override_fallback_disabled:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled
+              $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled'
             to:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo'
             version:
@@ -41237,11 +40461,9 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleAction'
               type: array
             alias_purpose:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose'
             alias_target_id:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId'
             author:
               $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray'
             building_block_type:
@@ -41255,8 +40477,7 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList'
               type: array
             false_positives:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RuleFalsePositiveArray
+              $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray'
             from:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom'
             id:
@@ -41276,13 +40497,11 @@ components:
             name:
               $ref: '#/components/schemas/Security_Detections_API_RuleName'
             namespace:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_AlertsIndexNamespace
+              $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace'
             note:
               $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide'
             outcome:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome'
             output_index:
               $ref: '#/components/schemas/Security_Detections_API_AlertsIndex'
             query:
@@ -41291,12 +40510,10 @@ components:
             references:
               $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray'
             related_integrations:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RelatedIntegrationArray
+              $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray'
             required_fields:
               items:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_RequiredFieldInput
+                $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput'
               type: array
             response_actions:
               items:
@@ -41325,13 +40542,11 @@ components:
             timeline_id:
               $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId'
             timeline_title:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimelineTemplateTitle
+              $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle'
             timestamp_override:
               $ref: '#/components/schemas/Security_Detections_API_TimestampOverride'
             timestamp_override_fallback_disabled:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled
+              $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled'
             to:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo'
             type:
@@ -41372,11 +40587,9 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleAction'
               type: array
             alias_purpose:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose'
             alias_target_id:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId'
             author:
               $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray'
             building_block_type:
@@ -41390,8 +40603,7 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList'
               type: array
             false_positives:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RuleFalsePositiveArray
+              $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray'
             from:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom'
             id:
@@ -41409,24 +40621,20 @@ components:
             name:
               $ref: '#/components/schemas/Security_Detections_API_RuleName'
             namespace:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_AlertsIndexNamespace
+              $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace'
             note:
               $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide'
             outcome:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome'
             output_index:
               $ref: '#/components/schemas/Security_Detections_API_AlertsIndex'
             references:
               $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray'
             related_integrations:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RelatedIntegrationArray
+              $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray'
             required_fields:
               items:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_RequiredFieldInput
+                $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput'
               type: array
             response_actions:
               items:
@@ -41455,13 +40663,11 @@ components:
             timeline_id:
               $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId'
             timeline_title:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimelineTemplateTitle
+              $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle'
             timestamp_override:
               $ref: '#/components/schemas/Security_Detections_API_TimestampOverride'
             timestamp_override_fallback_disabled:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled
+              $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled'
             to:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo'
             version:
@@ -41486,14 +40692,11 @@ components:
         - endpoint_blocklists
       type: string
     Security_Detections_API_ExternalRuleSource:
-      description: >-
-        Type of rule source for externally sourced rules, i.e. rules that have
-        an external source, such as the Elastic Prebuilt rules repo.
+      description: Type of rule source for externally sourced rules, i.e. rules that have an external source, such as the Elastic Prebuilt rules repo.
       type: object
       properties:
         is_customized:
-          $ref: >-
-            #/components/schemas/Security_Detections_API_IsExternalRuleCustomized
+          $ref: '#/components/schemas/Security_Detections_API_IsExternalRuleCustomized'
         type:
           enum:
             - external
@@ -41525,9 +40728,7 @@ components:
         type: string
       type: array
     Security_Detections_API_InternalRuleSource:
-      description: >-
-        Type of rule source for internally sourced rules, i.e. created within
-        the Kibana apps.
+      description: Type of rule source for internally sourced rules, i.e. created within the Kibana apps.
       type: object
       properties:
         type:
@@ -41537,33 +40738,19 @@ components:
       required:
         - type
     Security_Detections_API_InvestigationFields:
-      description: >
-        Schema for fields relating to investigation fields. These are user
-        defined fields we use to highlight
-
-        in various features in the UI such as alert details flyout and
-        exceptions auto-population from alert.
-
+      description: |
+        Schema for fields relating to investigation fields. These are user defined fields we use to highlight
+        in various features in the UI such as alert details flyout and exceptions auto-population from alert.
         Added in PR #163235
-
-        Right now we only have a single field but anticipate adding more related
-        fields to store various
-
-        configuration states such as `override` - where a user might say if they
-        want only these fields to
-
-        display, or if they want these fields + the fields we select. When
-        expanding this field, it may look
-
+        Right now we only have a single field but anticipate adding more related fields to store various
+        configuration states such as `override` - where a user might say if they want only these fields to
+        display, or if they want these fields + the fields we select. When expanding this field, it may look
         something like:
-
         ```typescript
-
         const investigationFields = z.object({
           field_names: NonEmptyArray(NonEmptyString),
           override: z.boolean().optional(),
         });
-
         ```
       type: object
       properties:
@@ -41578,19 +40765,14 @@ components:
       description: Notes to help investigate alerts produced by the rule.
       type: string
     Security_Detections_API_IsExternalRuleCustomized:
-      description: >-
-        Determines whether an external/prebuilt rule has been customized by the
-        user (i.e. any of its fields have been modified and diverged from the
-        base value).
+      description: Determines whether an external/prebuilt rule has been customized by the user (i.e. any of its fields have been modified and diverged from the base value).
       type: boolean
     Security_Detections_API_IsRuleEnabled:
       description: Determines whether the rule is enabled.
       type: boolean
     Security_Detections_API_IsRuleImmutable:
       deprecated: true
-      description: >-
-        This field determines whether the rule is a prebuilt Elastic rule. It
-        will be replaced with the `rule_source` field.
+      description: This field determines whether the rule is a prebuilt Elastic rule. It will be replaced with the `rule_source` field.
       type: boolean
     Security_Detections_API_ItemsPerSearch:
       minimum: 1
@@ -41617,11 +40799,9 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleAction'
               type: array
             alias_purpose:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose'
             alias_target_id:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId'
             author:
               $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray'
             building_block_type:
@@ -41635,8 +40815,7 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList'
               type: array
             false_positives:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RuleFalsePositiveArray
+              $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray'
             from:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom'
             interval:
@@ -41652,24 +40831,20 @@ components:
             name:
               $ref: '#/components/schemas/Security_Detections_API_RuleName'
             namespace:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_AlertsIndexNamespace
+              $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace'
             note:
               $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide'
             outcome:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome'
             output_index:
               $ref: '#/components/schemas/Security_Detections_API_AlertsIndex'
             references:
               $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray'
             related_integrations:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RelatedIntegrationArray
+              $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray'
             required_fields:
               items:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_RequiredFieldInput
+                $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput'
               type: array
             response_actions:
               items:
@@ -41696,13 +40871,11 @@ components:
             timeline_id:
               $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId'
             timeline_title:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimelineTemplateTitle
+              $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle'
             timestamp_override:
               $ref: '#/components/schemas/Security_Detections_API_TimestampOverride'
             timestamp_override_fallback_disabled:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled
+              $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled'
             to:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo'
             version:
@@ -41731,14 +40904,11 @@ components:
             - related_integrations
             - required_fields
         - $ref: '#/components/schemas/Security_Detections_API_ResponseFields'
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_MachineLearningRuleResponseFields
+        - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRuleResponseFields'
     Security_Detections_API_MachineLearningRuleCreateFields:
       allOf:
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_MachineLearningRuleRequiredFields
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_MachineLearningRuleOptionalFields
+        - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRuleRequiredFields'
+        - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRuleOptionalFields'
     Security_Detections_API_MachineLearningRuleCreateProps:
       allOf:
         - type: object
@@ -41748,11 +40918,9 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleAction'
               type: array
             alias_purpose:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose'
             alias_target_id:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId'
             author:
               $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray'
             building_block_type:
@@ -41766,8 +40934,7 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList'
               type: array
             false_positives:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RuleFalsePositiveArray
+              $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray'
             from:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom'
             interval:
@@ -41783,24 +40950,20 @@ components:
             name:
               $ref: '#/components/schemas/Security_Detections_API_RuleName'
             namespace:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_AlertsIndexNamespace
+              $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace'
             note:
               $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide'
             outcome:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome'
             output_index:
               $ref: '#/components/schemas/Security_Detections_API_AlertsIndex'
             references:
               $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray'
             related_integrations:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RelatedIntegrationArray
+              $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray'
             required_fields:
               items:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_RequiredFieldInput
+                $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput'
               type: array
             response_actions:
               items:
@@ -41829,13 +40992,11 @@ components:
             timeline_id:
               $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId'
             timeline_title:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimelineTemplateTitle
+              $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle'
             timestamp_override:
               $ref: '#/components/schemas/Security_Detections_API_TimestampOverride'
             timestamp_override_fallback_disabled:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled
+              $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled'
             to:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo'
             version:
@@ -41845,8 +41006,7 @@ components:
             - description
             - risk_score
             - severity
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_MachineLearningRuleCreateFields
+        - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRuleCreateFields'
     Security_Detections_API_MachineLearningRuleOptionalFields:
       type: object
       properties:
@@ -41859,15 +41019,13 @@ components:
             anomaly_threshold:
               $ref: '#/components/schemas/Security_Detections_API_AnomalyThreshold'
             machine_learning_job_id:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_MachineLearningJobId
+              $ref: '#/components/schemas/Security_Detections_API_MachineLearningJobId'
             type:
               description: Rule type
               enum:
                 - machine_learning
               type: string
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_MachineLearningRuleOptionalFields
+        - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRuleOptionalFields'
     Security_Detections_API_MachineLearningRulePatchProps:
       allOf:
         - type: object
@@ -41877,11 +41035,9 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleAction'
               type: array
             alias_purpose:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose'
             alias_target_id:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId'
             author:
               $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray'
             building_block_type:
@@ -41895,8 +41051,7 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList'
               type: array
             false_positives:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RuleFalsePositiveArray
+              $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray'
             from:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom'
             id:
@@ -41914,24 +41069,20 @@ components:
             name:
               $ref: '#/components/schemas/Security_Detections_API_RuleName'
             namespace:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_AlertsIndexNamespace
+              $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace'
             note:
               $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide'
             outcome:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome'
             output_index:
               $ref: '#/components/schemas/Security_Detections_API_AlertsIndex'
             references:
               $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray'
             related_integrations:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RelatedIntegrationArray
+              $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray'
             required_fields:
               items:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_RequiredFieldInput
+                $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput'
               type: array
             response_actions:
               items:
@@ -41960,19 +41111,16 @@ components:
             timeline_id:
               $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId'
             timeline_title:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimelineTemplateTitle
+              $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle'
             timestamp_override:
               $ref: '#/components/schemas/Security_Detections_API_TimestampOverride'
             timestamp_override_fallback_disabled:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled
+              $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled'
             to:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo'
             version:
               $ref: '#/components/schemas/Security_Detections_API_RuleVersion'
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_MachineLearningRulePatchFields
+        - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRulePatchFields'
     Security_Detections_API_MachineLearningRuleRequiredFields:
       type: object
       properties:
@@ -41991,10 +41139,8 @@ components:
         - anomaly_threshold
     Security_Detections_API_MachineLearningRuleResponseFields:
       allOf:
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_MachineLearningRuleRequiredFields
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_MachineLearningRuleOptionalFields
+        - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRuleRequiredFields'
+        - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRuleOptionalFields'
     Security_Detections_API_MachineLearningRuleUpdateProps:
       allOf:
         - type: object
@@ -42004,11 +41150,9 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleAction'
               type: array
             alias_purpose:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose'
             alias_target_id:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId'
             author:
               $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray'
             building_block_type:
@@ -42022,8 +41166,7 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList'
               type: array
             false_positives:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RuleFalsePositiveArray
+              $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray'
             from:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom'
             id:
@@ -42041,24 +41184,20 @@ components:
             name:
               $ref: '#/components/schemas/Security_Detections_API_RuleName'
             namespace:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_AlertsIndexNamespace
+              $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace'
             note:
               $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide'
             outcome:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome'
             output_index:
               $ref: '#/components/schemas/Security_Detections_API_AlertsIndex'
             references:
               $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray'
             related_integrations:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RelatedIntegrationArray
+              $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray'
             required_fields:
               items:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_RequiredFieldInput
+                $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput'
               type: array
             response_actions:
               items:
@@ -42087,13 +41226,11 @@ components:
             timeline_id:
               $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId'
             timeline_title:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimelineTemplateTitle
+              $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle'
             timestamp_override:
               $ref: '#/components/schemas/Security_Detections_API_TimestampOverride'
             timestamp_override_fallback_disabled:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled
+              $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled'
             to:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo'
             version:
@@ -42103,8 +41240,7 @@ components:
             - description
             - risk_score
             - severity
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_MachineLearningRuleCreateFields
+        - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRuleCreateFields'
     Security_Detections_API_MaxSignals:
       minimum: 1
       type: integer
@@ -42123,11 +41259,9 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleAction'
               type: array
             alias_purpose:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose'
             alias_target_id:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId'
             author:
               $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray'
             building_block_type:
@@ -42141,8 +41275,7 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList'
               type: array
             false_positives:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RuleFalsePositiveArray
+              $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray'
             from:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom'
             interval:
@@ -42158,24 +41291,20 @@ components:
             name:
               $ref: '#/components/schemas/Security_Detections_API_RuleName'
             namespace:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_AlertsIndexNamespace
+              $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace'
             note:
               $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide'
             outcome:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome'
             output_index:
               $ref: '#/components/schemas/Security_Detections_API_AlertsIndex'
             references:
               $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray'
             related_integrations:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RelatedIntegrationArray
+              $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray'
             required_fields:
               items:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_RequiredFieldInput
+                $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput'
               type: array
             response_actions:
               items:
@@ -42202,13 +41331,11 @@ components:
             timeline_id:
               $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId'
             timeline_title:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimelineTemplateTitle
+              $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle'
             timestamp_override:
               $ref: '#/components/schemas/Security_Detections_API_TimestampOverride'
             timestamp_override_fallback_disabled:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled
+              $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled'
             to:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo'
             version:
@@ -42237,16 +41364,12 @@ components:
             - related_integrations
             - required_fields
         - $ref: '#/components/schemas/Security_Detections_API_ResponseFields'
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_NewTermsRuleResponseFields
+        - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleResponseFields'
     Security_Detections_API_NewTermsRuleCreateFields:
       allOf:
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_NewTermsRuleRequiredFields
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_NewTermsRuleOptionalFields
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_NewTermsRuleDefaultableFields
+        - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleRequiredFields'
+        - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleOptionalFields'
+        - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleDefaultableFields'
     Security_Detections_API_NewTermsRuleCreateProps:
       allOf:
         - type: object
@@ -42256,11 +41379,9 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleAction'
               type: array
             alias_purpose:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose'
             alias_target_id:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId'
             author:
               $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray'
             building_block_type:
@@ -42274,8 +41395,7 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList'
               type: array
             false_positives:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RuleFalsePositiveArray
+              $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray'
             from:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom'
             interval:
@@ -42291,24 +41411,20 @@ components:
             name:
               $ref: '#/components/schemas/Security_Detections_API_RuleName'
             namespace:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_AlertsIndexNamespace
+              $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace'
             note:
               $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide'
             outcome:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome'
             output_index:
               $ref: '#/components/schemas/Security_Detections_API_AlertsIndex'
             references:
               $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray'
             related_integrations:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RelatedIntegrationArray
+              $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray'
             required_fields:
               items:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_RequiredFieldInput
+                $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput'
               type: array
             response_actions:
               items:
@@ -42337,13 +41453,11 @@ components:
             timeline_id:
               $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId'
             timeline_title:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimelineTemplateTitle
+              $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle'
             timestamp_override:
               $ref: '#/components/schemas/Security_Detections_API_TimestampOverride'
             timestamp_override_fallback_disabled:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled
+              $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled'
             to:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo'
             version:
@@ -42353,8 +41467,7 @@ components:
             - description
             - risk_score
             - severity
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_NewTermsRuleCreateFields
+        - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleCreateFields'
     Security_Detections_API_NewTermsRuleDefaultableFields:
       type: object
       properties:
@@ -42386,10 +41499,8 @@ components:
               enum:
                 - new_terms
               type: string
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_NewTermsRuleOptionalFields
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_NewTermsRuleDefaultableFields
+        - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleOptionalFields'
+        - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleDefaultableFields'
     Security_Detections_API_NewTermsRulePatchProps:
       allOf:
         - type: object
@@ -42399,11 +41510,9 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleAction'
               type: array
             alias_purpose:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose'
             alias_target_id:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId'
             author:
               $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray'
             building_block_type:
@@ -42417,8 +41526,7 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList'
               type: array
             false_positives:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RuleFalsePositiveArray
+              $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray'
             from:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom'
             id:
@@ -42436,24 +41544,20 @@ components:
             name:
               $ref: '#/components/schemas/Security_Detections_API_RuleName'
             namespace:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_AlertsIndexNamespace
+              $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace'
             note:
               $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide'
             outcome:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome'
             output_index:
               $ref: '#/components/schemas/Security_Detections_API_AlertsIndex'
             references:
               $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray'
             related_integrations:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RelatedIntegrationArray
+              $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray'
             required_fields:
               items:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_RequiredFieldInput
+                $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput'
               type: array
             response_actions:
               items:
@@ -42482,13 +41586,11 @@ components:
             timeline_id:
               $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId'
             timeline_title:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimelineTemplateTitle
+              $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle'
             timestamp_override:
               $ref: '#/components/schemas/Security_Detections_API_TimestampOverride'
             timestamp_override_fallback_disabled:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled
+              $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled'
             to:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo'
             version:
@@ -42515,10 +41617,8 @@ components:
         - history_window_start
     Security_Detections_API_NewTermsRuleResponseFields:
       allOf:
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_NewTermsRuleRequiredFields
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_NewTermsRuleOptionalFields
+        - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleRequiredFields'
+        - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleOptionalFields'
         - type: object
           properties:
             language:
@@ -42534,11 +41634,9 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleAction'
               type: array
             alias_purpose:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose'
             alias_target_id:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId'
             author:
               $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray'
             building_block_type:
@@ -42552,8 +41650,7 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList'
               type: array
             false_positives:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RuleFalsePositiveArray
+              $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray'
             from:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom'
             id:
@@ -42571,24 +41668,20 @@ components:
             name:
               $ref: '#/components/schemas/Security_Detections_API_RuleName'
             namespace:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_AlertsIndexNamespace
+              $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace'
             note:
               $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide'
             outcome:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome'
             output_index:
               $ref: '#/components/schemas/Security_Detections_API_AlertsIndex'
             references:
               $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray'
             related_integrations:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RelatedIntegrationArray
+              $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray'
             required_fields:
               items:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_RequiredFieldInput
+                $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput'
               type: array
             response_actions:
               items:
@@ -42617,13 +41710,11 @@ components:
             timeline_id:
               $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId'
             timeline_title:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimelineTemplateTitle
+              $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle'
             timestamp_override:
               $ref: '#/components/schemas/Security_Detections_API_TimestampOverride'
             timestamp_override_fallback_disabled:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled
+              $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled'
             to:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo'
             version:
@@ -42633,8 +41724,7 @@ components:
             - description
             - risk_score
             - severity
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_NewTermsRuleCreateFields
+        - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleCreateFields'
     Security_Detections_API_NonEmptyString:
       description: A string that is not empty and does not contain only whitespace
       minLength: 1
@@ -42661,8 +41751,7 @@ components:
       type: object
       properties:
         err_code:
-          $ref: >-
-            #/components/schemas/Security_Detections_API_BulkActionsDryRunErrCode
+          $ref: '#/components/schemas/Security_Detections_API_BulkActionsDryRunErrCode'
         message:
           type: string
         rules:
@@ -42774,11 +41863,9 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleAction'
               type: array
             alias_purpose:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose'
             alias_target_id:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId'
             author:
               $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray'
             building_block_type:
@@ -42792,8 +41879,7 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList'
               type: array
             false_positives:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RuleFalsePositiveArray
+              $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray'
             from:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom'
             interval:
@@ -42809,24 +41895,20 @@ components:
             name:
               $ref: '#/components/schemas/Security_Detections_API_RuleName'
             namespace:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_AlertsIndexNamespace
+              $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace'
             note:
               $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide'
             outcome:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome'
             output_index:
               $ref: '#/components/schemas/Security_Detections_API_AlertsIndex'
             references:
               $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray'
             related_integrations:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RelatedIntegrationArray
+              $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray'
             required_fields:
               items:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_RequiredFieldInput
+                $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput'
               type: array
             response_actions:
               items:
@@ -42853,13 +41935,11 @@ components:
             timeline_id:
               $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId'
             timeline_title:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimelineTemplateTitle
+              $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle'
             timestamp_override:
               $ref: '#/components/schemas/Security_Detections_API_TimestampOverride'
             timestamp_override_fallback_disabled:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled
+              $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled'
             to:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo'
             version:
@@ -42893,8 +41973,7 @@ components:
       allOf:
         - $ref: '#/components/schemas/Security_Detections_API_QueryRuleRequiredFields'
         - $ref: '#/components/schemas/Security_Detections_API_QueryRuleOptionalFields'
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_QueryRuleDefaultableFields
+        - $ref: '#/components/schemas/Security_Detections_API_QueryRuleDefaultableFields'
     Security_Detections_API_QueryRuleCreateProps:
       allOf:
         - type: object
@@ -42904,11 +41983,9 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleAction'
               type: array
             alias_purpose:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose'
             alias_target_id:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId'
             author:
               $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray'
             building_block_type:
@@ -42922,8 +41999,7 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList'
               type: array
             false_positives:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RuleFalsePositiveArray
+              $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray'
             from:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom'
             interval:
@@ -42939,24 +42015,20 @@ components:
             name:
               $ref: '#/components/schemas/Security_Detections_API_RuleName'
             namespace:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_AlertsIndexNamespace
+              $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace'
             note:
               $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide'
             outcome:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome'
             output_index:
               $ref: '#/components/schemas/Security_Detections_API_AlertsIndex'
             references:
               $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray'
             related_integrations:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RelatedIntegrationArray
+              $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray'
             required_fields:
               items:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_RequiredFieldInput
+                $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput'
               type: array
             response_actions:
               items:
@@ -42985,13 +42057,11 @@ components:
             timeline_id:
               $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId'
             timeline_title:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimelineTemplateTitle
+              $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle'
             timestamp_override:
               $ref: '#/components/schemas/Security_Detections_API_TimestampOverride'
             timestamp_override_fallback_disabled:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled
+              $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled'
             to:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo'
             version:
@@ -43032,8 +42102,7 @@ components:
                 - query
               type: string
         - $ref: '#/components/schemas/Security_Detections_API_QueryRuleOptionalFields'
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_QueryRuleDefaultableFields
+        - $ref: '#/components/schemas/Security_Detections_API_QueryRuleDefaultableFields'
     Security_Detections_API_QueryRulePatchProps:
       allOf:
         - type: object
@@ -43043,11 +42112,9 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleAction'
               type: array
             alias_purpose:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose'
             alias_target_id:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId'
             author:
               $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray'
             building_block_type:
@@ -43061,8 +42128,7 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList'
               type: array
             false_positives:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RuleFalsePositiveArray
+              $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray'
             from:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom'
             id:
@@ -43080,24 +42146,20 @@ components:
             name:
               $ref: '#/components/schemas/Security_Detections_API_RuleName'
             namespace:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_AlertsIndexNamespace
+              $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace'
             note:
               $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide'
             outcome:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome'
             output_index:
               $ref: '#/components/schemas/Security_Detections_API_AlertsIndex'
             references:
               $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray'
             related_integrations:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RelatedIntegrationArray
+              $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray'
             required_fields:
               items:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_RequiredFieldInput
+                $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput'
               type: array
             response_actions:
               items:
@@ -43126,13 +42188,11 @@ components:
             timeline_id:
               $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId'
             timeline_title:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimelineTemplateTitle
+              $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle'
             timestamp_override:
               $ref: '#/components/schemas/Security_Detections_API_TimestampOverride'
             timestamp_override_fallback_disabled:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled
+              $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled'
             to:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo'
             version:
@@ -43170,11 +42230,9 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleAction'
               type: array
             alias_purpose:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose'
             alias_target_id:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId'
             author:
               $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray'
             building_block_type:
@@ -43188,8 +42246,7 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList'
               type: array
             false_positives:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RuleFalsePositiveArray
+              $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray'
             from:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom'
             id:
@@ -43207,24 +42264,20 @@ components:
             name:
               $ref: '#/components/schemas/Security_Detections_API_RuleName'
             namespace:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_AlertsIndexNamespace
+              $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace'
             note:
               $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide'
             outcome:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome'
             output_index:
               $ref: '#/components/schemas/Security_Detections_API_AlertsIndex'
             references:
               $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray'
             related_integrations:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RelatedIntegrationArray
+              $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray'
             required_fields:
               items:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_RequiredFieldInput
+                $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput'
               type: array
             response_actions:
               items:
@@ -43253,13 +42306,11 @@ components:
             timeline_id:
               $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId'
             timeline_title:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimelineTemplateTitle
+              $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle'
             timestamp_override:
               $ref: '#/components/schemas/Security_Detections_API_TimestampOverride'
             timestamp_override_fallback_disabled:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled
+              $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled'
             to:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo'
             version:
@@ -43271,58 +42322,32 @@ components:
             - severity
         - $ref: '#/components/schemas/Security_Detections_API_QueryRuleCreateFields'
     Security_Detections_API_RelatedIntegration:
-      description: >
-        Related integration is a potential dependency of a rule. It's assumed
-        that if the user installs
-
-        one of the related integrations of a rule, the rule might start to work
-        properly because it will
-
-        have source events (generated by this integration) potentially matching
-        the rule's query.
-
-
-        NOTE: Proper work is not guaranteed, because a related integration, if
-        installed, can be
-
-        configured differently or generate data that is not necessarily relevant
-        for this rule.
-
-
-        Related integration is a combination of a Fleet package and (optionally)
-        one of the
+      description: |
+        Related integration is a potential dependency of a rule. It's assumed that if the user installs
+        one of the related integrations of a rule, the rule might start to work properly because it will
+        have source events (generated by this integration) potentially matching the rule's query.
 
-        package's "integrations" that this package contains. It is represented
-        by 3 properties:
+        NOTE: Proper work is not guaranteed, because a related integration, if installed, can be
+        configured differently or generate data that is not necessarily relevant for this rule.
 
+        Related integration is a combination of a Fleet package and (optionally) one of the
+        package's "integrations" that this package contains. It is represented by 3 properties:
 
         - `package`: name of the package (required, unique id)
-
         - `version`: version of the package (required, semver-compatible)
+        - `integration`: name of the integration of this package (optional, id within the package)
 
-        - `integration`: name of the integration of this package (optional, id
-        within the package)
-
-
-        There are Fleet packages like `windows` that contain only one
-        integration; in this case,
-
-        `integration` should be unspecified. There are also packages like `aws`
-        and `azure` that contain
-
+        There are Fleet packages like `windows` that contain only one integration; in this case,
+        `integration` should be unspecified. There are also packages like `aws` and `azure` that contain
         several integrations; in this case, `integration` should be specified.
 
-
         @example
-
         const x: RelatedIntegration = {
           package: 'windows',
           version: '1.5.x',
         };
 
-
         @example
-
         const x: RelatedIntegration = {
           package: 'azure',
           version: '~1.1.6',
@@ -43344,35 +42369,23 @@ components:
         $ref: '#/components/schemas/Security_Detections_API_RelatedIntegration'
       type: array
     Security_Detections_API_RequiredField:
-      description: >
-        Describes an Elasticsearch field that is needed for the rule to
-        function.
-
-
-        Almost all types of Security rules check source event documents for a
-        match to some kind of
-
-        query or filter. If a document has certain field with certain values,
-        then it's a match and
+      description: |
+        Describes an Elasticsearch field that is needed for the rule to function.
 
+        Almost all types of Security rules check source event documents for a match to some kind of
+        query or filter. If a document has certain field with certain values, then it's a match and
         the rule will generate an alert.
 
-
-        Required field is an event field that must be present in the source
-        indices of a given rule.
-
+        Required field is an event field that must be present in the source indices of a given rule.
 
         @example
-
         const standardEcsField: RequiredField = {
           name: 'event.action',
           type: 'keyword',
           ecs: true,
         };
 
-
         @example
-
         const nonEcsField: RequiredField = {
           name: 'winlog.event_data.AttributeLDAPDisplayName',
           type: 'keyword',
@@ -43398,10 +42411,7 @@ components:
         $ref: '#/components/schemas/Security_Detections_API_RequiredField'
       type: array
     Security_Detections_API_RequiredFieldInput:
-      description: >-
-        Input parameters to create a RequiredField. Does not include the `ecs`
-        field, because `ecs` is calculated on the backend based on the field
-        name and type.
+      description: Input parameters to create a RequiredField. Does not include the `ecs` field, because `ecs` is calculated on the backend based on the field name and type.
       type: object
       properties:
         name:
@@ -43463,9 +42473,7 @@ components:
       minimum: 0
       type: integer
     Security_Detections_API_RiskScoreMapping:
-      description: >-
-        Overrides generated alerts' risk_score with a value from the source
-        event
+      description: Overrides generated alerts' risk_score with a value from the source event
       items:
         type: object
         properties:
@@ -43510,17 +42518,13 @@ components:
       additionalProperties: true
       type: object
     Security_Detections_API_RuleActionFrequency:
-      description: >-
-        The action frequency defines when the action runs (for example, only on
-        rule execution or at specific time intervals).
+      description: The action frequency defines when the action runs (for example, only on rule execution or at specific time intervals).
       type: object
       properties:
         notifyWhen:
           $ref: '#/components/schemas/Security_Detections_API_RuleActionNotifyWhen'
         summary:
-          description: >-
-            Action summary indicates whether we will send a summary notification
-            about all the generate alerts or notification per individual alert
+          description: Action summary indicates whether we will send a summary notification about all the generate alerts or notification per individual alert
           type: boolean
         throttle:
           $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle'
@@ -43530,17 +42534,13 @@ components:
         - notifyWhen
         - throttle
     Security_Detections_API_RuleActionGroup:
-      description: >-
-        Optionally groups actions by use cases. Use `default` for alert
-        notifications.
+      description: Optionally groups actions by use cases. Use `default` for alert notifications.
       type: string
     Security_Detections_API_RuleActionId:
       description: The connector ID.
       type: string
     Security_Detections_API_RuleActionNotifyWhen:
-      description: >-
-        The condition for throttling the notification: `onActionGroupChange`,
-        `onActiveAlert`,  or `onThrottleInterval`
+      description: 'The condition for throttling the notification: `onActionGroupChange`, `onActiveAlert`,  or `onThrottleInterval`'
       enum:
         - onActiveAlert
         - onThrottleInterval
@@ -43548,9 +42548,7 @@ components:
       type: string
     Security_Detections_API_RuleActionParams:
       additionalProperties: true
-      description: >-
-        Object containing the allowed connector fields, which varies according
-        to the connector type.
+      description: Object containing the allowed connector fields, which varies according to the connector type.
       type: object
     Security_Detections_API_RuleActionThrottle:
       description: Defines how often rule actions are taken.
@@ -43571,14 +42569,10 @@ components:
       anyOf:
         - $ref: '#/components/schemas/Security_Detections_API_EqlRuleCreateProps'
         - $ref: '#/components/schemas/Security_Detections_API_QueryRuleCreateProps'
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_SavedQueryRuleCreateProps
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_ThresholdRuleCreateProps
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_ThreatMatchRuleCreateProps
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_MachineLearningRuleCreateProps
+        - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRuleCreateProps'
+        - $ref: '#/components/schemas/Security_Detections_API_ThresholdRuleCreateProps'
+        - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRuleCreateProps'
+        - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRuleCreateProps'
         - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleCreateProps'
         - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleCreateProps'
       discriminator:
@@ -43625,50 +42619,25 @@ components:
           minimum: 0
           type: integer
         total_enrichment_duration_ms:
-          description: >-
-            Total time spent enriching documents during current rule execution
-            cycle
+          description: Total time spent enriching documents during current rule execution cycle
           minimum: 0
           type: integer
         total_indexing_duration_ms:
-          description: >-
-            Total time spent indexing documents during current rule execution
-            cycle
+          description: Total time spent indexing documents during current rule execution cycle
           minimum: 0
           type: integer
         total_search_duration_ms:
-          description: >-
-            Total time spent performing ES searches as measured by Kibana;
-            includes network latency and time spent serializing/deserializing
-            request/response
+          description: Total time spent performing ES searches as measured by Kibana; includes network latency and time spent serializing/deserializing request/response
           minimum: 0
           type: integer
     Security_Detections_API_RuleExecutionStatus:
-      description: >-
-        Custom execution status of Security rules that is different from the
-        status used in the Alerting Framework. We merge our custom status with
-        the Framework's status to determine the resulting status of a rule.
-
-        - going to run - @deprecated Replaced by the 'running' status but left
-        for backwards compatibility with rule execution events already written
-        to Event Log in the prior versions of Kibana. Don't use when writing
-        rule status changes.
-
-        - running - Rule execution started but not reached any intermediate or
-        final status.
-
-        - partial failure - Rule can partially fail for various reasons either
-        in the middle of an execution (in this case we update its status right
-        away) or in the end of it. So currently this status can be both
-        intermediate and final at the same time. A typical reason for a partial
-        failure: not all the indices that the rule searches over actually exist.
-
-        - failed - Rule failed to execute due to unhandled exception or a reason
-        defined in the business logic of its executor function.
-
-        - succeeded - Rule executed successfully without any issues. Note: this
-        status is just an indication of a rule's "health". The rule might or
-        might not generate any alerts despite of it.
+      description: |-
+        Custom execution status of Security rules that is different from the status used in the Alerting Framework. We merge our custom status with the Framework's status to determine the resulting status of a rule.
+        - going to run - @deprecated Replaced by the 'running' status but left for backwards compatibility with rule execution events already written to Event Log in the prior versions of Kibana. Don't use when writing rule status changes.
+        - running - Rule execution started but not reached any intermediate or final status.
+        - partial failure - Rule can partially fail for various reasons either in the middle of an execution (in this case we update its status right away) or in the end of it. So currently this status can be both intermediate and final at the same time. A typical reason for a partial failure: not all the indices that the rule searches over actually exist.
+        - failed - Rule failed to execute due to unhandled exception or a reason defined in the business logic of its executor function.
+        - succeeded - Rule executed successfully without any issues. Note: this status is just an indication of a rule's "health". The rule might or might not generate any alerts despite of it.
       enum:
         - going to run
         - running
@@ -43691,14 +42660,12 @@ components:
             message:
               type: string
             metrics:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RuleExecutionMetrics
+              $ref: '#/components/schemas/Security_Detections_API_RuleExecutionMetrics'
             status:
               $ref: '#/components/schemas/Security_Detections_API_RuleExecutionStatus'
               description: Status of the last execution
             status_order:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RuleExecutionStatusOrder
+              $ref: '#/components/schemas/Security_Detections_API_RuleExecutionStatusOrder'
           required:
             - date
             - status
@@ -43715,16 +42682,10 @@ components:
       items: {}
       type: array
     Security_Detections_API_RuleInterval:
-      description: >-
-        Frequency of rule execution, using a date math range. For example, "1h"
-        means the rule runs every hour. Defaults to 5m (5 minutes).
+      description: Frequency of rule execution, using a date math range. For example, "1h" means the rule runs every hour. Defaults to 5m (5 minutes).
       type: string
     Security_Detections_API_RuleIntervalFrom:
-      description: >-
-        Time from which data is analyzed each time the rule runs, using a date
-        math range. For example, now-4200s means the rule analyzes data from 70
-        minutes before its start time. Defaults to now-6m (analyzes data from 6
-        minutes before the start time).
+      description: Time from which data is analyzed each time the rule runs, using a date math range. For example, now-4200s means the rule analyzes data from 70 minutes before its start time. Defaults to now-6m (analyzes data from 6 minutes before the start time).
       format: date-math
       type: string
     Security_Detections_API_RuleIntervalTo:
@@ -43747,13 +42708,10 @@ components:
       anyOf:
         - $ref: '#/components/schemas/Security_Detections_API_EqlRulePatchProps'
         - $ref: '#/components/schemas/Security_Detections_API_QueryRulePatchProps'
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_SavedQueryRulePatchProps
+        - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRulePatchProps'
         - $ref: '#/components/schemas/Security_Detections_API_ThresholdRulePatchProps'
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_ThreatMatchRulePatchProps
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_MachineLearningRulePatchProps
+        - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRulePatchProps'
+        - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRulePatchProps'
         - $ref: '#/components/schemas/Security_Detections_API_NewTermsRulePatchProps'
         - $ref: '#/components/schemas/Security_Detections_API_EsqlRulePatchProps'
     Security_Detections_API_RulePreviewLoggedRequest:
@@ -43779,8 +42737,7 @@ components:
           type: array
         requests:
           items:
-            $ref: >-
-              #/components/schemas/Security_Detections_API_RulePreviewLoggedRequest
+            $ref: '#/components/schemas/Security_Detections_API_RulePreviewLoggedRequest'
           type: array
         startedAt:
           $ref: '#/components/schemas/Security_Detections_API_NonEmptyString'
@@ -43825,19 +42782,14 @@ components:
       description: Could be any string, not necessarily a UUID
       type: string
     Security_Detections_API_RuleSource:
-      description: >-
-        Discriminated union that determines whether the rule is internally
-        sourced (created within the Kibana app) or has an external source, such
-        as the Elastic Prebuilt rules repo.
+      description: Discriminated union that determines whether the rule is internally sourced (created within the Kibana app) or has an external source, such as the Elastic Prebuilt rules repo.
       discriminator:
         propertyName: type
       oneOf:
         - $ref: '#/components/schemas/Security_Detections_API_ExternalRuleSource'
         - $ref: '#/components/schemas/Security_Detections_API_InternalRuleSource'
     Security_Detections_API_RuleTagArray:
-      description: >-
-        String array containing words and phrases to help categorize, filter,
-        and search rules. Defaults to an empty array.
+      description: String array containing words and phrases to help categorize, filter, and search rules. Defaults to an empty array.
       items:
         type: string
       type: array
@@ -43845,14 +42797,10 @@ components:
       anyOf:
         - $ref: '#/components/schemas/Security_Detections_API_EqlRuleUpdateProps'
         - $ref: '#/components/schemas/Security_Detections_API_QueryRuleUpdateProps'
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_SavedQueryRuleUpdateProps
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_ThresholdRuleUpdateProps
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_ThreatMatchRuleUpdateProps
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_MachineLearningRuleUpdateProps
+        - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRuleUpdateProps'
+        - $ref: '#/components/schemas/Security_Detections_API_ThresholdRuleUpdateProps'
+        - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRuleUpdateProps'
+        - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRuleUpdateProps'
         - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleUpdateProps'
         - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleUpdateProps'
       discriminator:
@@ -43885,11 +42833,9 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleAction'
               type: array
             alias_purpose:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose'
             alias_target_id:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId'
             author:
               $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray'
             building_block_type:
@@ -43903,8 +42849,7 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList'
               type: array
             false_positives:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RuleFalsePositiveArray
+              $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray'
             from:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom'
             interval:
@@ -43920,24 +42865,20 @@ components:
             name:
               $ref: '#/components/schemas/Security_Detections_API_RuleName'
             namespace:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_AlertsIndexNamespace
+              $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace'
             note:
               $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide'
             outcome:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome'
             output_index:
               $ref: '#/components/schemas/Security_Detections_API_AlertsIndex'
             references:
               $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray'
             related_integrations:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RelatedIntegrationArray
+              $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray'
             required_fields:
               items:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_RequiredFieldInput
+                $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput'
               type: array
             response_actions:
               items:
@@ -43964,13 +42905,11 @@ components:
             timeline_id:
               $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId'
             timeline_title:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimelineTemplateTitle
+              $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle'
             timestamp_override:
               $ref: '#/components/schemas/Security_Detections_API_TimestampOverride'
             timestamp_override_fallback_disabled:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled
+              $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled'
             to:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo'
             version:
@@ -43999,16 +42938,12 @@ components:
             - related_integrations
             - required_fields
         - $ref: '#/components/schemas/Security_Detections_API_ResponseFields'
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_SavedQueryRuleResponseFields
+        - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRuleResponseFields'
     Security_Detections_API_SavedQueryRuleCreateFields:
       allOf:
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_SavedQueryRuleRequiredFields
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_SavedQueryRuleOptionalFields
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_SavedQueryRuleDefaultableFields
+        - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRuleRequiredFields'
+        - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRuleOptionalFields'
+        - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRuleDefaultableFields'
     Security_Detections_API_SavedQueryRuleCreateProps:
       allOf:
         - type: object
@@ -44018,11 +42953,9 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleAction'
               type: array
             alias_purpose:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose'
             alias_target_id:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId'
             author:
               $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray'
             building_block_type:
@@ -44036,8 +42969,7 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList'
               type: array
             false_positives:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RuleFalsePositiveArray
+              $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray'
             from:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom'
             interval:
@@ -44053,24 +42985,20 @@ components:
             name:
               $ref: '#/components/schemas/Security_Detections_API_RuleName'
             namespace:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_AlertsIndexNamespace
+              $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace'
             note:
               $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide'
             outcome:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome'
             output_index:
               $ref: '#/components/schemas/Security_Detections_API_AlertsIndex'
             references:
               $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray'
             related_integrations:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RelatedIntegrationArray
+              $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray'
             required_fields:
               items:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_RequiredFieldInput
+                $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput'
               type: array
             response_actions:
               items:
@@ -44099,13 +43027,11 @@ components:
             timeline_id:
               $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId'
             timeline_title:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimelineTemplateTitle
+              $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle'
             timestamp_override:
               $ref: '#/components/schemas/Security_Detections_API_TimestampOverride'
             timestamp_override_fallback_disabled:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled
+              $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled'
             to:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo'
             version:
@@ -44115,8 +43041,7 @@ components:
             - description
             - risk_score
             - severity
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_SavedQueryRuleCreateFields
+        - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRuleCreateFields'
     Security_Detections_API_SavedQueryRuleDefaultableFields:
       type: object
       properties:
@@ -44146,10 +43071,8 @@ components:
               enum:
                 - saved_query
               type: string
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_SavedQueryRuleOptionalFields
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_SavedQueryRuleDefaultableFields
+        - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRuleOptionalFields'
+        - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRuleDefaultableFields'
     Security_Detections_API_SavedQueryRulePatchProps:
       allOf:
         - type: object
@@ -44159,11 +43082,9 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleAction'
               type: array
             alias_purpose:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose'
             alias_target_id:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId'
             author:
               $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray'
             building_block_type:
@@ -44177,8 +43098,7 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList'
               type: array
             false_positives:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RuleFalsePositiveArray
+              $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray'
             from:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom'
             id:
@@ -44196,24 +43116,20 @@ components:
             name:
               $ref: '#/components/schemas/Security_Detections_API_RuleName'
             namespace:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_AlertsIndexNamespace
+              $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace'
             note:
               $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide'
             outcome:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome'
             output_index:
               $ref: '#/components/schemas/Security_Detections_API_AlertsIndex'
             references:
               $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray'
             related_integrations:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RelatedIntegrationArray
+              $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray'
             required_fields:
               items:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_RequiredFieldInput
+                $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput'
               type: array
             response_actions:
               items:
@@ -44242,19 +43158,16 @@ components:
             timeline_id:
               $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId'
             timeline_title:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimelineTemplateTitle
+              $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle'
             timestamp_override:
               $ref: '#/components/schemas/Security_Detections_API_TimestampOverride'
             timestamp_override_fallback_disabled:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled
+              $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled'
             to:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo'
             version:
               $ref: '#/components/schemas/Security_Detections_API_RuleVersion'
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_SavedQueryRulePatchFields
+        - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRulePatchFields'
     Security_Detections_API_SavedQueryRuleRequiredFields:
       type: object
       properties:
@@ -44270,10 +43183,8 @@ components:
         - saved_id
     Security_Detections_API_SavedQueryRuleResponseFields:
       allOf:
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_SavedQueryRuleRequiredFields
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_SavedQueryRuleOptionalFields
+        - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRuleRequiredFields'
+        - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRuleOptionalFields'
         - type: object
           properties:
             language:
@@ -44289,11 +43200,9 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleAction'
               type: array
             alias_purpose:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose'
             alias_target_id:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId'
             author:
               $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray'
             building_block_type:
@@ -44307,8 +43216,7 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList'
               type: array
             false_positives:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RuleFalsePositiveArray
+              $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray'
             from:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom'
             id:
@@ -44326,24 +43234,20 @@ components:
             name:
               $ref: '#/components/schemas/Security_Detections_API_RuleName'
             namespace:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_AlertsIndexNamespace
+              $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace'
             note:
               $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide'
             outcome:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome'
             output_index:
               $ref: '#/components/schemas/Security_Detections_API_AlertsIndex'
             references:
               $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray'
             related_integrations:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RelatedIntegrationArray
+              $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray'
             required_fields:
               items:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_RequiredFieldInput
+                $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput'
               type: array
             response_actions:
               items:
@@ -44372,13 +43276,11 @@ components:
             timeline_id:
               $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId'
             timeline_title:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimelineTemplateTitle
+              $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle'
             timestamp_override:
               $ref: '#/components/schemas/Security_Detections_API_TimestampOverride'
             timestamp_override_fallback_disabled:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled
+              $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled'
             to:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo'
             version:
@@ -44388,8 +43290,7 @@ components:
             - description
             - risk_score
             - severity
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_SavedQueryRuleCreateFields
+        - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRuleCreateFields'
     Security_Detections_API_SetAlertsStatusByIds:
       type: object
       properties:
@@ -44498,18 +43399,14 @@ components:
       type: array
     Security_Detections_API_ThreatFilters:
       items:
-        description: >-
-          Query and filter context array used to filter documents from the
-          Elasticsearch index containing the threat values
+        description: Query and filter context array used to filter documents from the Elasticsearch index containing the threat values
       type: array
     Security_Detections_API_ThreatIndex:
       items:
         type: string
       type: array
     Security_Detections_API_ThreatIndicatorPath:
-      description: >-
-        Defines the path to the threat indicator in the indicator documents
-        (optional)
+      description: Defines the path to the threat indicator in the indicator documents (optional)
       type: string
     Security_Detections_API_ThreatMapping:
       items:
@@ -44545,11 +43442,9 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleAction'
               type: array
             alias_purpose:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose'
             alias_target_id:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId'
             author:
               $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray'
             building_block_type:
@@ -44563,8 +43458,7 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList'
               type: array
             false_positives:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RuleFalsePositiveArray
+              $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray'
             from:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom'
             interval:
@@ -44580,24 +43474,20 @@ components:
             name:
               $ref: '#/components/schemas/Security_Detections_API_RuleName'
             namespace:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_AlertsIndexNamespace
+              $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace'
             note:
               $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide'
             outcome:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome'
             output_index:
               $ref: '#/components/schemas/Security_Detections_API_AlertsIndex'
             references:
               $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray'
             related_integrations:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RelatedIntegrationArray
+              $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray'
             required_fields:
               items:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_RequiredFieldInput
+                $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput'
               type: array
             response_actions:
               items:
@@ -44624,13 +43514,11 @@ components:
             timeline_id:
               $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId'
             timeline_title:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimelineTemplateTitle
+              $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle'
             timestamp_override:
               $ref: '#/components/schemas/Security_Detections_API_TimestampOverride'
             timestamp_override_fallback_disabled:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled
+              $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled'
             to:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo'
             version:
@@ -44659,16 +43547,12 @@ components:
             - related_integrations
             - required_fields
         - $ref: '#/components/schemas/Security_Detections_API_ResponseFields'
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_ThreatMatchRuleResponseFields
+        - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRuleResponseFields'
     Security_Detections_API_ThreatMatchRuleCreateFields:
       allOf:
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_ThreatMatchRuleRequiredFields
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_ThreatMatchRuleOptionalFields
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_ThreatMatchRuleDefaultableFields
+        - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRuleRequiredFields'
+        - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRuleOptionalFields'
+        - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRuleDefaultableFields'
     Security_Detections_API_ThreatMatchRuleCreateProps:
       allOf:
         - type: object
@@ -44678,11 +43562,9 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleAction'
               type: array
             alias_purpose:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose'
             alias_target_id:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId'
             author:
               $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray'
             building_block_type:
@@ -44696,8 +43578,7 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList'
               type: array
             false_positives:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RuleFalsePositiveArray
+              $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray'
             from:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom'
             interval:
@@ -44713,24 +43594,20 @@ components:
             name:
               $ref: '#/components/schemas/Security_Detections_API_RuleName'
             namespace:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_AlertsIndexNamespace
+              $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace'
             note:
               $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide'
             outcome:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome'
             output_index:
               $ref: '#/components/schemas/Security_Detections_API_AlertsIndex'
             references:
               $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray'
             related_integrations:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RelatedIntegrationArray
+              $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray'
             required_fields:
               items:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_RequiredFieldInput
+                $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput'
               type: array
             response_actions:
               items:
@@ -44759,13 +43636,11 @@ components:
             timeline_id:
               $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId'
             timeline_title:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimelineTemplateTitle
+              $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle'
             timestamp_override:
               $ref: '#/components/schemas/Security_Detections_API_TimestampOverride'
             timestamp_override_fallback_disabled:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled
+              $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled'
             to:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo'
             version:
@@ -44775,8 +43650,7 @@ components:
             - description
             - risk_score
             - severity
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_ThreatMatchRuleCreateFields
+        - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRuleCreateFields'
     Security_Detections_API_ThreatMatchRuleDefaultableFields:
       type: object
       properties:
@@ -44822,10 +43696,8 @@ components:
               enum:
                 - threat_match
               type: string
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_ThreatMatchRuleOptionalFields
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_ThreatMatchRuleDefaultableFields
+        - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRuleOptionalFields'
+        - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRuleDefaultableFields'
     Security_Detections_API_ThreatMatchRulePatchProps:
       allOf:
         - type: object
@@ -44835,11 +43707,9 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleAction'
               type: array
             alias_purpose:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose'
             alias_target_id:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId'
             author:
               $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray'
             building_block_type:
@@ -44853,8 +43723,7 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList'
               type: array
             false_positives:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RuleFalsePositiveArray
+              $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray'
             from:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom'
             id:
@@ -44872,24 +43741,20 @@ components:
             name:
               $ref: '#/components/schemas/Security_Detections_API_RuleName'
             namespace:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_AlertsIndexNamespace
+              $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace'
             note:
               $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide'
             outcome:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome'
             output_index:
               $ref: '#/components/schemas/Security_Detections_API_AlertsIndex'
             references:
               $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray'
             related_integrations:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RelatedIntegrationArray
+              $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray'
             required_fields:
               items:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_RequiredFieldInput
+                $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput'
               type: array
             response_actions:
               items:
@@ -44918,19 +43783,16 @@ components:
             timeline_id:
               $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId'
             timeline_title:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimelineTemplateTitle
+              $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle'
             timestamp_override:
               $ref: '#/components/schemas/Security_Detections_API_TimestampOverride'
             timestamp_override_fallback_disabled:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled
+              $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled'
             to:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo'
             version:
               $ref: '#/components/schemas/Security_Detections_API_RuleVersion'
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_ThreatMatchRulePatchFields
+        - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRulePatchFields'
     Security_Detections_API_ThreatMatchRuleRequiredFields:
       type: object
       properties:
@@ -44955,10 +43817,8 @@ components:
         - threat_index
     Security_Detections_API_ThreatMatchRuleResponseFields:
       allOf:
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_ThreatMatchRuleRequiredFields
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_ThreatMatchRuleOptionalFields
+        - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRuleRequiredFields'
+        - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRuleOptionalFields'
         - type: object
           properties:
             language:
@@ -44974,11 +43834,9 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleAction'
               type: array
             alias_purpose:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose'
             alias_target_id:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId'
             author:
               $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray'
             building_block_type:
@@ -44992,8 +43850,7 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList'
               type: array
             false_positives:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RuleFalsePositiveArray
+              $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray'
             from:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom'
             id:
@@ -45011,24 +43868,20 @@ components:
             name:
               $ref: '#/components/schemas/Security_Detections_API_RuleName'
             namespace:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_AlertsIndexNamespace
+              $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace'
             note:
               $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide'
             outcome:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome'
             output_index:
               $ref: '#/components/schemas/Security_Detections_API_AlertsIndex'
             references:
               $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray'
             related_integrations:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RelatedIntegrationArray
+              $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray'
             required_fields:
               items:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_RequiredFieldInput
+                $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput'
               type: array
             response_actions:
               items:
@@ -45057,13 +43910,11 @@ components:
             timeline_id:
               $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId'
             timeline_title:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimelineTemplateTitle
+              $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle'
             timestamp_override:
               $ref: '#/components/schemas/Security_Detections_API_TimestampOverride'
             timestamp_override_fallback_disabled:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled
+              $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled'
             to:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo'
             version:
@@ -45073,8 +43924,7 @@ components:
             - description
             - risk_score
             - severity
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_ThreatMatchRuleCreateFields
+        - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRuleCreateFields'
     Security_Detections_API_ThreatQuery:
       description: Query to run
       type: string
@@ -45147,8 +43997,7 @@ components:
       type: object
       properties:
         duration:
-          $ref: >-
-            #/components/schemas/Security_Detections_API_AlertSuppressionDuration
+          $ref: '#/components/schemas/Security_Detections_API_AlertSuppressionDuration'
       required:
         - duration
     Security_Detections_API_ThresholdCardinality:
@@ -45180,11 +44029,9 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleAction'
               type: array
             alias_purpose:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose'
             alias_target_id:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId'
             author:
               $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray'
             building_block_type:
@@ -45198,8 +44045,7 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList'
               type: array
             false_positives:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RuleFalsePositiveArray
+              $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray'
             from:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom'
             interval:
@@ -45215,24 +44061,20 @@ components:
             name:
               $ref: '#/components/schemas/Security_Detections_API_RuleName'
             namespace:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_AlertsIndexNamespace
+              $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace'
             note:
               $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide'
             outcome:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome'
             output_index:
               $ref: '#/components/schemas/Security_Detections_API_AlertsIndex'
             references:
               $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray'
             related_integrations:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RelatedIntegrationArray
+              $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray'
             required_fields:
               items:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_RequiredFieldInput
+                $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput'
               type: array
             response_actions:
               items:
@@ -45259,13 +44101,11 @@ components:
             timeline_id:
               $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId'
             timeline_title:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimelineTemplateTitle
+              $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle'
             timestamp_override:
               $ref: '#/components/schemas/Security_Detections_API_TimestampOverride'
             timestamp_override_fallback_disabled:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled
+              $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled'
             to:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo'
             version:
@@ -45294,16 +44134,12 @@ components:
             - related_integrations
             - required_fields
         - $ref: '#/components/schemas/Security_Detections_API_ResponseFields'
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_ThresholdRuleResponseFields
+        - $ref: '#/components/schemas/Security_Detections_API_ThresholdRuleResponseFields'
     Security_Detections_API_ThresholdRuleCreateFields:
       allOf:
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_ThresholdRuleRequiredFields
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_ThresholdRuleOptionalFields
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_ThresholdRuleDefaultableFields
+        - $ref: '#/components/schemas/Security_Detections_API_ThresholdRuleRequiredFields'
+        - $ref: '#/components/schemas/Security_Detections_API_ThresholdRuleOptionalFields'
+        - $ref: '#/components/schemas/Security_Detections_API_ThresholdRuleDefaultableFields'
     Security_Detections_API_ThresholdRuleCreateProps:
       allOf:
         - type: object
@@ -45313,11 +44149,9 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleAction'
               type: array
             alias_purpose:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose'
             alias_target_id:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId'
             author:
               $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray'
             building_block_type:
@@ -45331,8 +44165,7 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList'
               type: array
             false_positives:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RuleFalsePositiveArray
+              $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray'
             from:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom'
             interval:
@@ -45348,24 +44181,20 @@ components:
             name:
               $ref: '#/components/schemas/Security_Detections_API_RuleName'
             namespace:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_AlertsIndexNamespace
+              $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace'
             note:
               $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide'
             outcome:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome'
             output_index:
               $ref: '#/components/schemas/Security_Detections_API_AlertsIndex'
             references:
               $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray'
             related_integrations:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RelatedIntegrationArray
+              $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray'
             required_fields:
               items:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_RequiredFieldInput
+                $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput'
               type: array
             response_actions:
               items:
@@ -45394,13 +44223,11 @@ components:
             timeline_id:
               $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId'
             timeline_title:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimelineTemplateTitle
+              $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle'
             timestamp_override:
               $ref: '#/components/schemas/Security_Detections_API_TimestampOverride'
             timestamp_override_fallback_disabled:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled
+              $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled'
             to:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo'
             version:
@@ -45410,8 +44237,7 @@ components:
             - description
             - risk_score
             - severity
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_ThresholdRuleCreateFields
+        - $ref: '#/components/schemas/Security_Detections_API_ThresholdRuleCreateFields'
     Security_Detections_API_ThresholdRuleDefaultableFields:
       type: object
       properties:
@@ -45421,8 +44247,7 @@ components:
       type: object
       properties:
         alert_suppression:
-          $ref: >-
-            #/components/schemas/Security_Detections_API_ThresholdAlertSuppression
+          $ref: '#/components/schemas/Security_Detections_API_ThresholdAlertSuppression'
         data_view_id:
           $ref: '#/components/schemas/Security_Detections_API_DataViewId'
         filters:
@@ -45444,10 +44269,8 @@ components:
               enum:
                 - threshold
               type: string
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_ThresholdRuleOptionalFields
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_ThresholdRuleDefaultableFields
+        - $ref: '#/components/schemas/Security_Detections_API_ThresholdRuleOptionalFields'
+        - $ref: '#/components/schemas/Security_Detections_API_ThresholdRuleDefaultableFields'
     Security_Detections_API_ThresholdRulePatchProps:
       allOf:
         - type: object
@@ -45457,11 +44280,9 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleAction'
               type: array
             alias_purpose:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose'
             alias_target_id:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId'
             author:
               $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray'
             building_block_type:
@@ -45475,8 +44296,7 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList'
               type: array
             false_positives:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RuleFalsePositiveArray
+              $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray'
             from:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom'
             id:
@@ -45494,24 +44314,20 @@ components:
             name:
               $ref: '#/components/schemas/Security_Detections_API_RuleName'
             namespace:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_AlertsIndexNamespace
+              $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace'
             note:
               $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide'
             outcome:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome'
             output_index:
               $ref: '#/components/schemas/Security_Detections_API_AlertsIndex'
             references:
               $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray'
             related_integrations:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RelatedIntegrationArray
+              $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray'
             required_fields:
               items:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_RequiredFieldInput
+                $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput'
               type: array
             response_actions:
               items:
@@ -45540,19 +44356,16 @@ components:
             timeline_id:
               $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId'
             timeline_title:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimelineTemplateTitle
+              $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle'
             timestamp_override:
               $ref: '#/components/schemas/Security_Detections_API_TimestampOverride'
             timestamp_override_fallback_disabled:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled
+              $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled'
             to:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo'
             version:
               $ref: '#/components/schemas/Security_Detections_API_RuleVersion'
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_ThresholdRulePatchFields
+        - $ref: '#/components/schemas/Security_Detections_API_ThresholdRulePatchFields'
     Security_Detections_API_ThresholdRuleRequiredFields:
       type: object
       properties:
@@ -45571,10 +44384,8 @@ components:
         - threshold
     Security_Detections_API_ThresholdRuleResponseFields:
       allOf:
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_ThresholdRuleRequiredFields
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_ThresholdRuleOptionalFields
+        - $ref: '#/components/schemas/Security_Detections_API_ThresholdRuleRequiredFields'
+        - $ref: '#/components/schemas/Security_Detections_API_ThresholdRuleOptionalFields'
         - type: object
           properties:
             language:
@@ -45590,11 +44401,9 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleAction'
               type: array
             alias_purpose:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose'
             alias_target_id:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId'
             author:
               $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray'
             building_block_type:
@@ -45608,8 +44417,7 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList'
               type: array
             false_positives:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RuleFalsePositiveArray
+              $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray'
             from:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom'
             id:
@@ -45627,24 +44435,20 @@ components:
             name:
               $ref: '#/components/schemas/Security_Detections_API_RuleName'
             namespace:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_AlertsIndexNamespace
+              $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace'
             note:
               $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide'
             outcome:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome'
             output_index:
               $ref: '#/components/schemas/Security_Detections_API_AlertsIndex'
             references:
               $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray'
             related_integrations:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RelatedIntegrationArray
+              $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray'
             required_fields:
               items:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_RequiredFieldInput
+                $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput'
               type: array
             response_actions:
               items:
@@ -45673,13 +44477,11 @@ components:
             timeline_id:
               $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId'
             timeline_title:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimelineTemplateTitle
+              $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle'
             timestamp_override:
               $ref: '#/components/schemas/Security_Detections_API_TimestampOverride'
             timestamp_override_fallback_disabled:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled
+              $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled'
             to:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo'
             version:
@@ -45689,16 +44491,13 @@ components:
             - description
             - risk_score
             - severity
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_ThresholdRuleCreateFields
+        - $ref: '#/components/schemas/Security_Detections_API_ThresholdRuleCreateFields'
     Security_Detections_API_ThresholdValue:
       description: Threshold value
       minimum: 1
       type: integer
     Security_Detections_API_ThrottleForBulkActions:
-      description: >-
-        The condition for throttling the notification: 'rule', 'no_actions', or
-        time duration
+      description: 'The condition for throttling the notification: ''rule'', ''no_actions'', or time duration'
       enum:
         - rule
         - 1h
@@ -45760,44 +44559,34 @@ components:
         created_by:
           type: string
         description:
-          $ref: >-
-            #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListDescription
+          $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListDescription'
         id:
-          $ref: >-
-            #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListId
+          $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListId'
         immutable:
           type: boolean
         list_id:
-          $ref: >-
-            #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListHumanId
+          $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListHumanId'
         meta:
-          $ref: >-
-            #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListMeta
+          $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListMeta'
         name:
-          $ref: >-
-            #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListName
+          $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListName'
         namespace_type:
-          $ref: >-
-            #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionNamespaceType
+          $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionNamespaceType'
         os_types:
-          $ref: >-
-            #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListOsTypeArray
+          $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListOsTypeArray'
         tags:
-          $ref: >-
-            #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListTags
+          $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListTags'
         tie_breaker_id:
           type: string
         type:
-          $ref: >-
-            #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListType
+          $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListType'
         updated_at:
           format: date-time
           type: string
         updated_by:
           type: string
         version:
-          $ref: >-
-            #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListVersion
+          $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListVersion'
       required:
         - id
         - list_id
@@ -45825,51 +44614,39 @@ components:
         _version:
           type: string
         comments:
-          $ref: >-
-            #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemCommentArray
+          $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemCommentArray'
         created_at:
           format: date-time
           type: string
         created_by:
           type: string
         description:
-          $ref: >-
-            #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemDescription
+          $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemDescription'
         entries:
-          $ref: >-
-            #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryArray
+          $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryArray'
         expire_time:
           format: date-time
           type: string
         id:
-          $ref: >-
-            #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemId
+          $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemId'
         item_id:
-          $ref: >-
-            #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId
+          $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId'
         list_id:
-          $ref: >-
-            #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListHumanId
+          $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListHumanId'
         meta:
-          $ref: >-
-            #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemMeta
+          $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemMeta'
         name:
-          $ref: >-
-            #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemName
+          $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemName'
         namespace_type:
-          $ref: >-
-            #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionNamespaceType
+          $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionNamespaceType'
         os_types:
-          $ref: >-
-            #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray
+          $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray'
         tags:
-          $ref: >-
-            #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemTags
+          $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemTags'
         tie_breaker_id:
           type: string
         type:
-          $ref: >-
-            #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemType
+          $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemType'
         updated_at:
           format: date-time
           type: string
@@ -45914,31 +44691,23 @@ components:
         - created_by
     Security_Endpoint_Exceptions_API_ExceptionListItemCommentArray:
       items:
-        $ref: >-
-          #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemComment
+        $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemComment'
       type: array
     Security_Endpoint_Exceptions_API_ExceptionListItemDescription:
       type: string
     Security_Endpoint_Exceptions_API_ExceptionListItemEntry:
       anyOf:
-        - $ref: >-
-            #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatch
-        - $ref: >-
-            #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatchAny
-        - $ref: >-
-            #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryList
-        - $ref: >-
-            #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryExists
-        - $ref: >-
-            #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryNested
-        - $ref: >-
-            #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatchWildcard
+        - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatch'
+        - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatchAny'
+        - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryList'
+        - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryExists'
+        - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryNested'
+        - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatchWildcard'
       discriminator:
         propertyName: type
     Security_Endpoint_Exceptions_API_ExceptionListItemEntryArray:
       items:
-        $ref: >-
-          #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntry
+        $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntry'
       type: array
     Security_Endpoint_Exceptions_API_ExceptionListItemEntryExists:
       type: object
@@ -45946,8 +44715,7 @@ components:
         field:
           $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString'
         operator:
-          $ref: >-
-            #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator
+          $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator'
         type:
           enum:
             - exists
@@ -45972,8 +44740,7 @@ components:
             - id
             - type
         operator:
-          $ref: >-
-            #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator
+          $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator'
         type:
           enum:
             - list
@@ -45989,8 +44756,7 @@ components:
         field:
           $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString'
         operator:
-          $ref: >-
-            #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator
+          $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator'
         type:
           enum:
             - match
@@ -46008,16 +44774,14 @@ components:
         field:
           $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString'
         operator:
-          $ref: >-
-            #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator
+          $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator'
         type:
           enum:
             - match_any
           type: string
         value:
           items:
-            $ref: >-
-              #/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString
+            $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString'
           minItems: 1
           type: array
       required:
@@ -46031,8 +44795,7 @@ components:
         field:
           $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString'
         operator:
-          $ref: >-
-            #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator
+          $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator'
         type:
           enum:
             - wildcard
@@ -46049,8 +44812,7 @@ components:
       properties:
         entries:
           items:
-            $ref: >-
-              #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryNestedEntryItem
+            $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryNestedEntryItem'
           minItems: 1
           type: array
         field:
@@ -46065,12 +44827,9 @@ components:
         - entries
     Security_Endpoint_Exceptions_API_ExceptionListItemEntryNestedEntryItem:
       oneOf:
-        - $ref: >-
-            #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatch
-        - $ref: >-
-            #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatchAny
-        - $ref: >-
-            #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryExists
+        - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatch'
+        - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatchAny'
+        - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryExists'
     Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator:
       enum:
         - excluded
@@ -46087,8 +44846,7 @@ components:
       $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString'
     Security_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray:
       items:
-        $ref: >-
-          #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListOsType
+        $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListOsType'
       type: array
     Security_Endpoint_Exceptions_API_ExceptionListItemTags:
       items:
@@ -46111,8 +44869,7 @@ components:
       type: string
     Security_Endpoint_Exceptions_API_ExceptionListOsTypeArray:
       items:
-        $ref: >-
-          #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListOsType
+        $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListOsType'
       type: array
     Security_Endpoint_Exceptions_API_ExceptionListTags:
       items:
@@ -46132,15 +44889,11 @@ components:
       minimum: 1
       type: integer
     Security_Endpoint_Exceptions_API_ExceptionNamespaceType:
-      description: >
-        Determines whether the exception container is available in all Kibana
-        spaces or just the space
-
+      description: |
+        Determines whether the exception container is available in all Kibana spaces or just the space
         in which it is created, where:
 
-
         - `single`: Only available in the Kibana space in which it is created.
-
         - `agnostic`: Available in all Kibana spaces.
       enum:
         - agnostic
@@ -46204,17 +44957,6 @@ components:
       required:
         - status_code
         - message
-    Security_Endpoint_Management_API_ActionLogRequestQuery:
-      type: object
-      properties:
-        end_date:
-          $ref: '#/components/schemas/Security_Endpoint_Management_API_EndDate'
-        page:
-          $ref: '#/components/schemas/Security_Endpoint_Management_API_Page'
-        page_size:
-          $ref: '#/components/schemas/Security_Endpoint_Management_API_PageSize'
-        start_date:
-          $ref: '#/components/schemas/Security_Endpoint_Management_API_StartDate'
     Security_Endpoint_Management_API_ActionStateSuccessResponse:
       type: object
       properties:
@@ -46240,11 +44982,9 @@ components:
               type: object
               properties:
                 agent_id:
-                  $ref: >-
-                    #/components/schemas/Security_Endpoint_Management_API_AgentId
+                  $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentId'
                 pending_actions:
-                  $ref: >-
-                    #/components/schemas/Security_Endpoint_Management_API_PendingActionsSchema
+                  $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionsSchema'
               required:
                 - agent_id
                 - pending_actions
@@ -46335,8 +45075,7 @@ components:
             comment:
               $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment'
             endpoint_ids:
-              $ref: >-
-                #/components/schemas/Security_Endpoint_Management_API_EndpointIds
+              $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds'
             parameters:
               $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters'
           required:
@@ -46347,11 +45086,9 @@ components:
               type: object
               properties:
                 command:
-                  $ref: >-
-                    #/components/schemas/Security_Endpoint_Management_API_Command
+                  $ref: '#/components/schemas/Security_Endpoint_Management_API_Command'
                 timeout:
-                  $ref: >-
-                    #/components/schemas/Security_Endpoint_Management_API_Timeout
+                  $ref: '#/components/schemas/Security_Endpoint_Management_API_Timeout'
               required:
                 - command
           required:
@@ -46396,8 +45133,7 @@ components:
             comment:
               $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment'
             endpoint_ids:
-              $ref: >-
-                #/components/schemas/Security_Endpoint_Management_API_EndpointIds
+              $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds'
             parameters:
               $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters'
           required:
@@ -46414,11 +45150,9 @@ components:
           required:
             - parameters
     Security_Endpoint_Management_API_GetProcessesRouteRequestBody:
-      $ref: >-
-        #/components/schemas/Security_Endpoint_Management_API_NoParametersRequestSchema
+      $ref: '#/components/schemas/Security_Endpoint_Management_API_NoParametersRequestSchema'
     Security_Endpoint_Management_API_IsolateRouteRequestBody:
-      $ref: >-
-        #/components/schemas/Security_Endpoint_Management_API_NoParametersRequestSchema
+      $ref: '#/components/schemas/Security_Endpoint_Management_API_NoParametersRequestSchema'
     Security_Endpoint_Management_API_KillProcessRouteRequestBody:
       allOf:
         - type: object
@@ -46432,8 +45166,7 @@ components:
             comment:
               $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment'
             endpoint_ids:
-              $ref: >-
-                #/components/schemas/Security_Endpoint_Management_API_EndpointIds
+              $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds'
             parameters:
               $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters'
           required:
@@ -46443,8 +45176,7 @@ components:
             parameters:
               oneOf:
                 - $ref: '#/components/schemas/Security_Endpoint_Management_API_Pid'
-                - $ref: >-
-                    #/components/schemas/Security_Endpoint_Management_API_EntityId
+                - $ref: '#/components/schemas/Security_Endpoint_Management_API_EntityId'
                 - type: object
                   properties:
                     process_name:
@@ -46520,8 +45252,7 @@ components:
             comment:
               $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment'
             endpoint_ids:
-              $ref: >-
-                #/components/schemas/Security_Endpoint_Management_API_EndpointIds
+              $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds'
             parameters:
               $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters'
           required:
@@ -46533,12 +45264,6 @@ components:
       description: Page number
       minimum: 1
       type: integer
-    Security_Endpoint_Management_API_PageSize:
-      default: 10
-      description: Number of items per page
-      maximum: 100
-      minimum: 1
-      type: integer
     Security_Endpoint_Management_API_Parameters:
       description: Optional parameters object
       type: object
@@ -46549,32 +45274,23 @@ components:
         - type: object
           properties:
             execute:
-              $ref: >-
-                #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType
+              $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionDataType'
             get-file:
-              $ref: >-
-                #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType
+              $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionDataType'
             isolate:
-              $ref: >-
-                #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType
+              $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionDataType'
             kill-process:
-              $ref: >-
-                #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType
+              $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionDataType'
             running-processes:
-              $ref: >-
-                #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType
+              $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionDataType'
             scan:
-              $ref: >-
-                #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType
+              $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionDataType'
             suspend-process:
-              $ref: >-
-                #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType
+              $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionDataType'
             unisolate:
-              $ref: >-
-                #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType
+              $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionDataType'
             upload:
-              $ref: >-
-                #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType
+              $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionDataType'
         - additionalProperties: true
           type: object
     Security_Endpoint_Management_API_Pid:
@@ -46601,8 +45317,7 @@ components:
             comment:
               $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment'
             endpoint_ids:
-              $ref: >-
-                #/components/schemas/Security_Endpoint_Management_API_EndpointIds
+              $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds'
             parameters:
               $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters'
           required:
@@ -46637,8 +45352,7 @@ components:
             comment:
               $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment'
             endpoint_ids:
-              $ref: >-
-                #/components/schemas/Security_Endpoint_Management_API_EndpointIds
+              $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds'
             parameters:
               $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters'
           required:
@@ -46648,8 +45362,7 @@ components:
             parameters:
               oneOf:
                 - $ref: '#/components/schemas/Security_Endpoint_Management_API_Pid'
-                - $ref: >-
-                    #/components/schemas/Security_Endpoint_Management_API_EntityId
+                - $ref: '#/components/schemas/Security_Endpoint_Management_API_EntityId'
           required:
             - parameters
     Security_Endpoint_Management_API_Timeout:
@@ -46670,8 +45383,7 @@ components:
       minLength: 1
       type: array
     Security_Endpoint_Management_API_UnisolateRouteRequestBody:
-      $ref: >-
-        #/components/schemas/Security_Endpoint_Management_API_NoParametersRequestSchema
+      $ref: '#/components/schemas/Security_Endpoint_Management_API_NoParametersRequestSchema'
     Security_Endpoint_Management_API_UploadRouteRequestBody:
       allOf:
         - type: object
@@ -46685,8 +45397,7 @@ components:
             comment:
               $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment'
             endpoint_ids:
-              $ref: >-
-                #/components/schemas/Security_Endpoint_Management_API_EndpointIds
+              $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds'
             parameters:
               $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters'
           required:
@@ -46758,10 +45469,8 @@ components:
       type: string
     Security_Entity_Analytics_API_AssetCriticalityRecord:
       allOf:
-        - $ref: >-
-            #/components/schemas/Security_Entity_Analytics_API_CreateAssetCriticalityRecord
-        - $ref: >-
-            #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecordEcsParts
+        - $ref: '#/components/schemas/Security_Entity_Analytics_API_CreateAssetCriticalityRecord'
+        - $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecordEcsParts'
         - type: object
           properties:
             '@timestamp':
@@ -46778,8 +45487,7 @@ components:
           type: object
           properties:
             criticality:
-              $ref: >-
-                #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel
+              $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel'
           required:
             - asset
         host:
@@ -46789,8 +45497,7 @@ components:
               type: object
               properties:
                 criticality:
-                  $ref: >-
-                    #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel
+                  $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel'
               required:
                 - criticality
             name:
@@ -46804,8 +45511,7 @@ components:
               type: object
               properties:
                 criticality:
-                  $ref: >-
-                    #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel
+                  $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel'
               required:
                 - criticality
             name:
@@ -46850,13 +45556,11 @@ components:
         - errors
     Security_Entity_Analytics_API_CreateAssetCriticalityRecord:
       allOf:
-        - $ref: >-
-            #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecordIdParts
+        - $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecordIdParts'
         - type: object
           properties:
             criticality_level:
-              $ref: >-
-                #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel
+              $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel'
           required:
             - criticality_level
     Security_Entity_Analytics_API_EngineDataviewUpdateResult:
@@ -46930,23 +45634,17 @@ components:
           format: double
           type: number
         calculated_score_norm:
-          description: >-
-            The normalized numeric value of the given entity's risk score.
-            Useful for comparing with other entities.
+          description: The normalized numeric value of the given entity's risk score. Useful for comparing with other entities.
           format: double
           maximum: 100
           minimum: 0
           type: number
         category_1_count:
-          description: >-
-            The number of risk input documents that contributed to the Category
-            1 score (`category_1_score`).
+          description: The number of risk input documents that contributed to the Category 1 score (`category_1_score`).
           format: integer
           type: number
         category_1_score:
-          description: >-
-            The contribution of Category 1 to the overall risk score
-            (`calculated_score`). Category 1 contains Detection Engine Alerts.
+          description: The contribution of Category 1 to the overall risk score (`calculated_score`). Category 1 contains Detection Engine Alerts.
           format: double
           type: number
         category_2_count:
@@ -46956,27 +45654,20 @@ components:
           format: double
           type: number
         criticality_level:
-          $ref: >-
-            #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel
+          $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel'
         criticality_modifier:
           format: double
           type: number
         id_field:
-          description: >-
-            The identifier field defining this risk score. Coupled with
-            `id_value`, uniquely identifies the entity being scored.
+          description: The identifier field defining this risk score. Coupled with `id_value`, uniquely identifies the entity being scored.
           example: host.name
           type: string
         id_value:
-          description: >-
-            The identifier value defining this risk score. Coupled with
-            `id_field`, uniquely identifies the entity being scored.
+          description: The identifier value defining this risk score. Coupled with `id_field`, uniquely identifies the entity being scored.
           example: example.host
           type: string
         inputs:
-          description: >-
-            A list of the highest-risk documents contributing to this risk
-            score. Useful for investigative purposes.
+          description: A list of the highest-risk documents contributing to this risk score. Useful for investigative purposes.
           items:
             $ref: '#/components/schemas/Security_Entity_Analytics_API_RiskScoreInput'
           type: array
@@ -47010,8 +45701,7 @@ components:
           type: object
           properties:
             criticality:
-              $ref: >-
-                #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel
+              $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel'
           required:
             - criticality
         entity:
@@ -47054,8 +45744,7 @@ components:
             name:
               type: string
             risk:
-              $ref: >-
-                #/components/schemas/Security_Entity_Analytics_API_EntityRiskScoreRecord
+              $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityRiskScoreRecord'
             type:
               items:
                 type: string
@@ -47162,8 +45851,7 @@ components:
           type: object
           properties:
             criticality:
-              $ref: >-
-                #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel
+              $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel'
           required:
             - criticality
         entity:
@@ -47202,8 +45890,7 @@ components:
             name:
               type: string
             risk:
-              $ref: >-
-                #/components/schemas/Security_Entity_Analytics_API_EntityRiskScoreRecord
+              $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityRiskScoreRecord'
             roles:
               items:
                 type: string
@@ -47223,8 +45910,7 @@ components:
         - comment
     Security_Exceptions_API_CreateExceptionListItemCommentArray:
       items:
-        $ref: >-
-          #/components/schemas/Security_Exceptions_API_CreateExceptionListItemComment
+        $ref: '#/components/schemas/Security_Exceptions_API_CreateExceptionListItemComment'
       type: array
     Security_Exceptions_API_CreateRuleExceptionListItemComment:
       type: object
@@ -47235,28 +45921,23 @@ components:
         - comment
     Security_Exceptions_API_CreateRuleExceptionListItemCommentArray:
       items:
-        $ref: >-
-          #/components/schemas/Security_Exceptions_API_CreateRuleExceptionListItemComment
+        $ref: '#/components/schemas/Security_Exceptions_API_CreateRuleExceptionListItemComment'
       type: array
     Security_Exceptions_API_CreateRuleExceptionListItemProps:
       type: object
       properties:
         comments:
-          $ref: >-
-            #/components/schemas/Security_Exceptions_API_CreateRuleExceptionListItemCommentArray
+          $ref: '#/components/schemas/Security_Exceptions_API_CreateRuleExceptionListItemCommentArray'
           default: []
         description:
-          $ref: >-
-            #/components/schemas/Security_Exceptions_API_ExceptionListItemDescription
+          $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemDescription'
         entries:
-          $ref: >-
-            #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray
+          $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray'
         expire_time:
           format: date-time
           type: string
         item_id:
-          $ref: >-
-            #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId
+          $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId'
         meta:
           $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemMeta'
         name:
@@ -47265,8 +45946,7 @@ components:
           $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType'
           default: single
         os_types:
-          $ref: >-
-            #/components/schemas/Security_Exceptions_API_ExceptionListItemOsTypeArray
+          $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemOsTypeArray'
           default: []
         tags:
           $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemTags'
@@ -47289,8 +45969,7 @@ components:
         created_by:
           type: string
         description:
-          $ref: >-
-            #/components/schemas/Security_Exceptions_API_ExceptionListDescription
+          $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListDescription'
         id:
           $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId'
         immutable:
@@ -47304,8 +45983,7 @@ components:
         namespace_type:
           $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType'
         os_types:
-          $ref: >-
-            #/components/schemas/Security_Exceptions_API_ExceptionListOsTypeArray
+          $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListOsTypeArray'
         tags:
           $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListTags'
         tie_breaker_id:
@@ -47346,27 +46024,23 @@ components:
         _version:
           type: string
         comments:
-          $ref: >-
-            #/components/schemas/Security_Exceptions_API_ExceptionListItemCommentArray
+          $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemCommentArray'
         created_at:
           format: date-time
           type: string
         created_by:
           type: string
         description:
-          $ref: >-
-            #/components/schemas/Security_Exceptions_API_ExceptionListItemDescription
+          $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemDescription'
         entries:
-          $ref: >-
-            #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray
+          $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray'
         expire_time:
           format: date-time
           type: string
         id:
           $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemId'
         item_id:
-          $ref: >-
-            #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId
+          $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId'
         list_id:
           $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId'
         meta:
@@ -47376,8 +46050,7 @@ components:
         namespace_type:
           $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType'
         os_types:
-          $ref: >-
-            #/components/schemas/Security_Exceptions_API_ExceptionListItemOsTypeArray
+          $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemOsTypeArray'
         tags:
           $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemTags'
         tie_breaker_id:
@@ -47434,18 +46107,12 @@ components:
       type: string
     Security_Exceptions_API_ExceptionListItemEntry:
       anyOf:
-        - $ref: >-
-            #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryMatch
-        - $ref: >-
-            #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryMatchAny
-        - $ref: >-
-            #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryList
-        - $ref: >-
-            #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryExists
-        - $ref: >-
-            #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryNested
-        - $ref: >-
-            #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryMatchWildcard
+        - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryMatch'
+        - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryMatchAny'
+        - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryList'
+        - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryExists'
+        - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryNested'
+        - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryMatchWildcard'
       discriminator:
         propertyName: type
     Security_Exceptions_API_ExceptionListItemEntryArray:
@@ -47458,8 +46125,7 @@ components:
         field:
           $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString'
         operator:
-          $ref: >-
-            #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryOperator
+          $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryOperator'
         type:
           enum:
             - exists
@@ -47484,8 +46150,7 @@ components:
             - id
             - type
         operator:
-          $ref: >-
-            #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryOperator
+          $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryOperator'
         type:
           enum:
             - list
@@ -47501,8 +46166,7 @@ components:
         field:
           $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString'
         operator:
-          $ref: >-
-            #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryOperator
+          $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryOperator'
         type:
           enum:
             - match
@@ -47520,8 +46184,7 @@ components:
         field:
           $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString'
         operator:
-          $ref: >-
-            #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryOperator
+          $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryOperator'
         type:
           enum:
             - match_any
@@ -47542,8 +46205,7 @@ components:
         field:
           $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString'
         operator:
-          $ref: >-
-            #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryOperator
+          $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryOperator'
         type:
           enum:
             - wildcard
@@ -47560,8 +46222,7 @@ components:
       properties:
         entries:
           items:
-            $ref: >-
-              #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryNestedEntryItem
+            $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryNestedEntryItem'
           minItems: 1
           type: array
         field:
@@ -47576,12 +46237,9 @@ components:
         - entries
     Security_Exceptions_API_ExceptionListItemEntryNestedEntryItem:
       oneOf:
-        - $ref: >-
-            #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryMatch
-        - $ref: >-
-            #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryMatchAny
-        - $ref: >-
-            #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryExists
+        - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryMatch'
+        - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryMatchAny'
+        - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryExists'
     Security_Exceptions_API_ExceptionListItemEntryOperator:
       enum:
         - excluded
@@ -47639,16 +46297,14 @@ components:
         id:
           $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId'
         item_id:
-          $ref: >-
-            #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId
+          $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId'
         list_id:
           $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId'
       required:
         - error
     Security_Exceptions_API_ExceptionListsImportBulkErrorArray:
       items:
-        $ref: >-
-          #/components/schemas/Security_Exceptions_API_ExceptionListsImportBulkError
+        $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListsImportBulkError'
       type: array
     Security_Exceptions_API_ExceptionListTags:
       items:
@@ -47668,15 +46324,11 @@ components:
       minimum: 1
       type: integer
     Security_Exceptions_API_ExceptionNamespaceType:
-      description: >
-        Determines whether the exception container is available in all Kibana
-        spaces or just the space
-
+      description: |
+        Determines whether the exception container is available in all Kibana spaces or just the space
         in which it is created, where:
 
-
         - `single`: Only available in the Kibana space in which it is created.
-
         - `agnostic`: Available in all Kibana spaces.
       enum:
         - agnostic
@@ -47755,8 +46407,7 @@ components:
         - comment
     Security_Exceptions_API_UpdateExceptionListItemCommentArray:
       items:
-        $ref: >-
-          #/components/schemas/Security_Exceptions_API_UpdateExceptionListItemComment
+        $ref: '#/components/schemas/Security_Exceptions_API_UpdateExceptionListItemComment'
       type: array
     Security_Exceptions_API_UUID:
       description: A universally unique identifier
@@ -48448,9 +47099,7 @@ components:
           $ref: '#/components/schemas/Security_Timeline_API_DataProviderType'
           nullable: true
     Security_Timeline_API_DataProviderType:
-      description: >-
-        The type of data provider to create. Valid values are `default` and
-        `template`.
+      description: The type of data provider to create. Valid values are `default` and `template`.
       enum:
         - default
         - template
@@ -48644,8 +47293,7 @@ components:
       oneOf:
         - allOf:
             - $ref: '#/components/schemas/Security_Timeline_API_PinnedEvent'
-            - $ref: >-
-                #/components/schemas/Security_Timeline_API_PinnedEventBaseResponseBody
+            - $ref: '#/components/schemas/Security_Timeline_API_PinnedEventBaseResponseBody'
         - nullable: true
           type: object
     Security_Timeline_API_PersistTimelineResponse:
@@ -48713,15 +47361,13 @@ components:
       type: object
       properties:
         alias_purpose:
-          $ref: >-
-            #/components/schemas/Security_Timeline_API_SavedObjectResolveAliasPurpose
+          $ref: '#/components/schemas/Security_Timeline_API_SavedObjectResolveAliasPurpose'
         alias_target_id:
           type: string
         outcome:
           $ref: '#/components/schemas/Security_Timeline_API_SavedObjectResolveOutcome'
         timeline:
-          $ref: >-
-            #/components/schemas/Security_Timeline_API_TimelineSavedToReturnObject
+          $ref: '#/components/schemas/Security_Timeline_API_TimelineSavedToReturnObject'
       required:
         - timeline
         - outcome
@@ -48866,8 +47512,7 @@ components:
           nullable: true
           type: string
         kqlQuery:
-          $ref: >-
-            #/components/schemas/Security_Timeline_API_SerializedFilterQueryResult
+          $ref: '#/components/schemas/Security_Timeline_API_SerializedFilterQueryResult'
           nullable: true
         savedQueryId:
           nullable: true
@@ -48964,8 +47609,7 @@ components:
     Security_Timeline_API_TimelineResponse:
       allOf:
         - $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline'
-        - $ref: >-
-            #/components/schemas/Security_Timeline_API_SavedTimelineWithSavedObjectId
+        - $ref: '#/components/schemas/Security_Timeline_API_SavedTimelineWithSavedObjectId'
         - type: object
           properties:
             eventIdToNoteIds:
@@ -49031,18 +47675,14 @@ components:
             - savedObjectId
             - version
     Security_Timeline_API_TimelineStatus:
-      description: >-
-        The status of the timeline. Valid values are `active`, `draft`, and
-        `immutable`.
+      description: The status of the timeline. Valid values are `active`, `draft`, and `immutable`.
       enum:
         - active
         - draft
         - immutable
       type: string
     Security_Timeline_API_TimelineType:
-      description: >-
-        The type of timeline to create. Valid values are `default` and
-        `template`.
+      description: The type of timeline to create. Valid values are `default` and `template`.
       enum:
         - default
         - template
@@ -49159,9 +47799,8 @@ components:
       title: Budgeting method
       type: string
     SLOs_create_slo_request:
-      description: >
-        The create SLO API request body varies depending on the type of
-        indicator, time window and budgeting method.
+      description: |
+        The create SLO API request body varies depending on the type of indicator, time window and budgeting method.
       properties:
         budgetingMethod:
           $ref: '#/components/schemas/SLOs_budgeting_method'
@@ -49171,9 +47810,7 @@ components:
         groupBy:
           $ref: '#/components/schemas/SLOs_group_by'
         id:
-          description: >-
-            A optional and unique identifier for the SLO. Must be between 8 and
-            36 chars
+          description: A optional and unique identifier for the SLO. Must be between 8 and 36 chars
           example: my-super-slo-id
           type: string
         indicator:
@@ -49217,10 +47854,8 @@ components:
       required:
         - id
     SLOs_delete_slo_instances_request:
-      description: >
-        The delete SLO instances request takes a list of SLO id and instance id,
-        then delete the rollup and summary data. This API can be used to remove
-        the staled data of an instance SLO that no longer get updated.
+      description: |
+        The delete SLO instances request takes a list of SLO id and instance id, then delete the rollup and summary data. This API can be used to remove the staled data of an instance SLO that no longer get updated.
       properties:
         list:
           description: An array of slo id and instance id
@@ -49256,9 +47891,7 @@ components:
           example: 0.02
           type: number
         isEstimated:
-          description: >-
-            Only for SLO defined with occurrences budgeting method and calendar
-            aligned time window.
+          description: Only for SLO defined with occurrences budgeting method and calendar aligned time window.
           example: true
           type: boolean
         remaining:
@@ -49329,9 +47962,7 @@ components:
       title: Find SLO response
       type: object
     SLOs_group_by:
-      description: >-
-        optional group by field or fields to use to generate an SLO per distinct
-        value
+      description: optional group by field or fields to use to generate an SLO per distinct value
       example:
         - - service.name
         - service.name
@@ -49452,11 +48083,7 @@ components:
           type: object
           properties:
             dataViewId:
-              description: >-
-                The kibana data view id to use, primarily used to include data
-                view runtime mappings. Make sure to save SLO again if you
-                add/update run time fields to the data view and if those fields
-                are being used in slo queries.
+              description: The kibana data view id to use, primarily used to include data view runtime mappings. Make sure to save SLO again if you add/update run time fields to the data view and if those fields are being used in slo queries.
               example: 03b80ab3-003d-498b-881c-3beedbaf1162
               type: string
             filter:
@@ -49497,11 +48124,7 @@ components:
           type: object
           properties:
             dataViewId:
-              description: >-
-                The kibana data view id to use, primarily used to include data
-                view runtime mappings. Make sure to save SLO again if you
-                add/update run time fields to the data view and if those fields
-                are being used in slo queries.
+              description: The kibana data view id to use, primarily used to include data view runtime mappings. Make sure to save SLO again if you add/update run time fields to the data view and if those fields are being used in slo queries.
               example: 03b80ab3-003d-498b-881c-3beedbaf1162
               type: string
             filter:
@@ -49518,16 +48141,12 @@ components:
                   example: A
                   type: string
                 metrics:
-                  description: >-
-                    List of metrics with their name, aggregation type, and
-                    field.
+                  description: List of metrics with their name, aggregation type, and field.
                   items:
                     type: object
                     properties:
                       aggregation:
-                        description: >-
-                          The aggregation type of the metric. Only valid option
-                          is "sum"
+                        description: The aggregation type of the metric. Only valid option is "sum"
                         enum:
                           - sum
                         example: sum
@@ -49572,16 +48191,12 @@ components:
                   example: A
                   type: string
                 metrics:
-                  description: >-
-                    List of metrics with their name, aggregation type, and
-                    field.
+                  description: List of metrics with their name, aggregation type, and field.
                   items:
                     type: object
                     properties:
                       aggregation:
-                        description: >-
-                          The aggregation type of the metric. Only valid option
-                          is "sum"
+                        description: The aggregation type of the metric. Only valid option is "sum"
                         enum:
                           - sum
                         example: sum
@@ -49630,11 +48245,7 @@ components:
           type: object
           properties:
             dataViewId:
-              description: >-
-                The kibana data view id to use, primarily used to include data
-                view runtime mappings. Make sure to save SLO again if you
-                add/update run time fields to the data view and if those fields
-                are being used in slo queries.
+              description: The kibana data view id to use, primarily used to include data view runtime mappings. Make sure to save SLO again if you add/update run time fields to the data view and if those fields are being used in slo queries.
               example: 03b80ab3-003d-498b-881c-3beedbaf1162
               type: string
             filter:
@@ -49662,15 +48273,11 @@ components:
                   example: 'processor.outcome: "success"'
                   type: string
                 from:
-                  description: >-
-                    The starting value of the range. Only required for "range"
-                    aggregations.
+                  description: The starting value of the range. Only required for "range" aggregations.
                   example: 0
                   type: number
                 to:
-                  description: >-
-                    The ending value of the range. Only required for "range"
-                    aggregations.
+                  description: The ending value of the range. Only required for "range" aggregations.
                   example: 100
                   type: number
               required:
@@ -49706,15 +48313,11 @@ components:
                   example: 'processor.outcome : *'
                   type: string
                 from:
-                  description: >-
-                    The starting value of the range. Only required for "range"
-                    aggregations.
+                  description: The starting value of the range. Only required for "range" aggregations.
                   example: 0
                   type: number
                 to:
-                  description: >-
-                    The ending value of the range. Only required for "range"
-                    aggregations.
+                  description: The ending value of the range. Only required for "range" aggregations.
                   example: 100
                   type: number
               required:
@@ -49743,11 +48346,7 @@ components:
           type: object
           properties:
             dataViewId:
-              description: >-
-                The kibana data view id to use, primarily used to include data
-                view runtime mappings. Make sure to save SLO again if you
-                add/update run time fields to the data view and if those fields
-                are being used in slo queries.
+              description: The kibana data view id to use, primarily used to include data view runtime mappings. Make sure to save SLO again if you add/update run time fields to the data view and if those fields are being used in slo queries.
               example: 03b80ab3-003d-498b-881c-3beedbaf1162
               type: string
             filter:
@@ -49759,15 +48358,12 @@ components:
               example: my-service-*
               type: string
             metric:
-              description: >
-                An object defining the metrics, equation, and threshold to
-                determine if it's a good slice or not
+              description: |
+                An object defining the metrics, equation, and threshold to determine if it's a good slice or not
               type: object
               properties:
                 comparator:
-                  description: >-
-                    The comparator to use to compare the equation to the
-                    threshold.
+                  description: The comparator to use to compare the equation to the threshold.
                   enum:
                     - GT
                     - GTE
@@ -49780,22 +48376,15 @@ components:
                   example: A
                   type: string
                 metrics:
-                  description: >-
-                    List of metrics with their name, aggregation type, and
-                    field.
+                  description: List of metrics with their name, aggregation type, and field.
                   items:
                     anyOf:
-                      - $ref: >-
-                          #/components/schemas/SLOs_timeslice_metric_basic_metric_with_field
-                      - $ref: >-
-                          #/components/schemas/SLOs_timeslice_metric_percentile_metric
-                      - $ref: >-
-                          #/components/schemas/SLOs_timeslice_metric_doc_count_metric
+                      - $ref: '#/components/schemas/SLOs_timeslice_metric_basic_metric_with_field'
+                      - $ref: '#/components/schemas/SLOs_timeslice_metric_percentile_metric'
+                      - $ref: '#/components/schemas/SLOs_timeslice_metric_doc_count_metric'
                   type: array
                 threshold:
-                  description: >-
-                    The threshold used to determine if the metric is a good
-                    slice or not.
+                  description: The threshold used to determine if the metric is a good slice or not.
                   example: 100
                   type: number
               required:
@@ -49878,17 +48467,13 @@ components:
           minimum: 0
           type: number
         timesliceTarget:
-          description: >-
-            the target objective for each slice when using a timeslices
-            budgeting method
+          description: the target objective for each slice when using a timeslices budgeting method
           example: 0.995
           maximum: 100
           minimum: 0
           type: number
         timesliceWindow:
-          description: >-
-            the duration of each slice when using a timeslices budgeting method,
-            as {duraton}{unit}
+          description: the duration of each slice when using a timeslices budgeting method, as {duraton}{unit}
           example: 5m
           type: string
       required:
@@ -50120,16 +48705,11 @@ components:
       type: object
       properties:
         duration:
-          description: >-
-            the duration formatted as {duration}{unit}. Accepted values for
-            rolling: 7d, 30d, 90d. Accepted values for calendar aligned: 1w
-            (weekly) or 1M (monthly)
+          description: 'the duration formatted as {duration}{unit}. Accepted values for rolling: 7d, 30d, 90d. Accepted values for calendar aligned: 1w (weekly) or 1M (monthly)'
           example: 30d
           type: string
         type:
-          description: >-
-            Indicates weither the time window is a rolling or a calendar aligned
-            time window.
+          description: Indicates weither the time window is a rolling or a calendar aligned time window.
           enum:
             - rolling
             - calendarAligned
@@ -50198,9 +48778,7 @@ components:
       type: object
       properties:
         aggregation:
-          description: >-
-            The aggregation type of the metric. Only valid option is
-            "percentile"
+          description: The aggregation type of the metric. Only valid option is "percentile"
           enum:
             - percentile
           example: percentile
@@ -50229,9 +48807,8 @@ components:
         - percentile
       title: Timeslice Metric Percentile Metric
     SLOs_update_slo_request:
-      description: >
-        The update SLO API request body varies depending on the type of
-        indicator, time window and budgeting method. Partial update is handled.
+      description: |
+        The update SLO API request body varies depending on the type of indicator, time window and budgeting method. Partial update is handled.
       properties:
         budgetingMethod:
           $ref: '#/components/schemas/SLOs_budgeting_method'
@@ -50264,117 +48841,2846 @@ components:
           $ref: '#/components/schemas/SLOs_time_window'
       title: Update SLO request
       type: object
-  securitySchemes:
-    apiKeyAuth:
-      description: >-
-        You must create an API key and use the encoded value in the request
-        header. To learn about creating keys, go to [API
-        keys](https://www.elastic.co/docs/current/serverless/api-keys).
-      in: header
-      name: Authorization
-      type: apiKey
-security:
-  - apiKeyAuth: []
-tags:
-  - name: alerting
-  - description: |
-      Adjust APM agent configuration without need to redeploy your application.
-    name: APM agent configuration
-  - description: >
-      Configure APM agent keys to authorize requests from APM agents to the APM
-      Server.
-    name: APM agent keys
-  - description: >
-      Annotate visualizations in the APM app with significant events.
-      Annotations enable you to easily see how events are impacting the
-      performance of your applications.
-    name: APM annotations
-  - description: Create APM fleet server schema.
-    name: APM server schema
-  - description: Configure APM source maps.
-    name: APM sourcemaps
-  - name: connectors
-  - name: Data streams
-  - description: >-
-      Data view APIs enable you to manage data views, formerly known as Kibana
-      index patterns.
-    name: data views
-  - name: Elastic Agent actions
-  - name: Elastic Agent binary download sources
-  - name: Elastic Agent policies
-  - name: Elastic Agent status
-  - name: Elastic Agents
-  - name: Elastic Package Manager (EPM)
-  - name: Fleet enrollment API keys
-  - name: Fleet internals
-  - name: Fleet outputs
-  - name: Fleet package policies
-  - name: Fleet proxies
-  - name: Fleet Server hosts
-  - name: Fleet service tokens
-  - name: Fleet uninstall tokens
-  - name: Message Signing Service
-  - description: Machine learning
-    name: ml
-  - name: roles
-  - description: >
-      Export sets of saved objects that you want to import into Kibana, resolve
-      import errors, and rotate an encryption key for encrypted saved objects
-      with the saved objects APIs.
-
-
-      To manage a specific type of saved object, use the corresponding APIs.
-
-      For example, use:
-
-
-      [Data views](../group/endpoint-data-views)
-
-
-      Warning: Do not write documents directly to the `.kibana` index. When you
-      write directly to the `.kibana` index, the data becomes corrupted and
-      permanently breaks future Kibana versions.
-    name: saved objects
-    x-displayName: Saved objects
-  - description: Manage and interact with Security Assistant resources.
-    name: Security AI Assistant API
-    x-displayName: Security AI assistant
-  - description: >-
-      You can create rules that automatically turn events and external alerts
-      sent to Elastic Security into detection alerts. These alerts are displayed
-      on the Detections page.
-    name: Security Detections API
-    x-displayName: Security detections
-  - description: >-
-      Endpoint Exceptions API allows you to manage detection rule endpoint
-      exceptions to prevent a rule from generating an alert from incoming events
-      even when the rule's other criteria are met.
-    name: Security Endpoint Exceptions API
-    x-displayName: Security endpoint exceptions
-  - description: Interact with and manage endpoints running the Elastic Defend integration.
-    name: Security Endpoint Management API
-    x-displayName: Security endpoint management
-  - description: ''
-    name: Security Entity Analytics API
-    x-displayName: Security entity analytics
-  - description: >-
-      Exceptions API allows you to manage detection rule exceptions to prevent a
-      rule from generating an alert from incoming events even when the rule's
-      other criteria are met.
-    name: Security Exceptions API
-    x-displayName: Security exceptions
-  - description: Lists API allows you to manage lists of keywords, IPs or IP ranges items.
-    name: Security Lists API
-    x-displayName: Security lists
-  - description: Run live queries, manage packs and saved queries.
-    name: Security Osquery API
-    x-displayName: Security Osquery
-  - description: >-
-      You can create Timelines and Timeline templates via the API, as well as
-      import new Timelines from an ndjson file.
-    name: Security Timeline API
-    x-displayName: Security timeline
-  - description: SLO APIs enable you to define, manage and track service-level objectives
-    name: slo
-  - name: spaces
-  - name: system
+    bedrock_config:
+      title: Connector request properties for an Amazon Bedrock connector
+      description: Defines properties for connectors when type is `.bedrock`.
+      type: object
+      required:
+        - apiUrl
+      properties:
+        apiUrl:
+          type: string
+          description: The Amazon Bedrock request URL.
+        defaultModel:
+          type: string
+          description: |
+            The generative artificial intelligence model for Amazon Bedrock to use. Current support is for the Anthropic Claude models.
+          default: anthropic.claude-3-5-sonnet-20240620-v1:0
+    crowdstrike_config:
+      title: Connector request config properties for a Crowdstrike connector
+      required:
+        - url
+      description: Defines config properties for connectors when type is `.crowdstrike`.
+      type: object
+      properties:
+        url:
+          description: |
+            The CrowdStrike tenant URL. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts.
+          type: string
+    d3security_config:
+      title: Connector request properties for a D3 Security connector
+      description: Defines properties for connectors when type is `.d3security`.
+      type: object
+      required:
+        - url
+      properties:
+        url:
+          type: string
+          description: |
+            The D3 Security API request URL. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts.
+    email_config:
+      title: Connector request properties for an email connector
+      description: Defines properties for connectors when type is `.email`.
+      required:
+        - from
+      type: object
+      properties:
+        clientId:
+          description: |
+            The client identifier, which is a part of OAuth 2.0 client credentials authentication, in GUID format. If `service` is `exchange_server`, this property is required.
+          type: string
+          nullable: true
+        from:
+          description: |
+            The from address for all emails sent by the connector. It must be specified in `user@host-name` format.
+          type: string
+        hasAuth:
+          description: |
+            Specifies whether a user and password are required inside the secrets configuration.
+          default: true
+          type: boolean
+        host:
+          description: |
+            The host name of the service provider. If the `service` is `elastic_cloud` (for Elastic Cloud notifications) or one of Nodemailer's well-known email service providers, this property is ignored. If `service` is `other`, this property must be defined.
+          type: string
+        oauthTokenUrl:
+          type: string
+          nullable: true
+        port:
+          description: |
+            The port to connect to on the service provider. If the `service` is `elastic_cloud` (for Elastic Cloud notifications) or one of Nodemailer's well-known email service providers, this property is ignored. If `service` is `other`, this property must be defined.
+          type: integer
+        secure:
+          description: |
+            Specifies whether the connection to the service provider will use TLS. If the `service` is `elastic_cloud` (for Elastic Cloud notifications) or one of Nodemailer's well-known email service providers, this property is ignored.
+          type: boolean
+        service:
+          description: |
+            The name of the email service.
+          type: string
+          enum:
+            - elastic_cloud
+            - exchange_server
+            - gmail
+            - other
+            - outlook365
+            - ses
+        tenantId:
+          description: |
+            The tenant identifier, which is part of OAuth 2.0 client credentials authentication, in GUID format. If `service` is `exchange_server`, this property is required.
+          type: string
+          nullable: true
+    gemini_config:
+      title: Connector request properties for an Google Gemini connector
+      description: Defines properties for connectors when type is `.gemini`.
+      type: object
+      required:
+        - apiUrl
+        - gcpRegion
+        - gcpProjectID
+      properties:
+        apiUrl:
+          type: string
+          description: The Google Gemini request URL.
+        defaultModel:
+          type: string
+          description: The generative artificial intelligence model for Google Gemini to use.
+          default: gemini-1.5-pro-002
+        gcpRegion:
+          type: string
+          description: The GCP region where the Vertex AI endpoint enabled.
+        gcpProjectID:
+          type: string
+          description: The Google ProjectID that has Vertex AI endpoint enabled.
+    resilient_config:
+      title: Connector request properties for a IBM Resilient connector
+      required:
+        - apiUrl
+        - orgId
+      description: Defines properties for connectors when type is `.resilient`.
+      type: object
+      properties:
+        apiUrl:
+          description: The IBM Resilient instance URL.
+          type: string
+        orgId:
+          description: The IBM Resilient organization ID.
+          type: string
+    index_config:
+      title: Connector request properties for an index connector
+      required:
+        - index
+      description: Defines properties for connectors when type is `.index`.
+      type: object
+      properties:
+        executionTimeField:
+          description: A field that indicates when the document was indexed.
+          default: null
+          type: string
+          nullable: true
+        index:
+          description: The Elasticsearch index to be written to.
+          type: string
+        refresh:
+          description: |
+            The refresh policy for the write request, which affects when changes are made visible to search. Refer to the refresh setting for Elasticsearch document APIs.
+          default: false
+          type: boolean
+    jira_config:
+      title: Connector request properties for a Jira connector
+      required:
+        - apiUrl
+        - projectKey
+      description: Defines properties for connectors when type is `.jira`.
+      type: object
+      properties:
+        apiUrl:
+          description: The Jira instance URL.
+          type: string
+        projectKey:
+          description: The Jira project key.
+          type: string
+    genai_azure_config:
+      title: Connector request properties for an OpenAI connector that uses Azure OpenAI
+      description: |
+        Defines properties for connectors when type is `.gen-ai` and the API provider is `Azure OpenAI`.
+      type: object
+      required:
+        - apiProvider
+        - apiUrl
+      properties:
+        apiProvider:
+          type: string
+          description: The OpenAI API provider.
+          enum:
+            - Azure OpenAI
+        apiUrl:
+          type: string
+          description: The OpenAI API endpoint.
+    genai_openai_config:
+      title: Connector request properties for an OpenAI connector
+      description: |
+        Defines properties for connectors when type is `.gen-ai` and the API provider is `OpenAI`.
+      type: object
+      required:
+        - apiProvider
+        - apiUrl
+      properties:
+        apiProvider:
+          type: string
+          description: The OpenAI API provider.
+          enum:
+            - OpenAI
+        apiUrl:
+          type: string
+          description: The OpenAI API endpoint.
+        defaultModel:
+          type: string
+          description: The default model to use for requests.
+    opsgenie_config:
+      title: Connector request properties for an Opsgenie connector
+      required:
+        - apiUrl
+      description: Defines properties for connectors when type is `.opsgenie`.
+      type: object
+      properties:
+        apiUrl:
+          description: |
+            The Opsgenie URL. For example, `https://api.opsgenie.com` or `https://api.eu.opsgenie.com`. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts.
+          type: string
+    pagerduty_config:
+      title: Connector request properties for a PagerDuty connector
+      description: Defines properties for connectors when type is `.pagerduty`.
+      type: object
+      properties:
+        apiUrl:
+          description: The PagerDuty event URL.
+          type: string
+          nullable: true
+          example: https://events.pagerduty.com/v2/enqueue
+    sentinelone_config:
+      title: Connector request properties for a SentinelOne connector
+      required:
+        - url
+      description: Defines properties for connectors when type is `.sentinelone`.
+      type: object
+      properties:
+        url:
+          description: |
+            The SentinelOne tenant URL. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts.
+          type: string
+    servicenow_config:
+      title: Connector request properties for a ServiceNow ITSM connector
+      required:
+        - apiUrl
+      description: Defines properties for connectors when type is `.servicenow`.
+      type: object
+      properties:
+        apiUrl:
+          type: string
+          description: The ServiceNow instance URL.
+        clientId:
+          description: |
+            The client ID assigned to your OAuth application. This property is required when `isOAuth` is `true`.
+          type: string
+        isOAuth:
+          description: |
+            The type of authentication to use. The default value is false, which means basic authentication is used instead of open authorization (OAuth).
+          default: false
+          type: boolean
+        jwtKeyId:
+          description: |
+            The key identifier assigned to the JWT verifier map of your OAuth application. This property is required when `isOAuth` is `true`.
+          type: string
+        userIdentifierValue:
+          description: |
+            The identifier to use for OAuth authentication. This identifier should be the user field you selected when you created an OAuth JWT API endpoint for external clients in your ServiceNow instance. For example, if the selected user field is `Email`, the user identifier should be the user's email address. This property is required when `isOAuth` is `true`.
+          type: string
+        usesTableApi:
+          description: |
+            Determines whether the connector uses the Table API or the Import Set API. This property is supported only for ServiceNow ITSM and ServiceNow SecOps connectors.  NOTE: If this property is set to `false`, the Elastic application should be installed in ServiceNow.
+          default: true
+          type: boolean
+    servicenow_itom_config:
+      title: Connector request properties for a ServiceNow ITOM connector
+      required:
+        - apiUrl
+      description: Defines properties for connectors when type is `.servicenow-itom`.
+      type: object
+      properties:
+        apiUrl:
+          type: string
+          description: The ServiceNow instance URL.
+        clientId:
+          description: |
+            The client ID assigned to your OAuth application. This property is required when `isOAuth` is `true`.
+          type: string
+        isOAuth:
+          description: |
+            The type of authentication to use. The default value is false, which means basic authentication is used instead of open authorization (OAuth).
+          default: false
+          type: boolean
+        jwtKeyId:
+          description: |
+            The key identifier assigned to the JWT verifier map of your OAuth application. This property is required when `isOAuth` is `true`.
+          type: string
+        userIdentifierValue:
+          description: |
+            The identifier to use for OAuth authentication. This identifier should be the user field you selected when you created an OAuth JWT API endpoint for external clients in your ServiceNow instance. For example, if the selected user field is `Email`, the user identifier should be the user's email address. This property is required when `isOAuth` is `true`.
+          type: string
+    slack_api_config:
+      title: Connector request properties for a Slack connector
+      description: Defines properties for connectors when type is `.slack_api`.
+      type: object
+      properties:
+        allowedChannels:
+          type: array
+          description: A list of valid Slack channels.
+          items:
+            type: object
+            required:
+              - id
+              - name
+            maxItems: 25
+            properties:
+              id:
+                type: string
+                description: The Slack channel ID.
+                example: C123ABC456
+                minLength: 1
+              name:
+                type: string
+                description: The Slack channel name.
+                minLength: 1
+    swimlane_config:
+      title: Connector request properties for a Swimlane connector
+      required:
+        - apiUrl
+        - appId
+        - connectorType
+      description: Defines properties for connectors when type is `.swimlane`.
+      type: object
+      properties:
+        apiUrl:
+          description: The Swimlane instance URL.
+          type: string
+        appId:
+          description: The Swimlane application ID.
+          type: string
+        connectorType:
+          description: The type of connector. Valid values are `all`, `alerts`, and `cases`.
+          type: string
+          enum:
+            - all
+            - alerts
+            - cases
+        mappings:
+          title: Connector mappings properties for a Swimlane connector
+          description: The field mapping.
+          type: object
+          properties:
+            alertIdConfig:
+              title: Alert identifier mapping
+              description: Mapping for the alert ID.
+              type: object
+              required:
+                - fieldType
+                - id
+                - key
+                - name
+              properties:
+                fieldType:
+                  type: string
+                  description: The type of field in Swimlane.
+                id:
+                  type: string
+                  description: The identifier for the field in Swimlane.
+                key:
+                  type: string
+                  description: The key for the field in Swimlane.
+                name:
+                  type: string
+                  description: The name of the field in Swimlane.
+            caseIdConfig:
+              title: Case identifier mapping
+              description: Mapping for the case ID.
+              type: object
+              required:
+                - fieldType
+                - id
+                - key
+                - name
+              properties:
+                fieldType:
+                  type: string
+                  description: The type of field in Swimlane.
+                id:
+                  type: string
+                  description: The identifier for the field in Swimlane.
+                key:
+                  type: string
+                  description: The key for the field in Swimlane.
+                name:
+                  type: string
+                  description: The name of the field in Swimlane.
+            caseNameConfig:
+              title: Case name mapping
+              description: Mapping for the case name.
+              type: object
+              required:
+                - fieldType
+                - id
+                - key
+                - name
+              properties:
+                fieldType:
+                  type: string
+                  description: The type of field in Swimlane.
+                id:
+                  type: string
+                  description: The identifier for the field in Swimlane.
+                key:
+                  type: string
+                  description: The key for the field in Swimlane.
+                name:
+                  type: string
+                  description: The name of the field in Swimlane.
+            commentsConfig:
+              title: Case comment mapping
+              description: Mapping for the case comments.
+              type: object
+              required:
+                - fieldType
+                - id
+                - key
+                - name
+              properties:
+                fieldType:
+                  type: string
+                  description: The type of field in Swimlane.
+                id:
+                  type: string
+                  description: The identifier for the field in Swimlane.
+                key:
+                  type: string
+                  description: The key for the field in Swimlane.
+                name:
+                  type: string
+                  description: The name of the field in Swimlane.
+            descriptionConfig:
+              title: Case description mapping
+              description: Mapping for the case description.
+              type: object
+              required:
+                - fieldType
+                - id
+                - key
+                - name
+              properties:
+                fieldType:
+                  type: string
+                  description: The type of field in Swimlane.
+                id:
+                  type: string
+                  description: The identifier for the field in Swimlane.
+                key:
+                  type: string
+                  description: The key for the field in Swimlane.
+                name:
+                  type: string
+                  description: The name of the field in Swimlane.
+            ruleNameConfig:
+              title: Rule name mapping
+              description: Mapping for the name of the alert's rule.
+              type: object
+              required:
+                - fieldType
+                - id
+                - key
+                - name
+              properties:
+                fieldType:
+                  type: string
+                  description: The type of field in Swimlane.
+                id:
+                  type: string
+                  description: The identifier for the field in Swimlane.
+                key:
+                  type: string
+                  description: The key for the field in Swimlane.
+                name:
+                  type: string
+                  description: The name of the field in Swimlane.
+            severityConfig:
+              title: Severity mapping
+              description: Mapping for the severity.
+              type: object
+              required:
+                - fieldType
+                - id
+                - key
+                - name
+              properties:
+                fieldType:
+                  type: string
+                  description: The type of field in Swimlane.
+                id:
+                  type: string
+                  description: The identifier for the field in Swimlane.
+                key:
+                  type: string
+                  description: The key for the field in Swimlane.
+                name:
+                  type: string
+                  description: The name of the field in Swimlane.
+    thehive_config:
+      title: Connector request properties for a TheHive connector
+      description: Defines configuration properties for connectors when type is `.thehive`.
+      type: object
+      required:
+        - url
+      properties:
+        organisation:
+          type: string
+          description: |
+            The organisation in TheHive that will contain the alerts or cases. By default, the connector uses the default organisation of the user account that created the API key.
+        url:
+          type: string
+          description: |
+            The instance URL in TheHive. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts.
+    tines_config:
+      title: Connector request properties for a Tines connector
+      description: Defines properties for connectors when type is `.tines`.
+      type: object
+      required:
+        - url
+      properties:
+        url:
+          description: |
+            The Tines tenant URL. If you are using the `xpack.actions.allowedHosts` setting, make sure this hostname is added to the allowed hosts.
+          type: string
+    torq_config:
+      title: Connector request properties for a Torq connector
+      description: Defines properties for connectors when type is `.torq`.
+      type: object
+      required:
+        - webhookIntegrationUrl
+      properties:
+        webhookIntegrationUrl:
+          description: The endpoint URL of the Elastic Security integration in Torq.
+          type: string
+    auth_type:
+      title: Authentication type
+      type: string
+      nullable: true
+      enum:
+        - webhook-authentication-basic
+        - webhook-authentication-ssl
+      description: |
+        The type of authentication to use: basic, SSL, or none.
+    ca:
+      title: Certificate authority
+      type: string
+      description: |
+        A base64 encoded version of the certificate authority file that the connector can trust to sign and validate certificates. This option is available for all authentication types.
+    cert_type:
+      title: Certificate type
+      type: string
+      description: |
+        If the `authType` is `webhook-authentication-ssl`, specifies whether the certificate authentication data is in a CRT and key file format or a PFX file format.
+      enum:
+        - ssl-crt-key
+        - ssl-pfx
+    has_auth:
+      title: Has authentication
+      type: boolean
+      description: If true, a username and password for login type authentication must be provided.
+      default: true
+    verification_mode:
+      title: Verification mode
+      type: string
+      enum:
+        - certificate
+        - full
+        - none
+      default: full
+      description: |
+        Controls the verification of certificates. Use `full` to validate that the certificate has an issue date within the `not_before` and `not_after` dates, chains to a trusted certificate authority (CA), and has a hostname or IP address that matches the names within the certificate. Use `certificate` to validate the certificate and verify that it is signed by a trusted authority; this option does not check the certificate hostname. Use `none` to skip certificate validation.
+    webhook_config:
+      title: Connector request properties for a Webhook connector
+      description: Defines properties for connectors when type is `.webhook`.
+      type: object
+      properties:
+        authType:
+          $ref: '#/components/schemas/auth_type'
+        ca:
+          $ref: '#/components/schemas/ca'
+        certType:
+          $ref: '#/components/schemas/cert_type'
+        hasAuth:
+          $ref: '#/components/schemas/has_auth'
+        headers:
+          type: object
+          nullable: true
+          description: A set of key-value pairs sent as headers with the request.
+        method:
+          type: string
+          default: post
+          enum:
+            - post
+            - put
+          description: |
+            The HTTP request method, either `post` or `put`.
+        url:
+          type: string
+          description: |
+            The request URL. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts.
+        verificationMode:
+          $ref: '#/components/schemas/verification_mode'
+    cases_webhook_config:
+      title: Connector request properties for Webhook - Case Management connector
+      required:
+        - createIncidentJson
+        - createIncidentResponseKey
+        - createIncidentUrl
+        - getIncidentResponseExternalTitleKey
+        - getIncidentUrl
+        - updateIncidentJson
+        - updateIncidentUrl
+        - viewIncidentUrl
+      description: Defines properties for connectors when type is `.cases-webhook`.
+      type: object
+      properties:
+        authType:
+          $ref: '#/components/schemas/auth_type'
+        ca:
+          $ref: '#/components/schemas/ca'
+        certType:
+          $ref: '#/components/schemas/cert_type'
+        createCommentJson:
+          type: string
+          description: |
+            A JSON payload sent to the create comment URL to create a case comment. You can use variables to add Kibana Cases data to the payload. The required variable is `case.comment`. Due to Mustache template variables (the text enclosed in triple braces, for example, `{{{case.title}}}`), the JSON is not validated when you create the connector. The JSON is validated once the Mustache variables have been placed when the REST method runs. Manually ensure that the JSON is valid, disregarding the Mustache variables, so the later validation will pass.
+          example: '{"body": {{{case.comment}}}}'
+        createCommentMethod:
+          type: string
+          description: |
+            The REST API HTTP request method to create a case comment in the third-party system. Valid values are `patch`, `post`, and `put`.
+          default: put
+          enum:
+            - patch
+            - post
+            - put
+        createCommentUrl:
+          type: string
+          description: |
+            The REST API URL to create a case comment by ID in the third-party system. You can use a variable to add the external system ID to the URL. If you are using the `xpack.actions.allowedHosts setting`, add the hostname to the allowed hosts.
+          example: https://example.com/issue/{{{external.system.id}}}/comment
+        createIncidentJson:
+          type: string
+          description: |
+            A JSON payload sent to the create case URL to create a case. You can use variables to add case data to the payload. Required variables are `case.title` and `case.description`. Due to Mustache template variables (which is the text enclosed in triple braces, for example, `{{{case.title}}}`), the JSON is not validated when you create the connector. The JSON is validated after the Mustache variables have been placed when REST method runs. Manually ensure that the JSON is valid to avoid future validation errors; disregard Mustache variables during your review.
+          example: '{"fields": {"summary": {{{case.title}}},"description": {{{case.description}}},"labels": {{{case.tags}}}}}'
+        createIncidentMethod:
+          type: string
+          description: |
+            The REST API HTTP request method to create a case in the third-party system. Valid values are `patch`, `post`, and `put`.
+          enum:
+            - patch
+            - post
+            - put
+          default: post
+        createIncidentResponseKey:
+          type: string
+          description: The JSON key in the create external case response that contains the case ID.
+        createIncidentUrl:
+          type: string
+          description: |
+            The REST API URL to create a case in the third-party system. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts.
+        getIncidentResponseExternalTitleKey:
+          type: string
+          description: The JSON key in get external case response that contains the case title.
+        getIncidentUrl:
+          type: string
+          description: |
+            The REST API URL to get the case by ID from the third-party system. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts. You can use a variable to add the external system ID to the URL. Due to Mustache template variables (the text enclosed in triple braces, for example, `{{{case.title}}}`), the JSON is not validated when you create the connector. The JSON is validated after the Mustache variables have been placed when REST method runs. Manually ensure that the JSON is valid, disregarding the Mustache variables, so the later validation will pass.
+          example: https://example.com/issue/{{{external.system.id}}}
+        hasAuth:
+          $ref: '#/components/schemas/has_auth'
+        headers:
+          type: string
+          description: |
+            A set of key-value pairs sent as headers with the request URLs for the create case, update case, get case, and create comment methods.
+        updateIncidentJson:
+          type: string
+          description: |
+            The JSON payload sent to the update case URL to update the case. You can use variables to add Kibana Cases data to the payload. Required variables are `case.title` and `case.description`. Due to Mustache template variables (which is the text enclosed in triple braces, for example, `{{{case.title}}}`), the JSON is not validated when you create the connector. The JSON is validated after the Mustache variables have been placed when REST method runs. Manually ensure that the JSON is valid to avoid future validation errors; disregard Mustache variables during your review.
+          example: '{"fields": {"summary": {{{case.title}}},"description": {{{case.description}}},"labels": {{{case.tags}}}}}'
+        updateIncidentMethod:
+          type: string
+          description: |
+            The REST API HTTP request method to update the case in the third-party system. Valid values are `patch`, `post`, and `put`.
+          default: put
+          enum:
+            - patch
+            - post
+            - put
+        updateIncidentUrl:
+          type: string
+          description: |
+            The REST API URL to update the case by ID in the third-party system. You can use a variable to add the external system ID to the URL. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts.
+          example: https://example.com/issue/{{{external.system.ID}}}
+        verificationMode:
+          $ref: '#/components/schemas/verification_mode'
+        viewIncidentUrl:
+          type: string
+          description: |
+            The URL to view the case in the external system. You can use variables to add the external system ID or external system title to the URL.
+          example: https://testing-jira.atlassian.net/browse/{{{external.system.title}}}
+    xmatters_config:
+      title: Connector request properties for an xMatters connector
+      description: Defines properties for connectors when type is `.xmatters`.
+      type: object
+      properties:
+        configUrl:
+          description: |
+            The request URL for the Elastic Alerts trigger in xMatters. It is applicable only when `usesBasic` is `true`.
+          type: string
+          nullable: true
+        usesBasic:
+          description: Specifies whether the connector uses HTTP basic authentication (`true`) or URL authentication (`false`).
+          type: boolean
+          default: true
+    bedrock_secrets:
+      title: Connector secrets properties for an Amazon Bedrock connector
+      description: Defines secrets for connectors when type is `.bedrock`.
+      type: object
+      required:
+        - accessKey
+        - secret
+      properties:
+        accessKey:
+          type: string
+          description: The AWS access key for authentication.
+        secret:
+          type: string
+          description: The AWS secret for authentication.
+    crowdstrike_secrets:
+      title: Connector secrets properties for a Crowdstrike connector
+      description: Defines secrets for connectors when type is `.crowdstrike`.
+      type: object
+      required:
+        - clientId
+        - clientSecret
+      properties:
+        clientId:
+          description: The CrowdStrike API client identifier.
+          type: string
+        clientSecret:
+          description: The CrowdStrike API client secret to authenticate the `clientId`.
+          type: string
+    d3security_secrets:
+      title: Connector secrets properties for a D3 Security connector
+      description: Defines secrets for connectors when type is `.d3security`.
+      required:
+        - token
+      type: object
+      properties:
+        token:
+          type: string
+          description: The D3 Security token.
+    email_secrets:
+      title: Connector secrets properties for an email connector
+      description: Defines secrets for connectors when type is `.email`.
+      type: object
+      properties:
+        clientSecret:
+          type: string
+          description: |
+            The Microsoft Exchange Client secret for OAuth 2.0 client credentials authentication. It must be URL-encoded. If `service` is `exchange_server`, this property is required.
+        password:
+          type: string
+          description: |
+            The password for HTTP basic authentication. If `hasAuth` is set to `true`, this property is required.
+        user:
+          type: string
+          description: |
+            The username for HTTP basic authentication. If `hasAuth` is set to `true`, this property is required.
+    gemini_secrets:
+      title: Connector secrets properties for a Google Gemini connector
+      description: Defines secrets for connectors when type is `.gemini`.
+      type: object
+      required:
+        - credentialsJson
+      properties:
+        credentialsJson:
+          type: string
+          description: The service account credentials JSON file. The service account should have Vertex AI user IAM role assigned to it.
+    resilient_secrets:
+      title: Connector secrets properties for IBM Resilient connector
+      required:
+        - apiKeyId
+        - apiKeySecret
+      description: Defines secrets for connectors when type is `.resilient`.
+      type: object
+      properties:
+        apiKeyId:
+          type: string
+          description: The authentication key ID for HTTP Basic authentication.
+        apiKeySecret:
+          type: string
+          description: The authentication key secret for HTTP Basic authentication.
+    jira_secrets:
+      title: Connector secrets properties for a Jira connector
+      required:
+        - apiToken
+        - email
+      description: Defines secrets for connectors when type is `.jira`.
+      type: object
+      properties:
+        apiToken:
+          description: The Jira API authentication token for HTTP basic authentication.
+          type: string
+        email:
+          description: The account email for HTTP Basic authentication.
+          type: string
+    teams_secrets:
+      title: Connector secrets properties for a Microsoft Teams connector
+      description: Defines secrets for connectors when type is `.teams`.
+      type: object
+      required:
+        - webhookUrl
+      properties:
+        webhookUrl:
+          type: string
+          description: |
+            The URL of the incoming webhook. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts.
+    genai_secrets:
+      title: Connector secrets properties for an OpenAI connector
+      description: Defines secrets for connectors when type is `.gen-ai`.
+      type: object
+      properties:
+        apiKey:
+          type: string
+          description: The OpenAI API key.
+    opsgenie_secrets:
+      title: Connector secrets properties for an Opsgenie connector
+      required:
+        - apiKey
+      description: Defines secrets for connectors when type is `.opsgenie`.
+      type: object
+      properties:
+        apiKey:
+          description: The Opsgenie API authentication key for HTTP Basic authentication.
+          type: string
+    pagerduty_secrets:
+      title: Connector secrets properties for a PagerDuty connector
+      description: Defines secrets for connectors when type is `.pagerduty`.
+      type: object
+      required:
+        - routingKey
+      properties:
+        routingKey:
+          description: |
+            A 32 character PagerDuty Integration Key for an integration on a service.
+          type: string
+    sentinelone_secrets:
+      title: Connector secrets properties for a SentinelOne connector
+      description: Defines secrets for connectors when type is `.sentinelone`.
+      type: object
+      required:
+        - token
+      properties:
+        token:
+          description: The A SentinelOne API token.
+          type: string
+    servicenow_secrets:
+      title: Connector secrets properties for ServiceNow ITOM, ServiceNow ITSM, and ServiceNow SecOps connectors
+      description: Defines secrets for connectors when type is `.servicenow`, `.servicenow-sir`, or `.servicenow-itom`.
+      type: object
+      properties:
+        clientSecret:
+          type: string
+          description: The client secret assigned to your OAuth application. This property is required when `isOAuth` is `true`.
+        password:
+          type: string
+          description: The password for HTTP basic authentication. This property is required when `isOAuth` is `false`.
+        privateKey:
+          type: string
+          description: The RSA private key that you created for use in ServiceNow. This property is required when `isOAuth` is `true`.
+        privateKeyPassword:
+          type: string
+          description: The password for the RSA private key. This property is required when `isOAuth` is `true` and you set a password on your private key.
+        username:
+          type: string
+          description: The username for HTTP basic authentication. This property is required when `isOAuth` is `false`.
+    slack_api_secrets:
+      title: Connector secrets properties for a Web API Slack connector
+      description: Defines secrets for connectors when type is `.slack`.
+      required:
+        - token
+      type: object
+      properties:
+        token:
+          type: string
+          description: Slack bot user OAuth token.
+    swimlane_secrets:
+      title: Connector secrets properties for a Swimlane connector
+      description: Defines secrets for connectors when type is `.swimlane`.
+      type: object
+      properties:
+        apiToken:
+          description: Swimlane API authentication token.
+          type: string
+    thehive_secrets:
+      title: Connector secrets properties for a TheHive connector
+      description: Defines secrets for connectors when type is `.thehive`.
+      required:
+        - apiKey
+      type: object
+      properties:
+        apiKey:
+          type: string
+          description: The API key for authentication in TheHive.
+    tines_secrets:
+      title: Connector secrets properties for a Tines connector
+      description: Defines secrets for connectors when type is `.tines`.
+      type: object
+      required:
+        - email
+        - token
+      properties:
+        email:
+          description: The email used to sign in to Tines.
+          type: string
+        token:
+          description: The Tines API token.
+          type: string
+    torq_secrets:
+      title: Connector secrets properties for a Torq connector
+      description: Defines secrets for connectors when type is `.torq`.
+      type: object
+      required:
+        - token
+      properties:
+        token:
+          description: The secret of the webhook authentication header.
+          type: string
+    crt:
+      title: Certificate
+      type: string
+      description: If `authType` is `webhook-authentication-ssl` and `certType` is `ssl-crt-key`, it is a base64 encoded version of the CRT or CERT file.
+    key:
+      title: Certificate key
+      type: string
+      description: If `authType` is `webhook-authentication-ssl` and `certType` is `ssl-crt-key`, it is a base64 encoded version of the KEY file.
+    pfx:
+      title: Personal information exchange
+      type: string
+      description: If `authType` is `webhook-authentication-ssl` and `certType` is `ssl-pfx`, it is a base64 encoded version of the PFX or P12 file.
+    webhook_secrets:
+      title: Connector secrets properties for a Webhook connector
+      description: Defines secrets for connectors when type is `.webhook`.
+      type: object
+      properties:
+        crt:
+          $ref: '#/components/schemas/crt'
+        key:
+          $ref: '#/components/schemas/key'
+        pfx:
+          $ref: '#/components/schemas/pfx'
+        password:
+          type: string
+          description: |
+            The password for HTTP basic authentication or the passphrase for the SSL certificate files. If `hasAuth` is set to `true` and `authType` is `webhook-authentication-basic`, this property is required.
+        user:
+          type: string
+          description: |
+            The username for HTTP basic authentication. If `hasAuth` is set to `true`  and `authType` is `webhook-authentication-basic`, this property is required.
+    cases_webhook_secrets:
+      title: Connector secrets properties for Webhook - Case Management connector
+      type: object
+      properties:
+        crt:
+          $ref: '#/components/schemas/crt'
+        key:
+          $ref: '#/components/schemas/key'
+        pfx:
+          $ref: '#/components/schemas/pfx'
+        password:
+          type: string
+          description: |
+            The password for HTTP basic authentication. If `hasAuth` is set to `true` and and `authType` is `webhook-authentication-basic`, this property is required.
+        user:
+          type: string
+          description: |
+            The username for HTTP basic authentication. If `hasAuth` is set to `true` and `authType` is `webhook-authentication-basic`, this property is required.
+    xmatters_secrets:
+      title: Connector secrets properties for an xMatters connector
+      description: Defines secrets for connectors when type is `.xmatters`.
+      type: object
+      properties:
+        password:
+          description: |
+            A user name for HTTP basic authentication. It is applicable only when `usesBasic` is `true`.
+          type: string
+        secretsUrl:
+          description: |
+            The request URL for the Elastic Alerts trigger in xMatters with the API key included in the URL. It is applicable only when `usesBasic` is `false`.
+          type: string
+        user:
+          description: |
+            A password for HTTP basic authentication. It is applicable only when `usesBasic` is `true`.
+          type: string
+    run_acknowledge_resolve_pagerduty:
+      title: PagerDuty connector parameters
+      description: Test an action that acknowledges or resolves a PagerDuty alert.
+      type: object
+      required:
+        - dedupKey
+        - eventAction
+      properties:
+        dedupKey:
+          description: The deduplication key for the PagerDuty alert.
+          type: string
+          maxLength: 255
+        eventAction:
+          description: The type of event.
+          type: string
+          enum:
+            - acknowledge
+            - resolve
+    run_documents:
+      title: Index connector parameters
+      description: Test an action that indexes a document into Elasticsearch.
+      type: object
+      required:
+        - documents
+      properties:
+        documents:
+          type: array
+          description: The documents in JSON format for index connectors.
+          items:
+            type: object
+            additionalProperties: true
+    run_message_email:
+      title: Email connector parameters
+      description: |
+        Test an action that sends an email message. There must be at least one recipient in `to`, `cc`, or `bcc`.
+      type: object
+      required:
+        - message
+        - subject
+        - anyOf:
+            - to
+            - cc
+            - bcc
+      properties:
+        bcc:
+          type: array
+          items:
+            type: string
+          description: |
+            A list of "blind carbon copy" email addresses. Addresses can be specified in `user@host-name` format or in name `<user@host-name>` format
+        cc:
+          type: array
+          items:
+            type: string
+          description: |
+            A list of "carbon copy" email addresses. Addresses can be specified in `user@host-name` format or in name `<user@host-name>` format 
+        message:
+          type: string
+          description: The email message text. Markdown format is supported.
+        subject:
+          type: string
+          description: The subject line of the email.
+        to:
+          type: array
+          description: |
+            A list of email addresses. Addresses can be specified in `user@host-name` format or in name `<user@host-name>` format.
+          items:
+            type: string
+    run_message_serverlog:
+      title: Server log connector parameters
+      description: Test an action that writes an entry to the Kibana server log.
+      type: object
+      required:
+        - message
+      properties:
+        level:
+          type: string
+          description: The log level of the message for server log connectors.
+          enum:
+            - debug
+            - error
+            - fatal
+            - info
+            - trace
+            - warn
+          default: info
+        message:
+          type: string
+          description: The message for server log connectors.
+    run_message_slack:
+      title: Slack connector parameters
+      description: |
+        Test an action that sends a message to Slack. It is applicable only when the connector type is `.slack`.
+      type: object
+      required:
+        - message
+      properties:
+        message:
+          type: string
+          description: The Slack message text, which cannot contain Markdown, images, or other advanced formatting.
+    run_trigger_pagerduty:
+      title: PagerDuty connector parameters
+      description: Test an action that triggers a PagerDuty alert.
+      type: object
+      required:
+        - eventAction
+      properties:
+        class:
+          description: The class or type of the event.
+          type: string
+          example: cpu load
+        component:
+          description: The component of the source machine that is responsible for the event.
+          type: string
+          example: eth0
+        customDetails:
+          description: Additional details to add to the event.
+          type: object
+        dedupKey:
+          description: |
+            All actions sharing this key will be associated with the same PagerDuty alert. This value is used to correlate trigger and resolution.
+          type: string
+          maxLength: 255
+        eventAction:
+          description: The type of event.
+          type: string
+          enum:
+            - trigger
+        group:
+          description: The logical grouping of components of a service.
+          type: string
+          example: app-stack
+        links:
+          description: A list of links to add to the event.
+          type: array
+          items:
+            type: object
+            properties:
+              href:
+                description: The URL for the link.
+                type: string
+              text:
+                description: A plain text description of the purpose of the link.
+                type: string
+        severity:
+          description: The severity of the event on the affected system.
+          type: string
+          enum:
+            - critical
+            - error
+            - info
+            - warning
+          default: info
+        source:
+          description: |
+            The affected system, such as a hostname or fully qualified domain name. Defaults to the Kibana saved object id of the action.
+          type: string
+        summary:
+          description: A summery of the event.
+          type: string
+          maxLength: 1024
+        timestamp:
+          description: An ISO-8601 timestamp that indicates when the event was detected or generated.
+          type: string
+          format: date-time
+    run_addevent:
+      title: The addEvent subaction
+      type: object
+      required:
+        - subAction
+      description: The `addEvent` subaction for ServiceNow ITOM connectors.
+      properties:
+        subAction:
+          type: string
+          description: The action to test.
+          enum:
+            - addEvent
+        subActionParams:
+          type: object
+          description: The set of configuration properties for the action.
+          properties:
+            additional_info:
+              type: string
+              description: Additional information about the event.
+            description:
+              type: string
+              description: The details about the event.
+            event_class:
+              type: string
+              description: A specific instance of the source.
+            message_key:
+              type: string
+              description: All actions sharing this key are associated with the same ServiceNow alert. The default value is `<rule ID>:<alert instance ID>`.
+            metric_name:
+              type: string
+              description: The name of the metric.
+            node:
+              type: string
+              description: The host that the event was triggered for.
+            resource:
+              type: string
+              description: The name of the resource.
+            severity:
+              type: string
+              description: The severity of the event.
+            source:
+              type: string
+              description: The name of the event source type.
+            time_of_event:
+              type: string
+              description: The time of the event.
+            type:
+              type: string
+              description: The type of event.
+    run_closealert:
+      title: The closeAlert subaction
+      type: object
+      required:
+        - subAction
+        - subActionParams
+      description: The `closeAlert` subaction for Opsgenie connectors.
+      properties:
+        subAction:
+          type: string
+          description: The action to test.
+          enum:
+            - closeAlert
+        subActionParams:
+          type: object
+          required:
+            - alias
+          properties:
+            alias:
+              type: string
+              description: The unique identifier used for alert deduplication in Opsgenie. The alias must match the value used when creating the alert.
+            note:
+              type: string
+              description: Additional information for the alert.
+            source:
+              type: string
+              description: The display name for the source of the alert.
+            user:
+              type: string
+              description: The display name for the owner.
+    run_closeincident:
+      title: The closeIncident subaction
+      type: object
+      required:
+        - subAction
+        - subActionParams
+      description: The `closeIncident` subaction for ServiceNow ITSM connectors.
+      properties:
+        subAction:
+          type: string
+          description: The action to test.
+          enum:
+            - closeIncident
+        subActionParams:
+          type: object
+          required:
+            - incident
+          properties:
+            incident:
+              type: object
+              anyOf:
+                - required:
+                    - correlation_id
+                - required:
+                    - externalId
+              properties:
+                correlation_id:
+                  type: string
+                  nullable: true
+                  description: |
+                    An identifier that is assigned to the incident when it is created by the connector. NOTE: If you use the default value and the rule generates multiple alerts that use the same alert IDs, the latest open incident for this correlation ID is closed unless you specify the external ID.
+                  maxLength: 100
+                  default: '{{rule.id}}:{{alert.id}}'
+                externalId:
+                  type: string
+                  nullable: true
+                  description: The unique identifier (`incidentId`) for the incident in ServiceNow.
+    run_createalert:
+      title: The createAlert subaction
+      type: object
+      required:
+        - subAction
+        - subActionParams
+      description: The `createAlert` subaction for Opsgenie and TheHive connectors.
+      properties:
+        subAction:
+          type: string
+          description: The action to test.
+          enum:
+            - createAlert
+        subActionParams:
+          type: object
+          properties:
+            actions:
+              type: array
+              description: The custom actions available to the alert in Opsgenie connectors.
+              items:
+                type: string
+            alias:
+              type: string
+              description: The unique identifier used for alert deduplication in Opsgenie.
+            description:
+              type: string
+              description: A description that provides detailed information about the alert.
+            details:
+              type: object
+              description: The custom properties of the alert in Opsgenie connectors.
+              additionalProperties: true
+              example:
+                key1: value1
+                key2: value2
+            entity:
+              type: string
+              description: The domain of the alert in Opsgenie connectors. For example, the application or server name.
+            message:
+              type: string
+              description: The alert message in Opsgenie connectors.
+            note:
+              type: string
+              description: Additional information for the alert in Opsgenie connectors.
+            priority:
+              type: string
+              description: The priority level for the alert in Opsgenie connectors.
+              enum:
+                - P1
+                - P2
+                - P3
+                - P4
+                - P5
+            responders:
+              type: array
+              description: |
+                The entities to receive notifications about the alert in Opsgenie connectors. If `type` is `user`, either `id` or `username` is required. If `type` is `team`, either `id` or `name` is required.
+              items:
+                type: object
+                properties:
+                  id:
+                    type: string
+                    description: The identifier for the entity.
+                  name:
+                    type: string
+                    description: The name of the entity.
+                  type:
+                    type: string
+                    description: The type of responders, in this case `escalation`.
+                    enum:
+                      - escalation
+                      - schedule
+                      - team
+                      - user
+                  username:
+                    type: string
+                    description: A valid email address for the user.
+            severity:
+              type: integer
+              minimum: 1
+              maximum: 4
+              description: |
+                The severity of the incident for TheHive connectors. The value ranges from 1 (low) to 4 (critical) with a default value of 2 (medium).
+            source:
+              type: string
+              description: The display name for the source of the alert in Opsgenie and TheHive connectors.
+            sourceRef:
+              type: string
+              description: A source reference for the alert in TheHive connectors.
+            tags:
+              type: array
+              description: The tags for the alert in Opsgenie and TheHive connectors.
+              items:
+                type: string
+            title:
+              type: string
+              description: |
+                A title for the incident for TheHive connectors. It is used for searching the contents of the knowledge base.
+            tlp:
+              type: integer
+              minimum: 0
+              maximum: 4
+              default: 2
+              description: |
+                The traffic light protocol designation for the incident in TheHive connectors. Valid values include: 0 (clear), 1 (green), 2 (amber), 3 (amber and strict), and 4 (red).
+            type:
+              type: string
+              description: The type of alert in TheHive connectors.
+            user:
+              type: string
+              description: The display name for the owner.
+            visibleTo:
+              type: array
+              description: The teams and users that the alert will be visible to without sending a notification. Only one of `id`, `name`, or `username` is required.
+              items:
+                type: object
+                required:
+                  - type
+                properties:
+                  id:
+                    type: string
+                    description: The identifier for the entity.
+                  name:
+                    type: string
+                    description: The name of the entity.
+                  type:
+                    type: string
+                    description: Valid values are `team` and `user`.
+                    enum:
+                      - team
+                      - user
+                  username:
+                    type: string
+                    description: The user name. This property is required only when the `type` is `user`.
+    run_fieldsbyissuetype:
+      title: The fieldsByIssueType subaction
+      type: object
+      required:
+        - subAction
+        - subActionParams
+      description: The `fieldsByIssueType` subaction for Jira connectors.
+      properties:
+        subAction:
+          type: string
+          description: The action to test.
+          enum:
+            - fieldsByIssueType
+        subActionParams:
+          type: object
+          required:
+            - id
+          properties:
+            id:
+              type: string
+              description: The Jira issue type identifier.
+              example: 10024
+    run_getchoices:
+      title: The getChoices subaction
+      type: object
+      required:
+        - subAction
+        - subActionParams
+      description: The `getChoices` subaction for ServiceNow ITOM, ServiceNow ITSM, and ServiceNow SecOps connectors.
+      properties:
+        subAction:
+          type: string
+          description: The action to test.
+          enum:
+            - getChoices
+        subActionParams:
+          type: object
+          description: The set of configuration properties for the action.
+          required:
+            - fields
+          properties:
+            fields:
+              type: array
+              description: An array of fields.
+              items:
+                type: string
+    run_getfields:
+      title: The getFields subaction
+      type: object
+      required:
+        - subAction
+      description: The `getFields` subaction for Jira, ServiceNow ITSM, and ServiceNow SecOps connectors.
+      properties:
+        subAction:
+          type: string
+          description: The action to test.
+          enum:
+            - getFields
+    run_getincident:
+      title: The getIncident subaction
+      type: object
+      description: The `getIncident` subaction for Jira, ServiceNow ITSM, and ServiceNow SecOps connectors.
+      required:
+        - subAction
+        - subActionParams
+      properties:
+        subAction:
+          type: string
+          description: The action to test.
+          enum:
+            - getIncident
+        subActionParams:
+          type: object
+          required:
+            - externalId
+          properties:
+            externalId:
+              type: string
+              description: The Jira, ServiceNow ITSM, or ServiceNow SecOps issue identifier.
+              example: 71778
+    run_issue:
+      title: The issue subaction
+      type: object
+      required:
+        - subAction
+      description: The `issue` subaction for Jira connectors.
+      properties:
+        subAction:
+          type: string
+          description: The action to test.
+          enum:
+            - issue
+        subActionParams:
+          type: object
+          required:
+            - id
+          properties:
+            id:
+              type: string
+              description: The Jira issue identifier.
+              example: 71778
+    run_issues:
+      title: The issues subaction
+      type: object
+      required:
+        - subAction
+        - subActionParams
+      description: The `issues` subaction for Jira connectors.
+      properties:
+        subAction:
+          type: string
+          description: The action to test.
+          enum:
+            - issues
+        subActionParams:
+          type: object
+          required:
+            - title
+          properties:
+            title:
+              type: string
+              description: The title of the Jira issue.
+    run_issuetypes:
+      title: The issueTypes subaction
+      type: object
+      required:
+        - subAction
+      description: The `issueTypes` subaction for Jira connectors.
+      properties:
+        subAction:
+          type: string
+          description: The action to test.
+          enum:
+            - issueTypes
+    run_postmessage:
+      title: The postMessage subaction
+      type: object
+      description: |
+        Test an action that sends a message to Slack. It is applicable only when the connector type is `.slack_api`.
+      required:
+        - subAction
+        - subActionParams
+      properties:
+        subAction:
+          type: string
+          description: The action to test.
+          enum:
+            - postMessage
+        subActionParams:
+          type: object
+          description: The set of configuration properties for the action.
+          properties:
+            channelIds:
+              type: array
+              maxItems: 1
+              description: |
+                The Slack channel identifier, which must be one of the `allowedChannels` in the connector configuration.
+              items:
+                type: string
+            channels:
+              type: array
+              deprecated: true
+              description: |
+                The name of a channel that your Slack app has access to.
+              maxItems: 1
+              items:
+                type: string
+            text:
+              type: string
+              description: |
+                The Slack message text. If it is a Slack webhook connector, the text cannot contain Markdown, images, or other advanced formatting. If it is a Slack web API connector, it can contain either plain text or block kit messages.
+              minLength: 1
+    run_pushtoservice:
+      title: The pushToService subaction
+      type: object
+      required:
+        - subAction
+        - subActionParams
+      description: The `pushToService` subaction for Jira, ServiceNow ITSM, ServiceNow SecOps, Swimlane, TheHive, and Webhook - Case Management connectors.
+      properties:
+        subAction:
+          type: string
+          description: The action to test.
+          enum:
+            - pushToService
+        subActionParams:
+          type: object
+          description: The set of configuration properties for the action.
+          properties:
+            comments:
+              type: array
+              description: Additional information that is sent to Jira, ServiceNow ITSM, ServiceNow SecOps, Swimlane, or TheHive.
+              items:
+                type: object
+                properties:
+                  comment:
+                    type: string
+                    description: A comment related to the incident. For example, describe how to troubleshoot the issue.
+                  commentId:
+                    type: integer
+                    description: A unique identifier for the comment.
+            incident:
+              type: object
+              description: Information necessary to create or update a Jira, ServiceNow ITSM, ServiveNow SecOps, Swimlane, or TheHive incident.
+              properties:
+                additional_fields:
+                  type: string
+                  nullable: true
+                  maxLength: 20
+                  description: |
+                    Additional fields for ServiceNow ITSM and ServiveNow SecOps connectors. The fields must exist in the Elastic ServiceNow application and must be specified in JSON format.
+                alertId:
+                  type: string
+                  description: The alert identifier for Swimlane connectors.
+                caseId:
+                  type: string
+                  description: The case identifier for the incident for Swimlane connectors.
+                caseName:
+                  type: string
+                  description: The case name for the incident for Swimlane connectors.
+                category:
+                  type: string
+                  description: The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors.
+                correlation_display:
+                  type: string
+                  description: A descriptive label of the alert for correlation purposes for ServiceNow ITSM and ServiceNow SecOps connectors.
+                correlation_id:
+                  type: string
+                  description: |
+                    The correlation identifier for the security incident for ServiceNow ITSM and ServiveNow SecOps connectors. Connectors using the same correlation ID are associated with the same ServiceNow incident. This value determines whether a new ServiceNow incident is created or an existing one is updated. Modifying this value is optional; if not modified, the rule ID and alert ID are combined as `{{ruleID}}:{{alert ID}}` to form the correlation ID value in ServiceNow. The maximum character length for this value is 100 characters. NOTE: Using the default configuration of `{{ruleID}}:{{alert ID}}` ensures that ServiceNow creates a separate incident record for every generated alert that uses a unique alert ID. If the rule generates multiple alerts that use the same alert IDs, ServiceNow creates and continually updates a single incident record for the alert.
+                description:
+                  type: string
+                  description: The description of the incident for Jira, ServiceNow ITSM, ServiceNow SecOps, Swimlane, TheHive, and Webhook - Case Management connectors.
+                dest_ip:
+                  description: |
+                    A list of destination IP addresses related to the security incident for ServiceNow SecOps connectors. The IPs are added as observables to the security incident.
+                  oneOf:
+                    - type: string
+                    - type: array
+                      items:
+                        type: string
+                externalId:
+                  type: string
+                  description: |
+                    The Jira, ServiceNow ITSM, or ServiceNow SecOps issue identifier. If present, the incident is updated. Otherwise, a new incident is created.
+                id:
+                  type: string
+                  description: The external case identifier for Webhook - Case Management connectors.
+                impact:
+                  type: string
+                  description: The impact of the incident for ServiceNow ITSM connectors.
+                issueType:
+                  type: integer
+                  description: The type of incident for Jira connectors. For example, 10006. To obtain the list of valid values, set `subAction` to `issueTypes`.
+                labels:
+                  type: array
+                  items:
+                    type: string
+                  description: |
+                    The labels for the incident for Jira connectors. NOTE: Labels cannot contain spaces.
+                malware_hash:
+                  description: A list of malware hashes related to the security incident for ServiceNow SecOps connectors. The hashes are added as observables to the security incident.
+                  oneOf:
+                    - type: string
+                    - type: array
+                      items:
+                        type: string
+                malware_url:
+                  type: string
+                  description: A list of malware URLs related to the security incident for ServiceNow SecOps connectors. The URLs are added as observables to the security incident.
+                  oneOf:
+                    - type: string
+                    - type: array
+                      items:
+                        type: string
+                otherFields:
+                  type: object
+                  additionalProperties: true
+                  maxProperties: 20
+                  description: |
+                    Custom field identifiers and their values for Jira connectors.
+                parent:
+                  type: string
+                  description: The ID or key of the parent issue for Jira connectors. Applies only to `Sub-task` types of issues.
+                priority:
+                  type: string
+                  description: The priority of the incident in Jira and ServiceNow SecOps connectors.
+                ruleName:
+                  type: string
+                  description: The rule name for Swimlane connectors.
+                severity:
+                  type: integer
+                  description: |
+                    The severity of the incident for ServiceNow ITSM, Swimlane, and TheHive connectors. In TheHive connectors, the severity value ranges from 1 (low) to 4 (critical) with a default value of 2 (medium).
+                short_description:
+                  type: string
+                  description: |
+                    A short description of the incident for ServiceNow ITSM and ServiceNow SecOps connectors. It is used for searching the contents of the knowledge base.
+                source_ip:
+                  description: A list of source IP addresses related to the security incident for ServiceNow SecOps connectors. The IPs are added as observables to the security incident.
+                  oneOf:
+                    - type: string
+                    - type: array
+                      items:
+                        type: string
+                status:
+                  type: string
+                  description: The status of the incident for Webhook - Case Management connectors.
+                subcategory:
+                  type: string
+                  description: The subcategory of the incident for ServiceNow ITSM and ServiceNow SecOps connectors.
+                summary:
+                  type: string
+                  description: A summary of the incident for Jira connectors.
+                tags:
+                  type: array
+                  items:
+                    type: string
+                  description: A list of tags for TheHive and Webhook - Case Management connectors.
+                title:
+                  type: string
+                  description: |
+                    A title for the incident for Jira, TheHive, and Webhook - Case Management connectors. It is used for searching the contents of the knowledge base.
+                tlp:
+                  type: integer
+                  minimum: 0
+                  maximum: 4
+                  default: 2
+                  description: |
+                    The traffic light protocol designation for the incident in TheHive connectors. Valid values include: 0 (clear), 1 (green), 2 (amber), 3 (amber and strict), and 4 (red).
+                urgency:
+                  type: string
+                  description: The urgency of the incident for ServiceNow ITSM connectors.
+    run_validchannelid:
+      title: The validChannelId subaction
+      type: object
+      description: |
+        Retrieves information about a valid Slack channel identifier. It is applicable only when the connector type is `.slack_api`.
+      required:
+        - subAction
+        - subActionParams
+      properties:
+        subAction:
+          type: string
+          description: The action to test.
+          enum:
+            - validChannelId
+        subActionParams:
+          type: object
+          required:
+            - channelId
+          properties:
+            channelId:
+              type: string
+              description: The Slack channel identifier.
+              example: C123ABC456
+    params_property_apm_anomaly:
+      required:
+        - windowSize
+        - windowUnit
+        - environment
+        - anomalySeverityType
+      properties:
+        serviceName:
+          type: string
+          description: The service name from APM
+        transactionType:
+          type: string
+          description: The transaction type from APM
+        windowSize:
+          type: number
+          example: 6
+          description: The window size
+        windowUnit:
+          type: string
+          description: The window size unit
+          enum:
+            - m
+            - h
+            - d
+        environment:
+          type: string
+          description: The environment from APM
+        anomalySeverityType:
+          type: string
+          description: The anomaly threshold value
+          enum:
+            - critical
+            - major
+            - minor
+            - warning
+    params_property_apm_error_count:
+      required:
+        - windowSize
+        - windowUnit
+        - threshold
+        - environment
+      properties:
+        serviceName:
+          type: string
+          description: The service name from APM
+        windowSize:
+          type: number
+          description: The window size
+          example: 6
+        windowUnit:
+          type: string
+          description: The window size unit
+          enum:
+            - m
+            - h
+            - d
+        environment:
+          type: string
+          description: The environment from APM
+        threshold:
+          type: number
+          description: The error count threshold value
+        groupBy:
+          type: array
+          default:
+            - service.name
+            - service.environment
+          uniqueItems: true
+          items:
+            type: string
+            enum:
+              - service.name
+              - service.environment
+              - transaction.name
+              - error.grouping_key
+        errorGroupingKey:
+          type: string
+    params_property_apm_transaction_duration:
+      required:
+        - windowSize
+        - windowUnit
+        - threshold
+        - environment
+        - aggregationType
+      properties:
+        serviceName:
+          type: string
+          description: The service name from APM
+        transactionType:
+          type: string
+          description: The transaction type from APM
+        transactionName:
+          type: string
+          description: The transaction name from APM
+        windowSize:
+          type: number
+          description: The window size
+          example: 6
+        windowUnit:
+          type: string
+          description: ç
+          enum:
+            - m
+            - h
+            - d
+        environment:
+          type: string
+        threshold:
+          type: number
+          description: The latency threshold value
+        groupBy:
+          type: array
+          default:
+            - service.name
+            - service.environment
+            - transaction.type
+          uniqueItems: true
+          items:
+            type: string
+            enum:
+              - service.name
+              - service.environment
+              - transaction.type
+              - transaction.name
+        aggregationType:
+          type: string
+          enum:
+            - avg
+            - 95th
+            - 99th
+    params_property_apm_transaction_error_rate:
+      required:
+        - windowSize
+        - windowUnit
+        - threshold
+        - environment
+      properties:
+        serviceName:
+          type: string
+          description: The service name from APM
+        transactionType:
+          type: string
+          description: The transaction type from APM
+        transactionName:
+          type: string
+          description: The transaction name from APM
+        windowSize:
+          type: number
+          description: The window size
+          example: 6
+        windowUnit:
+          type: string
+          description: The window size unit
+          enum:
+            - m
+            - h
+            - d
+        environment:
+          type: string
+          description: The environment from APM
+        threshold:
+          type: number
+          description: The error rate threshold value
+        groupBy:
+          type: array
+          default:
+            - service.name
+            - service.environment
+            - transaction.type
+          uniqueItems: true
+          items:
+            type: string
+            enum:
+              - service.name
+              - service.environment
+              - transaction.type
+              - transaction.name
+    aggfield:
+      description: |
+        The name of the numeric field that is used in the aggregation. This property is required when `aggType` is `avg`, `max`, `min` or `sum`.
+      type: string
+    aggtype:
+      description: The type of aggregation to perform.
+      type: string
+      enum:
+        - avg
+        - count
+        - max
+        - min
+        - sum
+      default: count
+    excludehitsfrompreviousrun:
+      description: |
+        Indicates whether to exclude matches from previous runs. If `true`, you can avoid alert duplication by excluding documents that have already been detected by the previous rule run. This option is not available when a grouping field is specified.
+      type: boolean
+    groupby:
+      description: |
+        Indicates whether the aggregation is applied over all documents (`all`) or split into groups (`top`) using a grouping field (`termField`). If grouping is used, an alert will be created for each group when it exceeds the threshold; only the top groups (up to `termSize` number of groups) are checked.
+      type: string
+      enum:
+        - all
+        - top
+      default: all
+    size:
+      description: |
+        The number of documents to pass to the configured actions when the threshold condition is met.
+      type: integer
+    termfield:
+      description: |
+        The names of up to four fields that are used for grouping the aggregation. This property is required when `groupBy` is `top`.
+      oneOf:
+        - type: string
+        - type: array
+          items:
+            type: string
+          maxItems: 4
+    termsize:
+      description: |
+        This property is required when `groupBy` is `top`. It specifies the number of groups to check against the threshold and therefore limits the number of alerts on high cardinality fields.
+      type: integer
+    threshold:
+      description: |
+        The threshold value that is used with the `thresholdComparator`. If the `thresholdComparator` is `between` or `notBetween`, you must specify the boundary values.
+      type: array
+      items:
+        type: integer
+        example: 4000
+    thresholdcomparator:
+      description: The comparison function for the threshold. For example, "is above", "is above or equals", "is below", "is below or equals", "is between", and "is not between".
+      type: string
+      enum:
+        - '>'
+        - '>='
+        - <
+        - <=
+        - between
+        - notBetween
+      example: '>'
+    timefield:
+      description: The field that is used to calculate the time window.
+      type: string
+    timewindowsize:
+      description: |
+        The size of the time window (in `timeWindowUnit` units), which determines how far back to search for documents. Generally it should be a value higher than the rule check interval to avoid gaps in detection.
+      type: integer
+      example: 5
+    timewindowunit:
+      description: |
+        The type of units for the time window: seconds, minutes, hours, or days.
+      type: string
+      enum:
+        - s
+        - m
+        - h
+        - d
+      example: m
+    params_es_query_dsl_rule:
+      title: Elasticsearch DSL query rule params
+      description: |
+        An Elasticsearch query rule can run a query defined in Elasticsearch Query DSL and compare the number of matches to a configured threshold. These parameters are appropriate when `rule_type_id` is `.es-query`.
+      type: object
+      required:
+        - esQuery
+        - index
+        - threshold
+        - thresholdComparator
+        - timeField
+        - timeWindowSize
+        - timeWindowUnit
+      properties:
+        aggField:
+          $ref: '#/components/schemas/aggfield'
+        aggType:
+          $ref: '#/components/schemas/aggtype'
+        esQuery:
+          description: The query definition, which uses Elasticsearch Query DSL.
+          type: string
+        excludeHitsFromPreviousRun:
+          $ref: '#/components/schemas/excludehitsfrompreviousrun'
+        groupBy:
+          $ref: '#/components/schemas/groupby'
+        index:
+          description: The indices to query.
+          oneOf:
+            - type: array
+              items:
+                type: string
+            - type: string
+        searchType:
+          description: The type of query, in this case a query that uses Elasticsearch Query DSL.
+          type: string
+          enum:
+            - esQuery
+          default: esQuery
+          example: esQuery
+        size:
+          $ref: '#/components/schemas/size'
+        termField:
+          $ref: '#/components/schemas/termfield'
+        termSize:
+          $ref: '#/components/schemas/termsize'
+        threshold:
+          $ref: '#/components/schemas/threshold'
+        thresholdComparator:
+          $ref: '#/components/schemas/thresholdcomparator'
+        timeField:
+          $ref: '#/components/schemas/timefield'
+        timeWindowSize:
+          $ref: '#/components/schemas/timewindowsize'
+        timeWindowUnit:
+          $ref: '#/components/schemas/timewindowunit'
+    params_es_query_esql_rule:
+      title: Elasticsearch ES|QL query rule params
+      description: |
+        An Elasticsearch query rule can run an ES|QL query and compare the number of matches to a configured threshold. These parameters are appropriate when `rule_type_id` is `.es-query`.
+      type: object
+      required:
+        - esqlQuery
+        - searchType
+        - size
+        - threshold
+        - thresholdComparator
+        - timeWindowSize
+        - timeWindowUnit
+      properties:
+        aggField:
+          $ref: '#/components/schemas/aggfield'
+        aggType:
+          $ref: '#/components/schemas/aggtype'
+        esqlQuery:
+          type: object
+          required:
+            - esql
+          properties:
+            esql:
+              description: The query definition, which uses Elasticsearch Query Language.
+              type: string
+        excludeHitsFromPreviousRun:
+          $ref: '#/components/schemas/excludehitsfrompreviousrun'
+        groupBy:
+          $ref: '#/components/schemas/groupby'
+        searchType:
+          description: The type of query, in this case a query that uses Elasticsearch Query Language (ES|QL).
+          type: string
+          enum:
+            - esqlQuery
+          example: esqlQuery
+        size:
+          type: integer
+          description: |
+            When `searchType` is `esqlQuery`, this property is required but it does not affect the rule behavior.
+          example: 0
+        termSize:
+          $ref: '#/components/schemas/termsize'
+        threshold:
+          type: array
+          items:
+            type: integer
+            minimum: 0
+            maximum: 0
+          description: |
+            The threshold value that is used with the `thresholdComparator`. When `searchType` is `esqlQuery`, this property is required and must be set to zero.
+        thresholdComparator:
+          type: string
+          description: |
+            The comparison function for the threshold. When `searchType` is `esqlQuery`, this property is required and must be set to ">". Since the `threshold` value must be `0`, the result is that an alert occurs whenever the query returns results.
+          enum:
+            - '>'
+          example: '>'
+        timeField:
+          $ref: '#/components/schemas/timefield'
+        timeWindowSize:
+          $ref: '#/components/schemas/timewindowsize'
+        timeWindowUnit:
+          $ref: '#/components/schemas/timewindowunit'
+    filter:
+      type: object
+      description: A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package.
+      properties:
+        meta:
+          type: object
+          properties:
+            alias:
+              type: string
+              nullable: true
+            controlledBy:
+              type: string
+            disabled:
+              type: boolean
+            field:
+              type: string
+            group:
+              type: string
+            index:
+              type: string
+            isMultiIndex:
+              type: boolean
+            key:
+              type: string
+            negate:
+              type: boolean
+            params:
+              type: object
+            type:
+              type: string
+            value:
+              type: string
+        query:
+          type: object
+        $state:
+          type: object
+    params_es_query_kql_rule:
+      title: Elasticsearch KQL query rule params
+      description: |
+        An Elasticsearch query rule can run a query defined in KQL or Lucene and compare the number of matches to a configured threshold. These parameters are appropriate when `rule_type_id` is `.es-query`.
+      type: object
+      required:
+        - searchType
+        - size
+        - threshold
+        - thresholdComparator
+        - timeWindowSize
+        - timeWindowUnit
+      properties:
+        aggField:
+          $ref: '#/components/schemas/aggfield'
+        aggType:
+          $ref: '#/components/schemas/aggtype'
+        excludeHitsFromPreviousRun:
+          $ref: '#/components/schemas/excludehitsfrompreviousrun'
+        groupBy:
+          $ref: '#/components/schemas/groupby'
+        searchConfiguration:
+          description: The query definition, which uses KQL or Lucene to fetch the documents from Elasticsearch.
+          type: object
+          properties:
+            filter:
+              type: array
+              items:
+                $ref: '#/components/schemas/filter'
+            index:
+              description: The indices to query.
+              oneOf:
+                - type: string
+                - type: array
+                  items:
+                    type: string
+            query:
+              type: object
+              properties:
+                language:
+                  type: string
+                  example: kuery
+                query:
+                  type: string
+        searchType:
+          description: The type of query, in this case a text-based query that uses KQL or Lucene.
+          type: string
+          enum:
+            - searchSource
+          example: searchSource
+        size:
+          $ref: '#/components/schemas/size'
+        termField:
+          $ref: '#/components/schemas/termfield'
+        termSize:
+          $ref: '#/components/schemas/termsize'
+        threshold:
+          $ref: '#/components/schemas/threshold'
+        thresholdComparator:
+          $ref: '#/components/schemas/thresholdcomparator'
+        timeField:
+          $ref: '#/components/schemas/timefield'
+        timeWindowSize:
+          $ref: '#/components/schemas/timewindowsize'
+        timeWindowUnit:
+          $ref: '#/components/schemas/timewindowunit'
+    params_index_threshold_rule:
+      title: Index threshold rule params
+      description: An index threshold rule runs an Elasticsearch query, aggregates field values from documents, compares them to threshold values, and schedules actions to run when the thresholds are met. These parameters are appropriate when `rule_type_id` is `.index-threshold`.
+      type: object
+      required:
+        - index
+        - threshold
+        - thresholdComparator
+        - timeField
+        - timeWindowSize
+        - timeWindowUnit
+      properties:
+        aggField:
+          $ref: '#/components/schemas/aggfield'
+        aggType:
+          $ref: '#/components/schemas/aggtype'
+        filterKuery:
+          description: A KQL expression thats limits the scope of alerts.
+          type: string
+        groupBy:
+          $ref: '#/components/schemas/groupby'
+        index:
+          description: The indices to query.
+          type: array
+          items:
+            type: string
+        termField:
+          $ref: '#/components/schemas/termfield'
+        termSize:
+          $ref: '#/components/schemas/termsize'
+        threshold:
+          $ref: '#/components/schemas/threshold'
+        thresholdComparator:
+          $ref: '#/components/schemas/thresholdcomparator'
+        timeField:
+          $ref: '#/components/schemas/timefield'
+        timeWindowSize:
+          $ref: '#/components/schemas/timewindowsize'
+        timeWindowUnit:
+          $ref: '#/components/schemas/timewindowunit'
+    params_property_infra_inventory:
+      properties:
+        criteria:
+          type: array
+          items:
+            type: object
+            properties:
+              metric:
+                type: string
+                enum:
+                  - count
+                  - cpu
+                  - diskLatency
+                  - load
+                  - memory
+                  - memoryTotal
+                  - tx
+                  - rx
+                  - logRate
+                  - diskIOReadBytes
+                  - diskIOWriteBytes
+                  - s3TotalRequests
+                  - s3NumberOfObjects
+                  - s3BucketSize
+                  - s3DownloadBytes
+                  - s3UploadBytes
+                  - rdsConnections
+                  - rdsQueriesExecuted
+                  - rdsActiveTransactions
+                  - rdsLatency
+                  - sqsMessagesVisible
+                  - sqsMessagesDelayed
+                  - sqsMessagesSent
+                  - sqsMessagesEmpty
+                  - sqsOldestMessage
+                  - custom
+              timeSize:
+                type: number
+              timeUnit:
+                type: string
+                enum:
+                  - s
+                  - m
+                  - h
+                  - d
+              sourceId:
+                type: string
+              threshold:
+                type: array
+                items:
+                  type: number
+              comparator:
+                type: string
+                enum:
+                  - <
+                  - <=
+                  - '>'
+                  - '>='
+                  - between
+                  - outside
+              customMetric:
+                type: object
+                properties:
+                  type:
+                    type: string
+                    enum:
+                      - custom
+                  field:
+                    type: string
+                  aggregation:
+                    type: string
+                    enum:
+                      - avg
+                      - max
+                      - min
+                      - rate
+                  id:
+                    type: string
+                  label:
+                    type: string
+              warningThreshold:
+                type: array
+                items:
+                  type: number
+              warningComparator:
+                type: string
+                enum:
+                  - <
+                  - <=
+                  - '>'
+                  - '>='
+                  - between
+                  - outside
+        filterQuery:
+          type: string
+        filterQueryText:
+          type: string
+        nodeType:
+          type: string
+          enum:
+            - host
+            - pod
+            - container
+            - awsEC2
+            - awsS3
+            - awsSQS
+            - awsRDS
+        sourceId:
+          type: string
+        alertOnNoData:
+          type: boolean
+    params_property_log_threshold:
+      oneOf:
+        - title: Count
+          type: object
+          required:
+            - count
+            - timeSize
+            - timeUnit
+            - logView
+          properties:
+            criteria:
+              type: array
+              items:
+                type: object
+                properties:
+                  field:
+                    type: string
+                    example: my.field
+                  comparator:
+                    type: string
+                    enum:
+                      - more than
+                      - more than or equals
+                      - less than
+                      - less than or equals
+                      - equals
+                      - does not equal
+                      - matches
+                      - does not match
+                      - matches phrase
+                      - does not match phrase
+                  value:
+                    oneOf:
+                      - type: number
+                        example: 42
+                      - type: string
+                        example: value
+            count:
+              type: object
+              properties:
+                comparator:
+                  type: string
+                  enum:
+                    - more than
+                    - more than or equals
+                    - less than
+                    - less than or equals
+                    - equals
+                    - does not equal
+                    - matches
+                    - does not match
+                    - matches phrase
+                    - does not match phrase
+                value:
+                  type: number
+                  example: 100
+            timeSize:
+              type: number
+              example: 6
+            timeUnit:
+              type: string
+              enum:
+                - s
+                - m
+                - h
+                - d
+            logView:
+              type: object
+              properties:
+                logViewId:
+                  type: string
+                type:
+                  type: string
+                  enum:
+                    - log-view-reference
+                  example: log-view-reference
+            groupBy:
+              type: array
+              items:
+                type: string
+        - title: Ratio
+          type: object
+          required:
+            - count
+            - timeSize
+            - timeUnit
+            - logView
+          properties:
+            criteria:
+              type: array
+              items:
+                minItems: 2
+                maxItems: 2
+                type: array
+                items:
+                  type: object
+                  properties:
+                    field:
+                      type: string
+                      example: my.field
+                    comparator:
+                      type: string
+                      enum:
+                        - more than
+                        - more than or equals
+                        - less than
+                        - less than or equals
+                        - equals
+                        - does not equal
+                        - matches
+                        - does not match
+                        - matches phrase
+                        - does not match phrase
+                    value:
+                      oneOf:
+                        - type: number
+                          example: 42
+                        - type: string
+                          example: value
+            count:
+              type: object
+              properties:
+                comparator:
+                  type: string
+                  enum:
+                    - more than
+                    - more than or equals
+                    - less than
+                    - less than or equals
+                    - equals
+                    - does not equal
+                    - matches
+                    - does not match
+                    - matches phrase
+                    - does not match phrase
+                value:
+                  type: number
+                  example: 100
+            timeSize:
+              type: number
+              example: 6
+            timeUnit:
+              type: string
+              enum:
+                - s
+                - m
+                - h
+                - d
+            logView:
+              type: object
+              properties:
+                logViewId:
+                  type: string
+                type:
+                  type: string
+                  enum:
+                    - log-view-reference
+                  example: log-view-reference
+            groupBy:
+              type: array
+              items:
+                type: string
+    params_property_infra_metric_threshold:
+      properties:
+        criteria:
+          type: array
+          items:
+            oneOf:
+              - title: non count criterion
+                type: object
+                properties:
+                  threshold:
+                    type: array
+                    items:
+                      type: number
+                  comparator:
+                    type: string
+                    enum:
+                      - <
+                      - <=
+                      - '>'
+                      - '>='
+                      - between
+                      - outside
+                  timeUnit:
+                    type: string
+                  timeSize:
+                    type: number
+                  warningThreshold:
+                    type: array
+                    items:
+                      type: number
+                  warningComparator:
+                    type: string
+                    enum:
+                      - <
+                      - <=
+                      - '>'
+                      - '>='
+                      - between
+                      - outside
+                  metric:
+                    type: string
+                  aggType:
+                    type: string
+                    enum:
+                      - avg
+                      - max
+                      - min
+                      - cardinality
+                      - rate
+                      - count
+                      - sum
+                      - p95
+                      - p99
+                      - custom
+              - title: count criterion
+                type: object
+                properties:
+                  threshold:
+                    type: array
+                    items:
+                      type: number
+                  comparator:
+                    type: string
+                    enum:
+                      - <
+                      - <=
+                      - '>'
+                      - '>='
+                      - between
+                      - outside
+                  timeUnit:
+                    type: string
+                  timeSize:
+                    type: number
+                  warningThreshold:
+                    type: array
+                    items:
+                      type: number
+                  warningComparator:
+                    type: string
+                    enum:
+                      - <
+                      - <=
+                      - '>'
+                      - '>='
+                      - between
+                      - outside
+                  aggType:
+                    type: string
+                    enum:
+                      - count
+              - title: custom criterion
+                type: object
+                properties:
+                  threshold:
+                    type: array
+                    items:
+                      type: number
+                  comparator:
+                    type: string
+                    enum:
+                      - <
+                      - <=
+                      - '>'
+                      - '>='
+                      - between
+                      - outside
+                  timeUnit:
+                    type: string
+                  timeSize:
+                    type: number
+                  warningThreshold:
+                    type: array
+                    items:
+                      type: number
+                  warningComparator:
+                    type: string
+                    enum:
+                      - <
+                      - <=
+                      - '>'
+                      - '>='
+                      - between
+                      - outside
+                  aggType:
+                    type: string
+                    enum:
+                      - custom
+                  customMetric:
+                    type: array
+                    items:
+                      oneOf:
+                        - type: object
+                          properties:
+                            name:
+                              type: string
+                            aggType:
+                              type: string
+                              enum:
+                                - avg
+                                - sum
+                                - max
+                                - min
+                                - cardinality
+                            field:
+                              type: string
+                        - type: object
+                          properties:
+                            name:
+                              type: string
+                            aggType:
+                              type: string
+                              enum:
+                                - count
+                            filter:
+                              type: string
+                  equation:
+                    type: string
+                  label:
+                    type: string
+        groupBy:
+          oneOf:
+            - type: string
+            - type: array
+              items:
+                type: string
+        filterQuery:
+          type: string
+        sourceId:
+          type: string
+        alertOnNoData:
+          type: boolean
+        alertOnGroupDisappear:
+          type: boolean
+    params_property_slo_burn_rate:
+      properties:
+        sloId:
+          description: The SLO identifier used by the rule
+          type: string
+          example: 8853df00-ae2e-11ed-90af-09bb6422b258
+        burnRateThreshold:
+          description: The burn rate threshold used to trigger the alert
+          type: number
+          example: 14.4
+        maxBurnRateThreshold:
+          description: The maximum burn rate threshold value defined by the SLO error budget
+          type: number
+          example: 168
+        longWindow:
+          description: The duration of the long window used to compute the burn rate
+          type: object
+          properties:
+            value:
+              description: The duration value
+              type: number
+              example: 6
+            unit:
+              description: The duration unit
+              type: string
+              example: h
+        shortWindow:
+          description: The duration of the short window used to compute the burn rate
+          type: object
+          properties:
+            value:
+              description: The duration value
+              type: number
+              example: 30
+            unit:
+              description: The duration unit
+              type: string
+              example: m
+    params_property_synthetics_uptime_tls:
+      properties:
+        search:
+          type: string
+        certExpirationThreshold:
+          type: number
+        certAgeThreshold:
+          type: number
+    params_property_synthetics_monitor_status:
+      required:
+        - numTimes
+        - shouldCheckStatus
+        - shouldCheckAvailability
+      properties:
+        availability:
+          type: object
+          properties:
+            range:
+              type: number
+            rangeUnit:
+              type: string
+            threshold:
+              type: string
+        filters:
+          oneOf:
+            - type: string
+            - type: object
+              deprecated: true
+              properties:
+                monitor.type:
+                  type: array
+                  items:
+                    type: string
+                observer.geo.name:
+                  type: array
+                  items:
+                    type: string
+                tags:
+                  type: array
+                  items:
+                    type: string
+                url.port:
+                  type: array
+                  items:
+                    type: string
+        locations:
+          deprecated: true
+          type: array
+          items:
+            type: string
+        numTimes:
+          type: number
+        search:
+          type: string
+        shouldCheckStatus:
+          type: boolean
+        shouldCheckAvailability:
+          type: boolean
+        timerangeCount:
+          type: number
+        timerangeUnit:
+          type: string
+        timerange:
+          deprecated: true
+          type: object
+          properties:
+            from:
+              type: string
+            to:
+              type: string
+        version:
+          type: number
+        isAutoGenerated:
+          type: boolean
+  securitySchemes:
+    apiKeyAuth:
+      description: You must create an API key and use the encoded value in the request header. To learn about creating keys, go to [API keys](https://www.elastic.co/docs/current/serverless/api-keys).
+      in: header
+      name: Authorization
+      type: apiKey
diff --git a/oas_docs/output/kibana.yaml b/oas_docs/output/kibana.yaml
index 133dede5fcd0c..f84c98205effe 100644
--- a/oas_docs/output/kibana.yaml
+++ b/oas_docs/output/kibana.yaml
@@ -2,68 +2,38 @@ openapi: 3.0.3
 info:
   contact:
     name: Kibana Team
-  description: >
-    The Kibana REST APIs enable you to manage resources such as connectors, data
-    views, and saved objects.
-
+  description: |
+    The Kibana REST APIs enable you to manage resources such as connectors, data views, and saved objects.
     The API calls are stateless.
-
-    Each request that you make happens in isolation from other calls and must
-    include all of the necessary information for Kibana to fulfill the
-
+    Each request that you make happens in isolation from other calls and must include all of the necessary information for Kibana to fulfill the
     request.
-
-    API requests return JSON output, which is a format that is machine-readable
-    and works well for automation.
-
+    API requests return JSON output, which is a format that is machine-readable and works well for automation.
 
     To interact with Kibana APIs, use the following operations:
 
-
     - GET: Fetches the information.
-
     - PATCH: Applies partial modifications to the existing information.
-
     - POST: Adds new information.
-
     - PUT: Updates the existing information.
-
     - DELETE: Removes the information.
 
-
-    You can prepend any Kibana API endpoint with `kbn:` and run the request in
-    **Dev Tools → Console**.
-
+    You can prepend any Kibana API endpoint with `kbn:` and run the request in **Dev Tools → Console**.
     For example:
 
-
     ```
-
     GET kbn:/api/data_views
-
     ```
 
+    For more information about the console, refer to [Run API requests](https://www.elastic.co/guide/en/kibana/current/console-kibana.html).
 
-    For more information about the console, refer to [Run API
-    requests](https://www.elastic.co/guide/en/kibana/current/console-kibana.html).
-
-
-    NOTE: Access to internal Kibana API endpoints will be restricted in Kibana
-    version 9.0. Please move any integrations to publicly documented APIs.
-
+    NOTE: Access to internal Kibana API endpoints will be restricted in Kibana version 9.0. Please move any integrations to publicly documented APIs.
 
     ## Documentation source and versions
 
+    This documentation is derived from the `main` branch of the [kibana](https://github.com/elastic/kibana) repository.
+    It is provided under license [Attribution-NonCommercial-NoDerivatives 4.0 International](https://creativecommons.org/licenses/by-nc-nd/4.0/).
 
-    This documentation is derived from the `main` branch of the
-    [kibana](https://github.com/elastic/kibana) repository.
-
-    It is provided under license [Attribution-NonCommercial-NoDerivatives 4.0
-    International](https://creativecommons.org/licenses/by-nc-nd/4.0/).
-
-
-    This documentation contains work-in-progress information for future Elastic
-    Stack releases.
+    This documentation contains work-in-progress information for future Elastic Stack releases.
   title: Kibana APIs
   version: 1.0.2
   x-doc-license:
@@ -71,13 +41,131 @@ info:
     url: https://creativecommons.org/licenses/by-nc-nd/4.0/
   x-feedbackLink:
     label: Feedback
-    url: >-
-      https://github.com/elastic/docs-content/issues/new?assignees=&labels=feedback%2Ccommunity&projects=&template=api-feedback.yaml&title=%5BFeedback%5D%3A+
+    url: https://github.com/elastic/docs-content/issues/new?assignees=&labels=feedback%2Ccommunity&projects=&template=api-feedback.yaml&title=%5BFeedback%5D%3A+
 servers:
   - url: https://{kibana_url}
     variables:
       kibana_url:
         default: localhost:5601
+security:
+  - apiKeyAuth: []
+  - basicAuth: []
+tags:
+  - name: alerting
+    description: |
+      Alerting enables you to define rules, which detect complex conditions within your data. When a condition is met, the rule tracks it as an alert and runs the actions that are defined in the rule.  Actions typically involve the use of connectors to interact with Kibana services or third party integrations.
+    externalDocs:
+      description: Alerting documentation
+      url: https://www.elastic.co/guide/en/kibana/master/alerting-getting-started.html
+    x-displayName: Alerting
+  - description: |
+      Adjust APM agent configuration without need to redeploy your application.
+    name: APM agent configuration
+  - description: |
+      Configure APM agent keys to authorize requests from APM agents to the APM Server.
+    name: APM agent keys
+  - description: |
+      Annotate visualizations in the APM app with significant events. Annotations enable you to easily see how events are impacting the performance of your applications.
+    name: APM annotations
+  - description: Create APM fleet server schema.
+    name: APM server schema
+  - description: Configure APM source maps.
+    name: APM sourcemaps
+  - description: |
+      Cases are used to open and track issues. You can add assignees and tags to your cases, set their severity and status, and add alerts, comments, and visualizations. You can also send cases to external incident management systems by configuring connectors.
+    name: cases
+    externalDocs:
+      description: Cases documentation
+      url: https://www.elastic.co/guide/en/kibana/master/cases.html
+    x-displayName: Cases
+  - name: connectors
+    description: |
+      Connectors provide a central place to store connection information for services and integrations with Elastic or third party systems. Alerting rules can use connectors to run actions when rule conditions are met.
+    externalDocs:
+      description: Connector documentation
+      url: https://www.elastic.co/guide/en/kibana/current/action-types.html
+    x-displayName: Connectors
+  - name: Data streams
+  - description: Data view APIs enable you to manage data views, formerly known as Kibana index patterns.
+    name: data views
+    x-displayName: Data views
+  - name: Elastic Agent actions
+  - name: Elastic Agent binary download sources
+  - name: Elastic Agent policies
+  - name: Elastic Agent status
+  - name: Elastic Agents
+  - name: Elastic Package Manager (EPM)
+  - name: Fleet enrollment API keys
+  - name: Fleet internals
+  - name: Fleet outputs
+  - name: Fleet package policies
+  - name: Fleet proxies
+  - name: Fleet Server hosts
+  - name: Fleet service tokens
+  - name: Fleet uninstall tokens
+  - name: Message Signing Service
+  - description: Machine learning
+    name: ml
+    x-displayName: Machine learning
+  - name: roles
+    x-displayName: Roles
+    description: Manage the roles that grant Elasticsearch and Kibana privileges.
+    externalDocs:
+      description: Kibana role management
+      url: https://www.elastic.co/guide/en/kibana/master/kibana-role-management.html
+  - description: |
+      Export sets of saved objects that you want to import into Kibana, resolve import errors, and rotate an encryption key for encrypted saved objects with the saved objects APIs.
+
+      To manage a specific type of saved object, use the corresponding APIs.
+      For example, use:
+
+      * [Data views](../group/endpoint-data-views)
+      * [Spaces](https://www.elastic.co/guide/en/kibana/current/spaces-api.html)
+      * [Short URLs](https://www.elastic.co/guide/en/kibana/current/short-urls-api.html)
+
+      Warning: Do not write documents directly to the `.kibana` index. When you write directly to the `.kibana` index, the data becomes corrupted and permanently breaks future Kibana versions.
+    name: saved objects
+    x-displayName: Saved objects
+  - description: Manage and interact with Security Assistant resources.
+    name: Security AI Assistant API
+    x-displayName: Security AI assistant
+  - description: You can create rules that automatically turn events and external alerts sent to Elastic Security into detection alerts. These alerts are displayed on the Detections page.
+    name: Security Detections API
+    x-displayName: Security detections
+  - description: Endpoint Exceptions API allows you to manage detection rule endpoint exceptions to prevent a rule from generating an alert from incoming events even when the rule's other criteria are met.
+    name: Security Endpoint Exceptions API
+    x-displayName: Security endpoint exceptions
+  - description: Interact with and manage endpoints running the Elastic Defend integration.
+    name: Security Endpoint Management API
+    x-displayName: Security endpoint management
+  - description: ''
+    name: Security Entity Analytics API
+    x-displayName: Security entity analytics
+  - description: Exceptions API allows you to manage detection rule exceptions to prevent a rule from generating an alert from incoming events even when the rule's other criteria are met.
+    name: Security Exceptions API
+    x-displayName: Security exceptions
+  - description: Lists API allows you to manage lists of keywords, IPs or IP ranges items.
+    name: Security Lists API
+    x-displayName: Security lists
+  - description: Run live queries, manage packs and saved queries.
+    name: Security Osquery API
+    x-displayName: Security Osquery
+  - description: You can create Timelines and Timeline templates via the API, as well as import new Timelines from an ndjson file.
+    name: Security Timeline API
+    x-displayName: Security timeline
+  - description: SLO APIs enable you to define, manage and track service-level objectives
+    name: slo
+    x-displayName: Service level objectives
+  - name: spaces
+    x-displayName: Spaces
+    description: Manage your Kibana spaces.
+    externalDocs:
+      url: https://www.elastic.co/guide/en/kibana/master/xpack-spaces.html
+      description: Space overview
+  - name: system
+    x-displayName: System
+    description: |
+      Get information about the system status, resource usage, and installed plugins.
 paths:
   /api/actions/connector_types:
     get:
@@ -92,15 +180,20 @@ paths:
             enum:
               - '2023-10-31'
             type: string
-        - description: >-
-            A filter to limit the retrieved connector types to those that
-            support a specific feature (such as alerting or cases).
+        - description: A filter to limit the retrieved connector types to those that support a specific feature (such as alerting or cases).
           in: query
           name: feature_id
           required: false
           schema:
             type: string
-      responses: {}
+      responses:
+        '200':
+          description: Indicates a successful call.
+          content:
+            application/json; Elastic-Api-Version=2023-10-31:
+              examples:
+                getConnectorTypesServerlessResponse:
+                  $ref: '#/components/examples/get_connector_types_generativeai_response'
       summary: Get connector types
       tags:
         - connectors
@@ -177,15 +270,10 @@ paths:
                     description: Indicates whether the connector is missing secrets.
                     type: boolean
                   is_preconfigured:
-                    description: >-
-                      Indicates whether the connector is preconfigured. If true,
-                      the `config` and `is_missing_secrets` properties are
-                      omitted from the response. 
+                    description: 'Indicates whether the connector is preconfigured. If true, the `config` and `is_missing_secrets` properties are omitted from the response. '
                     type: boolean
                   is_system_action:
-                    description: >-
-                      Indicates whether the connector is used for system
-                      actions.
+                    description: Indicates whether the connector is used for system actions.
                     type: boolean
                   name:
                     description: ' The name of the rule.'
@@ -197,6 +285,9 @@ paths:
                   - is_preconfigured
                   - is_deprecated
                   - is_system_action
+              examples:
+                getConnectorResponse:
+                  $ref: '#/components/examples/get_connector_response'
           description: Indicates a successful call.
       summary: Get connector information
       tags:
@@ -222,7 +313,7 @@ paths:
         - description: An identifier for the connector.
           in: path
           name: id
-          required: false
+          required: true
           schema:
             type: string
       requestBody:
@@ -232,23 +323,77 @@ paths:
               additionalProperties: false
               type: object
               properties:
-                config:
-                  additionalProperties: {}
-                  default: {}
-                  type: object
                 connector_type_id:
                   description: The type of connector.
                   type: string
                 name:
                   description: The display name for the connector.
                   type: string
+                config:
+                  additionalProperties: {}
+                  default: {}
+                  description: The connector configuration details.
+                  oneOf:
+                    - $ref: '#/components/schemas/bedrock_config'
+                    - $ref: '#/components/schemas/crowdstrike_config'
+                    - $ref: '#/components/schemas/d3security_config'
+                    - $ref: '#/components/schemas/email_config'
+                    - $ref: '#/components/schemas/gemini_config'
+                    - $ref: '#/components/schemas/resilient_config'
+                    - $ref: '#/components/schemas/index_config'
+                    - $ref: '#/components/schemas/jira_config'
+                    - $ref: '#/components/schemas/genai_azure_config'
+                    - $ref: '#/components/schemas/genai_openai_config'
+                    - $ref: '#/components/schemas/opsgenie_config'
+                    - $ref: '#/components/schemas/pagerduty_config'
+                    - $ref: '#/components/schemas/sentinelone_config'
+                    - $ref: '#/components/schemas/servicenow_config'
+                    - $ref: '#/components/schemas/servicenow_itom_config'
+                    - $ref: '#/components/schemas/slack_api_config'
+                    - $ref: '#/components/schemas/swimlane_config'
+                    - $ref: '#/components/schemas/thehive_config'
+                    - $ref: '#/components/schemas/tines_config'
+                    - $ref: '#/components/schemas/torq_config'
+                    - $ref: '#/components/schemas/webhook_config'
+                    - $ref: '#/components/schemas/cases_webhook_config'
+                    - $ref: '#/components/schemas/xmatters_config'
                 secrets:
                   additionalProperties: {}
                   default: {}
-                  type: object
+                  oneOf:
+                    - $ref: '#/components/schemas/bedrock_secrets'
+                    - $ref: '#/components/schemas/crowdstrike_secrets'
+                    - $ref: '#/components/schemas/d3security_secrets'
+                    - $ref: '#/components/schemas/email_secrets'
+                    - $ref: '#/components/schemas/gemini_secrets'
+                    - $ref: '#/components/schemas/resilient_secrets'
+                    - $ref: '#/components/schemas/jira_secrets'
+                    - $ref: '#/components/schemas/teams_secrets'
+                    - $ref: '#/components/schemas/genai_secrets'
+                    - $ref: '#/components/schemas/opsgenie_secrets'
+                    - $ref: '#/components/schemas/pagerduty_secrets'
+                    - $ref: '#/components/schemas/sentinelone_secrets'
+                    - $ref: '#/components/schemas/servicenow_secrets'
+                    - $ref: '#/components/schemas/slack_api_secrets'
+                    - $ref: '#/components/schemas/swimlane_secrets'
+                    - $ref: '#/components/schemas/thehive_secrets'
+                    - $ref: '#/components/schemas/tines_secrets'
+                    - $ref: '#/components/schemas/torq_secrets'
+                    - $ref: '#/components/schemas/webhook_secrets'
+                    - $ref: '#/components/schemas/cases_webhook_secrets'
+                    - $ref: '#/components/schemas/xmatters_secrets'
               required:
                 - name
                 - connector_type_id
+            examples:
+              createEmailConnectorRequest:
+                $ref: '#/components/examples/create_email_connector_request'
+              createIndexConnectorRequest:
+                $ref: '#/components/examples/create_index_connector_request'
+              createWebhookConnectorRequest:
+                $ref: '#/components/examples/create_webhook_connector_request'
+              createXmattersConnectorRequest:
+                $ref: '#/components/examples/create_xmatters_connector_request'
       responses:
         '200':
           content:
@@ -273,15 +418,10 @@ paths:
                     description: Indicates whether the connector is missing secrets.
                     type: boolean
                   is_preconfigured:
-                    description: >-
-                      Indicates whether the connector is preconfigured. If true,
-                      the `config` and `is_missing_secrets` properties are
-                      omitted from the response. 
+                    description: 'Indicates whether the connector is preconfigured. If true, the `config` and `is_missing_secrets` properties are omitted from the response. '
                     type: boolean
                   is_system_action:
-                    description: >-
-                      Indicates whether the connector is used for system
-                      actions.
+                    description: Indicates whether the connector is used for system actions.
                     type: boolean
                   name:
                     description: ' The name of the rule.'
@@ -293,6 +433,15 @@ paths:
                   - is_preconfigured
                   - is_deprecated
                   - is_system_action
+              examples:
+                createEmailConnectorResponse:
+                  $ref: '#/components/examples/create_email_connector_response'
+                createIndexConnectorResponse:
+                  $ref: '#/components/examples/create_index_connector_response'
+                createWebhookConnectorResponse:
+                  $ref: '#/components/examples/create_webhook_connector_response'
+                createXmattersConnectorResponse:
+                  $ref: '#/components/examples/get_connector_response'
           description: Indicates a successful call.
       summary: Create a connector
       tags:
@@ -328,19 +477,67 @@ paths:
               additionalProperties: false
               type: object
               properties:
-                config:
-                  additionalProperties: {}
-                  default: {}
-                  type: object
                 name:
                   description: The display name for the connector.
                   type: string
+                config:
+                  additionalProperties: {}
+                  default: {}
+                  description: The connector configuration details.
+                  oneOf:
+                    - $ref: '#/components/schemas/bedrock_config'
+                    - $ref: '#/components/schemas/crowdstrike_config'
+                    - $ref: '#/components/schemas/d3security_config'
+                    - $ref: '#/components/schemas/email_config'
+                    - $ref: '#/components/schemas/gemini_config'
+                    - $ref: '#/components/schemas/resilient_config'
+                    - $ref: '#/components/schemas/index_config'
+                    - $ref: '#/components/schemas/jira_config'
+                    - $ref: '#/components/schemas/genai_azure_config'
+                    - $ref: '#/components/schemas/genai_openai_config'
+                    - $ref: '#/components/schemas/opsgenie_config'
+                    - $ref: '#/components/schemas/pagerduty_config'
+                    - $ref: '#/components/schemas/sentinelone_config'
+                    - $ref: '#/components/schemas/servicenow_config'
+                    - $ref: '#/components/schemas/servicenow_itom_config'
+                    - $ref: '#/components/schemas/slack_api_config'
+                    - $ref: '#/components/schemas/swimlane_config'
+                    - $ref: '#/components/schemas/thehive_config'
+                    - $ref: '#/components/schemas/tines_config'
+                    - $ref: '#/components/schemas/torq_config'
+                    - $ref: '#/components/schemas/webhook_config'
+                    - $ref: '#/components/schemas/cases_webhook_config'
+                    - $ref: '#/components/schemas/xmatters_config'
                 secrets:
                   additionalProperties: {}
                   default: {}
-                  type: object
+                  oneOf:
+                    - $ref: '#/components/schemas/bedrock_secrets'
+                    - $ref: '#/components/schemas/crowdstrike_secrets'
+                    - $ref: '#/components/schemas/d3security_secrets'
+                    - $ref: '#/components/schemas/email_secrets'
+                    - $ref: '#/components/schemas/gemini_secrets'
+                    - $ref: '#/components/schemas/resilient_secrets'
+                    - $ref: '#/components/schemas/jira_secrets'
+                    - $ref: '#/components/schemas/teams_secrets'
+                    - $ref: '#/components/schemas/genai_secrets'
+                    - $ref: '#/components/schemas/opsgenie_secrets'
+                    - $ref: '#/components/schemas/pagerduty_secrets'
+                    - $ref: '#/components/schemas/sentinelone_secrets'
+                    - $ref: '#/components/schemas/servicenow_secrets'
+                    - $ref: '#/components/schemas/slack_api_secrets'
+                    - $ref: '#/components/schemas/swimlane_secrets'
+                    - $ref: '#/components/schemas/thehive_secrets'
+                    - $ref: '#/components/schemas/tines_secrets'
+                    - $ref: '#/components/schemas/torq_secrets'
+                    - $ref: '#/components/schemas/webhook_secrets'
+                    - $ref: '#/components/schemas/cases_webhook_secrets'
+                    - $ref: '#/components/schemas/xmatters_secrets'
               required:
                 - name
+            examples:
+              updateIndexConnectorRequest:
+                $ref: '#/components/examples/update_index_connector_request'
       responses:
         '200':
           content:
@@ -365,15 +562,10 @@ paths:
                     description: Indicates whether the connector is missing secrets.
                     type: boolean
                   is_preconfigured:
-                    description: >-
-                      Indicates whether the connector is preconfigured. If true,
-                      the `config` and `is_missing_secrets` properties are
-                      omitted from the response. 
+                    description: 'Indicates whether the connector is preconfigured. If true, the `config` and `is_missing_secrets` properties are omitted from the response. '
                     type: boolean
                   is_system_action:
-                    description: >-
-                      Indicates whether the connector is used for system
-                      actions.
+                    description: Indicates whether the connector is used for system actions.
                     type: boolean
                   name:
                     description: ' The name of the rule.'
@@ -391,9 +583,7 @@ paths:
         - connectors
   /api/actions/connector/{id}/_execute:
     post:
-      description: >-
-        You can use this API to test an action that involves interaction with
-        Kibana services or integrations with third-party systems.
+      description: You can use this API to test an action that involves interaction with Kibana services or integrations with third-party systems.
       operationId: post-actions-connector-id-execute
       parameters:
         - description: The version of the API to use
@@ -426,9 +616,40 @@ paths:
               properties:
                 params:
                   additionalProperties: {}
-                  type: object
+                  oneOf:
+                    - $ref: '#/components/schemas/run_acknowledge_resolve_pagerduty'
+                    - $ref: '#/components/schemas/run_documents'
+                    - $ref: '#/components/schemas/run_message_email'
+                    - $ref: '#/components/schemas/run_message_serverlog'
+                    - $ref: '#/components/schemas/run_message_slack'
+                    - $ref: '#/components/schemas/run_trigger_pagerduty'
+                    - $ref: '#/components/schemas/run_addevent'
+                    - $ref: '#/components/schemas/run_closealert'
+                    - $ref: '#/components/schemas/run_closeincident'
+                    - $ref: '#/components/schemas/run_createalert'
+                    - $ref: '#/components/schemas/run_fieldsbyissuetype'
+                    - $ref: '#/components/schemas/run_getchoices'
+                    - $ref: '#/components/schemas/run_getfields'
+                    - $ref: '#/components/schemas/run_getincident'
+                    - $ref: '#/components/schemas/run_issue'
+                    - $ref: '#/components/schemas/run_issues'
+                    - $ref: '#/components/schemas/run_issuetypes'
+                    - $ref: '#/components/schemas/run_postmessage'
+                    - $ref: '#/components/schemas/run_pushtoservice'
+                    - $ref: '#/components/schemas/run_validchannelid'
               required:
                 - params
+            examples:
+              runIndexConnectorRequest:
+                $ref: '#/components/examples/run_index_connector_request'
+              runJiraConnectorRequest:
+                $ref: '#/components/examples/run_jira_connector_request'
+              runServerLogConnectorRequest:
+                $ref: '#/components/examples/run_servicenow_itom_connector_request'
+              runSlackConnectorRequest:
+                $ref: '#/components/examples/run_slack_api_connector_request'
+              runSwimlaneConnectorRequest:
+                $ref: '#/components/examples/run_swimlane_connector_request'
       responses:
         '200':
           content:
@@ -453,15 +674,10 @@ paths:
                     description: Indicates whether the connector is missing secrets.
                     type: boolean
                   is_preconfigured:
-                    description: >-
-                      Indicates whether the connector is preconfigured. If true,
-                      the `config` and `is_missing_secrets` properties are
-                      omitted from the response. 
+                    description: 'Indicates whether the connector is preconfigured. If true, the `config` and `is_missing_secrets` properties are omitted from the response. '
                     type: boolean
                   is_system_action:
-                    description: >-
-                      Indicates whether the connector is used for system
-                      actions.
+                    description: Indicates whether the connector is used for system actions.
                     type: boolean
                   name:
                     description: ' The name of the rule.'
@@ -473,6 +689,19 @@ paths:
                   - is_preconfigured
                   - is_deprecated
                   - is_system_action
+              examples:
+                runIndexConnectorResponse:
+                  $ref: '#/components/examples/run_index_connector_response'
+                runJiraConnectorResponse:
+                  $ref: '#/components/examples/run_jira_connector_response'
+                runServerLogConnectorResponse:
+                  $ref: '#/components/examples/run_server_log_connector_response'
+                runServiceNowITOMConnectorResponse:
+                  $ref: '#/components/examples/run_servicenow_itom_connector_response'
+                runSlackConnectorResponse:
+                  $ref: '#/components/examples/run_slack_api_connector_response'
+                runSwimlaneConnectorResponse:
+                  $ref: '#/components/examples/run_swimlane_connector_response'
           description: Indicates a successful call.
       summary: Run a connector
       tags:
@@ -489,16 +718,21 @@ paths:
             enum:
               - '2023-10-31'
             type: string
-      responses: {}
+      responses:
+        '200':
+          description: Indicates a successful call.
+          content:
+            application/json; Elastic-Api-Version=2023-10-31:
+              examples:
+                getConnectorsResponse:
+                  $ref: '#/components/examples/get_connectors_response'
       summary: Get all connectors
       tags:
         - connectors
   /api/alerting/_health:
     get:
-      description: >
-        You must have `read` privileges for the **Management > Stack Rules**
-        feature or for at least one of the **Analytics > Discover**, **Analytics
-        > Machine Learning**, **Observability**, or **Security** features.
+      description: |
+        You must have `read` privileges for the **Management > Stack Rules** feature or for at least one of the **Analytics > Discover**, **Analytics > Machine Learning**, **Observability**, or **Security** features.
       operationId: getAlertingHealth
       responses:
         '200':
@@ -511,10 +745,8 @@ paths:
                 type: object
                 properties:
                   alerting_framework_health:
-                    description: >
-                      Three substates identify the health of the alerting
-                      framework: `decryption_health`, `execution_health`, and
-                      `read_health`.
+                    description: |
+                      Three substates identify the health of the alerting framework: `decryption_health`, `execution_health`, and `read_health`.
                     type: object
                     properties:
                       decryption_health:
@@ -563,9 +795,7 @@ paths:
                             format: date-time
                             type: string
                   has_permanent_encryption_key:
-                    description: >-
-                      If `false`, the encrypted saved object plugin does not
-                      have a permanent encryption key.
+                    description: If `false`, the encrypted saved object plugin does not have a permanent encryption key.
                     example: true
                     type: boolean
                   is_sufficiently_secure:
@@ -584,14 +814,8 @@ paths:
         - alerting
   /api/alerting/rule_types:
     get:
-      description: >
-        If you have `read` privileges for one or more Kibana features, the API
-        response contains information about the appropriate rule types. For
-        example, there are rule types associated with the **Management > Stack
-        Rules** feature, **Analytics > Discover** and **Machine Learning**
-        features, **Observability** features, and **Security** features. To get
-        rule types associated with the **Stack Monitoring** feature, use the
-        `monitoring_user` built-in role.
+      description: |
+        If you have `read` privileges for one or more Kibana features, the API response contains information about the appropriate rule types. For example, there are rule types associated with the **Management > Stack Rules** feature, **Analytics > Discover** and **Machine Learning** features, **Observability** features, and **Security** features. To get rule types associated with the **Stack Monitoring** feature, use the `monitoring_user` built-in role.
       operationId: getRuleTypes
       responses:
         '200':
@@ -605,11 +829,8 @@ paths:
                   type: object
                   properties:
                     action_groups:
-                      description: >
-                        An explicit list of groups for which the rule type can
-                        schedule actions, each with the action group's unique ID
-                        and human readable name. Rule actions validation uses
-                        this configuration to ensure that groups are valid.
+                      description: |
+                        An explicit list of groups for which the rule type can schedule actions, each with the action group's unique ID and human readable name. Rule actions validation uses this configuration to ensure that groups are valid.
                       items:
                         type: object
                         properties:
@@ -619,13 +840,8 @@ paths:
                             type: string
                       type: array
                     action_variables:
-                      description: >
-                        A list of action variables that the rule type makes
-                        available via context and state in action parameter
-                        templates, and a short human readable description. When
-                        you create a rule in Kibana, it uses this information to
-                        prompt you for these variables in action parameter
-                        editors.
+                      description: |
+                        A list of action variables that the rule type makes available via context and state in action parameter templates, and a short human readable description. When you create a rule in Kibana, it uses this information to prompt you for these variables in action parameter editors.
                       type: object
                       properties:
                         context:
@@ -658,9 +874,8 @@ paths:
                                 type: string
                           type: array
                     alerts:
-                      description: >
-                        Details for writing alerts as data documents for this
-                        rule type.
+                      description: |
+                        Details for writing alerts as data documents for this rule type.
                       type: object
                       properties:
                         context:
@@ -686,48 +901,37 @@ paths:
                             - 'true'
                           type: string
                         isSpaceAware:
-                          description: >
-                            Indicates whether the alerts are space-aware. If
-                            true, space-specific alert indices are used.
+                          description: |
+                            Indicates whether the alerts are space-aware. If true, space-specific alert indices are used.
                           type: boolean
                         mappings:
                           type: object
                           properties:
                             fieldMap:
                               additionalProperties:
-                                $ref: >-
-                                  #/components/schemas/Alerting_fieldmap_properties
-                              description: >
-                                Mapping information for each field supported in
-                                alerts as data documents for this rule type. For
-                                more information about mapping parameters, refer
-                                to the Elasticsearch documentation.
+                                $ref: '#/components/schemas/Alerting_fieldmap_properties'
+                              description: |
+                                Mapping information for each field supported in alerts as data documents for this rule type. For more information about mapping parameters, refer to the Elasticsearch documentation.
                               type: object
                         secondaryAlias:
-                          description: >
-                            A secondary alias. It is typically used to support
-                            the signals alias for detection rules.
+                          description: |
+                            A secondary alias. It is typically used to support the signals alias for detection rules.
                           type: string
                         shouldWrite:
-                          description: >
-                            Indicates whether the rule should write out alerts
-                            as data.
+                          description: |
+                            Indicates whether the rule should write out alerts as data.
                           type: boolean
                         useEcs:
-                          description: >
-                            Indicates whether to include the ECS component
-                            template for the alerts.
+                          description: |
+                            Indicates whether to include the ECS component template for the alerts.
                           type: boolean
                         useLegacyAlerts:
                           default: false
-                          description: >
-                            Indicates whether to include the legacy component
-                            template for the alerts.
+                          description: |
+                            Indicates whether to include the legacy component template for the alerts.
                           type: boolean
                     authorized_consumers:
-                      description: >-
-                        The list of the plugins IDs that have access to the rule
-                        type.
+                      description: The list of the plugins IDs that have access to the rule type.
                       type: object
                       properties:
                         alerts:
@@ -808,9 +1012,7 @@ paths:
                             read:
                               type: boolean
                     category:
-                      description: >-
-                        The rule category, which is used by features such as
-                        category-specific maintenance windows.
+                      description: The rule category, which is used by features such as category-specific maintenance windows.
                       enum:
                         - management
                         - observability
@@ -820,19 +1022,13 @@ paths:
                       description: The default identifier for the rule type group.
                       type: string
                     does_set_recovery_context:
-                      description: >-
-                        Indicates whether the rule passes context variables to
-                        its recovery action.
+                      description: Indicates whether the rule passes context variables to its recovery action.
                       type: boolean
                     enabled_in_license:
-                      description: >-
-                        Indicates whether the rule type is enabled or disabled
-                        based on the subscription.
+                      description: Indicates whether the rule type is enabled or disabled based on the subscription.
                       type: boolean
                     has_alerts_mappings:
-                      description: >-
-                        Indicates whether the rule type has custom mappings for
-                        the alert data.
+                      description: Indicates whether the rule type has custom mappings for the alert data.
                       type: boolean
                     has_fields_for_a_a_d:
                       type: boolean
@@ -840,9 +1036,7 @@ paths:
                       description: The unique identifier for the rule type.
                       type: string
                     is_exportable:
-                      description: >-
-                        Indicates whether the rule type is exportable in **Stack
-                        Management > Saved Objects**.
+                      description: Indicates whether the rule type is exportable in **Stack Management > Saved Objects**.
                       type: boolean
                     minimum_license_required:
                       description: The subscriptions required to use the rule type.
@@ -852,15 +1046,11 @@ paths:
                       description: The descriptive name of the rule type.
                       type: string
                     producer:
-                      description: >-
-                        An identifier for the application that produces this
-                        rule type.
+                      description: An identifier for the application that produces this rule type.
                       example: stackAlerts
                       type: string
                     recovery_action_group:
-                      description: >-
-                        An action group to use when an alert goes from an active
-                        state to an inactive one.
+                      description: An action group to use when an alert goes from an active state to an inactive one.
                       type: object
                       properties:
                         id:
@@ -950,9 +1140,7 @@ paths:
                       properties:
                         alerts_filter:
                           additionalProperties: false
-                          description: >-
-                            Defines a period that limits whether the action
-                            runs.
+                          description: Defines a period that limits whether the action runs.
                           type: object
                           properties:
                             query:
@@ -960,15 +1148,10 @@ paths:
                               type: object
                               properties:
                                 dsl:
-                                  description: >-
-                                    A filter written in Elasticsearch Query
-                                    Domain Specific Language (DSL).
+                                  description: A filter written in Elasticsearch Query Domain Specific Language (DSL).
                                   type: string
                                 filters:
-                                  description: >-
-                                    A filter written in Elasticsearch Query
-                                    Domain Specific Language (DSL) as defined in
-                                    the `kbn-es-query` package.
+                                  description: A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package.
                                   items:
                                     additionalProperties: false
                                     type: object
@@ -978,9 +1161,7 @@ paths:
                                         type: object
                                         properties:
                                           store:
-                                            description: >-
-                                              A filter can be either specific to an
-                                              application context or applied globally.
+                                            description: A filter can be either specific to an application context or applied globally.
                                             enum:
                                               - appState
                                               - globalState
@@ -997,9 +1178,7 @@ paths:
                                       - meta
                                   type: array
                                 kql:
-                                  description: >-
-                                    A filter written in Kibana Query Language
-                                    (KQL).
+                                  description: A filter written in Kibana Query Language (KQL).
                                   type: string
                               required:
                                 - kql
@@ -1009,12 +1188,7 @@ paths:
                               type: object
                               properties:
                                 days:
-                                  description: >-
-                                    Defines the days of the week that the action
-                                    can run, represented as an array of numbers.
-                                    For example, `1` represents Monday. An empty
-                                    array is equivalent to specifying all the
-                                    days of the week.
+                                  description: Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week.
                                   items:
                                     enum:
                                       - 1
@@ -1031,55 +1205,30 @@ paths:
                                   type: object
                                   properties:
                                     end:
-                                      description: >-
-                                        The end of the time frame in 24-hour
-                                        notation (`hh:mm`).
+                                      description: The end of the time frame in 24-hour notation (`hh:mm`).
                                       type: string
                                     start:
-                                      description: >-
-                                        The start of the time frame in 24-hour
-                                        notation (`hh:mm`).
+                                      description: The start of the time frame in 24-hour notation (`hh:mm`).
                                       type: string
                                   required:
                                     - start
                                     - end
                                 timezone:
-                                  description: >-
-                                    The ISO time zone for the `hours` values.
-                                    Values such as `UTC` and `UTC+1` also work
-                                    but lack built-in daylight savings time
-                                    support and are not recommended.
+                                  description: The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended.
                                   type: string
                               required:
                                 - days
                                 - hours
                                 - timezone
                         connector_type_id:
-                          description: >-
-                            The type of connector. This property appears in
-                            responses but cannot be set in requests.
+                          description: The type of connector. This property appears in responses but cannot be set in requests.
                           type: string
                         frequency:
                           additionalProperties: false
                           type: object
                           properties:
                             notify_when:
-                              description: >-
-                                Indicates how often alerts generate actions.
-                                Valid values include: `onActionGroupChange`:
-                                Actions run when the alert status changes;
-                                `onActiveAlert`: Actions run when the alert
-                                becomes active and at each check interval while
-                                the rule conditions are met;
-                                `onThrottleInterval`: Actions run when the alert
-                                becomes active and at the interval specified in
-                                the throttle property while the rule conditions
-                                are met. NOTE: You cannot specify `notify_when`
-                                at both the rule and action level. The
-                                recommended method is to set it for each action.
-                                If you set it at the rule level then update the
-                                rule in Kibana, it is automatically changed to
-                                use action-specific values.
+                              description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.'
                               enum:
                                 - onActionGroupChange
                                 - onActiveAlert
@@ -1089,18 +1238,7 @@ paths:
                               description: Indicates whether the action is a summary.
                               type: boolean
                             throttle:
-                              description: >-
-                                The throttle interval, which defines how often
-                                an alert generates repeated actions. It is
-                                specified in seconds, minutes, hours, or days
-                                and is applicable only if 'notify_when' is set
-                                to 'onThrottleInterval'. NOTE: You cannot
-                                specify the throttle interval at both the rule
-                                and action level. The recommended method is to
-                                set it for each action. If you set it at the
-                                rule level then update the rule in Kibana, it is
-                                automatically changed to use action-specific
-                                values.
+                              description: 'The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if ''notify_when'' is set to ''onThrottleInterval''. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.'
                               nullable: true
                               type: string
                           required:
@@ -1108,30 +1246,20 @@ paths:
                             - notify_when
                             - throttle
                         group:
-                          description: >-
-                            The group name, which affects when the action runs
-                            (for example, when the threshold is met or when the
-                            alert is recovered). Each rule type has a list of
-                            valid action group names. If you don't need to group
-                            actions, set to `default`.
+                          description: The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`.
                           type: string
                         id:
                           description: The identifier for the connector saved object.
                           type: string
                         params:
                           additionalProperties: {}
-                          description: >-
-                            The parameters for the action, which are sent to the
-                            connector. The `params` are handled as Mustache
-                            templates and passed a default set of context.
+                          description: The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context.
                           type: object
                         use_alert_data_for_template:
                           description: Indicates whether to use alert data as a template.
                           type: boolean
                         uuid:
-                          description: >-
-                            A universally unique identifier (UUID) for the
-                            action.
+                          description: A universally unique identifier (UUID) for the action.
                           type: string
                       required:
                         - id
@@ -1145,36 +1273,24 @@ paths:
                     type: array
                   alert_delay:
                     additionalProperties: false
-                    description: >-
-                      Indicates that an alert occurs only when the specified
-                      number of consecutive runs met the rule conditions.
+                    description: Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions.
                     type: object
                     properties:
                       active:
-                        description: >-
-                          The number of consecutive runs that must meet the rule
-                          conditions.
+                        description: The number of consecutive runs that must meet the rule conditions.
                         type: number
                     required:
                       - active
                   api_key_created_by_user:
-                    description: >-
-                      Indicates whether the API key that is associated with the
-                      rule was created by the user.
+                    description: Indicates whether the API key that is associated with the rule was created by the user.
                     nullable: true
                     type: boolean
                   api_key_owner:
-                    description: >-
-                      The owner of the API key that is associated with the rule
-                      and used to run background tasks.
+                    description: The owner of the API key that is associated with the rule and used to run background tasks.
                     nullable: true
                     type: string
                   consumer:
-                    description: >-
-                      The name of the application or feature that owns the rule.
-                      For example: `alerts`, `apm`, `discover`,
-                      `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`,
-                      `securitySolution`, `siem`, `stackAlerts`, or `uptime`.
+                    description: 'The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.'
                     type: string
                   created_at:
                     description: The date and time that the rule was created.
@@ -1184,9 +1300,7 @@ paths:
                     nullable: true
                     type: string
                   enabled:
-                    description: >-
-                      Indicates whether you want to run the rule on an interval
-                      basis after it is created.
+                    description: Indicates whether you want to run the rule on an interval basis after it is created.
                     type: boolean
                   execution_status:
                     additionalProperties: false
@@ -1300,9 +1414,7 @@ paths:
                             nullable: true
                             type: number
                       outcome:
-                        description: >-
-                          Outcome of last run of the rule. Value could be
-                          succeeded, warning or failed.
+                        description: Outcome of last run of the rule. Value could be succeeded, warning or failed.
                         enum:
                           - succeeded
                           - warning
@@ -1352,9 +1464,7 @@ paths:
                         properties:
                           calculated_metrics:
                             additionalProperties: false
-                            description: >-
-                              Calculation of different percentiles and success
-                              ratio.
+                            description: Calculation of different percentiles and success ratio.
                             type: object
                             properties:
                               p50:
@@ -1377,18 +1487,14 @@ paths:
                                   description: Duration of the rule run.
                                   type: number
                                 outcome:
-                                  description: >-
-                                    Outcome of last run of the rule. Value could
-                                    be succeeded, warning or failed.
+                                  description: Outcome of last run of the rule. Value could be succeeded, warning or failed.
                                   enum:
                                     - succeeded
                                     - warning
                                     - failed
                                   type: string
                                 success:
-                                  description: >-
-                                    Indicates whether the rule run was
-                                    successful.
+                                  description: Indicates whether the rule run was successful.
                                   type: boolean
                                 timestamp:
                                   description: Time of rule run.
@@ -1413,29 +1519,19 @@ paths:
                                     nullable: true
                                     type: number
                                   total_alerts_created:
-                                    description: >-
-                                      Total number of alerts created during last
-                                      rule run.
+                                    description: Total number of alerts created during last rule run.
                                     nullable: true
                                     type: number
                                   total_alerts_detected:
-                                    description: >-
-                                      Total number of alerts detected during
-                                      last rule run.
+                                    description: Total number of alerts detected during last rule run.
                                     nullable: true
                                     type: number
                                   total_indexing_duration_ms:
-                                    description: >-
-                                      Total time spent indexing documents during
-                                      last rule run in milliseconds.
+                                    description: Total time spent indexing documents during last rule run in milliseconds.
                                     nullable: true
                                     type: number
                                   total_search_duration_ms:
-                                    description: >-
-                                      Total time spent performing Elasticsearch
-                                      searches as measured by Kibana; includes
-                                      network latency and time spent serializing
-                                      or deserializing the request and response.
+                                    description: Total time spent performing Elasticsearch searches as measured by Kibana; includes network latency and time spent serializing or deserializing the request and response.
                                     nullable: true
                                     type: number
                               timestamp:
@@ -1466,19 +1562,7 @@ paths:
                     nullable: true
                     type: string
                   notify_when:
-                    description: >-
-                      Indicates how often alerts generate actions. Valid values
-                      include: `onActionGroupChange`: Actions run when the alert
-                      status changes; `onActiveAlert`: Actions run when the
-                      alert becomes active and at each check interval while the
-                      rule conditions are met; `onThrottleInterval`: Actions run
-                      when the alert becomes active and at the interval
-                      specified in the throttle property while the rule
-                      conditions are met. NOTE: You cannot specify `notify_when`
-                      at both the rule and action level. The recommended method
-                      is to set it for each action. If you set it at the rule
-                      level then update the rule in Kibana, it is automatically
-                      changed to use action-specific values.
+                    description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.'
                     enum:
                       - onActionGroupChange
                       - onActiveAlert
@@ -1504,9 +1588,7 @@ paths:
                     type: object
                     properties:
                       interval:
-                        description: >-
-                          The interval is specified in seconds, minutes, hours,
-                          or days.
+                        description: The interval is specified in seconds, minutes, hours, or days.
                         type: string
                     required:
                       - interval
@@ -1542,9 +1624,7 @@ paths:
                               type: array
                             bymonth:
                               items:
-                                description: >-
-                                  Indicates months of the year that this rule
-                                  should recur.
+                                description: Indicates months of the year that this rule should recur.
                                 type: number
                               nullable: true
                               type: array
@@ -1562,12 +1642,7 @@ paths:
                               type: array
                             bysetpos:
                               items:
-                                description: >-
-                                  A positive or negative integer affecting the
-                                  nth day of the month. For example, -2 combined
-                                  with `byweekday` of FR is 2nd to last Friday
-                                  of the month. It is recommended to not set
-                                  this manually and just use `byweekday`.
+                                description: A positive or negative integer affecting the nth day of the month. For example, -2 combined with `byweekday` of FR is 2nd to last Friday of the month. It is recommended to not set this manually and just use `byweekday`.
                                 type: number
                               nullable: true
                               type: array
@@ -1576,13 +1651,7 @@ paths:
                                 anyOf:
                                   - type: string
                                   - type: number
-                                description: >-
-                                  Indicates the days of the week to recur or
-                                  else nth-day-of-month strings. For example,
-                                  "+2TU" second Tuesday of month, "-1FR" last
-                                  Friday of the month, which are internally
-                                  converted to a `byweekday/bysetpos`
-                                  combination.
+                                description: Indicates the days of the week to recur or else nth-day-of-month strings. For example, "+2TU" second Tuesday of month, "-1FR" last Friday of the month, which are internally converted to a `byweekday/bysetpos` combination.
                               nullable: true
                               type: array
                             byweekno:
@@ -1593,26 +1662,18 @@ paths:
                               type: array
                             byyearday:
                               items:
-                                description: >-
-                                  Indicates the days of the year that this rule
-                                  should recur.
+                                description: Indicates the days of the year that this rule should recur.
                                 type: number
                               nullable: true
                               type: array
                             count:
-                              description: >-
-                                Number of times the rule should recur until it
-                                stops.
+                              description: Number of times the rule should recur until it stops.
                               type: number
                             dtstart:
-                              description: >-
-                                Rule start date in Coordinated Universal Time
-                                (UTC).
+                              description: Rule start date in Coordinated Universal Time (UTC).
                               type: string
                             freq:
-                              description: >-
-                                Indicates frequency of the rule. Options are
-                                YEARLY, MONTHLY, WEEKLY, DAILY.
+                              description: Indicates frequency of the rule. Options are YEARLY, MONTHLY, WEEKLY, DAILY.
                               enum:
                                 - 0
                                 - 1
@@ -1623,10 +1684,7 @@ paths:
                                 - 6
                               type: integer
                             interval:
-                              description: >-
-                                Indicates the interval of frequency. For
-                                example, 1 and YEARLY is every 1 year, 2 and
-                                WEEKLY is every 2 weeks.
+                              description: Indicates the interval of frequency. For example, 1 and YEARLY is every 1 year, 2 and WEEKLY is every 2 weeks.
                               type: number
                             tzid:
                               description: Indicates timezone abbreviation.
@@ -1664,23 +1722,14 @@ paths:
                     type: array
                   throttle:
                     deprecated: true
-                    description: >-
-                      Deprecated in 8.13.0. Use the `throttle` property in the
-                      action `frequency` object instead. The throttle interval,
-                      which defines how often an alert generates repeated
-                      actions. NOTE: You cannot specify the throttle interval at
-                      both the rule and action level. If you set it at the rule
-                      level then update the rule in Kibana, it is automatically
-                      changed to use action-specific values.
+                    description: 'Deprecated in 8.13.0. Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.'
                     nullable: true
                     type: string
                   updated_at:
                     description: The date and time that the rule was updated most recently.
                     type: string
                   updated_by:
-                    description: >-
-                      The identifier for the user that updated this rule most
-                      recently.
+                    description: The identifier for the user that updated this rule most recently.
                     nullable: true
                     type: string
                   view_in_app_relative_url:
@@ -1734,12 +1783,10 @@ paths:
           schema:
             example: 'true'
             type: string
-        - description: >-
-            The identifier for the rule. If it is omitted, an ID is randomly
-            generated.
+        - description: The identifier for the rule. If it is omitted, an ID is randomly generated.
           in: path
           name: id
-          required: false
+          required: true
           schema:
             type: string
       requestBody:
@@ -1758,12 +1805,7 @@ paths:
                     properties:
                       alerts_filter:
                         additionalProperties: false
-                        description: >-
-                          Conditions that affect whether the action runs. If you
-                          specify multiple conditions, all conditions must be
-                          met for the action to run. For example, if an alert
-                          occurs within the specified time frame and matches the
-                          query, the action runs.
+                        description: Conditions that affect whether the action runs. If you specify multiple conditions, all conditions must be met for the action to run. For example, if an alert occurs within the specified time frame and matches the query, the action runs.
                         type: object
                         properties:
                           query:
@@ -1771,15 +1813,10 @@ paths:
                             type: object
                             properties:
                               dsl:
-                                description: >-
-                                  A filter written in Elasticsearch Query Domain
-                                  Specific Language (DSL).
+                                description: A filter written in Elasticsearch Query Domain Specific Language (DSL).
                                 type: string
                               filters:
-                                description: >-
-                                  A filter written in Elasticsearch Query Domain
-                                  Specific Language (DSL) as defined in the
-                                  `kbn-es-query` package.
+                                description: A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package.
                                 items:
                                   additionalProperties: false
                                   type: object
@@ -1789,9 +1826,7 @@ paths:
                                       type: object
                                       properties:
                                         store:
-                                          description: >-
-                                            A filter can be either specific to an
-                                            application context or applied globally.
+                                          description: A filter can be either specific to an application context or applied globally.
                                           enum:
                                             - appState
                                             - globalState
@@ -1808,27 +1843,18 @@ paths:
                                     - meta
                                 type: array
                               kql:
-                                description: >-
-                                  A filter written in Kibana Query Language
-                                  (KQL).
+                                description: A filter written in Kibana Query Language (KQL).
                                 type: string
                             required:
                               - kql
                               - filters
                           timeframe:
                             additionalProperties: false
-                            description: >-
-                              Defines a period that limits whether the action
-                              runs.
+                            description: Defines a period that limits whether the action runs.
                             type: object
                             properties:
                               days:
-                                description: >-
-                                  Defines the days of the week that the action
-                                  can run, represented as an array of numbers.
-                                  For example, `1` represents Monday. An empty
-                                  array is equivalent to specifying all the days
-                                  of the week.
+                                description: Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week.
                                 items:
                                   enum:
                                     - 1
@@ -1842,32 +1868,20 @@ paths:
                                 type: array
                               hours:
                                 additionalProperties: false
-                                description: >-
-                                  Defines the range of time in a day that the
-                                  action can run. If the `start` value is
-                                  `00:00` and the `end` value is `24:00`,
-                                  actions be generated all day.
+                                description: Defines the range of time in a day that the action can run. If the `start` value is `00:00` and the `end` value is `24:00`, actions be generated all day.
                                 type: object
                                 properties:
                                   end:
-                                    description: >-
-                                      The end of the time frame in 24-hour
-                                      notation (`hh:mm`).
+                                    description: The end of the time frame in 24-hour notation (`hh:mm`).
                                     type: string
                                   start:
-                                    description: >-
-                                      The start of the time frame in 24-hour
-                                      notation (`hh:mm`).
+                                    description: The start of the time frame in 24-hour notation (`hh:mm`).
                                     type: string
                                 required:
                                   - start
                                   - end
                               timezone:
-                                description: >-
-                                  The ISO time zone for the `hours` values.
-                                  Values such as `UTC` and `UTC+1` also work but
-                                  lack built-in daylight savings time support
-                                  and are not recommended.
+                                description: The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended.
                                 type: string
                             required:
                               - days
@@ -1878,21 +1892,7 @@ paths:
                         type: object
                         properties:
                           notify_when:
-                            description: >-
-                              Indicates how often alerts generate actions. Valid
-                              values include: `onActionGroupChange`: Actions run
-                              when the alert status changes; `onActiveAlert`:
-                              Actions run when the alert becomes active and at
-                              each check interval while the rule conditions are
-                              met; `onThrottleInterval`: Actions run when the
-                              alert becomes active and at the interval specified
-                              in the throttle property while the rule conditions
-                              are met. NOTE: You cannot specify `notify_when` at
-                              both the rule and action level. The recommended
-                              method is to set it for each action. If you set it
-                              at the rule level then update the rule in Kibana,
-                              it is automatically changed to use action-specific
-                              values.
+                            description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.'
                             enum:
                               - onActionGroupChange
                               - onActiveAlert
@@ -1902,17 +1902,7 @@ paths:
                             description: Indicates whether the action is a summary.
                             type: boolean
                           throttle:
-                            description: >-
-                              The throttle interval, which defines how often an
-                              alert generates repeated actions. It is specified
-                              in seconds, minutes, hours, or days and is
-                              applicable only if `notify_when` is set to
-                              `onThrottleInterval`. NOTE: You cannot specify the
-                              throttle interval at both the rule and action
-                              level. The recommended method is to set it for
-                              each action. If you set it at the rule level then
-                              update the rule in Kibana, it is automatically
-                              changed to use action-specific values.
+                            description: 'The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if `notify_when` is set to `onThrottleInterval`. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.'
                             nullable: true
                             type: string
                         required:
@@ -1920,12 +1910,7 @@ paths:
                           - notify_when
                           - throttle
                       group:
-                        description: >-
-                          The group name, which affects when the action runs
-                          (for example, when the threshold is met or when the
-                          alert is recovered). Each rule type has a list of
-                          valid action group names. If you don't need to group
-                          actions, set to `default`.
+                        description: The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`.
                         type: string
                       id:
                         description: The identifier for the connector saved object.
@@ -1933,10 +1918,7 @@ paths:
                       params:
                         additionalProperties: {}
                         default: {}
-                        description: >-
-                          The parameters for the action, which are sent to the
-                          connector. The `params` are handled as Mustache
-                          templates and passed a default set of context.
+                        description: The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context.
                         type: object
                       use_alert_data_for_template:
                         description: Indicates whether to use alert data as a template.
@@ -1949,30 +1931,20 @@ paths:
                   type: array
                 alert_delay:
                   additionalProperties: false
-                  description: >-
-                    Indicates that an alert occurs only when the specified
-                    number of consecutive runs met the rule conditions.
+                  description: Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions.
                   type: object
                   properties:
                     active:
-                      description: >-
-                        The number of consecutive runs that must meet the rule
-                        conditions.
+                      description: The number of consecutive runs that must meet the rule conditions.
                       type: number
                   required:
                     - active
                 consumer:
-                  description: >-
-                    The name of the application or feature that owns the rule.
-                    For example: `alerts`, `apm`, `discover`, `infrastructure`,
-                    `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`,
-                    `siem`, `stackAlerts`, or `uptime`.
+                  description: 'The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.'
                   type: string
                 enabled:
                   default: true
-                  description: >-
-                    Indicates whether you want to run the rule on an interval
-                    basis after it is created.
+                  description: Indicates whether you want to run the rule on an interval basis after it is created.
                   type: boolean
                 flapping:
                   additionalProperties: false
@@ -1991,49 +1963,26 @@ paths:
                     - look_back_window
                     - status_change_threshold
                 name:
-                  description: >-
-                    The name of the rule. While this name does not have to be
-                    unique, a distinctive name can help you identify a rule.
+                  description: The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule.
                   type: string
                 notify_when:
-                  description: >-
-                    Indicates how often alerts generate actions. Valid values
-                    include: `onActionGroupChange`: Actions run when the alert
-                    status changes; `onActiveAlert`: Actions run when the alert
-                    becomes active and at each check interval while the rule
-                    conditions are met; `onThrottleInterval`: Actions run when
-                    the alert becomes active and at the interval specified in
-                    the throttle property while the rule conditions are met.
-                    NOTE: You cannot specify `notify_when` at both the rule and
-                    action level. The recommended method is to set it for each
-                    action. If you set it at the rule level then update the rule
-                    in Kibana, it is automatically changed to use
-                    action-specific values.
+                  description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.'
                   enum:
                     - onActionGroupChange
                     - onActiveAlert
                     - onThrottleInterval
                   nullable: true
                   type: string
-                params:
-                  additionalProperties: {}
-                  default: {}
-                  description: The parameters for the rule.
-                  type: object
                 rule_type_id:
                   description: The rule type identifier.
                   type: string
                 schedule:
                   additionalProperties: false
-                  description: >-
-                    The check interval, which specifies how frequently the rule
-                    conditions are checked.
+                  description: The check interval, which specifies how frequently the rule conditions are checked.
                   type: object
                   properties:
                     interval:
-                      description: >-
-                        The interval is specified in seconds, minutes, hours, or
-                        days.
+                      description: The interval is specified in seconds, minutes, hours, or days.
                       type: string
                   required:
                     - interval
@@ -2044,20 +1993,44 @@ paths:
                     type: string
                   type: array
                 throttle:
-                  description: >-
-                    Use the `throttle` property in the action `frequency` object
-                    instead. The throttle interval, which defines how often an
-                    alert generates repeated actions. NOTE: You cannot specify
-                    the throttle interval at both the rule and action level. If
-                    you set it at the rule level then update the rule in Kibana,
-                    it is automatically changed to use action-specific values.
+                  description: 'Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.'
                   nullable: true
                   type: string
+                params:
+                  additionalProperties: {}
+                  default: {}
+                  description: The parameters for the rule.
+                  anyOf:
+                    - $ref: '#/components/schemas/params_property_apm_anomaly'
+                    - $ref: '#/components/schemas/params_property_apm_error_count'
+                    - $ref: '#/components/schemas/params_property_apm_transaction_duration'
+                    - $ref: '#/components/schemas/params_property_apm_transaction_error_rate'
+                    - $ref: '#/components/schemas/params_es_query_dsl_rule'
+                    - $ref: '#/components/schemas/params_es_query_esql_rule'
+                    - $ref: '#/components/schemas/params_es_query_kql_rule'
+                    - $ref: '#/components/schemas/params_index_threshold_rule'
+                    - $ref: '#/components/schemas/params_property_infra_inventory'
+                    - $ref: '#/components/schemas/params_property_log_threshold'
+                    - $ref: '#/components/schemas/params_property_infra_metric_threshold'
+                    - $ref: '#/components/schemas/params_property_slo_burn_rate'
+                    - $ref: '#/components/schemas/params_property_synthetics_uptime_tls'
+                    - $ref: '#/components/schemas/params_property_synthetics_monitor_status'
               required:
                 - name
                 - rule_type_id
                 - consumer
                 - schedule
+            examples:
+              createEsQueryEsqlRuleRequest:
+                $ref: '#/components/examples/create_es_query_esql_rule_request'
+              createEsQueryRuleRequest:
+                $ref: '#/components/examples/create_es_query_rule_request'
+              createEsQueryKqlRuleRequest:
+                $ref: '#/components/examples/create_es_query_kql_rule_request'
+              createIndexThresholdRuleRequest:
+                $ref: '#/components/examples/create_index_threshold_rule_request'
+              createTrackingContainmentRuleRequest:
+                $ref: '#/components/examples/create_tracking_containment_rule_request'
       responses:
         '200':
           content:
@@ -2073,9 +2046,7 @@ paths:
                       properties:
                         alerts_filter:
                           additionalProperties: false
-                          description: >-
-                            Defines a period that limits whether the action
-                            runs.
+                          description: Defines a period that limits whether the action runs.
                           type: object
                           properties:
                             query:
@@ -2083,15 +2054,10 @@ paths:
                               type: object
                               properties:
                                 dsl:
-                                  description: >-
-                                    A filter written in Elasticsearch Query
-                                    Domain Specific Language (DSL).
+                                  description: A filter written in Elasticsearch Query Domain Specific Language (DSL).
                                   type: string
                                 filters:
-                                  description: >-
-                                    A filter written in Elasticsearch Query
-                                    Domain Specific Language (DSL) as defined in
-                                    the `kbn-es-query` package.
+                                  description: A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package.
                                   items:
                                     additionalProperties: false
                                     type: object
@@ -2101,9 +2067,7 @@ paths:
                                         type: object
                                         properties:
                                           store:
-                                            description: >-
-                                              A filter can be either specific to an
-                                              application context or applied globally.
+                                            description: A filter can be either specific to an application context or applied globally.
                                             enum:
                                               - appState
                                               - globalState
@@ -2120,9 +2084,7 @@ paths:
                                       - meta
                                   type: array
                                 kql:
-                                  description: >-
-                                    A filter written in Kibana Query Language
-                                    (KQL).
+                                  description: A filter written in Kibana Query Language (KQL).
                                   type: string
                               required:
                                 - kql
@@ -2132,12 +2094,7 @@ paths:
                               type: object
                               properties:
                                 days:
-                                  description: >-
-                                    Defines the days of the week that the action
-                                    can run, represented as an array of numbers.
-                                    For example, `1` represents Monday. An empty
-                                    array is equivalent to specifying all the
-                                    days of the week.
+                                  description: Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week.
                                   items:
                                     enum:
                                       - 1
@@ -2154,55 +2111,30 @@ paths:
                                   type: object
                                   properties:
                                     end:
-                                      description: >-
-                                        The end of the time frame in 24-hour
-                                        notation (`hh:mm`).
+                                      description: The end of the time frame in 24-hour notation (`hh:mm`).
                                       type: string
                                     start:
-                                      description: >-
-                                        The start of the time frame in 24-hour
-                                        notation (`hh:mm`).
+                                      description: The start of the time frame in 24-hour notation (`hh:mm`).
                                       type: string
                                   required:
                                     - start
                                     - end
                                 timezone:
-                                  description: >-
-                                    The ISO time zone for the `hours` values.
-                                    Values such as `UTC` and `UTC+1` also work
-                                    but lack built-in daylight savings time
-                                    support and are not recommended.
+                                  description: The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended.
                                   type: string
                               required:
                                 - days
                                 - hours
                                 - timezone
                         connector_type_id:
-                          description: >-
-                            The type of connector. This property appears in
-                            responses but cannot be set in requests.
+                          description: The type of connector. This property appears in responses but cannot be set in requests.
                           type: string
                         frequency:
                           additionalProperties: false
                           type: object
                           properties:
                             notify_when:
-                              description: >-
-                                Indicates how often alerts generate actions.
-                                Valid values include: `onActionGroupChange`:
-                                Actions run when the alert status changes;
-                                `onActiveAlert`: Actions run when the alert
-                                becomes active and at each check interval while
-                                the rule conditions are met;
-                                `onThrottleInterval`: Actions run when the alert
-                                becomes active and at the interval specified in
-                                the throttle property while the rule conditions
-                                are met. NOTE: You cannot specify `notify_when`
-                                at both the rule and action level. The
-                                recommended method is to set it for each action.
-                                If you set it at the rule level then update the
-                                rule in Kibana, it is automatically changed to
-                                use action-specific values.
+                              description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.'
                               enum:
                                 - onActionGroupChange
                                 - onActiveAlert
@@ -2212,18 +2144,7 @@ paths:
                               description: Indicates whether the action is a summary.
                               type: boolean
                             throttle:
-                              description: >-
-                                The throttle interval, which defines how often
-                                an alert generates repeated actions. It is
-                                specified in seconds, minutes, hours, or days
-                                and is applicable only if 'notify_when' is set
-                                to 'onThrottleInterval'. NOTE: You cannot
-                                specify the throttle interval at both the rule
-                                and action level. The recommended method is to
-                                set it for each action. If you set it at the
-                                rule level then update the rule in Kibana, it is
-                                automatically changed to use action-specific
-                                values.
+                              description: 'The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if ''notify_when'' is set to ''onThrottleInterval''. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.'
                               nullable: true
                               type: string
                           required:
@@ -2231,30 +2152,20 @@ paths:
                             - notify_when
                             - throttle
                         group:
-                          description: >-
-                            The group name, which affects when the action runs
-                            (for example, when the threshold is met or when the
-                            alert is recovered). Each rule type has a list of
-                            valid action group names. If you don't need to group
-                            actions, set to `default`.
+                          description: The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`.
                           type: string
                         id:
                           description: The identifier for the connector saved object.
                           type: string
                         params:
                           additionalProperties: {}
-                          description: >-
-                            The parameters for the action, which are sent to the
-                            connector. The `params` are handled as Mustache
-                            templates and passed a default set of context.
+                          description: The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context.
                           type: object
                         use_alert_data_for_template:
                           description: Indicates whether to use alert data as a template.
                           type: boolean
                         uuid:
-                          description: >-
-                            A universally unique identifier (UUID) for the
-                            action.
+                          description: A universally unique identifier (UUID) for the action.
                           type: string
                       required:
                         - id
@@ -2268,36 +2179,24 @@ paths:
                     type: array
                   alert_delay:
                     additionalProperties: false
-                    description: >-
-                      Indicates that an alert occurs only when the specified
-                      number of consecutive runs met the rule conditions.
+                    description: Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions.
                     type: object
                     properties:
                       active:
-                        description: >-
-                          The number of consecutive runs that must meet the rule
-                          conditions.
+                        description: The number of consecutive runs that must meet the rule conditions.
                         type: number
                     required:
                       - active
                   api_key_created_by_user:
-                    description: >-
-                      Indicates whether the API key that is associated with the
-                      rule was created by the user.
+                    description: Indicates whether the API key that is associated with the rule was created by the user.
                     nullable: true
                     type: boolean
                   api_key_owner:
-                    description: >-
-                      The owner of the API key that is associated with the rule
-                      and used to run background tasks.
+                    description: The owner of the API key that is associated with the rule and used to run background tasks.
                     nullable: true
                     type: string
                   consumer:
-                    description: >-
-                      The name of the application or feature that owns the rule.
-                      For example: `alerts`, `apm`, `discover`,
-                      `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`,
-                      `securitySolution`, `siem`, `stackAlerts`, or `uptime`.
+                    description: 'The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.'
                     type: string
                   created_at:
                     description: The date and time that the rule was created.
@@ -2307,9 +2206,7 @@ paths:
                     nullable: true
                     type: string
                   enabled:
-                    description: >-
-                      Indicates whether you want to run the rule on an interval
-                      basis after it is created.
+                    description: Indicates whether you want to run the rule on an interval basis after it is created.
                     type: boolean
                   execution_status:
                     additionalProperties: false
@@ -2423,9 +2320,7 @@ paths:
                             nullable: true
                             type: number
                       outcome:
-                        description: >-
-                          Outcome of last run of the rule. Value could be
-                          succeeded, warning or failed.
+                        description: Outcome of last run of the rule. Value could be succeeded, warning or failed.
                         enum:
                           - succeeded
                           - warning
@@ -2475,9 +2370,7 @@ paths:
                         properties:
                           calculated_metrics:
                             additionalProperties: false
-                            description: >-
-                              Calculation of different percentiles and success
-                              ratio.
+                            description: Calculation of different percentiles and success ratio.
                             type: object
                             properties:
                               p50:
@@ -2500,18 +2393,14 @@ paths:
                                   description: Duration of the rule run.
                                   type: number
                                 outcome:
-                                  description: >-
-                                    Outcome of last run of the rule. Value could
-                                    be succeeded, warning or failed.
+                                  description: Outcome of last run of the rule. Value could be succeeded, warning or failed.
                                   enum:
                                     - succeeded
                                     - warning
                                     - failed
                                   type: string
                                 success:
-                                  description: >-
-                                    Indicates whether the rule run was
-                                    successful.
+                                  description: Indicates whether the rule run was successful.
                                   type: boolean
                                 timestamp:
                                   description: Time of rule run.
@@ -2536,29 +2425,19 @@ paths:
                                     nullable: true
                                     type: number
                                   total_alerts_created:
-                                    description: >-
-                                      Total number of alerts created during last
-                                      rule run.
+                                    description: Total number of alerts created during last rule run.
                                     nullable: true
                                     type: number
                                   total_alerts_detected:
-                                    description: >-
-                                      Total number of alerts detected during
-                                      last rule run.
+                                    description: Total number of alerts detected during last rule run.
                                     nullable: true
                                     type: number
                                   total_indexing_duration_ms:
-                                    description: >-
-                                      Total time spent indexing documents during
-                                      last rule run in milliseconds.
+                                    description: Total time spent indexing documents during last rule run in milliseconds.
                                     nullable: true
                                     type: number
                                   total_search_duration_ms:
-                                    description: >-
-                                      Total time spent performing Elasticsearch
-                                      searches as measured by Kibana; includes
-                                      network latency and time spent serializing
-                                      or deserializing the request and response.
+                                    description: Total time spent performing Elasticsearch searches as measured by Kibana; includes network latency and time spent serializing or deserializing the request and response.
                                     nullable: true
                                     type: number
                               timestamp:
@@ -2589,19 +2468,7 @@ paths:
                     nullable: true
                     type: string
                   notify_when:
-                    description: >-
-                      Indicates how often alerts generate actions. Valid values
-                      include: `onActionGroupChange`: Actions run when the alert
-                      status changes; `onActiveAlert`: Actions run when the
-                      alert becomes active and at each check interval while the
-                      rule conditions are met; `onThrottleInterval`: Actions run
-                      when the alert becomes active and at the interval
-                      specified in the throttle property while the rule
-                      conditions are met. NOTE: You cannot specify `notify_when`
-                      at both the rule and action level. The recommended method
-                      is to set it for each action. If you set it at the rule
-                      level then update the rule in Kibana, it is automatically
-                      changed to use action-specific values.
+                    description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.'
                     enum:
                       - onActionGroupChange
                       - onActiveAlert
@@ -2627,9 +2494,7 @@ paths:
                     type: object
                     properties:
                       interval:
-                        description: >-
-                          The interval is specified in seconds, minutes, hours,
-                          or days.
+                        description: The interval is specified in seconds, minutes, hours, or days.
                         type: string
                     required:
                       - interval
@@ -2665,9 +2530,7 @@ paths:
                               type: array
                             bymonth:
                               items:
-                                description: >-
-                                  Indicates months of the year that this rule
-                                  should recur.
+                                description: Indicates months of the year that this rule should recur.
                                 type: number
                               nullable: true
                               type: array
@@ -2685,12 +2548,7 @@ paths:
                               type: array
                             bysetpos:
                               items:
-                                description: >-
-                                  A positive or negative integer affecting the
-                                  nth day of the month. For example, -2 combined
-                                  with `byweekday` of FR is 2nd to last Friday
-                                  of the month. It is recommended to not set
-                                  this manually and just use `byweekday`.
+                                description: A positive or negative integer affecting the nth day of the month. For example, -2 combined with `byweekday` of FR is 2nd to last Friday of the month. It is recommended to not set this manually and just use `byweekday`.
                                 type: number
                               nullable: true
                               type: array
@@ -2699,13 +2557,7 @@ paths:
                                 anyOf:
                                   - type: string
                                   - type: number
-                                description: >-
-                                  Indicates the days of the week to recur or
-                                  else nth-day-of-month strings. For example,
-                                  "+2TU" second Tuesday of month, "-1FR" last
-                                  Friday of the month, which are internally
-                                  converted to a `byweekday/bysetpos`
-                                  combination.
+                                description: Indicates the days of the week to recur or else nth-day-of-month strings. For example, "+2TU" second Tuesday of month, "-1FR" last Friday of the month, which are internally converted to a `byweekday/bysetpos` combination.
                               nullable: true
                               type: array
                             byweekno:
@@ -2716,26 +2568,18 @@ paths:
                               type: array
                             byyearday:
                               items:
-                                description: >-
-                                  Indicates the days of the year that this rule
-                                  should recur.
+                                description: Indicates the days of the year that this rule should recur.
                                 type: number
                               nullable: true
                               type: array
                             count:
-                              description: >-
-                                Number of times the rule should recur until it
-                                stops.
+                              description: Number of times the rule should recur until it stops.
                               type: number
                             dtstart:
-                              description: >-
-                                Rule start date in Coordinated Universal Time
-                                (UTC).
+                              description: Rule start date in Coordinated Universal Time (UTC).
                               type: string
                             freq:
-                              description: >-
-                                Indicates frequency of the rule. Options are
-                                YEARLY, MONTHLY, WEEKLY, DAILY.
+                              description: Indicates frequency of the rule. Options are YEARLY, MONTHLY, WEEKLY, DAILY.
                               enum:
                                 - 0
                                 - 1
@@ -2746,10 +2590,7 @@ paths:
                                 - 6
                               type: integer
                             interval:
-                              description: >-
-                                Indicates the interval of frequency. For
-                                example, 1 and YEARLY is every 1 year, 2 and
-                                WEEKLY is every 2 weeks.
+                              description: Indicates the interval of frequency. For example, 1 and YEARLY is every 1 year, 2 and WEEKLY is every 2 weeks.
                               type: number
                             tzid:
                               description: Indicates timezone abbreviation.
@@ -2787,23 +2628,14 @@ paths:
                     type: array
                   throttle:
                     deprecated: true
-                    description: >-
-                      Deprecated in 8.13.0. Use the `throttle` property in the
-                      action `frequency` object instead. The throttle interval,
-                      which defines how often an alert generates repeated
-                      actions. NOTE: You cannot specify the throttle interval at
-                      both the rule and action level. If you set it at the rule
-                      level then update the rule in Kibana, it is automatically
-                      changed to use action-specific values.
+                    description: 'Deprecated in 8.13.0. Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.'
                     nullable: true
                     type: string
                   updated_at:
                     description: The date and time that the rule was updated most recently.
                     type: string
                   updated_by:
-                    description: >-
-                      The identifier for the user that updated this rule most
-                      recently.
+                    description: The identifier for the user that updated this rule most recently.
                     nullable: true
                     type: string
                   view_in_app_relative_url:
@@ -2829,6 +2661,17 @@ paths:
                   - muted_alert_ids
                   - execution_status
                   - revision
+              examples:
+                createEsQueryEsqlRuleResponse:
+                  $ref: '#/components/examples/create_es_query_esql_rule_response'
+                createEsQueryRuleResponse:
+                  $ref: '#/components/examples/create_es_query_rule_response'
+                createEsQueryKqlRuleResponse:
+                  $ref: '#/components/examples/create_es_query_kql_rule_response'
+                createIndexThresholdRuleResponse:
+                  $ref: '#/components/examples/create_index_threshold_rule_response'
+                createTrackingContainmentRuleResponse:
+                  $ref: '#/components/examples/create_tracking_containment_rule_response'
           description: Indicates a successful call.
         '400':
           description: Indicates an invalid schema or parameters.
@@ -2886,15 +2729,10 @@ paths:
                             type: object
                             properties:
                               dsl:
-                                description: >-
-                                  A filter written in Elasticsearch Query Domain
-                                  Specific Language (DSL).
+                                description: A filter written in Elasticsearch Query Domain Specific Language (DSL).
                                 type: string
                               filters:
-                                description: >-
-                                  A filter written in Elasticsearch Query Domain
-                                  Specific Language (DSL) as defined in the
-                                  `kbn-es-query` package.
+                                description: A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package.
                                 items:
                                   additionalProperties: false
                                   type: object
@@ -2904,9 +2742,7 @@ paths:
                                       type: object
                                       properties:
                                         store:
-                                          description: >-
-                                            A filter can be either specific to an
-                                            application context or applied globally.
+                                          description: A filter can be either specific to an application context or applied globally.
                                           enum:
                                             - appState
                                             - globalState
@@ -2923,27 +2759,18 @@ paths:
                                     - meta
                                 type: array
                               kql:
-                                description: >-
-                                  A filter written in Kibana Query Language
-                                  (KQL).
+                                description: A filter written in Kibana Query Language (KQL).
                                 type: string
                             required:
                               - kql
                               - filters
                           timeframe:
                             additionalProperties: false
-                            description: >-
-                              Defines a period that limits whether the action
-                              runs.
+                            description: Defines a period that limits whether the action runs.
                             type: object
                             properties:
                               days:
-                                description: >-
-                                  Defines the days of the week that the action
-                                  can run, represented as an array of numbers.
-                                  For example, `1` represents Monday. An empty
-                                  array is equivalent to specifying all the days
-                                  of the week.
+                                description: Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week.
                                 items:
                                   enum:
                                     - 1
@@ -2957,32 +2784,20 @@ paths:
                                 type: array
                               hours:
                                 additionalProperties: false
-                                description: >-
-                                  Defines the range of time in a day that the
-                                  action can run. If the `start` value is
-                                  `00:00` and the `end` value is `24:00`,
-                                  actions be generated all day.
+                                description: Defines the range of time in a day that the action can run. If the `start` value is `00:00` and the `end` value is `24:00`, actions be generated all day.
                                 type: object
                                 properties:
                                   end:
-                                    description: >-
-                                      The end of the time frame in 24-hour
-                                      notation (`hh:mm`).
+                                    description: The end of the time frame in 24-hour notation (`hh:mm`).
                                     type: string
                                   start:
-                                    description: >-
-                                      The start of the time frame in 24-hour
-                                      notation (`hh:mm`).
+                                    description: The start of the time frame in 24-hour notation (`hh:mm`).
                                     type: string
                                 required:
                                   - start
                                   - end
                               timezone:
-                                description: >-
-                                  The ISO time zone for the `hours` values.
-                                  Values such as `UTC` and `UTC+1` also work but
-                                  lack built-in daylight savings time support
-                                  and are not recommended.
+                                description: The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended.
                                 type: string
                             required:
                               - days
@@ -2993,21 +2808,7 @@ paths:
                         type: object
                         properties:
                           notify_when:
-                            description: >-
-                              Indicates how often alerts generate actions. Valid
-                              values include: `onActionGroupChange`: Actions run
-                              when the alert status changes; `onActiveAlert`:
-                              Actions run when the alert becomes active and at
-                              each check interval while the rule conditions are
-                              met; `onThrottleInterval`: Actions run when the
-                              alert becomes active and at the interval specified
-                              in the throttle property while the rule conditions
-                              are met. NOTE: You cannot specify `notify_when` at
-                              both the rule and action level. The recommended
-                              method is to set it for each action. If you set it
-                              at the rule level then update the rule in Kibana,
-                              it is automatically changed to use action-specific
-                              values.
+                            description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.'
                             enum:
                               - onActionGroupChange
                               - onActiveAlert
@@ -3017,17 +2818,7 @@ paths:
                             description: Indicates whether the action is a summary.
                             type: boolean
                           throttle:
-                            description: >-
-                              The throttle interval, which defines how often an
-                              alert generates repeated actions. It is specified
-                              in seconds, minutes, hours, or days and is
-                              applicable only if `notify_when` is set to
-                              `onThrottleInterval`. NOTE: You cannot specify the
-                              throttle interval at both the rule and action
-                              level. The recommended method is to set it for
-                              each action. If you set it at the rule level then
-                              update the rule in Kibana, it is automatically
-                              changed to use action-specific values.
+                            description: 'The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if `notify_when` is set to `onThrottleInterval`. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.'
                             nullable: true
                             type: string
                         required:
@@ -3035,12 +2826,7 @@ paths:
                           - notify_when
                           - throttle
                       group:
-                        description: >-
-                          The group name, which affects when the action runs
-                          (for example, when the threshold is met or when the
-                          alert is recovered). Each rule type has a list of
-                          valid action group names. If you don't need to group
-                          actions, set to `default`.
+                        description: The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`.
                         type: string
                       id:
                         description: The identifier for the connector saved object.
@@ -3048,10 +2834,7 @@ paths:
                       params:
                         additionalProperties: {}
                         default: {}
-                        description: >-
-                          The parameters for the action, which are sent to the
-                          connector. The `params` are handled as Mustache
-                          templates and passed a default set of context.
+                        description: The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context.
                         type: object
                       use_alert_data_for_template:
                         description: Indicates whether to use alert data as a template.
@@ -3064,15 +2847,11 @@ paths:
                   type: array
                 alert_delay:
                   additionalProperties: false
-                  description: >-
-                    Indicates that an alert occurs only when the specified
-                    number of consecutive runs met the rule conditions.
+                  description: Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions.
                   type: object
                   properties:
                     active:
-                      description: >-
-                        The number of consecutive runs that must meet the rule
-                        conditions.
+                      description: The number of consecutive runs that must meet the rule conditions.
                       type: number
                   required:
                     - active
@@ -3093,24 +2872,10 @@ paths:
                     - look_back_window
                     - status_change_threshold
                 name:
-                  description: >-
-                    The name of the rule. While this name does not have to be
-                    unique, a distinctive name can help you identify a rule.
+                  description: The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule.
                   type: string
                 notify_when:
-                  description: >-
-                    Indicates how often alerts generate actions. Valid values
-                    include: `onActionGroupChange`: Actions run when the alert
-                    status changes; `onActiveAlert`: Actions run when the alert
-                    becomes active and at each check interval while the rule
-                    conditions are met; `onThrottleInterval`: Actions run when
-                    the alert becomes active and at the interval specified in
-                    the throttle property while the rule conditions are met.
-                    NOTE: You cannot specify `notify_when` at both the rule and
-                    action level. The recommended method is to set it for each
-                    action. If you set it at the rule level then update the rule
-                    in Kibana, it is automatically changed to use
-                    action-specific values.
+                  description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.'
                   enum:
                     - onActionGroupChange
                     - onActiveAlert
@@ -3127,9 +2892,7 @@ paths:
                   type: object
                   properties:
                     interval:
-                      description: >-
-                        The interval is specified in seconds, minutes, hours, or
-                        days.
+                      description: The interval is specified in seconds, minutes, hours, or days.
                       type: string
                   required:
                     - interval
@@ -3140,18 +2903,15 @@ paths:
                     type: string
                   type: array
                 throttle:
-                  description: >-
-                    Use the `throttle` property in the action `frequency` object
-                    instead. The throttle interval, which defines how often an
-                    alert generates repeated actions. NOTE: You cannot specify
-                    the throttle interval at both the rule and action level. If
-                    you set it at the rule level then update the rule in Kibana,
-                    it is automatically changed to use action-specific values.
+                  description: 'Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.'
                   nullable: true
                   type: string
               required:
                 - name
                 - schedule
+            examples:
+              updateRuleRequest:
+                $ref: '#/components/examples/update_rule_request'
       responses:
         '200':
           content:
@@ -3167,9 +2927,7 @@ paths:
                       properties:
                         alerts_filter:
                           additionalProperties: false
-                          description: >-
-                            Defines a period that limits whether the action
-                            runs.
+                          description: Defines a period that limits whether the action runs.
                           type: object
                           properties:
                             query:
@@ -3177,15 +2935,10 @@ paths:
                               type: object
                               properties:
                                 dsl:
-                                  description: >-
-                                    A filter written in Elasticsearch Query
-                                    Domain Specific Language (DSL).
+                                  description: A filter written in Elasticsearch Query Domain Specific Language (DSL).
                                   type: string
                                 filters:
-                                  description: >-
-                                    A filter written in Elasticsearch Query
-                                    Domain Specific Language (DSL) as defined in
-                                    the `kbn-es-query` package.
+                                  description: A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package.
                                   items:
                                     additionalProperties: false
                                     type: object
@@ -3195,9 +2948,7 @@ paths:
                                         type: object
                                         properties:
                                           store:
-                                            description: >-
-                                              A filter can be either specific to an
-                                              application context or applied globally.
+                                            description: A filter can be either specific to an application context or applied globally.
                                             enum:
                                               - appState
                                               - globalState
@@ -3214,9 +2965,7 @@ paths:
                                       - meta
                                   type: array
                                 kql:
-                                  description: >-
-                                    A filter written in Kibana Query Language
-                                    (KQL).
+                                  description: A filter written in Kibana Query Language (KQL).
                                   type: string
                               required:
                                 - kql
@@ -3226,12 +2975,7 @@ paths:
                               type: object
                               properties:
                                 days:
-                                  description: >-
-                                    Defines the days of the week that the action
-                                    can run, represented as an array of numbers.
-                                    For example, `1` represents Monday. An empty
-                                    array is equivalent to specifying all the
-                                    days of the week.
+                                  description: Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week.
                                   items:
                                     enum:
                                       - 1
@@ -3248,55 +2992,30 @@ paths:
                                   type: object
                                   properties:
                                     end:
-                                      description: >-
-                                        The end of the time frame in 24-hour
-                                        notation (`hh:mm`).
+                                      description: The end of the time frame in 24-hour notation (`hh:mm`).
                                       type: string
                                     start:
-                                      description: >-
-                                        The start of the time frame in 24-hour
-                                        notation (`hh:mm`).
+                                      description: The start of the time frame in 24-hour notation (`hh:mm`).
                                       type: string
                                   required:
                                     - start
                                     - end
                                 timezone:
-                                  description: >-
-                                    The ISO time zone for the `hours` values.
-                                    Values such as `UTC` and `UTC+1` also work
-                                    but lack built-in daylight savings time
-                                    support and are not recommended.
+                                  description: The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended.
                                   type: string
                               required:
                                 - days
                                 - hours
                                 - timezone
                         connector_type_id:
-                          description: >-
-                            The type of connector. This property appears in
-                            responses but cannot be set in requests.
+                          description: The type of connector. This property appears in responses but cannot be set in requests.
                           type: string
                         frequency:
                           additionalProperties: false
                           type: object
                           properties:
                             notify_when:
-                              description: >-
-                                Indicates how often alerts generate actions.
-                                Valid values include: `onActionGroupChange`:
-                                Actions run when the alert status changes;
-                                `onActiveAlert`: Actions run when the alert
-                                becomes active and at each check interval while
-                                the rule conditions are met;
-                                `onThrottleInterval`: Actions run when the alert
-                                becomes active and at the interval specified in
-                                the throttle property while the rule conditions
-                                are met. NOTE: You cannot specify `notify_when`
-                                at both the rule and action level. The
-                                recommended method is to set it for each action.
-                                If you set it at the rule level then update the
-                                rule in Kibana, it is automatically changed to
-                                use action-specific values.
+                              description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.'
                               enum:
                                 - onActionGroupChange
                                 - onActiveAlert
@@ -3306,18 +3025,7 @@ paths:
                               description: Indicates whether the action is a summary.
                               type: boolean
                             throttle:
-                              description: >-
-                                The throttle interval, which defines how often
-                                an alert generates repeated actions. It is
-                                specified in seconds, minutes, hours, or days
-                                and is applicable only if 'notify_when' is set
-                                to 'onThrottleInterval'. NOTE: You cannot
-                                specify the throttle interval at both the rule
-                                and action level. The recommended method is to
-                                set it for each action. If you set it at the
-                                rule level then update the rule in Kibana, it is
-                                automatically changed to use action-specific
-                                values.
+                              description: 'The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if ''notify_when'' is set to ''onThrottleInterval''. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.'
                               nullable: true
                               type: string
                           required:
@@ -3325,30 +3033,20 @@ paths:
                             - notify_when
                             - throttle
                         group:
-                          description: >-
-                            The group name, which affects when the action runs
-                            (for example, when the threshold is met or when the
-                            alert is recovered). Each rule type has a list of
-                            valid action group names. If you don't need to group
-                            actions, set to `default`.
+                          description: The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`.
                           type: string
                         id:
                           description: The identifier for the connector saved object.
                           type: string
                         params:
                           additionalProperties: {}
-                          description: >-
-                            The parameters for the action, which are sent to the
-                            connector. The `params` are handled as Mustache
-                            templates and passed a default set of context.
+                          description: The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context.
                           type: object
                         use_alert_data_for_template:
                           description: Indicates whether to use alert data as a template.
                           type: boolean
                         uuid:
-                          description: >-
-                            A universally unique identifier (UUID) for the
-                            action.
+                          description: A universally unique identifier (UUID) for the action.
                           type: string
                       required:
                         - id
@@ -3362,36 +3060,24 @@ paths:
                     type: array
                   alert_delay:
                     additionalProperties: false
-                    description: >-
-                      Indicates that an alert occurs only when the specified
-                      number of consecutive runs met the rule conditions.
+                    description: Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions.
                     type: object
                     properties:
                       active:
-                        description: >-
-                          The number of consecutive runs that must meet the rule
-                          conditions.
+                        description: The number of consecutive runs that must meet the rule conditions.
                         type: number
                     required:
                       - active
                   api_key_created_by_user:
-                    description: >-
-                      Indicates whether the API key that is associated with the
-                      rule was created by the user.
+                    description: Indicates whether the API key that is associated with the rule was created by the user.
                     nullable: true
                     type: boolean
                   api_key_owner:
-                    description: >-
-                      The owner of the API key that is associated with the rule
-                      and used to run background tasks.
+                    description: The owner of the API key that is associated with the rule and used to run background tasks.
                     nullable: true
                     type: string
                   consumer:
-                    description: >-
-                      The name of the application or feature that owns the rule.
-                      For example: `alerts`, `apm`, `discover`,
-                      `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`,
-                      `securitySolution`, `siem`, `stackAlerts`, or `uptime`.
+                    description: 'The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.'
                     type: string
                   created_at:
                     description: The date and time that the rule was created.
@@ -3401,9 +3087,7 @@ paths:
                     nullable: true
                     type: string
                   enabled:
-                    description: >-
-                      Indicates whether you want to run the rule on an interval
-                      basis after it is created.
+                    description: Indicates whether you want to run the rule on an interval basis after it is created.
                     type: boolean
                   execution_status:
                     additionalProperties: false
@@ -3517,9 +3201,7 @@ paths:
                             nullable: true
                             type: number
                       outcome:
-                        description: >-
-                          Outcome of last run of the rule. Value could be
-                          succeeded, warning or failed.
+                        description: Outcome of last run of the rule. Value could be succeeded, warning or failed.
                         enum:
                           - succeeded
                           - warning
@@ -3569,9 +3251,7 @@ paths:
                         properties:
                           calculated_metrics:
                             additionalProperties: false
-                            description: >-
-                              Calculation of different percentiles and success
-                              ratio.
+                            description: Calculation of different percentiles and success ratio.
                             type: object
                             properties:
                               p50:
@@ -3594,18 +3274,14 @@ paths:
                                   description: Duration of the rule run.
                                   type: number
                                 outcome:
-                                  description: >-
-                                    Outcome of last run of the rule. Value could
-                                    be succeeded, warning or failed.
+                                  description: Outcome of last run of the rule. Value could be succeeded, warning or failed.
                                   enum:
                                     - succeeded
                                     - warning
                                     - failed
                                   type: string
                                 success:
-                                  description: >-
-                                    Indicates whether the rule run was
-                                    successful.
+                                  description: Indicates whether the rule run was successful.
                                   type: boolean
                                 timestamp:
                                   description: Time of rule run.
@@ -3630,29 +3306,19 @@ paths:
                                     nullable: true
                                     type: number
                                   total_alerts_created:
-                                    description: >-
-                                      Total number of alerts created during last
-                                      rule run.
+                                    description: Total number of alerts created during last rule run.
                                     nullable: true
                                     type: number
                                   total_alerts_detected:
-                                    description: >-
-                                      Total number of alerts detected during
-                                      last rule run.
+                                    description: Total number of alerts detected during last rule run.
                                     nullable: true
                                     type: number
                                   total_indexing_duration_ms:
-                                    description: >-
-                                      Total time spent indexing documents during
-                                      last rule run in milliseconds.
+                                    description: Total time spent indexing documents during last rule run in milliseconds.
                                     nullable: true
                                     type: number
                                   total_search_duration_ms:
-                                    description: >-
-                                      Total time spent performing Elasticsearch
-                                      searches as measured by Kibana; includes
-                                      network latency and time spent serializing
-                                      or deserializing the request and response.
+                                    description: Total time spent performing Elasticsearch searches as measured by Kibana; includes network latency and time spent serializing or deserializing the request and response.
                                     nullable: true
                                     type: number
                               timestamp:
@@ -3683,19 +3349,7 @@ paths:
                     nullable: true
                     type: string
                   notify_when:
-                    description: >-
-                      Indicates how often alerts generate actions. Valid values
-                      include: `onActionGroupChange`: Actions run when the alert
-                      status changes; `onActiveAlert`: Actions run when the
-                      alert becomes active and at each check interval while the
-                      rule conditions are met; `onThrottleInterval`: Actions run
-                      when the alert becomes active and at the interval
-                      specified in the throttle property while the rule
-                      conditions are met. NOTE: You cannot specify `notify_when`
-                      at both the rule and action level. The recommended method
-                      is to set it for each action. If you set it at the rule
-                      level then update the rule in Kibana, it is automatically
-                      changed to use action-specific values.
+                    description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.'
                     enum:
                       - onActionGroupChange
                       - onActiveAlert
@@ -3721,9 +3375,7 @@ paths:
                     type: object
                     properties:
                       interval:
-                        description: >-
-                          The interval is specified in seconds, minutes, hours,
-                          or days.
+                        description: The interval is specified in seconds, minutes, hours, or days.
                         type: string
                     required:
                       - interval
@@ -3759,9 +3411,7 @@ paths:
                               type: array
                             bymonth:
                               items:
-                                description: >-
-                                  Indicates months of the year that this rule
-                                  should recur.
+                                description: Indicates months of the year that this rule should recur.
                                 type: number
                               nullable: true
                               type: array
@@ -3779,12 +3429,7 @@ paths:
                               type: array
                             bysetpos:
                               items:
-                                description: >-
-                                  A positive or negative integer affecting the
-                                  nth day of the month. For example, -2 combined
-                                  with `byweekday` of FR is 2nd to last Friday
-                                  of the month. It is recommended to not set
-                                  this manually and just use `byweekday`.
+                                description: A positive or negative integer affecting the nth day of the month. For example, -2 combined with `byweekday` of FR is 2nd to last Friday of the month. It is recommended to not set this manually and just use `byweekday`.
                                 type: number
                               nullable: true
                               type: array
@@ -3793,13 +3438,7 @@ paths:
                                 anyOf:
                                   - type: string
                                   - type: number
-                                description: >-
-                                  Indicates the days of the week to recur or
-                                  else nth-day-of-month strings. For example,
-                                  "+2TU" second Tuesday of month, "-1FR" last
-                                  Friday of the month, which are internally
-                                  converted to a `byweekday/bysetpos`
-                                  combination.
+                                description: Indicates the days of the week to recur or else nth-day-of-month strings. For example, "+2TU" second Tuesday of month, "-1FR" last Friday of the month, which are internally converted to a `byweekday/bysetpos` combination.
                               nullable: true
                               type: array
                             byweekno:
@@ -3810,26 +3449,18 @@ paths:
                               type: array
                             byyearday:
                               items:
-                                description: >-
-                                  Indicates the days of the year that this rule
-                                  should recur.
+                                description: Indicates the days of the year that this rule should recur.
                                 type: number
                               nullable: true
                               type: array
                             count:
-                              description: >-
-                                Number of times the rule should recur until it
-                                stops.
+                              description: Number of times the rule should recur until it stops.
                               type: number
                             dtstart:
-                              description: >-
-                                Rule start date in Coordinated Universal Time
-                                (UTC).
+                              description: Rule start date in Coordinated Universal Time (UTC).
                               type: string
                             freq:
-                              description: >-
-                                Indicates frequency of the rule. Options are
-                                YEARLY, MONTHLY, WEEKLY, DAILY.
+                              description: Indicates frequency of the rule. Options are YEARLY, MONTHLY, WEEKLY, DAILY.
                               enum:
                                 - 0
                                 - 1
@@ -3840,10 +3471,7 @@ paths:
                                 - 6
                               type: integer
                             interval:
-                              description: >-
-                                Indicates the interval of frequency. For
-                                example, 1 and YEARLY is every 1 year, 2 and
-                                WEEKLY is every 2 weeks.
+                              description: Indicates the interval of frequency. For example, 1 and YEARLY is every 1 year, 2 and WEEKLY is every 2 weeks.
                               type: number
                             tzid:
                               description: Indicates timezone abbreviation.
@@ -3881,23 +3509,14 @@ paths:
                     type: array
                   throttle:
                     deprecated: true
-                    description: >-
-                      Deprecated in 8.13.0. Use the `throttle` property in the
-                      action `frequency` object instead. The throttle interval,
-                      which defines how often an alert generates repeated
-                      actions. NOTE: You cannot specify the throttle interval at
-                      both the rule and action level. If you set it at the rule
-                      level then update the rule in Kibana, it is automatically
-                      changed to use action-specific values.
+                    description: 'Deprecated in 8.13.0. Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.'
                     nullable: true
                     type: string
                   updated_at:
                     description: The date and time that the rule was updated most recently.
                     type: string
                   updated_by:
-                    description: >-
-                      The identifier for the user that updated this rule most
-                      recently.
+                    description: The identifier for the user that updated this rule most recently.
                     nullable: true
                     type: string
                   view_in_app_relative_url:
@@ -3923,6 +3542,9 @@ paths:
                   - muted_alert_ids
                   - execution_status
                   - revision
+              examples:
+                updateRuleResponse:
+                  $ref: '#/components/examples/update_rule_response'
           description: Indicates a successful call.
         '400':
           description: Indicates an invalid schema or parameters.
@@ -4248,9 +3870,7 @@ paths:
             default: 1
             minimum: 1
             type: number
-        - description: >-
-            An Elasticsearch simple_query_string query that filters the objects
-            in the response.
+        - description: An Elasticsearch simple_query_string query that filters the objects in the response.
           in: query
           name: search
           required: false
@@ -4276,9 +3896,7 @@ paths:
                   type: string
                 type: array
               - type: string
-        - description: >-
-            Determines which field is used to sort the results. The field must
-            exist in the `attributes` key of the response.
+        - description: Determines which field is used to sort the results. The field must exist in the `attributes` key of the response.
           in: query
           name: sort_field
           required: false
@@ -4293,9 +3911,7 @@ paths:
               - asc
               - desc
             type: string
-        - description: >-
-            Filters the rules that have a relation with the reference objects
-            with a specific type and identifier.
+        - description: Filters the rules that have a relation with the reference objects with a specific type and identifier.
           in: query
           name: has_reference
           required: false
@@ -4319,12 +3935,7 @@ paths:
               description: The fields to return in the `attributes` key of the response.
               type: string
             type: array
-        - description: >-
-            A KQL string that you filter with an attribute from your saved
-            object. It should look like `savedObjectType.attributes.title:
-            "myTitle"`. However, if you used a direct attribute of a saved
-            object, such as `updatedAt`, you must define your filter, for
-            example, `savedObjectType.updatedAt > 2018-12-22`.
+        - description: 'A KQL string that you filter with an attribute from your saved object. It should look like `savedObjectType.attributes.title: "myTitle"`. However, if you used a direct attribute of a saved object, such as `updatedAt`, you must define your filter, for example, `savedObjectType.updatedAt > 2018-12-22`.'
           in: query
           name: filter
           required: false
@@ -4353,9 +3964,7 @@ paths:
                       properties:
                         alerts_filter:
                           additionalProperties: false
-                          description: >-
-                            Defines a period that limits whether the action
-                            runs.
+                          description: Defines a period that limits whether the action runs.
                           type: object
                           properties:
                             query:
@@ -4363,15 +3972,10 @@ paths:
                               type: object
                               properties:
                                 dsl:
-                                  description: >-
-                                    A filter written in Elasticsearch Query
-                                    Domain Specific Language (DSL).
+                                  description: A filter written in Elasticsearch Query Domain Specific Language (DSL).
                                   type: string
                                 filters:
-                                  description: >-
-                                    A filter written in Elasticsearch Query
-                                    Domain Specific Language (DSL) as defined in
-                                    the `kbn-es-query` package.
+                                  description: A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package.
                                   items:
                                     additionalProperties: false
                                     type: object
@@ -4381,9 +3985,7 @@ paths:
                                         type: object
                                         properties:
                                           store:
-                                            description: >-
-                                              A filter can be either specific to an
-                                              application context or applied globally.
+                                            description: A filter can be either specific to an application context or applied globally.
                                             enum:
                                               - appState
                                               - globalState
@@ -4400,9 +4002,7 @@ paths:
                                       - meta
                                   type: array
                                 kql:
-                                  description: >-
-                                    A filter written in Kibana Query Language
-                                    (KQL).
+                                  description: A filter written in Kibana Query Language (KQL).
                                   type: string
                               required:
                                 - kql
@@ -4412,12 +4012,7 @@ paths:
                               type: object
                               properties:
                                 days:
-                                  description: >-
-                                    Defines the days of the week that the action
-                                    can run, represented as an array of numbers.
-                                    For example, `1` represents Monday. An empty
-                                    array is equivalent to specifying all the
-                                    days of the week.
+                                  description: Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week.
                                   items:
                                     enum:
                                       - 1
@@ -4434,55 +4029,30 @@ paths:
                                   type: object
                                   properties:
                                     end:
-                                      description: >-
-                                        The end of the time frame in 24-hour
-                                        notation (`hh:mm`).
+                                      description: The end of the time frame in 24-hour notation (`hh:mm`).
                                       type: string
                                     start:
-                                      description: >-
-                                        The start of the time frame in 24-hour
-                                        notation (`hh:mm`).
+                                      description: The start of the time frame in 24-hour notation (`hh:mm`).
                                       type: string
                                   required:
                                     - start
                                     - end
                                 timezone:
-                                  description: >-
-                                    The ISO time zone for the `hours` values.
-                                    Values such as `UTC` and `UTC+1` also work
-                                    but lack built-in daylight savings time
-                                    support and are not recommended.
+                                  description: The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended.
                                   type: string
                               required:
                                 - days
                                 - hours
                                 - timezone
                         connector_type_id:
-                          description: >-
-                            The type of connector. This property appears in
-                            responses but cannot be set in requests.
+                          description: The type of connector. This property appears in responses but cannot be set in requests.
                           type: string
                         frequency:
                           additionalProperties: false
                           type: object
                           properties:
                             notify_when:
-                              description: >-
-                                Indicates how often alerts generate actions.
-                                Valid values include: `onActionGroupChange`:
-                                Actions run when the alert status changes;
-                                `onActiveAlert`: Actions run when the alert
-                                becomes active and at each check interval while
-                                the rule conditions are met;
-                                `onThrottleInterval`: Actions run when the alert
-                                becomes active and at the interval specified in
-                                the throttle property while the rule conditions
-                                are met. NOTE: You cannot specify `notify_when`
-                                at both the rule and action level. The
-                                recommended method is to set it for each action.
-                                If you set it at the rule level then update the
-                                rule in Kibana, it is automatically changed to
-                                use action-specific values.
+                              description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.'
                               enum:
                                 - onActionGroupChange
                                 - onActiveAlert
@@ -4492,18 +4062,7 @@ paths:
                               description: Indicates whether the action is a summary.
                               type: boolean
                             throttle:
-                              description: >-
-                                The throttle interval, which defines how often
-                                an alert generates repeated actions. It is
-                                specified in seconds, minutes, hours, or days
-                                and is applicable only if 'notify_when' is set
-                                to 'onThrottleInterval'. NOTE: You cannot
-                                specify the throttle interval at both the rule
-                                and action level. The recommended method is to
-                                set it for each action. If you set it at the
-                                rule level then update the rule in Kibana, it is
-                                automatically changed to use action-specific
-                                values.
+                              description: 'The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if ''notify_when'' is set to ''onThrottleInterval''. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.'
                               nullable: true
                               type: string
                           required:
@@ -4511,30 +4070,20 @@ paths:
                             - notify_when
                             - throttle
                         group:
-                          description: >-
-                            The group name, which affects when the action runs
-                            (for example, when the threshold is met or when the
-                            alert is recovered). Each rule type has a list of
-                            valid action group names. If you don't need to group
-                            actions, set to `default`.
+                          description: The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`.
                           type: string
                         id:
                           description: The identifier for the connector saved object.
                           type: string
                         params:
                           additionalProperties: {}
-                          description: >-
-                            The parameters for the action, which are sent to the
-                            connector. The `params` are handled as Mustache
-                            templates and passed a default set of context.
+                          description: The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context.
                           type: object
                         use_alert_data_for_template:
                           description: Indicates whether to use alert data as a template.
                           type: boolean
                         uuid:
-                          description: >-
-                            A universally unique identifier (UUID) for the
-                            action.
+                          description: A universally unique identifier (UUID) for the action.
                           type: string
                       required:
                         - id
@@ -4548,36 +4097,24 @@ paths:
                     type: array
                   alert_delay:
                     additionalProperties: false
-                    description: >-
-                      Indicates that an alert occurs only when the specified
-                      number of consecutive runs met the rule conditions.
+                    description: Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions.
                     type: object
                     properties:
                       active:
-                        description: >-
-                          The number of consecutive runs that must meet the rule
-                          conditions.
+                        description: The number of consecutive runs that must meet the rule conditions.
                         type: number
                     required:
                       - active
                   api_key_created_by_user:
-                    description: >-
-                      Indicates whether the API key that is associated with the
-                      rule was created by the user.
+                    description: Indicates whether the API key that is associated with the rule was created by the user.
                     nullable: true
                     type: boolean
                   api_key_owner:
-                    description: >-
-                      The owner of the API key that is associated with the rule
-                      and used to run background tasks.
+                    description: The owner of the API key that is associated with the rule and used to run background tasks.
                     nullable: true
                     type: string
                   consumer:
-                    description: >-
-                      The name of the application or feature that owns the rule.
-                      For example: `alerts`, `apm`, `discover`,
-                      `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`,
-                      `securitySolution`, `siem`, `stackAlerts`, or `uptime`.
+                    description: 'The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.'
                     type: string
                   created_at:
                     description: The date and time that the rule was created.
@@ -4587,9 +4124,7 @@ paths:
                     nullable: true
                     type: string
                   enabled:
-                    description: >-
-                      Indicates whether you want to run the rule on an interval
-                      basis after it is created.
+                    description: Indicates whether you want to run the rule on an interval basis after it is created.
                     type: boolean
                   execution_status:
                     additionalProperties: false
@@ -4703,9 +4238,7 @@ paths:
                             nullable: true
                             type: number
                       outcome:
-                        description: >-
-                          Outcome of last run of the rule. Value could be
-                          succeeded, warning or failed.
+                        description: Outcome of last run of the rule. Value could be succeeded, warning or failed.
                         enum:
                           - succeeded
                           - warning
@@ -4755,9 +4288,7 @@ paths:
                         properties:
                           calculated_metrics:
                             additionalProperties: false
-                            description: >-
-                              Calculation of different percentiles and success
-                              ratio.
+                            description: Calculation of different percentiles and success ratio.
                             type: object
                             properties:
                               p50:
@@ -4780,18 +4311,14 @@ paths:
                                   description: Duration of the rule run.
                                   type: number
                                 outcome:
-                                  description: >-
-                                    Outcome of last run of the rule. Value could
-                                    be succeeded, warning or failed.
+                                  description: Outcome of last run of the rule. Value could be succeeded, warning or failed.
                                   enum:
                                     - succeeded
                                     - warning
                                     - failed
                                   type: string
                                 success:
-                                  description: >-
-                                    Indicates whether the rule run was
-                                    successful.
+                                  description: Indicates whether the rule run was successful.
                                   type: boolean
                                 timestamp:
                                   description: Time of rule run.
@@ -4816,29 +4343,19 @@ paths:
                                     nullable: true
                                     type: number
                                   total_alerts_created:
-                                    description: >-
-                                      Total number of alerts created during last
-                                      rule run.
+                                    description: Total number of alerts created during last rule run.
                                     nullable: true
                                     type: number
                                   total_alerts_detected:
-                                    description: >-
-                                      Total number of alerts detected during
-                                      last rule run.
+                                    description: Total number of alerts detected during last rule run.
                                     nullable: true
                                     type: number
                                   total_indexing_duration_ms:
-                                    description: >-
-                                      Total time spent indexing documents during
-                                      last rule run in milliseconds.
+                                    description: Total time spent indexing documents during last rule run in milliseconds.
                                     nullable: true
                                     type: number
                                   total_search_duration_ms:
-                                    description: >-
-                                      Total time spent performing Elasticsearch
-                                      searches as measured by Kibana; includes
-                                      network latency and time spent serializing
-                                      or deserializing the request and response.
+                                    description: Total time spent performing Elasticsearch searches as measured by Kibana; includes network latency and time spent serializing or deserializing the request and response.
                                     nullable: true
                                     type: number
                               timestamp:
@@ -4869,19 +4386,7 @@ paths:
                     nullable: true
                     type: string
                   notify_when:
-                    description: >-
-                      Indicates how often alerts generate actions. Valid values
-                      include: `onActionGroupChange`: Actions run when the alert
-                      status changes; `onActiveAlert`: Actions run when the
-                      alert becomes active and at each check interval while the
-                      rule conditions are met; `onThrottleInterval`: Actions run
-                      when the alert becomes active and at the interval
-                      specified in the throttle property while the rule
-                      conditions are met. NOTE: You cannot specify `notify_when`
-                      at both the rule and action level. The recommended method
-                      is to set it for each action. If you set it at the rule
-                      level then update the rule in Kibana, it is automatically
-                      changed to use action-specific values.
+                    description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.'
                     enum:
                       - onActionGroupChange
                       - onActiveAlert
@@ -4907,9 +4412,7 @@ paths:
                     type: object
                     properties:
                       interval:
-                        description: >-
-                          The interval is specified in seconds, minutes, hours,
-                          or days.
+                        description: The interval is specified in seconds, minutes, hours, or days.
                         type: string
                     required:
                       - interval
@@ -4945,9 +4448,7 @@ paths:
                               type: array
                             bymonth:
                               items:
-                                description: >-
-                                  Indicates months of the year that this rule
-                                  should recur.
+                                description: Indicates months of the year that this rule should recur.
                                 type: number
                               nullable: true
                               type: array
@@ -4965,12 +4466,7 @@ paths:
                               type: array
                             bysetpos:
                               items:
-                                description: >-
-                                  A positive or negative integer affecting the
-                                  nth day of the month. For example, -2 combined
-                                  with `byweekday` of FR is 2nd to last Friday
-                                  of the month. It is recommended to not set
-                                  this manually and just use `byweekday`.
+                                description: A positive or negative integer affecting the nth day of the month. For example, -2 combined with `byweekday` of FR is 2nd to last Friday of the month. It is recommended to not set this manually and just use `byweekday`.
                                 type: number
                               nullable: true
                               type: array
@@ -4979,13 +4475,7 @@ paths:
                                 anyOf:
                                   - type: string
                                   - type: number
-                                description: >-
-                                  Indicates the days of the week to recur or
-                                  else nth-day-of-month strings. For example,
-                                  "+2TU" second Tuesday of month, "-1FR" last
-                                  Friday of the month, which are internally
-                                  converted to a `byweekday/bysetpos`
-                                  combination.
+                                description: Indicates the days of the week to recur or else nth-day-of-month strings. For example, "+2TU" second Tuesday of month, "-1FR" last Friday of the month, which are internally converted to a `byweekday/bysetpos` combination.
                               nullable: true
                               type: array
                             byweekno:
@@ -4996,26 +4486,18 @@ paths:
                               type: array
                             byyearday:
                               items:
-                                description: >-
-                                  Indicates the days of the year that this rule
-                                  should recur.
+                                description: Indicates the days of the year that this rule should recur.
                                 type: number
                               nullable: true
                               type: array
                             count:
-                              description: >-
-                                Number of times the rule should recur until it
-                                stops.
+                              description: Number of times the rule should recur until it stops.
                               type: number
                             dtstart:
-                              description: >-
-                                Rule start date in Coordinated Universal Time
-                                (UTC).
+                              description: Rule start date in Coordinated Universal Time (UTC).
                               type: string
                             freq:
-                              description: >-
-                                Indicates frequency of the rule. Options are
-                                YEARLY, MONTHLY, WEEKLY, DAILY.
+                              description: Indicates frequency of the rule. Options are YEARLY, MONTHLY, WEEKLY, DAILY.
                               enum:
                                 - 0
                                 - 1
@@ -5026,10 +4508,7 @@ paths:
                                 - 6
                               type: integer
                             interval:
-                              description: >-
-                                Indicates the interval of frequency. For
-                                example, 1 and YEARLY is every 1 year, 2 and
-                                WEEKLY is every 2 weeks.
+                              description: Indicates the interval of frequency. For example, 1 and YEARLY is every 1 year, 2 and WEEKLY is every 2 weeks.
                               type: number
                             tzid:
                               description: Indicates timezone abbreviation.
@@ -5067,23 +4546,14 @@ paths:
                     type: array
                   throttle:
                     deprecated: true
-                    description: >-
-                      Deprecated in 8.13.0. Use the `throttle` property in the
-                      action `frequency` object instead. The throttle interval,
-                      which defines how often an alert generates repeated
-                      actions. NOTE: You cannot specify the throttle interval at
-                      both the rule and action level. If you set it at the rule
-                      level then update the rule in Kibana, it is automatically
-                      changed to use action-specific values.
+                    description: 'Deprecated in 8.13.0. Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.'
                     nullable: true
                     type: string
                   updated_at:
                     description: The date and time that the rule was updated most recently.
                     type: string
                   updated_by:
-                    description: >-
-                      The identifier for the user that updated this rule most
-                      recently.
+                    description: The identifier for the user that updated this rule most recently.
                     nullable: true
                     type: string
                   view_in_app_relative_url:
@@ -5109,6 +4579,11 @@ paths:
                   - muted_alert_ids
                   - execution_status
                   - revision
+              examples:
+                findRulesResponse:
+                  $ref: '#/components/examples/find_rules_response'
+                findConditionalActionRulesResponse:
+                  $ref: '#/components/examples/find_rules_response_conditional_action'
           description: Indicates a successful call.
         '400':
           description: Indicates an invalid schema or parameters.
@@ -5120,9 +4595,8 @@ paths:
   /api/alerts/alert/{alertId}:
     delete:
       deprecated: true
-      description: >
-        Deprecated in 7.13.0. Use the delete rule API instead. WARNING: After
-        you delete an alert, you cannot recover it.
+      description: |
+        Deprecated in 7.13.0. Use the delete rule API instead. WARNING: After you delete an alert, you cannot recover it.
       operationId: legaryDeleteAlert
       parameters:
         - $ref: '#/components/parameters/Alerting_kbn_xsrf'
@@ -5179,9 +4653,7 @@ paths:
       operationId: legacyCreateAlert
       parameters:
         - $ref: '#/components/parameters/Alerting_kbn_xsrf'
-        - description: >-
-            An UUID v1 or v4 identifier for the alert. If this parameter is
-            omitted, the identifier is randomly generated.
+        - description: An UUID v1 or v4 identifier for the alert. If this parameter is omitted, the identifier is randomly generated.
           in: path
           name: alertId
           required: true
@@ -5203,19 +4675,15 @@ paths:
                         description: The identifier for the action type.
                         type: string
                       group:
-                        description: >
-                          Grouping actions is recommended for escalations for
-                          different types of alert instances. If you don't need
-                          this functionality, set it to `default`.
+                        description: |
+                          Grouping actions is recommended for escalations for different types of alert instances. If you don't need this functionality, set it to `default`.
                         type: string
                       id:
                         description: The ID of the action saved object.
                         type: string
                       params:
-                        description: >
-                          The map to the `params` that the action type will
-                          receive. `params` are handled as Mustache templates
-                          and passed a default set of context.
+                        description: |
+                          The map to the `params` that the action type will receive. `params` are handled as Mustache templates and passed a default set of context.
                         type: object
                     required:
                       - actionTypeId
@@ -5224,20 +4692,13 @@ paths:
                       - params
                   type: array
                 alertTypeId:
-                  description: >-
-                    The ID of the alert type that you want to call when the
-                    alert is scheduled to run.
+                  description: The ID of the alert type that you want to call when the alert is scheduled to run.
                   type: string
                 consumer:
-                  description: >-
-                    The name of the application that owns the alert. This name
-                    has to match the Kibana feature name, as that dictates the
-                    required role-based access control privileges.
+                  description: The name of the application that owns the alert. This name has to match the Kibana feature name, as that dictates the required role-based access control privileges.
                   type: string
                 enabled:
-                  description: >-
-                    Indicates if you want to run the alert on an interval basis
-                    after it is created.
+                  description: Indicates if you want to run the alert on an interval basis after it is created.
                   type: boolean
                 name:
                   description: A name to reference and search.
@@ -5250,22 +4711,15 @@ paths:
                     - onThrottleInterval
                   type: string
                 params:
-                  description: >-
-                    The parameters to pass to the alert type executor `params`
-                    value. This will also validate against the alert type params
-                    validator, if defined.
+                  description: The parameters to pass to the alert type executor `params` value. This will also validate against the alert type params validator, if defined.
                   type: object
                 schedule:
-                  description: >
-                    The schedule specifying when this alert should be run. A
-                    schedule is structured such that the key specifies the
-                    format you wish to use and its value specifies the schedule.
+                  description: |
+                    The schedule specifying when this alert should be run. A schedule is structured such that the key specifies the format you wish to use and its value specifies the schedule.
                   type: object
                   properties:
                     interval:
-                      description: >-
-                        The interval format specifies the interval in seconds,
-                        minutes, hours or days at which the alert should run.
+                      description: The interval format specifies the interval in seconds, minutes, hours or days at which the alert should run.
                       example: 10s
                       type: string
                 tags:
@@ -5274,13 +4728,8 @@ paths:
                     type: string
                   type: array
                 throttle:
-                  description: >
-                    How often this alert should fire the same actions. This will
-                    prevent the alert from sending out the same notification
-                    over and over. For example, if an alert with a schedule of 1
-                    minute stays in a triggered state for 90 minutes, setting a
-                    throttle of `10m` or `1h` will prevent it from sending 90
-                    notifications during this period.
+                  description: |
+                    How often this alert should fire the same actions. This will prevent the alert from sending out the same notification over and over. For example, if an alert with a schedule of 1 minute stays in a triggered state for 90 minutes, setting a throttle of `10m` or `1h` will prevent it from sending 90 notifications during this period.
                   type: string
               required:
                 - alertTypeId
@@ -5334,19 +4783,15 @@ paths:
                         description: The identifier for the action type.
                         type: string
                       group:
-                        description: >
-                          Grouping actions is recommended for escalations for
-                          different types of alert instances. If you don't need
-                          this functionality, set it to `default`.
+                        description: |
+                          Grouping actions is recommended for escalations for different types of alert instances. If you don't need this functionality, set it to `default`.
                         type: string
                       id:
                         description: The ID of the action saved object.
                         type: string
                       params:
-                        description: >
-                          The map to the `params` that the action type will
-                          receive. `params` are handled as Mustache templates
-                          and passed a default set of context.
+                        description: |
+                          The map to the `params` that the action type will receive. `params` are handled as Mustache templates and passed a default set of context.
                         type: object
                     required:
                       - actionTypeId
@@ -5365,22 +4810,15 @@ paths:
                     - onThrottleInterval
                   type: string
                 params:
-                  description: >-
-                    The parameters to pass to the alert type executor `params`
-                    value. This will also validate against the alert type params
-                    validator, if defined.
+                  description: The parameters to pass to the alert type executor `params` value. This will also validate against the alert type params validator, if defined.
                   type: object
                 schedule:
-                  description: >
-                    The schedule specifying when this alert should be run. A
-                    schedule is structured such that the key specifies the
-                    format you wish to use and its value specifies the schedule.
+                  description: |
+                    The schedule specifying when this alert should be run. A schedule is structured such that the key specifies the format you wish to use and its value specifies the schedule.
                   type: object
                   properties:
                     interval:
-                      description: >-
-                        The interval format specifies the interval in seconds,
-                        minutes, hours or days at which the alert should run.
+                      description: The interval format specifies the interval in seconds, minutes, hours or days at which the alert should run.
                       example: 1d
                       type: string
                 tags:
@@ -5389,13 +4827,8 @@ paths:
                     type: string
                   type: array
                 throttle:
-                  description: >
-                    How often this alert should fire the same actions. This will
-                    prevent the alert from sending out the same notification
-                    over and over. For example, if an alert with a schedule of 1
-                    minute stays in a triggered state for 90 minutes, setting a
-                    throttle of `10m` or `1h` will prevent it from sending 90
-                    notifications during this period.
+                  description: |
+                    How often this alert should fire the same actions. This will prevent the alert from sending out the same notification over and over. For example, if an alert with a schedule of 1 minute stays in a triggered state for 90 minutes, setting a throttle of `10m` or `1h` will prevent it from sending 90 notifications during this period.
                   type: string
               required:
                 - name
@@ -5592,12 +5025,8 @@ paths:
   /api/alerts/alerts/_find:
     get:
       deprecated: true
-      description: >
-        Deprecated in 7.13.0. Use the find rules API instead. NOTE: Alert
-        `params` are stored as a flattened field type and analyzed as keywords.
-        As alerts change in Kibana, the results on each page of the response
-        also change. Use the find API for traditional paginated results, but
-        avoid using it to export large amounts of data.
+      description: |
+        Deprecated in 7.13.0. Use the find rules API instead. NOTE: Alert `params` are stored as a flattened field type and analyzed as keywords. As alerts change in Kibana, the results on each page of the response also change. Use the find API for traditional paginated results, but avoid using it to export large amounts of data.
       operationId: legacyFindAlerts
       parameters:
         - description: The default operator to use for the `simple_query_string`.
@@ -5614,19 +5043,13 @@ paths:
             items:
               type: string
             type: array
-        - description: >
-            A KQL string that you filter with an attribute from your saved
-            object. It should look like `savedObjectType.attributes.title:
-            "myTitle"`. However, if you used a direct attribute of a saved
-            object, such as `updatedAt`, you must define your filter, for
-            example, `savedObjectType.updatedAt > 2018-12-22`.
+        - description: |
+            A KQL string that you filter with an attribute from your saved object. It should look like `savedObjectType.attributes.title: "myTitle"`. However, if you used a direct attribute of a saved object, such as `updatedAt`, you must define your filter, for example, `savedObjectType.updatedAt > 2018-12-22`.
           in: query
           name: filter
           schema:
             type: string
-        - description: >-
-            Filters the rules that have a relation with the reference objects
-            with a specific type and identifier.
+        - description: Filters the rules that have a relation with the reference objects with a specific type and identifier.
           in: query
           name: has_reference
           schema:
@@ -5650,16 +5073,12 @@ paths:
           schema:
             default: 20
             type: integer
-        - description: >-
-            An Elasticsearch `simple_query_string` query that filters the alerts
-            in the response.
+        - description: An Elasticsearch `simple_query_string` query that filters the alerts in the response.
           in: query
           name: search
           schema:
             type: string
-        - description: >-
-            The fields to perform the `simple_query_string` parsed query
-            against.
+        - description: The fields to perform the `simple_query_string` parsed query against.
           in: query
           name: search_fields
           schema:
@@ -5668,9 +5087,8 @@ paths:
               - items:
                   type: string
                 type: array
-        - description: >
-            Determines which field is used to sort the results. The field must
-            exist in the `attributes` key of the response.
+        - description: |
+            Determines which field is used to sort the results. The field must exist in the `attributes` key of the response.
           in: query
           name: sort_field
           schema:
@@ -5725,10 +5143,8 @@ paths:
                 type: object
                 properties:
                   alertingFrameworkHealth:
-                    description: >
-                      Three substates identify the health of the alerting
-                      framework: `decryptionHealth`, `executionHealth`, and
-                      `readHealth`.
+                    description: |
+                      Three substates identify the health of the alerting framework: `decryptionHealth`, `executionHealth`, and `readHealth`.
                     type: object
                     properties:
                       decryptionHealth:
@@ -5777,9 +5193,7 @@ paths:
                             format: date-time
                             type: string
                   hasPermanentEncryptionKey:
-                    description: >-
-                      If `false`, the encrypted saved object plugin does not
-                      have a permanent encryption key.
+                    description: If `false`, the encrypted saved object plugin does not have a permanent encryption key.
                     example: true
                     type: boolean
                   isSufficientlySecure:
@@ -5810,11 +5224,8 @@ paths:
                   type: object
                   properties:
                     actionGroups:
-                      description: >
-                        An explicit list of groups for which the alert type can
-                        schedule actions, each with the action group's unique ID
-                        and human readable name. Alert actions validation uses
-                        this configuration to ensure that groups are valid.
+                      description: |
+                        An explicit list of groups for which the alert type can schedule actions, each with the action group's unique ID and human readable name. Alert actions validation uses this configuration to ensure that groups are valid.
                       items:
                         type: object
                         properties:
@@ -5824,12 +5235,8 @@ paths:
                             type: string
                       type: array
                     actionVariables:
-                      description: >
-                        A list of action variables that the alert type makes
-                        available via context and state in action parameter
-                        templates, and a short human readable description. The
-                        Alert UI will use this information to prompt users for
-                        these variables in action parameter editors.
+                      description: |
+                        A list of action variables that the alert type makes available via context and state in action parameter templates, and a short human readable description. The Alert UI will use this information to prompt users for these variables in action parameter editors.
                       type: object
                       properties:
                         context:
@@ -5860,25 +5267,19 @@ paths:
                                 type: string
                           type: array
                     authorizedConsumers:
-                      description: >-
-                        The list of the plugins IDs that have access to the
-                        alert type.
+                      description: The list of the plugins IDs that have access to the alert type.
                       type: object
                     defaultActionGroupId:
                       description: The default identifier for the alert type group.
                       type: string
                     enabledInLicense:
-                      description: >-
-                        Indicates whether the rule type is enabled based on the
-                        subscription.
+                      description: Indicates whether the rule type is enabled based on the subscription.
                       type: boolean
                     id:
                       description: The unique identifier for the alert type.
                       type: string
                     isExportable:
-                      description: >-
-                        Indicates whether the alert type is exportable in Saved
-                        Objects Management UI.
+                      description: Indicates whether the alert type is exportable in Saved Objects Management UI.
                       type: boolean
                     minimumLicenseRequired:
                       description: The subscriptions required to use the alert type.
@@ -5887,15 +5288,11 @@ paths:
                       description: The descriptive name of the alert type.
                       type: string
                     producer:
-                      description: >-
-                        An identifier for the application that produces this
-                        alert type.
+                      description: An identifier for the application that produces this alert type.
                       type: string
                     recoveryActionGroup:
-                      description: >
-                        An action group to use when an alert instance goes from
-                        an active state to an inactive one. If it is not
-                        specified, the default recovered action group is used.
+                      description: |
+                        An action group to use when an alert instance goes from an active state to an inactive one. If it is not specified, the default recovered action group is used.
                       type: object
                       properties:
                         id:
@@ -6142,8 +5539,7 @@ paths:
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/APM_UI_delete_agent_configurations_response
+                $ref: '#/components/schemas/APM_UI_delete_agent_configurations_response'
           description: Successful response
         '400':
           content:
@@ -6336,9 +5732,8 @@ paths:
         - APM agent configuration
   /api/apm/settings/agent-configuration/search:
     post:
-      description: >
-        This endpoint allows to search for single agent configuration and update
-        'applied_by_agent' field.
+      description: |
+        This endpoint allows to search for single agent configuration and update 'applied_by_agent' field.
       operationId: searchSingleConfiguration
       parameters:
         - $ref: '#/components/parameters/APM_UI_elastic_api_version'
@@ -6354,8 +5749,7 @@ paths:
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/APM_UI_search_agent_configuration_response
+                $ref: '#/components/schemas/APM_UI_search_agent_configuration_response'
           description: Successful response
         '400':
           content:
@@ -6400,8 +5794,7 @@ paths:
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/APM_UI_single_agent_configuration_response
+                $ref: '#/components/schemas/APM_UI_single_agent_configuration_response'
           description: Successful response
         '400':
           content:
@@ -6614,13 +6007,10 @@ paths:
                 type: object
                 properties:
                   deleted:
-                    description: >-
-                      True if the record was deleted or false if the record did
-                      not exist.
+                    description: True if the record was deleted or false if the record did not exist.
                     type: boolean
                   record:
-                    $ref: >-
-                      #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord
+                    $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord'
                     description: The deleted record if it existed.
                 required:
                   - deleted
@@ -6652,8 +6042,7 @@ paths:
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord
+                $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord'
           description: Successful response
         '400':
           description: Invalid request
@@ -6663,27 +6052,21 @@ paths:
       tags:
         - Security Entity Analytics API
     post:
-      description: >
+      description: |
         Create or update an asset criticality record for a specific entity.
 
-
-        If a record already exists for the specified entity, that record is
-        overwritten with the specified value. If a record doesn't exist for the
-        specified entity, a new record is created.
+        If a record already exists for the specified entity, that record is overwritten with the specified value. If a record doesn't exist for the specified entity, a new record is created.
       operationId: CreateAssetCriticalityRecord
       requestBody:
         content:
           application/json; Elastic-Api-Version=2023-10-31:
             schema:
               allOf:
-                - $ref: >-
-                    #/components/schemas/Security_Entity_Analytics_API_CreateAssetCriticalityRecord
+                - $ref: '#/components/schemas/Security_Entity_Analytics_API_CreateAssetCriticalityRecord'
                 - type: object
                   properties:
                     refresh:
-                      description: >-
-                        If 'wait_for' the request will wait for the index
-                        refresh.
+                      description: If 'wait_for' the request will wait for the index refresh.
                       enum:
                         - wait_for
                       type: string
@@ -6693,8 +6076,7 @@ paths:
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord
+                $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord'
           description: Successful response
         '400':
           description: Invalid request
@@ -6703,14 +6085,10 @@ paths:
         - Security Entity Analytics API
   /api/asset_criticality/bulk:
     post:
-      description: >
+      description: |
         Bulk upsert up to 1000 asset criticality records.
 
-
-        If asset criticality records already exist for the specified entities,
-        those records are overwritten with the specified values. If asset
-        criticality records don't exist for the specified entities, new records
-        are created.
+        If asset criticality records already exist for the specified entities, those records are overwritten with the specified values. If asset criticality records don't exist for the specified entities, new records are created.
       operationId: BulkUpsertAssetCriticalityRecords
       requestBody:
         content:
@@ -6728,8 +6106,7 @@ paths:
               properties:
                 records:
                   items:
-                    $ref: >-
-                      #/components/schemas/Security_Entity_Analytics_API_CreateAssetCriticalityRecord
+                    $ref: '#/components/schemas/Security_Entity_Analytics_API_CreateAssetCriticalityRecord'
                   maxItems: 1000
                   minItems: 1
                   type: array
@@ -6752,12 +6129,10 @@ paths:
                 properties:
                   errors:
                     items:
-                      $ref: >-
-                        #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityBulkUploadErrorItem
+                      $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityBulkUploadErrorItem'
                     type: array
                   stats:
-                    $ref: >-
-                      #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityBulkUploadStats
+                    $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityBulkUploadStats'
                 required:
                   - errors
                   - stats
@@ -6829,8 +6204,7 @@ paths:
                     type: integer
                   records:
                     items:
-                      $ref: >-
-                        #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord
+                      $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord'
                     type: array
                   total:
                     minimum: 0
@@ -6846,11 +6220,8 @@ paths:
         - Security Entity Analytics API
   /api/cases:
     delete:
-      description: >
-        You must have `read` or `all` privileges and the `delete` sub-feature
-        privilege for the **Cases** feature in the **Management**,
-        **Observability**, or **Security** section of the Kibana feature
-        privileges, depending on the owner of the cases you're deleting.
+      description: |
+        You must have `read` or `all` privileges and the `delete` sub-feature privilege for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're deleting.
       operationId: deleteCaseDefaultSpace
       parameters:
         - $ref: '#/components/parameters/Cases_kbn_xsrf'
@@ -6868,11 +6239,8 @@ paths:
       tags:
         - cases
     patch:
-      description: >
-        You must have `all` privileges for the **Cases** feature in the 
-        **Management**, **Observability**, or **Security** section of the
-        Kibana  feature privileges, depending on the owner of the case you're
-        updating.
+      description: |
+        You must have `all` privileges for the **Cases** feature in the  **Management**, **Observability**, or **Security** section of the Kibana  feature privileges, depending on the owner of the case you're updating.
       operationId: updateCaseDefaultSpace
       parameters:
         - $ref: '#/components/parameters/Cases_kbn_xsrf'
@@ -6906,11 +6274,8 @@ paths:
       tags:
         - cases
     post:
-      description: >
-        You must have `all` privileges for the **Cases** feature in the
-        **Management**, **Observability**, or **Security** section of the
-        Kibana  feature privileges, depending on the owner of the case you're
-        creating.
+      description: |
+        You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana  feature privileges, depending on the owner of the case you're creating.
       operationId: createCaseDefaultSpace
       parameters:
         - $ref: '#/components/parameters/Cases_kbn_xsrf'
@@ -6944,10 +6309,8 @@ paths:
         - cases
   /api/cases/_find:
     get:
-      description: >
-        You must have `read` privileges for the **Cases** feature in the
-        **Management**, **Observability**, or **Security** section of the Kibana
-        feature privileges, depending on the owner of the cases you're seeking.
+      description: |
+        You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking.
       operationId: findCasesDefaultSpace
       parameters:
         - $ref: '#/components/parameters/Cases_assignees_filter'
@@ -7005,10 +6368,8 @@ paths:
         - cases
   /api/cases/{caseId}:
     get:
-      description: >
-        You must have `read` privileges for the **Cases** feature in the
-        **Management**, **Observability**, or **Security** section of the Kibana
-        feature privileges, depending on the owner of the case you're seeking.
+      description: |
+        You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're seeking.
       operationId: getCaseDefaultSpace
       parameters:
         - $ref: '#/components/parameters/Cases_case_id'
@@ -7036,10 +6397,8 @@ paths:
         - cases
   /api/cases/{caseId}/alerts:
     get:
-      description: >
-        You must have `read` privileges for the **Cases** feature in the
-        **Management**, **Observability**, or **Security** section of the Kibana
-        feature privileges, depending on the owner of the cases you're seeking.
+      description: |
+        You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking.
       operationId: getCaseAlertsDefaultSpace
       parameters:
         - $ref: '#/components/parameters/Cases_case_id'
@@ -7067,11 +6426,8 @@ paths:
       x-state: Technical preview
   /api/cases/{caseId}/comments:
     delete:
-      description: >
-        Deletes all comments and alerts from a case. You must have `all`
-        privileges for the **Cases** feature in the **Management**,
-        **Observability**, or **Security** section of the Kibana feature
-        privileges, depending on the owner of the cases you're deleting.
+      description: |
+        Deletes all comments and alerts from a case. You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're deleting.
       operationId: deleteCaseCommentsDefaultSpace
       parameters:
         - $ref: '#/components/parameters/Cases_kbn_xsrf'
@@ -7090,13 +6446,8 @@ paths:
         - cases
     get:
       deprecated: true
-      description: >
-        Deprecated in 8.1.0. This API is deprecated and will be removed in a
-        future release; instead, use the get case comment API, which requires a
-        comment identifier in the path. You must have `read` privileges for the
-        **Cases** feature in the **Management**, **Observability**, or
-        **Security** section of the Kibana feature privileges, depending on the
-        owner of the cases with the comments you're seeking.
+      description: |
+        Deprecated in 8.1.0. This API is deprecated and will be removed in a future release; instead, use the get case comment API, which requires a comment identifier in the path. You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases with the comments you're seeking.
       operationId: getAllCaseCommentsDefaultSpace
       parameters:
         - $ref: '#/components/parameters/Cases_case_id'
@@ -7117,11 +6468,8 @@ paths:
       tags:
         - cases
     patch:
-      description: >
-        You must have `all` privileges for the **Cases** feature in the
-        **Management**, **Observability**, or **Security** section of the Kibana
-        feature privileges, depending on the owner of the case you're updating.
-        NOTE: You cannot change the comment type or the owner of a comment.
+      description: |
+        You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're updating. NOTE: You cannot change the comment type or the owner of a comment.
       operationId: updateCaseCommentDefaultSpace
       parameters:
         - $ref: '#/components/parameters/Cases_kbn_xsrf'
@@ -7155,11 +6503,8 @@ paths:
       tags:
         - cases
     post:
-      description: >
-        You must have `all` privileges for the **Cases** feature in the
-        **Management**, **Observability**, or **Security** section of the Kibana
-        feature privileges, depending on the owner of the case you're creating.
-        NOTE: Each case can have a maximum of 1,000 alerts.
+      description: |
+        You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're creating. NOTE: Each case can have a maximum of 1,000 alerts.
       operationId: addCaseCommentDefaultSpace
       parameters:
         - $ref: '#/components/parameters/Cases_kbn_xsrf'
@@ -7194,12 +6539,8 @@ paths:
         - cases
   /api/cases/{caseId}/comments/_find:
     get:
-      description: >
-        Retrieves a paginated list of comments for a case. You must have `read`
-        privileges for the **Cases** feature in the **Management**,
-        **Observability**, or **Security** section of the Kibana feature
-        privileges, depending on the owner of the cases with the comments you're
-        seeking.
+      description: |
+        Retrieves a paginated list of comments for a case. You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases with the comments you're seeking.
       operationId: findCaseCommentsDefaultSpace
       parameters:
         - $ref: '#/components/parameters/Cases_case_id'
@@ -7224,10 +6565,8 @@ paths:
         - cases
   /api/cases/{caseId}/comments/{commentId}:
     delete:
-      description: >
-        You must have `all` privileges for the **Cases** feature in the
-        **Management**, **Observability**, or **Security** section of the Kibana
-        feature privileges, depending on the owner of the cases you're deleting.
+      description: |
+        You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're deleting.
       operationId: deleteCaseCommentDefaultSpace
       parameters:
         - $ref: '#/components/parameters/Cases_kbn_xsrf'
@@ -7246,11 +6585,8 @@ paths:
       tags:
         - cases
     get:
-      description: >
-        You must have `read` privileges for the **Cases** feature in the
-        **Management**, **Observability**, or **Security** section of the Kibana
-        feature privileges, depending on the owner of the cases with the
-        comments you're seeking.
+      description: |
+        You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases with the comments you're seeking.
       operationId: getCaseCommentDefaultSpace
       parameters:
         - $ref: '#/components/parameters/Cases_case_id'
@@ -7264,10 +6600,8 @@ paths:
                   $ref: '#/components/examples/Cases_get_comment_response'
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Cases_alert_comment_response_properties
-                  - $ref: >-
-                      #/components/schemas/Cases_user_comment_response_properties
+                  - $ref: '#/components/schemas/Cases_alert_comment_response_properties'
+                  - $ref: '#/components/schemas/Cases_user_comment_response_properties'
           description: Indicates a successful call.
         '401':
           content:
@@ -7280,12 +6614,8 @@ paths:
         - cases
   /api/cases/{caseId}/connector/{connectorId}/_push:
     post:
-      description: >
-        You must have `all` privileges for the **Actions and Connectors**
-        feature in the **Management** section of the Kibana feature privileges.
-        You must also have `all` privileges for the **Cases** feature in the
-        **Management**, **Observability**, or **Security** section of the Kibana
-        feature privileges, depending on the owner of the case you're pushing.
+      description: |
+        You must have `all` privileges for the **Actions and Connectors** feature in the **Management** section of the Kibana feature privileges. You must also have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're pushing.
       operationId: pushCaseDefaultSpace
       parameters:
         - $ref: '#/components/parameters/Cases_case_id'
@@ -7319,13 +6649,8 @@ paths:
   /api/cases/{caseId}/user_actions:
     get:
       deprecated: true
-      description: >
-        Returns all user activity for a case. Deprecated in 8.1.0. This API is
-        deprecated and will be removed in a future release; use the find user
-        actions API instead. You must have `read` privileges for the **Cases**
-        feature in the **Management**, **Observability**, or **Security**
-        section of the Kibana feature privileges, depending on the owner of the
-        case you're seeking.
+      description: |
+        Returns all user activity for a case. Deprecated in 8.1.0. This API is deprecated and will be removed in a future release; use the find user actions API instead. You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're seeking.
       operationId: getCaseActivityDefaultSpace
       parameters:
         - $ref: '#/components/parameters/Cases_case_id'
@@ -7349,11 +6674,8 @@ paths:
         - cases
   /api/cases/{caseId}/user_actions/_find:
     get:
-      description: >
-        Retrives a paginated list of user activity for a case. You must have
-        `read` privileges for the **Cases** feature in the **Management**,
-        **Observability**, or **Security** section of the Kibana feature
-        privileges, depending on the owner of the case you're seeking.
+      description: |
+        Retrives a paginated list of user activity for a case. You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're seeking.
       operationId: findCaseActivityDefaultSpace
       parameters:
         - $ref: '#/components/parameters/Cases_case_id'
@@ -7379,8 +6701,7 @@ paths:
                     type: integer
                   userActions:
                     items:
-                      $ref: >-
-                        #/components/schemas/Cases_user_actions_find_response_properties
+                      $ref: '#/components/schemas/Cases_user_actions_find_response_properties'
                     maxItems: 10000
                     type: array
           description: Indicates a successful call.
@@ -7395,10 +6716,8 @@ paths:
         - cases
   /api/cases/alerts/{alertId}:
     get:
-      description: >
-        You must have `read` privileges for the **Cases** feature in the
-        **Management**, **Observability**, or **Security** section of the Kibana
-        feature privileges, depending on the owner of the cases you're seeking.
+      description: |
+        You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking.
       operationId: getCasesByAlertDefaultSpace
       parameters:
         - $ref: '#/components/parameters/Cases_alert_id'
@@ -7435,12 +6754,8 @@ paths:
       x-state: Technical preview
   /api/cases/configure:
     get:
-      description: >
-        Get setting details such as the closure type, custom fields, templatse,
-        and the default connector for cases. You must have `read` privileges for
-        the **Cases** feature in the **Management**, **Observability**, or
-        **Security** section of the Kibana feature privileges, depending on
-        where the cases were created.
+      description: |
+        Get setting details such as the closure type, custom fields, templatse, and the default connector for cases. You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on where the cases were created.
       operationId: getCaseConfigurationDefaultSpace
       parameters:
         - $ref: '#/components/parameters/Cases_owner_filter'
@@ -7461,24 +6776,15 @@ paths:
                       type: object
                       properties:
                         fields:
-                          description: >-
-                            The fields specified in the case configuration are
-                            not used and are not propagated to individual cases,
-                            therefore it is recommended to set it to `null`.
+                          description: The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`.
                           nullable: true
                           type: object
                         id:
-                          description: >-
-                            The identifier for the connector. If you do not want
-                            a default connector, use `none`. To retrieve
-                            connector IDs, use the find connectors API.
+                          description: The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API.
                           example: none
                           type: string
                         name:
-                          description: >-
-                            The name of the connector. If you do not want a
-                            default connector, use `none`. To retrieve connector
-                            names, use the find connectors API.
+                          description: The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API.
                           example: none
                           type: string
                         type:
@@ -7515,27 +6821,19 @@ paths:
                         type: object
                         properties:
                           defaultValue:
-                            description: >
-                              A default value for the custom field. If the
-                              `type` is `text`, the default value must be a
-                              string. If the `type` is `toggle`, the default
-                              value must be boolean.
+                            description: |
+                              A default value for the custom field. If the `type` is `text`, the default value must be a string. If the `type` is `toggle`, the default value must be boolean.
                             oneOf:
                               - type: string
                               - type: boolean
                           key:
-                            description: >
-                              A unique key for the custom field. Must be lower
-                              case and composed only of a-z, 0-9, '_', and '-'
-                              characters. It is used in API calls to refer to a
-                              specific custom field.
+                            description: |
+                              A unique key for the custom field. Must be lower case and composed only of a-z, 0-9, '_', and '-' characters. It is used in API calls to refer to a specific custom field.
                             maxLength: 36
                             minLength: 1
                             type: string
                           label:
-                            description: >-
-                              The custom field label that is displayed in the
-                              case.
+                            description: The custom field label that is displayed in the case.
                             maxLength: 50
                             minLength: 1
                             type: string
@@ -7546,10 +6844,8 @@ paths:
                               - toggle
                             type: string
                           required:
-                            description: >
-                              Indicates whether the field is required. If
-                              `false`, the custom field can be set to null or
-                              omitted when a case is created or updated.
+                            description: |
+                              Indicates whether the field is required. If `false`, the custom field can be set to null or omitted when a case is created or updated.
                             type: boolean
                       type: array
                     error:
@@ -7620,16 +6916,8 @@ paths:
       tags:
         - cases
     post:
-      description: >
-        Case settings include external connection details, custom fields, and
-        templates. Connectors are used to interface with external systems. You
-        must create a connector before you can use it in your cases. If you set
-        a default connector, it is automatically selected when you create cases
-        in Kibana. If you use the create case API, however, you must still
-        specify all of the connector details. You must have `all` privileges for
-        the **Cases** feature in the **Management**, **Observability**, or
-        **Security** section of the Kibana feature privileges, depending on
-        where you are creating cases.
+      description: |
+        Case settings include external connection details, custom fields, and templates. Connectors are used to interface with external systems. You must create a connector before you can use it in your cases. If you set a default connector, it is automatically selected when you create cases in Kibana. If you use the create case API, however, you must still specify all of the connector details. You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on where you are creating cases.
       operationId: setCaseConfigurationDefaultSpace
       parameters:
         - $ref: '#/components/parameters/Cases_kbn_xsrf'
@@ -7657,24 +6945,15 @@ paths:
                     type: object
                     properties:
                       fields:
-                        description: >-
-                          The fields specified in the case configuration are not
-                          used and are not propagated to individual cases,
-                          therefore it is recommended to set it to `null`.
+                        description: The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`.
                         nullable: true
                         type: object
                       id:
-                        description: >-
-                          The identifier for the connector. If you do not want a
-                          default connector, use `none`. To retrieve connector
-                          IDs, use the find connectors API.
+                        description: The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API.
                         example: none
                         type: string
                       name:
-                        description: >-
-                          The name of the connector. If you do not want a
-                          default connector, use `none`. To retrieve connector
-                          names, use the find connectors API.
+                        description: The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API.
                         example: none
                         type: string
                       type:
@@ -7711,27 +6990,19 @@ paths:
                       type: object
                       properties:
                         defaultValue:
-                          description: >
-                            A default value for the custom field. If the `type`
-                            is `text`, the default value must be a string. If
-                            the `type` is `toggle`, the default value must be
-                            boolean.
+                          description: |
+                            A default value for the custom field. If the `type` is `text`, the default value must be a string. If the `type` is `toggle`, the default value must be boolean.
                           oneOf:
                             - type: string
                             - type: boolean
                         key:
-                          description: >
-                            A unique key for the custom field. Must be lower
-                            case and composed only of a-z, 0-9, '_', and '-'
-                            characters. It is used in API calls to refer to a
-                            specific custom field.
+                          description: |
+                            A unique key for the custom field. Must be lower case and composed only of a-z, 0-9, '_', and '-' characters. It is used in API calls to refer to a specific custom field.
                           maxLength: 36
                           minLength: 1
                           type: string
                         label:
-                          description: >-
-                            The custom field label that is displayed in the
-                            case.
+                          description: The custom field label that is displayed in the case.
                           maxLength: 50
                           minLength: 1
                           type: string
@@ -7742,10 +7013,8 @@ paths:
                             - toggle
                           type: string
                         required:
-                          description: >
-                            Indicates whether the field is required. If `false`,
-                            the custom field can be set to null or omitted when
-                            a case is created or updated.
+                          description: |
+                            Indicates whether the field is required. If `false`, the custom field can be set to null or omitted when a case is created or updated.
                           type: boolean
                     type: array
                   error:
@@ -7816,14 +7085,8 @@ paths:
         - cases
   /api/cases/configure/{configurationId}:
     patch:
-      description: >
-        Updates setting details such as the closure type, custom fields,
-        templates, and the default connector for cases. Connectors are used to
-        interface with external systems. You must create a connector before you
-        can use it in your cases. You must have `all` privileges for the
-        **Cases** feature in the **Management**, **Observability**, or
-        **Security** section of the Kibana feature privileges, depending on
-        where the case was created.
+      description: |
+        Updates setting details such as the closure type, custom fields, templates, and the default connector for cases. Connectors are used to interface with external systems. You must create a connector before you can use it in your cases. You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on where the case was created.
       operationId: updateCaseConfigurationDefaultSpace
       parameters:
         - $ref: '#/components/parameters/Cases_kbn_xsrf'
@@ -7842,8 +7105,7 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               examples:
                 updateCaseConfigurationResponse:
-                  $ref: >-
-                    #/components/examples/Cases_update_case_configuration_response
+                  $ref: '#/components/examples/Cases_update_case_configuration_response'
               schema:
                 type: object
                 properties:
@@ -7853,24 +7115,15 @@ paths:
                     type: object
                     properties:
                       fields:
-                        description: >-
-                          The fields specified in the case configuration are not
-                          used and are not propagated to individual cases,
-                          therefore it is recommended to set it to `null`.
+                        description: The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`.
                         nullable: true
                         type: object
                       id:
-                        description: >-
-                          The identifier for the connector. If you do not want a
-                          default connector, use `none`. To retrieve connector
-                          IDs, use the find connectors API.
+                        description: The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API.
                         example: none
                         type: string
                       name:
-                        description: >-
-                          The name of the connector. If you do not want a
-                          default connector, use `none`. To retrieve connector
-                          names, use the find connectors API.
+                        description: The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API.
                         example: none
                         type: string
                       type:
@@ -7907,27 +7160,19 @@ paths:
                       type: object
                       properties:
                         defaultValue:
-                          description: >
-                            A default value for the custom field. If the `type`
-                            is `text`, the default value must be a string. If
-                            the `type` is `toggle`, the default value must be
-                            boolean.
+                          description: |
+                            A default value for the custom field. If the `type` is `text`, the default value must be a string. If the `type` is `toggle`, the default value must be boolean.
                           oneOf:
                             - type: string
                             - type: boolean
                         key:
-                          description: >
-                            A unique key for the custom field. Must be lower
-                            case and composed only of a-z, 0-9, '_', and '-'
-                            characters. It is used in API calls to refer to a
-                            specific custom field.
+                          description: |
+                            A unique key for the custom field. Must be lower case and composed only of a-z, 0-9, '_', and '-' characters. It is used in API calls to refer to a specific custom field.
                           maxLength: 36
                           minLength: 1
                           type: string
                         label:
-                          description: >-
-                            The custom field label that is displayed in the
-                            case.
+                          description: The custom field label that is displayed in the case.
                           maxLength: 50
                           minLength: 1
                           type: string
@@ -7938,10 +7183,8 @@ paths:
                             - toggle
                           type: string
                         required:
-                          description: >
-                            Indicates whether the field is required. If `false`,
-                            the custom field can be set to null or omitted when
-                            a case is created or updated.
+                          description: |
+                            Indicates whether the field is required. If `false`, the custom field can be set to null or omitted when a case is created or updated.
                           type: boolean
                     type: array
                   error:
@@ -8012,10 +7255,8 @@ paths:
         - cases
   /api/cases/configure/connectors/_find:
     get:
-      description: >
-        Get information about connectors that are supported for use in cases.
-        You must have `read` privileges for the **Actions and Connectors**
-        feature in the **Management** section of the Kibana feature privileges.
+      description: |
+        Get information about connectors that are supported for use in cases. You must have `read` privileges for the **Actions and Connectors** feature in the **Management** section of the Kibana feature privileges.
       operationId: findCaseConnectorsDefaultSpace
       responses:
         '200':
@@ -8064,15 +7305,8 @@ paths:
         - cases
   /api/cases/reporters:
     get:
-      description: >
-        Returns information about the users who opened cases. You must have read
-        privileges for the **Cases** feature in the **Management**,
-        **Observability**, or **Security** section of the Kibana feature
-        privileges, depending on the owner of the cases. The API returns
-        information about the users as they existed at the time of the case
-        creation, including their name, full name, and email address. If any of
-        those details change thereafter or if a user is deleted, the information
-        returned by this API is unchanged.
+      description: |
+        Returns information about the users who opened cases. You must have read privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases. The API returns information about the users as they existed at the time of the case creation, including their name, full name, and email address. If any of those details change thereafter or if a user is deleted, the information returned by this API is unchanged.
       operationId: getCaseReportersDefaultSpace
       parameters:
         - $ref: '#/components/parameters/Cases_owner_filter'
@@ -8121,13 +7355,8 @@ paths:
   /api/cases/status:
     get:
       deprecated: true
-      description: >
-        Returns the number of cases that are open, closed, and in progress.
-        Deprecated in 8.1.0. This API is deprecated and will be removed in a
-        future release; use the find cases API instead. You must have `read`
-        privileges for the **Cases** feature in the **Management**,
-        **Observability**, or **Security** section of the Kibana feature
-        privileges, depending on the owner of the cases you're seeking.
+      description: |
+        Returns the number of cases that are open, closed, and in progress. Deprecated in 8.1.0. This API is deprecated and will be removed in a future release; use the find cases API instead. You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking.
       operationId: getCaseStatusDefaultSpace
       parameters:
         - $ref: '#/components/parameters/Cases_owner_filter'
@@ -8156,11 +7385,8 @@ paths:
         - cases
   /api/cases/tags:
     get:
-      description: >
-        Aggregates and returns a list of case tags. You must have read
-        privileges for the **Cases** feature in the **Management**,
-        **Observability**, or **Security** section of the Kibana feature
-        privileges, depending on the owner of the cases you're seeking.
+      description: |
+        Aggregates and returns a list of case tags. You must have read privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking.
       operationId: getCaseTagsDefaultSpace
       parameters:
         - $ref: '#/components/parameters/Cases_owner_filter'
@@ -8331,9 +7557,8 @@ paths:
         - data views
   /api/data_views/data_view/{viewId}/fields:
     post:
-      description: >
-        Update fields presentation metadata such as count, customLabel,
-        customDescription, and format.
+      description: |
+        Update fields presentation metadata such as count, customLabel, customDescription, and format.
       operationId: updateFieldsMetadataDefault
       parameters:
         - $ref: '#/components/parameters/Data_views_kbn_xsrf'
@@ -8560,8 +7785,7 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               examples:
                 getDefaultDataViewResponse:
-                  $ref: >-
-                    #/components/examples/Data_views_get_default_data_view_response
+                  $ref: '#/components/examples/Data_views_get_default_data_view_response'
               schema:
                 type: object
                 properties:
@@ -8591,10 +7815,8 @@ paths:
               type: object
               properties:
                 data_view_id:
-                  description: >
-                    The data view identifier. NOTE: The API does not validate
-                    whether it is a valid identifier. Use `null` to unset the
-                    default data view.
+                  description: |
+                    The data view identifier. NOTE: The API does not validate whether it is a valid identifier. Use `null` to unset the default data view.
                   nullable: true
                   type: string
                 force:
@@ -8625,10 +7847,8 @@ paths:
         - data views
   /api/data_views/swap_references:
     post:
-      description: >
-        Changes saved object references from one data view identifier to
-        another. WARNING: Misuse can break large numbers of saved objects!
-        Practicing with a backup is recommended.
+      description: |
+        Changes saved object references from one data view identifier to another. WARNING: Misuse can break large numbers of saved objects! Practicing with a backup is recommended.
       operationId: swapDataViewsDefault
       parameters:
         - $ref: '#/components/parameters/Data_views_kbn_xsrf'
@@ -8672,9 +7892,8 @@ paths:
         - data views
   /api/data_views/swap_references/_preview:
     post:
-      description: >
-        Preview the impact of swapping saved object references from one data
-        view identifier to another.
+      description: |
+        Preview the impact of swapping saved object references from one data view identifier to another.
       operationId: previewSwapDataViewsDefault
       parameters:
         - $ref: '#/components/parameters/Data_views_kbn_xsrf'
@@ -8683,8 +7902,7 @@ paths:
           application/json; Elastic-Api-Version=2023-10-31:
             examples:
               previewSwapDataViewRequest:
-                $ref: >-
-                  #/components/examples/Data_views_preview_swap_data_view_request
+                $ref: '#/components/examples/Data_views_preview_swap_data_view_request'
             schema:
               $ref: '#/components/schemas/Data_views_swap_data_view_request_object'
         required: true
@@ -8729,8 +7947,7 @@ paths:
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse'
           description: Unsuccessful authentication response
         '403':
           content:
@@ -8753,7 +7970,6 @@ paths:
       summary: Delete an alerts index
       tags:
         - Security Detections API
-        - Alert index API
     get:
       operationId: ReadAlertsIndex
       responses:
@@ -8776,8 +7992,7 @@ paths:
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse'
           description: Unsuccessful authentication response
         '403':
           content:
@@ -8800,7 +8015,6 @@ paths:
       summary: Reads the alert index name if it exists
       tags:
         - Security Detections API
-        - Alert index API
     post:
       operationId: CreateAlertsIndex
       responses:
@@ -8819,8 +8033,7 @@ paths:
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse'
           description: Unsuccessful authentication response
         '403':
           content:
@@ -8843,17 +8056,12 @@ paths:
       summary: Create an alerts index
       tags:
         - Security Detections API
-        - Alert index API
   /api/detection_engine/privileges:
     get:
-      description: >
-        Retrieves whether or not the user is authenticated, and the user's
-        Kibana
-
+      description: |
+        Retrieves whether or not the user is authenticated, and the user's Kibana
         space and index privileges, which determine if the user can create an
-
         index for the Elastic Security alerts generated by
-
         detection engine rules.
       operationId: ReadPrivileges
       responses:
@@ -8875,8 +8083,7 @@ paths:
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse'
           description: Unsuccessful authentication response
         '500':
           content:
@@ -8887,7 +8094,6 @@ paths:
       summary: Returns user privileges for the Kibana space
       tags:
         - Security Detections API
-        - Privileges API
   /api/detection_engine/rules:
     delete:
       description: Delete a detection rule using the `rule_id` or `id` field.
@@ -8915,7 +8121,6 @@ paths:
       summary: Delete a detection rule
       tags:
         - Security Detections API
-        - Rules API
     get:
       description: Retrieve a detection rule using the `rule_id` or `id` field.
       operationId: ReadRule
@@ -8942,11 +8147,8 @@ paths:
       summary: Retrieve a detection rule
       tags:
         - Security Detections API
-        - Rules API
     patch:
-      description: >-
-        Update specific fields of an existing detection rule using the `rule_id`
-        or `id` field.
+      description: Update specific fields of an existing detection rule using the `rule_id` or `id` field.
       operationId: PatchRule
       requestBody:
         content:
@@ -8964,7 +8166,6 @@ paths:
       summary: Patch a detection rule
       tags:
         - Security Detections API
-        - Rules API
     post:
       description: Create a new detection rule.
       operationId: CreateRule
@@ -8984,14 +8185,10 @@ paths:
       summary: Create a detection rule
       tags:
         - Security Detections API
-        - Rules API
     put:
-      description: >
-        Update a detection rule using the `rule_id` or `id` field. The original
-        rule is replaced, and all unspecified fields are deleted.
-
+      description: |
+        Update a detection rule using the `rule_id` or `id` field. The original rule is replaced, and all unspecified fields are deleted.
         > info
-
         > You cannot modify the `id` or `rule_id` values.
       operationId: UpdateRule
       requestBody:
@@ -9010,13 +8207,9 @@ paths:
       summary: Update a detection rule
       tags:
         - Security Detections API
-        - Rules API
   /api/detection_engine/rules/_bulk_action:
     post:
-      description: >-
-        Apply a bulk action, such as bulk edit, duplicate, or delete, to
-        multiple detection rules. The bulk action is applied to all rules that
-        match the query or to the rules listed by their IDs.
+      description: Apply a bulk action, such as bulk edit, duplicate, or delete, to multiple detection rules. The bulk action is applied to all rules that match the query or to the rules listed by their IDs.
       operationId: PerformRulesBulkAction
       parameters:
         - description: Enables dry run mode for the request call.
@@ -9031,14 +8224,11 @@ paths:
             schema:
               oneOf:
                 - $ref: '#/components/schemas/Security_Detections_API_BulkDeleteRules'
-                - $ref: >-
-                    #/components/schemas/Security_Detections_API_BulkDisableRules
+                - $ref: '#/components/schemas/Security_Detections_API_BulkDisableRules'
                 - $ref: '#/components/schemas/Security_Detections_API_BulkEnableRules'
                 - $ref: '#/components/schemas/Security_Detections_API_BulkExportRules'
-                - $ref: >-
-                    #/components/schemas/Security_Detections_API_BulkDuplicateRules
-                - $ref: >-
-                    #/components/schemas/Security_Detections_API_BulkManualRuleRun
+                - $ref: '#/components/schemas/Security_Detections_API_BulkDuplicateRules'
+                - $ref: '#/components/schemas/Security_Detections_API_BulkManualRuleRun'
                 - $ref: '#/components/schemas/Security_Detections_API_BulkEditRules'
       responses:
         '200':
@@ -9046,15 +8236,12 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Detections_API_BulkEditActionResponse
-                  - $ref: >-
-                      #/components/schemas/Security_Detections_API_BulkExportActionResponse
+                  - $ref: '#/components/schemas/Security_Detections_API_BulkEditActionResponse'
+                  - $ref: '#/components/schemas/Security_Detections_API_BulkExportActionResponse'
           description: OK
       summary: Apply a bulk action to detection rules
       tags:
         - Security Detections API
-        - Bulk API
   /api/detection_engine/rules/_bulk_create:
     post:
       deprecated: true
@@ -9074,13 +8261,11 @@ paths:
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_BulkCrudRulesResponse
+                $ref: '#/components/schemas/Security_Detections_API_BulkCrudRulesResponse'
           description: Indicates a successful call.
       summary: Create multiple detection rules
       tags:
         - Security Detections API
-        - Bulk API
   /api/detection_engine/rules/_bulk_delete:
     delete:
       deprecated: true
@@ -9096,37 +8281,30 @@ paths:
                   id:
                     $ref: '#/components/schemas/Security_Detections_API_RuleObjectId'
                   rule_id:
-                    $ref: >-
-                      #/components/schemas/Security_Detections_API_RuleSignatureId
+                    $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId'
               type: array
-        description: >-
-          A JSON array of `id` or `rule_id` fields of the rules you want to
-          delete.
+        description: A JSON array of `id` or `rule_id` fields of the rules you want to delete.
         required: true
       responses:
         '200':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_BulkCrudRulesResponse
+                $ref: '#/components/schemas/Security_Detections_API_BulkCrudRulesResponse'
           description: Indicates a successful call.
         '400':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Detections_API_PlatformErrorResponse
-                  - $ref: >-
-                      #/components/schemas/Security_Detections_API_SiemErrorResponse
+                  - $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse'
+                  - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse'
           description: Invalid input data response
         '401':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse'
           description: Unsuccessful authentication response
         '500':
           content:
@@ -9137,7 +8315,6 @@ paths:
       summary: Delete multiple detection rules
       tags:
         - Security Detections API
-        - Bulk API
     post:
       deprecated: true
       description: Deletes multiple rules.
@@ -9152,37 +8329,30 @@ paths:
                   id:
                     $ref: '#/components/schemas/Security_Detections_API_RuleObjectId'
                   rule_id:
-                    $ref: >-
-                      #/components/schemas/Security_Detections_API_RuleSignatureId
+                    $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId'
               type: array
-        description: >-
-          A JSON array of `id` or `rule_id` fields of the rules you want to
-          delete.
+        description: A JSON array of `id` or `rule_id` fields of the rules you want to delete.
         required: true
       responses:
         '200':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_BulkCrudRulesResponse
+                $ref: '#/components/schemas/Security_Detections_API_BulkCrudRulesResponse'
           description: Indicates a successful call.
         '400':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Detections_API_PlatformErrorResponse
-                  - $ref: >-
-                      #/components/schemas/Security_Detections_API_SiemErrorResponse
+                  - $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse'
+                  - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse'
           description: Invalid input data response
         '401':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse'
           description: Unsuccessful authentication response
         '500':
           content:
@@ -9193,13 +8363,10 @@ paths:
       summary: Delete multiple detection rules
       tags:
         - Security Detections API
-        - Bulk API
   /api/detection_engine/rules/_bulk_update:
     patch:
       deprecated: true
-      description: >-
-        Update specific fields of existing detection rules using the `rule_id`
-        or `id` field.
+      description: Update specific fields of existing detection rules using the `rule_id` or `id` field.
       operationId: BulkPatchRules
       requestBody:
         content:
@@ -9215,21 +8382,16 @@ paths:
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_BulkCrudRulesResponse
+                $ref: '#/components/schemas/Security_Detections_API_BulkCrudRulesResponse'
           description: Indicates a successful call.
       summary: Patch multiple detection rules
       tags:
         - Security Detections API
-        - Bulk API
     put:
       deprecated: true
-      description: >
-        Update multiple detection rules using the `rule_id` or `id` field. The
-        original rules are replaced, and all unspecified fields are deleted.
-
+      description: |
+        Update multiple detection rules using the `rule_id` or `id` field. The original rules are replaced, and all unspecified fields are deleted.
         > info
-
         > You cannot modify the `id` or `rule_id` values.
       operationId: BulkUpdateRules
       requestBody:
@@ -9239,34 +8401,25 @@ paths:
               items:
                 $ref: '#/components/schemas/Security_Detections_API_RuleUpdateProps'
               type: array
-        description: >-
-          A JSON array where each element includes the `id` or `rule_id` field
-          of the rule you want to update and the fields you want to modify.
+        description: A JSON array where each element includes the `id` or `rule_id` field of the rule you want to update and the fields you want to modify.
         required: true
       responses:
         '200':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_BulkCrudRulesResponse
+                $ref: '#/components/schemas/Security_Detections_API_BulkCrudRulesResponse'
           description: Indicates a successful call.
       summary: Update multiple detection rules
       tags:
         - Security Detections API
-        - Bulk API
   /api/detection_engine/rules/_export:
     post:
-      description: >
-        Export detection rules to an `.ndjson` file. The following configuration
-        items are also included in the `.ndjson` file:
-
+      description: |
+        Export detection rules to an `.ndjson` file. The following configuration items are also included in the `.ndjson` file:
         - Actions
-
         - Exception lists
-
         > info
-
         > You cannot export prebuilt rules.
       operationId: ExportRules
       parameters:
@@ -9292,15 +8445,12 @@ paths:
               type: object
               properties:
                 objects:
-                  description: >-
-                    Array of `rule_id` fields. Exports all rules when
-                    unspecified.
+                  description: Array of `rule_id` fields. Exports all rules when unspecified.
                   items:
                     type: object
                     properties:
                       rule_id:
-                        $ref: >-
-                          #/components/schemas/Security_Detections_API_RuleSignatureId
+                        $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId'
                     required:
                       - rule_id
                   type: array
@@ -9319,12 +8469,9 @@ paths:
       summary: Export detection rules
       tags:
         - Security Detections API
-        - Import/Export API
   /api/detection_engine/rules/_find:
     get:
-      description: >-
-        Retrieve a paginated list of detection rules. By default, the first page
-        is returned, with 20 results per page.
+      description: Retrieve a paginated list of detection rules. By default, the first page is returned, with 20 results per page.
       operationId: FindRules
       parameters:
         - in: query
@@ -9377,8 +8524,7 @@ paths:
                 properties:
                   data:
                     items:
-                      $ref: >-
-                        #/components/schemas/Security_Detections_API_RuleResponse
+                      $ref: '#/components/schemas/Security_Detections_API_RuleResponse'
                     type: array
                   page:
                     type: integer
@@ -9395,39 +8541,29 @@ paths:
       summary: List all detection rules
       tags:
         - Security Detections API
-        - Rules API
   /api/detection_engine/rules/_import:
     post:
-      description: >
-        Import detection rules from an `.ndjson` file, including actions and
-        exception lists. The request must include:
-
+      description: |
+        Import detection rules from an `.ndjson` file, including actions and exception lists. The request must include:
         - The `Content-Type: multipart/form-data` HTTP header.
-
         - A link to the `.ndjson` file containing the rules.
       operationId: ImportRules
       parameters:
-        - description: >-
-            Determines whether existing rules with the same `rule_id` are
-            overwritten.
+        - description: Determines whether existing rules with the same `rule_id` are overwritten.
           in: query
           name: overwrite
           required: false
           schema:
             default: false
             type: boolean
-        - description: >-
-            Determines whether existing exception lists with the same `list_id`
-            are overwritten.
+        - description: Determines whether existing exception lists with the same `list_id` are overwritten.
           in: query
           name: overwrite_exceptions
           required: false
           schema:
             default: false
             type: boolean
-        - description: >-
-            Determines whether existing actions with the same
-            `kibana.alert.rule.actions.id` are overwritten.
+        - description: Determines whether existing actions with the same `kibana.alert.rule.actions.id` are overwritten.
           in: query
           name: overwrite_action_connectors
           required: false
@@ -9471,8 +8607,7 @@ paths:
                     type: integer
                   action_connectors_warnings:
                     items:
-                      $ref: >-
-                        #/components/schemas/Security_Detections_API_WarningSchema
+                      $ref: '#/components/schemas/Security_Detections_API_WarningSchema'
                     type: array
                   errors:
                     items:
@@ -9511,7 +8646,6 @@ paths:
       summary: Import detection rules
       tags:
         - Security Detections API
-        - Import/Export API
   /api/detection_engine/rules/{id}/exceptions:
     post:
       description: Create exception items that apply to a single detection rule.
@@ -9531,8 +8665,7 @@ paths:
               properties:
                 items:
                   items:
-                    $ref: >-
-                      #/components/schemas/Security_Exceptions_API_CreateRuleExceptionListItemProps
+                    $ref: '#/components/schemas/Security_Exceptions_API_CreateRuleExceptionListItemProps'
                   type: array
               required:
                 - items
@@ -9544,8 +8677,7 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 items:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_ExceptionListItem
+                  $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem'
                 type: array
           description: Successful response
         '400':
@@ -9553,24 +8685,20 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
-                  - $ref: >-
-                      #/components/schemas/Security_Exceptions_API_SiemErrorResponse
+                  - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
+                  - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse'
           description: Invalid input data response
         '401':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
           description: Unsuccessful authentication response
         '403':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
           description: Not enough privileges response
         '500':
           content:
@@ -9618,12 +8746,9 @@ paths:
       summary: Install prebuilt detection rules and Timelines
       tags:
         - Security Detections API
-        - Prebuilt Rules API
   /api/detection_engine/rules/prepackaged/_status:
     get:
-      description: >-
-        Retrieve the status of all Elastic prebuilt detection rules and
-        Timelines.
+      description: Retrieve the status of all Elastic prebuilt detection rules and Timelines.
       operationId: ReadPrebuiltRulesAndTimelinesStatus
       responses:
         '200':
@@ -9642,9 +8767,7 @@ paths:
                     minimum: 0
                     type: integer
                   rules_not_installed:
-                    description: >-
-                      The total number of available prebuilt rules that are not
-                      installed
+                    description: The total number of available prebuilt rules that are not installed
                     minimum: 0
                     type: integer
                   rules_not_updated:
@@ -9656,9 +8779,7 @@ paths:
                     minimum: 0
                     type: integer
                   timelines_not_installed:
-                    description: >-
-                      The total number of available prebuilt timelines that are
-                      not installed
+                    description: The total number of available prebuilt timelines that are not installed
                     minimum: 0
                     type: integer
                   timelines_not_updated:
@@ -9677,14 +8798,11 @@ paths:
       summary: Retrieve the status of prebuilt detection rules and Timelines
       tags:
         - Security Detections API
-        - Prebuilt Rules API
   /api/detection_engine/rules/preview:
     post:
       operationId: RulePreview
       parameters:
-        - description: >-
-            Enables logging and returning in response ES queries, performed
-            during rule execution
+        - description: Enables logging and returning in response ES queries, performed during rule execution
           in: query
           name: enable_logged_requests
           required: false
@@ -9696,50 +8814,32 @@ paths:
             schema:
               anyOf:
                 - allOf:
-                    - $ref: >-
-                        #/components/schemas/Security_Detections_API_EqlRuleCreateProps
-                    - $ref: >-
-                        #/components/schemas/Security_Detections_API_RulePreviewParams
+                    - $ref: '#/components/schemas/Security_Detections_API_EqlRuleCreateProps'
+                    - $ref: '#/components/schemas/Security_Detections_API_RulePreviewParams'
                 - allOf:
-                    - $ref: >-
-                        #/components/schemas/Security_Detections_API_QueryRuleCreateProps
-                    - $ref: >-
-                        #/components/schemas/Security_Detections_API_RulePreviewParams
+                    - $ref: '#/components/schemas/Security_Detections_API_QueryRuleCreateProps'
+                    - $ref: '#/components/schemas/Security_Detections_API_RulePreviewParams'
                 - allOf:
-                    - $ref: >-
-                        #/components/schemas/Security_Detections_API_SavedQueryRuleCreateProps
-                    - $ref: >-
-                        #/components/schemas/Security_Detections_API_RulePreviewParams
+                    - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRuleCreateProps'
+                    - $ref: '#/components/schemas/Security_Detections_API_RulePreviewParams'
                 - allOf:
-                    - $ref: >-
-                        #/components/schemas/Security_Detections_API_ThresholdRuleCreateProps
-                    - $ref: >-
-                        #/components/schemas/Security_Detections_API_RulePreviewParams
+                    - $ref: '#/components/schemas/Security_Detections_API_ThresholdRuleCreateProps'
+                    - $ref: '#/components/schemas/Security_Detections_API_RulePreviewParams'
                 - allOf:
-                    - $ref: >-
-                        #/components/schemas/Security_Detections_API_ThreatMatchRuleCreateProps
-                    - $ref: >-
-                        #/components/schemas/Security_Detections_API_RulePreviewParams
+                    - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRuleCreateProps'
+                    - $ref: '#/components/schemas/Security_Detections_API_RulePreviewParams'
                 - allOf:
-                    - $ref: >-
-                        #/components/schemas/Security_Detections_API_MachineLearningRuleCreateProps
-                    - $ref: >-
-                        #/components/schemas/Security_Detections_API_RulePreviewParams
+                    - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRuleCreateProps'
+                    - $ref: '#/components/schemas/Security_Detections_API_RulePreviewParams'
                 - allOf:
-                    - $ref: >-
-                        #/components/schemas/Security_Detections_API_NewTermsRuleCreateProps
-                    - $ref: >-
-                        #/components/schemas/Security_Detections_API_RulePreviewParams
+                    - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleCreateProps'
+                    - $ref: '#/components/schemas/Security_Detections_API_RulePreviewParams'
                 - allOf:
-                    - $ref: >-
-                        #/components/schemas/Security_Detections_API_EsqlRuleCreateProps
-                    - $ref: >-
-                        #/components/schemas/Security_Detections_API_RulePreviewParams
+                    - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleCreateProps'
+                    - $ref: '#/components/schemas/Security_Detections_API_RulePreviewParams'
               discriminator:
                 propertyName: type
-        description: >-
-          An object containing tags to add or remove and alert ids the changes
-          will be applied
+        description: An object containing tags to add or remove and alert ids the changes will be applied
         required: true
       responses:
         '200':
@@ -9752,12 +8852,10 @@ paths:
                     type: boolean
                   logs:
                     items:
-                      $ref: >-
-                        #/components/schemas/Security_Detections_API_RulePreviewLogs
+                      $ref: '#/components/schemas/Security_Detections_API_RulePreviewLogs'
                     type: array
                   previewId:
-                    $ref: >-
-                      #/components/schemas/Security_Detections_API_NonEmptyString
+                    $ref: '#/components/schemas/Security_Detections_API_NonEmptyString'
                 required:
                   - logs
           description: Successful response
@@ -9766,17 +8864,14 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Detections_API_PlatformErrorResponse
-                  - $ref: >-
-                      #/components/schemas/Security_Detections_API_SiemErrorResponse
+                  - $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse'
+                  - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse'
           description: Invalid input data response
         '401':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse'
           description: Unsuccessful authentication response
         '500':
           content:
@@ -9787,7 +8882,6 @@ paths:
       summary: Preview rule alerts generated on specified time range
       tags:
         - Security Detections API
-        - Rule preview API
   /api/detection_engine/signals/assignees:
     post:
       description: |
@@ -9821,13 +8915,9 @@ paths:
         - Security Detections API
   /api/detection_engine/signals/finalize_migration:
     post:
-      description: >
-        Finalize successful migrations of detection alerts. This replaces the
-        original index's alias with the successfully migrated index's alias.
-
-        The endpoint is idempotent; therefore, it can safely be used to poll a
-        given migration and, upon completion,
-
+      description: |
+        Finalize successful migrations of detection alerts. This replaces the original index's alias with the successfully migrated index's alias.
+        The endpoint is idempotent; therefore, it can safely be used to poll a given migration and, upon completion,
         finalize it.
       operationId: FinalizeAlertsMigration
       requestBody:
@@ -9851,8 +8941,7 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 items:
-                  $ref: >-
-                    #/components/schemas/Security_Detections_API_MigrationFinalizationResult
+                  $ref: '#/components/schemas/Security_Detections_API_MigrationFinalizationResult'
                 type: array
           description: Successful response
         '400':
@@ -9860,17 +8949,14 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Detections_API_PlatformErrorResponse
-                  - $ref: >-
-                      #/components/schemas/Security_Detections_API_SiemErrorResponse
+                  - $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse'
+                  - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse'
           description: Invalid input data response
         '401':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse'
           description: Unsuccessful authentication response
         '500':
           content:
@@ -9881,26 +8967,16 @@ paths:
       summary: Finalize detection alert migrations
       tags:
         - Security Detections API
-        - Alerts migration API
   /api/detection_engine/signals/migration:
     delete:
-      description: >
-        Migrations favor data integrity over shard size. Consequently, unused or
-        orphaned indices are artifacts of
-
-        the migration process. A successful migration will result in both the
-        old and new indices being present.
-
+      description: |
+        Migrations favor data integrity over shard size. Consequently, unused or orphaned indices are artifacts of
+        the migration process. A successful migration will result in both the old and new indices being present.
         As such, the old, orphaned index can (and likely should) be deleted.
 
-
         While you can delete these indices manually,
-
-        the endpoint accomplishes this task by applying a deletion policy to the
-        relevant index, causing it to be deleted
-
-        after 30 days. It also deletes other artifacts specific to the migration
-        implementation.
+        the endpoint accomplishes this task by applying a deletion policy to the relevant index, causing it to be deleted
+        after 30 days. It also deletes other artifacts specific to the migration implementation.
       operationId: AlertsMigrationCleanup
       requestBody:
         content:
@@ -9923,8 +8999,7 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 items:
-                  $ref: >-
-                    #/components/schemas/Security_Detections_API_MigrationCleanupResult
+                  $ref: '#/components/schemas/Security_Detections_API_MigrationCleanupResult'
                 type: array
           description: Successful response
         '400':
@@ -9932,17 +9007,14 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Detections_API_PlatformErrorResponse
-                  - $ref: >-
-                      #/components/schemas/Security_Detections_API_SiemErrorResponse
+                  - $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse'
+                  - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse'
           description: Invalid input data response
         '401':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse'
           description: Unsuccessful authentication response
         '500':
           content:
@@ -9953,15 +9025,10 @@ paths:
       summary: Clean up detection alert migrations
       tags:
         - Security Detections API
-        - Alerts migration API
     post:
-      description: >
+      description: |
         Initiate a migration of detection alerts.
-
-        Migrations are initiated per index. While the process is neither
-        destructive nor interferes with existing data, it may be
-        resource-intensive. As such, it is recommended that you plan your
-        migrations accordingly.
+        Migrations are initiated per index. While the process is neither destructive nor interferes with existing data, it may be resource-intensive. As such, it is recommended that you plan your migrations accordingly.
       operationId: CreateAlertsMigration
       requestBody:
         content:
@@ -9972,14 +9039,12 @@ paths:
                   properties:
                     index:
                       items:
-                        $ref: >-
-                          #/components/schemas/Security_Detections_API_NonEmptyString
+                        $ref: '#/components/schemas/Security_Detections_API_NonEmptyString'
                       minItems: 1
                       type: array
                   required:
                     - index
-                - $ref: >-
-                    #/components/schemas/Security_Detections_API_AlertsReindexOptions
+                - $ref: '#/components/schemas/Security_Detections_API_AlertsReindexOptions'
         description: Alerts migration parameters
         required: true
       responses:
@@ -9992,12 +9057,9 @@ paths:
                   indices:
                     items:
                       oneOf:
-                        - $ref: >-
-                            #/components/schemas/Security_Detections_API_AlertsIndexMigrationSuccess
-                        - $ref: >-
-                            #/components/schemas/Security_Detections_API_AlertsIndexMigrationError
-                        - $ref: >-
-                            #/components/schemas/Security_Detections_API_SkippedAlertsIndexMigration
+                        - $ref: '#/components/schemas/Security_Detections_API_AlertsIndexMigrationSuccess'
+                        - $ref: '#/components/schemas/Security_Detections_API_AlertsIndexMigrationError'
+                        - $ref: '#/components/schemas/Security_Detections_API_SkippedAlertsIndexMigration'
                     type: array
                 required:
                   - indices
@@ -10007,17 +9069,14 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Detections_API_PlatformErrorResponse
-                  - $ref: >-
-                      #/components/schemas/Security_Detections_API_SiemErrorResponse
+                  - $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse'
+                  - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse'
           description: Invalid input data response
         '401':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse'
           description: Unsuccessful authentication response
         '500':
           content:
@@ -10028,12 +9087,9 @@ paths:
       summary: Initiate a detection alert migration
       tags:
         - Security Detections API
-        - Alerts migration API
   /api/detection_engine/signals/migration_status:
     post:
-      description: >-
-        Retrieve indices that contain detection alerts of a particular age,
-        along with migration information for each of those indices.
+      description: Retrieve indices that contain detection alerts of a particular age, along with migration information for each of those indices.
       operationId: ReadAlertsMigrationStatus
       parameters:
         - description: Maximum age of qualifying detection alerts
@@ -10041,12 +9097,9 @@ paths:
           name: from
           required: true
           schema:
-            description: >
-              Time from which data is analyzed. For example, now-4200s means the
-              rule analyzes data from 70 minutes
-
-              before its start time. Defaults to now-6m (analyzes data from 6
-              minutes before the start time).
+            description: |
+              Time from which data is analyzed. For example, now-4200s means the rule analyzes data from 70 minutes
+              before its start time. Defaults to now-6m (analyzes data from 6 minutes before the start time).
             format: date-math
             type: string
       responses:
@@ -10058,8 +9111,7 @@ paths:
                 properties:
                   indices:
                     items:
-                      $ref: >-
-                        #/components/schemas/Security_Detections_API_IndexMigrationStatus
+                      $ref: '#/components/schemas/Security_Detections_API_IndexMigrationStatus'
                     type: array
                 required:
                   - indices
@@ -10069,17 +9121,14 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Detections_API_PlatformErrorResponse
-                  - $ref: >-
-                      #/components/schemas/Security_Detections_API_SiemErrorResponse
+                  - $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse'
+                  - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse'
           description: Invalid input data response
         '401':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse'
           description: Unsuccessful authentication response
         '500':
           content:
@@ -10090,7 +9139,6 @@ paths:
       summary: Retrieve the status of detection alert migrations
       tags:
         - Security Detections API
-        - Alerts migration API
   /api/detection_engine/signals/search:
     post:
       description: Find and/or aggregate detection alerts that match the given query.
@@ -10145,17 +9193,14 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Detections_API_PlatformErrorResponse
-                  - $ref: >-
-                      #/components/schemas/Security_Detections_API_SiemErrorResponse
+                  - $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse'
+                  - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse'
           description: Invalid input data response
         '401':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse'
           description: Unsuccessful authentication response
         '500':
           content:
@@ -10166,7 +9211,6 @@ paths:
       summary: Find and/or aggregate detection alerts
       tags:
         - Security Detections API
-        - Alerts API
   /api/detection_engine/signals/status:
     post:
       description: Set the status of one or more detection alerts.
@@ -10176,13 +9220,9 @@ paths:
           application/json; Elastic-Api-Version=2023-10-31:
             schema:
               oneOf:
-                - $ref: >-
-                    #/components/schemas/Security_Detections_API_SetAlertsStatusByIds
-                - $ref: >-
-                    #/components/schemas/Security_Detections_API_SetAlertsStatusByQuery
-        description: >-
-          An object containing desired status and explicit alert ids or a query
-          to select alerts
+                - $ref: '#/components/schemas/Security_Detections_API_SetAlertsStatusByIds'
+                - $ref: '#/components/schemas/Security_Detections_API_SetAlertsStatusByQuery'
+        description: An object containing desired status and explicit alert ids or a query to select alerts
         required: true
       responses:
         '200':
@@ -10198,17 +9238,14 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Detections_API_PlatformErrorResponse
-                  - $ref: >-
-                      #/components/schemas/Security_Detections_API_SiemErrorResponse
+                  - $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse'
+                  - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse'
           description: Invalid input data response
         '401':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse'
           description: Unsuccessful authentication response
         '500':
           content:
@@ -10219,7 +9256,6 @@ paths:
       summary: Set a detection alert status
       tags:
         - Security Detections API
-        - Alerts API
   /api/detection_engine/signals/tags:
     post:
       description: |
@@ -10240,9 +9276,7 @@ paths:
               required:
                 - ids
                 - tags
-        description: >-
-          An object containing tags to add or remove and alert ids the changes
-          will be applied
+        description: An object containing tags to add or remove and alert ids the changes will be applied
         required: true
       responses:
         '200':
@@ -10258,17 +9292,14 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Detections_API_PlatformErrorResponse
-                  - $ref: >-
-                      #/components/schemas/Security_Detections_API_SiemErrorResponse
+                  - $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse'
+                  - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse'
           description: Invalid input data response
         '401':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse'
           description: Unsuccessful authentication response
         '500':
           content:
@@ -10279,7 +9310,6 @@ paths:
       summary: Add and remove detection alert tags
       tags:
         - Security Detections API
-        - Alerts API
   /api/detection_engine/tags:
     get:
       description: List all unique tags from all detection rules.
@@ -10294,45 +9324,26 @@ paths:
       summary: List all detection rule tags
       tags:
         - Security Detections API
-        - Tags API
   /api/encrypted_saved_objects/_rotate_key:
     post:
-      description: >
+      description: |
         Superuser role required.
 
+        If a saved object cannot be decrypted using the primary encryption key, then Kibana will attempt to decrypt it using the specified decryption-only keys. In most of the cases this overhead is negligible, but if you're dealing with a large number of saved objects and experiencing performance issues, you may want to rotate the encryption key.
 
-        If a saved object cannot be decrypted using the primary encryption key,
-        then Kibana will attempt to decrypt it using the specified
-        decryption-only keys. In most of the cases this overhead is negligible,
-        but if you're dealing with a large number of saved objects and
-        experiencing performance issues, you may want to rotate the encryption
-        key.
-
-
-        This functionality is in technical preview and may be changed or removed
-        in a future release. Elastic will work to fix any issues, but features
-        in technical preview are not subject to the support SLA of official GA
-        features.
+        This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
       operationId: rotateEncryptionKey
       parameters:
-        - description: >
-            Specifies a maximum number of saved objects that Kibana can process
-            in a single batch. Bulk key rotation is an iterative process since
-            Kibana may not be able to fetch and process all required saved
-            objects in one go and splits processing into consequent batches. By
-            default, the batch size is 10000, which is also a maximum allowed
-            value.
+        - description: |
+            Specifies a maximum number of saved objects that Kibana can process in a single batch. Bulk key rotation is an iterative process since Kibana may not be able to fetch and process all required saved objects in one go and splits processing into consequent batches. By default, the batch size is 10000, which is also a maximum allowed value.
           in: query
           name: batch_size
           required: false
           schema:
             default: 10000
             type: number
-        - description: >
-            Limits encryption key rotation only to the saved objects with the
-            specified type. By default, Kibana tries to rotate the encryption
-            key for all saved object types that may contain encrypted
-            attributes.
+        - description: |
+            Limits encryption key rotation only to the saved objects with the specified type. By default, Kibana tries to rotate the encryption key for all saved object types that may contain encrypted attributes.
           in: query
           name: type
           required: false
@@ -10349,28 +9360,18 @@ paths:
                 type: object
                 properties:
                   failed:
-                    description: >
-                      Indicates the number of the saved objects that were still
-                      encrypted with one of the old encryption keys that Kibana
-                      failed to re-encrypt with the primary key.
+                    description: |
+                      Indicates the number of the saved objects that were still encrypted with one of the old encryption keys that Kibana failed to re-encrypt with the primary key.
                     type: number
                   successful:
-                    description: >
-                      Indicates the total number of all encrypted saved objects
-                      (optionally filtered by the requested `type`), regardless
-                      of the key Kibana used for encryption.
-
+                    description: |
+                      Indicates the total number of all encrypted saved objects (optionally filtered by the requested `type`), regardless of the key Kibana used for encryption.
 
-                      NOTE: In most cases, `total` will be greater than
-                      `successful` even if `failed` is zero. The reason is that
-                      Kibana may not need or may not be able to rotate
-                      encryption keys for all encrypted saved objects.
+                      NOTE: In most cases, `total` will be greater than `successful` even if `failed` is zero. The reason is that Kibana may not need or may not be able to rotate encryption keys for all encrypted saved objects.
                     type: number
                   total:
-                    description: >
-                      Indicates the total number of all encrypted saved objects
-                      (optionally filtered by the requested `type`), regardless
-                      of the key Kibana used for encryption.
+                    description: |
+                      Indicates the total number of all encrypted saved objects (optionally filtered by the requested `type`), regardless of the key Kibana used for encryption.
                     type: number
           description: Indicates a successful call.
         '400':
@@ -10390,58 +9391,47 @@ paths:
         - saved objects
   /api/endpoint_list:
     post:
-      description: >-
-        Create an endpoint exception list, which groups endpoint exception list
-        items. If an endpoint exception list already exists, an empty response
-        is returned.
+      description: Create an endpoint exception list, which groups endpoint exception list items. If an endpoint exception list already exists, an empty response is returned.
       operationId: CreateEndpointList
       responses:
         '200':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Exceptions_API_EndpointList
+                $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_EndpointList'
           description: Successful response
         '400':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse
-                  - $ref: >-
-                      #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse
+                  - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse'
+                  - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse'
           description: Invalid input data
         '401':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse'
           description: Unsuccessful authentication
         '403':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse'
           description: Insufficient privileges
         '500':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse
+                $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse'
           description: Internal server error
       summary: Create an endpoint exception list
       tags:
         - Security Endpoint Exceptions API
   /api/endpoint_list/items:
     delete:
-      description: >-
-        Delete an endpoint exception list item using the `id` or `item_id`
-        field.
+      description: Delete an endpoint exception list item using the `id` or `item_id` field.
       operationId: DeleteEndpointListItem
       parameters:
         - description: Either `id` or `item_id` must be specified
@@ -10449,68 +9439,57 @@ paths:
           name: id
           required: false
           schema:
-            $ref: >-
-              #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemId
+            $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemId'
         - description: Either `id` or `item_id` must be specified
           in: query
           name: item_id
           required: false
           schema:
-            $ref: >-
-              #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId
+            $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId'
       responses:
         '200':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem
+                $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem'
           description: Successful response
         '400':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse
-                  - $ref: >-
-                      #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse
+                  - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse'
+                  - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse'
           description: Invalid input data
         '401':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse'
           description: Unsuccessful authentication
         '403':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse'
           description: Insufficient privileges
         '404':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse
+                $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse'
           description: Endpoint list item not found
         '500':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse
+                $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse'
           description: Internal server error
       summary: Delete an endpoint exception list item
       tags:
         - Security Endpoint Exceptions API
     get:
-      description: >-
-        Get the details of an endpoint exception list item using the `id` or
-        `item_id` field.
+      description: Get the details of an endpoint exception list item using the `id` or `item_id` field.
       operationId: ReadEndpointListItem
       parameters:
         - description: Either `id` or `item_id` must be specified
@@ -10518,23 +9497,20 @@ paths:
           name: id
           required: false
           schema:
-            $ref: >-
-              #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemId
+            $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemId'
         - description: Either `id` or `item_id` must be specified
           in: query
           name: item_id
           required: false
           schema:
-            $ref: >-
-              #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId
+            $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId'
       responses:
         '200':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 items:
-                  $ref: >-
-                    #/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem
+                  $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem'
                 type: array
           description: Successful response
         '400':
@@ -10542,46 +9518,38 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse
-                  - $ref: >-
-                      #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse
+                  - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse'
+                  - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse'
           description: Invalid input data
         '401':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse'
           description: Unsuccessful authentication
         '403':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse'
           description: Insufficient privileges
         '404':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse
+                $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse'
           description: Endpoint list item not found
         '500':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse
+                $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse'
           description: Internal server error
       summary: Get an endpoint exception list item
       tags:
         - Security Endpoint Exceptions API
     post:
-      description: >-
-        Create an endpoint exception list item, and associate it with the
-        endpoint exception list.
+      description: Create an endpoint exception list item, and associate it with the endpoint exception list.
       operationId: CreateEndpointListItem
       requestBody:
         content:
@@ -10590,35 +9558,26 @@ paths:
               type: object
               properties:
                 comments:
-                  $ref: >-
-                    #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemCommentArray
+                  $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemCommentArray'
                   default: []
                 description:
-                  $ref: >-
-                    #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemDescription
+                  $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemDescription'
                 entries:
-                  $ref: >-
-                    #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryArray
+                  $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryArray'
                 item_id:
-                  $ref: >-
-                    #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId
+                  $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId'
                 meta:
-                  $ref: >-
-                    #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemMeta
+                  $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemMeta'
                 name:
-                  $ref: >-
-                    #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemName
+                  $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemName'
                 os_types:
-                  $ref: >-
-                    #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray
+                  $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray'
                   default: []
                 tags:
-                  $ref: >-
-                    #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemTags
+                  $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemTags'
                   default: []
                 type:
-                  $ref: >-
-                    #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemType
+                  $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemType'
               required:
                 - type
                 - name
@@ -10631,54 +9590,45 @@ paths:
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem
+                $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem'
           description: Successful response
         '400':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse
-                  - $ref: >-
-                      #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse
+                  - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse'
+                  - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse'
           description: Invalid input data
         '401':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse'
           description: Unsuccessful authentication
         '403':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse'
           description: Insufficient privileges
         '409':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse
+                $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse'
           description: Endpoint list item already exists
         '500':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse
+                $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse'
           description: Internal server error
       summary: Create an endpoint exception list item
       tags:
         - Security Endpoint Exceptions API
     put:
-      description: >-
-        Update an endpoint exception list item using the `id` or `item_id`
-        field.
+      description: Update an endpoint exception list item using the `id` or `item_id` field.
       operationId: UpdateEndpointListItem
       requestBody:
         content:
@@ -10689,39 +9639,29 @@ paths:
                 _version:
                   type: string
                 comments:
-                  $ref: >-
-                    #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemCommentArray
+                  $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemCommentArray'
                   default: []
                 description:
-                  $ref: >-
-                    #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemDescription
+                  $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemDescription'
                 entries:
-                  $ref: >-
-                    #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryArray
+                  $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryArray'
                 id:
-                  $ref: >-
-                    #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemId
+                  $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemId'
                   description: Either `id` or `item_id` must be specified
                 item_id:
-                  $ref: >-
-                    #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId
+                  $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId'
                   description: Either `id` or `item_id` must be specified
                 meta:
-                  $ref: >-
-                    #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemMeta
+                  $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemMeta'
                 name:
-                  $ref: >-
-                    #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemName
+                  $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemName'
                 os_types:
-                  $ref: >-
-                    #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray
+                  $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray'
                   default: []
                 tags:
-                  $ref: >-
-                    #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemTags
+                  $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemTags'
                 type:
-                  $ref: >-
-                    #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemType
+                  $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemType'
               required:
                 - type
                 - name
@@ -10734,46 +9674,39 @@ paths:
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem
+                $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem'
           description: Successful response
         '400':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse
-                  - $ref: >-
-                      #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse
+                  - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse'
+                  - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse'
           description: Invalid input data
         '401':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse'
           description: Unsuccessful authentication
         '403':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse'
           description: Insufficient privileges
         '404':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse
+                $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse'
           description: Endpoint list item not found
         '500':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse
+                $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse'
           description: Internal server error
       summary: Update an endpoint exception list item
       tags:
@@ -10783,17 +9716,14 @@ paths:
       description: Get a list of all endpoint exception list items.
       operationId: FindEndpointListItems
       parameters:
-        - description: >
-            Filters the returned results according to the value of the specified
-            field,
-
+        - description: |
+            Filters the returned results according to the value of the specified field,
             using the `<field name>:<field value>` syntax.
           in: query
           name: filter
           required: false
           schema:
-            $ref: >-
-              #/components/schemas/Security_Endpoint_Exceptions_API_FindEndpointListItemsFilter
+            $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_FindEndpointListItemsFilter'
         - description: The page number to return
           in: query
           name: page
@@ -10813,8 +9743,7 @@ paths:
           name: sort_field
           required: false
           schema:
-            $ref: >-
-              #/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString
+            $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString'
         - description: Determines the sort order, which can be `desc` or `asc`
           in: query
           name: sort_order
@@ -10833,8 +9762,7 @@ paths:
                 properties:
                   data:
                     items:
-                      $ref: >-
-                        #/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem
+                      $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem'
                     type: array
                   page:
                     minimum: 0
@@ -10858,38 +9786,32 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse
-                  - $ref: >-
-                      #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse
+                  - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse'
+                  - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse'
           description: Invalid input data
         '401':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse'
           description: Unsuccessful authentication
         '403':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse'
           description: Insufficient privileges
         '404':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse
+                $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse'
           description: Endpoint list not found
         '500':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse
+                $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse'
           description: Internal server error
       summary: Get endpoint exception list items
       tags:
@@ -10903,47 +9825,17 @@ paths:
           name: query
           required: true
           schema:
-            $ref: >-
-              #/components/schemas/Security_Endpoint_Management_API_GetEndpointActionListRouteQuery
+            $ref: '#/components/schemas/Security_Endpoint_Management_API_GetEndpointActionListRouteQuery'
       responses:
         '200':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Management_API_SuccessResponse
+                $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse'
           description: OK
       summary: Get response actions
       tags:
         - Security Endpoint Management API
-  /api/endpoint/action_log/{agent_id}:
-    get:
-      deprecated: true
-      description: Get an action request log for the specified agent ID.
-      operationId: EndpointGetActionLog
-      parameters:
-        - in: path
-          name: agent_id
-          required: true
-          schema:
-            $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentId'
-        - in: query
-          name: query
-          required: true
-          schema:
-            $ref: >-
-              #/components/schemas/Security_Endpoint_Management_API_ActionLogRequestQuery
-      responses:
-        '200':
-          content:
-            application/json; Elastic-Api-Version=2023-10-31:
-              schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Management_API_SuccessResponse
-          description: OK
-      summary: Get an action request log
-      tags:
-        - Security Endpoint Management API
   /api/endpoint/action_status:
     get:
       description: Get the status of response actions for the specified agent IDs.
@@ -10962,8 +9854,7 @@ paths:
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Management_API_ActionStatusSuccessResponse
+                $ref: '#/components/schemas/Security_Endpoint_Management_API_ActionStatusSuccessResponse'
           description: OK
       summary: Get response actions status
       tags:
@@ -10983,8 +9874,7 @@ paths:
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Management_API_SuccessResponse
+                $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse'
           description: OK
       summary: Get action details
       tags:
@@ -11009,8 +9899,7 @@ paths:
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Management_API_SuccessResponse
+                $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse'
           description: OK
       summary: Get file information
       tags:
@@ -11035,8 +9924,7 @@ paths:
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Management_API_SuccessResponse
+                $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse'
           description: OK
       summary: Download a file
       tags:
@@ -11049,16 +9937,14 @@ paths:
         content:
           application/json; Elastic-Api-Version=2023-10-31:
             schema:
-              $ref: >-
-                #/components/schemas/Security_Endpoint_Management_API_ExecuteRouteRequestBody
+              $ref: '#/components/schemas/Security_Endpoint_Management_API_ExecuteRouteRequestBody'
         required: true
       responses:
         '200':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Management_API_SuccessResponse
+                $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse'
           description: OK
       summary: Run a command
       tags:
@@ -11071,40 +9957,34 @@ paths:
         content:
           application/json; Elastic-Api-Version=2023-10-31:
             schema:
-              $ref: >-
-                #/components/schemas/Security_Endpoint_Management_API_GetFileRouteRequestBody
+              $ref: '#/components/schemas/Security_Endpoint_Management_API_GetFileRouteRequestBody'
         required: true
       responses:
         '200':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Management_API_SuccessResponse
+                $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse'
           description: OK
       summary: Get a file
       tags:
         - Security Endpoint Management API
   /api/endpoint/action/isolate:
     post:
-      description: >-
-        Isolate an endpoint from the network. The endpoint remains isolated
-        until it's released.
+      description: Isolate an endpoint from the network. The endpoint remains isolated until it's released.
       operationId: EndpointIsolateAction
       requestBody:
         content:
           application/json; Elastic-Api-Version=2023-10-31:
             schema:
-              $ref: >-
-                #/components/schemas/Security_Endpoint_Management_API_IsolateRouteRequestBody
+              $ref: '#/components/schemas/Security_Endpoint_Management_API_IsolateRouteRequestBody'
         required: true
       responses:
         '200':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Management_API_SuccessResponse
+                $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse'
           description: OK
       summary: Isolate an endpoint
       tags:
@@ -11117,16 +9997,14 @@ paths:
         content:
           application/json; Elastic-Api-Version=2023-10-31:
             schema:
-              $ref: >-
-                #/components/schemas/Security_Endpoint_Management_API_KillProcessRouteRequestBody
+              $ref: '#/components/schemas/Security_Endpoint_Management_API_KillProcessRouteRequestBody'
         required: true
       responses:
         '200':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Management_API_SuccessResponse
+                $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse'
           description: OK
       summary: Terminate a process
       tags:
@@ -11139,16 +10017,14 @@ paths:
         content:
           application/json; Elastic-Api-Version=2023-10-31:
             schema:
-              $ref: >-
-                #/components/schemas/Security_Endpoint_Management_API_GetProcessesRouteRequestBody
+              $ref: '#/components/schemas/Security_Endpoint_Management_API_GetProcessesRouteRequestBody'
         required: true
       responses:
         '200':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Management_API_SuccessResponse
+                $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse'
           description: OK
       summary: Get running processes
       tags:
@@ -11161,33 +10037,28 @@ paths:
         content:
           application/json; Elastic-Api-Version=2023-10-31:
             schema:
-              $ref: >-
-                #/components/schemas/Security_Endpoint_Management_API_ScanRouteRequestBody
+              $ref: '#/components/schemas/Security_Endpoint_Management_API_ScanRouteRequestBody'
         required: true
       responses:
         '200':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Management_API_SuccessResponse
+                $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse'
           description: OK
       summary: Scan a file or directory
       tags:
         - Security Endpoint Management API
   /api/endpoint/action/state:
     get:
-      description: >-
-        Get a response actions state, which reports whether encryption is
-        enabled.
+      description: Get a response actions state, which reports whether encryption is enabled.
       operationId: EndpointGetActionsState
       responses:
         '200':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Management_API_ActionStateSuccessResponse
+                $ref: '#/components/schemas/Security_Endpoint_Management_API_ActionStateSuccessResponse'
           description: OK
       summary: Get actions state
       tags:
@@ -11200,16 +10071,14 @@ paths:
         content:
           application/json; Elastic-Api-Version=2023-10-31:
             schema:
-              $ref: >-
-                #/components/schemas/Security_Endpoint_Management_API_SuspendProcessRouteRequestBody
+              $ref: '#/components/schemas/Security_Endpoint_Management_API_SuspendProcessRouteRequestBody'
         required: true
       responses:
         '200':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Management_API_SuccessResponse
+                $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse'
           description: OK
       summary: Suspend a process
       tags:
@@ -11222,16 +10091,14 @@ paths:
         content:
           application/json; Elastic-Api-Version=2023-10-31:
             schema:
-              $ref: >-
-                #/components/schemas/Security_Endpoint_Management_API_UnisolateRouteRequestBody
+              $ref: '#/components/schemas/Security_Endpoint_Management_API_UnisolateRouteRequestBody'
         required: true
       responses:
         '200':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Management_API_SuccessResponse
+                $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse'
           description: OK
       summary: Release an isolated endpoint
       tags:
@@ -11244,77 +10111,18 @@ paths:
         content:
           application/json; Elastic-Api-Version=2023-10-31:
             schema:
-              $ref: >-
-                #/components/schemas/Security_Endpoint_Management_API_UploadRouteRequestBody
+              $ref: '#/components/schemas/Security_Endpoint_Management_API_UploadRouteRequestBody'
         required: true
       responses:
         '200':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Management_API_SuccessResponse
+                $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse'
           description: OK
       summary: Upload a file
       tags:
         - Security Endpoint Management API
-  /api/endpoint/isolate:
-    post:
-      deprecated: true
-      description: >
-        Isolate an endpoint from the network.
-
-        > info
-
-        > This URL will return a 308 permanent redirect to `POST <kibana
-        host>:<port>/api/endpoint/action/isolate`.
-      operationId: EndpointIsolateRedirect
-      requestBody:
-        content:
-          application/json; Elastic-Api-Version=2023-10-31:
-            schema:
-              type: object
-              properties:
-                agent_type:
-                  $ref: >-
-                    #/components/schemas/Security_Endpoint_Management_API_AgentTypes
-                alert_ids:
-                  $ref: >-
-                    #/components/schemas/Security_Endpoint_Management_API_AlertIds
-                case_ids:
-                  $ref: >-
-                    #/components/schemas/Security_Endpoint_Management_API_CaseIds
-                comment:
-                  $ref: >-
-                    #/components/schemas/Security_Endpoint_Management_API_Comment
-                endpoint_ids:
-                  $ref: >-
-                    #/components/schemas/Security_Endpoint_Management_API_EndpointIds
-                parameters:
-                  $ref: >-
-                    #/components/schemas/Security_Endpoint_Management_API_Parameters
-              required:
-                - endpoint_ids
-        required: true
-      responses:
-        '200':
-          content:
-            application/json; Elastic-Api-Version=2023-10-31:
-              schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Management_API_SuccessResponse
-          description: OK
-        '308':
-          description: Permanent Redirect
-          headers:
-            Location:
-              description: Permanently redirects to "/api/endpoint/action/isolate"
-              schema:
-                example: /api/endpoint/action/isolate
-                type: string
-      summary: Isolate an endpoint
-      tags:
-        - Security Endpoint Management API
   /api/endpoint/metadata:
     get:
       operationId: GetEndpointMetadataList
@@ -11323,15 +10131,13 @@ paths:
           name: query
           required: true
           schema:
-            $ref: >-
-              #/components/schemas/Security_Endpoint_Management_API_ListRequestQuery
+            $ref: '#/components/schemas/Security_Endpoint_Management_API_ListRequestQuery'
       responses:
         '200':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Management_API_SuccessResponse
+                $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse'
           description: OK
       summary: Get a metadata list
       tags:
@@ -11350,27 +10156,11 @@ paths:
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Management_API_SuccessResponse
+                $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse'
           description: OK
       summary: Get metadata
       tags:
         - Security Endpoint Management API
-  /api/endpoint/metadata/transforms:
-    get:
-      deprecated: true
-      operationId: GetEndpointMetadataTransform
-      responses:
-        '200':
-          content:
-            application/json; Elastic-Api-Version=2023-10-31:
-              schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Management_API_SuccessResponse
-          description: OK
-      summary: Get metadata transforms
-      tags:
-        - Security Endpoint Management API
   /api/endpoint/policy_response:
     get:
       operationId: GetPolicyResponse
@@ -11388,39 +10178,11 @@ paths:
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Management_API_SuccessResponse
+                $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse'
           description: OK
       summary: Get a policy response
       tags:
         - Security Endpoint Management API
-  /api/endpoint/policy/summaries:
-    get:
-      deprecated: true
-      operationId: GetAgentPolicySummary
-      parameters:
-        - in: query
-          name: query
-          required: true
-          schema:
-            type: object
-            properties:
-              package_name:
-                type: string
-              policy_id:
-                nullable: true
-                type: string
-      responses:
-        '200':
-          content:
-            application/json; Elastic-Api-Version=2023-10-31:
-              schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Management_API_SuccessResponse
-          description: OK
-      summary: Get an agent policy summary
-      tags:
-        - Security Endpoint Management API
   /api/endpoint/protection_updates_note/{package_policy_id}:
     get:
       operationId: GetProtectionUpdatesNote
@@ -11435,8 +10197,7 @@ paths:
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Management_API_ProtectionUpdatesNoteResponse
+                $ref: '#/components/schemas/Security_Endpoint_Management_API_ProtectionUpdatesNoteResponse'
           description: OK
       summary: Get a protection updates note
       tags:
@@ -11463,107 +10224,11 @@ paths:
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Management_API_ProtectionUpdatesNoteResponse
+                $ref: '#/components/schemas/Security_Endpoint_Management_API_ProtectionUpdatesNoteResponse'
           description: OK
       summary: Create or update a protection updates note
       tags:
         - Security Endpoint Management API
-  /api/endpoint/suggestions/{suggestion_type}:
-    post:
-      deprecated: true
-      operationId: GetEndpointSuggestions
-      parameters:
-        - in: path
-          name: suggestion_type
-          required: true
-          schema:
-            enum:
-              - eventFilters
-            type: string
-      requestBody:
-        content:
-          application/json; Elastic-Api-Version=2023-10-31:
-            schema:
-              type: object
-              properties:
-                field:
-                  type: string
-                fieldMeta: {}
-                filters: {}
-                query:
-                  type: string
-              required:
-                - parameters
-        required: true
-      responses:
-        '200':
-          content:
-            application/json; Elastic-Api-Version=2023-10-31:
-              schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Management_API_SuccessResponse
-          description: OK
-      summary: Get suggestions
-      tags:
-        - Security Endpoint Management API
-  /api/endpoint/unisolate:
-    post:
-      deprecated: true
-      description: >
-        Release an isolated endpoint, allowing it to rejoin a network.
-
-        > info
-
-        > This URL will return a 308 permanent redirect to `POST <kibana
-        host>:<port>/api/endpoint/action/unisolate`.
-      operationId: EndpointUnisolateRedirect
-      requestBody:
-        content:
-          application/json; Elastic-Api-Version=2023-10-31:
-            schema:
-              type: object
-              properties:
-                agent_type:
-                  $ref: >-
-                    #/components/schemas/Security_Endpoint_Management_API_AgentTypes
-                alert_ids:
-                  $ref: >-
-                    #/components/schemas/Security_Endpoint_Management_API_AlertIds
-                case_ids:
-                  $ref: >-
-                    #/components/schemas/Security_Endpoint_Management_API_CaseIds
-                comment:
-                  $ref: >-
-                    #/components/schemas/Security_Endpoint_Management_API_Comment
-                endpoint_ids:
-                  $ref: >-
-                    #/components/schemas/Security_Endpoint_Management_API_EndpointIds
-                parameters:
-                  $ref: >-
-                    #/components/schemas/Security_Endpoint_Management_API_Parameters
-              required:
-                - endpoint_ids
-        required: true
-      responses:
-        '200':
-          content:
-            application/json; Elastic-Api-Version=2023-10-31:
-              schema:
-                $ref: >-
-                  #/components/schemas/Security_Endpoint_Management_API_SuccessResponse
-          description: OK
-        '308':
-          description: Permanent Redirect
-          headers:
-            Location:
-              description: Permanently redirects to "/api/endpoint/action/unisolate"
-              schema:
-                example: /api/endpoint/action/unisolate
-                type: string
-      summary: Release an isolated endpoint
-      tags:
-        - Security Endpoint Management API
   /api/entity_store/engines:
     get:
       operationId: ListEntityEngines
@@ -11578,8 +10243,7 @@ paths:
                     type: integer
                   engines:
                     items:
-                      $ref: >-
-                        #/components/schemas/Security_Entity_Analytics_API_EngineDescriptor
+                      $ref: '#/components/schemas/Security_Entity_Analytics_API_EngineDescriptor'
                     type: array
           description: Successful response
       summary: List the Entity Engines
@@ -11628,8 +10292,7 @@ paths:
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Entity_Analytics_API_EngineDescriptor
+                $ref: '#/components/schemas/Security_Entity_Analytics_API_EngineDescriptor'
           description: Successful response
       summary: Get an Entity Engine
       tags:
@@ -11657,8 +10320,7 @@ paths:
                 filter:
                   type: string
                 indexPattern:
-                  $ref: >-
-                    #/components/schemas/Security_Entity_Analytics_API_IndexPattern
+                  $ref: '#/components/schemas/Security_Entity_Analytics_API_IndexPattern'
         description: Schema for the engine initialization
         required: true
       responses:
@@ -11666,8 +10328,7 @@ paths:
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Entity_Analytics_API_EngineDescriptor
+                $ref: '#/components/schemas/Security_Entity_Analytics_API_EngineDescriptor'
           description: Successful response
       summary: Initialize an Entity Engine
       tags:
@@ -11713,22 +10374,19 @@ paths:
                 type: object
                 properties:
                   indexPattern:
-                    $ref: >-
-                      #/components/schemas/Security_Entity_Analytics_API_IndexPattern
+                    $ref: '#/components/schemas/Security_Entity_Analytics_API_IndexPattern'
                   indices:
                     items:
                       type: object
                     type: array
                   status:
-                    $ref: >-
-                      #/components/schemas/Security_Entity_Analytics_API_EngineStatus
+                    $ref: '#/components/schemas/Security_Entity_Analytics_API_EngineStatus'
                   transforms:
                     items:
                       type: object
                     type: array
                   type:
-                    $ref: >-
-                      #/components/schemas/Security_Entity_Analytics_API_EntityType
+                    $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType'
           description: Successful response
       summary: Get Entity Engine stats
       tags:
@@ -11768,8 +10426,7 @@ paths:
                 properties:
                   result:
                     items:
-                      $ref: >-
-                        #/components/schemas/Security_Entity_Analytics_API_EngineDataviewUpdateResult
+                      $ref: '#/components/schemas/Security_Entity_Analytics_API_EngineDataviewUpdateResult'
                     type: array
                   success:
                     type: boolean
@@ -11786,8 +10443,7 @@ paths:
                     type: array
                   result:
                     items:
-                      $ref: >-
-                        #/components/schemas/Security_Entity_Analytics_API_EngineDataviewUpdateResult
+                      $ref: '#/components/schemas/Security_Entity_Analytics_API_EngineDataviewUpdateResult'
                     type: array
                   success:
                     type: boolean
@@ -11858,8 +10514,7 @@ paths:
                 type: object
                 properties:
                   inspect:
-                    $ref: >-
-                      #/components/schemas/Security_Entity_Analytics_API_InspectQuery
+                    $ref: '#/components/schemas/Security_Entity_Analytics_API_InspectQuery'
                   page:
                     minimum: 1
                     type: integer
@@ -11869,8 +10524,7 @@ paths:
                     type: integer
                   records:
                     items:
-                      $ref: >-
-                        #/components/schemas/Security_Entity_Analytics_API_Entity
+                      $ref: '#/components/schemas/Security_Entity_Analytics_API_Entity'
                     type: array
                   total:
                     minimum: 0
@@ -11905,8 +10559,7 @@ paths:
           name: namespace_type
           required: false
           schema:
-            $ref: >-
-              #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType
+            $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType'
             default: single
       responses:
         '200':
@@ -11920,24 +10573,20 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
-                  - $ref: >-
-                      #/components/schemas/Security_Exceptions_API_SiemErrorResponse
+                  - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
+                  - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse'
           description: Invalid input data response
         '401':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
           description: Unsuccessful authentication response
         '403':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
           description: Not enough privileges response
         '404':
           content:
@@ -11974,8 +10623,7 @@ paths:
           name: namespace_type
           required: false
           schema:
-            $ref: >-
-              #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType
+            $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType'
             default: single
       responses:
         '200':
@@ -11989,24 +10637,20 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
-                  - $ref: >-
-                      #/components/schemas/Security_Exceptions_API_SiemErrorResponse
+                  - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
+                  - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse'
           description: Invalid input data response
         '401':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
           description: Unsuccessful authentication response
         '403':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
           description: Not enough privileges response
         '404':
           content:
@@ -12024,19 +10668,10 @@ paths:
       tags:
         - Security Exceptions API
     post:
-      description: >
-        An exception list groups exception items and can be associated with
-        detection rules. You can assign detection rules with multiple exception
-        lists.
-
+      description: |
+        An exception list groups exception items and can be associated with detection rules. You can assign detection rules with multiple exception lists.
         > info
-
-        > All exception items added to the same list are evaluated using `OR`
-        logic. That is, if any of the items in a list evaluate to `true`, the
-        exception prevents the rule from generating an alert. Likewise, `OR`
-        logic is used for evaluating exceptions when more than one exception
-        list is assigned to a rule. To use the `AND` operator, you can define
-        multiple clauses (`entries`) in a single exception item.
+        > All exception items added to the same list are evaluated using `OR` logic. That is, if any of the items in a list evaluate to `true`, the exception prevents the rule from generating an alert. Likewise, `OR` logic is used for evaluating exceptions when more than one exception list is assigned to a rule. To use the `AND` operator, you can define multiple clauses (`entries`) in a single exception item.
       operationId: CreateExceptionList
       requestBody:
         content:
@@ -12045,34 +10680,25 @@ paths:
               type: object
               properties:
                 description:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_ExceptionListDescription
+                  $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListDescription'
                 list_id:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_ExceptionListHumanId
+                  $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId'
                 meta:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_ExceptionListMeta
+                  $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListMeta'
                 name:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_ExceptionListName
+                  $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListName'
                 namespace_type:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType
+                  $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType'
                   default: single
                 os_types:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_ExceptionListOsTypeArray
+                  $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListOsTypeArray'
                 tags:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_ExceptionListTags
+                  $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListTags'
                   default: []
                 type:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_ExceptionListType
+                  $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListType'
                 version:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_ExceptionListVersion
+                  $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListVersion'
                   default: 1
               required:
                 - name
@@ -12092,24 +10718,20 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
-                  - $ref: >-
-                      #/components/schemas/Security_Exceptions_API_SiemErrorResponse
+                  - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
+                  - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse'
           description: Invalid input data response
         '401':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
           description: Unsuccessful authentication response
         '403':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
           description: Not enough privileges response
         '409':
           content:
@@ -12138,36 +10760,27 @@ paths:
                 _version:
                   type: string
                 description:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_ExceptionListDescription
+                  $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListDescription'
                 id:
                   $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId'
                 list_id:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_ExceptionListHumanId
+                  $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId'
                 meta:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_ExceptionListMeta
+                  $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListMeta'
                 name:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_ExceptionListName
+                  $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListName'
                 namespace_type:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType
+                  $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType'
                   default: single
                 os_types:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_ExceptionListOsTypeArray
+                  $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListOsTypeArray'
                   default: []
                 tags:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_ExceptionListTags
+                  $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListTags'
                 type:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_ExceptionListType
+                  $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListType'
                 version:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_ExceptionListVersion
+                  $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListVersion'
               required:
                 - name
                 - description
@@ -12186,24 +10799,20 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
-                  - $ref: >-
-                      #/components/schemas/Security_Exceptions_API_SiemErrorResponse
+                  - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
+                  - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse'
           description: Invalid input data response
         '401':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
           description: Unsuccessful authentication response
         '403':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
           description: Not enough privileges response
         '404':
           content:
@@ -12235,11 +10844,8 @@ paths:
           name: namespace_type
           required: true
           schema:
-            $ref: >-
-              #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType
-        - description: >-
-            Determines whether to include expired exceptions in the exported
-            list
+            $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType'
+        - description: Determines whether to include expired exceptions in the exported list
           in: query
           name: include_expired_exceptions
           required: true
@@ -12261,24 +10867,20 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
-                  - $ref: >-
-                      #/components/schemas/Security_Exceptions_API_SiemErrorResponse
+                  - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
+                  - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse'
           description: Invalid input data response
         '401':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
           description: Unsuccessful authentication response
         '403':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
           description: Not enough privileges response
         '405':
           content:
@@ -12316,11 +10918,8 @@ paths:
           name: namespace_type
           required: true
           schema:
-            $ref: >-
-              #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType
-        - description: >-
-            Determines whether to include expired exceptions in the exported
-            list
+            $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType'
+        - description: Determines whether to include expired exceptions in the exported list
           in: query
           name: include_expired_exceptions
           required: true
@@ -12335,9 +10934,7 @@ paths:
           content:
             application/ndjson; Elastic-Api-Version=2023-10-31:
               schema:
-                description: >-
-                  A `.ndjson` file containing specified exception list and its
-                  items
+                description: A `.ndjson` file containing specified exception list and its items
                 format: binary
                 type: string
           description: Successful response
@@ -12346,24 +10943,20 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
-                  - $ref: >-
-                      #/components/schemas/Security_Exceptions_API_SiemErrorResponse
+                  - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
+                  - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse'
           description: Invalid input data response
         '401':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
           description: Unsuccessful authentication response
         '403':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
           description: Not enough privileges response
         '404':
           content:
@@ -12385,29 +10978,20 @@ paths:
       description: Get a list of all exception lists.
       operationId: FindExceptionLists
       parameters:
-        - description: >
-            Filters the returned results according to the value of the specified
-            field.
-
-
-            Uses the `so type.field name:field` value syntax, where `so type`
-            can be:
+        - description: |
+            Filters the returned results according to the value of the specified field.
 
+            Uses the `so type.field name:field` value syntax, where `so type` can be:
 
             - `exception-list`: Specify a space-aware exception list.
-
-            - `exception-list-agnostic`: Specify an exception list that is
-            shared across spaces.
+            - `exception-list-agnostic`: Specify an exception list that is shared across spaces.
           in: query
           name: filter
           required: false
           schema:
-            $ref: >-
-              #/components/schemas/Security_Exceptions_API_FindExceptionListsFilter
-        - description: >
-            Determines whether the returned containers are Kibana associated
-            with a Kibana space
-
+            $ref: '#/components/schemas/Security_Exceptions_API_FindExceptionListsFilter'
+        - description: |
+            Determines whether the returned containers are Kibana associated with a Kibana space
             or available in all spaces (`agnostic` or `single`)
           in: query
           name: namespace_type
@@ -12416,8 +11000,7 @@ paths:
             default:
               - single
             items:
-              $ref: >-
-                #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType
+              $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType'
             type: array
         - description: The page number to return
           in: query
@@ -12457,8 +11040,7 @@ paths:
                 properties:
                   data:
                     items:
-                      $ref: >-
-                        #/components/schemas/Security_Exceptions_API_ExceptionList
+                      $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList'
                     type: array
                   page:
                     minimum: 1
@@ -12480,24 +11062,20 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
-                  - $ref: >-
-                      #/components/schemas/Security_Exceptions_API_SiemErrorResponse
+                  - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
+                  - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse'
           description: Invalid input data response
         '401':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
           description: Unsuccessful authentication response
         '403':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
           description: Not enough privileges response
         '500':
           content:
@@ -12513,12 +11091,9 @@ paths:
       description: Import an exception list and its associated items from an NDJSON file.
       operationId: ImportExceptionList
       parameters:
-        - description: >
-            Determines whether existing exception lists with the same `list_id`
-            are overwritten.
-
-            If any exception items have the same `item_id`, those are also
-            overwritten.
+        - description: |
+            Determines whether existing exception lists with the same `list_id` are overwritten.
+            If any exception items have the same `item_id`, those are also overwritten.
           in: query
           name: overwrite
           required: false
@@ -12537,13 +11112,9 @@ paths:
           schema:
             default: false
             type: boolean
-        - description: >
-            Determines whether the list being imported will have a new `list_id`
-            generated.
-
-            Additional `item_id`'s are generated for each exception item. Both
-            the exception
-
+        - description: |
+            Determines whether the list being imported will have a new `list_id` generated.
+            Additional `item_id`'s are generated for each exception item. Both the exception
             list and its items are overwritten.
           in: query
           name: as_new_list
@@ -12570,8 +11141,7 @@ paths:
                 type: object
                 properties:
                   errors:
-                    $ref: >-
-                      #/components/schemas/Security_Exceptions_API_ExceptionListsImportBulkErrorArray
+                    $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListsImportBulkErrorArray'
                   success:
                     type: boolean
                   success_count:
@@ -12601,24 +11171,20 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
-                  - $ref: >-
-                      #/components/schemas/Security_Exceptions_API_SiemErrorResponse
+                  - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
+                  - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse'
           description: Invalid input data response
         '401':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
           description: Unsuccessful authentication response
         '403':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
           description: Not enough privileges response
         '500':
           content:
@@ -12645,14 +11211,12 @@ paths:
           name: item_id
           required: false
           schema:
-            $ref: >-
-              #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId
+            $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId'
         - in: query
           name: namespace_type
           required: false
           schema:
-            $ref: >-
-              #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType
+            $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType'
             default: single
       responses:
         '200':
@@ -12666,24 +11230,20 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
-                  - $ref: >-
-                      #/components/schemas/Security_Exceptions_API_SiemErrorResponse
+                  - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
+                  - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse'
           description: Invalid input data response
         '401':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
           description: Unsuccessful authentication response
         '403':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
           description: Not enough privileges response
         '404':
           content:
@@ -12701,9 +11261,7 @@ paths:
       tags:
         - Security Exceptions API
     get:
-      description: >-
-        Get the details of an exception list item using the `id` or `item_id`
-        field.
+      description: Get the details of an exception list item using the `id` or `item_id` field.
       operationId: ReadExceptionListItem
       parameters:
         - description: Either `id` or `item_id` must be specified
@@ -12717,14 +11275,12 @@ paths:
           name: item_id
           required: false
           schema:
-            $ref: >-
-              #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId
+            $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId'
         - in: query
           name: namespace_type
           required: false
           schema:
-            $ref: >-
-              #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType
+            $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType'
             default: single
       responses:
         '200':
@@ -12738,24 +11294,20 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
-                  - $ref: >-
-                      #/components/schemas/Security_Exceptions_API_SiemErrorResponse
+                  - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
+                  - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse'
           description: Invalid input data response
         '401':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
           description: Unsuccessful authentication response
         '403':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
           description: Not enough privileges response
         '404':
           content:
@@ -12773,12 +11325,9 @@ paths:
       tags:
         - Security Exceptions API
     post:
-      description: >
-        Create an exception item and associate it with the specified exception
-        list.
-
+      description: |
+        Create an exception item and associate it with the specified exception list.
         > info
-
         > Before creating exception items, you must create an exception list.
       operationId: CreateExceptionListItem
       requestBody:
@@ -12788,45 +11337,34 @@ paths:
               type: object
               properties:
                 comments:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_CreateExceptionListItemCommentArray
+                  $ref: '#/components/schemas/Security_Exceptions_API_CreateExceptionListItemCommentArray'
                   default: []
                 description:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_ExceptionListItemDescription
+                  $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemDescription'
                 entries:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray
+                  $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray'
                 expire_time:
                   format: date-time
                   type: string
                 item_id:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId
+                  $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId'
                 list_id:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_ExceptionListHumanId
+                  $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId'
                 meta:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_ExceptionListItemMeta
+                  $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemMeta'
                 name:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_ExceptionListItemName
+                  $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemName'
                 namespace_type:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType
+                  $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType'
                   default: single
                 os_types:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_ExceptionListItemOsTypeArray
+                  $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemOsTypeArray'
                   default: []
                 tags:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_ExceptionListItemTags
+                  $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemTags'
                   default: []
                 type:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_ExceptionListItemType
+                  $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemType'
               required:
                 - list_id
                 - type
@@ -12847,24 +11385,20 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
-                  - $ref: >-
-                      #/components/schemas/Security_Exceptions_API_SiemErrorResponse
+                  - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
+                  - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse'
           description: Invalid input data response
         '401':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
           description: Unsuccessful authentication response
         '403':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
           description: Not enough privileges response
         '409':
           content:
@@ -12893,49 +11427,37 @@ paths:
                 _version:
                   type: string
                 comments:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_UpdateExceptionListItemCommentArray
+                  $ref: '#/components/schemas/Security_Exceptions_API_UpdateExceptionListItemCommentArray'
                   default: []
                 description:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_ExceptionListItemDescription
+                  $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemDescription'
                 entries:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray
+                  $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray'
                 expire_time:
                   format: date-time
                   type: string
                 id:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_ExceptionListItemId
+                  $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemId'
                   description: Either `id` or `item_id` must be specified
                 item_id:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId
+                  $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId'
                   description: Either `id` or `item_id` must be specified
                 list_id:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_ExceptionListHumanId
+                  $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId'
                 meta:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_ExceptionListItemMeta
+                  $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemMeta'
                 name:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_ExceptionListItemName
+                  $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemName'
                 namespace_type:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType
+                  $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType'
                   default: single
                 os_types:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_ExceptionListItemOsTypeArray
+                  $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemOsTypeArray'
                   default: []
                 tags:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_ExceptionListItemTags
+                  $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemTags'
                 type:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_ExceptionListItemType
+                  $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemType'
               required:
                 - type
                 - name
@@ -12955,24 +11477,20 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
-                  - $ref: >-
-                      #/components/schemas/Security_Exceptions_API_SiemErrorResponse
+                  - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
+                  - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse'
           description: Invalid input data response
         '401':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
           description: Unsuccessful authentication response
         '403':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
           description: Not enough privileges response
         '404':
           content:
@@ -13000,13 +11518,10 @@ paths:
           required: true
           schema:
             items:
-              $ref: >-
-                #/components/schemas/Security_Exceptions_API_ExceptionListHumanId
+              $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId'
             type: array
-        - description: >
-            Filters the returned results according to the value of the specified
-            field,
-
+        - description: |
+            Filters the returned results according to the value of the specified field,
             using the `<field name>:<field value>` syntax.
           in: query
           name: filter
@@ -13014,13 +11529,10 @@ paths:
           schema:
             default: []
             items:
-              $ref: >-
-                #/components/schemas/Security_Exceptions_API_FindExceptionListItemsFilter
+              $ref: '#/components/schemas/Security_Exceptions_API_FindExceptionListItemsFilter'
             type: array
-        - description: >
-            Determines whether the returned containers are Kibana associated
-            with a Kibana space
-
+        - description: |
+            Determines whether the returned containers are Kibana associated with a Kibana space
             or available in all spaces (`agnostic` or `single`)
           in: query
           name: namespace_type
@@ -13029,8 +11541,7 @@ paths:
             default:
               - single
             items:
-              $ref: >-
-                #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType
+              $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType'
             type: array
         - in: query
           name: search
@@ -13075,8 +11586,7 @@ paths:
                 properties:
                   data:
                     items:
-                      $ref: >-
-                        #/components/schemas/Security_Exceptions_API_ExceptionListItem
+                      $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem'
                     type: array
                   page:
                     minimum: 1
@@ -13100,24 +11610,20 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
-                  - $ref: >-
-                      #/components/schemas/Security_Exceptions_API_SiemErrorResponse
+                  - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
+                  - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse'
           description: Invalid input data response
         '401':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
           description: Unsuccessful authentication response
         '403':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
           description: Not enough privileges response
         '404':
           content:
@@ -13155,8 +11661,7 @@ paths:
           name: namespace_type
           required: false
           schema:
-            $ref: >-
-              #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType
+            $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType'
             default: single
         - description: Search filter clause
           in: query
@@ -13189,24 +11694,20 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
-                  - $ref: >-
-                      #/components/schemas/Security_Exceptions_API_SiemErrorResponse
+                  - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
+                  - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse'
           description: Invalid input data response
         '401':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
           description: Unsuccessful authentication response
         '403':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
           description: Not enough privileges response
         '404':
           content:
@@ -13225,19 +11726,10 @@ paths:
         - Security Exceptions API
   /api/exceptions/shared:
     post:
-      description: >
-        An exception list groups exception items and can be associated with
-        detection rules. A shared exception list can apply to multiple detection
-        rules.
-
+      description: |
+        An exception list groups exception items and can be associated with detection rules. A shared exception list can apply to multiple detection rules.
         > info
-
-        > All exception items added to the same list are evaluated using `OR`
-        logic. That is, if any of the items in a list evaluate to `true`, the
-        exception prevents the rule from generating an alert. Likewise, `OR`
-        logic is used for evaluating exceptions when more than one exception
-        list is assigned to a rule. To use the `AND` operator, you can define
-        multiple clauses (`entries`) in a single exception item.
+        > All exception items added to the same list are evaluated using `OR` logic. That is, if any of the items in a list evaluate to `true`, the exception prevents the rule from generating an alert. Likewise, `OR` logic is used for evaluating exceptions when more than one exception list is assigned to a rule. To use the `AND` operator, you can define multiple clauses (`entries`) in a single exception item.
       operationId: CreateSharedExceptionList
       requestBody:
         content:
@@ -13246,11 +11738,9 @@ paths:
               type: object
               properties:
                 description:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_ExceptionListDescription
+                  $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListDescription'
                 name:
-                  $ref: >-
-                    #/components/schemas/Security_Exceptions_API_ExceptionListName
+                  $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListName'
               required:
                 - name
                 - description
@@ -13267,24 +11757,20 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
-                  - $ref: >-
-                      #/components/schemas/Security_Exceptions_API_SiemErrorResponse
+                  - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
+                  - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse'
           description: Invalid input data response
         '401':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
           description: Unsuccessful authentication response
         '403':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Exceptions_API_PlatformErrorResponse
+                $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse'
           description: Not enough privileges response
         '409':
           content:
@@ -13337,9 +11823,7 @@ paths:
                         name:
                           type: string
                         proxy_id:
-                          description: >-
-                            The ID of the proxy to use for this download source.
-                            See the proxies API for more information.
+                          description: The ID of the proxy to use for this download source. See the proxies API for more information.
                           nullable: true
                           type: string
                       required:
@@ -13413,9 +11897,7 @@ paths:
                 name:
                   type: string
                 proxy_id:
-                  description: >-
-                    The ID of the proxy to use for this download source. See the
-                    proxies API for more information.
+                  description: The ID of the proxy to use for this download source. See the proxies API for more information.
                   nullable: true
                   type: string
               required:
@@ -13444,9 +11926,7 @@ paths:
                       name:
                         type: string
                       proxy_id:
-                        description: >-
-                          The ID of the proxy to use for this download source.
-                          See the proxies API for more information.
+                        description: The ID of the proxy to use for this download source. See the proxies API for more information.
                         nullable: true
                         type: string
                     required:
@@ -13570,9 +12050,7 @@ paths:
                       name:
                         type: string
                       proxy_id:
-                        description: >-
-                          The ID of the proxy to use for this download source.
-                          See the proxies API for more information.
+                        description: The ID of the proxy to use for this download source. See the proxies API for more information.
                         nullable: true
                         type: string
                     required:
@@ -13642,9 +12120,7 @@ paths:
                 name:
                   type: string
                 proxy_id:
-                  description: >-
-                    The ID of the proxy to use for this download source. See the
-                    proxies API for more information.
+                  description: The ID of the proxy to use for this download source. See the proxies API for more information.
                   nullable: true
                   type: string
               required:
@@ -13673,9 +12149,7 @@ paths:
                       name:
                         type: string
                       proxy_id:
-                        description: >-
-                          The ID of the proxy to use for this download source.
-                          See the proxies API for more information.
+                        description: The ID of the proxy to use for this download source. See the proxies API for more information.
                         nullable: true
                         type: string
                     required:
@@ -13832,9 +12306,7 @@ paths:
                           nullable: true
                           type: string
                         global_data_tags:
-                          description: >-
-                            User defined data tags that are added to all of the
-                            inputs. The values can be strings or numbers.
+                          description: User defined data tags that are added to all of the inputs. The values can be strings or numbers.
                           items:
                             additionalProperties: false
                             type: object
@@ -13866,15 +12338,11 @@ paths:
                         is_preconfigured:
                           type: boolean
                         is_protected:
-                          description: >-
-                            Indicates whether the agent policy has tamper
-                            protection enabled. Default false.
+                          description: Indicates whether the agent policy has tamper protection enabled. Default false.
                           type: boolean
                         keep_monitoring_alive:
                           default: false
-                          description: >-
-                            When set to true, monitoring will be enabled but
-                            logs/metrics collection will be disabled
+                          description: When set to true, monitoring will be enabled but logs/metrics collection will be disabled
                           nullable: true
                           type: boolean
                         monitoring_diagnostics:
@@ -13941,11 +12409,7 @@ paths:
                           type: string
                         overrides:
                           additionalProperties: {}
-                          description: >-
-                            Override settings that are defined in the agent
-                            policy. Input settings cannot be overridden. The
-                            override option should be used only in unusual
-                            circumstances and not as a routine procedure.
+                          description: Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure.
                           nullable: true
                           type: object
                         package_policies:
@@ -13953,10 +12417,7 @@ paths:
                             - items:
                                 type: string
                               type: array
-                            - description: >-
-                                This field is present only when retrieving a
-                                single agent policy, or when retrieving a list
-                                of agent policies with the ?full=true parameter
+                            - description: This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter
                               items:
                                 additionalProperties: false
                                 type: object
@@ -14002,9 +12463,7 @@ paths:
                                               value: {}
                                             required:
                                               - value
-                                          description: >-
-                                            Package variable (see integration
-                                            documentation for more information)
+                                          description: Package variable (see integration documentation for more information)
                                           type: object
                                         enabled:
                                           type: boolean
@@ -14032,9 +12491,7 @@ paths:
                                                     value: {}
                                                   required:
                                                     - value
-                                                description: >-
-                                                  Package variable (see integration
-                                                  documentation for more information)
+                                                description: Package variable (see integration documentation for more information)
                                                 type: object
                                               data_stream:
                                                 additionalProperties: false
@@ -14087,9 +12544,7 @@ paths:
                                                     value: {}
                                                   required:
                                                     - value
-                                                description: >-
-                                                  Package variable (see integration
-                                                  documentation for more information)
+                                                description: Package variable (see integration documentation for more information)
                                                 type: object
                                             required:
                                               - enabled
@@ -14110,9 +12565,7 @@ paths:
                                               value: {}
                                             required:
                                               - value
-                                          description: >-
-                                            Package variable (see integration
-                                            documentation for more information)
+                                          description: Package variable (see integration documentation for more information)
                                           type: object
                                       required:
                                         - type
@@ -14126,20 +12579,14 @@ paths:
                                     description: Package policy name (should be unique)
                                     type: string
                                   namespace:
-                                    description: >-
-                                      The package policy namespace. Leave blank
-                                      to inherit the agent policy's namespace.
+                                    description: The package policy namespace. Leave blank to inherit the agent policy's namespace.
                                     type: string
                                   output_id:
                                     nullable: true
                                     type: string
                                   overrides:
                                     additionalProperties: false
-                                    description: >-
-                                      Override settings that are defined in the
-                                      package policy. The override option should
-                                      be used only in unusual circumstances and
-                                      not as a routine procedure.
+                                    description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.
                                     nullable: true
                                     type: object
                                     properties:
@@ -14188,16 +12635,12 @@ paths:
                                       - version
                                   policy_id:
                                     deprecated: true
-                                    description: >-
-                                      Agent policy ID where that package policy
-                                      will be added
+                                    description: Agent policy ID where that package policy will be added
                                     nullable: true
                                     type: string
                                   policy_ids:
                                     items:
-                                      description: >-
-                                        Agent policy IDs where that package
-                                        policy will be added
+                                      description: Agent policy IDs where that package policy will be added
                                       type: string
                                     type: array
                                   revision:
@@ -14228,9 +12671,7 @@ paths:
                                         value: {}
                                       required:
                                         - value
-                                    description: >-
-                                      Package variable (see integration
-                                      documentation for more information)
+                                    description: Package variable (see integration documentation for more information)
                                     type: object
                                   version:
                                     type: string
@@ -14260,9 +12701,7 @@ paths:
                           type: string
                         supports_agentless:
                           default: false
-                          description: >-
-                            Indicates whether the agent policy supports
-                            agentless integrations.
+                          description: Indicates whether the agent policy supports agentless integrations.
                           nullable: true
                           type: boolean
                         unenroll_timeout:
@@ -14391,9 +12830,7 @@ paths:
                 force:
                   type: boolean
                 global_data_tags:
-                  description: >-
-                    User defined data tags that are added to all of the inputs.
-                    The values can be strings or numbers.
+                  description: User defined data tags that are added to all of the inputs. The values can be strings or numbers.
                   items:
                     additionalProperties: false
                     type: object
@@ -14426,9 +12863,7 @@ paths:
                   type: boolean
                 keep_monitoring_alive:
                   default: false
-                  description: >-
-                    When set to true, monitoring will be enabled but
-                    logs/metrics collection will be disabled
+                  description: When set to true, monitoring will be enabled but logs/metrics collection will be disabled
                   nullable: true
                   type: boolean
                 monitoring_diagnostics:
@@ -14495,11 +12930,7 @@ paths:
                   type: string
                 overrides:
                   additionalProperties: {}
-                  description: >-
-                    Override settings that are defined in the agent policy.
-                    Input settings cannot be overridden. The override option
-                    should be used only in unusual circumstances and not as a
-                    routine procedure.
+                  description: Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure.
                   nullable: true
                   type: object
                 space_ids:
@@ -14508,9 +12939,7 @@ paths:
                   type: array
                 supports_agentless:
                   default: false
-                  description: >-
-                    Indicates whether the agent policy supports agentless
-                    integrations.
+                  description: Indicates whether the agent policy supports agentless integrations.
                   nullable: true
                   type: boolean
                 unenroll_timeout:
@@ -14575,9 +13004,7 @@ paths:
                         nullable: true
                         type: string
                       global_data_tags:
-                        description: >-
-                          User defined data tags that are added to all of the
-                          inputs. The values can be strings or numbers.
+                        description: User defined data tags that are added to all of the inputs. The values can be strings or numbers.
                         items:
                           additionalProperties: false
                           type: object
@@ -14609,15 +13036,11 @@ paths:
                       is_preconfigured:
                         type: boolean
                       is_protected:
-                        description: >-
-                          Indicates whether the agent policy has tamper
-                          protection enabled. Default false.
+                        description: Indicates whether the agent policy has tamper protection enabled. Default false.
                         type: boolean
                       keep_monitoring_alive:
                         default: false
-                        description: >-
-                          When set to true, monitoring will be enabled but
-                          logs/metrics collection will be disabled
+                        description: When set to true, monitoring will be enabled but logs/metrics collection will be disabled
                         nullable: true
                         type: boolean
                       monitoring_diagnostics:
@@ -14684,11 +13107,7 @@ paths:
                         type: string
                       overrides:
                         additionalProperties: {}
-                        description: >-
-                          Override settings that are defined in the agent
-                          policy. Input settings cannot be overridden. The
-                          override option should be used only in unusual
-                          circumstances and not as a routine procedure.
+                        description: Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure.
                         nullable: true
                         type: object
                       package_policies:
@@ -14696,10 +13115,7 @@ paths:
                           - items:
                               type: string
                             type: array
-                          - description: >-
-                              This field is present only when retrieving a
-                              single agent policy, or when retrieving a list of
-                              agent policies with the ?full=true parameter
+                          - description: This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter
                             items:
                               additionalProperties: false
                               type: object
@@ -14745,9 +13161,7 @@ paths:
                                             value: {}
                                           required:
                                             - value
-                                        description: >-
-                                          Package variable (see integration
-                                          documentation for more information)
+                                        description: Package variable (see integration documentation for more information)
                                         type: object
                                       enabled:
                                         type: boolean
@@ -14775,9 +13189,7 @@ paths:
                                                   value: {}
                                                 required:
                                                   - value
-                                              description: >-
-                                                Package variable (see integration
-                                                documentation for more information)
+                                              description: Package variable (see integration documentation for more information)
                                               type: object
                                             data_stream:
                                               additionalProperties: false
@@ -14830,9 +13242,7 @@ paths:
                                                   value: {}
                                                 required:
                                                   - value
-                                              description: >-
-                                                Package variable (see integration
-                                                documentation for more information)
+                                              description: Package variable (see integration documentation for more information)
                                               type: object
                                           required:
                                             - enabled
@@ -14853,9 +13263,7 @@ paths:
                                             value: {}
                                           required:
                                             - value
-                                        description: >-
-                                          Package variable (see integration
-                                          documentation for more information)
+                                        description: Package variable (see integration documentation for more information)
                                         type: object
                                     required:
                                       - type
@@ -14869,20 +13277,14 @@ paths:
                                   description: Package policy name (should be unique)
                                   type: string
                                 namespace:
-                                  description: >-
-                                    The package policy namespace. Leave blank to
-                                    inherit the agent policy's namespace.
+                                  description: The package policy namespace. Leave blank to inherit the agent policy's namespace.
                                   type: string
                                 output_id:
                                   nullable: true
                                   type: string
                                 overrides:
                                   additionalProperties: false
-                                  description: >-
-                                    Override settings that are defined in the
-                                    package policy. The override option should
-                                    be used only in unusual circumstances and
-                                    not as a routine procedure.
+                                  description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.
                                   nullable: true
                                   type: object
                                   properties:
@@ -14931,16 +13333,12 @@ paths:
                                     - version
                                 policy_id:
                                   deprecated: true
-                                  description: >-
-                                    Agent policy ID where that package policy
-                                    will be added
+                                  description: Agent policy ID where that package policy will be added
                                   nullable: true
                                   type: string
                                 policy_ids:
                                   items:
-                                    description: >-
-                                      Agent policy IDs where that package policy
-                                      will be added
+                                    description: Agent policy IDs where that package policy will be added
                                     type: string
                                   type: array
                                 revision:
@@ -14971,9 +13369,7 @@ paths:
                                       value: {}
                                     required:
                                       - value
-                                  description: >-
-                                    Package variable (see integration
-                                    documentation for more information)
+                                  description: Package variable (see integration documentation for more information)
                                   type: object
                                 version:
                                   type: string
@@ -15003,9 +13399,7 @@ paths:
                         type: string
                       supports_agentless:
                         default: false
-                        description: >-
-                          Indicates whether the agent policy supports agentless
-                          integrations.
+                        description: Indicates whether the agent policy supports agentless integrations.
                         nullable: true
                         type: boolean
                       unenroll_timeout:
@@ -15153,9 +13547,7 @@ paths:
                           nullable: true
                           type: string
                         global_data_tags:
-                          description: >-
-                            User defined data tags that are added to all of the
-                            inputs. The values can be strings or numbers.
+                          description: User defined data tags that are added to all of the inputs. The values can be strings or numbers.
                           items:
                             additionalProperties: false
                             type: object
@@ -15187,15 +13579,11 @@ paths:
                         is_preconfigured:
                           type: boolean
                         is_protected:
-                          description: >-
-                            Indicates whether the agent policy has tamper
-                            protection enabled. Default false.
+                          description: Indicates whether the agent policy has tamper protection enabled. Default false.
                           type: boolean
                         keep_monitoring_alive:
                           default: false
-                          description: >-
-                            When set to true, monitoring will be enabled but
-                            logs/metrics collection will be disabled
+                          description: When set to true, monitoring will be enabled but logs/metrics collection will be disabled
                           nullable: true
                           type: boolean
                         monitoring_diagnostics:
@@ -15262,11 +13650,7 @@ paths:
                           type: string
                         overrides:
                           additionalProperties: {}
-                          description: >-
-                            Override settings that are defined in the agent
-                            policy. Input settings cannot be overridden. The
-                            override option should be used only in unusual
-                            circumstances and not as a routine procedure.
+                          description: Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure.
                           nullable: true
                           type: object
                         package_policies:
@@ -15274,10 +13658,7 @@ paths:
                             - items:
                                 type: string
                               type: array
-                            - description: >-
-                                This field is present only when retrieving a
-                                single agent policy, or when retrieving a list
-                                of agent policies with the ?full=true parameter
+                            - description: This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter
                               items:
                                 additionalProperties: false
                                 type: object
@@ -15323,9 +13704,7 @@ paths:
                                               value: {}
                                             required:
                                               - value
-                                          description: >-
-                                            Package variable (see integration
-                                            documentation for more information)
+                                          description: Package variable (see integration documentation for more information)
                                           type: object
                                         enabled:
                                           type: boolean
@@ -15353,9 +13732,7 @@ paths:
                                                     value: {}
                                                   required:
                                                     - value
-                                                description: >-
-                                                  Package variable (see integration
-                                                  documentation for more information)
+                                                description: Package variable (see integration documentation for more information)
                                                 type: object
                                               data_stream:
                                                 additionalProperties: false
@@ -15408,9 +13785,7 @@ paths:
                                                     value: {}
                                                   required:
                                                     - value
-                                                description: >-
-                                                  Package variable (see integration
-                                                  documentation for more information)
+                                                description: Package variable (see integration documentation for more information)
                                                 type: object
                                             required:
                                               - enabled
@@ -15431,9 +13806,7 @@ paths:
                                               value: {}
                                             required:
                                               - value
-                                          description: >-
-                                            Package variable (see integration
-                                            documentation for more information)
+                                          description: Package variable (see integration documentation for more information)
                                           type: object
                                       required:
                                         - type
@@ -15447,20 +13820,14 @@ paths:
                                     description: Package policy name (should be unique)
                                     type: string
                                   namespace:
-                                    description: >-
-                                      The package policy namespace. Leave blank
-                                      to inherit the agent policy's namespace.
+                                    description: The package policy namespace. Leave blank to inherit the agent policy's namespace.
                                     type: string
                                   output_id:
                                     nullable: true
                                     type: string
                                   overrides:
                                     additionalProperties: false
-                                    description: >-
-                                      Override settings that are defined in the
-                                      package policy. The override option should
-                                      be used only in unusual circumstances and
-                                      not as a routine procedure.
+                                    description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.
                                     nullable: true
                                     type: object
                                     properties:
@@ -15509,16 +13876,12 @@ paths:
                                       - version
                                   policy_id:
                                     deprecated: true
-                                    description: >-
-                                      Agent policy ID where that package policy
-                                      will be added
+                                    description: Agent policy ID where that package policy will be added
                                     nullable: true
                                     type: string
                                   policy_ids:
                                     items:
-                                      description: >-
-                                        Agent policy IDs where that package
-                                        policy will be added
+                                      description: Agent policy IDs where that package policy will be added
                                       type: string
                                     type: array
                                   revision:
@@ -15549,9 +13912,7 @@ paths:
                                         value: {}
                                       required:
                                         - value
-                                    description: >-
-                                      Package variable (see integration
-                                      documentation for more information)
+                                    description: Package variable (see integration documentation for more information)
                                     type: object
                                   version:
                                     type: string
@@ -15581,9 +13942,7 @@ paths:
                           type: string
                         supports_agentless:
                           default: false
-                          description: >-
-                            Indicates whether the agent policy supports
-                            agentless integrations.
+                          description: Indicates whether the agent policy supports agentless integrations.
                           nullable: true
                           type: boolean
                         unenroll_timeout:
@@ -15711,9 +14070,7 @@ paths:
                         nullable: true
                         type: string
                       global_data_tags:
-                        description: >-
-                          User defined data tags that are added to all of the
-                          inputs. The values can be strings or numbers.
+                        description: User defined data tags that are added to all of the inputs. The values can be strings or numbers.
                         items:
                           additionalProperties: false
                           type: object
@@ -15745,15 +14102,11 @@ paths:
                       is_preconfigured:
                         type: boolean
                       is_protected:
-                        description: >-
-                          Indicates whether the agent policy has tamper
-                          protection enabled. Default false.
+                        description: Indicates whether the agent policy has tamper protection enabled. Default false.
                         type: boolean
                       keep_monitoring_alive:
                         default: false
-                        description: >-
-                          When set to true, monitoring will be enabled but
-                          logs/metrics collection will be disabled
+                        description: When set to true, monitoring will be enabled but logs/metrics collection will be disabled
                         nullable: true
                         type: boolean
                       monitoring_diagnostics:
@@ -15820,11 +14173,7 @@ paths:
                         type: string
                       overrides:
                         additionalProperties: {}
-                        description: >-
-                          Override settings that are defined in the agent
-                          policy. Input settings cannot be overridden. The
-                          override option should be used only in unusual
-                          circumstances and not as a routine procedure.
+                        description: Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure.
                         nullable: true
                         type: object
                       package_policies:
@@ -15832,10 +14181,7 @@ paths:
                           - items:
                               type: string
                             type: array
-                          - description: >-
-                              This field is present only when retrieving a
-                              single agent policy, or when retrieving a list of
-                              agent policies with the ?full=true parameter
+                          - description: This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter
                             items:
                               additionalProperties: false
                               type: object
@@ -15881,9 +14227,7 @@ paths:
                                             value: {}
                                           required:
                                             - value
-                                        description: >-
-                                          Package variable (see integration
-                                          documentation for more information)
+                                        description: Package variable (see integration documentation for more information)
                                         type: object
                                       enabled:
                                         type: boolean
@@ -15911,9 +14255,7 @@ paths:
                                                   value: {}
                                                 required:
                                                   - value
-                                              description: >-
-                                                Package variable (see integration
-                                                documentation for more information)
+                                              description: Package variable (see integration documentation for more information)
                                               type: object
                                             data_stream:
                                               additionalProperties: false
@@ -15966,9 +14308,7 @@ paths:
                                                   value: {}
                                                 required:
                                                   - value
-                                              description: >-
-                                                Package variable (see integration
-                                                documentation for more information)
+                                              description: Package variable (see integration documentation for more information)
                                               type: object
                                           required:
                                             - enabled
@@ -15989,9 +14329,7 @@ paths:
                                             value: {}
                                           required:
                                             - value
-                                        description: >-
-                                          Package variable (see integration
-                                          documentation for more information)
+                                        description: Package variable (see integration documentation for more information)
                                         type: object
                                     required:
                                       - type
@@ -16005,20 +14343,14 @@ paths:
                                   description: Package policy name (should be unique)
                                   type: string
                                 namespace:
-                                  description: >-
-                                    The package policy namespace. Leave blank to
-                                    inherit the agent policy's namespace.
+                                  description: The package policy namespace. Leave blank to inherit the agent policy's namespace.
                                   type: string
                                 output_id:
                                   nullable: true
                                   type: string
                                 overrides:
                                   additionalProperties: false
-                                  description: >-
-                                    Override settings that are defined in the
-                                    package policy. The override option should
-                                    be used only in unusual circumstances and
-                                    not as a routine procedure.
+                                  description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.
                                   nullable: true
                                   type: object
                                   properties:
@@ -16067,16 +14399,12 @@ paths:
                                     - version
                                 policy_id:
                                   deprecated: true
-                                  description: >-
-                                    Agent policy ID where that package policy
-                                    will be added
+                                  description: Agent policy ID where that package policy will be added
                                   nullable: true
                                   type: string
                                 policy_ids:
                                   items:
-                                    description: >-
-                                      Agent policy IDs where that package policy
-                                      will be added
+                                    description: Agent policy IDs where that package policy will be added
                                     type: string
                                   type: array
                                 revision:
@@ -16107,9 +14435,7 @@ paths:
                                       value: {}
                                     required:
                                       - value
-                                  description: >-
-                                    Package variable (see integration
-                                    documentation for more information)
+                                  description: Package variable (see integration documentation for more information)
                                   type: object
                                 version:
                                   type: string
@@ -16139,9 +14465,7 @@ paths:
                         type: string
                       supports_agentless:
                         default: false
-                        description: >-
-                          Indicates whether the agent policy supports agentless
-                          integrations.
+                        description: Indicates whether the agent policy supports agentless integrations.
                         nullable: true
                         type: boolean
                       unenroll_timeout:
@@ -16269,9 +14593,7 @@ paths:
                 force:
                   type: boolean
                 global_data_tags:
-                  description: >-
-                    User defined data tags that are added to all of the inputs.
-                    The values can be strings or numbers.
+                  description: User defined data tags that are added to all of the inputs. The values can be strings or numbers.
                   items:
                     additionalProperties: false
                     type: object
@@ -16304,9 +14626,7 @@ paths:
                   type: boolean
                 keep_monitoring_alive:
                   default: false
-                  description: >-
-                    When set to true, monitoring will be enabled but
-                    logs/metrics collection will be disabled
+                  description: When set to true, monitoring will be enabled but logs/metrics collection will be disabled
                   nullable: true
                   type: boolean
                 monitoring_diagnostics:
@@ -16373,11 +14693,7 @@ paths:
                   type: string
                 overrides:
                   additionalProperties: {}
-                  description: >-
-                    Override settings that are defined in the agent policy.
-                    Input settings cannot be overridden. The override option
-                    should be used only in unusual circumstances and not as a
-                    routine procedure.
+                  description: Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure.
                   nullable: true
                   type: object
                 space_ids:
@@ -16386,9 +14702,7 @@ paths:
                   type: array
                 supports_agentless:
                   default: false
-                  description: >-
-                    Indicates whether the agent policy supports agentless
-                    integrations.
+                  description: Indicates whether the agent policy supports agentless integrations.
                   nullable: true
                   type: boolean
                 unenroll_timeout:
@@ -16453,9 +14767,7 @@ paths:
                         nullable: true
                         type: string
                       global_data_tags:
-                        description: >-
-                          User defined data tags that are added to all of the
-                          inputs. The values can be strings or numbers.
+                        description: User defined data tags that are added to all of the inputs. The values can be strings or numbers.
                         items:
                           additionalProperties: false
                           type: object
@@ -16487,15 +14799,11 @@ paths:
                       is_preconfigured:
                         type: boolean
                       is_protected:
-                        description: >-
-                          Indicates whether the agent policy has tamper
-                          protection enabled. Default false.
+                        description: Indicates whether the agent policy has tamper protection enabled. Default false.
                         type: boolean
                       keep_monitoring_alive:
                         default: false
-                        description: >-
-                          When set to true, monitoring will be enabled but
-                          logs/metrics collection will be disabled
+                        description: When set to true, monitoring will be enabled but logs/metrics collection will be disabled
                         nullable: true
                         type: boolean
                       monitoring_diagnostics:
@@ -16562,11 +14870,7 @@ paths:
                         type: string
                       overrides:
                         additionalProperties: {}
-                        description: >-
-                          Override settings that are defined in the agent
-                          policy. Input settings cannot be overridden. The
-                          override option should be used only in unusual
-                          circumstances and not as a routine procedure.
+                        description: Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure.
                         nullable: true
                         type: object
                       package_policies:
@@ -16574,10 +14878,7 @@ paths:
                           - items:
                               type: string
                             type: array
-                          - description: >-
-                              This field is present only when retrieving a
-                              single agent policy, or when retrieving a list of
-                              agent policies with the ?full=true parameter
+                          - description: This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter
                             items:
                               additionalProperties: false
                               type: object
@@ -16623,9 +14924,7 @@ paths:
                                             value: {}
                                           required:
                                             - value
-                                        description: >-
-                                          Package variable (see integration
-                                          documentation for more information)
+                                        description: Package variable (see integration documentation for more information)
                                         type: object
                                       enabled:
                                         type: boolean
@@ -16653,9 +14952,7 @@ paths:
                                                   value: {}
                                                 required:
                                                   - value
-                                              description: >-
-                                                Package variable (see integration
-                                                documentation for more information)
+                                              description: Package variable (see integration documentation for more information)
                                               type: object
                                             data_stream:
                                               additionalProperties: false
@@ -16708,9 +15005,7 @@ paths:
                                                   value: {}
                                                 required:
                                                   - value
-                                              description: >-
-                                                Package variable (see integration
-                                                documentation for more information)
+                                              description: Package variable (see integration documentation for more information)
                                               type: object
                                           required:
                                             - enabled
@@ -16731,9 +15026,7 @@ paths:
                                             value: {}
                                           required:
                                             - value
-                                        description: >-
-                                          Package variable (see integration
-                                          documentation for more information)
+                                        description: Package variable (see integration documentation for more information)
                                         type: object
                                     required:
                                       - type
@@ -16747,20 +15040,14 @@ paths:
                                   description: Package policy name (should be unique)
                                   type: string
                                 namespace:
-                                  description: >-
-                                    The package policy namespace. Leave blank to
-                                    inherit the agent policy's namespace.
+                                  description: The package policy namespace. Leave blank to inherit the agent policy's namespace.
                                   type: string
                                 output_id:
                                   nullable: true
                                   type: string
                                 overrides:
                                   additionalProperties: false
-                                  description: >-
-                                    Override settings that are defined in the
-                                    package policy. The override option should
-                                    be used only in unusual circumstances and
-                                    not as a routine procedure.
+                                  description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.
                                   nullable: true
                                   type: object
                                   properties:
@@ -16809,16 +15096,12 @@ paths:
                                     - version
                                 policy_id:
                                   deprecated: true
-                                  description: >-
-                                    Agent policy ID where that package policy
-                                    will be added
+                                  description: Agent policy ID where that package policy will be added
                                   nullable: true
                                   type: string
                                 policy_ids:
                                   items:
-                                    description: >-
-                                      Agent policy IDs where that package policy
-                                      will be added
+                                    description: Agent policy IDs where that package policy will be added
                                     type: string
                                   type: array
                                 revision:
@@ -16849,9 +15132,7 @@ paths:
                                       value: {}
                                     required:
                                       - value
-                                  description: >-
-                                    Package variable (see integration
-                                    documentation for more information)
+                                  description: Package variable (see integration documentation for more information)
                                   type: object
                                 version:
                                   type: string
@@ -16881,9 +15162,7 @@ paths:
                         type: string
                       supports_agentless:
                         default: false
-                        description: >-
-                          Indicates whether the agent policy supports agentless
-                          integrations.
+                        description: Indicates whether the agent policy supports agentless integrations.
                         nullable: true
                         type: boolean
                       unenroll_timeout:
@@ -17031,9 +15310,7 @@ paths:
                         nullable: true
                         type: string
                       global_data_tags:
-                        description: >-
-                          User defined data tags that are added to all of the
-                          inputs. The values can be strings or numbers.
+                        description: User defined data tags that are added to all of the inputs. The values can be strings or numbers.
                         items:
                           additionalProperties: false
                           type: object
@@ -17065,15 +15342,11 @@ paths:
                       is_preconfigured:
                         type: boolean
                       is_protected:
-                        description: >-
-                          Indicates whether the agent policy has tamper
-                          protection enabled. Default false.
+                        description: Indicates whether the agent policy has tamper protection enabled. Default false.
                         type: boolean
                       keep_monitoring_alive:
                         default: false
-                        description: >-
-                          When set to true, monitoring will be enabled but
-                          logs/metrics collection will be disabled
+                        description: When set to true, monitoring will be enabled but logs/metrics collection will be disabled
                         nullable: true
                         type: boolean
                       monitoring_diagnostics:
@@ -17140,11 +15413,7 @@ paths:
                         type: string
                       overrides:
                         additionalProperties: {}
-                        description: >-
-                          Override settings that are defined in the agent
-                          policy. Input settings cannot be overridden. The
-                          override option should be used only in unusual
-                          circumstances and not as a routine procedure.
+                        description: Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure.
                         nullable: true
                         type: object
                       package_policies:
@@ -17152,10 +15421,7 @@ paths:
                           - items:
                               type: string
                             type: array
-                          - description: >-
-                              This field is present only when retrieving a
-                              single agent policy, or when retrieving a list of
-                              agent policies with the ?full=true parameter
+                          - description: This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter
                             items:
                               additionalProperties: false
                               type: object
@@ -17201,9 +15467,7 @@ paths:
                                             value: {}
                                           required:
                                             - value
-                                        description: >-
-                                          Package variable (see integration
-                                          documentation for more information)
+                                        description: Package variable (see integration documentation for more information)
                                         type: object
                                       enabled:
                                         type: boolean
@@ -17231,9 +15495,7 @@ paths:
                                                   value: {}
                                                 required:
                                                   - value
-                                              description: >-
-                                                Package variable (see integration
-                                                documentation for more information)
+                                              description: Package variable (see integration documentation for more information)
                                               type: object
                                             data_stream:
                                               additionalProperties: false
@@ -17286,9 +15548,7 @@ paths:
                                                   value: {}
                                                 required:
                                                   - value
-                                              description: >-
-                                                Package variable (see integration
-                                                documentation for more information)
+                                              description: Package variable (see integration documentation for more information)
                                               type: object
                                           required:
                                             - enabled
@@ -17309,9 +15569,7 @@ paths:
                                             value: {}
                                           required:
                                             - value
-                                        description: >-
-                                          Package variable (see integration
-                                          documentation for more information)
+                                        description: Package variable (see integration documentation for more information)
                                         type: object
                                     required:
                                       - type
@@ -17325,20 +15583,14 @@ paths:
                                   description: Package policy name (should be unique)
                                   type: string
                                 namespace:
-                                  description: >-
-                                    The package policy namespace. Leave blank to
-                                    inherit the agent policy's namespace.
+                                  description: The package policy namespace. Leave blank to inherit the agent policy's namespace.
                                   type: string
                                 output_id:
                                   nullable: true
                                   type: string
                                 overrides:
                                   additionalProperties: false
-                                  description: >-
-                                    Override settings that are defined in the
-                                    package policy. The override option should
-                                    be used only in unusual circumstances and
-                                    not as a routine procedure.
+                                  description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.
                                   nullable: true
                                   type: object
                                   properties:
@@ -17387,16 +15639,12 @@ paths:
                                     - version
                                 policy_id:
                                   deprecated: true
-                                  description: >-
-                                    Agent policy ID where that package policy
-                                    will be added
+                                  description: Agent policy ID where that package policy will be added
                                   nullable: true
                                   type: string
                                 policy_ids:
                                   items:
-                                    description: >-
-                                      Agent policy IDs where that package policy
-                                      will be added
+                                    description: Agent policy IDs where that package policy will be added
                                     type: string
                                   type: array
                                 revision:
@@ -17427,9 +15675,7 @@ paths:
                                       value: {}
                                     required:
                                       - value
-                                  description: >-
-                                    Package variable (see integration
-                                    documentation for more information)
+                                  description: Package variable (see integration documentation for more information)
                                   type: object
                                 version:
                                   type: string
@@ -17459,9 +15705,7 @@ paths:
                         type: string
                       supports_agentless:
                         default: false
-                        description: >-
-                          Indicates whether the agent policy supports agentless
-                          integrations.
+                        description: Indicates whether the agent policy supports agentless integrations.
                         nullable: true
                         type: boolean
                       unenroll_timeout:
@@ -18046,9 +16290,7 @@ paths:
                 agentPolicyId:
                   type: string
                 force:
-                  description: >-
-                    bypass validation checks that can prevent agent policy
-                    deletion
+                  description: bypass validation checks that can prevent agent policy deletion
                   type: boolean
               required:
                 - agentPolicyId
@@ -20086,9 +18328,7 @@ paths:
                         latestErrors:
                           items:
                             additionalProperties: false
-                            description: >-
-                              latest errors that happened when the agents
-                              executed the action
+                            description: latest errors that happened when the agents executed the action
                             type: object
                             properties:
                               agentId:
@@ -20509,9 +18749,7 @@ paths:
                   description: Unenrolls hosted agents too
                   type: boolean
                 includeInactive:
-                  description: >-
-                    When passing agents by KQL query, unenrolls inactive agents
-                    too
+                  description: When passing agents by KQL query, unenrolls inactive agents too
                   type: boolean
                 revoke:
                   description: Revokes API keys of agents
@@ -20836,10 +19074,7 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 additionalProperties: false
-                description: >-
-                  A summary of the agent setup status. `isReady` indicates
-                  whether the setup is ready. If the setup is not ready,
-                  `missing_requirements` lists which requirements are missing.
+                description: A summary of the agent setup status. `isReady` indicates whether the setup is ready. If the setup is not ready, `missing_requirements` lists which requirements are missing.
                 type: object
                 properties:
                   is_secrets_storage_enabled:
@@ -20913,11 +19148,7 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 additionalProperties: false
-                description: >-
-                  A summary of the result of Fleet's `setup` lifecycle. If
-                  `isInitialized` is true, Fleet is ready to accept agent
-                  enrollment. `nonFatalErrors` may include useful insight into
-                  non-blocking issues with Fleet setup.
+                description: A summary of the result of Fleet's `setup` lifecycle. If `isInitialized` is true, Fleet is ready to accept agent enrollment. `nonFatalErrors` may include useful insight into non-blocking issues with Fleet setup.
                 type: object
                 properties:
                   isInitialized:
@@ -21214,14 +19445,10 @@ paths:
                       type: object
                       properties:
                         active:
-                          description: >-
-                            When false, the enrollment API key is revoked and
-                            cannot be used for enrolling Elastic Agents.
+                          description: When false, the enrollment API key is revoked and cannot be used for enrolling Elastic Agents.
                           type: boolean
                         api_key:
-                          description: >-
-                            The enrollment API key (token) used for enrolling
-                            Elastic Agents.
+                          description: The enrollment API key (token) used for enrolling Elastic Agents.
                           type: string
                         api_key_id:
                           description: The ID of the API key in the Security API.
@@ -21234,9 +19461,7 @@ paths:
                           description: The name of the enrollment API key.
                           type: string
                         policy_id:
-                          description: >-
-                            The ID of the agent policy the Elastic Agent will be
-                            enrolled in.
+                          description: The ID of the agent policy the Elastic Agent will be enrolled in.
                           type: string
                       required:
                         - id
@@ -21325,14 +19550,10 @@ paths:
                     type: object
                     properties:
                       active:
-                        description: >-
-                          When false, the enrollment API key is revoked and
-                          cannot be used for enrolling Elastic Agents.
+                        description: When false, the enrollment API key is revoked and cannot be used for enrolling Elastic Agents.
                         type: boolean
                       api_key:
-                        description: >-
-                          The enrollment API key (token) used for enrolling
-                          Elastic Agents.
+                        description: The enrollment API key (token) used for enrolling Elastic Agents.
                         type: string
                       api_key_id:
                         description: The ID of the API key in the Security API.
@@ -21345,9 +19566,7 @@ paths:
                         description: The name of the enrollment API key.
                         type: string
                       policy_id:
-                        description: >-
-                          The ID of the agent policy the Elastic Agent will be
-                          enrolled in.
+                        description: The ID of the agent policy the Elastic Agent will be enrolled in.
                         type: string
                     required:
                       - id
@@ -21465,14 +19684,10 @@ paths:
                     type: object
                     properties:
                       active:
-                        description: >-
-                          When false, the enrollment API key is revoked and
-                          cannot be used for enrolling Elastic Agents.
+                        description: When false, the enrollment API key is revoked and cannot be used for enrolling Elastic Agents.
                         type: boolean
                       api_key:
-                        description: >-
-                          The enrollment API key (token) used for enrolling
-                          Elastic Agents.
+                        description: The enrollment API key (token) used for enrolling Elastic Agents.
                         type: string
                       api_key_id:
                         description: The ID of the API key in the Security API.
@@ -21485,9 +19700,7 @@ paths:
                         description: The name of the enrollment API key.
                         type: string
                       policy_id:
-                        description: >-
-                          The ID of the agent policy the Elastic Agent will be
-                          enrolled in.
+                        description: The ID of the agent policy the Elastic Agent will be enrolled in.
                         type: string
                     required:
                       - id
@@ -29635,9 +27848,7 @@ paths:
                                         value: {}
                                       required:
                                         - value
-                                    description: >-
-                                      Package variable (see integration
-                                      documentation for more information)
+                                    description: Package variable (see integration documentation for more information)
                                     type: object
                                   enabled:
                                     type: boolean
@@ -29665,9 +27876,7 @@ paths:
                                               value: {}
                                             required:
                                               - value
-                                          description: >-
-                                            Package variable (see integration
-                                            documentation for more information)
+                                          description: Package variable (see integration documentation for more information)
                                           type: object
                                         data_stream:
                                           additionalProperties: false
@@ -29720,9 +27929,7 @@ paths:
                                               value: {}
                                             required:
                                               - value
-                                          description: >-
-                                            Package variable (see integration
-                                            documentation for more information)
+                                          description: Package variable (see integration documentation for more information)
                                           type: object
                                       required:
                                         - enabled
@@ -29743,9 +27950,7 @@ paths:
                                         value: {}
                                       required:
                                         - value
-                                    description: >-
-                                      Package variable (see integration
-                                      documentation for more information)
+                                    description: Package variable (see integration documentation for more information)
                                     type: object
                                 required:
                                   - type
@@ -29758,9 +27963,7 @@ paths:
                                 type: object
                                 properties:
                                   enabled:
-                                    description: >-
-                                      enable or disable that input, (default to
-                                      true)
+                                    description: enable or disable that input, (default to true)
                                     type: boolean
                                   streams:
                                     additionalProperties:
@@ -29768,9 +27971,7 @@ paths:
                                       type: object
                                       properties:
                                         enabled:
-                                          description: >-
-                                            enable or disable that stream, (default
-                                            to true)
+                                          description: enable or disable that stream, (default to true)
                                           type: boolean
                                         vars:
                                           additionalProperties:
@@ -29795,15 +27996,9 @@ paths:
                                                   - id
                                                   - isSecretRef
                                             nullable: true
-                                          description: >-
-                                            Input/stream level variable (see
-                                            integration documentation for more
-                                            information)
+                                          description: Input/stream level variable (see integration documentation for more information)
                                           type: object
-                                    description: >-
-                                      Input streams (see integration
-                                      documentation to know what streams are
-                                      available)
+                                    description: Input streams (see integration documentation to know what streams are available)
                                     type: object
                                   vars:
                                     additionalProperties:
@@ -29828,14 +28023,9 @@ paths:
                                             - id
                                             - isSecretRef
                                       nullable: true
-                                    description: >-
-                                      Input/stream level variable (see
-                                      integration documentation for more
-                                      information)
+                                    description: Input/stream level variable (see integration documentation for more information)
                                     type: object
-                              description: >-
-                                Package policy inputs (see integration
-                                documentation to know what inputs are available)
+                              description: Package policy inputs (see integration documentation to know what inputs are available)
                               type: object
                               x-oas-optional: true
                         is_managed:
@@ -29844,20 +28034,14 @@ paths:
                           description: Package policy name (should be unique)
                           type: string
                         namespace:
-                          description: >-
-                            The package policy namespace. Leave blank to inherit
-                            the agent policy's namespace.
+                          description: The package policy namespace. Leave blank to inherit the agent policy's namespace.
                           type: string
                         output_id:
                           nullable: true
                           type: string
                         overrides:
                           additionalProperties: false
-                          description: >-
-                            Override settings that are defined in the package
-                            policy. The override option should be used only in
-                            unusual circumstances and not as a routine
-                            procedure.
+                          description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.
                           nullable: true
                           type: object
                           properties:
@@ -29906,16 +28090,12 @@ paths:
                             - version
                         policy_id:
                           deprecated: true
-                          description: >-
-                            Agent policy ID where that package policy will be
-                            added
+                          description: Agent policy ID where that package policy will be added
                           nullable: true
                           type: string
                         policy_ids:
                           items:
-                            description: >-
-                              Agent policy IDs where that package policy will be
-                              added
+                            description: Agent policy IDs where that package policy will be added
                             type: string
                           type: array
                         revision:
@@ -29951,9 +28131,7 @@ paths:
                                   value: {}
                                 required:
                                   - value
-                              description: >-
-                                Package variable (see integration documentation
-                                for more information)
+                              description: Package variable (see integration documentation for more information)
                               type: object
                             - additionalProperties:
                                 anyOf:
@@ -29977,9 +28155,7 @@ paths:
                                       - id
                                       - isSecretRef
                                 nullable: true
-                              description: >-
-                                Input/stream level variable (see integration
-                                documentation for more information)
+                              description: Input/stream level variable (see integration documentation for more information)
                               type: object
                               x-oas-optional: true
                         version:
@@ -30065,9 +28241,7 @@ paths:
                     enabled:
                       type: boolean
                     force:
-                      description: >-
-                        Force package policy creation even if package is not
-                        verified, or if the agent policy is managed.
+                      description: Force package policy creation even if package is not verified, or if the agent policy is managed.
                       type: boolean
                     id:
                       description: Package policy unique identifier
@@ -30089,9 +28263,7 @@ paths:
                                 value: {}
                               required:
                                 - value
-                            description: >-
-                              Package variable (see integration documentation
-                              for more information)
+                            description: Package variable (see integration documentation for more information)
                             type: object
                           enabled:
                             type: boolean
@@ -30119,9 +28291,7 @@ paths:
                                       value: {}
                                     required:
                                       - value
-                                  description: >-
-                                    Package variable (see integration
-                                    documentation for more information)
+                                  description: Package variable (see integration documentation for more information)
                                   type: object
                                 data_stream:
                                   additionalProperties: false
@@ -30174,9 +28344,7 @@ paths:
                                       value: {}
                                     required:
                                       - value
-                                  description: >-
-                                    Package variable (see integration
-                                    documentation for more information)
+                                  description: Package variable (see integration documentation for more information)
                                   type: object
                               required:
                                 - enabled
@@ -30197,9 +28365,7 @@ paths:
                                 value: {}
                               required:
                                 - value
-                            description: >-
-                              Package variable (see integration documentation
-                              for more information)
+                            description: Package variable (see integration documentation for more information)
                             type: object
                         required:
                           - type
@@ -30211,19 +28377,14 @@ paths:
                       description: Package policy name (should be unique)
                       type: string
                     namespace:
-                      description: >-
-                        The package policy namespace. Leave blank to inherit the
-                        agent policy's namespace.
+                      description: The package policy namespace. Leave blank to inherit the agent policy's namespace.
                       type: string
                     output_id:
                       nullable: true
                       type: string
                     overrides:
                       additionalProperties: false
-                      description: >-
-                        Override settings that are defined in the package
-                        policy. The override option should be used only in
-                        unusual circumstances and not as a routine procedure.
+                      description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.
                       nullable: true
                       type: object
                       properties:
@@ -30277,9 +28438,7 @@ paths:
                       type: string
                     policy_ids:
                       items:
-                        description: >-
-                          Agent policy IDs where that package policy will be
-                          added
+                        description: Agent policy IDs where that package policy will be added
                         type: string
                       type: array
                     vars:
@@ -30294,9 +28453,7 @@ paths:
                           value: {}
                         required:
                           - value
-                      description: >-
-                        Package variable (see integration documentation for more
-                        information)
+                      description: Package variable (see integration documentation for more information)
                       type: object
                   required:
                     - name
@@ -30324,9 +28481,7 @@ paths:
                               type: object
                               properties:
                                 enabled:
-                                  description: >-
-                                    enable or disable that stream, (default to
-                                    true)
+                                  description: enable or disable that stream, (default to true)
                                   type: boolean
                                 vars:
                                   additionalProperties:
@@ -30351,13 +28506,9 @@ paths:
                                           - id
                                           - isSecretRef
                                     nullable: true
-                                  description: >-
-                                    Input/stream level variable (see integration
-                                    documentation for more information)
+                                  description: Input/stream level variable (see integration documentation for more information)
                                   type: object
-                            description: >-
-                              Input streams (see integration documentation to
-                              know what streams are available)
+                            description: Input streams (see integration documentation to know what streams are available)
                             type: object
                           vars:
                             additionalProperties:
@@ -30382,13 +28533,9 @@ paths:
                                     - id
                                     - isSecretRef
                               nullable: true
-                            description: >-
-                              Input/stream level variable (see integration
-                              documentation for more information)
+                            description: Input/stream level variable (see integration documentation for more information)
                             type: object
-                      description: >-
-                        Package policy inputs (see integration documentation to
-                        know what inputs are available)
+                      description: Package policy inputs (see integration documentation to know what inputs are available)
                       type: object
                     name:
                       type: string
@@ -30467,16 +28614,12 @@ paths:
                               - id
                               - isSecretRef
                         nullable: true
-                      description: >-
-                        Input/stream level variable (see integration
-                        documentation for more information)
+                      description: Input/stream level variable (see integration documentation for more information)
                       type: object
                   required:
                     - name
                     - package
-              description: >-
-                You should use inputs as an object and not use the deprecated
-                inputs array.
+              description: You should use inputs as an object and not use the deprecated inputs array.
       responses:
         '200':
           content:
@@ -30533,9 +28676,7 @@ paths:
                                       value: {}
                                     required:
                                       - value
-                                  description: >-
-                                    Package variable (see integration
-                                    documentation for more information)
+                                  description: Package variable (see integration documentation for more information)
                                   type: object
                                 enabled:
                                   type: boolean
@@ -30563,9 +28704,7 @@ paths:
                                             value: {}
                                           required:
                                             - value
-                                        description: >-
-                                          Package variable (see integration
-                                          documentation for more information)
+                                        description: Package variable (see integration documentation for more information)
                                         type: object
                                       data_stream:
                                         additionalProperties: false
@@ -30618,9 +28757,7 @@ paths:
                                             value: {}
                                           required:
                                             - value
-                                        description: >-
-                                          Package variable (see integration
-                                          documentation for more information)
+                                        description: Package variable (see integration documentation for more information)
                                         type: object
                                     required:
                                       - enabled
@@ -30641,9 +28778,7 @@ paths:
                                       value: {}
                                     required:
                                       - value
-                                  description: >-
-                                    Package variable (see integration
-                                    documentation for more information)
+                                  description: Package variable (see integration documentation for more information)
                                   type: object
                               required:
                                 - type
@@ -30656,9 +28791,7 @@ paths:
                               type: object
                               properties:
                                 enabled:
-                                  description: >-
-                                    enable or disable that input, (default to
-                                    true)
+                                  description: enable or disable that input, (default to true)
                                   type: boolean
                                 streams:
                                   additionalProperties:
@@ -30666,9 +28799,7 @@ paths:
                                     type: object
                                     properties:
                                       enabled:
-                                        description: >-
-                                          enable or disable that stream, (default
-                                          to true)
+                                        description: enable or disable that stream, (default to true)
                                         type: boolean
                                       vars:
                                         additionalProperties:
@@ -30693,14 +28824,9 @@ paths:
                                                 - id
                                                 - isSecretRef
                                           nullable: true
-                                        description: >-
-                                          Input/stream level variable (see
-                                          integration documentation for more
-                                          information)
+                                        description: Input/stream level variable (see integration documentation for more information)
                                         type: object
-                                  description: >-
-                                    Input streams (see integration documentation
-                                    to know what streams are available)
+                                  description: Input streams (see integration documentation to know what streams are available)
                                   type: object
                                 vars:
                                   additionalProperties:
@@ -30725,13 +28851,9 @@ paths:
                                           - id
                                           - isSecretRef
                                     nullable: true
-                                  description: >-
-                                    Input/stream level variable (see integration
-                                    documentation for more information)
+                                  description: Input/stream level variable (see integration documentation for more information)
                                   type: object
-                            description: >-
-                              Package policy inputs (see integration
-                              documentation to know what inputs are available)
+                            description: Package policy inputs (see integration documentation to know what inputs are available)
                             type: object
                             x-oas-optional: true
                       is_managed:
@@ -30740,19 +28862,14 @@ paths:
                         description: Package policy name (should be unique)
                         type: string
                       namespace:
-                        description: >-
-                          The package policy namespace. Leave blank to inherit
-                          the agent policy's namespace.
+                        description: The package policy namespace. Leave blank to inherit the agent policy's namespace.
                         type: string
                       output_id:
                         nullable: true
                         type: string
                       overrides:
                         additionalProperties: false
-                        description: >-
-                          Override settings that are defined in the package
-                          policy. The override option should be used only in
-                          unusual circumstances and not as a routine procedure.
+                        description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.
                         nullable: true
                         type: object
                         properties:
@@ -30801,16 +28918,12 @@ paths:
                           - version
                       policy_id:
                         deprecated: true
-                        description: >-
-                          Agent policy ID where that package policy will be
-                          added
+                        description: Agent policy ID where that package policy will be added
                         nullable: true
                         type: string
                       policy_ids:
                         items:
-                          description: >-
-                            Agent policy IDs where that package policy will be
-                            added
+                          description: Agent policy IDs where that package policy will be added
                           type: string
                         type: array
                       revision:
@@ -30846,9 +28959,7 @@ paths:
                                 value: {}
                               required:
                                 - value
-                            description: >-
-                              Package variable (see integration documentation
-                              for more information)
+                            description: Package variable (see integration documentation for more information)
                             type: object
                           - additionalProperties:
                               anyOf:
@@ -30872,9 +28983,7 @@ paths:
                                     - id
                                     - isSecretRef
                               nullable: true
-                            description: >-
-                              Input/stream level variable (see integration
-                              documentation for more information)
+                            description: Input/stream level variable (see integration documentation for more information)
                             type: object
                             x-oas-optional: true
                       version:
@@ -31026,9 +29135,7 @@ paths:
                                         value: {}
                                       required:
                                         - value
-                                    description: >-
-                                      Package variable (see integration
-                                      documentation for more information)
+                                    description: Package variable (see integration documentation for more information)
                                     type: object
                                   enabled:
                                     type: boolean
@@ -31056,9 +29163,7 @@ paths:
                                               value: {}
                                             required:
                                               - value
-                                          description: >-
-                                            Package variable (see integration
-                                            documentation for more information)
+                                          description: Package variable (see integration documentation for more information)
                                           type: object
                                         data_stream:
                                           additionalProperties: false
@@ -31111,9 +29216,7 @@ paths:
                                               value: {}
                                             required:
                                               - value
-                                          description: >-
-                                            Package variable (see integration
-                                            documentation for more information)
+                                          description: Package variable (see integration documentation for more information)
                                           type: object
                                       required:
                                         - enabled
@@ -31134,9 +29237,7 @@ paths:
                                         value: {}
                                       required:
                                         - value
-                                    description: >-
-                                      Package variable (see integration
-                                      documentation for more information)
+                                    description: Package variable (see integration documentation for more information)
                                     type: object
                                 required:
                                   - type
@@ -31149,9 +29250,7 @@ paths:
                                 type: object
                                 properties:
                                   enabled:
-                                    description: >-
-                                      enable or disable that input, (default to
-                                      true)
+                                    description: enable or disable that input, (default to true)
                                     type: boolean
                                   streams:
                                     additionalProperties:
@@ -31159,9 +29258,7 @@ paths:
                                       type: object
                                       properties:
                                         enabled:
-                                          description: >-
-                                            enable or disable that stream, (default
-                                            to true)
+                                          description: enable or disable that stream, (default to true)
                                           type: boolean
                                         vars:
                                           additionalProperties:
@@ -31186,15 +29283,9 @@ paths:
                                                   - id
                                                   - isSecretRef
                                             nullable: true
-                                          description: >-
-                                            Input/stream level variable (see
-                                            integration documentation for more
-                                            information)
+                                          description: Input/stream level variable (see integration documentation for more information)
                                           type: object
-                                    description: >-
-                                      Input streams (see integration
-                                      documentation to know what streams are
-                                      available)
+                                    description: Input streams (see integration documentation to know what streams are available)
                                     type: object
                                   vars:
                                     additionalProperties:
@@ -31219,14 +29310,9 @@ paths:
                                             - id
                                             - isSecretRef
                                       nullable: true
-                                    description: >-
-                                      Input/stream level variable (see
-                                      integration documentation for more
-                                      information)
+                                    description: Input/stream level variable (see integration documentation for more information)
                                     type: object
-                              description: >-
-                                Package policy inputs (see integration
-                                documentation to know what inputs are available)
+                              description: Package policy inputs (see integration documentation to know what inputs are available)
                               type: object
                               x-oas-optional: true
                         is_managed:
@@ -31235,20 +29321,14 @@ paths:
                           description: Package policy name (should be unique)
                           type: string
                         namespace:
-                          description: >-
-                            The package policy namespace. Leave blank to inherit
-                            the agent policy's namespace.
+                          description: The package policy namespace. Leave blank to inherit the agent policy's namespace.
                           type: string
                         output_id:
                           nullable: true
                           type: string
                         overrides:
                           additionalProperties: false
-                          description: >-
-                            Override settings that are defined in the package
-                            policy. The override option should be used only in
-                            unusual circumstances and not as a routine
-                            procedure.
+                          description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.
                           nullable: true
                           type: object
                           properties:
@@ -31297,16 +29377,12 @@ paths:
                             - version
                         policy_id:
                           deprecated: true
-                          description: >-
-                            Agent policy ID where that package policy will be
-                            added
+                          description: Agent policy ID where that package policy will be added
                           nullable: true
                           type: string
                         policy_ids:
                           items:
-                            description: >-
-                              Agent policy IDs where that package policy will be
-                              added
+                            description: Agent policy IDs where that package policy will be added
                             type: string
                           type: array
                         revision:
@@ -31342,9 +29418,7 @@ paths:
                                   value: {}
                                 required:
                                   - value
-                              description: >-
-                                Package variable (see integration documentation
-                                for more information)
+                              description: Package variable (see integration documentation for more information)
                               type: object
                             - additionalProperties:
                                 anyOf:
@@ -31368,9 +29442,7 @@ paths:
                                       - id
                                       - isSecretRef
                                 nullable: true
-                              description: >-
-                                Input/stream level variable (see integration
-                                documentation for more information)
+                              description: Input/stream level variable (see integration documentation for more information)
                               type: object
                               x-oas-optional: true
                         version:
@@ -31560,9 +29632,7 @@ paths:
                                       value: {}
                                     required:
                                       - value
-                                  description: >-
-                                    Package variable (see integration
-                                    documentation for more information)
+                                  description: Package variable (see integration documentation for more information)
                                   type: object
                                 enabled:
                                   type: boolean
@@ -31590,9 +29660,7 @@ paths:
                                             value: {}
                                           required:
                                             - value
-                                        description: >-
-                                          Package variable (see integration
-                                          documentation for more information)
+                                        description: Package variable (see integration documentation for more information)
                                         type: object
                                       data_stream:
                                         additionalProperties: false
@@ -31645,9 +29713,7 @@ paths:
                                             value: {}
                                           required:
                                             - value
-                                        description: >-
-                                          Package variable (see integration
-                                          documentation for more information)
+                                        description: Package variable (see integration documentation for more information)
                                         type: object
                                     required:
                                       - enabled
@@ -31668,9 +29734,7 @@ paths:
                                       value: {}
                                     required:
                                       - value
-                                  description: >-
-                                    Package variable (see integration
-                                    documentation for more information)
+                                  description: Package variable (see integration documentation for more information)
                                   type: object
                               required:
                                 - type
@@ -31683,9 +29747,7 @@ paths:
                               type: object
                               properties:
                                 enabled:
-                                  description: >-
-                                    enable or disable that input, (default to
-                                    true)
+                                  description: enable or disable that input, (default to true)
                                   type: boolean
                                 streams:
                                   additionalProperties:
@@ -31693,9 +29755,7 @@ paths:
                                     type: object
                                     properties:
                                       enabled:
-                                        description: >-
-                                          enable or disable that stream, (default
-                                          to true)
+                                        description: enable or disable that stream, (default to true)
                                         type: boolean
                                       vars:
                                         additionalProperties:
@@ -31720,14 +29780,9 @@ paths:
                                                 - id
                                                 - isSecretRef
                                           nullable: true
-                                        description: >-
-                                          Input/stream level variable (see
-                                          integration documentation for more
-                                          information)
+                                        description: Input/stream level variable (see integration documentation for more information)
                                         type: object
-                                  description: >-
-                                    Input streams (see integration documentation
-                                    to know what streams are available)
+                                  description: Input streams (see integration documentation to know what streams are available)
                                   type: object
                                 vars:
                                   additionalProperties:
@@ -31752,13 +29807,9 @@ paths:
                                           - id
                                           - isSecretRef
                                     nullable: true
-                                  description: >-
-                                    Input/stream level variable (see integration
-                                    documentation for more information)
+                                  description: Input/stream level variable (see integration documentation for more information)
                                   type: object
-                            description: >-
-                              Package policy inputs (see integration
-                              documentation to know what inputs are available)
+                            description: Package policy inputs (see integration documentation to know what inputs are available)
                             type: object
                             x-oas-optional: true
                       is_managed:
@@ -31767,19 +29818,14 @@ paths:
                         description: Package policy name (should be unique)
                         type: string
                       namespace:
-                        description: >-
-                          The package policy namespace. Leave blank to inherit
-                          the agent policy's namespace.
+                        description: The package policy namespace. Leave blank to inherit the agent policy's namespace.
                         type: string
                       output_id:
                         nullable: true
                         type: string
                       overrides:
                         additionalProperties: false
-                        description: >-
-                          Override settings that are defined in the package
-                          policy. The override option should be used only in
-                          unusual circumstances and not as a routine procedure.
+                        description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.
                         nullable: true
                         type: object
                         properties:
@@ -31828,16 +29874,12 @@ paths:
                           - version
                       policy_id:
                         deprecated: true
-                        description: >-
-                          Agent policy ID where that package policy will be
-                          added
+                        description: Agent policy ID where that package policy will be added
                         nullable: true
                         type: string
                       policy_ids:
                         items:
-                          description: >-
-                            Agent policy IDs where that package policy will be
-                            added
+                          description: Agent policy IDs where that package policy will be added
                           type: string
                         type: array
                       revision:
@@ -31873,9 +29915,7 @@ paths:
                                 value: {}
                               required:
                                 - value
-                            description: >-
-                              Package variable (see integration documentation
-                              for more information)
+                            description: Package variable (see integration documentation for more information)
                             type: object
                           - additionalProperties:
                               anyOf:
@@ -31899,9 +29939,7 @@ paths:
                                     - id
                                     - isSecretRef
                               nullable: true
-                            description: >-
-                              Input/stream level variable (see integration
-                              documentation for more information)
+                            description: Input/stream level variable (see integration documentation for more information)
                             type: object
                             x-oas-optional: true
                       version:
@@ -32012,9 +30050,7 @@ paths:
                                 value: {}
                               required:
                                 - value
-                            description: >-
-                              Package variable (see integration documentation
-                              for more information)
+                            description: Package variable (see integration documentation for more information)
                             type: object
                           enabled:
                             type: boolean
@@ -32042,9 +30078,7 @@ paths:
                                       value: {}
                                     required:
                                       - value
-                                  description: >-
-                                    Package variable (see integration
-                                    documentation for more information)
+                                  description: Package variable (see integration documentation for more information)
                                   type: object
                                 data_stream:
                                   additionalProperties: false
@@ -32097,9 +30131,7 @@ paths:
                                       value: {}
                                     required:
                                       - value
-                                  description: >-
-                                    Package variable (see integration
-                                    documentation for more information)
+                                  description: Package variable (see integration documentation for more information)
                                   type: object
                               required:
                                 - enabled
@@ -32120,9 +30152,7 @@ paths:
                                 value: {}
                               required:
                                 - value
-                            description: >-
-                              Package variable (see integration documentation
-                              for more information)
+                            description: Package variable (see integration documentation for more information)
                             type: object
                         required:
                           - type
@@ -32133,19 +30163,14 @@ paths:
                     name:
                       type: string
                     namespace:
-                      description: >-
-                        The package policy namespace. Leave blank to inherit the
-                        agent policy's namespace.
+                      description: The package policy namespace. Leave blank to inherit the agent policy's namespace.
                       type: string
                     output_id:
                       nullable: true
                       type: string
                     overrides:
                       additionalProperties: false
-                      description: >-
-                        Override settings that are defined in the package
-                        policy. The override option should be used only in
-                        unusual circumstances and not as a routine procedure.
+                      description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.
                       nullable: true
                       type: object
                       properties:
@@ -32199,9 +30224,7 @@ paths:
                       type: string
                     policy_ids:
                       items:
-                        description: >-
-                          Agent policy IDs where that package policy will be
-                          added
+                        description: Agent policy IDs where that package policy will be added
                         type: string
                       type: array
                     vars:
@@ -32216,9 +30239,7 @@ paths:
                           value: {}
                         required:
                           - value
-                      description: >-
-                        Package variable (see integration documentation for more
-                        information)
+                      description: Package variable (see integration documentation for more information)
                       type: object
                     version:
                       type: string
@@ -32245,9 +30266,7 @@ paths:
                               type: object
                               properties:
                                 enabled:
-                                  description: >-
-                                    enable or disable that stream, (default to
-                                    true)
+                                  description: enable or disable that stream, (default to true)
                                   type: boolean
                                 vars:
                                   additionalProperties:
@@ -32272,13 +30291,9 @@ paths:
                                           - id
                                           - isSecretRef
                                     nullable: true
-                                  description: >-
-                                    Input/stream level variable (see integration
-                                    documentation for more information)
+                                  description: Input/stream level variable (see integration documentation for more information)
                                   type: object
-                            description: >-
-                              Input streams (see integration documentation to
-                              know what streams are available)
+                            description: Input streams (see integration documentation to know what streams are available)
                             type: object
                           vars:
                             additionalProperties:
@@ -32303,13 +30318,9 @@ paths:
                                     - id
                                     - isSecretRef
                               nullable: true
-                            description: >-
-                              Input/stream level variable (see integration
-                              documentation for more information)
+                            description: Input/stream level variable (see integration documentation for more information)
                             type: object
-                      description: >-
-                        Package policy inputs (see integration documentation to
-                        know what inputs are available)
+                      description: Package policy inputs (see integration documentation to know what inputs are available)
                       type: object
                     name:
                       type: string
@@ -32388,9 +30399,7 @@ paths:
                               - id
                               - isSecretRef
                         nullable: true
-                      description: >-
-                        Input/stream level variable (see integration
-                        documentation for more information)
+                      description: Input/stream level variable (see integration documentation for more information)
                       type: object
                   required:
                     - name
@@ -32451,9 +30460,7 @@ paths:
                                       value: {}
                                     required:
                                       - value
-                                  description: >-
-                                    Package variable (see integration
-                                    documentation for more information)
+                                  description: Package variable (see integration documentation for more information)
                                   type: object
                                 enabled:
                                   type: boolean
@@ -32481,9 +30488,7 @@ paths:
                                             value: {}
                                           required:
                                             - value
-                                        description: >-
-                                          Package variable (see integration
-                                          documentation for more information)
+                                        description: Package variable (see integration documentation for more information)
                                         type: object
                                       data_stream:
                                         additionalProperties: false
@@ -32536,9 +30541,7 @@ paths:
                                             value: {}
                                           required:
                                             - value
-                                        description: >-
-                                          Package variable (see integration
-                                          documentation for more information)
+                                        description: Package variable (see integration documentation for more information)
                                         type: object
                                     required:
                                       - enabled
@@ -32559,9 +30562,7 @@ paths:
                                       value: {}
                                     required:
                                       - value
-                                  description: >-
-                                    Package variable (see integration
-                                    documentation for more information)
+                                  description: Package variable (see integration documentation for more information)
                                   type: object
                               required:
                                 - type
@@ -32574,9 +30575,7 @@ paths:
                               type: object
                               properties:
                                 enabled:
-                                  description: >-
-                                    enable or disable that input, (default to
-                                    true)
+                                  description: enable or disable that input, (default to true)
                                   type: boolean
                                 streams:
                                   additionalProperties:
@@ -32584,9 +30583,7 @@ paths:
                                     type: object
                                     properties:
                                       enabled:
-                                        description: >-
-                                          enable or disable that stream, (default
-                                          to true)
+                                        description: enable or disable that stream, (default to true)
                                         type: boolean
                                       vars:
                                         additionalProperties:
@@ -32611,14 +30608,9 @@ paths:
                                                 - id
                                                 - isSecretRef
                                           nullable: true
-                                        description: >-
-                                          Input/stream level variable (see
-                                          integration documentation for more
-                                          information)
+                                        description: Input/stream level variable (see integration documentation for more information)
                                         type: object
-                                  description: >-
-                                    Input streams (see integration documentation
-                                    to know what streams are available)
+                                  description: Input streams (see integration documentation to know what streams are available)
                                   type: object
                                 vars:
                                   additionalProperties:
@@ -32643,13 +30635,9 @@ paths:
                                           - id
                                           - isSecretRef
                                     nullable: true
-                                  description: >-
-                                    Input/stream level variable (see integration
-                                    documentation for more information)
+                                  description: Input/stream level variable (see integration documentation for more information)
                                   type: object
-                            description: >-
-                              Package policy inputs (see integration
-                              documentation to know what inputs are available)
+                            description: Package policy inputs (see integration documentation to know what inputs are available)
                             type: object
                             x-oas-optional: true
                       is_managed:
@@ -32658,19 +30646,14 @@ paths:
                         description: Package policy name (should be unique)
                         type: string
                       namespace:
-                        description: >-
-                          The package policy namespace. Leave blank to inherit
-                          the agent policy's namespace.
+                        description: The package policy namespace. Leave blank to inherit the agent policy's namespace.
                         type: string
                       output_id:
                         nullable: true
                         type: string
                       overrides:
                         additionalProperties: false
-                        description: >-
-                          Override settings that are defined in the package
-                          policy. The override option should be used only in
-                          unusual circumstances and not as a routine procedure.
+                        description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.
                         nullable: true
                         type: object
                         properties:
@@ -32719,16 +30702,12 @@ paths:
                           - version
                       policy_id:
                         deprecated: true
-                        description: >-
-                          Agent policy ID where that package policy will be
-                          added
+                        description: Agent policy ID where that package policy will be added
                         nullable: true
                         type: string
                       policy_ids:
                         items:
-                          description: >-
-                            Agent policy IDs where that package policy will be
-                            added
+                          description: Agent policy IDs where that package policy will be added
                           type: string
                         type: array
                       revision:
@@ -32764,9 +30743,7 @@ paths:
                                 value: {}
                               required:
                                 - value
-                            description: >-
-                              Package variable (see integration documentation
-                              for more information)
+                            description: Package variable (see integration documentation for more information)
                             type: object
                           - additionalProperties:
                               anyOf:
@@ -32790,9 +30767,7 @@ paths:
                                     - id
                                     - isSecretRef
                               nullable: true
-                            description: >-
-                              Input/stream level variable (see integration
-                              documentation for more information)
+                            description: Input/stream level variable (see integration documentation for more information)
                             type: object
                             x-oas-optional: true
                       version:
@@ -33259,9 +31234,7 @@ paths:
                                               value: {}
                                             required:
                                               - value
-                                          description: >-
-                                            Package variable (see integration
-                                            documentation for more information)
+                                          description: Package variable (see integration documentation for more information)
                                           type: object
                                         enabled:
                                           type: boolean
@@ -33289,9 +31262,7 @@ paths:
                                                     value: {}
                                                   required:
                                                     - value
-                                                description: >-
-                                                  Package variable (see integration
-                                                  documentation for more information)
+                                                description: Package variable (see integration documentation for more information)
                                                 type: object
                                               data_stream:
                                                 additionalProperties: false
@@ -33344,9 +31315,7 @@ paths:
                                                     value: {}
                                                   required:
                                                     - value
-                                                description: >-
-                                                  Package variable (see integration
-                                                  documentation for more information)
+                                                description: Package variable (see integration documentation for more information)
                                                 type: object
                                             required:
                                               - enabled
@@ -33367,9 +31336,7 @@ paths:
                                               value: {}
                                             required:
                                               - value
-                                          description: >-
-                                            Package variable (see integration
-                                            documentation for more information)
+                                          description: Package variable (see integration documentation for more information)
                                           type: object
                                       required:
                                         - type
@@ -33382,9 +31349,7 @@ paths:
                                       type: object
                                       properties:
                                         enabled:
-                                          description: >-
-                                            enable or disable that input, (default
-                                            to true)
+                                          description: enable or disable that input, (default to true)
                                           type: boolean
                                         streams:
                                           additionalProperties:
@@ -33392,9 +31357,7 @@ paths:
                                             type: object
                                             properties:
                                               enabled:
-                                                description: >-
-                                                  enable or disable that stream, (default
-                                                  to true)
+                                                description: enable or disable that stream, (default to true)
                                                 type: boolean
                                               vars:
                                                 additionalProperties:
@@ -33419,15 +31382,9 @@ paths:
                                                         - id
                                                         - isSecretRef
                                                   nullable: true
-                                                description: >-
-                                                  Input/stream level variable (see
-                                                  integration documentation for more
-                                                  information)
+                                                description: Input/stream level variable (see integration documentation for more information)
                                                 type: object
-                                          description: >-
-                                            Input streams (see integration
-                                            documentation to know what streams are
-                                            available)
+                                          description: Input streams (see integration documentation to know what streams are available)
                                           type: object
                                         vars:
                                           additionalProperties:
@@ -33452,15 +31409,9 @@ paths:
                                                   - id
                                                   - isSecretRef
                                             nullable: true
-                                          description: >-
-                                            Input/stream level variable (see
-                                            integration documentation for more
-                                            information)
+                                          description: Input/stream level variable (see integration documentation for more information)
                                           type: object
-                                    description: >-
-                                      Package policy inputs (see integration
-                                      documentation to know what inputs are
-                                      available)
+                                    description: Package policy inputs (see integration documentation to know what inputs are available)
                                     type: object
                                     x-oas-optional: true
                               is_managed:
@@ -33469,20 +31420,14 @@ paths:
                                 description: Package policy name (should be unique)
                                 type: string
                               namespace:
-                                description: >-
-                                  The package policy namespace. Leave blank to
-                                  inherit the agent policy's namespace.
+                                description: The package policy namespace. Leave blank to inherit the agent policy's namespace.
                                 type: string
                               output_id:
                                 nullable: true
                                 type: string
                               overrides:
                                 additionalProperties: false
-                                description: >-
-                                  Override settings that are defined in the
-                                  package policy. The override option should be
-                                  used only in unusual circumstances and not as
-                                  a routine procedure.
+                                description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.
                                 nullable: true
                                 type: object
                                 properties:
@@ -33531,16 +31476,12 @@ paths:
                                   - version
                               policy_id:
                                 deprecated: true
-                                description: >-
-                                  Agent policy ID where that package policy will
-                                  be added
+                                description: Agent policy ID where that package policy will be added
                                 nullable: true
                                 type: string
                               policy_ids:
                                 items:
-                                  description: >-
-                                    Agent policy IDs where that package policy
-                                    will be added
+                                  description: Agent policy IDs where that package policy will be added
                                   type: string
                                 type: array
                               revision:
@@ -33576,9 +31517,7 @@ paths:
                                         value: {}
                                       required:
                                         - value
-                                    description: >-
-                                      Package variable (see integration
-                                      documentation for more information)
+                                    description: Package variable (see integration documentation for more information)
                                     type: object
                                   - additionalProperties:
                                       anyOf:
@@ -33602,10 +31541,7 @@ paths:
                                             - id
                                             - isSecretRef
                                       nullable: true
-                                    description: >-
-                                      Input/stream level variable (see
-                                      integration documentation for more
-                                      information)
+                                    description: Input/stream level variable (see integration documentation for more information)
                                     type: object
                                     x-oas-optional: true
                               version:
@@ -33660,9 +31596,7 @@ paths:
                                           value: {}
                                         required:
                                           - value
-                                      description: >-
-                                        Package variable (see integration
-                                        documentation for more information)
+                                      description: Package variable (see integration documentation for more information)
                                       type: object
                                     enabled:
                                       type: boolean
@@ -33690,9 +31624,7 @@ paths:
                                                 value: {}
                                               required:
                                                 - value
-                                            description: >-
-                                              Package variable (see integration
-                                              documentation for more information)
+                                            description: Package variable (see integration documentation for more information)
                                             type: object
                                           data_stream:
                                             additionalProperties: false
@@ -33745,9 +31677,7 @@ paths:
                                                 value: {}
                                               required:
                                                 - value
-                                            description: >-
-                                              Package variable (see integration
-                                              documentation for more information)
+                                            description: Package variable (see integration documentation for more information)
                                             type: object
                                         required:
                                           - enabled
@@ -33768,9 +31698,7 @@ paths:
                                           value: {}
                                         required:
                                           - value
-                                      description: >-
-                                        Package variable (see integration
-                                        documentation for more information)
+                                      description: Package variable (see integration documentation for more information)
                                       type: object
                                   required:
                                     - type
@@ -33787,20 +31715,14 @@ paths:
                                 description: Package policy name (should be unique)
                                 type: string
                               namespace:
-                                description: >-
-                                  The package policy namespace. Leave blank to
-                                  inherit the agent policy's namespace.
+                                description: The package policy namespace. Leave blank to inherit the agent policy's namespace.
                                 type: string
                               output_id:
                                 nullable: true
                                 type: string
                               overrides:
                                 additionalProperties: false
-                                description: >-
-                                  Override settings that are defined in the
-                                  package policy. The override option should be
-                                  used only in unusual circumstances and not as
-                                  a routine procedure.
+                                description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure.
                                 nullable: true
                                 type: object
                                 properties:
@@ -33849,16 +31771,12 @@ paths:
                                   - version
                               policy_id:
                                 deprecated: true
-                                description: >-
-                                  Agent policy ID where that package policy will
-                                  be added
+                                description: Agent policy ID where that package policy will be added
                                 nullable: true
                                 type: string
                               policy_ids:
                                 items:
-                                  description: >-
-                                    Agent policy IDs where that package policy
-                                    will be added
+                                  description: Agent policy IDs where that package policy will be added
                                   type: string
                                 type: array
                               vars:
@@ -33873,9 +31791,7 @@ paths:
                                     value: {}
                                   required:
                                     - value
-                                description: >-
-                                  Package variable (see integration
-                                  documentation for more information)
+                                description: Package variable (see integration documentation for more information)
                                 type: object
                             required:
                               - name
@@ -34685,11 +32601,7 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 additionalProperties: false
-                description: >-
-                  A summary of the result of Fleet's `setup` lifecycle. If
-                  `isInitialized` is true, Fleet is ready to accept agent
-                  enrollment. `nonFatalErrors` may include useful insight into
-                  non-blocking issues with Fleet setup.
+                description: A summary of the result of Fleet's `setup` lifecycle. If `isInitialized` is true, Fleet is ready to accept agent enrollment. `nonFatalErrors` may include useful insight into non-blocking issues with Fleet setup.
                 type: object
                 properties:
                   isInitialized:
@@ -34950,8 +32862,7 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Lists_API_PlatformErrorResponse
+                  - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse'
                   - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse'
           description: Invalid input data response
         '401':
@@ -35003,8 +32914,7 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Lists_API_PlatformErrorResponse
+                  - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse'
                   - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse'
           description: Invalid input data response
         '401':
@@ -35072,8 +32982,7 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Lists_API_PlatformErrorResponse
+                  - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse'
                   - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse'
           description: Invalid input data response
         '401':
@@ -35148,8 +33057,7 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Lists_API_PlatformErrorResponse
+                  - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse'
                   - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse'
           description: Invalid input data response
         '401':
@@ -35180,12 +33088,9 @@ paths:
       tags:
         - Security Lists API
     put:
-      description: >
-        Update a list using the list ID. The original list is replaced, and all
-        unspecified fields are deleted.
-
+      description: |
+        Update a list using the list ID. The original list is replaced, and all unspecified fields are deleted.
         > info
-
         > You cannot modify the `id` value.
       operationId: UpdateList
       requestBody:
@@ -35225,8 +33130,7 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Lists_API_PlatformErrorResponse
+                  - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse'
                   - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse'
           description: Invalid input data response
         '401':
@@ -35258,9 +33162,7 @@ paths:
         - Security Lists API
   /api/lists/_find:
     get:
-      description: >-
-        Get a paginated subset of lists. By default, the first page is returned,
-        with 20 results per page.
+      description: Get a paginated subset of lists. By default, the first page is returned, with 20 results per page.
       operationId: FindLists
       parameters:
         - description: The page number to return
@@ -35290,24 +33192,17 @@ paths:
               - desc
               - asc
             type: string
-        - description: >
-            Returns the list that come after the last list returned in the
-            previous call
-
-            (use the cursor value returned in the previous call). This parameter
-            uses
-
-            the `tie_breaker_id` field to ensure all lists are sorted and
-            returned correctly.
+        - description: |
+            Returns the list that come after the last list returned in the previous call
+            (use the cursor value returned in the previous call). This parameter uses
+            the `tie_breaker_id` field to ensure all lists are sorted and returned correctly.
           in: query
           name: cursor
           required: false
           schema:
             $ref: '#/components/schemas/Security_Lists_API_FindListsCursor'
-        - description: >
-            Filters the returned results according to the value of the specified
-            field,
-
+        - description: |
+            Filters the returned results according to the value of the specified field,
             using the <field name>:<field value> syntax.
           in: query
           name: filter
@@ -35348,8 +33243,7 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Lists_API_PlatformErrorResponse
+                  - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse'
                   - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse'
           description: Invalid input data response
         '401':
@@ -35394,8 +33288,7 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Lists_API_PlatformErrorResponse
+                  - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse'
                   - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse'
           description: Invalid input data response
         '401':
@@ -35448,8 +33341,7 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Lists_API_PlatformErrorResponse
+                  - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse'
                   - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse'
           description: Invalid input data response
         '401':
@@ -35499,8 +33391,7 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Lists_API_PlatformErrorResponse
+                  - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse'
                   - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse'
           description: Invalid input data response
         '401':
@@ -35553,9 +33444,7 @@ paths:
           required: false
           schema:
             type: string
-        - description: >-
-            Determines when changes made by the request are made visible to
-            search
+        - description: Determines when changes made by the request are made visible to search
           in: query
           name: refresh
           required: false
@@ -35582,8 +33471,7 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Lists_API_PlatformErrorResponse
+                  - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse'
                   - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse'
           description: Invalid input data response
         '401':
@@ -35651,8 +33539,7 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Lists_API_PlatformErrorResponse
+                  - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse'
                   - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse'
           description: Invalid input data response
         '401':
@@ -35698,9 +33585,7 @@ paths:
                 meta:
                   $ref: '#/components/schemas/Security_Lists_API_ListItemMetadata'
                 refresh:
-                  description: >-
-                    Determines when changes made by the request are made visible
-                    to search
+                  description: Determines when changes made by the request are made visible to search
                   enum:
                     - 'true'
                     - 'false'
@@ -35724,8 +33609,7 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Lists_API_PlatformErrorResponse
+                  - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse'
                   - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse'
           description: Invalid input data response
         '401':
@@ -35756,15 +33640,11 @@ paths:
       tags:
         - Security Lists API
     post:
-      description: >
+      description: |
         Create a list item and associate it with the specified list.
 
-
-        All list items in the same list must be the same type. For example, each
-        list item in an `ip` list must define a specific IP address.
-
+        All list items in the same list must be the same type. For example, each list item in an `ip` list must define a specific IP address.
         > info
-
         > Before creating a list item, you must create a list.
       operationId: CreateListItem
       requestBody:
@@ -35780,9 +33660,7 @@ paths:
                 meta:
                   $ref: '#/components/schemas/Security_Lists_API_ListItemMetadata'
                 refresh:
-                  description: >-
-                    Determines when changes made by the request are made visible
-                    to search
+                  description: Determines when changes made by the request are made visible to search
                   enum:
                     - 'true'
                     - 'false'
@@ -35807,8 +33685,7 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Lists_API_PlatformErrorResponse
+                  - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse'
                   - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse'
           description: Invalid input data response
         '401':
@@ -35839,12 +33716,9 @@ paths:
       tags:
         - Security Lists API
     put:
-      description: >
-        Update a list item using the list item ID. The original list item is
-        replaced, and all unspecified fields are deleted.
-
+      description: |
+        Update a list item using the list item ID. The original list item is replaced, and all unspecified fields are deleted.
         > info
-
         > You cannot modify the `id` value.
       operationId: UpdateListItem
       requestBody:
@@ -35878,8 +33752,7 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Lists_API_PlatformErrorResponse
+                  - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse'
                   - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse'
           description: Invalid input data response
         '401':
@@ -35934,8 +33807,7 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Lists_API_PlatformErrorResponse
+                  - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse'
                   - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse'
           description: Invalid input data response
         '401':
@@ -36003,24 +33875,17 @@ paths:
               - desc
               - asc
             type: string
-        - description: >
-            Returns the list that come after the last list returned in the
-            previous call
-
-            (use the cursor value returned in the previous call). This parameter
-            uses
-
-            the `tie_breaker_id` field to ensure all lists are sorted and
-            returned correctly.
+        - description: |
+            Returns the list that come after the last list returned in the previous call
+            (use the cursor value returned in the previous call). This parameter uses
+            the `tie_breaker_id` field to ensure all lists are sorted and returned correctly.
           in: query
           name: cursor
           required: false
           schema:
             $ref: '#/components/schemas/Security_Lists_API_FindListItemsCursor'
-        - description: >
-            Filters the returned results according to the value of the specified
-            field,
-
+        - description: |
+            Filters the returned results according to the value of the specified field,
             using the <field name>:<field value> syntax.
           in: query
           name: filter
@@ -36035,8 +33900,7 @@ paths:
                 type: object
                 properties:
                   cursor:
-                    $ref: >-
-                      #/components/schemas/Security_Lists_API_FindListItemsCursor
+                    $ref: '#/components/schemas/Security_Lists_API_FindListItemsCursor'
                   data:
                     items:
                       $ref: '#/components/schemas/Security_Lists_API_ListItem'
@@ -36062,8 +33926,7 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Lists_API_PlatformErrorResponse
+                  - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse'
                   - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse'
           description: Invalid input data response
         '401':
@@ -36089,10 +33952,8 @@ paths:
         - Security Lists API
   /api/lists/items/_import:
     post:
-      description: >
-        Import list items from a TXT or CSV file. The maximum file size is 9
-        million bytes.
-
+      description: |
+        Import list items from a TXT or CSV file. The maximum file size is 9 million bytes.
 
         You can import items to a new or existing list.
       operationId: ImportListItems
@@ -36106,12 +33967,10 @@ paths:
           required: false
           schema:
             $ref: '#/components/schemas/Security_Lists_API_ListId'
-        - description: >
+        - description: |
             Type of the importing list.
 
-
-            Required when importing a new list that is `list_id` is not
-            specified.
+            Required when importing a new list that is `list_id` is not specified.
           in: query
           name: type
           required: false
@@ -36127,9 +33986,7 @@ paths:
           required: false
           schema:
             type: string
-        - description: >-
-            Determines when changes made by the request are made visible to
-            search
+        - description: Determines when changes made by the request are made visible to search
           in: query
           name: refresh
           required: false
@@ -36146,9 +34003,7 @@ paths:
               type: object
               properties:
                 file:
-                  description: >-
-                    A `.txt` or `.csv` file containing newline separated list
-                    items
+                  description: A `.txt` or `.csv` file containing newline separated list items
                   format: binary
                   type: string
         required: true
@@ -36164,8 +34019,7 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Lists_API_PlatformErrorResponse
+                  - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse'
                   - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse'
           description: Invalid input data response
         '401':
@@ -36221,8 +34075,7 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 oneOf:
-                  - $ref: >-
-                      #/components/schemas/Security_Lists_API_PlatformErrorResponse
+                  - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse'
                   - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse'
           description: Invalid input data response
         '401':
@@ -36248,12 +34101,8 @@ paths:
         - Security Lists API
   /api/ml/saved_objects/sync:
     get:
-      description: >
-        Synchronizes Kibana saved objects for machine learning jobs and trained
-        models in the default space. You must have `all` privileges for the
-        **Machine Learning** feature in the **Analytics** section of the Kibana
-        feature privileges. This API runs automatically when you start Kibana
-        and periodically thereafter.
+      description: |
+        Synchronizes Kibana saved objects for machine learning jobs and trained models in the default space. You must have `all` privileges for the **Machine Learning** feature in the **Analytics** section of the Kibana feature privileges. This API runs automatically when you start Kibana and periodically thereafter.
       operationId: mlSync
       parameters:
         - $ref: '#/components/parameters/Machine_learning_APIs_simulateParam'
@@ -36317,7 +34166,6 @@ paths:
       summary: Delete a note
       tags:
         - Security Timeline API
-        - access:securitySolution
     get:
       description: Get all notes for a given document.
       operationId: GetNotes
@@ -36381,7 +34229,6 @@ paths:
       summary: Get notes
       tags:
         - Security Timeline API
-        - access:securitySolution
     patch:
       description: Add a note to a Timeline or update an existing note.
       operationId: PersistNoteRoute
@@ -36426,8 +34273,7 @@ paths:
                     type: object
                     properties:
                       persistNote:
-                        $ref: >-
-                          #/components/schemas/Security_Timeline_API_ResponseNote
+                        $ref: '#/components/schemas/Security_Timeline_API_ResponseNote'
                     required:
                       - persistNote
                 required:
@@ -36436,7 +34282,6 @@ paths:
       summary: Add or update a note
       tags:
         - Security Timeline API
-        - access:securitySolution
   /api/osquery/live_queries:
     get:
       description: Get a list of all live queries.
@@ -36446,15 +34291,13 @@ paths:
           name: query
           required: true
           schema:
-            $ref: >-
-              #/components/schemas/Security_Osquery_API_FindLiveQueryRequestQuery
+            $ref: '#/components/schemas/Security_Osquery_API_FindLiveQueryRequestQuery'
       responses:
         '200':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Osquery_API_DefaultSuccessResponse
+                $ref: '#/components/schemas/Security_Osquery_API_DefaultSuccessResponse'
           description: OK
       summary: Get live queries
       tags:
@@ -36466,16 +34309,14 @@ paths:
         content:
           application/json; Elastic-Api-Version=2023-10-31:
             schema:
-              $ref: >-
-                #/components/schemas/Security_Osquery_API_CreateLiveQueryRequestBody
+              $ref: '#/components/schemas/Security_Osquery_API_CreateLiveQueryRequestBody'
         required: true
       responses:
         '200':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Osquery_API_DefaultSuccessResponse
+                $ref: '#/components/schemas/Security_Osquery_API_DefaultSuccessResponse'
           description: OK
       summary: Create a live query
       tags:
@@ -36500,8 +34341,7 @@ paths:
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Osquery_API_DefaultSuccessResponse
+                $ref: '#/components/schemas/Security_Osquery_API_DefaultSuccessResponse'
           description: OK
       summary: Get live query details
       tags:
@@ -36525,15 +34365,13 @@ paths:
           name: query
           required: true
           schema:
-            $ref: >-
-              #/components/schemas/Security_Osquery_API_GetLiveQueryResultsRequestQuery
+            $ref: '#/components/schemas/Security_Osquery_API_GetLiveQueryResultsRequestQuery'
       responses:
         '200':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Osquery_API_DefaultSuccessResponse
+                $ref: '#/components/schemas/Security_Osquery_API_DefaultSuccessResponse'
           description: OK
       summary: Get live query results
       tags:
@@ -36553,8 +34391,7 @@ paths:
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Osquery_API_DefaultSuccessResponse
+                $ref: '#/components/schemas/Security_Osquery_API_DefaultSuccessResponse'
           description: OK
       summary: Get packs
       tags:
@@ -36573,8 +34410,7 @@ paths:
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Osquery_API_DefaultSuccessResponse
+                $ref: '#/components/schemas/Security_Osquery_API_DefaultSuccessResponse'
           description: OK
       summary: Create a pack
       tags:
@@ -36594,8 +34430,7 @@ paths:
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Osquery_API_DefaultSuccessResponse
+                $ref: '#/components/schemas/Security_Osquery_API_DefaultSuccessResponse'
           description: OK
       summary: Delete a pack
       tags:
@@ -36614,8 +34449,7 @@ paths:
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Osquery_API_DefaultSuccessResponse
+                $ref: '#/components/schemas/Security_Osquery_API_DefaultSuccessResponse'
           description: OK
       summary: Get pack details
       tags:
@@ -36643,8 +34477,7 @@ paths:
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Osquery_API_DefaultSuccessResponse
+                $ref: '#/components/schemas/Security_Osquery_API_DefaultSuccessResponse'
           description: OK
       summary: Update a pack
       tags:
@@ -36658,15 +34491,13 @@ paths:
           name: query
           required: true
           schema:
-            $ref: >-
-              #/components/schemas/Security_Osquery_API_FindSavedQueryRequestQuery
+            $ref: '#/components/schemas/Security_Osquery_API_FindSavedQueryRequestQuery'
       responses:
         '200':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Osquery_API_DefaultSuccessResponse
+                $ref: '#/components/schemas/Security_Osquery_API_DefaultSuccessResponse'
           description: OK
       summary: Get saved queries
       tags:
@@ -36678,16 +34509,14 @@ paths:
         content:
           application/json; Elastic-Api-Version=2023-10-31:
             schema:
-              $ref: >-
-                #/components/schemas/Security_Osquery_API_CreateSavedQueryRequestBody
+              $ref: '#/components/schemas/Security_Osquery_API_CreateSavedQueryRequestBody'
         required: true
       responses:
         '200':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Osquery_API_DefaultSuccessResponse
+                $ref: '#/components/schemas/Security_Osquery_API_DefaultSuccessResponse'
           description: OK
       summary: Create a saved query
       tags:
@@ -36707,8 +34536,7 @@ paths:
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Osquery_API_DefaultSuccessResponse
+                $ref: '#/components/schemas/Security_Osquery_API_DefaultSuccessResponse'
           description: OK
       summary: Delete a saved query
       tags:
@@ -36727,8 +34555,7 @@ paths:
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Osquery_API_DefaultSuccessResponse
+                $ref: '#/components/schemas/Security_Osquery_API_DefaultSuccessResponse'
           description: OK
       summary: Get saved query details
       tags:
@@ -36749,16 +34576,14 @@ paths:
         content:
           application/json; Elastic-Api-Version=2023-10-31:
             schema:
-              $ref: >-
-                #/components/schemas/Security_Osquery_API_UpdateSavedQueryRequestBody
+              $ref: '#/components/schemas/Security_Osquery_API_UpdateSavedQueryRequestBody'
         required: true
       responses:
         '200':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Osquery_API_DefaultSuccessResponse
+                $ref: '#/components/schemas/Security_Osquery_API_DefaultSuccessResponse'
           description: OK
       summary: Update a saved query
       tags:
@@ -36796,8 +34621,7 @@ paths:
                     type: object
                     properties:
                       persistPinnedEventOnTimeline:
-                        $ref: >-
-                          #/components/schemas/Security_Timeline_API_PersistPinnedEventResponse
+                        $ref: '#/components/schemas/Security_Timeline_API_PersistPinnedEventResponse'
                     required:
                       - persistPinnedEventOnTimeline
                 required:
@@ -36806,12 +34630,9 @@ paths:
       summary: Pin an event
       tags:
         - Security Timeline API
-        - access:securitySolution
   /api/risk_score/engine/dangerously_delete_data:
     delete:
-      description: >-
-        Cleaning up the the Risk Engine by removing the indices, mapping and
-        transforms
+      description: Cleaning up the the Risk Engine by removing the indices, mapping and transforms
       operationId: CleanUpRiskEngine
       responses:
         '200':
@@ -36827,25 +34648,20 @@ paths:
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Entity_Analytics_API_TaskManagerUnavailableResponse
+                $ref: '#/components/schemas/Security_Entity_Analytics_API_TaskManagerUnavailableResponse'
           description: Task manager is unavailable
         default:
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Entity_Analytics_API_CleanUpRiskEngineErrorResponse
+                $ref: '#/components/schemas/Security_Entity_Analytics_API_CleanUpRiskEngineErrorResponse'
           description: Unexpected error
       summary: Cleanup the Risk Engine
       tags:
         - Security Entity Analytics API
   /api/risk_score/engine/schedule_now:
     post:
-      description: >-
-        Schedule the risk scoring engine to run as soon as possible. You can use
-        this to recalculate entity risk scores after updating their asset
-        criticality.
+      description: Schedule the risk scoring engine to run as soon as possible. You can use this to recalculate entity risk scores after updating their asset criticality.
       operationId: ScheduleRiskEngineNow
       requestBody:
         content:
@@ -36855,22 +34671,19 @@ paths:
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Entity_Analytics_API_RiskEngineScheduleNowResponse
+                $ref: '#/components/schemas/Security_Entity_Analytics_API_RiskEngineScheduleNowResponse'
           description: Successful response
         '400':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Entity_Analytics_API_TaskManagerUnavailableResponse
+                $ref: '#/components/schemas/Security_Entity_Analytics_API_TaskManagerUnavailableResponse'
           description: Task manager is unavailable
         default:
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Entity_Analytics_API_RiskEngineScheduleNowErrorResponse
+                $ref: '#/components/schemas/Security_Entity_Analytics_API_RiskEngineScheduleNowErrorResponse'
           description: Unexpected error
       summary: Run the risk scoring engine
       tags:
@@ -36918,19 +34731,8 @@ paths:
       operationId: bulkDeleteSavedObjects
       parameters:
         - $ref: '#/components/parameters/Saved_objects_kbn_xsrf'
-        - description: >
-            When true, force delete objects that exist in multiple namespaces.
-            Note that the option applies to the whole request. Use the delete
-            object API to specify per-object deletion behavior. TIP: Use this if
-            you attempted to delete objects and received an HTTP 400 error with
-            the following message: "Unable to delete saved object that exists in
-            multiple namespaces, use the force option to delete it anyway".
-            WARNING: When you bulk delete objects that exist in multiple
-            namespaces, the API also deletes legacy url aliases that reference
-            the object. These requests are batched to minimise the impact but
-            they can place a heavy load on Kibana. Make sure you limit the
-            number of objects that exist in multiple namespaces in a single bulk
-            delete operation.
+        - description: |
+            When true, force delete objects that exist in multiple namespaces. Note that the option applies to the whole request. Use the delete object API to specify per-object deletion behavior. TIP: Use this if you attempted to delete objects and received an HTTP 400 error with the following message: "Unable to delete saved object that exists in multiple namespaces, use the force option to delete it anyway". WARNING: When you bulk delete objects that exist in multiple namespaces, the API also deletes legacy url aliases that reference the object. These requests are batched to minimise the impact but they can place a heavy load on Kibana. Make sure you limit the number of objects that exist in multiple namespaces in a single bulk delete operation.
           in: query
           name: force
           schema:
@@ -36949,10 +34751,8 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 type: object
-          description: >
-            Indicates a successful call. NOTE: This HTTP response code indicates
-            that the bulk operation succeeded. Errors pertaining to individual
-            objects will be returned in the response body.
+          description: |
+            Indicates a successful call. NOTE: This HTTP response code indicates that the bulk operation succeeded. Errors pertaining to individual objects will be returned in the response body.
         '400':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
@@ -36995,14 +34795,8 @@ paths:
   /api/saved_objects/_bulk_resolve:
     post:
       deprecated: true
-      description: >
-        Retrieve multiple Kibana saved objects by identifier using any legacy
-        URL aliases if they exist. Under certain circumstances when Kibana is
-        upgraded, saved object migrations may necessitate regenerating some
-        object IDs to enable new features. When an object's ID is regenerated, a
-        legacy URL alias is created for that object, preserving its old ID. In
-        such a scenario, that object can be retrieved by the bulk resolve API
-        using either its new ID or its old ID.
+      description: |
+        Retrieve multiple Kibana saved objects by identifier using any legacy URL aliases if they exist. Under certain circumstances when Kibana is upgraded, saved object migrations may necessitate regenerating some object IDs to enable new features. When an object's ID is regenerated, a legacy URL alias is created for that object, preserving its old ID. In such a scenario, that object can be retrieved by the bulk resolve API using either its new ID or its old ID.
       operationId: bulkResolveSavedObjects
       parameters:
         - $ref: '#/components/parameters/Saved_objects_kbn_xsrf'
@@ -37020,10 +34814,8 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 type: object
-          description: >
-            Indicates a successful call. NOTE: This HTTP response code indicates
-            that the bulk operation succeeded.  Errors pertaining to individual
-            objects will be returned in the response body.
+          description: |
+            Indicates a successful call. NOTE: This HTTP response code indicates that the bulk operation succeeded.  Errors pertaining to individual objects will be returned in the response body.
         '400':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
@@ -37054,10 +34846,8 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
                 type: object
-          description: >
-            Indicates a successful call. NOTE: This HTTP response code indicates
-            that the bulk operation succeeded. Errors pertaining to individual
-            objects will be returned in the response body.
+          description: |
+            Indicates a successful call. NOTE: This HTTP response code indicates that the bulk operation succeeded. Errors pertaining to individual objects will be returned in the response body.
         '400':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
@@ -37069,24 +34859,15 @@ paths:
         - saved objects
   /api/saved_objects/_export:
     post:
-      description: >
+      description: |
         Retrieve sets of saved objects that you want to import into Kibana.
-
         You must include `type` or `objects` in the request body.
 
+        Exported saved objects are not backwards compatible and cannot be imported into an older version of Kibana.
 
-        Exported saved objects are not backwards compatible and cannot be
-        imported into an older version of Kibana.
-
-
-        NOTE: The `savedObjects.maxImportExportSize` configuration setting
-        limits the number of saved objects which may be exported.
-
+        NOTE: The `savedObjects.maxImportExportSize` configuration setting limits the number of saved objects which may be exported.
 
-        This functionality is in technical preview and may be changed or removed
-        in a future release. Elastic will work to fix any issues, but features
-        in technical preview are not subject to the support SLA of official GA
-        features.
+        This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
       operationId: exportSavedObjectsDefault
       parameters:
         - $ref: '#/components/parameters/Saved_objects_kbn_xsrf'
@@ -37104,9 +34885,7 @@ paths:
                   description: Do not add export details entry at the end of the stream.
                   type: boolean
                 includeReferencesDeep:
-                  description: >-
-                    Includes all of the referenced objects in the exported
-                    objects.
+                  description: Includes all of the referenced objects in the exported objects.
                   type: boolean
                 objects:
                   description: A list of objects to export.
@@ -37114,9 +34893,7 @@ paths:
                     type: object
                   type: array
                 type:
-                  description: >-
-                    The saved object types to include in the export. Use `*` to
-                    export all the types.
+                  description: The saved object types to include in the export. Use `*` to export all the types.
                   oneOf:
                     - type: string
                     - items:
@@ -37149,15 +34926,8 @@ paths:
       description: Retrieve a paginated set of Kibana saved objects.
       operationId: findSavedObjects
       parameters:
-        - description: >
-            An aggregation structure, serialized as a string. The field format
-            is similar to filter, meaning that to use a saved object type
-            attribute in the aggregation, the `savedObjectType.attributes.title:
-            "myTitle"` format must be used. For root fields, the syntax is
-            `savedObjectType.rootField`. NOTE: As objects change in Kibana, the
-            results on each page of the response also change. Use the find API
-            for traditional paginated results, but avoid using it to export
-            large amounts of data.
+        - description: |
+            An aggregation structure, serialized as a string. The field format is similar to filter, meaning that to use a saved object type attribute in the aggregation, the `savedObjectType.attributes.title: "myTitle"` format must be used. For root fields, the syntax is `savedObjectType.rootField`. NOTE: As objects change in Kibana, the results on each page of the response also change. Use the find API for traditional paginated results, but avoid using it to export large amounts of data.
           in: query
           name: aggs
           schema:
@@ -37174,41 +34944,28 @@ paths:
             oneOf:
               - type: string
               - type: array
-        - description: >
-            The filter is a KQL string with the caveat that if you filter with
-            an attribute from your saved object type, it should look like that:
-            `savedObjectType.attributes.title: "myTitle"`. However, if you use a
-            root attribute of a saved object such as `updated_at`, you will have
-            to define your filter like that: `savedObjectType.updated_at >
-            2018-12-22`.
+        - description: |
+            The filter is a KQL string with the caveat that if you filter with an attribute from your saved object type, it should look like that: `savedObjectType.attributes.title: "myTitle"`. However, if you use a root attribute of a saved object such as `updated_at`, you will have to define your filter like that: `savedObjectType.updated_at > 2018-12-22`.
           in: query
           name: filter
           schema:
             type: string
-        - description: >-
-            Filters to objects that do not have a relationship with the type and
-            identifier combination.
+        - description: Filters to objects that do not have a relationship with the type and identifier combination.
           in: query
           name: has_no_reference
           schema:
             type: object
-        - description: >-
-            The operator to use for the `has_no_reference` parameter. Either
-            `OR` or `AND`. Defaults to `OR`.
+        - description: The operator to use for the `has_no_reference` parameter. Either `OR` or `AND`. Defaults to `OR`.
           in: query
           name: has_no_reference_operator
           schema:
             type: string
-        - description: >-
-            Filters to objects that have a relationship with the type and ID
-            combination.
+        - description: Filters to objects that have a relationship with the type and ID combination.
           in: query
           name: has_reference
           schema:
             type: object
-        - description: >-
-            The operator to use for the `has_reference` parameter. Either `OR`
-            or `AND`. Defaults to `OR`.
+        - description: The operator to use for the `has_reference` parameter. Either `OR` or `AND`. Defaults to `OR`.
           in: query
           name: has_reference_operator
           schema:
@@ -37223,30 +34980,20 @@ paths:
           name: per_page
           schema:
             type: integer
-        - description: >-
-            An Elasticsearch `simple_query_string` query that filters the
-            objects in the response.
+        - description: An Elasticsearch `simple_query_string` query that filters the objects in the response.
           in: query
           name: search
           schema:
             type: string
-        - description: >-
-            The fields to perform the `simple_query_string` parsed query
-            against.
+        - description: The fields to perform the `simple_query_string` parsed query against.
           in: query
           name: search_fields
           schema:
             oneOf:
               - type: string
               - type: array
-        - description: >
-            Sorts the response. Includes "root" and "type" fields. "root" fields
-            exist for all saved objects, such as "updated_at". "type" fields are
-            specific to an object type, such as fields returned in the
-            attributes key of the response. When a single type is defined in the
-            type parameter, the "root" and "type" fields are allowed, and
-            validity checks are made in that order. When multiple types are
-            defined in the type parameter, only "root" fields are allowed.
+        - description: |
+            Sorts the response. Includes "root" and "type" fields. "root" fields exist for all saved objects, such as "updated_at". "type" fields are specific to an object type, such as fields returned in the attributes key of the response. When a single type is defined in the type parameter, the "root" and "type" fields are allowed, and validity checks are made in that order. When multiple types are defined in the type parameter, only "root" fields are allowed.
           in: query
           name: sort_field
           schema:
@@ -37277,49 +35024,30 @@ paths:
         - saved objects
   /api/saved_objects/_import:
     post:
-      description: >
-        Create sets of Kibana saved objects from a file created by the export
-        API.
-
-        Saved objects can be imported only into the same version, a newer minor
-        on the same major, or the next major. Exported saved objects are not
-        backwards compatible and cannot be imported into an older version of
-        Kibana.
-
+      description: |
+        Create sets of Kibana saved objects from a file created by the export API.
+        Saved objects can be imported only into the same version, a newer minor on the same major, or the next major. Exported saved objects are not backwards compatible and cannot be imported into an older version of Kibana.
 
-        This functionality is in technical preview and may be changed or removed
-        in a future release. Elastic will work to fix any issues, but features
-        in technical preview are not subject to the support SLA of official GA
-        features.
+        This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
       operationId: importSavedObjectsDefault
       parameters:
         - $ref: '#/components/parameters/Saved_objects_kbn_xsrf'
-        - description: >
-            Creates copies of saved objects, regenerates each object ID, and
-            resets the origin. When used, potential conflict errors are avoided.
-            NOTE: This option cannot be used with the `overwrite` and
-            `compatibilityMode` options.
+        - description: |
+            Creates copies of saved objects, regenerates each object ID, and resets the origin. When used, potential conflict errors are avoided. NOTE: This option cannot be used with the `overwrite` and `compatibilityMode` options.
           in: query
           name: createNewCopies
           required: false
           schema:
             type: boolean
-        - description: >
-            Overwrites saved objects when they already exist. When used,
-            potential conflict errors are automatically resolved by overwriting
-            the destination object. NOTE: This option cannot be used with the
-            `createNewCopies` option.
+        - description: |
+            Overwrites saved objects when they already exist. When used, potential conflict errors are automatically resolved by overwriting the destination object. NOTE: This option cannot be used with the `createNewCopies` option.
           in: query
           name: overwrite
           required: false
           schema:
             type: boolean
-        - description: >
-            Applies various adjustments to the saved objects that are being
-            imported to maintain compatibility between different Kibana
-            versions. Use this option only if you encounter issues with imported
-            saved objects. NOTE: This option cannot be used with the
-            `createNewCopies` option.
+        - description: |
+            Applies various adjustments to the saved objects that are being imported to maintain compatibility between different Kibana versions. Use this option only if you encounter issues with imported saved objects. NOTE: This option cannot be used with the `createNewCopies` option.
           in: query
           name: compatibilityMode
           required: false
@@ -37335,13 +35063,8 @@ paths:
               type: object
               properties:
                 file:
-                  description: >
-                    A file exported using the export API. NOTE: The
-                    `savedObjects.maxImportExportSize` configuration setting
-                    limits the number of saved objects which may be included in
-                    this file. Similarly, the
-                    `savedObjects.maxImportPayloadBytes` setting limits the
-                    overall size of the file that can be imported.
+                  description: |
+                    A file exported using the export API. NOTE: The `savedObjects.maxImportExportSize` configuration setting limits the number of saved objects which may be included in this file. Similarly, the `savedObjects.maxImportPayloadBytes` setting limits the overall size of the file that can be imported.
         required: true
       responses:
         '200':
@@ -37354,38 +35077,25 @@ paths:
                 type: object
                 properties:
                   errors:
-                    description: >
-                      Indicates the import was unsuccessful and specifies the
-                      objects that failed to import.
-
+                    description: |
+                      Indicates the import was unsuccessful and specifies the objects that failed to import.
 
-                      NOTE: One object may result in multiple errors, which
-                      requires separate steps to resolve. For instance, a
-                      `missing_references` error and conflict error.
+                      NOTE: One object may result in multiple errors, which requires separate steps to resolve. For instance, a `missing_references` error and conflict error.
                     items:
                       type: object
                     type: array
                   success:
-                    description: >
-                      Indicates when the import was successfully completed. When
-                      set to false, some objects may not have been created. For
-                      additional information, refer to the `errors` and
-                      `successResults` properties.
+                    description: |
+                      Indicates when the import was successfully completed. When set to false, some objects may not have been created. For additional information, refer to the `errors` and `successResults` properties.
                     type: boolean
                   successCount:
                     description: Indicates the number of successfully imported records.
                     type: integer
                   successResults:
-                    description: >
-                      Indicates the objects that are successfully imported, with
-                      any metadata if applicable.
-
+                    description: |
+                      Indicates the objects that are successfully imported, with any metadata if applicable.
 
-                      NOTE: Objects are created only when all resolvable errors
-                      are addressed, including conflicts and missing references.
-                      If objects are created as new copies, each entry in the
-                      `successResults` array includes a `destinationId`
-                      attribute.
+                      NOTE: Objects are created only when all resolvable errors are addressed, including conflicts and missing references. If objects are created as new copies, each entry in the `successResults` array includes a `destinationId` attribute.
                     items:
                       type: object
                     type: array
@@ -37409,39 +35119,26 @@ paths:
               --form file=@file.ndjson
   /api/saved_objects/_resolve_import_errors:
     post:
-      description: >
+      description: |
         To resolve errors from the Import objects API, you can:
 
-
         * Retry certain saved objects
-
         * Overwrite specific saved objects
-
         * Change references to different saved objects
 
-
-        This functionality is in technical preview and may be changed or removed
-        in a future release. Elastic will work to fix any issues, but features
-        in technical preview are not subject to the support SLA of official GA
-        features.
+        This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
       operationId: resolveImportErrors
       parameters:
         - $ref: '#/components/parameters/Saved_objects_kbn_xsrf'
-        - description: >
-            Applies various adjustments to the saved objects that are being
-            imported to maintain compatibility between different Kibana
-            versions. When enabled during the initial import, also enable when
-            resolving import errors. This option cannot be used with the
-            `createNewCopies` option.
+        - description: |
+            Applies various adjustments to the saved objects that are being imported to maintain compatibility between different Kibana versions. When enabled during the initial import, also enable when resolving import errors. This option cannot be used with the `createNewCopies` option.
           in: query
           name: compatibilityMode
           required: false
           schema:
             type: boolean
-        - description: >
-            Creates copies of the saved objects, regenerates each object ID, and
-            resets the origin. When enabled during the initial import, also
-            enable when resolving import errors.
+        - description: |
+            Creates copies of the saved objects, regenerates each object ID, and resets the origin. When enabled during the initial import, also enable when resolving import errors.
           in: query
           name: createNewCopies
           required: false
@@ -37452,8 +35149,7 @@ paths:
           multipart/form-data; Elastic-Api-Version=2023-10-31:
             examples:
               resolveImportErrorsRequest:
-                $ref: >-
-                  #/components/examples/Saved_objects_resolve_missing_reference_request
+                $ref: '#/components/examples/Saved_objects_resolve_missing_reference_request'
             schema:
               type: object
               properties:
@@ -37462,35 +35158,24 @@ paths:
                   format: binary
                   type: string
                 retries:
-                  description: >-
-                    The retry operations, which can specify how to resolve
-                    different types of errors.
+                  description: The retry operations, which can specify how to resolve different types of errors.
                   items:
                     type: object
                     properties:
                       destinationId:
-                        description: >-
-                          Specifies the destination ID that the imported object
-                          should have, if different from the current ID.
+                        description: Specifies the destination ID that the imported object should have, if different from the current ID.
                         type: string
                       id:
                         description: The saved object ID.
                         type: string
                       ignoreMissingReferences:
-                        description: >-
-                          When set to `true`, ignores missing reference errors.
-                          When set to `false`, does nothing.
+                        description: When set to `true`, ignores missing reference errors. When set to `false`, does nothing.
                         type: boolean
                       overwrite:
-                        description: >-
-                          When set to `true`, the source object overwrites the
-                          conflicting destination object. When set to `false`,
-                          does nothing.
+                        description: When set to `true`, the source object overwrites the conflicting destination object. When set to `false`, does nothing.
                         type: boolean
                       replaceReferences:
-                        description: >-
-                          A list of `type`, `from`, and `to` used to change the
-                          object references.
+                        description: A list of `type`, `from`, and `to` used to change the object references.
                         items:
                           type: object
                           properties:
@@ -37517,41 +35202,31 @@ paths:
             application/json; Elastic-Api-Version=2023-10-31:
               examples:
                 resolveImportErrorsResponse:
-                  $ref: >-
-                    #/components/examples/Saved_objects_resolve_missing_reference_response
+                  $ref: '#/components/examples/Saved_objects_resolve_missing_reference_response'
               schema:
                 type: object
                 properties:
                   errors:
-                    description: >
+                    description: |
                       Specifies the objects that failed to resolve.
 
-
-                      NOTE: One object can result in multiple errors, which
-                      requires separate steps to resolve. For instance, a
-                      `missing_references` error and a `conflict` error.
+                      NOTE: One object can result in multiple errors, which requires separate steps to resolve. For instance, a `missing_references` error and a `conflict` error.
                     items:
                       type: object
                     type: array
                   success:
-                    description: >
-                      Indicates a successful import. When set to `false`, some
-                      objects may not have been created. For additional
-                      information, refer to the `errors` and `successResults`
-                      properties.
+                    description: |
+                      Indicates a successful import. When set to `false`, some objects may not have been created. For additional information, refer to the `errors` and `successResults` properties.
                     type: boolean
                   successCount:
                     description: |
                       Indicates the number of successfully resolved records.
                     type: number
                   successResults:
-                    description: >
-                      Indicates the objects that are successfully imported, with
-                      any metadata if applicable.
-
+                    description: |
+                      Indicates the objects that are successfully imported, with any metadata if applicable.
 
-                      NOTE: Objects are only created when all resolvable errors
-                      are addressed, including conflict and missing references.
+                      NOTE: Objects are only created when all resolvable errors are addressed, including conflict and missing references.
                     items:
                       type: object
                     type: array
@@ -37635,9 +35310,7 @@ paths:
         - saved objects
     post:
       deprecated: true
-      description: >-
-        Create a Kibana saved object and specify its identifier instead of using
-        a randomly generated ID.
+      description: Create a Kibana saved object and specify its identifier instead of using a randomly generated ID.
       operationId: createSavedObjectId
       parameters:
         - $ref: '#/components/parameters/Saved_objects_kbn_xsrf'
@@ -37718,14 +35391,8 @@ paths:
   /api/saved_objects/resolve/{type}/{id}:
     get:
       deprecated: true
-      description: >
-        Retrieve a single Kibana saved object by identifier using any legacy URL
-        alias if it exists. Under certain circumstances, when Kibana is
-        upgraded, saved object migrations may necessitate regenerating some
-        object IDs to enable new features. When an object's ID is regenerated, a
-        legacy URL alias is created for that object, preserving its old ID. In
-        such a scenario, that object can be retrieved using either its new ID or
-        its old ID.
+      description: |
+        Retrieve a single Kibana saved object by identifier using any legacy URL alias if it exists. Under certain circumstances, when Kibana is upgraded, saved object migrations may necessitate regenerating some object IDs to enable new features. When an object's ID is regenerated, a legacy URL alias is created for that object, preserving its old ID. In such a scenario, that object can be retrieved using either its new ID or its old ID.
       operationId: resolveSavedObject
       parameters:
         - $ref: '#/components/parameters/Saved_objects_saved_object_id'
@@ -37748,10 +35415,7 @@ paths:
         - saved objects
   /api/security_ai_assistant/anonymization_fields/_bulk_action:
     post:
-      description: >-
-        Apply a bulk action to multiple anonymization fields. The bulk action is
-        applied to all anonymization fields that match the filter or to the list
-        of anonymization fields by their IDs.
+      description: Apply a bulk action to multiple anonymization fields. The bulk action is applied to all anonymization fields that match the filter or to the list of anonymization fields by their IDs.
       operationId: PerformAnonymizationFieldsBulkAction
       requestBody:
         content:
@@ -37761,8 +35425,7 @@ paths:
               properties:
                 create:
                   items:
-                    $ref: >-
-                      #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldCreateProps
+                    $ref: '#/components/schemas/Security_AI_Assistant_API_AnonymizationFieldCreateProps'
                   type: array
                 delete:
                   type: object
@@ -37778,16 +35441,14 @@ paths:
                       type: string
                 update:
                   items:
-                    $ref: >-
-                      #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldUpdateProps
+                    $ref: '#/components/schemas/Security_AI_Assistant_API_AnonymizationFieldUpdateProps'
                   type: array
       responses:
         '200':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldsBulkCrudActionResponse
+                $ref: '#/components/schemas/Security_AI_Assistant_API_AnonymizationFieldsBulkCrudActionResponse'
           description: Indicates a successful call.
         '400':
           content:
@@ -37805,7 +35466,6 @@ paths:
       summary: Apply a bulk action to anonymization fields
       tags:
         - Security AI Assistant API
-        - Bulk API
   /api/security_ai_assistant/anonymization_fields/_find:
     get:
       description: Get a list of all anonymization fields.
@@ -37829,8 +35489,7 @@ paths:
           name: sort_field
           required: false
           schema:
-            $ref: >-
-              #/components/schemas/Security_AI_Assistant_API_FindAnonymizationFieldsSortField
+            $ref: '#/components/schemas/Security_AI_Assistant_API_FindAnonymizationFieldsSortField'
         - description: Sort order
           in: query
           name: sort_order
@@ -37862,8 +35521,7 @@ paths:
                 properties:
                   data:
                     items:
-                      $ref: >-
-                        #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldResponse
+                      $ref: '#/components/schemas/Security_AI_Assistant_API_AnonymizationFieldResponse'
                     type: array
                   page:
                     type: integer
@@ -37893,7 +35551,6 @@ paths:
       summary: Get anonymization fields
       tags:
         - Security AI Assistant API
-        - AnonymizationFields API
   /api/security_ai_assistant/chat/complete:
     post:
       description: Create a model response for the given chat conversation.
@@ -37928,7 +35585,6 @@ paths:
       summary: Create a model response
       tags:
         - Security AI Assistant API
-        - Chat Complete API
   /api/security_ai_assistant/current_user/conversations:
     post:
       description: Create a new Security AI Assistant conversation.
@@ -37937,16 +35593,14 @@ paths:
         content:
           application/json; Elastic-Api-Version=2023-10-31:
             schema:
-              $ref: >-
-                #/components/schemas/Security_AI_Assistant_API_ConversationCreateProps
+              $ref: '#/components/schemas/Security_AI_Assistant_API_ConversationCreateProps'
         required: true
       responses:
         '200':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_AI_Assistant_API_ConversationResponse
+                $ref: '#/components/schemas/Security_AI_Assistant_API_ConversationResponse'
           description: Indicates a successful call.
         '400':
           content:
@@ -37964,7 +35618,6 @@ paths:
       summary: Create a conversation
       tags:
         - Security AI Assistant API
-        - Conversation API
   /api/security_ai_assistant/current_user/conversations/_find:
     get:
       description: Get a list of all conversations for the current user.
@@ -37988,8 +35641,7 @@ paths:
           name: sort_field
           required: false
           schema:
-            $ref: >-
-              #/components/schemas/Security_AI_Assistant_API_FindConversationsSortField
+            $ref: '#/components/schemas/Security_AI_Assistant_API_FindConversationsSortField'
         - description: Sort order
           in: query
           name: sort_order
@@ -38021,8 +35673,7 @@ paths:
                 properties:
                   data:
                     items:
-                      $ref: >-
-                        #/components/schemas/Security_AI_Assistant_API_ConversationResponse
+                      $ref: '#/components/schemas/Security_AI_Assistant_API_ConversationResponse'
                     type: array
                   page:
                     type: integer
@@ -38052,7 +35703,6 @@ paths:
       summary: Get conversations
       tags:
         - Security AI Assistant API
-        - Conversations API
   /api/security_ai_assistant/current_user/conversations/{id}:
     delete:
       description: Delete an existing conversation using the conversation ID.
@@ -38069,8 +35719,7 @@ paths:
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_AI_Assistant_API_ConversationResponse
+                $ref: '#/components/schemas/Security_AI_Assistant_API_ConversationResponse'
           description: Indicates a successful call.
         '400':
           content:
@@ -38088,7 +35737,6 @@ paths:
       summary: Delete a conversation
       tags:
         - Security AI Assistant API
-        - Conversation API
     get:
       description: Get the details of an existing conversation using the conversation ID.
       operationId: ReadConversation
@@ -38104,8 +35752,7 @@ paths:
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_AI_Assistant_API_ConversationResponse
+                $ref: '#/components/schemas/Security_AI_Assistant_API_ConversationResponse'
           description: Indicates a successful call.
         '400':
           content:
@@ -38123,7 +35770,6 @@ paths:
       summary: Get a conversation
       tags:
         - Security AI Assistant API
-        - Conversations API
     put:
       description: Update an existing conversation using the conversation ID.
       operationId: UpdateConversation
@@ -38138,16 +35784,14 @@ paths:
         content:
           application/json; Elastic-Api-Version=2023-10-31:
             schema:
-              $ref: >-
-                #/components/schemas/Security_AI_Assistant_API_ConversationUpdateProps
+              $ref: '#/components/schemas/Security_AI_Assistant_API_ConversationUpdateProps'
         required: true
       responses:
         '200':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_AI_Assistant_API_ConversationResponse
+                $ref: '#/components/schemas/Security_AI_Assistant_API_ConversationResponse'
           description: Indicates a successful call.
         '400':
           content:
@@ -38165,13 +35809,9 @@ paths:
       summary: Update a conversation
       tags:
         - Security AI Assistant API
-        - Conversation API
   /api/security_ai_assistant/prompts/_bulk_action:
     post:
-      description: >-
-        Apply a bulk action to multiple prompts. The bulk action is applied to
-        all prompts that match the filter or to the list of prompts by their
-        IDs.
+      description: Apply a bulk action to multiple prompts. The bulk action is applied to all prompts that match the filter or to the list of prompts by their IDs.
       operationId: PerformPromptsBulkAction
       requestBody:
         content:
@@ -38181,8 +35821,7 @@ paths:
               properties:
                 create:
                   items:
-                    $ref: >-
-                      #/components/schemas/Security_AI_Assistant_API_PromptCreateProps
+                    $ref: '#/components/schemas/Security_AI_Assistant_API_PromptCreateProps'
                   type: array
                 delete:
                   type: object
@@ -38198,16 +35837,14 @@ paths:
                       type: string
                 update:
                   items:
-                    $ref: >-
-                      #/components/schemas/Security_AI_Assistant_API_PromptUpdateProps
+                    $ref: '#/components/schemas/Security_AI_Assistant_API_PromptUpdateProps'
                   type: array
       responses:
         '200':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_AI_Assistant_API_PromptsBulkCrudActionResponse
+                $ref: '#/components/schemas/Security_AI_Assistant_API_PromptsBulkCrudActionResponse'
           description: Indicates a successful call.
         '400':
           content:
@@ -38225,7 +35862,6 @@ paths:
       summary: Apply a bulk action to prompts
       tags:
         - Security AI Assistant API
-        - Bulk API
   /api/security_ai_assistant/prompts/_find:
     get:
       description: Get a list of all prompts.
@@ -38249,8 +35885,7 @@ paths:
           name: sort_field
           required: false
           schema:
-            $ref: >-
-              #/components/schemas/Security_AI_Assistant_API_FindPromptsSortField
+            $ref: '#/components/schemas/Security_AI_Assistant_API_FindPromptsSortField'
         - description: Sort order
           in: query
           name: sort_order
@@ -38282,8 +35917,7 @@ paths:
                 properties:
                   data:
                     items:
-                      $ref: >-
-                        #/components/schemas/Security_AI_Assistant_API_PromptResponse
+                      $ref: '#/components/schemas/Security_AI_Assistant_API_PromptResponse'
                     type: array
                   page:
                     type: integer
@@ -38313,7 +35947,6 @@ paths:
       summary: Get prompts
       tags:
         - Security AI Assistant API
-        - Prompts API
   /api/security/role:
     get:
       operationId: get-security-role
@@ -38326,10 +35959,7 @@ paths:
             enum:
               - '2023-10-31'
             type: string
-        - description: >-
-            If `true` and the response contains any privileges that are
-            associated with deprecated features, they are omitted in favor of
-            details about the appropriate replacement feature privileges.
+        - description: If `true` and the response contains any privileges that are associated with deprecated features, they are omitted in favor of details about the appropriate replacement feature privileges.
           in: query
           name: replaceDeprecatedPrivileges
           required: false
@@ -38338,6 +35968,11 @@ paths:
       responses:
         '200':
           description: Indicates a successful call.
+          content:
+            application/json; Elastic-Api-Version=2023-10-31:
+              examples:
+                getRolesResponse1:
+                  $ref: '#/components/examples/get_roles_response1'
       summary: Get all roles
       tags:
         - roles
@@ -38390,10 +36025,7 @@ paths:
           schema:
             minLength: 1
             type: string
-        - description: >-
-            If `true` and the response contains any privileges that are
-            associated with deprecated features, they are omitted in favor of
-            details about the appropriate replacement feature privileges.
+        - description: If `true` and the response contains any privileges that are associated with deprecated features, they are omitted in favor of details about the appropriate replacement feature privileges.
           in: query
           name: replaceDeprecatedPrivileges
           required: false
@@ -38402,13 +36034,16 @@ paths:
       responses:
         '200':
           description: Indicates a successful call.
+          content:
+            application/json; Elastic-Api-Version=2023-10-31:
+              examples:
+                getRoleResponse1:
+                  $ref: '#/components/examples/get_role_response1'
       summary: Get a role
       tags:
         - roles
     put:
-      description: >-
-        Create a new Kibana role or update the attributes of an existing role.
-        Kibana roles are stored in the Elasticsearch native realm.
+      description: Create a new Kibana role or update the attributes of an existing role. Kibana roles are stored in the Elasticsearch native realm.
       operationId: put-security-role-name
       parameters:
         - description: The version of the API to use
@@ -38458,9 +36093,7 @@ paths:
                   properties:
                     cluster:
                       items:
-                        description: >-
-                          Cluster privileges that define the cluster level
-                          actions that users can perform.
+                        description: Cluster privileges that define the cluster level actions that users can perform.
                         type: string
                       type: array
                     indices:
@@ -38469,55 +36102,29 @@ paths:
                         type: object
                         properties:
                           allow_restricted_indices:
-                            description: >-
-                              Restricted indices are a special category of
-                              indices that are used internally to store
-                              configuration data and should not be directly
-                              accessed. Only internal system roles should
-                              normally grant privileges over the restricted
-                              indices. Toggling this flag is very strongly
-                              discouraged because it could effectively grant
-                              unrestricted operations on critical data, making
-                              the entire system unstable or leaking sensitive
-                              information. If for administrative purposes you
-                              need to create a role with privileges covering
-                              restricted indices, however, you can set this
-                              property to true. In that case, the names field
-                              covers the restricted indices too.
+                            description: Restricted indices are a special category of indices that are used internally to store configuration data and should not be directly accessed. Only internal system roles should normally grant privileges over the restricted indices. Toggling this flag is very strongly discouraged because it could effectively grant unrestricted operations on critical data, making the entire system unstable or leaking sensitive information. If for administrative purposes you need to create a role with privileges covering restricted indices, however, you can set this property to true. In that case, the names field covers the restricted indices too.
                             type: boolean
                           field_security:
                             additionalProperties:
                               items:
-                                description: >-
-                                  The document fields that the role members have
-                                  read access to.
+                                description: The document fields that the role members have read access to.
                                 type: string
                               type: array
                             type: object
                           names:
                             items:
-                              description: >-
-                                The data streams, indices, and aliases to which
-                                the permissions in this entry apply. It supports
-                                wildcards (*).
+                              description: The data streams, indices, and aliases to which the permissions in this entry apply. It supports wildcards (*).
                               type: string
                             minItems: 1
                             type: array
                           privileges:
                             items:
-                              description: >-
-                                The index level privileges that the role members
-                                have for the data streams and indices.
+                              description: The index level privileges that the role members have for the data streams and indices.
                               type: string
                             minItems: 1
                             type: array
                           query:
-                            description: >-
-                              A search query that defines the documents the role
-                              members have read access to. A document within the
-                              specified data streams and indices must match this
-                              query in order for it to be accessible by the role
-                              members.
+                            description: A search query that defines the documents the role members have read access to. A document within the specified data streams and indices must match this query in order for it to be accessible by the role members.
                             type: string
                         required:
                           - names
@@ -38530,19 +36137,13 @@ paths:
                         properties:
                           clusters:
                             items:
-                              description: >-
-                                A list of remote cluster aliases. It supports
-                                literal strings as well as wildcards and regular
-                                expressions.
+                              description: A list of remote cluster aliases. It supports literal strings as well as wildcards and regular expressions.
                               type: string
                             minItems: 1
                             type: array
                           privileges:
                             items:
-                              description: >-
-                                The cluster level privileges for the remote
-                                cluster. The allowed values are a subset of the
-                                cluster privileges.
+                              description: The cluster level privileges for the remote cluster. The allowed values are a subset of the cluster privileges.
                               type: string
                             minItems: 1
                             type: array
@@ -38556,64 +36157,35 @@ paths:
                         type: object
                         properties:
                           allow_restricted_indices:
-                            description: >-
-                              Restricted indices are a special category of
-                              indices that are used internally to store
-                              configuration data and should not be directly
-                              accessed. Only internal system roles should
-                              normally grant privileges over the restricted
-                              indices. Toggling this flag is very strongly
-                              discouraged because it could effectively grant
-                              unrestricted operations on critical data, making
-                              the entire system unstable or leaking sensitive
-                              information. If for administrative purposes you
-                              need to create a role with privileges covering
-                              restricted indices, however, you can set this
-                              property to true. In that case, the names field
-                              will cover the restricted indices too.
+                            description: Restricted indices are a special category of indices that are used internally to store configuration data and should not be directly accessed. Only internal system roles should normally grant privileges over the restricted indices. Toggling this flag is very strongly discouraged because it could effectively grant unrestricted operations on critical data, making the entire system unstable or leaking sensitive information. If for administrative purposes you need to create a role with privileges covering restricted indices, however, you can set this property to true. In that case, the names field will cover the restricted indices too.
                             type: boolean
                           clusters:
                             items:
-                              description: >-
-                                A list of remote cluster aliases. It supports
-                                literal strings as well as wildcards and regular
-                                expressions.
+                              description: A list of remote cluster aliases. It supports literal strings as well as wildcards and regular expressions.
                               type: string
                             minItems: 1
                             type: array
                           field_security:
                             additionalProperties:
                               items:
-                                description: >-
-                                  The document fields that the role members have
-                                  read access to.
+                                description: The document fields that the role members have read access to.
                                 type: string
                               type: array
                             type: object
                           names:
                             items:
-                              description: >-
-                                A list of remote aliases, data streams, or
-                                indices to which the permissions apply. It
-                                supports wildcards (*).
+                              description: A list of remote aliases, data streams, or indices to which the permissions apply. It supports wildcards (*).
                               type: string
                             minItems: 1
                             type: array
                           privileges:
                             items:
-                              description: >-
-                                The index level privileges that role members
-                                have for the specified indices.
+                              description: The index level privileges that role members have for the specified indices.
                               type: string
                             minItems: 1
                             type: array
                           query:
-                            description: >-
-                              A search query that defines the documents the role
-                              members have read access to. A document within the
-                              specified data streams and indices must match this
-                              query in order for it to be accessible by the role
-                              members. 
+                            description: 'A search query that defines the documents the role members have read access to. A document within the specified data streams and indices must match this query in order for it to be accessible by the role members. '
                             type: string
                         required:
                           - clusters
@@ -38641,23 +36213,17 @@ paths:
                         nullable: true
                         oneOf:
                           - items:
-                              description: >-
-                                A base privilege that grants applies to all
-                                spaces.
+                              description: A base privilege that grants applies to all spaces.
                               type: string
                             type: array
                           - items:
-                              description: >-
-                                A base privilege that applies to specific
-                                spaces.
+                              description: A base privilege that applies to specific spaces.
                               type: string
                             type: array
                       feature:
                         additionalProperties:
                           items:
-                            description: >-
-                              The privileges that the role member has for the
-                              feature.
+                            description: The privileges that the role member has for the feature.
                             type: string
                           type: array
                         type: object
@@ -38684,6 +36250,15 @@ paths:
                   type: object
               required:
                 - elasticsearch
+            examples:
+              createRoleRequest1:
+                $ref: '#/components/examples/create_role_request1'
+              createRoleRequest2:
+                $ref: '#/components/examples/create_role_request2'
+              createRoleRequest3:
+                $ref: '#/components/examples/create_role_request3'
+              createRoleRequest4:
+                $ref: '#/components/examples/create_role_request4'
       responses:
         '204':
           description: Indicates a successful call.
@@ -38731,9 +36306,7 @@ paths:
                         properties:
                           cluster:
                             items:
-                              description: >-
-                                Cluster privileges that define the cluster level
-                                actions that users can perform.
+                              description: Cluster privileges that define the cluster level actions that users can perform.
                               type: string
                             type: array
                           indices:
@@ -38742,58 +36315,29 @@ paths:
                               type: object
                               properties:
                                 allow_restricted_indices:
-                                  description: >-
-                                    Restricted indices are a special category of
-                                    indices that are used internally to store
-                                    configuration data and should not be
-                                    directly accessed. Only internal system
-                                    roles should normally grant privileges over
-                                    the restricted indices. Toggling this flag
-                                    is very strongly discouraged because it
-                                    could effectively grant unrestricted
-                                    operations on critical data, making the
-                                    entire system unstable or leaking sensitive
-                                    information. If for administrative purposes
-                                    you need to create a role with privileges
-                                    covering restricted indices, however, you
-                                    can set this property to true. In that case,
-                                    the names field covers the restricted
-                                    indices too.
+                                  description: Restricted indices are a special category of indices that are used internally to store configuration data and should not be directly accessed. Only internal system roles should normally grant privileges over the restricted indices. Toggling this flag is very strongly discouraged because it could effectively grant unrestricted operations on critical data, making the entire system unstable or leaking sensitive information. If for administrative purposes you need to create a role with privileges covering restricted indices, however, you can set this property to true. In that case, the names field covers the restricted indices too.
                                   type: boolean
                                 field_security:
                                   additionalProperties:
                                     items:
-                                      description: >-
-                                        The document fields that the role
-                                        members have read access to.
+                                      description: The document fields that the role members have read access to.
                                       type: string
                                     type: array
                                   type: object
                                 names:
                                   items:
-                                    description: >-
-                                      The data streams, indices, and aliases to
-                                      which the permissions in this entry apply.
-                                      It supports wildcards (*).
+                                    description: The data streams, indices, and aliases to which the permissions in this entry apply. It supports wildcards (*).
                                     type: string
                                   minItems: 1
                                   type: array
                                 privileges:
                                   items:
-                                    description: >-
-                                      The index level privileges that the role
-                                      members have for the data streams and
-                                      indices.
+                                    description: The index level privileges that the role members have for the data streams and indices.
                                     type: string
                                   minItems: 1
                                   type: array
                                 query:
-                                  description: >-
-                                    A search query that defines the documents
-                                    the role members have read access to. A
-                                    document within the specified data streams
-                                    and indices must match this query in order
-                                    for it to be accessible by the role members.
+                                  description: A search query that defines the documents the role members have read access to. A document within the specified data streams and indices must match this query in order for it to be accessible by the role members.
                                   type: string
                               required:
                                 - names
@@ -38806,19 +36350,13 @@ paths:
                               properties:
                                 clusters:
                                   items:
-                                    description: >-
-                                      A list of remote cluster aliases. It
-                                      supports literal strings as well as
-                                      wildcards and regular expressions.
+                                    description: A list of remote cluster aliases. It supports literal strings as well as wildcards and regular expressions.
                                     type: string
                                   minItems: 1
                                   type: array
                                 privileges:
                                   items:
-                                    description: >-
-                                      The cluster level privileges for the
-                                      remote cluster. The allowed values are a
-                                      subset of the cluster privileges.
+                                    description: The cluster level privileges for the remote cluster. The allowed values are a subset of the cluster privileges.
                                     type: string
                                   minItems: 1
                                   type: array
@@ -38832,67 +36370,35 @@ paths:
                               type: object
                               properties:
                                 allow_restricted_indices:
-                                  description: >-
-                                    Restricted indices are a special category of
-                                    indices that are used internally to store
-                                    configuration data and should not be
-                                    directly accessed. Only internal system
-                                    roles should normally grant privileges over
-                                    the restricted indices. Toggling this flag
-                                    is very strongly discouraged because it
-                                    could effectively grant unrestricted
-                                    operations on critical data, making the
-                                    entire system unstable or leaking sensitive
-                                    information. If for administrative purposes
-                                    you need to create a role with privileges
-                                    covering restricted indices, however, you
-                                    can set this property to true. In that case,
-                                    the names field will cover the restricted
-                                    indices too.
+                                  description: Restricted indices are a special category of indices that are used internally to store configuration data and should not be directly accessed. Only internal system roles should normally grant privileges over the restricted indices. Toggling this flag is very strongly discouraged because it could effectively grant unrestricted operations on critical data, making the entire system unstable or leaking sensitive information. If for administrative purposes you need to create a role with privileges covering restricted indices, however, you can set this property to true. In that case, the names field will cover the restricted indices too.
                                   type: boolean
                                 clusters:
                                   items:
-                                    description: >-
-                                      A list of remote cluster aliases. It
-                                      supports literal strings as well as
-                                      wildcards and regular expressions.
+                                    description: A list of remote cluster aliases. It supports literal strings as well as wildcards and regular expressions.
                                     type: string
                                   minItems: 1
                                   type: array
                                 field_security:
                                   additionalProperties:
                                     items:
-                                      description: >-
-                                        The document fields that the role
-                                        members have read access to.
+                                      description: The document fields that the role members have read access to.
                                       type: string
                                     type: array
                                   type: object
                                 names:
                                   items:
-                                    description: >-
-                                      A list of remote aliases, data streams, or
-                                      indices to which the permissions apply. It
-                                      supports wildcards (*).
+                                    description: A list of remote aliases, data streams, or indices to which the permissions apply. It supports wildcards (*).
                                     type: string
                                   minItems: 1
                                   type: array
                                 privileges:
                                   items:
-                                    description: >-
-                                      The index level privileges that role
-                                      members have for the specified indices.
+                                    description: The index level privileges that role members have for the specified indices.
                                     type: string
                                   minItems: 1
                                   type: array
                                 query:
-                                  description: >-
-                                    A search query that defines the documents
-                                    the role members have read access to. A
-                                    document within the specified data streams
-                                    and indices must match this query in order
-                                    for it to be accessible by the role
-                                    members. 
+                                  description: 'A search query that defines the documents the role members have read access to. A document within the specified data streams and indices must match this query in order for it to be accessible by the role members. '
                                   type: string
                               required:
                                 - clusters
@@ -38901,9 +36407,7 @@ paths:
                             type: array
                           run_as:
                             items:
-                              description: >-
-                                A user name that the role member can
-                                impersonate.
+                              description: A user name that the role member can impersonate.
                               type: string
                             type: array
                       kibana:
@@ -38922,23 +36426,17 @@ paths:
                               nullable: true
                               oneOf:
                                 - items:
-                                    description: >-
-                                      A base privilege that grants applies to
-                                      all spaces.
+                                    description: A base privilege that grants applies to all spaces.
                                     type: string
                                   type: array
                                 - items:
-                                    description: >-
-                                      A base privilege that applies to specific
-                                      spaces.
+                                    description: A base privilege that applies to specific spaces.
                                     type: string
                                   type: array
                             feature:
                               additionalProperties:
                                 items:
-                                  description: >-
-                                    The privileges that the role member has for
-                                    the feature.
+                                  description: The privileges that the role member has for the feature.
                                   type: string
                                 type: array
                               type: object
@@ -38976,15 +36474,7 @@ paths:
         - roles
   /api/spaces/_copy_saved_objects:
     post:
-      description: >-
-        It also allows you to automatically copy related objects, so when you
-        copy a dashboard, this can automatically copy over the associated
-        visualizations, data views, and saved searches, as required. You can
-        request to overwrite any objects that already exist in the target space
-        if they share an identifier or you can use the resolve copy saved
-        objects conflicts API to do this on a per-object
-        basis.<br/><br/>[Required authorization] Route required privileges: ALL
-        of [copySavedObjectsToSpaces].
+      description: 'It also allows you to automatically copy related objects, so when you copy a dashboard, this can automatically copy over the associated visualizations, data views, and saved searches, as required. You can request to overwrite any objects that already exist in the target space if they share an identifier or you can use the resolve copy saved objects conflicts API to do this on a per-object basis.<br/><br/>[Required authorization] Route required privileges: ALL of [copySavedObjectsToSpaces].'
       operationId: post-spaces-copy-saved-objects
       parameters:
         - description: The version of the API to use
@@ -39011,26 +36501,15 @@ paths:
               properties:
                 compatibilityMode:
                   default: false
-                  description: >-
-                    Apply various adjustments to the saved objects that are
-                    being copied to maintain compatibility between different
-                    Kibana versions. Use this option only if you encounter
-                    issues with copied saved objects. This option cannot be used
-                    with the `createNewCopies` option.
+                  description: Apply various adjustments to the saved objects that are being copied to maintain compatibility between different Kibana versions. Use this option only if you encounter issues with copied saved objects. This option cannot be used with the `createNewCopies` option.
                   type: boolean
                 createNewCopies:
                   default: true
-                  description: >-
-                    Create new copies of saved objects, regenerate each object
-                    identifier, and reset the origin. When used, potential
-                    conflict errors are avoided.  This option cannot be used
-                    with the `overwrite` and `compatibilityMode` options.
+                  description: Create new copies of saved objects, regenerate each object identifier, and reset the origin. When used, potential conflict errors are avoided.  This option cannot be used with the `overwrite` and `compatibilityMode` options.
                   type: boolean
                 includeReferences:
                   default: false
-                  description: >-
-                    When set to true, all saved objects related to the specified
-                    saved objects will also be copied into the target spaces.
+                  description: When set to true, all saved objects related to the specified saved objects will also be copied into the target spaces.
                   type: boolean
                 objects:
                   items:
@@ -39049,24 +36528,34 @@ paths:
                   type: array
                 overwrite:
                   default: false
-                  description: >-
-                    When set to true, all conflicts are automatically
-                    overridden. When a saved object with a matching type and
-                    identifier exists in the target space, that version is
-                    replaced with the version from the source space. This option
-                    cannot be used with the `createNewCopies` option.
+                  description: When set to true, all conflicts are automatically overridden. When a saved object with a matching type and identifier exists in the target space, that version is replaced with the version from the source space. This option cannot be used with the `createNewCopies` option.
                   type: boolean
                 spaces:
                   items:
-                    description: >-
-                      The identifiers of the spaces where you want to copy the
-                      specified objects.
+                    description: The identifiers of the spaces where you want to copy the specified objects.
                     type: string
                   type: array
               required:
                 - spaces
                 - objects
-      responses: {}
+            examples:
+              copySavedObjectsRequestExample1:
+                $ref: '#/components/examples/copy_saved_objects_request1'
+              copySavedObjectsRequestExample2:
+                $ref: '#/components/examples/copy_saved_objects_request2'
+      responses:
+        '200':
+          content:
+            application/json; Elastic-Api-Version=2023-10-31:
+              examples:
+                copySavedObjectsResponseExample1:
+                  $ref: '#/components/examples/copy_saved_objects_response1'
+                copySavedObjectsResponseExample2:
+                  $ref: '#/components/examples/copy_saved_objects_response2'
+                copySavedObjectsResponseExample3:
+                  $ref: '#/components/examples/copy_saved_objects_response3'
+                copySavedObjectsResponseExample4:
+                  $ref: '#/components/examples/copy_saved_objects_response4'
       summary: Copy saved objects between spaces
       tags:
         - spaces
@@ -39102,9 +36591,7 @@ paths:
                     type: object
                     properties:
                       sourceId:
-                        description: >-
-                          The alias source object identifier. This is the legacy
-                          object identifier.
+                        description: The alias source object identifier. This is the legacy object identifier.
                         type: string
                       targetSpace:
                         description: The space where the alias target object exists.
@@ -39119,6 +36606,9 @@ paths:
                   type: array
               required:
                 - aliases
+            examples:
+              disableLegacyURLRequestExample1:
+                $ref: '#/components/examples/disable_legacy_url_request1'
       responses: {}
       summary: Disable legacy URL aliases
       tags:
@@ -39171,10 +36661,7 @@ paths:
         - spaces
   /api/spaces/_resolve_copy_saved_objects_errors:
     post:
-      description: >-
-        Overwrite saved objects that are returned as errors from the copy saved
-        objects to space API.<br/><br/>[Required authorization] Route required
-        privileges: ALL of [copySavedObjectsToSpaces].
+      description: 'Overwrite saved objects that are returned as errors from the copy saved objects to space API.<br/><br/>[Required authorization] Route required privileges: ALL of [copySavedObjectsToSpaces].'
       operationId: post-spaces-resolve-copy-saved-objects-errors
       parameters:
         - description: The version of the API to use
@@ -39228,30 +36715,20 @@ paths:
                       type: object
                       properties:
                         createNewCopy:
-                          description: >-
-                            Creates new copies of the saved objects, regenerates
-                            each object ID, and resets the origin.
+                          description: Creates new copies of the saved objects, regenerates each object ID, and resets the origin.
                           type: boolean
                         destinationId:
-                          description: >-
-                            Specifies the destination identifier that the copied
-                            object should have, if different from the current
-                            identifier.
+                          description: Specifies the destination identifier that the copied object should have, if different from the current identifier.
                           type: string
                         id:
                           description: The saved object identifier.
                           type: string
                         ignoreMissingReferences:
-                          description: >-
-                            When set to true, any missing references errors are
-                            ignored.
+                          description: When set to true, any missing references errors are ignored.
                           type: boolean
                         overwrite:
                           default: false
-                          description: >-
-                            When set to true, the saved object from the source
-                            space overwrites the conflicting object in the
-                            destination space.
+                          description: When set to true, the saved object from the source space overwrites the conflicting object in the destination space.
                           type: boolean
                         type:
                           description: The saved object type.
@@ -39264,7 +36741,20 @@ paths:
               required:
                 - retries
                 - objects
-      responses: {}
+            examples:
+              resolveCopySavedObjectsRequestExample1:
+                $ref: '#/components/examples/resolve_copy_saved_objects_request1'
+              resolveCopySavedObjectsRequestExample2:
+                $ref: '#/components/examples/resolve_copy_saved_objects_request2'
+      responses:
+        '200':
+          content:
+            application/json; Elastic-Api-Version=2023-10-31:
+              examples:
+                resolveCopySavedObjectsResponseExample1:
+                  $ref: '#/components/examples/copy_saved_objects_response1'
+                resolveCopySavedObjectsResponseExample2:
+                  $ref: '#/components/examples/copy_saved_objects_response2'
       summary: Resolve conflicts copying saved objects
       tags: []
   /api/spaces/_update_objects_spaces:
@@ -39311,23 +36801,28 @@ paths:
                   type: array
                 spacesToAdd:
                   items:
-                    description: >-
-                      The identifiers of the spaces the saved objects should be
-                      added to or removed from.
+                    description: The identifiers of the spaces the saved objects should be added to or removed from.
                     type: string
                   type: array
                 spacesToRemove:
                   items:
-                    description: >-
-                      The identifiers of the spaces the saved objects should be
-                      added to or removed from.
+                    description: The identifiers of the spaces the saved objects should be added to or removed from.
                     type: string
                   type: array
               required:
                 - objects
                 - spacesToAdd
                 - spacesToRemove
-      responses: {}
+            examples:
+              updateObjectSpacesRequestExample1:
+                $ref: '#/components/examples/update_saved_objects_spaces_request1'
+      responses:
+        '200':
+          content:
+            application/json; Elastic-Api-Version=2023-10-31:
+              examples:
+                updateObjectSpacesResponseExample1:
+                  $ref: '#/components/examples/update_saved_objects_spaces_response1'
       summary: Update saved objects in spaces
       tags:
         - spaces
@@ -39343,9 +36838,7 @@ paths:
             enum:
               - '2023-10-31'
             type: string
-        - description: >-
-            Specifies which authorization checks are applied to the API call.
-            The default value is `any`.
+        - description: Specifies which authorization checks are applied to the API call. The default value is `any`.
           in: query
           name: purpose
           required: false
@@ -39355,14 +36848,7 @@ paths:
               - copySavedObjectsIntoSpace
               - shareSavedObjectsIntoSpace
             type: string
-        - description: >-
-            When enabled, the API returns any spaces that the user is authorized
-            to access in any capacity and each space will contain the purposes
-            for which the user is authorized. This can be useful to determine
-            which spaces a user can read but not take a specific action in. If
-            the security plugin is not enabled, this parameter has no effect,
-            since no authorization checks take place. This parameter cannot be
-            used in with the `purpose` parameter.
+        - description: When enabled, the API returns any spaces that the user is authorized to access in any capacity and each space will contain the purposes for which the user is authorized. This can be useful to determine which spaces a user can read but not take a specific action in. If the security plugin is not enabled, this parameter has no effect, since no authorization checks take place. This parameter cannot be used in with the `purpose` parameter.
           in: query
           name: include_authorized_purposes
           required: true
@@ -39385,6 +36871,13 @@ paths:
       responses:
         '200':
           description: Indicates a successful call.
+          content:
+            application/json; Elastic-Api-Version=2023-10-31:
+              examples:
+                getSpacesResponseExample1:
+                  $ref: '#/components/examples/get_spaces_response1'
+                getSpacesResponseExample2:
+                  $ref: '#/components/examples/get_spaces_response2'
       summary: Get all spaces
       tags:
         - spaces
@@ -39416,10 +36909,7 @@ paths:
                 _reserved:
                   type: boolean
                 color:
-                  description: >-
-                    The hexadecimal color code used in the space avatar. By
-                    default, the color is automatically generated from the space
-                    name.
+                  description: The hexadecimal color code used in the space avatar. By default, the color is automatically generated from the space name.
                   type: string
                 description:
                   description: A description for the space.
@@ -39431,26 +36921,13 @@ paths:
                     type: string
                   type: array
                 id:
-                  description: >-
-                    The space ID that is part of the Kibana URL when inside the
-                    space. Space IDs are limited to lowercase alphanumeric,
-                    underscore, and hyphen characters (a-z, 0-9, _, and -). You
-                    are cannot change the ID with the update operation.
+                  description: The space ID that is part of the Kibana URL when inside the space. Space IDs are limited to lowercase alphanumeric, underscore, and hyphen characters (a-z, 0-9, _, and -). You are cannot change the ID with the update operation.
                   type: string
                 imageUrl:
-                  description: >-
-                    The data-URL encoded image to display in the space avatar.
-                    If specified, initials will not be displayed and the color
-                    will be visible as the background color for transparent
-                    images. For best results, your image should be 64x64. Images
-                    will not be optimized by this API call, so care should be
-                    taken when using custom images.
+                  description: The data-URL encoded image to display in the space avatar. If specified, initials will not be displayed and the color will be visible as the background color for transparent images. For best results, your image should be 64x64. Images will not be optimized by this API call, so care should be taken when using custom images.
                   type: string
                 initials:
-                  description: >-
-                    One or two characters that are shown in the space avatar. By
-                    default, the initials are automatically generated from the
-                    space name.
+                  description: One or two characters that are shown in the space avatar. By default, the initials are automatically generated from the space name.
                   maxLength: 2
                   type: string
                 name:
@@ -39467,6 +36944,9 @@ paths:
               required:
                 - id
                 - name
+            examples:
+              createSpaceRequest:
+                $ref: '#/components/examples/create_space_request'
       responses:
         '200':
           description: Indicates a successful call.
@@ -39475,9 +36955,7 @@ paths:
         - spaces
   /api/spaces/space/{id}:
     delete:
-      description: >-
-        When you delete a space, all saved objects that belong to the space are
-        automatically deleted, which is permanent and cannot be undone.
+      description: When you delete a space, all saved objects that belong to the space are automatically deleted, which is permanent and cannot be undone.
       operationId: delete-spaces-space-id
       parameters:
         - description: The version of the API to use
@@ -39529,6 +37007,11 @@ paths:
       responses:
         '200':
           description: Indicates a successful call.
+          content:
+            application/json; Elastic-Api-Version=2023-10-31:
+              examples:
+                getSpaceResponseExample:
+                  $ref: '#/components/examples/get_space_response'
       summary: Get a space
       tags:
         - spaces
@@ -39550,9 +37033,7 @@ paths:
           schema:
             example: 'true'
             type: string
-        - description: >-
-            The space identifier. You are unable to change the ID with the
-            update operation.
+        - description: The space identifier. You are unable to change the ID with the update operation.
           in: path
           name: id
           required: true
@@ -39568,10 +37049,7 @@ paths:
                 _reserved:
                   type: boolean
                 color:
-                  description: >-
-                    The hexadecimal color code used in the space avatar. By
-                    default, the color is automatically generated from the space
-                    name.
+                  description: The hexadecimal color code used in the space avatar. By default, the color is automatically generated from the space name.
                   type: string
                 description:
                   description: A description for the space.
@@ -39583,26 +37061,13 @@ paths:
                     type: string
                   type: array
                 id:
-                  description: >-
-                    The space ID that is part of the Kibana URL when inside the
-                    space. Space IDs are limited to lowercase alphanumeric,
-                    underscore, and hyphen characters (a-z, 0-9, _, and -). You
-                    are cannot change the ID with the update operation.
+                  description: The space ID that is part of the Kibana URL when inside the space. Space IDs are limited to lowercase alphanumeric, underscore, and hyphen characters (a-z, 0-9, _, and -). You are cannot change the ID with the update operation.
                   type: string
                 imageUrl:
-                  description: >-
-                    The data-URL encoded image to display in the space avatar.
-                    If specified, initials will not be displayed and the color
-                    will be visible as the background color for transparent
-                    images. For best results, your image should be 64x64. Images
-                    will not be optimized by this API call, so care should be
-                    taken when using custom images.
+                  description: The data-URL encoded image to display in the space avatar. If specified, initials will not be displayed and the color will be visible as the background color for transparent images. For best results, your image should be 64x64. Images will not be optimized by this API call, so care should be taken when using custom images.
                   type: string
                 initials:
-                  description: >-
-                    One or two characters that are shown in the space avatar. By
-                    default, the initials are automatically generated from the
-                    space name.
+                  description: One or two characters that are shown in the space avatar. By default, the initials are automatically generated from the space name.
                   maxLength: 2
                   type: string
                 name:
@@ -39619,6 +37084,9 @@ paths:
               required:
                 - id
                 - name
+            examples:
+              updateSpaceRequest:
+                $ref: '#/components/examples/update_space_request'
       responses:
         '200':
           description: Indicates a successful call.
@@ -39656,11 +37124,8 @@ paths:
               schema:
                 anyOf:
                   - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response'
-                  - $ref: >-
-                      #/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse
-                description: >-
-                  Kibana's operational status. A minimal response is sent for
-                  unauthorized users.
+                  - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse'
+                description: Kibana's operational status. A minimal response is sent for unauthorized users.
           description: Overall status is OK and Kibana should be functioning normally.
         '503':
           content:
@@ -39668,14 +37133,9 @@ paths:
               schema:
                 anyOf:
                   - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response'
-                  - $ref: >-
-                      #/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse
-                description: >-
-                  Kibana's operational status. A minimal response is sent for
-                  unauthorized users.
-          description: >-
-            Kibana or some of it's essential services are unavailable. Kibana
-            may be degraded or unavailable.
+                  - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse'
+                description: Kibana's operational status. A minimal response is sent for unauthorized users.
+          description: Kibana or some of it's essential services are unavailable. Kibana may be degraded or unavailable.
       summary: Get Kibana's current status
       tags:
         - system
@@ -39694,9 +37154,7 @@ paths:
                     type: string
                   type: array
                 searchIds:
-                  description: >-
-                    Saved search ids that should be deleted alongside the
-                    timelines
+                  description: Saved search ids that should be deleted alongside the timelines
                   items:
                     type: string
                   type: array
@@ -39724,7 +37182,6 @@ paths:
       summary: Delete Timelines or Timeline templates
       tags:
         - Security Timeline API
-        - access:securitySolution
     get:
       description: Get the details of an existing saved Timeline or Timeline template.
       operationId: GetTimeline
@@ -39751,8 +37208,7 @@ paths:
                         type: object
                         properties:
                           getOneTimeline:
-                            $ref: >-
-                              #/components/schemas/Security_Timeline_API_TimelineResponse
+                            $ref: '#/components/schemas/Security_Timeline_API_TimelineResponse'
                         required:
                           - getOneTimeline
                     required:
@@ -39763,12 +37219,8 @@ paths:
       summary: Get Timeline or Timeline template details
       tags:
         - Security Timeline API
-        - access:securitySolution
     patch:
-      description: >-
-        Update an existing Timeline. You can update the title, description, date
-        range, pinned events, pinned queries, and/or pinned saved queries of an
-        existing Timeline.
+      description: Update an existing Timeline. You can update the title, description, date range, pinned events, pinned queries, and/or pinned saved queries of an existing Timeline.
       operationId: PatchTimeline
       requestBody:
         content:
@@ -39795,12 +37247,8 @@ paths:
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Timeline_API_PersistTimelineResponse
-          description: >-
-            Indicates that the draft Timeline was successfully created. In the
-            event the user already has a draft Timeline, the existing draft
-            Timeline is cleared and returned.
+                $ref: '#/components/schemas/Security_Timeline_API_PersistTimelineResponse'
+          description: Indicates that the draft Timeline was successfully created. In the event the user already has a draft Timeline, the existing draft Timeline is cleared and returned.
         '405':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
@@ -39811,13 +37259,10 @@ paths:
                     type: string
                   statusCode:
                     type: number
-          description: >-
-            Indicates that the user does not have the required access to create
-            a draft Timeline.
+          description: Indicates that the user does not have the required access to create a draft Timeline.
       summary: Update a Timeline
       tags:
         - Security Timeline API
-        - access:securitySolution
     post:
       description: Create a new Timeline or Timeline template.
       operationId: CreateTimelines
@@ -39849,17 +37294,14 @@ paths:
                   type: string
               required:
                 - timeline
-        description: >-
-          The required Timeline fields used to create a new Timeline, along with
-          optional fields that will be created if not provided.
+        description: The required Timeline fields used to create a new Timeline, along with optional fields that will be created if not provided.
         required: true
       responses:
         '200':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Timeline_API_PersistTimelineResponse
+                $ref: '#/components/schemas/Security_Timeline_API_PersistTimelineResponse'
           description: Indicates the Timeline was successfully created.
         '405':
           content:
@@ -39875,7 +37317,6 @@ paths:
       summary: Create a Timeline or Timeline template
       tags:
         - Security Timeline API
-        - access:securitySolution
   /api/timeline/_copy:
     get:
       description: |
@@ -39900,19 +37341,14 @@ paths:
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Timeline_API_PersistTimelineResponse
+                $ref: '#/components/schemas/Security_Timeline_API_PersistTimelineResponse'
           description: Indicates that the timeline has been successfully copied.
       summary: Copies timeline or timeline template
       tags:
         - Security Timeline API
-        - access:securitySolution
   /api/timeline/_draft:
     get:
-      description: >-
-        Get the details of the draft Timeline  or Timeline template for the
-        current user. If the user doesn't have a draft Timeline, an empty
-        Timeline is returned.
+      description: Get the details of the draft Timeline  or Timeline template for the current user. If the user doesn't have a draft Timeline, an empty Timeline is returned.
       operationId: GetDraftTimelines
       parameters:
         - in: query
@@ -39925,8 +37361,7 @@ paths:
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Timeline_API_PersistTimelineResponse
+                $ref: '#/components/schemas/Security_Timeline_API_PersistTimelineResponse'
           description: Indicates that the draft Timeline was successfully retrieved.
         '403':
           content:
@@ -39938,10 +37373,7 @@ paths:
                     type: string
                   status_code:
                     type: number
-          description: >-
-            If a draft Timeline was not found and we attempted to create one, it
-            indicates that the user does not have the required permissions to
-            create a draft Timeline.
+          description: If a draft Timeline was not found and we attempted to create one, it indicates that the user does not have the required permissions to create a draft Timeline.
         '409':
           content:
             application:json; Elastic-Api-Version=2023-10-31:
@@ -39952,22 +37384,15 @@ paths:
                     type: string
                   status_code:
                     type: number
-          description: >-
-            This should never happen, but if a draft Timeline was not found and
-            we attempted to create one, it indicates that there is already a
-            draft Timeline with the given `timelineId`.
+          description: This should never happen, but if a draft Timeline was not found and we attempted to create one, it indicates that there is already a draft Timeline with the given `timelineId`.
       summary: Get draft Timeline or Timeline template details
       tags:
         - Security Timeline API
-        - access:securitySolution
     post:
-      description: >
+      description: |
         Create a clean draft Timeline or Timeline template for the current user.
-
         > info
-
-        > If the user already has a draft Timeline, the existing draft Timeline
-        is cleared and returned.
+        > If the user already has a draft Timeline, the existing draft Timeline is cleared and returned.
       operationId: CleanDraftTimelines
       requestBody:
         content:
@@ -39979,21 +37404,15 @@ paths:
                   $ref: '#/components/schemas/Security_Timeline_API_TimelineType'
               required:
                 - timelineType
-        description: >-
-          The type of Timeline to create. Valid values are `default` and
-          `template`.
+        description: The type of Timeline to create. Valid values are `default` and `template`.
         required: true
       responses:
         '200':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Timeline_API_PersistTimelineResponse
-          description: >-
-            Indicates that the draft Timeline was successfully created. In the
-            event the user already has a draft Timeline, the existing draft
-            Timeline is cleared and returned.
+                $ref: '#/components/schemas/Security_Timeline_API_PersistTimelineResponse'
+          description: Indicates that the draft Timeline was successfully created. In the event the user already has a draft Timeline, the existing draft Timeline is cleared and returned.
         '403':
           content:
             application:json; Elastic-Api-Version=2023-10-31:
@@ -40004,9 +37423,7 @@ paths:
                     type: string
                   status_code:
                     type: number
-          description: >-
-            Indicates that the user does not have the required permissions to
-            create a draft Timeline.
+          description: Indicates that the user does not have the required permissions to create a draft Timeline.
         '409':
           content:
             application:json; Elastic-Api-Version=2023-10-31:
@@ -40017,13 +37434,10 @@ paths:
                     type: string
                   status_code:
                     type: number
-          description: >-
-            Indicates that there is already a draft Timeline with the given
-            `timelineId`.
+          description: Indicates that there is already a draft Timeline with the given `timelineId`.
       summary: Create a clean draft Timeline or Timeline template
       tags:
         - Security Timeline API
-        - access:securitySolution
   /api/timeline/_export:
     post:
       description: Export Timelines as an NDJSON file.
@@ -40070,7 +37484,6 @@ paths:
       summary: Export Timelines
       tags:
         - Security Timeline API
-        - access:securitySolution
   /api/timeline/_favorite:
     patch:
       description: Favorite a Timeline or Timeline template for the current user.
@@ -40111,8 +37524,7 @@ paths:
                     type: object
                     properties:
                       persistFavorite:
-                        $ref: >-
-                          #/components/schemas/Security_Timeline_API_FavoriteTimelineResponse
+                        $ref: '#/components/schemas/Security_Timeline_API_FavoriteTimelineResponse'
                     required:
                       - persistFavorite
                 required:
@@ -40128,13 +37540,10 @@ paths:
                     type: string
                   statusCode:
                     type: number
-          description: >-
-            Indicates the user does not have the required permissions to persist
-            the favorite status.
+          description: Indicates the user does not have the required permissions to persist the favorite status.
       summary: Favorite a Timeline or Timeline template
       tags:
         - Security Timeline API
-        - access:securitySolution
   /api/timeline/_import:
     post:
       description: Import Timelines.
@@ -40160,8 +37569,7 @@ paths:
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Timeline_API_ImportTimelineResult
+                $ref: '#/components/schemas/Security_Timeline_API_ImportTimelineResult'
           description: Indicates the import of Timelines was successful.
         '400':
           content:
@@ -40175,9 +37583,7 @@ paths:
                     type: string
                   statusCode:
                     type: number
-          description: >-
-            Indicates the import of Timelines was unsuccessful because of an
-            invalid file extension.
+          description: Indicates the import of Timelines was unsuccessful because of an invalid file extension.
         '404':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
@@ -40188,9 +37594,7 @@ paths:
                     type: string
                   statusCode:
                     type: number
-          description: >-
-            Indicates that we were unable to locate the saved object client
-            necessary to handle the import.
+          description: Indicates that we were unable to locate the saved object client necessary to handle the import.
         '409':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
@@ -40207,7 +37611,6 @@ paths:
       summary: Import Timelines
       tags:
         - Security Timeline API
-        - access:securitySolution
   /api/timeline/_prepackaged:
     post:
       description: Install or update prepackaged Timelines.
@@ -40220,8 +37623,7 @@ paths:
               properties:
                 prepackagedTimelines:
                   items:
-                    $ref: >-
-                      #/components/schemas/Security_Timeline_API_TimelineSavedToReturnObject
+                    $ref: '#/components/schemas/Security_Timeline_API_TimelineSavedToReturnObject'
                     nullable: true
                   type: array
                 timelinesToInstall:
@@ -40245,8 +37647,7 @@ paths:
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
-                $ref: >-
-                  #/components/schemas/Security_Timeline_API_ImportTimelineResult
+                $ref: '#/components/schemas/Security_Timeline_API_ImportTimelineResult'
           description: Indicates the installation of prepackaged Timelines was successful.
         '500':
           content:
@@ -40258,13 +37659,10 @@ paths:
                     type: string
                   statusCode:
                     type: number
-          description: >-
-            Indicates the installation of prepackaged Timelines was
-            unsuccessful.
+          description: Indicates the installation of prepackaged Timelines was unsuccessful.
       summary: Install prepackaged Timelines
       tags:
         - Security Timeline API
-        - access:securitySolution
   /api/timeline/resolve:
     get:
       operationId: ResolveTimeline
@@ -40288,8 +37686,7 @@ paths:
                   - type: object
                     properties:
                       data:
-                        $ref: >-
-                          #/components/schemas/Security_Timeline_API_ResolvedTimeline
+                        $ref: '#/components/schemas/Security_Timeline_API_ResolvedTimeline'
                     required:
                       - data
                   - additionalProperties: false
@@ -40302,15 +37699,12 @@ paths:
       summary: Get an existing saved Timeline or Timeline template
       tags:
         - Security Timeline API
-        - access:securitySolution
   /api/timelines:
     get:
       description: Get a list of all saved Timelines or Timeline templates.
       operationId: GetTimelines
       parameters:
-        - description: >-
-            If true, only timelines that are marked as favorites by the user are
-            returned.
+        - description: If true, only timelines that are marked as favorites by the user are returned.
           in: query
           name: only_user_favorite
           schema:
@@ -40374,8 +37768,7 @@ paths:
                     type: number
                   timeline:
                     items:
-                      $ref: >-
-                        #/components/schemas/Security_Timeline_API_TimelineResponse
+                      $ref: '#/components/schemas/Security_Timeline_API_TimelineResponse'
                     type: array
                   totalCount:
                     type: number
@@ -40397,12 +37790,10 @@ paths:
       summary: Get Timelines or Timeline templates
       tags:
         - Security Timeline API
-        - access:securitySolution
   /s/{spaceId}/api/observability/slos:
     get:
-      description: >
-        You must have the `read` privileges for the **SLOs** feature in the
-        **Observability** section of the Kibana feature privileges.
+      description: |
+        You must have the `read` privileges for the **SLOs** feature in the **Observability** section of the Kibana feature privileges.
       operationId: findSlosOp
       parameters:
         - $ref: '#/components/parameters/SLOs_kbn_xsrf'
@@ -40450,9 +37841,7 @@ paths:
               - asc
               - desc
             type: string
-        - description: >-
-            Hide stale SLOs from the list as defined by stale SLO threshold in
-            SLO settings
+        - description: Hide stale SLOs from the list as defined by stale SLO threshold in SLO settings
           in: query
           name: hideStale
           schema:
@@ -40492,9 +37881,8 @@ paths:
       tags:
         - slo
     post:
-      description: >
-        You must have `all` privileges for the **SLOs** feature in the
-        **Observability** section of the Kibana feature privileges.
+      description: |
+        You must have `all` privileges for the **SLOs** feature in the **Observability** section of the Kibana feature privileges.
       operationId: createSloOp
       parameters:
         - $ref: '#/components/parameters/SLOs_kbn_xsrf'
@@ -40541,10 +37929,8 @@ paths:
         - slo
   /s/{spaceId}/api/observability/slos/_delete_instances:
     post:
-      description: >
-        The deletion occurs for the specified list of `sloId` and `instanceId`.
-        You must have `all` privileges for the **SLOs** feature in the
-        **Observability** section of the Kibana feature privileges.
+      description: |
+        The deletion occurs for the specified list of `sloId` and `instanceId`. You must have `all` privileges for the **SLOs** feature in the **Observability** section of the Kibana feature privileges.
       operationId: deleteSloInstancesOp
       parameters:
         - $ref: '#/components/parameters/SLOs_kbn_xsrf'
@@ -40581,9 +37967,8 @@ paths:
         - slo
   /s/{spaceId}/api/observability/slos/{sloId}:
     delete:
-      description: >
-        You must have the `write` privileges for the **SLOs** feature in the
-        **Observability** section of the Kibana feature privileges.
+      description: |
+        You must have the `write` privileges for the **SLOs** feature in the **Observability** section of the Kibana feature privileges.
       operationId: deleteSloOp
       parameters:
         - $ref: '#/components/parameters/SLOs_kbn_xsrf'
@@ -40620,9 +38005,8 @@ paths:
       tags:
         - slo
     get:
-      description: >
-        You must have the `read` privileges for the **SLOs** feature in the
-        **Observability** section of the Kibana feature privileges.
+      description: |
+        You must have the `read` privileges for the **SLOs** feature in the **Observability** section of the Kibana feature privileges.
       operationId: getSloOp
       parameters:
         - $ref: '#/components/parameters/SLOs_kbn_xsrf'
@@ -40669,9 +38053,8 @@ paths:
       tags:
         - slo
     put:
-      description: >
-        You must have the `write` privileges for the **SLOs** feature in the
-        **Observability** section of the Kibana feature privileges.
+      description: |
+        You must have the `write` privileges for the **SLOs** feature in the **Observability** section of the Kibana feature privileges.
       operationId: updateSloOp
       parameters:
         - $ref: '#/components/parameters/SLOs_kbn_xsrf'
@@ -40719,16 +38102,15 @@ paths:
         - slo
   /s/{spaceId}/api/observability/slos/{sloId}/_reset:
     post:
-      description: >
-        You must have the `write` privileges for the **SLOs** feature in the
-        **Observability** section of the Kibana feature privileges.
+      description: |
+        You must have the `write` privileges for the **SLOs** feature in the **Observability** section of the Kibana feature privileges.
       operationId: resetSloOp
       parameters:
         - $ref: '#/components/parameters/SLOs_kbn_xsrf'
         - $ref: '#/components/parameters/SLOs_space_id'
         - $ref: '#/components/parameters/SLOs_slo_id'
       responses:
-        '204':
+        '200':
           content:
             application/json; Elastic-Api-Version=2023-10-31:
               schema:
@@ -40763,50 +38145,48 @@ paths:
         - slo
   /s/{spaceId}/api/observability/slos/{sloId}/disable:
     post:
-      description: >
-        You must have the `write` privileges for the **SLOs** feature in the
-        **Observability** section of the Kibana feature privileges.
+      description: |
+        You must have the `write` privileges for the **SLOs** feature in the **Observability** section of the Kibana feature privileges.
       operationId: disableSloOp
-      parameters:
-        - $ref: '#/components/parameters/SLOs_kbn_xsrf'
-        - $ref: '#/components/parameters/SLOs_space_id'
-        - $ref: '#/components/parameters/SLOs_slo_id'
-      responses:
-        '200':
-          description: Successful request
-        '400':
-          content:
-            application/json; Elastic-Api-Version=2023-10-31:
-              schema:
-                $ref: '#/components/schemas/SLOs_400_response'
-          description: Bad request
-        '401':
-          content:
-            application/json; Elastic-Api-Version=2023-10-31:
-              schema:
-                $ref: '#/components/schemas/SLOs_401_response'
-          description: Unauthorized response
-        '403':
-          content:
-            application/json; Elastic-Api-Version=2023-10-31:
-              schema:
-                $ref: '#/components/schemas/SLOs_403_response'
-          description: Unauthorized response
-        '404':
-          content:
-            application/json; Elastic-Api-Version=2023-10-31:
-              schema:
-                $ref: '#/components/schemas/SLOs_404_response'
-          description: Not found response
-      summary: Disable an SLO
-      tags:
-        - slo
-  /s/{spaceId}/api/observability/slos/{sloId}/enable:
-    post:
-      description: >
-        You must have the `write` privileges for the **SLOs** feature in the
-        **Observability** section of the Kibana feature privileges.
-      operationId: enableSloOp
+      parameters:
+        - $ref: '#/components/parameters/SLOs_kbn_xsrf'
+        - $ref: '#/components/parameters/SLOs_space_id'
+        - $ref: '#/components/parameters/SLOs_slo_id'
+      responses:
+        '204':
+          description: Successful request
+        '400':
+          content:
+            application/json; Elastic-Api-Version=2023-10-31:
+              schema:
+                $ref: '#/components/schemas/SLOs_400_response'
+          description: Bad request
+        '401':
+          content:
+            application/json; Elastic-Api-Version=2023-10-31:
+              schema:
+                $ref: '#/components/schemas/SLOs_401_response'
+          description: Unauthorized response
+        '403':
+          content:
+            application/json; Elastic-Api-Version=2023-10-31:
+              schema:
+                $ref: '#/components/schemas/SLOs_403_response'
+          description: Unauthorized response
+        '404':
+          content:
+            application/json; Elastic-Api-Version=2023-10-31:
+              schema:
+                $ref: '#/components/schemas/SLOs_404_response'
+          description: Not found response
+      summary: Disable an SLO
+      tags:
+        - slo
+  /s/{spaceId}/api/observability/slos/{sloId}/enable:
+    post:
+      description: |
+        You must have the `write` privileges for the **SLOs** feature in the **Observability** section of the Kibana feature privileges.
+      operationId: enableSloOp
       parameters:
         - $ref: '#/components/parameters/SLOs_kbn_xsrf'
         - $ref: '#/components/parameters/SLOs_space_id'
@@ -41086,9 +38466,7 @@ components:
         owner: cases
         type: user
     Cases_add_comment_response:
-      summary: >-
-        The add comment to case API returns a JSON object that contains details
-        about the case and its comments.
+      summary: The add comment to case API returns a JSON object that contains details about the case and its comments.
       value:
         assignees: []
         category: null
@@ -41167,9 +38545,7 @@ components:
           - tag-1
         title: Case title 1
     Cases_create_case_response:
-      summary: >-
-        The create case API returns a JSON object that contains details about
-        the case.
+      summary: The create case API returns a JSON object that contains details about the case.
       value:
         assignees: []
         closed_at: null
@@ -41288,9 +38664,7 @@ components:
             type: assignees
             version: WzM1ODg4LDFb
     Cases_find_case_response:
-      summary: >-
-        Retrieve the first five cases with the `tag-1` tag, in ascending order
-        by last update time.
+      summary: Retrieve the first five cases with the `tag-1` tag, in ascending order by last update time.
       value:
         cases:
           - assignees: []
@@ -41415,9 +38789,7 @@ components:
           updated_by: null
           version: WzEyLDNd
     Cases_get_case_observability_response:
-      summary: >-
-        Retrieves information about an Observability case including its alerts
-        and comments.
+      summary: Retrieves information about an Observability case including its alerts and comments.
       value:
         assignees:
           - uid: u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0
@@ -41594,9 +38966,7 @@ components:
         - tag 1
         - tag 2
     Cases_push_case_response:
-      summary: >-
-        The push case API returns a JSON object with details about the case and
-        the external service.
+      summary: The push case API returns a JSON object with details about the case and the external service.
       value:
         closed_at: null
         closed_by: null
@@ -41645,9 +39015,7 @@ components:
           username: elastic
         version: WzE3NjgsM10=
     Cases_set_case_configuration_request:
-      summary: >-
-        Set the closure type, custom fields, and default connector for Stack
-        Management cases.
+      summary: Set the closure type, custom fields, and default connector for Stack Management cases.
       value:
         closure_type: close-by-user
         connector:
@@ -41834,9 +39202,7 @@ components:
               - tag-1
             version: WzIzLDFd
     Cases_update_case_response:
-      summary: >-
-        This is an example response when the case description, tags, and
-        connector were updated.
+      summary: This is an example response when the case description, tags, and connector were updated.
       value:
         - assignees: []
           category: null
@@ -41904,9 +39270,7 @@ components:
         type: user
         version: Wzk1LDFd
     Cases_update_comment_response:
-      summary: >-
-        The add comment to case API returns a JSON object that contains details
-        about the case and its comments.
+      summary: The add comment to case API returns a JSON object that contains details about the case and its comments.
       value:
         assignees: []
         category: null
@@ -41991,9 +39355,7 @@ components:
             source: emit(doc["foo"].value)
           type: long
     Data_views_get_data_view_response:
-      summary: >-
-        The get data view API returns a JSON object that contains information
-        about the data view.
+      summary: The get data view API returns a JSON object that contains information about the data view.
       value:
         data_view:
           allowNoIndex: false
@@ -42944,10 +40306,7 @@ components:
       value:
         data_view_id: ff959d40-b880-11e8-a6d9-e546fe2bba5f
     Data_views_get_runtime_field_response:
-      summary: >-
-        The get runtime field API returns a JSON object that contains
-        information about the runtime field (`hour_of_day`) and the data view
-        (`d3d7af60-4c81-11e8-b3d7-01146121b73d`).
+      summary: The get runtime field API returns a JSON object that contains information about the runtime field (`hour_of_day`) and the data view (`d3d7af60-4c81-11e8-b3d7-01146121b73d`).
       value:
         data_view:
           allowNoIndex: false
@@ -43456,9 +40815,7 @@ components:
         data_view_id: ff959d40-b880-11e8-a6d9-e546fe2bba5f
         force: true
     Data_views_swap_data_view_request:
-      summary: >-
-        Swap references from data view ID "abcd-efg" to "xyz-123" and remove the
-        data view that is no longer referenced.
+      summary: Swap references from data view ID "abcd-efg" to "xyz-123" and remove the data view that is no longer referenced.
       value:
         delete: true
         fromId: abcd-efg
@@ -43509,25 +40866,12 @@ components:
           - id: de71f4f0-1902-11e9-919b-ffe5949a18d2
             type: map
     Saved_objects_export_objects_response:
-      summary: >-
-        The export objects API response contains a JSON record for each exported
-        object.
+      summary: The export objects API response contains a JSON record for each exported object.
       value:
         attributes:
           description: ''
-          layerListJSON: >-
-            [{"id":"0hmz5","alpha":1,"sourceDescriptor":{"type":"EMS_TMS","isAutoSelect":true,"lightModeDefault":"road_map_desaturated"},"visible":true,"style":{},"type":"EMS_VECTOR_TILE","minZoom":0,"maxZoom":24},{"id":"edh66","label":"Total
-            Requests by
-            Destination","minZoom":0,"maxZoom":24,"alpha":0.5,"sourceDescriptor":{"type":"EMS_FILE","id":"world_countries","tooltipProperties":["name","iso2"]},"visible":true,"style":{"type":"VECTOR","properties":{"fillColor":{"type":"DYNAMIC","options":{"field":{"name":"__kbnjoin__count__673ff994-fc75-4c67-909b-69fcb0e1060e","origin":"join"},"color":"Greys","fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"lineColor":{"type":"STATIC","options":{"color":"#FFFFFF"}},"lineWidth":{"type":"STATIC","options":{"size":1}},"iconSize":{"type":"STATIC","options":{"size":10}},"symbolizeAs":{"options":{"value":"circle"}},"icon":{"type":"STATIC","options":{"value":"marker"}}}},"type":"GEOJSON_VECTOR","joins":[{"leftField":"iso2","right":{"type":"ES_TERM_SOURCE","id":"673ff994-fc75-4c67-909b-69fcb0e1060e","indexPatternTitle":"kibana_sample_data_logs","term":"geo.dest","indexPatternRefName":"layer_1_join_0_index_pattern","metrics":[{"type":"count","label":"web
-            logs
-            count"}],"applyGlobalQuery":true}}]},{"id":"gaxya","label":"Actual
-            Requests","minZoom":9,"maxZoom":24,"alpha":1,"sourceDescriptor":{"id":"b7486535-171b-4d3b-bb2e-33c1a0a2854c","type":"ES_SEARCH","geoField":"geo.coordinates","limit":2048,"filterByMapBounds":true,"tooltipProperties":["clientip","timestamp","host","request","response","machine.os","agent","bytes"],"indexPatternRefName":"layer_2_source_index_pattern","applyGlobalQuery":true,"scalingType":"LIMIT"},"visible":true,"style":{"type":"VECTOR","properties":{"fillColor":{"type":"STATIC","options":{"color":"#2200ff"}},"lineColor":{"type":"STATIC","options":{"color":"#FFFFFF"}},"lineWidth":{"type":"STATIC","options":{"size":2}},"iconSize":{"type":"DYNAMIC","options":{"field":{"name":"bytes","origin":"source"},"minSize":1,"maxSize":23,"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"symbolizeAs":{"options":{"value":"circle"}},"icon":{"type":"STATIC","options":{"value":"marker"}}}},"type":"GEOJSON_VECTOR"},{"id":"tfi3f","label":"Total
-            Requests and
-            Bytes","minZoom":0,"maxZoom":9,"alpha":1,"sourceDescriptor":{"type":"ES_GEO_GRID","resolution":"COARSE","id":"8aaa65b5-a4e9-448b-9560-c98cb1c5ac5b","geoField":"geo.coordinates","requestType":"point","metrics":[{"type":"count","label":"web
-            logs
-            count"},{"type":"sum","field":"bytes"}],"indexPatternRefName":"layer_3_source_index_pattern","applyGlobalQuery":true},"visible":true,"style":{"type":"VECTOR","properties":{"fillColor":{"type":"DYNAMIC","options":{"field":{"name":"doc_count","origin":"source"},"color":"Blues","fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"lineColor":{"type":"STATIC","options":{"color":"#cccccc"}},"lineWidth":{"type":"STATIC","options":{"size":1}},"iconSize":{"type":"DYNAMIC","options":{"field":{"name":"sum_of_bytes","origin":"source"},"minSize":7,"maxSize":25,"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"labelText":{"type":"DYNAMIC","options":{"field":{"name":"doc_count","origin":"source"},"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"labelSize":{"type":"DYNAMIC","options":{"field":{"name":"doc_count","origin":"source"},"minSize":12,"maxSize":24,"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"symbolizeAs":{"options":{"value":"circle"}},"icon":{"type":"STATIC","options":{"value":"marker"}}}},"type":"GEOJSON_VECTOR"}]
-          mapStateJSON: >-
-            {"zoom":3.64,"center":{"lon":-88.92107,"lat":42.16337},"timeFilters":{"from":"now-7d","to":"now"},"refreshConfig":{"isPaused":true,"interval":0},"query":{"language":"kuery","query":""},"settings":{"autoFitToDataBounds":false}}
+          layerListJSON: '[{"id":"0hmz5","alpha":1,"sourceDescriptor":{"type":"EMS_TMS","isAutoSelect":true,"lightModeDefault":"road_map_desaturated"},"visible":true,"style":{},"type":"EMS_VECTOR_TILE","minZoom":0,"maxZoom":24},{"id":"edh66","label":"Total Requests by Destination","minZoom":0,"maxZoom":24,"alpha":0.5,"sourceDescriptor":{"type":"EMS_FILE","id":"world_countries","tooltipProperties":["name","iso2"]},"visible":true,"style":{"type":"VECTOR","properties":{"fillColor":{"type":"DYNAMIC","options":{"field":{"name":"__kbnjoin__count__673ff994-fc75-4c67-909b-69fcb0e1060e","origin":"join"},"color":"Greys","fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"lineColor":{"type":"STATIC","options":{"color":"#FFFFFF"}},"lineWidth":{"type":"STATIC","options":{"size":1}},"iconSize":{"type":"STATIC","options":{"size":10}},"symbolizeAs":{"options":{"value":"circle"}},"icon":{"type":"STATIC","options":{"value":"marker"}}}},"type":"GEOJSON_VECTOR","joins":[{"leftField":"iso2","right":{"type":"ES_TERM_SOURCE","id":"673ff994-fc75-4c67-909b-69fcb0e1060e","indexPatternTitle":"kibana_sample_data_logs","term":"geo.dest","indexPatternRefName":"layer_1_join_0_index_pattern","metrics":[{"type":"count","label":"web logs count"}],"applyGlobalQuery":true}}]},{"id":"gaxya","label":"Actual Requests","minZoom":9,"maxZoom":24,"alpha":1,"sourceDescriptor":{"id":"b7486535-171b-4d3b-bb2e-33c1a0a2854c","type":"ES_SEARCH","geoField":"geo.coordinates","limit":2048,"filterByMapBounds":true,"tooltipProperties":["clientip","timestamp","host","request","response","machine.os","agent","bytes"],"indexPatternRefName":"layer_2_source_index_pattern","applyGlobalQuery":true,"scalingType":"LIMIT"},"visible":true,"style":{"type":"VECTOR","properties":{"fillColor":{"type":"STATIC","options":{"color":"#2200ff"}},"lineColor":{"type":"STATIC","options":{"color":"#FFFFFF"}},"lineWidth":{"type":"STATIC","options":{"size":2}},"iconSize":{"type":"DYNAMIC","options":{"field":{"name":"bytes","origin":"source"},"minSize":1,"maxSize":23,"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"symbolizeAs":{"options":{"value":"circle"}},"icon":{"type":"STATIC","options":{"value":"marker"}}}},"type":"GEOJSON_VECTOR"},{"id":"tfi3f","label":"Total Requests and Bytes","minZoom":0,"maxZoom":9,"alpha":1,"sourceDescriptor":{"type":"ES_GEO_GRID","resolution":"COARSE","id":"8aaa65b5-a4e9-448b-9560-c98cb1c5ac5b","geoField":"geo.coordinates","requestType":"point","metrics":[{"type":"count","label":"web logs count"},{"type":"sum","field":"bytes"}],"indexPatternRefName":"layer_3_source_index_pattern","applyGlobalQuery":true},"visible":true,"style":{"type":"VECTOR","properties":{"fillColor":{"type":"DYNAMIC","options":{"field":{"name":"doc_count","origin":"source"},"color":"Blues","fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"lineColor":{"type":"STATIC","options":{"color":"#cccccc"}},"lineWidth":{"type":"STATIC","options":{"size":1}},"iconSize":{"type":"DYNAMIC","options":{"field":{"name":"sum_of_bytes","origin":"source"},"minSize":7,"maxSize":25,"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"labelText":{"type":"DYNAMIC","options":{"field":{"name":"doc_count","origin":"source"},"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"labelSize":{"type":"DYNAMIC","options":{"field":{"name":"doc_count","origin":"source"},"minSize":12,"maxSize":24,"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"symbolizeAs":{"options":{"value":"circle"}},"icon":{"type":"STATIC","options":{"value":"marker"}}}},"type":"GEOJSON_VECTOR"}]'
+          mapStateJSON: '{"zoom":3.64,"center":{"lon":-88.92107,"lat":42.16337},"timeFilters":{"from":"now-7d","to":"now"},"refreshConfig":{"isPaused":true,"interval":0},"query":{"language":"kuery","query":""},"settings":{"autoFitToDataBounds":false}}'
           title: '[Logs] Total Requests and Bytes'
           uiStateJSON: '{"isDarkMode":false}'
         coreMigrationVersion: 8.8.0
@@ -43552,10 +40896,7 @@ components:
       value:
         file: file.ndjson
     Saved_objects_import_objects_response:
-      summary: >-
-        The import objects API response indicates a successful import and the
-        objects are created. Since these objects are created as new copies, each
-        entry in the successResults array includes a destinationId attribute.
+      summary: The import objects API response indicates a successful import and the objects are created. Since these objects are created as new copies, each entry in the successResults array includes a destinationId attribute.
       value:
         success: true
         successCount: 1
@@ -43611,6 +40952,1614 @@ components:
               icon: dashboardApp
               title: Look at my dashboard
             type: dashboard
+    get_connector_types_generativeai_response:
+      summary: A list of connector types for the `generativeAI` feature.
+      value:
+        - id: .gen-ai
+          name: OpenAI
+          enabled: true
+          enabled_in_config: true
+          enabled_in_license: true
+          minimum_license_required: enterprise
+          supported_feature_ids:
+            - generativeAIForSecurity
+            - generativeAIForObservability
+            - generativeAIForSearchPlayground
+          is_system_action_type: false
+        - id: .bedrock
+          name: AWS Bedrock
+          enabled: true
+          enabled_in_config: true
+          enabled_in_license: true
+          minimum_license_required: enterprise
+          supported_feature_ids:
+            - generativeAIForSecurity
+            - generativeAIForObservability
+            - generativeAIForSearchPlayground
+          is_system_action_type: false
+        - id: .gemini
+          name: Google Gemini
+          enabled: true
+          enabled_in_config: true
+          enabled_in_license: true
+          minimum_license_required: enterprise
+          supported_feature_ids:
+            - generativeAIForSecurity
+          is_system_action_type: false
+    get_connector_response:
+      summary: Get connector details.
+      value:
+        id: df770e30-8b8b-11ed-a780-3b746c987a81
+        name: my_server_log_connector
+        config: {}
+        connector_type_id: .server-log
+        is_preconfigured: false
+        is_deprecated: false
+        is_missing_secrets: false
+        is_system_action: false
+    update_index_connector_request:
+      summary: Update an index connector.
+      value:
+        name: updated-connector
+        config:
+          index: updated-index
+    create_email_connector_request:
+      summary: Create an email connector.
+      value:
+        name: email-connector-1
+        connector_type_id: .email
+        config:
+          from: tester@example.com
+          hasAuth: true
+          host: https://example.com
+          port: 1025
+          secure: false
+          service: other
+        secrets:
+          user: username
+          password: password
+    create_index_connector_request:
+      summary: Create an index connector.
+      value:
+        name: my-connector
+        connector_type_id: .index
+        config:
+          index: test-index
+    create_webhook_connector_request:
+      summary: Create a webhook connector with SSL authentication.
+      value:
+        name: my-webhook-connector
+        connector_type_id: .webhook
+        config:
+          method: post
+          url: https://example.com
+          authType: webhook-authentication-ssl
+          certType: ssl-crt-key
+        secrets:
+          crt: QmFnIEF0dH...
+          key: LS0tLS1CRUdJ...
+          password: my-passphrase
+    create_xmatters_connector_request:
+      summary: Create an xMatters connector with URL authentication.
+      value:
+        name: my-xmatters-connector
+        connector_type_id: .xmatters
+        config:
+          usesBasic: false
+        secrets:
+          secretsUrl: https://example.com?apiKey=xxxxx
+    create_email_connector_response:
+      summary: A new email connector.
+      value:
+        id: 90a82c60-478f-11ee-a343-f98a117c727f
+        connector_type_id: .email
+        name: email-connector-1
+        config:
+          from: tester@example.com
+          service: other
+          host: https://example.com
+          port: 1025
+          secure: false
+          hasAuth: true
+          tenantId: null
+          clientId: null
+          oauthTokenUrl: null
+        is_preconfigured: false
+        is_deprecated: false
+        is_missing_secrets: false
+        is_system_action: false
+    create_index_connector_response:
+      summary: A new index connector.
+      value:
+        id: c55b6eb0-6bad-11eb-9f3b-611eebc6c3ad
+        connector_type_id: .index
+        name: my-connector
+        config:
+          index: test-index
+          refresh: false
+          executionTimeField: null
+        is_preconfigured: false
+        is_deprecated: false
+        is_missing_secrets: false
+        is_system_action: false
+    create_webhook_connector_response:
+      summary: A new webhook connector.
+      value:
+        id: 900eb010-3b9d-11ee-a642-8ffbb94e38bd
+        name: my-webhook-connector
+        config:
+          method: post
+          url: https://example.com
+          authType: webhook-authentication-ssl
+          certType: ssl-crt-key
+          verificationMode: full
+          headers: null
+          hasAuth: true
+        connector_type_id: .webhook
+        is_preconfigured: false
+        is_deprecated: false
+        is_missing_secrets: false
+        is_system_action: false
+    run_index_connector_request:
+      summary: Run an index connector.
+      value:
+        params:
+          documents:
+            - id: my_doc_id
+              name: my_doc_name
+              message: hello, world
+    run_jira_connector_request:
+      summary: Run a Jira connector to retrieve the list of issue types.
+      value:
+        params:
+          subAction: issueTypes
+    run_servicenow_itom_connector_request:
+      summary: Run a ServiceNow ITOM connector to retrieve the list of choices.
+      value:
+        params:
+          subAction: getChoices
+          subActionParams:
+            fields:
+              - severity
+              - urgency
+    run_slack_api_connector_request:
+      summary: Run a Slack connector that uses the web API method to post a message on a channel.
+      value:
+        params:
+          subAction: postMessage
+          subActionParams:
+            channelIds:
+              - C123ABC456
+            text: A test message.
+    run_swimlane_connector_request:
+      summary: Run a Swimlane connector to create an incident.
+      value:
+        params:
+          subAction: pushToService
+          subActionParams:
+            comments:
+              - commentId: 1
+                comment: A comment about the incident.
+            incident:
+              caseId: '1000'
+              caseName: Case name
+              description: Description of the incident.
+    run_index_connector_response:
+      summary: Response from running an index connector.
+      value:
+        connector_id: fd38c600-96a5-11ed-bb79-353b74189cba
+        data:
+          errors: false
+          items:
+            - create:
+                _id: 4JtvwYUBrcyxt2NnfW3y
+                _index: my-index
+                _primary_term: 1
+                _seq_no: 0
+                _shards:
+                  failed: 0
+                  successful: 1
+                  total: 2
+                _version: 1
+                result: created
+                status: 201
+          took: 135
+        status: ok
+    run_jira_connector_response:
+      summary: Response from retrieving the list of issue types for a Jira connector.
+      value:
+        connector_id: b3aad810-edbe-11ec-82d1-11348ecbf4a6
+        data:
+          - id: 10024
+            name: Improvement
+          - id: 10006
+            name: Task
+          - id: 10007
+            name: Sub-task
+          - id: 10025
+            name: New Feature
+          - id: 10023
+            name: Bug
+          - id: 10000
+            name: Epic
+        status: ok
+    run_server_log_connector_response:
+      summary: Response from running a server log connector.
+      value:
+        connector_id: 7fc7b9a0-ecc9-11ec-8736-e7d63118c907
+        status: ok
+    run_servicenow_itom_connector_response:
+      summary: Response from retrieving the list of choices for a ServiceNow ITOM connector.
+      value:
+        connector_id: 9d9be270-2fd2-11ed-b0e0-87533c532698
+        data:
+          - dependent_value: ''
+            element: severity
+            label: Critical
+            value: 1
+          - dependent_value: ''
+            element: severity
+            label: Major
+            value: 2
+          - dependent_value: ''
+            element: severity
+            label: Minor
+            value: 3
+          - dependent_value: ''
+            element: severity
+            label: Warning
+            value: 4
+          - dependent_value: ''
+            element: severity
+            label: OK
+            value: 5
+          - dependent_value: ''
+            element: severity
+            label: Clear
+            value: 0
+          - dependent_value: ''
+            element: urgency
+            label: 1 - High
+            value: 1
+          - dependent_value: ''
+            element: urgency
+            label: 2 - Medium
+            value: 2
+          - dependent_value: ''
+            element: urgency
+            label: 3 - Low
+            value: 3
+        status: ok
+    run_slack_api_connector_response:
+      summary: Response from posting a message with a Slack connector.
+      value:
+        status: ok
+        data:
+          ok: true
+          channel: C123ABC456
+          ts: '1234567890.123456'
+          message:
+            bot_id: B12BCDEFGHI
+            type: message
+            text: A test message
+            user: U12A345BC6D
+            ts: '1234567890.123456'
+            app_id: A01BC2D34EF
+            blocks:
+              - type: rich_text
+                block_id: /NXe
+                elements:
+                  - type: rich_text_section
+                    elements:
+                      - type: text
+                        text: A test message.
+            team: T01ABCDE2F
+            bot_profile:
+              id: B12BCDEFGHI
+              app_id: A01BC2D34EF
+              name: test
+              icons:
+                image_36: https://a.slack-edge.com/80588/img/plugins/app/bot_36.png
+              deleted: false
+              updated: 1672169705
+              team_id: T01ABCDE2F
+        connector_id: .slack_api
+    run_swimlane_connector_response:
+      summary: Response from creating a Swimlane incident.
+      value:
+        connector_id: a4746470-2f94-11ed-b0e0-87533c532698
+        data:
+          id: aKPmBHWzmdRQtx6Mx
+          title: TEST-457
+          url: https://elastic.swimlane.url.us/record/aNcL2xniGHGpa2AHb/aKPmBHWzmdRQtx6Mx
+          pushedDate: '2022-09-08T16:52:27.866Z'
+          comments:
+            - commentId: 1
+              pushedDate: '2022-09-08T16:52:27.865Z'
+        status: ok
+    get_connectors_response:
+      summary: A list of connectors
+      value:
+        - id: preconfigured-email-connector
+          name: my-preconfigured-email-notification
+          connector_type_id: .email
+          is_preconfigured: true
+          is_deprecated: false
+          referenced_by_count: 0
+          is_system_action: false
+        - id: e07d0c80-8b8b-11ed-a780-3b746c987a81
+          name: my-index-connector
+          config:
+            index: test-index
+            refresh: false
+            executionTimeField: null
+          connector_type_id: .index
+          is_preconfigured: false
+          is_deprecated: false
+          referenced_by_count: 2
+          is_missing_secrets: false
+          is_system_action: false
+    update_rule_request:
+      summary: Index threshold rule
+      description: Update an index threshold rule that uses a server log connector to send notifications when the threshold is met.
+      value:
+        actions:
+          - frequency:
+              summary: false
+              notify_when: onActionGroupChange
+            group: threshold met
+            id: 96b668d0-a1b6-11ed-afdf-d39a49596974
+            params:
+              level: info
+              message: |-
+                Rule {{rule.name}} is active for group {{context.group}}:
+
+                - Value: {{context.value}}
+                - Conditions Met: {{context.conditions}} over {{rule.params.timeWindowSize}}{{rule.params.timeWindowUnit}}
+                - Timestamp: {{context.date}}
+        params:
+          aggField: sheet.version
+          aggType: avg
+          index:
+            - .updated-index
+          groupBy: top
+          termField: name.keyword
+          termSize: 6
+          threshold:
+            - 1000
+          thresholdComparator: '>'
+          timeField: '@timestamp'
+          timeWindowSize: 5
+          timeWindowUnit: m
+        name: new name
+        schedule:
+          interval: 1m
+        tags: []
+    update_rule_response:
+      summary: Index threshold rule
+      description: The response for successfully updating an index threshold rule.
+      value:
+        id: ac4e6b90-6be7-11eb-ba0d-9b1c1f912d74
+        consumer: alerts
+        tags: []
+        name: new name
+        enabled: true
+        throttle: null
+        revision: 1
+        running: false
+        schedule:
+          interval: 1m
+        params:
+          index:
+            - .updated-index
+          timeField: '@timestamp'
+          groupBy: top
+          aggType: avg
+          timeWindowSize: 5
+          timeWindowUnit: m
+          thresholdComparator: '>'
+          threshold:
+            - 1000
+          aggField: sheet.version
+          termField: name.keyword
+          termSize: 6
+        api_key_owner: elastic
+        created_by: elastic
+        updated_by: elastic
+        rule_type_id: .index-threshold
+        scheduled_task_id: 4c5eda00-e74f-11ec-b72f-5b18752ff9ea
+        created_at: '2024-03-26T23:13:20.985Z'
+        updated_at: '2024-03-26T23:22:59.949Z'
+        mute_all: false
+        muted_alert_ids: []
+        execution_status:
+          status: ok
+          last_execution_date: '2024-03-26T23:22:51.390Z'
+          last_duration: 52
+        actions:
+          - group: threshold met
+            params:
+              level: info
+              message: |-
+                Rule {{rule.name}} is active for group {{context.group}}:
+
+                - Value: {{context.value}}
+                - Conditions Met: {{context.conditions}} over {{rule.params.timeWindowSize}}{{rule.params.timeWindowUnit}}
+                - Timestamp: {{context.date}
+            id: 96b668d0-a1b6-11ed-afdf-d39a49596974
+            uuid: 07aef2a0-9eed-4ef9-94ec-39ba58eb609d
+            connector_type_id: .server-log
+            frequency:
+              summary: false
+              throttle: null
+              notify_when: onActionGroupChange
+        last_run:
+          alerts_count:
+            new: 0
+            ignored: 0
+            recovered: 0
+            active: 0
+          outcome_msg: null
+          warning: null
+          outcome: succeeded
+        next_run: '2024-03-26T23:23:51.316Z'
+        api_key_created_by_user: false
+    create_es_query_esql_rule_request:
+      summary: Elasticsearch query rule (ES|QL)
+      description: |
+        Create an Elasticsearch query rule that uses Elasticsearch Query Language (ES|QL) to define its query and a server log connector to send notifications.
+      value:
+        name: my Elasticsearch query ESQL rule
+        params:
+          searchType: esqlQuery
+          esqlQuery:
+            esql: FROM kibana_sample_data_logs | KEEP bytes, clientip, host, geo.dest | where geo.dest != "GB" | STATS sumbytes = sum(bytes) by clientip, host | WHERE sumbytes > 5000 | SORT sumbytes desc | LIMIT 10
+          timeField: '@timestamp'
+          timeWindowSize: 1
+          timeWindowUnit: d
+          size: 0
+          thresholdComparator: '>'
+          threshold:
+            - 0
+        consumer: stackAlerts
+        rule_type_id: .es-query
+        schedule:
+          interval: 1d
+        actions:
+          - group: query matched
+            id: d0db1fe0-78d6-11ee-9177-f7d404c8c945
+            params:
+              level: info
+              message: |-
+                Elasticsearch query rule '{{rule.name}}' is active:
+                - Value: {{context.value}} - Conditions Met: {{context.conditions}} over {{rule.params.timeWindowSize}}{{rule.params.timeWindowUnit}} - Timestamp: {{context.date}} - Link: {{context.link}}
+            frequency:
+              summary: false
+              notify_when: onActiveAlert
+    create_es_query_rule_request:
+      summary: Elasticsearch query rule (DSL)
+      description: |
+        Create an Elasticsearch query rule that uses Elasticsearch query domain specific language (DSL) to define its query and a server log connector to send notifications.
+      value:
+        actions:
+          - group: query matched
+            params:
+              level: info
+              message: The system has detected {{alerts.new.count}} new, {{alerts.ongoing.count}} ongoing, and {{alerts.recovered.count}} recovered alerts.
+            id: fdbece50-406c-11ee-850e-c71febc4ca7f
+            frequency:
+              throttle: 1d
+              summary: true
+              notify_when: onThrottleInterval
+          - group: recovered
+            params:
+              level: info
+              message: Recovered
+            id: fdbece50-406c-11ee-850e-c71febc4ca7f
+            frequency:
+              summary: false
+              notify_when: onActionGroupChange
+        consumer: alerts
+        name: my Elasticsearch query rule
+        params:
+          esQuery: '"""{"query":{"match_all" : {}}}"""'
+          index:
+            - kibana_sample_data_logs
+          size: 100
+          threshold:
+            - 100
+          thresholdComparator: '>'
+          timeField: '@timestamp'
+          timeWindowSize: 1
+          timeWindowUnit: d
+        rule_type_id: .es-query
+        schedule:
+          interval: 1d
+    create_es_query_kql_rule_request:
+      summary: Elasticsearch query rule (KQL)
+      description: Create an Elasticsearch query rule that uses Kibana query language (KQL).
+      value:
+        consumer: alerts
+        name: my Elasticsearch query KQL rule
+        params:
+          aggType: count
+          excludeHitsFromPreviousRun: true
+          groupBy: all
+          searchConfiguration:
+            query:
+              query: '""geo.src : "US" ""'
+              language: kuery
+            index: 90943e30-9a47-11e8-b64d-95841ca0b247
+          searchType: searchSource
+          size: 100
+          threshold:
+            - 1000
+          thresholdComparator: '>'
+          timeWindowSize: 5
+          timeWindowUnit: m
+        rule_type_id: .es-query
+        schedule:
+          interval: 1m
+    create_index_threshold_rule_request:
+      summary: Index threshold rule
+      description: |
+        Create an index threshold rule that uses a server log connector to send notifications when the threshold is met.
+      value:
+        actions:
+          - id: 48de3460-f401-11ed-9f8e-399c75a2deeb
+            frequency:
+              notify_when: onActionGroupChange
+              summary: false
+            group: threshold met
+            params:
+              level: info
+              message: |-
+                Rule '{{rule.name}}' is active for group '{{context.group}}':
+
+                - Value: {{context.value}}
+                - Conditions Met: {{context.conditions}} over {{rule.params.timeWindowSize}}{{rule.params.timeWindowUnit}}
+                - Timestamp: {{context.date}}
+        alert_delay:
+          active: 3
+        consumer: alerts
+        name: my rule
+        params:
+          aggType: avg
+          termSize: 6
+          thresholdComparator: '>'
+          timeWindowSize: 5
+          timeWindowUnit: m
+          groupBy: top
+          threshold:
+            - 1000
+          index:
+            - .test-index
+          timeField: '@timestamp'
+          aggField: sheet.version
+          termField: name.keyword
+        rule_type_id: .index-threshold
+        schedule:
+          interval: 1m
+        tags:
+          - cpu
+    create_tracking_containment_rule_request:
+      summary: Tracking containment rule
+      description: |
+        Create a tracking containment rule that checks when an entity is contained or no longer contained within a boundary.
+      value:
+        consumer: alerts
+        name: my tracking rule
+        params:
+          index: kibana_sample_data_logs
+          dateField": '@timestamp'
+          geoField: geo.coordinates
+          entity: agent.keyword
+          boundaryType: entireIndex
+          boundaryIndexTitle: boundary*
+          boundaryGeoField: location
+          boundaryNameField: name
+          indexId: 90943e30-9a47-11e8-b64d-95841ca0b247
+          boundaryIndexId: 0cd90abf-abe7-44c7-909a-f621bbbcfefc
+        rule_type_id: .geo-containment
+        schedule:
+          interval: 1h
+    create_es_query_esql_rule_response:
+      summary: Elasticsearch query rule (ES|QL)
+      description: The response for successfully creating an Elasticsearch query rule that uses Elasticsearch Query Language (ES|QL).
+      value:
+        id: e0d62360-78e8-11ee-9177-f7d404c8c945
+        enabled: true
+        name: my Elasticsearch query ESQL rule
+        tags: []
+        rule_type_id: .es-query
+        consumer: stackAlerts
+        schedule:
+          interval: 1d
+        actions:
+          - group: query matched
+            id: d0db1fe0-78d6-11ee-9177-f7d404c8c945
+            params:
+              level: info
+              message: |-
+                Elasticsearch query rule '{{rule.name}}' is active:
+                - Value: {{context.value}} - Conditions Met: {{context.conditions}} over {{rule.params.timeWindowSize}}{{rule.params.timeWindowUnit}} - Timestamp: {{context.date}} - Link: {{context.link}}
+            connector_type_id: .server-log
+            frequency:
+              summary: false
+              notify_when: onActiveAlert
+              throttle: null
+            uuid: bfe370a3-531b-4855-bbe6-ad739f578844
+        params:
+          searchType: esqlQuery
+          esqlQuery:
+            esql: FROM kibana_sample_data_logs | keep bytes, clientip, host, geo.dest | WHERE geo.dest != "GB" | stats sumbytes = sum(bytes) by clientip, host | WHERE sumbytes > 5000 | sort sumbytes desc | limit 10
+          timeField: '@timestamp'
+          timeWindowSize: 1
+          timeWindowUnit: d
+          size: 0
+          thresholdComparator: '>'
+          threshold:
+            - 0
+          excludeHitsFromPreviousRun": true,
+          aggType: count
+          groupBy: all
+        scheduled_task_id: e0d62360-78e8-11ee-9177-f7d404c8c945
+        created_by: elastic
+        updated_by: elastic",
+        created_at: '2023-11-01T19:00:10.453Z'
+        updated_at: '2023-11-01T19:00:10.453Z'
+        api_key_owner: elastic
+        api_key_created_by_user: false
+        throttle: null
+        mute_all: false
+        notify_when: null
+        muted_alert_ids: []
+        execution_status:
+          status: pending
+          last_execution_date: '2023-11-01T19:00:10.453Z'
+        revision: 0
+        running: false
+    create_es_query_rule_response:
+      summary: Elasticsearch query rule (DSL)
+      description: The response for successfully creating an Elasticsearch query rule that uses Elasticsearch query domain specific language (DSL).
+      value:
+        id: 58148c70-407f-11ee-850e-c71febc4ca7f
+        enabled: true
+        name: my Elasticsearch query rule
+        tags: []
+        rule_type_id: .es-query
+        consumer: alerts
+        schedule:
+          interval: 1d
+        actions:
+          - group: query matched
+            id: fdbece50-406c-11ee-850e-c71febc4ca7f
+            params:
+              level: info
+              message: The system has detected {{alerts.new.count}} new, {{alerts.ongoing.count}} ongoing, and {{alerts.recovered.count}} recovered alerts.
+            connector_type_id: .server-log
+            frequency:
+              summary: true
+              notify_when: onThrottleInterval
+              throttle: 1d
+            uuid: 53f3c2a3-e5d0-4cfa-af3b-6f0881385e78
+          - group: recovered
+            id: fdbece50-406c-11ee-850e-c71febc4ca7f
+            params:
+              level: info
+              message: Recovered
+            connector_type_id: .server-log
+            frequency:
+              summary: false
+              notify_when: onActionGroupChange
+              throttle: null
+            uuid: 2324e45b-c0df-45c7-9d70-4993e30be758
+        params:
+          thresholdComparator: '>'
+          timeWindowSize: 1
+          timeWindowUnit: d
+          threshold:
+            - 100
+          size: 100
+          timeField: '@timestamp'
+          index:
+            - kibana_sample_data_logs
+          esQuery: '"""{"query":{"match_all" : {}}}"""'
+          excludeHitsFromPreviousRun: true
+          aggType: count
+          groupBy: all
+          searchType: esQuery
+        scheduled_task_id: 58148c70-407f-11ee-850e-c71febc4ca7f
+        created_by: elastic
+        updated_by: elastic
+        created_at: '2023-08-22T00:03:38.263Z'
+        updated_at: '2023-08-22T00:03:38.263Z'
+        api_key_owner: elastic
+        api_key_created_by_user: false
+        throttle: null
+        mute_all: false
+        notify_when: null
+        muted_alert_ids: []
+        execution_status:
+          status: pending
+          last_execution_date: '2023-08-22T00:03:38.263Z'
+        revision: 0
+        running: false
+    create_es_query_kql_rule_response:
+      summary: Elasticsearch query rule (KQL)
+      description: The response for successfully creating an Elasticsearch query rule that uses Kibana query language (KQL).
+      value:
+        id: 7bd506d0-2284-11ee-8fad-6101956ced88
+        enabled: true
+        name: my Elasticsearch query KQL rule"
+        tags: []
+        rule_type_id: .es-query
+        consumer: alerts
+        schedule:
+          interval: 1m
+        actions: []
+        params:
+          searchConfiguration:
+            query:
+              query: '""geo.src : "US" ""'
+              language: kuery
+            index: 90943e30-9a47-11e8-b64d-95841ca0b247
+          searchType: searchSource
+          timeWindowSize: 5
+          timeWindowUnit: m
+          threshold:
+            - 1000
+          thresholdComparator: '>'
+          size: 100
+          aggType: count
+          groupBy: all
+          excludeHitsFromPreviousRun: true
+        created_by: elastic
+        updated_by: elastic
+        created_at: '2023-07-14T20:24:50.729Z'
+        updated_at: '2023-07-14T20:24:50.729Z'
+        api_key_owner: elastic
+        api_key_created_by_user: false
+        throttle: null
+        notify_when: null
+        mute_all: false
+        muted_alert_ids: []
+        scheduled_task_id: 7bd506d0-2284-11ee-8fad-6101956ced88
+        execution_status:
+          status: pending
+          last_execution_date: '2023-07-14T20:24:50.729Z'
+        revision: 0
+        running: false
+    create_index_threshold_rule_response:
+      summary: Index threshold rule
+      description: The response for successfully creating an index threshold rule.
+      value:
+        actions:
+          - group: threshold met
+            id: dceeb5d0-6b41-11eb-802b-85b0c1bc8ba2
+            uuid: 07aef2a0-9eed-4ef9-94ec-39ba58eb609d
+            connector_type_id: .server-log
+            frequency:
+              notify_when: onActionGroupChange
+              summary: false
+              throttle: null
+            params:
+              level: info
+              message: |-
+                Rule {{rule.name}} is active for group {{context.group} :
+
+                - Value: {{context.value}}
+                - Conditions Met: {{context.conditions}} over {{rule.params.timeWindowSize}}{{rule.params.timeWindowUnit}}
+                - Timestamp: {{context.date}}
+        alert_delay:
+          active: 3
+        api_key_created_by_user: false
+        api_key_owner: elastic
+        consumer: alerts
+        created_at: '2022-06-08T17:20:31.632Z'
+        created_by: elastic
+        enabled: true
+        execution_status:
+          last_execution_date: '2022-06-08T17:20:31.632Z'
+          status: pending
+        id: 41893910-6bca-11eb-9e0d-85d233e3ee35
+        muted_alert_ids: []
+        mute_all: false
+        name: my rule
+        notify_when: null
+        params:
+          aggType: avg
+          termSize: 6
+          thresholdComparator: '>'
+          timeWindowSize: 5
+          timeWindowUnit: m
+          groupBy: top
+          threshold:
+            - 1000
+          index:
+            - .test-index
+          timeField: '@timestamp'
+          aggField: sheet.version
+          termField: name.keyword
+        revision: 0
+        rule_type_id: .index-threshold
+        running: false
+        schedule:
+          interval: 1m
+        scheduled_task_id: 425b0800-6bca-11eb-9e0d-85d233e3ee35
+        tags:
+          - cpu
+        throttle: null
+        updated_at: '2022-06-08T17:20:31.632Z'
+        updated_by: elastic
+    create_tracking_containment_rule_response:
+      summary: Tracking containment rule
+      description: The response for successfully creating a tracking containment rule.
+      value:
+        id: b6883f9d-5f70-4758-a66e-369d7c26012f
+        name: my tracking rule
+        tags: []
+        enabled: true
+        consumer: alerts
+        throttle: null
+        revision: 1
+        running: false
+        schedule:
+          interval: 1h
+        params:
+          index: kibana_sample_data_logs
+          dateField: '@timestamp'
+          geoField: geo.coordinates
+          entity: agent.keyword
+          boundaryType: entireIndex
+          boundaryIndexTitle: boundary*
+          boundaryGeoField: location
+          boundaryNameField: name
+          indexId: 90943e30-9a47-11e8-b64d-95841ca0b247
+          boundaryIndexId: 0cd90abf-abe7-44c7-909a-f621bbbcfefc
+        rule_type_id: .geo-containment
+        created_by: elastic
+        updated_by: elastic
+        created_at: '2024-02-14T19:52:55.920Z'
+        updated_at: '2024-02-15T03:24:32.574Z'
+        api_key_owner: elastic
+        notify_when: null
+        mute_all: false
+        muted_alert_ids: []
+        scheduled_task_id: b6883f9d-5f70-4758-a66e-369d7c26012f
+        execution_status:
+          status: ok
+          last_execution_date: '2024-02-15T03:25:38.125Z'
+          last_duration: 74
+        actions: []
+        last_run:
+          alerts_count:
+            active: 0
+            new: 0
+            recovered: 0
+            ignored: 0
+          outcome_msg: null
+          outcome_order: 0
+          outcome: succeeded
+          warning: null
+        next_run: '2024-02-15T03:26:38.033Z'
+        api_key_created_by_user: false
+    find_rules_response:
+      summary: Index threshold rule
+      description: A response that contains information about an index threshold rule.
+      value:
+        page: 1
+        total: 1
+        per_page: 10
+        data:
+          - id: 3583a470-74f6-11ed-9801-35303b735aef
+            consumer: alerts
+            tags:
+              - cpu
+            name: my alert
+            enabled: true
+            throttle: null
+            schedule:
+              interval: 1m
+            params:
+              aggType: avg
+              termSize: 6
+              thresholdComparator: '>'
+              timeWindowSize: 5
+              timeWindowUnit: m
+              groupBy: top
+              threshold:
+                - 1000
+              index:
+                - test-index
+              timeField: '@timestamp'
+              aggField: sheet.version
+              termField: name.keyword
+            revision: 1
+            rule_type_id: .index-threshold
+            created_by: elastic
+            updated_by: elastic
+            created_at: '2022-12-05T23:40:33.132Z'
+            updated_at: '2022-12-05T23:40:33.132Z'
+            api_key_owner: elastic
+            mute_all: false
+            muted_alert_ids: []
+            scheduled_task_id: 3583a470-74f6-11ed-9801-35303b735aef
+            execution_status:
+              status: ok
+              last_execution_date: '2022-12-06T01:44:23.983Z'
+              last_duration: 48
+            actions:
+              - id: 9dca3e00-74f5-11ed-9801-35303b735aef
+                group: threshold met
+                uuid: 1c7a1280-f28c-4e06-96b2-e4e5f05d1d61
+                params:
+                  level: info
+                  message: |-
+                    Rule {{rule.name}} is active for group {{context.group}}:
+
+                    - Value: {{context.value}}
+                    - Conditions Met: {{context.conditions}} over {{rule.params.timeWindowSize}}{{rule.params.timeWindowUnit}}
+                    - Timestamp: {{context.date}}
+                  connector_type_id: .server-log
+                frequency:
+                  summary: false
+                  notify_when: onActionGroupChange
+                  throttle: null
+            last_run:
+              alerts_count:
+                new: 0
+                ignored: 0
+                recovered: 0
+                active: 0
+              outcome_msg: null
+              warning: null
+              outcome: succeeded
+            next_run: '2022-12-06T01:45:23.912Z'
+            api_key_created_by_user: false
+    find_rules_response_conditional_action:
+      summary: Security rule
+      description: A response that contains information about a security rule that has conditional actions.
+      value:
+        page: 1
+        total: 1
+        per_page: 10
+        data:
+          - id: 6107a8f0-f401-11ed-9f8e-399c75a2deeb
+            name: security_rule
+            consumer: siem
+            enabled: true
+            tags: []
+            throttle: null
+            revision: 1
+            running: false
+            schedule:
+              interval: 1m
+            params:
+              author: []
+              description: A security threshold rule.
+              ruleId: an_internal_rule_id
+              falsePositives: []
+              from: now-3660s
+              immutable: false
+              license: ''
+              outputIndex: ''
+              meta:
+                from: 1h
+                kibana_siem_app_url: https://localhost:5601/app/security
+              maxSignals: 100
+              riskScore: 21
+              riskScoreMapping: []
+              severity: low
+              severityMapping: []
+              threat: []
+              to: now
+              references: []
+              version: 1
+              exceptionsList: []
+              type: threshold
+              language: kuery
+              index:
+                - kibana_sample_data_logs
+              query: '*'
+              filters: []
+              threshold:
+                field:
+                  - bytes
+                value: 1
+                cardinality: []
+            rule_type_id: siem.thresholdRule
+            created_by: elastic
+            updated_by: elastic
+            created_at: '2023-05-16T15:50:28.358Z'
+            updated_at: '2023-05-16T20:25:42.559Z'
+            api_key_owner: elastic
+            notify_when: null
+            mute_all: false
+            muted_alert_ids: []
+            scheduled_task_id: 6107a8f0-f401-11ed-9f8e-399c75a2deeb
+            execution_status:
+              status: ok
+              last_execution_date: '2023-05-16T20:26:49.590Z'
+              last_duration: 166
+            actions:
+              - group: default
+                id: 49eae970-f401-11ed-9f8e-399c75a2deeb
+                params:
+                  documents:
+                    - rule_id:
+                        '[object Object]': null
+                      rule_name:
+                        '[object Object]': null
+                      alert_id:
+                        '[object Object]': null
+                      context_message:
+                        '[object Object]': null
+                connector_type_id: .index
+                frequency:
+                  summary: true
+                  notify_when: onActiveAlert
+                  throttle: null
+                uuid: 1c7a1280-f28c-4e06-96b2-e4e5f05d1d61
+                alerts_filter:
+                  timeframe:
+                    days:
+                      - 7
+                    timezone: UTC
+                    hours:
+                      start: '08:00'
+                      end: '17:00'
+                  query:
+                    kql: ''
+                    filters:
+                      - meta:
+                          disabled: false
+                          negate: false
+                          alias: null
+                          index: c4bdca79-e69e-4d80-82a1-e5192c621bea
+                          key: client.geo.region_iso_code
+                          field: client.geo.region_iso_code
+                          params:
+                            query: CA-QC
+                            type: phrase
+                        $state:
+                          store: appState
+                        query:
+                          match_phrase:
+                            client.geo.region_iso_code: CA-QC
+            last_run:
+              alerts_count:
+                new: 0
+                ignored: 0
+                recovered: 0
+                active: 0
+              outcome_msg:
+                - Rule execution completed successfully
+              outcome_order: 0
+              warning: null
+              outcome: succeeded
+            next_run: '2023-05-16T20:27:49.507Z'
+            api_key_created_by_user: false
+    get_roles_response1:
+      summary: Get all role details
+      value:
+        - name: my_kibana_role
+          description: My kibana role description
+          metadata:
+            version: 1
+          transient_metadata:
+            enabled: true
+          elasticsearch:
+            indices: []
+            cluster: []
+            run_as: []
+          kibana:
+            - base:
+                - all
+              feature: {}
+              spaces:
+                - '*'
+        - name: my_admin_role
+          description: My admin role description
+          metadata:
+            version: 1
+          transient_metadata:
+            enabled: true
+          elasticsearch:
+            cluster:
+              - all
+            indices:
+              - names:
+                  - index1
+                  - index2
+                privileges:
+                  - all
+                field_security:
+                  grant:
+                    - title
+                    - body
+                query: '{\"match\": {\"title\": \"foo\"}}'
+          kibana: []
+    get_role_response1:
+      summary: Get role details
+      value:
+        name: my_kibana_role
+        description: Grants all cluster privileges and full access to index1 and index2. Grants full access to remote_index1 and remote_index2, and the monitor_enrich cluster privilege on remote_cluster1. Grants all Kibana privileges in the default space.
+        metadata:
+          version: 1
+        transient_metadata:
+          enabled: true
+        elasticsearch:
+          cluster:
+            - all
+          remote_cluster:
+            - privileges:
+                - monitor_enrich
+              clusters:
+                - remote_cluster1
+          indices:
+            - names:
+                - index1
+                - index2
+              privileges:
+                - all
+              allow_restricted_indices: false
+          remote_indices:
+            - names:
+                - remote_index1
+                - remote_index2
+              privileges:
+                - all
+              allow_restricted_indices: false
+              clusters:
+                - remote_cluster1
+          run_as: []
+        kibana:
+          - base:
+              - all
+            feature: {}
+            spaces:
+              - default
+        _transform_error: []
+        _unrecognized_applications: []
+    create_role_request1:
+      summary: Feature privileges in multiple spaces
+      description: Grant access to various features in some spaces.
+      value:
+        description: Grant full access to discover and dashboard features in the default space. Grant read access in the marketing, and sales spaces.
+        metadata:
+          version: 1
+        elasticsearch:
+          cluster: []
+          indices: []
+        kibana:
+          - base: []
+            feature:
+              discover:
+                - all
+              dashboard:
+                - all
+            spaces:
+              - default
+          - base:
+              - read
+            spaces:
+              - marketing
+              - sales
+    create_role_request2:
+      summary: Dashboard privileges in a space
+      description: Grant access to dashboard features in a Marketing space.
+      value:
+        description: Grant dashboard access in the Marketing space.
+        metadata:
+          version: 1
+        elasticsearch:
+          cluster: []
+          indices: []
+        kibana:
+          - base: []
+            feature:
+              dashboard:
+                - read
+            spaces:
+              - marketing
+    create_role_request3:
+      summary: Feature privileges in a space
+      description: Grant full access to all features in the default space.
+      value:
+        metadata:
+          version: 1
+        elasticsearch:
+          cluster: []
+          indices: []
+        kibana:
+          - base:
+              - all
+            feature: {}
+            spaces:
+              - default
+    create_role_request4:
+      summary: Elasticsearch and Kibana feature privileges
+      description: Grant Elasticsearch and Kibana feature privileges.
+      value:
+        description: Grant all cluster privileges and full access to index1 and index2. Grant full access to remote_index1 and remote_index2, and the monitor_enrich cluster privilege on remote_cluster1. Grant all Kibana privileges in the default space.
+        metadata:
+          version: 1
+        elasticsearch:
+          cluster:
+            - all
+          indices:
+            - names:
+                - index1
+                - index2
+              privileges:
+                - all
+          remote_indices:
+            - clusters:
+                - remote_cluster1
+              names:
+                - remote_index1
+                - remote_index2
+              privileges:
+                - all
+          remote_cluster:
+            - clusters:
+                - remote_cluster1
+              privileges:
+                - monitor_enrich
+        kibana:
+          - base:
+              - all
+            feature: {}
+            spaces:
+              - default
+    copy_saved_objects_request1:
+      summary: Copy with createNewCopies
+      description: |
+        Copy a dashboard with the my-dashboard ID, including all references from the default space to the marketing space. In this example, the dashboard has a reference to a visualization and that has a reference to a data view.
+      value:
+        objects:
+          - type: dashboard
+            id: my-dashboard
+        spaces:
+          - marketing
+        includeReferences: true
+    copy_saved_objects_request2:
+      summary: Copy without createNewCopies
+      description: |
+        Copy a dashboard with the my-dashboard ID, including all references from the default space to the marketing space. In this example, the dashboard has a reference to a visualization and that has a reference to a data view.
+      value:
+        objects:
+          - type: dashboard
+            id: my-dashboard
+        spaces:
+          - marketing
+        includeReferences: true
+        createNewCopies: false
+    copy_saved_objects_response1:
+      summary: Copy with createNewCopies
+      description: |
+        The response for successfully copying a dashboard with the my-dashboard ID, including all references from the default space to the marketing space. The result indicates a successful copy and all three objects are created. Since these objects were created as new copies, each entry in the successResults array includes a destinationId attribute.
+      value:
+        marketing:
+          success: true
+          successCount: 3
+          successResults:
+            - id: my-dashboard
+              type: dashboard
+              destinationId: 1e127098-5b80-417f-b0f1-c60c8395358f
+              meta:
+                icon: dashboardApp
+                title: Look at my dashboard
+            - id: my-vis
+              type: visualization
+              destinationId: a610ed80-1c73-4507-9e13-d3af736c8e04
+              meta:
+                icon: visualizeApp
+                title: Look at my visualization
+            - id: my-index-pattern
+              type: index-pattern
+              destinationId: bc3c9c70-bf6f-4bec-b4ce-f4189aa9e26b
+              meta:
+                icon: indexPatternApp
+                title: my-pattern-*
+    copy_saved_objects_response2:
+      summary: Copy without createNewCopies
+      description: |
+        The response for successfully copying a dashboard with the my-dashboard ID with createNewCopies turned off. The result indicates a successful copy and all three objects are created.
+      value:
+        marketing:
+          success: true
+          successCount: 3
+          successResults:
+            - id: my-dashboard
+              type: dashboard
+              meta:
+                icon: dashboardApp
+                title: Look at my dashboard
+            - id: my-vis
+              type: visualization
+              meta:
+                icon: visualizeApp
+                title: Look at my visualization
+            - id: my-index-pattern
+              type: index-pattern
+              meta:
+                icon: indexPatternApp
+                title: my-pattern-*
+    copy_saved_objects_response3:
+      summary: Failed copy response with conflict errors
+      description: |
+        A response for a failed copy of a dashboard with the my-dashboard ID including all references from the default space to the marketing and sales spaces. In this example, the dashboard has a reference to a visualization and a Canvas workpad and the visualization has a reference to an index pattern. The result indicates a successful copy for the marketing space and an unsuccessful copy for the sales space because the data view, visualization, and Canvas workpad each resulted in a conflict error. Objects are created when the error is resolved using the resolve copy conflicts API.
+      value:
+        marketing:
+          success: true
+          successCount: 4
+          successResults:
+            - id: my-dashboard
+              type: dashboard
+              meta:
+                icon: dashboardApp
+                title: Look at my dashboard
+            - id: my-vis
+              type: visualization
+              meta:
+                icon: visualizeApp
+                title: Look at my visualization
+            - id: my-canvas
+              type: canvas-workpad
+              meta:
+                icon: canvasApp
+                title: Look at my canvas
+            - id: my-index-pattern
+              type: index-pattern
+              meta:
+                icon: indexPatternApp
+                title: my-pattern-*
+        sales:
+          success: false
+          successCount: 1,
+          errors:
+            - id: my-pattern
+              type: index-pattern
+              title: my-pattern-*
+              error:
+                type: conflict
+              meta:
+                icon: indexPatternApp
+                title: my-pattern-*
+            - id: my-visualization
+              type: my-vis
+              title: Look at my visualization
+              error:
+                type: conflict
+                destinationId: another-vis
+              meta:
+                icon: visualizeApp
+                title: Look at my visualization
+            - id: my-canvas
+              type: canvas-workpad
+              title: Look at my canvas
+              error:
+                type: ambiguous_conflict
+                destinations:
+                  - id: another-canvas
+                    title: Look at another canvas
+                    updatedAt: '2020-07-08T16:36:32.377Z'
+                  - id: yet-another-canvas
+                    title: Look at yet another canvas
+                    updatedAt: '2020-07-05T12:29:54.849Z'
+              meta:
+                icon: canvasApp
+                title: Look at my canvas
+          successResults":
+            - id: my-dashboard
+              type: dashboard
+              meta:
+                icon: dashboardApp
+                title: Look at my dashboard
+    copy_saved_objects_response4:
+      summary: Failed copy with missing reference errors
+      description: |
+        The response for successfully copying a dashboard with the my-dashboard ID, including all references from the default space to the marketing space. In this example, the dashboard has a reference to a visualization and a Canvas workpad and the visualization has a reference to a data view. The result indicates an unsuccessful copy because the visualization resulted in a missing references error. Objects are created when the errors are resolved using the resolve copy conflicts API.
+      value:
+        marketing:
+          success: false
+          successCount: 2
+          errors:
+            - id: my-vis
+              type: visualization
+              title: Look at my visualization
+              error:
+                type: missing_references
+                references:
+                  - type: index-pattern
+                    id: my-pattern-*
+              meta:
+                icon: visualizeApp
+                title: Look at my visualization
+          successResults:
+            - id: my-dashboard
+              type: dashboard
+              meta:
+                icon: dashboardApp
+                title: Look at my dashboard
+            - id: my-canvas
+              type: canvas-workpad
+              meta:
+                icon: canvasApp
+                title: Look at my canvas
+    disable_legacy_url_request1:
+      summary: Disable legacy URL aliases
+      description: |
+        This request leaves the alias intact but the legacy URL for this alias (http://localhost:5601/s/bills-space/app/dashboards#/view/123) will no longer function. The dashboard still exists and you can access it with the new URL.
+      value:
+        aliases:
+          - targetSpace: bills-space
+            targetType: dashboard
+            sourceId: 123
+    resolve_copy_saved_objects_request1:
+      summary: Resolve conflict errors
+      description: |
+        Resolve conflict errors for a data view, visualization, and Canvas workpad by overwriting the existing saved objects. NOTE: If a prior copy attempt resulted in resolvable errors, you must include a retry for each object you want to copy, including any that were returned in the successResults array. In this example, we retried copying the dashboard accordingly.
+      value:
+        objects:
+          - type: dashboard
+            id: my-dashboard
+        includeReferences: true
+        createNewCopies: false
+        retries:
+          sales:
+            - type: index-pattern
+              id: my-pattern
+              overwrite: true
+            - type: visualization
+              id: my-vis
+              overwrite: true,
+              destinationId: another-vis
+            - type: canvas
+              id: my-canvas
+              overwrite: true
+              destinationId: yet-another-canvas
+            - type: dashboard
+              id: my-dashboard
+    resolve_copy_saved_objects_request2:
+      summary: Resolve missing reference errors
+      description: |
+        Resolve missing reference errors for a visualization by ignoring the error. NOTE: If a prior copy attempt resulted in resolvable errors, you must include a retry for each object you want to copy, including any that were returned in the successResults array. In this example, we retried copying the dashboard and canvas accordingly.
+      value:
+        objects:
+          - type: dashboard
+            id: my-dashboard
+        includeReferences: true
+        createNewCopies: false
+        retries:
+          marketing:
+            - type: visualization
+              id: my-vis
+              ignoreMissingReferences: true
+            - type: canvas
+              id: my-canvas
+            - type: dashboard
+              id: my-dashboard
+    update_saved_objects_spaces_request1:
+      summary: Update saved object spaces
+      description: Update the spaces of each saved object and all its references.
+      value:
+        objects:
+          - type: index-pattern
+            id: 90943e30-9a47-11e8-b64d-95841ca0b247
+        spacesToAdd:
+          - test
+        spacesToRemove: []
+    update_saved_objects_spaces_response1:
+      summary: Update saved object spaces
+      description: |
+        The response from updating the spaces of saved objects.
+      value:
+        objects:
+          - type: index-pattern
+            id: 90943e30-9a47-11e8-b64d-95841ca0b247
+            spaces:
+              - default
+              - test
+    get_spaces_response1:
+      summary: Get all spaces
+      description: Get all spaces without specifying any options.
+      value:
+        - id: default
+          name: Default
+          description: This is the Default Space
+          disabledFeatures: []
+          imageUrl: ''
+          _reserved: true
+        - id: marketing
+          name: Marketing
+          description: This is the Marketing Space
+          color: null
+          disabledFeatures:
+            - apm
+          initials: MK
+          imageUrl: data:image/png;base64,iVBORw0KGgoAAAANSU
+        - id: sales
+          name: Sales
+          initials: MK
+          disabledFeatures:
+            - discover
+          imageUr": ''
+          solution: oblt
+    get_spaces_response2:
+      summary: Get all spaces with custom options
+      description: |
+        The user has read-only access to the Sales space. Get all spaces with the following query parameters: "purpose=shareSavedObjectsIntoSpace&include_authorized_purposes=true"
+      value:
+        - id: default
+          name: Default
+          description: This is the Default Space
+          disabledFeatures: []
+          imageUrl: ''
+          _reserved: true
+          authorizedPurposes:
+            any: true
+            copySavedObjectsIntoSpace: true
+            findSavedObjects: true
+            shareSavedObjectsIntoSpace: true
+        - id: marketing
+          name: Marketing
+          description: This is the Marketing Space
+          color: null
+          disabledFeatures:
+            - apm
+          initials: MK
+          imageUrl: data:image/png;base64,iVBORw0KGgoAAAANSU
+          authorizedPurposes:
+            any: true
+            copySavedObjectsIntoSpace: true
+            findSavedObjects: true
+            shareSavedObjectsIntoSpace: true
+        - id: sales
+          name: Sales
+          initials: MK
+          disabledFeatures:
+            - discover
+          imageUrl: ''
+          authorizedPurposes:
+            any: true
+            copySavedObjectsIntoSpace: false
+            findSavedObjects: true
+            shareSavedObjectsIntoSpace: false
+    create_space_request:
+      summary: Create a marketing space
+      value:
+        id: marketing
+        name: Marketing
+        description: This is the Marketing Space
+        color: null
+        initials: MK
+        disabledFeatures: []
+        imageUrl: data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAD4AAABACAYAAABC6cT1AAAGf0lEQVRoQ+3abYydRRUH8N882xYo0IqagEVjokQJKAiKBjXExC9G/aCkGowCIghCkRcrVSSKIu/FEiqgGL6gBIlAYrAqUTH6hZgQFVEMKlQFfItWoQWhZe8z5uzMLdvbfbkLxb13d+fbvfe588x/zpn/+Z9zJpmnI81T3BaAzzfLL1h8weLzZAcWXH2eGHo7zAWLL1h8nuzAjFw9G1N6Kzq8HnuM36MR8iibF3Fv4q+7cv8yDV6K13bYq2furSP8Ag8ncr/vnSnwRViJT2GfCV7yL1yHGxLb+l3EdM9lluNEnIC9xz+f2ZL4Er6Z2DrdXN3fZwp8CU7OfDHxggle8lTLbQ1nJ/7Z7yKmey5zYGZt4h2IzR8/trRc2PDlxJPTzfVcgJ+CC0wMPOa9F6cm7up3EVM9V9386MxliVdM8GwAv6hh/awCz/w7lY25OtF5ruBz4ZLP42NYNrDAFbC3YPWuILnMAfgq3oaRQQYea/stViV+sgssvjKzLvGySeaaNVfP4d7Btokgvxj/bblgpueuF1hmWcyTCmfE3J3M1lTcv0vMswM88zR+jpw4osu6me8kzkpsfLZWzxyRuabO22buxxOJ12FxnXfWgEe83pB5sOE47BsLymzscOoi7nw2JJfZreUjiUsTyzKPZm5NvBDvSuw268AzNzV8H5/Am+qCnsAXgpgSW2Zq9cyKlksbPlTd+te4quWNieMHBfiNDdciYnwsdI/MaOaWhnMTf54J8CqNj8x8JXFIZltYu+HqlmNT8YSBsHgAPw/vxvlVV4du/s0oaxbxg0TbL/jMni0nNcVjQq7+HZfgtpbzBg342TgQ63AkmsymxBW4IjE6A+D7Vzd/fyWxIM/VuCe+HzTgZ2Jpy/kNJ2FJLmLm24mPJ/42A+Bvrxt4SISwlhsaPodH26LZB8rVA3inwwebsrixJCZzX+KMxI/7AV61eVh3DV6Mx3EOvh4kN6jAg8nfUCXm4d1wE66OyxNPTQc+s3/o/MoXizL3JE5O3F3P/uBZPPF4Zr+Wi5uSO48ZPRdyCwn7YB/A35m5KhWNHox4fcNnIs0ddOCRSBxf8+cQG+Huf0l8NJVYP+nI7NXy2ar4QqIGm69JfKPOE2w/mBavCzwM11R2D+ChsUO7hyUfmwx55qDM1xJvqZ7y08TpifuGBfjeURVJnNIVGpkNiXNS0ds7jcySDitDCCWW56LJ10fRo8sNA+3qXUSZD2CtQlZh9T+1rB7h9oliembflnMbzqgSNZKbKGHdPm7OwXb1CvQ1metSETMpszmzvikCJNh/h5E5PHNl4qga/+/cxqrdeWDYgIe7X5L4cGJPJX2940lOX8pD41FnFnc4riluvQKbK0dcHJFi2IBHNTQSlguru4d2/wPOTNzRA3x5y+U1E1uqWDkETOT026XuUJzx6u7ReLhSYenQ7uHua0fKZmwfmcPqsQjxE5WVONcRxn7X89zgn/EKPMRMxOVQXmP18Mx3q3b/Y/0cQE/IhFtHESMsHFlZ1Ml3CH3DZPHImY+pxcKumNmYirtvqMBfhMuU6s3iqOQkTsMPe1tCQwO8Ajs0lxr7W+vnp1MJc9EgCNd/cy6x+9D4veXmprj5wxMw/3C4egW6zzgZOlYZzfwo3F2J7ael0pJamvlPKgWNKFft1AAcKotXoFEbD7kaoSoQPVKB35+5KHF0lai/rJo+up87jWEE/qqqwY+qrL21LWLm95lPJ16ppKw31XC3PXYPJauPEx7B6BHCgrSizRs18qiaRp8tlN3ueCTYPHH9RNaunjI8Z7wLYpT3jZSCYXQ8e9vTsRE/q+no3XMKeObgGtaintbb/AvXj4JDkNw/5hrwYPfIvlZFUbLn7G5q+eQIN09Vnho6cqvnM/Lt99RixH49wO8K0ZL41WTWHoQzvsNVkOheZqKhEGpsp3SzB+BBtZAYve7uOR9tuTaaB6l0XScdYfEQPpkTUyHEGP+XqyDBzu+NBCITUjNWHynkrbWKOuWFn1xKzqsyx0bdvS78odp0+N503Zao0uCsWuSIDku8/7EO60b41vN5+Ses9BKlTdvd8bhp9EBvJjWJAIn/vxwHe6b3tSk6JFPV4nq85oAOrx555v/x/rh3E6Lo+bnuNS4uB4Cuq0ZfvO8X1rM6q/+vnjLVqZq7v83onttc2oYF4HPJmv1gWbB4P7s0l55ZsPhcsmY/WBYs3s8uzaVn5q3F/wf70mRuBCtbjQAAAABJRU5ErkJggg==
+    get_space_response:
+      summary: Get details about a marketing space
+      value:
+        id: marketing
+        name: Marketing
+        description: This is the Marketing Space
+        color: null
+        initials: MK
+        disabledFeatures: []
+        imageUrl: ''
+        solution: es
+    update_space_request:
+      summary: Update a marketing space
+      description: Update the marketing space to remove the imageUrl.
+      value:
+        id: marketing
+        name: Marketing
+        description: This is the Marketing Space
+        color: null
+        initials: MK
+        disabledFeatures: []
+        imageUrl: ''
   parameters:
     Alerting_kbn_xsrf:
       description: Cross-site request forgery protection
@@ -43646,10 +42595,8 @@ components:
         example: 09f0c261e39e36351d75995b78bb83673774d1bc2cca9df2d15f0e5c0a99a540
         type: string
     Cases_assignees_filter:
-      description: >
-        Filters the returned cases by assignees. Valid values are `none` or
-        unique identifiers for the user profiles. These identifiers can be found
-        by using the suggest user profile API.
+      description: |
+        Filters the returned cases by assignees. Valid values are `none` or unique identifiers for the user profiles. These identifiers can be found by using the suggest user profile API.
       in: query
       name: assignees
       schema:
@@ -43657,9 +42604,7 @@ components:
           - $ref: '#/components/schemas/Cases_string'
           - $ref: '#/components/schemas/Cases_string_array'
     Cases_case_id:
-      description: >-
-        The identifier for the case. To retrieve case IDs, use the find cases
-        API. All non-ASCII characters must be URL encoded.
+      description: The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded.
       in: path
       name: caseId
       required: true
@@ -43675,9 +42620,8 @@ components:
           - $ref: '#/components/schemas/Cases_case_category'
           - $ref: '#/components/schemas/Cases_case_categories'
     Cases_comment_id:
-      description: >
-        The identifier for the comment. To retrieve comment IDs, use the get
-        case or find cases APIs.
+      description: |
+        The identifier for the comment. To retrieve comment IDs, use the get case or find cases APIs.
       in: path
       name: commentId
       required: true
@@ -43693,9 +42637,7 @@ components:
         example: 3297a0f0-b5ec-11ec-b141-0fdb20a7f9a9
         type: string
     Cases_connector_id:
-      description: >-
-        An identifier for the connector. To retrieve connector IDs, use the find
-        connectors API.
+      description: An identifier for the connector. To retrieve connector IDs, use the find connectors API.
       in: path
       name: connectorId
       required: true
@@ -43711,18 +42653,16 @@ components:
         default: OR
         type: string
     Cases_from:
-      description: >
-        Returns only cases that were created after a specific date. The date
-        must be specified as a KQL data range or date match expression.
+      description: |
+        Returns only cases that were created after a specific date. The date must be specified as a KQL data range or date match expression.
       in: query
       name: from
       schema:
         example: now-1d
         type: string
     Cases_ids:
-      description: >
-        The cases that you want to removed. All non-ASCII characters must be URL
-        encoded.
+      description: |
+        The cases that you want to removed. All non-ASCII characters must be URL encoded.
       example: d4e7abb0-b462-11ec-9a8d-698504725a43
       in: query
       name: ids
@@ -43735,9 +42675,7 @@ components:
         type: array
     Cases_includeComments:
       deprecated: true
-      description: >-
-        Deprecated in 8.1.0. This parameter is deprecated and will be removed in
-        a future release. It determines whether case comments are returned.
+      description: Deprecated in 8.1.0. This parameter is deprecated and will be removed in a future release. It determines whether case comments are returned.
       in: query
       name: includeComments
       schema:
@@ -43751,10 +42689,8 @@ components:
       schema:
         type: string
     Cases_owner_filter:
-      description: >
-        A filter to limit the response to a specific set of applications. If
-        this parameter is omitted, the response contains information about all
-        the cases that the user has access to read.
+      description: |
+        A filter to limit the response to a specific set of applications. If this parameter is omitted, the response contains information about all the cases that the user has access to read.
       example: cases
       in: query
       name: owner
@@ -43789,9 +42725,7 @@ components:
           - $ref: '#/components/schemas/Cases_string'
           - $ref: '#/components/schemas/Cases_string_array'
     Cases_search:
-      description: >-
-        An Elasticsearch simple_query_string query that filters the objects in
-        the response.
+      description: An Elasticsearch simple_query_string query that filters the objects in the response.
       in: query
       name: search
       schema:
@@ -43863,9 +42797,8 @@ components:
           - $ref: '#/components/schemas/Cases_string'
           - $ref: '#/components/schemas/Cases_string_array'
     Cases_to:
-      description: >
-        Returns only cases that were created before a specific date. The date
-        must be specified as a KQL data range or date match expression.
+      description: |
+        Returns only cases that were created before a specific date. The date must be specified as a KQL data range or date match expression.
       example: now+1d
       in: query
       name: to
@@ -43920,9 +42853,7 @@ components:
         example: ff959d40-b880-11e8-a6d9-e546fe2bba5f
         type: string
     Machine_learning_APIs_simulateParam:
-      description: >-
-        When true, simulates the synchronization by returning only the list of
-        actions that would be performed.
+      description: When true, simulates the synchronization by returning only the list of actions that would be performed.
       example: 'true'
       in: query
       name: simulate
@@ -43944,9 +42875,7 @@ components:
       schema:
         type: string
     Saved_objects_saved_object_type:
-      description: >-
-        Valid options include `visualization`, `dashboard`, `search`,
-        `index-pattern`, `config`.
+      description: Valid options include `visualization`, `dashboard`, `search`, `index-pattern`, `config`.
       in: path
       name: type
       required: true
@@ -43968,9 +42897,7 @@ components:
         example: 9c235211-6834-11ea-a78c-6feb38a34414
         type: string
     SLOs_space_id:
-      description: >-
-        An identifier for the space. If `/s/` and the identifier are omitted
-        from the path, the default space is used.
+      description: An identifier for the space. If `/s/` and the identifier are omitted from the path, the default space is used.
       in: path
       name: spaceId
       required: true
@@ -44088,15 +43015,11 @@ components:
           description: Indicates whether it is a dynamic field mapping.
           type: boolean
         format:
-          description: >
-            Indicates the format of the field. For example, if the `type` is
-            `date_range`, the `format` can be
-            `epoch_millis||strict_date_optional_time`.
+          description: |
+            Indicates the format of the field. For example, if the `type` is `date_range`, the `format` can be `epoch_millis||strict_date_optional_time`.
           type: string
         ignore_above:
-          description: >-
-            Specifies the maximum length of a string field. Longer strings are
-            not indexed or stored.
+          description: Specifies the maximum length of a string field. Longer strings are not indexed or stored.
           type: integer
         index:
           description: Indicates whether field values are indexed.
@@ -44111,18 +43034,15 @@ components:
               type:
                 description: The data type for each object property.
                 type: string
-          description: >
-            Details about the object properties. This property is applicable
-            when `type` is `object`.
+          description: |
+            Details about the object properties. This property is applicable when `type` is `object`.
           type: object
         required:
           description: Indicates whether the field is required.
           type: boolean
         scaling_factor:
-          description: >
-            The scaling factor to use when encoding values. This property is
-            applicable when `type` is `scaled_float`. Values will be multiplied
-            by this factor at index time and rounded to the closest long value. 
+          description: |
+            The scaling factor to use when encoding values. This property is applicable when `type` is `scaled_float`. Values will be multiplied by this factor at index time and rounded to the closest long value. 
           type: integer
         type:
           description: Specifies the data type for the field.
@@ -44445,10 +43365,8 @@ components:
           example: 0bc3b5ebf18fba8163fe4c96f491e3767a358f85
           type: string
         mark_as_applied_by_agent:
-          description: >
-            `markAsAppliedByAgent=true` means "force setting it to true
-            regardless of etag".
-
+          description: |
+            `markAsAppliedByAgent=true` means "force setting it to true regardless of etag".
             This is needed for Jaeger agent that doesn't have etags
           type: boolean
         service:
@@ -44563,9 +43481,7 @@ components:
       type: object
       properties:
         bundle_filepath:
-          description: >-
-            The absolute path of the final bundle as used in the web
-            application.
+          description: The absolute path of the final bundle as used in the web application.
           type: string
         service_name:
           description: The name of the service that the service map should apply to.
@@ -44574,11 +43490,9 @@ components:
           description: The version of the service that the service map should apply to.
           type: string
         sourcemap:
-          description: >
+          description: |
             The source map. String or file upload. It must follow the
-
-            [source map revision 3
-            proposal](https://docs.google.com/document/d/1U1RGAehQwRypUTovF1KRlpiOFze0b-_2gc6fAH0KY0k).
+            [source map revision 3 proposal](https://docs.google.com/document/d/1U1RGAehQwRypUTovF1KRlpiOFze0b-_2gc6fAH0KY0k).
           format: binary
           type: string
       required:
@@ -44657,9 +43571,7 @@ components:
         - type
       title: Add case comment request properties for alerts
     Cases_add_case_comment_request:
-      description: >-
-        The add comment to case API request body varies depending on whether you
-        are adding an alert or a comment.
+      description: The add comment to case API request body varies depending on whether you are adding an alert or a comment.
       discriminator:
         mapping:
           alert: '#/components/schemas/Cases_add_alert_comment_request_properties'
@@ -44813,16 +43725,8 @@ components:
       required:
         - type
     Cases_alert_identifiers:
-      description: >
-        The alert identifiers. It is required only when `type` is `alert`. You
-        can use an array of strings to add multiple alerts to a case, provided
-        that they all relate to the same rule; `index` must also be an array
-        with the same length or number of elements. Adding multiple alerts in
-        this manner is recommended rather than calling the API multiple times.
-        This functionality is in technical preview and may be changed or removed
-        in a future release. Elastic will work to fix any issues, but features
-        in technical preview are not subject to the support SLA of official GA
-        features.
+      description: |
+        The alert identifiers. It is required only when `type` is `alert`. You can use an array of strings to add multiple alerts to a case, provided that they all relate to the same rule; `index` must also be an array with the same length or number of elements. Adding multiple alerts in this manner is recommended rather than calling the API multiple times. This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
       example: 6b24c4dc44bc720cfc92797f3d61fff952f2b2627db1fb4f8cc49f4530c4ff42
       oneOf:
         - type: string
@@ -44833,15 +43737,8 @@ components:
       title: Alert identifiers
       x-state: Technical preview
     Cases_alert_indices:
-      description: >
-        The alert indices. It is required only when `type` is `alert`. If you
-        are adding multiple alerts to a case, use an array of strings; the
-        position of each index name in the array must match the position of the
-        corresponding alert identifier in the `alertId` array.  This
-        functionality is in technical preview and may be changed or removed in a
-        future release. Elastic will work to fix any issues, but features in
-        technical preview are not subject to the support SLA of official GA
-        features.
+      description: |
+        The alert indices. It is required only when `type` is `alert`. If you are adding multiple alerts to a case, use an array of strings; the position of each index name in the array must match the position of the corresponding alert identifier in the `alertId` array.  This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
       oneOf:
         - type: string
         - items:
@@ -44868,9 +43765,7 @@ components:
         type: object
         properties:
           uid:
-            description: >-
-              A unique identifier for the user profile. These identifiers can be
-              found by using the suggest user profile API.
+            description: A unique identifier for the user profile. These identifiers can be found by using the suggest user profile API.
             example: u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0
             type: string
         required:
@@ -45000,25 +43895,19 @@ components:
             type: object
             properties:
               key:
-                description: >
-                  The unique identifier for the custom field. The key value must
-                  exist in the case configuration settings.
+                description: |
+                  The unique identifier for the custom field. The key value must exist in the case configuration settings.
                 type: string
               type:
-                description: >
-                  The custom field type. It must match the type specified in the
-                  case configuration settings.
+                description: |
+                  The custom field type. It must match the type specified in the case configuration settings.
                 enum:
                   - text
                   - toggle
                 type: string
               value:
-                description: >
-                  The custom field value. If the custom field is required, it
-                  cannot be explicitly set to null. However, for cases that
-                  existed when the required custom field was added, the default
-                  value stored in Elasticsearch is `undefined`. The value
-                  returned in the API and user interface in this case is `null`.
+                description: |
+                  The custom field value. If the custom field is required, it cannot be explicitly set to null. However, for cases that existed when the required custom field was added, the default value stored in Elasticsearch is `undefined`. The value returned in the API and user interface in this case is `null`.
                 oneOf:
                   - maxLength: 160
                     minLength: 1
@@ -45030,11 +43919,8 @@ components:
           example: A case description.
           type: string
         duration:
-          description: >
-            The elapsed time from the creation of the case to its closure (in
-            seconds). If the case has not been closed, the duration is set to
-            null. If the case was closed after less than half a second, the
-            duration is rounded down to zero.
+          description: |
+            The elapsed time from the creation of the case to its closure (in seconds). If the case has not been closed, the duration is set to null. If the case was closed after less than half a second, the duration is rounded down to zero.
           example: 120
           nullable: true
           type: integer
@@ -45162,9 +44048,8 @@ components:
         - open
       type: string
     Cases_case_tags:
-      description: >
-        The words and phrases that help categorize cases. It can be an empty
-        array.
+      description: |
+        The words and phrases that help categorize cases. It can be an empty array.
       items:
         maxLength: 256
         type: string
@@ -45175,10 +44060,7 @@ components:
       maxLength: 160
       type: string
     Cases_closure_types:
-      description: >-
-        Indicates whether a case is automatically closed when it is pushed to
-        external systems (`close-by-pushing`) or not automatically closed
-        (`close-by-user`).
+      description: Indicates whether a case is automatically closed when it is pushed to external systems (`close-by-pushing`) or not automatically closed (`close-by-user`).
       enum:
         - close-by-pushing
         - close-by-user
@@ -45193,9 +44075,7 @@ components:
           nullable: true
           type: string
         id:
-          description: >-
-            The identifier for the connector. To retrieve connector IDs, use the
-            find connectors API.
+          description: The identifier for the connector. To retrieve connector IDs, use the find connectors API.
           type: string
         name:
           description: The name of the connector.
@@ -45217,9 +44097,7 @@ components:
       type: object
       properties:
         fields:
-          description: >-
-            An object containing the connector fields. If you want to omit any
-            individual field, specify null as its value.
+          description: An object containing the connector fields. If you want to omit any individual field, specify null as its value.
           type: object
           properties:
             issueType:
@@ -45239,9 +44117,7 @@ components:
             - parent
             - priority
         id:
-          description: >-
-            The identifier for the connector. To retrieve connector IDs, use the
-            find connectors API.
+          description: The identifier for the connector. To retrieve connector IDs, use the find connectors API.
           type: string
         name:
           description: The name of the connector.
@@ -45263,30 +44139,20 @@ components:
       type: object
       properties:
         fields:
-          description: >-
-            An object containing the connector fields. To create a case without
-            a connector, specify null. To update a case to remove the connector,
-            specify null.
+          description: An object containing the connector fields. To create a case without a connector, specify null. To update a case to remove the connector, specify null.
           example: null
           nullable: true
           type: string
         id:
-          description: >-
-            The identifier for the connector. To create a case without a
-            connector, use `none`. To update a case to remove the connector,
-            specify `none`.
+          description: The identifier for the connector. To create a case without a connector, use `none`. To update a case to remove the connector, specify `none`.
           example: none
           type: string
         name:
-          description: >-
-            The name of the connector. To create a case without a connector, use
-            `none`. To update a case to remove the connector, specify `none`.
+          description: The name of the connector. To create a case without a connector, use `none`. To update a case to remove the connector, specify `none`.
           example: none
           type: string
         type:
-          description: >-
-            The type of connector. To create a case without a connector, use
-            `.none`. To update a case to remove the connector, specify `.none`.
+          description: The type of connector. To create a case without a connector, use `.none`. To update a case to remove the connector, specify `.none`.
           enum:
             - .none
           example: .none
@@ -45302,9 +44168,7 @@ components:
       type: object
       properties:
         fields:
-          description: >-
-            An object containing the connector fields. If you want to omit any
-            individual field, specify null as its value.
+          description: An object containing the connector fields. If you want to omit any individual field, specify null as its value.
           nullable: true
           type: object
           properties:
@@ -45342,9 +44206,7 @@ components:
       type: object
       properties:
         fields:
-          description: >-
-            An object containing the connector fields. If you want to omit any
-            individual field, specify null as its value.
+          description: An object containing the connector fields. If you want to omit any individual field, specify null as its value.
           type: object
           properties:
             category:
@@ -45374,9 +44236,7 @@ components:
             - subcategory
             - urgency
         id:
-          description: >-
-            The identifier for the connector. To retrieve connector IDs, use the
-            find connectors API.
+          description: The identifier for the connector. To retrieve connector IDs, use the find connectors API.
           type: string
         name:
           description: The name of the connector.
@@ -45398,9 +44258,7 @@ components:
       type: object
       properties:
         fields:
-          description: >-
-            An object containing the connector fields. If you want to omit any
-            individual field, specify null as its value.
+          description: An object containing the connector fields. If you want to omit any individual field, specify null as its value.
           type: object
           properties:
             category:
@@ -45408,21 +44266,15 @@ components:
               nullable: true
               type: string
             destIp:
-              description: >-
-                Indicates whether cases will send a comma-separated list of
-                destination IPs.
+              description: Indicates whether cases will send a comma-separated list of destination IPs.
               nullable: true
               type: boolean
             malwareHash:
-              description: >-
-                Indicates whether cases will send a comma-separated list of
-                malware hashes.
+              description: Indicates whether cases will send a comma-separated list of malware hashes.
               nullable: true
               type: boolean
             malwareUrl:
-              description: >-
-                Indicates whether cases will send a comma-separated list of
-                malware URLs.
+              description: Indicates whether cases will send a comma-separated list of malware URLs.
               nullable: true
               type: boolean
             priority:
@@ -45430,9 +44282,7 @@ components:
               nullable: true
               type: string
             sourceIp:
-              description: >-
-                Indicates whether cases will send a comma-separated list of
-                source IPs.
+              description: Indicates whether cases will send a comma-separated list of source IPs.
               nullable: true
               type: boolean
             subcategory:
@@ -45448,9 +44298,7 @@ components:
             - sourceIp
             - subcategory
         id:
-          description: >-
-            The identifier for the connector. To retrieve connector IDs, use the
-            find connectors API.
+          description: The identifier for the connector. To retrieve connector IDs, use the find connectors API.
           type: string
         name:
           description: The name of the connector.
@@ -45472,9 +44320,7 @@ components:
       type: object
       properties:
         fields:
-          description: >-
-            An object containing the connector fields. If you want to omit any
-            individual field, specify null as its value.
+          description: An object containing the connector fields. If you want to omit any individual field, specify null as its value.
           type: object
           properties:
             caseId:
@@ -45484,9 +44330,7 @@ components:
           required:
             - caseId
         id:
-          description: >-
-            The identifier for the connector. To retrieve connector IDs, use the
-            find connectors API.
+          description: The identifier for the connector. To retrieve connector IDs, use the find connectors API.
           type: string
         name:
           description: The name of the connector.
@@ -45516,9 +44360,7 @@ components:
       example: .none
       type: string
     Cases_create_case_request:
-      description: >-
-        The create case API request body varies depending on the type of
-        connector.
+      description: The create case API request body varies depending on the type of connector.
       properties:
         assignees:
           $ref: '#/components/schemas/Cases_assignees'
@@ -45534,32 +44376,25 @@ components:
             - $ref: '#/components/schemas/Cases_connector_properties_servicenow_sir'
             - $ref: '#/components/schemas/Cases_connector_properties_swimlane'
         customFields:
-          description: >
-            Custom field values for a case. Any optional custom fields that are
-            not specified in the request are set to null.
+          description: |
+            Custom field values for a case. Any optional custom fields that are not specified in the request are set to null.
           items:
             type: object
             properties:
               key:
-                description: >
-                  The unique identifier for the custom field. The key value must
-                  exist in the case configuration settings.
+                description: |
+                  The unique identifier for the custom field. The key value must exist in the case configuration settings.
                 type: string
               type:
-                description: >
-                  The custom field type. It must match the type specified in the
-                  case configuration settings.
+                description: |
+                  The custom field type. It must match the type specified in the case configuration settings.
                 enum:
                   - text
                   - toggle
                 type: string
               value:
-                description: >
-                  The custom field value. If the custom field is required, it
-                  cannot be explicitly set to null. However, for cases that
-                  existed when the required custom field was added, the default
-                  value stored in Elasticsearch is `undefined`. The value
-                  returned in the API and user interface in this case is `null`.
+                description: |
+                  The custom field value. If the custom field is required, it cannot be explicitly set to null. However, for cases that existed when the required custom field was added, the default value stored in Elasticsearch is `undefined`. The value returned in the API and user interface in this case is `null`.
                 oneOf:
                   - maxLength: 160
                     minLength: 1
@@ -45631,9 +44466,8 @@ components:
               nullable: true
               type: string
     Cases_owner:
-      description: >
-        The application that owns the cases: Stack Management, Observability, or
-        Elastic Security.
+      description: |
+        The application that owns the cases: Stack Management, Observability, or Elastic Security.
       enum:
         - cases
         - observability
@@ -45693,10 +44527,7 @@ components:
           type: object
           properties:
             fields:
-              description: >-
-                An object containing the connector fields. To create a case
-                without a connector, specify null. If you want to omit any
-                individual field, specify null as its value.
+              description: An object containing the connector fields. To create a case without a connector, specify null. If you want to omit any individual field, specify null as its value.
               example: null
               nullable: true
               type: object
@@ -45705,20 +44536,14 @@ components:
                   description: The case identifier for Swimlane connectors.
                   type: string
                 category:
-                  description: >-
-                    The category of the incident for ServiceNow ITSM and
-                    ServiceNow SecOps connectors.
+                  description: The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors.
                   type: string
                 destIp:
-                  description: >-
-                    Indicates whether cases will send a comma-separated list of
-                    destination IPs for ServiceNow SecOps connectors.
+                  description: Indicates whether cases will send a comma-separated list of destination IPs for ServiceNow SecOps connectors.
                   nullable: true
                   type: boolean
                 impact:
-                  description: >-
-                    The effect an incident had on business for ServiceNow ITSM
-                    connectors.
+                  description: The effect an incident had on business for ServiceNow ITSM connectors.
                   type: string
                 issueType:
                   description: The type of issue for Jira connectors.
@@ -45729,61 +44554,41 @@ components:
                     type: string
                   type: array
                 malwareHash:
-                  description: >-
-                    Indicates whether cases will send a comma-separated list of
-                    malware hashes for ServiceNow SecOps connectors.
+                  description: Indicates whether cases will send a comma-separated list of malware hashes for ServiceNow SecOps connectors.
                   nullable: true
                   type: boolean
                 malwareUrl:
-                  description: >-
-                    Indicates whether cases will send a comma-separated list of
-                    malware URLs for ServiceNow SecOps connectors.
+                  description: Indicates whether cases will send a comma-separated list of malware URLs for ServiceNow SecOps connectors.
                   nullable: true
                   type: boolean
                 parent:
-                  description: >-
-                    The key of the parent issue, when the issue type is sub-task
-                    for Jira connectors.
+                  description: The key of the parent issue, when the issue type is sub-task for Jira connectors.
                   type: string
                 priority:
-                  description: >-
-                    The priority of the issue for Jira and ServiceNow SecOps
-                    connectors.
+                  description: The priority of the issue for Jira and ServiceNow SecOps connectors.
                   type: string
                 severity:
                   description: The severity of the incident for ServiceNow ITSM connectors.
                   type: string
                 severityCode:
-                  description: >-
-                    The severity code of the incident for IBM Resilient
-                    connectors.
+                  description: The severity code of the incident for IBM Resilient connectors.
                   type: string
                 sourceIp:
-                  description: >-
-                    Indicates whether cases will send a comma-separated list of
-                    source IPs for ServiceNow SecOps connectors.
+                  description: Indicates whether cases will send a comma-separated list of source IPs for ServiceNow SecOps connectors.
                   nullable: true
                   type: boolean
                 subcategory:
-                  description: >-
-                    The subcategory of the incident for ServiceNow ITSM
-                    connectors.
+                  description: The subcategory of the incident for ServiceNow ITSM connectors.
                   type: string
                 urgency:
-                  description: >-
-                    The extent to which the incident resolution can be delayed
-                    for ServiceNow ITSM connectors.
+                  description: The extent to which the incident resolution can be delayed for ServiceNow ITSM connectors.
                   type: string
             id:
-              description: >-
-                The identifier for the connector. To create a case without a
-                connector, use `none`.
+              description: The identifier for the connector. To create a case without a connector, use `none`.
               example: none
               type: string
             name:
-              description: >-
-                The name of the connector. To create a case without a connector,
-                use `none`.
+              description: The name of the connector. To create a case without a connector, use `none`.
               example: none
               type: string
             type:
@@ -45797,10 +44602,7 @@ components:
           type: object
           properties:
             fields:
-              description: >-
-                An object containing the connector fields. To create a case
-                without a connector, specify null. If you want to omit any
-                individual field, specify null as its value.
+              description: An object containing the connector fields. To create a case without a connector, specify null. If you want to omit any individual field, specify null as its value.
               example: null
               nullable: true
               type: object
@@ -45809,20 +44611,14 @@ components:
                   description: The case identifier for Swimlane connectors.
                   type: string
                 category:
-                  description: >-
-                    The category of the incident for ServiceNow ITSM and
-                    ServiceNow SecOps connectors.
+                  description: The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors.
                   type: string
                 destIp:
-                  description: >-
-                    Indicates whether cases will send a comma-separated list of
-                    destination IPs for ServiceNow SecOps connectors.
+                  description: Indicates whether cases will send a comma-separated list of destination IPs for ServiceNow SecOps connectors.
                   nullable: true
                   type: boolean
                 impact:
-                  description: >-
-                    The effect an incident had on business for ServiceNow ITSM
-                    connectors.
+                  description: The effect an incident had on business for ServiceNow ITSM connectors.
                   type: string
                 issueType:
                   description: The type of issue for Jira connectors.
@@ -45833,61 +44629,41 @@ components:
                     type: string
                   type: array
                 malwareHash:
-                  description: >-
-                    Indicates whether cases will send a comma-separated list of
-                    malware hashes for ServiceNow SecOps connectors.
+                  description: Indicates whether cases will send a comma-separated list of malware hashes for ServiceNow SecOps connectors.
                   nullable: true
                   type: boolean
                 malwareUrl:
-                  description: >-
-                    Indicates whether cases will send a comma-separated list of
-                    malware URLs for ServiceNow SecOps connectors.
+                  description: Indicates whether cases will send a comma-separated list of malware URLs for ServiceNow SecOps connectors.
                   nullable: true
                   type: boolean
                 parent:
-                  description: >-
-                    The key of the parent issue, when the issue type is sub-task
-                    for Jira connectors.
+                  description: The key of the parent issue, when the issue type is sub-task for Jira connectors.
                   type: string
                 priority:
-                  description: >-
-                    The priority of the issue for Jira and ServiceNow SecOps
-                    connectors.
+                  description: The priority of the issue for Jira and ServiceNow SecOps connectors.
                   type: string
                 severity:
                   description: The severity of the incident for ServiceNow ITSM connectors.
                   type: string
                 severityCode:
-                  description: >-
-                    The severity code of the incident for IBM Resilient
-                    connectors.
+                  description: The severity code of the incident for IBM Resilient connectors.
                   type: string
                 sourceIp:
-                  description: >-
-                    Indicates whether cases will send a comma-separated list of
-                    source IPs for ServiceNow SecOps connectors.
+                  description: Indicates whether cases will send a comma-separated list of source IPs for ServiceNow SecOps connectors.
                   nullable: true
                   type: boolean
                 subcategory:
-                  description: >-
-                    The subcategory of the incident for ServiceNow ITSM
-                    connectors.
+                  description: The subcategory of the incident for ServiceNow ITSM connectors.
                   type: string
                 urgency:
-                  description: >-
-                    The extent to which the incident resolution can be delayed
-                    for ServiceNow ITSM connectors.
+                  description: The extent to which the incident resolution can be delayed for ServiceNow ITSM connectors.
                   type: string
             id:
-              description: >-
-                The identifier for the connector. To create a case without a
-                connector, use `none`.
+              description: The identifier for the connector. To create a case without a connector, use `none`.
               example: none
               type: string
             name:
-              description: >-
-                The name of the connector. To create a case without a connector,
-                use `none`.
+              description: The name of the connector. To create a case without a connector, use `none`.
               example: none
               type: string
             type:
@@ -45911,9 +44687,7 @@ components:
         title:
           type: string
     Cases_payload_delete:
-      description: >-
-        If the `action` is `delete` and the `type` is `delete_case`, the payload
-        is nullable.
+      description: If the `action` is `delete` and the `type` is `delete_case`, the payload is nullable.
       nullable: true
       type: object
     Cases_payload_description:
@@ -45970,12 +44744,8 @@ components:
                 - user
               type: string
     Cases_rule:
-      description: >
-        The rule that is associated with the alerts. It is required only when
-        `type` is `alert`. This functionality is in technical preview and may be
-        changed or removed in a future release. Elastic will work to fix any
-        issues, but features in technical preview are not subject to the support
-        SLA of official GA features.
+      description: |
+        The rule that is associated with the alerts. It is required only when `type` is `alert`. This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
       title: Alerting rule
       type: object
       properties:
@@ -45999,9 +44769,7 @@ components:
         $ref: '#/components/schemas/Cases_searchFieldsType'
       type: array
     Cases_set_case_configuration_request:
-      description: >-
-        External connection details, such as the closure type and default
-        connector for cases.
+      description: External connection details, such as the closure type and default connector for cases.
       properties:
         closure_type:
           $ref: '#/components/schemas/Cases_closure_types'
@@ -46010,24 +44778,15 @@ components:
           type: object
           properties:
             fields:
-              description: >-
-                The fields specified in the case configuration are not used and
-                are not propagated to individual cases, therefore it is
-                recommended to set it to `null`.
+              description: The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`.
               nullable: true
               type: object
             id:
-              description: >-
-                The identifier for the connector. If you do not want a default
-                connector, use `none`. To retrieve connector IDs, use the find
-                connectors API.
+              description: The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API.
               example: none
               type: string
             name:
-              description: >-
-                The name of the connector. If you do not want a default
-                connector, use `none`. To retrieve connector names, use the find
-                connectors API.
+              description: The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API.
               example: none
               type: string
             type:
@@ -46043,18 +44802,14 @@ components:
             type: object
             properties:
               defaultValue:
-                description: >
-                  A default value for the custom field. If the `type` is `text`,
-                  the default value must be a string. If the `type` is `toggle`,
-                  the default value must be boolean.
+                description: |
+                  A default value for the custom field. If the `type` is `text`, the default value must be a string. If the `type` is `toggle`, the default value must be boolean.
                 oneOf:
                   - type: string
                   - type: boolean
               key:
-                description: >
-                  A unique key for the custom field. Must be lower case and
-                  composed only of a-z, 0-9, '_', and '-' characters. It is used
-                  in API calls to refer to a specific custom field.
+                description: |
+                  A unique key for the custom field. Must be lower case and composed only of a-z, 0-9, '_', and '-' characters. It is used in API calls to refer to a specific custom field.
                 maxLength: 36
                 minLength: 1
                 type: string
@@ -46070,10 +44825,8 @@ components:
                   - toggle
                 type: string
               required:
-                description: >
-                  Indicates whether the field is required. If `false`, the
-                  custom field can be set to null or omitted when a case is
-                  created or updated.
+                description: |
+                  Indicates whether the field is required. If `false`, the custom field can be set to null or omitted when a case is created or updated.
                 type: boolean
             required:
               - key
@@ -46111,9 +44864,8 @@ components:
       maxItems: 100
       type: array
     Cases_template_tags:
-      description: >
-        The words and phrases that help categorize templates. It can be an empty
-        array.
+      description: |
+        The words and phrases that help categorize templates. It can be an empty array.
       items:
         maxLength: 256
         type: string
@@ -46134,24 +44886,15 @@ components:
                 type: object
                 properties:
                   fields:
-                    description: >-
-                      The fields specified in the case configuration are not
-                      used and are not propagated to individual cases, therefore
-                      it is recommended to set it to `null`.
+                    description: The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`.
                     nullable: true
                     type: object
                   id:
-                    description: >-
-                      The identifier for the connector. If you do not want a
-                      default connector, use `none`. To retrieve connector IDs,
-                      use the find connectors API.
+                    description: The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API.
                     example: none
                     type: string
                   name:
-                    description: >-
-                      The name of the connector. If you do not want a default
-                      connector, use `none`. To retrieve connector names, use
-                      the find connectors API.
+                    description: The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API.
                     example: none
                     type: string
                   type:
@@ -46171,11 +44914,8 @@ components:
                         - toggle
                       type: string
                     value:
-                      description: >
-                        The default value for the custom field when a case uses
-                        the template. If the `type` is `text`, the default value
-                        must be a string. If the `type` is `toggle`, the default
-                        value must be boolean.
+                      description: |
+                        The default value for the custom field when a case uses the template. If the `type` is `text`, the default value must be a string. If the `type` is `toggle`, the default value must be boolean.
                       oneOf:
                         - type: string
                         - type: boolean
@@ -46195,10 +44935,8 @@ components:
             description: A description for the template.
             type: string
           key:
-            description: >
-              A unique key for the template. Must be lower case and composed
-              only of a-z, 0-9, '_', and '-' characters. It is used in API calls
-              to refer to a specific template.
+            description: |
+              A unique key for the template. Must be lower case and composed only of a-z, 0-9, '_', and '-' characters. It is used in API calls to refer to a specific template.
             type: string
           name:
             description: The name of the template.
@@ -46214,9 +44952,8 @@ components:
         alertId:
           $ref: '#/components/schemas/Cases_alert_identifiers'
         id:
-          description: >
-            The identifier for the comment. To retrieve comment IDs, use the get
-            comments API.
+          description: |
+            The identifier for the comment. To retrieve comment IDs, use the get comments API.
           example: 8af6ac20-74f6-11ea-b83a-553aecdb28b6
           type: string
         index:
@@ -46232,9 +44969,8 @@ components:
           example: alert
           type: string
         version:
-          description: >
-            The current comment version. To retrieve version values, use the get
-            comments API.
+          description: |
+            The current comment version. To retrieve version values, use the get comments API.
           example: Wzk1LDFd
           type: string
       required:
@@ -46247,9 +44983,7 @@ components:
         - version
       title: Update case comment request properties for alerts
     Cases_update_case_comment_request:
-      description: >-
-        The update case comment API request body varies depending on whether you
-        are updating an alert or a comment.
+      description: The update case comment API request body varies depending on whether you are updating an alert or a comment.
       discriminator:
         mapping:
           alert: '#/components/schemas/Cases_update_alert_comment_request_properties'
@@ -46260,9 +44994,8 @@ components:
         - $ref: '#/components/schemas/Cases_update_user_comment_request_properties'
       title: Update case comment request
     Cases_update_case_configuration_request:
-      description: >
-        You can update settings such as the closure type, custom fields,
-        templates, and the default connector for cases.
+      description: |
+        You can update settings such as the closure type, custom fields, templates, and the default connector for cases.
       properties:
         closure_type:
           $ref: '#/components/schemas/Cases_closure_types'
@@ -46271,24 +45004,15 @@ components:
           type: object
           properties:
             fields:
-              description: >-
-                The fields specified in the case configuration are not used and
-                are not propagated to individual cases, therefore it is
-                recommended to set it to `null`.
+              description: The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`.
               nullable: true
               type: object
             id:
-              description: >-
-                The identifier for the connector. If you do not want a default
-                connector, use `none`. To retrieve connector IDs, use the find
-                connectors API.
+              description: The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API.
               example: none
               type: string
             name:
-              description: >-
-                The name of the connector. If you do not want a default
-                connector, use `none`. To retrieve connector names, use the find
-                connectors API.
+              description: The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API.
               example: none
               type: string
             type:
@@ -46304,18 +45028,14 @@ components:
             type: object
             properties:
               defaultValue:
-                description: >
-                  A default value for the custom field. If the `type` is `text`,
-                  the default value must be a string. If the `type` is `toggle`,
-                  the default value must be boolean.
+                description: |
+                  A default value for the custom field. If the `type` is `text`, the default value must be a string. If the `type` is `toggle`, the default value must be boolean.
                 oneOf:
                   - type: string
                   - type: boolean
               key:
-                description: >
-                  A unique key for the custom field. Must be lower case and
-                  composed only of a-z, 0-9, '_', and '-' characters. It is used
-                  in API calls to refer to a specific custom field.
+                description: |
+                  A unique key for the custom field. Must be lower case and composed only of a-z, 0-9, '_', and '-' characters. It is used in API calls to refer to a specific custom field.
                 maxLength: 36
                 minLength: 1
                 type: string
@@ -46331,10 +45051,8 @@ components:
                   - toggle
                 type: string
               required:
-                description: >
-                  Indicates whether the field is required. If `false`, the
-                  custom field can be set to null or omitted when a case is
-                  created or updated.
+                description: |
+                  Indicates whether the field is required. If `false`, the custom field can be set to null or omitted when a case is created or updated.
                 type: boolean
             required:
               - key
@@ -46345,9 +45063,8 @@ components:
         templates:
           $ref: '#/components/schemas/Cases_templates'
         version:
-          description: >
-            The version of the connector. To retrieve the version value, use the
-            get configuration API.
+          description: |
+            The version of the connector. To retrieve the version value, use the get configuration API.
           example: WzIwMiwxXQ==
           type: string
       required:
@@ -46355,9 +45072,7 @@ components:
       title: Update case configuration request
       type: object
     Cases_update_case_request:
-      description: >-
-        The update case API request body varies depending on the type of
-        connector.
+      description: The update case API request body varies depending on the type of connector.
       properties:
         cases:
           description: An array containing one or more case objects.
@@ -46371,42 +45086,32 @@ components:
               connector:
                 oneOf:
                   - $ref: '#/components/schemas/Cases_connector_properties_none'
-                  - $ref: >-
-                      #/components/schemas/Cases_connector_properties_cases_webhook
+                  - $ref: '#/components/schemas/Cases_connector_properties_cases_webhook'
                   - $ref: '#/components/schemas/Cases_connector_properties_jira'
                   - $ref: '#/components/schemas/Cases_connector_properties_resilient'
                   - $ref: '#/components/schemas/Cases_connector_properties_servicenow'
-                  - $ref: >-
-                      #/components/schemas/Cases_connector_properties_servicenow_sir
+                  - $ref: '#/components/schemas/Cases_connector_properties_servicenow_sir'
                   - $ref: '#/components/schemas/Cases_connector_properties_swimlane'
               customFields:
-                description: >
-                  Custom field values for a case. Any optional custom fields
-                  that are not specified in the request are set to null.
+                description: |
+                  Custom field values for a case. Any optional custom fields that are not specified in the request are set to null.
                 items:
                   type: object
                   properties:
                     key:
-                      description: >
-                        The unique identifier for the custom field. The key
-                        value must exist in the case configuration settings.
+                      description: |
+                        The unique identifier for the custom field. The key value must exist in the case configuration settings.
                       type: string
                     type:
-                      description: >
-                        The custom field type. It must match the type specified
-                        in the case configuration settings.
+                      description: |
+                        The custom field type. It must match the type specified in the case configuration settings.
                       enum:
                         - text
                         - toggle
                       type: string
                     value:
-                      description: >
-                        The custom field value. If the custom field is required,
-                        it cannot be explicitly set to null. However, for cases
-                        that existed when the required custom field was added,
-                        the default value stored in Elasticsearch is
-                        `undefined`. The value returned in the API and user
-                        interface in this case is `null`.
+                      description: |
+                        The custom field value. If the custom field is required, it cannot be explicitly set to null. However, for cases that existed when the required custom field was added, the default value stored in Elasticsearch is `undefined`. The value returned in the API and user interface in this case is `null`.
                       oneOf:
                         - maxLength: 160
                           minLength: 1
@@ -46437,9 +45142,7 @@ components:
               title:
                 $ref: '#/components/schemas/Cases_case_title'
               version:
-                description: >-
-                  The current version of the case. To determine this value, use
-                  the get case or find cases APIs.
+                description: The current version of the case. To determine this value, use the get case or find cases APIs.
                 type: string
             required:
               - id
@@ -46460,9 +45163,8 @@ components:
           maxLength: 30000
           type: string
         id:
-          description: >
-            The identifier for the comment. To retrieve comment IDs, use the get
-            comments API.
+          description: |
+            The identifier for the comment. To retrieve comment IDs, use the get comments API.
           example: 8af6ac20-74f6-11ea-b83a-553aecdb28b6
           type: string
         owner:
@@ -46474,9 +45176,8 @@ components:
           example: user
           type: string
         version:
-          description: >
-            The current comment version. To retrieve version values, use the get
-            comments API.
+          description: |
+            The current comment version. To retrieve version values, use the get comments API.
           example: Wzk1LDFd
           type: string
       required:
@@ -46708,9 +45409,7 @@ components:
           example: Not Found
           type: string
         message:
-          example: >-
-            Saved object [index-pattern/caaad6d0-920c-11ed-b36a-874bd1548a00]
-            not found
+          example: Saved object [index-pattern/caaad6d0-920c-11ed-b36a-874bd1548a00] not found
           type: string
         statusCode:
           enum:
@@ -46765,9 +45464,7 @@ components:
             - title
         override:
           default: false
-          description: >-
-            Override an existing data view if a data view with the provided
-            title already exists.
+          description: Override an existing data view if a data view with the provided title already exists.
           type: boolean
       required:
         - data_view
@@ -46829,9 +45526,7 @@ components:
       description: A map of field formats by field name.
       type: object
     Data_views_namespaces:
-      description: >-
-        An array of space identifiers for sharing the data view between multiple
-        spaces.
+      description: An array of space identifiers for sharing the data view between multiple spaces.
       items:
         default: default
         type: string
@@ -46883,9 +45578,8 @@ components:
           description: The saved object reference to change.
           type: string
         fromType:
-          description: >
-            Specify the type of the saved object reference to alter. The default
-            value is `index-pattern` for data views.
+          description: |
+            Specify the type of the saved object reference to alter. The default value is `index-pattern` for data views.
           type: string
         toId:
           description: New saved object reference value to replace the old value.
@@ -46897,17 +45591,13 @@ components:
       description: The timestamp field name, which you use for time-based data views.
       type: string
     Data_views_title:
-      description: >-
-        Comma-separated list of data streams, indices, and aliases that you want
-        to search. Supports wildcards (`*`).
+      description: Comma-separated list of data streams, indices, and aliases that you want to search. Supports wildcards (`*`).
       type: string
     Data_views_type:
       description: When set to `rollup`, identifies the rollup data views.
       type: string
     Data_views_typemeta:
-      description: >-
-        When you use rollup indices, contains the field list for the rollup data
-        view API endpoints.
+      description: When you use rollup indices, contains the field list for the rollup data view API endpoints.
       type: object
       properties:
         aggs:
@@ -46920,9 +45610,7 @@ components:
         - aggs
         - params
     Data_views_typemeta_response:
-      description: >-
-        When you use rollup indices, contains the field list for the rollup data
-        view API endpoints.
+      description: When you use rollup indices, contains the field list for the rollup data view API endpoints.
       nullable: true
       type: object
       properties:
@@ -46937,10 +45625,8 @@ components:
       type: object
       properties:
         data_view:
-          description: >
-            The data view properties you want to update. Only the specified
-            properties are updated in the data view. Unspecified fields stay as
-            they are persisted.
+          description: |
+            The data view properties you want to update. Only the specified properties are updated in the data view. Unspecified fields stay as they are persisted.
           type: object
           properties:
             allowNoIndex:
@@ -47000,10 +45686,7 @@ components:
         - status
     Kibana_HTTP_APIs_core_status_response:
       additionalProperties: false
-      description: >-
-        Kibana's operational status as well as a detailed breakdown of plugin
-        statuses indication of various loads (like event loop utilization and
-        network traffic) at time of request.
+      description: Kibana's operational status as well as a detailed breakdown of plugin statuses indication of various loads (like event loop utilization and network traffic) at time of request.
       type: object
       properties:
         metrics:
@@ -47062,9 +45745,7 @@ components:
                       description: A URL to further documentation regarding this service.
                       type: string
                     level:
-                      description: >-
-                        Service status levels as human and machine readable
-                        values.
+                      description: Service status levels as human and machine readable values.
                       enum:
                         - available
                         - degraded
@@ -47073,9 +45754,7 @@ components:
                       type: string
                     meta:
                       additionalProperties: {}
-                      description: >-
-                        An unstructured set of extra metadata about this
-                        service.
+                      description: An unstructured set of extra metadata about this service.
                       type: object
                     summary:
                       description: A human readable summary of the service status.
@@ -47095,9 +45774,7 @@ components:
                       description: A URL to further documentation regarding this service.
                       type: string
                     level:
-                      description: >-
-                        Service status levels as human and machine readable
-                        values.
+                      description: Service status levels as human and machine readable values.
                       enum:
                         - available
                         - degraded
@@ -47106,9 +45783,7 @@ components:
                       type: string
                     meta:
                       additionalProperties: {}
-                      description: >-
-                        An unstructured set of extra metadata about this
-                        service.
+                      description: An unstructured set of extra metadata about this service.
                       type: object
                     summary:
                       description: A human readable summary of the service status.
@@ -47161,9 +45836,7 @@ components:
                     description: A URL to further documentation regarding this service.
                     type: string
                   level:
-                    description: >-
-                      Service status levels as human and machine readable
-                      values.
+                    description: Service status levels as human and machine readable values.
                     enum:
                       - available
                       - degraded
@@ -47188,9 +45861,7 @@ components:
             - core
             - plugins
         uuid:
-          description: >-
-            Unique, generated Kibana instance UUID. This UUID should persist
-            even if the Kibana process restarts.
+          description: Unique, generated Kibana instance UUID. This UUID should persist even if the Kibana process restarts.
           type: string
         version:
           additionalProperties: false
@@ -47200,24 +45871,16 @@ components:
               description: The date and time of this build.
               type: string
             build_flavor:
-              description: >-
-                The build flavour determines configuration and behavior of
-                Kibana. On premise users will almost always run the
-                "traditional" flavour, while other flavours are reserved for
-                Elastic-specific use cases.
+              description: The build flavour determines configuration and behavior of Kibana. On premise users will almost always run the "traditional" flavour, while other flavours are reserved for Elastic-specific use cases.
               enum:
                 - serverless
                 - traditional
               type: string
             build_hash:
-              description: >-
-                A unique hash value representing the git commit of this Kibana
-                build.
+              description: A unique hash value representing the git commit of this Kibana build.
               type: string
             build_number:
-              description: >-
-                A monotonically increasing number, each subsequent build will
-                have a higher number.
+              description: A monotonically increasing number, each subsequent build will have a higher number.
               type: number
             build_snapshot:
               description: Whether this build is a snapshot build.
@@ -47243,25 +45906,17 @@ components:
         datafeedsAdded:
           additionalProperties:
             $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseDatafeeds'
-          description: >-
-            If a saved object for an anomaly detection job is missing a datafeed
-            identifier, it is added when you run the sync machine learning saved
-            objects API.
+          description: If a saved object for an anomaly detection job is missing a datafeed identifier, it is added when you run the sync machine learning saved objects API.
           type: object
         datafeedsRemoved:
           additionalProperties:
             $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseDatafeeds'
-          description: >-
-            If a saved object for an anomaly detection job references a datafeed
-            that no longer exists, it is deleted when you run the sync machine
-            learning saved objects API.
+          description: If a saved object for an anomaly detection job references a datafeed that no longer exists, it is deleted when you run the sync machine learning saved objects API.
           type: object
         savedObjectsCreated:
-          $ref: >-
-            #/components/schemas/Machine_learning_APIs_mlSyncResponseSavedObjectsCreated
+          $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSavedObjectsCreated'
         savedObjectsDeleted:
-          $ref: >-
-            #/components/schemas/Machine_learning_APIs_mlSyncResponseSavedObjectsDeleted
+          $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSavedObjectsDeleted'
       title: Successful sync API response
       type: object
     Machine_learning_APIs_mlSync4xxResponse:
@@ -47277,97 +45932,63 @@ components:
       title: Unsuccessful sync API response
       type: object
     Machine_learning_APIs_mlSyncResponseAnomalyDetectors:
-      description: >-
-        The sync machine learning saved objects API response contains this
-        object when there are anomaly detection jobs affected by the
-        synchronization. There is an object for each relevant job, which
-        contains the synchronization status.
+      description: The sync machine learning saved objects API response contains this object when there are anomaly detection jobs affected by the synchronization. There is an object for each relevant job, which contains the synchronization status.
       properties:
         success:
           $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSuccess'
       title: Sync API response for anomaly detection jobs
       type: object
     Machine_learning_APIs_mlSyncResponseDatafeeds:
-      description: >-
-        The sync machine learning saved objects API response contains this
-        object when there are datafeeds affected by the synchronization. There
-        is an object for each relevant datafeed, which contains the
-        synchronization status.
+      description: The sync machine learning saved objects API response contains this object when there are datafeeds affected by the synchronization. There is an object for each relevant datafeed, which contains the synchronization status.
       properties:
         success:
           $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSuccess'
       title: Sync API response for datafeeds
       type: object
     Machine_learning_APIs_mlSyncResponseDataFrameAnalytics:
-      description: >-
-        The sync machine learning saved objects API response contains this
-        object when there are data frame analytics jobs affected by the
-        synchronization. There is an object for each relevant job, which
-        contains the synchronization status.
+      description: The sync machine learning saved objects API response contains this object when there are data frame analytics jobs affected by the synchronization. There is an object for each relevant job, which contains the synchronization status.
       properties:
         success:
           $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSuccess'
       title: Sync API response for data frame analytics jobs
       type: object
     Machine_learning_APIs_mlSyncResponseSavedObjectsCreated:
-      description: >-
-        If saved objects are missing for machine learning jobs or trained
-        models, they are created when you run the sync machine learning saved
-        objects API.
+      description: If saved objects are missing for machine learning jobs or trained models, they are created when you run the sync machine learning saved objects API.
       properties:
         anomaly-detector:
           additionalProperties:
-            $ref: >-
-              #/components/schemas/Machine_learning_APIs_mlSyncResponseAnomalyDetectors
-          description: >-
-            If saved objects are missing for anomaly detection jobs, they are
-            created.
+            $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseAnomalyDetectors'
+          description: If saved objects are missing for anomaly detection jobs, they are created.
           type: object
         data-frame-analytics:
           additionalProperties:
-            $ref: >-
-              #/components/schemas/Machine_learning_APIs_mlSyncResponseDataFrameAnalytics
-          description: >-
-            If saved objects are missing for data frame analytics jobs, they are
-            created.
+            $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseDataFrameAnalytics'
+          description: If saved objects are missing for data frame analytics jobs, they are created.
           type: object
         trained-model:
           additionalProperties:
-            $ref: >-
-              #/components/schemas/Machine_learning_APIs_mlSyncResponseTrainedModels
+            $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseTrainedModels'
           description: If saved objects are missing for trained models, they are created.
           type: object
       title: Sync API response for created saved objects
       type: object
     Machine_learning_APIs_mlSyncResponseSavedObjectsDeleted:
-      description: >-
-        If saved objects exist for machine learning jobs or trained models that
-        no longer exist, they are deleted when you run the sync machine learning
-        saved objects API.
+      description: If saved objects exist for machine learning jobs or trained models that no longer exist, they are deleted when you run the sync machine learning saved objects API.
       properties:
         anomaly-detector:
           additionalProperties:
-            $ref: >-
-              #/components/schemas/Machine_learning_APIs_mlSyncResponseAnomalyDetectors
-          description: >-
-            If there are saved objects exist for nonexistent anomaly detection
-            jobs, they are deleted.
+            $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseAnomalyDetectors'
+          description: If there are saved objects exist for nonexistent anomaly detection jobs, they are deleted.
           type: object
         data-frame-analytics:
           additionalProperties:
-            $ref: >-
-              #/components/schemas/Machine_learning_APIs_mlSyncResponseDataFrameAnalytics
-          description: >-
-            If there are saved objects exist for nonexistent data frame
-            analytics jobs, they are deleted.
+            $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseDataFrameAnalytics'
+          description: If there are saved objects exist for nonexistent data frame analytics jobs, they are deleted.
           type: object
         trained-model:
           additionalProperties:
-            $ref: >-
-              #/components/schemas/Machine_learning_APIs_mlSyncResponseTrainedModels
-          description: >-
-            If there are saved objects exist for nonexistent trained models,
-            they are deleted.
+            $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseTrainedModels'
+          description: If there are saved objects exist for nonexistent trained models, they are deleted.
           type: object
       title: Sync API response for deleted saved objects
       type: object
@@ -47375,11 +45996,7 @@ components:
       description: The success or failure of the synchronization.
       type: boolean
     Machine_learning_APIs_mlSyncResponseTrainedModels:
-      description: >-
-        The sync machine learning saved objects API response contains this
-        object when there are trained models affected by the synchronization.
-        There is an object for each relevant trained model, which contains the
-        synchronization status.
+      description: The sync machine learning saved objects API response contains this object when there are trained models affected by the synchronization. There is an object for each relevant trained model, which contains the synchronization status.
       properties:
         success:
           $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSuccess'
@@ -47404,32 +46021,16 @@ components:
         - message
         - statusCode
     Saved_objects_attributes:
-      description: >
-        The data that you want to create. WARNING: When you create saved
-        objects, attributes are not validated, which allows you to pass
-        arbitrary and ill-formed data into the API that can break Kibana. Make
-        sure any data that you send to the API is properly formed.
+      description: |
+        The data that you want to create. WARNING: When you create saved objects, attributes are not validated, which allows you to pass arbitrary and ill-formed data into the API that can break Kibana. Make sure any data that you send to the API is properly formed.
       type: object
     Saved_objects_initial_namespaces:
-      description: >
-        Identifiers for the spaces in which this object is created. If this is
-        provided, the object is created only in the explicitly defined spaces.
-        If this is not provided, the object is created in the current space
-        (default behavior). For shareable object types (registered with
-        `namespaceType: 'multiple'`), this option can be used to specify one or
-        more spaces, including the "All spaces" identifier ('*'). For isolated
-        object types (registered with `namespaceType: 'single'` or
-        `namespaceType: 'multiple-isolated'`), this option can only be used to
-        specify a single space, and the "All spaces" identifier ('*') is not
-        allowed. For global object types (`registered with `namespaceType:
-        agnostic`), this option cannot be used.
+      description: |
+        Identifiers for the spaces in which this object is created. If this is provided, the object is created only in the explicitly defined spaces. If this is not provided, the object is created in the current space (default behavior). For shareable object types (registered with `namespaceType: 'multiple'`), this option can be used to specify one or more spaces, including the "All spaces" identifier ('*'). For isolated object types (registered with `namespaceType: 'single'` or `namespaceType: 'multiple-isolated'`), this option can only be used to specify a single space, and the "All spaces" identifier ('*') is not allowed. For global object types (`registered with `namespaceType: agnostic`), this option cannot be used.
       type: array
     Saved_objects_references:
-      description: >
-        Objects with `name`, `id`, and `type` properties that describe the other
-        saved objects that this object references. Use `name` in attributes to
-        refer to the other saved object, but never the `id`, which can update
-        automatically during migrations or import and export.
+      description: |
+        Objects with `name`, `id`, and `type` properties that describe the other saved objects that this object references. Use `name` in attributes to refer to the other saved object, but never the `id`, which can update automatically during migrations or import and export.
       type: array
     Security_AI_Assistant_API_AnonymizationFieldCreateProps:
       type: object
@@ -47490,8 +46091,7 @@ components:
         name:
           type: string
         skip_reason:
-          $ref: >-
-            #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldsBulkActionSkipReason
+          $ref: '#/components/schemas/Security_AI_Assistant_API_AnonymizationFieldsBulkActionSkipReason'
       required:
         - id
         - skip_reason
@@ -47505,15 +46105,12 @@ components:
           properties:
             errors:
               items:
-                $ref: >-
-                  #/components/schemas/Security_AI_Assistant_API_NormalizedAnonymizationFieldError
+                $ref: '#/components/schemas/Security_AI_Assistant_API_NormalizedAnonymizationFieldError'
               type: array
             results:
-              $ref: >-
-                #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldsBulkCrudActionResults
+              $ref: '#/components/schemas/Security_AI_Assistant_API_AnonymizationFieldsBulkCrudActionResults'
             summary:
-              $ref: >-
-                #/components/schemas/Security_AI_Assistant_API_BulkCrudActionSummary
+              $ref: '#/components/schemas/Security_AI_Assistant_API_BulkCrudActionSummary'
           required:
             - results
             - summary
@@ -47530,8 +46127,7 @@ components:
       properties:
         created:
           items:
-            $ref: >-
-              #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldResponse
+            $ref: '#/components/schemas/Security_AI_Assistant_API_AnonymizationFieldResponse'
           type: array
         deleted:
           items:
@@ -47539,13 +46135,11 @@ components:
           type: array
         skipped:
           items:
-            $ref: >-
-              #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldsBulkActionSkipResult
+            $ref: '#/components/schemas/Security_AI_Assistant_API_AnonymizationFieldsBulkActionSkipResult'
           type: array
         updated:
           items:
-            $ref: >-
-              #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldResponse
+            $ref: '#/components/schemas/Security_AI_Assistant_API_AnonymizationFieldResponse'
           type: array
       required:
         - updated
@@ -47753,11 +46347,8 @@ components:
       type: object
       properties:
         confidence:
-          $ref: >-
-            #/components/schemas/Security_AI_Assistant_API_ConversationConfidence
-          description: >-
-            How confident you are about this being a correct and useful
-            learning.
+          $ref: '#/components/schemas/Security_AI_Assistant_API_ConversationConfidence'
+          description: How confident you are about this being a correct and useful learning.
         content:
           description: Summary text of the conversation over time.
           type: string
@@ -47863,8 +46454,7 @@ components:
       properties:
         anonymization_fields:
           items:
-            $ref: >-
-              #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldDetailsInError
+            $ref: '#/components/schemas/Security_AI_Assistant_API_AnonymizationFieldDetailsInError'
           type: array
         err_code:
           type: string
@@ -47885,8 +46475,7 @@ components:
           type: string
         prompts:
           items:
-            $ref: >-
-              #/components/schemas/Security_AI_Assistant_API_PromptDetailsInError
+            $ref: '#/components/schemas/Security_AI_Assistant_API_PromptDetailsInError'
           type: array
         status_code:
           type: integer
@@ -47985,8 +46574,7 @@ components:
         name:
           type: string
         skip_reason:
-          $ref: >-
-            #/components/schemas/Security_AI_Assistant_API_PromptsBulkActionSkipReason
+          $ref: '#/components/schemas/Security_AI_Assistant_API_PromptsBulkActionSkipReason'
       required:
         - id
         - skip_reason
@@ -47998,15 +46586,12 @@ components:
           properties:
             errors:
               items:
-                $ref: >-
-                  #/components/schemas/Security_AI_Assistant_API_NormalizedPromptError
+                $ref: '#/components/schemas/Security_AI_Assistant_API_NormalizedPromptError'
               type: array
             results:
-              $ref: >-
-                #/components/schemas/Security_AI_Assistant_API_PromptsBulkCrudActionResults
+              $ref: '#/components/schemas/Security_AI_Assistant_API_PromptsBulkCrudActionResults'
             summary:
-              $ref: >-
-                #/components/schemas/Security_AI_Assistant_API_BulkCrudActionSummary
+              $ref: '#/components/schemas/Security_AI_Assistant_API_BulkCrudActionSummary'
           required:
             - results
             - summary
@@ -48033,8 +46618,7 @@ components:
           type: array
         skipped:
           items:
-            $ref: >-
-              #/components/schemas/Security_AI_Assistant_API_PromptsBulkActionSkipResult
+            $ref: '#/components/schemas/Security_AI_Assistant_API_PromptsBulkActionSkipResult'
           type: array
         updated:
           items:
@@ -48188,8 +46772,7 @@ components:
       oneOf:
         - $ref: '#/components/schemas/Security_Detections_API_AlertsSortCombinations'
         - items:
-            $ref: >-
-              #/components/schemas/Security_Detections_API_AlertsSortCombinations
+            $ref: '#/components/schemas/Security_Detections_API_AlertsSortCombinations'
           type: array
     Security_Detections_API_AlertsSortCombinations:
       anyOf:
@@ -48207,30 +46790,30 @@ components:
       type: object
       properties:
         duration:
-          $ref: >-
-            #/components/schemas/Security_Detections_API_AlertSuppressionDuration
+          $ref: '#/components/schemas/Security_Detections_API_AlertSuppressionDuration'
         group_by:
           $ref: '#/components/schemas/Security_Detections_API_AlertSuppressionGroupBy'
         missing_fields_strategy:
-          $ref: >-
-            #/components/schemas/Security_Detections_API_AlertSuppressionMissingFieldsStrategy
+          $ref: '#/components/schemas/Security_Detections_API_AlertSuppressionMissingFieldsStrategy'
       required:
         - group_by
     Security_Detections_API_AlertSuppressionDuration:
       type: object
       properties:
         unit:
-          enum:
-            - s
-            - m
-            - h
-          type: string
+          $ref: '#/components/schemas/Security_Detections_API_AlertSuppressionDurationUnit'
         value:
           minimum: 1
           type: integer
       required:
         - value
         - unit
+    Security_Detections_API_AlertSuppressionDurationUnit:
+      enum:
+        - s
+        - m
+        - h
+      type: string
     Security_Detections_API_AlertSuppressionGroupBy:
       items:
         type: string
@@ -48238,12 +46821,9 @@ components:
       minItems: 1
       type: array
     Security_Detections_API_AlertSuppressionMissingFieldsStrategy:
-      description: >-
-        Describes how alerts will be generated for documents with missing
-        suppress by fields:
-
+      description: |-
+        Describes how alerts will be generated for documents with missing suppress by fields:
         doNotSuppress - per each document a separate alert will be created
-
         suppress - only alert will be created per suppress by bucket
       enum:
         - doNotSuppress
@@ -48270,26 +46850,16 @@ components:
       minimum: 0
       type: integer
     Security_Detections_API_BuildingBlockType:
-      description: >-
-        Determines if the rule acts as a building block. By default,
-        building-block alerts are not displayed in the UI. These rules are used
-        as a foundation for other rules that do generate alerts. Its value must
-        be default.
+      description: Determines if the rule acts as a building block. By default, building-block alerts are not displayed in the UI. These rules are used as a foundation for other rules that do generate alerts. Its value must be default.
       type: string
     Security_Detections_API_BulkActionEditPayload:
       anyOf:
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_BulkActionEditPayloadTags
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_BulkActionEditPayloadIndexPatterns
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_BulkActionEditPayloadInvestigationFields
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_BulkActionEditPayloadTimeline
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_BulkActionEditPayloadRuleActions
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_BulkActionEditPayloadSchedule
+        - $ref: '#/components/schemas/Security_Detections_API_BulkActionEditPayloadTags'
+        - $ref: '#/components/schemas/Security_Detections_API_BulkActionEditPayloadIndexPatterns'
+        - $ref: '#/components/schemas/Security_Detections_API_BulkActionEditPayloadInvestigationFields'
+        - $ref: '#/components/schemas/Security_Detections_API_BulkActionEditPayloadTimeline'
+        - $ref: '#/components/schemas/Security_Detections_API_BulkActionEditPayloadRuleActions'
+        - $ref: '#/components/schemas/Security_Detections_API_BulkActionEditPayloadSchedule'
     Security_Detections_API_BulkActionEditPayloadIndexPatterns:
       type: object
       properties:
@@ -48333,12 +46903,10 @@ components:
           properties:
             actions:
               items:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_NormalizedRuleAction
+                $ref: '#/components/schemas/Security_Detections_API_NormalizedRuleAction'
               type: array
             throttle:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_ThrottleForBulkActions
+              $ref: '#/components/schemas/Security_Detections_API_ThrottleForBulkActions'
           required:
             - actions
       required:
@@ -48355,9 +46923,7 @@ components:
           type: object
           properties:
             interval:
-              description: >-
-                Interval in which the rule runs. For example, `"1h"` means the
-                rule runs every hour.
+              description: Interval in which the rule runs. For example, `"1h"` means the rule runs every hour.
               example: 1h
               pattern: ^[1-9]\d*[smh]$
               type: string
@@ -48399,8 +46965,7 @@ components:
             timeline_id:
               $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId'
             timeline_title:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimelineTemplateTitle
+              $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle'
           required:
             - timeline_id
             - timeline_title
@@ -48508,15 +47073,12 @@ components:
           properties:
             errors:
               items:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_NormalizedRuleError
+                $ref: '#/components/schemas/Security_Detections_API_NormalizedRuleError'
               type: array
             results:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_BulkEditActionResults
+              $ref: '#/components/schemas/Security_Detections_API_BulkEditActionResults'
             summary:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_BulkEditActionSummary
+              $ref: '#/components/schemas/Security_Detections_API_BulkEditActionSummary'
           required:
             - results
             - summary
@@ -48758,11 +47320,9 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleAction'
               type: array
             alias_purpose:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose'
             alias_target_id:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId'
             author:
               $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray'
             building_block_type:
@@ -48776,8 +47336,7 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList'
               type: array
             false_positives:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RuleFalsePositiveArray
+              $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray'
             from:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom'
             interval:
@@ -48793,24 +47352,20 @@ components:
             name:
               $ref: '#/components/schemas/Security_Detections_API_RuleName'
             namespace:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_AlertsIndexNamespace
+              $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace'
             note:
               $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide'
             outcome:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome'
             output_index:
               $ref: '#/components/schemas/Security_Detections_API_AlertsIndex'
             references:
               $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray'
             related_integrations:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RelatedIntegrationArray
+              $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray'
             required_fields:
               items:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_RequiredFieldInput
+                $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput'
               type: array
             response_actions:
               items:
@@ -48837,13 +47392,11 @@ components:
             timeline_id:
               $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId'
             timeline_title:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimelineTemplateTitle
+              $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle'
             timestamp_override:
               $ref: '#/components/schemas/Security_Detections_API_TimestampOverride'
             timestamp_override_fallback_disabled:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled
+              $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled'
             to:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo'
             version:
@@ -48886,11 +47439,9 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleAction'
               type: array
             alias_purpose:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose'
             alias_target_id:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId'
             author:
               $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray'
             building_block_type:
@@ -48904,8 +47455,7 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList'
               type: array
             false_positives:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RuleFalsePositiveArray
+              $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray'
             from:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom'
             interval:
@@ -48921,24 +47471,20 @@ components:
             name:
               $ref: '#/components/schemas/Security_Detections_API_RuleName'
             namespace:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_AlertsIndexNamespace
+              $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace'
             note:
               $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide'
             outcome:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome'
             output_index:
               $ref: '#/components/schemas/Security_Detections_API_AlertsIndex'
             references:
               $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray'
             related_integrations:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RelatedIntegrationArray
+              $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray'
             required_fields:
               items:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_RequiredFieldInput
+                $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput'
               type: array
             response_actions:
               items:
@@ -48967,13 +47513,11 @@ components:
             timeline_id:
               $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId'
             timeline_title:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimelineTemplateTitle
+              $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle'
             timestamp_override:
               $ref: '#/components/schemas/Security_Detections_API_TimestampOverride'
             timestamp_override_fallback_disabled:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled
+              $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled'
             to:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo'
             version:
@@ -49009,11 +47553,9 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleAction'
               type: array
             alias_purpose:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose'
             alias_target_id:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId'
             author:
               $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray'
             building_block_type:
@@ -49027,8 +47569,7 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList'
               type: array
             false_positives:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RuleFalsePositiveArray
+              $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray'
             from:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom'
             id:
@@ -49046,24 +47587,20 @@ components:
             name:
               $ref: '#/components/schemas/Security_Detections_API_RuleName'
             namespace:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_AlertsIndexNamespace
+              $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace'
             note:
               $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide'
             outcome:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome'
             output_index:
               $ref: '#/components/schemas/Security_Detections_API_AlertsIndex'
             references:
               $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray'
             related_integrations:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RelatedIntegrationArray
+              $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray'
             required_fields:
               items:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_RequiredFieldInput
+                $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput'
               type: array
             response_actions:
               items:
@@ -49092,13 +47629,11 @@ components:
             timeline_id:
               $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId'
             timeline_title:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimelineTemplateTitle
+              $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle'
             timestamp_override:
               $ref: '#/components/schemas/Security_Detections_API_TimestampOverride'
             timestamp_override_fallback_disabled:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled
+              $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled'
             to:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo'
             version:
@@ -49117,11 +47652,9 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleAction'
               type: array
             alias_purpose:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose'
             alias_target_id:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId'
             author:
               $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray'
             building_block_type:
@@ -49135,8 +47668,7 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList'
               type: array
             false_positives:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RuleFalsePositiveArray
+              $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray'
             from:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom'
             id:
@@ -49154,24 +47686,20 @@ components:
             name:
               $ref: '#/components/schemas/Security_Detections_API_RuleName'
             namespace:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_AlertsIndexNamespace
+              $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace'
             note:
               $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide'
             outcome:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome'
             output_index:
               $ref: '#/components/schemas/Security_Detections_API_AlertsIndex'
             references:
               $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray'
             related_integrations:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RelatedIntegrationArray
+              $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray'
             required_fields:
               items:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_RequiredFieldInput
+                $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput'
               type: array
             response_actions:
               items:
@@ -49200,13 +47728,11 @@ components:
             timeline_id:
               $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId'
             timeline_title:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimelineTemplateTitle
+              $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle'
             timestamp_override:
               $ref: '#/components/schemas/Security_Detections_API_TimestampOverride'
             timestamp_override_fallback_disabled:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled
+              $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled'
             to:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo'
             version:
@@ -49257,11 +47783,9 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleAction'
               type: array
             alias_purpose:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose'
             alias_target_id:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId'
             author:
               $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray'
             building_block_type:
@@ -49275,8 +47799,7 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList'
               type: array
             false_positives:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RuleFalsePositiveArray
+              $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray'
             from:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom'
             interval:
@@ -49292,24 +47815,20 @@ components:
             name:
               $ref: '#/components/schemas/Security_Detections_API_RuleName'
             namespace:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_AlertsIndexNamespace
+              $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace'
             note:
               $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide'
             outcome:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome'
             output_index:
               $ref: '#/components/schemas/Security_Detections_API_AlertsIndex'
             references:
               $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray'
             related_integrations:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RelatedIntegrationArray
+              $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray'
             required_fields:
               items:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_RequiredFieldInput
+                $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput'
               type: array
             response_actions:
               items:
@@ -49336,13 +47855,11 @@ components:
             timeline_id:
               $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId'
             timeline_title:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimelineTemplateTitle
+              $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle'
             timestamp_override:
               $ref: '#/components/schemas/Security_Detections_API_TimestampOverride'
             timestamp_override_fallback_disabled:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled
+              $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled'
             to:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo'
             version:
@@ -49385,11 +47902,9 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleAction'
               type: array
             alias_purpose:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose'
             alias_target_id:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId'
             author:
               $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray'
             building_block_type:
@@ -49403,8 +47918,7 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList'
               type: array
             false_positives:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RuleFalsePositiveArray
+              $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray'
             from:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom'
             interval:
@@ -49420,24 +47934,20 @@ components:
             name:
               $ref: '#/components/schemas/Security_Detections_API_RuleName'
             namespace:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_AlertsIndexNamespace
+              $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace'
             note:
               $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide'
             outcome:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome'
             output_index:
               $ref: '#/components/schemas/Security_Detections_API_AlertsIndex'
             references:
               $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray'
             related_integrations:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RelatedIntegrationArray
+              $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray'
             required_fields:
               items:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_RequiredFieldInput
+                $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput'
               type: array
             response_actions:
               items:
@@ -49466,13 +47976,11 @@ components:
             timeline_id:
               $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId'
             timeline_title:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimelineTemplateTitle
+              $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle'
             timestamp_override:
               $ref: '#/components/schemas/Security_Detections_API_TimestampOverride'
             timestamp_override_fallback_disabled:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled
+              $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled'
             to:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo'
             version:
@@ -49497,11 +48005,9 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleAction'
               type: array
             alias_purpose:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose'
             alias_target_id:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId'
             author:
               $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray'
             building_block_type:
@@ -49515,8 +48021,7 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList'
               type: array
             false_positives:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RuleFalsePositiveArray
+              $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray'
             from:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom'
             id:
@@ -49536,13 +48041,11 @@ components:
             name:
               $ref: '#/components/schemas/Security_Detections_API_RuleName'
             namespace:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_AlertsIndexNamespace
+              $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace'
             note:
               $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide'
             outcome:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome'
             output_index:
               $ref: '#/components/schemas/Security_Detections_API_AlertsIndex'
             query:
@@ -49551,12 +48054,10 @@ components:
             references:
               $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray'
             related_integrations:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RelatedIntegrationArray
+              $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray'
             required_fields:
               items:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_RequiredFieldInput
+                $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput'
               type: array
             response_actions:
               items:
@@ -49585,13 +48086,11 @@ components:
             timeline_id:
               $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId'
             timeline_title:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimelineTemplateTitle
+              $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle'
             timestamp_override:
               $ref: '#/components/schemas/Security_Detections_API_TimestampOverride'
             timestamp_override_fallback_disabled:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled
+              $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled'
             to:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo'
             type:
@@ -49632,11 +48131,9 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleAction'
               type: array
             alias_purpose:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose'
             alias_target_id:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId'
             author:
               $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray'
             building_block_type:
@@ -49650,8 +48147,7 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList'
               type: array
             false_positives:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RuleFalsePositiveArray
+              $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray'
             from:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom'
             id:
@@ -49669,24 +48165,20 @@ components:
             name:
               $ref: '#/components/schemas/Security_Detections_API_RuleName'
             namespace:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_AlertsIndexNamespace
+              $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace'
             note:
               $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide'
             outcome:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome'
             output_index:
               $ref: '#/components/schemas/Security_Detections_API_AlertsIndex'
             references:
               $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray'
             related_integrations:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RelatedIntegrationArray
+              $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray'
             required_fields:
               items:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_RequiredFieldInput
+                $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput'
               type: array
             response_actions:
               items:
@@ -49715,13 +48207,11 @@ components:
             timeline_id:
               $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId'
             timeline_title:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimelineTemplateTitle
+              $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle'
             timestamp_override:
               $ref: '#/components/schemas/Security_Detections_API_TimestampOverride'
             timestamp_override_fallback_disabled:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled
+              $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled'
             to:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo'
             version:
@@ -49746,14 +48236,11 @@ components:
         - endpoint_blocklists
       type: string
     Security_Detections_API_ExternalRuleSource:
-      description: >-
-        Type of rule source for externally sourced rules, i.e. rules that have
-        an external source, such as the Elastic Prebuilt rules repo.
+      description: Type of rule source for externally sourced rules, i.e. rules that have an external source, such as the Elastic Prebuilt rules repo.
       type: object
       properties:
         is_customized:
-          $ref: >-
-            #/components/schemas/Security_Detections_API_IsExternalRuleCustomized
+          $ref: '#/components/schemas/Security_Detections_API_IsExternalRuleCustomized'
         type:
           enum:
             - external
@@ -49808,9 +48295,7 @@ components:
         type: string
       type: array
     Security_Detections_API_InternalRuleSource:
-      description: >-
-        Type of rule source for internally sourced rules, i.e. created within
-        the Kibana apps.
+      description: Type of rule source for internally sourced rules, i.e. created within the Kibana apps.
       type: object
       properties:
         type:
@@ -49820,33 +48305,19 @@ components:
       required:
         - type
     Security_Detections_API_InvestigationFields:
-      description: >
-        Schema for fields relating to investigation fields. These are user
-        defined fields we use to highlight
-
-        in various features in the UI such as alert details flyout and
-        exceptions auto-population from alert.
-
+      description: |
+        Schema for fields relating to investigation fields. These are user defined fields we use to highlight
+        in various features in the UI such as alert details flyout and exceptions auto-population from alert.
         Added in PR #163235
-
-        Right now we only have a single field but anticipate adding more related
-        fields to store various
-
-        configuration states such as `override` - where a user might say if they
-        want only these fields to
-
-        display, or if they want these fields + the fields we select. When
-        expanding this field, it may look
-
+        Right now we only have a single field but anticipate adding more related fields to store various
+        configuration states such as `override` - where a user might say if they want only these fields to
+        display, or if they want these fields + the fields we select. When expanding this field, it may look
         something like:
-
         ```typescript
-
         const investigationFields = z.object({
           field_names: NonEmptyArray(NonEmptyString),
           override: z.boolean().optional(),
         });
-
         ```
       type: object
       properties:
@@ -49861,19 +48332,14 @@ components:
       description: Notes to help investigate alerts produced by the rule.
       type: string
     Security_Detections_API_IsExternalRuleCustomized:
-      description: >-
-        Determines whether an external/prebuilt rule has been customized by the
-        user (i.e. any of its fields have been modified and diverged from the
-        base value).
+      description: Determines whether an external/prebuilt rule has been customized by the user (i.e. any of its fields have been modified and diverged from the base value).
       type: boolean
     Security_Detections_API_IsRuleEnabled:
       description: Determines whether the rule is enabled.
       type: boolean
     Security_Detections_API_IsRuleImmutable:
       deprecated: true
-      description: >-
-        This field determines whether the rule is a prebuilt Elastic rule. It
-        will be replaced with the `rule_source` field.
+      description: This field determines whether the rule is a prebuilt Elastic rule. It will be replaced with the `rule_source` field.
       type: boolean
     Security_Detections_API_ItemsPerSearch:
       minimum: 1
@@ -49900,11 +48366,9 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleAction'
               type: array
             alias_purpose:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose'
             alias_target_id:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId'
             author:
               $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray'
             building_block_type:
@@ -49918,8 +48382,7 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList'
               type: array
             false_positives:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RuleFalsePositiveArray
+              $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray'
             from:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom'
             interval:
@@ -49935,24 +48398,20 @@ components:
             name:
               $ref: '#/components/schemas/Security_Detections_API_RuleName'
             namespace:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_AlertsIndexNamespace
+              $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace'
             note:
               $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide'
             outcome:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome'
             output_index:
               $ref: '#/components/schemas/Security_Detections_API_AlertsIndex'
             references:
               $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray'
             related_integrations:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RelatedIntegrationArray
+              $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray'
             required_fields:
               items:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_RequiredFieldInput
+                $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput'
               type: array
             response_actions:
               items:
@@ -49979,13 +48438,11 @@ components:
             timeline_id:
               $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId'
             timeline_title:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimelineTemplateTitle
+              $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle'
             timestamp_override:
               $ref: '#/components/schemas/Security_Detections_API_TimestampOverride'
             timestamp_override_fallback_disabled:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled
+              $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled'
             to:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo'
             version:
@@ -50014,14 +48471,11 @@ components:
             - related_integrations
             - required_fields
         - $ref: '#/components/schemas/Security_Detections_API_ResponseFields'
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_MachineLearningRuleResponseFields
+        - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRuleResponseFields'
     Security_Detections_API_MachineLearningRuleCreateFields:
       allOf:
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_MachineLearningRuleRequiredFields
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_MachineLearningRuleOptionalFields
+        - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRuleRequiredFields'
+        - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRuleOptionalFields'
     Security_Detections_API_MachineLearningRuleCreateProps:
       allOf:
         - type: object
@@ -50031,11 +48485,9 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleAction'
               type: array
             alias_purpose:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose'
             alias_target_id:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId'
             author:
               $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray'
             building_block_type:
@@ -50049,8 +48501,7 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList'
               type: array
             false_positives:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RuleFalsePositiveArray
+              $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray'
             from:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom'
             interval:
@@ -50066,24 +48517,20 @@ components:
             name:
               $ref: '#/components/schemas/Security_Detections_API_RuleName'
             namespace:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_AlertsIndexNamespace
+              $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace'
             note:
               $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide'
             outcome:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome'
             output_index:
               $ref: '#/components/schemas/Security_Detections_API_AlertsIndex'
             references:
               $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray'
             related_integrations:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RelatedIntegrationArray
+              $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray'
             required_fields:
               items:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_RequiredFieldInput
+                $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput'
               type: array
             response_actions:
               items:
@@ -50112,13 +48559,11 @@ components:
             timeline_id:
               $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId'
             timeline_title:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimelineTemplateTitle
+              $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle'
             timestamp_override:
               $ref: '#/components/schemas/Security_Detections_API_TimestampOverride'
             timestamp_override_fallback_disabled:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled
+              $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled'
             to:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo'
             version:
@@ -50128,8 +48573,7 @@ components:
             - description
             - risk_score
             - severity
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_MachineLearningRuleCreateFields
+        - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRuleCreateFields'
     Security_Detections_API_MachineLearningRuleOptionalFields:
       type: object
       properties:
@@ -50142,15 +48586,13 @@ components:
             anomaly_threshold:
               $ref: '#/components/schemas/Security_Detections_API_AnomalyThreshold'
             machine_learning_job_id:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_MachineLearningJobId
+              $ref: '#/components/schemas/Security_Detections_API_MachineLearningJobId'
             type:
               description: Rule type
               enum:
                 - machine_learning
               type: string
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_MachineLearningRuleOptionalFields
+        - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRuleOptionalFields'
     Security_Detections_API_MachineLearningRulePatchProps:
       allOf:
         - type: object
@@ -50160,11 +48602,9 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleAction'
               type: array
             alias_purpose:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose'
             alias_target_id:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId'
             author:
               $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray'
             building_block_type:
@@ -50178,8 +48618,7 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList'
               type: array
             false_positives:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RuleFalsePositiveArray
+              $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray'
             from:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom'
             id:
@@ -50197,24 +48636,20 @@ components:
             name:
               $ref: '#/components/schemas/Security_Detections_API_RuleName'
             namespace:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_AlertsIndexNamespace
+              $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace'
             note:
               $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide'
             outcome:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome'
             output_index:
               $ref: '#/components/schemas/Security_Detections_API_AlertsIndex'
             references:
               $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray'
             related_integrations:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RelatedIntegrationArray
+              $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray'
             required_fields:
               items:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_RequiredFieldInput
+                $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput'
               type: array
             response_actions:
               items:
@@ -50243,19 +48678,16 @@ components:
             timeline_id:
               $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId'
             timeline_title:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimelineTemplateTitle
+              $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle'
             timestamp_override:
               $ref: '#/components/schemas/Security_Detections_API_TimestampOverride'
             timestamp_override_fallback_disabled:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled
+              $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled'
             to:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo'
             version:
               $ref: '#/components/schemas/Security_Detections_API_RuleVersion'
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_MachineLearningRulePatchFields
+        - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRulePatchFields'
     Security_Detections_API_MachineLearningRuleRequiredFields:
       type: object
       properties:
@@ -50274,10 +48706,8 @@ components:
         - anomaly_threshold
     Security_Detections_API_MachineLearningRuleResponseFields:
       allOf:
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_MachineLearningRuleRequiredFields
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_MachineLearningRuleOptionalFields
+        - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRuleRequiredFields'
+        - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRuleOptionalFields'
     Security_Detections_API_MachineLearningRuleUpdateProps:
       allOf:
         - type: object
@@ -50287,11 +48717,9 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleAction'
               type: array
             alias_purpose:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose'
             alias_target_id:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId'
             author:
               $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray'
             building_block_type:
@@ -50305,8 +48733,7 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList'
               type: array
             false_positives:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RuleFalsePositiveArray
+              $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray'
             from:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom'
             id:
@@ -50324,24 +48751,20 @@ components:
             name:
               $ref: '#/components/schemas/Security_Detections_API_RuleName'
             namespace:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_AlertsIndexNamespace
+              $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace'
             note:
               $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide'
             outcome:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome'
             output_index:
               $ref: '#/components/schemas/Security_Detections_API_AlertsIndex'
             references:
               $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray'
             related_integrations:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RelatedIntegrationArray
+              $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray'
             required_fields:
               items:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_RequiredFieldInput
+                $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput'
               type: array
             response_actions:
               items:
@@ -50370,13 +48793,11 @@ components:
             timeline_id:
               $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId'
             timeline_title:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimelineTemplateTitle
+              $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle'
             timestamp_override:
               $ref: '#/components/schemas/Security_Detections_API_TimestampOverride'
             timestamp_override_fallback_disabled:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled
+              $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled'
             to:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo'
             version:
@@ -50386,8 +48807,7 @@ components:
             - description
             - risk_score
             - severity
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_MachineLearningRuleCreateFields
+        - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRuleCreateFields'
     Security_Detections_API_MaxSignals:
       minimum: 1
       type: integer
@@ -50504,11 +48924,9 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleAction'
               type: array
             alias_purpose:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose'
             alias_target_id:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId'
             author:
               $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray'
             building_block_type:
@@ -50522,8 +48940,7 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList'
               type: array
             false_positives:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RuleFalsePositiveArray
+              $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray'
             from:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom'
             interval:
@@ -50539,24 +48956,20 @@ components:
             name:
               $ref: '#/components/schemas/Security_Detections_API_RuleName'
             namespace:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_AlertsIndexNamespace
+              $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace'
             note:
               $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide'
             outcome:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome'
             output_index:
               $ref: '#/components/schemas/Security_Detections_API_AlertsIndex'
             references:
               $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray'
             related_integrations:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RelatedIntegrationArray
+              $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray'
             required_fields:
               items:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_RequiredFieldInput
+                $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput'
               type: array
             response_actions:
               items:
@@ -50583,13 +48996,11 @@ components:
             timeline_id:
               $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId'
             timeline_title:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimelineTemplateTitle
+              $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle'
             timestamp_override:
               $ref: '#/components/schemas/Security_Detections_API_TimestampOverride'
             timestamp_override_fallback_disabled:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled
+              $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled'
             to:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo'
             version:
@@ -50618,16 +49029,12 @@ components:
             - related_integrations
             - required_fields
         - $ref: '#/components/schemas/Security_Detections_API_ResponseFields'
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_NewTermsRuleResponseFields
+        - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleResponseFields'
     Security_Detections_API_NewTermsRuleCreateFields:
       allOf:
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_NewTermsRuleRequiredFields
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_NewTermsRuleOptionalFields
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_NewTermsRuleDefaultableFields
+        - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleRequiredFields'
+        - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleOptionalFields'
+        - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleDefaultableFields'
     Security_Detections_API_NewTermsRuleCreateProps:
       allOf:
         - type: object
@@ -50637,11 +49044,9 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleAction'
               type: array
             alias_purpose:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose'
             alias_target_id:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId'
             author:
               $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray'
             building_block_type:
@@ -50655,8 +49060,7 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList'
               type: array
             false_positives:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RuleFalsePositiveArray
+              $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray'
             from:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom'
             interval:
@@ -50672,24 +49076,20 @@ components:
             name:
               $ref: '#/components/schemas/Security_Detections_API_RuleName'
             namespace:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_AlertsIndexNamespace
+              $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace'
             note:
               $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide'
             outcome:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome'
             output_index:
               $ref: '#/components/schemas/Security_Detections_API_AlertsIndex'
             references:
               $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray'
             related_integrations:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RelatedIntegrationArray
+              $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray'
             required_fields:
               items:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_RequiredFieldInput
+                $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput'
               type: array
             response_actions:
               items:
@@ -50718,13 +49118,11 @@ components:
             timeline_id:
               $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId'
             timeline_title:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimelineTemplateTitle
+              $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle'
             timestamp_override:
               $ref: '#/components/schemas/Security_Detections_API_TimestampOverride'
             timestamp_override_fallback_disabled:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled
+              $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled'
             to:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo'
             version:
@@ -50734,8 +49132,7 @@ components:
             - description
             - risk_score
             - severity
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_NewTermsRuleCreateFields
+        - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleCreateFields'
     Security_Detections_API_NewTermsRuleDefaultableFields:
       type: object
       properties:
@@ -50767,10 +49164,8 @@ components:
               enum:
                 - new_terms
               type: string
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_NewTermsRuleOptionalFields
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_NewTermsRuleDefaultableFields
+        - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleOptionalFields'
+        - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleDefaultableFields'
     Security_Detections_API_NewTermsRulePatchProps:
       allOf:
         - type: object
@@ -50780,11 +49175,9 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleAction'
               type: array
             alias_purpose:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose'
             alias_target_id:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId'
             author:
               $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray'
             building_block_type:
@@ -50798,8 +49191,7 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList'
               type: array
             false_positives:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RuleFalsePositiveArray
+              $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray'
             from:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom'
             id:
@@ -50817,24 +49209,20 @@ components:
             name:
               $ref: '#/components/schemas/Security_Detections_API_RuleName'
             namespace:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_AlertsIndexNamespace
+              $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace'
             note:
               $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide'
             outcome:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome'
             output_index:
               $ref: '#/components/schemas/Security_Detections_API_AlertsIndex'
             references:
               $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray'
             related_integrations:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RelatedIntegrationArray
+              $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray'
             required_fields:
               items:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_RequiredFieldInput
+                $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput'
               type: array
             response_actions:
               items:
@@ -50863,13 +49251,11 @@ components:
             timeline_id:
               $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId'
             timeline_title:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimelineTemplateTitle
+              $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle'
             timestamp_override:
               $ref: '#/components/schemas/Security_Detections_API_TimestampOverride'
             timestamp_override_fallback_disabled:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled
+              $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled'
             to:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo'
             version:
@@ -50896,10 +49282,8 @@ components:
         - history_window_start
     Security_Detections_API_NewTermsRuleResponseFields:
       allOf:
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_NewTermsRuleRequiredFields
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_NewTermsRuleOptionalFields
+        - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleRequiredFields'
+        - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleOptionalFields'
         - type: object
           properties:
             language:
@@ -50915,11 +49299,9 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleAction'
               type: array
             alias_purpose:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose'
             alias_target_id:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId'
             author:
               $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray'
             building_block_type:
@@ -50933,8 +49315,7 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList'
               type: array
             false_positives:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RuleFalsePositiveArray
+              $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray'
             from:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom'
             id:
@@ -50952,24 +49333,20 @@ components:
             name:
               $ref: '#/components/schemas/Security_Detections_API_RuleName'
             namespace:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_AlertsIndexNamespace
+              $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace'
             note:
               $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide'
             outcome:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome'
             output_index:
               $ref: '#/components/schemas/Security_Detections_API_AlertsIndex'
             references:
               $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray'
             related_integrations:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RelatedIntegrationArray
+              $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray'
             required_fields:
               items:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_RequiredFieldInput
+                $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput'
               type: array
             response_actions:
               items:
@@ -50998,13 +49375,11 @@ components:
             timeline_id:
               $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId'
             timeline_title:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimelineTemplateTitle
+              $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle'
             timestamp_override:
               $ref: '#/components/schemas/Security_Detections_API_TimestampOverride'
             timestamp_override_fallback_disabled:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled
+              $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled'
             to:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo'
             version:
@@ -51014,8 +49389,7 @@ components:
             - description
             - risk_score
             - severity
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_NewTermsRuleCreateFields
+        - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleCreateFields'
     Security_Detections_API_NonEmptyString:
       description: A string that is not empty and does not contain only whitespace
       minLength: 1
@@ -51042,8 +49416,7 @@ components:
       type: object
       properties:
         err_code:
-          $ref: >-
-            #/components/schemas/Security_Detections_API_BulkActionsDryRunErrCode
+          $ref: '#/components/schemas/Security_Detections_API_BulkActionsDryRunErrCode'
         message:
           type: string
         rules:
@@ -51155,11 +49528,9 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleAction'
               type: array
             alias_purpose:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose'
             alias_target_id:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId'
             author:
               $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray'
             building_block_type:
@@ -51173,8 +49544,7 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList'
               type: array
             false_positives:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RuleFalsePositiveArray
+              $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray'
             from:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom'
             interval:
@@ -51190,24 +49560,20 @@ components:
             name:
               $ref: '#/components/schemas/Security_Detections_API_RuleName'
             namespace:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_AlertsIndexNamespace
+              $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace'
             note:
               $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide'
             outcome:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome'
             output_index:
               $ref: '#/components/schemas/Security_Detections_API_AlertsIndex'
             references:
               $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray'
             related_integrations:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RelatedIntegrationArray
+              $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray'
             required_fields:
               items:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_RequiredFieldInput
+                $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput'
               type: array
             response_actions:
               items:
@@ -51234,13 +49600,11 @@ components:
             timeline_id:
               $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId'
             timeline_title:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimelineTemplateTitle
+              $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle'
             timestamp_override:
               $ref: '#/components/schemas/Security_Detections_API_TimestampOverride'
             timestamp_override_fallback_disabled:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled
+              $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled'
             to:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo'
             version:
@@ -51274,8 +49638,7 @@ components:
       allOf:
         - $ref: '#/components/schemas/Security_Detections_API_QueryRuleRequiredFields'
         - $ref: '#/components/schemas/Security_Detections_API_QueryRuleOptionalFields'
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_QueryRuleDefaultableFields
+        - $ref: '#/components/schemas/Security_Detections_API_QueryRuleDefaultableFields'
     Security_Detections_API_QueryRuleCreateProps:
       allOf:
         - type: object
@@ -51285,11 +49648,9 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleAction'
               type: array
             alias_purpose:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose'
             alias_target_id:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId'
             author:
               $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray'
             building_block_type:
@@ -51303,8 +49664,7 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList'
               type: array
             false_positives:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RuleFalsePositiveArray
+              $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray'
             from:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom'
             interval:
@@ -51320,24 +49680,20 @@ components:
             name:
               $ref: '#/components/schemas/Security_Detections_API_RuleName'
             namespace:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_AlertsIndexNamespace
+              $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace'
             note:
               $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide'
             outcome:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome'
             output_index:
               $ref: '#/components/schemas/Security_Detections_API_AlertsIndex'
             references:
               $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray'
             related_integrations:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RelatedIntegrationArray
+              $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray'
             required_fields:
               items:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_RequiredFieldInput
+                $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput'
               type: array
             response_actions:
               items:
@@ -51366,13 +49722,11 @@ components:
             timeline_id:
               $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId'
             timeline_title:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimelineTemplateTitle
+              $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle'
             timestamp_override:
               $ref: '#/components/schemas/Security_Detections_API_TimestampOverride'
             timestamp_override_fallback_disabled:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled
+              $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled'
             to:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo'
             version:
@@ -51413,8 +49767,7 @@ components:
                 - query
               type: string
         - $ref: '#/components/schemas/Security_Detections_API_QueryRuleOptionalFields'
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_QueryRuleDefaultableFields
+        - $ref: '#/components/schemas/Security_Detections_API_QueryRuleDefaultableFields'
     Security_Detections_API_QueryRulePatchProps:
       allOf:
         - type: object
@@ -51424,11 +49777,9 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleAction'
               type: array
             alias_purpose:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose'
             alias_target_id:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId'
             author:
               $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray'
             building_block_type:
@@ -51442,8 +49793,7 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList'
               type: array
             false_positives:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RuleFalsePositiveArray
+              $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray'
             from:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom'
             id:
@@ -51461,24 +49811,20 @@ components:
             name:
               $ref: '#/components/schemas/Security_Detections_API_RuleName'
             namespace:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_AlertsIndexNamespace
+              $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace'
             note:
               $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide'
             outcome:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome'
             output_index:
               $ref: '#/components/schemas/Security_Detections_API_AlertsIndex'
             references:
               $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray'
             related_integrations:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RelatedIntegrationArray
+              $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray'
             required_fields:
               items:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_RequiredFieldInput
+                $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput'
               type: array
             response_actions:
               items:
@@ -51507,13 +49853,11 @@ components:
             timeline_id:
               $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId'
             timeline_title:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimelineTemplateTitle
+              $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle'
             timestamp_override:
               $ref: '#/components/schemas/Security_Detections_API_TimestampOverride'
             timestamp_override_fallback_disabled:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled
+              $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled'
             to:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo'
             version:
@@ -51551,11 +49895,9 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleAction'
               type: array
             alias_purpose:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose'
             alias_target_id:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId'
             author:
               $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray'
             building_block_type:
@@ -51569,8 +49911,7 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList'
               type: array
             false_positives:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RuleFalsePositiveArray
+              $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray'
             from:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom'
             id:
@@ -51588,24 +49929,20 @@ components:
             name:
               $ref: '#/components/schemas/Security_Detections_API_RuleName'
             namespace:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_AlertsIndexNamespace
+              $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace'
             note:
               $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide'
             outcome:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome'
             output_index:
               $ref: '#/components/schemas/Security_Detections_API_AlertsIndex'
             references:
               $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray'
             related_integrations:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RelatedIntegrationArray
+              $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray'
             required_fields:
               items:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_RequiredFieldInput
+                $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput'
               type: array
             response_actions:
               items:
@@ -51634,13 +49971,11 @@ components:
             timeline_id:
               $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId'
             timeline_title:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimelineTemplateTitle
+              $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle'
             timestamp_override:
               $ref: '#/components/schemas/Security_Detections_API_TimestampOverride'
             timestamp_override_fallback_disabled:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled
+              $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled'
             to:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo'
             version:
@@ -51652,58 +49987,32 @@ components:
             - severity
         - $ref: '#/components/schemas/Security_Detections_API_QueryRuleCreateFields'
     Security_Detections_API_RelatedIntegration:
-      description: >
-        Related integration is a potential dependency of a rule. It's assumed
-        that if the user installs
-
-        one of the related integrations of a rule, the rule might start to work
-        properly because it will
-
-        have source events (generated by this integration) potentially matching
-        the rule's query.
-
-
-        NOTE: Proper work is not guaranteed, because a related integration, if
-        installed, can be
-
-        configured differently or generate data that is not necessarily relevant
-        for this rule.
-
-
-        Related integration is a combination of a Fleet package and (optionally)
-        one of the
+      description: |
+        Related integration is a potential dependency of a rule. It's assumed that if the user installs
+        one of the related integrations of a rule, the rule might start to work properly because it will
+        have source events (generated by this integration) potentially matching the rule's query.
 
-        package's "integrations" that this package contains. It is represented
-        by 3 properties:
+        NOTE: Proper work is not guaranteed, because a related integration, if installed, can be
+        configured differently or generate data that is not necessarily relevant for this rule.
 
+        Related integration is a combination of a Fleet package and (optionally) one of the
+        package's "integrations" that this package contains. It is represented by 3 properties:
 
         - `package`: name of the package (required, unique id)
-
         - `version`: version of the package (required, semver-compatible)
+        - `integration`: name of the integration of this package (optional, id within the package)
 
-        - `integration`: name of the integration of this package (optional, id
-        within the package)
-
-
-        There are Fleet packages like `windows` that contain only one
-        integration; in this case,
-
-        `integration` should be unspecified. There are also packages like `aws`
-        and `azure` that contain
-
+        There are Fleet packages like `windows` that contain only one integration; in this case,
+        `integration` should be unspecified. There are also packages like `aws` and `azure` that contain
         several integrations; in this case, `integration` should be specified.
 
-
         @example
-
         const x: RelatedIntegration = {
           package: 'windows',
           version: '1.5.x',
         };
 
-
         @example
-
         const x: RelatedIntegration = {
           package: 'azure',
           version: '~1.1.6',
@@ -51725,35 +50034,23 @@ components:
         $ref: '#/components/schemas/Security_Detections_API_RelatedIntegration'
       type: array
     Security_Detections_API_RequiredField:
-      description: >
-        Describes an Elasticsearch field that is needed for the rule to
-        function.
-
-
-        Almost all types of Security rules check source event documents for a
-        match to some kind of
-
-        query or filter. If a document has certain field with certain values,
-        then it's a match and
+      description: |
+        Describes an Elasticsearch field that is needed for the rule to function.
 
+        Almost all types of Security rules check source event documents for a match to some kind of
+        query or filter. If a document has certain field with certain values, then it's a match and
         the rule will generate an alert.
 
-
-        Required field is an event field that must be present in the source
-        indices of a given rule.
-
+        Required field is an event field that must be present in the source indices of a given rule.
 
         @example
-
         const standardEcsField: RequiredField = {
           name: 'event.action',
           type: 'keyword',
           ecs: true,
         };
 
-
         @example
-
         const nonEcsField: RequiredField = {
           name: 'winlog.event_data.AttributeLDAPDisplayName',
           type: 'keyword',
@@ -51779,10 +50076,7 @@ components:
         $ref: '#/components/schemas/Security_Detections_API_RequiredField'
       type: array
     Security_Detections_API_RequiredFieldInput:
-      description: >-
-        Input parameters to create a RequiredField. Does not include the `ecs`
-        field, because `ecs` is calculated on the backend based on the field
-        name and type.
+      description: Input parameters to create a RequiredField. Does not include the `ecs` field, because `ecs` is calculated on the backend based on the field name and type.
       type: object
       properties:
         name:
@@ -51844,9 +50138,7 @@ components:
       minimum: 0
       type: integer
     Security_Detections_API_RiskScoreMapping:
-      description: >-
-        Overrides generated alerts' risk_score with a value from the source
-        event
+      description: Overrides generated alerts' risk_score with a value from the source event
       items:
         type: object
         properties:
@@ -51891,17 +50183,13 @@ components:
       additionalProperties: true
       type: object
     Security_Detections_API_RuleActionFrequency:
-      description: >-
-        The action frequency defines when the action runs (for example, only on
-        rule execution or at specific time intervals).
+      description: The action frequency defines when the action runs (for example, only on rule execution or at specific time intervals).
       type: object
       properties:
         notifyWhen:
           $ref: '#/components/schemas/Security_Detections_API_RuleActionNotifyWhen'
         summary:
-          description: >-
-            Action summary indicates whether we will send a summary notification
-            about all the generate alerts or notification per individual alert
+          description: Action summary indicates whether we will send a summary notification about all the generate alerts or notification per individual alert
           type: boolean
         throttle:
           $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle'
@@ -51911,17 +50199,13 @@ components:
         - notifyWhen
         - throttle
     Security_Detections_API_RuleActionGroup:
-      description: >-
-        Optionally groups actions by use cases. Use `default` for alert
-        notifications.
+      description: Optionally groups actions by use cases. Use `default` for alert notifications.
       type: string
     Security_Detections_API_RuleActionId:
       description: The connector ID.
       type: string
     Security_Detections_API_RuleActionNotifyWhen:
-      description: >-
-        The condition for throttling the notification: `onActionGroupChange`,
-        `onActiveAlert`,  or `onThrottleInterval`
+      description: 'The condition for throttling the notification: `onActionGroupChange`, `onActiveAlert`,  or `onThrottleInterval`'
       enum:
         - onActiveAlert
         - onThrottleInterval
@@ -51929,9 +50213,7 @@ components:
       type: string
     Security_Detections_API_RuleActionParams:
       additionalProperties: true
-      description: >-
-        Object containing the allowed connector fields, which varies according
-        to the connector type.
+      description: Object containing the allowed connector fields, which varies according to the connector type.
       type: object
     Security_Detections_API_RuleActionThrottle:
       description: Defines how often rule actions are taken.
@@ -51952,14 +50234,10 @@ components:
       anyOf:
         - $ref: '#/components/schemas/Security_Detections_API_EqlRuleCreateProps'
         - $ref: '#/components/schemas/Security_Detections_API_QueryRuleCreateProps'
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_SavedQueryRuleCreateProps
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_ThresholdRuleCreateProps
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_ThreatMatchRuleCreateProps
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_MachineLearningRuleCreateProps
+        - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRuleCreateProps'
+        - $ref: '#/components/schemas/Security_Detections_API_ThresholdRuleCreateProps'
+        - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRuleCreateProps'
+        - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRuleCreateProps'
         - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleCreateProps'
         - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleCreateProps'
       discriminator:
@@ -52006,50 +50284,25 @@ components:
           minimum: 0
           type: integer
         total_enrichment_duration_ms:
-          description: >-
-            Total time spent enriching documents during current rule execution
-            cycle
+          description: Total time spent enriching documents during current rule execution cycle
           minimum: 0
           type: integer
         total_indexing_duration_ms:
-          description: >-
-            Total time spent indexing documents during current rule execution
-            cycle
+          description: Total time spent indexing documents during current rule execution cycle
           minimum: 0
           type: integer
         total_search_duration_ms:
-          description: >-
-            Total time spent performing ES searches as measured by Kibana;
-            includes network latency and time spent serializing/deserializing
-            request/response
+          description: Total time spent performing ES searches as measured by Kibana; includes network latency and time spent serializing/deserializing request/response
           minimum: 0
           type: integer
     Security_Detections_API_RuleExecutionStatus:
-      description: >-
-        Custom execution status of Security rules that is different from the
-        status used in the Alerting Framework. We merge our custom status with
-        the Framework's status to determine the resulting status of a rule.
-
-        - going to run - @deprecated Replaced by the 'running' status but left
-        for backwards compatibility with rule execution events already written
-        to Event Log in the prior versions of Kibana. Don't use when writing
-        rule status changes.
-
-        - running - Rule execution started but not reached any intermediate or
-        final status.
-
-        - partial failure - Rule can partially fail for various reasons either
-        in the middle of an execution (in this case we update its status right
-        away) or in the end of it. So currently this status can be both
-        intermediate and final at the same time. A typical reason for a partial
-        failure: not all the indices that the rule searches over actually exist.
-
-        - failed - Rule failed to execute due to unhandled exception or a reason
-        defined in the business logic of its executor function.
-
-        - succeeded - Rule executed successfully without any issues. Note: this
-        status is just an indication of a rule's "health". The rule might or
-        might not generate any alerts despite of it.
+      description: |-
+        Custom execution status of Security rules that is different from the status used in the Alerting Framework. We merge our custom status with the Framework's status to determine the resulting status of a rule.
+        - going to run - @deprecated Replaced by the 'running' status but left for backwards compatibility with rule execution events already written to Event Log in the prior versions of Kibana. Don't use when writing rule status changes.
+        - running - Rule execution started but not reached any intermediate or final status.
+        - partial failure - Rule can partially fail for various reasons either in the middle of an execution (in this case we update its status right away) or in the end of it. So currently this status can be both intermediate and final at the same time. A typical reason for a partial failure: not all the indices that the rule searches over actually exist.
+        - failed - Rule failed to execute due to unhandled exception or a reason defined in the business logic of its executor function.
+        - succeeded - Rule executed successfully without any issues. Note: this status is just an indication of a rule's "health". The rule might or might not generate any alerts despite of it.
       enum:
         - going to run
         - running
@@ -52072,14 +50325,12 @@ components:
             message:
               type: string
             metrics:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RuleExecutionMetrics
+              $ref: '#/components/schemas/Security_Detections_API_RuleExecutionMetrics'
             status:
               $ref: '#/components/schemas/Security_Detections_API_RuleExecutionStatus'
               description: Status of the last execution
             status_order:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RuleExecutionStatusOrder
+              $ref: '#/components/schemas/Security_Detections_API_RuleExecutionStatusOrder'
           required:
             - date
             - status
@@ -52096,16 +50347,10 @@ components:
       items: {}
       type: array
     Security_Detections_API_RuleInterval:
-      description: >-
-        Frequency of rule execution, using a date math range. For example, "1h"
-        means the rule runs every hour. Defaults to 5m (5 minutes).
+      description: Frequency of rule execution, using a date math range. For example, "1h" means the rule runs every hour. Defaults to 5m (5 minutes).
       type: string
     Security_Detections_API_RuleIntervalFrom:
-      description: >-
-        Time from which data is analyzed each time the rule runs, using a date
-        math range. For example, now-4200s means the rule analyzes data from 70
-        minutes before its start time. Defaults to now-6m (analyzes data from 6
-        minutes before the start time).
+      description: Time from which data is analyzed each time the rule runs, using a date math range. For example, now-4200s means the rule analyzes data from 70 minutes before its start time. Defaults to now-6m (analyzes data from 6 minutes before the start time).
       format: date-math
       type: string
     Security_Detections_API_RuleIntervalTo:
@@ -52128,13 +50373,10 @@ components:
       anyOf:
         - $ref: '#/components/schemas/Security_Detections_API_EqlRulePatchProps'
         - $ref: '#/components/schemas/Security_Detections_API_QueryRulePatchProps'
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_SavedQueryRulePatchProps
+        - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRulePatchProps'
         - $ref: '#/components/schemas/Security_Detections_API_ThresholdRulePatchProps'
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_ThreatMatchRulePatchProps
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_MachineLearningRulePatchProps
+        - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRulePatchProps'
+        - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRulePatchProps'
         - $ref: '#/components/schemas/Security_Detections_API_NewTermsRulePatchProps'
         - $ref: '#/components/schemas/Security_Detections_API_EsqlRulePatchProps'
     Security_Detections_API_RulePreviewLoggedRequest:
@@ -52160,8 +50402,7 @@ components:
           type: array
         requests:
           items:
-            $ref: >-
-              #/components/schemas/Security_Detections_API_RulePreviewLoggedRequest
+            $ref: '#/components/schemas/Security_Detections_API_RulePreviewLoggedRequest'
           type: array
         startedAt:
           $ref: '#/components/schemas/Security_Detections_API_NonEmptyString'
@@ -52206,19 +50447,14 @@ components:
       description: Could be any string, not necessarily a UUID
       type: string
     Security_Detections_API_RuleSource:
-      description: >-
-        Discriminated union that determines whether the rule is internally
-        sourced (created within the Kibana app) or has an external source, such
-        as the Elastic Prebuilt rules repo.
+      description: Discriminated union that determines whether the rule is internally sourced (created within the Kibana app) or has an external source, such as the Elastic Prebuilt rules repo.
       discriminator:
         propertyName: type
       oneOf:
         - $ref: '#/components/schemas/Security_Detections_API_ExternalRuleSource'
         - $ref: '#/components/schemas/Security_Detections_API_InternalRuleSource'
     Security_Detections_API_RuleTagArray:
-      description: >-
-        String array containing words and phrases to help categorize, filter,
-        and search rules. Defaults to an empty array.
+      description: String array containing words and phrases to help categorize, filter, and search rules. Defaults to an empty array.
       items:
         type: string
       type: array
@@ -52226,14 +50462,10 @@ components:
       anyOf:
         - $ref: '#/components/schemas/Security_Detections_API_EqlRuleUpdateProps'
         - $ref: '#/components/schemas/Security_Detections_API_QueryRuleUpdateProps'
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_SavedQueryRuleUpdateProps
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_ThresholdRuleUpdateProps
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_ThreatMatchRuleUpdateProps
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_MachineLearningRuleUpdateProps
+        - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRuleUpdateProps'
+        - $ref: '#/components/schemas/Security_Detections_API_ThresholdRuleUpdateProps'
+        - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRuleUpdateProps'
+        - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRuleUpdateProps'
         - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleUpdateProps'
         - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleUpdateProps'
       discriminator:
@@ -52266,11 +50498,9 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleAction'
               type: array
             alias_purpose:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose'
             alias_target_id:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId'
             author:
               $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray'
             building_block_type:
@@ -52284,8 +50514,7 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList'
               type: array
             false_positives:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RuleFalsePositiveArray
+              $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray'
             from:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom'
             interval:
@@ -52301,24 +50530,20 @@ components:
             name:
               $ref: '#/components/schemas/Security_Detections_API_RuleName'
             namespace:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_AlertsIndexNamespace
+              $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace'
             note:
               $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide'
             outcome:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome'
             output_index:
               $ref: '#/components/schemas/Security_Detections_API_AlertsIndex'
             references:
               $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray'
             related_integrations:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RelatedIntegrationArray
+              $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray'
             required_fields:
               items:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_RequiredFieldInput
+                $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput'
               type: array
             response_actions:
               items:
@@ -52345,13 +50570,11 @@ components:
             timeline_id:
               $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId'
             timeline_title:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimelineTemplateTitle
+              $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle'
             timestamp_override:
               $ref: '#/components/schemas/Security_Detections_API_TimestampOverride'
             timestamp_override_fallback_disabled:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled
+              $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled'
             to:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo'
             version:
@@ -52380,16 +50603,12 @@ components:
             - related_integrations
             - required_fields
         - $ref: '#/components/schemas/Security_Detections_API_ResponseFields'
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_SavedQueryRuleResponseFields
+        - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRuleResponseFields'
     Security_Detections_API_SavedQueryRuleCreateFields:
       allOf:
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_SavedQueryRuleRequiredFields
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_SavedQueryRuleOptionalFields
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_SavedQueryRuleDefaultableFields
+        - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRuleRequiredFields'
+        - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRuleOptionalFields'
+        - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRuleDefaultableFields'
     Security_Detections_API_SavedQueryRuleCreateProps:
       allOf:
         - type: object
@@ -52399,11 +50618,9 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleAction'
               type: array
             alias_purpose:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose'
             alias_target_id:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId'
             author:
               $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray'
             building_block_type:
@@ -52417,8 +50634,7 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList'
               type: array
             false_positives:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RuleFalsePositiveArray
+              $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray'
             from:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom'
             interval:
@@ -52434,24 +50650,20 @@ components:
             name:
               $ref: '#/components/schemas/Security_Detections_API_RuleName'
             namespace:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_AlertsIndexNamespace
+              $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace'
             note:
               $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide'
             outcome:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome'
             output_index:
               $ref: '#/components/schemas/Security_Detections_API_AlertsIndex'
             references:
               $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray'
             related_integrations:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RelatedIntegrationArray
+              $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray'
             required_fields:
               items:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_RequiredFieldInput
+                $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput'
               type: array
             response_actions:
               items:
@@ -52480,13 +50692,11 @@ components:
             timeline_id:
               $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId'
             timeline_title:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimelineTemplateTitle
+              $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle'
             timestamp_override:
               $ref: '#/components/schemas/Security_Detections_API_TimestampOverride'
             timestamp_override_fallback_disabled:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled
+              $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled'
             to:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo'
             version:
@@ -52496,8 +50706,7 @@ components:
             - description
             - risk_score
             - severity
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_SavedQueryRuleCreateFields
+        - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRuleCreateFields'
     Security_Detections_API_SavedQueryRuleDefaultableFields:
       type: object
       properties:
@@ -52527,10 +50736,8 @@ components:
               enum:
                 - saved_query
               type: string
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_SavedQueryRuleOptionalFields
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_SavedQueryRuleDefaultableFields
+        - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRuleOptionalFields'
+        - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRuleDefaultableFields'
     Security_Detections_API_SavedQueryRulePatchProps:
       allOf:
         - type: object
@@ -52540,11 +50747,9 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleAction'
               type: array
             alias_purpose:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose'
             alias_target_id:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId'
             author:
               $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray'
             building_block_type:
@@ -52558,8 +50763,7 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList'
               type: array
             false_positives:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RuleFalsePositiveArray
+              $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray'
             from:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom'
             id:
@@ -52577,24 +50781,20 @@ components:
             name:
               $ref: '#/components/schemas/Security_Detections_API_RuleName'
             namespace:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_AlertsIndexNamespace
+              $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace'
             note:
               $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide'
             outcome:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome'
             output_index:
               $ref: '#/components/schemas/Security_Detections_API_AlertsIndex'
             references:
               $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray'
             related_integrations:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RelatedIntegrationArray
+              $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray'
             required_fields:
               items:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_RequiredFieldInput
+                $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput'
               type: array
             response_actions:
               items:
@@ -52623,19 +50823,16 @@ components:
             timeline_id:
               $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId'
             timeline_title:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimelineTemplateTitle
+              $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle'
             timestamp_override:
               $ref: '#/components/schemas/Security_Detections_API_TimestampOverride'
             timestamp_override_fallback_disabled:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled
+              $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled'
             to:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo'
             version:
               $ref: '#/components/schemas/Security_Detections_API_RuleVersion'
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_SavedQueryRulePatchFields
+        - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRulePatchFields'
     Security_Detections_API_SavedQueryRuleRequiredFields:
       type: object
       properties:
@@ -52651,10 +50848,8 @@ components:
         - saved_id
     Security_Detections_API_SavedQueryRuleResponseFields:
       allOf:
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_SavedQueryRuleRequiredFields
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_SavedQueryRuleOptionalFields
+        - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRuleRequiredFields'
+        - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRuleOptionalFields'
         - type: object
           properties:
             language:
@@ -52670,11 +50865,9 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleAction'
               type: array
             alias_purpose:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose'
             alias_target_id:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId'
             author:
               $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray'
             building_block_type:
@@ -52688,8 +50881,7 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList'
               type: array
             false_positives:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RuleFalsePositiveArray
+              $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray'
             from:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom'
             id:
@@ -52707,24 +50899,20 @@ components:
             name:
               $ref: '#/components/schemas/Security_Detections_API_RuleName'
             namespace:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_AlertsIndexNamespace
+              $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace'
             note:
               $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide'
             outcome:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome'
             output_index:
               $ref: '#/components/schemas/Security_Detections_API_AlertsIndex'
             references:
               $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray'
             related_integrations:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RelatedIntegrationArray
+              $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray'
             required_fields:
               items:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_RequiredFieldInput
+                $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput'
               type: array
             response_actions:
               items:
@@ -52753,13 +50941,11 @@ components:
             timeline_id:
               $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId'
             timeline_title:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimelineTemplateTitle
+              $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle'
             timestamp_override:
               $ref: '#/components/schemas/Security_Detections_API_TimestampOverride'
             timestamp_override_fallback_disabled:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled
+              $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled'
             to:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo'
             version:
@@ -52769,8 +50955,7 @@ components:
             - description
             - risk_score
             - severity
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_SavedQueryRuleCreateFields
+        - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRuleCreateFields'
     Security_Detections_API_SetAlertsStatusByIds:
       type: object
       properties:
@@ -52886,18 +51071,14 @@ components:
       type: array
     Security_Detections_API_ThreatFilters:
       items:
-        description: >-
-          Query and filter context array used to filter documents from the
-          Elasticsearch index containing the threat values
+        description: Query and filter context array used to filter documents from the Elasticsearch index containing the threat values
       type: array
     Security_Detections_API_ThreatIndex:
       items:
         type: string
       type: array
     Security_Detections_API_ThreatIndicatorPath:
-      description: >-
-        Defines the path to the threat indicator in the indicator documents
-        (optional)
+      description: Defines the path to the threat indicator in the indicator documents (optional)
       type: string
     Security_Detections_API_ThreatMapping:
       items:
@@ -52933,11 +51114,9 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleAction'
               type: array
             alias_purpose:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose'
             alias_target_id:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId'
             author:
               $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray'
             building_block_type:
@@ -52951,8 +51130,7 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList'
               type: array
             false_positives:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RuleFalsePositiveArray
+              $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray'
             from:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom'
             interval:
@@ -52968,24 +51146,20 @@ components:
             name:
               $ref: '#/components/schemas/Security_Detections_API_RuleName'
             namespace:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_AlertsIndexNamespace
+              $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace'
             note:
               $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide'
             outcome:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome'
             output_index:
               $ref: '#/components/schemas/Security_Detections_API_AlertsIndex'
             references:
               $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray'
             related_integrations:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RelatedIntegrationArray
+              $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray'
             required_fields:
               items:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_RequiredFieldInput
+                $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput'
               type: array
             response_actions:
               items:
@@ -53012,13 +51186,11 @@ components:
             timeline_id:
               $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId'
             timeline_title:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimelineTemplateTitle
+              $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle'
             timestamp_override:
               $ref: '#/components/schemas/Security_Detections_API_TimestampOverride'
             timestamp_override_fallback_disabled:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled
+              $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled'
             to:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo'
             version:
@@ -53047,16 +51219,12 @@ components:
             - related_integrations
             - required_fields
         - $ref: '#/components/schemas/Security_Detections_API_ResponseFields'
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_ThreatMatchRuleResponseFields
+        - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRuleResponseFields'
     Security_Detections_API_ThreatMatchRuleCreateFields:
       allOf:
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_ThreatMatchRuleRequiredFields
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_ThreatMatchRuleOptionalFields
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_ThreatMatchRuleDefaultableFields
+        - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRuleRequiredFields'
+        - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRuleOptionalFields'
+        - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRuleDefaultableFields'
     Security_Detections_API_ThreatMatchRuleCreateProps:
       allOf:
         - type: object
@@ -53066,11 +51234,9 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleAction'
               type: array
             alias_purpose:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose'
             alias_target_id:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId'
             author:
               $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray'
             building_block_type:
@@ -53084,8 +51250,7 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList'
               type: array
             false_positives:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RuleFalsePositiveArray
+              $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray'
             from:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom'
             interval:
@@ -53101,24 +51266,20 @@ components:
             name:
               $ref: '#/components/schemas/Security_Detections_API_RuleName'
             namespace:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_AlertsIndexNamespace
+              $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace'
             note:
               $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide'
             outcome:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome'
             output_index:
               $ref: '#/components/schemas/Security_Detections_API_AlertsIndex'
             references:
               $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray'
             related_integrations:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RelatedIntegrationArray
+              $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray'
             required_fields:
               items:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_RequiredFieldInput
+                $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput'
               type: array
             response_actions:
               items:
@@ -53147,13 +51308,11 @@ components:
             timeline_id:
               $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId'
             timeline_title:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimelineTemplateTitle
+              $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle'
             timestamp_override:
               $ref: '#/components/schemas/Security_Detections_API_TimestampOverride'
             timestamp_override_fallback_disabled:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled
+              $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled'
             to:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo'
             version:
@@ -53163,8 +51322,7 @@ components:
             - description
             - risk_score
             - severity
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_ThreatMatchRuleCreateFields
+        - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRuleCreateFields'
     Security_Detections_API_ThreatMatchRuleDefaultableFields:
       type: object
       properties:
@@ -53210,10 +51368,8 @@ components:
               enum:
                 - threat_match
               type: string
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_ThreatMatchRuleOptionalFields
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_ThreatMatchRuleDefaultableFields
+        - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRuleOptionalFields'
+        - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRuleDefaultableFields'
     Security_Detections_API_ThreatMatchRulePatchProps:
       allOf:
         - type: object
@@ -53223,11 +51379,9 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleAction'
               type: array
             alias_purpose:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose'
             alias_target_id:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId'
             author:
               $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray'
             building_block_type:
@@ -53241,8 +51395,7 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList'
               type: array
             false_positives:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RuleFalsePositiveArray
+              $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray'
             from:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom'
             id:
@@ -53260,24 +51413,20 @@ components:
             name:
               $ref: '#/components/schemas/Security_Detections_API_RuleName'
             namespace:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_AlertsIndexNamespace
+              $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace'
             note:
               $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide'
             outcome:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome'
             output_index:
               $ref: '#/components/schemas/Security_Detections_API_AlertsIndex'
             references:
               $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray'
             related_integrations:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RelatedIntegrationArray
+              $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray'
             required_fields:
               items:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_RequiredFieldInput
+                $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput'
               type: array
             response_actions:
               items:
@@ -53306,19 +51455,16 @@ components:
             timeline_id:
               $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId'
             timeline_title:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimelineTemplateTitle
+              $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle'
             timestamp_override:
               $ref: '#/components/schemas/Security_Detections_API_TimestampOverride'
             timestamp_override_fallback_disabled:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled
+              $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled'
             to:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo'
             version:
               $ref: '#/components/schemas/Security_Detections_API_RuleVersion'
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_ThreatMatchRulePatchFields
+        - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRulePatchFields'
     Security_Detections_API_ThreatMatchRuleRequiredFields:
       type: object
       properties:
@@ -53343,10 +51489,8 @@ components:
         - threat_index
     Security_Detections_API_ThreatMatchRuleResponseFields:
       allOf:
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_ThreatMatchRuleRequiredFields
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_ThreatMatchRuleOptionalFields
+        - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRuleRequiredFields'
+        - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRuleOptionalFields'
         - type: object
           properties:
             language:
@@ -53362,11 +51506,9 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleAction'
               type: array
             alias_purpose:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose'
             alias_target_id:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId'
             author:
               $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray'
             building_block_type:
@@ -53380,8 +51522,7 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList'
               type: array
             false_positives:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RuleFalsePositiveArray
+              $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray'
             from:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom'
             id:
@@ -53399,24 +51540,20 @@ components:
             name:
               $ref: '#/components/schemas/Security_Detections_API_RuleName'
             namespace:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_AlertsIndexNamespace
+              $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace'
             note:
               $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide'
             outcome:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome'
             output_index:
               $ref: '#/components/schemas/Security_Detections_API_AlertsIndex'
             references:
               $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray'
             related_integrations:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RelatedIntegrationArray
+              $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray'
             required_fields:
               items:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_RequiredFieldInput
+                $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput'
               type: array
             response_actions:
               items:
@@ -53445,13 +51582,11 @@ components:
             timeline_id:
               $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId'
             timeline_title:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimelineTemplateTitle
+              $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle'
             timestamp_override:
               $ref: '#/components/schemas/Security_Detections_API_TimestampOverride'
             timestamp_override_fallback_disabled:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled
+              $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled'
             to:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo'
             version:
@@ -53461,8 +51596,7 @@ components:
             - description
             - risk_score
             - severity
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_ThreatMatchRuleCreateFields
+        - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRuleCreateFields'
     Security_Detections_API_ThreatQuery:
       description: Query to run
       type: string
@@ -53535,8 +51669,7 @@ components:
       type: object
       properties:
         duration:
-          $ref: >-
-            #/components/schemas/Security_Detections_API_AlertSuppressionDuration
+          $ref: '#/components/schemas/Security_Detections_API_AlertSuppressionDuration'
       required:
         - duration
     Security_Detections_API_ThresholdCardinality:
@@ -53568,11 +51701,9 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleAction'
               type: array
             alias_purpose:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose'
             alias_target_id:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId'
             author:
               $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray'
             building_block_type:
@@ -53586,8 +51717,7 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList'
               type: array
             false_positives:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RuleFalsePositiveArray
+              $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray'
             from:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom'
             interval:
@@ -53603,24 +51733,20 @@ components:
             name:
               $ref: '#/components/schemas/Security_Detections_API_RuleName'
             namespace:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_AlertsIndexNamespace
+              $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace'
             note:
               $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide'
             outcome:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome'
             output_index:
               $ref: '#/components/schemas/Security_Detections_API_AlertsIndex'
             references:
               $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray'
             related_integrations:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RelatedIntegrationArray
+              $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray'
             required_fields:
               items:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_RequiredFieldInput
+                $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput'
               type: array
             response_actions:
               items:
@@ -53647,13 +51773,11 @@ components:
             timeline_id:
               $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId'
             timeline_title:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimelineTemplateTitle
+              $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle'
             timestamp_override:
               $ref: '#/components/schemas/Security_Detections_API_TimestampOverride'
             timestamp_override_fallback_disabled:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled
+              $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled'
             to:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo'
             version:
@@ -53682,16 +51806,12 @@ components:
             - related_integrations
             - required_fields
         - $ref: '#/components/schemas/Security_Detections_API_ResponseFields'
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_ThresholdRuleResponseFields
+        - $ref: '#/components/schemas/Security_Detections_API_ThresholdRuleResponseFields'
     Security_Detections_API_ThresholdRuleCreateFields:
       allOf:
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_ThresholdRuleRequiredFields
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_ThresholdRuleOptionalFields
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_ThresholdRuleDefaultableFields
+        - $ref: '#/components/schemas/Security_Detections_API_ThresholdRuleRequiredFields'
+        - $ref: '#/components/schemas/Security_Detections_API_ThresholdRuleOptionalFields'
+        - $ref: '#/components/schemas/Security_Detections_API_ThresholdRuleDefaultableFields'
     Security_Detections_API_ThresholdRuleCreateProps:
       allOf:
         - type: object
@@ -53701,11 +51821,9 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleAction'
               type: array
             alias_purpose:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose'
             alias_target_id:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId'
             author:
               $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray'
             building_block_type:
@@ -53719,8 +51837,7 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList'
               type: array
             false_positives:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RuleFalsePositiveArray
+              $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray'
             from:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom'
             interval:
@@ -53736,24 +51853,20 @@ components:
             name:
               $ref: '#/components/schemas/Security_Detections_API_RuleName'
             namespace:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_AlertsIndexNamespace
+              $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace'
             note:
               $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide'
             outcome:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome'
             output_index:
               $ref: '#/components/schemas/Security_Detections_API_AlertsIndex'
             references:
               $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray'
             related_integrations:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RelatedIntegrationArray
+              $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray'
             required_fields:
               items:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_RequiredFieldInput
+                $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput'
               type: array
             response_actions:
               items:
@@ -53782,13 +51895,11 @@ components:
             timeline_id:
               $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId'
             timeline_title:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimelineTemplateTitle
+              $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle'
             timestamp_override:
               $ref: '#/components/schemas/Security_Detections_API_TimestampOverride'
             timestamp_override_fallback_disabled:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled
+              $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled'
             to:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo'
             version:
@@ -53798,8 +51909,7 @@ components:
             - description
             - risk_score
             - severity
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_ThresholdRuleCreateFields
+        - $ref: '#/components/schemas/Security_Detections_API_ThresholdRuleCreateFields'
     Security_Detections_API_ThresholdRuleDefaultableFields:
       type: object
       properties:
@@ -53809,8 +51919,7 @@ components:
       type: object
       properties:
         alert_suppression:
-          $ref: >-
-            #/components/schemas/Security_Detections_API_ThresholdAlertSuppression
+          $ref: '#/components/schemas/Security_Detections_API_ThresholdAlertSuppression'
         data_view_id:
           $ref: '#/components/schemas/Security_Detections_API_DataViewId'
         filters:
@@ -53832,10 +51941,8 @@ components:
               enum:
                 - threshold
               type: string
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_ThresholdRuleOptionalFields
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_ThresholdRuleDefaultableFields
+        - $ref: '#/components/schemas/Security_Detections_API_ThresholdRuleOptionalFields'
+        - $ref: '#/components/schemas/Security_Detections_API_ThresholdRuleDefaultableFields'
     Security_Detections_API_ThresholdRulePatchProps:
       allOf:
         - type: object
@@ -53845,11 +51952,9 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleAction'
               type: array
             alias_purpose:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose'
             alias_target_id:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId'
             author:
               $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray'
             building_block_type:
@@ -53863,8 +51968,7 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList'
               type: array
             false_positives:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RuleFalsePositiveArray
+              $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray'
             from:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom'
             id:
@@ -53882,24 +51986,20 @@ components:
             name:
               $ref: '#/components/schemas/Security_Detections_API_RuleName'
             namespace:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_AlertsIndexNamespace
+              $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace'
             note:
               $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide'
             outcome:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome'
             output_index:
               $ref: '#/components/schemas/Security_Detections_API_AlertsIndex'
             references:
               $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray'
             related_integrations:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RelatedIntegrationArray
+              $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray'
             required_fields:
               items:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_RequiredFieldInput
+                $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput'
               type: array
             response_actions:
               items:
@@ -53928,19 +52028,16 @@ components:
             timeline_id:
               $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId'
             timeline_title:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimelineTemplateTitle
+              $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle'
             timestamp_override:
               $ref: '#/components/schemas/Security_Detections_API_TimestampOverride'
             timestamp_override_fallback_disabled:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled
+              $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled'
             to:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo'
             version:
               $ref: '#/components/schemas/Security_Detections_API_RuleVersion'
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_ThresholdRulePatchFields
+        - $ref: '#/components/schemas/Security_Detections_API_ThresholdRulePatchFields'
     Security_Detections_API_ThresholdRuleRequiredFields:
       type: object
       properties:
@@ -53959,10 +52056,8 @@ components:
         - threshold
     Security_Detections_API_ThresholdRuleResponseFields:
       allOf:
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_ThresholdRuleRequiredFields
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_ThresholdRuleOptionalFields
+        - $ref: '#/components/schemas/Security_Detections_API_ThresholdRuleRequiredFields'
+        - $ref: '#/components/schemas/Security_Detections_API_ThresholdRuleOptionalFields'
         - type: object
           properties:
             language:
@@ -53978,11 +52073,9 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleAction'
               type: array
             alias_purpose:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose'
             alias_target_id:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId'
             author:
               $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray'
             building_block_type:
@@ -53996,8 +52089,7 @@ components:
                 $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList'
               type: array
             false_positives:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RuleFalsePositiveArray
+              $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray'
             from:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom'
             id:
@@ -54015,24 +52107,20 @@ components:
             name:
               $ref: '#/components/schemas/Security_Detections_API_RuleName'
             namespace:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_AlertsIndexNamespace
+              $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace'
             note:
               $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide'
             outcome:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome
+              $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome'
             output_index:
               $ref: '#/components/schemas/Security_Detections_API_AlertsIndex'
             references:
               $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray'
             related_integrations:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_RelatedIntegrationArray
+              $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray'
             required_fields:
               items:
-                $ref: >-
-                  #/components/schemas/Security_Detections_API_RequiredFieldInput
+                $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput'
               type: array
             response_actions:
               items:
@@ -54061,13 +52149,11 @@ components:
             timeline_id:
               $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId'
             timeline_title:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimelineTemplateTitle
+              $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle'
             timestamp_override:
               $ref: '#/components/schemas/Security_Detections_API_TimestampOverride'
             timestamp_override_fallback_disabled:
-              $ref: >-
-                #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled
+              $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled'
             to:
               $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo'
             version:
@@ -54077,16 +52163,13 @@ components:
             - description
             - risk_score
             - severity
-        - $ref: >-
-            #/components/schemas/Security_Detections_API_ThresholdRuleCreateFields
+        - $ref: '#/components/schemas/Security_Detections_API_ThresholdRuleCreateFields'
     Security_Detections_API_ThresholdValue:
       description: Threshold value
       minimum: 1
       type: integer
     Security_Detections_API_ThrottleForBulkActions:
-      description: >-
-        The condition for throttling the notification: 'rule', 'no_actions', or
-        time duration
+      description: 'The condition for throttling the notification: ''rule'', ''no_actions'', or time duration'
       enum:
         - rule
         - 1h
@@ -54148,44 +52231,34 @@ components:
         created_by:
           type: string
         description:
-          $ref: >-
-            #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListDescription
+          $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListDescription'
         id:
-          $ref: >-
-            #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListId
+          $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListId'
         immutable:
           type: boolean
         list_id:
-          $ref: >-
-            #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListHumanId
+          $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListHumanId'
         meta:
-          $ref: >-
-            #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListMeta
+          $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListMeta'
         name:
-          $ref: >-
-            #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListName
+          $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListName'
         namespace_type:
-          $ref: >-
-            #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionNamespaceType
+          $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionNamespaceType'
         os_types:
-          $ref: >-
-            #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListOsTypeArray
+          $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListOsTypeArray'
         tags:
-          $ref: >-
-            #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListTags
+          $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListTags'
         tie_breaker_id:
           type: string
         type:
-          $ref: >-
-            #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListType
+          $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListType'
         updated_at:
           format: date-time
           type: string
         updated_by:
           type: string
         version:
-          $ref: >-
-            #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListVersion
+          $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListVersion'
       required:
         - id
         - list_id
@@ -54213,51 +52286,39 @@ components:
         _version:
           type: string
         comments:
-          $ref: >-
-            #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemCommentArray
+          $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemCommentArray'
         created_at:
           format: date-time
           type: string
         created_by:
           type: string
         description:
-          $ref: >-
-            #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemDescription
+          $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemDescription'
         entries:
-          $ref: >-
-            #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryArray
+          $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryArray'
         expire_time:
           format: date-time
           type: string
         id:
-          $ref: >-
-            #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemId
+          $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemId'
         item_id:
-          $ref: >-
-            #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId
+          $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId'
         list_id:
-          $ref: >-
-            #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListHumanId
+          $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListHumanId'
         meta:
-          $ref: >-
-            #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemMeta
+          $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemMeta'
         name:
-          $ref: >-
-            #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemName
+          $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemName'
         namespace_type:
-          $ref: >-
-            #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionNamespaceType
+          $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionNamespaceType'
         os_types:
-          $ref: >-
-            #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray
+          $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray'
         tags:
-          $ref: >-
-            #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemTags
+          $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemTags'
         tie_breaker_id:
           type: string
         type:
-          $ref: >-
-            #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemType
+          $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemType'
         updated_at:
           format: date-time
           type: string
@@ -54302,31 +52363,23 @@ components:
         - created_by
     Security_Endpoint_Exceptions_API_ExceptionListItemCommentArray:
       items:
-        $ref: >-
-          #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemComment
+        $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemComment'
       type: array
     Security_Endpoint_Exceptions_API_ExceptionListItemDescription:
       type: string
     Security_Endpoint_Exceptions_API_ExceptionListItemEntry:
       anyOf:
-        - $ref: >-
-            #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatch
-        - $ref: >-
-            #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatchAny
-        - $ref: >-
-            #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryList
-        - $ref: >-
-            #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryExists
-        - $ref: >-
-            #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryNested
-        - $ref: >-
-            #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatchWildcard
+        - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatch'
+        - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatchAny'
+        - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryList'
+        - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryExists'
+        - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryNested'
+        - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatchWildcard'
       discriminator:
         propertyName: type
     Security_Endpoint_Exceptions_API_ExceptionListItemEntryArray:
       items:
-        $ref: >-
-          #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntry
+        $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntry'
       type: array
     Security_Endpoint_Exceptions_API_ExceptionListItemEntryExists:
       type: object
@@ -54334,8 +52387,7 @@ components:
         field:
           $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString'
         operator:
-          $ref: >-
-            #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator
+          $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator'
         type:
           enum:
             - exists
@@ -54360,8 +52412,7 @@ components:
             - id
             - type
         operator:
-          $ref: >-
-            #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator
+          $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator'
         type:
           enum:
             - list
@@ -54377,8 +52428,7 @@ components:
         field:
           $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString'
         operator:
-          $ref: >-
-            #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator
+          $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator'
         type:
           enum:
             - match
@@ -54396,16 +52446,14 @@ components:
         field:
           $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString'
         operator:
-          $ref: >-
-            #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator
+          $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator'
         type:
           enum:
             - match_any
           type: string
         value:
           items:
-            $ref: >-
-              #/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString
+            $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString'
           minItems: 1
           type: array
       required:
@@ -54419,8 +52467,7 @@ components:
         field:
           $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString'
         operator:
-          $ref: >-
-            #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator
+          $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator'
         type:
           enum:
             - wildcard
@@ -54437,8 +52484,7 @@ components:
       properties:
         entries:
           items:
-            $ref: >-
-              #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryNestedEntryItem
+            $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryNestedEntryItem'
           minItems: 1
           type: array
         field:
@@ -54453,12 +52499,9 @@ components:
         - entries
     Security_Endpoint_Exceptions_API_ExceptionListItemEntryNestedEntryItem:
       oneOf:
-        - $ref: >-
-            #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatch
-        - $ref: >-
-            #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatchAny
-        - $ref: >-
-            #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryExists
+        - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatch'
+        - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatchAny'
+        - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryExists'
     Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator:
       enum:
         - excluded
@@ -54475,8 +52518,7 @@ components:
       $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString'
     Security_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray:
       items:
-        $ref: >-
-          #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListOsType
+        $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListOsType'
       type: array
     Security_Endpoint_Exceptions_API_ExceptionListItemTags:
       items:
@@ -54499,8 +52541,7 @@ components:
       type: string
     Security_Endpoint_Exceptions_API_ExceptionListOsTypeArray:
       items:
-        $ref: >-
-          #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListOsType
+        $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListOsType'
       type: array
     Security_Endpoint_Exceptions_API_ExceptionListTags:
       items:
@@ -54520,15 +52561,11 @@ components:
       minimum: 1
       type: integer
     Security_Endpoint_Exceptions_API_ExceptionNamespaceType:
-      description: >
-        Determines whether the exception container is available in all Kibana
-        spaces or just the space
-
+      description: |
+        Determines whether the exception container is available in all Kibana spaces or just the space
         in which it is created, where:
 
-
         - `single`: Only available in the Kibana space in which it is created.
-
         - `agnostic`: Available in all Kibana spaces.
       enum:
         - agnostic
@@ -54592,17 +52629,6 @@ components:
       required:
         - status_code
         - message
-    Security_Endpoint_Management_API_ActionLogRequestQuery:
-      type: object
-      properties:
-        end_date:
-          $ref: '#/components/schemas/Security_Endpoint_Management_API_EndDate'
-        page:
-          $ref: '#/components/schemas/Security_Endpoint_Management_API_Page'
-        page_size:
-          $ref: '#/components/schemas/Security_Endpoint_Management_API_PageSize'
-        start_date:
-          $ref: '#/components/schemas/Security_Endpoint_Management_API_StartDate'
     Security_Endpoint_Management_API_ActionStateSuccessResponse:
       type: object
       properties:
@@ -54628,11 +52654,9 @@ components:
               type: object
               properties:
                 agent_id:
-                  $ref: >-
-                    #/components/schemas/Security_Endpoint_Management_API_AgentId
+                  $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentId'
                 pending_actions:
-                  $ref: >-
-                    #/components/schemas/Security_Endpoint_Management_API_PendingActionsSchema
+                  $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionsSchema'
               required:
                 - agent_id
                 - pending_actions
@@ -54723,8 +52747,7 @@ components:
             comment:
               $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment'
             endpoint_ids:
-              $ref: >-
-                #/components/schemas/Security_Endpoint_Management_API_EndpointIds
+              $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds'
             parameters:
               $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters'
           required:
@@ -54735,11 +52758,9 @@ components:
               type: object
               properties:
                 command:
-                  $ref: >-
-                    #/components/schemas/Security_Endpoint_Management_API_Command
+                  $ref: '#/components/schemas/Security_Endpoint_Management_API_Command'
                 timeout:
-                  $ref: >-
-                    #/components/schemas/Security_Endpoint_Management_API_Timeout
+                  $ref: '#/components/schemas/Security_Endpoint_Management_API_Timeout'
               required:
                 - command
           required:
@@ -54784,8 +52805,7 @@ components:
             comment:
               $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment'
             endpoint_ids:
-              $ref: >-
-                #/components/schemas/Security_Endpoint_Management_API_EndpointIds
+              $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds'
             parameters:
               $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters'
           required:
@@ -54802,11 +52822,9 @@ components:
           required:
             - parameters
     Security_Endpoint_Management_API_GetProcessesRouteRequestBody:
-      $ref: >-
-        #/components/schemas/Security_Endpoint_Management_API_NoParametersRequestSchema
+      $ref: '#/components/schemas/Security_Endpoint_Management_API_NoParametersRequestSchema'
     Security_Endpoint_Management_API_IsolateRouteRequestBody:
-      $ref: >-
-        #/components/schemas/Security_Endpoint_Management_API_NoParametersRequestSchema
+      $ref: '#/components/schemas/Security_Endpoint_Management_API_NoParametersRequestSchema'
     Security_Endpoint_Management_API_KillProcessRouteRequestBody:
       allOf:
         - type: object
@@ -54820,8 +52838,7 @@ components:
             comment:
               $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment'
             endpoint_ids:
-              $ref: >-
-                #/components/schemas/Security_Endpoint_Management_API_EndpointIds
+              $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds'
             parameters:
               $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters'
           required:
@@ -54831,8 +52848,7 @@ components:
             parameters:
               oneOf:
                 - $ref: '#/components/schemas/Security_Endpoint_Management_API_Pid'
-                - $ref: >-
-                    #/components/schemas/Security_Endpoint_Management_API_EntityId
+                - $ref: '#/components/schemas/Security_Endpoint_Management_API_EntityId'
                 - type: object
                   properties:
                     process_name:
@@ -54908,8 +52924,7 @@ components:
             comment:
               $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment'
             endpoint_ids:
-              $ref: >-
-                #/components/schemas/Security_Endpoint_Management_API_EndpointIds
+              $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds'
             parameters:
               $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters'
           required:
@@ -54921,12 +52936,6 @@ components:
       description: Page number
       minimum: 1
       type: integer
-    Security_Endpoint_Management_API_PageSize:
-      default: 10
-      description: Number of items per page
-      maximum: 100
-      minimum: 1
-      type: integer
     Security_Endpoint_Management_API_Parameters:
       description: Optional parameters object
       type: object
@@ -54937,32 +52946,23 @@ components:
         - type: object
           properties:
             execute:
-              $ref: >-
-                #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType
+              $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionDataType'
             get-file:
-              $ref: >-
-                #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType
+              $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionDataType'
             isolate:
-              $ref: >-
-                #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType
+              $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionDataType'
             kill-process:
-              $ref: >-
-                #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType
+              $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionDataType'
             running-processes:
-              $ref: >-
-                #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType
+              $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionDataType'
             scan:
-              $ref: >-
-                #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType
+              $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionDataType'
             suspend-process:
-              $ref: >-
-                #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType
+              $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionDataType'
             unisolate:
-              $ref: >-
-                #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType
+              $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionDataType'
             upload:
-              $ref: >-
-                #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType
+              $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionDataType'
         - additionalProperties: true
           type: object
     Security_Endpoint_Management_API_Pid:
@@ -54989,8 +52989,7 @@ components:
             comment:
               $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment'
             endpoint_ids:
-              $ref: >-
-                #/components/schemas/Security_Endpoint_Management_API_EndpointIds
+              $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds'
             parameters:
               $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters'
           required:
@@ -55025,8 +53024,7 @@ components:
             comment:
               $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment'
             endpoint_ids:
-              $ref: >-
-                #/components/schemas/Security_Endpoint_Management_API_EndpointIds
+              $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds'
             parameters:
               $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters'
           required:
@@ -55036,8 +53034,7 @@ components:
             parameters:
               oneOf:
                 - $ref: '#/components/schemas/Security_Endpoint_Management_API_Pid'
-                - $ref: >-
-                    #/components/schemas/Security_Endpoint_Management_API_EntityId
+                - $ref: '#/components/schemas/Security_Endpoint_Management_API_EntityId'
           required:
             - parameters
     Security_Endpoint_Management_API_Timeout:
@@ -55058,8 +53055,7 @@ components:
       minLength: 1
       type: array
     Security_Endpoint_Management_API_UnisolateRouteRequestBody:
-      $ref: >-
-        #/components/schemas/Security_Endpoint_Management_API_NoParametersRequestSchema
+      $ref: '#/components/schemas/Security_Endpoint_Management_API_NoParametersRequestSchema'
     Security_Endpoint_Management_API_UploadRouteRequestBody:
       allOf:
         - type: object
@@ -55073,8 +53069,7 @@ components:
             comment:
               $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment'
             endpoint_ids:
-              $ref: >-
-                #/components/schemas/Security_Endpoint_Management_API_EndpointIds
+              $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds'
             parameters:
               $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters'
           required:
@@ -55146,10 +53141,8 @@ components:
       type: string
     Security_Entity_Analytics_API_AssetCriticalityRecord:
       allOf:
-        - $ref: >-
-            #/components/schemas/Security_Entity_Analytics_API_CreateAssetCriticalityRecord
-        - $ref: >-
-            #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecordEcsParts
+        - $ref: '#/components/schemas/Security_Entity_Analytics_API_CreateAssetCriticalityRecord'
+        - $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecordEcsParts'
         - type: object
           properties:
             '@timestamp':
@@ -55166,8 +53159,7 @@ components:
           type: object
           properties:
             criticality:
-              $ref: >-
-                #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel
+              $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel'
           required:
             - asset
         host:
@@ -55177,8 +53169,7 @@ components:
               type: object
               properties:
                 criticality:
-                  $ref: >-
-                    #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel
+                  $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel'
               required:
                 - criticality
             name:
@@ -55192,8 +53183,7 @@ components:
               type: object
               properties:
                 criticality:
-                  $ref: >-
-                    #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel
+                  $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel'
               required:
                 - criticality
             name:
@@ -55238,13 +53228,11 @@ components:
         - errors
     Security_Entity_Analytics_API_CreateAssetCriticalityRecord:
       allOf:
-        - $ref: >-
-            #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecordIdParts
+        - $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecordIdParts'
         - type: object
           properties:
             criticality_level:
-              $ref: >-
-                #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel
+              $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel'
           required:
             - criticality_level
     Security_Entity_Analytics_API_EngineDataviewUpdateResult:
@@ -55318,23 +53306,17 @@ components:
           format: double
           type: number
         calculated_score_norm:
-          description: >-
-            The normalized numeric value of the given entity's risk score.
-            Useful for comparing with other entities.
+          description: The normalized numeric value of the given entity's risk score. Useful for comparing with other entities.
           format: double
           maximum: 100
           minimum: 0
           type: number
         category_1_count:
-          description: >-
-            The number of risk input documents that contributed to the Category
-            1 score (`category_1_score`).
+          description: The number of risk input documents that contributed to the Category 1 score (`category_1_score`).
           format: integer
           type: number
         category_1_score:
-          description: >-
-            The contribution of Category 1 to the overall risk score
-            (`calculated_score`). Category 1 contains Detection Engine Alerts.
+          description: The contribution of Category 1 to the overall risk score (`calculated_score`). Category 1 contains Detection Engine Alerts.
           format: double
           type: number
         category_2_count:
@@ -55344,27 +53326,20 @@ components:
           format: double
           type: number
         criticality_level:
-          $ref: >-
-            #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel
+          $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel'
         criticality_modifier:
           format: double
           type: number
         id_field:
-          description: >-
-            The identifier field defining this risk score. Coupled with
-            `id_value`, uniquely identifies the entity being scored.
+          description: The identifier field defining this risk score. Coupled with `id_value`, uniquely identifies the entity being scored.
           example: host.name
           type: string
         id_value:
-          description: >-
-            The identifier value defining this risk score. Coupled with
-            `id_field`, uniquely identifies the entity being scored.
+          description: The identifier value defining this risk score. Coupled with `id_field`, uniquely identifies the entity being scored.
           example: example.host
           type: string
         inputs:
-          description: >-
-            A list of the highest-risk documents contributing to this risk
-            score. Useful for investigative purposes.
+          description: A list of the highest-risk documents contributing to this risk score. Useful for investigative purposes.
           items:
             $ref: '#/components/schemas/Security_Entity_Analytics_API_RiskScoreInput'
           type: array
@@ -55398,8 +53373,7 @@ components:
           type: object
           properties:
             criticality:
-              $ref: >-
-                #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel
+              $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel'
           required:
             - criticality
         entity:
@@ -55442,8 +53416,7 @@ components:
             name:
               type: string
             risk:
-              $ref: >-
-                #/components/schemas/Security_Entity_Analytics_API_EntityRiskScoreRecord
+              $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityRiskScoreRecord'
             type:
               items:
                 type: string
@@ -55550,8 +53523,7 @@ components:
           type: object
           properties:
             criticality:
-              $ref: >-
-                #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel
+              $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel'
           required:
             - criticality
         entity:
@@ -55590,8 +53562,7 @@ components:
             name:
               type: string
             risk:
-              $ref: >-
-                #/components/schemas/Security_Entity_Analytics_API_EntityRiskScoreRecord
+              $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityRiskScoreRecord'
             roles:
               items:
                 type: string
@@ -55611,8 +53582,7 @@ components:
         - comment
     Security_Exceptions_API_CreateExceptionListItemCommentArray:
       items:
-        $ref: >-
-          #/components/schemas/Security_Exceptions_API_CreateExceptionListItemComment
+        $ref: '#/components/schemas/Security_Exceptions_API_CreateExceptionListItemComment'
       type: array
     Security_Exceptions_API_CreateRuleExceptionListItemComment:
       type: object
@@ -55623,28 +53593,23 @@ components:
         - comment
     Security_Exceptions_API_CreateRuleExceptionListItemCommentArray:
       items:
-        $ref: >-
-          #/components/schemas/Security_Exceptions_API_CreateRuleExceptionListItemComment
+        $ref: '#/components/schemas/Security_Exceptions_API_CreateRuleExceptionListItemComment'
       type: array
     Security_Exceptions_API_CreateRuleExceptionListItemProps:
       type: object
       properties:
         comments:
-          $ref: >-
-            #/components/schemas/Security_Exceptions_API_CreateRuleExceptionListItemCommentArray
+          $ref: '#/components/schemas/Security_Exceptions_API_CreateRuleExceptionListItemCommentArray'
           default: []
         description:
-          $ref: >-
-            #/components/schemas/Security_Exceptions_API_ExceptionListItemDescription
+          $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemDescription'
         entries:
-          $ref: >-
-            #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray
+          $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray'
         expire_time:
           format: date-time
           type: string
         item_id:
-          $ref: >-
-            #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId
+          $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId'
         meta:
           $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemMeta'
         name:
@@ -55653,8 +53618,7 @@ components:
           $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType'
           default: single
         os_types:
-          $ref: >-
-            #/components/schemas/Security_Exceptions_API_ExceptionListItemOsTypeArray
+          $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemOsTypeArray'
           default: []
         tags:
           $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemTags'
@@ -55677,8 +53641,7 @@ components:
         created_by:
           type: string
         description:
-          $ref: >-
-            #/components/schemas/Security_Exceptions_API_ExceptionListDescription
+          $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListDescription'
         id:
           $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId'
         immutable:
@@ -55692,8 +53655,7 @@ components:
         namespace_type:
           $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType'
         os_types:
-          $ref: >-
-            #/components/schemas/Security_Exceptions_API_ExceptionListOsTypeArray
+          $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListOsTypeArray'
         tags:
           $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListTags'
         tie_breaker_id:
@@ -55734,27 +53696,23 @@ components:
         _version:
           type: string
         comments:
-          $ref: >-
-            #/components/schemas/Security_Exceptions_API_ExceptionListItemCommentArray
+          $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemCommentArray'
         created_at:
           format: date-time
           type: string
         created_by:
           type: string
         description:
-          $ref: >-
-            #/components/schemas/Security_Exceptions_API_ExceptionListItemDescription
+          $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemDescription'
         entries:
-          $ref: >-
-            #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray
+          $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray'
         expire_time:
           format: date-time
           type: string
         id:
           $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemId'
         item_id:
-          $ref: >-
-            #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId
+          $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId'
         list_id:
           $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId'
         meta:
@@ -55764,8 +53722,7 @@ components:
         namespace_type:
           $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType'
         os_types:
-          $ref: >-
-            #/components/schemas/Security_Exceptions_API_ExceptionListItemOsTypeArray
+          $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemOsTypeArray'
         tags:
           $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemTags'
         tie_breaker_id:
@@ -55822,18 +53779,12 @@ components:
       type: string
     Security_Exceptions_API_ExceptionListItemEntry:
       anyOf:
-        - $ref: >-
-            #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryMatch
-        - $ref: >-
-            #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryMatchAny
-        - $ref: >-
-            #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryList
-        - $ref: >-
-            #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryExists
-        - $ref: >-
-            #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryNested
-        - $ref: >-
-            #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryMatchWildcard
+        - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryMatch'
+        - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryMatchAny'
+        - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryList'
+        - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryExists'
+        - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryNested'
+        - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryMatchWildcard'
       discriminator:
         propertyName: type
     Security_Exceptions_API_ExceptionListItemEntryArray:
@@ -55846,8 +53797,7 @@ components:
         field:
           $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString'
         operator:
-          $ref: >-
-            #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryOperator
+          $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryOperator'
         type:
           enum:
             - exists
@@ -55872,8 +53822,7 @@ components:
             - id
             - type
         operator:
-          $ref: >-
-            #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryOperator
+          $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryOperator'
         type:
           enum:
             - list
@@ -55889,8 +53838,7 @@ components:
         field:
           $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString'
         operator:
-          $ref: >-
-            #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryOperator
+          $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryOperator'
         type:
           enum:
             - match
@@ -55908,8 +53856,7 @@ components:
         field:
           $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString'
         operator:
-          $ref: >-
-            #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryOperator
+          $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryOperator'
         type:
           enum:
             - match_any
@@ -55930,8 +53877,7 @@ components:
         field:
           $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString'
         operator:
-          $ref: >-
-            #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryOperator
+          $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryOperator'
         type:
           enum:
             - wildcard
@@ -55948,8 +53894,7 @@ components:
       properties:
         entries:
           items:
-            $ref: >-
-              #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryNestedEntryItem
+            $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryNestedEntryItem'
           minItems: 1
           type: array
         field:
@@ -55964,12 +53909,9 @@ components:
         - entries
     Security_Exceptions_API_ExceptionListItemEntryNestedEntryItem:
       oneOf:
-        - $ref: >-
-            #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryMatch
-        - $ref: >-
-            #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryMatchAny
-        - $ref: >-
-            #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryExists
+        - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryMatch'
+        - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryMatchAny'
+        - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryExists'
     Security_Exceptions_API_ExceptionListItemEntryOperator:
       enum:
         - excluded
@@ -56027,16 +53969,14 @@ components:
         id:
           $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId'
         item_id:
-          $ref: >-
-            #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId
+          $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId'
         list_id:
           $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId'
       required:
         - error
     Security_Exceptions_API_ExceptionListsImportBulkErrorArray:
       items:
-        $ref: >-
-          #/components/schemas/Security_Exceptions_API_ExceptionListsImportBulkError
+        $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListsImportBulkError'
       type: array
     Security_Exceptions_API_ExceptionListTags:
       items:
@@ -56056,15 +53996,11 @@ components:
       minimum: 1
       type: integer
     Security_Exceptions_API_ExceptionNamespaceType:
-      description: >
-        Determines whether the exception container is available in all Kibana
-        spaces or just the space
-
+      description: |
+        Determines whether the exception container is available in all Kibana spaces or just the space
         in which it is created, where:
 
-
         - `single`: Only available in the Kibana space in which it is created.
-
         - `agnostic`: Available in all Kibana spaces.
       enum:
         - agnostic
@@ -56143,8 +54079,7 @@ components:
         - comment
     Security_Exceptions_API_UpdateExceptionListItemCommentArray:
       items:
-        $ref: >-
-          #/components/schemas/Security_Exceptions_API_UpdateExceptionListItemComment
+        $ref: '#/components/schemas/Security_Exceptions_API_UpdateExceptionListItemComment'
       type: array
     Security_Exceptions_API_UUID:
       description: A universally unique identifier
@@ -56836,9 +54771,7 @@ components:
           $ref: '#/components/schemas/Security_Timeline_API_DataProviderType'
           nullable: true
     Security_Timeline_API_DataProviderType:
-      description: >-
-        The type of data provider to create. Valid values are `default` and
-        `template`.
+      description: The type of data provider to create. Valid values are `default` and `template`.
       enum:
         - default
         - template
@@ -57032,8 +54965,7 @@ components:
       oneOf:
         - allOf:
             - $ref: '#/components/schemas/Security_Timeline_API_PinnedEvent'
-            - $ref: >-
-                #/components/schemas/Security_Timeline_API_PinnedEventBaseResponseBody
+            - $ref: '#/components/schemas/Security_Timeline_API_PinnedEventBaseResponseBody'
         - nullable: true
           type: object
     Security_Timeline_API_PersistTimelineResponse:
@@ -57101,15 +55033,13 @@ components:
       type: object
       properties:
         alias_purpose:
-          $ref: >-
-            #/components/schemas/Security_Timeline_API_SavedObjectResolveAliasPurpose
+          $ref: '#/components/schemas/Security_Timeline_API_SavedObjectResolveAliasPurpose'
         alias_target_id:
           type: string
         outcome:
           $ref: '#/components/schemas/Security_Timeline_API_SavedObjectResolveOutcome'
         timeline:
-          $ref: >-
-            #/components/schemas/Security_Timeline_API_TimelineSavedToReturnObject
+          $ref: '#/components/schemas/Security_Timeline_API_TimelineSavedToReturnObject'
       required:
         - timeline
         - outcome
@@ -57254,8 +55184,7 @@ components:
           nullable: true
           type: string
         kqlQuery:
-          $ref: >-
-            #/components/schemas/Security_Timeline_API_SerializedFilterQueryResult
+          $ref: '#/components/schemas/Security_Timeline_API_SerializedFilterQueryResult'
           nullable: true
         savedQueryId:
           nullable: true
@@ -57352,8 +55281,7 @@ components:
     Security_Timeline_API_TimelineResponse:
       allOf:
         - $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline'
-        - $ref: >-
-            #/components/schemas/Security_Timeline_API_SavedTimelineWithSavedObjectId
+        - $ref: '#/components/schemas/Security_Timeline_API_SavedTimelineWithSavedObjectId'
         - type: object
           properties:
             eventIdToNoteIds:
@@ -57419,18 +55347,14 @@ components:
             - savedObjectId
             - version
     Security_Timeline_API_TimelineStatus:
-      description: >-
-        The status of the timeline. Valid values are `active`, `draft`, and
-        `immutable`.
+      description: The status of the timeline. Valid values are `active`, `draft`, and `immutable`.
       enum:
         - active
         - draft
         - immutable
       type: string
     Security_Timeline_API_TimelineType:
-      description: >-
-        The type of timeline to create. Valid values are `default` and
-        `template`.
+      description: The type of timeline to create. Valid values are `default` and `template`.
       enum:
         - default
         - template
@@ -57529,9 +55453,8 @@ components:
       title: Budgeting method
       type: string
     SLOs_create_slo_request:
-      description: >
-        The create SLO API request body varies depending on the type of
-        indicator, time window and budgeting method.
+      description: |
+        The create SLO API request body varies depending on the type of indicator, time window and budgeting method.
       properties:
         budgetingMethod:
           $ref: '#/components/schemas/SLOs_budgeting_method'
@@ -57541,9 +55464,7 @@ components:
         groupBy:
           $ref: '#/components/schemas/SLOs_group_by'
         id:
-          description: >-
-            A optional and unique identifier for the SLO. Must be between 8 and
-            36 chars
+          description: A optional and unique identifier for the SLO. Must be between 8 and 36 chars
           example: my-super-slo-id
           type: string
         indicator:
@@ -57587,10 +55508,8 @@ components:
       required:
         - id
     SLOs_delete_slo_instances_request:
-      description: >
-        The delete SLO instances request takes a list of SLO id and instance id,
-        then delete the rollup and summary data. This API can be used to remove
-        the staled data of an instance SLO that no longer get updated.
+      description: |
+        The delete SLO instances request takes a list of SLO id and instance id, then delete the rollup and summary data. This API can be used to remove the staled data of an instance SLO that no longer get updated.
       properties:
         list:
           description: An array of slo id and instance id
@@ -57626,9 +55545,7 @@ components:
           example: 0.02
           type: number
         isEstimated:
-          description: >-
-            Only for SLO defined with occurrences budgeting method and calendar
-            aligned time window.
+          description: Only for SLO defined with occurrences budgeting method and calendar aligned time window.
           example: true
           type: boolean
         remaining:
@@ -57699,9 +55616,7 @@ components:
       title: Find SLO response
       type: object
     SLOs_group_by:
-      description: >-
-        optional group by field or fields to use to generate an SLO per distinct
-        value
+      description: optional group by field or fields to use to generate an SLO per distinct value
       example:
         - - service.name
         - service.name
@@ -57822,11 +55737,7 @@ components:
           type: object
           properties:
             dataViewId:
-              description: >-
-                The kibana data view id to use, primarily used to include data
-                view runtime mappings. Make sure to save SLO again if you
-                add/update run time fields to the data view and if those fields
-                are being used in slo queries.
+              description: The kibana data view id to use, primarily used to include data view runtime mappings. Make sure to save SLO again if you add/update run time fields to the data view and if those fields are being used in slo queries.
               example: 03b80ab3-003d-498b-881c-3beedbaf1162
               type: string
             filter:
@@ -57867,11 +55778,7 @@ components:
           type: object
           properties:
             dataViewId:
-              description: >-
-                The kibana data view id to use, primarily used to include data
-                view runtime mappings. Make sure to save SLO again if you
-                add/update run time fields to the data view and if those fields
-                are being used in slo queries.
+              description: The kibana data view id to use, primarily used to include data view runtime mappings. Make sure to save SLO again if you add/update run time fields to the data view and if those fields are being used in slo queries.
               example: 03b80ab3-003d-498b-881c-3beedbaf1162
               type: string
             filter:
@@ -57888,16 +55795,12 @@ components:
                   example: A
                   type: string
                 metrics:
-                  description: >-
-                    List of metrics with their name, aggregation type, and
-                    field.
+                  description: List of metrics with their name, aggregation type, and field.
                   items:
                     type: object
                     properties:
                       aggregation:
-                        description: >-
-                          The aggregation type of the metric. Only valid option
-                          is "sum"
+                        description: The aggregation type of the metric. Only valid option is "sum"
                         enum:
                           - sum
                         example: sum
@@ -57942,16 +55845,12 @@ components:
                   example: A
                   type: string
                 metrics:
-                  description: >-
-                    List of metrics with their name, aggregation type, and
-                    field.
+                  description: List of metrics with their name, aggregation type, and field.
                   items:
                     type: object
                     properties:
                       aggregation:
-                        description: >-
-                          The aggregation type of the metric. Only valid option
-                          is "sum"
+                        description: The aggregation type of the metric. Only valid option is "sum"
                         enum:
                           - sum
                         example: sum
@@ -58000,11 +55899,7 @@ components:
           type: object
           properties:
             dataViewId:
-              description: >-
-                The kibana data view id to use, primarily used to include data
-                view runtime mappings. Make sure to save SLO again if you
-                add/update run time fields to the data view and if those fields
-                are being used in slo queries.
+              description: The kibana data view id to use, primarily used to include data view runtime mappings. Make sure to save SLO again if you add/update run time fields to the data view and if those fields are being used in slo queries.
               example: 03b80ab3-003d-498b-881c-3beedbaf1162
               type: string
             filter:
@@ -58032,15 +55927,11 @@ components:
                   example: 'processor.outcome: "success"'
                   type: string
                 from:
-                  description: >-
-                    The starting value of the range. Only required for "range"
-                    aggregations.
+                  description: The starting value of the range. Only required for "range" aggregations.
                   example: 0
                   type: number
                 to:
-                  description: >-
-                    The ending value of the range. Only required for "range"
-                    aggregations.
+                  description: The ending value of the range. Only required for "range" aggregations.
                   example: 100
                   type: number
               required:
@@ -58076,15 +55967,11 @@ components:
                   example: 'processor.outcome : *'
                   type: string
                 from:
-                  description: >-
-                    The starting value of the range. Only required for "range"
-                    aggregations.
+                  description: The starting value of the range. Only required for "range" aggregations.
                   example: 0
                   type: number
                 to:
-                  description: >-
-                    The ending value of the range. Only required for "range"
-                    aggregations.
+                  description: The ending value of the range. Only required for "range" aggregations.
                   example: 100
                   type: number
               required:
@@ -58113,11 +56000,7 @@ components:
           type: object
           properties:
             dataViewId:
-              description: >-
-                The kibana data view id to use, primarily used to include data
-                view runtime mappings. Make sure to save SLO again if you
-                add/update run time fields to the data view and if those fields
-                are being used in slo queries.
+              description: The kibana data view id to use, primarily used to include data view runtime mappings. Make sure to save SLO again if you add/update run time fields to the data view and if those fields are being used in slo queries.
               example: 03b80ab3-003d-498b-881c-3beedbaf1162
               type: string
             filter:
@@ -58129,15 +56012,12 @@ components:
               example: my-service-*
               type: string
             metric:
-              description: >
-                An object defining the metrics, equation, and threshold to
-                determine if it's a good slice or not
+              description: |
+                An object defining the metrics, equation, and threshold to determine if it's a good slice or not
               type: object
               properties:
                 comparator:
-                  description: >-
-                    The comparator to use to compare the equation to the
-                    threshold.
+                  description: The comparator to use to compare the equation to the threshold.
                   enum:
                     - GT
                     - GTE
@@ -58150,22 +56030,15 @@ components:
                   example: A
                   type: string
                 metrics:
-                  description: >-
-                    List of metrics with their name, aggregation type, and
-                    field.
+                  description: List of metrics with their name, aggregation type, and field.
                   items:
                     anyOf:
-                      - $ref: >-
-                          #/components/schemas/SLOs_timeslice_metric_basic_metric_with_field
-                      - $ref: >-
-                          #/components/schemas/SLOs_timeslice_metric_percentile_metric
-                      - $ref: >-
-                          #/components/schemas/SLOs_timeslice_metric_doc_count_metric
+                      - $ref: '#/components/schemas/SLOs_timeslice_metric_basic_metric_with_field'
+                      - $ref: '#/components/schemas/SLOs_timeslice_metric_percentile_metric'
+                      - $ref: '#/components/schemas/SLOs_timeslice_metric_doc_count_metric'
                   type: array
                 threshold:
-                  description: >-
-                    The threshold used to determine if the metric is a good
-                    slice or not.
+                  description: The threshold used to determine if the metric is a good slice or not.
                   example: 100
                   type: number
               required:
@@ -58248,17 +56121,13 @@ components:
           minimum: 0
           type: number
         timesliceTarget:
-          description: >-
-            the target objective for each slice when using a timeslices
-            budgeting method
+          description: the target objective for each slice when using a timeslices budgeting method
           example: 0.995
           maximum: 100
           minimum: 0
           type: number
         timesliceWindow:
-          description: >-
-            the duration of each slice when using a timeslices budgeting method,
-            as {duraton}{unit}
+          description: the duration of each slice when using a timeslices budgeting method, as {duraton}{unit}
           example: 5m
           type: string
       required:
@@ -58490,16 +56359,11 @@ components:
       type: object
       properties:
         duration:
-          description: >-
-            the duration formatted as {duration}{unit}. Accepted values for
-            rolling: 7d, 30d, 90d. Accepted values for calendar aligned: 1w
-            (weekly) or 1M (monthly)
+          description: 'the duration formatted as {duration}{unit}. Accepted values for rolling: 7d, 30d, 90d. Accepted values for calendar aligned: 1w (weekly) or 1M (monthly)'
           example: 30d
           type: string
         type:
-          description: >-
-            Indicates weither the time window is a rolling or a calendar aligned
-            time window.
+          description: Indicates weither the time window is a rolling or a calendar aligned time window.
           enum:
             - rolling
             - calendarAligned
@@ -58568,9 +56432,7 @@ components:
       type: object
       properties:
         aggregation:
-          description: >-
-            The aggregation type of the metric. Only valid option is
-            "percentile"
+          description: The aggregation type of the metric. Only valid option is "percentile"
           enum:
             - percentile
           example: percentile
@@ -58599,9 +56461,8 @@ components:
         - percentile
       title: Timeslice Metric Percentile Metric
     SLOs_update_slo_request:
-      description: >
-        The update SLO API request body varies depending on the type of
-        indicator, time window and budgeting method. Partial update is handled.
+      description: |
+        The update SLO API request body varies depending on the type of indicator, time window and budgeting method. Partial update is handled.
       properties:
         budgetingMethod:
           $ref: '#/components/schemas/SLOs_budgeting_method'
@@ -58634,128 +56495,2866 @@ components:
           $ref: '#/components/schemas/SLOs_time_window'
       title: Update SLO request
       type: object
-  securitySchemes:
-    apiKeyAuth:
-      description: >
-        These APIs use key-based authentication. You must create an API key and
-        use the encoded value in the request header. For example:
-        `Authorization: ApiKey base64AccessApiKey`
-      in: header
-      name: Authorization
-      type: apiKey
-    basicAuth:
-      scheme: basic
-      type: http
-security:
-  - apiKeyAuth: []
-  - basicAuth: []
-tags:
-  - name: alerting
-  - description: |
-      Adjust APM agent configuration without need to redeploy your application.
-    name: APM agent configuration
-  - description: >
-      Configure APM agent keys to authorize requests from APM agents to the APM
-      Server.
-    name: APM agent keys
-  - description: >
-      Annotate visualizations in the APM app with significant events.
-      Annotations enable you to easily see how events are impacting the
-      performance of your applications.
-    name: APM annotations
-  - description: Create APM fleet server schema.
-    name: APM server schema
-  - description: Configure APM source maps.
-    name: APM sourcemaps
-  - description: Case APIs enable you to open and track issues.
-    name: cases
-  - name: connectors
-  - name: Data streams
-  - description: >-
-      Data view APIs enable you to manage data views, formerly known as Kibana
-      index patterns.
-    name: data views
-  - name: Elastic Agent actions
-  - name: Elastic Agent binary download sources
-  - name: Elastic Agent policies
-  - name: Elastic Agent status
-  - name: Elastic Agents
-  - name: Elastic Package Manager (EPM)
-  - name: Fleet enrollment API keys
-  - name: Fleet internals
-  - name: Fleet outputs
-  - name: Fleet package policies
-  - name: Fleet proxies
-  - name: Fleet Server hosts
-  - name: Fleet service tokens
-  - name: Fleet uninstall tokens
-  - name: Message Signing Service
-  - description: Machine learning
-    name: ml
-  - name: roles
-  - description: >
-      Export sets of saved objects that you want to import into Kibana, resolve
-      import errors, and rotate an encryption key for encrypted saved objects
-      with the saved objects APIs.
-
-
-      To manage a specific type of saved object, use the corresponding APIs.
-
-      For example, use:
-
-
-      * [Data views](../group/endpoint-data-views)
-
-      * [Spaces](https://www.elastic.co/guide/en/kibana/current/spaces-api.html)
-
-      * [Short
-      URLs](https://www.elastic.co/guide/en/kibana/current/short-urls-api.html)
-
-
-      Warning: Do not write documents directly to the `.kibana` index. When you
-      write directly to the `.kibana` index, the data becomes corrupted and
-      permanently breaks future Kibana versions.
-    name: saved objects
-    x-displayName: Saved objects
-  - description: Manage and interact with Security Assistant resources.
-    name: Security AI Assistant API
-    x-displayName: Security AI assistant
-  - description: >-
-      You can create rules that automatically turn events and external alerts
-      sent to Elastic Security into detection alerts. These alerts are displayed
-      on the Detections page.
-    name: Security Detections API
-    x-displayName: Security detections
-  - description: >-
-      Endpoint Exceptions API allows you to manage detection rule endpoint
-      exceptions to prevent a rule from generating an alert from incoming events
-      even when the rule's other criteria are met.
-    name: Security Endpoint Exceptions API
-    x-displayName: Security endpoint exceptions
-  - description: Interact with and manage endpoints running the Elastic Defend integration.
-    name: Security Endpoint Management API
-    x-displayName: Security endpoint management
-  - description: ''
-    name: Security Entity Analytics API
-    x-displayName: Security entity analytics
-  - description: >-
-      Exceptions API allows you to manage detection rule exceptions to prevent a
-      rule from generating an alert from incoming events even when the rule's
-      other criteria are met.
-    name: Security Exceptions API
-    x-displayName: Security exceptions
-  - description: Lists API allows you to manage lists of keywords, IPs or IP ranges items.
-    name: Security Lists API
-    x-displayName: Security lists
-  - description: Run live queries, manage packs and saved queries.
-    name: Security Osquery API
-    x-displayName: Security Osquery
-  - description: >-
-      You can create Timelines and Timeline templates via the API, as well as
-      import new Timelines from an ndjson file.
-    name: Security Timeline API
-    x-displayName: Security timeline
-  - description: SLO APIs enable you to define, manage and track service-level objectives
-    name: slo
-  - name: spaces
-  - name: system
+    bedrock_config:
+      title: Connector request properties for an Amazon Bedrock connector
+      description: Defines properties for connectors when type is `.bedrock`.
+      type: object
+      required:
+        - apiUrl
+      properties:
+        apiUrl:
+          type: string
+          description: The Amazon Bedrock request URL.
+        defaultModel:
+          type: string
+          description: |
+            The generative artificial intelligence model for Amazon Bedrock to use. Current support is for the Anthropic Claude models.
+          default: anthropic.claude-3-5-sonnet-20240620-v1:0
+    crowdstrike_config:
+      title: Connector request config properties for a Crowdstrike connector
+      required:
+        - url
+      description: Defines config properties for connectors when type is `.crowdstrike`.
+      type: object
+      properties:
+        url:
+          description: |
+            The CrowdStrike tenant URL. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts.
+          type: string
+    d3security_config:
+      title: Connector request properties for a D3 Security connector
+      description: Defines properties for connectors when type is `.d3security`.
+      type: object
+      required:
+        - url
+      properties:
+        url:
+          type: string
+          description: |
+            The D3 Security API request URL. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts.
+    email_config:
+      title: Connector request properties for an email connector
+      description: Defines properties for connectors when type is `.email`.
+      required:
+        - from
+      type: object
+      properties:
+        clientId:
+          description: |
+            The client identifier, which is a part of OAuth 2.0 client credentials authentication, in GUID format. If `service` is `exchange_server`, this property is required.
+          type: string
+          nullable: true
+        from:
+          description: |
+            The from address for all emails sent by the connector. It must be specified in `user@host-name` format.
+          type: string
+        hasAuth:
+          description: |
+            Specifies whether a user and password are required inside the secrets configuration.
+          default: true
+          type: boolean
+        host:
+          description: |
+            The host name of the service provider. If the `service` is `elastic_cloud` (for Elastic Cloud notifications) or one of Nodemailer's well-known email service providers, this property is ignored. If `service` is `other`, this property must be defined.
+          type: string
+        oauthTokenUrl:
+          type: string
+          nullable: true
+        port:
+          description: |
+            The port to connect to on the service provider. If the `service` is `elastic_cloud` (for Elastic Cloud notifications) or one of Nodemailer's well-known email service providers, this property is ignored. If `service` is `other`, this property must be defined.
+          type: integer
+        secure:
+          description: |
+            Specifies whether the connection to the service provider will use TLS. If the `service` is `elastic_cloud` (for Elastic Cloud notifications) or one of Nodemailer's well-known email service providers, this property is ignored.
+          type: boolean
+        service:
+          description: |
+            The name of the email service.
+          type: string
+          enum:
+            - elastic_cloud
+            - exchange_server
+            - gmail
+            - other
+            - outlook365
+            - ses
+        tenantId:
+          description: |
+            The tenant identifier, which is part of OAuth 2.0 client credentials authentication, in GUID format. If `service` is `exchange_server`, this property is required.
+          type: string
+          nullable: true
+    gemini_config:
+      title: Connector request properties for an Google Gemini connector
+      description: Defines properties for connectors when type is `.gemini`.
+      type: object
+      required:
+        - apiUrl
+        - gcpRegion
+        - gcpProjectID
+      properties:
+        apiUrl:
+          type: string
+          description: The Google Gemini request URL.
+        defaultModel:
+          type: string
+          description: The generative artificial intelligence model for Google Gemini to use.
+          default: gemini-1.5-pro-002
+        gcpRegion:
+          type: string
+          description: The GCP region where the Vertex AI endpoint enabled.
+        gcpProjectID:
+          type: string
+          description: The Google ProjectID that has Vertex AI endpoint enabled.
+    resilient_config:
+      title: Connector request properties for a IBM Resilient connector
+      required:
+        - apiUrl
+        - orgId
+      description: Defines properties for connectors when type is `.resilient`.
+      type: object
+      properties:
+        apiUrl:
+          description: The IBM Resilient instance URL.
+          type: string
+        orgId:
+          description: The IBM Resilient organization ID.
+          type: string
+    index_config:
+      title: Connector request properties for an index connector
+      required:
+        - index
+      description: Defines properties for connectors when type is `.index`.
+      type: object
+      properties:
+        executionTimeField:
+          description: A field that indicates when the document was indexed.
+          default: null
+          type: string
+          nullable: true
+        index:
+          description: The Elasticsearch index to be written to.
+          type: string
+        refresh:
+          description: |
+            The refresh policy for the write request, which affects when changes are made visible to search. Refer to the refresh setting for Elasticsearch document APIs.
+          default: false
+          type: boolean
+    jira_config:
+      title: Connector request properties for a Jira connector
+      required:
+        - apiUrl
+        - projectKey
+      description: Defines properties for connectors when type is `.jira`.
+      type: object
+      properties:
+        apiUrl:
+          description: The Jira instance URL.
+          type: string
+        projectKey:
+          description: The Jira project key.
+          type: string
+    genai_azure_config:
+      title: Connector request properties for an OpenAI connector that uses Azure OpenAI
+      description: |
+        Defines properties for connectors when type is `.gen-ai` and the API provider is `Azure OpenAI`.
+      type: object
+      required:
+        - apiProvider
+        - apiUrl
+      properties:
+        apiProvider:
+          type: string
+          description: The OpenAI API provider.
+          enum:
+            - Azure OpenAI
+        apiUrl:
+          type: string
+          description: The OpenAI API endpoint.
+    genai_openai_config:
+      title: Connector request properties for an OpenAI connector
+      description: |
+        Defines properties for connectors when type is `.gen-ai` and the API provider is `OpenAI`.
+      type: object
+      required:
+        - apiProvider
+        - apiUrl
+      properties:
+        apiProvider:
+          type: string
+          description: The OpenAI API provider.
+          enum:
+            - OpenAI
+        apiUrl:
+          type: string
+          description: The OpenAI API endpoint.
+        defaultModel:
+          type: string
+          description: The default model to use for requests.
+    opsgenie_config:
+      title: Connector request properties for an Opsgenie connector
+      required:
+        - apiUrl
+      description: Defines properties for connectors when type is `.opsgenie`.
+      type: object
+      properties:
+        apiUrl:
+          description: |
+            The Opsgenie URL. For example, `https://api.opsgenie.com` or `https://api.eu.opsgenie.com`. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts.
+          type: string
+    pagerduty_config:
+      title: Connector request properties for a PagerDuty connector
+      description: Defines properties for connectors when type is `.pagerduty`.
+      type: object
+      properties:
+        apiUrl:
+          description: The PagerDuty event URL.
+          type: string
+          nullable: true
+          example: https://events.pagerduty.com/v2/enqueue
+    sentinelone_config:
+      title: Connector request properties for a SentinelOne connector
+      required:
+        - url
+      description: Defines properties for connectors when type is `.sentinelone`.
+      type: object
+      properties:
+        url:
+          description: |
+            The SentinelOne tenant URL. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts.
+          type: string
+    servicenow_config:
+      title: Connector request properties for a ServiceNow ITSM connector
+      required:
+        - apiUrl
+      description: Defines properties for connectors when type is `.servicenow`.
+      type: object
+      properties:
+        apiUrl:
+          type: string
+          description: The ServiceNow instance URL.
+        clientId:
+          description: |
+            The client ID assigned to your OAuth application. This property is required when `isOAuth` is `true`.
+          type: string
+        isOAuth:
+          description: |
+            The type of authentication to use. The default value is false, which means basic authentication is used instead of open authorization (OAuth).
+          default: false
+          type: boolean
+        jwtKeyId:
+          description: |
+            The key identifier assigned to the JWT verifier map of your OAuth application. This property is required when `isOAuth` is `true`.
+          type: string
+        userIdentifierValue:
+          description: |
+            The identifier to use for OAuth authentication. This identifier should be the user field you selected when you created an OAuth JWT API endpoint for external clients in your ServiceNow instance. For example, if the selected user field is `Email`, the user identifier should be the user's email address. This property is required when `isOAuth` is `true`.
+          type: string
+        usesTableApi:
+          description: |
+            Determines whether the connector uses the Table API or the Import Set API. This property is supported only for ServiceNow ITSM and ServiceNow SecOps connectors.  NOTE: If this property is set to `false`, the Elastic application should be installed in ServiceNow.
+          default: true
+          type: boolean
+    servicenow_itom_config:
+      title: Connector request properties for a ServiceNow ITOM connector
+      required:
+        - apiUrl
+      description: Defines properties for connectors when type is `.servicenow-itom`.
+      type: object
+      properties:
+        apiUrl:
+          type: string
+          description: The ServiceNow instance URL.
+        clientId:
+          description: |
+            The client ID assigned to your OAuth application. This property is required when `isOAuth` is `true`.
+          type: string
+        isOAuth:
+          description: |
+            The type of authentication to use. The default value is false, which means basic authentication is used instead of open authorization (OAuth).
+          default: false
+          type: boolean
+        jwtKeyId:
+          description: |
+            The key identifier assigned to the JWT verifier map of your OAuth application. This property is required when `isOAuth` is `true`.
+          type: string
+        userIdentifierValue:
+          description: |
+            The identifier to use for OAuth authentication. This identifier should be the user field you selected when you created an OAuth JWT API endpoint for external clients in your ServiceNow instance. For example, if the selected user field is `Email`, the user identifier should be the user's email address. This property is required when `isOAuth` is `true`.
+          type: string
+    slack_api_config:
+      title: Connector request properties for a Slack connector
+      description: Defines properties for connectors when type is `.slack_api`.
+      type: object
+      properties:
+        allowedChannels:
+          type: array
+          description: A list of valid Slack channels.
+          items:
+            type: object
+            required:
+              - id
+              - name
+            maxItems: 25
+            properties:
+              id:
+                type: string
+                description: The Slack channel ID.
+                example: C123ABC456
+                minLength: 1
+              name:
+                type: string
+                description: The Slack channel name.
+                minLength: 1
+    swimlane_config:
+      title: Connector request properties for a Swimlane connector
+      required:
+        - apiUrl
+        - appId
+        - connectorType
+      description: Defines properties for connectors when type is `.swimlane`.
+      type: object
+      properties:
+        apiUrl:
+          description: The Swimlane instance URL.
+          type: string
+        appId:
+          description: The Swimlane application ID.
+          type: string
+        connectorType:
+          description: The type of connector. Valid values are `all`, `alerts`, and `cases`.
+          type: string
+          enum:
+            - all
+            - alerts
+            - cases
+        mappings:
+          title: Connector mappings properties for a Swimlane connector
+          description: The field mapping.
+          type: object
+          properties:
+            alertIdConfig:
+              title: Alert identifier mapping
+              description: Mapping for the alert ID.
+              type: object
+              required:
+                - fieldType
+                - id
+                - key
+                - name
+              properties:
+                fieldType:
+                  type: string
+                  description: The type of field in Swimlane.
+                id:
+                  type: string
+                  description: The identifier for the field in Swimlane.
+                key:
+                  type: string
+                  description: The key for the field in Swimlane.
+                name:
+                  type: string
+                  description: The name of the field in Swimlane.
+            caseIdConfig:
+              title: Case identifier mapping
+              description: Mapping for the case ID.
+              type: object
+              required:
+                - fieldType
+                - id
+                - key
+                - name
+              properties:
+                fieldType:
+                  type: string
+                  description: The type of field in Swimlane.
+                id:
+                  type: string
+                  description: The identifier for the field in Swimlane.
+                key:
+                  type: string
+                  description: The key for the field in Swimlane.
+                name:
+                  type: string
+                  description: The name of the field in Swimlane.
+            caseNameConfig:
+              title: Case name mapping
+              description: Mapping for the case name.
+              type: object
+              required:
+                - fieldType
+                - id
+                - key
+                - name
+              properties:
+                fieldType:
+                  type: string
+                  description: The type of field in Swimlane.
+                id:
+                  type: string
+                  description: The identifier for the field in Swimlane.
+                key:
+                  type: string
+                  description: The key for the field in Swimlane.
+                name:
+                  type: string
+                  description: The name of the field in Swimlane.
+            commentsConfig:
+              title: Case comment mapping
+              description: Mapping for the case comments.
+              type: object
+              required:
+                - fieldType
+                - id
+                - key
+                - name
+              properties:
+                fieldType:
+                  type: string
+                  description: The type of field in Swimlane.
+                id:
+                  type: string
+                  description: The identifier for the field in Swimlane.
+                key:
+                  type: string
+                  description: The key for the field in Swimlane.
+                name:
+                  type: string
+                  description: The name of the field in Swimlane.
+            descriptionConfig:
+              title: Case description mapping
+              description: Mapping for the case description.
+              type: object
+              required:
+                - fieldType
+                - id
+                - key
+                - name
+              properties:
+                fieldType:
+                  type: string
+                  description: The type of field in Swimlane.
+                id:
+                  type: string
+                  description: The identifier for the field in Swimlane.
+                key:
+                  type: string
+                  description: The key for the field in Swimlane.
+                name:
+                  type: string
+                  description: The name of the field in Swimlane.
+            ruleNameConfig:
+              title: Rule name mapping
+              description: Mapping for the name of the alert's rule.
+              type: object
+              required:
+                - fieldType
+                - id
+                - key
+                - name
+              properties:
+                fieldType:
+                  type: string
+                  description: The type of field in Swimlane.
+                id:
+                  type: string
+                  description: The identifier for the field in Swimlane.
+                key:
+                  type: string
+                  description: The key for the field in Swimlane.
+                name:
+                  type: string
+                  description: The name of the field in Swimlane.
+            severityConfig:
+              title: Severity mapping
+              description: Mapping for the severity.
+              type: object
+              required:
+                - fieldType
+                - id
+                - key
+                - name
+              properties:
+                fieldType:
+                  type: string
+                  description: The type of field in Swimlane.
+                id:
+                  type: string
+                  description: The identifier for the field in Swimlane.
+                key:
+                  type: string
+                  description: The key for the field in Swimlane.
+                name:
+                  type: string
+                  description: The name of the field in Swimlane.
+    thehive_config:
+      title: Connector request properties for a TheHive connector
+      description: Defines configuration properties for connectors when type is `.thehive`.
+      type: object
+      required:
+        - url
+      properties:
+        organisation:
+          type: string
+          description: |
+            The organisation in TheHive that will contain the alerts or cases. By default, the connector uses the default organisation of the user account that created the API key.
+        url:
+          type: string
+          description: |
+            The instance URL in TheHive. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts.
+    tines_config:
+      title: Connector request properties for a Tines connector
+      description: Defines properties for connectors when type is `.tines`.
+      type: object
+      required:
+        - url
+      properties:
+        url:
+          description: |
+            The Tines tenant URL. If you are using the `xpack.actions.allowedHosts` setting, make sure this hostname is added to the allowed hosts.
+          type: string
+    torq_config:
+      title: Connector request properties for a Torq connector
+      description: Defines properties for connectors when type is `.torq`.
+      type: object
+      required:
+        - webhookIntegrationUrl
+      properties:
+        webhookIntegrationUrl:
+          description: The endpoint URL of the Elastic Security integration in Torq.
+          type: string
+    auth_type:
+      title: Authentication type
+      type: string
+      nullable: true
+      enum:
+        - webhook-authentication-basic
+        - webhook-authentication-ssl
+      description: |
+        The type of authentication to use: basic, SSL, or none.
+    ca:
+      title: Certificate authority
+      type: string
+      description: |
+        A base64 encoded version of the certificate authority file that the connector can trust to sign and validate certificates. This option is available for all authentication types.
+    cert_type:
+      title: Certificate type
+      type: string
+      description: |
+        If the `authType` is `webhook-authentication-ssl`, specifies whether the certificate authentication data is in a CRT and key file format or a PFX file format.
+      enum:
+        - ssl-crt-key
+        - ssl-pfx
+    has_auth:
+      title: Has authentication
+      type: boolean
+      description: If true, a username and password for login type authentication must be provided.
+      default: true
+    verification_mode:
+      title: Verification mode
+      type: string
+      enum:
+        - certificate
+        - full
+        - none
+      default: full
+      description: |
+        Controls the verification of certificates. Use `full` to validate that the certificate has an issue date within the `not_before` and `not_after` dates, chains to a trusted certificate authority (CA), and has a hostname or IP address that matches the names within the certificate. Use `certificate` to validate the certificate and verify that it is signed by a trusted authority; this option does not check the certificate hostname. Use `none` to skip certificate validation.
+    webhook_config:
+      title: Connector request properties for a Webhook connector
+      description: Defines properties for connectors when type is `.webhook`.
+      type: object
+      properties:
+        authType:
+          $ref: '#/components/schemas/auth_type'
+        ca:
+          $ref: '#/components/schemas/ca'
+        certType:
+          $ref: '#/components/schemas/cert_type'
+        hasAuth:
+          $ref: '#/components/schemas/has_auth'
+        headers:
+          type: object
+          nullable: true
+          description: A set of key-value pairs sent as headers with the request.
+        method:
+          type: string
+          default: post
+          enum:
+            - post
+            - put
+          description: |
+            The HTTP request method, either `post` or `put`.
+        url:
+          type: string
+          description: |
+            The request URL. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts.
+        verificationMode:
+          $ref: '#/components/schemas/verification_mode'
+    cases_webhook_config:
+      title: Connector request properties for Webhook - Case Management connector
+      required:
+        - createIncidentJson
+        - createIncidentResponseKey
+        - createIncidentUrl
+        - getIncidentResponseExternalTitleKey
+        - getIncidentUrl
+        - updateIncidentJson
+        - updateIncidentUrl
+        - viewIncidentUrl
+      description: Defines properties for connectors when type is `.cases-webhook`.
+      type: object
+      properties:
+        authType:
+          $ref: '#/components/schemas/auth_type'
+        ca:
+          $ref: '#/components/schemas/ca'
+        certType:
+          $ref: '#/components/schemas/cert_type'
+        createCommentJson:
+          type: string
+          description: |
+            A JSON payload sent to the create comment URL to create a case comment. You can use variables to add Kibana Cases data to the payload. The required variable is `case.comment`. Due to Mustache template variables (the text enclosed in triple braces, for example, `{{{case.title}}}`), the JSON is not validated when you create the connector. The JSON is validated once the Mustache variables have been placed when the REST method runs. Manually ensure that the JSON is valid, disregarding the Mustache variables, so the later validation will pass.
+          example: '{"body": {{{case.comment}}}}'
+        createCommentMethod:
+          type: string
+          description: |
+            The REST API HTTP request method to create a case comment in the third-party system. Valid values are `patch`, `post`, and `put`.
+          default: put
+          enum:
+            - patch
+            - post
+            - put
+        createCommentUrl:
+          type: string
+          description: |
+            The REST API URL to create a case comment by ID in the third-party system. You can use a variable to add the external system ID to the URL. If you are using the `xpack.actions.allowedHosts setting`, add the hostname to the allowed hosts.
+          example: https://example.com/issue/{{{external.system.id}}}/comment
+        createIncidentJson:
+          type: string
+          description: |
+            A JSON payload sent to the create case URL to create a case. You can use variables to add case data to the payload. Required variables are `case.title` and `case.description`. Due to Mustache template variables (which is the text enclosed in triple braces, for example, `{{{case.title}}}`), the JSON is not validated when you create the connector. The JSON is validated after the Mustache variables have been placed when REST method runs. Manually ensure that the JSON is valid to avoid future validation errors; disregard Mustache variables during your review.
+          example: '{"fields": {"summary": {{{case.title}}},"description": {{{case.description}}},"labels": {{{case.tags}}}}}'
+        createIncidentMethod:
+          type: string
+          description: |
+            The REST API HTTP request method to create a case in the third-party system. Valid values are `patch`, `post`, and `put`.
+          enum:
+            - patch
+            - post
+            - put
+          default: post
+        createIncidentResponseKey:
+          type: string
+          description: The JSON key in the create external case response that contains the case ID.
+        createIncidentUrl:
+          type: string
+          description: |
+            The REST API URL to create a case in the third-party system. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts.
+        getIncidentResponseExternalTitleKey:
+          type: string
+          description: The JSON key in get external case response that contains the case title.
+        getIncidentUrl:
+          type: string
+          description: |
+            The REST API URL to get the case by ID from the third-party system. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts. You can use a variable to add the external system ID to the URL. Due to Mustache template variables (the text enclosed in triple braces, for example, `{{{case.title}}}`), the JSON is not validated when you create the connector. The JSON is validated after the Mustache variables have been placed when REST method runs. Manually ensure that the JSON is valid, disregarding the Mustache variables, so the later validation will pass.
+          example: https://example.com/issue/{{{external.system.id}}}
+        hasAuth:
+          $ref: '#/components/schemas/has_auth'
+        headers:
+          type: string
+          description: |
+            A set of key-value pairs sent as headers with the request URLs for the create case, update case, get case, and create comment methods.
+        updateIncidentJson:
+          type: string
+          description: |
+            The JSON payload sent to the update case URL to update the case. You can use variables to add Kibana Cases data to the payload. Required variables are `case.title` and `case.description`. Due to Mustache template variables (which is the text enclosed in triple braces, for example, `{{{case.title}}}`), the JSON is not validated when you create the connector. The JSON is validated after the Mustache variables have been placed when REST method runs. Manually ensure that the JSON is valid to avoid future validation errors; disregard Mustache variables during your review.
+          example: '{"fields": {"summary": {{{case.title}}},"description": {{{case.description}}},"labels": {{{case.tags}}}}}'
+        updateIncidentMethod:
+          type: string
+          description: |
+            The REST API HTTP request method to update the case in the third-party system. Valid values are `patch`, `post`, and `put`.
+          default: put
+          enum:
+            - patch
+            - post
+            - put
+        updateIncidentUrl:
+          type: string
+          description: |
+            The REST API URL to update the case by ID in the third-party system. You can use a variable to add the external system ID to the URL. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts.
+          example: https://example.com/issue/{{{external.system.ID}}}
+        verificationMode:
+          $ref: '#/components/schemas/verification_mode'
+        viewIncidentUrl:
+          type: string
+          description: |
+            The URL to view the case in the external system. You can use variables to add the external system ID or external system title to the URL.
+          example: https://testing-jira.atlassian.net/browse/{{{external.system.title}}}
+    xmatters_config:
+      title: Connector request properties for an xMatters connector
+      description: Defines properties for connectors when type is `.xmatters`.
+      type: object
+      properties:
+        configUrl:
+          description: |
+            The request URL for the Elastic Alerts trigger in xMatters. It is applicable only when `usesBasic` is `true`.
+          type: string
+          nullable: true
+        usesBasic:
+          description: Specifies whether the connector uses HTTP basic authentication (`true`) or URL authentication (`false`).
+          type: boolean
+          default: true
+    bedrock_secrets:
+      title: Connector secrets properties for an Amazon Bedrock connector
+      description: Defines secrets for connectors when type is `.bedrock`.
+      type: object
+      required:
+        - accessKey
+        - secret
+      properties:
+        accessKey:
+          type: string
+          description: The AWS access key for authentication.
+        secret:
+          type: string
+          description: The AWS secret for authentication.
+    crowdstrike_secrets:
+      title: Connector secrets properties for a Crowdstrike connector
+      description: Defines secrets for connectors when type is `.crowdstrike`.
+      type: object
+      required:
+        - clientId
+        - clientSecret
+      properties:
+        clientId:
+          description: The CrowdStrike API client identifier.
+          type: string
+        clientSecret:
+          description: The CrowdStrike API client secret to authenticate the `clientId`.
+          type: string
+    d3security_secrets:
+      title: Connector secrets properties for a D3 Security connector
+      description: Defines secrets for connectors when type is `.d3security`.
+      required:
+        - token
+      type: object
+      properties:
+        token:
+          type: string
+          description: The D3 Security token.
+    email_secrets:
+      title: Connector secrets properties for an email connector
+      description: Defines secrets for connectors when type is `.email`.
+      type: object
+      properties:
+        clientSecret:
+          type: string
+          description: |
+            The Microsoft Exchange Client secret for OAuth 2.0 client credentials authentication. It must be URL-encoded. If `service` is `exchange_server`, this property is required.
+        password:
+          type: string
+          description: |
+            The password for HTTP basic authentication. If `hasAuth` is set to `true`, this property is required.
+        user:
+          type: string
+          description: |
+            The username for HTTP basic authentication. If `hasAuth` is set to `true`, this property is required.
+    gemini_secrets:
+      title: Connector secrets properties for a Google Gemini connector
+      description: Defines secrets for connectors when type is `.gemini`.
+      type: object
+      required:
+        - credentialsJson
+      properties:
+        credentialsJson:
+          type: string
+          description: The service account credentials JSON file. The service account should have Vertex AI user IAM role assigned to it.
+    resilient_secrets:
+      title: Connector secrets properties for IBM Resilient connector
+      required:
+        - apiKeyId
+        - apiKeySecret
+      description: Defines secrets for connectors when type is `.resilient`.
+      type: object
+      properties:
+        apiKeyId:
+          type: string
+          description: The authentication key ID for HTTP Basic authentication.
+        apiKeySecret:
+          type: string
+          description: The authentication key secret for HTTP Basic authentication.
+    jira_secrets:
+      title: Connector secrets properties for a Jira connector
+      required:
+        - apiToken
+        - email
+      description: Defines secrets for connectors when type is `.jira`.
+      type: object
+      properties:
+        apiToken:
+          description: The Jira API authentication token for HTTP basic authentication.
+          type: string
+        email:
+          description: The account email for HTTP Basic authentication.
+          type: string
+    teams_secrets:
+      title: Connector secrets properties for a Microsoft Teams connector
+      description: Defines secrets for connectors when type is `.teams`.
+      type: object
+      required:
+        - webhookUrl
+      properties:
+        webhookUrl:
+          type: string
+          description: |
+            The URL of the incoming webhook. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts.
+    genai_secrets:
+      title: Connector secrets properties for an OpenAI connector
+      description: Defines secrets for connectors when type is `.gen-ai`.
+      type: object
+      properties:
+        apiKey:
+          type: string
+          description: The OpenAI API key.
+    opsgenie_secrets:
+      title: Connector secrets properties for an Opsgenie connector
+      required:
+        - apiKey
+      description: Defines secrets for connectors when type is `.opsgenie`.
+      type: object
+      properties:
+        apiKey:
+          description: The Opsgenie API authentication key for HTTP Basic authentication.
+          type: string
+    pagerduty_secrets:
+      title: Connector secrets properties for a PagerDuty connector
+      description: Defines secrets for connectors when type is `.pagerduty`.
+      type: object
+      required:
+        - routingKey
+      properties:
+        routingKey:
+          description: |
+            A 32 character PagerDuty Integration Key for an integration on a service.
+          type: string
+    sentinelone_secrets:
+      title: Connector secrets properties for a SentinelOne connector
+      description: Defines secrets for connectors when type is `.sentinelone`.
+      type: object
+      required:
+        - token
+      properties:
+        token:
+          description: The A SentinelOne API token.
+          type: string
+    servicenow_secrets:
+      title: Connector secrets properties for ServiceNow ITOM, ServiceNow ITSM, and ServiceNow SecOps connectors
+      description: Defines secrets for connectors when type is `.servicenow`, `.servicenow-sir`, or `.servicenow-itom`.
+      type: object
+      properties:
+        clientSecret:
+          type: string
+          description: The client secret assigned to your OAuth application. This property is required when `isOAuth` is `true`.
+        password:
+          type: string
+          description: The password for HTTP basic authentication. This property is required when `isOAuth` is `false`.
+        privateKey:
+          type: string
+          description: The RSA private key that you created for use in ServiceNow. This property is required when `isOAuth` is `true`.
+        privateKeyPassword:
+          type: string
+          description: The password for the RSA private key. This property is required when `isOAuth` is `true` and you set a password on your private key.
+        username:
+          type: string
+          description: The username for HTTP basic authentication. This property is required when `isOAuth` is `false`.
+    slack_api_secrets:
+      title: Connector secrets properties for a Web API Slack connector
+      description: Defines secrets for connectors when type is `.slack`.
+      required:
+        - token
+      type: object
+      properties:
+        token:
+          type: string
+          description: Slack bot user OAuth token.
+    swimlane_secrets:
+      title: Connector secrets properties for a Swimlane connector
+      description: Defines secrets for connectors when type is `.swimlane`.
+      type: object
+      properties:
+        apiToken:
+          description: Swimlane API authentication token.
+          type: string
+    thehive_secrets:
+      title: Connector secrets properties for a TheHive connector
+      description: Defines secrets for connectors when type is `.thehive`.
+      required:
+        - apiKey
+      type: object
+      properties:
+        apiKey:
+          type: string
+          description: The API key for authentication in TheHive.
+    tines_secrets:
+      title: Connector secrets properties for a Tines connector
+      description: Defines secrets for connectors when type is `.tines`.
+      type: object
+      required:
+        - email
+        - token
+      properties:
+        email:
+          description: The email used to sign in to Tines.
+          type: string
+        token:
+          description: The Tines API token.
+          type: string
+    torq_secrets:
+      title: Connector secrets properties for a Torq connector
+      description: Defines secrets for connectors when type is `.torq`.
+      type: object
+      required:
+        - token
+      properties:
+        token:
+          description: The secret of the webhook authentication header.
+          type: string
+    crt:
+      title: Certificate
+      type: string
+      description: If `authType` is `webhook-authentication-ssl` and `certType` is `ssl-crt-key`, it is a base64 encoded version of the CRT or CERT file.
+    key:
+      title: Certificate key
+      type: string
+      description: If `authType` is `webhook-authentication-ssl` and `certType` is `ssl-crt-key`, it is a base64 encoded version of the KEY file.
+    pfx:
+      title: Personal information exchange
+      type: string
+      description: If `authType` is `webhook-authentication-ssl` and `certType` is `ssl-pfx`, it is a base64 encoded version of the PFX or P12 file.
+    webhook_secrets:
+      title: Connector secrets properties for a Webhook connector
+      description: Defines secrets for connectors when type is `.webhook`.
+      type: object
+      properties:
+        crt:
+          $ref: '#/components/schemas/crt'
+        key:
+          $ref: '#/components/schemas/key'
+        pfx:
+          $ref: '#/components/schemas/pfx'
+        password:
+          type: string
+          description: |
+            The password for HTTP basic authentication or the passphrase for the SSL certificate files. If `hasAuth` is set to `true` and `authType` is `webhook-authentication-basic`, this property is required.
+        user:
+          type: string
+          description: |
+            The username for HTTP basic authentication. If `hasAuth` is set to `true`  and `authType` is `webhook-authentication-basic`, this property is required.
+    cases_webhook_secrets:
+      title: Connector secrets properties for Webhook - Case Management connector
+      type: object
+      properties:
+        crt:
+          $ref: '#/components/schemas/crt'
+        key:
+          $ref: '#/components/schemas/key'
+        pfx:
+          $ref: '#/components/schemas/pfx'
+        password:
+          type: string
+          description: |
+            The password for HTTP basic authentication. If `hasAuth` is set to `true` and and `authType` is `webhook-authentication-basic`, this property is required.
+        user:
+          type: string
+          description: |
+            The username for HTTP basic authentication. If `hasAuth` is set to `true` and `authType` is `webhook-authentication-basic`, this property is required.
+    xmatters_secrets:
+      title: Connector secrets properties for an xMatters connector
+      description: Defines secrets for connectors when type is `.xmatters`.
+      type: object
+      properties:
+        password:
+          description: |
+            A user name for HTTP basic authentication. It is applicable only when `usesBasic` is `true`.
+          type: string
+        secretsUrl:
+          description: |
+            The request URL for the Elastic Alerts trigger in xMatters with the API key included in the URL. It is applicable only when `usesBasic` is `false`.
+          type: string
+        user:
+          description: |
+            A password for HTTP basic authentication. It is applicable only when `usesBasic` is `true`.
+          type: string
+    run_acknowledge_resolve_pagerduty:
+      title: PagerDuty connector parameters
+      description: Test an action that acknowledges or resolves a PagerDuty alert.
+      type: object
+      required:
+        - dedupKey
+        - eventAction
+      properties:
+        dedupKey:
+          description: The deduplication key for the PagerDuty alert.
+          type: string
+          maxLength: 255
+        eventAction:
+          description: The type of event.
+          type: string
+          enum:
+            - acknowledge
+            - resolve
+    run_documents:
+      title: Index connector parameters
+      description: Test an action that indexes a document into Elasticsearch.
+      type: object
+      required:
+        - documents
+      properties:
+        documents:
+          type: array
+          description: The documents in JSON format for index connectors.
+          items:
+            type: object
+            additionalProperties: true
+    run_message_email:
+      title: Email connector parameters
+      description: |
+        Test an action that sends an email message. There must be at least one recipient in `to`, `cc`, or `bcc`.
+      type: object
+      required:
+        - message
+        - subject
+        - anyOf:
+            - to
+            - cc
+            - bcc
+      properties:
+        bcc:
+          type: array
+          items:
+            type: string
+          description: |
+            A list of "blind carbon copy" email addresses. Addresses can be specified in `user@host-name` format or in name `<user@host-name>` format
+        cc:
+          type: array
+          items:
+            type: string
+          description: |
+            A list of "carbon copy" email addresses. Addresses can be specified in `user@host-name` format or in name `<user@host-name>` format 
+        message:
+          type: string
+          description: The email message text. Markdown format is supported.
+        subject:
+          type: string
+          description: The subject line of the email.
+        to:
+          type: array
+          description: |
+            A list of email addresses. Addresses can be specified in `user@host-name` format or in name `<user@host-name>` format.
+          items:
+            type: string
+    run_message_serverlog:
+      title: Server log connector parameters
+      description: Test an action that writes an entry to the Kibana server log.
+      type: object
+      required:
+        - message
+      properties:
+        level:
+          type: string
+          description: The log level of the message for server log connectors.
+          enum:
+            - debug
+            - error
+            - fatal
+            - info
+            - trace
+            - warn
+          default: info
+        message:
+          type: string
+          description: The message for server log connectors.
+    run_message_slack:
+      title: Slack connector parameters
+      description: |
+        Test an action that sends a message to Slack. It is applicable only when the connector type is `.slack`.
+      type: object
+      required:
+        - message
+      properties:
+        message:
+          type: string
+          description: The Slack message text, which cannot contain Markdown, images, or other advanced formatting.
+    run_trigger_pagerduty:
+      title: PagerDuty connector parameters
+      description: Test an action that triggers a PagerDuty alert.
+      type: object
+      required:
+        - eventAction
+      properties:
+        class:
+          description: The class or type of the event.
+          type: string
+          example: cpu load
+        component:
+          description: The component of the source machine that is responsible for the event.
+          type: string
+          example: eth0
+        customDetails:
+          description: Additional details to add to the event.
+          type: object
+        dedupKey:
+          description: |
+            All actions sharing this key will be associated with the same PagerDuty alert. This value is used to correlate trigger and resolution.
+          type: string
+          maxLength: 255
+        eventAction:
+          description: The type of event.
+          type: string
+          enum:
+            - trigger
+        group:
+          description: The logical grouping of components of a service.
+          type: string
+          example: app-stack
+        links:
+          description: A list of links to add to the event.
+          type: array
+          items:
+            type: object
+            properties:
+              href:
+                description: The URL for the link.
+                type: string
+              text:
+                description: A plain text description of the purpose of the link.
+                type: string
+        severity:
+          description: The severity of the event on the affected system.
+          type: string
+          enum:
+            - critical
+            - error
+            - info
+            - warning
+          default: info
+        source:
+          description: |
+            The affected system, such as a hostname or fully qualified domain name. Defaults to the Kibana saved object id of the action.
+          type: string
+        summary:
+          description: A summery of the event.
+          type: string
+          maxLength: 1024
+        timestamp:
+          description: An ISO-8601 timestamp that indicates when the event was detected or generated.
+          type: string
+          format: date-time
+    run_addevent:
+      title: The addEvent subaction
+      type: object
+      required:
+        - subAction
+      description: The `addEvent` subaction for ServiceNow ITOM connectors.
+      properties:
+        subAction:
+          type: string
+          description: The action to test.
+          enum:
+            - addEvent
+        subActionParams:
+          type: object
+          description: The set of configuration properties for the action.
+          properties:
+            additional_info:
+              type: string
+              description: Additional information about the event.
+            description:
+              type: string
+              description: The details about the event.
+            event_class:
+              type: string
+              description: A specific instance of the source.
+            message_key:
+              type: string
+              description: All actions sharing this key are associated with the same ServiceNow alert. The default value is `<rule ID>:<alert instance ID>`.
+            metric_name:
+              type: string
+              description: The name of the metric.
+            node:
+              type: string
+              description: The host that the event was triggered for.
+            resource:
+              type: string
+              description: The name of the resource.
+            severity:
+              type: string
+              description: The severity of the event.
+            source:
+              type: string
+              description: The name of the event source type.
+            time_of_event:
+              type: string
+              description: The time of the event.
+            type:
+              type: string
+              description: The type of event.
+    run_closealert:
+      title: The closeAlert subaction
+      type: object
+      required:
+        - subAction
+        - subActionParams
+      description: The `closeAlert` subaction for Opsgenie connectors.
+      properties:
+        subAction:
+          type: string
+          description: The action to test.
+          enum:
+            - closeAlert
+        subActionParams:
+          type: object
+          required:
+            - alias
+          properties:
+            alias:
+              type: string
+              description: The unique identifier used for alert deduplication in Opsgenie. The alias must match the value used when creating the alert.
+            note:
+              type: string
+              description: Additional information for the alert.
+            source:
+              type: string
+              description: The display name for the source of the alert.
+            user:
+              type: string
+              description: The display name for the owner.
+    run_closeincident:
+      title: The closeIncident subaction
+      type: object
+      required:
+        - subAction
+        - subActionParams
+      description: The `closeIncident` subaction for ServiceNow ITSM connectors.
+      properties:
+        subAction:
+          type: string
+          description: The action to test.
+          enum:
+            - closeIncident
+        subActionParams:
+          type: object
+          required:
+            - incident
+          properties:
+            incident:
+              type: object
+              anyOf:
+                - required:
+                    - correlation_id
+                - required:
+                    - externalId
+              properties:
+                correlation_id:
+                  type: string
+                  nullable: true
+                  description: |
+                    An identifier that is assigned to the incident when it is created by the connector. NOTE: If you use the default value and the rule generates multiple alerts that use the same alert IDs, the latest open incident for this correlation ID is closed unless you specify the external ID.
+                  maxLength: 100
+                  default: '{{rule.id}}:{{alert.id}}'
+                externalId:
+                  type: string
+                  nullable: true
+                  description: The unique identifier (`incidentId`) for the incident in ServiceNow.
+    run_createalert:
+      title: The createAlert subaction
+      type: object
+      required:
+        - subAction
+        - subActionParams
+      description: The `createAlert` subaction for Opsgenie and TheHive connectors.
+      properties:
+        subAction:
+          type: string
+          description: The action to test.
+          enum:
+            - createAlert
+        subActionParams:
+          type: object
+          properties:
+            actions:
+              type: array
+              description: The custom actions available to the alert in Opsgenie connectors.
+              items:
+                type: string
+            alias:
+              type: string
+              description: The unique identifier used for alert deduplication in Opsgenie.
+            description:
+              type: string
+              description: A description that provides detailed information about the alert.
+            details:
+              type: object
+              description: The custom properties of the alert in Opsgenie connectors.
+              additionalProperties: true
+              example:
+                key1: value1
+                key2: value2
+            entity:
+              type: string
+              description: The domain of the alert in Opsgenie connectors. For example, the application or server name.
+            message:
+              type: string
+              description: The alert message in Opsgenie connectors.
+            note:
+              type: string
+              description: Additional information for the alert in Opsgenie connectors.
+            priority:
+              type: string
+              description: The priority level for the alert in Opsgenie connectors.
+              enum:
+                - P1
+                - P2
+                - P3
+                - P4
+                - P5
+            responders:
+              type: array
+              description: |
+                The entities to receive notifications about the alert in Opsgenie connectors. If `type` is `user`, either `id` or `username` is required. If `type` is `team`, either `id` or `name` is required.
+              items:
+                type: object
+                properties:
+                  id:
+                    type: string
+                    description: The identifier for the entity.
+                  name:
+                    type: string
+                    description: The name of the entity.
+                  type:
+                    type: string
+                    description: The type of responders, in this case `escalation`.
+                    enum:
+                      - escalation
+                      - schedule
+                      - team
+                      - user
+                  username:
+                    type: string
+                    description: A valid email address for the user.
+            severity:
+              type: integer
+              minimum: 1
+              maximum: 4
+              description: |
+                The severity of the incident for TheHive connectors. The value ranges from 1 (low) to 4 (critical) with a default value of 2 (medium).
+            source:
+              type: string
+              description: The display name for the source of the alert in Opsgenie and TheHive connectors.
+            sourceRef:
+              type: string
+              description: A source reference for the alert in TheHive connectors.
+            tags:
+              type: array
+              description: The tags for the alert in Opsgenie and TheHive connectors.
+              items:
+                type: string
+            title:
+              type: string
+              description: |
+                A title for the incident for TheHive connectors. It is used for searching the contents of the knowledge base.
+            tlp:
+              type: integer
+              minimum: 0
+              maximum: 4
+              default: 2
+              description: |
+                The traffic light protocol designation for the incident in TheHive connectors. Valid values include: 0 (clear), 1 (green), 2 (amber), 3 (amber and strict), and 4 (red).
+            type:
+              type: string
+              description: The type of alert in TheHive connectors.
+            user:
+              type: string
+              description: The display name for the owner.
+            visibleTo:
+              type: array
+              description: The teams and users that the alert will be visible to without sending a notification. Only one of `id`, `name`, or `username` is required.
+              items:
+                type: object
+                required:
+                  - type
+                properties:
+                  id:
+                    type: string
+                    description: The identifier for the entity.
+                  name:
+                    type: string
+                    description: The name of the entity.
+                  type:
+                    type: string
+                    description: Valid values are `team` and `user`.
+                    enum:
+                      - team
+                      - user
+                  username:
+                    type: string
+                    description: The user name. This property is required only when the `type` is `user`.
+    run_fieldsbyissuetype:
+      title: The fieldsByIssueType subaction
+      type: object
+      required:
+        - subAction
+        - subActionParams
+      description: The `fieldsByIssueType` subaction for Jira connectors.
+      properties:
+        subAction:
+          type: string
+          description: The action to test.
+          enum:
+            - fieldsByIssueType
+        subActionParams:
+          type: object
+          required:
+            - id
+          properties:
+            id:
+              type: string
+              description: The Jira issue type identifier.
+              example: 10024
+    run_getchoices:
+      title: The getChoices subaction
+      type: object
+      required:
+        - subAction
+        - subActionParams
+      description: The `getChoices` subaction for ServiceNow ITOM, ServiceNow ITSM, and ServiceNow SecOps connectors.
+      properties:
+        subAction:
+          type: string
+          description: The action to test.
+          enum:
+            - getChoices
+        subActionParams:
+          type: object
+          description: The set of configuration properties for the action.
+          required:
+            - fields
+          properties:
+            fields:
+              type: array
+              description: An array of fields.
+              items:
+                type: string
+    run_getfields:
+      title: The getFields subaction
+      type: object
+      required:
+        - subAction
+      description: The `getFields` subaction for Jira, ServiceNow ITSM, and ServiceNow SecOps connectors.
+      properties:
+        subAction:
+          type: string
+          description: The action to test.
+          enum:
+            - getFields
+    run_getincident:
+      title: The getIncident subaction
+      type: object
+      description: The `getIncident` subaction for Jira, ServiceNow ITSM, and ServiceNow SecOps connectors.
+      required:
+        - subAction
+        - subActionParams
+      properties:
+        subAction:
+          type: string
+          description: The action to test.
+          enum:
+            - getIncident
+        subActionParams:
+          type: object
+          required:
+            - externalId
+          properties:
+            externalId:
+              type: string
+              description: The Jira, ServiceNow ITSM, or ServiceNow SecOps issue identifier.
+              example: 71778
+    run_issue:
+      title: The issue subaction
+      type: object
+      required:
+        - subAction
+      description: The `issue` subaction for Jira connectors.
+      properties:
+        subAction:
+          type: string
+          description: The action to test.
+          enum:
+            - issue
+        subActionParams:
+          type: object
+          required:
+            - id
+          properties:
+            id:
+              type: string
+              description: The Jira issue identifier.
+              example: 71778
+    run_issues:
+      title: The issues subaction
+      type: object
+      required:
+        - subAction
+        - subActionParams
+      description: The `issues` subaction for Jira connectors.
+      properties:
+        subAction:
+          type: string
+          description: The action to test.
+          enum:
+            - issues
+        subActionParams:
+          type: object
+          required:
+            - title
+          properties:
+            title:
+              type: string
+              description: The title of the Jira issue.
+    run_issuetypes:
+      title: The issueTypes subaction
+      type: object
+      required:
+        - subAction
+      description: The `issueTypes` subaction for Jira connectors.
+      properties:
+        subAction:
+          type: string
+          description: The action to test.
+          enum:
+            - issueTypes
+    run_postmessage:
+      title: The postMessage subaction
+      type: object
+      description: |
+        Test an action that sends a message to Slack. It is applicable only when the connector type is `.slack_api`.
+      required:
+        - subAction
+        - subActionParams
+      properties:
+        subAction:
+          type: string
+          description: The action to test.
+          enum:
+            - postMessage
+        subActionParams:
+          type: object
+          description: The set of configuration properties for the action.
+          properties:
+            channelIds:
+              type: array
+              maxItems: 1
+              description: |
+                The Slack channel identifier, which must be one of the `allowedChannels` in the connector configuration.
+              items:
+                type: string
+            channels:
+              type: array
+              deprecated: true
+              description: |
+                The name of a channel that your Slack app has access to.
+              maxItems: 1
+              items:
+                type: string
+            text:
+              type: string
+              description: |
+                The Slack message text. If it is a Slack webhook connector, the text cannot contain Markdown, images, or other advanced formatting. If it is a Slack web API connector, it can contain either plain text or block kit messages.
+              minLength: 1
+    run_pushtoservice:
+      title: The pushToService subaction
+      type: object
+      required:
+        - subAction
+        - subActionParams
+      description: The `pushToService` subaction for Jira, ServiceNow ITSM, ServiceNow SecOps, Swimlane, TheHive, and Webhook - Case Management connectors.
+      properties:
+        subAction:
+          type: string
+          description: The action to test.
+          enum:
+            - pushToService
+        subActionParams:
+          type: object
+          description: The set of configuration properties for the action.
+          properties:
+            comments:
+              type: array
+              description: Additional information that is sent to Jira, ServiceNow ITSM, ServiceNow SecOps, Swimlane, or TheHive.
+              items:
+                type: object
+                properties:
+                  comment:
+                    type: string
+                    description: A comment related to the incident. For example, describe how to troubleshoot the issue.
+                  commentId:
+                    type: integer
+                    description: A unique identifier for the comment.
+            incident:
+              type: object
+              description: Information necessary to create or update a Jira, ServiceNow ITSM, ServiveNow SecOps, Swimlane, or TheHive incident.
+              properties:
+                additional_fields:
+                  type: string
+                  nullable: true
+                  maxLength: 20
+                  description: |
+                    Additional fields for ServiceNow ITSM and ServiveNow SecOps connectors. The fields must exist in the Elastic ServiceNow application and must be specified in JSON format.
+                alertId:
+                  type: string
+                  description: The alert identifier for Swimlane connectors.
+                caseId:
+                  type: string
+                  description: The case identifier for the incident for Swimlane connectors.
+                caseName:
+                  type: string
+                  description: The case name for the incident for Swimlane connectors.
+                category:
+                  type: string
+                  description: The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors.
+                correlation_display:
+                  type: string
+                  description: A descriptive label of the alert for correlation purposes for ServiceNow ITSM and ServiceNow SecOps connectors.
+                correlation_id:
+                  type: string
+                  description: |
+                    The correlation identifier for the security incident for ServiceNow ITSM and ServiveNow SecOps connectors. Connectors using the same correlation ID are associated with the same ServiceNow incident. This value determines whether a new ServiceNow incident is created or an existing one is updated. Modifying this value is optional; if not modified, the rule ID and alert ID are combined as `{{ruleID}}:{{alert ID}}` to form the correlation ID value in ServiceNow. The maximum character length for this value is 100 characters. NOTE: Using the default configuration of `{{ruleID}}:{{alert ID}}` ensures that ServiceNow creates a separate incident record for every generated alert that uses a unique alert ID. If the rule generates multiple alerts that use the same alert IDs, ServiceNow creates and continually updates a single incident record for the alert.
+                description:
+                  type: string
+                  description: The description of the incident for Jira, ServiceNow ITSM, ServiceNow SecOps, Swimlane, TheHive, and Webhook - Case Management connectors.
+                dest_ip:
+                  description: |
+                    A list of destination IP addresses related to the security incident for ServiceNow SecOps connectors. The IPs are added as observables to the security incident.
+                  oneOf:
+                    - type: string
+                    - type: array
+                      items:
+                        type: string
+                externalId:
+                  type: string
+                  description: |
+                    The Jira, ServiceNow ITSM, or ServiceNow SecOps issue identifier. If present, the incident is updated. Otherwise, a new incident is created.
+                id:
+                  type: string
+                  description: The external case identifier for Webhook - Case Management connectors.
+                impact:
+                  type: string
+                  description: The impact of the incident for ServiceNow ITSM connectors.
+                issueType:
+                  type: integer
+                  description: The type of incident for Jira connectors. For example, 10006. To obtain the list of valid values, set `subAction` to `issueTypes`.
+                labels:
+                  type: array
+                  items:
+                    type: string
+                  description: |
+                    The labels for the incident for Jira connectors. NOTE: Labels cannot contain spaces.
+                malware_hash:
+                  description: A list of malware hashes related to the security incident for ServiceNow SecOps connectors. The hashes are added as observables to the security incident.
+                  oneOf:
+                    - type: string
+                    - type: array
+                      items:
+                        type: string
+                malware_url:
+                  type: string
+                  description: A list of malware URLs related to the security incident for ServiceNow SecOps connectors. The URLs are added as observables to the security incident.
+                  oneOf:
+                    - type: string
+                    - type: array
+                      items:
+                        type: string
+                otherFields:
+                  type: object
+                  additionalProperties: true
+                  maxProperties: 20
+                  description: |
+                    Custom field identifiers and their values for Jira connectors.
+                parent:
+                  type: string
+                  description: The ID or key of the parent issue for Jira connectors. Applies only to `Sub-task` types of issues.
+                priority:
+                  type: string
+                  description: The priority of the incident in Jira and ServiceNow SecOps connectors.
+                ruleName:
+                  type: string
+                  description: The rule name for Swimlane connectors.
+                severity:
+                  type: integer
+                  description: |
+                    The severity of the incident for ServiceNow ITSM, Swimlane, and TheHive connectors. In TheHive connectors, the severity value ranges from 1 (low) to 4 (critical) with a default value of 2 (medium).
+                short_description:
+                  type: string
+                  description: |
+                    A short description of the incident for ServiceNow ITSM and ServiceNow SecOps connectors. It is used for searching the contents of the knowledge base.
+                source_ip:
+                  description: A list of source IP addresses related to the security incident for ServiceNow SecOps connectors. The IPs are added as observables to the security incident.
+                  oneOf:
+                    - type: string
+                    - type: array
+                      items:
+                        type: string
+                status:
+                  type: string
+                  description: The status of the incident for Webhook - Case Management connectors.
+                subcategory:
+                  type: string
+                  description: The subcategory of the incident for ServiceNow ITSM and ServiceNow SecOps connectors.
+                summary:
+                  type: string
+                  description: A summary of the incident for Jira connectors.
+                tags:
+                  type: array
+                  items:
+                    type: string
+                  description: A list of tags for TheHive and Webhook - Case Management connectors.
+                title:
+                  type: string
+                  description: |
+                    A title for the incident for Jira, TheHive, and Webhook - Case Management connectors. It is used for searching the contents of the knowledge base.
+                tlp:
+                  type: integer
+                  minimum: 0
+                  maximum: 4
+                  default: 2
+                  description: |
+                    The traffic light protocol designation for the incident in TheHive connectors. Valid values include: 0 (clear), 1 (green), 2 (amber), 3 (amber and strict), and 4 (red).
+                urgency:
+                  type: string
+                  description: The urgency of the incident for ServiceNow ITSM connectors.
+    run_validchannelid:
+      title: The validChannelId subaction
+      type: object
+      description: |
+        Retrieves information about a valid Slack channel identifier. It is applicable only when the connector type is `.slack_api`.
+      required:
+        - subAction
+        - subActionParams
+      properties:
+        subAction:
+          type: string
+          description: The action to test.
+          enum:
+            - validChannelId
+        subActionParams:
+          type: object
+          required:
+            - channelId
+          properties:
+            channelId:
+              type: string
+              description: The Slack channel identifier.
+              example: C123ABC456
+    params_property_apm_anomaly:
+      required:
+        - windowSize
+        - windowUnit
+        - environment
+        - anomalySeverityType
+      properties:
+        serviceName:
+          type: string
+          description: The service name from APM
+        transactionType:
+          type: string
+          description: The transaction type from APM
+        windowSize:
+          type: number
+          example: 6
+          description: The window size
+        windowUnit:
+          type: string
+          description: The window size unit
+          enum:
+            - m
+            - h
+            - d
+        environment:
+          type: string
+          description: The environment from APM
+        anomalySeverityType:
+          type: string
+          description: The anomaly threshold value
+          enum:
+            - critical
+            - major
+            - minor
+            - warning
+    params_property_apm_error_count:
+      required:
+        - windowSize
+        - windowUnit
+        - threshold
+        - environment
+      properties:
+        serviceName:
+          type: string
+          description: The service name from APM
+        windowSize:
+          type: number
+          description: The window size
+          example: 6
+        windowUnit:
+          type: string
+          description: The window size unit
+          enum:
+            - m
+            - h
+            - d
+        environment:
+          type: string
+          description: The environment from APM
+        threshold:
+          type: number
+          description: The error count threshold value
+        groupBy:
+          type: array
+          default:
+            - service.name
+            - service.environment
+          uniqueItems: true
+          items:
+            type: string
+            enum:
+              - service.name
+              - service.environment
+              - transaction.name
+              - error.grouping_key
+        errorGroupingKey:
+          type: string
+    params_property_apm_transaction_duration:
+      required:
+        - windowSize
+        - windowUnit
+        - threshold
+        - environment
+        - aggregationType
+      properties:
+        serviceName:
+          type: string
+          description: The service name from APM
+        transactionType:
+          type: string
+          description: The transaction type from APM
+        transactionName:
+          type: string
+          description: The transaction name from APM
+        windowSize:
+          type: number
+          description: The window size
+          example: 6
+        windowUnit:
+          type: string
+          description: ç
+          enum:
+            - m
+            - h
+            - d
+        environment:
+          type: string
+        threshold:
+          type: number
+          description: The latency threshold value
+        groupBy:
+          type: array
+          default:
+            - service.name
+            - service.environment
+            - transaction.type
+          uniqueItems: true
+          items:
+            type: string
+            enum:
+              - service.name
+              - service.environment
+              - transaction.type
+              - transaction.name
+        aggregationType:
+          type: string
+          enum:
+            - avg
+            - 95th
+            - 99th
+    params_property_apm_transaction_error_rate:
+      required:
+        - windowSize
+        - windowUnit
+        - threshold
+        - environment
+      properties:
+        serviceName:
+          type: string
+          description: The service name from APM
+        transactionType:
+          type: string
+          description: The transaction type from APM
+        transactionName:
+          type: string
+          description: The transaction name from APM
+        windowSize:
+          type: number
+          description: The window size
+          example: 6
+        windowUnit:
+          type: string
+          description: The window size unit
+          enum:
+            - m
+            - h
+            - d
+        environment:
+          type: string
+          description: The environment from APM
+        threshold:
+          type: number
+          description: The error rate threshold value
+        groupBy:
+          type: array
+          default:
+            - service.name
+            - service.environment
+            - transaction.type
+          uniqueItems: true
+          items:
+            type: string
+            enum:
+              - service.name
+              - service.environment
+              - transaction.type
+              - transaction.name
+    aggfield:
+      description: |
+        The name of the numeric field that is used in the aggregation. This property is required when `aggType` is `avg`, `max`, `min` or `sum`.
+      type: string
+    aggtype:
+      description: The type of aggregation to perform.
+      type: string
+      enum:
+        - avg
+        - count
+        - max
+        - min
+        - sum
+      default: count
+    excludehitsfrompreviousrun:
+      description: |
+        Indicates whether to exclude matches from previous runs. If `true`, you can avoid alert duplication by excluding documents that have already been detected by the previous rule run. This option is not available when a grouping field is specified.
+      type: boolean
+    groupby:
+      description: |
+        Indicates whether the aggregation is applied over all documents (`all`) or split into groups (`top`) using a grouping field (`termField`). If grouping is used, an alert will be created for each group when it exceeds the threshold; only the top groups (up to `termSize` number of groups) are checked.
+      type: string
+      enum:
+        - all
+        - top
+      default: all
+    size:
+      description: |
+        The number of documents to pass to the configured actions when the threshold condition is met.
+      type: integer
+    termfield:
+      description: |
+        The names of up to four fields that are used for grouping the aggregation. This property is required when `groupBy` is `top`.
+      oneOf:
+        - type: string
+        - type: array
+          items:
+            type: string
+          maxItems: 4
+    termsize:
+      description: |
+        This property is required when `groupBy` is `top`. It specifies the number of groups to check against the threshold and therefore limits the number of alerts on high cardinality fields.
+      type: integer
+    threshold:
+      description: |
+        The threshold value that is used with the `thresholdComparator`. If the `thresholdComparator` is `between` or `notBetween`, you must specify the boundary values.
+      type: array
+      items:
+        type: integer
+        example: 4000
+    thresholdcomparator:
+      description: The comparison function for the threshold. For example, "is above", "is above or equals", "is below", "is below or equals", "is between", and "is not between".
+      type: string
+      enum:
+        - '>'
+        - '>='
+        - <
+        - <=
+        - between
+        - notBetween
+      example: '>'
+    timefield:
+      description: The field that is used to calculate the time window.
+      type: string
+    timewindowsize:
+      description: |
+        The size of the time window (in `timeWindowUnit` units), which determines how far back to search for documents. Generally it should be a value higher than the rule check interval to avoid gaps in detection.
+      type: integer
+      example: 5
+    timewindowunit:
+      description: |
+        The type of units for the time window: seconds, minutes, hours, or days.
+      type: string
+      enum:
+        - s
+        - m
+        - h
+        - d
+      example: m
+    params_es_query_dsl_rule:
+      title: Elasticsearch DSL query rule params
+      description: |
+        An Elasticsearch query rule can run a query defined in Elasticsearch Query DSL and compare the number of matches to a configured threshold. These parameters are appropriate when `rule_type_id` is `.es-query`.
+      type: object
+      required:
+        - esQuery
+        - index
+        - threshold
+        - thresholdComparator
+        - timeField
+        - timeWindowSize
+        - timeWindowUnit
+      properties:
+        aggField:
+          $ref: '#/components/schemas/aggfield'
+        aggType:
+          $ref: '#/components/schemas/aggtype'
+        esQuery:
+          description: The query definition, which uses Elasticsearch Query DSL.
+          type: string
+        excludeHitsFromPreviousRun:
+          $ref: '#/components/schemas/excludehitsfrompreviousrun'
+        groupBy:
+          $ref: '#/components/schemas/groupby'
+        index:
+          description: The indices to query.
+          oneOf:
+            - type: array
+              items:
+                type: string
+            - type: string
+        searchType:
+          description: The type of query, in this case a query that uses Elasticsearch Query DSL.
+          type: string
+          enum:
+            - esQuery
+          default: esQuery
+          example: esQuery
+        size:
+          $ref: '#/components/schemas/size'
+        termField:
+          $ref: '#/components/schemas/termfield'
+        termSize:
+          $ref: '#/components/schemas/termsize'
+        threshold:
+          $ref: '#/components/schemas/threshold'
+        thresholdComparator:
+          $ref: '#/components/schemas/thresholdcomparator'
+        timeField:
+          $ref: '#/components/schemas/timefield'
+        timeWindowSize:
+          $ref: '#/components/schemas/timewindowsize'
+        timeWindowUnit:
+          $ref: '#/components/schemas/timewindowunit'
+    params_es_query_esql_rule:
+      title: Elasticsearch ES|QL query rule params
+      description: |
+        An Elasticsearch query rule can run an ES|QL query and compare the number of matches to a configured threshold. These parameters are appropriate when `rule_type_id` is `.es-query`.
+      type: object
+      required:
+        - esqlQuery
+        - searchType
+        - size
+        - threshold
+        - thresholdComparator
+        - timeWindowSize
+        - timeWindowUnit
+      properties:
+        aggField:
+          $ref: '#/components/schemas/aggfield'
+        aggType:
+          $ref: '#/components/schemas/aggtype'
+        esqlQuery:
+          type: object
+          required:
+            - esql
+          properties:
+            esql:
+              description: The query definition, which uses Elasticsearch Query Language.
+              type: string
+        excludeHitsFromPreviousRun:
+          $ref: '#/components/schemas/excludehitsfrompreviousrun'
+        groupBy:
+          $ref: '#/components/schemas/groupby'
+        searchType:
+          description: The type of query, in this case a query that uses Elasticsearch Query Language (ES|QL).
+          type: string
+          enum:
+            - esqlQuery
+          example: esqlQuery
+        size:
+          type: integer
+          description: |
+            When `searchType` is `esqlQuery`, this property is required but it does not affect the rule behavior.
+          example: 0
+        termSize:
+          $ref: '#/components/schemas/termsize'
+        threshold:
+          type: array
+          items:
+            type: integer
+            minimum: 0
+            maximum: 0
+          description: |
+            The threshold value that is used with the `thresholdComparator`. When `searchType` is `esqlQuery`, this property is required and must be set to zero.
+        thresholdComparator:
+          type: string
+          description: |
+            The comparison function for the threshold. When `searchType` is `esqlQuery`, this property is required and must be set to ">". Since the `threshold` value must be `0`, the result is that an alert occurs whenever the query returns results.
+          enum:
+            - '>'
+          example: '>'
+        timeField:
+          $ref: '#/components/schemas/timefield'
+        timeWindowSize:
+          $ref: '#/components/schemas/timewindowsize'
+        timeWindowUnit:
+          $ref: '#/components/schemas/timewindowunit'
+    filter:
+      type: object
+      description: A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package.
+      properties:
+        meta:
+          type: object
+          properties:
+            alias:
+              type: string
+              nullable: true
+            controlledBy:
+              type: string
+            disabled:
+              type: boolean
+            field:
+              type: string
+            group:
+              type: string
+            index:
+              type: string
+            isMultiIndex:
+              type: boolean
+            key:
+              type: string
+            negate:
+              type: boolean
+            params:
+              type: object
+            type:
+              type: string
+            value:
+              type: string
+        query:
+          type: object
+        $state:
+          type: object
+    params_es_query_kql_rule:
+      title: Elasticsearch KQL query rule params
+      description: |
+        An Elasticsearch query rule can run a query defined in KQL or Lucene and compare the number of matches to a configured threshold. These parameters are appropriate when `rule_type_id` is `.es-query`.
+      type: object
+      required:
+        - searchType
+        - size
+        - threshold
+        - thresholdComparator
+        - timeWindowSize
+        - timeWindowUnit
+      properties:
+        aggField:
+          $ref: '#/components/schemas/aggfield'
+        aggType:
+          $ref: '#/components/schemas/aggtype'
+        excludeHitsFromPreviousRun:
+          $ref: '#/components/schemas/excludehitsfrompreviousrun'
+        groupBy:
+          $ref: '#/components/schemas/groupby'
+        searchConfiguration:
+          description: The query definition, which uses KQL or Lucene to fetch the documents from Elasticsearch.
+          type: object
+          properties:
+            filter:
+              type: array
+              items:
+                $ref: '#/components/schemas/filter'
+            index:
+              description: The indices to query.
+              oneOf:
+                - type: string
+                - type: array
+                  items:
+                    type: string
+            query:
+              type: object
+              properties:
+                language:
+                  type: string
+                  example: kuery
+                query:
+                  type: string
+        searchType:
+          description: The type of query, in this case a text-based query that uses KQL or Lucene.
+          type: string
+          enum:
+            - searchSource
+          example: searchSource
+        size:
+          $ref: '#/components/schemas/size'
+        termField:
+          $ref: '#/components/schemas/termfield'
+        termSize:
+          $ref: '#/components/schemas/termsize'
+        threshold:
+          $ref: '#/components/schemas/threshold'
+        thresholdComparator:
+          $ref: '#/components/schemas/thresholdcomparator'
+        timeField:
+          $ref: '#/components/schemas/timefield'
+        timeWindowSize:
+          $ref: '#/components/schemas/timewindowsize'
+        timeWindowUnit:
+          $ref: '#/components/schemas/timewindowunit'
+    params_index_threshold_rule:
+      title: Index threshold rule params
+      description: An index threshold rule runs an Elasticsearch query, aggregates field values from documents, compares them to threshold values, and schedules actions to run when the thresholds are met. These parameters are appropriate when `rule_type_id` is `.index-threshold`.
+      type: object
+      required:
+        - index
+        - threshold
+        - thresholdComparator
+        - timeField
+        - timeWindowSize
+        - timeWindowUnit
+      properties:
+        aggField:
+          $ref: '#/components/schemas/aggfield'
+        aggType:
+          $ref: '#/components/schemas/aggtype'
+        filterKuery:
+          description: A KQL expression thats limits the scope of alerts.
+          type: string
+        groupBy:
+          $ref: '#/components/schemas/groupby'
+        index:
+          description: The indices to query.
+          type: array
+          items:
+            type: string
+        termField:
+          $ref: '#/components/schemas/termfield'
+        termSize:
+          $ref: '#/components/schemas/termsize'
+        threshold:
+          $ref: '#/components/schemas/threshold'
+        thresholdComparator:
+          $ref: '#/components/schemas/thresholdcomparator'
+        timeField:
+          $ref: '#/components/schemas/timefield'
+        timeWindowSize:
+          $ref: '#/components/schemas/timewindowsize'
+        timeWindowUnit:
+          $ref: '#/components/schemas/timewindowunit'
+    params_property_infra_inventory:
+      properties:
+        criteria:
+          type: array
+          items:
+            type: object
+            properties:
+              metric:
+                type: string
+                enum:
+                  - count
+                  - cpu
+                  - diskLatency
+                  - load
+                  - memory
+                  - memoryTotal
+                  - tx
+                  - rx
+                  - logRate
+                  - diskIOReadBytes
+                  - diskIOWriteBytes
+                  - s3TotalRequests
+                  - s3NumberOfObjects
+                  - s3BucketSize
+                  - s3DownloadBytes
+                  - s3UploadBytes
+                  - rdsConnections
+                  - rdsQueriesExecuted
+                  - rdsActiveTransactions
+                  - rdsLatency
+                  - sqsMessagesVisible
+                  - sqsMessagesDelayed
+                  - sqsMessagesSent
+                  - sqsMessagesEmpty
+                  - sqsOldestMessage
+                  - custom
+              timeSize:
+                type: number
+              timeUnit:
+                type: string
+                enum:
+                  - s
+                  - m
+                  - h
+                  - d
+              sourceId:
+                type: string
+              threshold:
+                type: array
+                items:
+                  type: number
+              comparator:
+                type: string
+                enum:
+                  - <
+                  - <=
+                  - '>'
+                  - '>='
+                  - between
+                  - outside
+              customMetric:
+                type: object
+                properties:
+                  type:
+                    type: string
+                    enum:
+                      - custom
+                  field:
+                    type: string
+                  aggregation:
+                    type: string
+                    enum:
+                      - avg
+                      - max
+                      - min
+                      - rate
+                  id:
+                    type: string
+                  label:
+                    type: string
+              warningThreshold:
+                type: array
+                items:
+                  type: number
+              warningComparator:
+                type: string
+                enum:
+                  - <
+                  - <=
+                  - '>'
+                  - '>='
+                  - between
+                  - outside
+        filterQuery:
+          type: string
+        filterQueryText:
+          type: string
+        nodeType:
+          type: string
+          enum:
+            - host
+            - pod
+            - container
+            - awsEC2
+            - awsS3
+            - awsSQS
+            - awsRDS
+        sourceId:
+          type: string
+        alertOnNoData:
+          type: boolean
+    params_property_log_threshold:
+      oneOf:
+        - title: Count
+          type: object
+          required:
+            - count
+            - timeSize
+            - timeUnit
+            - logView
+          properties:
+            criteria:
+              type: array
+              items:
+                type: object
+                properties:
+                  field:
+                    type: string
+                    example: my.field
+                  comparator:
+                    type: string
+                    enum:
+                      - more than
+                      - more than or equals
+                      - less than
+                      - less than or equals
+                      - equals
+                      - does not equal
+                      - matches
+                      - does not match
+                      - matches phrase
+                      - does not match phrase
+                  value:
+                    oneOf:
+                      - type: number
+                        example: 42
+                      - type: string
+                        example: value
+            count:
+              type: object
+              properties:
+                comparator:
+                  type: string
+                  enum:
+                    - more than
+                    - more than or equals
+                    - less than
+                    - less than or equals
+                    - equals
+                    - does not equal
+                    - matches
+                    - does not match
+                    - matches phrase
+                    - does not match phrase
+                value:
+                  type: number
+                  example: 100
+            timeSize:
+              type: number
+              example: 6
+            timeUnit:
+              type: string
+              enum:
+                - s
+                - m
+                - h
+                - d
+            logView:
+              type: object
+              properties:
+                logViewId:
+                  type: string
+                type:
+                  type: string
+                  enum:
+                    - log-view-reference
+                  example: log-view-reference
+            groupBy:
+              type: array
+              items:
+                type: string
+        - title: Ratio
+          type: object
+          required:
+            - count
+            - timeSize
+            - timeUnit
+            - logView
+          properties:
+            criteria:
+              type: array
+              items:
+                minItems: 2
+                maxItems: 2
+                type: array
+                items:
+                  type: object
+                  properties:
+                    field:
+                      type: string
+                      example: my.field
+                    comparator:
+                      type: string
+                      enum:
+                        - more than
+                        - more than or equals
+                        - less than
+                        - less than or equals
+                        - equals
+                        - does not equal
+                        - matches
+                        - does not match
+                        - matches phrase
+                        - does not match phrase
+                    value:
+                      oneOf:
+                        - type: number
+                          example: 42
+                        - type: string
+                          example: value
+            count:
+              type: object
+              properties:
+                comparator:
+                  type: string
+                  enum:
+                    - more than
+                    - more than or equals
+                    - less than
+                    - less than or equals
+                    - equals
+                    - does not equal
+                    - matches
+                    - does not match
+                    - matches phrase
+                    - does not match phrase
+                value:
+                  type: number
+                  example: 100
+            timeSize:
+              type: number
+              example: 6
+            timeUnit:
+              type: string
+              enum:
+                - s
+                - m
+                - h
+                - d
+            logView:
+              type: object
+              properties:
+                logViewId:
+                  type: string
+                type:
+                  type: string
+                  enum:
+                    - log-view-reference
+                  example: log-view-reference
+            groupBy:
+              type: array
+              items:
+                type: string
+    params_property_infra_metric_threshold:
+      properties:
+        criteria:
+          type: array
+          items:
+            oneOf:
+              - title: non count criterion
+                type: object
+                properties:
+                  threshold:
+                    type: array
+                    items:
+                      type: number
+                  comparator:
+                    type: string
+                    enum:
+                      - <
+                      - <=
+                      - '>'
+                      - '>='
+                      - between
+                      - outside
+                  timeUnit:
+                    type: string
+                  timeSize:
+                    type: number
+                  warningThreshold:
+                    type: array
+                    items:
+                      type: number
+                  warningComparator:
+                    type: string
+                    enum:
+                      - <
+                      - <=
+                      - '>'
+                      - '>='
+                      - between
+                      - outside
+                  metric:
+                    type: string
+                  aggType:
+                    type: string
+                    enum:
+                      - avg
+                      - max
+                      - min
+                      - cardinality
+                      - rate
+                      - count
+                      - sum
+                      - p95
+                      - p99
+                      - custom
+              - title: count criterion
+                type: object
+                properties:
+                  threshold:
+                    type: array
+                    items:
+                      type: number
+                  comparator:
+                    type: string
+                    enum:
+                      - <
+                      - <=
+                      - '>'
+                      - '>='
+                      - between
+                      - outside
+                  timeUnit:
+                    type: string
+                  timeSize:
+                    type: number
+                  warningThreshold:
+                    type: array
+                    items:
+                      type: number
+                  warningComparator:
+                    type: string
+                    enum:
+                      - <
+                      - <=
+                      - '>'
+                      - '>='
+                      - between
+                      - outside
+                  aggType:
+                    type: string
+                    enum:
+                      - count
+              - title: custom criterion
+                type: object
+                properties:
+                  threshold:
+                    type: array
+                    items:
+                      type: number
+                  comparator:
+                    type: string
+                    enum:
+                      - <
+                      - <=
+                      - '>'
+                      - '>='
+                      - between
+                      - outside
+                  timeUnit:
+                    type: string
+                  timeSize:
+                    type: number
+                  warningThreshold:
+                    type: array
+                    items:
+                      type: number
+                  warningComparator:
+                    type: string
+                    enum:
+                      - <
+                      - <=
+                      - '>'
+                      - '>='
+                      - between
+                      - outside
+                  aggType:
+                    type: string
+                    enum:
+                      - custom
+                  customMetric:
+                    type: array
+                    items:
+                      oneOf:
+                        - type: object
+                          properties:
+                            name:
+                              type: string
+                            aggType:
+                              type: string
+                              enum:
+                                - avg
+                                - sum
+                                - max
+                                - min
+                                - cardinality
+                            field:
+                              type: string
+                        - type: object
+                          properties:
+                            name:
+                              type: string
+                            aggType:
+                              type: string
+                              enum:
+                                - count
+                            filter:
+                              type: string
+                  equation:
+                    type: string
+                  label:
+                    type: string
+        groupBy:
+          oneOf:
+            - type: string
+            - type: array
+              items:
+                type: string
+        filterQuery:
+          type: string
+        sourceId:
+          type: string
+        alertOnNoData:
+          type: boolean
+        alertOnGroupDisappear:
+          type: boolean
+    params_property_slo_burn_rate:
+      properties:
+        sloId:
+          description: The SLO identifier used by the rule
+          type: string
+          example: 8853df00-ae2e-11ed-90af-09bb6422b258
+        burnRateThreshold:
+          description: The burn rate threshold used to trigger the alert
+          type: number
+          example: 14.4
+        maxBurnRateThreshold:
+          description: The maximum burn rate threshold value defined by the SLO error budget
+          type: number
+          example: 168
+        longWindow:
+          description: The duration of the long window used to compute the burn rate
+          type: object
+          properties:
+            value:
+              description: The duration value
+              type: number
+              example: 6
+            unit:
+              description: The duration unit
+              type: string
+              example: h
+        shortWindow:
+          description: The duration of the short window used to compute the burn rate
+          type: object
+          properties:
+            value:
+              description: The duration value
+              type: number
+              example: 30
+            unit:
+              description: The duration unit
+              type: string
+              example: m
+    params_property_synthetics_uptime_tls:
+      properties:
+        search:
+          type: string
+        certExpirationThreshold:
+          type: number
+        certAgeThreshold:
+          type: number
+    params_property_synthetics_monitor_status:
+      required:
+        - numTimes
+        - shouldCheckStatus
+        - shouldCheckAvailability
+      properties:
+        availability:
+          type: object
+          properties:
+            range:
+              type: number
+            rangeUnit:
+              type: string
+            threshold:
+              type: string
+        filters:
+          oneOf:
+            - type: string
+            - type: object
+              deprecated: true
+              properties:
+                monitor.type:
+                  type: array
+                  items:
+                    type: string
+                observer.geo.name:
+                  type: array
+                  items:
+                    type: string
+                tags:
+                  type: array
+                  items:
+                    type: string
+                url.port:
+                  type: array
+                  items:
+                    type: string
+        locations:
+          deprecated: true
+          type: array
+          items:
+            type: string
+        numTimes:
+          type: number
+        search:
+          type: string
+        shouldCheckStatus:
+          type: boolean
+        shouldCheckAvailability:
+          type: boolean
+        timerangeCount:
+          type: number
+        timerangeUnit:
+          type: string
+        timerange:
+          deprecated: true
+          type: object
+          properties:
+            from:
+              type: string
+            to:
+              type: string
+        version:
+          type: number
+        isAutoGenerated:
+          type: boolean
+  securitySchemes:
+    apiKeyAuth:
+      description: |
+        These APIs use key-based authentication. You must create an API key and use the encoded value in the request header. For example: `Authorization: ApiKey base64AccessApiKey`
+      in: header
+      name: Authorization
+      type: apiKey
+    basicAuth:
+      scheme: basic
+      type: http
+x-topics:
+  - title: Kibana spaces
+    content: |
+      Spaces enable you to organize your dashboards and other saved objects into meaningful categories.
+      You can use the default space or create your own spaces.
+
+      To run APIs in non-default spaces, you must add `s/{space_id}/` to the path.
+      For example:
+
+      ```
+      curl -X GET "http://localhost:5601/s/marketing/api/data_views"
+      ```
+
+      If you use the Kibana console to send API requests, it automatically adds the appropriate space identifier.
+
+      To learn more, check out [Spaces](https://www.elastic.co/guide/en/kibana/master/xpack-spaces.html).
diff --git a/oas_docs/overlays/connectors.overlays.yaml b/oas_docs/overlays/connectors.overlays.yaml
index 022946e893be2..816542a450e3a 100644
--- a/oas_docs/overlays/connectors.overlays.yaml
+++ b/oas_docs/overlays/connectors.overlays.yaml
@@ -140,6 +140,8 @@ actions:
                   default: {}
                   description: The connector configuration details.
                   oneOf:
+                    # AI (.inference) TBD
+                    # - $ref: '../../x-pack/plugins/actions/docs/openapi/components/schemas/inference_config.yaml'
                     # Bedrock (.bedrock)
                     - $ref: '../../x-pack/plugins/actions/docs/openapi/components/schemas/bedrock_config.yaml'
                     # Crowdstrike (.crowdstrike)
@@ -194,6 +196,8 @@ actions:
                   additionalProperties: {}
                   default: {}
                   oneOf:
+                    # AI (.inference)
+                    # - $ref: '../../x-pack/plugins/actions/docs/openapi/components/schemas/inference_secrets.yaml'
                     # Bedrock (.bedrock)
                     - $ref: '../../x-pack/plugins/actions/docs/openapi/components/schemas/bedrock_secrets.yaml'
                     # Crowdstrike (.crowdstrike)
@@ -253,6 +257,8 @@ actions:
                   default: {}
                   description: The connector configuration details.
                   oneOf:
+                    # AI (.inference)
+                    # - $ref: '../../x-pack/plugins/actions/docs/openapi/components/schemas/inference_config.yaml'
                     # Bedrock (.bedrock)
                     - $ref: '../../x-pack/plugins/actions/docs/openapi/components/schemas/bedrock_config.yaml'
                     # Crowdstrike (.crowdstrike)
@@ -307,6 +313,8 @@ actions:
                   additionalProperties: {}
                   default: {}
                   oneOf:
+                    # AI (.inference)
+                    # - $ref: '../../x-pack/plugins/actions/docs/openapi/components/schemas/inference_secrets.yaml'
                     # Bedrock (.bedrock)
                     - $ref: '../../x-pack/plugins/actions/docs/openapi/components/schemas/bedrock_secrets.yaml'
                     # Crowdstrike (.crowdstrike)
diff --git a/oas_docs/package-lock.json b/oas_docs/package-lock.json
new file mode 100644
index 0000000000000..6527a6ee6a5dd
--- /dev/null
+++ b/oas_docs/package-lock.json
@@ -0,0 +1,4637 @@
+{
+  "name": "oas_docs",
+  "version": "1.0.0",
+  "lockfileVersion": 3,
+  "requires": true,
+  "packages": {
+    "": {
+      "name": "oas_docs",
+      "version": "1.0.0",
+      "license": "ISC",
+      "dependencies": {
+        "@redocly/cli": "^1.25.7",
+        "bump-cli": "^2.8.4"
+      }
+    },
+    "node_modules/@apidevtools/json-schema-ref-parser": {
+      "version": "9.1.2",
+      "resolved": "https://registry.npmjs.org/@apidevtools/json-schema-ref-parser/-/json-schema-ref-parser-9.1.2.tgz",
+      "integrity": "sha512-r1w81DpR+KyRWd3f+rk6TNqMgedmAxZP5v5KWlXQWlgMUUtyEJch0DKEci1SorPMiSeM8XPl7MZ3miJ60JIpQg==",
+      "dependencies": {
+        "@jsdevtools/ono": "^7.1.3",
+        "@types/json-schema": "^7.0.6",
+        "call-me-maybe": "^1.0.1",
+        "js-yaml": "^4.1.0"
+      }
+    },
+    "node_modules/@asyncapi/specs": {
+      "version": "5.1.0",
+      "resolved": "https://registry.npmjs.org/@asyncapi/specs/-/specs-5.1.0.tgz",
+      "integrity": "sha512-yffhETqehkim43luMnPKOwzY0D0YtU4bKpORIXIaid6p5Y5kDLrMGJaEPkNieQp03HMjhjFrnUPtT8kvqe0+aQ==",
+      "dependencies": {
+        "@types/json-schema": "^7.0.11"
+      }
+    },
+    "node_modules/@babel/runtime": {
+      "version": "7.26.0",
+      "resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.26.0.tgz",
+      "integrity": "sha512-FDSOghenHTiToteC/QRlv2q3DhPZ/oOXTBoirfWNx1Cx3TMVcGWQtMMmQcSvb/JjpNeGzx8Pq/b4fKEJuWm1sw==",
+      "dependencies": {
+        "regenerator-runtime": "^0.14.0"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      }
+    },
+    "node_modules/@cfaester/enzyme-adapter-react-18": {
+      "version": "0.8.0",
+      "resolved": "https://registry.npmjs.org/@cfaester/enzyme-adapter-react-18/-/enzyme-adapter-react-18-0.8.0.tgz",
+      "integrity": "sha512-3Z3ThTUouHwz8oIyhTYQljEMNRFtlVyc3VOOHCbxs47U6cnXs8K9ygi/c1tv49s7MBlTXeIcuN+Ttd9aPtILFQ==",
+      "dependencies": {
+        "enzyme-shallow-equal": "^1.0.0",
+        "function.prototype.name": "^1.1.6",
+        "has": "^1.0.4",
+        "react-is": "^18.2.0",
+        "react-shallow-renderer": "^16.15.0"
+      },
+      "peerDependencies": {
+        "enzyme": "^3.11.0",
+        "react": ">=18",
+        "react-dom": ">=18"
+      }
+    },
+    "node_modules/@clack/core": {
+      "version": "0.3.4",
+      "resolved": "https://registry.npmjs.org/@clack/core/-/core-0.3.4.tgz",
+      "integrity": "sha512-H4hxZDXgHtWTwV3RAVenqcC4VbJZNegbBjlPvzOzCouXtS2y3sDvlO3IsbrPNWuLWPPlYVYPghQdSF64683Ldw==",
+      "dependencies": {
+        "picocolors": "^1.0.0",
+        "sisteransi": "^1.0.5"
+      }
+    },
+    "node_modules/@clack/prompts": {
+      "version": "0.6.3",
+      "resolved": "https://registry.npmjs.org/@clack/prompts/-/prompts-0.6.3.tgz",
+      "integrity": "sha512-AM+kFmAHawpUQv2q9+mcB6jLKxXGjgu/r2EQjEwujgpCdzrST6BJqYw00GRn56/L/Izw5U7ImoLmy00X/r80Pw==",
+      "bundleDependencies": [
+        "is-unicode-supported"
+      ],
+      "dependencies": {
+        "@clack/core": "^0.3.2",
+        "is-unicode-supported": "*",
+        "picocolors": "^1.0.0",
+        "sisteransi": "^1.0.5"
+      }
+    },
+    "node_modules/@clack/prompts/node_modules/is-unicode-supported": {
+      "version": "1.3.0",
+      "inBundle": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/@cspotcode/source-map-support": {
+      "version": "0.8.1",
+      "resolved": "https://registry.npmjs.org/@cspotcode/source-map-support/-/source-map-support-0.8.1.tgz",
+      "integrity": "sha512-IchNf6dN4tHoMFIn/7OE8LWZ19Y6q/67Bmf6vnGREv8RSbBVb9LPJxEcnwrcwX6ixSvaiGoomAUvu4YSxXrVgw==",
+      "dependencies": {
+        "@jridgewell/trace-mapping": "0.3.9"
+      },
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/@emotion/is-prop-valid": {
+      "version": "1.2.2",
+      "resolved": "https://registry.npmjs.org/@emotion/is-prop-valid/-/is-prop-valid-1.2.2.tgz",
+      "integrity": "sha512-uNsoYd37AFmaCdXlg6EYD1KaPOaRWRByMCYzbKUX4+hhMfrxdVSelShywL4JVaAeM/eHUOSprYBQls+/neX3pw==",
+      "dependencies": {
+        "@emotion/memoize": "^0.8.1"
+      }
+    },
+    "node_modules/@emotion/memoize": {
+      "version": "0.8.1",
+      "resolved": "https://registry.npmjs.org/@emotion/memoize/-/memoize-0.8.1.tgz",
+      "integrity": "sha512-W2P2c/VRW1/1tLox0mVUalvnWXxavmv/Oum2aPsRcoDJuob75FC3Y8FbpfLwUegRcxINtGUMPq0tFCvYNTBXNA=="
+    },
+    "node_modules/@emotion/unitless": {
+      "version": "0.8.1",
+      "resolved": "https://registry.npmjs.org/@emotion/unitless/-/unitless-0.8.1.tgz",
+      "integrity": "sha512-KOEGMu6dmJZtpadb476IsZBclKvILjopjUii3V+7MnXIQCYh8W3NgNcgwo21n9LXZX6EDIKvqfjYxXebDwxKmQ=="
+    },
+    "node_modules/@exodus/schemasafe": {
+      "version": "1.3.0",
+      "resolved": "https://registry.npmjs.org/@exodus/schemasafe/-/schemasafe-1.3.0.tgz",
+      "integrity": "sha512-5Aap/GaRupgNx/feGBwLLTVv8OQFfv3pq2lPRzPg9R+IOBnDgghTGW7l7EuVXOvg5cc/xSAlRW8rBrjIC3Nvqw=="
+    },
+    "node_modules/@jridgewell/resolve-uri": {
+      "version": "3.1.2",
+      "resolved": "https://registry.npmjs.org/@jridgewell/resolve-uri/-/resolve-uri-3.1.2.tgz",
+      "integrity": "sha512-bRISgCIjP20/tbWSPWMEi54QVPRZExkuD9lJL+UIxUKtwVJA8wW1Trb1jMs1RFXo1CBTNZ/5hpC9QvmKWdopKw==",
+      "engines": {
+        "node": ">=6.0.0"
+      }
+    },
+    "node_modules/@jridgewell/sourcemap-codec": {
+      "version": "1.5.0",
+      "resolved": "https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.5.0.tgz",
+      "integrity": "sha512-gv3ZRaISU3fjPAgNsriBRqGWQL6quFx04YMPW/zD8XMLsU32mhCCbfbO6KZFLjvYpCZ8zyDEgqsgf+PwPaM7GQ=="
+    },
+    "node_modules/@jridgewell/trace-mapping": {
+      "version": "0.3.9",
+      "resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.9.tgz",
+      "integrity": "sha512-3Belt6tdc8bPgAtbcmdtNJlirVoTmEb5e2gC94PnkwEW9jI6CAHUeoG85tjWP5WquqfavoMtMwiG4P926ZKKuQ==",
+      "dependencies": {
+        "@jridgewell/resolve-uri": "^3.0.3",
+        "@jridgewell/sourcemap-codec": "^1.4.10"
+      }
+    },
+    "node_modules/@jsdevtools/ono": {
+      "version": "7.1.3",
+      "resolved": "https://registry.npmjs.org/@jsdevtools/ono/-/ono-7.1.3.tgz",
+      "integrity": "sha512-4JQNk+3mVzK3xh2rqd6RB4J46qUR19azEHBneZyTZM+c456qOrbbM/5xcR8huNCCcbVt7+UmizG6GuUvPvKUYg=="
+    },
+    "node_modules/@nodelib/fs.scandir": {
+      "version": "2.1.5",
+      "resolved": "https://registry.npmjs.org/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz",
+      "integrity": "sha512-vq24Bq3ym5HEQm2NKCr3yXDwjc7vTsEThRDnkp2DK9p1uqLR+DHurm/NOTo0KG7HYHU7eppKZj3MyqYuMBf62g==",
+      "dependencies": {
+        "@nodelib/fs.stat": "2.0.5",
+        "run-parallel": "^1.1.9"
+      },
+      "engines": {
+        "node": ">= 8"
+      }
+    },
+    "node_modules/@nodelib/fs.stat": {
+      "version": "2.0.5",
+      "resolved": "https://registry.npmjs.org/@nodelib/fs.stat/-/fs.stat-2.0.5.tgz",
+      "integrity": "sha512-RkhPPp2zrqDAQA/2jNhnztcPAlv64XdhIp7a7454A5ovI7Bukxgt7MX7udwAu3zg1DcpPU0rz3VV1SeaqvY4+A==",
+      "engines": {
+        "node": ">= 8"
+      }
+    },
+    "node_modules/@nodelib/fs.walk": {
+      "version": "1.2.8",
+      "resolved": "https://registry.npmjs.org/@nodelib/fs.walk/-/fs.walk-1.2.8.tgz",
+      "integrity": "sha512-oGB+UxlgWcgQkgwo8GcEGwemoTFt3FIO9ababBmaGwXIoBKZ+GTy0pP185beGg7Llih/NSHSV2XAs1lnznocSg==",
+      "dependencies": {
+        "@nodelib/fs.scandir": "2.1.5",
+        "fastq": "^1.6.0"
+      },
+      "engines": {
+        "node": ">= 8"
+      }
+    },
+    "node_modules/@oclif/command": {
+      "version": "1.8.36",
+      "resolved": "https://registry.npmjs.org/@oclif/command/-/command-1.8.36.tgz",
+      "integrity": "sha512-/zACSgaYGtAQRzc7HjzrlIs14FuEYAZrMOEwicRoUnZVyRunG4+t5iSEeQu0Xy2bgbCD0U1SP/EdeNZSTXRwjQ==",
+      "deprecated": "Package no longer supported. Contact Support at https://www.npmjs.com/support for more info.",
+      "dependencies": {
+        "@oclif/config": "^1.18.2",
+        "@oclif/errors": "^1.3.6",
+        "@oclif/help": "^1.0.1",
+        "@oclif/parser": "^3.8.17",
+        "debug": "^4.1.1",
+        "semver": "^7.5.4"
+      },
+      "engines": {
+        "node": ">=12.0.0"
+      },
+      "peerDependencies": {
+        "@oclif/config": "^1"
+      }
+    },
+    "node_modules/@oclif/config": {
+      "version": "1.18.17",
+      "resolved": "https://registry.npmjs.org/@oclif/config/-/config-1.18.17.tgz",
+      "integrity": "sha512-k77qyeUvjU8qAJ3XK3fr/QVAqsZO8QOBuESnfeM5HHtPNLSyfVcwiMM2zveSW5xRdLSG3MfV8QnLVkuyCL2ENg==",
+      "deprecated": "Package no longer supported. Contact Support at https://www.npmjs.com/support for more info.",
+      "dependencies": {
+        "@oclif/errors": "^1.3.6",
+        "@oclif/parser": "^3.8.17",
+        "debug": "^4.3.4",
+        "globby": "^11.1.0",
+        "is-wsl": "^2.1.1",
+        "tslib": "^2.6.1"
+      },
+      "engines": {
+        "node": ">=8.0.0"
+      }
+    },
+    "node_modules/@oclif/core": {
+      "version": "1.20.4",
+      "resolved": "https://registry.npmjs.org/@oclif/core/-/core-1.20.4.tgz",
+      "integrity": "sha512-giug32M4YhSYNYKQwE1L57/+k5gp1+Bq3/0vKNQmzAY1tizFGhvBJc6GIRZasHjU+xtZLutQvrVrJo7chX3hxg==",
+      "dependencies": {
+        "@oclif/linewrap": "^1.0.0",
+        "@oclif/screen": "^3.0.3",
+        "ansi-escapes": "^4.3.2",
+        "ansi-styles": "^4.3.0",
+        "cardinal": "^2.1.1",
+        "chalk": "^4.1.2",
+        "clean-stack": "^3.0.1",
+        "cli-progress": "^3.10.0",
+        "debug": "^4.3.4",
+        "ejs": "^3.1.6",
+        "fs-extra": "^9.1.0",
+        "get-package-type": "^0.1.0",
+        "globby": "^11.1.0",
+        "hyperlinker": "^1.0.0",
+        "indent-string": "^4.0.0",
+        "is-wsl": "^2.2.0",
+        "js-yaml": "^3.14.1",
+        "natural-orderby": "^2.0.3",
+        "object-treeify": "^1.1.33",
+        "password-prompt": "^1.1.2",
+        "semver": "^7.3.7",
+        "string-width": "^4.2.3",
+        "strip-ansi": "^6.0.1",
+        "supports-color": "^8.1.1",
+        "supports-hyperlinks": "^2.2.0",
+        "tslib": "^2.4.1",
+        "widest-line": "^3.1.0",
+        "wrap-ansi": "^7.0.0"
+      },
+      "engines": {
+        "node": ">=14.0.0"
+      }
+    },
+    "node_modules/@oclif/core/node_modules/argparse": {
+      "version": "1.0.10",
+      "resolved": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz",
+      "integrity": "sha512-o5Roy6tNG4SL/FOkCAN6RzjiakZS25RLYFrcMttJqbdd8BWrnA+fGz57iN5Pb06pvBGvl5gQ0B48dJlslXvoTg==",
+      "dependencies": {
+        "sprintf-js": "~1.0.2"
+      }
+    },
+    "node_modules/@oclif/core/node_modules/esprima": {
+      "version": "4.0.1",
+      "resolved": "https://registry.npmjs.org/esprima/-/esprima-4.0.1.tgz",
+      "integrity": "sha512-eGuFFw7Upda+g4p+QHvnW0RyTX/SVeJBDM/gCtMARO0cLuT2HcEKnTPvhjV6aGeqrCB/sbNop0Kszm0jsaWU4A==",
+      "bin": {
+        "esparse": "bin/esparse.js",
+        "esvalidate": "bin/esvalidate.js"
+      },
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/@oclif/core/node_modules/js-yaml": {
+      "version": "3.14.1",
+      "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz",
+      "integrity": "sha512-okMH7OXXJ7YrN9Ok3/SXrnu4iX9yOk+25nqX4imS2npuvTYDmo/QEZoqwZkYaIDk3jVvBOTOIEgEhaLOynBS9g==",
+      "dependencies": {
+        "argparse": "^1.0.7",
+        "esprima": "^4.0.0"
+      },
+      "bin": {
+        "js-yaml": "bin/js-yaml.js"
+      }
+    },
+    "node_modules/@oclif/errors": {
+      "version": "1.3.6",
+      "resolved": "https://registry.npmjs.org/@oclif/errors/-/errors-1.3.6.tgz",
+      "integrity": "sha512-fYaU4aDceETd89KXP+3cLyg9EHZsLD3RxF2IU9yxahhBpspWjkWi3Dy3bTgcwZ3V47BgxQaGapzJWDM33XIVDQ==",
+      "deprecated": "Package no longer supported. Contact Support at https://www.npmjs.com/support for more info.",
+      "dependencies": {
+        "clean-stack": "^3.0.0",
+        "fs-extra": "^8.1",
+        "indent-string": "^4.0.0",
+        "strip-ansi": "^6.0.1",
+        "wrap-ansi": "^7.0.0"
+      },
+      "engines": {
+        "node": ">=8.0.0"
+      }
+    },
+    "node_modules/@oclif/errors/node_modules/fs-extra": {
+      "version": "8.1.0",
+      "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-8.1.0.tgz",
+      "integrity": "sha512-yhlQgA6mnOJUKOsRUFsgJdQCvkKhcz8tlZG5HBQfReYZy46OwLcY+Zia0mtdHsOo9y/hP+CxMN0TU9QxoOtG4g==",
+      "dependencies": {
+        "graceful-fs": "^4.2.0",
+        "jsonfile": "^4.0.0",
+        "universalify": "^0.1.0"
+      },
+      "engines": {
+        "node": ">=6 <7 || >=8"
+      }
+    },
+    "node_modules/@oclif/errors/node_modules/jsonfile": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/jsonfile/-/jsonfile-4.0.0.tgz",
+      "integrity": "sha512-m6F1R3z8jjlf2imQHS2Qez5sjKWQzbuuhuJ/FKYFRZvPE3PuHcSMVZzfsLhGVOkfd20obL5SWEBew5ShlquNxg==",
+      "optionalDependencies": {
+        "graceful-fs": "^4.1.6"
+      }
+    },
+    "node_modules/@oclif/errors/node_modules/universalify": {
+      "version": "0.1.2",
+      "resolved": "https://registry.npmjs.org/universalify/-/universalify-0.1.2.tgz",
+      "integrity": "sha512-rBJeI5CXAlmy1pV+617WB9J63U6XcazHHF2f2dbJix4XzpUF0RS3Zbj0FGIOCAva5P/d/GBOYaACQ1w+0azUkg==",
+      "engines": {
+        "node": ">= 4.0.0"
+      }
+    },
+    "node_modules/@oclif/help": {
+      "version": "1.0.15",
+      "resolved": "https://registry.npmjs.org/@oclif/help/-/help-1.0.15.tgz",
+      "integrity": "sha512-Yt8UHoetk/XqohYX76DfdrUYLsPKMc5pgkzsZVHDyBSkLiGRzujVaGZdjr32ckVZU9q3a47IjhWxhip7Dz5W/g==",
+      "deprecated": "Package no longer supported. Contact Support at https://www.npmjs.com/support for more info.",
+      "dependencies": {
+        "@oclif/config": "1.18.16",
+        "@oclif/errors": "1.3.6",
+        "chalk": "^4.1.2",
+        "indent-string": "^4.0.0",
+        "lodash": "^4.17.21",
+        "string-width": "^4.2.0",
+        "strip-ansi": "^6.0.0",
+        "widest-line": "^3.1.0",
+        "wrap-ansi": "^6.2.0"
+      },
+      "engines": {
+        "node": ">=8.0.0"
+      }
+    },
+    "node_modules/@oclif/help/node_modules/@oclif/config": {
+      "version": "1.18.16",
+      "resolved": "https://registry.npmjs.org/@oclif/config/-/config-1.18.16.tgz",
+      "integrity": "sha512-VskIxVcN22qJzxRUq+raalq6Q3HUde7sokB7/xk5TqRZGEKRVbFeqdQBxDWwQeudiJEgcNiMvIFbMQ43dY37FA==",
+      "deprecated": "Package no longer supported. Contact Support at https://www.npmjs.com/support for more info.",
+      "dependencies": {
+        "@oclif/errors": "^1.3.6",
+        "@oclif/parser": "^3.8.16",
+        "debug": "^4.3.4",
+        "globby": "^11.1.0",
+        "is-wsl": "^2.1.1",
+        "tslib": "^2.6.1"
+      },
+      "engines": {
+        "node": ">=8.0.0"
+      }
+    },
+    "node_modules/@oclif/help/node_modules/wrap-ansi": {
+      "version": "6.2.0",
+      "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-6.2.0.tgz",
+      "integrity": "sha512-r6lPcBGxZXlIcymEu7InxDMhdW0KDxpLgoFLcguasxCaJ/SOIZwINatK9KY/tf+ZrlywOKU0UDj3ATXUBfxJXA==",
+      "dependencies": {
+        "ansi-styles": "^4.0.0",
+        "string-width": "^4.1.0",
+        "strip-ansi": "^6.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/@oclif/linewrap": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/@oclif/linewrap/-/linewrap-1.0.0.tgz",
+      "integrity": "sha512-Ups2dShK52xXa8w6iBWLgcjPJWjais6KPJQq3gQ/88AY6BXoTX+MIGFPrWQO1KLMiQfoTpcLnUwloN4brrVUHw=="
+    },
+    "node_modules/@oclif/parser": {
+      "version": "3.8.17",
+      "resolved": "https://registry.npmjs.org/@oclif/parser/-/parser-3.8.17.tgz",
+      "integrity": "sha512-l04iSd0xoh/16TGVpXb81Gg3z7tlQGrEup16BrVLsZBK6SEYpYHRJZnM32BwZrHI97ZSFfuSwVlzoo6HdsaK8A==",
+      "deprecated": "Package no longer supported. Contact Support at https://www.npmjs.com/support for more info.",
+      "dependencies": {
+        "@oclif/errors": "^1.3.6",
+        "@oclif/linewrap": "^1.0.0",
+        "chalk": "^4.1.0",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=8.0.0"
+      }
+    },
+    "node_modules/@oclif/plugin-help": {
+      "version": "5.2.20",
+      "resolved": "https://registry.npmjs.org/@oclif/plugin-help/-/plugin-help-5.2.20.tgz",
+      "integrity": "sha512-u+GXX/KAGL9S10LxAwNUaWdzbEBARJ92ogmM7g3gDVud2HioCmvWQCDohNRVZ9GYV9oKwZ/M8xwd6a1d95rEKQ==",
+      "dependencies": {
+        "@oclif/core": "^2.15.0"
+      },
+      "engines": {
+        "node": ">=12.0.0"
+      }
+    },
+    "node_modules/@oclif/plugin-help/node_modules/@oclif/core": {
+      "version": "2.16.0",
+      "resolved": "https://registry.npmjs.org/@oclif/core/-/core-2.16.0.tgz",
+      "integrity": "sha512-dL6atBH0zCZl1A1IXCKJgLPrM/wR7K+Wi401E/IvqsK8m2iCHW+0TEOGrans/cuN3oTW+uxIyJFHJ8Im0k4qBw==",
+      "dependencies": {
+        "@types/cli-progress": "^3.11.0",
+        "ansi-escapes": "^4.3.2",
+        "ansi-styles": "^4.3.0",
+        "cardinal": "^2.1.1",
+        "chalk": "^4.1.2",
+        "clean-stack": "^3.0.1",
+        "cli-progress": "^3.12.0",
+        "debug": "^4.3.4",
+        "ejs": "^3.1.8",
+        "get-package-type": "^0.1.0",
+        "globby": "^11.1.0",
+        "hyperlinker": "^1.0.0",
+        "indent-string": "^4.0.0",
+        "is-wsl": "^2.2.0",
+        "js-yaml": "^3.14.1",
+        "natural-orderby": "^2.0.3",
+        "object-treeify": "^1.1.33",
+        "password-prompt": "^1.1.2",
+        "slice-ansi": "^4.0.0",
+        "string-width": "^4.2.3",
+        "strip-ansi": "^6.0.1",
+        "supports-color": "^8.1.1",
+        "supports-hyperlinks": "^2.2.0",
+        "ts-node": "^10.9.1",
+        "tslib": "^2.5.0",
+        "widest-line": "^3.1.0",
+        "wordwrap": "^1.0.0",
+        "wrap-ansi": "^7.0.0"
+      },
+      "engines": {
+        "node": ">=14.0.0"
+      }
+    },
+    "node_modules/@oclif/plugin-help/node_modules/argparse": {
+      "version": "1.0.10",
+      "resolved": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz",
+      "integrity": "sha512-o5Roy6tNG4SL/FOkCAN6RzjiakZS25RLYFrcMttJqbdd8BWrnA+fGz57iN5Pb06pvBGvl5gQ0B48dJlslXvoTg==",
+      "dependencies": {
+        "sprintf-js": "~1.0.2"
+      }
+    },
+    "node_modules/@oclif/plugin-help/node_modules/esprima": {
+      "version": "4.0.1",
+      "resolved": "https://registry.npmjs.org/esprima/-/esprima-4.0.1.tgz",
+      "integrity": "sha512-eGuFFw7Upda+g4p+QHvnW0RyTX/SVeJBDM/gCtMARO0cLuT2HcEKnTPvhjV6aGeqrCB/sbNop0Kszm0jsaWU4A==",
+      "bin": {
+        "esparse": "bin/esparse.js",
+        "esvalidate": "bin/esvalidate.js"
+      },
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/@oclif/plugin-help/node_modules/js-yaml": {
+      "version": "3.14.1",
+      "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz",
+      "integrity": "sha512-okMH7OXXJ7YrN9Ok3/SXrnu4iX9yOk+25nqX4imS2npuvTYDmo/QEZoqwZkYaIDk3jVvBOTOIEgEhaLOynBS9g==",
+      "dependencies": {
+        "argparse": "^1.0.7",
+        "esprima": "^4.0.0"
+      },
+      "bin": {
+        "js-yaml": "bin/js-yaml.js"
+      }
+    },
+    "node_modules/@oclif/screen": {
+      "version": "3.0.8",
+      "resolved": "https://registry.npmjs.org/@oclif/screen/-/screen-3.0.8.tgz",
+      "integrity": "sha512-yx6KAqlt3TAHBduS2fMQtJDL2ufIHnDRArrJEOoTTuizxqmjLT+psGYOHpmMl3gvQpFJ11Hs76guUUktzAF9Bg==",
+      "deprecated": "Package no longer supported. Contact Support at https://www.npmjs.com/support for more info.",
+      "engines": {
+        "node": ">=12.0.0"
+      }
+    },
+    "node_modules/@redocly/ajv": {
+      "version": "8.11.2",
+      "resolved": "https://registry.npmjs.org/@redocly/ajv/-/ajv-8.11.2.tgz",
+      "integrity": "sha512-io1JpnwtIcvojV7QKDUSIuMN/ikdOUd1ReEnUnMKGfDVridQZ31J0MmIuqwuRjWDZfmvr+Q0MqCcfHM2gTivOg==",
+      "dependencies": {
+        "fast-deep-equal": "^3.1.1",
+        "json-schema-traverse": "^1.0.0",
+        "require-from-string": "^2.0.2",
+        "uri-js-replace": "^1.0.1"
+      },
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/epoberezkin"
+      }
+    },
+    "node_modules/@redocly/cli": {
+      "version": "1.25.11",
+      "resolved": "https://registry.npmjs.org/@redocly/cli/-/cli-1.25.11.tgz",
+      "integrity": "sha512-dttBsmLnnbTlJCTa+s7Sy+qtXDq692n7Ru3nUUIHp9XdCbhXIHWhpc8uAl+GmR4MGbVe8ohATl3J+zX3aFy82A==",
+      "dependencies": {
+        "@redocly/openapi-core": "1.25.11",
+        "abort-controller": "^3.0.0",
+        "chokidar": "^3.5.1",
+        "colorette": "^1.2.0",
+        "core-js": "^3.32.1",
+        "form-data": "^4.0.0",
+        "get-port-please": "^3.0.1",
+        "glob": "^7.1.6",
+        "handlebars": "^4.7.6",
+        "mobx": "^6.0.4",
+        "node-fetch": "^2.6.1",
+        "pluralize": "^8.0.0",
+        "react": "^17.0.0 || ^18.2.0",
+        "react-dom": "^17.0.0 || ^18.2.0",
+        "redoc": "~2.2.0",
+        "semver": "^7.5.2",
+        "simple-websocket": "^9.0.0",
+        "styled-components": "^6.0.7",
+        "yargs": "17.0.1"
+      },
+      "bin": {
+        "openapi": "bin/cli.js",
+        "redocly": "bin/cli.js"
+      },
+      "engines": {
+        "node": ">=14.19.0",
+        "npm": ">=7.0.0"
+      }
+    },
+    "node_modules/@redocly/config": {
+      "version": "0.16.0",
+      "resolved": "https://registry.npmjs.org/@redocly/config/-/config-0.16.0.tgz",
+      "integrity": "sha512-t9jnODbUcuANRSl/K4L9nb12V+U5acIHnVSl26NWrtSdDZVtoqUXk2yGFPZzohYf62cCfEQUT8ouJ3bhPfpnJg=="
+    },
+    "node_modules/@redocly/openapi-core": {
+      "version": "1.25.11",
+      "resolved": "https://registry.npmjs.org/@redocly/openapi-core/-/openapi-core-1.25.11.tgz",
+      "integrity": "sha512-bH+a8izQz4fnKROKoX3bEU8sQ9rjvEIZOqU6qTmxlhOJ0NsKa5e+LmU18SV0oFeg5YhWQhhEDihXkvKJ1wMMNQ==",
+      "dependencies": {
+        "@redocly/ajv": "^8.11.2",
+        "@redocly/config": "^0.16.0",
+        "colorette": "^1.2.0",
+        "https-proxy-agent": "^7.0.4",
+        "js-levenshtein": "^1.1.6",
+        "js-yaml": "^4.1.0",
+        "lodash.isequal": "^4.5.0",
+        "minimatch": "^5.0.1",
+        "node-fetch": "^2.6.1",
+        "pluralize": "^8.0.0",
+        "yaml-ast-parser": "0.0.43"
+      },
+      "engines": {
+        "node": ">=14.19.0",
+        "npm": ">=7.0.0"
+      }
+    },
+    "node_modules/@redocly/openapi-core/node_modules/brace-expansion": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
+      "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
+      "dependencies": {
+        "balanced-match": "^1.0.0"
+      }
+    },
+    "node_modules/@redocly/openapi-core/node_modules/minimatch": {
+      "version": "5.1.6",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.6.tgz",
+      "integrity": "sha512-lKwV/1brpG6mBUFHtb7NUmtABCb2WZZmm2wNiOA5hAb8VdCS4B3dtMWyvcoViccwAW/COERjXLt0zP1zXUN26g==",
+      "dependencies": {
+        "brace-expansion": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@stoplight/ordered-object-literal": {
+      "version": "1.0.5",
+      "resolved": "https://registry.npmjs.org/@stoplight/ordered-object-literal/-/ordered-object-literal-1.0.5.tgz",
+      "integrity": "sha512-COTiuCU5bgMUtbIFBuyyh2/yVVzlr5Om0v5utQDgBCuQUOPgU1DwoffkTfg4UBQOvByi5foF4w4T+H9CoRe5wg==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/@stoplight/types": {
+      "version": "14.1.1",
+      "resolved": "https://registry.npmjs.org/@stoplight/types/-/types-14.1.1.tgz",
+      "integrity": "sha512-/kjtr+0t0tjKr+heVfviO9FrU/uGLc+QNX3fHJc19xsCNYqU7lVhaXxDmEID9BZTjG+/r9pK9xP/xU02XGg65g==",
+      "dependencies": {
+        "@types/json-schema": "^7.0.4",
+        "utility-types": "^3.10.0"
+      },
+      "engines": {
+        "node": "^12.20 || >=14.13"
+      }
+    },
+    "node_modules/@stoplight/yaml": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/@stoplight/yaml/-/yaml-4.3.0.tgz",
+      "integrity": "sha512-JZlVFE6/dYpP9tQmV0/ADfn32L9uFarHWxfcRhReKUnljz1ZiUM5zpX+PH8h5CJs6lao3TuFqnPm9IJJCEkE2w==",
+      "dependencies": {
+        "@stoplight/ordered-object-literal": "^1.0.5",
+        "@stoplight/types": "^14.1.1",
+        "@stoplight/yaml-ast-parser": "0.0.50",
+        "tslib": "^2.2.0"
+      },
+      "engines": {
+        "node": ">=10.8"
+      }
+    },
+    "node_modules/@stoplight/yaml-ast-parser": {
+      "version": "0.0.50",
+      "resolved": "https://registry.npmjs.org/@stoplight/yaml-ast-parser/-/yaml-ast-parser-0.0.50.tgz",
+      "integrity": "sha512-Pb6M8TDO9DtSVla9yXSTAxmo9GVEouq5P40DWXdOie69bXogZTkgvopCq+yEvTMA0F6PEvdJmbtTV3ccIp11VQ=="
+    },
+    "node_modules/@tsconfig/node10": {
+      "version": "1.0.11",
+      "resolved": "https://registry.npmjs.org/@tsconfig/node10/-/node10-1.0.11.tgz",
+      "integrity": "sha512-DcRjDCujK/kCk/cUe8Xz8ZSpm8mS3mNNpta+jGCA6USEDfktlNvm1+IuZ9eTcDbNk41BHwpHHeW+N1lKCz4zOw=="
+    },
+    "node_modules/@tsconfig/node12": {
+      "version": "1.0.11",
+      "resolved": "https://registry.npmjs.org/@tsconfig/node12/-/node12-1.0.11.tgz",
+      "integrity": "sha512-cqefuRsh12pWyGsIoBKJA9luFu3mRxCA+ORZvA4ktLSzIuCUtWVxGIuXigEwO5/ywWFMZ2QEGKWvkZG1zDMTag=="
+    },
+    "node_modules/@tsconfig/node14": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/@tsconfig/node14/-/node14-1.0.3.tgz",
+      "integrity": "sha512-ysT8mhdixWK6Hw3i1V2AeRqZ5WfXg1G43mqoYlM2nc6388Fq5jcXyr5mRsqViLx/GJYdoL0bfXD8nmF+Zn/Iow=="
+    },
+    "node_modules/@tsconfig/node16": {
+      "version": "1.0.4",
+      "resolved": "https://registry.npmjs.org/@tsconfig/node16/-/node16-1.0.4.tgz",
+      "integrity": "sha512-vxhUy4J8lyeyinH7Azl1pdd43GJhZH/tP2weN8TntQblOY+A0XbT8DJk1/oCPuOOyg/Ja757rG0CgHcWC8OfMA=="
+    },
+    "node_modules/@types/cli-progress": {
+      "version": "3.11.6",
+      "resolved": "https://registry.npmjs.org/@types/cli-progress/-/cli-progress-3.11.6.tgz",
+      "integrity": "sha512-cE3+jb9WRlu+uOSAugewNpITJDt1VF8dHOopPO4IABFc3SXYL5WE/+PTz/FCdZRRfIujiWW3n3aMbv1eIGVRWA==",
+      "dependencies": {
+        "@types/node": "*"
+      }
+    },
+    "node_modules/@types/json-schema": {
+      "version": "7.0.15",
+      "resolved": "https://registry.npmjs.org/@types/json-schema/-/json-schema-7.0.15.tgz",
+      "integrity": "sha512-5+fP8P8MFNC+AyZCDxrB2pkZFPGzqQWUzpSeuuVLvm8VMcorNYavBqoFcxK8bQz4Qsbn4oUEEem4wDLfcysGHA=="
+    },
+    "node_modules/@types/node": {
+      "version": "22.8.1",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-22.8.1.tgz",
+      "integrity": "sha512-k6Gi8Yyo8EtrNtkHXutUu2corfDf9su95VYVP10aGYMMROM6SAItZi0w1XszA6RtWTHSVp5OeFof37w0IEqCQg==",
+      "dependencies": {
+        "undici-types": "~6.19.8"
+      }
+    },
+    "node_modules/@types/stylis": {
+      "version": "4.2.5",
+      "resolved": "https://registry.npmjs.org/@types/stylis/-/stylis-4.2.5.tgz",
+      "integrity": "sha512-1Xve+NMN7FWjY14vLoY5tL3BVEQ/n42YLwaqJIPYhotZ9uBHt87VceMwWQpzmdEt2TNXIorIFG+YeCUUW7RInw=="
+    },
+    "node_modules/abort-controller": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/abort-controller/-/abort-controller-3.0.0.tgz",
+      "integrity": "sha512-h8lQ8tacZYnR3vNQTgibj+tODHI5/+l06Au2Pcriv/Gmet0eaj4TwWH41sO9wnHDiQsEj19q0drzdWdeAHtweg==",
+      "dependencies": {
+        "event-target-shim": "^5.0.0"
+      },
+      "engines": {
+        "node": ">=6.5"
+      }
+    },
+    "node_modules/acorn": {
+      "version": "8.14.0",
+      "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.14.0.tgz",
+      "integrity": "sha512-cl669nCJTZBsL97OF4kUQm5g5hC2uihk0NxY3WENAC0TYdILVkAyHymAntgxGkl7K+t0cXIrH5siy5S4XkFycA==",
+      "bin": {
+        "acorn": "bin/acorn"
+      },
+      "engines": {
+        "node": ">=0.4.0"
+      }
+    },
+    "node_modules/acorn-walk": {
+      "version": "8.3.4",
+      "resolved": "https://registry.npmjs.org/acorn-walk/-/acorn-walk-8.3.4.tgz",
+      "integrity": "sha512-ueEepnujpqee2o5aIYnvHU6C0A42MNdsIDeqy5BydrkuC5R1ZuUFnm27EeFJGoEHJQgn3uleRvmTXaJgfXbt4g==",
+      "dependencies": {
+        "acorn": "^8.11.0"
+      },
+      "engines": {
+        "node": ">=0.4.0"
+      }
+    },
+    "node_modules/agent-base": {
+      "version": "7.1.1",
+      "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-7.1.1.tgz",
+      "integrity": "sha512-H0TSyFNDMomMNJQBn8wFV5YC/2eJ+VXECwOadZJT554xP6cODZHPX3H9QMQECxvrgiSOP1pHjy1sMWQVYJOUOA==",
+      "dependencies": {
+        "debug": "^4.3.4"
+      },
+      "engines": {
+        "node": ">= 14"
+      }
+    },
+    "node_modules/ansi-escapes": {
+      "version": "4.3.2",
+      "resolved": "https://registry.npmjs.org/ansi-escapes/-/ansi-escapes-4.3.2.tgz",
+      "integrity": "sha512-gKXj5ALrKWQLsYG9jlTRmR/xKluxHV+Z9QEwNIgCfM1/uwPMCuzVVnh5mwTd+OuBZcwSIMbqssNWRm1lE51QaQ==",
+      "dependencies": {
+        "type-fest": "^0.21.3"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/ansi-regex": {
+      "version": "5.0.1",
+      "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz",
+      "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/ansi-styles": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
+      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
+      "dependencies": {
+        "color-convert": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      }
+    },
+    "node_modules/ansicolors": {
+      "version": "0.3.2",
+      "resolved": "https://registry.npmjs.org/ansicolors/-/ansicolors-0.3.2.tgz",
+      "integrity": "sha512-QXu7BPrP29VllRxH8GwB7x5iX5qWKAAMLqKQGWTeLWVlNHNOpVMJ91dsxQAIWXpjuW5wqvxu3Jd/nRjrJ+0pqg=="
+    },
+    "node_modules/anymatch": {
+      "version": "3.1.3",
+      "resolved": "https://registry.npmjs.org/anymatch/-/anymatch-3.1.3.tgz",
+      "integrity": "sha512-KMReFUr0B4t+D+OBkjR3KYqvocp2XaSzO55UcB6mgQMd3KbcE+mWTyvVV7D/zsdEbNnV6acZUutkiHQXvTr1Rw==",
+      "dependencies": {
+        "normalize-path": "^3.0.0",
+        "picomatch": "^2.0.4"
+      },
+      "engines": {
+        "node": ">= 8"
+      }
+    },
+    "node_modules/arg": {
+      "version": "4.1.3",
+      "resolved": "https://registry.npmjs.org/arg/-/arg-4.1.3.tgz",
+      "integrity": "sha512-58S9QDqG0Xx27YwPSt9fJxivjYl432YCwfDMfZ+71RAqUrZef7LrKQZ3LHLOwCS4FLNBplP533Zx895SeOCHvA=="
+    },
+    "node_modules/argparse": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz",
+      "integrity": "sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q=="
+    },
+    "node_modules/array-buffer-byte-length": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/array-buffer-byte-length/-/array-buffer-byte-length-1.0.1.tgz",
+      "integrity": "sha512-ahC5W1xgou+KTXix4sAO8Ki12Q+jf4i0+tmk3sC+zgcynshkHxzpXdImBehiUYKKKDwvfFiJl1tZt6ewscS1Mg==",
+      "dependencies": {
+        "call-bind": "^1.0.5",
+        "is-array-buffer": "^3.0.4"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/array-union": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/array-union/-/array-union-2.1.0.tgz",
+      "integrity": "sha512-HGyxoOTYUyCM6stUe6EJgnd4EoewAI7zMdfqO+kGjnlZmBDz/cR5pf8r/cR4Wq60sL/p0IkcjUEEPwS3GFrIyw==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/array.prototype.filter": {
+      "version": "1.0.4",
+      "resolved": "https://registry.npmjs.org/array.prototype.filter/-/array.prototype.filter-1.0.4.tgz",
+      "integrity": "sha512-r+mCJ7zXgXElgR4IRC+fkvNCeoaavWBs6EdCso5Tbcf+iEMKzBU/His60lt34WEZ9vlb8wDkZvQGcVI5GwkfoQ==",
+      "peer": true,
+      "dependencies": {
+        "call-bind": "^1.0.7",
+        "define-properties": "^1.2.1",
+        "es-abstract": "^1.23.2",
+        "es-array-method-boxes-properly": "^1.0.0",
+        "es-object-atoms": "^1.0.0",
+        "is-string": "^1.0.7"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/array.prototype.flat": {
+      "version": "1.3.2",
+      "resolved": "https://registry.npmjs.org/array.prototype.flat/-/array.prototype.flat-1.3.2.tgz",
+      "integrity": "sha512-djYB+Zx2vLewY8RWlNCUdHjDXs2XOgm602S9E7P/UpHgfeHL00cRiIF+IN/G/aUJ7kGPb6yO/ErDI5V2s8iycA==",
+      "peer": true,
+      "dependencies": {
+        "call-bind": "^1.0.2",
+        "define-properties": "^1.2.0",
+        "es-abstract": "^1.22.1",
+        "es-shim-unscopables": "^1.0.0"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/arraybuffer.prototype.slice": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/arraybuffer.prototype.slice/-/arraybuffer.prototype.slice-1.0.3.tgz",
+      "integrity": "sha512-bMxMKAjg13EBSVscxTaYA4mRc5t1UAXa2kXiGTNfZ079HIWXEkKmkgFrh/nJqamaLSrXO5H4WFFkPEaLJWbs3A==",
+      "dependencies": {
+        "array-buffer-byte-length": "^1.0.1",
+        "call-bind": "^1.0.5",
+        "define-properties": "^1.2.1",
+        "es-abstract": "^1.22.3",
+        "es-errors": "^1.2.1",
+        "get-intrinsic": "^1.2.3",
+        "is-array-buffer": "^3.0.4",
+        "is-shared-array-buffer": "^1.0.2"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/astral-regex": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/astral-regex/-/astral-regex-2.0.0.tgz",
+      "integrity": "sha512-Z7tMw1ytTXt5jqMcOP+OQteU1VuNK9Y02uuJtKQ1Sv69jXQKKg5cibLwGJow8yzZP+eAc18EmLGPal0bp36rvQ==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/async": {
+      "version": "3.2.6",
+      "resolved": "https://registry.npmjs.org/async/-/async-3.2.6.tgz",
+      "integrity": "sha512-htCUDlxyyCLMgaM3xXg0C0LW2xqfuQ6p05pCEIsXuyQ+a1koYKTuBMzRNwmybfLgvJDMd0r1LTn4+E0Ti6C2AA=="
+    },
+    "node_modules/async-mutex": {
+      "version": "0.4.1",
+      "resolved": "https://registry.npmjs.org/async-mutex/-/async-mutex-0.4.1.tgz",
+      "integrity": "sha512-WfoBo4E/TbCX1G95XTjbWTE3X2XLG0m1Xbv2cwOtuPdyH9CZvnaA5nCt1ucjaKEgW2A5IF71hxrRhr83Je5xjA==",
+      "dependencies": {
+        "tslib": "^2.4.0"
+      }
+    },
+    "node_modules/asynckit": {
+      "version": "0.4.0",
+      "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz",
+      "integrity": "sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q=="
+    },
+    "node_modules/at-least-node": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/at-least-node/-/at-least-node-1.0.0.tgz",
+      "integrity": "sha512-+q/t7Ekv1EDY2l6Gda6LLiX14rU9TV20Wa3ofeQmwPFZbOMo9DXrLbOjFaaclkXKWidIaopwAObQDqwWtGUjqg==",
+      "engines": {
+        "node": ">= 4.0.0"
+      }
+    },
+    "node_modules/available-typed-arrays": {
+      "version": "1.0.7",
+      "resolved": "https://registry.npmjs.org/available-typed-arrays/-/available-typed-arrays-1.0.7.tgz",
+      "integrity": "sha512-wvUjBtSGN7+7SjNpq/9M2Tg350UZD3q62IFZLbRAR1bSMlCo1ZaeW+BJ+D090e4hIIZLBcTDWe4Mh4jvUDajzQ==",
+      "dependencies": {
+        "possible-typed-array-names": "^1.0.0"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/axios": {
+      "version": "1.7.7",
+      "resolved": "https://registry.npmjs.org/axios/-/axios-1.7.7.tgz",
+      "integrity": "sha512-S4kL7XrjgBmvdGut0sN3yJxqYzrDOnivkBiN0OFs6hLiUam3UPvswUo0kqGyhqUZGEOytHyumEdXsAkgCOUf3Q==",
+      "dependencies": {
+        "follow-redirects": "^1.15.6",
+        "form-data": "^4.0.0",
+        "proxy-from-env": "^1.1.0"
+      }
+    },
+    "node_modules/balanced-match": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz",
+      "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw=="
+    },
+    "node_modules/binary-extensions": {
+      "version": "2.3.0",
+      "resolved": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.3.0.tgz",
+      "integrity": "sha512-Ceh+7ox5qe7LJuLHoY0feh3pHuUDHAcRUeyL2VYghZwfpkNIy/+8Ocg0a3UuSoYzavmylwuLWQOf3hl0jjMMIw==",
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/boolbase": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/boolbase/-/boolbase-1.0.0.tgz",
+      "integrity": "sha512-JZOSA7Mo9sNGB8+UjSgzdLtokWAky1zbztM3WRLCbZ70/3cTANmQmOdR7y2g+J0e2WXywy1yS468tY+IruqEww==",
+      "peer": true
+    },
+    "node_modules/brace-expansion": {
+      "version": "1.1.11",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz",
+      "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==",
+      "dependencies": {
+        "balanced-match": "^1.0.0",
+        "concat-map": "0.0.1"
+      }
+    },
+    "node_modules/braces": {
+      "version": "3.0.3",
+      "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.3.tgz",
+      "integrity": "sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==",
+      "dependencies": {
+        "fill-range": "^7.1.1"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/bump-cli": {
+      "version": "2.8.4",
+      "resolved": "https://registry.npmjs.org/bump-cli/-/bump-cli-2.8.4.tgz",
+      "integrity": "sha512-FwcsaY1jmCtwXkuIhkPxGLysLrxCJKnl54PHutb7N4FIuO9Hq8Xjn1giEfO3ZK8UGVZ9DiAb11H9ypFP6WNnhQ==",
+      "dependencies": {
+        "@apidevtools/json-schema-ref-parser": "^9.0.7",
+        "@asyncapi/specs": "^5.1.0",
+        "@clack/prompts": "^0.6.3",
+        "@oclif/command": "^1.8.36",
+        "@oclif/config": "^1.18.17",
+        "@oclif/core": "1.20.4",
+        "@oclif/plugin-help": "^5.1.10",
+        "@stoplight/yaml": "^4.2.3",
+        "async-mutex": "^0.4.0",
+        "axios": "^1.6.4",
+        "debug": "^4.3.1",
+        "jsonpath": "^1.1.1",
+        "mergician": "^1.0.3",
+        "oas-schemas": "git+https://git@github.com/OAI/OpenAPI-Specification.git#0f9d3ec7c033fef184ec54e1ffc201b2d61ce023",
+        "tslib": "^2.3.0"
+      },
+      "bin": {
+        "bump": "bin/run"
+      },
+      "engines": {
+        "node": ">=16.0.0"
+      }
+    },
+    "node_modules/call-bind": {
+      "version": "1.0.7",
+      "resolved": "https://registry.npmjs.org/call-bind/-/call-bind-1.0.7.tgz",
+      "integrity": "sha512-GHTSNSYICQ7scH7sZ+M2rFopRoLh8t2bLSW6BbgrtLsahOIB5iyAVJf9GjWK3cYTDaMj4XdBpM1cA6pIS0Kv2w==",
+      "dependencies": {
+        "es-define-property": "^1.0.0",
+        "es-errors": "^1.3.0",
+        "function-bind": "^1.1.2",
+        "get-intrinsic": "^1.2.4",
+        "set-function-length": "^1.2.1"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/call-me-maybe": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/call-me-maybe/-/call-me-maybe-1.0.2.tgz",
+      "integrity": "sha512-HpX65o1Hnr9HH25ojC1YGs7HCQLq0GCOibSaWER0eNpgJ/Z1MZv2mTc7+xh6WOPxbRVcmgbv4hGU+uSQ/2xFZQ=="
+    },
+    "node_modules/camelize": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/camelize/-/camelize-1.0.1.tgz",
+      "integrity": "sha512-dU+Tx2fsypxTgtLoE36npi3UqcjSSMNYfkqgmoEhtZrraP5VWq0K7FkWVTYa8eMPtnU/G2txVsfdCJTn9uzpuQ==",
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/cardinal": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/cardinal/-/cardinal-2.1.1.tgz",
+      "integrity": "sha512-JSr5eOgoEymtYHBjNWyjrMqet9Am2miJhlfKNdqLp6zoeAh0KN5dRAcxlecj5mAJrmQomgiOBj35xHLrFjqBpw==",
+      "dependencies": {
+        "ansicolors": "~0.3.2",
+        "redeyed": "~2.1.0"
+      },
+      "bin": {
+        "cdl": "bin/cdl.js"
+      }
+    },
+    "node_modules/chalk": {
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
+      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
+      "dependencies": {
+        "ansi-styles": "^4.1.0",
+        "supports-color": "^7.1.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/chalk?sponsor=1"
+      }
+    },
+    "node_modules/chalk/node_modules/supports-color": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
+      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
+      "dependencies": {
+        "has-flag": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/cheerio": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/cheerio/-/cheerio-1.0.0.tgz",
+      "integrity": "sha512-quS9HgjQpdaXOvsZz82Oz7uxtXiy6UIsIQcpBj7HRw2M63Skasm9qlDocAM7jNuaxdhpPU7c4kJN+gA5MCu4ww==",
+      "peer": true,
+      "dependencies": {
+        "cheerio-select": "^2.1.0",
+        "dom-serializer": "^2.0.0",
+        "domhandler": "^5.0.3",
+        "domutils": "^3.1.0",
+        "encoding-sniffer": "^0.2.0",
+        "htmlparser2": "^9.1.0",
+        "parse5": "^7.1.2",
+        "parse5-htmlparser2-tree-adapter": "^7.0.0",
+        "parse5-parser-stream": "^7.1.2",
+        "undici": "^6.19.5",
+        "whatwg-mimetype": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=18.17"
+      },
+      "funding": {
+        "url": "https://github.com/cheeriojs/cheerio?sponsor=1"
+      }
+    },
+    "node_modules/cheerio-select": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/cheerio-select/-/cheerio-select-2.1.0.tgz",
+      "integrity": "sha512-9v9kG0LvzrlcungtnJtpGNxY+fzECQKhK4EGJX2vByejiMX84MFNQw4UxPJl3bFbTMw+Dfs37XaIkCwTZfLh4g==",
+      "peer": true,
+      "dependencies": {
+        "boolbase": "^1.0.0",
+        "css-select": "^5.1.0",
+        "css-what": "^6.1.0",
+        "domelementtype": "^2.3.0",
+        "domhandler": "^5.0.3",
+        "domutils": "^3.0.1"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/fb55"
+      }
+    },
+    "node_modules/chokidar": {
+      "version": "3.6.0",
+      "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-3.6.0.tgz",
+      "integrity": "sha512-7VT13fmjotKpGipCW9JEQAusEPE+Ei8nl6/g4FBAmIm0GOOLMua9NDDo/DWp0ZAxCr3cPq5ZpBqmPAQgDda2Pw==",
+      "dependencies": {
+        "anymatch": "~3.1.2",
+        "braces": "~3.0.2",
+        "glob-parent": "~5.1.2",
+        "is-binary-path": "~2.1.0",
+        "is-glob": "~4.0.1",
+        "normalize-path": "~3.0.0",
+        "readdirp": "~3.6.0"
+      },
+      "engines": {
+        "node": ">= 8.10.0"
+      },
+      "funding": {
+        "url": "https://paulmillr.com/funding/"
+      },
+      "optionalDependencies": {
+        "fsevents": "~2.3.2"
+      }
+    },
+    "node_modules/classnames": {
+      "version": "2.5.1",
+      "resolved": "https://registry.npmjs.org/classnames/-/classnames-2.5.1.tgz",
+      "integrity": "sha512-saHYOzhIQs6wy2sVxTM6bUDsQO4F50V9RQ22qBpEdCW+I+/Wmke2HOl6lS6dTpdxVhb88/I6+Hs+438c3lfUow=="
+    },
+    "node_modules/clean-stack": {
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/clean-stack/-/clean-stack-3.0.1.tgz",
+      "integrity": "sha512-lR9wNiMRcVQjSB3a7xXGLuz4cr4wJuuXlaAEbRutGowQTmlp7R72/DOgN21e8jdwblMWl9UOJMJXarX94pzKdg==",
+      "dependencies": {
+        "escape-string-regexp": "4.0.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/cli-progress": {
+      "version": "3.12.0",
+      "resolved": "https://registry.npmjs.org/cli-progress/-/cli-progress-3.12.0.tgz",
+      "integrity": "sha512-tRkV3HJ1ASwm19THiiLIXLO7Im7wlTuKnvkYaTkyoAPefqjNg7W7DHKUlGRxy9vxDvbyCYQkQozvptuMkGCg8A==",
+      "dependencies": {
+        "string-width": "^4.2.3"
+      },
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/cliui": {
+      "version": "7.0.4",
+      "resolved": "https://registry.npmjs.org/cliui/-/cliui-7.0.4.tgz",
+      "integrity": "sha512-OcRE68cOsVMXp1Yvonl/fzkQOyjLSu/8bhPDfQt0e0/Eb283TKP20Fs2MqoPsr9SwA595rRCA+QMzYc9nBP+JQ==",
+      "dependencies": {
+        "string-width": "^4.2.0",
+        "strip-ansi": "^6.0.0",
+        "wrap-ansi": "^7.0.0"
+      }
+    },
+    "node_modules/clsx": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/clsx/-/clsx-2.1.1.tgz",
+      "integrity": "sha512-eYm0QWBtUrBWZWG0d386OGAw16Z995PiOVo2B7bjWSbHedGl5e0ZWaq65kOGgUSNesEIDkB9ISbTg/JK9dhCZA==",
+      "engines": {
+        "node": ">=6"
+      }
+    },
+    "node_modules/color-convert": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+      "dependencies": {
+        "color-name": "~1.1.4"
+      },
+      "engines": {
+        "node": ">=7.0.0"
+      }
+    },
+    "node_modules/color-name": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
+    },
+    "node_modules/colorette": {
+      "version": "1.4.0",
+      "resolved": "https://registry.npmjs.org/colorette/-/colorette-1.4.0.tgz",
+      "integrity": "sha512-Y2oEozpomLn7Q3HFP7dpww7AtMJplbM9lGZP6RDfHqmbeRjiwRg4n6VM6j4KLmRke85uWEI7JqF17f3pqdRA0g=="
+    },
+    "node_modules/combined-stream": {
+      "version": "1.0.8",
+      "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz",
+      "integrity": "sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==",
+      "dependencies": {
+        "delayed-stream": "~1.0.0"
+      },
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/commander": {
+      "version": "2.20.3",
+      "resolved": "https://registry.npmjs.org/commander/-/commander-2.20.3.tgz",
+      "integrity": "sha512-GpVkmM8vF2vQUkj2LvZmD35JxeJOLCwJ9cUkugyk2nuhbv3+mJvpLYYt+0+USMxE+oj+ey/lJEnhZw75x/OMcQ==",
+      "peer": true
+    },
+    "node_modules/concat-map": {
+      "version": "0.0.1",
+      "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz",
+      "integrity": "sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg=="
+    },
+    "node_modules/core-js": {
+      "version": "3.39.0",
+      "resolved": "https://registry.npmjs.org/core-js/-/core-js-3.39.0.tgz",
+      "integrity": "sha512-raM0ew0/jJUqkJ0E6e8UDtl+y/7ktFivgWvqw8dNSQeNWoSDLvQ1H/RN3aPXB9tBd4/FhyR4RDPGhsNIMsAn7g==",
+      "hasInstallScript": true,
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/core-js"
+      }
+    },
+    "node_modules/create-require": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/create-require/-/create-require-1.1.1.tgz",
+      "integrity": "sha512-dcKFX3jn0MpIaXjisoRvexIJVEKzaq7z2rZKxf+MSr9TkdmHmsU4m2lcLojrj/FHl8mk5VxMmYA+ftRkP/3oKQ=="
+    },
+    "node_modules/cross-spawn": {
+      "version": "7.0.3",
+      "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz",
+      "integrity": "sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==",
+      "dependencies": {
+        "path-key": "^3.1.0",
+        "shebang-command": "^2.0.0",
+        "which": "^2.0.1"
+      },
+      "engines": {
+        "node": ">= 8"
+      }
+    },
+    "node_modules/css-color-keywords": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/css-color-keywords/-/css-color-keywords-1.0.0.tgz",
+      "integrity": "sha512-FyyrDHZKEjXDpNJYvVsV960FiqQyXc/LlYmsxl2BcdMb2WPx0OGRVgTg55rPSyLSNMqP52R9r8geSp7apN3Ofg==",
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/css-select": {
+      "version": "5.1.0",
+      "resolved": "https://registry.npmjs.org/css-select/-/css-select-5.1.0.tgz",
+      "integrity": "sha512-nwoRF1rvRRnnCqqY7updORDsuqKzqYJ28+oSMaJMMgOauh3fvwHqMS7EZpIPqK8GL+g9mKxF1vP/ZjSeNjEVHg==",
+      "peer": true,
+      "dependencies": {
+        "boolbase": "^1.0.0",
+        "css-what": "^6.1.0",
+        "domhandler": "^5.0.2",
+        "domutils": "^3.0.1",
+        "nth-check": "^2.0.1"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/fb55"
+      }
+    },
+    "node_modules/css-to-react-native": {
+      "version": "3.2.0",
+      "resolved": "https://registry.npmjs.org/css-to-react-native/-/css-to-react-native-3.2.0.tgz",
+      "integrity": "sha512-e8RKaLXMOFii+02mOlqwjbD00KSEKqblnpO9e++1aXS1fPQOpS1YoqdVHBqPjHNoxeF2mimzVqawm2KCbEdtHQ==",
+      "dependencies": {
+        "camelize": "^1.0.0",
+        "css-color-keywords": "^1.0.0",
+        "postcss-value-parser": "^4.0.2"
+      }
+    },
+    "node_modules/css-what": {
+      "version": "6.1.0",
+      "resolved": "https://registry.npmjs.org/css-what/-/css-what-6.1.0.tgz",
+      "integrity": "sha512-HTUrgRJ7r4dsZKU6GjmpfRK1O76h97Z8MfS1G0FozR+oF2kG6Vfe8JE6zwrkbxigziPHinCJ+gCPjA9EaBDtRw==",
+      "peer": true,
+      "engines": {
+        "node": ">= 6"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/fb55"
+      }
+    },
+    "node_modules/csstype": {
+      "version": "3.1.3",
+      "resolved": "https://registry.npmjs.org/csstype/-/csstype-3.1.3.tgz",
+      "integrity": "sha512-M1uQkMl8rQK/szD0LNhtqxIPLpimGm8sOBwU7lLnCpSbTyY3yeU1Vc7l4KT5zT4s/yOxHH5O7tIuuLOCnLADRw=="
+    },
+    "node_modules/data-view-buffer": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/data-view-buffer/-/data-view-buffer-1.0.1.tgz",
+      "integrity": "sha512-0lht7OugA5x3iJLOWFhWK/5ehONdprk0ISXqVFn/NFrDu+cuc8iADFrGQz5BnRK7LLU3JmkbXSxaqX+/mXYtUA==",
+      "dependencies": {
+        "call-bind": "^1.0.6",
+        "es-errors": "^1.3.0",
+        "is-data-view": "^1.0.1"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/data-view-byte-length": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/data-view-byte-length/-/data-view-byte-length-1.0.1.tgz",
+      "integrity": "sha512-4J7wRJD3ABAzr8wP+OcIcqq2dlUKp4DVflx++hs5h5ZKydWMI6/D/fAot+yh6g2tHh8fLFTvNOaVN357NvSrOQ==",
+      "dependencies": {
+        "call-bind": "^1.0.7",
+        "es-errors": "^1.3.0",
+        "is-data-view": "^1.0.1"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/data-view-byte-offset": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/data-view-byte-offset/-/data-view-byte-offset-1.0.0.tgz",
+      "integrity": "sha512-t/Ygsytq+R995EJ5PZlD4Cu56sWa8InXySaViRzw9apusqsOO2bQP+SbYzAhR0pFKoB+43lYy8rWban9JSuXnA==",
+      "dependencies": {
+        "call-bind": "^1.0.6",
+        "es-errors": "^1.3.0",
+        "is-data-view": "^1.0.1"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/debug": {
+      "version": "4.3.7",
+      "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.7.tgz",
+      "integrity": "sha512-Er2nc/H7RrMXZBFCEim6TCmMk02Z8vLC2Rbi1KEBggpo0fS6l0S1nnapwmIi3yW/+GOJap1Krg4w0Hg80oCqgQ==",
+      "dependencies": {
+        "ms": "^2.1.3"
+      },
+      "engines": {
+        "node": ">=6.0"
+      },
+      "peerDependenciesMeta": {
+        "supports-color": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/decko": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/decko/-/decko-1.2.0.tgz",
+      "integrity": "sha512-m8FnyHXV1QX+S1cl+KPFDIl6NMkxtKsy6+U/aYyjrOqWMuwAwYWu7ePqrsUHtDR5Y8Yk2pi/KIDSgF+vT4cPOQ=="
+    },
+    "node_modules/deep-is": {
+      "version": "0.1.4",
+      "resolved": "https://registry.npmjs.org/deep-is/-/deep-is-0.1.4.tgz",
+      "integrity": "sha512-oIPzksmTg4/MriiaYGO+okXDT7ztn/w3Eptv/+gSIdMdKsJo0u4CfYNFJPy+4SKMuCqGw2wxnA+URMg3t8a/bQ=="
+    },
+    "node_modules/define-data-property": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/define-data-property/-/define-data-property-1.1.4.tgz",
+      "integrity": "sha512-rBMvIzlpA8v6E+SJZoo++HAYqsLrkg7MSfIinMPFhmkorw7X+dOXVJQs+QT69zGkzMyfDnIMN2Wid1+NbL3T+A==",
+      "dependencies": {
+        "es-define-property": "^1.0.0",
+        "es-errors": "^1.3.0",
+        "gopd": "^1.0.1"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/define-properties": {
+      "version": "1.2.1",
+      "resolved": "https://registry.npmjs.org/define-properties/-/define-properties-1.2.1.tgz",
+      "integrity": "sha512-8QmQKqEASLd5nx0U1B1okLElbUuuttJ/AnYmRXbbbGDWh6uS208EjD4Xqq/I9wK7u0v6O08XhTWnt5XtEbR6Dg==",
+      "dependencies": {
+        "define-data-property": "^1.0.1",
+        "has-property-descriptors": "^1.0.0",
+        "object-keys": "^1.1.1"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/delayed-stream": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz",
+      "integrity": "sha512-ZySD7Nf91aLB0RxL4KGrKHBXl7Eds1DAmEdcoVawXnLD7SDhpNgtuII2aAkg7a7QS41jxPSZ17p4VdGnMHk3MQ==",
+      "engines": {
+        "node": ">=0.4.0"
+      }
+    },
+    "node_modules/diff": {
+      "version": "4.0.2",
+      "resolved": "https://registry.npmjs.org/diff/-/diff-4.0.2.tgz",
+      "integrity": "sha512-58lmxKSA4BNyLz+HHMUzlOEpg09FV+ev6ZMe3vJihgdxzgcwZ8VoEEPmALCZG9LmqfVoNMMKpttIYTVG6uDY7A==",
+      "engines": {
+        "node": ">=0.3.1"
+      }
+    },
+    "node_modules/dir-glob": {
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/dir-glob/-/dir-glob-3.0.1.tgz",
+      "integrity": "sha512-WkrWp9GR4KXfKGYzOLmTuGVi1UWFfws377n9cc55/tb6DuqyF6pcQ5AbiHEshaDpY9v6oaSr2XCDidGmMwdzIA==",
+      "dependencies": {
+        "path-type": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/discontinuous-range": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/discontinuous-range/-/discontinuous-range-1.0.0.tgz",
+      "integrity": "sha512-c68LpLbO+7kP/b1Hr1qs8/BJ09F5khZGTxqxZuhzxpmwJKOgRFHJWIb9/KmqnqHhLdO55aOxFH/EGBvUQbL/RQ==",
+      "peer": true
+    },
+    "node_modules/dom-serializer": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/dom-serializer/-/dom-serializer-2.0.0.tgz",
+      "integrity": "sha512-wIkAryiqt/nV5EQKqQpo3SToSOV9J0DnbJqwK7Wv/Trc92zIAYZ4FlMu+JPFW1DfGFt81ZTCGgDEabffXeLyJg==",
+      "peer": true,
+      "dependencies": {
+        "domelementtype": "^2.3.0",
+        "domhandler": "^5.0.2",
+        "entities": "^4.2.0"
+      },
+      "funding": {
+        "url": "https://github.com/cheeriojs/dom-serializer?sponsor=1"
+      }
+    },
+    "node_modules/domelementtype": {
+      "version": "2.3.0",
+      "resolved": "https://registry.npmjs.org/domelementtype/-/domelementtype-2.3.0.tgz",
+      "integrity": "sha512-OLETBj6w0OsagBwdXnPdN0cnMfF9opN69co+7ZrbfPGrdpPVNBUj02spi6B1N7wChLQiPn4CSH/zJvXw56gmHw==",
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/fb55"
+        }
+      ],
+      "peer": true
+    },
+    "node_modules/domhandler": {
+      "version": "5.0.3",
+      "resolved": "https://registry.npmjs.org/domhandler/-/domhandler-5.0.3.tgz",
+      "integrity": "sha512-cgwlv/1iFQiFnU96XXgROh8xTeetsnJiDsTc7TYCLFd9+/WNkIqPTxiM/8pSd8VIrhXGTf1Ny1q1hquVqDJB5w==",
+      "peer": true,
+      "dependencies": {
+        "domelementtype": "^2.3.0"
+      },
+      "engines": {
+        "node": ">= 4"
+      },
+      "funding": {
+        "url": "https://github.com/fb55/domhandler?sponsor=1"
+      }
+    },
+    "node_modules/dompurify": {
+      "version": "3.1.7",
+      "resolved": "https://registry.npmjs.org/dompurify/-/dompurify-3.1.7.tgz",
+      "integrity": "sha512-VaTstWtsneJY8xzy7DekmYWEOZcmzIe3Qb3zPd4STve1OBTa+e+WmS1ITQec1fZYXI3HCsOZZiSMpG6oxoWMWQ=="
+    },
+    "node_modules/domutils": {
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/domutils/-/domutils-3.1.0.tgz",
+      "integrity": "sha512-H78uMmQtI2AhgDJjWeQmHwJJ2bLPD3GMmO7Zja/ZZh84wkm+4ut+IUnUdRa8uCGX88DiVx1j6FRe1XfxEgjEZA==",
+      "peer": true,
+      "dependencies": {
+        "dom-serializer": "^2.0.0",
+        "domelementtype": "^2.3.0",
+        "domhandler": "^5.0.3"
+      },
+      "funding": {
+        "url": "https://github.com/fb55/domutils?sponsor=1"
+      }
+    },
+    "node_modules/ejs": {
+      "version": "3.1.10",
+      "resolved": "https://registry.npmjs.org/ejs/-/ejs-3.1.10.tgz",
+      "integrity": "sha512-UeJmFfOrAQS8OJWPZ4qtgHyWExa088/MtK5UEyoJGFH67cDEXkZSviOiKRCZ4Xij0zxI3JECgYs3oKx+AizQBA==",
+      "dependencies": {
+        "jake": "^10.8.5"
+      },
+      "bin": {
+        "ejs": "bin/cli.js"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/emoji-regex": {
+      "version": "8.0.0",
+      "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz",
+      "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A=="
+    },
+    "node_modules/encoding-sniffer": {
+      "version": "0.2.0",
+      "resolved": "https://registry.npmjs.org/encoding-sniffer/-/encoding-sniffer-0.2.0.tgz",
+      "integrity": "sha512-ju7Wq1kg04I3HtiYIOrUrdfdDvkyO9s5XM8QAj/bN61Yo/Vb4vgJxy5vi4Yxk01gWHbrofpPtpxM8bKger9jhg==",
+      "peer": true,
+      "dependencies": {
+        "iconv-lite": "^0.6.3",
+        "whatwg-encoding": "^3.1.1"
+      },
+      "funding": {
+        "url": "https://github.com/fb55/encoding-sniffer?sponsor=1"
+      }
+    },
+    "node_modules/entities": {
+      "version": "4.5.0",
+      "resolved": "https://registry.npmjs.org/entities/-/entities-4.5.0.tgz",
+      "integrity": "sha512-V0hjH4dGPh9Ao5p0MoRY6BVqtwCjhz6vI5LT8AJ55H+4g9/4vbHx1I54fS0XuclLhDHArPQCiMjDxjaL8fPxhw==",
+      "peer": true,
+      "engines": {
+        "node": ">=0.12"
+      },
+      "funding": {
+        "url": "https://github.com/fb55/entities?sponsor=1"
+      }
+    },
+    "node_modules/enzyme": {
+      "version": "3.11.0",
+      "resolved": "https://registry.npmjs.org/enzyme/-/enzyme-3.11.0.tgz",
+      "integrity": "sha512-Dw8/Gs4vRjxY6/6i9wU0V+utmQO9kvh9XLnz3LIudviOnVYDEe2ec+0k+NQoMamn1VrjKgCUOWj5jG/5M5M0Qw==",
+      "peer": true,
+      "dependencies": {
+        "array.prototype.flat": "^1.2.3",
+        "cheerio": "^1.0.0-rc.3",
+        "enzyme-shallow-equal": "^1.0.1",
+        "function.prototype.name": "^1.1.2",
+        "has": "^1.0.3",
+        "html-element-map": "^1.2.0",
+        "is-boolean-object": "^1.0.1",
+        "is-callable": "^1.1.5",
+        "is-number-object": "^1.0.4",
+        "is-regex": "^1.0.5",
+        "is-string": "^1.0.5",
+        "is-subset": "^0.1.1",
+        "lodash.escape": "^4.0.1",
+        "lodash.isequal": "^4.5.0",
+        "object-inspect": "^1.7.0",
+        "object-is": "^1.0.2",
+        "object.assign": "^4.1.0",
+        "object.entries": "^1.1.1",
+        "object.values": "^1.1.1",
+        "raf": "^3.4.1",
+        "rst-selector-parser": "^2.2.3",
+        "string.prototype.trim": "^1.2.1"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/enzyme-shallow-equal": {
+      "version": "1.0.7",
+      "resolved": "https://registry.npmjs.org/enzyme-shallow-equal/-/enzyme-shallow-equal-1.0.7.tgz",
+      "integrity": "sha512-/um0GFqUXnpM9SvKtje+9Tjoz3f1fpBC3eXRFrNs8kpYn69JljciYP7KZTqM/YQbUY9KUjvKB4jo/q+L6WGGvg==",
+      "dependencies": {
+        "hasown": "^2.0.0",
+        "object-is": "^1.1.5"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/es-abstract": {
+      "version": "1.23.3",
+      "resolved": "https://registry.npmjs.org/es-abstract/-/es-abstract-1.23.3.tgz",
+      "integrity": "sha512-e+HfNH61Bj1X9/jLc5v1owaLYuHdeHHSQlkhCBiTK8rBvKaULl/beGMxwrMXjpYrv4pz22BlY570vVePA2ho4A==",
+      "dependencies": {
+        "array-buffer-byte-length": "^1.0.1",
+        "arraybuffer.prototype.slice": "^1.0.3",
+        "available-typed-arrays": "^1.0.7",
+        "call-bind": "^1.0.7",
+        "data-view-buffer": "^1.0.1",
+        "data-view-byte-length": "^1.0.1",
+        "data-view-byte-offset": "^1.0.0",
+        "es-define-property": "^1.0.0",
+        "es-errors": "^1.3.0",
+        "es-object-atoms": "^1.0.0",
+        "es-set-tostringtag": "^2.0.3",
+        "es-to-primitive": "^1.2.1",
+        "function.prototype.name": "^1.1.6",
+        "get-intrinsic": "^1.2.4",
+        "get-symbol-description": "^1.0.2",
+        "globalthis": "^1.0.3",
+        "gopd": "^1.0.1",
+        "has-property-descriptors": "^1.0.2",
+        "has-proto": "^1.0.3",
+        "has-symbols": "^1.0.3",
+        "hasown": "^2.0.2",
+        "internal-slot": "^1.0.7",
+        "is-array-buffer": "^3.0.4",
+        "is-callable": "^1.2.7",
+        "is-data-view": "^1.0.1",
+        "is-negative-zero": "^2.0.3",
+        "is-regex": "^1.1.4",
+        "is-shared-array-buffer": "^1.0.3",
+        "is-string": "^1.0.7",
+        "is-typed-array": "^1.1.13",
+        "is-weakref": "^1.0.2",
+        "object-inspect": "^1.13.1",
+        "object-keys": "^1.1.1",
+        "object.assign": "^4.1.5",
+        "regexp.prototype.flags": "^1.5.2",
+        "safe-array-concat": "^1.1.2",
+        "safe-regex-test": "^1.0.3",
+        "string.prototype.trim": "^1.2.9",
+        "string.prototype.trimend": "^1.0.8",
+        "string.prototype.trimstart": "^1.0.8",
+        "typed-array-buffer": "^1.0.2",
+        "typed-array-byte-length": "^1.0.1",
+        "typed-array-byte-offset": "^1.0.2",
+        "typed-array-length": "^1.0.6",
+        "unbox-primitive": "^1.0.2",
+        "which-typed-array": "^1.1.15"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/es-array-method-boxes-properly": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/es-array-method-boxes-properly/-/es-array-method-boxes-properly-1.0.0.tgz",
+      "integrity": "sha512-wd6JXUmyHmt8T5a2xreUwKcGPq6f1f+WwIJkijUqiGcJz1qqnZgP6XIK+QyIWU5lT7imeNxUll48bziG+TSYcA==",
+      "peer": true
+    },
+    "node_modules/es-define-property": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/es-define-property/-/es-define-property-1.0.0.tgz",
+      "integrity": "sha512-jxayLKShrEqqzJ0eumQbVhTYQM27CfT1T35+gCgDFoL82JLsXqTJ76zv6A0YLOgEnLUMvLzsDsGIrl8NFpT2gQ==",
+      "dependencies": {
+        "get-intrinsic": "^1.2.4"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/es-errors": {
+      "version": "1.3.0",
+      "resolved": "https://registry.npmjs.org/es-errors/-/es-errors-1.3.0.tgz",
+      "integrity": "sha512-Zf5H2Kxt2xjTvbJvP2ZWLEICxA6j+hAmMzIlypy4xcBg1vKVnx89Wy0GbS+kf5cwCVFFzdCFh2XSCFNULS6csw==",
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/es-object-atoms": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/es-object-atoms/-/es-object-atoms-1.0.0.tgz",
+      "integrity": "sha512-MZ4iQ6JwHOBQjahnjwaC1ZtIBH+2ohjamzAO3oaHcXYup7qxjF2fixyH+Q71voWHeOkI2q/TnJao/KfXYIZWbw==",
+      "dependencies": {
+        "es-errors": "^1.3.0"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/es-set-tostringtag": {
+      "version": "2.0.3",
+      "resolved": "https://registry.npmjs.org/es-set-tostringtag/-/es-set-tostringtag-2.0.3.tgz",
+      "integrity": "sha512-3T8uNMC3OQTHkFUsFq8r/BwAXLHvU/9O9mE0fBc/MY5iq/8H7ncvO947LmYA6ldWw9Uh8Yhf25zu6n7nML5QWQ==",
+      "dependencies": {
+        "get-intrinsic": "^1.2.4",
+        "has-tostringtag": "^1.0.2",
+        "hasown": "^2.0.1"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/es-shim-unscopables": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/es-shim-unscopables/-/es-shim-unscopables-1.0.2.tgz",
+      "integrity": "sha512-J3yBRXCzDu4ULnQwxyToo/OjdMx6akgVC7K6few0a7F/0wLtmKKN7I73AH5T2836UuXRqN7Qg+IIUw/+YJksRw==",
+      "peer": true,
+      "dependencies": {
+        "hasown": "^2.0.0"
+      }
+    },
+    "node_modules/es-to-primitive": {
+      "version": "1.2.1",
+      "resolved": "https://registry.npmjs.org/es-to-primitive/-/es-to-primitive-1.2.1.tgz",
+      "integrity": "sha512-QCOllgZJtaUo9miYBcLChTUaHNjJF3PYs1VidD7AwiEj1kYxKeQTctLAezAOH5ZKRH0g2IgPn6KwB4IT8iRpvA==",
+      "dependencies": {
+        "is-callable": "^1.1.4",
+        "is-date-object": "^1.0.1",
+        "is-symbol": "^1.0.2"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/es6-promise": {
+      "version": "3.3.1",
+      "resolved": "https://registry.npmjs.org/es6-promise/-/es6-promise-3.3.1.tgz",
+      "integrity": "sha512-SOp9Phqvqn7jtEUxPWdWfWoLmyt2VaJ6MpvP9Comy1MceMXqE6bxvaTu4iaxpYYPzhny28Lc+M87/c2cPK6lDg=="
+    },
+    "node_modules/escalade": {
+      "version": "3.2.0",
+      "resolved": "https://registry.npmjs.org/escalade/-/escalade-3.2.0.tgz",
+      "integrity": "sha512-WUj2qlxaQtO4g6Pq5c29GTcWGDyd8itL8zTlipgECz3JesAiiOKotd8JU6otB3PACgG6xkJUyVhboMS+bje/jA==",
+      "engines": {
+        "node": ">=6"
+      }
+    },
+    "node_modules/escape-string-regexp": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-4.0.0.tgz",
+      "integrity": "sha512-TtpcNJ3XAzx3Gq8sWRzJaVajRs0uVxA2YAkdb1jm2YkPz4G6egUFAyA3n5vtEIZefPk5Wa4UXbKuS5fKkJWdgA==",
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/escodegen": {
+      "version": "1.14.3",
+      "resolved": "https://registry.npmjs.org/escodegen/-/escodegen-1.14.3.tgz",
+      "integrity": "sha512-qFcX0XJkdg+PB3xjZZG/wKSuT1PnQWx57+TVSjIMmILd2yC/6ByYElPwJnslDsuWuSAp4AwJGumarAAmJch5Kw==",
+      "dependencies": {
+        "esprima": "^4.0.1",
+        "estraverse": "^4.2.0",
+        "esutils": "^2.0.2",
+        "optionator": "^0.8.1"
+      },
+      "bin": {
+        "escodegen": "bin/escodegen.js",
+        "esgenerate": "bin/esgenerate.js"
+      },
+      "engines": {
+        "node": ">=4.0"
+      },
+      "optionalDependencies": {
+        "source-map": "~0.6.1"
+      }
+    },
+    "node_modules/escodegen/node_modules/esprima": {
+      "version": "4.0.1",
+      "resolved": "https://registry.npmjs.org/esprima/-/esprima-4.0.1.tgz",
+      "integrity": "sha512-eGuFFw7Upda+g4p+QHvnW0RyTX/SVeJBDM/gCtMARO0cLuT2HcEKnTPvhjV6aGeqrCB/sbNop0Kszm0jsaWU4A==",
+      "bin": {
+        "esparse": "bin/esparse.js",
+        "esvalidate": "bin/esvalidate.js"
+      },
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/esprima": {
+      "version": "1.2.2",
+      "resolved": "https://registry.npmjs.org/esprima/-/esprima-1.2.2.tgz",
+      "integrity": "sha512-+JpPZam9w5DuJ3Q67SqsMGtiHKENSMRVoxvArfJZK01/BfLEObtZ6orJa/MtoGNR/rfMgp5837T41PAmTwAv/A==",
+      "bin": {
+        "esparse": "bin/esparse.js",
+        "esvalidate": "bin/esvalidate.js"
+      },
+      "engines": {
+        "node": ">=0.4.0"
+      }
+    },
+    "node_modules/estraverse": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/estraverse/-/estraverse-4.3.0.tgz",
+      "integrity": "sha512-39nnKffWz8xN1BU/2c79n9nB9HDzo0niYUqx6xyqUnyoAnQyyWpOTdZEeiCch8BBu515t4wp9ZmgVfVhn9EBpw==",
+      "engines": {
+        "node": ">=4.0"
+      }
+    },
+    "node_modules/esutils": {
+      "version": "2.0.3",
+      "resolved": "https://registry.npmjs.org/esutils/-/esutils-2.0.3.tgz",
+      "integrity": "sha512-kVscqXk4OCp68SZ0dkgEKVi6/8ij300KBWTJq32P/dYeWTSwK41WyTxalN1eRmA5Z9UU/LX9D7FWSmV9SAYx6g==",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/event-target-shim": {
+      "version": "5.0.1",
+      "resolved": "https://registry.npmjs.org/event-target-shim/-/event-target-shim-5.0.1.tgz",
+      "integrity": "sha512-i/2XbnSz/uxRCU6+NdVJgKWDTM427+MqYbkQzD321DuCQJUqOuJKIA0IM2+W2xtYHdKOmZ4dR6fExsd4SXL+WQ==",
+      "engines": {
+        "node": ">=6"
+      }
+    },
+    "node_modules/eventemitter3": {
+      "version": "5.0.1",
+      "resolved": "https://registry.npmjs.org/eventemitter3/-/eventemitter3-5.0.1.tgz",
+      "integrity": "sha512-GWkBvjiSZK87ELrYOSESUYeVIc9mvLLf/nXalMOS5dYrgZq9o5OVkbZAVM06CVxYsCwH9BDZFPlQTlPA1j4ahA=="
+    },
+    "node_modules/fast-deep-equal": {
+      "version": "3.1.3",
+      "resolved": "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz",
+      "integrity": "sha512-f3qQ9oQy9j2AhBe/H9VC91wLmKBCCU/gDOnKNAYG5hswO7BLKj09Hc5HYNz9cGI++xlpDCIgDaitVs03ATR84Q=="
+    },
+    "node_modules/fast-glob": {
+      "version": "3.3.2",
+      "resolved": "https://registry.npmjs.org/fast-glob/-/fast-glob-3.3.2.tgz",
+      "integrity": "sha512-oX2ruAFQwf/Orj8m737Y5adxDQO0LAB7/S5MnxCdTNDd4p6BsyIVsv9JQsATbTSq8KHRpLwIHbVlUNatxd+1Ow==",
+      "dependencies": {
+        "@nodelib/fs.stat": "^2.0.2",
+        "@nodelib/fs.walk": "^1.2.3",
+        "glob-parent": "^5.1.2",
+        "merge2": "^1.3.0",
+        "micromatch": "^4.0.4"
+      },
+      "engines": {
+        "node": ">=8.6.0"
+      }
+    },
+    "node_modules/fast-levenshtein": {
+      "version": "2.0.6",
+      "resolved": "https://registry.npmjs.org/fast-levenshtein/-/fast-levenshtein-2.0.6.tgz",
+      "integrity": "sha512-DCXu6Ifhqcks7TZKY3Hxp3y6qphY5SJZmrWMDrKcERSOXWQdMhU9Ig/PYrzyw/ul9jOIyh0N4M0tbC5hodg8dw=="
+    },
+    "node_modules/fast-safe-stringify": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/fast-safe-stringify/-/fast-safe-stringify-2.1.1.tgz",
+      "integrity": "sha512-W+KJc2dmILlPplD/H4K9l9LcAHAfPtP6BY84uVLXQ6Evcz9Lcg33Y2z1IVblT6xdY54PXYVHEv+0Wpq8Io6zkA=="
+    },
+    "node_modules/fastq": {
+      "version": "1.17.1",
+      "resolved": "https://registry.npmjs.org/fastq/-/fastq-1.17.1.tgz",
+      "integrity": "sha512-sRVD3lWVIXWg6By68ZN7vho9a1pQcN/WBFaAAsDDFzlJjvoGx0P8z7V1t72grFJfJhu3YPZBuu25f7Kaw2jN1w==",
+      "dependencies": {
+        "reusify": "^1.0.4"
+      }
+    },
+    "node_modules/filelist": {
+      "version": "1.0.4",
+      "resolved": "https://registry.npmjs.org/filelist/-/filelist-1.0.4.tgz",
+      "integrity": "sha512-w1cEuf3S+DrLCQL7ET6kz+gmlJdbq9J7yXCSjK/OZCPA+qEN1WyF4ZAf0YYJa4/shHJra2t/d/r8SV4Ji+x+8Q==",
+      "dependencies": {
+        "minimatch": "^5.0.1"
+      }
+    },
+    "node_modules/filelist/node_modules/brace-expansion": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
+      "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
+      "dependencies": {
+        "balanced-match": "^1.0.0"
+      }
+    },
+    "node_modules/filelist/node_modules/minimatch": {
+      "version": "5.1.6",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.6.tgz",
+      "integrity": "sha512-lKwV/1brpG6mBUFHtb7NUmtABCb2WZZmm2wNiOA5hAb8VdCS4B3dtMWyvcoViccwAW/COERjXLt0zP1zXUN26g==",
+      "dependencies": {
+        "brace-expansion": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/fill-range": {
+      "version": "7.1.1",
+      "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz",
+      "integrity": "sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==",
+      "dependencies": {
+        "to-regex-range": "^5.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/follow-redirects": {
+      "version": "1.15.9",
+      "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.9.tgz",
+      "integrity": "sha512-gew4GsXizNgdoRyqmyfMHyAmXsZDk6mHkSxZFCzW9gwlbtOW44CDtYavM+y+72qD/Vq2l550kMF52DT8fOLJqQ==",
+      "funding": [
+        {
+          "type": "individual",
+          "url": "https://github.com/sponsors/RubenVerborgh"
+        }
+      ],
+      "engines": {
+        "node": ">=4.0"
+      },
+      "peerDependenciesMeta": {
+        "debug": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/for-each": {
+      "version": "0.3.3",
+      "resolved": "https://registry.npmjs.org/for-each/-/for-each-0.3.3.tgz",
+      "integrity": "sha512-jqYfLp7mo9vIyQf8ykW2v7A+2N4QjeCeI5+Dz9XraiO1ign81wjiH7Fb9vSOWvQfNtmSa4H2RoQTrrXivdUZmw==",
+      "dependencies": {
+        "is-callable": "^1.1.3"
+      }
+    },
+    "node_modules/foreach": {
+      "version": "2.0.6",
+      "resolved": "https://registry.npmjs.org/foreach/-/foreach-2.0.6.tgz",
+      "integrity": "sha512-k6GAGDyqLe9JaebCsFCoudPPWfihKu8pylYXRlqP1J7ms39iPoTtk2fviNglIeQEwdh0bQeKJ01ZPyuyQvKzwg=="
+    },
+    "node_modules/form-data": {
+      "version": "4.0.1",
+      "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.1.tgz",
+      "integrity": "sha512-tzN8e4TX8+kkxGPK8D5u0FNmjPUjw3lwC9lSLxxoB/+GtsJG91CO8bSWy73APlgAZzZbXEYZJuxjkHH2w+Ezhw==",
+      "dependencies": {
+        "asynckit": "^0.4.0",
+        "combined-stream": "^1.0.8",
+        "mime-types": "^2.1.12"
+      },
+      "engines": {
+        "node": ">= 6"
+      }
+    },
+    "node_modules/fs-extra": {
+      "version": "9.1.0",
+      "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-9.1.0.tgz",
+      "integrity": "sha512-hcg3ZmepS30/7BSFqRvoo3DOMQu7IjqxO5nCDt+zM9XWjb33Wg7ziNT+Qvqbuc3+gWpzO02JubVyk2G4Zvo1OQ==",
+      "dependencies": {
+        "at-least-node": "^1.0.0",
+        "graceful-fs": "^4.2.0",
+        "jsonfile": "^6.0.1",
+        "universalify": "^2.0.0"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/fs.realpath": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz",
+      "integrity": "sha512-OO0pH2lK6a0hZnAdau5ItzHPI6pUlvI7jMVnxUQRtw4owF2wk8lOSabtGDCTP4Ggrg2MbGnWO9X8K1t4+fGMDw=="
+    },
+    "node_modules/fsevents": {
+      "version": "2.3.3",
+      "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.3.tgz",
+      "integrity": "sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw==",
+      "hasInstallScript": true,
+      "optional": true,
+      "os": [
+        "darwin"
+      ],
+      "engines": {
+        "node": "^8.16.0 || ^10.6.0 || >=11.0.0"
+      }
+    },
+    "node_modules/function-bind": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.2.tgz",
+      "integrity": "sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA==",
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/function.prototype.name": {
+      "version": "1.1.6",
+      "resolved": "https://registry.npmjs.org/function.prototype.name/-/function.prototype.name-1.1.6.tgz",
+      "integrity": "sha512-Z5kx79swU5P27WEayXM1tBi5Ze/lbIyiNgU3qyXUOf9b2rgXYyF9Dy9Cx+IQv/Lc8WCG6L82zwUPpSS9hGehIg==",
+      "dependencies": {
+        "call-bind": "^1.0.2",
+        "define-properties": "^1.2.0",
+        "es-abstract": "^1.22.1",
+        "functions-have-names": "^1.2.3"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/functions-have-names": {
+      "version": "1.2.3",
+      "resolved": "https://registry.npmjs.org/functions-have-names/-/functions-have-names-1.2.3.tgz",
+      "integrity": "sha512-xckBUXyTIqT97tq2x2AMb+g163b5JFysYk0x4qxNFwbfQkmNZoiRHb6sPzI9/QV33WeuvVYBUIiD4NzNIyqaRQ==",
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/get-caller-file": {
+      "version": "2.0.5",
+      "resolved": "https://registry.npmjs.org/get-caller-file/-/get-caller-file-2.0.5.tgz",
+      "integrity": "sha512-DyFP3BM/3YHTQOCUL/w0OZHR0lpKeGrxotcHWcqNEdnltqFwXVfhEBQ94eIo34AfQpo0rGki4cyIiftY06h2Fg==",
+      "engines": {
+        "node": "6.* || 8.* || >= 10.*"
+      }
+    },
+    "node_modules/get-intrinsic": {
+      "version": "1.2.4",
+      "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.2.4.tgz",
+      "integrity": "sha512-5uYhsJH8VJBTv7oslg4BznJYhDoRI6waYCxMmCdnTrcCrHA/fCFKoTFz2JKKE0HdDFUF7/oQuhzumXJK7paBRQ==",
+      "dependencies": {
+        "es-errors": "^1.3.0",
+        "function-bind": "^1.1.2",
+        "has-proto": "^1.0.1",
+        "has-symbols": "^1.0.3",
+        "hasown": "^2.0.0"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/get-package-type": {
+      "version": "0.1.0",
+      "resolved": "https://registry.npmjs.org/get-package-type/-/get-package-type-0.1.0.tgz",
+      "integrity": "sha512-pjzuKtY64GYfWizNAJ0fr9VqttZkNiK2iS430LtIHzjBEr6bX8Am2zm4sW4Ro5wjWW5cAlRL1qAMTcXbjNAO2Q==",
+      "engines": {
+        "node": ">=8.0.0"
+      }
+    },
+    "node_modules/get-port-please": {
+      "version": "3.1.2",
+      "resolved": "https://registry.npmjs.org/get-port-please/-/get-port-please-3.1.2.tgz",
+      "integrity": "sha512-Gxc29eLs1fbn6LQ4jSU4vXjlwyZhF5HsGuMAa7gqBP4Rw4yxxltyDUuF5MBclFzDTXO+ACchGQoeela4DSfzdQ=="
+    },
+    "node_modules/get-symbol-description": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/get-symbol-description/-/get-symbol-description-1.0.2.tgz",
+      "integrity": "sha512-g0QYk1dZBxGwk+Ngc+ltRH2IBp2f7zBkBMBJZCDerh6EhlhSR6+9irMCuT/09zD6qkarHUSn529sK/yL4S27mg==",
+      "dependencies": {
+        "call-bind": "^1.0.5",
+        "es-errors": "^1.3.0",
+        "get-intrinsic": "^1.2.4"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/glob": {
+      "version": "7.2.3",
+      "resolved": "https://registry.npmjs.org/glob/-/glob-7.2.3.tgz",
+      "integrity": "sha512-nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q==",
+      "deprecated": "Glob versions prior to v9 are no longer supported",
+      "dependencies": {
+        "fs.realpath": "^1.0.0",
+        "inflight": "^1.0.4",
+        "inherits": "2",
+        "minimatch": "^3.1.1",
+        "once": "^1.3.0",
+        "path-is-absolute": "^1.0.0"
+      },
+      "engines": {
+        "node": "*"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/isaacs"
+      }
+    },
+    "node_modules/glob-parent": {
+      "version": "5.1.2",
+      "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz",
+      "integrity": "sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==",
+      "dependencies": {
+        "is-glob": "^4.0.1"
+      },
+      "engines": {
+        "node": ">= 6"
+      }
+    },
+    "node_modules/globalthis": {
+      "version": "1.0.4",
+      "resolved": "https://registry.npmjs.org/globalthis/-/globalthis-1.0.4.tgz",
+      "integrity": "sha512-DpLKbNU4WylpxJykQujfCcwYWiV/Jhm50Goo0wrVILAv5jOr9d+H+UR3PhSCD2rCCEIg0uc+G+muBTwD54JhDQ==",
+      "dependencies": {
+        "define-properties": "^1.2.1",
+        "gopd": "^1.0.1"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/globby": {
+      "version": "11.1.0",
+      "resolved": "https://registry.npmjs.org/globby/-/globby-11.1.0.tgz",
+      "integrity": "sha512-jhIXaOzy1sb8IyocaruWSn1TjmnBVs8Ayhcy83rmxNJ8q2uWKCAj3CnJY+KpGSXCueAPc0i05kVvVKtP1t9S3g==",
+      "dependencies": {
+        "array-union": "^2.1.0",
+        "dir-glob": "^3.0.1",
+        "fast-glob": "^3.2.9",
+        "ignore": "^5.2.0",
+        "merge2": "^1.4.1",
+        "slash": "^3.0.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/gopd": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/gopd/-/gopd-1.0.1.tgz",
+      "integrity": "sha512-d65bNlIadxvpb/A2abVdlqKqV563juRnZ1Wtk6s1sIR8uNsXR70xqIzVqxVf1eTqDunwT2MkczEeaezCKTZhwA==",
+      "dependencies": {
+        "get-intrinsic": "^1.1.3"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/graceful-fs": {
+      "version": "4.2.11",
+      "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.11.tgz",
+      "integrity": "sha512-RbJ5/jmFcNNCcDV5o9eTnBLJ/HszWV0P73bc+Ff4nS/rJj+YaS6IGyiOL0VoBYX+l1Wrl3k63h/KrH+nhJ0XvQ=="
+    },
+    "node_modules/handlebars": {
+      "version": "4.7.8",
+      "resolved": "https://registry.npmjs.org/handlebars/-/handlebars-4.7.8.tgz",
+      "integrity": "sha512-vafaFqs8MZkRrSX7sFVUdo3ap/eNiLnb4IakshzvP56X5Nr1iGKAIqdX6tMlm6HcNRIkr6AxO5jFEoJzzpT8aQ==",
+      "dependencies": {
+        "minimist": "^1.2.5",
+        "neo-async": "^2.6.2",
+        "source-map": "^0.6.1",
+        "wordwrap": "^1.0.0"
+      },
+      "bin": {
+        "handlebars": "bin/handlebars"
+      },
+      "engines": {
+        "node": ">=0.4.7"
+      },
+      "optionalDependencies": {
+        "uglify-js": "^3.1.4"
+      }
+    },
+    "node_modules/has": {
+      "version": "1.0.4",
+      "resolved": "https://registry.npmjs.org/has/-/has-1.0.4.tgz",
+      "integrity": "sha512-qdSAmqLF6209RFj4VVItywPMbm3vWylknmB3nvNiUIs72xAimcM8nVYxYr7ncvZq5qzk9MKIZR8ijqD/1QuYjQ==",
+      "engines": {
+        "node": ">= 0.4.0"
+      }
+    },
+    "node_modules/has-bigints": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/has-bigints/-/has-bigints-1.0.2.tgz",
+      "integrity": "sha512-tSvCKtBr9lkF0Ex0aQiP9N+OpV4zi2r/Nee5VkRDbaqv35RLYMzbwQfFSZZH0kR+Rd6302UJZ2p/bJCEoR3VoQ==",
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/has-flag": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
+      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/has-property-descriptors": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/has-property-descriptors/-/has-property-descriptors-1.0.2.tgz",
+      "integrity": "sha512-55JNKuIW+vq4Ke1BjOTjM2YctQIvCT7GFzHwmfZPGo5wnrgkid0YQtnAleFSqumZm4az3n2BS+erby5ipJdgrg==",
+      "dependencies": {
+        "es-define-property": "^1.0.0"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/has-proto": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/has-proto/-/has-proto-1.0.3.tgz",
+      "integrity": "sha512-SJ1amZAJUiZS+PhsVLf5tGydlaVB8EdFpaSO4gmiUKUOxk8qzn5AIy4ZeJUmh22znIdk/uMAUT2pl3FxzVUH+Q==",
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/has-symbols": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/has-symbols/-/has-symbols-1.0.3.tgz",
+      "integrity": "sha512-l3LCuF6MgDNwTDKkdYGEihYjt5pRPbEg46rtlmnSPlUbgmB8LOIrKJbYYFBSbnPaJexMKtiPO8hmeRjRz2Td+A==",
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/has-tostringtag": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/has-tostringtag/-/has-tostringtag-1.0.2.tgz",
+      "integrity": "sha512-NqADB8VjPFLM2V0VvHUewwwsw0ZWBaIdgo+ieHtK3hasLz4qeCRjYcqfB6AQrBggRKppKF8L52/VqdVsO47Dlw==",
+      "dependencies": {
+        "has-symbols": "^1.0.3"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/hasown": {
+      "version": "2.0.2",
+      "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.2.tgz",
+      "integrity": "sha512-0hJU9SCPvmMzIBdZFqNPXWa6dqh7WdH0cII9y+CyS8rG3nL48Bclra9HmKhVVUHyPWNH5Y7xDwAB7bfgSjkUMQ==",
+      "dependencies": {
+        "function-bind": "^1.1.2"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/html-element-map": {
+      "version": "1.3.1",
+      "resolved": "https://registry.npmjs.org/html-element-map/-/html-element-map-1.3.1.tgz",
+      "integrity": "sha512-6XMlxrAFX4UEEGxctfFnmrFaaZFNf9i5fNuV5wZ3WWQ4FVaNP1aX1LkX9j2mfEx1NpjeE/rL3nmgEn23GdFmrg==",
+      "peer": true,
+      "dependencies": {
+        "array.prototype.filter": "^1.0.0",
+        "call-bind": "^1.0.2"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/htmlparser2": {
+      "version": "9.1.0",
+      "resolved": "https://registry.npmjs.org/htmlparser2/-/htmlparser2-9.1.0.tgz",
+      "integrity": "sha512-5zfg6mHUoaer/97TxnGpxmbR7zJtPwIYFMZ/H5ucTlPZhKvtum05yiPK3Mgai3a0DyVxv7qYqoweaEd2nrYQzQ==",
+      "funding": [
+        "https://github.com/fb55/htmlparser2?sponsor=1",
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/fb55"
+        }
+      ],
+      "peer": true,
+      "dependencies": {
+        "domelementtype": "^2.3.0",
+        "domhandler": "^5.0.3",
+        "domutils": "^3.1.0",
+        "entities": "^4.5.0"
+      }
+    },
+    "node_modules/http2-client": {
+      "version": "1.3.5",
+      "resolved": "https://registry.npmjs.org/http2-client/-/http2-client-1.3.5.tgz",
+      "integrity": "sha512-EC2utToWl4RKfs5zd36Mxq7nzHHBuomZboI0yYL6Y0RmBgT7Sgkq4rQ0ezFTYoIsSs7Tm9SJe+o2FcAg6GBhGA=="
+    },
+    "node_modules/https-proxy-agent": {
+      "version": "7.0.5",
+      "resolved": "https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-7.0.5.tgz",
+      "integrity": "sha512-1e4Wqeblerz+tMKPIq2EMGiiWW1dIjZOksyHWSUm1rmuvw/how9hBHZ38lAGj5ID4Ik6EdkOw7NmWPy6LAwalw==",
+      "dependencies": {
+        "agent-base": "^7.0.2",
+        "debug": "4"
+      },
+      "engines": {
+        "node": ">= 14"
+      }
+    },
+    "node_modules/hyperlinker": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/hyperlinker/-/hyperlinker-1.0.0.tgz",
+      "integrity": "sha512-Ty8UblRWFEcfSuIaajM34LdPXIhbs1ajEX/BBPv24J+enSVaEVY63xQ6lTO9VRYS5LAoghIG0IDJ+p+IPzKUQQ==",
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/iconv-lite": {
+      "version": "0.6.3",
+      "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.6.3.tgz",
+      "integrity": "sha512-4fCk79wshMdzMp2rH06qWrJE4iolqLhCUH+OiuIgU++RB0+94NlDL81atO7GX55uUKueo0txHNtvEyI6D7WdMw==",
+      "peer": true,
+      "dependencies": {
+        "safer-buffer": ">= 2.1.2 < 3.0.0"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/ignore": {
+      "version": "5.3.2",
+      "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.3.2.tgz",
+      "integrity": "sha512-hsBTNUqQTDwkWtcdYI2i06Y/nUBEsNEDJKjWdigLvegy8kDuJAS8uRlpkkcQpyEXL0Z/pjDy5HBmMjRCJ2gq+g==",
+      "engines": {
+        "node": ">= 4"
+      }
+    },
+    "node_modules/indent-string": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/indent-string/-/indent-string-4.0.0.tgz",
+      "integrity": "sha512-EdDDZu4A2OyIK7Lr/2zG+w5jmbuk1DVBnEwREQvBzspBJkCEbRa8GxU1lghYcaGJCnRWibjDXlq779X1/y5xwg==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/inflight": {
+      "version": "1.0.6",
+      "resolved": "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz",
+      "integrity": "sha512-k92I/b08q4wvFscXCLvqfsHCrjrF7yiXsQuIVvVE7N82W3+aqpzuUdBbfhWcy/FZR3/4IgflMgKLOsvPDrGCJA==",
+      "deprecated": "This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.",
+      "dependencies": {
+        "once": "^1.3.0",
+        "wrappy": "1"
+      }
+    },
+    "node_modules/inherits": {
+      "version": "2.0.4",
+      "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz",
+      "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ=="
+    },
+    "node_modules/internal-slot": {
+      "version": "1.0.7",
+      "resolved": "https://registry.npmjs.org/internal-slot/-/internal-slot-1.0.7.tgz",
+      "integrity": "sha512-NGnrKwXzSms2qUUih/ILZ5JBqNTSa1+ZmP6flaIp6KmSElgE9qdndzS3cqjrDovwFdmwsGsLdeFgB6suw+1e9g==",
+      "dependencies": {
+        "es-errors": "^1.3.0",
+        "hasown": "^2.0.0",
+        "side-channel": "^1.0.4"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/is-array-buffer": {
+      "version": "3.0.4",
+      "resolved": "https://registry.npmjs.org/is-array-buffer/-/is-array-buffer-3.0.4.tgz",
+      "integrity": "sha512-wcjaerHw0ydZwfhiKbXJWLDY8A7yV7KhjQOpb83hGgGfId/aQa4TOvwyzn2PuswW2gPCYEL/nEAiSVpdOj1lXw==",
+      "dependencies": {
+        "call-bind": "^1.0.2",
+        "get-intrinsic": "^1.2.1"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/is-bigint": {
+      "version": "1.0.4",
+      "resolved": "https://registry.npmjs.org/is-bigint/-/is-bigint-1.0.4.tgz",
+      "integrity": "sha512-zB9CruMamjym81i2JZ3UMn54PKGsQzsJeo6xvN3HJJ4CAsQNB6iRutp2To77OfCNuoxspsIhzaPoO1zyCEhFOg==",
+      "dependencies": {
+        "has-bigints": "^1.0.1"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/is-binary-path": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/is-binary-path/-/is-binary-path-2.1.0.tgz",
+      "integrity": "sha512-ZMERYes6pDydyuGidse7OsHxtbI7WVeUEozgR/g7rd0xUimYNlvZRE/K2MgZTjWy725IfelLeVcEM97mmtRGXw==",
+      "dependencies": {
+        "binary-extensions": "^2.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/is-boolean-object": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/is-boolean-object/-/is-boolean-object-1.1.2.tgz",
+      "integrity": "sha512-gDYaKHJmnj4aWxyj6YHyXVpdQawtVLHU5cb+eztPGczf6cjuTdwve5ZIEfgXqH4e57An1D1AKf8CZ3kYrQRqYA==",
+      "dependencies": {
+        "call-bind": "^1.0.2",
+        "has-tostringtag": "^1.0.0"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/is-callable": {
+      "version": "1.2.7",
+      "resolved": "https://registry.npmjs.org/is-callable/-/is-callable-1.2.7.tgz",
+      "integrity": "sha512-1BC0BVFhS/p0qtw6enp8e+8OD0UrK0oFLztSjNzhcKA3WDuJxxAPXzPuPtKkjEY9UUoEWlX/8fgKeu2S8i9JTA==",
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/is-data-view": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/is-data-view/-/is-data-view-1.0.1.tgz",
+      "integrity": "sha512-AHkaJrsUVW6wq6JS8y3JnM/GJF/9cf+k20+iDzlSaJrinEo5+7vRiteOSwBhHRiAyQATN1AmY4hwzxJKPmYf+w==",
+      "dependencies": {
+        "is-typed-array": "^1.1.13"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/is-date-object": {
+      "version": "1.0.5",
+      "resolved": "https://registry.npmjs.org/is-date-object/-/is-date-object-1.0.5.tgz",
+      "integrity": "sha512-9YQaSxsAiSwcvS33MBk3wTCVnWK+HhF8VZR2jRxehM16QcVOdHqPn4VPHmRK4lSr38n9JriurInLcP90xsYNfQ==",
+      "dependencies": {
+        "has-tostringtag": "^1.0.0"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/is-docker": {
+      "version": "2.2.1",
+      "resolved": "https://registry.npmjs.org/is-docker/-/is-docker-2.2.1.tgz",
+      "integrity": "sha512-F+i2BKsFrH66iaUFc0woD8sLy8getkwTwtOBjvs56Cx4CgJDeKQeqfz8wAYiSb8JOprWhHH5p77PbmYCvvUuXQ==",
+      "bin": {
+        "is-docker": "cli.js"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/is-extglob": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz",
+      "integrity": "sha512-SbKbANkN603Vi4jEZv49LeVJMn4yGwsbzZworEoyEiutsN3nJYdbO36zfhGJ6QEDpOZIFkDtnq5JRxmvl3jsoQ==",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/is-fullwidth-code-point": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz",
+      "integrity": "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/is-glob": {
+      "version": "4.0.3",
+      "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.3.tgz",
+      "integrity": "sha512-xelSayHH36ZgE7ZWhli7pW34hNbNl8Ojv5KVmkJD4hBdD3th8Tfk9vYasLM+mXWOZhFkgZfxhLSnrwRr4elSSg==",
+      "dependencies": {
+        "is-extglob": "^2.1.1"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/is-negative-zero": {
+      "version": "2.0.3",
+      "resolved": "https://registry.npmjs.org/is-negative-zero/-/is-negative-zero-2.0.3.tgz",
+      "integrity": "sha512-5KoIu2Ngpyek75jXodFvnafB6DJgr3u8uuK0LEZJjrU19DrMD3EVERaR8sjz8CCGgpZvxPl9SuE1GMVPFHx1mw==",
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/is-number": {
+      "version": "7.0.0",
+      "resolved": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz",
+      "integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==",
+      "engines": {
+        "node": ">=0.12.0"
+      }
+    },
+    "node_modules/is-number-object": {
+      "version": "1.0.7",
+      "resolved": "https://registry.npmjs.org/is-number-object/-/is-number-object-1.0.7.tgz",
+      "integrity": "sha512-k1U0IRzLMo7ZlYIfzRu23Oh6MiIFasgpb9X76eqfFZAqwH44UI4KTBvBYIZ1dSL9ZzChTB9ShHfLkR4pdW5krQ==",
+      "dependencies": {
+        "has-tostringtag": "^1.0.0"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/is-regex": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/is-regex/-/is-regex-1.1.4.tgz",
+      "integrity": "sha512-kvRdxDsxZjhzUX07ZnLydzS1TU/TJlTUHHY4YLL87e37oUA49DfkLqgy+VjFocowy29cKvcSiu+kIv728jTTVg==",
+      "dependencies": {
+        "call-bind": "^1.0.2",
+        "has-tostringtag": "^1.0.0"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/is-shared-array-buffer": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/is-shared-array-buffer/-/is-shared-array-buffer-1.0.3.tgz",
+      "integrity": "sha512-nA2hv5XIhLR3uVzDDfCIknerhx8XUKnstuOERPNNIinXG7v9u+ohXF67vxm4TPTEPU6lm61ZkwP3c9PCB97rhg==",
+      "dependencies": {
+        "call-bind": "^1.0.7"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/is-string": {
+      "version": "1.0.7",
+      "resolved": "https://registry.npmjs.org/is-string/-/is-string-1.0.7.tgz",
+      "integrity": "sha512-tE2UXzivje6ofPW7l23cjDOMa09gb7xlAqG6jG5ej6uPV32TlWP3NKPigtaGeHNu9fohccRYvIiZMfOOnOYUtg==",
+      "dependencies": {
+        "has-tostringtag": "^1.0.0"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/is-subset": {
+      "version": "0.1.1",
+      "resolved": "https://registry.npmjs.org/is-subset/-/is-subset-0.1.1.tgz",
+      "integrity": "sha512-6Ybun0IkarhmEqxXCNw/C0bna6Zb/TkfUX9UbwJtK6ObwAVCxmAP308WWTHviM/zAqXk05cdhYsUsZeGQh99iw==",
+      "peer": true
+    },
+    "node_modules/is-symbol": {
+      "version": "1.0.4",
+      "resolved": "https://registry.npmjs.org/is-symbol/-/is-symbol-1.0.4.tgz",
+      "integrity": "sha512-C/CPBqKWnvdcxqIARxyOh4v1UUEOCHpgDa0WYgpKDFMszcrPcffg5uhwSgPCLD2WWxmq6isisz87tzT01tuGhg==",
+      "dependencies": {
+        "has-symbols": "^1.0.2"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/is-typed-array": {
+      "version": "1.1.13",
+      "resolved": "https://registry.npmjs.org/is-typed-array/-/is-typed-array-1.1.13.tgz",
+      "integrity": "sha512-uZ25/bUAlUY5fR4OKT4rZQEBrzQWYV9ZJYGGsUmEJ6thodVJ1HX64ePQ6Z0qPWP+m+Uq6e9UugrE38jeYsDSMw==",
+      "dependencies": {
+        "which-typed-array": "^1.1.14"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/is-weakref": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/is-weakref/-/is-weakref-1.0.2.tgz",
+      "integrity": "sha512-qctsuLZmIQ0+vSSMfoVvyFe2+GSEvnmZ2ezTup1SBse9+twCCeial6EEi3Nc2KFcf6+qz2FBPnjXsk8xhKSaPQ==",
+      "dependencies": {
+        "call-bind": "^1.0.2"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/is-wsl": {
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/is-wsl/-/is-wsl-2.2.0.tgz",
+      "integrity": "sha512-fKzAra0rGJUUBwGBgNkHZuToZcn+TtXHpeCgmkMJMMYx1sQDYaCSyjJBSCa2nH1DGm7s3n1oBnohoVTBaN7Lww==",
+      "dependencies": {
+        "is-docker": "^2.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/isarray": {
+      "version": "2.0.5",
+      "resolved": "https://registry.npmjs.org/isarray/-/isarray-2.0.5.tgz",
+      "integrity": "sha512-xHjhDr3cNBK0BzdUJSPXZntQUx/mwMS5Rw4A7lPJ90XGAO6ISP/ePDNuo0vhqOZU+UD5JoodwCAAoZQd3FeAKw=="
+    },
+    "node_modules/isexe": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz",
+      "integrity": "sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw=="
+    },
+    "node_modules/jake": {
+      "version": "10.9.2",
+      "resolved": "https://registry.npmjs.org/jake/-/jake-10.9.2.tgz",
+      "integrity": "sha512-2P4SQ0HrLQ+fw6llpLnOaGAvN2Zu6778SJMrCUwns4fOoG9ayrTiZk3VV8sCPkVZF8ab0zksVpS8FDY5pRCNBA==",
+      "dependencies": {
+        "async": "^3.2.3",
+        "chalk": "^4.0.2",
+        "filelist": "^1.0.4",
+        "minimatch": "^3.1.2"
+      },
+      "bin": {
+        "jake": "bin/cli.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/js-levenshtein": {
+      "version": "1.1.6",
+      "resolved": "https://registry.npmjs.org/js-levenshtein/-/js-levenshtein-1.1.6.tgz",
+      "integrity": "sha512-X2BB11YZtrRqY4EnQcLX5Rh373zbK4alC1FW7D7MBhL2gtcC17cTnr6DmfHZeS0s2rTHjUTMMHfG7gO8SSdw+g==",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/js-tokens": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz",
+      "integrity": "sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ=="
+    },
+    "node_modules/js-yaml": {
+      "version": "4.1.0",
+      "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz",
+      "integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==",
+      "dependencies": {
+        "argparse": "^2.0.1"
+      },
+      "bin": {
+        "js-yaml": "bin/js-yaml.js"
+      }
+    },
+    "node_modules/json-pointer": {
+      "version": "0.6.2",
+      "resolved": "https://registry.npmjs.org/json-pointer/-/json-pointer-0.6.2.tgz",
+      "integrity": "sha512-vLWcKbOaXlO+jvRy4qNd+TI1QUPZzfJj1tpJ3vAXDych5XJf93ftpUKe5pKCrzyIIwgBJcOcCVRUfqQP25afBw==",
+      "dependencies": {
+        "foreach": "^2.0.4"
+      }
+    },
+    "node_modules/json-schema-traverse": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-1.0.0.tgz",
+      "integrity": "sha512-NM8/P9n3XjXhIZn1lLhkFaACTOURQXjWhV4BA/RnOv8xvgqtqpAX9IO4mRQxSx1Rlo4tqzeqb0sOlruaOy3dug=="
+    },
+    "node_modules/jsonfile": {
+      "version": "6.1.0",
+      "resolved": "https://registry.npmjs.org/jsonfile/-/jsonfile-6.1.0.tgz",
+      "integrity": "sha512-5dgndWOriYSm5cnYaJNhalLNDKOqFwyDB/rr1E9ZsGciGvKPs8R2xYGCacuf3z6K1YKDz182fd+fY3cn3pMqXQ==",
+      "dependencies": {
+        "universalify": "^2.0.0"
+      },
+      "optionalDependencies": {
+        "graceful-fs": "^4.1.6"
+      }
+    },
+    "node_modules/jsonpath": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/jsonpath/-/jsonpath-1.1.1.tgz",
+      "integrity": "sha512-l6Cg7jRpixfbgoWgkrl77dgEj8RPvND0wMH6TwQmi9Qs4TFfS9u5cUFnbeKTwj5ga5Y3BTGGNI28k117LJ009w==",
+      "dependencies": {
+        "esprima": "1.2.2",
+        "static-eval": "2.0.2",
+        "underscore": "1.12.1"
+      }
+    },
+    "node_modules/levn": {
+      "version": "0.3.0",
+      "resolved": "https://registry.npmjs.org/levn/-/levn-0.3.0.tgz",
+      "integrity": "sha512-0OO4y2iOHix2W6ujICbKIaEQXvFQHue65vUG3pb5EUomzPI90z9hsA1VsO/dbIIpC53J8gxM9Q4Oho0jrCM/yA==",
+      "dependencies": {
+        "prelude-ls": "~1.1.2",
+        "type-check": "~0.3.2"
+      },
+      "engines": {
+        "node": ">= 0.8.0"
+      }
+    },
+    "node_modules/lodash": {
+      "version": "4.17.21",
+      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz",
+      "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg=="
+    },
+    "node_modules/lodash.escape": {
+      "version": "4.0.1",
+      "resolved": "https://registry.npmjs.org/lodash.escape/-/lodash.escape-4.0.1.tgz",
+      "integrity": "sha512-nXEOnb/jK9g0DYMr1/Xvq6l5xMD7GDG55+GSYIYmS0G4tBk/hURD4JR9WCavs04t33WmJx9kCyp9vJ+mr4BOUw==",
+      "peer": true
+    },
+    "node_modules/lodash.flattendeep": {
+      "version": "4.4.0",
+      "resolved": "https://registry.npmjs.org/lodash.flattendeep/-/lodash.flattendeep-4.4.0.tgz",
+      "integrity": "sha512-uHaJFihxmJcEX3kT4I23ABqKKalJ/zDrDg0lsFtc1h+3uw49SIJ5beyhx5ExVRti3AvKoOJngIj7xz3oylPdWQ==",
+      "peer": true
+    },
+    "node_modules/lodash.isequal": {
+      "version": "4.5.0",
+      "resolved": "https://registry.npmjs.org/lodash.isequal/-/lodash.isequal-4.5.0.tgz",
+      "integrity": "sha512-pDo3lu8Jhfjqls6GkMgpahsF9kCyayhgykjyLMNFTKWrpVdAQtYyB4muAMWozBB4ig/dtWAmsMxLEI8wuz+DYQ=="
+    },
+    "node_modules/loose-envify": {
+      "version": "1.4.0",
+      "resolved": "https://registry.npmjs.org/loose-envify/-/loose-envify-1.4.0.tgz",
+      "integrity": "sha512-lyuxPGr/Wfhrlem2CL/UcnUc1zcqKAImBDzukY7Y5F/yQiNdko6+fRLevlw1HgMySw7f611UIY408EtxRSoK3Q==",
+      "dependencies": {
+        "js-tokens": "^3.0.0 || ^4.0.0"
+      },
+      "bin": {
+        "loose-envify": "cli.js"
+      }
+    },
+    "node_modules/lunr": {
+      "version": "2.3.9",
+      "resolved": "https://registry.npmjs.org/lunr/-/lunr-2.3.9.tgz",
+      "integrity": "sha512-zTU3DaZaF3Rt9rhN3uBMGQD3dD2/vFQqnvZCDv4dl5iOzq2IZQqTxu90r4E5J+nP70J3ilqVCrbho2eWaeW8Ow=="
+    },
+    "node_modules/make-error": {
+      "version": "1.3.6",
+      "resolved": "https://registry.npmjs.org/make-error/-/make-error-1.3.6.tgz",
+      "integrity": "sha512-s8UhlNe7vPKomQhC1qFelMokr/Sc3AgNbso3n74mVPA5LTZwkB9NlXf4XPamLxJE8h0gh73rM94xvwRT2CVInw=="
+    },
+    "node_modules/mark.js": {
+      "version": "8.11.1",
+      "resolved": "https://registry.npmjs.org/mark.js/-/mark.js-8.11.1.tgz",
+      "integrity": "sha512-1I+1qpDt4idfgLQG+BNWmrqku+7/2bi5nLf4YwF8y8zXvmfiTBY3PV3ZibfrjBueCByROpuBjLLFCajqkgYoLQ=="
+    },
+    "node_modules/marked": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/marked/-/marked-4.3.0.tgz",
+      "integrity": "sha512-PRsaiG84bK+AMvxziE/lCFss8juXjNaWzVbN5tXAm4XjeaS9NAHhop+PjQxz2A9h8Q4M/xGmzP8vqNwy6JeK0A==",
+      "bin": {
+        "marked": "bin/marked.js"
+      },
+      "engines": {
+        "node": ">= 12"
+      }
+    },
+    "node_modules/merge2": {
+      "version": "1.4.1",
+      "resolved": "https://registry.npmjs.org/merge2/-/merge2-1.4.1.tgz",
+      "integrity": "sha512-8q7VEgMJW4J8tcfVPy8g09NcQwZdbwFEqhe/WZkoIzjn/3TGDwtOCYtXGxA3O8tPzpczCCDgv+P2P5y00ZJOOg==",
+      "engines": {
+        "node": ">= 8"
+      }
+    },
+    "node_modules/mergician": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/mergician/-/mergician-1.1.0.tgz",
+      "integrity": "sha512-FXbxzU6BBhGkV8XtUr8Sk015ZRaAALviit8Lle6OEgd1udX8wlu6tBeUMLGQGdz1MfHpAVNNQkXowyDnJuhXpA==",
+      "engines": {
+        "node": ">=10.0.0"
+      }
+    },
+    "node_modules/micromatch": {
+      "version": "4.0.8",
+      "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.8.tgz",
+      "integrity": "sha512-PXwfBhYu0hBCPw8Dn0E+WDYb7af3dSLVWKi3HGv84IdF4TyFoC0ysxFd0Goxw7nSv4T/PzEJQxsYsEiFCKo2BA==",
+      "dependencies": {
+        "braces": "^3.0.3",
+        "picomatch": "^2.3.1"
+      },
+      "engines": {
+        "node": ">=8.6"
+      }
+    },
+    "node_modules/mime-db": {
+      "version": "1.52.0",
+      "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz",
+      "integrity": "sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/mime-types": {
+      "version": "2.1.35",
+      "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz",
+      "integrity": "sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==",
+      "dependencies": {
+        "mime-db": "1.52.0"
+      },
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/minimatch": {
+      "version": "3.1.2",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
+      "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==",
+      "dependencies": {
+        "brace-expansion": "^1.1.7"
+      },
+      "engines": {
+        "node": "*"
+      }
+    },
+    "node_modules/minimist": {
+      "version": "1.2.8",
+      "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.8.tgz",
+      "integrity": "sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA==",
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/mobx": {
+      "version": "6.13.5",
+      "resolved": "https://registry.npmjs.org/mobx/-/mobx-6.13.5.tgz",
+      "integrity": "sha512-/HTWzW2s8J1Gqt+WmUj5Y0mddZk+LInejADc79NJadrWla3rHzmRHki/mnEUH1AvOmbNTZ1BRbKxr8DSgfdjMA==",
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/mobx"
+      }
+    },
+    "node_modules/mobx-react": {
+      "version": "9.1.1",
+      "resolved": "https://registry.npmjs.org/mobx-react/-/mobx-react-9.1.1.tgz",
+      "integrity": "sha512-gVV7AdSrAAxqXOJ2bAbGa5TkPqvITSzaPiiEkzpW4rRsMhSec7C2NBCJYILADHKp2tzOAIETGRsIY0UaCV5aEw==",
+      "dependencies": {
+        "mobx-react-lite": "^4.0.7"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/mobx"
+      },
+      "peerDependencies": {
+        "mobx": "^6.9.0",
+        "react": "^16.8.0 || ^17 || ^18"
+      },
+      "peerDependenciesMeta": {
+        "react-dom": {
+          "optional": true
+        },
+        "react-native": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/mobx-react-lite": {
+      "version": "4.0.7",
+      "resolved": "https://registry.npmjs.org/mobx-react-lite/-/mobx-react-lite-4.0.7.tgz",
+      "integrity": "sha512-RjwdseshK9Mg8On5tyJZHtGD+J78ZnCnRaxeQDSiciKVQDUbfZcXhmld0VMxAwvcTnPEHZySGGewm467Fcpreg==",
+      "dependencies": {
+        "use-sync-external-store": "^1.2.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/mobx"
+      },
+      "peerDependencies": {
+        "mobx": "^6.9.0",
+        "react": "^16.8.0 || ^17 || ^18"
+      },
+      "peerDependenciesMeta": {
+        "react-dom": {
+          "optional": true
+        },
+        "react-native": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/moo": {
+      "version": "0.5.2",
+      "resolved": "https://registry.npmjs.org/moo/-/moo-0.5.2.tgz",
+      "integrity": "sha512-iSAJLHYKnX41mKcJKjqvnAN9sf0LMDTXDEvFv+ffuRR9a1MIuXLjMNL6EsnDHSkKLTWNqQQ5uo61P4EbU4NU+Q==",
+      "peer": true
+    },
+    "node_modules/ms": {
+      "version": "2.1.3",
+      "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz",
+      "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA=="
+    },
+    "node_modules/nanoid": {
+      "version": "3.3.7",
+      "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.7.tgz",
+      "integrity": "sha512-eSRppjcPIatRIMC1U6UngP8XFcz8MQWGQdt1MTBQ7NaAmvXDfvNxbvWV3x2y6CdEUciCSsDHDQZbhYaB8QEo2g==",
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/ai"
+        }
+      ],
+      "bin": {
+        "nanoid": "bin/nanoid.cjs"
+      },
+      "engines": {
+        "node": "^10 || ^12 || ^13.7 || ^14 || >=15.0.1"
+      }
+    },
+    "node_modules/natural-orderby": {
+      "version": "2.0.3",
+      "resolved": "https://registry.npmjs.org/natural-orderby/-/natural-orderby-2.0.3.tgz",
+      "integrity": "sha512-p7KTHxU0CUrcOXe62Zfrb5Z13nLvPhSWR/so3kFulUQU0sgUll2Z0LwpsLN351eOOD+hRGu/F1g+6xDfPeD++Q==",
+      "engines": {
+        "node": "*"
+      }
+    },
+    "node_modules/nearley": {
+      "version": "2.20.1",
+      "resolved": "https://registry.npmjs.org/nearley/-/nearley-2.20.1.tgz",
+      "integrity": "sha512-+Mc8UaAebFzgV+KpI5n7DasuuQCHA89dmwm7JXw3TV43ukfNQ9DnBH3Mdb2g/I4Fdxc26pwimBWvjIw0UAILSQ==",
+      "peer": true,
+      "dependencies": {
+        "commander": "^2.19.0",
+        "moo": "^0.5.0",
+        "railroad-diagrams": "^1.0.0",
+        "randexp": "0.4.6"
+      },
+      "bin": {
+        "nearley-railroad": "bin/nearley-railroad.js",
+        "nearley-test": "bin/nearley-test.js",
+        "nearley-unparse": "bin/nearley-unparse.js",
+        "nearleyc": "bin/nearleyc.js"
+      },
+      "funding": {
+        "type": "individual",
+        "url": "https://nearley.js.org/#give-to-nearley"
+      }
+    },
+    "node_modules/neo-async": {
+      "version": "2.6.2",
+      "resolved": "https://registry.npmjs.org/neo-async/-/neo-async-2.6.2.tgz",
+      "integrity": "sha512-Yd3UES5mWCSqR+qNT93S3UoYUkqAZ9lLg8a7g9rimsWmYGK8cVToA4/sF3RrshdyV3sAGMXVUmpMYOw+dLpOuw=="
+    },
+    "node_modules/node-fetch": {
+      "version": "2.7.0",
+      "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.7.0.tgz",
+      "integrity": "sha512-c4FRfUm/dbcWZ7U+1Wq0AwCyFL+3nt2bEw05wfxSz+DWpWsitgmSgYmy2dQdWyKC1694ELPqMs/YzUSNozLt8A==",
+      "dependencies": {
+        "whatwg-url": "^5.0.0"
+      },
+      "engines": {
+        "node": "4.x || >=6.0.0"
+      },
+      "peerDependencies": {
+        "encoding": "^0.1.0"
+      },
+      "peerDependenciesMeta": {
+        "encoding": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/node-fetch-h2": {
+      "version": "2.3.0",
+      "resolved": "https://registry.npmjs.org/node-fetch-h2/-/node-fetch-h2-2.3.0.tgz",
+      "integrity": "sha512-ofRW94Ab0T4AOh5Fk8t0h8OBWrmjb0SSB20xh1H8YnPV9EJ+f5AMoYSUQ2zgJ4Iq2HAK0I2l5/Nequ8YzFS3Hg==",
+      "dependencies": {
+        "http2-client": "^1.2.5"
+      },
+      "engines": {
+        "node": "4.x || >=6.0.0"
+      }
+    },
+    "node_modules/node-readfiles": {
+      "version": "0.2.0",
+      "resolved": "https://registry.npmjs.org/node-readfiles/-/node-readfiles-0.2.0.tgz",
+      "integrity": "sha512-SU00ZarexNlE4Rjdm83vglt5Y9yiQ+XI1XpflWlb7q7UTN1JUItm69xMeiQCTxtTfnzt+83T8Cx+vI2ED++VDA==",
+      "dependencies": {
+        "es6-promise": "^3.2.1"
+      }
+    },
+    "node_modules/normalize-path": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/normalize-path/-/normalize-path-3.0.0.tgz",
+      "integrity": "sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA==",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/nth-check": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/nth-check/-/nth-check-2.1.1.tgz",
+      "integrity": "sha512-lqjrjmaOoAnWfMmBPL+XNnynZh2+swxiX3WUE0s4yEHI6m+AwrK2UZOimIRl3X/4QctVqS8AiZjFqyOGrMXb/w==",
+      "peer": true,
+      "dependencies": {
+        "boolbase": "^1.0.0"
+      },
+      "funding": {
+        "url": "https://github.com/fb55/nth-check?sponsor=1"
+      }
+    },
+    "node_modules/oas-kit-common": {
+      "version": "1.0.8",
+      "resolved": "https://registry.npmjs.org/oas-kit-common/-/oas-kit-common-1.0.8.tgz",
+      "integrity": "sha512-pJTS2+T0oGIwgjGpw7sIRU8RQMcUoKCDWFLdBqKB2BNmGpbBMH2sdqAaOXUg8OzonZHU0L7vfJu1mJFEiYDWOQ==",
+      "dependencies": {
+        "fast-safe-stringify": "^2.0.7"
+      }
+    },
+    "node_modules/oas-linter": {
+      "version": "3.2.2",
+      "resolved": "https://registry.npmjs.org/oas-linter/-/oas-linter-3.2.2.tgz",
+      "integrity": "sha512-KEGjPDVoU5K6swgo9hJVA/qYGlwfbFx+Kg2QB/kd7rzV5N8N5Mg6PlsoCMohVnQmo+pzJap/F610qTodKzecGQ==",
+      "dependencies": {
+        "@exodus/schemasafe": "^1.0.0-rc.2",
+        "should": "^13.2.1",
+        "yaml": "^1.10.0"
+      },
+      "funding": {
+        "url": "https://github.com/Mermade/oas-kit?sponsor=1"
+      }
+    },
+    "node_modules/oas-resolver": {
+      "version": "2.5.6",
+      "resolved": "https://registry.npmjs.org/oas-resolver/-/oas-resolver-2.5.6.tgz",
+      "integrity": "sha512-Yx5PWQNZomfEhPPOphFbZKi9W93CocQj18NlD2Pa4GWZzdZpSJvYwoiuurRI7m3SpcChrnO08hkuQDL3FGsVFQ==",
+      "dependencies": {
+        "node-fetch-h2": "^2.3.0",
+        "oas-kit-common": "^1.0.8",
+        "reftools": "^1.1.9",
+        "yaml": "^1.10.0",
+        "yargs": "^17.0.1"
+      },
+      "bin": {
+        "resolve": "resolve.js"
+      },
+      "funding": {
+        "url": "https://github.com/Mermade/oas-kit?sponsor=1"
+      }
+    },
+    "node_modules/oas-schema-walker": {
+      "version": "1.1.5",
+      "resolved": "https://registry.npmjs.org/oas-schema-walker/-/oas-schema-walker-1.1.5.tgz",
+      "integrity": "sha512-2yucenq1a9YPmeNExoUa9Qwrt9RFkjqaMAA1X+U7sbb0AqBeTIdMHky9SQQ6iN94bO5NW0W4TRYXerG+BdAvAQ==",
+      "funding": {
+        "url": "https://github.com/Mermade/oas-kit?sponsor=1"
+      }
+    },
+    "node_modules/oas-schemas": {
+      "version": "2.0.0",
+      "resolved": "git+https://git@github.com/OAI/OpenAPI-Specification.git#0f9d3ec7c033fef184ec54e1ffc201b2d61ce023",
+      "integrity": "sha512-B0izsjJFhgA/KCQExAt7cfLyw42KD+r3NE7hKbkmGSqoe3gb57eMUXTlN4MwEicFR86Gno+h3OSnRcHfUlVubQ=="
+    },
+    "node_modules/oas-validator": {
+      "version": "5.0.8",
+      "resolved": "https://registry.npmjs.org/oas-validator/-/oas-validator-5.0.8.tgz",
+      "integrity": "sha512-cu20/HE5N5HKqVygs3dt94eYJfBi0TsZvPVXDhbXQHiEityDN+RROTleefoKRKKJ9dFAF2JBkDHgvWj0sjKGmw==",
+      "dependencies": {
+        "call-me-maybe": "^1.0.1",
+        "oas-kit-common": "^1.0.8",
+        "oas-linter": "^3.2.2",
+        "oas-resolver": "^2.5.6",
+        "oas-schema-walker": "^1.1.5",
+        "reftools": "^1.1.9",
+        "should": "^13.2.1",
+        "yaml": "^1.10.0"
+      },
+      "funding": {
+        "url": "https://github.com/Mermade/oas-kit?sponsor=1"
+      }
+    },
+    "node_modules/object-assign": {
+      "version": "4.1.1",
+      "resolved": "https://registry.npmjs.org/object-assign/-/object-assign-4.1.1.tgz",
+      "integrity": "sha512-rJgTQnkUnH1sFw8yT6VSU3zD3sWmu6sZhIseY8VX+GRu3P6F7Fu+JNDoXfklElbLJSnc3FUQHVe4cU5hj+BcUg==",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/object-inspect": {
+      "version": "1.13.2",
+      "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.2.tgz",
+      "integrity": "sha512-IRZSRuzJiynemAXPYtPe5BoI/RESNYR7TYm50MC5Mqbd3Jmw5y790sErYw3V6SryFJD64b74qQQs9wn5Bg/k3g==",
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/object-is": {
+      "version": "1.1.6",
+      "resolved": "https://registry.npmjs.org/object-is/-/object-is-1.1.6.tgz",
+      "integrity": "sha512-F8cZ+KfGlSGi09lJT7/Nd6KJZ9ygtvYC0/UYYLI9nmQKLMnydpB9yvbv9K1uSkEu7FU9vYPmVwLg328tX+ot3Q==",
+      "dependencies": {
+        "call-bind": "^1.0.7",
+        "define-properties": "^1.2.1"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/object-keys": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/object-keys/-/object-keys-1.1.1.tgz",
+      "integrity": "sha512-NuAESUOUMrlIXOfHKzD6bpPu3tYt3xvjNdRIQ+FeT0lNb4K8WR70CaDxhuNguS2XG+GjkyMwOzsN5ZktImfhLA==",
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/object-treeify": {
+      "version": "1.1.33",
+      "resolved": "https://registry.npmjs.org/object-treeify/-/object-treeify-1.1.33.tgz",
+      "integrity": "sha512-EFVjAYfzWqWsBMRHPMAXLCDIJnpMhdWAqR7xG6M6a2cs6PMFpl/+Z20w9zDW4vkxOFfddegBKq9Rehd0bxWE7A==",
+      "engines": {
+        "node": ">= 10"
+      }
+    },
+    "node_modules/object.assign": {
+      "version": "4.1.5",
+      "resolved": "https://registry.npmjs.org/object.assign/-/object.assign-4.1.5.tgz",
+      "integrity": "sha512-byy+U7gp+FVwmyzKPYhW2h5l3crpmGsxl7X2s8y43IgxvG4g3QZ6CffDtsNQy1WsmZpQbO+ybo0AlW7TY6DcBQ==",
+      "dependencies": {
+        "call-bind": "^1.0.5",
+        "define-properties": "^1.2.1",
+        "has-symbols": "^1.0.3",
+        "object-keys": "^1.1.1"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/object.entries": {
+      "version": "1.1.8",
+      "resolved": "https://registry.npmjs.org/object.entries/-/object.entries-1.1.8.tgz",
+      "integrity": "sha512-cmopxi8VwRIAw/fkijJohSfpef5PdN0pMQJN6VC/ZKvn0LIknWD8KtgY6KlQdEc4tIjcQ3HxSMmnvtzIscdaYQ==",
+      "peer": true,
+      "dependencies": {
+        "call-bind": "^1.0.7",
+        "define-properties": "^1.2.1",
+        "es-object-atoms": "^1.0.0"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/object.values": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/object.values/-/object.values-1.2.0.tgz",
+      "integrity": "sha512-yBYjY9QX2hnRmZHAjG/f13MzmBzxzYgQhFrke06TTyKY5zSTEqkOeukBzIdVA3j3ulu8Qa3MbVFShV7T2RmGtQ==",
+      "peer": true,
+      "dependencies": {
+        "call-bind": "^1.0.7",
+        "define-properties": "^1.2.1",
+        "es-object-atoms": "^1.0.0"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/once": {
+      "version": "1.4.0",
+      "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz",
+      "integrity": "sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w==",
+      "dependencies": {
+        "wrappy": "1"
+      }
+    },
+    "node_modules/openapi-sampler": {
+      "version": "1.5.1",
+      "resolved": "https://registry.npmjs.org/openapi-sampler/-/openapi-sampler-1.5.1.tgz",
+      "integrity": "sha512-tIWIrZUKNAsbqf3bd9U1oH6JEXo8LNYuDlXw26By67EygpjT+ArFnsxxyTMjFWRfbqo5ozkvgSQDK69Gd8CddA==",
+      "dependencies": {
+        "@types/json-schema": "^7.0.7",
+        "json-pointer": "0.6.2"
+      }
+    },
+    "node_modules/optionator": {
+      "version": "0.8.3",
+      "resolved": "https://registry.npmjs.org/optionator/-/optionator-0.8.3.tgz",
+      "integrity": "sha512-+IW9pACdk3XWmmTXG8m3upGUJst5XRGzxMRjXzAuJ1XnIFNvfhjjIuYkDvysnPQ7qzqVzLt78BCruntqRhWQbA==",
+      "dependencies": {
+        "deep-is": "~0.1.3",
+        "fast-levenshtein": "~2.0.6",
+        "levn": "~0.3.0",
+        "prelude-ls": "~1.1.2",
+        "type-check": "~0.3.2",
+        "word-wrap": "~1.2.3"
+      },
+      "engines": {
+        "node": ">= 0.8.0"
+      }
+    },
+    "node_modules/parse5": {
+      "version": "7.2.1",
+      "resolved": "https://registry.npmjs.org/parse5/-/parse5-7.2.1.tgz",
+      "integrity": "sha512-BuBYQYlv1ckiPdQi/ohiivi9Sagc9JG+Ozs0r7b/0iK3sKmrb0b9FdWdBbOdx6hBCM/F9Ir82ofnBhtZOjCRPQ==",
+      "peer": true,
+      "dependencies": {
+        "entities": "^4.5.0"
+      },
+      "funding": {
+        "url": "https://github.com/inikulin/parse5?sponsor=1"
+      }
+    },
+    "node_modules/parse5-htmlparser2-tree-adapter": {
+      "version": "7.1.0",
+      "resolved": "https://registry.npmjs.org/parse5-htmlparser2-tree-adapter/-/parse5-htmlparser2-tree-adapter-7.1.0.tgz",
+      "integrity": "sha512-ruw5xyKs6lrpo9x9rCZqZZnIUntICjQAd0Wsmp396Ul9lN/h+ifgVV1x1gZHi8euej6wTfpqX8j+BFQxF0NS/g==",
+      "peer": true,
+      "dependencies": {
+        "domhandler": "^5.0.3",
+        "parse5": "^7.0.0"
+      },
+      "funding": {
+        "url": "https://github.com/inikulin/parse5?sponsor=1"
+      }
+    },
+    "node_modules/parse5-parser-stream": {
+      "version": "7.1.2",
+      "resolved": "https://registry.npmjs.org/parse5-parser-stream/-/parse5-parser-stream-7.1.2.tgz",
+      "integrity": "sha512-JyeQc9iwFLn5TbvvqACIF/VXG6abODeB3Fwmv/TGdLk2LfbWkaySGY72at4+Ty7EkPZj854u4CrICqNk2qIbow==",
+      "peer": true,
+      "dependencies": {
+        "parse5": "^7.0.0"
+      },
+      "funding": {
+        "url": "https://github.com/inikulin/parse5?sponsor=1"
+      }
+    },
+    "node_modules/password-prompt": {
+      "version": "1.1.3",
+      "resolved": "https://registry.npmjs.org/password-prompt/-/password-prompt-1.1.3.tgz",
+      "integrity": "sha512-HkrjG2aJlvF0t2BMH0e2LB/EHf3Lcq3fNMzy4GYHcQblAvOl+QQji1Lx7WRBMqpVK8p+KR7bCg7oqAMXtdgqyw==",
+      "dependencies": {
+        "ansi-escapes": "^4.3.2",
+        "cross-spawn": "^7.0.3"
+      }
+    },
+    "node_modules/path-browserify": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/path-browserify/-/path-browserify-1.0.1.tgz",
+      "integrity": "sha512-b7uo2UCUOYZcnF/3ID0lulOJi/bafxa1xPe7ZPsammBSpjSWQkjNxlt635YGS2MiR9GjvuXCtz2emr3jbsz98g=="
+    },
+    "node_modules/path-is-absolute": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz",
+      "integrity": "sha512-AVbw3UJ2e9bq64vSaS9Am0fje1Pa8pbGqTTsmXfaIiMpnr5DlDhfJOuLj9Sf95ZPVDAUerDfEk88MPmPe7UCQg==",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/path-key": {
+      "version": "3.1.1",
+      "resolved": "https://registry.npmjs.org/path-key/-/path-key-3.1.1.tgz",
+      "integrity": "sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/path-type": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/path-type/-/path-type-4.0.0.tgz",
+      "integrity": "sha512-gDKb8aZMDeD/tZWs9P6+q0J9Mwkdl6xMV8TjnGP3qJVJ06bdMgkbBlLU8IdfOsIsFz2BW1rNVT3XuNEl8zPAvw==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/perfect-scrollbar": {
+      "version": "1.5.6",
+      "resolved": "https://registry.npmjs.org/perfect-scrollbar/-/perfect-scrollbar-1.5.6.tgz",
+      "integrity": "sha512-rixgxw3SxyJbCaSpo1n35A/fwI1r2rdwMKOTCg/AcG+xOEyZcE8UHVjpZMFCVImzsFoCZeJTT+M/rdEIQYO2nw=="
+    },
+    "node_modules/performance-now": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/performance-now/-/performance-now-2.1.0.tgz",
+      "integrity": "sha512-7EAHlyLHI56VEIdK57uwHdHKIaAGbnXPiw0yWbarQZOKaKpvUIgW0jWRVLiatnM+XXlSwsanIBH/hzGMJulMow==",
+      "peer": true
+    },
+    "node_modules/picocolors": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/picocolors/-/picocolors-1.1.1.tgz",
+      "integrity": "sha512-xceH2snhtb5M9liqDsmEw56le376mTZkEX/jEb/RxNFyegNul7eNslCXP9FDj/Lcu0X8KEyMceP2ntpaHrDEVA=="
+    },
+    "node_modules/picomatch": {
+      "version": "2.3.1",
+      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz",
+      "integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==",
+      "engines": {
+        "node": ">=8.6"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/jonschlinkert"
+      }
+    },
+    "node_modules/pluralize": {
+      "version": "8.0.0",
+      "resolved": "https://registry.npmjs.org/pluralize/-/pluralize-8.0.0.tgz",
+      "integrity": "sha512-Nc3IT5yHzflTfbjgqWcCPpo7DaKy4FnpB0l/zCAW0Tc7jxAiuqSxHasntB3D7887LSrA93kDJ9IXovxJYxyLCA==",
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/polished": {
+      "version": "4.3.1",
+      "resolved": "https://registry.npmjs.org/polished/-/polished-4.3.1.tgz",
+      "integrity": "sha512-OBatVyC/N7SCW/FaDHrSd+vn0o5cS855TOmYi4OkdWUMSJCET/xip//ch8xGUvtr3i44X9LVyWwQlRMTN3pwSA==",
+      "dependencies": {
+        "@babel/runtime": "^7.17.8"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/possible-typed-array-names": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/possible-typed-array-names/-/possible-typed-array-names-1.0.0.tgz",
+      "integrity": "sha512-d7Uw+eZoloe0EHDIYoe+bQ5WXnGMOpmiZFTuMWCwpjzzkL2nTjcKiAk4hh8TjnGye2TwWOk3UXucZ+3rbmBa8Q==",
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/postcss": {
+      "version": "8.4.38",
+      "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.38.tgz",
+      "integrity": "sha512-Wglpdk03BSfXkHoQa3b/oulrotAkwrlLDRSOb9D0bN86FdRyE9lppSp33aHNPgBa0JKCoB+drFLZkQoRRYae5A==",
+      "funding": [
+        {
+          "type": "opencollective",
+          "url": "https://opencollective.com/postcss/"
+        },
+        {
+          "type": "tidelift",
+          "url": "https://tidelift.com/funding/github/npm/postcss"
+        },
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/ai"
+        }
+      ],
+      "dependencies": {
+        "nanoid": "^3.3.7",
+        "picocolors": "^1.0.0",
+        "source-map-js": "^1.2.0"
+      },
+      "engines": {
+        "node": "^10 || ^12 || >=14"
+      }
+    },
+    "node_modules/postcss-value-parser": {
+      "version": "4.2.0",
+      "resolved": "https://registry.npmjs.org/postcss-value-parser/-/postcss-value-parser-4.2.0.tgz",
+      "integrity": "sha512-1NNCs6uurfkVbeXG4S8JFT9t19m45ICnif8zWLd5oPSZ50QnwMfK+H3jv408d4jw/7Bttv5axS5IiHoLaVNHeQ=="
+    },
+    "node_modules/prelude-ls": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/prelude-ls/-/prelude-ls-1.1.2.tgz",
+      "integrity": "sha512-ESF23V4SKG6lVSGZgYNpbsiaAkdab6ZgOxe52p7+Kid3W3u3bxR4Vfd/o21dmN7jSt0IwgZ4v5MUd26FEtXE9w==",
+      "engines": {
+        "node": ">= 0.8.0"
+      }
+    },
+    "node_modules/prismjs": {
+      "version": "1.29.0",
+      "resolved": "https://registry.npmjs.org/prismjs/-/prismjs-1.29.0.tgz",
+      "integrity": "sha512-Kx/1w86q/epKcmte75LNrEoT+lX8pBpavuAbvJWRXar7Hz8jrtF+e3vY751p0R8H9HdArwaCTNDDzHg/ScJK1Q==",
+      "engines": {
+        "node": ">=6"
+      }
+    },
+    "node_modules/prop-types": {
+      "version": "15.8.1",
+      "resolved": "https://registry.npmjs.org/prop-types/-/prop-types-15.8.1.tgz",
+      "integrity": "sha512-oj87CgZICdulUohogVAR7AjlC0327U4el4L6eAvOqCeudMDVU0NThNaV+b9Df4dXgSP1gXMTnPdhfe/2qDH5cg==",
+      "dependencies": {
+        "loose-envify": "^1.4.0",
+        "object-assign": "^4.1.1",
+        "react-is": "^16.13.1"
+      }
+    },
+    "node_modules/prop-types/node_modules/react-is": {
+      "version": "16.13.1",
+      "resolved": "https://registry.npmjs.org/react-is/-/react-is-16.13.1.tgz",
+      "integrity": "sha512-24e6ynE2H+OKt4kqsOvNd8kBpV65zoxbA4BVsEOB3ARVWQki/DHzaUoC5KuON/BiccDaCCTZBuOcfZs70kR8bQ=="
+    },
+    "node_modules/proxy-from-env": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-1.1.0.tgz",
+      "integrity": "sha512-D+zkORCbA9f1tdWRK0RaCR3GPv50cMxcrz4X8k5LTSUD1Dkw47mKJEZQNunItRTkWwgtaUSo1RVFRIG9ZXiFYg=="
+    },
+    "node_modules/queue-microtask": {
+      "version": "1.2.3",
+      "resolved": "https://registry.npmjs.org/queue-microtask/-/queue-microtask-1.2.3.tgz",
+      "integrity": "sha512-NuaNSa6flKT5JaSYQzJok04JzTL1CA6aGhv5rfLW3PgqA+M2ChpZQnAC8h8i4ZFkBS8X5RqkDBHA7r4hej3K9A==",
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/feross"
+        },
+        {
+          "type": "patreon",
+          "url": "https://www.patreon.com/feross"
+        },
+        {
+          "type": "consulting",
+          "url": "https://feross.org/support"
+        }
+      ]
+    },
+    "node_modules/raf": {
+      "version": "3.4.1",
+      "resolved": "https://registry.npmjs.org/raf/-/raf-3.4.1.tgz",
+      "integrity": "sha512-Sq4CW4QhwOHE8ucn6J34MqtZCeWFP2aQSmrlroYgqAV1PjStIhJXxYuTgUIfkEk7zTLjmIjLmU5q+fbD1NnOJA==",
+      "peer": true,
+      "dependencies": {
+        "performance-now": "^2.1.0"
+      }
+    },
+    "node_modules/railroad-diagrams": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/railroad-diagrams/-/railroad-diagrams-1.0.0.tgz",
+      "integrity": "sha512-cz93DjNeLY0idrCNOH6PviZGRN9GJhsdm9hpn1YCS879fj4W+x5IFJhhkRZcwVgMmFF7R82UA/7Oh+R8lLZg6A==",
+      "peer": true
+    },
+    "node_modules/randexp": {
+      "version": "0.4.6",
+      "resolved": "https://registry.npmjs.org/randexp/-/randexp-0.4.6.tgz",
+      "integrity": "sha512-80WNmd9DA0tmZrw9qQa62GPPWfuXJknrmVmLcxvq4uZBdYqb1wYoKTmnlGUchvVWe0XiLupYkBoXVOxz3C8DYQ==",
+      "peer": true,
+      "dependencies": {
+        "discontinuous-range": "1.0.0",
+        "ret": "~0.1.10"
+      },
+      "engines": {
+        "node": ">=0.12"
+      }
+    },
+    "node_modules/randombytes": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/randombytes/-/randombytes-2.1.0.tgz",
+      "integrity": "sha512-vYl3iOX+4CKUWuxGi9Ukhie6fsqXqS9FE2Zaic4tNFD2N2QQaXOMFbuKK4QmDHC0JO6B1Zp41J0LpT0oR68amQ==",
+      "dependencies": {
+        "safe-buffer": "^5.1.0"
+      }
+    },
+    "node_modules/react": {
+      "version": "18.3.1",
+      "resolved": "https://registry.npmjs.org/react/-/react-18.3.1.tgz",
+      "integrity": "sha512-wS+hAgJShR0KhEvPJArfuPVN1+Hz1t0Y6n5jLrGQbkb4urgPE/0Rve+1kMB1v/oWgHgm4WIcV+i7F2pTVj+2iQ==",
+      "dependencies": {
+        "loose-envify": "^1.1.0"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/react-dom": {
+      "version": "18.3.1",
+      "resolved": "https://registry.npmjs.org/react-dom/-/react-dom-18.3.1.tgz",
+      "integrity": "sha512-5m4nQKp+rZRb09LNH59GM4BxTh9251/ylbKIbpe7TpGxfJ+9kv6BLkLBXIjjspbgbnIBNqlI23tRnTWT0snUIw==",
+      "dependencies": {
+        "loose-envify": "^1.1.0",
+        "scheduler": "^0.23.2"
+      },
+      "peerDependencies": {
+        "react": "^18.3.1"
+      }
+    },
+    "node_modules/react-is": {
+      "version": "18.3.1",
+      "resolved": "https://registry.npmjs.org/react-is/-/react-is-18.3.1.tgz",
+      "integrity": "sha512-/LLMVyas0ljjAtoYiPqYiL8VWXzUUdThrmU5+n20DZv+a+ClRoevUzw5JxU+Ieh5/c87ytoTBV9G1FiKfNJdmg=="
+    },
+    "node_modules/react-shallow-renderer": {
+      "version": "16.15.0",
+      "resolved": "https://registry.npmjs.org/react-shallow-renderer/-/react-shallow-renderer-16.15.0.tgz",
+      "integrity": "sha512-oScf2FqQ9LFVQgA73vr86xl2NaOIX73rh+YFqcOp68CWj56tSfgtGKrEbyhCj0rSijyG9M1CYprTh39fBi5hzA==",
+      "dependencies": {
+        "object-assign": "^4.1.1",
+        "react-is": "^16.12.0 || ^17.0.0 || ^18.0.0"
+      },
+      "peerDependencies": {
+        "react": "^16.0.0 || ^17.0.0 || ^18.0.0"
+      }
+    },
+    "node_modules/react-tabs": {
+      "version": "6.0.2",
+      "resolved": "https://registry.npmjs.org/react-tabs/-/react-tabs-6.0.2.tgz",
+      "integrity": "sha512-aQXTKolnM28k3KguGDBSAbJvcowOQr23A+CUJdzJtOSDOtTwzEaJA+1U4KwhNL9+Obe+jFS7geuvA7ICQPXOnQ==",
+      "dependencies": {
+        "clsx": "^2.0.0",
+        "prop-types": "^15.5.0"
+      },
+      "peerDependencies": {
+        "react": "^18.0.0"
+      }
+    },
+    "node_modules/readable-stream": {
+      "version": "3.6.2",
+      "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-3.6.2.tgz",
+      "integrity": "sha512-9u/sniCrY3D5WdsERHzHE4G2YCXqoG5FTHUiCC4SIbr6XcLZBY05ya9EKjYek9O5xOAwjGq+1JdGBAS7Q9ScoA==",
+      "dependencies": {
+        "inherits": "^2.0.3",
+        "string_decoder": "^1.1.1",
+        "util-deprecate": "^1.0.1"
+      },
+      "engines": {
+        "node": ">= 6"
+      }
+    },
+    "node_modules/readdirp": {
+      "version": "3.6.0",
+      "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-3.6.0.tgz",
+      "integrity": "sha512-hOS089on8RduqdbhvQ5Z37A0ESjsqz6qnRcffsMU3495FuTdqSm+7bhJ29JvIOsBDEEnan5DPu9t3To9VRlMzA==",
+      "dependencies": {
+        "picomatch": "^2.2.1"
+      },
+      "engines": {
+        "node": ">=8.10.0"
+      }
+    },
+    "node_modules/redeyed": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/redeyed/-/redeyed-2.1.1.tgz",
+      "integrity": "sha512-FNpGGo1DycYAdnrKFxCMmKYgo/mILAqtRYbkdQD8Ep/Hk2PQ5+aEAEx+IU713RTDmuBaH0c8P5ZozurNu5ObRQ==",
+      "dependencies": {
+        "esprima": "~4.0.0"
+      }
+    },
+    "node_modules/redeyed/node_modules/esprima": {
+      "version": "4.0.1",
+      "resolved": "https://registry.npmjs.org/esprima/-/esprima-4.0.1.tgz",
+      "integrity": "sha512-eGuFFw7Upda+g4p+QHvnW0RyTX/SVeJBDM/gCtMARO0cLuT2HcEKnTPvhjV6aGeqrCB/sbNop0Kszm0jsaWU4A==",
+      "bin": {
+        "esparse": "bin/esparse.js",
+        "esvalidate": "bin/esvalidate.js"
+      },
+      "engines": {
+        "node": ">=4"
+      }
+    },
+    "node_modules/redoc": {
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/redoc/-/redoc-2.2.0.tgz",
+      "integrity": "sha512-52rz/xJtpUBc3Y/GAkaX03czKhQXTxoU7WnkXNzRLuGwiGb/iEO4OgwcgQqtwHWrYNaZXTyqZ4MAVXpi/e1gAg==",
+      "dependencies": {
+        "@cfaester/enzyme-adapter-react-18": "^0.8.0",
+        "@redocly/openapi-core": "^1.4.0",
+        "classnames": "^2.3.2",
+        "decko": "^1.2.0",
+        "dompurify": "^3.0.6",
+        "eventemitter3": "^5.0.1",
+        "json-pointer": "^0.6.2",
+        "lunr": "^2.3.9",
+        "mark.js": "^8.11.1",
+        "marked": "^4.3.0",
+        "mobx-react": "^9.1.1",
+        "openapi-sampler": "^1.5.0",
+        "path-browserify": "^1.0.1",
+        "perfect-scrollbar": "^1.5.5",
+        "polished": "^4.2.2",
+        "prismjs": "^1.29.0",
+        "prop-types": "^15.8.1",
+        "react-tabs": "^6.0.2",
+        "slugify": "~1.4.7",
+        "stickyfill": "^1.1.1",
+        "swagger2openapi": "^7.0.8",
+        "url-template": "^2.0.8"
+      },
+      "engines": {
+        "node": ">=6.9",
+        "npm": ">=3.0.0"
+      },
+      "peerDependencies": {
+        "core-js": "^3.1.4",
+        "mobx": "^6.0.4",
+        "react": "^16.8.4 || ^17.0.0 || ^18.0.0",
+        "react-dom": "^16.8.4 || ^17.0.0 || ^18.0.0",
+        "styled-components": "^4.1.1 || ^5.1.1 || ^6.0.5"
+      }
+    },
+    "node_modules/reftools": {
+      "version": "1.1.9",
+      "resolved": "https://registry.npmjs.org/reftools/-/reftools-1.1.9.tgz",
+      "integrity": "sha512-OVede/NQE13xBQ+ob5CKd5KyeJYU2YInb1bmV4nRoOfquZPkAkxuOXicSe1PvqIuZZ4kD13sPKBbR7UFDmli6w==",
+      "funding": {
+        "url": "https://github.com/Mermade/oas-kit?sponsor=1"
+      }
+    },
+    "node_modules/regenerator-runtime": {
+      "version": "0.14.1",
+      "resolved": "https://registry.npmjs.org/regenerator-runtime/-/regenerator-runtime-0.14.1.tgz",
+      "integrity": "sha512-dYnhHh0nJoMfnkZs6GmmhFknAGRrLznOu5nc9ML+EJxGvrx6H7teuevqVqCuPcPK//3eDrrjQhehXVx9cnkGdw=="
+    },
+    "node_modules/regexp.prototype.flags": {
+      "version": "1.5.3",
+      "resolved": "https://registry.npmjs.org/regexp.prototype.flags/-/regexp.prototype.flags-1.5.3.tgz",
+      "integrity": "sha512-vqlC04+RQoFalODCbCumG2xIOvapzVMHwsyIGM/SIE8fRhFFsXeH8/QQ+s0T0kDAhKc4k30s73/0ydkHQz6HlQ==",
+      "dependencies": {
+        "call-bind": "^1.0.7",
+        "define-properties": "^1.2.1",
+        "es-errors": "^1.3.0",
+        "set-function-name": "^2.0.2"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/require-directory": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/require-directory/-/require-directory-2.1.1.tgz",
+      "integrity": "sha512-fGxEI7+wsG9xrvdjsrlmL22OMTTiHRwAMroiEeMgq8gzoLC/PQr7RsRDSTLUg/bZAZtF+TVIkHc6/4RIKrui+Q==",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/require-from-string": {
+      "version": "2.0.2",
+      "resolved": "https://registry.npmjs.org/require-from-string/-/require-from-string-2.0.2.tgz",
+      "integrity": "sha512-Xf0nWe6RseziFMu+Ap9biiUbmplq6S9/p+7w7YXP/JBHhrUDDUhwa+vANyubuqfZWTveU//DYVGsDG7RKL/vEw==",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/ret": {
+      "version": "0.1.15",
+      "resolved": "https://registry.npmjs.org/ret/-/ret-0.1.15.tgz",
+      "integrity": "sha512-TTlYpa+OL+vMMNG24xSlQGEJ3B/RzEfUlLct7b5G/ytav+wPrplCpVMFuwzXbkecJrb6IYo1iFb0S9v37754mg==",
+      "peer": true,
+      "engines": {
+        "node": ">=0.12"
+      }
+    },
+    "node_modules/reusify": {
+      "version": "1.0.4",
+      "resolved": "https://registry.npmjs.org/reusify/-/reusify-1.0.4.tgz",
+      "integrity": "sha512-U9nH88a3fc/ekCF1l0/UP1IosiuIjyTh7hBvXVMHYgVcfGvt897Xguj2UOLDeI5BG2m7/uwyaLVT6fbtCwTyzw==",
+      "engines": {
+        "iojs": ">=1.0.0",
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/rst-selector-parser": {
+      "version": "2.2.3",
+      "resolved": "https://registry.npmjs.org/rst-selector-parser/-/rst-selector-parser-2.2.3.tgz",
+      "integrity": "sha512-nDG1rZeP6oFTLN6yNDV/uiAvs1+FS/KlrEwh7+y7dpuApDBy6bI2HTBcc0/V8lv9OTqfyD34eF7au2pm8aBbhA==",
+      "peer": true,
+      "dependencies": {
+        "lodash.flattendeep": "^4.4.0",
+        "nearley": "^2.7.10"
+      }
+    },
+    "node_modules/run-parallel": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/run-parallel/-/run-parallel-1.2.0.tgz",
+      "integrity": "sha512-5l4VyZR86LZ/lDxZTR6jqL8AFE2S0IFLMP26AbjsLVADxHdhB/c0GUsH+y39UfCi3dzz8OlQuPmnaJOMoDHQBA==",
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/feross"
+        },
+        {
+          "type": "patreon",
+          "url": "https://www.patreon.com/feross"
+        },
+        {
+          "type": "consulting",
+          "url": "https://feross.org/support"
+        }
+      ],
+      "dependencies": {
+        "queue-microtask": "^1.2.2"
+      }
+    },
+    "node_modules/safe-array-concat": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/safe-array-concat/-/safe-array-concat-1.1.2.tgz",
+      "integrity": "sha512-vj6RsCsWBCf19jIeHEfkRMw8DPiBb+DMXklQ/1SGDHOMlHdPUkZXFQ2YdplS23zESTijAcurb1aSgJA3AgMu1Q==",
+      "dependencies": {
+        "call-bind": "^1.0.7",
+        "get-intrinsic": "^1.2.4",
+        "has-symbols": "^1.0.3",
+        "isarray": "^2.0.5"
+      },
+      "engines": {
+        "node": ">=0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/safe-buffer": {
+      "version": "5.2.1",
+      "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz",
+      "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==",
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/feross"
+        },
+        {
+          "type": "patreon",
+          "url": "https://www.patreon.com/feross"
+        },
+        {
+          "type": "consulting",
+          "url": "https://feross.org/support"
+        }
+      ]
+    },
+    "node_modules/safe-regex-test": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/safe-regex-test/-/safe-regex-test-1.0.3.tgz",
+      "integrity": "sha512-CdASjNJPvRa7roO6Ra/gLYBTzYzzPyyBXxIMdGW3USQLyjWEls2RgW5UBTXaQVp+OrpeCK3bLem8smtmheoRuw==",
+      "dependencies": {
+        "call-bind": "^1.0.6",
+        "es-errors": "^1.3.0",
+        "is-regex": "^1.1.4"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/safer-buffer": {
+      "version": "2.1.2",
+      "resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz",
+      "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==",
+      "peer": true
+    },
+    "node_modules/scheduler": {
+      "version": "0.23.2",
+      "resolved": "https://registry.npmjs.org/scheduler/-/scheduler-0.23.2.tgz",
+      "integrity": "sha512-UOShsPwz7NrMUqhR6t0hWjFduvOzbtv7toDH1/hIrfRNIDBnnBWd0CwJTGvTpngVlmwGCdP9/Zl/tVrDqcuYzQ==",
+      "dependencies": {
+        "loose-envify": "^1.1.0"
+      }
+    },
+    "node_modules/semver": {
+      "version": "7.6.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/set-function-length": {
+      "version": "1.2.2",
+      "resolved": "https://registry.npmjs.org/set-function-length/-/set-function-length-1.2.2.tgz",
+      "integrity": "sha512-pgRc4hJ4/sNjWCSS9AmnS40x3bNMDTknHgL5UaMBTMyJnU90EgWh1Rz+MC9eFu4BuN/UwZjKQuY/1v3rM7HMfg==",
+      "dependencies": {
+        "define-data-property": "^1.1.4",
+        "es-errors": "^1.3.0",
+        "function-bind": "^1.1.2",
+        "get-intrinsic": "^1.2.4",
+        "gopd": "^1.0.1",
+        "has-property-descriptors": "^1.0.2"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/set-function-name": {
+      "version": "2.0.2",
+      "resolved": "https://registry.npmjs.org/set-function-name/-/set-function-name-2.0.2.tgz",
+      "integrity": "sha512-7PGFlmtwsEADb0WYyvCMa1t+yke6daIG4Wirafur5kcf+MhUnPms1UeR0CKQdTZD81yESwMHbtn+TR+dMviakQ==",
+      "dependencies": {
+        "define-data-property": "^1.1.4",
+        "es-errors": "^1.3.0",
+        "functions-have-names": "^1.2.3",
+        "has-property-descriptors": "^1.0.2"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/shallowequal": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/shallowequal/-/shallowequal-1.1.0.tgz",
+      "integrity": "sha512-y0m1JoUZSlPAjXVtPPW70aZWfIL/dSP7AFkRnniLCrK/8MDKog3TySTBmckD+RObVxH0v4Tox67+F14PdED2oQ=="
+    },
+    "node_modules/shebang-command": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/shebang-command/-/shebang-command-2.0.0.tgz",
+      "integrity": "sha512-kHxr2zZpYtdmrN1qDjrrX/Z1rR1kG8Dx+gkpK1G4eXmvXswmcE1hTWBWYUzlraYw1/yZp6YuDY77YtvbN0dmDA==",
+      "dependencies": {
+        "shebang-regex": "^3.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/shebang-regex": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/shebang-regex/-/shebang-regex-3.0.0.tgz",
+      "integrity": "sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/should": {
+      "version": "13.2.3",
+      "resolved": "https://registry.npmjs.org/should/-/should-13.2.3.tgz",
+      "integrity": "sha512-ggLesLtu2xp+ZxI+ysJTmNjh2U0TsC+rQ/pfED9bUZZ4DKefP27D+7YJVVTvKsmjLpIi9jAa7itwDGkDDmt1GQ==",
+      "dependencies": {
+        "should-equal": "^2.0.0",
+        "should-format": "^3.0.3",
+        "should-type": "^1.4.0",
+        "should-type-adaptors": "^1.0.1",
+        "should-util": "^1.0.0"
+      }
+    },
+    "node_modules/should-equal": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/should-equal/-/should-equal-2.0.0.tgz",
+      "integrity": "sha512-ZP36TMrK9euEuWQYBig9W55WPC7uo37qzAEmbjHz4gfyuXrEUgF8cUvQVO+w+d3OMfPvSRQJ22lSm8MQJ43LTA==",
+      "dependencies": {
+        "should-type": "^1.4.0"
+      }
+    },
+    "node_modules/should-format": {
+      "version": "3.0.3",
+      "resolved": "https://registry.npmjs.org/should-format/-/should-format-3.0.3.tgz",
+      "integrity": "sha512-hZ58adtulAk0gKtua7QxevgUaXTTXxIi8t41L3zo9AHvjXO1/7sdLECuHeIN2SRtYXpNkmhoUP2pdeWgricQ+Q==",
+      "dependencies": {
+        "should-type": "^1.3.0",
+        "should-type-adaptors": "^1.0.1"
+      }
+    },
+    "node_modules/should-type": {
+      "version": "1.4.0",
+      "resolved": "https://registry.npmjs.org/should-type/-/should-type-1.4.0.tgz",
+      "integrity": "sha512-MdAsTu3n25yDbIe1NeN69G4n6mUnJGtSJHygX3+oN0ZbO3DTiATnf7XnYJdGT42JCXurTb1JI0qOBR65shvhPQ=="
+    },
+    "node_modules/should-type-adaptors": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/should-type-adaptors/-/should-type-adaptors-1.1.0.tgz",
+      "integrity": "sha512-JA4hdoLnN+kebEp2Vs8eBe9g7uy0zbRo+RMcU0EsNy+R+k049Ki+N5tT5Jagst2g7EAja+euFuoXFCa8vIklfA==",
+      "dependencies": {
+        "should-type": "^1.3.0",
+        "should-util": "^1.0.0"
+      }
+    },
+    "node_modules/should-util": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/should-util/-/should-util-1.0.1.tgz",
+      "integrity": "sha512-oXF8tfxx5cDk8r2kYqlkUJzZpDBqVY/II2WhvU0n9Y3XYvAYRmeaf1PvvIvTgPnv4KJ+ES5M0PyDq5Jp+Ygy2g=="
+    },
+    "node_modules/side-channel": {
+      "version": "1.0.6",
+      "resolved": "https://registry.npmjs.org/side-channel/-/side-channel-1.0.6.tgz",
+      "integrity": "sha512-fDW/EZ6Q9RiO8eFG8Hj+7u/oW+XrPTIChwCOM2+th2A6OblDtYYIpve9m+KvI9Z4C9qSEXlaGR6bTEYHReuglA==",
+      "dependencies": {
+        "call-bind": "^1.0.7",
+        "es-errors": "^1.3.0",
+        "get-intrinsic": "^1.2.4",
+        "object-inspect": "^1.13.1"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/simple-websocket": {
+      "version": "9.1.0",
+      "resolved": "https://registry.npmjs.org/simple-websocket/-/simple-websocket-9.1.0.tgz",
+      "integrity": "sha512-8MJPnjRN6A8UCp1I+H/dSFyjwJhp6wta4hsVRhjf8w9qBHRzxYt14RaOcjvQnhD1N4yKOddEjflwMnQM4VtXjQ==",
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/feross"
+        },
+        {
+          "type": "patreon",
+          "url": "https://www.patreon.com/feross"
+        },
+        {
+          "type": "consulting",
+          "url": "https://feross.org/support"
+        }
+      ],
+      "dependencies": {
+        "debug": "^4.3.1",
+        "queue-microtask": "^1.2.2",
+        "randombytes": "^2.1.0",
+        "readable-stream": "^3.6.0",
+        "ws": "^7.4.2"
+      }
+    },
+    "node_modules/sisteransi": {
+      "version": "1.0.5",
+      "resolved": "https://registry.npmjs.org/sisteransi/-/sisteransi-1.0.5.tgz",
+      "integrity": "sha512-bLGGlR1QxBcynn2d5YmDX4MGjlZvy2MRBDRNHLJ8VI6l6+9FUiyTFNJ0IveOSP0bcXgVDPRcfGqA0pjaqUpfVg=="
+    },
+    "node_modules/slash": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/slash/-/slash-3.0.0.tgz",
+      "integrity": "sha512-g9Q1haeby36OSStwb4ntCGGGaKsaVSjQ68fBxoQcutl5fS1vuY18H3wSt3jFyFtrkx+Kz0V1G85A4MyAdDMi2Q==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/slice-ansi": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/slice-ansi/-/slice-ansi-4.0.0.tgz",
+      "integrity": "sha512-qMCMfhY040cVHT43K9BFygqYbUPFZKHOg7K73mtTWJRb8pyP3fzf4Ixd5SzdEJQ6MRUg/WBnOLxghZtKKurENQ==",
+      "dependencies": {
+        "ansi-styles": "^4.0.0",
+        "astral-regex": "^2.0.0",
+        "is-fullwidth-code-point": "^3.0.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/slice-ansi?sponsor=1"
+      }
+    },
+    "node_modules/slugify": {
+      "version": "1.4.7",
+      "resolved": "https://registry.npmjs.org/slugify/-/slugify-1.4.7.tgz",
+      "integrity": "sha512-tf+h5W1IrjNm/9rKKj0JU2MDMruiopx0jjVA5zCdBtcGjfp0+c5rHw/zADLC3IeKlGHtVbHtpfzvYA0OYT+HKg==",
+      "engines": {
+        "node": ">=8.0.0"
+      }
+    },
+    "node_modules/source-map": {
+      "version": "0.6.1",
+      "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz",
+      "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/source-map-js": {
+      "version": "1.2.1",
+      "resolved": "https://registry.npmjs.org/source-map-js/-/source-map-js-1.2.1.tgz",
+      "integrity": "sha512-UXWMKhLOwVKb728IUtQPXxfYU+usdybtUrK/8uGE8CQMvrhOpwvzDBwj0QhSL7MQc7vIsISBG8VQ8+IDQxpfQA==",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/sprintf-js": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz",
+      "integrity": "sha512-D9cPgkvLlV3t3IzL0D0YLvGA9Ahk4PcvVwUbN0dSGr1aP0Nrt4AEnTUbuGvquEC0mA64Gqt1fzirlRs5ibXx8g=="
+    },
+    "node_modules/static-eval": {
+      "version": "2.0.2",
+      "resolved": "https://registry.npmjs.org/static-eval/-/static-eval-2.0.2.tgz",
+      "integrity": "sha512-N/D219Hcr2bPjLxPiV+TQE++Tsmrady7TqAJugLy7Xk1EumfDWS/f5dtBbkRCGE7wKKXuYockQoj8Rm2/pVKyg==",
+      "dependencies": {
+        "escodegen": "^1.8.1"
+      }
+    },
+    "node_modules/stickyfill": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/stickyfill/-/stickyfill-1.1.1.tgz",
+      "integrity": "sha512-GCp7vHAfpao+Qh/3Flh9DXEJ/qSi0KJwJw6zYlZOtRYXWUIpMM6mC2rIep/dK8RQqwW0KxGJIllmjPIBOGN8AA=="
+    },
+    "node_modules/string_decoder": {
+      "version": "1.3.0",
+      "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.3.0.tgz",
+      "integrity": "sha512-hkRX8U1WjJFd8LsDJ2yQ/wWWxaopEsABU1XfkM8A+j0+85JAGppt16cr1Whg6KIbb4okU6Mql6BOj+uup/wKeA==",
+      "dependencies": {
+        "safe-buffer": "~5.2.0"
+      }
+    },
+    "node_modules/string-width": {
+      "version": "4.2.3",
+      "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz",
+      "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==",
+      "dependencies": {
+        "emoji-regex": "^8.0.0",
+        "is-fullwidth-code-point": "^3.0.0",
+        "strip-ansi": "^6.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/string.prototype.trim": {
+      "version": "1.2.9",
+      "resolved": "https://registry.npmjs.org/string.prototype.trim/-/string.prototype.trim-1.2.9.tgz",
+      "integrity": "sha512-klHuCNxiMZ8MlsOihJhJEBJAiMVqU3Z2nEXWfWnIqjN0gEFS9J9+IxKozWWtQGcgoa1WUZzLjKPTr4ZHNFTFxw==",
+      "dependencies": {
+        "call-bind": "^1.0.7",
+        "define-properties": "^1.2.1",
+        "es-abstract": "^1.23.0",
+        "es-object-atoms": "^1.0.0"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/string.prototype.trimend": {
+      "version": "1.0.8",
+      "resolved": "https://registry.npmjs.org/string.prototype.trimend/-/string.prototype.trimend-1.0.8.tgz",
+      "integrity": "sha512-p73uL5VCHCO2BZZ6krwwQE3kCzM7NKmis8S//xEC6fQonchbum4eP6kR4DLEjQFO3Wnj3Fuo8NM0kOSjVdHjZQ==",
+      "dependencies": {
+        "call-bind": "^1.0.7",
+        "define-properties": "^1.2.1",
+        "es-object-atoms": "^1.0.0"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/string.prototype.trimstart": {
+      "version": "1.0.8",
+      "resolved": "https://registry.npmjs.org/string.prototype.trimstart/-/string.prototype.trimstart-1.0.8.tgz",
+      "integrity": "sha512-UXSH262CSZY1tfu3G3Secr6uGLCFVPMhIqHjlgCUtCCcgihYc/xKs9djMTMUOb2j1mVSeU8EU6NWc/iQKU6Gfg==",
+      "dependencies": {
+        "call-bind": "^1.0.7",
+        "define-properties": "^1.2.1",
+        "es-object-atoms": "^1.0.0"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/strip-ansi": {
+      "version": "6.0.1",
+      "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz",
+      "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==",
+      "dependencies": {
+        "ansi-regex": "^5.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/styled-components": {
+      "version": "6.1.13",
+      "resolved": "https://registry.npmjs.org/styled-components/-/styled-components-6.1.13.tgz",
+      "integrity": "sha512-M0+N2xSnAtwcVAQeFEsGWFFxXDftHUD7XrKla06QbpUMmbmtFBMMTcKWvFXtWxuD5qQkB8iU5gk6QASlx2ZRMw==",
+      "dependencies": {
+        "@emotion/is-prop-valid": "1.2.2",
+        "@emotion/unitless": "0.8.1",
+        "@types/stylis": "4.2.5",
+        "css-to-react-native": "3.2.0",
+        "csstype": "3.1.3",
+        "postcss": "8.4.38",
+        "shallowequal": "1.1.0",
+        "stylis": "4.3.2",
+        "tslib": "2.6.2"
+      },
+      "engines": {
+        "node": ">= 16"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/styled-components"
+      },
+      "peerDependencies": {
+        "react": ">= 16.8.0",
+        "react-dom": ">= 16.8.0"
+      }
+    },
+    "node_modules/styled-components/node_modules/tslib": {
+      "version": "2.6.2",
+      "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.6.2.tgz",
+      "integrity": "sha512-AEYxH93jGFPn/a2iVAwW87VuUIkR1FVUKB77NwMF7nBTDkDrrT/Hpt/IrCJ0QXhW27jTBDcf5ZY7w6RiqTMw2Q=="
+    },
+    "node_modules/stylis": {
+      "version": "4.3.2",
+      "resolved": "https://registry.npmjs.org/stylis/-/stylis-4.3.2.tgz",
+      "integrity": "sha512-bhtUjWd/z6ltJiQwg0dUfxEJ+W+jdqQd8TbWLWyeIJHlnsqmGLRFFd8e5mA0AZi/zx90smXRlN66YMTcaSFifg=="
+    },
+    "node_modules/supports-color": {
+      "version": "8.1.1",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-8.1.1.tgz",
+      "integrity": "sha512-MpUEN2OodtUzxvKQl72cUF7RQ5EiHsGvSsVG0ia9c5RbWGL2CI4C7EpPS8UTBIplnlzZiNuV56w+FuNxy3ty2Q==",
+      "dependencies": {
+        "has-flag": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/supports-color?sponsor=1"
+      }
+    },
+    "node_modules/supports-hyperlinks": {
+      "version": "2.3.0",
+      "resolved": "https://registry.npmjs.org/supports-hyperlinks/-/supports-hyperlinks-2.3.0.tgz",
+      "integrity": "sha512-RpsAZlpWcDwOPQA22aCH4J0t7L8JmAvsCxfOSEwm7cQs3LshN36QaTkwd70DnBOXDWGssw2eUoc8CaRWT0XunA==",
+      "dependencies": {
+        "has-flag": "^4.0.0",
+        "supports-color": "^7.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/supports-hyperlinks/node_modules/supports-color": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
+      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
+      "dependencies": {
+        "has-flag": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/swagger2openapi": {
+      "version": "7.0.8",
+      "resolved": "https://registry.npmjs.org/swagger2openapi/-/swagger2openapi-7.0.8.tgz",
+      "integrity": "sha512-upi/0ZGkYgEcLeGieoz8gT74oWHA0E7JivX7aN9mAf+Tc7BQoRBvnIGHoPDw+f9TXTW4s6kGYCZJtauP6OYp7g==",
+      "dependencies": {
+        "call-me-maybe": "^1.0.1",
+        "node-fetch": "^2.6.1",
+        "node-fetch-h2": "^2.3.0",
+        "node-readfiles": "^0.2.0",
+        "oas-kit-common": "^1.0.8",
+        "oas-resolver": "^2.5.6",
+        "oas-schema-walker": "^1.1.5",
+        "oas-validator": "^5.0.8",
+        "reftools": "^1.1.9",
+        "yaml": "^1.10.0",
+        "yargs": "^17.0.1"
+      },
+      "bin": {
+        "boast": "boast.js",
+        "oas-validate": "oas-validate.js",
+        "swagger2openapi": "swagger2openapi.js"
+      },
+      "funding": {
+        "url": "https://github.com/Mermade/oas-kit?sponsor=1"
+      }
+    },
+    "node_modules/to-regex-range": {
+      "version": "5.0.1",
+      "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz",
+      "integrity": "sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==",
+      "dependencies": {
+        "is-number": "^7.0.0"
+      },
+      "engines": {
+        "node": ">=8.0"
+      }
+    },
+    "node_modules/tr46": {
+      "version": "0.0.3",
+      "resolved": "https://registry.npmjs.org/tr46/-/tr46-0.0.3.tgz",
+      "integrity": "sha512-N3WMsuqV66lT30CrXNbEjx4GEwlow3v6rr4mCcv6prnfwhS01rkgyFdjPNBYd9br7LpXV1+Emh01fHnq2Gdgrw=="
+    },
+    "node_modules/ts-node": {
+      "version": "10.9.2",
+      "resolved": "https://registry.npmjs.org/ts-node/-/ts-node-10.9.2.tgz",
+      "integrity": "sha512-f0FFpIdcHgn8zcPSbf1dRevwt047YMnaiJM3u2w2RewrB+fob/zePZcrOyQoLMMO7aBIddLcQIEK5dYjkLnGrQ==",
+      "dependencies": {
+        "@cspotcode/source-map-support": "^0.8.0",
+        "@tsconfig/node10": "^1.0.7",
+        "@tsconfig/node12": "^1.0.7",
+        "@tsconfig/node14": "^1.0.0",
+        "@tsconfig/node16": "^1.0.2",
+        "acorn": "^8.4.1",
+        "acorn-walk": "^8.1.1",
+        "arg": "^4.1.0",
+        "create-require": "^1.1.0",
+        "diff": "^4.0.1",
+        "make-error": "^1.1.1",
+        "v8-compile-cache-lib": "^3.0.1",
+        "yn": "3.1.1"
+      },
+      "bin": {
+        "ts-node": "dist/bin.js",
+        "ts-node-cwd": "dist/bin-cwd.js",
+        "ts-node-esm": "dist/bin-esm.js",
+        "ts-node-script": "dist/bin-script.js",
+        "ts-node-transpile-only": "dist/bin-transpile.js",
+        "ts-script": "dist/bin-script-deprecated.js"
+      },
+      "peerDependencies": {
+        "@swc/core": ">=1.2.50",
+        "@swc/wasm": ">=1.2.50",
+        "@types/node": "*",
+        "typescript": ">=2.7"
+      },
+      "peerDependenciesMeta": {
+        "@swc/core": {
+          "optional": true
+        },
+        "@swc/wasm": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/tslib": {
+      "version": "2.8.0",
+      "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.8.0.tgz",
+      "integrity": "sha512-jWVzBLplnCmoaTr13V9dYbiQ99wvZRd0vNWaDRg+aVYRcjDF3nDksxFDE/+fkXnKhpnUUkmx5pK/v8mCtLVqZA=="
+    },
+    "node_modules/type-check": {
+      "version": "0.3.2",
+      "resolved": "https://registry.npmjs.org/type-check/-/type-check-0.3.2.tgz",
+      "integrity": "sha512-ZCmOJdvOWDBYJlzAoFkC+Q0+bUyEOS1ltgp1MGU03fqHG+dbi9tBFU2Rd9QKiDZFAYrhPh2JUf7rZRIuHRKtOg==",
+      "dependencies": {
+        "prelude-ls": "~1.1.2"
+      },
+      "engines": {
+        "node": ">= 0.8.0"
+      }
+    },
+    "node_modules/type-fest": {
+      "version": "0.21.3",
+      "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-0.21.3.tgz",
+      "integrity": "sha512-t0rzBq87m3fVcduHDUFhKmyyX+9eo6WQjZvf51Ea/M0Q7+T374Jp1aUiyUl0GKxp8M/OETVHSDvmkyPgvX+X2w==",
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/typed-array-buffer": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/typed-array-buffer/-/typed-array-buffer-1.0.2.tgz",
+      "integrity": "sha512-gEymJYKZtKXzzBzM4jqa9w6Q1Jjm7x2d+sh19AdsD4wqnMPDYyvwpsIc2Q/835kHuo3BEQ7CjelGhfTsoBb2MQ==",
+      "dependencies": {
+        "call-bind": "^1.0.7",
+        "es-errors": "^1.3.0",
+        "is-typed-array": "^1.1.13"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
+    "node_modules/typed-array-byte-length": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/typed-array-byte-length/-/typed-array-byte-length-1.0.1.tgz",
+      "integrity": "sha512-3iMJ9q0ao7WE9tWcaYKIptkNBuOIcZCCT0d4MRvuuH88fEoEH62IuQe0OtraD3ebQEoTRk8XCBoknUNc1Y67pw==",
+      "dependencies": {
+        "call-bind": "^1.0.7",
+        "for-each": "^0.3.3",
+        "gopd": "^1.0.1",
+        "has-proto": "^1.0.3",
+        "is-typed-array": "^1.1.13"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/typed-array-byte-offset": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/typed-array-byte-offset/-/typed-array-byte-offset-1.0.2.tgz",
+      "integrity": "sha512-Ous0vodHa56FviZucS2E63zkgtgrACj7omjwd/8lTEMEPFFyjfixMZ1ZXenpgCFBBt4EC1J2XsyVS2gkG0eTFA==",
+      "dependencies": {
+        "available-typed-arrays": "^1.0.7",
+        "call-bind": "^1.0.7",
+        "for-each": "^0.3.3",
+        "gopd": "^1.0.1",
+        "has-proto": "^1.0.3",
+        "is-typed-array": "^1.1.13"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/typed-array-length": {
+      "version": "1.0.6",
+      "resolved": "https://registry.npmjs.org/typed-array-length/-/typed-array-length-1.0.6.tgz",
+      "integrity": "sha512-/OxDN6OtAk5KBpGb28T+HZc2M+ADtvRxXrKKbUwtsLgdoxgX13hyy7ek6bFRl5+aBs2yZzB0c4CnQfAtVypW/g==",
+      "dependencies": {
+        "call-bind": "^1.0.7",
+        "for-each": "^0.3.3",
+        "gopd": "^1.0.1",
+        "has-proto": "^1.0.3",
+        "is-typed-array": "^1.1.13",
+        "possible-typed-array-names": "^1.0.0"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/typescript": {
+      "version": "5.6.3",
+      "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.6.3.tgz",
+      "integrity": "sha512-hjcS1mhfuyi4WW8IWtjP7brDrG2cuDZukyrYrSauoXGNgx0S7zceP07adYkJycEr56BOUTNPzbInooiN3fn1qw==",
+      "peer": true,
+      "bin": {
+        "tsc": "bin/tsc",
+        "tsserver": "bin/tsserver"
+      },
+      "engines": {
+        "node": ">=14.17"
+      }
+    },
+    "node_modules/uglify-js": {
+      "version": "3.19.3",
+      "resolved": "https://registry.npmjs.org/uglify-js/-/uglify-js-3.19.3.tgz",
+      "integrity": "sha512-v3Xu+yuwBXisp6QYTcH4UbH+xYJXqnq2m/LtQVWKWzYc1iehYnLixoQDN9FH6/j9/oybfd6W9Ghwkl8+UMKTKQ==",
+      "optional": true,
+      "bin": {
+        "uglifyjs": "bin/uglifyjs"
+      },
+      "engines": {
+        "node": ">=0.8.0"
+      }
+    },
+    "node_modules/unbox-primitive": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/unbox-primitive/-/unbox-primitive-1.0.2.tgz",
+      "integrity": "sha512-61pPlCD9h51VoreyJ0BReideM3MDKMKnh6+V9L08331ipq6Q8OFXZYiqP6n/tbHx4s5I9uRhcye6BrbkizkBDw==",
+      "dependencies": {
+        "call-bind": "^1.0.2",
+        "has-bigints": "^1.0.2",
+        "has-symbols": "^1.0.3",
+        "which-boxed-primitive": "^1.0.2"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/underscore": {
+      "version": "1.12.1",
+      "resolved": "https://registry.npmjs.org/underscore/-/underscore-1.12.1.tgz",
+      "integrity": "sha512-hEQt0+ZLDVUMhebKxL4x1BTtDY7bavVofhZ9KZ4aI26X9SRaE+Y3m83XUL1UP2jn8ynjndwCCpEHdUG+9pP1Tw=="
+    },
+    "node_modules/undici": {
+      "version": "6.20.1",
+      "resolved": "https://registry.npmjs.org/undici/-/undici-6.20.1.tgz",
+      "integrity": "sha512-AjQF1QsmqfJys+LXfGTNum+qw4S88CojRInG/6t31W/1fk6G59s92bnAvGz5Cmur+kQv2SURXEvvudLmbrE8QA==",
+      "peer": true,
+      "engines": {
+        "node": ">=18.17"
+      }
+    },
+    "node_modules/undici-types": {
+      "version": "6.19.8",
+      "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-6.19.8.tgz",
+      "integrity": "sha512-ve2KP6f/JnbPBFyobGHuerC9g1FYGn/F8n1LWTwNxCEzd6IfqTwUQcNXgEtmmQ6DlRrC1hrSrBnCZPokRrDHjw=="
+    },
+    "node_modules/universalify": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/universalify/-/universalify-2.0.1.tgz",
+      "integrity": "sha512-gptHNQghINnc/vTGIk0SOFGFNXw7JVrlRUtConJRlvaw6DuX0wO5Jeko9sWrMBhh+PsYAZ7oXAiOnf/UKogyiw==",
+      "engines": {
+        "node": ">= 10.0.0"
+      }
+    },
+    "node_modules/uri-js-replace": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/uri-js-replace/-/uri-js-replace-1.0.1.tgz",
+      "integrity": "sha512-W+C9NWNLFOoBI2QWDp4UT9pv65r2w5Cx+3sTYFvtMdDBxkKt1syCqsUdSFAChbEe1uK5TfS04wt/nGwmaeIQ0g=="
+    },
+    "node_modules/url-template": {
+      "version": "2.0.8",
+      "resolved": "https://registry.npmjs.org/url-template/-/url-template-2.0.8.tgz",
+      "integrity": "sha512-XdVKMF4SJ0nP/O7XIPB0JwAEuT9lDIYnNsK8yGVe43y0AWoKeJNdv3ZNWh7ksJ6KqQFjOO6ox/VEitLnaVNufw=="
+    },
+    "node_modules/use-sync-external-store": {
+      "version": "1.2.2",
+      "resolved": "https://registry.npmjs.org/use-sync-external-store/-/use-sync-external-store-1.2.2.tgz",
+      "integrity": "sha512-PElTlVMwpblvbNqQ82d2n6RjStvdSoNe9FG28kNfz3WiXilJm4DdNkEzRhCZuIDwY8U08WVihhGR5iRqAwfDiw==",
+      "peerDependencies": {
+        "react": "^16.8.0 || ^17.0.0 || ^18.0.0"
+      }
+    },
+    "node_modules/util-deprecate": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz",
+      "integrity": "sha512-EPD5q1uXyFxJpCrLnCc1nHnq3gOa6DZBocAIiI2TaSCA7VCJ1UJDMagCzIkXNsUYfD1daK//LTEQ8xiIbrHtcw=="
+    },
+    "node_modules/utility-types": {
+      "version": "3.11.0",
+      "resolved": "https://registry.npmjs.org/utility-types/-/utility-types-3.11.0.tgz",
+      "integrity": "sha512-6Z7Ma2aVEWisaL6TvBCy7P8rm2LQoPv6dJ7ecIaIixHcwfbJ0x7mWdbcwlIM5IGQxPZSFYeqRCqlOOeKoJYMkw==",
+      "engines": {
+        "node": ">= 4"
+      }
+    },
+    "node_modules/v8-compile-cache-lib": {
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/v8-compile-cache-lib/-/v8-compile-cache-lib-3.0.1.tgz",
+      "integrity": "sha512-wa7YjyUGfNZngI/vtK0UHAN+lgDCxBPCylVXGp0zu59Fz5aiGtNXaq3DhIov063MorB+VfufLh3JlF2KdTK3xg=="
+    },
+    "node_modules/webidl-conversions": {
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-3.0.1.tgz",
+      "integrity": "sha512-2JAn3z8AR6rjK8Sm8orRC0h/bcl/DqL7tRPdGZ4I1CjdF+EaMLmYxBHyXuKL849eucPFhvBoxMsflfOb8kxaeQ=="
+    },
+    "node_modules/whatwg-encoding": {
+      "version": "3.1.1",
+      "resolved": "https://registry.npmjs.org/whatwg-encoding/-/whatwg-encoding-3.1.1.tgz",
+      "integrity": "sha512-6qN4hJdMwfYBtE3YBTTHhoeuUrDBPZmbQaxWAqSALV/MeEnR5z1xd8UKud2RAkFoPkmB+hli1TZSnyi84xz1vQ==",
+      "peer": true,
+      "dependencies": {
+        "iconv-lite": "0.6.3"
+      },
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/whatwg-mimetype": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/whatwg-mimetype/-/whatwg-mimetype-4.0.0.tgz",
+      "integrity": "sha512-QaKxh0eNIi2mE9p2vEdzfagOKHCcj1pJ56EEHGQOVxp8r9/iszLUUV7v89x9O1p/T+NlTM5W7jW6+cz4Fq1YVg==",
+      "peer": true,
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/whatwg-url": {
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-5.0.0.tgz",
+      "integrity": "sha512-saE57nupxk6v3HY35+jzBwYa0rKSy0XR8JSxZPwgLr7ys0IBzhGviA1/TUGJLmSVqs8pb9AnvICXEuOHLprYTw==",
+      "dependencies": {
+        "tr46": "~0.0.3",
+        "webidl-conversions": "^3.0.0"
+      }
+    },
+    "node_modules/which": {
+      "version": "2.0.2",
+      "resolved": "https://registry.npmjs.org/which/-/which-2.0.2.tgz",
+      "integrity": "sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA==",
+      "dependencies": {
+        "isexe": "^2.0.0"
+      },
+      "bin": {
+        "node-which": "bin/node-which"
+      },
+      "engines": {
+        "node": ">= 8"
+      }
+    },
+    "node_modules/which-boxed-primitive": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/which-boxed-primitive/-/which-boxed-primitive-1.0.2.tgz",
+      "integrity": "sha512-bwZdv0AKLpplFY2KZRX6TvyuN7ojjr7lwkg6ml0roIy9YeuSr7JS372qlNW18UQYzgYK9ziGcerWqZOmEn9VNg==",
+      "dependencies": {
+        "is-bigint": "^1.0.1",
+        "is-boolean-object": "^1.1.0",
+        "is-number-object": "^1.0.4",
+        "is-string": "^1.0.5",
+        "is-symbol": "^1.0.3"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/which-typed-array": {
+      "version": "1.1.15",
+      "resolved": "https://registry.npmjs.org/which-typed-array/-/which-typed-array-1.1.15.tgz",
+      "integrity": "sha512-oV0jmFtUky6CXfkqehVvBP/LSWJ2sy4vWMioiENyJLePrBO/yKyV9OyJySfAKosh+RYkIl5zJCNZ8/4JncrpdA==",
+      "dependencies": {
+        "available-typed-arrays": "^1.0.7",
+        "call-bind": "^1.0.7",
+        "for-each": "^0.3.3",
+        "gopd": "^1.0.1",
+        "has-tostringtag": "^1.0.2"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/widest-line": {
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/widest-line/-/widest-line-3.1.0.tgz",
+      "integrity": "sha512-NsmoXalsWVDMGupxZ5R08ka9flZjjiLvHVAWYOKtiKM8ujtZWr9cRffak+uSE48+Ob8ObalXpwyeUiyDD6QFgg==",
+      "dependencies": {
+        "string-width": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/word-wrap": {
+      "version": "1.2.5",
+      "resolved": "https://registry.npmjs.org/word-wrap/-/word-wrap-1.2.5.tgz",
+      "integrity": "sha512-BN22B5eaMMI9UMtjrGd5g5eCYPpCPDUy0FJXbYsaT5zYxjFOckS53SQDE3pWkVoWpHXVb3BrYcEN4Twa55B5cA==",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/wordwrap": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/wordwrap/-/wordwrap-1.0.0.tgz",
+      "integrity": "sha512-gvVzJFlPycKc5dZN4yPkP8w7Dc37BtP1yczEneOb4uq34pXZcvrtRTmWV8W+Ume+XCxKgbjM+nevkyFPMybd4Q=="
+    },
+    "node_modules/wrap-ansi": {
+      "version": "7.0.0",
+      "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz",
+      "integrity": "sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==",
+      "dependencies": {
+        "ansi-styles": "^4.0.0",
+        "string-width": "^4.1.0",
+        "strip-ansi": "^6.0.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/wrap-ansi?sponsor=1"
+      }
+    },
+    "node_modules/wrappy": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz",
+      "integrity": "sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ=="
+    },
+    "node_modules/ws": {
+      "version": "7.5.10",
+      "resolved": "https://registry.npmjs.org/ws/-/ws-7.5.10.tgz",
+      "integrity": "sha512-+dbF1tHwZpXcbOJdVOkzLDxZP1ailvSxM6ZweXTegylPny803bFhA+vqBYw4s31NSAk4S2Qz+AKXK9a4wkdjcQ==",
+      "engines": {
+        "node": ">=8.3.0"
+      },
+      "peerDependencies": {
+        "bufferutil": "^4.0.1",
+        "utf-8-validate": "^5.0.2"
+      },
+      "peerDependenciesMeta": {
+        "bufferutil": {
+          "optional": true
+        },
+        "utf-8-validate": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/y18n": {
+      "version": "5.0.8",
+      "resolved": "https://registry.npmjs.org/y18n/-/y18n-5.0.8.tgz",
+      "integrity": "sha512-0pfFzegeDWJHJIAmTLRP2DwHjdF5s7jo9tuztdQxAhINCdvS+3nGINqPd00AphqJR/0LhANUS6/+7SCb98YOfA==",
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/yaml": {
+      "version": "1.10.2",
+      "resolved": "https://registry.npmjs.org/yaml/-/yaml-1.10.2.tgz",
+      "integrity": "sha512-r3vXyErRCYJ7wg28yvBY5VSoAF8ZvlcW9/BwUzEtUsjvX/DKs24dIkuwjtuprwJJHsbyUbLApepYTR1BN4uHrg==",
+      "engines": {
+        "node": ">= 6"
+      }
+    },
+    "node_modules/yaml-ast-parser": {
+      "version": "0.0.43",
+      "resolved": "https://registry.npmjs.org/yaml-ast-parser/-/yaml-ast-parser-0.0.43.tgz",
+      "integrity": "sha512-2PTINUwsRqSd+s8XxKaJWQlUuEMHJQyEuh2edBbW8KNJz0SJPwUSD2zRWqezFEdN7IzAgeuYHFUCF7o8zRdZ0A=="
+    },
+    "node_modules/yargs": {
+      "version": "17.0.1",
+      "resolved": "https://registry.npmjs.org/yargs/-/yargs-17.0.1.tgz",
+      "integrity": "sha512-xBBulfCc8Y6gLFcrPvtqKz9hz8SO0l1Ni8GgDekvBX2ro0HRQImDGnikfc33cgzcYUSncapnNcZDjVFIH3f6KQ==",
+      "dependencies": {
+        "cliui": "^7.0.2",
+        "escalade": "^3.1.1",
+        "get-caller-file": "^2.0.5",
+        "require-directory": "^2.1.1",
+        "string-width": "^4.2.0",
+        "y18n": "^5.0.5",
+        "yargs-parser": "^20.2.2"
+      },
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/yargs-parser": {
+      "version": "20.2.9",
+      "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-20.2.9.tgz",
+      "integrity": "sha512-y11nGElTIV+CT3Zv9t7VKl+Q3hTQoT9a1Qzezhhl6Rp21gJ/IVTW7Z3y9EWXhuUBC2Shnf+DX0antecpAwSP8w==",
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/yn": {
+      "version": "3.1.1",
+      "resolved": "https://registry.npmjs.org/yn/-/yn-3.1.1.tgz",
+      "integrity": "sha512-Ux4ygGWsu2c7isFWe8Yu1YluJmqVhxqK2cLXNQA5AcC3QfbGNpM7fu0Y8b/z16pXLnFxZYvWhd3fhBY9DLmC6Q==",
+      "engines": {
+        "node": ">=6"
+      }
+    }
+  }
+}
diff --git a/oas_docs/package.json b/oas_docs/package.json
new file mode 100644
index 0000000000000..d007a9881acad
--- /dev/null
+++ b/oas_docs/package.json
@@ -0,0 +1,19 @@
+{
+  "name": "oas_docs",
+  "version": "1.0.0",
+  "description": "Documentation about our OpenAPI bundling workflow and configuration. See Kibana's hosted [stateful](https://www.elastic.co/docs/api/doc/kibana) and [serverless](https://www.elastic.co/docs/api/doc/serverless) docs.",
+  "main": "index.js",
+  "directories": {
+    "example": "examples"
+  },
+  "dependencies": {
+    "bump-cli": "^2.8.4",
+    "@redocly/cli": "^1.25.7"
+  },
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "keywords": [],
+  "author": "",
+  "license": "ISC"
+}
diff --git a/package.json b/package.json
index 87905c955d2d8..fb6b8b093560c 100644
--- a/package.json
+++ b/package.json
@@ -567,6 +567,7 @@
     "@kbn/i18n-react": "link:packages/kbn-i18n-react",
     "@kbn/iframe-embedded-plugin": "link:x-pack/test/functional_embedded/plugins/iframe_embedded",
     "@kbn/image-embeddable-plugin": "link:src/plugins/image_embeddable",
+    "@kbn/index-adapter": "link:packages/kbn-index-adapter",
     "@kbn/index-lifecycle-management-common-shared": "link:x-pack/packages/index-lifecycle-management/index_lifecycle_management_common_shared",
     "@kbn/index-lifecycle-management-plugin": "link:x-pack/plugins/index_lifecycle_management",
     "@kbn/index-management-plugin": "link:x-pack/plugins/index_management",
@@ -701,7 +702,9 @@
     "@kbn/observability-plugin": "link:x-pack/plugins/observability_solution/observability",
     "@kbn/observability-shared-plugin": "link:x-pack/plugins/observability_solution/observability_shared",
     "@kbn/observability-synthetics-test-data": "link:x-pack/packages/observability/synthetics_test_data",
-    "@kbn/observability-utils": "link:x-pack/packages/observability/observability_utils",
+    "@kbn/observability-utils-browser": "link:x-pack/packages/observability/observability_utils/observability_utils_browser",
+    "@kbn/observability-utils-common": "link:x-pack/packages/observability/observability_utils/observability_utils_common",
+    "@kbn/observability-utils-server": "link:x-pack/packages/observability/observability_utils/observability_utils_server",
     "@kbn/oidc-provider-plugin": "link:x-pack/test/security_api_integration/plugins/oidc_provider",
     "@kbn/open-telemetry-instrumented-plugin": "link:test/common/plugins/otel_metrics",
     "@kbn/openapi-common": "link:packages/kbn-openapi-common",
@@ -928,6 +931,7 @@
     "@kbn/status-plugin-a-plugin": "link:test/server_integration/plugins/status_plugin_a",
     "@kbn/status-plugin-b-plugin": "link:test/server_integration/plugins/status_plugin_b",
     "@kbn/std": "link:packages/kbn-std",
+    "@kbn/streams-plugin": "link:x-pack/plugins/streams",
     "@kbn/synthetics-plugin": "link:x-pack/plugins/observability_solution/synthetics",
     "@kbn/synthetics-private-location": "link:x-pack/packages/kbn-synthetics-private-location",
     "@kbn/task-manager-fixture-plugin": "link:x-pack/test/alerting_api_integration/common/plugins/task_manager_fixture",
diff --git a/packages/kbn-apm-synthtrace-client/src/lib/entities/kubernetes/index.ts b/packages/kbn-apm-synthtrace-client/src/lib/entities/kubernetes/index.ts
index db95dcf4155bc..6da1decaab9ab 100644
--- a/packages/kbn-apm-synthtrace-client/src/lib/entities/kubernetes/index.ts
+++ b/packages/kbn-apm-synthtrace-client/src/lib/entities/kubernetes/index.ts
@@ -58,6 +58,8 @@ export class K8sEntity extends Serializable<EntityFields> {
       'entity.definition_id': `builtin_${entityTypeWithSchema}`,
       'entity.identity_fields': identityFields,
       'entity.display_name': getDisplayName({ identityFields, fields }),
+      'entity.definition_version': '1.0.0',
+      'entity.schema_version': '1.0',
     });
   }
 }
diff --git a/packages/kbn-apm-utils/index.ts b/packages/kbn-apm-utils/index.ts
index 7ada02fe8173e..4d551c3b9f037 100644
--- a/packages/kbn-apm-utils/index.ts
+++ b/packages/kbn-apm-utils/index.ts
@@ -7,7 +7,7 @@
  * License v3.0 only", or the "Server Side Public License, v 1".
  */
 
-import agent from 'elastic-apm-node';
+import agent, { Logger } from 'elastic-apm-node';
 import asyncHooks from 'async_hooks';
 
 export interface SpanOptions {
@@ -34,14 +34,48 @@ const runInNewContext = <T extends (...args: any[]) => any>(cb: T): ReturnType<T
 
 export async function withSpan<T>(
   optionsOrName: SpanOptions | string,
-  cb: (span?: Span) => Promise<T>
+  cb: (span?: Span) => Promise<T>,
+  logger?: Logger
 ): Promise<T> {
   const options = parseSpanOptions(optionsOrName);
 
   const { name, type, subtype, labels, intercept } = options;
 
+  let time: number | undefined;
+  if (logger?.isLevelEnabled('debug')) {
+    time = performance.now();
+  }
+
+  function logTook(failed: boolean) {
+    if (time) {
+      logger?.debug(
+        () =>
+          `Operation ${name}${failed ? ` (failed)` : ''} ${
+            Math.round(performance.now() - time!) / 1000
+          }s`
+      );
+    }
+  }
+
+  const withLogTook = [
+    <TR>(res: TR): TR | Promise<TR> => {
+      logTook(false);
+      return res;
+    },
+    (err: any): never => {
+      logTook(true);
+      throw err;
+    },
+  ];
+
   if (!agent.isStarted()) {
-    return cb();
+    const promise = cb();
+    // make sure tests that mock out the callback with a sync
+    // function don't fail.
+    if (typeof promise === 'object' && 'then' in promise) {
+      return promise.then(...withLogTook);
+    }
+    return promise;
   }
 
   let createdSpan: Span | undefined;
@@ -57,7 +91,7 @@ export async function withSpan<T>(
     createdSpan = agent.startSpan(name) ?? undefined;
 
     if (!createdSpan) {
-      return cb();
+      return cb().then(...withLogTook);
     }
   }
 
@@ -76,7 +110,7 @@ export async function withSpan<T>(
     }
 
     if (!span) {
-      return promise;
+      return promise.then(...withLogTook);
     }
 
     const targetedSpan = span;
@@ -98,6 +132,7 @@ export async function withSpan<T>(
     }
 
     return promise
+      .then(...withLogTook)
       .then((res) => {
         if (!targetedSpan.outcome || targetedSpan.outcome === 'unknown') {
           targetedSpan.outcome = 'success';
diff --git a/packages/kbn-code-owners/src/file_code_owner.ts b/packages/kbn-code-owners/src/file_code_owner.ts
index 1f98d50c4bacc..a7812a6121d90 100644
--- a/packages/kbn-code-owners/src/file_code_owner.ts
+++ b/packages/kbn-code-owners/src/file_code_owner.ts
@@ -39,7 +39,9 @@ export function getPathsWithOwnersReversed(): PathWithOwners[] {
   const codeownersLines = codeownersContent.split(/\r?\n/);
   const codeowners = codeownersLines
     .map((line) => line.trim())
-    .filter((line) => line && line[0] !== '#');
+    .filter((line) => line && line[0] !== '#')
+    // kibanamachine is an assignment override on backport branches to avoid review requests
+    .filter((line) => line && !line.includes('@kibanamachine'));
 
   const pathsWithOwners: PathWithOwners[] = codeowners.map((c) => {
     const [path, ...ghTeams] = c.split(/\s+/);
diff --git a/packages/kbn-data-stream-adapter/index.ts b/packages/kbn-data-stream-adapter/index.ts
index 4fd7c7ebd1572..f03a384dca1ff 100644
--- a/packages/kbn-data-stream-adapter/index.ts
+++ b/packages/kbn-data-stream-adapter/index.ts
@@ -9,13 +9,13 @@
 
 export { DataStreamAdapter } from './src/data_stream_adapter';
 export { DataStreamSpacesAdapter } from './src/data_stream_spaces_adapter';
-export { retryTransientEsErrors } from './src/retry_transient_es_errors';
-export { ecsFieldMap, type EcsFieldMap } from './src/field_maps/ecs_field_map';
 
+export { retryTransientEsErrors, ecsFieldMap } from '@kbn/index-adapter';
 export type {
-  DataStreamAdapterParams,
   SetComponentTemplateParams,
   SetIndexTemplateParams,
   InstallParams,
-} from './src/data_stream_adapter';
-export * from './src/field_maps/types';
+  EcsFieldMap,
+} from '@kbn/index-adapter';
+
+export * from '@kbn/index-adapter/src/field_maps/types';
diff --git a/packages/kbn-data-stream-adapter/kibana.jsonc b/packages/kbn-data-stream-adapter/kibana.jsonc
index 99cbb458a8517..43317dca0b91e 100644
--- a/packages/kbn-data-stream-adapter/kibana.jsonc
+++ b/packages/kbn-data-stream-adapter/kibana.jsonc
@@ -1,5 +1,6 @@
 {
-  "type": "shared-common",
+  "type": "shared-server",
   "id": "@kbn/data-stream-adapter",
-  "owner": "@elastic/security-threat-hunting-explore"
+  "owner": "@elastic/security-threat-hunting",
+  "visibility": "shared"
 }
diff --git a/packages/kbn-data-stream-adapter/src/create_or_update_data_stream.test.ts b/packages/kbn-data-stream-adapter/src/create_or_update_data_stream.test.ts
index 97ca06b04ac83..e2141d4afb740 100644
--- a/packages/kbn-data-stream-adapter/src/create_or_update_data_stream.test.ts
+++ b/packages/kbn-data-stream-adapter/src/create_or_update_data_stream.test.ts
@@ -136,10 +136,11 @@ describe('createOrUpdateDataStream', () => {
   it(`should create data stream if not exists`, async () => {
     esClient.indices.getDataStream.mockResolvedValueOnce({ data_streams: [] });
 
-    await createDataStream({
+    await createOrUpdateDataStream({
       esClient,
       logger,
       name,
+      totalFieldsLimit,
     });
 
     expect(esClient.indices.createDataStream).toHaveBeenCalledWith({ name });
diff --git a/packages/kbn-data-stream-adapter/src/create_or_update_data_stream.ts b/packages/kbn-data-stream-adapter/src/create_or_update_data_stream.ts
index 791c99c6e3809..2b0fba3fb0ac0 100644
--- a/packages/kbn-data-stream-adapter/src/create_or_update_data_stream.ts
+++ b/packages/kbn-data-stream-adapter/src/create_or_update_data_stream.ts
@@ -11,7 +11,7 @@ import type { IndicesDataStream } from '@elastic/elasticsearch/lib/api/types';
 import type { IndicesSimulateIndexTemplateResponse } from '@elastic/elasticsearch/lib/api/typesWithBodyKey';
 import type { Logger, ElasticsearchClient } from '@kbn/core/server';
 import { get } from 'lodash';
-import { retryTransientEsErrors } from './retry_transient_es_errors';
+import { retryTransientEsErrors } from '@kbn/index-adapter';
 
 interface UpdateIndexMappingsOpts {
   logger: Logger;
@@ -168,7 +168,7 @@ export async function createDataStream({
   esClient,
   name,
 }: CreateDataStreamParams): Promise<void> {
-  logger.info(`Creating data stream - ${name}`);
+  logger.debug(`Checking data stream exists - ${name}`);
 
   // check if data stream exists
   let dataStreamExists = false;
@@ -189,6 +189,7 @@ export async function createDataStream({
   if (dataStreamExists) {
     return;
   }
+  logger.info(`Installing data stream - ${name}`);
 
   try {
     await retryTransientEsErrors(() => esClient.indices.createDataStream({ name }), { logger });
diff --git a/packages/kbn-data-stream-adapter/src/data_stream_adapter.ts b/packages/kbn-data-stream-adapter/src/data_stream_adapter.ts
index 6843c181b2638..f54ed81312d75 100644
--- a/packages/kbn-data-stream-adapter/src/data_stream_adapter.ts
+++ b/packages/kbn-data-stream-adapter/src/data_stream_adapter.ts
@@ -7,145 +7,22 @@
  * License v3.0 only", or the "Server Side Public License, v 1".
  */
 
-import type {
-  ClusterPutComponentTemplateRequest,
-  IndicesIndexSettings,
-  IndicesPutIndexTemplateIndexTemplateMapping,
-  IndicesPutIndexTemplateRequest,
-} from '@elastic/elasticsearch/lib/api/types';
-import type { Logger, ElasticsearchClient } from '@kbn/core/server';
-import type { Subject } from 'rxjs';
-import type { FieldMap } from './field_maps/types';
-import { createOrUpdateComponentTemplate } from './create_or_update_component_template';
+import { IndexAdapter, SetIndexTemplateParams, type InstallParams } from '@kbn/index-adapter';
 import { createOrUpdateDataStream } from './create_or_update_data_stream';
-import { createOrUpdateIndexTemplate } from './create_or_update_index_template';
-import { InstallShutdownError, installWithTimeout } from './install_with_timeout';
-import { getComponentTemplate, getIndexTemplate } from './resource_installer_utils';
-
-export interface DataStreamAdapterParams {
-  kibanaVersion: string;
-  totalFieldsLimit?: number;
-}
-export interface SetComponentTemplateParams {
-  name: string;
-  fieldMap: FieldMap;
-  settings?: IndicesIndexSettings;
-  dynamic?: 'strict' | boolean;
-}
-export interface SetIndexTemplateParams {
-  name: string;
-  componentTemplateRefs?: string[];
-  namespace?: string;
-  template?: IndicesPutIndexTemplateIndexTemplateMapping;
-  hidden?: boolean;
-}
-
-export interface GetInstallFnParams {
-  logger: Logger;
-  pluginStop$: Subject<void>;
-  tasksTimeoutMs?: number;
-}
-export interface InstallParams {
-  logger: Logger;
-  esClient: ElasticsearchClient | Promise<ElasticsearchClient>;
-  pluginStop$: Subject<void>;
-  tasksTimeoutMs?: number;
-}
-
-const DEFAULT_FIELDS_LIMIT = 2500;
-
-export class DataStreamAdapter {
-  protected readonly kibanaVersion: string;
-  protected readonly totalFieldsLimit: number;
-  protected componentTemplates: ClusterPutComponentTemplateRequest[] = [];
-  protected indexTemplates: IndicesPutIndexTemplateRequest[] = [];
-  protected installed: boolean;
-
-  constructor(protected readonly name: string, options: DataStreamAdapterParams) {
-    this.installed = false;
-    this.kibanaVersion = options.kibanaVersion;
-    this.totalFieldsLimit = options.totalFieldsLimit ?? DEFAULT_FIELDS_LIMIT;
-  }
-
-  public setComponentTemplate(params: SetComponentTemplateParams) {
-    if (this.installed) {
-      throw new Error('Cannot set component template after install');
-    }
-    this.componentTemplates.push(getComponentTemplate(params));
-  }
 
+export class DataStreamAdapter extends IndexAdapter {
   public setIndexTemplate(params: SetIndexTemplateParams) {
-    if (this.installed) {
-      throw new Error('Cannot set index template after install');
-    }
-    this.indexTemplates.push(
-      getIndexTemplate({
-        ...params,
-        indexPatterns: [this.name],
-        kibanaVersion: this.kibanaVersion,
-        totalFieldsLimit: this.totalFieldsLimit,
-      })
-    );
-  }
-
-  protected getInstallFn({ logger, pluginStop$, tasksTimeoutMs }: GetInstallFnParams) {
-    return async (promise: Promise<void>, description?: string): Promise<void> => {
-      try {
-        await installWithTimeout({
-          installFn: () => promise,
-          description,
-          timeoutMs: tasksTimeoutMs,
-          pluginStop$,
-        });
-      } catch (err) {
-        if (err instanceof InstallShutdownError) {
-          logger.info(err.message);
-        } else {
-          throw err;
-        }
-      }
-    };
+    super.setIndexTemplate({ ...params, isDataStream: true });
   }
 
-  public async install({
-    logger,
-    esClient: esClientToResolve,
-    pluginStop$,
-    tasksTimeoutMs,
-  }: InstallParams) {
+  public async install(params: InstallParams) {
     this.installed = true;
+    const { logger, pluginStop$, tasksTimeoutMs } = params;
+    const esClient = await params.esClient;
 
-    const esClient = await esClientToResolve;
-    const installFn = this.getInstallFn({ logger, pluginStop$, tasksTimeoutMs });
-
-    // Install component templates in parallel
-    await Promise.all(
-      this.componentTemplates.map((componentTemplate) =>
-        installFn(
-          createOrUpdateComponentTemplate({
-            template: componentTemplate,
-            esClient,
-            logger,
-            totalFieldsLimit: this.totalFieldsLimit,
-          }),
-          `${componentTemplate.name} component template`
-        )
-      )
-    );
+    await this.installTemplates(params);
 
-    // Install index templates in parallel
-    await Promise.all(
-      this.indexTemplates.map((indexTemplate) =>
-        installFn(
-          createOrUpdateIndexTemplate({
-            template: indexTemplate,
-            esClient,
-            logger,
-          }),
-          `${indexTemplate.name} index template`
-        )
-      )
-    );
+    const installFn = this.getInstallFn({ logger, pluginStop$, tasksTimeoutMs });
 
     // create data stream when everything is ready
     await installFn(
diff --git a/packages/kbn-data-stream-adapter/src/data_stream_spaces_adapter.ts b/packages/kbn-data-stream-adapter/src/data_stream_spaces_adapter.ts
index 9ea3c1a4a311f..df131920b7bf9 100644
--- a/packages/kbn-data-stream-adapter/src/data_stream_spaces_adapter.ts
+++ b/packages/kbn-data-stream-adapter/src/data_stream_spaces_adapter.ts
@@ -7,59 +7,26 @@
  * License v3.0 only", or the "Server Side Public License, v 1".
  */
 
-import { createOrUpdateComponentTemplate } from './create_or_update_component_template';
-import { createDataStream, updateDataStreams } from './create_or_update_data_stream';
-import { createOrUpdateIndexTemplate } from './create_or_update_index_template';
 import {
-  DataStreamAdapter,
-  type DataStreamAdapterParams,
+  IndexPatternAdapter,
+  type SetIndexTemplateParams,
   type InstallParams,
-} from './data_stream_adapter';
-
-export class DataStreamSpacesAdapter extends DataStreamAdapter {
-  private installedSpaceDataStreamName: Map<string, Promise<string>>;
-  private _installSpace?: (spaceId: string) => Promise<string>;
+  type InstallIndex,
+} from '@kbn/index-adapter';
+import { createDataStream, updateDataStreams } from './create_or_update_data_stream';
 
-  constructor(private readonly prefix: string, options: DataStreamAdapterParams) {
-    super(`${prefix}-*`, options); // make indexTemplate `indexPatterns` match all data stream space names
-    this.installedSpaceDataStreamName = new Map();
+export class DataStreamSpacesAdapter extends IndexPatternAdapter {
+  public setIndexTemplate(params: SetIndexTemplateParams) {
+    super.setIndexTemplate({ ...params, isDataStream: true });
   }
 
-  public async install({
-    logger,
-    esClient: esClientToResolve,
-    pluginStop$,
-    tasksTimeoutMs,
-  }: InstallParams) {
-    this.installed = true;
+  protected async _install(params: InstallParams): Promise<InstallIndex> {
+    const { logger, pluginStop$, tasksTimeoutMs } = params;
 
-    const esClient = await esClientToResolve;
-    const installFn = this.getInstallFn({ logger, pluginStop$, tasksTimeoutMs });
+    await this.installTemplates(params);
 
-    // Install component templates in parallel
-    await Promise.all(
-      this.componentTemplates.map((componentTemplate) =>
-        installFn(
-          createOrUpdateComponentTemplate({
-            template: componentTemplate,
-            esClient,
-            logger,
-            totalFieldsLimit: this.totalFieldsLimit,
-          }),
-          `create or update ${componentTemplate.name} component template`
-        )
-      )
-    );
-
-    // Install index templates in parallel
-    await Promise.all(
-      this.indexTemplates.map((indexTemplate) =>
-        installFn(
-          createOrUpdateIndexTemplate({ template: indexTemplate, esClient, logger }),
-          `create or update ${indexTemplate.name} index template`
-        )
-      )
-    );
+    const esClient = await params.esClient;
+    const installFn = this.getInstallFn({ logger, pluginStop$, tasksTimeoutMs });
 
     // Update existing space data streams
     await installFn(
@@ -72,31 +39,21 @@ export class DataStreamSpacesAdapter extends DataStreamAdapter {
       `update space data streams`
     );
 
-    // define function to install data stream for spaces on demand
-    this._installSpace = async (spaceId: string) => {
-      const existingInstallPromise = this.installedSpaceDataStreamName.get(spaceId);
-      if (existingInstallPromise) {
-        return existingInstallPromise;
-      }
-      const name = `${this.prefix}-${spaceId}`;
-      const installPromise = installFn(
-        createDataStream({ name, esClient, logger }),
-        `create ${name} data stream`
-      ).then(() => name);
-
-      this.installedSpaceDataStreamName.set(spaceId, installPromise);
-      return installPromise;
-    };
+    // define function to install data stream on demand
+    return async (name: string) =>
+      installFn(createDataStream({ name, esClient, logger }), `create ${name} data stream`);
   }
 
+  /**
+   * Method to create the data stream for a given space ID.
+   * It resolves with the full data stream name.
+   */
   public async installSpace(spaceId: string): Promise<string> {
-    if (!this._installSpace) {
-      throw new Error('Cannot installSpace before install');
-    }
-    return this._installSpace(spaceId);
+    await this.createIndex(spaceId);
+    return this.getIndexName(spaceId);
   }
 
   public async getInstalledSpaceName(spaceId: string): Promise<string | undefined> {
-    return this.installedSpaceDataStreamName.get(spaceId);
+    return this.getInstalledIndexName(spaceId);
   }
 }
diff --git a/packages/kbn-data-stream-adapter/tsconfig.json b/packages/kbn-data-stream-adapter/tsconfig.json
index 7eded8e71bef4..8c8bcce97fe74 100644
--- a/packages/kbn-data-stream-adapter/tsconfig.json
+++ b/packages/kbn-data-stream-adapter/tsconfig.json
@@ -5,18 +5,14 @@
     "types": [
       "jest",
       "node",
-      "react",
-      "@emotion/react/types/css-prop",
-      "@testing-library/jest-dom",
-      "@testing-library/react"
     ]
   },
-  "include": ["**/*.ts", "**/*.tsx"],
+  "include": ["**/*.ts"],
   "kbn_references": [
     "@kbn/core",
-    "@kbn/std",
-    "@kbn/safer-lodash-set",
-    "@kbn/logging-mocks",
+    "@kbn/index-adapter",
+  ],
+  "exclude": [
+    "target/**/*"
   ],
-  "exclude": ["target/**/*"]
 }
diff --git a/packages/kbn-esql-ast/src/ast/helpers.ts b/packages/kbn-esql-ast/src/ast/helpers.ts
index 74a7b5c0991e8..2520b6ffabdb2 100644
--- a/packages/kbn-esql-ast/src/ast/helpers.ts
+++ b/packages/kbn-esql-ast/src/ast/helpers.ts
@@ -14,6 +14,7 @@ import type {
   ESQLFunction,
   ESQLIntegerLiteral,
   ESQLLiteral,
+  ESQLParamLiteral,
   ESQLProperNode,
 } from '../types';
 import { BinaryExpressionGroup } from './constants';
@@ -48,6 +49,9 @@ export const isIntegerLiteral = (node: unknown): node is ESQLIntegerLiteral =>
 export const isDoubleLiteral = (node: unknown): node is ESQLIntegerLiteral =>
   isLiteral(node) && node.literalType === 'double';
 
+export const isParamLiteral = (node: unknown): node is ESQLParamLiteral =>
+  isLiteral(node) && node.literalType === 'param';
+
 export const isColumn = (node: unknown): node is ESQLColumn =>
   isProperNode(node) && node.type === 'column';
 
diff --git a/packages/kbn-esql-ast/src/mutate/README.md b/packages/kbn-esql-ast/src/mutate/README.md
index 7dfd3d77a1395..546032d248cca 100644
--- a/packages/kbn-esql-ast/src/mutate/README.md
+++ b/packages/kbn-esql-ast/src/mutate/README.md
@@ -60,3 +60,21 @@ console.log(src); // FROM index METADATA _lang, _id
     - `.remove()` &mdash; Remove a `LIMIT` command by index.
     - `.set()` &mdash; Set the limit value of a specific `LIMIT` command.
     - `.upsert()` &mdash; Insert a `LIMIT` command, or update the limit value if it already exists.
+  - `.stats`
+    - `.list()` &mdash; List all `STATS` commands.
+    - `.byIndex()` &mdash; Find a `STATS` command by index.
+    - `.summarize()` &mdash; Summarize all `STATS` commands.
+    - `.summarizeCommand()` &mdash; Summarize a specific `STATS` command.
+
+
+## Examples
+
+Extract all "new" and "used" fields from all `STATS` commands:
+
+```ts
+const query = EsqlQuery.fromSrc('FROM index | STATS a = max(b), agg(c) BY d');
+const summary = mutate.commands.stats.summarize(query);
+
+console.log(summary.newFields);     // [ 'a', '`agg(c)`' ]
+console.log(summary.usedFields);    // [ 'b', 'c', 'd' ]
+```
diff --git a/packages/kbn-esql-ast/src/mutate/commands/index.ts b/packages/kbn-esql-ast/src/mutate/commands/index.ts
index 9e2599c493459..8068aa5d3ef94 100644
--- a/packages/kbn-esql-ast/src/mutate/commands/index.ts
+++ b/packages/kbn-esql-ast/src/mutate/commands/index.ts
@@ -10,5 +10,6 @@
 import * as from from './from';
 import * as limit from './limit';
 import * as sort from './sort';
+import * as stats from './stats';
 
-export { from, limit, sort };
+export { from, limit, sort, stats };
diff --git a/packages/kbn-esql-ast/src/mutate/commands/stats/index.test.ts b/packages/kbn-esql-ast/src/mutate/commands/stats/index.test.ts
new file mode 100644
index 0000000000000..950633c3a4448
--- /dev/null
+++ b/packages/kbn-esql-ast/src/mutate/commands/stats/index.test.ts
@@ -0,0 +1,394 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the "Elastic License
+ * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side
+ * Public License v 1"; you may not use this file except in compliance with, at
+ * your election, the "Elastic License 2.0", the "GNU Affero General Public
+ * License v3.0 only", or the "Server Side Public License, v 1".
+ */
+
+import * as commands from '..';
+import { EsqlQuery } from '../../../query';
+
+describe('commands.stats', () => {
+  describe('.list()', () => {
+    it('lists all "STATS" commands', () => {
+      const src = 'FROM index | LIMIT 1 | STATS agg() | LIMIT 2 | STATS max()';
+      const query = EsqlQuery.fromSrc(src);
+
+      const nodes = [...commands.stats.list(query.ast)];
+
+      expect(nodes).toMatchObject([
+        {
+          type: 'command',
+          name: 'stats',
+          args: [
+            {
+              type: 'function',
+              name: 'agg',
+            },
+          ],
+        },
+        {
+          type: 'command',
+          name: 'stats',
+          args: [
+            {
+              type: 'function',
+              name: 'max',
+            },
+          ],
+        },
+      ]);
+    });
+  });
+
+  describe('.byIndex()', () => {
+    it('retrieves the specific "STATS" command by index', () => {
+      const src = 'FROM index | LIMIT 1 | STATS agg() | LIMIT 2 | STATS max()';
+      const query = EsqlQuery.fromSrc(src);
+
+      const node1 = commands.stats.byIndex(query.ast, 1);
+      const node2 = commands.stats.byIndex(query.ast, 0);
+
+      expect(node1).toMatchObject({
+        type: 'command',
+        name: 'stats',
+        args: [
+          {
+            type: 'function',
+            name: 'max',
+          },
+        ],
+      });
+      expect(node2).toMatchObject({
+        type: 'command',
+        name: 'stats',
+        args: [
+          {
+            type: 'function',
+            name: 'agg',
+          },
+        ],
+      });
+    });
+  });
+
+  describe('.summarizeCommand()', () => {
+    it('returns summary of a simple field, defined through assignment', () => {
+      const src = 'FROM index | STATS foo = agg(bar)';
+      const query = EsqlQuery.fromSrc(src);
+
+      const command = commands.stats.byIndex(query.ast, 0)!;
+      const summary = commands.stats.summarizeCommand(query, command);
+
+      expect(summary).toMatchObject({
+        command,
+        aggregates: {
+          foo: {
+            arg: {
+              type: 'function',
+              name: '=',
+            },
+            field: 'foo',
+            column: {
+              type: 'column',
+              name: 'foo',
+            },
+            definition: {
+              type: 'function',
+              name: 'agg',
+              args: [
+                {
+                  type: 'column',
+                  name: 'bar',
+                },
+              ],
+            },
+            terminals: [
+              {
+                type: 'column',
+                name: 'bar',
+              },
+            ],
+            usedFields: new Set(['bar']),
+          },
+        },
+      });
+    });
+
+    it('can summarize field defined without assignment', () => {
+      const src = 'FROM index | STATS agg( /* haha 😅 */ max(foo), bar, baz)';
+      const query = EsqlQuery.fromSrc(src);
+
+      const command = commands.stats.byIndex(query.ast, 0)!;
+      const summary = commands.stats.summarizeCommand(query, command);
+
+      expect(summary).toMatchObject({
+        command,
+        aggregates: {
+          '`agg( /* haha 😅 */ max(foo), bar, baz)`': {
+            arg: {
+              type: 'function',
+              name: 'agg',
+            },
+            field: '`agg( /* haha 😅 */ max(foo), bar, baz)`',
+            column: {
+              type: 'column',
+              name: '`agg( /* haha 😅 */ max(foo), bar, baz)`',
+            },
+            definition: {
+              type: 'function',
+              name: 'agg',
+            },
+            terminals: [
+              {
+                type: 'column',
+                name: 'foo',
+              },
+              {
+                type: 'column',
+                name: 'bar',
+              },
+              {
+                type: 'column',
+                name: 'baz',
+              },
+            ],
+            usedFields: new Set(['foo', 'bar', 'baz']),
+          },
+        },
+      });
+    });
+
+    it('returns a map of stats about two fields', () => {
+      const src = 'FROM index | STATS foo = agg(f1) + agg(f2), a.b = agg(f3)';
+      const query = EsqlQuery.fromSrc(src);
+
+      const command = commands.stats.byIndex(query.ast, 0)!;
+      const summary = commands.stats.summarizeCommand(query, command);
+
+      expect(summary).toMatchObject({
+        aggregates: {
+          foo: {
+            field: 'foo',
+            usedFields: new Set(['f1', 'f2']),
+          },
+          'a.b': {
+            field: 'a.b',
+            usedFields: new Set(['f3']),
+          },
+        },
+      });
+      expect(summary.usedFields).toEqual(new Set(['f1', 'f2', 'f3']));
+    });
+
+    it('can get de-duplicated list of used fields', () => {
+      const src = 'FROM index | STATS foo = agg(f1) + agg(f2), a.b = agg(f1)';
+      const query = EsqlQuery.fromSrc(src);
+
+      const command = commands.stats.byIndex(query.ast, 0)!;
+      const summary = commands.stats.summarizeCommand(query, command);
+
+      expect(summary.usedFields).toEqual(new Set(['f1', 'f2']));
+    });
+
+    describe('params', () => {
+      it('can use params as source field names', () => {
+        const src = 'FROM index | STATS foo = agg(f1.?aha) + ?aha(?nested.?param), a.b = agg(f1)';
+        const query = EsqlQuery.fromSrc(src);
+
+        const command = commands.stats.byIndex(query.ast, 0)!;
+        const summary = commands.stats.summarizeCommand(query, command);
+
+        expect(summary).toMatchObject({
+          aggregates: {
+            foo: {
+              usedFields: new Set(['f1.?aha', '?nested.?param']),
+            },
+            'a.b': {
+              usedFields: new Set(['f1']),
+            },
+          },
+        });
+        expect(summary.usedFields).toEqual(new Set(['f1.?aha', '?nested.?param', 'f1']));
+      });
+
+      it('can use params as destination field names', () => {
+        const src = 'FROM index | STATS ?dest = agg(asdf) BY asdf';
+        const query = EsqlQuery.fromSrc(src);
+
+        const command = commands.stats.byIndex(query.ast, 0)!;
+        const summary = commands.stats.summarizeCommand(query, command);
+
+        expect(summary).toMatchObject({
+          aggregates: {
+            '?dest': {
+              usedFields: new Set(['asdf']),
+            },
+          },
+        });
+        expect(summary.usedFields).toEqual(new Set(['asdf']));
+      });
+    });
+
+    describe('BY option', () => {
+      it('can collect fields from the BY option', () => {
+        const src = 'FROM index | STATS max(1) BY abc';
+        const query = EsqlQuery.fromSrc(src);
+
+        const command = commands.stats.byIndex(query.ast, 0)!;
+        const summary = commands.stats.summarizeCommand(query, command);
+
+        expect(summary.aggregates).toEqual({
+          '`max(1)`': expect.any(Object),
+        });
+        expect(summary.usedFields).toEqual(new Set(['abc']));
+      });
+
+      it('returns all "grouping" fields', () => {
+        const src = 'FROM index | STATS max(1) BY a, b, c';
+        const query = EsqlQuery.fromSrc(src);
+
+        const command = commands.stats.byIndex(query.ast, 0)!;
+        const summary = commands.stats.summarizeCommand(query, command);
+
+        expect(summary.aggregates).toEqual({
+          '`max(1)`': expect.any(Object),
+        });
+        expect(summary.grouping).toMatchObject({
+          a: expect.any(Object),
+          b: expect.any(Object),
+          c: expect.any(Object),
+        });
+      });
+
+      it('returns grouping destination fields', () => {
+        const src = 'FROM index | STATS max(1) BY a, b, c';
+        const query = EsqlQuery.fromSrc(src);
+
+        const command = commands.stats.byIndex(query.ast, 0)!;
+        const summary = commands.stats.summarizeCommand(query, command);
+
+        expect(summary.aggregates).toEqual({
+          '`max(1)`': expect.any(Object),
+        });
+        expect(summary.grouping).toMatchObject({
+          a: expect.any(Object),
+          b: expect.any(Object),
+          c: expect.any(Object),
+        });
+        expect(summary.usedFields).toEqual(new Set(['a', 'b', 'c']));
+      });
+
+      it('returns grouping "used" fields', () => {
+        const src = 'FROM index | STATS max(1) BY a, b, c';
+        const query = EsqlQuery.fromSrc(src);
+
+        const command = commands.stats.byIndex(query.ast, 0)!;
+        const summary = commands.stats.summarizeCommand(query, command);
+
+        expect(summary.grouping).toMatchObject({
+          a: expect.any(Object),
+          b: expect.any(Object),
+          c: expect.any(Object),
+        });
+        expect(summary.usedFields).toEqual(new Set(['a', 'b', 'c']));
+      });
+
+      it('can have params and quoted fields in grouping', () => {
+        const src = 'FROM index | STATS max(1) BY `a😎`, ?123, a.?b.?0.`😎`';
+        const query = EsqlQuery.fromSrc(src);
+
+        const command = commands.stats.byIndex(query.ast, 0)!;
+        const summary = commands.stats.summarizeCommand(query, command);
+
+        expect(summary.aggregates).toEqual({
+          '`max(1)`': expect.any(Object),
+        });
+        expect(summary.grouping).toMatchObject({
+          '`a😎`': expect.any(Object),
+          // '?123': expect.any(Object),
+          'a.?b.?0.`😎`': expect.any(Object),
+        });
+      });
+    });
+  });
+
+  describe('.summarize()', () => {
+    it('can summarize multiple stats commands', () => {
+      const src = 'FROM index | LIMIT 1 | STATS agg() | LIMIT 2 | STATS max(a, b, c), max2(d.e)';
+      const query = EsqlQuery.fromSrc(src);
+      const summary = commands.stats.summarize(query);
+
+      expect(summary).toMatchObject([
+        {
+          aggregates: {
+            '`agg()`': {
+              field: '`agg()`',
+              usedFields: new Set(),
+            },
+          },
+          usedFields: new Set([]),
+        },
+        {
+          aggregates: {
+            '`max(a, b, c)`': {
+              field: '`max(a, b, c)`',
+              usedFields: new Set(['a', 'b', 'c']),
+            },
+            '`max2(d.e)`': {
+              field: '`max2(d.e)`',
+              usedFields: new Set(['d.e']),
+            },
+          },
+          usedFields: new Set(['a', 'b', 'c', 'd.e']),
+        },
+      ]);
+    });
+
+    it('return used fields from BY clause', () => {
+      const src = 'FROM index | STATS agg(1) BY x, y = z, i = max(agg(1, 2, 3, ttt))';
+      const query = EsqlQuery.fromSrc(src);
+      const summary = commands.stats.summarize(query);
+
+      expect(summary).toMatchObject([
+        {
+          usedFields: new Set(['x', 'z', 'ttt']),
+        },
+      ]);
+    });
+
+    it('correctly returns used fields', () => {
+      const src =
+        'FROM index | LIMIT 1 | STATS agg(a, b), agg(c, a), d = agg(e) | LIMIT 2 | STATS max(a, b, c), max2(d.e) BY x, y = z, i = max(agg(1, 2, 3, ttt))';
+      const query = EsqlQuery.fromSrc(src);
+      const summary = commands.stats.summarize(query);
+
+      expect(summary).toMatchObject([
+        {
+          usedFields: new Set(['a', 'b', 'c', 'e']),
+        },
+        {
+          usedFields: new Set(['a', 'b', 'c', 'd.e', 'x', 'z', 'ttt']),
+        },
+      ]);
+    });
+
+    it('correctly returns new fields', () => {
+      const src =
+        'FROM index | LIMIT 1 | STATS agg(a, b), agg(c, a), d = agg(e) | LIMIT 2 | STATS max(a, b, c), max2(d.e) BY x, y = z, i = max(agg(1, 2, 3, ttt))';
+      const query = EsqlQuery.fromSrc(src);
+      const summary = commands.stats.summarize(query);
+
+      expect(summary).toMatchObject([
+        {
+          newFields: new Set(['`agg(a, b)`', '`agg(c, a)`', 'd']),
+        },
+        {
+          newFields: new Set(['`max(a, b, c)`', '`max2(d.e)`', 'x', 'y', 'i']),
+        },
+      ]);
+    });
+  });
+});
diff --git a/packages/kbn-esql-ast/src/mutate/commands/stats/index.ts b/packages/kbn-esql-ast/src/mutate/commands/stats/index.ts
new file mode 100644
index 0000000000000..ae766bb2369d0
--- /dev/null
+++ b/packages/kbn-esql-ast/src/mutate/commands/stats/index.ts
@@ -0,0 +1,263 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the "Elastic License
+ * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side
+ * Public License v 1"; you may not use this file except in compliance with, at
+ * your election, the "Elastic License 2.0", the "GNU Affero General Public
+ * License v3.0 only", or the "Server Side Public License, v 1".
+ */
+
+import { Walker } from '../../../walker';
+import { Visitor } from '../../../visitor';
+import { LeafPrinter } from '../../../pretty_print';
+import { Builder } from '../../../builder';
+import { singleItems } from '../../../visitor/utils';
+import type {
+  ESQLAstQueryExpression,
+  ESQLColumn,
+  ESQLCommand,
+  ESQLList,
+  ESQLLiteral,
+  ESQLParamLiteral,
+  ESQLProperNode,
+  ESQLTimeInterval,
+} from '../../../types';
+import * as generic from '../../generic';
+import { isColumn, isFunctionExpression, isParamLiteral } from '../../../ast/helpers';
+import type { EsqlQuery } from '../../../query';
+
+/**
+ * Lists all "LIMIT" commands in the query AST.
+ *
+ * @param ast The root AST node to search for "LIMIT" commands.
+ * @returns A collection of "LIMIT" commands.
+ */
+export const list = (ast: ESQLAstQueryExpression): IterableIterator<ESQLCommand> => {
+  return generic.commands.list(ast, (cmd) => cmd.name === 'stats');
+};
+
+/**
+ * Retrieves the "LIMIT" command at the specified index in order of appearance.
+ *
+ * @param ast The root AST node to search for "LIMIT" commands.
+ * @param index The index of the "LIMIT" command to retrieve.
+ * @returns The "LIMIT" command at the specified index, if any.
+ */
+export const byIndex = (ast: ESQLAstQueryExpression, index: number): ESQLCommand | undefined => {
+  return [...list(ast)][index];
+};
+
+/**
+ * Summary of a STATS command.
+ */
+export interface StatsCommandSummary {
+  /**
+   * The "STATS" command AST node from which this summary was produced.
+   */
+  command: ESQLCommand;
+
+  /**
+   * Summary of the main arguments of the "STATS" command.
+   */
+  aggregates: Record<string, StatsFieldSummary>;
+
+  /**
+   * Summary of the "BY" arguments of the "STATS" command.
+   */
+  grouping: Record<string, StatsFieldSummary>;
+
+  /**
+   * A formatted list of field names which were newly created by the
+   * STATS command.
+   */
+  newFields: Set<string>;
+
+  /**
+   * De-duplicated list all of field names, which were used to as-is or to
+   * construct new fields. The fields are correctly formatted according to
+   * ES|QL column formatting rules.
+   */
+  usedFields: Set<string>;
+}
+
+/**
+ * Summary of STATS command "aggregates" section (main arguments).
+ *
+ *    STATS <aggregates> [ BY <grouping> ]
+ */
+export interface StatsFieldSummary {
+  /**
+   * STATS command argument AST node (as was parsed).
+   */
+  arg: ESQLProperNode;
+
+  /**
+   * The field name, correctly formatted, extracted from the AST.
+   */
+  field: string;
+
+  /**
+   * A `column` or param AST node, which represents the field name. If no column
+   * AST node was found, a new one "virtual" column node is created.
+   */
+  column: ESQLColumn | ESQLParamLiteral;
+
+  /**
+   * The definition of the field, which is the right-hand side of the `=`
+   * operator, or the argument itself if no `=` operator is present.
+   */
+  definition: ESQLProperNode;
+
+  /**
+   * A list of terminal nodes that were found in the definition.
+   */
+  terminals: Array<ESQLColumn | ESQLLiteral | ESQLList | ESQLTimeInterval>;
+
+  /**
+   * A formatted list of field names which were used for new field
+   * construction. For example, in the below example, `x` and `y` are the
+   * existing "used" fields:
+   *
+   * ```
+   * STATS foo = agg(x) BY y, bar = x
+   * ```
+   */
+  usedFields: Set<string>;
+}
+
+const summarizeArgParts = (
+  query: EsqlQuery,
+  arg: ESQLProperNode
+): [field: string, column: ESQLColumn | ESQLParamLiteral, definition: ESQLProperNode] => {
+  if (isParamLiteral(arg)) {
+    return [LeafPrinter.param(arg), arg, arg];
+  }
+
+  if (isColumn(arg)) {
+    return [LeafPrinter.column(arg), arg, arg];
+  }
+
+  if (isFunctionExpression(arg) && arg.name === '=' && isColumn(arg.args[0])) {
+    const [column, definition] = singleItems(arg.args);
+
+    return [
+      LeafPrinter.column(column as ESQLColumn),
+      column as ESQLColumn,
+      definition as ESQLProperNode,
+    ];
+  }
+
+  const name = [...query.src].slice(arg.location.min, arg.location.max + 1).join('');
+  const args = [Builder.identifier({ name })];
+  const column = Builder.expression.column({ args });
+
+  return [LeafPrinter.column(column), column, arg];
+};
+
+const summarizeField = (query: EsqlQuery, arg: ESQLProperNode): StatsFieldSummary => {
+  const [field, column, definition] = summarizeArgParts(query, arg);
+  const terminals: StatsFieldSummary['terminals'] = [];
+  const usedFields: StatsFieldSummary['usedFields'] = new Set();
+
+  Walker.walk(definition, {
+    visitLiteral(node) {
+      terminals.push(node);
+    },
+    visitColumn(node) {
+      terminals.push(node);
+      usedFields.add(LeafPrinter.column(node));
+    },
+    visitListLiteral(node) {
+      terminals.push(node);
+    },
+    visitTimeIntervalLiteral(node) {
+      terminals.push(node);
+    },
+  });
+
+  const summary: StatsFieldSummary = {
+    arg,
+    field,
+    column,
+    definition,
+    terminals,
+    usedFields,
+  };
+
+  return summary;
+};
+
+/**
+ * Returns a summary of the STATS command.
+ *
+ * @param query Query which contains the AST and source code.
+ * @param command The STATS command AST node to summarize.
+ * @returns Summary of the STATS command.
+ */
+export const summarizeCommand = (query: EsqlQuery, command: ESQLCommand): StatsCommandSummary => {
+  const aggregates: StatsCommandSummary['aggregates'] = {};
+  const grouping: StatsCommandSummary['grouping'] = {};
+  const newFields: StatsCommandSummary['newFields'] = new Set();
+  const usedFields: StatsCommandSummary['usedFields'] = new Set();
+
+  // Process main arguments, the "aggregates" part of the command.
+  new Visitor()
+    .on('visitExpression', (ctx) => {
+      const summary = summarizeField(query, ctx.node);
+      aggregates[summary.field] = summary;
+      newFields.add(summary.field);
+      for (const field of summary.usedFields) usedFields.add(field);
+    })
+    .on('visitCommand', () => {})
+    .on('visitStatsCommand', (ctx) => {
+      for (const _ of ctx.visitArguments());
+    })
+    .visitCommand(command);
+
+  // Process the "BY" arguments, the "grouping" part of the command.
+  new Visitor()
+    .on('visitExpression', (ctx) => {
+      const node = ctx.node;
+      const summary = summarizeField(query, node);
+      newFields.add(summary.field);
+      for (const field of summary.usedFields) usedFields.add(field);
+      grouping[summary.field] = summary;
+    })
+    .on('visitCommandOption', (ctx) => {
+      if (ctx.node.name !== 'by') return;
+      for (const _ of ctx.visitArguments());
+    })
+    .on('visitCommand', () => {})
+    .on('visitStatsCommand', (ctx) => {
+      for (const _ of ctx.visitOptions());
+    })
+    .visitCommand(command);
+
+  const summary: StatsCommandSummary = {
+    command,
+    aggregates,
+    grouping,
+    newFields,
+    usedFields,
+  };
+
+  return summary;
+};
+
+/**
+ * Summarizes all STATS commands in the query.
+ *
+ * @param query Query to summarize.
+ * @returns Returns a list of summaries for all STATS commands in the query in
+ *     order of appearance.
+ */
+export const summarize = (query: EsqlQuery): StatsCommandSummary[] => {
+  const summaries: StatsCommandSummary[] = [];
+
+  for (const command of list(query.ast)) {
+    const summary = summarizeCommand(query, command);
+    summaries.push(summary);
+  }
+
+  return summaries;
+};
diff --git a/packages/kbn-esql-ast/src/query/query.ts b/packages/kbn-esql-ast/src/query/query.ts
index 60435cc64c977..66c9fd58df085 100644
--- a/packages/kbn-esql-ast/src/query/query.ts
+++ b/packages/kbn-esql-ast/src/query/query.ts
@@ -15,6 +15,10 @@ import {
   WrappingPrettyPrinterOptions,
 } from '../pretty_print/wrapping_pretty_printer';
 
+/**
+ * Represents a parsed or programmatically created ES|QL query. Keeps track of
+ * the AST, source code, and optionally lexer tokens.
+ */
 export class EsqlQuery {
   public static readonly fromSrc = (src: string, opts?: ParseOptions): EsqlQuery => {
     const { root, tokens } = parse(src, opts);
diff --git a/packages/kbn-esql-utils/index.ts b/packages/kbn-esql-utils/index.ts
index ee47c0321e2e3..0956816c59ed7 100644
--- a/packages/kbn-esql-utils/index.ts
+++ b/packages/kbn-esql-utils/index.ts
@@ -31,7 +31,9 @@ export {
   getQueryColumnsFromESQLQuery,
   isESQLColumnSortable,
   isESQLColumnGroupable,
+  isESQLFieldGroupable,
   TextBasedLanguages,
+  queryCannotBeSampled,
 } from './src';
 
 export { ENABLE_ESQL, FEEDBACK_LINK } from './constants';
diff --git a/packages/kbn-esql-utils/src/index.ts b/packages/kbn-esql-utils/src/index.ts
index cf530be20d7ae..d56a56c62d6ba 100644
--- a/packages/kbn-esql-utils/src/index.ts
+++ b/packages/kbn-esql-utils/src/index.ts
@@ -22,6 +22,7 @@ export {
   retrieveMetadataColumns,
   getQueryColumnsFromESQLQuery,
 } from './utils/query_parsing_helpers';
+export { queryCannotBeSampled } from './utils/query_cannot_be_sampled';
 export { appendToESQLQuery, appendWhereClauseToESQLQuery } from './utils/append_to_query';
 export {
   getESQLQueryColumns,
@@ -31,4 +32,8 @@ export {
   getStartEndParams,
   hasStartEndParams,
 } from './utils/run_query';
-export { isESQLColumnSortable, isESQLColumnGroupable } from './utils/esql_fields_utils';
+export {
+  isESQLColumnSortable,
+  isESQLColumnGroupable,
+  isESQLFieldGroupable,
+} from './utils/esql_fields_utils';
diff --git a/packages/kbn-esql-utils/src/utils/esql_fields_utils.test.ts b/packages/kbn-esql-utils/src/utils/esql_fields_utils.test.ts
index bfc3a4d6708f0..5bf9980d4ae78 100644
--- a/packages/kbn-esql-utils/src/utils/esql_fields_utils.test.ts
+++ b/packages/kbn-esql-utils/src/utils/esql_fields_utils.test.ts
@@ -7,7 +7,12 @@
  * License v3.0 only", or the "Server Side Public License, v 1".
  */
 import type { DatatableColumn } from '@kbn/expressions-plugin/common';
-import { isESQLColumnSortable, isESQLColumnGroupable } from './esql_fields_utils';
+import {
+  isESQLColumnSortable,
+  isESQLColumnGroupable,
+  isESQLFieldGroupable,
+} from './esql_fields_utils';
+import type { FieldSpec } from '@kbn/data-views-plugin/common';
 
 describe('esql fields helpers', () => {
   describe('isESQLColumnSortable', () => {
@@ -104,4 +109,46 @@ describe('esql fields helpers', () => {
       expect(isESQLColumnGroupable(keywordField)).toBeTruthy();
     });
   });
+
+  describe('isESQLFieldGroupable', () => {
+    it('returns false for unsupported fields', () => {
+      const fieldSpec: FieldSpec = {
+        name: 'unsupported',
+        type: 'unknown',
+        esTypes: ['unknown'],
+        searchable: true,
+        aggregatable: false,
+        isNull: false,
+      };
+
+      expect(isESQLFieldGroupable(fieldSpec)).toBeFalsy();
+    });
+
+    it('returns false for counter fields', () => {
+      const fieldSpec: FieldSpec = {
+        name: 'tsbd_counter',
+        type: 'number',
+        esTypes: ['long'],
+        timeSeriesMetric: 'counter',
+        searchable: true,
+        aggregatable: false,
+        isNull: false,
+      };
+
+      expect(isESQLFieldGroupable(fieldSpec)).toBeFalsy();
+    });
+
+    it('returns true for everything else', () => {
+      const fieldSpec: FieldSpec = {
+        name: 'sortable',
+        type: 'string',
+        esTypes: ['keyword'],
+        searchable: true,
+        aggregatable: false,
+        isNull: false,
+      };
+
+      expect(isESQLFieldGroupable(fieldSpec)).toBeTruthy();
+    });
+  });
 });
diff --git a/packages/kbn-esql-utils/src/utils/esql_fields_utils.ts b/packages/kbn-esql-utils/src/utils/esql_fields_utils.ts
index e2c5c785f8f58..fa0ae534197f6 100644
--- a/packages/kbn-esql-utils/src/utils/esql_fields_utils.ts
+++ b/packages/kbn-esql-utils/src/utils/esql_fields_utils.ts
@@ -7,6 +7,7 @@
  * License v3.0 only", or the "Server Side Public License, v 1".
  */
 
+import type { FieldSpec } from '@kbn/data-views-plugin/common';
 import type { DatatableColumn } from '@kbn/expressions-plugin/common';
 
 const SPATIAL_FIELDS = ['geo_point', 'geo_shape', 'point', 'shape'];
@@ -40,22 +41,30 @@ export const isESQLColumnSortable = (column: DatatableColumn): boolean => {
   return true;
 };
 
+// Helper function to check if a field is groupable based on its type and esType
+const isGroupable = (type: string | undefined, esType: string | undefined): boolean => {
+  // we don't allow grouping on the unknown field types
+  if (type === UNKNOWN_FIELD) {
+    return false;
+  }
+  // we don't allow grouping on tsdb counter fields
+  if (esType && esType.indexOf(TSDB_COUNTER_FIELDS_PREFIX) !== -1) {
+    return false;
+  }
+  return true;
+};
+
 /**
  * Check if a column is groupable (| STATS ... BY <column>).
  *
  * @param column The DatatableColumn of the field.
  * @returns True if the column is groupable, false otherwise.
  */
-
 export const isESQLColumnGroupable = (column: DatatableColumn): boolean => {
-  // we don't allow grouping on the unknown field types
-  if (column.meta?.type === UNKNOWN_FIELD) {
-    return false;
-  }
-  // we don't allow grouping on tsdb counter fields
-  if (column.meta?.esType && column.meta?.esType?.indexOf(TSDB_COUNTER_FIELDS_PREFIX) !== -1) {
-    return false;
-  }
+  return isGroupable(column.meta?.type, column.meta?.esType);
+};
 
-  return true;
+export const isESQLFieldGroupable = (field: FieldSpec): boolean => {
+  if (field.timeSeriesMetric === 'counter') return false;
+  return isGroupable(field.type, field.esTypes?.[0]);
 };
diff --git a/packages/kbn-esql-utils/src/utils/query_cannot_be_sampled.test.ts b/packages/kbn-esql-utils/src/utils/query_cannot_be_sampled.test.ts
new file mode 100644
index 0000000000000..e0ff5d01be411
--- /dev/null
+++ b/packages/kbn-esql-utils/src/utils/query_cannot_be_sampled.test.ts
@@ -0,0 +1,44 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the "Elastic License
+ * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side
+ * Public License v 1"; you may not use this file except in compliance with, at
+ * your election, the "Elastic License 2.0", the "GNU Affero General Public
+ * License v3.0 only", or the "Server Side Public License, v 1".
+ */
+import { queryCannotBeSampled } from './query_cannot_be_sampled';
+describe('queryCannotBeSampled', () => {
+  it('should return true if query contains "match" function', () => {
+    expect(queryCannotBeSampled({ esql: 'FROM index | where match(field, "value")' })).toBe(true);
+    expect(queryCannotBeSampled({ esql: 'FROM index | where match()' })).toBe(true);
+    expect(queryCannotBeSampled({ esql: 'FROM index | where MATCH()' })).toBe(true);
+    expect(queryCannotBeSampled({ esql: 'FROM index | where MATCH(fieldName,)' })).toBe(true);
+    expect(queryCannotBeSampled({ esql: 'FROM index | where MATCH(,)' })).toBe(true);
+  });
+
+  it('should return true if query contains "qstr" function', () => {
+    expect(queryCannotBeSampled({ esql: 'FROM index | where qstr(field, "value")' })).toBe(true);
+    expect(queryCannotBeSampled({ esql: 'FROM index | where qstr()' })).toBe(true);
+    expect(queryCannotBeSampled({ esql: 'FROM index | where QSTR()' })).toBe(true);
+  });
+
+  it('should return false if query contains names', () => {
+    expect(queryCannotBeSampled({ esql: 'FROM index | eval match =' })).toBe(false);
+    expect(queryCannotBeSampled({ esql: 'FROM index | eval MATCH =' })).toBe(false);
+    expect(queryCannotBeSampled({ esql: 'FROM index | eval qstr =' })).toBe(false);
+  });
+
+  it('should return false if query does not contain unsamplable functions', () => {
+    expect(queryCannotBeSampled({ esql: 'FROM index | eval otherFunction(field, "value")' })).toBe(
+      false
+    );
+    expect(queryCannotBeSampled({ esql: 'FROM index | where otherFunction(field, "value")' })).toBe(
+      false
+    );
+  });
+
+  it('should return false if query is undefined', () => {
+    expect(queryCannotBeSampled(undefined)).toBe(false);
+    expect(queryCannotBeSampled(null)).toBe(false);
+  });
+});
diff --git a/packages/kbn-esql-utils/src/utils/query_cannot_be_sampled.ts b/packages/kbn-esql-utils/src/utils/query_cannot_be_sampled.ts
new file mode 100644
index 0000000000000..c4cbd34e75371
--- /dev/null
+++ b/packages/kbn-esql-utils/src/utils/query_cannot_be_sampled.ts
@@ -0,0 +1,46 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the "Elastic License
+ * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side
+ * Public License v 1"; you may not use this file except in compliance with, at
+ * your election, the "Elastic License 2.0", the "GNU Affero General Public
+ * License v3.0 only", or the "Server Side Public License, v 1".
+ */
+import type { AggregateQuery, Query } from '@kbn/es-query';
+import { Walker } from '@kbn/esql-ast';
+import { parse } from '@kbn/esql-ast';
+import { isOfAggregateQueryType } from '@kbn/es-query';
+
+/**
+ * Check if the query contains any of the function names being passed in
+ * @param query
+ * @param functions list of function names to check for
+ * @returns
+ */
+export const queryContainsFunction = (
+  query: AggregateQuery | Query | { [key: string]: any } | undefined | null,
+  functions: string[]
+): boolean => {
+  if (query && isOfAggregateQueryType(query)) {
+    const { root } = parse(query.esql);
+    return functions.some(
+      (f) =>
+        Walker.hasFunction(root, f) ||
+        // Walker API expects valid queries so we need to do additional check for partial matches
+        root.commands.some((c) => c.text.toLowerCase().includes(`${f}(`))
+    );
+  }
+  return false;
+};
+
+const UNSAMPLABLE_FUNCTIONS = ['match', 'qstr'];
+/**
+ * Check if the query contains any function that cannot be used after LIMIT clause
+ * @param query
+ * @returns
+ */
+export const queryCannotBeSampled = (
+  query: AggregateQuery | Query | { [key: string]: any } | undefined | null
+): boolean => {
+  return queryContainsFunction(query, UNSAMPLABLE_FUNCTIONS);
+};
diff --git a/packages/kbn-esql-validation-autocomplete/scripts/generate_function_definitions.ts b/packages/kbn-esql-validation-autocomplete/scripts/generate_function_definitions.ts
index 4f649b44e44b8..8462f9e2a050b 100644
--- a/packages/kbn-esql-validation-autocomplete/scripts/generate_function_definitions.ts
+++ b/packages/kbn-esql-validation-autocomplete/scripts/generate_function_definitions.ts
@@ -13,7 +13,7 @@ import { join } from 'path';
 import _ from 'lodash';
 import type { RecursivePartial } from '@kbn/utility-types';
 import { FunctionDefinition } from '../src/definitions/types';
-
+import { FULL_TEXT_SEARCH_FUNCTIONS } from '../src/shared/constants';
 const aliasTable: Record<string, string[]> = {
   to_version: ['to_ver'],
   to_unsigned_long: ['to_ul', 'to_ulong'],
@@ -246,12 +246,25 @@ const convertDateTime = (s: string) => (s === 'datetime' ? 'date' : s);
  * @returns
  */
 function getFunctionDefinition(ESFunctionDefinition: Record<string, any>): FunctionDefinition {
+  let supportedCommandsAndOptions: Pick<
+    FunctionDefinition,
+    'supportedCommands' | 'supportedOptions'
+  > =
+    ESFunctionDefinition.type === 'eval'
+      ? scalarSupportedCommandsAndOptions
+      : aggregationSupportedCommandsAndOptions;
+
+  // MATCH and QSRT has limited supported for where commands only
+  if (FULL_TEXT_SEARCH_FUNCTIONS.includes(ESFunctionDefinition.name)) {
+    supportedCommandsAndOptions = {
+      supportedCommands: ['where'],
+      supportedOptions: [],
+    };
+  }
   const ret = {
     type: ESFunctionDefinition.type,
     name: ESFunctionDefinition.name,
-    ...(ESFunctionDefinition.type === 'eval'
-      ? scalarSupportedCommandsAndOptions
-      : aggregationSupportedCommandsAndOptions),
+    ...supportedCommandsAndOptions,
     description: ESFunctionDefinition.description,
     alias: aliasTable[ESFunctionDefinition.name],
     ignoreAsSuggestion: ESFunctionDefinition.snapshot_only,
@@ -259,10 +272,14 @@ function getFunctionDefinition(ESFunctionDefinition: Record<string, any>): Funct
     signatures: _.uniqBy(
       ESFunctionDefinition.signatures.map((signature: any) => ({
         ...signature,
-        params: signature.params.map((param: any) => ({
+        params: signature.params.map((param: any, idx: number) => ({
           ...param,
           type: convertDateTime(param.type),
           description: undefined,
+          ...(idx === 0 && FULL_TEXT_SEARCH_FUNCTIONS.includes(ESFunctionDefinition.name)
+            ? // Default to false. If set to true, this parameter does not accept a function or literal, only fields.
+              { fieldsOnly: true }
+            : {}),
         })),
         returnType: convertDateTime(signature.returnType),
         variadic: undefined, // we don't support variadic property
diff --git a/packages/kbn-esql-validation-autocomplete/src/autocomplete/__tests__/autocomplete.command.where.test.ts b/packages/kbn-esql-validation-autocomplete/src/autocomplete/__tests__/autocomplete.command.where.test.ts
index 3345f7646e2ff..3931480d739a4 100644
--- a/packages/kbn-esql-validation-autocomplete/src/autocomplete/__tests__/autocomplete.command.where.test.ts
+++ b/packages/kbn-esql-validation-autocomplete/src/autocomplete/__tests__/autocomplete.command.where.test.ts
@@ -39,7 +39,7 @@ describe('WHERE <expression>', () => {
           .map((name) => `${name} `)
           .map(attachTriggerCommand),
         attachTriggerCommand('var0 '),
-        ...allEvalFns,
+        ...allEvalFns.filter((fn) => fn.label !== 'QSTR'),
       ],
       {
         callbacks: {
diff --git a/packages/kbn-esql-validation-autocomplete/src/autocomplete/__tests__/autocomplete.suggest.eval.test.ts b/packages/kbn-esql-validation-autocomplete/src/autocomplete/__tests__/autocomplete.suggest.eval.test.ts
index 5c67bfedbae75..aae715ee66749 100644
--- a/packages/kbn-esql-validation-autocomplete/src/autocomplete/__tests__/autocomplete.suggest.eval.test.ts
+++ b/packages/kbn-esql-validation-autocomplete/src/autocomplete/__tests__/autocomplete.suggest.eval.test.ts
@@ -371,7 +371,7 @@ describe('autocomplete.suggest', () => {
       for (const fn of scalarFunctionDefinitions) {
         // skip this fn for the moment as it's quite hard to test
         // Add match in the text when the autocomplete is ready https://github.com/elastic/kibana/issues/196995
-        if (!['bucket', 'date_extract', 'date_diff', 'case', 'match'].includes(fn.name)) {
+        if (!['bucket', 'date_extract', 'date_diff', 'case', 'match', 'qstr'].includes(fn.name)) {
           test(`${fn.name}`, async () => {
             const testedCases = new Set<string>();
 
diff --git a/packages/kbn-esql-validation-autocomplete/src/autocomplete/__tests__/helpers.ts b/packages/kbn-esql-validation-autocomplete/src/autocomplete/__tests__/helpers.ts
index 9964fc96d00ca..2221f4dc1582f 100644
--- a/packages/kbn-esql-validation-autocomplete/src/autocomplete/__tests__/helpers.ts
+++ b/packages/kbn-esql-validation-autocomplete/src/autocomplete/__tests__/helpers.ts
@@ -121,7 +121,7 @@ export const policies = [
  * @returns
  */
 export function getFunctionSignaturesByReturnType(
-  command: string,
+  command: string | string[],
   _expectedReturnType: Readonly<FunctionReturnType | 'any' | Array<FunctionReturnType | 'any'>>,
   {
     agg,
@@ -165,12 +165,16 @@ export function getFunctionSignaturesByReturnType(
 
   const deduped = Array.from(new Set(list));
 
+  const commands = Array.isArray(command) ? command : [command];
   return deduped
     .filter(({ signatures, ignoreAsSuggestion, supportedCommands, supportedOptions, name }) => {
       if (ignoreAsSuggestion) {
         return false;
       }
-      if (!supportedCommands.includes(command) && !supportedOptions?.includes(option || '')) {
+      if (
+        !commands.some((c) => supportedCommands.includes(c)) &&
+        !supportedOptions?.includes(option || '')
+      ) {
         return false;
       }
       const filteredByReturnType = signatures.filter(
diff --git a/packages/kbn-esql-validation-autocomplete/src/autocomplete/autocomplete.ts b/packages/kbn-esql-validation-autocomplete/src/autocomplete/autocomplete.ts
index bae10b4c321f4..2a37155358e85 100644
--- a/packages/kbn-esql-validation-autocomplete/src/autocomplete/autocomplete.ts
+++ b/packages/kbn-esql-validation-autocomplete/src/autocomplete/autocomplete.ts
@@ -10,6 +10,7 @@
 import { uniq, uniqBy } from 'lodash';
 import type {
   AstProviderFn,
+  ESQLAst,
   ESQLAstItem,
   ESQLCommand,
   ESQLCommandOption,
@@ -151,14 +152,16 @@ export async function suggest(
   astProvider: AstProviderFn,
   resourceRetriever?: ESQLCallbacks
 ): Promise<SuggestionRawDefinition[]> {
+  // Partition out to inner ast / ast context for the latest command
   const innerText = fullText.substring(0, offset);
-
   const correctedQuery = correctQuerySyntax(innerText, context);
-
   const { ast } = await astProvider(correctedQuery);
-
   const astContext = getAstContext(innerText, ast, offset);
 
+  // But we also need the full ast for the full query
+  const correctedFullQuery = correctQuerySyntax(fullText, context);
+  const { ast: fullAst } = await astProvider(correctedFullQuery);
+
   if (astContext.type === 'comment') {
     return [];
   }
@@ -216,7 +219,8 @@ export async function suggest(
       getFieldsMap,
       getPolicies,
       getPolicyMetadata,
-      resourceRetriever?.getPreferences
+      resourceRetriever?.getPreferences,
+      fullAst
     );
   }
   if (astContext.type === 'setting') {
@@ -394,7 +398,8 @@ async function getSuggestionsWithinCommandExpression(
   getFieldsMap: GetFieldsMapFn,
   getPolicies: GetPoliciesFn,
   getPolicyMetadata: GetPolicyMetadataFn,
-  getPreferences?: () => Promise<{ histogramBarTarget: number } | undefined>
+  getPreferences?: () => Promise<{ histogramBarTarget: number } | undefined>,
+  fullAst?: ESQLAst
 ) {
   const commandDef = getCommandDefinition(command.name);
 
@@ -413,7 +418,8 @@ async function getSuggestionsWithinCommandExpression(
       () => findNewVariable(anyVariables),
       (expression: ESQLAstItem | undefined) =>
         getExpressionType(expression, references.fields, references.variables),
-      getPreferences
+      getPreferences,
+      fullAst
     );
   } else {
     // The deprecated path.
@@ -1173,19 +1179,21 @@ async function getFunctionArgsSuggestions(
     );
 
     // Functions
-    suggestions.push(
-      ...getFunctionSuggestions({
-        command: command.name,
-        option: option?.name,
-        returnTypes: canBeBooleanCondition
-          ? ['any']
-          : (getTypesFromParamDefs(typesToSuggestNext) as string[]),
-        ignored: fnToIgnore,
-      }).map((suggestion) => ({
-        ...suggestion,
-        text: addCommaIf(shouldAddComma, suggestion.text),
-      }))
-    );
+    if (typesToSuggestNext.every((d) => !d.fieldsOnly)) {
+      suggestions.push(
+        ...getFunctionSuggestions({
+          command: command.name,
+          option: option?.name,
+          returnTypes: canBeBooleanCondition
+            ? ['any']
+            : (getTypesFromParamDefs(typesToSuggestNext) as string[]),
+          ignored: fnToIgnore,
+        }).map((suggestion) => ({
+          ...suggestion,
+          text: addCommaIf(shouldAddComma, suggestion.text),
+        }))
+      );
+    }
     // could also be in stats (bucket) but our autocomplete is not great yet
     if (
       (getTypesFromParamDefs(typesToSuggestNext).includes('date') &&
diff --git a/packages/kbn-esql-validation-autocomplete/src/autocomplete/commands/where/index.ts b/packages/kbn-esql-validation-autocomplete/src/autocomplete/commands/where/index.ts
index dc2ab341e961e..a7d381538f738 100644
--- a/packages/kbn-esql-validation-autocomplete/src/autocomplete/commands/where/index.ts
+++ b/packages/kbn-esql-validation-autocomplete/src/autocomplete/commands/where/index.ts
@@ -13,6 +13,7 @@ import {
   type ESQLCommand,
   type ESQLSingleAstItem,
   type ESQLFunction,
+  ESQLAst,
 } from '@kbn/esql-ast';
 import { logicalOperators } from '../../../definitions/builtin';
 import { isParameterType, type SupportedDataType } from '../../../definitions/types';
@@ -27,6 +28,10 @@ import {
 import { getOverlapRange, getSuggestionsToRightOfOperatorExpression } from '../../helper';
 import { getPosition } from './util';
 import { pipeCompleteItem } from '../../complete_items';
+import {
+  UNSUPPORTED_COMMANDS_BEFORE_MATCH,
+  UNSUPPORTED_COMMANDS_BEFORE_QSTR,
+} from '../../../shared/constants';
 
 export async function suggest(
   innerText: string,
@@ -35,7 +40,8 @@ export async function suggest(
   _columnExists: (column: string) => boolean,
   _getSuggestedVariableName: () => string,
   getExpressionType: (expression: ESQLAstItem | undefined) => SupportedDataType | 'unknown',
-  _getPreferences?: () => Promise<{ histogramBarTarget: number } | undefined>
+  _getPreferences?: () => Promise<{ histogramBarTarget: number } | undefined>,
+  fullTextAst?: ESQLAst
 ): Promise<SuggestionRawDefinition[]> {
   const suggestions: SuggestionRawDefinition[] = [];
 
@@ -154,11 +160,25 @@ export async function suggest(
       break;
 
     case 'empty_expression':
+      // Don't suggest MATCH or QSTR after unsupported commands
+      const priorCommands = fullTextAst?.map((a) => a.name) ?? [];
+      const ignored = [];
+      if (priorCommands.some((c) => UNSUPPORTED_COMMANDS_BEFORE_MATCH.has(c))) {
+        ignored.push('match');
+      }
+      if (priorCommands.some((c) => UNSUPPORTED_COMMANDS_BEFORE_QSTR.has(c))) {
+        ignored.push('qstr');
+      }
+
       const columnSuggestions = await getColumnsByType('any', [], {
         advanceCursor: true,
         openSuggestions: true,
       });
-      suggestions.push(...columnSuggestions, ...getFunctionSuggestions({ command: 'where' }));
+
+      suggestions.push(
+        ...columnSuggestions,
+        ...getFunctionSuggestions({ command: 'where', ignored })
+      );
 
       break;
   }
diff --git a/packages/kbn-esql-validation-autocomplete/src/code_actions/actions.test.ts b/packages/kbn-esql-validation-autocomplete/src/code_actions/actions.test.ts
index 4563379642767..665c3df0df060 100644
--- a/packages/kbn-esql-validation-autocomplete/src/code_actions/actions.test.ts
+++ b/packages/kbn-esql-validation-autocomplete/src/code_actions/actions.test.ts
@@ -15,6 +15,7 @@ import type { CodeActionOptions } from './types';
 import type { ESQLRealField } from '../validation/types';
 import type { FieldType } from '../definitions/types';
 import type { ESQLCallbacks, PartialFieldsMetadataClient } from '../shared/types';
+import { FULL_TEXT_SEARCH_FUNCTIONS } from '../shared/constants';
 
 function getCallbackMocks(): jest.Mocked<ESQLCallbacks> {
   return {
@@ -285,6 +286,16 @@ describe('quick fixes logic', () => {
       { relaxOnMissingCallbacks: false },
     ]) {
       for (const fn of getAllFunctions({ type: 'eval' })) {
+        if (FULL_TEXT_SEARCH_FUNCTIONS.includes(fn.name)) {
+          testQuickFixes(
+            `FROM index | WHERE ${BROKEN_PREFIX}${fn.name}()`,
+            [fn.name].map(toFunctionSignature),
+            { equalityCheck: 'include', ...options }
+          );
+        }
+      }
+      for (const fn of getAllFunctions({ type: 'eval' })) {
+        if (FULL_TEXT_SEARCH_FUNCTIONS.includes(fn.name)) continue;
         // add an A to the function name to make it invalid
         testQuickFixes(
           `FROM index | EVAL ${BROKEN_PREFIX}${fn.name}()`,
@@ -313,6 +324,8 @@ describe('quick fixes logic', () => {
         );
       }
       for (const fn of getAllFunctions({ type: 'agg' })) {
+        if (FULL_TEXT_SEARCH_FUNCTIONS.includes(fn.name)) continue;
+
         // add an A to the function name to make it invalid
         testQuickFixes(
           `FROM index | STATS ${BROKEN_PREFIX}${fn.name}()`,
diff --git a/packages/kbn-esql-validation-autocomplete/src/definitions/generated/scalar_functions.ts b/packages/kbn-esql-validation-autocomplete/src/definitions/generated/scalar_functions.ts
index 7e9019aeb905a..257753d036aa7 100644
--- a/packages/kbn-esql-validation-autocomplete/src/definitions/generated/scalar_functions.ts
+++ b/packages/kbn-esql-validation-autocomplete/src/definitions/generated/scalar_functions.ts
@@ -3259,6 +3259,7 @@ const matchDefinition: FunctionDefinition = {
           name: 'field',
           type: 'keyword',
           optional: false,
+          fieldsOnly: true,
         },
         {
           name: 'query',
@@ -3274,6 +3275,7 @@ const matchDefinition: FunctionDefinition = {
           name: 'field',
           type: 'keyword',
           optional: false,
+          fieldsOnly: true,
         },
         {
           name: 'query',
@@ -3289,6 +3291,7 @@ const matchDefinition: FunctionDefinition = {
           name: 'field',
           type: 'text',
           optional: false,
+          fieldsOnly: true,
         },
         {
           name: 'query',
@@ -3304,6 +3307,7 @@ const matchDefinition: FunctionDefinition = {
           name: 'field',
           type: 'text',
           optional: false,
+          fieldsOnly: true,
         },
         {
           name: 'query',
@@ -3314,8 +3318,8 @@ const matchDefinition: FunctionDefinition = {
       returnType: 'boolean',
     },
   ],
-  supportedCommands: ['stats', 'inlinestats', 'metrics', 'eval', 'where', 'row', 'sort'],
-  supportedOptions: ['by'],
+  supportedCommands: ['where'],
+  supportedOptions: [],
   validate: undefined,
   examples: [
     'from books \n| where match(author, "Faulkner")\n| keep book_no, author \n| sort book_no \n| limit 5;',
@@ -5912,6 +5916,7 @@ const qstrDefinition: FunctionDefinition = {
           name: 'query',
           type: 'keyword',
           optional: false,
+          fieldsOnly: true,
         },
       ],
       returnType: 'boolean',
@@ -5922,13 +5927,14 @@ const qstrDefinition: FunctionDefinition = {
           name: 'query',
           type: 'text',
           optional: false,
+          fieldsOnly: true,
         },
       ],
       returnType: 'boolean',
     },
   ],
-  supportedCommands: ['stats', 'inlinestats', 'metrics', 'eval', 'where', 'row', 'sort'],
-  supportedOptions: ['by'],
+  supportedCommands: ['where'],
+  supportedOptions: [],
   validate: undefined,
   examples: [
     'from books \n| where qstr("author: Faulkner")\n| keep book_no, author \n| sort book_no \n| limit 5;',
diff --git a/packages/kbn-esql-validation-autocomplete/src/definitions/types.ts b/packages/kbn-esql-validation-autocomplete/src/definitions/types.ts
index ba0a50c4a71b9..ce649acec5b44 100644
--- a/packages/kbn-esql-validation-autocomplete/src/definitions/types.ts
+++ b/packages/kbn-esql-validation-autocomplete/src/definitions/types.ts
@@ -8,6 +8,7 @@
  */
 
 import type {
+  ESQLAst,
   ESQLAstItem,
   ESQLCommand,
   ESQLCommandOption,
@@ -136,6 +137,10 @@ export interface FunctionDefinition {
        * though a function can be used to create the value. (e.g. now() for dates or concat() for strings)
        */
       constantOnly?: boolean;
+      /**
+       * Default to false. If set to true, this parameter does not accept a function or literal, only fields.
+       */
+      fieldsOnly?: boolean;
       /**
        * if provided this means that the value must be one
        * of the options in the array iff the value is a literal.
@@ -181,7 +186,8 @@ export interface CommandBaseDefinition<CommandName extends string> {
     columnExists: (column: string) => boolean,
     getSuggestedVariableName: () => string,
     getExpressionType: (expression: ESQLAstItem | undefined) => SupportedDataType | 'unknown',
-    getPreferences?: () => Promise<{ histogramBarTarget: number } | undefined>
+    getPreferences?: () => Promise<{ histogramBarTarget: number } | undefined>,
+    fullTextAst?: ESQLAst
   ) => Promise<SuggestionRawDefinition[]>;
   /** @deprecated this property will disappear in the future */
   signature: {
diff --git a/packages/kbn-esql-validation-autocomplete/src/shared/constants.ts b/packages/kbn-esql-validation-autocomplete/src/shared/constants.ts
index 1a9f382d32a6d..9e073e5329cac 100644
--- a/packages/kbn-esql-validation-autocomplete/src/shared/constants.ts
+++ b/packages/kbn-esql-validation-autocomplete/src/shared/constants.ts
@@ -16,3 +16,19 @@ export const DOUBLE_BACKTICK = '``';
 export const SINGLE_BACKTICK = '`';
 
 export const METADATA_FIELDS = ['_version', '_id', '_index', '_source', '_ignored', '_index_mode'];
+
+export const FULL_TEXT_SEARCH_FUNCTIONS = ['match', 'qstr'];
+export const UNSUPPORTED_COMMANDS_BEFORE_QSTR = new Set([
+  'show',
+  'row',
+  'dissect',
+  'enrich',
+  'eval',
+  'grok',
+  'keep',
+  'mv_expand',
+  'rename',
+  'stats',
+  'limit',
+]);
+export const UNSUPPORTED_COMMANDS_BEFORE_MATCH = new Set(['limit']);
diff --git a/packages/kbn-esql-validation-autocomplete/src/validation/__tests__/validation.functions.full_text.test.ts b/packages/kbn-esql-validation-autocomplete/src/validation/__tests__/validation.functions.full_text.test.ts
new file mode 100644
index 0000000000000..b7d962ffb4a42
--- /dev/null
+++ b/packages/kbn-esql-validation-autocomplete/src/validation/__tests__/validation.functions.full_text.test.ts
@@ -0,0 +1,78 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the "Elastic License
+ * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side
+ * Public License v 1"; you may not use this file except in compliance with, at
+ * your election, the "Elastic License 2.0", the "GNU Affero General Public
+ * License v3.0 only", or the "Server Side Public License, v 1".
+ */
+
+import { setup } from './helpers';
+
+describe('validation', () => {
+  describe('MATCH function', () => {
+    it('no error if valid', async () => {
+      const { expectErrors } = await setup();
+      await expectErrors('FROM index | WHERE MATCH(keywordField, "value") | LIMIT 10 ', []);
+      await expectErrors(
+        'FROM index | EVAL a=CONCAT(keywordField, "_") | WHERE MATCH(a, "value") | LIMIT 10 ',
+        []
+      );
+    });
+
+    it('shows errors if after incompatible commands ', async () => {
+      const { expectErrors } = await setup();
+      await expectErrors('FROM index | LIMIT 10 | WHERE MATCH(keywordField, "value")', [
+        '[MATCH] function cannot be used after LIMIT',
+      ]);
+
+      await expectErrors(`FROM index | EVAL MATCH(a, "value")`, [
+        'EVAL does not support function match',
+        '[MATCH] function is only supported in WHERE commands',
+      ]);
+    });
+
+    it('shows errors if argument is not an index field ', async () => {
+      const { expectErrors } = await setup();
+      await expectErrors(
+        'FROM index | LIMIT 10 | where MATCH(`kubernetes.something.something`, "value")',
+        [
+          'Argument of [match] must be [keyword], found value [kubernetes.something.something] type [double]',
+          '[MATCH] function cannot be used after LIMIT',
+        ]
+      );
+    });
+  });
+  describe('QSRT function', () => {
+    it('no error if valid', async () => {
+      const { expectErrors } = await setup();
+      await expectErrors('FROM index | WHERE QSTR("keywordField:value") | LIMIT 10 ', []);
+    });
+
+    it('shows errors if comes after incompatible functions or commands ', async () => {
+      const { expectErrors } = await setup();
+      await expectErrors('ROW a = 1, b = "two", c = null | WHERE QSTR("keywordField:value")', [
+        '[QSTR] function cannot be used after ROW',
+      ]);
+      for (const clause of [
+        { command: 'LIMIT', clause: 'LIMIT 10' },
+        { command: 'EVAL', clause: 'EVAL a=CONCAT(keywordField, "_")' },
+        { command: 'KEEP', clause: 'KEEP keywordField' },
+        { command: 'RENAME', clause: 'RENAME keywordField as a' },
+        { command: 'STATS', clause: 'STATS avg(doubleField) by keywordField' },
+      ]) {
+        await expectErrors(`FROM index | ${clause.clause} | WHERE QSTR("keywordField:value")`, [
+          `[QSTR] function cannot be used after ${clause.command}`,
+        ]);
+      }
+      await expectErrors(`FROM index | EVAL QSTR("keywordField:value")`, [
+        `EVAL does not support function qstr`,
+        '[QSTR] function cannot be used after EVAL',
+      ]);
+
+      await expectErrors(`FROM index | STATS avg(doubleField) by QSTR("keywordField:value")`, [
+        `STATS BY does not support function qstr`,
+      ]);
+    });
+  });
+});
diff --git a/packages/kbn-esql-validation-autocomplete/src/validation/errors.ts b/packages/kbn-esql-validation-autocomplete/src/validation/errors.ts
index 0f82d7fe4aad9..abf4db6e7fe69 100644
--- a/packages/kbn-esql-validation-autocomplete/src/validation/errors.ts
+++ b/packages/kbn-esql-validation-autocomplete/src/validation/errors.ts
@@ -190,6 +190,21 @@ function getMessageAndTypeFromId<K extends ErrorTypes>({
           }
         ),
       };
+    case 'fnUnsupportedAfterCommand':
+      return {
+        type: 'error',
+        message: i18n.translate(
+          'kbn-esql-validation-autocomplete.esql.validation.fnUnsupportedAfterCommand',
+          {
+            defaultMessage: '[{function}] function cannot be used after {command}',
+            values: {
+              function: out.function,
+              command: out.command,
+            },
+          }
+        ),
+      };
+
     case 'unknownInterval':
       return {
         message: i18n.translate(
@@ -418,6 +433,16 @@ function getMessageAndTypeFromId<K extends ErrorTypes>({
           }
         ),
       };
+    case 'onlyWhereCommandSupported':
+      return {
+        message: i18n.translate(
+          'kbn-esql-validation-autocomplete.esql.validation.onlyWhereCommandSupported',
+          {
+            defaultMessage: '[{fn}] function is only supported in WHERE commands',
+            values: { fn: out.fn.toUpperCase() },
+          }
+        ),
+      };
   }
   return { message: '' };
 }
diff --git a/packages/kbn-esql-validation-autocomplete/src/validation/types.ts b/packages/kbn-esql-validation-autocomplete/src/validation/types.ts
index 7aac9f16ad032..2beffbfa26425 100644
--- a/packages/kbn-esql-validation-autocomplete/src/validation/types.ts
+++ b/packages/kbn-esql-validation-autocomplete/src/validation/types.ts
@@ -160,6 +160,10 @@ export interface ValidationErrors {
     message: string;
     type: { command: string; value: string; expected: string };
   };
+  fnUnsupportedAfterCommand: {
+    message: string;
+    type: { function: string; command: string };
+  };
   expectedConstant: {
     message: string;
     type: { fn: string; given: string };
@@ -196,6 +200,10 @@ export interface ValidationErrors {
       nestedAgg: string;
     };
   };
+  onlyWhereCommandSupported: {
+    message: string;
+    type: { fn: string };
+  };
 }
 
 export type ErrorTypes = keyof ValidationErrors;
diff --git a/packages/kbn-esql-validation-autocomplete/src/validation/validation.ts b/packages/kbn-esql-validation-autocomplete/src/validation/validation.ts
index b43a9e5c336b5..b4d095e2c0442 100644
--- a/packages/kbn-esql-validation-autocomplete/src/validation/validation.ts
+++ b/packages/kbn-esql-validation-autocomplete/src/validation/validation.ts
@@ -10,6 +10,7 @@
 import uniqBy from 'lodash/uniqBy';
 import {
   AstProviderFn,
+  ESQLAst,
   ESQLAstItem,
   ESQLAstMetricsCommand,
   ESQLColumn,
@@ -79,9 +80,14 @@ import {
 } from './resources';
 import { collapseWrongArgumentTypeMessages, getMaxMinNumberOfParams } from './helpers';
 import { getParamAtPosition } from '../shared/helpers';
-import { METADATA_FIELDS } from '../shared/constants';
+import {
+  METADATA_FIELDS,
+  UNSUPPORTED_COMMANDS_BEFORE_MATCH,
+  UNSUPPORTED_COMMANDS_BEFORE_QSTR,
+} from '../shared/constants';
 import { compareTypesWithLiterals } from '../shared/esql_types';
 
+const NO_MESSAGE: ESQLMessage[] = [];
 function validateFunctionLiteralArg(
   astFunction: ESQLFunction,
   actualArg: ESQLAstItem,
@@ -320,27 +326,146 @@ function removeInlineCasts(arg: ESQLAstItem): ESQLAstItem {
   return arg;
 }
 
-function validateFunction(
+function validateIfHasUnsupportedCommandPrior(
   fn: ESQLFunction,
-  parentCommand: string,
-  parentOption: string | undefined,
-  references: ReferenceMaps,
-  forceConstantOnly: boolean = false,
-  isNested?: boolean
-): ESQLMessage[] {
+  parentAst: ESQLCommand[] = [],
+  unsupportedCommands: Set<string>,
+  currentCommandIndex?: number
+) {
+  if (currentCommandIndex === undefined) {
+    return NO_MESSAGE;
+  }
+  const unsupportedCommandsPrior = parentAst.filter(
+    (cmd, idx) => idx <= currentCommandIndex && unsupportedCommands.has(cmd.name)
+  );
+
+  if (unsupportedCommandsPrior.length > 0) {
+    return [
+      getMessageFromId({
+        messageId: 'fnUnsupportedAfterCommand',
+        values: {
+          function: fn.name.toUpperCase(),
+          command: unsupportedCommandsPrior[0].name.toUpperCase(),
+        },
+        locations: fn.location,
+      }),
+    ];
+  }
+  return NO_MESSAGE;
+}
+
+const validateMatchFunction: FunctionValidator = ({
+  fn,
+  parentCommand,
+  parentOption,
+  references,
+  forceConstantOnly = false,
+  isNested,
+  parentAst,
+  currentCommandIndex,
+}) => {
+  if (fn.name === 'match') {
+    if (parentCommand !== 'where') {
+      return [
+        getMessageFromId({
+          messageId: 'onlyWhereCommandSupported',
+          values: { fn: fn.name },
+          locations: fn.location,
+        }),
+      ];
+    }
+    return validateIfHasUnsupportedCommandPrior(
+      fn,
+      parentAst,
+      UNSUPPORTED_COMMANDS_BEFORE_MATCH,
+      currentCommandIndex
+    );
+  }
+  return NO_MESSAGE;
+};
+
+type FunctionValidator = (args: {
+  fn: ESQLFunction;
+  parentCommand: string;
+  parentOption?: string;
+  references: ReferenceMaps;
+  forceConstantOnly?: boolean;
+  isNested?: boolean;
+  parentAst?: ESQLCommand[];
+  currentCommandIndex?: number;
+}) => ESQLMessage[];
+
+const validateQSTRFunction: FunctionValidator = ({
+  fn,
+  parentCommand,
+  parentOption,
+  references,
+  forceConstantOnly = false,
+  isNested,
+  parentAst,
+  currentCommandIndex,
+}) => {
+  if (fn.name === 'qstr') {
+    return validateIfHasUnsupportedCommandPrior(
+      fn,
+      parentAst,
+      UNSUPPORTED_COMMANDS_BEFORE_QSTR,
+      currentCommandIndex
+    );
+  }
+  return NO_MESSAGE;
+};
+
+const textSearchFunctionsValidators: Record<string, FunctionValidator> = {
+  match: validateMatchFunction,
+  qstr: validateQSTRFunction,
+};
+
+function validateFunction({
+  fn,
+  parentCommand,
+  parentOption,
+  references,
+  forceConstantOnly = false,
+  isNested,
+  parentAst,
+  currentCommandIndex,
+}: {
+  fn: ESQLFunction;
+  parentCommand: string;
+  parentOption?: string;
+  references: ReferenceMaps;
+  forceConstantOnly?: boolean;
+  isNested?: boolean;
+  parentAst?: ESQLCommand[];
+  currentCommandIndex?: number;
+}): ESQLMessage[] {
   const messages: ESQLMessage[] = [];
 
   if (fn.incomplete) {
     return messages;
   }
-
   if (isFunctionOperatorParam(fn)) {
     return messages;
   }
-
   const fnDefinition = getFunctionDefinition(fn.name)!;
+
   const isFnSupported = isSupportedFunction(fn.name, parentCommand, parentOption);
 
+  if (typeof textSearchFunctionsValidators[fn.name] === 'function') {
+    const validator = textSearchFunctionsValidators[fn.name];
+    messages.push(
+      ...validator({
+        fn,
+        parentCommand,
+        parentOption,
+        references,
+        isNested,
+        parentAst,
+        currentCommandIndex,
+      })
+    );
+  }
   if (!isFnSupported.supported) {
     if (isFnSupported.reason === 'unknownFunction') {
       messages.push(errors.unknownFunction(fn));
@@ -430,8 +555,8 @@ function validateFunction(
       const subArg = removeInlineCasts(_subArg);
 
       if (isFunctionItem(subArg)) {
-        const messagesFromArg = validateFunction(
-          subArg,
+        const messagesFromArg = validateFunction({
+          fn: subArg,
           parentCommand,
           parentOption,
           references,
@@ -450,13 +575,14 @@ function validateFunction(
            * Because of this, the abs function's arguments inherit the constraint
            * and each should be validated as if each were constantOnly.
            */
-          allMatchingArgDefinitionsAreConstantOnly || forceConstantOnly,
+          forceConstantOnly: allMatchingArgDefinitionsAreConstantOnly || forceConstantOnly,
           // use the nesting flag for now just for stats and metrics
           // TODO: revisit this part later on to make it more generic
-          ['stats', 'inlinestats', 'metrics'].includes(parentCommand)
+          isNested: ['stats', 'inlinestats', 'metrics'].includes(parentCommand)
             ? isNested || !isAssignment(fn)
-            : false
-        );
+            : false,
+          parentAst,
+        });
 
         if (messagesFromArg.some(({ code }) => code === 'expectedConstant')) {
           const consolidatedMessage = getMessageFromId({
@@ -668,7 +794,14 @@ const validateAggregates = (
 
   for (const aggregate of aggregates) {
     if (isFunctionItem(aggregate)) {
-      messages.push(...validateFunction(aggregate, command.name, undefined, references));
+      messages.push(
+        ...validateFunction({
+          fn: aggregate,
+          parentCommand: command.name,
+          parentOption: undefined,
+          references,
+        })
+      );
 
       let hasAggregationFunction = false;
 
@@ -742,7 +875,14 @@ const validateByGrouping = (
           messages.push(...validateColumnForCommand(field, commandName, referenceMaps));
         }
         if (isFunctionItem(field)) {
-          messages.push(...validateFunction(field, commandName, 'by', referenceMaps));
+          messages.push(
+            ...validateFunction({
+              fn: field,
+              parentCommand: commandName,
+              parentOption: 'by',
+              references: referenceMaps,
+            })
+          );
         }
       }
     }
@@ -788,7 +928,14 @@ function validateOption(
             messages.push(...validateColumnForCommand(arg, command.name, referenceMaps));
           }
           if (isFunctionItem(arg)) {
-            messages.push(...validateFunction(arg, command.name, option.name, referenceMaps));
+            messages.push(
+              ...validateFunction({
+                fn: arg,
+                parentCommand: command.name,
+                parentOption: option.name,
+                references: referenceMaps,
+              })
+            );
           }
         }
       }
@@ -957,7 +1104,12 @@ const validateMetricsCommand = (
   return messages;
 };
 
-function validateCommand(command: ESQLCommand, references: ReferenceMaps): ESQLMessage[] {
+function validateCommand(
+  command: ESQLCommand,
+  references: ReferenceMaps,
+  ast: ESQLAst,
+  currentCommandIndex: number
+): ESQLMessage[] {
   const messages: ESQLMessage[] = [];
   if (command.incomplete) {
     return messages;
@@ -981,7 +1133,16 @@ function validateCommand(command: ESQLCommand, references: ReferenceMaps): ESQLM
         const wrappedArg = Array.isArray(commandArg) ? commandArg : [commandArg];
         for (const arg of wrappedArg) {
           if (isFunctionItem(arg)) {
-            messages.push(...validateFunction(arg, command.name, undefined, references));
+            messages.push(
+              ...validateFunction({
+                fn: arg,
+                parentCommand: command.name,
+                parentOption: undefined,
+                references,
+                parentAst: ast,
+                currentCommandIndex,
+              })
+            );
           }
 
           if (isSettingItem(arg)) {
@@ -1058,6 +1219,7 @@ function validateFieldsShadowing(
       }
     }
   }
+
   return messages;
 }
 
@@ -1153,6 +1315,7 @@ async function validateAst(
   const messages: ESQLMessage[] = [];
 
   const parsingResult = await astProvider(queryString);
+
   const { ast } = parsingResult;
 
   const [sources, availableFields, availablePolicies] = await Promise.all([
@@ -1189,7 +1352,7 @@ async function validateAst(
   messages.push(...validateFieldsShadowing(availableFields, variables));
   messages.push(...validateUnsupportedTypeFields(availableFields));
 
-  for (const command of ast) {
+  for (const [index, command] of ast.entries()) {
     const references: ReferenceMaps = {
       sources,
       fields: availableFields,
@@ -1197,7 +1360,7 @@ async function validateAst(
       variables,
       query: queryString,
     };
-    const commandMessages = validateCommand(command, references);
+    const commandMessages = validateCommand(command, references, ast, index);
     messages.push(...commandMessages);
   }
 
diff --git a/packages/kbn-field-utils/index.ts b/packages/kbn-field-utils/index.ts
index ae77f0d1524fd..d3ce774177dcc 100644
--- a/packages/kbn-field-utils/index.ts
+++ b/packages/kbn-field-utils/index.ts
@@ -25,6 +25,7 @@ export {
   comboBoxFieldOptionMatcher,
   getFieldSearchMatchingHighlight,
 } from './src/utils/field_name_wildcard_matcher';
+export { fieldSupportsBreakdown } from './src/utils/field_supports_breakdown';
 
 export { FieldIcon, type FieldIconProps, getFieldIconProps } from './src/components/field_icon';
 export { FieldDescription, type FieldDescriptionProps } from './src/components/field_description';
diff --git a/src/plugins/unified_histogram/public/utils/field_supports_breakdown.test.ts b/packages/kbn-field-utils/src/utils/field_supports_breakdown.test.ts
similarity index 100%
rename from src/plugins/unified_histogram/public/utils/field_supports_breakdown.test.ts
rename to packages/kbn-field-utils/src/utils/field_supports_breakdown.test.ts
diff --git a/src/plugins/unified_histogram/public/utils/field_supports_breakdown.ts b/packages/kbn-field-utils/src/utils/field_supports_breakdown.ts
similarity index 65%
rename from src/plugins/unified_histogram/public/utils/field_supports_breakdown.ts
rename to packages/kbn-field-utils/src/utils/field_supports_breakdown.ts
index 12fdfbf20aa3b..3177d40012b57 100644
--- a/src/plugins/unified_histogram/public/utils/field_supports_breakdown.ts
+++ b/packages/kbn-field-utils/src/utils/field_supports_breakdown.ts
@@ -7,12 +7,18 @@
  * License v3.0 only", or the "Server Side Public License, v 1".
  */
 
-import { DataViewField } from '@kbn/data-views-plugin/public';
+import { type DataViewField } from '@kbn/data-views-plugin/common';
+import { KNOWN_FIELD_TYPES } from './field_types';
 
-const supportedTypes = new Set(['string', 'boolean', 'number', 'ip']);
+const supportedTypes = new Set([
+  KNOWN_FIELD_TYPES.STRING,
+  KNOWN_FIELD_TYPES.BOOLEAN,
+  KNOWN_FIELD_TYPES.NUMBER,
+  KNOWN_FIELD_TYPES.IP,
+]);
 
 export const fieldSupportsBreakdown = (field: DataViewField) =>
-  supportedTypes.has(field.type) &&
+  supportedTypes.has(field.type as KNOWN_FIELD_TYPES) &&
   field.aggregatable &&
   !field.scripted &&
   field.timeSeriesMetric !== 'counter';
diff --git a/packages/kbn-flot-charts/lib/jquery_flot.js b/packages/kbn-flot-charts/lib/jquery_flot.js
index 3b13b317c616c..3087a59acdf77 100644
--- a/packages/kbn-flot-charts/lib/jquery_flot.js
+++ b/packages/kbn-flot-charts/lib/jquery_flot.js
@@ -2711,110 +2711,135 @@ Licensed under the MIT license.
 
         function insertLegend() {
 
-            if (options.legend.container != null) {
-                $(options.legend.container).html("");
-            } else {
-                placeholder.find(".legend").remove();
-            }
-
-            if (!options.legend.show) {
-                return;
-            }
-
-            var fragments = [], entries = [], rowStarted = false,
-                lf = options.legend.labelFormatter, s, label;
-
-            // Build a list of legend entries, with each having a label and a color
-
-            for (var i = 0; i < series.length; ++i) {
-                s = series[i];
-                if (s.label) {
-                    label = lf ? lf(s.label, s) : s.label;
-                    if (label) {
-                        entries.push({
-                            label: label,
-                            color: s.color
-                        });
-                    }
-                }
-            }
-
-            // Sort the legend using either the default or a custom comparator
-
-            if (options.legend.sorted) {
-                if ($.isFunction(options.legend.sorted)) {
-                    entries.sort(options.legend.sorted);
-                } else if (options.legend.sorted == "reverse") {
-                	entries.reverse();
-                } else {
-                    var ascending = options.legend.sorted != "descending";
-                    entries.sort(function(a, b) {
-                        return a.label == b.label ? 0 : (
-                            ((a.label < b.label) != ascending ? 1 : -1)   // Logical XOR
-                        );
-                    });
-                }
-            }
-
-            // Generate markup for the list of entries, in their final order
-
-            for (var i = 0; i < entries.length; ++i) {
-
-                var entry = entries[i];
-
-                if (i % options.legend.noColumns == 0) {
-                    if (rowStarted)
-                        fragments.push('</tr>');
-                    fragments.push('<tr>');
-                    rowStarted = true;
-                }
-
-                fragments.push(
-                    '<td class="legendColorBox"><div style="border:1px solid ' + options.legend.labelBoxBorderColor + ';padding:1px"><div style="width:4px;height:0;border:5px solid ' + entry.color + ';overflow:hidden"></div></div></td>' +
-                    '<td class="legendLabel" data-test-subj="flotLegendLabel">' + entry.label + '</td>'
-                );
-            }
-
-            if (rowStarted)
-                fragments.push('</tr>');
-
-            if (fragments.length == 0)
-                return;
-
-            var table = '<table style="font-size:smaller;color:' + options.grid.color + '">' + fragments.join("") + '</table>';
-            if (options.legend.container != null)
-                $(options.legend.container).html(table);
-            else {
-                var pos = "",
-                    p = options.legend.position,
-                    m = options.legend.margin;
-                if (m[0] == null)
-                    m = [m, m];
-                if (p.charAt(0) == "n")
-                    pos += 'top:' + (m[1] + plotOffset.top) + 'px;';
-                else if (p.charAt(0) == "s")
-                    pos += 'bottom:' + (m[1] + plotOffset.bottom) + 'px;';
-                if (p.charAt(1) == "e")
-                    pos += 'right:' + (m[0] + plotOffset.right) + 'px;';
-                else if (p.charAt(1) == "w")
-                    pos += 'left:' + (m[0] + plotOffset.left) + 'px;';
-                var legend = $('<div class="legend">' + table.replace('style="', 'style="position:absolute;' + pos +';') + '</div>').appendTo(placeholder);
-                if (options.legend.backgroundOpacity != 0.0) {
-                    // put in the transparent background
-                    // separately to avoid blended labels and
-                    // label boxes
-                    var c = options.legend.backgroundColor;
-                    if (c == null) {
-                        c = options.grid.backgroundColor;
-                        if (c && typeof c == "string")
-                            c = $.color.parse(c);
-                        else
-                            c = $.color.extract(legend, 'background-color');
-                        c.a = 1;
-                        c = c.toString();
-                    }
-                    var div = legend.children();
-                    $('<div style="position:absolute;width:' + div.width() + 'px;height:' + div.height() + 'px;' + pos +'background-color:' + c + ';"> </div>').prependTo(legend).css('opacity', options.legend.backgroundOpacity);
+          if (options.legend.container != null) {
+              $.find(options.legend.container).html("");
+          } else {
+              placeholder.find(".legend").remove();
+          }
+
+          if (!options.legend.show) {
+              return;
+          }
+
+          var entries = [], lf = options.legend.labelFormatter, s, label, i;
+
+          // Build a list of legend entries, with each having a label and a color
+          for (i = 0; i < series.length; ++i) {
+              s = series[i];
+              if (s.label) {
+                  label = lf ? lf(s.label, s) : s.label;
+                  if (label) {
+                      entries.push({
+                          label: label,
+                          color: s.color
+                      });
+                  }
+              }
+          }
+
+          // No entries implies no legend
+          if (entries.length === 0) {
+              return;
+          }
+
+          // Sort the legend using either the default or a custom comparator
+          if (options.legend.sorted) {
+              if ($.isFunction(options.legend.sorted)) {
+                  entries.sort(options.legend.sorted);
+              } else if (options.legend.sorted === "reverse") {
+                  entries.reverse();
+              } else {
+                  var ascending = options.legend.sorted !== "descending";
+                  entries.sort(function(a, b) {
+                      return a.label === b.label ? 0 : (
+                          (a.label < b.label) !== ascending ? 1 : -1   // Logical XOR
+                      );
+                  });
+              }
+          }
+
+          // Generate markup for the list of entries, in their final order
+          var table = $("<table></table>").css({
+              "font-size": "smaller",
+              "color": options.grid.color
+          }), rowBuffer = null;
+
+          for (i = 0; i < entries.length; ++i) {
+
+              var entry = entries[i];
+
+              if (i % options.legend.noColumns === 0) {
+                  if (rowBuffer !== null) {
+                      table.append(rowBuffer);
+                  }
+                  rowBuffer = $("<tr></tr>");
+              }
+
+              var colorbox = $("<div></div>").css({
+                  "width": "4px",
+                  "height": 0,
+                  "border": "5px solid " + entry.color,
+                  "overflow": "hidden"
+              }),
+
+              borderbox = $("<div></div>").css({
+                  "border": "1px solid " + options.legend.labelBoxBorderColor,
+                  "padding": "1px"
+              });
+
+              rowBuffer.append(
+                  $("<td></td>").addClass("legendColorBox").append(borderbox.append(colorbox)),
+                  $("<td></td>").addClass("legendLabel").html(entry.label)
+              );
+          }
+
+          table.append(rowBuffer);
+
+          if (options.legend.container != null) {
+              $(options.legend.container).html(table);
+          } else {
+              var pos = { "position": "absolute" },
+                  p = options.legend.position,
+                  m = options.legend.margin;
+              if (m[0] == null) {
+                  m = [m, m];
+              }
+              if (p.charAt(0) === "n") {
+                  pos.top = (m[1] + plotOffset.top) + "px";
+              } else if (p.charAt(0) === "s") {
+                  pos.bottom = (m[1] + plotOffset.bottom) + "px";
+              }
+              if (p.charAt(1) === "e") {
+                  pos.right = (m[0] + plotOffset.right) + "px";
+              } else if (p.charAt(1) === "w") {
+                  pos.left = (m[0] + plotOffset.left) + "px";
+              }
+              var legend = $("<div></div>").addClass("legend").append(table.css(pos)).appendTo(placeholder);
+              if (options.legend.backgroundOpacity !== 0.0) {
+
+                  // put in the transparent background
+                  // separately to avoid blended labels and
+                  // label boxes
+                  var c = options.legend.backgroundColor;
+                  if (c == null) {
+                      c = options.grid.backgroundColor;
+                      if (c && typeof c === "string") {
+                          c = $.color.parse(c);
+                      } else {
+                          c = $.color.extract(legend, "background-color");
+                      }
+                      c.a = 1;
+                      c = c.toString();
+                  }
+                  var div = legend.children();
+
+                  // Position also applies to this
+                  $("<div></div>").css(pos).css({
+                      "width": div.width() + "px",
+                      "height": div.height() + "px",
+                      "background-color": c,
+                      "opacity": options.legend.backgroundOpacity
+                  }).prependTo(legend);
                 }
             }
         }
diff --git a/packages/kbn-index-adapter/README.md b/packages/kbn-index-adapter/README.md
new file mode 100644
index 0000000000000..e3eb455c2e2cc
--- /dev/null
+++ b/packages/kbn-index-adapter/README.md
@@ -0,0 +1,59 @@
+# @kbn/index-adapter
+
+Utility library for Elasticsearch index management.
+
+## IndexAdapter
+
+Manage single index. Example:
+
+```
+// Setup
+const indexAdapter = new IndexAdapter('my-awesome-index', { kibanaVersion: '8.12.1' });
+
+indexAdapter.setComponentTemplate({
+    name: 'awesome-component-template',
+    fieldMap: {
+        'awesome.field1: { type: 'keyword', required: true },
+        'awesome.nested.field2: { type: 'number', required: false },
+        // ...
+    },
+});
+
+indexAdapter.setIndexTemplate({
+    name: 'awesome-index-template',
+    componentTemplateRefs: ['awesome-component-template', 'ecs-component-template'],
+});
+
+// Start
+await indexAdapter.install({ logger, esClient, pluginStop$ }); // Installs templates and the 'my-awesome-index' index, or updates existing.
+```
+
+
+## IndexPatternAdapter
+
+Manage index patterns. Example:
+
+```
+// Setup
+const indexPatternAdapter = new IndexPatternAdapter('my-awesome-index', { kibanaVersion: '8.12.1' });
+
+indexPatternAdapter.setComponentTemplate({
+    name: 'awesome-component-template',
+    fieldMap: {
+        'awesome.field1: { type: 'keyword', required: true },
+        'awesome.nested.field2: { type: 'number', required: false },
+        // ...
+    },
+});
+
+indexPatternAdapter.setIndexTemplate({
+    name: 'awesome-index-template',
+    componentTemplateRefs: ['awesome-component-template', 'ecs-component-template'],
+});
+
+// Start
+indexPatternAdapter.install({ logger, esClient, pluginStop$ }); // Installs/updates templates for the index pattern 'my-awesome-index-*', and updates mappings of all specific indices
+
+// Create a specific index on the fly
+await indexPatternAdapter.installIndex('12345'); // creates 'my-awesome-index-12345' index if it does not exist.
+```
diff --git a/packages/kbn-index-adapter/index.ts b/packages/kbn-index-adapter/index.ts
new file mode 100644
index 0000000000000..6956792135282
--- /dev/null
+++ b/packages/kbn-index-adapter/index.ts
@@ -0,0 +1,23 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the "Elastic License
+ * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side
+ * Public License v 1"; you may not use this file except in compliance with, at
+ * your election, the "Elastic License 2.0", the "GNU Affero General Public
+ * License v3.0 only", or the "Server Side Public License, v 1".
+ */
+
+export { IndexAdapter } from './src/index_adapter';
+export { IndexPatternAdapter, type InstallIndex } from './src/index_pattern_adapter';
+export { retryTransientEsErrors } from './src/retry_transient_es_errors';
+export { ecsFieldMap, type EcsFieldMap } from './src/field_maps/ecs_field_map';
+export { createOrUpdateIndexTemplate } from './src/create_or_update_index_template';
+export { createOrUpdateComponentTemplate } from './src/create_or_update_component_template';
+
+export type {
+  SetComponentTemplateParams,
+  SetIndexTemplateParams,
+  IndexAdapterParams,
+  InstallParams,
+} from './src/index_adapter';
+export * from './src/field_maps/types';
diff --git a/packages/kbn-index-adapter/jest.config.js b/packages/kbn-index-adapter/jest.config.js
new file mode 100644
index 0000000000000..bf08ec1526382
--- /dev/null
+++ b/packages/kbn-index-adapter/jest.config.js
@@ -0,0 +1,14 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the "Elastic License
+ * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side
+ * Public License v 1"; you may not use this file except in compliance with, at
+ * your election, the "Elastic License 2.0", the "GNU Affero General Public
+ * License v3.0 only", or the "Server Side Public License, v 1".
+ */
+
+module.exports = {
+  preset: '@kbn/test',
+  rootDir: '../..',
+  roots: ['<rootDir>/packages/kbn-index-adapter'],
+};
diff --git a/packages/kbn-index-adapter/kibana.jsonc b/packages/kbn-index-adapter/kibana.jsonc
new file mode 100644
index 0000000000000..575d95f5a3e39
--- /dev/null
+++ b/packages/kbn-index-adapter/kibana.jsonc
@@ -0,0 +1,6 @@
+{
+  "type": "shared-server",
+  "id": "@kbn/index-adapter",
+  "owner": "@elastic/security-threat-hunting",
+  "visibility": "shared"
+}
diff --git a/packages/kbn-index-adapter/package.json b/packages/kbn-index-adapter/package.json
new file mode 100644
index 0000000000000..70b79abe1b571
--- /dev/null
+++ b/packages/kbn-index-adapter/package.json
@@ -0,0 +1,7 @@
+{
+  "name": "@kbn/index-adapter",
+  "version": "1.0.0",
+  "description": "Utility library for Elasticsearch index management",
+  "license": "Elastic License 2.0 OR AGPL-3.0-only OR SSPL-1.0",
+  "private": true
+}
\ No newline at end of file
diff --git a/packages/kbn-data-stream-adapter/src/create_or_update_component_template.test.ts b/packages/kbn-index-adapter/src/create_or_update_component_template.test.ts
similarity index 100%
rename from packages/kbn-data-stream-adapter/src/create_or_update_component_template.test.ts
rename to packages/kbn-index-adapter/src/create_or_update_component_template.test.ts
diff --git a/packages/kbn-data-stream-adapter/src/create_or_update_component_template.ts b/packages/kbn-index-adapter/src/create_or_update_component_template.ts
similarity index 100%
rename from packages/kbn-data-stream-adapter/src/create_or_update_component_template.ts
rename to packages/kbn-index-adapter/src/create_or_update_component_template.ts
diff --git a/packages/kbn-index-adapter/src/create_or_update_index.test.ts b/packages/kbn-index-adapter/src/create_or_update_index.test.ts
new file mode 100644
index 0000000000000..6c32b183e1fda
--- /dev/null
+++ b/packages/kbn-index-adapter/src/create_or_update_index.test.ts
@@ -0,0 +1,166 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the "Elastic License
+ * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side
+ * Public License v 1"; you may not use this file except in compliance with, at
+ * your election, the "Elastic License 2.0", the "GNU Affero General Public
+ * License v3.0 only", or the "Server Side Public License, v 1".
+ */
+
+import { elasticsearchServiceMock, loggingSystemMock } from '@kbn/core/server/mocks';
+import { updateIndices, createIndex, createOrUpdateIndex } from './create_or_update_index';
+
+const logger = loggingSystemMock.createLogger();
+const esClient = elasticsearchServiceMock.createClusterClient().asInternalUser;
+
+esClient.indices.putMapping.mockResolvedValue({ acknowledged: true });
+esClient.indices.putSettings.mockResolvedValue({ acknowledged: true });
+
+const simulateIndexTemplateResponse = { template: { mappings: {}, settings: {}, aliases: {} } };
+esClient.indices.simulateIndexTemplate.mockResolvedValue(simulateIndexTemplateResponse);
+
+const name = 'test_index_name';
+const totalFieldsLimit = 1000;
+
+describe('updateIndices', () => {
+  beforeEach(() => {
+    jest.clearAllMocks();
+  });
+
+  it(`should update indices`, async () => {
+    const indexName = 'test_index_name-default';
+    esClient.indices.get.mockResolvedValueOnce({ [indexName]: {} });
+
+    await updateIndices({
+      esClient,
+      logger,
+      name,
+      totalFieldsLimit,
+    });
+
+    expect(esClient.indices.get).toHaveBeenCalledWith({
+      index: name,
+      expand_wildcards: 'all',
+    });
+
+    expect(esClient.indices.putSettings).toHaveBeenCalledWith({
+      index: indexName,
+      body: { 'index.mapping.total_fields.limit': totalFieldsLimit },
+    });
+    expect(esClient.indices.simulateIndexTemplate).toHaveBeenCalledWith({
+      name: indexName,
+    });
+    expect(esClient.indices.putMapping).toHaveBeenCalledWith({
+      index: indexName,
+      body: simulateIndexTemplateResponse.template.mappings,
+    });
+  });
+
+  it(`should update multiple indices`, async () => {
+    const indexName1 = 'test_index_name-1';
+    const indexName2 = 'test_index_name-2';
+    esClient.indices.get.mockResolvedValueOnce({ [indexName1]: {}, [indexName2]: {} });
+
+    await updateIndices({
+      esClient,
+      logger,
+      name,
+      totalFieldsLimit,
+    });
+
+    expect(esClient.indices.putSettings).toHaveBeenCalledTimes(2);
+    expect(esClient.indices.simulateIndexTemplate).toHaveBeenCalledTimes(2);
+    expect(esClient.indices.putMapping).toHaveBeenCalledTimes(2);
+  });
+
+  it(`should not update indices when not exist`, async () => {
+    esClient.indices.get.mockResolvedValueOnce({});
+
+    await updateIndices({
+      esClient,
+      logger,
+      name,
+      totalFieldsLimit,
+    });
+
+    expect(esClient.indices.putSettings).not.toHaveBeenCalled();
+    expect(esClient.indices.simulateIndexTemplate).not.toHaveBeenCalled();
+    expect(esClient.indices.putMapping).not.toHaveBeenCalled();
+  });
+});
+
+describe('createIndex', () => {
+  beforeEach(() => {
+    jest.clearAllMocks();
+  });
+
+  it(`should create index`, async () => {
+    esClient.indices.exists.mockResolvedValueOnce(false);
+
+    await createIndex({
+      esClient,
+      logger,
+      name,
+    });
+
+    expect(esClient.indices.exists).toHaveBeenCalledWith({ index: name, expand_wildcards: 'all' });
+    expect(esClient.indices.create).toHaveBeenCalledWith({ index: name });
+  });
+
+  it(`should not create index if already exists`, async () => {
+    esClient.indices.exists.mockResolvedValueOnce(true);
+
+    await createIndex({
+      esClient,
+      logger,
+      name,
+    });
+
+    expect(esClient.indices.exists).toHaveBeenCalledWith({ index: name, expand_wildcards: 'all' });
+    expect(esClient.indices.create).not.toHaveBeenCalled();
+  });
+});
+
+describe('createOrUpdateIndex', () => {
+  beforeEach(() => {
+    jest.clearAllMocks();
+  });
+
+  it(`should create index if not exists`, async () => {
+    esClient.indices.exists.mockResolvedValueOnce(false);
+
+    await createOrUpdateIndex({
+      esClient,
+      logger,
+      name,
+      totalFieldsLimit,
+    });
+
+    expect(esClient.indices.create).toHaveBeenCalledWith({ index: name });
+  });
+
+  it(`should update index if already exists`, async () => {
+    esClient.indices.exists.mockResolvedValueOnce(true);
+
+    await createOrUpdateIndex({
+      esClient,
+      logger,
+      name,
+      totalFieldsLimit,
+    });
+
+    expect(esClient.indices.exists).toHaveBeenCalledWith({ index: name, expand_wildcards: 'all' });
+
+    expect(esClient.indices.putSettings).toHaveBeenCalledWith({
+      index: name,
+      body: { 'index.mapping.total_fields.limit': totalFieldsLimit },
+    });
+    expect(esClient.indices.simulateIndexTemplate).toHaveBeenCalledWith({
+      name,
+    });
+    expect(esClient.indices.putMapping).toHaveBeenCalledWith({
+      index: name,
+      body: simulateIndexTemplateResponse.template.mappings,
+    });
+  });
+});
diff --git a/packages/kbn-index-adapter/src/create_or_update_index.ts b/packages/kbn-index-adapter/src/create_or_update_index.ts
new file mode 100644
index 0000000000000..ff825c61305b7
--- /dev/null
+++ b/packages/kbn-index-adapter/src/create_or_update_index.ts
@@ -0,0 +1,237 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the "Elastic License
+ * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side
+ * Public License v 1"; you may not use this file except in compliance with, at
+ * your election, the "Elastic License 2.0", the "GNU Affero General Public
+ * License v3.0 only", or the "Server Side Public License, v 1".
+ */
+
+import type { IndexName } from '@elastic/elasticsearch/lib/api/types';
+import type { IndicesSimulateIndexTemplateResponse } from '@elastic/elasticsearch/lib/api/typesWithBodyKey';
+import type { Logger, ElasticsearchClient } from '@kbn/core/server';
+import { get } from 'lodash';
+import { retryTransientEsErrors } from './retry_transient_es_errors';
+
+interface UpdateIndexMappingsOpts {
+  logger: Logger;
+  esClient: ElasticsearchClient;
+  indexNames: string[];
+  totalFieldsLimit: number;
+}
+
+interface UpdateIndexOpts {
+  logger: Logger;
+  esClient: ElasticsearchClient;
+  indexName: string;
+  totalFieldsLimit: number;
+}
+
+const updateTotalFieldLimitSetting = async ({
+  logger,
+  esClient,
+  indexName,
+  totalFieldsLimit,
+}: UpdateIndexOpts) => {
+  logger.debug(`Updating total field limit setting for ${indexName} data stream.`);
+
+  try {
+    const body = { 'index.mapping.total_fields.limit': totalFieldsLimit };
+    await retryTransientEsErrors(() => esClient.indices.putSettings({ index: indexName, body }), {
+      logger,
+    });
+  } catch (err) {
+    logger.error(
+      `Failed to PUT index.mapping.total_fields.limit settings for ${indexName}: ${err.message}`
+    );
+    throw err;
+  }
+};
+
+// This will update the mappings but *not* the settings. This
+// is due to the fact settings can be classed as dynamic and static, and static
+// updates will fail on an index that isn't closed. New settings *will* be applied as part
+// of the ILM policy rollovers. More info: https://github.com/elastic/kibana/pull/113389#issuecomment-940152654
+const updateMapping = async ({ logger, esClient, indexName }: UpdateIndexOpts) => {
+  logger.debug(`Updating mappings for ${indexName} data stream.`);
+
+  let simulatedIndexMapping: IndicesSimulateIndexTemplateResponse;
+  try {
+    simulatedIndexMapping = await retryTransientEsErrors(
+      () => esClient.indices.simulateIndexTemplate({ name: indexName }),
+      { logger }
+    );
+  } catch (err) {
+    logger.error(
+      `Ignored PUT mappings for ${indexName}; error generating simulated mappings: ${err.message}`
+    );
+    return;
+  }
+
+  const simulatedMapping = get(simulatedIndexMapping, ['template', 'mappings']);
+
+  if (simulatedMapping == null) {
+    logger.error(`Ignored PUT mappings for ${indexName}; simulated mappings were empty`);
+    return;
+  }
+
+  try {
+    await retryTransientEsErrors(
+      () => esClient.indices.putMapping({ index: indexName, body: simulatedMapping }),
+      { logger }
+    );
+  } catch (err) {
+    logger.error(`Failed to PUT mapping for ${indexName}: ${err.message}`);
+    throw err;
+  }
+};
+/**
+ * Updates the data stream mapping and total field limit setting
+ */
+const updateIndexMappings = async ({
+  logger,
+  esClient,
+  totalFieldsLimit,
+  indexNames,
+}: UpdateIndexMappingsOpts) => {
+  // Update total field limit setting of found indices
+  // Other index setting changes are not updated at this time
+  await Promise.all(
+    indexNames.map((indexName) =>
+      updateTotalFieldLimitSetting({ logger, esClient, totalFieldsLimit, indexName })
+    )
+  );
+  // Update mappings of the found indices.
+  await Promise.all(
+    indexNames.map((indexName) => updateMapping({ logger, esClient, totalFieldsLimit, indexName }))
+  );
+};
+
+export interface CreateOrUpdateIndexParams {
+  name: string;
+  logger: Logger;
+  esClient: ElasticsearchClient;
+  totalFieldsLimit: number;
+}
+
+export async function createOrUpdateIndex({
+  logger,
+  esClient,
+  name,
+  totalFieldsLimit,
+}: CreateOrUpdateIndexParams): Promise<void> {
+  logger.info(`Creating index - ${name}`);
+
+  // check if index exists
+  let indexExists = false;
+  try {
+    indexExists = await retryTransientEsErrors(
+      () => esClient.indices.exists({ index: name, expand_wildcards: 'all' }),
+      { logger }
+    );
+  } catch (error) {
+    if (error?.statusCode !== 404) {
+      logger.error(`Error fetching index for ${name} - ${error.message}`);
+      throw error;
+    }
+  }
+
+  // if a index exists, update the underlying mapping
+  if (indexExists) {
+    await updateIndexMappings({
+      logger,
+      esClient,
+      indexNames: [name],
+      totalFieldsLimit,
+    });
+  } else {
+    try {
+      await retryTransientEsErrors(() => esClient.indices.create({ index: name }), { logger });
+    } catch (error) {
+      if (error?.meta?.body?.error?.type !== 'resource_already_exists_exception') {
+        logger.error(`Error creating index ${name} - ${error.message}`);
+        throw error;
+      }
+    }
+  }
+}
+
+export interface CreateIndexParams {
+  name: string;
+  logger: Logger;
+  esClient: ElasticsearchClient;
+}
+
+export async function createIndex({ logger, esClient, name }: CreateIndexParams): Promise<void> {
+  logger.debug(`Checking existence of index - ${name}`);
+
+  // check if index exists
+  let indexExists = false;
+  try {
+    indexExists = await retryTransientEsErrors(
+      () => esClient.indices.exists({ index: name, expand_wildcards: 'all' }),
+      {
+        logger,
+      }
+    );
+  } catch (error) {
+    if (error?.statusCode !== 404) {
+      logger.error(`Error fetching index for ${name} - ${error.message}`);
+      throw error;
+    }
+  }
+
+  // return if index already created
+  if (indexExists) {
+    return;
+  }
+
+  logger.info(`Creating index - ${name}`);
+  try {
+    await retryTransientEsErrors(() => esClient.indices.create({ index: name }), { logger });
+  } catch (error) {
+    if (error?.meta?.body?.error?.type !== 'resource_already_exists_exception') {
+      logger.error(`Error creating index ${name} - ${error.message}`);
+      throw error;
+    }
+  }
+}
+
+export interface CreateOrUpdateSpacesIndexParams {
+  name: string;
+  logger: Logger;
+  esClient: ElasticsearchClient;
+  totalFieldsLimit: number;
+}
+
+export async function updateIndices({
+  logger,
+  esClient,
+  name,
+  totalFieldsLimit,
+}: CreateOrUpdateSpacesIndexParams): Promise<void> {
+  logger.info(`Updating indices - ${name}`);
+
+  // check if data stream exists
+  let indices: IndexName[] = [];
+  try {
+    const response = await retryTransientEsErrors(
+      () => esClient.indices.get({ index: name, expand_wildcards: 'all' }),
+      { logger }
+    );
+    indices = Object.keys(response);
+  } catch (error) {
+    if (error?.statusCode !== 404) {
+      logger.error(`Error fetching indices for ${name} - ${error.message}`);
+      throw error;
+    }
+  }
+  if (indices.length > 0) {
+    await updateIndexMappings({
+      logger,
+      esClient,
+      totalFieldsLimit,
+      indexNames: indices,
+    });
+  }
+}
diff --git a/packages/kbn-data-stream-adapter/src/create_or_update_index_template.test.ts b/packages/kbn-index-adapter/src/create_or_update_index_template.test.ts
similarity index 100%
rename from packages/kbn-data-stream-adapter/src/create_or_update_index_template.test.ts
rename to packages/kbn-index-adapter/src/create_or_update_index_template.test.ts
diff --git a/packages/kbn-data-stream-adapter/src/create_or_update_index_template.ts b/packages/kbn-index-adapter/src/create_or_update_index_template.ts
similarity index 100%
rename from packages/kbn-data-stream-adapter/src/create_or_update_index_template.ts
rename to packages/kbn-index-adapter/src/create_or_update_index_template.ts
diff --git a/packages/kbn-data-stream-adapter/src/field_maps/ecs_field_map.ts b/packages/kbn-index-adapter/src/field_maps/ecs_field_map.ts
similarity index 100%
rename from packages/kbn-data-stream-adapter/src/field_maps/ecs_field_map.ts
rename to packages/kbn-index-adapter/src/field_maps/ecs_field_map.ts
diff --git a/packages/kbn-data-stream-adapter/src/field_maps/mapping_from_field_map.test.ts b/packages/kbn-index-adapter/src/field_maps/mapping_from_field_map.test.ts
similarity index 100%
rename from packages/kbn-data-stream-adapter/src/field_maps/mapping_from_field_map.test.ts
rename to packages/kbn-index-adapter/src/field_maps/mapping_from_field_map.test.ts
diff --git a/packages/kbn-data-stream-adapter/src/field_maps/mapping_from_field_map.ts b/packages/kbn-index-adapter/src/field_maps/mapping_from_field_map.ts
similarity index 100%
rename from packages/kbn-data-stream-adapter/src/field_maps/mapping_from_field_map.ts
rename to packages/kbn-index-adapter/src/field_maps/mapping_from_field_map.ts
diff --git a/packages/kbn-data-stream-adapter/src/field_maps/types.ts b/packages/kbn-index-adapter/src/field_maps/types.ts
similarity index 100%
rename from packages/kbn-data-stream-adapter/src/field_maps/types.ts
rename to packages/kbn-index-adapter/src/field_maps/types.ts
diff --git a/packages/kbn-index-adapter/src/index_adapter.ts b/packages/kbn-index-adapter/src/index_adapter.ts
new file mode 100644
index 0000000000000..eef2ce529d78a
--- /dev/null
+++ b/packages/kbn-index-adapter/src/index_adapter.ts
@@ -0,0 +1,158 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the "Elastic License
+ * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side
+ * Public License v 1"; you may not use this file except in compliance with, at
+ * your election, the "Elastic License 2.0", the "GNU Affero General Public
+ * License v3.0 only", or the "Server Side Public License, v 1".
+ */
+
+import type {
+  ClusterPutComponentTemplateRequest,
+  IndicesPutIndexTemplateRequest,
+} from '@elastic/elasticsearch/lib/api/types';
+import type { Logger, ElasticsearchClient } from '@kbn/core/server';
+import type { Subject } from 'rxjs';
+import { createOrUpdateComponentTemplate } from './create_or_update_component_template';
+import { createOrUpdateIndex } from './create_or_update_index';
+import { createOrUpdateIndexTemplate } from './create_or_update_index_template';
+import { InstallShutdownError, installWithTimeout } from './install_with_timeout';
+import {
+  getComponentTemplate,
+  getIndexTemplate,
+  type GetComponentTemplateOpts,
+  type GetIndexTemplateOpts,
+} from './resource_installer_utils';
+
+export interface IndexAdapterParams {
+  kibanaVersion: string;
+  totalFieldsLimit?: number;
+}
+export type SetComponentTemplateParams = GetComponentTemplateOpts;
+export type SetIndexTemplateParams = Omit<
+  GetIndexTemplateOpts,
+  'indexPatterns' | 'kibanaVersion' | 'totalFieldsLimit'
+>;
+export interface GetInstallFnParams {
+  logger: Logger;
+  pluginStop$: Subject<void>;
+  tasksTimeoutMs?: number;
+}
+export interface InstallParams {
+  logger: Logger;
+  esClient: ElasticsearchClient | Promise<ElasticsearchClient>;
+  pluginStop$: Subject<void>;
+  tasksTimeoutMs?: number;
+}
+
+const DEFAULT_FIELDS_LIMIT = 2500;
+
+export class IndexAdapter {
+  protected readonly kibanaVersion: string;
+  protected readonly totalFieldsLimit: number;
+  protected componentTemplates: ClusterPutComponentTemplateRequest[] = [];
+  protected indexTemplates: IndicesPutIndexTemplateRequest[] = [];
+  protected installed: boolean;
+
+  constructor(protected readonly name: string, options: IndexAdapterParams) {
+    this.installed = false;
+    this.kibanaVersion = options.kibanaVersion;
+    this.totalFieldsLimit = options.totalFieldsLimit ?? DEFAULT_FIELDS_LIMIT;
+  }
+
+  public setComponentTemplate(params: SetComponentTemplateParams) {
+    if (this.installed) {
+      throw new Error('Cannot set component template after install');
+    }
+    this.componentTemplates.push(getComponentTemplate(params));
+  }
+
+  public setIndexTemplate(params: SetIndexTemplateParams) {
+    if (this.installed) {
+      throw new Error('Cannot set index template after install');
+    }
+    this.indexTemplates.push(
+      getIndexTemplate({
+        ...params,
+        indexPatterns: [this.name],
+        kibanaVersion: this.kibanaVersion,
+        totalFieldsLimit: this.totalFieldsLimit,
+      })
+    );
+  }
+
+  protected getInstallFn({ logger, pluginStop$, tasksTimeoutMs }: GetInstallFnParams) {
+    return async (promise: Promise<void>, description?: string): Promise<void> => {
+      try {
+        await installWithTimeout({
+          installFn: () => promise,
+          description,
+          timeoutMs: tasksTimeoutMs,
+          pluginStop$,
+        });
+      } catch (err) {
+        if (err instanceof InstallShutdownError) {
+          logger.info(err.message);
+        } else {
+          throw err;
+        }
+      }
+    };
+  }
+
+  protected async installTemplates(params: InstallParams) {
+    const { logger, pluginStop$, tasksTimeoutMs } = params;
+    const esClient = await params.esClient;
+    const installFn = this.getInstallFn({ logger, pluginStop$, tasksTimeoutMs });
+
+    // Install component templates in parallel
+    await Promise.all(
+      this.componentTemplates.map((componentTemplate) =>
+        installFn(
+          createOrUpdateComponentTemplate({
+            template: componentTemplate,
+            esClient,
+            logger,
+            totalFieldsLimit: this.totalFieldsLimit,
+          }),
+          `create or update ${componentTemplate.name} component template`
+        )
+      )
+    );
+
+    // Install index templates in parallel
+    await Promise.all(
+      this.indexTemplates.map((indexTemplate) =>
+        installFn(
+          createOrUpdateIndexTemplate({
+            template: indexTemplate,
+            esClient,
+            logger,
+          }),
+          `create or update ${indexTemplate.name} index template`
+        )
+      )
+    );
+  }
+
+  public async install(params: InstallParams) {
+    this.installed = true;
+    const { logger, pluginStop$, tasksTimeoutMs } = params;
+    const esClient = await params.esClient;
+
+    await this.installTemplates(params);
+
+    const installFn = this.getInstallFn({ logger, pluginStop$, tasksTimeoutMs });
+
+    // create index when everything is ready
+    await installFn(
+      createOrUpdateIndex({
+        name: this.name,
+        esClient,
+        logger,
+        totalFieldsLimit: this.totalFieldsLimit,
+      }),
+      `${this.name} index`
+    );
+  }
+}
diff --git a/packages/kbn-index-adapter/src/index_pattern_adapter.ts b/packages/kbn-index-adapter/src/index_pattern_adapter.ts
new file mode 100644
index 0000000000000..38a96a3c65b83
--- /dev/null
+++ b/packages/kbn-index-adapter/src/index_pattern_adapter.ts
@@ -0,0 +1,97 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the "Elastic License
+ * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side
+ * Public License v 1"; you may not use this file except in compliance with, at
+ * your election, the "Elastic License 2.0", the "GNU Affero General Public
+ * License v3.0 only", or the "Server Side Public License, v 1".
+ */
+
+import { createIndex, updateIndices } from './create_or_update_index';
+import { IndexAdapter, type IndexAdapterParams, type InstallParams } from './index_adapter';
+
+export type InstallIndex = (indexSuffix: string) => Promise<void>;
+
+export class IndexPatternAdapter extends IndexAdapter {
+  protected installationPromises: Map<string, Promise<void>>;
+  protected installIndexPromise?: Promise<InstallIndex>;
+
+  constructor(protected readonly prefix: string, options: IndexAdapterParams) {
+    super(`${prefix}-*`, options); // make indexTemplate `indexPatterns` match all index names
+    this.installationPromises = new Map();
+  }
+
+  /** Method to create/update the templates, update existing indices and setup internal state for the adapter. */
+  public async install(params: InstallParams): Promise<void> {
+    this.installIndexPromise = this._install(params);
+    await this.installIndexPromise;
+  }
+
+  protected async _install(params: InstallParams): Promise<InstallIndex> {
+    const { logger, pluginStop$, tasksTimeoutMs } = params;
+
+    await this.installTemplates(params);
+
+    const esClient = await params.esClient;
+    const installFn = this.getInstallFn({ logger, pluginStop$, tasksTimeoutMs });
+
+    // Update existing specific indices
+    await installFn(
+      updateIndices({
+        name: this.name, // `${prefix}-*`
+        esClient,
+        logger,
+        totalFieldsLimit: this.totalFieldsLimit,
+      }),
+      `update specific indices`
+    );
+
+    // Define the function to create concrete indices on demand
+    return async (name: string) =>
+      installFn(createIndex({ name, esClient, logger }), `create ${name} index`);
+  }
+
+  /**
+   * Method to create the index for a given index suffix.
+   * Stores the installations promises to avoid concurrent installations for the same index.
+   * Index creation will only be attempted once per index suffix and existence will be checked before creating.
+   */
+  public async createIndex(indexSuffix: string): Promise<void> {
+    if (!this.installIndexPromise) {
+      throw new Error('Cannot installIndex before install');
+    }
+
+    const existingInstallation = this.installationPromises.get(indexSuffix);
+    if (existingInstallation) {
+      return existingInstallation;
+    }
+    const indexName = this.getIndexName(indexSuffix);
+
+    // Awaits for installIndexPromise to resolve to ensure templates are installed before the specific index is created.
+    // This is a safety measure since the initial `install` call may not be awaited from the plugin lifecycle caller.
+    // However, the promise will most likely be already fulfilled by the time `createIndex` is called, so this is a no-op.
+    const installation = this.installIndexPromise
+      .then((installIndex) => installIndex(indexName))
+      .catch((err) => {
+        this.installationPromises.delete(indexSuffix);
+        throw err;
+      });
+
+    this.installationPromises.set(indexSuffix, installation);
+    return installation;
+  }
+
+  /** Method to get the full index name for a given index suffix. */
+  public getIndexName(indexSuffix: string): string {
+    return `${this.prefix}-${indexSuffix}`;
+  }
+
+  /** Method to get the full index name for a given index suffix. It returns undefined if the index does not exist. */
+  public async getInstalledIndexName(indexSuffix: string): Promise<string | undefined> {
+    const existingInstallation = this.installationPromises.get(indexSuffix);
+    if (!existingInstallation) {
+      return undefined;
+    }
+    return existingInstallation.then(() => this.getIndexName(indexSuffix)).catch(() => undefined);
+  }
+}
diff --git a/packages/kbn-data-stream-adapter/src/install_with_timeout.test.ts b/packages/kbn-index-adapter/src/install_with_timeout.test.ts
similarity index 100%
rename from packages/kbn-data-stream-adapter/src/install_with_timeout.test.ts
rename to packages/kbn-index-adapter/src/install_with_timeout.test.ts
diff --git a/packages/kbn-data-stream-adapter/src/install_with_timeout.ts b/packages/kbn-index-adapter/src/install_with_timeout.ts
similarity index 100%
rename from packages/kbn-data-stream-adapter/src/install_with_timeout.ts
rename to packages/kbn-index-adapter/src/install_with_timeout.ts
diff --git a/packages/kbn-data-stream-adapter/src/resource_installer_utils.test.ts b/packages/kbn-index-adapter/src/resource_installer_utils.test.ts
similarity index 92%
rename from packages/kbn-data-stream-adapter/src/resource_installer_utils.test.ts
rename to packages/kbn-index-adapter/src/resource_installer_utils.test.ts
index 93d421bb5605c..31d4a3abcbb0d 100644
--- a/packages/kbn-data-stream-adapter/src/resource_installer_utils.test.ts
+++ b/packages/kbn-index-adapter/src/resource_installer_utils.test.ts
@@ -24,7 +24,6 @@ describe('getIndexTemplate', () => {
     expect(indexTemplate).toEqual({
       name: defaultParams.name,
       body: {
-        data_stream: { hidden: true },
         index_patterns: defaultParams.indexPatterns,
         composed_of: defaultParams.componentTemplateRefs,
         template: {
@@ -57,8 +56,17 @@ describe('getIndexTemplate', () => {
     });
   });
 
+  it('should create data stream index template with given parameters and defaults', () => {
+    const indexTemplate = getIndexTemplate({ ...defaultParams, isDataStream: true });
+    expect(indexTemplate.body).toEqual(
+      expect.objectContaining({
+        data_stream: { hidden: true },
+      })
+    );
+  });
+
   it('should create not hidden index template', () => {
-    const { body } = getIndexTemplate({ ...defaultParams, hidden: false });
+    const { body } = getIndexTemplate({ ...defaultParams, isDataStream: true, hidden: false });
     expect(body?.data_stream?.hidden).toEqual(false);
     expect(body?.template?.settings?.hidden).toEqual(false);
   });
diff --git a/packages/kbn-data-stream-adapter/src/resource_installer_utils.ts b/packages/kbn-index-adapter/src/resource_installer_utils.ts
similarity index 93%
rename from packages/kbn-data-stream-adapter/src/resource_installer_utils.ts
rename to packages/kbn-index-adapter/src/resource_installer_utils.ts
index 96b220cf0983c..eb6e2490000b2 100644
--- a/packages/kbn-data-stream-adapter/src/resource_installer_utils.ts
+++ b/packages/kbn-index-adapter/src/resource_installer_utils.ts
@@ -19,7 +19,7 @@ import type {
 import type { FieldMap } from './field_maps/types';
 import { mappingFromFieldMap } from './field_maps/mapping_from_field_map';
 
-interface GetComponentTemplateOpts {
+export interface GetComponentTemplateOpts {
   name: string;
   fieldMap: FieldMap;
   settings?: IndicesIndexSettings;
@@ -47,7 +47,7 @@ export const getComponentTemplate = ({
   },
 });
 
-interface GetIndexTemplateOpts {
+export interface GetIndexTemplateOpts {
   name: string;
   indexPatterns: string[];
   kibanaVersion: string;
@@ -56,6 +56,7 @@ interface GetIndexTemplateOpts {
   namespace?: string;
   template?: IndicesPutIndexTemplateIndexTemplateMapping;
   hidden?: boolean;
+  isDataStream?: boolean;
 }
 
 export const getIndexTemplate = ({
@@ -67,6 +68,7 @@ export const getIndexTemplate = ({
   namespace = 'default',
   template = {},
   hidden = true,
+  isDataStream = false,
 }: GetIndexTemplateOpts): IndicesPutIndexTemplateRequest => {
   const indexMetadata: Metadata = {
     kibana: {
@@ -79,7 +81,7 @@ export const getIndexTemplate = ({
   return {
     name,
     body: {
-      data_stream: { hidden },
+      ...(isDataStream && { data_stream: { hidden } }),
       index_patterns: indexPatterns,
       composed_of: componentTemplateRefs,
       template: {
diff --git a/packages/kbn-data-stream-adapter/src/retry_transient_es_errors.test.ts b/packages/kbn-index-adapter/src/retry_transient_es_errors.test.ts
similarity index 100%
rename from packages/kbn-data-stream-adapter/src/retry_transient_es_errors.test.ts
rename to packages/kbn-index-adapter/src/retry_transient_es_errors.test.ts
diff --git a/packages/kbn-data-stream-adapter/src/retry_transient_es_errors.ts b/packages/kbn-index-adapter/src/retry_transient_es_errors.ts
similarity index 100%
rename from packages/kbn-data-stream-adapter/src/retry_transient_es_errors.ts
rename to packages/kbn-index-adapter/src/retry_transient_es_errors.ts
diff --git a/packages/kbn-index-adapter/tsconfig.json b/packages/kbn-index-adapter/tsconfig.json
new file mode 100644
index 0000000000000..cca50adbf7eb8
--- /dev/null
+++ b/packages/kbn-index-adapter/tsconfig.json
@@ -0,0 +1,20 @@
+{
+  "extends": "../../tsconfig.base.json",
+  "compilerOptions": {
+    "outDir": "target/types",
+    "types": [
+      "jest",
+      "node",
+    ]
+  },
+  "include": ["**/*.ts"],
+  "kbn_references": [
+    "@kbn/core",
+    "@kbn/std",
+    "@kbn/safer-lodash-set",
+    "@kbn/logging-mocks",
+  ],
+  "exclude": [
+    "target/**/*"
+  ],
+}
diff --git a/packages/kbn-language-documentation/scripts/generate_esql_docs.ts b/packages/kbn-language-documentation/scripts/generate_esql_docs.ts
index 072d53a02753a..da42dc7a44480 100644
--- a/packages/kbn-language-documentation/scripts/generate_esql_docs.ts
+++ b/packages/kbn-language-documentation/scripts/generate_esql_docs.ts
@@ -13,6 +13,11 @@ import fs from 'fs';
 import path from 'path';
 import { functions } from '../src/sections/generated/scalar_functions';
 
+interface DocsSectionContent {
+  description: string;
+  preview?: boolean;
+}
+
 (function () {
   const pathToElasticsearch = process.argv[2];
   const { scalarFunctions, aggregationFunctions } = loadFunctionDocs(pathToElasticsearch);
@@ -41,8 +46,8 @@ function loadFunctionDocs(pathToElasticsearch: string) {
     .readdirSync(definitionsPath)
     .map((file) => JSON.parse(fs.readFileSync(`${definitionsPath}/${file}`, 'utf-8')));
 
-  const scalarFunctions = new Map<string, string>();
-  const aggregationFunctions = new Map<string, string>();
+  const scalarFunctions = new Map<string, DocsSectionContent>();
+  const aggregationFunctions = new Map<string, DocsSectionContent>();
 
   // Iterate over each file in the directory
   for (const file of docsFiles) {
@@ -64,10 +69,16 @@ function loadFunctionDocs(pathToElasticsearch: string) {
 
       // Add the function name and content to the map
       if (functionDefinition.type === 'eval') {
-        scalarFunctions.set(functionName, content);
+        scalarFunctions.set(functionName, {
+          description: content,
+          preview: functionDefinition.preview,
+        });
       }
       if (functionDefinition.type === 'agg') {
-        aggregationFunctions.set(functionName, content);
+        aggregationFunctions.set(functionName, {
+          description: content,
+          preview: functionDefinition.preview,
+        });
       }
     }
   }
@@ -75,10 +86,10 @@ function loadFunctionDocs(pathToElasticsearch: string) {
   return { scalarFunctions, aggregationFunctions };
 }
 
-function writeFunctionDocs(functionDocs: Map<string, string>, pathToDocsFile: string) {
+function writeFunctionDocs(functionDocs: Map<string, DocsSectionContent>, pathToDocsFile: string) {
   const codeStrings = Array.from(functionDocs.entries()).map(([name, doc]) => {
     const docWithoutLinks = removeAsciiDocInternalCrossReferences(
-      doc,
+      doc.description,
       Array.from(functionDocs.keys())
     );
     return `
@@ -91,6 +102,7 @@ function writeFunctionDocs(functionDocs: Map<string, string>, pathToDocsFile: st
         defaultMessage: '${name.toUpperCase()}',
       }
     ),
+    preview: ${doc.preview || false},
     description: (
       <Markdown
         openLinksInNewTab
diff --git a/packages/kbn-language-documentation/src/components/shared/documentation.scss b/packages/kbn-language-documentation/src/components/shared/documentation.scss
index 2db3d25619d6e..94478c2592aa3 100644
--- a/packages/kbn-language-documentation/src/components/shared/documentation.scss
+++ b/packages/kbn-language-documentation/src/components/shared/documentation.scss
@@ -71,6 +71,10 @@
   margin-top: $euiSizeXXL;
 }
 
+.documentation__techPreviewBadge {
+  margin-bottom: $euiSizeS;
+}
+
 .documentation__docsTextGroup {
   border-top: $euiBorderThin;
   padding-top: $euiSizeXXL;
diff --git a/packages/kbn-language-documentation/src/components/shared/documentation_content.tsx b/packages/kbn-language-documentation/src/components/shared/documentation_content.tsx
index 9e030aa0a19fa..20041940a9b7b 100644
--- a/packages/kbn-language-documentation/src/components/shared/documentation_content.tsx
+++ b/packages/kbn-language-documentation/src/components/shared/documentation_content.tsx
@@ -7,7 +7,8 @@
  * License v3.0 only", or the "Server Side Public License, v 1".
  */
 import React from 'react';
-import { EuiFlexGroup, EuiText } from '@elastic/eui';
+import { i18n } from '@kbn/i18n';
+import { EuiFlexGroup, EuiText, EuiBetaBadge } from '@elastic/eui';
 import type { LanguageDocumentationSections } from '../../types';
 
 import './documentation.scss';
@@ -18,7 +19,7 @@ interface DocumentationContentProps {
   filteredGroups?: Array<{
     label: string;
     description?: string;
-    options: Array<{ label: string; description?: JSX.Element | undefined }>;
+    options: Array<{ label: string; description?: JSX.Element | undefined; preview?: boolean }>;
   }>;
   sections?: LanguageDocumentationSections;
 }
@@ -76,6 +77,23 @@ function DocumentationContent({
                         }
                       }}
                     >
+                      {helpItem.preview && (
+                        <EuiBetaBadge
+                          className="documentation__techPreviewBadge"
+                          label={i18n.translate('languageDocumentation.technicalPreviewLabel', {
+                            defaultMessage: 'Technical Preview',
+                          })}
+                          size="s"
+                          color="subdued"
+                          tooltipContent={i18n.translate(
+                            'languageDocumentation.technicalPreviewTooltip',
+                            {
+                              defaultMessage:
+                                'This functionality is experimental and not supported. It may change or be removed at any time.',
+                            }
+                          )}
+                        />
+                      )}
                       {helpItem.description}
                     </article>
                   );
diff --git a/packages/kbn-language-documentation/src/sections/generated/aggregation_functions.tsx b/packages/kbn-language-documentation/src/sections/generated/aggregation_functions.tsx
index 14a824c3183ee..6fe761e489c04 100644
--- a/packages/kbn-language-documentation/src/sections/generated/aggregation_functions.tsx
+++ b/packages/kbn-language-documentation/src/sections/generated/aggregation_functions.tsx
@@ -29,6 +29,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.avg', {
         defaultMessage: 'AVG',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -59,6 +60,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.count', {
         defaultMessage: 'COUNT',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -92,6 +94,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.count_distinct', {
         defaultMessage: 'COUNT_DISTINCT',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -125,6 +128,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.max', {
         defaultMessage: 'MAX',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -155,6 +159,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.median', {
         defaultMessage: 'MEDIAN',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -189,6 +194,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.median_absolute_deviation', {
         defaultMessage: 'MEDIAN_ABSOLUTE_DEVIATION',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -225,6 +231,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.min', {
         defaultMessage: 'MIN',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -255,6 +262,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.percentile', {
         defaultMessage: 'PERCENTILE',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -290,6 +298,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.st_centroid_agg', {
         defaultMessage: 'ST_CENTROID_AGG',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -323,6 +332,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.sum', {
         defaultMessage: 'SUM',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -353,6 +363,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.top', {
         defaultMessage: 'TOP',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -383,6 +394,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.values', {
         defaultMessage: 'VALUES',
       }),
+      preview: true,
       description: (
         <Markdown
           openLinksInNewTab
@@ -418,6 +430,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.weighted_avg', {
         defaultMessage: 'WEIGHTED_AVG',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
diff --git a/packages/kbn-language-documentation/src/sections/generated/scalar_functions.tsx b/packages/kbn-language-documentation/src/sections/generated/scalar_functions.tsx
index 32e66931cedcd..e0b44bb7f66b8 100644
--- a/packages/kbn-language-documentation/src/sections/generated/scalar_functions.tsx
+++ b/packages/kbn-language-documentation/src/sections/generated/scalar_functions.tsx
@@ -29,6 +29,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.abs', {
         defaultMessage: 'ABS',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -59,6 +60,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.acos', {
         defaultMessage: 'ACOS',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -89,6 +91,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.asin', {
         defaultMessage: 'ASIN',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -120,6 +123,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.atan', {
         defaultMessage: 'ATAN',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -151,6 +155,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.atan2', {
         defaultMessage: 'ATAN2',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -185,6 +190,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.bucket', {
         defaultMessage: 'BUCKET',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -221,6 +227,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.case', {
         defaultMessage: 'CASE',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -260,6 +267,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.cbrt', {
         defaultMessage: 'CBRT',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -291,6 +299,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.ceil', {
         defaultMessage: 'CEIL',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -322,6 +331,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.cidr_match', {
         defaultMessage: 'CIDR_MATCH',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -356,6 +366,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.coalesce', {
         defaultMessage: 'COALESCE',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -389,6 +400,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.concat', {
         defaultMessage: 'CONCAT',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -423,6 +435,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.cos', {
         defaultMessage: 'COS',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -453,6 +466,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.cosh', {
         defaultMessage: 'COSH',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -483,6 +497,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.date_diff', {
         defaultMessage: 'DATE_DIFF',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -517,6 +532,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.date_extract', {
         defaultMessage: 'DATE_EXTRACT',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -550,6 +566,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.date_format', {
         defaultMessage: 'DATE_FORMAT',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -584,6 +601,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.date_parse', {
         defaultMessage: 'DATE_PARSE',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -617,6 +635,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.date_trunc', {
         defaultMessage: 'DATE_TRUNC',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -651,6 +670,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.e', {
         defaultMessage: 'E',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -680,6 +700,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.ends_with', {
         defaultMessage: 'ENDS_WITH',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -714,6 +735,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.exp', {
         defaultMessage: 'EXP',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -744,6 +766,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.floor', {
         defaultMessage: 'FLOOR',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -780,6 +803,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.from_base64', {
         defaultMessage: 'FROM_BASE64',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -813,6 +837,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.greatest', {
         defaultMessage: 'GREATEST',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -848,6 +873,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.hypot', {
         defaultMessage: 'HYPOT',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -882,6 +908,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.ip_prefix', {
         defaultMessage: 'IP_PREFIX',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -915,6 +942,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.least', {
         defaultMessage: 'LEAST',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -948,6 +976,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.left', {
         defaultMessage: 'LEFT',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -981,6 +1010,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.length', {
         defaultMessage: 'LENGTH',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -1015,6 +1045,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.locate', {
         defaultMessage: 'LOCATE',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -1050,6 +1081,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.log', {
         defaultMessage: 'LOG',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -1082,6 +1114,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.log10', {
         defaultMessage: 'LOG10',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -1117,6 +1150,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.ltrim', {
         defaultMessage: 'LTRIM',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -1153,6 +1187,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.match', {
         defaultMessage: 'MATCH',
       }),
+      preview: true,
       description: (
         <Markdown
           openLinksInNewTab
@@ -1189,6 +1224,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.mv_append', {
         defaultMessage: 'MV_APPEND',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -1218,6 +1254,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.mv_avg', {
         defaultMessage: 'MV_AVG',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -1251,6 +1288,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.mv_concat', {
         defaultMessage: 'MV_CONCAT',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -1284,6 +1322,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.mv_count', {
         defaultMessage: 'MV_COUNT',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -1317,6 +1356,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.mv_dedupe', {
         defaultMessage: 'MV_DEDUPE',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -1351,6 +1391,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.mv_first', {
         defaultMessage: 'MV_FIRST',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -1386,6 +1427,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.mv_last', {
         defaultMessage: 'MV_LAST',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -1421,6 +1463,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.mv_max', {
         defaultMessage: 'MV_MAX',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -1454,6 +1497,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.mv_median', {
         defaultMessage: 'MV_MEDIAN',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -1490,6 +1534,7 @@ export const functions = {
           defaultMessage: 'MV_MEDIAN_ABSOLUTE_DEVIATION',
         }
       ),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -1526,6 +1571,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.mv_min', {
         defaultMessage: 'MV_MIN',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -1559,6 +1605,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.mv_percentile', {
         defaultMessage: 'MV_PERCENTILE',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -1592,6 +1639,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.mv_pseries_weighted_sum', {
         defaultMessage: 'MV_PSERIES_WEIGHTED_SUM',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -1626,6 +1674,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.mv_slice', {
         defaultMessage: 'MV_SLICE',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -1661,6 +1710,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.mv_sort', {
         defaultMessage: 'MV_SORT',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -1694,6 +1744,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.mv_sum', {
         defaultMessage: 'MV_SUM',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -1727,6 +1778,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.mv_zip', {
         defaultMessage: 'MV_ZIP',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -1761,6 +1813,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.now', {
         defaultMessage: 'NOW',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -1790,6 +1843,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.pi', {
         defaultMessage: 'PI',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -1819,6 +1873,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.pow', {
         defaultMessage: 'POW',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -1850,6 +1905,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.qstr', {
         defaultMessage: 'QSTR',
       }),
+      preview: true,
       description: (
         <Markdown
           openLinksInNewTab
@@ -1883,6 +1939,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.repeat', {
         defaultMessage: 'REPEAT',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -1900,7 +1957,7 @@ export const functions = {
 
   \`\`\`
   ROW a = "Hello!"
-  | EVAL triple_a = REPEAT(a, 3);
+  | EVAL triple_a = REPEAT(a, 3)
   \`\`\`
   `,
               description:
@@ -1916,6 +1973,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.replace', {
         defaultMessage: 'REPLACE',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -1951,6 +2009,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.reverse', {
         defaultMessage: 'REVERSE',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -1983,6 +2042,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.right', {
         defaultMessage: 'RIGHT',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -2019,6 +2079,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.round', {
         defaultMessage: 'ROUND',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -2056,6 +2117,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.rtrim', {
         defaultMessage: 'RTRIM',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -2092,6 +2154,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.signum', {
         defaultMessage: 'SIGNUM',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -2126,6 +2189,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.sin', {
         defaultMessage: 'SIN',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -2156,6 +2220,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.sinh', {
         defaultMessage: 'SINH',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -2186,6 +2251,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.space', {
         defaultMessage: 'SPACE',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -2218,6 +2284,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.split', {
         defaultMessage: 'SPLIT',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -2251,6 +2318,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.sqrt', {
         defaultMessage: 'SQRT',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -2282,6 +2350,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.st_contains', {
         defaultMessage: 'ST_CONTAINS',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -2317,6 +2386,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.st_disjoint', {
         defaultMessage: 'ST_DISJOINT',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -2353,6 +2423,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.st_distance', {
         defaultMessage: 'ST_DISTANCE',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -2390,6 +2461,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.st_intersects', {
         defaultMessage: 'ST_INTERSECTS',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -2427,6 +2499,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.st_within', {
         defaultMessage: 'ST_WITHIN',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -2462,6 +2535,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.st_x', {
         defaultMessage: 'ST_X',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -2493,6 +2567,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.st_y', {
         defaultMessage: 'ST_Y',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -2524,6 +2599,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.starts_with', {
         defaultMessage: 'STARTS_WITH',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -2558,6 +2634,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.substring', {
         defaultMessage: 'SUBSTRING',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -2592,6 +2669,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.tan', {
         defaultMessage: 'TAN',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -2622,6 +2700,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.tanh', {
         defaultMessage: 'TANH',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -2652,6 +2731,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.tau', {
         defaultMessage: 'TAU',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -2681,6 +2761,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.to_base64', {
         defaultMessage: 'TO_BASE64',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -2714,6 +2795,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.to_boolean', {
         defaultMessage: 'TO_BOOLEAN',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -2750,6 +2832,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.to_cartesianpoint', {
         defaultMessage: 'TO_CARTESIANPOINT',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -2785,6 +2868,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.to_cartesianshape', {
         defaultMessage: 'TO_CARTESIANSHAPE',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -2820,6 +2904,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.to_date_nanos', {
         defaultMessage: 'TO_DATE_NANOS',
       }),
+      preview: true,
       description: (
         <Markdown
           openLinksInNewTab
@@ -2850,6 +2935,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.to_dateperiod', {
         defaultMessage: 'TO_DATEPERIOD',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -2882,6 +2968,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.to_datetime', {
         defaultMessage: 'TO_DATETIME',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -2918,6 +3005,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.to_degrees', {
         defaultMessage: 'TO_DEGREES',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -2951,6 +3039,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.to_double', {
         defaultMessage: 'TO_DOUBLE',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -2986,6 +3075,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.to_geopoint', {
         defaultMessage: 'TO_GEOPOINT',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -3020,6 +3110,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.to_geoshape', {
         defaultMessage: 'TO_GEOSHAPE',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -3054,6 +3145,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.to_integer', {
         defaultMessage: 'TO_INTEGER',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -3090,6 +3182,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.to_ip', {
         defaultMessage: 'TO_IP',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -3124,6 +3217,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.to_long', {
         defaultMessage: 'TO_LONG',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -3159,6 +3253,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.to_lower', {
         defaultMessage: 'TO_LOWER',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -3192,6 +3287,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.to_radians', {
         defaultMessage: 'TO_RADIANS',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -3225,6 +3321,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.to_string', {
         defaultMessage: 'TO_STRING',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -3258,6 +3355,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.to_timeduration', {
         defaultMessage: 'TO_TIMEDURATION',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -3290,6 +3388,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.to_unsigned_long', {
         defaultMessage: 'TO_UNSIGNED_LONG',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -3325,6 +3424,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.to_upper', {
         defaultMessage: 'TO_UPPER',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -3358,6 +3458,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.to_version', {
         defaultMessage: 'TO_VERSION',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
@@ -3390,6 +3491,7 @@ export const functions = {
       label: i18n.translate('languageDocumentation.documentationESQL.trim', {
         defaultMessage: 'TRIM',
       }),
+      preview: false,
       description: (
         <Markdown
           openLinksInNewTab
diff --git a/packages/kbn-lint-packages-cli/migrate_plugins_to_package.ts b/packages/kbn-lint-packages-cli/migrate_plugins_to_package.ts
index 8641fa3c324d9..789729993c0bc 100644
--- a/packages/kbn-lint-packages-cli/migrate_plugins_to_package.ts
+++ b/packages/kbn-lint-packages-cli/migrate_plugins_to_package.ts
@@ -78,7 +78,8 @@ export async function migratePluginsToPackages(legacyManifests: RepoPath[]) {
       .split('\n')
       .flatMap((line) => {
         const trim = line.trim();
-        if (!trim || trim.startsWith('#')) {
+        // kibanamachine is an assignment override on backport branches to avoid review requests
+        if (!trim || trim.startsWith('#') || trim.includes('@kibanamachine')) {
           return [];
         }
 
diff --git a/packages/kbn-optimizer/limits.yml b/packages/kbn-optimizer/limits.yml
index aca3a1a0c3c99..8e1cd3e8fb7a1 100644
--- a/packages/kbn-optimizer/limits.yml
+++ b/packages/kbn-optimizer/limits.yml
@@ -2,7 +2,7 @@ pageLoadAssetSize:
   actions: 20000
   advancedSettings: 27596
   aiAssistantManagementSelection: 19146
-  aiops: 16000
+  aiops: 16526
   alerting: 106936
   apm: 64385
   banners: 17946
@@ -159,6 +159,7 @@ pageLoadAssetSize:
   spaces: 57868
   stackAlerts: 58316
   stackConnectors: 67227
+  streams: 16742
   synthetics: 55971
   telemetry: 51957
   telemetryManagementSection: 38586
diff --git a/packages/kbn-unified-field-list/src/components/field_popover/field_popover_header.test.tsx b/packages/kbn-unified-field-list/src/components/field_popover/field_popover_header.test.tsx
index 19fee33bc6eaf..a4e322f2b681c 100644
--- a/packages/kbn-unified-field-list/src/components/field_popover/field_popover_header.test.tsx
+++ b/packages/kbn-unified-field-list/src/components/field_popover/field_popover_header.test.tsx
@@ -38,6 +38,7 @@ describe('UnifiedFieldList <FieldPopoverHeader />', () => {
         field={field}
         closePopover={mockClose}
         onAddFieldToWorkspace={jest.fn()}
+        onAddBreakdownField={jest.fn()}
         onAddFilter={jest.fn()}
         onEditField={jest.fn()}
         onDeleteField={jest.fn()}
@@ -45,6 +46,9 @@ describe('UnifiedFieldList <FieldPopoverHeader />', () => {
     );
 
     expect(wrapper.text()).toBe(fieldName);
+    expect(
+      wrapper.find(`[data-test-subj="fieldPopoverHeader_addBreakdownField-${fieldName}"]`).exists()
+    ).toBeTruthy();
     expect(
       wrapper.find(`[data-test-subj="fieldPopoverHeader_addField-${fieldName}"]`).exists()
     ).toBeTruthy();
@@ -57,7 +61,29 @@ describe('UnifiedFieldList <FieldPopoverHeader />', () => {
     expect(
       wrapper.find(`[data-test-subj="fieldPopoverHeader_deleteField-${fieldName}"]`).exists()
     ).toBeTruthy();
-    expect(wrapper.find(EuiButtonIcon)).toHaveLength(4);
+    expect(wrapper.find(EuiButtonIcon)).toHaveLength(5);
+  });
+
+  it('should correctly handle add-breakdown-field action', async () => {
+    const mockClose = jest.fn();
+    const mockAddBreakdownField = jest.fn();
+    const fieldName = 'extension';
+    const field = dataView.fields.find((f) => f.name === fieldName)!;
+    const wrapper = mountWithIntl(
+      <FieldPopoverHeader
+        field={field}
+        closePopover={mockClose}
+        onAddBreakdownField={mockAddBreakdownField}
+      />
+    );
+
+    wrapper
+      .find(`[data-test-subj="fieldPopoverHeader_addBreakdownField-${fieldName}"]`)
+      .first()
+      .simulate('click');
+
+    expect(mockClose).toHaveBeenCalled();
+    expect(mockAddBreakdownField).toHaveBeenCalledWith(field);
   });
 
   it('should correctly handle add-field action', async () => {
diff --git a/packages/kbn-unified-field-list/src/components/field_popover/field_popover_header.tsx b/packages/kbn-unified-field-list/src/components/field_popover/field_popover_header.tsx
index 65d5a1da98034..3babd05871913 100644
--- a/packages/kbn-unified-field-list/src/components/field_popover/field_popover_header.tsx
+++ b/packages/kbn-unified-field-list/src/components/field_popover/field_popover_header.tsx
@@ -31,6 +31,7 @@ export interface FieldPopoverHeaderProps {
   buttonAddFilterProps?: Partial<EuiButtonIconProps>;
   buttonEditFieldProps?: Partial<EuiButtonIconProps>;
   buttonDeleteFieldProps?: Partial<EuiButtonIconProps>;
+  onAddBreakdownField?: (field: DataViewField | undefined) => void;
   onAddFieldToWorkspace?: (field: DataViewField) => unknown;
   onAddFilter?: AddFieldFilterHandler;
   onEditField?: (fieldName: string) => unknown;
@@ -47,6 +48,7 @@ export const FieldPopoverHeader: React.FC<FieldPopoverHeaderProps> = ({
   buttonAddFilterProps,
   buttonEditFieldProps,
   buttonDeleteFieldProps,
+  onAddBreakdownField,
   onAddFieldToWorkspace,
   onAddFilter,
   onEditField,
@@ -82,6 +84,13 @@ export const FieldPopoverHeader: React.FC<FieldPopoverHeaderProps> = ({
     defaultMessage: 'Delete data view field',
   });
 
+  const addBreakdownFieldTooltip = i18n.translate(
+    'unifiedFieldList.fieldPopover.addBreakdownFieldLabel',
+    {
+      defaultMessage: 'Add breakdown',
+    }
+  );
+
   return (
     <>
       <EuiFlexGroup alignItems="center" gutterSize="s" responsive={false}>
@@ -108,6 +117,21 @@ export const FieldPopoverHeader: React.FC<FieldPopoverHeaderProps> = ({
             </EuiToolTip>
           </EuiFlexItem>
         )}
+        {onAddBreakdownField && (
+          <EuiFlexItem grow={false} data-test-subj="fieldPopoverHeader_addBreakdownField">
+            <EuiToolTip content={addBreakdownFieldTooltip}>
+              <EuiButtonIcon
+                data-test-subj={`fieldPopoverHeader_addBreakdownField-${field.name}`}
+                aria-label={addBreakdownFieldTooltip}
+                iconType="visBarVerticalStacked"
+                onClick={() => {
+                  closePopover();
+                  onAddBreakdownField(field);
+                }}
+              />
+            </EuiToolTip>
+          </EuiFlexItem>
+        )}
         {onAddFilter && field.filterable && !field.scripted && (
           <EuiFlexItem grow={false} data-test-subj="fieldPopoverHeader_addExistsFilter">
             <EuiToolTip content={buttonAddFilterProps?.['aria-label'] ?? addExistsFilterTooltip}>
diff --git a/packages/kbn-unified-field-list/src/components/field_stats/field_summary_message.tsx b/packages/kbn-unified-field-list/src/components/field_stats/field_summary_message.tsx
index aab65e08f3a6f..2ed392abf1884 100755
--- a/packages/kbn-unified-field-list/src/components/field_stats/field_summary_message.tsx
+++ b/packages/kbn-unified-field-list/src/components/field_stats/field_summary_message.tsx
@@ -12,8 +12,16 @@ import { EuiText } from '@elastic/eui';
 
 export interface FieldSummaryMessageProps {
   message: string;
+  dataTestSubj?: string;
 }
 
-export const FieldSummaryMessage: React.FC<FieldSummaryMessageProps> = ({ message }) => {
-  return <EuiText size="s">{message}</EuiText>;
+export const FieldSummaryMessage: React.FC<FieldSummaryMessageProps> = ({
+  message,
+  dataTestSubj,
+}) => {
+  return (
+    <EuiText size="s" data-test-subj={dataTestSubj}>
+      {message}
+    </EuiText>
+  );
 };
diff --git a/packages/kbn-unified-field-list/src/containers/unified_field_list_item/field_list_item.test.tsx b/packages/kbn-unified-field-list/src/containers/unified_field_list_item/field_list_item.test.tsx
index a5b1955aeca2e..671a4175ad10a 100644
--- a/packages/kbn-unified-field-list/src/containers/unified_field_list_item/field_list_item.test.tsx
+++ b/packages/kbn-unified-field-list/src/containers/unified_field_list_item/field_list_item.test.tsx
@@ -43,10 +43,12 @@ async function getComponent({
   selected = false,
   field,
   canFilter = true,
+  isBreakdownSupported = true,
 }: {
   selected?: boolean;
   field?: DataViewField;
   canFilter?: boolean;
+  isBreakdownSupported?: boolean;
 }) {
   const finalField =
     field ??
@@ -76,6 +78,7 @@ async function getComponent({
     dataView: stubDataView,
     field: finalField,
     ...(canFilter && { onAddFilter: jest.fn() }),
+    ...(isBreakdownSupported && { onAddBreakdownField: jest.fn() }),
     onAddFieldToWorkspace: jest.fn(),
     onRemoveFieldFromWorkspace: jest.fn(),
     onEditField: jest.fn(),
@@ -137,6 +140,34 @@ describe('UnifiedFieldListItem', function () {
 
     expect(comp.find(FieldItemButton).prop('onClick')).toBeUndefined();
   });
+
+  it('should not show addBreakdownField action button if not supported', async function () {
+    const field = new DataViewField({
+      name: 'extension.keyword',
+      type: 'string',
+      esTypes: ['keyword'],
+      aggregatable: true,
+      searchable: true,
+    });
+    const { comp } = await getComponent({
+      field,
+      isBreakdownSupported: false,
+    });
+
+    await act(async () => {
+      const fieldItem = findTestSubject(comp, 'field-extension.keyword-showDetails');
+      await fieldItem.simulate('click');
+      await comp.update();
+    });
+
+    await comp.update();
+
+    expect(
+      comp
+        .find('[data-test-subj="fieldPopoverHeader_addBreakdownField-extension.keyword"]')
+        .exists()
+    ).toBeFalsy();
+  });
   it('should request field stats', async function () {
     const field = new DataViewField({
       name: 'machine.os.raw',
@@ -189,6 +220,11 @@ describe('UnifiedFieldListItem', function () {
     await comp.update();
 
     expect(comp.find(EuiPopover).prop('isOpen')).toBe(true);
+    expect(
+      comp
+        .find('[data-test-subj="fieldPopoverHeader_addBreakdownField-extension.keyword"]')
+        .exists()
+    ).toBeTruthy();
     expect(
       comp.find('[data-test-subj="fieldPopoverHeader_addField-extension.keyword"]').exists()
     ).toBeTruthy();
diff --git a/packages/kbn-unified-field-list/src/containers/unified_field_list_item/field_list_item.tsx b/packages/kbn-unified-field-list/src/containers/unified_field_list_item/field_list_item.tsx
index b139e7b5685c5..2ff7d22de39da 100644
--- a/packages/kbn-unified-field-list/src/containers/unified_field_list_item/field_list_item.tsx
+++ b/packages/kbn-unified-field-list/src/containers/unified_field_list_item/field_list_item.tsx
@@ -15,6 +15,8 @@ import type { FieldsMetadataPublicStart } from '@kbn/fields-metadata-plugin/publ
 import { Draggable } from '@kbn/dom-drag-drop';
 import type { DataView, DataViewField } from '@kbn/data-views-plugin/public';
 import { Filter } from '@kbn/es-query';
+import { fieldSupportsBreakdown } from '@kbn/field-utils';
+import { isESQLFieldGroupable } from '@kbn/esql-utils';
 import type { SearchMode } from '../../types';
 import { FieldItemButton, type FieldItemButtonProps } from '../../components/field_item_button';
 import {
@@ -140,6 +142,10 @@ export interface UnifiedFieldListItemProps {
    * The currently selected data view
    */
   dataView: DataView;
+  /**
+   * Callback to update breakdown field
+   */
+  onAddBreakdownField?: (breakdownField: DataViewField | undefined) => void;
   /**
    * Callback to add/select the field
    */
@@ -215,6 +221,7 @@ function UnifiedFieldListItemComponent({
   field,
   highlight,
   dataView,
+  onAddBreakdownField,
   onAddFieldToWorkspace,
   onRemoveFieldFromWorkspace,
   onAddFilter,
@@ -232,6 +239,9 @@ function UnifiedFieldListItemComponent({
 }: UnifiedFieldListItemProps) {
   const [infoIsOpen, setOpen] = useState(false);
 
+  const isBreakdownSupported =
+    searchMode === 'documents' ? fieldSupportsBreakdown(field) : isESQLFieldGroupable(field);
+
   const addFilterAndClosePopover: typeof onAddFilter | undefined = useMemo(
     () =>
       onAddFilter
@@ -394,13 +404,14 @@ function UnifiedFieldListItemComponent({
       data-test-subj={stateService.creationOptions.dataTestSubj?.fieldListItemPopoverDataTestSubj}
       renderHeader={() => (
         <FieldPopoverHeader
-          services={services}
-          field={field}
           closePopover={closePopover}
+          field={field}
+          onAddBreakdownField={isBreakdownSupported ? onAddBreakdownField : undefined}
           onAddFieldToWorkspace={!isSelected ? toggleDisplay : undefined}
           onAddFilter={onAddFilter}
-          onEditField={onEditField}
           onDeleteField={onDeleteField}
+          onEditField={onEditField}
+          services={services}
           {...customPopoverHeaderProps}
         />
       )}
diff --git a/packages/kbn-unified-field-list/src/containers/unified_field_list_sidebar/field_list_sidebar.tsx b/packages/kbn-unified-field-list/src/containers/unified_field_list_sidebar/field_list_sidebar.tsx
index a7d8fb4616cb0..2d23903c34ea3 100644
--- a/packages/kbn-unified-field-list/src/containers/unified_field_list_sidebar/field_list_sidebar.tsx
+++ b/packages/kbn-unified-field-list/src/containers/unified_field_list_sidebar/field_list_sidebar.tsx
@@ -48,6 +48,7 @@ export type UnifiedFieldListSidebarCustomizableProps = Pick<
   | 'dataView'
   | 'trackUiMetric'
   | 'onAddFilter'
+  | 'onAddBreakdownField'
   | 'onAddFieldToWorkspace'
   | 'onRemoveFieldFromWorkspace'
   | 'additionalFilters'
@@ -161,6 +162,7 @@ export const UnifiedFieldListSidebarComponent: React.FC<UnifiedFieldListSidebarP
   fullWidth,
   isAffectedByGlobalFilter,
   prepend,
+  onAddBreakdownField,
   onAddFieldToWorkspace,
   onRemoveFieldFromWorkspace,
   onAddFilter,
@@ -264,30 +266,31 @@ export const UnifiedFieldListSidebarComponent: React.FC<UnifiedFieldListSidebarP
     ({ field, groupName, groupIndex, itemIndex, fieldSearchHighlight }) => (
       <li key={`field${field.name}`} data-attr-field={field.name}>
         <UnifiedFieldListItem
-          stateService={stateService}
-          searchMode={searchMode}
-          services={services}
+          additionalFilters={additionalFilters}
           alwaysShowActionButton={alwaysShowActionButton}
-          field={field}
-          size={compressed ? 'xs' : 's'}
-          highlight={fieldSearchHighlight}
           dataView={dataView!}
-          onAddFieldToWorkspace={onAddFieldToWorkspace}
-          onRemoveFieldFromWorkspace={onRemoveFieldFromWorkspace}
-          onAddFilter={onAddFilter}
-          trackUiMetric={trackUiMetric}
-          multiFields={multiFieldsMap?.get(field.name)} // ideally we better calculate multifields when they are requested first from the popover
-          onEditField={onEditField}
-          onDeleteField={onDeleteField}
-          workspaceSelectedFieldNames={workspaceSelectedFieldNames}
+          field={field}
           groupIndex={groupIndex}
-          itemIndex={itemIndex}
+          highlight={fieldSearchHighlight}
           isEmpty={groupName === FieldsGroupNames.EmptyFields}
           isSelected={
             groupName === FieldsGroupNames.SelectedFields ||
             Boolean(selectedFieldsState.selectedFieldsMap[field.name])
           }
-          additionalFilters={additionalFilters}
+          itemIndex={itemIndex}
+          multiFields={multiFieldsMap?.get(field.name)} // ideally we better calculate multifields when they are requested first from the popover
+          onAddBreakdownField={onAddBreakdownField}
+          onAddFieldToWorkspace={onAddFieldToWorkspace}
+          onAddFilter={onAddFilter}
+          onDeleteField={onDeleteField}
+          onEditField={onEditField}
+          onRemoveFieldFromWorkspace={onRemoveFieldFromWorkspace}
+          searchMode={searchMode}
+          services={services}
+          size={compressed ? 'xs' : 's'}
+          stateService={stateService}
+          trackUiMetric={trackUiMetric}
+          workspaceSelectedFieldNames={workspaceSelectedFieldNames}
         />
       </li>
     ),
@@ -298,6 +301,7 @@ export const UnifiedFieldListSidebarComponent: React.FC<UnifiedFieldListSidebarP
       alwaysShowActionButton,
       compressed,
       dataView,
+      onAddBreakdownField,
       onAddFieldToWorkspace,
       onRemoveFieldFromWorkspace,
       onAddFilter,
diff --git a/packages/kbn-unified-field-list/tsconfig.json b/packages/kbn-unified-field-list/tsconfig.json
index 54b67143b7c7b..630ce0540ee1d 100644
--- a/packages/kbn-unified-field-list/tsconfig.json
+++ b/packages/kbn-unified-field-list/tsconfig.json
@@ -34,7 +34,8 @@
     "@kbn/visualization-utils",
     "@kbn/search-types",
     "@kbn/fields-metadata-plugin",
-    "@kbn/ui-theme"
+    "@kbn/ui-theme",
+    "@kbn/esql-utils",
   ],
   "exclude": ["target/**/*"]
 }
diff --git a/src/dev/code_coverage/ingest_coverage/team_assignment/parse_owners.js b/src/dev/code_coverage/ingest_coverage/team_assignment/parse_owners.js
index c384d4f010dc3..ed027e184ef75 100644
--- a/src/dev/code_coverage/ingest_coverage/team_assignment/parse_owners.js
+++ b/src/dev/code_coverage/ingest_coverage/team_assignment/parse_owners.js
@@ -13,8 +13,9 @@ import { pipe } from '../utils';
 
 const allLines$ = (lineReader) =>
   fromEvent(lineReader, 'line').pipe(
-    filter(function dropEmptiesAndDropComments(x) {
-      return x !== '' && !/^#\s{1,3}/.test(x);
+    filter(function dropEmptiesAndDropCommentsAndDropKibanamachine(x) {
+      // kibanamachine is an assignment override on backport branches to avoid review requests
+      return x !== '' && !/^#\s{1,3}/.test(x) && !x.includes('@kibanamachine');
     }),
     map(pipe(dropCCDelim, pathAndTeams)),
     takeUntil(fromEvent(lineReader, 'close'))
diff --git a/src/plugins/console/public/application/hooks/use_send_current_request/send_request.ts b/src/plugins/console/public/application/hooks/use_send_current_request/send_request.ts
index 40f440eccd7ce..a30f03ce57721 100644
--- a/src/plugins/console/public/application/hooks/use_send_current_request/send_request.ts
+++ b/src/plugins/console/public/application/hooks/use_send_current_request/send_request.ts
@@ -157,10 +157,18 @@ export function sendRequest(args: RequestArgs): Promise<RequestResult[]> {
 
         const { statusCode, statusText } = extractStatusCodeAndText(response, path);
 
-        if (body) {
-          value = JSON.stringify(body, null, 2);
+        // When the request is sent, the HTTP library tries to parse the response body as JSON.
+        // However, if the response body is empty or not in valid JSON format, it throws an error.
+        // To handle this, if the request resolves with a 200 status code but has an empty or invalid body,
+        // we should still display a success message to the user.
+        if (statusCode === 200 && body === null) {
+          value = 'OK';
         } else {
-          value = 'Request failed to get to the server (status code: ' + statusCode + ')';
+          if (body) {
+            value = JSON.stringify(body, null, 2);
+          } else {
+            value = 'Request failed to get to the server (status code: ' + statusCode + ')';
+          }
         }
 
         if (isMultiRequest) {
diff --git a/src/plugins/controls/public/controls/timeslider_control/init_time_range_subscription.ts b/src/plugins/controls/public/controls/timeslider_control/init_time_range_subscription.ts
index 7934e9deaa9b4..a31b9810c7481 100644
--- a/src/plugins/controls/public/controls/timeslider_control/init_time_range_subscription.ts
+++ b/src/plugins/controls/public/controls/timeslider_control/init_time_range_subscription.ts
@@ -11,7 +11,8 @@ import { TimeRange } from '@kbn/es-query';
 import { i18n } from '@kbn/i18n';
 import { apiHasParentApi, apiPublishesTimeRange } from '@kbn/presentation-publishing';
 import moment from 'moment';
-import { BehaviorSubject, skip } from 'rxjs';
+import { BehaviorSubject, Subscription, skip } from 'rxjs';
+import { apiPublishesReload } from '@kbn/presentation-publishing/interfaces/fetch/publishes_reload';
 import { getTimeRangeMeta, getTimezone, TimeRangeMeta } from './get_time_range_meta';
 import { getMomentTimezone } from './time_utils';
 
@@ -26,6 +27,13 @@ export function initTimeRangeSubscription(controlGroupApi: unknown) {
     timeRangeMeta$.next(getTimeRangeMeta(timeRange));
   });
 
+  let reloadSubscription: undefined | Subscription;
+  if (apiHasParentApi(controlGroupApi) && apiPublishesReload(controlGroupApi.parentApi)) {
+    reloadSubscription = controlGroupApi.parentApi.reload$.subscribe(() => {
+      timeRangeMeta$.next(getTimeRangeMeta(timeRange$.value));
+    });
+  }
+
   return {
     timeRangeMeta$,
     formatDate: (epoch: number) => {
@@ -35,6 +43,7 @@ export function initTimeRangeSubscription(controlGroupApi: unknown) {
         .format(timeRangeMeta$.value.format);
     },
     cleanupTimeRangeSubscription: () => {
+      reloadSubscription?.unsubscribe();
       timeRangeSubscription.unsubscribe();
     },
   };
diff --git a/src/plugins/dashboard/public/dashboard_container/component/grid/_dashboard_grid.scss b/src/plugins/dashboard/public/dashboard_container/component/grid/_dashboard_grid.scss
index 49a6b01049da7..ce010aa4cf9a5 100644
--- a/src/plugins/dashboard/public/dashboard_container/component/grid/_dashboard_grid.scss
+++ b/src/plugins/dashboard/public/dashboard_container/component/grid/_dashboard_grid.scss
@@ -113,10 +113,12 @@
       z-index: $euiZLevel9;
       top: -$euiSizeXL;
 
+      // Show hover actions with drag handle
       .embPanel__hoverActions:has(.embPanel--dragHandle) {
         opacity: 1;
       }
 
+      // Hide hover actions without drag handle
       .embPanel__hoverActions:not(:has(.embPanel--dragHandle)) {
         opacity: 0;
       }
diff --git a/src/plugins/dashboard/public/dashboard_container/component/grid/_dashboard_panel.scss b/src/plugins/dashboard/public/dashboard_container/component/grid/_dashboard_panel.scss
index 93a95e1ef37e5..2b7ec068f827d 100644
--- a/src/plugins/dashboard/public/dashboard_container/component/grid/_dashboard_panel.scss
+++ b/src/plugins/dashboard/public/dashboard_container/component/grid/_dashboard_panel.scss
@@ -1,44 +1,11 @@
-/**
-  * EDITING MODE
-  * Use .dshLayout--editing to target editing state because
-  * .embPanel--editing doesn't get updating without a hard refresh
-  */
-
-.dshLayout--editing {
-  // change the style of the hover actions border to a dashed line in edit mode
-  .embPanel__hoverActionsAnchor {
-    .embPanel__hoverActionsWrapper {
-      .embPanel__hoverActions {
-        border-color: $euiColorMediumShade;
-        border-style: dashed;
-      }
-    }
-  }
-}
-
 // LAYOUT MODES
 // Adjust borders/etc... for non-spaced out and expanded panels
 .dshLayout-withoutMargins {
-  .embPanel,
-  .embPanel__hoverActionsAnchor {
-    box-shadow: none;
-    outline: none;
-    border-radius: 0;
-  }
-
-  &.dshLayout--editing {
-    .embPanel__hoverActionsAnchor:hover {
-      outline: 1px dashed $euiColorMediumShade;
-    }
-  }
-
-  .embPanel__hoverActionsAnchor:hover {
-    outline: $euiBorderThin;
-    z-index: $euiZLevel2;
-  }
+  margin-top: $euiSizeS;
 
   .embPanel__content,
-  .dshDashboardGrid__item--highlighted,
+  .embPanel,
+  .embPanel__hoverActionsAnchor,
   .lnsExpressionRenderer {
     border-radius: 0;
   }
diff --git a/src/plugins/dashboard/public/dashboard_container/embeddable/dashboard_container.tsx b/src/plugins/dashboard/public/dashboard_container/embeddable/dashboard_container.tsx
index 35137075befe4..e21a2f94bfc51 100644
--- a/src/plugins/dashboard/public/dashboard_container/embeddable/dashboard_container.tsx
+++ b/src/plugins/dashboard/public/dashboard_container/embeddable/dashboard_container.tsx
@@ -876,7 +876,9 @@ export class DashboardContainer
     const references = getReferencesForPanelId(childId, this.savedObjectReferences);
     return {
       rawState,
-      references,
+      // references from old installations may not be prefixed with panel id
+      // fall back to passing all references in these cases to preserve backwards compatability
+      references: references.length > 0 ? references : this.savedObjectReferences,
     };
   };
 
diff --git a/src/plugins/discover/public/application/main/components/field_stats_table/field_stats_tab.tsx b/src/plugins/discover/public/application/main/components/field_stats_table/field_stats_tab.tsx
index c9ac877474e87..5a106b50360bb 100644
--- a/src/plugins/discover/public/application/main/components/field_stats_table/field_stats_tab.tsx
+++ b/src/plugins/discover/public/application/main/components/field_stats_table/field_stats_tab.tsx
@@ -9,9 +9,10 @@
 
 import React from 'react';
 import { useQuerySubscriber } from '@kbn/unified-field-list/src/hooks/use_query_subscriber';
-import { FieldStatisticsTable, type FieldStatisticsTableProps } from './field_stats_table';
-import { useDiscoverServices } from '../../../../hooks/use_discover_services';
 import { useAdditionalFieldGroups } from '../../hooks/sidebar/use_additional_field_groups';
+import { useDiscoverServices } from '../../../../hooks/use_discover_services';
+import { FieldStatisticsTable, type FieldStatisticsTableProps } from './field_stats_table';
+import { useIsEsqlMode } from '../../hooks/use_is_esql_mode';
 
 export const FieldStatisticsTab: React.FC<Omit<FieldStatisticsTableProps, 'query' | 'filters'>> =
   React.memo((props) => {
@@ -20,8 +21,13 @@ export const FieldStatisticsTab: React.FC<Omit<FieldStatisticsTableProps, 'query
       data: services.data,
     });
     const additionalFieldGroups = useAdditionalFieldGroups();
+    const isEsql = useIsEsqlMode();
+
+    // Quit early if we know it's in ES|QL mode
+    if (isEsql && services.dataVisualizer?.FieldStatsUnavailableMessage) {
+      return <services.dataVisualizer.FieldStatsUnavailableMessage />;
+    }
 
-    if (!services.dataVisualizer) return null;
     return (
       <FieldStatisticsTable
         dataView={props.dataView}
diff --git a/src/plugins/discover/public/application/main/components/layout/discover_layout.tsx b/src/plugins/discover/public/application/main/components/layout/discover_layout.tsx
index bc9cad72a5eb6..7784b8308053e 100644
--- a/src/plugins/discover/public/application/main/components/layout/discover_layout.tsx
+++ b/src/plugins/discover/public/application/main/components/layout/discover_layout.tsx
@@ -20,12 +20,12 @@ import {
 import { css } from '@emotion/react';
 import { i18n } from '@kbn/i18n';
 import { isOfAggregateQueryType } from '@kbn/es-query';
-import { appendWhereClauseToESQLQuery } from '@kbn/esql-utils';
+import { appendWhereClauseToESQLQuery, hasTransformationalCommand } from '@kbn/esql-utils';
 import { METRIC_TYPE } from '@kbn/analytics';
 import classNames from 'classnames';
 import { generateFilters } from '@kbn/data-plugin/public';
 import { useDragDropContext } from '@kbn/dom-drag-drop';
-import { DataViewType } from '@kbn/data-views-plugin/public';
+import { type DataViewField, DataViewType } from '@kbn/data-views-plugin/public';
 import {
   SEARCH_FIELDS_FROM_SOURCE,
   SHOW_FIELD_STATISTICS,
@@ -256,6 +256,21 @@ export function DiscoverLayout({ stateContainer }: DiscoverLayoutProps) {
 
   const onFilter = isEsqlMode ? onPopulateWhereClause : onAddFilter;
 
+  const canSetBreakdownField = useMemo(
+    () =>
+      isOfAggregateQueryType(query)
+        ? dataView?.isTimeBased() && !hasTransformationalCommand(query.esql)
+        : true,
+    [dataView, query]
+  );
+
+  const onAddBreakdownField = useCallback(
+    (field: DataViewField | undefined) => {
+      stateContainer.appState.update({ breakdownField: field?.name });
+    },
+    [stateContainer]
+  );
+
   const onFieldEdited = useCallback(
     async ({ removedFieldName }: { removedFieldName?: string } = {}) => {
       if (removedFieldName && currentColumns.includes(removedFieldName)) {
@@ -423,18 +438,19 @@ export function DiscoverLayout({ stateContainer }: DiscoverLayoutProps) {
             sidebarToggleState$={sidebarToggleState$}
             sidebarPanel={
               <SidebarMemoized
+                additionalFilters={customFilters}
+                columns={currentColumns}
                 documents$={stateContainer.dataState.data$.documents$}
+                onAddBreakdownField={canSetBreakdownField ? onAddBreakdownField : undefined}
                 onAddField={onAddColumnWithTracking}
-                onRemoveField={onRemoveColumnWithTracking}
-                columns={currentColumns}
                 onAddFilter={onFilter}
                 onChangeDataView={stateContainer.actions.onChangeDataView}
-                selectedDataView={dataView}
-                trackUiMetric={trackUiMetric}
-                onFieldEdited={onFieldEdited}
                 onDataViewCreated={stateContainer.actions.onDataViewCreated}
+                onFieldEdited={onFieldEdited}
+                onRemoveField={onRemoveColumnWithTracking}
+                selectedDataView={dataView}
                 sidebarToggleState$={sidebarToggleState$}
-                additionalFilters={customFilters}
+                trackUiMetric={trackUiMetric}
               />
             }
             mainPanel={
diff --git a/src/plugins/discover/public/application/main/components/sidebar/discover_sidebar_responsive.test.tsx b/src/plugins/discover/public/application/main/components/sidebar/discover_sidebar_responsive.test.tsx
index 6147bb916dad4..296d403da6901 100644
--- a/src/plugins/discover/public/application/main/components/sidebar/discover_sidebar_responsive.test.tsx
+++ b/src/plugins/discover/public/application/main/components/sidebar/discover_sidebar_responsive.test.tsx
@@ -162,6 +162,7 @@ function getCompProps(options?: { hits?: DataTableRecord[] }): DiscoverSidebarRe
       result: hits,
     }) as DataDocuments$,
     onChangeDataView: jest.fn(),
+    onAddBreakdownField: jest.fn(),
     onAddFilter: jest.fn(),
     onAddField: jest.fn(),
     onRemoveField: jest.fn(),
@@ -397,6 +398,19 @@ describe('discover responsive sidebar', function () {
     expect(ExistingFieldsServiceApi.loadFieldExisting).not.toHaveBeenCalled();
   });
 
+  it('should allow adding breakdown field', async function () {
+    const comp = await mountComponent(props);
+    const availableFields = findTestSubject(comp, 'fieldListGroupedAvailableFields');
+    await act(async () => {
+      const button = findTestSubject(availableFields, 'field-extension-showDetails');
+      button.simulate('click');
+      comp.update();
+    });
+
+    comp.update();
+    findTestSubject(comp, 'fieldPopoverHeader_addBreakdownField-extension').simulate('click');
+    expect(props.onAddBreakdownField).toHaveBeenCalled();
+  });
   it('should allow selecting fields', async function () {
     const comp = await mountComponent(props);
     const availableFields = findTestSubject(comp, 'fieldListGroupedAvailableFields');
diff --git a/src/plugins/discover/public/application/main/components/sidebar/discover_sidebar_responsive.tsx b/src/plugins/discover/public/application/main/components/sidebar/discover_sidebar_responsive.tsx
index 80a3b9d412c76..17a3e9def8b23 100644
--- a/src/plugins/discover/public/application/main/components/sidebar/discover_sidebar_responsive.tsx
+++ b/src/plugins/discover/public/application/main/components/sidebar/discover_sidebar_responsive.tsx
@@ -87,6 +87,10 @@ export interface DiscoverSidebarResponsiveProps {
    * hits fetched from ES, displayed in the doc table
    */
   documents$: DataDocuments$;
+  /**
+   * Callback to update breakdown field
+   */
+  onAddBreakdownField?: (breakdownField: DataViewField | undefined) => void;
   /**
    * Callback function when selecting a field
    */
@@ -151,6 +155,7 @@ export function DiscoverSidebarResponsive(props: DiscoverSidebarResponsiveProps)
     selectedDataView,
     columns,
     trackUiMetric,
+    onAddBreakdownField,
     onAddFilter,
     onFieldEdited,
     onDataViewCreated,
@@ -373,23 +378,24 @@ export function DiscoverSidebarResponsive(props: DiscoverSidebarResponsiveProps)
       <EuiFlexItem>
         {selectedDataView ? (
           <UnifiedFieldListSidebarContainer
-            ref={initializeUnifiedFieldListSidebarContainerApi}
-            variant={fieldListVariant}
-            getCreationOptions={getCreationOptions}
-            services={services}
-            dataView={selectedDataView}
-            trackUiMetric={trackUiMetric}
+            additionalFieldGroups={additionalFieldGroups}
+            additionalFilters={additionalFilters}
             allFields={sidebarState.allFields}
-            showFieldList={showFieldList}
-            workspaceSelectedFieldNames={columns}
+            dataView={selectedDataView}
             fullWidth
+            getCreationOptions={getCreationOptions}
+            onAddBreakdownField={onAddBreakdownField}
             onAddFieldToWorkspace={onAddFieldToWorkspace}
-            onRemoveFieldFromWorkspace={onRemoveFieldFromWorkspace}
             onAddFilter={onAddFilter}
             onFieldEdited={onFieldEdited}
+            onRemoveFieldFromWorkspace={onRemoveFieldFromWorkspace}
             prependInFlyout={prependDataViewPickerForMobile}
-            additionalFieldGroups={additionalFieldGroups}
-            additionalFilters={additionalFilters}
+            ref={initializeUnifiedFieldListSidebarContainerApi}
+            services={services}
+            showFieldList={showFieldList}
+            trackUiMetric={trackUiMetric}
+            variant={fieldListVariant}
+            workspaceSelectedFieldNames={columns}
           />
         ) : null}
       </EuiFlexItem>
diff --git a/src/plugins/discover/public/components/view_mode_toggle/view_mode_toggle.test.tsx b/src/plugins/discover/public/components/view_mode_toggle/view_mode_toggle.test.tsx
index 7d88f9ad1fef4..3899e405420ef 100644
--- a/src/plugins/discover/public/components/view_mode_toggle/view_mode_toggle.test.tsx
+++ b/src/plugins/discover/public/components/view_mode_toggle/view_mode_toggle.test.tsx
@@ -107,15 +107,15 @@ describe('Document view mode toggle component', () => {
     expect(findTestSubject(component, 'dscViewModeFieldStatsButton').exists()).toBe(false);
   });
 
-  it('should show document and field stats view if ES|QL', async () => {
+  it('should not show document and field stats view if ES|QL', async () => {
     const component = await mountComponent({ isEsqlMode: true });
-    expect(findTestSubject(component, 'dscViewModeToggle').exists()).toBe(true);
+    expect(findTestSubject(component, 'dscViewModeToggle').exists()).toBe(false);
     expect(findTestSubject(component, 'discoverQueryTotalHits').exists()).toBe(true);
 
-    expect(findTestSubject(component, 'dscViewModeDocumentButton').exists()).toBe(true);
+    expect(findTestSubject(component, 'dscViewModeDocumentButton').exists()).toBe(false);
     expect(findTestSubject(component, 'dscViewModePatternAnalysisButton').exists()).toBe(false);
-    expect(findTestSubject(component, 'dscViewModeFieldStatsButton').exists()).toBe(true);
-    expect(findTestSubject(component, 'dscViewModeDocumentButton').text()).toBe('Results (10)');
+    expect(findTestSubject(component, 'dscViewModeFieldStatsButton').exists()).toBe(false);
+    expect(findTestSubject(component, 'discoverQueryHits').text()).toBe('10');
   });
 
   it('should set the view mode to VIEW_MODE.DOCUMENT_LEVEL when dscViewModeDocumentButton is clicked', async () => {
diff --git a/src/plugins/discover/public/components/view_mode_toggle/view_mode_toggle.tsx b/src/plugins/discover/public/components/view_mode_toggle/view_mode_toggle.tsx
index 22c4aaa11b43a..43960f98ea2b8 100644
--- a/src/plugins/discover/public/components/view_mode_toggle/view_mode_toggle.tsx
+++ b/src/plugins/discover/public/components/view_mode_toggle/view_mode_toggle.tsx
@@ -46,10 +46,16 @@ export const DocumentViewModeToggle = ({
     () => isLegacyTableEnabled({ uiSettings, isEsqlMode }),
     [uiSettings, isEsqlMode]
   );
+
   const [showPatternAnalysisTab, setShowPatternAnalysisTab] = useState<boolean | null>(null);
   const showFieldStatisticsTab = useMemo(
-    () => uiSettings.get(SHOW_FIELD_STATISTICS) && dataVisualizerService !== undefined,
-    [dataVisualizerService, uiSettings]
+    () =>
+      // If user opens saved search with field stats in ES|QL,
+      // we show the toggle with the mode disabled so user can switch to document view
+      // instead of auto-directing
+      (viewMode === VIEW_MODE.AGGREGATED_LEVEL && isEsqlMode) ||
+      (!isEsqlMode && uiSettings.get(SHOW_FIELD_STATISTICS) && dataVisualizerService !== undefined),
+    [dataVisualizerService, uiSettings, isEsqlMode, viewMode]
   );
   const isMounted = useMountedState();
 
@@ -100,6 +106,12 @@ export const DocumentViewModeToggle = ({
     }
   `;
 
+  useEffect(() => {
+    if (viewMode === VIEW_MODE.AGGREGATED_LEVEL && isEsqlMode) {
+      setDiscoverViewMode(VIEW_MODE.DOCUMENT_LEVEL);
+    }
+  }, [viewMode, isEsqlMode, setDiscoverViewMode]);
+
   return (
     <EuiFlexGroup
       direction="row"
@@ -157,6 +169,7 @@ export const DocumentViewModeToggle = ({
 
             {showFieldStatisticsTab ? (
               <EuiTab
+                disabled={isEsqlMode}
                 isSelected={viewMode === VIEW_MODE.AGGREGATED_LEVEL}
                 onClick={() => setDiscoverViewMode(VIEW_MODE.AGGREGATED_LEVEL)}
                 data-test-subj="dscViewModeFieldStatsButton"
diff --git a/src/plugins/discover/public/embeddable/components/search_embeddable_field_stats_table_component.tsx b/src/plugins/discover/public/embeddable/components/search_embeddable_field_stats_table_component.tsx
index ede93bf6b6f72..cb1cd2f9eebc3 100644
--- a/src/plugins/discover/public/embeddable/components/search_embeddable_field_stats_table_component.tsx
+++ b/src/plugins/discover/public/embeddable/components/search_embeddable_field_stats_table_component.tsx
@@ -13,10 +13,10 @@ import { BehaviorSubject } from 'rxjs';
 import type { DataView } from '@kbn/data-views-plugin/common';
 import { FetchContext, useBatchedPublishingSubjects } from '@kbn/presentation-publishing';
 import { DocViewFilterFn } from '@kbn/unified-doc-viewer/types';
-
 import { FieldStatisticsTable } from '../../application/main/components/field_stats_table';
 import { isEsqlMode } from '../initialize_fetch';
 import type { SearchEmbeddableApi, SearchEmbeddableStateManager } from '../types';
+import { useDiscoverServices } from '../../hooks/use_discover_services';
 
 interface SavedSearchEmbeddableComponentProps {
   api: SearchEmbeddableApi & {
@@ -37,8 +37,13 @@ export function SearchEmbeddablFieldStatsTableComponent({
     api.fetchContext$,
     api.savedSearch$
   );
-
   const isEsql = useMemo(() => isEsqlMode(savedSearch), [savedSearch]);
+  const services = useDiscoverServices();
+
+  // Quit early if we know it's in ES|QL mode
+  if (isEsql && services.dataVisualizer?.FieldStatsUnavailableMessage) {
+    return <services.dataVisualizer.FieldStatsUnavailableMessage />;
+  }
 
   return (
     <FieldStatisticsTable
diff --git a/src/plugins/embeddable/public/__stories__/embeddable_panel.stories.tsx b/src/plugins/embeddable/public/__stories__/embeddable_panel.stories.tsx
index 6e1f58d9689a6..bcb0af1cf9064 100644
--- a/src/plugins/embeddable/public/__stories__/embeddable_panel.stories.tsx
+++ b/src/plugins/embeddable/public/__stories__/embeddable_panel.stories.tsx
@@ -128,7 +128,7 @@ Default.args = {
   hideHeader: false,
   loading: false,
   showShadow: false,
-  showBorder: true,
+  showBorder: false,
   title: 'Hello World',
   viewMode: true,
 };
diff --git a/src/plugins/event_annotation_listing/public/components/group_editor_flyout/lens_attributes.ts b/src/plugins/event_annotation_listing/public/components/group_editor_flyout/lens_attributes.ts
index 9de624c7bcf6a..416c18c7f457f 100644
--- a/src/plugins/event_annotation_listing/public/components/group_editor_flyout/lens_attributes.ts
+++ b/src/plugins/event_annotation_listing/public/components/group_editor_flyout/lens_attributes.ts
@@ -72,6 +72,7 @@ export const getLensAttributes = (group: EventAnnotationGroupConfig, timeField:
         language: 'kuery',
       },
       filters: [],
+      showBorder: false,
       datasourceStates: {
         formBased: {
           layers: {
diff --git a/src/plugins/home/public/application/components/tutorial/replace_template_strings.js b/src/plugins/home/public/application/components/tutorial/replace_template_strings.js
index 75da52e9af2b5..09abb7300866a 100644
--- a/src/plugins/home/public/application/components/tutorial/replace_template_strings.js
+++ b/src/plugins/home/public/application/components/tutorial/replace_template_strings.js
@@ -38,7 +38,6 @@ export function replaceTemplateStrings(text, params = {}) {
           filebeat: docLinks.links.filebeat.base,
           metricbeat: docLinks.links.metricbeat.base,
           heartbeat: docLinks.links.heartbeat.base,
-          functionbeat: docLinks.links.functionbeat.base,
           winlogbeat: docLinks.links.winlogbeat.base,
           auditbeat: docLinks.links.auditbeat.base,
         },
diff --git a/src/plugins/home/server/routes/fetch_es_hits_status.ts b/src/plugins/home/server/routes/fetch_es_hits_status.ts
index f01660876210a..aa4c1286ce67e 100644
--- a/src/plugins/home/server/routes/fetch_es_hits_status.ts
+++ b/src/plugins/home/server/routes/fetch_es_hits_status.ts
@@ -14,6 +14,12 @@ export const registerHitsStatusRoute = (router: IRouter) => {
   router.post(
     {
       path: '/api/home/hits_status',
+      security: {
+        authz: {
+          enabled: false,
+          reason: 'This route is opted out from authorization',
+        },
+      },
       validate: {
         body: schema.object({
           index: schema.string(),
diff --git a/src/plugins/home/server/tutorials/cloudwatch_logs/index.ts b/src/plugins/home/server/tutorials/cloudwatch_logs/index.ts
deleted file mode 100644
index a6e0213ddc366..0000000000000
--- a/src/plugins/home/server/tutorials/cloudwatch_logs/index.ts
+++ /dev/null
@@ -1,54 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the "Elastic License
- * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side
- * Public License v 1"; you may not use this file except in compliance with, at
- * your election, the "Elastic License 2.0", the "GNU Affero General Public
- * License v3.0 only", or the "Server Side Public License, v 1".
- */
-
-import { i18n } from '@kbn/i18n';
-import { TutorialsCategory } from '../../services/tutorials';
-import {
-  onPremInstructions,
-  cloudInstructions,
-  onPremCloudInstructions,
-} from '../instructions/functionbeat_instructions';
-import {
-  TutorialContext,
-  TutorialSchema,
-} from '../../services/tutorials/lib/tutorials_registry_types';
-
-export function cloudwatchLogsSpecProvider(context: TutorialContext): TutorialSchema {
-  const moduleName = 'aws';
-  return {
-    id: 'cloudwatchLogs',
-    name: i18n.translate('home.tutorials.cloudwatchLogs.nameTitle', {
-      defaultMessage: 'AWS Cloudwatch Logs',
-    }),
-    moduleName,
-    category: TutorialsCategory.LOGGING,
-    shortDescription: i18n.translate('home.tutorials.cloudwatchLogs.shortDescription', {
-      defaultMessage: 'Collect and parse logs from AWS Cloudwatch with Functionbeat.',
-    }),
-    longDescription: i18n.translate('home.tutorials.cloudwatchLogs.longDescription', {
-      defaultMessage:
-        'Collect Cloudwatch logs by deploying Functionbeat to run as \
-        an AWS Lambda function.',
-    }),
-    euiIconType: 'logoAWS',
-    artifacts: {
-      dashboards: [
-        // TODO
-      ],
-      exportedFields: {
-        documentationUrl: '{config.docs.beats.functionbeat}/exported-fields.html',
-      },
-    },
-    completionTimeMinutes: 10,
-    onPrem: onPremInstructions([], context),
-    elasticCloud: cloudInstructions(context),
-    onPremElasticCloud: onPremCloudInstructions(context),
-    integrationBrowserCategories: ['aws', 'observability', 'monitoring'],
-  };
-}
diff --git a/src/plugins/home/server/tutorials/instructions/functionbeat_instructions.ts b/src/plugins/home/server/tutorials/instructions/functionbeat_instructions.ts
deleted file mode 100644
index 74369f044a19a..0000000000000
--- a/src/plugins/home/server/tutorials/instructions/functionbeat_instructions.ts
+++ /dev/null
@@ -1,538 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the "Elastic License
- * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side
- * Public License v 1"; you may not use this file except in compliance with, at
- * your election, the "Elastic License 2.0", the "GNU Affero General Public
- * License v3.0 only", or the "Server Side Public License, v 1".
- */
-
-import { i18n } from '@kbn/i18n';
-import { INSTRUCTION_VARIANT } from '../../../common/instruction_variant';
-import { createTrycloudOption1, createTrycloudOption2 } from './onprem_cloud_instructions';
-import { getSpaceIdForBeatsTutorial } from './get_space_id_for_beats_tutorial';
-import { Platform, TutorialContext } from '../../services/tutorials/lib/tutorials_registry_types';
-import { cloudPasswordAndResetLink } from './cloud_instructions';
-
-export const createFunctionbeatInstructions = (context: TutorialContext) => {
-  const SSL_DOC_URL = `https://www.elastic.co/guide/en/beats/functionbeat/${context.kibanaBranch}/configuration-ssl.html#ca-sha256`;
-
-  return {
-    INSTALL: {
-      OSX: {
-        title: i18n.translate('home.tutorials.common.functionbeatInstructions.install.osxTitle', {
-          defaultMessage: 'Download and install Functionbeat',
-        }),
-        textPre: i18n.translate(
-          'home.tutorials.common.functionbeatInstructions.install.osxTextPre',
-          {
-            defaultMessage: 'First time using Functionbeat? See the [Quick Start]({link}).',
-            values: {
-              link: '{config.docs.beats.functionbeat}/functionbeat-installation-configuration.html',
-            },
-          }
-        ),
-        commands: [
-          'curl -L -O https://artifacts.elastic.co/downloads/beats/functionbeat/functionbeat-{config.kibana.version}-darwin-x86_64.tar.gz',
-          'tar xzvf functionbeat-{config.kibana.version}-darwin-x86_64.tar.gz',
-          'cd functionbeat-{config.kibana.version}-darwin-x86_64/',
-        ],
-      },
-      LINUX: {
-        title: i18n.translate('home.tutorials.common.functionbeatInstructions.install.linuxTitle', {
-          defaultMessage: 'Download and install Functionbeat',
-        }),
-        textPre: i18n.translate(
-          'home.tutorials.common.functionbeatInstructions.install.linuxTextPre',
-          {
-            defaultMessage: 'First time using Functionbeat? See the [Quick Start]({link}).',
-            values: {
-              link: '{config.docs.beats.functionbeat}/functionbeat-installation-configuration.html',
-            },
-          }
-        ),
-        commands: [
-          'curl -L -O https://artifacts.elastic.co/downloads/beats/functionbeat/functionbeat-{config.kibana.version}-linux-x86_64.tar.gz',
-          'tar xzvf functionbeat-{config.kibana.version}-linux-x86_64.tar.gz',
-          'cd functionbeat-{config.kibana.version}-linux-x86_64/',
-        ],
-      },
-      WINDOWS: {
-        title: i18n.translate(
-          'home.tutorials.common.functionbeatInstructions.install.windowsTitle',
-          {
-            defaultMessage: 'Download and install Functionbeat',
-          }
-        ),
-        textPre: i18n.translate(
-          'home.tutorials.common.functionbeatInstructions.install.windowsTextPre',
-          {
-            defaultMessage:
-              'First time using Functionbeat? See the [Quick Start]({functionbeatLink}).\n\
- 1. Download the Functionbeat Windows zip file from the [Download]({elasticLink}) page.\n\
- 2. Extract the contents of the zip file into {folderPath}.\n\
- 3. Rename the {directoryName} directory to `Functionbeat`.\n\
- 4. Open a PowerShell prompt as an Administrator (right-click the PowerShell icon and select \
-**Run As Administrator**). If you are running Windows XP, you might need to download and install PowerShell.\n\
- 5. From the PowerShell prompt, go to the Functionbeat directory:',
-            values: {
-              directoryName: '`functionbeat-{config.kibana.version}-windows`',
-              folderPath: '`C:\\Program Files`',
-              functionbeatLink:
-                '{config.docs.beats.functionbeat}/functionbeat-installation-configuration.html',
-              elasticLink: 'https://www.elastic.co/downloads/beats/functionbeat',
-            },
-          }
-        ),
-        commands: ['cd "C:\\Program Files\\Functionbeat"'],
-      },
-    },
-    DEPLOY: {
-      OSX_LINUX: {
-        title: i18n.translate('home.tutorials.common.functionbeatInstructions.deploy.osxTitle', {
-          defaultMessage: 'Deploy Functionbeat to AWS Lambda',
-        }),
-        textPre: i18n.translate(
-          'home.tutorials.common.functionbeatInstructions.deploy.osxTextPre',
-          {
-            defaultMessage:
-              'This installs Functionbeat as a Lambda function.\
-The `setup` command checks the Elasticsearch configuration and loads the \
-Kibana index pattern. It is normally safe to omit this command.',
-          }
-        ),
-        commands: ['./functionbeat setup', './functionbeat deploy fn-cloudwatch-logs'],
-      },
-      WINDOWS: {
-        title: i18n.translate(
-          'home.tutorials.common.functionbeatInstructions.deploy.windowsTitle',
-          {
-            defaultMessage: 'Deploy Functionbeat to AWS Lambda',
-          }
-        ),
-        textPre: i18n.translate(
-          'home.tutorials.common.functionbeatInstructions.deploy.windowsTextPre',
-          {
-            defaultMessage:
-              'This installs Functionbeat as a Lambda function.\
-The `setup` command checks the Elasticsearch configuration and loads the \
-Kibana index pattern. It is normally safe to omit this command.',
-          }
-        ),
-        commands: ['.\\functionbeat.exe setup', '.\\functionbeat.exe deploy fn-cloudwatch-logs'],
-      },
-    },
-    CONFIG: {
-      OSX_LINUX: {
-        title: i18n.translate('home.tutorials.common.functionbeatInstructions.config.osxTitle', {
-          defaultMessage: 'Configure the Elastic cluster',
-        }),
-        textPre: i18n.translate(
-          'home.tutorials.common.functionbeatInstructions.config.osxTextPre',
-          {
-            defaultMessage: 'Modify {path} to set the connection information:',
-            values: {
-              path: '`functionbeat.yml`',
-            },
-          }
-        ),
-        commands: [
-          'output.elasticsearch:',
-          '  hosts: ["<es_url>"]',
-          '  username: "elastic"',
-          '  password: "<password>"',
-          "  # If using Elasticsearch's default certificate",
-          '  ssl.ca_trusted_fingerprint: "<es cert fingerprint>"',
-          'setup.kibana:',
-          '  host: "<kibana_url>"',
-          getSpaceIdForBeatsTutorial(context),
-        ],
-        textPost: i18n.translate(
-          'home.tutorials.common.functionbeatInstructions.config.osxTextPostMarkdown',
-          {
-            defaultMessage:
-              'Where {passwordTemplate} is the password of the `elastic` user, {esUrlTemplate} is the URL of \
-              Elasticsearch, and {kibanaUrlTemplate} is the URL of Kibana. To [configure SSL]({configureSslUrl}) with the \
-              default certificate generated by Elasticsearch, add its fingerprint in {esCertFingerprintTemplate}.\n\n\
-  > **_Important:_**  Do not use the built-in `elastic` user to secure clients in a production environment. Instead set up \
-  authorized users or API keys, and do not expose passwords in configuration files. [Learn more]({linkUrl}).',
-            values: {
-              passwordTemplate: '`<password>`',
-              esUrlTemplate: '`<es_url>`',
-              kibanaUrlTemplate: '`<kibana_url>`',
-              configureSslUrl: SSL_DOC_URL,
-              esCertFingerprintTemplate: '`<es cert fingerprint>`',
-              linkUrl: '{config.docs.beats.functionbeat}/securing-functionbeat.html',
-            },
-          }
-        ),
-      },
-      WINDOWS: {
-        title: i18n.translate(
-          'home.tutorials.common.functionbeatInstructions.config.windowsTitle',
-          {
-            defaultMessage: 'Edit the configuration',
-          }
-        ),
-        textPre: i18n.translate(
-          'home.tutorials.common.functionbeatInstructions.config.windowsTextPre',
-          {
-            defaultMessage: 'Modify {path} to set the connection information:',
-            values: {
-              path: '`C:\\Program Files\\Functionbeat\\functionbeat.yml`',
-            },
-          }
-        ),
-        commands: [
-          'output.elasticsearch:',
-          '  hosts: ["<es_url>"]',
-          '  username: "elastic"',
-          '  password: "<password>"',
-          "  # If using Elasticsearch's default certificate",
-          '  ssl.ca_trusted_fingerprint: "<es cert fingerprint>"',
-          'setup.kibana:',
-          '  host: "<kibana_url>"',
-          getSpaceIdForBeatsTutorial(context),
-        ],
-        textPost: i18n.translate(
-          'home.tutorials.common.functionbeatInstructions.config.windowsTextPostMarkdown',
-          {
-            defaultMessage:
-              'Where {passwordTemplate} is the password of the `elastic` user, {esUrlTemplate} is the URL of \
-              Elasticsearch, and {kibanaUrlTemplate} is the URL of Kibana. To [configure SSL]({configureSslUrl}) with the \
-              default certificate generated by Elasticsearch, add its fingerprint in {esCertFingerprintTemplate}.\n\n\
-  > **_Important:_**  Do not use the built-in `elastic` user to secure clients in a production environment. Instead set up \
-  authorized users or API keys, and do not expose passwords in configuration files. [Learn more]({linkUrl}).',
-            values: {
-              passwordTemplate: '`<password>`',
-              esUrlTemplate: '`<es_url>`',
-              kibanaUrlTemplate: '`<kibana_url>`',
-              configureSslUrl: SSL_DOC_URL,
-              esCertFingerprintTemplate: '`<es cert fingerprint>`',
-              linkUrl: '{config.docs.beats.functionbeat}/securing-functionbeat.html',
-            },
-          }
-        ),
-      },
-    },
-  };
-};
-
-export const createFunctionbeatCloudInstructions = () => ({
-  CONFIG: {
-    OSX_LINUX: {
-      title: i18n.translate('home.tutorials.common.functionbeatCloudInstructions.config.osxTitle', {
-        defaultMessage: 'Edit the configuration',
-      }),
-      textPre: i18n.translate(
-        'home.tutorials.common.functionbeatCloudInstructions.config.osxTextPre',
-        {
-          defaultMessage: 'Modify {path} to set the connection information for Elastic Cloud:',
-          values: {
-            path: '`functionbeat.yml`',
-          },
-        }
-      ),
-      commands: ['cloud.id: "{config.cloud.id}"', 'cloud.auth: "elastic:<password>"'],
-      textPost: cloudPasswordAndResetLink,
-    },
-    WINDOWS: {
-      title: i18n.translate(
-        'home.tutorials.common.functionbeatCloudInstructions.config.windowsTitle',
-        {
-          defaultMessage: 'Edit the configuration',
-        }
-      ),
-      textPre: i18n.translate(
-        'home.tutorials.common.functionbeatCloudInstructions.config.windowsTextPre',
-        {
-          defaultMessage: 'Modify {path} to set the connection information for Elastic Cloud:',
-          values: {
-            path: '`C:\\Program Files\\Functionbeat\\functionbeat.yml`',
-          },
-        }
-      ),
-      commands: ['cloud.id: "{config.cloud.id}"', 'cloud.auth: "elastic:<password>"'],
-      textPost: cloudPasswordAndResetLink,
-    },
-  },
-});
-
-export function functionbeatEnableInstructions() {
-  const defaultTitle = i18n.translate(
-    'home.tutorials.common.functionbeatEnableOnPremInstructions.defaultTitle',
-    {
-      defaultMessage: 'Configure the Cloudwatch log group',
-    }
-  );
-  const defaultCommands = [
-    'functionbeat.provider.aws.functions:',
-    '  - name: fn-cloudwatch-logs',
-    '    enabled: true',
-    '    type: cloudwatch_logs',
-    '    triggers:',
-    '      - log_group_name: <cloudwatch-log-group>',
-    'functionbeat.provider.aws.deploy_bucket: <unique-bucket-name>',
-  ];
-  const defaultTextPost = i18n.translate(
-    'home.tutorials.common.functionbeatEnableOnPremInstructions.defaultTextPost',
-    {
-      defaultMessage:
-        "Where `'<cloudwatch-log-group>'` is the name of the log group you want to ingest, \
-and `'<unique-bucket-name>'` is a valid S3 bucket name which will be used for staging the \
-Functionbeat deploy.",
-    }
-  );
-  return {
-    OSX_LINUX: {
-      title: defaultTitle,
-      textPre: i18n.translate(
-        'home.tutorials.common.functionbeatEnableOnPremInstructionsOSXLinux.textPre',
-        {
-          defaultMessage: 'Modify the settings in the `functionbeat.yml` file.',
-        }
-      ),
-      commands: defaultCommands,
-      textPost: defaultTextPost,
-    },
-    WINDOWS: {
-      title: defaultTitle,
-      textPre: i18n.translate(
-        'home.tutorials.common.functionbeatEnableOnPremInstructionsWindows.textPre',
-        {
-          defaultMessage: 'Modify the settings in the {path} file.',
-          values: {
-            path: '`C:\\Program Files\\Functionbeat\\functionbeat.yml`',
-          },
-        }
-      ),
-      commands: defaultCommands,
-      textPost: defaultTextPost,
-    },
-  };
-}
-
-export function functionbeatAWSInstructions() {
-  const defaultTitle = i18n.translate('home.tutorials.common.functionbeatAWSInstructions.title', {
-    defaultMessage: 'Set AWS credentials',
-  });
-  const defaultPre = i18n.translate('home.tutorials.common.functionbeatAWSInstructions.textPre', {
-    defaultMessage: 'Set your AWS account credentials in the environment:',
-  });
-  const defaultPost = i18n.translate('home.tutorials.common.functionbeatAWSInstructions.textPost', {
-    defaultMessage:
-      'Where {accessKey} and {secretAccessKey} are your account credentials and `us-east-1` is the desired region.',
-    values: {
-      accessKey: '`<your-access-key>`',
-      secretAccessKey: '`<your-secret-access-key>`',
-    },
-  });
-
-  return {
-    OSX_LINUX: {
-      title: defaultTitle,
-      textPre: defaultPre,
-      commands: [
-        'export AWS_ACCESS_KEY_ID=<your-access-key>',
-        'export AWS_SECRET_ACCESS_KEY=<your-secret-access-key>',
-        'export AWS_DEFAULT_REGION=us-east-1',
-      ],
-      textPost: defaultPost,
-    },
-    WINDOWS: {
-      title: defaultTitle,
-      textPre: defaultPre,
-      commands: [
-        'set AWS_ACCESS_KEY_ID=<your-access-key>',
-        'set AWS_SECRET_ACCESS_KEY=<your-secret-access-key>',
-        'set AWS_DEFAULT_REGION=us-east-1',
-      ],
-      textPost: defaultPost,
-    },
-  };
-}
-
-export function functionbeatStatusCheck() {
-  return {
-    title: i18n.translate('home.tutorials.common.functionbeatStatusCheck.title', {
-      defaultMessage: 'Functionbeat status',
-    }),
-    text: i18n.translate('home.tutorials.common.functionbeatStatusCheck.text', {
-      defaultMessage: 'Check that data is received from Functionbeat',
-    }),
-    btnLabel: i18n.translate('home.tutorials.common.functionbeatStatusCheck.buttonLabel', {
-      defaultMessage: 'Check data',
-    }),
-    success: i18n.translate('home.tutorials.common.functionbeatStatusCheck.successText', {
-      defaultMessage: 'Data successfully received from Functionbeat',
-    }),
-    error: i18n.translate('home.tutorials.common.functionbeatStatusCheck.errorText', {
-      defaultMessage: 'No data has been received from Functionbeat yet',
-    }),
-    esHitsCheck: {
-      index: 'functionbeat-*',
-      query: {
-        match_all: {},
-      },
-    },
-  };
-}
-
-export function onPremInstructions(platforms: Platform[], context: TutorialContext) {
-  const FUNCTIONBEAT_INSTRUCTIONS = createFunctionbeatInstructions(context);
-
-  return {
-    instructionSets: [
-      {
-        title: i18n.translate(
-          'home.tutorials.common.functionbeat.premInstructions.gettingStarted.title',
-          {
-            defaultMessage: 'Getting Started',
-          }
-        ),
-        instructionVariants: [
-          {
-            id: INSTRUCTION_VARIANT.OSX,
-            instructions: [
-              FUNCTIONBEAT_INSTRUCTIONS.INSTALL.OSX,
-              functionbeatAWSInstructions().OSX_LINUX,
-              functionbeatEnableInstructions().OSX_LINUX,
-              FUNCTIONBEAT_INSTRUCTIONS.CONFIG.OSX_LINUX,
-              FUNCTIONBEAT_INSTRUCTIONS.DEPLOY.OSX_LINUX,
-            ],
-          },
-          {
-            id: INSTRUCTION_VARIANT.LINUX,
-            instructions: [
-              FUNCTIONBEAT_INSTRUCTIONS.INSTALL.LINUX,
-              functionbeatAWSInstructions().OSX_LINUX,
-              functionbeatEnableInstructions().OSX_LINUX,
-              FUNCTIONBEAT_INSTRUCTIONS.CONFIG.OSX_LINUX,
-              FUNCTIONBEAT_INSTRUCTIONS.DEPLOY.OSX_LINUX,
-            ],
-          },
-          {
-            id: INSTRUCTION_VARIANT.WINDOWS,
-            instructions: [
-              FUNCTIONBEAT_INSTRUCTIONS.INSTALL.WINDOWS,
-              functionbeatAWSInstructions().WINDOWS,
-              functionbeatEnableInstructions().WINDOWS,
-              FUNCTIONBEAT_INSTRUCTIONS.CONFIG.WINDOWS,
-              FUNCTIONBEAT_INSTRUCTIONS.DEPLOY.WINDOWS,
-            ],
-          },
-        ],
-        statusCheck: functionbeatStatusCheck(),
-      },
-    ],
-  };
-}
-
-export function onPremCloudInstructions(context: TutorialContext) {
-  const TRYCLOUD_OPTION1 = createTrycloudOption1();
-  const TRYCLOUD_OPTION2 = createTrycloudOption2();
-  const FUNCTIONBEAT_INSTRUCTIONS = createFunctionbeatInstructions(context);
-
-  return {
-    instructionSets: [
-      {
-        title: i18n.translate(
-          'home.tutorials.common.functionbeat.premCloudInstructions.gettingStarted.title',
-          {
-            defaultMessage: 'Getting Started',
-          }
-        ),
-        instructionVariants: [
-          {
-            id: INSTRUCTION_VARIANT.OSX,
-            instructions: [
-              TRYCLOUD_OPTION1,
-              TRYCLOUD_OPTION2,
-              FUNCTIONBEAT_INSTRUCTIONS.INSTALL.OSX,
-              functionbeatAWSInstructions().OSX_LINUX,
-              functionbeatEnableInstructions().OSX_LINUX,
-              FUNCTIONBEAT_INSTRUCTIONS.CONFIG.OSX_LINUX,
-              FUNCTIONBEAT_INSTRUCTIONS.DEPLOY.OSX_LINUX,
-            ],
-          },
-          {
-            id: INSTRUCTION_VARIANT.LINUX,
-            instructions: [
-              TRYCLOUD_OPTION1,
-              TRYCLOUD_OPTION2,
-              FUNCTIONBEAT_INSTRUCTIONS.INSTALL.LINUX,
-              functionbeatAWSInstructions().OSX_LINUX,
-              functionbeatEnableInstructions().OSX_LINUX,
-              FUNCTIONBEAT_INSTRUCTIONS.CONFIG.OSX_LINUX,
-              FUNCTIONBEAT_INSTRUCTIONS.DEPLOY.OSX_LINUX,
-            ],
-          },
-          {
-            id: INSTRUCTION_VARIANT.WINDOWS,
-            instructions: [
-              TRYCLOUD_OPTION1,
-              TRYCLOUD_OPTION2,
-              functionbeatAWSInstructions().WINDOWS,
-              functionbeatEnableInstructions().WINDOWS,
-              FUNCTIONBEAT_INSTRUCTIONS.INSTALL.WINDOWS,
-              FUNCTIONBEAT_INSTRUCTIONS.CONFIG.WINDOWS,
-              FUNCTIONBEAT_INSTRUCTIONS.DEPLOY.WINDOWS,
-            ],
-          },
-        ],
-        statusCheck: functionbeatStatusCheck(),
-      },
-    ],
-  };
-}
-
-export function cloudInstructions(context: TutorialContext) {
-  const FUNCTIONBEAT_INSTRUCTIONS = createFunctionbeatInstructions(context);
-  const FUNCTIONBEAT_CLOUD_INSTRUCTIONS = createFunctionbeatCloudInstructions();
-
-  return {
-    instructionSets: [
-      {
-        title: i18n.translate(
-          'home.tutorials.common.functionbeat.cloudInstructions.gettingStarted.title',
-          {
-            defaultMessage: 'Getting Started',
-          }
-        ),
-        instructionVariants: [
-          {
-            id: INSTRUCTION_VARIANT.OSX,
-            instructions: [
-              FUNCTIONBEAT_INSTRUCTIONS.INSTALL.OSX,
-              functionbeatAWSInstructions().OSX_LINUX,
-              functionbeatEnableInstructions().OSX_LINUX,
-              FUNCTIONBEAT_CLOUD_INSTRUCTIONS.CONFIG.OSX_LINUX,
-              FUNCTIONBEAT_INSTRUCTIONS.DEPLOY.OSX_LINUX,
-            ],
-          },
-          {
-            id: INSTRUCTION_VARIANT.LINUX,
-            instructions: [
-              FUNCTIONBEAT_INSTRUCTIONS.INSTALL.LINUX,
-              functionbeatAWSInstructions().OSX_LINUX,
-              functionbeatEnableInstructions().OSX_LINUX,
-              FUNCTIONBEAT_CLOUD_INSTRUCTIONS.CONFIG.OSX_LINUX,
-              FUNCTIONBEAT_INSTRUCTIONS.DEPLOY.OSX_LINUX,
-            ],
-          },
-          {
-            id: INSTRUCTION_VARIANT.WINDOWS,
-            instructions: [
-              FUNCTIONBEAT_INSTRUCTIONS.INSTALL.WINDOWS,
-              functionbeatAWSInstructions().WINDOWS,
-              functionbeatEnableInstructions().WINDOWS,
-              FUNCTIONBEAT_CLOUD_INSTRUCTIONS.CONFIG.WINDOWS,
-              FUNCTIONBEAT_INSTRUCTIONS.DEPLOY.WINDOWS,
-            ],
-          },
-        ],
-        statusCheck: functionbeatStatusCheck(),
-      },
-    ],
-  };
-}
diff --git a/src/plugins/home/server/tutorials/register.ts b/src/plugins/home/server/tutorials/register.ts
index 55364b99a10c2..7b687a6fbb15a 100644
--- a/src/plugins/home/server/tutorials/register.ts
+++ b/src/plugins/home/server/tutorials/register.ts
@@ -24,7 +24,6 @@ import { cefLogsSpecProvider } from './cef_logs';
 import { cephMetricsSpecProvider } from './ceph_metrics';
 import { checkpointLogsSpecProvider } from './checkpoint_logs';
 import { ciscoLogsSpecProvider } from './cisco_logs';
-import { cloudwatchLogsSpecProvider } from './cloudwatch_logs';
 import { cockroachdbMetricsSpecProvider } from './cockroachdb_metrics';
 import { consulMetricsSpecProvider } from './consul_metrics';
 import { corednsLogsSpecProvider } from './coredns_logs';
@@ -162,7 +161,6 @@ export const builtInTutorials = [
   prometheusMetricsSpecProvider,
   zookeeperMetricsSpecProvider,
   uptimeMonitorsSpecProvider,
-  cloudwatchLogsSpecProvider,
   awsMetricsSpecProvider,
   mssqlMetricsSpecProvider,
   natsMetricsSpecProvider,
diff --git a/src/plugins/presentation_panel/public/panel_component/_presentation_panel.scss b/src/plugins/presentation_panel/public/panel_component/_presentation_panel.scss
index 5094cf6b02ba3..86f9e8d378e5a 100644
--- a/src/plugins/presentation_panel/public/panel_component/_presentation_panel.scss
+++ b/src/plugins/presentation_panel/public/panel_component/_presentation_panel.scss
@@ -6,8 +6,6 @@
   height: 100%;
   min-height: $euiSizeL + 2px; // + 2px to account for border
   position: relative;
-  border: none;
-  outline: $euiBorderThin;
 
   &-isLoading {
     // completely center the loading indicator
@@ -105,47 +103,9 @@
   }
 }
 
-// OPTIONS MENU
-
-/**
-  * 1. Use opacity to make this element accessible to screen readers and keyboard.
-  * 2. Show on focus to enable keyboard accessibility.
-  * 3. Always show in editing mode
-  */
-
-.embPanel__optionsMenuButton {
-  background-color: transparentize($euiColorLightShade, .5);
-  border-bottom-right-radius: 0;
-  border-top-left-radius: 0;
-
-  &:focus {
-    background-color: transparentize($euiColorLightestShade, .5);
-  }
-}
-
-.embPanel__optionsMenuPopover-loading {
-  width: $euiSizeS * 32;
-}
-
-.embPanel__optionsMenuPopover-notification::after {
-  position: absolute;
-  top: 0;
-  right: 0;
-  content: '•';
-  transform: translate(50%, -50%);
-  color: $euiColorAccent;
-  font-size: $euiSizeL;
-}
-
 // EDITING MODE
-
 .embPanel--editing {
-  transition: all $euiAnimSpeedFast $euiAnimSlightResistance;
-  outline: 1px dashed $euiColorMediumShade;
-
   .embPanel--dragHandle {
-    transition: background-color $euiAnimSpeedFast $euiAnimSlightResistance;
-
     .embPanel--dragHandle:hover {
       background-color: transparentize($euiColorWarning, lightOrDarkTheme(.9, .7));
       cursor: move;
@@ -170,56 +130,14 @@
   z-index: $euiZLevel1;
 }
 
-.embPanel__hoverActionsAnchor {
-  position: relative;
-  height: 100%;
-
-  .embPanel__hoverActionsWrapper {
-    height: $euiSizeXL;
-    position: absolute;
-    top: 0;
-    display: flex;
-    justify-content: space-between;
-    padding: 0 $euiSize;
-    flex-wrap: nowrap;
-    min-width: 100%;
-    z-index: -1;
-    pointer-events: none; // Prevent hover actions wrapper from blocking interactions with other panels
-  }
-
-  .embPanel__hoverActions {
-    opacity: 0;
-    padding: calc($euiSizeXS - 1px);
-    display: flex;
-    flex-wrap: nowrap;
-    border: $euiBorderThin;
-
-    background-color: $euiColorEmptyShade;
-    height: $euiSizeXL;
-
-    pointer-events: all; // Re-enable pointer-events for hover actions
-  }
-
-  .embPanel--dragHandle {
-    cursor: move;
+.embPanel--dragHandle {
+  cursor: move;
 
-    img {
-      pointer-events: all !important;
-    }
+  img {
+    pointer-events: all !important;
   }
+}
 
-  .embPanel__descriptionTooltipAnchor {
-    padding: $euiSizeXS;
-  }
-
-  &:hover .embPanel__hoverActionsWrapper,
-  &:focus-within .embPanel__hoverActionsWrapper,
-  .embPanel__hoverActionsWrapper--lockHoverActions {
-    z-index: $euiZLevel9;
-    top: -$euiSizeXL;
-
-    .embPanel__hoverActions {
-      opacity: 1;
-    }
-  }
-}
\ No newline at end of file
+.embPanel__descriptionTooltipAnchor {
+  padding: $euiSizeXS;
+}
diff --git a/src/plugins/presentation_panel/public/panel_component/panel_header/presentation_panel_hover_actions.tsx b/src/plugins/presentation_panel/public/panel_component/panel_header/presentation_panel_hover_actions.tsx
index 469a1f8c4f6e3..b29563713d365 100644
--- a/src/plugins/presentation_panel/public/panel_component/panel_header/presentation_panel_hover_actions.tsx
+++ b/src/plugins/presentation_panel/public/panel_component/panel_header/presentation_panel_hover_actions.tsx
@@ -54,6 +54,9 @@ import { getContextMenuAriaLabel } from '../presentation_panel_strings';
 import { DefaultPresentationPanelApi, PresentationPanelInternalProps } from '../types';
 import { AnyApiAction } from '../../panel_actions/types';
 
+const DASHED_OUTLINE = `1px dashed ${euiThemeVars.euiColorMediumShade}`;
+const SOLID_OUTLINE = `1px solid ${euiThemeVars.euiBorderColor}`;
+
 const QUICK_ACTION_IDS = {
   edit: [
     'editPanel',
@@ -67,12 +70,14 @@ const QUICK_ACTION_IDS = {
 
 const ALLOWED_NOTIFICATIONS = ['ACTION_FILTERS_NOTIFICATION'] as const;
 
-const ALL_ROUNDED_CORNERS = `border-radius: ${euiThemeVars.euiBorderRadius};
+const ALL_ROUNDED_CORNERS = `
+  border-radius: ${euiThemeVars.euiBorderRadius};
+`;
+const TOP_ROUNDED_CORNERS = `
+  border-top-left-radius: ${euiThemeVars.euiBorderRadius};
+  border-top-right-radius: ${euiThemeVars.euiBorderRadius};
+  border-bottom: 0px;
 `;
-const TOP_ROUNDED_CORNERS = `border-top-left-radius: ${euiThemeVars.euiBorderRadius};
- border-top-right-radius: ${euiThemeVars.euiBorderRadius};
- border-bottom: 0 !important;
- `;
 
 const createClickHandler =
   (action: AnyApiAction, context: ActionExecutionContext<EmbeddableApiContext>) =>
@@ -101,6 +106,7 @@ export const PresentationPanelHoverActions = ({
   className,
   viewMode,
   showNotifications = true,
+  showBorder,
 }: {
   index?: number;
   api: DefaultPresentationPanelApi | null;
@@ -110,6 +116,7 @@ export const PresentationPanelHoverActions = ({
   className?: string;
   viewMode?: ViewMode;
   showNotifications?: boolean;
+  showBorder?: boolean;
 }) => {
   const [quickActions, setQuickActions] = useState<AnyApiAction[]>([]);
   const [contextMenuPanels, setContextMenuPanels] = useState<EuiContextMenuPanelDescriptor[]>([]);
@@ -195,7 +202,6 @@ export const PresentationPanelHoverActions = ({
   );
 
   const hideTitle = hidePanelTitle || parentHideTitle;
-
   const showDescription = description && (!title || hideTitle);
 
   const quickActionIds = useMemo(
@@ -429,7 +435,7 @@ export const PresentationPanelHoverActions = ({
       onClick={() => {
         setIsContextMenuOpen(!isContextMenuOpen);
         if (apiCanLockHoverActions(api)) {
-          api?.lockHoverActions(!hasLockedHoverActions);
+          api.lockHoverActions(!hasLockedHoverActions);
         }
       }}
       iconType="boxesVertical"
@@ -451,26 +457,81 @@ export const PresentationPanelHoverActions = ({
     />
   );
 
+  const hasHoverActions = quickActionElements.length || contextMenuPanels.lastIndexOf.length;
+
   return (
     <div
       onMouseOver={updateCombineHoverActions}
       onFocus={updateCombineHoverActions}
       ref={anchorRef}
-      className="embPanel__hoverActionsAnchor"
+      className={classNames('embPanel__hoverActionsAnchor', {
+        'embPanel__hoverActionsAnchor--lockHoverActions': hasLockedHoverActions,
+      })}
       data-test-embeddable-id={api?.uuid}
       data-test-subj={`embeddablePanelHoverActions-${(title || defaultTitle || '').replace(
         /\s/g,
         ''
       )}`}
+      css={css`
+        border-radius: ${euiThemeVars.euiBorderRadius};
+        position: relative;
+        height: 100%;
+
+        .embPanel {
+          ${showBorder
+            ? `
+              outline: ${viewMode === 'edit' ? DASHED_OUTLINE : SOLID_OUTLINE};
+            `
+            : ''}
+        }
+
+        .embPanel__hoverActions {
+          opacity: 0;
+          padding: calc(${euiThemeVars.euiSizeXS} - 1px);
+          display: flex;
+          flex-wrap: nowrap;
+
+          background-color: ${euiThemeVars.euiColorEmptyShade};
+          height: ${euiThemeVars.euiSizeXL};
+
+          pointer-events: all; // Re-enable pointer-events for hover actions
+        }
+
+        &:hover,
+        &:focus-within,
+        &.embPanel__hoverActionsAnchor--lockHoverActions {
+          .embPanel {
+            outline: ${viewMode === 'edit' ? DASHED_OUTLINE : SOLID_OUTLINE};
+            z-index: ${euiThemeVars.euiZLevel2};
+          }
+          .embPanel__hoverActionsWrapper {
+            z-index: ${euiThemeVars.euiZLevel9};
+            top: -${euiThemeVars.euiSizeXL};
+
+            .embPanel__hoverActions {
+              opacity: 1;
+            }
+          }
+        }
+      `}
     >
       {children}
       {api ? (
         <div
           ref={hoverActionsRef}
-          css={css`anchorStyles`}
-          className={classNames('embPanel__hoverActionsWrapper', {
-            'embPanel__hoverActionsWrapper--lockHoverActions': hasLockedHoverActions,
-          })}
+          className="embPanel__hoverActionsWrapper"
+          css={css`
+            height: ${euiThemeVars.euiSizeXL};
+            position: absolute;
+            top: 0;
+            display: flex;
+            justify-content: space-between;
+            padding: 0 ${euiThemeVars.euiSize};
+            flex-wrap: nowrap;
+            min-width: 100%;
+            z-index: -1;
+            pointer-events: none; // Prevent hover actions wrapper from blocking interactions with other panels
+          `}
         >
           {viewMode === 'edit' && !combineHoverActions ? (
             <div
@@ -482,6 +543,7 @@ export const PresentationPanelHoverActions = ({
                 className
               )}
               css={css`
+                border: ${viewMode === 'edit' ? DASHED_OUTLINE : SOLID_OUTLINE};
                 ${borderStyles}
               `}
             >
@@ -490,72 +552,75 @@ export const PresentationPanelHoverActions = ({
           ) : (
             <div /> // necessary for the right hover actions to align correctly when left hover actions are not present
           )}
-          <div
-            ref={rightHoverActionsRef}
-            data-test-subj="embPanel__hoverActions__right"
-            className={classNames(
-              'embPanel__hoverActions',
-              'embPanel__hoverActionsRight',
-              className
-            )}
-            css={css`
-              ${borderStyles}
-            `}
-          >
-            {viewMode === 'edit' && combineHoverActions && dragHandle}
-            {showNotifications && notificationElements}
-            {showDescription && (
-              <EuiIconTip
-                title={!hideTitle ? title || undefined : undefined}
-                content={description}
-                delay="regular"
-                position="top"
-                anchorClassName="embPanel__descriptionTooltipAnchor"
-                data-test-subj="embeddablePanelDescriptionTooltip"
-                type="iInCircle"
-              />
-            )}
-            {quickActionElements.map(
-              ({ iconType, 'data-test-subj': dataTestSubj, onClick, name }, i) => (
-                <EuiToolTip key={`main_action_${dataTestSubj}_${api?.uuid}`} content={name}>
-                  <EuiButtonIcon
-                    iconType={iconType}
-                    color="text"
-                    onClick={onClick as MouseEventHandler}
-                    data-test-subj={dataTestSubj}
-                    aria-label={name as string}
-                  />
-                </EuiToolTip>
-              )
-            )}
-            {contextMenuPanels.length ? (
-              <EuiPopover
-                repositionOnScroll
-                panelPaddingSize="none"
-                anchorPosition="downRight"
-                button={ContextMenuButton}
-                isOpen={isContextMenuOpen}
-                className={contextMenuClasses}
-                closePopover={onClose}
-                data-test-subj={
-                  isContextMenuOpen
-                    ? 'embeddablePanelContextMenuOpen'
-                    : 'embeddablePanelContextMenuClosed'
-                }
-                focusTrapProps={{
-                  closeOnMouseup: true,
-                  clickOutsideDisables: false,
-                  onClickOutside: onClose,
-                }}
-              >
-                <EuiContextMenu
-                  data-test-subj="presentationPanelContextMenuItems"
-                  initialPanelId={'mainMenu'}
-                  panels={contextMenuPanels}
+          {hasHoverActions ? (
+            <div
+              ref={rightHoverActionsRef}
+              data-test-subj="embPanel__hoverActions__right"
+              className={classNames(
+                'embPanel__hoverActions',
+                'embPanel__hoverActionsRight',
+                className
+              )}
+              css={css`
+                border: ${viewMode === 'edit' ? DASHED_OUTLINE : SOLID_OUTLINE};
+                ${borderStyles}
+              `}
+            >
+              {viewMode === 'edit' && combineHoverActions && dragHandle}
+              {showNotifications && notificationElements}
+              {showDescription && (
+                <EuiIconTip
+                  title={!hideTitle ? title || undefined : undefined}
+                  content={description}
+                  delay="regular"
+                  position="top"
+                  anchorClassName="embPanel__descriptionTooltipAnchor"
+                  data-test-subj="embeddablePanelDescriptionTooltip"
+                  type="iInCircle"
                 />
-              </EuiPopover>
-            ) : null}
-          </div>
+              )}
+              {quickActionElements.map(
+                ({ iconType, 'data-test-subj': dataTestSubj, onClick, name }, i) => (
+                  <EuiToolTip key={`main_action_${dataTestSubj}_${api?.uuid}`} content={name}>
+                    <EuiButtonIcon
+                      iconType={iconType}
+                      color="text"
+                      onClick={onClick as MouseEventHandler}
+                      data-test-subj={dataTestSubj}
+                      aria-label={name as string}
+                    />
+                  </EuiToolTip>
+                )
+              )}
+              {contextMenuPanels.length ? (
+                <EuiPopover
+                  repositionOnScroll
+                  panelPaddingSize="none"
+                  anchorPosition="downRight"
+                  button={ContextMenuButton}
+                  isOpen={isContextMenuOpen}
+                  className={contextMenuClasses}
+                  closePopover={onClose}
+                  data-test-subj={
+                    isContextMenuOpen
+                      ? 'embeddablePanelContextMenuOpen'
+                      : 'embeddablePanelContextMenuClosed'
+                  }
+                  focusTrapProps={{
+                    closeOnMouseup: true,
+                    clickOutsideDisables: false,
+                    onClickOutside: onClose,
+                  }}
+                >
+                  <EuiContextMenu
+                    data-test-subj="presentationPanelContextMenuItems"
+                    initialPanelId={'mainMenu'}
+                    panels={contextMenuPanels}
+                  />
+                </EuiPopover>
+              ) : null}
+            </div>
+          ) : null}
         </div>
       ) : null}
     </div>
diff --git a/src/plugins/presentation_panel/public/panel_component/presentation_panel.tsx b/src/plugins/presentation_panel/public/panel_component/presentation_panel.tsx
index 7a403261b5995..3f509ebdc0a6c 100644
--- a/src/plugins/presentation_panel/public/panel_component/presentation_panel.tsx
+++ b/src/plugins/presentation_panel/public/panel_component/presentation_panel.tsx
@@ -14,6 +14,8 @@ import { PanelLoader } from '@kbn/panel-loader';
 import { isPromise } from '@kbn/std';
 import React from 'react';
 import useAsync from 'react-use/lib/useAsync';
+import { css } from '@emotion/react';
+import { euiThemeVars } from '@kbn/ui-theme';
 import { untilPluginStartServicesReady } from '../kibana_services';
 import { PresentationPanelError } from './presentation_panel_error';
 import { DefaultPresentationPanelApi, PresentationPanelProps } from './types';
@@ -55,7 +57,11 @@ export const PresentationPanel = <
       <PanelLoader
         showShadow={props.showShadow}
         showBorder={props.showBorder}
-        dataTestSubj="embeddablePanelLoadingIndicator"
+        css={css`
+          border-radius: ${euiThemeVars.euiBorderRadius};
+        `}
+        dataTestSubj="embed
+        dablePanelLoadingIndicator"
       />
     );
 
diff --git a/src/plugins/presentation_panel/public/panel_component/presentation_panel_internal.tsx b/src/plugins/presentation_panel/public/panel_component/presentation_panel_internal.tsx
index ccf2e694d1b7a..d8c85350f3801 100644
--- a/src/plugins/presentation_panel/public/panel_component/presentation_panel_internal.tsx
+++ b/src/plugins/presentation_panel/public/panel_component/presentation_panel_internal.tsx
@@ -92,7 +92,7 @@ export const PresentationPanelInternal = <
 
   return (
     <PresentationPanelHoverActions
-      {...{ index, api, getActions, actionPredicate, viewMode, showNotifications }}
+      {...{ index, api, getActions, actionPredicate, viewMode, showNotifications, showBorder }}
     >
       <EuiPanel
         role="figure"
@@ -101,7 +101,6 @@ export const PresentationPanelInternal = <
           'embPanel--editing': viewMode === 'edit',
         })}
         hasShadow={showShadow}
-        hasBorder={showBorder}
         aria-labelledby={headerId}
         data-test-subj="embeddablePanel"
         {...contentAttrs}
diff --git a/src/plugins/saved_objects_management/server/routes/bulk_delete.ts b/src/plugins/saved_objects_management/server/routes/bulk_delete.ts
index ed82726ade0da..da082cc85a1b4 100644
--- a/src/plugins/saved_objects_management/server/routes/bulk_delete.ts
+++ b/src/plugins/saved_objects_management/server/routes/bulk_delete.ts
@@ -15,6 +15,12 @@ export const registerBulkDeleteRoute = (router: IRouter) => {
   router.post(
     {
       path: '/internal/kibana/management/saved_objects/_bulk_delete',
+      security: {
+        authz: {
+          enabled: false,
+          reason: 'This route is opted out from authorization',
+        },
+      },
       validate: {
         body: schema.arrayOf(
           schema.object({
diff --git a/src/plugins/saved_objects_management/server/routes/bulk_get.ts b/src/plugins/saved_objects_management/server/routes/bulk_get.ts
index 9b7c1505cc699..59efd552196c8 100644
--- a/src/plugins/saved_objects_management/server/routes/bulk_get.ts
+++ b/src/plugins/saved_objects_management/server/routes/bulk_get.ts
@@ -20,6 +20,12 @@ export const registerBulkGetRoute = (
   router.post(
     {
       path: '/api/kibana/management/saved_objects/_bulk_get',
+      security: {
+        authz: {
+          enabled: false,
+          reason: 'This route is opted out from authorization',
+        },
+      },
       validate: {
         body: schema.arrayOf(
           schema.object({
diff --git a/src/plugins/saved_objects_management/server/routes/find.ts b/src/plugins/saved_objects_management/server/routes/find.ts
index 8b37c3550f7da..e1c028a4fab2c 100644
--- a/src/plugins/saved_objects_management/server/routes/find.ts
+++ b/src/plugins/saved_objects_management/server/routes/find.ts
@@ -34,6 +34,12 @@ export const registerFindRoute = (
   router.get(
     {
       path: '/api/kibana/management/saved_objects/_find',
+      security: {
+        authz: {
+          enabled: false,
+          reason: 'This route is opted out from authorization',
+        },
+      },
       validate: {
         query: schema.object({
           perPage: schema.number({ min: 0, defaultValue: 20 }),
diff --git a/src/plugins/saved_objects_management/server/routes/get_allowed_types.ts b/src/plugins/saved_objects_management/server/routes/get_allowed_types.ts
index c484f5643d8cc..6b89643e8142e 100644
--- a/src/plugins/saved_objects_management/server/routes/get_allowed_types.ts
+++ b/src/plugins/saved_objects_management/server/routes/get_allowed_types.ts
@@ -23,6 +23,12 @@ export const registerGetAllowedTypesRoute = (router: IRouter) => {
   router.get(
     {
       path: '/api/kibana/management/saved_objects/_allowed_types',
+      security: {
+        authz: {
+          enabled: false,
+          reason: 'This route is opted out from authorization',
+        },
+      },
       validate: false,
     },
     async (context, req, res) => {
diff --git a/src/plugins/saved_objects_management/server/routes/relationships.ts b/src/plugins/saved_objects_management/server/routes/relationships.ts
index 7f06e6a5dabc8..d39f001f2f2a1 100644
--- a/src/plugins/saved_objects_management/server/routes/relationships.ts
+++ b/src/plugins/saved_objects_management/server/routes/relationships.ts
@@ -21,6 +21,12 @@ export const registerRelationshipsRoute = (
   router.get(
     {
       path: '/api/kibana/management/saved_objects/relationships/{type}/{id}',
+      security: {
+        authz: {
+          enabled: false,
+          reason: 'This route is opted out from authorization',
+        },
+      },
       validate: {
         params: schema.object({
           type: schema.string(),
diff --git a/src/plugins/saved_objects_management/server/routes/scroll_count.ts b/src/plugins/saved_objects_management/server/routes/scroll_count.ts
index 31c01536d6003..3116ca3a22fb1 100644
--- a/src/plugins/saved_objects_management/server/routes/scroll_count.ts
+++ b/src/plugins/saved_objects_management/server/routes/scroll_count.ts
@@ -17,6 +17,12 @@ export const registerScrollForCountRoute = (router: IRouter) => {
   router.post(
     {
       path: '/api/kibana/management/saved_objects/scroll/counts',
+      security: {
+        authz: {
+          enabled: false,
+          reason: 'This route is opted out from authorization',
+        },
+      },
       validate: {
         body: schema.object({
           typesToInclude: schema.arrayOf(schema.string()),
diff --git a/src/plugins/telemetry/server/routes/telemetry_config.ts b/src/plugins/telemetry/server/routes/telemetry_config.ts
index ebc5ca53985e9..700e778ceea27 100644
--- a/src/plugins/telemetry/server/routes/telemetry_config.ts
+++ b/src/plugins/telemetry/server/routes/telemetry_config.ts
@@ -102,12 +102,46 @@ export function registerTelemetryConfigRoutes({
       options: { authRequired: 'optional' },
     })
     // Just because it used to be /v2/, we are creating identical v1 and v2.
-    .addVersion({ version: '1', validate: v2Validations }, v2Handler)
-    .addVersion({ version: '2', validate: v2Validations }, v2Handler);
+    .addVersion(
+      {
+        version: '1',
+        security: {
+          authz: {
+            enabled: false,
+            reason: 'This route is opted out from authorization',
+          },
+        },
+        validate: v2Validations,
+      },
+      v2Handler
+    )
+    .addVersion(
+      {
+        version: '2',
+        security: {
+          authz: {
+            enabled: false,
+            reason: 'This route is opted out from authorization',
+          },
+        },
+        validate: v2Validations,
+      },
+      v2Handler
+    );
 
   // Register the deprecated public and path-based for BWC
   // as we know this one is used by other Elastic products to fetch the opt-in status.
-  router.versioned
-    .get({ access: 'public', path: FetchTelemetryConfigRoutePathBasedV2 })
-    .addVersion({ version: '2023-10-31', validate: v2Validations }, v2Handler);
+  router.versioned.get({ access: 'public', path: FetchTelemetryConfigRoutePathBasedV2 }).addVersion(
+    {
+      version: '2023-10-31',
+      security: {
+        authz: {
+          enabled: false,
+          reason: 'This route is opted out from authorization',
+        },
+      },
+      validate: v2Validations,
+    },
+    v2Handler
+  );
 }
diff --git a/src/plugins/telemetry/server/routes/telemetry_last_reported.ts b/src/plugins/telemetry/server/routes/telemetry_last_reported.ts
index 299d457e080b6..932b7ab8db9cc 100644
--- a/src/plugins/telemetry/server/routes/telemetry_last_reported.ts
+++ b/src/plugins/telemetry/server/routes/telemetry_last_reported.ts
@@ -40,8 +40,32 @@ export function registerTelemetryLastReported(
   router.versioned
     .get({ access: 'internal', path: LastReportedRoute })
     // Just because it used to be /v2/, we are creating identical v1 and v2.
-    .addVersion({ version: '1', validate: v2GetValidations }, v2GetHandler)
-    .addVersion({ version: '2', validate: v2GetValidations }, v2GetHandler);
+    .addVersion(
+      {
+        version: '1',
+        security: {
+          authz: {
+            enabled: false,
+            reason: 'This route is opted out from authorization',
+          },
+        },
+        validate: v2GetValidations,
+      },
+      v2GetHandler
+    )
+    .addVersion(
+      {
+        version: '2',
+        security: {
+          authz: {
+            enabled: false,
+            reason: 'This route is opted out from authorization',
+          },
+        },
+        validate: v2GetValidations,
+      },
+      v2GetHandler
+    );
 
   // PUT to update
   const v2PutHandler: RequestHandler = async (context, req, res) => {
@@ -55,6 +79,30 @@ export function registerTelemetryLastReported(
   router.versioned
     .put({ access: 'internal', path: LastReportedRoute })
     // Just because it used to be /v2/, we are creating identical v1 and v2.
-    .addVersion({ version: '1', validate: false }, v2PutHandler)
-    .addVersion({ version: '2', validate: false }, v2PutHandler);
+    .addVersion(
+      {
+        version: '1',
+        security: {
+          authz: {
+            enabled: false,
+            reason: 'This route is opted out from authorization',
+          },
+        },
+        validate: false,
+      },
+      v2PutHandler
+    )
+    .addVersion(
+      {
+        version: '2',
+        security: {
+          authz: {
+            enabled: false,
+            reason: 'This route is opted out from authorization',
+          },
+        },
+        validate: false,
+      },
+      v2PutHandler
+    );
 }
diff --git a/src/plugins/telemetry/server/routes/telemetry_opt_in.ts b/src/plugins/telemetry/server/routes/telemetry_opt_in.ts
index 21b674c3dc45d..de13162ff0619 100644
--- a/src/plugins/telemetry/server/routes/telemetry_opt_in.ts
+++ b/src/plugins/telemetry/server/routes/telemetry_opt_in.ts
@@ -128,6 +128,30 @@ export function registerTelemetryOptInRoutes({
   router.versioned
     .post({ access: 'internal', path: OptInRoute })
     // Just because it used to be /v2/, we are creating identical v1 and v2.
-    .addVersion({ version: '1', validate: v2Validations }, v2Handler)
-    .addVersion({ version: '2', validate: v2Validations }, v2Handler);
+    .addVersion(
+      {
+        version: '1',
+        security: {
+          authz: {
+            enabled: false,
+            reason: 'This route is opted out from authorization',
+          },
+        },
+        validate: v2Validations,
+      },
+      v2Handler
+    )
+    .addVersion(
+      {
+        version: '2',
+        security: {
+          authz: {
+            enabled: false,
+            reason: 'This route is opted out from authorization',
+          },
+        },
+        validate: v2Validations,
+      },
+      v2Handler
+    );
 }
diff --git a/src/plugins/telemetry/server/routes/telemetry_opt_in_stats.ts b/src/plugins/telemetry/server/routes/telemetry_opt_in_stats.ts
index dcd7790b67e68..0c38b59818500 100644
--- a/src/plugins/telemetry/server/routes/telemetry_opt_in_stats.ts
+++ b/src/plugins/telemetry/server/routes/telemetry_opt_in_stats.ts
@@ -72,6 +72,12 @@ export function registerTelemetryOptInStatsRoutes(
     .addVersion(
       {
         version: '2023-10-31',
+        security: {
+          authz: {
+            enabled: false,
+            reason: 'This route is opted out from authorization',
+          },
+        },
         validate: {
           request: {
             body: schema.object({
diff --git a/src/plugins/telemetry/server/routes/telemetry_usage_stats.ts b/src/plugins/telemetry/server/routes/telemetry_usage_stats.ts
index f19ec804ac6e9..28198c853e4b5 100644
--- a/src/plugins/telemetry/server/routes/telemetry_usage_stats.ts
+++ b/src/plugins/telemetry/server/routes/telemetry_usage_stats.ts
@@ -97,6 +97,30 @@ export function registerTelemetryUsageStatsRoutes(
       enableQueryVersion: true, // Allow specifying the version through querystring so that we can use it in Dev Console
     })
     // Just because it used to be /v2/, we are creating identical v1 and v2.
-    .addVersion({ version: '1', validate: v2Validations }, v2Handler)
-    .addVersion({ version: '2', validate: v2Validations }, v2Handler);
+    .addVersion(
+      {
+        version: '1',
+        security: {
+          authz: {
+            enabled: false,
+            reason: 'This route is opted out from authorization',
+          },
+        },
+        validate: v2Validations,
+      },
+      v2Handler
+    )
+    .addVersion(
+      {
+        version: '2',
+        security: {
+          authz: {
+            enabled: false,
+            reason: 'This route is opted out from authorization',
+          },
+        },
+        validate: v2Validations,
+      },
+      v2Handler
+    );
 }
diff --git a/src/plugins/telemetry/server/routes/telemetry_user_has_seen_notice.ts b/src/plugins/telemetry/server/routes/telemetry_user_has_seen_notice.ts
index 54eaae80648ef..dff8a8f2d5bd4 100644
--- a/src/plugins/telemetry/server/routes/telemetry_user_has_seen_notice.ts
+++ b/src/plugins/telemetry/server/routes/telemetry_user_has_seen_notice.ts
@@ -56,6 +56,30 @@ export function registerTelemetryUserHasSeenNotice(router: IRouter, currentKiban
   router.versioned
     .put({ access: 'internal', path: UserHasSeenNoticeRoute })
     // Just because it used to be /v2/, we are creating identical v1 and v2.
-    .addVersion({ version: '1', validate: false }, v2Handler)
-    .addVersion({ version: '2', validate: false }, v2Handler);
+    .addVersion(
+      {
+        version: '1',
+        security: {
+          authz: {
+            enabled: false,
+            reason: 'This route is opted out from authorization',
+          },
+        },
+        validate: false,
+      },
+      v2Handler
+    )
+    .addVersion(
+      {
+        version: '2',
+        security: {
+          authz: {
+            enabled: false,
+            reason: 'This route is opted out from authorization',
+          },
+        },
+        validate: false,
+      },
+      v2Handler
+    );
 }
diff --git a/src/plugins/unified_histogram/public/chart/breakdown_field_selector.tsx b/src/plugins/unified_histogram/public/chart/breakdown_field_selector.tsx
index 0d6aa1e75fe80..418892bd5434f 100644
--- a/src/plugins/unified_histogram/public/chart/breakdown_field_selector.tsx
+++ b/src/plugins/unified_histogram/public/chart/breakdown_field_selector.tsx
@@ -9,7 +9,12 @@
 
 import React, { useCallback, useMemo } from 'react';
 import { EuiSelectableOption } from '@elastic/eui';
-import { FieldIcon, getFieldIconProps, comboBoxFieldOptionMatcher } from '@kbn/field-utils';
+import {
+  FieldIcon,
+  getFieldIconProps,
+  comboBoxFieldOptionMatcher,
+  fieldSupportsBreakdown,
+} from '@kbn/field-utils';
 import { css } from '@emotion/react';
 import { isESQLColumnGroupable } from '@kbn/esql-utils';
 import { type DataView, DataViewField } from '@kbn/data-views-plugin/common';
@@ -17,7 +22,6 @@ import type { DatatableColumn } from '@kbn/expressions-plugin/common';
 import { convertDatatableColumnToDataViewFieldSpec } from '@kbn/data-view-utils';
 import { i18n } from '@kbn/i18n';
 import { UnifiedHistogramBreakdownContext } from '../types';
-import { fieldSupportsBreakdown } from '../utils/field_supports_breakdown';
 import {
   ToolbarSelector,
   ToolbarSelectorProps,
diff --git a/src/plugins/unified_histogram/public/index.ts b/src/plugins/unified_histogram/public/index.ts
index fda59c78819da..f79db6ce8a51a 100644
--- a/src/plugins/unified_histogram/public/index.ts
+++ b/src/plugins/unified_histogram/public/index.ts
@@ -36,6 +36,5 @@ export type {
 } from './types';
 export { UnifiedHistogramFetchStatus, UnifiedHistogramExternalVisContextStatus } from './types';
 export { canImportVisContext } from './utils/external_vis_context';
-export { fieldSupportsBreakdown } from './utils/field_supports_breakdown';
 
 export const plugin = () => new UnifiedHistogramPublicPlugin();
diff --git a/src/plugins/unified_histogram/public/services/lens_vis_service.ts b/src/plugins/unified_histogram/public/services/lens_vis_service.ts
index 2367e729b5a70..04bf810848f29 100644
--- a/src/plugins/unified_histogram/public/services/lens_vis_service.ts
+++ b/src/plugins/unified_histogram/public/services/lens_vis_service.ts
@@ -36,6 +36,7 @@ import { LegendSize } from '@kbn/visualizations-plugin/public';
 import { XYConfiguration } from '@kbn/visualizations-plugin/common';
 import type { Datatable, DatatableColumn } from '@kbn/expressions-plugin/common';
 import type { DataPublicPluginStart } from '@kbn/data-plugin/public';
+import { fieldSupportsBreakdown } from '@kbn/field-utils';
 import {
   UnifiedHistogramExternalVisContextStatus,
   UnifiedHistogramSuggestionContext,
@@ -49,7 +50,6 @@ import {
   injectESQLQueryIntoLensLayers,
 } from '../utils/external_vis_context';
 import { computeInterval } from '../utils/compute_interval';
-import { fieldSupportsBreakdown } from '../utils/field_supports_breakdown';
 import { shouldDisplayHistogram } from '../layout/helpers';
 import { enrichLensAttributesWithTablesData } from '../utils/lens_vis_from_table';
 
diff --git a/src/plugins/unified_search/public/dataview_picker/change_dataview.tsx b/src/plugins/unified_search/public/dataview_picker/change_dataview.tsx
index ade754004b8ef..d89621d598679 100644
--- a/src/plugins/unified_search/public/dataview_picker/change_dataview.tsx
+++ b/src/plugins/unified_search/public/dataview_picker/change_dataview.tsx
@@ -43,6 +43,10 @@ const mapAdHocDataView = (adHocDataView: DataView): DataViewListItemEnhanced =>
   };
 };
 
+const shrinkableContainerCss = css`
+  min-width: 0;
+`;
+
 export function ChangeDataView({
   isMissingCurrent,
   currentDataViewId,
@@ -238,7 +242,7 @@ export function ChangeDataView({
   return (
     <EuiFlexGroup alignItems="center" gutterSize="s" responsive={false}>
       <>
-        <EuiFlexItem grow={true}>
+        <EuiFlexItem grow={true} css={shrinkableContainerCss}>
           <EuiFlexGroup alignItems="center" gutterSize="none" responsive={false}>
             <EuiFlexItem
               grow={false}
@@ -254,7 +258,7 @@ export function ChangeDataView({
                 defaultMessage: 'Data view',
               })}
             </EuiFlexItem>
-            <EuiFlexItem grow={true}>
+            <EuiFlexItem grow={true} css={shrinkableContainerCss}>
               <EuiPopover
                 panelClassName="changeDataViewPopover"
                 button={createTrigger()}
diff --git a/src/plugins/usage_collection/server/routes/stats/stats.ts b/src/plugins/usage_collection/server/routes/stats/stats.ts
index 95a82abbbf150..3a7683bb1c46d 100644
--- a/src/plugins/usage_collection/server/routes/stats/stats.ts
+++ b/src/plugins/usage_collection/server/routes/stats/stats.ts
@@ -54,6 +54,12 @@ export function registerStatsRoute({
   router.get(
     {
       path: '/api/stats',
+      security: {
+        authz: {
+          enabled: false,
+          reason: 'This route is opted out from authorization',
+        },
+      },
       options: {
         authRequired: !config.allowAnonymous,
         // The `api` tag ensures that unauthenticated calls receive a 401 rather than a 302 redirect to login page.
diff --git a/src/plugins/usage_collection/server/routes/ui_counters.ts b/src/plugins/usage_collection/server/routes/ui_counters.ts
index 2545afb7f90fc..fbeba04ac1901 100644
--- a/src/plugins/usage_collection/server/routes/ui_counters.ts
+++ b/src/plugins/usage_collection/server/routes/ui_counters.ts
@@ -21,6 +21,12 @@ export function registerUiCountersRoute(
   router.post(
     {
       path: '/api/ui_counters/_report',
+      security: {
+        authz: {
+          enabled: false,
+          reason: 'This route is opted out from authorization',
+        },
+      },
       validate: {
         body: schema.object({
           report: reportSchema,
diff --git a/src/plugins/vis_types/timeseries/kibana.jsonc b/src/plugins/vis_types/timeseries/kibana.jsonc
index bd0e4ac352daa..03cb4697162ed 100644
--- a/src/plugins/vis_types/timeseries/kibana.jsonc
+++ b/src/plugins/vis_types/timeseries/kibana.jsonc
@@ -5,7 +5,7 @@
     "@elastic/kibana-visualizations"
   ],
   "group": "platform",
-  "visibility": "private",
+  "visibility": "shared",
   "description": "Registers the TSVB visualization. TSVB has its one editor, works with index patterns and index strings and contains 6 types of charts: timeseries, topN, table. markdown, metric and gauge.",
   "plugin": {
     "id": "visTypeTimeseries",
diff --git a/test/api_integration/apis/custom_integration/integrations.ts b/test/api_integration/apis/custom_integration/integrations.ts
index e04a119aa06ea..d4e0ed4397703 100644
--- a/test/api_integration/apis/custom_integration/integrations.ts
+++ b/test/api_integration/apis/custom_integration/integrations.ts
@@ -44,7 +44,7 @@ export default function ({ getService }: FtrProviderContext) {
 
         expect(resp.body).to.be.an('array');
 
-        expect(resp.body.length).to.be(108); // the beats
+        expect(resp.body.length).to.be(107); // the beats
       });
     });
   });
diff --git a/test/functional/apps/console/_console.ts b/test/functional/apps/console/_console.ts
index 27339c408de85..e53563542345d 100644
--- a/test/functional/apps/console/_console.ts
+++ b/test/functional/apps/console/_console.ts
@@ -223,5 +223,21 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
         expect(await PageObjects.console.hasSuccessBadge()).to.be(true);
       });
     });
+
+    it('Shows OK when status code is 200 but body is empty', async () => {
+      await PageObjects.console.clearEditorText();
+
+      // This request will return 200 but with an empty body
+      await PageObjects.console.enterText(
+        'POST /_cluster/voting_config_exclusions?node_names=node'
+      );
+      await PageObjects.console.clickPlay();
+
+      await retry.try(async () => {
+        const actualResponse = await PageObjects.console.getOutputText();
+        log.debug(actualResponse);
+        expect(actualResponse).to.contain('OK');
+      });
+    });
   });
 }
diff --git a/test/functional/apps/dashboard_elements/input_control_vis/input_control_options.ts b/test/functional/apps/dashboard_elements/input_control_vis/input_control_options.ts
index cccf19de4070a..675f386eea34a 100644
--- a/test/functional/apps/dashboard_elements/input_control_vis/input_control_options.ts
+++ b/test/functional/apps/dashboard_elements/input_control_vis/input_control_options.ts
@@ -28,6 +28,7 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
   describe('input control options', () => {
     before(async () => {
       await visualize.initTests();
+      await timePicker.resetDefaultAbsoluteRangeViaUiSettings();
       await common.navigateToApp('visualize');
       await visualize.loadSavedVisualization('input control options', {
         navigateToVisualize: false,
diff --git a/test/functional/apps/discover/esql/_esql_view.ts b/test/functional/apps/discover/esql/_esql_view.ts
index 272de320d2051..c5599c409d7b8 100644
--- a/test/functional/apps/discover/esql/_esql_view.ts
+++ b/test/functional/apps/discover/esql/_esql_view.ts
@@ -91,7 +91,7 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
 
         expect(await testSubjects.exists('showQueryBarMenu')).to.be(false);
         expect(await testSubjects.exists('addFilter')).to.be(false);
-        expect(await testSubjects.exists('dscViewModeDocumentButton')).to.be(true);
+        expect(await testSubjects.exists('dscViewModeDocumentButton')).to.be(false);
         // when Lens suggests a table, we render an ESQL based histogram
         expect(await testSubjects.exists('unifiedHistogramChart')).to.be(true);
         expect(await testSubjects.exists('discoverQueryHits')).to.be(true);
@@ -843,6 +843,23 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
         const list = await discover.getHistogramLegendList();
         expect(list).to.eql(['css', 'gif', 'jpg', 'php', 'png']);
       });
+
+      it('should choose breakdown field when selected from field stats', async () => {
+        await discover.selectTextBaseLang();
+        await header.waitUntilLoadingHasFinished();
+        await discover.waitUntilSearchingHasFinished();
+
+        const testQuery = 'from logstash-*';
+        await monacoEditor.setCodeEditorValue(testQuery);
+        await testSubjects.click('querySubmitButton');
+        await header.waitUntilLoadingHasFinished();
+        await discover.waitUntilSearchingHasFinished();
+
+        await unifiedFieldList.clickFieldListAddBreakdownField('extension');
+        await header.waitUntilLoadingHasFinished();
+        const list = await discover.getHistogramLegendList();
+        expect(list).to.eql(['css', 'gif', 'jpg', 'php', 'png']);
+      });
     });
   });
 }
diff --git a/test/functional/apps/discover/group1/_discover_histogram_breakdown.ts b/test/functional/apps/discover/group1/_discover_histogram_breakdown.ts
index 5ce8732e5355a..6f04a6df1b6b4 100644
--- a/test/functional/apps/discover/group1/_discover_histogram_breakdown.ts
+++ b/test/functional/apps/discover/group1/_discover_histogram_breakdown.ts
@@ -14,11 +14,12 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
   const esArchiver = getService('esArchiver');
   const kibanaServer = getService('kibanaServer');
   const filterBar = getService('filterBar');
-  const { common, discover, header, timePicker } = getPageObjects([
+  const { common, discover, header, timePicker, unifiedFieldList } = getPageObjects([
     'common',
     'discover',
     'header',
     'timePicker',
+    'unifiedFieldList',
   ]);
 
   describe('discover unified histogram breakdown', function describeIndexTests() {
@@ -36,6 +37,13 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
       await kibanaServer.importExport.unload('test/functional/fixtures/kbn_archiver/discover');
     });
 
+    it('should apply breakdown when selected from field stats', async () => {
+      await unifiedFieldList.clickFieldListAddBreakdownField('geo.dest');
+      await header.waitUntilLoadingHasFinished();
+      const list = await discover.getHistogramLegendList();
+      expect(list).to.eql(['CN', 'IN', 'US', 'Other']);
+    });
+
     it('should choose breakdown field', async () => {
       await discover.chooseBreakdownField('extension.raw');
       await header.waitUntilLoadingHasFinished();
diff --git a/test/functional/apps/discover/group6/_field_stats_table.ts b/test/functional/apps/discover/group6/_field_stats_table.ts
index c8381976ffbab..4d295ef5ca95c 100644
--- a/test/functional/apps/discover/group6/_field_stats_table.ts
+++ b/test/functional/apps/discover/group6/_field_stats_table.ts
@@ -64,13 +64,11 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
           await testSubjects.existOrFail('discoverDocTable');
         });
 
-        it('should show Field Statistics data in ES|QL mode', async () => {
+        it('should not show Field Statistics data in ES|QL mode', async () => {
           await discover.selectTextBaseLang();
-          await discover.waitUntilSearchingHasFinished();
-
-          await testSubjects.click('dscViewModeFieldStatsButton');
           await header.waitUntilLoadingHasFinished();
-          await testSubjects.existOrFail('dataVisualizerTableContainer');
+          await discover.waitUntilSearchingHasFinished();
+          await testSubjects.missingOrFail('dscViewModeFieldStatsButton');
         });
       });
     });
diff --git a/test/functional/apps/discover/group6/_view_mode_toggle.ts b/test/functional/apps/discover/group6/_view_mode_toggle.ts
index aec1cb6f459ab..2591716c87d00 100644
--- a/test/functional/apps/discover/group6/_view_mode_toggle.ts
+++ b/test/functional/apps/discover/group6/_view_mode_toggle.ts
@@ -95,25 +95,14 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
 
           it('should not show', async function () {
             await testSubjects.missingOrFail('dscViewModePatternAnalysisButton');
-            await retry.try(async () => {
-              const documentTab = await testSubjects.find('dscViewModeDocumentButton');
-              expect(await documentTab.getAttribute('aria-selected')).to.be('true');
-            });
           });
         });
 
-        it('should show Field Statistics tab', async () => {
-          await testSubjects.click('dscViewModeFieldStatsButton');
-
-          await retry.try(async () => {
-            const fieldStatsTab = await testSubjects.find('dscViewModeFieldStatsButton');
-            expect(await fieldStatsTab.getAttribute('aria-selected')).to.be('true');
-          });
-
+        it('should not show Field Statistics tab', async () => {
           await testSubjects.existOrFail('dscViewModeToggle');
         });
 
-        it('should still show view mode toggle for ES|QL searches', async () => {
+        it('should not show view mode toggle for ES|QL searches', async () => {
           await testSubjects.click('dscViewModeDocumentButton');
 
           await retry.try(async () => {
@@ -125,7 +114,8 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
 
           await discover.selectTextBaseLang();
 
-          await testSubjects.existOrFail('dscViewModeToggle');
+          await testSubjects.missingOrFail('dscViewModeToggle');
+          await testSubjects.existOrFail('discoverQueryTotalHits');
 
           if (!useLegacyTable) {
             await testSubjects.existOrFail('unifiedDataTableToolbar');
diff --git a/test/functional/page_objects/unified_field_list.ts b/test/functional/page_objects/unified_field_list.ts
index 14006c8c5d62e..4751769f717bd 100644
--- a/test/functional/page_objects/unified_field_list.ts
+++ b/test/functional/page_objects/unified_field_list.ts
@@ -226,6 +226,16 @@ export class UnifiedFieldListPageObject extends FtrService {
     await this.testSubjects.missingOrFail(`fieldVisualize-${field}`);
   }
 
+  public async clickFieldListAddBreakdownField(field: string) {
+    const addBreakdownFieldTestSubj = `fieldPopoverHeader_addBreakdownField-${field}`;
+    if (!(await this.testSubjects.exists(addBreakdownFieldTestSubj))) {
+      // field has to be open
+      await this.clickFieldListItem(field);
+    }
+    await this.testSubjects.click(addBreakdownFieldTestSubj);
+    await this.header.waitUntilLoadingHasFinished();
+  }
+
   public async clickFieldListPlusFilter(field: string, value: string) {
     const plusFilterTestSubj = `plus-${field}-${value}`;
     if (!(await this.testSubjects.exists(plusFilterTestSubj))) {
diff --git a/test/functional/page_objects/visualize_page.ts b/test/functional/page_objects/visualize_page.ts
index d565c5168641b..315ecba11c6d5 100644
--- a/test/functional/page_objects/visualize_page.ts
+++ b/test/functional/page_objects/visualize_page.ts
@@ -41,6 +41,7 @@ export class VisualizePageObject extends FtrService {
   private readonly elasticChart = this.ctx.getService('elasticChart');
   private readonly common = this.ctx.getPageObject('common');
   private readonly header = this.ctx.getPageObject('header');
+  private readonly timePicker = this.ctx.getPageObject('timePicker');
   private readonly visChart = this.ctx.getPageObject('visChart');
   private readonly toasts = this.ctx.getService('toasts');
 
@@ -63,6 +64,7 @@ export class VisualizePageObject extends FtrService {
       [FORMATS_UI_SETTINGS.FORMAT_BYTES_DEFAULT_PATTERN]: '0,0.[000]b',
       'visualization:visualize:legacyHeatmapChartsLibrary': isLegacyChart,
       'histogram:maxBars': 100,
+      'timepicker:timeDefaults': `{ "from": "${this.timePicker.defaultStartTimeUTC}", "to": "${this.timePicker.defaultEndTimeUTC}"}`,
     });
   }
 
diff --git a/tsconfig.base.json b/tsconfig.base.json
index 68faf44ed74d4..223b2d5a58ca2 100644
--- a/tsconfig.base.json
+++ b/tsconfig.base.json
@@ -1034,6 +1034,8 @@
       "@kbn/import-locator/*": ["packages/kbn-import-locator/*"],
       "@kbn/import-resolver": ["packages/kbn-import-resolver"],
       "@kbn/import-resolver/*": ["packages/kbn-import-resolver/*"],
+      "@kbn/index-adapter": ["packages/kbn-index-adapter"],
+      "@kbn/index-adapter/*": ["packages/kbn-index-adapter/*"],
       "@kbn/index-lifecycle-management-common-shared": ["x-pack/packages/index-lifecycle-management/index_lifecycle_management_common_shared"],
       "@kbn/index-lifecycle-management-common-shared/*": ["x-pack/packages/index-lifecycle-management/index_lifecycle_management_common_shared/*"],
       "@kbn/index-lifecycle-management-plugin": ["x-pack/plugins/index_lifecycle_management"],
@@ -1328,8 +1330,12 @@
       "@kbn/observability-shared-plugin/*": ["x-pack/plugins/observability_solution/observability_shared/*"],
       "@kbn/observability-synthetics-test-data": ["x-pack/packages/observability/synthetics_test_data"],
       "@kbn/observability-synthetics-test-data/*": ["x-pack/packages/observability/synthetics_test_data/*"],
-      "@kbn/observability-utils": ["x-pack/packages/observability/observability_utils"],
-      "@kbn/observability-utils/*": ["x-pack/packages/observability/observability_utils/*"],
+      "@kbn/observability-utils-browser": ["x-pack/packages/observability/observability_utils/observability_utils_browser"],
+      "@kbn/observability-utils-browser/*": ["x-pack/packages/observability/observability_utils/observability_utils_browser/*"],
+      "@kbn/observability-utils-common": ["x-pack/packages/observability/observability_utils/observability_utils_common"],
+      "@kbn/observability-utils-common/*": ["x-pack/packages/observability/observability_utils/observability_utils_common/*"],
+      "@kbn/observability-utils-server": ["x-pack/packages/observability/observability_utils/observability_utils_server"],
+      "@kbn/observability-utils-server/*": ["x-pack/packages/observability/observability_utils/observability_utils_server/*"],
       "@kbn/oidc-provider-plugin": ["x-pack/test/security_api_integration/plugins/oidc_provider"],
       "@kbn/oidc-provider-plugin/*": ["x-pack/test/security_api_integration/plugins/oidc_provider/*"],
       "@kbn/open-telemetry-instrumented-plugin": ["test/common/plugins/otel_metrics"],
@@ -1826,6 +1832,8 @@
       "@kbn/stdio-dev-helpers/*": ["packages/kbn-stdio-dev-helpers/*"],
       "@kbn/storybook": ["packages/kbn-storybook"],
       "@kbn/storybook/*": ["packages/kbn-storybook/*"],
+      "@kbn/streams-plugin": ["x-pack/plugins/streams"],
+      "@kbn/streams-plugin/*": ["x-pack/plugins/streams/*"],
       "@kbn/synthetics-e2e": ["x-pack/plugins/observability_solution/synthetics/e2e"],
       "@kbn/synthetics-e2e/*": ["x-pack/plugins/observability_solution/synthetics/e2e/*"],
       "@kbn/synthetics-plugin": ["x-pack/plugins/observability_solution/synthetics"],
diff --git a/versions.json b/versions.json
index ac2bcf4de9b8f..c657a16ecc1ac 100644
--- a/versions.json
+++ b/versions.json
@@ -14,12 +14,12 @@
       "previousMinor": true
     },
     {
-      "version": "8.16.0",
+      "version": "8.16.1",
       "branch": "8.16",
       "previousMajor": true
     },
     {
-      "version": "8.15.4",
+      "version": "8.15.5",
       "branch": "8.15",
       "previousMajor": true
     },
diff --git a/x-pack/packages/ai-infra/inference-common/index.ts b/x-pack/packages/ai-infra/inference-common/index.ts
index 502d8e86a0beb..2791896c801ef 100644
--- a/x-pack/packages/ai-infra/inference-common/index.ts
+++ b/x-pack/packages/ai-infra/inference-common/index.ts
@@ -81,3 +81,5 @@ export {
   isInferenceInternalError,
   isInferenceRequestError,
 } from './src/errors';
+
+export { truncateList } from './src/truncate_list';
diff --git a/x-pack/plugins/inference/common/utils/truncate_list.ts b/x-pack/packages/ai-infra/inference-common/src/truncate_list.ts
similarity index 100%
rename from x-pack/plugins/inference/common/utils/truncate_list.ts
rename to x-pack/packages/ai-infra/inference-common/src/truncate_list.ts
diff --git a/x-pack/packages/kbn-ai-assistant/src/chat/chat_item.tsx b/x-pack/packages/kbn-ai-assistant/src/chat/chat_item.tsx
index 23bdbdaea3593..fac7c77570673 100644
--- a/x-pack/packages/kbn-ai-assistant/src/chat/chat_item.tsx
+++ b/x-pack/packages/kbn-ai-assistant/src/chat/chat_item.tsx
@@ -99,7 +99,7 @@ export function ChatItem({
   const [editing, setEditing] = useState<boolean>(false);
   const [expanded, setExpanded] = useState<boolean>(Boolean(element));
 
-  const actions = [canCopy, collapsed, canCopy].filter(Boolean);
+  const actions = [canCopy, collapsed].filter(Boolean);
 
   const noBodyMessageClassName = css`
     ${moreCompactHeaderClassName}
@@ -182,7 +182,7 @@ export function ChatItem({
         />
       }
       className={
-        actions.length === 0 && !content
+        actions.length === 0 && !content && !element
           ? noPanelMessageClassName
           : collapsed
           ? noBodyMessageClassName
diff --git a/x-pack/packages/kbn-ai-assistant/src/utils/get_timeline_items_from_conversation.test.tsx b/x-pack/packages/kbn-ai-assistant/src/utils/get_timeline_items_from_conversation.test.tsx
index 6a304430103ab..7dcf9cadb6bbf 100644
--- a/x-pack/packages/kbn-ai-assistant/src/utils/get_timeline_items_from_conversation.test.tsx
+++ b/x-pack/packages/kbn-ai-assistant/src/utils/get_timeline_items_from_conversation.test.tsx
@@ -247,7 +247,7 @@ describe('getTimelineItemsFromConversation', () => {
 
       expect(pick(items[3], 'actions', 'display')).toEqual({
         actions: {
-          canCopy: true,
+          canCopy: false,
           canEdit: false,
           canGiveFeedback: false,
           canRegenerate: false,
diff --git a/x-pack/packages/kbn-ai-assistant/src/utils/get_timeline_items_from_conversation.tsx b/x-pack/packages/kbn-ai-assistant/src/utils/get_timeline_items_from_conversation.tsx
index 999ac4f095025..5160e8b636b6c 100644
--- a/x-pack/packages/kbn-ai-assistant/src/utils/get_timeline_items_from_conversation.tsx
+++ b/x-pack/packages/kbn-ai-assistant/src/utils/get_timeline_items_from_conversation.tsx
@@ -130,7 +130,6 @@ export function getTimelineItemsfromConversation({
 
       switch (role) {
         case MessageRole.User:
-          actions.canCopy = true;
           actions.canGiveFeedback = false;
           actions.canRegenerate = false;
 
@@ -210,11 +209,16 @@ export function getTimelineItemsfromConversation({
             display.collapsed = false;
           }
 
+          if (!content) {
+            actions.canCopy = false;
+          } else {
+            actions.canCopy = true;
+          }
+
           break;
 
         case MessageRole.Assistant:
           actions.canRegenerate = hasConnector;
-          actions.canCopy = true;
           actions.canGiveFeedback = true;
           display.hide = false;
 
@@ -250,6 +254,13 @@ export function getTimelineItemsfromConversation({
             display.collapsed = false;
             actions.canEdit = false;
           }
+
+          if (!content) {
+            actions.canCopy = false;
+          } else {
+            actions.canCopy = true;
+          }
+
           break;
       }
 
diff --git a/x-pack/packages/kbn-cloud-security-posture/graph/src/components/edge/styles.tsx b/x-pack/packages/kbn-cloud-security-posture/graph/src/components/edge/styles.tsx
index 8f7c5e29ec3fe..58ecea3bc3bea 100644
--- a/x-pack/packages/kbn-cloud-security-posture/graph/src/components/edge/styles.tsx
+++ b/x-pack/packages/kbn-cloud-security-posture/graph/src/components/edge/styles.tsx
@@ -128,7 +128,7 @@ export const SvgDefsMarker = () => {
   const { euiTheme } = useEuiTheme();
 
   return (
-    <svg style={{ position: 'absolute', top: 0, left: 0 }}>
+    <svg style={{ position: 'absolute', width: 0, height: 0 }}>
       <defs>
         <Marker id="primary" color={euiTheme.colors.primary} />
         <Marker id="danger" color={euiTheme.colors.danger} />
diff --git a/x-pack/packages/kbn-cloud-security-posture/graph/src/components/graph/graph.tsx b/x-pack/packages/kbn-cloud-security-posture/graph/src/components/graph/graph.tsx
index eca9872d73897..0b956cb19e10d 100644
--- a/x-pack/packages/kbn-cloud-security-posture/graph/src/components/graph/graph.tsx
+++ b/x-pack/packages/kbn-cloud-security-posture/graph/src/components/graph/graph.tsx
@@ -5,7 +5,8 @@
  * 2.0.
  */
 
-import React, { useMemo, useRef, useState, useCallback } from 'react';
+import React, { useState, useCallback, useEffect, useRef } from 'react';
+import { size, isEmpty, isEqual, xorWith } from 'lodash';
 import {
   Background,
   Controls,
@@ -14,7 +15,8 @@ import {
   useEdgesState,
   useNodesState,
 } from '@xyflow/react';
-import type { Edge, Node } from '@xyflow/react';
+import type { Edge, FitViewOptions, Node, ReactFlowInstance } from '@xyflow/react';
+import { useGeneratedHtmlId } from '@elastic/eui';
 import type { CommonProps } from '@elastic/eui';
 import { SvgDefsMarker } from '../edge/styles';
 import {
@@ -33,9 +35,23 @@ import type { EdgeViewModel, NodeViewModel } from '../types';
 import '@xyflow/react/dist/style.css';
 
 export interface GraphProps extends CommonProps {
+  /**
+   * Array of node view models to be rendered in the graph.
+   */
   nodes: NodeViewModel[];
+  /**
+   * Array of edge view models to be rendered in the graph.
+   */
   edges: EdgeViewModel[];
+  /**
+   * Determines whether the graph is interactive (allows panning, zooming, etc.).
+   * When set to false, the graph is locked and user interactions are disabled, effectively putting it in view-only mode.
+   */
   interactive: boolean;
+  /**
+   * Determines whether the graph is locked. Nodes and edges are still interactive, but the graph itself is not.
+   */
+  isLocked?: boolean;
 }
 
 const nodeTypes = {
@@ -66,28 +82,47 @@ const edgeTypes = {
  *
  * @returns {JSX.Element} The rendered Graph component.
  */
-export const Graph: React.FC<GraphProps> = ({ nodes, edges, interactive, ...rest }) => {
-  const layoutCalled = useRef(false);
-  const [isGraphLocked, setIsGraphLocked] = useState(interactive);
-  const { initialNodes, initialEdges } = useMemo(
-    () => processGraph(nodes, edges, isGraphLocked),
-    [nodes, edges, isGraphLocked]
-  );
-
-  const [nodesState, setNodes, onNodesChange] = useNodesState(initialNodes);
-  const [edgesState, _setEdges, onEdgesChange] = useEdgesState(initialEdges);
-
-  if (!layoutCalled.current) {
-    const { nodes: layoutedNodes } = layoutGraph(nodesState, edgesState);
-    setNodes(layoutedNodes);
-    layoutCalled.current = true;
-  }
+export const Graph: React.FC<GraphProps> = ({
+  nodes,
+  edges,
+  interactive,
+  isLocked = false,
+  ...rest
+}) => {
+  const backgroundId = useGeneratedHtmlId();
+  const fitViewRef = useRef<
+    ((fitViewOptions?: FitViewOptions<Node> | undefined) => Promise<boolean>) | null
+  >(null);
+  const currNodesRef = useRef<NodeViewModel[]>([]);
+  const currEdgesRef = useRef<EdgeViewModel[]>([]);
+  const [isGraphInteractive, setIsGraphInteractive] = useState(interactive);
+  const [nodesState, setNodes, onNodesChange] = useNodesState<Node<NodeViewModel>>([]);
+  const [edgesState, setEdges, onEdgesChange] = useEdgesState<Edge<EdgeViewModel>>([]);
+
+  useEffect(() => {
+    // On nodes or edges changes reset the graph and re-layout
+    if (
+      !isArrayOfObjectsEqual(nodes, currNodesRef.current) ||
+      !isArrayOfObjectsEqual(edges, currEdgesRef.current)
+    ) {
+      const { initialNodes, initialEdges } = processGraph(nodes, edges, isGraphInteractive);
+      const { nodes: layoutedNodes } = layoutGraph(initialNodes, initialEdges);
+
+      setNodes(layoutedNodes);
+      setEdges(initialEdges);
+      currNodesRef.current = nodes;
+      currEdgesRef.current = edges;
+      setTimeout(() => {
+        fitViewRef.current?.();
+      }, 30);
+    }
+  }, [nodes, edges, setNodes, setEdges, isGraphInteractive]);
 
   const onInteractiveStateChange = useCallback(
     (interactiveStatus: boolean): void => {
-      setIsGraphLocked(interactiveStatus);
-      setNodes((prevNodes) =>
-        prevNodes.map((node) => ({
+      setIsGraphInteractive(interactiveStatus);
+      setNodes((currNodes) =>
+        currNodes.map((node) => ({
           ...node,
           data: {
             ...node.data,
@@ -99,23 +134,29 @@ export const Graph: React.FC<GraphProps> = ({ nodes, edges, interactive, ...rest
     [setNodes]
   );
 
+  const onInitCallback = useCallback(
+    (xyflow: ReactFlowInstance<Node<NodeViewModel>, Edge<EdgeViewModel>>) => {
+      window.requestAnimationFrame(() => xyflow.fitView());
+      fitViewRef.current = xyflow.fitView;
+
+      // When the graph is not initialized as interactive, we need to fit the view on resize
+      if (!interactive) {
+        const resizeObserver = new ResizeObserver(() => {
+          xyflow.fitView();
+        });
+        resizeObserver.observe(document.querySelector('.react-flow') as Element);
+        return () => resizeObserver.disconnect();
+      }
+    },
+    [interactive]
+  );
+
   return (
     <div {...rest}>
       <SvgDefsMarker />
       <ReactFlow
         fitView={true}
-        onInit={(xyflow) => {
-          window.requestAnimationFrame(() => xyflow.fitView());
-
-          // When the graph is not initialized as interactive, we need to fit the view on resize
-          if (!interactive) {
-            const resizeObserver = new ResizeObserver(() => {
-              xyflow.fitView();
-            });
-            resizeObserver.observe(document.querySelector('.react-flow') as Element);
-            return () => resizeObserver.disconnect();
-          }
-        }}
+        onInit={onInitCallback}
         nodeTypes={nodeTypes}
         edgeTypes={edgeTypes}
         nodes={nodesState}
@@ -123,16 +164,17 @@ export const Graph: React.FC<GraphProps> = ({ nodes, edges, interactive, ...rest
         onNodesChange={onNodesChange}
         onEdgesChange={onEdgesChange}
         proOptions={{ hideAttribution: true }}
-        panOnDrag={isGraphLocked}
-        zoomOnScroll={isGraphLocked}
-        zoomOnPinch={isGraphLocked}
-        zoomOnDoubleClick={isGraphLocked}
-        preventScrolling={isGraphLocked}
-        nodesDraggable={interactive && isGraphLocked}
+        panOnDrag={isGraphInteractive && !isLocked}
+        zoomOnScroll={isGraphInteractive && !isLocked}
+        zoomOnPinch={isGraphInteractive && !isLocked}
+        zoomOnDoubleClick={isGraphInteractive && !isLocked}
+        preventScrolling={interactive}
+        nodesDraggable={interactive && isGraphInteractive && !isLocked}
         maxZoom={1.3}
+        minZoom={0.1}
       >
         {interactive && <Controls onInteractiveChange={onInteractiveStateChange} />}
-        <Background />
+        <Background id={backgroundId} />{' '}
       </ReactFlow>
     </div>
   );
@@ -173,32 +215,41 @@ const processGraph = (
     return node;
   });
 
-  const initialEdges: Array<Edge<EdgeViewModel>> = edgesModel.map((edgeData) => {
-    const isIn =
-      nodesById[edgeData.source].shape !== 'label' && nodesById[edgeData.target].shape === 'group';
-    const isInside =
-      nodesById[edgeData.source].shape === 'group' && nodesById[edgeData.target].shape === 'label';
-    const isOut =
-      nodesById[edgeData.source].shape === 'label' && nodesById[edgeData.target].shape === 'group';
-    const isOutside =
-      nodesById[edgeData.source].shape === 'group' && nodesById[edgeData.target].shape !== 'label';
-
-    return {
-      id: edgeData.id,
-      type: 'default',
-      source: edgeData.source,
-      sourceHandle: isInside ? 'inside' : isOutside ? 'outside' : undefined,
-      target: edgeData.target,
-      targetHandle: isIn ? 'in' : isOut ? 'out' : undefined,
-      focusable: false,
-      selectable: false,
-      data: {
-        ...edgeData,
-        sourceShape: nodesById[edgeData.source].shape,
-        targetShape: nodesById[edgeData.target].shape,
-      },
-    };
-  });
+  const initialEdges: Array<Edge<EdgeViewModel>> = edgesModel
+    .filter((edgeData) => nodesById[edgeData.source] && nodesById[edgeData.target])
+    .map((edgeData) => {
+      const isIn =
+        nodesById[edgeData.source].shape !== 'label' &&
+        nodesById[edgeData.target].shape === 'group';
+      const isInside =
+        nodesById[edgeData.source].shape === 'group' &&
+        nodesById[edgeData.target].shape === 'label';
+      const isOut =
+        nodesById[edgeData.source].shape === 'label' &&
+        nodesById[edgeData.target].shape === 'group';
+      const isOutside =
+        nodesById[edgeData.source].shape === 'group' &&
+        nodesById[edgeData.target].shape !== 'label';
+
+      return {
+        id: edgeData.id,
+        type: 'default',
+        source: edgeData.source,
+        sourceHandle: isInside ? 'inside' : isOutside ? 'outside' : undefined,
+        target: edgeData.target,
+        targetHandle: isIn ? 'in' : isOut ? 'out' : undefined,
+        focusable: false,
+        selectable: false,
+        data: {
+          ...edgeData,
+          sourceShape: nodesById[edgeData.source].shape,
+          targetShape: nodesById[edgeData.target].shape,
+        },
+      };
+    });
 
   return { initialNodes, initialEdges };
 };
+
+const isArrayOfObjectsEqual = (x: object[], y: object[]) =>
+  size(x) === size(y) && isEmpty(xorWith(x, y, isEqual));
diff --git a/x-pack/packages/kbn-cloud-security-posture/graph/src/components/graph/graph_popover.stories.tsx b/x-pack/packages/kbn-cloud-security-posture/graph/src/components/graph/graph_popover.stories.tsx
new file mode 100644
index 0000000000000..6d5b3c1b372fc
--- /dev/null
+++ b/x-pack/packages/kbn-cloud-security-posture/graph/src/components/graph/graph_popover.stories.tsx
@@ -0,0 +1,209 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React, { memo, useCallback, useEffect, useMemo, useRef, useState } from 'react';
+import { ThemeProvider } from '@emotion/react';
+import { Story } from '@storybook/react';
+import { css } from '@emotion/react';
+import { EuiListGroup, EuiHorizontalRule } from '@elastic/eui';
+import type { EntityNodeViewModel, NodeProps } from '..';
+import { Graph } from '..';
+import { GraphPopover } from './graph_popover';
+import { ExpandButtonClickCallback } from '../types';
+import { useGraphPopover } from './use_graph_popover';
+import { ExpandPopoverListItem } from '../styles';
+
+export default {
+  title: 'Components/Graph Components/Graph Popovers',
+  description: 'CDR - Graph visualization',
+  argTypes: {},
+};
+
+const useExpandButtonPopover = () => {
+  const { id, state, actions } = useGraphPopover('node-expand-popover');
+  const { openPopover, closePopover } = actions;
+
+  const selectedNode = useRef<NodeProps | null>(null);
+  const unToggleCallbackRef = useRef<(() => void) | null>(null);
+  const [pendingOpen, setPendingOpen] = useState<{
+    node: NodeProps;
+    el: HTMLElement;
+    unToggleCallback: () => void;
+  } | null>(null);
+
+  const onNodeExpandButtonClick: ExpandButtonClickCallback = useCallback(
+    (e, node, unToggleCallback) => {
+      if (selectedNode.current?.id === node.id) {
+        // If the same node is clicked again, close the popover
+        selectedNode.current = null;
+        unToggleCallbackRef.current?.();
+        unToggleCallbackRef.current = null;
+        closePopover();
+      } else {
+        // Close the current popover if open
+        selectedNode.current = null;
+        unToggleCallbackRef.current?.();
+        unToggleCallbackRef.current = null;
+
+        // Set the pending open state
+        setPendingOpen({ node, el: e.currentTarget, unToggleCallback });
+
+        closePopover();
+      }
+    },
+    [closePopover]
+  );
+
+  useEffect(() => {
+    if (!state.isOpen && pendingOpen) {
+      const { node, el, unToggleCallback } = pendingOpen;
+
+      selectedNode.current = node;
+      unToggleCallbackRef.current = unToggleCallback;
+      openPopover(el);
+
+      setPendingOpen(null);
+    }
+  }, [state.isOpen, pendingOpen, openPopover]);
+
+  const closePopoverHandler = useCallback(() => {
+    selectedNode.current = null;
+    unToggleCallbackRef.current?.();
+    unToggleCallbackRef.current = null;
+    closePopover();
+  }, [closePopover]);
+
+  const PopoverComponent = memo(() => (
+    <GraphPopover
+      panelPaddingSize="s"
+      anchorPosition="rightCenter"
+      isOpen={state.isOpen}
+      anchorElement={state.anchorElement}
+      closePopover={closePopoverHandler}
+    >
+      <EuiListGroup color="primary" gutterSize="none" bordered={false} flush={true}>
+        <ExpandPopoverListItem
+          iconType="visTagCloud"
+          label="Explore related entities"
+          onClick={() => {}}
+        />
+        <ExpandPopoverListItem
+          iconType="users"
+          label="Show actions by this entity"
+          onClick={() => {}}
+        />
+        <ExpandPopoverListItem
+          iconType="storage"
+          label="Show actions on this entity"
+          onClick={() => {}}
+        />
+        <EuiHorizontalRule margin="xs" />
+        <ExpandPopoverListItem iconType="expand" label="View entity details" onClick={() => {}} />
+      </EuiListGroup>
+    </GraphPopover>
+  ));
+
+  const actionsWithClose = useMemo(
+    () => ({
+      ...actions,
+      closePopover: closePopoverHandler,
+    }),
+    [actions, closePopoverHandler]
+  );
+
+  return useMemo(
+    () => ({
+      onNodeExpandButtonClick,
+      Popover: PopoverComponent,
+      id,
+      actions: actionsWithClose,
+      state,
+    }),
+    [PopoverComponent, actionsWithClose, id, onNodeExpandButtonClick, state]
+  );
+};
+
+const useNodePopover = () => {
+  const { id, state, actions } = useGraphPopover('node-popover');
+
+  const PopoverComponent = memo(() => (
+    <GraphPopover
+      panelPaddingSize="s"
+      anchorPosition="upCenter"
+      isOpen={state.isOpen}
+      anchorElement={state.anchorElement}
+      closePopover={actions.closePopover}
+    >
+      TODO
+    </GraphPopover>
+  ));
+
+  return useMemo(
+    () => ({
+      onNodeClick: (e: React.MouseEvent<HTMLElement>) => actions.openPopover(e.currentTarget),
+      Popover: PopoverComponent,
+      id,
+      actions,
+      state,
+    }),
+    [PopoverComponent, actions, id, state]
+  );
+};
+
+const Template: Story = () => {
+  const expandNodePopover = useExpandButtonPopover();
+  const nodePopover = useNodePopover();
+  const popovers = [expandNodePopover, nodePopover];
+  const isPopoverOpen = popovers.some((popover) => popover.state.isOpen);
+
+  const popoverOpenWrapper = (cb: Function, ...args: any[]) => {
+    [expandNodePopover.actions.closePopover, nodePopover.actions.closePopover].forEach(
+      (closePopover) => {
+        closePopover();
+      }
+    );
+    cb.apply(null, args);
+  };
+
+  const expandButtonClickHandler = (...args: any[]) =>
+    popoverOpenWrapper(expandNodePopover.onNodeExpandButtonClick, ...args);
+  const nodeClickHandler = (...args: any[]) => popoverOpenWrapper(nodePopover.onNodeClick, ...args);
+
+  const nodes: EntityNodeViewModel[] = useMemo(
+    () =>
+      (['hexagon', 'ellipse', 'rectangle', 'pentagon', 'diamond'] as const).map((shape, idx) => ({
+        id: `${idx}`,
+        label: `Node ${idx}`,
+        color: 'primary',
+        icon: 'okta',
+        interactive: true,
+        shape,
+        expandButtonClick: expandButtonClickHandler,
+        nodeClick: nodeClickHandler,
+      })),
+    // eslint-disable-next-line react-hooks/exhaustive-deps
+    []
+  );
+
+  return (
+    <ThemeProvider theme={{ darkMode: false }}>
+      <Graph
+        css={css`
+          height: 100%;
+          width: 100%;
+        `}
+        nodes={nodes}
+        edges={[]}
+        interactive={true}
+        isLocked={isPopoverOpen}
+      />
+      {popovers?.map((popover) => popover.Popover && <popover.Popover key={popover.id} />)}
+    </ThemeProvider>
+  );
+};
+
+export const GraphPopovers = Template.bind({});
diff --git a/x-pack/packages/kbn-cloud-security-posture/graph/src/components/graph/graph_popover.tsx b/x-pack/packages/kbn-cloud-security-posture/graph/src/components/graph/graph_popover.tsx
new file mode 100644
index 0000000000000..570c1332a8834
--- /dev/null
+++ b/x-pack/packages/kbn-cloud-security-posture/graph/src/components/graph/graph_popover.tsx
@@ -0,0 +1,85 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React, { type PropsWithChildren } from 'react';
+import type { CommonProps, EuiWrappingPopoverProps } from '@elastic/eui';
+import { EuiWrappingPopover, useEuiTheme } from '@elastic/eui';
+import { css } from '@emotion/react';
+
+export interface GraphPopoverProps
+  extends PropsWithChildren,
+    CommonProps,
+    Pick<
+      EuiWrappingPopoverProps,
+      'anchorPosition' | 'panelClassName' | 'panelPaddingSize' | 'panelStyle'
+    > {
+  isOpen: boolean;
+  anchorElement: HTMLElement | null;
+  closePopover: () => void;
+}
+
+export const GraphPopover: React.FC<GraphPopoverProps> = ({
+  isOpen,
+  anchorElement,
+  closePopover,
+  children,
+  ...rest
+}) => {
+  const { euiTheme } = useEuiTheme();
+
+  if (!anchorElement) {
+    return null;
+  }
+
+  return (
+    <EuiWrappingPopover
+      {...rest}
+      panelProps={{
+        css: css`
+          .euiPopover__arrow[data-popover-arrow='left']:before {
+            border-inline-start-color: ${euiTheme.colors?.body};
+          }
+
+          .euiPopover__arrow[data-popover-arrow='right']:before {
+            border-inline-end-color: ${euiTheme.colors?.body};
+          }
+
+          .euiPopover__arrow[data-popover-arrow='bottom']:before {
+            border-block-end-color: ${euiTheme.colors?.body};
+          }
+
+          .euiPopover__arrow[data-popover-arrow='top']:before {
+            border-block-start-color: ${euiTheme.colors?.body};
+          }
+
+          background-color: ${euiTheme.colors?.body};
+        `,
+      }}
+      color={euiTheme.colors?.body}
+      isOpen={isOpen}
+      closePopover={closePopover}
+      button={anchorElement}
+      ownFocus={true}
+      focusTrapProps={{
+        clickOutsideDisables: false,
+        disabled: false,
+        crossFrame: true,
+        noIsolation: false,
+        returnFocus: (_el) => {
+          anchorElement.focus();
+          return false;
+        },
+        preventScrollOnFocus: true,
+        onClickOutside: () => {
+          closePopover();
+        },
+      }}
+    >
+      {children}
+    </EuiWrappingPopover>
+  );
+};
diff --git a/x-pack/packages/kbn-cloud-security-posture/graph/src/components/graph/use_graph_popover.tsx b/x-pack/packages/kbn-cloud-security-posture/graph/src/components/graph/use_graph_popover.tsx
new file mode 100644
index 0000000000000..f5bca30d1e5ae
--- /dev/null
+++ b/x-pack/packages/kbn-cloud-security-posture/graph/src/components/graph/use_graph_popover.tsx
@@ -0,0 +1,57 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { useCallback, useMemo, useState } from 'react';
+
+export interface PopoverActions {
+  openPopover: (anchorElement: HTMLElement) => void;
+  closePopover: () => void;
+}
+
+export interface PopoverState {
+  isOpen: boolean;
+  anchorElement: HTMLElement | null;
+}
+
+export interface GraphPopoverState {
+  id: string;
+  actions: PopoverActions;
+  state: PopoverState;
+}
+
+export const useGraphPopover = (id: string): GraphPopoverState => {
+  const [isOpen, setIsOpen] = useState(false);
+  const [anchorElement, setAnchorElement] = useState<HTMLElement | null>(null);
+
+  // Memoize actions to prevent them from changing on re-renders
+  const openPopover = useCallback((anchor: HTMLElement) => {
+    setAnchorElement(anchor);
+    setIsOpen(true);
+  }, []);
+
+  const closePopover = useCallback(() => {
+    setIsOpen(false);
+    setAnchorElement(null);
+  }, []);
+
+  // Memoize the context values
+  const actions: PopoverActions = useMemo(
+    () => ({ openPopover, closePopover }),
+    [openPopover, closePopover]
+  );
+
+  const state: PopoverState = useMemo(() => ({ isOpen, anchorElement }), [isOpen, anchorElement]);
+
+  return useMemo(
+    () => ({
+      id,
+      actions,
+      state,
+    }),
+    [id, actions, state]
+  );
+};
diff --git a/x-pack/packages/kbn-cloud-security-posture/graph/src/components/index.ts b/x-pack/packages/kbn-cloud-security-posture/graph/src/components/index.ts
index 5b2f8d71323bb..2b050aa55429f 100644
--- a/x-pack/packages/kbn-cloud-security-posture/graph/src/components/index.ts
+++ b/x-pack/packages/kbn-cloud-security-posture/graph/src/components/index.ts
@@ -6,6 +6,8 @@
  */
 
 export { Graph } from './graph/graph';
+export { GraphPopover } from './graph/graph_popover';
+export { useGraphPopover } from './graph/use_graph_popover';
 export type { GraphProps } from './graph/graph';
 export type {
   NodeViewModel,
diff --git a/x-pack/packages/kbn-cloud-security-posture/graph/src/components/node/diamond_node.tsx b/x-pack/packages/kbn-cloud-security-posture/graph/src/components/node/diamond_node.tsx
index f96068061a433..75ad989b625e8 100644
--- a/x-pack/packages/kbn-cloud-security-posture/graph/src/components/node/diamond_node.tsx
+++ b/x-pack/packages/kbn-cloud-security-posture/graph/src/components/node/diamond_node.tsx
@@ -19,12 +19,13 @@ import {
   HandleStyleOverride,
 } from './styles';
 import { DiamondHoverShape, DiamondShape } from './shapes/diamond_shape';
+import { NodeExpandButton } from './node_expand_button';
 
 const NODE_WIDTH = 99;
 const NODE_HEIGHT = 98;
 
 export const DiamondNode: React.FC<NodeProps> = memo((props: NodeProps) => {
-  const { id, color, icon, label, interactive, expandButtonClick } =
+  const { id, color, icon, label, interactive, expandButtonClick, nodeClick } =
     props.data as EntityNodeViewModel;
   const { euiTheme } = useEuiTheme();
   return (
@@ -55,11 +56,14 @@ export const DiamondNode: React.FC<NodeProps> = memo((props: NodeProps) => {
           {icon && <NodeIcon x="14.5" y="14.5" icon={icon} color={color} />}
         </NodeShapeSvg>
         {interactive && (
-          <NodeButton
-            onClick={(e) => expandButtonClick?.(e, props)}
-            x={`${NODE_WIDTH - NodeButton.ExpandButtonSize}px`}
-            y={`${(NODE_HEIGHT - NodeButton.ExpandButtonSize) / 2 - 4}px`}
-          />
+          <>
+            <NodeButton onClick={(e) => nodeClick?.(e, props)} />
+            <NodeExpandButton
+              onClick={(e, unToggleCallback) => expandButtonClick?.(e, props, unToggleCallback)}
+              x={`${NODE_WIDTH - NodeExpandButton.ExpandButtonSize}px`}
+              y={`${(NODE_HEIGHT - NodeExpandButton.ExpandButtonSize) / 2 - 4}px`}
+            />
+          </>
         )}
         <Handle
           type="target"
diff --git a/x-pack/packages/kbn-cloud-security-posture/graph/src/components/node/ellipse_node.tsx b/x-pack/packages/kbn-cloud-security-posture/graph/src/components/node/ellipse_node.tsx
index 987b9d7577812..c9bd363130dca 100644
--- a/x-pack/packages/kbn-cloud-security-posture/graph/src/components/node/ellipse_node.tsx
+++ b/x-pack/packages/kbn-cloud-security-posture/graph/src/components/node/ellipse_node.tsx
@@ -19,12 +19,13 @@ import {
 } from './styles';
 import type { EntityNodeViewModel, NodeProps } from '../types';
 import { EllipseHoverShape, EllipseShape } from './shapes/ellipse_shape';
+import { NodeExpandButton } from './node_expand_button';
 
 const NODE_WIDTH = 90;
 const NODE_HEIGHT = 90;
 
 export const EllipseNode: React.FC<NodeProps> = memo((props: NodeProps) => {
-  const { id, color, icon, label, interactive, expandButtonClick } =
+  const { id, color, icon, label, interactive, expandButtonClick, nodeClick } =
     props.data as EntityNodeViewModel;
   const { euiTheme } = useEuiTheme();
   return (
@@ -55,11 +56,14 @@ export const EllipseNode: React.FC<NodeProps> = memo((props: NodeProps) => {
           {icon && <NodeIcon x="11" y="12" icon={icon} color={color} />}
         </NodeShapeSvg>
         {interactive && (
-          <NodeButton
-            onClick={(e) => expandButtonClick?.(e, props)}
-            x={`${NODE_WIDTH - NodeButton.ExpandButtonSize / 2}px`}
-            y={`${(NODE_HEIGHT - NodeButton.ExpandButtonSize) / 2}px`}
-          />
+          <>
+            <NodeButton onClick={(e) => nodeClick?.(e, props)} />
+            <NodeExpandButton
+              onClick={(e, unToggleCallback) => expandButtonClick?.(e, props, unToggleCallback)}
+              x={`${NODE_WIDTH - NodeExpandButton.ExpandButtonSize / 2}px`}
+              y={`${(NODE_HEIGHT - NodeExpandButton.ExpandButtonSize) / 2}px`}
+            />
+          </>
         )}
         <Handle
           type="target"
diff --git a/x-pack/packages/kbn-cloud-security-posture/graph/src/components/node/hexagon_node.tsx b/x-pack/packages/kbn-cloud-security-posture/graph/src/components/node/hexagon_node.tsx
index 0bd8c33fc6484..9d155999e76ca 100644
--- a/x-pack/packages/kbn-cloud-security-posture/graph/src/components/node/hexagon_node.tsx
+++ b/x-pack/packages/kbn-cloud-security-posture/graph/src/components/node/hexagon_node.tsx
@@ -19,12 +19,13 @@ import {
 } from './styles';
 import type { EntityNodeViewModel, NodeProps } from '../types';
 import { HexagonHoverShape, HexagonShape } from './shapes/hexagon_shape';
+import { NodeExpandButton } from './node_expand_button';
 
 const NODE_WIDTH = 87;
 const NODE_HEIGHT = 96;
 
 export const HexagonNode: React.FC<NodeProps> = memo((props: NodeProps) => {
-  const { id, color, icon, label, interactive, expandButtonClick } =
+  const { id, color, icon, label, interactive, expandButtonClick, nodeClick } =
     props.data as EntityNodeViewModel;
   const { euiTheme } = useEuiTheme();
   return (
@@ -55,11 +56,14 @@ export const HexagonNode: React.FC<NodeProps> = memo((props: NodeProps) => {
           {icon && <NodeIcon x="11" y="15" icon={icon} color={color} />}
         </NodeShapeSvg>
         {interactive && (
-          <NodeButton
-            onClick={(e) => expandButtonClick?.(e, props)}
-            x={`${NODE_WIDTH - NodeButton.ExpandButtonSize / 2 + 2}px`}
-            y={`${(NODE_HEIGHT - NodeButton.ExpandButtonSize) / 2 - 2}px`}
-          />
+          <>
+            <NodeButton onClick={(e) => nodeClick?.(e, props)} />
+            <NodeExpandButton
+              onClick={(e, unToggleCallback) => expandButtonClick?.(e, props, unToggleCallback)}
+              x={`${NODE_WIDTH - NodeExpandButton.ExpandButtonSize / 2 + 2}px`}
+              y={`${(NODE_HEIGHT - NodeExpandButton.ExpandButtonSize) / 2 - 2}px`}
+            />
+          </>
         )}
         <Handle
           type="target"
diff --git a/x-pack/packages/kbn-cloud-security-posture/graph/src/components/node/node_expand_button.tsx b/x-pack/packages/kbn-cloud-security-posture/graph/src/components/node/node_expand_button.tsx
new file mode 100644
index 0000000000000..522b7d1b5d45b
--- /dev/null
+++ b/x-pack/packages/kbn-cloud-security-posture/graph/src/components/node/node_expand_button.tsx
@@ -0,0 +1,43 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React, { useCallback, useState } from 'react';
+import { StyledNodeExpandButton, RoundEuiButtonIcon, ExpandButtonSize } from './styles';
+
+export interface NodeExpandButtonProps {
+  x?: string;
+  y?: string;
+  onClick?: (e: React.MouseEvent<HTMLElement>, unToggleCallback: () => void) => void;
+}
+
+export const NodeExpandButton = ({ x, y, onClick }: NodeExpandButtonProps) => {
+  // State to track whether the icon is "plus" or "minus"
+  const [isToggled, setIsToggled] = useState(false);
+
+  const unToggleCallback = useCallback(() => {
+    setIsToggled(false);
+  }, []);
+
+  const onClickHandler = (e: React.MouseEvent<HTMLElement>) => {
+    setIsToggled((currIsToggled) => !currIsToggled);
+    onClick?.(e, unToggleCallback);
+  };
+
+  return (
+    <StyledNodeExpandButton x={x} y={y} className={isToggled ? 'toggled' : undefined}>
+      <RoundEuiButtonIcon
+        color="primary"
+        iconType={isToggled ? 'minusInCircleFilled' : 'plusInCircleFilled'}
+        onClick={onClickHandler}
+        iconSize="m"
+        aria-label="Open or close node actions"
+      />
+    </StyledNodeExpandButton>
+  );
+};
+
+NodeExpandButton.ExpandButtonSize = ExpandButtonSize;
diff --git a/x-pack/packages/kbn-cloud-security-posture/graph/src/components/node/pentagon_node.tsx b/x-pack/packages/kbn-cloud-security-posture/graph/src/components/node/pentagon_node.tsx
index f2282e9fa2d7d..f2745cef7ec80 100644
--- a/x-pack/packages/kbn-cloud-security-posture/graph/src/components/node/pentagon_node.tsx
+++ b/x-pack/packages/kbn-cloud-security-posture/graph/src/components/node/pentagon_node.tsx
@@ -20,6 +20,7 @@ import {
 } from './styles';
 import type { EntityNodeViewModel, NodeProps } from '../types';
 import { PentagonHoverShape, PentagonShape } from './shapes/pentagon_shape';
+import { NodeExpandButton } from './node_expand_button';
 
 const PentagonShapeOnHover = styled(NodeShapeOnHoverSvg)`
   transform: translate(-50%, -51.5%);
@@ -29,7 +30,7 @@ const NODE_WIDTH = 91;
 const NODE_HEIGHT = 88;
 
 export const PentagonNode: React.FC<NodeProps> = memo((props: NodeProps) => {
-  const { id, color, icon, label, interactive, expandButtonClick } =
+  const { id, color, icon, label, interactive, expandButtonClick, nodeClick } =
     props.data as EntityNodeViewModel;
   const { euiTheme } = useEuiTheme();
   return (
@@ -60,11 +61,14 @@ export const PentagonNode: React.FC<NodeProps> = memo((props: NodeProps) => {
           {icon && <NodeIcon x="12.5" y="14.5" icon={icon} color={color} />}
         </NodeShapeSvg>
         {interactive && (
-          <NodeButton
-            onClick={(e) => expandButtonClick?.(e, props)}
-            x={`${NODE_WIDTH - NodeButton.ExpandButtonSize / 2}px`}
-            y={`${(NODE_HEIGHT - NodeButton.ExpandButtonSize) / 2}px`}
-          />
+          <>
+            <NodeButton onClick={(e) => nodeClick?.(e, props)} />
+            <NodeExpandButton
+              onClick={(e, unToggleCallback) => expandButtonClick?.(e, props, unToggleCallback)}
+              x={`${NODE_WIDTH - NodeExpandButton.ExpandButtonSize / 2}px`}
+              y={`${(NODE_HEIGHT - NodeExpandButton.ExpandButtonSize) / 2}px`}
+            />
+          </>
         )}
         <Handle
           type="target"
diff --git a/x-pack/packages/kbn-cloud-security-posture/graph/src/components/node/rectangle_node.tsx b/x-pack/packages/kbn-cloud-security-posture/graph/src/components/node/rectangle_node.tsx
index 7a5fc14855bc9..f85b102c7e445 100644
--- a/x-pack/packages/kbn-cloud-security-posture/graph/src/components/node/rectangle_node.tsx
+++ b/x-pack/packages/kbn-cloud-security-posture/graph/src/components/node/rectangle_node.tsx
@@ -19,12 +19,13 @@ import {
 } from './styles';
 import type { EntityNodeViewModel, NodeProps } from '../types';
 import { RectangleHoverShape, RectangleShape } from './shapes/rectangle_shape';
+import { NodeExpandButton } from './node_expand_button';
 
 const NODE_WIDTH = 81;
 const NODE_HEIGHT = 80;
 
 export const RectangleNode: React.FC<NodeProps> = memo((props: NodeProps) => {
-  const { id, color, icon, label, interactive, expandButtonClick } =
+  const { id, color, icon, label, interactive, expandButtonClick, nodeClick } =
     props.data as EntityNodeViewModel;
   const { euiTheme } = useEuiTheme();
   return (
@@ -55,11 +56,14 @@ export const RectangleNode: React.FC<NodeProps> = memo((props: NodeProps) => {
           {icon && <NodeIcon x="8" y="7" icon={icon} color={color} />}
         </NodeShapeSvg>
         {interactive && (
-          <NodeButton
-            onClick={(e) => expandButtonClick?.(e, props)}
-            x={`${NODE_WIDTH - NodeButton.ExpandButtonSize / 4}px`}
-            y={`${(NODE_HEIGHT - NodeButton.ExpandButtonSize / 2) / 2}px`}
-          />
+          <>
+            <NodeButton onClick={(e) => nodeClick?.(e, props)} />
+            <NodeExpandButton
+              onClick={(e, unToggleCallback) => expandButtonClick?.(e, props, unToggleCallback)}
+              x={`${NODE_WIDTH - NodeExpandButton.ExpandButtonSize / 4}px`}
+              y={`${(NODE_HEIGHT - NodeExpandButton.ExpandButtonSize / 2) / 2}px`}
+            />
+          </>
         )}
         <Handle
           type="target"
diff --git a/x-pack/packages/kbn-cloud-security-posture/graph/src/components/node/styles.tsx b/x-pack/packages/kbn-cloud-security-posture/graph/src/components/node/styles.tsx
index e76da737af0f9..74b3f3ebe0156 100644
--- a/x-pack/packages/kbn-cloud-security-posture/graph/src/components/node/styles.tsx
+++ b/x-pack/packages/kbn-cloud-security-posture/graph/src/components/node/styles.tsx
@@ -5,7 +5,7 @@
  * 2.0.
  */
 
-import React, { useState } from 'react';
+import React from 'react';
 import styled from '@emotion/styled';
 import {
   type EuiIconProps,
@@ -18,6 +18,7 @@ import {
 } from '@elastic/eui';
 import { rgba } from 'polished';
 import { getSpanIcon } from './get_span_icon';
+import type { NodeExpandButtonProps } from './node_expand_button';
 
 export const LABEL_PADDING_X = 15;
 export const LABEL_BORDER_WIDTH = 1;
@@ -100,6 +101,54 @@ export const NodeShapeSvg = styled.svg`
   z-index: 1;
 `;
 
+export interface NodeButtonProps {
+  onClick?: (e: React.MouseEvent<HTMLElement>) => void;
+}
+
+export const NodeButton: React.FC<NodeButtonProps> = ({ onClick }) => (
+  <StyledNodeContainer>
+    <StyledNodeButton onClick={onClick} />
+  </StyledNodeContainer>
+);
+
+const StyledNodeContainer = styled.div`
+  position: absolute;
+  width: ${NODE_WIDTH}px;
+  height: ${NODE_HEIGHT}px;
+  z-index: 1;
+`;
+
+const StyledNodeButton = styled.div`
+  width: ${NODE_WIDTH}px;
+  height: ${NODE_HEIGHT}px;
+`;
+
+export const StyledNodeExpandButton = styled.div<NodeExpandButtonProps>`
+  opacity: 0; /* Hidden by default */
+  transition: opacity 0.2s ease; /* Smooth transition */
+  ${(props: NodeExpandButtonProps) =>
+    (Boolean(props.x) || Boolean(props.y)) &&
+    `transform: translate(${props.x ?? '0'}, ${props.y ?? '0'});`}
+  position: absolute;
+  z-index: 1;
+
+  &.toggled {
+    opacity: 1;
+  }
+
+  ${NodeShapeContainer}:hover & {
+    opacity: 1; /* Show on hover */
+  }
+
+  &:has(button:focus) {
+    opacity: 1; /* Show when button is active */
+  }
+
+  .react-flow__node:focus:focus-visible & {
+    opacity: 1; /* Show on node focus */
+  }
+`;
+
 export const NodeShapeOnHoverSvg = styled(NodeShapeSvg)`
   opacity: 0; /* Hidden by default */
   transition: opacity 0.2s ease; /* Smooth transition */
@@ -108,6 +157,10 @@ export const NodeShapeOnHoverSvg = styled(NodeShapeSvg)`
     opacity: 1; /* Show on hover */
   }
 
+  ${NodeShapeContainer}:has(${StyledNodeExpandButton}.toggled) & {
+    opacity: 1; /* Show on hover */
+  }
+
   .react-flow__node:focus:focus-visible & {
     opacity: 1; /* Show on hover */
   }
@@ -145,9 +198,9 @@ NodeLabel.defaultProps = {
   textAlign: 'center',
 };
 
-const ExpandButtonSize = 18;
+export const ExpandButtonSize = 18;
 
-const RoundEuiButtonIcon = styled(EuiButtonIcon)`
+export const RoundEuiButtonIcon = styled(EuiButtonIcon)`
   border-radius: 50%;
   background-color: ${(_props) => useEuiBackgroundColor('plain')};
   width: ${ExpandButtonSize}px;
@@ -164,57 +217,6 @@ const RoundEuiButtonIcon = styled(EuiButtonIcon)`
   }
 `;
 
-export const StyledNodeButton = styled.div<NodeButtonProps>`
-  opacity: 0; /* Hidden by default */
-  transition: opacity 0.2s ease; /* Smooth transition */
-  ${(props: NodeButtonProps) =>
-    (Boolean(props.x) || Boolean(props.y)) &&
-    `transform: translate(${props.x ?? '0'}, ${props.y ?? '0'});`}
-  position: absolute;
-  z-index: 1;
-
-  ${NodeShapeContainer}:hover & {
-    opacity: 1; /* Show on hover */
-  }
-
-  &:has(button:focus) {
-    opacity: 1; /* Show when button is active */
-  }
-
-  .react-flow__node:focus:focus-visible & {
-    opacity: 1; /* Show on node focus */
-  }
-`;
-
-export interface NodeButtonProps {
-  x?: string;
-  y?: string;
-  onClick?: (e: React.MouseEvent<HTMLElement>) => void;
-}
-
-export const NodeButton = ({ x, y, onClick }: NodeButtonProps) => {
-  // State to track whether the icon is "plus" or "minus"
-  const [isToggled, setIsToggled] = useState(false);
-
-  const onClickHandler = (e: React.MouseEvent<HTMLElement>) => {
-    setIsToggled(!isToggled);
-    onClick?.(e);
-  };
-
-  return (
-    <StyledNodeButton x={x} y={y}>
-      <RoundEuiButtonIcon
-        color="primary"
-        iconType={isToggled ? 'minusInCircleFilled' : 'plusInCircleFilled'}
-        onClick={onClickHandler}
-        iconSize="m"
-      />
-    </StyledNodeButton>
-  );
-};
-
-NodeButton.ExpandButtonSize = ExpandButtonSize;
-
 export const HandleStyleOverride: React.CSSProperties = {
   background: 'none',
   border: 'none',
diff --git a/x-pack/packages/kbn-cloud-security-posture/graph/src/components/styles.tsx b/x-pack/packages/kbn-cloud-security-posture/graph/src/components/styles.tsx
new file mode 100644
index 0000000000000..0efff1c88456c
--- /dev/null
+++ b/x-pack/packages/kbn-cloud-security-posture/graph/src/components/styles.tsx
@@ -0,0 +1,80 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React from 'react';
+import {
+  EuiIcon,
+  useEuiBackgroundColor,
+  useEuiTheme,
+  type EuiIconProps,
+  type _EuiBackgroundColor,
+  EuiListGroupItemProps,
+  EuiListGroupItem,
+  EuiText,
+} from '@elastic/eui';
+import styled from '@emotion/styled';
+
+interface EuiColorProps {
+  color: keyof ReturnType<typeof useEuiTheme>['euiTheme']['colors'];
+  background: _EuiBackgroundColor;
+}
+
+type IconContainerProps = EuiColorProps;
+
+const IconContainer = styled.div<IconContainerProps>`
+  position: relative;
+  width: 24px;
+  height: 24px;
+  border-radius: 50%;
+  color: ${({ color }) => {
+    const { euiTheme } = useEuiTheme();
+    return euiTheme.colors[color];
+  }};
+  background-color: ${({ background }) => useEuiBackgroundColor(background)};
+  border: 1px solid
+    ${({ color }) => {
+      const { euiTheme } = useEuiTheme();
+      return euiTheme.colors[color];
+    }};
+  margin-right: 8px;
+`;
+
+const StyleEuiIcon = styled(EuiIcon)`
+  position: absolute;
+  top: 50%;
+  left: 50%;
+  transform: translate(-50%, -50%);
+`;
+
+type RoundedEuiIconProps = EuiIconProps & EuiColorProps;
+
+const RoundedEuiIcon: React.FC<RoundedEuiIconProps> = ({ color, background, ...rest }) => (
+  <IconContainer color={color} background={background}>
+    <StyleEuiIcon color={color} {...rest} />
+  </IconContainer>
+);
+
+export const ExpandPopoverListItem: React.FC<
+  Pick<EuiListGroupItemProps, 'iconType' | 'label' | 'onClick'>
+> = (props) => {
+  const { euiTheme } = useEuiTheme();
+  return (
+    <EuiListGroupItem
+      icon={
+        props.iconType ? (
+          <RoundedEuiIcon color="primary" background="primary" type={props.iconType} size="s" />
+        ) : undefined
+      }
+      label={
+        <EuiText size="s" color={euiTheme.colors.primaryText}>
+          {props.label}
+        </EuiText>
+      }
+      onClick={props.onClick}
+    />
+  );
+};
diff --git a/x-pack/packages/kbn-cloud-security-posture/graph/src/components/types.ts b/x-pack/packages/kbn-cloud-security-posture/graph/src/components/types.ts
index 27ec18f35f45b..328829ee3fabe 100644
--- a/x-pack/packages/kbn-cloud-security-posture/graph/src/components/types.ts
+++ b/x-pack/packages/kbn-cloud-security-posture/graph/src/components/types.ts
@@ -5,6 +5,7 @@
  * 2.0.
  */
 
+import React from 'react';
 import type {
   EntityNodeDataModel,
   GroupNodeDataModel,
@@ -24,11 +25,20 @@ interface BaseNodeDataViewModel {
   interactive?: boolean;
 }
 
+export type NodeClickCallback = (e: React.MouseEvent<HTMLElement>, node: NodeProps) => void;
+
+export type ExpandButtonClickCallback = (
+  e: React.MouseEvent<HTMLElement>,
+  node: NodeProps,
+  unToggleCallback: () => void
+) => void;
+
 export interface EntityNodeViewModel
   extends Record<string, unknown>,
     EntityNodeDataModel,
     BaseNodeDataViewModel {
-  expandButtonClick?: (e: React.MouseEvent<HTMLElement>, node: NodeProps) => void;
+  expandButtonClick?: ExpandButtonClickCallback;
+  nodeClick?: NodeClickCallback;
 }
 
 export interface GroupNodeViewModel
@@ -40,7 +50,7 @@ export interface LabelNodeViewModel
   extends Record<string, unknown>,
     LabelNodeDataModel,
     BaseNodeDataViewModel {
-  expandButtonClick?: (e: React.MouseEvent<HTMLElement>, node: NodeProps) => void;
+  expandButtonClick?: ExpandButtonClickCallback;
 }
 
 export type NodeViewModel = EntityNodeViewModel | GroupNodeViewModel | LabelNodeViewModel;
diff --git a/x-pack/packages/kbn-elastic-assistant-common/impl/capabilities/index.ts b/x-pack/packages/kbn-elastic-assistant-common/impl/capabilities/index.ts
index 54c24f6ce7b8f..d883dfe98d564 100644
--- a/x-pack/packages/kbn-elastic-assistant-common/impl/capabilities/index.ts
+++ b/x-pack/packages/kbn-elastic-assistant-common/impl/capabilities/index.ts
@@ -19,6 +19,5 @@ export type AssistantFeatureKey = keyof AssistantFeatures;
  * Default features available to the elastic assistant
  */
 export const defaultAssistantFeatures = Object.freeze({
-  assistantKnowledgeBaseByDefault: true,
   assistantModelEvaluation: false,
 });
diff --git a/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/capabilities/get_capabilities_route.gen.ts b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/capabilities/get_capabilities_route.gen.ts
index b3ab7cca5bc02..0f8b6235d7dc9 100644
--- a/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/capabilities/get_capabilities_route.gen.ts
+++ b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/capabilities/get_capabilities_route.gen.ts
@@ -18,6 +18,5 @@ import { z } from '@kbn/zod';
 
 export type GetCapabilitiesResponse = z.infer<typeof GetCapabilitiesResponse>;
 export const GetCapabilitiesResponse = z.object({
-  assistantKnowledgeBaseByDefault: z.boolean(),
   assistantModelEvaluation: z.boolean(),
 });
diff --git a/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/capabilities/get_capabilities_route.schema.yaml b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/capabilities/get_capabilities_route.schema.yaml
index 01b5eb0e15823..a042abd391796 100644
--- a/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/capabilities/get_capabilities_route.schema.yaml
+++ b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/capabilities/get_capabilities_route.schema.yaml
@@ -20,12 +20,9 @@ paths:
               schema:
                 type: object
                 properties:
-                  assistantKnowledgeBaseByDefault:
-                    type: boolean
                   assistantModelEvaluation:
                     type: boolean
                 required:
-                  - assistantKnowledgeBaseByDefault
                   - assistantModelEvaluation
         '400':
           description: Generic Error
diff --git a/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/knowledge_base/crud_kb_route.gen.ts b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/knowledge_base/crud_kb_route.gen.ts
index 4f03dbe0b1343..a4f38cafd460b 100644
--- a/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/knowledge_base/crud_kb_route.gen.ts
+++ b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/knowledge_base/crud_kb_route.gen.ts
@@ -55,20 +55,6 @@ export type CreateKnowledgeBaseRequestParamsInput = z.input<
 export type CreateKnowledgeBaseResponse = z.infer<typeof CreateKnowledgeBaseResponse>;
 export const CreateKnowledgeBaseResponse = KnowledgeBaseResponse;
 
-export type DeleteKnowledgeBaseRequestParams = z.infer<typeof DeleteKnowledgeBaseRequestParams>;
-export const DeleteKnowledgeBaseRequestParams = z.object({
-  /**
-   * The KnowledgeBase `resource` value.
-   */
-  resource: z.string().optional(),
-});
-export type DeleteKnowledgeBaseRequestParamsInput = z.input<
-  typeof DeleteKnowledgeBaseRequestParams
->;
-
-export type DeleteKnowledgeBaseResponse = z.infer<typeof DeleteKnowledgeBaseResponse>;
-export const DeleteKnowledgeBaseResponse = KnowledgeBaseResponse;
-
 export type ReadKnowledgeBaseRequestParams = z.infer<typeof ReadKnowledgeBaseRequestParams>;
 export const ReadKnowledgeBaseRequestParams = z.object({
   /**
diff --git a/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/knowledge_base/crud_kb_route.schema.yaml b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/knowledge_base/crud_kb_route.schema.yaml
index b4c16189e2387..67193212abb49 100644
--- a/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/knowledge_base/crud_kb_route.schema.yaml
+++ b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/knowledge_base/crud_kb_route.schema.yaml
@@ -100,40 +100,6 @@ paths:
                     type: string
                   message:
                     type: string
-    delete:
-      x-codegen-enabled: true
-      x-labels: [ess, serverless]
-      operationId: DeleteKnowledgeBase
-      description: Deletes KnowledgeBase with the `resource` field.
-      summary: Deletes a KnowledgeBase
-      tags:
-        - KnowledgeBase API
-      parameters:
-        - name: resource
-          in: path
-          description: The KnowledgeBase `resource` value.
-          schema:
-            type: string
-      responses:
-        200:
-          description: Indicates a successful call.
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/KnowledgeBaseResponse'
-        400:
-          description: Generic Error
-          content:
-            application/json:
-              schema:
-                type: object
-                properties:
-                  statusCode:
-                    type: number
-                  error:
-                    type: string
-                  message:
-                    type: string
 
 components:
   schemas:
diff --git a/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/knowledge_base/entries/bulk_crud_knowledge_base_entries_route.schema.yaml b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/knowledge_base/entries/bulk_crud_knowledge_base_entries_route.schema.yaml
index 7670114c7164a..db68416b14561 100644
--- a/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/knowledge_base/entries/bulk_crud_knowledge_base_entries_route.schema.yaml
+++ b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/knowledge_base/entries/bulk_crud_knowledge_base_entries_route.schema.yaml
@@ -6,7 +6,7 @@ paths:
   /internal/elastic_assistant/knowledge_base/entries/_bulk_action:
     post:
       x-codegen-enabled: true
-      # This API is still behind the `assistantKnowledgeBaseByDefault` feature flag
+      # Targeted to update to public by 8.18
       x-internal: true
       x-labels: [ess, serverless]
       operationId: PerformKnowledgeBaseEntryBulkAction
diff --git a/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/knowledge_base/entries/crud_knowledge_base_entries_route.schema.yaml b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/knowledge_base/entries/crud_knowledge_base_entries_route.schema.yaml
index 7479b5cca8225..10105ef7dce90 100644
--- a/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/knowledge_base/entries/crud_knowledge_base_entries_route.schema.yaml
+++ b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/knowledge_base/entries/crud_knowledge_base_entries_route.schema.yaml
@@ -6,7 +6,7 @@ paths:
   /internal/elastic_assistant/knowledge_base/entries:
     post:
       x-codegen-enabled: true
-      # This API is still behind the `assistantKnowledgeBaseByDefault` feature flag
+      # Targeted to update to public by 8.18
       x-internal: true
       x-labels: [ess, serverless]
       operationId: CreateKnowledgeBaseEntry
@@ -37,7 +37,7 @@ paths:
   /internal/elastic_assistant/knowledge_base/entries/{id}:
     get:
       x-codegen-enabled: true
-      # This API is still behind the `assistantKnowledgeBaseByDefault` feature flag
+      # Targeted to update to public by 8.18
       x-internal: true
       x-labels: [ess, serverless]
       operationId: ReadKnowledgeBaseEntry
@@ -67,7 +67,7 @@ paths:
                 $ref: './common_attributes.schema.yaml#/components/schemas/KnowledgeBaseEntryErrorSchema'
     put:
       x-codegen-enabled: true
-      # This API is still behind the `assistantKnowledgeBaseByDefault` feature flag
+      # Targeted to update to public by 8.18
       x-internal: true
       x-labels: [ess, serverless]
       operationId: UpdateKnowledgeBaseEntry
@@ -103,7 +103,7 @@ paths:
                 $ref: './common_attributes.schema.yaml#/components/schemas/KnowledgeBaseEntryErrorSchema'
     delete:
       x-codegen-enabled: true
-      # This API is still behind the `assistantKnowledgeBaseByDefault` feature flag
+      # Targeted to update to public by 8.18
       x-internal: true
       x-labels: [ess, serverless]
       operationId: DeleteKnowledgeBaseEntry
diff --git a/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/knowledge_base/entries/find_knowledge_base_entries_route.schema.yaml b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/knowledge_base/entries/find_knowledge_base_entries_route.schema.yaml
index 8794a94b0efc9..9b9696e8760fc 100644
--- a/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/knowledge_base/entries/find_knowledge_base_entries_route.schema.yaml
+++ b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/knowledge_base/entries/find_knowledge_base_entries_route.schema.yaml
@@ -6,7 +6,7 @@ paths:
   /internal/elastic_assistant/knowledge_base/entries/_find:
     get:
       x-codegen-enabled: true
-      # This API is still behind the `assistantKnowledgeBaseByDefault` feature flag
+      # Targeted to update to public by 8.18
       x-internal: true
       x-labels: [ess, serverless]
       operationId: FindKnowledgeBaseEntries
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/api/knowledge_base/api.test.tsx b/x-pack/packages/kbn-elastic-assistant/impl/assistant/api/knowledge_base/api.test.tsx
index 5509f43037444..2a1ffc5072570 100644
--- a/x-pack/packages/kbn-elastic-assistant/impl/assistant/api/knowledge_base/api.test.tsx
+++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant/api/knowledge_base/api.test.tsx
@@ -7,12 +7,7 @@
 
 import { HttpSetup } from '@kbn/core-http-browser';
 
-import {
-  deleteKnowledgeBase,
-  getKnowledgeBaseIndices,
-  getKnowledgeBaseStatus,
-  postKnowledgeBase,
-} from './api';
+import { getKnowledgeBaseIndices, getKnowledgeBaseStatus, postKnowledgeBase } from './api';
 
 jest.mock('@kbn/core-http-browser');
 
@@ -78,29 +73,6 @@ describe('API tests', () => {
     });
   });
 
-  describe('deleteKnowledgeBase', () => {
-    it('calls the knowledge base API when correct resource path', async () => {
-      await deleteKnowledgeBase(knowledgeBaseArgs);
-
-      expect(mockHttp.fetch).toHaveBeenCalledWith(
-        '/internal/elastic_assistant/knowledge_base/a-resource',
-        {
-          method: 'DELETE',
-          signal: undefined,
-          version: '1',
-        }
-      );
-    });
-    it('returns error when error is an error', async () => {
-      const error = 'simulated error';
-      (mockHttp.fetch as jest.Mock).mockImplementation(() => {
-        throw new Error(error);
-      });
-
-      await expect(deleteKnowledgeBase(knowledgeBaseArgs)).resolves.toThrowError('simulated error');
-    });
-  });
-
   describe('getKnowledgeBaseIndices', () => {
     it('calls the knowledge base API when correct resource path', async () => {
       await getKnowledgeBaseIndices({ http: mockHttp });
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/api/knowledge_base/api.tsx b/x-pack/packages/kbn-elastic-assistant/impl/assistant/api/knowledge_base/api.tsx
index 4db8c0787a1e1..00fe022ad9517 100644
--- a/x-pack/packages/kbn-elastic-assistant/impl/assistant/api/knowledge_base/api.tsx
+++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant/api/knowledge_base/api.tsx
@@ -9,8 +9,6 @@ import {
   API_VERSIONS,
   CreateKnowledgeBaseRequestParams,
   CreateKnowledgeBaseResponse,
-  DeleteKnowledgeBaseRequestParams,
-  DeleteKnowledgeBaseResponse,
   ELASTIC_AI_ASSISTANT_KNOWLEDGE_BASE_INDICES_URL,
   ELASTIC_AI_ASSISTANT_KNOWLEDGE_BASE_URL,
   GetKnowledgeBaseIndicesResponse,
@@ -79,38 +77,6 @@ export const postKnowledgeBase = async ({
   return response as CreateKnowledgeBaseResponse;
 };
 
-/**
- * API call for deleting the Knowledge Base. Provide a resource to delete that specific resource.
- *
- * @param {Object} options - The options object.
- * @param {HttpSetup} options.http - HttpSetup
- * @param {string} [options.resource] - Resource to be deleted from the KB, otherwise delete the entire KB
- * @param {AbortSignal} [options.signal] - AbortSignal
- *
- * @returns {Promise<DeleteKnowledgeBaseResponse | IHttpFetchError>}
- */
-export const deleteKnowledgeBase = async ({
-  http,
-  resource,
-  signal,
-}: DeleteKnowledgeBaseRequestParams & {
-  http: HttpSetup;
-  signal?: AbortSignal | undefined;
-}): Promise<DeleteKnowledgeBaseResponse | IHttpFetchError> => {
-  try {
-    const path = ELASTIC_AI_ASSISTANT_KNOWLEDGE_BASE_URL.replace('{resource?}', resource || '');
-    const response = await http.fetch(path, {
-      method: 'DELETE',
-      signal,
-      version: API_VERSIONS.internal.v1,
-    });
-
-    return response as DeleteKnowledgeBaseResponse;
-  } catch (error) {
-    return error as IHttpFetchError;
-  }
-};
-
 /**
  * API call for getting indices that have fields of `semantic_text` type.
  *
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/api/knowledge_base/use_delete_knowledge_base.test.tsx b/x-pack/packages/kbn-elastic-assistant/impl/assistant/api/knowledge_base/use_delete_knowledge_base.test.tsx
deleted file mode 100644
index b50c345edb3b3..0000000000000
--- a/x-pack/packages/kbn-elastic-assistant/impl/assistant/api/knowledge_base/use_delete_knowledge_base.test.tsx
+++ /dev/null
@@ -1,110 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { act, renderHook } from '@testing-library/react-hooks';
-import { useDeleteKnowledgeBase, UseDeleteKnowledgeBaseParams } from './use_delete_knowledge_base';
-import { deleteKnowledgeBase as _deleteKnowledgeBase } from './api';
-import { useMutation as _useMutation } from '@tanstack/react-query';
-
-const useMutationMock = _useMutation as jest.Mock;
-const deleteKnowledgeBaseMock = _deleteKnowledgeBase as jest.Mock;
-
-jest.mock('./api', () => {
-  const actual = jest.requireActual('./api');
-  return {
-    ...actual,
-    deleteKnowledgeBase: jest.fn((...args) => actual.deleteKnowledgeBase(...args)),
-  };
-});
-jest.mock('./use_knowledge_base_status');
-
-jest.mock('@tanstack/react-query', () => ({
-  useMutation: jest.fn().mockImplementation(async (queryKey, fn, opts) => {
-    try {
-      const res = await fn();
-      return Promise.resolve(res);
-    } catch (e) {
-      opts.onError(e);
-    }
-  }),
-}));
-
-const statusResponse = {
-  success: true,
-};
-
-const http = {
-  fetch: jest.fn().mockResolvedValue(statusResponse),
-};
-const toasts = {
-  addError: jest.fn(),
-};
-const defaultProps = { http, toasts } as unknown as UseDeleteKnowledgeBaseParams;
-
-describe('useDeleteKnowledgeBase', () => {
-  beforeEach(() => {
-    jest.clearAllMocks();
-  });
-  it('should call api to delete knowledge base', async () => {
-    await act(async () => {
-      const { waitForNextUpdate } = renderHook(() => useDeleteKnowledgeBase(defaultProps));
-      await waitForNextUpdate();
-
-      expect(defaultProps.http.fetch).toHaveBeenCalledWith(
-        '/internal/elastic_assistant/knowledge_base/',
-        {
-          method: 'DELETE',
-          signal: undefined,
-          version: '1',
-        }
-      );
-      expect(toasts.addError).not.toHaveBeenCalled();
-    });
-  });
-  it('should call api to delete knowledge base with resource arg', async () => {
-    useMutationMock.mockImplementation(async (queryKey, fn, opts) => {
-      try {
-        const res = await fn('something');
-        return Promise.resolve(res);
-      } catch (e) {
-        opts.onError(e);
-      }
-    });
-    await act(async () => {
-      const { waitForNextUpdate } = renderHook(() => useDeleteKnowledgeBase(defaultProps));
-      await waitForNextUpdate();
-
-      expect(defaultProps.http.fetch).toHaveBeenCalledWith(
-        '/internal/elastic_assistant/knowledge_base/something',
-        {
-          method: 'DELETE',
-          signal: undefined,
-          version: '1',
-        }
-      );
-    });
-  });
-
-  it('should return delete response', async () => {
-    await act(async () => {
-      const { result, waitForNextUpdate } = renderHook(() => useDeleteKnowledgeBase(defaultProps));
-      await waitForNextUpdate();
-
-      await expect(result.current).resolves.toStrictEqual(statusResponse);
-    });
-  });
-
-  it('should display error toast when api throws error', async () => {
-    deleteKnowledgeBaseMock.mockRejectedValue(new Error('this is an error'));
-    await act(async () => {
-      const { waitForNextUpdate } = renderHook(() => useDeleteKnowledgeBase(defaultProps));
-      await waitForNextUpdate();
-
-      expect(toasts.addError).toHaveBeenCalled();
-    });
-  });
-});
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/api/knowledge_base/use_delete_knowledge_base.tsx b/x-pack/packages/kbn-elastic-assistant/impl/assistant/api/knowledge_base/use_delete_knowledge_base.tsx
deleted file mode 100644
index 5e4ce82bde3bd..0000000000000
--- a/x-pack/packages/kbn-elastic-assistant/impl/assistant/api/knowledge_base/use_delete_knowledge_base.tsx
+++ /dev/null
@@ -1,58 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { useMutation } from '@tanstack/react-query';
-import type { IToasts } from '@kbn/core-notifications-browser';
-import type { HttpSetup, IHttpFetchError, ResponseErrorBody } from '@kbn/core-http-browser';
-import { i18n } from '@kbn/i18n';
-import { deleteKnowledgeBase } from './api';
-import { useInvalidateKnowledgeBaseStatus } from './use_knowledge_base_status';
-
-const DELETE_KNOWLEDGE_BASE_MUTATION_KEY = ['elastic-assistant', 'delete-knowledge-base'];
-
-export interface UseDeleteKnowledgeBaseParams {
-  http: HttpSetup;
-  toasts?: IToasts;
-}
-
-/**
- * Hook for deleting the Knowledge Base. Provide a resource name to delete a
- * specific resource within KB.
- *
- * @param {Object} options - The options object.
- * @param {HttpSetup} options.http - HttpSetup
- * @param {IToasts} [options.toasts] - IToasts
- *
- * @returns {useMutation} hook for deleting the Knowledge Base
- */
-export const useDeleteKnowledgeBase = ({ http, toasts }: UseDeleteKnowledgeBaseParams) => {
-  const invalidateKnowledgeBaseStatus = useInvalidateKnowledgeBaseStatus();
-  return useMutation(
-    DELETE_KNOWLEDGE_BASE_MUTATION_KEY,
-    (resource?: string | void) => {
-      // Optional params workaround: see: https://github.com/TanStack/query/issues/1077#issuecomment-1431247266
-      return deleteKnowledgeBase({ http, resource: resource ?? undefined });
-    },
-    {
-      onError: (error: IHttpFetchError<ResponseErrorBody>) => {
-        if (error.name !== 'AbortError') {
-          toasts?.addError(
-            error.body && error.body.message ? new Error(error.body.message) : error,
-            {
-              title: i18n.translate('xpack.elasticAssistant.knowledgeBase.deleteError', {
-                defaultMessage: 'Error deleting Knowledge Base',
-              }),
-            }
-          );
-        }
-      },
-      onSettled: () => {
-        invalidateKnowledgeBaseStatus();
-      },
-    }
-  );
-};
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/assistant_header/index.tsx b/x-pack/packages/kbn-elastic-assistant/impl/assistant/assistant_header/index.tsx
index ef37506f2af17..406ef8be16c73 100644
--- a/x-pack/packages/kbn-elastic-assistant/impl/assistant/assistant_header/index.tsx
+++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant/assistant_header/index.tsx
@@ -23,7 +23,7 @@ import { Conversation } from '../../..';
 import { AssistantTitle } from '../assistant_title';
 import { ConnectorSelectorInline } from '../../connectorland/connector_selector_inline/connector_selector_inline';
 import { FlyoutNavigation } from '../assistant_overlay/flyout_navigation';
-import { AssistantSettingsButton } from '../settings/assistant_settings_button';
+import { AssistantSettingsModal } from '../settings/assistant_settings_modal';
 import * as i18n from './translations';
 import { AIConnector } from '../../connectorland/connector_selector';
 import { SettingsContextMenu } from '../settings/settings_context_menu/settings_context_menu';
@@ -113,7 +113,7 @@ export const AssistantHeader: React.FC<Props> = ({
       >
         <EuiFlexGroup gutterSize="s">
           <EuiFlexItem grow={false}>
-            <AssistantSettingsButton
+            <AssistantSettingsModal
               defaultConnector={defaultConnector}
               isDisabled={isDisabled}
               isSettingsModalVisible={isSettingsModalVisible}
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/settings/assistant_settings.test.tsx b/x-pack/packages/kbn-elastic-assistant/impl/assistant/settings/assistant_settings.test.tsx
index c9f4f07d83b11..1837d40aae2b1 100644
--- a/x-pack/packages/kbn-elastic-assistant/impl/assistant/settings/assistant_settings.test.tsx
+++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant/settings/assistant_settings.test.tsx
@@ -38,7 +38,6 @@ const mockContext = {
   basePromptContexts: MOCK_QUICK_PROMPTS,
   setSelectedSettingsTab,
   http: {},
-  assistantFeatures: { assistantModelEvaluation: true, assistantKnowledgeBaseByDefault: false },
   selectedSettingsTab: 'CONVERSATIONS_TAB',
   assistantAvailability: {
     isAssistantEnabled: true,
@@ -136,17 +135,6 @@ describe('AssistantSettings', () => {
     QUICK_PROMPTS_TAB,
     SYSTEM_PROMPTS_TAB,
   ])('%s', (tab) => {
-    it('Opens the tab on button click', () => {
-      (useAssistantContext as jest.Mock).mockImplementation(() => ({
-        ...mockContext,
-        selectedSettingsTab: tab === CONVERSATIONS_TAB ? ANONYMIZATION_TAB : CONVERSATIONS_TAB,
-      }));
-      const { getByTestId } = render(<AssistantSettings {...testProps} />, {
-        wrapper,
-      });
-      fireEvent.click(getByTestId(`${tab}-button`));
-      expect(setSelectedSettingsTab).toHaveBeenCalledWith(tab);
-    });
     it('renders with the correct tab open', () => {
       (useAssistantContext as jest.Mock).mockImplementation(() => ({
         ...mockContext,
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/settings/assistant_settings.tsx b/x-pack/packages/kbn-elastic-assistant/impl/assistant/settings/assistant_settings.tsx
index 350780ea5b168..f325e411bae2b 100644
--- a/x-pack/packages/kbn-elastic-assistant/impl/assistant/settings/assistant_settings.tsx
+++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant/settings/assistant_settings.tsx
@@ -9,14 +9,10 @@ import React, { useCallback, useEffect, useMemo, useState } from 'react';
 import {
   EuiButton,
   EuiButtonEmpty,
-  EuiIcon,
   EuiModal,
   EuiModalFooter,
-  EuiKeyPadMenu,
-  EuiKeyPadMenuItem,
   EuiPage,
   EuiPageBody,
-  EuiPageSidebar,
   EuiSplitPanel,
 } from '@elastic/eui';
 
@@ -80,16 +76,7 @@ export const AssistantSettings: React.FC<Props> = React.memo(
     conversations,
     conversationsLoaded,
   }) => {
-    const {
-      assistantFeatures: {
-        assistantModelEvaluation: modelEvaluatorEnabled,
-        assistantKnowledgeBaseByDefault,
-      },
-      http,
-      toasts,
-      selectedSettingsTab,
-      setSelectedSettingsTab,
-    } = useAssistantContext();
+    const { http, toasts, selectedSettingsTab, setSelectedSettingsTab } = useAssistantContext();
 
     useEffect(() => {
       if (selectedSettingsTab == null) {
@@ -214,115 +201,6 @@ export const AssistantSettings: React.FC<Props> = React.memo(
     return (
       <StyledEuiModal data-test-subj={TEST_IDS.SETTINGS_MODAL} onClose={onClose}>
         <EuiPage paddingSize="none">
-          {!assistantKnowledgeBaseByDefault && (
-            <EuiPageSidebar
-              paddingSize="xs"
-              css={css`
-                min-inline-size: unset !important;
-                max-width: 104px;
-              `}
-            >
-              <EuiKeyPadMenu>
-                <EuiKeyPadMenuItem
-                  id={CONVERSATIONS_TAB}
-                  label={i18n.CONVERSATIONS_MENU_ITEM}
-                  isSelected={!selectedSettingsTab || selectedSettingsTab === CONVERSATIONS_TAB}
-                  onClick={() => setSelectedSettingsTab(CONVERSATIONS_TAB)}
-                  data-test-subj={`${CONVERSATIONS_TAB}-button`}
-                >
-                  <>
-                    <EuiIcon
-                      type="editorComment"
-                      size="xl"
-                      css={css`
-                        position: relative;
-                        top: -10px;
-                      `}
-                    />
-                    <EuiIcon
-                      type="editorComment"
-                      size="l"
-                      css={css`
-                        position: relative;
-                        transform: rotateY(180deg);
-                        top: -7px;
-                      `}
-                    />
-                  </>
-                </EuiKeyPadMenuItem>
-                <EuiKeyPadMenuItem
-                  id={QUICK_PROMPTS_TAB}
-                  label={i18n.QUICK_PROMPTS_MENU_ITEM}
-                  isSelected={selectedSettingsTab === QUICK_PROMPTS_TAB}
-                  onClick={() => setSelectedSettingsTab(QUICK_PROMPTS_TAB)}
-                  data-test-subj={`${QUICK_PROMPTS_TAB}-button`}
-                >
-                  <>
-                    <EuiIcon type="editorComment" size="xxl" />
-                    <EuiIcon
-                      type="bolt"
-                      size="s"
-                      color="warning"
-                      css={css`
-                        position: absolute;
-                        top: 11px;
-                        left: 14px;
-                      `}
-                    />
-                  </>
-                </EuiKeyPadMenuItem>
-                <EuiKeyPadMenuItem
-                  id={SYSTEM_PROMPTS_TAB}
-                  label={i18n.SYSTEM_PROMPTS_MENU_ITEM}
-                  isSelected={selectedSettingsTab === SYSTEM_PROMPTS_TAB}
-                  onClick={() => setSelectedSettingsTab(SYSTEM_PROMPTS_TAB)}
-                  data-test-subj={`${SYSTEM_PROMPTS_TAB}-button`}
-                >
-                  <EuiIcon type="editorComment" size="xxl" />
-                  <EuiIcon
-                    type="storage"
-                    size="s"
-                    color="success"
-                    css={css`
-                      position: absolute;
-                      top: 11px;
-                      left: 14px;
-                    `}
-                  />
-                </EuiKeyPadMenuItem>
-                <EuiKeyPadMenuItem
-                  id={ANONYMIZATION_TAB}
-                  label={i18n.ANONYMIZATION_MENU_ITEM}
-                  isSelected={selectedSettingsTab === ANONYMIZATION_TAB}
-                  onClick={() => setSelectedSettingsTab(ANONYMIZATION_TAB)}
-                  data-test-subj={`${ANONYMIZATION_TAB}-button`}
-                >
-                  <EuiIcon type="eyeClosed" size="l" />
-                </EuiKeyPadMenuItem>
-                <EuiKeyPadMenuItem
-                  id={KNOWLEDGE_BASE_TAB}
-                  label={i18n.KNOWLEDGE_BASE_MENU_ITEM}
-                  isSelected={selectedSettingsTab === KNOWLEDGE_BASE_TAB}
-                  onClick={() => setSelectedSettingsTab(KNOWLEDGE_BASE_TAB)}
-                  data-test-subj={`${KNOWLEDGE_BASE_TAB}-button`}
-                >
-                  <EuiIcon type="notebookApp" size="l" />
-                </EuiKeyPadMenuItem>
-                {modelEvaluatorEnabled && (
-                  <EuiKeyPadMenuItem
-                    id={EVALUATION_TAB}
-                    label={i18n.EVALUATION_MENU_ITEM}
-                    isSelected={selectedSettingsTab === EVALUATION_TAB}
-                    onClick={() => setSelectedSettingsTab(EVALUATION_TAB)}
-                    data-test-subj={`${EVALUATION_TAB}-button`}
-                  >
-                    <EuiIcon type="crossClusterReplicationApp" size="l" />
-                  </EuiKeyPadMenuItem>
-                )}
-              </EuiKeyPadMenu>
-            </EuiPageSidebar>
-          )}
-
           <EuiPageBody paddingSize="none" panelled={true}>
             <EuiSplitPanel.Outer grow={true}>
               <EuiSplitPanel.Inner
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/settings/assistant_settings_button.test.tsx b/x-pack/packages/kbn-elastic-assistant/impl/assistant/settings/assistant_settings_modal.test.tsx
similarity index 78%
rename from x-pack/packages/kbn-elastic-assistant/impl/assistant/settings/assistant_settings_button.test.tsx
rename to x-pack/packages/kbn-elastic-assistant/impl/assistant/settings/assistant_settings_modal.test.tsx
index 6a0909d344968..87537fa368d9f 100644
--- a/x-pack/packages/kbn-elastic-assistant/impl/assistant/settings/assistant_settings_button.test.tsx
+++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant/settings/assistant_settings_modal.test.tsx
@@ -9,9 +9,8 @@ import React from 'react';
 import { render, fireEvent } from '@testing-library/react';
 import { OpenAiProviderType } from '@kbn/stack-connectors-plugin/common/openai/constants';
 
-import { AssistantSettingsButton } from './assistant_settings_button';
+import { AssistantSettingsModal } from './assistant_settings_modal';
 import { welcomeConvo } from '../../mock/conversation';
-import { CONVERSATIONS_TAB } from './const';
 
 const setIsSettingsModalVisible = jest.fn();
 const onConversationSelected = jest.fn();
@@ -54,21 +53,14 @@ jest.mock('./assistant_settings', () => ({
   ),
 }));
 
-describe('AssistantSettingsButton', () => {
+describe('AssistantSettingsModal', () => {
   beforeEach(() => {
     jest.clearAllMocks();
   });
 
-  it('Clicking the settings gear opens the conversations tab', () => {
-    const { getByTestId } = render(<AssistantSettingsButton {...testProps} />);
-    fireEvent.click(getByTestId('settings'));
-    expect(setSelectedSettingsTab).toHaveBeenCalledWith(CONVERSATIONS_TAB);
-    expect(setIsSettingsModalVisible).toHaveBeenCalledWith(true);
-  });
-
   it('Settings modal is visible and calls correct actions per click', () => {
     const { getByTestId } = render(
-      <AssistantSettingsButton {...testProps} isSettingsModalVisible />
+      <AssistantSettingsModal {...testProps} isSettingsModalVisible />
     );
     fireEvent.click(getByTestId('on-close'));
     expect(setIsSettingsModalVisible).toHaveBeenCalledWith(false);
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/settings/assistant_settings_button.tsx b/x-pack/packages/kbn-elastic-assistant/impl/assistant/settings/assistant_settings_modal.tsx
similarity index 60%
rename from x-pack/packages/kbn-elastic-assistant/impl/assistant/settings/assistant_settings_button.tsx
rename to x-pack/packages/kbn-elastic-assistant/impl/assistant/settings/assistant_settings_modal.tsx
index 3d6544643ba3e..5f2d677adc9ee 100644
--- a/x-pack/packages/kbn-elastic-assistant/impl/assistant/settings/assistant_settings_button.tsx
+++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant/settings/assistant_settings_modal.tsx
@@ -6,7 +6,6 @@
  */
 
 import React, { useCallback } from 'react';
-import { EuiButtonIcon, EuiToolTip } from '@elastic/eui';
 import { QueryObserverResult, RefetchOptions, RefetchQueryFilters } from '@tanstack/react-query';
 import { DataStreamApis } from '../use_data_stream_apis';
 import { AIConnector } from '../../connectorland/connector_selector';
@@ -14,7 +13,6 @@ import { Conversation } from '../../..';
 import { AssistantSettings } from './assistant_settings';
 import * as i18n from './translations';
 import { useAssistantContext } from '../../assistant_context';
-import { CONVERSATIONS_TAB } from './const';
 
 interface Props {
   defaultConnector?: AIConnector;
@@ -32,12 +30,11 @@ interface Props {
 }
 
 /**
- * Gear button that opens the assistant settings modal
+ * Assistant settings modal
  */
-export const AssistantSettingsButton: React.FC<Props> = React.memo(
+export const AssistantSettingsModal: React.FC<Props> = React.memo(
   ({
     defaultConnector,
-    isDisabled = false,
     isSettingsModalVisible,
     setIsSettingsModalVisible,
     selectedConversationId,
@@ -47,11 +44,7 @@ export const AssistantSettingsButton: React.FC<Props> = React.memo(
     refetchCurrentUserConversations,
     refetchPrompts,
   }) => {
-    const {
-      assistantFeatures: { assistantKnowledgeBaseByDefault },
-      toasts,
-      setSelectedSettingsTab,
-    } = useAssistantContext();
+    const { toasts } = useAssistantContext();
 
     // Modal control functions
     const cleanupAndCloseModal = useCallback(() => {
@@ -79,41 +72,20 @@ export const AssistantSettingsButton: React.FC<Props> = React.memo(
       [cleanupAndCloseModal, refetchCurrentUserConversations, refetchPrompts, toasts]
     );
 
-    const handleShowConversationSettings = useCallback(() => {
-      setSelectedSettingsTab(CONVERSATIONS_TAB);
-      setIsSettingsModalVisible(true);
-    }, [setIsSettingsModalVisible, setSelectedSettingsTab]);
-
     return (
-      <>
-        {!assistantKnowledgeBaseByDefault && (
-          <EuiToolTip position="right" content={i18n.SETTINGS_TOOLTIP}>
-            <EuiButtonIcon
-              aria-label={i18n.SETTINGS}
-              data-test-subj="settings"
-              onClick={handleShowConversationSettings}
-              isDisabled={isDisabled}
-              iconType="gear"
-              size="xs"
-              color="text"
-            />
-          </EuiToolTip>
-        )}
-
-        {isSettingsModalVisible && (
-          <AssistantSettings
-            defaultConnector={defaultConnector}
-            selectedConversationId={selectedConversationId}
-            onConversationSelected={onConversationSelected}
-            onClose={handleCloseModal}
-            onSave={handleSave}
-            conversations={conversations}
-            conversationsLoaded={conversationsLoaded}
-          />
-        )}
-      </>
+      isSettingsModalVisible && (
+        <AssistantSettings
+          defaultConnector={defaultConnector}
+          selectedConversationId={selectedConversationId}
+          onConversationSelected={onConversationSelected}
+          onClose={handleCloseModal}
+          onSave={handleSave}
+          conversations={conversations}
+          conversationsLoaded={conversationsLoaded}
+        />
+      )
     );
   }
 );
 
-AssistantSettingsButton.displayName = 'AssistantSettingsButton';
+AssistantSettingsModal.displayName = 'AssistantSettingsModal';
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/settings/settings_context_menu/settings_context_menu.tsx b/x-pack/packages/kbn-elastic-assistant/impl/assistant/settings/settings_context_menu/settings_context_menu.tsx
index baed2ff4cdb86..7b55e994b47ad 100644
--- a/x-pack/packages/kbn-elastic-assistant/impl/assistant/settings/settings_context_menu/settings_context_menu.tsx
+++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant/settings/settings_context_menu/settings_context_menu.tsx
@@ -5,7 +5,7 @@
  * 2.0.
  */
 
-import React, { ReactElement, useCallback, useMemo, useState } from 'react';
+import React, { useCallback, useMemo, useState } from 'react';
 import {
   EuiFlexGroup,
   EuiFlexItem,
@@ -32,11 +32,7 @@ interface Params {
 
 export const SettingsContextMenu: React.FC<Params> = React.memo(
   ({ isDisabled = false, onChatCleared }: Params) => {
-    const {
-      navigateToApp,
-      knowledgeBase,
-      assistantFeatures: { assistantKnowledgeBaseByDefault: enableKnowledgeBaseByDefault },
-    } = useAssistantContext();
+    const { navigateToApp, knowledgeBase } = useAssistantContext();
 
     const [isPopoverOpen, setPopover] = useState(false);
 
@@ -91,12 +87,11 @@ export const SettingsContextMenu: React.FC<Params> = React.memo(
       closePopover();
     }, [closePopover, showAlertSettingsModal]);
 
-    // We are migrating away from the settings modal in favor of the new Stack Management UI
-    // Currently behind `assistantKnowledgeBaseByDefault` FF
-    const newItems: ReactElement[] = useMemo(
+    const items = useMemo(
       () => [
         <EuiContextMenuItem
           aria-label={'ai-assistant-settings'}
+          key={'ai-assistant-settings'}
           onClick={handleNavigateToSettings}
           icon={'gear'}
           data-test-subj={'ai-assistant-settings'}
@@ -105,6 +100,7 @@ export const SettingsContextMenu: React.FC<Params> = React.memo(
         </EuiContextMenuItem>,
         <EuiContextMenuItem
           aria-label={'knowledge-base'}
+          key={'knowledge-base'}
           onClick={handleNavigateToKnowledgeBase}
           icon={'documents'}
           data-test-subj={'knowledge-base'}
@@ -113,6 +109,7 @@ export const SettingsContextMenu: React.FC<Params> = React.memo(
         </EuiContextMenuItem>,
         <EuiContextMenuItem
           aria-label={'anonymization'}
+          key={'anonymization'}
           onClick={handleNavigateToAnonymization}
           icon={'eye'}
           data-test-subj={'anonymization'}
@@ -121,6 +118,7 @@ export const SettingsContextMenu: React.FC<Params> = React.memo(
         </EuiContextMenuItem>,
         <EuiContextMenuItem
           aria-label={'alerts-to-analyze'}
+          key={'alerts-to-analyze'}
           onClick={handleShowAlertsModal}
           icon={'magnifyWithExclamation'}
           data-test-subj={'alerts-to-analyze'}
@@ -134,21 +132,9 @@ export const SettingsContextMenu: React.FC<Params> = React.memo(
             </EuiFlexItem>
           </EuiFlexGroup>
         </EuiContextMenuItem>,
-      ],
-      [
-        handleNavigateToAnonymization,
-        handleNavigateToKnowledgeBase,
-        handleNavigateToSettings,
-        handleShowAlertsModal,
-        knowledgeBase.latestAlerts,
-      ]
-    );
-
-    const items = useMemo(
-      () => [
-        ...(enableKnowledgeBaseByDefault ? newItems : []),
         <EuiContextMenuItem
           aria-label={'clear-chat'}
+          key={'clear-chat'}
           onClick={showDestroyModal}
           icon={'refresh'}
           data-test-subj={'clear-chat'}
@@ -160,7 +146,14 @@ export const SettingsContextMenu: React.FC<Params> = React.memo(
         </EuiContextMenuItem>,
       ],
 
-      [enableKnowledgeBaseByDefault, newItems, showDestroyModal]
+      [
+        handleNavigateToAnonymization,
+        handleNavigateToKnowledgeBase,
+        handleNavigateToSettings,
+        handleShowAlertsModal,
+        knowledgeBase.latestAlerts,
+        showDestroyModal,
+      ]
     );
 
     const handleReset = useCallback(() => {
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/knowledge_base/alerts_range.test.tsx b/x-pack/packages/kbn-elastic-assistant/impl/knowledge_base/alerts_range.test.tsx
new file mode 100644
index 0000000000000..1aaf7879b1c0b
--- /dev/null
+++ b/x-pack/packages/kbn-elastic-assistant/impl/knowledge_base/alerts_range.test.tsx
@@ -0,0 +1,86 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { fireEvent, render, screen } from '@testing-library/react';
+import React from 'react';
+
+import { AlertsRange } from './alerts_range';
+import {
+  MAX_LATEST_ALERTS,
+  MIN_LATEST_ALERTS,
+} from '../assistant/settings/alerts_settings/alerts_settings';
+import { KnowledgeBaseConfig } from '../assistant/types';
+
+const nonDefaultMin = MIN_LATEST_ALERTS + 5000;
+const nonDefaultMax = nonDefaultMin + 5000;
+
+describe('AlertsRange', () => {
+  beforeEach(() => jest.clearAllMocks());
+
+  it('renders the expected default min alerts', () => {
+    render(<AlertsRange value={200} />);
+
+    expect(screen.getByText(`${MIN_LATEST_ALERTS}`)).toBeInTheDocument();
+  });
+
+  it('renders the expected NON-default min alerts', () => {
+    render(
+      <AlertsRange maxAlerts={nonDefaultMax} minAlerts={nonDefaultMin} value={nonDefaultMin} />
+    );
+
+    expect(screen.getByText(`${nonDefaultMin}`)).toBeInTheDocument();
+  });
+
+  it('renders the expected default max alerts', () => {
+    render(<AlertsRange value={200} />);
+
+    expect(screen.getByText(`${MAX_LATEST_ALERTS}`)).toBeInTheDocument();
+  });
+
+  it('renders the expected NON-default max alerts', () => {
+    render(
+      <AlertsRange maxAlerts={nonDefaultMax} minAlerts={nonDefaultMin} value={nonDefaultMax} />
+    );
+
+    expect(screen.getByText(`${nonDefaultMax}`)).toBeInTheDocument();
+  });
+
+  it('calls onChange when the range value changes', () => {
+    const mockOnChange = jest.fn();
+    render(<AlertsRange onChange={mockOnChange} value={MIN_LATEST_ALERTS} />);
+
+    fireEvent.click(screen.getByText(`${MAX_LATEST_ALERTS}`));
+
+    expect(mockOnChange).toHaveBeenCalled();
+  });
+
+  it('calls setUpdatedKnowledgeBaseSettings with the expected arguments', () => {
+    const mockSetUpdatedKnowledgeBaseSettings = jest.fn();
+    const knowledgeBase: KnowledgeBaseConfig = { latestAlerts: 150 };
+
+    render(
+      <AlertsRange
+        knowledgeBase={knowledgeBase}
+        setUpdatedKnowledgeBaseSettings={mockSetUpdatedKnowledgeBaseSettings}
+        value={MIN_LATEST_ALERTS}
+      />
+    );
+
+    fireEvent.click(screen.getByText(`${MAX_LATEST_ALERTS}`));
+
+    expect(mockSetUpdatedKnowledgeBaseSettings).toHaveBeenCalledWith({
+      ...knowledgeBase,
+      latestAlerts: MAX_LATEST_ALERTS,
+    });
+  });
+
+  it('renders with the correct initial value', () => {
+    render(<AlertsRange value={250} />);
+
+    expect(screen.getByTestId('alertsRange')).toHaveValue('250');
+  });
+});
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/knowledge_base/knowledge_base_settings.test.tsx b/x-pack/packages/kbn-elastic-assistant/impl/knowledge_base/knowledge_base_settings.test.tsx
index 763a2578ee273..b44dc682218d0 100644
--- a/x-pack/packages/kbn-elastic-assistant/impl/knowledge_base/knowledge_base_settings.test.tsx
+++ b/x-pack/packages/kbn-elastic-assistant/impl/knowledge_base/knowledge_base_settings.test.tsx
@@ -47,15 +47,6 @@ const defaultProps = {
   },
   setUpdatedKnowledgeBaseSettings,
 };
-const mockDelete = jest.fn();
-jest.mock('../assistant/api/knowledge_base/use_delete_knowledge_base', () => ({
-  useDeleteKnowledgeBase: jest.fn(() => {
-    return {
-      mutate: mockDelete,
-      isLoading: false,
-    };
-  }),
-}));
 
 const mockSetup = jest.fn();
 jest.mock('../assistant/api/knowledge_base/use_setup_knowledge_base', () => ({
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/knowledge_base/knowledge_base_settings_management/index.test.tsx b/x-pack/packages/kbn-elastic-assistant/impl/knowledge_base/knowledge_base_settings_management/index.test.tsx
index 180b88fc3cdc8..4900a6b0966e3 100644
--- a/x-pack/packages/kbn-elastic-assistant/impl/knowledge_base/knowledge_base_settings_management/index.test.tsx
+++ b/x-pack/packages/kbn-elastic-assistant/impl/knowledge_base/knowledge_base_settings_management/index.test.tsx
@@ -32,7 +32,6 @@ const mockContext = {
   http: {
     get: jest.fn(),
   },
-  assistantFeatures: { assistantKnowledgeBaseByDefault: true },
   selectedSettingsTab: null,
   assistantAvailability: {
     isAssistantEnabled: true,
@@ -175,17 +174,6 @@ describe('KnowledgeBaseSettingsManagement', () => {
       isLoading: false,
     });
   });
-  it('renders old kb settings when enableKnowledgeBaseByDefault is not enabled', () => {
-    (useAssistantContext as jest.Mock).mockImplementation(() => ({
-      ...mockContext,
-      assistantFeatures: {
-        assistantKnowledgeBaseByDefault: false,
-      },
-    }));
-    render(<KnowledgeBaseSettingsManagement dataViews={mockDataViews} />, { wrapper });
-
-    expect(screen.getByTestId('knowledge-base-settings')).toBeInTheDocument();
-  });
   it('renders loading spinner when data is not fetched', () => {
     (useKnowledgeBaseStatus as jest.Mock).mockReturnValue({ data: {}, isFetched: false });
     render(<KnowledgeBaseSettingsManagement dataViews={mockDataViews} />, {
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/knowledge_base/knowledge_base_settings_management/index.tsx b/x-pack/packages/kbn-elastic-assistant/impl/knowledge_base/knowledge_base_settings_management/index.tsx
index 86b3594daa3cd..183e74a18247a 100644
--- a/x-pack/packages/kbn-elastic-assistant/impl/knowledge_base/knowledge_base_settings_management/index.tsx
+++ b/x-pack/packages/kbn-elastic-assistant/impl/knowledge_base/knowledge_base_settings_management/index.tsx
@@ -48,7 +48,6 @@ import { Flyout } from '../../assistant/common/components/assistant_settings_man
 import { useFlyoutModalVisibility } from '../../assistant/common/components/assistant_settings_management/flyout/use_flyout_modal_visibility';
 import { IndexEntryEditor } from './index_entry_editor';
 import { DocumentEntryEditor } from './document_entry_editor';
-import { KnowledgeBaseSettings } from '../knowledge_base_settings';
 import { SetupKnowledgeBaseButton } from '../setup_knowledge_base_button';
 import { useDeleteKnowledgeBaseEntries } from '../../assistant/api/knowledge_base/entries/use_delete_knowledge_base_entries';
 import {
@@ -73,7 +72,6 @@ interface Params {
 
 export const KnowledgeBaseSettingsManagement: React.FC<Params> = React.memo(({ dataViews }) => {
   const {
-    assistantFeatures: { assistantKnowledgeBaseByDefault: enableKnowledgeBaseByDefault },
     assistantAvailability: { hasManageGlobalKnowledgeBase, isAssistantEnabled },
     http,
     toasts,
@@ -162,7 +160,7 @@ export const KnowledgeBaseSettingsManagement: React.FC<Params> = React.memo(({ d
   } = useKnowledgeBaseEntries({
     http,
     toasts,
-    enabled: enableKnowledgeBaseByDefault && isAssistantEnabled,
+    enabled: isAssistantEnabled,
     isRefetching: kbStatus?.is_setup_in_progress,
   });
 
@@ -332,21 +330,6 @@ export const KnowledgeBaseSettingsManagement: React.FC<Params> = React.memo(({ d
     }
   }, [createEntry, duplicateKBItem, resetStateAndCloseFlyout]);
 
-  if (!enableKnowledgeBaseByDefault) {
-    return (
-      <>
-        <KnowledgeBaseSettings
-          knowledgeBase={knowledgeBase}
-          setUpdatedKnowledgeBaseSettings={handleUpdateKnowledgeBaseSettings}
-        />
-        <AssistantSettingsBottomBar
-          hasPendingChanges={hasPendingChanges}
-          onCancelClick={onCancelClick}
-          onSaveButtonClicked={onSaveButtonClicked}
-        />
-      </>
-    );
-  }
   return (
     <>
       <EuiPanel hasShadow={false} hasBorder paddingSize="l">
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/tour/knowledge_base/index.test.tsx b/x-pack/packages/kbn-elastic-assistant/impl/tour/knowledge_base/index.test.tsx
index 4dfd4657212f8..898a97ec2e233 100644
--- a/x-pack/packages/kbn-elastic-assistant/impl/tour/knowledge_base/index.test.tsx
+++ b/x-pack/packages/kbn-elastic-assistant/impl/tour/knowledge_base/index.test.tsx
@@ -35,9 +35,6 @@ describe('Attack discovery tour', () => {
     jest.clearAllMocks();
     (useAssistantContext as jest.Mock).mockReturnValue({
       navigateToApp,
-      assistantFeatures: {
-        assistantKnowledgeBaseByDefault: true,
-      },
     });
     jest.mocked(useLocalStorage).mockReturnValue([
       {
@@ -68,25 +65,6 @@ describe('Attack discovery tour', () => {
     expect(screen.queryByTestId('knowledgeBase-tour-step-2')).toBeNull();
   });
 
-  it('should not render any tour steps when knowledge base feature flag is not activated', () => {
-    (useAssistantContext as jest.Mock).mockReturnValue({
-      navigateToApp,
-      assistantFeatures: {
-        assistantKnowledgeBaseByDefault: false,
-      },
-    });
-    render(
-      <KnowledgeBaseTour>
-        <h1>{'Hello world'}</h1>
-      </KnowledgeBaseTour>,
-      {
-        wrapper: TestProviders,
-      }
-    );
-    expect(screen.queryByTestId('knowledgeBase-tour-step-1')).toBeNull();
-    expect(screen.queryByTestId('knowledgeBase-tour-step-2')).toBeNull();
-  });
-
   it('should not render any tour steps when tour is on step 2 and page is not knowledge base', () => {
     jest.mocked(useLocalStorage).mockReturnValue([
       {
diff --git a/x-pack/packages/kbn-elastic-assistant/impl/tour/knowledge_base/index.tsx b/x-pack/packages/kbn-elastic-assistant/impl/tour/knowledge_base/index.tsx
index f7ef0252147c0..8d71b4491a2fd 100644
--- a/x-pack/packages/kbn-elastic-assistant/impl/tour/knowledge_base/index.tsx
+++ b/x-pack/packages/kbn-elastic-assistant/impl/tour/knowledge_base/index.tsx
@@ -28,10 +28,7 @@ const KnowledgeBaseTourComp: React.FC<{
   children?: EuiTourStepProps['children'];
   isKbSettingsPage?: boolean;
 }> = ({ children, isKbSettingsPage = false }) => {
-  const {
-    navigateToApp,
-    assistantFeatures: { assistantKnowledgeBaseByDefault: enableKnowledgeBaseByDefault },
-  } = useAssistantContext();
+  const { navigateToApp } = useAssistantContext();
 
   const [tourState, setTourState] = useLocalStorage<TourState>(
     NEW_FEATURES_TOUR_STORAGE_KEYS.KNOWLEDGE_BASE,
@@ -106,7 +103,7 @@ const KnowledgeBaseTourComp: React.FC<{
     return () => clearTimeout(timer);
   }, []);
 
-  if (!enableKnowledgeBaseByDefault || isTestAutomation || !tourState?.isTourActive) {
+  if (isTestAutomation || !tourState?.isTourActive) {
     return children ?? null;
   }
 
diff --git a/x-pack/packages/kbn-entities-schema/src/schema/entity.ts b/x-pack/packages/kbn-entities-schema/src/schema/entity.ts
index 9ab02e0931d9c..7bfe505face19 100644
--- a/x-pack/packages/kbn-entities-schema/src/schema/entity.ts
+++ b/x-pack/packages/kbn-entities-schema/src/schema/entity.ts
@@ -11,9 +11,9 @@ import { arrayOfStringsSchema } from './common';
 export const entityBaseSchema = z.object({
   id: z.string(),
   type: z.string(),
-  identity_fields: arrayOfStringsSchema,
+  identity_fields: z.union([arrayOfStringsSchema, z.string()]),
   display_name: z.string(),
-  metrics: z.record(z.string(), z.number()),
+  metrics: z.optional(z.record(z.string(), z.number())),
   definition_version: z.string(),
   schema_version: z.string(),
   definition_id: z.string(),
@@ -24,10 +24,13 @@ export interface MetadataRecord {
 }
 
 const literalSchema = z.union([z.string(), z.number(), z.boolean(), z.null()]);
+
 type Literal = z.infer<typeof literalSchema>;
-type Metadata = Literal | { [key: string]: Metadata } | Metadata[];
+interface Metadata {
+  [key: string]: Metadata | Literal | Literal[];
+}
 export const entityMetadataSchema: z.ZodType<Metadata> = z.lazy(() =>
-  z.union([literalSchema, z.array(entityMetadataSchema), z.record(entityMetadataSchema)])
+  z.record(z.string(), z.union([literalSchema, z.array(literalSchema), entityMetadataSchema]))
 );
 
 export const entityLatestSchema = z
@@ -39,3 +42,6 @@ export const entityLatestSchema = z
     ),
   })
   .and(entityMetadataSchema);
+
+export type EntityInstance = z.infer<typeof entityLatestSchema>;
+export type EntityMetadata = z.infer<typeof entityMetadataSchema>;
diff --git a/x-pack/packages/ml/aiops_log_pattern_analysis/constants.ts b/x-pack/packages/ml/aiops_log_pattern_analysis/constants.ts
index e88944a83b8bb..ff068307425bc 100644
--- a/x-pack/packages/ml/aiops_log_pattern_analysis/constants.ts
+++ b/x-pack/packages/ml/aiops_log_pattern_analysis/constants.ts
@@ -5,6 +5,8 @@
  * 2.0.
  */
 
+export const CASES_ATTACHMENT_LOG_PATTERN = 'aiopsPatternAnalysisEmbeddable';
+
 export const EMBEDDABLE_PATTERN_ANALYSIS_TYPE = 'aiopsPatternAnalysisEmbeddable' as const;
 
 export const PATTERN_ANALYSIS_DATA_VIEW_REF_NAME = 'aiopsPatternAnalysisEmbeddableDataViewId';
diff --git a/x-pack/packages/ml/date_picker/src/components/date_picker_wrapper.tsx b/x-pack/packages/ml/date_picker/src/components/date_picker_wrapper.tsx
index 8f42d755144a8..c8792ab3f9d9e 100644
--- a/x-pack/packages/ml/date_picker/src/components/date_picker_wrapper.tsx
+++ b/x-pack/packages/ml/date_picker/src/components/date_picker_wrapper.tsx
@@ -18,6 +18,7 @@ import {
   EuiFlexItem,
   EuiSuperDatePicker,
   type EuiSuperDatePickerProps,
+  EuiToolTip,
 } from '@elastic/eui';
 
 import type { TimeRange } from '@kbn/es-query';
@@ -103,6 +104,10 @@ interface DatePickerWrapperProps {
    * when EuiSuperDatePicker's 'Refresh'|'Update' button is clicked
    */
   onRefresh?: () => void;
+  /**
+   * Tooltip message for the update button
+   */
+  tooltipMessage?: string;
 }
 
 /**
@@ -122,6 +127,7 @@ export const DatePickerWrapper: FC<DatePickerWrapperProps> = (props) => {
     isDisabled = false,
     needsUpdate,
     onRefresh,
+    tooltipMessage,
   } = props;
   const {
     data,
@@ -318,34 +324,40 @@ export const DatePickerWrapper: FC<DatePickerWrapperProps> = (props) => {
           recentlyUsedRanges={recentlyUsedRanges}
           dateFormat={dateFormat}
           commonlyUsedRanges={commonlyUsedRanges}
+          isDisabled={isDisabled}
           updateButtonProps={{
             iconOnly: isWithinLBreakpoint,
             fill: false,
             ...(needsUpdate ? { needsUpdate } : {}),
           }}
           width={width}
-          isDisabled={isDisabled}
         />
       </EuiFlexItem>
       {showRefresh === true || !isTimeRangeSelectorEnabled ? (
         <EuiFlexItem grow={false}>
-          <EuiButton
-            fill={false}
-            color={needsUpdate ? 'success' : 'primary'}
-            iconType={needsUpdate ? 'kqlFunction' : 'refresh'}
-            onClick={handleRefresh}
-            data-test-subj={`mlDatePickerRefreshPageButton${isLoading ? ' loading' : ' loaded'}`}
-            isLoading={isLoading}
-          >
-            {needsUpdate ? (
-              <FormattedMessage id="xpack.ml.datePicker.pageUpdateButton" defaultMessage="Update" />
-            ) : (
-              <FormattedMessage
-                id="xpack.ml.datePicker.pageRefreshButton"
-                defaultMessage="Refresh"
-              />
-            )}
-          </EuiButton>
+          <EuiToolTip content={tooltipMessage}>
+            <EuiButton
+              fill={false}
+              color={needsUpdate ? 'success' : 'primary'}
+              iconType={needsUpdate ? 'kqlFunction' : 'refresh'}
+              onClick={handleRefresh}
+              data-test-subj={`mlDatePickerRefreshPageButton${isLoading ? ' loading' : ' loaded'}`}
+              isLoading={isLoading}
+              isDisabled={isDisabled}
+            >
+              {needsUpdate ? (
+                <FormattedMessage
+                  id="xpack.ml.datePicker.pageUpdateButton"
+                  defaultMessage="Update"
+                />
+              ) : (
+                <FormattedMessage
+                  id="xpack.ml.datePicker.pageRefreshButton"
+                  defaultMessage="Refresh"
+                />
+              )}
+            </EuiButton>
+          </EuiToolTip>
         </EuiFlexItem>
       ) : null}
     </>
diff --git a/x-pack/packages/observability/observability_utils/README.md b/x-pack/packages/observability/observability_utils/README.md
deleted file mode 100644
index bd74c0bdffb47..0000000000000
--- a/x-pack/packages/observability/observability_utils/README.md
+++ /dev/null
@@ -1,5 +0,0 @@
-# @kbn/observability-utils
-
-This package contains utilities for Observability plugins. It's a separate package to get out of dependency hell. You can put anything in here that is stateless and has no dependency on other plugins (either directly or via other packages).
-
-The utility functions should be used via direct imports to minimize impact on bundle size and limit the risk on importing browser code to the server and vice versa.
diff --git a/x-pack/packages/observability/observability_utils/es/client/create_observability_es_client.ts b/x-pack/packages/observability/observability_utils/es/client/create_observability_es_client.ts
deleted file mode 100644
index 0011e0f17c1c0..0000000000000
--- a/x-pack/packages/observability/observability_utils/es/client/create_observability_es_client.ts
+++ /dev/null
@@ -1,88 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import type { ElasticsearchClient, Logger } from '@kbn/core/server';
-import type { ESQLSearchResponse, ESSearchRequest, InferSearchResponseOf } from '@kbn/es-types';
-import { withSpan } from '@kbn/apm-utils';
-import type { EsqlQueryRequest } from '@elastic/elasticsearch/lib/api/types';
-
-type SearchRequest = ESSearchRequest & {
-  index: string | string[];
-  track_total_hits: number | boolean;
-  size: number | boolean;
-};
-
-/**
- * An Elasticsearch Client with a fully typed `search` method and built-in
- * APM instrumentation.
- */
-export interface ObservabilityElasticsearchClient {
-  search<TDocument = unknown, TSearchRequest extends SearchRequest = SearchRequest>(
-    operationName: string,
-    parameters: TSearchRequest
-  ): Promise<InferSearchResponseOf<TDocument, TSearchRequest>>;
-  esql(operationName: string, parameters: EsqlQueryRequest): Promise<ESQLSearchResponse>;
-  client: ElasticsearchClient;
-}
-
-export function createObservabilityEsClient({
-  client,
-  logger,
-  plugin,
-}: {
-  client: ElasticsearchClient;
-  logger: Logger;
-  plugin: string;
-}): ObservabilityElasticsearchClient {
-  return {
-    client,
-    esql(operationName: string, parameters: EsqlQueryRequest) {
-      logger.trace(() => `Request (${operationName}):\n${JSON.stringify(parameters, null, 2)}`);
-      return withSpan({ name: operationName, labels: { plugin } }, () => {
-        return client.esql.query(
-          { ...parameters },
-          {
-            querystring: {
-              drop_null_columns: true,
-            },
-          }
-        );
-      })
-        .then((response) => {
-          logger.trace(() => `Response (${operationName}):\n${JSON.stringify(response, null, 2)}`);
-          return response as unknown as ESQLSearchResponse;
-        })
-        .catch((error) => {
-          throw error;
-        });
-    },
-    search<TDocument = unknown, TSearchRequest extends SearchRequest = SearchRequest>(
-      operationName: string,
-      parameters: SearchRequest
-    ) {
-      logger.trace(() => `Request (${operationName}):\n${JSON.stringify(parameters, null, 2)}`);
-      // wraps the search operation in a named APM span for better analysis
-      // (otherwise it would just be a _search span)
-      return withSpan(
-        {
-          name: operationName,
-          labels: {
-            plugin,
-          },
-        },
-        () => {
-          return client.search<TDocument>(parameters) as unknown as Promise<
-            InferSearchResponseOf<TDocument, TSearchRequest>
-          >;
-        }
-      ).then((response) => {
-        logger.trace(() => `Response (${operationName}):\n${JSON.stringify(response, null, 2)}`);
-        return response;
-      });
-    },
-  };
-}
diff --git a/x-pack/packages/observability/observability_utils/es/utils/esql_result_to_plain_objects.ts b/x-pack/packages/observability/observability_utils/es/utils/esql_result_to_plain_objects.ts
deleted file mode 100644
index 96049f75ef156..0000000000000
--- a/x-pack/packages/observability/observability_utils/es/utils/esql_result_to_plain_objects.ts
+++ /dev/null
@@ -1,30 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import type { ESQLSearchResponse } from '@kbn/es-types';
-
-export function esqlResultToPlainObjects<T extends Record<string, any>>(
-  result: ESQLSearchResponse
-): T[] {
-  return result.values.map((row) => {
-    return row.reduce<Record<string, unknown>>((acc, value, index) => {
-      const column = result.columns[index];
-
-      if (!column) {
-        return acc;
-      }
-
-      // Removes the type suffix from the column name
-      const name = column.name.replace(/\.(text|keyword)$/, '');
-      if (!acc[name]) {
-        acc[name] = value;
-      }
-
-      return acc;
-    }, {});
-  }) as T[];
-}
diff --git a/x-pack/packages/observability/observability_utils/chart/utils.ts b/x-pack/packages/observability/observability_utils/observability_utils_browser/chart/utils.ts
similarity index 100%
rename from x-pack/packages/observability/observability_utils/chart/utils.ts
rename to x-pack/packages/observability/observability_utils/observability_utils_browser/chart/utils.ts
diff --git a/x-pack/packages/observability/observability_utils/hooks/use_abort_controller.ts b/x-pack/packages/observability/observability_utils/observability_utils_browser/hooks/use_abort_controller.ts
similarity index 92%
rename from x-pack/packages/observability/observability_utils/hooks/use_abort_controller.ts
rename to x-pack/packages/observability/observability_utils/observability_utils_browser/hooks/use_abort_controller.ts
index a383e7b81b4d9..de5c70632b233 100644
--- a/x-pack/packages/observability/observability_utils/hooks/use_abort_controller.ts
+++ b/x-pack/packages/observability/observability_utils/observability_utils_browser/hooks/use_abort_controller.ts
@@ -18,6 +18,9 @@ export function useAbortController() {
 
   return {
     signal: controller.signal,
+    abort: () => {
+      controller.abort();
+    },
     refresh: () => {
       setController(() => new AbortController());
     },
diff --git a/x-pack/packages/observability/observability_utils/hooks/use_abortable_async.ts b/x-pack/packages/observability/observability_utils/observability_utils_browser/hooks/use_abortable_async.ts
similarity index 69%
rename from x-pack/packages/observability/observability_utils/hooks/use_abortable_async.ts
rename to x-pack/packages/observability/observability_utils/observability_utils_browser/hooks/use_abortable_async.ts
index 477d765ef7a7f..f0d2bf4a05872 100644
--- a/x-pack/packages/observability/observability_utils/hooks/use_abortable_async.ts
+++ b/x-pack/packages/observability/observability_utils/observability_utils_browser/hooks/use_abortable_async.ts
@@ -17,12 +17,32 @@ export type AbortableAsyncState<T> = (T extends Promise<infer TReturn>
   ? State<TReturn>
   : State<T>) & { refresh: () => void };
 
+export type AbortableAsyncStateOf<T extends AbortableAsyncState<any>> =
+  T extends AbortableAsyncState<infer TResponse> ? Awaited<TResponse> : never;
+
+interface UseAbortableAsyncOptions<T> {
+  clearValueOnNext?: boolean;
+  unsetValueOnError?: boolean;
+  defaultValue?: () => T;
+  onError?: (error: Error) => void;
+}
+
+export type UseAbortableAsync<
+  TAdditionalParameters extends Record<string, any> = {},
+  TAdditionalOptions extends Record<string, any> = {}
+> = <T>(
+  fn: ({}: { signal: AbortSignal } & TAdditionalParameters) => T | Promise<T>,
+  deps: any[],
+  options?: UseAbortableAsyncOptions<T> & TAdditionalOptions
+) => AbortableAsyncState<T>;
+
 export function useAbortableAsync<T>(
   fn: ({}: { signal: AbortSignal }) => T | Promise<T>,
   deps: any[],
-  options?: { clearValueOnNext?: boolean; defaultValue?: () => T }
+  options?: UseAbortableAsyncOptions<T>
 ): AbortableAsyncState<T> {
   const clearValueOnNext = options?.clearValueOnNext;
+  const unsetValueOnError = options?.unsetValueOnError;
 
   const controllerRef = useRef(new AbortController());
 
@@ -43,6 +63,15 @@ export function useAbortableAsync<T>(
       setError(undefined);
     }
 
+    function handleError(err: Error) {
+      setError(err);
+      if (unsetValueOnError) {
+        setValue(undefined);
+      }
+      setLoading(false);
+      options?.onError?.(err);
+    }
+
     try {
       const response = fn({ signal: controller.signal });
       if (isPromise(response)) {
@@ -52,12 +81,7 @@ export function useAbortableAsync<T>(
             setError(undefined);
             setValue(nextValue);
           })
-          .catch((err) => {
-            setValue(undefined);
-            if (!controller.signal.aborted) {
-              setError(err);
-            }
-          })
+          .catch(handleError)
           .finally(() => setLoading(false));
       } else {
         setError(undefined);
@@ -65,9 +89,7 @@ export function useAbortableAsync<T>(
         setLoading(false);
       }
     } catch (err) {
-      setValue(undefined);
-      setError(err);
-      setLoading(false);
+      handleError(err);
     }
 
     return () => {
diff --git a/x-pack/packages/observability/observability_utils/observability_utils_browser/hooks/use_date_range.ts b/x-pack/packages/observability/observability_utils/observability_utils_browser/hooks/use_date_range.ts
new file mode 100644
index 0000000000000..941e106247b87
--- /dev/null
+++ b/x-pack/packages/observability/observability_utils/observability_utils_browser/hooks/use_date_range.ts
@@ -0,0 +1,63 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { TimeRange } from '@kbn/data-plugin/common';
+import { DataPublicPluginStart } from '@kbn/data-plugin/public';
+import { useCallback, useEffect, useMemo, useState } from 'react';
+
+export function useDateRange({ data }: { data: DataPublicPluginStart }): {
+  timeRange: TimeRange;
+  absoluteTimeRange: {
+    start: number;
+    end: number;
+  };
+  setTimeRange: React.Dispatch<React.SetStateAction<TimeRange>>;
+} {
+  const timefilter = data.query.timefilter.timefilter;
+
+  const [timeRange, setTimeRange] = useState(() => timefilter.getTime());
+
+  const [absoluteTimeRange, setAbsoluteTimeRange] = useState(() => timefilter.getAbsoluteTime());
+
+  useEffect(() => {
+    const timeUpdateSubscription = timefilter.getTimeUpdate$().subscribe({
+      next: () => {
+        setTimeRange(() => timefilter.getTime());
+        setAbsoluteTimeRange(() => timefilter.getAbsoluteTime());
+      },
+    });
+
+    return () => {
+      timeUpdateSubscription.unsubscribe();
+    };
+  }, [timefilter]);
+
+  const setTimeRangeMemoized: React.Dispatch<React.SetStateAction<TimeRange>> = useCallback(
+    (nextOrCallback) => {
+      const val =
+        typeof nextOrCallback === 'function'
+          ? nextOrCallback(timefilter.getTime())
+          : nextOrCallback;
+
+      timefilter.setTime(val);
+    },
+    [timefilter]
+  );
+
+  const asEpoch = useMemo(() => {
+    return {
+      start: new Date(absoluteTimeRange.from).getTime(),
+      end: new Date(absoluteTimeRange.to).getTime(),
+    };
+  }, [absoluteTimeRange]);
+
+  return {
+    timeRange,
+    absoluteTimeRange: asEpoch,
+    setTimeRange: setTimeRangeMemoized,
+  };
+}
diff --git a/x-pack/packages/observability/observability_utils/observability_utils_browser/hooks/use_local_storage.ts b/x-pack/packages/observability/observability_utils/observability_utils_browser/hooks/use_local_storage.ts
new file mode 100644
index 0000000000000..ea9e13163e4b0
--- /dev/null
+++ b/x-pack/packages/observability/observability_utils/observability_utils_browser/hooks/use_local_storage.ts
@@ -0,0 +1,60 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { useState, useEffect, useMemo, useCallback } from 'react';
+
+export function useLocalStorage<T>(key: string, defaultValue: T) {
+  // This is necessary to fix a race condition issue.
+  // It guarantees that the latest value will be always returned after the value is updated
+  const [storageUpdate, setStorageUpdate] = useState(0);
+
+  const item = useMemo(() => {
+    return getFromStorage(key, defaultValue);
+    // eslint-disable-next-line react-hooks/exhaustive-deps
+  }, [key, storageUpdate, defaultValue]);
+
+  const saveToStorage = useCallback(
+    (value: T) => {
+      if (value === undefined) {
+        window.localStorage.removeItem(key);
+      } else {
+        window.localStorage.setItem(key, JSON.stringify(value));
+        setStorageUpdate(storageUpdate + 1);
+      }
+    },
+    [key, storageUpdate]
+  );
+
+  useEffect(() => {
+    function onUpdate(event: StorageEvent) {
+      if (event.key === key) {
+        setStorageUpdate(storageUpdate + 1);
+      }
+    }
+    window.addEventListener('storage', onUpdate);
+    return () => {
+      window.removeEventListener('storage', onUpdate);
+    };
+  }, [key, setStorageUpdate, storageUpdate]);
+
+  return useMemo(() => [item, saveToStorage] as const, [item, saveToStorage]);
+}
+
+function getFromStorage<T>(keyName: string, defaultValue: T) {
+  const storedItem = window.localStorage.getItem(keyName);
+
+  if (storedItem !== null) {
+    try {
+      return JSON.parse(storedItem) as T;
+    } catch (err) {
+      window.localStorage.removeItem(keyName);
+      // eslint-disable-next-line no-console
+      console.log(`Unable to decode: ${keyName}`);
+    }
+  }
+  return defaultValue;
+}
diff --git a/x-pack/packages/observability/observability_utils/hooks/use_theme.ts b/x-pack/packages/observability/observability_utils/observability_utils_browser/hooks/use_theme.ts
similarity index 100%
rename from x-pack/packages/observability/observability_utils/hooks/use_theme.ts
rename to x-pack/packages/observability/observability_utils/observability_utils_browser/hooks/use_theme.ts
diff --git a/x-pack/plugins/security_solution/common/api/endpoint/policy/deprecated_agent_policy_summary.ts b/x-pack/packages/observability/observability_utils/observability_utils_browser/jest.config.js
similarity index 54%
rename from x-pack/plugins/security_solution/common/api/endpoint/policy/deprecated_agent_policy_summary.ts
rename to x-pack/packages/observability/observability_utils/observability_utils_browser/jest.config.js
index f45cf48efa3de..33358c221fa1f 100644
--- a/x-pack/plugins/security_solution/common/api/endpoint/policy/deprecated_agent_policy_summary.ts
+++ b/x-pack/packages/observability/observability_utils/observability_utils_browser/jest.config.js
@@ -5,11 +5,10 @@
  * 2.0.
  */
 
-import { schema } from '@kbn/config-schema';
-
-export const GetAgentPolicySummaryRequestSchema = {
-  query: schema.object({
-    package_name: schema.string(),
-    policy_id: schema.nullable(schema.string()),
-  }),
+module.exports = {
+  preset: '@kbn/test',
+  rootDir: '../../../../..',
+  roots: [
+    '<rootDir>/x-pack/packages/observability/observability_utils/observability_utils_browser',
+  ],
 };
diff --git a/x-pack/packages/observability/observability_utils/observability_utils_browser/kibana.jsonc b/x-pack/packages/observability/observability_utils/observability_utils_browser/kibana.jsonc
new file mode 100644
index 0000000000000..dbee36828d080
--- /dev/null
+++ b/x-pack/packages/observability/observability_utils/observability_utils_browser/kibana.jsonc
@@ -0,0 +1,5 @@
+{
+  "type": "shared-browser",
+  "id": "@kbn/observability-utils-browser",
+  "owner": "@elastic/observability-ui"
+}
diff --git a/x-pack/packages/observability/observability_utils/observability_utils_browser/package.json b/x-pack/packages/observability/observability_utils/observability_utils_browser/package.json
new file mode 100644
index 0000000000000..c72c8c0b45eb0
--- /dev/null
+++ b/x-pack/packages/observability/observability_utils/observability_utils_browser/package.json
@@ -0,0 +1,6 @@
+{
+  "name": "@kbn/observability-utils-browser",
+  "private": true,
+  "version": "1.0.0",
+  "license": "Elastic License 2.0"
+}
diff --git a/x-pack/packages/observability/observability_utils/observability_utils_browser/tsconfig.json b/x-pack/packages/observability/observability_utils/observability_utils_browser/tsconfig.json
new file mode 100644
index 0000000000000..9cfa030bd901d
--- /dev/null
+++ b/x-pack/packages/observability/observability_utils/observability_utils_browser/tsconfig.json
@@ -0,0 +1,23 @@
+{
+  "extends": "../../../../../tsconfig.base.json",
+  "compilerOptions": {
+    "outDir": "target/types",
+    "types": [
+      "jest",
+      "node",
+      "react"
+    ]
+  },
+  "include": [
+    "**/*.ts",
+    "**/*.tsx",
+  ],
+  "exclude": [
+    "target/**/*"
+  ],
+  "kbn_references": [
+    "@kbn/data-plugin",
+    "@kbn/core-ui-settings-browser",
+    "@kbn/std",
+  ]
+}
diff --git a/x-pack/packages/observability/observability_utils/observability_utils_browser/utils/ui_settings/get_timezone.ts b/x-pack/packages/observability/observability_utils/observability_utils_browser/utils/ui_settings/get_timezone.ts
new file mode 100644
index 0000000000000..3ad5d17aa61bc
--- /dev/null
+++ b/x-pack/packages/observability/observability_utils/observability_utils_browser/utils/ui_settings/get_timezone.ts
@@ -0,0 +1,17 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import { UI_SETTINGS } from '@kbn/data-plugin/public';
+import { IUiSettingsClient } from '@kbn/core-ui-settings-browser';
+
+export function getTimeZone(uiSettings?: IUiSettingsClient) {
+  const kibanaTimeZone = uiSettings?.get<'Browser' | string>(UI_SETTINGS.DATEFORMAT_TZ);
+  if (!kibanaTimeZone || kibanaTimeZone === 'Browser') {
+    return 'local';
+  }
+
+  return kibanaTimeZone;
+}
diff --git a/x-pack/packages/observability/observability_utils/array/join_by_key.test.ts b/x-pack/packages/observability/observability_utils/observability_utils_common/array/join_by_key.test.ts
similarity index 84%
rename from x-pack/packages/observability/observability_utils/array/join_by_key.test.ts
rename to x-pack/packages/observability/observability_utils/observability_utils_common/array/join_by_key.test.ts
index 8e0fc6ad09479..bb1d5a2e2410e 100644
--- a/x-pack/packages/observability/observability_utils/array/join_by_key.test.ts
+++ b/x-pack/packages/observability/observability_utils/observability_utils_common/array/join_by_key.test.ts
@@ -221,4 +221,50 @@ describe('joinByKey', () => {
       },
     });
   });
+
+  it('deeply merges by unflatten keys', () => {
+    const joined = joinByKey(
+      [
+        {
+          service: {
+            name: 'opbeans-node',
+            metrics: {
+              cpu: 0.1,
+            },
+          },
+          properties: {
+            foo: 'bar',
+          },
+        },
+        {
+          service: {
+            environment: 'prod',
+            metrics: {
+              memory: 0.5,
+            },
+          },
+          properties: {
+            foo: 'bar',
+          },
+        },
+      ],
+      'properties.foo'
+    );
+
+    expect(joined).toEqual([
+      {
+        service: {
+          name: 'opbeans-node',
+          environment: 'prod',
+          metrics: {
+            cpu: 0.1,
+            memory: 0.5,
+          },
+        },
+        properties: {
+          foo: 'bar',
+        },
+      },
+    ]);
+  });
 });
diff --git a/x-pack/packages/observability/observability_utils/array/join_by_key.ts b/x-pack/packages/observability/observability_utils/observability_utils_common/array/join_by_key.ts
similarity index 73%
rename from x-pack/packages/observability/observability_utils/array/join_by_key.ts
rename to x-pack/packages/observability/observability_utils/observability_utils_common/array/join_by_key.ts
index 54e8ecdaf409b..93ec4261d04dc 100644
--- a/x-pack/packages/observability/observability_utils/array/join_by_key.ts
+++ b/x-pack/packages/observability/observability_utils/observability_utils_common/array/join_by_key.ts
@@ -18,18 +18,29 @@ export type JoinedReturnType<
   }
 >;
 
-type ArrayOrSingle<T> = T | T[];
+function getValueByPath(obj: any, path: string): any {
+  return path.split('.').reduce((acc, keyPart) => {
+    // Check if acc is a valid object and has the key
+    return acc && Object.prototype.hasOwnProperty.call(acc, keyPart) ? acc[keyPart] : undefined;
+  }, obj);
+}
 
+type NestedKeys<T> = T extends object
+  ? { [K in keyof T]: K extends string ? `${K}` | `${K}.${NestedKeys<T[K]>}` : never }[keyof T]
+  : never;
+
+type ArrayOrSingle<T> = T | T[];
+type CombinedNestedKeys<T, U> = (NestedKeys<T> & NestedKeys<U>) | (keyof T & keyof U);
 export function joinByKey<
   T extends Record<string, any>,
   U extends UnionToIntersection<T>,
-  V extends ArrayOrSingle<keyof T & keyof U>
+  V extends ArrayOrSingle<CombinedNestedKeys<T, U>>
 >(items: T[], key: V): JoinedReturnType<T, U>;
 
 export function joinByKey<
   T extends Record<string, any>,
   U extends UnionToIntersection<T>,
-  V extends ArrayOrSingle<keyof T & keyof U>,
+  V extends ArrayOrSingle<CombinedNestedKeys<T, U>>,
   W extends JoinedReturnType<T, U>,
   X extends (a: T, b: T) => ValuesType<W>
 >(items: T[], key: V, mergeFn: X): W;
@@ -45,7 +56,7 @@ export function joinByKey(
   items.forEach((current) => {
     // The key of the map is a stable JSON string of the values from given keys.
     // We need stable JSON string to support plain object values.
-    const stableKey = stableStringify(keys.map((k) => current[k]));
+    const stableKey = stableStringify(keys.map((k) => current[k] ?? getValueByPath(current, k)));
 
     if (map.has(stableKey)) {
       const item = map.get(stableKey);
diff --git a/x-pack/packages/observability/observability_utils/observability_utils_common/entities/get_entity_kuery.ts b/x-pack/packages/observability/observability_utils/observability_utils_common/entities/get_entity_kuery.ts
new file mode 100644
index 0000000000000..ba68e544379a4
--- /dev/null
+++ b/x-pack/packages/observability/observability_utils/observability_utils_common/entities/get_entity_kuery.ts
@@ -0,0 +1,14 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export function getEntityKuery(entity: Record<string, unknown>) {
+  return Object.entries(entity)
+    .map(([name, value]) => {
+      return `(${name}:"${value}")`;
+    })
+    .join(' AND ');
+}
diff --git a/x-pack/packages/observability/observability_utils/observability_utils_common/es/format_value_for_kql.ts b/x-pack/packages/observability/observability_utils/observability_utils_common/es/format_value_for_kql.ts
new file mode 100644
index 0000000000000..a0fb5c15fd03e
--- /dev/null
+++ b/x-pack/packages/observability/observability_utils/observability_utils_common/es/format_value_for_kql.ts
@@ -0,0 +1,10 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export function formatValueForKql(value: string) {
+  return `(${value.replaceAll(/((^|[^\\])):/g, '\\:')})`;
+}
diff --git a/x-pack/plugins/elastic_assistant/server/__mocks__/terms_search_query.ts b/x-pack/packages/observability/observability_utils/observability_utils_common/es/queries/entity_query.ts
similarity index 50%
rename from x-pack/plugins/elastic_assistant/server/__mocks__/terms_search_query.ts
rename to x-pack/packages/observability/observability_utils/observability_utils_common/es/queries/entity_query.ts
index c8af748516a1f..f2ae0991eecf4 100644
--- a/x-pack/plugins/elastic_assistant/server/__mocks__/terms_search_query.ts
+++ b/x-pack/packages/observability/observability_utils/observability_utils_common/es/queries/entity_query.ts
@@ -7,22 +7,18 @@
 
 import type { QueryDslQueryContainer } from '@elastic/elasticsearch/lib/api/types';
 
-/**
- * This Elasticsearch query DSL is a terms search for required `esql` KB docs
- */
-export const mockTermsSearchQuery: QueryDslQueryContainer = {
-  bool: {
-    must: [
-      {
-        term: {
-          'metadata.kbResource': 'esql',
-        },
-      },
-      {
-        term: {
-          'metadata.required': true,
-        },
+export function entityQuery(entity: Record<string, string>): QueryDslQueryContainer[] {
+  return [
+    {
+      bool: {
+        filter: Object.entries(entity).map(([field, value]) => {
+          return {
+            term: {
+              [field]: value,
+            },
+          };
+        }),
       },
-    ],
-  },
-};
+    },
+  ];
+}
diff --git a/x-pack/packages/observability/observability_utils/es/queries/exclude_frozen_query.ts b/x-pack/packages/observability/observability_utils/observability_utils_common/es/queries/exclude_frozen_query.ts
similarity index 100%
rename from x-pack/packages/observability/observability_utils/es/queries/exclude_frozen_query.ts
rename to x-pack/packages/observability/observability_utils/observability_utils_common/es/queries/exclude_frozen_query.ts
diff --git a/x-pack/packages/observability/observability_utils/es/queries/exclude_tiers_query.ts b/x-pack/packages/observability/observability_utils/observability_utils_common/es/queries/exclude_tiers_query.ts
similarity index 100%
rename from x-pack/packages/observability/observability_utils/es/queries/exclude_tiers_query.ts
rename to x-pack/packages/observability/observability_utils/observability_utils_common/es/queries/exclude_tiers_query.ts
diff --git a/x-pack/packages/observability/observability_utils/es/queries/kql_query.ts b/x-pack/packages/observability/observability_utils/observability_utils_common/es/queries/kql_query.ts
similarity index 100%
rename from x-pack/packages/observability/observability_utils/es/queries/kql_query.ts
rename to x-pack/packages/observability/observability_utils/observability_utils_common/es/queries/kql_query.ts
diff --git a/x-pack/packages/observability/observability_utils/es/queries/range_query.ts b/x-pack/packages/observability/observability_utils/observability_utils_common/es/queries/range_query.ts
similarity index 100%
rename from x-pack/packages/observability/observability_utils/es/queries/range_query.ts
rename to x-pack/packages/observability/observability_utils/observability_utils_common/es/queries/range_query.ts
diff --git a/x-pack/packages/observability/observability_utils/es/queries/term_query.ts b/x-pack/packages/observability/observability_utils/observability_utils_common/es/queries/term_query.ts
similarity index 100%
rename from x-pack/packages/observability/observability_utils/es/queries/term_query.ts
rename to x-pack/packages/observability/observability_utils/observability_utils_common/es/queries/term_query.ts
diff --git a/x-pack/packages/observability/observability_utils/observability_utils_common/format/integer.ts b/x-pack/packages/observability/observability_utils/observability_utils_common/format/integer.ts
new file mode 100644
index 0000000000000..7cf202fb8c811
--- /dev/null
+++ b/x-pack/packages/observability/observability_utils/observability_utils_common/format/integer.ts
@@ -0,0 +1,11 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import numeral from '@elastic/numeral';
+
+export function formatInteger(num: number) {
+  return numeral(num).format('0a');
+}
diff --git a/x-pack/packages/observability/observability_utils/jest.config.js b/x-pack/packages/observability/observability_utils/observability_utils_common/jest.config.js
similarity index 84%
rename from x-pack/packages/observability/observability_utils/jest.config.js
rename to x-pack/packages/observability/observability_utils/observability_utils_common/jest.config.js
index c9dff28ed6cec..ee68881a5863b 100644
--- a/x-pack/packages/observability/observability_utils/jest.config.js
+++ b/x-pack/packages/observability/observability_utils/observability_utils_common/jest.config.js
@@ -7,6 +7,6 @@
 
 module.exports = {
   preset: '@kbn/test',
-  rootDir: '../../../..',
-  roots: ['<rootDir>/x-pack/packages/observability/observability_utils'],
+  rootDir: '../../../../..',
+  roots: ['<rootDir>/x-pack/packages/observability/observability_utils/observability_utils_common'],
 };
diff --git a/x-pack/packages/observability/observability_utils/kibana.jsonc b/x-pack/packages/observability/observability_utils/observability_utils_common/kibana.jsonc
similarity index 61%
rename from x-pack/packages/observability/observability_utils/kibana.jsonc
rename to x-pack/packages/observability/observability_utils/observability_utils_common/kibana.jsonc
index 096b2565d533f..eb120052e5b0e 100644
--- a/x-pack/packages/observability/observability_utils/kibana.jsonc
+++ b/x-pack/packages/observability/observability_utils/observability_utils_common/kibana.jsonc
@@ -1,5 +1,5 @@
 {
   "type": "shared-common",
-  "id": "@kbn/observability-utils",
+  "id": "@kbn/observability-utils-common",
   "owner": "@elastic/observability-ui"
 }
diff --git a/x-pack/packages/observability/observability_utils/observability_utils_common/llm/log_analysis/document_analysis.ts b/x-pack/packages/observability/observability_utils/observability_utils_common/llm/log_analysis/document_analysis.ts
new file mode 100644
index 0000000000000..be896571ca217
--- /dev/null
+++ b/x-pack/packages/observability/observability_utils/observability_utils_common/llm/log_analysis/document_analysis.ts
@@ -0,0 +1,24 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export interface DocumentAnalysis {
+  total: number;
+  sampled: number;
+  fields: Array<{
+    name: string;
+    types: string[];
+    cardinality: number | null;
+    values: Array<string | number | boolean>;
+    empty: boolean;
+  }>;
+}
+
+export interface TruncatedDocumentAnalysis {
+  fields: string[];
+  total: number;
+  sampled: number;
+}
diff --git a/x-pack/packages/observability/observability_utils/observability_utils_common/llm/log_analysis/highlight_patterns_from_regex.ts b/x-pack/packages/observability/observability_utils/observability_utils_common/llm/log_analysis/highlight_patterns_from_regex.ts
new file mode 100644
index 0000000000000..11ab0c52f1795
--- /dev/null
+++ b/x-pack/packages/observability/observability_utils/observability_utils_common/llm/log_analysis/highlight_patterns_from_regex.ts
@@ -0,0 +1,51 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+function addCapturingGroupsToRegex(regex: string): string {
+  // Match all parts of the regex that are not special characters
+  // We treat constant parts as sequences of characters that are not part of regex syntax
+  return regex.replaceAll(/((?:\.\*\?)|(?:\.\+\?)|(?:\+\?))/g, (...args) => {
+    return `(${args[1]})`;
+  });
+}
+
+export function highlightPatternFromRegex(pattern: string, str: string): string {
+  // First, add non-capturing groups to the regex around constant parts
+  const updatedPattern = addCapturingGroupsToRegex(pattern);
+
+  const regex = new RegExp(updatedPattern, 'ds');
+
+  const matches = str.match(regex) as
+    | (RegExpMatchArray & { indices: Array<[number, number]> })
+    | null;
+
+  const slices: string[] = [];
+
+  matches?.forEach((_, index) => {
+    if (index === 0) {
+      return;
+    }
+
+    const [, prevEnd] = index > 1 ? matches?.indices[index - 1] : [undefined, undefined];
+    const [start, end] = matches?.indices[index];
+
+    const literalSlice = prevEnd !== undefined ? str.slice(prevEnd, start) : undefined;
+
+    if (literalSlice) {
+      slices.push(`<em>${literalSlice}</em>`);
+    }
+
+    const slice = str.slice(start, end);
+    slices.push(slice);
+
+    if (index === matches.length - 1) {
+      slices.push(str.slice(end));
+    }
+  });
+
+  return slices.join('');
+}
diff --git a/x-pack/packages/observability/observability_utils/observability_utils_common/llm/log_analysis/merge_sample_documents_with_field_caps.ts b/x-pack/packages/observability/observability_utils/observability_utils_common/llm/log_analysis/merge_sample_documents_with_field_caps.ts
new file mode 100644
index 0000000000000..58b6024aed046
--- /dev/null
+++ b/x-pack/packages/observability/observability_utils/observability_utils_common/llm/log_analysis/merge_sample_documents_with_field_caps.ts
@@ -0,0 +1,78 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { castArray, sortBy, uniq } from 'lodash';
+import type { DocumentAnalysis } from './document_analysis';
+
+export function mergeSampleDocumentsWithFieldCaps({
+  total,
+  samples,
+  fieldCaps,
+}: {
+  total: number;
+  samples: Array<Record<string, unknown | unknown[]>>;
+  fieldCaps: Array<{ name: string; esTypes?: string[] }>;
+}): DocumentAnalysis {
+  const nonEmptyFields = new Set<string>();
+  const fieldValues = new Map<string, Array<string | number | boolean>>();
+
+  for (const document of samples) {
+    Object.keys(document).forEach((field) => {
+      if (!nonEmptyFields.has(field)) {
+        nonEmptyFields.add(field);
+      }
+
+      const values = castArray(document[field]);
+
+      const currentFieldValues = fieldValues.get(field) ?? [];
+
+      values.forEach((value) => {
+        if (typeof value === 'string' || typeof value === 'number' || typeof value === 'boolean') {
+          currentFieldValues.push(value);
+        }
+      });
+
+      fieldValues.set(field, currentFieldValues);
+    });
+  }
+
+  const fields = fieldCaps.flatMap((spec) => {
+    const values = fieldValues.get(spec.name);
+
+    const countByValues = new Map<string | number | boolean, number>();
+
+    values?.forEach((value) => {
+      const currentCount = countByValues.get(value) ?? 0;
+      countByValues.set(value, currentCount + 1);
+    });
+
+    const sortedValues = sortBy(
+      Array.from(countByValues.entries()).map(([value, count]) => {
+        return {
+          value,
+          count,
+        };
+      }),
+      'count',
+      'desc'
+    );
+
+    return {
+      name: spec.name,
+      types: spec.esTypes ?? [],
+      empty: !nonEmptyFields.has(spec.name),
+      cardinality: countByValues.size || null,
+      values: uniq(sortedValues.flatMap(({ value }) => value)),
+    };
+  });
+
+  return {
+    total,
+    sampled: samples.length,
+    fields,
+  };
+}
diff --git a/x-pack/packages/observability/observability_utils/observability_utils_common/llm/log_analysis/sort_and_truncate_analyzed_fields.ts b/x-pack/packages/observability/observability_utils/observability_utils_common/llm/log_analysis/sort_and_truncate_analyzed_fields.ts
new file mode 100644
index 0000000000000..c9a3e6a156601
--- /dev/null
+++ b/x-pack/packages/observability/observability_utils/observability_utils_common/llm/log_analysis/sort_and_truncate_analyzed_fields.ts
@@ -0,0 +1,52 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { partition, shuffle } from 'lodash';
+import { truncateList } from '@kbn/inference-common';
+import type { DocumentAnalysis, TruncatedDocumentAnalysis } from './document_analysis';
+
+export function sortAndTruncateAnalyzedFields(
+  analysis: DocumentAnalysis
+): TruncatedDocumentAnalysis {
+  const { fields, ...meta } = analysis;
+  const [nonEmptyFields, emptyFields] = partition(analysis.fields, (field) => !field.empty);
+
+  const sortedFields = [...shuffle(nonEmptyFields), ...shuffle(emptyFields)];
+
+  return {
+    ...meta,
+    fields: truncateList(
+      sortedFields.map((field) => {
+        let label = `${field.name}:${field.types.join(',')}`;
+
+        if (field.empty) {
+          return `${name} (empty)`;
+        }
+
+        label += ` - ${field.cardinality} distinct values`;
+
+        if (field.name === '@timestamp' || field.name === 'event.ingested') {
+          return `${label}`;
+        }
+
+        const shortValues = field.values.filter((value) => {
+          return String(value).length <= 1024;
+        });
+
+        if (shortValues.length) {
+          return `${label} (${truncateList(
+            shortValues.map((value) => '`' + value + '`'),
+            field.types.includes('text') || field.types.includes('match_only_text') ? 2 : 10
+          ).join(', ')})`;
+        }
+
+        return label;
+      }),
+      500
+    ).sort(),
+  };
+}
diff --git a/x-pack/packages/observability/observability_utils/observability_utils_common/llm/short_id_table.test.ts b/x-pack/packages/observability/observability_utils/observability_utils_common/llm/short_id_table.test.ts
new file mode 100644
index 0000000000000..784cf67530652
--- /dev/null
+++ b/x-pack/packages/observability/observability_utils/observability_utils_common/llm/short_id_table.test.ts
@@ -0,0 +1,48 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import { ShortIdTable } from './short_id_table';
+
+describe('shortIdTable', () => {
+  it('generates at least 10k unique ids consistently', () => {
+    const ids = new Set();
+
+    const table = new ShortIdTable();
+
+    let i = 10_000;
+    while (i--) {
+      const id = table.take(String(i));
+      ids.add(id);
+    }
+
+    expect(ids.size).toBe(10_000);
+  });
+
+  it('returns the original id based on the generated id', () => {
+    const table = new ShortIdTable();
+
+    const idsByOriginal = new Map<string, string>();
+
+    let i = 100;
+    while (i--) {
+      const id = table.take(String(i));
+      idsByOriginal.set(String(i), id);
+    }
+
+    expect(idsByOriginal.size).toBe(100);
+
+    expect(() => {
+      Array.from(idsByOriginal.entries()).forEach(([originalId, shortId]) => {
+        const returnedOriginalId = table.lookup(shortId);
+        if (returnedOriginalId !== originalId) {
+          throw Error(
+            `Expected shortId ${shortId} to return ${originalId}, but ${returnedOriginalId} was returned instead`
+          );
+        }
+      });
+    }).not.toThrow();
+  });
+});
diff --git a/x-pack/packages/observability/observability_utils/observability_utils_common/llm/short_id_table.ts b/x-pack/packages/observability/observability_utils/observability_utils_common/llm/short_id_table.ts
new file mode 100644
index 0000000000000..30049452ddf51
--- /dev/null
+++ b/x-pack/packages/observability/observability_utils/observability_utils_common/llm/short_id_table.ts
@@ -0,0 +1,56 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+const ALPHABET = 'abcdefghijklmnopqrstuvwxyz';
+
+function generateShortId(size: number): string {
+  let id = '';
+  let i = size;
+  while (i--) {
+    const index = Math.floor(Math.random() * ALPHABET.length);
+    id += ALPHABET[index];
+  }
+  return id;
+}
+
+const MAX_ATTEMPTS_AT_LENGTH = 100;
+
+export class ShortIdTable {
+  private byShortId: Map<string, string> = new Map();
+  private byOriginalId: Map<string, string> = new Map();
+
+  constructor() {}
+
+  take(originalId: string) {
+    if (this.byOriginalId.has(originalId)) {
+      return this.byOriginalId.get(originalId)!;
+    }
+
+    let uniqueId: string | undefined;
+    let attemptsAtLength = 0;
+    let length = 4;
+    while (!uniqueId) {
+      const nextId = generateShortId(length);
+      attemptsAtLength++;
+      if (!this.byShortId.has(nextId)) {
+        uniqueId = nextId;
+      } else if (attemptsAtLength >= MAX_ATTEMPTS_AT_LENGTH) {
+        attemptsAtLength = 0;
+        length++;
+      }
+    }
+
+    this.byShortId.set(uniqueId, originalId);
+    this.byOriginalId.set(originalId, uniqueId);
+
+    return uniqueId;
+  }
+
+  lookup(shortId: string) {
+    return this.byShortId.get(shortId);
+  }
+}
diff --git a/x-pack/packages/observability/observability_utils/observability_utils_common/ml/p_value_to_label.ts b/x-pack/packages/observability/observability_utils/observability_utils_common/ml/p_value_to_label.ts
new file mode 100644
index 0000000000000..3f6e0836d129b
--- /dev/null
+++ b/x-pack/packages/observability/observability_utils/observability_utils_common/ml/p_value_to_label.ts
@@ -0,0 +1,19 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export const P_VALUE_SIGNIFICANCE_HIGH = 1e-6;
+export const P_VALUE_SIGNIFICANCE_MEDIUM = 0.001;
+
+export function pValueToLabel(pValue: number): 'high' | 'medium' | 'low' {
+  if (pValue <= P_VALUE_SIGNIFICANCE_HIGH) {
+    return 'high';
+  } else if (pValue <= P_VALUE_SIGNIFICANCE_MEDIUM) {
+    return 'medium';
+  } else {
+    return 'low';
+  }
+}
diff --git a/x-pack/packages/observability/observability_utils/object/flatten_object.test.ts b/x-pack/packages/observability/observability_utils/observability_utils_common/object/flatten_object.test.ts
similarity index 100%
rename from x-pack/packages/observability/observability_utils/object/flatten_object.test.ts
rename to x-pack/packages/observability/observability_utils/observability_utils_common/object/flatten_object.test.ts
diff --git a/x-pack/packages/observability/observability_utils/object/flatten_object.ts b/x-pack/packages/observability/observability_utils/observability_utils_common/object/flatten_object.ts
similarity index 100%
rename from x-pack/packages/observability/observability_utils/object/flatten_object.ts
rename to x-pack/packages/observability/observability_utils/observability_utils_common/object/flatten_object.ts
diff --git a/x-pack/packages/observability/observability_utils/object/merge_plain_object.test.ts b/x-pack/packages/observability/observability_utils/observability_utils_common/object/merge_plain_object.test.ts
similarity index 100%
rename from x-pack/packages/observability/observability_utils/object/merge_plain_object.test.ts
rename to x-pack/packages/observability/observability_utils/observability_utils_common/object/merge_plain_object.test.ts
diff --git a/x-pack/packages/observability/observability_utils/object/merge_plain_objects.ts b/x-pack/packages/observability/observability_utils/observability_utils_common/object/merge_plain_objects.ts
similarity index 100%
rename from x-pack/packages/observability/observability_utils/object/merge_plain_objects.ts
rename to x-pack/packages/observability/observability_utils/observability_utils_common/object/merge_plain_objects.ts
diff --git a/x-pack/packages/observability/observability_utils/object/unflatten_object.test.ts b/x-pack/packages/observability/observability_utils/observability_utils_common/object/unflatten_object.test.ts
similarity index 100%
rename from x-pack/packages/observability/observability_utils/object/unflatten_object.test.ts
rename to x-pack/packages/observability/observability_utils/observability_utils_common/object/unflatten_object.test.ts
diff --git a/x-pack/packages/observability/observability_utils/object/unflatten_object.ts b/x-pack/packages/observability/observability_utils/observability_utils_common/object/unflatten_object.ts
similarity index 99%
rename from x-pack/packages/observability/observability_utils/object/unflatten_object.ts
rename to x-pack/packages/observability/observability_utils/observability_utils_common/object/unflatten_object.ts
index 142ea2eea6461..83508d5d2dbf5 100644
--- a/x-pack/packages/observability/observability_utils/object/unflatten_object.ts
+++ b/x-pack/packages/observability/observability_utils/observability_utils_common/object/unflatten_object.ts
@@ -11,7 +11,6 @@ export function unflattenObject(source: Record<string, any>, target: Record<stri
   // eslint-disable-next-line guard-for-in
   for (const key in source) {
     const val = source[key as keyof typeof source];
-
     if (Array.isArray(val)) {
       const unflattenedArray = val.map((item) => {
         if (item && typeof item === 'object' && !Array.isArray(item)) {
diff --git a/x-pack/packages/observability/observability_utils/package.json b/x-pack/packages/observability/observability_utils/observability_utils_common/package.json
similarity index 62%
rename from x-pack/packages/observability/observability_utils/package.json
rename to x-pack/packages/observability/observability_utils/observability_utils_common/package.json
index 06f6e37858927..2f9be5f105279 100644
--- a/x-pack/packages/observability/observability_utils/package.json
+++ b/x-pack/packages/observability/observability_utils/observability_utils_common/package.json
@@ -1,6 +1,6 @@
 {
-  "name": "@kbn/observability-utils",
+  "name": "@kbn/observability-utils-common",
   "private": true,
   "version": "1.0.0",
   "license": "Elastic License 2.0"
-}
\ No newline at end of file
+}
diff --git a/x-pack/packages/observability/observability_utils/tsconfig.json b/x-pack/packages/observability/observability_utils/observability_utils_common/tsconfig.json
similarity index 70%
rename from x-pack/packages/observability/observability_utils/tsconfig.json
rename to x-pack/packages/observability/observability_utils/observability_utils_common/tsconfig.json
index b3f1a4a21c4e7..7954cdc946e9c 100644
--- a/x-pack/packages/observability/observability_utils/tsconfig.json
+++ b/x-pack/packages/observability/observability_utils/observability_utils_common/tsconfig.json
@@ -1,5 +1,5 @@
 {
-  "extends": "../../../../tsconfig.base.json",
+  "extends": "../../../../../tsconfig.base.json",
   "compilerOptions": {
     "outDir": "target/types",
     "types": [
@@ -16,11 +16,8 @@
     "target/**/*"
   ],
   "kbn_references": [
-    "@kbn/std",
-    "@kbn/core",
-    "@kbn/es-types",
-    "@kbn/apm-utils",
     "@kbn/es-query",
     "@kbn/safer-lodash-set",
+    "@kbn/inference-common",
   ]
 }
diff --git a/x-pack/packages/observability/observability_utils/observability_utils_server/entities/analyze_documents.ts b/x-pack/packages/observability/observability_utils/observability_utils_server/entities/analyze_documents.ts
new file mode 100644
index 0000000000000..0cc1374d8b1d8
--- /dev/null
+++ b/x-pack/packages/observability/observability_utils/observability_utils_server/entities/analyze_documents.ts
@@ -0,0 +1,84 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { mapValues } from 'lodash';
+import { mergeSampleDocumentsWithFieldCaps } from '@kbn/observability-utils-common/llm/log_analysis/merge_sample_documents_with_field_caps';
+import { DocumentAnalysis } from '@kbn/observability-utils-common/llm/log_analysis/document_analysis';
+import type { ObservabilityElasticsearchClient } from '../es/client/create_observability_es_client';
+import { kqlQuery } from '../es/queries/kql_query';
+import { rangeQuery } from '../es/queries/range_query';
+
+export async function analyzeDocuments({
+  esClient,
+  kuery,
+  start,
+  end,
+  index,
+}: {
+  esClient: ObservabilityElasticsearchClient;
+  kuery: string;
+  start: number;
+  end: number;
+  index: string | string[];
+}): Promise<DocumentAnalysis> {
+  const [fieldCaps, hits] = await Promise.all([
+    esClient.fieldCaps('get_field_caps_for_document_analysis', {
+      index,
+      fields: '*',
+      index_filter: {
+        bool: {
+          filter: rangeQuery(start, end),
+        },
+      },
+    }),
+    esClient
+      .search('get_document_samples', {
+        index,
+        size: 1000,
+        track_total_hits: true,
+        query: {
+          bool: {
+            must: [...kqlQuery(kuery), ...rangeQuery(start, end)],
+            should: [
+              {
+                function_score: {
+                  functions: [
+                    {
+                      random_score: {},
+                    },
+                  ],
+                },
+              },
+            ],
+          },
+        },
+        sort: {
+          _score: {
+            order: 'desc',
+          },
+        },
+        _source: false,
+        fields: ['*' as const],
+      })
+      .then((response) => ({
+        hits: response.hits.hits.map((hit) =>
+          mapValues(hit.fields!, (value) => (value.length === 1 ? value[0] : value))
+        ),
+        total: response.hits.total,
+      })),
+  ]);
+
+  const analysis = mergeSampleDocumentsWithFieldCaps({
+    samples: hits.hits,
+    total: hits.total.value,
+    fieldCaps: Object.entries(fieldCaps.fields).map(([name, specs]) => {
+      return { name, esTypes: Object.keys(specs) };
+    }),
+  });
+
+  return analysis;
+}
diff --git a/x-pack/packages/observability/observability_utils/observability_utils_server/entities/get_data_streams_for_entity.ts b/x-pack/packages/observability/observability_utils/observability_utils_server/entities/get_data_streams_for_entity.ts
new file mode 100644
index 0000000000000..43d9134c7aaf3
--- /dev/null
+++ b/x-pack/packages/observability/observability_utils/observability_utils_server/entities/get_data_streams_for_entity.ts
@@ -0,0 +1,63 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { compact, uniq } from 'lodash';
+import { ObservabilityElasticsearchClient } from '../es/client/create_observability_es_client';
+import { excludeFrozenQuery } from '../es/queries/exclude_frozen_query';
+import { kqlQuery } from '../es/queries/kql_query';
+
+export async function getDataStreamsForEntity({
+  esClient,
+  kuery,
+  index,
+}: {
+  esClient: ObservabilityElasticsearchClient;
+  kuery: string;
+  index: string | string[];
+}) {
+  const response = await esClient.search('get_data_streams_for_entity', {
+    track_total_hits: false,
+    index,
+    size: 0,
+    terminate_after: 1,
+    timeout: '1ms',
+    aggs: {
+      indices: {
+        terms: {
+          field: '_index',
+          size: 10000,
+        },
+      },
+    },
+    query: {
+      bool: {
+        filter: [...excludeFrozenQuery(), ...kqlQuery(kuery)],
+      },
+    },
+  });
+
+  const allIndices =
+    response.aggregations?.indices.buckets.map((bucket) => bucket.key as string) ?? [];
+
+  if (!allIndices.length) {
+    return {
+      dataStreams: [],
+    };
+  }
+
+  const resolveIndexResponse = await esClient.client.indices.resolveIndex({
+    name: allIndices,
+  });
+
+  const dataStreams = uniq(
+    compact(await resolveIndexResponse.indices.flatMap((idx) => idx.data_stream))
+  );
+
+  return {
+    dataStreams,
+  };
+}
diff --git a/x-pack/packages/observability/observability_utils/observability_utils_server/entities/signals/get_alerts_for_entity.ts b/x-pack/packages/observability/observability_utils/observability_utils_server/entities/signals/get_alerts_for_entity.ts
new file mode 100644
index 0000000000000..400aad8e94357
--- /dev/null
+++ b/x-pack/packages/observability/observability_utils/observability_utils_server/entities/signals/get_alerts_for_entity.ts
@@ -0,0 +1,57 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import { RulesClient } from '@kbn/alerting-plugin/server';
+import { AlertsClient } from '@kbn/rule-registry-plugin/server';
+import {
+  ALERT_GROUP_FIELD,
+  ALERT_GROUP_VALUE,
+  ALERT_STATUS,
+  ALERT_STATUS_ACTIVE,
+  ALERT_TIME_RANGE,
+} from '@kbn/rule-data-utils';
+import { kqlQuery } from '../../es/queries/kql_query';
+import { rangeQuery } from '../../es/queries/range_query';
+
+export async function getAlertsForEntity({
+  start,
+  end,
+  entity,
+  alertsClient,
+  rulesClient,
+  size,
+}: {
+  start: number;
+  end: number;
+  entity: Record<string, unknown>;
+  alertsClient: AlertsClient;
+  rulesClient: RulesClient;
+  size: number;
+}) {
+  const alertsKuery = Object.entries(entity)
+    .map(([field, value]) => {
+      return `(${[
+        `(${ALERT_GROUP_FIELD}:"${field}" AND ${ALERT_GROUP_VALUE}:"${value}")`,
+        `(${field}:"${value}")`,
+      ].join(' OR ')})`;
+    })
+    .join(' AND ');
+
+  const openAlerts = await alertsClient.find({
+    size,
+    query: {
+      bool: {
+        filter: [
+          ...kqlQuery(alertsKuery),
+          ...rangeQuery(start, end, ALERT_TIME_RANGE),
+          { term: { [ALERT_STATUS]: ALERT_STATUS_ACTIVE } },
+        ],
+      },
+    },
+  });
+
+  return openAlerts;
+}
diff --git a/x-pack/packages/observability/observability_utils/observability_utils_server/entities/signals/get_anomalies_for_entity.ts b/x-pack/packages/observability/observability_utils/observability_utils_server/entities/signals/get_anomalies_for_entity.ts
new file mode 100644
index 0000000000000..b8802ed3c9045
--- /dev/null
+++ b/x-pack/packages/observability/observability_utils/observability_utils_server/entities/signals/get_anomalies_for_entity.ts
@@ -0,0 +1,16 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export function getAnomaliesForEntity({
+  start,
+  end,
+  entity,
+}: {
+  start: number;
+  end: number;
+  entity: Record<string, unknown>;
+}) {}
diff --git a/x-pack/packages/observability/observability_utils/observability_utils_server/entities/signals/get_slos_for_entity.ts b/x-pack/packages/observability/observability_utils/observability_utils_server/entities/signals/get_slos_for_entity.ts
new file mode 100644
index 0000000000000..fc3a9d7b26d5c
--- /dev/null
+++ b/x-pack/packages/observability/observability_utils/observability_utils_server/entities/signals/get_slos_for_entity.ts
@@ -0,0 +1,80 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { ObservabilityElasticsearchClient } from '../../es/client/create_observability_es_client';
+import { kqlQuery } from '../../es/queries/kql_query';
+
+export async function getSlosForEntity({
+  start,
+  end,
+  entity,
+  esClient,
+  sloSummaryIndices,
+  size,
+  spaceId,
+}: {
+  start: number;
+  end: number;
+  entity: Record<string, unknown>;
+  esClient: ObservabilityElasticsearchClient;
+  sloSummaryIndices: string | string[];
+  size: number;
+  spaceId: string;
+}) {
+  const slosKuery = Object.entries(entity)
+    .map(([field, value]) => {
+      return `(slo.groupings.${field}:"${value}")`;
+    })
+    .join(' AND ');
+
+  const sloSummaryResponse = await esClient.search('get_slo_summaries_for_entity', {
+    index: sloSummaryIndices,
+    size,
+    track_total_hits: false,
+    query: {
+      bool: {
+        filter: [
+          ...kqlQuery(slosKuery),
+          {
+            range: {
+              'slo.createdAt': {
+                lte: end,
+              },
+            },
+          },
+          {
+            range: {
+              summaryUpdatedAt: {
+                gte: start,
+              },
+            },
+          },
+          {
+            term: {
+              spaceId,
+            },
+          },
+        ],
+      },
+    },
+  });
+
+  return {
+    ...sloSummaryResponse,
+    hits: {
+      ...sloSummaryResponse.hits,
+      hits: sloSummaryResponse.hits.hits.map((hit) => {
+        return {
+          ...hit,
+          _source: hit._source as Record<string, any> & {
+            status: 'VIOLATED' | 'DEGRADED' | 'HEALTHY' | 'NO_DATA';
+          },
+        };
+      }),
+    },
+  };
+}
diff --git a/x-pack/packages/observability/observability_utils/observability_utils_server/es/client/create_observability_es_client.ts b/x-pack/packages/observability/observability_utils/observability_utils_server/es/client/create_observability_es_client.ts
new file mode 100644
index 0000000000000..78ed20a582bc3
--- /dev/null
+++ b/x-pack/packages/observability/observability_utils/observability_utils_server/es/client/create_observability_es_client.ts
@@ -0,0 +1,157 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type {
+  EsqlQueryRequest,
+  FieldCapsRequest,
+  FieldCapsResponse,
+  MsearchRequest,
+  SearchResponse,
+} from '@elastic/elasticsearch/lib/api/types';
+import { withSpan } from '@kbn/apm-utils';
+import type { ElasticsearchClient, Logger } from '@kbn/core/server';
+import type { ESQLSearchResponse, ESSearchRequest, InferSearchResponseOf } from '@kbn/es-types';
+import { Required } from 'utility-types';
+import { esqlResultToPlainObjects } from '../esql_result_to_plain_objects';
+
+type SearchRequest = ESSearchRequest & {
+  index: string | string[];
+  track_total_hits: number | boolean;
+  size: number | boolean;
+};
+
+type EsqlQueryParameters = EsqlQueryRequest & { parseOutput?: boolean };
+type EsqlOutputParameters = Omit<EsqlQueryRequest, 'format' | 'columnar'> & {
+  parseOutput?: true;
+  format?: 'json';
+  columnar?: false;
+};
+
+type EsqlParameters = EsqlOutputParameters | EsqlQueryParameters;
+
+export type InferEsqlResponseOf<
+  TOutput = unknown,
+  TParameters extends EsqlParameters = EsqlParameters
+> = TParameters extends EsqlOutputParameters ? TOutput[] : ESQLSearchResponse;
+
+/**
+ * An Elasticsearch Client with a fully typed `search` method and built-in
+ * APM instrumentation.
+ */
+export interface ObservabilityElasticsearchClient {
+  search<TDocument = unknown, TSearchRequest extends SearchRequest = SearchRequest>(
+    operationName: string,
+    parameters: TSearchRequest
+  ): Promise<InferSearchResponseOf<TDocument, TSearchRequest, { restTotalHitsAsInt: false }>>;
+  msearch<TDocument = unknown>(
+    operationName: string,
+    parameters: MsearchRequest
+  ): Promise<{
+    responses: Array<SearchResponse<TDocument>>;
+  }>;
+  fieldCaps(
+    operationName: string,
+    request: Required<FieldCapsRequest, 'index_filter' | 'fields' | 'index'>
+  ): Promise<FieldCapsResponse>;
+  esql<TOutput = unknown, TQueryParams extends EsqlOutputParameters = EsqlOutputParameters>(
+    operationName: string,
+    parameters: TQueryParams
+  ): Promise<InferEsqlResponseOf<TOutput, TQueryParams>>;
+  esql<TOutput = unknown, TQueryParams extends EsqlQueryParameters = EsqlQueryParameters>(
+    operationName: string,
+    parameters: TQueryParams
+  ): Promise<InferEsqlResponseOf<TOutput, TQueryParams>>;
+  client: ElasticsearchClient;
+}
+
+export function createObservabilityEsClient({
+  client,
+  logger,
+  plugin,
+}: {
+  client: ElasticsearchClient;
+  logger: Logger;
+  plugin: string;
+}): ObservabilityElasticsearchClient {
+  // wraps the ES calls in a named APM span for better analysis
+  // (otherwise it would just eg be a _search span)
+  const callWithLogger = <T>(
+    operationName: string,
+    request: Record<string, any>,
+    callback: () => Promise<T>
+  ) => {
+    logger.debug(() => `Request (${operationName}):\n${JSON.stringify(request)}`);
+    return withSpan(
+      {
+        name: operationName,
+        labels: {
+          plugin,
+        },
+      },
+      callback,
+      logger
+    ).then((response) => {
+      logger.trace(() => `Response (${operationName}):\n${JSON.stringify(response, null, 2)}`);
+      return response;
+    });
+  };
+
+  return {
+    client,
+    fieldCaps(operationName, parameters) {
+      return callWithLogger(operationName, parameters, () => {
+        return client.fieldCaps({
+          ...parameters,
+        });
+      });
+    },
+    esql<TOutput = unknown, TSearchRequest extends EsqlParameters = EsqlParameters>(
+      operationName: string,
+      { parseOutput = true, format = 'json', columnar = false, ...parameters }: TSearchRequest
+    ) {
+      logger.trace(() => `Request (${operationName}):\n${JSON.stringify(parameters, null, 2)}`);
+      return withSpan({ name: operationName, labels: { plugin } }, () => {
+        return client.esql.query(
+          { ...parameters, format, columnar },
+          {
+            querystring: {
+              drop_null_columns: true,
+            },
+          }
+        );
+      })
+        .then((response) => {
+          logger.trace(() => `Response (${operationName}):\n${JSON.stringify(response, null, 2)}`);
+
+          const esqlResponse = response as unknown as ESQLSearchResponse;
+
+          const shouldParseOutput = parseOutput && !columnar && format === 'json';
+          return shouldParseOutput ? esqlResultToPlainObjects<TOutput>(esqlResponse) : esqlResponse;
+        })
+        .catch((error) => {
+          throw error;
+        });
+    },
+    search<TDocument = unknown, TSearchRequest extends SearchRequest = SearchRequest>(
+      operationName: string,
+      parameters: SearchRequest
+    ) {
+      return callWithLogger(operationName, parameters, () => {
+        return client.search<TDocument>(parameters) as unknown as Promise<
+          InferSearchResponseOf<TDocument, TSearchRequest, { restTotalHitsAsInt: false }>
+        >;
+      });
+    },
+    msearch<TDocument = unknown>(operationName: string, parameters: MsearchRequest) {
+      return callWithLogger(operationName, parameters, () => {
+        return client.msearch<TDocument>(parameters) as unknown as Promise<{
+          responses: Array<SearchResponse<TDocument>>;
+        }>;
+      });
+    },
+  };
+}
diff --git a/x-pack/packages/observability/observability_utils/es/utils/esql_result_to_plain_objects.test.ts b/x-pack/packages/observability/observability_utils/observability_utils_server/es/esql_result_to_plain_objects.test.ts
similarity index 100%
rename from x-pack/packages/observability/observability_utils/es/utils/esql_result_to_plain_objects.test.ts
rename to x-pack/packages/observability/observability_utils/observability_utils_server/es/esql_result_to_plain_objects.test.ts
diff --git a/x-pack/packages/observability/observability_utils/observability_utils_server/es/esql_result_to_plain_objects.ts b/x-pack/packages/observability/observability_utils/observability_utils_server/es/esql_result_to_plain_objects.ts
new file mode 100644
index 0000000000000..34781153532c5
--- /dev/null
+++ b/x-pack/packages/observability/observability_utils/observability_utils_server/es/esql_result_to_plain_objects.ts
@@ -0,0 +1,33 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { ESQLSearchResponse } from '@kbn/es-types';
+import { unflattenObject } from '@kbn/observability-utils-common/object/unflatten_object';
+
+export function esqlResultToPlainObjects<TDocument = unknown>(
+  result: ESQLSearchResponse
+): TDocument[] {
+  return result.values.map((row) => {
+    return unflattenObject(
+      row.reduce<Record<string, any>>((acc, value, index) => {
+        const column = result.columns[index];
+
+        if (!column) {
+          return acc;
+        }
+
+        // Removes the type suffix from the column name
+        const name = column.name.replace(/\.(text|keyword)$/, '');
+        if (!acc[name]) {
+          acc[name] = value;
+        }
+
+        return acc;
+      }, {})
+    ) as TDocument;
+  });
+}
diff --git a/x-pack/packages/observability/observability_utils/observability_utils_server/es/queries/exclude_frozen_query.ts b/x-pack/packages/observability/observability_utils/observability_utils_server/es/queries/exclude_frozen_query.ts
new file mode 100644
index 0000000000000..f348d925c41ca
--- /dev/null
+++ b/x-pack/packages/observability/observability_utils/observability_utils_server/es/queries/exclude_frozen_query.ts
@@ -0,0 +1,23 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import type { estypes } from '@elastic/elasticsearch';
+
+export function excludeFrozenQuery(): estypes.QueryDslQueryContainer[] {
+  return [
+    {
+      bool: {
+        must_not: [
+          {
+            term: {
+              _tier: 'data_frozen',
+            },
+          },
+        ],
+      },
+    },
+  ];
+}
diff --git a/x-pack/packages/observability/observability_utils/observability_utils_server/es/queries/kql_query.ts b/x-pack/packages/observability/observability_utils/observability_utils_server/es/queries/kql_query.ts
new file mode 100644
index 0000000000000..2f560157cc8c6
--- /dev/null
+++ b/x-pack/packages/observability/observability_utils/observability_utils_server/es/queries/kql_query.ts
@@ -0,0 +1,17 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import type { estypes } from '@elastic/elasticsearch';
+import { fromKueryExpression, toElasticsearchQuery } from '@kbn/es-query';
+
+export function kqlQuery(kql?: string): estypes.QueryDslQueryContainer[] {
+  if (!kql) {
+    return [];
+  }
+
+  const ast = fromKueryExpression(kql);
+  return [toElasticsearchQuery(ast)];
+}
diff --git a/x-pack/packages/observability/observability_utils/observability_utils_server/es/queries/range_query.ts b/x-pack/packages/observability/observability_utils/observability_utils_server/es/queries/range_query.ts
new file mode 100644
index 0000000000000..d73476354c377
--- /dev/null
+++ b/x-pack/packages/observability/observability_utils/observability_utils_server/es/queries/range_query.ts
@@ -0,0 +1,25 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import type { estypes } from '@elastic/elasticsearch';
+
+export function rangeQuery(
+  start?: number,
+  end?: number,
+  field = '@timestamp'
+): estypes.QueryDslQueryContainer[] {
+  return [
+    {
+      range: {
+        [field]: {
+          gte: start,
+          lte: end,
+          format: 'epoch_millis',
+        },
+      },
+    },
+  ];
+}
diff --git a/x-pack/packages/observability/observability_utils/observability_utils_server/es/queries/term_query.ts b/x-pack/packages/observability/observability_utils/observability_utils_server/es/queries/term_query.ts
new file mode 100644
index 0000000000000..dfaeb737bf8b7
--- /dev/null
+++ b/x-pack/packages/observability/observability_utils/observability_utils_server/es/queries/term_query.ts
@@ -0,0 +1,24 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { QueryDslQueryContainer } from '@elastic/elasticsearch/lib/api/types';
+
+interface TermQueryOpts {
+  queryEmptyString: boolean;
+}
+
+export function termQuery<T extends string>(
+  field: T,
+  value: string | boolean | number | undefined | null,
+  opts: TermQueryOpts = { queryEmptyString: true }
+): QueryDslQueryContainer[] {
+  if (value === null || value === undefined || (!opts.queryEmptyString && value === '')) {
+    return [];
+  }
+
+  return [{ term: { [field]: value } }];
+}
diff --git a/x-pack/packages/observability/observability_utils/observability_utils_server/jest.config.js b/x-pack/packages/observability/observability_utils/observability_utils_server/jest.config.js
new file mode 100644
index 0000000000000..5a52de35fcd06
--- /dev/null
+++ b/x-pack/packages/observability/observability_utils/observability_utils_server/jest.config.js
@@ -0,0 +1,12 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+module.exports = {
+  preset: '@kbn/test',
+  rootDir: '../../../../..',
+  roots: ['<rootDir>/x-pack/packages/observability/observability_utils/observability_utils_server'],
+};
diff --git a/x-pack/packages/observability/observability_utils/observability_utils_server/kibana.jsonc b/x-pack/packages/observability/observability_utils/observability_utils_server/kibana.jsonc
new file mode 100644
index 0000000000000..4c2f20ef1491f
--- /dev/null
+++ b/x-pack/packages/observability/observability_utils/observability_utils_server/kibana.jsonc
@@ -0,0 +1,5 @@
+{
+  "type": "shared-server",
+  "id": "@kbn/observability-utils-server",
+  "owner": "@elastic/observability-ui"
+}
diff --git a/x-pack/packages/observability/observability_utils/observability_utils_server/package.json b/x-pack/packages/observability/observability_utils/observability_utils_server/package.json
new file mode 100644
index 0000000000000..43abbbb757fea
--- /dev/null
+++ b/x-pack/packages/observability/observability_utils/observability_utils_server/package.json
@@ -0,0 +1,6 @@
+{
+  "name": "@kbn/observability-utils-server",
+  "private": true,
+  "version": "1.0.0",
+  "license": "Elastic License 2.0"
+}
diff --git a/x-pack/packages/observability/observability_utils/observability_utils_server/tsconfig.json b/x-pack/packages/observability/observability_utils/observability_utils_server/tsconfig.json
new file mode 100644
index 0000000000000..f51d93089c627
--- /dev/null
+++ b/x-pack/packages/observability/observability_utils/observability_utils_server/tsconfig.json
@@ -0,0 +1,28 @@
+{
+  "extends": "../../../../../tsconfig.base.json",
+  "compilerOptions": {
+    "outDir": "target/types",
+    "types": [
+      "jest",
+      "node",
+      "react"
+    ]
+  },
+  "include": [
+    "**/*.ts",
+    "**/*.tsx",
+  ],
+  "exclude": [
+    "target/**/*"
+  ],
+  "kbn_references": [
+    "@kbn/core",
+    "@kbn/es-types",
+    "@kbn/apm-utils",
+    "@kbn/es-query",
+    "@kbn/observability-utils-common",
+    "@kbn/alerting-plugin",
+    "@kbn/rule-registry-plugin",
+    "@kbn/rule-data-utils",
+  ]
+}
diff --git a/x-pack/packages/security-solution/features/src/assistant/kibana_sub_features.ts b/x-pack/packages/security-solution/features/src/assistant/kibana_sub_features.ts
index dbf9505193ecf..f542933f13b0c 100644
--- a/x-pack/packages/security-solution/features/src/assistant/kibana_sub_features.ts
+++ b/x-pack/packages/security-solution/features/src/assistant/kibana_sub_features.ts
@@ -107,6 +107,7 @@ export const getAssistantSubFeaturesMap = (
 ): Map<AssistantSubFeatureId, SubFeatureConfig> => {
   const assistantSubFeaturesList: Array<[AssistantSubFeatureId, SubFeatureConfig]> = [
     [AssistantSubFeatureId.updateAnonymization, updateAnonymizationSubFeature],
+    [AssistantSubFeatureId.manageGlobalKnowledgeBase, manageGlobalKnowledgeBaseSubFeature],
   ];
 
   // Use the following code to add feature based on feature flag
@@ -114,13 +115,6 @@ export const getAssistantSubFeaturesMap = (
   //   assistantSubFeaturesList.push([AssistantSubFeatureId.featureId, featureSubFeature]);
   // }
 
-  if (experimentalFeatures.assistantKnowledgeBaseByDefault) {
-    assistantSubFeaturesList.push([
-      AssistantSubFeatureId.manageGlobalKnowledgeBase,
-      manageGlobalKnowledgeBaseSubFeature,
-    ]);
-  }
-
   const assistantSubFeaturesMap = new Map<AssistantSubFeatureId, SubFeatureConfig>(
     assistantSubFeaturesList
   );
diff --git a/x-pack/plugins/actions/docs/openapi/components/schemas/connector_types.yaml b/x-pack/plugins/actions/docs/openapi/components/schemas/connector_types.yaml
index 1db9e155f2eec..db6262f04c010 100644
--- a/x-pack/plugins/actions/docs/openapi/components/schemas/connector_types.yaml
+++ b/x-pack/plugins/actions/docs/openapi/components/schemas/connector_types.yaml
@@ -4,7 +4,6 @@ description: The type of connector. For example, `.email`, `.index`, `.jira`, `.
 enum:
   - .bedrock
   - .gemini
-  - .inference
   - .cases-webhook
   - .d3security
   - .email
diff --git a/x-pack/plugins/aiops/public/cases/log_pattern_attachment.tsx b/x-pack/plugins/aiops/public/cases/log_pattern_attachment.tsx
new file mode 100644
index 0000000000000..33a64d26d38ff
--- /dev/null
+++ b/x-pack/plugins/aiops/public/cases/log_pattern_attachment.tsx
@@ -0,0 +1,61 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { FieldFormatsStart } from '@kbn/field-formats-plugin/public';
+import { memoize } from 'lodash';
+import React from 'react';
+import type { PersistableStateAttachmentViewProps } from '@kbn/cases-plugin/public/client/attachment_framework/types';
+import { FIELD_FORMAT_IDS } from '@kbn/field-formats-plugin/common';
+import { FormattedMessage } from '@kbn/i18n-react';
+import { EuiDescriptionList } from '@elastic/eui';
+import deepEqual from 'fast-deep-equal';
+import type {
+  PatternAnalysisProps,
+  PatternAnalysisSharedComponent,
+} from '../shared_components/pattern_analysis';
+
+export const initComponent = memoize(
+  (fieldFormats: FieldFormatsStart, PatternAnalysisComponent: PatternAnalysisSharedComponent) => {
+    return React.memo(
+      (props: PersistableStateAttachmentViewProps) => {
+        const { persistableStateAttachmentState } = props;
+
+        const dataFormatter = fieldFormats.deserialize({
+          id: FIELD_FORMAT_IDS.DATE,
+        });
+
+        const inputProps = persistableStateAttachmentState as unknown as PatternAnalysisProps;
+
+        const listItems = [
+          {
+            title: (
+              <FormattedMessage
+                id="xpack.aiops.logPatternAnalysis.cases.timeRangeLabel"
+                defaultMessage="Time range"
+              />
+            ),
+            description: `${dataFormatter.convert(
+              inputProps.timeRange.from
+            )} - ${dataFormatter.convert(inputProps.timeRange.to)}`,
+          },
+        ];
+
+        return (
+          <>
+            <EuiDescriptionList compressed type={'inline'} listItems={listItems} />
+            <PatternAnalysisComponent {...inputProps} embeddingOrigin={'cases'} />
+          </>
+        );
+      },
+      (prevProps, nextProps) =>
+        deepEqual(
+          prevProps.persistableStateAttachmentState,
+          nextProps.persistableStateAttachmentState
+        )
+    );
+  }
+);
diff --git a/x-pack/plugins/aiops/public/cases/register_change_point_charts_attachment.tsx b/x-pack/plugins/aiops/public/cases/register_cases.tsx
similarity index 59%
rename from x-pack/plugins/aiops/public/cases/register_change_point_charts_attachment.tsx
rename to x-pack/plugins/aiops/public/cases/register_cases.tsx
index 4dc364836d185..b3b6efaf16d28 100644
--- a/x-pack/plugins/aiops/public/cases/register_change_point_charts_attachment.tsx
+++ b/x-pack/plugins/aiops/public/cases/register_cases.tsx
@@ -11,10 +11,14 @@ import { FormattedMessage } from '@kbn/i18n-react';
 import type { CasesPublicSetup } from '@kbn/cases-plugin/public';
 import type { CoreStart } from '@kbn/core/public';
 import { CASES_ATTACHMENT_CHANGE_POINT_CHART } from '@kbn/aiops-change-point-detection/constants';
-import { getChangePointDetectionComponent } from '../shared_components';
+import { CASES_ATTACHMENT_LOG_PATTERN } from '@kbn/aiops-log-pattern-analysis/constants';
+import {
+  getChangePointDetectionComponent,
+  getPatternAnalysisComponent,
+} from '../shared_components';
 import type { AiopsPluginStartDeps } from '../types';
 
-export function registerChangePointChartsAttachment(
+export function registerCases(
   cases: CasesPublicSetup,
   coreStart: CoreStart,
   pluginStart: AiopsPluginStartDeps
@@ -44,4 +48,28 @@ export function registerChangePointChartsAttachment(
       }),
     }),
   });
+
+  const LogPatternAttachmentComponent = getPatternAnalysisComponent(coreStart, pluginStart);
+
+  cases.attachmentFramework.registerPersistableState({
+    id: CASES_ATTACHMENT_LOG_PATTERN,
+    icon: 'machineLearningApp',
+    displayName: i18n.translate('xpack.aiops.logPatternAnalysis.cases.attachmentName', {
+      defaultMessage: 'Log pattern analysis',
+    }),
+    getAttachmentViewObject: () => ({
+      event: (
+        <FormattedMessage
+          id="xpack.aiops.logPatternAnalysis.cases.attachmentEvent"
+          defaultMessage="added log pattern analysis"
+        />
+      ),
+      timelineAvatar: 'machineLearningApp',
+      children: React.lazy(async () => {
+        const { initComponent } = await import('./log_pattern_attachment');
+
+        return { default: initComponent(pluginStart.fieldFormats, LogPatternAttachmentComponent) };
+      }),
+    }),
+  });
 }
diff --git a/x-pack/plugins/aiops/public/components/change_point_detection/fields_config.tsx b/x-pack/plugins/aiops/public/components/change_point_detection/fields_config.tsx
index f967fffd45647..90d356809acf5 100644
--- a/x-pack/plugins/aiops/public/components/change_point_detection/fields_config.tsx
+++ b/x-pack/plugins/aiops/public/components/change_point_detection/fields_config.tsx
@@ -400,7 +400,7 @@ const FieldPanel: FC<FieldPanelProps> = ({
         content: (
           <EuiPanel paddingSize={'s'}>
             <EuiSpacer size={'s'} />
-            <EuiForm data-test-subj="aiopsChangePointDetectionCasedAttachmentForm">
+            <EuiForm data-test-subj="aiopsChangePointDetectionCaseAttachmentForm">
               <ViewTypeSelector
                 value={caseAttachment.viewType}
                 onChange={(v) => {
diff --git a/x-pack/plugins/aiops/public/components/log_categorization/attachments_menu.tsx b/x-pack/plugins/aiops/public/components/log_categorization/attachments_menu.tsx
new file mode 100644
index 0000000000000..37d0a828aa607
--- /dev/null
+++ b/x-pack/plugins/aiops/public/components/log_categorization/attachments_menu.tsx
@@ -0,0 +1,243 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { EuiContextMenuProps } from '@elastic/eui';
+import {
+  EuiButton,
+  EuiButtonIcon,
+  EuiContextMenu,
+  EuiFlexItem,
+  EuiForm,
+  EuiFormRow,
+  EuiPanel,
+  EuiPopover,
+  EuiSpacer,
+  EuiSwitch,
+} from '@elastic/eui';
+import { i18n } from '@kbn/i18n';
+import { FormattedMessage } from '@kbn/i18n-react';
+import type { SaveModalDashboardProps } from '@kbn/presentation-util-plugin/public';
+import {
+  LazySavedObjectSaveModalDashboard,
+  withSuspense,
+} from '@kbn/presentation-util-plugin/public';
+import React, { useCallback, useState } from 'react';
+import { useMemo } from 'react';
+import type { DataView } from '@kbn/data-views-plugin/common';
+import { EMBEDDABLE_PATTERN_ANALYSIS_TYPE } from '@kbn/aiops-log-pattern-analysis/constants';
+import { useTimeRangeUpdates } from '@kbn/ml-date-picker';
+import type { PatternAnalysisEmbeddableState } from '../../embeddables/pattern_analysis/types';
+import type { RandomSamplerOption, RandomSamplerProbability } from './sampling_menu/random_sampler';
+import { useCasesModal } from '../../hooks/use_cases_modal';
+import { useAiopsAppContext } from '../../hooks/use_aiops_app_context';
+
+const SavedObjectSaveModalDashboard = withSuspense(LazySavedObjectSaveModalDashboard);
+
+interface AttachmentsMenuProps {
+  randomSamplerMode: RandomSamplerOption;
+  randomSamplerProbability: RandomSamplerProbability;
+  dataView: DataView;
+  selectedField?: string;
+}
+
+export const AttachmentsMenu = ({
+  randomSamplerMode,
+  randomSamplerProbability,
+  dataView,
+  selectedField,
+}: AttachmentsMenuProps) => {
+  const {
+    application: { capabilities },
+    cases,
+    embeddable,
+  } = useAiopsAppContext();
+
+  const [applyTimeRange, setApplyTimeRange] = useState(false);
+
+  const [dashboardAttachmentReady, setDashboardAttachmentReady] = useState(false);
+  const [isActionMenuOpen, setIsActionMenuOpen] = useState(false);
+
+  const { create: canCreateCase, update: canUpdateCase } = cases?.helpers?.canUseCases() ?? {
+    create: false,
+    update: false,
+  };
+
+  const openCasesModalCallback = useCasesModal(EMBEDDABLE_PATTERN_ANALYSIS_TYPE);
+
+  const timeRange = useTimeRangeUpdates();
+
+  const canEditDashboards = capabilities.dashboard.createNew;
+
+  const onSave: SaveModalDashboardProps['onSave'] = useCallback(
+    ({ dashboardId, newTitle, newDescription }) => {
+      const stateTransfer = embeddable!.getStateTransfer();
+
+      const embeddableInput: Partial<PatternAnalysisEmbeddableState> = {
+        title: newTitle,
+        description: newDescription,
+        dataViewId: dataView.id,
+        fieldName: selectedField,
+        randomSamplerMode,
+        randomSamplerProbability,
+        minimumTimeRangeOption: 'No minimum',
+        ...(applyTimeRange && { timeRange }),
+      };
+
+      const state = {
+        input: embeddableInput,
+        type: EMBEDDABLE_PATTERN_ANALYSIS_TYPE,
+      };
+
+      const path = dashboardId === 'new' ? '#/create' : `#/view/${dashboardId}`;
+
+      stateTransfer.navigateToWithEmbeddablePackage('dashboards', {
+        state,
+        path,
+      });
+    },
+    [
+      embeddable,
+      dataView.id,
+      selectedField,
+      randomSamplerMode,
+      randomSamplerProbability,
+      applyTimeRange,
+      timeRange,
+    ]
+  );
+
+  const panels = useMemo<EuiContextMenuProps['panels']>(() => {
+    return [
+      {
+        id: 'attachMainPanel',
+        size: 's',
+        items: [
+          ...(canEditDashboards
+            ? [
+                {
+                  name: i18n.translate('xpack.aiops.logCategorization.addToDashboardTitle', {
+                    defaultMessage: 'Add to dashboard',
+                  }),
+                  panel: 'attachToDashboardPanel',
+                  'data-test-subj': 'aiopsLogPatternAnalysisAttachToDashboardButton',
+                },
+              ]
+            : []),
+          ...(canUpdateCase || canCreateCase
+            ? [
+                {
+                  name: i18n.translate('xpack.aiops.logCategorization.attachToCaseLabel', {
+                    defaultMessage: 'Add to case',
+                  }),
+                  'data-test-subj': 'aiopsLogPatternAnalysisAttachToCaseButton',
+                  onClick: () => {
+                    setIsActionMenuOpen(false);
+                    openCasesModalCallback({
+                      dataViewId: dataView.id,
+                      fieldName: selectedField,
+                      minimumTimeRangeOption: 'No minimum',
+                      randomSamplerMode,
+                      randomSamplerProbability,
+                      timeRange,
+                    });
+                  },
+                },
+              ]
+            : []),
+        ],
+      },
+      {
+        id: 'attachToDashboardPanel',
+        size: 's',
+        title: i18n.translate('xpack.aiops.logCategorization.addToDashboardTitle', {
+          defaultMessage: 'Add to dashboard',
+        }),
+        content: (
+          <EuiPanel paddingSize="s">
+            <EuiSpacer size="s" />
+            <EuiForm>
+              <EuiFormRow>
+                <EuiSwitch
+                  label={i18n.translate('xpack.aiops.logCategorization.applyTimeRangeLabel', {
+                    defaultMessage: 'Apply time range',
+                  })}
+                  checked={applyTimeRange}
+                  onChange={(e) => setApplyTimeRange(e.target.checked)}
+                />
+              </EuiFormRow>
+              <EuiSpacer size="m" />
+              <EuiButton
+                size="s"
+                data-test-subj="aiopsLogPatternAnalysisAttachToDashboardSubmitButton"
+                fill
+                fullWidth
+                type={'submit'}
+                onClick={() => {
+                  setIsActionMenuOpen(false);
+                  setDashboardAttachmentReady(true);
+                }}
+              >
+                <FormattedMessage
+                  id="xpack.aiops.logCategorization.attachToDashboardSubmitButtonLabel"
+                  defaultMessage="Attach"
+                />
+              </EuiButton>
+            </EuiForm>
+          </EuiPanel>
+        ),
+      },
+    ];
+  }, [
+    canEditDashboards,
+    canUpdateCase,
+    canCreateCase,
+    applyTimeRange,
+    openCasesModalCallback,
+    dataView.id,
+    selectedField,
+    randomSamplerMode,
+    randomSamplerProbability,
+    timeRange,
+  ]);
+
+  return (
+    <EuiFlexItem>
+      <EuiPopover
+        button={
+          <EuiButtonIcon
+            data-test-subj="aiopsLogPatternAnalysisAttachmentsMenuButton"
+            aria-label={i18n.translate('xpack.aiops.logCategorization.attachmentsMenuAriaLabel', {
+              defaultMessage: 'Attachments',
+            })}
+            iconType="boxesHorizontal"
+            color="text"
+            onClick={() => setIsActionMenuOpen(!isActionMenuOpen)}
+          />
+        }
+        isOpen={isActionMenuOpen}
+        closePopover={() => setIsActionMenuOpen(false)}
+        panelPaddingSize="none"
+        anchorPosition="downRight"
+      >
+        <EuiContextMenu panels={panels} initialPanelId="attachMainPanel" />
+      </EuiPopover>
+      {dashboardAttachmentReady ? (
+        <SavedObjectSaveModalDashboard
+          canSaveByReference={false}
+          objectType={i18n.translate('xpack.aiops.logCategorization.objectTypeLabel', {
+            defaultMessage: 'Log pattern analysis',
+          })}
+          documentInfo={{
+            title: 'Log pattern analysis',
+          }}
+          onClose={() => setDashboardAttachmentReady(false)}
+          onSave={onSave}
+        />
+      ) : null}
+    </EuiFlexItem>
+  );
+};
diff --git a/x-pack/plugins/aiops/public/components/log_categorization/loading_categorization.tsx b/x-pack/plugins/aiops/public/components/log_categorization/loading_categorization.tsx
index 1d98325f2d987..17eac431dfba2 100644
--- a/x-pack/plugins/aiops/public/components/log_categorization/loading_categorization.tsx
+++ b/x-pack/plugins/aiops/public/components/log_categorization/loading_categorization.tsx
@@ -19,7 +19,7 @@ import {
 import { FormattedMessage } from '@kbn/i18n-react';
 
 interface Props {
-  onCancel: () => void;
+  onCancel?: () => void;
 }
 
 export const LoadingCategorization: FC<Props> = ({ onCancel }) => (
@@ -46,7 +46,8 @@ export const LoadingCategorization: FC<Props> = ({ onCancel }) => (
               <EuiFlexItem grow={false} css={{ textAlign: 'center' }}>
                 <EuiButton
                   data-test-subj="aiopsLoadingCategorizationCancelButton"
-                  onClick={() => onCancel()}
+                  onClick={onCancel}
+                  disabled={!onCancel}
                 >
                   Cancel
                 </EuiButton>
diff --git a/x-pack/plugins/aiops/public/components/log_categorization/log_categorization_app_state.tsx b/x-pack/plugins/aiops/public/components/log_categorization/log_categorization_app_state.tsx
index 85e81ec0f2996..073316455cb53 100644
--- a/x-pack/plugins/aiops/public/components/log_categorization/log_categorization_app_state.tsx
+++ b/x-pack/plugins/aiops/public/components/log_categorization/log_categorization_app_state.tsx
@@ -60,17 +60,22 @@ export const LogCategorizationAppState: FC<LogCategorizationAppStateProps> = ({
     showFrozenDataTierChoice,
   };
 
+  const CasesContext = appContextValue.cases?.ui.getCasesContext() ?? React.Fragment;
+  const casesPermissions = appContextValue.cases?.helpers.canUseCases();
+
   return (
     <AiopsAppContext.Provider value={appContextValue}>
-      <UrlStateProvider>
-        <DataSourceContext.Provider value={{ dataView, savedSearch }}>
-          <StorageContextProvider storage={localStorage} storageKeys={AIOPS_STORAGE_KEYS}>
-            <DatePickerContextProvider {...datePickerDeps}>
-              <LogCategorizationPage />
-            </DatePickerContextProvider>
-          </StorageContextProvider>
-        </DataSourceContext.Provider>
-      </UrlStateProvider>
+      <CasesContext owner={[]} permissions={casesPermissions!}>
+        <UrlStateProvider>
+          <DataSourceContext.Provider value={{ dataView, savedSearch }}>
+            <StorageContextProvider storage={localStorage} storageKeys={AIOPS_STORAGE_KEYS}>
+              <DatePickerContextProvider {...datePickerDeps}>
+                <LogCategorizationPage />
+              </DatePickerContextProvider>
+            </StorageContextProvider>
+          </DataSourceContext.Provider>
+        </UrlStateProvider>
+      </CasesContext>
     </AiopsAppContext.Provider>
   );
 };
diff --git a/x-pack/plugins/aiops/public/components/log_categorization/log_categorization_for_embeddable/log_categorization_for_embeddable.tsx b/x-pack/plugins/aiops/public/components/log_categorization/log_categorization_for_embeddable/log_categorization_for_embeddable.tsx
index 5ca3cd947f7fe..fde191c42aa3e 100644
--- a/x-pack/plugins/aiops/public/components/log_categorization/log_categorization_for_embeddable/log_categorization_for_embeddable.tsx
+++ b/x-pack/plugins/aiops/public/components/log_categorization/log_categorization_for_embeddable/log_categorization_for_embeddable.tsx
@@ -18,7 +18,7 @@ import type { Category } from '@kbn/aiops-log-pattern-analysis/types';
 import type { CategorizationAdditionalFilter } from '@kbn/aiops-log-pattern-analysis/create_category_request';
 import type { EmbeddablePatternAnalysisInput } from '@kbn/aiops-log-pattern-analysis/embeddable';
 import { useTableState } from '@kbn/ml-in-memory-table/hooks/use_table_state';
-import { AIOPS_ANALYSIS_RUN_ORIGIN } from '@kbn/aiops-common/constants';
+import { AIOPS_ANALYSIS_RUN_ORIGIN, AIOPS_EMBEDDABLE_ORIGIN } from '@kbn/aiops-common/constants';
 import datemath from '@elastic/datemath';
 import useMountedState from 'react-use/lib/useMountedState';
 import { getEsQueryConfig } from '@kbn/data-service';
@@ -354,12 +354,19 @@ export const LogCategorizationEmbeddable: FC<LogCategorizationEmbeddableProps> =
     [lastReloadRequestTime]
   );
 
-  const actions = [...getActions(false), ...getActions(true)];
+  const isCasesEmbeddable = embeddingOrigin === AIOPS_EMBEDDABLE_ORIGIN.CASES;
+
+  // When in cases, we can only show the "Filter for pattern in Discover" actions as Cases does not have full filter management.
+  const actions = isCasesEmbeddable
+    ? getActions(true)
+    : [...getActions(false), ...getActions(true)];
 
   return (
     <>
       <FieldValidationCallout validationResults={fieldValidationResult} />
-      {(loading ?? true) === true ? <LoadingCategorization onCancel={cancelRequest} /> : null}
+      {(loading ?? true) === true ? (
+        <LoadingCategorization {...(!isCasesEmbeddable ? { onCancel: cancelRequest } : {})} />
+      ) : null}
 
       <InformationText
         loading={loading ?? true}
diff --git a/x-pack/plugins/aiops/public/components/log_categorization/log_categorization_page.tsx b/x-pack/plugins/aiops/public/components/log_categorization/log_categorization_page.tsx
index 4c31f4df1e044..9bebf4d9b731a 100644
--- a/x-pack/plugins/aiops/public/components/log_categorization/log_categorization_page.tsx
+++ b/x-pack/plugins/aiops/public/components/log_categorization/log_categorization_page.tsx
@@ -55,6 +55,7 @@ import { FieldValidationCallout } from './category_validation_callout';
 import { createDocumentStatsHash } from './utils';
 import { TableHeader } from './category_table/table_header';
 import { useActions } from './category_table/use_actions';
+import { AttachmentsMenu } from './attachments_menu';
 
 const BAR_TARGET = 20;
 const DEFAULT_SELECTED_FIELD = 'message';
@@ -334,6 +335,13 @@ export const LogCategorizationPage: FC = () => {
 
   const actions = getActions(true);
 
+  const attachmentsMenuProps = {
+    dataView,
+    selectedField,
+    randomSamplerMode: randomSampler.getMode(),
+    randomSamplerProbability: randomSampler.getProbability(),
+  };
+
   return (
     <EuiPageBody data-test-subj="aiopsLogPatternAnalysisPage" paddingSize="none" panelled={false}>
       <PageHeader />
@@ -390,9 +398,14 @@ export const LogCategorizationPage: FC = () => {
           )}
         </EuiFlexItem>
         <EuiFlexItem />
-        <EuiFlexItem grow={false} css={{ marginTop: 'auto' }}>
-          <SamplingMenu randomSampler={randomSampler} reload={() => loadCategories()} />
-        </EuiFlexItem>
+        <EuiFlexGroup css={{ marginTop: 'auto' }} alignItems="center" justifyContent="flexEnd">
+          <EuiFlexItem grow={false}>
+            <SamplingMenu randomSampler={randomSampler} reload={() => loadCategories()} />
+          </EuiFlexItem>
+          <EuiFlexItem grow={false}>
+            <AttachmentsMenu {...attachmentsMenuProps} />
+          </EuiFlexItem>
+        </EuiFlexGroup>
       </EuiFlexGroup>
 
       {eventRate.length ? (
diff --git a/x-pack/plugins/aiops/public/components/log_rate_analysis_results_table/use_view_in_log_pattern_analysis_action.tsx b/x-pack/plugins/aiops/public/components/log_rate_analysis_results_table/use_view_in_log_pattern_analysis_action.tsx
index ec1f6774b6b46..d92ce014d68fb 100644
--- a/x-pack/plugins/aiops/public/components/log_rate_analysis_results_table/use_view_in_log_pattern_analysis_action.tsx
+++ b/x-pack/plugins/aiops/public/components/log_rate_analysis_results_table/use_view_in_log_pattern_analysis_action.tsx
@@ -104,7 +104,7 @@ export const useViewInLogPatternAnalysisAction = (dataViewId?: string): TableIte
       return (
         <TableActionButton
           dataTestSubjPostfix="LogPatternAnalysis"
-          iconType="logstashQueue"
+          iconType="logPatternAnalysis"
           isDisabled={isDisabled}
           label={viewInLogPatternAnalysisMessage}
           tooltipText={
diff --git a/x-pack/plugins/aiops/public/embeddables/change_point_chart/embeddable_chart_component_wrapper.tsx b/x-pack/plugins/aiops/public/embeddables/change_point_chart/embeddable_chart_component_wrapper.tsx
index 69da4be087a14..15159d7adb60c 100644
--- a/x-pack/plugins/aiops/public/embeddables/change_point_chart/embeddable_chart_component_wrapper.tsx
+++ b/x-pack/plugins/aiops/public/embeddables/change_point_chart/embeddable_chart_component_wrapper.tsx
@@ -6,11 +6,12 @@
  */
 
 import type { FC } from 'react';
-import React, { useEffect, useMemo } from 'react';
+import React, { useMemo } from 'react';
 import { css } from '@emotion/react';
 import { CHANGE_POINT_DETECTION_VIEW_TYPE } from '@kbn/aiops-change-point-detection/constants';
 import { getEsQueryConfig } from '@kbn/data-service';
 import { buildEsQuery } from '@kbn/es-query';
+import { EuiLoadingSpinner } from '@elastic/eui';
 import type { ChangePointDetectionProps } from '../../shared_components/change_point_detection';
 import { ChangePointsTable } from '../../components/change_point_detection/change_points_table';
 import {
@@ -48,7 +49,6 @@ export const ChartGridEmbeddableWrapper: FC<ChangePointDetectionProps> = ({
   splitField,
   partitions,
   onError,
-  onLoading,
   onRenderComplete,
   onChange,
   emptyState,
@@ -101,10 +101,6 @@ export const ChartGridEmbeddableWrapper: FC<ChangePointDetectionProps> = ({
     10000
   );
 
-  useEffect(() => {
-    onLoading(isLoading);
-  }, [onLoading, isLoading]);
-
   const changePoints = useMemo<ChangePointAnnotation[]>(() => {
     let resultChangePoints: ChangePointAnnotation[] = results.sort((a, b) => {
       if (defaultSort.direction === 'asc') {
@@ -125,6 +121,10 @@ export const ChartGridEmbeddableWrapper: FC<ChangePointDetectionProps> = ({
     return resultChangePoints;
   }, [results, maxSeriesToPlot, onChange]);
 
+  if (isLoading) {
+    return <EuiLoadingSpinner size="m" />;
+  }
+
   return (
     <div
       css={css`
diff --git a/x-pack/plugins/aiops/public/embeddables/pattern_analysis/embeddable_pattern_analysis_factory.tsx b/x-pack/plugins/aiops/public/embeddables/pattern_analysis/embeddable_pattern_analysis_factory.tsx
index e0017668b338c..0327ce6e72031 100644
--- a/x-pack/plugins/aiops/public/embeddables/pattern_analysis/embeddable_pattern_analysis_factory.tsx
+++ b/x-pack/plugins/aiops/public/embeddables/pattern_analysis/embeddable_pattern_analysis_factory.tsx
@@ -29,6 +29,8 @@ import type {
   PatternAnalysisEmbeddableState,
 } from './types';
 
+export type EmbeddablePatternAnalysisType = typeof EMBEDDABLE_PATTERN_ANALYSIS_TYPE;
+
 export const getPatternAnalysisEmbeddableFactory = (
   getStartServices: StartServicesAccessor<AiopsPluginStartDeps, AiopsPluginStart>
 ) => {
diff --git a/x-pack/plugins/aiops/public/hooks/use_cases_modal.ts b/x-pack/plugins/aiops/public/hooks/use_cases_modal.ts
index a59fb8983b794..8ec73a21f9bbd 100644
--- a/x-pack/plugins/aiops/public/hooks/use_cases_modal.ts
+++ b/x-pack/plugins/aiops/public/hooks/use_cases_modal.ts
@@ -11,11 +11,22 @@ import { AttachmentType } from '@kbn/cases-plugin/common';
 import type { ChangePointEmbeddableRuntimeState } from '../embeddables/change_point_chart/types';
 import type { EmbeddableChangePointChartType } from '../embeddables/change_point_chart/embeddable_change_point_chart_factory';
 import { useAiopsAppContext } from './use_aiops_app_context';
+import type { EmbeddablePatternAnalysisType } from '../embeddables/pattern_analysis/embeddable_pattern_analysis_factory';
+import type { PatternAnalysisEmbeddableRuntimeState } from '../embeddables/pattern_analysis/types';
+
+type SupportedEmbeddableTypes = EmbeddableChangePointChartType | EmbeddablePatternAnalysisType;
+
+type EmbeddableRuntimeState<T extends SupportedEmbeddableTypes> =
+  T extends EmbeddableChangePointChartType
+    ? ChangePointEmbeddableRuntimeState
+    : T extends EmbeddablePatternAnalysisType
+    ? PatternAnalysisEmbeddableRuntimeState
+    : never;
 
 /**
  * Returns a callback for opening the cases modal with provided attachment state.
  */
-export const useCasesModal = <EmbeddableType extends EmbeddableChangePointChartType>(
+export const useCasesModal = <EmbeddableType extends SupportedEmbeddableTypes>(
   embeddableType: EmbeddableType
 ) => {
   const { cases } = useAiopsAppContext();
@@ -23,7 +34,7 @@ export const useCasesModal = <EmbeddableType extends EmbeddableChangePointChartT
   const selectCaseModal = cases?.hooks.useCasesAddToExistingCaseModal();
 
   return useCallback(
-    (persistableState: Partial<Omit<ChangePointEmbeddableRuntimeState, 'id'>>) => {
+    (persistableState: Partial<Omit<EmbeddableRuntimeState<EmbeddableType>, 'id'>>) => {
       const persistableStateAttachmentState = {
         ...persistableState,
         // Creates unique id based on the input
diff --git a/x-pack/plugins/aiops/public/plugin.tsx b/x-pack/plugins/aiops/public/plugin.tsx
index 5863ea03b3072..d8c3dfd4c3636 100755
--- a/x-pack/plugins/aiops/public/plugin.tsx
+++ b/x-pack/plugins/aiops/public/plugin.tsx
@@ -19,7 +19,7 @@ import type {
 } from './types';
 import { registerEmbeddables } from './embeddables';
 import { registerAiopsUiActions } from './ui_actions';
-import { registerChangePointChartsAttachment } from './cases/register_change_point_charts_attachment';
+import { registerCases } from './cases/register_cases';
 
 export type AiopsCoreSetup = CoreSetup<AiopsPluginStartDeps, AiopsPluginStart>;
 
@@ -44,7 +44,7 @@ export class AiopsPlugin
           }
 
           if (cases) {
-            registerChangePointChartsAttachment(cases, coreStart, pluginStart);
+            registerCases(cases, coreStart, pluginStart);
           }
         }
       }
diff --git a/x-pack/plugins/aiops/server/register_cases.ts b/x-pack/plugins/aiops/server/register_cases.ts
index 8877c2ef9b5ee..5649c88ca6327 100644
--- a/x-pack/plugins/aiops/server/register_cases.ts
+++ b/x-pack/plugins/aiops/server/register_cases.ts
@@ -8,6 +8,7 @@
 import type { Logger } from '@kbn/core/server';
 import type { CasesServerSetup } from '@kbn/cases-plugin/server';
 import { CASES_ATTACHMENT_CHANGE_POINT_CHART } from '@kbn/aiops-change-point-detection/constants';
+import { CASES_ATTACHMENT_LOG_PATTERN } from '@kbn/aiops-log-pattern-analysis/constants';
 
 export function registerCasesPersistableState(cases: CasesServerSetup | undefined, logger: Logger) {
   if (cases) {
@@ -15,10 +16,11 @@ export function registerCasesPersistableState(cases: CasesServerSetup | undefine
       cases.attachmentFramework.registerPersistableState({
         id: CASES_ATTACHMENT_CHANGE_POINT_CHART,
       });
+      cases.attachmentFramework.registerPersistableState({
+        id: CASES_ATTACHMENT_LOG_PATTERN,
+      });
     } catch (error) {
-      logger.warn(
-        `AIOPs failed to register cases persistable state for ${CASES_ATTACHMENT_CHANGE_POINT_CHART}`
-      );
+      logger.warn(`AIOPs failed to register cases persistable state`);
     }
   }
 }
diff --git a/x-pack/plugins/canvas/canvas_plugin_src/renderers/embeddable/embeddable.scss b/x-pack/plugins/canvas/canvas_plugin_src/renderers/embeddable/embeddable.scss
index 793cc423d7904..34ec94322508a 100644
--- a/x-pack/plugins/canvas/canvas_plugin_src/renderers/embeddable/embeddable.scss
+++ b/x-pack/plugins/canvas/canvas_plugin_src/renderers/embeddable/embeddable.scss
@@ -8,21 +8,6 @@
     .embPanel__title {
       margin-bottom: $euiSizeXS;
     }
-
-    .embPanel__optionsMenuButton {
-      border-radius: $euiBorderRadius;
-    }
-
-    .canvas-isFullscreen & {
-      .embPanel__optionsMenuButton {
-        opacity: 0;
-      }
-
-      &:focus .embPanel__optionsMenuButton,
-      &:hover .embPanel__optionsMenuButton {
-        opacity: 1;
-      }
-    }
   }
 
   .embPanel__hoverActionsLeft, .embPanel__hoverActions > .embPanel--dragHandle {
diff --git a/x-pack/plugins/cloud/server/routes/elasticsearch_routes.ts b/x-pack/plugins/cloud/server/routes/elasticsearch_routes.ts
index 5cdc2f90559cc..d3a5c4bebf305 100644
--- a/x-pack/plugins/cloud/server/routes/elasticsearch_routes.ts
+++ b/x-pack/plugins/cloud/server/routes/elasticsearch_routes.ts
@@ -24,12 +24,24 @@ export function defineRoutes({
       path: ELASTICSEARCH_CONFIG_ROUTE,
       access: 'internal',
     })
-    .addVersion({ version: '1', validate: {} }, async (context, request, response) => {
-      const body: ElasticsearchConfigType = {
-        elasticsearch_url: elasticsearchUrl,
-      };
-      return response.ok({
-        body,
-      });
-    });
+    .addVersion(
+      {
+        version: '1',
+        security: {
+          authz: {
+            enabled: false,
+            reason: 'This route is opted out from authorization',
+          },
+        },
+        validate: {},
+      },
+      async (context, request, response) => {
+        const body: ElasticsearchConfigType = {
+          elasticsearch_url: elasticsearchUrl,
+        };
+        return response.ok({
+          body,
+        });
+      }
+    );
 }
diff --git a/x-pack/plugins/data_usage/server/services/autoops_api.ts b/x-pack/plugins/data_usage/server/services/autoops_api.ts
index 6a9de27f996f1..03b56df08e9b5 100644
--- a/x-pack/plugins/data_usage/server/services/autoops_api.ts
+++ b/x-pack/plugins/data_usage/server/services/autoops_api.ts
@@ -63,7 +63,6 @@ export class AutoOpsAPIService {
         rejectUnauthorized: tlsConfig.rejectUnauthorized,
         cert: tlsConfig.certificate,
         key: tlsConfig.key,
-        ca: tlsConfig.certificateAuthorities,
       }),
     };
 
diff --git a/x-pack/plugins/data_visualizer/kibana.jsonc b/x-pack/plugins/data_visualizer/kibana.jsonc
index 1e83c34113beb..72ba380fcec3b 100644
--- a/x-pack/plugins/data_visualizer/kibana.jsonc
+++ b/x-pack/plugins/data_visualizer/kibana.jsonc
@@ -41,7 +41,6 @@
       "uiActions",
       "lens",
       "esql",
-      "visualizations"
     ]
   }
-}
\ No newline at end of file
+}
diff --git a/x-pack/plugins/data_visualizer/public/application/common/components/stats_table/data_visualizer_stats_table.tsx b/x-pack/plugins/data_visualizer/public/application/common/components/stats_table/data_visualizer_stats_table.tsx
index 811d69b6bfeb3..3b591a85ff472 100644
--- a/x-pack/plugins/data_visualizer/public/application/common/components/stats_table/data_visualizer_stats_table.tsx
+++ b/x-pack/plugins/data_visualizer/public/application/common/components/stats_table/data_visualizer_stats_table.tsx
@@ -65,7 +65,7 @@ interface DataVisualizerTableProps<T extends object> {
   error?: Error | string;
 }
 
-export const DataVisualizerTable = <T extends DataVisualizerTableItem>({
+const UnmemoizedDataVisualizerTable = <T extends DataVisualizerTableItem>({
   items,
   pageState,
   updatePageState,
@@ -506,3 +506,7 @@ export const DataVisualizerTable = <T extends DataVisualizerTableItem>({
     </EuiResizeObserver>
   );
 };
+
+export const DataVisualizerTable = React.memo(
+  UnmemoizedDataVisualizerTable
+) as typeof UnmemoizedDataVisualizerTable;
diff --git a/x-pack/plugins/data_visualizer/public/application/index_data_visualizer/components/index_data_visualizer_view/index_data_visualizer_esql.tsx b/x-pack/plugins/data_visualizer/public/application/index_data_visualizer/components/index_data_visualizer_view/index_data_visualizer_esql.tsx
index f2ac83e1d4bfb..c6190c87bcae5 100644
--- a/x-pack/plugins/data_visualizer/public/application/index_data_visualizer/components/index_data_visualizer_view/index_data_visualizer_esql.tsx
+++ b/x-pack/plugins/data_visualizer/public/application/index_data_visualizer/components/index_data_visualizer_view/index_data_visualizer_esql.tsx
@@ -24,12 +24,12 @@ import {
   EuiPanel,
   EuiProgress,
   EuiSpacer,
+  EuiCallOut,
 } from '@elastic/eui';
 import type { DataView } from '@kbn/data-views-plugin/common';
 import { getIndexPatternFromESQLQuery } from '@kbn/esql-utils';
 import { getOrCreateDataViewByIndexPattern } from '../../search_strategy/requests/get_data_view_by_index_pattern';
 import { useCurrentEuiTheme } from '../../../common/hooks/use_current_eui_theme';
-import type { FieldVisConfig } from '../../../common/components/stats_table/types';
 import { DATA_VISUALIZER_INDEX_VIEWER } from '../../constants/index_data_visualizer_viewer';
 import { useDataVisualizerKibana } from '../../../kibana_context';
 import type { GetAdditionalLinks } from '../../../common/components/results_links';
@@ -49,6 +49,7 @@ import type {
 import type { ESQLQuery } from '../../search_strategy/requests/esql_utils';
 import { isESQLQuery } from '../../search_strategy/requests/esql_utils';
 import { FieldStatsComponentType } from '../../constants/field_stats_component_type';
+import { getReasonIfFieldStatsUnavailableForQuery } from '../../utils/get_reason_fieldstats_unavailable_for_esql_query';
 
 export interface IndexDataVisualizerESQLProps {
   getAdditionalLinks?: GetAdditionalLinks;
@@ -64,6 +65,8 @@ export const IndexDataVisualizerESQL: FC<IndexDataVisualizerESQLProps> = (dataVi
   const [query, setQuery] = useState<ESQLQuery>(DEFAULT_ESQL_QUERY);
   const [currentDataView, setCurrentDataView] = useState<DataView | undefined>();
 
+  const unsupportedReasonForQuery = getReasonIfFieldStatsUnavailableForQuery(localQuery);
+
   const toggleShowEmptyFields = () => {
     setDataVisualizerListState({
       ...dataVisualizerListState,
@@ -202,8 +205,11 @@ export const IndexDataVisualizerESQL: FC<IndexDataVisualizerESQLProps> = (dataVi
   const onTextLangQuerySubmit = useCallback(
     async (q: AggregateQuery | undefined) => {
       if (isESQLQuery(q)) {
-        resetData();
-        setQuery(q);
+        const isUnsupported = getReasonIfFieldStatsUnavailableForQuery(q) !== undefined;
+        if (!isUnsupported) {
+          resetData();
+          setQuery(q);
+        }
       }
     },
     [resetData]
@@ -224,8 +230,19 @@ export const IndexDataVisualizerESQL: FC<IndexDataVisualizerESQLProps> = (dataVi
             data-test-subj="dataViewTitleHeader"
             direction="row"
             alignItems="center"
-            css={{ padding: `${euiTheme.euiSizeS} 0`, marginRight: `${euiTheme.euiSize}` }}
-          />
+            css={{ padding: 0, marginRight: 0 }}
+          >
+            {unsupportedReasonForQuery ? (
+              <EuiFlexItem grow={true}>
+                <EuiCallOut
+                  size="s"
+                  iconType="warning"
+                  color="warning"
+                  title={unsupportedReasonForQuery}
+                />
+              </EuiFlexItem>
+            ) : null}
+          </EuiFlexGroup>
 
           {isWithinLargeBreakpoint ? <EuiSpacer size="m" /> : null}
           <EuiFlexGroup
@@ -253,7 +270,8 @@ export const IndexDataVisualizerESQL: FC<IndexDataVisualizerESQLProps> = (dataVi
                 width="full"
                 needsUpdate={queryNeedsUpdate}
                 onRefresh={handleRefresh}
-                isDisabled={!hasValidTimeField}
+                isDisabled={unsupportedReasonForQuery !== undefined}
+                tooltipMessage={unsupportedReasonForQuery}
               />
             </EuiFlexItem>
           </EuiFlexGroup>
@@ -276,6 +294,7 @@ export const IndexDataVisualizerESQL: FC<IndexDataVisualizerESQLProps> = (dataVi
             hideRunQueryText={false}
             isLoading={queryHistoryStatus ?? false}
             displayDocumentationAsFlyout
+            disableSubmitAction={unsupportedReasonForQuery !== undefined}
           />
         </EuiFlexItem>
 
@@ -312,7 +331,7 @@ export const IndexDataVisualizerESQL: FC<IndexDataVisualizerESQLProps> = (dataVi
               <EuiSpacer size="s" />
 
               <EuiProgress value={combinedProgress} max={100} size="xs" />
-              <DataVisualizerTable<FieldVisConfig>
+              <DataVisualizerTable
                 items={configs}
                 pageState={dataVisualizerListState}
                 updatePageState={setDataVisualizerListState}
diff --git a/x-pack/plugins/data_visualizer/public/application/index_data_visualizer/embeddables/field_stats/field_stats_esql_editor.tsx b/x-pack/plugins/data_visualizer/public/application/index_data_visualizer/embeddables/field_stats/field_stats_esql_editor.tsx
index bde937a778a55..3ebe1fd56f805 100644
--- a/x-pack/plugins/data_visualizer/public/application/index_data_visualizer/embeddables/field_stats/field_stats_esql_editor.tsx
+++ b/x-pack/plugins/data_visualizer/public/application/index_data_visualizer/embeddables/field_stats/field_stats_esql_editor.tsx
@@ -14,12 +14,14 @@ interface FieldStatsESQLEditorProps {
   query: AggregateQuery;
   setQuery: (query: AggregateQuery) => void;
   onQuerySubmit: (query: AggregateQuery, abortController?: AbortController) => Promise<void>;
+  disableSubmitAction?: boolean;
 }
 export const FieldStatsESQLEditor = ({
   canEditTextBasedQuery = true,
   query,
   setQuery,
   onQuerySubmit,
+  disableSubmitAction = false,
 }: FieldStatsESQLEditorProps) => {
   const prevQuery = useRef<AggregateQuery>(query);
   const [isVisualizationLoading, setIsVisualizationLoading] = useState(false);
@@ -48,8 +50,8 @@ export const FieldStatsESQLEditor = ({
         editorIsInline
         hideRunQueryText
         onTextLangQuerySubmit={onTextLangQuerySubmit}
-        isDisabled={false}
-        allowQueryCancellation
+        allowQueryCancellation={false}
+        disableSubmitAction={disableSubmitAction}
         isLoading={isVisualizationLoading}
       />
     </EuiFlexItem>
diff --git a/x-pack/plugins/data_visualizer/public/application/index_data_visualizer/embeddables/field_stats/field_stats_initializer.tsx b/x-pack/plugins/data_visualizer/public/application/index_data_visualizer/embeddables/field_stats/field_stats_initializer.tsx
index 0e678e328894d..eb829e9a20cd8 100644
--- a/x-pack/plugins/data_visualizer/public/application/index_data_visualizer/embeddables/field_stats/field_stats_initializer.tsx
+++ b/x-pack/plugins/data_visualizer/public/application/index_data_visualizer/embeddables/field_stats/field_stats_initializer.tsx
@@ -38,6 +38,7 @@ import type {
 import { FieldStatsInitializerViewType } from '../grid_embeddable/types';
 import { isESQLQuery } from '../../search_strategy/requests/esql_utils';
 import { DataSourceTypeSelector } from './field_stats_initializer_view_type';
+import { getReasonIfFieldStatsUnavailableForQuery } from '../../utils/get_reason_fieldstats_unavailable_for_esql_query';
 
 export interface FieldStatsInitializerProps {
   initialInput?: Partial<FieldStatisticsTableEmbeddableState>;
@@ -94,6 +95,12 @@ export const FieldStatisticsInitializer: FC<FieldStatsInitializerProps> = ({
     };
     // eslint-disable-next-line react-hooks/exhaustive-deps
   }, [dataViewId, viewType, esqlQuery.esql, isEsqlMode]);
+
+  const unsupportedReason = useMemo(
+    () => getReasonIfFieldStatsUnavailableForQuery(esqlQuery),
+    [esqlQuery]
+  );
+
   const onESQLQuerySubmit = useCallback(
     async (query: AggregateQuery, abortController?: AbortController) => {
       const adhocDataView = await getESQLAdHocDataview(query.esql, dataViews);
@@ -101,11 +108,14 @@ export const FieldStatisticsInitializer: FC<FieldStatsInitializerProps> = ({
         setDataViewId(adhocDataView.id);
       }
 
-      await onPreview({
-        viewType,
-        dataViewId: adhocDataView?.id,
-        query,
-      });
+      const supported = getReasonIfFieldStatsUnavailableForQuery(query) === undefined;
+      if (supported) {
+        await onPreview({
+          viewType,
+          dataViewId: adhocDataView?.id,
+          query,
+        });
+      }
     },
     // eslint-disable-next-line react-hooks/exhaustive-deps
     [isEsqlMode]
@@ -202,6 +212,7 @@ export const FieldStatisticsInitializer: FC<FieldStatsInitializerProps> = ({
               }
             />
           ) : null}
+
           {initialInput?.viewType === FieldStatsInitializerViewType.ESQL && !isEsqlEnabled ? (
             <>
               <DataSourceTypeSelector value={viewType} onChange={setViewType} />
@@ -247,6 +258,7 @@ export const FieldStatisticsInitializer: FC<FieldStatsInitializerProps> = ({
               query={esqlQuery}
               setQuery={setQuery}
               onQuerySubmit={onESQLQuerySubmit}
+              disableSubmitAction={!!unsupportedReason}
             />
           ) : null}
         </EuiFlexGroup>
@@ -272,26 +284,39 @@ export const FieldStatisticsInitializer: FC<FieldStatsInitializerProps> = ({
               />
             </EuiButtonEmpty>
           </EuiFlexItem>
-          <EuiFlexItem grow={false}>
-            <EuiButton
-              onClick={onCreate.bind(null, updatedProps)}
-              fill
-              aria-label={i18n.translate(
-                'xpack.dataVisualizer.fieldStatisticsDashboardPanel.config.applyFlyoutAriaLabel',
-                {
-                  defaultMessage: 'Apply changes',
-                }
-              )}
-              disabled={!isEsqlFormValid || !isDataViewFormValid}
-              iconType="check"
-              data-test-subj="applyFlyoutButton"
-            >
-              <FormattedMessage
-                id="xpack.dataVisualizer.fieldStatisticsDashboardPanel.config.applyAndCloseLabel"
-                defaultMessage="Apply and close"
-              />
-            </EuiButton>
-          </EuiFlexItem>
+          <EuiFlexGroup
+            direction="row"
+            alignItems="center"
+            justifyContent="flexEnd"
+            gutterSize="xs"
+          >
+            {unsupportedReason ? (
+              <EuiFlexItem grow={false}>
+                <EuiIconTip type="warning" content={unsupportedReason} color="warning" />
+              </EuiFlexItem>
+            ) : null}
+
+            <EuiFlexItem grow={false}>
+              <EuiButton
+                onClick={onCreate.bind(null, updatedProps)}
+                fill
+                aria-label={i18n.translate(
+                  'xpack.dataVisualizer.fieldStatisticsDashboardPanel.config.applyFlyoutAriaLabel',
+                  {
+                    defaultMessage: 'Apply changes',
+                  }
+                )}
+                disabled={!isEsqlFormValid || !isDataViewFormValid || !!unsupportedReason}
+                iconType="check"
+                data-test-subj="applyFlyoutButton"
+              >
+                <FormattedMessage
+                  id="xpack.dataVisualizer.fieldStatisticsDashboardPanel.config.applyAndCloseLabel"
+                  defaultMessage="Apply and close"
+                />
+              </EuiButton>
+            </EuiFlexItem>
+          </EuiFlexGroup>
         </EuiFlexGroup>
       </EuiFlyoutFooter>
     </>
diff --git a/x-pack/plugins/data_visualizer/public/application/index_data_visualizer/embeddables/grid_embeddable/embeddable_error_msg.tsx b/x-pack/plugins/data_visualizer/public/application/index_data_visualizer/embeddables/grid_embeddable/embeddable_error_msg.tsx
new file mode 100644
index 0000000000000..9e49570ab6bfa
--- /dev/null
+++ b/x-pack/plugins/data_visualizer/public/application/index_data_visualizer/embeddables/grid_embeddable/embeddable_error_msg.tsx
@@ -0,0 +1,41 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import React from 'react';
+import { EuiFlexItem } from '@elastic/eui';
+import { EmptyPlaceholder } from '@kbn/charts-plugin/public';
+import { i18n } from '@kbn/i18n';
+import { css } from '@emotion/react';
+const FIELD_STATS_UNAVAILABLE_TITLE = i18n.translate(
+  'xpack.dataVisualizer.fieldStats.unavailableTitle',
+  {
+    defaultMessage: 'Field statistics not supported for ES|QL queries',
+  }
+);
+
+const FieldStatsUnavailableMessage = ({
+  id,
+  title = FIELD_STATS_UNAVAILABLE_TITLE,
+}: {
+  id?: string;
+  title?: string;
+}) => {
+  return (
+    <EuiFlexItem
+      alignItems="center"
+      fullWidth
+      css={css`
+        height: 100%;
+      `}
+    >
+      <EmptyPlaceholder icon={'warning'} message={title} />
+    </EuiFlexItem>
+  );
+};
+
+// Default export for lazy loading
+// eslint-disable-next-line import/no-default-export
+export default FieldStatsUnavailableMessage;
diff --git a/x-pack/plugins/data_visualizer/public/application/index_data_visualizer/embeddables/grid_embeddable/field_stats_wrapper.tsx b/x-pack/plugins/data_visualizer/public/application/index_data_visualizer/embeddables/grid_embeddable/field_stats_wrapper.tsx
index 03dbb9c7af8c8..d991f02fb3958 100644
--- a/x-pack/plugins/data_visualizer/public/application/index_data_visualizer/embeddables/grid_embeddable/field_stats_wrapper.tsx
+++ b/x-pack/plugins/data_visualizer/public/application/index_data_visualizer/embeddables/grid_embeddable/field_stats_wrapper.tsx
@@ -16,11 +16,13 @@ import { DatePickerContextProvider } from '@kbn/ml-date-picker';
 import type { DatePickerDependencies } from '@kbn/ml-date-picker';
 import { UI_SETTINGS } from '@kbn/data-plugin/common';
 import { pick } from 'lodash';
+import { isOfAggregateQueryType } from '@kbn/es-query';
 import { getCoreStart, getPluginsStart } from '../../../../kibana_services';
 import type {
   FieldStatisticTableEmbeddableProps,
   ESQLDataVisualizerGridEmbeddableState,
 } from './types';
+import FieldStatsUnavailableMessage from './embeddable_error_msg';
 
 const EmbeddableESQLFieldStatsTableWrapper = dynamic(
   () => import('./embeddable_esql_field_stats_table')
@@ -41,7 +43,10 @@ function isFieldStatisticTableEmbeddableState(
 
 const FieldStatisticsWrapperContent = (props: FieldStatisticTableEmbeddableProps) => {
   if (isESQLFieldStatisticTableEmbeddableState(props)) {
-    return (
+    const isEsql = props.esqlQuery && isOfAggregateQueryType(props.esqlQuery);
+    return isEsql ? (
+      <FieldStatsUnavailableMessage id={props.id} />
+    ) : (
       <EmbeddableESQLFieldStatsTableWrapper
         id={props.id}
         dataView={props.dataView}
diff --git a/x-pack/plugins/data_visualizer/public/application/index_data_visualizer/hooks/esql/use_data_visualizer_esql_data.tsx b/x-pack/plugins/data_visualizer/public/application/index_data_visualizer/hooks/esql/use_data_visualizer_esql_data.tsx
index def3e5e4b75bb..2323b231d67f7 100644
--- a/x-pack/plugins/data_visualizer/public/application/index_data_visualizer/hooks/esql/use_data_visualizer_esql_data.tsx
+++ b/x-pack/plugins/data_visualizer/public/application/index_data_visualizer/hooks/esql/use_data_visualizer_esql_data.tsx
@@ -44,6 +44,7 @@ import type {
 } from '../../embeddables/grid_embeddable/types';
 import { getDefaultPageState } from '../../constants/index_data_visualizer_viewer';
 import { DEFAULT_ESQL_LIMIT } from '../../constants/esql_constants';
+import { getReasonIfFieldStatsUnavailableForQuery } from '../../utils/get_reason_fieldstats_unavailable_for_esql_query';
 
 type AnyQuery = Query | AggregateQuery;
 
@@ -160,9 +161,17 @@ export const useESQLDataVisualizerData = (
 
       const tf = timefilter;
 
-      if (!buckets || !tf || (isESQLQuery(query) && query.esql === '')) return;
-      const activeBounds = tf.getActiveBounds();
+      if (!buckets || !tf || query.esql === '') return;
 
+      // Safeguard to not ever run query if not supported
+      if (isESQLQuery(query)) {
+        const unsupportedReasonForQuery = getReasonIfFieldStatsUnavailableForQuery(query);
+        if (unsupportedReasonForQuery) {
+          return;
+        }
+      }
+
+      const activeBounds = tf.getActiveBounds();
       let earliest: number | undefined;
       let latest: number | undefined;
       if (activeBounds !== undefined && currentDataView?.timeFieldName !== undefined) {
diff --git a/x-pack/plugins/data_visualizer/public/application/index_data_visualizer/ui_actions/create_field_stats_table.tsx b/x-pack/plugins/data_visualizer/public/application/index_data_visualizer/ui_actions/create_field_stats_table.tsx
deleted file mode 100644
index 6b788e4acab46..0000000000000
--- a/x-pack/plugins/data_visualizer/public/application/index_data_visualizer/ui_actions/create_field_stats_table.tsx
+++ /dev/null
@@ -1,213 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import React from 'react';
-
-import { i18n } from '@kbn/i18n';
-import type { PresentationContainer } from '@kbn/presentation-containers';
-import type { EmbeddableApiContext } from '@kbn/presentation-publishing';
-import type { UiActionsActionDefinition } from '@kbn/ui-actions-plugin/public';
-import type { CoreStart } from '@kbn/core-lifecycle-browser';
-import { COMMON_VISUALIZATION_GROUPING } from '@kbn/visualizations-plugin/public';
-import { ENABLE_ESQL } from '@kbn/esql-utils';
-
-import type { DataVisualizerStartDependencies } from '../../common/types/data_visualizer_plugin';
-import type {
-  FieldStatisticsTableEmbeddableApi,
-  FieldStatsControlsApi,
-} from '../embeddables/field_stats/types';
-import type { FieldStatsInitialState } from '../embeddables/grid_embeddable/types';
-
-const parentApiIsCompatible = async (
-  parentApi: unknown
-): Promise<PresentationContainer | undefined> => {
-  const { apiIsPresentationContainer } = await import('@kbn/presentation-containers');
-  // we cannot have an async type check, so return the casted parentApi rather than a boolean
-  return apiIsPresentationContainer(parentApi) ? (parentApi as PresentationContainer) : undefined;
-};
-
-interface FieldStatsActionContext extends EmbeddableApiContext {
-  embeddable: FieldStatisticsTableEmbeddableApi;
-}
-
-async function updatePanelFromFlyoutEdits({
-  api,
-  isNewPanel,
-  deletePanel,
-  coreStart,
-  pluginStart,
-  initialState,
-}: {
-  api: FieldStatisticsTableEmbeddableApi;
-  isNewPanel: boolean;
-  deletePanel?: () => void;
-  coreStart: CoreStart;
-  pluginStart: DataVisualizerStartDependencies;
-  initialState: FieldStatsInitialState;
-  fieldStatsControlsApi?: FieldStatsControlsApi;
-}) {
-  const [
-    { getOrCreateDataViewByIndexPattern },
-    { FieldStatisticsInitializer },
-    { tracksOverlays },
-    { toMountPoint },
-    { KibanaContextProvider },
-    { isDefined },
-  ] = await Promise.all([
-    import('../search_strategy/requests/get_data_view_by_index_pattern'),
-    import('../embeddables/field_stats/field_stats_initializer'),
-    import('@kbn/presentation-containers'),
-    import('@kbn/react-kibana-mount'),
-    import('@kbn/kibana-react-plugin/public'),
-    import('@kbn/ml-is-defined'),
-  ]);
-  const parentApi = api.parentApi;
-  const overlayTracker = tracksOverlays(parentApi) ? parentApi : undefined;
-  const services = {
-    ...coreStart,
-    ...pluginStart,
-  };
-  let hasChanged = false;
-  const cancelChanges = () => {
-    // Reset to initialState in case user has changed the preview state
-    if (hasChanged && api && initialState) {
-      api.updateUserInput(initialState);
-    }
-
-    if (isNewPanel && deletePanel) {
-      deletePanel();
-    }
-    flyoutSession.close();
-    overlayTracker?.clearOverlays();
-  };
-
-  const update = async (nextUpdate: FieldStatsInitialState) => {
-    const esqlQuery = nextUpdate?.query?.esql;
-    if (isDefined(esqlQuery)) {
-      const dv = await getOrCreateDataViewByIndexPattern(
-        pluginStart.data.dataViews,
-        esqlQuery,
-        undefined
-      );
-      if (dv?.id && nextUpdate.dataViewId !== dv.id) {
-        nextUpdate.dataViewId = dv.id;
-      }
-    }
-    if (api) {
-      api.updateUserInput(nextUpdate);
-    }
-
-    flyoutSession.close();
-    overlayTracker?.clearOverlays();
-  };
-  const flyoutSession = services.overlays.openFlyout(
-    toMountPoint(
-      <KibanaContextProvider services={services}>
-        <FieldStatisticsInitializer
-          initialInput={initialState}
-          onPreview={async (nextUpdate) => {
-            if (api.updateUserInput) {
-              api.updateUserInput(nextUpdate);
-              hasChanged = true;
-            }
-          }}
-          onCreate={update}
-          onCancel={cancelChanges}
-          isNewPanel={isNewPanel}
-        />
-      </KibanaContextProvider>,
-      coreStart
-    ),
-    {
-      ownFocus: true,
-      size: 's',
-      paddingSize: 'm',
-      hideCloseButton: true,
-      type: 'push',
-      'data-test-subj': 'fieldStatisticsInitializerFlyout',
-      onClose: cancelChanges,
-    }
-  );
-  overlayTracker?.openOverlay(flyoutSession, { focusedPanelId: api.uuid });
-}
-
-export function createAddFieldStatsTableAction(
-  coreStart: CoreStart,
-  pluginStart: DataVisualizerStartDependencies
-): UiActionsActionDefinition<FieldStatsActionContext> {
-  return {
-    id: 'create-field-stats-table',
-    grouping: COMMON_VISUALIZATION_GROUPING,
-    order: 10,
-    getIconType: () => 'fieldStatistics',
-    getDisplayName: () =>
-      i18n.translate('xpack.dataVisualizer.fieldStatistics.displayName', {
-        defaultMessage: 'Field statistics',
-      }),
-    disabled: !coreStart.uiSettings.get(ENABLE_ESQL),
-    async isCompatible(context: EmbeddableApiContext) {
-      return (
-        Boolean(await parentApiIsCompatible(context.embeddable)) &&
-        coreStart.uiSettings.get(ENABLE_ESQL)
-      );
-    },
-    async execute(context) {
-      const [
-        { IncompatibleActionError },
-        { FIELD_STATS_EMBEDDABLE_TYPE },
-        { FieldStatsInitializerViewType },
-      ] = await Promise.all([
-        import('@kbn/ui-actions-plugin/public'),
-        import('../embeddables/field_stats/constants'),
-        import('../embeddables/grid_embeddable/types'),
-      ]);
-
-      const presentationContainerParent = await parentApiIsCompatible(context.embeddable);
-      if (!presentationContainerParent) throw new IncompatibleActionError();
-
-      const isEsqlEnabled = coreStart.uiSettings.get(ENABLE_ESQL);
-      try {
-        const defaultIndexPattern = await pluginStart.data.dataViews.getDefault();
-        const defaultInitialState: FieldStatsInitialState = isEsqlEnabled
-          ? {
-              viewType: FieldStatsInitializerViewType.ESQL,
-              query: {
-                // Initial default query
-                esql: `from ${defaultIndexPattern?.getIndexPattern()} | limit 10`,
-              },
-            }
-          : {
-              viewType: FieldStatsInitializerViewType.DATA_VIEW,
-            };
-        const embeddable = await presentationContainerParent.addNewPanel<
-          object,
-          FieldStatisticsTableEmbeddableApi
-        >({
-          panelType: FIELD_STATS_EMBEDDABLE_TYPE,
-          initialState: defaultInitialState,
-        });
-        // open the flyout if embeddable has been created successfully
-        if (embeddable) {
-          const deletePanel = () => {
-            presentationContainerParent.removePanel(embeddable.uuid);
-          };
-
-          updatePanelFromFlyoutEdits({
-            api: embeddable,
-            isNewPanel: true,
-            deletePanel,
-            coreStart,
-            pluginStart,
-            initialState: defaultInitialState,
-          });
-        }
-      } catch (e) {
-        return Promise.reject(e);
-      }
-    },
-  };
-}
diff --git a/x-pack/plugins/data_visualizer/public/application/index_data_visualizer/ui_actions/index.ts b/x-pack/plugins/data_visualizer/public/application/index_data_visualizer/ui_actions/index.ts
deleted file mode 100644
index ac2f73860e4fb..0000000000000
--- a/x-pack/plugins/data_visualizer/public/application/index_data_visualizer/ui_actions/index.ts
+++ /dev/null
@@ -1,20 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import type { CoreStart } from '@kbn/core-lifecycle-browser';
-import type { UiActionsSetup } from '@kbn/ui-actions-plugin/public';
-import type { DataVisualizerStartDependencies } from '../../common/types/data_visualizer_plugin';
-import { createAddFieldStatsTableAction } from './create_field_stats_table';
-
-export function registerDataVisualizerUiActions(
-  uiActions: UiActionsSetup,
-  coreStart: CoreStart,
-  pluginStart: DataVisualizerStartDependencies
-) {
-  const addFieldStatsAction = createAddFieldStatsTableAction(coreStart, pluginStart);
-  uiActions.addTriggerAction('ADD_PANEL_TRIGGER', addFieldStatsAction);
-}
diff --git a/x-pack/plugins/data_visualizer/public/application/index_data_visualizer/utils/get_reason_fieldstats_unavailable_for_esql_query.ts b/x-pack/plugins/data_visualizer/public/application/index_data_visualizer/utils/get_reason_fieldstats_unavailable_for_esql_query.ts
new file mode 100644
index 0000000000000..f6a9996aed42e
--- /dev/null
+++ b/x-pack/plugins/data_visualizer/public/application/index_data_visualizer/utils/get_reason_fieldstats_unavailable_for_esql_query.ts
@@ -0,0 +1,22 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { AggregateQuery } from '@kbn/es-query';
+
+import type { Query } from '@kbn/es-query';
+import { queryCannotBeSampled } from '@kbn/esql-utils';
+import { i18n } from '@kbn/i18n';
+
+export const getReasonIfFieldStatsUnavailableForQuery = (
+  query?: AggregateQuery | Query | { [key: string]: any }
+): string | undefined => {
+  if (queryCannotBeSampled(query)) {
+    return i18n.translate('xpack.dataVisualizer.fieldStats.unavailableForESQLQueryDescription', {
+      defaultMessage: `Field statistics are not available for ES|QL queries with 'MATCH' or 'QSTR' functions.`,
+    });
+  }
+};
diff --git a/x-pack/plugins/data_visualizer/public/plugin.ts b/x-pack/plugins/data_visualizer/public/plugin.ts
index deaf4bdc99678..282ec23e3c303 100644
--- a/x-pack/plugins/data_visualizer/public/plugin.ts
+++ b/x-pack/plugins/data_visualizer/public/plugin.ts
@@ -21,7 +21,6 @@ import type {
   DataVisualizerStartDependencies,
 } from './application/common/types/data_visualizer_plugin';
 import { registerEmbeddables } from './application/index_data_visualizer/embeddables/field_stats';
-import { registerDataVisualizerUiActions } from './application/index_data_visualizer/ui_actions';
 export type DataVisualizerPluginSetup = ReturnType<DataVisualizerPlugin['setup']>;
 export type DataVisualizerPluginStart = ReturnType<DataVisualizerPlugin['start']>;
 
@@ -57,12 +56,6 @@ export class DataVisualizerPlugin
       registerEmbeddables(plugins.embeddable, core);
     }
 
-    const [coreStart, pluginStart] = await core.getStartServices();
-
-    if (plugins.uiActions) {
-      registerDataVisualizerUiActions(plugins.uiActions, coreStart, pluginStart);
-    }
-
     if (plugins.home) {
       registerHomeAddData(plugins.home, this.resultsLinks);
       registerHomeFeatureCatalogue(plugins.home);
@@ -84,6 +77,12 @@ export class DataVisualizerPlugin
       getIndexDataVisualizerComponent,
       getDataDriftComponent,
       getMaxBytesFormatted,
+      FieldStatsUnavailableMessage: dynamic(
+        async () =>
+          import(
+            './application/index_data_visualizer/embeddables/grid_embeddable/embeddable_error_msg'
+          )
+      ),
       FieldStatisticsTable: dynamic(
         async () =>
           import(
diff --git a/x-pack/plugins/data_visualizer/server/routes.ts b/x-pack/plugins/data_visualizer/server/routes.ts
index 8bede873dc7d9..9d213182ad049 100644
--- a/x-pack/plugins/data_visualizer/server/routes.ts
+++ b/x-pack/plugins/data_visualizer/server/routes.ts
@@ -25,8 +25,10 @@ export function routes(coreSetup: CoreSetup<StartDeps, unknown>, logger: Logger)
     .post({
       path: '/internal/data_visualizer/test_grok_pattern',
       access: 'internal',
-      options: {
-        tags: ['access:fileUpload:analyzeFile'],
+      security: {
+        authz: {
+          requiredPrivileges: ['fileUpload:analyzeFile'],
+        },
       },
     })
     .addVersion(
@@ -78,8 +80,10 @@ export function routes(coreSetup: CoreSetup<StartDeps, unknown>, logger: Logger)
     .get({
       path: '/internal/data_visualizer/inference_endpoints',
       access: 'internal',
-      options: {
-        tags: ['access:fileUpload:analyzeFile'],
+      security: {
+        authz: {
+          requiredPrivileges: ['fileUpload:analyzeFile'],
+        },
       },
     })
     .addVersion(
diff --git a/x-pack/plugins/data_visualizer/tsconfig.json b/x-pack/plugins/data_visualizer/tsconfig.json
index 7df4f57dc987b..970526cdf464e 100644
--- a/x-pack/plugins/data_visualizer/tsconfig.json
+++ b/x-pack/plugins/data_visualizer/tsconfig.json
@@ -86,7 +86,6 @@
     "@kbn/core-lifecycle-browser",
     "@kbn/presentation-containers",
     "@kbn/react-kibana-mount",
-    "@kbn/visualizations-plugin",
     "@kbn/core-ui-settings-browser"
   ],
   "exclude": [
diff --git a/x-pack/plugins/elastic_assistant/server/__mocks__/msearch_query.ts b/x-pack/plugins/elastic_assistant/server/__mocks__/msearch_query.ts
deleted file mode 100644
index ae5adcfab61aa..0000000000000
--- a/x-pack/plugins/elastic_assistant/server/__mocks__/msearch_query.ts
+++ /dev/null
@@ -1,71 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import type { MsearchQueryBody } from '../lib/langchain/elasticsearch_store/helpers/get_msearch_query_body';
-
-/**
- * This mock Elasticsearch msearch request body contains two queries:
- * - The first query is a similarity (vector) search
- * - The second query is a required KB document (terms) search
- */
-export const mSearchQueryBody: MsearchQueryBody = {
-  body: [
-    {
-      index: '.kibana-elastic-ai-assistant-kb',
-    },
-    {
-      query: {
-        bool: {
-          must_not: [
-            {
-              term: {
-                'metadata.kbResource': 'esql',
-              },
-            },
-            {
-              term: {
-                'metadata.required': true,
-              },
-            },
-          ],
-          must: [
-            {
-              semantic: {
-                field: 'semantic_text',
-                query:
-                  'Generate an ESQL query that will count the number of connections made to external IP addresses, broken down by user. If the count is greater than 100 for a specific user, add a new field called "follow_up" that contains a value of "true", otherwise, it should contain "false". The user names should also be enriched with their respective group names.',
-              },
-            },
-          ],
-        },
-      },
-      size: 1,
-    },
-    {
-      index: '.kibana-elastic-ai-assistant-kb',
-    },
-    {
-      query: {
-        bool: {
-          must: [
-            {
-              term: {
-                'metadata.kbResource': 'esql',
-              },
-            },
-            {
-              term: {
-                'metadata.required': true,
-              },
-            },
-          ],
-        },
-      },
-      size: 1,
-    },
-  ],
-};
diff --git a/x-pack/plugins/elastic_assistant/server/__mocks__/msearch_response.ts b/x-pack/plugins/elastic_assistant/server/__mocks__/msearch_response.ts
deleted file mode 100644
index 63439d5c07700..0000000000000
--- a/x-pack/plugins/elastic_assistant/server/__mocks__/msearch_response.ts
+++ /dev/null
@@ -1,101 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import type { MsearchResponse } from '@elastic/elasticsearch/lib/api/types';
-
-/**
- * This mock response from an Elasticsearch msearch contains two hits, where
- * the first hit is from a similarity (vector) search, and the second hit is a
- * required KB document (terms) search.
- */
-export const mockMsearchResponse: MsearchResponse = {
-  took: 142,
-  responses: [
-    {
-      took: 142,
-      timed_out: false,
-      _shards: {
-        total: 1,
-        successful: 1,
-        skipped: 0,
-        failed: 0,
-      },
-      hits: {
-        total: {
-          value: 129,
-          relation: 'eq',
-        },
-        max_score: 21.658352,
-        hits: [
-          {
-            _index: '.kibana-elastic-ai-assistant-kb',
-            _id: 'fa1c8ba1-25c9-4404-9736-09b7eb7124f8',
-            _score: 21.658352,
-            _ignored: ['text.keyword'],
-            _source: {
-              metadata: {
-                source:
-                  '/Users/andrew.goldstein/Projects/forks/andrew-goldstein/kibana/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/source_commands/from.asciidoc',
-              },
-              vector: {
-                tokens: {
-                  wild: 1.2001507,
-                  // truncated for mock
-                },
-                model_id: '.elser_model_2',
-              },
-              text: "[[esql-from]]\n=== `FROM`\n\nThe `FROM` source command returns a table with up to 10,000 documents from a\ndata stream, index, or alias. Each row in the resulting table represents a\ndocument. Each column corresponds to a field, and can be accessed by the name\nof that field.\n\n[source,esql]\n----\nFROM employees\n----\n\nYou can use <<api-date-math-index-names,date math>> to refer to indices, aliases\nand data streams. This can be useful for time series data, for example to access\ntoday's index:\n\n[source,esql]\n----\nFROM <logs-{now/d}>\n----\n\nUse comma-separated lists or wildcards to query multiple data streams, indices,\nor aliases:\n\n[source,esql]\n----\nFROM employees-00001,employees-*\n----\n",
-            },
-          },
-        ],
-      },
-      status: 200,
-    },
-    {
-      took: 3,
-      timed_out: false,
-      _shards: {
-        total: 1,
-        successful: 1,
-        skipped: 0,
-        failed: 0,
-      },
-      hits: {
-        total: {
-          value: 14,
-          relation: 'eq',
-        },
-        max_score: 0.034783483,
-        hits: [
-          {
-            _index: '.kibana-elastic-ai-assistant-kb',
-            _id: '280d4882-0f64-4471-a268-669a3f8c958f',
-            _score: 0.034783483,
-            _ignored: ['text.keyword'],
-            _source: {
-              metadata: {
-                source:
-                  '/Users/andrew.goldstein/Projects/forks/andrew-goldstein/kibana/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/example_queries/esql_example_query_0001.asciidoc',
-                required: true,
-                kbResource: 'esql',
-              },
-              vector: {
-                tokens: {
-                  user: 1.1084619,
-                  // truncated for mock
-                },
-                model_id: '.elser_model_2',
-              },
-              text: '[[esql-example-queries]]\n\nThe following is an example an ES|QL query:\n\n```\nFROM logs-*\n| WHERE NOT CIDR_MATCH(destination.ip, "10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16")\n| STATS destcount = COUNT(destination.ip) by user.name, host.name\n| ENRICH ldap_lookup_new ON user.name\n| WHERE group.name IS NOT NULL\n| EVAL follow_up = CASE(\n    destcount >= 100, "true",\n     "false")\n| SORT destcount desc\n| KEEP destcount, host.name, user.name, group.name, follow_up\n```\n',
-            },
-          },
-        ],
-      },
-      status: 200,
-    },
-  ],
-};
diff --git a/x-pack/plugins/elastic_assistant/server/__mocks__/raw_attack_discoveries.ts b/x-pack/plugins/elastic_assistant/server/__mocks__/raw_attack_discoveries.ts
index 1c43f112da2bb..3c2df8aa1ab45 100644
--- a/x-pack/plugins/elastic_assistant/server/__mocks__/raw_attack_discoveries.ts
+++ b/x-pack/plugins/elastic_assistant/server/__mocks__/raw_attack_discoveries.ts
@@ -5,20 +5,102 @@
  * 2.0.
  */
 
+import type { AttackDiscovery } from '@kbn/elastic-assistant-common';
+
 /**
  * A mock response from invoking the `attack-discovery` tool.
  * This is a JSON string that represents the response from the tool
  */
 export const getRawAttackDiscoveriesMock = () =>
-  '{\n  "alertsContextCount": 20,\n  "attackDiscoveries": [\n    {\n      "alertIds": [\n        "9bb601522d0c0b83783488a27a3ede5bd6a788f4f1ceef07cc8f12ac55f27563",\n        "b9d6df8ab34e36c6868c097ff28dd01075df85a5ac1f084ef569ee8c6a4cf660",\n        "014b433c3436ef5325cadacc35b6cb2ba8932a9c2ea0ba26d899f95c6fb61395",\n        "28017987e64abb6ac486f1410f977d97ebd3a7172189cfdf943a48a59b968066"\n      ],\n      "detailsMarkdown": "- {{ host.name cb186c4a-3d70-4878-8ffe-18d84b5df86f }} (macOS {{ host.os.version 13.4 }}) executed a suspicious process {{ process.name unix1 }} with command line {{ process.command_line /Users/james/unix1 /Users/james/library/Keychains/login.keychain-db TempTemp1234!! }}\\\\n- The process was spawned by another suspicious process {{ process.parent.name My Go Application.app }} with command line {{ process.parent.command_line /private/var/folders/_b/rmcpc65j6nv11ygrs50ctcjr0000gn/T/AppTranslocation/6D63F08A-011C-4511-8556-EAEF9AFD6340/d/Setup.app/Contents/MacOS/My Go Application.app }}\\\\n- The parent process was launched by the system process {{ process.parent.parent.name launchd }}\\\\n- Both the child and parent processes had untrusted code signatures\\\\n- The child process attempted to access the user\'s login keychain, potentially indicating credential theft",\n      "entitySummaryMarkdown": "Suspicious activity on {{ host.name cb186c4a-3d70-4878-8ffe-18d84b5df86f }} by {{ user.name 3c8c81bd-0e52-4ce7-a836-48e718dfb6e4 }}",\n      "mitreAttackTactics": [\n        "Credential Access",\n        "Defense Evasion",\n        "Execution"\n      ],\n      "summaryMarkdown": "Suspicious activity detected on a macOS host involving a potentially malicious process attempting to access user credentials. The process was spawned by another untrusted process launched by the system, indicating a multi-stage attack potentially involving credential theft and defense evasion techniques.",\n      "title": "Potential Credential Theft on macOS Host"\n    },\n    {\n      "alertIds": [\n        "64bcd8a322e6e6aebaee252982d0249cc96bdd75023ea05f58c228a7417c0dfc"\n      ],\n      "detailsMarkdown": "- {{ host.name cb186c4a-3d70-4878-8ffe-18d84b5df86f }} (macOS {{ host.os.version 13.4 }}) executed the system utility {{ process.name osascript }} with command line {{ process.command_line osascript -e display dialog \\"MacOS wants to access System Preferences\\\\n\\\\t\\\\t\\\\nPlease enter your password.\\" with title \\"System Preferences\\" with icon file \\"System:Library:CoreServices:CoreTypes.bundle:Contents:Resources:ToolbarAdvanced.icns\\" default answer \\"\\" giving up after 30 with hidden answer ¬ }}\\\\n- This appears to be an attempt to phish for user credentials by displaying a fake system dialog\\\\n- The osascript process was spawned by the suspicious process {{ process.parent.name My Go Application.app }} with untrusted code signature",\n      "entitySummaryMarkdown": "Potential credential phishing attempt on {{ host.name cb186c4a-3d70-4878-8ffe-18d84b5df86f }} targeting {{ user.name 3c8c81bd-0e52-4ce7-a836-48e718dfb6e4 }}",\n      "mitreAttackTactics": [\n        "Credential Access",\n        "Initial Access",\n        "Execution"\n      ],\n      "summaryMarkdown": "A credential phishing attempt was detected on a macOS host, likely initiated by a malicious process. The attack used osascript to display a fake system dialog prompting the user to enter their password.",\n      "title": "Credential Phishing Attempt on macOS"\n    },\n    {\n      "alertIds": [\n        "245b60b908ddd84cad06671e273aa7be50699abd27e59423be4415f38c4aeb99",\n        "616ac711e967e07a9b725e66aa93321eabf29e4b51f9598a4a11f21ab7ed0f12",\n        "035c0295b1c64fd2ebba1b751a3565fd6759942247e9df6e1496c5e332d51840"\n      ],\n      "detailsMarkdown": "- {{ host.name cb186c4a-3d70-4878-8ffe-18d84b5df86f }} (macOS {{ host.os.version 13.4 }}) executed a suspicious process {{ process.name My Go Application.app }} with command line {{ process.command_line xpcproxy application.Appify by Machine Box.My Go Application.20.23 }}\\\\n- This process had an untrusted code signature and was launched by the system process {{ process.parent.name launchd }}\\\\n- It appears to have spawned the process {{ process.name unix1 }} in an attempt to obfuscate its activities\\\\n- The unix1 process attempted to make itself executable by running {{ process.name chmod }} with arguments {{ process.command_line chmod 777 /Users/james/unix1 }}",\n      "entitySummaryMarkdown": "Suspicious activity involving process obfuscation on {{ host.name cb186c4a-3d70-4878-8ffe-18d84b5df86f }} by {{ user.name fec12d87-2476-4b82-a50d-0829f3815a42 }}",\n      "mitreAttackTactics": [\n        "Defense Evasion",\n        "Execution"\n      ],\n      "summaryMarkdown": "A suspicious process was detected on a macOS host that appeared to be attempting to obfuscate its activities by spawning other processes and making them executable. The initial process had an untrusted code signature, indicating potentially malicious intent.",\n      "title": "Process Obfuscation on macOS Host"\n    },\n    {\n      "alertIds": [\n        "54901fb5b0ed88f0c8d737613868a3d62ebc541d31b757349bbe7999d868ce48"\n      ],\n      "detailsMarkdown": "- {{ host.name 23166d28-d6da-4801-b701-d21ce1a489e5 }} (Windows {{ host.os.version 21H2 (10.0.20348.1607) }}) created a suspicious script file {{ file.path C:\\\\ProgramData\\\\WindowsAppPool\\\\AppPool.vbs }}\\\\n- The file was created by a Microsoft Word process ({{ process.name WINWORD.EXE }}) with trusted code signature\\\\n- This may indicate an attempt to establish persistence or command-and-control through scripting",\n      "entitySummaryMarkdown": "Suspicious script file created on {{ host.name 23166d28-d6da-4801-b701-d21ce1a489e5 }} by {{ user.name 45bec1b8-eb98-4ddc-aafb-e3f7e02236dc }}",\n      "mitreAttackTactics": [\n        "Command and Control",\n        "Execution"\n      ],\n      "summaryMarkdown": "A suspicious VBScript file was created on a Windows host, potentially by an compromised Microsoft Word process. This may be an attempt to establish persistence or command-and-control capabilities through scripting.",\n      "title": "Suspicious Script File Creation on Windows"\n    },\n    {\n      "alertIds": [\n        "7fe0025f2d2b0d32f04b0e533466666967a21a98adae7499cb05add3355b48fc",\n        "3875cbad10604636b892d15f7ff753a02a37d3e4bbe91a39a0fcf72f89101e31",\n        "bb2767ebef06a5dc2511e2b865f5ed012dfdf20081bc33cab5c9f20b99e01d8f",\n        "76d99c72442819a019dfbf3936cda9a6c5713d84a9ae685b2c4e0bb55e5b9862",\n        "0f985965cb3d3b14007873290b9fc8f26f1b6ca0945499dfb693787ea6569265"\n      ],\n      "detailsMarkdown": "- {{ host.name 9a0ea998-7ce5-4dbb-a690-9856eca617ac }} (Windows {{ host.os.version 21H2 (10.0.20348.1607) }}) executed a suspicious PowerShell script {{ process.command_line \\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\\" -exec bypass -file C:\\\\ProgramData\\\\WindowsAppPool\\\\AppPool.ps1 }}\\\\n- The script was launched by the wscript process, which was spawned by a Microsoft Word process ({{ process.parent.name WINWORD.EXE }})\\\\n- The Word process also created a scheduled task to periodically execute the script\\\\n- The PowerShell script appears to be obfuscated, potentially to hide malicious activities\\\\n- This chain of events indicates a multi-stage attack potentially initiated by a malicious Office document",\n      "entitySummaryMarkdown": "Suspicious PowerShell activity on {{ host.name 9a0ea998-7ce5-4dbb-a690-9856eca617ac }} by {{ user.name 45bec1b8-eb98-4ddc-aafb-e3f7e02236dc }}",\n      "mitreAttackTactics": [\n        "Initial Access",\n        "Execution",\n        "Defense Evasion"\n      ],\n      "summaryMarkdown": "A multi-stage attack was detected on a Windows host, potentially initiated by a malicious Microsoft Office document. The attack involved creating a scheduled task to execute an obfuscated PowerShell script, likely to hide malicious activities. This indicates techniques for initial access, execution, and defense evasion.",\n      "title": "Multi-Stage Attack on Windows Host"\n    },\n    {\n      "alertIds": [\n        "a0c49fb228eca1685bd41df0ab66ca1977140de7916663e7a0918087220dd402",\n        "a252ca3096831e3eeab07ab70e9269f98b5a66617b44d709425898813326ca63",\n        "0ff7d411ca25a5b851e43562c9c660062624498f908ff4b63590d4b5304682af",\n        "4d612c721e432598a5b7ea7bbeb2aaa2944c0a35e263d9984297b5416530c88f"\n      ],\n      "detailsMarkdown": "- {{ host.name 634eb7d8-0ce0-4591-b5f5-fb65803b89d8 }} (Windows {{ host.os.version 21H2 (10.0.20348.1607) }}) executed a suspicious PowerShell script {{ process.command_line \\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\\" -ep bypass -file \\"C:\\\\Users\\\\ADMINI~1\\\\AppData\\\\Local\\\\Temp\\\\2\\\\Package Installation Dir\\\\chch.ps1\\" }}\\\\n- The script was launched by the msiexec.exe process, which may indicate an attempt to use a trusted Windows utility for defense evasion\\\\n- Elastic Endpoint detected the Bb malware family in the PowerShell process memory\\\\n- The PowerShell process also made network connections, potentially for command-and-control or data exfiltration",\n      "entitySummaryMarkdown": "Malware detected on {{ host.name 634eb7d8-0ce0-4591-b5f5-fb65803b89d8 }} targeting {{ user.name 45bec1b8-eb98-4ddc-aafb-e3f7e02236dc }}",\n      "mitreAttackTactics": [\n        "Defense Evasion",\n        "Execution"\n      ],\n      "summaryMarkdown": "The B malware was detected on a Windows host, executed through a PowerShell script launched by the msiexec.exe process. This appears to be an attempt to use a trusted Windows utility for defense evasion. The malware process also made network connections, potentially for command-and-control or data exfiltration.",\n      "title": "Bb Malware Execution on Windows"\n    },\n    {\n      "alertIds": [\n        "764c0944288db1704f7a0fff2db7fe19e8285fa4272dec828ae4186ba0dfd3b3",\n        "85672064aeb762a1121139a6d98fd3c5f6be8f18b49e4504c3f5e5a36679afe7"\n      ],\n      "detailsMarkdown": "- {{ host.name d813c7ba-6141-4292-8f40-c800c27645a4 }} (Linux {{ host.os.version 22.04.1 }}) executed a suspicious process {{ process.command_line sh -c /bin/rm -f /dev/shm/kdmtmpflush;/bin/cp ./74ef6cc38f5a1a80148752b63c117e6846984debd2af806c65887195a8eccc56 /dev/shm/kdmtmpflush && /bin/chmod 755 /dev/shm/kdmtmpflush && /dev/shm/kdmtmpflush --init && /bin/rm -f /dev/shm/kdmtmpflush }}\\\\n- This copied a file with SHA256 hash {{ file.hash.sha256 74ef6cc38f5a1a80148752b63c117e6846984debd2af806c65887195a8eccc56 }} to /dev/shm/kdmtmpflush, made it executable, and executed it\\\\n- Elastic Endpoint detected the Door malware family associated with this file",\n      "entitySummaryMarkdown": "Malware executed on {{ host.name d813c7ba-6141-4292-8f40-c800c27645a4 }} by {{ user.name fec12d87-2476-4b82-a50d-0829f3815a42 }}",\n      "mitreAttackTactics": [\n        "Execution"\n      ],\n      "summaryMarkdown": "The Door malware was executed on a Linux host by copying an untrusted file to a temporary path, making it executable, and running it. This indicates malicious code execution on the compromised system.",\n      "title": "Door Malware Execution on Linux"\n    }\n  ]\n}';
+  '{\n  "insights": [\n    {\n      "alertIds": [\n        "cced5cec88026ccb68fc0c01c096d6330873ee80838fa367a24c5cd04b679df1",\n        "40a4242b163d2552ad24c208dc7ab754f3b2c9cd76fb961ea72391cb5f654580",\n        "42ac2ecf60173edff8ef10b32c3b706b866845e75e5107870d7f43f681c819dc",\n        "bd8204c37db970bf86c2713325652710d8e5ac2cd43a0f0f2234a65e8e5a0157",\n        "b7a073c94cccde9fc4164a1f5aba5169b3ef5e349797326f8b166314c8cdb60d"\n      ],\n      "detailsMarkdown": "- {{ user.name 1ee7566b-9b26-4f3e-8d2f-0eaafc40cd5d }} executed a suspicious process {{ process.name unix1 }} on {{ host.name 3abc855f-65b6-49b0-ac2f-123e34355b83 }}. The process was located at {{ file.path /Users/james/unix1 }} and had a hash of {{ file.hash.sha256 0b18d6880dc9670ab2b955914598c96fc3d0097dc40ea61157b8c79e75edf231 }}.\\n- The process {{ process.name unix1 }} attempted to access sensitive files such as {{ process.args /Users/james/library/Keychains/login.keychain-db }}.\\n- The process {{ process.name unix1 }} was executed with the command line {{ process.command_line /Users/james/unix1 /Users/james/library/Keychains/login.keychain-db TempTemp1234!! }}.\\n- The process {{ process.name unix1 }} was not trusted as indicated by the code signature status {{ process.code_signature.status code failed to satisfy specified code requirement(s) }}.\\n- Another process {{ process.name My Go Application.app }} was also detected on the same host, indicating potential lateral movement or additional malicious activity.",\n      "entitySummaryMarkdown": "{{ host.name 3abc855f-65b6-49b0-ac2f-123e34355b83 }} and {{ user.name 1ee7566b-9b26-4f3e-8d2f-0eaafc40cd5d }} were involved in the suspicious activity.",\n      "mitreAttackTactics": [\n        "Execution",\n        "Credential Access",\n        "Persistence"\n      ],\n      "summaryMarkdown": "A critical malware detection alert was triggered on {{ host.name 3abc855f-65b6-49b0-ac2f-123e34355b83 }} involving the user {{ user.name 1ee7566b-9b26-4f3e-8d2f-0eaafc40cd5d }}. The process {{ process.name unix1 }} was executed with suspicious arguments and attempted to access sensitive files.",\n      "title": "Critical Malware Detection on macOS Host"\n    },\n    {\n      "alertIds": [\n        "1b9c52673b184e6b9bd29b3378f90ec5e7b917c17018ce2d40188a065f145087",\n        "881c8cd24296c3efc066f894b2f60e28c86b6398e8d81fcdb0a21e2d4e6f37fb",\n        "6ae56534e1246b42afbb0658586bfe03717ee9853cc80d462b9f0aceb44194d3",\n        "94dda5ac846d122cf2e582ade68123f036b1b78c63752a30bcf8acdbbbba83ce",\n        "250f7967181328c67d1de251c606fd4a791fd81964f431e3d7d76149f531be00"\n      ],\n      "detailsMarkdown": "- {{ user.name 37764a98-eeb5-459f-ab04-f8b70e8239cb }} executed a suspicious PowerShell script via Microsoft Office on {{ host.name 5e15d911-50a1-486a-a520-baa449451358 }}. The script was located at {{ file.path C:\\\\ProgramData\\\\WindowsAppPool\\\\AppPool.ps1 }}.\\n- The process {{ process.name powershell.exe }} was executed with the command line {{ process.command_line \\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\\" -exec bypass -file C:\\\\ProgramData\\\\WindowsAppPool\\\\AppPool.ps1 }}.\\n- The parent process {{ process.parent.name wscript.exe }} was executed by {{ process.parent.command_line wscript C:\\\\ProgramData\\\\WindowsAppPool\\\\AppPool.vbs }}.\\n- The process {{ process.name powershell.exe }} was not trusted as indicated by the code signature status {{ process.code_signature.status trusted }}.\\n- The process {{ process.name powershell.exe }} was detected with a high integrity level, indicating potential privilege escalation.",\n      "entitySummaryMarkdown": "{{ host.name 5e15d911-50a1-486a-a520-baa449451358 }} and {{ user.name 37764a98-eeb5-459f-ab04-f8b70e8239cb }} were involved in the suspicious activity.",\n      "mitreAttackTactics": [\n        "Initial Access",\n        "Execution",\n        "Persistence"\n      ],\n      "summaryMarkdown": "A critical malicious behavior detection alert was triggered on {{ host.name 5e15d911-50a1-486a-a520-baa449451358 }} involving the user {{ user.name 37764a98-eeb5-459f-ab04-f8b70e8239cb }}. The process {{ process.name powershell.exe }} was executed with suspicious arguments and attempted to execute a PowerShell script.",\n      "title": "Suspicious PowerShell Execution via Microsoft Office"\n    },\n    {\n      "alertIds": [\n        "6cbbf7fb63ffed6e091ae21866043df699c839603ec573d3173b36e2d0e66ea3",\n        "e7b6f978336961522b0753ffe79cc4a2aa6e2c08c491657ade3eccdb58033852",\n        "d3ef244bda90960c091f516874a87b9cf01d206844c2e6ba324e3034472787f5"\n      ],\n      "detailsMarkdown": "- {{ user.name 37764a98-eeb5-459f-ab04-f8b70e8239cb }} executed a suspicious PowerShell script via MsiExec on {{ host.name 2068fbbd-341a-477a-b06c-7097ddecd024 }}. The script was located at {{ file.path C:\\\\Users\\\\ADMINI~1\\\\AppData\\\\Local\\\\Temp\\\\2\\\\Package Installation Dir\\\\chch.ps1 }}.\\n- The process {{ process.name powershell.exe }} was executed with the command line {{ process.command_line \\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\\" -ep bypass -file \\"C:\\\\Users\\\\ADMINI~1\\\\AppData\\\\Local\\\\Temp\\\\2\\\\Package Installation Dir\\\\chch.ps1\\" }}.\\n- The parent process {{ process.parent.name msiexec.exe }} was executed by {{ process.parent.command_line C:\\\\Windows\\\\system32\\\\msiexec.exe /V }}.\\n- The process {{ process.name powershell.exe }} was not trusted as indicated by the code signature status {{ process.code_signature.status trusted }}.\\n- The process {{ process.name powershell.exe }} was detected with a high integrity level, indicating potential privilege escalation.",\n      "entitySummaryMarkdown": "{{ host.name 2068fbbd-341a-477a-b06c-7097ddecd024 }} and {{ user.name 37764a98-eeb5-459f-ab04-f8b70e8239cb }} were involved in the suspicious activity.",\n      "mitreAttackTactics": [\n        "Defense Evasion",\n        "Execution"\n      ],\n      "summaryMarkdown": "A critical malicious behavior detection alert was triggered on {{ host.name 2068fbbd-341a-477a-b06c-7097ddecd024 }} involving the user {{ user.name 37764a98-eeb5-459f-ab04-f8b70e8239cb }}. The process {{ process.name powershell.exe }} was executed with suspicious arguments and attempted to execute a PowerShell script.",\n      "title": "Suspicious PowerShell Execution via MsiExec"\n    },\n    {\n      "alertIds": [\n        "8b1ccd0bfb927caeb5f9818098eebde9a091b99334c84bfffd36aa83db8b36ee",\n        "0ae1370d0c08d651a05421009ed8358d9037f3d6af0cf5f3417979489ca80f12",\n        "bed4a026232fb8e67f248771a99af722116556ace7ef9aaddefc082da4209c61",\n        "d28f2c32ae8e6bc33edfe51ace4621c0e7b826c087386c46ce9138be92baf3f9"\n      ],\n      "detailsMarkdown": "- {{ user.name 00468e82-e37f-4224-80c1-c62e594c74b1 }} executed a suspicious process {{ process.name unzip }} on {{ host.name b557bb12-8206-44b6-b2a5-dbcce5b1e65e }}. The process was located at {{ file.path /home/ubuntu/74ef6cc38f5a1a80148752b63c117e6846984debd2af806c65887195a8eccc56 }} and had a hash of {{ file.hash.sha256 74ef6cc38f5a1a80148752b63c117e6846984debd2af806c65887195a8eccc56 }}.\\n- The process {{ process.name unzip }} was executed with the command line {{ process.command_line unzip 9415656314.zip }}.\\n- The process {{ process.name unzip }} was detected with a high integrity level, indicating potential privilege escalation.\\n- Another process {{ process.name kdmtmpflush }} was also detected on the same host, indicating potential lateral movement or additional malicious activity.",\n      "entitySummaryMarkdown": "{{ host.name b557bb12-8206-44b6-b2a5-dbcce5b1e65e }} and {{ user.name 00468e82-e37f-4224-80c1-c62e594c74b1 }} were involved in the suspicious activity.",\n      "mitreAttackTactics": [\n        "Execution",\n        "Persistence"\n      ],\n      "summaryMarkdown": "A critical malware detection alert was triggered on {{ host.name b557bb12-8206-44b6-b2a5-dbcce5b1e65e }} involving the user {{ user.name 00468e82-e37f-4224-80c1-c62e594c74b1 }}. The process {{ process.name unzip }} was executed with suspicious arguments and attempted to extract a potentially malicious file.",\n      "title": "Suspicious File Extraction on Linux Host"\n    },\n    {\n      "alertIds": [\n        "15c3053659b3bccbcc2c75eb90963596bbba707496e6b8c4927b5dc3995e0e11",\n        "461fedbfddd0d8d42c11630d5cdb9a103fac05327dff5bcdbf51505f01ec39da",\n        "03ef2d6a825993d08f545cfa25e8dab765dd1f4688124e7d12d8d81a2f324464",\n        "bfd4f9a71c9ca6a8dc68a41ea96b5ca14380da9669fb62ccae06769ad931eef2"\n      ],\n      "detailsMarkdown": "- {{ user.name 37764a98-eeb5-459f-ab04-f8b70e8239cb }} executed a suspicious process {{ process.name MsMpEng.exe }} on {{ host.name b808feb3-7ab3-4006-9c67-3cf7aeffe572 }}. The process was located at {{ file.path C:\\\\Windows\\\\MsMpEng.exe }} and had a hash of {{ file.hash.sha256 33bc14d231a4afaa18f06513766d5f69d8b88f1e697cd127d24fb4b72ad44c7a }}.\\n- The process {{ process.name MsMpEng.exe }} was executed with the command line {{ process.command_line \\"C:\\\\Windows\\\\MsMpEng.exe\\" }}.\\n- The parent process {{ process.parent.name d55f983c994caa160ec63a59f6b4250fe67fb3e8c43a388aec60a4a6978e9f1e.exe }} was executed by {{ process.parent.command_line \\"C:\\\\Users\\\\Administrator\\\\Desktop\\\\8813719803\\\\d55f983c994caa160ec63a59f6b4250fe67fb3e8c43a388aec60a4a6978e9f1e.exe\\" }}.\\n- The process {{ process.name MsMpEng.exe }} was not trusted as indicated by the code signature status {{ process.code_signature.status trusted }}.\\n- The process {{ process.name MsMpEng.exe }} was detected with a high integrity level, indicating potential privilege escalation.",\n      "entitySummaryMarkdown": "{{ host.name b808feb3-7ab3-4006-9c67-3cf7aeffe572 }} and {{ user.name 37764a98-eeb5-459f-ab04-f8b70e8239cb }} were involved in the suspicious activity.",\n      "mitreAttackTactics": [\n        "Execution",\n        "Persistence"\n      ],\n      "summaryMarkdown": "A critical malware detection alert was triggered on {{ host.name b808feb3-7ab3-4006-9c67-3cf7aeffe572 }} involving the user {{ user.name 37764a98-eeb5-459f-ab04-f8b70e8239cb }}. The process {{ process.name MsMpEng.exe }} was executed with suspicious arguments and attempted to execute a potentially malicious file.",\n      "title": "Suspicious Process Execution on Windows Host"\n    }\n  ]\n}';
 
-export const getRawAttackDiscoveriesReplacementsMock = () => ({
-  '3c8c81bd-0e52-4ce7-a836-48e718dfb6e4': 'james',
-  'cb186c4a-3d70-4878-8ffe-18d84b5df86f': 'SRVMAC08',
-  'fec12d87-2476-4b82-a50d-0829f3815a42': 'root',
-  '45bec1b8-eb98-4ddc-aafb-e3f7e02236dc': 'Administrator',
-  '23166d28-d6da-4801-b701-d21ce1a489e5': 'SRVWIN07-PRIV',
-  '9a0ea998-7ce5-4dbb-a690-9856eca617ac': 'SRVWIN07',
-  '634eb7d8-0ce0-4591-b5f5-fb65803b89d8': 'SRVWIN06',
-  'd813c7ba-6141-4292-8f40-c800c27645a4': 'SRVNIX05',
-});
+export const getParsedAttackDiscoveriesMock = (
+  attackDiscoveryTimestamp: string
+): AttackDiscovery[] => [
+  {
+    alertIds: [
+      'cced5cec88026ccb68fc0c01c096d6330873ee80838fa367a24c5cd04b679df1',
+      '40a4242b163d2552ad24c208dc7ab754f3b2c9cd76fb961ea72391cb5f654580',
+      '42ac2ecf60173edff8ef10b32c3b706b866845e75e5107870d7f43f681c819dc',
+      'bd8204c37db970bf86c2713325652710d8e5ac2cd43a0f0f2234a65e8e5a0157',
+      'b7a073c94cccde9fc4164a1f5aba5169b3ef5e349797326f8b166314c8cdb60d',
+    ],
+    detailsMarkdown:
+      '- {{ user.name 1ee7566b-9b26-4f3e-8d2f-0eaafc40cd5d }} executed a suspicious process {{ process.name unix1 }} on {{ host.name 3abc855f-65b6-49b0-ac2f-123e34355b83 }}. The process was located at {{ file.path /Users/james/unix1 }} and had a hash of {{ file.hash.sha256 0b18d6880dc9670ab2b955914598c96fc3d0097dc40ea61157b8c79e75edf231 }}.\n- The process {{ process.name unix1 }} attempted to access sensitive files such as {{ process.args /Users/james/library/Keychains/login.keychain-db }}.\n- The process {{ process.name unix1 }} was executed with the command line {{ process.command_line /Users/james/unix1 /Users/james/library/Keychains/login.keychain-db TempTemp1234!! }}.\n- The process {{ process.name unix1 }} was not trusted as indicated by the code signature status {{ process.code_signature.status code failed to satisfy specified code requirement(s) }}.\n- Another process {{ process.name My Go Application.app }} was also detected on the same host, indicating potential lateral movement or additional malicious activity.',
+    entitySummaryMarkdown:
+      '{{ host.name 3abc855f-65b6-49b0-ac2f-123e34355b83 }} and {{ user.name 1ee7566b-9b26-4f3e-8d2f-0eaafc40cd5d }} were involved in the suspicious activity.',
+    mitreAttackTactics: ['Execution', 'Credential Access', 'Persistence'],
+    summaryMarkdown:
+      'A critical malware detection alert was triggered on {{ host.name 3abc855f-65b6-49b0-ac2f-123e34355b83 }} involving the user {{ user.name 1ee7566b-9b26-4f3e-8d2f-0eaafc40cd5d }}. The process {{ process.name unix1 }} was executed with suspicious arguments and attempted to access sensitive files.',
+    title: 'Critical Malware Detection on macOS Host',
+    timestamp: attackDiscoveryTimestamp,
+  },
+  {
+    alertIds: [
+      '1b9c52673b184e6b9bd29b3378f90ec5e7b917c17018ce2d40188a065f145087',
+      '881c8cd24296c3efc066f894b2f60e28c86b6398e8d81fcdb0a21e2d4e6f37fb',
+      '6ae56534e1246b42afbb0658586bfe03717ee9853cc80d462b9f0aceb44194d3',
+      '94dda5ac846d122cf2e582ade68123f036b1b78c63752a30bcf8acdbbbba83ce',
+      '250f7967181328c67d1de251c606fd4a791fd81964f431e3d7d76149f531be00',
+    ],
+    detailsMarkdown:
+      '- {{ user.name 37764a98-eeb5-459f-ab04-f8b70e8239cb }} executed a suspicious PowerShell script via Microsoft Office on {{ host.name 5e15d911-50a1-486a-a520-baa449451358 }}. The script was located at {{ file.path C:\\ProgramData\\WindowsAppPool\\AppPool.ps1 }}.\n- The process {{ process.name powershell.exe }} was executed with the command line {{ process.command_line "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" -exec bypass -file C:\\ProgramData\\WindowsAppPool\\AppPool.ps1 }}.\n- The parent process {{ process.parent.name wscript.exe }} was executed by {{ process.parent.command_line wscript C:\\ProgramData\\WindowsAppPool\\AppPool.vbs }}.\n- The process {{ process.name powershell.exe }} was not trusted as indicated by the code signature status {{ process.code_signature.status trusted }}.\n- The process {{ process.name powershell.exe }} was detected with a high integrity level, indicating potential privilege escalation.',
+    entitySummaryMarkdown:
+      '{{ host.name 5e15d911-50a1-486a-a520-baa449451358 }} and {{ user.name 37764a98-eeb5-459f-ab04-f8b70e8239cb }} were involved in the suspicious activity.',
+    mitreAttackTactics: ['Initial Access', 'Execution', 'Persistence'],
+    summaryMarkdown:
+      'A critical malicious behavior detection alert was triggered on {{ host.name 5e15d911-50a1-486a-a520-baa449451358 }} involving the user {{ user.name 37764a98-eeb5-459f-ab04-f8b70e8239cb }}. The process {{ process.name powershell.exe }} was executed with suspicious arguments and attempted to execute a PowerShell script.',
+    title: 'Suspicious PowerShell Execution via Microsoft Office',
+    timestamp: attackDiscoveryTimestamp,
+  },
+  {
+    alertIds: [
+      '6cbbf7fb63ffed6e091ae21866043df699c839603ec573d3173b36e2d0e66ea3',
+      'e7b6f978336961522b0753ffe79cc4a2aa6e2c08c491657ade3eccdb58033852',
+      'd3ef244bda90960c091f516874a87b9cf01d206844c2e6ba324e3034472787f5',
+    ],
+    detailsMarkdown:
+      '- {{ user.name 37764a98-eeb5-459f-ab04-f8b70e8239cb }} executed a suspicious PowerShell script via MsiExec on {{ host.name 2068fbbd-341a-477a-b06c-7097ddecd024 }}. The script was located at {{ file.path C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\2\\Package Installation Dir\\chch.ps1 }}.\n- The process {{ process.name powershell.exe }} was executed with the command line {{ process.command_line "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" -ep bypass -file "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\2\\Package Installation Dir\\chch.ps1" }}.\n- The parent process {{ process.parent.name msiexec.exe }} was executed by {{ process.parent.command_line C:\\Windows\\system32\\msiexec.exe /V }}.\n- The process {{ process.name powershell.exe }} was not trusted as indicated by the code signature status {{ process.code_signature.status trusted }}.\n- The process {{ process.name powershell.exe }} was detected with a high integrity level, indicating potential privilege escalation.',
+    entitySummaryMarkdown:
+      '{{ host.name 2068fbbd-341a-477a-b06c-7097ddecd024 }} and {{ user.name 37764a98-eeb5-459f-ab04-f8b70e8239cb }} were involved in the suspicious activity.',
+    mitreAttackTactics: ['Defense Evasion', 'Execution'],
+    summaryMarkdown:
+      'A critical malicious behavior detection alert was triggered on {{ host.name 2068fbbd-341a-477a-b06c-7097ddecd024 }} involving the user {{ user.name 37764a98-eeb5-459f-ab04-f8b70e8239cb }}. The process {{ process.name powershell.exe }} was executed with suspicious arguments and attempted to execute a PowerShell script.',
+    title: 'Suspicious PowerShell Execution via MsiExec',
+    timestamp: attackDiscoveryTimestamp,
+  },
+  {
+    alertIds: [
+      '8b1ccd0bfb927caeb5f9818098eebde9a091b99334c84bfffd36aa83db8b36ee',
+      '0ae1370d0c08d651a05421009ed8358d9037f3d6af0cf5f3417979489ca80f12',
+      'bed4a026232fb8e67f248771a99af722116556ace7ef9aaddefc082da4209c61',
+      'd28f2c32ae8e6bc33edfe51ace4621c0e7b826c087386c46ce9138be92baf3f9',
+    ],
+    detailsMarkdown:
+      '- {{ user.name 00468e82-e37f-4224-80c1-c62e594c74b1 }} executed a suspicious process {{ process.name unzip }} on {{ host.name b557bb12-8206-44b6-b2a5-dbcce5b1e65e }}. The process was located at {{ file.path /home/ubuntu/74ef6cc38f5a1a80148752b63c117e6846984debd2af806c65887195a8eccc56 }} and had a hash of {{ file.hash.sha256 74ef6cc38f5a1a80148752b63c117e6846984debd2af806c65887195a8eccc56 }}.\n- The process {{ process.name unzip }} was executed with the command line {{ process.command_line unzip 9415656314.zip }}.\n- The process {{ process.name unzip }} was detected with a high integrity level, indicating potential privilege escalation.\n- Another process {{ process.name kdmtmpflush }} was also detected on the same host, indicating potential lateral movement or additional malicious activity.',
+    entitySummaryMarkdown:
+      '{{ host.name b557bb12-8206-44b6-b2a5-dbcce5b1e65e }} and {{ user.name 00468e82-e37f-4224-80c1-c62e594c74b1 }} were involved in the suspicious activity.',
+    mitreAttackTactics: ['Execution', 'Persistence'],
+    summaryMarkdown:
+      'A critical malware detection alert was triggered on {{ host.name b557bb12-8206-44b6-b2a5-dbcce5b1e65e }} involving the user {{ user.name 00468e82-e37f-4224-80c1-c62e594c74b1 }}. The process {{ process.name unzip }} was executed with suspicious arguments and attempted to extract a potentially malicious file.',
+    title: 'Suspicious File Extraction on Linux Host',
+    timestamp: attackDiscoveryTimestamp,
+  },
+  {
+    alertIds: [
+      '15c3053659b3bccbcc2c75eb90963596bbba707496e6b8c4927b5dc3995e0e11',
+      '461fedbfddd0d8d42c11630d5cdb9a103fac05327dff5bcdbf51505f01ec39da',
+      '03ef2d6a825993d08f545cfa25e8dab765dd1f4688124e7d12d8d81a2f324464',
+      'bfd4f9a71c9ca6a8dc68a41ea96b5ca14380da9669fb62ccae06769ad931eef2',
+    ],
+    detailsMarkdown:
+      '- {{ user.name 37764a98-eeb5-459f-ab04-f8b70e8239cb }} executed a suspicious process {{ process.name MsMpEng.exe }} on {{ host.name b808feb3-7ab3-4006-9c67-3cf7aeffe572 }}. The process was located at {{ file.path C:\\Windows\\MsMpEng.exe }} and had a hash of {{ file.hash.sha256 33bc14d231a4afaa18f06513766d5f69d8b88f1e697cd127d24fb4b72ad44c7a }}.\n- The process {{ process.name MsMpEng.exe }} was executed with the command line {{ process.command_line "C:\\Windows\\MsMpEng.exe" }}.\n- The parent process {{ process.parent.name d55f983c994caa160ec63a59f6b4250fe67fb3e8c43a388aec60a4a6978e9f1e.exe }} was executed by {{ process.parent.command_line "C:\\Users\\Administrator\\Desktop\\8813719803\\d55f983c994caa160ec63a59f6b4250fe67fb3e8c43a388aec60a4a6978e9f1e.exe" }}.\n- The process {{ process.name MsMpEng.exe }} was not trusted as indicated by the code signature status {{ process.code_signature.status trusted }}.\n- The process {{ process.name MsMpEng.exe }} was detected with a high integrity level, indicating potential privilege escalation.',
+    entitySummaryMarkdown:
+      '{{ host.name b808feb3-7ab3-4006-9c67-3cf7aeffe572 }} and {{ user.name 37764a98-eeb5-459f-ab04-f8b70e8239cb }} were involved in the suspicious activity.',
+    mitreAttackTactics: ['Execution', 'Persistence'],
+    summaryMarkdown:
+      'A critical malware detection alert was triggered on {{ host.name b808feb3-7ab3-4006-9c67-3cf7aeffe572 }} involving the user {{ user.name 37764a98-eeb5-459f-ab04-f8b70e8239cb }}. The process {{ process.name MsMpEng.exe }} was executed with suspicious arguments and attempted to execute a potentially malicious file.',
+    title: 'Suspicious Process Execution on Windows Host',
+    timestamp: attackDiscoveryTimestamp,
+  },
+];
diff --git a/x-pack/plugins/elastic_assistant/server/__mocks__/request.ts b/x-pack/plugins/elastic_assistant/server/__mocks__/request.ts
index f6f3007c8f948..698645e8d3c55 100644
--- a/x-pack/plugins/elastic_assistant/server/__mocks__/request.ts
+++ b/x-pack/plugins/elastic_assistant/server/__mocks__/request.ts
@@ -67,13 +67,6 @@ export const getPostKnowledgeBaseRequest = (resource?: string) =>
     query: { resource },
   });
 
-export const getDeleteKnowledgeBaseRequest = (resource?: string) =>
-  requestMock.create({
-    method: 'delete',
-    path: ELASTIC_AI_ASSISTANT_KNOWLEDGE_BASE_URL,
-    query: { resource },
-  });
-
 export const getGetCapabilitiesRequest = () =>
   requestMock.create({
     method: 'get',
diff --git a/x-pack/plugins/elastic_assistant/server/__mocks__/request_context.ts b/x-pack/plugins/elastic_assistant/server/__mocks__/request_context.ts
index d53ceaa586975..a065c7de42586 100644
--- a/x-pack/plugins/elastic_assistant/server/__mocks__/request_context.ts
+++ b/x-pack/plugins/elastic_assistant/server/__mocks__/request_context.ts
@@ -127,11 +127,11 @@ const createElasticAssistantRequestContextMock = (
       () => clients.elasticAssistant.getAIAssistantKnowledgeBaseDataClient
     ) as unknown as jest.MockInstance<
       Promise<AIAssistantKnowledgeBaseDataClient | null>,
-      [params: GetAIAssistantKnowledgeBaseDataClientParams],
+      [params?: GetAIAssistantKnowledgeBaseDataClientParams],
       unknown
     > &
       ((
-        params: GetAIAssistantKnowledgeBaseDataClientParams
+        params?: GetAIAssistantKnowledgeBaseDataClientParams
       ) => Promise<AIAssistantKnowledgeBaseDataClient | null>),
     getCurrentUser: jest.fn(),
     getServerBasePath: jest.fn(),
diff --git a/x-pack/plugins/elastic_assistant/server/__mocks__/terms.ts b/x-pack/plugins/elastic_assistant/server/__mocks__/terms.ts
deleted file mode 100644
index 0606c905d6df3..0000000000000
--- a/x-pack/plugins/elastic_assistant/server/__mocks__/terms.ts
+++ /dev/null
@@ -1,28 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import type { Field, FieldValue, QueryDslTermQuery } from '@elastic/elasticsearch/lib/api/types';
-
-/**
- * These (mock) terms may be used in multiple queries.
- *
- * For example, it may be be used in a vector search to exclude the required `esql` KB docs.
- *
- * It may also be used in a terms search to find all of the required `esql` KB docs.
- */
-export const mockTerms: Array<Partial<Record<Field, QueryDslTermQuery | FieldValue>>> = [
-  {
-    term: {
-      'metadata.kbResource': 'esql',
-    },
-  },
-  {
-    term: {
-      'metadata.required': true,
-    },
-  },
-];
diff --git a/x-pack/plugins/elastic_assistant/server/__mocks__/vector_search_query.ts b/x-pack/plugins/elastic_assistant/server/__mocks__/vector_search_query.ts
deleted file mode 100644
index 04263c5d242bb..0000000000000
--- a/x-pack/plugins/elastic_assistant/server/__mocks__/vector_search_query.ts
+++ /dev/null
@@ -1,37 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import type { QueryDslQueryContainer } from '@elastic/elasticsearch/lib/api/types';
-
-/**
- * A mock vector search query DSL
- */
-export const mockVectorSearchQuery: QueryDslQueryContainer = {
-  bool: {
-    must_not: [
-      {
-        term: {
-          'metadata.kbResource': 'esql',
-        },
-      },
-      {
-        term: {
-          'metadata.required': true,
-        },
-      },
-    ],
-    must: [
-      {
-        semantic: {
-          field: 'semantic_text',
-          query:
-            'Generate an ES|QL query that will count the number of connections made to external IP addresses, broken down by user. If the count is greater than 100 for a specific user, add a new field called "follow_up" that contains a value of "true", otherwise, it should contain "false". The user names should also be enriched with their respective group names.',
-        },
-      },
-    ],
-  },
-} as QueryDslQueryContainer;
diff --git a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/knowledge_base/create_knowledge_base_entry.ts b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/knowledge_base/create_knowledge_base_entry.ts
index 77a1e37df965f..8e1d749c7f78b 100644
--- a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/knowledge_base/create_knowledge_base_entry.ts
+++ b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/knowledge_base/create_knowledge_base_entry.ts
@@ -14,11 +14,9 @@ import {
 } from '@kbn/core/server';
 
 import {
-  DocumentEntryCreateFields,
   KnowledgeBaseEntryCreateProps,
   KnowledgeBaseEntryResponse,
   KnowledgeBaseEntryUpdateProps,
-  Metadata,
 } from '@kbn/elastic-assistant-common';
 import {
   CREATE_KNOWLEDGE_BASE_ENTRY_ERROR_EVENT,
@@ -33,9 +31,8 @@ export interface CreateKnowledgeBaseEntryParams {
   logger: Logger;
   spaceId: string;
   user: AuthenticatedUser;
-  knowledgeBaseEntry: KnowledgeBaseEntryCreateProps | LegacyKnowledgeBaseEntryCreateProps;
+  knowledgeBaseEntry: KnowledgeBaseEntryCreateProps;
   global?: boolean;
-  isV2?: boolean;
   telemetry: AnalyticsServiceSetup;
 }
 
@@ -47,25 +44,16 @@ export const createKnowledgeBaseEntry = async ({
   knowledgeBaseEntry,
   logger,
   global = false,
-  isV2 = false,
   telemetry,
 }: CreateKnowledgeBaseEntryParams): Promise<KnowledgeBaseEntryResponse | null> => {
   const createdAt = new Date().toISOString();
-  const body = isV2
-    ? transformToCreateSchema({
-        createdAt,
-        spaceId,
-        user,
-        entry: knowledgeBaseEntry as unknown as KnowledgeBaseEntryCreateProps,
-        global,
-      })
-    : transformToLegacyCreateSchema({
-        createdAt,
-        spaceId,
-        user,
-        entry: knowledgeBaseEntry as unknown as TransformToLegacyCreateSchemaProps['entry'],
-        global,
-      });
+  const body = transformToCreateSchema({
+    createdAt,
+    spaceId,
+    user,
+    entry: knowledgeBaseEntry as unknown as KnowledgeBaseEntryCreateProps,
+    global,
+  });
   const telemetryPayload = {
     entryType: body.type,
     required: body.required ?? false,
@@ -156,13 +144,7 @@ export const transformToUpdateSchema = ({
   };
 };
 
-export const getUpdateScript = ({
-  entry,
-  isPatch,
-}: {
-  entry: UpdateKnowledgeBaseEntrySchema;
-  isPatch?: boolean;
-}) => {
+export const getUpdateScript = ({ entry }: { entry: UpdateKnowledgeBaseEntrySchema }) => {
   // Cannot use script for updating documents with semantic_text fields
   return {
     doc: {
@@ -230,45 +212,3 @@ export const transformToCreateSchema = ({
     semantic_text: entry.text,
   };
 };
-
-export type LegacyKnowledgeBaseEntryCreateProps = Omit<
-  DocumentEntryCreateFields,
-  'kbResource' | 'source'
-> & {
-  metadata: Metadata;
-};
-
-interface TransformToLegacyCreateSchemaProps {
-  createdAt: string;
-  spaceId: string;
-  user: AuthenticatedUser;
-  entry: LegacyKnowledgeBaseEntryCreateProps;
-  global?: boolean;
-}
-
-export const transformToLegacyCreateSchema = ({
-  createdAt,
-  spaceId,
-  user,
-  entry,
-  global = false,
-}: TransformToLegacyCreateSchemaProps): CreateKnowledgeBaseEntrySchema => {
-  return {
-    '@timestamp': createdAt,
-    created_at: createdAt,
-    created_by: user.profile_uid ?? 'unknown',
-    updated_at: createdAt,
-    updated_by: user.profile_uid ?? 'unknown',
-    namespace: spaceId,
-    users: global
-      ? []
-      : [
-          {
-            id: user.profile_uid,
-            name: user.username,
-          },
-        ],
-    ...entry,
-    vector: undefined,
-  };
-};
diff --git a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/knowledge_base/field_maps_configuration.ts b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/knowledge_base/field_maps_configuration.ts
index 348efb5a18f7d..1a075202cf3cd 100644
--- a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/knowledge_base/field_maps_configuration.ts
+++ b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/knowledge_base/field_maps_configuration.ts
@@ -9,89 +9,6 @@ import { FieldMap } from '@kbn/data-stream-adapter';
 export const ASSISTANT_ELSER_INFERENCE_ID = 'elastic-security-ai-assistant-elser2';
 
 export const knowledgeBaseFieldMap: FieldMap = {
-  '@timestamp': {
-    type: 'date',
-    array: false,
-    required: false,
-  },
-  id: {
-    type: 'keyword',
-    array: false,
-    required: true,
-  },
-  created_at: {
-    type: 'date',
-    array: false,
-    required: false,
-  },
-  created_by: {
-    type: 'keyword',
-    array: false,
-    required: false,
-  },
-  updated_at: {
-    type: 'date',
-    array: false,
-    required: false,
-  },
-  updated_by: {
-    type: 'keyword',
-    array: false,
-    required: false,
-  },
-  users: {
-    type: 'nested',
-    array: true,
-    required: false,
-  },
-  'users.id': {
-    type: 'keyword',
-    array: false,
-    required: true,
-  },
-  'users.name': {
-    type: 'keyword',
-    array: false,
-    required: false,
-  },
-  metadata: {
-    type: 'object',
-    array: false,
-    required: false,
-  },
-  'metadata.kbResource': {
-    type: 'keyword',
-    array: false,
-    required: false,
-  },
-  'metadata.required': {
-    type: 'boolean',
-    array: false,
-    required: false,
-  },
-  'metadata.source': {
-    type: 'keyword',
-    array: false,
-    required: false,
-  },
-  text: {
-    type: 'text',
-    array: false,
-    required: true,
-  },
-  vector: {
-    type: 'object',
-    array: false,
-    required: false,
-  },
-  'vector.tokens': {
-    type: 'rank_features',
-    array: false,
-    required: false,
-  },
-} as const;
-
-export const knowledgeBaseFieldMapV2: FieldMap = {
   // Base fields
   '@timestamp': {
     type: 'date',
diff --git a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/knowledge_base/helpers.ts b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/knowledge_base/helpers.ts
index a19b3f0945086..88ecae26cf19f 100644
--- a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/knowledge_base/helpers.ts
+++ b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/knowledge_base/helpers.ts
@@ -27,37 +27,29 @@ export const isModelAlreadyExistsError = (error: Error) => {
  *
  * @param filter - Optional filter to apply to the search
  * @param kbResource - Specific resource tag to filter for, e.g. 'esql' or 'user'
- * @param modelId - ID of the model to search with, e.g. `.elser_model_2`
  * @param query - The search query provided by the user
  * @param required - Whether to only include required entries
  * @param user - The authenticated user
- * @param v2KnowledgeBaseEnabled whether the new v2 KB is enabled
  * @returns
  */
 export const getKBVectorSearchQuery = ({
   filter,
   kbResource,
-  modelId,
   query,
   required,
   user,
-  v2KnowledgeBaseEnabled = false,
 }: {
   filter?: QueryDslQueryContainer | undefined;
   kbResource?: string | undefined;
-  modelId: string;
   query?: string;
   required?: boolean | undefined;
   user: AuthenticatedUser;
-  v2KnowledgeBaseEnabled: boolean;
 }): QueryDslQueryContainer => {
-  const kbResourceKey = v2KnowledgeBaseEnabled ? 'kb_resource' : 'metadata.kbResource';
-  const requiredKey = v2KnowledgeBaseEnabled ? 'required' : 'metadata.required';
   const resourceFilter = kbResource
     ? [
         {
           term: {
-            [kbResourceKey]: kbResource,
+            kb_resource: kbResource,
           },
         },
       ]
@@ -66,7 +58,7 @@ export const getKBVectorSearchQuery = ({
     ? [
         {
           term: {
-            [requiredKey]: required,
+            required,
           },
         },
       ]
@@ -120,7 +112,7 @@ export const getKBVectorSearchQuery = ({
         text_expansion: { 'vector.tokens': { model_id: string; model_text: string } };
       }> = [];
 
-  if (v2KnowledgeBaseEnabled && query) {
+  if (query) {
     semanticTextFilter = [
       {
         semantic: {
@@ -129,17 +121,6 @@ export const getKBVectorSearchQuery = ({
         },
       },
     ];
-  } else if (!v2KnowledgeBaseEnabled) {
-    semanticTextFilter = [
-      {
-        text_expansion: {
-          'vector.tokens': {
-            model_id: modelId,
-            model_text: query as string,
-          },
-        },
-      },
-    ];
   }
 
   return {
diff --git a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/knowledge_base/index.ts b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/knowledge_base/index.ts
index 50e124321fe6c..fae987b6d5083 100644
--- a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/knowledge_base/index.ts
+++ b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/knowledge_base/index.ts
@@ -29,20 +29,11 @@ import { AnalyticsServiceSetup, ElasticsearchClient } from '@kbn/core/server';
 import { IndexPatternsFetcher } from '@kbn/data-views-plugin/server';
 import { map } from 'lodash';
 import { AIAssistantDataClient, AIAssistantDataClientParams } from '..';
-import { AssistantToolParams, GetElser } from '../../types';
-import {
-  createKnowledgeBaseEntry,
-  LegacyKnowledgeBaseEntryCreateProps,
-  transformToCreateSchema,
-  transformToLegacyCreateSchema,
-} from './create_knowledge_base_entry';
+import { GetElser } from '../../types';
+import { createKnowledgeBaseEntry, transformToCreateSchema } from './create_knowledge_base_entry';
 import { EsDocumentEntry, EsIndexEntry, EsKnowledgeBaseEntrySchema } from './types';
 import { transformESSearchToKnowledgeBaseEntry } from './transforms';
-import {
-  ESQL_DOCS_LOADED_QUERY,
-  SECURITY_LABS_RESOURCE,
-  USER_RESOURCE,
-} from '../../routes/knowledge_base/constants';
+import { SECURITY_LABS_RESOURCE, USER_RESOURCE } from '../../routes/knowledge_base/constants';
 import {
   getKBVectorSearchQuery,
   getStructuredToolForIndexEntry,
@@ -61,7 +52,6 @@ import { ASSISTANT_ELSER_INFERENCE_ID } from './field_maps_configuration';
  */
 export interface GetAIAssistantKnowledgeBaseDataClientParams {
   modelIdOverride?: string;
-  v2KnowledgeBaseEnabled?: boolean;
   manageGlobalKnowledgeBaseAIAssistant?: boolean;
 }
 
@@ -71,7 +61,6 @@ interface KnowledgeBaseDataClientParams extends AIAssistantDataClientParams {
   getIsKBSetupInProgress: () => boolean;
   ingestPipelineResourceName: string;
   setIsKBSetupInProgress: (isInProgress: boolean) => void;
-  v2KnowledgeBaseEnabled: boolean;
   manageGlobalKnowledgeBaseAIAssistant: boolean;
 }
 export class AIAssistantKnowledgeBaseDataClient extends AIAssistantDataClient {
@@ -82,11 +71,6 @@ export class AIAssistantKnowledgeBaseDataClient extends AIAssistantDataClient {
   public get isSetupInProgress() {
     return this.options.getIsKBSetupInProgress();
   }
-
-  public get isV2KnowledgeBaseEnabled() {
-    return this.options.v2KnowledgeBaseEnabled;
-  }
-
   /**
    * Returns whether setup of the Knowledge Base can be performed (essentially an ML features check)
    *
@@ -150,70 +134,39 @@ export class AIAssistantKnowledgeBaseDataClient extends AIAssistantDataClient {
   };
 
   /**
-   * Deploy the ELSER model with default configuration
-   */
-  private deployModel = async () => {
-    const elserId = await this.options.getElserId();
-    this.options.logger.debug(`Deploying ELSER model '${elserId}'...`);
-    try {
-      const esClient = await this.options.elasticsearchClientPromise;
-      await esClient.ml.startTrainedModelDeployment({
-        model_id: elserId,
-        wait_for: 'fully_allocated',
-      });
-    } catch (error) {
-      this.options.logger.error(`Error deploying ELSER model '${elserId}':\n${error}`);
-      throw new Error(`Error deploying ELSER model '${elserId}':\n${error}`);
-    }
-  };
-
-  /**
-   * Checks if the provided model is deployed and allocated in Elasticsearch
+   * Checks if the inference endpoint is deployed and allocated in Elasticsearch
    *
    * @returns Promise<boolean> indicating whether the model is deployed
    */
-  public isModelDeployed = async (): Promise<boolean> => {
-    const elserId = await this.options.getElserId();
-    this.options.logger.debug(`Checking if ELSER model '${elserId}' is deployed...`);
-
-    try {
-      if (this.isV2KnowledgeBaseEnabled) {
-        return await this.isInferenceEndpointExists();
-      } else {
-        const esClient = await this.options.elasticsearchClientPromise;
-        const getResponse = await esClient.ml.getTrainedModelsStats({
-          model_id: elserId,
-        });
-
-        // For standardized way of checking deployment status see: https://github.com/elastic/elasticsearch/issues/106986
-        const isReadyESS = (stats: MlTrainedModelStats) =>
-          stats.deployment_stats?.state === 'started' &&
-          stats.deployment_stats?.allocation_status.state === 'fully_allocated';
-
-        const isReadyServerless = (stats: MlTrainedModelStats) =>
-          (stats.deployment_stats?.nodes as unknown as MlTrainedModelDeploymentNodesStats[])?.some(
-            (node) => node.routing_state.routing_state === 'started'
-          );
-
-        return getResponse.trained_model_stats?.some(
-          (stats) => isReadyESS(stats) || isReadyServerless(stats)
-        );
-      }
-    } catch (e) {
-      this.options.logger.debug(`Error checking if ELSER model '${elserId}' is deployed: ${e}`);
-      // Returns 404 if it doesn't exist
-      return false;
-    }
-  };
-
   public isInferenceEndpointExists = async (): Promise<boolean> => {
     try {
       const esClient = await this.options.elasticsearchClientPromise;
 
-      return !!(await esClient.inference.get({
+      const inferenceExists = !!(await esClient.inference.get({
         inference_id: ASSISTANT_ELSER_INFERENCE_ID,
         task_type: 'sparse_embedding',
       }));
+      if (!inferenceExists) {
+        return false;
+      }
+      const elserId = await this.options.getElserId();
+      const getResponse = await esClient.ml.getTrainedModelsStats({
+        model_id: elserId,
+      });
+
+      // For standardized way of checking deployment status see: https://github.com/elastic/elasticsearch/issues/106986
+      const isReadyESS = (stats: MlTrainedModelStats) =>
+        stats.deployment_stats?.state === 'started' &&
+        stats.deployment_stats?.allocation_status.state === 'fully_allocated';
+
+      const isReadyServerless = (stats: MlTrainedModelStats) =>
+        (stats.deployment_stats?.nodes as unknown as MlTrainedModelDeploymentNodesStats[])?.some(
+          (node) => node.routing_state.routing_state === 'started'
+        );
+
+      return getResponse.trained_model_stats?.some(
+        (stats) => isReadyESS(stats) || isReadyServerless(stats)
+      );
     } catch (error) {
       this.options.logger.debug(
         `Error checking if Inference endpoint ${ASSISTANT_ELSER_INFERENCE_ID} exists: ${error}`
@@ -227,25 +180,24 @@ export class AIAssistantKnowledgeBaseDataClient extends AIAssistantDataClient {
     this.options.logger.debug(`Deploying ELSER model '${elserId}'...`);
     try {
       const esClient = await this.options.elasticsearchClientPromise;
-      if (this.isV2KnowledgeBaseEnabled) {
-        await esClient.inference.put({
-          task_type: 'sparse_embedding',
-          inference_id: ASSISTANT_ELSER_INFERENCE_ID,
-          inference_config: {
-            service: 'elasticsearch',
-            service_settings: {
-              adaptive_allocations: {
-                enabled: true,
-                min_number_of_allocations: 0,
-                max_number_of_allocations: 8,
-              },
-              num_threads: 1,
-              model_id: elserId,
+
+      await esClient.inference.put({
+        task_type: 'sparse_embedding',
+        inference_id: ASSISTANT_ELSER_INFERENCE_ID,
+        inference_config: {
+          service: 'elasticsearch',
+          service_settings: {
+            adaptive_allocations: {
+              enabled: true,
+              min_number_of_allocations: 0,
+              max_number_of_allocations: 8,
             },
-            task_settings: {},
+            num_threads: 1,
+            model_id: elserId,
           },
-        });
-      }
+          task_settings: {},
+        },
+      });
     } catch (error) {
       this.options.logger.error(
         `Error creating inference endpoint for ELSER model '${elserId}':\n${error}`
@@ -268,11 +220,9 @@ export class AIAssistantKnowledgeBaseDataClient extends AIAssistantDataClient {
    */
   public setupKnowledgeBase = async ({
     soClient,
-    v2KnowledgeBaseEnabled = true,
     ignoreSecurityLabs = false,
   }: {
     soClient: SavedObjectsClientContract;
-    v2KnowledgeBaseEnabled?: boolean;
     ignoreSecurityLabs?: boolean;
   }): Promise<void> => {
     if (this.options.getIsKBSetupInProgress()) {
@@ -284,40 +234,38 @@ export class AIAssistantKnowledgeBaseDataClient extends AIAssistantDataClient {
     this.options.setIsKBSetupInProgress(true);
     const elserId = await this.options.getElserId();
 
-    if (v2KnowledgeBaseEnabled) {
-      // Delete legacy ESQL knowledge base docs if they exist, and silence the error if they do not
-      try {
-        const esClient = await this.options.elasticsearchClientPromise;
-        const legacyESQL = await esClient.deleteByQuery({
-          index: this.indexTemplateAndPattern.alias,
-          query: {
-            bool: {
-              must: [{ terms: { 'metadata.kbResource': ['esql', 'unknown'] } }],
-            },
+    // Delete legacy ESQL knowledge base docs if they exist, and silence the error if they do not
+    try {
+      const esClient = await this.options.elasticsearchClientPromise;
+      const legacyESQL = await esClient.deleteByQuery({
+        index: this.indexTemplateAndPattern.alias,
+        query: {
+          bool: {
+            must: [{ terms: { 'metadata.kbResource': ['esql', 'unknown'] } }],
           },
-        });
-        if (legacyESQL?.total != null && legacyESQL?.total > 0) {
-          this.options.logger.info(
-            `Removed ${legacyESQL?.total} ESQL knowledge base docs from knowledge base data stream: ${this.indexTemplateAndPattern.alias}.`
-          );
-        }
-        // Delete any existing Security Labs content
-        const securityLabsDocs = await esClient.deleteByQuery({
-          index: this.indexTemplateAndPattern.alias,
-          query: {
-            bool: {
-              must: [{ terms: { kb_resource: [SECURITY_LABS_RESOURCE] } }],
-            },
+        },
+      });
+      if (legacyESQL?.total != null && legacyESQL?.total > 0) {
+        this.options.logger.info(
+          `Removed ${legacyESQL?.total} ESQL knowledge base docs from knowledge base data stream: ${this.indexTemplateAndPattern.alias}.`
+        );
+      }
+      // Delete any existing Security Labs content
+      const securityLabsDocs = await esClient.deleteByQuery({
+        index: this.indexTemplateAndPattern.alias,
+        query: {
+          bool: {
+            must: [{ terms: { kb_resource: [SECURITY_LABS_RESOURCE] } }],
           },
-        });
-        if (securityLabsDocs?.total) {
-          this.options.logger.info(
-            `Removed ${securityLabsDocs?.total} Security Labs knowledge base docs from knowledge base data stream: ${this.indexTemplateAndPattern.alias}.`
-          );
-        }
-      } catch (e) {
-        this.options.logger.info('No legacy ESQL or Security Labs knowledge base docs to delete');
+        },
+      });
+      if (securityLabsDocs?.total) {
+        this.options.logger.info(
+          `Removed ${securityLabsDocs?.total} Security Labs knowledge base docs from knowledge base data stream: ${this.indexTemplateAndPattern.alias}.`
+        );
       }
+    } catch (e) {
+      this.options.logger.info('No legacy ESQL or Security Labs knowledge base docs to delete');
     }
 
     try {
@@ -336,39 +284,22 @@ export class AIAssistantKnowledgeBaseDataClient extends AIAssistantDataClient {
         this.options.logger.debug(`ELSER model '${elserId}' is already installed`);
       }
 
-      if (!this.isV2KnowledgeBaseEnabled) {
-        const isDeployed = await this.isModelDeployed();
-        if (!isDeployed) {
-          await this.deployModel();
-          await pRetry(
-            async () =>
-              (await this.isModelDeployed())
-                ? Promise.resolve()
-                : Promise.reject(new Error('Model not deployed')),
-            { minTimeout: 2000, retries: 10 }
-          );
-          this.options.logger.debug(`ELSER model '${elserId}' successfully deployed!`);
-        } else {
-          this.options.logger.debug(`ELSER model '${elserId}' is already deployed`);
-        }
-      } else {
-        const inferenceExists = await this.isInferenceEndpointExists();
-        if (!inferenceExists) {
-          await this.createInferenceEndpoint();
+      const inferenceExists = await this.isInferenceEndpointExists();
+      if (!inferenceExists) {
+        await this.createInferenceEndpoint();
 
-          this.options.logger.debug(
-            `Inference endpoint for ELSER model '${elserId}' successfully deployed!`
-          );
-        } else {
-          this.options.logger.debug(
-            `Inference endpoint for ELSER model '${elserId}' is already deployed`
-          );
-        }
+        this.options.logger.debug(
+          `Inference endpoint for ELSER model '${elserId}' successfully deployed!`
+        );
+      } else {
+        this.options.logger.debug(
+          `Inference endpoint for ELSER model '${elserId}' is already deployed`
+        );
       }
 
       this.options.logger.debug(`Checking if Knowledge Base docs have been loaded...`);
 
-      if (v2KnowledgeBaseEnabled && !ignoreSecurityLabs) {
+      if (!ignoreSecurityLabs) {
         const labsDocsLoaded = await this.isSecurityLabsDocsLoaded();
         if (!labsDocsLoaded) {
           this.options.logger.debug(`Loading Security Labs KB docs...`);
@@ -415,39 +346,20 @@ export class AIAssistantKnowledgeBaseDataClient extends AIAssistantDataClient {
     const { errors, docs_created: docsCreated } = await writer.bulk({
       documentsToCreate: documents.map((doc) => {
         // v1 schema has metadata nested in a `metadata` object
-        if (this.options.v2KnowledgeBaseEnabled) {
-          return transformToCreateSchema({
-            createdAt: changedAt,
-            spaceId: this.spaceId,
-            user: authenticatedUser,
-            entry: {
-              type: DocumentEntryType.value,
-              name: 'unknown',
-              text: doc.pageContent,
-              kbResource: doc.metadata.kbResource ?? 'unknown',
-              required: doc.metadata.required ?? false,
-              source: doc.metadata.source ?? 'unknown',
-            },
-            global,
-          });
-        } else {
-          return transformToLegacyCreateSchema({
-            createdAt: changedAt,
-            spaceId: this.spaceId,
-            user: authenticatedUser,
-            entry: {
-              type: DocumentEntryType.value,
-              name: 'unknown',
-              text: doc.pageContent,
-              metadata: {
-                kbResource: doc.metadata.kbResource ?? 'unknown',
-                required: doc.metadata.required ?? false,
-                source: doc.metadata.source ?? 'unknown',
-              },
-            },
-            global,
-          });
-        }
+        return transformToCreateSchema({
+          createdAt: changedAt,
+          spaceId: this.spaceId,
+          user: authenticatedUser,
+          entry: {
+            type: DocumentEntryType.value,
+            name: 'unknown',
+            text: doc.pageContent,
+            kbResource: doc.metadata.kbResource ?? 'unknown',
+            required: doc.metadata.required ?? false,
+            source: doc.metadata.source ?? 'unknown',
+          },
+          global,
+        });
       }),
       authenticatedUser,
     });
@@ -467,18 +379,6 @@ export class AIAssistantKnowledgeBaseDataClient extends AIAssistantDataClient {
     return created?.data ? transformESSearchToKnowledgeBaseEntry(created?.data) : [];
   };
 
-  /**
-   * Returns if ES|QL KB docs have been loaded
-   */
-  public isESQLDocsLoaded = async (): Promise<boolean> => {
-    const esqlDocs = await this.getKnowledgeBaseDocumentEntries({
-      query: ESQL_DOCS_LOADED_QUERY,
-      // kbResource, // Note: `8.15` installs have kbResource as `unknown`, so don't filter yet
-      required: true,
-    });
-    return esqlDocs.length > 0;
-  };
-
   /**
    * Returns if user's KB docs exists
    */
@@ -492,15 +392,12 @@ export class AIAssistantKnowledgeBaseDataClient extends AIAssistantDataClient {
     }
 
     const esClient = await this.options.elasticsearchClientPromise;
-    const modelId = await this.options.getElserId();
 
     try {
       const vectorSearchQuery = getKBVectorSearchQuery({
         kbResource: USER_RESOURCE,
         required: false,
         user,
-        modelId,
-        v2KnowledgeBaseEnabled: this.options.v2KnowledgeBaseEnabled,
       });
 
       const result = await esClient.search<EsDocumentEntry>({
@@ -531,15 +428,12 @@ export class AIAssistantKnowledgeBaseDataClient extends AIAssistantDataClient {
     const expectedDocsCount = await getSecurityLabsDocsCount({ logger: this.options.logger });
 
     const esClient = await this.options.elasticsearchClientPromise;
-    const modelId = await this.options.getElserId();
 
     try {
       const vectorSearchQuery = getKBVectorSearchQuery({
         kbResource: SECURITY_LABS_RESOURCE,
         required: false,
         user,
-        modelId,
-        v2KnowledgeBaseEnabled: this.options.v2KnowledgeBaseEnabled,
       });
 
       const result = await esClient.search<EsDocumentEntry>({
@@ -585,7 +479,6 @@ export class AIAssistantKnowledgeBaseDataClient extends AIAssistantDataClient {
     }
 
     const esClient = await this.options.elasticsearchClientPromise;
-    const modelId = await this.options.getElserId();
 
     const vectorSearchQuery = getKBVectorSearchQuery({
       filter,
@@ -593,8 +486,6 @@ export class AIAssistantKnowledgeBaseDataClient extends AIAssistantDataClient {
       query,
       required,
       user,
-      modelId,
-      v2KnowledgeBaseEnabled: this.options.v2KnowledgeBaseEnabled,
     });
 
     try {
@@ -605,14 +496,11 @@ export class AIAssistantKnowledgeBaseDataClient extends AIAssistantDataClient {
       });
 
       const results = result.hits.hits.map((hit) => {
-        const metadata = this.options.v2KnowledgeBaseEnabled
-          ? {
-              source: hit?._source?.source,
-              required: hit?._source?.required,
-              kbResource: hit?._source?.kb_resource,
-            }
-          : // @ts-ignore v1 schema has metadata nested in a `metadata` object and kbResource vs kb_resource
-            hit?._source?.metadata ?? {};
+        const metadata = {
+          source: hit?._source?.source,
+          required: hit?._source?.required,
+          kbResource: hit?._source?.kb_resource,
+        };
         return new Document({
           pageContent: hit?._source?.text ?? '',
           metadata,
@@ -691,7 +579,7 @@ export class AIAssistantKnowledgeBaseDataClient extends AIAssistantDataClient {
     telemetry,
     global = false,
   }: {
-    knowledgeBaseEntry: KnowledgeBaseEntryCreateProps | LegacyKnowledgeBaseEntryCreateProps;
+    knowledgeBaseEntry: KnowledgeBaseEntryCreateProps;
     global?: boolean;
     telemetry: AnalyticsServiceSetup;
   }): Promise<KnowledgeBaseEntryResponse | null> => {
@@ -721,7 +609,6 @@ export class AIAssistantKnowledgeBaseDataClient extends AIAssistantDataClient {
       knowledgeBaseEntry,
       global,
       telemetry,
-      isV2: this.options.v2KnowledgeBaseEnabled,
     });
   };
 
@@ -732,10 +619,8 @@ export class AIAssistantKnowledgeBaseDataClient extends AIAssistantDataClient {
    * is scoped to system user.
    */
   public getAssistantTools = async ({
-    assistantToolParams,
     esClient,
   }: {
-    assistantToolParams: AssistantToolParams;
     esClient: ElasticsearchClient;
   }): Promise<StructuredTool[]> => {
     const user = this.options.currentUser;
@@ -746,9 +631,7 @@ export class AIAssistantKnowledgeBaseDataClient extends AIAssistantDataClient {
     }
 
     try {
-      const elserId = this.isV2KnowledgeBaseEnabled
-        ? ASSISTANT_ELSER_INFERENCE_ID
-        : await this.options.getElserId();
+      const elserId = ASSISTANT_ELSER_INFERENCE_ID;
       const userFilter = getKBUserFilter(user);
       const results = await this.findDocuments<EsIndexEntry>({
         // Note: This is a magic number to set some upward bound as to not blow the context with too
diff --git a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/knowledge_base/ingest_pipeline.ts b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/knowledge_base/ingest_pipeline.ts
index 8f459848af420..74da4d43d1400 100644
--- a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/knowledge_base/ingest_pipeline.ts
+++ b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/knowledge_base/ingest_pipeline.ts
@@ -5,31 +5,8 @@
  * 2.0.
  */
 
-export const knowledgeBaseIngestPipeline = ({
-  id,
-  modelId,
-  v2KnowledgeBaseEnabled,
-}: {
-  id: string;
-  modelId: string;
-  v2KnowledgeBaseEnabled: boolean;
-}) => ({
+export const knowledgeBaseIngestPipeline = ({ id }: { id: string }) => ({
   id,
   description: 'Embedding pipeline for Elastic AI Assistant ELSER Knowledge Base',
-  processors: !v2KnowledgeBaseEnabled
-    ? [
-        {
-          inference: {
-            if: 'ctx?.text != null',
-            model_id: modelId,
-            input_output: [
-              {
-                input_field: 'text',
-                output_field: 'vector.tokens',
-              },
-            ],
-          },
-        },
-      ]
-    : [],
+  processors: [],
 });
diff --git a/x-pack/plugins/elastic_assistant/server/ai_assistant_service/helpers.ts b/x-pack/plugins/elastic_assistant/server/ai_assistant_service/helpers.ts
index 93338174364fc..57b7745a89c78 100644
--- a/x-pack/plugins/elastic_assistant/server/ai_assistant_service/helpers.ts
+++ b/x-pack/plugins/elastic_assistant/server/ai_assistant_service/helpers.ts
@@ -53,8 +53,6 @@ export const pipelineExists = async ({ esClient, id }: PipelineExistsParams): Pr
 interface CreatePipelineParams {
   esClient: ElasticsearchClient;
   id: string;
-  modelId: string;
-  v2KnowledgeBaseEnabled: boolean;
 }
 
 /**
@@ -63,22 +61,14 @@ interface CreatePipelineParams {
  * @param params params
  * @param params.esClient Elasticsearch client with privileges to check for ingest pipelines
  * @param params.id ID of the ingest pipeline
- * @param params.modelId ID of the ELSER model
  *
  * @returns Promise<boolean> indicating whether the pipeline was created
  */
-export const createPipeline = async ({
-  esClient,
-  id,
-  modelId,
-  v2KnowledgeBaseEnabled,
-}: CreatePipelineParams): Promise<boolean> => {
+export const createPipeline = async ({ esClient, id }: CreatePipelineParams): Promise<boolean> => {
   try {
     const response = await esClient.ingest.putPipeline(
       knowledgeBaseIngestPipeline({
         id,
-        modelId,
-        v2KnowledgeBaseEnabled,
       })
     );
 
diff --git a/x-pack/plugins/elastic_assistant/server/ai_assistant_service/index.ts b/x-pack/plugins/elastic_assistant/server/ai_assistant_service/index.ts
index 15274f2323259..d7eff095b4be5 100644
--- a/x-pack/plugins/elastic_assistant/server/ai_assistant_service/index.ts
+++ b/x-pack/plugins/elastic_assistant/server/ai_assistant_service/index.ts
@@ -27,10 +27,7 @@ import { conversationsFieldMap } from '../ai_assistant_data_clients/conversation
 import { assistantPromptsFieldMap } from '../ai_assistant_data_clients/prompts/field_maps_configuration';
 import { assistantAnonymizationFieldsFieldMap } from '../ai_assistant_data_clients/anonymization_fields/field_maps_configuration';
 import { AIAssistantDataClient } from '../ai_assistant_data_clients';
-import {
-  knowledgeBaseFieldMap,
-  knowledgeBaseFieldMapV2,
-} from '../ai_assistant_data_clients/knowledge_base/field_maps_configuration';
+import { knowledgeBaseFieldMap } from '../ai_assistant_data_clients/knowledge_base/field_maps_configuration';
 import {
   AIAssistantKnowledgeBaseDataClient,
   GetAIAssistantKnowledgeBaseDataClientParams,
@@ -85,8 +82,6 @@ export class AIAssistantService {
   private resourceInitializationHelper: ResourceInstallationHelper;
   private initPromise: Promise<InitializationPromise>;
   private isKBSetupInProgress: boolean = false;
-  // Temporary 'feature flag' to determine if we should initialize the new kb mappings, toggled when accessing kbDataClient
-  private v2KnowledgeBaseEnabled: boolean = false;
   private hasInitializedV2KnowledgeBase: boolean = false;
 
   constructor(private readonly options: AIAssistantServiceOpts) {
@@ -156,7 +151,7 @@ export class AIAssistantService {
       // Apply `default_pipeline` if pipeline exists for resource
       ...(resource in this.resourceNames.pipelines &&
       // Remove this param and initialization when the `assistantKnowledgeBaseByDefault` feature flag is removed
-      !(resource === 'knowledgeBase' && this.v2KnowledgeBaseEnabled)
+      !(resource === 'knowledgeBase')
         ? {
             template: {
               settings: {
@@ -185,16 +180,6 @@ export class AIAssistantService {
         pluginStop$: this.options.pluginStop$,
       });
 
-      // If v2 is enabled, re-install data stream resources for new mappings
-      if (this.v2KnowledgeBaseEnabled) {
-        this.options.logger.debug(`Using V2 Knowledge Base Mappings`);
-        this.knowledgeBaseDataStream = this.createDataStream({
-          resource: 'knowledgeBase',
-          kibanaVersion: this.options.kibanaVersion,
-          fieldMap: knowledgeBaseFieldMapV2,
-        });
-      }
-
       await this.knowledgeBaseDataStream.install({
         esClient,
         logger: this.options.logger,
@@ -206,28 +191,18 @@ export class AIAssistantService {
         esClient,
         id: this.resourceNames.pipelines.knowledgeBase,
       });
-      // TODO: When FF is removed, ensure pipeline is re-created for those upgrading
-      if (
-        // Install for v1
-        (!this.v2KnowledgeBaseEnabled && !pipelineCreated) ||
-        // Upgrade from v1 to v2
-        (pipelineCreated && this.v2KnowledgeBaseEnabled)
-      ) {
+      // ensure pipeline is re-created for those upgrading
+      // pipeline is noop now, so if one does not exist we do not need one
+      if (pipelineCreated) {
         this.options.logger.debug(
           `Installing ingest pipeline - ${this.resourceNames.pipelines.knowledgeBase}`
         );
         const response = await createPipeline({
           esClient,
           id: this.resourceNames.pipelines.knowledgeBase,
-          modelId: await this.getElserId(),
-          v2KnowledgeBaseEnabled: this.v2KnowledgeBaseEnabled,
         });
 
         this.options.logger.debug(`Installed ingest pipeline: ${response}`);
-      } else {
-        this.options.logger.debug(
-          `Ingest pipeline already exists - ${this.resourceNames.pipelines.knowledgeBase}`
-        );
       }
 
       await this.promptsDataStream.install({
@@ -363,25 +338,16 @@ export class AIAssistantService {
     opts: CreateAIAssistantClientParams & GetAIAssistantKnowledgeBaseDataClientParams
   ): Promise<AIAssistantKnowledgeBaseDataClient | null> {
     // If modelIdOverride is set, swap getElserId(), and ensure the pipeline is re-created with the correct model
-    if (opts.modelIdOverride != null) {
+    if (opts?.modelIdOverride != null) {
       const modelIdOverride = opts.modelIdOverride;
       this.getElserId = async () => modelIdOverride;
     }
 
-    // Note: Due to plugin lifecycle and feature flag registration timing, we need to pass in the feature flag here
-    // Remove this param and initialization when the `assistantKnowledgeBaseByDefault` feature flag is removed
-    if (opts.v2KnowledgeBaseEnabled) {
-      this.v2KnowledgeBaseEnabled = true;
-    }
-
-    // If either v2 KB or a modelIdOverride is provided, we need to reinitialize all persistence resources to make sure
+    // If a V2 KnowledgeBase has never been initialized or a modelIdOverride is provided, we need to reinitialize all persistence resources to make sure
     // they're using the correct model/mappings. Technically all existing KB data is stale since it was created
     // with a different model/mappings, but modelIdOverride is only intended for testing purposes at this time
     // Added hasInitializedV2KnowledgeBase to prevent the console noise from re-init on each KB request
-    if (
-      !this.hasInitializedV2KnowledgeBase &&
-      (opts.v2KnowledgeBaseEnabled || opts.modelIdOverride != null)
-    ) {
+    if (!this.hasInitializedV2KnowledgeBase || opts?.modelIdOverride != null) {
       await this.initializeResources();
       this.hasInitializedV2KnowledgeBase = true;
     }
@@ -404,7 +370,6 @@ export class AIAssistantService {
       ml: this.options.ml,
       setIsKBSetupInProgress: this.setIsKBSetupInProgress.bind(this),
       spaceId: opts.spaceId,
-      v2KnowledgeBaseEnabled: opts.v2KnowledgeBaseEnabled ?? false,
       manageGlobalKnowledgeBaseAIAssistant: opts.manageGlobalKnowledgeBaseAIAssistant ?? false,
     });
   }
diff --git a/x-pack/plugins/elastic_assistant/server/lib/attack_discovery/evaluation/__mocks__/mock_anonymization_fields.ts b/x-pack/plugins/elastic_assistant/server/lib/attack_discovery/evaluation/__mocks__/mock_anonymization_fields.ts
new file mode 100644
index 0000000000000..ed487e4705c27
--- /dev/null
+++ b/x-pack/plugins/elastic_assistant/server/lib/attack_discovery/evaluation/__mocks__/mock_anonymization_fields.ts
@@ -0,0 +1,65 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { AnonymizationFieldResponse } from '@kbn/elastic-assistant-common/impl/schemas/anonymization_fields/bulk_crud_anonymization_fields_route.gen';
+
+export const getMockAnonymizationFieldResponse = (): AnonymizationFieldResponse[] => [
+  {
+    id: '6UDO45IBoEQSo_rIK1EW',
+    timestamp: '2024-10-31T18:19:52.468Z',
+    field: '_id',
+    allowed: true,
+    anonymized: false,
+    createdAt: '2024-10-31T18:19:52.468Z',
+    namespace: 'default',
+  },
+  {
+    id: '6kDO45IBoEQSo_rIK1EW',
+    timestamp: '2024-10-31T18:19:52.468Z',
+    field: '@timestamp',
+    allowed: true,
+    anonymized: false,
+    createdAt: '2024-10-31T18:19:52.468Z',
+    namespace: 'default',
+  },
+  {
+    id: '60DO45IBoEQSo_rIK1EW',
+    timestamp: '2024-10-31T18:19:52.468Z',
+    field: 'cloud.availability_zone',
+    allowed: true,
+    anonymized: false,
+    createdAt: '2024-10-31T18:19:52.468Z',
+    namespace: 'default',
+  },
+  {
+    id: '_EDO45IBoEQSo_rIK1EW',
+    timestamp: '2024-10-31T18:19:52.468Z',
+    field: 'host.name',
+    allowed: true,
+    anonymized: true,
+    createdAt: '2024-10-31T18:19:52.468Z',
+    namespace: 'default',
+  },
+  {
+    id: 'SkDO45IBoEQSo_rIK1IW',
+    timestamp: '2024-10-31T18:19:52.468Z',
+    field: 'user.name',
+    allowed: true,
+    anonymized: true,
+    createdAt: '2024-10-31T18:19:52.468Z',
+    namespace: 'default',
+  },
+  {
+    id: 'TUDO45IBoEQSo_rIK1IW',
+    timestamp: '2024-10-31T18:19:52.468Z',
+    field: 'user.target.name',
+    allowed: true,
+    anonymized: true,
+    createdAt: '2024-10-31T18:19:52.468Z',
+    namespace: 'default',
+  },
+];
diff --git a/x-pack/plugins/elastic_assistant/server/lib/attack_discovery/graphs/default_attack_discovery_graph/nodes/generate/helpers/get_alerts_context_prompt/index.test.ts b/x-pack/plugins/elastic_assistant/server/lib/attack_discovery/graphs/default_attack_discovery_graph/nodes/generate/helpers/get_alerts_context_prompt/index.test.ts
index 287f5e6b2130a..098d2b81f4914 100644
--- a/x-pack/plugins/elastic_assistant/server/lib/attack_discovery/graphs/default_attack_discovery_graph/nodes/generate/helpers/get_alerts_context_prompt/index.test.ts
+++ b/x-pack/plugins/elastic_assistant/server/lib/attack_discovery/graphs/default_attack_discovery_graph/nodes/generate/helpers/get_alerts_context_prompt/index.test.ts
@@ -12,7 +12,7 @@ describe('getAlertsContextPrompt', () => {
   it('generates the correct prompt', () => {
     const anonymizedAlerts = ['Alert 1', 'Alert 2', 'Alert 3'];
 
-    const expected = `You are a cyber security analyst tasked with analyzing security events from Elastic Security to identify and report on potential cyber attacks or progressions. Your report should focus on high-risk incidents that could severely impact the organization, rather than isolated alerts. Present your findings in a way that can be easily understood by anyone, regardless of their technical expertise, as if you were briefing the CISO. Break down your response into sections based on timing, hosts, and users involved. When correlating alerts, use kibana.alert.original_time when it's available, otherwise use @timestamp. Include appropriate context about the affected hosts and users. Describe how the attack progression might have occurred and, if feasible, attribute it to known threat groups. Prioritize high and critical alerts, but include lower-severity alerts if desired. In the description field, provide as much detail as possible, in a bulleted list explaining any attack progressions. Accuracy is of utmost importance. You MUST escape all JSON special characters (i.e. backslashes, double quotes, newlines, tabs, carriage returns, backspaces, and form feeds).
+    const expected = `${getDefaultAttackDiscoveryPrompt()}
 
 Use context from the following alerts to provide insights:
 
diff --git a/x-pack/plugins/elastic_assistant/server/lib/attack_discovery/graphs/default_attack_discovery_graph/nodes/generate/index.test.ts b/x-pack/plugins/elastic_assistant/server/lib/attack_discovery/graphs/default_attack_discovery_graph/nodes/generate/index.test.ts
index da815aad9795a..07c3e0007f851 100644
--- a/x-pack/plugins/elastic_assistant/server/lib/attack_discovery/graphs/default_attack_discovery_graph/nodes/generate/index.test.ts
+++ b/x-pack/plugins/elastic_assistant/server/lib/attack_discovery/graphs/default_attack_discovery_graph/nodes/generate/index.test.ts
@@ -5,8 +5,8 @@
  * 2.0.
  */
 
+import type { Logger } from '@kbn/core/server';
 import type { ActionsClientLlm } from '@kbn/langchain/server';
-import { loggerMock } from '@kbn/logging-mocks';
 import { FakeLLM } from '@langchain/core/utils/testing';
 
 import { getGenerateNode } from '.';
@@ -16,7 +16,15 @@ import {
 } from '../../../../evaluation/__mocks__/mock_anonymized_alerts';
 import { getAnonymizedAlertsFromState } from './helpers/get_anonymized_alerts_from_state';
 import { getChainWithFormatInstructions } from '../helpers/get_chain_with_format_instructions';
+import { getDefaultAttackDiscoveryPrompt } from '../helpers/get_default_attack_discovery_prompt';
+import { getDefaultRefinePrompt } from '../refine/helpers/get_default_refine_prompt';
 import { GraphState } from '../../types';
+import {
+  getParsedAttackDiscoveriesMock,
+  getRawAttackDiscoveriesMock,
+} from '../../../../../../__mocks__/raw_attack_discoveries';
+
+const attackDiscoveryTimestamp = '2024-10-11T17:55:59.702Z';
 
 jest.mock('../helpers/get_chain_with_format_instructions', () => {
   const mockInvoke = jest.fn().mockResolvedValue('');
@@ -27,19 +35,21 @@ jest.mock('../helpers/get_chain_with_format_instructions', () => {
         invoke: mockInvoke,
       },
       formatInstructions: ['mock format instructions'],
-      llmType: 'fake',
+      llmType: 'openai',
       mockInvoke, // <-- added for testing
     }),
   };
 });
 
-const mockLogger = loggerMock.create();
+const mockLogger = {
+  debug: (x: Function) => x(),
+} as unknown as Logger;
+
 let mockLlm: ActionsClientLlm;
 
 const initialGraphState: GraphState = {
   attackDiscoveries: null,
-  attackDiscoveryPrompt:
-    "You are a cyber security analyst tasked with analyzing security events from Elastic Security to identify and report on potential cyber attacks or progressions. Your report should focus on high-risk incidents that could severely impact the organization, rather than isolated alerts. Present your findings in a way that can be easily understood by anyone, regardless of their technical expertise, as if you were briefing the CISO. Break down your response into sections based on timing, hosts, and users involved. When correlating alerts, use kibana.alert.original_time when it's available, otherwise use @timestamp. Include appropriate context about the affected hosts and users. Describe how the attack progression might have occurred and, if feasible, attribute it to known threat groups. Prioritize high and critical alerts, but include lower-severity alerts if desired. In the description field, provide as much detail as possible, in a bulleted list explaining any attack progressions. Accuracy is of utmost importance. You MUST escape all JSON special characters (i.e. backslashes, double quotes, newlines, tabs, carriage returns, backspaces, and form feeds).",
+  attackDiscoveryPrompt: getDefaultAttackDiscoveryPrompt(),
   anonymizedAlerts: [...mockAnonymizedAlerts],
   combinedGenerations: '',
   combinedRefinements: '',
@@ -51,8 +61,7 @@ const initialGraphState: GraphState = {
   maxHallucinationFailures: 5,
   maxRepeatedGenerations: 3,
   refinements: [],
-  refinePrompt:
-    'You previously generated the following insights, but sometimes they represent the same attack.\n\nCombine the insights below, when they represent the same attack; leave any insights that are not combined unchanged:',
+  refinePrompt: getDefaultRefinePrompt(),
   replacements: {
     ...mockAnonymizedAlertsReplacements,
   },
@@ -63,11 +72,18 @@ describe('getGenerateNode', () => {
   beforeEach(() => {
     jest.clearAllMocks();
 
+    jest.useFakeTimers();
+    jest.setSystemTime(new Date(attackDiscoveryTimestamp));
+
     mockLlm = new FakeLLM({
-      response: JSON.stringify({}, null, 2),
+      response: '',
     }) as unknown as ActionsClientLlm;
   });
 
+  afterEach(() => {
+    jest.useRealTimers();
+  });
+
   it('returns a function', () => {
     const generateNode = getGenerateNode({
       llm: mockLlm,
@@ -77,9 +93,8 @@ describe('getGenerateNode', () => {
     expect(typeof generateNode).toBe('function');
   });
 
-  it('invokes the chain with the alerts from state and format instructions', async () => {
-    // @ts-expect-error
-    const { mockInvoke } = getChainWithFormatInstructions(mockLlm);
+  it('invokes the chain with the expected alerts from state and formatting instructions', async () => {
+    const mockInvoke = getChainWithFormatInstructions(mockLlm).chain.invoke as jest.Mock;
 
     const generateNode = getGenerateNode({
       llm: mockLlm,
@@ -100,4 +115,214 @@ ${getAnonymizedAlertsFromState(initialGraphState).join('\n\n')}
 `,
     });
   });
+
+  it('removes the surrounding json from the response', async () => {
+    const response =
+      'You asked for some JSON, here it is:\n```json\n{"key": "value"}\n```\nI hope that works for you.';
+
+    const mockLlmWithResponse = new FakeLLM({ response }) as unknown as ActionsClientLlm;
+    const mockInvoke = getChainWithFormatInstructions(mockLlmWithResponse).chain
+      .invoke as jest.Mock;
+
+    mockInvoke.mockResolvedValue(response);
+
+    const generateNode = getGenerateNode({
+      llm: mockLlmWithResponse,
+      logger: mockLogger,
+    });
+
+    const state = await generateNode(initialGraphState);
+
+    expect(state).toEqual({
+      ...initialGraphState,
+      combinedGenerations: '{"key": "value"}',
+      errors: [
+        'generate node is unable to parse (fake) response from attempt 0; (this may be an incomplete response from the model): [\n  {\n    "code": "invalid_type",\n    "expected": "array",\n    "received": "undefined",\n    "path": [\n      "insights"\n    ],\n    "message": "Required"\n  }\n]',
+      ],
+      generationAttempts: 1,
+      generations: ['{"key": "value"}'],
+    });
+  });
+
+  it('handles hallucinations', async () => {
+    const hallucinatedResponse =
+      'tactics like **Credential Access**, **Command and Control**, and **Persistence**.",\n      "entitySummaryMarkdown": "Malware detected on host **{{ host.name hostNameValue }}**';
+
+    const mockLlmWithHallucination = new FakeLLM({
+      response: hallucinatedResponse,
+    }) as unknown as ActionsClientLlm;
+    const mockInvoke = getChainWithFormatInstructions(mockLlmWithHallucination).chain
+      .invoke as jest.Mock;
+
+    mockInvoke.mockResolvedValue(hallucinatedResponse);
+
+    const generateNode = getGenerateNode({
+      llm: mockLlmWithHallucination,
+      logger: mockLogger,
+    });
+
+    const withPreviousGenerations = {
+      ...initialGraphState,
+      combinedGenerations: '{"key": "value"}',
+      generationAttempts: 1,
+      generations: ['{"key": "value"}'],
+    };
+
+    const state = await generateNode(withPreviousGenerations);
+
+    expect(state).toEqual({
+      ...withPreviousGenerations,
+      combinedGenerations: '', // <-- reset
+      generationAttempts: 2, // <-- incremented
+      generations: [], // <-- reset
+      hallucinationFailures: 1, // <-- incremented
+    });
+  });
+
+  it('discards previous generations and starts over when the maxRepeatedGenerations limit is reached', async () => {
+    const repeatedResponse = 'gen1';
+
+    const mockLlmWithRepeatedGenerations = new FakeLLM({
+      response: repeatedResponse,
+    }) as unknown as ActionsClientLlm;
+    const mockInvoke = getChainWithFormatInstructions(mockLlmWithRepeatedGenerations).chain
+      .invoke as jest.Mock;
+
+    mockInvoke.mockResolvedValue(repeatedResponse);
+
+    const generateNode = getGenerateNode({
+      llm: mockLlmWithRepeatedGenerations,
+      logger: mockLogger,
+    });
+
+    const withPreviousGenerations = {
+      ...initialGraphState,
+      combinedGenerations: 'gen1gen1',
+      generationAttempts: 2,
+      generations: ['gen1', 'gen1'],
+    };
+
+    const state = await generateNode(withPreviousGenerations);
+
+    expect(state).toEqual({
+      ...withPreviousGenerations,
+      combinedGenerations: '',
+      generationAttempts: 3, // <-- incremented
+      generations: [],
+    });
+  });
+
+  it('combines the response with the previous generations', async () => {
+    const response = 'gen1';
+
+    const mockLlmWithResponse = new FakeLLM({
+      response,
+    }) as unknown as ActionsClientLlm;
+    const mockInvoke = getChainWithFormatInstructions(mockLlmWithResponse).chain
+      .invoke as jest.Mock;
+
+    mockInvoke.mockResolvedValue(response);
+
+    const generateNode = getGenerateNode({
+      llm: mockLlmWithResponse,
+      logger: mockLogger,
+    });
+
+    const withPreviousGenerations = {
+      ...initialGraphState,
+      combinedGenerations: 'gen0',
+      generationAttempts: 1,
+      generations: ['gen0'],
+    };
+
+    const state = await generateNode(withPreviousGenerations);
+
+    expect(state).toEqual({
+      ...withPreviousGenerations,
+      combinedGenerations: 'gen0gen1',
+      errors: [
+        'generate node is unable to parse (fake) response from attempt 1; (this may be an incomplete response from the model): SyntaxError: Unexpected token \'g\', "gen0gen1" is not valid JSON',
+      ],
+      generationAttempts: 2,
+      generations: ['gen0', 'gen1'],
+    });
+  });
+
+  it('returns unrefined results when combined responses pass validation', async () => {
+    // split the response into two parts to simulate a valid response
+    const splitIndex = 100; // arbitrary index
+    const firstResponse = getRawAttackDiscoveriesMock().slice(0, splitIndex);
+    const secondResponse = getRawAttackDiscoveriesMock().slice(splitIndex);
+
+    const mockLlmWithResponse = new FakeLLM({
+      response: secondResponse,
+    }) as unknown as ActionsClientLlm;
+    const mockInvoke = getChainWithFormatInstructions(mockLlmWithResponse).chain
+      .invoke as jest.Mock;
+
+    mockInvoke.mockResolvedValue(secondResponse);
+
+    const generateNode = getGenerateNode({
+      llm: mockLlmWithResponse,
+      logger: mockLogger,
+    });
+
+    const withPreviousGenerations = {
+      ...initialGraphState,
+      combinedGenerations: firstResponse,
+      generationAttempts: 1,
+      generations: [firstResponse],
+    };
+
+    const state = await generateNode(withPreviousGenerations);
+
+    expect(state).toEqual({
+      ...withPreviousGenerations,
+      attackDiscoveries: null,
+      combinedGenerations: firstResponse.concat(secondResponse),
+      errors: [],
+      generationAttempts: 2,
+      generations: [firstResponse, secondResponse],
+      unrefinedResults: getParsedAttackDiscoveriesMock(attackDiscoveryTimestamp), // <-- generated from the combined response
+    });
+  });
+
+  it('skips the refinements step if the max number of retries has already been reached', async () => {
+    // split the response into two parts to simulate a valid response
+    const splitIndex = 100; // arbitrary index
+    const firstResponse = getRawAttackDiscoveriesMock().slice(0, splitIndex);
+    const secondResponse = getRawAttackDiscoveriesMock().slice(splitIndex);
+
+    const mockLlmWithResponse = new FakeLLM({
+      response: secondResponse,
+    }) as unknown as ActionsClientLlm;
+    const mockInvoke = getChainWithFormatInstructions(mockLlmWithResponse).chain
+      .invoke as jest.Mock;
+
+    mockInvoke.mockResolvedValue(secondResponse);
+
+    const generateNode = getGenerateNode({
+      llm: mockLlmWithResponse,
+      logger: mockLogger,
+    });
+
+    const withPreviousGenerations = {
+      ...initialGraphState,
+      combinedGenerations: firstResponse,
+      generationAttempts: 9,
+      generations: [firstResponse],
+    };
+
+    const state = await generateNode(withPreviousGenerations);
+
+    expect(state).toEqual({
+      ...withPreviousGenerations,
+      attackDiscoveries: getParsedAttackDiscoveriesMock(attackDiscoveryTimestamp), // <-- skip the refinement step
+      combinedGenerations: firstResponse.concat(secondResponse),
+      errors: [],
+      generationAttempts: 10,
+      generations: [firstResponse, secondResponse],
+      unrefinedResults: getParsedAttackDiscoveriesMock(attackDiscoveryTimestamp), // <-- generated from the combined response
+    });
+  });
 });
diff --git a/x-pack/plugins/elastic_assistant/server/lib/attack_discovery/graphs/default_attack_discovery_graph/nodes/generate/index.ts b/x-pack/plugins/elastic_assistant/server/lib/attack_discovery/graphs/default_attack_discovery_graph/nodes/generate/index.ts
index 1fcd81622f0fe..0dfe1b0629f58 100644
--- a/x-pack/plugins/elastic_assistant/server/lib/attack_discovery/graphs/default_attack_discovery_graph/nodes/generate/index.ts
+++ b/x-pack/plugins/elastic_assistant/server/lib/attack_discovery/graphs/default_attack_discovery_graph/nodes/generate/index.ts
@@ -58,10 +58,10 @@ export const getGenerateNode = ({
         () => `generate node is invoking the chain (${llmType}), attempt ${generationAttempts}`
       );
 
-      const rawResponse = (await chain.invoke({
+      const rawResponse = await chain.invoke({
         format_instructions: formatInstructions,
         query,
-      })) as unknown as string;
+      });
 
       // LOCAL MUTATION:
       partialResponse = extractJson(rawResponse); // remove the surrounding ```json```
@@ -86,7 +86,7 @@ export const getGenerateNode = ({
         generationsAreRepeating({
           currentGeneration: partialResponse,
           previousGenerations: generations,
-          sampleLastNGenerations: maxRepeatedGenerations,
+          sampleLastNGenerations: maxRepeatedGenerations - 1,
         })
       ) {
         logger?.debug(
diff --git a/x-pack/plugins/elastic_assistant/server/lib/attack_discovery/graphs/default_attack_discovery_graph/nodes/helpers/add_trailing_backticks_if_necessary/index.test.ts b/x-pack/plugins/elastic_assistant/server/lib/attack_discovery/graphs/default_attack_discovery_graph/nodes/helpers/add_trailing_backticks_if_necessary/index.test.ts
new file mode 100644
index 0000000000000..4c95cb05faae0
--- /dev/null
+++ b/x-pack/plugins/elastic_assistant/server/lib/attack_discovery/graphs/default_attack_discovery_graph/nodes/helpers/add_trailing_backticks_if_necessary/index.test.ts
@@ -0,0 +1,46 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { addTrailingBackticksIfNecessary } from '.';
+
+describe('addTrailingBackticksIfNecessary', () => {
+  it('adds trailing backticks when necessary', () => {
+    const input = '```json\n{\n  "key": "value"\n}';
+    const expected = '```json\n{\n  "key": "value"\n}\n```';
+    const result = addTrailingBackticksIfNecessary(input);
+
+    expect(result).toEqual(expected);
+  });
+
+  it('does NOT add trailing backticks when they are already present', () => {
+    const input = '```json\n{\n  "key": "value"\n}\n```';
+    const result = addTrailingBackticksIfNecessary(input);
+
+    expect(result).toEqual(input);
+  });
+
+  it("does NOT add trailing backticks when there's no leading JSON wrapper", () => {
+    const input = '{\n  "key": "value"\n}';
+    const result = addTrailingBackticksIfNecessary(input);
+
+    expect(result).toEqual(input);
+  });
+
+  it('handles empty string input', () => {
+    const input = '';
+    const result = addTrailingBackticksIfNecessary(input);
+
+    expect(result).toEqual(input);
+  });
+
+  it('handles input without a JSON wrapper, but with trailing backticks', () => {
+    const input = '{\n  "key": "value"\n}\n```';
+    const result = addTrailingBackticksIfNecessary(input);
+
+    expect(result).toEqual(input);
+  });
+});
diff --git a/x-pack/plugins/elastic_assistant/server/lib/attack_discovery/graphs/default_attack_discovery_graph/nodes/helpers/extract_json/index.test.ts b/x-pack/plugins/elastic_assistant/server/lib/attack_discovery/graphs/default_attack_discovery_graph/nodes/helpers/extract_json/index.test.ts
index 5e13ec9f0dafe..7a2ced64163c5 100644
--- a/x-pack/plugins/elastic_assistant/server/lib/attack_discovery/graphs/default_attack_discovery_graph/nodes/helpers/extract_json/index.test.ts
+++ b/x-pack/plugins/elastic_assistant/server/lib/attack_discovery/graphs/default_attack_discovery_graph/nodes/helpers/extract_json/index.test.ts
@@ -8,6 +8,24 @@
 import { extractJson } from '.';
 
 describe('extractJson', () => {
+  it('returns an empty string if input is undefined', () => {
+    const input = undefined;
+
+    expect(extractJson(input)).toBe('');
+  });
+
+  it('returns an empty string if input an array', () => {
+    const input = ['some', 'array'];
+
+    expect(extractJson(input)).toBe('');
+  });
+
+  it('returns an empty string if input is an object', () => {
+    const input = {};
+
+    expect(extractJson(input)).toBe('');
+  });
+
   it('returns the JSON text surrounded by ```json and ``` with no whitespace or additional text', () => {
     const input = '```json{"key": "value"}```';
 
diff --git a/x-pack/plugins/elastic_assistant/server/lib/attack_discovery/graphs/default_attack_discovery_graph/nodes/helpers/extract_json/index.ts b/x-pack/plugins/elastic_assistant/server/lib/attack_discovery/graphs/default_attack_discovery_graph/nodes/helpers/extract_json/index.ts
index 79d3f9c0d0599..089756840e568 100644
--- a/x-pack/plugins/elastic_assistant/server/lib/attack_discovery/graphs/default_attack_discovery_graph/nodes/helpers/extract_json/index.ts
+++ b/x-pack/plugins/elastic_assistant/server/lib/attack_discovery/graphs/default_attack_discovery_graph/nodes/helpers/extract_json/index.ts
@@ -5,7 +5,11 @@
  * 2.0.
  */
 
-export const extractJson = (input: string): string => {
+export const extractJson = (input: unknown): string => {
+  if (typeof input !== 'string') {
+    return '';
+  }
+
   const regex = /```json\s*([\s\S]*?)(?:\s*```|$)/;
   const match = input.match(regex);
 
diff --git a/x-pack/plugins/elastic_assistant/server/lib/attack_discovery/graphs/default_attack_discovery_graph/nodes/helpers/get_combined/index.test.ts b/x-pack/plugins/elastic_assistant/server/lib/attack_discovery/graphs/default_attack_discovery_graph/nodes/helpers/get_combined/index.test.ts
new file mode 100644
index 0000000000000..75d7d83db3e92
--- /dev/null
+++ b/x-pack/plugins/elastic_assistant/server/lib/attack_discovery/graphs/default_attack_discovery_graph/nodes/helpers/get_combined/index.test.ts
@@ -0,0 +1,37 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { getCombined } from '.';
+
+describe('getCombined', () => {
+  it('combines two strings correctly', () => {
+    const combinedGenerations = 'generation1';
+    const partialResponse = 'response1';
+    const expected = 'generation1response1';
+    const result = getCombined({ combinedGenerations, partialResponse });
+
+    expect(result).toEqual(expected);
+  });
+
+  it('handles empty combinedGenerations', () => {
+    const combinedGenerations = '';
+    const partialResponse = 'response1';
+    const expected = 'response1';
+    const result = getCombined({ combinedGenerations, partialResponse });
+
+    expect(result).toEqual(expected);
+  });
+
+  it('handles an empty partialResponse', () => {
+    const combinedGenerations = 'generation1';
+    const partialResponse = '';
+    const expected = 'generation1';
+    const result = getCombined({ combinedGenerations, partialResponse });
+
+    expect(result).toEqual(expected);
+  });
+});
diff --git a/x-pack/plugins/elastic_assistant/server/lib/attack_discovery/graphs/default_attack_discovery_graph/nodes/helpers/get_continue_prompt/index.test.ts b/x-pack/plugins/elastic_assistant/server/lib/attack_discovery/graphs/default_attack_discovery_graph/nodes/helpers/get_continue_prompt/index.test.ts
new file mode 100644
index 0000000000000..35dae31a3ae6a
--- /dev/null
+++ b/x-pack/plugins/elastic_assistant/server/lib/attack_discovery/graphs/default_attack_discovery_graph/nodes/helpers/get_continue_prompt/index.test.ts
@@ -0,0 +1,22 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { getContinuePrompt } from '.';
+
+describe('getContinuePrompt', () => {
+  it('returns the expected prompt string', () => {
+    const expectedPrompt = `Continue exactly where you left off in the JSON output below, generating only the additional JSON output when it's required to complete your work. The additional JSON output MUST ALWAYS follow these rules:
+1) it MUST conform to the schema above, because it will be checked against the JSON schema
+2) it MUST escape all JSON special characters (i.e. backslashes, double quotes, newlines, tabs, carriage returns, backspaces, and form feeds), because it will be parsed as JSON
+3) it MUST NOT repeat any the previous output, because that would prevent partial results from being combined
+4) it MUST NOT restart from the beginning, because that would prevent partial results from being combined
+5) it MUST NOT be prefixed or suffixed with additional text outside of the JSON, because that would prevent it from being combined and parsed as JSON:
+`;
+
+    expect(getContinuePrompt()).toBe(expectedPrompt);
+  });
+});
diff --git a/x-pack/plugins/elastic_assistant/server/lib/attack_discovery/graphs/default_attack_discovery_graph/nodes/helpers/get_default_attack_discovery_prompt/index.test.ts b/x-pack/plugins/elastic_assistant/server/lib/attack_discovery/graphs/default_attack_discovery_graph/nodes/helpers/get_default_attack_discovery_prompt/index.test.ts
new file mode 100644
index 0000000000000..6fce86bfceb6f
--- /dev/null
+++ b/x-pack/plugins/elastic_assistant/server/lib/attack_discovery/graphs/default_attack_discovery_graph/nodes/helpers/get_default_attack_discovery_prompt/index.test.ts
@@ -0,0 +1,16 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { getDefaultAttackDiscoveryPrompt } from '.';
+
+describe('getDefaultAttackDiscoveryPrompt', () => {
+  it('returns the default attack discovery prompt', () => {
+    expect(getDefaultAttackDiscoveryPrompt()).toEqual(
+      "You are a cyber security analyst tasked with analyzing security events from Elastic Security to identify and report on potential cyber attacks or progressions. Your report should focus on high-risk incidents that could severely impact the organization, rather than isolated alerts. Present your findings in a way that can be easily understood by anyone, regardless of their technical expertise, as if you were briefing the CISO. Break down your response into sections based on timing, hosts, and users involved. When correlating alerts, use kibana.alert.original_time when it's available, otherwise use @timestamp. Include appropriate context about the affected hosts and users. Describe how the attack progression might have occurred and, if feasible, attribute it to known threat groups. Prioritize high and critical alerts, but include lower-severity alerts if desired. In the description field, provide as much detail as possible, in a bulleted list explaining any attack progressions. Accuracy is of utmost importance. You MUST escape all JSON special characters (i.e. backslashes, double quotes, newlines, tabs, carriage returns, backspaces, and form feeds)."
+    );
+  });
+});
diff --git a/x-pack/plugins/elastic_assistant/server/lib/attack_discovery/graphs/default_attack_discovery_graph/nodes/helpers/parse_combined_or_throw/index.test.ts b/x-pack/plugins/elastic_assistant/server/lib/attack_discovery/graphs/default_attack_discovery_graph/nodes/helpers/parse_combined_or_throw/index.test.ts
new file mode 100644
index 0000000000000..cfbc837a83f66
--- /dev/null
+++ b/x-pack/plugins/elastic_assistant/server/lib/attack_discovery/graphs/default_attack_discovery_graph/nodes/helpers/parse_combined_or_throw/index.test.ts
@@ -0,0 +1,118 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { Logger } from '@kbn/core/server';
+
+import { parseCombinedOrThrow } from '.';
+import { getRawAttackDiscoveriesMock } from '../../../../../../../__mocks__/raw_attack_discoveries';
+
+describe('parseCombinedOrThrow', () => {
+  const mockLogger: Logger = {
+    debug: jest.fn(),
+  } as unknown as Logger;
+
+  const nodeName = 'testNodeName';
+  const llmType = 'testLlmType';
+
+  const validCombinedResponse = getRawAttackDiscoveriesMock();
+
+  const invalidCombinedResponse = 'invalid json';
+
+  const defaultArgs = {
+    combinedResponse: validCombinedResponse,
+    generationAttempts: 0,
+    nodeName,
+    llmType,
+    logger: mockLogger,
+  };
+
+  it('returns an Attack discovery for each insight in a valid combined response', () => {
+    const discoveries = parseCombinedOrThrow({
+      ...defaultArgs,
+    });
+
+    expect(discoveries).toHaveLength(5);
+  });
+
+  it('adds a timestamp to all discoveries in a valid response', () => {
+    const discoveries = parseCombinedOrThrow({
+      ...defaultArgs,
+    });
+
+    expect(discoveries.every((discovery) => discovery.timestamp != null)).toBe(true);
+  });
+
+  it('adds trailing backticks to the combined response if necessary', () => {
+    const withLeadingJson = '```json\n'.concat(validCombinedResponse);
+
+    const discoveries = parseCombinedOrThrow({
+      ...defaultArgs,
+      combinedResponse: withLeadingJson,
+    });
+
+    expect(discoveries).toHaveLength(5);
+  });
+
+  it('logs the parsing step', () => {
+    const generationAttempts = 0;
+
+    parseCombinedOrThrow({
+      ...defaultArgs,
+      generationAttempts,
+    });
+
+    expect((mockLogger.debug as jest.Mock).mock.calls[0][0]()).toBe(
+      `${nodeName} node is parsing extractedJson (${llmType}) from attempt ${generationAttempts}`
+    );
+  });
+
+  it('logs the validation step', () => {
+    const generationAttempts = 0;
+
+    parseCombinedOrThrow({
+      ...defaultArgs,
+      generationAttempts,
+    });
+
+    expect((mockLogger.debug as jest.Mock).mock.calls[1][0]()).toBe(
+      `${nodeName} node is validating combined response (${llmType}) from attempt ${generationAttempts}`
+    );
+  });
+
+  it('logs the successful validation step', () => {
+    const generationAttempts = 0;
+
+    parseCombinedOrThrow({
+      ...defaultArgs,
+      generationAttempts,
+    });
+
+    expect((mockLogger.debug as jest.Mock).mock.calls[2][0]()).toBe(
+      `${nodeName} node successfully validated Attack discoveries response (${llmType}) from attempt ${generationAttempts}`
+    );
+  });
+
+  it('throws the expected error when JSON parsing fails', () => {
+    expect(() =>
+      parseCombinedOrThrow({
+        ...defaultArgs,
+        combinedResponse: invalidCombinedResponse,
+      })
+    ).toThrowError('Unexpected token \'i\', "invalid json" is not valid JSON');
+  });
+
+  it('throws the expected error when JSON validation fails', () => {
+    const invalidJson = '{ "insights": "not an array" }';
+
+    expect(() =>
+      parseCombinedOrThrow({
+        ...defaultArgs,
+        combinedResponse: invalidJson,
+      })
+    ).toThrowError('Expected array, received string');
+  });
+});
diff --git a/x-pack/plugins/elastic_assistant/server/lib/attack_discovery/graphs/default_attack_discovery_graph/nodes/refine/helpers/discard_previous_refinements/index.test.ts b/x-pack/plugins/elastic_assistant/server/lib/attack_discovery/graphs/default_attack_discovery_graph/nodes/refine/helpers/discard_previous_refinements/index.test.ts
new file mode 100644
index 0000000000000..1409b3d47473c
--- /dev/null
+++ b/x-pack/plugins/elastic_assistant/server/lib/attack_discovery/graphs/default_attack_discovery_graph/nodes/refine/helpers/discard_previous_refinements/index.test.ts
@@ -0,0 +1,82 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { discardPreviousRefinements } from '.';
+import { mockAttackDiscoveries } from '../../../../../../evaluation/__mocks__/mock_attack_discoveries';
+import { GraphState } from '../../../../types';
+
+const initialState: GraphState = {
+  anonymizedAlerts: [],
+  attackDiscoveries: null,
+  attackDiscoveryPrompt: 'attackDiscoveryPrompt',
+  combinedGenerations: 'generation1generation2',
+  combinedRefinements: 'refinement1', // <-- existing refinements
+  errors: [],
+  generationAttempts: 3,
+  generations: ['generation1', 'generation2'],
+  hallucinationFailures: 0,
+  maxGenerationAttempts: 10,
+  maxHallucinationFailures: 5,
+  maxRepeatedGenerations: 3,
+  refinements: ['refinement1'],
+  refinePrompt: 'refinePrompt',
+  replacements: {},
+  unrefinedResults: [...mockAttackDiscoveries],
+};
+
+describe('discardPreviousRefinements', () => {
+  describe('common state updates', () => {
+    let result: GraphState;
+
+    beforeEach(() => {
+      result = discardPreviousRefinements({
+        generationAttempts: initialState.generationAttempts,
+        hallucinationFailures: initialState.hallucinationFailures,
+        isHallucinationDetected: true,
+        state: initialState,
+      });
+    });
+
+    it('resets the combined refinements', () => {
+      expect(result.combinedRefinements).toBe('');
+    });
+
+    it('increments the generation attempts', () => {
+      expect(result.generationAttempts).toBe(initialState.generationAttempts + 1);
+    });
+
+    it('resets the refinements', () => {
+      expect(result.refinements).toEqual([]);
+    });
+
+    it('increments the hallucination failures when hallucinations are detected', () => {
+      expect(result.hallucinationFailures).toBe(initialState.hallucinationFailures + 1);
+    });
+  });
+
+  it('increments the hallucination failures when hallucinations are detected', () => {
+    const result = discardPreviousRefinements({
+      generationAttempts: initialState.generationAttempts,
+      hallucinationFailures: initialState.hallucinationFailures,
+      isHallucinationDetected: true, // <-- hallucinations detected
+      state: initialState,
+    });
+
+    expect(result.hallucinationFailures).toBe(initialState.hallucinationFailures + 1);
+  });
+
+  it('does NOT increment the hallucination failures when hallucinations are NOT detected', () => {
+    const result = discardPreviousRefinements({
+      generationAttempts: initialState.generationAttempts,
+      hallucinationFailures: initialState.hallucinationFailures,
+      isHallucinationDetected: false, // <-- no hallucinations detected
+      state: initialState,
+    });
+
+    expect(result.hallucinationFailures).toBe(initialState.hallucinationFailures);
+  });
+});
diff --git a/x-pack/plugins/elastic_assistant/server/lib/attack_discovery/graphs/default_attack_discovery_graph/nodes/refine/helpers/get_combined_refine_prompt/index.test.ts b/x-pack/plugins/elastic_assistant/server/lib/attack_discovery/graphs/default_attack_discovery_graph/nodes/refine/helpers/get_combined_refine_prompt/index.test.ts
new file mode 100644
index 0000000000000..f955f1b175b5b
--- /dev/null
+++ b/x-pack/plugins/elastic_assistant/server/lib/attack_discovery/graphs/default_attack_discovery_graph/nodes/refine/helpers/get_combined_refine_prompt/index.test.ts
@@ -0,0 +1,77 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { getCombinedRefinePrompt } from '.';
+import { mockAttackDiscoveries } from '../../../../../../evaluation/__mocks__/mock_attack_discoveries';
+import { getContinuePrompt } from '../../../helpers/get_continue_prompt';
+
+describe('getCombinedRefinePrompt', () => {
+  it('returns the base query when combinedRefinements is empty', () => {
+    const result = getCombinedRefinePrompt({
+      attackDiscoveryPrompt: 'Initial query',
+      combinedRefinements: '',
+      refinePrompt: 'Refine prompt',
+      unrefinedResults: [...mockAttackDiscoveries],
+    });
+
+    expect(result).toEqual(`Initial query
+
+Refine prompt
+
+"""
+${JSON.stringify(mockAttackDiscoveries, null, 2)}
+"""
+
+`);
+  });
+
+  it('returns the combined prompt when combinedRefinements is not empty', () => {
+    const result = getCombinedRefinePrompt({
+      attackDiscoveryPrompt: 'Initial query',
+      combinedRefinements: 'Combined refinements',
+      refinePrompt: 'Refine prompt',
+      unrefinedResults: [...mockAttackDiscoveries],
+    });
+
+    expect(result).toEqual(`Initial query
+
+Refine prompt
+
+"""
+${JSON.stringify(mockAttackDiscoveries, null, 2)}
+"""
+
+
+
+${getContinuePrompt()}
+
+"""
+Combined refinements
+"""
+
+`);
+  });
+
+  it('handles null unrefinedResults', () => {
+    const result = getCombinedRefinePrompt({
+      attackDiscoveryPrompt: 'Initial query',
+      combinedRefinements: '',
+      refinePrompt: 'Refine prompt',
+      unrefinedResults: null,
+    });
+
+    expect(result).toEqual(`Initial query
+
+Refine prompt
+
+"""
+null
+"""
+
+`);
+  });
+});
diff --git a/x-pack/plugins/elastic_assistant/server/lib/attack_discovery/graphs/default_attack_discovery_graph/nodes/refine/helpers/get_default_refine_prompt/index.test.ts b/x-pack/plugins/elastic_assistant/server/lib/attack_discovery/graphs/default_attack_discovery_graph/nodes/refine/helpers/get_default_refine_prompt/index.test.ts
new file mode 100644
index 0000000000000..95a68524ca31e
--- /dev/null
+++ b/x-pack/plugins/elastic_assistant/server/lib/attack_discovery/graphs/default_attack_discovery_graph/nodes/refine/helpers/get_default_refine_prompt/index.test.ts
@@ -0,0 +1,19 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { getDefaultRefinePrompt } from '.';
+
+describe('getDefaultRefinePrompt', () => {
+  it('returns the default refine prompt string', () => {
+    const result = getDefaultRefinePrompt();
+
+    expect(result)
+      .toEqual(`You previously generated the following insights, but sometimes they represent the same attack.
+
+Combine the insights below, when they represent the same attack; leave any insights that are not combined unchanged:`);
+  });
+});
diff --git a/x-pack/plugins/elastic_assistant/server/lib/attack_discovery/graphs/default_attack_discovery_graph/nodes/refine/helpers/get_use_unrefined_results/index.test.ts b/x-pack/plugins/elastic_assistant/server/lib/attack_discovery/graphs/default_attack_discovery_graph/nodes/refine/helpers/get_use_unrefined_results/index.test.ts
new file mode 100644
index 0000000000000..3b9aa160b4918
--- /dev/null
+++ b/x-pack/plugins/elastic_assistant/server/lib/attack_discovery/graphs/default_attack_discovery_graph/nodes/refine/helpers/get_use_unrefined_results/index.test.ts
@@ -0,0 +1,46 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { getUseUnrefinedResults } from '.';
+
+describe('getUseUnrefinedResults', () => {
+  it('returns true if both maxHallucinationFailuresReached and maxRetriesReached are true', () => {
+    const result = getUseUnrefinedResults({
+      maxHallucinationFailuresReached: true,
+      maxRetriesReached: true,
+    });
+
+    expect(result).toBe(true);
+  });
+
+  it('returns true if maxHallucinationFailuresReached is true and maxRetriesReached is false', () => {
+    const result = getUseUnrefinedResults({
+      maxHallucinationFailuresReached: true,
+      maxRetriesReached: false,
+    });
+
+    expect(result).toBe(true);
+  });
+
+  it('returns true if maxHallucinationFailuresReached is false and maxRetriesReached is true', () => {
+    const result = getUseUnrefinedResults({
+      maxHallucinationFailuresReached: false,
+      maxRetriesReached: true,
+    });
+
+    expect(result).toBe(true);
+  });
+
+  it('returns false if both maxHallucinationFailuresReached and maxRetriesReached are false', () => {
+    const result = getUseUnrefinedResults({
+      maxHallucinationFailuresReached: false,
+      maxRetriesReached: false,
+    });
+
+    expect(result).toBe(false);
+  });
+});
diff --git a/x-pack/plugins/elastic_assistant/server/lib/attack_discovery/graphs/default_attack_discovery_graph/nodes/refine/index.test.ts b/x-pack/plugins/elastic_assistant/server/lib/attack_discovery/graphs/default_attack_discovery_graph/nodes/refine/index.test.ts
new file mode 100644
index 0000000000000..d5b5a333f48f2
--- /dev/null
+++ b/x-pack/plugins/elastic_assistant/server/lib/attack_discovery/graphs/default_attack_discovery_graph/nodes/refine/index.test.ts
@@ -0,0 +1,342 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { AttackDiscovery } from '@kbn/elastic-assistant-common';
+import type { ActionsClientLlm } from '@kbn/langchain/server';
+import { loggerMock } from '@kbn/logging-mocks';
+import { FakeLLM } from '@langchain/core/utils/testing';
+
+import { getRefineNode } from '.';
+import {
+  mockAnonymizedAlerts,
+  mockAnonymizedAlertsReplacements,
+} from '../../../../evaluation/__mocks__/mock_anonymized_alerts';
+import { getChainWithFormatInstructions } from '../helpers/get_chain_with_format_instructions';
+import { getDefaultAttackDiscoveryPrompt } from '../helpers/get_default_attack_discovery_prompt';
+import { getDefaultRefinePrompt } from './helpers/get_default_refine_prompt';
+import { GraphState } from '../../types';
+import {
+  getParsedAttackDiscoveriesMock,
+  getRawAttackDiscoveriesMock,
+} from '../../../../../../__mocks__/raw_attack_discoveries';
+
+const attackDiscoveryTimestamp = '2024-10-11T17:55:59.702Z';
+
+export const mockUnrefinedAttackDiscoveries: AttackDiscovery[] = [
+  {
+    title: 'unrefinedTitle1',
+    alertIds: ['unrefinedAlertId1', 'unrefinedAlertId2', 'unrefinedAlertId3'],
+    timestamp: '2024-10-10T22:59:52.749Z',
+    detailsMarkdown: 'unrefinedDetailsMarkdown1',
+    summaryMarkdown: 'unrefinedSummaryMarkdown1 - entity A',
+    mitreAttackTactics: ['Input Capture'],
+    entitySummaryMarkdown: 'entitySummaryMarkdown1',
+  },
+  {
+    title: 'unrefinedTitle2',
+    alertIds: ['unrefinedAlertId3', 'unrefinedAlertId4', 'unrefinedAlertId5'],
+    timestamp: '2024-10-10T22:59:52.749Z',
+    detailsMarkdown: 'unrefinedDetailsMarkdown2',
+    summaryMarkdown: 'unrefinedSummaryMarkdown2 - also entity A',
+    mitreAttackTactics: ['Credential Access'],
+    entitySummaryMarkdown: 'entitySummaryMarkdown2',
+  },
+];
+
+jest.mock('../helpers/get_chain_with_format_instructions', () => {
+  const mockInvoke = jest.fn().mockResolvedValue('');
+
+  return {
+    getChainWithFormatInstructions: jest.fn().mockReturnValue({
+      chain: {
+        invoke: mockInvoke,
+      },
+      formatInstructions: ['mock format instructions'],
+      llmType: 'openai',
+      mockInvoke, // <-- added for testing
+    }),
+  };
+});
+
+const mockLogger = loggerMock.create();
+let mockLlm: ActionsClientLlm;
+
+const initialGraphState: GraphState = {
+  attackDiscoveries: null,
+  attackDiscoveryPrompt: getDefaultAttackDiscoveryPrompt(),
+  anonymizedAlerts: [...mockAnonymizedAlerts],
+  combinedGenerations: 'gen1',
+  combinedRefinements: '',
+  errors: [],
+  generationAttempts: 1,
+  generations: ['gen1'],
+  hallucinationFailures: 0,
+  maxGenerationAttempts: 10,
+  maxHallucinationFailures: 5,
+  maxRepeatedGenerations: 3,
+  refinements: [],
+  refinePrompt: getDefaultRefinePrompt(),
+  replacements: {
+    ...mockAnonymizedAlertsReplacements,
+  },
+  unrefinedResults: [...mockUnrefinedAttackDiscoveries],
+};
+
+describe('getRefineNode', () => {
+  beforeEach(() => {
+    jest.clearAllMocks();
+
+    jest.useFakeTimers();
+    jest.setSystemTime(new Date(attackDiscoveryTimestamp));
+
+    mockLlm = new FakeLLM({
+      response: '',
+    }) as unknown as ActionsClientLlm;
+  });
+
+  afterEach(() => {
+    jest.useRealTimers();
+  });
+
+  it('returns a function', () => {
+    const refineNode = getRefineNode({
+      llm: mockLlm,
+      logger: mockLogger,
+    });
+
+    expect(typeof refineNode).toBe('function');
+  });
+
+  it('invokes the chain with the unrefinedResults from state and format instructions', async () => {
+    const mockInvoke = getChainWithFormatInstructions(mockLlm).chain.invoke as jest.Mock;
+
+    const refineNode = getRefineNode({
+      llm: mockLlm,
+      logger: mockLogger,
+    });
+
+    await refineNode(initialGraphState);
+
+    expect(mockInvoke).toHaveBeenCalledWith({
+      format_instructions: ['mock format instructions'],
+      query: `${initialGraphState.attackDiscoveryPrompt}
+
+${getDefaultRefinePrompt()}
+
+\"\"\"
+${JSON.stringify(initialGraphState.unrefinedResults, null, 2)}
+\"\"\"
+
+`,
+    });
+  });
+
+  it('removes the surrounding json from the response', async () => {
+    const response =
+      'You asked for some JSON, here it is:\n```json\n{"key": "value"}\n```\nI hope that works for you.';
+
+    const mockLlmWithResponse = new FakeLLM({ response }) as unknown as ActionsClientLlm;
+    const mockInvoke = getChainWithFormatInstructions(mockLlmWithResponse).chain
+      .invoke as jest.Mock;
+
+    mockInvoke.mockResolvedValue(response);
+
+    const refineNode = getRefineNode({
+      llm: mockLlm,
+      logger: mockLogger,
+    });
+
+    const state = await refineNode(initialGraphState);
+
+    expect(state).toEqual({
+      ...initialGraphState,
+      combinedRefinements: '{"key": "value"}',
+      errors: [
+        'refine node is unable to parse (fake) response from attempt 1; (this may be an incomplete response from the model): [\n  {\n    "code": "invalid_type",\n    "expected": "array",\n    "received": "undefined",\n    "path": [\n      "insights"\n    ],\n    "message": "Required"\n  }\n]',
+      ],
+      generationAttempts: 2,
+      refinements: ['{"key": "value"}'],
+    });
+  });
+
+  it('handles hallucinations', async () => {
+    const hallucinatedResponse =
+      'tactics like **Credential Access**, **Command and Control**, and **Persistence**.",\n      "entitySummaryMarkdown": "Malware detected on host **{{ host.name hostNameValue }}**';
+
+    const mockLlmWithHallucination = new FakeLLM({
+      response: hallucinatedResponse,
+    }) as unknown as ActionsClientLlm;
+    const mockInvoke = getChainWithFormatInstructions(mockLlmWithHallucination).chain
+      .invoke as jest.Mock;
+
+    mockInvoke.mockResolvedValue(hallucinatedResponse);
+
+    const refineNode = getRefineNode({
+      llm: mockLlmWithHallucination,
+      logger: mockLogger,
+    });
+
+    const withPreviousGenerations = {
+      ...initialGraphState,
+      combinedRefinements: '{"key": "value"}',
+      refinements: ['{"key": "value"}'],
+    };
+
+    const state = await refineNode(withPreviousGenerations);
+
+    expect(state).toEqual({
+      ...withPreviousGenerations,
+      combinedRefinements: '', // <-- reset
+      generationAttempts: 2, // <-- incremented
+      refinements: [], // <-- reset
+      hallucinationFailures: 1, // <-- incremented
+    });
+  });
+
+  it('discards previous refinements and starts over when the maxRepeatedGenerations limit is reached', async () => {
+    const repeatedResponse = '{"key": "value"}';
+
+    const mockLlmWithRepeatedGenerations = new FakeLLM({
+      response: repeatedResponse,
+    }) as unknown as ActionsClientLlm;
+    const mockInvoke = getChainWithFormatInstructions(mockLlmWithRepeatedGenerations).chain
+      .invoke as jest.Mock;
+
+    mockInvoke.mockResolvedValue(repeatedResponse);
+
+    const refineNode = getRefineNode({
+      llm: mockLlmWithRepeatedGenerations,
+      logger: mockLogger,
+    });
+
+    const withPreviousGenerations = {
+      ...initialGraphState,
+      combinedRefinements: '{"key": "value"}{"key": "value"}',
+      generationAttempts: 3,
+      refinements: ['{"key": "value"}', '{"key": "value"}'],
+    };
+
+    const state = await refineNode(withPreviousGenerations);
+
+    expect(state).toEqual({
+      ...withPreviousGenerations,
+      combinedRefinements: '',
+      generationAttempts: 4, // <-- incremented
+      refinements: [],
+    });
+  });
+
+  it('combines the response with the previous refinements', async () => {
+    const response = 'refine1';
+
+    const mockLlmWithResponse = new FakeLLM({
+      response,
+    }) as unknown as ActionsClientLlm;
+    const mockInvoke = getChainWithFormatInstructions(mockLlmWithResponse).chain
+      .invoke as jest.Mock;
+
+    mockInvoke.mockResolvedValue(response);
+
+    const refineNode = getRefineNode({
+      llm: mockLlmWithResponse,
+      logger: mockLogger,
+    });
+
+    const withPreviousGenerations = {
+      ...initialGraphState,
+      combinedRefinements: 'refine0',
+      generationAttempts: 2,
+      refinements: ['refine0'],
+    };
+
+    const state = await refineNode(withPreviousGenerations);
+
+    expect(state).toEqual({
+      ...withPreviousGenerations,
+      combinedRefinements: 'refine0refine1',
+      errors: [
+        'refine node is unable to parse (fake) response from attempt 2; (this may be an incomplete response from the model): SyntaxError: Unexpected token \'r\', "refine0refine1" is not valid JSON',
+      ],
+      generationAttempts: 3,
+      refinements: ['refine0', 'refine1'],
+    });
+  });
+
+  it('returns refined results when combined responses pass validation', async () => {
+    // split the response into two parts to simulate a valid response
+    const splitIndex = 100; // arbitrary index
+    const firstResponse = getRawAttackDiscoveriesMock().slice(0, splitIndex);
+    const secondResponse = getRawAttackDiscoveriesMock().slice(splitIndex);
+
+    const mockLlmWithResponse = new FakeLLM({
+      response: secondResponse,
+    }) as unknown as ActionsClientLlm;
+    const mockInvoke = getChainWithFormatInstructions(mockLlmWithResponse).chain
+      .invoke as jest.Mock;
+
+    mockInvoke.mockResolvedValue(secondResponse);
+
+    const refineNode = getRefineNode({
+      llm: mockLlmWithResponse,
+      logger: mockLogger,
+    });
+
+    const withPreviousGenerations = {
+      ...initialGraphState,
+      combinedRefinements: firstResponse,
+      generationAttempts: 2,
+      refinements: [firstResponse],
+    };
+
+    const state = await refineNode(withPreviousGenerations);
+
+    expect(state).toEqual({
+      ...withPreviousGenerations,
+      attackDiscoveries: getParsedAttackDiscoveriesMock(attackDiscoveryTimestamp),
+      combinedRefinements: firstResponse.concat(secondResponse),
+      generationAttempts: 3,
+      refinements: [firstResponse, secondResponse],
+    });
+  });
+
+  it('uses the unrefined results when the max number of retries has already been reached', async () => {
+    const response = 'this will not pass JSON parsing';
+
+    const mockLlmWithResponse = new FakeLLM({
+      response,
+    }) as unknown as ActionsClientLlm;
+    const mockInvoke = getChainWithFormatInstructions(mockLlmWithResponse).chain
+      .invoke as jest.Mock;
+
+    mockInvoke.mockResolvedValue(response);
+
+    const refineNode = getRefineNode({
+      llm: mockLlmWithResponse,
+      logger: mockLogger,
+    });
+
+    const withPreviousGenerations = {
+      ...initialGraphState,
+      combinedRefinements: 'refine1',
+      generationAttempts: 9,
+      refinements: ['refine1'],
+    };
+
+    const state = await refineNode(withPreviousGenerations);
+
+    expect(state).toEqual({
+      ...withPreviousGenerations,
+      attackDiscoveries: state.unrefinedResults, // <-- the unrefined results are returned
+      combinedRefinements: 'refine1this will not pass JSON parsing',
+      errors: [
+        'refine node is unable to parse (fake) response from attempt 9; (this may be an incomplete response from the model): SyntaxError: Unexpected token \'r\', "refine1thi"... is not valid JSON',
+      ],
+      generationAttempts: 10,
+      refinements: ['refine1', response],
+    });
+  });
+});
diff --git a/x-pack/plugins/elastic_assistant/server/lib/attack_discovery/graphs/default_attack_discovery_graph/nodes/refine/index.ts b/x-pack/plugins/elastic_assistant/server/lib/attack_discovery/graphs/default_attack_discovery_graph/nodes/refine/index.ts
index 0c7987eef92bc..d1bed136f6a1c 100644
--- a/x-pack/plugins/elastic_assistant/server/lib/attack_discovery/graphs/default_attack_discovery_graph/nodes/refine/index.ts
+++ b/x-pack/plugins/elastic_assistant/server/lib/attack_discovery/graphs/default_attack_discovery_graph/nodes/refine/index.ts
@@ -89,7 +89,7 @@ export const getRefineNode = ({
         generationsAreRepeating({
           currentGeneration: partialResponse,
           previousGenerations: refinements,
-          sampleLastNGenerations: maxRepeatedGenerations,
+          sampleLastNGenerations: maxRepeatedGenerations - 1,
         })
       ) {
         logger?.debug(
diff --git a/x-pack/plugins/elastic_assistant/server/lib/attack_discovery/graphs/default_attack_discovery_graph/nodes/retriever/anonymized_alerts_retriever/index.test.ts b/x-pack/plugins/elastic_assistant/server/lib/attack_discovery/graphs/default_attack_discovery_graph/nodes/retriever/anonymized_alerts_retriever/index.test.ts
new file mode 100644
index 0000000000000..dab2d57b20edc
--- /dev/null
+++ b/x-pack/plugins/elastic_assistant/server/lib/attack_discovery/graphs/default_attack_discovery_graph/nodes/retriever/anonymized_alerts_retriever/index.test.ts
@@ -0,0 +1,104 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { ElasticsearchClient } from '@kbn/core/server';
+import { elasticsearchClientMock } from '@kbn/core-elasticsearch-client-server-mocks';
+
+import { AnonymizedAlertsRetriever } from '.';
+import { getMockAnonymizationFieldResponse } from '../../../../../evaluation/__mocks__/mock_anonymization_fields';
+import { getAnonymizedAlerts } from '../helpers/get_anonymized_alerts';
+
+const anonymizationFields = getMockAnonymizationFieldResponse();
+
+const rawAlerts = [
+  '@timestamp,2024-11-05T15:42:48.034Z\n_id,07d86d116ff754f4aa57c00e23a5273c2efbc9450416823ebd1d7b343b42d11a\nevent.category,malware,intrusion_detection,process\nevent.dataset,endpoint.alerts\nevent.module,endpoint\nevent.outcome,success\nfile.hash.sha256,2c63ba2b1a5131b80e567b7a1a93997a2de07ea20d0a8f5149701c67b832c097\nfile.name,My Go Application.app\nfile.path,/private/var/folders/_b/rmcpc65j6nv11ygrs50ctcjr0000gn/T/AppTranslocation/6D63F08A-011C-4511-8556-EAEF9AFD6340/d/Setup.app/Contents/MacOS/My Go Application.app\nhost.name,d26e9abd-6cbb-4620-a802-a22b97845d5c\nhost.os.name,macOS\nhost.os.version,13.4\nkibana.alert.original_time,2023-06-19T00:28:06.888Z\nkibana.alert.risk_score,99\nkibana.alert.rule.description,Generates a detection alert each time an Elastic Endpoint Security alert is received. Enabling this rule allows you to immediately begin investigating your Endpoint alerts.\nkibana.alert.rule.name,Malware Detection Alert\nkibana.alert.severity,critical\nkibana.alert.workflow_status,open\nmessage,Malware Detection Alert\nprocess.args,xpcproxy,application.Appify by Machine Box.My Go Application.20.23\nprocess.code_signature.exists,true\nprocess.code_signature.signing_id,a.out\nprocess.code_signature.status,code failed to satisfy specified code requirement(s)\nprocess.code_signature.subject_name,\nprocess.code_signature.trusted,false\nprocess.command_line,xpcproxy application.Appify by Machine Box.My Go Application.20.23\nprocess.executable,/private/var/folders/_b/rmcpc65j6nv11ygrs50ctcjr0000gn/T/AppTranslocation/6D63F08A-011C-4511-8556-EAEF9AFD6340/d/Setup.app/Contents/MacOS/My Go Application.app\nprocess.hash.md5,e62bdd3eaf2be436fca2e67b7eede603\nprocess.hash.sha1,58a3bddbc7c45193ecbefa22ad0496b60a29dff2\nprocess.hash.sha256,2c63ba2b1a5131b80e567b7a1a93997a2de07ea20d0a8f5149701c67b832c097\nprocess.name,My Go Application.app\nprocess.parent.args,/sbin/launchd\nprocess.parent.args_count,1\nprocess.parent.code_signature.exists,true\nprocess.parent.code_signature.status,No error.\nprocess.parent.code_signature.subject_name,Software Signing\nprocess.parent.code_signature.trusted,true\nprocess.parent.command_line,/sbin/launchd\nprocess.parent.executable,/sbin/launchd\nprocess.parent.name,launchd\nprocess.pid,1200\nuser.name,81c3db40-f3da-4c6a-b3c8-48c776148102',
+  '@timestamp,2024-11-05T15:42:48.033Z\n_id,f2d2d8bd15402e8efff81d48b70ef8cb890d5502576fb92365ee2328f5fcb123\nevent.category,malware,intrusion_detection,process\nevent.dataset,endpoint.alerts\nevent.module,endpoint\nevent.outcome,success\nfile.hash.sha256,2c63ba2b1a5131b80e567b7a1a93997a2de07ea20d0a8f5149701c67b832c097\nfile.name,My Go Application.app\nfile.path,/private/var/folders/_b/rmcpc65j6nv11ygrs50ctcjr0000gn/T/AppTranslocation/3C4D44B9-4838-4613-BACC-BD00A9CE4025/d/Setup.app/Contents/MacOS/My Go Application.app\nhost.name,d26e9abd-6cbb-4620-a802-a22b97845d5c\nhost.os.name,macOS\nhost.os.version,13.4\nkibana.alert.original_time,2023-06-19T00:27:47.362Z\nkibana.alert.risk_score,99\nkibana.alert.rule.description,Generates a detection alert each time an Elastic Endpoint Security alert is received. Enabling this rule allows you to immediately begin investigating your Endpoint alerts.\nkibana.alert.rule.name,Malware Detection Alert\nkibana.alert.severity,critical\nkibana.alert.workflow_status,open\nmessage,Malware Detection Alert\nprocess.args,xpcproxy,application.Appify by Machine Box.My Go Application.20.23\nprocess.code_signature.exists,true\nprocess.code_signature.signing_id,a.out\nprocess.code_signature.status,code failed to satisfy specified code requirement(s)\nprocess.code_signature.subject_name,\nprocess.code_signature.trusted,false\nprocess.command_line,xpcproxy application.Appify by Machine Box.My Go Application.20.23\nprocess.executable,/private/var/folders/_b/rmcpc65j6nv11ygrs50ctcjr0000gn/T/AppTranslocation/3C4D44B9-4838-4613-BACC-BD00A9CE4025/d/Setup.app/Contents/MacOS/My Go Application.app\nprocess.hash.md5,e62bdd3eaf2be436fca2e67b7eede603\nprocess.hash.sha1,58a3bddbc7c45193ecbefa22ad0496b60a29dff2\nprocess.hash.sha256,2c63ba2b1a5131b80e567b7a1a93997a2de07ea20d0a8f5149701c67b832c097\nprocess.name,My Go Application.app\nprocess.parent.args,/sbin/launchd\nprocess.parent.args_count,1\nprocess.parent.code_signature.exists,true\nprocess.parent.code_signature.status,No error.\nprocess.parent.code_signature.subject_name,Software Signing\nprocess.parent.code_signature.trusted,true\nprocess.parent.command_line,/sbin/launchd\nprocess.parent.executable,/sbin/launchd\nprocess.parent.name,launchd\nprocess.pid,1169\nuser.name,81c3db40-f3da-4c6a-b3c8-48c776148102',
+];
+
+jest.mock('../helpers/get_anonymized_alerts', () => ({
+  getAnonymizedAlerts: jest.fn(),
+}));
+
+describe('AnonymizedAlertsRetriever', () => {
+  let esClient: ElasticsearchClient;
+
+  beforeEach(() => {
+    jest.clearAllMocks();
+
+    esClient = elasticsearchClientMock.createScopedClusterClient().asCurrentUser;
+
+    (getAnonymizedAlerts as jest.Mock).mockResolvedValue([...rawAlerts]);
+  });
+
+  it('returns the expected pageContent and metadata', async () => {
+    const retriever = new AnonymizedAlertsRetriever({
+      alertsIndexPattern: 'test-pattern',
+      anonymizationFields,
+      esClient,
+      size: 10,
+    });
+
+    const documents = await retriever._getRelevantDocuments('test-query');
+
+    expect(documents).toEqual([
+      {
+        pageContent:
+          '@timestamp,2024-11-05T15:42:48.034Z\n_id,07d86d116ff754f4aa57c00e23a5273c2efbc9450416823ebd1d7b343b42d11a\nevent.category,malware,intrusion_detection,process\nevent.dataset,endpoint.alerts\nevent.module,endpoint\nevent.outcome,success\nfile.hash.sha256,2c63ba2b1a5131b80e567b7a1a93997a2de07ea20d0a8f5149701c67b832c097\nfile.name,My Go Application.app\nfile.path,/private/var/folders/_b/rmcpc65j6nv11ygrs50ctcjr0000gn/T/AppTranslocation/6D63F08A-011C-4511-8556-EAEF9AFD6340/d/Setup.app/Contents/MacOS/My Go Application.app\nhost.name,d26e9abd-6cbb-4620-a802-a22b97845d5c\nhost.os.name,macOS\nhost.os.version,13.4\nkibana.alert.original_time,2023-06-19T00:28:06.888Z\nkibana.alert.risk_score,99\nkibana.alert.rule.description,Generates a detection alert each time an Elastic Endpoint Security alert is received. Enabling this rule allows you to immediately begin investigating your Endpoint alerts.\nkibana.alert.rule.name,Malware Detection Alert\nkibana.alert.severity,critical\nkibana.alert.workflow_status,open\nmessage,Malware Detection Alert\nprocess.args,xpcproxy,application.Appify by Machine Box.My Go Application.20.23\nprocess.code_signature.exists,true\nprocess.code_signature.signing_id,a.out\nprocess.code_signature.status,code failed to satisfy specified code requirement(s)\nprocess.code_signature.subject_name,\nprocess.code_signature.trusted,false\nprocess.command_line,xpcproxy application.Appify by Machine Box.My Go Application.20.23\nprocess.executable,/private/var/folders/_b/rmcpc65j6nv11ygrs50ctcjr0000gn/T/AppTranslocation/6D63F08A-011C-4511-8556-EAEF9AFD6340/d/Setup.app/Contents/MacOS/My Go Application.app\nprocess.hash.md5,e62bdd3eaf2be436fca2e67b7eede603\nprocess.hash.sha1,58a3bddbc7c45193ecbefa22ad0496b60a29dff2\nprocess.hash.sha256,2c63ba2b1a5131b80e567b7a1a93997a2de07ea20d0a8f5149701c67b832c097\nprocess.name,My Go Application.app\nprocess.parent.args,/sbin/launchd\nprocess.parent.args_count,1\nprocess.parent.code_signature.exists,true\nprocess.parent.code_signature.status,No error.\nprocess.parent.code_signature.subject_name,Software Signing\nprocess.parent.code_signature.trusted,true\nprocess.parent.command_line,/sbin/launchd\nprocess.parent.executable,/sbin/launchd\nprocess.parent.name,launchd\nprocess.pid,1200\nuser.name,81c3db40-f3da-4c6a-b3c8-48c776148102',
+        metadata: {},
+      },
+      {
+        pageContent:
+          '@timestamp,2024-11-05T15:42:48.033Z\n_id,f2d2d8bd15402e8efff81d48b70ef8cb890d5502576fb92365ee2328f5fcb123\nevent.category,malware,intrusion_detection,process\nevent.dataset,endpoint.alerts\nevent.module,endpoint\nevent.outcome,success\nfile.hash.sha256,2c63ba2b1a5131b80e567b7a1a93997a2de07ea20d0a8f5149701c67b832c097\nfile.name,My Go Application.app\nfile.path,/private/var/folders/_b/rmcpc65j6nv11ygrs50ctcjr0000gn/T/AppTranslocation/3C4D44B9-4838-4613-BACC-BD00A9CE4025/d/Setup.app/Contents/MacOS/My Go Application.app\nhost.name,d26e9abd-6cbb-4620-a802-a22b97845d5c\nhost.os.name,macOS\nhost.os.version,13.4\nkibana.alert.original_time,2023-06-19T00:27:47.362Z\nkibana.alert.risk_score,99\nkibana.alert.rule.description,Generates a detection alert each time an Elastic Endpoint Security alert is received. Enabling this rule allows you to immediately begin investigating your Endpoint alerts.\nkibana.alert.rule.name,Malware Detection Alert\nkibana.alert.severity,critical\nkibana.alert.workflow_status,open\nmessage,Malware Detection Alert\nprocess.args,xpcproxy,application.Appify by Machine Box.My Go Application.20.23\nprocess.code_signature.exists,true\nprocess.code_signature.signing_id,a.out\nprocess.code_signature.status,code failed to satisfy specified code requirement(s)\nprocess.code_signature.subject_name,\nprocess.code_signature.trusted,false\nprocess.command_line,xpcproxy application.Appify by Machine Box.My Go Application.20.23\nprocess.executable,/private/var/folders/_b/rmcpc65j6nv11ygrs50ctcjr0000gn/T/AppTranslocation/3C4D44B9-4838-4613-BACC-BD00A9CE4025/d/Setup.app/Contents/MacOS/My Go Application.app\nprocess.hash.md5,e62bdd3eaf2be436fca2e67b7eede603\nprocess.hash.sha1,58a3bddbc7c45193ecbefa22ad0496b60a29dff2\nprocess.hash.sha256,2c63ba2b1a5131b80e567b7a1a93997a2de07ea20d0a8f5149701c67b832c097\nprocess.name,My Go Application.app\nprocess.parent.args,/sbin/launchd\nprocess.parent.args_count,1\nprocess.parent.code_signature.exists,true\nprocess.parent.code_signature.status,No error.\nprocess.parent.code_signature.subject_name,Software Signing\nprocess.parent.code_signature.trusted,true\nprocess.parent.command_line,/sbin/launchd\nprocess.parent.executable,/sbin/launchd\nprocess.parent.name,launchd\nprocess.pid,1169\nuser.name,81c3db40-f3da-4c6a-b3c8-48c776148102',
+        metadata: {},
+      },
+    ]);
+  });
+
+  it('calls getAnonymizedAlerts with the expected parameters', async () => {
+    const onNewReplacements = jest.fn();
+    const mockReplacements = {
+      replacement1: 'SRVMAC08',
+      replacement2: 'SRVWIN01',
+      replacement3: 'SRVWIN02',
+    };
+
+    const retriever = new AnonymizedAlertsRetriever({
+      alertsIndexPattern: 'test-pattern',
+      anonymizationFields,
+      esClient,
+      onNewReplacements,
+      replacements: mockReplacements,
+      size: 10,
+    });
+
+    await retriever._getRelevantDocuments('test-query');
+
+    expect(getAnonymizedAlerts as jest.Mock).toHaveBeenCalledWith({
+      alertsIndexPattern: 'test-pattern',
+      anonymizationFields,
+      esClient,
+      onNewReplacements,
+      replacements: mockReplacements,
+      size: 10,
+    });
+  });
+
+  it('handles empty anonymized alerts', async () => {
+    (getAnonymizedAlerts as jest.Mock).mockResolvedValue([]);
+
+    const retriever = new AnonymizedAlertsRetriever({
+      esClient,
+      alertsIndexPattern: 'test-pattern',
+      anonymizationFields,
+      size: 10,
+    });
+
+    const documents = await retriever._getRelevantDocuments('test-query');
+
+    expect(documents).toHaveLength(0);
+  });
+});
diff --git a/x-pack/plugins/elastic_assistant/server/lib/attack_discovery/graphs/default_attack_discovery_graph/nodes/retriever/index.test.ts b/x-pack/plugins/elastic_assistant/server/lib/attack_discovery/graphs/default_attack_discovery_graph/nodes/retriever/index.test.ts
new file mode 100644
index 0000000000000..bfd8bf2ce6953
--- /dev/null
+++ b/x-pack/plugins/elastic_assistant/server/lib/attack_discovery/graphs/default_attack_discovery_graph/nodes/retriever/index.test.ts
@@ -0,0 +1,111 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { ElasticsearchClient, Logger } from '@kbn/core/server';
+import { elasticsearchClientMock } from '@kbn/core-elasticsearch-client-server-mocks';
+import { Replacements } from '@kbn/elastic-assistant-common';
+
+import { getRetrieveAnonymizedAlertsNode } from '.';
+import { mockAnonymizedAlerts } from '../../../../evaluation/__mocks__/mock_anonymized_alerts';
+import { getDefaultAttackDiscoveryPrompt } from '../helpers/get_default_attack_discovery_prompt';
+import { getDefaultRefinePrompt } from '../refine/helpers/get_default_refine_prompt';
+import type { GraphState } from '../../types';
+
+const initialGraphState: GraphState = {
+  attackDiscoveries: null,
+  attackDiscoveryPrompt: getDefaultAttackDiscoveryPrompt(),
+  anonymizedAlerts: [],
+  combinedGenerations: '',
+  combinedRefinements: '',
+  errors: [],
+  generationAttempts: 0,
+  generations: [],
+  hallucinationFailures: 0,
+  maxGenerationAttempts: 10,
+  maxHallucinationFailures: 5,
+  maxRepeatedGenerations: 3,
+  refinements: [],
+  refinePrompt: getDefaultRefinePrompt(),
+  replacements: {},
+  unrefinedResults: null,
+};
+
+jest.mock('./anonymized_alerts_retriever', () => ({
+  AnonymizedAlertsRetriever: jest
+    .fn()
+    .mockImplementation(
+      ({
+        onNewReplacements,
+        replacements,
+      }: {
+        onNewReplacements?: (replacements: Replacements) => void;
+        replacements?: Replacements;
+      }) => ({
+        withConfig: jest.fn().mockReturnValue({
+          invoke: jest.fn(async () => {
+            if (onNewReplacements != null && replacements != null) {
+              onNewReplacements(replacements);
+            }
+
+            return mockAnonymizedAlerts;
+          }),
+        }),
+      })
+    ),
+}));
+
+describe('getRetrieveAnonymizedAlertsNode', () => {
+  const logger = {
+    debug: jest.fn(),
+  } as unknown as Logger;
+
+  let esClient: ElasticsearchClient;
+
+  beforeEach(() => {
+    esClient = elasticsearchClientMock.createScopedClusterClient().asCurrentUser;
+  });
+
+  it('returns a function', () => {
+    const result = getRetrieveAnonymizedAlertsNode({
+      esClient,
+      logger,
+    });
+    expect(typeof result).toBe('function');
+  });
+
+  it('updates state with anonymized alerts', async () => {
+    const state: GraphState = { ...initialGraphState };
+
+    const retrieveAnonymizedAlerts = getRetrieveAnonymizedAlertsNode({
+      esClient,
+      logger,
+    });
+
+    const result = await retrieveAnonymizedAlerts(state);
+
+    expect(result).toHaveProperty('anonymizedAlerts', mockAnonymizedAlerts);
+  });
+
+  it('calls onNewReplacements with updated replacements', async () => {
+    const state: GraphState = { ...initialGraphState };
+    const onNewReplacements = jest.fn();
+    const replacements = { key: 'value' };
+
+    const retrieveAnonymizedAlerts = getRetrieveAnonymizedAlertsNode({
+      esClient,
+      logger,
+      onNewReplacements,
+      replacements,
+    });
+
+    await retrieveAnonymizedAlerts(state);
+
+    expect(onNewReplacements).toHaveBeenCalledWith({
+      ...replacements,
+    });
+  });
+});
diff --git a/x-pack/plugins/elastic_assistant/server/lib/attack_discovery/graphs/default_attack_discovery_graph/nodes/retriever/index.ts b/x-pack/plugins/elastic_assistant/server/lib/attack_discovery/graphs/default_attack_discovery_graph/nodes/retriever/index.ts
index 951ae3bca8854..a5d31fa14770a 100644
--- a/x-pack/plugins/elastic_assistant/server/lib/attack_discovery/graphs/default_attack_discovery_graph/nodes/retriever/index.ts
+++ b/x-pack/plugins/elastic_assistant/server/lib/attack_discovery/graphs/default_attack_discovery_graph/nodes/retriever/index.ts
@@ -60,11 +60,3 @@ export const getRetrieveAnonymizedAlertsNode = ({
 
   return retrieveAnonymizedAlerts;
 };
-
-/**
- * Retrieve documents
- *
- * @param {GraphState} state The current state of the graph.
- * @param {RunnableConfig | undefined} config The configuration object for tracing.
- * @returns {Promise<GraphState>} The new state object.
- */
diff --git a/x-pack/plugins/elastic_assistant/server/lib/attack_discovery/graphs/default_attack_discovery_graph/state/index.test.ts b/x-pack/plugins/elastic_assistant/server/lib/attack_discovery/graphs/default_attack_discovery_graph/state/index.test.ts
new file mode 100644
index 0000000000000..dcc8ee1e4292d
--- /dev/null
+++ b/x-pack/plugins/elastic_assistant/server/lib/attack_discovery/graphs/default_attack_discovery_graph/state/index.test.ts
@@ -0,0 +1,115 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { getDefaultGraphState } from '.';
+import {
+  DEFAULT_MAX_GENERATION_ATTEMPTS,
+  DEFAULT_MAX_HALLUCINATION_FAILURES,
+  DEFAULT_MAX_REPEATED_GENERATIONS,
+} from '../constants';
+import { getDefaultAttackDiscoveryPrompt } from '../nodes/helpers/get_default_attack_discovery_prompt';
+import { getDefaultRefinePrompt } from '../nodes/refine/helpers/get_default_refine_prompt';
+
+const defaultAttackDiscoveryPrompt = getDefaultAttackDiscoveryPrompt();
+const defaultRefinePrompt = getDefaultRefinePrompt();
+
+describe('getDefaultGraphState', () => {
+  it('returns the expected default attackDiscoveries', () => {
+    const state = getDefaultGraphState();
+
+    expect(state.attackDiscoveries?.default?.()).toBeNull();
+  });
+
+  it('returns the expected default attackDiscoveryPrompt', () => {
+    const state = getDefaultGraphState();
+
+    expect(state.attackDiscoveryPrompt?.default?.()).toEqual(defaultAttackDiscoveryPrompt);
+  });
+
+  it('returns the expected default empty collection of anonymizedAlerts', () => {
+    const state = getDefaultGraphState();
+
+    expect(state.anonymizedAlerts?.default?.()).toHaveLength(0);
+  });
+
+  it('returns the expected default combinedGenerations state', () => {
+    const state = getDefaultGraphState();
+
+    expect(state.combinedGenerations?.default?.()).toBe('');
+  });
+
+  it('returns the expected default combinedRefinements state', () => {
+    const state = getDefaultGraphState();
+
+    expect(state.combinedRefinements?.default?.()).toBe('');
+  });
+
+  it('returns the expected default errors state', () => {
+    const state = getDefaultGraphState();
+
+    expect(state.errors?.default?.()).toHaveLength(0);
+  });
+
+  it('return the expected default generationAttempts state', () => {
+    const state = getDefaultGraphState();
+
+    expect(state.generationAttempts?.default?.()).toBe(0);
+  });
+
+  it('returns the expected default generations state', () => {
+    const state = getDefaultGraphState();
+
+    expect(state.generations?.default?.()).toHaveLength(0);
+  });
+
+  it('returns the expected default hallucinationFailures state', () => {
+    const state = getDefaultGraphState();
+
+    expect(state.hallucinationFailures?.default?.()).toBe(0);
+  });
+
+  it('returns the expected default refinePrompt state', () => {
+    const state = getDefaultGraphState();
+
+    expect(state.refinePrompt?.default?.()).toEqual(defaultRefinePrompt);
+  });
+
+  it('returns the expected default maxGenerationAttempts state', () => {
+    const state = getDefaultGraphState();
+
+    expect(state.maxGenerationAttempts?.default?.()).toBe(DEFAULT_MAX_GENERATION_ATTEMPTS);
+  });
+
+  it('returns the expected default maxHallucinationFailures state', () => {
+    const state = getDefaultGraphState();
+    expect(state.maxHallucinationFailures?.default?.()).toBe(DEFAULT_MAX_HALLUCINATION_FAILURES);
+  });
+
+  it('returns the expected default maxRepeatedGenerations state', () => {
+    const state = getDefaultGraphState();
+
+    expect(state.maxRepeatedGenerations?.default?.()).toBe(DEFAULT_MAX_REPEATED_GENERATIONS);
+  });
+
+  it('returns the expected default refinements state', () => {
+    const state = getDefaultGraphState();
+
+    expect(state.refinements?.default?.()).toHaveLength(0);
+  });
+
+  it('returns the expected default replacements state', () => {
+    const state = getDefaultGraphState();
+
+    expect(state.replacements?.default?.()).toEqual({});
+  });
+
+  it('returns the expected default unrefinedResults state', () => {
+    const state = getDefaultGraphState();
+
+    expect(state.unrefinedResults?.default?.()).toBeNull();
+  });
+});
diff --git a/x-pack/plugins/elastic_assistant/server/lib/langchain/elasticsearch_store/elasticsearch_store.test.ts b/x-pack/plugins/elastic_assistant/server/lib/langchain/elasticsearch_store/elasticsearch_store.test.ts
deleted file mode 100644
index 4d32d7bc02da9..0000000000000
--- a/x-pack/plugins/elastic_assistant/server/lib/langchain/elasticsearch_store/elasticsearch_store.test.ts
+++ /dev/null
@@ -1,408 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { elasticsearchServiceMock } from '@kbn/core-elasticsearch-server-mocks';
-import { loggingSystemMock } from '@kbn/core-logging-server-mocks';
-import {
-  IndicesCreateResponse,
-  MlGetTrainedModelsStatsResponse,
-} from '@elastic/elasticsearch/lib/api/types';
-import { Document } from 'langchain/document';
-
-import {
-  ElasticsearchStore,
-  FALLBACK_SIMILARITY_SEARCH_SIZE,
-  TERMS_QUERY_SIZE,
-} from './elasticsearch_store';
-import { mockMsearchResponse } from '../../../__mocks__/msearch_response';
-import { mockQueryText } from '../../../__mocks__/query_text';
-import { coreMock } from '@kbn/core/server/mocks';
-import {
-  KNOWLEDGE_BASE_EXECUTION_ERROR_EVENT,
-  KNOWLEDGE_BASE_EXECUTION_SUCCESS_EVENT,
-} from '../../telemetry/event_based_telemetry';
-import { Metadata } from '@kbn/elastic-assistant-common';
-
-jest.mock('uuid', () => ({
-  v4: jest.fn(),
-}));
-
-jest.mock('@kbn/core/server', () => ({
-  ElasticsearchClient: jest.fn(),
-  Logger: jest.fn().mockImplementation(() => ({
-    debug: jest.fn(),
-    error: jest.fn(),
-    info: jest.fn(),
-  })),
-}));
-
-const mockEsClient = elasticsearchServiceMock.createElasticsearchClient();
-const mockLogger = loggingSystemMock.createLogger();
-const reportEvent = jest.fn();
-const mockTelemetry = { ...coreMock.createSetup().analytics, reportEvent };
-const KB_INDEX = '.elastic-assistant-kb';
-
-const getElasticsearchStore = () => {
-  return new ElasticsearchStore(mockEsClient, KB_INDEX, mockLogger, mockTelemetry);
-};
-
-describe('ElasticsearchStore', () => {
-  let esStore: ElasticsearchStore;
-
-  beforeEach(() => {
-    esStore = getElasticsearchStore();
-    jest.clearAllMocks();
-  });
-
-  describe('Index Management', () => {
-    it('Checks if index exists', async () => {
-      mockEsClient.indices.exists.mockResolvedValue(true);
-
-      const exists = await esStore.indexExists();
-
-      expect(exists).toBe(true);
-      expect(mockEsClient.indices.exists).toHaveBeenCalledWith({ index: KB_INDEX });
-    });
-
-    it('Creates an index', async () => {
-      mockEsClient.indices.create.mockResolvedValue({
-        acknowledged: true,
-      } as IndicesCreateResponse);
-
-      const created = await esStore.createIndex();
-
-      expect(created).toBe(true);
-      expect(mockEsClient.indices.create).toHaveBeenCalledWith({
-        index: KB_INDEX,
-        mappings: {
-          properties: {
-            metadata: {
-              properties: {
-                kbResource: { type: 'keyword' },
-                required: { type: 'boolean' },
-                source: { type: 'keyword' },
-              },
-            },
-            vector: { properties: { tokens: { type: 'rank_features' } } },
-          },
-        },
-        settings: { default_pipeline: '.kibana-elastic-ai-assistant-kb-ingest-pipeline' },
-      });
-    });
-
-    it('Deletes an index', async () => {
-      mockEsClient.indices.delete.mockResolvedValue({ acknowledged: true });
-
-      const deleted = await esStore.deleteIndex();
-
-      expect(deleted).toBe(true);
-      expect(mockEsClient.indices.delete).toHaveBeenCalledWith({ index: KB_INDEX });
-    });
-  });
-
-  describe('Pipeline Management', () => {
-    it('Checks if pipeline exists', async () => {
-      mockEsClient.ingest.getPipeline.mockResolvedValue({});
-
-      const exists = await esStore.pipelineExists();
-
-      expect(exists).toBe(false);
-      expect(mockEsClient.ingest.getPipeline).toHaveBeenCalledWith({
-        id: '.kibana-elastic-ai-assistant-kb-ingest-pipeline',
-      });
-    });
-
-    it('Creates an ingest pipeline', async () => {
-      mockEsClient.ingest.putPipeline.mockResolvedValue({ acknowledged: true });
-
-      const created = await esStore.createPipeline();
-
-      expect(created).toBe(true);
-      expect(mockEsClient.ingest.putPipeline).toHaveBeenCalledWith({
-        description: 'Embedding pipeline for Elastic AI Assistant ELSER Knowledge Base',
-        id: '.kibana-elastic-ai-assistant-kb-ingest-pipeline',
-        processors: [
-          {
-            inference: {
-              field_map: { text: 'text_field' },
-              inference_config: { text_expansion: { results_field: 'tokens' } },
-              model_id: '.elser_model_2',
-              target_field: 'vector',
-            },
-          },
-        ],
-      });
-    });
-
-    it('Deletes an ingest pipeline', async () => {
-      mockEsClient.ingest.deletePipeline.mockResolvedValue({ acknowledged: true });
-
-      const deleted = await esStore.deletePipeline();
-
-      expect(deleted).toBe(true);
-      expect(mockEsClient.ingest.deletePipeline).toHaveBeenCalledWith({
-        id: '.kibana-elastic-ai-assistant-kb-ingest-pipeline',
-      });
-    });
-  });
-
-  describe('isModelInstalled', () => {
-    it('returns true if model is started and fully allocated', async () => {
-      mockEsClient.ml.getTrainedModelsStats.mockResolvedValue({
-        trained_model_stats: [
-          {
-            deployment_stats: {
-              state: 'started',
-              allocation_status: {
-                state: 'fully_allocated',
-              },
-            },
-          },
-        ],
-      } as MlGetTrainedModelsStatsResponse);
-
-      const isInstalled = await esStore.isModelInstalled('.elser_model_2');
-
-      expect(isInstalled).toBe(true);
-      expect(mockEsClient.ml.getTrainedModelsStats).toHaveBeenCalledWith({
-        model_id: '.elser_model_2',
-      });
-    });
-
-    it('returns false if model is not started', async () => {
-      mockEsClient.ml.getTrainedModelsStats.mockResolvedValue({
-        trained_model_stats: [
-          {
-            deployment_stats: {
-              state: 'starting',
-              allocation_status: {
-                state: 'fully_allocated',
-              },
-            },
-          },
-        ],
-      } as MlGetTrainedModelsStatsResponse);
-
-      const isInstalled = await esStore.isModelInstalled('.elser_model_2');
-
-      expect(isInstalled).toBe(false);
-      expect(mockEsClient.ml.getTrainedModelsStats).toHaveBeenCalledWith({
-        model_id: '.elser_model_2',
-      });
-    });
-
-    it('returns false if model is not fully allocated', async () => {
-      mockEsClient.ml.getTrainedModelsStats.mockResolvedValue({
-        trained_model_stats: [
-          {
-            deployment_stats: {
-              state: 'started',
-              allocation_status: {
-                state: 'starting',
-              },
-            },
-          },
-        ],
-      } as MlGetTrainedModelsStatsResponse);
-
-      const isInstalled = await esStore.isModelInstalled('.elser_model_2');
-
-      expect(isInstalled).toBe(false);
-      expect(mockEsClient.ml.getTrainedModelsStats).toHaveBeenCalledWith({
-        model_id: '.elser_model_2',
-      });
-    });
-  });
-
-  describe('addDocuments', () => {
-    it('Checks if documents are added', async () => {
-      mockEsClient.bulk.mockResolvedValue({
-        errors: false,
-        took: 515,
-        ingest_took: 4026,
-        items: [
-          {
-            index: {
-              _index: '.kibana-elastic-ai-assistant-kb',
-              _id: 'be2584a9-ad2e-4f13-a11c-c0b79423079c',
-              _version: 2,
-              result: 'updated',
-              forced_refresh: true,
-              _shards: {
-                total: 2,
-                successful: 1,
-                failed: 0,
-              },
-              _seq_no: 1,
-              _primary_term: 1,
-              status: 200,
-            },
-          },
-        ],
-      });
-
-      const document = new Document<Metadata>({
-        pageContent: 'interesting stuff',
-        metadata: { kbResource: 'esql', required: false, source: '1' },
-      });
-
-      const docsInstalled = await esStore.addDocuments([document]);
-
-      expect(docsInstalled).toStrictEqual(['be2584a9-ad2e-4f13-a11c-c0b79423079c']);
-      expect(mockEsClient.bulk).toHaveBeenCalledWith({
-        operations: [
-          {
-            index: {
-              _id: undefined,
-              _index: '.elastic-assistant-kb',
-            },
-          },
-          {
-            metadata: {
-              kbResource: 'esql',
-              required: false,
-              source: '1',
-            },
-            text: 'interesting stuff',
-          },
-        ],
-        refresh: true,
-      });
-    });
-  });
-
-  describe('similaritySearch', () => {
-    it('Checks if documents are found', async () => {
-      mockEsClient.msearch.mockResolvedValue(mockMsearchResponse);
-
-      const searchResults = await esStore.similaritySearch(mockQueryText);
-
-      expect(searchResults).toStrictEqual([
-        {
-          pageContent:
-            "[[esql-from]]\n=== `FROM`\n\nThe `FROM` source command returns a table with up to 10,000 documents from a\ndata stream, index, or alias. Each row in the resulting table represents a\ndocument. Each column corresponds to a field, and can be accessed by the name\nof that field.\n\n[source,esql]\n----\nFROM employees\n----\n\nYou can use <<api-date-math-index-names,date math>> to refer to indices, aliases\nand data streams. This can be useful for time series data, for example to access\ntoday's index:\n\n[source,esql]\n----\nFROM <logs-{now/d}>\n----\n\nUse comma-separated lists or wildcards to query multiple data streams, indices,\nor aliases:\n\n[source,esql]\n----\nFROM employees-00001,employees-*\n----\n",
-          metadata: {
-            source:
-              '/Users/andrew.goldstein/Projects/forks/andrew-goldstein/kibana/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/source_commands/from.asciidoc',
-          },
-        },
-        {
-          pageContent:
-            '[[esql-example-queries]]\n\nThe following is an example an ES|QL query:\n\n```\nFROM logs-*\n| WHERE NOT CIDR_MATCH(destination.ip, "10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16")\n| STATS destcount = COUNT(destination.ip) by user.name, host.name\n| ENRICH ldap_lookup_new ON user.name\n| WHERE group.name IS NOT NULL\n| EVAL follow_up = CASE(\n    destcount >= 100, "true",\n     "false")\n| SORT destcount desc\n| KEEP destcount, host.name, user.name, group.name, follow_up\n```\n',
-          metadata: {
-            source:
-              '/Users/andrew.goldstein/Projects/forks/andrew-goldstein/kibana/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/example_queries/esql_example_query_0001.asciidoc',
-          },
-        },
-      ]);
-
-      expect(mockEsClient.msearch).toHaveBeenCalledWith({
-        body: [
-          {
-            index: '.elastic-assistant-kb',
-          },
-          {
-            query: {
-              bool: {
-                must_not: [{ term: { 'metadata.required': true } }],
-                must: [
-                  {
-                    text_expansion: {
-                      'vector.tokens': {
-                        model_id: '.elser_model_2',
-                        model_text: mockQueryText,
-                      },
-                    },
-                  },
-                ],
-              },
-            },
-            size: FALLBACK_SIMILARITY_SEARCH_SIZE, // <-- `FALLBACK_SIMILARITY_SEARCH_SIZE` is used when `k` is not provided
-          },
-          {
-            index: '.elastic-assistant-kb',
-          },
-          {
-            query: {
-              bool: {
-                must: [{ term: { 'metadata.required': true } }],
-              },
-            },
-            size: TERMS_QUERY_SIZE,
-          },
-        ],
-      });
-    });
-
-    it('uses the value of `k` instead of the `FALLBACK_SIMILARITY_SEARCH_SIZE` when `k` is provided', async () => {
-      mockEsClient.msearch.mockResolvedValue(mockMsearchResponse);
-
-      const k = 4;
-      await esStore.similaritySearch(mockQueryText, k);
-
-      expect(mockEsClient.msearch).toHaveBeenCalledWith({
-        body: [
-          {
-            index: '.elastic-assistant-kb',
-          },
-          {
-            query: {
-              bool: {
-                must_not: [{ term: { 'metadata.required': true } }],
-                must: [
-                  {
-                    text_expansion: {
-                      'vector.tokens': {
-                        model_id: '.elser_model_2',
-                        model_text: mockQueryText,
-                      },
-                    },
-                  },
-                ],
-              },
-            },
-            size: k, // <-- `k` is used instead of `FALLBACK_SIMILARITY_SEARCH_SIZE`
-          },
-          {
-            index: '.elastic-assistant-kb',
-          },
-          {
-            query: {
-              bool: {
-                must: [{ term: { 'metadata.required': true } }],
-              },
-            },
-            size: TERMS_QUERY_SIZE,
-          },
-        ],
-      });
-    });
-
-    it('Reports successful telemetry event', async () => {
-      mockEsClient.msearch.mockResolvedValue(mockMsearchResponse);
-
-      await esStore.similaritySearch(mockQueryText);
-
-      expect(reportEvent).toHaveBeenCalledWith(KNOWLEDGE_BASE_EXECUTION_SUCCESS_EVENT.eventType, {
-        model: '.elser_model_2',
-        responseTime: 142,
-        resultCount: 2,
-      });
-    });
-
-    it('Reports error telemetry event', async () => {
-      mockEsClient.msearch.mockRejectedValue(new Error('Oh no!'));
-
-      await esStore.similaritySearch(mockQueryText);
-
-      expect(reportEvent).toHaveBeenCalledWith(KNOWLEDGE_BASE_EXECUTION_ERROR_EVENT.eventType, {
-        model: '.elser_model_2',
-        errorMessage: 'Oh no!',
-      });
-    });
-  });
-});
diff --git a/x-pack/plugins/elastic_assistant/server/lib/langchain/elasticsearch_store/elasticsearch_store.ts b/x-pack/plugins/elastic_assistant/server/lib/langchain/elasticsearch_store/elasticsearch_store.ts
deleted file mode 100644
index 78c1b104685ad..0000000000000
--- a/x-pack/plugins/elastic_assistant/server/lib/langchain/elasticsearch_store/elasticsearch_store.ts
+++ /dev/null
@@ -1,478 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { type AnalyticsServiceSetup, ElasticsearchClient, Logger } from '@kbn/core/server';
-import {
-  MappingTypeMapping,
-  MlTrainedModelDeploymentNodesStats,
-  MlTrainedModelStats,
-} from '@elastic/elasticsearch/lib/api/types';
-import { QueryDslQueryContainer } from '@elastic/elasticsearch/lib/api/typesWithBodyKey';
-import { Callbacks } from '@langchain/core/callbacks/manager';
-import { Document } from 'langchain/document';
-import { VectorStore } from '@langchain/core/vectorstores';
-import * as uuid from 'uuid';
-
-import { Metadata } from '@kbn/elastic-assistant-common';
-import { transformError } from '@kbn/securitysolution-es-utils';
-import { ElasticsearchEmbeddings } from '../embeddings/elasticsearch_embeddings';
-import { FlattenedHit, getFlattenedHits } from './helpers/get_flattened_hits';
-import { getMsearchQueryBody } from './helpers/get_msearch_query_body';
-import { getTermsSearchQuery } from './helpers/get_terms_search_query';
-import { getVectorSearchQuery } from './helpers/get_vector_search_query';
-import type { MsearchResponse } from './helpers/types';
-import {
-  KNOWLEDGE_BASE_INDEX_PATTERN,
-  KNOWLEDGE_BASE_INGEST_PIPELINE,
-} from '../../../routes/knowledge_base/constants';
-import { getRequiredKbDocsTermsQueryDsl } from './helpers/get_required_kb_docs_terms_query_dsl';
-import {
-  KNOWLEDGE_BASE_EXECUTION_ERROR_EVENT,
-  KNOWLEDGE_BASE_EXECUTION_SUCCESS_EVENT,
-} from '../../telemetry/event_based_telemetry';
-import { AIAssistantKnowledgeBaseDataClient } from '../../../ai_assistant_data_clients/knowledge_base';
-
-interface CreatePipelineParams {
-  id?: string;
-  description?: string;
-}
-
-interface CreateIndexParams {
-  index?: string;
-  pipeline?: string;
-}
-
-/**
- * A fallback for the query `size` that determines how many documents to
- * return from Elasticsearch when performing a similarity search.
- *
- * The size is typically determined by the implementation of LangChain's
- * `VectorStoreRetriever._getRelevantDocuments` function, so this fallback is
- * only required when using the `ElasticsearchStore` directly.
- */
-export const FALLBACK_SIMILARITY_SEARCH_SIZE = 10;
-
-/** The maximum number of hits to return from a `terms` query, via the `size` parameter */
-export const TERMS_QUERY_SIZE = 10000;
-
-/**
- * Basic ElasticsearchStore implementation only leveraging ELSER for storage and retrieval.
- */
-export class ElasticsearchStore extends VectorStore {
-  declare FilterType: QueryDslQueryContainer;
-
-  private readonly esClient: ElasticsearchClient;
-  private readonly kbDataClient: AIAssistantKnowledgeBaseDataClient | undefined;
-  private readonly index: string;
-  private readonly logger: Logger;
-  private readonly telemetry: AnalyticsServiceSetup;
-  private readonly model: string;
-  private kbResource?: string;
-
-  _vectorstoreType(): string {
-    return 'elasticsearch';
-  }
-
-  constructor(
-    esClient: ElasticsearchClient,
-    index: string,
-    logger: Logger,
-    telemetry: AnalyticsServiceSetup,
-    model?: string,
-    kbResource?: string | undefined,
-    kbDataClient?: AIAssistantKnowledgeBaseDataClient
-  ) {
-    super(new ElasticsearchEmbeddings(logger), { esClient, index });
-    this.esClient = esClient;
-    this.index = index ?? KNOWLEDGE_BASE_INDEX_PATTERN;
-    this.logger = logger;
-    this.telemetry = telemetry;
-    this.model = model ?? '.elser_model_2';
-    this.kbResource = kbResource;
-    this.kbDataClient = kbDataClient;
-  }
-
-  setKbResource(kbResource: string) {
-    this.kbResource = kbResource;
-  }
-
-  /**
-   * Add documents to the store. Embeddings are created on ingest into index configured with
-   * ELSER ingest pipeline. Returns a list of document IDs.
-   *
-   * @param documents Documents to add to the store
-   * @param options Any additional options as defined in the interface
-   * @returns Promise<string[]> of document IDs added to the store
-   */
-  addDocuments = async (
-    documents: Array<Document<Metadata>>,
-    options?: Record<string, never>
-  ): Promise<string[]> => {
-    // Code path for when `assistantKnowledgeBaseByDefault` FF is enabled
-    // Once removed replace addDocuments() w/ addDocumentsViaDataClient()
-    if (this.kbDataClient != null) {
-      return this.addDocumentsViaDataClient(documents, options);
-    }
-
-    const pipelineExists = await this.pipelineExists();
-    if (!pipelineExists) {
-      await this.createPipeline();
-    }
-
-    const operations = documents.flatMap(({ pageContent, metadata }) => [
-      { index: { _index: this.index, _id: uuid.v4() } },
-      { text: pageContent, metadata },
-    ]);
-
-    try {
-      const response = await this.esClient.bulk({ refresh: true, operations });
-      this.logger.debug(() => `Add Documents Response:\n ${JSON.stringify(response)}`);
-
-      const errorIds = response.items.filter((i) => i.index?.error != null);
-      operations.forEach((op, i) => {
-        if (errorIds.some((e) => e.index?._id === op.index?._id)) {
-          this.logger.error(`Error adding document to KB: ${JSON.stringify(operations?.[i + 1])}`);
-        }
-      });
-
-      return response.items.flatMap((i) =>
-        i.index?._id != null && i.index.error == null ? [i.index._id] : []
-      );
-    } catch (e) {
-      this.logger.error(`Error loading data into KB\n ${e}`);
-      return [];
-    }
-  };
-
-  addDocumentsViaDataClient = async (
-    documents: Array<Document<Metadata>>,
-    options?: Record<string, never>
-  ): Promise<string[]> => {
-    if (!this.kbDataClient) {
-      this.logger.error('No kbDataClient provided');
-      return [];
-    }
-
-    try {
-      const response = await this.kbDataClient.addKnowledgeBaseDocuments({
-        documents,
-        global: true,
-      });
-      return response.map((doc) => doc.id);
-    } catch (e) {
-      this.logger.error(`Error loading data into KB\n ${e}`);
-      return [];
-    }
-  };
-
-  /**
-   * Add vectors to the store. Returns a list of document IDs.
-   *
-   * @param vectors Vector representation of documents to add to the store
-   * @param documents Documents corresponding to the provided vectors
-   * @param options Any additional options as defined in the interface
-   * @returns Promise<string[]> of document IDs added to the store
-   */
-  addVectors = (
-    vectors: number[][],
-    documents: Document[],
-    options?: {}
-  ): Promise<string[] | void> => {
-    // Note: implement if/when needed
-    this.logger.info('ElasticsearchStore.addVectors not implemented');
-    return Promise.resolve(undefined);
-  };
-
-  /**
-   * Performs similarity search on the store using the provided query vector and filter, returning k similar
-   * documents along with their score.
-   *
-   * @param query Query vector to search with
-   * @param k Number of similar documents to return
-   * @param filter Optional filter to apply to the search
-   *
-   *  @returns Promise<Array<[Document, number]>> of similar documents and their scores
-   */
-  similaritySearchVectorWithScore = (
-    query: number[],
-    k: number,
-    filter?: this['FilterType']
-  ): Promise<Array<[Document, number]>> => {
-    // Note: Implement if needed
-    this.logger.info('ElasticsearchStore.similaritySearchVectorWithScore not implemented');
-    return Promise.resolve([]);
-  };
-
-  // Non-abstract function overrides
-
-  /**
-   * Performs similarity search on the store using the provided query string and filter, returning k similar
-   * @param query Query vector to search with
-   * @param k Number of similar documents to return
-   * @param filter Optional filter to apply to the search
-   * @param _callbacks Optional callbacks
-   * @param filterRequiredDocs Optional whether or not to exclude the required docs filter
-   *
-   * Fun facts:
-   * - This function is called by LangChain's `VectorStoreRetriever._getRelevantDocuments`
-   * - The `k` parameter is typically determined by LangChain's `VectorStoreRetriever._getRelevantDocuments`, and has been observed to default to `4` in the wild (see langchain/dist/vectorstores/base.ts)
-   * @returns Promise<Document[]> of similar documents
-   */
-  similaritySearch = async (
-    query: string,
-    k?: number,
-    filter?: this['FilterType'] | undefined,
-    _callbacks?: Callbacks | undefined,
-    filterRequiredDocs = true
-  ): Promise<Document[]> => {
-    // requiredDocs is an array of filters that can be used in a `bool` Elasticsearch DSL query to filter in/out required KB documents:
-    const requiredDocs = filterRequiredDocs ? getRequiredKbDocsTermsQueryDsl(this.kbResource) : [];
-
-    // The `k` parameter is typically provided by LangChain's `VectorStoreRetriever._getRelevantDocuments`, which calls this function:
-    const vectorSearchQuerySize = k ?? FALLBACK_SIMILARITY_SEARCH_SIZE;
-
-    // build a vector search query:
-    const vectorSearchQuery = getVectorSearchQuery({
-      filter,
-      modelId: this.model,
-      mustNotTerms: requiredDocs,
-      query,
-    });
-
-    // build a (separate) terms search query:
-    const termsSearchQuery = getTermsSearchQuery(requiredDocs);
-
-    // combine the vector search query and the terms search queries into a single multi-search query:
-    const mSearchQueryBody = getMsearchQueryBody({
-      index: this.index,
-      termsSearchQuery,
-      termsSearchQuerySize: TERMS_QUERY_SIZE,
-      vectorSearchQuery,
-      vectorSearchQuerySize,
-    });
-
-    try {
-      // execute both queries via a single multi-search request:
-      const result = await this.esClient.msearch<MsearchResponse>(mSearchQueryBody);
-
-      // flatten the results of the combined queries into a single array of hits:
-      const results: FlattenedHit[] = result.responses.flatMap((response) => {
-        const maybeEsqlMsearchResponse: MsearchResponse = response as MsearchResponse;
-
-        return getFlattenedHits(maybeEsqlMsearchResponse);
-      });
-
-      this.telemetry.reportEvent(KNOWLEDGE_BASE_EXECUTION_SUCCESS_EVENT.eventType, {
-        model: this.model,
-        ...(this.kbResource != null ? { resourceAccessed: this.kbResource } : {}),
-        resultCount: results.length,
-        responseTime: result.took ?? 0,
-      });
-
-      this.logger.debug(
-        () =>
-          `Similarity search metadata source:\n${JSON.stringify(
-            results.map((r) => r?.metadata?.source ?? '(missing metadata.source)'),
-            null,
-            2
-          )}`
-      );
-
-      return results;
-    } catch (e) {
-      const error = transformError(e);
-      this.telemetry.reportEvent(KNOWLEDGE_BASE_EXECUTION_ERROR_EVENT.eventType, {
-        model: this.model,
-        ...(this.kbResource != null ? { resourceAccessed: this.kbResource } : {}),
-        errorMessage: error.message,
-      });
-      this.logger.error(e);
-      return [];
-    }
-  };
-
-  // ElasticsearchStore explicit utility functions
-
-  /**
-   * Checks if the provided index exists in Elasticsearch
-   *
-   * @returns Promise<boolean> indicating whether the index exists
-   * @param index Index to check
-   * @returns Promise<boolean> indicating whether the index exists
-   */
-  indexExists = async (index?: string): Promise<boolean> => {
-    return this.esClient.indices.exists({ index: index ?? this.index });
-  };
-
-  /**
-   * Create index for ELSER embeddings in Elasticsearch
-   *
-   * @returns Promise<boolean> indicating whether the index was created
-   */
-  createIndex = async ({ index, pipeline }: CreateIndexParams = {}): Promise<boolean> => {
-    const mappings: MappingTypeMapping = {
-      properties: {
-        metadata: {
-          properties: {
-            /** the category of knowledge, e.g. `esql` */
-            kbResource: { type: 'keyword' },
-            /** when `true`, return this document in all searches for the `kbResource` */
-            required: { type: 'boolean' },
-            /** often a file path when the document was created via a LangChain `DirectoryLoader`, this metadata describes the origin of the document */
-            source: { type: 'keyword' },
-          },
-        },
-        vector: {
-          properties: { tokens: { type: 'rank_features' } },
-        },
-      },
-    };
-
-    const settings = { default_pipeline: pipeline ?? KNOWLEDGE_BASE_INGEST_PIPELINE };
-
-    const response = await this.esClient.indices.create({
-      index: index ?? this.index,
-      mappings,
-      settings,
-    });
-
-    return response.acknowledged;
-  };
-
-  /**
-   * Delete index for ELSER embeddings in Elasticsearch
-   * @param index Index to delete, otherwise uses the default index
-   *
-   * @returns Promise<boolean> indicating whether the index was created
-   */
-  deleteIndex = async (index?: string): Promise<boolean> => {
-    // Code path for when `assistantKnowledgeBaseByDefault` FF is enabled
-    // We won't be supporting delete operations for the KB data stream going forward, so this can be removed along with the FF
-    if (this.kbDataClient != null) {
-      const response = await this.esClient.indices.deleteDataStream({ name: index ?? this.index });
-      return response.acknowledged;
-    }
-
-    const response = await this.esClient.indices.delete({
-      index: index ?? this.index,
-    });
-
-    return response.acknowledged;
-  };
-
-  /**
-   * Checks if the provided ingest pipeline exists in Elasticsearch
-   *
-   * @param pipelineId ID of the ingest pipeline to check
-   * @returns Promise<boolean> indicating whether the pipeline exists
-   */
-  pipelineExists = async (pipelineId?: string): Promise<boolean> => {
-    try {
-      const id =
-        pipelineId ??
-        this.kbDataClient?.options.ingestPipelineResourceName ??
-        KNOWLEDGE_BASE_INGEST_PIPELINE;
-      const response = await this.esClient.ingest.getPipeline({
-        id,
-      });
-      return Object.keys(response).length > 0;
-    } catch (e) {
-      // The GET /_ingest/pipeline/{pipelineId} API returns an empty object w/ 404 Not Found.
-      return false;
-    }
-  };
-
-  /**
-   * Create ingest pipeline for ELSER in Elasticsearch
-   *
-   * @returns Promise<boolean> indicating whether the pipeline was created
-   */
-  createPipeline = async ({ id, description }: CreatePipelineParams = {}): Promise<boolean> => {
-    const response = await this.esClient.ingest.putPipeline({
-      id:
-        id ??
-        this.kbDataClient?.options.ingestPipelineResourceName ??
-        KNOWLEDGE_BASE_INGEST_PIPELINE,
-      description:
-        description ?? 'Embedding pipeline for Elastic AI Assistant ELSER Knowledge Base',
-      processors: [
-        {
-          inference: {
-            model_id: this.model,
-            target_field: 'vector',
-            field_map: {
-              text: 'text_field',
-            },
-            inference_config: {
-              // @ts-expect-error
-              text_expansion: {
-                results_field: 'tokens',
-              },
-            },
-          },
-        },
-      ],
-    });
-
-    return response.acknowledged;
-  };
-
-  /**
-   * Delete ingest pipeline for ELSER in Elasticsearch
-   *
-   * @returns Promise<boolean> indicating whether the pipeline was created
-   */
-  deletePipeline = async (pipelineId?: string): Promise<boolean> => {
-    const response = await this.esClient.ingest.deletePipeline({
-      id:
-        pipelineId ??
-        this.kbDataClient?.options.ingestPipelineResourceName ??
-        KNOWLEDGE_BASE_INGEST_PIPELINE,
-    });
-
-    return response.acknowledged;
-  };
-
-  /**
-   * Checks if the provided model is installed in Elasticsearch
-   *
-   * @param modelId ID of the model to check
-   * @returns Promise<boolean> indicating whether the model is installed
-   */
-  async isModelInstalled(modelId?: string): Promise<boolean> {
-    try {
-      // Code path for when `assistantKnowledgeBaseByDefault` FF is enabled
-      if (this.kbDataClient != null) {
-        // esStore.isModelInstalled() is actually checking if the model is deployed, not installed, so do that instead
-        return this.kbDataClient.isModelDeployed();
-      }
-
-      const getResponse = await this.esClient.ml.getTrainedModelsStats({
-        model_id: modelId ?? this.model,
-      });
-
-      this.logger.debug(`modelId: ${modelId}`);
-
-      // For standardized way of checking deployment status see: https://github.com/elastic/elasticsearch/issues/106986
-      const isReadyESS = (stats: MlTrainedModelStats) =>
-        stats.deployment_stats?.state === 'started' &&
-        stats.deployment_stats?.allocation_status.state === 'fully_allocated';
-
-      const isReadyServerless = (stats: MlTrainedModelStats) =>
-        (stats.deployment_stats?.nodes as unknown as MlTrainedModelDeploymentNodesStats[]).some(
-          (node) => node.routing_state.routing_state === 'started'
-        );
-
-      return getResponse.trained_model_stats.some(
-        (stats) => isReadyESS(stats) || isReadyServerless(stats)
-      );
-    } catch (e) {
-      // Returns 404 if it doesn't exist
-      return false;
-    }
-  }
-}
diff --git a/x-pack/plugins/elastic_assistant/server/lib/langchain/elasticsearch_store/helpers/get_flattened_hits.test.ts b/x-pack/plugins/elastic_assistant/server/lib/langchain/elasticsearch_store/helpers/get_flattened_hits.test.ts
deleted file mode 100644
index cc08a95cdb532..0000000000000
--- a/x-pack/plugins/elastic_assistant/server/lib/langchain/elasticsearch_store/helpers/get_flattened_hits.test.ts
+++ /dev/null
@@ -1,81 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { getFlattenedHits } from './get_flattened_hits';
-import { mockMsearchResponse } from '../../../../__mocks__/msearch_response';
-import type { MsearchResponse } from './types';
-
-describe('getFlattenedHits', () => {
-  it('returns an empty array when the response is undefined', () => {
-    const result = getFlattenedHits(undefined);
-
-    expect(result).toEqual([]);
-  });
-
-  it('returns an empty array when hits > hits is empty', () => {
-    const result = getFlattenedHits({ hits: { hits: [] } });
-
-    expect(result).toEqual([]);
-  });
-
-  it('returns the expected flattened hits given a non-empty `MsearchResponse`', () => {
-    const expected = [
-      {
-        pageContent:
-          "[[esql-from]]\n=== `FROM`\n\nThe `FROM` source command returns a table with up to 10,000 documents from a\ndata stream, index, or alias. Each row in the resulting table represents a\ndocument. Each column corresponds to a field, and can be accessed by the name\nof that field.\n\n[source,esql]\n----\nFROM employees\n----\n\nYou can use <<api-date-math-index-names,date math>> to refer to indices, aliases\nand data streams. This can be useful for time series data, for example to access\ntoday's index:\n\n[source,esql]\n----\nFROM <logs-{now/d}>\n----\n\nUse comma-separated lists or wildcards to query multiple data streams, indices,\nor aliases:\n\n[source,esql]\n----\nFROM employees-00001,employees-*\n----\n",
-        metadata: {
-          source:
-            '/Users/andrew.goldstein/Projects/forks/andrew-goldstein/kibana/x-pack/plugins/elastic_assistant/server/knowledge_base/esql/documentation/source_commands/from.asciidoc',
-        },
-      },
-    ];
-
-    const result = getFlattenedHits(mockMsearchResponse.responses[0] as MsearchResponse);
-
-    expect(result).toEqual(expected);
-  });
-
-  it('returns an array of FlattenedHits with empty strings when given an MsearchResponse with missing fields', () => {
-    const msearchResponse = {
-      hits: {
-        hits: [
-          {
-            _source: {
-              metadata: {
-                source: '/source/1',
-              },
-            },
-          },
-          {
-            _source: {
-              text: 'Source 2 text',
-            },
-          },
-        ],
-      },
-    };
-
-    const expected = [
-      {
-        pageContent: '', // <-- missing text field
-        metadata: {
-          source: '/source/1',
-        },
-      },
-      {
-        pageContent: 'Source 2 text',
-        metadata: {
-          source: '', // <-- missing source field
-        },
-      },
-    ];
-
-    const result = getFlattenedHits(msearchResponse);
-
-    expect(result).toEqual(expected);
-  });
-});
diff --git a/x-pack/plugins/elastic_assistant/server/lib/langchain/elasticsearch_store/helpers/get_flattened_hits.ts b/x-pack/plugins/elastic_assistant/server/lib/langchain/elasticsearch_store/helpers/get_flattened_hits.ts
deleted file mode 100644
index f6c3a3ef0e9fa..0000000000000
--- a/x-pack/plugins/elastic_assistant/server/lib/langchain/elasticsearch_store/helpers/get_flattened_hits.ts
+++ /dev/null
@@ -1,37 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import type { MsearchKbHit, MsearchResponse } from './types';
-
-/**
- * Represents a flattened hit from an Elasticsearch Msearch response
- *
- * It contains the page content and metadata source of a KB document
- */
-export interface FlattenedHit {
-  pageContent: string;
-  metadata: {
-    source: string;
-  };
-}
-
-/**
- * Returns an array of flattened hits from the specified Msearch response
- * that contain the page content and metadata source of KB documents
- *
- * @param maybeMsearchResponse An Elasticsearch Msearch response, which returns the results of multiple searches in a single request
- * @returns Returns an array of flattened hits from the specified Msearch response that contain the page content and metadata source of KB documents
- */
-export const getFlattenedHits = (
-  maybeMsearchResponse: MsearchResponse | undefined
-): FlattenedHit[] =>
-  maybeMsearchResponse?.hits?.hits?.flatMap((hit: MsearchKbHit) => ({
-    pageContent: hit?._source?.text ?? '',
-    metadata: {
-      source: hit?._source?.metadata?.source ?? '',
-    },
-  })) ?? [];
diff --git a/x-pack/plugins/elastic_assistant/server/lib/langchain/elasticsearch_store/helpers/get_msearch_query_body.test.ts b/x-pack/plugins/elastic_assistant/server/lib/langchain/elasticsearch_store/helpers/get_msearch_query_body.test.ts
deleted file mode 100644
index 2697aaf76a085..0000000000000
--- a/x-pack/plugins/elastic_assistant/server/lib/langchain/elasticsearch_store/helpers/get_msearch_query_body.test.ts
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { TERMS_QUERY_SIZE } from '../elasticsearch_store';
-import { getMsearchQueryBody } from './get_msearch_query_body';
-import { mockTermsSearchQuery } from '../../../../__mocks__/terms_search_query';
-import { mockVectorSearchQuery } from '../../../../__mocks__/vector_search_query';
-
-describe('getMsearchQueryBody', () => {
-  it('returns the expected multi-search request body', () => {
-    const index = '.kibana-elastic-ai-assistant-kb';
-
-    const vectorSearchQuery = mockVectorSearchQuery;
-    const vectorSearchQuerySize = 4;
-
-    const termsSearchQuery = mockTermsSearchQuery;
-    const termsSearchQuerySize = TERMS_QUERY_SIZE;
-
-    const result = getMsearchQueryBody({
-      index,
-      termsSearchQuery,
-      termsSearchQuerySize,
-      vectorSearchQuery,
-      vectorSearchQuerySize,
-    });
-
-    expect(result).toEqual({
-      body: [
-        { index },
-        {
-          query: mockVectorSearchQuery,
-          size: vectorSearchQuerySize,
-        },
-        { index },
-        {
-          query: mockTermsSearchQuery,
-          size: TERMS_QUERY_SIZE,
-        },
-      ],
-    });
-  });
-});
diff --git a/x-pack/plugins/elastic_assistant/server/lib/langchain/elasticsearch_store/helpers/get_msearch_query_body.ts b/x-pack/plugins/elastic_assistant/server/lib/langchain/elasticsearch_store/helpers/get_msearch_query_body.ts
deleted file mode 100644
index c93c3f2e30954..0000000000000
--- a/x-pack/plugins/elastic_assistant/server/lib/langchain/elasticsearch_store/helpers/get_msearch_query_body.ts
+++ /dev/null
@@ -1,67 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import type { QueryDslQueryContainer } from '@elastic/elasticsearch/lib/api/types';
-
-/**
- * Represents an entry in a multi-search request body that specifies the name of an index to search
- */
-export interface MsearchQueryBodyIndexEntry {
-  index: string;
-}
-
-/**
- * Represents an entry in a multi-search request body that specifies a query to execute
- */
-export interface MsearchQueryBodyQueryEntry {
-  query: QueryDslQueryContainer;
-  size: number;
-}
-
-/**
- * Represents a multi-search request body, which returns the results of multiple searches in a single request
- */
-export interface MsearchQueryBody {
-  body: Array<MsearchQueryBodyIndexEntry | MsearchQueryBodyQueryEntry>;
-}
-
-/**
- * Returns a multi-search request body, which returns the results of multiple searches in a single request
- *
- * @param index The KB index to search, e.g. `.kibana-elastic-ai-assistant-kb`
- * @param termsSearchQuery An Elasticsearch DSL query that performs a terms search, typically used to search for required KB documents
- * @param termsSearchQuerySize The maximum number of required KB documents to return
- * @param vectorSearchQuery An Elasticsearch DSL query that performs a vector search, typically used to search for similar KB documents
- * @param vectorSearchQuerySize The maximum number of similar KB documents to return
- * @returns A multi-search request body, which returns the results of multiple searches in a single request
- */
-export const getMsearchQueryBody = ({
-  index,
-  termsSearchQuery,
-  termsSearchQuerySize,
-  vectorSearchQuery,
-  vectorSearchQuerySize,
-}: {
-  index: string;
-  termsSearchQuery: QueryDslQueryContainer;
-  termsSearchQuerySize: number;
-  vectorSearchQuery: QueryDslQueryContainer;
-  vectorSearchQuerySize: number;
-}): MsearchQueryBody => ({
-  body: [
-    { index },
-    {
-      query: vectorSearchQuery,
-      size: vectorSearchQuerySize,
-    },
-    { index },
-    {
-      query: termsSearchQuery,
-      size: termsSearchQuerySize,
-    },
-  ],
-});
diff --git a/x-pack/plugins/elastic_assistant/server/lib/langchain/elasticsearch_store/helpers/get_required_kb_docs_terms_query_dsl.test.ts b/x-pack/plugins/elastic_assistant/server/lib/langchain/elasticsearch_store/helpers/get_required_kb_docs_terms_query_dsl.test.ts
deleted file mode 100644
index 5c4f944e83178..0000000000000
--- a/x-pack/plugins/elastic_assistant/server/lib/langchain/elasticsearch_store/helpers/get_required_kb_docs_terms_query_dsl.test.ts
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { getRequiredKbDocsTermsQueryDsl } from './get_required_kb_docs_terms_query_dsl';
-
-const kbResource = 'esql';
-
-describe('getRequiredKbDocsTermsQueryDsl', () => {
-  it('returns the expected terms query DSL', () => {
-    const result = getRequiredKbDocsTermsQueryDsl(kbResource);
-
-    expect(result).toEqual([
-      { term: { 'metadata.kbResource': 'esql' } },
-      { term: { 'metadata.required': true } },
-    ]);
-  });
-});
diff --git a/x-pack/plugins/elastic_assistant/server/lib/langchain/elasticsearch_store/helpers/get_required_kb_docs_terms_query_dsl.ts b/x-pack/plugins/elastic_assistant/server/lib/langchain/elasticsearch_store/helpers/get_required_kb_docs_terms_query_dsl.ts
deleted file mode 100644
index df3e8f42ad63b..0000000000000
--- a/x-pack/plugins/elastic_assistant/server/lib/langchain/elasticsearch_store/helpers/get_required_kb_docs_terms_query_dsl.ts
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import type { Field, FieldValue, QueryDslTermQuery } from '@elastic/elasticsearch/lib/api/types';
-
-/**
- * For the specified topic, returns an array of filters that can be used in a
- * `bool` Elasticsearch DSL query to filter in/out required KB documents.
- *
- * The returned filters can be used in different types of queries to, for example:
- * - To filter out required KB documents from a vector search
- * - To filter in required KB documents in a terms query
- *
- * @param kbResource Search for required KB documents for this topic
- *
- * @returns An array of `term`s that may be used in a `bool` Elasticsearch DSL query to filter in/out required KB documents
- */
-export const getRequiredKbDocsTermsQueryDsl = (
-  kbResource?: string
-): Array<Partial<Record<Field, QueryDslTermQuery | FieldValue>>> => [
-  ...(kbResource != null
-    ? [
-        {
-          term: {
-            'metadata.kbResource': kbResource,
-          },
-        },
-      ]
-    : []),
-  {
-    term: {
-      'metadata.required': true,
-    },
-  },
-];
diff --git a/x-pack/plugins/elastic_assistant/server/lib/langchain/elasticsearch_store/helpers/get_terms_search_query.test.ts b/x-pack/plugins/elastic_assistant/server/lib/langchain/elasticsearch_store/helpers/get_terms_search_query.test.ts
deleted file mode 100644
index 98d3b2c5d36c2..0000000000000
--- a/x-pack/plugins/elastic_assistant/server/lib/langchain/elasticsearch_store/helpers/get_terms_search_query.test.ts
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { getTermsSearchQuery } from './get_terms_search_query';
-import { mockTerms } from '../../../../__mocks__/terms';
-
-describe('getTermsSearchQuery', () => {
-  it('returns the expected Elasticsearch query DSL', () => {
-    const query = getTermsSearchQuery(mockTerms);
-
-    expect(query).toEqual({
-      bool: {
-        must: mockTerms,
-      },
-    });
-  });
-});
diff --git a/x-pack/plugins/elastic_assistant/server/lib/langchain/elasticsearch_store/helpers/get_terms_search_query.ts b/x-pack/plugins/elastic_assistant/server/lib/langchain/elasticsearch_store/helpers/get_terms_search_query.ts
deleted file mode 100644
index 8fcc7b3b20851..0000000000000
--- a/x-pack/plugins/elastic_assistant/server/lib/langchain/elasticsearch_store/helpers/get_terms_search_query.ts
+++ /dev/null
@@ -1,29 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import type {
-  Field,
-  FieldValue,
-  QueryDslTermQuery,
-  QueryDslQueryContainer,
-} from '@elastic/elasticsearch/lib/api/types';
-
-/**
- * Returns an Elasticsearch DSL query that performs a terms search,
- * such that all of the specified terms must be present in the search results.
- *
- * @param mustTerms All of the specified terms must be present in the search results
- *
- * @returns An Elasticsearch DSL query that performs a terms search, such that all of the specified terms must be present in the search results
- */
-export const getTermsSearchQuery = (
-  mustTerms: Array<Partial<Record<Field, QueryDslTermQuery | FieldValue>>>
-): QueryDslQueryContainer => ({
-  bool: {
-    must: [...mustTerms], // all of the specified terms must be present in the search results
-  },
-});
diff --git a/x-pack/plugins/elastic_assistant/server/lib/langchain/elasticsearch_store/helpers/get_vector_search_query.test.ts b/x-pack/plugins/elastic_assistant/server/lib/langchain/elasticsearch_store/helpers/get_vector_search_query.test.ts
deleted file mode 100644
index da6a7227953f2..0000000000000
--- a/x-pack/plugins/elastic_assistant/server/lib/langchain/elasticsearch_store/helpers/get_vector_search_query.test.ts
+++ /dev/null
@@ -1,129 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import type { QueryDslQueryContainer } from '@elastic/elasticsearch/lib/api/types';
-
-import { getVectorSearchQuery } from './get_vector_search_query';
-import { mockTerms } from '../../../../__mocks__/terms';
-import { mockQueryText } from '../../../../__mocks__/query_text';
-
-describe('getVectorSearchQuery', () => {
-  it('returns the expected query when mustNotTerms is empty', () => {
-    const result = getVectorSearchQuery({
-      filter: undefined,
-      modelId: '.elser_model_2',
-      mustNotTerms: [], // <--- empty
-      query: mockQueryText,
-    });
-
-    expect(result).toEqual({
-      bool: {
-        filter: undefined,
-        must: [
-          {
-            text_expansion: {
-              'vector.tokens': {
-                model_id: '.elser_model_2',
-                model_text:
-                  'Generate an ES|QL query that will count the number of connections made to external IP addresses, broken down by user. If the count is greater than 100 for a specific user, add a new field called follow_up that contains a value of true, otherwise, it should contain false. The user names should also be enriched with their respective group names.',
-              },
-            },
-          },
-        ],
-        must_not: [],
-      },
-    });
-  });
-
-  it('returns the expected query when mustNotTerms are provided', () => {
-    const result = getVectorSearchQuery({
-      filter: undefined,
-      modelId: '.elser_model_2',
-      mustNotTerms: mockTerms, // <--- mock terms
-      query: mockQueryText,
-    });
-
-    expect(result).toEqual({
-      bool: {
-        filter: undefined,
-        must: [
-          {
-            text_expansion: {
-              'vector.tokens': {
-                model_id: '.elser_model_2',
-                model_text:
-                  'Generate an ES|QL query that will count the number of connections made to external IP addresses, broken down by user. If the count is greater than 100 for a specific user, add a new field called follow_up that contains a value of true, otherwise, it should contain false. The user names should also be enriched with their respective group names.',
-              },
-            },
-          },
-        ],
-        must_not: [
-          {
-            term: {
-              'metadata.kbResource': 'esql',
-            },
-          },
-          {
-            term: {
-              'metadata.required': true,
-            },
-          },
-        ],
-      },
-    });
-  });
-
-  it('returns the expected results when a filter is provided', () => {
-    const filter: QueryDslQueryContainer = {
-      bool: {
-        must: [
-          {
-            term: {
-              'some.field': 'value',
-            },
-          },
-        ],
-      },
-    };
-
-    const result = getVectorSearchQuery({
-      filter,
-      modelId: '.elser_model_2',
-      mustNotTerms: mockTerms, // <--- mock terms
-      query: mockQueryText,
-    });
-
-    expect(result).toEqual({
-      bool: {
-        filter,
-        must: [
-          {
-            text_expansion: {
-              'vector.tokens': {
-                model_id: '.elser_model_2',
-                model_text:
-                  'Generate an ES|QL query that will count the number of connections made to external IP addresses, broken down by user. If the count is greater than 100 for a specific user, add a new field called follow_up that contains a value of true, otherwise, it should contain false. The user names should also be enriched with their respective group names.',
-              },
-            },
-          },
-        ],
-        must_not: [
-          {
-            term: {
-              'metadata.kbResource': 'esql',
-            },
-          },
-          {
-            term: {
-              'metadata.required': true,
-            },
-          },
-        ],
-      },
-    });
-  });
-});
diff --git a/x-pack/plugins/elastic_assistant/server/lib/langchain/elasticsearch_store/helpers/get_vector_search_query.ts b/x-pack/plugins/elastic_assistant/server/lib/langchain/elasticsearch_store/helpers/get_vector_search_query.ts
deleted file mode 100644
index 613ee5c501560..0000000000000
--- a/x-pack/plugins/elastic_assistant/server/lib/langchain/elasticsearch_store/helpers/get_vector_search_query.ts
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import type {
-  Field,
-  FieldValue,
-  QueryDslQueryContainer,
-  QueryDslTermQuery,
-} from '@elastic/elasticsearch/lib/api/types';
-
-/**
- * Returns an Elasticsearch query DSL that performs a vector search
- * that excludes a set of documents from the search results.
- *
- * @param filter Optional filter to apply to the search
- * @param modelId ID of the model to search with, e.g. `.elser_model_2`
- * @param mustNotTerms Array of objects that may be used in a `bool` Elasticsearch DSL query to, for example, exclude the required KB docs from the vector search, so there's no overlap
- * @param query The search query provided by the user
- * @returns
- */
-export const getVectorSearchQuery = ({
-  filter,
-  modelId,
-  mustNotTerms,
-  query,
-}: {
-  filter: QueryDslQueryContainer | undefined;
-  modelId: string;
-  mustNotTerms: Array<Partial<Record<Field, QueryDslTermQuery | FieldValue>>>;
-  query: string;
-}): QueryDslQueryContainer => ({
-  bool: {
-    must_not: [...mustNotTerms],
-    must: [
-      {
-        text_expansion: {
-          'vector.tokens': {
-            model_id: modelId,
-            model_text: query,
-          },
-        },
-      },
-    ],
-    filter,
-  },
-});
diff --git a/x-pack/plugins/elastic_assistant/server/lib/langchain/elasticsearch_store/helpers/types.ts b/x-pack/plugins/elastic_assistant/server/lib/langchain/elasticsearch_store/helpers/types.ts
deleted file mode 100644
index a0f549a00ab26..0000000000000
--- a/x-pack/plugins/elastic_assistant/server/lib/langchain/elasticsearch_store/helpers/types.ts
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-/**
- * A hit from the response to an Elasticsearch multi-search request,
- * which returns the results of multiple searches in a single request.
- *
- * Search hits may contain the following properties that may be present in
- * knowledge base documents:
- *
- * 1) the `metadata` property, an object that may have the following properties:
- * - `kbResource`: The name of the Knowledge Base resource that the document belongs to, e.g. `esql`
- * - `required`: A boolean indicating whether the document is required for searches on the `kbResource` topic
- * - `source`: Describes the origin of the document, sometimes a file path via a LangChain DirectoryLoader
- * 2) the `text` property, a string containing the text of the document
- * 3) the `vector` property, containing the document's embeddings
- */
-export interface MsearchKbHit {
-  _id?: string;
-  _ignored?: string[];
-  _index?: string;
-  _score?: number;
-  _source?: {
-    metadata?: {
-      kbResource?: string;
-      required?: boolean;
-      source?: string;
-    };
-    text?: string;
-    vector?: {
-      tokens?: Record<string, number>;
-    };
-  };
-}
-
-/**
- * A Response from an Elasticsearch multi-search request, which returns the
- * results of multiple searches in a single request.
- */
-export interface MsearchResponse {
-  hits?: {
-    hits?: MsearchKbHit[];
-  };
-}
diff --git a/x-pack/plugins/elastic_assistant/server/lib/langchain/embeddings/elasticsearch_embeddings.ts b/x-pack/plugins/elastic_assistant/server/lib/langchain/embeddings/elasticsearch_embeddings.ts
deleted file mode 100644
index 570f692ecd5ac..0000000000000
--- a/x-pack/plugins/elastic_assistant/server/lib/langchain/embeddings/elasticsearch_embeddings.ts
+++ /dev/null
@@ -1,41 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { Embeddings, EmbeddingsParams } from '@langchain/core/embeddings';
-import { Logger } from '@kbn/core/server';
-
-/**
- * Shell class for Elasticsearch embeddings as not needed in ElasticsearchStore since ELSER embeds on index
- */
-export class ElasticsearchEmbeddings extends Embeddings {
-  private readonly logger: Logger;
-  constructor(logger: Logger, params?: EmbeddingsParams) {
-    super(params ?? {});
-    this.logger = logger;
-  }
-
-  /**
-   * TODO: Use inference API if not re-indexing to create embedding vectors, e.g.
-   *
-   * POST _ml/trained_models/.elser_model_2/_infer
-   * {
-   *   "docs":[{"text_field": "The fool doth think he is wise, but the wise man knows himself to be a fool."}]
-   * }
-   */
-
-  embedDocuments(documents: string[]): Promise<number[][]> {
-    // Note: implement if/when needed
-    this.logger.info('ElasticsearchEmbeddings.embedDocuments not implemented');
-    return Promise.resolve([]);
-  }
-
-  embedQuery(_: string): Promise<number[]> {
-    // Note: implement if/when needed
-    this.logger.info('ElasticsearchEmbeddings.embedQuery not implemented');
-    return Promise.resolve([]);
-  }
-}
diff --git a/x-pack/plugins/elastic_assistant/server/lib/langchain/graphs/default_assistant_graph/index.ts b/x-pack/plugins/elastic_assistant/server/lib/langchain/graphs/default_assistant_graph/index.ts
index f55006e452cd0..e9d2c1dd2618b 100644
--- a/x-pack/plugins/elastic_assistant/server/lib/langchain/graphs/default_assistant_graph/index.ts
+++ b/x-pack/plugins/elastic_assistant/server/lib/langchain/graphs/default_assistant_graph/index.ts
@@ -93,8 +93,9 @@ export const callAssistantGraph: AgentExecutor<true | false> = async ({
 
   const latestMessage = langChainMessages.slice(-1); // the last message
 
-  // Check if KB is available
-  const isEnabledKnowledgeBase = (await dataClients?.kbDataClient?.isModelDeployed()) ?? false;
+  // Check if KB is available (not feature flag related)
+  const isEnabledKnowledgeBase =
+    (await dataClients?.kbDataClient?.isInferenceEndpointExists()) ?? false;
 
   // Fetch any applicable tools that the source plugin may have registered
   const assistantToolParams: AssistantToolParams = {
@@ -118,9 +119,8 @@ export const callAssistantGraph: AgentExecutor<true | false> = async ({
   );
 
   // If KB enabled, fetch for any KB IndexEntries and generate a tool for each
-  if (isEnabledKnowledgeBase && dataClients?.kbDataClient?.isV2KnowledgeBaseEnabled) {
+  if (isEnabledKnowledgeBase) {
     const kbTools = await dataClients?.kbDataClient?.getAssistantTools({
-      assistantToolParams,
       esClient,
     });
     if (kbTools) {
diff --git a/x-pack/plugins/elastic_assistant/server/routes/chat/chat_complete_route.test.ts b/x-pack/plugins/elastic_assistant/server/routes/chat/chat_complete_route.test.ts
index f03a3394cdaac..5d277abb00667 100644
--- a/x-pack/plugins/elastic_assistant/server/routes/chat/chat_complete_route.test.ts
+++ b/x-pack/plugins/elastic_assistant/server/routes/chat/chat_complete_route.test.ts
@@ -86,7 +86,7 @@ const mockContext = {
         indexTemplateAndPattern: {
           alias: 'knowledge-base-alias',
         },
-        isModelDeployed: jest.fn().mockResolvedValue(true),
+        isInferenceEndpointExists: jest.fn().mockResolvedValue(true),
       }),
       getAIAssistantAnonymizationFieldsDataClient: jest.fn().mockResolvedValue({
         findDocuments: jest.fn().mockResolvedValue(getFindAnonymizationFieldsResultWithSingleHit()),
diff --git a/x-pack/plugins/elastic_assistant/server/routes/chat/chat_complete_route.ts b/x-pack/plugins/elastic_assistant/server/routes/chat/chat_complete_route.ts
index c6eb81dd86ebd..35b4999a30249 100644
--- a/x-pack/plugins/elastic_assistant/server/routes/chat/chat_complete_route.ts
+++ b/x-pack/plugins/elastic_assistant/server/routes/chat/chat_complete_route.ts
@@ -25,9 +25,7 @@ import { buildResponse } from '../../lib/build_response';
 import {
   appendAssistantMessageToConversation,
   createConversationWithUserInput,
-  DEFAULT_PLUGIN_NAME,
   getIsKnowledgeBaseInstalled,
-  getPluginNameFromRequest,
   langChainExecute,
   performChecks,
 } from '../helpers';
@@ -222,25 +220,14 @@ export const chatCompleteRoute = (
           });
         } catch (err) {
           const error = transformError(err as Error);
-          const pluginName = getPluginNameFromRequest({
-            request,
-            defaultPluginName: DEFAULT_PLUGIN_NAME,
-            logger,
-          });
-          const v2KnowledgeBaseEnabled =
-            ctx.elasticAssistant.getRegisteredFeatures(pluginName).assistantKnowledgeBaseByDefault;
           const kbDataClient =
-            (await ctx.elasticAssistant.getAIAssistantKnowledgeBaseDataClient({
-              v2KnowledgeBaseEnabled,
-            })) ?? undefined;
+            (await ctx.elasticAssistant.getAIAssistantKnowledgeBaseDataClient()) ?? undefined;
           const isKnowledgeBaseInstalled = await getIsKnowledgeBaseInstalled(kbDataClient);
 
           telemetry?.reportEvent(INVOKE_ASSISTANT_ERROR_EVENT.eventType, {
             actionTypeId: actionTypeId ?? '',
             model: request.body.model,
             errorMessage: error.message,
-            // TODO rm actionTypeId check when llmClass for bedrock streaming is implemented
-            // tracked here: https://github.com/elastic/security-team/issues/7363
             assistantStreamingEnabled: request.body.isStream ?? false,
             isEnabledKnowledgeBase: isKnowledgeBaseInstalled,
           });
diff --git a/x-pack/plugins/elastic_assistant/server/routes/evaluate/post_evaluate.ts b/x-pack/plugins/elastic_assistant/server/routes/evaluate/post_evaluate.ts
index e4f520b190b5a..4e4b7e5fcd251 100644
--- a/x-pack/plugins/elastic_assistant/server/routes/evaluate/post_evaluate.ts
+++ b/x-pack/plugins/elastic_assistant/server/routes/evaluate/post_evaluate.ts
@@ -33,7 +33,7 @@ import { omit } from 'lodash/fp';
 import { buildResponse } from '../../lib/build_response';
 import { AssistantDataClients } from '../../lib/langchain/executors/types';
 import { AssistantToolParams, ElasticAssistantRequestHandlerContext, GetElser } from '../../types';
-import { DEFAULT_PLUGIN_NAME, isV2KnowledgeBaseEnabled, performChecks } from '../helpers';
+import { DEFAULT_PLUGIN_NAME, performChecks } from '../helpers';
 import { fetchLangSmithDataset } from './utils';
 import { transformESSearchToAnonymizationFields } from '../../ai_assistant_data_clients/anonymization_fields/helpers';
 import { EsAnonymizationFieldsSchema } from '../../ai_assistant_data_clients/anonymization_fields/types';
@@ -91,7 +91,6 @@ export const postEvaluateRoute = (
         const actions = ctx.elasticAssistant.actions;
         const logger = assistantContext.logger.get('evaluate');
         const abortSignal = getRequestAbortedSignal(request.events.aborted$);
-        const v2KnowledgeBaseEnabled = isV2KnowledgeBaseEnabled({ context: ctx, request });
 
         // Perform license, authenticated user and evaluation FF checks
         const checkResponse = performChecks({
@@ -158,9 +157,7 @@ export const postEvaluateRoute = (
           const conversationsDataClient =
             (await assistantContext.getAIAssistantConversationsDataClient()) ?? undefined;
           const kbDataClient =
-            (await assistantContext.getAIAssistantKnowledgeBaseDataClient({
-              v2KnowledgeBaseEnabled,
-            })) ?? undefined;
+            (await assistantContext.getAIAssistantKnowledgeBaseDataClient()) ?? undefined;
           const dataClients: AssistantDataClients = {
             anonymizationFieldsDataClient,
             conversationsDataClient,
@@ -246,7 +243,7 @@ export const postEvaluateRoute = (
 
               // Check if KB is available
               const isEnabledKnowledgeBase =
-                (await dataClients.kbDataClient?.isModelDeployed()) ?? false;
+                (await dataClients.kbDataClient?.isInferenceEndpointExists()) ?? false;
 
               // Skeleton request from route to pass to the agents
               // params will be passed to the actions executor
diff --git a/x-pack/plugins/elastic_assistant/server/routes/helpers.ts b/x-pack/plugins/elastic_assistant/server/routes/helpers.ts
index 0c5c39f77d692..e68efd8e71f8f 100644
--- a/x-pack/plugins/elastic_assistant/server/routes/helpers.ts
+++ b/x-pack/plugins/elastic_assistant/server/routes/helpers.ts
@@ -374,8 +374,6 @@ export const langChainExecute = async ({
   const assistantTools = assistantContext
     .getRegisteredTools(pluginName)
     .filter((x) => x.id !== 'attack-discovery'); // We don't (yet) support asking the assistant for NEW attack discoveries from a conversation
-  const v2KnowledgeBaseEnabled =
-    assistantContext.getRegisteredFeatures(pluginName).assistantKnowledgeBaseByDefault;
 
   // get a scoped esClient for assistant memory
   const esClient = context.core.elasticsearch.client.asCurrentUser;
@@ -389,9 +387,7 @@ export const langChainExecute = async ({
 
   // Create an ElasticsearchStore for KB interactions
   const kbDataClient =
-    (await assistantContext.getAIAssistantKnowledgeBaseDataClient({
-      v2KnowledgeBaseEnabled,
-    })) ?? undefined;
+    (await assistantContext.getAIAssistantKnowledgeBaseDataClient()) ?? undefined;
 
   const dataClients: AssistantDataClients = {
     anonymizationFieldsDataClient: anonymizationFieldsDataClient ?? undefined,
@@ -643,29 +639,6 @@ export const performChecks = ({
   };
 };
 
-/**
- * Returns whether the v2 KB is enabled
- *
- * @param context - Route context
- * @param request - Route KibanaRequest
-
- */
-export const isV2KnowledgeBaseEnabled = ({
-  context,
-  request,
-}: {
-  context: AwaitedProperties<
-    Pick<ElasticAssistantRequestHandlerContext, 'elasticAssistant' | 'licensing' | 'core'>
-  >;
-  request: KibanaRequest;
-}): boolean => {
-  const pluginName = getPluginNameFromRequest({
-    request,
-    defaultPluginName: DEFAULT_PLUGIN_NAME,
-  });
-  return context.elasticAssistant.getRegisteredFeatures(pluginName).assistantKnowledgeBaseByDefault;
-};
-
 /**
  * Telemetry function to determine whether knowledge base has been installed
  * @param kbDataClient
@@ -674,11 +647,11 @@ export const getIsKnowledgeBaseInstalled = async (
   kbDataClient?: AIAssistantKnowledgeBaseDataClient | null
 ): Promise<boolean> => {
   let securityLabsDocsExist = false;
-  let isModelDeployed = false;
+  let isInferenceEndpointExists = false;
   if (kbDataClient != null) {
     try {
-      isModelDeployed = await kbDataClient.isModelDeployed();
-      if (isModelDeployed) {
+      isInferenceEndpointExists = await kbDataClient.isInferenceEndpointExists();
+      if (isInferenceEndpointExists) {
         securityLabsDocsExist =
           (
             await kbDataClient.getKnowledgeBaseDocumentEntries({
@@ -692,5 +665,5 @@ export const getIsKnowledgeBaseInstalled = async (
     }
   }
 
-  return isModelDeployed && securityLabsDocsExist;
+  return isInferenceEndpointExists && securityLabsDocsExist;
 };
diff --git a/x-pack/plugins/elastic_assistant/server/routes/index.ts b/x-pack/plugins/elastic_assistant/server/routes/index.ts
index 928c3211faa9b..c30a62872a82d 100644
--- a/x-pack/plugins/elastic_assistant/server/routes/index.ts
+++ b/x-pack/plugins/elastic_assistant/server/routes/index.ts
@@ -13,7 +13,6 @@ export { postAttackDiscoveryRoute } from './attack_discovery/post/post_attack_di
 export { getAttackDiscoveryRoute } from './attack_discovery/get/get_attack_discovery';
 
 // Knowledge Base
-export { deleteKnowledgeBaseRoute } from './knowledge_base/delete_knowledge_base';
 export { getKnowledgeBaseIndicesRoute } from './knowledge_base/get_knowledge_base_indices';
 export { getKnowledgeBaseStatusRoute } from './knowledge_base/get_knowledge_base_status';
 export { postKnowledgeBaseRoute } from './knowledge_base/post_knowledge_base';
diff --git a/x-pack/plugins/elastic_assistant/server/routes/knowledge_base/constants.ts b/x-pack/plugins/elastic_assistant/server/routes/knowledge_base/constants.ts
index 052b2cac57609..1c26c6d77b53f 100644
--- a/x-pack/plugins/elastic_assistant/server/routes/knowledge_base/constants.ts
+++ b/x-pack/plugins/elastic_assistant/server/routes/knowledge_base/constants.ts
@@ -5,8 +5,6 @@
  * 2.0.
  */
 
-export const KNOWLEDGE_BASE_INDEX_PATTERN = '.kibana-elastic-ai-assistant-kb';
-export const KNOWLEDGE_BASE_INGEST_PIPELINE = '.kibana-elastic-ai-assistant-kb-ingest-pipeline';
 // Query for determining if ESQL docs have been loaded, searches for a specific doc. Intended for the ElasticsearchStore.similaritySearch()
 // Note: We may want to add a tag of the resource name to the document metadata, so we can CRUD by specific resource
 export const ESQL_DOCS_LOADED_QUERY =
diff --git a/x-pack/plugins/elastic_assistant/server/routes/knowledge_base/delete_knowledge_base.ts b/x-pack/plugins/elastic_assistant/server/routes/knowledge_base/delete_knowledge_base.ts
deleted file mode 100644
index 3e387e8a8a4d2..0000000000000
--- a/x-pack/plugins/elastic_assistant/server/routes/knowledge_base/delete_knowledge_base.ts
+++ /dev/null
@@ -1,83 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { IRouter, KibanaRequest } from '@kbn/core/server';
-import { transformError } from '@kbn/securitysolution-es-utils';
-
-import {
-  ELASTIC_AI_ASSISTANT_INTERNAL_API_VERSION,
-  ELASTIC_AI_ASSISTANT_KNOWLEDGE_BASE_URL,
-} from '@kbn/elastic-assistant-common';
-import {
-  DeleteKnowledgeBaseRequestParams,
-  DeleteKnowledgeBaseResponse,
-} from '@kbn/elastic-assistant-common/impl/schemas/knowledge_base/crud_kb_route.gen';
-import { buildRouteValidationWithZod } from '@kbn/elastic-assistant-common/impl/schemas/common';
-import { buildResponse } from '../../lib/build_response';
-import { ElasticAssistantRequestHandlerContext } from '../../types';
-import { isV2KnowledgeBaseEnabled } from '../helpers';
-
-/**
- * Delete Knowledge Base index, pipeline, and resources (collection of documents)
- * @param router
- */
-export const deleteKnowledgeBaseRoute = (
-  router: IRouter<ElasticAssistantRequestHandlerContext>
-) => {
-  router.versioned
-    .delete({
-      access: 'internal',
-      path: ELASTIC_AI_ASSISTANT_KNOWLEDGE_BASE_URL,
-      options: {
-        tags: ['access:elasticAssistant'],
-      },
-    })
-    .addVersion(
-      {
-        version: ELASTIC_AI_ASSISTANT_INTERNAL_API_VERSION,
-        validate: {
-          request: {
-            params: buildRouteValidationWithZod(DeleteKnowledgeBaseRequestParams),
-          },
-        },
-      },
-      async (context, request: KibanaRequest<DeleteKnowledgeBaseRequestParams>, response) => {
-        const resp = buildResponse(response);
-        const ctx = await context.resolve(['core', 'elasticAssistant', 'licensing']);
-        const assistantContext = ctx.elasticAssistant;
-        const logger = ctx.elasticAssistant.logger;
-
-        // FF Check for V2 KB
-        const v2KnowledgeBaseEnabled = isV2KnowledgeBaseEnabled({ context: ctx, request });
-
-        try {
-          const knowledgeBaseDataClient =
-            await assistantContext.getAIAssistantKnowledgeBaseDataClient({
-              v2KnowledgeBaseEnabled,
-            });
-          if (!knowledgeBaseDataClient) {
-            return response.custom({ body: { success: false }, statusCode: 500 });
-          }
-
-          // TODO: This delete API is likely not needed and can be replaced by the new `entries` API
-          const body: DeleteKnowledgeBaseResponse = {
-            success: false,
-          };
-
-          return response.ok({ body });
-        } catch (err) {
-          logger.error(err);
-          const error = transformError(err);
-
-          return resp.error({
-            body: error.message,
-            statusCode: error.statusCode,
-          });
-        }
-      }
-    );
-};
diff --git a/x-pack/plugins/elastic_assistant/server/routes/knowledge_base/entries/bulk_actions_route.ts b/x-pack/plugins/elastic_assistant/server/routes/knowledge_base/entries/bulk_actions_route.ts
index fc49068a09cc9..c6c5f9d94bef3 100644
--- a/x-pack/plugins/elastic_assistant/server/routes/knowledge_base/entries/bulk_actions_route.ts
+++ b/x-pack/plugins/elastic_assistant/server/routes/knowledge_base/entries/bulk_actions_route.ts
@@ -155,7 +155,6 @@ export const bulkActionKnowledgeBaseEntriesRoute = (router: ElasticAssistantPlug
 
           // Perform license, authenticated user and FF checks
           const checkResponse = performChecks({
-            capability: 'assistantKnowledgeBaseByDefault',
             context: ctx,
             request,
             response,
@@ -187,9 +186,7 @@ export const bulkActionKnowledgeBaseEntriesRoute = (router: ElasticAssistantPlug
           // subscribing to completed$, because it handles both cases when request was completed and aborted.
           // when route is finished by timeout, aborted$ is not getting fired
           request.events.completed$.subscribe(() => abortController.abort());
-          const kbDataClient = await ctx.elasticAssistant.getAIAssistantKnowledgeBaseDataClient({
-            v2KnowledgeBaseEnabled: true,
-          });
+          const kbDataClient = await ctx.elasticAssistant.getAIAssistantKnowledgeBaseDataClient();
           const spaceId = ctx.elasticAssistant.getSpaceId();
           const authenticatedUser = checkResponse.currentUser;
           const userFilter = getKBUserFilter(authenticatedUser);
@@ -288,8 +285,7 @@ export const bulkActionKnowledgeBaseEntriesRoute = (router: ElasticAssistantPlug
                 global: entry.users != null && entry.users.length === 0,
               })
             ),
-            getUpdateScript: (entry: UpdateKnowledgeBaseEntrySchema) =>
-              getUpdateScript({ entry, isPatch: true }),
+            getUpdateScript: (entry: UpdateKnowledgeBaseEntrySchema) => getUpdateScript({ entry }),
             authenticatedUser,
           });
           const created =
diff --git a/x-pack/plugins/elastic_assistant/server/routes/knowledge_base/entries/create_route.ts b/x-pack/plugins/elastic_assistant/server/routes/knowledge_base/entries/create_route.ts
index d5df2d02055fd..4c1ea3851aaf5 100644
--- a/x-pack/plugins/elastic_assistant/server/routes/knowledge_base/entries/create_route.ts
+++ b/x-pack/plugins/elastic_assistant/server/routes/knowledge_base/entries/create_route.ts
@@ -47,7 +47,6 @@ export const createKnowledgeBaseEntryRoute = (router: ElasticAssistantPluginRout
 
           // Perform license, authenticated user and FF checks
           const checkResponse = performChecks({
-            capability: 'assistantKnowledgeBaseByDefault',
             context: ctx,
             request,
             response,
@@ -56,10 +55,7 @@ export const createKnowledgeBaseEntryRoute = (router: ElasticAssistantPluginRout
             return checkResponse.response;
           }
 
-          // Check mappings and upgrade if necessary -- this route only supports v2 KB, so always `true`
-          const kbDataClient = await ctx.elasticAssistant.getAIAssistantKnowledgeBaseDataClient({
-            v2KnowledgeBaseEnabled: true,
-          });
+          const kbDataClient = await ctx.elasticAssistant.getAIAssistantKnowledgeBaseDataClient();
 
           logger.debug(() => `Creating KB Entry:\n${JSON.stringify(request.body)}`);
           const createResponse = await kbDataClient?.createKnowledgeBaseEntry({
diff --git a/x-pack/plugins/elastic_assistant/server/routes/knowledge_base/entries/find_route.ts b/x-pack/plugins/elastic_assistant/server/routes/knowledge_base/entries/find_route.ts
index 13334d0d829b1..e4035264a8352 100644
--- a/x-pack/plugins/elastic_assistant/server/routes/knowledge_base/entries/find_route.ts
+++ b/x-pack/plugins/elastic_assistant/server/routes/knowledge_base/entries/find_route.ts
@@ -58,7 +58,6 @@ export const findKnowledgeBaseEntriesRoute = (router: ElasticAssistantPluginRout
 
           // Perform license, authenticated user and FF checks
           const checkResponse = performChecks({
-            capability: 'assistantKnowledgeBaseByDefault',
             context: ctx,
             request,
             response,
@@ -67,9 +66,7 @@ export const findKnowledgeBaseEntriesRoute = (router: ElasticAssistantPluginRout
             return checkResponse.response;
           }
 
-          const kbDataClient = await ctx.elasticAssistant.getAIAssistantKnowledgeBaseDataClient({
-            v2KnowledgeBaseEnabled: true,
-          });
+          const kbDataClient = await ctx.elasticAssistant.getAIAssistantKnowledgeBaseDataClient();
           const currentUser = checkResponse.currentUser;
           const userFilter = getKBUserFilter(currentUser);
           const systemFilter = ` AND (kb_resource:"user" OR type:"index")`;
diff --git a/x-pack/plugins/elastic_assistant/server/routes/knowledge_base/get_knowledge_base_status.test.ts b/x-pack/plugins/elastic_assistant/server/routes/knowledge_base/get_knowledge_base_status.test.ts
index b30e5ac3653ad..a31af7596977a 100644
--- a/x-pack/plugins/elastic_assistant/server/routes/knowledge_base/get_knowledge_base_status.test.ts
+++ b/x-pack/plugins/elastic_assistant/server/routes/knowledge_base/get_knowledge_base_status.test.ts
@@ -35,7 +35,7 @@ describe('Get Knowledge Base Status Route', () => {
       },
       isModelInstalled: jest.fn().mockResolvedValue(true),
       isSetupAvailable: jest.fn().mockResolvedValue(true),
-      isModelDeployed: jest.fn().mockResolvedValue(true),
+      isInferenceEndpointExists: jest.fn().mockResolvedValue(true),
       isSetupInProgress: false,
       isSecurityLabsDocsLoaded: jest.fn().mockResolvedValue(true),
       isUserDataExists: jest.fn().mockResolvedValue(true),
diff --git a/x-pack/plugins/elastic_assistant/server/routes/knowledge_base/get_knowledge_base_status.ts b/x-pack/plugins/elastic_assistant/server/routes/knowledge_base/get_knowledge_base_status.ts
index f278cd469ac0e..4e8112b420d06 100644
--- a/x-pack/plugins/elastic_assistant/server/routes/knowledge_base/get_knowledge_base_status.ts
+++ b/x-pack/plugins/elastic_assistant/server/routes/knowledge_base/get_knowledge_base_status.ts
@@ -17,7 +17,6 @@ import { buildRouteValidationWithZod } from '@kbn/elastic-assistant-common/impl/
 import { KibanaRequest } from '@kbn/core/server';
 import { buildResponse } from '../../lib/build_response';
 import { ElasticAssistantPluginRouter } from '../../types';
-import { isV2KnowledgeBaseEnabled } from '../helpers';
 
 /**
  * Get the status of the Knowledge Base index, pipeline, and resources (collection of documents)
@@ -49,12 +48,7 @@ export const getKnowledgeBaseStatusRoute = (router: ElasticAssistantPluginRouter
         const logger = ctx.elasticAssistant.logger;
 
         try {
-          // FF Check for V2 KB
-          const v2KnowledgeBaseEnabled = isV2KnowledgeBaseEnabled({ context: ctx, request });
-
-          const kbDataClient = await assistantContext.getAIAssistantKnowledgeBaseDataClient({
-            v2KnowledgeBaseEnabled,
-          });
+          const kbDataClient = await assistantContext.getAIAssistantKnowledgeBaseDataClient();
           if (!kbDataClient) {
             return response.custom({ body: { success: false }, statusCode: 500 });
           }
@@ -63,7 +57,7 @@ export const getKnowledgeBaseStatusRoute = (router: ElasticAssistantPluginRouter
           const pipelineExists = true; // Installed at startup, always true
           const modelExists = await kbDataClient.isModelInstalled();
           const setupAvailable = await kbDataClient.isSetupAvailable();
-          const isModelDeployed = await kbDataClient.isModelDeployed();
+          const isInferenceEndpointExists = await kbDataClient.isInferenceEndpointExists();
 
           const body: ReadKnowledgeBaseResponse = {
             elser_exists: modelExists,
@@ -73,13 +67,9 @@ export const getKnowledgeBaseStatusRoute = (router: ElasticAssistantPluginRouter
             pipeline_exists: pipelineExists,
           };
 
-          if (indexExists && isModelDeployed) {
-            const securityLabsExists = v2KnowledgeBaseEnabled
-              ? await kbDataClient.isSecurityLabsDocsLoaded()
-              : true;
-            const userDataExists = v2KnowledgeBaseEnabled
-              ? await kbDataClient.isUserDataExists()
-              : true;
+          if (indexExists && isInferenceEndpointExists) {
+            const securityLabsExists = await kbDataClient.isSecurityLabsDocsLoaded();
+            const userDataExists = await kbDataClient.isUserDataExists();
 
             return response.ok({
               body: {
diff --git a/x-pack/plugins/elastic_assistant/server/routes/knowledge_base/post_knowledge_base.ts b/x-pack/plugins/elastic_assistant/server/routes/knowledge_base/post_knowledge_base.ts
index 23604886e4a52..fa7716a51033d 100644
--- a/x-pack/plugins/elastic_assistant/server/routes/knowledge_base/post_knowledge_base.ts
+++ b/x-pack/plugins/elastic_assistant/server/routes/knowledge_base/post_knowledge_base.ts
@@ -16,7 +16,6 @@ import { buildRouteValidationWithZod } from '@kbn/elastic-assistant-common/impl/
 import { IKibanaResponse } from '@kbn/core/server';
 import { buildResponse } from '../../lib/build_response';
 import { ElasticAssistantPluginRouter } from '../../types';
-import { isV2KnowledgeBaseEnabled } from '../helpers';
 
 // Since we're awaiting on ELSER setup, this could take a bit (especially if ML needs to autoscale)
 // Consider just returning if attempt was successful, and switch to client polling
@@ -54,19 +53,12 @@ export const postKnowledgeBaseRoute = (router: ElasticAssistantPluginRouter) =>
         const assistantContext = ctx.elasticAssistant;
         const core = ctx.core;
         const soClient = core.savedObjects.getClient();
-
-        // FF Check for V2 KB
-        const v2KnowledgeBaseEnabled = isV2KnowledgeBaseEnabled({ context: ctx, request });
-        // Only allow modelId override if FF is enabled as this will re-write the ingest pipeline and break any previous KB entries
-        // This is only really needed for API integration tests
-        const modelIdOverride = v2KnowledgeBaseEnabled ? request.query.modelId : undefined;
         const ignoreSecurityLabs = request.query.ignoreSecurityLabs;
 
         try {
           const knowledgeBaseDataClient =
             await assistantContext.getAIAssistantKnowledgeBaseDataClient({
-              modelIdOverride,
-              v2KnowledgeBaseEnabled,
+              modelIdOverride: request.query.modelId,
             });
           if (!knowledgeBaseDataClient) {
             return response.custom({ body: { success: false }, statusCode: 500 });
@@ -74,7 +66,6 @@ export const postKnowledgeBaseRoute = (router: ElasticAssistantPluginRouter) =>
 
           await knowledgeBaseDataClient.setupKnowledgeBase({
             soClient,
-            v2KnowledgeBaseEnabled,
             ignoreSecurityLabs,
           });
 
diff --git a/x-pack/plugins/elastic_assistant/server/routes/post_actions_connector_execute.ts b/x-pack/plugins/elastic_assistant/server/routes/post_actions_connector_execute.ts
index bb217f7f5aa3a..43264a6c1f54b 100644
--- a/x-pack/plugins/elastic_assistant/server/routes/post_actions_connector_execute.ts
+++ b/x-pack/plugins/elastic_assistant/server/routes/post_actions_connector_execute.ts
@@ -23,9 +23,7 @@ import { buildResponse } from '../lib/build_response';
 import { ElasticAssistantRequestHandlerContext, GetElser } from '../types';
 import {
   appendAssistantMessageToConversation,
-  DEFAULT_PLUGIN_NAME,
   getIsKnowledgeBaseInstalled,
-  getPluginNameFromRequest,
   getSystemPromptFromUserConversation,
   langChainExecute,
   performChecks,
@@ -159,17 +157,9 @@ export const postActionsConnectorExecuteRoute = (
           if (onLlmResponse) {
             await onLlmResponse(error.message, {}, true);
           }
-          const pluginName = getPluginNameFromRequest({
-            request,
-            defaultPluginName: DEFAULT_PLUGIN_NAME,
-            logger,
-          });
-          const v2KnowledgeBaseEnabled =
-            assistantContext.getRegisteredFeatures(pluginName).assistantKnowledgeBaseByDefault;
+
           const kbDataClient =
-            (await assistantContext.getAIAssistantKnowledgeBaseDataClient({
-              v2KnowledgeBaseEnabled,
-            })) ?? undefined;
+            (await assistantContext.getAIAssistantKnowledgeBaseDataClient()) ?? undefined;
           const isKnowledgeBaseInstalled = await getIsKnowledgeBaseInstalled(kbDataClient);
           telemetry.reportEvent(INVOKE_ASSISTANT_ERROR_EVENT.eventType, {
             actionTypeId: request.body.actionTypeId,
diff --git a/x-pack/plugins/elastic_assistant/server/routes/request_context_factory.ts b/x-pack/plugins/elastic_assistant/server/routes/request_context_factory.ts
index 7d97029e7252a..3f81763db49d9 100644
--- a/x-pack/plugins/elastic_assistant/server/routes/request_context_factory.ts
+++ b/x-pack/plugins/elastic_assistant/server/routes/request_context_factory.ts
@@ -83,33 +83,28 @@ export class RequestContextFactory implements IRequestContextFactory {
 
       telemetry: core.analytics,
 
-      // Note: Due to plugin lifecycle and feature flag registration timing, we need to pass in the feature flag here
-      // Remove `v2KnowledgeBaseEnabled` once 'assistantKnowledgeBaseByDefault' feature flag is removed
-      // Additionally, modelIdOverride is used here to enable setting up the KB using a different ELSER model, which
+      // Note: modelIdOverride is used here to enable setting up the KB using a different ELSER model, which
       // is necessary for testing purposes (`pt_tiny_elser`).
-      getAIAssistantKnowledgeBaseDataClient: memoize(
-        async ({ modelIdOverride, v2KnowledgeBaseEnabled = false }) => {
-          const currentUser = getCurrentUser();
-
-          const { securitySolutionAssistant } = await coreStart.capabilities.resolveCapabilities(
-            request,
-            {
-              capabilityPath: 'securitySolutionAssistant.*',
-            }
-          );
-
-          return this.assistantService.createAIAssistantKnowledgeBaseDataClient({
-            spaceId: getSpaceId(),
-            logger: this.logger,
-            licensing: context.licensing,
-            currentUser,
-            modelIdOverride,
-            v2KnowledgeBaseEnabled,
-            manageGlobalKnowledgeBaseAIAssistant:
-              securitySolutionAssistant.manageGlobalKnowledgeBaseAIAssistant as boolean,
-          });
-        }
-      ),
+      getAIAssistantKnowledgeBaseDataClient: memoize(async (params) => {
+        const currentUser = getCurrentUser();
+
+        const { securitySolutionAssistant } = await coreStart.capabilities.resolveCapabilities(
+          request,
+          {
+            capabilityPath: 'securitySolutionAssistant.*',
+          }
+        );
+
+        return this.assistantService.createAIAssistantKnowledgeBaseDataClient({
+          spaceId: getSpaceId(),
+          logger: this.logger,
+          licensing: context.licensing,
+          currentUser,
+          modelIdOverride: params?.modelIdOverride,
+          manageGlobalKnowledgeBaseAIAssistant:
+            securitySolutionAssistant.manageGlobalKnowledgeBaseAIAssistant as boolean,
+        });
+      }),
 
       getAttackDiscoveryDataClient: memoize(() => {
         const currentUser = getCurrentUser();
diff --git a/x-pack/plugins/elastic_assistant/server/types.ts b/x-pack/plugins/elastic_assistant/server/types.ts
index 00fec0dcabc6d..b021ef5a7017d 100755
--- a/x-pack/plugins/elastic_assistant/server/types.ts
+++ b/x-pack/plugins/elastic_assistant/server/types.ts
@@ -126,7 +126,7 @@ export interface ElasticAssistantApiRequestHandlerContext {
   getCurrentUser: () => AuthenticatedUser | null;
   getAIAssistantConversationsDataClient: () => Promise<AIAssistantConversationsDataClient | null>;
   getAIAssistantKnowledgeBaseDataClient: (
-    params: GetAIAssistantKnowledgeBaseDataClientParams
+    params?: GetAIAssistantKnowledgeBaseDataClientParams
   ) => Promise<AIAssistantKnowledgeBaseDataClient | null>;
   getAttackDiscoveryDataClient: () => Promise<AttackDiscoveryDataClient | null>;
   getAIAssistantPromptsDataClient: () => Promise<AIAssistantDataClient | null>;
diff --git a/x-pack/plugins/enterprise_search/common/utils/licensing.test.ts b/x-pack/plugins/enterprise_search/common/utils/licensing.test.ts
index 7b5fbc3088984..30b1b8cd4fe92 100644
--- a/x-pack/plugins/enterprise_search/common/utils/licensing.test.ts
+++ b/x-pack/plugins/enterprise_search/common/utils/licensing.test.ts
@@ -5,92 +5,142 @@
  * 2.0.
  */
 
-import type { ILicense } from '@kbn/licensing-plugin/public';
+import { licenseMock } from '@kbn/licensing-plugin/common/licensing.mock';
 
-import { hasEnterpriseLicense } from './licensing';
+import { License } from '@kbn/licensing-plugin/common/license';
+
+import {
+  hasEnterpriseLicense,
+  hasGoldLicense,
+  hasPlatinumLicense,
+  isTrialLicense,
+} from './licensing';
 
 describe('licensing utils', () => {
-  const baseLicense: ILicense = {
-    isActive: true,
-    type: 'trial',
-    isAvailable: true,
-    signature: 'fake',
-    toJSON: jest.fn(),
-    getUnavailableReason: jest.fn().mockReturnValue(undefined),
-    hasAtLeast: jest.fn().mockReturnValue(false),
-    check: jest.fn().mockReturnValue({ state: 'valid' }),
-    getFeature: jest.fn().mockReturnValue({ isAvailable: false, isEnabled: false }),
-  };
-  describe('hasEnterpriseLicense', () => {
-    let license: ILicense;
-    beforeEach(() => {
-      jest.resetAllMocks();
-      license = {
-        ...baseLicense,
-      };
-    });
-    it('returns true for active enterprise license', () => {
-      license.type = 'enterprise';
+  const basicLicense = licenseMock.createLicense();
+  const basicExpiredLicense = licenseMock.createLicense({ license: { status: 'expired' } });
+  const goldLicense = licenseMock.createLicense({ license: { type: 'gold' } });
+  const goldLicenseExpired = licenseMock.createLicense({
+    license: { status: 'expired', type: 'gold' },
+  });
+  const platinumLicense = licenseMock.createLicense({ license: { type: 'platinum' } });
+  const platinumLicenseExpired = licenseMock.createLicense({
+    license: { status: 'expired', type: 'platinum' },
+  });
+  const enterpriseLicense = licenseMock.createLicense({ license: { type: 'enterprise' } });
+  const enterpriseLicenseExpired = licenseMock.createLicense({
+    license: { status: 'expired', type: 'enterprise' },
+  });
+  const trialLicense = licenseMock.createLicense({ license: { type: 'trial' } });
+  const trialLicenseExpired = licenseMock.createLicense({
+    license: { status: 'expired', type: 'trial' },
+  });
 
-      expect(hasEnterpriseLicense(license)).toEqual(true);
+  const errorMessage = 'unavailable';
+  const errorLicense = new License({ error: errorMessage, signature: '' });
+  const unavailableLicense = new License({ signature: '' });
+
+  beforeEach(() => {
+    jest.resetAllMocks();
+  });
+
+  describe('hasEnterpriseLicense', () => {
+    it('returns true for active valid licenses', () => {
+      expect(hasEnterpriseLicense(enterpriseLicense)).toEqual(true);
+      expect(hasEnterpriseLicense(trialLicense)).toEqual(true);
     });
-    it('returns true for active trial license', () => {
-      expect(hasEnterpriseLicense(license)).toEqual(true);
+    it('returns false for active invalid licenses', () => {
+      expect(hasEnterpriseLicense(basicLicense)).toEqual(false);
+      expect(hasEnterpriseLicense(goldLicense)).toEqual(false);
+      expect(hasEnterpriseLicense(platinumLicense)).toEqual(false);
     });
-    it('returns false for active basic license', () => {
-      license.type = 'basic';
-
-      expect(hasEnterpriseLicense(license)).toEqual(false);
+    it('returns false for inactive licenses', () => {
+      expect(hasEnterpriseLicense(trialLicenseExpired)).toEqual(false);
+      expect(hasEnterpriseLicense(enterpriseLicenseExpired)).toEqual(false);
+      expect(hasEnterpriseLicense(basicExpiredLicense)).toEqual(false);
     });
-    it('returns false for active gold license', () => {
-      license.type = 'gold';
-
-      expect(hasEnterpriseLicense(license)).toEqual(false);
+    it('returns false for unavailable license', () => {
+      expect(hasEnterpriseLicense(errorLicense)).toEqual(false);
+      expect(hasEnterpriseLicense(unavailableLicense)).toEqual(false);
     });
-    it('returns false for active platinum license', () => {
-      license.type = 'platinum';
-
-      expect(hasEnterpriseLicense(license)).toEqual(false);
+    it('returns false for null license', () => {
+      expect(hasEnterpriseLicense(null)).toEqual(false);
     });
-    it('returns false for inactive enterprise license', () => {
-      license.type = 'enterprise';
-      license.isActive = false;
-
-      expect(hasEnterpriseLicense(license)).toEqual(false);
+    it('returns false for undefined license', () => {
+      expect(hasEnterpriseLicense(undefined)).toEqual(false);
     });
-    it('returns false for inactive trial license', () => {
-      license.isActive = false;
+  });
 
-      expect(hasEnterpriseLicense(license)).toEqual(false);
+  describe('hasPlatinumLicense', () => {
+    it('returns true for valid active licenses', () => {
+      expect(hasPlatinumLicense(platinumLicense)).toEqual(true);
+      expect(hasPlatinumLicense(enterpriseLicense)).toEqual(true);
+      expect(hasPlatinumLicense(trialLicense)).toEqual(true);
     });
-    it('returns false for inactive basic license', () => {
-      license.type = 'basic';
-      license.isActive = false;
-
-      expect(hasEnterpriseLicense(license)).toEqual(false);
+    it('returns false for invalid active licenses', () => {
+      expect(hasPlatinumLicense(goldLicense)).toEqual(false);
+      expect(hasPlatinumLicense(basicLicense)).toEqual(false);
     });
-    it('returns false for inactive gold license', () => {
-      license.type = 'gold';
-      license.isActive = false;
-
-      expect(hasEnterpriseLicense(license)).toEqual(false);
+    it('returns false for inactive licenses', () => {
+      expect(hasPlatinumLicense(platinumLicenseExpired)).toEqual(false);
+      expect(hasPlatinumLicense(enterpriseLicenseExpired)).toEqual(false);
+      expect(hasPlatinumLicense(trialLicenseExpired)).toEqual(false);
     });
-    it('returns false for inactive platinum license', () => {
-      license.type = 'platinum';
-      license.isActive = false;
-
-      expect(hasEnterpriseLicense(license)).toEqual(false);
+    it('returns false for bad licenses', () => {
+      expect(hasPlatinumLicense(errorLicense)).toEqual(false);
+      expect(hasPlatinumLicense(unavailableLicense)).toEqual(false);
     });
-    it('returns false for active license is missing type', () => {
-      delete license.type;
-
-      expect(hasEnterpriseLicense(license)).toEqual(false);
+    it('returns false for null license', () => {
+      expect(hasPlatinumLicense(null)).toEqual(false);
+    });
+    it('returns false for undefined license', () => {
+      expect(hasPlatinumLicense(undefined)).toEqual(false);
+    });
+  });
+  describe('hasGoldLicense', () => {
+    it('returns true for valid active licenses', () => {
+      expect(hasGoldLicense(goldLicense)).toEqual(true);
+      expect(hasGoldLicense(platinumLicense)).toEqual(true);
+      expect(hasGoldLicense(enterpriseLicense)).toEqual(true);
+      expect(hasGoldLicense(trialLicense)).toEqual(true);
+    });
+    it('returns false for invalid active licenses', () => {
+      expect(hasGoldLicense(basicLicense)).toEqual(false);
+    });
+    it('returns false for inactive licenses', () => {
+      expect(hasGoldLicense(goldLicenseExpired)).toEqual(false);
+      expect(hasGoldLicense(platinumLicenseExpired)).toEqual(false);
+      expect(hasGoldLicense(enterpriseLicenseExpired)).toEqual(false);
+      expect(hasGoldLicense(trialLicenseExpired)).toEqual(false);
+    });
+    it('returns false for bad licenses', () => {
+      expect(hasGoldLicense(errorLicense)).toEqual(false);
+      expect(hasGoldLicense(unavailableLicense)).toEqual(false);
     });
     it('returns false for null license', () => {
-      expect(hasEnterpriseLicense(null)).toEqual(false);
+      expect(hasGoldLicense(null)).toEqual(false);
     });
     it('returns false for undefined license', () => {
-      expect(hasEnterpriseLicense(undefined)).toEqual(false);
+      expect(hasGoldLicense(undefined)).toEqual(false);
+    });
+  });
+  describe('isTrialLicense', () => {
+    it('returns true for active trial license', () => {
+      expect(hasGoldLicense(trialLicense)).toEqual(true);
+    });
+    it('returns false for non-trial license', () => {
+      expect(isTrialLicense(platinumLicense)).toEqual(false);
+    });
+    it('returns false for invalid license', () => {
+      expect(isTrialLicense(trialLicenseExpired)).toEqual(false);
+      expect(isTrialLicense(errorLicense)).toEqual(false);
+      expect(isTrialLicense(unavailableLicense)).toEqual(false);
+    });
+    it('returns false for null license', () => {
+      expect(isTrialLicense(null)).toEqual(false);
+    });
+    it('returns false for undefined license', () => {
+      expect(isTrialLicense(undefined)).toEqual(false);
     });
   });
 });
diff --git a/x-pack/plugins/enterprise_search/common/utils/licensing.ts b/x-pack/plugins/enterprise_search/common/utils/licensing.ts
index a78e603b3650d..6b6063516cca9 100644
--- a/x-pack/plugins/enterprise_search/common/utils/licensing.ts
+++ b/x-pack/plugins/enterprise_search/common/utils/licensing.ts
@@ -7,10 +7,38 @@
 
 import type { ILicense } from '@kbn/licensing-plugin/public';
 
-/* hasEnterpriseLicense return if the given license is an active `enterprise` or `trial` license
+/* hasEnterpriseLicense return if the given license is an active `enterprise` or greater license
  */
 export function hasEnterpriseLicense(license: ILicense | null | undefined): boolean {
   if (license === undefined || license === null) return false;
-  const qualifyingLicenses = ['enterprise', 'trial'];
-  return license.isActive && qualifyingLicenses.includes(license?.type ?? '');
+  if (!license.isAvailable) return false;
+  if (!license.isActive) return false;
+  return license.hasAtLeast('enterprise');
+}
+
+/* hasPlatinumLicense return if the given license is an active `platinum` or greater license
+ */
+export function hasPlatinumLicense(license: ILicense | null | undefined): boolean {
+  if (license === undefined || license === null) return false;
+  if (!license.isAvailable) return false;
+  if (!license.isActive) return false;
+  return license.hasAtLeast('platinum');
+}
+
+/* hasGoldLicense return if the given license is an active `gold` or greater license
+ */
+export function hasGoldLicense(license: ILicense | null | undefined): boolean {
+  if (license === undefined || license === null) return false;
+  if (!license.isAvailable) return false;
+  if (!license.isActive) return false;
+  return license.hasAtLeast('gold');
+}
+
+/* isTrialLicense returns if the given license is an active `trial` license
+ */
+export function isTrialLicense(license: ILicense | null | undefined): boolean {
+  if (license === undefined || license === null) return false;
+  if (!license.isAvailable) return false;
+  if (!license.isActive) return false;
+  return license?.type === 'trial';
 }
diff --git a/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/components/crawl_rules_table.tsx b/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/components/crawl_rules_table.tsx
index 2f66dc455442e..89cf2248201ce 100644
--- a/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/components/crawl_rules_table.tsx
+++ b/x-pack/plugins/enterprise_search/public/applications/app_search/components/crawler/components/crawl_rules_table.tsx
@@ -53,7 +53,12 @@ const DEFAULT_DESCRIPTION = (
       defaultMessage="Create a crawl rule to include or exclude pages whose URL matches the rule. Rules run in sequential order, and each URL is evaluated according to the first match. {link}"
       values={{
         link: (
-          <EuiLink href={docLinks.appSearchCrawlRules} target="_blank" external>
+          <EuiLink
+            data-test-subj="enterpriseSearchLearnMoreAboutCrawlRulesLink"
+            href={docLinks.appSearchCrawlRules}
+            target="_blank"
+            external
+          >
             {i18n.translate(
               'xpack.enterpriseSearch.appSearch.crawler.crawlRulesTable.descriptionLinkText',
               { defaultMessage: 'Learn more about crawl rules' }
@@ -78,9 +83,10 @@ export const CrawlRulesTable: React.FC<CrawlRulesTableProps> = ({
     {
       editingRender: (crawlRule, onChange, { isInvalid, isLoading }) => (
         <EuiSelect
+          data-test-subj="enterpriseSearchColumnsSelect"
           fullWidth
-          hasNoInitialSelection
           value={(crawlRule as CrawlRule).policy}
+          hasNoInitialSelection={!(crawlRule as CrawlRule).policy}
           onChange={(e) => onChange(e.target.value)}
           disabled={isLoading}
           isInvalid={isInvalid}
@@ -106,9 +112,10 @@ export const CrawlRulesTable: React.FC<CrawlRulesTableProps> = ({
     {
       editingRender: (crawlRule, onChange, { isInvalid, isLoading }) => (
         <EuiSelect
+          data-test-subj="enterpriseSearchColumnsSelect"
           fullWidth
-          hasNoInitialSelection
           value={(crawlRule as CrawlRule).rule}
+          hasNoInitialSelection={!(crawlRule as CrawlRule).rule}
           onChange={(e) => onChange(e.target.value)}
           disabled={isLoading}
           isInvalid={isInvalid}
@@ -139,6 +146,7 @@ export const CrawlRulesTable: React.FC<CrawlRulesTableProps> = ({
         <EuiFlexGroup alignItems="center" gutterSize="s" responsive={false}>
           <EuiFlexItem>
             <EuiFieldText
+              data-test-subj="enterpriseSearchColumnsFieldText"
               fullWidth
               value={(crawlRule as CrawlRule).pattern}
               onChange={(e) => onChange(e.target.value)}
diff --git a/x-pack/plugins/enterprise_search/public/applications/applications/components/search_application/connect/generate_api_key_modal/generate_search_application_api_key_modal.test.tsx b/x-pack/plugins/enterprise_search/public/applications/applications/components/search_application/connect/generate_api_key_modal/generate_search_application_api_key_modal.test.tsx
index 1ebd426b8b9c1..1f23866261b5f 100644
--- a/x-pack/plugins/enterprise_search/public/applications/applications/components/search_application/connect/generate_api_key_modal/generate_search_application_api_key_modal.test.tsx
+++ b/x-pack/plugins/enterprise_search/public/applications/applications/components/search_application/connect/generate_api_key_modal/generate_search_application_api_key_modal.test.tsx
@@ -9,7 +9,7 @@ import { setMockValues, setMockActions } from '../../../../../__mocks__/kea_logi
 
 import React from 'react';
 
-import { shallow, mount } from 'enzyme';
+import { shallow } from 'enzyme';
 
 import { EuiModal, EuiFieldText, EuiCodeBlock } from '@elastic/eui';
 
@@ -17,6 +17,8 @@ const mockActions = { makeRequest: jest.fn(), setKeyName: jest.fn() };
 
 const mockValues = { apiKey: '', isLoading: false, isSuccess: false, keyName: '' };
 
+import { mountWithIntl } from '@kbn/test-jest-helpers';
+
 import { GenerateSearchApplicationApiKeyModal } from './generate_search_application_api_key_modal';
 
 const onCloseMock = jest.fn();
@@ -50,7 +52,7 @@ describe('GenerateSearchApplicationApiKeyModal', () => {
     });
 
     it('pre-set the key name with search application name', () => {
-      mount(
+      mountWithIntl(
         <GenerateSearchApplicationApiKeyModal
           searchApplicationName="puggles"
           onClose={onCloseMock}
diff --git a/x-pack/plugins/enterprise_search/public/applications/applications/components/search_application/connect/generate_api_key_modal/generate_search_application_api_key_modal.tsx b/x-pack/plugins/enterprise_search/public/applications/applications/components/search_application/connect/generate_api_key_modal/generate_search_application_api_key_modal.tsx
index 806b37d809186..978d7fc2caeed 100644
--- a/x-pack/plugins/enterprise_search/public/applications/applications/components/search_application/connect/generate_api_key_modal/generate_search_application_api_key_modal.tsx
+++ b/x-pack/plugins/enterprise_search/public/applications/applications/components/search_application/connect/generate_api_key_modal/generate_search_application_api_key_modal.tsx
@@ -5,7 +5,7 @@
  * 2.0.
  */
 
-import React, { useEffect } from 'react';
+import React, { useEffect, useRef } from 'react';
 
 import { useValues, useActions } from 'kea';
 
@@ -24,12 +24,13 @@ import {
   EuiFieldText,
   EuiFormRow,
   EuiText,
-  EuiSpacer,
-  EuiFormLabel,
+  EuiCallOut,
   EuiCodeBlock,
+  useGeneratedHtmlId,
 } from '@elastic/eui';
 
 import { i18n } from '@kbn/i18n';
+import { FormattedMessage } from '@kbn/i18n-react';
 
 import { GenerateSearchApplicationApiKeyLogic } from '../../../../api/search_applications/generate_search_application_api_key_logic';
 
@@ -45,16 +46,24 @@ export const GenerateSearchApplicationApiKeyModal: React.FC<
 > = ({ onClose, searchApplicationName }) => {
   const { keyName, apiKey, isLoading, isSuccess } = useValues(GenerateApiKeyModalLogic);
   const { setKeyName } = useActions(GenerateApiKeyModalLogic);
+  const modalTitleId = useGeneratedHtmlId();
   const { makeRequest } = useActions(GenerateSearchApplicationApiKeyLogic);
+  const copyApiKeyRef = useRef<HTMLAnchorElement>(null);
 
   useEffect(() => {
     setKeyName(`${searchApplicationName} read-only API key`);
   }, [searchApplicationName]);
 
+  useEffect(() => {
+    if (isSuccess) {
+      copyApiKeyRef.current?.focus();
+    }
+  }, [isSuccess]);
+
   return (
-    <EuiModal onClose={onClose}>
+    <EuiModal onClose={onClose} aria-labelledby={modalTitleId}>
       <EuiModalHeader>
-        <EuiModalHeaderTitle>
+        <EuiModalHeaderTitle id={modalTitleId}>
           {i18n.translate(
             'xpack.enterpriseSearch.searchApplication.searchApplication.api.generateApiKeyModal.title',
             {
@@ -65,15 +74,24 @@ export const GenerateSearchApplicationApiKeyModal: React.FC<
       </EuiModalHeader>
       <EuiModalBody>
         <>
-          <EuiPanel hasShadow={false} color="primary">
+          <EuiPanel hasShadow={false} color={!isSuccess ? 'primary' : 'success'}>
             <EuiFlexGroup direction="column">
               <EuiFlexItem>
                 <EuiFlexGroup direction="row" alignItems="flexEnd">
                   {!isSuccess ? (
                     <>
                       <EuiFlexItem>
-                        <EuiFormRow label="Name your API key" fullWidth>
+                        <EuiFormRow
+                          label={
+                            <FormattedMessage
+                              id="xpack.enterpriseSearch.generateSearchApplicationApiKeyModal.euiFormRow.nameYourAPIKeyLabel"
+                              defaultMessage="Name your API key"
+                            />
+                          }
+                          fullWidth
+                        >
                           <EuiFieldText
+                            data-test-subj="enterpriseSearchGenerateSearchApplicationApiKeyModalFieldText"
                             data-telemetry-id="entSearchApplications-api-generateSearchApplicationApiKeyModal-editName"
                             fullWidth
                             placeholder="Type a name for your API key"
@@ -110,8 +128,20 @@ export const GenerateSearchApplicationApiKeyModal: React.FC<
                     </>
                   ) : (
                     <EuiFlexItem>
-                      <EuiFormLabel>{keyName}</EuiFormLabel>
-                      <EuiSpacer size="xs" />
+                      <EuiCallOut
+                        title={
+                          <FormattedMessage
+                            id="xpack.enterpriseSearch.searchApplication.searchApplication.api.generateApiKeyModal.callOutMessage"
+                            defaultMessage="Done! The {name} API key was generated."
+                            values={{
+                              name: <strong>{keyName}</strong>,
+                            }}
+                          />
+                        }
+                        color="success"
+                        iconType="check"
+                        role="alert"
+                      />
                       <EuiFlexGroup alignItems="center">
                         <EuiFlexItem>
                           <EuiCodeBlock
@@ -126,6 +156,8 @@ export const GenerateSearchApplicationApiKeyModal: React.FC<
                         </EuiFlexItem>
                         <EuiFlexItem grow={false}>
                           <EuiButtonIcon
+                            buttonRef={copyApiKeyRef}
+                            data-test-subj="enterpriseSearchGenerateSearchApplicationApiKeyModalButton"
                             data-telemetry-id="entSearchApplications-api-generateSearchApplicationApiKeyModal-csvDownloadButton"
                             aria-label={i18n.translate(
                               'xpack.enterpriseSearch.searchApplication.searchApplication.api.generateApiKeyModal.csvDownloadButton',
@@ -165,6 +197,7 @@ export const GenerateSearchApplicationApiKeyModal: React.FC<
       <EuiModalFooter>
         {apiKey ? (
           <EuiButton
+            data-test-subj="enterpriseSearchGenerateSearchApplicationApiKeyModalDoneButton"
             data-telemetry-id="entSearchApplications-api-generateSearchApplicationApiKeyModal-done"
             fill
             onClick={onClose}
@@ -178,6 +211,7 @@ export const GenerateSearchApplicationApiKeyModal: React.FC<
           </EuiButton>
         ) : (
           <EuiButtonEmpty
+            data-test-subj="enterpriseSearchGenerateSearchApplicationApiKeyModalCancelButton"
             data-telemetry-id="entSearchApplications-api-generateSearchApplicationApiKeyModal-cancel"
             onClick={onClose}
           >
diff --git a/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/search_index/connector/constants.ts b/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/search_index/connector/constants.ts
index 65120d78cec84..d6f8b72f2e4f4 100644
--- a/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/search_index/connector/constants.ts
+++ b/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/search_index/connector/constants.ts
@@ -39,6 +39,6 @@ export const getRunFromDockerSnippet = ({ version }: { version: string }) => `do
 -v "$HOME/elastic-connectors:/config" \\
 --tty \\
 --rm \\
-docker.elastic.co/enterprise-search/elastic-connectors:${version} \\
+docker.elastic.co/integrations/elastic-connectors:${version} \\
 /app/bin/elastic-ingest \\
 -c /config/config.yml`;
diff --git a/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/search_index/crawler/crawler_domain_detail/crawl_rules_table.tsx b/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/search_index/crawler/crawler_domain_detail/crawl_rules_table.tsx
index 5c96617e1fb2d..1912792e463ef 100644
--- a/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/search_index/crawler/crawler_domain_detail/crawl_rules_table.tsx
+++ b/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/search_index/crawler/crawler_domain_detail/crawl_rules_table.tsx
@@ -104,7 +104,12 @@ const DEFAULT_DESCRIPTION = (
       defaultMessage="Create a crawl rule to include or exclude pages whose URL matches the rule. Rules run in sequential order, and each URL is evaluated according to the first match."
     />
     <EuiSpacer size="s" />
-    <EuiLink href={docLinks.crawlerManaging} target="_blank" external>
+    <EuiLink
+      data-test-subj="enterpriseSearchLearnMoreAboutCrawlRulesLink"
+      href={docLinks.crawlerManaging}
+      target="_blank"
+      external
+    >
       {i18n.translate('xpack.enterpriseSearch.crawler.crawlRulesTable.descriptionLinkText', {
         defaultMessage: 'Learn more about crawl rules',
       })}
@@ -126,10 +131,11 @@ export const CrawlRulesTable: React.FC<CrawlRulesTableProps> = ({
     {
       editingRender: (crawlRule, onChange, { isInvalid, isLoading }) => (
         <EuiSelect
+          data-test-subj="enterpriseSearchColumnsSelect"
           data-telemetry-id="entSearchContent-crawler-domainDetail-crawlRules-policy"
           fullWidth
-          hasNoInitialSelection
           value={(crawlRule as CrawlRule).policy}
+          hasNoInitialSelection={!(crawlRule as CrawlRule).policy}
           onChange={(e) => onChange(e.target.value)}
           disabled={isLoading}
           isInvalid={isInvalid}
@@ -152,10 +158,11 @@ export const CrawlRulesTable: React.FC<CrawlRulesTableProps> = ({
     {
       editingRender: (crawlRule, onChange, { isInvalid, isLoading }) => (
         <EuiSelect
+          data-test-subj="enterpriseSearchColumnsSelect"
           data-telemetry-id="entSearchContent-crawler-domainDetail-crawlRules-rule"
           fullWidth
-          hasNoInitialSelection
           value={(crawlRule as CrawlRule).rule}
+          hasNoInitialSelection={!(crawlRule as CrawlRule).rule}
           onChange={(e) => onChange(e.target.value)}
           disabled={isLoading}
           isInvalid={isInvalid}
@@ -183,6 +190,7 @@ export const CrawlRulesTable: React.FC<CrawlRulesTableProps> = ({
         <EuiFlexGroup alignItems="center" gutterSize="s" responsive={false}>
           <EuiFlexItem>
             <EuiFieldText
+              data-test-subj="enterpriseSearchColumnsFieldText"
               fullWidth
               value={(crawlRule as CrawlRule).pattern}
               onChange={(e) => onChange(e.target.value)}
diff --git a/x-pack/plugins/enterprise_search/public/applications/shared/licensing/licensing_logic.ts b/x-pack/plugins/enterprise_search/public/applications/shared/licensing/licensing_logic.ts
index 7c83b446a67c8..736cf1c5c5d48 100644
--- a/x-pack/plugins/enterprise_search/public/applications/shared/licensing/licensing_logic.ts
+++ b/x-pack/plugins/enterprise_search/public/applications/shared/licensing/licensing_logic.ts
@@ -10,6 +10,13 @@ import { Observable, Subscription } from 'rxjs';
 
 import { ILicense } from '@kbn/licensing-plugin/public';
 
+import {
+  hasEnterpriseLicense,
+  hasGoldLicense,
+  hasPlatinumLicense,
+  isTrialLicense,
+} from '../../../../common/utils/licensing';
+
 interface LicensingValues {
   license: ILicense | null;
   licenseSubscription: Subscription | null;
@@ -50,29 +57,14 @@ export const LicensingLogic = kea<MakeLogicType<LicensingValues, LicensingAction
   selectors: {
     hasPlatinumLicense: [
       (selectors) => [selectors.license],
-      (license) => {
-        const qualifyingLicenses = ['platinum', 'enterprise', 'trial'];
-        return license?.isActive && qualifyingLicenses.includes(license?.type);
-      },
+      (license) => hasPlatinumLicense(license),
     ],
     hasEnterpriseLicense: [
       (selectors) => [selectors.license],
-      (license) => {
-        const qualifyingLicenses = ['enterprise', 'trial'];
-        return license?.isActive && qualifyingLicenses.includes(license?.type);
-      },
-    ],
-    hasGoldLicense: [
-      (selectors) => [selectors.license],
-      (license) => {
-        const qualifyingLicenses = ['gold', 'platinum', 'enterprise', 'trial'];
-        return license?.isActive && qualifyingLicenses.includes(license?.type);
-      },
-    ],
-    isTrial: [
-      (selectors) => [selectors.license],
-      (license) => license?.isActive && license?.type === 'trial',
+      (license) => hasEnterpriseLicense(license),
     ],
+    hasGoldLicense: [(selectors) => [selectors.license], (license) => hasGoldLicense(license)],
+    isTrial: [(selectors) => [selectors.license], (license) => isTrialLicense(license)],
   },
   events: ({ props, actions, values }) => ({
     afterMount: () => {
diff --git a/x-pack/plugins/entity_manager/public/lib/entity_client.test.ts b/x-pack/plugins/entity_manager/public/lib/entity_client.test.ts
index dbaf1205cdf98..6679140314cb5 100644
--- a/x-pack/plugins/entity_manager/public/lib/entity_client.test.ts
+++ b/x-pack/plugins/entity_manager/public/lib/entity_client.test.ts
@@ -5,16 +5,17 @@
  * 2.0.
  */
 
-import { EntityClient, EnitityInstance } from './entity_client';
+import { EntityClient } from './entity_client';
 import { coreMock } from '@kbn/core/public/mocks';
+import type { EntityInstance } from '@kbn/entities-schema';
 
-const commonEntityFields: EnitityInstance = {
+const commonEntityFields: EntityInstance = {
   entity: {
     last_seen_timestamp: '2023-10-09T00:00:00Z',
     id: '1',
     display_name: 'entity_name',
     definition_id: 'entity_definition_id',
-  } as EnitityInstance['entity'],
+  } as EntityInstance['entity'],
 };
 
 describe('EntityClient', () => {
@@ -26,7 +27,7 @@ describe('EntityClient', () => {
 
   describe('asKqlFilter', () => {
     it('should return the kql filter', () => {
-      const entityLatest: EnitityInstance = {
+      const entityLatest: EntityInstance = {
         entity: {
           ...commonEntityFields.entity,
           identity_fields: ['service.name', 'service.environment'],
@@ -42,7 +43,7 @@ describe('EntityClient', () => {
     });
 
     it('should return the kql filter when indentity_fields is composed by multiple fields', () => {
-      const entityLatest: EnitityInstance = {
+      const entityLatest: EntityInstance = {
         entity: {
           ...commonEntityFields.entity,
           identity_fields: ['service.name', 'service.environment'],
@@ -59,7 +60,7 @@ describe('EntityClient', () => {
     });
 
     it('should ignore fields that are not present in the entity', () => {
-      const entityLatest: EnitityInstance = {
+      const entityLatest: EntityInstance = {
         entity: {
           ...commonEntityFields.entity,
           identity_fields: ['host.name', 'foo.bar'],
@@ -76,7 +77,7 @@ describe('EntityClient', () => {
 
   describe('getIdentityFieldsValue', () => {
     it('should return identity fields values', () => {
-      const entityLatest: EnitityInstance = {
+      const entityLatest: EntityInstance = {
         entity: {
           ...commonEntityFields.entity,
           identity_fields: ['service.name', 'service.environment'],
@@ -93,7 +94,7 @@ describe('EntityClient', () => {
     });
 
     it('should return identity fields values when indentity_fields is composed by multiple fields', () => {
-      const entityLatest: EnitityInstance = {
+      const entityLatest: EntityInstance = {
         entity: {
           ...commonEntityFields.entity,
           identity_fields: ['service.name', 'service.environment'],
@@ -112,7 +113,7 @@ describe('EntityClient', () => {
     });
 
     it('should return identity fields when field is in the root', () => {
-      const entityLatest: EnitityInstance = {
+      const entityLatest: EntityInstance = {
         entity: {
           ...commonEntityFields.entity,
           identity_fields: ['name'],
@@ -127,7 +128,7 @@ describe('EntityClient', () => {
     });
 
     it('should throw an error when identity fields are missing', () => {
-      const entityLatest: EnitityInstance = {
+      const entityLatest: EntityInstance = {
         ...commonEntityFields,
       };
 
diff --git a/x-pack/plugins/entity_manager/public/lib/entity_client.ts b/x-pack/plugins/entity_manager/public/lib/entity_client.ts
index 08794873ba930..7132dc50330d5 100644
--- a/x-pack/plugins/entity_manager/public/lib/entity_client.ts
+++ b/x-pack/plugins/entity_manager/public/lib/entity_client.ts
@@ -5,7 +5,6 @@
  * 2.0.
  */
 
-import { z } from '@kbn/zod';
 import { CoreSetup, CoreStart } from '@kbn/core/public';
 import {
   ClientRequestParamsOf,
@@ -14,7 +13,7 @@ import {
   isHttpFetchError,
 } from '@kbn/server-route-repository-client';
 import { type KueryNode, nodeTypes, toKqlExpression } from '@kbn/es-query';
-import { entityLatestSchema } from '@kbn/entities-schema';
+import type { EntityInstance, EntityMetadata } from '@kbn/entities-schema';
 import { castArray } from 'lodash';
 import {
   DisableManagedEntityResponse,
@@ -39,8 +38,6 @@ type CreateEntityDefinitionQuery = QueryParamOf<
   ClientRequestParamsOf<EntityManagerRouteRepository, 'PUT /internal/entities/managed/enablement'>
 >;
 
-export type EnitityInstance = z.infer<typeof entityLatestSchema>;
-
 export class EntityClient {
   public readonly repositoryClient: EntityManagerRepositoryClient['fetch'];
 
@@ -90,8 +87,12 @@ export class EntityClient {
     }
   }
 
-  asKqlFilter(entityLatest: EnitityInstance) {
-    const identityFieldsValue = this.getIdentityFieldsValue(entityLatest);
+  asKqlFilter(
+    entityInstance: {
+      entity: Pick<EntityInstance['entity'], 'identity_fields'>;
+    } & Required<EntityMetadata>
+  ) {
+    const identityFieldsValue = this.getIdentityFieldsValue(entityInstance);
 
     const nodes: KueryNode[] = Object.entries(identityFieldsValue).map(([identityField, value]) => {
       return nodeTypes.function.buildNode('is', identityField, value);
@@ -104,8 +105,12 @@ export class EntityClient {
     return toKqlExpression(kqlExpression);
   }
 
-  getIdentityFieldsValue(entityLatest: EnitityInstance) {
-    const { identity_fields: identityFields } = entityLatest.entity;
+  getIdentityFieldsValue(
+    entityInstance: {
+      entity: Pick<EntityInstance['entity'], 'identity_fields'>;
+    } & Required<EntityMetadata>
+  ) {
+    const { identity_fields: identityFields } = entityInstance.entity;
 
     if (!identityFields) {
       throw new Error('Identity fields are missing');
@@ -114,7 +119,7 @@ export class EntityClient {
     return castArray(identityFields).reduce((acc, field) => {
       const value = field.split('.').reduce((obj: any, part: string) => {
         return obj && typeof obj === 'object' ? (obj as Record<string, any>)[part] : undefined;
-      }, entityLatest);
+      }, entityInstance);
 
       if (value) {
         acc[field] = value;
diff --git a/x-pack/plugins/entity_manager/server/lib/auth/api_key/api_key.ts b/x-pack/plugins/entity_manager/server/lib/auth/api_key/api_key.ts
index 2535bcc4d64f7..8dc499cb7fb43 100644
--- a/x-pack/plugins/entity_manager/server/lib/auth/api_key/api_key.ts
+++ b/x-pack/plugins/entity_manager/server/lib/auth/api_key/api_key.ts
@@ -9,6 +9,7 @@ import { KibanaRequest } from '@kbn/core-http-server';
 import { getFakeKibanaRequest } from '@kbn/security-plugin/server/authentication/api_keys/fake_kibana_request';
 import { EntityManagerServerSetup } from '../../../types';
 import { canManageEntityDefinition, entityDefinitionRuntimePrivileges } from '../privileges';
+import { BUILT_IN_ALLOWED_INDICES } from '../../entities/built_in/constants';
 
 export interface EntityDiscoveryAPIKey {
   id: string;
@@ -45,7 +46,7 @@ export const checkIfEntityDiscoveryAPIKeyIsValid = async (
 
   server.logger.debug('validating API key has runtime privileges for entity discovery');
 
-  return canManageEntityDefinition(esClient);
+  return canManageEntityDefinition(esClient, BUILT_IN_ALLOWED_INDICES);
 };
 
 export const generateEntityDiscoveryAPIKey = async (
diff --git a/x-pack/plugins/entity_manager/server/lib/auth/privileges.ts b/x-pack/plugins/entity_manager/server/lib/auth/privileges.ts
index 674e870c898bc..87f17b93ea57e 100644
--- a/x-pack/plugins/entity_manager/server/lib/auth/privileges.ts
+++ b/x-pack/plugins/entity_manager/server/lib/auth/privileges.ts
@@ -10,15 +10,18 @@ import { ENTITY_INTERNAL_INDICES_PATTERN } from '../../../common/constants_entit
 import { SO_ENTITY_DEFINITION_TYPE, SO_ENTITY_DISCOVERY_API_KEY_TYPE } from '../../saved_objects';
 import { BUILT_IN_ALLOWED_INDICES } from '../entities/built_in/constants';
 
-export const canManageEntityDefinition = async (client: ElasticsearchClient) => {
+export const canManageEntityDefinition = async (
+  client: ElasticsearchClient,
+  sourceIndices: string[]
+) => {
   const { has_all_requested: hasAllRequested } = await client.security.hasPrivileges({
-    body: entityDefinitionRuntimePrivileges,
+    body: entityDefinitionRuntimePrivileges(sourceIndices),
   });
 
   return hasAllRequested;
 };
 
-const canDeleteEntityDefinition = async (client: ElasticsearchClient) => {
+export const canDeleteEntityDefinition = async (client: ElasticsearchClient) => {
   const { has_all_requested: hasAllRequested } = await client.security.hasPrivileges({
     body: entityDefinitionDeletionPrivileges,
   });
@@ -43,9 +46,10 @@ const canDeleteAPIKey = async (client: ElasticsearchClient) => {
 };
 
 export const canEnableEntityDiscovery = async (client: ElasticsearchClient) => {
-  return Promise.all([canManageAPIKey(client), canManageEntityDefinition(client)]).then((results) =>
-    results.every(Boolean)
-  );
+  return Promise.all([
+    canManageAPIKey(client),
+    canManageEntityDefinition(client, BUILT_IN_ALLOWED_INDICES),
+  ]).then((results) => results.every(Boolean));
 };
 
 export const canDisableEntityDiscovery = async (client: ElasticsearchClient) => {
@@ -54,7 +58,7 @@ export const canDisableEntityDiscovery = async (client: ElasticsearchClient) =>
   );
 };
 
-export const entityDefinitionRuntimePrivileges = {
+export const entityDefinitionRuntimePrivileges = (sourceIndices: string[]) => ({
   cluster: ['manage_transform', 'manage_ingest_pipelines', 'manage_index_templates'],
   index: [
     {
@@ -62,7 +66,7 @@ export const entityDefinitionRuntimePrivileges = {
       privileges: ['create_index', 'delete_index', 'index', 'create_doc', 'auto_configure', 'read'],
     },
     {
-      names: [...BUILT_IN_ALLOWED_INDICES, ENTITY_INTERNAL_INDICES_PATTERN],
+      names: [...sourceIndices, ENTITY_INTERNAL_INDICES_PATTERN],
       privileges: ['read', 'view_index_metadata'],
     },
   ],
@@ -73,7 +77,7 @@ export const entityDefinitionRuntimePrivileges = {
       resources: ['*'],
     },
   ],
-};
+});
 
 export const entityDefinitionDeletionPrivileges = {
   cluster: ['manage_transform', 'manage_ingest_pipelines', 'manage_index_templates'],
diff --git a/x-pack/plugins/entity_manager/server/lib/entities/find_entity_definition.ts b/x-pack/plugins/entity_manager/server/lib/entities/find_entity_definition.ts
index cfbb5a5ef5556..2c51f2f627a7d 100644
--- a/x-pack/plugins/entity_manager/server/lib/entities/find_entity_definition.ts
+++ b/x-pack/plugins/entity_manager/server/lib/entities/find_entity_definition.ts
@@ -5,10 +5,9 @@
  * 2.0.
  */
 
-import { compact, forEach, reduce } from 'lodash';
+import { compact } from 'lodash';
 import { ElasticsearchClient, SavedObjectsClientContract } from '@kbn/core/server';
 import { EntityDefinition } from '@kbn/entities-schema';
-import { NodesIngestTotal } from '@elastic/elasticsearch/lib/api/types';
 import { SO_ENTITY_DEFINITION_TYPE } from '../../saved_objects';
 import { BUILT_IN_ID_PREFIX } from './built_in';
 import { EntityDefinitionState, EntityDefinitionWithState } from './types';
@@ -144,33 +143,14 @@ async function getIngestPipelineState({
     .filter(({ type }) => type === 'ingest_pipeline')
     .map(({ id }) => id);
 
-  const [ingestPipelines, ingestPipelinesStats] = await Promise.all([
-    esClient.ingest.getPipeline({ id: ingestPipelineIds.join(',') }, { ignore: [404] }),
-    esClient.nodes.stats({
-      metric: 'ingest',
-      filter_path: ingestPipelineIds.map((id) => `nodes.*.ingest.pipelines.${id}`),
-    }),
-  ]);
-
-  const ingestStatsByPipeline = reduce(
-    ingestPipelinesStats.nodes,
-    (pipelines, { ingest }) => {
-      forEach(ingest?.pipelines, (value: NodesIngestTotal, key: string) => {
-        if (!pipelines[key]) {
-          pipelines[key] = { count: 0, failed: 0 };
-        }
-        pipelines[key].count += value.count ?? 0;
-        pipelines[key].failed += value.failed ?? 0;
-      });
-      return pipelines;
-    },
-    {} as Record<string, { count: number; failed: number }>
+  const ingestPipelines = await esClient.ingest.getPipeline(
+    { id: ingestPipelineIds.join(',') },
+    { ignore: [404] }
   );
 
   return ingestPipelineIds.map((id) => ({
     id,
     installed: !!ingestPipelines[id],
-    stats: ingestStatsByPipeline[id],
   }));
 }
 
diff --git a/x-pack/plugins/entity_manager/server/lib/entities/install_entity_definition.test.ts b/x-pack/plugins/entity_manager/server/lib/entities/install_entity_definition.test.ts
index 4633885b51387..1d3d0c21bc6d6 100644
--- a/x-pack/plugins/entity_manager/server/lib/entities/install_entity_definition.test.ts
+++ b/x-pack/plugins/entity_manager/server/lib/entities/install_entity_definition.test.ts
@@ -260,7 +260,7 @@ describe('install_entity_definition', () => {
   describe('installBuiltInEntityDefinitions', () => {
     it('should install definition when not found', async () => {
       const builtInDefinitions = [mockEntityDefinition];
-      const clusterClient = elasticsearchClientMock.createScopedClusterClient();
+      const esClient = elasticsearchClientMock.createElasticsearchClient();
       const soClient = savedObjectsClientMock.create();
       soClient.find.mockResolvedValue({ saved_objects: [], total: 0, page: 1, per_page: 10 });
       soClient.update.mockResolvedValue({
@@ -271,19 +271,18 @@ describe('install_entity_definition', () => {
       });
 
       await installBuiltInEntityDefinitions({
-        clusterClient,
+        esClient,
         soClient,
         definitions: builtInDefinitions,
         logger: loggerMock.create(),
       });
 
-      assertHasCreatedDefinition(mockEntityDefinition, soClient, clusterClient.asSecondaryAuthUser);
+      assertHasCreatedDefinition(mockEntityDefinition, soClient, esClient);
     });
 
     it('should reinstall when partial state found', async () => {
       const builtInDefinitions = [mockEntityDefinition];
-      const clusterClient = elasticsearchClientMock.createScopedClusterClient();
-      const esClient = clusterClient.asInternalUser;
+      const esClient = elasticsearchClientMock.createElasticsearchClient();
       // mock partially installed definition
       esClient.ingest.getPipeline.mockResolvedValue({});
       esClient.transform.getTransformStats.mockResolvedValue({ transforms: [], count: 0 });
@@ -315,18 +314,14 @@ describe('install_entity_definition', () => {
       });
 
       await installBuiltInEntityDefinitions({
-        clusterClient,
+        esClient,
         soClient,
         definitions: builtInDefinitions,
         logger: loggerMock.create(),
       });
 
-      assertHasDeletedTransforms(mockEntityDefinition, clusterClient.asSecondaryAuthUser);
-      assertHasUpgradedDefinition(
-        mockEntityDefinition,
-        soClient,
-        clusterClient.asSecondaryAuthUser
-      );
+      assertHasDeletedTransforms(mockEntityDefinition, esClient);
+      assertHasUpgradedDefinition(mockEntityDefinition, soClient, esClient);
     });
 
     it('should reinstall when outdated version', async () => {
@@ -334,8 +329,7 @@ describe('install_entity_definition', () => {
         ...mockEntityDefinition,
         version: semver.inc(mockEntityDefinition.version, 'major') ?? '0.0.0',
       };
-      const clusterClient = elasticsearchClientMock.createScopedClusterClient();
-      const esClient = clusterClient.asInternalUser;
+      const esClient = elasticsearchClientMock.createElasticsearchClient();
       esClient.transform.getTransformStats.mockResolvedValue({ transforms: [], count: 0 });
       const soClient = savedObjectsClientMock.create();
 
@@ -365,14 +359,14 @@ describe('install_entity_definition', () => {
       });
 
       await installBuiltInEntityDefinitions({
-        clusterClient,
+        esClient,
         soClient,
         definitions: [updatedDefinition],
         logger: loggerMock.create(),
       });
 
-      assertHasDeletedTransforms(mockEntityDefinition, clusterClient.asSecondaryAuthUser);
-      assertHasUpgradedDefinition(updatedDefinition, soClient, clusterClient.asSecondaryAuthUser);
+      assertHasDeletedTransforms(mockEntityDefinition, esClient);
+      assertHasUpgradedDefinition(updatedDefinition, soClient, esClient);
     });
 
     it('should reinstall when stale upgrade', async () => {
@@ -380,8 +374,7 @@ describe('install_entity_definition', () => {
         ...mockEntityDefinition,
         version: semver.inc(mockEntityDefinition.version, 'major') ?? '0.0.0',
       };
-      const clusterClient = elasticsearchClientMock.createScopedClusterClient();
-      const esClient = clusterClient.asInternalUser;
+      const esClient = elasticsearchClientMock.createElasticsearchClient();
       esClient.transform.getTransformStats.mockResolvedValue({ transforms: [], count: 0 });
       const soClient = savedObjectsClientMock.create();
 
@@ -413,19 +406,18 @@ describe('install_entity_definition', () => {
       });
 
       await installBuiltInEntityDefinitions({
-        clusterClient,
+        esClient,
         soClient,
         definitions: [updatedDefinition],
         logger: loggerMock.create(),
       });
 
-      assertHasDeletedTransforms(mockEntityDefinition, clusterClient.asSecondaryAuthUser);
-      assertHasUpgradedDefinition(updatedDefinition, soClient, clusterClient.asSecondaryAuthUser);
+      assertHasDeletedTransforms(mockEntityDefinition, esClient);
+      assertHasUpgradedDefinition(updatedDefinition, soClient, esClient);
     });
 
     it('should reinstall when failed installation', async () => {
-      const clusterClient = elasticsearchClientMock.createScopedClusterClient();
-      const esClient = clusterClient.asInternalUser;
+      const esClient = elasticsearchClientMock.createElasticsearchClient();
       esClient.transform.getTransformStats.mockResolvedValue({ transforms: [], count: 0 });
       const soClient = savedObjectsClientMock.create();
 
@@ -456,18 +448,14 @@ describe('install_entity_definition', () => {
       });
 
       await installBuiltInEntityDefinitions({
-        clusterClient,
+        esClient,
         soClient,
         definitions: [mockEntityDefinition],
         logger: loggerMock.create(),
       });
 
-      assertHasDeletedTransforms(mockEntityDefinition, clusterClient.asSecondaryAuthUser);
-      assertHasUpgradedDefinition(
-        mockEntityDefinition,
-        soClient,
-        clusterClient.asSecondaryAuthUser
-      );
+      assertHasDeletedTransforms(mockEntityDefinition, esClient);
+      assertHasUpgradedDefinition(mockEntityDefinition, soClient, esClient);
     });
   });
 });
diff --git a/x-pack/plugins/entity_manager/server/lib/entities/install_entity_definition.ts b/x-pack/plugins/entity_manager/server/lib/entities/install_entity_definition.ts
index bfc37ac52e2c1..3396ee3aa231c 100644
--- a/x-pack/plugins/entity_manager/server/lib/entities/install_entity_definition.ts
+++ b/x-pack/plugins/entity_manager/server/lib/entities/install_entity_definition.ts
@@ -6,7 +6,7 @@
  */
 
 import semver from 'semver';
-import { ElasticsearchClient, IScopedClusterClient } from '@kbn/core-elasticsearch-server';
+import { ElasticsearchClient } from '@kbn/core-elasticsearch-server';
 import { SavedObjectsClientContract } from '@kbn/core-saved-objects-api-server';
 import { EntityDefinition, EntityDefinitionUpdate } from '@kbn/entities-schema';
 import { Logger } from '@kbn/logging';
@@ -88,12 +88,12 @@ export async function installEntityDefinition({
 }
 
 export async function installBuiltInEntityDefinitions({
-  clusterClient,
+  esClient,
   soClient,
   logger,
   definitions,
 }: Omit<InstallDefinitionParams, 'definition' | 'esClient'> & {
-  clusterClient: IScopedClusterClient;
+  esClient: ElasticsearchClient;
   definitions: EntityDefinition[];
 }): Promise<EntityDefinition[]> {
   if (definitions.length === 0) return [];
@@ -102,18 +102,18 @@ export async function installBuiltInEntityDefinitions({
   const installPromises = definitions.map(async (builtInDefinition) => {
     const installedDefinition = await findEntityDefinitionById({
       soClient,
-      esClient: clusterClient.asInternalUser,
+      esClient,
       id: builtInDefinition.id,
       includeState: true,
     });
 
     if (!installedDefinition) {
       // clean data from previous installation
-      await deleteIndices(clusterClient.asCurrentUser, builtInDefinition, logger);
+      await deleteIndices(esClient, builtInDefinition, logger);
 
       return await installEntityDefinition({
         definition: builtInDefinition,
-        esClient: clusterClient.asSecondaryAuthUser,
+        esClient,
         soClient,
         logger,
       });
@@ -134,7 +134,7 @@ export async function installBuiltInEntityDefinitions({
     );
     return await reinstallEntityDefinition({
       soClient,
-      clusterClient,
+      esClient,
       logger,
       definition: installedDefinition,
       definitionUpdate: builtInDefinition,
@@ -174,14 +174,14 @@ async function install({
 
 // stop and delete the current transforms and reinstall all the components
 export async function reinstallEntityDefinition({
-  clusterClient,
+  esClient,
   soClient,
   definition,
   definitionUpdate,
   logger,
   deleteData = false,
 }: Omit<InstallDefinitionParams, 'esClient'> & {
-  clusterClient: IScopedClusterClient;
+  esClient: ElasticsearchClient;
   definitionUpdate: EntityDefinitionUpdate;
   deleteData?: boolean;
 }): Promise<EntityDefinition> {
@@ -202,16 +202,16 @@ export async function reinstallEntityDefinition({
     });
 
     logger.debug(`Deleting transforms for definition [${definition.id}] v${definition.version}`);
-    await stopAndDeleteTransforms(clusterClient.asSecondaryAuthUser, definition, logger);
+    await stopAndDeleteTransforms(esClient, definition, logger);
 
     if (deleteData) {
-      await deleteIndices(clusterClient.asCurrentUser, definition, logger);
+      await deleteIndices(esClient, definition, logger);
     }
 
     return await install({
       soClient,
       logger,
-      esClient: clusterClient.asSecondaryAuthUser,
+      esClient,
       definition: updatedDefinition,
     });
   } catch (err) {
diff --git a/x-pack/plugins/entity_manager/server/lib/entities/upgrade_entity_definition.ts b/x-pack/plugins/entity_manager/server/lib/entities/upgrade_entity_definition.ts
index 66bc6da96619b..a4d44cd45ee17 100644
--- a/x-pack/plugins/entity_manager/server/lib/entities/upgrade_entity_definition.ts
+++ b/x-pack/plugins/entity_manager/server/lib/entities/upgrade_entity_definition.ts
@@ -35,20 +35,18 @@ export async function upgradeBuiltInEntityDefinitions({
     );
   }
 
-  const { clusterClient, soClient } = getClientsFromAPIKey({ apiKey, server });
+  const { esClient, soClient } = getClientsFromAPIKey({ apiKey, server });
 
   logger.debug(`Starting built-in definitions upgrade`);
   const upgradedDefinitions = await installBuiltInEntityDefinitions({
-    clusterClient,
+    esClient,
     soClient,
     definitions,
     logger,
   });
 
   await Promise.all(
-    upgradedDefinitions.map((definition) =>
-      startTransforms(clusterClient.asSecondaryAuthUser, definition, logger)
-    )
+    upgradedDefinitions.map((definition) => startTransforms(esClient, definition, logger))
   );
 
   return { success: true, definitions: upgradedDefinitions };
diff --git a/x-pack/plugins/entity_manager/server/lib/entity_client.ts b/x-pack/plugins/entity_manager/server/lib/entity_client.ts
index 4e1dd263f9ca3..8bb51941092f2 100644
--- a/x-pack/plugins/entity_manager/server/lib/entity_client.ts
+++ b/x-pack/plugins/entity_manager/server/lib/entity_client.ts
@@ -7,7 +7,7 @@
 
 import { EntityDefinition, EntityDefinitionUpdate } from '@kbn/entities-schema';
 import { SavedObjectsClientContract } from '@kbn/core-saved-objects-api-server';
-import { IScopedClusterClient } from '@kbn/core-elasticsearch-server';
+import { ElasticsearchClient } from '@kbn/core-elasticsearch-server';
 import { Logger } from '@kbn/logging';
 import {
   installEntityDefinition,
@@ -27,7 +27,7 @@ import { EntityDefinitionUpdateConflict } from './entities/errors/entity_definit
 export class EntityClient {
   constructor(
     private options: {
-      clusterClient: IScopedClusterClient;
+      esClient: ElasticsearchClient;
       soClient: SavedObjectsClientContract;
       logger: Logger;
     }
@@ -43,16 +43,15 @@ export class EntityClient {
     this.options.logger.info(
       `Creating definition [${definition.id}] v${definition.version} (installOnly=${installOnly})`
     );
-    const secondaryAuthClient = this.options.clusterClient.asSecondaryAuthUser;
     const installedDefinition = await installEntityDefinition({
       definition,
-      esClient: secondaryAuthClient,
+      esClient: this.options.esClient,
       soClient: this.options.soClient,
       logger: this.options.logger,
     });
 
     if (!installOnly) {
-      await startTransforms(secondaryAuthClient, installedDefinition, this.options.logger);
+      await startTransforms(this.options.esClient, installedDefinition, this.options.logger);
     }
 
     return installedDefinition;
@@ -68,7 +67,7 @@ export class EntityClient {
     const definition = await findEntityDefinitionById({
       id,
       soClient: this.options.soClient,
-      esClient: this.options.clusterClient.asInternalUser,
+      esClient: this.options.esClient,
       includeState: true,
     });
 
@@ -95,16 +94,12 @@ export class EntityClient {
       definition,
       definitionUpdate,
       soClient: this.options.soClient,
-      clusterClient: this.options.clusterClient,
+      esClient: this.options.esClient,
       logger: this.options.logger,
     });
 
     if (shouldRestartTransforms) {
-      await startTransforms(
-        this.options.clusterClient.asSecondaryAuthUser,
-        updatedDefinition,
-        this.options.logger
-      );
+      await startTransforms(this.options.esClient, updatedDefinition, this.options.logger);
     }
     return updatedDefinition;
   }
@@ -112,7 +107,7 @@ export class EntityClient {
   async deleteEntityDefinition({ id, deleteData = false }: { id: string; deleteData?: boolean }) {
     const definition = await findEntityDefinitionById({
       id,
-      esClient: this.options.clusterClient.asInternalUser,
+      esClient: this.options.esClient,
       soClient: this.options.soClient,
     });
 
@@ -125,7 +120,7 @@ export class EntityClient {
     );
     await uninstallEntityDefinition({
       definition,
-      esClient: this.options.clusterClient.asSecondaryAuthUser,
+      esClient: this.options.esClient,
       soClient: this.options.soClient,
       logger: this.options.logger,
     });
@@ -133,11 +128,7 @@ export class EntityClient {
     if (deleteData) {
       // delete data with current user as system user does not have
       // .entities privileges
-      await deleteIndices(
-        this.options.clusterClient.asCurrentUser,
-        definition,
-        this.options.logger
-      );
+      await deleteIndices(this.options.esClient, definition, this.options.logger);
     }
   }
 
@@ -157,7 +148,7 @@ export class EntityClient {
     builtIn?: boolean;
   }) {
     const definitions = await findEntityDefinitions({
-      esClient: this.options.clusterClient.asInternalUser,
+      esClient: this.options.esClient,
       soClient: this.options.soClient,
       page,
       perPage,
@@ -172,19 +163,11 @@ export class EntityClient {
 
   async startEntityDefinition(definition: EntityDefinition) {
     this.options.logger.info(`Starting transforms for definition [${definition.id}]`);
-    return startTransforms(
-      this.options.clusterClient.asSecondaryAuthUser,
-      definition,
-      this.options.logger
-    );
+    return startTransforms(this.options.esClient, definition, this.options.logger);
   }
 
   async stopEntityDefinition(definition: EntityDefinition) {
     this.options.logger.info(`Stopping transforms for definition [${definition.id}]`);
-    return stopTransforms(
-      this.options.clusterClient.asSecondaryAuthUser,
-      definition,
-      this.options.logger
-    );
+    return stopTransforms(this.options.esClient, definition, this.options.logger);
   }
 }
diff --git a/x-pack/plugins/entity_manager/server/lib/utils.ts b/x-pack/plugins/entity_manager/server/lib/utils.ts
index dfe14dcf20abd..d1d76e147efb0 100644
--- a/x-pack/plugins/entity_manager/server/lib/utils.ts
+++ b/x-pack/plugins/entity_manager/server/lib/utils.ts
@@ -5,7 +5,7 @@
  * 2.0.
  */
 
-import { IScopedClusterClient } from '@kbn/core-elasticsearch-server';
+import { ElasticsearchClient } from '@kbn/core-elasticsearch-server';
 import { SavedObjectsClientContract } from '@kbn/core-saved-objects-api-server';
 import { getFakeKibanaRequest } from '@kbn/security-plugin/server/authentication/api_keys/fake_kibana_request';
 import { EntityManagerServerSetup } from '../types';
@@ -17,9 +17,9 @@ export const getClientsFromAPIKey = ({
 }: {
   apiKey: EntityDiscoveryAPIKey;
   server: EntityManagerServerSetup;
-}): { clusterClient: IScopedClusterClient; soClient: SavedObjectsClientContract } => {
+}): { esClient: ElasticsearchClient; soClient: SavedObjectsClientContract } => {
   const fakeRequest = getFakeKibanaRequest({ id: apiKey.id, api_key: apiKey.apiKey });
-  const clusterClient = server.core.elasticsearch.client.asScoped(fakeRequest);
+  const esClient = server.core.elasticsearch.client.asScoped(fakeRequest).asCurrentUser;
   const soClient = server.core.savedObjects.getScopedClient(fakeRequest);
-  return { clusterClient, soClient };
+  return { esClient, soClient };
 };
diff --git a/x-pack/plugins/entity_manager/server/plugin.ts b/x-pack/plugins/entity_manager/server/plugin.ts
index 152b1b59b3107..101fdde95c9dc 100644
--- a/x-pack/plugins/entity_manager/server/plugin.ts
+++ b/x-pack/plugins/entity_manager/server/plugin.ts
@@ -99,9 +99,9 @@ export class EntityManagerServerPlugin
     request: KibanaRequest;
     coreStart: CoreStart;
   }) {
-    const clusterClient = coreStart.elasticsearch.client.asScoped(request);
+    const esClient = coreStart.elasticsearch.client.asScoped(request).asCurrentUser;
     const soClient = coreStart.savedObjects.getScopedClient(request);
-    return new EntityClient({ clusterClient, soClient, logger: this.logger });
+    return new EntityClient({ esClient, soClient, logger: this.logger });
   }
 
   public start(
diff --git a/x-pack/plugins/entity_manager/server/routes/enablement/check.ts b/x-pack/plugins/entity_manager/server/routes/enablement/check.ts
index 1c67643c5c902..5373ac9df50f5 100644
--- a/x-pack/plugins/entity_manager/server/routes/enablement/check.ts
+++ b/x-pack/plugins/entity_manager/server/routes/enablement/check.ts
@@ -45,6 +45,15 @@ import { createEntityManagerServerRoute } from '../create_entity_manager_server_
  */
 export const checkEntityDiscoveryEnabledRoute = createEntityManagerServerRoute({
   endpoint: 'GET /internal/entities/managed/enablement',
+  options: {
+    security: {
+      authz: {
+        enabled: false,
+        reason:
+          'This endpoint leverages the security plugin to evaluate the privileges needed as part of its core flow',
+      },
+    },
+  },
   handler: async ({ response, logger, server }) => {
     try {
       logger.debug('reading entity discovery API key from saved object');
@@ -61,13 +70,13 @@ export const checkEntityDiscoveryEnabledRoute = createEntityManagerServerRoute({
         return response.ok({ body: { enabled: false, reason: ERROR_API_KEY_NOT_VALID } });
       }
 
-      const { clusterClient, soClient } = getClientsFromAPIKey({ apiKey, server });
+      const { esClient, soClient } = getClientsFromAPIKey({ apiKey, server });
 
       const entityDiscoveryState = await Promise.all(
         builtInDefinitions.map(async (builtInDefinition) => {
           const definitions = await findEntityDefinitions({
             soClient,
-            esClient: clusterClient.asSecondaryAuthUser,
+            esClient,
             id: builtInDefinition.id,
             includeState: true,
           });
diff --git a/x-pack/plugins/entity_manager/server/routes/enablement/disable.ts b/x-pack/plugins/entity_manager/server/routes/enablement/disable.ts
index 01208fe19d7a0..a71a317045c44 100644
--- a/x-pack/plugins/entity_manager/server/routes/enablement/disable.ts
+++ b/x-pack/plugins/entity_manager/server/routes/enablement/disable.ts
@@ -44,6 +44,15 @@ import { createEntityManagerServerRoute } from '../create_entity_manager_server_
  */
 export const disableEntityDiscoveryRoute = createEntityManagerServerRoute({
   endpoint: 'DELETE /internal/entities/managed/enablement',
+  options: {
+    security: {
+      authz: {
+        enabled: false,
+        reason:
+          'This endpoint leverages the security plugin to evaluate the privileges needed as part of its core flow',
+      },
+    },
+  },
   params: z.object({
     query: z.object({
       deleteData: z.optional(BooleanFromString).default(false),
diff --git a/x-pack/plugins/entity_manager/server/routes/enablement/enable.ts b/x-pack/plugins/entity_manager/server/routes/enablement/enable.ts
index 9a851e08b5673..562b798a598a6 100644
--- a/x-pack/plugins/entity_manager/server/routes/enablement/enable.ts
+++ b/x-pack/plugins/entity_manager/server/routes/enablement/enable.ts
@@ -63,6 +63,15 @@ import { startTransforms } from '../../lib/entities/start_transforms';
  */
 export const enableEntityDiscoveryRoute = createEntityManagerServerRoute({
   endpoint: 'PUT /internal/entities/managed/enablement',
+  options: {
+    security: {
+      authz: {
+        enabled: false,
+        reason:
+          'This endpoint leverages the security plugin to evaluate the privileges needed as part of its core flow',
+      },
+    },
+  },
   params: z.object({
     query: createEntityDefinitionQuerySchema,
   }),
@@ -120,9 +129,9 @@ export const enableEntityDiscoveryRoute = createEntityManagerServerRoute({
 
       await saveEntityDiscoveryAPIKey(soClient, apiKey);
 
-      const clusterClient = core.elasticsearch.client;
+      const esClient = core.elasticsearch.client.asCurrentUser;
       const installedDefinitions = await installBuiltInEntityDefinitions({
-        clusterClient,
+        esClient,
         soClient,
         logger,
         definitions: builtInDefinitions,
@@ -131,7 +140,7 @@ export const enableEntityDiscoveryRoute = createEntityManagerServerRoute({
       if (!params.query.installOnly) {
         await Promise.all(
           installedDefinitions.map((installedDefinition) =>
-            startTransforms(clusterClient.asSecondaryAuthUser, installedDefinition, logger)
+            startTransforms(esClient, installedDefinition, logger)
           )
         );
       }
diff --git a/x-pack/plugins/entity_manager/server/routes/entities/create.ts b/x-pack/plugins/entity_manager/server/routes/entities/create.ts
index 114764444632f..a22916f3e69f7 100644
--- a/x-pack/plugins/entity_manager/server/routes/entities/create.ts
+++ b/x-pack/plugins/entity_manager/server/routes/entities/create.ts
@@ -12,6 +12,7 @@ import { EntityIdConflict } from '../../lib/entities/errors/entity_id_conflict_e
 import { EntitySecurityException } from '../../lib/entities/errors/entity_security_exception';
 import { InvalidTransformError } from '../../lib/entities/errors/invalid_transform_error';
 import { createEntityManagerServerRoute } from '../create_entity_manager_server_route';
+import { canManageEntityDefinition } from '../../lib/auth';
 
 /**
  * @openapi
@@ -49,12 +50,35 @@ import { createEntityManagerServerRoute } from '../create_entity_manager_server_
  */
 export const createEntityDefinitionRoute = createEntityManagerServerRoute({
   endpoint: 'POST /internal/entities/definition',
+  options: {
+    security: {
+      authz: {
+        enabled: false,
+        reason:
+          'This endpoint mainly manages Elasticsearch resources using the requesting users credentials',
+      },
+    },
+  },
   params: z.object({
     query: createEntityDefinitionQuerySchema,
     body: entityDefinitionSchema,
   }),
-  handler: async ({ request, response, params, logger, getScopedClient }) => {
+  handler: async ({ context, request, response, params, logger, getScopedClient }) => {
     try {
+      const currentUserClient = (await context.core).elasticsearch.client.asCurrentUser;
+      const isAuthorized = await canManageEntityDefinition(
+        currentUserClient,
+        params.body.indexPatterns
+      );
+      if (!isAuthorized) {
+        return response.forbidden({
+          body: {
+            message:
+              'Current Kibana user does not have the required permissions to create the entity definition',
+          },
+        });
+      }
+
       const client = await getScopedClient({ request });
       const definition = await client.createEntityDefinition({
         definition: params.body,
diff --git a/x-pack/plugins/entity_manager/server/routes/entities/delete.ts b/x-pack/plugins/entity_manager/server/routes/entities/delete.ts
index 840f3746bc9bb..ff5b9624dbb3c 100644
--- a/x-pack/plugins/entity_manager/server/routes/entities/delete.ts
+++ b/x-pack/plugins/entity_manager/server/routes/entities/delete.ts
@@ -14,6 +14,7 @@ import { EntityDefinitionNotFound } from '../../lib/entities/errors/entity_not_f
 import { EntitySecurityException } from '../../lib/entities/errors/entity_security_exception';
 import { InvalidTransformError } from '../../lib/entities/errors/invalid_transform_error';
 import { createEntityManagerServerRoute } from '../create_entity_manager_server_route';
+import { canDeleteEntityDefinition } from '../../lib/auth/privileges';
 
 /**
  * @openapi
@@ -51,12 +52,32 @@ import { createEntityManagerServerRoute } from '../create_entity_manager_server_
  */
 export const deleteEntityDefinitionRoute = createEntityManagerServerRoute({
   endpoint: 'DELETE /internal/entities/definition/{id}',
+  options: {
+    security: {
+      authz: {
+        enabled: false,
+        reason:
+          'This endpoint mainly manages Elasticsearch resources using the requesting users credentials',
+      },
+    },
+  },
   params: z.object({
     path: deleteEntityDefinitionParamsSchema,
     query: deleteEntityDefinitionQuerySchema,
   }),
-  handler: async ({ request, response, params, logger, getScopedClient }) => {
+  handler: async ({ context, request, response, params, logger, getScopedClient }) => {
     try {
+      const currentUserClient = (await context.core).elasticsearch.client.asCurrentUser;
+      const isAuthorized = await canDeleteEntityDefinition(currentUserClient);
+      if (!isAuthorized) {
+        return response.forbidden({
+          body: {
+            message:
+              'Current Kibana user does not have the required permissions to delete the entity definition',
+          },
+        });
+      }
+
       const client = await getScopedClient({ request });
       await client.deleteEntityDefinition({
         id: params.path.id,
diff --git a/x-pack/plugins/entity_manager/server/routes/entities/get.ts b/x-pack/plugins/entity_manager/server/routes/entities/get.ts
index 8ec2489136fb1..f22e0890e60ad 100644
--- a/x-pack/plugins/entity_manager/server/routes/entities/get.ts
+++ b/x-pack/plugins/entity_manager/server/routes/entities/get.ts
@@ -50,6 +50,15 @@ import { createEntityManagerServerRoute } from '../create_entity_manager_server_
  */
 export const getEntityDefinitionRoute = createEntityManagerServerRoute({
   endpoint: 'GET /internal/entities/definition/{id?}',
+  options: {
+    security: {
+      authz: {
+        enabled: false,
+        reason:
+          'This endpoint mainly manages Elasticsearch resources using the requesting users credentials',
+      },
+    },
+  },
   params: z.object({
     query: getEntityDefinitionQuerySchema,
     path: z.object({ id: z.optional(z.string()) }),
diff --git a/x-pack/plugins/entity_manager/server/routes/entities/reset.ts b/x-pack/plugins/entity_manager/server/routes/entities/reset.ts
index 0b6942e335e51..ab4ba29fa1483 100644
--- a/x-pack/plugins/entity_manager/server/routes/entities/reset.ts
+++ b/x-pack/plugins/entity_manager/server/routes/entities/reset.ts
@@ -25,6 +25,15 @@ import { stopTransforms } from '../../lib/entities/stop_transforms';
 
 export const resetEntityDefinitionRoute = createEntityManagerServerRoute({
   endpoint: 'POST /internal/entities/definition/{id}/_reset',
+  options: {
+    security: {
+      authz: {
+        enabled: false,
+        reason:
+          'This endpoint mainly manages Elasticsearch resources using the requesting users credentials',
+      },
+    },
+  },
   params: z.object({
     path: resetEntityDefinitionParamsSchema,
   }),
diff --git a/x-pack/plugins/entity_manager/server/routes/entities/update.ts b/x-pack/plugins/entity_manager/server/routes/entities/update.ts
index 3b7ea8a03830d..f1118028cda93 100644
--- a/x-pack/plugins/entity_manager/server/routes/entities/update.ts
+++ b/x-pack/plugins/entity_manager/server/routes/entities/update.ts
@@ -12,6 +12,8 @@ import { InvalidTransformError } from '../../lib/entities/errors/invalid_transfo
 import { createEntityManagerServerRoute } from '../create_entity_manager_server_route';
 import { EntityDefinitionNotFound } from '../../lib/entities/errors/entity_not_found';
 import { EntityDefinitionUpdateConflict } from '../../lib/entities/errors/entity_definition_update_conflict';
+import { findEntityDefinitionById } from '../../lib/entities/find_entity_definition';
+import { canManageEntityDefinition } from '../../lib/auth';
 
 /**
  * @openapi
@@ -52,14 +54,45 @@ import { EntityDefinitionUpdateConflict } from '../../lib/entities/errors/entity
  */
 export const updateEntityDefinitionRoute = createEntityManagerServerRoute({
   endpoint: 'PATCH /internal/entities/definition/{id}',
+  options: {
+    security: {
+      authz: {
+        enabled: false,
+        reason:
+          'This endpoint mainly manages Elasticsearch resources using the requesting users credentials',
+      },
+    },
+  },
   params: z.object({
     path: z.object({ id: z.string() }),
     body: entityDefinitionUpdateSchema,
   }),
-  handler: async ({ request, response, params, logger, getScopedClient }) => {
-    const entityClient = await getScopedClient({ request });
-
+  handler: async ({ context, request, response, params, logger, getScopedClient }) => {
     try {
+      const core = await context.core;
+      const definition = await findEntityDefinitionById({
+        id: params.path.id,
+        esClient: core.elasticsearch.client.asCurrentUser,
+        soClient: core.savedObjects.client,
+      });
+      if (!definition) {
+        throw new EntityDefinitionNotFound(`Unable to find entity definition [${params.path.id}]`);
+      }
+
+      const isAuthorized = await canManageEntityDefinition(
+        core.elasticsearch.client.asCurrentUser,
+        params.body.indexPatterns ?? definition.indexPatterns
+      );
+      if (!isAuthorized) {
+        return response.forbidden({
+          body: {
+            message:
+              'Current Kibana user does not have the required permissions to update the entity definition',
+          },
+        });
+      }
+
+      const entityClient = await getScopedClient({ request });
       const updatedDefinition = await entityClient.updateEntityDefinition({
         id: params.path.id,
         definitionUpdate: params.body,
diff --git a/x-pack/plugins/fields_metadata/server/routes/fields_metadata/find_fields_metadata.ts b/x-pack/plugins/fields_metadata/server/routes/fields_metadata/find_fields_metadata.ts
index 5e518618d98d8..422c16a726843 100644
--- a/x-pack/plugins/fields_metadata/server/routes/fields_metadata/find_fields_metadata.ts
+++ b/x-pack/plugins/fields_metadata/server/routes/fields_metadata/find_fields_metadata.ts
@@ -24,6 +24,12 @@ export const initFindFieldsMetadataRoute = ({
     .addVersion(
       {
         version: '1',
+        security: {
+          authz: {
+            enabled: false,
+            reason: 'This route is opted out from authorization',
+          },
+        },
         validate: {
           request: {
             query: createValidationFunction(fieldsMetadataV1.findFieldsMetadataRequestQueryRT),
diff --git a/x-pack/plugins/file_upload/server/routes.ts b/x-pack/plugins/file_upload/server/routes.ts
index 8818e0a2e2dff..b39a63471c15c 100644
--- a/x-pack/plugins/file_upload/server/routes.ts
+++ b/x-pack/plugins/file_upload/server/routes.ts
@@ -109,12 +109,16 @@ export function fileUploadRoutes(coreSetup: CoreSetup<StartDeps, unknown>, logge
     .post({
       path: '/internal/file_upload/analyze_file',
       access: 'internal',
+      security: {
+        authz: {
+          requiredPrivileges: ['fileUpload:analyzeFile'],
+        },
+      },
       options: {
         body: {
           accepts: ['text/*', 'application/json'],
           maxBytes: MAX_FILE_SIZE_BYTES,
         },
-        tags: ['access:fileUpload:analyzeFile'],
       },
     })
     .addVersion(
@@ -260,8 +264,10 @@ export function fileUploadRoutes(coreSetup: CoreSetup<StartDeps, unknown>, logge
     .post({
       path: '/internal/file_upload/time_field_range',
       access: 'internal',
-      options: {
-        tags: ['access:fileUpload:analyzeFile'],
+      security: {
+        authz: {
+          requiredPrivileges: ['fileUpload:analyzeFile'],
+        },
       },
     })
     .addVersion(
@@ -313,8 +319,10 @@ export function fileUploadRoutes(coreSetup: CoreSetup<StartDeps, unknown>, logge
     .post({
       path: '/internal/file_upload/preview_index_time_range',
       access: 'internal',
-      options: {
-        tags: ['access:fileUpload:analyzeFile'],
+      security: {
+        authz: {
+          requiredPrivileges: ['fileUpload:analyzeFile'],
+        },
       },
     })
     .addVersion(
@@ -356,8 +364,12 @@ export function fileUploadRoutes(coreSetup: CoreSetup<StartDeps, unknown>, logge
     .post({
       path: '/internal/file_upload/preview_tika_contents',
       access: 'internal',
+      security: {
+        authz: {
+          requiredPrivileges: ['fileUpload:analyzeFile'],
+        },
+      },
       options: {
-        tags: ['access:fileUpload:analyzeFile'],
         body: {
           accepts: ['application/json'],
           maxBytes: MAX_TIKA_FILE_SIZE_BYTES,
diff --git a/x-pack/plugins/fleet/common/types/index.ts b/x-pack/plugins/fleet/common/types/index.ts
index 647a8b917d0c0..f7ce99b7f6708 100644
--- a/x-pack/plugins/fleet/common/types/index.ts
+++ b/x-pack/plugins/fleet/common/types/index.ts
@@ -49,6 +49,7 @@ export interface FleetConfigType {
   packages?: PreconfiguredPackage[];
   outputs?: PreconfiguredOutput[];
   agentIdVerificationEnabled?: boolean;
+  eventIngestedEnabled?: boolean;
   enableExperimental?: string[];
   packageVerification?: {
     gpgKeyPath?: string;
diff --git a/x-pack/plugins/fleet/public/mock/plugin_configuration.ts b/x-pack/plugins/fleet/public/mock/plugin_configuration.ts
index 935561426d7c2..30c01b1dfeb43 100644
--- a/x-pack/plugins/fleet/public/mock/plugin_configuration.ts
+++ b/x-pack/plugins/fleet/public/mock/plugin_configuration.ts
@@ -13,6 +13,7 @@ export const createConfigurationMock = (): FleetConfigType => {
     registryUrl: '',
     registryProxyUrl: '',
     agentIdVerificationEnabled: true,
+    eventIngestedEnabled: false,
     agents: {
       enabled: true,
       elasticsearch: {
diff --git a/x-pack/plugins/fleet/server/config.ts b/x-pack/plugins/fleet/server/config.ts
index ab5e06ef03716..b4f41562fd3ec 100644
--- a/x-pack/plugins/fleet/server/config.ts
+++ b/x-pack/plugins/fleet/server/config.ts
@@ -170,6 +170,7 @@ export const config: PluginConfigDescriptor = {
       proxies: PreconfiguredFleetProxiesSchema,
       spaceSettings: PreconfiguredSpaceSettingsSchema,
       agentIdVerificationEnabled: schema.boolean({ defaultValue: true }),
+      eventIngestedEnabled: schema.boolean({ defaultValue: false }),
       setup: schema.maybe(
         schema.object({
           agentPolicySchemaUpgradeBatchSize: schema.maybe(schema.number()),
diff --git a/x-pack/plugins/fleet/server/constants/fleet_es_assets.ts b/x-pack/plugins/fleet/server/constants/fleet_es_assets.ts
index 55e6493c77891..621adc5b3b81c 100644
--- a/x-pack/plugins/fleet/server/constants/fleet_es_assets.ts
+++ b/x-pack/plugins/fleet/server/constants/fleet_es_assets.ts
@@ -17,6 +17,8 @@ export const FLEET_AGENT_POLICIES_SCHEMA_VERSION = '1.1.1';
 
 export const FLEET_FINAL_PIPELINE_ID = '.fleet_final_pipeline-1';
 
+export const FLEET_EVENT_INGESTED_PIPELINE_ID = '.fleet_event_ingested_pipeline-1';
+
 export const FLEET_GLOBALS_COMPONENT_TEMPLATE_NAME = '.fleet_globals-1';
 
 export const FLEET_GLOBALS_COMPONENT_TEMPLATE_CONTENT = {
@@ -46,6 +48,12 @@ export const FLEET_GLOBALS_COMPONENT_TEMPLATE_CONTENT = {
 };
 export const FLEET_AGENT_ID_VERIFY_COMPONENT_TEMPLATE_NAME = '.fleet_agent_id_verification-1';
 
+export const INGESTED_MAPPING = {
+  type: 'date',
+  format: 'strict_date_time_no_millis||strict_date_optional_time||epoch_millis',
+  ignore_malformed: false,
+};
+
 export const FLEET_AGENT_ID_VERIFY_COMPONENT_TEMPLATE_CONTENT = {
   _meta: meta,
   template: {
@@ -58,11 +66,7 @@ export const FLEET_AGENT_ID_VERIFY_COMPONENT_TEMPLATE_CONTENT = {
       properties: {
         event: {
           properties: {
-            ingested: {
-              type: 'date',
-              format: 'strict_date_time_no_millis||strict_date_optional_time||epoch_millis',
-              ignore_malformed: false,
-            },
+            ingested: INGESTED_MAPPING,
             agent_id_status: {
               ignore_above: 1024,
               type: 'keyword',
@@ -74,12 +78,38 @@ export const FLEET_AGENT_ID_VERIFY_COMPONENT_TEMPLATE_CONTENT = {
   },
 };
 
+export const FLEET_EVENT_INGESTED_COMPONENT_TEMPLATE_NAME = '.fleet_event_ingested-1';
+
+export const FLEET_EVENT_INGESTED_COMPONENT_TEMPLATE_CONTENT = {
+  _meta: meta,
+  template: {
+    settings: {
+      index: {
+        final_pipeline: FLEET_EVENT_INGESTED_PIPELINE_ID,
+      },
+    },
+    mappings: {
+      properties: {
+        event: {
+          properties: {
+            ingested: INGESTED_MAPPING,
+          },
+        },
+      },
+    },
+  },
+};
+
 export const FLEET_COMPONENT_TEMPLATES = [
   { name: FLEET_GLOBALS_COMPONENT_TEMPLATE_NAME, body: FLEET_GLOBALS_COMPONENT_TEMPLATE_CONTENT },
   {
     name: FLEET_AGENT_ID_VERIFY_COMPONENT_TEMPLATE_NAME,
     body: FLEET_AGENT_ID_VERIFY_COMPONENT_TEMPLATE_CONTENT,
   },
+  {
+    name: FLEET_EVENT_INGESTED_COMPONENT_TEMPLATE_NAME,
+    body: FLEET_EVENT_INGESTED_COMPONENT_TEMPLATE_CONTENT,
+  },
 ];
 
 export const STACK_COMPONENT_TEMPLATE_LOGS_SETTINGS = `logs@settings`;
@@ -96,6 +126,59 @@ export const STACK_COMPONENT_TEMPLATES = [
   STACK_COMPONENT_TEMPLATE_ECS_MAPPINGS,
 ];
 
+export const FLEET_EVENT_INGESTED_PIPELINE_VERSION = 1;
+
+// If the content is updated you probably need to update the FLEET_EVENT_INGESTED_PIPELINE_VERSION too to allow upgrade of the pipeline
+export const FLEET_EVENT_INGESTED_PIPELINE_CONTENT = `---
+version: ${FLEET_EVENT_INGESTED_PIPELINE_VERSION}
+_meta:
+  managed_by: ${meta.managed_by}
+  managed: ${meta.managed}
+description: >
+  Pipeline for processing all incoming Fleet Agent documents that adds event.ingested.
+processors:
+  - script:
+      description: Add time when event was ingested (and remove sub-seconds to improve storage efficiency)
+      tag: truncate-subseconds-event-ingested
+      ignore_failure: true
+      source: |-
+        if (ctx?.event == null) {
+          ctx.event = [:];
+        }
+
+        ctx.event.ingested = metadata().now.withNano(0).format(DateTimeFormatter.ISO_OFFSET_DATE_TIME);
+  - remove:
+      description: Remove any pre-existing untrusted values.
+      field:
+        - event.agent_id_status
+        - _security
+      ignore_missing: true
+  - remove:
+      description: Remove event.original unless the preserve_original_event tag is set
+      field: event.original
+      if: "ctx?.tags == null || !(ctx.tags.contains('preserve_original_event'))"
+      ignore_failure: true
+      ignore_missing: true
+  - set_security_user:
+      field: _security
+      properties:
+        - authentication_type
+        - username
+        - realm
+        - api_key
+  - remove:
+      field: _security
+      ignore_missing: true
+on_failure:
+  - remove:
+      field: _security
+      ignore_missing: true
+      ignore_failure: true
+  - append:
+      field: error.message
+      value:
+        - 'failed in Fleet agent event_ingested_pipeline: {{ _ingest.on_failure_message }}'`;
+
 export const FLEET_FINAL_PIPELINE_VERSION = 4;
 
 // If the content is updated you probably need to update the FLEET_FINAL_PIPELINE_VERSION too to allow upgrade of the pipeline
diff --git a/x-pack/plugins/fleet/server/constants/index.ts b/x-pack/plugins/fleet/server/constants/index.ts
index fb7e27c8b0ef8..48de05c0b635d 100644
--- a/x-pack/plugins/fleet/server/constants/index.ts
+++ b/x-pack/plugins/fleet/server/constants/index.ts
@@ -111,6 +111,9 @@ export {
   FLEET_FINAL_PIPELINE_ID,
   FLEET_FINAL_PIPELINE_CONTENT,
   FLEET_FINAL_PIPELINE_VERSION,
+  FLEET_EVENT_INGESTED_PIPELINE_ID,
+  FLEET_EVENT_INGESTED_PIPELINE_VERSION,
+  FLEET_EVENT_INGESTED_PIPELINE_CONTENT,
   FLEET_INSTALL_FORMAT_VERSION,
   FLEET_AGENT_POLICIES_SCHEMA_VERSION,
   STACK_COMPONENT_TEMPLATE_LOGS_SETTINGS,
diff --git a/x-pack/plugins/fleet/server/mocks/index.ts b/x-pack/plugins/fleet/server/mocks/index.ts
index f032c1f7bb8c7..8d452b394dd18 100644
--- a/x-pack/plugins/fleet/server/mocks/index.ts
+++ b/x-pack/plugins/fleet/server/mocks/index.ts
@@ -81,6 +81,7 @@ export const createAppContextStartContractMock = (
     agents: { enabled: true, elasticsearch: {} },
     enabled: true,
     agentIdVerificationEnabled: true,
+    eventIngestedEnabled: false,
     ...configOverrides,
   };
 
@@ -120,6 +121,7 @@ export const createAppContextStartContractMock = (
       agents: { enabled: true, elasticsearch: {} },
       enabled: true,
       agentIdVerificationEnabled: true,
+      eventIngestedEnabled: false,
     },
     config$,
     kibanaVersion: '8.99.0', // Fake version :)
diff --git a/x-pack/plugins/fleet/server/services/app_context.ts b/x-pack/plugins/fleet/server/services/app_context.ts
index 7dccb7ba1dfe0..da40f8ff7d819 100644
--- a/x-pack/plugins/fleet/server/services/app_context.ts
+++ b/x-pack/plugins/fleet/server/services/app_context.ts
@@ -240,6 +240,7 @@ class AppContextService {
     // soClient as kibana internal users, be careful on how you use it, security is not enabled
     return appContextService.getSavedObjects().getScopedClient(fakeRequest, {
       excludedExtensions: [SECURITY_EXTENSION_ID, SPACES_EXTENSION_ID],
+      includedHiddenTypes: [UNINSTALL_TOKENS_SAVED_OBJECT_TYPE],
     });
   }
 
diff --git a/x-pack/plugins/fleet/server/services/epm/elasticsearch/ingest_pipeline/install.ts b/x-pack/plugins/fleet/server/services/epm/elasticsearch/ingest_pipeline/install.ts
index 5a4672f67fe53..51162ac2c6335 100644
--- a/x-pack/plugins/fleet/server/services/epm/elasticsearch/ingest_pipeline/install.ts
+++ b/x-pack/plugins/fleet/server/services/epm/elasticsearch/ingest_pipeline/install.ts
@@ -20,6 +20,9 @@ import {
   FLEET_FINAL_PIPELINE_CONTENT,
   FLEET_FINAL_PIPELINE_ID,
   FLEET_FINAL_PIPELINE_VERSION,
+  FLEET_EVENT_INGESTED_PIPELINE_ID,
+  FLEET_EVENT_INGESTED_PIPELINE_VERSION,
+  FLEET_EVENT_INGESTED_PIPELINE_CONTENT,
 } from '../../../../constants';
 import { getPipelineNameForDatastream } from '../../../../../common/services';
 import type { ArchiveEntry, PackageInstallContext } from '../../../../../common/types';
@@ -302,6 +305,39 @@ export async function ensureFleetFinalPipelineIsInstalled(
   return { isCreated: false };
 }
 
+export async function ensureFleetEventIngestedPipelineIsInstalled(
+  esClient: ElasticsearchClient,
+  logger: Logger
+) {
+  const esClientRequestOptions: TransportRequestOptions = {
+    ignore: [404],
+  };
+  const res = await esClient.ingest.getPipeline(
+    { id: FLEET_EVENT_INGESTED_PIPELINE_ID },
+    { ...esClientRequestOptions, meta: true }
+  );
+
+  const installedVersion = res?.body[FLEET_EVENT_INGESTED_PIPELINE_ID]?.version;
+  if (
+    res.statusCode === 404 ||
+    !installedVersion ||
+    installedVersion < FLEET_EVENT_INGESTED_PIPELINE_VERSION
+  ) {
+    await installPipeline({
+      esClient,
+      logger,
+      pipeline: {
+        nameForInstallation: FLEET_EVENT_INGESTED_PIPELINE_ID,
+        contentForInstallation: FLEET_EVENT_INGESTED_PIPELINE_CONTENT,
+        extension: 'yml',
+      },
+    });
+    return { isCreated: true };
+  }
+
+  return { isCreated: false };
+}
+
 const isDirectory = ({ path }: ArchiveEntry) => path.endsWith('/');
 
 const isDataStreamPipeline = (path: string, dataStreamDataset: string) => {
diff --git a/x-pack/plugins/fleet/server/services/epm/elasticsearch/template/template.test.ts b/x-pack/plugins/fleet/server/services/epm/elasticsearch/template/template.test.ts
index c7d2e4eacb32a..c06d0cdbb6429 100644
--- a/x-pack/plugins/fleet/server/services/epm/elasticsearch/template/template.test.ts
+++ b/x-pack/plugins/fleet/server/services/epm/elasticsearch/template/template.test.ts
@@ -14,7 +14,11 @@ import { elasticsearchServiceMock } from '@kbn/core/server/mocks';
 
 import { errors } from '@elastic/elasticsearch';
 
-import { STACK_COMPONENT_TEMPLATE_LOGS_MAPPINGS } from '../../../../constants/fleet_es_assets';
+import {
+  FLEET_AGENT_ID_VERIFY_COMPONENT_TEMPLATE_NAME,
+  FLEET_EVENT_INGESTED_COMPONENT_TEMPLATE_NAME,
+  STACK_COMPONENT_TEMPLATE_LOGS_MAPPINGS,
+} from '../../../../constants/fleet_es_assets';
 
 import { createAppContextStartContractMock } from '../../../../mocks';
 import { appContextService } from '../../..';
@@ -22,7 +26,6 @@ import type { RegistryDataStream } from '../../../../types';
 import { processFields } from '../../fields/field';
 import type { Field } from '../../fields/field';
 import {
-  FLEET_COMPONENT_TEMPLATES,
   STACK_COMPONENT_TEMPLATE_ECS_MAPPINGS,
   FLEET_GLOBALS_COMPONENT_TEMPLATE_NAME,
   STACK_COMPONENT_TEMPLATE_LOGS_SETTINGS,
@@ -36,10 +39,6 @@ import {
   updateCurrentWriteIndices,
 } from './template';
 
-const FLEET_COMPONENT_TEMPLATES_NAMES = FLEET_COMPONENT_TEMPLATES.map(
-  (componentTemplate) => componentTemplate.name
-);
-
 // Add our own serialiser to just do JSON.stringify
 expect.addSnapshotSerializer({
   print(val) {
@@ -88,7 +87,8 @@ describe('EPM template', () => {
       STACK_COMPONENT_TEMPLATE_LOGS_SETTINGS,
       ...composedOfTemplates,
       STACK_COMPONENT_TEMPLATE_ECS_MAPPINGS,
-      ...FLEET_COMPONENT_TEMPLATES_NAMES,
+      FLEET_GLOBALS_COMPONENT_TEMPLATE_NAME,
+      FLEET_AGENT_ID_VERIFY_COMPONENT_TEMPLATE_NAME,
     ]);
   });
 
@@ -108,7 +108,8 @@ describe('EPM template', () => {
       'metrics@tsdb-settings',
       ...composedOfTemplates,
       STACK_COMPONENT_TEMPLATE_ECS_MAPPINGS,
-      ...FLEET_COMPONENT_TEMPLATES_NAMES,
+      FLEET_GLOBALS_COMPONENT_TEMPLATE_NAME,
+      FLEET_AGENT_ID_VERIFY_COMPONENT_TEMPLATE_NAME,
     ]);
   });
 
@@ -138,6 +139,34 @@ describe('EPM template', () => {
     ]);
   });
 
+  it('creates fleet event ingested component template if event ingested flag is enabled', () => {
+    appContextService.start(
+      createAppContextStartContractMock({
+        agentIdVerificationEnabled: false,
+        eventIngestedEnabled: true,
+      })
+    );
+    const composedOfTemplates = ['component1', 'component2'];
+
+    const template = getTemplate({
+      templateIndexPattern: 'logs-*',
+      type: 'logs',
+      packageName: 'nginx',
+      composedOfTemplates,
+      templatePriority: 200,
+      mappings: { properties: [] },
+      isIndexModeTimeSeries: false,
+    });
+    expect(template.composed_of).toStrictEqual([
+      STACK_COMPONENT_TEMPLATE_LOGS_MAPPINGS,
+      STACK_COMPONENT_TEMPLATE_LOGS_SETTINGS,
+      ...composedOfTemplates,
+      STACK_COMPONENT_TEMPLATE_ECS_MAPPINGS,
+      FLEET_GLOBALS_COMPONENT_TEMPLATE_NAME,
+      FLEET_EVENT_INGESTED_COMPONENT_TEMPLATE_NAME,
+    ]);
+  });
+
   it('adds empty composed_of correctly', () => {
     const composedOfTemplates: string[] = [];
 
@@ -154,7 +183,8 @@ describe('EPM template', () => {
       STACK_COMPONENT_TEMPLATE_LOGS_MAPPINGS,
       STACK_COMPONENT_TEMPLATE_LOGS_SETTINGS,
       STACK_COMPONENT_TEMPLATE_ECS_MAPPINGS,
-      ...FLEET_COMPONENT_TEMPLATES_NAMES,
+      FLEET_GLOBALS_COMPONENT_TEMPLATE_NAME,
+      FLEET_AGENT_ID_VERIFY_COMPONENT_TEMPLATE_NAME,
     ]);
   });
 
diff --git a/x-pack/plugins/fleet/server/services/epm/elasticsearch/template/template.ts b/x-pack/plugins/fleet/server/services/epm/elasticsearch/template/template.ts
index 3709975c57a5e..b9c0846f3e4f2 100644
--- a/x-pack/plugins/fleet/server/services/epm/elasticsearch/template/template.ts
+++ b/x-pack/plugins/fleet/server/services/epm/elasticsearch/template/template.ts
@@ -15,7 +15,10 @@ import type {
 import pMap from 'p-map';
 import { isResponseError } from '@kbn/es-errors';
 
-import { STACK_COMPONENT_TEMPLATE_LOGS_MAPPINGS } from '../../../../constants/fleet_es_assets';
+import {
+  FLEET_EVENT_INGESTED_COMPONENT_TEMPLATE_NAME,
+  STACK_COMPONENT_TEMPLATE_LOGS_MAPPINGS,
+} from '../../../../constants/fleet_es_assets';
 
 import type { Field, Fields } from '../../fields/field';
 import type {
@@ -27,6 +30,7 @@ import type {
 } from '../../../../types';
 import { appContextService } from '../../..';
 import { getRegistryDataStreamAssetBaseName } from '../../../../../common/services';
+import type { FleetConfigType } from '../../../../../common/types';
 import {
   STACK_COMPONENT_TEMPLATE_ECS_MAPPINGS,
   FLEET_GLOBALS_COMPONENT_TEMPLATE_NAME,
@@ -115,6 +119,9 @@ export function getTemplate({
 
   const esBaseComponents = getBaseEsComponents(type, !!isIndexModeTimeSeries);
 
+  const isEventIngestedEnabled = (config?: FleetConfigType): boolean =>
+    Boolean(!config?.agentIdVerificationEnabled && config?.eventIngestedEnabled);
+
   template.composed_of = [
     ...esBaseComponents,
     ...(template.composed_of || []),
@@ -123,6 +130,9 @@ export function getTemplate({
     ...(appContextService.getConfig()?.agentIdVerificationEnabled
       ? [FLEET_AGENT_ID_VERIFY_COMPONENT_TEMPLATE_NAME]
       : []),
+    ...(isEventIngestedEnabled(appContextService.getConfig())
+      ? [FLEET_EVENT_INGESTED_COMPONENT_TEMPLATE_NAME]
+      : []),
   ];
 
   template.ignore_missing_component_templates = template.composed_of.filter(isUserSettingsTemplate);
diff --git a/x-pack/plugins/fleet/server/services/epm/packages/install_state_machine/steps/step_save_archive_entries.test.ts b/x-pack/plugins/fleet/server/services/epm/packages/install_state_machine/steps/step_save_archive_entries.test.ts
index 255572d57cf49..1a4f2998d49dd 100644
--- a/x-pack/plugins/fleet/server/services/epm/packages/install_state_machine/steps/step_save_archive_entries.test.ts
+++ b/x-pack/plugins/fleet/server/services/epm/packages/install_state_machine/steps/step_save_archive_entries.test.ts
@@ -42,6 +42,30 @@ const mockedRemoveArchiveEntries = removeArchiveEntries as jest.MockedFunction<
 let soClient: jest.Mocked<SavedObjectsClientContract>;
 let esClient: jest.Mocked<ElasticsearchClient>;
 
+const assetsMap = new Map([
+  [
+    'endpoint-0.16.0-dev.0/elasticsearch/transform/metadata_current/default.json',
+    Buffer.from('{"content": "data"}'),
+  ],
+  ['security_detection_engine-8.16.1/LICENSE.txt', Buffer.from('{"content": "data"}')],
+  ['security_detection_engine-8.16.1/NOTICE.txt', Buffer.from('{"content": "data"}')],
+  ['security_detection_engine-8.16.1/changelog.yml', Buffer.from('{"content": "data"}')],
+  ['security_detection_engine-8.16.1/manifest.yml', Buffer.from('{"content": "data"}')],
+  ['security_detection_engine-8.16.1/docs/README.md', Buffer.from('{"content": "data"}')],
+  [
+    'security_detection_engine-8.16.1/img/security-logo-color-64px.svg',
+    Buffer.from('{"content": "data"}'),
+  ],
+  [
+    'security_detection_engine-8.16.1/kibana/security_rule/000047bb-b27a-47ec-8b62-ef1a5d2c9e19_208.json',
+    Buffer.from('{"content": "data"}'),
+  ],
+  [
+    'security_detection_engine-8.16.1/kibana/security_rule/000047bb-b27a-47ec-8b62-ef1a5d2c9e19_209.json',
+    Buffer.from('{"content": "data"}'),
+  ],
+]);
+
 const packageInstallContext = {
   packageInfo: {
     title: 'title',
@@ -56,13 +80,8 @@ const packageInstallContext = {
     owner: { github: 'elastic/fleet' },
   } as any,
   paths: ['some/path/1', 'some/path/2'],
-  assetsMap: new Map([
-    [
-      'endpoint-0.16.0-dev.0/elasticsearch/transform/metadata_current/default.json',
-      Buffer.from('{"content": "data"}'),
-    ],
-  ]),
-  archiveIterator: createArchiveIteratorFromMap(new Map()),
+  assetsMap,
+  archiveIterator: createArchiveIteratorFromMap(assetsMap),
 };
 const getMockInstalledPackageSo = (
   installedEs: EsAssetReference[] = []
@@ -196,6 +215,63 @@ describe('stepSaveArchiveEntries', () => {
       ],
     });
   });
+
+  it('should save package icons, readme, and changelog but not Kibana assets with useStreaming:true ', async () => {
+    jest.mocked(mockedSaveArchiveEntriesFromAssetsMap).mockResolvedValue({
+      saved_objects: [
+        {
+          id: 'test',
+          attributes: {
+            package_name: 'test-package',
+            package_version: '1.0.0',
+            install_source: 'registry',
+            asset_path: 'some/path',
+            media_type: '',
+            data_utf8: '',
+            data_base64: '',
+          },
+          type: '',
+          references: [],
+        },
+      ],
+    });
+    await stepSaveArchiveEntries({
+      savedObjectsClient: soClient,
+      // @ts-ignore
+      savedObjectsImporter: jest.fn(),
+      esClient,
+      logger: loggerMock.create(),
+      packageInstallContext,
+      installedPkg,
+      installType: 'update',
+      installSource: 'registry',
+      spaceId: DEFAULT_SPACE_ID,
+      useStreaming: true,
+      esReferences: [
+        {
+          id: 'something',
+          type: ElasticsearchAssetType.ilmPolicy,
+        },
+      ],
+    });
+    expect(
+      [
+        ...(jest
+          .mocked(mockedSaveArchiveEntriesFromAssetsMap)
+          .mock.lastCall?.[0].assetsMap?.keys() ?? []),
+      ].sort()
+    ).toMatchInlineSnapshot(`
+      Array [
+        "endpoint-0.16.0-dev.0/elasticsearch/transform/metadata_current/default.json",
+        "security_detection_engine-8.16.1/LICENSE.txt",
+        "security_detection_engine-8.16.1/NOTICE.txt",
+        "security_detection_engine-8.16.1/changelog.yml",
+        "security_detection_engine-8.16.1/docs/README.md",
+        "security_detection_engine-8.16.1/img/security-logo-color-64px.svg",
+        "security_detection_engine-8.16.1/manifest.yml",
+      ]
+    `);
+  });
 });
 
 describe('cleanupArchiveEntriesStep', () => {
diff --git a/x-pack/plugins/fleet/server/services/epm/packages/install_state_machine/steps/step_save_archive_entries.ts b/x-pack/plugins/fleet/server/services/epm/packages/install_state_machine/steps/step_save_archive_entries.ts
index 7db44bb243f85..f081d9a93e633 100644
--- a/x-pack/plugins/fleet/server/services/epm/packages/install_state_machine/steps/step_save_archive_entries.ts
+++ b/x-pack/plugins/fleet/server/services/epm/packages/install_state_machine/steps/step_save_archive_entries.ts
@@ -14,7 +14,7 @@ import { withPackageSpan } from '../../utils';
 
 import type { InstallContext } from '../_state_machine_package_install';
 import { INSTALL_STATES } from '../../../../../../common/types';
-import { MANIFEST_NAME } from '../../../archive/parse';
+import { isKibanaAssetType } from '../../../kibana/assets/install';
 
 export async function stepSaveArchiveEntries(context: InstallContext) {
   const { packageInstallContext, savedObjectsClient, installSource, useStreaming } = context;
@@ -28,7 +28,8 @@ export async function stepSaveArchiveEntries(context: InstallContext) {
   if (useStreaming) {
     assetsMap = new Map();
     await archiveIterator.traverseEntries(async (entry) => {
-      if (entry.path.endsWith(MANIFEST_NAME)) {
+      // Skip only kibana assets type
+      if (!isKibanaAssetType(entry.path)) {
         assetsMap.set(entry.path, entry.buffer);
       }
     });
diff --git a/x-pack/plugins/fleet/server/services/security/uninstall_token_service/index.ts b/x-pack/plugins/fleet/server/services/security/uninstall_token_service/index.ts
index 0a44a3df0f294..1f58fcafd396b 100644
--- a/x-pack/plugins/fleet/server/services/security/uninstall_token_service/index.ts
+++ b/x-pack/plugins/fleet/server/services/security/uninstall_token_service/index.ts
@@ -46,7 +46,7 @@ import { appContextService } from '../../app_context';
 import { agentPolicyService, getAgentPolicySavedObjectType } from '../../agent_policy';
 import { isSpaceAwarenessEnabled } from '../../spaces/helpers';
 
-interface UninstallTokenSOAttributes {
+export interface UninstallTokenSOAttributes {
   policy_id: string;
   token: string;
   token_plain: string;
diff --git a/x-pack/plugins/fleet/server/services/setup.ts b/x-pack/plugins/fleet/server/services/setup.ts
index 0d6ec183531a4..ab882a013ebe3 100644
--- a/x-pack/plugins/fleet/server/services/setup.ts
+++ b/x-pack/plugins/fleet/server/services/setup.ts
@@ -36,7 +36,10 @@ import { downloadSourceService } from './download_source';
 
 import { getRegistryUrl, settingsService } from '.';
 import { awaitIfPending } from './setup_utils';
-import { ensureFleetFinalPipelineIsInstalled } from './epm/elasticsearch/ingest_pipeline/install';
+import {
+  ensureFleetEventIngestedPipelineIsInstalled,
+  ensureFleetFinalPipelineIsInstalled,
+} from './epm/elasticsearch/ingest_pipeline/install';
 import { ensureDefaultComponentTemplates } from './epm/elasticsearch/template/install';
 import { getInstallations, reinstallPackageForInstallation } from './epm/packages';
 import { isPackageInstalled } from './epm/packages/install';
@@ -336,6 +339,7 @@ export async function ensureFleetGlobalEsAssets(
   const globalAssetsRes = await Promise.all([
     ensureDefaultComponentTemplates(esClient, logger), // returns an array
     ensureFleetFinalPipelineIsInstalled(esClient, logger),
+    ensureFleetEventIngestedPipelineIsInstalled(esClient, logger),
   ]);
   const assetResults = globalAssetsRes.flat();
   if (assetResults.some((asset) => asset.isCreated)) {
diff --git a/x-pack/plugins/fleet/server/services/spaces/agent_policy.test.ts b/x-pack/plugins/fleet/server/services/spaces/agent_policy.test.ts
index ab69d4708c436..079148a6ae041 100644
--- a/x-pack/plugins/fleet/server/services/spaces/agent_policy.test.ts
+++ b/x-pack/plugins/fleet/server/services/spaces/agent_policy.test.ts
@@ -39,6 +39,22 @@ describe('updateAgentPolicySpaces', () => {
     jest
       .mocked(appContextService.getInternalUserSOClientWithoutSpaceExtension())
       .updateObjectsSpaces.mockResolvedValue({ objects: [] });
+
+    jest
+      .mocked(appContextService.getInternalUserSOClientWithoutSpaceExtension())
+      .find.mockResolvedValue({
+        total: 1,
+        page: 1,
+        per_page: 100,
+        saved_objects: [
+          {
+            id: 'token1',
+            attributes: {
+              namespaces: ['default'],
+            },
+          } as any,
+        ],
+      });
   });
 
   it('does nothings if agent policy already in correct space', async () => {
@@ -87,6 +103,18 @@ describe('updateAgentPolicySpaces', () => {
       ['default'],
       { namespace: 'default', refresh: 'wait_for' }
     );
+
+    expect(
+      jest.mocked(appContextService.getInternalUserSOClientWithoutSpaceExtension()).bulkUpdate
+    ).toBeCalledWith([
+      {
+        id: 'token1',
+        type: 'fleet-uninstall-tokens',
+        attributes: {
+          namespaces: ['test'],
+        },
+      },
+    ]);
   });
 
   it('throw when trying to change space to a policy with reusable package policies', async () => {
diff --git a/x-pack/plugins/fleet/server/services/spaces/agent_policy.ts b/x-pack/plugins/fleet/server/services/spaces/agent_policy.ts
index 2f8d5ff1b14c7..e123ca4426654 100644
--- a/x-pack/plugins/fleet/server/services/spaces/agent_policy.ts
+++ b/x-pack/plugins/fleet/server/services/spaces/agent_policy.ts
@@ -13,6 +13,8 @@ import {
   AGENTS_INDEX,
   AGENT_POLICY_SAVED_OBJECT_TYPE,
   PACKAGE_POLICY_SAVED_OBJECT_TYPE,
+  SO_SEARCH_LIMIT,
+  UNINSTALL_TOKENS_SAVED_OBJECT_TYPE,
 } from '../../../common/constants';
 
 import { appContextService } from '../app_context';
@@ -22,6 +24,7 @@ import { packagePolicyService } from '../package_policy';
 import { FleetError, HostedAgentPolicyRestrictionRelatedError } from '../../errors';
 
 import { isSpaceAwarenessEnabled } from './helpers';
+import type { UninstallTokenSOAttributes } from '../security/uninstall_token_service';
 
 export async function updateAgentPolicySpaces({
   agentPolicyId,
@@ -112,6 +115,25 @@ export async function updateAgentPolicySpaces({
     }
   }
 
+  // Update uninstall tokens
+  const uninstallTokensRes = await soClient.find<UninstallTokenSOAttributes>({
+    perPage: SO_SEARCH_LIMIT,
+    type: UNINSTALL_TOKENS_SAVED_OBJECT_TYPE,
+    filter: `${UNINSTALL_TOKENS_SAVED_OBJECT_TYPE}.attributes.policy_id:"${agentPolicyId}"`,
+  });
+
+  if (uninstallTokensRes.total > 0) {
+    await soClient.bulkUpdate(
+      uninstallTokensRes.saved_objects.map((so) => ({
+        id: so.id,
+        type: UNINSTALL_TOKENS_SAVED_OBJECT_TYPE,
+        attributes: {
+          namespaces: newSpaceIds,
+        },
+      }))
+    );
+  }
+
   // Update fleet server index agents, enrollment api keys
   await esClient.updateByQuery({
     index: ENROLLMENT_API_KEYS_INDEX,
diff --git a/x-pack/plugins/index_management/__jest__/client_integration/helpers/http_requests.ts b/x-pack/plugins/index_management/__jest__/client_integration/helpers/http_requests.ts
index 8bd8672b8fbba..79daba4c73867 100644
--- a/x-pack/plugins/index_management/__jest__/client_integration/helpers/http_requests.ts
+++ b/x-pack/plugins/index_management/__jest__/client_integration/helpers/http_requests.ts
@@ -147,6 +147,12 @@ const registerHttpRequestMockHelpers = (
   const setSimulateTemplateResponse = (response?: HttpResponse, error?: ResponseError) =>
     mockResponse('POST', `${API_BASE_PATH}/index_templates/simulate`, response, error);
 
+  const setSimulateTemplateByNameResponse = (
+    name: string,
+    response?: HttpResponse,
+    error?: ResponseError
+  ) => mockResponse('POST', `${API_BASE_PATH}/index_templates/simulate/${name}`, response, error);
+
   const setLoadComponentTemplatesResponse = (response?: HttpResponse, error?: ResponseError) =>
     mockResponse('GET', `${API_BASE_PATH}/component_templates`, response, error);
 
@@ -229,6 +235,7 @@ const registerHttpRequestMockHelpers = (
     setLoadIndexStatsResponse,
     setUpdateIndexSettingsResponse,
     setSimulateTemplateResponse,
+    setSimulateTemplateByNameResponse,
     setLoadComponentTemplatesResponse,
     setLoadNodesPluginsResponse,
     setLoadTelemetryResponse,
diff --git a/x-pack/plugins/index_management/__jest__/client_integration/home/index_templates_tab.test.ts b/x-pack/plugins/index_management/__jest__/client_integration/home/index_templates_tab.test.ts
index 615b8df18f905..ea536becfccac 100644
--- a/x-pack/plugins/index_management/__jest__/client_integration/home/index_templates_tab.test.ts
+++ b/x-pack/plugins/index_management/__jest__/client_integration/home/index_templates_tab.test.ts
@@ -617,7 +617,9 @@ describe('Index Templates tab', () => {
           const { find, actions, exists } = testBed;
 
           httpRequestsMockHelpers.setLoadTemplateResponse(templates[0].name, template);
-          httpRequestsMockHelpers.setSimulateTemplateResponse({ simulateTemplate: 'response' });
+          httpRequestsMockHelpers.setSimulateTemplateByNameResponse(templates[0].name, {
+            simulateTemplate: 'response',
+          });
 
           await actions.clickTemplateAt(0);
 
diff --git a/x-pack/plugins/index_management/public/application/components/index_templates/simulate_template/simulate_template.tsx b/x-pack/plugins/index_management/public/application/components/index_templates/simulate_template/simulate_template.tsx
index ed22baae580cc..fd1df7ba44697 100644
--- a/x-pack/plugins/index_management/public/application/components/index_templates/simulate_template/simulate_template.tsx
+++ b/x-pack/plugins/index_management/public/application/components/index_templates/simulate_template/simulate_template.tsx
@@ -23,22 +23,25 @@ export interface Filters {
 }
 
 interface Props {
-  template: { [key: string]: any };
+  template?: { [key: string]: any };
   filters?: Filters;
+  templateName?: string;
 }
 
-export const SimulateTemplate = React.memo(({ template, filters }: Props) => {
+export const SimulateTemplate = React.memo(({ template, filters, templateName }: Props) => {
   const [templatePreview, setTemplatePreview] = useState('{}');
 
   const updatePreview = useCallback(async () => {
-    if (!template || Object.keys(template).length === 0) {
+    if (!templateName && (!template || Object.keys(template).length === 0)) {
       return;
     }
 
-    const indexTemplate = serializeTemplate(
-      stripEmptyFields(template, { types: ['string'] }) as TemplateDeserialized
-    );
-    const { data, error } = await simulateIndexTemplate(indexTemplate);
+    const indexTemplate = templateName
+      ? undefined
+      : serializeTemplate(
+          stripEmptyFields(template, { types: ['string'] }) as TemplateDeserialized
+        );
+    const { data, error } = await simulateIndexTemplate({ template: indexTemplate, templateName });
     let filteredTemplate = data;
 
     if (data) {
@@ -67,7 +70,7 @@ export const SimulateTemplate = React.memo(({ template, filters }: Props) => {
     }
 
     setTemplatePreview(JSON.stringify(filteredTemplate ?? error, null, 2));
-  }, [template, filters]);
+  }, [template, filters, templateName]);
 
   useEffect(() => {
     updatePreview();
diff --git a/x-pack/plugins/index_management/public/application/components/shared/components/template_content_indicator.tsx b/x-pack/plugins/index_management/public/application/components/shared/components/template_content_indicator.tsx
index 7ccc4971ef97c..c2df923018a39 100644
--- a/x-pack/plugins/index_management/public/application/components/shared/components/template_content_indicator.tsx
+++ b/x-pack/plugins/index_management/public/application/components/shared/components/template_content_indicator.tsx
@@ -16,17 +16,7 @@ interface Props {
   contentWhenEmpty?: JSX.Element | null;
 }
 
-const texts = {
-  settings: i18n.translate('xpack.idxMgmt.templateContentIndicator.indexSettingsTooltipLabel', {
-    defaultMessage: 'Index settings',
-  }),
-  mappings: i18n.translate('xpack.idxMgmt.templateContentIndicator.mappingsTooltipLabel', {
-    defaultMessage: 'Mappings',
-  }),
-  aliases: i18n.translate('xpack.idxMgmt.templateContentIndicator.aliasesTooltipLabel', {
-    defaultMessage: 'Aliases',
-  }),
-};
+const getColor = (flag: boolean) => (flag ? 'primary' : 'hollow');
 
 export const TemplateContentIndicator = ({
   mappings,
@@ -34,28 +24,63 @@ export const TemplateContentIndicator = ({
   aliases,
   contentWhenEmpty = null,
 }: Props) => {
-  const getColor = (flag: boolean) => (flag ? 'primary' : 'hollow');
-
   if (!mappings && !settings && !aliases) {
     return contentWhenEmpty;
   }
 
+  const texts = {
+    settingsTrue: i18n.translate('xpack.idxMgmt.templateContentIndicator.indexSettingsTrueLabel', {
+      defaultMessage: 'This template contains index settings',
+    }),
+    settingsFalse: i18n.translate(
+      'xpack.idxMgmt.templateContentIndicator.indexSettingsFalseLabel',
+      {
+        defaultMessage: 'This template does not contain index settings',
+      }
+    ),
+    mappingsTrue: i18n.translate('xpack.idxMgmt.templateContentIndicator.indexMappingsTrueLabel', {
+      defaultMessage: 'This template contains index mappings',
+    }),
+    mappingsFalse: i18n.translate(
+      'xpack.idxMgmt.templateContentIndicator.indexMappingsFalseLabel',
+      {
+        defaultMessage: 'This template does not contain index mappings',
+      }
+    ),
+    aliasesTrue: i18n.translate('xpack.idxMgmt.templateContentIndicator.indexAliasesTrueLabel', {
+      defaultMessage: 'This template contains index aliases',
+    }),
+    aliasesFalse: i18n.translate('xpack.idxMgmt.templateContentIndicator.indexAliasesFalseLabel', {
+      defaultMessage: 'This template does not contain index aliases',
+    }),
+  };
+
+  const mappingsText = mappings ? texts.mappingsTrue : texts.mappingsFalse;
+  const settingsText = settings ? texts.settingsTrue : texts.settingsFalse;
+  const aliasesText = aliases ? texts.aliasesTrue : texts.aliasesFalse;
+
   return (
     <>
-      <EuiToolTip content={texts.mappings}>
+      <EuiToolTip content={mappingsText}>
         <>
-          <EuiBadge color={getColor(mappings)}>M</EuiBadge>
+          <EuiBadge color={getColor(mappings)} aria-label={mappingsText}>
+            M
+          </EuiBadge>
           &nbsp;
         </>
       </EuiToolTip>
-      <EuiToolTip content={texts.settings}>
+      <EuiToolTip content={settingsText}>
         <>
-          <EuiBadge color={getColor(settings)}>S</EuiBadge>
+          <EuiBadge color={getColor(settings)} aria-label={settingsText}>
+            S
+          </EuiBadge>
           &nbsp;
         </>
       </EuiToolTip>
-      <EuiToolTip content={texts.aliases}>
-        <EuiBadge color={getColor(aliases)}>A</EuiBadge>
+      <EuiToolTip content={aliasesText}>
+        <EuiBadge color={getColor(aliases)} aria-label={aliasesText}>
+          A
+        </EuiBadge>
       </EuiToolTip>
     </>
   );
diff --git a/x-pack/plugins/index_management/public/application/sections/home/template_list/template_details/tabs/tab_preview.tsx b/x-pack/plugins/index_management/public/application/sections/home/template_list/template_details/tabs/tab_preview.tsx
index 38f4a8b4f787b..02df1f6e1c682 100644
--- a/x-pack/plugins/index_management/public/application/sections/home/template_list/template_details/tabs/tab_preview.tsx
+++ b/x-pack/plugins/index_management/public/application/sections/home/template_list/template_details/tabs/tab_preview.tsx
@@ -8,14 +8,13 @@
 import React from 'react';
 import { FormattedMessage } from '@kbn/i18n-react';
 import { EuiText, EuiSpacer } from '@elastic/eui';
-import { TemplateDeserialized } from '../../../../../../../common';
 import { SimulateTemplate } from '../../../../../components/index_templates';
 
 interface Props {
-  templateDetails: TemplateDeserialized;
+  templateName: string;
 }
 
-export const TabPreview = ({ templateDetails }: Props) => {
+export const TabPreview = ({ templateName }: Props) => {
   return (
     <div data-test-subj="previewTabContent">
       <EuiText>
@@ -29,7 +28,7 @@ export const TabPreview = ({ templateDetails }: Props) => {
 
       <EuiSpacer size="m" />
 
-      <SimulateTemplate template={templateDetails} />
+      <SimulateTemplate templateName={templateName} />
     </div>
   );
 };
diff --git a/x-pack/plugins/index_management/public/application/sections/home/template_list/template_details/template_details_content.tsx b/x-pack/plugins/index_management/public/application/sections/home/template_list/template_details/template_details_content.tsx
index d2156d1aa958e..75446c0c05f2d 100644
--- a/x-pack/plugins/index_management/public/application/sections/home/template_list/template_details/template_details_content.tsx
+++ b/x-pack/plugins/index_management/public/application/sections/home/template_list/template_details/template_details_content.tsx
@@ -171,7 +171,7 @@ export const TemplateDetailsContent = ({
         [SETTINGS_TAB_ID]: <TabSettings settings={settings} />,
         [MAPPINGS_TAB_ID]: <TabMappings mappings={mappings} />,
         [ALIASES_TAB_ID]: <TabAliases aliases={aliases} />,
-        [PREVIEW_TAB_ID]: <TabPreview templateDetails={templateDetails} />,
+        [PREVIEW_TAB_ID]: <TabPreview templateName={templateName} />,
       };
 
       const tabContent = tabToComponentMap[activeTab];
diff --git a/x-pack/plugins/index_management/public/application/services/api.ts b/x-pack/plugins/index_management/public/application/services/api.ts
index 08baa49713573..9f03007014c4f 100644
--- a/x-pack/plugins/index_management/public/application/services/api.ts
+++ b/x-pack/plugins/index_management/public/application/services/api.ts
@@ -319,11 +319,23 @@ export async function updateTemplate(template: TemplateDeserialized) {
   return result;
 }
 
-export function simulateIndexTemplate(template: { [key: string]: any }) {
+export function simulateIndexTemplate({
+  template,
+  templateName,
+}: {
+  template?: { [key: string]: any };
+  templateName?: string;
+}) {
+  const path = templateName
+    ? `${API_BASE_PATH}/index_templates/simulate/${templateName}`
+    : `${API_BASE_PATH}/index_templates/simulate`;
+
+  const body = templateName ? undefined : JSON.stringify(template);
+
   return sendRequest({
-    path: `${API_BASE_PATH}/index_templates/simulate`,
+    path,
     method: 'post',
-    body: JSON.stringify(template),
+    body,
   }).then((result) => {
     uiMetricService.trackMetric(METRIC_TYPE.COUNT, UIM_TEMPLATE_SIMULATE);
     return result;
diff --git a/x-pack/plugins/index_management/server/routes/api/templates/register_simulate_route.ts b/x-pack/plugins/index_management/server/routes/api/templates/register_simulate_route.ts
index 3dc6201f0831c..60e2cfbf8a53a 100644
--- a/x-pack/plugins/index_management/server/routes/api/templates/register_simulate_route.ts
+++ b/x-pack/plugins/index_management/server/routes/api/templates/register_simulate_route.ts
@@ -15,23 +15,38 @@ const bodySchema = schema.object({}, { unknowns: 'allow' });
 export function registerSimulateRoute({ router, lib: { handleEsError } }: RouteDependencies) {
   router.post(
     {
-      path: addBasePath('/index_templates/simulate'),
-      validate: { body: bodySchema },
+      path: addBasePath('/index_templates/simulate/{templateName?}'),
+      validate: {
+        body: schema.nullable(bodySchema),
+        params: schema.object({ templateName: schema.maybe(schema.string()) }),
+      },
     },
     async (context, request, response) => {
       const { client } = (await context.core).elasticsearch;
       const template = request.body as TypeOf<typeof bodySchema>;
+      // Until ES fixes a bug on their side we need to send a fake index pattern
+      // that won't match any indices.
+      // Issue: https://github.com/elastic/elasticsearch/issues/59152
+      // eslint-disable-next-line @typescript-eslint/naming-convention
+      const index_patterns = ['a_fake_index_pattern_that_wont_match_any_indices'];
+      const templateName = request.params.templateName;
+
+      const params: estypes.IndicesSimulateTemplateRequest = templateName
+        ? {
+            name: templateName,
+            body: {
+              index_patterns,
+            },
+          }
+        : {
+            body: {
+              ...template,
+              index_patterns,
+            },
+          };
 
       try {
-        const templatePreview = await client.asCurrentUser.indices.simulateTemplate({
-          body: {
-            ...template,
-            // Until ES fixes a bug on their side we need to send a fake index pattern
-            // that won't match any indices.
-            // Issue: https://github.com/elastic/elasticsearch/issues/59152
-            index_patterns: ['a_fake_index_pattern_that_wont_match_any_indices'],
-          },
-        } as estypes.IndicesSimulateTemplateRequest);
+        const templatePreview = await client.asCurrentUser.indices.simulateTemplate(params);
 
         return response.ok({ body: templatePreview });
       } catch (error) {
diff --git a/x-pack/plugins/lens/public/editor_frame_service/editor_frame/editor_frame.test.tsx b/x-pack/plugins/lens/public/editor_frame_service/editor_frame/editor_frame.test.tsx
index 7d41e326372e5..ad53002a1b0cb 100644
--- a/x-pack/plugins/lens/public/editor_frame_service/editor_frame/editor_frame.test.tsx
+++ b/x-pack/plugins/lens/public/editor_frame_service/editor_frame/editor_frame.test.tsx
@@ -5,20 +5,12 @@
  * 2.0.
  */
 
-import React, { useEffect } from 'react';
-import { ReactWrapper } from 'enzyme';
+import React from 'react';
 import { screen, within } from '@testing-library/react';
 import userEvent from '@testing-library/user-event';
 
 import { EditorFrame, EditorFrameProps } from './editor_frame';
-import {
-  DatasourceMap,
-  DatasourcePublicAPI,
-  DatasourceSuggestion,
-  Visualization,
-  VisualizationMap,
-} from '../../types';
-import { act } from '@testing-library/react';
+import { DatasourceMap, DatasourcePublicAPI, Visualization, VisualizationMap } from '../../types';
 import { coreMock } from '@kbn/core/public/mocks';
 import {
   createMockVisualization,
@@ -29,30 +21,16 @@ import {
   renderWithReduxStore,
 } from '../../mocks';
 import { inspectorPluginMock } from '@kbn/inspector-plugin/public/mocks';
-import { Droppable, useDragDropContext } from '@kbn/dom-drag-drop';
 import { uiActionsPluginMock } from '@kbn/ui-actions-plugin/public/mocks';
 import { chartPluginMock } from '@kbn/charts-plugin/public/mocks';
 import { expressionsPluginMock } from '@kbn/expressions-plugin/public/mocks';
-import { mockDataPlugin, mountWithProvider } from '../../mocks';
+import { mockDataPlugin } from '../../mocks';
 import { LensAppState, setState } from '../../state_management';
 import { getLensInspectorService } from '../../lens_inspector_service';
 import { createIndexPatternServiceMock } from '../../mocks/data_views_service_mock';
 import { dataViewPluginMocks } from '@kbn/data-views-plugin/public/mocks';
 import { EventAnnotationServiceType } from '@kbn/event-annotation-plugin/public';
 
-function generateSuggestion(state = {}): DatasourceSuggestion {
-  return {
-    state,
-    table: {
-      columns: [],
-      isMultiRow: true,
-      layerId: 'first',
-      changeType: 'unchanged',
-    },
-    keptLayerIds: ['first'],
-  };
-}
-
 function wrapDataViewsContract() {
   const dataViewsContract = dataViewPluginMocks.createStartContract();
   return {
@@ -437,180 +415,5 @@ describe('editor_frame', () => {
         })
       );
     });
-    describe('legacy tests', () => {
-      let instance: ReactWrapper;
-
-      afterEach(() => {
-        instance.unmount();
-      });
-
-      it('should use the currently selected visualization if possible on field drop', async () => {
-        mockDatasource.getLayers.mockReturnValue(['first', 'second', 'third']);
-        const suggestionVisState = {};
-        const props = {
-          ...getDefaultProps(),
-          visualizationMap: {
-            testVis: {
-              ...mockVisualization,
-              getSuggestions: () => [
-                {
-                  score: 0.2,
-                  state: {},
-                  title: 'Suggestion1',
-                  previewIcon: 'empty',
-                },
-                {
-                  score: 0.6,
-                  state: suggestionVisState,
-                  title: 'Suggestion2',
-                  previewIcon: 'empty',
-                },
-              ],
-            },
-            testVis2: {
-              ...mockVisualization2,
-              getSuggestions: () => [
-                {
-                  score: 0.8,
-                  state: {},
-                  title: 'Suggestion3',
-                  previewIcon: 'empty',
-                },
-              ],
-            },
-          },
-          datasourceMap: {
-            testDatasource: {
-              ...mockDatasource,
-              getDatasourceSuggestionsForField: () => [generateSuggestion()],
-              getDatasourceSuggestionsFromCurrentState: () => [generateSuggestion()],
-              getDatasourceSuggestionsForVisualizeField: () => [generateSuggestion()],
-              DataPanelComponent: jest.fn().mockImplementation(() => <div />),
-            },
-          },
-        } as EditorFrameProps;
-        instance = (
-          await mountWithProvider(<EditorFrame {...props} />, {
-            preloadedState: {
-              datasourceStates: {
-                testDatasource: {
-                  isLoading: false,
-                  state: {
-                    internalState1: '',
-                  },
-                },
-              },
-            },
-          })
-        ).instance;
-
-        instance.update();
-
-        act(() => {
-          instance.find('[data-test-subj="mockVisA"]').find(Droppable).prop('onDrop')!(
-            {
-              indexPatternId: '1',
-              field: {},
-              id: '1',
-              humanData: { label: 'draggedField' },
-            },
-            'field_add'
-          );
-        });
-
-        expect(mockVisualization.getConfiguration).toHaveBeenCalledWith(
-          expect.objectContaining({
-            state: suggestionVisState,
-          })
-        );
-      });
-
-      it('should use the highest priority suggestion available', async () => {
-        mockDatasource.getLayers.mockReturnValue(['first', 'second', 'third']);
-        const suggestionVisState = {};
-        const mockVisualization3 = {
-          ...createMockVisualization('testVis3', ['third']),
-          getSuggestions: () => [
-            {
-              score: 0.9,
-              state: suggestionVisState,
-              title: 'Suggestion3',
-              previewIcon: 'empty',
-            },
-            {
-              score: 0.7,
-              state: {},
-              title: 'Suggestion4',
-              previewIcon: 'empty',
-            },
-          ],
-        };
-
-        const props = {
-          ...getDefaultProps(),
-          visualizationMap: {
-            testVis: {
-              ...mockVisualization,
-              // do not return suggestions for the currently active vis, otherwise it will be chosen
-              getSuggestions: () => [],
-            },
-            testVis2: {
-              ...mockVisualization2,
-              getSuggestions: () => [],
-            },
-            testVis3: {
-              ...mockVisualization3,
-            },
-          },
-          datasourceMap: {
-            testDatasource: {
-              ...mockDatasource,
-              getDatasourceSuggestionsForField: () => [generateSuggestion()],
-              getDatasourceSuggestionsFromCurrentState: () => [generateSuggestion()],
-              getDatasourceSuggestionsForVisualizeField: () => [generateSuggestion()],
-              DataPanelComponent: jest.fn().mockImplementation(() => {
-                const [, dndDispatch] = useDragDropContext();
-                useEffect(() => {
-                  dndDispatch({
-                    type: 'startDragging',
-                    payload: {
-                      dragging: {
-                        id: 'draggedField',
-                        humanData: { label: '1' },
-                      },
-                    },
-                  });
-                }, [dndDispatch]);
-                return <div />;
-              }),
-            },
-          },
-        } as EditorFrameProps;
-
-        instance = (await mountWithProvider(<EditorFrame {...props} />)).instance;
-
-        instance.update();
-
-        act(() => {
-          instance.find(Droppable).filter('[dataTestSubj="lnsWorkspace"]').prop('onDrop')!(
-            {
-              indexPatternId: '1',
-              field: {},
-              id: '1',
-              humanData: {
-                label: 'label',
-              },
-            },
-            'field_add'
-          );
-        });
-
-        expect(mockVisualization3.getConfiguration).toHaveBeenCalledWith(
-          expect.objectContaining({
-            state: suggestionVisState,
-          })
-        );
-      });
-    });
   });
 });
diff --git a/x-pack/plugins/licensing/server/routes/feature_usage.ts b/x-pack/plugins/licensing/server/routes/feature_usage.ts
index 33317ab09cb9d..acb3303834de3 100644
--- a/x-pack/plugins/licensing/server/routes/feature_usage.ts
+++ b/x-pack/plugins/licensing/server/routes/feature_usage.ts
@@ -14,7 +14,16 @@ export function registerFeatureUsageRoute(
   getStartServices: StartServicesAccessor<{}, LicensingPluginStart>
 ) {
   router.get(
-    { path: '/api/licensing/feature_usage', validate: false },
+    {
+      path: '/api/licensing/feature_usage',
+      security: {
+        authz: {
+          enabled: false,
+          reason: 'This route is opted out from authorization',
+        },
+      },
+      validate: false,
+    },
     async (context, request, response) => {
       const [, , { featureUsage }] = await getStartServices();
       return response.ok({
diff --git a/x-pack/plugins/licensing/server/routes/info.ts b/x-pack/plugins/licensing/server/routes/info.ts
index 1cbc7b6398966..c73508fac8236 100644
--- a/x-pack/plugins/licensing/server/routes/info.ts
+++ b/x-pack/plugins/licensing/server/routes/info.ts
@@ -9,7 +9,16 @@ import { LicensingRouter } from '../types';
 
 export function registerInfoRoute(router: LicensingRouter) {
   router.get(
-    { path: '/api/licensing/info', validate: false },
+    {
+      path: '/api/licensing/info',
+      security: {
+        authz: {
+          enabled: false,
+          reason: 'This route is opted out from authorization',
+        },
+      },
+      validate: false,
+    },
     async (context, request, response) => {
       return response.ok({
         body: (await context.licensing).license,
diff --git a/x-pack/plugins/licensing/server/routes/internal/notify_feature_usage.ts b/x-pack/plugins/licensing/server/routes/internal/notify_feature_usage.ts
index a33cf4284245d..c3c70243005e2 100644
--- a/x-pack/plugins/licensing/server/routes/internal/notify_feature_usage.ts
+++ b/x-pack/plugins/licensing/server/routes/internal/notify_feature_usage.ts
@@ -12,6 +12,12 @@ export function registerNotifyFeatureUsageRoute(router: LicensingRouter) {
   router.post(
     {
       path: '/internal/licensing/feature_usage/notify',
+      security: {
+        authz: {
+          enabled: false,
+          reason: 'This route is opted out from authorization',
+        },
+      },
       validate: {
         body: schema.object({
           featureName: schema.string(),
diff --git a/x-pack/plugins/licensing/server/routes/internal/register_feature.ts b/x-pack/plugins/licensing/server/routes/internal/register_feature.ts
index 0c043c7c127a9..6b35c32a266d3 100644
--- a/x-pack/plugins/licensing/server/routes/internal/register_feature.ts
+++ b/x-pack/plugins/licensing/server/routes/internal/register_feature.ts
@@ -17,6 +17,12 @@ export function registerRegisterFeatureRoute(
   router.post(
     {
       path: '/internal/licensing/feature_usage/register',
+      security: {
+        authz: {
+          enabled: false,
+          reason: 'This route is opted out from authorization',
+        },
+      },
       validate: {
         body: schema.arrayOf(
           schema.object({
diff --git a/x-pack/plugins/lists/server/services/exception_lists/utils/get_exception_list_filter.test.ts b/x-pack/plugins/lists/server/services/exception_lists/utils/get_exception_list_filter.test.ts
index 9e0b06f8482c7..676df7cdf09f5 100644
--- a/x-pack/plugins/lists/server/services/exception_lists/utils/get_exception_list_filter.test.ts
+++ b/x-pack/plugins/lists/server/services/exception_lists/utils/get_exception_list_filter.test.ts
@@ -22,7 +22,7 @@ describe('getExceptionListFilter', () => {
       savedObjectTypes: ['exception-list-agnostic'],
     });
     expect(filter).toEqual(
-      '(exception-list-agnostic.attributes.list_type: list) AND exception-list-agnostic.attributes.name: "Sample Endpoint Exception List"'
+      '(exception-list-agnostic.attributes.list_type: list) AND (exception-list-agnostic.attributes.name: "Sample Endpoint Exception List")'
     );
   });
 
@@ -40,7 +40,7 @@ describe('getExceptionListFilter', () => {
       savedObjectTypes: ['exception-list'],
     });
     expect(filter).toEqual(
-      '(exception-list.attributes.list_type: list) AND exception-list.attributes.name: "Sample Endpoint Exception List"'
+      '(exception-list.attributes.list_type: list) AND (exception-list.attributes.name: "Sample Endpoint Exception List")'
     );
   });
 
@@ -56,11 +56,12 @@ describe('getExceptionListFilter', () => {
 
   test('it should create a filter that searches for both agnostic and single lists with additional filters if searching for both single and agnostic lists', () => {
     const filter = getExceptionListFilter({
-      filter: 'exception-list-agnostic.attributes.name: "Sample Endpoint Exception List"',
+      filter:
+        'exception-list-agnostic.attributes.name: "Sample Endpoint Exception List" OR exception-list.attributes.name: "Sample Rule Exception List"',
       savedObjectTypes: ['exception-list-agnostic', 'exception-list'],
     });
     expect(filter).toEqual(
-      '(exception-list-agnostic.attributes.list_type: list OR exception-list.attributes.list_type: list) AND exception-list-agnostic.attributes.name: "Sample Endpoint Exception List"'
+      '(exception-list-agnostic.attributes.list_type: list OR exception-list.attributes.list_type: list) AND (exception-list-agnostic.attributes.name: "Sample Endpoint Exception List" OR exception-list.attributes.name: "Sample Rule Exception List")'
     );
   });
 });
diff --git a/x-pack/plugins/lists/server/services/exception_lists/utils/get_exception_list_filter.ts b/x-pack/plugins/lists/server/services/exception_lists/utils/get_exception_list_filter.ts
index 44a9be320755f..8aedaa13bcab7 100644
--- a/x-pack/plugins/lists/server/services/exception_lists/utils/get_exception_list_filter.ts
+++ b/x-pack/plugins/lists/server/services/exception_lists/utils/get_exception_list_filter.ts
@@ -20,6 +20,6 @@ export const getExceptionListFilter = ({
     .join(' OR ');
 
   if (filter != null) {
-    return `(${listTypesFilter}) AND ${filter}`;
+    return `(${listTypesFilter}) AND (${filter})`;
   } else return `(${listTypesFilter})`;
 };
diff --git a/x-pack/plugins/lists/server/services/exception_lists/utils/import/find_all_exception_list_types.test.ts b/x-pack/plugins/lists/server/services/exception_lists/utils/import/find_all_exception_list_types.test.ts
index 5ffe0967ef330..83623a581d97f 100644
--- a/x-pack/plugins/lists/server/services/exception_lists/utils/import/find_all_exception_list_types.test.ts
+++ b/x-pack/plugins/lists/server/services/exception_lists/utils/import/find_all_exception_list_types.test.ts
@@ -60,7 +60,7 @@ describe('find_all_exception_list_item_types', () => {
 
       expect(findExceptionList).toHaveBeenCalledWith({
         filter: 'exception-list-agnostic.attributes.list_id:(1)',
-        namespaceType: ['agnostic'],
+        namespaceType: ['single', 'agnostic'],
         page: undefined,
         perPage: 1000,
         savedObjectsClient,
@@ -74,7 +74,7 @@ describe('find_all_exception_list_item_types', () => {
 
       expect(findExceptionList).toHaveBeenCalledWith({
         filter: 'exception-list.attributes.list_id:(1)',
-        namespaceType: ['single'],
+        namespaceType: ['single', 'agnostic'],
         page: undefined,
         perPage: 1000,
         savedObjectsClient,
diff --git a/x-pack/plugins/lists/server/services/exception_lists/utils/import/find_all_exception_list_types.ts b/x-pack/plugins/lists/server/services/exception_lists/utils/import/find_all_exception_list_types.ts
index 870acc6cc4462..93c5491a84ddb 100644
--- a/x-pack/plugins/lists/server/services/exception_lists/utils/import/find_all_exception_list_types.ts
+++ b/x-pack/plugins/lists/server/services/exception_lists/utils/import/find_all_exception_list_types.ts
@@ -52,57 +52,40 @@ export const findAllListTypes = async (
   nonAgnosticListItems: ExceptionListQueryInfo[],
   savedObjectsClient: SavedObjectsClientContract
 ): Promise<FoundExceptionListSchema | null> => {
-  // Agnostic filter
-  const agnosticFilter = getListFilter({
-    namespaceType: 'agnostic',
-    objects: agnosticListItems,
-  });
-
-  // Non-agnostic filter
-  const nonAgnosticFilter = getListFilter({
-    namespaceType: 'single',
-    objects: nonAgnosticListItems,
-  });
-
   if (!agnosticListItems.length && !nonAgnosticListItems.length) {
     return null;
-  } else if (agnosticListItems.length && !nonAgnosticListItems.length) {
-    return findExceptionList({
-      filter: agnosticFilter,
-      namespaceType: ['agnostic'],
-      page: undefined,
-      perPage: CHUNK_PARSED_OBJECT_SIZE,
-      pit: undefined,
-      savedObjectsClient,
-      searchAfter: undefined,
-      sortField: undefined,
-      sortOrder: undefined,
-    });
-  } else if (!agnosticListItems.length && nonAgnosticListItems.length) {
-    return findExceptionList({
-      filter: nonAgnosticFilter,
-      namespaceType: ['single'],
-      page: undefined,
-      perPage: CHUNK_PARSED_OBJECT_SIZE,
-      pit: undefined,
-      savedObjectsClient,
-      searchAfter: undefined,
-      sortField: undefined,
-      sortOrder: undefined,
-    });
-  } else {
-    return findExceptionList({
-      filter: `${agnosticFilter} OR ${nonAgnosticFilter}`,
-      namespaceType: ['single', 'agnostic'],
-      page: undefined,
-      perPage: CHUNK_PARSED_OBJECT_SIZE,
-      pit: undefined,
-      savedObjectsClient,
-      searchAfter: undefined,
-      sortField: undefined,
-      sortOrder: undefined,
-    });
   }
+
+  const filters: string[] = [];
+  if (agnosticListItems.length > 0) {
+    filters.push(
+      getListFilter({
+        namespaceType: 'agnostic',
+        objects: agnosticListItems,
+      })
+    );
+  }
+
+  if (nonAgnosticListItems.length > 0) {
+    filters.push(
+      getListFilter({
+        namespaceType: 'single',
+        objects: nonAgnosticListItems,
+      })
+    );
+  }
+
+  return findExceptionList({
+    filter: filters.join(' OR '),
+    namespaceType: ['single', 'agnostic'],
+    page: undefined,
+    perPage: CHUNK_PARSED_OBJECT_SIZE,
+    pit: undefined,
+    savedObjectsClient,
+    searchAfter: undefined,
+    sortField: undefined,
+    sortOrder: undefined,
+  });
 };
 
 /**
diff --git a/x-pack/plugins/ml/public/application/aiops/log_categorization.tsx b/x-pack/plugins/ml/public/application/aiops/log_categorization.tsx
index fea9b0d7e8810..2dc34ba80a080 100644
--- a/x-pack/plugins/ml/public/application/aiops/log_categorization.tsx
+++ b/x-pack/plugins/ml/public/application/aiops/log_categorization.tsx
@@ -63,6 +63,8 @@ export const LogCategorizationPage: FC = () => {
               'uiActions',
               'uiSettings',
               'unifiedSearch',
+              'embeddable',
+              'cases',
             ]),
           }}
         />
diff --git a/x-pack/plugins/ml/public/application/components/anomalies_table/links_menu.tsx b/x-pack/plugins/ml/public/application/components/anomalies_table/links_menu.tsx
index 89bb4b800eb91..1f81a94227611 100644
--- a/x-pack/plugins/ml/public/application/components/anomalies_table/links_menu.tsx
+++ b/x-pack/plugins/ml/public/application/components/anomalies_table/links_menu.tsx
@@ -930,7 +930,7 @@ export const LinksMenuUI = (props: LinksMenuProps) => {
       items.push(
         <EuiContextMenuItem
           key="log_rate_analysis"
-          icon="machineLearningApp"
+          icon="logRateAnalysis"
           href={openInLogRateAnalysisUrl}
           data-test-subj="mlAnomaliesListRowAction_runLogRateAnalysisButton"
         >
@@ -946,7 +946,7 @@ export const LinksMenuUI = (props: LinksMenuProps) => {
       items.push(
         <EuiContextMenuItem
           key="run_pattern_analysis"
-          icon="machineLearningApp"
+          icon="logPatternAnalysis"
           onClick={() => {
             closePopover();
             const additionalField = getAdditionalField(anomaly);
diff --git a/x-pack/plugins/ml/public/application/jobs/new_job/pages/components/pick_fields_step/components/split_cards/split_cards.tsx b/x-pack/plugins/ml/public/application/jobs/new_job/pages/components/pick_fields_step/components/split_cards/split_cards.tsx
index d09791941a379..96692ab073738 100644
--- a/x-pack/plugins/ml/public/application/jobs/new_job/pages/components/pick_fields_step/components/split_cards/split_cards.tsx
+++ b/x-pack/plugins/ml/public/application/jobs/new_job/pages/components/pick_fields_step/components/split_cards/split_cards.tsx
@@ -97,42 +97,45 @@ export const SplitCards: FC<PropsWithChildren<Props>> = memo(
     }
 
     return (
-      <EuiFlexGroup>
-        <EuiFlexItem data-test-subj="mlDataSplit">
-          {(fieldValues.length === 0 || numberOfDetectors === 0) && <>{children}</>}
-          {fieldValues.length > 0 && numberOfDetectors > 0 && splitField !== null && (
-            <Fragment>
-              {(jobType === JOB_TYPE.MULTI_METRIC || jobType === JOB_TYPE.GEO) && (
-                <Fragment>
+      <>
+        <EuiFlexGroup>
+          <EuiFlexItem data-test-subj="mlDataSplit">
+            {(fieldValues.length === 0 || numberOfDetectors === 0) && <>{children}</>}
+            {fieldValues.length > 0 && numberOfDetectors > 0 && splitField !== null && (
+              <Fragment>
+                {(jobType === JOB_TYPE.MULTI_METRIC || jobType === JOB_TYPE.GEO) && (
+                  <Fragment>
+                    <div
+                      css={{ fontSize: 'small' }}
+                      data-test-subj={`mlDataSplitTitle ${splitField.name}`}
+                    >
+                      <FormattedMessage
+                        id="xpack.ml.newJob.wizard.pickFieldsStep.splitCards.dataSplitBy"
+                        defaultMessage="Data split by {field}"
+                        values={{ field: splitField.name }}
+                      />
+                    </div>
+                    <EuiSpacer size="m" />
+                  </Fragment>
+                )}
+
+                {getBackPanels()}
+                <EuiPanel paddingSize="m" css={splitCardStyle} data-test-subj="mlSplitCard front">
                   <div
-                    css={{ fontSize: 'small' }}
-                    data-test-subj={`mlDataSplitTitle ${splitField.name}`}
+                    css={{ fontWeight: 'bold', fontSize: 'small' }}
+                    data-test-subj="mlSplitCardTitle"
                   >
-                    <FormattedMessage
-                      id="xpack.ml.newJob.wizard.pickFieldsStep.splitCards.dataSplitBy"
-                      defaultMessage="Data split by {field}"
-                      values={{ field: splitField.name }}
-                    />
+                    {fieldValues[0]}
                   </div>
-                  <EuiSpacer size="m" />
-                </Fragment>
-              )}
-
-              {getBackPanels()}
-              <EuiPanel paddingSize="m" css={splitCardStyle} data-test-subj="mlSplitCard front">
-                <div
-                  css={{ fontWeight: 'bold', fontSize: 'small' }}
-                  data-test-subj="mlSplitCardTitle"
-                >
-                  {fieldValues[0]}
-                </div>
-                <EuiHorizontalRule margin="s" />
-                <>{children}</>
-              </EuiPanel>
-            </Fragment>
-          )}
-        </EuiFlexItem>
-      </EuiFlexGroup>
+                  <EuiHorizontalRule margin="s" />
+                  <>{children}</>
+                </EuiPanel>
+              </Fragment>
+            )}
+          </EuiFlexItem>
+        </EuiFlexGroup>
+        {splitField !== null ? <EuiSpacer size="m" /> : null}
+      </>
     );
   }
 );
diff --git a/x-pack/plugins/ml/server/routes/alerting.ts b/x-pack/plugins/ml/server/routes/alerting.ts
index ec4ec2b7c748d..4ca97423a2533 100644
--- a/x-pack/plugins/ml/server/routes/alerting.ts
+++ b/x-pack/plugins/ml/server/routes/alerting.ts
@@ -22,8 +22,10 @@ export function alertingRoutes(
     .post({
       access: 'internal',
       path: `${ML_INTERNAL_BASE_PATH}/alerting/preview`,
-      options: {
-        tags: ['access:ml:canGetJobs'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canGetJobs'],
+        },
       },
       summary: 'Previews an alerting condition',
       description: 'Returns a preview of the alerting condition',
diff --git a/x-pack/plugins/ml/server/routes/annotations.ts b/x-pack/plugins/ml/server/routes/annotations.ts
index 49528052c2bcc..3ccfdaa3a26e0 100644
--- a/x-pack/plugins/ml/server/routes/annotations.ts
+++ b/x-pack/plugins/ml/server/routes/annotations.ts
@@ -46,8 +46,10 @@ export function annotationRoutes(
     .post({
       path: `${ML_INTERNAL_BASE_PATH}/annotations`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canGetAnnotations'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canGetAnnotations'],
+        },
       },
       summary: 'Gets annotations',
       description: 'Gets annotations.',
@@ -83,8 +85,10 @@ export function annotationRoutes(
     .put({
       path: `${ML_INTERNAL_BASE_PATH}/annotations/index`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canCreateAnnotation'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canCreateAnnotation'],
+        },
       },
       summary: 'Indexes annotation',
       description: 'Indexes the annotation.',
@@ -127,8 +131,10 @@ export function annotationRoutes(
     .delete({
       path: `${ML_INTERNAL_BASE_PATH}/annotations/delete/{annotationId}`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canDeleteAnnotation'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canDeleteAnnotation'],
+        },
       },
       summary: 'Deletes annotation',
       description: 'Deletes the specified annotation.',
diff --git a/x-pack/plugins/ml/server/routes/anomaly_detectors.ts b/x-pack/plugins/ml/server/routes/anomaly_detectors.ts
index 4c75b7a85556a..f9bd3f6661e4a 100644
--- a/x-pack/plugins/ml/server/routes/anomaly_detectors.ts
+++ b/x-pack/plugins/ml/server/routes/anomaly_detectors.ts
@@ -36,8 +36,10 @@ export function jobRoutes({ router, routeGuard }: RouteInitialization) {
     .get({
       path: `${ML_INTERNAL_BASE_PATH}/anomaly_detectors`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canGetJobs'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canGetJobs'],
+        },
       },
       summary: 'Gets anomaly detectors',
       description: 'Returns the list of anomaly detection jobs.',
@@ -67,8 +69,10 @@ export function jobRoutes({ router, routeGuard }: RouteInitialization) {
     .get({
       path: `${ML_INTERNAL_BASE_PATH}/anomaly_detectors/{jobId}`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canGetJobs'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canGetJobs'],
+        },
       },
       summary: 'Gets anomaly detector by ID',
       description: 'Returns the anomaly detection job by ID',
@@ -99,8 +103,10 @@ export function jobRoutes({ router, routeGuard }: RouteInitialization) {
     .get({
       path: `${ML_INTERNAL_BASE_PATH}/anomaly_detectors/_stats`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canGetJobs'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canGetJobs'],
+        },
       },
       summary: 'Gets anomaly detectors stats',
       description: 'Returns the anomaly detection jobs statistics.',
@@ -126,8 +132,10 @@ export function jobRoutes({ router, routeGuard }: RouteInitialization) {
     .get({
       path: `${ML_INTERNAL_BASE_PATH}/anomaly_detectors/{jobId}/_stats`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canGetJobs'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canGetJobs'],
+        },
       },
       summary: 'Gets anomaly detector stats by ID',
       description: 'Returns the anomaly detection job statistics by ID',
@@ -158,8 +166,10 @@ export function jobRoutes({ router, routeGuard }: RouteInitialization) {
     .put({
       path: `${ML_INTERNAL_BASE_PATH}/anomaly_detectors/{jobId}`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canCreateJob'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canCreateJob'],
+        },
       },
       summary: 'Creates an anomaly detection job',
       description: 'Creates an anomaly detection job.',
@@ -205,8 +215,10 @@ export function jobRoutes({ router, routeGuard }: RouteInitialization) {
     .post({
       path: `${ML_INTERNAL_BASE_PATH}/anomaly_detectors/{jobId}/_update`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canUpdateJob'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canUpdateJob'],
+        },
       },
       summary: 'Updates an anomaly detection job',
       description: 'Updates certain properties of an anomaly detection job.',
@@ -242,8 +254,10 @@ export function jobRoutes({ router, routeGuard }: RouteInitialization) {
     .post({
       path: `${ML_INTERNAL_BASE_PATH}/anomaly_detectors/{jobId}/_open`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canOpenJob'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canOpenJob'],
+        },
       },
       summary: 'Opens an anomaly detection job',
       description: 'Opens an anomaly detection job.',
@@ -274,8 +288,10 @@ export function jobRoutes({ router, routeGuard }: RouteInitialization) {
     .post({
       path: `${ML_INTERNAL_BASE_PATH}/anomaly_detectors/{jobId}/_close`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canCloseJob'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canCloseJob'],
+        },
       },
       summary: 'Closes an anomaly detection job',
       description: 'Closes an anomaly detection job.',
@@ -313,8 +329,10 @@ export function jobRoutes({ router, routeGuard }: RouteInitialization) {
     .delete({
       path: `${ML_INTERNAL_BASE_PATH}/anomaly_detectors/{jobId}`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canDeleteJob'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canDeleteJob'],
+        },
       },
       summary: 'Deletes an anomaly detection job',
       description: 'Deletes specified anomaly detection job.',
@@ -353,8 +371,10 @@ export function jobRoutes({ router, routeGuard }: RouteInitialization) {
     .delete({
       path: `${ML_INTERNAL_BASE_PATH}/anomaly_detectors/{jobId}/_forecast/{forecastId}`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canDeleteForecast'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canDeleteForecast'],
+        },
       },
       summary: 'Deletes specified forecast for specified job',
       description: 'Deletes a specified forecast for the specified anomaly detection job.',
@@ -388,8 +408,10 @@ export function jobRoutes({ router, routeGuard }: RouteInitialization) {
     .post({
       path: `${ML_INTERNAL_BASE_PATH}/anomaly_detectors/{jobId}/_forecast`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canForecastJob'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canForecastJob'],
+        },
       },
       summary: 'Creates forecast for specified job',
       description:
@@ -427,8 +449,10 @@ export function jobRoutes({ router, routeGuard }: RouteInitialization) {
     .post({
       path: `${ML_INTERNAL_BASE_PATH}/anomaly_detectors/{jobId}/results/buckets/{timestamp?}`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canGetJobs'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canGetJobs'],
+        },
       },
       summary: 'Gets bucket scores',
       description:
@@ -470,8 +494,10 @@ export function jobRoutes({ router, routeGuard }: RouteInitialization) {
     .post({
       path: `${ML_INTERNAL_BASE_PATH}/anomaly_detectors/{jobId}/results/overall_buckets`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canGetJobs'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canGetJobs'],
+        },
       },
       summary: 'Get overall buckets',
       description:
@@ -510,8 +536,10 @@ export function jobRoutes({ router, routeGuard }: RouteInitialization) {
     .get({
       path: `${ML_INTERNAL_BASE_PATH}/anomaly_detectors/{jobId}/results/categories/{categoryId}`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canGetJobs'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canGetJobs'],
+        },
       },
       summary: 'Get categories',
       description: 'Retrieves the categories results for the specified job ID and category ID.',
@@ -544,8 +572,10 @@ export function jobRoutes({ router, routeGuard }: RouteInitialization) {
     .get({
       path: `${ML_INTERNAL_BASE_PATH}/anomaly_detectors/{jobId}/model_snapshots`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canGetJobs'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canGetJobs'],
+        },
       },
       summary: 'Get model snapshots by job ID',
       description: 'Returns the model snapshots for the specified job ID',
@@ -577,8 +607,10 @@ export function jobRoutes({ router, routeGuard }: RouteInitialization) {
     .get({
       path: `${ML_INTERNAL_BASE_PATH}/anomaly_detectors/{jobId}/model_snapshots/{snapshotId}`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canGetJobs'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canGetJobs'],
+        },
       },
       summary: 'Get model snapshots by id',
       description: 'Returns the model snapshots for the specified job ID and snapshot ID',
@@ -611,8 +643,10 @@ export function jobRoutes({ router, routeGuard }: RouteInitialization) {
     .post({
       path: `${ML_INTERNAL_BASE_PATH}/anomaly_detectors/{jobId}/model_snapshots/{snapshotId}/_update`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canCreateJob'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canCreateJob'],
+        },
       },
       summary: 'Updates model snapshot by snapshot ID',
       description: 'Updates the model snapshot for the specified snapshot ID',
@@ -647,8 +681,10 @@ export function jobRoutes({ router, routeGuard }: RouteInitialization) {
     .delete({
       path: `${ML_INTERNAL_BASE_PATH}/anomaly_detectors/{jobId}/model_snapshots/{snapshotId}`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canCreateJob'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canCreateJob'],
+        },
       },
       summary: 'Deletes model snapshots by snapshot ID',
       description: 'Deletes the model snapshot for the specified snapshot ID',
diff --git a/x-pack/plugins/ml/server/routes/calendars.ts b/x-pack/plugins/ml/server/routes/calendars.ts
index 9ca93a78a51a3..263854bd8b6b8 100644
--- a/x-pack/plugins/ml/server/routes/calendars.ts
+++ b/x-pack/plugins/ml/server/routes/calendars.ts
@@ -48,8 +48,10 @@ export function calendars({ router, routeGuard }: RouteInitialization) {
     .get({
       path: `${ML_INTERNAL_BASE_PATH}/calendars`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canGetCalendars'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canGetCalendars'],
+        },
       },
       summary: 'Gets calendars',
       description: 'Gets calendars - size limit has been explicitly set to 10000',
@@ -76,8 +78,10 @@ export function calendars({ router, routeGuard }: RouteInitialization) {
     .get({
       path: `${ML_INTERNAL_BASE_PATH}/calendars/{calendarIds}`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canGetCalendars'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canGetCalendars'],
+        },
       },
       summary: 'Gets a calendar',
       description: 'Gets a calendar by id',
@@ -115,8 +119,10 @@ export function calendars({ router, routeGuard }: RouteInitialization) {
     .put({
       path: `${ML_INTERNAL_BASE_PATH}/calendars`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canCreateCalendar'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canCreateCalendar'],
+        },
       },
       summary: 'Creates a calendar',
       description: 'Creates a calendar',
@@ -149,8 +155,10 @@ export function calendars({ router, routeGuard }: RouteInitialization) {
     .put({
       path: `${ML_INTERNAL_BASE_PATH}/calendars/{calendarId}`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canCreateCalendar'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canCreateCalendar'],
+        },
       },
       summary: 'Updates a calendar',
       description: 'Updates a calendar',
@@ -185,8 +193,10 @@ export function calendars({ router, routeGuard }: RouteInitialization) {
     .delete({
       path: `${ML_INTERNAL_BASE_PATH}/calendars/{calendarId}`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canDeleteCalendar'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canDeleteCalendar'],
+        },
       },
       summary: 'Deletes a calendar',
       description: 'Deletes a calendar',
diff --git a/x-pack/plugins/ml/server/routes/data_frame_analytics.ts b/x-pack/plugins/ml/server/routes/data_frame_analytics.ts
index 0229f9e9bba5b..007361f97af4a 100644
--- a/x-pack/plugins/ml/server/routes/data_frame_analytics.ts
+++ b/x-pack/plugins/ml/server/routes/data_frame_analytics.ts
@@ -119,8 +119,10 @@ export function dataFrameAnalyticsRoutes(
     .get({
       path: `${ML_INTERNAL_BASE_PATH}/data_frame/analytics`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canGetDataFrameAnalytics'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canGetDataFrameAnalytics'],
+        },
       },
       summary: 'Gets data frame analytics',
       description: 'Returns the list of data frame analytics jobs.',
@@ -153,8 +155,10 @@ export function dataFrameAnalyticsRoutes(
     .get({
       path: `${ML_INTERNAL_BASE_PATH}/data_frame/analytics/{analyticsId}`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canGetDataFrameAnalytics'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canGetDataFrameAnalytics'],
+        },
       },
       summary: 'Gets data frame analytics by id',
       description: 'Returns the data frame analytics job by id.',
@@ -191,8 +195,10 @@ export function dataFrameAnalyticsRoutes(
     .get({
       path: `${ML_INTERNAL_BASE_PATH}/data_frame/analytics/_stats`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canGetDataFrameAnalytics'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canGetDataFrameAnalytics'],
+        },
       },
       summary: 'Gets data frame analytics stats',
       description: 'Returns the data frame analytics job statistics.',
@@ -218,8 +224,10 @@ export function dataFrameAnalyticsRoutes(
     .get({
       path: `${ML_INTERNAL_BASE_PATH}/data_frame/analytics/{analyticsId}/_stats`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canGetDataFrameAnalytics'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canGetDataFrameAnalytics'],
+        },
       },
       summary: 'Gets data frame analytics stats by id',
       description: 'Returns the data frame analytics job statistics by id.',
@@ -252,8 +260,10 @@ export function dataFrameAnalyticsRoutes(
     .put({
       path: `${ML_INTERNAL_BASE_PATH}/data_frame/analytics/{analyticsId}`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canCreateDataFrameAnalytics'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canCreateDataFrameAnalytics'],
+        },
       },
       summary: 'Updates data frame analytics job',
       description:
@@ -329,8 +339,10 @@ export function dataFrameAnalyticsRoutes(
     .post({
       path: `${ML_INTERNAL_BASE_PATH}/data_frame/_evaluate`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canGetDataFrameAnalytics'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canGetDataFrameAnalytics'],
+        },
       },
       summary: 'Evaluates the data frame analytics',
       description: 'Evaluates the data frame analytics for an annotated index.',
@@ -366,8 +378,10 @@ export function dataFrameAnalyticsRoutes(
     .post({
       path: `${ML_INTERNAL_BASE_PATH}/data_frame/analytics/_explain`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canCreateDataFrameAnalytics'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canCreateDataFrameAnalytics'],
+        },
       },
       summary: 'Explains a data frame analytics job config',
       description:
@@ -403,8 +417,10 @@ export function dataFrameAnalyticsRoutes(
     .delete({
       path: `${ML_INTERNAL_BASE_PATH}/data_frame/analytics/{analyticsId}`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canDeleteDataFrameAnalytics'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canDeleteDataFrameAnalytics'],
+        },
       },
       summary: 'Deletes data frame analytics job',
       description: 'Deletes specified data frame analytics job.',
@@ -506,8 +522,10 @@ export function dataFrameAnalyticsRoutes(
     .post({
       path: `${ML_INTERNAL_BASE_PATH}/data_frame/analytics/{analyticsId}/_start`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canStartStopDataFrameAnalytics'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canStartStopDataFrameAnalytics'],
+        },
       },
       summary: 'Starts specified analytics job',
       description: 'Starts a data frame analytics job.',
@@ -540,8 +558,10 @@ export function dataFrameAnalyticsRoutes(
     .post({
       path: `${ML_INTERNAL_BASE_PATH}/data_frame/analytics/{analyticsId}/_stop`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canStartStopDataFrameAnalytics'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canStartStopDataFrameAnalytics'],
+        },
       },
       summary: 'Stops specified analytics job',
       description: 'Stops a data frame analytics job.',
@@ -576,8 +596,10 @@ export function dataFrameAnalyticsRoutes(
     .post({
       path: `${ML_INTERNAL_BASE_PATH}/data_frame/analytics/{analyticsId}/_update`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canCreateDataFrameAnalytics'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canCreateDataFrameAnalytics'],
+        },
       },
       summary: 'Updates specified analytics job',
       description: 'Updates a data frame analytics job.',
@@ -615,8 +637,10 @@ export function dataFrameAnalyticsRoutes(
     .get({
       path: `${ML_INTERNAL_BASE_PATH}/data_frame/analytics/{analyticsId}/messages`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canGetDataFrameAnalytics'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canGetDataFrameAnalytics'],
+        },
       },
       summary: 'Gets data frame analytics messages',
       description: 'Returns the list of audit messages for data frame analytics jobs.',
@@ -649,8 +673,10 @@ export function dataFrameAnalyticsRoutes(
     .post({
       path: `${ML_INTERNAL_BASE_PATH}/data_frame/analytics/jobs_exist`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canGetDataFrameAnalytics'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canGetDataFrameAnalytics'],
+        },
       },
       summary: 'Checks if jobs exist',
       description:
@@ -700,8 +726,10 @@ export function dataFrameAnalyticsRoutes(
     .get({
       path: `${ML_INTERNAL_BASE_PATH}/data_frame/analytics/map/{analyticsId}`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canGetDataFrameAnalytics'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canGetDataFrameAnalytics'],
+        },
       },
       summary: 'Gets a data frame analytics jobs map',
       description: 'Returns map of objects leading up to analytics job.',
@@ -761,8 +789,10 @@ export function dataFrameAnalyticsRoutes(
     .get({
       path: `${ML_INTERNAL_BASE_PATH}/data_frame/analytics/new_job_caps/{indexPattern}`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canGetJobs'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canGetJobs'],
+        },
       },
       summary: 'Get fields for a pattern of indices used for analytics',
       description: 'Returns the fields for a pattern of indices used for analytics.',
@@ -809,8 +839,10 @@ export function dataFrameAnalyticsRoutes(
     .post({
       path: `${ML_INTERNAL_BASE_PATH}/data_frame/analytics/validate`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canCreateDataFrameAnalytics'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canCreateDataFrameAnalytics'],
+        },
       },
       summary: 'Validates the data frame analytics job config',
       description: 'Validates the data frame analytics job config.',
diff --git a/x-pack/plugins/ml/server/routes/data_visualizer.ts b/x-pack/plugins/ml/server/routes/data_visualizer.ts
index 32a782a2acd69..abdf79e6106da 100644
--- a/x-pack/plugins/ml/server/routes/data_visualizer.ts
+++ b/x-pack/plugins/ml/server/routes/data_visualizer.ts
@@ -38,8 +38,10 @@ export function dataVisualizerRoutes({ router, routeGuard }: RouteInitialization
     .post({
       path: `${ML_INTERNAL_BASE_PATH}/data_visualizer/get_field_histograms/{indexPattern}`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canGetFieldInfo'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canGetFieldInfo'],
+        },
       },
       summary: 'Gets histograms for fields',
       description: 'Returns the histograms on a list fields in the specified index pattern.',
diff --git a/x-pack/plugins/ml/server/routes/datafeeds.ts b/x-pack/plugins/ml/server/routes/datafeeds.ts
index a8fbc8c2ceac5..8939471ef5624 100644
--- a/x-pack/plugins/ml/server/routes/datafeeds.ts
+++ b/x-pack/plugins/ml/server/routes/datafeeds.ts
@@ -25,8 +25,10 @@ export function dataFeedRoutes({ router, routeGuard }: RouteInitialization) {
     .get({
       path: `${ML_INTERNAL_BASE_PATH}/datafeeds`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canGetDatafeeds'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canGetDatafeeds'],
+        },
       },
       summary: 'Gets all datafeeds',
       description: 'Retrieves configuration information for datafeeds.',
@@ -52,8 +54,10 @@ export function dataFeedRoutes({ router, routeGuard }: RouteInitialization) {
     .get({
       path: `${ML_INTERNAL_BASE_PATH}/datafeeds/{datafeedId}`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canGetDatafeeds'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canGetDatafeeds'],
+        },
       },
       summary: 'Get datafeed for given datafeed id',
       description: 'Retrieves configuration information for a datafeed.',
@@ -85,8 +89,10 @@ export function dataFeedRoutes({ router, routeGuard }: RouteInitialization) {
     .get({
       path: `${ML_INTERNAL_BASE_PATH}/datafeeds/_stats`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canGetDatafeeds'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canGetDatafeeds'],
+        },
       },
       summary: 'Gets stats for all datafeeds',
       description: 'Retrieves usage information for datafeeds.',
@@ -112,8 +118,10 @@ export function dataFeedRoutes({ router, routeGuard }: RouteInitialization) {
     .get({
       path: `${ML_INTERNAL_BASE_PATH}/datafeeds/{datafeedId}/_stats`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canGetDatafeeds'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canGetDatafeeds'],
+        },
       },
       summary: 'Get datafeed stats for given datafeed id',
       description: 'Retrieves usage information for a datafeed.',
@@ -147,8 +155,10 @@ export function dataFeedRoutes({ router, routeGuard }: RouteInitialization) {
     .put({
       path: `${ML_INTERNAL_BASE_PATH}/datafeeds/{datafeedId}`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canCreateDatafeed'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canCreateDatafeed'],
+        },
       },
       summary: 'Creates a datafeed',
       description: 'Instantiates a datafeed.',
@@ -188,8 +198,10 @@ export function dataFeedRoutes({ router, routeGuard }: RouteInitialization) {
     .post({
       path: `${ML_INTERNAL_BASE_PATH}/datafeeds/{datafeedId}/_update`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canUpdateDatafeed'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canUpdateDatafeed'],
+        },
       },
       summary: 'Updates a datafeed',
       description: 'Updates certain properties of a datafeed.',
@@ -229,8 +241,10 @@ export function dataFeedRoutes({ router, routeGuard }: RouteInitialization) {
     .delete({
       path: `${ML_INTERNAL_BASE_PATH}/datafeeds/{datafeedId}`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canDeleteDatafeed'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canDeleteDatafeed'],
+        },
       },
       summary: 'Deletes a datafeed',
       description: 'Deletes an existing datafeed.',
@@ -270,8 +284,10 @@ export function dataFeedRoutes({ router, routeGuard }: RouteInitialization) {
     .post({
       path: `${ML_INTERNAL_BASE_PATH}/datafeeds/{datafeedId}/_start`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canStartStopDatafeed'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canStartStopDatafeed'],
+        },
       },
       summary: 'Starts a datafeed',
       description: 'Starts one or more datafeeds',
@@ -312,8 +328,10 @@ export function dataFeedRoutes({ router, routeGuard }: RouteInitialization) {
     .post({
       path: `${ML_INTERNAL_BASE_PATH}/datafeeds/{datafeedId}/_stop`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canStartStopDatafeed'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canStartStopDatafeed'],
+        },
       },
       summary: 'Stops a datafeed',
       description: 'Stops one or more datafeeds',
@@ -348,8 +366,10 @@ export function dataFeedRoutes({ router, routeGuard }: RouteInitialization) {
     .get({
       path: `${ML_INTERNAL_BASE_PATH}/datafeeds/{datafeedId}/_preview`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canPreviewDatafeed'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canPreviewDatafeed'],
+        },
       },
       summary: 'Previews a datafeed',
       description: 'Previews a datafeed',
diff --git a/x-pack/plugins/ml/server/routes/fields_service.ts b/x-pack/plugins/ml/server/routes/fields_service.ts
index ae4bfa6110a3e..a86f1d2c01cdc 100644
--- a/x-pack/plugins/ml/server/routes/fields_service.ts
+++ b/x-pack/plugins/ml/server/routes/fields_service.ts
@@ -37,8 +37,10 @@ export function fieldsService({ router, routeGuard }: RouteInitialization) {
     .post({
       path: `${ML_INTERNAL_BASE_PATH}/fields_service/field_cardinality`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canGetFieldInfo'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canGetFieldInfo'],
+        },
       },
       summary: 'Gets cardinality of fields',
       description:
@@ -76,8 +78,10 @@ export function fieldsService({ router, routeGuard }: RouteInitialization) {
     .post({
       path: `${ML_INTERNAL_BASE_PATH}/fields_service/time_field_range`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canGetFieldInfo'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canGetFieldInfo'],
+        },
       },
       summary: 'Get time field range',
       description:
diff --git a/x-pack/plugins/ml/server/routes/filters.ts b/x-pack/plugins/ml/server/routes/filters.ts
index c654bbf0e2bae..c2b7ad5a9acb2 100644
--- a/x-pack/plugins/ml/server/routes/filters.ts
+++ b/x-pack/plugins/ml/server/routes/filters.ts
@@ -50,8 +50,10 @@ export function filtersRoutes({ router, routeGuard }: RouteInitialization) {
     .get({
       path: `${ML_INTERNAL_BASE_PATH}/filters`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canGetFilters'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canGetFilters'],
+        },
       },
       summary: 'Gets filters',
       description:
@@ -79,8 +81,10 @@ export function filtersRoutes({ router, routeGuard }: RouteInitialization) {
     .get({
       path: `${ML_INTERNAL_BASE_PATH}/filters/{filterId}`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canGetFilters'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canGetFilters'],
+        },
       },
       summary: 'Gets filter by ID',
       description: 'Retrieves the filter with the specified ID.',
@@ -108,8 +112,10 @@ export function filtersRoutes({ router, routeGuard }: RouteInitialization) {
     .put({
       path: `${ML_INTERNAL_BASE_PATH}/filters`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canCreateFilter'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canCreateFilter'],
+        },
       },
       summary: 'Creates a filter',
       description: 'Instantiates a filter, for use by custom rules in anomaly detection.',
@@ -139,8 +145,10 @@ export function filtersRoutes({ router, routeGuard }: RouteInitialization) {
     .put({
       path: `${ML_INTERNAL_BASE_PATH}/filters/{filterId}`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canCreateFilter'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canCreateFilter'],
+        },
       },
       summary: 'Updates a filter',
       description: 'Updates the description of a filter, adds items or removes items.',
@@ -174,8 +182,10 @@ export function filtersRoutes({ router, routeGuard }: RouteInitialization) {
     .delete({
       path: `${ML_INTERNAL_BASE_PATH}/filters/{filterId}`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canDeleteFilter'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canDeleteFilter'],
+        },
       },
       summary: 'Deletes a filter',
       description: 'Deletes the filter with the specified ID.',
@@ -207,8 +217,10 @@ export function filtersRoutes({ router, routeGuard }: RouteInitialization) {
     .get({
       path: `${ML_INTERNAL_BASE_PATH}/filters/_stats`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canGetFilters'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canGetFilters'],
+        },
       },
       summary: 'Gets filters stats',
       description:
diff --git a/x-pack/plugins/ml/server/routes/inference_models.ts b/x-pack/plugins/ml/server/routes/inference_models.ts
index d51645a365c62..866398ac56ce9 100644
--- a/x-pack/plugins/ml/server/routes/inference_models.ts
+++ b/x-pack/plugins/ml/server/routes/inference_models.ts
@@ -26,8 +26,10 @@ export function inferenceModelRoutes(
     .put({
       path: `${ML_INTERNAL_BASE_PATH}/_inference/{taskType}/{inferenceId}`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canCreateInferenceEndpoint'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canCreateInferenceEndpoint'],
+        },
       },
       summary: 'Create an inference endpoint',
       description: 'Create an inference endpoint',
@@ -67,8 +69,10 @@ export function inferenceModelRoutes(
     .get({
       path: `${ML_INTERNAL_BASE_PATH}/_inference/all`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canGetTrainedModels'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canGetTrainedModels'],
+        },
       },
       summary: 'Get all inference endpoints',
       description: 'Get all inference endpoints',
diff --git a/x-pack/plugins/ml/server/routes/job_audit_messages.ts b/x-pack/plugins/ml/server/routes/job_audit_messages.ts
index 4cc23555f71b5..09e432b925afb 100644
--- a/x-pack/plugins/ml/server/routes/job_audit_messages.ts
+++ b/x-pack/plugins/ml/server/routes/job_audit_messages.ts
@@ -23,8 +23,10 @@ export function jobAuditMessagesRoutes({ router, routeGuard }: RouteInitializati
     .get({
       path: `${ML_INTERNAL_BASE_PATH}/job_audit_messages/messages/{jobId}`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canGetJobs'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canGetJobs'],
+        },
       },
       summary: 'Gets audit messages',
       description: 'Retrieves the audit messages for the specified job ID.',
@@ -66,8 +68,10 @@ export function jobAuditMessagesRoutes({ router, routeGuard }: RouteInitializati
     .get({
       path: `${ML_INTERNAL_BASE_PATH}/job_audit_messages/messages`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canGetJobs'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canGetJobs'],
+        },
       },
       summary: 'Gets all audit messages',
       description: 'Retrieves all audit messages.',
@@ -102,8 +106,10 @@ export function jobAuditMessagesRoutes({ router, routeGuard }: RouteInitializati
     .put({
       path: `${ML_INTERNAL_BASE_PATH}/job_audit_messages/clear_messages`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canCreateJob'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canCreateJob'],
+        },
       },
       summary: 'Clear messages',
       description: 'Clear the job audit messages.',
diff --git a/x-pack/plugins/ml/server/routes/job_service.ts b/x-pack/plugins/ml/server/routes/job_service.ts
index 37d4bf134004c..3814d36bc3a6c 100644
--- a/x-pack/plugins/ml/server/routes/job_service.ts
+++ b/x-pack/plugins/ml/server/routes/job_service.ts
@@ -43,8 +43,10 @@ export function jobServiceRoutes({ router, routeGuard }: RouteInitialization) {
     .post({
       path: `${ML_INTERNAL_BASE_PATH}/jobs/force_start_datafeeds`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canStartStopDatafeed'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canStartStopDatafeed'],
+        },
       },
       summary: 'Starts datafeeds',
       description: 'Starts one or more datafeeds.',
@@ -77,8 +79,10 @@ export function jobServiceRoutes({ router, routeGuard }: RouteInitialization) {
     .post({
       path: `${ML_INTERNAL_BASE_PATH}/jobs/stop_datafeeds`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canStartStopDatafeed'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canStartStopDatafeed'],
+        },
       },
       summary: 'Stops datafeeds',
       description: 'Stops one or more datafeeds.',
@@ -111,8 +115,10 @@ export function jobServiceRoutes({ router, routeGuard }: RouteInitialization) {
     .post({
       path: `${ML_INTERNAL_BASE_PATH}/jobs/delete_jobs`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canDeleteJob'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canDeleteJob'],
+        },
       },
       summary: 'Deletes jobs',
       description: 'Deletes an existing anomaly detection job.',
@@ -149,8 +155,10 @@ export function jobServiceRoutes({ router, routeGuard }: RouteInitialization) {
     .post({
       path: `${ML_INTERNAL_BASE_PATH}/jobs/close_jobs`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canCloseJob'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canCloseJob'],
+        },
       },
       summary: 'Closes jobs',
       description: 'Closes one or more anomaly detection jobs.',
@@ -183,8 +191,10 @@ export function jobServiceRoutes({ router, routeGuard }: RouteInitialization) {
     .post({
       path: `${ML_INTERNAL_BASE_PATH}/jobs/reset_jobs`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canResetJob'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canResetJob'],
+        },
       },
       summary: 'Resets jobs',
       description: 'Resets one or more anomaly detection jobs.',
@@ -217,8 +227,10 @@ export function jobServiceRoutes({ router, routeGuard }: RouteInitialization) {
     .post({
       path: `${ML_INTERNAL_BASE_PATH}/jobs/force_stop_and_close_job`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canCloseJob', 'access:ml:canStartStopDatafeed'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canCloseJob', 'ml:canStartStopDatafeed'],
+        },
       },
       summary: 'Force stops and closes job',
       description:
@@ -252,8 +264,10 @@ export function jobServiceRoutes({ router, routeGuard }: RouteInitialization) {
     .post({
       path: `${ML_INTERNAL_BASE_PATH}/jobs/jobs_summary`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canGetJobs'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canGetJobs'],
+        },
       },
       summary: 'Jobs summary',
       description:
@@ -286,8 +300,10 @@ export function jobServiceRoutes({ router, routeGuard }: RouteInitialization) {
     .get({
       path: `${ML_INTERNAL_BASE_PATH}/jobs/jobs_with_geo`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canGetJobs'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canGetJobs'],
+        },
       },
       summary: 'Jobs with geo',
       description:
@@ -322,8 +338,10 @@ export function jobServiceRoutes({ router, routeGuard }: RouteInitialization) {
     .post({
       path: `${ML_INTERNAL_BASE_PATH}/jobs/jobs_with_time_range`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canGetJobs'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canGetJobs'],
+        },
       },
       summary: 'Jobs with time range',
       description: "Creates a list of jobs with data about the job's time range.",
@@ -351,8 +369,10 @@ export function jobServiceRoutes({ router, routeGuard }: RouteInitialization) {
     .post({
       path: `${ML_INTERNAL_BASE_PATH}/jobs/job_for_cloning`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canGetJobs'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canGetJobs'],
+        },
       },
       summary: 'Get job for cloning',
       description: 'Get the job configuration with auto generated fields excluded for cloning',
@@ -385,8 +405,10 @@ export function jobServiceRoutes({ router, routeGuard }: RouteInitialization) {
     .post({
       path: `${ML_INTERNAL_BASE_PATH}/jobs/jobs`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canGetJobs'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canGetJobs'],
+        },
       },
       summary: 'Create jobs list',
       description: 'Creates a list of jobs.',
@@ -424,8 +446,10 @@ export function jobServiceRoutes({ router, routeGuard }: RouteInitialization) {
     .get({
       path: `${ML_INTERNAL_BASE_PATH}/jobs/groups`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canGetJobs'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canGetJobs'],
+        },
       },
       summary: 'Get all groups',
       description: 'Returns array of group objects with job ids listed for each group.',
@@ -453,8 +477,10 @@ export function jobServiceRoutes({ router, routeGuard }: RouteInitialization) {
     .post({
       path: `${ML_INTERNAL_BASE_PATH}/jobs/update_groups`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canUpdateJob'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canUpdateJob'],
+        },
       },
       summary: 'Update job groups',
       description: 'Updates the groups property of an anomaly detection job.',
@@ -487,8 +513,10 @@ export function jobServiceRoutes({ router, routeGuard }: RouteInitialization) {
     .get({
       path: `${ML_INTERNAL_BASE_PATH}/jobs/blocking_jobs_tasks`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canGetJobs'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canGetJobs'],
+        },
       },
       summary: 'Get blocking job tasks',
       description: 'Gets the ids of deleting, resetting or reverting anomaly detection jobs.',
@@ -516,8 +544,10 @@ export function jobServiceRoutes({ router, routeGuard }: RouteInitialization) {
     .post({
       path: `${ML_INTERNAL_BASE_PATH}/jobs/jobs_exist`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canGetJobs'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canGetJobs'],
+        },
       },
       summary: 'Check if jobs exist',
       description:
@@ -551,8 +581,10 @@ export function jobServiceRoutes({ router, routeGuard }: RouteInitialization) {
     .get({
       path: `${ML_INTERNAL_BASE_PATH}/jobs/new_job_caps/{indexPattern}`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canGetJobs'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canGetJobs'],
+        },
       },
       summary: 'Get new job capabilities',
       description: 'Retrieve the capabilities of fields for indices',
@@ -591,8 +623,10 @@ export function jobServiceRoutes({ router, routeGuard }: RouteInitialization) {
     .post({
       path: `${ML_INTERNAL_BASE_PATH}/jobs/new_job_line_chart`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canCreateJob'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canCreateJob'],
+        },
       },
       summary: 'Get job line chart data',
       description: 'Returns line chart data for anomaly detection job',
@@ -650,8 +684,10 @@ export function jobServiceRoutes({ router, routeGuard }: RouteInitialization) {
     .post({
       path: `${ML_INTERNAL_BASE_PATH}/jobs/new_job_population_chart`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canCreateJob'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canCreateJob'],
+        },
       },
       summary: 'Get job population chart data',
       description: 'Returns population chart data for anomaly detection job',
@@ -707,8 +743,10 @@ export function jobServiceRoutes({ router, routeGuard }: RouteInitialization) {
     .get({
       path: `${ML_INTERNAL_BASE_PATH}/jobs/all_jobs_and_group_ids`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canGetJobs'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canGetJobs'],
+        },
       },
       summary: 'Get all job and group IDs',
       description: 'Returns a list of all job IDs and all group IDs',
@@ -736,8 +774,10 @@ export function jobServiceRoutes({ router, routeGuard }: RouteInitialization) {
     .post({
       path: `${ML_INTERNAL_BASE_PATH}/jobs/look_back_progress`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canCreateJob'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canCreateJob'],
+        },
       },
       summary: 'Get lookback progress',
       description: 'Returns current progress of anomaly detection job',
@@ -770,8 +810,10 @@ export function jobServiceRoutes({ router, routeGuard }: RouteInitialization) {
     .post({
       path: `${ML_INTERNAL_BASE_PATH}/jobs/categorization_field_validation`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canCreateJob'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canCreateJob'],
+        },
       },
       summary: 'Get categorization field examples',
       description: 'Returns examples of categorization field',
@@ -827,8 +869,10 @@ export function jobServiceRoutes({ router, routeGuard }: RouteInitialization) {
     .post({
       path: `${ML_INTERNAL_BASE_PATH}/jobs/top_categories`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canGetJobs'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canGetJobs'],
+        },
       },
       summary: 'Get top categories',
       description: 'Returns list of top categories',
@@ -870,8 +914,10 @@ export function jobServiceRoutes({ router, routeGuard }: RouteInitialization) {
     .post({
       path: `${ML_INTERNAL_BASE_PATH}/jobs/datafeed_preview`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canPreviewDatafeed'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canPreviewDatafeed'],
+        },
       },
       summary: 'Get datafeed preview',
       description: 'Returns a preview of the datafeed search',
@@ -918,8 +964,10 @@ export function jobServiceRoutes({ router, routeGuard }: RouteInitialization) {
     .post({
       path: `${ML_INTERNAL_BASE_PATH}/jobs/revert_model_snapshot`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canCreateJob', 'access:ml:canStartStopDatafeed'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canCreateJob', 'ml:canStartStopDatafeed'],
+        },
       },
       summary: 'Revert model snapshot',
       description:
@@ -961,8 +1009,10 @@ export function jobServiceRoutes({ router, routeGuard }: RouteInitialization) {
     .post({
       path: `${ML_INTERNAL_BASE_PATH}/jobs/bulk_create`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canPreviewDatafeed'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canPreviewDatafeed'],
+        },
       },
       summary: 'Bulk create jobs and datafeeds',
       description: 'Bulk create jobs and datafeeds.',
diff --git a/x-pack/plugins/ml/server/routes/job_validation.ts b/x-pack/plugins/ml/server/routes/job_validation.ts
index 0418ccc57e2b3..c66e6aa5d3bfe 100644
--- a/x-pack/plugins/ml/server/routes/job_validation.ts
+++ b/x-pack/plugins/ml/server/routes/job_validation.ts
@@ -67,8 +67,10 @@ export function jobValidationRoutes({ router, mlLicense, routeGuard }: RouteInit
     .post({
       path: `${ML_INTERNAL_BASE_PATH}/validate/estimate_bucket_span`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canCreateJob'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canCreateJob'],
+        },
       },
       summary: 'Estimates bucket span',
       description:
@@ -112,8 +114,10 @@ export function jobValidationRoutes({ router, mlLicense, routeGuard }: RouteInit
     .post({
       path: `${ML_INTERNAL_BASE_PATH}/validate/calculate_model_memory_limit`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canCreateJob'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canCreateJob'],
+        },
       },
       summary: 'Calculates model memory limit',
       description: 'Calls _estimate_model_memory endpoint to retrieve model memory estimation.',
@@ -144,8 +148,10 @@ export function jobValidationRoutes({ router, mlLicense, routeGuard }: RouteInit
     .post({
       path: `${ML_INTERNAL_BASE_PATH}/validate/cardinality`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canCreateJob'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canCreateJob'],
+        },
       },
       summary: 'Validates cardinality',
       description: 'Validates cardinality for the given job configuration.',
@@ -177,8 +183,10 @@ export function jobValidationRoutes({ router, mlLicense, routeGuard }: RouteInit
     .post({
       path: `${ML_INTERNAL_BASE_PATH}/validate/job`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canCreateJob'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canCreateJob'],
+        },
       },
       summary: 'Validates job',
       description: 'Validates the given job configuration.',
@@ -215,8 +223,10 @@ export function jobValidationRoutes({ router, mlLicense, routeGuard }: RouteInit
     .post({
       path: `${ML_INTERNAL_BASE_PATH}/validate/datafeed_preview`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canCreateJob'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canCreateJob'],
+        },
       },
       summary: 'Validates datafeed preview',
       description: 'Validates that the datafeed preview runs successfully and produces results.',
diff --git a/x-pack/plugins/ml/server/routes/management.ts b/x-pack/plugins/ml/server/routes/management.ts
index 422e5e0944aad..9d81aa06602c1 100644
--- a/x-pack/plugins/ml/server/routes/management.ts
+++ b/x-pack/plugins/ml/server/routes/management.ts
@@ -29,12 +29,14 @@ export function managementRoutes({ router, routeGuard, getEnabledFeatures }: Rou
     .get({
       path: `${ML_INTERNAL_BASE_PATH}/management/list/{listType}`,
       access: 'internal',
-      options: {
-        tags: [
-          'access:ml:canCreateJob',
-          'access:ml:canCreateDataFrameAnalytics',
-          'access:ml:canCreateTrainedModels',
-        ],
+      security: {
+        authz: {
+          requiredPrivileges: [
+            'ml:canCreateJob',
+            'ml:canCreateDataFrameAnalytics',
+            'ml:canCreateTrainedModels',
+          ],
+        },
       },
       summary: 'Gets management list',
       description:
diff --git a/x-pack/plugins/ml/server/routes/model_management.ts b/x-pack/plugins/ml/server/routes/model_management.ts
index d568b0f3ed91a..7db10ca17ff15 100644
--- a/x-pack/plugins/ml/server/routes/model_management.ts
+++ b/x-pack/plugins/ml/server/routes/model_management.ts
@@ -29,13 +29,15 @@ export function modelManagementRoutes({
     .get({
       path: `${ML_INTERNAL_BASE_PATH}/model_management/nodes_overview`,
       access: 'internal',
-      options: {
-        tags: [
-          'access:ml:canViewMlNodes',
-          'access:ml:canGetDataFrameAnalytics',
-          'access:ml:canGetJobs',
-          'access:ml:canGetTrainedModels',
-        ],
+      security: {
+        authz: {
+          requiredPrivileges: [
+            'ml:canViewMlNodes',
+            'ml:canGetDataFrameAnalytics',
+            'ml:canGetJobs',
+            'ml:canGetTrainedModels',
+          ],
+        },
       },
       summary: 'Get node overview about the models allocation',
       description: 'Retrieves the list of ML nodes with memory breakdown and allocated models info',
@@ -62,13 +64,15 @@ export function modelManagementRoutes({
     .get({
       path: `${ML_INTERNAL_BASE_PATH}/model_management/memory_usage`,
       access: 'internal',
-      options: {
-        tags: [
-          'access:ml:canViewMlNodes',
-          'access:ml:canGetDataFrameAnalytics',
-          'access:ml:canGetJobs',
-          'access:ml:canGetTrainedModels',
-        ],
+      security: {
+        authz: {
+          requiredPrivileges: [
+            'ml:canViewMlNodes',
+            'ml:canGetDataFrameAnalytics',
+            'ml:canGetJobs',
+            'ml:canGetTrainedModels',
+          ],
+        },
       },
       summary: 'Get memory usage for jobs and trained models',
       description: 'Retrieves the memory usage for jobs and trained models',
diff --git a/x-pack/plugins/ml/server/routes/modules.ts b/x-pack/plugins/ml/server/routes/modules.ts
index a4eefdf08cf66..5a0385d1ce7de 100644
--- a/x-pack/plugins/ml/server/routes/modules.ts
+++ b/x-pack/plugins/ml/server/routes/modules.ts
@@ -35,8 +35,10 @@ export function dataRecognizer(
     .get({
       path: `${ML_INTERNAL_BASE_PATH}/modules/recognize/{indexPatternTitle}`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canCreateJob'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canCreateJob'],
+        },
       },
       summary: 'Recognize index pattern',
       description:
@@ -96,8 +98,10 @@ export function dataRecognizer(
     .get({
       path: `${ML_INTERNAL_BASE_PATH}/modules/recognize_by_module/{moduleId}`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canCreateJob'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canCreateJob'],
+        },
       },
       summary: 'Recognize module',
       description:
@@ -152,8 +156,10 @@ export function dataRecognizer(
     .get({
       path: `${ML_INTERNAL_BASE_PATH}/modules/get_module/{moduleId?}`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canGetJobs'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canGetJobs'],
+        },
       },
       summary: 'Get module',
       description:
@@ -224,8 +230,10 @@ export function dataRecognizer(
     .post({
       path: `${ML_INTERNAL_BASE_PATH}/modules/setup/{moduleId}`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canCreateJob'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canCreateJob'],
+        },
       },
       summary: 'Setup module',
       description:
@@ -323,8 +331,10 @@ export function dataRecognizer(
     .get({
       path: `${ML_INTERNAL_BASE_PATH}/modules/jobs_exist/{moduleId}`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canGetJobs'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canGetJobs'],
+        },
       },
       summary: 'Check if module jobs exist',
       description: `Check whether the jobs in the module with the specified ID exist in the current list of jobs. The check runs a test to see if any of the jobs in existence have an ID which ends with the ID of each job in the module. This is done as a prefix may be supplied in the setup endpoint which is added to the start of the ID of every job in the module.`,
diff --git a/x-pack/plugins/ml/server/routes/notifications.ts b/x-pack/plugins/ml/server/routes/notifications.ts
index 02e7694834b73..13ece4a031d06 100644
--- a/x-pack/plugins/ml/server/routes/notifications.ts
+++ b/x-pack/plugins/ml/server/routes/notifications.ts
@@ -23,12 +23,14 @@ export function notificationsRoutes({
     .get({
       path: `${ML_INTERNAL_BASE_PATH}/notifications`,
       access: 'internal',
-      options: {
-        tags: [
-          'access:ml:canGetJobs',
-          'access:ml:canGetDataFrameAnalytics',
-          'access:ml:canGetTrainedModels',
-        ],
+      security: {
+        authz: {
+          requiredPrivileges: [
+            'ml:canGetJobs',
+            'ml:canGetDataFrameAnalytics',
+            'ml:canGetTrainedModels',
+          ],
+        },
       },
       summary: 'Get notifications',
       description: 'Retrieves notifications based on provided criteria.',
@@ -67,12 +69,14 @@ export function notificationsRoutes({
     .get({
       path: `${ML_INTERNAL_BASE_PATH}/notifications/count`,
       access: 'internal',
-      options: {
-        tags: [
-          'access:ml:canGetJobs',
-          'access:ml:canGetDataFrameAnalytics',
-          'access:ml:canGetTrainedModels',
-        ],
+      security: {
+        authz: {
+          requiredPrivileges: [
+            'ml:canGetJobs',
+            'ml:canGetDataFrameAnalytics',
+            'ml:canGetTrainedModels',
+          ],
+        },
       },
       summary: 'Get notification counts',
       description: 'Counts notifications by level.',
diff --git a/x-pack/plugins/ml/server/routes/results_service.ts b/x-pack/plugins/ml/server/routes/results_service.ts
index e558c1f94a300..fb0e73789c240 100644
--- a/x-pack/plugins/ml/server/routes/results_service.ts
+++ b/x-pack/plugins/ml/server/routes/results_service.ts
@@ -110,8 +110,10 @@ export function resultsServiceRoutes({ router, routeGuard }: RouteInitialization
     .post({
       path: `${ML_INTERNAL_BASE_PATH}/results/anomalies_table_data`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canGetJobs'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canGetJobs'],
+        },
       },
       summary: 'Get anomalies records for table display',
       description:
@@ -143,8 +145,10 @@ export function resultsServiceRoutes({ router, routeGuard }: RouteInitialization
     .post({
       path: `${ML_INTERNAL_BASE_PATH}/results/category_definition`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canGetJobs'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canGetJobs'],
+        },
       },
       summary: 'Get category definition',
       description: 'Returns the definition of the category with the specified ID and job ID.',
@@ -175,8 +179,10 @@ export function resultsServiceRoutes({ router, routeGuard }: RouteInitialization
     .post({
       path: `${ML_INTERNAL_BASE_PATH}/results/max_anomaly_score`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canGetJobs'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canGetJobs'],
+        },
       },
       summary: 'Get the maximum anomaly_score',
       description:
@@ -208,8 +214,10 @@ export function resultsServiceRoutes({ router, routeGuard }: RouteInitialization
     .post({
       path: `${ML_INTERNAL_BASE_PATH}/results/category_examples`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canGetJobs'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canGetJobs'],
+        },
       },
       summary: 'Get category examples',
       description:
@@ -241,8 +249,10 @@ export function resultsServiceRoutes({ router, routeGuard }: RouteInitialization
     .post({
       path: `${ML_INTERNAL_BASE_PATH}/results/partition_fields_values`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canGetJobs'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canGetJobs'],
+        },
       },
       summary: 'Get partition fields values',
       description:
@@ -274,8 +284,10 @@ export function resultsServiceRoutes({ router, routeGuard }: RouteInitialization
     .post({
       path: `${ML_INTERNAL_BASE_PATH}/results/anomaly_search`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canGetJobs'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canGetJobs'],
+        },
       },
       summary: 'Run a search on the anomaly results index',
       description:
@@ -307,8 +319,10 @@ export function resultsServiceRoutes({ router, routeGuard }: RouteInitialization
     .get({
       path: `${ML_INTERNAL_BASE_PATH}/results/{jobId}/categorizer_stats`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canGetJobs'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canGetJobs'],
+        },
       },
       summary: 'Get categorizer statistics',
       description: 'Returns the categorizer statistics for the specified job ID.',
@@ -339,8 +353,10 @@ export function resultsServiceRoutes({ router, routeGuard }: RouteInitialization
     .post({
       path: `${ML_INTERNAL_BASE_PATH}/results/category_stopped_partitions`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canGetJobs'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canGetJobs'],
+        },
       },
       summary: 'Get partitions that have stopped being categorized',
       description:
@@ -371,8 +387,10 @@ export function resultsServiceRoutes({ router, routeGuard }: RouteInitialization
     .post({
       path: `${ML_INTERNAL_BASE_PATH}/results/datafeed_results_chart`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canGetJobs'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canGetJobs'],
+        },
       },
       summary: 'Get datafeed results chart data',
       description: 'Returns datafeed results chart data',
@@ -404,8 +422,10 @@ export function resultsServiceRoutes({ router, routeGuard }: RouteInitialization
     .post({
       path: `${ML_INTERNAL_BASE_PATH}/results/anomaly_charts`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canGetJobs'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canGetJobs'],
+        },
       },
       summary: 'Get data for anomaly charts',
       description: 'Returns anomaly charts data',
@@ -437,8 +457,10 @@ export function resultsServiceRoutes({ router, routeGuard }: RouteInitialization
     .post({
       path: `${ML_INTERNAL_BASE_PATH}/results/anomaly_records`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canGetJobs'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canGetJobs'],
+        },
       },
       summary: 'Get anomaly records for criteria',
       description: 'Returns anomaly records',
diff --git a/x-pack/plugins/ml/server/routes/saved_objects.ts b/x-pack/plugins/ml/server/routes/saved_objects.ts
index 74eb14ef68f8a..437f0a80eb1d7 100644
--- a/x-pack/plugins/ml/server/routes/saved_objects.ts
+++ b/x-pack/plugins/ml/server/routes/saved_objects.ts
@@ -32,8 +32,10 @@ export function savedObjectsRoutes(
     .get({
       path: `${ML_INTERNAL_BASE_PATH}/saved_objects/status`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canGetJobs', 'access:ml:canGetTrainedModels'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canGetJobs', 'ml:canGetTrainedModels'],
+        },
       },
       summary: 'Get job and trained model saved object status',
       description:
@@ -63,13 +65,17 @@ export function savedObjectsRoutes(
       path: `${ML_EXTERNAL_BASE_PATH}/saved_objects/sync`,
       access: 'public',
       summary: 'Synchronize machine learning saved objects',
+      security: {
+        authz: {
+          requiredPrivileges: [
+            'ml:canCreateJob',
+            'ml:canCreateDataFrameAnalytics',
+            'ml:canCreateTrainedModels',
+          ],
+        },
+      },
       options: {
-        tags: [
-          'access:ml:canCreateJob',
-          'access:ml:canCreateDataFrameAnalytics',
-          'access:ml:canCreateTrainedModels',
-          'oas-tag:machine learning',
-        ],
+        tags: ['oas-tag:machine learning'],
       },
       description:
         'Synchronizes Kibana saved objects for machine learning jobs and trained models. This API runs automatically when you start Kibana and periodically thereafter.',
@@ -104,12 +110,14 @@ export function savedObjectsRoutes(
     .get({
       path: `${ML_INTERNAL_BASE_PATH}/saved_objects/initialize`,
       access: 'internal',
-      options: {
-        tags: [
-          'access:ml:canCreateJob',
-          'access:ml:canCreateDataFrameAnalytics',
-          'access:ml:canCreateTrainedModels',
-        ],
+      security: {
+        authz: {
+          requiredPrivileges: [
+            'ml:canCreateJob',
+            'ml:canCreateDataFrameAnalytics',
+            'ml:canCreateTrainedModels',
+          ],
+        },
       },
       summary: 'Create saved objects for all job and trained models',
       description:
@@ -145,12 +153,14 @@ export function savedObjectsRoutes(
     .post({
       path: `${ML_INTERNAL_BASE_PATH}/saved_objects/sync_check`,
       access: 'internal',
-      options: {
-        tags: [
-          'access:ml:canGetJobs',
-          'access:ml:canGetDataFrameAnalytics',
-          'access:ml:canGetTrainedModels',
-        ],
+      security: {
+        authz: {
+          requiredPrivileges: [
+            'ml:canGetJobs',
+            'ml:canGetDataFrameAnalytics',
+            'ml:canGetTrainedModels',
+          ],
+        },
       },
       summary: 'Check whether job and trained model saved objects need synchronizing',
       description: 'Check whether job and trained model saved objects need synchronizing.',
@@ -185,8 +195,10 @@ export function savedObjectsRoutes(
     .post({
       path: `${ML_INTERNAL_BASE_PATH}/saved_objects/update_jobs_spaces`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canCreateJob', 'access:ml:canCreateDataFrameAnalytics'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canCreateJob', 'ml:canCreateDataFrameAnalytics'],
+        },
       },
       summary: 'Update what spaces jobs are assigned to',
       description: 'Update a list of jobs to add and/or remove them from given spaces.',
@@ -224,8 +236,10 @@ export function savedObjectsRoutes(
     .post({
       path: `${ML_INTERNAL_BASE_PATH}/saved_objects/update_trained_models_spaces`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canCreateTrainedModels'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canCreateTrainedModels'],
+        },
       },
       summary: 'Update what spaces trained models are assigned to',
       description: 'Update a list of trained models to add and/or remove them from given spaces.',
@@ -262,8 +276,10 @@ export function savedObjectsRoutes(
     .post({
       path: `${ML_INTERNAL_BASE_PATH}/saved_objects/remove_item_from_current_space`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canCreateJob', 'access:ml:canCreateDataFrameAnalytics'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canCreateJob', 'ml:canCreateDataFrameAnalytics'],
+        },
       },
       summary: 'Remove jobs or trained models from the current space',
       description: 'Remove a list of jobs or trained models from the current space.',
@@ -326,8 +342,10 @@ export function savedObjectsRoutes(
     .get({
       path: `${ML_INTERNAL_BASE_PATH}/saved_objects/jobs_spaces`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canGetJobs', 'access:ml:canGetDataFrameAnalytics'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canGetJobs', 'ml:canGetDataFrameAnalytics'],
+        },
       },
       summary: 'Get all jobs and their spaces',
       description: 'List all jobs and their spaces.',
@@ -355,8 +373,10 @@ export function savedObjectsRoutes(
     .get({
       path: `${ML_INTERNAL_BASE_PATH}/saved_objects/trained_models_spaces`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canGetTrainedModels'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canGetTrainedModels'],
+        },
       },
       summary: 'Get all trained models and their spaces',
       description: 'List all trained models and their spaces.',
@@ -384,12 +404,14 @@ export function savedObjectsRoutes(
     .post({
       path: `${ML_INTERNAL_BASE_PATH}/saved_objects/can_delete_ml_space_aware_item/{jobType}`,
       access: 'internal',
-      options: {
-        tags: [
-          'access:ml:canGetJobs',
-          'access:ml:canGetDataFrameAnalytics',
-          'access:ml:canGetTrainedModels',
-        ],
+      security: {
+        authz: {
+          requiredPrivileges: [
+            'ml:canGetJobs',
+            'ml:canGetDataFrameAnalytics',
+            'ml:canGetTrainedModels',
+          ],
+        },
       },
       summary: 'Check whether user can delete a job or trained model',
       description: `Check the user's ability to delete jobs or trained models. Returns whether they are able to fully delete the job or trained model and whether they are able to remove it from the current space. Note, this is only for enabling UI controls. A user calling endpoints directly will still be able to delete or remove the job or trained model from a space.`,
diff --git a/x-pack/plugins/ml/server/routes/system.ts b/x-pack/plugins/ml/server/routes/system.ts
index b6765c4b5f16c..d4127a7428397 100644
--- a/x-pack/plugins/ml/server/routes/system.ts
+++ b/x-pack/plugins/ml/server/routes/system.ts
@@ -27,8 +27,10 @@ export function systemRoutes(
     .post({
       path: `${ML_INTERNAL_BASE_PATH}/_has_privileges`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canGetMlInfo'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canGetMlInfo'],
+        },
       },
       summary: 'Check privileges',
       description: 'Checks if the user has required privileges',
@@ -136,8 +138,10 @@ export function systemRoutes(
     .get({
       path: `${ML_INTERNAL_BASE_PATH}/ml_node_count`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canGetMlInfo'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canGetMlInfo'],
+        },
       },
       summary: 'Get the number of ML nodes',
       description: 'Returns the number of ML nodes',
@@ -162,8 +166,10 @@ export function systemRoutes(
     .get({
       path: `${ML_INTERNAL_BASE_PATH}/info`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canGetMlInfo'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canGetMlInfo'],
+        },
       },
       summary: 'Get ML info',
       description: 'Returns defaults and limits used by machine learning',
@@ -206,8 +212,10 @@ export function systemRoutes(
     .post({
       path: `${ML_INTERNAL_BASE_PATH}/es_search`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canGetJobs'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canGetJobs'],
+        },
       },
       summary: 'ES Search wrapper',
       // @ts-expect-error TODO(https://github.com/elastic/kibana/issues/196095): Replace {RouteDeprecationInfo}
@@ -238,8 +246,10 @@ export function systemRoutes(
     .post({
       path: `${ML_INTERNAL_BASE_PATH}/index_exists`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canGetFieldInfo'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canGetFieldInfo'],
+        },
       },
       summary: 'ES Field caps wrapper checks if index exists',
     })
@@ -281,8 +291,10 @@ export function systemRoutes(
     .post({
       path: `${ML_INTERNAL_BASE_PATH}/reindex_with_pipeline`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canCreateTrainedModels'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canCreateTrainedModels'],
+        },
       },
       summary: 'ES reindex wrapper to reindex with pipeline',
     })
diff --git a/x-pack/plugins/ml/server/routes/trained_models.ts b/x-pack/plugins/ml/server/routes/trained_models.ts
index 15563f7463265..c0010777ecf18 100644
--- a/x-pack/plugins/ml/server/routes/trained_models.ts
+++ b/x-pack/plugins/ml/server/routes/trained_models.ts
@@ -108,8 +108,10 @@ export function trainedModelsRoutes(
     .get({
       path: `${ML_INTERNAL_BASE_PATH}/trained_models/{modelId?}`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canGetTrainedModels'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canGetTrainedModels'],
+        },
       },
       summary: 'Get info of a trained inference model',
       description: 'Retrieves configuration information for a trained model.',
@@ -278,8 +280,10 @@ export function trainedModelsRoutes(
     .get({
       path: `${ML_INTERNAL_BASE_PATH}/trained_models/_stats`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canGetTrainedModels'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canGetTrainedModels'],
+        },
       },
       summary: 'Get stats for all trained models',
       description: 'Retrieves usage information for all trained models.',
@@ -307,8 +311,10 @@ export function trainedModelsRoutes(
     .get({
       path: `${ML_INTERNAL_BASE_PATH}/trained_models/{modelId}/_stats`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canGetTrainedModels'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canGetTrainedModels'],
+        },
       },
       summary: 'Get stats for a trained model',
       description: 'Retrieves usage information for a trained model.',
@@ -342,8 +348,10 @@ export function trainedModelsRoutes(
     .get({
       path: `${ML_INTERNAL_BASE_PATH}/trained_models/{modelId}/pipelines`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canGetTrainedModels'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canGetTrainedModels'],
+        },
       },
       summary: 'Get trained model pipelines',
       description: 'Retrieves ingest pipelines associated with a trained model.',
@@ -376,8 +384,10 @@ export function trainedModelsRoutes(
     .get({
       path: `${ML_INTERNAL_BASE_PATH}/trained_models/ingest_pipelines`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canGetTrainedModels'], // TODO: update permissions
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canGetTrainedModels'],
+        },
       },
       summary: 'Get ingest pipelines',
       description: 'Retrieves ingest pipelines.',
@@ -403,8 +413,10 @@ export function trainedModelsRoutes(
     .post({
       path: `${ML_INTERNAL_BASE_PATH}/trained_models/create_inference_pipeline`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canCreateTrainedModels'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canCreateTrainedModels'],
+        },
       },
       summary: 'Create an inference pipeline',
       description: 'Creates a pipeline with inference processor',
@@ -438,8 +450,10 @@ export function trainedModelsRoutes(
     .put({
       path: `${ML_INTERNAL_BASE_PATH}/trained_models/{modelId}`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canCreateTrainedModels'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canCreateTrainedModels'],
+        },
       },
       summary: 'Put a trained model',
       description: 'Adds a new trained model',
@@ -478,8 +492,10 @@ export function trainedModelsRoutes(
     .delete({
       path: `${ML_INTERNAL_BASE_PATH}/trained_models/{modelId}`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canDeleteTrainedModels'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canDeleteTrainedModels'],
+        },
       },
       summary: 'Delete a trained model',
       description:
@@ -523,8 +539,10 @@ export function trainedModelsRoutes(
     .post({
       path: `${ML_INTERNAL_BASE_PATH}/trained_models/{modelId}/deployment/_start`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canStartStopTrainedModels'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canStartStopTrainedModels'],
+        },
       },
       summary: 'Start trained model deployment',
       description: 'Starts trained model deployment.',
@@ -569,8 +587,10 @@ export function trainedModelsRoutes(
     .post({
       path: `${ML_INTERNAL_BASE_PATH}/trained_models/{modelId}/{deploymentId}/deployment/_update`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canStartStopTrainedModels'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canStartStopTrainedModels'],
+        },
       },
       summary: 'Update trained model deployment',
       description: 'Updates trained model deployment.',
@@ -604,8 +624,10 @@ export function trainedModelsRoutes(
     .post({
       path: `${ML_INTERNAL_BASE_PATH}/trained_models/{modelId}/{deploymentId}/deployment/_stop`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canStartStopTrainedModels'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canStartStopTrainedModels'],
+        },
       },
       summary: 'Stop trained model deployment',
       description: 'Stops trained model deployment.',
@@ -653,8 +675,10 @@ export function trainedModelsRoutes(
     .post({
       path: `${ML_INTERNAL_BASE_PATH}/trained_models/pipeline_simulate`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canTestTrainedModels'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canTestTrainedModels'],
+        },
       },
       summary: 'Simulates an ingest pipeline',
       description: 'Simulates an ingest pipeline.',
@@ -688,8 +712,10 @@ export function trainedModelsRoutes(
     .post({
       path: `${ML_INTERNAL_BASE_PATH}/trained_models/infer/{modelId}/{deploymentId}`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canTestTrainedModels'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canTestTrainedModels'],
+        },
       },
       summary: 'Evaluates a trained model.',
       description: 'Evaluates a trained model.',
@@ -732,8 +758,10 @@ export function trainedModelsRoutes(
     .get({
       path: `${ML_INTERNAL_BASE_PATH}/trained_models/model_downloads`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canGetTrainedModels'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canGetTrainedModels'],
+        },
       },
       summary: 'Get available models for download',
       description:
@@ -761,8 +789,10 @@ export function trainedModelsRoutes(
     .get({
       path: `${ML_INTERNAL_BASE_PATH}/trained_models/elser_config`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canGetTrainedModels'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canGetTrainedModels'],
+        },
       },
       summary: 'Get ELSER config for download',
       description: 'Gets ELSER config for download based on the cluster OS and CPU architecture.',
@@ -797,8 +827,10 @@ export function trainedModelsRoutes(
     .post({
       path: `${ML_INTERNAL_BASE_PATH}/trained_models/install_elastic_trained_model/{modelId}`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canCreateTrainedModels'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canCreateTrainedModels'],
+        },
       },
       summary: 'Install Elastic trained model',
       description: 'Downloads and installs Elastic trained model.',
@@ -835,8 +867,10 @@ export function trainedModelsRoutes(
     .get({
       path: `${ML_INTERNAL_BASE_PATH}/trained_models/download_status`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canCreateTrainedModels'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canCreateTrainedModels'],
+        },
       },
       summary: 'Get models download status',
       description: 'Gets download status for all currently downloading models.',
@@ -865,8 +899,10 @@ export function trainedModelsRoutes(
     .get({
       path: `${ML_INTERNAL_BASE_PATH}/trained_models/curated_model_config/{modelName}`,
       access: 'internal',
-      options: {
-        tags: ['access:ml:canGetTrainedModels'],
+      security: {
+        authz: {
+          requiredPrivileges: ['ml:canGetTrainedModels'],
+        },
       },
       summary: 'Get curated model config',
       description:
diff --git a/x-pack/plugins/observability_solution/apm/ftr_e2e/cypress/e2e/integration_settings/integration_policy.cy.ts b/x-pack/plugins/observability_solution/apm/ftr_e2e/cypress/e2e/integration_settings/integration_policy.cy.ts
index 753e6476be1ed..da9a08339a45c 100644
--- a/x-pack/plugins/observability_solution/apm/ftr_e2e/cypress/e2e/integration_settings/integration_policy.cy.ts
+++ b/x-pack/plugins/observability_solution/apm/ftr_e2e/cypress/e2e/integration_settings/integration_policy.cy.ts
@@ -28,7 +28,7 @@ const policyFormFields = [
   },
 ];
 
-describe.skip('when navigating to integration page', () => {
+describe('when navigating to integration page', () => {
   beforeEach(() => {
     const integrationsPath = '/app/integrations/browse';
 
diff --git a/x-pack/plugins/observability_solution/apm/ftr_e2e/cypress/e2e/transaction_details/transaction_details.cy.ts b/x-pack/plugins/observability_solution/apm/ftr_e2e/cypress/e2e/transaction_details/transaction_details.cy.ts
index 730e9c443854e..af23fc8a2ad7e 100644
--- a/x-pack/plugins/observability_solution/apm/ftr_e2e/cypress/e2e/transaction_details/transaction_details.cy.ts
+++ b/x-pack/plugins/observability_solution/apm/ftr_e2e/cypress/e2e/transaction_details/transaction_details.cy.ts
@@ -115,7 +115,10 @@ describe.skip('Transaction details', () => {
     );
 
     cy.contains('Top 5 errors', { timeout: 30000 });
-    cy.getByTestSubj('topErrorsForTransactionTable').contains('a', '[MockError] Foo').click();
+    cy.getByTestSubj('topErrorsForTransactionTable')
+      .should('be.visible')
+      .contains('a', '[MockError] Foo', { timeout: 10000 })
+      .click();
     cy.url().should('include', 'opbeans-java/errors');
   });
 
diff --git a/x-pack/plugins/observability_solution/apm/ftr_e2e/cypress/e2e/tutorial/tutorial.cy.ts b/x-pack/plugins/observability_solution/apm/ftr_e2e/cypress/e2e/tutorial/tutorial.cy.ts
new file mode 100644
index 0000000000000..9aa71604e6a80
--- /dev/null
+++ b/x-pack/plugins/observability_solution/apm/ftr_e2e/cypress/e2e/tutorial/tutorial.cy.ts
@@ -0,0 +1,37 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+describe('APM tutorial', () => {
+  beforeEach(() => {
+    cy.loginAsViewerUser();
+    cy.visitKibana('/app/home#/tutorial/apm');
+  });
+
+  it('includes section for APM Server', () => {
+    cy.contains('APM Server');
+    cy.contains('Linux DEB');
+    cy.contains('Linux RPM');
+    cy.contains('Other Linux');
+    cy.contains('macOS');
+    cy.contains('Windows');
+    cy.contains('Fleet');
+  });
+
+  it('includes section for APM Agents', () => {
+    cy.contains('APM agents');
+    cy.contains('Java');
+    cy.contains('RUM');
+    cy.contains('Node.js');
+    cy.contains('Django');
+    cy.contains('Flask');
+    cy.contains('Ruby on Rails');
+    cy.contains('Rack');
+    cy.contains('Go');
+    cy.contains('.NET');
+    cy.contains('PHP');
+  });
+});
diff --git a/x-pack/plugins/observability_solution/apm_data_access/server/lib/helpers/create_es_client/create_apm_event_client/index.ts b/x-pack/plugins/observability_solution/apm_data_access/server/lib/helpers/create_es_client/create_apm_event_client/index.ts
index cf376e7c78294..9f04bb9a750f3 100644
--- a/x-pack/plugins/observability_solution/apm_data_access/server/lib/helpers/create_es_client/create_apm_event_client/index.ts
+++ b/x-pack/plugins/observability_solution/apm_data_access/server/lib/helpers/create_es_client/create_apm_event_client/index.ts
@@ -23,7 +23,7 @@ import { ValuesType } from 'utility-types';
 import type { APMError, Metric, Span, Transaction, Event } from '@kbn/apm-types/es_schemas_ui';
 import type { InspectResponse } from '@kbn/observability-plugin/typings/common';
 import type { DataTier } from '@kbn/observability-shared-plugin/common';
-import { excludeTiersQuery } from '@kbn/observability-utils/es/queries/exclude_tiers_query';
+import { excludeTiersQuery } from '@kbn/observability-utils-common/es/queries/exclude_tiers_query';
 import { withApmSpan } from '../../../../utils';
 import type { ApmDataSource } from '../../../../../common/data_source';
 import { cancelEsRequestOnAbort } from '../cancel_es_request_on_abort';
diff --git a/x-pack/plugins/observability_solution/apm_data_access/server/lib/helpers/tier_filter.ts b/x-pack/plugins/observability_solution/apm_data_access/server/lib/helpers/tier_filter.ts
index cad0b03579e3d..c1f8d5e3fce1f 100644
--- a/x-pack/plugins/observability_solution/apm_data_access/server/lib/helpers/tier_filter.ts
+++ b/x-pack/plugins/observability_solution/apm_data_access/server/lib/helpers/tier_filter.ts
@@ -6,7 +6,7 @@
  */
 import type { QueryDslQueryContainer } from '@elastic/elasticsearch/lib/api/typesWithBodyKey';
 import type { DataTier } from '@kbn/observability-shared-plugin/common';
-import { excludeTiersQuery } from '@kbn/observability-utils/es/queries/exclude_tiers_query';
+import { excludeTiersQuery } from '@kbn/observability-utils-common/es/queries/exclude_tiers_query';
 
 export function getDataTierFilterCombined({
   filter,
diff --git a/x-pack/plugins/observability_solution/apm_data_access/server/utils/unflatten_known_fields.ts b/x-pack/plugins/observability_solution/apm_data_access/server/utils/unflatten_known_fields.ts
index b9a4322269828..6c9fe4c39b001 100644
--- a/x-pack/plugins/observability_solution/apm_data_access/server/utils/unflatten_known_fields.ts
+++ b/x-pack/plugins/observability_solution/apm_data_access/server/utils/unflatten_known_fields.ts
@@ -8,8 +8,8 @@
 import type { DedotObject } from '@kbn/utility-types';
 import * as APM_EVENT_FIELDS_MAP from '@kbn/apm-types/es_fields';
 import type { ValuesType } from 'utility-types';
-import { unflattenObject } from '@kbn/observability-utils/object/unflatten_object';
-import { mergePlainObjects } from '@kbn/observability-utils/object/merge_plain_objects';
+import { unflattenObject } from '@kbn/observability-utils-common/object/unflatten_object';
+import { mergePlainObjects } from '@kbn/observability-utils-common/object/merge_plain_objects';
 import { castArray, isArray } from 'lodash';
 import { AgentName } from '@kbn/elastic-agent-utils';
 import { EventOutcome } from '@kbn/apm-types/src/es_schemas/raw/fields';
diff --git a/x-pack/plugins/observability_solution/apm_data_access/tsconfig.json b/x-pack/plugins/observability_solution/apm_data_access/tsconfig.json
index aeeb73bee2857..d4c38fddf967e 100644
--- a/x-pack/plugins/observability_solution/apm_data_access/tsconfig.json
+++ b/x-pack/plugins/observability_solution/apm_data_access/tsconfig.json
@@ -20,8 +20,8 @@
     "@kbn/apm-utils",
     "@kbn/core-http-server",
     "@kbn/security-plugin-types-server",
-    "@kbn/observability-utils",
     "@kbn/utility-types",
-    "@kbn/elastic-agent-utils"
+    "@kbn/elastic-agent-utils",
+    "@kbn/observability-utils-common"
   ]
 }
diff --git a/x-pack/plugins/observability_solution/dataset_quality/public/components/dataset_quality/table/columns.tsx b/x-pack/plugins/observability_solution/dataset_quality/public/components/dataset_quality/table/columns.tsx
index 99fdc25382bf2..14767f4acd8f5 100644
--- a/x-pack/plugins/observability_solution/dataset_quality/public/components/dataset_quality/table/columns.tsx
+++ b/x-pack/plugins/observability_solution/dataset_quality/public/components/dataset_quality/table/columns.tsx
@@ -276,7 +276,10 @@ export const getDatasetQualityTableColumns = ({
       field: 'degradedDocs.percentage',
       sortable: true,
       render: (_, dataStreamStat: DataStreamStat) => (
-        <DatasetQualityIndicator isLoading={loadingDegradedStats} dataStreamStat={dataStreamStat} />
+        <DatasetQualityIndicator
+          isLoading={loadingDegradedStats}
+          quality={dataStreamStat.quality}
+        />
       ),
       width: '140px',
     },
diff --git a/x-pack/plugins/observability_solution/dataset_quality/public/components/dataset_quality_details/overview/summary/index.tsx b/x-pack/plugins/observability_solution/dataset_quality/public/components/dataset_quality_details/overview/summary/index.tsx
index 752b224b6973a..897efb821ff64 100644
--- a/x-pack/plugins/observability_solution/dataset_quality/public/components/dataset_quality_details/overview/summary/index.tsx
+++ b/x-pack/plugins/observability_solution/dataset_quality/public/components/dataset_quality_details/overview/summary/index.tsx
@@ -19,6 +19,7 @@ import {
   overviewPanelTitleResources,
 } from '../../../../../common/translations';
 import { useOverviewSummaryPanel } from '../../../../hooks/use_overview_summary_panel';
+import { DatasetQualityIndicator } from '../../../quality_indicator';
 
 // Allow for lazy loading
 // eslint-disable-next-line import/no-default-export
@@ -31,6 +32,7 @@ export default function Summary() {
     totalServicesCount,
     totalHostsCount,
     totalDegradedDocsCount,
+    quality,
   } = useOverviewSummaryPanel();
   return (
     <EuiFlexGroup gutterSize="m">
@@ -59,7 +61,16 @@ export default function Summary() {
           isLoading={isSummaryPanelLoading}
         />
       </Panel>
-      <Panel title={overviewPanelTitleDatasetQuality}>
+      <Panel
+        title={overviewPanelTitleDatasetQuality}
+        secondaryTitle={
+          <DatasetQualityIndicator
+            isLoading={isSummaryPanelLoading}
+            quality={quality}
+            textSize="xs"
+          />
+        }
+      >
         <PanelIndicator
           label={overviewPanelDatasetQualityIndicatorDegradedDocs}
           value={totalDegradedDocsCount}
diff --git a/x-pack/plugins/observability_solution/dataset_quality/public/components/quality_indicator/dataset_quality_indicator.tsx b/x-pack/plugins/observability_solution/dataset_quality/public/components/quality_indicator/dataset_quality_indicator.tsx
index 78c6d3bff9331..bae5dbd6aa8fd 100644
--- a/x-pack/plugins/observability_solution/dataset_quality/public/components/quality_indicator/dataset_quality_indicator.tsx
+++ b/x-pack/plugins/observability_solution/dataset_quality/public/components/quality_indicator/dataset_quality_indicator.tsx
@@ -9,18 +9,18 @@ import { EuiSkeletonRectangle, EuiFlexGroup } from '@elastic/eui';
 import React from 'react';
 import { capitalize } from 'lodash';
 import { i18n } from '@kbn/i18n';
+import { QualityIndicators } from '../../../common/types';
 import { QualityIndicator } from '.';
-import { DataStreamStat } from '../../../common/data_streams_stats/data_stream_stat';
 
 export const DatasetQualityIndicator = ({
   isLoading,
-  dataStreamStat,
+  quality,
+  textSize = 's',
 }: {
   isLoading: boolean;
-  dataStreamStat: DataStreamStat;
+  quality: QualityIndicators;
+  textSize?: 'xs' | 's' | 'm';
 }) => {
-  const { quality } = dataStreamStat;
-
   const translatedQuality = i18n.translate('xpack.datasetQuality.datasetQualityIdicator', {
     defaultMessage: '{quality}',
     values: { quality: capitalize(quality) },
@@ -29,7 +29,12 @@ export const DatasetQualityIndicator = ({
   return (
     <EuiSkeletonRectangle width="50px" height="20px" borderRadius="m" isLoading={isLoading}>
       <EuiFlexGroup alignItems="center" gutterSize="s">
-        <QualityIndicator quality={quality} description={translatedQuality} isColoredDescription />
+        <QualityIndicator
+          textSize={textSize}
+          quality={quality}
+          description={translatedQuality}
+          isColoredDescription
+        />
       </EuiFlexGroup>
     </EuiSkeletonRectangle>
   );
diff --git a/x-pack/plugins/observability_solution/dataset_quality/public/components/quality_indicator/indicator.tsx b/x-pack/plugins/observability_solution/dataset_quality/public/components/quality_indicator/indicator.tsx
index 137c558dfbdd7..49ff342446071 100644
--- a/x-pack/plugins/observability_solution/dataset_quality/public/components/quality_indicator/indicator.tsx
+++ b/x-pack/plugins/observability_solution/dataset_quality/public/components/quality_indicator/indicator.tsx
@@ -7,16 +7,18 @@
 
 import { EuiHealth, EuiText } from '@elastic/eui';
 import React, { ReactNode } from 'react';
-import { QualityIndicators, InfoIndicators } from '../../../common/types';
+import type { QualityIndicators, InfoIndicators } from '../../../common/types';
 
 export function QualityIndicator({
   quality,
   description,
   isColoredDescription,
+  textSize = 's',
 }: {
   quality: QualityIndicators;
   description: string | ReactNode;
   isColoredDescription?: boolean;
+  textSize?: 'xs' | 's' | 'm';
 }) {
   const qualityColors: Record<QualityIndicators, InfoIndicators> = {
     poor: 'danger',
@@ -25,8 +27,8 @@ export function QualityIndicator({
   };
 
   return (
-    <EuiHealth color={qualityColors[quality]}>
-      <EuiText size="s" color={isColoredDescription ? qualityColors[quality] : 'white'}>
+    <EuiHealth color={qualityColors[quality]} textSize={textSize}>
+      <EuiText size="relative" color={isColoredDescription ? qualityColors[quality] : 'white'}>
         {description}
       </EuiText>
     </EuiHealth>
diff --git a/x-pack/plugins/observability_solution/dataset_quality/public/hooks/use_degraded_docs_chart.ts b/x-pack/plugins/observability_solution/dataset_quality/public/hooks/use_degraded_docs_chart.ts
index d3fad141335de..90779613f0c06 100644
--- a/x-pack/plugins/observability_solution/dataset_quality/public/hooks/use_degraded_docs_chart.ts
+++ b/x-pack/plugins/observability_solution/dataset_quality/public/hooks/use_degraded_docs_chart.ts
@@ -7,10 +7,10 @@
 
 import { useCallback, useEffect, useMemo, useState } from 'react';
 import type { Action } from '@kbn/ui-actions-plugin/public';
-import { fieldSupportsBreakdown } from '@kbn/unified-histogram-plugin/public';
 import { i18n } from '@kbn/i18n';
 import { useEuiTheme } from '@elastic/eui';
 import type { DataView, DataViewField } from '@kbn/data-views-plugin/common';
+import { fieldSupportsBreakdown } from '@kbn/field-utils';
 import { DEFAULT_LOGS_DATA_VIEW } from '../../common/constants';
 import { useCreateDataView } from './use_create_dataview';
 import { useKibanaContextForPlugin } from '../utils';
diff --git a/x-pack/plugins/observability_solution/dataset_quality/public/hooks/use_overview_summary_panel.ts b/x-pack/plugins/observability_solution/dataset_quality/public/hooks/use_overview_summary_panel.ts
index 084210774f958..43cf6923075ee 100644
--- a/x-pack/plugins/observability_solution/dataset_quality/public/hooks/use_overview_summary_panel.ts
+++ b/x-pack/plugins/observability_solution/dataset_quality/public/hooks/use_overview_summary_panel.ts
@@ -7,6 +7,7 @@
 
 import { useSelector } from '@xstate/react';
 import { formatNumber } from '@elastic/eui';
+import { mapPercentageToQuality } from '../../common/utils';
 import { BYTE_NUMBER_FORMAT, MAX_HOSTS_METRIC_VALUE, NUMBER_FORMAT } from '../../common/constants';
 import { useDatasetQualityDetailsContext } from '../components/dataset_quality_details/context';
 
@@ -54,6 +55,13 @@ export const useOverviewSummaryPanel = () => {
     NUMBER_FORMAT
   );
 
+  const degradedPercentage =
+    Number(totalDocsCount) > 0
+      ? (Number(totalDegradedDocsCount) / Number(totalDocsCount)) * 100
+      : 0;
+
+  const quality = mapPercentageToQuality(degradedPercentage);
+
   return {
     totalDocsCount,
     sizeInBytes,
@@ -62,6 +70,7 @@ export const useOverviewSummaryPanel = () => {
     totalHostsCount,
     isSummaryPanelLoading,
     totalDegradedDocsCount,
+    quality,
   };
 };
 
diff --git a/x-pack/plugins/observability_solution/dataset_quality/tsconfig.json b/x-pack/plugins/observability_solution/dataset_quality/tsconfig.json
index f0d82fadb54ad..8576b08bd9479 100644
--- a/x-pack/plugins/observability_solution/dataset_quality/tsconfig.json
+++ b/x-pack/plugins/observability_solution/dataset_quality/tsconfig.json
@@ -60,7 +60,8 @@
     "@kbn/usage-collection-plugin",
     "@kbn/rison",
     "@kbn/task-manager-plugin",
-    "@kbn/core-application-browser"
+    "@kbn/core-application-browser",
+    "@kbn/field-utils"
   ],
   "exclude": [
     "target/**/*"
diff --git a/x-pack/plugins/observability_solution/exploratory_view/public/components/shared/exploratory_view/embeddable/embeddable.tsx b/x-pack/plugins/observability_solution/exploratory_view/public/components/shared/exploratory_view/embeddable/embeddable.tsx
index a7760014dec8c..a0079568803b6 100644
--- a/x-pack/plugins/observability_solution/exploratory_view/public/components/shared/exploratory_view/embeddable/embeddable.tsx
+++ b/x-pack/plugins/observability_solution/exploratory_view/public/components/shared/exploratory_view/embeddable/embeddable.tsx
@@ -288,8 +288,5 @@ const Wrapper = styled.div<{
       right: 50%;
       transform: translate(50%, -50%);
     }
-    .embPanel {
-      outline: none;
-    }
   }
 `;
diff --git a/x-pack/plugins/observability_solution/infra/common/ui_settings.ts b/x-pack/plugins/observability_solution/infra/common/ui_settings.ts
index 95f1ee0a44bae..9b85630761942 100644
--- a/x-pack/plugins/observability_solution/infra/common/ui_settings.ts
+++ b/x-pack/plugins/observability_solution/infra/common/ui_settings.ts
@@ -23,6 +23,13 @@ export const uiSettings: Record<string, UiSettingsParams> = {
     description: i18n.translate('xpack.infra.enableLogsStreamDescription', {
       defaultMessage: 'Enables the legacy Logs Stream application and dashboard panel. ',
     }),
+    deprecation: {
+      message: i18n.translate('xpack.infra.enableLogsStreamDeprecationWarning', {
+        defaultMessage:
+          'Logs Stream is deprecated, and this setting will be removed in Kibana 9.0.',
+      }),
+      docLinksKey: 'generalSettings',
+    },
     type: 'boolean',
     schema: schema.boolean(),
     requiresPageReload: true,
diff --git a/x-pack/plugins/observability_solution/infra/public/components/logs_deprecation_callout.tsx b/x-pack/plugins/observability_solution/infra/public/components/logs_deprecation_callout.tsx
index 21e61c08d281b..0edb8b9ab2924 100644
--- a/x-pack/plugins/observability_solution/infra/public/components/logs_deprecation_callout.tsx
+++ b/x-pack/plugins/observability_solution/infra/public/components/logs_deprecation_callout.tsx
@@ -9,36 +9,28 @@ import { EuiCallOut } from '@elastic/eui';
 import React from 'react';
 import { i18n } from '@kbn/i18n';
 import { EuiButton } from '@elastic/eui';
-import {
-  AllDatasetsLocatorParams,
-  ALL_DATASETS_LOCATOR_ID,
-  DatasetLocatorParams,
-} from '@kbn/deeplinks-observability';
 import { getRouterLinkProps } from '@kbn/router-utils';
 import useLocalStorage from 'react-use/lib/useLocalStorage';
-
 import { euiThemeVars } from '@kbn/ui-theme';
 import { css } from '@emotion/css';
 import { LocatorPublic } from '@kbn/share-plugin/common';
+import { DISCOVER_APP_LOCATOR, DiscoverAppLocatorParams } from '@kbn/discover-plugin/common';
 import { useKibanaContextForPlugin } from '../hooks/use_kibana';
 
 const pageConfigurations = {
   stream: {
     dismissalStorageKey: 'log_stream_deprecation_callout_dismissed',
-    message: i18n.translate('xpack.infra.logsDeprecationCallout.p.theNewLogsExplorerLabel', {
+    message: i18n.translate('xpack.infra.logsDeprecationCallout.stream.exploreWithDiscover', {
       defaultMessage:
-        'The new Logs Explorer makes viewing and inspecting your logs easier with more features, better performance, and more intuitive navigation. We recommend switching to Logs Explorer, as it will replace Logs Stream in a future version.',
+        'Logs Stream and Logs Explorer are set to be deprecated. Switch to Discover which now includes their functionality plus more features, better performance, and more intuitive navigation. ',
     }),
   },
   settings: {
     dismissalStorageKey: 'log_settings_deprecation_callout_dismissed',
-    message: i18n.translate(
-      'xpack.infra.logsSettingsDeprecationCallout.p.theNewLogsExplorerLabel',
-      {
-        defaultMessage:
-          'These settings only apply to the legacy Logs Stream app, and we do not recommend configuring them. Instead, use Logs Explorer which makes viewing and inspecting your logs easier with more features, better performance, and more intuitive navigation.',
-      }
-    ),
+    message: i18n.translate('xpack.infra.logsDeprecationCallout.settings.exploreWithDiscover', {
+      defaultMessage:
+        'These settings only apply to the legacy Logs Stream app. Switch to Discover for the same functionality plus more features, better performance, and more intuitive navigation.',
+    }),
   },
 };
 
@@ -60,10 +52,9 @@ export const LogsDeprecationCallout = ({ page }: LogsDeprecationCalloutProps) =>
 
   const [isDismissed, setDismissed] = useLocalStorage(dismissalStorageKey, false);
 
-  const allDatasetLocator =
-    share.url.locators.get<AllDatasetsLocatorParams>(ALL_DATASETS_LOCATOR_ID);
+  const discoverLocator = share.url.locators.get<DiscoverAppLocatorParams>(DISCOVER_APP_LOCATOR);
 
-  if (isDismissed || !(allDatasetLocator && discover?.show && fleet?.read)) {
+  if (isDismissed || !(discoverLocator && discover?.show && fleet?.read)) {
     return null;
   }
 
@@ -81,19 +72,19 @@ export const LogsDeprecationCallout = ({ page }: LogsDeprecationCalloutProps) =>
       <p>{message}</p>
       <EuiButton
         fill
-        data-test-subj="infraLogsDeprecationCalloutTryLogsExplorerButton"
+        data-test-subj="infraLogsDeprecationCalloutGoToDiscoverButton"
         color="warning"
-        {...getLogsExplorerLinkProps(allDatasetLocator)}
+        {...getDiscoverLinkProps(discoverLocator)}
       >
-        {i18n.translate('xpack.infra.logsDeprecationCallout.tryLogsExplorerButtonLabel', {
-          defaultMessage: 'Try Logs Explorer',
+        {i18n.translate('xpack.infra.logsDeprecationCallout.goToDiscoverButtonLabel', {
+          defaultMessage: 'Go to Discover',
         })}
       </EuiButton>
     </EuiCallOut>
   );
 };
 
-const getLogsExplorerLinkProps = (locator: LocatorPublic<DatasetLocatorParams>) => {
+const getDiscoverLinkProps = (locator: LocatorPublic<DiscoverAppLocatorParams>) => {
   return getRouterLinkProps({
     href: locator.getRedirectUrl({}),
     onClick: () => locator.navigate({}),
diff --git a/x-pack/plugins/observability_solution/infra/server/routes/entities/get_data_stream_types.test.ts b/x-pack/plugins/observability_solution/infra/server/routes/entities/get_data_stream_types.test.ts
index c66416331e4d0..e6bf32332a51f 100644
--- a/x-pack/plugins/observability_solution/infra/server/routes/entities/get_data_stream_types.test.ts
+++ b/x-pack/plugins/observability_solution/infra/server/routes/entities/get_data_stream_types.test.ts
@@ -4,7 +4,7 @@
  * 2.0; you may not use this file except in compliance with the Elastic License
  * 2.0.
  */
-import type { ObservabilityElasticsearchClient } from '@kbn/observability-utils/es/client/create_observability_es_client';
+import type { ObservabilityElasticsearchClient } from '@kbn/observability-utils-server/es/client/create_observability_es_client';
 import { type EntityClient } from '@kbn/entityManager-plugin/server/lib/entity_client';
 import { type InfraMetricsClient } from '../../lib/helpers/get_infra_metrics_client';
 import { getDataStreamTypes } from './get_data_stream_types';
@@ -74,7 +74,7 @@ describe('getDataStreamTypes', () => {
   it('should return metrics and entity source_data_stream types when entityCentriExperienceEnabled is true and has entity data', async () => {
     (getHasMetricsData as jest.Mock).mockResolvedValue(true);
     (getLatestEntity as jest.Mock).mockResolvedValue({
-      'source_data_stream.type': ['logs', 'metrics'],
+      sourceDataStreamType: ['logs', 'metrics'],
     });
 
     const params = {
@@ -118,7 +118,7 @@ describe('getDataStreamTypes', () => {
   it('should return entity source_data_stream types when has no metrics', async () => {
     (getHasMetricsData as jest.Mock).mockResolvedValue(false);
     (getLatestEntity as jest.Mock).mockResolvedValue({
-      'source_data_stream.type': ['logs', 'traces'],
+      sourceDataStreamType: ['logs', 'traces'],
     });
 
     const params = {
diff --git a/x-pack/plugins/observability_solution/infra/server/routes/entities/get_data_stream_types.ts b/x-pack/plugins/observability_solution/infra/server/routes/entities/get_data_stream_types.ts
index 3218ae257f1a2..2d587a6e7d9a9 100644
--- a/x-pack/plugins/observability_solution/infra/server/routes/entities/get_data_stream_types.ts
+++ b/x-pack/plugins/observability_solution/infra/server/routes/entities/get_data_stream_types.ts
@@ -7,11 +7,9 @@
 
 import { type EntityClient } from '@kbn/entityManager-plugin/server/lib/entity_client';
 import { findInventoryFields } from '@kbn/metrics-data-access-plugin/common';
-import {
-  EntityDataStreamType,
-  SOURCE_DATA_STREAM_TYPE,
-} from '@kbn/observability-shared-plugin/common';
-import type { ObservabilityElasticsearchClient } from '@kbn/observability-utils/es/client/create_observability_es_client';
+import { EntityDataStreamType } from '@kbn/observability-shared-plugin/common';
+import type { ObservabilityElasticsearchClient } from '@kbn/observability-utils-server/es/client/create_observability_es_client';
+import { castArray } from 'lodash';
 import { type InfraMetricsClient } from '../../lib/helpers/get_infra_metrics_client';
 import { getHasMetricsData } from './get_has_metrics_data';
 import { getLatestEntity } from './get_latest_entity';
@@ -45,15 +43,15 @@ export async function getDataStreamTypes({
     return Array.from(sourceDataStreams);
   }
 
-  const entity = await getLatestEntity({
+  const latestEntity = await getLatestEntity({
     inventoryEsClient: obsEsClient,
     entityId,
     entityType,
     entityManagerClient,
   });
 
-  if (entity?.[SOURCE_DATA_STREAM_TYPE]) {
-    [entity[SOURCE_DATA_STREAM_TYPE]].flat().forEach((item) => {
+  if (latestEntity) {
+    castArray(latestEntity.sourceDataStreamType).forEach((item) => {
       sourceDataStreams.add(item as EntityDataStreamType);
     });
   }
diff --git a/x-pack/plugins/observability_solution/infra/server/routes/entities/get_latest_entity.ts b/x-pack/plugins/observability_solution/infra/server/routes/entities/get_latest_entity.ts
index 7bcce2964fd13..0756bc3d52c8f 100644
--- a/x-pack/plugins/observability_solution/infra/server/routes/entities/get_latest_entity.ts
+++ b/x-pack/plugins/observability_solution/infra/server/routes/entities/get_latest_entity.ts
@@ -7,20 +7,16 @@
 
 import { ENTITY_LATEST, entitiesAliasPattern } from '@kbn/entities-schema';
 import { type EntityClient } from '@kbn/entityManager-plugin/server/lib/entity_client';
-import {
-  ENTITY_TYPE,
-  SOURCE_DATA_STREAM_TYPE,
-} from '@kbn/observability-shared-plugin/common/field_names/elasticsearch';
-import type { ObservabilityElasticsearchClient } from '@kbn/observability-utils/es/client/create_observability_es_client';
-import { esqlResultToPlainObjects } from '@kbn/observability-utils/es/utils/esql_result_to_plain_objects';
+import { ENTITY_TYPE, SOURCE_DATA_STREAM_TYPE } from '@kbn/observability-shared-plugin/common';
+import type { ObservabilityElasticsearchClient } from '@kbn/observability-utils-server/es/client/create_observability_es_client';
 
 const ENTITIES_LATEST_ALIAS = entitiesAliasPattern({
   type: '*',
   dataset: ENTITY_LATEST,
 });
 
-interface Entity {
-  [SOURCE_DATA_STREAM_TYPE]: string | string[];
+interface EntitySourceResponse {
+  sourceDataStreamType?: string | string[];
 }
 
 export async function getLatestEntity({
@@ -33,7 +29,7 @@ export async function getLatestEntity({
   entityType: 'host' | 'container';
   entityId: string;
   entityManagerClient: EntityClient;
-}): Promise<Entity | undefined> {
+}): Promise<EntitySourceResponse | undefined> {
   const { definitions } = await entityManagerClient.getEntityDefinitions({
     builtIn: true,
     type: entityType,
@@ -41,10 +37,12 @@ export async function getLatestEntity({
 
   const hostOrContainerIdentityField = definitions[0]?.identityFields?.[0]?.field;
   if (hostOrContainerIdentityField === undefined) {
-    return { [SOURCE_DATA_STREAM_TYPE]: [] };
+    return undefined;
   }
 
-  const latestEntitiesEsqlResponse = await inventoryEsClient.esql('get_latest_entities', {
+  const response = await inventoryEsClient.esql<{
+    source_data_stream?: { type?: string | string[] };
+  }>('get_latest_entities', {
     query: `FROM ${ENTITIES_LATEST_ALIAS}
         | WHERE ${ENTITY_TYPE} == ?
         | WHERE ${hostOrContainerIdentityField} == ?
@@ -53,5 +51,5 @@ export async function getLatestEntity({
     params: [entityType, entityId],
   });
 
-  return esqlResultToPlainObjects<Entity>(latestEntitiesEsqlResponse)[0];
+  return { sourceDataStreamType: response[0].source_data_stream?.type };
 }
diff --git a/x-pack/plugins/observability_solution/infra/server/routes/entities/index.ts b/x-pack/plugins/observability_solution/infra/server/routes/entities/index.ts
index 1a8707678e8f7..30be4fc9da498 100644
--- a/x-pack/plugins/observability_solution/infra/server/routes/entities/index.ts
+++ b/x-pack/plugins/observability_solution/infra/server/routes/entities/index.ts
@@ -8,7 +8,7 @@
 import { schema } from '@kbn/config-schema';
 import { METRICS_APP_ID } from '@kbn/deeplinks-observability/constants';
 import { entityCentricExperience } from '@kbn/observability-plugin/common';
-import { createObservabilityEsClient } from '@kbn/observability-utils/es/client/create_observability_es_client';
+import { createObservabilityEsClient } from '@kbn/observability-utils-server/es/client/create_observability_es_client';
 import { ENTITY_TYPES } from '@kbn/observability-shared-plugin/common';
 import { getInfraMetricsClient } from '../../lib/helpers/get_infra_metrics_client';
 import { InfraBackendLibs } from '../../lib/infra_types';
diff --git a/x-pack/plugins/observability_solution/infra/tsconfig.json b/x-pack/plugins/observability_solution/infra/tsconfig.json
index 2103350048e4b..efd8be77b688c 100644
--- a/x-pack/plugins/observability_solution/infra/tsconfig.json
+++ b/x-pack/plugins/observability_solution/infra/tsconfig.json
@@ -114,9 +114,9 @@
     "@kbn/management-settings-ids",
     "@kbn/core-ui-settings-common",
     "@kbn/entityManager-plugin",
-    "@kbn/observability-utils",
     "@kbn/entities-schema",
-    "@kbn/zod"
+    "@kbn/zod",
+    "@kbn/observability-utils-server"
   ],
   "exclude": ["target/**/*"]
 }
diff --git a/x-pack/plugins/observability_solution/inventory/.storybook/get_mock_inventory_context.tsx b/x-pack/plugins/observability_solution/inventory/.storybook/get_mock_inventory_context.tsx
index d3d28fe040198..0188ed3143034 100644
--- a/x-pack/plugins/observability_solution/inventory/.storybook/get_mock_inventory_context.tsx
+++ b/x-pack/plugins/observability_solution/inventory/.storybook/get_mock_inventory_context.tsx
@@ -24,7 +24,14 @@ export function getMockInventoryContext(): InventoryKibanaContext {
 
   return {
     ...coreStart,
-    entityManager: {} as unknown as EntityManagerPublicPluginStart,
+    entityManager: {
+      entityClient: {
+        asKqlFilter: jest.fn(),
+        getIdentityFieldsValue() {
+          return 'entity_id';
+        },
+      },
+    } as unknown as EntityManagerPublicPluginStart,
     observabilityShared: {} as unknown as ObservabilitySharedPluginStart,
     inference: {} as unknown as InferencePublicStart,
     share: {
diff --git a/x-pack/plugins/observability_solution/inventory/common/entities.ts b/x-pack/plugins/observability_solution/inventory/common/entities.ts
index 3a9684a38254a..65fd8a4ffbd7a 100644
--- a/x-pack/plugins/observability_solution/inventory/common/entities.ts
+++ b/x-pack/plugins/observability_solution/inventory/common/entities.ts
@@ -4,24 +4,15 @@
  * 2.0; you may not use this file except in compliance with the Elastic License
  * 2.0.
  */
-import { z } from '@kbn/zod';
-import { ENTITY_LATEST, entitiesAliasPattern, entityLatestSchema } from '@kbn/entities-schema';
-import {
-  ENTITY_DEFINITION_ID,
-  ENTITY_DISPLAY_NAME,
-  ENTITY_ID,
-  ENTITY_IDENTITY_FIELDS,
-  ENTITY_LAST_SEEN,
-  ENTITY_TYPE,
-} from '@kbn/observability-shared-plugin/common';
+import { ENTITY_LATEST, entitiesAliasPattern, type EntityMetadata } from '@kbn/entities-schema';
 import { decode, encode } from '@kbn/rison';
 import { isRight } from 'fp-ts/lib/Either';
 import * as t from 'io-ts';
 
 export const entityColumnIdsRt = t.union([
-  t.literal(ENTITY_DISPLAY_NAME),
-  t.literal(ENTITY_LAST_SEEN),
-  t.literal(ENTITY_TYPE),
+  t.literal('entityDisplayName'),
+  t.literal('entityLastSeenTimestamp'),
+  t.literal('entityType'),
   t.literal('alertsCount'),
   t.literal('actions'),
 ]);
@@ -80,23 +71,20 @@ export const ENTITIES_LATEST_ALIAS = entitiesAliasPattern({
   dataset: ENTITY_LATEST,
 });
 
-export interface Entity {
-  [ENTITY_LAST_SEEN]: string;
-  [ENTITY_ID]: string;
-  [ENTITY_TYPE]: string;
-  [ENTITY_DISPLAY_NAME]: string;
-  [ENTITY_DEFINITION_ID]: string;
-  [ENTITY_IDENTITY_FIELDS]: string | string[];
-  alertsCount?: number;
-  [key: string]: any;
-}
-
 export type EntityGroup = {
   count: number;
 } & {
   [key: string]: string;
 };
 
-export type InventoryEntityLatest = z.infer<typeof entityLatestSchema> & {
+export type InventoryEntity = {
+  entityId: string;
+  entityType: string;
+  entityIdentityFields: string | string[];
+  entityDisplayName: string;
+  entityDefinitionId: string;
+  entityLastSeenTimestamp: string;
+  entityDefinitionVersion: string;
+  entitySchemaVersion: string;
   alertsCount?: number;
-};
+} & EntityMetadata;
diff --git a/x-pack/plugins/observability_solution/inventory/common/utils/entity_type_guards.ts b/x-pack/plugins/observability_solution/inventory/common/utils/entity_type_guards.ts
new file mode 100644
index 0000000000000..dccc888abd8dc
--- /dev/null
+++ b/x-pack/plugins/observability_solution/inventory/common/utils/entity_type_guards.ts
@@ -0,0 +1,25 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { AgentName } from '@kbn/elastic-agent-utils';
+import type { InventoryEntity } from '../entities';
+
+interface BuiltinEntityMap {
+  host: InventoryEntity & { cloud?: { provider?: string[] } };
+  container: InventoryEntity & { cloud?: { provider?: string[] } };
+  service: InventoryEntity & {
+    agent?: { name: AgentName[] };
+    service?: { environment?: string };
+  };
+}
+
+export const isBuiltinEntityOfType = <T extends keyof BuiltinEntityMap>(
+  type: T,
+  entity: InventoryEntity
+): entity is BuiltinEntityMap[T] => {
+  return entity.entityType === type;
+};
diff --git a/x-pack/plugins/observability_solution/inventory/common/utils/unflatten_entity.ts b/x-pack/plugins/observability_solution/inventory/common/utils/unflatten_entity.ts
deleted file mode 100644
index 758d185a5753b..0000000000000
--- a/x-pack/plugins/observability_solution/inventory/common/utils/unflatten_entity.ts
+++ /dev/null
@@ -1,13 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { unflattenObject } from '@kbn/observability-utils/object/unflatten_object';
-import type { Entity, InventoryEntityLatest } from '../entities';
-
-export function unflattenEntity(entity: Entity) {
-  return unflattenObject(entity) as InventoryEntityLatest;
-}
diff --git a/x-pack/plugins/observability_solution/inventory/e2e/cypress/e2e/home.cy.ts b/x-pack/plugins/observability_solution/inventory/e2e/cypress/e2e/home.cy.ts
index 9c9011609740b..17b6cf502280a 100644
--- a/x-pack/plugins/observability_solution/inventory/e2e/cypress/e2e/home.cy.ts
+++ b/x-pack/plugins/observability_solution/inventory/e2e/cypress/e2e/home.cy.ts
@@ -169,6 +169,7 @@ describe('Home page', () => {
           'entityTypeControlGroupOptions'
         );
         cy.intercept('GET', '/internal/inventory/entities?**').as('getEntities');
+        cy.intercept('GET', '/internal/inventory/entities/types').as('getEntitiesTypes');
         cy.intercept('GET', '/internal/inventory/entities/group_by/**').as('getGroups');
         cy.visitKibana('/app/inventory');
         cy.wait('@getEEMStatus');
@@ -181,8 +182,6 @@ describe('Home page', () => {
         cy.get('server1').should('not.exist');
         cy.contains('synth-node-trace-logs');
         cy.contains('foo').should('not.exist');
-        cy.getByTestSubj('inventoryGroup_entity.type_host').should('not.exist');
-        cy.getByTestSubj('inventoryGroup_entity.type_container').should('not.exist');
       });
 
       it('Filters entities by host type', () => {
@@ -193,6 +192,7 @@ describe('Home page', () => {
           'entityTypeControlGroupOptions'
         );
         cy.intercept('GET', '/internal/inventory/entities?**').as('getEntities');
+        cy.intercept('GET', '/internal/inventory/entities/types').as('getEntitiesTypes');
         cy.intercept('GET', '/internal/inventory/entities/group_by/**').as('getGroups');
         cy.visitKibana('/app/inventory');
         cy.wait('@getEEMStatus');
@@ -205,8 +205,6 @@ describe('Home page', () => {
         cy.contains('server1');
         cy.contains('synth-node-trace-logs').should('not.exist');
         cy.contains('foo').should('not.exist');
-        cy.getByTestSubj('inventoryGroup_entity.type_service').should('not.exist');
-        cy.getByTestSubj('inventoryGroup_entity.type_container').should('not.exist');
       });
 
       it('Filters entities by container type', () => {
@@ -217,6 +215,7 @@ describe('Home page', () => {
           'entityTypeControlGroupOptions'
         );
         cy.intercept('GET', '/internal/inventory/entities?**').as('getEntities');
+        cy.intercept('GET', '/internal/inventory/entities/types').as('getEntitiesTypes');
         cy.intercept('GET', '/internal/inventory/entities/group_by/**').as('getGroups');
         cy.visitKibana('/app/inventory');
         cy.wait('@getEEMStatus');
@@ -229,8 +228,6 @@ describe('Home page', () => {
         cy.contains('server1').should('not.exist');
         cy.contains('synth-node-trace-logs').should('not.exist');
         cy.contains('foo');
-        cy.getByTestSubj('inventoryGroup_entity.type_host').should('not.exist');
-        cy.getByTestSubj('inventoryGroup_entity.type_service').should('not.exist');
       });
 
       it('Navigates to discover with actions button in the entities list', () => {
diff --git a/x-pack/plugins/observability_solution/inventory/public/components/alerts_badge/alerts_badge.test.tsx b/x-pack/plugins/observability_solution/inventory/public/components/alerts_badge/alerts_badge.test.tsx
index b5244cb29f7fc..5195a35b93f4e 100644
--- a/x-pack/plugins/observability_solution/inventory/public/components/alerts_badge/alerts_badge.test.tsx
+++ b/x-pack/plugins/observability_solution/inventory/public/components/alerts_badge/alerts_badge.test.tsx
@@ -8,11 +8,16 @@ import React from 'react';
 import { render, screen } from '@testing-library/react';
 import { AlertsBadge } from './alerts_badge';
 import { useKibana } from '../../hooks/use_kibana';
-import type { Entity } from '../../../common/entities';
+import type { InventoryEntity } from '../../../common/entities';
 
 jest.mock('../../hooks/use_kibana');
 const useKibanaMock = useKibana as jest.Mock;
 
+const commonEntityFields: Partial<InventoryEntity> = {
+  entityLastSeenTimestamp: 'foo',
+  entityId: '1',
+};
+
 describe('AlertsBadge', () => {
   const mockAsKqlFilter = jest.fn();
 
@@ -40,16 +45,19 @@ describe('AlertsBadge', () => {
   });
 
   it('render alerts badge for a host entity', () => {
-    const entity: Entity = {
-      'entity.last_seen_timestamp': 'foo',
-      'entity.id': '1',
-      'entity.type': 'host',
-      'entity.display_name': 'foo',
-      'entity.identity_fields': 'host.name',
-      'host.name': 'foo',
-      'entity.definition_id': 'host',
-      'cloud.provider': null,
+    const entity: InventoryEntity = {
+      ...(commonEntityFields as InventoryEntity),
+      entityType: 'host',
+      entityDisplayName: 'foo',
+      entityIdentityFields: 'host.name',
+      entityDefinitionId: 'host',
       alertsCount: 1,
+      host: {
+        name: 'foo',
+      },
+      cloud: {
+        provider: null,
+      },
     };
     mockAsKqlFilter.mockReturnValue('host.name: foo');
 
@@ -60,16 +68,22 @@ describe('AlertsBadge', () => {
     expect(screen.queryByTestId('inventoryAlertsBadgeLink')?.textContent).toEqual('1');
   });
   it('render alerts badge for a service entity', () => {
-    const entity: Entity = {
-      'entity.last_seen_timestamp': 'foo',
-      'agent.name': 'node',
-      'entity.id': '1',
-      'entity.type': 'service',
-      'entity.display_name': 'foo',
-      'entity.identity_fields': 'service.name',
-      'service.name': 'bar',
-      'entity.definition_id': 'host',
-      'cloud.provider': null,
+    const entity: InventoryEntity = {
+      ...(commonEntityFields as InventoryEntity),
+      entityType: 'service',
+      entityDisplayName: 'foo',
+      entityIdentityFields: 'service.name',
+      entityDefinitionId: 'service',
+      service: {
+        name: 'bar',
+      },
+      agent: {
+        name: 'node',
+      },
+      cloud: {
+        provider: null,
+      },
+
       alertsCount: 5,
     };
     mockAsKqlFilter.mockReturnValue('service.name: bar');
@@ -81,17 +95,22 @@ describe('AlertsBadge', () => {
     expect(screen.queryByTestId('inventoryAlertsBadgeLink')?.textContent).toEqual('5');
   });
   it('render alerts badge for a service entity with multiple identity fields', () => {
-    const entity: Entity = {
-      'entity.last_seen_timestamp': 'foo',
-      'agent.name': 'node',
-      'entity.id': '1',
-      'entity.type': 'service',
-      'entity.display_name': 'foo',
-      'entity.identity_fields': ['service.name', 'service.environment'],
-      'service.name': 'bar',
-      'service.environment': 'prod',
-      'entity.definition_id': 'host',
-      'cloud.provider': null,
+    const entity: InventoryEntity = {
+      ...(commonEntityFields as InventoryEntity),
+      entityType: 'service',
+      entityDisplayName: 'foo',
+      entityIdentityFields: ['service.name', 'service.environment'],
+      entityDefinitionId: 'service',
+      service: {
+        name: 'bar',
+        environment: 'prod',
+      },
+      agent: {
+        name: 'node',
+      },
+      cloud: {
+        provider: null,
+      },
       alertsCount: 2,
     };
 
diff --git a/x-pack/plugins/observability_solution/inventory/public/components/alerts_badge/alerts_badge.tsx b/x-pack/plugins/observability_solution/inventory/public/components/alerts_badge/alerts_badge.tsx
index a5845a7b42dcf..ed873bdb68c21 100644
--- a/x-pack/plugins/observability_solution/inventory/public/components/alerts_badge/alerts_badge.tsx
+++ b/x-pack/plugins/observability_solution/inventory/public/components/alerts_badge/alerts_badge.tsx
@@ -8,11 +8,10 @@ import React from 'react';
 import rison from '@kbn/rison';
 import { EuiBadge, EuiToolTip } from '@elastic/eui';
 import { i18n } from '@kbn/i18n';
-import type { Entity } from '../../../common/entities';
-import { unflattenEntity } from '../../../common/utils/unflatten_entity';
+import type { InventoryEntity } from '../../../common/entities';
 import { useKibana } from '../../hooks/use_kibana';
 
-export function AlertsBadge({ entity }: { entity: Entity }) {
+export function AlertsBadge({ entity }: { entity: InventoryEntity }) {
   const {
     services: {
       http: { basePath },
@@ -22,7 +21,12 @@ export function AlertsBadge({ entity }: { entity: Entity }) {
 
   const activeAlertsHref = basePath.prepend(
     `/app/observability/alerts?_a=${rison.encode({
-      kuery: entityManager.entityClient.asKqlFilter(unflattenEntity(entity)),
+      kuery: entityManager.entityClient.asKqlFilter({
+        entity: {
+          identity_fields: entity.entityIdentityFields,
+        },
+        ...entity,
+      }),
       status: 'active',
     })}`
   );
diff --git a/x-pack/plugins/observability_solution/inventory/public/components/entities_grid/entities_grid.stories.tsx b/x-pack/plugins/observability_solution/inventory/public/components/entities_grid/entities_grid.stories.tsx
index a3f2834934cd8..ae80bf09ecae2 100644
--- a/x-pack/plugins/observability_solution/inventory/public/components/entities_grid/entities_grid.stories.tsx
+++ b/x-pack/plugins/observability_solution/inventory/public/components/entities_grid/entities_grid.stories.tsx
@@ -9,7 +9,7 @@ import { EuiButton, EuiDataGridSorting, EuiFlexGroup, EuiFlexItem } from '@elast
 import { Meta, Story } from '@storybook/react';
 import { orderBy } from 'lodash';
 import React, { useMemo, useState } from 'react';
-import { ENTITY_LAST_SEEN, ENTITY_TYPE } from '@kbn/observability-shared-plugin/common';
+import { ENTITY_LAST_SEEN } from '@kbn/observability-shared-plugin/common';
 import { useArgs } from '@storybook/addons';
 import { EntitiesGrid } from '.';
 import { entitiesMock } from './mock/entities_mock';
@@ -45,7 +45,7 @@ export const Grid: Story<EntityGridStoriesArgs> = (args) => {
   const filteredAndSortedItems = useMemo(
     () =>
       orderBy(
-        entityType ? entitiesMock.filter((mock) => mock[ENTITY_TYPE] === entityType) : entitiesMock,
+        entityType ? entitiesMock.filter((mock) => mock.entityType === entityType) : entitiesMock,
         sort.id,
         sort.direction
       ),
diff --git a/x-pack/plugins/observability_solution/inventory/public/components/entities_grid/entity_name/entity_name.test.tsx b/x-pack/plugins/observability_solution/inventory/public/components/entities_grid/entity_name/entity_name.test.tsx
index d5d08ed415a40..29a862646c4c4 100644
--- a/x-pack/plugins/observability_solution/inventory/public/components/entities_grid/entity_name/entity_name.test.tsx
+++ b/x-pack/plugins/observability_solution/inventory/public/components/entities_grid/entity_name/entity_name.test.tsx
@@ -9,28 +9,22 @@ import React from 'react';
 import { render, screen } from '@testing-library/react';
 import { EntityName } from '.';
 import { useDetailViewRedirect } from '../../../hooks/use_detail_view_redirect';
-import { Entity } from '../../../../common/entities';
-import {
-  ENTITY_DEFINITION_ID,
-  ENTITY_DISPLAY_NAME,
-  ENTITY_ID,
-  ENTITY_IDENTITY_FIELDS,
-  ENTITY_LAST_SEEN,
-  ENTITY_TYPE,
-} from '@kbn/observability-shared-plugin/common';
+import type { InventoryEntity } from '../../../../common/entities';
 
 jest.mock('../../../hooks/use_detail_view_redirect');
 
 const useDetailViewRedirectMock = useDetailViewRedirect as jest.Mock;
 
 describe('EntityName', () => {
-  const mockEntity: Entity = {
-    [ENTITY_LAST_SEEN]: '2023-10-09T00:00:00Z',
-    [ENTITY_ID]: '1',
-    [ENTITY_DISPLAY_NAME]: 'entity_name',
-    [ENTITY_DEFINITION_ID]: 'entity_definition_id',
-    [ENTITY_IDENTITY_FIELDS]: ['service.name', 'service.environment'],
-    [ENTITY_TYPE]: 'service',
+  const mockEntity: InventoryEntity = {
+    entityLastSeenTimestamp: '2023-10-09T00:00:00Z',
+    entityId: '1',
+    entityType: 'service',
+    entityDisplayName: 'entity_name',
+    entityIdentityFields: ['service.name', 'service.environment'],
+    entityDefinitionId: 'entity_definition_id',
+    entitySchemaVersion: '1',
+    entityDefinitionVersion: '1',
   };
 
   beforeEach(() => {
diff --git a/x-pack/plugins/observability_solution/inventory/public/components/entities_grid/entity_name/index.tsx b/x-pack/plugins/observability_solution/inventory/public/components/entities_grid/entity_name/index.tsx
index e8db7013f8cb3..6117f6e428bde 100644
--- a/x-pack/plugins/observability_solution/inventory/public/components/entities_grid/entity_name/index.tsx
+++ b/x-pack/plugins/observability_solution/inventory/public/components/entities_grid/entity_name/index.tsx
@@ -7,14 +7,13 @@
 
 import { EuiFlexGroup, EuiFlexItem, EuiLink } from '@elastic/eui';
 import React, { useCallback } from 'react';
-import { ENTITY_DISPLAY_NAME } from '@kbn/observability-shared-plugin/common';
 import { useKibana } from '../../../hooks/use_kibana';
-import type { Entity } from '../../../../common/entities';
+import type { InventoryEntity } from '../../../../common/entities';
 import { EntityIcon } from '../../entity_icon';
 import { useDetailViewRedirect } from '../../../hooks/use_detail_view_redirect';
 
 interface EntityNameProps {
-  entity: Entity;
+  entity: InventoryEntity;
 }
 
 export function EntityName({ entity }: EntityNameProps) {
@@ -29,7 +28,7 @@ export function EntityName({ entity }: EntityNameProps) {
   const handleLinkClick = useCallback(() => {
     telemetry.reportEntityViewClicked({
       view_type: 'detail',
-      entity_type: entity['entity.type'],
+      entity_type: entity.entityType,
     });
   }, [entity, telemetry]);
 
@@ -40,7 +39,7 @@ export function EntityName({ entity }: EntityNameProps) {
       </EuiFlexItem>
       <EuiFlexItem className="eui-textTruncate">
         <span className="eui-textTruncate" data-test-subj="entityNameDisplayName">
-          {entity[ENTITY_DISPLAY_NAME]}
+          {entity.entityDisplayName}
         </span>
       </EuiFlexItem>
     </EuiFlexGroup>
diff --git a/x-pack/plugins/observability_solution/inventory/public/components/entities_grid/grid_columns.tsx b/x-pack/plugins/observability_solution/inventory/public/components/entities_grid/grid_columns.tsx
index d514dc9199aec..be5c50eba9c07 100644
--- a/x-pack/plugins/observability_solution/inventory/public/components/entities_grid/grid_columns.tsx
+++ b/x-pack/plugins/observability_solution/inventory/public/components/entities_grid/grid_columns.tsx
@@ -8,11 +8,6 @@
 import { EuiButtonIcon, EuiDataGridColumn, EuiToolTip } from '@elastic/eui';
 import React from 'react';
 import { i18n } from '@kbn/i18n';
-import {
-  ENTITY_DISPLAY_NAME,
-  ENTITY_LAST_SEEN,
-  ENTITY_TYPE,
-} from '@kbn/observability-shared-plugin/common';
 
 const alertsLabel = i18n.translate('xpack.inventory.entitiesGrid.euiDataGrid.alertsLabel', {
   defaultMessage: 'Alerts',
@@ -76,12 +71,12 @@ export const getColumns = ({
 }: {
   showAlertsColumn: boolean;
   showActions: boolean;
-}): EuiDataGridColumn[] => {
+}) => {
   return [
     ...(showAlertsColumn
       ? [
           {
-            id: 'alertsCount',
+            id: 'alertsCount' as const,
             displayAsText: alertsLabel,
             isSortable: true,
             display: <CustomHeaderCell title={alertsLabel} tooltipContent={alertsTooltip} />,
@@ -91,21 +86,21 @@ export const getColumns = ({
         ]
       : []),
     {
-      id: ENTITY_DISPLAY_NAME,
+      id: 'entityDisplayName' as const,
       // keep it for accessibility purposes
       displayAsText: entityNameLabel,
       display: <CustomHeaderCell title={entityNameLabel} tooltipContent={entityNameTooltip} />,
       isSortable: true,
     },
     {
-      id: ENTITY_TYPE,
+      id: 'entityType' as const,
       // keep it for accessibility purposes
       displayAsText: entityTypeLabel,
       display: <CustomHeaderCell title={entityTypeLabel} tooltipContent={entityTypeTooltip} />,
       isSortable: true,
     },
     {
-      id: ENTITY_LAST_SEEN,
+      id: 'entityLastSeenTimestamp' as const,
       // keep it for accessibility purposes
       displayAsText: entityLastSeenLabel,
       display: (
@@ -118,7 +113,7 @@ export const getColumns = ({
     ...(showActions
       ? [
           {
-            id: 'actions',
+            id: 'actions' as const,
             // keep it for accessibility purposes
             displayAsText: entityActionsLabel,
             display: (
@@ -128,5 +123,5 @@ export const getColumns = ({
           },
         ]
       : []),
-  ];
+  ] satisfies EuiDataGridColumn[];
 };
diff --git a/x-pack/plugins/observability_solution/inventory/public/components/entities_grid/index.tsx b/x-pack/plugins/observability_solution/inventory/public/components/entities_grid/index.tsx
index 7ca29f7820332..ff4329955773d 100644
--- a/x-pack/plugins/observability_solution/inventory/public/components/entities_grid/index.tsx
+++ b/x-pack/plugins/observability_solution/inventory/public/components/entities_grid/index.tsx
@@ -15,13 +15,8 @@ import { i18n } from '@kbn/i18n';
 import { FormattedDate, FormattedMessage, FormattedTime } from '@kbn/i18n-react';
 import { last } from 'lodash';
 import React, { useCallback, useMemo } from 'react';
-import {
-  ENTITY_DISPLAY_NAME,
-  ENTITY_LAST_SEEN,
-  ENTITY_TYPE,
-} from '@kbn/observability-shared-plugin/common';
-import { EntityColumnIds } from '../../../common/entities';
-import { APIReturnType } from '../../api';
+import { ENTITY_TYPE } from '@kbn/observability-shared-plugin/common';
+import { EntityColumnIds, InventoryEntity } from '../../../common/entities';
 import { BadgeFilterWithPopover } from '../badge_filter_with_popover';
 import { getColumns } from './grid_columns';
 import { AlertsBadge } from '../alerts_badge/alerts_badge';
@@ -29,12 +24,9 @@ import { EntityName } from './entity_name';
 import { EntityActions } from '../entity_actions';
 import { useDiscoverRedirect } from '../../hooks/use_discover_redirect';
 
-type InventoryEntitiesAPIReturnType = APIReturnType<'GET /internal/inventory/entities'>;
-type LatestEntities = InventoryEntitiesAPIReturnType['entities'];
-
 interface Props {
   loading: boolean;
-  entities: LatestEntities;
+  entities: InventoryEntity[];
   sortDirection: 'asc' | 'desc';
   sortField: string;
   pageIndex: number;
@@ -88,16 +80,17 @@ export function EntitiesGrid({
       }
 
       const columnEntityTableId = columnId as EntityColumnIds;
-      const entityType = entity[ENTITY_TYPE];
+      const entityType = entity.entityType;
       const discoverUrl = getDiscoverRedirectUrl(entity);
 
       switch (columnEntityTableId) {
         case 'alertsCount':
           return entity?.alertsCount ? <AlertsBadge entity={entity} /> : null;
 
-        case ENTITY_TYPE:
+        case 'entityType':
           return <BadgeFilterWithPopover field={ENTITY_TYPE} value={entityType} />;
-        case ENTITY_LAST_SEEN:
+
+        case 'entityLastSeenTimestamp':
           return (
             <FormattedMessage
               id="xpack.inventory.entitiesGrid.euiDataGrid.lastSeen"
@@ -105,7 +98,7 @@ export function EntitiesGrid({
               values={{
                 date: (
                   <FormattedDate
-                    value={entity[columnEntityTableId]}
+                    value={entity.entityLastSeenTimestamp}
                     month="short"
                     day="numeric"
                     year="numeric"
@@ -113,7 +106,7 @@ export function EntitiesGrid({
                 ),
                 time: (
                   <FormattedTime
-                    value={entity[columnEntityTableId]}
+                    value={entity.entityLastSeenTimestamp}
                     hour12={false}
                     hour="2-digit"
                     minute="2-digit"
@@ -123,19 +116,19 @@ export function EntitiesGrid({
               }}
             />
           );
-        case ENTITY_DISPLAY_NAME:
+        case 'entityDisplayName':
           return <EntityName entity={entity} />;
         case 'actions':
           return (
             discoverUrl && (
               <EntityActions
                 discoverUrl={discoverUrl}
-                entityIdentifyingValue={entity[ENTITY_DISPLAY_NAME]}
+                entityIdentifyingValue={entity.entityDisplayName}
               />
             )
           );
         default:
-          return entity[columnId as EntityColumnIds] || '';
+          return null;
       }
     },
     [entities, getDiscoverRedirectUrl]
diff --git a/x-pack/plugins/observability_solution/inventory/public/components/entities_grid/mock/entities_mock.ts b/x-pack/plugins/observability_solution/inventory/public/components/entities_grid/mock/entities_mock.ts
index 3b7e7afcadb99..1048b18f82e91 100644
--- a/x-pack/plugins/observability_solution/inventory/public/components/entities_grid/mock/entities_mock.ts
+++ b/x-pack/plugins/observability_solution/inventory/public/components/entities_grid/mock/entities_mock.ts
@@ -6,15 +6,7 @@
  */
 
 import { faker } from '@faker-js/faker';
-import {
-  ENTITY_DISPLAY_NAME,
-  ENTITY_TYPE,
-  ENTITY_ID,
-  ENTITY_LAST_SEEN,
-  AGENT_NAME,
-  CLOUD_PROVIDER,
-} from '@kbn/observability-shared-plugin/common';
-import { Entity } from '../../../../common/entities';
+import type { InventoryEntity } from '../../../../common/entities';
 
 const idGenerator = () => {
   let id = 0;
@@ -33,38 +25,48 @@ function generateRandomTimestamp() {
   return randomDate.toISOString();
 }
 
-const getEntity = (entityType: string, customFields: Record<string, any> = {}) => ({
-  [ENTITY_LAST_SEEN]: generateRandomTimestamp(),
-  [ENTITY_TYPE]: entityType,
-  [ENTITY_DISPLAY_NAME]: faker.person.fullName(),
-  [ENTITY_ID]: generateId(),
-  ...customFields,
+const indentityFieldsPerType: Record<string, string[]> = {
+  host: ['host.name'],
+  container: ['container.id'],
+  service: ['service.name'],
+};
+
+const getEntityLatest = (
+  entityType: string,
+  overrides?: Partial<InventoryEntity>
+): InventoryEntity => ({
+  entityLastSeenTimestamp: generateRandomTimestamp(),
+  entityType,
+  entityDisplayName: faker.person.fullName(),
+  entityId: generateId(),
+  entityDefinitionId: faker.string.uuid(),
+  entityDefinitionVersion: '1.0.0',
+  entityIdentityFields: indentityFieldsPerType[entityType],
+  entitySchemaVersion: '1.0.0',
+  ...overrides,
 });
 
-const alertsMock = [
-  {
-    ...getEntity('host'),
-    alertsCount: 3,
-  },
-  {
-    ...getEntity('service'),
+const alertsMock: InventoryEntity[] = [
+  getEntityLatest('host', {
+    alertsCount: 1,
+  }),
+  getEntityLatest('service', {
     alertsCount: 3,
-  },
-
-  {
-    ...getEntity('host'),
+  }),
+  getEntityLatest('host', {
     alertsCount: 10,
-  },
-  {
-    ...getEntity('host'),
+  }),
+  getEntityLatest('host', {
     alertsCount: 1,
-  },
+  }),
 ];
 
-const hostsMock = Array.from({ length: 20 }, () => getEntity('host', { [CLOUD_PROVIDER]: 'gcp' }));
-const containersMock = Array.from({ length: 20 }, () => getEntity('container'));
+const hostsMock = Array.from({ length: 20 }, () =>
+  getEntityLatest('host', { cloud: { provider: 'gcp' } })
+);
+const containersMock = Array.from({ length: 20 }, () => getEntityLatest('container'));
 const servicesMock = Array.from({ length: 20 }, () =>
-  getEntity('service', { [AGENT_NAME]: 'java' })
+  getEntityLatest('service', { agent: { name: 'java' } })
 );
 
 export const entitiesMock = [
@@ -72,4 +74,4 @@ export const entitiesMock = [
   ...hostsMock,
   ...containersMock,
   ...servicesMock,
-] as Entity[];
+] as InventoryEntity[];
diff --git a/x-pack/plugins/observability_solution/inventory/public/components/entity_icon/index.tsx b/x-pack/plugins/observability_solution/inventory/public/components/entity_icon/index.tsx
index 48b21779d2e38..4da8fd3103c41 100644
--- a/x-pack/plugins/observability_solution/inventory/public/components/entity_icon/index.tsx
+++ b/x-pack/plugins/observability_solution/inventory/public/components/entity_icon/index.tsx
@@ -6,36 +6,23 @@
  */
 
 import React from 'react';
-import {
-  AGENT_NAME,
-  CLOUD_PROVIDER,
-  ENTITY_TYPE,
-  ENTITY_TYPES,
-} from '@kbn/observability-shared-plugin/common';
 import { type CloudProvider, CloudProviderIcon, AgentIcon } from '@kbn/custom-icons';
 import { EuiFlexGroup, EuiFlexItem, EuiIcon } from '@elastic/eui';
-import type { AgentName } from '@kbn/elastic-agent-utils';
 import { euiThemeVars } from '@kbn/ui-theme';
-import type { Entity } from '../../../common/entities';
+import { castArray } from 'lodash';
+import type { InventoryEntity } from '../../../common/entities';
+import { isBuiltinEntityOfType } from '../../../common/utils/entity_type_guards';
 
 interface EntityIconProps {
-  entity: Entity;
+  entity: InventoryEntity;
 }
 
-type NotNullableCloudProvider = Exclude<CloudProvider, null>;
-
-const getSingleValue = <T,>(value?: T | T[] | null): T | undefined => {
-  return value == null ? undefined : Array.isArray(value) ? value[0] : value;
-};
-
 export function EntityIcon({ entity }: EntityIconProps) {
-  const entityType = entity[ENTITY_TYPE];
   const defaultIconSize = euiThemeVars.euiSizeL;
 
-  if (entityType === ENTITY_TYPES.HOST || entityType === ENTITY_TYPES.CONTAINER) {
-    const cloudProvider = getSingleValue(
-      entity[CLOUD_PROVIDER] as NotNullableCloudProvider | NotNullableCloudProvider[]
-    );
+  if (isBuiltinEntityOfType('host', entity) || isBuiltinEntityOfType('container', entity)) {
+    const cloudProvider = castArray(entity.cloud?.provider)[0];
+
     return (
       <EuiFlexGroup
         style={{ width: defaultIconSize, height: defaultIconSize }}
@@ -44,7 +31,7 @@ export function EntityIcon({ entity }: EntityIconProps) {
       >
         <EuiFlexItem grow={false}>
           <CloudProviderIcon
-            cloudProvider={cloudProvider}
+            cloudProvider={cloudProvider as CloudProvider | undefined}
             size="m"
             title={cloudProvider}
             role="presentation"
@@ -54,12 +41,11 @@ export function EntityIcon({ entity }: EntityIconProps) {
     );
   }
 
-  if (entityType === ENTITY_TYPES.SERVICE) {
-    const agentName = getSingleValue(entity[AGENT_NAME] as AgentName | AgentName[]);
-    return <AgentIcon agentName={agentName} role="presentation" />;
+  if (isBuiltinEntityOfType('service', entity)) {
+    return <AgentIcon agentName={castArray(entity.agent?.name)[0]} role="presentation" />;
   }
 
-  if (entityType.startsWith('kubernetes')) {
+  if (entity.entityType.startsWith('kubernetes')) {
     return <EuiIcon type="logoKubernetes" size="l" />;
   }
 
diff --git a/x-pack/plugins/observability_solution/inventory/public/components/grouped_inventory/index.tsx b/x-pack/plugins/observability_solution/inventory/public/components/grouped_inventory/index.tsx
index b939f0fa5c423..6cfdc079be299 100644
--- a/x-pack/plugins/observability_solution/inventory/public/components/grouped_inventory/index.tsx
+++ b/x-pack/plugins/observability_solution/inventory/public/components/grouped_inventory/index.tsx
@@ -8,6 +8,7 @@ import { EuiSpacer } from '@elastic/eui';
 import { ENTITY_TYPE } from '@kbn/observability-shared-plugin/common';
 import React from 'react';
 import useEffectOnce from 'react-use/lib/useEffectOnce';
+import { flattenObject } from '@kbn/observability-utils-common/object/flatten_object';
 import { useInventoryAbortableAsync } from '../../hooks/use_inventory_abortable_async';
 import { useKibana } from '../../hooks/use_kibana';
 import { useUnifiedSearchContext } from '../../hooks/use_unified_search_context';
@@ -52,15 +53,18 @@ export function GroupedInventory() {
     <>
       <InventorySummary totalEntities={value.entitiesCount} totalGroups={value.groups.length} />
       <EuiSpacer size="m" />
-      {value.groups.map((group) => (
-        <InventoryGroupAccordion
-          key={`${value.groupBy}-${group[value.groupBy]}`}
-          groupBy={value.groupBy}
-          groupValue={group[value.groupBy]}
-          groupCount={group.count}
-          isLoading={loading}
-        />
-      ))}
+      {value.groups.map((group) => {
+        const groupValue = flattenObject(group)[value.groupBy];
+        return (
+          <InventoryGroupAccordion
+            key={`${value.groupBy}-${groupValue}`}
+            groupBy={value.groupBy}
+            groupValue={groupValue}
+            groupCount={group.count}
+            isLoading={loading}
+          />
+        );
+      })}
     </>
   );
 }
diff --git a/x-pack/plugins/observability_solution/inventory/public/hooks/use_detail_view_redirect.test.ts b/x-pack/plugins/observability_solution/inventory/public/hooks/use_detail_view_redirect.test.ts
index cf4993f871880..233c1a1076b79 100644
--- a/x-pack/plugins/observability_solution/inventory/public/hooks/use_detail_view_redirect.test.ts
+++ b/x-pack/plugins/observability_solution/inventory/public/hooks/use_detail_view_redirect.test.ts
@@ -9,34 +9,24 @@ import { renderHook } from '@testing-library/react-hooks';
 import { useDetailViewRedirect } from './use_detail_view_redirect';
 import { useKibana } from './use_kibana';
 import {
-  AGENT_NAME,
-  CLOUD_PROVIDER,
   CONTAINER_ID,
-  ENTITY_DEFINITION_ID,
-  ENTITY_DISPLAY_NAME,
-  ENTITY_ID,
-  ENTITY_IDENTITY_FIELDS,
-  ENTITY_LAST_SEEN,
-  ENTITY_TYPE,
-  HOST_NAME,
   ENTITY_TYPES,
-  SERVICE_ENVIRONMENT,
+  HOST_NAME,
   SERVICE_NAME,
 } from '@kbn/observability-shared-plugin/common';
-import { unflattenEntity } from '../../common/utils/unflatten_entity';
-import type { Entity } from '../../common/entities';
+import type { InventoryEntity } from '../../common/entities';
 
 jest.mock('./use_kibana');
-jest.mock('../../common/utils/unflatten_entity');
 
 const useKibanaMock = useKibana as jest.Mock;
-const unflattenEntityMock = unflattenEntity as jest.Mock;
 
-const commonEntityFields: Partial<Entity> = {
-  [ENTITY_LAST_SEEN]: '2023-10-09T00:00:00Z',
-  [ENTITY_ID]: '1',
-  [ENTITY_DISPLAY_NAME]: 'entity_name',
-  [ENTITY_DEFINITION_ID]: 'entity_definition_id',
+const commonEntityFields: Partial<InventoryEntity> = {
+  entityLastSeenTimestamp: '2023-10-09T00:00:00Z',
+  entityId: '1',
+  entityDisplayName: 'entity_name',
+  entityDefinitionId: 'entity_definition_id',
+  entityDefinitionVersion: '1',
+  entitySchemaVersion: '1',
 };
 
 describe('useDetailViewRedirect', () => {
@@ -66,17 +56,19 @@ describe('useDetailViewRedirect', () => {
         },
       },
     });
-
-    unflattenEntityMock.mockImplementation((entity) => entity);
   });
 
   it('getEntityRedirectUrl should return the correct URL for host entity', () => {
-    const entity: Entity = {
-      ...(commonEntityFields as Entity),
-      [ENTITY_IDENTITY_FIELDS]: [HOST_NAME],
-      [ENTITY_TYPE]: 'host',
-      [HOST_NAME]: 'host-1',
-      [CLOUD_PROVIDER]: null,
+    const entity: InventoryEntity = {
+      ...(commonEntityFields as InventoryEntity),
+      entityType: 'host',
+      entityIdentityFields: ['host.name'],
+      host: {
+        name: 'host-1',
+      },
+      cloud: {
+        provider: null,
+      },
     };
 
     mockGetIdentityFieldsValue.mockReturnValue({ [HOST_NAME]: 'host-1' });
@@ -90,12 +82,16 @@ describe('useDetailViewRedirect', () => {
   });
 
   it('getEntityRedirectUrl should return the correct URL for container entity', () => {
-    const entity: Entity = {
-      ...(commonEntityFields as Entity),
-      [ENTITY_IDENTITY_FIELDS]: [CONTAINER_ID],
-      [ENTITY_TYPE]: 'container',
-      [CONTAINER_ID]: 'container-1',
-      [CLOUD_PROVIDER]: null,
+    const entity: InventoryEntity = {
+      ...(commonEntityFields as InventoryEntity),
+      entityType: 'container',
+      entityIdentityFields: ['container.id'],
+      container: {
+        id: 'container-1',
+      },
+      cloud: {
+        provider: null,
+      },
     };
 
     mockGetIdentityFieldsValue.mockReturnValue({ [CONTAINER_ID]: 'container-1' });
@@ -112,13 +108,17 @@ describe('useDetailViewRedirect', () => {
   });
 
   it('getEntityRedirectUrl should return the correct URL for service entity', () => {
-    const entity: Entity = {
-      ...(commonEntityFields as Entity),
-      [ENTITY_IDENTITY_FIELDS]: [SERVICE_NAME],
-      [ENTITY_TYPE]: 'service',
-      [SERVICE_NAME]: 'service-1',
-      [SERVICE_ENVIRONMENT]: 'prod',
-      [AGENT_NAME]: 'node',
+    const entity: InventoryEntity = {
+      ...(commonEntityFields as InventoryEntity),
+      entityType: 'service',
+      entityIdentityFields: ['service.name'],
+      agent: {
+        name: 'node',
+      },
+      service: {
+        name: 'service-1',
+        environment: 'prod',
+      },
     };
     mockGetIdentityFieldsValue.mockReturnValue({ [SERVICE_NAME]: 'service-1' });
     mockGetRedirectUrl.mockReturnValue('service-overview-url');
@@ -145,10 +145,13 @@ describe('useDetailViewRedirect', () => {
     [ENTITY_TYPES.KUBERNETES.STATEFULSET.ecs, 'kubernetes-21694370-bcb2-11ec-b64f-7dd6e8e82013'],
   ].forEach(([entityType, dashboardId]) => {
     it(`getEntityRedirectUrl should return the correct URL for ${entityType} entity`, () => {
-      const entity: Entity = {
-        ...(commonEntityFields as Entity),
-        [ENTITY_IDENTITY_FIELDS]: ['some.field'],
-        [ENTITY_TYPE]: entityType,
+      const entity: InventoryEntity = {
+        ...(commonEntityFields as InventoryEntity),
+        entityType,
+        entityIdentityFields: ['some.field'],
+        some: {
+          field: 'some-value',
+        },
       };
 
       mockAsKqlFilter.mockReturnValue('kql-query');
diff --git a/x-pack/plugins/observability_solution/inventory/public/hooks/use_detail_view_redirect.ts b/x-pack/plugins/observability_solution/inventory/public/hooks/use_detail_view_redirect.ts
index 23380dc3704de..4df4fa4ca1f96 100644
--- a/x-pack/plugins/observability_solution/inventory/public/hooks/use_detail_view_redirect.ts
+++ b/x-pack/plugins/observability_solution/inventory/public/hooks/use_detail_view_redirect.ts
@@ -6,20 +6,17 @@
  */
 import {
   ASSET_DETAILS_LOCATOR_ID,
-  AssetDetailsLocatorParams,
-  ENTITY_IDENTITY_FIELDS,
-  ENTITY_TYPE,
   ENTITY_TYPES,
-  SERVICE_ENVIRONMENT,
   SERVICE_OVERVIEW_LOCATOR_ID,
-  ServiceOverviewParams,
+  type AssetDetailsLocatorParams,
+  type ServiceOverviewParams,
 } from '@kbn/observability-shared-plugin/common';
 import { useCallback } from 'react';
-import { DashboardLocatorParams } from '@kbn/dashboard-plugin/public';
+import type { DashboardLocatorParams } from '@kbn/dashboard-plugin/public';
 import { DASHBOARD_APP_LOCATOR } from '@kbn/deeplinks-analytics';
 import { castArray } from 'lodash';
-import type { Entity } from '../../common/entities';
-import { unflattenEntity } from '../../common/utils/unflatten_entity';
+import { isBuiltinEntityOfType } from '../../common/utils/entity_type_guards';
+import type { InventoryEntity } from '../../common/entities';
 import { useKibana } from './use_kibana';
 
 const KUBERNETES_DASHBOARDS_IDS: Record<string, string> = {
@@ -44,52 +41,38 @@ export const useDetailViewRedirect = () => {
   const dashboardLocator = locators.get<DashboardLocatorParams>(DASHBOARD_APP_LOCATOR);
   const serviceOverviewLocator = locators.get<ServiceOverviewParams>(SERVICE_OVERVIEW_LOCATOR_ID);
 
-  const getSingleIdentityFieldValue = useCallback(
-    (entity: Entity) => {
-      const identityFields = castArray(entity[ENTITY_IDENTITY_FIELDS]);
-      if (identityFields.length > 1) {
-        throw new Error(`Multiple identity fields are not supported for ${entity[ENTITY_TYPE]}`);
-      }
-
-      const identityField = identityFields[0];
-      return entityManager.entityClient.getIdentityFieldsValue(unflattenEntity(entity))[
-        identityField
-      ];
-    },
-    [entityManager.entityClient]
-  );
-
   const getDetailViewRedirectUrl = useCallback(
-    (entity: Entity) => {
-      const type = entity[ENTITY_TYPE];
-      const identityValue = getSingleIdentityFieldValue(entity);
-
-      switch (type) {
-        case ENTITY_TYPES.HOST:
-        case ENTITY_TYPES.CONTAINER:
-          return assetDetailsLocator?.getRedirectUrl({
-            assetId: identityValue,
-            assetType: type,
-          });
+    (entity: InventoryEntity) => {
+      const identityFieldsValue = entityManager.entityClient.getIdentityFieldsValue({
+        entity: {
+          identity_fields: entity.entityIdentityFields,
+        },
+        ...entity,
+      });
+      const identityFields = castArray(entity.entityIdentityFields);
 
-        case 'service':
-          return serviceOverviewLocator?.getRedirectUrl({
-            serviceName: identityValue,
-            // service.environemnt is not part of entity.identityFields
-            // we need to manually get its value
-            environment: [entity[SERVICE_ENVIRONMENT] || undefined].flat()[0],
-          });
+      if (isBuiltinEntityOfType('host', entity) || isBuiltinEntityOfType('container', entity)) {
+        return assetDetailsLocator?.getRedirectUrl({
+          assetId: identityFieldsValue[identityFields[0]],
+          assetType: entity.entityType,
+        });
+      }
 
-        default:
-          return undefined;
+      if (isBuiltinEntityOfType('service', entity)) {
+        return serviceOverviewLocator?.getRedirectUrl({
+          serviceName: identityFieldsValue[identityFields[0]],
+          environment: entity.service?.environment,
+        });
       }
+
+      return undefined;
     },
-    [assetDetailsLocator, getSingleIdentityFieldValue, serviceOverviewLocator]
+    [assetDetailsLocator, entityManager.entityClient, serviceOverviewLocator]
   );
 
   const getDashboardRedirectUrl = useCallback(
-    (entity: Entity) => {
-      const type = entity[ENTITY_TYPE];
+    (entity: InventoryEntity) => {
+      const type = entity.entityType;
       const dashboardId = KUBERNETES_DASHBOARDS_IDS[type];
 
       return dashboardId
@@ -97,7 +80,12 @@ export const useDetailViewRedirect = () => {
             dashboardId,
             query: {
               language: 'kuery',
-              query: entityManager.entityClient.asKqlFilter(unflattenEntity(entity)),
+              query: entityManager.entityClient.asKqlFilter({
+                entity: {
+                  identity_fields: entity.entityIdentityFields,
+                },
+                ...entity,
+              }),
             },
           })
         : undefined;
@@ -106,7 +94,8 @@ export const useDetailViewRedirect = () => {
   );
 
   const getEntityRedirectUrl = useCallback(
-    (entity: Entity) => getDetailViewRedirectUrl(entity) ?? getDashboardRedirectUrl(entity),
+    (entity: InventoryEntity) =>
+      getDetailViewRedirectUrl(entity) ?? getDashboardRedirectUrl(entity),
     [getDashboardRedirectUrl, getDetailViewRedirectUrl]
   );
 
diff --git a/x-pack/plugins/observability_solution/inventory/public/hooks/use_discover_redirect.ts b/x-pack/plugins/observability_solution/inventory/public/hooks/use_discover_redirect.ts
index c29caca7e5b77..33758c9df449d 100644
--- a/x-pack/plugins/observability_solution/inventory/public/hooks/use_discover_redirect.ts
+++ b/x-pack/plugins/observability_solution/inventory/public/hooks/use_discover_redirect.ts
@@ -11,12 +11,11 @@ import {
   ENTITY_TYPE,
 } from '@kbn/observability-shared-plugin/common';
 import { useCallback } from 'react';
-import type { Entity, EntityColumnIds } from '../../common/entities';
-import { unflattenEntity } from '../../common/utils/unflatten_entity';
+import type { InventoryEntity } from '../../common/entities';
 import { useKibana } from './use_kibana';
 import { useUnifiedSearchContext } from './use_unified_search_context';
 
-const ACTIVE_COLUMNS: EntityColumnIds[] = [ENTITY_DISPLAY_NAME, ENTITY_TYPE, ENTITY_LAST_SEEN];
+const ACTIVE_COLUMNS = [ENTITY_DISPLAY_NAME, ENTITY_TYPE, ENTITY_LAST_SEEN];
 
 export const useDiscoverRedirect = () => {
   const {
@@ -31,9 +30,14 @@ export const useDiscoverRedirect = () => {
   const discoverLocator = share.url.locators.get('DISCOVER_APP_LOCATOR');
 
   const getDiscoverEntitiesRedirectUrl = useCallback(
-    (entity?: Entity) => {
+    (entity?: InventoryEntity) => {
       const entityKqlFilter = entity
-        ? entityManager.entityClient.asKqlFilter(unflattenEntity(entity))
+        ? entityManager.entityClient.asKqlFilter({
+            entity: {
+              identity_fields: entity.entityIdentityFields,
+            },
+            ...entity,
+          })
         : '';
 
       const kueryWithEntityDefinitionFilters = [
@@ -65,7 +69,7 @@ export const useDiscoverRedirect = () => {
   );
 
   const getDiscoverRedirectUrl = useCallback(
-    (entity?: Entity) => getDiscoverEntitiesRedirectUrl(entity),
+    (entity?: InventoryEntity) => getDiscoverEntitiesRedirectUrl(entity),
     [getDiscoverEntitiesRedirectUrl]
   );
 
diff --git a/x-pack/plugins/observability_solution/inventory/public/hooks/use_entity_manager.ts b/x-pack/plugins/observability_solution/inventory/public/hooks/use_entity_manager.ts
index 1082017e1ad7a..740c88eb8a9b0 100644
--- a/x-pack/plugins/observability_solution/inventory/public/hooks/use_entity_manager.ts
+++ b/x-pack/plugins/observability_solution/inventory/public/hooks/use_entity_manager.ts
@@ -5,7 +5,7 @@
  * 2.0.
  */
 
-import { useAbortableAsync } from '@kbn/observability-utils/hooks/use_abortable_async';
+import { useAbortableAsync } from '@kbn/observability-utils-browser/hooks/use_abortable_async';
 import { useState } from 'react';
 import { useKibana } from './use_kibana';
 
diff --git a/x-pack/plugins/observability_solution/inventory/public/hooks/use_inventory_abortable_async.ts b/x-pack/plugins/observability_solution/inventory/public/hooks/use_inventory_abortable_async.ts
index 84cef842488e0..1db3b512bbdd6 100644
--- a/x-pack/plugins/observability_solution/inventory/public/hooks/use_inventory_abortable_async.ts
+++ b/x-pack/plugins/observability_solution/inventory/public/hooks/use_inventory_abortable_async.ts
@@ -4,7 +4,7 @@
  * 2.0; you may not use this file except in compliance with the Elastic License
  * 2.0.
  */
-import { useAbortableAsync } from '@kbn/observability-utils/hooks/use_abortable_async';
+import { useAbortableAsync } from '@kbn/observability-utils-browser/hooks/use_abortable_async';
 import { i18n } from '@kbn/i18n';
 import { IHttpFetchError, ResponseErrorBody } from '@kbn/core-http-browser';
 import { useKibana } from './use_kibana';
diff --git a/x-pack/plugins/observability_solution/inventory/server/routes/entities/get_entity_groups.ts b/x-pack/plugins/observability_solution/inventory/server/routes/entities/get_entity_groups.ts
index 8c72e18bc0740..87d0c375149e0 100644
--- a/x-pack/plugins/observability_solution/inventory/server/routes/entities/get_entity_groups.ts
+++ b/x-pack/plugins/observability_solution/inventory/server/routes/entities/get_entity_groups.ts
@@ -6,8 +6,7 @@
  */
 
 import type { QueryDslQueryContainer } from '@elastic/elasticsearch/lib/api/types';
-import type { ObservabilityElasticsearchClient } from '@kbn/observability-utils/es/client/create_observability_es_client';
-import { esqlResultToPlainObjects } from '@kbn/observability-utils/es/utils/esql_result_to_plain_objects';
+import type { ObservabilityElasticsearchClient } from '@kbn/observability-utils-server/es/client/create_observability_es_client';
 import {
   ENTITIES_LATEST_ALIAS,
   type EntityGroup,
@@ -32,10 +31,8 @@ export async function getEntityGroupsBy({
   const limit = `LIMIT ${MAX_NUMBER_OF_ENTITIES}`;
   const query = [from, ...where, group, sort, limit].join(' | ');
 
-  const groups = await inventoryEsClient.esql('get_entities_groups', {
+  return inventoryEsClient.esql<EntityGroup>('get_entities_groups', {
     query,
     filter: esQuery,
   });
-
-  return esqlResultToPlainObjects<EntityGroup>(groups);
 }
diff --git a/x-pack/plugins/observability_solution/inventory/server/routes/entities/get_entity_types.ts b/x-pack/plugins/observability_solution/inventory/server/routes/entities/get_entity_types.ts
index 2dfc9b8ccfdf3..e944e27379ab5 100644
--- a/x-pack/plugins/observability_solution/inventory/server/routes/entities/get_entity_types.ts
+++ b/x-pack/plugins/observability_solution/inventory/server/routes/entities/get_entity_types.ts
@@ -5,8 +5,9 @@
  * 2.0.
  */
 
-import { type ObservabilityElasticsearchClient } from '@kbn/observability-utils/es/client/create_observability_es_client';
+import { type ObservabilityElasticsearchClient } from '@kbn/observability-utils-server/es/client/create_observability_es_client';
 import { ENTITY_TYPE } from '@kbn/observability-shared-plugin/common';
+import type { EntityInstance } from '@kbn/entities-schema';
 import { ENTITIES_LATEST_ALIAS } from '../../../common/entities';
 import { getBuiltinEntityDefinitionIdESQLWhereClause } from './query_helper';
 
@@ -15,12 +16,14 @@ export async function getEntityTypes({
 }: {
   inventoryEsClient: ObservabilityElasticsearchClient;
 }) {
-  const entityTypesEsqlResponse = await inventoryEsClient.esql('get_entity_types', {
+  const entityTypesEsqlResponse = await inventoryEsClient.esql<{
+    entity: Pick<EntityInstance['entity'], 'type'>;
+  }>('get_entity_types', {
     query: `FROM ${ENTITIES_LATEST_ALIAS}
      | ${getBuiltinEntityDefinitionIdESQLWhereClause()}
      | STATS count = COUNT(${ENTITY_TYPE}) BY ${ENTITY_TYPE}
     `,
   });
 
-  return entityTypesEsqlResponse.values.map(([_, val]) => val as string);
+  return entityTypesEsqlResponse.map((response) => response.entity.type);
 }
diff --git a/x-pack/plugins/observability_solution/inventory/server/routes/entities/get_identify_fields.test.ts b/x-pack/plugins/observability_solution/inventory/server/routes/entities/get_identify_fields.test.ts
index 62d77c08fd27a..8b6b3b109352c 100644
--- a/x-pack/plugins/observability_solution/inventory/server/routes/entities/get_identify_fields.test.ts
+++ b/x-pack/plugins/observability_solution/inventory/server/routes/entities/get_identify_fields.test.ts
@@ -5,52 +5,60 @@
  * 2.0.
  */
 
-import type { Entity } from '../../../common/entities';
-import {
-  ENTITY_DEFINITION_ID,
-  ENTITY_DISPLAY_NAME,
-  ENTITY_ID,
-  ENTITY_IDENTITY_FIELDS,
-  ENTITY_LAST_SEEN,
-} from '@kbn/observability-shared-plugin/common';
+import type { InventoryEntity } from '../../../common/entities';
 import { getIdentityFieldsPerEntityType } from './get_identity_fields_per_entity_type';
 
-const commonEntityFields = {
-  [ENTITY_LAST_SEEN]: '2023-10-09T00:00:00Z',
-  [ENTITY_ID]: '1',
-  [ENTITY_DISPLAY_NAME]: 'entity_name',
-  [ENTITY_DEFINITION_ID]: 'entity_definition_id',
-  alertCount: 3,
+const commonEntityFields: Partial<InventoryEntity> = {
+  entityLastSeenTimestamp: '2023-10-09T00:00:00Z',
+  entityId: '1',
+  entityDisplayName: 'entity_name',
+  entityDefinitionId: 'entity_definition_id',
+  alertsCount: 3,
 };
+
 describe('getIdentityFields', () => {
   it('should return an empty Map when no entities are provided', () => {
     const result = getIdentityFieldsPerEntityType([]);
     expect(result.size).toBe(0);
   });
   it('should return a Map with unique entity types and their respective identity fields', () => {
-    const serviceEntity: Entity = {
-      'agent.name': 'node',
-      [ENTITY_IDENTITY_FIELDS]: ['service.name', 'service.environment'],
-      'service.name': 'my-service',
-      'entity.type': 'service',
-      ...commonEntityFields,
+    const serviceEntity: InventoryEntity = {
+      ...(commonEntityFields as InventoryEntity),
+      entityIdentityFields: ['service.name', 'service.environment'],
+      entityType: 'service',
+      agent: {
+        name: 'node',
+      },
+      service: {
+        name: 'my-service',
+      },
     };
 
-    const hostEntity: Entity = {
-      [ENTITY_IDENTITY_FIELDS]: ['host.name'],
-      'host.name': 'my-host',
-      'entity.type': 'host',
-      'cloud.provider': null,
-      ...commonEntityFields,
+    const hostEntity: InventoryEntity = {
+      ...(commonEntityFields as InventoryEntity),
+      entityIdentityFields: ['host.name'],
+      entityType: 'host',
+      cloud: {
+        provider: null,
+      },
+      host: {
+        name: 'my-host',
+      },
     };
 
-    const containerEntity: Entity = {
-      [ENTITY_IDENTITY_FIELDS]: 'container.id',
-      'host.name': 'my-host',
-      'entity.type': 'container',
-      'cloud.provider': null,
-      'container.id': '123',
-      ...commonEntityFields,
+    const containerEntity: InventoryEntity = {
+      ...(commonEntityFields as InventoryEntity),
+      entityIdentityFields: ['container.id'],
+      entityType: 'container',
+      host: {
+        name: 'my-host',
+      },
+      cloud: {
+        provider: null,
+      },
+      container: {
+        id: '123',
+      },
     };
 
     const mockEntities = [serviceEntity, hostEntity, containerEntity];
diff --git a/x-pack/plugins/observability_solution/inventory/server/routes/entities/get_identity_fields_per_entity_type.ts b/x-pack/plugins/observability_solution/inventory/server/routes/entities/get_identity_fields_per_entity_type.ts
index f54dc8a7f121f..06070b66bad1f 100644
--- a/x-pack/plugins/observability_solution/inventory/server/routes/entities/get_identity_fields_per_entity_type.ts
+++ b/x-pack/plugins/observability_solution/inventory/server/routes/entities/get_identity_fields_per_entity_type.ts
@@ -5,16 +5,16 @@
  * 2.0.
  */
 
-import { ENTITY_IDENTITY_FIELDS, ENTITY_TYPE } from '@kbn/observability-shared-plugin/common';
-import { Entity } from '../../../common/entities';
+import { castArray } from 'lodash';
+import type { InventoryEntity } from '../../../common/entities';
 
 export type IdentityFieldsPerEntityType = Map<string, string[]>;
 
-export const getIdentityFieldsPerEntityType = (entities: Entity[]) => {
-  const identityFieldsPerEntityType: IdentityFieldsPerEntityType = new Map();
+export const getIdentityFieldsPerEntityType = (latestEntities: InventoryEntity[]) => {
+  const identityFieldsPerEntityType = new Map<string, string[]>();
 
-  entities.forEach((entity) =>
-    identityFieldsPerEntityType.set(entity[ENTITY_TYPE], [entity[ENTITY_IDENTITY_FIELDS]].flat())
+  latestEntities.forEach((entity) =>
+    identityFieldsPerEntityType.set(entity.entityType, castArray(entity.entityIdentityFields))
   );
 
   return identityFieldsPerEntityType;
diff --git a/x-pack/plugins/observability_solution/inventory/server/routes/entities/get_latest_entities.ts b/x-pack/plugins/observability_solution/inventory/server/routes/entities/get_latest_entities.ts
index 402d11720a9da..c4bf13c5ec140 100644
--- a/x-pack/plugins/observability_solution/inventory/server/routes/entities/get_latest_entities.ts
+++ b/x-pack/plugins/observability_solution/inventory/server/routes/entities/get_latest_entities.ts
@@ -6,17 +6,31 @@
  */
 
 import type { QueryDslQueryContainer, ScalarValue } from '@elastic/elasticsearch/lib/api/types';
-import { ENTITY_LAST_SEEN, ENTITY_TYPE } from '@kbn/observability-shared-plugin/common';
-import { type ObservabilityElasticsearchClient } from '@kbn/observability-utils/es/client/create_observability_es_client';
-import { esqlResultToPlainObjects } from '@kbn/observability-utils/es/utils/esql_result_to_plain_objects';
+import type { EntityInstance } from '@kbn/entities-schema';
+import {
+  ENTITY_DISPLAY_NAME,
+  ENTITY_LAST_SEEN,
+  ENTITY_TYPE,
+} from '@kbn/observability-shared-plugin/common';
+import type { ObservabilityElasticsearchClient } from '@kbn/observability-utils-server/es/client/create_observability_es_client';
 import {
   ENTITIES_LATEST_ALIAS,
+  InventoryEntity,
   MAX_NUMBER_OF_ENTITIES,
-  type Entity,
   type EntityColumnIds,
 } from '../../../common/entities';
 import { getBuiltinEntityDefinitionIdESQLWhereClause } from './query_helper';
 
+type EntitySortableColumnIds = Extract<
+  EntityColumnIds,
+  'entityLastSeenTimestamp' | 'entityDisplayName' | 'entityType'
+>;
+const SORT_FIELDS_TO_ES_FIELDS: Record<EntitySortableColumnIds, string> = {
+  entityLastSeenTimestamp: ENTITY_LAST_SEEN,
+  entityDisplayName: ENTITY_DISPLAY_NAME,
+  entityType: ENTITY_TYPE,
+} as const;
+
 export async function getLatestEntities({
   inventoryEsClient,
   sortDirection,
@@ -29,9 +43,10 @@ export async function getLatestEntities({
   sortField: EntityColumnIds;
   esQuery?: QueryDslQueryContainer;
   entityTypes?: string[];
-}) {
+}): Promise<InventoryEntity[]> {
   // alertsCount doesn't exist in entities index. Ignore it and sort by entity.lastSeenTimestamp by default.
-  const entitiesSortField = sortField === 'alertsCount' ? ENTITY_LAST_SEEN : sortField;
+  const entitiesSortField =
+    SORT_FIELDS_TO_ES_FIELDS[sortField as EntitySortableColumnIds] ?? ENTITY_LAST_SEEN;
 
   const from = `FROM ${ENTITIES_LATEST_ALIAS}`;
   const where: string[] = [getBuiltinEntityDefinitionIdESQLWhereClause()];
@@ -47,11 +62,28 @@ export async function getLatestEntities({
 
   const query = [from, ...where, sort, limit].join(' | ');
 
-  const latestEntitiesEsqlResponse = await inventoryEsClient.esql('get_latest_entities', {
-    query,
-    filter: esQuery,
-    params,
-  });
+  const latestEntitiesEsqlResponse = await inventoryEsClient.esql<EntityInstance>(
+    'get_latest_entities',
+    {
+      query,
+      filter: esQuery,
+      params,
+    }
+  );
 
-  return esqlResultToPlainObjects<Entity>(latestEntitiesEsqlResponse);
+  return latestEntitiesEsqlResponse.map((lastestEntity) => {
+    const { entity, ...metadata } = lastestEntity;
+
+    return {
+      entityId: entity.id,
+      entityType: entity.type,
+      entityDefinitionId: entity.definition_id,
+      entityDisplayName: entity.display_name,
+      entityIdentityFields: entity.identity_fields,
+      entityLastSeenTimestamp: entity.last_seen_timestamp,
+      entityDefinitionVersion: entity.definition_version,
+      entitySchemaVersion: entity.schema_version,
+      ...metadata,
+    };
+  });
 }
diff --git a/x-pack/plugins/observability_solution/inventory/server/routes/entities/get_latest_entities_alerts.ts b/x-pack/plugins/observability_solution/inventory/server/routes/entities/get_latest_entities_alerts.ts
index 8126c69de6922..0f1ace0407233 100644
--- a/x-pack/plugins/observability_solution/inventory/server/routes/entities/get_latest_entities_alerts.ts
+++ b/x-pack/plugins/observability_solution/inventory/server/routes/entities/get_latest_entities_alerts.ts
@@ -6,7 +6,6 @@
  */
 
 import { termQuery } from '@kbn/observability-plugin/server';
-import { ENTITY_TYPE } from '@kbn/observability-shared-plugin/common';
 import { ALERT_STATUS, ALERT_STATUS_ACTIVE } from '@kbn/rule-data-utils';
 import { AlertsClient } from '../../lib/create_alerts_client.ts/create_alerts_client';
 import { getGroupByTermsAgg } from './get_group_by_terms_agg';
@@ -25,7 +24,7 @@ export async function getLatestEntitiesAlerts({
 }: {
   alertsClient: AlertsClient;
   identityFieldsPerEntityType: IdentityFieldsPerEntityType;
-}): Promise<Array<{ [key: string]: any; alertsCount?: number; [ENTITY_TYPE]: string }>> {
+}): Promise<Array<{ [key: string]: any; alertsCount?: number; entityType: string }>> {
   if (identityFieldsPerEntityType.size === 0) {
     return [];
   }
@@ -54,7 +53,7 @@ export async function getLatestEntitiesAlerts({
 
     return buckets.map((bucket: Bucket) => ({
       alertsCount: bucket.doc_count,
-      [ENTITY_TYPE]: entityType,
+      entityType,
       ...bucket.key,
     }));
   });
diff --git a/x-pack/plugins/observability_solution/inventory/server/routes/entities/route.ts b/x-pack/plugins/observability_solution/inventory/server/routes/entities/route.ts
index ae99713375b19..992729a9c1aa0 100644
--- a/x-pack/plugins/observability_solution/inventory/server/routes/entities/route.ts
+++ b/x-pack/plugins/observability_solution/inventory/server/routes/entities/route.ts
@@ -6,19 +6,19 @@
  */
 import { INVENTORY_APP_ID } from '@kbn/deeplinks-observability/constants';
 import { jsonRt } from '@kbn/io-ts-utils';
-import { createObservabilityEsClient } from '@kbn/observability-utils/es/client/create_observability_es_client';
 import { ENTITY_TYPE } from '@kbn/observability-shared-plugin/common';
+import { joinByKey } from '@kbn/observability-utils-common/array/join_by_key';
+import { createObservabilityEsClient } from '@kbn/observability-utils-server/es/client/create_observability_es_client';
 import * as t from 'io-ts';
 import { orderBy } from 'lodash';
-import { joinByKey } from '@kbn/observability-utils/array/join_by_key';
-import { entityColumnIdsRt, Entity } from '../../../common/entities';
+import { InventoryEntity, entityColumnIdsRt } from '../../../common/entities';
+import { createAlertsClient } from '../../lib/create_alerts_client.ts/create_alerts_client';
 import { createInventoryServerRoute } from '../create_inventory_server_route';
+import { getEntityGroupsBy } from './get_entity_groups';
 import { getEntityTypes } from './get_entity_types';
+import { getIdentityFieldsPerEntityType } from './get_identity_fields_per_entity_type';
 import { getLatestEntities } from './get_latest_entities';
-import { createAlertsClient } from '../../lib/create_alerts_client.ts/create_alerts_client';
 import { getLatestEntitiesAlerts } from './get_latest_entities_alerts';
-import { getIdentityFieldsPerEntityType } from './get_identity_fields_per_entity_type';
-import { getEntityGroupsBy } from './get_entity_groups';
 
 export const getEntityTypesRoute = createInventoryServerRoute({
   endpoint: 'GET /internal/inventory/entities/types',
@@ -61,7 +61,7 @@ export const listLatestEntitiesRoute = createInventoryServerRoute({
     logger,
     plugins,
     request,
-  }): Promise<{ entities: Entity[] }> => {
+  }): Promise<{ entities: InventoryEntity[] }> => {
     const coreContext = await context.core;
     const inventoryEsClient = createObservabilityEsClient({
       client: coreContext.elasticsearch.client.asCurrentUser,
@@ -90,16 +90,16 @@ export const listLatestEntitiesRoute = createInventoryServerRoute({
     });
 
     const joined = joinByKey(
-      [...latestEntities, ...alerts],
+      [...latestEntities, ...alerts] as InventoryEntity[],
       [...identityFieldsPerEntityType.values()].flat()
-    ).filter((entity) => entity['entity.id']) as Entity[];
+    ).filter((latestEntity) => latestEntity.entityId);
 
     return {
       entities:
         sortField === 'alertsCount'
           ? orderBy(
               joined,
-              [(item: Entity) => item?.alertsCount === undefined, sortField],
+              [(item: InventoryEntity) => item?.alertsCount === undefined, sortField],
               ['asc', sortDirection] // push entities without alertsCount to the end
             )
           : joined,
diff --git a/x-pack/plugins/observability_solution/inventory/server/routes/has_data/get_has_data.ts b/x-pack/plugins/observability_solution/inventory/server/routes/has_data/get_has_data.ts
index c1e4a82c343b0..2f59478f17c02 100644
--- a/x-pack/plugins/observability_solution/inventory/server/routes/has_data/get_has_data.ts
+++ b/x-pack/plugins/observability_solution/inventory/server/routes/has_data/get_has_data.ts
@@ -5,8 +5,7 @@
  * 2.0.
  */
 import type { Logger } from '@kbn/core/server';
-import { esqlResultToPlainObjects } from '@kbn/observability-utils/es/utils/esql_result_to_plain_objects';
-import { type ObservabilityElasticsearchClient } from '@kbn/observability-utils/es/client/create_observability_es_client';
+import { type ObservabilityElasticsearchClient } from '@kbn/observability-utils-server/es/client/create_observability_es_client';
 import { getBuiltinEntityDefinitionIdESQLWhereClause } from '../entities/query_helper';
 import { ENTITIES_LATEST_ALIAS } from '../../../common/entities';
 
@@ -18,14 +17,15 @@ export async function getHasData({
   logger: Logger;
 }) {
   try {
-    const esqlResults = await inventoryEsClient.esql('get_has_data', {
+    const esqlResults = await inventoryEsClient.esql<{ _count: number }>('get_has_data', {
       query: `FROM ${ENTITIES_LATEST_ALIAS} 
       | ${getBuiltinEntityDefinitionIdESQLWhereClause()} 
       | STATS _count = COUNT(*)
       | LIMIT 1`,
     });
 
-    const totalCount = esqlResultToPlainObjects(esqlResults)?.[0]._count ?? 0;
+    const totalCount = esqlResults[0]._count;
+
     return { hasData: totalCount > 0 };
   } catch (e) {
     logger.error(e);
diff --git a/x-pack/plugins/observability_solution/inventory/server/routes/has_data/route.ts b/x-pack/plugins/observability_solution/inventory/server/routes/has_data/route.ts
index aae8be7f846f8..f0e582b396177 100644
--- a/x-pack/plugins/observability_solution/inventory/server/routes/has_data/route.ts
+++ b/x-pack/plugins/observability_solution/inventory/server/routes/has_data/route.ts
@@ -4,7 +4,7 @@
  * 2.0; you may not use this file except in compliance with the Elastic License
  * 2.0.
  */
-import { createObservabilityEsClient } from '@kbn/observability-utils/es/client/create_observability_es_client';
+import { createObservabilityEsClient } from '@kbn/observability-utils-server/es/client/create_observability_es_client';
 import { INVENTORY_APP_ID } from '@kbn/deeplinks-observability/constants';
 import { createInventoryServerRoute } from '../create_inventory_server_route';
 import { getHasData } from './get_has_data';
diff --git a/x-pack/plugins/observability_solution/inventory/tsconfig.json b/x-pack/plugins/observability_solution/inventory/tsconfig.json
index 5cb95e8ac6de5..5094201cc2975 100644
--- a/x-pack/plugins/observability_solution/inventory/tsconfig.json
+++ b/x-pack/plugins/observability_solution/inventory/tsconfig.json
@@ -20,7 +20,6 @@
     "@kbn/server-route-repository",
     "@kbn/shared-ux-link-redirect-app",
     "@kbn/typed-react-router-config",
-    "@kbn/observability-utils",
     "@kbn/kibana-react-plugin",
     "@kbn/i18n",
     "@kbn/deeplinks-observability",
@@ -53,11 +52,13 @@
     "@kbn/spaces-plugin",
     "@kbn/cloud-plugin",
     "@kbn/storybook",
-    "@kbn/zod",
     "@kbn/dashboard-plugin",
     "@kbn/deeplinks-analytics",
     "@kbn/controls-plugin",
     "@kbn/securitysolution-io-ts-types",
-    "@kbn/react-hooks"
+    "@kbn/react-hooks",
+    "@kbn/observability-utils-common",
+    "@kbn/observability-utils-browser",
+    "@kbn/observability-utils-server"
   ]
 }
diff --git a/x-pack/plugins/observability_solution/investigate_app/kibana.jsonc b/x-pack/plugins/observability_solution/investigate_app/kibana.jsonc
index 9b8284808a657..e105cacf75d05 100644
--- a/x-pack/plugins/observability_solution/investigate_app/kibana.jsonc
+++ b/x-pack/plugins/observability_solution/investigate_app/kibana.jsonc
@@ -23,7 +23,8 @@
       "security",
       "observability",
       "licensing",
-      "ruleRegistry"
+      "ruleRegistry",
+      "usageCollection"
     ],
     "requiredBundles": [
       "esql",
diff --git a/x-pack/plugins/observability_solution/investigate_app/public/items/embeddable_item/register_embeddable_item.tsx b/x-pack/plugins/observability_solution/investigate_app/public/items/embeddable_item/register_embeddable_item.tsx
index 29b2a1319feff..77833e80ec199 100644
--- a/x-pack/plugins/observability_solution/investigate_app/public/items/embeddable_item/register_embeddable_item.tsx
+++ b/x-pack/plugins/observability_solution/investigate_app/public/items/embeddable_item/register_embeddable_item.tsx
@@ -8,7 +8,7 @@ import { EuiLoadingSpinner, EuiFlexItem } from '@elastic/eui';
 import { css } from '@emotion/css';
 import { ReactEmbeddableRenderer } from '@kbn/embeddable-plugin/public';
 import type { GlobalWidgetParameters } from '@kbn/investigate-plugin/public';
-import { useAbortableAsync } from '@kbn/observability-utils/hooks/use_abortable_async';
+import { useAbortableAsync } from '@kbn/observability-utils-browser/hooks/use_abortable_async';
 import React, { useEffect, useMemo, useRef, useState } from 'react';
 import { v4 } from 'uuid';
 import { ErrorMessage } from '../../components/error_message';
diff --git a/x-pack/plugins/observability_solution/investigate_app/public/items/esql_item/register_esql_item.tsx b/x-pack/plugins/observability_solution/investigate_app/public/items/esql_item/register_esql_item.tsx
index 7b88081ca5503..46fe9ea2d9dd2 100644
--- a/x-pack/plugins/observability_solution/investigate_app/public/items/esql_item/register_esql_item.tsx
+++ b/x-pack/plugins/observability_solution/investigate_app/public/items/esql_item/register_esql_item.tsx
@@ -10,7 +10,7 @@ import type { ESQLSearchResponse } from '@kbn/es-types';
 import { i18n } from '@kbn/i18n';
 import { type GlobalWidgetParameters } from '@kbn/investigate-plugin/public';
 import type { Suggestion } from '@kbn/lens-plugin/public';
-import { useAbortableAsync } from '@kbn/observability-utils/hooks/use_abortable_async';
+import { useAbortableAsync } from '@kbn/observability-utils-browser/hooks/use_abortable_async';
 import React, { useMemo } from 'react';
 import { ErrorMessage } from '../../components/error_message';
 import { useKibana } from '../../hooks/use_kibana';
diff --git a/x-pack/plugins/observability_solution/investigate_app/public/pages/details/components/add_investigation_item/esql_widget_preview.tsx b/x-pack/plugins/observability_solution/investigate_app/public/pages/details/components/add_investigation_item/esql_widget_preview.tsx
index 8d0056dbd538d..469baf6e07f5c 100644
--- a/x-pack/plugins/observability_solution/investigate_app/public/pages/details/components/add_investigation_item/esql_widget_preview.tsx
+++ b/x-pack/plugins/observability_solution/investigate_app/public/pages/details/components/add_investigation_item/esql_widget_preview.tsx
@@ -11,7 +11,7 @@ import type { ESQLColumn, ESQLRow } from '@kbn/es-types';
 import { GlobalWidgetParameters } from '@kbn/investigate-plugin/public';
 import { Item } from '@kbn/investigation-shared';
 import type { Suggestion } from '@kbn/lens-plugin/public';
-import { useAbortableAsync } from '@kbn/observability-utils/hooks/use_abortable_async';
+import { useAbortableAsync } from '@kbn/observability-utils-browser/hooks/use_abortable_async';
 import React, { useEffect, useMemo, useState } from 'react';
 import { ErrorMessage } from '../../../../components/error_message';
 import { SuggestVisualizationList } from '../../../../components/suggest_visualization_list';
diff --git a/x-pack/plugins/observability_solution/investigate_app/public/pages/details/components/events_timeline/events_timeline.tsx b/x-pack/plugins/observability_solution/investigate_app/public/pages/details/components/events_timeline/events_timeline.tsx
index befa50bcc0e8d..c3f92139bd936 100644
--- a/x-pack/plugins/observability_solution/investigate_app/public/pages/details/components/events_timeline/events_timeline.tsx
+++ b/x-pack/plugins/observability_solution/investigate_app/public/pages/details/components/events_timeline/events_timeline.tsx
@@ -10,7 +10,7 @@ import moment from 'moment';
 import { Chart, Axis, AreaSeries, Position, ScaleType, Settings } from '@elastic/charts';
 import { useActiveCursor } from '@kbn/charts-plugin/public';
 import { EuiSkeletonText } from '@elastic/eui';
-import { getBrushData } from '@kbn/observability-utils/chart/utils';
+import { getBrushData } from '@kbn/observability-utils-browser/chart/utils';
 import { Group } from '@kbn/observability-alerting-rule-utils';
 import { ALERT_GROUP } from '@kbn/rule-data-utils';
 import { SERVICE_NAME } from '@kbn/observability-shared-plugin/common';
diff --git a/x-pack/plugins/observability_solution/investigate_app/server/lib/collectors/fetcher.test.ts b/x-pack/plugins/observability_solution/investigate_app/server/lib/collectors/fetcher.test.ts
new file mode 100644
index 0000000000000..e13ae951975bf
--- /dev/null
+++ b/x-pack/plugins/observability_solution/investigate_app/server/lib/collectors/fetcher.test.ts
@@ -0,0 +1,71 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { ElasticsearchClientMock, savedObjectsRepositoryMock } from '@kbn/core/server/mocks';
+import { CollectorFetchContext } from '@kbn/usage-collection-plugin/server';
+import { fetcher } from './fetcher';
+
+let savedObjectClient: ReturnType<typeof savedObjectsRepositoryMock.create>;
+
+let closeMock: jest.Mock;
+let esClient: ElasticsearchClientMock;
+
+describe('Investigation usage collector fetcher', () => {
+  beforeEach(() => {
+    savedObjectClient = savedObjectsRepositoryMock.create();
+    closeMock = jest.fn();
+  });
+
+  it('without any existing investigation', async () => {
+    savedObjectClient.createPointInTimeFinder.mockReturnValue({
+      find: async function* find() {
+        return {
+          [Symbol.asyncIterator]: async () => {},
+          next: () => {},
+        };
+      },
+      close: closeMock,
+    });
+
+    const results = await fetcher({
+      soClient: savedObjectClient,
+      esClient,
+    } as CollectorFetchContext);
+
+    expect(closeMock).toHaveBeenCalled();
+    expect(results.investigation).toMatchInlineSnapshot(`
+      Object {
+        "by_origin": Object {
+          "alert": 0,
+          "blank": 0,
+        },
+        "by_status": Object {
+          "active": 0,
+          "cancelled": 0,
+          "mitigated": 0,
+          "resolved": 0,
+          "triage": 0,
+        },
+        "items": Object {
+          "avg": 0,
+          "max": 0,
+          "min": 0,
+          "p90": 0,
+          "p95": 0,
+        },
+        "notes": Object {
+          "avg": 0,
+          "max": 0,
+          "min": 0,
+          "p90": 0,
+          "p95": 0,
+        },
+        "total": 0,
+      }
+    `);
+  });
+});
diff --git a/x-pack/plugins/observability_solution/investigate_app/server/lib/collectors/fetcher.ts b/x-pack/plugins/observability_solution/investigate_app/server/lib/collectors/fetcher.ts
new file mode 100644
index 0000000000000..9f21e39e999a0
--- /dev/null
+++ b/x-pack/plugins/observability_solution/investigate_app/server/lib/collectors/fetcher.ts
@@ -0,0 +1,84 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import { CollectorFetchContext } from '@kbn/usage-collection-plugin/server';
+import { StoredInvestigation } from '../../models/investigation';
+import { SO_INVESTIGATION_TYPE } from '../../saved_objects/investigation';
+import { computeMetrics } from './helpers/metrics';
+import { Usage } from './type';
+
+export const fetcher = async (context: CollectorFetchContext) => {
+  const finder = context.soClient.createPointInTimeFinder<StoredInvestigation>({
+    type: SO_INVESTIGATION_TYPE,
+    perPage: 10,
+  });
+
+  let usage: Usage['investigation'] = {
+    total: 0,
+    by_status: {
+      triage: 0,
+      active: 0,
+      mitigated: 0,
+      resolved: 0,
+      cancelled: 0,
+    },
+    by_origin: {
+      alert: 0,
+      blank: 0,
+    },
+    items: {
+      avg: 0,
+      p90: 0,
+      p95: 0,
+      max: 0,
+      min: 0,
+    },
+    notes: {
+      avg: 0,
+      p90: 0,
+      p95: 0,
+      max: 0,
+      min: 0,
+    },
+  };
+
+  const items: number[] = [];
+  const notes: number[] = [];
+
+  for await (const response of finder.find()) {
+    usage = response.saved_objects.reduce((acc, so) => {
+      items.push(so.attributes.items.length);
+      notes.push(so.attributes.notes.length);
+
+      return {
+        ...acc,
+        total: acc.total + 1,
+        by_status: {
+          ...acc.by_status,
+          ...(so.attributes.status === 'triage' && { triage: acc.by_status.triage + 1 }),
+          ...(so.attributes.status === 'active' && { active: acc.by_status.active + 1 }),
+          ...(so.attributes.status === 'mitigated' && { mitigated: acc.by_status.mitigated + 1 }),
+          ...(so.attributes.status === 'resolved' && { resolved: acc.by_status.resolved + 1 }),
+          ...(so.attributes.status === 'cancelled' && { cancelled: acc.by_status.cancelled + 1 }),
+        },
+        by_origin: {
+          ...acc.by_origin,
+          ...(so.attributes.origin.type === 'alert' && { alert: acc.by_origin.alert + 1 }),
+          ...(so.attributes.origin.type === 'blank' && { blank: acc.by_origin.blank + 1 }),
+        },
+      };
+    }, usage);
+  }
+
+  usage.items = computeMetrics(items.sort());
+  usage.notes = computeMetrics(notes.sort());
+
+  await finder.close();
+
+  return {
+    investigation: usage,
+  };
+};
diff --git a/x-pack/plugins/observability_solution/investigate_app/server/lib/collectors/helpers/metrics.test.ts b/x-pack/plugins/observability_solution/investigate_app/server/lib/collectors/helpers/metrics.test.ts
new file mode 100644
index 0000000000000..d4e8964b95751
--- /dev/null
+++ b/x-pack/plugins/observability_solution/investigate_app/server/lib/collectors/helpers/metrics.test.ts
@@ -0,0 +1,42 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { computeMetrics } from './metrics';
+
+describe('ComputeMetrics', () => {
+  it('computes the metrics correctly', async () => {
+    expect(computeMetrics([])).toMatchInlineSnapshot(`
+      Object {
+        "avg": 0,
+        "max": 0,
+        "min": 0,
+        "p90": 0,
+        "p95": 0,
+      }
+    `);
+    expect(computeMetrics([10, 10, 100])).toMatchInlineSnapshot(`
+      Object {
+        "avg": 40,
+        "max": 100,
+        "min": 10,
+        "p90": 100,
+        "p95": 100,
+      }
+    `);
+
+    const arr = Array.from({ length: 100 }, (_, i) => i);
+    expect(computeMetrics(arr)).toMatchInlineSnapshot(`
+      Object {
+        "avg": 49.5,
+        "max": 99,
+        "min": 0,
+        "p90": 90,
+        "p95": 95,
+      }
+    `);
+  });
+});
diff --git a/x-pack/plugins/observability_solution/investigate_app/server/lib/collectors/helpers/metrics.ts b/x-pack/plugins/observability_solution/investigate_app/server/lib/collectors/helpers/metrics.ts
new file mode 100644
index 0000000000000..a6a4a0b28760d
--- /dev/null
+++ b/x-pack/plugins/observability_solution/investigate_app/server/lib/collectors/helpers/metrics.ts
@@ -0,0 +1,32 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { sum } from 'lodash';
+
+export function computeMetrics(arr: number[]) {
+  if (arr.length === 0) {
+    return {
+      avg: 0,
+      p90: 0,
+      p95: 0,
+      max: 0,
+      min: 0,
+    };
+  }
+
+  const total = sum(arr);
+  const r90 = (90 / 100) * (arr.length - 1) + 1;
+  const r95 = (95 / 100) * (arr.length - 1) + 1;
+
+  return {
+    avg: total / arr.length,
+    p90: arr[Math.floor(r90)],
+    p95: arr[Math.floor(r95)],
+    max: arr[arr.length - 1],
+    min: arr[0],
+  };
+}
diff --git a/x-pack/plugins/observability_solution/investigate_app/server/lib/collectors/register.ts b/x-pack/plugins/observability_solution/investigate_app/server/lib/collectors/register.ts
new file mode 100644
index 0000000000000..56c88eb322807
--- /dev/null
+++ b/x-pack/plugins/observability_solution/investigate_app/server/lib/collectors/register.ts
@@ -0,0 +1,147 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { UsageCollectionSetup } from '@kbn/usage-collection-plugin/server';
+import { fetcher } from './fetcher';
+import type { Usage } from './type';
+
+export function registerUsageCollector(usageCollection?: UsageCollectionSetup): void {
+  if (!usageCollection) {
+    return;
+  }
+
+  const usageCollector = usageCollection.makeUsageCollector<Usage>({
+    type: 'investigation',
+    schema: {
+      investigation: {
+        total: {
+          type: 'long',
+          _meta: {
+            description: 'The total number of investigations in the cluster',
+          },
+        },
+        by_status: {
+          triage: {
+            type: 'long',
+            _meta: {
+              description: 'The number of investigations in triage status in the cluster',
+            },
+          },
+          active: {
+            type: 'long',
+            _meta: { description: 'The number of investigations in active status in the cluster' },
+          },
+          mitigated: {
+            type: 'long',
+            _meta: {
+              description: 'The number of investigations in mitigated status in the cluster',
+            },
+          },
+          resolved: {
+            type: 'long',
+            _meta: {
+              description: 'The number of investigations in resolved status in the cluster',
+            },
+          },
+          cancelled: {
+            type: 'long',
+            _meta: {
+              description: 'The number of investigations in cancelled status in the cluster',
+            },
+          },
+        },
+        by_origin: {
+          alert: {
+            type: 'long',
+            _meta: {
+              description: 'The number of investigations created from alerts in the cluster',
+            },
+          },
+          blank: {
+            type: 'long',
+            _meta: {
+              description: 'The number of investigations created from scratch in the cluster',
+            },
+          },
+        },
+        items: {
+          avg: {
+            type: 'long',
+            _meta: {
+              description: 'The average number of items across all investigations in the cluster',
+            },
+          },
+          p90: {
+            type: 'long',
+            _meta: {
+              description:
+                'The 90th percentile of the number of items across all investigations in the cluster',
+            },
+          },
+          p95: {
+            type: 'long',
+            _meta: {
+              description:
+                'The 95th percentile of the number of items across all investigations in the cluster',
+            },
+          },
+          max: {
+            type: 'long',
+            _meta: {
+              description: 'The maximum number of items across all investigations in the cluster',
+            },
+          },
+          min: {
+            type: 'long',
+            _meta: {
+              description: 'The minimum number of items across all investigations in the cluster',
+            },
+          },
+        },
+        notes: {
+          avg: {
+            type: 'long',
+            _meta: {
+              description: 'The average number of notes across all investigations in the cluster',
+            },
+          },
+          p90: {
+            type: 'long',
+            _meta: {
+              description:
+                'The 90th percentile of the number of notes across all investigations in the cluster',
+            },
+          },
+          p95: {
+            type: 'long',
+            _meta: {
+              description:
+                'The 95th percentile of the number of notes across all investigations in the cluster',
+            },
+          },
+          max: {
+            type: 'long',
+            _meta: {
+              description: 'The maximum number of notes across all investigations in the cluster',
+            },
+          },
+          min: {
+            type: 'long',
+            _meta: {
+              description: 'The minimum number of notes across all investigations in the cluster',
+            },
+          },
+        },
+      },
+    },
+    isReady: () => true,
+    fetch: fetcher,
+  });
+
+  // register usage collector
+  usageCollection.registerCollector(usageCollector);
+}
diff --git a/x-pack/plugins/observability_solution/investigate_app/server/lib/collectors/type.ts b/x-pack/plugins/observability_solution/investigate_app/server/lib/collectors/type.ts
new file mode 100644
index 0000000000000..b7d4215195b4d
--- /dev/null
+++ b/x-pack/plugins/observability_solution/investigate_app/server/lib/collectors/type.ts
@@ -0,0 +1,37 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export interface Usage {
+  investigation: {
+    total: number;
+    by_status: {
+      triage: number;
+      active: number;
+      mitigated: number;
+      resolved: number;
+      cancelled: number;
+    };
+    by_origin: {
+      alert: number;
+      blank: number;
+    };
+    items: {
+      avg: number;
+      p90: number;
+      p95: number;
+      max: number;
+      min: number;
+    };
+    notes: {
+      avg: number;
+      p90: number;
+      p95: number;
+      max: number;
+      min: number;
+    };
+  };
+}
diff --git a/x-pack/plugins/observability_solution/investigate_app/server/lib/get_sample_documents.ts b/x-pack/plugins/observability_solution/investigate_app/server/lib/get_sample_documents.ts
index 9621a5ff1a4ed..966bda5fc6169 100644
--- a/x-pack/plugins/observability_solution/investigate_app/server/lib/get_sample_documents.ts
+++ b/x-pack/plugins/observability_solution/investigate_app/server/lib/get_sample_documents.ts
@@ -7,7 +7,7 @@
 import pLimit from 'p-limit';
 import { estypes } from '@elastic/elasticsearch';
 import { castArray, sortBy, uniq, partition, shuffle } from 'lodash';
-import { truncateList } from '@kbn/inference-plugin/common/utils/truncate_list';
+import { truncateList } from '@kbn/inference-common';
 import { QueryDslQueryContainer } from '@kbn/data-views-plugin/common/types';
 import type { ElasticsearchClient } from '@kbn/core-elasticsearch-server';
 import { rangeQuery, excludeFrozenQuery } from './queries';
diff --git a/x-pack/plugins/observability_solution/investigate_app/server/plugin.ts b/x-pack/plugins/observability_solution/investigate_app/server/plugin.ts
index f1ee1cacd155b..ec710cffa3b8d 100644
--- a/x-pack/plugins/observability_solution/investigate_app/server/plugin.ts
+++ b/x-pack/plugins/observability_solution/investigate_app/server/plugin.ts
@@ -19,6 +19,7 @@ import type {
 } from './types';
 import { investigation } from './saved_objects/investigation';
 import { InvestigateAppConfig } from './config';
+import { registerUsageCollector } from './lib/collectors/register';
 
 export class InvestigateAppPlugin
   implements
@@ -53,6 +54,7 @@ export class InvestigateAppPlugin
 
     if (this.config.enabled === true) {
       coreSetup.savedObjects.registerType(investigation);
+      registerUsageCollector(pluginsSetup.usageCollection);
 
       registerServerRoutes({
         core: coreSetup,
diff --git a/x-pack/plugins/observability_solution/investigate_app/server/types.ts b/x-pack/plugins/observability_solution/investigate_app/server/types.ts
index fa4db6ccfcb05..8803221000d5b 100644
--- a/x-pack/plugins/observability_solution/investigate_app/server/types.ts
+++ b/x-pack/plugins/observability_solution/investigate_app/server/types.ts
@@ -10,6 +10,7 @@ import {
   RuleRegistryPluginSetupContract,
   RuleRegistryPluginStartContract,
 } from '@kbn/rule-registry-plugin/server';
+import { UsageCollectionSetup } from '@kbn/usage-collection-plugin/server';
 
 /* eslint-disable @typescript-eslint/no-empty-interface*/
 
@@ -18,6 +19,7 @@ export interface ConfigSchema {}
 export interface InvestigateAppSetupDependencies {
   observability: ObservabilityPluginSetup;
   ruleRegistry: RuleRegistryPluginSetupContract;
+  usageCollection: UsageCollectionSetup;
 }
 
 export interface InvestigateAppStartDependencies {
diff --git a/x-pack/plugins/observability_solution/investigate_app/tsconfig.json b/x-pack/plugins/observability_solution/investigate_app/tsconfig.json
index a853456b1156c..0851a13367091 100644
--- a/x-pack/plugins/observability_solution/investigate_app/tsconfig.json
+++ b/x-pack/plugins/observability_solution/investigate_app/tsconfig.json
@@ -62,12 +62,13 @@
     "@kbn/licensing-plugin",
     "@kbn/rule-data-utils",
     "@kbn/entities-schema",
-    "@kbn/inference-plugin",
     "@kbn/core-elasticsearch-server",
     "@kbn/calculate-auto",
     "@kbn/ml-random-sampler-utils",
     "@kbn/charts-plugin",
-    "@kbn/observability-utils",
     "@kbn/observability-alerting-rule-utils",
+    "@kbn/observability-utils-browser",
+    "@kbn/usage-collection-plugin",
+    "@kbn/inference-common",
   ],
 }
diff --git a/x-pack/plugins/observability_solution/observability/public/components/rule_condition_chart/rule_condition_chart.tsx b/x-pack/plugins/observability_solution/observability/public/components/rule_condition_chart/rule_condition_chart.tsx
index 407637520dda7..4567d7c37b10b 100644
--- a/x-pack/plugins/observability_solution/observability/public/components/rule_condition_chart/rule_condition_chart.tsx
+++ b/x-pack/plugins/observability_solution/observability/public/components/rule_condition_chart/rule_condition_chart.tsx
@@ -68,6 +68,7 @@ export interface RuleConditionChartExpressions {
   timeSize?: number;
   timeUnit?: TimeUnitChar;
   equation?: string;
+  label?: string;
 }
 export interface RuleConditionChartProps {
   metricExpression: RuleConditionChartExpressions;
@@ -108,6 +109,7 @@ export function RuleConditionChart({
     threshold,
     comparator,
     equation,
+    label,
     warningComparator,
     warningThreshold,
   } = metricExpression;
@@ -332,7 +334,7 @@ export function RuleConditionChart({
     const baseLayer = {
       type: 'formula',
       value: formula,
-      label: formula,
+      label: label ?? formula,
       groupBy,
       format: {
         id: formatId,
@@ -409,6 +411,7 @@ export function RuleConditionChart({
     comparator,
     dataView,
     equation,
+    label,
     searchConfiguration,
     formula,
     formulaAsync.value,
diff --git a/x-pack/plugins/observability_solution/observability/server/errors/errors.ts b/x-pack/plugins/observability_solution/observability/server/errors/errors.ts
deleted file mode 100644
index eaec36e66d08b..0000000000000
--- a/x-pack/plugins/observability_solution/observability/server/errors/errors.ts
+++ /dev/null
@@ -1,26 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-/* eslint-disable max-classes-per-file */
-
-export class ObservabilityError extends Error {
-  constructor(message?: string) {
-    super(message);
-    this.name = this.constructor.name;
-  }
-}
-
-export class SLONotFound extends ObservabilityError {}
-export class SLOIdConflict extends ObservabilityError {}
-
-export class InvalidQueryError extends ObservabilityError {}
-export class InternalQueryError extends ObservabilityError {}
-export class NotSupportedError extends ObservabilityError {}
-export class IllegalArgumentError extends ObservabilityError {}
-export class InvalidTransformError extends ObservabilityError {}
-
-export class SecurityException extends ObservabilityError {}
diff --git a/x-pack/plugins/observability_solution/observability/server/errors/handler.ts b/x-pack/plugins/observability_solution/observability/server/errors/handler.ts
deleted file mode 100644
index c10f1d98c083e..0000000000000
--- a/x-pack/plugins/observability_solution/observability/server/errors/handler.ts
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { ObservabilityError, SecurityException, SLOIdConflict, SLONotFound } from './errors';
-
-export function getHTTPResponseCode(error: ObservabilityError): number {
-  if (error instanceof SLONotFound) {
-    return 404;
-  }
-
-  if (error instanceof SLOIdConflict) {
-    return 409;
-  }
-
-  if (error instanceof SecurityException) {
-    return 403;
-  }
-
-  return 400;
-}
diff --git a/x-pack/plugins/observability_solution/observability/server/routes/register_routes.ts b/x-pack/plugins/observability_solution/observability/server/routes/register_routes.ts
index b885050eb64c7..5599039a5ce67 100644
--- a/x-pack/plugins/observability_solution/observability/server/routes/register_routes.ts
+++ b/x-pack/plugins/observability_solution/observability/server/routes/register_routes.ts
@@ -8,20 +8,19 @@ import { errors } from '@elastic/elasticsearch';
 import Boom from '@hapi/boom';
 import { RulesClientApi } from '@kbn/alerting-plugin/server/types';
 import { CoreSetup, KibanaRequest, Logger, RouteRegistrar } from '@kbn/core/server';
+import { DataViewsServerPluginStart } from '@kbn/data-views-plugin/server';
 import { RuleDataPluginService } from '@kbn/rule-registry-plugin/server';
 import {
   IoTsParamsObject,
   decodeRequestParams,
-  stripNullishRequestParameters,
   parseEndpoint,
   passThroughValidationObject,
+  stripNullishRequestParameters,
 } from '@kbn/server-route-repository';
 import { SpacesPluginStart } from '@kbn/spaces-plugin/server';
 import axios from 'axios';
 import * as t from 'io-ts';
-import { DataViewsServerPluginStart } from '@kbn/data-views-plugin/server';
 import { ObservabilityConfig } from '..';
-import { getHTTPResponseCode, ObservabilityError } from '../errors';
 import { AlertDetailsContextualInsightsService } from '../services';
 import { ObservabilityRequestHandlerContext } from '../types';
 import { AbstractObservabilityServerRouteRepository } from './types';
@@ -88,16 +87,6 @@ export function registerRoutes({ config, repository, core, logger, dependencies
 
           return response.ok({ body: data });
         } catch (error) {
-          if (error instanceof ObservabilityError) {
-            logger.error(error.message);
-            return response.customError({
-              statusCode: getHTTPResponseCode(error),
-              body: {
-                message: error.message,
-              },
-            });
-          }
-
           if (axios.isAxiosError(error)) {
             logger.error(error);
             return response.customError({
diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant/server/functions/execute_connector.ts b/x-pack/plugins/observability_solution/observability_ai_assistant/server/functions/execute_connector.ts
index 0088e35a6f6af..70f4ead5e6bb6 100644
--- a/x-pack/plugins/observability_solution/observability_ai_assistant/server/functions/execute_connector.ts
+++ b/x-pack/plugins/observability_solution/observability_ai_assistant/server/functions/execute_connector.ts
@@ -8,13 +8,15 @@
 import { FunctionRegistrationParameters } from '.';
 import { FunctionVisibility } from '../../common';
 
+export const EXECUTE_CONNECTOR_FUNCTION_NAME = 'execute_connector';
+
 export function registerExecuteConnectorFunction({
   functions,
   resources,
 }: FunctionRegistrationParameters) {
   functions.registerFunction(
     {
-      name: 'execute_connector',
+      name: EXECUTE_CONNECTOR_FUNCTION_NAME,
       description: 'Use this function when user explicitly asks to call a kibana connector.',
       visibility: FunctionVisibility.AssistantOnly,
       parameters: {
diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant_app/server/rule_connector/index.ts b/x-pack/plugins/observability_solution/observability_ai_assistant_app/server/rule_connector/index.ts
index 59b883fef9c18..33f3bdd2c98f8 100644
--- a/x-pack/plugins/observability_solution/observability_ai_assistant_app/server/rule_connector/index.ts
+++ b/x-pack/plugins/observability_solution/observability_ai_assistant_app/server/rule_connector/index.ts
@@ -23,7 +23,6 @@ import {
   JiraParamsSchema,
   PagerdutyParamsSchema,
   SlackApiParamsSchema,
-  SlackParamsSchema,
   WebhookParamsSchema,
 } from '@kbn/stack-connectors-plugin/server';
 import { ObservabilityAIAssistantRouteHandlerResources } from '@kbn/observability-ai-assistant-plugin/server/routes/types';
@@ -37,14 +36,26 @@ import { CompatibleJSONSchema } from '@kbn/observability-ai-assistant-plugin/com
 import { AlertDetailsContextualInsightsService } from '@kbn/observability-plugin/server/services';
 import { getSystemMessageFromInstructions } from '@kbn/observability-ai-assistant-plugin/server/service/util/get_system_message_from_instructions';
 import { AdHocInstruction } from '@kbn/observability-ai-assistant-plugin/common/types';
+import { EXECUTE_CONNECTOR_FUNCTION_NAME } from '@kbn/observability-ai-assistant-plugin/server/functions/execute_connector';
 import { convertSchemaToOpenApi } from './convert_schema_to_open_api';
 import { OBSERVABILITY_AI_ASSISTANT_CONNECTOR_ID } from '../../common/rule_connector';
 
 const CONNECTOR_PRIVILEGES = ['api:observabilityAIAssistant', 'app:observabilityAIAssistant'];
 
 const connectorParamsSchemas: Record<string, CompatibleJSONSchema> = {
+  '.slack': {
+    type: 'object',
+    properties: {
+      id: { type: 'string' },
+      params: {
+        type: 'object',
+        properties: {
+          message: { type: 'string' },
+        },
+      },
+    },
+  },
   '.slack_api': convertSchemaToOpenApi(SlackApiParamsSchema),
-  '.slack': convertSchemaToOpenApi(SlackParamsSchema),
   '.email': convertSchemaToOpenApi(EmailParamsSchema),
   '.webhook': convertSchemaToOpenApi(WebhookParamsSchema),
   '.jira': convertSchemaToOpenApi(JiraParamsSchema),
@@ -189,6 +200,24 @@ If available, include the link of the conversation at the end of your answer.`
     ),
   };
 
+  const hasSlackConnector = !!connectorsList.filter(
+    (connector) => connector.actionTypeId === '.slack'
+  ).length;
+
+  if (hasSlackConnector && functionClient.hasFunction(EXECUTE_CONNECTOR_FUNCTION_NAME)) {
+    const slackConnectorInstruction: AdHocInstruction = {
+      instruction_type: 'application_instruction',
+      text: dedent(
+        `The execute_connector function can be used to invoke Kibana connectors.
+        To send to the Slack connector, you need the following arguments:
+          - the "id" of the connector
+          - the "params" parameter that you will fill with the message
+        Please include both "id" and "params.message" in the function arguments when executing the Slack connector..`
+      ),
+    };
+    functionClient.registerAdhocInstruction(slackConnectorInstruction);
+  }
+
   const alertsContext = await getAlertsContext(
     execOptions.params.rule,
     execOptions.params.alerts,
diff --git a/x-pack/plugins/observability_solution/observability_logs_explorer/common/translations.ts b/x-pack/plugins/observability_solution/observability_logs_explorer/common/translations.ts
index f89c6eb47e6c4..380bc3c3c5a26 100644
--- a/x-pack/plugins/observability_solution/observability_logs_explorer/common/translations.ts
+++ b/x-pack/plugins/observability_solution/observability_logs_explorer/common/translations.ts
@@ -22,14 +22,26 @@ export const observabilityAppTitle = i18n.translate(
   }
 );
 
-export const betaBadgeTitle = i18n.translate('xpack.observabilityLogsExplorer.betaBadgeTitle', {
-  defaultMessage: 'Beta',
-});
+export const deprecationBadgeTitle = i18n.translate(
+  'xpack.observabilityLogsExplorer.deprecationBadgeTitle',
+  {
+    defaultMessage: 'Deprecation notice',
+  }
+);
+
+export const deprecationBadgeDescription = i18n.translate(
+  'xpack.observabilityLogsExplorer.deprecationBadgeDescription',
+  {
+    defaultMessage:
+      'Logs Stream and Logs Explorer are set to be deprecated. Switch to Discover which now includes their functionality plus more features and better performance.',
+  }
+);
 
-export const betaBadgeDescription = i18n.translate(
-  'xpack.observabilityLogsExplorer.betaBadgeDescription',
+export const deprecationBadgeGuideline = i18n.translate(
+  'xpack.observabilityLogsExplorer.deprecationBadgeGuideline',
   {
-    defaultMessage: 'This application is in beta and therefore subject to change.',
+    defaultMessage:
+      'You can temporarily access Logs Stream by re-enabling it in Advanced Settings.',
   }
 );
 
diff --git a/x-pack/plugins/observability_solution/observability_logs_explorer/public/components/logs_explorer_top_nav_menu.tsx b/x-pack/plugins/observability_solution/observability_logs_explorer/public/components/logs_explorer_top_nav_menu.tsx
index c3f91b3bf8660..0020df30b8708 100644
--- a/x-pack/plugins/observability_solution/observability_logs_explorer/public/components/logs_explorer_top_nav_menu.tsx
+++ b/x-pack/plugins/observability_solution/observability_logs_explorer/public/components/logs_explorer_top_nav_menu.tsx
@@ -21,7 +21,11 @@ import { LogsExplorerTabs } from '@kbn/discover-plugin/public';
 import React, { useEffect, useState } from 'react';
 import useObservable from 'react-use/lib/useObservable';
 import { filter, take } from 'rxjs';
-import { betaBadgeDescription, betaBadgeTitle } from '../../common/translations';
+import {
+  deprecationBadgeDescription,
+  deprecationBadgeGuideline,
+  deprecationBadgeTitle,
+} from '../../common/translations';
 import { useKibanaContextForPlugin } from '../utils/use_kibana';
 import { ConnectedDiscoverLink } from './discover_link';
 import { FeedbackLink } from './feedback_link';
@@ -59,13 +63,7 @@ const ProjectTopNav = () => {
         `}
       >
         <EuiHeaderSectionItem>
-          <EuiBetaBadge
-            size="s"
-            iconType="beta"
-            label={betaBadgeTitle}
-            tooltipContent={betaBadgeDescription}
-            alignment="middle"
-          />
+          <DeprecationNoticeBadge />
         </EuiHeaderSectionItem>
         <EuiHeaderSectionItem>
           <EuiHeaderLinks gutterSize="xs">
@@ -115,15 +113,6 @@ const ClassicTopNav = () => {
               margin-left: ${euiThemeVars.euiSizeM};
             `}
           >
-            <EuiHeaderSectionItem>
-              <EuiBetaBadge
-                size="s"
-                iconType="beta"
-                label={betaBadgeTitle}
-                tooltipContent={betaBadgeDescription}
-                alignment="middle"
-              />
-            </EuiHeaderSectionItem>
             <EuiHeaderSectionItem>
               <FeedbackLink />
             </EuiHeaderSectionItem>
@@ -145,6 +134,9 @@ const ClassicTopNav = () => {
       <EuiHeaderSection data-test-subj="logsExplorerHeaderMenu">
         <EuiHeaderSectionItem>
           <EuiHeaderLinks gutterSize="xs">
+            <EuiHeaderSectionItem>
+              <DeprecationNoticeBadge />
+            </EuiHeaderSectionItem>
             <ConnectedDiscoverLink />
             <ConditionalVerticalRule Component={ConnectedDatasetQualityLink()} />
             <VerticalRule />
@@ -171,3 +163,19 @@ const ConditionalVerticalRule = ({ Component }: { Component: JSX.Element | null
       {Component}
     </>
   );
+
+const DeprecationNoticeBadge = () => (
+  <EuiBetaBadge
+    label={deprecationBadgeTitle}
+    color="subdued"
+    tooltipContent={
+      <>
+        {deprecationBadgeDescription}
+        <br />
+        <br />
+        {deprecationBadgeGuideline}
+      </>
+    }
+    alignment="middle"
+  />
+);
diff --git a/x-pack/plugins/observability_solution/observability_logs_explorer/public/types.ts b/x-pack/plugins/observability_solution/observability_logs_explorer/public/types.ts
index b1bbfb1b504a1..7106395d47b27 100644
--- a/x-pack/plugins/observability_solution/observability_logs_explorer/public/types.ts
+++ b/x-pack/plugins/observability_solution/observability_logs_explorer/public/types.ts
@@ -25,7 +25,7 @@ import { UnifiedSearchPublicPluginStart } from '@kbn/unified-search-plugin/publi
 import { DataViewsPublicPluginStart } from '@kbn/data-views-plugin/public';
 import { DataViewEditorStart } from '@kbn/data-view-editor-plugin/public';
 import { LensPublicStart } from '@kbn/lens-plugin/public';
-import { SloPublicStart } from '@kbn/slo-plugin/public';
+import { SLOPublicStart } from '@kbn/slo-plugin/public';
 import { LogsDataAccessPluginStart } from '@kbn/logs-data-access-plugin/public';
 import {
   ObservabilityLogsExplorerLocators,
@@ -53,7 +53,7 @@ export interface ObservabilityLogsExplorerStartDeps {
   logsDataAccess: LogsDataAccessPluginStart;
   observabilityAIAssistant?: ObservabilityAIAssistantPublicStart;
   observabilityShared: ObservabilitySharedPluginStart;
-  slo: SloPublicStart;
+  slo: SLOPublicStart;
   serverless?: ServerlessPluginStart;
   triggersActionsUi?: TriggersAndActionsUIPublicPluginStart;
   unifiedSearch?: UnifiedSearchPublicPluginStart;
diff --git a/x-pack/plugins/observability_solution/observability_onboarding/server/routes/flow/route.ts b/x-pack/plugins/observability_solution/observability_onboarding/server/routes/flow/route.ts
index 5aa2bc489ab59..f0663aa27ccad 100644
--- a/x-pack/plugins/observability_solution/observability_onboarding/server/routes/flow/route.ts
+++ b/x-pack/plugins/observability_solution/observability_onboarding/server/routes/flow/route.ts
@@ -300,7 +300,8 @@ const createFlowRoute = createObservabilityOnboardingServerRoute({
  *  --header "Accept: application/x-tar" \
  *  --header "Content-Type: text/tab-separated-values" \
  *  --header "kbn-xsrf: true" \
- *  --data $'system\tregistry\nproduct_service\tcustom\t/path/to/access.log\ncheckout_service\tcustom\t/path/to/access.log' \
+ *  --header "x-elastic-internal-origin: Kibana" \
+ *  --data $'system\tregistry\twebserver01\nproduct_service\tcustom\t/path/to/access.log\ncheckout_service\tcustom\t/path/to/access.log' \
  *  --output - | tar -tvf -
  * ```
  */
@@ -456,6 +457,16 @@ async function ensureInstalledIntegrations(
                   id: `filestream-${pkgName}`,
                   data_stream: dataStream,
                   paths: integration.logFilePaths,
+                  processors: [
+                    {
+                      add_fields: {
+                        target: 'service',
+                        fields: {
+                          name: pkgName,
+                        },
+                      },
+                    },
+                  ],
                 },
               ],
             },
diff --git a/x-pack/plugins/observability_solution/slo/common/config.ts b/x-pack/plugins/observability_solution/slo/common/config.ts
index 973fc562d743b..86fa7b74c2a1f 100644
--- a/x-pack/plugins/observability_solution/slo/common/config.ts
+++ b/x-pack/plugins/observability_solution/slo/common/config.ts
@@ -25,5 +25,5 @@ export const config = {
     experimental: true,
   },
 };
-export type SloConfig = TypeOf<typeof configSchema>;
-export type ExperimentalFeatures = SloConfig['experimental'];
+export type SLOConfig = TypeOf<typeof configSchema>;
+export type ExperimentalFeatures = SLOConfig['experimental'];
diff --git a/x-pack/plugins/observability_solution/slo/docs/openapi/slo/bundled.json b/x-pack/plugins/observability_solution/slo/docs/openapi/slo/bundled.json
index b8d3e28ce210a..b4d66229dc495 100644
--- a/x-pack/plugins/observability_solution/slo/docs/openapi/slo/bundled.json
+++ b/x-pack/plugins/observability_solution/slo/docs/openapi/slo/bundled.json
@@ -559,7 +559,7 @@
           }
         ],
         "responses": {
-          "200": {
+          "204": {
             "description": "Successful request"
           },
           "400": {
@@ -625,7 +625,7 @@
           }
         ],
         "responses": {
-          "204": {
+          "200": {
             "description": "Successful request",
             "content": {
               "application/json": {
diff --git a/x-pack/plugins/observability_solution/slo/docs/openapi/slo/bundled.yaml b/x-pack/plugins/observability_solution/slo/docs/openapi/slo/bundled.yaml
index dc57f3e4ea4f6..fde29b3602be0 100644
--- a/x-pack/plugins/observability_solution/slo/docs/openapi/slo/bundled.yaml
+++ b/x-pack/plugins/observability_solution/slo/docs/openapi/slo/bundled.yaml
@@ -341,7 +341,7 @@ paths:
         - $ref: '#/components/parameters/space_id'
         - $ref: '#/components/parameters/slo_id'
       responses:
-        '200':
+        '204':
           description: Successful request
         '400':
           description: Bad request
@@ -380,7 +380,7 @@ paths:
         - $ref: '#/components/parameters/space_id'
         - $ref: '#/components/parameters/slo_id'
       responses:
-        '204':
+        '200':
           description: Successful request
           content:
             application/json:
diff --git a/x-pack/plugins/observability_solution/slo/docs/openapi/slo/paths/s@{spaceid}@api@slos@{sloid}@_reset.yaml b/x-pack/plugins/observability_solution/slo/docs/openapi/slo/paths/s@{spaceid}@api@slos@{sloid}@_reset.yaml
index e805c1117f5c1..53d9e03e463e6 100644
--- a/x-pack/plugins/observability_solution/slo/docs/openapi/slo/paths/s@{spaceid}@api@slos@{sloid}@_reset.yaml
+++ b/x-pack/plugins/observability_solution/slo/docs/openapi/slo/paths/s@{spaceid}@api@slos@{sloid}@_reset.yaml
@@ -11,7 +11,7 @@ post:
     - $ref: ../components/parameters/space_id.yaml
     - $ref: ../components/parameters/slo_id.yaml
   responses:
-    '204':
+    '200':
       description: Successful request
       content:
         application/json:
diff --git a/x-pack/plugins/observability_solution/slo/docs/openapi/slo/paths/s@{spaceid}@api@slos@{sloid}@disable.yaml b/x-pack/plugins/observability_solution/slo/docs/openapi/slo/paths/s@{spaceid}@api@slos@{sloid}@disable.yaml
index 704e2f8d24359..0a5194a550aa9 100644
--- a/x-pack/plugins/observability_solution/slo/docs/openapi/slo/paths/s@{spaceid}@api@slos@{sloid}@disable.yaml
+++ b/x-pack/plugins/observability_solution/slo/docs/openapi/slo/paths/s@{spaceid}@api@slos@{sloid}@disable.yaml
@@ -11,7 +11,7 @@ post:
     - $ref: ../components/parameters/space_id.yaml
     - $ref: ../components/parameters/slo_id.yaml
   responses:
-    '200':
+    '204':
       description: Successful request
     '400':
       description: Bad request
diff --git a/x-pack/plugins/observability_solution/slo/kibana.jsonc b/x-pack/plugins/observability_solution/slo/kibana.jsonc
index c1054089c508a..e5732ee25e7e1 100644
--- a/x-pack/plugins/observability_solution/slo/kibana.jsonc
+++ b/x-pack/plugins/observability_solution/slo/kibana.jsonc
@@ -38,14 +38,14 @@
       "presentationUtil",
       "features",
       "licensing",
-      "usageCollection"
+      "usageCollection",
     ],
     "optionalPlugins": [
       "cloud",
-      "spaces",
       "serverless",
       "discover",
-      "observabilityAIAssistant"
+      "observabilityAIAssistant",
+      "spaces",
     ],
     "requiredBundles": [
       "controls",
diff --git a/x-pack/plugins/observability_solution/slo/public/application.tsx b/x-pack/plugins/observability_solution/slo/public/application.tsx
index b6291b5286148..79160de114cd5 100644
--- a/x-pack/plugins/observability_solution/slo/public/application.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/application.tsx
@@ -25,26 +25,20 @@ import { ExperimentalFeatures } from '../common/config';
 import { PluginContext } from './context/plugin_context';
 import { usePluginContext } from './hooks/use_plugin_context';
 import { getRoutes } from './routes/routes';
-import { SloPublicPluginsStart } from './types';
+import { SLORepositoryClient, SLOPublicPluginsStart } from './types';
 
-function App() {
-  const { isServerless } = usePluginContext();
-
-  const routes = getRoutes(isServerless);
-
-  return (
-    <>
-      <Routes>
-        {Object.keys(routes).map((path) => {
-          const { handler, exact } = routes[path];
-          const Wrapper = () => {
-            return handler();
-          };
-          return <Route key={path} path={path} exact={exact} component={Wrapper} />;
-        })}
-      </Routes>
-    </>
-  );
+interface Props {
+  core: CoreStart;
+  plugins: SLOPublicPluginsStart;
+  appMountParameters: AppMountParameters;
+  observabilityRuleTypeRegistry: ObservabilityRuleTypeRegistry;
+  ObservabilityPageTemplate: React.ComponentType<LazyObservabilityPageTemplateProps>;
+  usageCollection: UsageCollectionSetup;
+  isDev?: boolean;
+  kibanaVersion: string;
+  isServerless?: boolean;
+  experimentalFeatures: ExperimentalFeatures;
+  sloClient: SLORepositoryClient;
 }
 
 export const renderApp = ({
@@ -58,18 +52,8 @@ export const renderApp = ({
   isServerless,
   observabilityRuleTypeRegistry,
   experimentalFeatures,
-}: {
-  core: CoreStart;
-  plugins: SloPublicPluginsStart;
-  appMountParameters: AppMountParameters;
-  observabilityRuleTypeRegistry: ObservabilityRuleTypeRegistry;
-  ObservabilityPageTemplate: React.ComponentType<LazyObservabilityPageTemplateProps>;
-  usageCollection: UsageCollectionSetup;
-  isDev?: boolean;
-  kibanaVersion: string;
-  isServerless?: boolean;
-  experimentalFeatures: ExperimentalFeatures;
-}) => {
+  sloClient,
+}: Props) => {
   const { element, history, theme$ } = appMountParameters;
   const isDarkMode = core.theme.getTheme().darkMode;
 
@@ -128,6 +112,7 @@ export const renderApp = ({
                   ObservabilityPageTemplate,
                   observabilityRuleTypeRegistry,
                   experimentalFeatures,
+                  sloClient,
                 }}
               >
                 <Router history={history}>
@@ -160,3 +145,21 @@ export const renderApp = ({
     ReactDOM.unmountComponentAtNode(element);
   };
 };
+
+function App() {
+  const { isServerless } = usePluginContext();
+
+  const routes = getRoutes(isServerless);
+
+  return (
+    <Routes>
+      {Object.keys(routes).map((path) => {
+        const { handler, exact } = routes[path];
+        const Wrapper = () => {
+          return handler();
+        };
+        return <Route key={path} path={path} exact={exact} component={Wrapper} />;
+      })}
+    </Routes>
+  );
+}
diff --git a/x-pack/plugins/observability_solution/slo/public/components/slo/burn_rate/alert_details/alert_details_app_section.tsx b/x-pack/plugins/observability_solution/slo/public/components/alert_details/alert_details_app_section.tsx
similarity index 93%
rename from x-pack/plugins/observability_solution/slo/public/components/slo/burn_rate/alert_details/alert_details_app_section.tsx
rename to x-pack/plugins/observability_solution/slo/public/components/alert_details/alert_details_app_section.tsx
index 44ab29e77e1bd..8dade80f8a7d4 100644
--- a/x-pack/plugins/observability_solution/slo/public/components/slo/burn_rate/alert_details/alert_details_app_section.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/components/alert_details/alert_details_app_section.tsx
@@ -9,8 +9,8 @@ import React, { useEffect } from 'react';
 import { EuiFlexGroup, EuiLink } from '@elastic/eui';
 import { i18n } from '@kbn/i18n';
 import { AlertDetailsAppSectionProps } from '@kbn/observability-plugin/public';
-import { useKibana } from '../../../../utils/kibana_react';
-import { useFetchSloDetails } from '../../../../hooks/use_fetch_slo_details';
+import { useKibana } from '../../hooks/use_kibana';
+import { useFetchSloDetails } from '../../hooks/use_fetch_slo_details';
 import { CustomAlertDetailsPanel } from './components/custom_panels/custom_panels';
 import { ErrorRatePanel } from './components/error_rate/error_rate_panel';
 import { BurnRateAlert, BurnRateRule } from './types';
diff --git a/x-pack/plugins/observability_solution/slo/public/components/slo/burn_rate/alert_details/components/custom_panels/apm/apm_alert_details.tsx b/x-pack/plugins/observability_solution/slo/public/components/alert_details/components/custom_panels/apm/apm_alert_details.tsx
similarity index 100%
rename from x-pack/plugins/observability_solution/slo/public/components/slo/burn_rate/alert_details/components/custom_panels/apm/apm_alert_details.tsx
rename to x-pack/plugins/observability_solution/slo/public/components/alert_details/components/custom_panels/apm/apm_alert_details.tsx
diff --git a/x-pack/plugins/observability_solution/slo/public/components/slo/burn_rate/alert_details/components/custom_panels/apm/embeddable_root.tsx b/x-pack/plugins/observability_solution/slo/public/components/alert_details/components/custom_panels/apm/embeddable_root.tsx
similarity index 100%
rename from x-pack/plugins/observability_solution/slo/public/components/slo/burn_rate/alert_details/components/custom_panels/apm/embeddable_root.tsx
rename to x-pack/plugins/observability_solution/slo/public/components/alert_details/components/custom_panels/apm/embeddable_root.tsx
diff --git a/x-pack/plugins/observability_solution/slo/public/components/slo/burn_rate/alert_details/components/custom_panels/custom_kql/custom_kql_panels.tsx b/x-pack/plugins/observability_solution/slo/public/components/alert_details/components/custom_panels/custom_kql/custom_kql_panels.tsx
similarity index 92%
rename from x-pack/plugins/observability_solution/slo/public/components/slo/burn_rate/alert_details/components/custom_panels/custom_kql/custom_kql_panels.tsx
rename to x-pack/plugins/observability_solution/slo/public/components/alert_details/components/custom_panels/custom_kql/custom_kql_panels.tsx
index 418f7c5d08d41..1a75a30766423 100644
--- a/x-pack/plugins/observability_solution/slo/public/components/slo/burn_rate/alert_details/components/custom_panels/custom_kql/custom_kql_panels.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/components/alert_details/components/custom_panels/custom_kql/custom_kql_panels.tsx
@@ -9,7 +9,7 @@ import { GetSLOResponse } from '@kbn/slo-schema';
 import React from 'react';
 import { LogRateAnalysisPanel } from './log_rate_analysis_panel';
 import { BurnRateAlert, BurnRateRule } from '../../../types';
-import { useLicense } from '../../../../../../../hooks/use_license';
+import { useLicense } from '../../../../../hooks/use_license';
 
 interface Props {
   slo: GetSLOResponse;
diff --git a/x-pack/plugins/observability_solution/slo/public/components/slo/burn_rate/alert_details/components/custom_panels/custom_kql/helpers/__snapshots__/log_rate_analysis_query.test.ts.snap b/x-pack/plugins/observability_solution/slo/public/components/alert_details/components/custom_panels/custom_kql/helpers/__snapshots__/log_rate_analysis_query.test.ts.snap
similarity index 100%
rename from x-pack/plugins/observability_solution/slo/public/components/slo/burn_rate/alert_details/components/custom_panels/custom_kql/helpers/__snapshots__/log_rate_analysis_query.test.ts.snap
rename to x-pack/plugins/observability_solution/slo/public/components/alert_details/components/custom_panels/custom_kql/helpers/__snapshots__/log_rate_analysis_query.test.ts.snap
diff --git a/x-pack/plugins/observability_solution/slo/public/components/slo/burn_rate/alert_details/components/custom_panels/custom_kql/helpers/log_rate_analysis_query.test.ts b/x-pack/plugins/observability_solution/slo/public/components/alert_details/components/custom_panels/custom_kql/helpers/log_rate_analysis_query.test.ts
similarity index 100%
rename from x-pack/plugins/observability_solution/slo/public/components/slo/burn_rate/alert_details/components/custom_panels/custom_kql/helpers/log_rate_analysis_query.test.ts
rename to x-pack/plugins/observability_solution/slo/public/components/alert_details/components/custom_panels/custom_kql/helpers/log_rate_analysis_query.test.ts
diff --git a/x-pack/plugins/observability_solution/slo/public/components/slo/burn_rate/alert_details/components/custom_panels/custom_kql/helpers/log_rate_analysis_query.ts b/x-pack/plugins/observability_solution/slo/public/components/alert_details/components/custom_panels/custom_kql/helpers/log_rate_analysis_query.ts
similarity index 100%
rename from x-pack/plugins/observability_solution/slo/public/components/slo/burn_rate/alert_details/components/custom_panels/custom_kql/helpers/log_rate_analysis_query.ts
rename to x-pack/plugins/observability_solution/slo/public/components/alert_details/components/custom_panels/custom_kql/helpers/log_rate_analysis_query.ts
diff --git a/x-pack/plugins/observability_solution/slo/public/components/slo/burn_rate/alert_details/components/custom_panels/custom_kql/log_rate_analysis_panel.tsx b/x-pack/plugins/observability_solution/slo/public/components/alert_details/components/custom_panels/custom_kql/log_rate_analysis_panel.tsx
similarity index 98%
rename from x-pack/plugins/observability_solution/slo/public/components/slo/burn_rate/alert_details/components/custom_panels/custom_kql/log_rate_analysis_panel.tsx
rename to x-pack/plugins/observability_solution/slo/public/components/alert_details/components/custom_panels/custom_kql/log_rate_analysis_panel.tsx
index e94b8d5baed55..69826dd64dc14 100644
--- a/x-pack/plugins/observability_solution/slo/public/components/slo/burn_rate/alert_details/components/custom_panels/custom_kql/log_rate_analysis_panel.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/components/alert_details/components/custom_panels/custom_kql/log_rate_analysis_panel.tsx
@@ -23,11 +23,11 @@ import { colorTransformer } from '@kbn/observability-shared-plugin/common';
 import { KQLCustomIndicator, DurationUnit } from '@kbn/slo-schema';
 import { i18n } from '@kbn/i18n';
 import type { Message } from '@kbn/observability-ai-assistant-plugin/public';
-import type { WindowSchema } from '../../../../../../../typings';
-import { TimeRange } from '../../../../../error_rate_chart/use_lens_definition';
+import type { WindowSchema } from '../../../../../typings';
+import { TimeRange } from '../../../../slo/error_rate_chart/use_lens_definition';
 import { BurnRateAlert, BurnRateRule } from '../../../types';
 import { getActionGroupFromReason } from '../../../utils/alert';
-import { useKibana } from '../../../../../../../utils/kibana_react';
+import { useKibana } from '../../../../../hooks/use_kibana';
 import { getESQueryForLogRateAnalysis } from './helpers/log_rate_analysis_query';
 function getDataTimeRange(
   timeRange: { gte: string; lte?: string },
diff --git a/x-pack/plugins/observability_solution/slo/public/components/slo/burn_rate/alert_details/components/custom_panels/custom_panels.tsx b/x-pack/plugins/observability_solution/slo/public/components/alert_details/components/custom_panels/custom_panels.tsx
similarity index 100%
rename from x-pack/plugins/observability_solution/slo/public/components/slo/burn_rate/alert_details/components/custom_panels/custom_panels.tsx
rename to x-pack/plugins/observability_solution/slo/public/components/alert_details/components/custom_panels/custom_panels.tsx
diff --git a/x-pack/plugins/observability_solution/slo/public/components/slo/burn_rate/alert_details/components/error_rate/error_rate_panel.tsx b/x-pack/plugins/observability_solution/slo/public/components/alert_details/components/error_rate/error_rate_panel.tsx
similarity index 95%
rename from x-pack/plugins/observability_solution/slo/public/components/slo/burn_rate/alert_details/components/error_rate/error_rate_panel.tsx
rename to x-pack/plugins/observability_solution/slo/public/components/alert_details/components/error_rate/error_rate_panel.tsx
index 560f3f463bb46..0e8cc17757c37 100644
--- a/x-pack/plugins/observability_solution/slo/public/components/slo/burn_rate/alert_details/components/error_rate/error_rate_panel.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/components/alert_details/components/error_rate/error_rate_panel.tsx
@@ -23,9 +23,9 @@ import { FormattedMessage } from '@kbn/i18n-react';
 import { ALERT_EVALUATION_VALUE, ALERT_TIME_RANGE } from '@kbn/rule-data-utils';
 import { GetSLOResponse } from '@kbn/slo-schema';
 import React from 'react';
-import { useKibana } from '../../../../../../utils/kibana_react';
-import { ErrorRateChart } from '../../../../error_rate_chart';
-import { TimeRange } from '../../../../error_rate_chart/use_lens_definition';
+import { useKibana } from '../../../../hooks/use_kibana';
+import { ErrorRateChart } from '../../../slo/error_rate_chart';
+import { TimeRange } from '../../../slo/error_rate_chart/use_lens_definition';
 import { BurnRateAlert } from '../../types';
 import { getActionGroupWindow } from '../../utils/alert';
 import { getLastDurationInUnit } from '../../utils/last_duration_i18n';
@@ -153,7 +153,7 @@ export function ErrorRatePanel({ alert, slo, isLoading }: Props) {
               dataTimeRange={dataTimeRange}
               alertTimeRange={alertTimeRange}
               threshold={actionGroupWindow!.burnRateThreshold}
-              showErrorRateAsLine
+              variant="danger"
             />
           </EuiFlexItem>
         </EuiFlexGroup>
diff --git a/x-pack/plugins/observability_solution/slo/public/components/slo/burn_rate/alert_details/types.ts b/x-pack/plugins/observability_solution/slo/public/components/alert_details/types.ts
similarity index 76%
rename from x-pack/plugins/observability_solution/slo/public/components/slo/burn_rate/alert_details/types.ts
rename to x-pack/plugins/observability_solution/slo/public/components/alert_details/types.ts
index 71aeb901d2b84..4592f4e2b4f1d 100644
--- a/x-pack/plugins/observability_solution/slo/public/components/slo/burn_rate/alert_details/types.ts
+++ b/x-pack/plugins/observability_solution/slo/public/components/alert_details/types.ts
@@ -7,8 +7,8 @@
 
 import type { Rule } from '@kbn/alerting-plugin/common';
 import type { TopAlert } from '@kbn/observability-plugin/public';
-import type { BurnRateRuleParams } from '../../../../typings/slo';
-export type { TimeRange } from '../../error_rate_chart/use_lens_definition';
+import type { BurnRateRuleParams } from '../../typings/slo';
+export type { TimeRange } from '../slo/error_rate_chart/use_lens_definition';
 
 export type BurnRateRule = Rule<BurnRateRuleParams>;
 export type BurnRateAlert = TopAlert;
diff --git a/x-pack/plugins/observability_solution/slo/public/components/slo/burn_rate/alert_details/utils/alert.ts b/x-pack/plugins/observability_solution/slo/public/components/alert_details/utils/alert.ts
similarity index 92%
rename from x-pack/plugins/observability_solution/slo/public/components/slo/burn_rate/alert_details/utils/alert.ts
rename to x-pack/plugins/observability_solution/slo/public/components/alert_details/utils/alert.ts
index 9857973446d16..cf47d6949c796 100644
--- a/x-pack/plugins/observability_solution/slo/public/components/slo/burn_rate/alert_details/utils/alert.ts
+++ b/x-pack/plugins/observability_solution/slo/public/components/alert_details/utils/alert.ts
@@ -10,9 +10,9 @@ import {
   HIGH_PRIORITY_ACTION_ID,
   LOW_PRIORITY_ACTION_ID,
   MEDIUM_PRIORITY_ACTION_ID,
-} from '../../../../../../common/constants';
+} from '../../../../common/constants';
 import { BurnRateAlert } from '../types';
-import { WindowSchema } from '../../../../../typings';
+import { WindowSchema } from '../../../typings';
 
 export function getActionGroupFromReason(reason: string): string {
   const prefix = reason.split(':')[0]?.toLowerCase() ?? undefined;
diff --git a/x-pack/plugins/observability_solution/slo/public/components/slo/burn_rate/alert_details/utils/last_duration_i18n.ts b/x-pack/plugins/observability_solution/slo/public/components/alert_details/utils/last_duration_i18n.ts
similarity index 95%
rename from x-pack/plugins/observability_solution/slo/public/components/slo/burn_rate/alert_details/utils/last_duration_i18n.ts
rename to x-pack/plugins/observability_solution/slo/public/components/alert_details/utils/last_duration_i18n.ts
index cda5f292a8a8e..a1b34bf427f9a 100644
--- a/x-pack/plugins/observability_solution/slo/public/components/slo/burn_rate/alert_details/utils/last_duration_i18n.ts
+++ b/x-pack/plugins/observability_solution/slo/public/components/alert_details/utils/last_duration_i18n.ts
@@ -7,7 +7,7 @@
 
 import { i18n } from '@kbn/i18n';
 import moment from 'moment';
-import { TimeRange } from '../../../error_rate_chart/use_lens_definition';
+import { TimeRange } from '../../slo/error_rate_chart/use_lens_definition';
 
 export function getLastDurationInUnit(timeRange: TimeRange): string {
   const duration = moment.duration(moment(timeRange.to).diff(timeRange.from));
diff --git a/x-pack/plugins/observability_solution/slo/public/components/slo/burn_rate/alert_details/utils/time_range.ts b/x-pack/plugins/observability_solution/slo/public/components/alert_details/utils/time_range.ts
similarity index 92%
rename from x-pack/plugins/observability_solution/slo/public/components/slo/burn_rate/alert_details/utils/time_range.ts
rename to x-pack/plugins/observability_solution/slo/public/components/alert_details/utils/time_range.ts
index 0f5358978478e..9fd813dff5e90 100644
--- a/x-pack/plugins/observability_solution/slo/public/components/slo/burn_rate/alert_details/utils/time_range.ts
+++ b/x-pack/plugins/observability_solution/slo/public/components/alert_details/utils/time_range.ts
@@ -6,7 +6,7 @@
  */
 import type { DateRange } from '@kbn/alerting-plugin/common';
 import { ALERT_TIME_RANGE } from '@kbn/rule-data-utils';
-import { TimeRange } from '../../../error_rate_chart/use_lens_definition';
+import { TimeRange } from '../../slo/error_rate_chart/use_lens_definition';
 import { BurnRateAlert } from '../types';
 import { getActionGroupWindow } from './alert';
 
diff --git a/x-pack/plugins/observability_solution/slo/public/components/good_bad_events_chart/good_bad_events_chart.tsx b/x-pack/plugins/observability_solution/slo/public/components/good_bad_events_chart/good_bad_events_chart.tsx
index ba3a201402e4f..31245a06b56d0 100644
--- a/x-pack/plugins/observability_solution/slo/public/components/good_bad_events_chart/good_bad_events_chart.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/components/good_bad_events_chart/good_bad_events_chart.tsx
@@ -24,7 +24,7 @@ import React, { useRef } from 'react';
 import { useAnnotations } from '@kbn/observability-plugin/public';
 import { TimeBounds } from '../../pages/slo_details/types';
 import { getBrushTimeBounds } from '../../utils/slo/duration';
-import { useKibana } from '../../utils/kibana_react';
+import { useKibana } from '../../hooks/use_kibana';
 import { openInDiscover } from '../../utils/slo/get_discover_link';
 
 export interface Props {
diff --git a/x-pack/plugins/observability_solution/slo/public/components/header_menu/header_menu.tsx b/x-pack/plugins/observability_solution/slo/public/components/header_menu/header_menu.tsx
index 1269dfb73afdb..bc01ed55acbdf 100644
--- a/x-pack/plugins/observability_solution/slo/public/components/header_menu/header_menu.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/components/header_menu/header_menu.tsx
@@ -9,7 +9,7 @@ import React from 'react';
 import { i18n } from '@kbn/i18n';
 import { EuiFlexGroup, EuiFlexItem, EuiHeaderLink, EuiHeaderLinks } from '@elastic/eui';
 import { HeaderMenuPortal } from '@kbn/observability-shared-plugin/public';
-import { useKibana } from '../../utils/kibana_react';
+import { useKibana } from '../../hooks/use_kibana';
 import { usePluginContext } from '../../hooks/use_plugin_context';
 import { SLOS_BASE_PATH, SLO_SETTINGS_PATH } from '../../../common/locators/paths';
 
diff --git a/x-pack/plugins/observability_solution/slo/public/components/slo/burn_rate/burn_rate.test.tsx b/x-pack/plugins/observability_solution/slo/public/components/slo/burn_rate/burn_rate.test.tsx
deleted file mode 100644
index 5185fa73758d1..0000000000000
--- a/x-pack/plugins/observability_solution/slo/public/components/slo/burn_rate/burn_rate.test.tsx
+++ /dev/null
@@ -1,36 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { screen } from '@testing-library/react';
-import React from 'react';
-
-import { buildSlo } from '../../../data/slo/slo';
-import { render } from '../../../utils/test_helper';
-import { BurnRate } from './burn_rate';
-
-describe('BurnRate', () => {
-  it("displays '--' when burn rate is 'undefined'", async () => {
-    const slo = buildSlo();
-    render(<BurnRate slo={slo} threshold={14.4} burnRate={undefined} isLoading={false} />);
-
-    expect(screen.queryByTestId('sloDetailsBurnRateStat')).toHaveTextContent('--');
-  });
-
-  it("displays the burn rate value when not 'undefined'", async () => {
-    const slo = buildSlo();
-    render(<BurnRate slo={slo} threshold={14.4} burnRate={3.4} isLoading={false} />);
-
-    expect(screen.queryByTestId('sloDetailsBurnRateStat')).toHaveTextContent('3.4x');
-  });
-
-  it("displays the burn rate value when '0'", async () => {
-    const slo = buildSlo();
-    render(<BurnRate slo={slo} threshold={14.4} burnRate={0} isLoading={false} />);
-
-    expect(screen.queryByTestId('sloDetailsBurnRateStat')).toHaveTextContent('0x');
-  });
-});
diff --git a/x-pack/plugins/observability_solution/slo/public/components/slo/burn_rate/burn_rate.tsx b/x-pack/plugins/observability_solution/slo/public/components/slo/burn_rate/burn_rate.tsx
deleted file mode 100644
index 9d32524a2ce58..0000000000000
--- a/x-pack/plugins/observability_solution/slo/public/components/slo/burn_rate/burn_rate.tsx
+++ /dev/null
@@ -1,112 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { EuiFlexGroup, EuiFlexItem, EuiPanel, EuiStat, EuiText, EuiTextColor } from '@elastic/eui';
-import numeral from '@elastic/numeral';
-import { i18n } from '@kbn/i18n';
-import { SLODefinitionResponse } from '@kbn/slo-schema';
-import moment from 'moment';
-import React from 'react';
-import { toDuration, toMinutes } from '../../../utils/slo/duration';
-
-export interface BurnRateParams {
-  slo: SLODefinitionResponse;
-  threshold: number;
-  burnRate?: number;
-  isLoading?: boolean;
-}
-
-type Status = 'NO_DATA' | 'BREACHED' | 'OK';
-
-function getTitleFromStatus(status: Status): string {
-  if (status === 'NO_DATA')
-    return i18n.translate('xpack.slo.burnRate.noDataStatusTitle', {
-      defaultMessage: 'No value',
-    });
-  if (status === 'BREACHED')
-    return i18n.translate('xpack.slo.burnRate.breachedStatustTitle', {
-      defaultMessage: 'Critical value breached',
-    });
-
-  return i18n.translate('xpack.slo.burnRate.okStatusTitle', {
-    defaultMessage: 'Acceptable value',
-  });
-}
-
-function getSubtitleFromStatus(
-  status: Status,
-  burnRate: number | undefined = 1,
-  slo: SLODefinitionResponse
-): string {
-  if (status === 'NO_DATA')
-    return i18n.translate('xpack.slo.burnRate.noDataStatusSubtitle', {
-      defaultMessage: 'Waiting for more data.',
-    });
-  if (status === 'BREACHED')
-    return i18n.translate('xpack.slo.burnRate.breachedStatustSubtitle', {
-      defaultMessage: 'At current rate, the error budget will be exhausted in {hour} hours.',
-      values: {
-        hour: numeral(
-          moment
-            .duration(toMinutes(toDuration(slo.timeWindow.duration)) / burnRate, 'minutes')
-            .asHours()
-        ).format('0'),
-      },
-    });
-
-  return i18n.translate('xpack.slo.burnRate.okStatusSubtitle', {
-    defaultMessage: 'There is no risk of error budget exhaustion.',
-  });
-}
-
-export function BurnRate({ threshold, burnRate, slo, isLoading }: BurnRateParams) {
-  const status: Status =
-    burnRate === undefined ? 'NO_DATA' : burnRate > threshold ? 'BREACHED' : 'OK';
-  const color = status === 'NO_DATA' ? 'subdued' : status === 'BREACHED' ? 'danger' : 'success';
-
-  return (
-    <EuiPanel color={color} hasShadow={false}>
-      <EuiFlexGroup justifyContent="spaceBetween" direction="column" style={{ minHeight: '100%' }}>
-        <EuiFlexGroup direction="column" gutterSize="xs">
-          <EuiFlexItem>
-            <EuiText color="default" size="m">
-              <h5>{getTitleFromStatus(status)}</h5>
-            </EuiText>
-          </EuiFlexItem>
-          <EuiFlexItem>
-            <EuiText color="subdued" size="s">
-              {getSubtitleFromStatus(status, burnRate, slo)}
-            </EuiText>
-          </EuiFlexItem>
-        </EuiFlexGroup>
-
-        <EuiFlexGroup direction="row" justifyContent="flexEnd" alignItems="flexEnd">
-          <EuiFlexItem grow={false}>
-            <EuiStat
-              title={burnRate !== undefined ? `${numeral(burnRate).format('0.[00]')}x` : '--'}
-              titleColor="default"
-              titleSize="s"
-              textAlign="right"
-              isLoading={isLoading}
-              data-test-subj="sloDetailsBurnRateStat"
-              description={
-                <EuiTextColor color="default">
-                  <span>
-                    {i18n.translate('xpack.slo.burnRate.threshold', {
-                      defaultMessage: 'Threshold is {threshold}x',
-                      values: { threshold: numeral(threshold).format('0.[00]') },
-                    })}
-                  </span>
-                </EuiTextColor>
-              }
-            />
-          </EuiFlexItem>
-        </EuiFlexGroup>
-      </EuiFlexGroup>
-    </EuiPanel>
-  );
-}
diff --git a/x-pack/plugins/observability_solution/slo/public/components/slo/burn_rate/burn_rate_header.tsx b/x-pack/plugins/observability_solution/slo/public/components/slo/burn_rate/burn_rate_header.tsx
deleted file mode 100644
index 4c878735a5857..0000000000000
--- a/x-pack/plugins/observability_solution/slo/public/components/slo/burn_rate/burn_rate_header.tsx
+++ /dev/null
@@ -1,59 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { EuiButtonGroup, EuiFlexGroup, EuiFlexItem, EuiTitle } from '@elastic/eui';
-import { i18n } from '@kbn/i18n';
-import React from 'react';
-import { SloTabId } from '../../../pages/slo_details/components/slo_details';
-import { BurnRateOption } from './burn_rates';
-interface Props {
-  burnRateOption: BurnRateOption;
-  setBurnRateOption: (option: BurnRateOption) => void;
-  burnRateOptions: BurnRateOption[];
-  selectedTabId: SloTabId;
-}
-export function BurnRateHeader({
-  burnRateOption,
-  burnRateOptions,
-  setBurnRateOption,
-  selectedTabId,
-}: Props) {
-  const onBurnRateOptionChange = (optionId: string) => {
-    const selected = burnRateOptions.find((opt) => opt.id === optionId) ?? burnRateOptions[0];
-    setBurnRateOption(selected);
-  };
-  return (
-    <EuiFlexGroup justifyContent="spaceBetween">
-      <EuiFlexItem grow={false}>
-        <EuiTitle size="xs">
-          <h2>
-            {i18n.translate('xpack.slo.burnRate.title', {
-              defaultMessage: 'Burn rate',
-            })}
-          </h2>
-        </EuiTitle>
-      </EuiFlexItem>
-      {selectedTabId !== 'history' && (
-        <EuiFlexItem grow={false}>
-          <EuiButtonGroup
-            legend={i18n.translate('xpack.slo.burnRate.timeRangeBtnLegend', {
-              defaultMessage: 'Select the time range',
-            })}
-            options={burnRateOptions.map((opt) => ({
-              id: opt.id,
-              label: opt.label,
-              'aria-label': opt.ariaLabel,
-            }))}
-            idSelected={burnRateOption.id}
-            onChange={onBurnRateOptionChange}
-            buttonSize="compressed"
-          />
-        </EuiFlexItem>
-      )}
-    </EuiFlexGroup>
-  );
-}
diff --git a/x-pack/plugins/observability_solution/slo/public/components/slo/burn_rate/burn_rates.tsx b/x-pack/plugins/observability_solution/slo/public/components/slo/burn_rate/burn_rates.tsx
deleted file mode 100644
index a6c02572d10fe..0000000000000
--- a/x-pack/plugins/observability_solution/slo/public/components/slo/burn_rate/burn_rates.tsx
+++ /dev/null
@@ -1,101 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { EuiFlexGroup, EuiFlexItem, EuiPanel } from '@elastic/eui';
-import { SLOWithSummaryResponse } from '@kbn/slo-schema';
-import moment from 'moment';
-import React, { useEffect, useState } from 'react';
-import { TimeBounds } from '../../../pages/slo_details/types';
-import { TimeRange } from '../error_rate_chart/use_lens_definition';
-import { SloTabId } from '../../../pages/slo_details/components/slo_details';
-import { BurnRateHeader } from './burn_rate_header';
-import { useFetchSloBurnRates } from '../../../hooks/use_fetch_slo_burn_rates';
-import { ErrorRateChart } from '../error_rate_chart';
-import { BurnRate } from './burn_rate';
-
-interface Props {
-  slo: SLOWithSummaryResponse;
-  isAutoRefreshing?: boolean;
-  burnRateOptions: BurnRateOption[];
-  selectedTabId: SloTabId;
-  range?: TimeRange;
-  onBrushed?: (timeBounds: TimeBounds) => void;
-}
-
-export interface BurnRateOption {
-  id: string;
-  label: string;
-  windowName: string;
-  threshold: number;
-  duration: number;
-  ariaLabel: string;
-}
-
-function getWindowsFromOptions(opts: BurnRateOption[]): Array<{ name: string; duration: string }> {
-  return opts.map((opt) => ({ name: opt.windowName, duration: `${opt.duration}h` }));
-}
-
-export function BurnRates({
-  slo,
-  isAutoRefreshing,
-  burnRateOptions,
-  selectedTabId,
-  range,
-  onBrushed,
-}: Props) {
-  const [burnRateOption, setBurnRateOption] = useState(burnRateOptions[0]);
-  const { isLoading, data } = useFetchSloBurnRates({
-    slo,
-    shouldRefetch: isAutoRefreshing,
-    windows: getWindowsFromOptions(burnRateOptions),
-  });
-
-  useEffect(() => {
-    if (burnRateOptions.length) {
-      setBurnRateOption(burnRateOptions[0]);
-    }
-  }, [burnRateOptions]);
-
-  const dataTimeRange = range ?? {
-    from: moment().subtract(burnRateOption.duration, 'hour').toDate(),
-    to: new Date(),
-  };
-
-  const threshold = burnRateOption.threshold;
-  const burnRate = data?.burnRates.find(
-    (curr) => curr.name === burnRateOption.windowName
-  )?.burnRate;
-
-  return (
-    <EuiPanel paddingSize="m" color="transparent" hasBorder data-test-subj="burnRatePanel">
-      <EuiFlexGroup direction="column" gutterSize="m">
-        <BurnRateHeader
-          burnRateOption={burnRateOption}
-          burnRateOptions={burnRateOptions}
-          setBurnRateOption={setBurnRateOption}
-          selectedTabId={selectedTabId}
-        />
-        <EuiFlexGroup direction="row" gutterSize="m">
-          {selectedTabId !== 'history' && (
-            <EuiFlexItem grow={1}>
-              <BurnRate threshold={threshold} burnRate={burnRate} slo={slo} isLoading={isLoading} />
-            </EuiFlexItem>
-          )}
-          <EuiFlexItem grow={3}>
-            <ErrorRateChart
-              slo={slo}
-              dataTimeRange={dataTimeRange}
-              threshold={threshold}
-              onBrushed={onBrushed}
-              selectedTabId={selectedTabId}
-            />
-          </EuiFlexItem>
-        </EuiFlexGroup>
-      </EuiFlexGroup>
-    </EuiPanel>
-  );
-}
diff --git a/x-pack/plugins/observability_solution/slo/public/components/slo/error_rate_chart/error_rate_chart.tsx b/x-pack/plugins/observability_solution/slo/public/components/slo/error_rate_chart/error_rate_chart.tsx
index 261359e1b8873..fad8077e7811e 100644
--- a/x-pack/plugins/observability_solution/slo/public/components/slo/error_rate_chart/error_rate_chart.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/components/slo/error_rate_chart/error_rate_chart.tsx
@@ -9,21 +9,19 @@ import { ViewMode } from '@kbn/embeddable-plugin/public';
 import { SLOWithSummaryResponse } from '@kbn/slo-schema';
 import moment from 'moment';
 import React from 'react';
-import { SloTabId } from '../../../pages/slo_details/components/slo_details';
 import { TimeBounds } from '../../../pages/slo_details/types';
-import { useKibana } from '../../../utils/kibana_react';
+import { useKibana } from '../../../hooks/use_kibana';
 import { getDelayInSecondsFromSLO } from '../../../utils/slo/get_delay_in_seconds_from_slo';
 import { AlertAnnotation, TimeRange, useLensDefinition } from './use_lens_definition';
 
 interface Props {
   slo: SLOWithSummaryResponse;
   dataTimeRange: TimeRange;
-  threshold: number;
+  threshold?: number;
   alertTimeRange?: TimeRange;
-  showErrorRateAsLine?: boolean;
   annotations?: AlertAnnotation[];
-  selectedTabId?: SloTabId;
   onBrushed?: (timeBounds: TimeBounds) => void;
+  variant?: 'success' | 'danger';
 }
 
 export function ErrorRateChart({
@@ -31,10 +29,9 @@ export function ErrorRateChart({
   dataTimeRange,
   threshold,
   alertTimeRange,
-  showErrorRateAsLine,
   annotations,
   onBrushed,
-  selectedTabId,
+  variant = 'success',
 }: Props) {
   const {
     lens: { EmbeddableComponent },
@@ -45,8 +42,7 @@ export function ErrorRateChart({
     alertTimeRange,
     dataTimeRange,
     annotations,
-    showErrorRateAsLine,
-    selectedTabId,
+    variant,
   });
   const delayInSeconds = getDelayInSecondsFromSLO(slo);
 
diff --git a/x-pack/plugins/observability_solution/slo/public/components/slo/error_rate_chart/use_lens_definition.ts b/x-pack/plugins/observability_solution/slo/public/components/slo/error_rate_chart/use_lens_definition.ts
index d562706f78129..db7eb43f71188 100644
--- a/x-pack/plugins/observability_solution/slo/public/components/slo/error_rate_chart/use_lens_definition.ts
+++ b/x-pack/plugins/observability_solution/slo/public/components/slo/error_rate_chart/use_lens_definition.ts
@@ -13,7 +13,6 @@ import { ALL_VALUE, SLOWithSummaryResponse } from '@kbn/slo-schema';
 import moment from 'moment';
 import { v4 as uuidv4 } from 'uuid';
 import { SLO_DESTINATION_INDEX_PATTERN } from '../../../../common/constants';
-import { SloTabId } from '../../../pages/slo_details/components/slo_details';
 import { getLensDefinitionInterval } from './utils';
 
 export interface TimeRange {
@@ -26,25 +25,27 @@ export interface AlertAnnotation {
   total: number;
 }
 
+interface Props {
+  slo: SLOWithSummaryResponse;
+  threshold?: number;
+  dataTimeRange: TimeRange;
+  alertTimeRange?: TimeRange;
+  annotations?: AlertAnnotation[];
+  variant: 'success' | 'danger';
+}
+
 export function useLensDefinition({
   slo,
   threshold,
   dataTimeRange,
   alertTimeRange,
   annotations,
-  showErrorRateAsLine,
-  selectedTabId,
-}: {
-  slo: SLOWithSummaryResponse;
-  threshold: number;
-  dataTimeRange: TimeRange;
-  alertTimeRange?: TimeRange;
-  annotations?: AlertAnnotation[];
-  showErrorRateAsLine?: boolean;
-  selectedTabId?: SloTabId;
-}): TypedLensByValueInput['attributes'] {
+  variant,
+}: Props): TypedLensByValueInput['attributes'] {
   const { euiTheme } = useEuiTheme();
 
+  const lineColor = variant === 'danger' ? euiTheme.colors.danger : euiTheme.colors.success;
+
   const interval = getLensDefinitionInterval(dataTimeRange, slo);
 
   return {
@@ -88,18 +89,18 @@ export function useLensDefinition({
             layerId: '8730e8af-7dac-430e-9cef-3b9989ff0866',
             accessors: ['9f69a7b0-34b9-4b76-9ff7-26dc1a06ec14'],
             position: 'top',
-            seriesType: !!showErrorRateAsLine ? 'line' : 'area',
+            seriesType: 'line',
             showGridlines: false,
             layerType: 'data',
             xAccessor: '627ded04-eae0-4437-83a1-bbb6138d2c3b',
             yConfig: [
               {
                 forAccessor: '9f69a7b0-34b9-4b76-9ff7-26dc1a06ec14',
-                color: !!showErrorRateAsLine ? euiTheme.colors.primary : euiTheme.colors.danger,
+                color: lineColor,
               },
             ],
           },
-          ...(selectedTabId !== 'history'
+          ...(threshold !== undefined
             ? [
                 {
                   layerId: '34298f84-681e-4fa3-8107-d6facb32ed92',
@@ -398,66 +399,69 @@ export function useLensDefinition({
               incompleteColumns: {},
               sampling: 1,
             },
-            '34298f84-681e-4fa3-8107-d6facb32ed92': {
-              linkToLayers: [],
-              columns: {
-                '0a42b72b-cd5a-4d59-81ec-847d97c268e6X0': {
-                  label: `Part of ${threshold}x`,
-                  dataType: 'number',
-                  operationType: 'math',
-                  isBucketed: false,
-                  scale: 'ratio',
-                  params: {
-                    // @ts-ignore
-                    tinymathAst: {
-                      type: 'function',
-                      name: 'multiply',
-                      args: [
-                        {
-                          type: 'function',
-                          name: 'subtract',
-                          args: [1, slo.objective.target],
-                          location: {
-                            min: 1,
-                            max: 9,
+
+            ...(threshold !== undefined && {
+              '34298f84-681e-4fa3-8107-d6facb32ed92': {
+                linkToLayers: [],
+                columns: {
+                  '0a42b72b-cd5a-4d59-81ec-847d97c268e6X0': {
+                    label: `Part of ${threshold}x`,
+                    dataType: 'number',
+                    operationType: 'math',
+                    isBucketed: false,
+                    scale: 'ratio',
+                    params: {
+                      // @ts-ignore
+                      tinymathAst: {
+                        type: 'function',
+                        name: 'multiply',
+                        args: [
+                          {
+                            type: 'function',
+                            name: 'subtract',
+                            args: [1, slo.objective.target],
+                            location: {
+                              min: 1,
+                              max: 9,
+                            },
+                            text: `1 - ${slo.objective.target}`,
                           },
-                          text: `1 - ${slo.objective.target}`,
+                          threshold,
+                        ],
+                        location: {
+                          min: 0,
+                          max: 17,
                         },
-                        threshold,
-                      ],
-                      location: {
-                        min: 0,
-                        max: 17,
+                        text: `(1 - ${slo.objective.target}) * ${threshold}`,
                       },
-                      text: `(1 - ${slo.objective.target}) * ${threshold}`,
                     },
+                    references: [],
+                    customLabel: true,
                   },
-                  references: [],
-                  customLabel: true,
-                },
-                '0a42b72b-cd5a-4d59-81ec-847d97c268e6': {
-                  label: `${numeral(threshold).format('0.[00]')}x`,
-                  dataType: 'number',
-                  operationType: 'formula',
-                  isBucketed: false,
-                  scale: 'ratio',
-                  params: {
-                    // @ts-ignore
-                    formula: `(1 - ${slo.objective.target}) * ${threshold}`,
-                    isFormulaBroken: false,
+                  '0a42b72b-cd5a-4d59-81ec-847d97c268e6': {
+                    label: `${numeral(threshold).format('0.[00]')}x`,
+                    dataType: 'number',
+                    operationType: 'formula',
+                    isBucketed: false,
+                    scale: 'ratio',
+                    params: {
+                      // @ts-ignore
+                      formula: `(1 - ${slo.objective.target}) * ${threshold}`,
+                      isFormulaBroken: false,
+                    },
+                    references: ['0a42b72b-cd5a-4d59-81ec-847d97c268e6X0'],
+                    customLabel: true,
                   },
-                  references: ['0a42b72b-cd5a-4d59-81ec-847d97c268e6X0'],
-                  customLabel: true,
                 },
+                columnOrder: [
+                  '0a42b72b-cd5a-4d59-81ec-847d97c268e6',
+                  '0a42b72b-cd5a-4d59-81ec-847d97c268e6X0',
+                ],
+                sampling: 1,
+                ignoreGlobalFilters: false,
+                incompleteColumns: {},
               },
-              columnOrder: [
-                '0a42b72b-cd5a-4d59-81ec-847d97c268e6',
-                '0a42b72b-cd5a-4d59-81ec-847d97c268e6X0',
-              ],
-              sampling: 1,
-              ignoreGlobalFilters: false,
-              incompleteColumns: {},
-            },
+            }),
           },
         },
         indexpattern: {
diff --git a/x-pack/plugins/observability_solution/slo/public/components/slo/slo_outdated_callout/index.tsx b/x-pack/plugins/observability_solution/slo/public/components/slo/slo_outdated_callout/index.tsx
index 8495c43d677b3..e6b235898fa74 100644
--- a/x-pack/plugins/observability_solution/slo/public/components/slo/slo_outdated_callout/index.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/components/slo/slo_outdated_callout/index.tsx
@@ -8,7 +8,7 @@ import { EuiButton, EuiCallOut, EuiSpacer } from '@elastic/eui';
 import React from 'react';
 import { i18n } from '@kbn/i18n';
 import { FormattedMessage } from '@kbn/i18n-react';
-import { useKibana } from '../../../utils/kibana_react';
+import { useKibana } from '../../../hooks/use_kibana';
 import { useFetchSloDefinitions } from '../../../hooks/use_fetch_slo_definitions';
 import { paths } from '../../../../common/locators/paths';
 
diff --git a/x-pack/plugins/observability_solution/slo/public/components/slo/slo_status_badge/slo_active_alerts_badge.tsx b/x-pack/plugins/observability_solution/slo/public/components/slo/slo_status_badge/slo_active_alerts_badge.tsx
index 3c01e57faa398..bfa15ce490ab4 100644
--- a/x-pack/plugins/observability_solution/slo/public/components/slo/slo_status_badge/slo_active_alerts_badge.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/components/slo/slo_status_badge/slo_active_alerts_badge.tsx
@@ -10,7 +10,7 @@ import { i18n } from '@kbn/i18n';
 import React, { MouseEvent } from 'react';
 import { SLOWithSummaryResponse } from '@kbn/slo-schema';
 import { observabilityPaths } from '@kbn/observability-plugin/common';
-import { useKibana } from '../../../utils/kibana_react';
+import { useKibana } from '../../../hooks/use_kibana';
 
 export interface Props {
   viewMode?: 'compact' | 'default';
diff --git a/x-pack/plugins/observability_solution/slo/public/constants.ts b/x-pack/plugins/observability_solution/slo/public/constants.ts
index 07b79e5505736..ecd07f6209943 100644
--- a/x-pack/plugins/observability_solution/slo/public/constants.ts
+++ b/x-pack/plugins/observability_solution/slo/public/constants.ts
@@ -5,4 +5,3 @@
  * 2.0.
  */
 export const SLO_LONG_REFETCH_INTERVAL = 60 * 1000; // 1 minute
-export const SLO_SHORT_REFETCH_INTERVAL = 5 * 1000; // 5 seconds
diff --git a/x-pack/plugins/observability_solution/slo/public/context/plugin_context.tsx b/x-pack/plugins/observability_solution/slo/public/context/plugin_context.tsx
index b61ccb8085a12..c0818cdea116e 100644
--- a/x-pack/plugins/observability_solution/slo/public/context/plugin_context.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/context/plugin_context.tsx
@@ -10,6 +10,7 @@ import type { AppMountParameters } from '@kbn/core/public';
 import type { LazyObservabilityPageTemplateProps } from '@kbn/observability-shared-plugin/public';
 import type { ObservabilityRuleTypeRegistry } from '@kbn/observability-plugin/public';
 import { ExperimentalFeatures } from '../../common/config';
+import type { SLORepositoryClient } from '../types';
 
 export interface PluginContextValue {
   isDev?: boolean;
@@ -18,6 +19,7 @@ export interface PluginContextValue {
   observabilityRuleTypeRegistry: ObservabilityRuleTypeRegistry;
   ObservabilityPageTemplate: React.ComponentType<LazyObservabilityPageTemplateProps>;
   experimentalFeatures?: ExperimentalFeatures;
+  sloClient: SLORepositoryClient;
 }
 
 export const PluginContext = createContext<PluginContextValue | null>(null);
diff --git a/x-pack/plugins/observability_solution/slo/public/embeddable/slo/alerts/slo_alerts_embeddable_factory.tsx b/x-pack/plugins/observability_solution/slo/public/embeddable/slo/alerts/slo_alerts_embeddable_factory.tsx
index 24c29a20f1e6f..c3a505463e885 100644
--- a/x-pack/plugins/observability_solution/slo/public/embeddable/slo/alerts/slo_alerts_embeddable_factory.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/embeddable/slo/alerts/slo_alerts_embeddable_factory.tsx
@@ -5,27 +5,28 @@
  * 2.0.
  */
 
-import { i18n } from '@kbn/i18n';
-import React, { useEffect } from 'react';
-import { Router } from '@kbn/shared-ux-router';
-import { BehaviorSubject, Subject } from 'rxjs';
+import type { CoreStart } from '@kbn/core-lifecycle-browser';
 import { ReactEmbeddableFactory } from '@kbn/embeddable-plugin/public';
+import { i18n } from '@kbn/i18n';
+import { KibanaContextProvider } from '@kbn/kibana-react-plugin/public';
+import { Storage } from '@kbn/kibana-utils-plugin/public';
 import {
+  FetchContext,
+  fetch$,
   initializeTitles,
   useBatchedPublishingSubjects,
-  fetch$,
-  FetchContext,
   useFetchContext,
 } from '@kbn/presentation-publishing';
-import { KibanaContextProvider } from '@kbn/kibana-react-plugin/public';
+import { Router } from '@kbn/shared-ux-router';
 import { QueryClient, QueryClientProvider } from '@tanstack/react-query';
 import { createBrowserHistory } from 'history';
-import { Storage } from '@kbn/kibana-utils-plugin/public';
-import type { StartServicesAccessor } from '@kbn/core-lifecycle-browser';
+import React, { useEffect } from 'react';
+import { BehaviorSubject, Subject } from 'rxjs';
+import { PluginContext } from '../../../context/plugin_context';
+import { SLOPublicPluginsStart, SLORepositoryClient } from '../../../types';
 import { SLO_ALERTS_EMBEDDABLE_ID } from './constants';
-import { SloAlertsEmbeddableState, SloAlertsApi } from './types';
-import { SloPublicPluginsStart, SloPublicStart } from '../../../types';
 import { SloAlertsWrapper } from './slo_alerts_wrapper';
+import { SloAlertsApi, SloAlertsEmbeddableState } from './types';
 const history = createBrowserHistory();
 const queryClient = new QueryClient();
 
@@ -34,10 +35,17 @@ export const getAlertsPanelTitle = () =>
     defaultMessage: 'SLO Alerts',
   });
 
-export function getAlertsEmbeddableFactory(
-  getStartServices: StartServicesAccessor<SloPublicPluginsStart, SloPublicStart>,
-  kibanaVersion: string
-) {
+export function getAlertsEmbeddableFactory({
+  coreStart,
+  pluginsStart,
+  sloClient,
+  kibanaVersion,
+}: {
+  coreStart: CoreStart;
+  pluginsStart: SLOPublicPluginsStart;
+  sloClient: SLORepositoryClient;
+  kibanaVersion: string;
+}) {
   const factory: ReactEmbeddableFactory<
     SloAlertsEmbeddableState,
     SloAlertsEmbeddableState,
@@ -48,15 +56,15 @@ export function getAlertsEmbeddableFactory(
       return state.rawState as SloAlertsEmbeddableState;
     },
     buildEmbeddable: async (state, buildApi, uuid, parentApi) => {
-      const [coreStart, pluginStart] = await getStartServices();
-      const deps = { ...coreStart, ...pluginStart };
+      const deps = { ...coreStart, ...pluginsStart };
       async function onEdit() {
         try {
           const { openSloConfiguration } = await import('./slo_alerts_open_configuration');
 
           const result = await openSloConfiguration(
             coreStart,
-            pluginStart,
+            pluginsStart,
+            sloClient,
             api.getSloAlertsConfig()
           );
           api.updateSloAlertsConfig(result);
@@ -143,18 +151,28 @@ export function getAlertsEmbeddableFactory(
                   kibanaVersion,
                 }}
               >
-                <Router history={history}>
-                  <QueryClientProvider client={queryClient}>
-                    <SloAlertsWrapper
-                      onEdit={onEdit}
-                      deps={deps}
-                      slos={slos}
-                      timeRange={fetchContext.timeRange ?? { from: 'now-15m/m', to: 'now' }}
-                      reloadSubject={reload$}
-                      showAllGroupByInstances={showAllGroupByInstances}
-                    />
-                  </QueryClientProvider>
-                </Router>
+                <PluginContext.Provider
+                  value={{
+                    observabilityRuleTypeRegistry:
+                      pluginsStart.observability.observabilityRuleTypeRegistry,
+                    ObservabilityPageTemplate:
+                      pluginsStart.observabilityShared.navigation.PageTemplate,
+                    sloClient,
+                  }}
+                >
+                  <Router history={history}>
+                    <QueryClientProvider client={queryClient}>
+                      <SloAlertsWrapper
+                        onEdit={onEdit}
+                        deps={deps}
+                        slos={slos}
+                        timeRange={fetchContext.timeRange ?? { from: 'now-15m/m', to: 'now' }}
+                        reloadSubject={reload$}
+                        showAllGroupByInstances={showAllGroupByInstances}
+                      />
+                    </QueryClientProvider>
+                  </Router>
+                </PluginContext.Provider>
               </KibanaContextProvider>
             </I18nContext>
           );
diff --git a/x-pack/plugins/observability_solution/slo/public/embeddable/slo/alerts/slo_alerts_open_configuration.tsx b/x-pack/plugins/observability_solution/slo/public/embeddable/slo/alerts/slo_alerts_open_configuration.tsx
index 655ad9e3d35ab..c4a8c3886e14f 100644
--- a/x-pack/plugins/observability_solution/slo/public/embeddable/slo/alerts/slo_alerts_open_configuration.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/embeddable/slo/alerts/slo_alerts_open_configuration.tsx
@@ -4,17 +4,21 @@
  * 2.0; you may not use this file except in compliance with the Elastic License
  * 2.0.
  */
-import React from 'react';
 import type { CoreStart } from '@kbn/core/public';
-import { QueryClient, QueryClientProvider } from '@tanstack/react-query';
-import { toMountPoint } from '@kbn/react-kibana-mount';
 import { KibanaContextProvider } from '@kbn/kibana-react-plugin/public';
-import { SloPublicPluginsStart } from '../../..';
+import { toMountPoint } from '@kbn/react-kibana-mount';
+import { QueryClient, QueryClientProvider } from '@tanstack/react-query';
+import React from 'react';
+import { SLOPublicPluginsStart } from '../../..';
+import { PluginContext } from '../../../context/plugin_context';
+import { SLORepositoryClient } from '../../../types';
 import { SloConfiguration } from './slo_configuration';
 import type { EmbeddableSloProps } from './types';
+
 export async function openSloConfiguration(
   coreStart: CoreStart,
-  pluginStart: SloPublicPluginsStart,
+  pluginsStart: SLOPublicPluginsStart,
+  sloClient: SLORepositoryClient,
   initialState?: EmbeddableSloProps
 ): Promise<EmbeddableSloProps> {
   const { overlays } = coreStart;
@@ -26,22 +30,31 @@ export async function openSloConfiguration(
           <KibanaContextProvider
             services={{
               ...coreStart,
-              ...pluginStart,
+              ...pluginsStart,
             }}
           >
-            <QueryClientProvider client={queryClient}>
-              <SloConfiguration
-                initialInput={initialState}
-                onCreate={(update: EmbeddableSloProps) => {
-                  flyoutSession.close();
-                  resolve(update);
-                }}
-                onCancel={() => {
-                  flyoutSession.close();
-                  reject();
-                }}
-              />
-            </QueryClientProvider>
+            <PluginContext.Provider
+              value={{
+                observabilityRuleTypeRegistry:
+                  pluginsStart.observability.observabilityRuleTypeRegistry,
+                ObservabilityPageTemplate: pluginsStart.observabilityShared.navigation.PageTemplate,
+                sloClient,
+              }}
+            >
+              <QueryClientProvider client={queryClient}>
+                <SloConfiguration
+                  initialInput={initialState}
+                  onCreate={(update: EmbeddableSloProps) => {
+                    flyoutSession.close();
+                    resolve(update);
+                  }}
+                  onCancel={() => {
+                    flyoutSession.close();
+                    reject();
+                  }}
+                />
+              </QueryClientProvider>
+            </PluginContext.Provider>
           </KibanaContextProvider>,
           coreStart
         )
diff --git a/x-pack/plugins/observability_solution/slo/public/embeddable/slo/burn_rate/burn_rate_react_embeddable_factory.tsx b/x-pack/plugins/observability_solution/slo/public/embeddable/slo/burn_rate/burn_rate_react_embeddable_factory.tsx
index d0370877b511e..5cceab9fa10d8 100644
--- a/x-pack/plugins/observability_solution/slo/public/embeddable/slo/burn_rate/burn_rate_react_embeddable_factory.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/embeddable/slo/burn_rate/burn_rate_react_embeddable_factory.tsx
@@ -4,31 +4,40 @@
  * 2.0; you may not use this file except in compliance with the Elastic License
  * 2.0.
  */
-import { i18n } from '@kbn/i18n';
-import React, { useEffect } from 'react';
-import { Router } from '@kbn/shared-ux-router';
-import { createBrowserHistory } from 'history';
 import { ReactEmbeddableFactory } from '@kbn/embeddable-plugin/public';
+import { i18n } from '@kbn/i18n';
+import { KibanaContextProvider } from '@kbn/kibana-react-plugin/public';
 import {
+  fetch$,
   initializeTitles,
   useBatchedPublishingSubjects,
-  fetch$,
 } from '@kbn/presentation-publishing';
-import { BehaviorSubject, Subject } from 'rxjs';
-import { KibanaContextProvider } from '@kbn/kibana-react-plugin/public';
+import { Router } from '@kbn/shared-ux-router';
 import { QueryClient, QueryClientProvider } from '@tanstack/react-query';
-import { SLO_BURN_RATE_EMBEDDABLE_ID } from './constants';
-import { SloBurnRateEmbeddableState, SloEmbeddableDeps, BurnRateApi } from './types';
+import { createBrowserHistory } from 'history';
+import React, { useEffect } from 'react';
+import { BehaviorSubject, Subject } from 'rxjs';
+import { CoreStart } from '@kbn/core-lifecycle-browser';
 import { BurnRate } from './burn_rate';
+import { SLO_BURN_RATE_EMBEDDABLE_ID } from './constants';
+import { BurnRateApi, SloBurnRateEmbeddableState } from './types';
+import type { SLOPublicPluginsStart, SLORepositoryClient } from '../../../types';
+import { PluginContext } from '../../../context/plugin_context';
 
-export const getTitle = () =>
+const getTitle = () =>
   i18n.translate('xpack.slo.burnRateEmbeddable.title', {
     defaultMessage: 'SLO Burn Rate',
   });
 
-const queryClient = new QueryClient();
-
-export const getBurnRateEmbeddableFactory = (deps: SloEmbeddableDeps) => {
+export const getBurnRateEmbeddableFactory = ({
+  coreStart,
+  pluginsStart,
+  sloClient,
+}: {
+  coreStart: CoreStart;
+  pluginsStart: SLOPublicPluginsStart;
+  sloClient: SLORepositoryClient;
+}) => {
   const factory: ReactEmbeddableFactory<
     SloBurnRateEmbeddableState,
     SloBurnRateEmbeddableState,
@@ -39,6 +48,7 @@ export const getBurnRateEmbeddableFactory = (deps: SloEmbeddableDeps) => {
       return state.rawState as SloBurnRateEmbeddableState;
     },
     buildEmbeddable: async (state, buildApi, uuid, parentApi) => {
+      const deps = { ...coreStart, ...pluginsStart };
       const { titlesApi, titleComparators, serializeTitles } = initializeTitles(state);
       const defaultTitle$ = new BehaviorSubject<string | undefined>(getTitle());
       const sloId$ = new BehaviorSubject(state.sloId);
@@ -84,18 +94,26 @@ export const getBurnRateEmbeddableFactory = (deps: SloEmbeddableDeps) => {
             duration$
           );
 
-          const I18nContext = deps.i18n.Context;
-
           useEffect(() => {
             return () => {
               fetchSubscription.unsubscribe();
             };
           }, []);
 
+          const queryClient = new QueryClient();
+
           return (
-            <I18nContext>
-              <Router history={createBrowserHistory()}>
-                <KibanaContextProvider services={deps}>
+            <Router history={createBrowserHistory()}>
+              <KibanaContextProvider services={deps}>
+                <PluginContext.Provider
+                  value={{
+                    observabilityRuleTypeRegistry:
+                      pluginsStart.observability.observabilityRuleTypeRegistry,
+                    ObservabilityPageTemplate:
+                      pluginsStart.observabilityShared.navigation.PageTemplate,
+                    sloClient,
+                  }}
+                >
                   <QueryClientProvider client={queryClient}>
                     <BurnRate
                       sloId={sloId}
@@ -104,9 +122,9 @@ export const getBurnRateEmbeddableFactory = (deps: SloEmbeddableDeps) => {
                       reloadSubject={reload$}
                     />
                   </QueryClientProvider>
-                </KibanaContextProvider>
-              </Router>
-            </I18nContext>
+                </PluginContext.Provider>
+              </KibanaContextProvider>
+            </Router>
           );
         },
       };
diff --git a/x-pack/plugins/observability_solution/slo/public/embeddable/slo/burn_rate/open_configuration.tsx b/x-pack/plugins/observability_solution/slo/public/embeddable/slo/burn_rate/open_configuration.tsx
index e8a7777b29a62..8a881b417bb64 100644
--- a/x-pack/plugins/observability_solution/slo/public/embeddable/slo/burn_rate/open_configuration.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/embeddable/slo/burn_rate/open_configuration.tsx
@@ -10,13 +10,16 @@ import { KibanaContextProvider } from '@kbn/kibana-react-plugin/public';
 import { toMountPoint } from '@kbn/react-kibana-mount';
 import { QueryClient, QueryClientProvider } from '@tanstack/react-query';
 import React from 'react';
-import { SloPublicPluginsStart } from '../../..';
+import { SLOPublicPluginsStart } from '../../..';
+import { PluginContext } from '../../../context/plugin_context';
+import { SLORepositoryClient } from '../../../types';
 import { Configuration } from './configuration';
 import type { EmbeddableProps, SloBurnRateEmbeddableState } from './types';
 
 export async function openConfiguration(
   coreStart: CoreStart,
-  pluginStart: SloPublicPluginsStart,
+  pluginsStart: SLOPublicPluginsStart,
+  sloClient: SLORepositoryClient,
   initialState?: SloBurnRateEmbeddableState
 ): Promise<EmbeddableProps> {
   const { overlays } = coreStart;
@@ -28,21 +31,30 @@ export async function openConfiguration(
           <KibanaContextProvider
             services={{
               ...coreStart,
-              ...pluginStart,
+              ...pluginsStart,
             }}
           >
-            <QueryClientProvider client={queryClient}>
-              <Configuration
-                onCreate={(update: EmbeddableProps) => {
-                  flyoutSession.close();
-                  resolve(update);
-                }}
-                onCancel={() => {
-                  flyoutSession.close();
-                  reject();
-                }}
-              />
-            </QueryClientProvider>
+            <PluginContext.Provider
+              value={{
+                observabilityRuleTypeRegistry:
+                  pluginsStart.observability.observabilityRuleTypeRegistry,
+                ObservabilityPageTemplate: pluginsStart.observabilityShared.navigation.PageTemplate,
+                sloClient,
+              }}
+            >
+              <QueryClientProvider client={queryClient}>
+                <Configuration
+                  onCreate={(update: EmbeddableProps) => {
+                    flyoutSession.close();
+                    resolve(update);
+                  }}
+                  onCancel={() => {
+                    flyoutSession.close();
+                    reject();
+                  }}
+                />
+              </QueryClientProvider>
+            </PluginContext.Provider>
           </KibanaContextProvider>,
           coreStart
         )
diff --git a/x-pack/plugins/observability_solution/slo/public/embeddable/slo/common/slo_embeddable_context.tsx b/x-pack/plugins/observability_solution/slo/public/embeddable/slo/common/slo_embeddable_context.tsx
deleted file mode 100644
index acb0897b07e71..0000000000000
--- a/x-pack/plugins/observability_solution/slo/public/embeddable/slo/common/slo_embeddable_context.tsx
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-import React from 'react';
-import { Router } from '@kbn/shared-ux-router';
-import { createBrowserHistory } from 'history';
-import { EuiThemeProvider } from '@kbn/kibana-react-plugin/common';
-import { KibanaContextProvider } from '@kbn/kibana-react-plugin/public';
-import { QueryClient, QueryClientProvider } from '@tanstack/react-query';
-import { PluginContext } from '../../../context/plugin_context';
-import { SloEmbeddableDeps } from '../overview/types';
-
-const queryClient = new QueryClient();
-
-export interface SloEmbeddableContextProps {
-  deps: SloEmbeddableDeps;
-  children: React.ReactNode;
-}
-
-export function SloEmbeddableContext({ deps, children }: SloEmbeddableContextProps) {
-  const { observabilityRuleTypeRegistry } = deps.observability;
-  const { navigation } = deps.observabilityShared;
-
-  return (
-    <Router history={createBrowserHistory()}>
-      <EuiThemeProvider darkMode={true}>
-        <KibanaContextProvider services={deps}>
-          <PluginContext.Provider
-            value={{
-              observabilityRuleTypeRegistry,
-              ObservabilityPageTemplate: navigation.PageTemplate,
-            }}
-          >
-            <QueryClientProvider client={queryClient}>{children}</QueryClientProvider>
-          </PluginContext.Provider>
-        </KibanaContextProvider>
-      </EuiThemeProvider>
-    </Router>
-  );
-}
diff --git a/x-pack/plugins/observability_solution/slo/public/embeddable/slo/common/slo_overview_details.tsx b/x-pack/plugins/observability_solution/slo/public/embeddable/slo/common/slo_overview_details.tsx
index 5bfc07f3562bd..3cb5b18aab4a5 100644
--- a/x-pack/plugins/observability_solution/slo/public/embeddable/slo/common/slo_overview_details.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/embeddable/slo/common/slo_overview_details.tsx
@@ -4,7 +4,6 @@
  * 2.0; you may not use this file except in compliance with the Elastic License
  * 2.0.
  */
-import { i18n } from '@kbn/i18n';
 
 import {
   EuiButton,
@@ -14,22 +13,23 @@ import {
   EuiFlyoutBody,
   EuiFlyoutFooter,
   EuiFlyoutHeader,
-  EuiTitle,
-  EuiTabs,
-  EuiTab,
   EuiSpacer,
+  EuiTab,
+  EuiTabs,
+  EuiTitle,
 } from '@elastic/eui';
-import React, { useState } from 'react';
+import { i18n } from '@kbn/i18n';
 import { SLOWithSummaryResponse } from '@kbn/slo-schema';
-import { useKibana } from '../../../utils/kibana_react';
-import { useSloDetailsTabs } from '../../../pages/slo_details/hooks/use_slo_details_tabs';
+import React, { useState } from 'react';
 import { HeaderTitle } from '../../../pages/slo_details/components/header_title';
-import { getSloFormattedSummary } from '../../../pages/slos/hooks/use_slo_summary';
 import {
   OVERVIEW_TAB_ID,
   SloDetails,
   SloTabId,
 } from '../../../pages/slo_details/components/slo_details';
+import { useSloDetailsTabs } from '../../../pages/slo_details/hooks/use_slo_details_tabs';
+import { getSloFormattedSummary } from '../../../pages/slos/hooks/use_slo_summary';
+import { useKibana } from '../../../hooks/use_kibana';
 
 export function SloOverviewDetails({
   slo,
diff --git a/x-pack/plugins/observability_solution/slo/public/embeddable/slo/error_budget/error_budget_open_configuration.tsx b/x-pack/plugins/observability_solution/slo/public/embeddable/slo/error_budget/error_budget_open_configuration.tsx
index 6798b7b9c46a6..79e1e1eafe2a9 100644
--- a/x-pack/plugins/observability_solution/slo/public/embeddable/slo/error_budget/error_budget_open_configuration.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/embeddable/slo/error_budget/error_budget_open_configuration.tsx
@@ -4,17 +4,21 @@
  * 2.0; you may not use this file except in compliance with the Elastic License
  * 2.0.
  */
-import React from 'react';
 import type { CoreStart } from '@kbn/core/public';
-import { QueryClient, QueryClientProvider } from '@tanstack/react-query';
-import { toMountPoint } from '@kbn/react-kibana-mount';
 import { KibanaContextProvider } from '@kbn/kibana-react-plugin/public';
-import { SloPublicPluginsStart } from '../../..';
+import { toMountPoint } from '@kbn/react-kibana-mount';
+import { QueryClient, QueryClientProvider } from '@tanstack/react-query';
+import React from 'react';
+import { SLOPublicPluginsStart } from '../../..';
+import { PluginContext } from '../../../context/plugin_context';
 import { SloConfiguration } from './slo_configuration';
-import type { SloErrorBudgetEmbeddableState, EmbeddableSloProps } from './types';
+import type { EmbeddableSloProps, SloErrorBudgetEmbeddableState } from './types';
+import { SLORepositoryClient } from '../../../types';
+
 export async function openSloConfiguration(
   coreStart: CoreStart,
-  pluginStart: SloPublicPluginsStart,
+  pluginsStart: SLOPublicPluginsStart,
+  sloClient: SLORepositoryClient,
   initialState?: SloErrorBudgetEmbeddableState
 ): Promise<EmbeddableSloProps> {
   const { overlays } = coreStart;
@@ -26,21 +30,30 @@ export async function openSloConfiguration(
           <KibanaContextProvider
             services={{
               ...coreStart,
-              ...pluginStart,
+              ...pluginsStart,
             }}
           >
-            <QueryClientProvider client={queryClient}>
-              <SloConfiguration
-                onCreate={(update: EmbeddableSloProps) => {
-                  flyoutSession.close();
-                  resolve(update);
-                }}
-                onCancel={() => {
-                  flyoutSession.close();
-                  reject();
-                }}
-              />
-            </QueryClientProvider>
+            <PluginContext.Provider
+              value={{
+                observabilityRuleTypeRegistry:
+                  pluginsStart.observability.observabilityRuleTypeRegistry,
+                ObservabilityPageTemplate: pluginsStart.observabilityShared.navigation.PageTemplate,
+                sloClient,
+              }}
+            >
+              <QueryClientProvider client={queryClient}>
+                <SloConfiguration
+                  onCreate={(update: EmbeddableSloProps) => {
+                    flyoutSession.close();
+                    resolve(update);
+                  }}
+                  onCancel={() => {
+                    flyoutSession.close();
+                    reject();
+                  }}
+                />
+              </QueryClientProvider>
+            </PluginContext.Provider>
           </KibanaContextProvider>,
           coreStart
         )
diff --git a/x-pack/plugins/observability_solution/slo/public/embeddable/slo/error_budget/error_budget_react_embeddable_factory.tsx b/x-pack/plugins/observability_solution/slo/public/embeddable/slo/error_budget/error_budget_react_embeddable_factory.tsx
index 6d01995fb8191..b76152124825d 100644
--- a/x-pack/plugins/observability_solution/slo/public/embeddable/slo/error_budget/error_budget_react_embeddable_factory.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/embeddable/slo/error_budget/error_budget_react_embeddable_factory.tsx
@@ -4,30 +4,40 @@
  * 2.0; you may not use this file except in compliance with the Elastic License
  * 2.0.
  */
-import { i18n } from '@kbn/i18n';
-import React, { useEffect } from 'react';
-import { Router } from '@kbn/shared-ux-router';
-import { createBrowserHistory } from 'history';
+import { CoreStart } from '@kbn/core-lifecycle-browser';
 import { ReactEmbeddableFactory } from '@kbn/embeddable-plugin/public';
+import { i18n } from '@kbn/i18n';
+import { KibanaContextProvider } from '@kbn/kibana-react-plugin/public';
 import {
+  fetch$,
   initializeTitles,
   useBatchedPublishingSubjects,
-  fetch$,
 } from '@kbn/presentation-publishing';
-import { BehaviorSubject, Subject } from 'rxjs';
-import { KibanaContextProvider } from '@kbn/kibana-react-plugin/public';
+import { Router } from '@kbn/shared-ux-router';
 import { QueryClient, QueryClientProvider } from '@tanstack/react-query';
+import { createBrowserHistory } from 'history';
+import React, { useEffect } from 'react';
+import { BehaviorSubject, Subject } from 'rxjs';
+import { PluginContext } from '../../../context/plugin_context';
+import { SLOPublicPluginsStart, SLORepositoryClient } from '../../../types';
 import { SLO_ERROR_BUDGET_ID } from './constants';
-import { SloErrorBudgetEmbeddableState, SloEmbeddableDeps, ErrorBudgetApi } from './types';
 import { SloErrorBudget } from './error_budget_burn_down';
+import { ErrorBudgetApi, SloErrorBudgetEmbeddableState } from './types';
 
-export const getErrorBudgetPanelTitle = () =>
+const getErrorBudgetPanelTitle = () =>
   i18n.translate('xpack.slo.errorBudgetEmbeddable.title', {
     defaultMessage: 'SLO Error Budget burn down',
   });
-const queryClient = new QueryClient();
 
-export const getErrorBudgetEmbeddableFactory = (deps: SloEmbeddableDeps) => {
+export const getErrorBudgetEmbeddableFactory = ({
+  coreStart,
+  pluginsStart,
+  sloClient,
+}: {
+  coreStart: CoreStart;
+  pluginsStart: SLOPublicPluginsStart;
+  sloClient: SLORepositoryClient;
+}) => {
   const factory: ReactEmbeddableFactory<
     SloErrorBudgetEmbeddableState,
     SloErrorBudgetEmbeddableState,
@@ -38,6 +48,7 @@ export const getErrorBudgetEmbeddableFactory = (deps: SloEmbeddableDeps) => {
       return state.rawState as SloErrorBudgetEmbeddableState;
     },
     buildEmbeddable: async (state, buildApi, uuid, parentApi) => {
+      const deps = { ...coreStart, ...pluginsStart };
       const { titlesApi, titleComparators, serializeTitles } = initializeTitles(state);
       const defaultTitle$ = new BehaviorSubject<string | undefined>(getErrorBudgetPanelTitle());
       const sloId$ = new BehaviorSubject(state.sloId);
@@ -76,18 +87,26 @@ export const getErrorBudgetEmbeddableFactory = (deps: SloEmbeddableDeps) => {
         Component: () => {
           const [sloId, sloInstanceId] = useBatchedPublishingSubjects(sloId$, sloInstanceId$);
 
-          const I18nContext = deps.i18n.Context;
-
           useEffect(() => {
             return () => {
               fetchSubscription.unsubscribe();
             };
           }, []);
 
+          const queryClient = new QueryClient();
+
           return (
-            <I18nContext>
-              <Router history={createBrowserHistory()}>
-                <KibanaContextProvider services={deps}>
+            <Router history={createBrowserHistory()}>
+              <KibanaContextProvider services={deps}>
+                <PluginContext.Provider
+                  value={{
+                    observabilityRuleTypeRegistry:
+                      pluginsStart.observability.observabilityRuleTypeRegistry,
+                    ObservabilityPageTemplate:
+                      pluginsStart.observabilityShared.navigation.PageTemplate,
+                    sloClient,
+                  }}
+                >
                   <QueryClientProvider client={queryClient}>
                     <SloErrorBudget
                       sloId={sloId}
@@ -95,9 +114,9 @@ export const getErrorBudgetEmbeddableFactory = (deps: SloEmbeddableDeps) => {
                       reloadSubject={reload$}
                     />
                   </QueryClientProvider>
-                </KibanaContextProvider>
-              </Router>
-            </I18nContext>
+                </PluginContext.Provider>
+              </KibanaContextProvider>
+            </Router>
           );
         },
       };
diff --git a/x-pack/plugins/observability_solution/slo/public/embeddable/slo/overview/group_view/slo_group_filters.tsx b/x-pack/plugins/observability_solution/slo/public/embeddable/slo/overview/group_view/slo_group_filters.tsx
index 2f32d360853bb..d9995adfc412c 100644
--- a/x-pack/plugins/observability_solution/slo/public/embeddable/slo/overview/group_view/slo_group_filters.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/embeddable/slo/overview/group_view/slo_group_filters.tsx
@@ -15,8 +15,8 @@ import { SLO_SUMMARY_DESTINATION_INDEX_NAME } from '../../../../../common/consta
 import { useCreateDataView } from '../../../../hooks/use_create_data_view';
 import { useFetchSloGroups } from '../../../../hooks/use_fetch_slo_groups';
 import { SLI_OPTIONS } from '../../../../pages/slo_edit/constants';
-import { useGetSettings } from '../../../../pages/slo_settings/use_get_settings';
-import { useKibana } from '../../../../utils/kibana_react';
+import { useGetSettings } from '../../../../pages/slo_settings/hooks/use_get_settings';
+import { useKibana } from '../../../../hooks/use_kibana';
 import type { GroupBy, GroupFilters } from '../types';
 import './slo_group_filters.scss';
 
diff --git a/x-pack/plugins/observability_solution/slo/public/embeddable/slo/overview/slo_embeddable_factory.tsx b/x-pack/plugins/observability_solution/slo/public/embeddable/slo/overview/slo_embeddable_factory.tsx
index 7704bc5326310..e74ba591e7166 100644
--- a/x-pack/plugins/observability_solution/slo/public/embeddable/slo/overview/slo_embeddable_factory.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/embeddable/slo/overview/slo_embeddable_factory.tsx
@@ -5,33 +5,45 @@
  * 2.0.
  */
 
-import { i18n } from '@kbn/i18n';
-import React, { useEffect } from 'react';
-import styled from 'styled-components';
-import { EuiFlexItem, EuiFlexGroup } from '@elastic/eui';
+import { EuiFlexGroup, EuiFlexItem } from '@elastic/eui';
+import type { CoreStart } from '@kbn/core-lifecycle-browser';
 import { ReactEmbeddableFactory } from '@kbn/embeddable-plugin/public';
+import { i18n } from '@kbn/i18n';
+import { EuiThemeProvider } from '@kbn/kibana-react-plugin/common';
+import { KibanaContextProvider } from '@kbn/kibana-react-plugin/public';
 import {
+  fetch$,
   initializeTitles,
   useBatchedPublishingSubjects,
-  fetch$,
 } from '@kbn/presentation-publishing';
+import { Router } from '@kbn/shared-ux-router';
+import { QueryClient, QueryClientProvider } from '@tanstack/react-query';
+import { createBrowserHistory } from 'history';
+import React, { useEffect } from 'react';
 import { BehaviorSubject, Subject } from 'rxjs';
-import type { StartServicesAccessor } from '@kbn/core-lifecycle-browser';
+import styled from 'styled-components';
+import { PluginContext } from '../../../context/plugin_context';
+import type { SLOPublicPluginsStart, SLORepositoryClient } from '../../../types';
 import { SLO_OVERVIEW_EMBEDDABLE_ID } from './constants';
-import { SloCardChartList } from './slo_overview_grid';
-import { SloOverview } from './slo_overview';
 import { GroupSloView } from './group_view/group_view';
-import { SloOverviewEmbeddableState, SloOverviewApi, GroupSloCustomInput } from './types';
-import { SloPublicPluginsStart, SloPublicStart } from '../../../types';
-import { SloEmbeddableContext } from '../common/slo_embeddable_context';
+import { SloOverview } from './slo_overview';
+import { SloCardChartList } from './slo_overview_grid';
+import { GroupSloCustomInput, SloOverviewApi, SloOverviewEmbeddableState } from './types';
 
-export const getOverviewPanelTitle = () =>
+const getOverviewPanelTitle = () =>
   i18n.translate('xpack.slo.sloEmbeddable.displayName', {
     defaultMessage: 'SLO Overview',
   });
-export const getOverviewEmbeddableFactory = (
-  getStartServices: StartServicesAccessor<SloPublicPluginsStart, SloPublicStart>
-) => {
+
+export const getOverviewEmbeddableFactory = ({
+  coreStart,
+  pluginsStart,
+  sloClient,
+}: {
+  coreStart: CoreStart;
+  pluginsStart: SLOPublicPluginsStart;
+  sloClient: SLORepositoryClient;
+}) => {
   const factory: ReactEmbeddableFactory<
     SloOverviewEmbeddableState,
     SloOverviewEmbeddableState,
@@ -42,15 +54,15 @@ export const getOverviewEmbeddableFactory = (
       return state.rawState as SloOverviewEmbeddableState;
     },
     buildEmbeddable: async (state, buildApi, uuid, parentApi) => {
-      const [coreStart, pluginStart] = await getStartServices();
-      const deps = { ...coreStart, ...pluginStart };
+      const deps = { ...coreStart, ...pluginsStart };
       async function onEdit() {
         try {
           const { openSloConfiguration } = await import('./slo_overview_open_configuration');
 
           const result = await openSloConfiguration(
             coreStart,
-            pluginStart,
+            pluginsStart,
+            sloClient,
             api.getSloGroupOverviewConfig()
           );
           api.updateSloGroupOverviewConfig(result as GroupSloCustomInput);
@@ -184,10 +196,33 @@ export const getOverviewEmbeddableFactory = (
               );
             }
           };
+
+          const queryClient = new QueryClient();
+
           return (
-            <SloEmbeddableContext deps={deps}>
-              {showAllGroupByInstances ? <SloCardChartList sloId={sloId!} /> : renderOverview()}
-            </SloEmbeddableContext>
+            <Router history={createBrowserHistory()}>
+              <EuiThemeProvider darkMode={true}>
+                <KibanaContextProvider services={deps}>
+                  <PluginContext.Provider
+                    value={{
+                      observabilityRuleTypeRegistry:
+                        pluginsStart.observability.observabilityRuleTypeRegistry,
+                      ObservabilityPageTemplate:
+                        pluginsStart.observabilityShared.navigation.PageTemplate,
+                      sloClient,
+                    }}
+                  >
+                    <QueryClientProvider client={queryClient}>
+                      {showAllGroupByInstances ? (
+                        <SloCardChartList sloId={sloId!} />
+                      ) : (
+                        renderOverview()
+                      )}
+                    </QueryClientProvider>
+                  </PluginContext.Provider>
+                </KibanaContextProvider>
+              </EuiThemeProvider>
+            </Router>
           );
         },
       };
diff --git a/x-pack/plugins/observability_solution/slo/public/embeddable/slo/overview/slo_overview_grid.tsx b/x-pack/plugins/observability_solution/slo/public/embeddable/slo/overview/slo_overview_grid.tsx
index f452f77cb1da3..88e10faeae1a1 100644
--- a/x-pack/plugins/observability_solution/slo/public/embeddable/slo/overview/slo_overview_grid.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/embeddable/slo/overview/slo_overview_grid.tsx
@@ -18,7 +18,7 @@ import {
 import { i18n } from '@kbn/i18n';
 import { FormattedMessage } from '@kbn/i18n-react';
 import { EuiFlexGroup, EuiFlexItem, EuiIcon, EuiLoadingSpinner } from '@elastic/eui';
-import { useKibana } from '../../../utils/kibana_react';
+import { useKibana } from '../../../hooks/use_kibana';
 import { SloOverviewDetails } from '../common/slo_overview_details';
 import { useFetchSloList } from '../../../hooks/use_fetch_slo_list';
 import { formatHistoricalData } from '../../../utils/slo/chart_data_formatter';
diff --git a/x-pack/plugins/observability_solution/slo/public/embeddable/slo/overview/slo_overview_open_configuration.tsx b/x-pack/plugins/observability_solution/slo/public/embeddable/slo/overview/slo_overview_open_configuration.tsx
index 7d10a0ca76bfb..de4f248aad0bf 100644
--- a/x-pack/plugins/observability_solution/slo/public/embeddable/slo/overview/slo_overview_open_configuration.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/embeddable/slo/overview/slo_overview_open_configuration.tsx
@@ -11,15 +11,21 @@ import { QueryClient, QueryClientProvider } from '@tanstack/react-query';
 import { toMountPoint } from '@kbn/react-kibana-mount';
 import { KibanaContextProvider } from '@kbn/kibana-react-plugin/public';
 import type { GroupSloCustomInput, SingleSloCustomInput } from './types';
-import { SloPublicPluginsStart } from '../../..';
+import { SLOPublicPluginsStart } from '../../..';
 import { SloConfiguration } from './slo_configuration';
+import { SLORepositoryClient } from '../../../types';
+import { PluginContext } from '../../../context/plugin_context';
+
 export async function openSloConfiguration(
   coreStart: CoreStart,
-  pluginStart: SloPublicPluginsStart,
+  pluginsStart: SLOPublicPluginsStart,
+  sloClient: SLORepositoryClient,
   initialState?: GroupSloCustomInput
 ): Promise<GroupSloCustomInput | SingleSloCustomInput> {
   const { overlays } = coreStart;
+
   const queryClient = new QueryClient();
+
   return new Promise(async (resolve, reject) => {
     try {
       const flyoutSession = overlays.openFlyout(
@@ -27,22 +33,31 @@ export async function openSloConfiguration(
           <KibanaContextProvider
             services={{
               ...coreStart,
-              ...pluginStart,
+              ...pluginsStart,
             }}
           >
-            <QueryClientProvider client={queryClient}>
-              <SloConfiguration
-                initialInput={initialState}
-                onCreate={(update: GroupSloCustomInput | SingleSloCustomInput) => {
-                  flyoutSession.close();
-                  resolve(update);
-                }}
-                onCancel={() => {
-                  flyoutSession.close();
-                  reject();
-                }}
-              />
-            </QueryClientProvider>
+            <PluginContext.Provider
+              value={{
+                observabilityRuleTypeRegistry:
+                  pluginsStart.observability.observabilityRuleTypeRegistry,
+                ObservabilityPageTemplate: pluginsStart.observabilityShared.navigation.PageTemplate,
+                sloClient,
+              }}
+            >
+              <QueryClientProvider client={queryClient}>
+                <SloConfiguration
+                  initialInput={initialState}
+                  onCreate={(update: GroupSloCustomInput | SingleSloCustomInput) => {
+                    flyoutSession.close();
+                    resolve(update);
+                  }}
+                  onCancel={() => {
+                    flyoutSession.close();
+                    reject();
+                  }}
+                />
+              </QueryClientProvider>
+            </PluginContext.Provider>
           </KibanaContextProvider>,
           coreStart
         )
diff --git a/x-pack/plugins/observability_solution/slo/public/embeddable/slo/overview/types.ts b/x-pack/plugins/observability_solution/slo/public/embeddable/slo/overview/types.ts
index c64faff1f110d..3c2866077aaa6 100644
--- a/x-pack/plugins/observability_solution/slo/public/embeddable/slo/overview/types.ts
+++ b/x-pack/plugins/observability_solution/slo/public/embeddable/slo/overview/types.ts
@@ -13,15 +13,6 @@ import {
 import type { EmbeddableApiContext } from '@kbn/presentation-publishing';
 import { DefaultEmbeddableApi } from '@kbn/embeddable-plugin/public';
 import { Filter } from '@kbn/es-query';
-import {
-  type CoreStart,
-  IUiSettingsClient,
-  ApplicationStart,
-  NotificationsStart,
-} from '@kbn/core/public';
-import { ObservabilityPublicStart } from '@kbn/observability-plugin/public';
-import type { UiActionsStart } from '@kbn/ui-actions-plugin/public';
-import { ObservabilitySharedPluginStart } from '@kbn/observability-shared-plugin/public';
 
 export type OverviewMode = 'single' | 'groups';
 export type GroupBy = 'slo.tags' | 'status' | 'slo.indicator.type';
@@ -72,18 +63,6 @@ export const apiHasSloGroupOverviewConfig = (
   );
 };
 
-export interface SloEmbeddableDeps {
-  uiSettings: IUiSettingsClient;
-  http: CoreStart['http'];
-  i18n: CoreStart['i18n'];
-  theme: CoreStart['theme'];
-  application: ApplicationStart;
-  notifications: NotificationsStart;
-  observability: ObservabilityPublicStart;
-  observabilityShared: ObservabilitySharedPluginStart;
-  uiActions: UiActionsStart;
-}
-
 export type SloOverviewEmbeddableActionContext = EmbeddableApiContext & {
   embeddable: SloOverviewApi;
 };
diff --git a/x-pack/plugins/observability_solution/slo/public/embeddable/slo/types.ts b/x-pack/plugins/observability_solution/slo/public/embeddable/slo/types.ts
new file mode 100644
index 0000000000000..08397cd7e6817
--- /dev/null
+++ b/x-pack/plugins/observability_solution/slo/public/embeddable/slo/types.ts
@@ -0,0 +1,30 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import {
+  ApplicationStart,
+  CoreStart,
+  IUiSettingsClient,
+  NotificationsStart,
+} from '@kbn/core/public';
+import { ObservabilityPublicStart } from '@kbn/observability-plugin/public';
+import { ObservabilitySharedPluginStart } from '@kbn/observability-shared-plugin/public';
+import { UiActionsStart } from '@kbn/ui-actions-plugin/public';
+import type { SLORepositoryClient } from '../../types';
+
+export interface SLOEmbeddableDeps {
+  uiSettings: IUiSettingsClient;
+  http: CoreStart['http'];
+  i18n: CoreStart['i18n'];
+  theme: CoreStart['theme'];
+  application: ApplicationStart;
+  notifications: NotificationsStart;
+  observability: ObservabilityPublicStart;
+  observabilityShared: ObservabilitySharedPluginStart;
+  uiActions: UiActionsStart;
+  sloClient: SLORepositoryClient;
+}
diff --git a/x-pack/plugins/observability_solution/slo/public/hooks/use_alerts_url.ts b/x-pack/plugins/observability_solution/slo/public/hooks/use_alerts_url.ts
index fa97a22204372..65c71a6b58973 100644
--- a/x-pack/plugins/observability_solution/slo/public/hooks/use_alerts_url.ts
+++ b/x-pack/plugins/observability_solution/slo/public/hooks/use_alerts_url.ts
@@ -7,7 +7,7 @@
 
 import { observabilityPaths } from '@kbn/observability-plugin/common';
 import rison from '@kbn/rison';
-import { useKibana } from '../utils/kibana_react';
+import { useKibana } from './use_kibana';
 
 export const useAlertsUrl = () => {
   const { basePath } = useKibana().services.http;
diff --git a/x-pack/plugins/observability_solution/slo/public/hooks/use_capabilities.ts b/x-pack/plugins/observability_solution/slo/public/hooks/use_capabilities.ts
index bc1856681b930..52db1245b5608 100644
--- a/x-pack/plugins/observability_solution/slo/public/hooks/use_capabilities.ts
+++ b/x-pack/plugins/observability_solution/slo/public/hooks/use_capabilities.ts
@@ -5,7 +5,7 @@
  * 2.0.
  */
 import { sloFeatureId } from '@kbn/observability-plugin/common';
-import { useKibana } from '../utils/kibana_react';
+import { useKibana } from './use_kibana';
 
 export function useCapabilities() {
   const {
diff --git a/x-pack/plugins/observability_solution/slo/public/hooks/use_clone_slo.ts b/x-pack/plugins/observability_solution/slo/public/hooks/use_clone_slo.ts
index dc7901e81b528..fbb4145b6bec9 100644
--- a/x-pack/plugins/observability_solution/slo/public/hooks/use_clone_slo.ts
+++ b/x-pack/plugins/observability_solution/slo/public/hooks/use_clone_slo.ts
@@ -9,7 +9,7 @@ import { encode } from '@kbn/rison';
 import { SLOWithSummaryResponse } from '@kbn/slo-schema';
 import { useCallback } from 'react';
 import { paths } from '../../common/locators/paths';
-import { useKibana } from '../utils/kibana_react';
+import { useKibana } from './use_kibana';
 import { createRemoteSloCloneUrl } from '../utils/slo/remote_slo_urls';
 import { useSpace } from './use_space';
 
diff --git a/x-pack/plugins/observability_solution/slo/public/hooks/use_create_burn_rate_rule.tsx b/x-pack/plugins/observability_solution/slo/public/hooks/use_create_burn_rate_rule.tsx
index 906e844c14806..3fa2b7f8ffd81 100644
--- a/x-pack/plugins/observability_solution/slo/public/hooks/use_create_burn_rate_rule.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/hooks/use_create_burn_rate_rule.tsx
@@ -16,7 +16,7 @@ import type {
 } from '@kbn/alerting-plugin/common/routes/rule/apis/create';
 import { EuiFlexGroup, EuiFlexItem, EuiLoadingSpinner } from '@elastic/eui';
 import { toMountPoint } from '@kbn/react-kibana-mount';
-import { useKibana } from '../utils/kibana_react';
+import { useKibana } from './use_kibana';
 
 export function useCreateRule<Params extends RuleTypeParams = never>() {
   const {
diff --git a/x-pack/plugins/observability_solution/slo/public/hooks/use_create_data_view.ts b/x-pack/plugins/observability_solution/slo/public/hooks/use_create_data_view.ts
index 781145885df5f..d630ce24c4751 100644
--- a/x-pack/plugins/observability_solution/slo/public/hooks/use_create_data_view.ts
+++ b/x-pack/plugins/observability_solution/slo/public/hooks/use_create_data_view.ts
@@ -6,7 +6,7 @@
  */
 
 import { useFetcher } from '@kbn/observability-shared-plugin/public';
-import { useKibana } from '../utils/kibana_react';
+import { useKibana } from './use_kibana';
 
 interface UseCreateDataViewProps {
   indexPatternString?: string;
diff --git a/x-pack/plugins/observability_solution/slo/public/hooks/use_create_slo.tsx b/x-pack/plugins/observability_solution/slo/public/hooks/use_create_slo.tsx
index e5b6d2c114a84..2059c9b273592 100644
--- a/x-pack/plugins/observability_solution/slo/public/hooks/use_create_slo.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/hooks/use_create_slo.tsx
@@ -15,9 +15,10 @@ import { toMountPoint } from '@kbn/react-kibana-mount';
 import { FormattedMessage } from '@kbn/i18n-react';
 import { i18n } from '@kbn/i18n';
 import { RedirectAppLinks } from '@kbn/shared-ux-link-redirect-app';
-import { useKibana } from '../utils/kibana_react';
+import { useKibana } from './use_kibana';
 import { paths } from '../../common/locators/paths';
 import { sloKeys } from './query_key_factory';
+import { usePluginContext } from './use_plugin_context';
 
 type ServerError = IHttpFetchError<ResponseErrorBody>;
 
@@ -29,6 +30,7 @@ export function useCreateSlo() {
     http,
     notifications: { toasts },
   } = useKibana().services;
+  const { sloClient } = usePluginContext();
   const services = useKibana().services;
   const queryClient = useQueryClient();
 
@@ -40,8 +42,7 @@ export function useCreateSlo() {
   >(
     ['createSlo'],
     ({ slo }) => {
-      const body = JSON.stringify(slo);
-      return http.post<CreateSLOResponse>(`/api/observability/slos`, { body });
+      return sloClient.fetch(`POST /api/observability/slos 2023-10-31`, { params: { body: slo } });
     },
     {
       onSuccess: (data, { slo }) => {
diff --git a/x-pack/plugins/observability_solution/slo/public/hooks/use_delete_slo.ts b/x-pack/plugins/observability_solution/slo/public/hooks/use_delete_slo.ts
index a8d2758e4a9c2..237c5f909ae8a 100644
--- a/x-pack/plugins/observability_solution/slo/public/hooks/use_delete_slo.ts
+++ b/x-pack/plugins/observability_solution/slo/public/hooks/use_delete_slo.ts
@@ -8,23 +8,26 @@
 import { IHttpFetchError, ResponseErrorBody } from '@kbn/core/public';
 import { i18n } from '@kbn/i18n';
 import { useMutation, useQueryClient } from '@tanstack/react-query';
-import { useKibana } from '../utils/kibana_react';
+import { useKibana } from './use_kibana';
 import { sloKeys } from './query_key_factory';
+import { usePluginContext } from './use_plugin_context';
 
 type ServerError = IHttpFetchError<ResponseErrorBody>;
 
 export function useDeleteSlo() {
   const {
-    http,
     notifications: { toasts },
   } = useKibana().services;
+  const { sloClient } = usePluginContext();
   const queryClient = useQueryClient();
 
-  return useMutation<string, ServerError, { id: string; name: string }>(
+  return useMutation<void, ServerError, { id: string; name: string }>(
     ['deleteSlo'],
     ({ id }) => {
       try {
-        return http.delete<string>(`/api/observability/slos/${id}`);
+        return sloClient.fetch(`DELETE /api/observability/slos/{id} 2023-10-31`, {
+          params: { path: { id } },
+        });
       } catch (error) {
         return Promise.reject(`Something went wrong: ${String(error)}`);
       }
diff --git a/x-pack/plugins/observability_solution/slo/public/hooks/use_delete_slo_instance.ts b/x-pack/plugins/observability_solution/slo/public/hooks/use_delete_slo_instance.ts
index 66f0012659446..9b84e6f565ead 100644
--- a/x-pack/plugins/observability_solution/slo/public/hooks/use_delete_slo_instance.ts
+++ b/x-pack/plugins/observability_solution/slo/public/hooks/use_delete_slo_instance.ts
@@ -7,34 +7,37 @@
 
 import { IHttpFetchError, ResponseErrorBody } from '@kbn/core/public';
 import { i18n } from '@kbn/i18n';
-import { SLOWithSummaryResponse } from '@kbn/slo-schema';
+import { ALL_VALUE, SLOWithSummaryResponse } from '@kbn/slo-schema';
 import { useMutation, useQueryClient } from '@tanstack/react-query';
-import { useKibana } from '../utils/kibana_react';
+import { useKibana } from './use_kibana';
 import { sloKeys } from './query_key_factory';
+import { usePluginContext } from './use_plugin_context';
 
 type ServerError = IHttpFetchError<ResponseErrorBody>;
 
 export function useDeleteSloInstance() {
   const {
-    http,
     notifications: { toasts },
   } = useKibana().services;
+  const { sloClient } = usePluginContext();
   const queryClient = useQueryClient();
 
-  return useMutation<string, ServerError, { slo: SLOWithSummaryResponse; excludeRollup: boolean }>(
+  return useMutation<void, ServerError, { slo: SLOWithSummaryResponse; excludeRollup: boolean }>(
     ['deleteSloInstance'],
     ({ slo, excludeRollup }) => {
       try {
-        return http.post(`/api/observability/slos/_delete_instances`, {
-          body: JSON.stringify({
-            list: [
-              {
-                sloId: slo.id,
-                instanceId: slo.instanceId,
-                excludeRollup,
-              },
-            ],
-          }),
+        return sloClient.fetch(`POST /api/observability/slos/_delete_instances 2023-10-31`, {
+          params: {
+            body: {
+              list: [
+                {
+                  sloId: slo.id,
+                  instanceId: slo.instanceId ?? ALL_VALUE,
+                  excludeRollup,
+                },
+              ],
+            },
+          },
         });
       } catch (error) {
         return Promise.reject(`Something went wrong: ${String(error)}`);
diff --git a/x-pack/plugins/observability_solution/slo/public/hooks/use_fetch_active_alerts.ts b/x-pack/plugins/observability_solution/slo/public/hooks/use_fetch_active_alerts.ts
index 6ad34d8c4dc86..8fa7d3ec88e91 100644
--- a/x-pack/plugins/observability_solution/slo/public/hooks/use_fetch_active_alerts.ts
+++ b/x-pack/plugins/observability_solution/slo/public/hooks/use_fetch_active_alerts.ts
@@ -9,7 +9,7 @@ import { useQuery } from '@tanstack/react-query';
 import { BASE_RAC_ALERTS_API_PATH } from '@kbn/rule-registry-plugin/common';
 
 import { AlertConsumers } from '@kbn/rule-registry-plugin/common/technical_rule_data_field_names';
-import { useKibana } from '../utils/kibana_react';
+import { useKibana } from './use_kibana';
 import { sloKeys } from './query_key_factory';
 import { ActiveAlerts } from './active_alerts';
 
diff --git a/x-pack/plugins/observability_solution/slo/public/hooks/use_fetch_apm_indices.ts b/x-pack/plugins/observability_solution/slo/public/hooks/use_fetch_apm_indices.ts
index e21df7b56a964..436ba45fad273 100644
--- a/x-pack/plugins/observability_solution/slo/public/hooks/use_fetch_apm_indices.ts
+++ b/x-pack/plugins/observability_solution/slo/public/hooks/use_fetch_apm_indices.ts
@@ -7,7 +7,7 @@
 
 import { useQuery } from '@tanstack/react-query';
 
-import { useKibana } from '../utils/kibana_react';
+import { useKibana } from './use_kibana';
 
 type ApmIndex = string;
 
diff --git a/x-pack/plugins/observability_solution/slo/public/hooks/use_fetch_apm_suggestions.ts b/x-pack/plugins/observability_solution/slo/public/hooks/use_fetch_apm_suggestions.ts
index c6484076b1d72..ea8ae831a26cf 100644
--- a/x-pack/plugins/observability_solution/slo/public/hooks/use_fetch_apm_suggestions.ts
+++ b/x-pack/plugins/observability_solution/slo/public/hooks/use_fetch_apm_suggestions.ts
@@ -7,7 +7,7 @@
 
 import { useQuery } from '@tanstack/react-query';
 import moment from 'moment';
-import { useKibana } from '../utils/kibana_react';
+import { useKibana } from './use_kibana';
 
 export type Suggestion = string;
 
diff --git a/x-pack/plugins/observability_solution/slo/public/hooks/use_fetch_global_diagnosis.ts b/x-pack/plugins/observability_solution/slo/public/hooks/use_fetch_global_diagnosis.ts
index df8ea83ed2aaa..d943322cf1322 100644
--- a/x-pack/plugins/observability_solution/slo/public/hooks/use_fetch_global_diagnosis.ts
+++ b/x-pack/plugins/observability_solution/slo/public/hooks/use_fetch_global_diagnosis.ts
@@ -9,9 +9,10 @@ import type { SecurityHasPrivilegesResponse } from '@elastic/elasticsearch/lib/a
 import { i18n } from '@kbn/i18n';
 import type { PublicLicenseJSON } from '@kbn/licensing-plugin/public';
 import { useQuery } from '@tanstack/react-query';
-import { useKibana } from '../utils/kibana_react';
+import { useKibana } from './use_kibana';
 import { convertErrorForUseInToast } from './helpers/convert_error_for_use_in_toast';
 import { sloKeys } from './query_key_factory';
+import { usePluginContext } from './use_plugin_context';
 
 interface SloGlobalDiagnosisResponse {
   licenseAndFeatures: PublicLicenseJSON;
@@ -25,23 +26,17 @@ export interface UseFetchSloGlobalDiagnoseResponse {
 
 export function useFetchSloGlobalDiagnosis(): UseFetchSloGlobalDiagnoseResponse {
   const {
-    http,
     notifications: { toasts },
   } = useKibana().services;
+  const { sloClient } = usePluginContext();
 
   const { isLoading, data } = useQuery({
     queryKey: sloKeys.globalDiagnosis(),
     queryFn: async ({ signal }) => {
       try {
-        const response = await http.get<SloGlobalDiagnosisResponse>(
-          '/internal/observability/slos/_diagnosis',
-          {
-            query: {},
-            signal,
-          }
-        );
-
-        return response;
+        return await sloClient.fetch('GET /internal/observability/slos/_diagnosis', {
+          signal,
+        });
       } catch (error) {
         throw convertErrorForUseInToast(error);
       }
diff --git a/x-pack/plugins/observability_solution/slo/public/hooks/use_fetch_group_by_cardinality.ts b/x-pack/plugins/observability_solution/slo/public/hooks/use_fetch_group_by_cardinality.ts
index 6be95e67c0d89..beab209f7c692 100644
--- a/x-pack/plugins/observability_solution/slo/public/hooks/use_fetch_group_by_cardinality.ts
+++ b/x-pack/plugins/observability_solution/slo/public/hooks/use_fetch_group_by_cardinality.ts
@@ -10,7 +10,7 @@ import { ALL_VALUE, QuerySchema } from '@kbn/slo-schema';
 import { useQuery } from '@tanstack/react-query';
 import { lastValueFrom } from 'rxjs';
 import { getElasticsearchQueryOrThrow } from '../../common/parse_kuery';
-import { useKibana } from '../utils/kibana_react';
+import { useKibana } from './use_kibana';
 
 export interface UseFetchGroupByCardinalityResponse {
   isLoading: boolean;
diff --git a/x-pack/plugins/observability_solution/slo/public/hooks/use_fetch_historical_summary.ts b/x-pack/plugins/observability_solution/slo/public/hooks/use_fetch_historical_summary.ts
index fc77e0ba40c7a..b8b0bc7ca9c4e 100644
--- a/x-pack/plugins/observability_solution/slo/public/hooks/use_fetch_historical_summary.ts
+++ b/x-pack/plugins/observability_solution/slo/public/hooks/use_fetch_historical_summary.ts
@@ -5,11 +5,11 @@
  * 2.0.
  */
 
-import { useQuery } from '@tanstack/react-query';
 import { ALL_VALUE, FetchHistoricalSummaryResponse, SLOWithSummaryResponse } from '@kbn/slo-schema';
-import { useKibana } from '../utils/kibana_react';
-import { sloKeys } from './query_key_factory';
+import { useQuery } from '@tanstack/react-query';
 import { SLO_LONG_REFETCH_INTERVAL } from '../constants';
+import { sloKeys } from './query_key_factory';
+import { usePluginContext } from './use_plugin_context';
 
 export interface UseFetchHistoricalSummaryResponse {
   data: FetchHistoricalSummaryResponse | undefined;
@@ -34,7 +34,7 @@ export function useFetchHistoricalSummary({
   shouldRefetch,
   range,
 }: Params): UseFetchHistoricalSummaryResponse {
-  const { http } = useKibana().services;
+  const { sloClient } = usePluginContext();
 
   const list = sloList.map((slo) => ({
     sloId: slo.id,
@@ -57,15 +57,10 @@ export function useFetchHistoricalSummary({
     queryKey: sloKeys.historicalSummary(list),
     queryFn: async ({ signal }) => {
       try {
-        const response = await http.post<FetchHistoricalSummaryResponse>(
-          '/internal/observability/slos/_historical_summary',
-          {
-            body: JSON.stringify({ list }),
-            signal,
-          }
-        );
-
-        return response;
+        return await sloClient.fetch('POST /internal/observability/slos/_historical_summary', {
+          params: { body: { list } },
+          signal,
+        });
       } catch (error) {
         // ignore error
       }
diff --git a/x-pack/plugins/observability_solution/slo/public/hooks/use_fetch_rules_for_slo.ts b/x-pack/plugins/observability_solution/slo/public/hooks/use_fetch_rules_for_slo.ts
index 51a8337e4dd82..841bc9bec0a47 100644
--- a/x-pack/plugins/observability_solution/slo/public/hooks/use_fetch_rules_for_slo.ts
+++ b/x-pack/plugins/observability_solution/slo/public/hooks/use_fetch_rules_for_slo.ts
@@ -9,7 +9,7 @@ import type { Rule, AsApiContract } from '@kbn/triggers-actions-ui-plugin/public
 import { transformRule } from '@kbn/triggers-actions-ui-plugin/public';
 import { useQuery } from '@tanstack/react-query';
 import { BurnRateRuleParams } from '../typings';
-import { useKibana } from '../utils/kibana_react';
+import { useKibana } from './use_kibana';
 import { sloKeys } from './query_key_factory';
 
 interface Params {
diff --git a/x-pack/plugins/observability_solution/slo/public/hooks/use_fetch_slo_burn_rates.ts b/x-pack/plugins/observability_solution/slo/public/hooks/use_fetch_slo_burn_rates.ts
index 3da6e09072dfd..01404a6261a49 100644
--- a/x-pack/plugins/observability_solution/slo/public/hooks/use_fetch_slo_burn_rates.ts
+++ b/x-pack/plugins/observability_solution/slo/public/hooks/use_fetch_slo_burn_rates.ts
@@ -12,8 +12,8 @@ import {
   useQuery,
 } from '@tanstack/react-query';
 import { SLO_LONG_REFETCH_INTERVAL } from '../constants';
-import { useKibana } from '../utils/kibana_react';
 import { sloKeys } from './query_key_factory';
+import { usePluginContext } from './use_plugin_context';
 
 export interface UseFetchSloBurnRatesResponse {
   isLoading: boolean;
@@ -34,19 +34,24 @@ export function useFetchSloBurnRates({
   windows,
   shouldRefetch,
 }: UseFetchSloBurnRatesParams): UseFetchSloBurnRatesResponse {
-  const { http } = useKibana().services;
+  const { sloClient } = usePluginContext();
   const { isLoading, data, refetch } = useQuery({
     queryKey: sloKeys.burnRates(slo.id, slo.instanceId, windows),
     queryFn: async ({ signal }) => {
       try {
-        const response = await http.post<GetSLOBurnRatesResponse>(
-          `/internal/observability/slos/${slo.id}/_burn_rates`,
+        const response = await sloClient.fetch(
+          'POST /internal/observability/slos/{id}/_burn_rates',
           {
-            body: JSON.stringify({
-              windows,
-              instanceId: slo.instanceId ?? ALL_VALUE,
-              remoteName: slo.remote?.remoteName,
-            }),
+            params: {
+              path: {
+                id: slo.id,
+              },
+              body: {
+                windows,
+                instanceId: slo.instanceId ?? ALL_VALUE,
+                remoteName: slo.remote?.remoteName,
+              },
+            },
             signal,
           }
         );
diff --git a/x-pack/plugins/observability_solution/slo/public/hooks/use_fetch_slo_definitions.ts b/x-pack/plugins/observability_solution/slo/public/hooks/use_fetch_slo_definitions.ts
index 8aae512faab44..085cb777a32ec 100644
--- a/x-pack/plugins/observability_solution/slo/public/hooks/use_fetch_slo_definitions.ts
+++ b/x-pack/plugins/observability_solution/slo/public/hooks/use_fetch_slo_definitions.ts
@@ -7,8 +7,8 @@
 
 import { FindSLODefinitionsResponse } from '@kbn/slo-schema';
 import { useQuery } from '@tanstack/react-query';
-import { useKibana } from '../utils/kibana_react';
 import { sloKeys } from './query_key_factory';
+import { usePluginContext } from './use_plugin_context';
 
 export interface UseFetchSloDefinitionsResponse {
   data: FindSLODefinitionsResponse | undefined;
@@ -31,19 +31,19 @@ export function useFetchSloDefinitions({
   page = 1,
   perPage = 100,
 }: Params): UseFetchSloDefinitionsResponse {
-  const { http } = useKibana().services;
+  const { sloClient } = usePluginContext();
   const search = name.endsWith('*') ? name : `${name}*`;
 
   const { isLoading, isError, isSuccess, data, refetch } = useQuery({
     queryKey: sloKeys.definitions(search, page, perPage, includeOutdatedOnly),
     queryFn: async ({ signal }) => {
       try {
-        const response = await http.get<FindSLODefinitionsResponse>(
-          '/api/observability/slos/_definitions',
-          { query: { search, includeOutdatedOnly, page, perPage }, signal }
-        );
-
-        return response;
+        return await sloClient.fetch('GET /api/observability/slos/_definitions 2023-10-31', {
+          params: {
+            query: { search, includeOutdatedOnly, page: String(page), perPage: String(perPage) },
+          },
+          signal,
+        });
       } catch (error) {
         throw new Error(`Something went wrong. Error: ${error}`);
       }
diff --git a/x-pack/plugins/observability_solution/slo/public/hooks/use_fetch_slo_details.ts b/x-pack/plugins/observability_solution/slo/public/hooks/use_fetch_slo_details.ts
index 589701be319ae..b32c0c6dc5976 100644
--- a/x-pack/plugins/observability_solution/slo/public/hooks/use_fetch_slo_details.ts
+++ b/x-pack/plugins/observability_solution/slo/public/hooks/use_fetch_slo_details.ts
@@ -12,9 +12,9 @@ import {
   RefetchQueryFilters,
   useQuery,
 } from '@tanstack/react-query';
-import { useKibana } from '../utils/kibana_react';
 import { SLO_LONG_REFETCH_INTERVAL } from '../constants';
 import { sloKeys } from './query_key_factory';
+import { usePluginContext } from './use_plugin_context';
 
 export interface UseFetchSloDetailsResponse {
   isInitialLoading: boolean;
@@ -39,17 +39,20 @@ export function useFetchSloDetails({
   remoteName?: string;
   shouldRefetch?: boolean;
 }): UseFetchSloDetailsResponse {
-  const { http } = useKibana().services;
+  const { sloClient } = usePluginContext();
 
   const { isInitialLoading, isLoading, isError, isSuccess, isRefetching, data, refetch } = useQuery(
     {
       queryKey: sloKeys.detail(sloId!, instanceId, remoteName),
       queryFn: async ({ signal }) => {
         try {
-          const response = await http.get<GetSLOResponse>(`/api/observability/slos/${sloId}`, {
-            query: {
-              ...(!!instanceId && instanceId !== ALL_VALUE && { instanceId }),
-              ...(remoteName && { remoteName }),
+          const response = await sloClient.fetch('GET /api/observability/slos/{id} 2023-10-31', {
+            params: {
+              path: { id: sloId! },
+              query: {
+                ...(!!instanceId && instanceId !== ALL_VALUE && { instanceId }),
+                ...(remoteName && { remoteName }),
+              },
             },
             signal,
           });
diff --git a/x-pack/plugins/observability_solution/slo/public/hooks/use_fetch_slo_groups.ts b/x-pack/plugins/observability_solution/slo/public/hooks/use_fetch_slo_groups.ts
index f7cdfbed28f3f..4b409a2c56562 100644
--- a/x-pack/plugins/observability_solution/slo/public/hooks/use_fetch_slo_groups.ts
+++ b/x-pack/plugins/observability_solution/slo/public/hooks/use_fetch_slo_groups.ts
@@ -4,25 +4,26 @@
  * 2.0; you may not use this file except in compliance with the Elastic License
  * 2.0.
  */
+import { Filter, buildQueryFromFilters } from '@kbn/es-query';
+import { i18n } from '@kbn/i18n';
+import { FindSLOGroupsResponse } from '@kbn/slo-schema';
 import {
-  useQuery,
-  RefetchOptions,
   QueryObserverResult,
+  RefetchOptions,
   RefetchQueryFilters,
+  useQuery,
 } from '@tanstack/react-query';
-import { i18n } from '@kbn/i18n';
-import { buildQueryFromFilters, Filter } from '@kbn/es-query';
 import { useMemo } from 'react';
-import { FindSLOGroupsResponse } from '@kbn/slo-schema';
-import { useKibana } from '../utils/kibana_react';
-import { useCreateDataView } from './use_create_data_view';
-import { sloKeys } from './query_key_factory';
 import {
   DEFAULT_SLO_GROUPS_PAGE_SIZE,
   SLO_SUMMARY_DESTINATION_INDEX_PATTERN,
 } from '../../common/constants';
-import { SearchState } from '../pages/slos/hooks/use_url_search_state';
 import { GroupByField } from '../pages/slos/components/slo_list_group_by';
+import { SearchState } from '../pages/slos/hooks/use_url_search_state';
+import { useKibana } from './use_kibana';
+import { sloKeys } from './query_key_factory';
+import { useCreateDataView } from './use_create_data_view';
+import { usePluginContext } from './use_plugin_context';
 
 interface SLOGroupsParams {
   page?: number;
@@ -58,8 +59,8 @@ export function useFetchSloGroups({
   filters: filterDSL = [],
   lastRefresh,
 }: SLOGroupsParams = {}): UseFetchSloGroupsResponse {
+  const { sloClient } = usePluginContext();
   const {
-    http,
     notifications: { toasts },
   } = useKibana().services;
 
@@ -97,20 +98,19 @@ export function useFetchSloGroups({
       lastRefresh,
     }),
     queryFn: async ({ signal }) => {
-      const response = await http.get<FindSLOGroupsResponse>(
-        '/internal/observability/slos/_groups',
-        {
+      const response = await sloClient.fetch('GET /internal/observability/slos/_groups', {
+        params: {
           query: {
-            ...(page && { page }),
-            ...(perPage && { perPage }),
+            ...(page && { page: String(page) }),
+            ...(perPage && { perPage: String(perPage) }),
             ...(groupBy && { groupBy }),
             ...(groupsFilter && { groupsFilter }),
             ...(kqlQuery && { kqlQuery }),
             ...(filters && { filters }),
           },
-          signal,
-        }
-      );
+        },
+        signal,
+      });
       return response;
     },
     cacheTime: 0,
diff --git a/x-pack/plugins/observability_solution/slo/public/hooks/use_fetch_slo_health.ts b/x-pack/plugins/observability_solution/slo/public/hooks/use_fetch_slo_health.ts
index 4d8439331d042..3dc0024082f1c 100644
--- a/x-pack/plugins/observability_solution/slo/public/hooks/use_fetch_slo_health.ts
+++ b/x-pack/plugins/observability_solution/slo/public/hooks/use_fetch_slo_health.ts
@@ -7,8 +7,8 @@
 
 import { ALL_VALUE, FetchSLOHealthResponse, SLOWithSummaryResponse } from '@kbn/slo-schema';
 import { useQuery } from '@tanstack/react-query';
-import { useKibana } from '../utils/kibana_react';
 import { sloKeys } from './query_key_factory';
+import { usePluginContext } from './use_plugin_context';
 
 export interface UseFetchSloHealth {
   data: FetchSLOHealthResponse | undefined;
@@ -21,7 +21,7 @@ export interface Params {
 }
 
 export function useFetchSloHealth({ list }: Params): UseFetchSloHealth {
-  const { http } = useKibana().services;
+  const { sloClient } = usePluginContext();
   const payload = list.map((slo) => ({
     sloId: slo.id,
     sloInstanceId: slo.instanceId ?? ALL_VALUE,
@@ -31,15 +31,10 @@ export function useFetchSloHealth({ list }: Params): UseFetchSloHealth {
     queryKey: sloKeys.health(payload),
     queryFn: async ({ signal }) => {
       try {
-        const response = await http.post<FetchSLOHealthResponse>(
-          '/internal/observability/slos/_health',
-          {
-            body: JSON.stringify({ list: payload }),
-            signal,
-          }
-        );
-
-        return response;
+        return await sloClient.fetch('POST /internal/observability/slos/_health', {
+          params: { body: { list: payload } },
+          signal,
+        });
       } catch (error) {
         // ignore error
       }
diff --git a/x-pack/plugins/observability_solution/slo/public/hooks/use_fetch_slo_inspect.ts b/x-pack/plugins/observability_solution/slo/public/hooks/use_fetch_slo_inspect.ts
index 51308b23b3300..df360801ed6fd 100644
--- a/x-pack/plugins/observability_solution/slo/public/hooks/use_fetch_slo_inspect.ts
+++ b/x-pack/plugins/observability_solution/slo/public/hooks/use_fetch_slo_inspect.ts
@@ -5,39 +5,21 @@
  * 2.0.
  */
 
-import { TransformPutTransformRequest } from '@elastic/elasticsearch/lib/api/typesWithBodyKey';
-import type { CreateSLOInput, SLODefinitionResponse } from '@kbn/slo-schema';
+import type { CreateSLOInput } from '@kbn/slo-schema';
 import { useQuery } from '@tanstack/react-query';
-import { useKibana } from '../utils/kibana_react';
-
-interface SLOInspectResponse {
-  slo: SLODefinitionResponse;
-  rollUpPipeline: Record<string, any>;
-  summaryPipeline: Record<string, any>;
-  rollUpTransform: TransformPutTransformRequest;
-  summaryTransform: TransformPutTransformRequest;
-  temporaryDoc: Record<string, any>;
-  rollUpTransformCompositeQuery: string;
-  summaryTransformCompositeQuery: string;
-}
+import { usePluginContext } from './use_plugin_context';
 
 export function useFetchSloInspect(slo: CreateSLOInput, shouldInspect: boolean) {
-  const { http } = useKibana().services;
+  const { sloClient } = usePluginContext();
 
   const { isLoading, isError, isSuccess, data } = useQuery({
     queryKey: ['slo', 'inspect'],
     queryFn: async ({ signal }) => {
       try {
-        const body = JSON.stringify(slo);
-        const response = await http.post<SLOInspectResponse>(
-          '/internal/observability/slos/_inspect',
-          {
-            body,
-            signal,
-          }
-        );
-
-        return response;
+        return await sloClient.fetch('POST /internal/observability/slos/_inspect', {
+          params: { body: slo },
+          signal,
+        });
       } catch (error) {
         // ignore error
       }
diff --git a/x-pack/plugins/observability_solution/slo/public/hooks/use_fetch_slo_list.ts b/x-pack/plugins/observability_solution/slo/public/hooks/use_fetch_slo_list.ts
index 0e2bb39dab878..aba2fe66dcb03 100644
--- a/x-pack/plugins/observability_solution/slo/public/hooks/use_fetch_slo_list.ts
+++ b/x-pack/plugins/observability_solution/slo/public/hooks/use_fetch_slo_list.ts
@@ -14,17 +14,17 @@ import {
   DEFAULT_SLO_PAGE_SIZE,
   SLO_SUMMARY_DESTINATION_INDEX_PATTERN,
 } from '../../common/constants';
-import { SearchState } from '../pages/slos/hooks/use_url_search_state';
-import { useKibana } from '../utils/kibana_react';
-import { useCreateDataView } from './use_create_data_view';
-
+import { SearchState, SortDirection, SortField } from '../pages/slos/hooks/use_url_search_state';
+import { useKibana } from './use_kibana';
 import { sloKeys } from './query_key_factory';
+import { useCreateDataView } from './use_create_data_view';
+import { usePluginContext } from './use_plugin_context';
 
 export interface SLOListParams {
   kqlQuery?: string;
   page?: number;
-  sortBy?: string;
-  sortDirection?: 'asc' | 'desc';
+  sortBy?: SortField;
+  sortDirection?: SortDirection;
   perPage?: number;
   filters?: Filter[];
   lastRefresh?: number;
@@ -55,9 +55,10 @@ export function useFetchSloList({
   disabled = false,
 }: SLOListParams = {}): UseFetchSloListResponse {
   const {
-    http,
     notifications: { toasts },
   } = useKibana().services;
+  const { sloClient } = usePluginContext();
+
   const queryClient = useQueryClient();
 
   const { dataView } = useCreateDataView({
@@ -95,15 +96,17 @@ export function useFetchSloList({
       lastRefresh,
     }),
     queryFn: async ({ signal }) => {
-      return await http.get<FindSLOResponse>(`/api/observability/slos`, {
-        query: {
-          ...(kqlQuery && { kqlQuery }),
-          ...(sortBy && { sortBy }),
-          ...(sortDirection && { sortDirection }),
-          ...(page !== undefined && { page }),
-          ...(perPage !== undefined && { perPage }),
-          ...(filters && { filters }),
-          hideStale: true,
+      return await sloClient.fetch('GET /api/observability/slos 2023-10-31', {
+        params: {
+          query: {
+            ...(kqlQuery && { kqlQuery }),
+            ...(sortBy && { sortBy }),
+            ...(sortDirection && { sortDirection }),
+            ...(page !== undefined && { page: String(page) }),
+            ...(perPage !== undefined && { perPage: String(perPage) }),
+            ...(filters && { filters }),
+            hideStale: true,
+          },
         },
         signal,
       });
diff --git a/x-pack/plugins/observability_solution/slo/public/hooks/use_fetch_slos_with_burn_rate_rules.ts b/x-pack/plugins/observability_solution/slo/public/hooks/use_fetch_slos_with_burn_rate_rules.ts
index 34cfa36bfcab8..ce1efab910723 100644
--- a/x-pack/plugins/observability_solution/slo/public/hooks/use_fetch_slos_with_burn_rate_rules.ts
+++ b/x-pack/plugins/observability_solution/slo/public/hooks/use_fetch_slos_with_burn_rate_rules.ts
@@ -14,7 +14,7 @@ import {
 import type { Rule } from '@kbn/triggers-actions-ui-plugin/public';
 import { BASE_ALERTING_API_PATH } from '@kbn/alerting-plugin/common';
 import { HttpSetup } from '@kbn/core/public';
-import { useKibana } from '../utils/kibana_react';
+import { useKibana } from './use_kibana';
 import { sloKeys } from './query_key_factory';
 import { WindowSchema } from '../typings';
 
diff --git a/x-pack/plugins/observability_solution/slo/public/hooks/use_fetch_synthetics_suggestions.ts b/x-pack/plugins/observability_solution/slo/public/hooks/use_fetch_synthetics_suggestions.ts
index f985b1f53ca94..f97bf64f5c8da 100644
--- a/x-pack/plugins/observability_solution/slo/public/hooks/use_fetch_synthetics_suggestions.ts
+++ b/x-pack/plugins/observability_solution/slo/public/hooks/use_fetch_synthetics_suggestions.ts
@@ -7,7 +7,7 @@
 
 import { useQuery } from '@tanstack/react-query';
 
-import { useKibana } from '../utils/kibana_react';
+import { useKibana } from './use_kibana';
 
 export interface Suggestion {
   label: string;
diff --git a/x-pack/plugins/observability_solution/slo/public/hooks/use_get_preview_data.ts b/x-pack/plugins/observability_solution/slo/public/hooks/use_get_preview_data.ts
index f8e65fea9edff..5b4dc32ca4f28 100644
--- a/x-pack/plugins/observability_solution/slo/public/hooks/use_get_preview_data.ts
+++ b/x-pack/plugins/observability_solution/slo/public/hooks/use_get_preview_data.ts
@@ -7,8 +7,8 @@
 
 import { GetPreviewDataResponse, Indicator, Objective } from '@kbn/slo-schema';
 import { useQuery } from '@tanstack/react-query';
-import { useKibana } from '../utils/kibana_react';
 import { sloKeys } from './query_key_factory';
+import { usePluginContext } from './use_plugin_context';
 
 export interface UseGetPreviewData {
   data: GetPreviewDataResponse | undefined;
@@ -18,6 +18,20 @@ export interface UseGetPreviewData {
   isError: boolean;
 }
 
+interface Props {
+  isValid: boolean;
+  groupBy?: string | string[];
+  instanceId?: string;
+  remoteName?: string;
+  groupings?: Record<string, unknown>;
+  objective?: Objective;
+  indicator: Indicator;
+  range: {
+    from: Date;
+    to: Date;
+  };
+}
+
 export function useGetPreviewData({
   isValid,
   range,
@@ -27,36 +41,29 @@ export function useGetPreviewData({
   groupings,
   instanceId,
   remoteName,
-}: {
-  isValid: boolean;
-  groupBy?: string | string[];
-  instanceId?: string;
-  remoteName?: string;
-  groupings?: Record<string, unknown>;
-  objective?: Objective;
-  indicator: Indicator;
-  range: { from: Date; to: Date };
-}): UseGetPreviewData {
-  const { http } = useKibana().services;
+}: Props): UseGetPreviewData {
+  const { sloClient } = usePluginContext();
 
   const { isInitialLoading, isLoading, isError, isSuccess, data } = useQuery({
     queryKey: sloKeys.preview(indicator, range, groupings),
     queryFn: async ({ signal }) => {
-      const response = await http.post<GetPreviewDataResponse>(
-        '/internal/observability/slos/_preview',
-        {
-          body: JSON.stringify({
+      const response = await sloClient.fetch('POST /internal/observability/slos/_preview', {
+        params: {
+          body: {
             indicator,
-            range,
+            range: {
+              from: range.from.toISOString(),
+              to: range.to.toISOString(),
+            },
             groupBy,
             instanceId,
             groupings,
             remoteName,
             ...(objective ? { objective } : null),
-          }),
-          signal,
-        }
-      );
+          },
+        },
+        signal,
+      });
 
       return Array.isArray(response) ? response : [];
     },
diff --git a/x-pack/plugins/observability_solution/slo/public/utils/kibana_react.ts b/x-pack/plugins/observability_solution/slo/public/hooks/use_kibana.ts
similarity index 80%
rename from x-pack/plugins/observability_solution/slo/public/utils/kibana_react.ts
rename to x-pack/plugins/observability_solution/slo/public/hooks/use_kibana.ts
index 20ec03497b0af..5880a52a11ee6 100644
--- a/x-pack/plugins/observability_solution/slo/public/utils/kibana_react.ts
+++ b/x-pack/plugins/observability_solution/slo/public/hooks/use_kibana.ts
@@ -8,14 +8,15 @@
 import { CoreStart } from '@kbn/core/public';
 import { useKibana } from '@kbn/kibana-react-plugin/public';
 import { Storage } from '@kbn/kibana-utils-plugin/public';
-import { SloPublicPluginsStart } from '../types';
+import { SLOPublicPluginsStart } from '../types';
 
-export type StartServices<AdditionalServices extends object = {}> = CoreStart &
-  SloPublicPluginsStart &
+type StartServices<AdditionalServices extends object = {}> = CoreStart &
+  SLOPublicPluginsStart &
   AdditionalServices & {
     storage: Storage;
     kibanaVersion: string;
   };
+
 const useTypedKibana = <AdditionalServices extends object = {}>() =>
   useKibana<StartServices<AdditionalServices>>();
 
diff --git a/x-pack/plugins/observability_solution/slo/public/hooks/use_license.ts b/x-pack/plugins/observability_solution/slo/public/hooks/use_license.ts
index 823c9e4135bf7..763e0bb1b0228 100644
--- a/x-pack/plugins/observability_solution/slo/public/hooks/use_license.ts
+++ b/x-pack/plugins/observability_solution/slo/public/hooks/use_license.ts
@@ -9,7 +9,7 @@ import { useCallback } from 'react';
 import { Observable } from 'rxjs';
 import useObservable from 'react-use/lib/useObservable';
 import type { ILicense, LicenseType } from '@kbn/licensing-plugin/public';
-import { useKibana } from '../utils/kibana_react';
+import { useKibana } from './use_kibana';
 
 interface UseLicenseReturnValue {
   getLicense: () => ILicense | null;
diff --git a/x-pack/plugins/observability_solution/slo/public/hooks/use_permissions.test.ts b/x-pack/plugins/observability_solution/slo/public/hooks/use_permissions.test.ts
index c9646c070dbbb..7d70e5f6460ff 100644
--- a/x-pack/plugins/observability_solution/slo/public/hooks/use_permissions.test.ts
+++ b/x-pack/plugins/observability_solution/slo/public/hooks/use_permissions.test.ts
@@ -5,11 +5,11 @@
  * 2.0.
  */
 import { sloFeatureId } from '@kbn/observability-shared-plugin/common';
-import { useKibana } from '../utils/kibana_react';
+import { useKibana } from './use_kibana';
 import { useFetchSloGlobalDiagnosis } from './use_fetch_global_diagnosis';
 import { usePermissions } from './use_permissions';
 
-jest.mock('../utils/kibana_react');
+jest.mock('./use_kibana');
 jest.mock('./use_fetch_global_diagnosis');
 
 const useKibanaMock = useKibana as jest.Mock;
diff --git a/x-pack/plugins/observability_solution/slo/public/hooks/use_permissions.ts b/x-pack/plugins/observability_solution/slo/public/hooks/use_permissions.ts
index 6e380fbe1a33e..efd6c6cab94c9 100644
--- a/x-pack/plugins/observability_solution/slo/public/hooks/use_permissions.ts
+++ b/x-pack/plugins/observability_solution/slo/public/hooks/use_permissions.ts
@@ -5,7 +5,7 @@
  * 2.0.
  */
 import { sloFeatureId } from '@kbn/observability-plugin/common';
-import { useKibana } from '../utils/kibana_react';
+import { useKibana } from './use_kibana';
 import { useFetchSloGlobalDiagnosis } from './use_fetch_global_diagnosis';
 
 export function usePermissions() {
diff --git a/x-pack/plugins/observability_solution/slo/public/hooks/use_reset_slo.ts b/x-pack/plugins/observability_solution/slo/public/hooks/use_reset_slo.ts
index 18d09d5859145..fdca20517102e 100644
--- a/x-pack/plugins/observability_solution/slo/public/hooks/use_reset_slo.ts
+++ b/x-pack/plugins/observability_solution/slo/public/hooks/use_reset_slo.ts
@@ -7,23 +7,27 @@
 import { IHttpFetchError, ResponseErrorBody } from '@kbn/core/public';
 import { i18n } from '@kbn/i18n';
 import { useMutation, useQueryClient } from '@tanstack/react-query';
-import { useKibana } from '../utils/kibana_react';
+import { ResetSLOResponse } from '@kbn/slo-schema';
+import { useKibana } from './use_kibana';
 import { sloKeys } from './query_key_factory';
+import { usePluginContext } from './use_plugin_context';
 
 type ServerError = IHttpFetchError<ResponseErrorBody>;
 
 export function useResetSlo() {
   const {
-    http,
     notifications: { toasts },
   } = useKibana().services;
   const queryClient = useQueryClient();
+  const { sloClient } = usePluginContext();
 
-  return useMutation<string, ServerError, { id: string; name: string }>(
+  return useMutation<ResetSLOResponse, ServerError, { id: string; name: string }>(
     ['resetSlo'],
     ({ id, name }) => {
       try {
-        return http.post(`/api/observability/slos/${id}/_reset`);
+        return sloClient.fetch('POST /api/observability/slos/{id}/_reset 2023-10-31', {
+          params: { path: { id } },
+        });
       } catch (error) {
         return Promise.reject(
           i18n.translate('xpack.slo.slo.reset.errorMessage', {
diff --git a/x-pack/plugins/observability_solution/slo/public/hooks/use_space.ts b/x-pack/plugins/observability_solution/slo/public/hooks/use_space.ts
index c52056f006de2..8e348c1772398 100644
--- a/x-pack/plugins/observability_solution/slo/public/hooks/use_space.ts
+++ b/x-pack/plugins/observability_solution/slo/public/hooks/use_space.ts
@@ -6,7 +6,7 @@
  */
 
 import { useState, useEffect } from 'react';
-import { useKibana } from '../utils/kibana_react';
+import { useKibana } from './use_kibana';
 
 export function useSpace() {
   const { spaces } = useKibana().services;
diff --git a/x-pack/plugins/observability_solution/slo/public/hooks/use_update_slo.ts b/x-pack/plugins/observability_solution/slo/public/hooks/use_update_slo.ts
index 21e9aa57c142d..2050b9cc101a7 100644
--- a/x-pack/plugins/observability_solution/slo/public/hooks/use_update_slo.ts
+++ b/x-pack/plugins/observability_solution/slo/public/hooks/use_update_slo.ts
@@ -10,9 +10,10 @@ import { i18n } from '@kbn/i18n';
 import { encode } from '@kbn/rison';
 import type { FindSLOResponse, UpdateSLOInput, UpdateSLOResponse } from '@kbn/slo-schema';
 import { QueryKey, useMutation, useQueryClient } from '@tanstack/react-query';
-import { useKibana } from '../utils/kibana_react';
 import { paths } from '../../common/locators/paths';
+import { useKibana } from './use_kibana';
 import { sloKeys } from './query_key_factory';
+import { usePluginContext } from './use_plugin_context';
 
 type ServerError = IHttpFetchError<ResponseErrorBody>;
 
@@ -23,6 +24,7 @@ export function useUpdateSlo() {
     notifications: { toasts },
   } = useKibana().services;
   const queryClient = useQueryClient();
+  const { sloClient } = usePluginContext();
 
   return useMutation<
     UpdateSLOResponse,
@@ -32,8 +34,9 @@ export function useUpdateSlo() {
   >(
     ['updateSlo'],
     ({ sloId, slo }) => {
-      const body = JSON.stringify(slo);
-      return http.put<UpdateSLOResponse>(`/api/observability/slos/${sloId}`, { body });
+      return sloClient.fetch('PUT /api/observability/slos/{id} 2023-10-31', {
+        params: { path: { id: sloId }, body: slo },
+      });
     },
     {
       onSuccess: (_data, { slo: { name } }) => {
diff --git a/x-pack/plugins/observability_solution/slo/public/index.ts b/x-pack/plugins/observability_solution/slo/public/index.ts
index e57edb2205208..7d01e9c418fb5 100644
--- a/x-pack/plugins/observability_solution/slo/public/index.ts
+++ b/x-pack/plugins/observability_solution/slo/public/index.ts
@@ -5,20 +5,26 @@
  * 2.0.
  */
 import { PluginInitializer, PluginInitializerContext } from '@kbn/core/public';
-import { SloPlugin } from './plugin';
+import { SLOPlugin } from './plugin';
 import type {
-  SloPublicSetup,
-  SloPublicStart,
-  SloPublicPluginsSetup,
-  SloPublicPluginsStart,
+  SLOPublicSetup,
+  SLOPublicStart,
+  SLOPublicPluginsSetup,
+  SLOPublicPluginsStart,
 } from './types';
 
 export const plugin: PluginInitializer<
-  SloPublicSetup,
-  SloPublicStart,
-  SloPublicPluginsSetup,
-  SloPublicPluginsStart
+  SLOPublicSetup,
+  SLOPublicStart,
+  SLOPublicPluginsSetup,
+  SLOPublicPluginsStart
 > = (initializerContext: PluginInitializerContext) => {
-  return new SloPlugin(initializerContext);
+  return new SLOPlugin(initializerContext);
 };
-export type { SloPublicPluginsSetup, SloPublicPluginsStart, SloPublicStart } from './types';
+
+export type {
+  SLOPublicPluginsSetup,
+  SLOPublicPluginsStart,
+  SLOPublicStart,
+  SLOPublicSetup,
+} from './types';
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/burn_rate_panel/burn_rate_panel.tsx b/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/burn_rate_panel/burn_rate_panel.tsx
new file mode 100644
index 0000000000000..6b95c84abd59a
--- /dev/null
+++ b/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/burn_rate_panel/burn_rate_panel.tsx
@@ -0,0 +1,133 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { EuiButtonGroup, EuiFlexGroup, EuiFlexItem, EuiPanel, EuiTitle } from '@elastic/eui';
+import { i18n } from '@kbn/i18n';
+import { SLOWithSummaryResponse } from '@kbn/slo-schema';
+import moment from 'moment';
+import React, { useEffect, useState } from 'react';
+import { ErrorRateChart } from '../../../../components/slo/error_rate_chart';
+import { useFetchSloBurnRates } from '../../../../hooks/use_fetch_slo_burn_rates';
+import { BurnRateWindow, useFetchBurnRateWindows } from '../../hooks/use_fetch_burn_rate_windows';
+import { BurnRateStatus } from './burn_rate_status';
+import { getStatus } from './utils';
+
+interface Props {
+  slo: SLOWithSummaryResponse;
+  isAutoRefreshing?: boolean;
+}
+
+export function BurnRatePanel({ slo, isAutoRefreshing }: Props) {
+  const burnRateWindows = useFetchBurnRateWindows(slo);
+  const [selectedWindow, setSelectedwindow] = useState(burnRateWindows[0]);
+  const { isLoading, data } = useFetchSloBurnRates({
+    slo,
+    shouldRefetch: isAutoRefreshing,
+    windows: toPayload(burnRateWindows),
+  });
+
+  useEffect(() => {
+    if (burnRateWindows.length > 0) {
+      setSelectedwindow(burnRateWindows[0]);
+    }
+  }, [burnRateWindows]);
+
+  const onBurnRateOptionChange = (windowName: string) => {
+    const selected = burnRateWindows.find((opt) => opt.name === windowName) ?? burnRateWindows[0];
+    setSelectedwindow(selected);
+  };
+
+  const threshold = selectedWindow.threshold;
+  const longWindowBurnRate =
+    data?.burnRates.find((curr) => curr.name === longWindowName(selectedWindow.name))?.burnRate ??
+    0;
+  const shortWindowbBurnRate =
+    data?.burnRates.find((curr) => curr.name === shortWindowName(selectedWindow.name))?.burnRate ??
+    0;
+
+  const currentStatus = getStatus(threshold, longWindowBurnRate, shortWindowbBurnRate);
+
+  return (
+    <EuiPanel paddingSize="m" color="transparent" hasBorder data-test-subj="burnRatePanel">
+      <EuiFlexGroup direction="column" gutterSize="m">
+        <EuiFlexGroup justifyContent="spaceBetween">
+          <EuiFlexItem grow={false}>
+            <EuiTitle size="xs">
+              <h2>
+                {i18n.translate('xpack.slo.burnRates.burnRatePanelTitle', {
+                  defaultMessage: 'Burn rate',
+                })}
+              </h2>
+            </EuiTitle>
+          </EuiFlexItem>
+          <EuiFlexItem grow={false}>
+            <EuiButtonGroup
+              legend={i18n.translate('xpack.slo.burnRate.timeRangeBtnLegend', {
+                defaultMessage: 'Select the time range',
+              })}
+              options={burnRateWindows.map((burnRateWindow) => ({
+                id: burnRateWindow.name,
+                label: burnRateWindowLabel(burnRateWindow),
+                'aria-label': burnRateWindowLabel(burnRateWindow),
+              }))}
+              idSelected={selectedWindow.name}
+              onChange={onBurnRateOptionChange}
+              buttonSize="compressed"
+            />
+          </EuiFlexItem>
+        </EuiFlexGroup>
+        <EuiFlexGroup direction="row" gutterSize="m">
+          <EuiFlexItem grow={1}>
+            <BurnRateStatus
+              selectedWindow={selectedWindow}
+              shortWindowBurnRate={shortWindowbBurnRate}
+              longWindowBurnRate={longWindowBurnRate}
+              isLoading={isLoading}
+            />
+          </EuiFlexItem>
+
+          <EuiFlexItem grow={3}>
+            <ErrorRateChart
+              slo={slo}
+              dataTimeRange={{
+                from: moment()
+                  .subtract(selectedWindow.longWindow.value, selectedWindow.longWindow.unit)
+                  .toDate(),
+                to: new Date(),
+              }}
+              threshold={threshold}
+              variant={currentStatus === 'BREACHED' ? 'danger' : 'success'}
+            />
+          </EuiFlexItem>
+        </EuiFlexGroup>
+      </EuiFlexGroup>
+    </EuiPanel>
+  );
+}
+
+const burnRateWindowLabel = (option: BurnRateWindow) =>
+  i18n.translate('xpack.slo.burnRates.optionLabel', {
+    defaultMessage: '{duration, plural, one {# hour} other {# hours}}',
+    values: { duration: option.longWindow.value },
+  });
+
+const longWindowName = (window: string) => `${window}_LONG`;
+const shortWindowName = (window: string) => `${window}_SHORT`;
+const toPayload = (
+  burnRateWindows: BurnRateWindow[]
+): Array<{ name: string; duration: string }> => {
+  return burnRateWindows.flatMap((window) => [
+    {
+      name: longWindowName(window.name),
+      duration: `${window.longWindow.value}${window.longWindow.unit}`,
+    },
+    {
+      name: shortWindowName(window.name),
+      duration: `${window.shortWindow.value}${window.shortWindow.unit}`,
+    },
+  ]);
+};
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/burn_rate_panel/burn_rate_status.test.tsx b/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/burn_rate_panel/burn_rate_status.test.tsx
new file mode 100644
index 0000000000000..a8455dcbc42fc
--- /dev/null
+++ b/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/burn_rate_panel/burn_rate_status.test.tsx
@@ -0,0 +1,91 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { screen } from '@testing-library/react';
+import React from 'react';
+import { render } from '../../../../utils/test_helper';
+import { DEFAULT_BURN_RATE_WINDOWS } from '../../hooks/use_fetch_burn_rate_windows';
+import { BurnRateStatus } from './burn_rate_status';
+
+describe('BurnRateStatus', () => {
+  it('displays loading spinner when burn rates are being fetched', async () => {
+    render(
+      <BurnRateStatus
+        isLoading={true}
+        shortWindowBurnRate={0}
+        longWindowBurnRate={0}
+        selectedWindow={DEFAULT_BURN_RATE_WINDOWS[0]}
+      />
+    );
+
+    expect(screen.queryByTestId('loadingSpinner')).toBeDefined();
+  });
+
+  it("displays the 'breached' status", async () => {
+    render(
+      <BurnRateStatus
+        isLoading={false}
+        shortWindowBurnRate={18.45}
+        longWindowBurnRate={22.32}
+        selectedWindow={DEFAULT_BURN_RATE_WINDOWS[0]}
+      />
+    );
+
+    expect(screen.queryByTestId('title')).toHaveTextContent('Breached');
+    expect(screen.queryByTestId('description')).toHaveTextContent(
+      'The 1h burn rate is 22.32x and the 5m burn rate is 18.45x.'
+    );
+  });
+
+  it("displays the 'recovering' status", async () => {
+    render(
+      <BurnRateStatus
+        isLoading={false}
+        shortWindowBurnRate={1.2}
+        longWindowBurnRate={22.32}
+        selectedWindow={DEFAULT_BURN_RATE_WINDOWS[0]}
+      />
+    );
+
+    expect(screen.queryByTestId('title')).toHaveTextContent('Recovering');
+    expect(screen.queryByTestId('description')).toHaveTextContent(
+      'The 1h burn rate is 22.32x and the 5m burn rate is 1.2x.'
+    );
+  });
+
+  it("displays the 'Increasing' status", async () => {
+    render(
+      <BurnRateStatus
+        isLoading={false}
+        shortWindowBurnRate={18.45}
+        longWindowBurnRate={1.32}
+        selectedWindow={DEFAULT_BURN_RATE_WINDOWS[0]}
+      />
+    );
+
+    expect(screen.queryByTestId('title')).toHaveTextContent('Increasing');
+    expect(screen.queryByTestId('description')).toHaveTextContent(
+      'The 1h burn rate is 1.32x and the 5m burn rate is 18.45x.'
+    );
+  });
+
+  it("displays the 'Acceptable' status", async () => {
+    render(
+      <BurnRateStatus
+        isLoading={false}
+        shortWindowBurnRate={1.45}
+        longWindowBurnRate={2.32}
+        selectedWindow={DEFAULT_BURN_RATE_WINDOWS[0]}
+      />
+    );
+
+    expect(screen.queryByTestId('title')).toHaveTextContent('Acceptable value');
+    expect(screen.queryByTestId('description')).toHaveTextContent(
+      'The 1h burn rate is 2.32x and the 5m burn rate is 1.45x.'
+    );
+  });
+});
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/burn_rate_panel/burn_rate_status.tsx b/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/burn_rate_panel/burn_rate_status.tsx
new file mode 100644
index 0000000000000..ed2be19aa76fd
--- /dev/null
+++ b/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/burn_rate_panel/burn_rate_status.tsx
@@ -0,0 +1,129 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import {
+  EuiFlexGroup,
+  EuiFlexItem,
+  EuiLoadingSpinner,
+  EuiPanel,
+  EuiStat,
+  EuiText,
+  EuiTextColor,
+} from '@elastic/eui';
+import numeral from '@elastic/numeral';
+import { i18n } from '@kbn/i18n';
+import React from 'react';
+import { BurnRateWindow } from '../../hooks/use_fetch_burn_rate_windows';
+import { getStatus } from './utils';
+
+export interface BurnRateParams {
+  isLoading: boolean;
+  selectedWindow: BurnRateWindow;
+  longWindowBurnRate: number;
+  shortWindowBurnRate: number;
+}
+
+export type Status = 'BREACHED' | 'RECOVERING' | 'INCREASING' | 'ACCEPTABLE';
+
+export function BurnRateStatus({
+  selectedWindow,
+  longWindowBurnRate,
+  shortWindowBurnRate,
+  isLoading,
+}: BurnRateParams) {
+  const threshold = selectedWindow.threshold;
+  const status = getStatus(threshold, longWindowBurnRate, shortWindowBurnRate);
+  const color = getColor(status);
+
+  if (isLoading) {
+    return <EuiLoadingSpinner size="m" data-test-subj="loadingSpinner" />;
+  }
+
+  return (
+    <EuiPanel color={color} hasShadow={false}>
+      <EuiFlexGroup justifyContent="spaceBetween" direction="column" style={{ minHeight: '100%' }}>
+        <EuiFlexGroup direction="column" gutterSize="xs">
+          <EuiFlexItem>
+            <EuiText color="default" size="m" data-test-subj="title">
+              <h5>{getTitle(status)}</h5>
+            </EuiText>
+          </EuiFlexItem>
+          <EuiFlexItem>
+            <EuiText color="subdued" size="s" data-test-subj="description">
+              {getDescription(shortWindowBurnRate, longWindowBurnRate, selectedWindow)}
+            </EuiText>
+          </EuiFlexItem>
+        </EuiFlexGroup>
+
+        <EuiFlexGroup direction="row" justifyContent="flexEnd" alignItems="flexEnd">
+          <EuiFlexItem grow={false}>
+            <EuiStat
+              title={`${numeral(threshold).format('0.[00]')}x`}
+              titleColor="default"
+              titleSize="s"
+              textAlign="right"
+              isLoading={isLoading}
+              data-test-subj="threshold"
+              description={
+                <EuiTextColor color="default">
+                  <span>
+                    {i18n.translate('xpack.slo.burnRate.thresholdLabel', {
+                      defaultMessage: 'Threshold',
+                    })}
+                  </span>
+                </EuiTextColor>
+              }
+            />
+          </EuiFlexItem>
+        </EuiFlexGroup>
+      </EuiFlexGroup>
+    </EuiPanel>
+  );
+}
+
+function getColor(status: Status) {
+  return status === 'BREACHED' ? 'danger' : status === 'INCREASING' ? 'warning' : 'success';
+}
+
+function getTitle(status: Status): string {
+  switch (status) {
+    case 'BREACHED':
+      return i18n.translate('xpack.slo.burnRate.breachedStatusTitle', {
+        defaultMessage: 'Breached',
+      });
+    case 'INCREASING':
+      return i18n.translate('xpack.slo.burnRate.increasingStatusTitle', {
+        defaultMessage: 'Increasing',
+      });
+    case 'RECOVERING':
+      return i18n.translate('xpack.slo.burnRate.recoveringStatusTitle', {
+        defaultMessage: 'Recovering',
+      });
+    case 'ACCEPTABLE':
+    default:
+      return i18n.translate('xpack.slo.burnRate.acceptableStatusTitle', {
+        defaultMessage: 'Acceptable value',
+      });
+  }
+}
+
+function getDescription(
+  shortWindowBurnRate: number,
+  longWindowBurnRate: number,
+  selectedWindow: BurnRateWindow
+): string {
+  return i18n.translate('xpack.slo.burnRate.subtitle', {
+    defaultMessage:
+      'The {longWindowDuration} burn rate is {longWindowBurnRate}x and the {shortWindowDuration} burn rate is {shortWindowBurnRate}x.',
+    values: {
+      longWindowDuration: `${selectedWindow.longWindow.value}${selectedWindow.longWindow.unit}`,
+      longWindowBurnRate: numeral(longWindowBurnRate).format('0.[00]'),
+      shortWindowDuration: `${selectedWindow.shortWindow.value}${selectedWindow.shortWindow.unit}`,
+      shortWindowBurnRate: numeral(shortWindowBurnRate).format('0.[00]'),
+    },
+  });
+}
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/burn_rate_panel/utils.ts b/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/burn_rate_panel/utils.ts
new file mode 100644
index 0000000000000..028231d5327b2
--- /dev/null
+++ b/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/burn_rate_panel/utils.ts
@@ -0,0 +1,27 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { Status } from './burn_rate_status';
+
+export function getStatus(
+  threshold: number,
+  longWindowBurnRate: number,
+  shortWindowBurnRate: number
+): Status {
+  const isLongWindowBurnRateAboveThreshold = longWindowBurnRate > threshold;
+  const isShortWindowBurnRateAboveThreshold = shortWindowBurnRate > threshold;
+  const areBothBurnRatesAboveThreshold =
+    isLongWindowBurnRateAboveThreshold && isShortWindowBurnRateAboveThreshold;
+
+  return areBothBurnRatesAboveThreshold
+    ? 'BREACHED'
+    : isLongWindowBurnRateAboveThreshold && !isShortWindowBurnRateAboveThreshold
+    ? 'RECOVERING'
+    : !isLongWindowBurnRateAboveThreshold && isShortWindowBurnRateAboveThreshold
+    ? 'INCREASING'
+    : 'ACCEPTABLE';
+}
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/error_budget_chart.tsx b/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/error_budget_chart.tsx
index 8b15c809ab1d0..4f6b5a159c62a 100644
--- a/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/error_budget_chart.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/error_budget_chart.tsx
@@ -12,7 +12,7 @@ import numeral from '@elastic/numeral';
 import { SLOWithSummaryResponse } from '@kbn/slo-schema';
 import { TimeBounds } from '../types';
 import { SloTabId } from './slo_details';
-import { useKibana } from '../../../utils/kibana_react';
+import { useKibana } from '../../../hooks/use_kibana';
 import { toDuration, toMinutes } from '../../../utils/slo/duration';
 import { ChartData } from '../../../typings/slo';
 import { WideChart } from './wide_chart';
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/error_budget_chart_panel.tsx b/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/error_budget_chart_panel.tsx
index b8ffb2f30a79e..72c6cf30c9de6 100644
--- a/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/error_budget_chart_panel.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/error_budget_chart_panel.tsx
@@ -16,7 +16,7 @@ import React, { useState, useCallback } from 'react';
 import { SaveModalDashboardProps } from '@kbn/presentation-util-plugin/public';
 import { TimeBounds } from '../types';
 import { SloTabId } from './slo_details';
-import { useKibana } from '../../../utils/kibana_react';
+import { useKibana } from '../../../hooks/use_kibana';
 import { ChartData } from '../../../typings/slo';
 import { ErrorBudgetChart } from './error_budget_chart';
 import { ErrorBudgetHeader } from './error_budget_header';
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/error_budget_header.test.tsx b/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/error_budget_header.test.tsx
index 65a4033314972..533fd6b499a7a 100644
--- a/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/error_budget_header.test.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/error_budget_header.test.tsx
@@ -7,12 +7,12 @@
 
 import React from 'react';
 import { screen } from '@testing-library/react';
-import { useKibana } from '../../../utils/kibana_react';
+import { useKibana } from '../../../hooks/use_kibana';
 import { render } from '../../../utils/test_helper';
 import { buildSlo } from '../../../data/slo/slo';
 import { ErrorBudgetHeader } from './error_budget_header';
 
-jest.mock('../../../utils/kibana_react');
+jest.mock('../../../hooks/use_kibana');
 const useKibanaMock = useKibana as jest.Mock;
 
 describe('In Observability Context', () => {
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/error_budget_header.tsx b/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/error_budget_header.tsx
index 4a484d9df013f..11d1b1e600b0d 100644
--- a/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/error_budget_header.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/error_budget_header.tsx
@@ -10,7 +10,7 @@ import { EuiFlexGroup, EuiFlexItem, EuiText, EuiTitle } from '@elastic/eui';
 import { i18n } from '@kbn/i18n';
 import { rollingTimeWindowTypeSchema, SLOWithSummaryResponse } from '@kbn/slo-schema';
 import { SloTabId } from './slo_details';
-import { useKibana } from '../../../utils/kibana_react';
+import { useKibana } from '../../../hooks/use_kibana';
 import { toDurationAdverbLabel, toDurationLabel } from '../../../utils/slo/labels';
 
 import { ErrorBudgetActions } from './error_budget_actions';
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/events_area_chart.tsx b/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/events_area_chart.tsx
index 01496c6471d89..364e775eaf0e4 100644
--- a/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/events_area_chart.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/events_area_chart.tsx
@@ -16,7 +16,7 @@ import { useActiveCursor } from '@kbn/charts-plugin/public';
 import moment from 'moment';
 import { getBrushTimeBounds } from '../../../utils/slo/duration';
 import { TimeBounds } from '../types';
-import { useKibana } from '../../../utils/kibana_react';
+import { useKibana } from '../../../hooks/use_kibana';
 
 export function EventsAreaChart({
   slo,
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/events_chart_panel.tsx b/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/events_chart_panel.tsx
index 4b393e307deb3..3ea9cb30627ad 100644
--- a/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/events_chart_panel.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/events_chart_panel.tsx
@@ -25,7 +25,7 @@ import { EventsAreaChart } from './events_area_chart';
 import { TimeBounds } from '../types';
 import { SloTabId } from './slo_details';
 import { useGetPreviewData } from '../../../hooks/use_get_preview_data';
-import { useKibana } from '../../../utils/kibana_react';
+import { useKibana } from '../../../hooks/use_kibana';
 import { GoodBadEventsChart } from '../../../components/good_bad_events_chart/good_bad_events_chart';
 import { getDiscoverLink } from '../../../utils/slo/get_discover_link';
 
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/header_control.tsx b/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/header_control.tsx
index fb1e524e3e170..e4ccb4f0cbf26 100644
--- a/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/header_control.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/header_control.tsx
@@ -24,7 +24,7 @@ import { useCloneSlo } from '../../../hooks/use_clone_slo';
 import { useFetchRulesForSlo } from '../../../hooks/use_fetch_rules_for_slo';
 import { usePermissions } from '../../../hooks/use_permissions';
 import { useResetSlo } from '../../../hooks/use_reset_slo';
-import { useKibana } from '../../../utils/kibana_react';
+import { useKibana } from '../../../hooks/use_kibana';
 import { convertSliApmParamsToApmAppDeeplinkUrl } from '../../../utils/slo/convert_sli_apm_params_to_apm_app_deeplink_url';
 import { isApmIndicatorType } from '../../../utils/slo/indicator';
 import { EditBurnRateRuleFlyout } from '../../slos/components/common/edit_burn_rate_rule_flyout';
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/history/slo_details_history.tsx b/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/history/slo_details_history.tsx
index 7ecf4d4672775..b4d45269b15d4 100644
--- a/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/history/slo_details_history.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/history/slo_details_history.tsx
@@ -7,17 +7,18 @@
 import {
   EuiFlexGroup,
   EuiFlexItem,
-  EuiSpacer,
+  EuiPanel,
   EuiSuperDatePicker,
+  EuiTitle,
   OnRefreshProps,
   OnTimeChangeProps,
 } from '@elastic/eui';
 import DateMath from '@kbn/datemath';
+import { i18n } from '@kbn/i18n';
 import { SLOWithSummaryResponse } from '@kbn/slo-schema';
 import React, { useMemo, useState } from 'react';
-import { BurnRates } from '../../../../components/slo/burn_rate/burn_rates';
-import { useKibana } from '../../../../utils/kibana_react';
-import { useBurnRateOptions } from '../../hooks/use_burn_rate_options';
+import { ErrorRateChart } from '../../../../components/slo/error_rate_chart';
+import { useKibana } from '../../../../hooks/use_kibana';
 import { TimeBounds } from '../../types';
 import { EventsChartPanel } from '../events_chart_panel';
 import { HistoricalDataCharts } from '../historical_data_charts';
@@ -31,7 +32,6 @@ export interface Props {
 
 export function SLODetailsHistory({ slo, isAutoRefreshing, selectedTabId }: Props) {
   const { uiSettings } = useKibana().services;
-  const { burnRateOptions } = useBurnRateOptions(slo);
   const [start, setStart] = useState(`now-${slo.timeWindow.duration}`);
   const [end, setEnd] = useState('now');
 
@@ -55,7 +55,7 @@ export function SLODetailsHistory({ slo, isAutoRefreshing, selectedTabId }: Prop
   };
 
   return (
-    <>
+    <EuiFlexGroup direction="column" gutterSize="l">
       <EuiFlexGroup justifyContent="flexEnd">
         <EuiFlexItem
           grow
@@ -83,35 +83,40 @@ export function SLODetailsHistory({ slo, isAutoRefreshing, selectedTabId }: Prop
         </EuiFlexItem>
       </EuiFlexGroup>
 
-      <EuiSpacer size="l" />
-
-      <EuiFlexGroup direction="column" gutterSize="l">
-        <EuiFlexItem>
-          <BurnRates
-            slo={slo}
-            isAutoRefreshing={isAutoRefreshing}
-            burnRateOptions={burnRateOptions}
-            selectedTabId={selectedTabId}
-            range={range}
-            onBrushed={onBrushed}
-          />
-        </EuiFlexItem>
-        <HistoricalDataCharts
-          slo={slo}
-          selectedTabId={selectedTabId}
-          isAutoRefreshing={isAutoRefreshing}
-          range={range}
-          onBrushed={onBrushed}
-        />
-        <EuiFlexItem>
-          <EventsChartPanel
+      <EuiPanel paddingSize="m" color="transparent" hasBorder data-test-subj="errorRatePanel">
+        <EuiFlexGroup direction="column" gutterSize="m">
+          <EuiFlexItem grow={false}>
+            <EuiTitle size="xs">
+              <h2>
+                {i18n.translate('xpack.slo.sloDetailsHistory.h2.errorRatePanelTitle', {
+                  defaultMessage: 'Error rate',
+                })}
+              </h2>
+            </EuiTitle>
+          </EuiFlexItem>
+          <ErrorRateChart
             slo={slo}
-            range={range}
-            selectedTabId={selectedTabId}
+            dataTimeRange={range}
             onBrushed={onBrushed}
+            variant={['VIOLATED', 'DEGRADING'].includes(slo.summary.status) ? 'danger' : 'success'}
           />
-        </EuiFlexItem>
-      </EuiFlexGroup>
-    </>
+        </EuiFlexGroup>
+      </EuiPanel>
+
+      <HistoricalDataCharts
+        slo={slo}
+        selectedTabId={selectedTabId}
+        isAutoRefreshing={isAutoRefreshing}
+        range={range}
+        onBrushed={onBrushed}
+      />
+
+      <EventsChartPanel
+        slo={slo}
+        range={range}
+        selectedTabId={selectedTabId}
+        onBrushed={onBrushed}
+      />
+    </EuiFlexGroup>
   );
 }
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/overview/apm_indicator_overview.tsx b/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/overview/apm_indicator_overview.tsx
index 6520c061d6d07..be1cc2b15fd8a 100644
--- a/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/overview/apm_indicator_overview.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/overview/apm_indicator_overview.tsx
@@ -14,7 +14,7 @@ import {
   SLOWithSummaryResponse,
 } from '@kbn/slo-schema';
 import React from 'react';
-import { useKibana } from '../../../../utils/kibana_react';
+import { useKibana } from '../../../../hooks/use_kibana';
 import { convertSliApmParamsToApmAppDeeplinkUrl } from '../../../../utils/slo/convert_sli_apm_params_to_apm_app_deeplink_url';
 import { OverviewItem } from './overview_item';
 
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/overview/display_query.tsx b/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/overview/display_query.tsx
index 0d6674cc4036c..db85ad817f464 100644
--- a/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/overview/display_query.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/overview/display_query.tsx
@@ -10,7 +10,7 @@ import { QuerySchema } from '@kbn/slo-schema';
 import { EuiCodeBlock, EuiFlexGroup, EuiFlexItem, EuiSpacer } from '@elastic/eui';
 import { FilterItem } from '@kbn/unified-search-plugin/public';
 import { injectI18n } from '@kbn/i18n-react';
-import { useKibana } from '../../../../utils/kibana_react';
+import { useKibana } from '../../../../hooks/use_kibana';
 import { useCreateDataView } from '../../../../hooks/use_create_data_view';
 
 const FilterItemI18n = injectI18n(FilterItem);
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/overview/overview.tsx b/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/overview/overview.tsx
index c974c91b00a69..34f3b0132dc8a 100644
--- a/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/overview/overview.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/overview/overview.tsx
@@ -17,7 +17,7 @@ import {
 import React from 'react';
 import { TagsList } from '@kbn/observability-shared-plugin/public';
 import { DisplayQuery } from './display_query';
-import { useKibana } from '../../../../utils/kibana_react';
+import { useKibana } from '../../../../hooks/use_kibana';
 import {
   BUDGETING_METHOD_OCCURRENCES,
   BUDGETING_METHOD_TIMESLICES,
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/overview/synthetics_indicator_overview.tsx b/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/overview/synthetics_indicator_overview.tsx
index a475428a6005b..6083d988a8b98 100644
--- a/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/overview/synthetics_indicator_overview.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/overview/synthetics_indicator_overview.tsx
@@ -10,7 +10,7 @@ import { i18n } from '@kbn/i18n';
 import { syntheticsAvailabilityIndicatorSchema, SLOWithSummaryResponse } from '@kbn/slo-schema';
 import React from 'react';
 import { syntheticsMonitorDetailLocatorID } from '@kbn/observability-plugin/common';
-import { useKibana } from '../../../../utils/kibana_react';
+import { useKibana } from '../../../../hooks/use_kibana';
 import { OverviewItem } from './overview_item';
 
 interface Props {
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/sli_chart_panel.tsx b/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/sli_chart_panel.tsx
index 9a7c814630aae..0225c380737a4 100644
--- a/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/sli_chart_panel.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/sli_chart_panel.tsx
@@ -12,7 +12,7 @@ import { rollingTimeWindowTypeSchema, SLOWithSummaryResponse } from '@kbn/slo-sc
 import React from 'react';
 import { TimeBounds } from '../types';
 import { SloTabId } from './slo_details';
-import { useKibana } from '../../../utils/kibana_react';
+import { useKibana } from '../../../hooks/use_kibana';
 import { ChartData } from '../../../typings/slo';
 import { toDurationAdverbLabel, toDurationLabel } from '../../../utils/slo/labels';
 import { WideChart } from './wide_chart';
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/slo_detail_alerts.tsx b/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/slo_detail_alerts.tsx
index 7e002d1cac7d1..3aa94c00b6441 100644
--- a/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/slo_detail_alerts.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/slo_detail_alerts.tsx
@@ -10,7 +10,7 @@ import { AlertConsumers } from '@kbn/rule-data-utils';
 
 import { ALL_VALUE, SLOWithSummaryResponse } from '@kbn/slo-schema';
 import { SLO_ALERTS_TABLE_ID } from '@kbn/observability-shared-plugin/common';
-import { useKibana } from '../../../utils/kibana_react';
+import { useKibana } from '../../../hooks/use_kibana';
 
 export interface Props {
   slo: SLOWithSummaryResponse;
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/slo_details.tsx b/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/slo_details.tsx
index 249984fb3ed56..498123b0d633c 100644
--- a/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/slo_details.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/slo_details.tsx
@@ -5,12 +5,11 @@
  * 2.0.
  */
 
-import { EuiFlexGroup, EuiFlexItem } from '@elastic/eui';
+import { EuiFlexGroup } from '@elastic/eui';
 import { SLOWithSummaryResponse } from '@kbn/slo-schema';
 import moment from 'moment';
 import React, { useEffect, useState } from 'react';
-import { BurnRates } from '../../../components/slo/burn_rate/burn_rates';
-import { useBurnRateOptions } from '../hooks/use_burn_rate_options';
+import { BurnRatePanel } from './burn_rate_panel/burn_rate_panel';
 import { EventsChartPanel } from './events_chart_panel';
 import { HistoricalDataCharts } from './historical_data_charts';
 import { SLODetailsHistory } from './history/slo_details_history';
@@ -32,8 +31,6 @@ export interface Props {
   selectedTabId: SloTabId;
 }
 export function SloDetails({ slo, isAutoRefreshing, selectedTabId }: Props) {
-  const { burnRateOptions } = useBurnRateOptions(slo);
-
   const [range, setRange] = useState<{ from: Date; to: Date }>({
     from: moment().subtract(1, 'day').toDate(),
     to: new Date(),
@@ -50,39 +47,37 @@ export function SloDetails({ slo, isAutoRefreshing, selectedTabId }: Props) {
     return () => clearInterval(intervalId);
   }, [isAutoRefreshing]);
 
-  return selectedTabId === OVERVIEW_TAB_ID ? (
+  if (selectedTabId === HISTORY_TAB_ID) {
+    return (
+      <SLODetailsHistory
+        slo={slo}
+        isAutoRefreshing={isAutoRefreshing}
+        selectedTabId={selectedTabId}
+      />
+    );
+  }
+
+  if (selectedTabId === ALERTS_TAB_ID) {
+    return <SloDetailsAlerts slo={slo} />;
+  }
+
+  return (
     <EuiFlexGroup direction="column" gutterSize="xl">
       <SloRemoteCallout slo={slo} />
       <SloHealthCallout slo={slo} />
-      <EuiFlexItem>
-        <Overview slo={slo} />
-      </EuiFlexItem>
+      <Overview slo={slo} />
+
       <EuiFlexGroup direction="column" gutterSize="l">
-        <EuiFlexItem>
-          <BurnRates
-            slo={slo}
-            isAutoRefreshing={isAutoRefreshing}
-            burnRateOptions={burnRateOptions}
-            selectedTabId={selectedTabId}
-          />
-        </EuiFlexItem>
+        <BurnRatePanel slo={slo} isAutoRefreshing={isAutoRefreshing} />
+
         <HistoricalDataCharts
           slo={slo}
           selectedTabId={selectedTabId}
           isAutoRefreshing={isAutoRefreshing}
         />
-        <EuiFlexItem>
-          <EventsChartPanel slo={slo} range={range} selectedTabId={selectedTabId} />
-        </EuiFlexItem>
+
+        <EventsChartPanel slo={slo} range={range} selectedTabId={selectedTabId} />
       </EuiFlexGroup>
     </EuiFlexGroup>
-  ) : selectedTabId === ALERTS_TAB_ID ? (
-    <SloDetailsAlerts slo={slo} />
-  ) : (
-    <SLODetailsHistory
-      slo={slo}
-      isAutoRefreshing={isAutoRefreshing}
-      selectedTabId={selectedTabId}
-    />
   );
 }
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/slo_health_callout.tsx b/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/slo_health_callout.tsx
index 0b9e312910319..ab34e2428786c 100644
--- a/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/slo_health_callout.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/slo_health_callout.tsx
@@ -19,7 +19,7 @@ import { SLOWithSummaryResponse } from '@kbn/slo-schema';
 import React from 'react';
 import { getSLOSummaryTransformId, getSLOTransformId } from '../../../../common/constants';
 import { useFetchSloHealth } from '../../../hooks/use_fetch_slo_health';
-import { useKibana } from '../../../utils/kibana_react';
+import { useKibana } from '../../../hooks/use_kibana';
 
 export function SloHealthCallout({ slo }: { slo: SLOWithSummaryResponse }) {
   const { http } = useKibana().services;
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/wide_chart.tsx b/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/wide_chart.tsx
index faff275ffbeac..b1354205990af 100644
--- a/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/wide_chart.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/wide_chart.tsx
@@ -26,7 +26,7 @@ import { useAnnotations } from '@kbn/observability-plugin/public';
 import { SLOWithSummaryResponse } from '@kbn/slo-schema';
 import { getBrushTimeBounds } from '../../../utils/slo/duration';
 import { TimeBounds } from '../types';
-import { useKibana } from '../../../utils/kibana_react';
+import { useKibana } from '../../../hooks/use_kibana';
 import { ChartData } from '../../../typings';
 
 type ChartType = 'area' | 'line';
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slo_details/hooks/use_burn_rate_options.ts b/x-pack/plugins/observability_solution/slo/public/pages/slo_details/hooks/use_burn_rate_options.ts
deleted file mode 100644
index 1bb86de617fac..0000000000000
--- a/x-pack/plugins/observability_solution/slo/public/pages/slo_details/hooks/use_burn_rate_options.ts
+++ /dev/null
@@ -1,92 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { htmlIdGenerator } from '@elastic/eui';
-import { i18n } from '@kbn/i18n';
-import { SLOWithSummaryResponse } from '@kbn/slo-schema';
-import { BurnRateOption } from '../../../components/slo/burn_rate/burn_rates';
-import { useFetchRulesForSlo } from '../../../hooks/use_fetch_rules_for_slo';
-
-export const DEFAULT_BURN_RATE_OPTIONS: BurnRateOption[] = [
-  {
-    id: htmlIdGenerator()(),
-    label: i18n.translate('xpack.slo.burnRates.fromRange.label', {
-      defaultMessage: '{duration} hour',
-      values: { duration: 1 },
-    }),
-    ariaLabel: i18n.translate('xpack.slo.burnRates.fromRange.label', {
-      defaultMessage: '{duration} hour',
-      values: { duration: 1 },
-    }),
-    windowName: 'CRITICAL',
-    threshold: 14.4,
-    duration: 1,
-  },
-  {
-    id: htmlIdGenerator()(),
-    label: i18n.translate('xpack.slo.burnRates.fromRange.label', {
-      defaultMessage: '{duration} hours',
-      values: { duration: 6 },
-    }),
-    ariaLabel: i18n.translate('xpack.slo.burnRates.fromRange.label', {
-      defaultMessage: '{duration} hours',
-      values: { duration: 6 },
-    }),
-    windowName: 'HIGH',
-    threshold: 6,
-    duration: 6,
-  },
-  {
-    id: htmlIdGenerator()(),
-    label: i18n.translate('xpack.slo.burnRates.fromRange.label', {
-      defaultMessage: '{duration} hours',
-      values: { duration: 24 },
-    }),
-    ariaLabel: i18n.translate('xpack.slo.burnRates.fromRange.label', {
-      defaultMessage: '{duration} hours',
-      values: { duration: 24 },
-    }),
-    windowName: 'MEDIUM',
-    threshold: 3,
-    duration: 24,
-  },
-  {
-    id: htmlIdGenerator()(),
-    ariaLabel: i18n.translate('xpack.slo.burnRates.fromRange.label', {
-      defaultMessage: '{duration} hours',
-      values: { duration: 72 },
-    }),
-    label: i18n.translate('xpack.slo.burnRates.fromRange.label', {
-      defaultMessage: '{duration} hours',
-      values: { duration: 72 },
-    }),
-    windowName: 'LOW',
-    threshold: 1,
-    duration: 72,
-  },
-];
-
-export const useBurnRateOptions = (slo: SLOWithSummaryResponse) => {
-  const { data: rules } = useFetchRulesForSlo({ sloIds: [slo.id] });
-  const burnRateOptions =
-    rules?.[slo.id]?.[0]?.params?.windows?.map((window) => ({
-      id: htmlIdGenerator()(),
-      label: i18n.translate('xpack.slo.burnRates.fromRange.label', {
-        defaultMessage: '{duration, plural, one {# hour} other {# hours}}',
-        values: { duration: window.longWindow.value },
-      }),
-      ariaLabel: i18n.translate('xpack.slo.burnRates.fromRange.label', {
-        defaultMessage: '{duration, plural, one {# hour} other {# hours}}',
-        values: { duration: window.longWindow.value },
-      }),
-      windowName: window.actionGroup,
-      threshold: window.burnRateThreshold,
-      duration: window.longWindow.value,
-    })) ?? DEFAULT_BURN_RATE_OPTIONS;
-
-  return { burnRateOptions };
-};
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slo_details/hooks/use_fetch_burn_rate_windows.ts b/x-pack/plugins/observability_solution/slo/public/pages/slo_details/hooks/use_fetch_burn_rate_windows.ts
new file mode 100644
index 0000000000000..92664f55dd653
--- /dev/null
+++ b/x-pack/plugins/observability_solution/slo/public/pages/slo_details/hooks/use_fetch_burn_rate_windows.ts
@@ -0,0 +1,67 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { SLOWithSummaryResponse } from '@kbn/slo-schema';
+import { useEffect, useState } from 'react';
+import { useFetchRulesForSlo } from '../../../hooks/use_fetch_rules_for_slo';
+import { Duration } from '../../../typings';
+
+export interface BurnRateWindow {
+  name: string;
+  threshold: number;
+  longWindow: Duration;
+  shortWindow: Duration;
+}
+
+export const DEFAULT_BURN_RATE_WINDOWS: BurnRateWindow[] = [
+  {
+    name: 'CRITICAL',
+    threshold: 14.4,
+    longWindow: { value: 1, unit: 'h' },
+    shortWindow: { value: 5, unit: 'm' },
+  },
+  {
+    name: 'HIGH',
+    threshold: 6,
+    longWindow: { value: 6, unit: 'h' },
+    shortWindow: { value: 30, unit: 'm' },
+  },
+  {
+    name: 'MEDIUM',
+    threshold: 3,
+    longWindow: { value: 24, unit: 'h' },
+    shortWindow: { value: 2, unit: 'h' },
+  },
+  {
+    name: 'LOW',
+    threshold: 1,
+    longWindow: { value: 72, unit: 'h' },
+    shortWindow: { value: 6, unit: 'h' },
+  },
+];
+
+export const useFetchBurnRateWindows = (slo: SLOWithSummaryResponse) => {
+  const sloId = slo.id;
+  const [burnRateWindows, setBurnRateWindows] =
+    useState<BurnRateWindow[]>(DEFAULT_BURN_RATE_WINDOWS);
+  const { data: rules, isLoading } = useFetchRulesForSlo({ sloIds: [sloId] });
+
+  useEffect(() => {
+    if (!isLoading && rules && rules[sloId]) {
+      setBurnRateWindows(
+        rules[sloId][0]?.params?.windows?.map((window) => ({
+          name: window.actionGroup,
+          threshold: window.burnRateThreshold,
+          longWindow: window.longWindow,
+          shortWindow: window.shortWindow,
+        })) ?? DEFAULT_BURN_RATE_WINDOWS
+      );
+    }
+  }, [rules, sloId, isLoading]);
+
+  return burnRateWindows;
+};
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slo_details/hooks/use_slo_actions.ts b/x-pack/plugins/observability_solution/slo/public/pages/slo_details/hooks/use_slo_actions.ts
index 44a6b8979ecd6..8e7be877ca02e 100644
--- a/x-pack/plugins/observability_solution/slo/public/pages/slo_details/hooks/use_slo_actions.ts
+++ b/x-pack/plugins/observability_solution/slo/public/pages/slo_details/hooks/use_slo_actions.ts
@@ -12,7 +12,7 @@ import path from 'path';
 import { paths } from '../../../../common/locators/paths';
 import { useSpace } from '../../../hooks/use_space';
 import { BurnRateRuleParams } from '../../../typings';
-import { useKibana } from '../../../utils/kibana_react';
+import { useKibana } from '../../../hooks/use_kibana';
 import {
   createRemoteSloDeleteUrl,
   createRemoteSloEditUrl,
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slo_details/hooks/use_slo_details_tabs.tsx b/x-pack/plugins/observability_solution/slo/public/pages/slo_details/hooks/use_slo_details_tabs.tsx
index 8eb954d4b5771..83acc81a68716 100644
--- a/x-pack/plugins/observability_solution/slo/public/pages/slo_details/hooks/use_slo_details_tabs.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/pages/slo_details/hooks/use_slo_details_tabs.tsx
@@ -10,7 +10,7 @@ import { EuiNotificationBadge, EuiToolTip } from '@elastic/eui';
 import React from 'react';
 import { ALL_VALUE, SLOWithSummaryResponse } from '@kbn/slo-schema';
 import { paths } from '../../../../common/locators/paths';
-import { useKibana } from '../../../utils/kibana_react';
+import { useKibana } from '../../../hooks/use_kibana';
 import { useFetchActiveAlerts } from '../../../hooks/use_fetch_active_alerts';
 import {
   ALERTS_TAB_ID,
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slo_details/slo_details.test.tsx b/x-pack/plugins/observability_solution/slo/public/pages/slo_details/slo_details.test.tsx
index eb678b8ca7418..a363fdccb16f8 100644
--- a/x-pack/plugins/observability_solution/slo/public/pages/slo_details/slo_details.test.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/pages/slo_details/slo_details.test.tsx
@@ -30,7 +30,7 @@ import { useFetchHistoricalSummary } from '../../hooks/use_fetch_historical_summ
 import { useFetchSloDetails } from '../../hooks/use_fetch_slo_details';
 import { useLicense } from '../../hooks/use_license';
 import { usePermissions } from '../../hooks/use_permissions';
-import { useKibana } from '../../utils/kibana_react';
+import { useKibana } from '../../hooks/use_kibana';
 import { render } from '../../utils/test_helper';
 import { SloDetailsPage } from './slo_details';
 import { usePerformanceContext } from '@kbn/ebt-tools';
@@ -41,7 +41,7 @@ jest.mock('react-router-dom', () => ({
 }));
 
 jest.mock('@kbn/observability-shared-plugin/public');
-jest.mock('../../utils/kibana_react');
+jest.mock('../../hooks/use_kibana');
 jest.mock('../../hooks/use_license');
 jest.mock('../../hooks/use_permissions');
 jest.mock('../../hooks/use_fetch_active_alerts');
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slo_details/slo_details.tsx b/x-pack/plugins/observability_solution/slo/public/pages/slo_details/slo_details.tsx
index 9a32c150e1b8c..38f65bb341070 100644
--- a/x-pack/plugins/observability_solution/slo/public/pages/slo_details/slo_details.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/pages/slo_details/slo_details.tsx
@@ -24,7 +24,7 @@ import { useFetchSloDetails } from '../../hooks/use_fetch_slo_details';
 import { useLicense } from '../../hooks/use_license';
 import { usePermissions } from '../../hooks/use_permissions';
 import { usePluginContext } from '../../hooks/use_plugin_context';
-import { useKibana } from '../../utils/kibana_react';
+import { useKibana } from '../../hooks/use_kibana';
 import PageNotFound from '../404';
 import { HeaderControl } from './components/header_control';
 import { HeaderTitle } from './components/header_title';
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/components/common/data_preview_chart.tsx b/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/components/common/data_preview_chart.tsx
index e797c4d5d3b3d..60d464b1f0503 100644
--- a/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/components/common/data_preview_chart.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/components/common/data_preview_chart.tsx
@@ -37,7 +37,7 @@ import { max, min } from 'lodash';
 import moment from 'moment';
 import React, { useState } from 'react';
 import { useFormContext } from 'react-hook-form';
-import { useKibana } from '../../../../utils/kibana_react';
+import { useKibana } from '../../../../hooks/use_kibana';
 import { GoodBadEventsChart } from '../../../../components/good_bad_events_chart/good_bad_events_chart';
 import { useDebouncedGetPreviewData } from '../../hooks/use_preview';
 import { useSectionFormValidation } from '../../hooks/use_section_form_validation';
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/components/common/documents_table.tsx b/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/components/common/documents_table.tsx
index ed250da853f9e..546b443aa23c7 100644
--- a/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/components/common/documents_table.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/components/common/documents_table.tsx
@@ -16,7 +16,7 @@ import { EuiResizableContainer, EuiProgress, EuiCallOut, EuiSpacer } from '@elas
 import { buildFilter, FILTERS, TimeRange } from '@kbn/es-query';
 import { FieldPath, useFormContext } from 'react-hook-form';
 import { Serializable } from '@kbn/utility-types';
-import { useKibana } from '../../../../utils/kibana_react';
+import { useKibana } from '../../../../hooks/use_kibana';
 import { CreateSLOForm } from '../../types';
 import { QuerySearchBar } from './query_search_bar';
 import { SearchBarProps } from './query_builder';
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/components/common/query_search_bar.tsx b/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/components/common/query_search_bar.tsx
index 394d8c303e953..e7e61adfc1cc5 100644
--- a/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/components/common/query_search_bar.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/components/common/query_search_bar.tsx
@@ -13,7 +13,7 @@ import React, { memo } from 'react';
 import styled from 'styled-components';
 import { observabilityAppId } from '@kbn/observability-shared-plugin/common';
 import { SearchBarProps } from './query_builder';
-import { useKibana } from '../../../../utils/kibana_react';
+import { useKibana } from '../../../../hooks/use_kibana';
 import { CreateSLOForm } from '../../types';
 import { OptionalText } from './optional_text';
 
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/components/common/slo_inspect/req_code_viewer.tsx b/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/components/common/slo_inspect/req_code_viewer.tsx
index f160dc0aa33c0..451997319a03d 100644
--- a/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/components/common/slo_inspect/req_code_viewer.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/components/common/slo_inspect/req_code_viewer.tsx
@@ -13,7 +13,7 @@ import { XJsonLang } from '@kbn/monaco';
 import React, { ReactNode, useCallback } from 'react';
 import { CodeEditor } from '@kbn/code-editor';
 import { compressToEncodedURIComponent } from 'lz-string';
-import { useKibana } from '../../../../../utils/kibana_react';
+import { useKibana } from '../../../../../hooks/use_kibana';
 
 interface RequestCodeViewerProps {
   value: string;
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/components/common/slo_inspect/slo_inspect.tsx b/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/components/common/slo_inspect/slo_inspect.tsx
index 18d0d966c1ac0..1b4a49bc81894 100644
--- a/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/components/common/slo_inspect/slo_inspect.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/components/common/slo_inspect/slo_inspect.tsx
@@ -27,7 +27,7 @@ import { GetSLOResponse } from '@kbn/slo-schema';
 import React, { useState } from 'react';
 import { useFormContext } from 'react-hook-form';
 import { enableInspectEsQueries } from '@kbn/observability-plugin/common';
-import { useKibana } from '../../../../../utils/kibana_react';
+import { useKibana } from '../../../../../hooks/use_kibana';
 import { useFetchSloInspect } from '../../../../../hooks/use_fetch_slo_inspect';
 import { usePluginContext } from '../../../../../hooks/use_plugin_context';
 import { transformCreateSLOFormToCreateSLOInput } from '../../../helpers/process_slo_form_values';
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/components/common/use_field_sidebar.tsx b/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/components/common/use_field_sidebar.tsx
index 71d6ab00a77af..37467eb33c272 100644
--- a/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/components/common/use_field_sidebar.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/components/common/use_field_sidebar.tsx
@@ -8,7 +8,7 @@
 import React, { useMemo, SetStateAction } from 'react';
 import { UnifiedFieldListSidebarContainer } from '@kbn/unified-field-list';
 import { DataView } from '@kbn/data-views-plugin/common';
-import { useKibana } from '../../../../utils/kibana_react';
+import { useKibana } from '../../../../hooks/use_kibana';
 
 export const useFieldSidebar = ({
   dataView,
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/components/custom_common/index_selection.tsx b/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/components/custom_common/index_selection.tsx
index 7332c94103c7e..146d11be84ac8 100644
--- a/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/components/custom_common/index_selection.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/components/custom_common/index_selection.tsx
@@ -12,8 +12,8 @@ import React, { useEffect } from 'react';
 import { Controller, useFormContext } from 'react-hook-form';
 import { DataViewPicker } from '@kbn/unified-search-plugin/public';
 import { getDataViewPattern, useAdhocDataViews } from './use_adhoc_data_views';
-import { SloPublicPluginsStart } from '../../../..';
-import { useKibana } from '../../../../utils/kibana_react';
+import { SLOPublicPluginsStart } from '../../../..';
+import { useKibana } from '../../../../hooks/use_kibana';
 import { CreateSLOForm } from '../../types';
 
 const BTN_MAX_WIDTH = 515;
@@ -26,7 +26,7 @@ export function IndexSelection({ selectedDataView }: { selectedDataView?: DataVi
   const { control, getFieldState, setValue, watch } = useFormContext<CreateSLOForm>();
   const { dataViews: dataViewsService, dataViewFieldEditor } = useKibana().services;
 
-  const { dataViewEditor } = useKibana<SloPublicPluginsStart>().services;
+  const { dataViewEditor } = useKibana<SLOPublicPluginsStart>().services;
 
   const currentIndexPattern = watch(INDEX_FIELD);
   const currentDataViewId = watch(DATA_VIEW_FIELD);
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/components/custom_common/use_adhoc_data_views.ts b/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/components/custom_common/use_adhoc_data_views.ts
index 6c8288df6b9d9..67792b056408d 100644
--- a/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/components/custom_common/use_adhoc_data_views.ts
+++ b/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/components/custom_common/use_adhoc_data_views.ts
@@ -8,7 +8,7 @@
 import { useEffect, useState } from 'react';
 import { DataView, DataViewListItem } from '@kbn/data-views-plugin/common';
 import { useFetchDataViews } from '@kbn/observability-plugin/public';
-import { useKibana } from '../../../../utils/kibana_react';
+import { useKibana } from '../../../../hooks/use_kibana';
 
 export const getDataViewPattern = ({
   byId,
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/components/slo_edit_form_footer.tsx b/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/components/slo_edit_form_footer.tsx
index 29150231046d1..ab0c7ff235fbf 100644
--- a/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/components/slo_edit_form_footer.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/components/slo_edit_form_footer.tsx
@@ -12,7 +12,7 @@ import React, { useCallback, useMemo } from 'react';
 import { useFormContext } from 'react-hook-form';
 import { InPortal } from 'react-reverse-portal';
 import { useCreateRule } from '../../../hooks/use_create_burn_rate_rule';
-import { useKibana } from '../../../utils/kibana_react';
+import { useKibana } from '../../../hooks/use_kibana';
 import { sloEditFormFooterPortal } from '../shared_flyout/slo_add_form_flyout';
 import { paths } from '../../../../common/locators/paths';
 import { useCreateSlo } from '../../../hooks/use_create_slo';
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/components/synthetics_common/field_selector.tsx b/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/components/synthetics_common/field_selector.tsx
index 5bc77b186f960..1fea21a322c72 100644
--- a/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/components/synthetics_common/field_selector.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/components/synthetics_common/field_selector.tsx
@@ -120,7 +120,6 @@ export function FieldSelector({
                   ? (field.value as Array<{ value: string; label: string }>).map((value) => ({
                       value: value.value,
                       label: value.label,
-                      'data-test-subj': `${dataTestSubj}SelectedValue`,
                     }))
                   : []
               }
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/components/timeslice_metric/timeslice_metric_indicator.tsx b/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/components/timeslice_metric/timeslice_metric_indicator.tsx
index 548f0bd0ab3e5..86eede0ba65e2 100644
--- a/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/components/timeslice_metric/timeslice_metric_indicator.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/components/timeslice_metric/timeslice_metric_indicator.tsx
@@ -19,7 +19,7 @@ import { FormattedMessage } from '@kbn/i18n-react';
 import React from 'react';
 import { useFormContext } from 'react-hook-form';
 import { IndexAndTimestampField } from '../custom_common/index_and_timestamp_field';
-import { useKibana } from '../../../../utils/kibana_react';
+import { useKibana } from '../../../../hooks/use_kibana';
 import { GroupByField } from '../common/group_by_field';
 import { CreateSLOForm } from '../../types';
 import { DataPreviewChart } from '../common/data_preview_chart';
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/hooks/use_fetch_suggestions.ts b/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/hooks/use_fetch_suggestions.ts
index ff9ebffa72f56..4cfe886b17b69 100644
--- a/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/hooks/use_fetch_suggestions.ts
+++ b/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/hooks/use_fetch_suggestions.ts
@@ -6,22 +6,18 @@
  */
 
 import { useQuery } from '@tanstack/react-query';
-import { GetSLOSuggestionsResponse } from '@kbn/slo-schema';
-import { useKibana } from '../../../utils/kibana_react';
+import { usePluginContext } from '../../../hooks/use_plugin_context';
 
 export function useFetchSLOSuggestions() {
-  const { http } = useKibana().services;
+  const { sloClient } = usePluginContext();
 
   const { isLoading, isError, isSuccess, data } = useQuery({
     queryKey: ['fetchSLOSuggestions'],
     queryFn: async ({ signal }) => {
       try {
-        return await http.get<GetSLOSuggestionsResponse>(
-          '/internal/observability/slos/suggestions',
-          {
-            signal,
-          }
-        );
+        return await sloClient.fetch('GET /internal/observability/slos/suggestions', {
+          signal,
+        });
       } catch (error) {
         // ignore error
       }
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/shared_flyout/slo_add_form_flyout.tsx b/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/shared_flyout/slo_add_form_flyout.tsx
index c3b51a0058fed..98c76b190aa1a 100644
--- a/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/shared_flyout/slo_add_form_flyout.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/shared_flyout/slo_add_form_flyout.tsx
@@ -4,19 +4,20 @@
  * 2.0; you may not use this file except in compliance with the Elastic License
  * 2.0.
  */
-import { FormattedMessage } from '@kbn/i18n-react';
 
-import React from 'react';
-import { EuiTitle, EuiFlyoutHeader, EuiFlyout, EuiFlyoutBody, EuiFlyoutFooter } from '@elastic/eui';
+import { EuiFlyout, EuiFlyoutBody, EuiFlyoutFooter, EuiFlyoutHeader, EuiTitle } from '@elastic/eui';
+import { FormattedMessage } from '@kbn/i18n-react';
 import { RecursivePartial } from '@kbn/utility-types';
 import { merge } from 'lodash';
-import { createHtmlPortalNode, OutPortal } from 'react-reverse-portal';
-import { CreateSLOForm } from '../types';
+import React from 'react';
+import { OutPortal, createHtmlPortalNode } from 'react-reverse-portal';
 import { SloEditForm } from '../components/slo_edit_form';
+import { CreateSLOForm } from '../types';
 
 export const sloEditFormFooterPortal = createHtmlPortalNode();
 
-function SloAddFormFlyout({
+// eslint-disable-next-line import/no-default-export
+export default function SloAddFormFlyout({
   onClose,
   initialValues,
 }: {
@@ -69,6 +70,3 @@ function SloAddFormFlyout({
     </EuiFlyout>
   );
 }
-
-// eslint-disable-next-line import/no-default-export
-export default SloAddFormFlyout;
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/shared_flyout/slo_form.tsx b/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/shared_flyout/slo_form.tsx
deleted file mode 100644
index 8c105e6159797..0000000000000
--- a/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/shared_flyout/slo_form.tsx
+++ /dev/null
@@ -1,36 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { lazy } from 'react';
-import React, { Suspense } from 'react';
-import { EuiFlexGroup, EuiFlexItem, EuiLoadingSpinner, EuiLoadingSpinnerProps } from '@elastic/eui';
-
-function CenterJustifiedSpinner({ size }: { size: EuiLoadingSpinnerProps['size'] }) {
-  return (
-    <EuiFlexGroup data-test-subj="centerJustifiedSpinner" justifyContent="center">
-      <EuiFlexItem grow={false}>
-        <EuiLoadingSpinner size={size || 'xl'} />
-      </EuiFlexItem>
-    </EuiFlexGroup>
-  );
-}
-
-function suspendedComponentWithProps<T = unknown>(
-  ComponentToSuspend: React.ComponentType<T>,
-  size?: EuiLoadingSpinnerProps['size']
-) {
-  return (props: T) => (
-    <Suspense fallback={<CenterJustifiedSpinner size={size ?? 'm'} />}>
-      {/* @ts-expect-error upgrade typescript v4.9.5 */}
-      <ComponentToSuspend {...props} />
-    </Suspense>
-  );
-}
-
-export const SloAddFormFlyout = suspendedComponentWithProps(
-  lazy(() => import('./slo_add_form_flyout'))
-);
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/slo_edit.test.tsx b/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/slo_edit.test.tsx
index f5acb4e964f08..abc60d6a00352 100644
--- a/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/slo_edit.test.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/slo_edit.test.tsx
@@ -25,7 +25,7 @@ import { useFetchSloDetails } from '../../hooks/use_fetch_slo_details';
 import { usePermissions } from '../../hooks/use_permissions';
 import { useCreateRule } from '../../hooks/use_create_burn_rate_rule';
 import { useUpdateSlo } from '../../hooks/use_update_slo';
-import { useKibana } from '../../utils/kibana_react';
+import { useKibana } from '../../hooks/use_kibana';
 import { kibanaStartMock } from '../../utils/kibana_react.mock';
 import { render } from '../../utils/test_helper';
 import { SLO_EDIT_FORM_DEFAULT_VALUES } from './constants';
@@ -49,7 +49,7 @@ jest.mock('../../hooks/use_create_burn_rate_rule');
 
 const mockUseKibanaReturnValue = kibanaStartMock.startContract();
 
-jest.mock('../../utils/kibana_react', () => ({
+jest.mock('../../hooks/use_kibana', () => ({
   useKibana: jest.fn(() => mockUseKibanaReturnValue),
 }));
 
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/slo_edit.tsx b/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/slo_edit.tsx
index 7dcce93c0d003..b014bdb1d6dec 100644
--- a/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/slo_edit.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/slo_edit.tsx
@@ -15,7 +15,7 @@ import { useFetchSloDetails } from '../../hooks/use_fetch_slo_details';
 import { useLicense } from '../../hooks/use_license';
 import { usePermissions } from '../../hooks/use_permissions';
 import { usePluginContext } from '../../hooks/use_plugin_context';
-import { useKibana } from '../../utils/kibana_react';
+import { useKibana } from '../../hooks/use_kibana';
 import { SloEditForm } from './components/slo_edit_form';
 
 export function SloEditPage() {
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slo_outdated_definitions/index.tsx b/x-pack/plugins/observability_solution/slo/public/pages/slo_outdated_definitions/index.tsx
index 5a35061b464e5..edd26e579b2a1 100644
--- a/x-pack/plugins/observability_solution/slo/public/pages/slo_outdated_definitions/index.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/pages/slo_outdated_definitions/index.tsx
@@ -15,7 +15,7 @@ import { useFetchSloDefinitions } from '../../hooks/use_fetch_slo_definitions';
 import { useLicense } from '../../hooks/use_license';
 import { usePermissions } from '../../hooks/use_permissions';
 import { usePluginContext } from '../../hooks/use_plugin_context';
-import { useKibana } from '../../utils/kibana_react';
+import { useKibana } from '../../hooks/use_kibana';
 import { SloListEmpty } from '../slos/components/slo_list_empty';
 import { OutdatedSlo } from './outdated_slo';
 import { OutdatedSloSearchBar } from './outdated_slo_search_bar';
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slo_settings/use_get_settings.ts b/x-pack/plugins/observability_solution/slo/public/pages/slo_settings/hooks/use_get_settings.ts
similarity index 75%
rename from x-pack/plugins/observability_solution/slo/public/pages/slo_settings/use_get_settings.ts
rename to x-pack/plugins/observability_solution/slo/public/pages/slo_settings/hooks/use_get_settings.ts
index 88d38bc7f936d..eb8d9642790cd 100644
--- a/x-pack/plugins/observability_solution/slo/public/pages/slo_settings/use_get_settings.ts
+++ b/x-pack/plugins/observability_solution/slo/public/pages/slo_settings/hooks/use_get_settings.ts
@@ -7,16 +7,16 @@
 
 import { GetSLOSettingsResponse } from '@kbn/slo-schema';
 import { useQuery } from '@tanstack/react-query';
-import { DEFAULT_STALE_SLO_THRESHOLD_HOURS } from '../../../common/constants';
-import { useKibana } from '../../utils/kibana_react';
+import { DEFAULT_STALE_SLO_THRESHOLD_HOURS } from '../../../../common/constants';
+import { usePluginContext } from '../../../hooks/use_plugin_context';
 
 export const useGetSettings = () => {
-  const { http } = useKibana().services;
+  const { sloClient } = usePluginContext();
   const { isLoading, data } = useQuery({
     queryKey: ['getSloSettings'],
     queryFn: async ({ signal }) => {
       try {
-        return http.get<GetSLOSettingsResponse>('/internal/slo/settings', { signal });
+        return await sloClient.fetch('GET /internal/slo/settings', { signal });
       } catch (error) {
         return defaultSettings;
       }
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slo_settings/use_put_slo_settings.tsx b/x-pack/plugins/observability_solution/slo/public/pages/slo_settings/hooks/use_put_slo_settings.tsx
similarity index 81%
rename from x-pack/plugins/observability_solution/slo/public/pages/slo_settings/use_put_slo_settings.tsx
rename to x-pack/plugins/observability_solution/slo/public/pages/slo_settings/hooks/use_put_slo_settings.tsx
index 48c9a54eea295..e62204d0abb6d 100644
--- a/x-pack/plugins/observability_solution/slo/public/pages/slo_settings/use_put_slo_settings.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/pages/slo_settings/hooks/use_put_slo_settings.tsx
@@ -9,8 +9,9 @@ import { IHttpFetchError, ResponseErrorBody } from '@kbn/core/public';
 import { i18n } from '@kbn/i18n';
 import { PutSLOSettingsParams, PutSLOSettingsResponse } from '@kbn/slo-schema';
 import { useMutation } from '@tanstack/react-query';
-import { paths } from '../../../common/locators/paths';
-import { useKibana } from '../../utils/kibana_react';
+import { paths } from '../../../../common/locators/paths';
+import { usePluginContext } from '../../../hooks/use_plugin_context';
+import { useKibana } from '../../../hooks/use_kibana';
 
 type ServerError = IHttpFetchError<ResponseErrorBody>;
 
@@ -20,12 +21,14 @@ export function usePutSloSettings() {
     http,
     notifications: { toasts },
   } = useKibana().services;
+  const { sloClient } = usePluginContext();
 
   return useMutation<PutSLOSettingsResponse, ServerError, { settings: PutSLOSettingsParams }>(
     ['putSloSettings'],
     ({ settings }) => {
-      const body = JSON.stringify(settings);
-      return http.put<PutSLOSettingsResponse>(`/internal/slo/settings`, { body });
+      return sloClient.fetch(`PUT /internal/slo/settings`, {
+        params: { body: settings },
+      });
     },
     {
       onSuccess: (data, { settings }) => {
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slo_settings/settings_form.tsx b/x-pack/plugins/observability_solution/slo/public/pages/slo_settings/settings_form.tsx
index 895ca2c0f8e2b..c6910bf53810d 100644
--- a/x-pack/plugins/observability_solution/slo/public/pages/slo_settings/settings_form.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/pages/slo_settings/settings_form.tsx
@@ -7,25 +7,25 @@
 import { i18n } from '@kbn/i18n';
 
 import {
-  EuiForm,
-  EuiFormRow,
-  EuiSwitch,
-  EuiDescribedFormGroup,
+  EuiButton,
+  EuiButtonEmpty,
   EuiComboBox,
+  EuiDescribedFormGroup,
+  EuiFieldNumber,
   EuiFlexGroup,
   EuiFlexItem,
-  EuiButtonEmpty,
-  EuiButton,
+  EuiForm,
+  EuiFormRow,
   EuiSpacer,
-  EuiFieldNumber,
+  EuiSwitch,
 } from '@elastic/eui';
-import React, { useEffect, useState } from 'react';
-import { useFetcher } from '@kbn/observability-shared-plugin/public';
 import { useKibana } from '@kbn/kibana-react-plugin/public';
+import { useFetcher } from '@kbn/observability-shared-plugin/public';
 import { isEqual } from 'lodash';
+import React, { useEffect, useState } from 'react';
 import { DEFAULT_STALE_SLO_THRESHOLD_HOURS } from '../../../common/constants';
-import { useGetSettings } from './use_get_settings';
-import { usePutSloSettings } from './use_put_slo_settings';
+import { useGetSettings } from './hooks/use_get_settings';
+import { usePutSloSettings } from './hooks/use_put_slo_settings';
 
 export function SettingsForm() {
   const [useAllRemoteClusters, setUseAllRemoteClusters] = useState(false);
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slo_settings/slo_settings.tsx b/x-pack/plugins/observability_solution/slo/public/pages/slo_settings/slo_settings.tsx
index ca41c7561fb46..5c3ae879058ce 100644
--- a/x-pack/plugins/observability_solution/slo/public/pages/slo_settings/slo_settings.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/pages/slo_settings/slo_settings.tsx
@@ -8,7 +8,7 @@ import { i18n } from '@kbn/i18n';
 import React from 'react';
 import { useBreadcrumbs } from '@kbn/observability-shared-plugin/public';
 import { SettingsForm } from './settings_form';
-import { useKibana } from '../../utils/kibana_react';
+import { useKibana } from '../../hooks/use_kibana';
 import { usePluginContext } from '../../hooks/use_plugin_context';
 import { paths } from '../../../common/locators/paths';
 import { HeaderMenu } from '../../components/header_menu/header_menu';
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slos/components/badges/slo_indicator_type_badge.tsx b/x-pack/plugins/observability_solution/slo/public/pages/slos/components/badges/slo_indicator_type_badge.tsx
index a721499e9ef01..e8368f96a6d34 100644
--- a/x-pack/plugins/observability_solution/slo/public/pages/slos/components/badges/slo_indicator_type_badge.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/pages/slos/components/badges/slo_indicator_type_badge.tsx
@@ -17,7 +17,7 @@ import { euiLightVars } from '@kbn/ui-theme';
 import React, { MouseEvent } from 'react';
 import { useRouteMatch } from 'react-router-dom';
 import { SLOS_PATH } from '../../../../../common/locators/paths';
-import { useKibana } from '../../../../utils/kibana_react';
+import { useKibana } from '../../../../hooks/use_kibana';
 import { convertSliApmParamsToApmAppDeeplinkUrl } from '../../../../utils/slo/convert_sli_apm_params_to_apm_app_deeplink_url';
 import { toIndicatorTypeLabel } from '../../../../utils/slo/labels';
 import { useUrlSearchState } from '../../hooks/use_url_search_state';
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slos/components/card_view/slo_card_item.tsx b/x-pack/plugins/observability_solution/slo/public/pages/slos/components/card_view/slo_card_item.tsx
index fe274cdabd6a7..7800337be79ae 100644
--- a/x-pack/plugins/observability_solution/slo/public/pages/slos/components/card_view/slo_card_item.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/pages/slos/components/card_view/slo_card_item.tsx
@@ -22,7 +22,7 @@ import { SloDeleteModal } from '../../../../components/slo/delete_confirmation_m
 import { SloResetConfirmationModal } from '../../../../components/slo/reset_confirmation_modal/slo_reset_confirmation_modal';
 import { useResetSlo } from '../../../../hooks/use_reset_slo';
 import { BurnRateRuleParams } from '../../../../typings';
-import { useKibana } from '../../../../utils/kibana_react';
+import { useKibana } from '../../../../hooks/use_kibana';
 import { formatHistoricalData } from '../../../../utils/slo/chart_data_formatter';
 import { useSloListActions } from '../../hooks/use_slo_list_actions';
 import { useSloFormattedSummary } from '../../hooks/use_slo_summary';
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slos/components/common/burn_rate_rule_flyout.tsx b/x-pack/plugins/observability_solution/slo/public/pages/slos/components/common/burn_rate_rule_flyout.tsx
index 609e4d02cd19a..f8e6890483404 100644
--- a/x-pack/plugins/observability_solution/slo/public/pages/slos/components/common/burn_rate_rule_flyout.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/pages/slos/components/common/burn_rate_rule_flyout.tsx
@@ -11,7 +11,7 @@ import { useQueryClient } from '@tanstack/react-query';
 import { SLO_BURN_RATE_RULE_TYPE_ID } from '@kbn/rule-data-utils';
 import { sloFeatureId } from '@kbn/observability-plugin/common';
 import { useGetFilteredRuleTypes } from '../../../../hooks/use_get_filtered_rule_types';
-import { useKibana } from '../../../../utils/kibana_react';
+import { useKibana } from '../../../../hooks/use_kibana';
 import { paths } from '../../../../../common/locators/paths';
 import { sloKeys } from '../../../../hooks/query_key_factory';
 
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slos/components/common/create_slo_btn.tsx b/x-pack/plugins/observability_solution/slo/public/pages/slos/components/common/create_slo_btn.tsx
index 7add8debe165b..843ae5f268f49 100644
--- a/x-pack/plugins/observability_solution/slo/public/pages/slos/components/common/create_slo_btn.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/pages/slos/components/common/create_slo_btn.tsx
@@ -8,7 +8,7 @@
 import { EuiButton } from '@elastic/eui';
 import { i18n } from '@kbn/i18n';
 import React from 'react';
-import { useKibana } from '../../../../utils/kibana_react';
+import { useKibana } from '../../../../hooks/use_kibana';
 import { paths } from '../../../../../common/locators/paths';
 import { usePermissions } from '../../../../hooks/use_permissions';
 
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slos/components/common/edit_burn_rate_rule_flyout.tsx b/x-pack/plugins/observability_solution/slo/public/pages/slos/components/common/edit_burn_rate_rule_flyout.tsx
index 1a8577e4a83fe..89701b0922f87 100644
--- a/x-pack/plugins/observability_solution/slo/public/pages/slos/components/common/edit_burn_rate_rule_flyout.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/pages/slos/components/common/edit_burn_rate_rule_flyout.tsx
@@ -7,7 +7,7 @@
 
 import React from 'react';
 import { Rule } from '@kbn/triggers-actions-ui-plugin/public';
-import { useKibana } from '../../../../utils/kibana_react';
+import { useKibana } from '../../../../hooks/use_kibana';
 import { BurnRateRuleParams } from '../../../../typings';
 
 export function EditBurnRateRuleFlyout({
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slos/components/compact_view/slo_list_compact_view.tsx b/x-pack/plugins/observability_solution/slo/public/pages/slos/components/compact_view/slo_list_compact_view.tsx
index 0d556c0546e1f..03fbb0174f303 100644
--- a/x-pack/plugins/observability_solution/slo/public/pages/slos/components/compact_view/slo_list_compact_view.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/pages/slos/components/compact_view/slo_list_compact_view.tsx
@@ -36,7 +36,7 @@ import { useGetFilteredRuleTypes } from '../../../../hooks/use_get_filtered_rule
 import { usePermissions } from '../../../../hooks/use_permissions';
 import { useResetSlo } from '../../../../hooks/use_reset_slo';
 import { useSpace } from '../../../../hooks/use_space';
-import { useKibana } from '../../../../utils/kibana_react';
+import { useKibana } from '../../../../hooks/use_kibana';
 import { formatHistoricalData } from '../../../../utils/slo/chart_data_formatter';
 import {
   createRemoteSloDeleteUrl,
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slos/components/grouped_slos/group_list_view.tsx b/x-pack/plugins/observability_solution/slo/public/pages/slos/components/grouped_slos/group_list_view.tsx
index 8342c9aa5976b..a433b57073e3b 100644
--- a/x-pack/plugins/observability_solution/slo/public/pages/slos/components/grouped_slos/group_list_view.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/pages/slos/components/grouped_slos/group_list_view.tsx
@@ -26,7 +26,7 @@ import { GroupSummary } from '@kbn/slo-schema';
 import React, { memo, useState } from 'react';
 import { paths } from '../../../../../common/locators/paths';
 import { useFetchSloList } from '../../../../hooks/use_fetch_slo_list';
-import { useKibana } from '../../../../utils/kibana_react';
+import { useKibana } from '../../../../hooks/use_kibana';
 import { useSloFormattedSLIValue } from '../../hooks/use_slo_summary';
 import type { SortDirection, SortField } from '../../hooks/use_url_search_state';
 import { SlosView } from '../slos_view';
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slos/components/health_callout/health_callout.tsx b/x-pack/plugins/observability_solution/slo/public/pages/slos/components/health_callout/health_callout.tsx
index ce956b00a8170..c4befdfe6b92f 100644
--- a/x-pack/plugins/observability_solution/slo/public/pages/slos/components/health_callout/health_callout.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/pages/slos/components/health_callout/health_callout.tsx
@@ -20,7 +20,7 @@ import { SLOWithSummaryResponse } from '@kbn/slo-schema';
 import React, { useState } from 'react';
 import { getSLOSummaryTransformId, getSLOTransformId } from '../../../../../common/constants';
 import { useFetchSloHealth } from '../../../../hooks/use_fetch_slo_health';
-import { useKibana } from '../../../../utils/kibana_react';
+import { useKibana } from '../../../../hooks/use_kibana';
 
 const CALLOUT_SESSION_STORAGE_KEY = 'slo_health_callout_hidden';
 
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slos/components/slo_item_actions.tsx b/x-pack/plugins/observability_solution/slo/public/pages/slos/components/slo_item_actions.tsx
index 1332a78c1e484..1a99f8ff354d9 100644
--- a/x-pack/plugins/observability_solution/slo/public/pages/slos/components/slo_item_actions.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/pages/slos/components/slo_item_actions.tsx
@@ -22,7 +22,7 @@ import styled from 'styled-components';
 import { usePermissions } from '../../../hooks/use_permissions';
 import { useCloneSlo } from '../../../hooks/use_clone_slo';
 import { BurnRateRuleParams } from '../../../typings';
-import { useKibana } from '../../../utils/kibana_react';
+import { useKibana } from '../../../hooks/use_kibana';
 import { useSloActions } from '../../slo_details/hooks/use_slo_actions';
 
 interface Props {
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slos/components/slo_list.tsx b/x-pack/plugins/observability_solution/slo/public/pages/slos/components/slo_list.tsx
index 0fad1e96975ea..f0fec063ad23e 100644
--- a/x-pack/plugins/observability_solution/slo/public/pages/slos/components/slo_list.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/pages/slos/components/slo_list.tsx
@@ -13,7 +13,7 @@ import dedent from 'dedent';
 import { groupBy as _groupBy, mapValues } from 'lodash';
 import React, { useEffect } from 'react';
 import { useFetchSloList } from '../../../hooks/use_fetch_slo_list';
-import { useKibana } from '../../../utils/kibana_react';
+import { useKibana } from '../../../hooks/use_kibana';
 import { useUrlSearchState } from '../hooks/use_url_search_state';
 import { GroupView } from './grouped_slos/group_view';
 import { ToggleSLOView } from './toggle_slo_view';
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slos/components/slo_list_group_by.tsx b/x-pack/plugins/observability_solution/slo/public/pages/slos/components/slo_list_group_by.tsx
index d7175553fd178..7223f91d49519 100644
--- a/x-pack/plugins/observability_solution/slo/public/pages/slos/components/slo_list_group_by.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/pages/slos/components/slo_list_group_by.tsx
@@ -8,7 +8,7 @@ import { EuiPanel, EuiSelectableOption, EuiText } from '@elastic/eui';
 import { EuiSelectableOptionCheckedType } from '@elastic/eui/src/components/selectable/selectable_option';
 import { i18n } from '@kbn/i18n';
 import React, { useState } from 'react';
-import { useGetSettings } from '../../slo_settings/use_get_settings';
+import { useGetSettings } from '../../slo_settings/hooks/use_get_settings';
 import type { SearchState } from '../hooks/use_url_search_state';
 import type { Option } from './slo_context_menu';
 import { ContextMenuItem, SLOContextMenu } from './slo_context_menu';
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slos/components/slo_list_search_bar.tsx b/x-pack/plugins/observability_solution/slo/public/pages/slos/components/slo_list_search_bar.tsx
index 69cc895121d01..16c635a2da20c 100644
--- a/x-pack/plugins/observability_solution/slo/public/pages/slos/components/slo_list_search_bar.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/pages/slos/components/slo_list_search_bar.tsx
@@ -10,7 +10,7 @@ import { i18n } from '@kbn/i18n';
 import { observabilityAppId } from '@kbn/observability-plugin/public';
 import React, { useEffect } from 'react';
 import styled from 'styled-components';
-import { useKibana } from '../../../utils/kibana_react';
+import { useKibana } from '../../../hooks/use_kibana';
 import { useSloCrudLoading } from '../hooks/use_crud_loading';
 import { useSloSummaryDataView } from '../hooks/use_summary_dataview';
 import { useUrlSearchState } from '../hooks/use_url_search_state';
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slos/components/slo_sparkline.tsx b/x-pack/plugins/observability_solution/slo/public/pages/slos/components/slo_sparkline.tsx
index d00152e425dfd..1315e2b6c829a 100644
--- a/x-pack/plugins/observability_solution/slo/public/pages/slos/components/slo_sparkline.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/pages/slos/components/slo_sparkline.tsx
@@ -20,7 +20,7 @@ import React from 'react';
 import { EuiLoadingChart, useEuiTheme } from '@elastic/eui';
 
 import { i18n } from '@kbn/i18n';
-import { useKibana } from '../../../utils/kibana_react';
+import { useKibana } from '../../../hooks/use_kibana';
 
 interface Data {
   key: number;
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slos/components/slos_overview/slo_overview_alerts.tsx b/x-pack/plugins/observability_solution/slo/public/pages/slos/components/slos_overview/slo_overview_alerts.tsx
index 808c9096a3793..9fba8b59bef4a 100644
--- a/x-pack/plugins/observability_solution/slo/public/pages/slos/components/slos_overview/slo_overview_alerts.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/pages/slos/components/slos_overview/slo_overview_alerts.tsx
@@ -11,7 +11,7 @@ import React from 'react';
 import { GetOverviewResponse } from '@kbn/slo-schema/src/rest_specs/routes/get_overview';
 import { rulesLocatorID, RulesParams } from '@kbn/observability-plugin/public';
 import { useAlertsUrl } from '../../../../hooks/use_alerts_url';
-import { useKibana } from '../../../../utils/kibana_react';
+import { useKibana } from '../../../../hooks/use_kibana';
 import { OverViewItem } from './overview_item';
 
 export function SLOOverviewAlerts({
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slos/components/slos_overview/slos_overview.tsx b/x-pack/plugins/observability_solution/slo/public/pages/slos/components/slos_overview/slos_overview.tsx
index ab551637a6f25..42c0d199db788 100644
--- a/x-pack/plugins/observability_solution/slo/public/pages/slos/components/slos_overview/slos_overview.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/pages/slos/components/slos_overview/slos_overview.tsx
@@ -17,7 +17,7 @@ import React from 'react';
 import { i18n } from '@kbn/i18n';
 import { DEFAULT_STALE_SLO_THRESHOLD_HOURS } from '../../../../../common/constants';
 import { SLOOverviewAlerts } from './slo_overview_alerts';
-import { useGetSettings } from '../../../slo_settings/use_get_settings';
+import { useGetSettings } from '../../../slo_settings/hooks/use_get_settings';
 import { useFetchSLOsOverview } from '../../hooks/use_fetch_slos_overview';
 import { useUrlSearchState } from '../../hooks/use_url_search_state';
 import { OverViewItem } from './overview_item';
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slos/hooks/use_fetch_slos_overview.ts b/x-pack/plugins/observability_solution/slo/public/pages/slos/hooks/use_fetch_slos_overview.ts
index 783c23d49a42b..1e9246d97f795 100644
--- a/x-pack/plugins/observability_solution/slo/public/pages/slos/hooks/use_fetch_slos_overview.ts
+++ b/x-pack/plugins/observability_solution/slo/public/pages/slos/hooks/use_fetch_slos_overview.ts
@@ -4,15 +4,16 @@
  * 2.0; you may not use this file except in compliance with the Elastic License
  * 2.0.
  */
-import { useQuery } from '@tanstack/react-query';
-import { i18n } from '@kbn/i18n';
 import { buildQueryFromFilters, Filter } from '@kbn/es-query';
-import { useMemo } from 'react';
+import { i18n } from '@kbn/i18n';
 import { GetOverviewResponse } from '@kbn/slo-schema/src/rest_specs/routes/get_overview';
-import { sloKeys } from '../../../hooks/query_key_factory';
+import { useQuery } from '@tanstack/react-query';
+import { useMemo } from 'react';
 import { SLO_SUMMARY_DESTINATION_INDEX_PATTERN } from '../../../../common/constants';
+import { sloKeys } from '../../../hooks/query_key_factory';
 import { useCreateDataView } from '../../../hooks/use_create_data_view';
-import { useKibana } from '../../../utils/kibana_react';
+import { usePluginContext } from '../../../hooks/use_plugin_context';
+import { useKibana } from '../../../hooks/use_kibana';
 import { SearchState } from './use_url_search_state';
 
 interface SLOsOverviewParams {
@@ -38,8 +39,8 @@ export function useFetchSLOsOverview({
   filters: filterDSL = [],
   lastRefresh,
 }: SLOsOverviewParams = {}): UseFetchSloGroupsResponse {
+  const { sloClient } = usePluginContext();
   const {
-    http,
     notifications: { toasts },
   } = useKibana().services;
 
@@ -73,10 +74,12 @@ export function useFetchSLOsOverview({
       lastRefresh,
     }),
     queryFn: async ({ signal }) => {
-      return await http.get<GetOverviewResponse>('/internal/observability/slos/overview', {
-        query: {
-          ...(kqlQuery && { kqlQuery }),
-          ...(filters && { filters }),
+      return await sloClient.fetch('GET /internal/observability/slos/overview', {
+        params: {
+          query: {
+            ...(kqlQuery && { kqlQuery }),
+            ...(filters && { filters }),
+          },
         },
         signal,
       });
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slos/hooks/use_slo_list_actions.ts b/x-pack/plugins/observability_solution/slo/public/pages/slos/hooks/use_slo_list_actions.ts
index 2d7d8b7d9a97f..d339c1e66bf00 100644
--- a/x-pack/plugins/observability_solution/slo/public/pages/slos/hooks/use_slo_list_actions.ts
+++ b/x-pack/plugins/observability_solution/slo/public/pages/slos/hooks/use_slo_list_actions.ts
@@ -8,7 +8,7 @@
 import { SaveModalDashboardProps } from '@kbn/presentation-util-plugin/public';
 import { SLOWithSummaryResponse } from '@kbn/slo-schema';
 import { useCallback } from 'react';
-import { useKibana } from '../../../utils/kibana_react';
+import { useKibana } from '../../../hooks/use_kibana';
 import { SLO_OVERVIEW_EMBEDDABLE_ID } from '../../../embeddable/slo/overview/constants';
 
 export function useSloListActions({
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slos/hooks/use_slo_summary.ts b/x-pack/plugins/observability_solution/slo/public/pages/slos/hooks/use_slo_summary.ts
index d2811774e59aa..0ad95a4408ab8 100644
--- a/x-pack/plugins/observability_solution/slo/public/pages/slos/hooks/use_slo_summary.ts
+++ b/x-pack/plugins/observability_solution/slo/public/pages/slos/hooks/use_slo_summary.ts
@@ -9,7 +9,7 @@ import numeral from '@elastic/numeral';
 import { ALL_VALUE, SLOWithSummaryResponse } from '@kbn/slo-schema';
 import { IBasePath } from '@kbn/core-http-browser';
 import { IUiSettingsClient } from '@kbn/core-ui-settings-browser';
-import { useKibana } from '../../../utils/kibana_react';
+import { useKibana } from '../../../hooks/use_kibana';
 import { paths } from '../../../../common/locators/paths';
 import { NOT_AVAILABLE_LABEL } from '../../../../common/i18n';
 
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slos/hooks/use_summary_dataview.ts b/x-pack/plugins/observability_solution/slo/public/pages/slos/hooks/use_summary_dataview.ts
index 3d502cfe85ec7..ab5664ee49b43 100644
--- a/x-pack/plugins/observability_solution/slo/public/pages/slos/hooks/use_summary_dataview.ts
+++ b/x-pack/plugins/observability_solution/slo/public/pages/slos/hooks/use_summary_dataview.ts
@@ -9,8 +9,8 @@ import { useFetcher } from '@kbn/observability-shared-plugin/public';
 import { useEffect, useState } from 'react';
 import { getListOfSloSummaryIndices } from '../../../../common/summary_indices';
 import { useCreateDataView } from '../../../hooks/use_create_data_view';
-import { useKibana } from '../../../utils/kibana_react';
-import { useGetSettings } from '../../slo_settings/use_get_settings';
+import { useKibana } from '../../../hooks/use_kibana';
+import { useGetSettings } from '../../slo_settings/hooks/use_get_settings';
 
 export const useSloSummaryDataView = () => {
   const { http } = useKibana().services;
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slos/hooks/use_url_search_state.ts b/x-pack/plugins/observability_solution/slo/public/pages/slos/hooks/use_url_search_state.ts
index 59284ee617919..5da3b4596ed71 100644
--- a/x-pack/plugins/observability_solution/slo/public/pages/slos/hooks/use_url_search_state.ts
+++ b/x-pack/plugins/observability_solution/slo/public/pages/slos/hooks/use_url_search_state.ts
@@ -5,11 +5,11 @@
  * 2.0.
  */
 
+import type { Filter } from '@kbn/es-query';
 import { createKbnUrlStateStorage } from '@kbn/kibana-utils-plugin/public';
 import deepmerge from 'deepmerge';
-import { useHistory } from 'react-router-dom';
-import { Filter } from '@kbn/es-query';
 import { useCallback, useEffect, useRef, useState } from 'react';
+import { useHistory } from 'react-router-dom';
 import { DEFAULT_SLO_PAGE_SIZE } from '../../../../common/constants';
 import type { GroupByField } from '../components/slo_list_group_by';
 import type { SLOView } from '../components/toggle_slo_view';
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slos/slos.test.tsx b/x-pack/plugins/observability_solution/slo/public/pages/slos/slos.test.tsx
index 905e6088ef74b..3a9c21c2ffa0e 100644
--- a/x-pack/plugins/observability_solution/slo/public/pages/slos/slos.test.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/pages/slos/slos.test.tsx
@@ -25,9 +25,9 @@ import { useFetchHistoricalSummary } from '../../hooks/use_fetch_historical_summ
 import { useFetchSloList } from '../../hooks/use_fetch_slo_list';
 import { useLicense } from '../../hooks/use_license';
 import { usePermissions } from '../../hooks/use_permissions';
-import { useKibana } from '../../utils/kibana_react';
+import { useKibana } from '../../hooks/use_kibana';
 import { render } from '../../utils/test_helper';
-import { useGetSettings } from '../slo_settings/use_get_settings';
+import { useGetSettings } from '../slo_settings/hooks/use_get_settings';
 import { SlosPage } from './slos';
 
 jest.mock('react-router-dom', () => ({
@@ -36,11 +36,11 @@ jest.mock('react-router-dom', () => ({
 }));
 
 jest.mock('@kbn/observability-shared-plugin/public');
-jest.mock('../../utils/kibana_react');
+jest.mock('../../hooks/use_kibana');
 jest.mock('../../hooks/use_license');
 jest.mock('../../hooks/use_fetch_slo_list');
 jest.mock('../../hooks/use_create_slo');
-jest.mock('../slo_settings/use_get_settings');
+jest.mock('../slo_settings/hooks/use_get_settings');
 jest.mock('../../hooks/use_delete_slo');
 jest.mock('../../hooks/use_delete_slo_instance');
 jest.mock('../../hooks/use_fetch_historical_summary');
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slos/slos.tsx b/x-pack/plugins/observability_solution/slo/public/pages/slos/slos.tsx
index ba23f7af34c3d..ebc0dbb39c192 100644
--- a/x-pack/plugins/observability_solution/slo/public/pages/slos/slos.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/pages/slos/slos.tsx
@@ -17,7 +17,7 @@ import { useFetchSloList } from '../../hooks/use_fetch_slo_list';
 import { useLicense } from '../../hooks/use_license';
 import { usePermissions } from '../../hooks/use_permissions';
 import { usePluginContext } from '../../hooks/use_plugin_context';
-import { useKibana } from '../../utils/kibana_react';
+import { useKibana } from '../../hooks/use_kibana';
 import { CreateSloBtn } from './components/common/create_slo_btn';
 import { FeedbackButton } from './components/common/feedback_button';
 import { SloList } from './components/slo_list';
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slos_welcome/slos_welcome.test.tsx b/x-pack/plugins/observability_solution/slo/public/pages/slos_welcome/slos_welcome.test.tsx
index 07676d1cbe4a3..369a1fbeed932 100644
--- a/x-pack/plugins/observability_solution/slo/public/pages/slos_welcome/slos_welcome.test.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/pages/slos_welcome/slos_welcome.test.tsx
@@ -14,7 +14,7 @@ import { emptySloList, sloList } from '../../data/slo/slo';
 import { usePermissions } from '../../hooks/use_permissions';
 import { useFetchSloList } from '../../hooks/use_fetch_slo_list';
 import { useLicense } from '../../hooks/use_license';
-import { useKibana } from '../../utils/kibana_react';
+import { useKibana } from '../../hooks/use_kibana';
 import { render } from '../../utils/test_helper';
 import { SlosWelcomePage } from './slos_welcome';
 import { HeaderMenuPortal } from '@kbn/observability-shared-plugin/public';
@@ -25,7 +25,7 @@ jest.mock('react-router-dom', () => ({
 }));
 
 jest.mock('@kbn/observability-shared-plugin/public');
-jest.mock('../../utils/kibana_react');
+jest.mock('../../hooks/use_kibana');
 jest.mock('../../hooks/use_license');
 jest.mock('../../hooks/use_fetch_slo_list');
 jest.mock('../../hooks/use_permissions');
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slos_welcome/slos_welcome.tsx b/x-pack/plugins/observability_solution/slo/public/pages/slos_welcome/slos_welcome.tsx
index fc03009beb72e..ccb273aad913e 100644
--- a/x-pack/plugins/observability_solution/slo/public/pages/slos_welcome/slos_welcome.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/pages/slos_welcome/slos_welcome.tsx
@@ -25,7 +25,7 @@ import { useFetchSloList } from '../../hooks/use_fetch_slo_list';
 import { useLicense } from '../../hooks/use_license';
 import { usePermissions } from '../../hooks/use_permissions';
 import { usePluginContext } from '../../hooks/use_plugin_context';
-import { useKibana } from '../../utils/kibana_react';
+import { useKibana } from '../../hooks/use_kibana';
 import illustration from './assets/illustration.svg';
 
 export function SlosWelcomePage() {
diff --git a/x-pack/plugins/observability_solution/slo/public/plugin.ts b/x-pack/plugins/observability_solution/slo/public/plugin.ts
index 3e320238794bc..e61910e108a7d 100644
--- a/x-pack/plugins/observability_solution/slo/public/plugin.ts
+++ b/x-pack/plugins/observability_solution/slo/public/plugin.ts
@@ -14,10 +14,13 @@ import {
   Plugin,
   PluginInitializerContext,
 } from '@kbn/core/public';
+import { DefaultClientOptions, createRepositoryClient } from '@kbn/server-route-repository-client';
+import { lazy } from 'react';
 import { BehaviorSubject, firstValueFrom } from 'rxjs';
 import { PLUGIN_NAME, sloAppId } from '../common';
-import { ExperimentalFeatures, SloConfig } from '../common/config';
+import { ExperimentalFeatures, SLOConfig } from '../common/config';
 import { SLOS_BASE_PATH } from '../common/locators/paths';
+import type { SLORouteRepository } from '../server/routes/get_slo_server_route_repository';
 import { SLO_ALERTS_EMBEDDABLE_ID } from './embeddable/slo/alerts/constants';
 import { SLO_BURN_RATE_EMBEDDABLE_ID } from './embeddable/slo/burn_rate/constants';
 import { SLO_ERROR_BUDGET_ID } from './embeddable/slo/error_budget/constants';
@@ -26,37 +29,41 @@ import { SloOverviewEmbeddableState } from './embeddable/slo/overview/types';
 import { SloDetailsLocatorDefinition } from './locators/slo_details';
 import { SloEditLocatorDefinition } from './locators/slo_edit';
 import { SloListLocatorDefinition } from './locators/slo_list';
-import { getCreateSLOFlyoutLazy } from './pages/slo_edit/shared_flyout/get_create_slo_flyout';
 import { registerBurnRateRuleType } from './rules/register_burn_rate_rule_type';
-import type { SloPublicSetup, SloPublicStart } from './types';
-import { SloPublicPluginsSetup, SloPublicPluginsStart } from './types';
-
-export class SloPlugin
-  implements Plugin<SloPublicSetup, SloPublicStart, SloPublicPluginsSetup, SloPublicPluginsStart>
+import type {
+  SLOPublicPluginsSetup,
+  SLOPublicPluginsStart,
+  SLOPublicSetup,
+  SLOPublicStart,
+} from './types';
+import { getLazyWithContextProviders } from './utils/get_lazy_with_context_providers';
+
+export class SLOPlugin
+  implements Plugin<SLOPublicSetup, SLOPublicStart, SLOPublicPluginsSetup, SLOPublicPluginsStart>
 {
   private readonly appUpdater$ = new BehaviorSubject<AppUpdater>(() => ({}));
   private experimentalFeatures: ExperimentalFeatures = { ruleFormV2: { enabled: false } };
 
-  constructor(private readonly initContext: PluginInitializerContext<SloConfig>) {
+  constructor(private readonly initContext: PluginInitializerContext<SLOConfig>) {
     this.experimentalFeatures =
       this.initContext.config.get().experimental ?? this.experimentalFeatures;
   }
 
   public setup(
-    coreSetup: CoreSetup<SloPublicPluginsStart, SloPublicStart>,
-    pluginsSetup: SloPublicPluginsSetup
+    core: CoreSetup<SLOPublicPluginsStart, SLOPublicStart>,
+    plugins: SLOPublicPluginsSetup
   ) {
     const kibanaVersion = this.initContext.env.packageInfo.version;
 
-    const sloDetailsLocator = pluginsSetup.share.url.locators.create(
-      new SloDetailsLocatorDefinition()
-    );
-    const sloEditLocator = pluginsSetup.share.url.locators.create(new SloEditLocatorDefinition());
-    const sloListLocator = pluginsSetup.share.url.locators.create(new SloListLocatorDefinition());
+    const sloClient = createRepositoryClient<SLORouteRepository, DefaultClientOptions>(core);
+
+    const sloDetailsLocator = plugins.share.url.locators.create(new SloDetailsLocatorDefinition());
+    const sloEditLocator = plugins.share.url.locators.create(new SloEditLocatorDefinition());
+    const sloListLocator = plugins.share.url.locators.create(new SloListLocatorDefinition());
 
     const mount = async (params: AppMountParameters<unknown>) => {
       const { renderApp } = await import('./application');
-      const [coreStart, pluginsStart] = await coreSetup.getStartServices();
+      const [coreStart, pluginsStart] = await core.getStartServices();
       const { observabilityRuleTypeRegistry } = pluginsStart.observability;
 
       return renderApp({
@@ -65,11 +72,12 @@ export class SloPlugin
         isDev: this.initContext.env.mode.dev,
         observabilityRuleTypeRegistry,
         kibanaVersion,
-        usageCollection: pluginsSetup.usageCollection,
+        usageCollection: plugins.usageCollection,
         ObservabilityPageTemplate: pluginsStart.observabilityShared.navigation.PageTemplate,
         plugins: pluginsStart,
         isServerless: !!pluginsStart.serverless,
         experimentalFeatures: this.experimentalFeatures,
+        sloClient,
       });
     };
     const appUpdater$ = this.appUpdater$;
@@ -85,17 +93,36 @@ export class SloPlugin
       keywords: ['observability', 'monitor', 'slos'],
     };
     // Register an application into the side navigation menu
-    coreSetup.application.register(app);
+    core.application.register(app);
+
+    const registerRules = async () => {
+      const [coreStart, pluginsStart] = await core.getStartServices();
+      const lazyWithContextProviders = getLazyWithContextProviders({
+        core: coreStart,
+        isDev: this.initContext.env.mode.dev,
+        kibanaVersion,
+        observabilityRuleTypeRegistry: pluginsStart.observability.observabilityRuleTypeRegistry,
+        ObservabilityPageTemplate: pluginsStart.observabilityShared.navigation.PageTemplate,
+        plugins: pluginsStart,
+        isServerless: !!plugins.serverless,
+        experimentalFeatures: this.experimentalFeatures,
+        sloClient,
+      });
 
-    registerBurnRateRuleType(pluginsSetup.observability.observabilityRuleTypeRegistry);
+      registerBurnRateRuleType(
+        plugins.observability.observabilityRuleTypeRegistry,
+        lazyWithContextProviders
+      );
+    };
+    registerRules();
 
-    const assertPlatinumLicense = async () => {
-      const licensing = pluginsSetup.licensing;
+    const registerEmbeddables = async () => {
+      const licensing = plugins.licensing;
       const license = await firstValueFrom(licensing.license$);
 
       const hasPlatinumLicense = license.hasAtLeast('platinum');
       if (hasPlatinumLicense) {
-        const [coreStart, pluginsStart] = await coreSetup.getStartServices();
+        const [coreStart, pluginsStart] = await core.getStartServices();
 
         pluginsStart.dashboard.registerDashboardPanelPlacementSetting(
           SLO_OVERVIEW_EMBEDDABLE_ID,
@@ -106,66 +133,61 @@ export class SloPlugin
             return { width: 12, height: 8 };
           }
         );
-
-        pluginsSetup.embeddable.registerReactEmbeddableFactory(
-          SLO_OVERVIEW_EMBEDDABLE_ID,
-          async () => {
-            const { getOverviewEmbeddableFactory } = await import(
-              './embeddable/slo/overview/slo_embeddable_factory'
-            );
-            return getOverviewEmbeddableFactory(coreSetup.getStartServices);
+        pluginsStart.dashboard.registerDashboardPanelPlacementSetting(
+          SLO_BURN_RATE_EMBEDDABLE_ID,
+          () => {
+            return { width: 14, height: 7 };
           }
         );
 
-        pluginsSetup.embeddable.registerReactEmbeddableFactory(
-          SLO_ALERTS_EMBEDDABLE_ID,
-          async () => {
-            const { getAlertsEmbeddableFactory } = await import(
-              './embeddable/slo/alerts/slo_alerts_embeddable_factory'
-            );
+        plugins.embeddable.registerReactEmbeddableFactory(SLO_OVERVIEW_EMBEDDABLE_ID, async () => {
+          const { getOverviewEmbeddableFactory } = await import(
+            './embeddable/slo/overview/slo_embeddable_factory'
+          );
+          return getOverviewEmbeddableFactory({ coreStart, pluginsStart, sloClient });
+        });
 
-            return getAlertsEmbeddableFactory(coreSetup.getStartServices, kibanaVersion);
-          }
-        );
+        plugins.embeddable.registerReactEmbeddableFactory(SLO_ALERTS_EMBEDDABLE_ID, async () => {
+          const { getAlertsEmbeddableFactory } = await import(
+            './embeddable/slo/alerts/slo_alerts_embeddable_factory'
+          );
 
-        pluginsSetup.embeddable.registerReactEmbeddableFactory(SLO_ERROR_BUDGET_ID, async () => {
-          const deps = { ...coreStart, ...pluginsStart };
+          return getAlertsEmbeddableFactory({ coreStart, pluginsStart, sloClient, kibanaVersion });
+        });
 
+        plugins.embeddable.registerReactEmbeddableFactory(SLO_ERROR_BUDGET_ID, async () => {
           const { getErrorBudgetEmbeddableFactory } = await import(
             './embeddable/slo/error_budget/error_budget_react_embeddable_factory'
           );
-          return getErrorBudgetEmbeddableFactory(deps);
+          return getErrorBudgetEmbeddableFactory({
+            coreStart,
+            pluginsStart,
+            sloClient,
+          });
         });
 
-        pluginsStart.dashboard.registerDashboardPanelPlacementSetting(
-          SLO_BURN_RATE_EMBEDDABLE_ID,
-          () => {
-            return { width: 14, height: 7 };
-          }
-        );
-        pluginsSetup.embeddable.registerReactEmbeddableFactory(
-          SLO_BURN_RATE_EMBEDDABLE_ID,
-          async () => {
-            const deps = { ...coreStart, ...pluginsStart };
-
-            const { getBurnRateEmbeddableFactory } = await import(
-              './embeddable/slo/burn_rate/burn_rate_react_embeddable_factory'
-            );
-            return getBurnRateEmbeddableFactory(deps);
-          }
-        );
+        plugins.embeddable.registerReactEmbeddableFactory(SLO_BURN_RATE_EMBEDDABLE_ID, async () => {
+          const { getBurnRateEmbeddableFactory } = await import(
+            './embeddable/slo/burn_rate/burn_rate_react_embeddable_factory'
+          );
+          return getBurnRateEmbeddableFactory({
+            coreStart,
+            pluginsStart,
+            sloClient,
+          });
+        });
 
         const registerAsyncSloUiActions = async () => {
-          if (pluginsSetup.uiActions) {
+          if (plugins.uiActions) {
             const { registerSloUiActions } = await import('./ui_actions');
 
-            registerSloUiActions(coreSetup, pluginsSetup, pluginsStart);
+            registerSloUiActions(plugins.uiActions, coreStart, pluginsStart, sloClient);
           }
         };
         registerAsyncSloUiActions();
       }
     };
-    assertPlatinumLicense();
+    registerEmbeddables();
 
     return {
       sloDetailsLocator,
@@ -174,19 +196,27 @@ export class SloPlugin
     };
   }
 
-  public start(coreStart: CoreStart, pluginsStart: SloPublicPluginsStart) {
+  public start(core: CoreStart, plugins: SLOPublicPluginsStart) {
     const kibanaVersion = this.initContext.env.packageInfo.version;
+    const sloClient = createRepositoryClient<SLORouteRepository, DefaultClientOptions>(core);
+
+    const lazyWithContextProviders = getLazyWithContextProviders({
+      core,
+      isDev: this.initContext.env.mode.dev,
+      kibanaVersion,
+      observabilityRuleTypeRegistry: plugins.observability.observabilityRuleTypeRegistry,
+      ObservabilityPageTemplate: plugins.observabilityShared.navigation.PageTemplate,
+      plugins,
+      isServerless: !!plugins.serverless,
+      experimentalFeatures: this.experimentalFeatures,
+      sloClient,
+    });
+
     return {
-      getCreateSLOFlyout: getCreateSLOFlyoutLazy({
-        core: coreStart,
-        isDev: this.initContext.env.mode.dev,
-        kibanaVersion,
-        observabilityRuleTypeRegistry: pluginsStart.observability.observabilityRuleTypeRegistry,
-        ObservabilityPageTemplate: pluginsStart.observabilityShared.navigation.PageTemplate,
-        plugins: pluginsStart,
-        isServerless: !!pluginsStart.serverless,
-        experimentalFeatures: this.experimentalFeatures,
-      }),
+      getCreateSLOFlyout: lazyWithContextProviders(
+        lazy(() => import('./pages/slo_edit/shared_flyout/slo_add_form_flyout')),
+        { spinnerSize: 'm' }
+      ),
     };
   }
 
diff --git a/x-pack/plugins/observability_solution/slo/public/rules/register_burn_rate_rule_type.ts b/x-pack/plugins/observability_solution/slo/public/rules/register_burn_rate_rule_type.ts
index f843809543620..cea53c96ab0a0 100644
--- a/x-pack/plugins/observability_solution/slo/public/rules/register_burn_rate_rule_type.ts
+++ b/x-pack/plugins/observability_solution/slo/public/rules/register_burn_rate_rule_type.ts
@@ -5,13 +5,13 @@
  * 2.0.
  */
 
-import { lazy } from 'react';
 import { i18n } from '@kbn/i18n';
-import { ALERT_REASON } from '@kbn/rule-data-utils';
 import { ObservabilityRuleTypeRegistry } from '@kbn/observability-plugin/public/rules/create_observability_rule_type_registry';
-import { SLO_BURN_RATE_RULE_TYPE_ID } from '@kbn/rule-data-utils';
+import { ALERT_REASON, SLO_BURN_RATE_RULE_TYPE_ID } from '@kbn/rule-data-utils';
+import { lazy } from 'react';
 import { SLO_ID_FIELD, SLO_INSTANCE_ID_FIELD } from '../../common/field_names/slo';
 import { validateBurnRateRule } from '../components/burn_rate_rule_editor/validation';
+import { LazyWithContextProviders } from '../utils/get_lazy_with_context_providers';
 
 const sloBurnRateDefaultActionMessage = i18n.translate(
   'xpack.slo.rules.burnRate.defaultActionMessage',
@@ -47,7 +47,8 @@ const sloBurnRateDefaultRecoveryMessage = i18n.translate(
 );
 
 export const registerBurnRateRuleType = (
-  observabilityRuleTypeRegistry: ObservabilityRuleTypeRegistry
+  observabilityRuleTypeRegistry: ObservabilityRuleTypeRegistry,
+  lazyWithContextProviders: LazyWithContextProviders
 ) => {
   observabilityRuleTypeRegistry.register({
     id: SLO_BURN_RATE_RULE_TYPE_ID,
@@ -71,8 +72,8 @@ export const registerBurnRateRuleType = (
     requiresAppContext: false,
     defaultActionMessage: sloBurnRateDefaultActionMessage,
     defaultRecoveryMessage: sloBurnRateDefaultRecoveryMessage,
-    alertDetailsAppSection: lazy(
-      () => import('../components/slo/burn_rate/alert_details/alert_details_app_section')
+    alertDetailsAppSection: lazyWithContextProviders(
+      lazy(() => import('../components/alert_details/alert_details_app_section'))
     ),
     priority: 100,
   });
diff --git a/x-pack/plugins/observability_solution/slo/public/types.ts b/x-pack/plugins/observability_solution/slo/public/types.ts
index 9e730bd429541..2c66b340df6d3 100644
--- a/x-pack/plugins/observability_solution/slo/public/types.ts
+++ b/x-pack/plugins/observability_solution/slo/public/types.ts
@@ -4,6 +4,25 @@
  * 2.0; you may not use this file except in compliance with the Elastic License
  * 2.0.
  */
+import { AiopsPluginStart } from '@kbn/aiops-plugin/public/types';
+import { CasesPublicStart } from '@kbn/cases-plugin/public';
+import type { ChartsPluginStart } from '@kbn/charts-plugin/public';
+import type { CloudStart } from '@kbn/cloud-plugin/public';
+import { DashboardStart } from '@kbn/dashboard-plugin/public';
+import type { DataPublicPluginSetup, DataPublicPluginStart } from '@kbn/data-plugin/public';
+import { DataViewEditorStart } from '@kbn/data-view-editor-plugin/public';
+import { DataViewFieldEditorStart } from '@kbn/data-view-field-editor-plugin/public';
+import type { DataViewsPublicPluginStart } from '@kbn/data-views-plugin/public';
+import type { DiscoverStart } from '@kbn/discover-plugin/public';
+import type { EmbeddableSetup, EmbeddableStart } from '@kbn/embeddable-plugin/public';
+import { FieldFormatsStart } from '@kbn/field-formats-plugin/public';
+import type { LensPublicStart } from '@kbn/lens-plugin/public';
+import type { LicensingPluginSetup } from '@kbn/licensing-plugin/public';
+import { LicensingPluginStart } from '@kbn/licensing-plugin/public';
+import {
+  ObservabilityAIAssistantPublicSetup,
+  ObservabilityAIAssistantPublicStart,
+} from '@kbn/observability-ai-assistant-plugin/public';
 import {
   ObservabilityPublicSetup,
   ObservabilityPublicStart,
@@ -12,85 +31,68 @@ import type {
   ObservabilitySharedPluginSetup,
   ObservabilitySharedPluginStart,
 } from '@kbn/observability-shared-plugin/public';
-import { AiopsPluginStart } from '@kbn/aiops-plugin/public/types';
-import type { ChartsPluginStart } from '@kbn/charts-plugin/public';
-import { DashboardStart } from '@kbn/dashboard-plugin/public';
-import type { EmbeddableStart } from '@kbn/embeddable-plugin/public';
-import type { EmbeddableSetup } from '@kbn/embeddable-plugin/public';
+import type { PresentationUtilPluginStart } from '@kbn/presentation-util-plugin/public';
+import { DefaultClientOptions, RouteRepositoryClient } from '@kbn/server-route-repository-client';
+import { ServerlessPluginSetup, ServerlessPluginStart } from '@kbn/serverless/public';
+import { SharePluginSetup, SharePluginStart } from '@kbn/share-plugin/public';
+import { SpacesPluginStart } from '@kbn/spaces-plugin/public';
 import type {
   TriggersAndActionsUIPublicPluginSetup,
   TriggersAndActionsUIPublicPluginStart,
 } from '@kbn/triggers-actions-ui-plugin/public';
-import type { LicensingPluginSetup } from '@kbn/licensing-plugin/public';
-import { SharePluginSetup, SharePluginStart } from '@kbn/share-plugin/public';
-import { LicensingPluginStart } from '@kbn/licensing-plugin/public';
-import type { UiActionsStart, UiActionsSetup } from '@kbn/ui-actions-plugin/public';
-import type { PresentationUtilPluginStart } from '@kbn/presentation-util-plugin/public';
-import { ServerlessPluginSetup, ServerlessPluginStart } from '@kbn/serverless/public';
-import type { DataViewsPublicPluginStart } from '@kbn/data-views-plugin/public';
-import type { DataPublicPluginSetup, DataPublicPluginStart } from '@kbn/data-plugin/public';
-import type { CloudStart } from '@kbn/cloud-plugin/public';
+import type { UiActionsSetup, UiActionsStart } from '@kbn/ui-actions-plugin/public';
+import { UnifiedSearchPublicPluginStart } from '@kbn/unified-search-plugin/public';
 import type {
   UsageCollectionSetup,
   UsageCollectionStart,
 } from '@kbn/usage-collection-plugin/public';
-import {
-  ObservabilityAIAssistantPublicSetup,
-  ObservabilityAIAssistantPublicStart,
-} from '@kbn/observability-ai-assistant-plugin/public';
-import { SpacesPluginStart } from '@kbn/spaces-plugin/public';
-import type { LensPublicStart } from '@kbn/lens-plugin/public';
-import { DataViewEditorStart } from '@kbn/data-view-editor-plugin/public';
-import { UnifiedSearchPublicPluginStart } from '@kbn/unified-search-plugin/public';
-import { CasesPublicStart } from '@kbn/cases-plugin/public';
-import type { DiscoverStart } from '@kbn/discover-plugin/public';
-import { DataViewFieldEditorStart } from '@kbn/data-view-field-editor-plugin/public';
+import type { SLORouteRepository } from '../server/routes/get_slo_server_route_repository';
+import { SLOPlugin } from './plugin';
 
-import { FieldFormatsStart } from '@kbn/field-formats-plugin/public';
-import { SloPlugin } from './plugin';
+export type SLORepositoryClient = RouteRepositoryClient<SLORouteRepository, DefaultClientOptions>;
 
-export interface SloPublicPluginsSetup {
+export interface SLOPublicPluginsSetup {
   data: DataPublicPluginSetup;
+  embeddable: EmbeddableSetup;
+  licensing: LicensingPluginSetup;
   observability: ObservabilityPublicSetup;
+  observabilityAIAssistant?: ObservabilityAIAssistantPublicSetup;
   observabilityShared: ObservabilitySharedPluginSetup;
-  triggersActionsUi: TriggersAndActionsUIPublicPluginSetup;
-  licensing: LicensingPluginSetup;
+  presentationUtil: PresentationUtilPluginStart;
+  serverless?: ServerlessPluginSetup;
   share: SharePluginSetup;
-  embeddable: EmbeddableSetup;
+  triggersActionsUi: TriggersAndActionsUIPublicPluginSetup;
   uiActions: UiActionsSetup;
-  serverless?: ServerlessPluginSetup;
-  presentationUtil: PresentationUtilPluginStart;
-  observabilityAIAssistant?: ObservabilityAIAssistantPublicSetup;
   usageCollection: UsageCollectionSetup;
 }
 
-export interface SloPublicPluginsStart {
+export interface SLOPublicPluginsStart {
   aiops: AiopsPluginStart;
   cases: CasesPublicStart;
+  charts: ChartsPluginStart;
   cloud?: CloudStart;
   dashboard: DashboardStart;
+  data: DataPublicPluginStart;
   dataViewEditor: DataViewEditorStart;
+  dataViewFieldEditor: DataViewFieldEditorStart;
+  dataViews: DataViewsPublicPluginStart;
+  discover?: DiscoverStart;
+  embeddable: EmbeddableStart;
   fieldFormats: FieldFormatsStart;
+  lens: LensPublicStart;
+  licensing: LicensingPluginStart;
   observability: ObservabilityPublicStart;
+  observabilityAIAssistant?: ObservabilityAIAssistantPublicStart;
   observabilityShared: ObservabilitySharedPluginStart;
-  triggersActionsUi: TriggersAndActionsUIPublicPluginStart;
-  spaces?: SpacesPluginStart;
-  share: SharePluginStart;
-  licensing: LicensingPluginStart;
-  embeddable: EmbeddableStart;
-  uiActions: UiActionsStart;
   presentationUtil: PresentationUtilPluginStart;
   serverless?: ServerlessPluginStart;
-  data: DataPublicPluginStart;
-  dataViews: DataViewsPublicPluginStart;
-  observabilityAIAssistant?: ObservabilityAIAssistantPublicStart;
-  lens: LensPublicStart;
-  charts: ChartsPluginStart;
+  share: SharePluginStart;
+  spaces?: SpacesPluginStart;
+  triggersActionsUi: TriggersAndActionsUIPublicPluginStart;
+  uiActions: UiActionsStart;
   unifiedSearch: UnifiedSearchPublicPluginStart;
   usageCollection: UsageCollectionStart;
-  discover?: DiscoverStart;
-  dataViewFieldEditor: DataViewFieldEditorStart;
 }
 
-export type SloPublicSetup = ReturnType<SloPlugin['setup']>;
-export type SloPublicStart = ReturnType<SloPlugin['start']>;
+export type SLOPublicSetup = ReturnType<SLOPlugin['setup']>;
+export type SLOPublicStart = ReturnType<SLOPlugin['start']>;
diff --git a/x-pack/plugins/observability_solution/slo/public/ui_actions/create_alerts_panel_action.tsx b/x-pack/plugins/observability_solution/slo/public/ui_actions/create_alerts_panel_action.tsx
index 68e985d7d5580..7fb4f021329ee 100644
--- a/x-pack/plugins/observability_solution/slo/public/ui_actions/create_alerts_panel_action.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/ui_actions/create_alerts_panel_action.tsx
@@ -4,23 +4,26 @@
  * 2.0; you may not use this file except in compliance with the Elastic License
  * 2.0.
  */
+import type { CoreStart } from '@kbn/core/public';
 import { i18n } from '@kbn/i18n';
-import type { CoreSetup } from '@kbn/core/public';
+import { COMMON_OBSERVABILITY_GROUPING } from '@kbn/observability-shared-plugin/common';
 import { apiIsPresentationContainer } from '@kbn/presentation-containers';
+import { EmbeddableApiContext } from '@kbn/presentation-publishing';
 import {
   IncompatibleActionError,
   type UiActionsActionDefinition,
 } from '@kbn/ui-actions-plugin/public';
-import { EmbeddableApiContext } from '@kbn/presentation-publishing';
-import { COMMON_OBSERVABILITY_GROUPING } from '@kbn/observability-shared-plugin/common';
+import { SLOPublicPluginsStart } from '..';
 import {
   ADD_SLO_ALERTS_ACTION_ID,
   SLO_ALERTS_EMBEDDABLE_ID,
 } from '../embeddable/slo/alerts/constants';
-import { SloPublicPluginsStart, SloPublicStart } from '..';
+import { SLORepositoryClient } from '../types';
 
 export function createAddAlertsPanelAction(
-  getStartServices: CoreSetup<SloPublicPluginsStart, SloPublicStart>['getStartServices']
+  coreStart: CoreStart,
+  pluginsStart: SLOPublicPluginsStart,
+  sloClient: SLORepositoryClient
 ): UiActionsActionDefinition<EmbeddableApiContext> {
   return {
     id: ADD_SLO_ALERTS_ACTION_ID,
@@ -32,12 +35,12 @@ export function createAddAlertsPanelAction(
     },
     execute: async ({ embeddable }) => {
       if (!apiIsPresentationContainer(embeddable)) throw new IncompatibleActionError();
-      const [coreStart, deps] = await getStartServices();
+
       try {
         const { openSloConfiguration } = await import(
           '../embeddable/slo/alerts/slo_alerts_open_configuration'
         );
-        const initialState = await openSloConfiguration(coreStart, deps);
+        const initialState = await openSloConfiguration(coreStart, pluginsStart, sloClient);
         embeddable.addNewPanel(
           {
             panelType: SLO_ALERTS_EMBEDDABLE_ID,
diff --git a/x-pack/plugins/observability_solution/slo/public/ui_actions/create_burn_rate_panel_action.tsx b/x-pack/plugins/observability_solution/slo/public/ui_actions/create_burn_rate_panel_action.tsx
index 02490cf1bf7f8..c55dd85aa7027 100644
--- a/x-pack/plugins/observability_solution/slo/public/ui_actions/create_burn_rate_panel_action.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/ui_actions/create_burn_rate_panel_action.tsx
@@ -4,23 +4,26 @@
  * 2.0; you may not use this file except in compliance with the Elastic License
  * 2.0.
  */
-import type { CoreSetup } from '@kbn/core/public';
+import type { CoreStart } from '@kbn/core/public';
 import { i18n } from '@kbn/i18n';
+import { COMMON_OBSERVABILITY_GROUPING } from '@kbn/observability-shared-plugin/common';
 import { apiIsPresentationContainer } from '@kbn/presentation-containers';
 import { EmbeddableApiContext } from '@kbn/presentation-publishing';
 import {
   IncompatibleActionError,
   type UiActionsActionDefinition,
 } from '@kbn/ui-actions-plugin/public';
-import { COMMON_OBSERVABILITY_GROUPING } from '@kbn/observability-shared-plugin/common';
-import { SloPublicPluginsStart, SloPublicStart } from '..';
+import { SLOPublicPluginsStart } from '..';
 import {
   ADD_BURN_RATE_ACTION_ID,
   SLO_BURN_RATE_EMBEDDABLE_ID,
 } from '../embeddable/slo/burn_rate/constants';
+import { SLORepositoryClient } from '../types';
 
 export function createBurnRatePanelAction(
-  getStartServices: CoreSetup<SloPublicPluginsStart, SloPublicStart>['getStartServices']
+  coreStart: CoreStart,
+  pluginsStart: SLOPublicPluginsStart,
+  sloClient: SLORepositoryClient
 ): UiActionsActionDefinition<EmbeddableApiContext> {
   return {
     id: ADD_BURN_RATE_ACTION_ID,
@@ -32,12 +35,12 @@ export function createBurnRatePanelAction(
     },
     execute: async ({ embeddable }) => {
       if (!apiIsPresentationContainer(embeddable)) throw new IncompatibleActionError();
-      const [coreStart, deps] = await getStartServices();
+
       try {
         const { openConfiguration } = await import(
           '../embeddable/slo/burn_rate/open_configuration'
         );
-        const initialState = await openConfiguration(coreStart, deps);
+        const initialState = await openConfiguration(coreStart, pluginsStart, sloClient);
         embeddable.addNewPanel(
           {
             panelType: SLO_BURN_RATE_EMBEDDABLE_ID,
diff --git a/x-pack/plugins/observability_solution/slo/public/ui_actions/create_error_budget_action.tsx b/x-pack/plugins/observability_solution/slo/public/ui_actions/create_error_budget_action.tsx
index 9ba0b7a7a8677..6d1c46094b3a2 100644
--- a/x-pack/plugins/observability_solution/slo/public/ui_actions/create_error_budget_action.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/ui_actions/create_error_budget_action.tsx
@@ -5,21 +5,25 @@
  * 2.0.
  */
 import { i18n } from '@kbn/i18n';
-import type { CoreSetup } from '@kbn/core/public';
+import { COMMON_OBSERVABILITY_GROUPING } from '@kbn/observability-shared-plugin/common';
 import { apiIsPresentationContainer } from '@kbn/presentation-containers';
+import { EmbeddableApiContext } from '@kbn/presentation-publishing';
 import {
   IncompatibleActionError,
   type UiActionsActionDefinition,
 } from '@kbn/ui-actions-plugin/public';
-import { EmbeddableApiContext } from '@kbn/presentation-publishing';
-import { COMMON_OBSERVABILITY_GROUPING } from '@kbn/observability-shared-plugin/common';
+import { CoreStart } from '@kbn/core/public';
+import { SLOPublicPluginsStart } from '..';
 import {
   ADD_SLO_ERROR_BUDGET_ACTION_ID,
   SLO_ERROR_BUDGET_ID,
 } from '../embeddable/slo/error_budget/constants';
-import { SloPublicPluginsStart, SloPublicStart } from '..';
+import { SLORepositoryClient } from '../types';
+
 export function createAddErrorBudgetPanelAction(
-  getStartServices: CoreSetup<SloPublicPluginsStart, SloPublicStart>['getStartServices']
+  coreStart: CoreStart,
+  pluginsStart: SLOPublicPluginsStart,
+  sloClient: SLORepositoryClient
 ): UiActionsActionDefinition<EmbeddableApiContext> {
   return {
     id: ADD_SLO_ERROR_BUDGET_ACTION_ID,
@@ -31,12 +35,11 @@ export function createAddErrorBudgetPanelAction(
     },
     execute: async ({ embeddable }) => {
       if (!apiIsPresentationContainer(embeddable)) throw new IncompatibleActionError();
-      const [coreStart, deps] = await getStartServices();
       try {
         const { openSloConfiguration } = await import(
           '../embeddable/slo/error_budget/error_budget_open_configuration'
         );
-        const initialState = await openSloConfiguration(coreStart, deps);
+        const initialState = await openSloConfiguration(coreStart, pluginsStart, sloClient);
         embeddable.addNewPanel(
           {
             panelType: SLO_ERROR_BUDGET_ID,
diff --git a/x-pack/plugins/observability_solution/slo/public/ui_actions/create_overview_panel_action.tsx b/x-pack/plugins/observability_solution/slo/public/ui_actions/create_overview_panel_action.tsx
index c4b6e5009382d..3cb1bf49d55e9 100644
--- a/x-pack/plugins/observability_solution/slo/public/ui_actions/create_overview_panel_action.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/ui_actions/create_overview_panel_action.tsx
@@ -4,23 +4,26 @@
  * 2.0; you may not use this file except in compliance with the Elastic License
  * 2.0.
  */
+import type { CoreStart } from '@kbn/core/public';
 import { i18n } from '@kbn/i18n';
-import type { CoreSetup } from '@kbn/core/public';
+import { COMMON_OBSERVABILITY_GROUPING } from '@kbn/observability-shared-plugin/common';
 import { apiIsPresentationContainer } from '@kbn/presentation-containers';
+import { EmbeddableApiContext } from '@kbn/presentation-publishing';
 import {
   IncompatibleActionError,
   type UiActionsActionDefinition,
 } from '@kbn/ui-actions-plugin/public';
-import { EmbeddableApiContext } from '@kbn/presentation-publishing';
-import { COMMON_OBSERVABILITY_GROUPING } from '@kbn/observability-shared-plugin/common';
+import { SLOPublicPluginsStart } from '..';
 import {
   ADD_SLO_OVERVIEW_ACTION_ID,
   SLO_OVERVIEW_EMBEDDABLE_ID,
 } from '../embeddable/slo/overview/constants';
-import { SloPublicPluginsStart, SloPublicStart } from '..';
+import { SLORepositoryClient } from '../types';
 
 export function createOverviewPanelAction(
-  getStartServices: CoreSetup<SloPublicPluginsStart, SloPublicStart>['getStartServices']
+  coreStart: CoreStart,
+  pluginsStart: SLOPublicPluginsStart,
+  sloClient: SLORepositoryClient
 ): UiActionsActionDefinition<EmbeddableApiContext> {
   return {
     id: ADD_SLO_OVERVIEW_ACTION_ID,
@@ -32,12 +35,12 @@ export function createOverviewPanelAction(
     },
     execute: async ({ embeddable }) => {
       if (!apiIsPresentationContainer(embeddable)) throw new IncompatibleActionError();
-      const [coreStart, deps] = await getStartServices();
+
       try {
         const { openSloConfiguration } = await import(
           '../embeddable/slo/overview/slo_overview_open_configuration'
         );
-        const initialState = await openSloConfiguration(coreStart, deps);
+        const initialState = await openSloConfiguration(coreStart, pluginsStart, sloClient);
         embeddable.addNewPanel(
           {
             panelType: SLO_OVERVIEW_EMBEDDABLE_ID,
diff --git a/x-pack/plugins/observability_solution/slo/public/ui_actions/index.ts b/x-pack/plugins/observability_solution/slo/public/ui_actions/index.ts
index 26411f02e753d..2e5e69bd02ee2 100644
--- a/x-pack/plugins/observability_solution/slo/public/ui_actions/index.ts
+++ b/x-pack/plugins/observability_solution/slo/public/ui_actions/index.ts
@@ -5,27 +5,33 @@
  * 2.0.
  */
 
+import type { CoreStart } from '@kbn/core/public';
 import { ADD_PANEL_TRIGGER } from '@kbn/ui-actions-plugin/public';
-import type { CoreSetup } from '@kbn/core/public';
-import { createOverviewPanelAction } from './create_overview_panel_action';
-import { createAddErrorBudgetPanelAction } from './create_error_budget_action';
+import { UiActionsPublicSetup } from '@kbn/ui-actions-plugin/public/plugin';
+import { SLOPublicPluginsStart } from '..';
+import { SLORepositoryClient } from '../types';
 import { createAddAlertsPanelAction } from './create_alerts_panel_action';
-import { SloPublicPluginsStart, SloPublicStart, SloPublicPluginsSetup } from '..';
 import { createBurnRatePanelAction } from './create_burn_rate_panel_action';
+import { createAddErrorBudgetPanelAction } from './create_error_budget_action';
+import { createOverviewPanelAction } from './create_overview_panel_action';
 
 export function registerSloUiActions(
-  core: CoreSetup<SloPublicPluginsStart, SloPublicStart>,
-  pluginsSetup: SloPublicPluginsSetup,
-  pluginsStart: SloPublicPluginsStart
+  uiActions: UiActionsPublicSetup,
+  coreStart: CoreStart,
+  pluginsStart: SLOPublicPluginsStart,
+  sloClient: SLORepositoryClient
 ) {
-  const { uiActions } = pluginsSetup;
   const { serverless, cloud } = pluginsStart;
 
   // Initialize actions
-  const addOverviewPanelAction = createOverviewPanelAction(core.getStartServices);
-  const addErrorBudgetPanelAction = createAddErrorBudgetPanelAction(core.getStartServices);
-  const addAlertsPanelAction = createAddAlertsPanelAction(core.getStartServices);
-  const addBurnRatePanelAction = createBurnRatePanelAction(core.getStartServices);
+  const addOverviewPanelAction = createOverviewPanelAction(coreStart, pluginsStart, sloClient);
+  const addErrorBudgetPanelAction = createAddErrorBudgetPanelAction(
+    coreStart,
+    pluginsStart,
+    sloClient
+  );
+  const addAlertsPanelAction = createAddAlertsPanelAction(coreStart, pluginsStart, sloClient);
+  const addBurnRatePanelAction = createBurnRatePanelAction(coreStart, pluginsStart, sloClient);
 
   // Assign triggers
   // Only register these actions in stateful kibana, and the serverless observability project
diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/shared_flyout/get_create_slo_flyout.tsx b/x-pack/plugins/observability_solution/slo/public/utils/get_lazy_with_context_providers.tsx
similarity index 50%
rename from x-pack/plugins/observability_solution/slo/public/pages/slo_edit/shared_flyout/get_create_slo_flyout.tsx
rename to x-pack/plugins/observability_solution/slo/public/utils/get_lazy_with_context_providers.tsx
index 88e326082c9d8..a43aa9e7bff59 100644
--- a/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/shared_flyout/get_create_slo_flyout.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/utils/get_lazy_with_context_providers.tsx
@@ -5,49 +5,52 @@
  * 2.0.
  */
 
-import React from 'react';
-import { QueryClientProvider } from '@tanstack/react-query';
-import { QueryClient } from '@tanstack/react-query';
-import { Storage } from '@kbn/kibana-utils-plugin/public';
+import { EuiFlexGroup, EuiFlexItem, EuiLoadingSpinner, EuiLoadingSpinnerProps } from '@elastic/eui';
 import { CoreStart } from '@kbn/core/public';
-import { LazyObservabilityPageTemplateProps } from '@kbn/observability-shared-plugin/public';
 import { KibanaContextProvider } from '@kbn/kibana-react-plugin/public';
-import { RecursivePartial } from '@kbn/utility-types';
+import { Storage } from '@kbn/kibana-utils-plugin/public';
 import { ObservabilityRuleTypeRegistry } from '@kbn/observability-plugin/public';
-import { ExperimentalFeatures } from '../../../../common/config';
-import { CreateSLOForm } from '../types';
-import { PluginContext } from '../../../context/plugin_context';
-import { SloPublicPluginsStart } from '../../../types';
-import { SloAddFormFlyout } from './slo_form';
+import { LazyObservabilityPageTemplateProps } from '@kbn/observability-shared-plugin/public';
+import { QueryClient, QueryClientProvider } from '@tanstack/react-query';
+import React, { Suspense } from 'react';
+import { ExperimentalFeatures } from '../../common/config';
+import { PluginContext } from '../context/plugin_context';
+import { SLOPublicPluginsStart, SLORepositoryClient } from '../types';
 
-export const getCreateSLOFlyoutLazy = ({
-  core,
-  plugins,
-  observabilityRuleTypeRegistry,
-  ObservabilityPageTemplate,
-  isDev,
-  kibanaVersion,
-  isServerless,
-  experimentalFeatures,
-}: {
+interface Props {
   core: CoreStart;
-  plugins: SloPublicPluginsStart;
+  plugins: SLOPublicPluginsStart;
   observabilityRuleTypeRegistry: ObservabilityRuleTypeRegistry;
   ObservabilityPageTemplate: React.ComponentType<LazyObservabilityPageTemplateProps>;
   isDev?: boolean;
   kibanaVersion: string;
   isServerless?: boolean;
   experimentalFeatures: ExperimentalFeatures;
-}) => {
-  return ({
-    onClose,
-    initialValues,
-  }: {
-    onClose: () => void;
-    initialValues?: RecursivePartial<CreateSLOForm>;
-  }) => {
+  sloClient: SLORepositoryClient;
+}
+
+export type LazyWithContextProviders = ReturnType<typeof getLazyWithContextProviders>;
+
+interface Options {
+  spinnerSize?: EuiLoadingSpinnerProps['size'];
+}
+
+export const getLazyWithContextProviders =
+  ({
+    core,
+    plugins,
+    observabilityRuleTypeRegistry,
+    ObservabilityPageTemplate,
+    isDev,
+    kibanaVersion,
+    isServerless,
+    experimentalFeatures,
+    sloClient,
+  }: Props) =>
+  (LazyComponent: React.LazyExoticComponent<any>, options?: Options): React.FunctionComponent => {
+    const { spinnerSize = 'xl' } = options ?? {};
     const queryClient = new QueryClient();
-    return (
+    return (props) => (
       <KibanaContextProvider
         services={{
           ...core,
@@ -64,13 +67,25 @@ export const getCreateSLOFlyoutLazy = ({
             observabilityRuleTypeRegistry,
             ObservabilityPageTemplate,
             experimentalFeatures,
+            sloClient,
           }}
         >
           <QueryClientProvider client={queryClient}>
-            <SloAddFormFlyout onClose={onClose} initialValues={initialValues} />
+            <Suspense fallback={<LoadingSpinner size={spinnerSize} />}>
+              <LazyComponent {...props} />
+            </Suspense>
           </QueryClientProvider>
         </PluginContext.Provider>
       </KibanaContextProvider>
     );
   };
-};
+
+function LoadingSpinner({ size }: { size: EuiLoadingSpinnerProps['size'] }) {
+  return (
+    <EuiFlexGroup justifyContent="center">
+      <EuiFlexItem grow={false}>
+        <EuiLoadingSpinner size={size} />
+      </EuiFlexItem>
+    </EuiFlexGroup>
+  );
+}
diff --git a/x-pack/plugins/observability_solution/slo/public/utils/kibana_react.storybook_decorator.tsx b/x-pack/plugins/observability_solution/slo/public/utils/kibana_react.storybook_decorator.tsx
index 8785772608b55..8b6e951f9c97c 100644
--- a/x-pack/plugins/observability_solution/slo/public/utils/kibana_react.storybook_decorator.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/utils/kibana_react.storybook_decorator.tsx
@@ -4,17 +4,18 @@
  * 2.0; you may not use this file except in compliance with the Elastic License
  * 2.0.
  */
-import React, { ComponentType } from 'react';
-import { of } from 'rxjs';
-import { QueryClientProvider, QueryClient } from '@tanstack/react-query';
-import { KibanaContextProvider } from '@kbn/kibana-react-plugin/public';
 import { AppMountParameters } from '@kbn/core-application-browser';
-import { KibanaPageTemplate } from '@kbn/shared-ux-page-kibana-template';
 import { CoreTheme } from '@kbn/core-theme-browser';
-import { MemoryRouter } from 'react-router-dom';
+import { KibanaContextProvider } from '@kbn/kibana-react-plugin/public';
 import { casesFeatureId, sloFeatureId } from '@kbn/observability-shared-plugin/common';
-import { createObservabilityRuleTypeRegistryMock } from '../rules/observability_rule_type_registry_mock';
+import { KibanaPageTemplate } from '@kbn/shared-ux-page-kibana-template';
+import { QueryClient, QueryClientProvider } from '@tanstack/react-query';
+import React, { ComponentType } from 'react';
+import { MemoryRouter } from 'react-router-dom';
+import { of } from 'rxjs';
 import { PluginContext } from '../context/plugin_context';
+import { createObservabilityRuleTypeRegistryMock } from '../rules/observability_rule_type_registry_mock';
+import { SLORepositoryClient } from '../types';
 
 export function KibanaReactStorybookDecorator(Story: ComponentType) {
   const queryClient = new QueryClient();
@@ -105,6 +106,7 @@ export function KibanaReactStorybookDecorator(Story: ComponentType) {
           appMountParameters,
           observabilityRuleTypeRegistry,
           ObservabilityPageTemplate: KibanaPageTemplate,
+          sloClient: {} as SLORepositoryClient,
         }}
       >
         <MemoryRouter>
diff --git a/x-pack/plugins/observability_solution/slo/public/utils/test_helper.tsx b/x-pack/plugins/observability_solution/slo/public/utils/test_helper.tsx
index 014644d973b74..fd735d94c4a98 100644
--- a/x-pack/plugins/observability_solution/slo/public/utils/test_helper.tsx
+++ b/x-pack/plugins/observability_solution/slo/public/utils/test_helper.tsx
@@ -16,7 +16,9 @@ import { KibanaPageTemplate } from '@kbn/shared-ux-page-kibana-template';
 import { QueryClient, QueryClientProvider } from '@tanstack/react-query';
 import { render as testLibRender } from '@testing-library/react';
 import React from 'react';
+import { DefaultClientOptions, createRepositoryClient } from '@kbn/server-route-repository-client';
 import { PluginContext } from '../context/plugin_context';
+import type { SLORouteRepository } from '../../server/routes/get_slo_server_route_repository';
 
 const appMountParameters = { setHeaderActionMenu: () => {} } as unknown as AppMountParameters;
 const observabilityRuleTypeRegistry = createObservabilityRuleTypeRegistryMock();
@@ -39,6 +41,8 @@ const queryClient = new QueryClient({
   },
 });
 
+const sloClient = createRepositoryClient<SLORouteRepository, DefaultClientOptions>(core);
+
 export const render = (component: React.ReactNode) => {
   return testLibRender(
     // @ts-ignore
@@ -60,6 +64,7 @@ export const render = (component: React.ReactNode) => {
             appMountParameters,
             observabilityRuleTypeRegistry,
             ObservabilityPageTemplate: KibanaPageTemplate,
+            sloClient,
           }}
         >
           <QueryClientProvider client={queryClient}>
diff --git a/x-pack/plugins/observability_solution/slo/server/errors/errors.ts b/x-pack/plugins/observability_solution/slo/server/errors/errors.ts
index eaec36e66d08b..66718f64519d6 100644
--- a/x-pack/plugins/observability_solution/slo/server/errors/errors.ts
+++ b/x-pack/plugins/observability_solution/slo/server/errors/errors.ts
@@ -7,20 +7,18 @@
 
 /* eslint-disable max-classes-per-file */
 
-export class ObservabilityError extends Error {
+export class SLOError extends Error {
   constructor(message?: string) {
     super(message);
     this.name = this.constructor.name;
   }
 }
 
-export class SLONotFound extends ObservabilityError {}
-export class SLOIdConflict extends ObservabilityError {}
+export class SLONotFound extends SLOError {}
+export class SLOIdConflict extends SLOError {}
 
-export class InvalidQueryError extends ObservabilityError {}
-export class InternalQueryError extends ObservabilityError {}
-export class NotSupportedError extends ObservabilityError {}
-export class IllegalArgumentError extends ObservabilityError {}
-export class InvalidTransformError extends ObservabilityError {}
+export class InternalQueryError extends SLOError {}
+export class IllegalArgumentError extends SLOError {}
+export class InvalidTransformError extends SLOError {}
 
-export class SecurityException extends ObservabilityError {}
+export class SecurityException extends SLOError {}
diff --git a/x-pack/plugins/observability_solution/slo/server/errors/handler.ts b/x-pack/plugins/observability_solution/slo/server/errors/handler.ts
index c10f1d98c083e..2aeebefe2a06c 100644
--- a/x-pack/plugins/observability_solution/slo/server/errors/handler.ts
+++ b/x-pack/plugins/observability_solution/slo/server/errors/handler.ts
@@ -5,20 +5,33 @@
  * 2.0.
  */
 
-import { ObservabilityError, SecurityException, SLOIdConflict, SLONotFound } from './errors';
+import { Boom, badRequest, conflict, forbidden, notFound } from '@hapi/boom';
+import { SLOError, SecurityException, SLOIdConflict, SLONotFound } from './errors';
 
-export function getHTTPResponseCode(error: ObservabilityError): number {
+function handleSLOError(error: SLOError): Boom {
   if (error instanceof SLONotFound) {
-    return 404;
+    return notFound(error.message);
   }
 
   if (error instanceof SLOIdConflict) {
-    return 409;
+    return conflict(error.message);
   }
 
   if (error instanceof SecurityException) {
-    return 403;
+    return forbidden(error.message);
   }
 
-  return 400;
+  return badRequest(error.message);
+}
+
+export async function executeWithErrorHandler(fn: () => Promise<any>): Promise<any> {
+  try {
+    return await fn();
+  } catch (error) {
+    if (error instanceof SLOError) {
+      throw handleSLOError(error);
+    }
+
+    throw error;
+  }
 }
diff --git a/x-pack/plugins/observability_solution/slo/server/index.ts b/x-pack/plugins/observability_solution/slo/server/index.ts
index 5d6ccadb7f323..76806ac4d16cd 100644
--- a/x-pack/plugins/observability_solution/slo/server/index.ts
+++ b/x-pack/plugins/observability_solution/slo/server/index.ts
@@ -5,23 +5,20 @@
  * 2.0.
  */
 
-import { PluginInitializerContext } from '@kbn/core/server';
-import { configSchema } from '../common/config';
+import { PluginConfigDescriptor, PluginInitializerContext } from '@kbn/core/server';
+import { SLOConfig, configSchema } from '../common/config';
 
 //  This exports static code and TypeScript types,
 //  as well as, Kibana Platform `plugin()` initializer.
 
-export async function plugin(initializerContext: PluginInitializerContext) {
-  const { SloPlugin } = await import('./plugin');
-  return new SloPlugin(initializerContext);
+export async function plugin(ctx: PluginInitializerContext<SLOConfig>) {
+  const { SLOPlugin } = await import('./plugin');
+  return new SLOPlugin(ctx);
 }
 
-export type { PluginSetup, PluginStart } from './plugin';
-
-export const config = {
+export const config: PluginConfigDescriptor<SLOConfig> = {
   schema: configSchema,
   exposeToBrowser: {
     experimental: true,
   },
 };
-export type { SloConfig } from '../common/config';
diff --git a/x-pack/plugins/observability_solution/slo/server/plugin.ts b/x-pack/plugins/observability_solution/slo/server/plugin.ts
index a2e4229b2b952..d7d002d26aa03 100644
--- a/x-pack/plugins/observability_solution/slo/server/plugin.ts
+++ b/x-pack/plugins/observability_solution/slo/server/plugin.ts
@@ -5,79 +5,58 @@
  * 2.0.
  */
 
-import { i18n } from '@kbn/i18n';
 import {
-  PluginInitializerContext,
   CoreSetup,
   CoreStart,
   DEFAULT_APP_CATEGORIES,
-  Plugin,
   Logger,
+  Plugin,
+  PluginInitializerContext,
   SavedObjectsClient,
 } from '@kbn/core/server';
-import { PluginSetupContract, PluginStartContract } from '@kbn/alerting-plugin/server';
-import { FeaturesPluginSetup } from '@kbn/features-plugin/server';
-import {
-  RuleRegistryPluginSetupContract,
-  RuleRegistryPluginStartContract,
-} from '@kbn/rule-registry-plugin/server';
-import {
-  TaskManagerSetupContract,
-  TaskManagerStartContract,
-} from '@kbn/task-manager-plugin/server';
-import { DataViewsServerPluginStart } from '@kbn/data-views-plugin/server';
-import { CloudSetup } from '@kbn/cloud-plugin/server';
-import { SharePluginSetup } from '@kbn/share-plugin/server';
-import { UsageCollectionSetup } from '@kbn/usage-collection-plugin/server';
-import { SpacesPluginSetup, SpacesPluginStart } from '@kbn/spaces-plugin/server';
-import { AlertsLocatorDefinition } from '@kbn/observability-plugin/common';
-import { SLO_BURN_RATE_RULE_TYPE_ID } from '@kbn/rule-data-utils';
-import { sloFeatureId } from '@kbn/observability-plugin/common';
 import { KibanaFeatureScope } from '@kbn/features-plugin/common';
+import { i18n } from '@kbn/i18n';
+import { AlertsLocatorDefinition, sloFeatureId } from '@kbn/observability-plugin/common';
+import { SLO_BURN_RATE_RULE_TYPE_ID } from '@kbn/rule-data-utils';
+import { mapValues } from 'lodash';
 import { registerSloUsageCollector } from './lib/collectors/register';
-import { SloOrphanSummaryCleanupTask } from './services/tasks/orphan_summary_cleanup_task';
-import { slo, SO_SLO_TYPE } from './saved_objects';
-import { DefaultResourceInstaller, DefaultSLOInstaller } from './services';
 import { registerBurnRateRule } from './lib/rules/register_burn_rate_rule';
-import { SloConfig } from '.';
-import { registerRoutes } from './routes/register_routes';
 import { getSloServerRouteRepository } from './routes/get_slo_server_route_repository';
-import { sloSettings, SO_SLO_SETTINGS_TYPE } from './saved_objects/slo_settings';
-
-export type SloPluginSetup = ReturnType<SloPlugin['setup']>;
-
-export interface PluginSetup {
-  alerting: PluginSetupContract;
-  ruleRegistry: RuleRegistryPluginSetupContract;
-  share: SharePluginSetup;
-  features: FeaturesPluginSetup;
-  taskManager: TaskManagerSetupContract;
-  spaces?: SpacesPluginSetup;
-  cloud?: CloudSetup;
-  usageCollection: UsageCollectionSetup;
-}
-
-export interface PluginStart {
-  alerting: PluginStartContract;
-  taskManager: TaskManagerStartContract;
-  spaces?: SpacesPluginStart;
-  ruleRegistry: RuleRegistryPluginStartContract;
-  dataViews: DataViewsServerPluginStart;
-}
+import { registerServerRoutes } from './routes/register_routes';
+import { SLORoutesDependencies } from './routes/types';
+import { SO_SLO_TYPE, slo } from './saved_objects';
+import { SO_SLO_SETTINGS_TYPE, sloSettings } from './saved_objects/slo_settings';
+import { DefaultResourceInstaller, DefaultSLOInstaller } from './services';
+import { SloOrphanSummaryCleanupTask } from './services/tasks/orphan_summary_cleanup_task';
+import type {
+  SLOConfig,
+  SLOPluginSetupDependencies,
+  SLOPluginStartDependencies,
+  SLOServerSetup,
+  SLOServerStart,
+} from './types';
 
 const sloRuleTypes = [SLO_BURN_RATE_RULE_TYPE_ID];
 
-export class SloPlugin implements Plugin<SloPluginSetup> {
+export class SLOPlugin
+  implements
+    Plugin<SLOServerSetup, SLOServerStart, SLOPluginSetupDependencies, SLOPluginStartDependencies>
+{
   private readonly logger: Logger;
+  private readonly config: SLOConfig;
+  private readonly isServerless: boolean;
   private sloOrphanCleanupTask?: SloOrphanSummaryCleanupTask;
 
   constructor(private readonly initContext: PluginInitializerContext) {
-    this.initContext = initContext;
-    this.logger = initContext.logger.get();
+    this.logger = this.initContext.logger.get();
+    this.config = this.initContext.config.get<SLOConfig>();
+    this.isServerless = this.initContext.env.packageInfo.buildFlavor === 'serverless';
   }
 
-  public setup(core: CoreSetup<PluginStart>, plugins: PluginSetup) {
-    const config = this.initContext.config.get<SloConfig>();
+  public setup(
+    core: CoreSetup<SLOPluginStartDependencies, SLOServerStart>,
+    plugins: SLOPluginSetupDependencies
+  ): SLOServerSetup {
     const alertsLocator = plugins.share.url.locators.create(new AlertsLocatorDefinition());
 
     const savedObjectTypes = [SO_SLO_TYPE, SO_SLO_SETTINGS_TYPE];
@@ -144,36 +123,24 @@ export class SloPlugin implements Plugin<SloPluginSetup> {
 
     registerSloUsageCollector(plugins.usageCollection);
 
-    registerRoutes({
+    const routeHandlerPlugins = mapValues(plugins, (value, key) => {
+      return {
+        setup: value,
+        start: () =>
+          core.getStartServices().then(([, pluginStart]) => {
+            return pluginStart[key as keyof SLOPluginStartDependencies];
+          }),
+      };
+    }) as SLORoutesDependencies['plugins'];
+
+    registerServerRoutes({
       core,
-      config,
       dependencies: {
-        pluginsSetup: {
-          ...plugins,
-          core,
-        },
-        getDataViewsStart: async () => {
-          const [, pluginStart] = await core.getStartServices();
-          return pluginStart.dataViews;
-        },
-        getSpacesStart: async () => {
-          const [, pluginStart] = await core.getStartServices();
-          return pluginStart.spaces;
-        },
-        ruleDataService,
-        getRulesClientWithRequest: async (request) => {
-          const [, pluginStart] = await core.getStartServices();
-          return pluginStart.alerting.getRulesClientWithRequest(request);
-        },
-        getRacClientWithRequest: async (request) => {
-          const [, pluginStart] = await core.getStartServices();
-          return pluginStart.ruleRegistry.getRacClientWithRequest(request);
-        },
+        corePlugins: core,
+        plugins: routeHandlerPlugins,
       },
       logger: this.logger,
-      repository: getSloServerRouteRepository({
-        isServerless: this.initContext.env.packageInfo.buildFlavor === 'serverless',
-      }),
+      repository: getSloServerRouteRepository({ isServerless: this.isServerless }),
     });
 
     core
@@ -191,18 +158,20 @@ export class SloPlugin implements Plugin<SloPluginSetup> {
     this.sloOrphanCleanupTask = new SloOrphanSummaryCleanupTask(
       plugins.taskManager,
       this.logger,
-      config
+      this.config
     );
+
+    return {};
   }
 
-  public start(core: CoreStart, plugins: PluginStart) {
+  public start(core: CoreStart, plugins: SLOPluginStartDependencies): SLOServerStart {
     const internalSoClient = new SavedObjectsClient(core.savedObjects.createInternalRepository());
     const internalEsClient = core.elasticsearch.client.asInternalUser;
 
     this.sloOrphanCleanupTask
       ?.start(plugins.taskManager, internalSoClient, internalEsClient)
       .catch(() => {});
-  }
 
-  public stop() {}
+    return {};
+  }
 }
diff --git a/x-pack/plugins/observability_solution/slo/server/routes/create_slo_server_route.ts b/x-pack/plugins/observability_solution/slo/server/routes/create_slo_server_route.ts
index 762b5b369f6e6..6d1b762f1dca5 100644
--- a/x-pack/plugins/observability_solution/slo/server/routes/create_slo_server_route.ts
+++ b/x-pack/plugins/observability_solution/slo/server/routes/create_slo_server_route.ts
@@ -5,9 +5,6 @@
  * 2.0.
  */
 import { createServerRouteFactory } from '@kbn/server-route-repository';
-import { SloRouteCreateOptions, SloRouteHandlerResources } from './types';
+import { SLORouteHandlerResources } from './types';
 
-export const createSloServerRoute = createServerRouteFactory<
-  SloRouteHandlerResources,
-  SloRouteCreateOptions
->();
+export const createSloServerRoute = createServerRouteFactory<SLORouteHandlerResources>();
diff --git a/x-pack/plugins/observability_solution/slo/server/routes/get_slo_server_route_repository.ts b/x-pack/plugins/observability_solution/slo/server/routes/get_slo_server_route_repository.ts
index b04b6209054a9..f4205c98363d8 100644
--- a/x-pack/plugins/observability_solution/slo/server/routes/get_slo_server_route_repository.ts
+++ b/x-pack/plugins/observability_solution/slo/server/routes/get_slo_server_route_repository.ts
@@ -8,9 +8,7 @@
 import { getSloRouteRepository } from './slo/route';
 
 export function getSloServerRouteRepository({ isServerless }: { isServerless?: boolean } = {}) {
-  return {
-    ...getSloRouteRepository(isServerless),
-  };
+  return getSloRouteRepository(isServerless);
 }
 
-export type SloServerRouteRepository = ReturnType<typeof getSloServerRouteRepository>;
+export type SLORouteRepository = ReturnType<typeof getSloServerRouteRepository>;
diff --git a/x-pack/plugins/observability_solution/slo/server/routes/register_routes.ts b/x-pack/plugins/observability_solution/slo/server/routes/register_routes.ts
index 6a7d2d08bdd1b..fd0b18c210041 100644
--- a/x-pack/plugins/observability_solution/slo/server/routes/register_routes.ts
+++ b/x-pack/plugins/observability_solution/slo/server/routes/register_routes.ts
@@ -4,136 +4,23 @@
  * 2.0; you may not use this file except in compliance with the Elastic License
  * 2.0.
  */
-import { errors } from '@elastic/elasticsearch';
-import Boom from '@hapi/boom';
-import { RulesClientApi } from '@kbn/alerting-plugin/server/types';
-import { CoreSetup, KibanaRequest, Logger, RouteRegistrar } from '@kbn/core/server';
-import {
-  AlertsClient,
-  RuleDataPluginService,
-  RuleRegistryPluginSetupContract,
-} from '@kbn/rule-registry-plugin/server';
-import {
-  IoTsParamsObject,
-  decodeRequestParams,
-  stripNullishRequestParameters,
-  parseEndpoint,
-  passThroughValidationObject,
-} from '@kbn/server-route-repository';
-import { SpacesPluginStart } from '@kbn/spaces-plugin/server';
-import axios from 'axios';
-import * as t from 'io-ts';
-import { DataViewsServerPluginStart } from '@kbn/data-views-plugin/server';
-import { SloConfig } from '..';
-import { getHTTPResponseCode, ObservabilityError } from '../errors';
-import { SloRequestHandlerContext } from '../types';
-import { AbstractSloServerRouteRepository } from './types';
+import { CoreSetup, Logger } from '@kbn/core/server';
+import { ServerRoute, registerRoutes } from '@kbn/server-route-repository';
+import { ServerRouteCreateOptions } from '@kbn/server-route-repository-utils';
+import { SLORoutesDependencies } from './types';
 
 interface RegisterRoutes {
-  config: SloConfig;
   core: CoreSetup;
-  repository: AbstractSloServerRouteRepository;
+  repository: Record<string, ServerRoute<string, any, any, any, ServerRouteCreateOptions>>;
   logger: Logger;
-  dependencies: RegisterRoutesDependencies;
+  dependencies: SLORoutesDependencies;
 }
 
-export interface RegisterRoutesDependencies {
-  pluginsSetup: {
-    core: CoreSetup;
-    ruleRegistry: RuleRegistryPluginSetupContract;
-  };
-  getSpacesStart: () => Promise<SpacesPluginStart | undefined>;
-  ruleDataService: RuleDataPluginService;
-  getRulesClientWithRequest: (request: KibanaRequest) => Promise<RulesClientApi>;
-  getRacClientWithRequest: (request: KibanaRequest) => Promise<AlertsClient>;
-  getDataViewsStart: () => Promise<DataViewsServerPluginStart>;
-}
-
-export function registerRoutes({ config, repository, core, logger, dependencies }: RegisterRoutes) {
-  const routes = Object.values(repository);
-
-  const router = core.http.createRouter();
-
-  routes.forEach((route) => {
-    const { endpoint, options, handler, params } = route;
-    const { pathname, method } = parseEndpoint(endpoint);
-
-    (router[method] as RouteRegistrar<typeof method, SloRequestHandlerContext>)(
-      {
-        path: pathname,
-        validate: passThroughValidationObject,
-        options,
-      },
-      async (context, request, response) => {
-        try {
-          const decodedParams = decodeRequestParams(
-            stripNullishRequestParameters({
-              params: request.params,
-              body: request.body,
-              query: request.query,
-            }),
-            (params as IoTsParamsObject) ?? t.strict({})
-          );
-
-          const data = await handler({
-            config,
-            context,
-            request,
-            logger,
-            params: decodedParams,
-            dependencies,
-          });
-
-          if (data === undefined) {
-            return response.noContent();
-          }
-
-          return response.ok({ body: data });
-        } catch (error) {
-          if (error instanceof ObservabilityError) {
-            logger.error(error.message);
-            return response.customError({
-              statusCode: getHTTPResponseCode(error),
-              body: {
-                message: error.message,
-              },
-            });
-          }
-
-          if (axios.isAxiosError(error)) {
-            logger.error(error);
-            return response.customError({
-              statusCode: error.response?.status || 500,
-              body: {
-                message: error.message,
-              },
-            });
-          }
-
-          if (Boom.isBoom(error)) {
-            logger.error(error.output.payload.message);
-            return response.customError({
-              statusCode: error.output.statusCode,
-              body: { message: error.output.payload.message },
-            });
-          }
-
-          logger.error(error);
-          const opts = {
-            statusCode: 500,
-            body: {
-              message: error.message,
-            },
-          };
-
-          if (error instanceof errors.RequestAbortedError) {
-            opts.statusCode = 499;
-            opts.body.message = 'Client closed request';
-          }
-
-          return response.customError(opts);
-        }
-      }
-    );
+export function registerServerRoutes({ repository, core, logger, dependencies }: RegisterRoutes) {
+  registerRoutes<SLORoutesDependencies>({
+    repository,
+    dependencies,
+    core,
+    logger,
   });
 }
diff --git a/x-pack/plugins/observability_solution/slo/server/routes/slo/route.ts b/x-pack/plugins/observability_solution/slo/server/routes/slo/route.ts
index 838adc72cfd08..9e63a4b02fe7b 100644
--- a/x-pack/plugins/observability_solution/slo/server/routes/slo/route.ts
+++ b/x-pack/plugins/observability_solution/slo/server/routes/slo/route.ts
@@ -7,32 +7,30 @@
 
 import { errors } from '@elastic/elasticsearch';
 import { failedDependency, forbidden } from '@hapi/boom';
+import { KibanaRequest } from '@kbn/core-http-server';
 import {
+  PutSLOSettingsParams,
   createSLOParamsSchema,
   deleteSLOInstancesParamsSchema,
   deleteSLOParamsSchema,
   fetchHistoricalSummaryParamsSchema,
-  fetchHistoricalSummaryResponseSchema,
   fetchSLOHealthParamsSchema,
-  findSloDefinitionsParamsSchema,
   findSLOGroupsParamsSchema,
   findSLOParamsSchema,
+  findSloDefinitionsParamsSchema,
   getPreviewDataParamsSchema,
   getSLOBurnRatesParamsSchema,
   getSLOInstancesParamsSchema,
   getSLOParamsSchema,
   manageSLOParamsSchema,
   putSLOServerlessSettingsParamsSchema,
-  PutSLOSettingsParams,
   putSLOSettingsParamsSchema,
   resetSLOParamsSchema,
   updateSLOParamsSchema,
 } from '@kbn/slo-schema';
 import { getOverviewParamsSchema } from '@kbn/slo-schema/src/rest_specs/routes/get_overview';
-import { KibanaRequest } from '@kbn/core-http-server';
-import { RegisterRoutesDependencies } from '../register_routes';
-import { GetSLOsOverview } from '../../services/get_slos_overview';
 import type { IndicatorTypes } from '../../domain/models';
+import { executeWithErrorHandler } from '../../errors';
 import {
   CreateSLO,
   DefaultBurnRatesClient,
@@ -54,6 +52,7 @@ import { getGlobalDiagnosis } from '../../services/get_diagnosis';
 import { GetPreviewData } from '../../services/get_preview_data';
 import { GetSLOInstances } from '../../services/get_slo_instances';
 import { GetSLOSuggestions } from '../../services/get_slo_suggestions';
+import { GetSLOsOverview } from '../../services/get_slos_overview';
 import { DefaultHistoricalSummaryClient } from '../../services/historical_summary_client';
 import { ManageSLO } from '../../services/manage_slo';
 import { ResetSLO } from '../../services/reset_slo';
@@ -71,8 +70,8 @@ import {
   TimesliceMetricTransformGenerator,
   TransformGenerator,
 } from '../../services/transform_generators';
-import type { SloRequestHandlerContext } from '../../types';
 import { createSloServerRoute } from '../create_slo_server_route';
+import { SLORoutesDependencies } from '../types';
 
 const transformGenerators: Record<IndicatorTypes, TransformGenerator> = {
   'sli.apm.transactionDuration': new ApmTransactionDurationTransformGenerator(),
@@ -84,17 +83,17 @@ const transformGenerators: Record<IndicatorTypes, TransformGenerator> = {
   'sli.metric.timeslice': new TimesliceMetricTransformGenerator(),
 };
 
-const assertPlatinumLicense = async (context: SloRequestHandlerContext) => {
-  const licensing = await context.licensing;
-  const hasCorrectLicense = licensing.license.hasAtLeast('platinum');
+const assertPlatinumLicense = async (plugins: SLORoutesDependencies['plugins']) => {
+  const licensing = await plugins.licensing.start();
+  const hasCorrectLicense = (await licensing.getLicense()).hasAtLeast('platinum');
 
   if (!hasCorrectLicense) {
     throw forbidden('Platinum license or higher is needed to make use of this feature.');
   }
 };
 
-const getSpaceId = async (deps: RegisterRoutesDependencies, request: KibanaRequest) => {
-  const spaces = await deps.getSpacesStart();
+const getSpaceId = async (plugins: SLORoutesDependencies['plugins'], request: KibanaRequest) => {
+  const spaces = await plugins.spaces.start();
   return (await spaces?.spacesService?.getActiveSpace(request))?.id ?? 'default';
 };
 
@@ -105,19 +104,19 @@ const createSLORoute = createSloServerRoute({
     access: 'public',
   },
   params: createSLOParamsSchema,
-  handler: async ({ context, params, logger, dependencies, request }) => {
-    await assertPlatinumLicense(context);
+  handler: async ({ context, response, params, logger, request, plugins, corePlugins }) => {
+    await assertPlatinumLicense(plugins);
 
-    const dataViews = await dependencies.getDataViewsStart();
+    const dataViews = await plugins.dataViews.start();
     const core = await context.core;
     const scopedClusterClient = core.elasticsearch.client;
     const esClient = core.elasticsearch.client.asCurrentUser;
-    const basePath = dependencies.pluginsSetup.core.http.basePath;
     const soClient = core.savedObjects.client;
+    const basePath = corePlugins.http.basePath;
     const repository = new KibanaSavedObjectsSLORepository(soClient, logger);
 
     const [spaceId, dataViewsService] = await Promise.all([
-      getSpaceId(dependencies, request),
+      getSpaceId(plugins, request),
       dataViews.dataViewsServiceFactory(soClient, esClient),
     ]);
     const transformManager = new DefaultTransformManager(
@@ -143,7 +142,7 @@ const createSLORoute = createSloServerRoute({
       basePath
     );
 
-    return await createSLO.execute(params.body);
+    return await executeWithErrorHandler(() => createSLO.execute(params.body));
   },
 });
 
@@ -154,13 +153,12 @@ const inspectSLORoute = createSloServerRoute({
     access: 'internal',
   },
   params: createSLOParamsSchema,
-  handler: async ({ context, params, logger, dependencies, request }) => {
-    await assertPlatinumLicense(context);
+  handler: async ({ context, params, logger, request, plugins, corePlugins }) => {
+    await assertPlatinumLicense(plugins);
 
-    const spaces = await dependencies.getSpacesStart();
-    const dataViews = await dependencies.getDataViewsStart();
-    const spaceId = (await spaces?.spacesService?.getActiveSpace(request))?.id ?? 'default';
-    const basePath = dependencies.pluginsSetup.core.http.basePath;
+    const dataViews = await plugins.dataViews.start();
+    const spaceId = await getSpaceId(plugins, request);
+    const basePath = corePlugins.http.basePath;
     const core = await context.core;
     const scopedClusterClient = core.elasticsearch.client;
     const esClient = core.elasticsearch.client.asCurrentUser;
@@ -191,7 +189,7 @@ const inspectSLORoute = createSloServerRoute({
       basePath
     );
 
-    return createSLO.inspect(params.body);
+    return await executeWithErrorHandler(() => createSLO.inspect(params.body));
   },
 });
 
@@ -202,14 +200,13 @@ const updateSLORoute = createSloServerRoute({
     access: 'public',
   },
   params: updateSLOParamsSchema,
-  handler: async ({ context, request, params, logger, dependencies }) => {
-    await assertPlatinumLicense(context);
+  handler: async ({ context, request, params, logger, plugins, corePlugins }) => {
+    await assertPlatinumLicense(plugins);
 
-    const spaces = await dependencies.getSpacesStart();
-    const spaceId = (await spaces?.spacesService?.getActiveSpace(request))?.id ?? 'default';
-    const dataViews = await dependencies.getDataViewsStart();
+    const spaceId = await getSpaceId(plugins, request);
+    const dataViews = await plugins.dataViews.start();
 
-    const basePath = dependencies.pluginsSetup.core.http.basePath;
+    const basePath = corePlugins.http.basePath;
     const core = await context.core;
     const scopedClusterClient = core.elasticsearch.client;
     const esClient = core.elasticsearch.client.asCurrentUser;
@@ -240,9 +237,7 @@ const updateSLORoute = createSloServerRoute({
       basePath
     );
 
-    const response = await updateSLO.execute(params.path.id, params.body);
-
-    return response;
+    return await executeWithErrorHandler(() => updateSLO.execute(params.path.id, params.body));
   },
 });
 
@@ -253,18 +248,19 @@ const deleteSLORoute = createSloServerRoute({
     access: 'public',
   },
   params: deleteSLOParamsSchema,
-  handler: async ({ request, context, params, logger, dependencies }) => {
-    await assertPlatinumLicense(context);
+  handler: async ({ request, response, context, params, logger, plugins }) => {
+    await assertPlatinumLicense(plugins);
 
-    const spaces = await dependencies.getSpacesStart();
-    const spaceId = (await spaces?.spacesService?.getActiveSpace(request))?.id ?? 'default';
-    const dataViews = await dependencies.getDataViewsStart();
+    const spaceId = await getSpaceId(plugins, request);
+    const dataViews = await plugins.dataViews.start();
 
     const core = await context.core;
     const scopedClusterClient = core.elasticsearch.client;
     const esClient = core.elasticsearch.client.asCurrentUser;
     const soClient = core.savedObjects.client;
-    const rulesClient = await dependencies.getRulesClientWithRequest(request);
+
+    const alerting = await plugins.alerting.start();
+    const rulesClient = await alerting.getRulesClientWithRequest(request);
 
     const dataViewsService = await dataViews.dataViewsServiceFactory(soClient, esClient);
 
@@ -292,7 +288,8 @@ const deleteSLORoute = createSloServerRoute({
       rulesClient
     );
 
-    await deleteSLO.execute(params.path.id);
+    await executeWithErrorHandler(() => deleteSLO.execute(params.path.id));
+    return response.noContent();
   },
 });
 
@@ -303,11 +300,10 @@ const getSLORoute = createSloServerRoute({
     access: 'public',
   },
   params: getSLOParamsSchema,
-  handler: async ({ request, context, params, logger, dependencies }) => {
-    await assertPlatinumLicense(context);
+  handler: async ({ request, context, params, logger, plugins }) => {
+    await assertPlatinumLicense(plugins);
 
-    const spaces = await dependencies.getSpacesStart();
-    const spaceId = (await spaces?.spacesService?.getActiveSpace(request))?.id ?? 'default';
+    const spaceId = await getSpaceId(plugins, request);
 
     const soClient = (await context.core).savedObjects.client;
     const esClient = (await context.core).elasticsearch.client.asCurrentUser;
@@ -317,7 +313,9 @@ const getSLORoute = createSloServerRoute({
     const defintionClient = new SloDefinitionClient(repository, esClient, logger);
     const getSLO = new GetSLO(defintionClient, summaryClient);
 
-    return await getSLO.execute(params.path.id, spaceId, params.query);
+    return await executeWithErrorHandler(() =>
+      getSLO.execute(params.path.id, spaceId, params.query)
+    );
   },
 });
 
@@ -328,12 +326,11 @@ const enableSLORoute = createSloServerRoute({
     access: 'public',
   },
   params: manageSLOParamsSchema,
-  handler: async ({ request, context, params, logger, dependencies }) => {
-    await assertPlatinumLicense(context);
+  handler: async ({ request, response, context, params, logger, plugins }) => {
+    await assertPlatinumLicense(plugins);
 
-    const spaces = await dependencies.getSpacesStart();
-    const spaceId = (await spaces?.spacesService?.getActiveSpace(request))?.id ?? 'default';
-    const dataViews = await dependencies.getDataViewsStart();
+    const spaceId = await getSpaceId(plugins, request);
+    const dataViews = await plugins.dataViews.start();
 
     const core = await context.core;
     const scopedClusterClient = core.elasticsearch.client;
@@ -356,9 +353,9 @@ const enableSLORoute = createSloServerRoute({
 
     const manageSLO = new ManageSLO(repository, transformManager, summaryTransformManager);
 
-    const response = await manageSLO.enable(params.path.id);
+    await executeWithErrorHandler(() => manageSLO.enable(params.path.id));
 
-    return response;
+    return response.noContent();
   },
 });
 
@@ -369,12 +366,11 @@ const disableSLORoute = createSloServerRoute({
     access: 'public',
   },
   params: manageSLOParamsSchema,
-  handler: async ({ request, context, params, logger, dependencies }) => {
-    await assertPlatinumLicense(context);
+  handler: async ({ response, request, context, params, logger, plugins }) => {
+    await assertPlatinumLicense(plugins);
 
-    const spaces = await dependencies.getSpacesStart();
-    const spaceId = (await spaces?.spacesService?.getActiveSpace(request))?.id ?? 'default';
-    const dataViews = await dependencies.getDataViewsStart();
+    const spaceId = await getSpaceId(plugins, request);
+    const dataViews = await plugins.dataViews.start();
 
     const core = await context.core;
     const scopedClusterClient = core.elasticsearch.client;
@@ -397,9 +393,8 @@ const disableSLORoute = createSloServerRoute({
 
     const manageSLO = new ManageSLO(repository, transformManager, summaryTransformManager);
 
-    const response = await manageSLO.disable(params.path.id);
-
-    return response;
+    await executeWithErrorHandler(() => manageSLO.disable(params.path.id));
+    return response.noContent();
   },
 });
 
@@ -410,17 +405,16 @@ const resetSLORoute = createSloServerRoute({
     access: 'public',
   },
   params: resetSLOParamsSchema,
-  handler: async ({ context, request, params, logger, dependencies }) => {
-    await assertPlatinumLicense(context);
+  handler: async ({ context, request, params, logger, plugins, corePlugins }) => {
+    await assertPlatinumLicense(plugins);
 
-    const spaces = await dependencies.getSpacesStart();
-    const dataViews = await dependencies.getDataViewsStart();
-    const spaceId = (await spaces?.spacesService?.getActiveSpace(request))?.id ?? 'default';
+    const dataViews = await plugins.dataViews.start();
+    const spaceId = await getSpaceId(plugins, request);
     const core = await context.core;
     const scopedClusterClient = core.elasticsearch.client;
     const soClient = core.savedObjects.client;
     const esClient = core.elasticsearch.client.asCurrentUser;
-    const basePath = dependencies.pluginsSetup.core.http.basePath;
+    const basePath = corePlugins.http.basePath;
 
     const dataViewsService = await dataViews.dataViewsServiceFactory(soClient, esClient);
     const repository = new KibanaSavedObjectsSLORepository(soClient, logger);
@@ -448,9 +442,7 @@ const resetSLORoute = createSloServerRoute({
       basePath
     );
 
-    const response = await resetSLO.execute(params.path.id);
-
-    return response;
+    return await executeWithErrorHandler(() => resetSLO.execute(params.path.id));
   },
 });
 
@@ -461,11 +453,10 @@ const findSLORoute = createSloServerRoute({
     access: 'public',
   },
   params: findSLOParamsSchema,
-  handler: async ({ context, request, params, logger, dependencies }) => {
-    await assertPlatinumLicense(context);
+  handler: async ({ context, request, params, logger, plugins }) => {
+    await assertPlatinumLicense(plugins);
 
-    const spaces = await dependencies.getSpacesStart();
-    const spaceId = (await spaces?.spacesService?.getActiveSpace(request))?.id ?? 'default';
+    const spaceId = await getSpaceId(plugins, request);
     const soClient = (await context.core).savedObjects.client;
     const esClient = (await context.core).elasticsearch.client.asCurrentUser;
     const repository = new KibanaSavedObjectsSLORepository(soClient, logger);
@@ -473,7 +464,7 @@ const findSLORoute = createSloServerRoute({
 
     const findSLO = new FindSLO(repository, summarySearchClient);
 
-    return await findSLO.execute(params?.query ?? {});
+    return await executeWithErrorHandler(() => findSLO.execute(params?.query ?? {}));
   },
 });
 
@@ -484,16 +475,15 @@ const findSLOGroupsRoute = createSloServerRoute({
     access: 'internal',
   },
   params: findSLOGroupsParamsSchema,
-  handler: async ({ context, request, params, logger, dependencies }) => {
-    await assertPlatinumLicense(context);
-    const spaces = await dependencies.getSpacesStart();
-    const spaceId = (await spaces?.spacesService.getActiveSpace(request))?.id ?? 'default';
+  handler: async ({ context, request, params, logger, plugins }) => {
+    await assertPlatinumLicense(plugins);
+
+    const spaceId = await getSpaceId(plugins, request);
     const soClient = (await context.core).savedObjects.client;
     const coreContext = context.core;
     const esClient = (await coreContext).elasticsearch.client.asCurrentUser;
     const findSLOGroups = new FindSLOGroups(esClient, soClient, logger, spaceId);
-    const response = await findSLOGroups.execute(params?.query ?? {});
-    return response;
+    return await executeWithErrorHandler(() => findSLOGroups.execute(params?.query ?? {}));
   },
 });
 
@@ -503,12 +493,12 @@ const getSLOSuggestionsRoute = createSloServerRoute({
     tags: ['access:slo_read'],
     access: 'internal',
   },
-  handler: async ({ context }) => {
-    await assertPlatinumLicense(context);
+  handler: async ({ context, plugins }) => {
+    await assertPlatinumLicense(plugins);
 
     const soClient = (await context.core).savedObjects.client;
     const getSLOSuggestions = new GetSLOSuggestions(soClient);
-    return await getSLOSuggestions.execute();
+    return await executeWithErrorHandler(() => getSLOSuggestions.execute());
   },
 });
 
@@ -519,13 +509,14 @@ const deleteSloInstancesRoute = createSloServerRoute({
     access: 'public',
   },
   params: deleteSLOInstancesParamsSchema,
-  handler: async ({ context, params }) => {
-    await assertPlatinumLicense(context);
+  handler: async ({ response, context, params, plugins }) => {
+    await assertPlatinumLicense(plugins);
 
     const esClient = (await context.core).elasticsearch.client.asCurrentUser;
     const deleteSloInstances = new DeleteSLOInstances(esClient);
 
-    await deleteSloInstances.execute(params.body);
+    await executeWithErrorHandler(() => deleteSloInstances.execute(params.body));
+    return response.noContent();
   },
 });
 
@@ -536,16 +527,14 @@ const findSloDefinitionsRoute = createSloServerRoute({
     access: 'public',
   },
   params: findSloDefinitionsParamsSchema,
-  handler: async ({ context, params, logger }) => {
-    await assertPlatinumLicense(context);
+  handler: async ({ context, params, logger, plugins }) => {
+    await assertPlatinumLicense(plugins);
 
     const soClient = (await context.core).savedObjects.client;
     const repository = new KibanaSavedObjectsSLORepository(soClient, logger);
     const findSloDefinitions = new FindSLODefinitions(repository);
 
-    const response = await findSloDefinitions.execute(params?.query ?? {});
-
-    return response;
+    return await executeWithErrorHandler(() => findSloDefinitions.execute(params?.query ?? {}));
   },
 });
 
@@ -556,15 +545,13 @@ const fetchHistoricalSummary = createSloServerRoute({
     access: 'internal',
   },
   params: fetchHistoricalSummaryParamsSchema,
-  handler: async ({ context, params, logger }) => {
-    await assertPlatinumLicense(context);
+  handler: async ({ context, params, plugins }) => {
+    await assertPlatinumLicense(plugins);
 
     const esClient = (await context.core).elasticsearch.client.asCurrentUser;
     const historicalSummaryClient = new DefaultHistoricalSummaryClient(esClient);
 
-    const historicalSummary = await historicalSummaryClient.fetch(params.body);
-
-    return fetchHistoricalSummaryResponseSchema.encode(historicalSummary);
+    return await executeWithErrorHandler(() => historicalSummaryClient.fetch(params.body));
   },
 });
 
@@ -575,18 +562,15 @@ const getSLOInstancesRoute = createSloServerRoute({
     access: 'internal',
   },
   params: getSLOInstancesParamsSchema,
-  handler: async ({ context, params, logger }) => {
-    await assertPlatinumLicense(context);
+  handler: async ({ context, params, logger, plugins }) => {
+    await assertPlatinumLicense(plugins);
 
     const soClient = (await context.core).savedObjects.client;
     const esClient = (await context.core).elasticsearch.client.asCurrentUser;
     const repository = new KibanaSavedObjectsSLORepository(soClient, logger);
-
     const getSLOInstances = new GetSLOInstances(repository, esClient);
 
-    const response = await getSLOInstances.execute(params.path.id);
-
-    return response;
+    return await executeWithErrorHandler(() => getSLOInstances.execute(params.path.id));
   },
 });
 
@@ -597,9 +581,9 @@ const getDiagnosisRoute = createSloServerRoute({
     access: 'internal',
   },
   params: undefined,
-  handler: async ({ context }) => {
+  handler: async ({ context, plugins }) => {
     const esClient = (await context.core).elasticsearch.client.asCurrentUser;
-    const licensing = await context.licensing;
+    const licensing = await plugins.licensing.start();
 
     try {
       const response = await getGlobalDiagnosis(esClient, licensing);
@@ -620,8 +604,8 @@ const fetchSloHealthRoute = createSloServerRoute({
     access: 'internal',
   },
   params: fetchSLOHealthParamsSchema,
-  handler: async ({ context, params, logger }) => {
-    await assertPlatinumLicense(context);
+  handler: async ({ context, params, logger, plugins }) => {
+    await assertPlatinumLicense(plugins);
 
     const core = await context.core;
     const scopedClusterClient = core.elasticsearch.client;
@@ -631,7 +615,7 @@ const fetchSloHealthRoute = createSloServerRoute({
 
     const getSLOHealth = new GetSLOHealth(esClient, scopedClusterClient, repository);
 
-    return await getSLOHealth.execute(params.body);
+    return await executeWithErrorHandler(() => getSLOHealth.execute(params.body));
   },
 });
 
@@ -642,28 +626,29 @@ const getSloBurnRates = createSloServerRoute({
     access: 'internal',
   },
   params: getSLOBurnRatesParamsSchema,
-  handler: async ({ request, context, params, logger, dependencies }) => {
-    await assertPlatinumLicense(context);
+  handler: async ({ request, context, params, logger, plugins }) => {
+    await assertPlatinumLicense(plugins);
 
-    const spaces = await dependencies.getSpacesStart();
-    const spaceId = (await spaces?.spacesService.getActiveSpace(request))?.id ?? 'default';
+    const spaceId = await getSpaceId(plugins, request);
 
     const esClient = (await context.core).elasticsearch.client.asCurrentUser;
     const soClient = (await context.core).savedObjects.client;
     const { instanceId, windows, remoteName } = params.body;
 
-    return await getBurnRates({
-      instanceId,
-      spaceId,
-      windows,
-      remoteName,
-      sloId: params.path.id,
-      services: {
-        soClient,
-        esClient,
-        logger,
-      },
-    });
+    return await executeWithErrorHandler(() =>
+      getBurnRates({
+        instanceId,
+        spaceId,
+        windows,
+        remoteName,
+        sloId: params.path.id,
+        services: {
+          soClient,
+          esClient,
+          logger,
+        },
+      })
+    );
   },
 });
 
@@ -674,12 +659,11 @@ const getPreviewData = createSloServerRoute({
     access: 'internal',
   },
   params: getPreviewDataParamsSchema,
-  handler: async ({ request, context, params, dependencies }) => {
-    await assertPlatinumLicense(context);
+  handler: async ({ request, context, params, plugins }) => {
+    await assertPlatinumLicense(plugins);
 
-    const spaces = await dependencies.getSpacesStart();
-    const spaceId = (await spaces?.spacesService?.getActiveSpace(request))?.id ?? 'default';
-    const dataViews = await dependencies.getDataViewsStart();
+    const spaceId = await getSpaceId(plugins, request);
+    const dataViews = await plugins.dataViews.start();
 
     const esClient = (await context.core).elasticsearch.client.asCurrentUser;
     const soClient = (await context.core).savedObjects.client;
@@ -695,11 +679,12 @@ const getSloSettingsRoute = createSloServerRoute({
     tags: ['access:slo_read'],
     access: 'internal',
   },
-  handler: async ({ context }) => {
-    await assertPlatinumLicense(context);
+  handler: async ({ context, plugins }) => {
+    await assertPlatinumLicense(plugins);
 
     const soClient = (await context.core).savedObjects.client;
-    return await getSloSettings(soClient);
+
+    return await executeWithErrorHandler(() => getSloSettings(soClient));
   },
 });
 
@@ -711,11 +696,13 @@ const putSloSettings = (isServerless?: boolean) =>
       access: 'internal',
     },
     params: isServerless ? putSLOServerlessSettingsParamsSchema : putSLOSettingsParamsSchema,
-    handler: async ({ context, params }) => {
-      await assertPlatinumLicense(context);
+    handler: async ({ context, params, plugins }) => {
+      await assertPlatinumLicense(plugins);
 
       const soClient = (await context.core).savedObjects.client;
-      return await storeSloSettings(soClient, params.body as PutSLOSettingsParams);
+      return await executeWithErrorHandler(() =>
+        storeSloSettings(soClient, params.body as PutSLOSettingsParams)
+      );
     },
   });
 
@@ -726,17 +713,19 @@ const getSLOsOverview = createSloServerRoute({
     access: 'internal',
   },
   params: getOverviewParamsSchema,
-  handler: async ({ context, params, request, logger, dependencies }) => {
-    await assertPlatinumLicense(context);
+  handler: async ({ context, params, request, logger, plugins }) => {
+    await assertPlatinumLicense(plugins);
 
     const soClient = (await context.core).savedObjects.client;
     const esClient = (await context.core).elasticsearch.client.asCurrentUser;
 
-    const racClient = await dependencies.getRacClientWithRequest(request);
+    const ruleRegistry = await plugins.ruleRegistry.start();
+    const racClient = await ruleRegistry.getRacClientWithRequest(request);
 
-    const spaces = await dependencies.getSpacesStart();
-    const spaceId = (await spaces?.spacesService?.getActiveSpace(request))?.id ?? 'default';
-    const rulesClient = await dependencies.getRulesClientWithRequest(request);
+    const spaceId = await getSpaceId(plugins, request);
+
+    const alerting = await plugins.alerting.start();
+    const rulesClient = await alerting.getRulesClientWithRequest(request);
 
     const slosOverview = new GetSLOsOverview(
       soClient,
@@ -746,7 +735,8 @@ const getSLOsOverview = createSloServerRoute({
       rulesClient,
       racClient
     );
-    return await slosOverview.execute(params?.query ?? {});
+
+    return await executeWithErrorHandler(() => slosOverview.execute(params?.query ?? {}));
   },
 });
 
diff --git a/x-pack/plugins/observability_solution/slo/server/routes/types.ts b/x-pack/plugins/observability_solution/slo/server/routes/types.ts
index a16ffbcc10fa7..cb5057cee4056 100644
--- a/x-pack/plugins/observability_solution/slo/server/routes/types.ts
+++ b/x-pack/plugins/observability_solution/slo/server/routes/types.ts
@@ -4,32 +4,21 @@
  * 2.0; you may not use this file except in compliance with the Elastic License
  * 2.0.
  */
-import type { EndpointOf, ReturnOf, ServerRouteRepository } from '@kbn/server-route-repository';
-import { KibanaRequest, Logger } from '@kbn/core/server';
+import { CoreSetup } from '@kbn/core/server';
+import type { DefaultRouteHandlerResources } from '@kbn/server-route-repository';
+import { SLOPluginSetupDependencies, SLOPluginStartDependencies } from '../types';
 
-import { SloServerRouteRepository } from './get_slo_server_route_repository';
-import { SloRequestHandlerContext } from '../types';
-import { RegisterRoutesDependencies } from './register_routes';
-import { SloConfig } from '..';
-
-export type { SloServerRouteRepository };
-
-export interface SloRouteHandlerResources {
-  context: SloRequestHandlerContext;
-  dependencies: RegisterRoutesDependencies;
-  logger: Logger;
-  request: KibanaRequest;
-  config: SloConfig;
-}
-
-export interface SloRouteCreateOptions {
-  options: {
-    tags: string[];
-    access?: 'public' | 'internal';
+export interface SLORoutesDependencies {
+  plugins: {
+    [key in keyof SLOPluginSetupDependencies]: {
+      setup: Required<SLOPluginSetupDependencies>[key];
+    };
+  } & {
+    [key in keyof SLOPluginStartDependencies]: {
+      start: () => Promise<Required<SLOPluginStartDependencies>[key]>;
+    };
   };
+  corePlugins: CoreSetup;
 }
 
-export type AbstractSloServerRouteRepository = ServerRouteRepository;
-
-export type ObservabilityAPIReturnType<TEndpoint extends EndpointOf<SloServerRouteRepository>> =
-  ReturnOf<SloServerRouteRepository, TEndpoint>;
+export type SLORouteHandlerResources = SLORoutesDependencies & DefaultRouteHandlerResources;
diff --git a/x-pack/plugins/observability_solution/slo/server/services/__snapshots__/reset_slo.test.ts.snap b/x-pack/plugins/observability_solution/slo/server/services/__snapshots__/reset_slo.test.ts.snap
index 90690a4989586..ec81df9f08fdd 100644
--- a/x-pack/plugins/observability_solution/slo/server/services/__snapshots__/reset_slo.test.ts.snap
+++ b/x-pack/plugins/observability_solution/slo/server/services/__snapshots__/reset_slo.test.ts.snap
@@ -1,6 +1,6 @@
 // Jest Snapshot v1, https://goo.gl/fbAQLP
 
-exports[`ResetSLO resets all associated resources 1`] = `
+exports[`ResetSLO happy path resets all associated resources 1`] = `
 [MockFunction] {
   "calls": Array [
     Array [
@@ -16,7 +16,7 @@ exports[`ResetSLO resets all associated resources 1`] = `
 }
 `;
 
-exports[`ResetSLO resets all associated resources 2`] = `
+exports[`ResetSLO happy path resets all associated resources 2`] = `
 [MockFunction] {
   "calls": Array [
     Array [
@@ -32,7 +32,7 @@ exports[`ResetSLO resets all associated resources 2`] = `
 }
 `;
 
-exports[`ResetSLO resets all associated resources 3`] = `
+exports[`ResetSLO happy path resets all associated resources 3`] = `
 [MockFunction] {
   "calls": Array [
     Array [
@@ -48,7 +48,7 @@ exports[`ResetSLO resets all associated resources 3`] = `
 }
 `;
 
-exports[`ResetSLO resets all associated resources 4`] = `
+exports[`ResetSLO happy path resets all associated resources 4`] = `
 [MockFunction] {
   "calls": Array [
     Array [
@@ -64,7 +64,7 @@ exports[`ResetSLO resets all associated resources 4`] = `
 }
 `;
 
-exports[`ResetSLO resets all associated resources 5`] = `
+exports[`ResetSLO happy path resets all associated resources 5`] = `
 [MockFunction] {
   "calls": Array [
     Array [
@@ -115,7 +115,7 @@ exports[`ResetSLO resets all associated resources 5`] = `
 }
 `;
 
-exports[`ResetSLO resets all associated resources 6`] = `
+exports[`ResetSLO happy path resets all associated resources 6`] = `
 [MockFunction] {
   "calls": Array [
     Array [
@@ -178,7 +178,7 @@ exports[`ResetSLO resets all associated resources 6`] = `
 }
 `;
 
-exports[`ResetSLO resets all associated resources 7`] = `
+exports[`ResetSLO happy path resets all associated resources 7`] = `
 [MockFunction] {
   "calls": Array [
     Array [
@@ -194,7 +194,7 @@ exports[`ResetSLO resets all associated resources 7`] = `
 }
 `;
 
-exports[`ResetSLO resets all associated resources 8`] = `
+exports[`ResetSLO happy path resets all associated resources 8`] = `
 [MockFunction] {
   "calls": Array [
     Array [
@@ -542,7 +542,7 @@ exports[`ResetSLO resets all associated resources 8`] = `
 }
 `;
 
-exports[`ResetSLO resets all associated resources 9`] = `
+exports[`ResetSLO happy path resets all associated resources 9`] = `
 [MockFunction] {
   "calls": Array [
     Array [
@@ -605,7 +605,7 @@ exports[`ResetSLO resets all associated resources 9`] = `
 }
 `;
 
-exports[`ResetSLO resets all associated resources 10`] = `
+exports[`ResetSLO happy path resets all associated resources 10`] = `
 [MockFunction] {
   "calls": Array [
     Array [
@@ -621,7 +621,7 @@ exports[`ResetSLO resets all associated resources 10`] = `
 }
 `;
 
-exports[`ResetSLO resets all associated resources 11`] = `
+exports[`ResetSLO happy path resets all associated resources 11`] = `
 [MockFunction] {
   "calls": Array [
     Array [
diff --git a/x-pack/plugins/observability_solution/slo/server/services/create_slo.test.ts b/x-pack/plugins/observability_solution/slo/server/services/create_slo.test.ts
index 84edf74f18aa5..342b1a4190748 100644
--- a/x-pack/plugins/observability_solution/slo/server/services/create_slo.test.ts
+++ b/x-pack/plugins/observability_solution/slo/server/services/create_slo.test.ts
@@ -23,6 +23,7 @@ import {
 } from './mocks';
 import { SLORepository } from './slo_repository';
 import { TransformManager } from './transform_manager';
+import { SecurityHasPrivilegesResponse } from '@elastic/elasticsearch/lib/api/types';
 
 describe('CreateSLO', () => {
   let mockEsClient: ElasticsearchClientMock;
@@ -55,11 +56,19 @@ describe('CreateSLO', () => {
   });
 
   describe('happy path', () => {
+    beforeEach(() => {
+      mockRepository.exists.mockResolvedValue(false);
+      mockEsClient.security.hasPrivileges.mockResolvedValue({
+        has_all_requested: true,
+      } as SecurityHasPrivilegesResponse);
+    });
+
     it('calls the expected services', async () => {
       const sloParams = createSLOParams({
         id: 'unique-id',
         indicator: createAPMTransactionErrorRateIndicator(),
       });
+
       mockTransformManager.install.mockResolvedValue('slo-id-revision');
       mockSummaryTransformManager.install.mockResolvedValue('slo-summary-id-revision');
 
@@ -157,6 +166,33 @@ describe('CreateSLO', () => {
   });
 
   describe('unhappy path', () => {
+    beforeEach(() => {
+      mockRepository.exists.mockResolvedValue(false);
+      mockEsClient.security.hasPrivileges.mockResolvedValue({
+        has_all_requested: true,
+      } as SecurityHasPrivilegesResponse);
+    });
+
+    it('throws a SLOIdConflict error when the SLO already exists', async () => {
+      mockRepository.exists.mockResolvedValue(true);
+
+      const sloParams = createSLOParams({ indicator: createAPMTransactionErrorRateIndicator() });
+
+      await expect(createSLO.execute(sloParams)).rejects.toThrowError(/SLO \[.*\] already exists/);
+    });
+
+    it('throws a SecurityException error when the user does not have the required privileges', async () => {
+      mockEsClient.security.hasPrivileges.mockResolvedValue({
+        has_all_requested: false,
+      } as SecurityHasPrivilegesResponse);
+
+      const sloParams = createSLOParams({ indicator: createAPMTransactionErrorRateIndicator() });
+
+      await expect(createSLO.execute(sloParams)).rejects.toThrowError(
+        "Missing ['read', 'view_index_metadata'] privileges on the source index [metrics-apm*]"
+      );
+    });
+
     it('rollbacks completed operations when rollup transform install fails', async () => {
       mockTransformManager.install.mockRejectedValue(new Error('Rollup transform install error'));
       const sloParams = createSLOParams({ indicator: createAPMTransactionErrorRateIndicator() });
diff --git a/x-pack/plugins/observability_solution/slo/server/services/create_slo.ts b/x-pack/plugins/observability_solution/slo/server/services/create_slo.ts
index 3845ec2ddbd4f..e7c09c352bd66 100644
--- a/x-pack/plugins/observability_solution/slo/server/services/create_slo.ts
+++ b/x-pack/plugins/observability_solution/slo/server/services/create_slo.ts
@@ -4,30 +4,30 @@
  * 2.0; you may not use this file except in compliance with the Elastic License
  * 2.0.
  */
-import { IScopedClusterClient } from '@kbn/core/server';
+import { IngestPutPipelineRequest } from '@elastic/elasticsearch/lib/api/types';
 import { TransformPutTransformRequest } from '@elastic/elasticsearch/lib/api/typesWithBodyKey';
-import { ElasticsearchClient, IBasePath, Logger } from '@kbn/core/server';
+import { ElasticsearchClient, IBasePath, IScopedClusterClient, Logger } from '@kbn/core/server';
 import { ALL_VALUE, CreateSLOParams, CreateSLOResponse } from '@kbn/slo-schema';
 import { asyncForEach } from '@kbn/std';
 import { v4 as uuidv4 } from 'uuid';
-import { IngestPutPipelineRequest } from '@elastic/elasticsearch/lib/api/types';
 import {
+  SLO_MODEL_VERSION,
+  SLO_SUMMARY_TEMP_INDEX_NAME,
   getSLOPipelineId,
   getSLOSummaryPipelineId,
   getSLOSummaryTransformId,
   getSLOTransformId,
-  SLO_MODEL_VERSION,
-  SLO_SUMMARY_TEMP_INDEX_NAME,
 } from '../../common/constants';
 import { getSLOPipelineTemplate } from '../assets/ingest_templates/slo_pipeline_template';
 import { getSLOSummaryPipelineTemplate } from '../assets/ingest_templates/slo_summary_pipeline_template';
 import { Duration, DurationUnit, SLODefinition } from '../domain/models';
 import { validateSLO } from '../domain/services';
-import { SecurityException, SLOIdConflict } from '../errors';
+import { SLOIdConflict, SecurityException } from '../errors';
 import { retryTransientEsErrors } from '../utils/retry';
 import { SLORepository } from './slo_repository';
 import { createTempSummaryDocument } from './summary_transform_generator/helpers/create_temp_summary';
 import { TransformManager } from './transform_manager';
+import { assertExpectedIndicatorSourceIndexPrivileges } from './utils/assert_expected_indicator_source_index_privileges';
 import { getTransformQueryComposite } from './utils/get_transform_compite_query';
 
 export class CreateSLO {
@@ -46,16 +46,11 @@ export class CreateSLO {
     const slo = this.toSLO(params);
     validateSLO(slo);
 
-    const rollbackOperations = [];
-
-    const sloAlreadyExists = await this.repository.checkIfSLOExists(slo);
-
-    if (sloAlreadyExists) {
-      throw new SLOIdConflict(`SLO [${slo.id}] already exists`);
-    }
+    await this.assertSLOInexistant(slo);
+    await assertExpectedIndicatorSourceIndexPrivileges(slo, this.esClient);
 
+    const rollbackOperations = [];
     const createPromise = this.repository.create(slo);
-
     rollbackOperations.push(() => this.repository.deleteById(slo.id, true));
 
     const rollupTransformId = getSLOTransformId(slo.id, slo.revision);
@@ -123,6 +118,12 @@ export class CreateSLO {
     return this.toResponse(slo);
   }
 
+  private async assertSLOInexistant(slo: SLODefinition) {
+    const exists = await this.repository.exists(slo.id);
+    if (exists) {
+      throw new SLOIdConflict(`SLO [${slo.id}] already exists`);
+    }
+  }
   async createTempSummaryDocument(slo: SLODefinition) {
     return await retryTransientEsErrors(
       () =>
diff --git a/x-pack/plugins/observability_solution/slo/server/services/get_diagnosis.ts b/x-pack/plugins/observability_solution/slo/server/services/get_diagnosis.ts
index 7a090de252c1d..df0a7b1952406 100644
--- a/x-pack/plugins/observability_solution/slo/server/services/get_diagnosis.ts
+++ b/x-pack/plugins/observability_solution/slo/server/services/get_diagnosis.ts
@@ -6,7 +6,7 @@
  */
 
 import { ElasticsearchClient } from '@kbn/core-elasticsearch-server';
-import { LicensingApiRequestHandlerContext } from '@kbn/licensing-plugin/server';
+import { LicensingPluginStart } from '@kbn/licensing-plugin/server';
 
 export const MINIMUM_INDEX_PRIVILEGE_SET_EDITOR = [
   'write',
@@ -26,9 +26,9 @@ export const TOTAL_INDEX_PRIVILEGE_SET_VIEWER = ['read', 'read_cross_cluster'];
 
 export async function getGlobalDiagnosis(
   esClient: ElasticsearchClient,
-  licensing: LicensingApiRequestHandlerContext
+  licensing: LicensingPluginStart
 ) {
-  const licenseInfo = licensing.license.toJSON();
+  const licenseInfo = (await licensing.getLicense()).toJSON();
   const userWritePrivileges = await esClient.security.hasPrivileges({
     index: [
       {
diff --git a/x-pack/plugins/observability_solution/slo/server/services/mocks/index.ts b/x-pack/plugins/observability_solution/slo/server/services/mocks/index.ts
index dc458fcdb813e..ab8230cfec463 100644
--- a/x-pack/plugins/observability_solution/slo/server/services/mocks/index.ts
+++ b/x-pack/plugins/observability_solution/slo/server/services/mocks/index.ts
@@ -48,7 +48,7 @@ const createSLORepositoryMock = (): jest.Mocked<SLORepository> => {
     findAllByIds: jest.fn(),
     deleteById: jest.fn(),
     search: jest.fn(),
-    checkIfSLOExists: jest.fn(),
+    exists: jest.fn(),
   };
 };
 
diff --git a/x-pack/plugins/observability_solution/slo/server/services/reset_slo.test.ts b/x-pack/plugins/observability_solution/slo/server/services/reset_slo.test.ts
index 4e66d992b46cd..ab806f221a888 100644
--- a/x-pack/plugins/observability_solution/slo/server/services/reset_slo.test.ts
+++ b/x-pack/plugins/observability_solution/slo/server/services/reset_slo.test.ts
@@ -5,15 +5,15 @@
  * 2.0.
  */
 
-import { ElasticsearchClient } from '@kbn/core/server';
+import { SecurityHasPrivilegesResponse } from '@elastic/elasticsearch/lib/api/types';
 import {
+  ElasticsearchClientMock,
   elasticsearchServiceMock,
   httpServiceMock,
   loggingSystemMock,
   ScopedClusterClientMock,
 } from '@kbn/core/server/mocks';
 import { MockedLogger } from '@kbn/logging-mocks';
-
 import { SLO_MODEL_VERSION } from '../../common/constants';
 import { createSLO } from './fixtures/slo';
 import {
@@ -31,7 +31,7 @@ describe('ResetSLO', () => {
   let mockRepository: jest.Mocked<SLORepository>;
   let mockTransformManager: jest.Mocked<TransformManager>;
   let mockSummaryTransformManager: jest.Mocked<TransformManager>;
-  let mockEsClient: jest.Mocked<ElasticsearchClient>;
+  let mockEsClient: ElasticsearchClientMock;
   let mockScopedClusterClient: ScopedClusterClientMock;
   let loggerMock: jest.Mocked<MockedLogger>;
   let resetSLO: ResetSLO;
@@ -60,37 +60,62 @@ describe('ResetSLO', () => {
     jest.useRealTimers();
   });
 
-  it('resets all associated resources', async () => {
-    const slo = createSLO({ id: 'irrelevant', version: 1 });
-    mockRepository.findById.mockResolvedValueOnce(slo);
-    mockRepository.update.mockImplementation((v) => Promise.resolve(v));
+  describe('happy path', () => {
+    beforeEach(() => {
+      mockEsClient.security.hasPrivileges.mockResolvedValue({
+        has_all_requested: true,
+      } as SecurityHasPrivilegesResponse);
+    });
+
+    it('resets all associated resources', async () => {
+      const slo = createSLO({ id: 'irrelevant', version: 1 });
+      mockRepository.findById.mockResolvedValueOnce(slo);
+      mockRepository.update.mockImplementation((v) => Promise.resolve(v));
+
+      await resetSLO.execute(slo.id);
+
+      // delete existing resources and data
+      expect(mockSummaryTransformManager.stop).toMatchSnapshot();
+      expect(mockSummaryTransformManager.uninstall).toMatchSnapshot();
 
-    await resetSLO.execute(slo.id);
+      expect(mockTransformManager.stop).toMatchSnapshot();
+      expect(mockTransformManager.uninstall).toMatchSnapshot();
 
-    // delete existing resources and data
-    expect(mockSummaryTransformManager.stop).toMatchSnapshot();
-    expect(mockSummaryTransformManager.uninstall).toMatchSnapshot();
+      expect(mockEsClient.deleteByQuery).toMatchSnapshot();
 
-    expect(mockTransformManager.stop).toMatchSnapshot();
-    expect(mockTransformManager.uninstall).toMatchSnapshot();
+      // install resources
+      expect(mockSummaryTransformManager.install).toMatchSnapshot();
+      expect(mockSummaryTransformManager.start).toMatchSnapshot();
 
-    expect(mockEsClient.deleteByQuery).toMatchSnapshot();
+      expect(mockScopedClusterClient.asSecondaryAuthUser.ingest.putPipeline).toMatchSnapshot();
 
-    // install resources
-    expect(mockSummaryTransformManager.install).toMatchSnapshot();
-    expect(mockSummaryTransformManager.start).toMatchSnapshot();
+      expect(mockTransformManager.install).toMatchSnapshot();
+      expect(mockTransformManager.start).toMatchSnapshot();
 
-    expect(mockScopedClusterClient.asSecondaryAuthUser.ingest.putPipeline).toMatchSnapshot();
+      expect(mockEsClient.index).toMatchSnapshot();
 
-    expect(mockTransformManager.install).toMatchSnapshot();
-    expect(mockTransformManager.start).toMatchSnapshot();
+      expect(mockRepository.update).toHaveBeenCalledWith({
+        ...slo,
+        version: SLO_MODEL_VERSION,
+        updatedAt: expect.anything(),
+      });
+    });
+  });
+
+  describe('unhappy path', () => {
+    beforeEach(() => {
+      mockEsClient.security.hasPrivileges.mockResolvedValue({
+        has_all_requested: false,
+      } as SecurityHasPrivilegesResponse);
+    });
 
-    expect(mockEsClient.index).toMatchSnapshot();
+    it('throws a SecurityException error when the user does not have the required privileges', async () => {
+      const slo = createSLO({ id: 'irrelevant', version: 1 });
+      mockRepository.findById.mockResolvedValueOnce(slo);
 
-    expect(mockRepository.update).toHaveBeenCalledWith({
-      ...slo,
-      version: SLO_MODEL_VERSION,
-      updatedAt: expect.anything(),
+      await expect(resetSLO.execute(slo.id)).rejects.toThrowError(
+        "Missing ['read', 'view_index_metadata'] privileges on the source index [metrics-apm*]"
+      );
     });
   });
 });
diff --git a/x-pack/plugins/observability_solution/slo/server/services/reset_slo.ts b/x-pack/plugins/observability_solution/slo/server/services/reset_slo.ts
index 634f02c8f6f90..c9da382c2d6ce 100644
--- a/x-pack/plugins/observability_solution/slo/server/services/reset_slo.ts
+++ b/x-pack/plugins/observability_solution/slo/server/services/reset_slo.ts
@@ -5,17 +5,17 @@
  * 2.0.
  */
 
-import { ElasticsearchClient, IBasePath, Logger, IScopedClusterClient } from '@kbn/core/server';
+import { ElasticsearchClient, IBasePath, IScopedClusterClient, Logger } from '@kbn/core/server';
 import { resetSLOResponseSchema } from '@kbn/slo-schema';
 import {
-  getSLOPipelineId,
-  getSLOSummaryPipelineId,
-  getSLOSummaryTransformId,
-  getSLOTransformId,
   SLO_DESTINATION_INDEX_PATTERN,
   SLO_MODEL_VERSION,
   SLO_SUMMARY_DESTINATION_INDEX_PATTERN,
   SLO_SUMMARY_TEMP_INDEX_NAME,
+  getSLOPipelineId,
+  getSLOSummaryPipelineId,
+  getSLOSummaryTransformId,
+  getSLOTransformId,
 } from '../../common/constants';
 import { getSLOPipelineTemplate } from '../assets/ingest_templates/slo_pipeline_template';
 import { getSLOSummaryPipelineTemplate } from '../assets/ingest_templates/slo_summary_pipeline_template';
@@ -23,6 +23,7 @@ import { retryTransientEsErrors } from '../utils/retry';
 import { SLORepository } from './slo_repository';
 import { createTempSummaryDocument } from './summary_transform_generator/helpers/create_temp_summary';
 import { TransformManager } from './transform_manager';
+import { assertExpectedIndicatorSourceIndexPrivileges } from './utils/assert_expected_indicator_source_index_privileges';
 
 export class ResetSLO {
   constructor(
@@ -39,6 +40,8 @@ export class ResetSLO {
   public async execute(sloId: string) {
     const slo = await this.repository.findById(sloId);
 
+    await assertExpectedIndicatorSourceIndexPrivileges(slo, this.esClient);
+
     const summaryTransformId = getSLOSummaryTransformId(slo.id, slo.revision);
     await this.summaryTransformManager.stop(summaryTransformId);
     await this.summaryTransformManager.uninstall(summaryTransformId);
diff --git a/x-pack/plugins/observability_solution/slo/server/services/slo_repository.test.ts b/x-pack/plugins/observability_solution/slo/server/services/slo_repository.test.ts
index 243b2b5e9958b..633ee359ca53f 100644
--- a/x-pack/plugins/observability_solution/slo/server/services/slo_repository.test.ts
+++ b/x-pack/plugins/observability_solution/slo/server/services/slo_repository.test.ts
@@ -88,7 +88,7 @@ describe('KibanaSavedObjectsSLORepository', () => {
       soClientMock.create.mockResolvedValueOnce(aStoredSLO(slo));
       const repository = new KibanaSavedObjectsSLORepository(soClientMock, loggerMock);
 
-      await repository.checkIfSLOExists(slo);
+      await repository.exists(slo.id);
 
       expect(soClientMock.find).toHaveBeenCalledWith({
         type: SO_SLO_TYPE,
@@ -117,7 +117,7 @@ describe('KibanaSavedObjectsSLORepository', () => {
       soClientMock.find.mockResolvedValueOnce(soFindResponse([slo]));
       const repository = new KibanaSavedObjectsSLORepository(soClientMock, loggerMock);
 
-      await expect(await repository.checkIfSLOExists(slo)).toEqual(true);
+      await expect(await repository.exists(slo.id)).toEqual(true);
       expect(soClientMock.find).toHaveBeenCalledWith({
         type: SO_SLO_TYPE,
         perPage: 0,
diff --git a/x-pack/plugins/observability_solution/slo/server/services/slo_repository.ts b/x-pack/plugins/observability_solution/slo/server/services/slo_repository.ts
index 35266ea993bfb..4f9cf439e8ed1 100644
--- a/x-pack/plugins/observability_solution/slo/server/services/slo_repository.ts
+++ b/x-pack/plugins/observability_solution/slo/server/services/slo_repository.ts
@@ -15,7 +15,7 @@ import { SLONotFound } from '../errors';
 import { SO_SLO_TYPE } from '../saved_objects';
 
 export interface SLORepository {
-  checkIfSLOExists(slo: SLODefinition): Promise<boolean>;
+  exists(id: string): Promise<boolean>;
   create(slo: SLODefinition): Promise<SLODefinition>;
   update(slo: SLODefinition): Promise<SLODefinition>;
   findAllByIds(ids: string[]): Promise<SLODefinition[]>;
@@ -31,11 +31,11 @@ export interface SLORepository {
 export class KibanaSavedObjectsSLORepository implements SLORepository {
   constructor(private soClient: SavedObjectsClientContract, private logger: Logger) {}
 
-  async checkIfSLOExists(slo: SLODefinition) {
+  async exists(id: string) {
     const findResponse = await this.soClient.find<StoredSLODefinition>({
       type: SO_SLO_TYPE,
       perPage: 0,
-      filter: `slo.attributes.id:(${slo.id})`,
+      filter: `slo.attributes.id:(${id})`,
     });
 
     return findResponse.total > 0;
diff --git a/x-pack/plugins/observability_solution/slo/server/services/summary_transform_generator/generators/__snapshots__/occurrences.test.ts.snap b/x-pack/plugins/observability_solution/slo/server/services/summary_transform_generator/generators/__snapshots__/occurrences.test.ts.snap
new file mode 100644
index 0000000000000..114ae4de393fa
--- /dev/null
+++ b/x-pack/plugins/observability_solution/slo/server/services/summary_transform_generator/generators/__snapshots__/occurrences.test.ts.snap
@@ -0,0 +1,745 @@
+// Jest Snapshot v1, https://goo.gl/fbAQLP
+
+exports[`Summary Transform Generator for 'Occurrences' SLO generates the correct transform for a 30days rolling SLO 1`] = `
+Object {
+  "_meta": Object {
+    "managed": true,
+    "managed_by": "observability",
+    "version": 3.3,
+  },
+  "defer_validation": true,
+  "description": "Summarise the rollup data of SLO: irrelevant [id: irrelevant, revision: 1].",
+  "dest": Object {
+    "index": ".slo-observability.summary-v3.3",
+    "pipeline": ".slo-observability.summary.pipeline-irrelevant-1",
+  },
+  "frequency": "1m",
+  "pivot": Object {
+    "aggregations": Object {
+      "errorBudgetConsumed": Object {
+        "bucket_script": Object {
+          "buckets_path": Object {
+            "errorBudgetInitial": "errorBudgetInitial",
+            "sliValue": "sliValue",
+          },
+          "script": "if (params.sliValue == -1) { return 0 } else { return (1 - params.sliValue) / params.errorBudgetInitial }",
+        },
+      },
+      "errorBudgetInitial": Object {
+        "bucket_script": Object {
+          "buckets_path": Object {},
+          "script": "1 - 0.999",
+        },
+      },
+      "errorBudgetRemaining": Object {
+        "bucket_script": Object {
+          "buckets_path": Object {
+            "errorBudgetConsumed": "errorBudgetConsumed",
+          },
+          "script": "1 - params.errorBudgetConsumed",
+        },
+      },
+      "fiveMinuteBurnRate": Object {
+        "aggs": Object {
+          "goodEvents": Object {
+            "sum": Object {
+              "field": "slo.numerator",
+            },
+          },
+          "totalEvents": Object {
+            "sum": Object {
+              "field": "slo.denominator",
+            },
+          },
+        },
+        "filter": Object {
+          "range": Object {
+            "@timestamp": Object {
+              "gte": "now-480s/m",
+              "lte": "now-180s/m",
+            },
+          },
+        },
+      },
+      "goodEvents": Object {
+        "sum": Object {
+          "field": "slo.numerator",
+        },
+      },
+      "latestSliTimestamp": Object {
+        "max": Object {
+          "field": "@timestamp",
+        },
+      },
+      "oneDayBurnRate": Object {
+        "aggs": Object {
+          "goodEvents": Object {
+            "sum": Object {
+              "field": "slo.numerator",
+            },
+          },
+          "totalEvents": Object {
+            "sum": Object {
+              "field": "slo.denominator",
+            },
+          },
+        },
+        "filter": Object {
+          "range": Object {
+            "@timestamp": Object {
+              "gte": "now-86580s/m",
+              "lte": "now-180s/m",
+            },
+          },
+        },
+      },
+      "oneHourBurnRate": Object {
+        "aggs": Object {
+          "goodEvents": Object {
+            "sum": Object {
+              "field": "slo.numerator",
+            },
+          },
+          "totalEvents": Object {
+            "sum": Object {
+              "field": "slo.denominator",
+            },
+          },
+        },
+        "filter": Object {
+          "range": Object {
+            "@timestamp": Object {
+              "gte": "now-3780s/m",
+              "lte": "now-180s/m",
+            },
+          },
+        },
+      },
+      "sliValue": Object {
+        "bucket_script": Object {
+          "buckets_path": Object {
+            "goodEvents": "goodEvents",
+            "totalEvents": "totalEvents",
+          },
+          "script": "if (params.totalEvents == 0) { return -1 } else if (params.goodEvents >= params.totalEvents) { return 1 } else { return params.goodEvents / params.totalEvents }",
+        },
+      },
+      "statusCode": Object {
+        "bucket_script": Object {
+          "buckets_path": Object {
+            "errorBudgetRemaining": "errorBudgetRemaining",
+            "sliValue": "sliValue",
+          },
+          "script": Object {
+            "source": "if (params.sliValue == -1) { return 0 } else if (params.sliValue >= 0.999) { return 4 } else if (params.errorBudgetRemaining > 0) { return 2 } else { return 1 }",
+          },
+        },
+      },
+      "totalEvents": Object {
+        "sum": Object {
+          "field": "slo.denominator",
+        },
+      },
+    },
+    "group_by": Object {
+      "monitor.config_id": Object {
+        "terms": Object {
+          "field": "monitor.config_id",
+          "missing_bucket": true,
+        },
+      },
+      "monitor.name": Object {
+        "terms": Object {
+          "field": "monitor.name",
+          "missing_bucket": true,
+        },
+      },
+      "observer.geo.name": Object {
+        "terms": Object {
+          "field": "observer.geo.name",
+          "missing_bucket": true,
+        },
+      },
+      "observer.name": Object {
+        "terms": Object {
+          "field": "observer.name",
+          "missing_bucket": true,
+        },
+      },
+      "service.environment": Object {
+        "terms": Object {
+          "field": "service.environment",
+          "missing_bucket": true,
+        },
+      },
+      "service.name": Object {
+        "terms": Object {
+          "field": "service.name",
+          "missing_bucket": true,
+        },
+      },
+      "slo.id": Object {
+        "terms": Object {
+          "field": "slo.id",
+        },
+      },
+      "slo.instanceId": Object {
+        "terms": Object {
+          "field": "slo.instanceId",
+        },
+      },
+      "slo.revision": Object {
+        "terms": Object {
+          "field": "slo.revision",
+        },
+      },
+      "transaction.name": Object {
+        "terms": Object {
+          "field": "transaction.name",
+          "missing_bucket": true,
+        },
+      },
+      "transaction.type": Object {
+        "terms": Object {
+          "field": "transaction.type",
+          "missing_bucket": true,
+        },
+      },
+    },
+  },
+  "settings": Object {
+    "deduce_mappings": false,
+    "unattended": true,
+  },
+  "source": Object {
+    "index": ".slo-observability.sli-v3.3*",
+    "query": Object {
+      "bool": Object {
+        "filter": Array [
+          Object {
+            "range": Object {
+              "@timestamp": Object {
+                "gte": "now-30d/m",
+                "lte": "now/m",
+              },
+            },
+          },
+          Object {
+            "term": Object {
+              "slo.id": "irrelevant",
+            },
+          },
+          Object {
+            "term": Object {
+              "slo.revision": 1,
+            },
+          },
+        ],
+      },
+    },
+  },
+  "sync": Object {
+    "time": Object {
+      "delay": "65s",
+      "field": "event.ingested",
+    },
+  },
+  "transform_id": "slo-summary-irrelevant-1",
+}
+`;
+
+exports[`Summary Transform Generator for 'Occurrences' SLO generates the correct transform for a monthly calendar aligned SLO 1`] = `
+Object {
+  "_meta": Object {
+    "managed": true,
+    "managed_by": "observability",
+    "version": 3.3,
+  },
+  "defer_validation": true,
+  "description": "Summarise the rollup data of SLO: irrelevant [id: irrelevant, revision: 1].",
+  "dest": Object {
+    "index": ".slo-observability.summary-v3.3",
+    "pipeline": ".slo-observability.summary.pipeline-irrelevant-1",
+  },
+  "frequency": "1m",
+  "pivot": Object {
+    "aggregations": Object {
+      "errorBudgetConsumed": Object {
+        "bucket_script": Object {
+          "buckets_path": Object {
+            "errorBudgetInitial": "errorBudgetInitial",
+            "sliValue": "sliValue",
+          },
+          "script": "if (params.sliValue == -1) { return 0 } else { return (1 - params.sliValue) / params.errorBudgetInitial }",
+        },
+      },
+      "errorBudgetInitial": Object {
+        "bucket_script": Object {
+          "buckets_path": Object {},
+          "script": "1 - 0.999",
+        },
+      },
+      "errorBudgetRemaining": Object {
+        "bucket_script": Object {
+          "buckets_path": Object {
+            "errorBudgetConsumed": "errorBudgetConsumed",
+          },
+          "script": "1 - params.errorBudgetConsumed",
+        },
+      },
+      "fiveMinuteBurnRate": Object {
+        "aggs": Object {
+          "goodEvents": Object {
+            "sum": Object {
+              "field": "slo.numerator",
+            },
+          },
+          "totalEvents": Object {
+            "sum": Object {
+              "field": "slo.denominator",
+            },
+          },
+        },
+        "filter": Object {
+          "range": Object {
+            "@timestamp": Object {
+              "gte": "now-480s/m",
+              "lte": "now-180s/m",
+            },
+          },
+        },
+      },
+      "goodEvents": Object {
+        "sum": Object {
+          "field": "slo.numerator",
+        },
+      },
+      "latestSliTimestamp": Object {
+        "max": Object {
+          "field": "@timestamp",
+        },
+      },
+      "oneDayBurnRate": Object {
+        "aggs": Object {
+          "goodEvents": Object {
+            "sum": Object {
+              "field": "slo.numerator",
+            },
+          },
+          "totalEvents": Object {
+            "sum": Object {
+              "field": "slo.denominator",
+            },
+          },
+        },
+        "filter": Object {
+          "range": Object {
+            "@timestamp": Object {
+              "gte": "now-86580s/m",
+              "lte": "now-180s/m",
+            },
+          },
+        },
+      },
+      "oneHourBurnRate": Object {
+        "aggs": Object {
+          "goodEvents": Object {
+            "sum": Object {
+              "field": "slo.numerator",
+            },
+          },
+          "totalEvents": Object {
+            "sum": Object {
+              "field": "slo.denominator",
+            },
+          },
+        },
+        "filter": Object {
+          "range": Object {
+            "@timestamp": Object {
+              "gte": "now-3780s/m",
+              "lte": "now-180s/m",
+            },
+          },
+        },
+      },
+      "sliValue": Object {
+        "bucket_script": Object {
+          "buckets_path": Object {
+            "goodEvents": "goodEvents",
+            "totalEvents": "totalEvents",
+          },
+          "script": "if (params.totalEvents == 0) { return -1 } else if (params.goodEvents >= params.totalEvents) { return 1 } else { return params.goodEvents / params.totalEvents }",
+        },
+      },
+      "statusCode": Object {
+        "bucket_script": Object {
+          "buckets_path": Object {
+            "errorBudgetRemaining": "errorBudgetRemaining",
+            "sliValue": "sliValue",
+          },
+          "script": Object {
+            "source": "if (params.sliValue == -1) { return 0 } else if (params.sliValue >= 0.999) { return 4 } else if (params.errorBudgetRemaining > 0) { return 2 } else { return 1 }",
+          },
+        },
+      },
+      "totalEvents": Object {
+        "sum": Object {
+          "field": "slo.denominator",
+        },
+      },
+    },
+    "group_by": Object {
+      "monitor.config_id": Object {
+        "terms": Object {
+          "field": "monitor.config_id",
+          "missing_bucket": true,
+        },
+      },
+      "monitor.name": Object {
+        "terms": Object {
+          "field": "monitor.name",
+          "missing_bucket": true,
+        },
+      },
+      "observer.geo.name": Object {
+        "terms": Object {
+          "field": "observer.geo.name",
+          "missing_bucket": true,
+        },
+      },
+      "observer.name": Object {
+        "terms": Object {
+          "field": "observer.name",
+          "missing_bucket": true,
+        },
+      },
+      "service.environment": Object {
+        "terms": Object {
+          "field": "service.environment",
+          "missing_bucket": true,
+        },
+      },
+      "service.name": Object {
+        "terms": Object {
+          "field": "service.name",
+          "missing_bucket": true,
+        },
+      },
+      "slo.id": Object {
+        "terms": Object {
+          "field": "slo.id",
+        },
+      },
+      "slo.instanceId": Object {
+        "terms": Object {
+          "field": "slo.instanceId",
+        },
+      },
+      "slo.revision": Object {
+        "terms": Object {
+          "field": "slo.revision",
+        },
+      },
+      "transaction.name": Object {
+        "terms": Object {
+          "field": "transaction.name",
+          "missing_bucket": true,
+        },
+      },
+      "transaction.type": Object {
+        "terms": Object {
+          "field": "transaction.type",
+          "missing_bucket": true,
+        },
+      },
+    },
+  },
+  "settings": Object {
+    "deduce_mappings": false,
+    "unattended": true,
+  },
+  "source": Object {
+    "index": ".slo-observability.sli-v3.3*",
+    "query": Object {
+      "bool": Object {
+        "filter": Array [
+          Object {
+            "range": Object {
+              "@timestamp": Object {
+                "gte": "now/M",
+                "lte": "now/m",
+              },
+            },
+          },
+          Object {
+            "term": Object {
+              "slo.id": "irrelevant",
+            },
+          },
+          Object {
+            "term": Object {
+              "slo.revision": 1,
+            },
+          },
+        ],
+      },
+    },
+  },
+  "sync": Object {
+    "time": Object {
+      "delay": "65s",
+      "field": "event.ingested",
+    },
+  },
+  "transform_id": "slo-summary-irrelevant-1",
+}
+`;
+
+exports[`Summary Transform Generator for 'Occurrences' SLO generates the correct transform for a weekly calendar aligned SLO 1`] = `
+Object {
+  "_meta": Object {
+    "managed": true,
+    "managed_by": "observability",
+    "version": 3.3,
+  },
+  "defer_validation": true,
+  "description": "Summarise the rollup data of SLO: irrelevant [id: irrelevant, revision: 1].",
+  "dest": Object {
+    "index": ".slo-observability.summary-v3.3",
+    "pipeline": ".slo-observability.summary.pipeline-irrelevant-1",
+  },
+  "frequency": "1m",
+  "pivot": Object {
+    "aggregations": Object {
+      "errorBudgetConsumed": Object {
+        "bucket_script": Object {
+          "buckets_path": Object {
+            "errorBudgetInitial": "errorBudgetInitial",
+            "sliValue": "sliValue",
+          },
+          "script": "if (params.sliValue == -1) { return 0 } else { return (1 - params.sliValue) / params.errorBudgetInitial }",
+        },
+      },
+      "errorBudgetInitial": Object {
+        "bucket_script": Object {
+          "buckets_path": Object {},
+          "script": "1 - 0.999",
+        },
+      },
+      "errorBudgetRemaining": Object {
+        "bucket_script": Object {
+          "buckets_path": Object {
+            "errorBudgetConsumed": "errorBudgetConsumed",
+          },
+          "script": "1 - params.errorBudgetConsumed",
+        },
+      },
+      "fiveMinuteBurnRate": Object {
+        "aggs": Object {
+          "goodEvents": Object {
+            "sum": Object {
+              "field": "slo.numerator",
+            },
+          },
+          "totalEvents": Object {
+            "sum": Object {
+              "field": "slo.denominator",
+            },
+          },
+        },
+        "filter": Object {
+          "range": Object {
+            "@timestamp": Object {
+              "gte": "now-480s/m",
+              "lte": "now-180s/m",
+            },
+          },
+        },
+      },
+      "goodEvents": Object {
+        "sum": Object {
+          "field": "slo.numerator",
+        },
+      },
+      "latestSliTimestamp": Object {
+        "max": Object {
+          "field": "@timestamp",
+        },
+      },
+      "oneDayBurnRate": Object {
+        "aggs": Object {
+          "goodEvents": Object {
+            "sum": Object {
+              "field": "slo.numerator",
+            },
+          },
+          "totalEvents": Object {
+            "sum": Object {
+              "field": "slo.denominator",
+            },
+          },
+        },
+        "filter": Object {
+          "range": Object {
+            "@timestamp": Object {
+              "gte": "now-86580s/m",
+              "lte": "now-180s/m",
+            },
+          },
+        },
+      },
+      "oneHourBurnRate": Object {
+        "aggs": Object {
+          "goodEvents": Object {
+            "sum": Object {
+              "field": "slo.numerator",
+            },
+          },
+          "totalEvents": Object {
+            "sum": Object {
+              "field": "slo.denominator",
+            },
+          },
+        },
+        "filter": Object {
+          "range": Object {
+            "@timestamp": Object {
+              "gte": "now-3780s/m",
+              "lte": "now-180s/m",
+            },
+          },
+        },
+      },
+      "sliValue": Object {
+        "bucket_script": Object {
+          "buckets_path": Object {
+            "goodEvents": "goodEvents",
+            "totalEvents": "totalEvents",
+          },
+          "script": "if (params.totalEvents == 0) { return -1 } else if (params.goodEvents >= params.totalEvents) { return 1 } else { return params.goodEvents / params.totalEvents }",
+        },
+      },
+      "statusCode": Object {
+        "bucket_script": Object {
+          "buckets_path": Object {
+            "errorBudgetRemaining": "errorBudgetRemaining",
+            "sliValue": "sliValue",
+          },
+          "script": Object {
+            "source": "if (params.sliValue == -1) { return 0 } else if (params.sliValue >= 0.999) { return 4 } else if (params.errorBudgetRemaining > 0) { return 2 } else { return 1 }",
+          },
+        },
+      },
+      "totalEvents": Object {
+        "sum": Object {
+          "field": "slo.denominator",
+        },
+      },
+    },
+    "group_by": Object {
+      "monitor.config_id": Object {
+        "terms": Object {
+          "field": "monitor.config_id",
+          "missing_bucket": true,
+        },
+      },
+      "monitor.name": Object {
+        "terms": Object {
+          "field": "monitor.name",
+          "missing_bucket": true,
+        },
+      },
+      "observer.geo.name": Object {
+        "terms": Object {
+          "field": "observer.geo.name",
+          "missing_bucket": true,
+        },
+      },
+      "observer.name": Object {
+        "terms": Object {
+          "field": "observer.name",
+          "missing_bucket": true,
+        },
+      },
+      "service.environment": Object {
+        "terms": Object {
+          "field": "service.environment",
+          "missing_bucket": true,
+        },
+      },
+      "service.name": Object {
+        "terms": Object {
+          "field": "service.name",
+          "missing_bucket": true,
+        },
+      },
+      "slo.id": Object {
+        "terms": Object {
+          "field": "slo.id",
+        },
+      },
+      "slo.instanceId": Object {
+        "terms": Object {
+          "field": "slo.instanceId",
+        },
+      },
+      "slo.revision": Object {
+        "terms": Object {
+          "field": "slo.revision",
+        },
+      },
+      "transaction.name": Object {
+        "terms": Object {
+          "field": "transaction.name",
+          "missing_bucket": true,
+        },
+      },
+      "transaction.type": Object {
+        "terms": Object {
+          "field": "transaction.type",
+          "missing_bucket": true,
+        },
+      },
+    },
+  },
+  "settings": Object {
+    "deduce_mappings": false,
+    "unattended": true,
+  },
+  "source": Object {
+    "index": ".slo-observability.sli-v3.3*",
+    "query": Object {
+      "bool": Object {
+        "filter": Array [
+          Object {
+            "range": Object {
+              "@timestamp": Object {
+                "gte": "now/w",
+                "lte": "now/m",
+              },
+            },
+          },
+          Object {
+            "term": Object {
+              "slo.id": "irrelevant",
+            },
+          },
+          Object {
+            "term": Object {
+              "slo.revision": 1,
+            },
+          },
+        ],
+      },
+    },
+  },
+  "sync": Object {
+    "time": Object {
+      "delay": "65s",
+      "field": "event.ingested",
+    },
+  },
+  "transform_id": "slo-summary-irrelevant-1",
+}
+`;
diff --git a/x-pack/plugins/observability_solution/slo/server/services/summary_transform_generator/generators/__snapshots__/timeslices_calendar_aligned.test.ts.snap b/x-pack/plugins/observability_solution/slo/server/services/summary_transform_generator/generators/__snapshots__/timeslices_calendar_aligned.test.ts.snap
new file mode 100644
index 0000000000000..ea635841aea6b
--- /dev/null
+++ b/x-pack/plugins/observability_solution/slo/server/services/summary_transform_generator/generators/__snapshots__/timeslices_calendar_aligned.test.ts.snap
@@ -0,0 +1,273 @@
+// Jest Snapshot v1, https://goo.gl/fbAQLP
+
+exports[`Summary Transform Generator for 'Timeslices' and 'CalendarAligned' SLO generates the correct transform for a 7 days SLO 1`] = `
+Object {
+  "_meta": Object {
+    "managed": true,
+    "managed_by": "observability",
+    "version": 3.3,
+  },
+  "defer_validation": true,
+  "description": "Summarise the rollup data of SLO: irrelevant [id: irrelevant, revision: 1].",
+  "dest": Object {
+    "index": ".slo-observability.summary-v3.3",
+    "pipeline": ".slo-observability.summary.pipeline-irrelevant-1",
+  },
+  "frequency": "1m",
+  "pivot": Object {
+    "aggregations": Object {
+      "_totalSlicesInPeriod": Object {
+        "bucket_script": Object {
+          "buckets_path": Object {},
+          "script": Object {
+            "source": "
+                if (false == true) {
+                  return Math.ceil(7 * 24 * 60 * 60 / 120);
+                } else {
+                  Date d = new Date(); 
+                  Instant instant = Instant.ofEpochMilli(d.getTime());
+                  LocalDateTime now = LocalDateTime.ofInstant(instant, ZoneOffset.UTC);
+                  LocalDateTime startOfMonth = now
+                    .withDayOfMonth(1)
+                    .withHour(0)
+                    .withMinute(0)
+                    .withSecond(0);
+                  LocalDateTime startOfNextMonth = startOfMonth.plusMonths(1);
+                  double sliceDurationInMinutes = 120 / 60;
+                  
+                  return Math.ceil(Duration.between(startOfMonth, startOfNextMonth).toMinutes() / sliceDurationInMinutes);
+                }
+              ",
+          },
+        },
+      },
+      "errorBudgetConsumed": Object {
+        "bucket_script": Object {
+          "buckets_path": Object {
+            "errorBudgetInitial": "errorBudgetInitial",
+            "sliValue": "sliValue",
+          },
+          "script": "if (params.sliValue == -1) { return 0 } else { return (1 - params.sliValue) / params.errorBudgetInitial }",
+        },
+      },
+      "errorBudgetInitial": Object {
+        "bucket_script": Object {
+          "buckets_path": Object {},
+          "script": "1 - 0.98",
+        },
+      },
+      "errorBudgetRemaining": Object {
+        "bucket_script": Object {
+          "buckets_path": Object {
+            "errorBudgetConsumed": "errorBudgetConsumed",
+          },
+          "script": "1 - params.errorBudgetConsumed",
+        },
+      },
+      "fiveMinuteBurnRate": Object {
+        "aggs": Object {
+          "goodEvents": Object {
+            "sum": Object {
+              "field": "slo.isGoodSlice",
+            },
+          },
+          "totalEvents": Object {
+            "value_count": Object {
+              "field": "slo.isGoodSlice",
+            },
+          },
+        },
+        "filter": Object {
+          "range": Object {
+            "@timestamp": Object {
+              "gte": "now-540s/m",
+              "lte": "now-240s/m",
+            },
+          },
+        },
+      },
+      "goodEvents": Object {
+        "sum": Object {
+          "field": "slo.isGoodSlice",
+        },
+      },
+      "latestSliTimestamp": Object {
+        "max": Object {
+          "field": "@timestamp",
+        },
+      },
+      "oneDayBurnRate": Object {
+        "aggs": Object {
+          "goodEvents": Object {
+            "sum": Object {
+              "field": "slo.isGoodSlice",
+            },
+          },
+          "totalEvents": Object {
+            "value_count": Object {
+              "field": "slo.isGoodSlice",
+            },
+          },
+        },
+        "filter": Object {
+          "range": Object {
+            "@timestamp": Object {
+              "gte": "now-86640s/m",
+              "lte": "now-240s/m",
+            },
+          },
+        },
+      },
+      "oneHourBurnRate": Object {
+        "aggs": Object {
+          "goodEvents": Object {
+            "sum": Object {
+              "field": "slo.isGoodSlice",
+            },
+          },
+          "totalEvents": Object {
+            "value_count": Object {
+              "field": "slo.isGoodSlice",
+            },
+          },
+        },
+        "filter": Object {
+          "range": Object {
+            "@timestamp": Object {
+              "gte": "now-3840s/m",
+              "lte": "now-240s/m",
+            },
+          },
+        },
+      },
+      "sliValue": Object {
+        "bucket_script": Object {
+          "buckets_path": Object {
+            "goodEvents": "goodEvents",
+            "totalEvents": "totalEvents",
+            "totalSlicesInPeriod": "_totalSlicesInPeriod",
+          },
+          "script": "if (params.totalEvents == 0) { return -1 } else if (params.goodEvents >= params.totalEvents) { return 1 } else { return 1 - (params.totalEvents - params.goodEvents) / params.totalSlicesInPeriod }",
+        },
+      },
+      "statusCode": Object {
+        "bucket_script": Object {
+          "buckets_path": Object {
+            "errorBudgetRemaining": "errorBudgetRemaining",
+            "sliValue": "sliValue",
+          },
+          "script": "if (params.sliValue == -1) { return 0 } else if (params.sliValue >= 0.98) { return 4 } else if (params.errorBudgetRemaining > 0) { return 2 } else { return 1 }",
+        },
+      },
+      "totalEvents": Object {
+        "value_count": Object {
+          "field": "slo.isGoodSlice",
+        },
+      },
+    },
+    "group_by": Object {
+      "monitor.config_id": Object {
+        "terms": Object {
+          "field": "monitor.config_id",
+          "missing_bucket": true,
+        },
+      },
+      "monitor.name": Object {
+        "terms": Object {
+          "field": "monitor.name",
+          "missing_bucket": true,
+        },
+      },
+      "observer.geo.name": Object {
+        "terms": Object {
+          "field": "observer.geo.name",
+          "missing_bucket": true,
+        },
+      },
+      "observer.name": Object {
+        "terms": Object {
+          "field": "observer.name",
+          "missing_bucket": true,
+        },
+      },
+      "service.environment": Object {
+        "terms": Object {
+          "field": "service.environment",
+          "missing_bucket": true,
+        },
+      },
+      "service.name": Object {
+        "terms": Object {
+          "field": "service.name",
+          "missing_bucket": true,
+        },
+      },
+      "slo.id": Object {
+        "terms": Object {
+          "field": "slo.id",
+        },
+      },
+      "slo.instanceId": Object {
+        "terms": Object {
+          "field": "slo.instanceId",
+        },
+      },
+      "slo.revision": Object {
+        "terms": Object {
+          "field": "slo.revision",
+        },
+      },
+      "transaction.name": Object {
+        "terms": Object {
+          "field": "transaction.name",
+          "missing_bucket": true,
+        },
+      },
+      "transaction.type": Object {
+        "terms": Object {
+          "field": "transaction.type",
+          "missing_bucket": true,
+        },
+      },
+    },
+  },
+  "settings": Object {
+    "deduce_mappings": false,
+    "unattended": true,
+  },
+  "source": Object {
+    "index": ".slo-observability.sli-v3.3*",
+    "query": Object {
+      "bool": Object {
+        "filter": Array [
+          Object {
+            "range": Object {
+              "@timestamp": Object {
+                "gte": "now/M",
+                "lte": "now/m",
+              },
+            },
+          },
+          Object {
+            "term": Object {
+              "slo.id": "irrelevant",
+            },
+          },
+          Object {
+            "term": Object {
+              "slo.revision": 1,
+            },
+          },
+        ],
+      },
+    },
+  },
+  "sync": Object {
+    "time": Object {
+      "delay": "65s",
+      "field": "event.ingested",
+    },
+  },
+  "transform_id": "slo-summary-irrelevant-1",
+}
+`;
diff --git a/x-pack/plugins/observability_solution/slo/server/services/summary_transform_generator/generators/__snapshots__/timeslices_rolling.test.ts.snap b/x-pack/plugins/observability_solution/slo/server/services/summary_transform_generator/generators/__snapshots__/timeslices_rolling.test.ts.snap
new file mode 100644
index 0000000000000..d01bc36872fb5
--- /dev/null
+++ b/x-pack/plugins/observability_solution/slo/server/services/summary_transform_generator/generators/__snapshots__/timeslices_rolling.test.ts.snap
@@ -0,0 +1,249 @@
+// Jest Snapshot v1, https://goo.gl/fbAQLP
+
+exports[`Summary Transform Generator for 'Timeslices' and 'Rolling' SLO generates the correct transform for a 7 days SLO 1`] = `
+Object {
+  "_meta": Object {
+    "managed": true,
+    "managed_by": "observability",
+    "version": 3.3,
+  },
+  "defer_validation": true,
+  "description": "Summarise the rollup data of SLO: irrelevant [id: irrelevant, revision: 1].",
+  "dest": Object {
+    "index": ".slo-observability.summary-v3.3",
+    "pipeline": ".slo-observability.summary.pipeline-irrelevant-1",
+  },
+  "frequency": "1m",
+  "pivot": Object {
+    "aggregations": Object {
+      "errorBudgetConsumed": Object {
+        "bucket_script": Object {
+          "buckets_path": Object {
+            "errorBudgetInitial": "errorBudgetInitial",
+            "sliValue": "sliValue",
+          },
+          "script": "if (params.sliValue == -1) { return 0 } else { return (1 - params.sliValue) / params.errorBudgetInitial }",
+        },
+      },
+      "errorBudgetInitial": Object {
+        "bucket_script": Object {
+          "buckets_path": Object {},
+          "script": "1 - 0.98",
+        },
+      },
+      "errorBudgetRemaining": Object {
+        "bucket_script": Object {
+          "buckets_path": Object {
+            "errorBudgetConsumed": "errorBudgetConsumed",
+          },
+          "script": "1 - params.errorBudgetConsumed",
+        },
+      },
+      "fiveMinuteBurnRate": Object {
+        "aggs": Object {
+          "goodEvents": Object {
+            "sum": Object {
+              "field": "slo.isGoodSlice",
+            },
+          },
+          "totalEvents": Object {
+            "value_count": Object {
+              "field": "slo.isGoodSlice",
+            },
+          },
+        },
+        "filter": Object {
+          "range": Object {
+            "@timestamp": Object {
+              "gte": "now-540s/m",
+              "lte": "now-240s/m",
+            },
+          },
+        },
+      },
+      "goodEvents": Object {
+        "sum": Object {
+          "field": "slo.isGoodSlice",
+        },
+      },
+      "latestSliTimestamp": Object {
+        "max": Object {
+          "field": "@timestamp",
+        },
+      },
+      "oneDayBurnRate": Object {
+        "aggs": Object {
+          "goodEvents": Object {
+            "sum": Object {
+              "field": "slo.isGoodSlice",
+            },
+          },
+          "totalEvents": Object {
+            "value_count": Object {
+              "field": "slo.isGoodSlice",
+            },
+          },
+        },
+        "filter": Object {
+          "range": Object {
+            "@timestamp": Object {
+              "gte": "now-86640s/m",
+              "lte": "now-240s/m",
+            },
+          },
+        },
+      },
+      "oneHourBurnRate": Object {
+        "aggs": Object {
+          "goodEvents": Object {
+            "sum": Object {
+              "field": "slo.isGoodSlice",
+            },
+          },
+          "totalEvents": Object {
+            "value_count": Object {
+              "field": "slo.isGoodSlice",
+            },
+          },
+        },
+        "filter": Object {
+          "range": Object {
+            "@timestamp": Object {
+              "gte": "now-3840s/m",
+              "lte": "now-240s/m",
+            },
+          },
+        },
+      },
+      "sliValue": Object {
+        "bucket_script": Object {
+          "buckets_path": Object {
+            "goodEvents": "goodEvents",
+            "totalEvents": "totalEvents",
+          },
+          "script": "if (params.totalEvents == 0) { return -1 } else if (params.goodEvents >= params.totalEvents) { return 1 } else { return 1 - (params.totalEvents - params.goodEvents) / 5040 }",
+        },
+      },
+      "statusCode": Object {
+        "bucket_script": Object {
+          "buckets_path": Object {
+            "errorBudgetRemaining": "errorBudgetRemaining",
+            "sliValue": "sliValue",
+          },
+          "script": Object {
+            "source": "if (params.sliValue == -1) { return 0 } else if (params.sliValue >= 0.98) { return 4 } else if (params.errorBudgetRemaining > 0) { return 2 } else { return 1 }",
+          },
+        },
+      },
+      "totalEvents": Object {
+        "value_count": Object {
+          "field": "slo.isGoodSlice",
+        },
+      },
+    },
+    "group_by": Object {
+      "monitor.config_id": Object {
+        "terms": Object {
+          "field": "monitor.config_id",
+          "missing_bucket": true,
+        },
+      },
+      "monitor.name": Object {
+        "terms": Object {
+          "field": "monitor.name",
+          "missing_bucket": true,
+        },
+      },
+      "observer.geo.name": Object {
+        "terms": Object {
+          "field": "observer.geo.name",
+          "missing_bucket": true,
+        },
+      },
+      "observer.name": Object {
+        "terms": Object {
+          "field": "observer.name",
+          "missing_bucket": true,
+        },
+      },
+      "service.environment": Object {
+        "terms": Object {
+          "field": "service.environment",
+          "missing_bucket": true,
+        },
+      },
+      "service.name": Object {
+        "terms": Object {
+          "field": "service.name",
+          "missing_bucket": true,
+        },
+      },
+      "slo.id": Object {
+        "terms": Object {
+          "field": "slo.id",
+        },
+      },
+      "slo.instanceId": Object {
+        "terms": Object {
+          "field": "slo.instanceId",
+        },
+      },
+      "slo.revision": Object {
+        "terms": Object {
+          "field": "slo.revision",
+        },
+      },
+      "transaction.name": Object {
+        "terms": Object {
+          "field": "transaction.name",
+          "missing_bucket": true,
+        },
+      },
+      "transaction.type": Object {
+        "terms": Object {
+          "field": "transaction.type",
+          "missing_bucket": true,
+        },
+      },
+    },
+  },
+  "settings": Object {
+    "deduce_mappings": false,
+    "unattended": true,
+  },
+  "source": Object {
+    "index": ".slo-observability.sli-v3.3*",
+    "query": Object {
+      "bool": Object {
+        "filter": Array [
+          Object {
+            "range": Object {
+              "@timestamp": Object {
+                "gte": "now-7d/m",
+                "lte": "now/m",
+              },
+            },
+          },
+          Object {
+            "term": Object {
+              "slo.id": "irrelevant",
+            },
+          },
+          Object {
+            "term": Object {
+              "slo.revision": 1,
+            },
+          },
+        ],
+      },
+    },
+  },
+  "sync": Object {
+    "time": Object {
+      "delay": "65s",
+      "field": "event.ingested",
+    },
+  },
+  "transform_id": "slo-summary-irrelevant-1",
+}
+`;
diff --git a/x-pack/plugins/observability_solution/slo/server/services/summary_transform_generator/generators/occurrences.test.ts b/x-pack/plugins/observability_solution/slo/server/services/summary_transform_generator/generators/occurrences.test.ts
new file mode 100644
index 0000000000000..08dc5231d2974
--- /dev/null
+++ b/x-pack/plugins/observability_solution/slo/server/services/summary_transform_generator/generators/occurrences.test.ts
@@ -0,0 +1,52 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { createSLO } from '../../fixtures/slo';
+import {
+  monthlyCalendarAligned,
+  thirtyDaysRolling,
+  weeklyCalendarAligned,
+} from '../../fixtures/time_window';
+import { generateSummaryTransformForOccurrences } from './occurrences';
+
+describe("Summary Transform Generator for 'Occurrences' SLO", () => {
+  it('generates the correct transform for a weekly calendar aligned SLO', async () => {
+    const slo = createSLO({
+      id: 'irrelevant',
+      budgetingMethod: 'occurrences',
+      timeWindow: weeklyCalendarAligned(),
+    });
+
+    const transform = generateSummaryTransformForOccurrences(slo);
+
+    expect(transform).toMatchSnapshot();
+  });
+
+  it('generates the correct transform for a monthly calendar aligned SLO', async () => {
+    const slo = createSLO({
+      id: 'irrelevant',
+      budgetingMethod: 'occurrences',
+      timeWindow: monthlyCalendarAligned(),
+    });
+
+    const transform = generateSummaryTransformForOccurrences(slo);
+
+    expect(transform).toMatchSnapshot();
+  });
+
+  it('generates the correct transform for a 30days rolling SLO', async () => {
+    const slo = createSLO({
+      id: 'irrelevant',
+      budgetingMethod: 'occurrences',
+      timeWindow: thirtyDaysRolling(),
+    });
+
+    const transform = generateSummaryTransformForOccurrences(slo);
+
+    expect(transform).toMatchSnapshot();
+  });
+});
diff --git a/x-pack/plugins/observability_solution/slo/server/services/summary_transform_generator/generators/occurrences.ts b/x-pack/plugins/observability_solution/slo/server/services/summary_transform_generator/generators/occurrences.ts
index 1dd2c0758096c..ab5377e38b12e 100644
--- a/x-pack/plugins/observability_solution/slo/server/services/summary_transform_generator/generators/occurrences.ts
+++ b/x-pack/plugins/observability_solution/slo/server/services/summary_transform_generator/generators/occurrences.ts
@@ -6,6 +6,7 @@
  */
 
 import { TransformPutTransformRequest } from '@elastic/elasticsearch/lib/api/types';
+import { calendarAlignedTimeWindowSchema, DurationUnit } from '@kbn/slo-schema';
 import {
   getSLOSummaryPipelineId,
   getSLOSummaryTransformId,
@@ -20,6 +21,18 @@ import { buildBurnRateAgg } from './utils';
 export function generateSummaryTransformForOccurrences(
   slo: SLODefinition
 ): TransformPutTransformRequest {
+  const isCalendarAligned = calendarAlignedTimeWindowSchema.is(slo.timeWindow);
+  let isWeeklyAligned = false;
+  if (isCalendarAligned) {
+    isWeeklyAligned = slo.timeWindow.duration.unit === DurationUnit.Week;
+  }
+
+  const rangeLowerBound = isCalendarAligned
+    ? isWeeklyAligned
+      ? 'now/w'
+      : 'now/M'
+    : `now-${slo.timeWindow.duration.format()}/m`;
+
   return {
     transform_id: getSLOSummaryTransformId(slo.id, slo.revision),
     dest: {
@@ -34,7 +47,7 @@ export function generateSummaryTransformForOccurrences(
             {
               range: {
                 '@timestamp': {
-                  gte: `now-${slo.timeWindow.duration.format()}/m`,
+                  gte: rangeLowerBound,
                   lte: 'now/m',
                 },
               },
diff --git a/x-pack/plugins/observability_solution/slo/server/services/summary_transform_generator/generators/timeslices_calendar_aligned.test.ts b/x-pack/plugins/observability_solution/slo/server/services/summary_transform_generator/generators/timeslices_calendar_aligned.test.ts
new file mode 100644
index 0000000000000..32628d619d536
--- /dev/null
+++ b/x-pack/plugins/observability_solution/slo/server/services/summary_transform_generator/generators/timeslices_calendar_aligned.test.ts
@@ -0,0 +1,23 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { createSLOWithTimeslicesBudgetingMethod } from '../../fixtures/slo';
+import { monthlyCalendarAligned } from '../../fixtures/time_window';
+import { generateSummaryTransformForTimeslicesAndCalendarAligned } from './timeslices_calendar_aligned';
+
+describe("Summary Transform Generator for 'Timeslices' and 'CalendarAligned' SLO", () => {
+  it('generates the correct transform for a 7 days SLO', async () => {
+    const slo = createSLOWithTimeslicesBudgetingMethod({
+      id: 'irrelevant',
+      timeWindow: monthlyCalendarAligned(),
+    });
+
+    const transform = generateSummaryTransformForTimeslicesAndCalendarAligned(slo);
+
+    expect(transform).toMatchSnapshot();
+  });
+});
diff --git a/x-pack/plugins/observability_solution/slo/server/services/summary_transform_generator/generators/timeslices_rolling.test.ts b/x-pack/plugins/observability_solution/slo/server/services/summary_transform_generator/generators/timeslices_rolling.test.ts
new file mode 100644
index 0000000000000..867a40deeced1
--- /dev/null
+++ b/x-pack/plugins/observability_solution/slo/server/services/summary_transform_generator/generators/timeslices_rolling.test.ts
@@ -0,0 +1,23 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { createSLOWithTimeslicesBudgetingMethod } from '../../fixtures/slo';
+import { sevenDaysRolling } from '../../fixtures/time_window';
+import { generateSummaryTransformForTimeslicesAndRolling } from './timeslices_rolling';
+
+describe("Summary Transform Generator for 'Timeslices' and 'Rolling' SLO", () => {
+  it('generates the correct transform for a 7 days SLO', async () => {
+    const slo = createSLOWithTimeslicesBudgetingMethod({
+      id: 'irrelevant',
+      timeWindow: sevenDaysRolling(),
+    });
+
+    const transform = generateSummaryTransformForTimeslicesAndRolling(slo);
+
+    expect(transform).toMatchSnapshot();
+  });
+});
diff --git a/x-pack/plugins/observability_solution/slo/server/services/tasks/orphan_summary_cleanup_task.test.ts b/x-pack/plugins/observability_solution/slo/server/services/tasks/orphan_summary_cleanup_task.test.ts
index b947e0985c580..31b74b3cf9ed4 100644
--- a/x-pack/plugins/observability_solution/slo/server/services/tasks/orphan_summary_cleanup_task.test.ts
+++ b/x-pack/plugins/observability_solution/slo/server/services/tasks/orphan_summary_cleanup_task.test.ts
@@ -5,14 +5,13 @@
  * 2.0.
  */
 
-import { getDeleteQueryFilter, SloOrphanSummaryCleanupTask } from './orphan_summary_cleanup_task';
-import { taskManagerMock } from '@kbn/task-manager-plugin/server/mocks';
-
-import { loggerMock } from '@kbn/logging-mocks';
 import { elasticsearchClientMock } from '@kbn/core-elasticsearch-client-server-mocks';
-import { times } from 'lodash';
 import { savedObjectsClientMock } from '@kbn/core-saved-objects-api-server-mocks';
+import { loggerMock } from '@kbn/logging-mocks';
+import { taskManagerMock } from '@kbn/task-manager-plugin/server/mocks';
+import { times } from 'lodash';
 import { SLO_SUMMARY_DESTINATION_INDEX_PATTERN } from '../../../common/constants';
+import { getDeleteQueryFilter, SloOrphanSummaryCleanupTask } from './orphan_summary_cleanup_task';
 
 const taskManagerSetup = taskManagerMock.createSetup();
 const taskManagerStart = taskManagerMock.createStart();
diff --git a/x-pack/plugins/observability_solution/slo/server/services/tasks/orphan_summary_cleanup_task.ts b/x-pack/plugins/observability_solution/slo/server/services/tasks/orphan_summary_cleanup_task.ts
index bdbb955050358..c3d56854f4946 100644
--- a/x-pack/plugins/observability_solution/slo/server/services/tasks/orphan_summary_cleanup_task.ts
+++ b/x-pack/plugins/observability_solution/slo/server/services/tasks/orphan_summary_cleanup_task.ts
@@ -15,8 +15,8 @@ import { AggregationsCompositeAggregateKey } from '@elastic/elasticsearch/lib/ap
 import { ALL_SPACES_ID } from '@kbn/spaces-plugin/common/constants';
 import { StoredSLODefinition } from '../../domain/models';
 import { SO_SLO_TYPE } from '../../saved_objects';
-import { SloConfig } from '../..';
 import { SLO_SUMMARY_DESTINATION_INDEX_PATTERN } from '../../../common/constants';
+import { SLOConfig } from '../../types';
 
 export const TASK_TYPE = 'SLO:ORPHAN_SUMMARIES-CLEANUP-TASK';
 
@@ -49,9 +49,9 @@ export class SloOrphanSummaryCleanupTask {
   private taskManager?: TaskManagerStartContract;
   private soClient?: SavedObjectsClientContract;
   private esClient?: ElasticsearchClient;
-  private config: SloConfig;
+  private config: SLOConfig;
 
-  constructor(taskManager: TaskManagerSetupContract, logger: Logger, config: SloConfig) {
+  constructor(taskManager: TaskManagerSetupContract, logger: Logger, config: SLOConfig) {
     this.logger = logger;
     this.config = config;
 
diff --git a/x-pack/plugins/observability_solution/slo/server/services/update_slo.test.ts b/x-pack/plugins/observability_solution/slo/server/services/update_slo.test.ts
index dccfe5f97d633..9417e4779a5e2 100644
--- a/x-pack/plugins/observability_solution/slo/server/services/update_slo.test.ts
+++ b/x-pack/plugins/observability_solution/slo/server/services/update_slo.test.ts
@@ -5,8 +5,8 @@
  * 2.0.
  */
 
-import { ElasticsearchClient } from '@kbn/core/server';
 import {
+  ElasticsearchClientMock,
   elasticsearchServiceMock,
   httpServiceMock,
   loggingSystemMock,
@@ -16,6 +16,7 @@ import { MockedLogger } from '@kbn/logging-mocks';
 import { UpdateSLOParams } from '@kbn/slo-schema';
 import { cloneDeep, omit, pick } from 'lodash';
 
+import { SecurityHasPrivilegesResponse } from '@elastic/elasticsearch/lib/api/types';
 import {
   getSLOSummaryTransformId,
   getSLOTransformId,
@@ -42,7 +43,7 @@ import { UpdateSLO } from './update_slo';
 describe('UpdateSLO', () => {
   let mockRepository: jest.Mocked<SLORepository>;
   let mockTransformManager: jest.Mocked<TransformManager>;
-  let mockEsClient: jest.Mocked<ElasticsearchClient>;
+  let mockEsClient: ElasticsearchClientMock;
   let mockScopedClusterClient: ScopedClusterClientMock;
   let mockLogger: jest.Mocked<MockedLogger>;
   let mockSummaryTransformManager: jest.Mocked<TransformManager>;
@@ -69,6 +70,8 @@ describe('UpdateSLO', () => {
 
   describe('when the update payload does not change the original SLO', () => {
     function expectNoCallsToAnyMocks() {
+      expect(mockEsClient.security.hasPrivileges).not.toBeCalled();
+
       expect(mockTransformManager.stop).not.toBeCalled();
       expect(mockTransformManager.uninstall).not.toBeCalled();
       expect(mockTransformManager.install).not.toBeCalled();
@@ -192,6 +195,12 @@ describe('UpdateSLO', () => {
   });
 
   describe('handles breaking changes', () => {
+    beforeEach(() => {
+      mockEsClient.security.hasPrivileges.mockResolvedValue({
+        has_all_requested: true,
+      } as SecurityHasPrivilegesResponse);
+    });
+
     it('consideres a settings change as a breaking change', async () => {
       const slo = createSLO();
       mockRepository.findById.mockResolvedValueOnce(slo);
@@ -302,6 +311,32 @@ describe('UpdateSLO', () => {
   });
 
   describe('when error happens during the update', () => {
+    beforeEach(() => {
+      mockEsClient.security.hasPrivileges.mockResolvedValue({
+        has_all_requested: true,
+      } as SecurityHasPrivilegesResponse);
+    });
+
+    it('throws a SecurityException error when the user does not have the required privileges on the source index', async () => {
+      mockEsClient.security.hasPrivileges.mockResolvedValue({
+        has_all_requested: false,
+      } as SecurityHasPrivilegesResponse);
+
+      const originalSlo = createSLO({
+        id: 'original-id',
+        indicator: createAPMTransactionErrorRateIndicator(),
+      });
+      mockRepository.findById.mockResolvedValueOnce(originalSlo);
+
+      const newIndicator = createAPMTransactionErrorRateIndicator({ index: 'new-index-*' });
+
+      await expect(
+        updateSLO.execute(originalSlo.id, { indicator: newIndicator })
+      ).rejects.toThrowError(
+        "Missing ['read', 'view_index_metadata'] privileges on the source index [new-index-*]"
+      );
+    });
+
     it('restores the previous SLO definition when updated summary transform install fails', async () => {
       const originalSlo = createSLO({
         id: 'original-id',
diff --git a/x-pack/plugins/observability_solution/slo/server/services/update_slo.ts b/x-pack/plugins/observability_solution/slo/server/services/update_slo.ts
index 9418bfb1ea91a..d1dfb2e70e00c 100644
--- a/x-pack/plugins/observability_solution/slo/server/services/update_slo.ts
+++ b/x-pack/plugins/observability_solution/slo/server/services/update_slo.ts
@@ -5,18 +5,18 @@
  * 2.0.
  */
 
-import { ElasticsearchClient, IBasePath, Logger, IScopedClusterClient } from '@kbn/core/server';
+import { ElasticsearchClient, IBasePath, IScopedClusterClient, Logger } from '@kbn/core/server';
 import { UpdateSLOParams, UpdateSLOResponse, updateSLOResponseSchema } from '@kbn/slo-schema';
 import { asyncForEach } from '@kbn/std';
 import { isEqual, pick } from 'lodash';
 import {
+  SLO_DESTINATION_INDEX_PATTERN,
+  SLO_SUMMARY_DESTINATION_INDEX_PATTERN,
+  SLO_SUMMARY_TEMP_INDEX_NAME,
   getSLOPipelineId,
   getSLOSummaryPipelineId,
   getSLOSummaryTransformId,
   getSLOTransformId,
-  SLO_DESTINATION_INDEX_PATTERN,
-  SLO_SUMMARY_DESTINATION_INDEX_PATTERN,
-  SLO_SUMMARY_TEMP_INDEX_NAME,
 } from '../../common/constants';
 import { getSLOPipelineTemplate } from '../assets/ingest_templates/slo_pipeline_template';
 import { getSLOSummaryPipelineTemplate } from '../assets/ingest_templates/slo_summary_pipeline_template';
@@ -27,6 +27,7 @@ import { retryTransientEsErrors } from '../utils/retry';
 import { SLORepository } from './slo_repository';
 import { createTempSummaryDocument } from './summary_transform_generator/helpers/create_temp_summary';
 import { TransformManager } from './transform_manager';
+import { assertExpectedIndicatorSourceIndexPrivileges } from './utils/assert_expected_indicator_source_index_privileges';
 
 export class UpdateSLO {
   constructor(
@@ -68,8 +69,9 @@ export class UpdateSLO {
 
     validateSLO(updatedSlo);
 
-    const rollbackOperations = [];
+    await assertExpectedIndicatorSourceIndexPrivileges(updatedSlo, this.esClient);
 
+    const rollbackOperations = [];
     await this.repository.update(updatedSlo);
     rollbackOperations.push(() => this.repository.update(originalSlo));
 
diff --git a/x-pack/plugins/observability_solution/slo/server/services/utils/assert_expected_indicator_source_index_privileges.ts b/x-pack/plugins/observability_solution/slo/server/services/utils/assert_expected_indicator_source_index_privileges.ts
new file mode 100644
index 0000000000000..d3633865eafb8
--- /dev/null
+++ b/x-pack/plugins/observability_solution/slo/server/services/utils/assert_expected_indicator_source_index_privileges.ts
@@ -0,0 +1,24 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { ElasticsearchClient } from '@kbn/core/server';
+import { SLODefinition } from '../../domain/models';
+import { SecurityException } from '../../errors';
+
+export async function assertExpectedIndicatorSourceIndexPrivileges(
+  slo: SLODefinition,
+  esClient: ElasticsearchClient
+) {
+  const privileges = await esClient.security.hasPrivileges({
+    index: [{ names: slo.indicator.params.index, privileges: ['read', 'view_index_metadata'] }],
+  });
+  if (!privileges.has_all_requested) {
+    throw new SecurityException(
+      `Missing ['read', 'view_index_metadata'] privileges on the source index [${slo.indicator.params.index}]`
+    );
+  }
+}
diff --git a/x-pack/plugins/observability_solution/slo/server/types.ts b/x-pack/plugins/observability_solution/slo/server/types.ts
index 86bf0ac0b94ab..b9269f49c4d9f 100644
--- a/x-pack/plugins/observability_solution/slo/server/types.ts
+++ b/x-pack/plugins/observability_solution/slo/server/types.ts
@@ -5,15 +5,49 @@
  * 2.0.
  */
 
-import type { LicensingApiRequestHandlerContext } from '@kbn/licensing-plugin/server';
-import type { AlertingApiRequestHandlerContext } from '@kbn/alerting-plugin/server';
-import type { CustomRequestHandlerContext, CoreRequestHandlerContext } from '@kbn/core/server';
+import type { PluginSetupContract, PluginStartContract } from '@kbn/alerting-plugin/server';
+import { CloudSetup } from '@kbn/cloud-plugin/server';
+import { DataViewsServerPluginStart } from '@kbn/data-views-plugin/server';
+import { FeaturesPluginSetup } from '@kbn/features-plugin/server';
+import type { LicensingPluginSetup, LicensingPluginStart } from '@kbn/licensing-plugin/server';
+import {
+  RuleRegistryPluginSetupContract,
+  RuleRegistryPluginStartContract,
+} from '@kbn/rule-registry-plugin/server';
+import { SharePluginSetup } from '@kbn/share-plugin/server';
+import { SpacesPluginSetup, SpacesPluginStart } from '@kbn/spaces-plugin/server';
+import {
+  TaskManagerSetupContract,
+  TaskManagerStartContract,
+} from '@kbn/task-manager-plugin/server';
+import { UsageCollectionSetup } from '@kbn/usage-collection-plugin/server';
 
-/**
- * @internal
- */
-export type SloRequestHandlerContext = CustomRequestHandlerContext<{
-  licensing: LicensingApiRequestHandlerContext;
-  alerting: AlertingApiRequestHandlerContext;
-  core: Promise<CoreRequestHandlerContext>;
-}>;
+export type { SLOConfig } from '../common/config';
+
+// eslint-disable-next-line @typescript-eslint/no-empty-interface
+export interface SLOServerSetup {}
+
+// eslint-disable-next-line @typescript-eslint/no-empty-interface
+export interface SLOServerStart {}
+
+export interface SLOPluginSetupDependencies {
+  alerting: PluginSetupContract;
+  ruleRegistry: RuleRegistryPluginSetupContract;
+  share: SharePluginSetup;
+  features: FeaturesPluginSetup;
+  taskManager: TaskManagerSetupContract;
+  spaces: SpacesPluginSetup;
+  cloud?: CloudSetup;
+  usageCollection: UsageCollectionSetup;
+  licensing: LicensingPluginSetup;
+  dataViews: DataViewsServerPluginStart;
+}
+
+export interface SLOPluginStartDependencies {
+  alerting: PluginStartContract;
+  taskManager: TaskManagerStartContract;
+  spaces?: SpacesPluginStart;
+  ruleRegistry: RuleRegistryPluginStartContract;
+  dataViews: DataViewsServerPluginStart;
+  licensing: LicensingPluginStart;
+}
diff --git a/x-pack/plugins/observability_solution/slo/tsconfig.json b/x-pack/plugins/observability_solution/slo/tsconfig.json
index 2bf0737b5436c..4b05b5aa0b063 100644
--- a/x-pack/plugins/observability_solution/slo/tsconfig.json
+++ b/x-pack/plugins/observability_solution/slo/tsconfig.json
@@ -95,6 +95,8 @@
     "@kbn/core-application-browser",
     "@kbn/core-theme-browser",
     "@kbn/ebt-tools",
-    "@kbn/observability-alerting-rule-utils"
+    "@kbn/observability-alerting-rule-utils",
+    "@kbn/server-route-repository-client",
+    "@kbn/server-route-repository-utils"
   ]
 }
diff --git a/x-pack/plugins/observability_solution/synthetics/public/plugin.ts b/x-pack/plugins/observability_solution/synthetics/public/plugin.ts
index 15de2de6d5eee..e8fbedfa0ecb1 100644
--- a/x-pack/plugins/observability_solution/synthetics/public/plugin.ts
+++ b/x-pack/plugins/observability_solution/synthetics/public/plugin.ts
@@ -60,7 +60,7 @@ import { ServerlessPluginSetup, ServerlessPluginStart } from '@kbn/serverless/pu
 import type { UiActionsSetup } from '@kbn/ui-actions-plugin/public';
 import type { PresentationUtilPluginStart } from '@kbn/presentation-util-plugin/public';
 import { DashboardStart, DashboardSetup } from '@kbn/dashboard-plugin/public';
-import { SloPublicStart } from '@kbn/slo-plugin/public';
+import { SLOPublicStart } from '@kbn/slo-plugin/public';
 import { registerSyntheticsEmbeddables } from './apps/embeddables/register_embeddables';
 import { kibanaService } from './utils/kibana_service';
 import { PLUGIN } from '../common/constants/plugin';
@@ -111,7 +111,7 @@ export interface ClientPluginsStart {
   usageCollection: UsageCollectionStart;
   serverless: ServerlessPluginStart;
   licenseManagement?: LicenseManagementUIPluginSetup;
-  slo?: SloPublicStart;
+  slo?: SLOPublicStart;
   presentationUtil: PresentationUtilPluginStart;
   dashboard: DashboardStart;
 }
diff --git a/x-pack/plugins/osquery/cypress/e2e/all/alerts_linked_apps.cy.ts b/x-pack/plugins/osquery/cypress/e2e/all/alerts_linked_apps.cy.ts
index 2b04a99bd4f9c..43ba880b21204 100644
--- a/x-pack/plugins/osquery/cypress/e2e/all/alerts_linked_apps.cy.ts
+++ b/x-pack/plugins/osquery/cypress/e2e/all/alerts_linked_apps.cy.ts
@@ -18,7 +18,8 @@ import {
 import { closeModalIfVisible, closeToastIfVisible } from '../../tasks/integrations';
 import { RESULTS_TABLE, RESULTS_TABLE_BUTTON } from '../../screens/live_query';
 
-describe(
+// FLAKY: https://github.com/elastic/kibana/issues/181889
+describe.skip(
   'Alert Event Details',
   {
     tags: ['@ess', '@serverless', '@skipInServerlessMKI'],
diff --git a/x-pack/plugins/search_playground/public/components/summarization_panel/instructions_field.tsx b/x-pack/plugins/search_playground/public/components/summarization_panel/instructions_field.tsx
index 0bf870202f1e9..fe51adcd6ead1 100644
--- a/x-pack/plugins/search_playground/public/components/summarization_panel/instructions_field.tsx
+++ b/x-pack/plugins/search_playground/public/components/summarization_panel/instructions_field.tsx
@@ -7,7 +7,7 @@
 
 import React from 'react';
 
-import { EuiFormRow, EuiIcon, EuiTextArea, EuiToolTip } from '@elastic/eui';
+import { EuiFormRow, EuiTextArea, EuiIconTip } from '@elastic/eui';
 import { i18n } from '@kbn/i18n';
 import { isEmpty } from 'lodash';
 import { useUsageTracker } from '../../hooks/use_usage_tracker';
@@ -37,21 +37,20 @@ export const InstructionsField: React.FC<InstructionsFieldProps> = ({ value, onC
   return (
     <EuiFormRow
       label={
-        <EuiToolTip
-          content={i18n.translate('xpack.searchPlayground.sidebar.instructionsField.help', {
-            defaultMessage:
-              'These preliminary instructions and guidelines define the behavior of the model. Be clear and specific for best results.',
+        <span>
+          {i18n.translate('xpack.searchPlayground.sidebar.instructionsField.label', {
+            defaultMessage: 'Instructions',
           })}
-        >
-          <>
-            <span>
-              {i18n.translate('xpack.searchPlayground.sidebar.instructionsField.label', {
-                defaultMessage: 'Instructions',
-              })}
-            </span>
-            <EuiIcon type="questionInCircle" color="subdued" />
-          </>
-        </EuiToolTip>
+          &nbsp;
+          <EuiIconTip
+            type="questionInCircle"
+            color="subdued"
+            content={i18n.translate('xpack.searchPlayground.sidebar.instructionsField.help', {
+              defaultMessage:
+                'These preliminary instructions and guidelines define the behavior of the model. Be clear and specific for best results.',
+            })}
+          />
+        </span>
       }
       fullWidth
     >
diff --git a/x-pack/plugins/security/server/authorization/api_authorization.ts b/x-pack/plugins/security/server/authorization/api_authorization.ts
index 2b99c2a176ac1..888d74e7d7bb2 100644
--- a/x-pack/plugins/security/server/authorization/api_authorization.ts
+++ b/x-pack/plugins/security/server/authorization/api_authorization.ts
@@ -48,10 +48,6 @@ export function initAPIAuthorization(
 
     if (security) {
       if (isAuthzDisabled(security.authz)) {
-        logger.warn(
-          `Route authz is disabled for ${request.url.pathname}${request.url.search}": ${security.authz.reason}`
-        );
-
         return toolkit.next();
       }
 
diff --git a/x-pack/plugins/security_solution/common/api/detection_engine/model/rule_schema/common_attributes.gen.ts b/x-pack/plugins/security_solution/common/api/detection_engine/model/rule_schema/common_attributes.gen.ts
index 1bf3bfb5e2445..2d722e7d5076a 100644
--- a/x-pack/plugins/security_solution/common/api/detection_engine/model/rule_schema/common_attributes.gen.ts
+++ b/x-pack/plugins/security_solution/common/api/detection_engine/model/rule_schema/common_attributes.gen.ts
@@ -555,10 +555,15 @@ export const RuleExceptionList = z.object({
   namespace_type: z.enum(['agnostic', 'single']),
 });
 
+export type AlertSuppressionDurationUnit = z.infer<typeof AlertSuppressionDurationUnit>;
+export const AlertSuppressionDurationUnit = z.enum(['s', 'm', 'h']);
+export type AlertSuppressionDurationUnitEnum = typeof AlertSuppressionDurationUnit.enum;
+export const AlertSuppressionDurationUnitEnum = AlertSuppressionDurationUnit.enum;
+
 export type AlertSuppressionDuration = z.infer<typeof AlertSuppressionDuration>;
 export const AlertSuppressionDuration = z.object({
   value: z.number().int().min(1),
-  unit: z.enum(['s', 'm', 'h']),
+  unit: AlertSuppressionDurationUnit,
 });
 
 /**
diff --git a/x-pack/plugins/security_solution/common/api/detection_engine/model/rule_schema/common_attributes.schema.yaml b/x-pack/plugins/security_solution/common/api/detection_engine/model/rule_schema/common_attributes.schema.yaml
index 088153cca4885..029a71b9e0a1c 100644
--- a/x-pack/plugins/security_solution/common/api/detection_engine/model/rule_schema/common_attributes.schema.yaml
+++ b/x-pack/plugins/security_solution/common/api/detection_engine/model/rule_schema/common_attributes.schema.yaml
@@ -581,6 +581,13 @@ components:
         - type
         - namespace_type
 
+    AlertSuppressionDurationUnit:
+      type: string
+      enum:
+        - s
+        - m
+        - h
+
     AlertSuppressionDuration:
       type: object
       properties:
@@ -588,11 +595,7 @@ components:
           type: integer
           minimum: 1
         unit:
-          type: string
-          enum:
-            - s
-            - m
-            - h
+          $ref: '#/components/schemas/AlertSuppressionDurationUnit'
       required:
         - value
         - unit
diff --git a/x-pack/plugins/security_solution/common/api/endpoint/actions/action_log/deprecated_action_log.gen.ts b/x-pack/plugins/security_solution/common/api/endpoint/actions/action_log/deprecated_action_log.gen.ts
deleted file mode 100644
index fc04e3d3c6f06..0000000000000
--- a/x-pack/plugins/security_solution/common/api/endpoint/actions/action_log/deprecated_action_log.gen.ts
+++ /dev/null
@@ -1,27 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-/*
- * NOTICE: Do not edit this file manually.
- * This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator.
- *
- * info:
- *   title: Action Log Schema
- *   version: 2023-10-31
- */
-
-import { z } from '@kbn/zod';
-
-import { Page, PageSize, StartDate, EndDate } from '../../model/schema/common.gen';
-
-export type ActionLogRequestQuery = z.infer<typeof ActionLogRequestQuery>;
-export const ActionLogRequestQuery = z.object({
-  page: Page.optional(),
-  page_size: PageSize.optional(),
-  start_date: StartDate.optional(),
-  end_date: EndDate.optional(),
-});
diff --git a/x-pack/plugins/security_solution/common/api/endpoint/actions/action_log/deprecated_action_log.schema.yaml b/x-pack/plugins/security_solution/common/api/endpoint/actions/action_log/deprecated_action_log.schema.yaml
deleted file mode 100644
index 783fc4794f8bc..0000000000000
--- a/x-pack/plugins/security_solution/common/api/endpoint/actions/action_log/deprecated_action_log.schema.yaml
+++ /dev/null
@@ -1,45 +0,0 @@
-openapi: 3.0.0
-info:
-  title: Action Log Schema
-  version: '2023-10-31'
-paths:
-  /api/endpoint/action_log/{agent_id}:
-    get:
-      summary: Get an action request log
-      operationId: EndpointGetActionLog
-      description: Get an action request log for the specified agent ID.
-      deprecated: true
-      x-codegen-enabled: false
-      x-labels: [ess, serverless]
-      parameters:
-        - name: agent_id
-          in: path
-          required: true
-          schema:
-            $ref: '../../model/schema/common.schema.yaml#/components/schemas/AgentId'
-        - name: query
-          in: query
-          required: true
-          schema:
-            $ref: '#/components/schemas/ActionLogRequestQuery'
-      responses:
-        '200':
-          description: OK
-          content:
-            application/json:
-              schema:
-                $ref: '../../model/schema/common.schema.yaml#/components/schemas/SuccessResponse'
-
-components:
-  schemas:
-    ActionLogRequestQuery:
-      type: object
-      properties:
-        page:
-          $ref: '../../model/schema/common.schema.yaml#/components/schemas/Page'
-        page_size:
-          $ref: '../../model/schema/common.schema.yaml#/components/schemas/PageSize'
-        start_date:
-          $ref: '../../model/schema/common.schema.yaml#/components/schemas/StartDate'
-        end_date:
-          $ref: '../../model/schema/common.schema.yaml#/components/schemas/EndDate'
diff --git a/x-pack/plugins/security_solution/common/api/endpoint/actions/action_log/index.ts b/x-pack/plugins/security_solution/common/api/endpoint/actions/action_log/index.ts
index 61a6f0bcbd5c9..b07188d50ce61 100644
--- a/x-pack/plugins/security_solution/common/api/endpoint/actions/action_log/index.ts
+++ b/x-pack/plugins/security_solution/common/api/endpoint/actions/action_log/index.ts
@@ -6,4 +6,3 @@
  */
 
 export * from './action_log';
-export * from './deprecated_action_log.gen';
diff --git a/x-pack/plugins/security_solution/common/api/endpoint/actions/response_actions/isolate/deprecated_isolate.gen.ts b/x-pack/plugins/security_solution/common/api/endpoint/actions/response_actions/isolate/deprecated_isolate.gen.ts
deleted file mode 100644
index c9c13d22a788d..0000000000000
--- a/x-pack/plugins/security_solution/common/api/endpoint/actions/response_actions/isolate/deprecated_isolate.gen.ts
+++ /dev/null
@@ -1,28 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-/*
- * NOTICE: Do not edit this file manually.
- * This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator.
- *
- * info:
- *   title: Endpoint Isolate Schema
- *   version: 2023-10-31
- */
-
-import type { z } from '@kbn/zod';
-
-import { BaseActionSchema, SuccessResponse } from '../../../model/schema/common.gen';
-
-export type EndpointIsolateRedirectRequestBody = z.infer<typeof EndpointIsolateRedirectRequestBody>;
-export const EndpointIsolateRedirectRequestBody = BaseActionSchema;
-export type EndpointIsolateRedirectRequestBodyInput = z.input<
-  typeof EndpointIsolateRedirectRequestBody
->;
-
-export type EndpointIsolateRedirectResponse = z.infer<typeof EndpointIsolateRedirectResponse>;
-export const EndpointIsolateRedirectResponse = SuccessResponse;
diff --git a/x-pack/plugins/security_solution/common/api/endpoint/actions/response_actions/isolate/deprecated_isolate.schema.yaml b/x-pack/plugins/security_solution/common/api/endpoint/actions/response_actions/isolate/deprecated_isolate.schema.yaml
deleted file mode 100644
index 6b6b6c317265e..0000000000000
--- a/x-pack/plugins/security_solution/common/api/endpoint/actions/response_actions/isolate/deprecated_isolate.schema.yaml
+++ /dev/null
@@ -1,37 +0,0 @@
-openapi: 3.0.0
-info:
-  title: Endpoint Isolate Schema
-  version: '2023-10-31'
-paths:
-  /api/endpoint/isolate:
-    post:
-      summary: Isolate an endpoint
-      description: |
-        Isolate an endpoint from the network.
-        > info
-        > This URL will return a 308 permanent redirect to `POST <kibana host>:<port>/api/endpoint/action/isolate`.
-      operationId: EndpointIsolateRedirect
-      deprecated: true
-      x-codegen-enabled: true
-      x-labels: [ess]
-      requestBody:
-        required: true
-        content:
-          application/json:
-            schema:
-              $ref: '../../../model/schema/common.schema.yaml#/components/schemas/BaseActionSchema'
-      responses:
-        '308':
-          description: Permanent Redirect
-          headers:
-            Location:
-              description: Permanently redirects to "/api/endpoint/action/isolate"
-              schema:
-                type: string
-                example: "/api/endpoint/action/isolate"
-        '200':
-          description: OK
-          content:
-            application/json:
-              schema:
-                $ref: '../../../model/schema/common.schema.yaml#/components/schemas/SuccessResponse'
diff --git a/x-pack/plugins/security_solution/common/api/endpoint/actions/response_actions/unisolate/deprecated_unisolate.gen.ts b/x-pack/plugins/security_solution/common/api/endpoint/actions/response_actions/unisolate/deprecated_unisolate.gen.ts
deleted file mode 100644
index f5947ce17d438..0000000000000
--- a/x-pack/plugins/security_solution/common/api/endpoint/actions/response_actions/unisolate/deprecated_unisolate.gen.ts
+++ /dev/null
@@ -1,30 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-/*
- * NOTICE: Do not edit this file manually.
- * This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator.
- *
- * info:
- *   title: Endpoint Unisolate Schema
- *   version: 2023-10-31
- */
-
-import type { z } from '@kbn/zod';
-
-import { BaseActionSchema, SuccessResponse } from '../../../model/schema/common.gen';
-
-export type EndpointUnisolateRedirectRequestBody = z.infer<
-  typeof EndpointUnisolateRedirectRequestBody
->;
-export const EndpointUnisolateRedirectRequestBody = BaseActionSchema;
-export type EndpointUnisolateRedirectRequestBodyInput = z.input<
-  typeof EndpointUnisolateRedirectRequestBody
->;
-
-export type EndpointUnisolateRedirectResponse = z.infer<typeof EndpointUnisolateRedirectResponse>;
-export const EndpointUnisolateRedirectResponse = SuccessResponse;
diff --git a/x-pack/plugins/security_solution/common/api/endpoint/actions/response_actions/unisolate/deprecated_unisolate.schema.yaml b/x-pack/plugins/security_solution/common/api/endpoint/actions/response_actions/unisolate/deprecated_unisolate.schema.yaml
deleted file mode 100644
index f8504193cc060..0000000000000
--- a/x-pack/plugins/security_solution/common/api/endpoint/actions/response_actions/unisolate/deprecated_unisolate.schema.yaml
+++ /dev/null
@@ -1,37 +0,0 @@
-openapi: 3.0.0
-info:
-  title: Endpoint Unisolate Schema
-  version: '2023-10-31'
-paths:
-  /api/endpoint/unisolate:
-    post:
-      summary: Release an isolated endpoint
-      description: |
-        Release an isolated endpoint, allowing it to rejoin a network.
-        > info
-        > This URL will return a 308 permanent redirect to `POST <kibana host>:<port>/api/endpoint/action/unisolate`.
-      operationId: EndpointUnisolateRedirect
-      deprecated: true
-      x-codegen-enabled: true
-      x-labels: [ess]
-      requestBody:
-        required: true
-        content:
-          application/json:
-            schema:
-              $ref: '../../../model/schema/common.schema.yaml#/components/schemas/BaseActionSchema'
-      responses:
-        '308':
-          description: Permanent Redirect
-          headers:
-            Location:
-              description: Permanently redirects to "/api/endpoint/action/unisolate"
-              schema:
-                type: string
-                example: "/api/endpoint/action/unisolate"
-        '200':
-          description: OK
-          content:
-            application/json:
-              schema:
-                $ref: '../../../model/schema/common.schema.yaml#/components/schemas/SuccessResponse'
diff --git a/x-pack/plugins/security_solution/common/api/endpoint/actions/response_actions/unisolate/index.ts b/x-pack/plugins/security_solution/common/api/endpoint/actions/response_actions/unisolate/index.ts
index 46e542a8d1ef1..a21fc5321f8ca 100644
--- a/x-pack/plugins/security_solution/common/api/endpoint/actions/response_actions/unisolate/index.ts
+++ b/x-pack/plugins/security_solution/common/api/endpoint/actions/response_actions/unisolate/index.ts
@@ -7,4 +7,3 @@
 
 export * from './unisolate';
 export * from './unisolate.gen';
-export * from './deprecated_unisolate.gen';
diff --git a/x-pack/plugins/security_solution/common/api/endpoint/metadata/get_metadata.schema.yaml b/x-pack/plugins/security_solution/common/api/endpoint/metadata/get_metadata.schema.yaml
index 9bbcd11716513..2e0c2eba9b9bb 100644
--- a/x-pack/plugins/security_solution/common/api/endpoint/metadata/get_metadata.schema.yaml
+++ b/x-pack/plugins/security_solution/common/api/endpoint/metadata/get_metadata.schema.yaml
@@ -23,13 +23,13 @@ paths:
               schema:
                 $ref: '../model/schema/common.schema.yaml#/components/schemas/SuccessResponse'
 
-  /api/endpoint/metadata/transforms:
+  /internal/api/endpoint/metadata/transforms:
     get:
-      deprecated: true
       summary: Get metadata transforms
       operationId: GetEndpointMetadataTransform
       x-codegen-enabled: false
       x-labels: [ess, serverless]
+      x-internal: true
       responses:
         '200':
           description: OK
diff --git a/x-pack/plugins/security_solution/common/api/endpoint/policy/deprecated_agent_policy_summary.gen.ts b/x-pack/plugins/security_solution/common/api/endpoint/policy/deprecated_agent_policy_summary.gen.ts
deleted file mode 100644
index 8beed35ed9da5..0000000000000
--- a/x-pack/plugins/security_solution/common/api/endpoint/policy/deprecated_agent_policy_summary.gen.ts
+++ /dev/null
@@ -1,33 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-/*
- * NOTICE: Do not edit this file manually.
- * This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator.
- *
- * info:
- *   title: Endpoint Policy Schema
- *   version: 2023-10-31
- */
-
-import { z } from '@kbn/zod';
-
-import { SuccessResponse } from '../model/schema/common.gen';
-
-export type GetAgentPolicySummaryRequestQuery = z.infer<typeof GetAgentPolicySummaryRequestQuery>;
-export const GetAgentPolicySummaryRequestQuery = z.object({
-  query: z.object({
-    package_name: z.string().optional(),
-    policy_id: z.string().nullable().optional(),
-  }),
-});
-export type GetAgentPolicySummaryRequestQueryInput = z.input<
-  typeof GetAgentPolicySummaryRequestQuery
->;
-
-export type GetAgentPolicySummaryResponse = z.infer<typeof GetAgentPolicySummaryResponse>;
-export const GetAgentPolicySummaryResponse = SuccessResponse;
diff --git a/x-pack/plugins/security_solution/common/api/endpoint/policy/deprecated_agent_policy_summary.schema.yaml b/x-pack/plugins/security_solution/common/api/endpoint/policy/deprecated_agent_policy_summary.schema.yaml
deleted file mode 100644
index 4850a0010d27b..0000000000000
--- a/x-pack/plugins/security_solution/common/api/endpoint/policy/deprecated_agent_policy_summary.schema.yaml
+++ /dev/null
@@ -1,32 +0,0 @@
-openapi: 3.0.0
-info:
-  title: Endpoint Policy Schema
-  version: '2023-10-31'
-paths:
-  /api/endpoint/policy/summaries:
-    get:
-      summary: Get an agent policy summary
-      operationId: GetAgentPolicySummary
-      deprecated: true
-      x-codegen-enabled: true
-      x-labels: [ess, serverless]
-      parameters:
-        - name: query
-          in: query
-          required: true
-          schema:
-            type: object
-            properties:
-              package_name:
-                type: string
-              policy_id:
-                type: string
-                nullable: true
-
-      responses:
-        '200':
-          description: OK
-          content:
-            application/json:
-              schema:
-                $ref: '../model/schema/common.schema.yaml#/components/schemas/SuccessResponse'
diff --git a/x-pack/plugins/security_solution/common/api/endpoint/policy/index.ts b/x-pack/plugins/security_solution/common/api/endpoint/policy/index.ts
index e27dc83a3b993..8df8641ee89af 100644
--- a/x-pack/plugins/security_solution/common/api/endpoint/policy/index.ts
+++ b/x-pack/plugins/security_solution/common/api/endpoint/policy/index.ts
@@ -6,6 +6,4 @@
  */
 
 export * from './policy_response';
-export * from './deprecated_agent_policy_summary';
 export * from './policy_response.gen';
-export * from './deprecated_agent_policy_summary.gen';
diff --git a/x-pack/plugins/security_solution/common/api/endpoint/suggestions/get_suggestions.schema.yaml b/x-pack/plugins/security_solution/common/api/endpoint/suggestions/get_suggestions.schema.yaml
index 08006d91045ff..4dfb4801aa166 100644
--- a/x-pack/plugins/security_solution/common/api/endpoint/suggestions/get_suggestions.schema.yaml
+++ b/x-pack/plugins/security_solution/common/api/endpoint/suggestions/get_suggestions.schema.yaml
@@ -3,13 +3,13 @@ info:
   title: Get Suggestions Schema
   version: '2023-10-31'
 paths:
-  /api/endpoint/suggestions/{suggestion_type}:
+  /internal/api/endpoint/suggestions/{suggestion_type}:
     post:
-      deprecated: true
       summary: Get suggestions
       operationId: GetEndpointSuggestions
       x-codegen-enabled: true
       x-labels: [ess, serverless]
+      x-internal: true
       requestBody:
         required: true
         content:
diff --git a/x-pack/plugins/security_solution/common/api/quickstart_client.gen.ts b/x-pack/plugins/security_solution/common/api/quickstart_client.gen.ts
index 8ad3dfbf451c7..2eaa85dbbd145 100644
--- a/x-pack/plugins/security_solution/common/api/quickstart_client.gen.ts
+++ b/x-pack/plugins/security_solution/common/api/quickstart_client.gen.ts
@@ -152,10 +152,6 @@ import type {
   EndpointGetFileActionRequestBodyInput,
   EndpointGetFileActionResponse,
 } from './endpoint/actions/response_actions/get_file/get_file.gen';
-import type {
-  EndpointIsolateRedirectRequestBodyInput,
-  EndpointIsolateRedirectResponse,
-} from './endpoint/actions/response_actions/isolate/deprecated_isolate.gen';
 import type {
   EndpointIsolateActionRequestBodyInput,
   EndpointIsolateActionResponse,
@@ -176,10 +172,6 @@ import type {
   EndpointSuspendProcessActionRequestBodyInput,
   EndpointSuspendProcessActionResponse,
 } from './endpoint/actions/response_actions/suspend_process/suspend_process.gen';
-import type {
-  EndpointUnisolateRedirectRequestBodyInput,
-  EndpointUnisolateRedirectResponse,
-} from './endpoint/actions/response_actions/unisolate/deprecated_unisolate.gen';
 import type {
   EndpointUnisolateActionRequestBodyInput,
   EndpointUnisolateActionResponse,
@@ -197,10 +189,6 @@ import type {
   GetEndpointMetadataListRequestQueryInput,
   GetEndpointMetadataListResponse,
 } from './endpoint/metadata/get_metadata.gen';
-import type {
-  GetAgentPolicySummaryRequestQueryInput,
-  GetAgentPolicySummaryResponse,
-} from './endpoint/policy/deprecated_agent_policy_summary.gen';
 import type {
   GetPolicyResponseRequestQueryInput,
   GetPolicyResponseResponse,
@@ -1011,25 +999,6 @@ If a record already exists for the specified entity, that record is overwritten
       })
       .catch(catchAxiosErrorFormatAndThrow);
   }
-  /**
-    * Isolate an endpoint from the network.
-> info
-> This URL will return a 308 permanent redirect to `POST <kibana host>:<port>/api/endpoint/action/isolate`.
-
-    */
-  async endpointIsolateRedirect(props: EndpointIsolateRedirectProps) {
-    this.log.info(`${new Date().toISOString()} Calling API EndpointIsolateRedirect`);
-    return this.kbnClient
-      .request<EndpointIsolateRedirectResponse>({
-        path: '/api/endpoint/isolate',
-        headers: {
-          [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31',
-        },
-        method: 'POST',
-        body: props.body,
-      })
-      .catch(catchAxiosErrorFormatAndThrow);
-  }
   /**
    * Terminate a running process on an endpoint.
    */
@@ -1094,25 +1063,6 @@ If a record already exists for the specified entity, that record is overwritten
       })
       .catch(catchAxiosErrorFormatAndThrow);
   }
-  /**
-    * Release an isolated endpoint, allowing it to rejoin a network.
-> info
-> This URL will return a 308 permanent redirect to `POST <kibana host>:<port>/api/endpoint/action/unisolate`.
-
-    */
-  async endpointUnisolateRedirect(props: EndpointUnisolateRedirectProps) {
-    this.log.info(`${new Date().toISOString()} Calling API EndpointUnisolateRedirect`);
-    return this.kbnClient
-      .request<EndpointUnisolateRedirectResponse>({
-        path: '/api/endpoint/unisolate',
-        headers: {
-          [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31',
-        },
-        method: 'POST',
-        body: props.body,
-      })
-      .catch(catchAxiosErrorFormatAndThrow);
-  }
   /**
    * Upload a file to an endpoint.
    */
@@ -1233,20 +1183,6 @@ finalize it.
       })
       .catch(catchAxiosErrorFormatAndThrow);
   }
-  async getAgentPolicySummary(props: GetAgentPolicySummaryProps) {
-    this.log.info(`${new Date().toISOString()} Calling API GetAgentPolicySummary`);
-    return this.kbnClient
-      .request<GetAgentPolicySummaryResponse>({
-        path: '/api/endpoint/policy/summaries',
-        headers: {
-          [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31',
-        },
-        method: 'GET',
-
-        query: props.query,
-      })
-      .catch(catchAxiosErrorFormatAndThrow);
-  }
   /**
    * Retrieves the rule migrations stats for all migrations stored in the system
    */
@@ -1326,7 +1262,7 @@ finalize it.
     this.log.info(`${new Date().toISOString()} Calling API GetEndpointSuggestions`);
     return this.kbnClient
       .request<GetEndpointSuggestionsResponse>({
-        path: replaceParams('/api/endpoint/suggestions/{suggestion_type}', props.params),
+        path: replaceParams('/internal/api/endpoint/suggestions/{suggestion_type}', props.params),
         headers: {
           [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31',
         },
@@ -2214,9 +2150,6 @@ export interface EndpointGetProcessesActionProps {
 export interface EndpointIsolateActionProps {
   body: EndpointIsolateActionRequestBodyInput;
 }
-export interface EndpointIsolateRedirectProps {
-  body: EndpointIsolateRedirectRequestBodyInput;
-}
 export interface EndpointKillProcessActionProps {
   body: EndpointKillProcessActionRequestBodyInput;
 }
@@ -2229,9 +2162,6 @@ export interface EndpointSuspendProcessActionProps {
 export interface EndpointUnisolateActionProps {
   body: EndpointUnisolateActionRequestBodyInput;
 }
-export interface EndpointUnisolateRedirectProps {
-  body: EndpointUnisolateRedirectRequestBodyInput;
-}
 export interface EndpointUploadActionProps {
   body: EndpointUploadActionRequestBodyInput;
 }
@@ -2252,9 +2182,6 @@ export interface FindAssetCriticalityRecordsProps {
 export interface FindRulesProps {
   query: FindRulesRequestQueryInput;
 }
-export interface GetAgentPolicySummaryProps {
-  query: GetAgentPolicySummaryRequestQueryInput;
-}
 export interface GetAssetCriticalityRecordProps {
   query: GetAssetCriticalityRecordRequestQueryInput;
 }
diff --git a/x-pack/plugins/security_solution/common/endpoint/constants.ts b/x-pack/plugins/security_solution/common/endpoint/constants.ts
index 19aa53eca6649..0ab749735d06c 100644
--- a/x-pack/plugins/security_solution/common/endpoint/constants.ts
+++ b/x-pack/plugins/security_solution/common/endpoint/constants.ts
@@ -70,30 +70,19 @@ export const BASE_INTERNAL_ENDPOINT_ROUTE = `/internal${BASE_ENDPOINT_ROUTE}`;
 export const HOST_METADATA_LIST_ROUTE = `${BASE_ENDPOINT_ROUTE}/metadata`;
 export const HOST_METADATA_GET_ROUTE = `${HOST_METADATA_LIST_ROUTE}/{id}`;
 
-/** @deprecated public route, use {@link METADATA_TRANSFORMS_STATUS_INTERNAL_ROUTE} internal route  */
-export const METADATA_TRANSFORMS_STATUS_ROUTE = `${BASE_ENDPOINT_ROUTE}/metadata/transforms`;
-
 export const METADATA_TRANSFORMS_STATUS_INTERNAL_ROUTE = `${BASE_INTERNAL_ENDPOINT_ROUTE}/metadata/transforms`;
 
 export const BASE_POLICY_RESPONSE_ROUTE = `${BASE_ENDPOINT_ROUTE}/policy_response`;
 export const BASE_POLICY_ROUTE = `${BASE_ENDPOINT_ROUTE}/policy`;
-export const AGENT_POLICY_SUMMARY_ROUTE = `${BASE_POLICY_ROUTE}/summaries`;
 export const PROTECTION_UPDATES_NOTE_ROUTE = `${BASE_ENDPOINT_ROUTE}/protection_updates_note/{package_policy_id}`;
 
 /** Suggestions routes */
-/** @deprecated public route, use {@link SUGGESTIONS_INTERNAL_ROUTE} internal route  */
-export const SUGGESTIONS_ROUTE = `${BASE_ENDPOINT_ROUTE}/suggestions/{suggestion_type}`;
 export const SUGGESTIONS_INTERNAL_ROUTE = `${BASE_INTERNAL_ENDPOINT_ROUTE}/suggestions/{suggestion_type}`;
 
 /**
  * Action Response Routes
  */
 
-/** @deprecated use `ISOLATE_HOST_ROUTE_V2` instead */
-export const ISOLATE_HOST_ROUTE = `${BASE_ENDPOINT_ROUTE}/isolate`;
-/** @deprecated use `ISOLATE_HOST_ROUTE_V2` instead */
-export const UNISOLATE_HOST_ROUTE = `${BASE_ENDPOINT_ROUTE}/unisolate`;
-
 /** Base Actions route. Used to get a list of all actions and is root to other action related routes */
 export const BASE_ENDPOINT_ACTION_ROUTE = `${BASE_ENDPOINT_ROUTE}/action`;
 
diff --git a/x-pack/plugins/security_solution/common/endpoint/types/index.ts b/x-pack/plugins/security_solution/common/endpoint/types/index.ts
index 2eaae4705e04d..d21b20795b1e3 100644
--- a/x-pack/plugins/security_solution/common/endpoint/types/index.ts
+++ b/x-pack/plugins/security_solution/common/endpoint/types/index.ts
@@ -1332,17 +1332,6 @@ export interface GetHostPolicyResponse {
   policy_response: HostPolicyResponse;
 }
 
-/**
- * REST API response for retrieving agent summary
- */
-export interface GetAgentSummaryResponse {
-  summary_response: {
-    package: string;
-    policy_id?: string;
-    versions_count: { [key: string]: number };
-  };
-}
-
 /**
  * REST API response for retrieving exception summary
  */
diff --git a/x-pack/plugins/security_solution/common/experimental_features.ts b/x-pack/plugins/security_solution/common/experimental_features.ts
index 892b0a0226639..dc6495e1d9737 100644
--- a/x-pack/plugins/security_solution/common/experimental_features.ts
+++ b/x-pack/plugins/security_solution/common/experimental_features.ts
@@ -108,11 +108,6 @@ export const allowedExperimentalValues = Object.freeze({
    */
   assistantModelEvaluation: false,
 
-  /**
-   * Enables new Knowledge Base Entries features, introduced in `8.15.0`.
-   */
-  assistantKnowledgeBaseByDefault: true,
-
   /**
    * Enables the Managed User section inside the new user details flyout.
    */
diff --git a/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_detections_api_2023_10_31.bundled.schema.yaml b/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_detections_api_2023_10_31.bundled.schema.yaml
index ebd4c93280090..7e8d7a61bff2c 100644
--- a/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_detections_api_2023_10_31.bundled.schema.yaml
+++ b/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_detections_api_2023_10_31.bundled.schema.yaml
@@ -1560,17 +1560,19 @@ components:
       type: object
       properties:
         unit:
-          enum:
-            - s
-            - m
-            - h
-          type: string
+          $ref: '#/components/schemas/AlertSuppressionDurationUnit'
         value:
           minimum: 1
           type: integer
       required:
         - value
         - unit
+    AlertSuppressionDurationUnit:
+      enum:
+        - s
+        - m
+        - h
+      type: string
     AlertSuppressionGroupBy:
       items:
         type: string
diff --git a/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_endpoint_management_api_2023_10_31.bundled.schema.yaml b/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_endpoint_management_api_2023_10_31.bundled.schema.yaml
index 60ac76e240fa4..585dec4f3074d 100644
--- a/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_endpoint_management_api_2023_10_31.bundled.schema.yaml
+++ b/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_endpoint_management_api_2023_10_31.bundled.schema.yaml
@@ -31,32 +31,6 @@ paths:
       summary: Get response actions
       tags:
         - Security Endpoint Management API
-  /api/endpoint/action_log/{agent_id}:
-    get:
-      deprecated: true
-      description: Get an action request log for the specified agent ID.
-      operationId: EndpointGetActionLog
-      parameters:
-        - in: path
-          name: agent_id
-          required: true
-          schema:
-            $ref: '#/components/schemas/AgentId'
-        - in: query
-          name: query
-          required: true
-          schema:
-            $ref: '#/components/schemas/ActionLogRequestQuery'
-      responses:
-        '200':
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/SuccessResponse'
-          description: OK
-      summary: Get an action request log
-      tags:
-        - Security Endpoint Management API
   /api/endpoint/action_status:
     get:
       description: Get the status of response actions for the specified agent IDs.
@@ -348,56 +322,6 @@ paths:
       summary: Upload a file
       tags:
         - Security Endpoint Management API
-  /api/endpoint/isolate:
-    post:
-      deprecated: true
-      description: >
-        Isolate an endpoint from the network.
-
-        > info
-
-        > This URL will return a 308 permanent redirect to `POST <kibana
-        host>:<port>/api/endpoint/action/isolate`.
-      operationId: EndpointIsolateRedirect
-      requestBody:
-        content:
-          application/json:
-            schema:
-              type: object
-              properties:
-                agent_type:
-                  $ref: '#/components/schemas/AgentTypes'
-                alert_ids:
-                  $ref: '#/components/schemas/AlertIds'
-                case_ids:
-                  $ref: '#/components/schemas/CaseIds'
-                comment:
-                  $ref: '#/components/schemas/Comment'
-                endpoint_ids:
-                  $ref: '#/components/schemas/EndpointIds'
-                parameters:
-                  $ref: '#/components/schemas/Parameters'
-              required:
-                - endpoint_ids
-        required: true
-      responses:
-        '200':
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/SuccessResponse'
-          description: OK
-        '308':
-          description: Permanent Redirect
-          headers:
-            Location:
-              description: Permanently redirects to "/api/endpoint/action/isolate"
-              schema:
-                example: /api/endpoint/action/isolate
-                type: string
-      summary: Isolate an endpoint
-      tags:
-        - Security Endpoint Management API
   /api/endpoint/metadata:
     get:
       operationId: GetEndpointMetadataList
@@ -436,20 +360,6 @@ paths:
       summary: Get metadata
       tags:
         - Security Endpoint Management API
-  /api/endpoint/metadata/transforms:
-    get:
-      deprecated: true
-      operationId: GetEndpointMetadataTransform
-      responses:
-        '200':
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/SuccessResponse'
-          description: OK
-      summary: Get metadata transforms
-      tags:
-        - Security Endpoint Management API
   /api/endpoint/policy_response:
     get:
       operationId: GetPolicyResponse
@@ -472,32 +382,6 @@ paths:
       summary: Get a policy response
       tags:
         - Security Endpoint Management API
-  /api/endpoint/policy/summaries:
-    get:
-      deprecated: true
-      operationId: GetAgentPolicySummary
-      parameters:
-        - in: query
-          name: query
-          required: true
-          schema:
-            type: object
-            properties:
-              package_name:
-                type: string
-              policy_id:
-                nullable: true
-                type: string
-      responses:
-        '200':
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/SuccessResponse'
-          description: OK
-      summary: Get an agent policy summary
-      tags:
-        - Security Endpoint Management API
   /api/endpoint/protection_updates_note/{package_policy_id}:
     get:
       operationId: GetProtectionUpdatesNote
@@ -544,106 +428,8 @@ paths:
       summary: Create or update a protection updates note
       tags:
         - Security Endpoint Management API
-  /api/endpoint/suggestions/{suggestion_type}:
-    post:
-      deprecated: true
-      operationId: GetEndpointSuggestions
-      parameters:
-        - in: path
-          name: suggestion_type
-          required: true
-          schema:
-            enum:
-              - eventFilters
-            type: string
-      requestBody:
-        content:
-          application/json:
-            schema:
-              type: object
-              properties:
-                field:
-                  type: string
-                fieldMeta: {}
-                filters: {}
-                query:
-                  type: string
-              required:
-                - parameters
-        required: true
-      responses:
-        '200':
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/SuccessResponse'
-          description: OK
-      summary: Get suggestions
-      tags:
-        - Security Endpoint Management API
-  /api/endpoint/unisolate:
-    post:
-      deprecated: true
-      description: >
-        Release an isolated endpoint, allowing it to rejoin a network.
-
-        > info
-
-        > This URL will return a 308 permanent redirect to `POST <kibana
-        host>:<port>/api/endpoint/action/unisolate`.
-      operationId: EndpointUnisolateRedirect
-      requestBody:
-        content:
-          application/json:
-            schema:
-              type: object
-              properties:
-                agent_type:
-                  $ref: '#/components/schemas/AgentTypes'
-                alert_ids:
-                  $ref: '#/components/schemas/AlertIds'
-                case_ids:
-                  $ref: '#/components/schemas/CaseIds'
-                comment:
-                  $ref: '#/components/schemas/Comment'
-                endpoint_ids:
-                  $ref: '#/components/schemas/EndpointIds'
-                parameters:
-                  $ref: '#/components/schemas/Parameters'
-              required:
-                - endpoint_ids
-        required: true
-      responses:
-        '200':
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/SuccessResponse'
-          description: OK
-        '308':
-          description: Permanent Redirect
-          headers:
-            Location:
-              description: Permanently redirects to "/api/endpoint/action/unisolate"
-              schema:
-                example: /api/endpoint/action/unisolate
-                type: string
-      summary: Release an isolated endpoint
-      tags:
-        - Security Endpoint Management API
 components:
   schemas:
-    ActionLogRequestQuery:
-      type: object
-      properties:
-        end_date:
-          $ref: '#/components/schemas/EndDate'
-        page:
-          $ref: '#/components/schemas/Page'
-        page_size:
-          $ref: '#/components/schemas/PageSize'
-        start_date:
-          $ref: '#/components/schemas/StartDate'
     ActionStateSuccessResponse:
       type: object
       properties:
@@ -951,12 +737,6 @@ components:
       description: Page number
       minimum: 1
       type: integer
-    PageSize:
-      default: 10
-      description: Number of items per page
-      maximum: 100
-      minimum: 1
-      type: integer
     Parameters:
       description: Optional parameters object
       type: object
diff --git a/x-pack/plugins/security_solution/docs/openapi/serverless/security_solution_detections_api_2023_10_31.bundled.schema.yaml b/x-pack/plugins/security_solution/docs/openapi/serverless/security_solution_detections_api_2023_10_31.bundled.schema.yaml
index 30a7ae3ea343e..58456e71140a0 100644
--- a/x-pack/plugins/security_solution/docs/openapi/serverless/security_solution_detections_api_2023_10_31.bundled.schema.yaml
+++ b/x-pack/plugins/security_solution/docs/openapi/serverless/security_solution_detections_api_2023_10_31.bundled.schema.yaml
@@ -850,17 +850,19 @@ components:
       type: object
       properties:
         unit:
-          enum:
-            - s
-            - m
-            - h
-          type: string
+          $ref: '#/components/schemas/AlertSuppressionDurationUnit'
         value:
           minimum: 1
           type: integer
       required:
         - value
         - unit
+    AlertSuppressionDurationUnit:
+      enum:
+        - s
+        - m
+        - h
+      type: string
     AlertSuppressionGroupBy:
       items:
         type: string
diff --git a/x-pack/plugins/security_solution/docs/openapi/serverless/security_solution_endpoint_management_api_2023_10_31.bundled.schema.yaml b/x-pack/plugins/security_solution/docs/openapi/serverless/security_solution_endpoint_management_api_2023_10_31.bundled.schema.yaml
index 7bd94b9c8227c..ded6f6558b017 100644
--- a/x-pack/plugins/security_solution/docs/openapi/serverless/security_solution_endpoint_management_api_2023_10_31.bundled.schema.yaml
+++ b/x-pack/plugins/security_solution/docs/openapi/serverless/security_solution_endpoint_management_api_2023_10_31.bundled.schema.yaml
@@ -31,32 +31,6 @@ paths:
       summary: Get response actions
       tags:
         - Security Endpoint Management API
-  /api/endpoint/action_log/{agent_id}:
-    get:
-      deprecated: true
-      description: Get an action request log for the specified agent ID.
-      operationId: EndpointGetActionLog
-      parameters:
-        - in: path
-          name: agent_id
-          required: true
-          schema:
-            $ref: '#/components/schemas/AgentId'
-        - in: query
-          name: query
-          required: true
-          schema:
-            $ref: '#/components/schemas/ActionLogRequestQuery'
-      responses:
-        '200':
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/SuccessResponse'
-          description: OK
-      summary: Get an action request log
-      tags:
-        - Security Endpoint Management API
   /api/endpoint/action_status:
     get:
       description: Get the status of response actions for the specified agent IDs.
@@ -386,20 +360,6 @@ paths:
       summary: Get metadata
       tags:
         - Security Endpoint Management API
-  /api/endpoint/metadata/transforms:
-    get:
-      deprecated: true
-      operationId: GetEndpointMetadataTransform
-      responses:
-        '200':
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/SuccessResponse'
-          description: OK
-      summary: Get metadata transforms
-      tags:
-        - Security Endpoint Management API
   /api/endpoint/policy_response:
     get:
       operationId: GetPolicyResponse
@@ -422,32 +382,6 @@ paths:
       summary: Get a policy response
       tags:
         - Security Endpoint Management API
-  /api/endpoint/policy/summaries:
-    get:
-      deprecated: true
-      operationId: GetAgentPolicySummary
-      parameters:
-        - in: query
-          name: query
-          required: true
-          schema:
-            type: object
-            properties:
-              package_name:
-                type: string
-              policy_id:
-                nullable: true
-                type: string
-      responses:
-        '200':
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/SuccessResponse'
-          description: OK
-      summary: Get an agent policy summary
-      tags:
-        - Security Endpoint Management API
   /api/endpoint/protection_updates_note/{package_policy_id}:
     get:
       operationId: GetProtectionUpdatesNote
@@ -494,56 +428,8 @@ paths:
       summary: Create or update a protection updates note
       tags:
         - Security Endpoint Management API
-  /api/endpoint/suggestions/{suggestion_type}:
-    post:
-      deprecated: true
-      operationId: GetEndpointSuggestions
-      parameters:
-        - in: path
-          name: suggestion_type
-          required: true
-          schema:
-            enum:
-              - eventFilters
-            type: string
-      requestBody:
-        content:
-          application/json:
-            schema:
-              type: object
-              properties:
-                field:
-                  type: string
-                fieldMeta: {}
-                filters: {}
-                query:
-                  type: string
-              required:
-                - parameters
-        required: true
-      responses:
-        '200':
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/SuccessResponse'
-          description: OK
-      summary: Get suggestions
-      tags:
-        - Security Endpoint Management API
 components:
   schemas:
-    ActionLogRequestQuery:
-      type: object
-      properties:
-        end_date:
-          $ref: '#/components/schemas/EndDate'
-        page:
-          $ref: '#/components/schemas/Page'
-        page_size:
-          $ref: '#/components/schemas/PageSize'
-        start_date:
-          $ref: '#/components/schemas/StartDate'
     ActionStateSuccessResponse:
       type: object
       properties:
@@ -851,12 +737,6 @@ components:
       description: Page number
       minimum: 1
       type: integer
-    PageSize:
-      default: 10
-      description: Number of items per page
-      maximum: 100
-      minimum: 1
-      type: integer
     Parameters:
       description: Optional parameters object
       type: object
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/pages/empty_states/helpers/show_empty_states/index.test.ts b/x-pack/plugins/security_solution/public/attack_discovery/pages/empty_states/helpers/show_empty_states/index.test.ts
new file mode 100644
index 0000000000000..0211dc8d51eba
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/attack_discovery/pages/empty_states/helpers/show_empty_states/index.test.ts
@@ -0,0 +1,87 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { showEmptyStates } from '.';
+import {
+  showEmptyPrompt,
+  showFailurePrompt,
+  showNoAlertsPrompt,
+  showWelcomePrompt,
+} from '../../../helpers';
+
+jest.mock('../../../helpers', () => ({
+  showEmptyPrompt: jest.fn().mockReturnValue(false),
+  showFailurePrompt: jest.fn().mockReturnValue(false),
+  showNoAlertsPrompt: jest.fn().mockReturnValue(false),
+  showWelcomePrompt: jest.fn().mockReturnValue(false),
+}));
+
+const defaultArgs = {
+  aiConnectorsCount: 0,
+  alertsContextCount: 0,
+  attackDiscoveriesCount: 0,
+  connectorId: undefined,
+  failureReason: null,
+  isLoading: false,
+};
+
+describe('showEmptyStates', () => {
+  beforeEach(() => {
+    jest.clearAllMocks();
+  });
+
+  it('returns true if showWelcomePrompt returns true', () => {
+    (showWelcomePrompt as jest.Mock).mockReturnValue(true);
+
+    const result = showEmptyStates({
+      ...defaultArgs,
+    });
+    expect(result).toBe(true);
+  });
+
+  it('returns true if showFailurePrompt returns true', () => {
+    (showFailurePrompt as jest.Mock).mockReturnValue(true);
+
+    const result = showEmptyStates({
+      ...defaultArgs,
+      connectorId: 'test',
+      failureReason: 'error',
+    });
+    expect(result).toBe(true);
+  });
+
+  it('returns true if showNoAlertsPrompt returns true', () => {
+    (showNoAlertsPrompt as jest.Mock).mockReturnValue(true);
+
+    const result = showEmptyStates({
+      ...defaultArgs,
+      connectorId: 'test',
+    });
+    expect(result).toBe(true);
+  });
+
+  it('returns true if showEmptyPrompt returns true', () => {
+    (showEmptyPrompt as jest.Mock).mockReturnValue(true);
+
+    const result = showEmptyStates({
+      ...defaultArgs,
+    });
+    expect(result).toBe(true);
+  });
+
+  it('returns false if all prompts return false', () => {
+    (showWelcomePrompt as jest.Mock).mockReturnValue(false);
+    (showFailurePrompt as jest.Mock).mockReturnValue(false);
+    (showNoAlertsPrompt as jest.Mock).mockReturnValue(false);
+    (showEmptyPrompt as jest.Mock).mockReturnValue(false);
+
+    const result = showEmptyStates({
+      ...defaultArgs,
+    });
+    expect(result).toBe(false);
+  });
+});
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/pages/generate/index.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/pages/generate/index.test.tsx
new file mode 100644
index 0000000000000..e818d1c4140f6
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/attack_discovery/pages/generate/index.test.tsx
@@ -0,0 +1,46 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { fireEvent, render, screen, waitFor } from '@testing-library/react';
+import React from 'react';
+
+import { Generate } from '.';
+import * as i18n from '../empty_prompt/translations';
+
+describe('Generate Component', () => {
+  it('calls onGenerate when the button is clicked', () => {
+    const onGenerate = jest.fn();
+
+    render(<Generate isLoading={false} onGenerate={onGenerate} />);
+
+    fireEvent.click(screen.getByTestId('generate'));
+
+    expect(onGenerate).toHaveBeenCalled();
+  });
+
+  it('disables the generate button when isLoading is true', () => {
+    render(<Generate isLoading={true} onGenerate={jest.fn()} />);
+
+    expect(screen.getByTestId('generate')).toBeDisabled();
+  });
+
+  it('disables the generate button when isDisabled is true', () => {
+    render(<Generate isLoading={false} isDisabled={true} onGenerate={jest.fn()} />);
+
+    expect(screen.getByTestId('generate')).toBeDisabled();
+  });
+
+  it('shows tooltip content when the button is disabled', async () => {
+    render(<Generate isLoading={false} isDisabled={true} onGenerate={jest.fn()} />);
+
+    fireEvent.mouseOver(screen.getByTestId('generate'));
+
+    await waitFor(() => {
+      expect(screen.getByText(i18n.SELECT_A_CONNECTOR)).toBeInTheDocument();
+    });
+  });
+});
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/pages/header/settings_modal/alerts_settings/index.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/pages/header/settings_modal/alerts_settings/index.test.tsx
new file mode 100644
index 0000000000000..958c9094fabf3
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/attack_discovery/pages/header/settings_modal/alerts_settings/index.test.tsx
@@ -0,0 +1,39 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { render, screen, fireEvent } from '@testing-library/react';
+import React from 'react';
+
+import { AlertsSettings, MAX_ALERTS } from '.';
+
+const maxAlerts = '150';
+
+const setMaxAlerts = jest.fn();
+
+describe('AlertsSettings', () => {
+  it('calls setMaxAlerts when the alerts range changes', () => {
+    render(<AlertsSettings maxAlerts={maxAlerts} setMaxAlerts={setMaxAlerts} />);
+
+    fireEvent.click(screen.getByText(`${MAX_ALERTS}`));
+
+    expect(setMaxAlerts).toHaveBeenCalledWith(`${MAX_ALERTS}`);
+  });
+
+  it('displays the correct maxAlerts value', () => {
+    render(<AlertsSettings maxAlerts={maxAlerts} setMaxAlerts={setMaxAlerts} />);
+
+    expect(screen.getByTestId('alertsRange')).toHaveValue(maxAlerts);
+  });
+
+  it('displays the expected text for anonymization settings', () => {
+    render(<AlertsSettings maxAlerts={maxAlerts} setMaxAlerts={setMaxAlerts} />);
+
+    expect(screen.getByTestId('latestAndRiskiest')).toHaveTextContent(
+      'Send Attack discovery information about your 150 newest and riskiest open or acknowledged alerts.'
+    );
+  });
+});
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/pages/header/settings_modal/alerts_settings/index.tsx b/x-pack/plugins/security_solution/public/attack_discovery/pages/header/settings_modal/alerts_settings/index.tsx
index b51a1fc3f85c8..336da549f55ea 100644
--- a/x-pack/plugins/security_solution/public/attack_discovery/pages/header/settings_modal/alerts_settings/index.tsx
+++ b/x-pack/plugins/security_solution/public/attack_discovery/pages/header/settings_modal/alerts_settings/index.tsx
@@ -51,7 +51,9 @@ const AlertsSettingsComponent: React.FC<Props> = ({ maxAlerts, setMaxAlerts }) =
 
           <EuiFlexItem grow={true}>
             <EuiText color="subdued" size="xs">
-              <span>{i18n.LATEST_AND_RISKIEST_OPEN_ALERTS(Number(maxAlerts))}</span>
+              <span data-test-subj="latestAndRiskiest">
+                {i18n.LATEST_AND_RISKIEST_OPEN_ALERTS(Number(maxAlerts))}
+              </span>
             </EuiText>
           </EuiFlexItem>
 
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/pages/header/settings_modal/footer/index.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/pages/header/settings_modal/footer/index.test.tsx
new file mode 100644
index 0000000000000..e487304c41350
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/attack_discovery/pages/header/settings_modal/footer/index.test.tsx
@@ -0,0 +1,42 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React from 'react';
+import { fireEvent, render, screen } from '@testing-library/react';
+
+import { Footer } from '.';
+
+describe('Footer', () => {
+  const closeModal = jest.fn();
+  const onReset = jest.fn();
+  const onSave = jest.fn();
+
+  beforeEach(() => jest.clearAllMocks());
+
+  it('calls onReset when the reset button is clicked', () => {
+    render(<Footer closeModal={closeModal} onReset={onReset} onSave={onSave} />);
+
+    fireEvent.click(screen.getByTestId('reset'));
+
+    expect(onReset).toHaveBeenCalled();
+  });
+
+  it('calls closeModal when the cancel button is clicked', () => {
+    render(<Footer closeModal={closeModal} onReset={onReset} onSave={onSave} />);
+
+    fireEvent.click(screen.getByTestId('cancel'));
+
+    expect(closeModal).toHaveBeenCalled();
+  });
+
+  it('calls onSave when the save button is clicked', () => {
+    render(<Footer closeModal={closeModal} onReset={onReset} onSave={onSave} />);
+    fireEvent.click(screen.getByTestId('save'));
+
+    expect(onSave).toHaveBeenCalled();
+  });
+});
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/pages/header/settings_modal/footer/index.tsx b/x-pack/plugins/security_solution/public/attack_discovery/pages/header/settings_modal/footer/index.tsx
index 0066376a0e198..4acbd4d98990f 100644
--- a/x-pack/plugins/security_solution/public/attack_discovery/pages/header/settings_modal/footer/index.tsx
+++ b/x-pack/plugins/security_solution/public/attack_discovery/pages/header/settings_modal/footer/index.tsx
@@ -23,7 +23,7 @@ const FooterComponent: React.FC<Props> = ({ closeModal, onReset, onSave }) => {
   return (
     <EuiFlexGroup alignItems="center" gutterSize="none" justifyContent="spaceBetween">
       <EuiFlexItem grow={false}>
-        <EuiButtonEmpty data-test-sub="reset" flush="both" onClick={onReset} size="s">
+        <EuiButtonEmpty data-test-subj="reset" flush="both" onClick={onReset} size="s">
           {i18n.RESET}
         </EuiButtonEmpty>
       </EuiFlexItem>
@@ -36,13 +36,13 @@ const FooterComponent: React.FC<Props> = ({ closeModal, onReset, onSave }) => {
             `}
             grow={false}
           >
-            <EuiButtonEmpty data-test-sub="cancel" onClick={closeModal} size="s">
+            <EuiButtonEmpty data-test-subj="cancel" onClick={closeModal} size="s">
               {i18n.CANCEL}
             </EuiButtonEmpty>
           </EuiFlexItem>
 
           <EuiFlexItem grow={false}>
-            <EuiButton data-test-sub="save" fill onClick={onSave} size="s">
+            <EuiButton data-test-subj="save" fill onClick={onSave} size="s">
               {i18n.SAVE}
             </EuiButton>
           </EuiFlexItem>
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/pages/header/settings_modal/index.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/pages/header/settings_modal/index.test.tsx
new file mode 100644
index 0000000000000..d1d7fc9c603cb
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/attack_discovery/pages/header/settings_modal/index.test.tsx
@@ -0,0 +1,72 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { DEFAULT_ATTACK_DISCOVERY_MAX_ALERTS } from '@kbn/elastic-assistant';
+import { fireEvent, render, screen, waitFor } from '@testing-library/react';
+import React from 'react';
+
+import { SettingsModal } from '.';
+import { MAX_ALERTS } from './alerts_settings';
+
+const defaultProps = {
+  connectorId: undefined,
+  isLoading: false,
+  localStorageAttackDiscoveryMaxAlerts: undefined,
+  setLocalStorageAttackDiscoveryMaxAlerts: jest.fn(),
+};
+
+describe('SettingsModal', () => {
+  beforeEach(() => jest.clearAllMocks());
+
+  it('opens the modal when the settings button is clicked', () => {
+    render(<SettingsModal {...defaultProps} />);
+
+    fireEvent.click(screen.getByTestId('settings'));
+
+    expect(screen.getByTestId('modal')).toBeInTheDocument();
+  });
+
+  it('closes the modal when the close button is clicked', () => {
+    render(<SettingsModal {...defaultProps} />);
+
+    fireEvent.click(screen.getByTestId('settings'));
+    expect(screen.getByTestId('modal')).toBeInTheDocument();
+
+    fireEvent.click(screen.getByTestId('cancel'));
+    expect(screen.queryByTestId('modal')).not.toBeInTheDocument();
+  });
+
+  it('calls onSave when save button is clicked', () => {
+    render(<SettingsModal {...defaultProps} />);
+
+    fireEvent.click(screen.getByTestId('settings'));
+    fireEvent.click(screen.getByText(`${MAX_ALERTS}`));
+
+    fireEvent.click(screen.getByTestId('save'));
+
+    expect(defaultProps.setLocalStorageAttackDiscoveryMaxAlerts).toHaveBeenCalledWith(
+      `${MAX_ALERTS}`
+    );
+  });
+
+  it('resets max alerts to the default when the reset button is clicked', async () => {
+    render(<SettingsModal {...defaultProps} />);
+
+    fireEvent.click(screen.getByTestId('settings'));
+
+    fireEvent.click(screen.getByText(`${MAX_ALERTS}`));
+    await waitFor(() => expect(screen.getByTestId('alertsRange')).toHaveValue(`${MAX_ALERTS}`));
+
+    fireEvent.click(screen.getByTestId('reset'));
+
+    await waitFor(() =>
+      expect(screen.getByTestId('alertsRange')).toHaveValue(
+        `${DEFAULT_ATTACK_DISCOVERY_MAX_ALERTS}`
+      )
+    );
+  });
+});
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/pages/header/settings_modal/is_tour_enabled/index.test.ts b/x-pack/plugins/security_solution/public/attack_discovery/pages/header/settings_modal/is_tour_enabled/index.test.ts
new file mode 100644
index 0000000000000..831bacca4b8e6
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/attack_discovery/pages/header/settings_modal/is_tour_enabled/index.test.ts
@@ -0,0 +1,76 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { getIsTourEnabled } from '.';
+
+describe('getIsTourEnabled', () => {
+  it('returns true when all conditions are met', () => {
+    const result = getIsTourEnabled({
+      connectorId: 'test-connector-id',
+      isLoading: false,
+      tourDelayElapsed: true,
+      showSettingsTour: true,
+    });
+
+    expect(result).toBe(true);
+  });
+
+  it('returns false when isLoading is true', () => {
+    const result = getIsTourEnabled({
+      connectorId: 'test-connector-id',
+      isLoading: true, // <-- don't show the tour during loading
+      tourDelayElapsed: true,
+      showSettingsTour: true,
+    });
+
+    expect(result).toBe(false);
+  });
+
+  it("returns false when connectorId is undefined because it hasn't loaded from storage", () => {
+    const result = getIsTourEnabled({
+      connectorId: undefined, // <-- don't show the tour if there is no connectorId
+      isLoading: false,
+      tourDelayElapsed: true,
+      showSettingsTour: true,
+    });
+
+    expect(result).toBe(false);
+  });
+
+  it('returns false when tourDelayElapsed is false', () => {
+    const result = getIsTourEnabled({
+      connectorId: 'test-connector-id',
+      isLoading: false,
+      tourDelayElapsed: false, // <-- don't show the tour if the delay hasn't elapsed
+      showSettingsTour: true,
+    });
+
+    expect(result).toBe(false);
+  });
+
+  it('returns false when showSettingsTour is false', () => {
+    const result = getIsTourEnabled({
+      connectorId: 'test-connector-id',
+      isLoading: false,
+      tourDelayElapsed: true,
+      showSettingsTour: false, // <-- don't show the tour if it's disabled
+    });
+
+    expect(result).toBe(false);
+  });
+
+  it("returns false when showSettingsTour is undefined because it hasn't loaded from storage", () => {
+    const result = getIsTourEnabled({
+      connectorId: 'test-connector-id',
+      isLoading: false,
+      tourDelayElapsed: true,
+      showSettingsTour: undefined, // <-- don't show the tour if it's undefined
+    });
+
+    expect(result).toBe(false);
+  });
+});
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/loading_messages/get_loading_callout_alerts_count/index.test.ts b/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/loading_messages/get_loading_callout_alerts_count/index.test.ts
new file mode 100644
index 0000000000000..4824749cf851e
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/loading_messages/get_loading_callout_alerts_count/index.test.ts
@@ -0,0 +1,83 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { getLoadingCalloutAlertsCount } from '.';
+
+describe('getLoadingCalloutAlertsCount', () => {
+  it('returns alertsContextCount when it is a positive number', () => {
+    const alertsContextCount = 5; // <-- positive number
+
+    const result = getLoadingCalloutAlertsCount({
+      alertsContextCount,
+      defaultMaxAlerts: 10,
+      localStorageAttackDiscoveryMaxAlerts: '15',
+    });
+
+    expect(result).toBe(alertsContextCount);
+  });
+
+  it('returns defaultMaxAlerts when localStorageAttackDiscoveryMaxAlerts is undefined', () => {
+    const defaultMaxAlerts = 10;
+
+    const result = getLoadingCalloutAlertsCount({
+      alertsContextCount: null,
+      defaultMaxAlerts,
+      localStorageAttackDiscoveryMaxAlerts: undefined, // <-- undefined
+    });
+
+    expect(result).toBe(defaultMaxAlerts);
+  });
+
+  it('returns defaultMaxAlerts when localStorageAttackDiscoveryMaxAlerts is NaN', () => {
+    const defaultMaxAlerts = 10;
+
+    const result = getLoadingCalloutAlertsCount({
+      alertsContextCount: 0, // <-- not a valid alertsContextCount
+      defaultMaxAlerts,
+      localStorageAttackDiscoveryMaxAlerts: 'NaN', // <-- NaN
+    });
+
+    expect(result).toBe(defaultMaxAlerts);
+  });
+
+  it('returns defaultMaxAlerts when localStorageAttackDiscoveryMaxAlerts is 0', () => {
+    const defaultMaxAlerts = 10;
+
+    const result = getLoadingCalloutAlertsCount({
+      alertsContextCount: 0, // <-- not a valid alertsContextCount
+      defaultMaxAlerts,
+      localStorageAttackDiscoveryMaxAlerts: '0', // <-- NaN
+    });
+
+    expect(result).toBe(defaultMaxAlerts);
+  });
+
+  it("returns size from localStorageAttackDiscoveryMaxAlerts when it's a positive number", () => {
+    const localStorageAttackDiscoveryMaxAlerts = '15'; // <-- positive number
+
+    const result = getLoadingCalloutAlertsCount({
+      alertsContextCount: null,
+      defaultMaxAlerts: 10,
+      localStorageAttackDiscoveryMaxAlerts,
+    });
+
+    expect(result).toBe(15);
+  });
+
+  it('returns defaultMaxAlerts when localStorageAttackDiscoveryMaxAlerts is negative', () => {
+    const localStorageAttackDiscoveryMaxAlerts = '-5'; // <-- negative number
+    const defaultMaxAlerts = 10;
+
+    const result = getLoadingCalloutAlertsCount({
+      alertsContextCount: null,
+      defaultMaxAlerts: 10,
+      localStorageAttackDiscoveryMaxAlerts,
+    });
+
+    expect(result).toBe(defaultMaxAlerts);
+  });
+});
diff --git a/x-pack/plugins/security_solution/public/attack_discovery/pages/results/index.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/pages/results/index.test.tsx
new file mode 100644
index 0000000000000..a69a204a5a6fc
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/attack_discovery/pages/results/index.test.tsx
@@ -0,0 +1,88 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { render, screen, fireEvent } from '@testing-library/react';
+import React from 'react';
+
+import { TestProviders } from '../../../common/mock';
+import { mockAttackDiscovery } from '../../mock/mock_attack_discovery';
+import { Results } from '.';
+
+describe('Results', () => {
+  const defaultProps = {
+    aiConnectorsCount: 1,
+    alertsContextCount: 100,
+    alertsCount: 50,
+    attackDiscoveriesCount: 1,
+    connectorId: 'test-connector-id',
+    failureReason: null,
+    isLoading: false,
+    isLoadingPost: false,
+    localStorageAttackDiscoveryMaxAlerts: undefined,
+    onGenerate: jest.fn(),
+    onToggleShowAnonymized: jest.fn(),
+    selectedConnectorAttackDiscoveries: [mockAttackDiscovery],
+    selectedConnectorLastUpdated: new Date(),
+    selectedConnectorReplacements: {},
+    showAnonymized: false,
+  };
+
+  it('renders the EmptyStates when showEmptyStates returns true', () => {
+    render(
+      <TestProviders>
+        <Results {...defaultProps} aiConnectorsCount={0} />
+      </TestProviders>
+    );
+
+    expect(screen.getByTestId('welcome')).toBeInTheDocument();
+  });
+
+  it('calls onGenerate when the generate button is clicked', () => {
+    render(
+      <TestProviders>
+        <Results {...defaultProps} alertsContextCount={0} />
+      </TestProviders>
+    );
+
+    fireEvent.click(screen.getByTestId('generate'));
+
+    expect(defaultProps.onGenerate).toHaveBeenCalled();
+  });
+
+  it('renders the Summary when showSummary returns true', () => {
+    render(
+      <TestProviders>
+        <Results {...defaultProps} />
+      </TestProviders>
+    );
+    expect(screen.getByTestId('summary')).toBeInTheDocument();
+  });
+
+  it('calls onToggleShowAnonymized when the show anonymized toggle is clicked', () => {
+    render(
+      <TestProviders>
+        <Results {...defaultProps} />
+      </TestProviders>
+    );
+
+    fireEvent.click(screen.getByTestId('toggleAnonymized'));
+
+    expect(defaultProps.onToggleShowAnonymized).toHaveBeenCalled();
+  });
+
+  it('renders a AttackDiscoveryPanel for the attack discovery', () => {
+    render(
+      <TestProviders>
+        <Results {...defaultProps} />
+      </TestProviders>
+    );
+
+    expect(screen.getAllByTestId('attackDiscovery')).toHaveLength(
+      defaultProps.selectedConnectorAttackDiscoveries.length
+    );
+  });
+});
diff --git a/x-pack/plugins/security_solution/public/cloud_security_posture/components/alerts/alerts_preview.test.tsx b/x-pack/plugins/security_solution/public/cloud_security_posture/components/alerts/alerts_preview.test.tsx
new file mode 100644
index 0000000000000..e0199ab40168d
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/cloud_security_posture/components/alerts/alerts_preview.test.tsx
@@ -0,0 +1,76 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React from 'react';
+import { render } from '@testing-library/react';
+import { AlertsPreview } from './alerts_preview';
+import { TestProviders } from '../../../common/mock/test_providers';
+import { useExpandableFlyoutApi } from '@kbn/expandable-flyout';
+import type { ParsedAlertsData } from '../../../overview/components/detection_response/alerts_by_status/types';
+
+const mockAlertsData: ParsedAlertsData = {
+  open: {
+    total: 3,
+    severities: [
+      { key: 'low', value: 2, label: 'Low' },
+      { key: 'medium', value: 1, label: 'Medium' },
+    ],
+  },
+  acknowledged: {
+    total: 2,
+    severities: [
+      { key: 'low', value: 1, label: 'Low' },
+      { key: 'high', value: 1, label: 'High' },
+    ],
+  },
+};
+
+jest.mock(
+  '../../../detections/components/alerts_kpis/alerts_summary_charts_panel/use_summary_chart_data'
+);
+jest.mock('@kbn/expandable-flyout');
+
+describe('AlertsPreview', () => {
+  const mockOpenLeftPanel = jest.fn();
+
+  beforeEach(() => {
+    (useExpandableFlyoutApi as jest.Mock).mockReturnValue({ openLeftPanel: mockOpenLeftPanel });
+  });
+  afterEach(() => {
+    jest.clearAllMocks();
+  });
+
+  it('renders', () => {
+    const { getByTestId } = render(
+      <TestProviders>
+        <AlertsPreview alertsData={mockAlertsData} />
+      </TestProviders>
+    );
+
+    expect(getByTestId('securitySolutionFlyoutInsightsAlertsTitleText')).toBeInTheDocument();
+  });
+
+  it('renders correct alerts number', () => {
+    const { getByTestId } = render(
+      <TestProviders>
+        <AlertsPreview alertsData={mockAlertsData} />
+      </TestProviders>
+    );
+
+    expect(getByTestId('securitySolutionFlyoutInsightsAlertsCount').textContent).toEqual('5');
+  });
+
+  it('should render the correct number of distribution bar section based on the number of severities', () => {
+    const { queryAllByTestId } = render(
+      <TestProviders>
+        <AlertsPreview alertsData={mockAlertsData} />
+      </TestProviders>
+    );
+
+    expect(queryAllByTestId('AlertsPreviewDistributionBarTestId__part').length).toEqual(3);
+  });
+});
diff --git a/x-pack/plugins/security_solution/public/cloud_security_posture/components/alerts/alerts_preview.tsx b/x-pack/plugins/security_solution/public/cloud_security_posture/components/alerts/alerts_preview.tsx
new file mode 100644
index 0000000000000..3f9a0115d9ed1
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/cloud_security_posture/components/alerts/alerts_preview.tsx
@@ -0,0 +1,121 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React from 'react';
+import { capitalize } from 'lodash';
+import type { EuiThemeComputed } from '@elastic/eui';
+import { EuiFlexGroup, EuiFlexItem, EuiSpacer, EuiText, EuiTitle, useEuiTheme } from '@elastic/eui';
+import { FormattedMessage } from '@kbn/i18n-react';
+import { DistributionBar } from '@kbn/security-solution-distribution-bar';
+import { getAbbreviatedNumber } from '@kbn/cloud-security-posture-common';
+import { ExpandablePanel } from '../../../flyout/shared/components/expandable_panel';
+import { getSeverityColor } from '../../../detections/components/alerts_kpis/severity_level_panel/helpers';
+import type {
+  AlertsByStatus,
+  ParsedAlertsData,
+} from '../../../overview/components/detection_response/alerts_by_status/types';
+
+const AlertsCount = ({
+  alertsTotal,
+  euiTheme,
+}: {
+  alertsTotal: number;
+  euiTheme: EuiThemeComputed<{}>;
+}) => {
+  return (
+    <EuiFlexItem>
+      <EuiFlexGroup direction="column" gutterSize="none">
+        <EuiFlexItem>
+          <EuiTitle size="s">
+            <h1 data-test-subj={'securitySolutionFlyoutInsightsAlertsCount'}>
+              {getAbbreviatedNumber(alertsTotal)}
+            </h1>
+          </EuiTitle>
+        </EuiFlexItem>
+        <EuiFlexItem>
+          <EuiText
+            size="m"
+            css={{
+              fontWeight: euiTheme.font.weight.semiBold,
+            }}
+          >
+            <FormattedMessage
+              id="xpack.securitySolution.flyout.right.insights.alerts.alertsCountDescription"
+              defaultMessage="Alerts"
+            />
+          </EuiText>
+        </EuiFlexItem>
+      </EuiFlexGroup>
+    </EuiFlexItem>
+  );
+};
+
+export const AlertsPreview = ({
+  alertsData,
+  isPreviewMode,
+}: {
+  alertsData: ParsedAlertsData;
+  isPreviewMode?: boolean;
+}) => {
+  const { euiTheme } = useEuiTheme();
+
+  const severityMap = new Map<string, number>();
+
+  (Object.keys(alertsData || {}) as AlertsByStatus[]).forEach((status) => {
+    if (alertsData?.[status]?.severities) {
+      alertsData?.[status]?.severities.forEach((severity) => {
+        const currentSeverity = severityMap.get(severity.key) || 0;
+        severityMap.set(severity.key, currentSeverity + severity.value);
+      });
+    }
+  });
+
+  const alertStats = Array.from(severityMap, ([key, count]) => ({
+    key: capitalize(key),
+    count,
+    color: getSeverityColor(key),
+  }));
+
+  const totalAlertsCount = alertStats.reduce((total, item) => total + item.count, 0);
+
+  return (
+    <ExpandablePanel
+      header={{
+        title: (
+          <EuiText
+            size="xs"
+            css={{
+              fontWeight: euiTheme.font.weight.semiBold,
+            }}
+          >
+            <FormattedMessage
+              id="xpack.securitySolution.flyout.right.insights.alerts.alertsTitle"
+              defaultMessage="Alerts"
+            />
+          </EuiText>
+        ),
+      }}
+      data-test-subj={'securitySolutionFlyoutInsightsAlerts'}
+    >
+      <EuiFlexGroup gutterSize="none">
+        <AlertsCount alertsTotal={totalAlertsCount} euiTheme={euiTheme} />
+        <EuiFlexItem grow={2}>
+          <EuiFlexGroup direction="column" gutterSize="none">
+            <EuiFlexItem />
+            <EuiFlexItem>
+              <EuiSpacer />
+              <DistributionBar
+                stats={alertStats.reverse()}
+                data-test-subj="AlertsPreviewDistributionBarTestId"
+              />
+            </EuiFlexItem>
+          </EuiFlexGroup>
+        </EuiFlexItem>
+      </EuiFlexGroup>
+    </ExpandablePanel>
+  );
+};
diff --git a/x-pack/plugins/security_solution/public/cloud_security_posture/components/csp_details/misconfiguration_findings_details_table.tsx b/x-pack/plugins/security_solution/public/cloud_security_posture/components/csp_details/misconfiguration_findings_details_table.tsx
index 8d4088b19f9b6..69912c58e4e15 100644
--- a/x-pack/plugins/security_solution/public/cloud_security_posture/components/csp_details/misconfiguration_findings_details_table.tsx
+++ b/x-pack/plugins/security_solution/public/cloud_security_posture/components/csp_details/misconfiguration_findings_details_table.tsx
@@ -126,11 +126,14 @@ export const MisconfigurationFindingsDetailsTable = memo(
       return getNavUrlParams({ [queryField]: name }, 'configurations', ['rule.name']);
     };
 
+    const linkWidth = 40;
+    const resultWidth = 74;
+
     const columns: Array<EuiBasicTableColumn<MisconfigurationFindingDetailFields>> = [
       {
         field: 'rule',
         name: '',
-        width: '5%',
+        width: `${linkWidth}`,
         render: (rule: CspBenchmarkRuleMetadata, finding: MisconfigurationFindingDetailFields) => (
           <SecuritySolutionLinkAnchor
             deepLinkId={SecurityPageName.cloudSecurityPostureFindings}
@@ -160,7 +163,7 @@ export const MisconfigurationFindingsDetailsTable = memo(
             defaultMessage: 'Result',
           }
         ),
-        width: '10%',
+        width: `${resultWidth}px`,
       },
       {
         field: 'rule',
@@ -171,7 +174,7 @@ export const MisconfigurationFindingsDetailsTable = memo(
             defaultMessage: 'Rule',
           }
         ),
-        width: '90%',
+        width: `calc(100% - ${linkWidth + resultWidth}px)`,
       },
     ];
 
diff --git a/x-pack/plugins/security_solution/public/cloud_security_posture/components/entity_insight.tsx b/x-pack/plugins/security_solution/public/cloud_security_posture/components/entity_insight.tsx
index eee9af194ca37..a43b56876f1ab 100644
--- a/x-pack/plugins/security_solution/public/cloud_security_posture/components/entity_insight.tsx
+++ b/x-pack/plugins/security_solution/public/cloud_security_posture/components/entity_insight.tsx
@@ -7,15 +7,22 @@
 
 import { EuiAccordion, EuiHorizontalRule, EuiSpacer, EuiTitle, useEuiTheme } from '@elastic/eui';
 
-import React from 'react';
+import React, { useMemo } from 'react';
 import { css } from '@emotion/react';
 import { FormattedMessage } from '@kbn/i18n-react';
 import { useMisconfigurationPreview } from '@kbn/cloud-security-posture/src/hooks/use_misconfiguration_preview';
 import { buildEntityFlyoutPreviewQuery } from '@kbn/cloud-security-posture-common';
 import { useVulnerabilitiesPreview } from '@kbn/cloud-security-posture/src/hooks/use_vulnerabilities_preview';
 import { hasVulnerabilitiesData } from '@kbn/cloud-security-posture';
+import { FILTER_CLOSED } from '../../../common/types';
 import { MisconfigurationsPreview } from './misconfiguration/misconfiguration_preview';
 import { VulnerabilitiesPreview } from './vulnerabilities/vulnerabilities_preview';
+import { AlertsPreview } from './alerts/alerts_preview';
+import { useGlobalTime } from '../../common/containers/use_global_time';
+import type { ParsedAlertsData } from '../../overview/components/detection_response/alerts_by_status/types';
+import { DETECTION_RESPONSE_ALERTS_BY_STATUS_ID } from '../../overview/components/detection_response/alerts_by_status/types';
+import { useAlertsByStatus } from '../../overview/components/detection_response/alerts_by_status/use_alerts_by_status';
+import { useSignalIndex } from '../../detections/containers/detection_engine/alerts/use_signal_index';
 
 export const EntityInsight = <T,>({
   name,
@@ -60,6 +67,39 @@ export const EntityInsight = <T,>({
 
   const isVulnerabilitiesFindingForHost = hasVulnerabilitiesFindings && fieldName === 'host.name';
 
+  const { signalIndexName } = useSignalIndex();
+
+  const entityFilter = useMemo(() => ({ field: fieldName, value: name }), [fieldName, name]);
+
+  const { to, from } = useGlobalTime();
+
+  const { items: alertsData } = useAlertsByStatus({
+    entityFilter,
+    signalIndexName,
+    queryId: DETECTION_RESPONSE_ALERTS_BY_STATUS_ID,
+    to,
+    from,
+  });
+
+  const filteredAlertsData: ParsedAlertsData = alertsData
+    ? Object.fromEntries(Object.entries(alertsData).filter(([key]) => key !== FILTER_CLOSED))
+    : {};
+
+  const alertsOpenCount = filteredAlertsData?.open?.total || 0;
+
+  const alertsAcknowledgedCount = filteredAlertsData?.acknowledged?.total || 0;
+
+  const alertsCount = alertsOpenCount + alertsAcknowledgedCount;
+
+  if (alertsCount > 0) {
+    insightContent.push(
+      <>
+        <AlertsPreview alertsData={filteredAlertsData} isPreviewMode={isPreviewMode} />
+        <EuiSpacer size="s" />
+      </>
+    );
+  }
+
   if (hasMisconfigurationFindings)
     insightContent.push(
       <>
@@ -76,7 +116,8 @@ export const EntityInsight = <T,>({
     );
   return (
     <>
-      {(hasMisconfigurationFindings ||
+      {(insightContent.length > 0 ||
+        hasMisconfigurationFindings ||
         (isVulnerabilitiesFindingForHost && hasVulnerabilitiesFindings)) && (
         <>
           <EuiAccordion
diff --git a/x-pack/plugins/security_solution/public/cloud_security_posture/components/vulnerabilities/vulnerabilities_preview.tsx b/x-pack/plugins/security_solution/public/cloud_security_posture/components/vulnerabilities/vulnerabilities_preview.tsx
index 1caa740662ad8..a9ddaff62085b 100644
--- a/x-pack/plugins/security_solution/public/cloud_security_posture/components/vulnerabilities/vulnerabilities_preview.tsx
+++ b/x-pack/plugins/security_solution/public/cloud_security_posture/components/vulnerabilities/vulnerabilities_preview.tsx
@@ -149,8 +149,8 @@ export const VulnerabilitiesPreview = ({
             callback: goToEntityInsightTab,
             tooltip: (
               <FormattedMessage
-                id="xpack.securitySolution.flyout.right.insights.misconfiguration.misconfigurationTooltip"
-                defaultMessage="Show all misconfiguration findings"
+                id="xpack.securitySolution.flyout.right.insights.vulnerabilities.vulnerabilitiesTooltip"
+                defaultMessage="Show all vulnerabilities findings"
               />
             ),
           }
diff --git a/x-pack/plugins/security_solution/public/common/components/markdown_editor/plugins/index.ts b/x-pack/plugins/security_solution/public/common/components/markdown_editor/plugins/index.ts
index 607ed6d94959b..b6067ac21eb1d 100644
--- a/x-pack/plugins/security_solution/public/common/components/markdown_editor/plugins/index.ts
+++ b/x-pack/plugins/security_solution/public/common/components/markdown_editor/plugins/index.ts
@@ -24,8 +24,8 @@ export const uiPlugins = ({
   insightsUpsellingMessage,
   interactionsUpsellingMessage,
 }: {
-  insightsUpsellingMessage: string | null;
-  interactionsUpsellingMessage: string | null;
+  insightsUpsellingMessage?: string;
+  interactionsUpsellingMessage?: string;
 }) => {
   const currentPlugins = nonStatefulUiPlugins.map((plugin) => plugin.name);
   const insightPluginWithLicense = insightMarkdownPlugin.plugin({
diff --git a/x-pack/plugins/security_solution/public/common/components/markdown_editor/plugins/insight/index.test.tsx b/x-pack/plugins/security_solution/public/common/components/markdown_editor/plugins/insight/index.test.tsx
index 37d4e004edf54..026e070f320df 100644
--- a/x-pack/plugins/security_solution/public/common/components/markdown_editor/plugins/insight/index.test.tsx
+++ b/x-pack/plugins/security_solution/public/common/components/markdown_editor/plugins/insight/index.test.tsx
@@ -135,7 +135,7 @@ describe('plugin', () => {
   });
 
   it('show investigate message when insightsUpsellingMessage is not provided', () => {
-    const result = plugin({ insightsUpsellingMessage: null });
+    const result = plugin({ insightsUpsellingMessage: undefined });
 
     expect(result.button.label).toEqual('Investigate');
   });
diff --git a/x-pack/plugins/security_solution/public/common/components/markdown_editor/plugins/insight/index.tsx b/x-pack/plugins/security_solution/public/common/components/markdown_editor/plugins/insight/index.tsx
index e8fa43d0a189e..794b17a219208 100644
--- a/x-pack/plugins/security_solution/public/common/components/markdown_editor/plugins/insight/index.tsx
+++ b/x-pack/plugins/security_solution/public/common/components/markdown_editor/plugins/insight/index.tsx
@@ -541,11 +541,7 @@ const exampleInsight = `${insightPrefix}{
   ]
 }}`;
 
-export const plugin = ({
-  insightsUpsellingMessage,
-}: {
-  insightsUpsellingMessage: string | null;
-}) => {
+export const plugin = ({ insightsUpsellingMessage }: { insightsUpsellingMessage?: string }) => {
   return {
     name: 'insights',
     button: {
diff --git a/x-pack/plugins/security_solution/public/common/components/markdown_editor/plugins/osquery/plugin.tsx b/x-pack/plugins/security_solution/public/common/components/markdown_editor/plugins/osquery/plugin.tsx
index 6a37280f9ef23..67b3f9e2b4f8a 100644
--- a/x-pack/plugins/security_solution/public/common/components/markdown_editor/plugins/osquery/plugin.tsx
+++ b/x-pack/plugins/security_solution/public/common/components/markdown_editor/plugins/osquery/plugin.tsx
@@ -161,7 +161,7 @@ const OsqueryEditor = React.memo(OsqueryEditorComponent);
 export const plugin = ({
   interactionsUpsellingMessage,
 }: {
-  interactionsUpsellingMessage: string | null;
+  interactionsUpsellingMessage?: string;
 }) => {
   return {
     name: 'osquery',
diff --git a/x-pack/plugins/security_solution/public/common/components/markdown_editor/plugins/timeline/plugin.tsx b/x-pack/plugins/security_solution/public/common/components/markdown_editor/plugins/timeline/plugin.tsx
index 40b2fba4b84d0..4d5b2e14e0d95 100644
--- a/x-pack/plugins/security_solution/public/common/components/markdown_editor/plugins/timeline/plugin.tsx
+++ b/x-pack/plugins/security_solution/public/common/components/markdown_editor/plugins/timeline/plugin.tsx
@@ -78,7 +78,7 @@ const TimelineEditor = memo(TimelineEditorComponent);
 export const plugin = ({
   interactionsUpsellingMessage,
 }: {
-  interactionsUpsellingMessage: string | null;
+  interactionsUpsellingMessage?: string;
 }): EuiMarkdownEditorUiPlugin => {
   return {
     name: ID,
diff --git a/x-pack/plugins/security_solution/public/common/components/visualization_actions/lens_embeddable.tsx b/x-pack/plugins/security_solution/public/common/components/visualization_actions/lens_embeddable.tsx
index 0461cb8888be5..6b264a4dc759f 100644
--- a/x-pack/plugins/security_solution/public/common/components/visualization_actions/lens_embeddable.tsx
+++ b/x-pack/plugins/security_solution/public/common/components/visualization_actions/lens_embeddable.tsx
@@ -43,19 +43,6 @@ const LensComponentWrapper = styled.div<{
   height: ${({ $height }) => ($height ? `${$height}px` : 'auto')};
   width: ${({ width }) => width ?? 'auto'};
 
-  .embPanel {
-    outline: none;
-  }
-
-  .embPanel__hoverActions.embPanel__hoverActionsRight {
-    border-radius: 6px !important;
-    border-bottom: 1px solid #d3dae6 !important;
-  }
-
-  .embPanel__hoverActionsAnchor .embPanel__hoverActionsWrapper {
-    top: -20px;
-  }
-
   .expExpressionRenderer__expression {
     padding: 2px 0 0 0 !important;
   }
diff --git a/x-pack/plugins/security_solution/public/common/hooks/use_upselling.test.tsx b/x-pack/plugins/security_solution/public/common/hooks/use_upselling.test.tsx
index ee783bcd19e3d..c18a6282eb373 100644
--- a/x-pack/plugins/security_solution/public/common/hooks/use_upselling.test.tsx
+++ b/x-pack/plugins/security_solution/public/common/hooks/use_upselling.test.tsx
@@ -71,7 +71,7 @@ describe('use_upselling', () => {
     expect(result.all.length).toBe(1); // assert that it should not cause unnecessary re-renders
   });
 
-  test('useUpsellingMessage returns null when upsellingMessageId not found', () => {
+  test('useUpsellingMessage returns undefined when upsellingMessageId not found', () => {
     const emptyMessages = {};
     mockUpselling.setPages(emptyMessages);
 
@@ -81,6 +81,6 @@ describe('use_upselling', () => {
         wrapper: RenderWrapper,
       }
     );
-    expect(result.current).toBe(null);
+    expect(result.current).toBeUndefined();
   });
 });
diff --git a/x-pack/plugins/security_solution/public/common/hooks/use_upselling.ts b/x-pack/plugins/security_solution/public/common/hooks/use_upselling.ts
index 8ef01b5b56a25..9f452bb4f2872 100644
--- a/x-pack/plugins/security_solution/public/common/hooks/use_upselling.ts
+++ b/x-pack/plugins/security_solution/public/common/hooks/use_upselling.ts
@@ -22,11 +22,11 @@ export const useUpsellingComponent = (id: UpsellingSectionId): React.ComponentTy
   return useMemo(() => upsellingSections?.get(id) ?? null, [id, upsellingSections]);
 };
 
-export const useUpsellingMessage = (id: UpsellingMessageId): string | null => {
+export const useUpsellingMessage = (id: UpsellingMessageId): string | undefined => {
   const upselling = useUpsellingService();
   const upsellingMessages = useObservable(upselling.messages$, upselling.getMessagesValue());
 
-  return useMemo(() => upsellingMessages?.get(id) ?? null, [id, upsellingMessages]);
+  return useMemo(() => upsellingMessages?.get(id), [id, upsellingMessages]);
 };
 
 export const useUpsellingPage = (pageName: SecurityPageName): React.ComponentType | null => {
diff --git a/x-pack/plugins/security_solution/public/common/test/eui/combobox.ts b/x-pack/plugins/security_solution/public/common/test/eui/combobox.ts
new file mode 100644
index 0000000000000..dad99a3c426d4
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/common/test/eui/combobox.ts
@@ -0,0 +1,79 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { act, fireEvent, waitFor } from '@testing-library/react';
+
+export function showEuiComboBoxOptions(comboBoxToggleButton: HTMLElement): Promise<void> {
+  fireEvent.click(comboBoxToggleButton);
+
+  return waitFor(() => {
+    const listWithOptionsElement = document.querySelector('[role="listbox"]');
+    const emptyListElement = document.querySelector('.euiComboBoxOptionsList__empty');
+
+    expect(listWithOptionsElement || emptyListElement).toBeInTheDocument();
+  });
+}
+
+type SelectEuiComboBoxOptionParameters =
+  | {
+      comboBoxToggleButton: HTMLElement;
+      optionIndex: number;
+      optionText?: undefined;
+    }
+  | {
+      comboBoxToggleButton: HTMLElement;
+      optionText: string;
+      optionIndex?: undefined;
+    };
+
+export function selectEuiComboBoxOption({
+  comboBoxToggleButton,
+  optionIndex,
+  optionText,
+}: SelectEuiComboBoxOptionParameters): Promise<void> {
+  return act(async () => {
+    await showEuiComboBoxOptions(comboBoxToggleButton);
+
+    const options = Array.from(
+      document.querySelectorAll('[data-test-subj*="comboBoxOptionsList"] [role="option"]')
+    );
+
+    if (typeof optionText === 'string') {
+      const optionToSelect = options.find((option) => option.textContent === optionText);
+
+      if (optionToSelect) {
+        fireEvent.click(optionToSelect);
+      } else {
+        throw new Error(
+          `Could not find option with text "${optionText}". Available options: ${options
+            .map((option) => option.textContent)
+            .join(', ')}`
+        );
+      }
+    } else {
+      fireEvent.click(options[optionIndex]);
+    }
+  });
+}
+
+export function selectFirstEuiComboBoxOption({
+  comboBoxToggleButton,
+}: {
+  comboBoxToggleButton: HTMLElement;
+}): Promise<void> {
+  return selectEuiComboBoxOption({ comboBoxToggleButton, optionIndex: 0 });
+}
+
+export function clearEuiComboBoxSelection({
+  clearButton,
+}: {
+  clearButton: HTMLElement;
+}): Promise<void> {
+  return act(async () => {
+    fireEvent.click(clearButton);
+  });
+}
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_creation/components/alert_suppression_edit/components/alert_suppression_edit.tsx b/x-pack/plugins/security_solution/public/detection_engine/rule_creation/components/alert_suppression_edit/components/alert_suppression_edit.tsx
new file mode 100644
index 0000000000000..5c6099529e920
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_creation/components/alert_suppression_edit/components/alert_suppression_edit.tsx
@@ -0,0 +1,64 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React, { memo } from 'react';
+import { EuiPanel, EuiText, EuiToolTip } from '@elastic/eui';
+import type { DataViewFieldBase } from '@kbn/es-query';
+import { useFormData } from '../../../../../shared_imports';
+import { MissingFieldsStrategySelector } from './missing_fields_strategy_selector';
+import { SuppressionDurationSelector } from './suppression_duration_selector';
+import { SuppressionFieldsSelector } from './suppression_fields_selector';
+import { ALERT_SUPPRESSION_FIELDS_FIELD_NAME } from '../constants/fields';
+
+interface AlertSuppressionEditProps {
+  suppressibleFields: DataViewFieldBase[];
+  labelAppend?: React.ReactNode;
+  disabled?: boolean;
+  disabledText?: string;
+  warningText?: string;
+}
+
+export const AlertSuppressionEdit = memo(function AlertSuppressionEdit({
+  suppressibleFields,
+  labelAppend,
+  disabled,
+  disabledText,
+  warningText,
+}: AlertSuppressionEditProps): JSX.Element {
+  const [{ [ALERT_SUPPRESSION_FIELDS_FIELD_NAME]: suppressionFields }] = useFormData<{
+    [ALERT_SUPPRESSION_FIELDS_FIELD_NAME]: string[];
+  }>({
+    watch: ALERT_SUPPRESSION_FIELDS_FIELD_NAME,
+  });
+  const hasSelectedFields = suppressionFields?.length > 0;
+  const content = (
+    <>
+      <SuppressionFieldsSelector
+        suppressibleFields={suppressibleFields}
+        labelAppend={labelAppend}
+        disabled={disabled}
+      />
+      {warningText && (
+        <EuiText size="xs" color="warning" data-test-subj="alertSuppressionWarning">
+          {warningText}
+        </EuiText>
+      )}
+      <EuiPanel paddingSize="m" hasShadow={false}>
+        <SuppressionDurationSelector disabled={disabled || !hasSelectedFields} />
+        <MissingFieldsStrategySelector disabled={disabled || !hasSelectedFields} />
+      </EuiPanel>
+    </>
+  );
+
+  return disabled && disabledText ? (
+    <EuiToolTip position="right" content={disabledText}>
+      {content}
+    </EuiToolTip>
+  ) : (
+    content
+  );
+});
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_creation/components/alert_suppression_edit/components/missing_fields_strategy_selector.tsx b/x-pack/plugins/security_solution/public/detection_engine/rule_creation/components/alert_suppression_edit/components/missing_fields_strategy_selector.tsx
new file mode 100644
index 0000000000000..a7b38843a61ce
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_creation/components/alert_suppression_edit/components/missing_fields_strategy_selector.tsx
@@ -0,0 +1,61 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React, { useMemo } from 'react';
+import type { EuiFormRowProps, EuiRadioGroupOption, EuiRadioGroupProps } from '@elastic/eui';
+import { RadioGroupField } from '@kbn/es-ui-shared-plugin/static/forms/components';
+import { AlertSuppressionMissingFieldsStrategyEnum } from '../../../../../../common/api/detection_engine';
+import { UseField } from '../../../../../shared_imports';
+import { SuppressionInfoIcon } from './suppression_info_icon';
+import { ALERT_SUPPRESSION_MISSING_FIELDS_FIELD_NAME } from '../constants/fields';
+import * as i18n from './translations';
+
+interface MissingFieldsStrategySelectorProps {
+  disabled?: boolean;
+}
+
+export function MissingFieldsStrategySelector({
+  disabled,
+}: MissingFieldsStrategySelectorProps): JSX.Element {
+  const radioFieldProps: Partial<EuiRadioGroupProps> = useMemo(
+    () => ({
+      options: ALERT_SUPPRESSION_MISSING_FIELDS_STRATEGY_OPTIONS,
+      'data-test-subj': 'suppressionMissingFieldsOptions',
+      disabled,
+    }),
+    [disabled]
+  );
+
+  return (
+    <UseField
+      path={ALERT_SUPPRESSION_MISSING_FIELDS_FIELD_NAME}
+      component={RadioGroupField}
+      componentProps={EUI_FORM_ROW_PROPS}
+      euiFieldProps={radioFieldProps}
+    />
+  );
+}
+
+const EUI_FORM_ROW_PROPS: Partial<EuiFormRowProps> = {
+  label: (
+    <span>
+      {i18n.ALERT_SUPPRESSION_MISSING_FIELDS_LABEL} <SuppressionInfoIcon />
+    </span>
+  ),
+  'data-test-subj': 'alertSuppressionMissingFields',
+};
+
+const ALERT_SUPPRESSION_MISSING_FIELDS_STRATEGY_OPTIONS: EuiRadioGroupOption[] = [
+  {
+    id: AlertSuppressionMissingFieldsStrategyEnum.suppress,
+    label: i18n.ALERT_SUPPRESSION_MISSING_FIELDS_SUPPRESS_OPTION,
+  },
+  {
+    id: AlertSuppressionMissingFieldsStrategyEnum.doNotSuppress,
+    label: i18n.ALERT_SUPPRESSION_MISSING_FIELDS_DO_NOT_SUPPRESS_OPTION,
+  },
+];
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_creation/components/alert_suppression_edit/components/suppression_duration_selector.tsx b/x-pack/plugins/security_solution/public/detection_engine/rule_creation/components/alert_suppression_edit/components/suppression_duration_selector.tsx
new file mode 100644
index 0000000000000..7cf5eeb3018b1
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_creation/components/alert_suppression_edit/components/suppression_duration_selector.tsx
@@ -0,0 +1,140 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React, { memo, useEffect } from 'react';
+import { EuiFormRow, EuiRadioGroup, EuiToolTip, useEuiTheme } from '@elastic/eui';
+import { css } from '@emotion/css';
+import type { FieldHook } from '../../../../../shared_imports';
+import { UseMultiFields } from '../../../../../shared_imports';
+import { AlertSuppressionDurationType } from '../../../../../detections/pages/detection_engine/rules/types';
+import { DurationInput } from '../../duration_input';
+import {
+  ALERT_SUPPRESSION_DURATION_FIELD_NAME,
+  ALERT_SUPPRESSION_DURATION_TYPE_FIELD_NAME,
+  ALERT_SUPPRESSION_DURATION_UNIT_FIELD_NAME,
+  ALERT_SUPPRESSION_DURATION_VALUE_FIELD_NAME,
+} from '../constants/fields';
+import * as i18n from './translations';
+
+interface AlertSuppressionDurationProps {
+  onlyPerTimePeriod?: boolean;
+  onlyPerTimePeriodReasonMessage?: string;
+  disabled?: boolean;
+}
+
+export function SuppressionDurationSelector({
+  onlyPerTimePeriod,
+  onlyPerTimePeriodReasonMessage,
+  disabled,
+}: AlertSuppressionDurationProps): JSX.Element {
+  return (
+    <EuiFormRow data-test-subj="alertSuppressionDuration">
+      <UseMultiFields<{
+        suppressionDurationSelector: string;
+        suppressionDurationValue: number | undefined;
+        suppressionDurationUnit: string;
+      }>
+        fields={{
+          suppressionDurationSelector: {
+            path: ALERT_SUPPRESSION_DURATION_TYPE_FIELD_NAME,
+          },
+          suppressionDurationValue: {
+            path: `${ALERT_SUPPRESSION_DURATION_FIELD_NAME}.${ALERT_SUPPRESSION_DURATION_VALUE_FIELD_NAME}`,
+          },
+          suppressionDurationUnit: {
+            path: `${ALERT_SUPPRESSION_DURATION_FIELD_NAME}.${ALERT_SUPPRESSION_DURATION_UNIT_FIELD_NAME}`,
+          },
+        }}
+      >
+        {({ suppressionDurationSelector, suppressionDurationValue, suppressionDurationUnit }) => (
+          <SuppressionDurationSelectorFields
+            suppressionDurationSelectorField={suppressionDurationSelector}
+            suppressionDurationValueField={suppressionDurationValue}
+            suppressionDurationUnitField={suppressionDurationUnit}
+            onlyPerTimePeriod={onlyPerTimePeriod}
+            onlyPerTimePeriodReasonMessage={onlyPerTimePeriodReasonMessage}
+            disabled={disabled}
+          />
+        )}
+      </UseMultiFields>
+    </EuiFormRow>
+  );
+}
+
+interface SuppressionDurationSelectorFieldsProps {
+  suppressionDurationSelectorField: FieldHook<string, string>;
+  suppressionDurationValueField: FieldHook<number | undefined, number | undefined>;
+  suppressionDurationUnitField: FieldHook<string, string>;
+  onlyPerTimePeriod?: boolean;
+  onlyPerTimePeriodReasonMessage?: string;
+  disabled?: boolean;
+}
+
+const SuppressionDurationSelectorFields = memo(function SuppressionDurationSelectorFields({
+  suppressionDurationSelectorField,
+  suppressionDurationValueField,
+  suppressionDurationUnitField,
+  onlyPerTimePeriod = false,
+  onlyPerTimePeriodReasonMessage,
+  disabled,
+}: SuppressionDurationSelectorFieldsProps): JSX.Element {
+  const { euiTheme } = useEuiTheme();
+  const { value: durationType, setValue: setDurationType } = suppressionDurationSelectorField;
+
+  useEffect(() => {
+    if (onlyPerTimePeriod && durationType !== AlertSuppressionDurationType.PerTimePeriod) {
+      setDurationType(AlertSuppressionDurationType.PerTimePeriod);
+    }
+  }, [onlyPerTimePeriod, durationType, setDurationType]);
+
+  return (
+    <>
+      <EuiRadioGroup
+        disabled={disabled}
+        idSelected={suppressionDurationSelectorField.value}
+        options={[
+          {
+            id: AlertSuppressionDurationType.PerRuleExecution,
+            label: onlyPerTimePeriod ? (
+              <EuiToolTip content={onlyPerTimePeriodReasonMessage}>
+                <> {i18n.ALERT_SUPPRESSION_DURATION_PER_RULE_EXECUTION_OPTION}</>
+              </EuiToolTip>
+            ) : (
+              i18n.ALERT_SUPPRESSION_DURATION_PER_RULE_EXECUTION_OPTION
+            ),
+            disabled: onlyPerTimePeriod ? true : disabled,
+          },
+          {
+            id: AlertSuppressionDurationType.PerTimePeriod,
+            disabled,
+            label: i18n.ALERT_SUPPRESSION_DURATION_PER_TIME_PERIOD_OPTION,
+          },
+        ]}
+        onChange={(id) => {
+          suppressionDurationSelectorField.setValue(id);
+        }}
+        data-test-subj="alertSuppressionDurationOptions"
+      />
+      <div
+        className={css`
+          padding-left: ${euiTheme.size.l};
+        `}
+      >
+        <DurationInput
+          durationValueField={suppressionDurationValueField}
+          durationUnitField={suppressionDurationUnitField}
+          // Suppression duration is also disabled suppression by rule execution is selected in radio button
+          isDisabled={
+            disabled ||
+            suppressionDurationSelectorField.value !== AlertSuppressionDurationType.PerTimePeriod
+          }
+          minimumValue={1}
+        />
+      </div>
+    </>
+  );
+});
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_creation/components/alert_suppression_edit/components/suppression_fields_selector.tsx b/x-pack/plugins/security_solution/public/detection_engine/rule_creation/components/alert_suppression_edit/components/suppression_fields_selector.tsx
new file mode 100644
index 0000000000000..72eea027288f0
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_creation/components/alert_suppression_edit/components/suppression_fields_selector.tsx
@@ -0,0 +1,46 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React from 'react';
+import { EuiFormRow } from '@elastic/eui';
+import type { DataViewFieldBase } from '@kbn/es-query';
+import { UseField } from '../../../../../shared_imports';
+import { MultiSelectFieldsAutocomplete } from '../../../../rule_creation_ui/components/multi_select_fields';
+import { ALERT_SUPPRESSION_FIELDS_FIELD_NAME } from '../constants/fields';
+import * as i18n from './translations';
+
+interface SuppressionFieldsSelectorProps {
+  suppressibleFields: DataViewFieldBase[];
+  labelAppend?: React.ReactNode;
+  disabled?: boolean;
+}
+
+export function SuppressionFieldsSelector({
+  suppressibleFields,
+  labelAppend,
+  disabled,
+}: SuppressionFieldsSelectorProps): JSX.Element {
+  return (
+    <EuiFormRow
+      data-test-subj="alertSuppressionInput"
+      label={i18n.ALERT_SUPPRESSION_SUPPRESS_BY_FIELD_LABEL}
+      labelAppend={labelAppend}
+      helpText={i18n.ALERT_SUPPRESSION_SUPPRESS_BY_FIELD_HELP_TEXT}
+    >
+      <>
+        <UseField
+          path={ALERT_SUPPRESSION_FIELDS_FIELD_NAME}
+          component={MultiSelectFieldsAutocomplete}
+          componentProps={{
+            browserFields: suppressibleFields,
+            isDisabled: disabled,
+          }}
+        />
+      </>
+    </EuiFormRow>
+  );
+}
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/suppression_info_icon/index.tsx b/x-pack/plugins/security_solution/public/detection_engine/rule_creation/components/alert_suppression_edit/components/suppression_info_icon.tsx
similarity index 80%
rename from x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/suppression_info_icon/index.tsx
rename to x-pack/plugins/security_solution/public/detection_engine/rule_creation/components/alert_suppression_edit/components/suppression_info_icon.tsx
index bb3b0db1ccdab..466600dd394da 100644
--- a/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/suppression_info_icon/index.tsx
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_creation/components/alert_suppression_edit/components/suppression_info_icon.tsx
@@ -5,28 +5,25 @@
  * 2.0.
  */
 
-import React, { useState } from 'react';
+import React from 'react';
 import { EuiLink, EuiPopover, EuiText, EuiButtonIcon } from '@elastic/eui';
+import { useBoolean } from '@kbn/react-hooks';
 import { FormattedMessage } from '@kbn/i18n-react';
-
-import { useKibana } from '../../../../common/lib/kibana';
+import { useKibana } from '../../../../../common/lib/kibana';
 
 const POPOVER_WIDTH = 320;
 
 /**
  * Icon and popover that gives hint to users how suppression for missing fields work
  */
-const SuppressionInfoIconComponent = () => {
-  const [isPopoverOpen, setIsPopoverOpen] = useState(false);
+export function SuppressionInfoIcon(): JSX.Element {
+  const [isPopoverOpen, { off: closePopover, toggle: togglePopover }] = useBoolean(false);
   const { docLinks } = useKibana().services;
 
-  const onButtonClick = () => setIsPopoverOpen(!isPopoverOpen);
-  const closePopover = () => setIsPopoverOpen(false);
-
   const button = (
     <EuiButtonIcon
       iconType="questionInCircle"
-      onClick={onButtonClick}
+      onClick={togglePopover}
       aria-label="Open help popover"
     />
   );
@@ -59,8 +56,4 @@ const SuppressionInfoIconComponent = () => {
       </EuiText>
     </EuiPopover>
   );
-};
-
-export const SuppressionInfoIcon = React.memo(SuppressionInfoIconComponent);
-
-SuppressionInfoIcon.displayName = 'SuppressionInfoIcon';
+}
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_creation/components/alert_suppression_edit/components/translations.ts b/x-pack/plugins/security_solution/public/detection_engine/rule_creation/components/alert_suppression_edit/components/translations.ts
new file mode 100644
index 0000000000000..8da7d435adfeb
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_creation/components/alert_suppression_edit/components/translations.ts
@@ -0,0 +1,94 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { i18n } from '@kbn/i18n';
+
+export const ALERT_SUPPRESSION_SUPPRESS_BY_FIELD_LABEL = i18n.translate(
+  'xpack.securitySolution.ruleManagement.ruleFields.alertSuppression.fieldsSelector.label',
+  {
+    defaultMessage: 'Suppress alerts by',
+  }
+);
+
+export const ALERT_SUPPRESSION_SUPPRESS_BY_FIELD_HELP_TEXT = i18n.translate(
+  'xpack.securitySolution.ruleManagement.ruleFields.alertSuppression.suppressByFields.helpText',
+  {
+    defaultMessage: 'Select field(s) to use for suppressing extra alerts',
+  }
+);
+
+export const ALERT_SUPPRESSION_DURATION_PER_RULE_EXECUTION_OPTION = i18n.translate(
+  'xpack.securitySolution.ruleManagement.ruleFields.alertSuppression.suppressionDuration.perRuleExecutionOption',
+  {
+    defaultMessage: 'Per rule execution',
+  }
+);
+
+export const ALERT_SUPPRESSION_DURATION_PER_TIME_PERIOD_OPTION = i18n.translate(
+  'xpack.securitySolution.ruleManagement.ruleFields.alertSuppression.suppressionDuration.perTimePeriodOption',
+  {
+    defaultMessage: 'Per time period',
+  }
+);
+
+export const ALERT_SUPPRESSION_MISSING_FIELDS_LABEL = i18n.translate(
+  'xpack.securitySolution.ruleManagement.ruleFields.alertSuppression.missingFields.label',
+  {
+    defaultMessage: 'If a suppression field is missing',
+  }
+);
+
+export const ALERT_SUPPRESSION_MISSING_FIELDS_SUPPRESS_OPTION = i18n.translate(
+  'xpack.securitySolution.ruleManagement.ruleFields.alertSuppression.missingFields.suppressOption',
+  {
+    defaultMessage: 'Suppress and group alerts for events with missing fields',
+  }
+);
+
+export const ALERT_SUPPRESSION_MISSING_FIELDS_DO_NOT_SUPPRESS_OPTION = i18n.translate(
+  'xpack.securitySolution.ruleManagement.ruleFields.alertSuppression.missingFields.doNotSuppressOption',
+  {
+    defaultMessage: 'Do not suppress alerts for events with missing fields',
+  }
+);
+
+export const ALERT_SUPPRESSION_NOT_SUPPORTED_FOR_EQL_SEQUENCE = i18n.translate(
+  'xpack.securitySolution.ruleManagement.ruleFields.alertSuppression.notSupportedForEqlSequence',
+  {
+    defaultMessage: 'Suppression is not supported for EQL sequence queries',
+  }
+);
+
+export const MACHINE_LEARNING_SUPPRESSION_FIELDS_LOADING = i18n.translate(
+  'xpack.securitySolution.ruleManagement.ruleFields.alertSuppression.machineLearningSuppressionFieldsLoading',
+  {
+    defaultMessage: 'Machine Learning suppression fields are loading',
+  }
+);
+
+export const MACHINE_LEARNING_NO_SUPPRESSION_FIELDS = i18n.translate(
+  'xpack.securitySolution.ruleManagement.ruleFields.alertSuppression.machineLearningNoSuppressionFields',
+  {
+    defaultMessage:
+      'Unable to load machine Learning suppression fields, start relevant Machine Learning jobs.',
+  }
+);
+
+export const ESQL_SUPPRESSION_FIELDS_LOADING = i18n.translate(
+  'xpack.securitySolution.ruleManagement.ruleFields.alertSuppression.esqlFieldsLoading',
+  {
+    defaultMessage: 'ES|QL suppression fields are loading',
+  }
+);
+
+export const MACHINE_LEARNING_SUPPRESSION_INCOMPLETE_LABEL = i18n.translate(
+  'xpack.securitySolution.ruleManagement.ruleFields.alertSuppression.machineLearningSuppressionIncomplete',
+  {
+    defaultMessage:
+      'This list of fields might be incomplete as some Machine Learning jobs are not running. Start all relevant jobs for a complete list.',
+  }
+);
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_creation/components/alert_suppression_edit/constants/default_duration.ts b/x-pack/plugins/security_solution/public/detection_engine/rule_creation/components/alert_suppression_edit/constants/default_duration.ts
new file mode 100644
index 0000000000000..6e06d0d67031a
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_creation/components/alert_suppression_edit/constants/default_duration.ts
@@ -0,0 +1,17 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { AlertSuppressionDurationUnitEnum } from '../../../../../../common/api/detection_engine';
+import {
+  ALERT_SUPPRESSION_DURATION_VALUE_FIELD_NAME,
+  ALERT_SUPPRESSION_DURATION_UNIT_FIELD_NAME,
+} from './fields';
+
+export const ALERT_SUPPRESSION_DEFAULT_DURATION = {
+  [ALERT_SUPPRESSION_DURATION_VALUE_FIELD_NAME]: 5,
+  [ALERT_SUPPRESSION_DURATION_UNIT_FIELD_NAME]: AlertSuppressionDurationUnitEnum.m,
+};
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_creation/components/alert_suppression_edit/constants/fields.ts b/x-pack/plugins/security_solution/public/detection_engine/rule_creation/components/alert_suppression_edit/constants/fields.ts
new file mode 100644
index 0000000000000..42a0583e90512
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_creation/components/alert_suppression_edit/constants/fields.ts
@@ -0,0 +1,13 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export const ALERT_SUPPRESSION_FIELDS_FIELD_NAME = 'alertSuppressionFields' as const;
+export const ALERT_SUPPRESSION_DURATION_TYPE_FIELD_NAME = 'alertSuppressionDurationType' as const;
+export const ALERT_SUPPRESSION_DURATION_FIELD_NAME = 'alertSuppressionDuration' as const;
+export const ALERT_SUPPRESSION_DURATION_VALUE_FIELD_NAME = 'value' as const;
+export const ALERT_SUPPRESSION_DURATION_UNIT_FIELD_NAME = 'unit' as const;
+export const ALERT_SUPPRESSION_MISSING_FIELDS_FIELD_NAME = 'alertSuppressionMissingFields' as const;
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_creation/components/alert_suppression_edit/index.ts b/x-pack/plugins/security_solution/public/detection_engine/rule_creation/components/alert_suppression_edit/index.ts
new file mode 100644
index 0000000000000..a97e74726e3c4
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_creation/components/alert_suppression_edit/index.ts
@@ -0,0 +1,11 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export * from './components/alert_suppression_edit';
+export * from './components/suppression_duration_selector';
+export * from './constants/fields';
+export * from './constants/default_duration';
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_creation/components/alert_suppression_edit/test_helpers.ts b/x-pack/plugins/security_solution/public/detection_engine/rule_creation/components/alert_suppression_edit/test_helpers.ts
new file mode 100644
index 0000000000000..b7d6c4003e934
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_creation/components/alert_suppression_edit/test_helpers.ts
@@ -0,0 +1,72 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+// eslint-disable-next-line import/no-extraneous-dependencies
+import { act, fireEvent, waitFor, within, screen } from '@testing-library/react';
+import type { AlertSuppressionDurationUnit } from '../../../../../common/api/detection_engine';
+import { selectEuiComboBoxOption } from '../../../../common/test/eui/combobox';
+
+const COMBO_BOX_TOGGLE_BUTTON_TEST_ID = 'comboBoxToggleListButton';
+
+export async function setSuppressionFields(fieldNames: string[]): Promise<void> {
+  const getAlertSuppressionFieldsComboBoxToggleButton = () =>
+    within(screen.getByTestId('alertSuppressionInput')).getByTestId(
+      COMBO_BOX_TOGGLE_BUTTON_TEST_ID
+    );
+
+  await waitFor(() => {
+    expect(getAlertSuppressionFieldsComboBoxToggleButton()).toBeInTheDocument();
+  });
+
+  for (const fieldName of fieldNames) {
+    await selectEuiComboBoxOption({
+      comboBoxToggleButton: getAlertSuppressionFieldsComboBoxToggleButton(),
+      optionText: fieldName,
+    });
+  }
+}
+
+export function expectSuppressionFields(fieldNames: string[]): void {
+  for (const fieldName of fieldNames) {
+    expect(
+      within(screen.getByTestId('alertSuppressionInput')).getByTitle(fieldName)
+    ).toBeInTheDocument();
+  }
+}
+
+export function setDurationType(value: 'Per rule execution' | 'Per time period'): void {
+  act(() => {
+    fireEvent.click(within(screen.getByTestId('alertSuppressionDuration')).getByLabelText(value));
+  });
+}
+
+export function setDuration(value: number, unit: AlertSuppressionDurationUnit): void {
+  act(() => {
+    fireEvent.input(
+      within(screen.getByTestId('alertSuppressionDuration')).getByTestId('interval'),
+      {
+        target: { value: value.toString() },
+      }
+    );
+
+    fireEvent.change(
+      within(screen.getByTestId('alertSuppressionDuration')).getByTestId('timeType'),
+      {
+        target: { value: unit },
+      }
+    );
+  });
+}
+
+export function expectDuration(value: number, unit: AlertSuppressionDurationUnit): void {
+  expect(
+    within(screen.getByTestId('alertSuppressionDuration')).getByTestId('interval')
+  ).toHaveValue(value);
+  expect(
+    within(screen.getByTestId('alertSuppressionDuration')).getByTestId('timeType')
+  ).toHaveValue(unit);
+}
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/duration_input/index.tsx b/x-pack/plugins/security_solution/public/detection_engine/rule_creation/components/duration_input/index.tsx
similarity index 68%
rename from x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/duration_input/index.tsx
rename to x-pack/plugins/security_solution/public/detection_engine/rule_creation/components/duration_input/index.tsx
index 99222756bcf26..b203cdea8f737 100644
--- a/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/duration_input/index.tsx
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_creation/components/duration_input/index.tsx
@@ -5,10 +5,9 @@
  * 2.0.
  */
 
-import { EuiFieldNumber, EuiFormRow, EuiSelect, transparentize } from '@elastic/eui';
-import React, { useCallback } from 'react';
-import styled from 'styled-components';
-
+import React, { memo, useCallback } from 'react';
+import { css } from '@emotion/css';
+import { EuiFieldNumber, EuiFormRow, EuiSelect, transparentize, useEuiTheme } from '@elastic/eui';
 import type { FieldHook } from '../../../../shared_imports';
 import { getFieldValidityAndErrorMessage } from '../../../../shared_imports';
 import * as I18n from './translations';
@@ -21,39 +20,10 @@ interface DurationInputProps {
   durationUnitOptions?: Array<{ value: 's' | 'm' | 'h' | 'd'; text: string }>;
 }
 
-const getNumberFromUserInput = (input: string, minimumValue = 0): number | undefined => {
-  const number = parseInt(input, 10);
-  if (Number.isNaN(number)) {
-    return minimumValue;
-  } else {
-    return Math.max(minimumValue, Math.min(number, Number.MAX_SAFE_INTEGER));
-  }
-};
-
-const StyledEuiFormRow = styled(EuiFormRow)`
-  max-width: 235px;
-
-  .euiFormControlLayout__append {
-    padding-inline: 0 !important;
-  }
-
-  .euiFormControlLayoutIcons {
-    color: ${({ theme }) => theme.eui.euiColorPrimary};
-  }
-`;
-
-const MyEuiSelect = styled(EuiSelect)`
-  min-width: 106px; // Preserve layout when disabled & dropdown arrow is not rendered
-  box-shadow: none;
-  background: ${({ theme }) =>
-    transparentize(theme.eui.euiColorPrimary, 0.1)} !important; // Override focus states etc.
-  color: ${({ theme }) => theme.eui.euiColorPrimary};
-`;
-
 // This component is similar to the ScheduleItem component, but instead of combining the value
 // and unit into a single string it keeps them separate. This makes the component simpler and
 // allows for easier validation of values and units in APIs as well.
-const DurationInputComponent: React.FC<DurationInputProps> = ({
+export const DurationInput = memo(function DurationInputComponent({
   durationValueField,
   durationUnitField,
   minimumValue = 0,
@@ -64,7 +34,8 @@ const DurationInputComponent: React.FC<DurationInputProps> = ({
     { value: 'h', text: I18n.HOURS },
   ],
   ...props
-}: DurationInputProps) => {
+}: DurationInputProps): JSX.Element {
+  const { euiTheme } = useEuiTheme();
   const { isInvalid, errorMessage } = getFieldValidityAndErrorMessage(durationValueField);
   const { value: durationValue, setValue: setDurationValue } = durationValueField;
   const { value: durationUnit, setValue: setDurationUnit } = durationUnitField;
@@ -84,17 +55,40 @@ const DurationInputComponent: React.FC<DurationInputProps> = ({
     [minimumValue, setDurationValue]
   );
 
+  const durationFormRowStyle = css`
+    max-width: 235px;
+
+    .euiFormControlLayout__append {
+      padding-inline: 0 !important;
+    }
+
+    .euiFormControlLayoutIcons {
+      color: ${euiTheme.colors.primary};
+    }
+  `;
+  const durationUnitSelectStyle = css`
+    min-width: 106px; // Preserve layout when disabled & dropdown arrow is not rendered
+    box-shadow: none;
+    background: ${transparentize(
+      euiTheme.colors.primary,
+      0.1
+    )} !important; // Override focus states etc.
+    color: ${euiTheme.colors.primary};
+  `;
+
   // EUI missing some props
   const rest = { disabled: isDisabled, ...props };
 
   return (
-    <StyledEuiFormRow error={errorMessage} isInvalid={isInvalid}>
+    <EuiFormRow className={durationFormRowStyle} error={errorMessage} isInvalid={isInvalid}>
       <EuiFieldNumber
         append={
-          <MyEuiSelect
+          <EuiSelect
+            className={durationUnitSelectStyle}
             options={durationUnitOptions}
             onChange={onChangeTimeType}
             value={durationUnit}
+            aria-label={I18n.DURATION_UNIT_SELECTOR}
             data-test-subj="timeType"
             {...rest}
           />
@@ -106,8 +100,16 @@ const DurationInputComponent: React.FC<DurationInputProps> = ({
         data-test-subj="interval"
         {...rest}
       />
-    </StyledEuiFormRow>
+    </EuiFormRow>
   );
-};
+});
+
+function getNumberFromUserInput(input: string, minimumValue = 0): number | undefined {
+  const number = parseInt(input, 10);
 
-export const DurationInput = React.memo(DurationInputComponent);
+  if (Number.isNaN(number)) {
+    return minimumValue;
+  } else {
+    return Math.max(minimumValue, Math.min(number, Number.MAX_SAFE_INTEGER));
+  }
+}
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/duration_input/translations.ts b/x-pack/plugins/security_solution/public/detection_engine/rule_creation/components/duration_input/translations.ts
similarity index 82%
rename from x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/duration_input/translations.ts
rename to x-pack/plugins/security_solution/public/detection_engine/rule_creation/components/duration_input/translations.ts
index c460d2f7198b3..51d659210c52b 100644
--- a/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/duration_input/translations.ts
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_creation/components/duration_input/translations.ts
@@ -34,3 +34,10 @@ export const DAYS = i18n.translate(
     defaultMessage: 'Days',
   }
 );
+
+export const DURATION_UNIT_SELECTOR = i18n.translate(
+  'xpack.securitySolution.detectionEngine.createRule.stepScheduleRuleForm.durationUnitSelector',
+  {
+    defaultMessage: 'Duration unit selector',
+  }
+);
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_creation/components/related_integrations/related_integrations.test.tsx b/x-pack/plugins/security_solution/public/detection_engine/rule_creation/components/related_integrations/related_integrations.test.tsx
index 960df4c7de5b9..31e139a335bee 100644
--- a/x-pack/plugins/security_solution/public/detection_engine/rule_creation/components/related_integrations/related_integrations.test.tsx
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_creation/components/related_integrations/related_integrations.test.tsx
@@ -6,19 +6,24 @@
  */
 
 import React from 'react';
-import {
-  screen,
-  render,
-  act,
-  fireEvent,
-  waitFor,
-  waitForElementToBeRemoved,
-} from '@testing-library/react';
+import { screen, render, act, fireEvent, waitFor } from '@testing-library/react';
 import type { RelatedIntegration } from '../../../../../common/api/detection_engine';
 import { FIELD_TYPES, Form, useForm } from '../../../../shared_imports';
 import { createReactQueryWrapper } from '../../../../common/mock';
 import { fleetIntegrationsApi } from '../../../fleet_integrations/api/__mocks__';
 import { RelatedIntegrations } from './related_integrations';
+import {
+  clearEuiComboBoxSelection,
+  selectEuiComboBoxOption,
+  selectFirstEuiComboBoxOption,
+  showEuiComboBoxOptions,
+} from '../../../../common/test/eui/combobox';
+import {
+  addRelatedIntegrationRow,
+  removeLastRelatedIntegrationRow,
+  setVersion,
+  waitForIntegrationsToBeLoaded,
+} from './test_helpers';
 
 // must match to the import in rules/related_integrations/use_integrations.tsx
 jest.mock('../../../fleet_integrations/api');
@@ -41,7 +46,6 @@ const COMBO_BOX_TOGGLE_BUTTON_TEST_ID = 'comboBoxToggleListButton';
 const COMBO_BOX_SELECTION_TEST_ID = 'euiComboBoxPill';
 const COMBO_BOX_CLEAR_BUTTON_TEST_ID = 'comboBoxClearButton';
 const VERSION_INPUT_TEST_ID = 'relatedIntegrationVersionDependency';
-const REMOVE_INTEGRATION_ROW_BUTTON_TEST_ID = 'relatedIntegrationRemove';
 
 describe('RelatedIntegrations form part', () => {
   beforeEach(() => {
@@ -708,72 +712,6 @@ function TestForm({ initialState, onSubmit }: TestFormProps): JSX.Element {
   );
 }
 
-function waitForIntegrationsToBeLoaded(): Promise<void> {
-  return waitForElementToBeRemoved(screen.queryAllByRole('progressbar'));
-}
-
-function addRelatedIntegrationRow(): Promise<void> {
-  return act(async () => {
-    fireEvent.click(screen.getByText('Add integration'));
-  });
-}
-
-function removeLastRelatedIntegrationRow(): Promise<void> {
-  return act(async () => {
-    const lastRemoveButton = screen.getAllByTestId(REMOVE_INTEGRATION_ROW_BUTTON_TEST_ID).at(-1);
-
-    if (!lastRemoveButton) {
-      throw new Error(`There are no "${REMOVE_INTEGRATION_ROW_BUTTON_TEST_ID}" found`);
-    }
-
-    fireEvent.click(lastRemoveButton);
-  });
-}
-
-function showEuiComboBoxOptions(comboBoxToggleButton: HTMLElement): Promise<void> {
-  fireEvent.click(comboBoxToggleButton);
-
-  return waitFor(() => {
-    expect(screen.getByRole('listbox')).toBeInTheDocument();
-  });
-}
-
-function selectEuiComboBoxOption({
-  comboBoxToggleButton,
-  optionIndex,
-}: {
-  comboBoxToggleButton: HTMLElement;
-  optionIndex: number;
-}): Promise<void> {
-  return act(async () => {
-    await showEuiComboBoxOptions(comboBoxToggleButton);
-
-    fireEvent.click(screen.getAllByRole('option')[optionIndex]);
-  });
-}
-
-function clearEuiComboBoxSelection({ clearButton }: { clearButton: HTMLElement }): Promise<void> {
-  return act(async () => {
-    fireEvent.click(clearButton);
-  });
-}
-
-function selectFirstEuiComboBoxOption({
-  comboBoxToggleButton,
-}: {
-  comboBoxToggleButton: HTMLElement;
-}): Promise<void> {
-  return selectEuiComboBoxOption({ comboBoxToggleButton, optionIndex: 0 });
-}
-
-function setVersion({ input, value }: { input: HTMLInputElement; value: string }): Promise<void> {
-  return act(async () => {
-    fireEvent.input(input, {
-      target: { value },
-    });
-  });
-}
-
 function submitForm(): Promise<void> {
   return act(async () => {
     fireEvent.click(screen.getByText('Submit'));
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_creation/components/related_integrations/test_helpers.ts b/x-pack/plugins/security_solution/public/detection_engine/rule_creation/components/related_integrations/test_helpers.ts
new file mode 100644
index 0000000000000..b8c51fd594e13
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_creation/components/related_integrations/test_helpers.ts
@@ -0,0 +1,47 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+// eslint-disable-next-line import/no-extraneous-dependencies
+import { act, fireEvent, waitForElementToBeRemoved, screen } from '@testing-library/react';
+
+const REMOVE_INTEGRATION_ROW_BUTTON_TEST_ID = 'relatedIntegrationRemove';
+
+export function waitForIntegrationsToBeLoaded(): Promise<void> {
+  return waitForElementToBeRemoved(screen.queryAllByRole('progressbar'));
+}
+
+export function addRelatedIntegrationRow(): Promise<void> {
+  return act(async () => {
+    fireEvent.click(screen.getByText('Add integration'));
+  });
+}
+
+export function removeLastRelatedIntegrationRow(): Promise<void> {
+  return act(async () => {
+    const lastRemoveButton = screen.getAllByTestId(REMOVE_INTEGRATION_ROW_BUTTON_TEST_ID).at(-1);
+
+    if (!lastRemoveButton) {
+      throw new Error(`There are no "${REMOVE_INTEGRATION_ROW_BUTTON_TEST_ID}" found`);
+    }
+
+    fireEvent.click(lastRemoveButton);
+  });
+}
+
+export function setVersion({
+  input,
+  value,
+}: {
+  input: HTMLInputElement;
+  value: string;
+}): Promise<void> {
+  return act(async () => {
+    fireEvent.input(input, {
+      target: { value },
+    });
+  });
+}
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_creation/components/threshold_alert_suppression_edit/fields.ts b/x-pack/plugins/security_solution/public/detection_engine/rule_creation/components/threshold_alert_suppression_edit/fields.ts
new file mode 100644
index 0000000000000..4956a2555bc9c
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_creation/components/threshold_alert_suppression_edit/fields.ts
@@ -0,0 +1,8 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export const THRESHOLD_ALERT_SUPPRESSION_ENABLED = 'thresholdAlertSuppressionEnabled' as const;
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_creation/components/threshold_alert_suppression_edit/index.ts b/x-pack/plugins/security_solution/public/detection_engine/rule_creation/components/threshold_alert_suppression_edit/index.ts
new file mode 100644
index 0000000000000..67848fbd5e3b5
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_creation/components/threshold_alert_suppression_edit/index.ts
@@ -0,0 +1,9 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export * from './threshold_alert_suppression_edit';
+export * from './fields';
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_creation/components/threshold_alert_suppression_edit/threshold_alert_suppression_edit.tsx b/x-pack/plugins/security_solution/public/detection_engine/rule_creation/components/threshold_alert_suppression_edit/threshold_alert_suppression_edit.tsx
new file mode 100644
index 0000000000000..a832bff648e8a
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_creation/components/threshold_alert_suppression_edit/threshold_alert_suppression_edit.tsx
@@ -0,0 +1,63 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React, { memo } from 'react';
+import { EuiPanel, EuiToolTip } from '@elastic/eui';
+import { CheckBoxField } from '@kbn/es-ui-shared-plugin/static/forms/components';
+import { UseField, useFormData } from '../../../../shared_imports';
+import { THRESHOLD_ALERT_SUPPRESSION_ENABLED } from './fields';
+import { SuppressionDurationSelector } from '../alert_suppression_edit';
+import * as i18n from './translations';
+
+interface ThresholdAlertSuppressionEditProps {
+  suppressionFieldNames: string[] | undefined;
+  disabled?: boolean;
+  disabledText?: string;
+}
+
+export const ThresholdAlertSuppressionEdit = memo(function ThresholdAlertSuppressionEdit({
+  suppressionFieldNames,
+  disabled,
+  disabledText,
+}: ThresholdAlertSuppressionEditProps): JSX.Element {
+  const [{ [THRESHOLD_ALERT_SUPPRESSION_ENABLED]: suppressionEnabled }] = useFormData({
+    watch: THRESHOLD_ALERT_SUPPRESSION_ENABLED,
+  });
+  const content = (
+    <>
+      <UseField
+        path={THRESHOLD_ALERT_SUPPRESSION_ENABLED}
+        component={CheckBoxField}
+        componentProps={{
+          idAria: 'thresholdAlertSuppressionEnabled',
+          'data-test-subj': 'thresholdAlertSuppressionEnabled',
+        }}
+        euiFieldProps={{
+          label: suppressionFieldNames?.length
+            ? i18n.enableSuppressionForFields(suppressionFieldNames)
+            : i18n.SUPPRESS_ALERTS,
+          disabled,
+        }}
+      />
+      <EuiPanel paddingSize="m" hasShadow={false}>
+        <SuppressionDurationSelector
+          onlyPerTimePeriod
+          onlyPerTimePeriodReasonMessage={i18n.THRESHOLD_SUPPRESSION_PER_RULE_EXECUTION_WARNING}
+          disabled={!suppressionEnabled || disabled}
+        />
+      </EuiPanel>
+    </>
+  );
+
+  return disabled && disabledText ? (
+    <EuiToolTip position="right" content={disabledText}>
+      {content}
+    </EuiToolTip>
+  ) : (
+    content
+  );
+});
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_creation/components/threshold_alert_suppression_edit/translations.tsx b/x-pack/plugins/security_solution/public/detection_engine/rule_creation/components/threshold_alert_suppression_edit/translations.tsx
new file mode 100644
index 0000000000000..25b7158610b34
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_creation/components/threshold_alert_suppression_edit/translations.tsx
@@ -0,0 +1,32 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React from 'react';
+import { i18n } from '@kbn/i18n';
+import { FormattedMessage } from '@kbn/i18n-react';
+
+export const enableSuppressionForFields = (fields: string[]) => (
+  <FormattedMessage
+    id="xpack.securitySolution.ruleManagement.ruleFields.thresholdAlertSuppression.enableForFields"
+    defaultMessage="Suppress alerts by selected fields: {fieldsString}"
+    values={{ fieldsString: <strong>{fields.join(', ')}</strong> }}
+  />
+);
+
+export const SUPPRESS_ALERTS = i18n.translate(
+  'xpack.securitySolution.ruleManagement.ruleFields.thresholdAlertSuppression.enable',
+  {
+    defaultMessage: 'Suppress alerts',
+  }
+);
+
+export const THRESHOLD_SUPPRESSION_PER_RULE_EXECUTION_WARNING = i18n.translate(
+  'xpack.securitySolution.ruleManagement.ruleFields.thresholdAlertSuppression.perRuleExecutionWarning',
+  {
+    defaultMessage: 'Per rule execution option is not available for Threshold rule type',
+  }
+);
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/data_view_selector_field/__mocks__/use_data_views.ts b/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/data_view_selector_field/__mocks__/use_data_view_list_items.ts
similarity index 81%
rename from x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/data_view_selector_field/__mocks__/use_data_views.ts
rename to x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/data_view_selector_field/__mocks__/use_data_view_list_items.ts
index 248729f1f46e7..3d2ba5d1c3724 100644
--- a/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/data_view_selector_field/__mocks__/use_data_views.ts
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/data_view_selector_field/__mocks__/use_data_view_list_items.ts
@@ -5,7 +5,7 @@
  * 2.0.
  */
 
-export const useDataViews = jest.fn().mockReturnValue({
+export const useDataViewListItems = jest.fn().mockReturnValue({
   data: [],
   isFetching: false,
 });
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/data_view_selector_field/data_view_selector_field.test.tsx b/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/data_view_selector_field/data_view_selector_field.test.tsx
index 6cfdf060434b8..8648ade5164e6 100644
--- a/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/data_view_selector_field/data_view_selector_field.test.tsx
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/data_view_selector_field/data_view_selector_field.test.tsx
@@ -9,14 +9,14 @@ import React from 'react';
 import { screen, render } from '@testing-library/react';
 import { TestProviders, useFormFieldMock } from '../../../../common/mock';
 import { DataViewSelectorField } from './data_view_selector_field';
-import { useDataViews } from './use_data_views';
+import { useDataViewListItems } from './use_data_view_list_items';
 
 jest.mock('../../../../common/lib/kibana');
-jest.mock('./use_data_views');
+jest.mock('./use_data_view_list_items');
 
 describe('data_view_selector', () => {
   it('renders correctly', () => {
-    (useDataViews as jest.Mock).mockReturnValue({ data: [], isFetching: false });
+    (useDataViewListItems as jest.Mock).mockReturnValue({ data: [], isFetching: false });
 
     render(
       <DataViewSelectorField
@@ -31,7 +31,7 @@ describe('data_view_selector', () => {
   });
 
   it('disables the combobox while data views are fetching', () => {
-    (useDataViews as jest.Mock).mockReturnValue({ data: [], isFetching: true });
+    (useDataViewListItems as jest.Mock).mockReturnValue({ data: [], isFetching: true });
 
     render(
       <DataViewSelectorField
@@ -57,7 +57,7 @@ describe('data_view_selector', () => {
         title: 'logs-*',
       },
     ];
-    (useDataViews as jest.Mock).mockReturnValue({ data: dataViews, isFetching: false });
+    (useDataViewListItems as jest.Mock).mockReturnValue({ data: dataViews, isFetching: false });
 
     render(
       <DataViewSelectorField
@@ -83,7 +83,7 @@ describe('data_view_selector', () => {
         title: 'logs-*',
       },
     ];
-    (useDataViews as jest.Mock).mockReturnValue({ data: dataViews, isFetching: false });
+    (useDataViewListItems as jest.Mock).mockReturnValue({ data: dataViews, isFetching: false });
 
     render(
       <DataViewSelectorField
@@ -98,7 +98,7 @@ describe('data_view_selector', () => {
   });
 
   it('displays warning on missing data view', () => {
-    (useDataViews as jest.Mock).mockReturnValue({ data: [], isFetching: false });
+    (useDataViewListItems as jest.Mock).mockReturnValue({ data: [], isFetching: false });
 
     render(
       <DataViewSelectorField
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/data_view_selector_field/data_view_selector_field.tsx b/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/data_view_selector_field/data_view_selector_field.tsx
index aacd80ea53236..45db3423cc68a 100644
--- a/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/data_view_selector_field/data_view_selector_field.tsx
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/data_view_selector_field/data_view_selector_field.tsx
@@ -11,7 +11,7 @@ import { EuiCallOut, EuiComboBox, EuiFormRow, EuiSpacer } from '@elastic/eui';
 import type { FieldHook } from '../../../../shared_imports';
 import { getFieldValidityAndErrorMessage } from '../../../../shared_imports';
 import { isDataViewIdValid } from '../../validators/data_view_id_validator_factory';
-import { useDataViews } from './use_data_views';
+import { useDataViewListItems } from './use_data_view_list_items';
 import * as i18n from './translations';
 
 const SECURITY_DEFAULT_DATA_VIEW_ID = 'security-solution-default';
@@ -21,7 +21,7 @@ export interface DataViewSelectorProps {
 }
 
 export function DataViewSelectorField({ field }: DataViewSelectorProps): JSX.Element {
-  const { data: dataViews, isFetching: areDataViewsFetching } = useDataViews();
+  const { data: dataViews, isFetching: areDataViewsFetching } = useDataViewListItems();
   const fieldAndError = field ? getFieldValidityAndErrorMessage(field) : undefined;
   const isInvalid = fieldAndError?.isInvalid;
   const errorMessage = fieldAndError?.errorMessage;
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/data_view_selector_field/use_data_views.ts b/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/data_view_selector_field/use_data_view_list_items.ts
similarity index 95%
rename from x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/data_view_selector_field/use_data_views.ts
rename to x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/data_view_selector_field/use_data_view_list_items.ts
index a68aa4f976269..f08b4c76a45cd 100644
--- a/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/data_view_selector_field/use_data_views.ts
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/data_view_selector_field/use_data_view_list_items.ts
@@ -19,7 +19,7 @@ interface UseDataViewsResult {
 /**
  * Fetches known Kibana data views from the Data View Service.
  */
-export function useDataViews(): UseDataViewsResult {
+export function useDataViewListItems(): UseDataViewsResult {
   const {
     data: { dataViews: dataViewsService },
   } = useKibana().services;
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/description_step/helpers.tsx b/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/description_step/helpers.tsx
index 8ef2a3751a036..6740e9fc8d014 100644
--- a/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/description_step/helpers.tsx
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/description_step/helpers.tsx
@@ -45,7 +45,7 @@ import type {
   AboutStepSeverity,
   Duration,
 } from '../../../../detections/pages/detection_engine/rules/types';
-import { GroupByOptions } from '../../../../detections/pages/detection_engine/rules/types';
+import { AlertSuppressionDurationType } from '../../../../detections/pages/detection_engine/rules/types';
 import { defaultToEmptyTag } from '../../../../common/components/empty_value';
 import { RequiredFieldIcon } from '../../../rule_management/components/rule_details/required_field_icon';
 import { ThreatEuiFlexGroup } from './threat_description';
@@ -582,7 +582,7 @@ export const buildRequiredFieldsDescription = (
 };
 
 export const buildAlertSuppressionDescription = (
-  label: string = i18n.GROUP_BY_LABEL,
+  label: string = i18n.ALERT_SUPPRESSION_LABEL,
   values: string[],
   ruleType: Type
 ): ListItems[] => {
@@ -615,11 +615,11 @@ export const buildAlertSuppressionDescription = (
 export const buildAlertSuppressionWindowDescription = (
   label: string,
   value: Duration,
-  groupByRadioSelection: GroupByOptions,
+  alertSuppressionDuration: AlertSuppressionDurationType,
   ruleType: Type
 ): ListItems[] => {
   const description =
-    groupByRadioSelection === GroupByOptions.PerTimePeriod
+    alertSuppressionDuration === AlertSuppressionDurationType.PerTimePeriod
       ? `${value.value}${value.unit}`
       : i18n.ALERT_SUPPRESSION_PER_RULE_EXECUTION;
 
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/description_step/index.test.tsx b/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/description_step/index.test.tsx
index f5a7e39634359..de46d09065f4e 100644
--- a/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/description_step/index.test.tsx
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/description_step/index.test.tsx
@@ -30,6 +30,15 @@ import { schema } from '../step_about_rule/schema';
 import type { ListItems } from './types';
 import type { AboutStepRule } from '../../../../detections/pages/detection_engine/rules/types';
 import { createLicenseServiceMock } from '../../../../../common/license/mocks';
+import {
+  ALERT_SUPPRESSION_DURATION_FIELD_NAME,
+  ALERT_SUPPRESSION_DURATION_TYPE_FIELD_NAME,
+  ALERT_SUPPRESSION_DURATION_UNIT_FIELD_NAME,
+  ALERT_SUPPRESSION_DURATION_VALUE_FIELD_NAME,
+  ALERT_SUPPRESSION_FIELDS_FIELD_NAME,
+  ALERT_SUPPRESSION_MISSING_FIELDS_FIELD_NAME,
+} from '../../../rule_creation/components/alert_suppression_edit';
+import { THRESHOLD_ALERT_SUPPRESSION_ENABLED } from '../../../rule_creation/components/threshold_alert_suppression_edit';
 
 jest.mock('../../../../common/lib/kibana');
 
@@ -575,25 +584,25 @@ describe('description_step', () => {
 
     describe('alert suppression', () => {
       const suppressionFields = {
-        groupByDuration: {
-          unit: 'm',
-          value: 50,
+        [ALERT_SUPPRESSION_DURATION_FIELD_NAME]: {
+          [ALERT_SUPPRESSION_DURATION_VALUE_FIELD_NAME]: 50,
+          [ALERT_SUPPRESSION_DURATION_UNIT_FIELD_NAME]: 'm',
         },
-        groupByRadioSelection: 'per-time-period',
-        enableThresholdSuppression: true,
-        groupByFields: ['agent.name'],
-        suppressionMissingFields: 'suppress',
+        [ALERT_SUPPRESSION_DURATION_TYPE_FIELD_NAME]: 'per-time-period',
+        [THRESHOLD_ALERT_SUPPRESSION_ENABLED]: true,
+        [ALERT_SUPPRESSION_FIELDS_FIELD_NAME]: ['agent.name'],
+        [ALERT_SUPPRESSION_MISSING_FIELDS_FIELD_NAME]: 'suppress',
       };
-      describe('groupByDuration', () => {
+      describe(ALERT_SUPPRESSION_DURATION_FIELD_NAME, () => {
         ['query', 'saved_query'].forEach((ruleType) => {
-          test(`should be empty if groupByFields empty for ${ruleType} rule`, () => {
+          test(`should be empty if ${ALERT_SUPPRESSION_FIELDS_FIELD_NAME} empty for ${ruleType} rule`, () => {
             const result: ListItems[] = getDescriptionItem(
-              'groupByDuration',
+              ALERT_SUPPRESSION_DURATION_FIELD_NAME,
               'label',
               {
                 ruleType: 'query',
                 ...suppressionFields,
-                groupByFields: [],
+                [ALERT_SUPPRESSION_FIELDS_FIELD_NAME]: [],
               },
               mockFilterManager,
               mockLicenseService
@@ -604,7 +613,7 @@ describe('description_step', () => {
 
           test(`should return item for ${ruleType} rule`, () => {
             const result: ListItems[] = getDescriptionItem(
-              'groupByDuration',
+              ALERT_SUPPRESSION_DURATION_FIELD_NAME,
               'label',
               {
                 ruleType: 'query',
@@ -620,7 +629,7 @@ describe('description_step', () => {
 
         test('should return item for threshold rule', () => {
           const result: ListItems[] = getDescriptionItem(
-            'groupByDuration',
+            ALERT_SUPPRESSION_DURATION_FIELD_NAME,
             'label',
             {
               ruleType: 'threshold',
@@ -633,14 +642,14 @@ describe('description_step', () => {
           expect(result[0].description).toBe('50m');
         });
 
-        test('should return item for threshold rule if groupByFields empty', () => {
+        test(`should return item for threshold rule if ${ALERT_SUPPRESSION_FIELDS_FIELD_NAME} empty`, () => {
           const result: ListItems[] = getDescriptionItem(
-            'groupByDuration',
+            ALERT_SUPPRESSION_DURATION_FIELD_NAME,
             'label',
             {
               ruleType: 'threshold',
               ...suppressionFields,
-              groupByFields: [],
+              [ALERT_SUPPRESSION_FIELDS_FIELD_NAME]: [],
             },
             mockFilterManager,
             mockLicenseService
@@ -651,12 +660,12 @@ describe('description_step', () => {
 
         test('should be empty for threshold rule if suppression not enabled', () => {
           const result: ListItems[] = getDescriptionItem(
-            'groupByDuration',
+            ALERT_SUPPRESSION_DURATION_FIELD_NAME,
             'label',
             {
               ruleType: 'threshold',
               ...suppressionFields,
-              enableThresholdSuppression: false,
+              [THRESHOLD_ALERT_SUPPRESSION_ENABLED]: false,
             },
             mockFilterManager,
             mockLicenseService
@@ -666,10 +675,10 @@ describe('description_step', () => {
         });
       });
 
-      describe('groupByFields', () => {
+      describe(ALERT_SUPPRESSION_FIELDS_FIELD_NAME, () => {
         test(`should be empty if rule type is 'threshold'`, () => {
           const result: ListItems[] = getDescriptionItem(
-            'groupByFields',
+            ALERT_SUPPRESSION_FIELDS_FIELD_NAME,
             'label',
             {
               ruleType: 'threshold',
@@ -685,7 +694,7 @@ describe('description_step', () => {
         ['query', 'saved_query'].forEach((ruleType) => {
           test(`should return item for ${ruleType} rule`, () => {
             const result: ListItems[] = getDescriptionItem(
-              'groupByFields',
+              ALERT_SUPPRESSION_FIELDS_FIELD_NAME,
               'label',
               {
                 ruleType,
@@ -699,10 +708,10 @@ describe('description_step', () => {
         });
       });
 
-      describe('suppressionMissingFields', () => {
+      describe(ALERT_SUPPRESSION_MISSING_FIELDS_FIELD_NAME, () => {
         test(`should be empty if rule type is 'threshold'`, () => {
           const result: ListItems[] = getDescriptionItem(
-            'suppressionMissingFields',
+            ALERT_SUPPRESSION_MISSING_FIELDS_FIELD_NAME,
             'label',
             {
               ruleType: 'threshold',
@@ -718,7 +727,7 @@ describe('description_step', () => {
         ['query', 'saved_query'].forEach((ruleType) => {
           test(`should return item for ${ruleType} rule`, () => {
             const result: ListItems[] = getDescriptionItem(
-              'suppressionMissingFields',
+              ALERT_SUPPRESSION_MISSING_FIELDS_FIELD_NAME,
               'label',
               {
                 ruleType,
@@ -730,14 +739,14 @@ describe('description_step', () => {
             expect(result[0].description).toContain('Suppress');
           });
 
-          test(`should be empty if groupByFields empty for ${ruleType} rule`, () => {
+          test(`should be empty if ${ALERT_SUPPRESSION_FIELDS_FIELD_NAME} empty for ${ruleType} rule`, () => {
             const result: ListItems[] = getDescriptionItem(
-              'suppressionMissingFields',
+              ALERT_SUPPRESSION_MISSING_FIELDS_FIELD_NAME,
               'label',
               {
                 ruleType: 'query',
                 ...suppressionFields,
-                groupByFields: [],
+                [ALERT_SUPPRESSION_FIELDS_FIELD_NAME]: [],
               },
               mockFilterManager,
               mockLicenseService
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/description_step/index.tsx b/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/description_step/index.tsx
index 4676f065f4af8..657f592fe47c4 100644
--- a/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/description_step/index.tsx
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/description_step/index.tsx
@@ -65,6 +65,13 @@ import {
   isSuppressionRuleConfiguredWithGroupBy,
   isSuppressionRuleConfiguredWithDuration,
 } from '../../../../../common/detection_engine/utils';
+import {
+  ALERT_SUPPRESSION_DURATION_FIELD_NAME,
+  ALERT_SUPPRESSION_DURATION_TYPE_FIELD_NAME,
+  ALERT_SUPPRESSION_FIELDS_FIELD_NAME,
+  ALERT_SUPPRESSION_MISSING_FIELDS_FIELD_NAME,
+} from '../../../rule_creation/components/alert_suppression_edit';
+import { THRESHOLD_ALERT_SUPPRESSION_ENABLED } from '../../../rule_creation/components/threshold_alert_suppression_edit';
 
 const DescriptionListContainer = styled(EuiDescriptionList)`
   max-width: 600px;
@@ -217,7 +224,7 @@ export const getDescriptionItem = (
     });
   } else if (field === 'responseActions') {
     return [];
-  } else if (field === 'groupByFields') {
+  } else if (field === ALERT_SUPPRESSION_FIELDS_FIELD_NAME) {
     const ruleType: Type = get('ruleType', data);
 
     const ruleCanHaveGroupByFields = isSuppressionRuleConfiguredWithGroupBy(ruleType);
@@ -226,9 +233,9 @@ export const getDescriptionItem = (
     }
     const values: string[] = get(field, data);
     return buildAlertSuppressionDescription(label, values, ruleType);
-  } else if (field === 'groupByRadioSelection') {
+  } else if (field === ALERT_SUPPRESSION_DURATION_TYPE_FIELD_NAME) {
     return [];
-  } else if (field === 'groupByDuration') {
+  } else if (field === ALERT_SUPPRESSION_DURATION_FIELD_NAME) {
     const ruleType: Type = get('ruleType', data);
 
     const ruleCanHaveDuration = isSuppressionRuleConfiguredWithDuration(ruleType);
@@ -239,21 +246,21 @@ export const getDescriptionItem = (
     // threshold rule has suppression duration without grouping fields, but suppression should be explicitly enabled by user
     // query rule have suppression duration only if group by fields selected
     const showDuration = isThresholdRule(ruleType)
-      ? get('enableThresholdSuppression', data) === true
-      : get('groupByFields', data).length > 0;
+      ? get(THRESHOLD_ALERT_SUPPRESSION_ENABLED, data) === true
+      : get(ALERT_SUPPRESSION_FIELDS_FIELD_NAME, data).length > 0;
 
     if (showDuration) {
       const value: Duration = get(field, data);
       return buildAlertSuppressionWindowDescription(
         label,
         value,
-        get('groupByRadioSelection', data),
+        get(ALERT_SUPPRESSION_DURATION_TYPE_FIELD_NAME, data),
         ruleType
       );
     } else {
       return [];
     }
-  } else if (field === 'suppressionMissingFields') {
+  } else if (field === ALERT_SUPPRESSION_MISSING_FIELDS_FIELD_NAME) {
     const ruleType: Type = get('ruleType', data);
     const ruleCanHaveSuppressionMissingFields =
       isSuppressionRuleConfiguredWithMissingFields(ruleType);
@@ -261,7 +268,7 @@ export const getDescriptionItem = (
     if (!ruleCanHaveSuppressionMissingFields) {
       return [];
     }
-    if (get('groupByFields', data).length > 0) {
+    if (get(ALERT_SUPPRESSION_FIELDS_FIELD_NAME, data).length > 0) {
       const value = get(field, data);
       return buildAlertSuppressionMissingFieldsDescription(label, value, ruleType);
     } else {
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/description_step/translations.ts b/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/description_step/translations.ts
index 27dfec9818eb9..5c43b9181adcb 100644
--- a/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/description_step/translations.ts
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/description_step/translations.ts
@@ -182,8 +182,8 @@ export const BUILDING_BLOCK_DESCRIPTION = i18n.translate(
   }
 );
 
-export const GROUP_BY_LABEL = i18n.translate(
-  'xpack.securitySolution.detectionEngine.ruleDescription.groupByFieldsLabel',
+export const ALERT_SUPPRESSION_LABEL = i18n.translate(
+  'xpack.securitySolution.detectionEngine.ruleDescription.alertSuppressionFieldsLabel',
   {
     defaultMessage: 'Suppress alerts by',
   }
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/multi_select_fields/index.tsx b/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/multi_select_fields/index.tsx
index d38af219fe858..8a27d2f668094 100644
--- a/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/multi_select_fields/index.tsx
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/multi_select_fields/index.tsx
@@ -6,11 +6,9 @@
  */
 
 import React, { useMemo } from 'react';
-
-import { EuiToolTip } from '@elastic/eui';
 import type { DataViewFieldBase } from '@kbn/es-query';
+import { ComboBoxField } from '@kbn/es-ui-shared-plugin/static/forms/components';
 import type { FieldHook } from '../../../../shared_imports';
-import { Field } from '../../../../shared_imports';
 import { FIELD_PLACEHOLDER } from './translations';
 
 interface MultiSelectAutocompleteProps {
@@ -18,7 +16,6 @@ interface MultiSelectAutocompleteProps {
   isDisabled: boolean;
   field: FieldHook;
   fullWidth?: boolean;
-  disabledText?: string;
   dataTestSubj?: string;
 }
 
@@ -28,7 +25,6 @@ const fieldDescribedByIds = 'detectionEngineMultiSelectAutocompleteField';
 
 export const MultiSelectAutocompleteComponent: React.FC<MultiSelectAutocompleteProps> = ({
   browserFields,
-  disabledText,
   isDisabled,
   field,
   fullWidth = false,
@@ -46,21 +42,15 @@ export const MultiSelectAutocompleteComponent: React.FC<MultiSelectAutocompleteP
     }),
     [browserFields, isDisabled, fullWidth]
   );
-  const fieldComponent = (
-    <Field
+
+  return (
+    <ComboBoxField
       field={field}
       idAria={fieldDescribedByIds}
       euiFieldProps={fieldEuiFieldProps}
       data-test-subj={dataTestSubj}
     />
   );
-  return isDisabled ? (
-    <EuiToolTip position="right" content={disabledText}>
-      {fieldComponent}
-    </EuiToolTip>
-  ) : (
-    fieldComponent
-  );
 };
 
 export const MultiSelectFieldsAutocomplete = React.memo(MultiSelectAutocompleteComponent);
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/step_about_rule/index.test.tsx b/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/step_about_rule/index.test.tsx
index bdbc01ada58ff..cc303731b26e3 100644
--- a/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/step_about_rule/index.test.tsx
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/step_about_rule/index.test.tsx
@@ -23,7 +23,7 @@ import type {
 } from '../../../../detections/pages/detection_engine/rules/types';
 import {
   DataSourceType,
-  GroupByOptions,
+  AlertSuppressionDurationType,
 } from '../../../../detections/pages/detection_engine/rules/types';
 import { fillEmptySeverityMappings } from '../../../../detections/pages/detection_engine/rules/helpers';
 import { TestProviders } from '../../../../common/mock';
@@ -36,6 +36,16 @@ import {
 import type { FormHook } from '../../../../shared_imports';
 import { useKibana as mockUseKibana } from '../../../../common/lib/kibana/__mocks__';
 import { useKibana } from '../../../../common/lib/kibana';
+import {
+  ALERT_SUPPRESSION_DURATION_FIELD_NAME,
+  ALERT_SUPPRESSION_DURATION_TYPE_FIELD_NAME,
+  ALERT_SUPPRESSION_DURATION_UNIT_FIELD_NAME,
+  ALERT_SUPPRESSION_DURATION_VALUE_FIELD_NAME,
+  ALERT_SUPPRESSION_FIELDS_FIELD_NAME,
+  ALERT_SUPPRESSION_MISSING_FIELDS_FIELD_NAME,
+} from '../../../rule_creation/components/alert_suppression_edit';
+import { THRESHOLD_ALERT_SUPPRESSION_ENABLED } from '../../../rule_creation/components/threshold_alert_suppression_edit';
+import { AlertSuppressionMissingFieldsStrategyEnum } from '../../../../../common/api/detection_engine';
 
 jest.mock('../../../../common/lib/kibana');
 jest.mock('../../../../common/containers/source');
@@ -69,16 +79,17 @@ export const stepDefineStepMLRule: DefineStepRule = {
   timeline: { id: null, title: null },
   eqlOptions: {},
   dataSourceType: DataSourceType.IndexPatterns,
-  groupByFields: ['host.name'],
-  groupByRadioSelection: GroupByOptions.PerRuleExecution,
-  groupByDuration: {
-    unit: 'm',
-    value: 5,
+  [ALERT_SUPPRESSION_FIELDS_FIELD_NAME]: ['host.name'],
+  [ALERT_SUPPRESSION_DURATION_TYPE_FIELD_NAME]: AlertSuppressionDurationType.PerRuleExecution,
+  [ALERT_SUPPRESSION_DURATION_FIELD_NAME]: {
+    [ALERT_SUPPRESSION_DURATION_VALUE_FIELD_NAME]: 5,
+    [ALERT_SUPPRESSION_DURATION_UNIT_FIELD_NAME]: 'm',
   },
+  [ALERT_SUPPRESSION_MISSING_FIELDS_FIELD_NAME]: AlertSuppressionMissingFieldsStrategyEnum.suppress,
+  [THRESHOLD_ALERT_SUPPRESSION_ENABLED]: false,
   newTermsFields: ['host.ip'],
   historyWindowSize: '7d',
   shouldLoadQueryDynamically: false,
-  enableThresholdSuppression: false,
 };
 
 describe('StepAboutRuleComponent', () => {
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/step_define_rule/index.test.tsx b/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/step_define_rule/index.test.tsx
index f1dcfc74e7923..50264fffabfb8 100644
--- a/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/step_define_rule/index.test.tsx
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/step_define_rule/index.test.tsx
@@ -9,7 +9,8 @@ import React, { useEffect, useState } from 'react';
 import { screen, fireEvent, render, within, act, waitFor } from '@testing-library/react';
 import type { Type as RuleType } from '@kbn/securitysolution-io-ts-alerting-types';
 import type { DataViewBase } from '@kbn/es-query';
-import { StepDefineRule, aggregatableFields } from '.';
+import type { FieldSpec } from '@kbn/data-plugin/common';
+import { StepDefineRule } from '.';
 import type { StepDefineRuleProps } from '.';
 import { mockBrowserFields } from '../../../../common/containers/source/mock';
 import { useRuleFromTimeline } from '../../../../detections/containers/detection_engine/rules/use_rule_from_timeline';
@@ -25,6 +26,22 @@ import {
   createIndexPatternField,
   getSelectToggleButtonForName,
 } from '../../../rule_creation/components/required_fields/required_fields.test';
+import { ALERT_SUPPRESSION_FIELDS_FIELD_NAME } from '../../../rule_creation/components/alert_suppression_edit';
+import {
+  expectDuration,
+  expectSuppressionFields,
+  setDuration,
+  setDurationType,
+  setSuppressionFields,
+} from '../../../rule_creation/components/alert_suppression_edit/test_helpers';
+import {
+  selectEuiComboBoxOption,
+  selectFirstEuiComboBoxOption,
+} from '../../../../common/test/eui/combobox';
+import {
+  addRelatedIntegrationRow,
+  setVersion,
+} from '../../../rule_creation/components/related_integrations/test_helpers';
 
 // Mocks integrations
 jest.mock('../../../fleet_integrations/api');
@@ -48,7 +65,13 @@ jest.mock('../ai_assistant', () => {
   };
 });
 
-jest.mock('../data_view_selector_field/use_data_views');
+jest.mock('../data_view_selector_field/use_data_view_list_items');
+
+jest.mock('../../../../common/hooks/use_license', () => ({
+  useLicense: jest.fn().mockReturnValue({
+    isAtLeast: jest.fn().mockReturnValue(true),
+  }),
+}));
 
 const mockRedirectLegacyUrl = jest.fn();
 const mockGetLegacyUrlConflict = jest.fn();
@@ -149,53 +172,6 @@ jest.mock('react-redux', () => {
 
 jest.mock('../../../../detections/containers/detection_engine/rules/use_rule_from_timeline');
 
-test('aggregatableFields', function () {
-  expect(
-    aggregatableFields([
-      {
-        name: 'error.message',
-        type: 'string',
-        esTypes: ['text'],
-        searchable: true,
-        aggregatable: false,
-        readFromDocValues: false,
-      },
-    ])
-  ).toEqual([]);
-});
-
-test('aggregatableFields with aggregatable: true', function () {
-  expect(
-    aggregatableFields([
-      {
-        name: 'error.message',
-        type: 'string',
-        esTypes: ['text'],
-        searchable: true,
-        aggregatable: false,
-        readFromDocValues: false,
-      },
-      {
-        name: 'file.path',
-        type: 'string',
-        esTypes: ['keyword'],
-        searchable: true,
-        aggregatable: true,
-        readFromDocValues: false,
-      },
-    ])
-  ).toEqual([
-    {
-      name: 'file.path',
-      type: 'string',
-      esTypes: ['keyword'],
-      searchable: true,
-      aggregatable: true,
-      readFromDocValues: false,
-    },
-  ]);
-});
-
 const mockUseRuleFromTimeline = useRuleFromTimeline as jest.Mock;
 const onOpenTimeline = jest.fn();
 
@@ -218,6 +194,62 @@ describe.skip('StepDefineRule', () => {
     expect(screen.getByTestId('stepDefineRule')).toBeDefined();
   });
 
+  describe('alert suppression', () => {
+    it('persists state when switching between custom query and threshold rule types', async () => {
+      const mockFields: FieldSpec[] = [
+        {
+          name: 'test-field',
+          type: 'string',
+          searchable: false,
+          aggregatable: true,
+        },
+      ];
+
+      const { rerender } = render(
+        <TestForm
+          indexPattern={{
+            title: '',
+            fields: mockFields,
+          }}
+        />,
+        {
+          wrapper: TestProviders,
+        }
+      );
+
+      await setSuppressionFields(['test-field']);
+      setDurationType('Per time period');
+      setDuration(10, 'h');
+
+      // switch to threshold rule type
+      rerender(
+        <TestForm
+          ruleType="threshold"
+          indexPattern={{
+            title: '',
+            fields: mockFields,
+          }}
+        />
+      );
+
+      expectDuration(10, 'h');
+
+      // switch back to custom query rule type
+      rerender(
+        <TestForm
+          ruleType="query"
+          indexPattern={{
+            title: '',
+            fields: mockFields,
+          }}
+        />
+      );
+
+      expectSuppressionFields(['test-field']);
+      expectDuration(10, 'h');
+    });
+  });
+
   describe('related integrations', () => {
     beforeEach(() => {
       fleetIntegrationsApi.fetchAllIntegrations.mockResolvedValue({
@@ -631,13 +663,12 @@ function TestForm({
         ruleType={ruleType}
         index={stepDefineDefaultValue.index}
         threatIndex={stepDefineDefaultValue.threatIndex}
-        groupByFields={stepDefineDefaultValue.groupByFields}
+        alertSuppressionFields={stepDefineDefaultValue[ALERT_SUPPRESSION_FIELDS_FIELD_NAME]}
         dataSourceType={stepDefineDefaultValue.dataSourceType}
         shouldLoadQueryDynamically={stepDefineDefaultValue.shouldLoadQueryDynamically}
         queryBarTitle=""
         queryBarSavedId=""
         thresholdFields={[]}
-        enableThresholdSuppression={false}
         {...formProps}
       />
       <button type="button" onClick={form.submit}>
@@ -652,78 +683,3 @@ function submitForm(): Promise<void> {
     fireEvent.click(screen.getByText('Submit'));
   });
 }
-
-function addRelatedIntegrationRow(): Promise<void> {
-  return act(async () => {
-    fireEvent.click(screen.getByText('Add integration'));
-  });
-}
-
-function setVersion({ input, value }: { input: HTMLInputElement; value: string }): Promise<void> {
-  return act(async () => {
-    fireEvent.input(input, {
-      target: { value },
-    });
-  });
-}
-
-function showEuiComboBoxOptions(comboBoxToggleButton: HTMLElement): Promise<void> {
-  fireEvent.click(comboBoxToggleButton);
-
-  return waitFor(() => {
-    const listWithOptionsElement = document.querySelector('[role="listbox"]');
-    const emptyListElement = document.querySelector('.euiComboBoxOptionsList__empty');
-
-    expect(listWithOptionsElement || emptyListElement).toBeInTheDocument();
-  });
-}
-
-type SelectEuiComboBoxOptionParameters =
-  | {
-      comboBoxToggleButton: HTMLElement;
-      optionIndex: number;
-      optionText?: undefined;
-    }
-  | {
-      comboBoxToggleButton: HTMLElement;
-      optionText: string;
-      optionIndex?: undefined;
-    };
-
-function selectEuiComboBoxOption({
-  comboBoxToggleButton,
-  optionIndex,
-  optionText,
-}: SelectEuiComboBoxOptionParameters): Promise<void> {
-  return act(async () => {
-    await showEuiComboBoxOptions(comboBoxToggleButton);
-
-    const options = Array.from(
-      document.querySelectorAll('[data-test-subj*="comboBoxOptionsList"] [role="option"]')
-    );
-
-    if (typeof optionText === 'string') {
-      const optionToSelect = options.find((option) => option.textContent === optionText);
-
-      if (optionToSelect) {
-        fireEvent.click(optionToSelect);
-      } else {
-        throw new Error(
-          `Could not find option with text "${optionText}". Available options: ${options
-            .map((option) => option.textContent)
-            .join(', ')}`
-        );
-      }
-    } else {
-      fireEvent.click(options[optionIndex]);
-    }
-  });
-}
-
-function selectFirstEuiComboBoxOption({
-  comboBoxToggleButton,
-}: {
-  comboBoxToggleButton: HTMLElement;
-}): Promise<void> {
-  return selectEuiComboBoxOption({ comboBoxToggleButton, optionIndex: 0 });
-}
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/step_define_rule/index.tsx b/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/step_define_rule/index.tsx
index 99fb8f2ba469e..7085371eea276 100644
--- a/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/step_define_rule/index.tsx
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/step_define_rule/index.tsx
@@ -14,8 +14,6 @@ import {
   EuiSpacer,
   EuiButtonGroup,
   EuiText,
-  EuiRadioGroup,
-  EuiToolTip,
 } from '@elastic/eui';
 import type { FC } from 'react';
 import React, { memo, useCallback, useState, useEffect, useMemo, useRef } from 'react';
@@ -41,10 +39,7 @@ import type {
   DefineStepRule,
   RuleStepProps,
 } from '../../../../detections/pages/detection_engine/rules/types';
-import {
-  DataSourceType,
-  GroupByOptions,
-} from '../../../../detections/pages/detection_engine/rules/types';
+import { DataSourceType } from '../../../../detections/pages/detection_engine/rules/types';
 import { StepRuleDescription } from '../description_step';
 import type { QueryBarDefineRuleProps } from '../query_bar';
 import { QueryBarDefineRule } from '../query_bar';
@@ -54,7 +49,6 @@ import { MlJobSelect } from '../../../rule_creation/components/ml_job_select';
 import { PickTimeline } from '../../../rule_creation/components/pick_timeline';
 import { StepContentWrapper } from '../../../rule_creation/components/step_content_wrapper';
 import { ThresholdInput } from '../threshold_input';
-import { SuppressionInfoIcon } from '../suppression_info_icon';
 import { EsqlInfoIcon } from '../../../rule_creation/components/esql_info_icon';
 import {
   Field,
@@ -89,10 +83,7 @@ import { ScheduleItem } from '../../../rule_creation/components/schedule_item_fo
 import { RequiredFields } from '../../../rule_creation/components/required_fields';
 import { DocLink } from '../../../../common/components/links_to_docs/doc_link';
 import { defaultCustomQuery } from '../../../../detections/pages/detection_engine/rules/utils';
-import { MultiSelectFieldsAutocomplete } from '../multi_select_fields';
 import { useLicense } from '../../../../common/hooks/use_license';
-import { AlertSuppressionMissingFieldsStrategyEnum } from '../../../../../common/api/detection_engine/model/rule_schema';
-import { DurationInput } from '../duration_input';
 import { MINIMUM_LICENSE_FOR_SUPPRESSION } from '../../../../../common/detection_engine/constants';
 import { useUpsellingMessage } from '../../../../common/hooks/use_upselling';
 import { useAllEsqlRuleFields } from '../../hooks';
@@ -100,6 +91,9 @@ import { useAlertSuppression } from '../../../rule_management/logic/use_alert_su
 import { AiAssistant } from '../ai_assistant';
 import { RelatedIntegrations } from '../../../rule_creation/components/related_integrations';
 import { useMLRuleConfig } from '../../../../common/components/ml/hooks/use_ml_rule_config';
+import { AlertSuppressionEdit } from '../../../rule_creation/components/alert_suppression_edit';
+import { ThresholdAlertSuppressionEdit } from '../../../rule_creation/components/threshold_alert_suppression_edit';
+import { usePersistentAlertSuppressionState } from './use_persistent_alert_suppression_state';
 
 const CommonUseField = getUseField({ component: Field });
 
@@ -121,13 +115,12 @@ export interface StepDefineRuleProps extends RuleStepProps {
   ruleType: Type;
   index: string[];
   threatIndex: string[];
-  groupByFields: string[];
+  alertSuppressionFields?: string[];
   dataSourceType: DataSourceType;
   shouldLoadQueryDynamically: boolean;
   queryBarTitle: string | undefined;
   queryBarSavedId: string | null | undefined;
   thresholdFields: string[] | undefined;
-  enableThresholdSuppression: boolean;
 }
 
 interface StepDefineRuleReadOnlyProps {
@@ -157,25 +150,12 @@ const RuleTypeEuiFormRow = styled(EuiFormRow).attrs<{ $isVisible: boolean }>(({
   },
 }))<{ $isVisible: boolean }>``;
 
-const IntendedRuleTypeEuiFormRow = styled(RuleTypeEuiFormRow)`
-  ${({ theme }) => `padding-left: ${theme.eui.euiSizeXL};`}
-`;
-
-/* eslint-disable react/no-unused-prop-types */
-interface GroupByChildrenProps {
-  groupByRadioSelection: FieldHook<string>;
-  groupByDurationUnit: FieldHook<string>;
-  groupByDurationValue: FieldHook<number | undefined>;
-}
-/* eslint-enable react/no-unused-prop-types */
-
 // eslint-disable-next-line complexity
 const StepDefineRuleComponent: FC<StepDefineRuleProps> = ({
   dataSourceType,
   defaultSavedQuery,
-  enableThresholdSuppression,
   form,
-  groupByFields,
+  alertSuppressionFields,
   index,
   indexPattern,
   indicesConfig,
@@ -272,10 +252,11 @@ const StepDefineRuleComponent: FC<StepDefineRuleProps> = ({
     [form]
   );
 
-  const [aggFields, setAggregatableFields] = useState<FieldSpec[]>([]);
-
-  useEffect(() => {
-    const { fields } = indexPattern;
+  const aggFields = useMemo(
+    () => (indexPattern.fields as FieldSpec[]).filter((field) => field.aggregatable === true),
+    [indexPattern.fields]
+  );
+  const termsAggregationFields = useMemo(
     /**
      * Typecasting to FieldSpec because fields is
      * typed as DataViewFieldBase[] which does not have
@@ -285,12 +266,8 @@ const StepDefineRuleComponent: FC<StepDefineRuleProps> = ({
      * We will need to determine where these types are defined and
      * figure out where the discrepency is.
      */
-    setAggregatableFields(aggregatableFields(fields as FieldSpec[]));
-  }, [indexPattern]);
-
-  const termsAggregationFields: FieldSpec[] = useMemo(
-    () => getTermsAggregationFields(aggFields),
-    [aggFields]
+    () => getTermsAggregationFields(indexPattern.fields as FieldSpec[]),
+    [indexPattern.fields]
   );
 
   const [threatIndexPatternsLoading, { indexPatterns: threatIndexPatterns }] =
@@ -397,14 +374,7 @@ const StepDefineRuleComponent: FC<StepDefineRuleProps> = ({
     }
   }, [ruleType, previousRuleType, getFields]);
 
-  /**
-   * for threshold rule suppression only time interval suppression mode is available
-   */
-  useEffect(() => {
-    if (isThresholdRule) {
-      form.setFieldValue('groupByRadioSelection', GroupByOptions.PerTimePeriod);
-    }
-  }, [isThresholdRule, form]);
+  usePersistentAlertSuppressionState({ form });
 
   // if saved query failed to load:
   // - reset shouldLoadFormDynamically to false, as non existent query cannot be used for loading and execution
@@ -484,19 +454,17 @@ const StepDefineRuleComponent: FC<StepDefineRuleProps> = ({
    * disable these fields and leave users in a bad state that they cannot change.
    * The exception is threshold rules, which use an existing threshold field for the same
    * purpose and so are treated as if the field is always selected.  */
-  const areSuppressionFieldsSelected = isThresholdRule || groupByFields.length > 0;
+  const areSuppressionFieldsSelected = isThresholdRule || Boolean(alertSuppressionFields?.length);
 
   const areSuppressionFieldsDisabledBySequence =
     isEqlRule(ruleType) &&
     isEqlSequenceQuery(queryBar?.query?.query as string) &&
-    groupByFields.length === 0;
+    alertSuppressionFields?.length === 0;
 
   /** If we don't have ML field information, users can't meaningfully interact with suppression fields */
   const areSuppressionFieldsDisabledByMlFields =
     isMlRule(ruleType) && (mlRuleConfigLoading || !mlSuppressionFields.length);
 
-  const isThresholdSuppressionDisabled = isThresholdRule && !enableThresholdSuppression;
-
   /** Suppression fields are generally disabled if either:
    * - License is insufficient (i.e. less than platinum)
    * - An EQL Sequence is used
@@ -534,96 +502,15 @@ const StepDefineRuleComponent: FC<StepDefineRuleProps> = ({
     }
   }, [esqlSuppressionFields, mlSuppressionFields, ruleType, termsAggregationFields]);
 
-  const isGroupByChildrenDisabled =
-    areSuppressionFieldsDisabled || isThresholdSuppressionDisabled || !areSuppressionFieldsSelected;
-  const isPerRuleExecutionDisabled = areSuppressionFieldsDisabled || isThresholdRule;
-  const isPerTimePeriodDisabled =
-    areSuppressionFieldsDisabled || isThresholdSuppressionDisabled || !areSuppressionFieldsSelected;
-  const isDurationDisabled =
-    areSuppressionFieldsDisabled || isThresholdSuppressionDisabled || !areSuppressionFieldsSelected;
-  const isMissingFieldsDisabled = areSuppressionFieldsDisabled || !areSuppressionFieldsSelected;
-
-  const GroupByChildren = useCallback(
-    ({
-      groupByRadioSelection,
-      groupByDurationUnit,
-      groupByDurationValue,
-    }: GroupByChildrenProps) => (
-      <EuiRadioGroup
-        disabled={isGroupByChildrenDisabled}
-        idSelected={groupByRadioSelection.value}
-        options={[
-          {
-            id: GroupByOptions.PerRuleExecution,
-            label: (
-              <EuiToolTip
-                content={
-                  isThresholdRule ? i18n.THRESHOLD_SUPPRESSION_PER_RULE_EXECUTION_WARNING : null
-                }
-              >
-                <> {i18n.ALERT_SUPPRESSION_PER_RULE_EXECUTION}</>
-              </EuiToolTip>
-            ),
-            disabled: isPerRuleExecutionDisabled,
-          },
-          {
-            id: GroupByOptions.PerTimePeriod,
-            disabled: isPerTimePeriodDisabled,
-            label: (
-              <>
-                {i18n.ALERT_SUPPRESSION_PER_TIME_PERIOD}
-                <DurationInput
-                  data-test-subj="alertSuppressionDurationInput"
-                  durationValueField={groupByDurationValue}
-                  durationUnitField={groupByDurationUnit}
-                  // Suppression duration is also disabled suppression by rule execution is selected in radio button
-                  isDisabled={
-                    isDurationDisabled ||
-                    groupByRadioSelection.value !== GroupByOptions.PerTimePeriod
-                  }
-                  minimumValue={1}
-                />
-              </>
-            ),
-          },
-        ]}
-        onChange={(id: string) => {
-          groupByRadioSelection.setValue(id);
-        }}
-        data-test-subj="groupByDurationOptions"
-      />
-    ),
-    [
-      isThresholdRule,
-      isDurationDisabled,
-      isPerTimePeriodDisabled,
-      isPerRuleExecutionDisabled,
-      isGroupByChildrenDisabled,
-    ]
-  );
-
-  const AlertSuppressionMissingFields = useCallback(
-    ({ suppressionMissingFields }: Record<string, FieldHook<string | undefined>>) => (
-      <EuiRadioGroup
-        disabled={isMissingFieldsDisabled}
-        idSelected={suppressionMissingFields.value}
-        options={[
-          {
-            id: AlertSuppressionMissingFieldsStrategyEnum.suppress,
-            label: i18n.ALERT_SUPPRESSION_MISSING_FIELDS_SUPPRESS_OPTION,
-          },
-          {
-            id: AlertSuppressionMissingFieldsStrategyEnum.doNotSuppress,
-            label: i18n.ALERT_SUPPRESSION_MISSING_FIELDS_DO_NOT_SUPPRESS_OPTION,
-          },
-        ]}
-        onChange={(id: string) => {
-          suppressionMissingFields.setValue(id);
-        }}
-        data-test-subj="suppressionMissingFieldsOptions"
-      />
+  const alertSuppressionFieldsAppendText = useMemo(
+    () => (
+      <EuiText color="subdued" size="xs">
+        {isSuppressionRuleInGA(ruleType)
+          ? i18n.ALERT_SUPPRESSION_FIELDS_GA_LABEL_APPEND
+          : i18n.ALERT_SUPPRESSION_FIELDS_TECH_PREVIEW_LABEL_APPEND}
+      </EuiText>
     ),
-    [isMissingFieldsDisabled]
+    [ruleType]
   );
 
   const dataViewIndexPatternToggleButtonOptions: EuiButtonGroupOptionProps[] = useMemo(
@@ -938,7 +825,6 @@ const StepDefineRuleComponent: FC<StepDefineRuleProps> = ({
               )}
             </>
           </RuleTypeEuiFormRow>
-
           {!isMlRule(ruleType) && !isQueryBarValid && queryBar?.query?.query && (
             <AiAssistant
               getFields={form.getFields}
@@ -946,7 +832,6 @@ const StepDefineRuleComponent: FC<StepDefineRuleProps> = ({
               language={queryBar?.query?.language}
             />
           )}
-
           {isQueryRule(ruleType) && (
             <>
               <EuiSpacer size="s" />
@@ -1058,99 +943,27 @@ const StepDefineRuleComponent: FC<StepDefineRuleProps> = ({
           </RuleTypeEuiFormRow>
           <EuiSpacer size="m" />
 
-          <>
-            <RuleTypeEuiFormRow $isVisible={isAlertSuppressionEnabled && isThresholdRule} fullWidth>
-              <EuiToolTip content={alertSuppressionUpsellingMessage} position="right">
-                <CommonUseField
-                  path="enableThresholdSuppression"
-                  componentProps={{
-                    idAria: 'detectionEngineStepDefineRuleThresholdEnableSuppression',
-                    'data-test-subj': 'detectionEngineStepDefineRuleThresholdEnableSuppression',
-                    euiFieldProps: {
-                      label: i18n.getEnableThresholdSuppressionLabel(thresholdFields),
-                      disabled: !isAlertSuppressionLicenseValid,
-                    },
-                  }}
-                />
-              </EuiToolTip>
-            </RuleTypeEuiFormRow>
-
-            <RuleTypeEuiFormRow
-              $isVisible={isAlertSuppressionEnabled && !isThresholdRule}
-              data-test-subj="alertSuppressionInput"
-              label={i18n.GROUP_BY_LABEL}
-              labelAppend={
-                <EuiText color="subdued" size="xs">
-                  {isSuppressionRuleInGA(ruleType)
-                    ? i18n.GROUP_BY_GA_LABEL_APPEND
-                    : i18n.GROUP_BY_TECH_PREVIEW_LABEL_APPEND}
-                </EuiText>
-              }
-            >
-              <>
-                <UseField
-                  path="groupByFields"
-                  component={MultiSelectFieldsAutocomplete}
-                  componentProps={{
-                    browserFields: suppressionGroupByFields,
-                    isDisabled: isSuppressionGroupByDisabled,
-                    disabledText: suppressionGroupByDisabledText,
-                  }}
-                />
-                {isMlSuppressionIncomplete && (
-                  <EuiText size="xs" color="warning">
-                    {i18n.MACHINE_LEARNING_SUPPRESSION_INCOMPLETE_LABEL}
-                  </EuiText>
-                )}
-              </>
-            </RuleTypeEuiFormRow>
-
-            <IntendedRuleTypeEuiFormRow
-              $isVisible={isAlertSuppressionEnabled}
-              data-test-subj="alertSuppressionDuration"
-            >
-              <UseMultiFields
-                fields={{
-                  groupByRadioSelection: {
-                    path: 'groupByRadioSelection',
-                  },
-                  groupByDurationValue: {
-                    path: 'groupByDuration.value',
-                  },
-                  groupByDurationUnit: {
-                    path: 'groupByDuration.unit',
-                  },
-                }}
-              >
-                {GroupByChildren}
-              </UseMultiFields>
-            </IntendedRuleTypeEuiFormRow>
-
-            <IntendedRuleTypeEuiFormRow
-              // threshold rule does not have this suppression configuration
-              $isVisible={isAlertSuppressionEnabled && !isThresholdRule}
-              data-test-subj="alertSuppressionMissingFields"
-              label={
-                <span>
-                  {i18n.ALERT_SUPPRESSION_MISSING_FIELDS_FORM_ROW_LABEL} <SuppressionInfoIcon />
-                </span>
-              }
-              fullWidth
-            >
-              <UseMultiFields
-                fields={{
-                  suppressionMissingFields: {
-                    path: 'suppressionMissingFields',
-                  },
-                }}
-              >
-                {AlertSuppressionMissingFields}
-              </UseMultiFields>
-            </IntendedRuleTypeEuiFormRow>
-          </>
-
-          <EuiSpacer size="l" />
-
+          <RuleTypeEuiFormRow $isVisible={isAlertSuppressionEnabled} fullWidth>
+            {isThresholdRule ? (
+              <ThresholdAlertSuppressionEdit
+                suppressionFieldNames={thresholdFields}
+                disabled={!isAlertSuppressionLicenseValid}
+                disabledText={alertSuppressionUpsellingMessage}
+              />
+            ) : (
+              <AlertSuppressionEdit
+                suppressibleFields={suppressionGroupByFields}
+                labelAppend={alertSuppressionFieldsAppendText}
+                warningText={
+                  isMlSuppressionIncomplete
+                    ? i18n.MACHINE_LEARNING_SUPPRESSION_INCOMPLETE_LABEL
+                    : undefined
+                }
+                disabled={isSuppressionGroupByDisabled}
+                disabledText={suppressionGroupByDisabledText}
+              />
+            )}
+          </RuleTypeEuiFormRow>
           {!isMlRule(ruleType) && (
             <>
               <RequiredFields
@@ -1161,9 +974,7 @@ const StepDefineRuleComponent: FC<StepDefineRuleProps> = ({
               <EuiSpacer size="l" />
             </>
           )}
-
           <RelatedIntegrations path="relatedIntegrations" dataTestSubj="relatedIntegrations" />
-
           <UseField
             path="timeline"
             component={PickTimeline}
@@ -1201,7 +1012,3 @@ const StepDefineRuleReadOnlyComponent: FC<StepDefineRuleReadOnlyProps> = ({
   );
 };
 export const StepDefineRuleReadOnly = memo(StepDefineRuleReadOnlyComponent);
-
-export function aggregatableFields<T extends { aggregatable: boolean }>(browserFields: T[]): T[] {
-  return browserFields.filter((field) => field.aggregatable === true);
-}
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/step_define_rule/schema.tsx b/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/step_define_rule/schema.tsx
index fc8468b094fa1..6563c0d3b175f 100644
--- a/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/step_define_rule/schema.tsx
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/step_define_rule/schema.tsx
@@ -34,6 +34,9 @@ import type { DefineStepRule } from '../../../../detections/pages/detection_engi
 import { DataSourceType } from '../../../../detections/pages/detection_engine/rules/types';
 import { debounceAsync, eqlValidator } from '../eql_query_bar/validators';
 import { esqlValidator } from '../../../rule_creation/logic/esql_validator';
+import { dataViewIdValidatorFactory } from '../../validators/data_view_id_validator_factory';
+import { indexPatternValidatorFactory } from '../../validators/index_pattern_validator_factory';
+import { alertSuppressionFieldsValidatorFactory } from '../../validators/alert_suppression_fields_validator_factory';
 import {
   CUSTOM_QUERY_REQUIRED,
   INVALID_CUSTOM_QUERY,
@@ -44,8 +47,12 @@ import {
   EQL_SEQUENCE_SUPPRESSION_GROUPBY_VALIDATION_TEXT,
 } from './translations';
 import { getQueryRequiredMessage } from './utils';
-import { dataViewIdValidatorFactory } from '../../validators/data_view_id_validator_factory';
-import { indexPatternValidatorFactory } from '../../validators/index_pattern_validator_factory';
+import {
+  ALERT_SUPPRESSION_DURATION_FIELD_NAME,
+  ALERT_SUPPRESSION_FIELDS_FIELD_NAME,
+  ALERT_SUPPRESSION_MISSING_FIELDS_FIELD_NAME,
+} from '../../../rule_creation/components/alert_suppression_edit';
+import * as alertSuppressionEditI81n from '../../../rule_creation/components/alert_suppression_edit/components/translations';
 
 export const schema: FormSchema<DefineStepRule> = {
   index: {
@@ -112,7 +119,7 @@ export const schema: FormSchema<DefineStepRule> = {
     fieldsToValidateOnChange: ['eqlOptions', 'queryBar'],
   },
   queryBar: {
-    fieldsToValidateOnChange: ['queryBar', 'groupByFields'],
+    fieldsToValidateOnChange: ['queryBar', ALERT_SUPPRESSION_FIELDS_FIELD_NAME],
     validations: [
       {
         validator: (
@@ -648,34 +655,18 @@ export const schema: FormSchema<DefineStepRule> = {
       },
     ],
   },
-  groupByFields: {
-    type: FIELD_TYPES.COMBO_BOX,
-    helpText: i18n.translate(
-      'xpack.securitySolution.detectionEngine.createRule.stepDefineRule.fieldGroupByFieldHelpText',
-      {
-        defaultMessage: 'Select field(s) to use for suppressing extra alerts',
-      }
-    ),
+  [ALERT_SUPPRESSION_FIELDS_FIELD_NAME]: {
     validations: [
       {
-        validator: (
-          ...args: Parameters<ValidationFunc>
-        ): ReturnType<ValidationFunc<{}, ERROR_CODE>> | undefined => {
+        validator: (...args: Parameters<ValidationFunc>) => {
           const [{ formData }] = args;
           const needsValidation = isSuppressionRuleConfiguredWithGroupBy(formData.ruleType);
 
           if (!needsValidation) {
             return;
           }
-          return fieldValidators.maxLengthField({
-            length: 3,
-            message: i18n.translate(
-              'xpack.securitySolution.detectionEngine.validations.stepDefineRule.groupByFieldsMax',
-              {
-                defaultMessage: 'Number of grouping fields must be at most 3',
-              }
-            ),
-          })(...args);
+
+          return alertSuppressionFieldsValidatorFactory()(...args);
         },
       },
       {
@@ -683,13 +674,13 @@ export const schema: FormSchema<DefineStepRule> = {
           ...args: Parameters<ValidationFunc>
         ): ReturnType<ValidationFunc<{}, ERROR_CODE>> | undefined => {
           const [{ formData, value }] = args;
-          const groupByLength = (value as string[]).length;
-          const needsValidation = isEqlRule(formData.ruleType) && groupByLength > 0;
-          if (!needsValidation) {
+
+          if (!isEqlRule(formData.ruleType) || !Array.isArray(value) || value.length === 0) {
             return;
           }
 
           const query: string = formData.queryBar?.query?.query ?? '';
+
           if (isEqlSequenceQuery(query)) {
             return {
               message: EQL_SEQUENCE_SUPPRESSION_GROUPBY_VALIDATION_TEXT,
@@ -699,37 +690,19 @@ export const schema: FormSchema<DefineStepRule> = {
       },
     ],
   },
-  groupByRadioSelection: {},
-  groupByDuration: {
+  [ALERT_SUPPRESSION_DURATION_FIELD_NAME]: {
     label: i18n.translate(
       'xpack.securitySolution.detectionEngine.createRule.stepDefineRule.groupByDurationValueLabel',
       {
         defaultMessage: 'Suppress alerts for',
       }
     ),
-    helpText: i18n.translate(
-      'xpack.securitySolution.detectionEngine.createRule.stepDefineRule.fieldGroupByDurationValueHelpText',
-      {
-        defaultMessage: 'Suppress alerts for',
-      }
-    ),
-    value: {},
-    unit: {},
   },
-  suppressionMissingFields: {
-    label: i18n.translate(
-      'xpack.securitySolution.detectionEngine.createRule.stepDefineRule.suppressionMissingFieldsLabel',
-      {
-        defaultMessage: 'If a suppression field is missing',
-      }
-    ),
+  [ALERT_SUPPRESSION_MISSING_FIELDS_FIELD_NAME]: {
+    label: alertSuppressionEditI81n.ALERT_SUPPRESSION_MISSING_FIELDS_LABEL,
   },
   shouldLoadQueryDynamically: {
     type: FIELD_TYPES.CHECKBOX,
     defaultValue: false,
   },
-  enableThresholdSuppression: {
-    type: FIELD_TYPES.CHECKBOX,
-    defaultValue: false,
-  },
 };
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/step_define_rule/translations.tsx b/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/step_define_rule/translations.tsx
index b212aa7c67dd4..d8b24f978afd0 100644
--- a/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/step_define_rule/translations.tsx
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/step_define_rule/translations.tsx
@@ -249,23 +249,16 @@ export const MACHINE_LEARNING_SUPPRESSION_INCOMPLETE_LABEL = i18n.translate(
   }
 );
 
-export const GROUP_BY_TECH_PREVIEW_LABEL_APPEND = i18n.translate(
-  'xpack.securitySolution.detectionEngine.createRule.stepDefineRule.groupByFieldsTechPreviewLabelAppend',
+export const ALERT_SUPPRESSION_FIELDS_TECH_PREVIEW_LABEL_APPEND = i18n.translate(
+  'xpack.securitySolution.detectionEngine.createRule.stepDefineRule.alertSuppressionTechPreviewLabelAppend',
   {
     defaultMessage: 'Optional (Technical Preview)',
   }
 );
 
-export const GROUP_BY_GA_LABEL_APPEND = i18n.translate(
-  'xpack.securitySolution.detectionEngine.createRule.stepDefineRule.groupByFieldsGALabelAppend',
+export const ALERT_SUPPRESSION_FIELDS_GA_LABEL_APPEND = i18n.translate(
+  'xpack.securitySolution.detectionEngine.createRule.stepDefineRule.alertSuppressionGALabelAppend',
   {
     defaultMessage: 'Optional',
   }
 );
-
-export const GROUP_BY_LABEL = i18n.translate(
-  'xpack.securitySolution.detectionEngine.createRule.stepDefineRule.groupByFieldsLabel',
-  {
-    defaultMessage: 'Suppress alerts by',
-  }
-);
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/step_define_rule/use_persistent_alert_suppression_state.ts b/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/step_define_rule/use_persistent_alert_suppression_state.ts
new file mode 100644
index 0000000000000..d3c60df684928
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/step_define_rule/use_persistent_alert_suppression_state.ts
@@ -0,0 +1,77 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { useEffect } from 'react';
+import { isThresholdRule } from '../../../../../common/detection_engine/utils';
+import type { FormHook } from '../../../../shared_imports';
+import { useFormData } from '../../../../shared_imports';
+import { THRESHOLD_ALERT_SUPPRESSION_ENABLED } from '../../../rule_creation/components/threshold_alert_suppression_edit';
+import {
+  ALERT_SUPPRESSION_DURATION_FIELD_NAME,
+  ALERT_SUPPRESSION_DURATION_TYPE_FIELD_NAME,
+  ALERT_SUPPRESSION_DURATION_UNIT_FIELD_NAME,
+  ALERT_SUPPRESSION_DURATION_VALUE_FIELD_NAME,
+  ALERT_SUPPRESSION_FIELDS_FIELD_NAME,
+  ALERT_SUPPRESSION_MISSING_FIELDS_FIELD_NAME,
+} from '../../../rule_creation/components/alert_suppression_edit';
+import {
+  AlertSuppressionDurationType,
+  type DefineStepRule,
+} from '../../../../detections/pages/detection_engine/rules/types';
+
+interface UsePersistentAlertSuppressionStateParams {
+  form: FormHook<DefineStepRule>;
+}
+
+export function usePersistentAlertSuppressionState({
+  form,
+}: UsePersistentAlertSuppressionStateParams): void {
+  const [
+    {
+      ruleType,
+      [THRESHOLD_ALERT_SUPPRESSION_ENABLED]: thresholdAlertSuppressionEnabled,
+      [ALERT_SUPPRESSION_FIELDS_FIELD_NAME]: suppressionFields,
+      [ALERT_SUPPRESSION_DURATION_TYPE_FIELD_NAME]: suppressionDurationType,
+      [ALERT_SUPPRESSION_DURATION_FIELD_NAME]: suppressionDuration,
+      [ALERT_SUPPRESSION_MISSING_FIELDS_FIELD_NAME]: suppressionMissingFieldsStrategy,
+    },
+  ] = useFormData({
+    form,
+    watch: [
+      'ruleType',
+      THRESHOLD_ALERT_SUPPRESSION_ENABLED,
+      ALERT_SUPPRESSION_FIELDS_FIELD_NAME,
+      ALERT_SUPPRESSION_DURATION_TYPE_FIELD_NAME,
+      `${ALERT_SUPPRESSION_DURATION_FIELD_NAME}.${ALERT_SUPPRESSION_DURATION_VALUE_FIELD_NAME}`,
+      `${ALERT_SUPPRESSION_DURATION_FIELD_NAME}.${ALERT_SUPPRESSION_DURATION_UNIT_FIELD_NAME}`,
+      ALERT_SUPPRESSION_MISSING_FIELDS_FIELD_NAME,
+    ],
+  });
+
+  useEffect(() => {
+    form.updateFieldValues({
+      [THRESHOLD_ALERT_SUPPRESSION_ENABLED]: thresholdAlertSuppressionEnabled,
+      [ALERT_SUPPRESSION_FIELDS_FIELD_NAME]: suppressionFields,
+      ...(isThresholdRule(ruleType)
+        ? {
+            [ALERT_SUPPRESSION_DURATION_TYPE_FIELD_NAME]:
+              AlertSuppressionDurationType.PerTimePeriod,
+          }
+        : { [ALERT_SUPPRESSION_DURATION_TYPE_FIELD_NAME]: suppressionDurationType }),
+      [ALERT_SUPPRESSION_DURATION_FIELD_NAME]: suppressionDuration,
+      [ALERT_SUPPRESSION_MISSING_FIELDS_FIELD_NAME]: suppressionMissingFieldsStrategy,
+    });
+  }, [
+    form,
+    ruleType,
+    thresholdAlertSuppressionEnabled,
+    suppressionFields,
+    suppressionDurationType,
+    suppressionDuration,
+    suppressionMissingFieldsStrategy,
+  ]);
+}
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/step_define_rule/utils.ts b/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/step_define_rule/utils.ts
index 9ac99b9583ae9..88592da7ecd8d 100644
--- a/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/step_define_rule/utils.ts
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/step_define_rule/utils.ts
@@ -18,12 +18,13 @@ import { isEqlRule, isEsqlRule } from '../../../../../common/detection_engine/ut
  * Keyword, Numeric, ip, boolean, or binary.
  * https://www.elastic.co/guide/en/elasticsearch/reference/current/search-aggregations-bucket-terms-aggregation.html
  */
-export const getTermsAggregationFields = (fields: FieldSpec[]): FieldSpec[] => {
-  // binary types is excluded, as binary field has property aggregatable === false
-  const allowedTypesSet = new Set(['string', 'number', 'ip', 'boolean']);
+export const getTermsAggregationFields = (fields: FieldSpec[]): FieldSpec[] =>
+  fields.filter(
+    (field) => field.aggregatable === true && ALLOWED_AGGREGATABLE_FIELD_TYPES_SET.has(field.type)
+  );
 
-  return fields.filter((field) => field.aggregatable === true && allowedTypesSet.has(field.type));
-};
+// binary types is excluded, as binary field has property aggregatable === false
+const ALLOWED_AGGREGATABLE_FIELD_TYPES_SET = new Set(['string', 'number', 'ip', 'boolean']);
 
 /**
  * return query is required message depends on a rule type
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/pages/form.test.ts b/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/pages/form.test.ts
index ca1e5042eac80..84d10bae1c5d5 100644
--- a/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/pages/form.test.ts
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/pages/form.test.ts
@@ -18,6 +18,7 @@ import type {
 
 import { useRuleFormsErrors } from './form';
 import { transformEqlResponseErrorToValidationError } from '../components/eql_query_bar/validators';
+import { ALERT_SUPPRESSION_FIELDS_FIELD_NAME } from '../../rule_creation/components/alert_suppression_edit';
 
 const getFormWithErrorsMock = <T extends FormData = FormData>(fields: {
   [key: string]: { errors: Array<ValidationError<EQL_ERROR_CODES | ESQL_ERROR_CODES>> };
@@ -248,7 +249,7 @@ describe('useRuleFormsErrors', () => {
 
       const defineStepForm = getFormWithErrorsMock<DefineStepRule>({
         queryBar: { errors: [esqlValidationError] },
-        groupByFields: { errors: [groupByValidationError] },
+        [ALERT_SUPPRESSION_FIELDS_FIELD_NAME]: { errors: [groupByValidationError] },
       });
       const aboutStepForm = getFormWithErrorsMock<AboutStepRule>({
         name: {
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/pages/rule_creation/helpers.test.ts b/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/pages/rule_creation/helpers.test.ts
index 3f310ebdaaa3b..d28634fb6691a 100644
--- a/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/pages/rule_creation/helpers.test.ts
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/pages/rule_creation/helpers.test.ts
@@ -25,7 +25,7 @@ import type {
   ScheduleStepRule,
   DefineStepRule,
 } from '../../../../detections/pages/detection_engine/rules/types';
-import { GroupByOptions } from '../../../../detections/pages/detection_engine/rules/types';
+import { AlertSuppressionDurationType } from '../../../../detections/pages/detection_engine/rules/types';
 import {
   getTimeTypeValue,
   formatDefineStepData,
@@ -45,6 +45,13 @@ import {
 } from '../../../rule_management_ui/components/rules_table/__mocks__/mock';
 import { getThreatMock } from '../../../../../common/detection_engine/schemas/types/threat.mock';
 import type { Threat, Threats } from '@kbn/securitysolution-io-ts-alerting-types';
+import {
+  ALERT_SUPPRESSION_DURATION_FIELD_NAME,
+  ALERT_SUPPRESSION_DURATION_TYPE_FIELD_NAME,
+  ALERT_SUPPRESSION_DURATION_UNIT_FIELD_NAME,
+  ALERT_SUPPRESSION_DURATION_VALUE_FIELD_NAME,
+  ALERT_SUPPRESSION_FIELDS_FIELD_NAME,
+} from '../../../rule_creation/components/alert_suppression_edit';
 
 describe('helpers', () => {
   describe('getTimeTypeValue', () => {
@@ -458,8 +465,9 @@ describe('helpers', () => {
               query: 'process where process_name == "explorer.exe"',
             },
           },
-          groupByFields: ['event.type'],
-          groupByRadioSelection: GroupByOptions.PerRuleExecution,
+          [ALERT_SUPPRESSION_FIELDS_FIELD_NAME]: ['event.type'],
+          [ALERT_SUPPRESSION_DURATION_TYPE_FIELD_NAME]:
+            AlertSuppressionDurationType.PerRuleExecution,
         };
         const result = formatDefineStepData(mockStepData);
 
@@ -491,9 +499,9 @@ describe('helpers', () => {
               query: 'process where process_name == "explorer.exe"',
             },
           },
-          groupByFields: ['event.type'],
-          groupByRadioSelection: GroupByOptions.PerTimePeriod,
-          groupByDuration: { value: 10, unit: 'm' },
+          [ALERT_SUPPRESSION_FIELDS_FIELD_NAME]: ['event.type'],
+          [ALERT_SUPPRESSION_DURATION_TYPE_FIELD_NAME]: AlertSuppressionDurationType.PerTimePeriod,
+          [ALERT_SUPPRESSION_DURATION_FIELD_NAME]: { value: 10, unit: 'm' },
         };
         const result = formatDefineStepData(mockStepData);
 
@@ -597,9 +605,12 @@ describe('helpers', () => {
         ruleType: 'machine_learning',
         machineLearningJobId: ['some_jobert_id'],
         anomalyThreshold: 44,
-        groupByFields: ['event.type'],
-        groupByRadioSelection: GroupByOptions.PerTimePeriod,
-        groupByDuration: { value: 10, unit: 'm' },
+        [ALERT_SUPPRESSION_FIELDS_FIELD_NAME]: ['event.type'],
+        [ALERT_SUPPRESSION_DURATION_TYPE_FIELD_NAME]: AlertSuppressionDurationType.PerTimePeriod,
+        [ALERT_SUPPRESSION_DURATION_FIELD_NAME]: {
+          [ALERT_SUPPRESSION_DURATION_VALUE_FIELD_NAME]: 10,
+          [ALERT_SUPPRESSION_DURATION_UNIT_FIELD_NAME]: 'm',
+        },
       };
       const result = formatDefineStepData(mockStepData);
 
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/pages/rule_creation/helpers.ts b/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/pages/rule_creation/helpers.ts
index 7d80ce7423257..a50564fff6e38 100644
--- a/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/pages/rule_creation/helpers.ts
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/pages/rule_creation/helpers.ts
@@ -52,7 +52,7 @@ import type {
 } from '../../../../detections/pages/detection_engine/rules/types';
 import {
   DataSourceType,
-  GroupByOptions,
+  AlertSuppressionDurationType,
 } from '../../../../detections/pages/detection_engine/rules/types';
 import type {
   RuleCreateProps,
@@ -63,6 +63,13 @@ import type {
 } from '../../../../../common/api/detection_engine/model/rule_schema';
 import { stepActionsDefaultValue } from '../../../rule_creation/components/step_rule_actions';
 import { DEFAULT_SUPPRESSION_MISSING_FIELDS_STRATEGY } from '../../../../../common/detection_engine/constants';
+import {
+  ALERT_SUPPRESSION_DURATION_FIELD_NAME,
+  ALERT_SUPPRESSION_DURATION_TYPE_FIELD_NAME,
+  ALERT_SUPPRESSION_FIELDS_FIELD_NAME,
+  ALERT_SUPPRESSION_MISSING_FIELDS_FIELD_NAME,
+} from '../../../rule_creation/components/alert_suppression_edit';
+import { THRESHOLD_ALERT_SUPPRESSION_ENABLED } from '../../../rule_creation/components/threshold_alert_suppression_edit';
 
 export const getTimeTypeValue = (time: string): { unit: Unit; value: number } => {
   const timeObj: { unit: Unit; value: number } = {
@@ -432,16 +439,18 @@ export const formatDefineStepData = (defineStepData: DefineStepRule): DefineStep
       }),
   };
 
+  // Threshold rule won't contain alert suppression fields
   const alertSuppressionFields =
-    ruleFields.groupByFields.length > 0
+    ruleFields[ALERT_SUPPRESSION_FIELDS_FIELD_NAME]?.length > 0
       ? {
           alert_suppression: {
-            group_by: ruleFields.groupByFields,
+            group_by: ruleFields[ALERT_SUPPRESSION_FIELDS_FIELD_NAME],
             duration:
-              ruleFields.groupByRadioSelection === GroupByOptions.PerTimePeriod
-                ? ruleFields.groupByDuration
+              ruleFields[ALERT_SUPPRESSION_DURATION_TYPE_FIELD_NAME] ===
+              AlertSuppressionDurationType.PerTimePeriod
+                ? ruleFields[ALERT_SUPPRESSION_DURATION_FIELD_NAME]
                 : undefined,
-            missing_fields_strategy: (ruleFields.suppressionMissingFields ||
+            missing_fields_strategy: (ruleFields[ALERT_SUPPRESSION_MISSING_FIELDS_FIELD_NAME] ||
               DEFAULT_SUPPRESSION_MISSING_FIELDS_STRATEGY) as AlertSuppression['missing_fields_strategy'],
           },
         }
@@ -478,8 +487,8 @@ export const formatDefineStepData = (defineStepData: DefineStepRule): DefineStep
                   ]
                 : [],
           },
-          ...(ruleFields.enableThresholdSuppression && {
-            alert_suppression: { duration: ruleFields.groupByDuration },
+          ...(ruleFields[THRESHOLD_ALERT_SUPPRESSION_ENABLED] && {
+            alert_suppression: { duration: ruleFields[ALERT_SUPPRESSION_DURATION_FIELD_NAME] },
           }),
         }),
       }
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/pages/rule_creation/index.tsx b/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/pages/rule_creation/index.tsx
index 0c6a6fb07ce5c..d19c9c7c89d0c 100644
--- a/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/pages/rule_creation/index.tsx
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/pages/rule_creation/index.tsx
@@ -81,6 +81,7 @@ import { NextStep } from '../../components/next_step';
 import { useRuleForms, useRuleFormsErrors, useRuleIndexPattern } from '../form';
 import { CustomHeaderPageMemo } from '..';
 import { SaveWithErrorsModal } from '../../components/save_with_errors_confirmation';
+import { ALERT_SUPPRESSION_FIELDS_FIELD_NAME } from '../../../rule_creation/components/alert_suppression_edit';
 
 const MyEuiPanel = styled(EuiPanel)<{
   zindex?: number;
@@ -565,13 +566,12 @@ const CreateRulePageComponent: React.FC = () => {
             ruleType={defineStepData.ruleType}
             index={memoizedIndex}
             threatIndex={defineStepData.threatIndex}
-            groupByFields={defineStepData.groupByFields}
+            alertSuppressionFields={defineStepData[ALERT_SUPPRESSION_FIELDS_FIELD_NAME]}
             dataSourceType={defineStepData.dataSourceType}
             shouldLoadQueryDynamically={defineStepData.shouldLoadQueryDynamically}
             queryBarTitle={defineStepData.queryBar.title}
             queryBarSavedId={defineStepData.queryBar.saved_id}
             thresholdFields={defineStepData.threshold.field}
-            enableThresholdSuppression={defineStepData.enableThresholdSuppression}
           />
           <NextStep
             dataTestSubj="define-continue"
@@ -585,14 +585,8 @@ const CreateRulePageComponent: React.FC = () => {
     [
       activeStep,
       defineRuleNextStep,
-      defineStepData.dataSourceType,
-      defineStepData.groupByFields,
+      defineStepData,
       memoizedIndex,
-      defineStepData.queryBar.saved_id,
-      defineStepData.queryBar.title,
-      defineStepData.ruleType,
-      defineStepData.shouldLoadQueryDynamically,
-      defineStepData.threatIndex,
       defineStepForm,
       eqlOptionsSelected,
       indexPattern,
@@ -604,8 +598,6 @@ const CreateRulePageComponent: React.FC = () => {
       memoDefineStepReadOnly,
       setEqlOptionsSelected,
       threatIndicesConfig,
-      defineStepData.threshold.field,
-      defineStepData.enableThresholdSuppression,
     ]
   );
   const memoDefineStepExtraAction = useMemo(
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/pages/rule_editing/index.tsx b/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/pages/rule_editing/index.tsx
index 1657f57ec83e8..0a1733bd831fd 100644
--- a/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/pages/rule_editing/index.tsx
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/pages/rule_editing/index.tsx
@@ -69,6 +69,8 @@ import { useRuleForms, useRuleFormsErrors, useRuleIndexPattern } from '../form';
 import { useEsqlIndex, useEsqlQueryForAboutStep } from '../../hooks';
 import { CustomHeaderPageMemo } from '..';
 import { SaveWithErrorsModal } from '../../components/save_with_errors_confirmation';
+import { useIsPrebuiltRulesCustomizationEnabled } from '../../../rule_management/hooks/use_is_prebuilt_rules_customization_enabled';
+import { ALERT_SUPPRESSION_FIELDS_FIELD_NAME } from '../../../rule_creation/components/alert_suppression_edit';
 
 const EditRulePageComponent: FC<{ rule: RuleResponse }> = ({ rule }) => {
   const { addSuccess } = useAppToasts();
@@ -85,11 +87,14 @@ const EditRulePageComponent: FC<{ rule: RuleResponse }> = ({ rule }) => {
     useListsConfig();
   const { application, triggersActionsUi } = useKibana().services;
   const { navigateToApp } = application;
+  const isPrebuiltRulesCustomizationEnabled = useIsPrebuiltRulesCustomizationEnabled();
 
   const { detailName: ruleId } = useParams<{ detailName: string }>();
 
   const [activeStep, setActiveStep] = useState<RuleStep>(
-    rule.immutable ? RuleStep.ruleActions : RuleStep.defineRule
+    !isPrebuiltRulesCustomizationEnabled && rule.immutable
+      ? RuleStep.ruleActions
+      : RuleStep.defineRule
   );
   const { mutateAsync: updateRule, isLoading } = useUpdateRule();
   const [isRulePreviewVisible, setIsRulePreviewVisible] = useState(true);
@@ -210,7 +215,7 @@ const EditRulePageComponent: FC<{ rule: RuleResponse }> = ({ rule }) => {
         'data-test-subj': 'edit-rule-define-tab',
         id: RuleStep.defineRule,
         name: ruleI18n.DEFINITION,
-        disabled: rule?.immutable,
+        disabled: !isPrebuiltRulesCustomizationEnabled && rule?.immutable,
         content: (
           <div
             style={{
@@ -238,13 +243,12 @@ const EditRulePageComponent: FC<{ rule: RuleResponse }> = ({ rule }) => {
                   ruleType={defineStepData.ruleType}
                   index={memoizedIndex}
                   threatIndex={defineStepData.threatIndex}
-                  groupByFields={defineStepData.groupByFields}
+                  alertSuppressionFields={defineStepData[ALERT_SUPPRESSION_FIELDS_FIELD_NAME]}
                   dataSourceType={defineStepData.dataSourceType}
                   shouldLoadQueryDynamically={defineStepData.shouldLoadQueryDynamically}
                   queryBarTitle={defineStepData.queryBar.title}
                   queryBarSavedId={defineStepData.queryBar.saved_id}
                   thresholdFields={defineStepData.threshold.field}
-                  enableThresholdSuppression={defineStepData.enableThresholdSuppression}
                 />
               )}
               <EuiSpacer />
@@ -256,7 +260,7 @@ const EditRulePageComponent: FC<{ rule: RuleResponse }> = ({ rule }) => {
         'data-test-subj': 'edit-rule-about-tab',
         id: RuleStep.aboutRule,
         name: ruleI18n.ABOUT,
-        disabled: rule?.immutable,
+        disabled: !isPrebuiltRulesCustomizationEnabled && rule?.immutable,
         content: (
           <div
             style={{
@@ -288,7 +292,7 @@ const EditRulePageComponent: FC<{ rule: RuleResponse }> = ({ rule }) => {
         'data-test-subj': 'edit-rule-schedule-tab',
         id: RuleStep.scheduleRule,
         name: ruleI18n.SCHEDULE,
-        disabled: rule?.immutable,
+        disabled: !isPrebuiltRulesCustomizationEnabled && rule?.immutable,
         content: (
           <div
             style={{
@@ -340,6 +344,7 @@ const EditRulePageComponent: FC<{ rule: RuleResponse }> = ({ rule }) => {
       },
     ],
     [
+      isPrebuiltRulesCustomizationEnabled,
       rule?.immutable,
       rule?.id,
       activeStep,
@@ -356,15 +361,15 @@ const EditRulePageComponent: FC<{ rule: RuleResponse }> = ({ rule }) => {
       isIndexPatternLoading,
       isQueryBarValid,
       defineStepData,
+      memoizedIndex,
       aboutStepData,
       aboutStepForm,
+      esqlQueryForAboutStep,
       scheduleStepData,
       scheduleStepForm,
       actionsStepData,
       actionMessageParams,
       actionsStepForm,
-      memoizedIndex,
-      esqlQueryForAboutStep,
     ]
   );
 
@@ -414,7 +419,7 @@ const EditRulePageComponent: FC<{ rule: RuleResponse }> = ({ rule }) => {
     setNonBlockingRuleErrors([]);
 
     const actionsStepFormValid = await actionsStepForm.validate();
-    if (rule.immutable) {
+    if (!isPrebuiltRulesCustomizationEnabled && rule.immutable) {
       // Since users cannot edit Define, About and Schedule tabs of the rule, we skip validation of those to avoid
       // user confusion of seeing that those tabs have error and not being able to see or do anything about that.
       // We will need to remove this condition once rule customization work is done.
@@ -451,11 +456,12 @@ const EditRulePageComponent: FC<{ rule: RuleResponse }> = ({ rule }) => {
       showSaveWithErrorsModal();
     }
   }, [
+    actionsStepForm,
+    isPrebuiltRulesCustomizationEnabled,
     rule.immutable,
     defineStepForm,
     aboutStepForm,
     scheduleStepForm,
-    actionsStepForm,
     getRuleFormsErrors,
     saveChanges,
     showSaveWithErrorsModal,
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/validators/alert_suppression_fields_validator_factory.ts b/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/validators/alert_suppression_fields_validator_factory.ts
new file mode 100644
index 0000000000000..6239a57f3088d
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/validators/alert_suppression_fields_validator_factory.ts
@@ -0,0 +1,25 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { i18n } from '@kbn/i18n';
+import { fieldValidators, type FormData, type ValidationFunc } from '../../../shared_imports';
+
+export function alertSuppressionFieldsValidatorFactory(): ValidationFunc<
+  FormData,
+  string,
+  unknown
+> {
+  return fieldValidators.maxLengthField({
+    length: 3,
+    message: i18n.translate(
+      'xpack.securitySolution.ruleManagement.ruleCreation.validation.alertSuppressionFields.maxLengthError',
+      {
+        defaultMessage: 'Number of grouping fields must be at most 3',
+      }
+    ),
+  });
+}
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_exceptions/components/add_exception_flyout/index.test.tsx b/x-pack/plugins/security_solution/public/detection_engine/rule_exceptions/components/add_exception_flyout/index.test.tsx
index 0d2e937931e21..269f4db62f305 100644
--- a/x-pack/plugins/security_solution/public/detection_engine/rule_exceptions/components/add_exception_flyout/index.test.tsx
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_exceptions/components/add_exception_flyout/index.test.tsx
@@ -16,6 +16,7 @@ import { getExceptionListItemSchemaMock } from '@kbn/lists-plugin/common/schemas
 import { createStubIndexPattern, stubIndexPattern } from '@kbn/data-plugin/common/stubs';
 
 import { AddExceptionFlyout } from '.';
+import { initialState as exceptionItemsInitialState, createExceptionItemsReducer } from './reducer';
 import { useFetchIndex } from '../../../../common/containers/source';
 import { useCreateOrUpdateException } from '../../logic/use_create_update_exception';
 import { useFetchIndexPatterns } from '../../logic/use_exception_flyout_data';
@@ -153,65 +154,123 @@ describe('When the add exception modal is opened', () => {
         expect(wrapper.find('ExceptionsAddToRulesOrLists').exists()).toBeFalsy();
       });
 
-      it('should show a warning callout if wildcard is used', async () => {
-        mockUseFetchIndex.mockImplementation(() => [
-          false,
-          {
-            indexPatterns: stubIndexPattern,
-          },
-        ]);
+      describe('warning callouts', () => {
+        let mountWrapper: ReactWrapper;
+        beforeEach(() => {
+          mockUseFetchIndex.mockImplementation(() => [
+            false,
+            {
+              indexPatterns: stubIndexPattern,
+            },
+          ]);
+
+          mountWrapper = mount(
+            <TestProviders>
+              <AddExceptionFlyout
+                rules={[
+                  {
+                    ...getRulesSchemaMock(),
+                    index: ['filebeat-*'],
+                    exceptions_list: [
+                      {
+                        id: 'endpoint_list',
+                        list_id: 'endpoint_list',
+                        namespace_type: 'agnostic',
+                        type: 'endpoint',
+                      },
+                    ],
+                  } as Rule,
+                ]}
+                isBulkAction={false}
+                alertData={undefined}
+                isAlertDataLoading={undefined}
+                alertStatus={undefined}
+                isEndpointItem
+                showAlertCloseOptions
+                onCancel={jest.fn()}
+                onConfirm={jest.fn()}
+              />
+            </TestProviders>
+          );
+        });
 
-        const mountWrapper = mount(
-          <TestProviders>
-            <AddExceptionFlyout
-              rules={[
+        it('should show a warning callout if wildcard is used', async () => {
+          const callProps = mockGetExceptionBuilderComponentLazy.mock.calls[0][0];
+          await waitFor(() =>
+            callProps.onChange({
+              exceptionItems: [
                 {
-                  ...getRulesSchemaMock(),
-                  index: ['filebeat-*'],
-                  exceptions_list: [
+                  ...getExceptionListItemSchemaMock(),
+                  entries: [
                     {
-                      id: 'endpoint_list',
-                      list_id: 'endpoint_list',
-                      namespace_type: 'agnostic',
-                      type: 'endpoint',
+                      field: 'event.category',
+                      operator: 'included',
+                      type: 'match',
+                      value: 'wildcardvalue*?',
                     },
                   ],
-                } as Rule,
-              ]}
-              isBulkAction={false}
-              alertData={undefined}
-              isAlertDataLoading={undefined}
-              alertStatus={undefined}
-              isEndpointItem
-              showAlertCloseOptions
-              onCancel={jest.fn()}
-              onConfirm={jest.fn()}
-            />
-          </TestProviders>
-        );
-        const callProps = mockGetExceptionBuilderComponentLazy.mock.calls[0][0];
-        await waitFor(() =>
-          callProps.onChange({
-            exceptionItems: [
-              {
-                ...getExceptionListItemSchemaMock(),
-                entries: [
-                  {
-                    field: 'event.category',
-                    operator: 'included',
-                    type: 'match',
-                    value: 'wildcardvalue*?',
-                  },
-                ],
-              },
-            ],
-          })
-        );
+                },
+              ],
+            })
+          );
 
-        mountWrapper.update();
-        expect(
-          mountWrapper.find('[data-test-subj="wildcardWithWrongOperatorCallout"]').exists()
-        ).toBeTruthy();
+          mountWrapper.update();
+          expect(
+            mountWrapper.find('[data-test-subj="wildcardWithWrongOperatorCallout"]').exists()
+          ).toBeTruthy();
+        });
+
+        it('should show a warning callout if there is a partial code signature entry with only subject_name', async () => {
+          const callProps = mockGetExceptionBuilderComponentLazy.mock.calls[0][0];
+          await waitFor(() =>
+            callProps.onChange({
+              exceptionItems: [
+                {
+                  ...getExceptionListItemSchemaMock(),
+                  entries: [
+                    {
+                      field: 'process.code_signature.subject_name',
+                      operator: 'included',
+                      type: 'match',
+                      value: 'asdf',
+                    },
+                  ],
+                },
+              ],
+            })
+          );
+
+          mountWrapper.update();
+          expect(
+            mountWrapper.find('[data-test-subj="partialCodeSignatureCallout"]').exists()
+          ).toBeTruthy();
+        });
+
+        it('should show a warning callout if there is a partial code signature entry with only trusted field', async () => {
+          const callProps = mockGetExceptionBuilderComponentLazy.mock.calls[0][0];
+          await waitFor(() =>
+            callProps.onChange({
+              exceptionItems: [
+                {
+                  ...getExceptionListItemSchemaMock(),
+                  entries: [
+                    {
+                      field: 'process.code_signature.trusted',
+                      operator: 'included',
+                      type: 'match',
+                      value: 'true',
+                    },
+                  ],
+                },
+              ],
+            })
+          );
+
+          mountWrapper.update();
+          expect(
+            mountWrapper.find('[data-test-subj="partialCodeSignatureCallout"]').exists()
+          ).toBeTruthy();
+        });
       });
     });
 
@@ -961,4 +1020,15 @@ describe('When the add exception modal is opened', () => {
       });
     });
   });
+  describe('the reducer', () => {
+    it('should update partialCodeSignatureWarningExists, when warning is true', () => {
+      const updatedState = createExceptionItemsReducer();
+      expect(
+        updatedState(exceptionItemsInitialState, {
+          type: 'setPartialCodeSignature',
+          warningExists: true,
+        })
+      ).toEqual({ ...exceptionItemsInitialState, partialCodeSignatureWarningExists: true });
+    });
+  });
 });
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_exceptions/components/add_exception_flyout/index.tsx b/x-pack/plugins/security_solution/public/detection_engine/rule_exceptions/components/add_exception_flyout/index.tsx
index 85790713cfa3f..092e3e779f5b5 100644
--- a/x-pack/plugins/security_solution/public/detection_engine/rule_exceptions/components/add_exception_flyout/index.tsx
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_exceptions/components/add_exception_flyout/index.tsx
@@ -26,13 +26,19 @@ import {
 import { ENDPOINT_LIST_ID } from '@kbn/securitysolution-list-constants';
 import { ExceptionListTypeEnum } from '@kbn/securitysolution-io-ts-list-types';
 import type { OsTypeArray, ExceptionListSchema } from '@kbn/securitysolution-io-ts-list-types';
-import { hasWrongOperatorWithWildcard } from '@kbn/securitysolution-list-utils';
+import {
+  hasWrongOperatorWithWildcard,
+  hasPartialCodeSignatureEntry,
+} from '@kbn/securitysolution-list-utils';
 import type {
   ExceptionsBuilderExceptionItem,
   ExceptionsBuilderReturnExceptionItem,
 } from '@kbn/securitysolution-list-utils';
 
-import { WildCardWithWrongOperatorCallout } from '@kbn/securitysolution-exception-list-components';
+import {
+  WildCardWithWrongOperatorCallout,
+  PartialCodeSignatureCallout,
+} from '@kbn/securitysolution-exception-list-components';
 import type { Moment } from 'moment';
 import type { Status } from '../../../../../common/api/detection_engine';
 import * as i18n from './translations';
@@ -158,6 +164,7 @@ export const AddExceptionFlyout = memo(function AddExceptionFlyout({
       expireTime,
       expireErrorExists,
       wildcardWarningExists,
+      partialCodeSignatureWarningExists,
     },
     dispatch,
   ] = useReducer(createExceptionItemsReducer(), {
@@ -190,6 +197,10 @@ export const AddExceptionFlyout = memo(function AddExceptionFlyout({
         type: 'setWildcardWithWrongOperator',
         warningExists: hasWrongOperatorWithWildcard(items),
       });
+      dispatch({
+        type: 'setPartialCodeSignature',
+        warningExists: hasPartialCodeSignatureEntry(items),
+      });
       dispatch({
         type: 'setExceptionItems',
         items,
@@ -564,6 +575,7 @@ export const AddExceptionFlyout = memo(function AddExceptionFlyout({
           getExtendedFields={getExtendedFields}
         />
         {wildcardWarningExists && <WildCardWithWrongOperatorCallout />}
+        {partialCodeSignatureWarningExists && <PartialCodeSignatureCallout />}
         {listType !== ExceptionListTypeEnum.ENDPOINT && !sharedListToAddTo?.length && (
           <>
             <EuiHorizontalRule />
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_exceptions/components/add_exception_flyout/reducer.ts b/x-pack/plugins/security_solution/public/detection_engine/rule_exceptions/components/add_exception_flyout/reducer.ts
index 01b0ce85b45d1..e91c1c9328a7b 100644
--- a/x-pack/plugins/security_solution/public/detection_engine/rule_exceptions/components/add_exception_flyout/reducer.ts
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_exceptions/components/add_exception_flyout/reducer.ts
@@ -35,6 +35,7 @@ export interface State {
   expireTime: Moment | undefined;
   expireErrorExists: boolean;
   wildcardWarningExists: boolean;
+  partialCodeSignatureWarningExists: boolean;
 }
 
 export const initialState: State = {
@@ -57,6 +58,7 @@ export const initialState: State = {
   expireTime: undefined,
   expireErrorExists: false,
   wildcardWarningExists: false,
+  partialCodeSignatureWarningExists: false,
 };
 
 export type Action =
@@ -135,11 +137,15 @@ export type Action =
   | {
       type: 'setWildcardWithWrongOperator';
       warningExists: boolean;
+    }
+  | {
+      type: 'setPartialCodeSignature';
+      warningExists: boolean;
     };
 
 export const createExceptionItemsReducer =
   () =>
-  /* eslint complexity: ["error", 22]*/
+  /* eslint complexity: ["error", 23]*/
   (state: State, action: Action): State => {
     switch (action.type) {
       case 'setExceptionItemMeta': {
@@ -184,6 +190,13 @@ export const createExceptionItemsReducer =
           wildcardWarningExists: warningExists,
         };
       }
+      case 'setPartialCodeSignature': {
+        const { warningExists } = action;
+        return {
+          ...state,
+          partialCodeSignatureWarningExists: warningExists,
+        };
+      }
       case 'setComment': {
         const { comment } = action;
 
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_exceptions/components/edit_exception_flyout/index.test.tsx b/x-pack/plugins/security_solution/public/detection_engine/rule_exceptions/components/edit_exception_flyout/index.test.tsx
index 07723db415daf..13c8c59e07732 100644
--- a/x-pack/plugins/security_solution/public/detection_engine/rule_exceptions/components/edit_exception_flyout/index.test.tsx
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_exceptions/components/edit_exception_flyout/index.test.tsx
@@ -313,6 +313,58 @@ describe('When the edit exception modal is opened', () => {
           wrapper.find('[data-test-subj="wildcardWithWrongOperatorCallout"]').exists()
         ).toBeTruthy();
       });
+
+      it('should show a warning callout if there is a partial code signature entry with only subject_name', async () => {
+        const callProps = mockGetExceptionBuilderComponentLazy.mock.calls[0][0];
+        await waitFor(() =>
+          callProps.onChange({
+            exceptionItems: [
+              {
+                ...getExceptionListItemSchemaMock(),
+                entries: [
+                  {
+                    field: 'process.code_signature.subject_name',
+                    operator: 'included',
+                    type: 'match',
+                    value: 'asdf',
+                  },
+                ],
+              },
+            ],
+          })
+        );
+
+        wrapper.update();
+        expect(
+          wrapper.find('[data-test-subj="partialCodeSignatureCallout"]').exists()
+        ).toBeTruthy();
+      });
+
+      it('should show a warning callout if there is a partial code signature entry with only trusted field', async () => {
+        const callProps = mockGetExceptionBuilderComponentLazy.mock.calls[0][0];
+        await waitFor(() =>
+          callProps.onChange({
+            exceptionItems: [
+              {
+                ...getExceptionListItemSchemaMock(),
+                entries: [
+                  {
+                    field: 'process.code_signature.trusted',
+                    operator: 'included',
+                    type: 'match',
+                    value: 'true',
+                  },
+                ],
+              },
+            ],
+          })
+        );
+
+        wrapper.update();
+        expect(
+          wrapper.find('[data-test-subj="partialCodeSignatureCallout"]').exists()
+        ).toBeTruthy();
+      });
     });
 
     describe('when exception entry fields and index allow user to bulk close', () => {
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_exceptions/components/edit_exception_flyout/index.tsx b/x-pack/plugins/security_solution/public/detection_engine/rule_exceptions/components/edit_exception_flyout/index.tsx
index b6336e3326e25..e45cb4ab742ad 100644
--- a/x-pack/plugins/security_solution/public/detection_engine/rule_exceptions/components/edit_exception_flyout/index.tsx
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_exceptions/components/edit_exception_flyout/index.tsx
@@ -26,10 +26,16 @@ import {
   ExceptionListTypeEnum,
 } from '@kbn/securitysolution-io-ts-list-types';
 
-import { hasWrongOperatorWithWildcard } from '@kbn/securitysolution-list-utils';
+import {
+  hasWrongOperatorWithWildcard,
+  hasPartialCodeSignatureEntry,
+} from '@kbn/securitysolution-list-utils';
 import type { ExceptionsBuilderReturnExceptionItem } from '@kbn/securitysolution-list-utils';
 
-import { WildCardWithWrongOperatorCallout } from '@kbn/securitysolution-exception-list-components';
+import {
+  WildCardWithWrongOperatorCallout,
+  PartialCodeSignatureCallout,
+} from '@kbn/securitysolution-exception-list-components';
 
 import type { Moment } from 'moment';
 import moment from 'moment';
@@ -116,6 +122,7 @@ const EditExceptionFlyoutComponent: React.FC<EditExceptionFlyoutProps> = ({
       expireTime,
       expireErrorExists,
       wildcardWarningExists,
+      partialCodeSignatureWarningExists,
     },
     dispatch,
   ] = useReducer(createExceptionItemsReducer(), {
@@ -130,6 +137,7 @@ const EditExceptionFlyoutComponent: React.FC<EditExceptionFlyoutProps> = ({
     expireTime: itemToEdit.expire_time !== undefined ? moment(itemToEdit.expire_time) : undefined,
     expireErrorExists: false,
     wildcardWarningExists: false,
+    partialCodeSignatureWarningExists: false,
   });
 
   const allowLargeValueLists = useMemo((): boolean => {
@@ -170,6 +178,10 @@ const EditExceptionFlyoutComponent: React.FC<EditExceptionFlyoutProps> = ({
         type: 'setWildcardWithWrongOperator',
         warningExists: hasWrongOperatorWithWildcard(items),
       });
+      dispatch({
+        type: 'setPartialCodeSignature',
+        warningExists: hasPartialCodeSignatureEntry(items),
+      });
       dispatch({
         type: 'setExceptionItems',
         items,
@@ -417,6 +429,7 @@ const EditExceptionFlyoutComponent: React.FC<EditExceptionFlyoutProps> = ({
           getExtendedFields={getExtendedFields}
         />
         {wildcardWarningExists && <WildCardWithWrongOperatorCallout />}
+        {partialCodeSignatureWarningExists && <PartialCodeSignatureCallout />}
         {!openedFromListDetailPage && listType === ExceptionListTypeEnum.DETECTION && (
           <>
             <EuiHorizontalRule />
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_exceptions/components/edit_exception_flyout/reducer.ts b/x-pack/plugins/security_solution/public/detection_engine/rule_exceptions/components/edit_exception_flyout/reducer.ts
index 351af20900291..ee92dd28ca597 100644
--- a/x-pack/plugins/security_solution/public/detection_engine/rule_exceptions/components/edit_exception_flyout/reducer.ts
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_exceptions/components/edit_exception_flyout/reducer.ts
@@ -20,6 +20,7 @@ export interface State {
   expireTime: Moment | undefined;
   expireErrorExists: boolean;
   wildcardWarningExists: boolean;
+  partialCodeSignatureWarningExists: boolean;
 }
 
 export type Action =
@@ -66,6 +67,10 @@ export type Action =
   | {
       type: 'setWildcardWithWrongOperator';
       warningExists: boolean;
+    }
+  | {
+      type: 'setPartialCodeSignature';
+      warningExists: boolean;
     };
 
 export const createExceptionItemsReducer =
@@ -162,6 +167,13 @@ export const createExceptionItemsReducer =
           wildcardWarningExists: warningExists,
         };
       }
+      case 'setPartialCodeSignature': {
+        const { warningExists } = action;
+        return {
+          ...state,
+          partialCodeSignatureWarningExists: warningExists,
+        };
+      }
       default:
         return state;
     }
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/custom_query_rule_field_edit.tsx b/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/custom_query_rule_field_edit.tsx
index e71f061f140e4..69e11c85e4d51 100644
--- a/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/custom_query_rule_field_edit.tsx
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/custom_query_rule_field_edit.tsx
@@ -9,6 +9,7 @@ import React from 'react';
 import type { UpgradeableCustomQueryFields } from '../../../../model/prebuilt_rule_upgrade/fields';
 import { KqlQueryEditForm } from './fields/kql_query';
 import { DataSourceEditForm } from './fields/data_source';
+import { AlertSuppressionEditForm } from './fields/alert_suppression';
 
 interface CustomQueryRuleFieldEditProps {
   fieldName: UpgradeableCustomQueryFields;
@@ -20,6 +21,8 @@ export function CustomQueryRuleFieldEdit({ fieldName }: CustomQueryRuleFieldEdit
       return <KqlQueryEditForm />;
     case 'data_source':
       return <DataSourceEditForm />;
+    case 'alert_suppression':
+      return <AlertSuppressionEditForm />;
     default:
       return null; // Will be replaced with `assertUnreachable(fieldName)` once all fields are implemented
   }
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/eql_rule_field_edit.tsx b/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/eql_rule_field_edit.tsx
index a15cc87b3324c..dba33e57d56a7 100644
--- a/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/eql_rule_field_edit.tsx
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/eql_rule_field_edit.tsx
@@ -8,6 +8,7 @@
 import React from 'react';
 import type { UpgradeableEqlFields } from '../../../../model/prebuilt_rule_upgrade/fields';
 import { DataSourceEditForm } from './fields/data_source';
+import { AlertSuppressionEditForm } from './fields/alert_suppression';
 
 interface EqlRuleFieldEditProps {
   fieldName: UpgradeableEqlFields;
@@ -17,6 +18,8 @@ export function EqlRuleFieldEdit({ fieldName }: EqlRuleFieldEditProps) {
   switch (fieldName) {
     case 'data_source':
       return <DataSourceEditForm />;
+    case 'alert_suppression':
+      return <AlertSuppressionEditForm />;
     default:
       return null; // Will be replaced with `assertUnreachable(fieldName)` once all fields are implemented
   }
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/esql_rule_field_edit.tsx b/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/esql_rule_field_edit.tsx
new file mode 100644
index 0000000000000..745d25da38394
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/esql_rule_field_edit.tsx
@@ -0,0 +1,23 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React from 'react';
+import type { UpgradeableEsqlFields } from '../../../../model/prebuilt_rule_upgrade/fields';
+import { AlertSuppressionEditForm } from './fields/alert_suppression';
+
+interface EqQlRuleFieldEditProps {
+  fieldName: UpgradeableEsqlFields;
+}
+
+export function EsqlRuleFieldEdit({ fieldName }: EqQlRuleFieldEditProps) {
+  switch (fieldName) {
+    case 'alert_suppression':
+      return <AlertSuppressionEditForm />;
+    default:
+      return null; // Will be replaced with `assertUnreachable(fieldName)` once all fields are implemented
+  }
+}
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/fields/alert_suppression/form_schema.ts b/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/fields/alert_suppression/form_schema.ts
new file mode 100644
index 0000000000000..d0ad64aed6053
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/fields/alert_suppression/form_schema.ts
@@ -0,0 +1,37 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type {
+  ALERT_SUPPRESSION_DURATION_UNIT_FIELD_NAME,
+  ALERT_SUPPRESSION_DURATION_VALUE_FIELD_NAME,
+  ALERT_SUPPRESSION_DURATION_FIELD_NAME,
+  ALERT_SUPPRESSION_DURATION_TYPE_FIELD_NAME,
+  ALERT_SUPPRESSION_FIELDS_FIELD_NAME,
+} from '../../../../../../../rule_creation/components/alert_suppression_edit';
+import { ALERT_SUPPRESSION_MISSING_FIELDS_FIELD_NAME } from '../../../../../../../rule_creation/components/alert_suppression_edit';
+import type {
+  AlertSuppressionDurationUnit,
+  AlertSuppressionMissingFieldsStrategy,
+} from '../../../../../../../../../common/api/detection_engine';
+import { DEFAULT_SUPPRESSION_MISSING_FIELDS_STRATEGY } from '../../../../../../../../../common/detection_engine/constants';
+import { type FormSchema } from '../../../../../../../../shared_imports';
+
+export interface AlertSuppressionFormData {
+  [ALERT_SUPPRESSION_FIELDS_FIELD_NAME]: string[];
+  [ALERT_SUPPRESSION_DURATION_TYPE_FIELD_NAME]: string;
+  [ALERT_SUPPRESSION_DURATION_FIELD_NAME]: {
+    [ALERT_SUPPRESSION_DURATION_VALUE_FIELD_NAME]: number;
+    [ALERT_SUPPRESSION_DURATION_UNIT_FIELD_NAME]: AlertSuppressionDurationUnit;
+  };
+  [ALERT_SUPPRESSION_MISSING_FIELDS_FIELD_NAME]: AlertSuppressionMissingFieldsStrategy;
+}
+
+export const alertSuppressionFormSchema = {
+  [ALERT_SUPPRESSION_MISSING_FIELDS_FIELD_NAME]: {
+    defaultValue: DEFAULT_SUPPRESSION_MISSING_FIELDS_STRATEGY,
+  },
+} as FormSchema<AlertSuppressionFormData>;
diff --git a/x-pack/plugins/observability_solution/observability/server/errors/index.ts b/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/fields/alert_suppression/index.ts
similarity index 82%
rename from x-pack/plugins/observability_solution/observability/server/errors/index.ts
rename to x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/fields/alert_suppression/index.ts
index e466d5b8ae4a1..8bfa035b5a964 100644
--- a/x-pack/plugins/observability_solution/observability/server/errors/index.ts
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/fields/alert_suppression/index.ts
@@ -5,5 +5,4 @@
  * 2.0.
  */
 
-export * from './errors';
-export * from './handler';
+export * from './suppression_edit_form';
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/fields/alert_suppression/suppression_edit_adapter.tsx b/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/fields/alert_suppression/suppression_edit_adapter.tsx
new file mode 100644
index 0000000000000..6dfd38d5676d3
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/fields/alert_suppression/suppression_edit_adapter.tsx
@@ -0,0 +1,81 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React, { useMemo } from 'react';
+import { AlertSuppressionEdit } from '../../../../../../../rule_creation/components/alert_suppression_edit';
+import { getTermsAggregationFields } from '../../../../../../../rule_creation_ui/components/step_define_rule/utils';
+import { isEsqlRule, isMlRule } from '../../../../../../../../../common/detection_engine/utils';
+import { useAllEsqlRuleFields } from '../../../../../../../rule_creation_ui/hooks';
+import { useMLRuleConfig } from '../../../../../../../../common/components/ml/hooks/use_ml_rule_config';
+import type { RuleFieldEditComponentProps } from '../rule_field_edit_component_props';
+import { useDiffableRuleDataView } from '../hooks/use_diffable_rule_data_view';
+import * as i18n from './translations';
+
+export function AlertSuppressionEditAdapter({
+  finalDiffableRule,
+}: RuleFieldEditComponentProps): JSX.Element {
+  const { dataView } = useDiffableRuleDataView(finalDiffableRule);
+  const { fields: esqlSuppressionFields, isLoading: isEsqlSuppressionLoading } =
+    useAllEsqlRuleFields({
+      esqlQuery: 'esql_query' in finalDiffableRule ? finalDiffableRule.esql_query.query : undefined,
+      indexPatternsFields: dataView?.fields ?? [],
+    });
+  const machineLearningJobIds = useMemo(
+    () =>
+      'machine_learning_job_id' in finalDiffableRule
+        ? [finalDiffableRule.machine_learning_job_id].flat()
+        : [],
+    [finalDiffableRule]
+  );
+  const {
+    mlSuppressionFields,
+    loading: mlRuleConfigLoading,
+    allJobsStarted,
+  } = useMLRuleConfig({
+    machineLearningJobId: machineLearningJobIds,
+  });
+  const isMlSuppressionIncomplete =
+    isMlRule(finalDiffableRule.type) && machineLearningJobIds.length > 0 && !allJobsStarted;
+
+  const suppressibleFieldSpecs = useMemo(() => {
+    if (isEsqlRule(finalDiffableRule.type)) {
+      return esqlSuppressionFields;
+    } else if (isMlRule(finalDiffableRule.type)) {
+      return mlSuppressionFields;
+    } else {
+      return getTermsAggregationFields(
+        (dataView?.fields ?? []).filter((field) => field.aggregatable === true)
+      );
+    }
+  }, [finalDiffableRule.type, esqlSuppressionFields, mlSuppressionFields, dataView?.fields]);
+
+  const disabledText = useMemo(() => {
+    if (isMlRule(finalDiffableRule.type) && mlRuleConfigLoading) {
+      return i18n.MACHINE_LEARNING_SUPPRESSION_FIELDS_LOADING;
+    } else if (isMlRule(finalDiffableRule.type) && mlSuppressionFields.length === 0) {
+      return i18n.MACHINE_LEARNING_NO_SUPPRESSION_FIELDS;
+    } else if (isEsqlRule(finalDiffableRule.type) && isEsqlSuppressionLoading) {
+      return i18n.ESQL_SUPPRESSION_FIELDS_LOADING;
+    }
+  }, [
+    finalDiffableRule,
+    mlRuleConfigLoading,
+    mlSuppressionFields.length,
+    isEsqlSuppressionLoading,
+  ]);
+
+  return (
+    <AlertSuppressionEdit
+      suppressibleFields={suppressibleFieldSpecs}
+      disabled={Boolean(disabledText)}
+      disabledText={disabledText}
+      warningText={
+        isMlSuppressionIncomplete ? i18n.MACHINE_LEARNING_SUPPRESSION_INCOMPLETE_LABEL : undefined
+      }
+    />
+  );
+}
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/fields/alert_suppression/suppression_edit_form.tsx b/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/fields/alert_suppression/suppression_edit_form.tsx
new file mode 100644
index 0000000000000..f6ed2e5c657c7
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/fields/alert_suppression/suppression_edit_form.tsx
@@ -0,0 +1,70 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React from 'react';
+import {
+  ALERT_SUPPRESSION_DURATION_FIELD_NAME,
+  ALERT_SUPPRESSION_DURATION_TYPE_FIELD_NAME,
+  ALERT_SUPPRESSION_FIELDS_FIELD_NAME,
+  ALERT_SUPPRESSION_MISSING_FIELDS_FIELD_NAME,
+  ALERT_SUPPRESSION_DEFAULT_DURATION,
+} from '../../../../../../../rule_creation/components/alert_suppression_edit';
+import { AlertSuppressionDurationType } from '../../../../../../../../detections/pages/detection_engine/rules/types';
+import { type FormData } from '../../../../../../../../shared_imports';
+import { DEFAULT_SUPPRESSION_MISSING_FIELDS_STRATEGY } from '../../../../../../../../../common/detection_engine/constants';
+import { type AlertSuppression } from '../../../../../../../../../common/api/detection_engine';
+import { RuleFieldEditFormWrapper } from '../rule_field_edit_form_wrapper';
+import { AlertSuppressionEditAdapter } from './suppression_edit_adapter';
+import { alertSuppressionFormSchema, type AlertSuppressionFormData } from './form_schema';
+
+export function AlertSuppressionEditForm(): JSX.Element {
+  return (
+    <RuleFieldEditFormWrapper
+      component={AlertSuppressionEditAdapter}
+      ruleFieldFormSchema={alertSuppressionFormSchema}
+      deserializer={deserializer}
+      serializer={serializer}
+    />
+  );
+}
+
+function deserializer(defaultValue: FormData): AlertSuppressionFormData {
+  const alertSuppression = defaultValue.alert_suppression as AlertSuppression | undefined;
+
+  return {
+    [ALERT_SUPPRESSION_FIELDS_FIELD_NAME]: alertSuppression?.group_by ?? [],
+    [ALERT_SUPPRESSION_DURATION_TYPE_FIELD_NAME]: alertSuppression?.duration
+      ? AlertSuppressionDurationType.PerTimePeriod
+      : AlertSuppressionDurationType.PerRuleExecution,
+    [ALERT_SUPPRESSION_DURATION_FIELD_NAME]:
+      alertSuppression?.duration ?? ALERT_SUPPRESSION_DEFAULT_DURATION,
+    [ALERT_SUPPRESSION_MISSING_FIELDS_FIELD_NAME]:
+      alertSuppression?.missing_fields_strategy ?? DEFAULT_SUPPRESSION_MISSING_FIELDS_STRATEGY,
+  };
+}
+
+function serializer(formData: FormData): { alert_suppression?: AlertSuppression } {
+  const alertSuppressionFormData = formData as AlertSuppressionFormData;
+
+  if (alertSuppressionFormData[ALERT_SUPPRESSION_FIELDS_FIELD_NAME].length === 0) {
+    return {};
+  }
+
+  return {
+    alert_suppression: {
+      group_by: alertSuppressionFormData[ALERT_SUPPRESSION_FIELDS_FIELD_NAME],
+      duration:
+        alertSuppressionFormData[ALERT_SUPPRESSION_DURATION_TYPE_FIELD_NAME] ===
+        AlertSuppressionDurationType.PerTimePeriod
+          ? alertSuppressionFormData[ALERT_SUPPRESSION_DURATION_FIELD_NAME]
+          : undefined,
+      missing_fields_strategy:
+        alertSuppressionFormData[ALERT_SUPPRESSION_MISSING_FIELDS_FIELD_NAME] ||
+        DEFAULT_SUPPRESSION_MISSING_FIELDS_STRATEGY,
+    },
+  };
+}
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/fields/alert_suppression/translations.tsx b/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/fields/alert_suppression/translations.tsx
new file mode 100644
index 0000000000000..de6319ff4555a
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/fields/alert_suppression/translations.tsx
@@ -0,0 +1,38 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { i18n } from '@kbn/i18n';
+
+export const MACHINE_LEARNING_SUPPRESSION_FIELDS_LOADING = i18n.translate(
+  'xpack.securitySolution.ruleManagement.threeWayDiff.finalEdit.alertSuppression.machineLearningSuppressionFieldsLoading',
+  {
+    defaultMessage: 'Machine Learning suppression fields are loading',
+  }
+);
+
+export const MACHINE_LEARNING_NO_SUPPRESSION_FIELDS = i18n.translate(
+  'xpack.securitySolution.ruleManagement.threeWayDiff.finalEdit.alertSuppression.machineLearningNoSuppressionFields',
+  {
+    defaultMessage:
+      'Unable to load machine Learning suppression fields, start relevant Machine Learning jobs.',
+  }
+);
+
+export const MACHINE_LEARNING_SUPPRESSION_INCOMPLETE_LABEL = i18n.translate(
+  'xpack.securitySolution.ruleManagement.threeWayDiff.finalEdit.alertSuppression.machineLearningSuppressionIncomplete',
+  {
+    defaultMessage:
+      'This list of fields might be incomplete as some Machine Learning jobs are not running. Start all relevant jobs for a complete list.',
+  }
+);
+
+export const ESQL_SUPPRESSION_FIELDS_LOADING = i18n.translate(
+  'xpack.securitySolution.ruleManagement.threeWayDiff.finalEdit.alertSuppression.esqlFieldsLoading',
+  {
+    defaultMessage: 'ES|QL suppression fields are loading',
+  }
+);
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/fields/data_source/data_source_edit_form.tsx b/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/fields/data_source/data_source_edit_form.tsx
index b1dc66ad032d1..e30b713908a02 100644
--- a/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/fields/data_source/data_source_edit_form.tsx
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/fields/data_source/data_source_edit_form.tsx
@@ -6,7 +6,6 @@
  */
 
 import React from 'react';
-import { i18n } from '@kbn/i18n';
 import { EuiText } from '@elastic/eui';
 import { indexPatternValidatorFactory } from '../../../../../../../rule_creation_ui/validators/index_pattern_validator_factory';
 import { dataViewIdValidatorFactory } from '../../../../../../../rule_creation_ui/validators/data_view_id_validator_factory';
@@ -20,6 +19,7 @@ import { DataSourceType } from '../../../../../../../../../common/api/detection_
 import { RuleFieldEditFormWrapper } from '../rule_field_edit_form_wrapper';
 import { DataSourceEdit } from './data_source_edit';
 import { INDEX_HELPER_TEXT } from '../../../../../../../rule_creation_ui/components/step_define_rule/translations';
+import * as i18n from './translations';
 
 export function DataSourceEditForm(): JSX.Element {
   return (
@@ -53,12 +53,7 @@ const dataSourceSchema = {
   index_patterns: {
     defaultValue: [],
     type: FIELD_TYPES.COMBO_BOX,
-    label: i18n.translate(
-      'xpack.securitySolution.ruleManagement.threeWayDiff.finalEdit.indexPatterns.label',
-      {
-        defaultMessage: 'Index patterns',
-      }
-    ),
+    label: i18n.INDEX_PATTERNS,
     helpText: <EuiText size="xs">{INDEX_HELPER_TEXT}</EuiText>,
     validations: [
       {
@@ -77,12 +72,7 @@ const dataSourceSchema = {
     ],
   },
   data_view_id: {
-    label: i18n.translate(
-      'xpack.securitySolution.ruleManagement.threeWayDiff.finalEdit.dataViewSelector.name',
-      {
-        defaultMessage: 'Data view',
-      }
-    ),
+    label: i18n.DATA_VIEW,
     validations: [
       {
         validator: (...args: Parameters<ValidationFunc>) => {
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/fields/data_source/data_source_type_selector_field.tsx b/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/fields/data_source/data_source_type_selector_field.tsx
index f43051853a4d4..9e24fd6c56c77 100644
--- a/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/fields/data_source/data_source_type_selector_field.tsx
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/fields/data_source/data_source_type_selector_field.tsx
@@ -6,12 +6,12 @@
  */
 
 import React, { useCallback, useMemo } from 'react';
-import { i18n as i18nCore } from '@kbn/i18n';
 import type { EuiButtonGroupOptionProps } from '@elastic/eui';
 import { EuiButtonGroup } from '@elastic/eui';
 import { DataSourceType } from '../../../../../../../../../common/api/detection_engine/prebuilt_rules';
 import type { FieldHook } from '../../../../../../../../shared_imports';
 import type { ResetFormFn } from '../rule_field_edit_component_props';
+import * as i18n from './translations';
 
 interface DataSourceTypeSelectorFieldProps {
   field: FieldHook<string>;
@@ -26,20 +26,13 @@ export function DataSourceTypeSelectorField({
     () => [
       {
         id: DataSourceType.index_patterns,
-        label: i18nCore.translate(
-          'xpack.securitySolution.ruleDefine.indexTypeSelect.indexPattern',
-          {
-            defaultMessage: 'Index Patterns',
-          }
-        ),
+        label: i18n.INDEX_PATTERNS,
         iconType: field.value === DataSourceType.index_patterns ? 'checkInCircleFilled' : 'empty',
         'data-test-subj': `rule-index-toggle-${DataSourceType.index_patterns}`,
       },
       {
         id: DataSourceType.data_view,
-        label: i18nCore.translate('xpack.securitySolution.ruleDefine.indexTypeSelect.dataView', {
-          defaultMessage: 'Data View',
-        }),
+        label: i18n.DATA_VIEW,
         iconType: field.value === DataSourceType.data_view ? 'checkInCircleFilled' : 'empty',
         'data-test-subj': `rule-index-toggle-${DataSourceType.data_view}`,
       },
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/fields/data_source/index_pattern_edit.tsx b/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/fields/data_source/index_pattern_edit.tsx
index ec9f294af7612..81844af5f778f 100644
--- a/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/fields/data_source/index_pattern_edit.tsx
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/fields/data_source/index_pattern_edit.tsx
@@ -44,7 +44,7 @@ export function IndexPatternField({ field }: IndexPatternFieldProps): JSX.Elemen
             iconType="refresh"
             onClick={handleResetIndices}
           >
-            {i18n.RESET_DEFAULT_INDEX}
+            {i18n.RESET_TO_DEFAULT_INDEX_PATTERNS}
           </EuiButtonEmpty>
         ) : undefined
       }
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/fields/data_source/translations.tsx b/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/fields/data_source/translations.tsx
index c1aede50af35f..0c458f5a1761e 100644
--- a/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/fields/data_source/translations.tsx
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/fields/data_source/translations.tsx
@@ -7,8 +7,22 @@
 
 import { i18n } from '@kbn/i18n';
 
-export const RESET_DEFAULT_INDEX = i18n.translate(
-  'xpack.securitySolution.detectionEngine.createRule.stepDefineRule.resetDefaultIndicesButton',
+export const INDEX_PATTERNS = i18n.translate(
+  'xpack.securitySolution.ruleManagement.threeWayDiff.finalEdit.indexPatterns.label',
+  {
+    defaultMessage: 'Index patterns',
+  }
+);
+
+export const DATA_VIEW = i18n.translate(
+  'xpack.securitySolution.ruleManagement.threeWayDiff.finalEdit.dataViewSelector.name',
+  {
+    defaultMessage: 'Data view',
+  }
+);
+
+export const RESET_TO_DEFAULT_INDEX_PATTERNS = i18n.translate(
+  'xpack.securitySolution.ruleManagement.threeWayDiff.finalEdit.indexPatterns.resetToDefault',
   {
     defaultMessage: 'Reset to default index patterns',
   }
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/fields/hooks/use_data_view.ts b/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/fields/hooks/use_data_view.ts
new file mode 100644
index 0000000000000..4cfb307665308
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/fields/hooks/use_data_view.ts
@@ -0,0 +1,59 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { useEffect, useState } from 'react';
+import type { DataView } from '@kbn/data-views-plugin/common';
+import { useKibana } from '../../../../../../../../common/lib/kibana';
+
+type UseDataViewParams =
+  | { indexPatterns: string[]; dataViewId?: never }
+  | { indexPatterns?: never; dataViewId: string };
+
+interface UseDataViewResult {
+  dataView: DataView | undefined;
+  isLoading: boolean;
+}
+
+export function useDataView(indexPatternsOrDataViewId: UseDataViewParams): UseDataViewResult {
+  const {
+    data: { dataViews: dataViewsService },
+  } = useKibana().services;
+  const [dataView, setDataView] = useState<DataView | undefined>();
+  const [isLoading, setIsLoading] = useState(false);
+
+  useEffect(() => {
+    setIsLoading(true);
+
+    (async () => {
+      try {
+        if (indexPatternsOrDataViewId.indexPatterns) {
+          const indexPatternsDataView = await dataViewsService.create({
+            title: indexPatternsOrDataViewId.indexPatterns.join(','),
+            allowNoIndex: true,
+          });
+
+          setDataView(indexPatternsDataView);
+          return;
+        }
+
+        if (indexPatternsOrDataViewId.dataViewId) {
+          const ruleDataView = await dataViewsService.get(indexPatternsOrDataViewId.dataViewId);
+
+          setDataView(ruleDataView);
+        }
+      } finally {
+        setIsLoading(false);
+      }
+    })();
+  }, [
+    dataViewsService,
+    indexPatternsOrDataViewId.indexPatterns,
+    indexPatternsOrDataViewId.dataViewId,
+  ]);
+
+  return { dataView, isLoading };
+}
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/fields/hooks/use_diffable_rule_data_view.ts b/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/fields/hooks/use_diffable_rule_data_view.ts
new file mode 100644
index 0000000000000..40696287072e5
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/fields/hooks/use_diffable_rule_data_view.ts
@@ -0,0 +1,33 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { DataView } from '@kbn/data-views-plugin/common';
+import type { DiffableRule } from '../../../../../../../../../common/api/detection_engine';
+import { DataSourceType } from '../../../../../../../../../common/api/detection_engine';
+import { useDefaultIndexPattern } from '../../../../../../hooks/use_default_index_pattern';
+import { useDataView } from './use_data_view';
+
+interface UseDiffableRuleDataViewResult {
+  dataView: DataView | undefined;
+  isLoading: boolean;
+}
+
+export function useDiffableRuleDataView(diffableRule: DiffableRule): UseDiffableRuleDataViewResult {
+  const defaultIndexPattern = useDefaultIndexPattern();
+  const defaultDataSource = {
+    type: DataSourceType.index_patterns,
+    index_patterns: defaultIndexPattern,
+  } as const;
+  const dataSource =
+    ('data_source' in diffableRule && diffableRule.data_source) || defaultDataSource;
+
+  return useDataView(
+    dataSource.type === DataSourceType.index_patterns
+      ? { indexPatterns: dataSource.index_patterns }
+      : { dataViewId: dataSource.data_view_id }
+  );
+}
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/fields/kql_query/kql_query_edit.tsx b/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/fields/kql_query/kql_query_edit.tsx
index e1e4ddb0d14e9..8dbcc03e9783b 100644
--- a/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/fields/kql_query/kql_query_edit.tsx
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/fields/kql_query/kql_query_edit.tsx
@@ -9,31 +9,23 @@ import React, { useCallback } from 'react';
 import useToggle from 'react-use/lib/useToggle';
 import { css } from '@emotion/css';
 import { EuiButtonEmpty } from '@elastic/eui';
+import type { DataViewBase } from '@kbn/es-query';
 import { schema } from '../../../../../../../rule_creation_ui/components/step_define_rule/schema';
 import { HiddenField, UseField } from '../../../../../../../../shared_imports';
 import { QueryBarDefineRule } from '../../../../../../../rule_creation_ui/components/query_bar';
 import * as stepDefineRuleI18n from '../../../../../../../rule_creation_ui/components/step_define_rule/translations';
-import { useRuleIndexPattern } from '../../../../../../../rule_creation_ui/pages/form';
-import { DataSourceType as DataSourceTypeSnakeCase } from '../../../../../../../../../common/api/detection_engine';
 import type { DiffableRule } from '../../../../../../../../../common/api/detection_engine';
-import { useDefaultIndexPattern } from '../../../../../../hooks/use_default_index_pattern';
-import { DataSourceType } from '../../../../../../../../detections/pages/detection_engine/rules/types';
 import type { SetRuleQuery } from '../../../../../../../../detections/containers/detection_engine/rules/use_rule_from_timeline';
 import { useRuleFromTimeline } from '../../../../../../../../detections/containers/detection_engine/rules/use_rule_from_timeline';
 import { useGetSavedQuery } from '../../../../../../../../detections/pages/detection_engine/rules/use_get_saved_query';
 import type { RuleFieldEditComponentProps } from '../rule_field_edit_component_props';
+import { useDiffableRuleDataView } from '../hooks/use_diffable_rule_data_view';
 
 export function KqlQueryEdit({
   finalDiffableRule,
   setFieldValue,
 }: RuleFieldEditComponentProps): JSX.Element {
-  const defaultIndexPattern = useDefaultIndexPattern();
-  const indexPatternParameters = getRuleIndexPatternParameters(
-    finalDiffableRule,
-    defaultIndexPattern
-  );
-  const { indexPattern, isIndexPatternLoading } = useRuleIndexPattern(indexPatternParameters);
-
+  const { dataView, isLoading } = useDiffableRuleDataView(finalDiffableRule);
   const [isTimelineSearchOpen, toggleIsTimelineSearchOpen] = useToggle(false);
 
   const handleSetRuleFromTimeline = useCallback<SetRuleQuery>(
@@ -68,8 +60,8 @@ export function KqlQueryEdit({
         }}
         component={QueryBarDefineRule}
         componentProps={{
-          indexPattern,
-          isLoading: isIndexPatternLoading,
+          indexPattern: dataView ?? DEFAULT_DATA_VIEW,
+          isLoading,
           openTimelineSearch: isTimelineSearchOpen,
           onCloseTimelineSearch: toggleIsTimelineSearchOpen,
           onOpenTimeline,
@@ -82,6 +74,11 @@ export function KqlQueryEdit({
   );
 }
 
+const DEFAULT_DATA_VIEW: DataViewBase = {
+  fields: [],
+  title: '',
+};
+
 const timelineButtonClassName = css`
   height: 18px;
   font-size: 12px;
@@ -99,37 +96,6 @@ function ImportTimelineQueryButton({
   );
 }
 
-interface RuleIndexPatternParameters {
-  dataSourceType: DataSourceType;
-  index: string[];
-  dataViewId: string | undefined;
-}
-
-function getRuleIndexPatternParameters(
-  finalDiffableRule: DiffableRule,
-  defaultIndexPattern: string[]
-): RuleIndexPatternParameters {
-  if (!('data_source' in finalDiffableRule) || !finalDiffableRule.data_source) {
-    return {
-      dataSourceType: DataSourceType.IndexPatterns,
-      index: defaultIndexPattern,
-      dataViewId: undefined,
-    };
-  }
-  if (finalDiffableRule.data_source.type === DataSourceTypeSnakeCase.data_view) {
-    return {
-      dataSourceType: DataSourceType.DataView,
-      index: [],
-      dataViewId: finalDiffableRule.data_source.data_view_id,
-    };
-  }
-  return {
-    dataSourceType: DataSourceType.IndexPatterns,
-    index: finalDiffableRule.data_source.index_patterns,
-    dataViewId: undefined,
-  };
-}
-
 function getSavedQueryId(diffableRule: DiffableRule): string | undefined {
   if (diffableRule.type === 'saved_query' && 'saved_query_id' in diffableRule.kql_query) {
     return diffableRule.kql_query.saved_query_id;
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/fields/threshold_alert_suppression/form_schema.ts b/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/fields/threshold_alert_suppression/form_schema.ts
new file mode 100644
index 0000000000000..27443c6fd711a
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/fields/threshold_alert_suppression/form_schema.ts
@@ -0,0 +1,33 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { THRESHOLD_ALERT_SUPPRESSION_ENABLED } from '../../../../../../../rule_creation/components/threshold_alert_suppression_edit';
+import type {
+  ALERT_SUPPRESSION_DURATION_UNIT_FIELD_NAME,
+  ALERT_SUPPRESSION_DURATION_VALUE_FIELD_NAME,
+} from '../../../../../../../rule_creation/components/alert_suppression_edit';
+import { ALERT_SUPPRESSION_DURATION_FIELD_NAME } from '../../../../../../../rule_creation/components/alert_suppression_edit';
+import type { AlertSuppressionDurationUnit } from '../../../../../../../../../common/api/detection_engine';
+import { type FormSchema, FIELD_TYPES } from '../../../../../../../../shared_imports';
+
+export interface ThresholdAlertSuppressionFormData {
+  [THRESHOLD_ALERT_SUPPRESSION_ENABLED]: boolean;
+  [ALERT_SUPPRESSION_DURATION_FIELD_NAME]: {
+    [ALERT_SUPPRESSION_DURATION_VALUE_FIELD_NAME]: number;
+    [ALERT_SUPPRESSION_DURATION_UNIT_FIELD_NAME]: AlertSuppressionDurationUnit;
+  };
+}
+
+export const thresholdAlertSuppressionFormSchema = {
+  [THRESHOLD_ALERT_SUPPRESSION_ENABLED]: {
+    type: FIELD_TYPES.CHECKBOX,
+  },
+  [ALERT_SUPPRESSION_DURATION_FIELD_NAME]: {
+    value: {},
+    unit: {},
+  },
+} as FormSchema<ThresholdAlertSuppressionFormData>;
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/fields/threshold_alert_suppression/index.ts b/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/fields/threshold_alert_suppression/index.ts
new file mode 100644
index 0000000000000..8bfa035b5a964
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/fields/threshold_alert_suppression/index.ts
@@ -0,0 +1,8 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export * from './suppression_edit_form';
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/fields/threshold_alert_suppression/suppression_edit_form.tsx b/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/fields/threshold_alert_suppression/suppression_edit_form.tsx
new file mode 100644
index 0000000000000..af9f9db00cff2
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/fields/threshold_alert_suppression/suppression_edit_form.tsx
@@ -0,0 +1,70 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React from 'react';
+import {
+  THRESHOLD_ALERT_SUPPRESSION_ENABLED,
+  ThresholdAlertSuppressionEdit,
+} from '../../../../../../../rule_creation/components/threshold_alert_suppression_edit';
+import { ALERT_SUPPRESSION_DURATION_FIELD_NAME } from '../../../../../../../rule_creation/components/alert_suppression_edit';
+import { type FormData } from '../../../../../../../../shared_imports';
+import type { ThresholdAlertSuppression } from '../../../../../../../../../common/api/detection_engine';
+import { RuleFieldEditFormWrapper } from '../rule_field_edit_form_wrapper';
+import {
+  thresholdAlertSuppressionFormSchema,
+  type ThresholdAlertSuppressionFormData,
+} from './form_schema';
+import type { RuleFieldEditComponentProps } from '../rule_field_edit_component_props';
+
+export function ThresholdAlertSuppressionEditForm(): JSX.Element {
+  return (
+    <RuleFieldEditFormWrapper
+      component={ThresholdAlertSuppressionEditAdapter}
+      ruleFieldFormSchema={thresholdAlertSuppressionFormSchema}
+      deserializer={deserializer}
+      serializer={serializer}
+    />
+  );
+}
+
+function ThresholdAlertSuppressionEditAdapter({
+  finalDiffableRule,
+}: RuleFieldEditComponentProps): JSX.Element {
+  if (finalDiffableRule.type !== 'threshold') {
+    throw new Error('Threshold rule type expected');
+  }
+
+  const suppressibleFields = [finalDiffableRule.threshold.field].flat();
+
+  return <ThresholdAlertSuppressionEdit suppressionFieldNames={suppressibleFields} />;
+}
+
+function deserializer(defaultValue: FormData): ThresholdAlertSuppressionFormData {
+  const alertSuppression = defaultValue.alert_suppression as ThresholdAlertSuppression | undefined;
+
+  return {
+    [THRESHOLD_ALERT_SUPPRESSION_ENABLED]: Boolean(alertSuppression?.duration),
+    [ALERT_SUPPRESSION_DURATION_FIELD_NAME]: alertSuppression?.duration ?? {
+      value: 5,
+      unit: 'm',
+    },
+  };
+}
+
+function serializer(formData: FormData): { alert_suppression?: ThresholdAlertSuppression } {
+  const alertSuppressionFormData = formData as ThresholdAlertSuppressionFormData;
+
+  if (!alertSuppressionFormData[THRESHOLD_ALERT_SUPPRESSION_ENABLED]) {
+    return {};
+  }
+
+  return {
+    alert_suppression: {
+      duration: alertSuppressionFormData[ALERT_SUPPRESSION_DURATION_FIELD_NAME],
+    },
+  };
+}
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/final_edit.tsx b/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/final_edit.tsx
index 5c32c8edc7924..13bc3daa56037 100644
--- a/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/final_edit.tsx
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/final_edit.tsx
@@ -21,10 +21,14 @@ import type {
   UpgradeableThresholdFields,
   UpgradeableNewTermsFields,
   UpgradeableEqlFields,
+  UpgradeableEsqlFields,
+  UpgradeableMachineLearningFields,
 } from '../../../../model/prebuilt_rule_upgrade/fields';
 import { isCommonFieldName } from '../../../../model/prebuilt_rule_upgrade/fields';
 import { useFinalSideContext } from '../final_side/final_side_context';
 import { EqlRuleFieldEdit } from './eql_rule_field_edit';
+import { EsqlRuleFieldEdit } from './esql_rule_field_edit';
+import { MachineLearningRuleFieldEdit } from './machine_learning_rule_field_edit';
 
 export function FinalEdit() {
   const { finalDiffableRule } = useDiffableRuleContext();
@@ -44,13 +48,15 @@ export function FinalEdit() {
     case 'eql':
       return <EqlRuleFieldEdit fieldName={fieldName as UpgradeableEqlFields} />;
     case 'esql':
-      return <span>{'Rule type not yet implemented'}</span>;
+      return <EsqlRuleFieldEdit fieldName={fieldName as UpgradeableEsqlFields} />;
     case 'threat_match':
       return <ThreatMatchRuleFieldEdit fieldName={fieldName as UpgradeableThreatMatchFields} />;
     case 'threshold':
       return <ThresholdRuleFieldEdit fieldName={fieldName as UpgradeableThresholdFields} />;
     case 'machine_learning':
-      return <span>{'Rule type not yet implemented'}</span>;
+      return (
+        <MachineLearningRuleFieldEdit fieldName={fieldName as UpgradeableMachineLearningFields} />
+      );
     case 'new_terms':
       return <NewTermsRuleFieldEdit fieldName={fieldName as UpgradeableNewTermsFields} />;
     default:
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/machine_learning_rule_field_edit.tsx b/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/machine_learning_rule_field_edit.tsx
new file mode 100644
index 0000000000000..52b214b6a97dc
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/machine_learning_rule_field_edit.tsx
@@ -0,0 +1,23 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React from 'react';
+import type { UpgradeableMachineLearningFields } from '../../../../model/prebuilt_rule_upgrade/fields';
+import { AlertSuppressionEditForm } from './fields/alert_suppression';
+
+interface MachineLearningRuleFieldEditProps {
+  fieldName: UpgradeableMachineLearningFields;
+}
+
+export function MachineLearningRuleFieldEdit({ fieldName }: MachineLearningRuleFieldEditProps) {
+  switch (fieldName) {
+    case 'alert_suppression':
+      return <AlertSuppressionEditForm />;
+    default:
+      return null; // Will be replaced with `assertUnreachable(fieldName)` once all fields are implemented
+  }
+}
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/new_terms_rule_field_edit.tsx b/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/new_terms_rule_field_edit.tsx
index e5d01b3cfff7d..e2860d431affa 100644
--- a/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/new_terms_rule_field_edit.tsx
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/new_terms_rule_field_edit.tsx
@@ -9,6 +9,7 @@ import React from 'react';
 import type { UpgradeableNewTermsFields } from '../../../../model/prebuilt_rule_upgrade/fields';
 import { KqlQueryEditForm } from './fields/kql_query';
 import { DataSourceEditForm } from './fields/data_source';
+import { AlertSuppressionEditForm } from './fields/alert_suppression';
 
 interface NewTermsRuleFieldEditProps {
   fieldName: UpgradeableNewTermsFields;
@@ -20,6 +21,8 @@ export function NewTermsRuleFieldEdit({ fieldName }: NewTermsRuleFieldEditProps)
       return <KqlQueryEditForm />;
     case 'data_source':
       return <DataSourceEditForm />;
+    case 'alert_suppression':
+      return <AlertSuppressionEditForm />;
     default:
       return null; // Will be replaced with `assertUnreachable(fieldName)` once all fields are implemented
   }
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/saved_query_rule_field_edit.tsx b/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/saved_query_rule_field_edit.tsx
index 851b8f6c95fb5..b18b3203fdfb5 100644
--- a/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/saved_query_rule_field_edit.tsx
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/saved_query_rule_field_edit.tsx
@@ -9,6 +9,7 @@ import React from 'react';
 import type { UpgradeableSavedQueryFields } from '../../../../model/prebuilt_rule_upgrade/fields';
 import { KqlQueryEditForm } from './fields/kql_query';
 import { DataSourceEditForm } from './fields/data_source';
+import { AlertSuppressionEditForm } from './fields/alert_suppression';
 
 interface SavedQueryRuleFieldEditProps {
   fieldName: UpgradeableSavedQueryFields;
@@ -20,6 +21,8 @@ export function SavedQueryRuleFieldEdit({ fieldName }: SavedQueryRuleFieldEditPr
       return <KqlQueryEditForm />;
     case 'data_source':
       return <DataSourceEditForm />;
+    case 'alert_suppression':
+      return <AlertSuppressionEditForm />;
     default:
       return null; // Will be replaced with `assertUnreachable(fieldName)` once all fields are implemented
   }
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/threat_match_rule_field_edit.tsx b/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/threat_match_rule_field_edit.tsx
index 6a92f7372563e..2e7d52ae015fc 100644
--- a/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/threat_match_rule_field_edit.tsx
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/threat_match_rule_field_edit.tsx
@@ -9,6 +9,7 @@ import React from 'react';
 import type { UpgradeableThreatMatchFields } from '../../../../model/prebuilt_rule_upgrade/fields';
 import { KqlQueryEditForm } from './fields/kql_query';
 import { DataSourceEditForm } from './fields/data_source';
+import { AlertSuppressionEditForm } from './fields/alert_suppression';
 
 interface ThreatMatchRuleFieldEditProps {
   fieldName: UpgradeableThreatMatchFields;
@@ -20,6 +21,8 @@ export function ThreatMatchRuleFieldEdit({ fieldName }: ThreatMatchRuleFieldEdit
       return <KqlQueryEditForm />;
     case 'data_source':
       return <DataSourceEditForm />;
+    case 'alert_suppression':
+      return <AlertSuppressionEditForm />;
     default:
       return null; // Will be replaced with `assertUnreachable(fieldName)` once all fields are implemented
   }
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/threshold_rule_field_edit.tsx b/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/threshold_rule_field_edit.tsx
index d1fc2372d7a16..ad9efe076b5bc 100644
--- a/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/threshold_rule_field_edit.tsx
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/threshold_rule_field_edit.tsx
@@ -9,6 +9,7 @@ import React from 'react';
 import type { UpgradeableThresholdFields } from '../../../../model/prebuilt_rule_upgrade/fields';
 import { KqlQueryEditForm } from './fields/kql_query';
 import { DataSourceEditForm } from './fields/data_source';
+import { ThresholdAlertSuppressionEditForm } from './fields/threshold_alert_suppression';
 
 interface ThresholdRuleFieldEditProps {
   fieldName: UpgradeableThresholdFields;
@@ -20,6 +21,8 @@ export function ThresholdRuleFieldEdit({ fieldName }: ThresholdRuleFieldEditProp
       return <KqlQueryEditForm />;
     case 'data_source':
       return <DataSourceEditForm />;
+    case 'alert_suppression':
+      return <ThresholdAlertSuppressionEditForm />;
     default:
       return null; // Will be replaced with `assertUnreachable(fieldName)` once all fields are implemented
   }
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/__mocks__/mock.ts b/x-pack/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/__mocks__/mock.ts
index 70d5ee6b6038f..2802153a45679 100644
--- a/x-pack/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/__mocks__/mock.ts
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/__mocks__/mock.ts
@@ -14,12 +14,25 @@ import type {
 } from '../../../../../detections/pages/detection_engine/rules/types';
 import {
   DataSourceType,
-  GroupByOptions,
+  AlertSuppressionDurationType,
 } from '../../../../../detections/pages/detection_engine/rules/types';
 import type { FieldValueQueryBar } from '../../../../rule_creation_ui/components/query_bar';
 import { fillEmptySeverityMappings } from '../../../../../detections/pages/detection_engine/rules/helpers';
 import { getThreatMock } from '../../../../../../common/detection_engine/schemas/types/threat.mock';
-import type { RuleResponse, SavedQueryRule } from '../../../../../../common/api/detection_engine';
+import {
+  AlertSuppressionMissingFieldsStrategyEnum,
+  type RuleResponse,
+  type SavedQueryRule,
+} from '../../../../../../common/api/detection_engine';
+import {
+  ALERT_SUPPRESSION_DURATION_FIELD_NAME,
+  ALERT_SUPPRESSION_DURATION_TYPE_FIELD_NAME,
+  ALERT_SUPPRESSION_DURATION_UNIT_FIELD_NAME,
+  ALERT_SUPPRESSION_DURATION_VALUE_FIELD_NAME,
+  ALERT_SUPPRESSION_FIELDS_FIELD_NAME,
+  ALERT_SUPPRESSION_MISSING_FIELDS_FIELD_NAME,
+} from '../../../../rule_creation/components/alert_suppression_edit';
+import { THRESHOLD_ALERT_SUPPRESSION_ENABLED } from '../../../../rule_creation/components/threshold_alert_suppression_edit';
 
 export const mockQueryBar: FieldValueQueryBar = {
   query: {
@@ -248,13 +261,14 @@ export const mockDefineStepRule = (): DefineStepRule => ({
   newTermsFields: ['host.ip'],
   historyWindowSize: '7d',
   shouldLoadQueryDynamically: false,
-  groupByFields: [],
-  groupByRadioSelection: GroupByOptions.PerRuleExecution,
-  groupByDuration: {
-    unit: 'm',
-    value: 5,
+  [ALERT_SUPPRESSION_FIELDS_FIELD_NAME]: [],
+  [ALERT_SUPPRESSION_DURATION_TYPE_FIELD_NAME]: AlertSuppressionDurationType.PerRuleExecution,
+  [ALERT_SUPPRESSION_DURATION_FIELD_NAME]: {
+    [ALERT_SUPPRESSION_DURATION_VALUE_FIELD_NAME]: 5,
+    [ALERT_SUPPRESSION_DURATION_UNIT_FIELD_NAME]: 'm',
   },
-  enableThresholdSuppression: false,
+  [ALERT_SUPPRESSION_MISSING_FIELDS_FIELD_NAME]: AlertSuppressionMissingFieldsStrategyEnum.suppress,
+  [THRESHOLD_ALERT_SUPPRESSION_ENABLED]: false,
 });
 
 export const mockScheduleStepRule = (): ScheduleStepRule => ({
diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/use_rules_table_actions.tsx b/x-pack/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/use_rules_table_actions.tsx
index f3d0930d7c1fe..a4c85391a8063 100644
--- a/x-pack/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/use_rules_table_actions.tsx
+++ b/x-pack/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/use_rules_table_actions.tsx
@@ -25,6 +25,7 @@ import { useDownloadExportedRules } from '../../../rule_management/logic/bulk_ac
 import { useHasActionsPrivileges } from './use_has_actions_privileges';
 import type { TimeRange } from '../../../rule_gaps/types';
 import { useScheduleRuleRun } from '../../../rule_gaps/logic/use_schedule_rule_run';
+import { useIsPrebuiltRulesCustomizationEnabled } from '../../../rule_management/hooks/use_is_prebuilt_rules_customization_enabled';
 import { ManualRuleRunEventTypes } from '../../../../common/lib/telemetry';
 
 export const useRulesTableActions = ({
@@ -46,6 +47,7 @@ export const useRulesTableActions = ({
   const { bulkExport } = useBulkExport();
   const downloadExportedRules = useDownloadExportedRules();
   const { scheduleRuleRun } = useScheduleRuleRun();
+  const isPrebuiltRulesCustomizationEnabled = useIsPrebuiltRulesCustomizationEnabled();
 
   return [
     {
@@ -116,7 +118,7 @@ export const useRulesTableActions = ({
           await downloadExportedRules(response);
         }
       },
-      enabled: (rule: Rule) => !rule.immutable,
+      enabled: (rule: Rule) => isPrebuiltRulesCustomizationEnabled || !rule.immutable,
     },
     {
       type: 'icon',
diff --git a/x-pack/plugins/security_solution/public/detections/components/rules/rule_actions_overflow/index.tsx b/x-pack/plugins/security_solution/public/detections/components/rules/rule_actions_overflow/index.tsx
index a786b95979d43..f34fca18ca6e3 100644
--- a/x-pack/plugins/security_solution/public/detections/components/rules/rule_actions_overflow/index.tsx
+++ b/x-pack/plugins/security_solution/public/detections/components/rules/rule_actions_overflow/index.tsx
@@ -14,6 +14,7 @@ import {
 } from '@elastic/eui';
 import React, { useCallback, useMemo } from 'react';
 import styled from 'styled-components';
+import { useIsPrebuiltRulesCustomizationEnabled } from '../../../../detection_engine/rule_management/hooks/use_is_prebuilt_rules_customization_enabled';
 import { useScheduleRuleRun } from '../../../../detection_engine/rule_gaps/logic/use_schedule_rule_run';
 import type { TimeRange } from '../../../../detection_engine/rule_gaps/types';
 import { APP_UI_ID, SecurityPageName } from '../../../../../common/constants';
@@ -72,6 +73,7 @@ const RuleActionsOverflowComponent = ({
     application: { navigateToApp },
     telemetry,
   } = useKibana().services;
+  const isPrebuiltRulesCustomizationEnabled = useIsPrebuiltRulesCustomizationEnabled();
   const { startTransaction } = useStartTransaction();
   const { executeBulkAction } = useExecuteBulkAction({ suppressSuccessToast: true });
   const { bulkExport } = useBulkExport();
@@ -137,7 +139,10 @@ const RuleActionsOverflowComponent = ({
             <EuiContextMenuItem
               key={i18nActions.EXPORT_RULE}
               icon="exportAction"
-              disabled={!userHasPermissions || rule.immutable}
+              disabled={
+                !userHasPermissions ||
+                (isPrebuiltRulesCustomizationEnabled === false && rule.immutable)
+              }
               data-test-subj="rules-details-export-rule"
               onClick={async () => {
                 startTransaction({ name: SINGLE_RULE_ACTIONS.EXPORT });
@@ -203,21 +208,22 @@ const RuleActionsOverflowComponent = ({
           ]
         : [],
     [
-      bulkExport,
+      rule,
       canDuplicateRuleWithActions,
+      userHasPermissions,
+      isPrebuiltRulesCustomizationEnabled,
+      startTransaction,
       closePopover,
+      showBulkDuplicateExceptionsConfirmation,
       executeBulkAction,
       navigateToApp,
-      onRuleDeletedCallback,
-      rule,
-      showBulkDuplicateExceptionsConfirmation,
-      showManualRuleRunConfirmation,
-      startTransaction,
-      userHasPermissions,
+      bulkExport,
       downloadExportedRules,
-      confirmDeletion,
-      scheduleRuleRun,
+      showManualRuleRunConfirmation,
       telemetry,
+      scheduleRuleRun,
+      confirmDeletion,
+      onRuleDeletedCallback,
     ]
   );
 
diff --git a/x-pack/plugins/security_solution/public/detections/index.ts b/x-pack/plugins/security_solution/public/detections/index.ts
index 77d131377f9f5..1f9ce0b6fe012 100644
--- a/x-pack/plugins/security_solution/public/detections/index.ts
+++ b/x-pack/plugins/security_solution/public/detections/index.ts
@@ -12,6 +12,7 @@ import { getDataTablesInStorageByIds } from '../timelines/containers/local_stora
 import { routes } from './routes';
 import type { SecuritySubPlugin } from '../app/types';
 import { runDetectionMigrations } from './migrations';
+import type { StartPlugins } from '../types';
 
 export const DETECTIONS_TABLE_IDS: TableIdLiteral[] = [
   TableId.alertsOnRuleDetailsPage,
@@ -21,8 +22,8 @@ export const DETECTIONS_TABLE_IDS: TableIdLiteral[] = [
 export class Detections {
   public setup() {}
 
-  public start(storage: Storage): SecuritySubPlugin {
-    runDetectionMigrations();
+  public async start(storage: Storage, plugins: StartPlugins): Promise<SecuritySubPlugin> {
+    await runDetectionMigrations(storage, plugins);
 
     return {
       storageDataTables: {
diff --git a/x-pack/plugins/security_solution/public/detections/migrations.ts b/x-pack/plugins/security_solution/public/detections/migrations.ts
index 81009f63747a6..324abc443cb04 100644
--- a/x-pack/plugins/security_solution/public/detections/migrations.ts
+++ b/x-pack/plugins/security_solution/public/detections/migrations.ts
@@ -5,16 +5,21 @@
  * 2.0.
  */
 
-import { Storage } from '@kbn/kibana-utils-plugin/public';
+import type { Storage } from '@kbn/kibana-utils-plugin/public';
 import { migrateAlertPageControlsTo816 } from '../timelines/containers/local_storage/migrate_alert_page_controls';
+import type { StartPlugins } from '../types';
 
-type LocalStorageMigrator = (storage: Storage) => void;
+/* Migrator could be sync or async */
+type LocalStorageMigrator = (storage: Storage, plugins: StartPlugins) => void | Promise<void>;
 
-const runLocalStorageMigration = (fn: LocalStorageMigrator) => {
-  const storage = new Storage(localStorage);
-  fn(storage);
+const getLocalStorageMigrationRunner = (storage: Storage, plugins: StartPlugins) => {
+  const runLocalStorageMigration = async (fn: LocalStorageMigrator) => {
+    await fn(storage, plugins);
+  };
+  return runLocalStorageMigration;
 };
 
-export const runDetectionMigrations = () => {
-  runLocalStorageMigration(migrateAlertPageControlsTo816);
+export const runDetectionMigrations = async (storage: Storage, plugins: StartPlugins) => {
+  const runLocalStorageMigration = getLocalStorageMigrationRunner(storage, plugins);
+  await runLocalStorageMigration(migrateAlertPageControlsTo816);
 };
diff --git a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/helpers.test.tsx b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/helpers.test.tsx
index a1c9908c22053..210884f9754a1 100644
--- a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/helpers.test.tsx
+++ b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/helpers.test.tsx
@@ -36,6 +36,15 @@ import type {
   ActionsStepRule,
 } from './types';
 import { getThreatMock } from '../../../../../common/detection_engine/schemas/types/threat.mock';
+import {
+  ALERT_SUPPRESSION_DURATION_FIELD_NAME,
+  ALERT_SUPPRESSION_DURATION_TYPE_FIELD_NAME,
+  ALERT_SUPPRESSION_DURATION_UNIT_FIELD_NAME,
+  ALERT_SUPPRESSION_DURATION_VALUE_FIELD_NAME,
+  ALERT_SUPPRESSION_FIELDS_FIELD_NAME,
+  ALERT_SUPPRESSION_MISSING_FIELDS_FIELD_NAME,
+} from '../../../../detection_engine/rule_creation/components/alert_suppression_edit';
+import { THRESHOLD_ALERT_SUPPRESSION_ENABLED } from '../../../../detection_engine/rule_creation/components/threshold_alert_suppression_edit';
 
 describe('rule helpers', () => {
   moment.suppressDeprecationWarnings = true;
@@ -116,16 +125,16 @@ describe('rule helpers', () => {
           eventCategoryField: undefined,
           tiebreakerField: undefined,
         },
-        groupByFields: ['host.name'],
-        groupByDuration: {
-          value: 5,
-          unit: 'm',
+        [ALERT_SUPPRESSION_FIELDS_FIELD_NAME]: ['host.name'],
+        [ALERT_SUPPRESSION_DURATION_FIELD_NAME]: {
+          [ALERT_SUPPRESSION_DURATION_VALUE_FIELD_NAME]: 5,
+          [ALERT_SUPPRESSION_DURATION_UNIT_FIELD_NAME]: 'm',
         },
-        groupByRadioSelection: 'per-rule-execution',
+        [ALERT_SUPPRESSION_DURATION_TYPE_FIELD_NAME]: 'per-rule-execution',
         newTermsFields: ['host.name'],
         historyWindowSize: '7d',
-        suppressionMissingFields: expect.any(String),
-        enableThresholdSuppression: false,
+        [ALERT_SUPPRESSION_MISSING_FIELDS_FIELD_NAME]: expect.any(String),
+        [THRESHOLD_ALERT_SUPPRESSION_ENABLED]: false,
       };
 
       const aboutRuleStepData: AboutStepRule = {
@@ -294,7 +303,8 @@ describe('rule helpers', () => {
       test('returns default suppress value in suppress strategy is missing', () => {
         const result: DefineStepRule = getDefineStepsData(mockRule('test-id'));
         const expected = expect.objectContaining({
-          suppressionMissingFields: AlertSuppressionMissingFieldsStrategyEnum.suppress,
+          [ALERT_SUPPRESSION_MISSING_FIELDS_FIELD_NAME]:
+            AlertSuppressionMissingFieldsStrategyEnum.suppress,
         });
 
         expect(result).toEqual(expected);
@@ -309,7 +319,8 @@ describe('rule helpers', () => {
           },
         });
         const expected = expect.objectContaining({
-          suppressionMissingFields: AlertSuppressionMissingFieldsStrategyEnum.doNotSuppress,
+          [ALERT_SUPPRESSION_MISSING_FIELDS_FIELD_NAME]:
+            AlertSuppressionMissingFieldsStrategyEnum.doNotSuppress,
         });
 
         expect(result).toEqual(expected);
diff --git a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/helpers.tsx b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/helpers.tsx
index 8fccd1fb8ac73..2b187928a17f5 100644
--- a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/helpers.tsx
+++ b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/helpers.tsx
@@ -22,6 +22,13 @@ import { ENDPOINT_LIST_ID } from '@kbn/securitysolution-list-constants';
 import type { Filter } from '@kbn/es-query';
 import type { ActionVariables } from '@kbn/triggers-actions-ui-plugin/public';
 import { requiredOptional } from '@kbn/zod-helpers';
+import {
+  ALERT_SUPPRESSION_FIELDS_FIELD_NAME,
+  ALERT_SUPPRESSION_DURATION_TYPE_FIELD_NAME,
+  ALERT_SUPPRESSION_DURATION_FIELD_NAME,
+  ALERT_SUPPRESSION_MISSING_FIELDS_FIELD_NAME,
+} from '../../../../detection_engine/rule_creation/components/alert_suppression_edit';
+import { THRESHOLD_ALERT_SUPPRESSION_ENABLED } from '../../../../detection_engine/rule_creation/components/threshold_alert_suppression_edit';
 import type { ResponseAction } from '../../../../../common/api/detection_engine/model/rule_response_actions';
 import { normalizeThresholdField } from '../../../../../common/detection_engine/utils';
 import { assertUnreachable } from '../../../../../common/utility_types';
@@ -36,7 +43,7 @@ import type {
   ScheduleStepRule,
   ActionsStepRule,
 } from './types';
-import { DataSourceType, GroupByOptions } from './types';
+import { DataSourceType, AlertSuppressionDurationType } from './types';
 import { severityOptions } from '../../../../detection_engine/rule_creation_ui/components/step_about_rule/data';
 import { DEFAULT_SUPPRESSION_MISSING_FIELDS_STRATEGY } from '../../../../../common/detection_engine/constants';
 import type { RuleAction, RuleResponse } from '../../../../../common/api/detection_engine';
@@ -156,27 +163,28 @@ export const getDefineStepsData = (rule: RuleResponse): DefineStepRule => ({
       ? convertHistoryStartToSize(rule.history_window_start)
       : '7d',
   shouldLoadQueryDynamically: Boolean(rule.type === 'saved_query' && rule.saved_id),
-  groupByFields:
+  [ALERT_SUPPRESSION_FIELDS_FIELD_NAME]:
     ('alert_suppression' in rule &&
       rule.alert_suppression &&
       'group_by' in rule.alert_suppression &&
       rule.alert_suppression.group_by) ||
     [],
-  groupByRadioSelection:
+  [ALERT_SUPPRESSION_DURATION_TYPE_FIELD_NAME]:
     'alert_suppression' in rule && rule.alert_suppression?.duration
-      ? GroupByOptions.PerTimePeriod
-      : GroupByOptions.PerRuleExecution,
-  groupByDuration: ('alert_suppression' in rule && rule.alert_suppression?.duration) || {
+      ? AlertSuppressionDurationType.PerTimePeriod
+      : AlertSuppressionDurationType.PerRuleExecution,
+  [ALERT_SUPPRESSION_DURATION_FIELD_NAME]: ('alert_suppression' in rule &&
+    rule.alert_suppression?.duration) || {
     value: 5,
     unit: 'm',
   },
-  suppressionMissingFields:
+  [ALERT_SUPPRESSION_MISSING_FIELDS_FIELD_NAME]:
     ('alert_suppression' in rule &&
       rule.alert_suppression &&
       'missing_fields_strategy' in rule.alert_suppression &&
       rule.alert_suppression.missing_fields_strategy) ||
     DEFAULT_SUPPRESSION_MISSING_FIELDS_STRATEGY,
-  enableThresholdSuppression: Boolean(
+  [THRESHOLD_ALERT_SUPPRESSION_ENABLED]: Boolean(
     'alert_suppression' in rule && rule.alert_suppression?.duration
   ),
 });
diff --git a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/types.ts b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/types.ts
index 01ccdb4c599e1..cf2c3264f3150 100644
--- a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/types.ts
+++ b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/types.ts
@@ -23,6 +23,13 @@ import type {
 } from '@kbn/alerting-plugin/common';
 import type { DataViewListItem } from '@kbn/data-views-plugin/common';
 
+import type {
+  ALERT_SUPPRESSION_DURATION_FIELD_NAME,
+  ALERT_SUPPRESSION_DURATION_TYPE_FIELD_NAME,
+  ALERT_SUPPRESSION_FIELDS_FIELD_NAME,
+  ALERT_SUPPRESSION_MISSING_FIELDS_FIELD_NAME,
+} from '../../../../detection_engine/rule_creation/components/alert_suppression_edit';
+import type { THRESHOLD_ALERT_SUPPRESSION_ENABLED } from '../../../../detection_engine/rule_creation/components/threshold_alert_suppression_edit';
 import type { FieldValueQueryBar } from '../../../../detection_engine/rule_creation_ui/components/query_bar';
 import type { FieldValueTimeline } from '../../../../detection_engine/rule_creation/components/pick_timeline';
 import type { FieldValueThreshold } from '../../../../detection_engine/rule_creation_ui/components/threshold_input';
@@ -132,7 +139,7 @@ export enum DataSourceType {
   DataView = 'dataView',
 }
 
-export enum GroupByOptions {
+export enum AlertSuppressionDurationType {
   PerRuleExecution = 'per-rule-execution',
   PerTimePeriod = 'per-time-period',
 }
@@ -162,11 +169,11 @@ export interface DefineStepRule {
   newTermsFields: string[];
   historyWindowSize: string;
   shouldLoadQueryDynamically: boolean;
-  groupByFields: string[];
-  groupByRadioSelection: GroupByOptions;
-  groupByDuration: Duration;
-  suppressionMissingFields?: AlertSuppressionMissingFieldsStrategy;
-  enableThresholdSuppression: boolean;
+  [ALERT_SUPPRESSION_FIELDS_FIELD_NAME]: string[];
+  [ALERT_SUPPRESSION_DURATION_TYPE_FIELD_NAME]: AlertSuppressionDurationType;
+  [ALERT_SUPPRESSION_DURATION_FIELD_NAME]: Duration;
+  [ALERT_SUPPRESSION_MISSING_FIELDS_FIELD_NAME]: AlertSuppressionMissingFieldsStrategy;
+  [THRESHOLD_ALERT_SUPPRESSION_ENABLED]: boolean;
 }
 
 export interface QueryDefineStep {
diff --git a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/utils.ts b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/utils.ts
index 4f40eee5d6978..55a461d946834 100644
--- a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/utils.ts
+++ b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/utils.ts
@@ -6,12 +6,20 @@
  */
 
 import type { Type } from '@kbn/securitysolution-io-ts-alerting-types';
+import {
+  ALERT_SUPPRESSION_DURATION_FIELD_NAME,
+  ALERT_SUPPRESSION_DURATION_TYPE_FIELD_NAME,
+  ALERT_SUPPRESSION_FIELDS_FIELD_NAME,
+  ALERT_SUPPRESSION_MISSING_FIELDS_FIELD_NAME,
+  ALERT_SUPPRESSION_DEFAULT_DURATION,
+} from '../../../../detection_engine/rule_creation/components/alert_suppression_edit';
+import { THRESHOLD_ALERT_SUPPRESSION_ENABLED } from '../../../../detection_engine/rule_creation/components/threshold_alert_suppression_edit';
 import { isThreatMatchRule } from '../../../../../common/detection_engine/utils';
 import { DEFAULT_TIMELINE_TITLE } from '../../../../timelines/components/timeline/translations';
 import { DEFAULT_MAX_SIGNALS, DEFAULT_THREAT_MATCH_QUERY } from '../../../../../common/constants';
 import { DEFAULT_SUPPRESSION_MISSING_FIELDS_STRATEGY } from '../../../../../common/detection_engine/constants';
 import type { AboutStepRule, DefineStepRule, RuleStepsOrder, ScheduleStepRule } from './types';
-import { DataSourceType, GroupByOptions, RuleStep } from './types';
+import { DataSourceType, AlertSuppressionDurationType, RuleStep } from './types';
 import { fillEmptySeverityMappings } from './helpers';
 
 export const ruleStepsOrder: RuleStepsOrder = [
@@ -66,14 +74,11 @@ export const stepDefineDefaultValue: DefineStepRule = {
   newTermsFields: [],
   historyWindowSize: '7d',
   shouldLoadQueryDynamically: false,
-  groupByFields: [],
-  groupByRadioSelection: GroupByOptions.PerRuleExecution,
-  groupByDuration: {
-    value: 5,
-    unit: 'm',
-  },
-  suppressionMissingFields: DEFAULT_SUPPRESSION_MISSING_FIELDS_STRATEGY,
-  enableThresholdSuppression: false,
+  [ALERT_SUPPRESSION_FIELDS_FIELD_NAME]: [],
+  [ALERT_SUPPRESSION_DURATION_TYPE_FIELD_NAME]: AlertSuppressionDurationType.PerRuleExecution,
+  [ALERT_SUPPRESSION_DURATION_FIELD_NAME]: ALERT_SUPPRESSION_DEFAULT_DURATION,
+  [ALERT_SUPPRESSION_MISSING_FIELDS_FIELD_NAME]: DEFAULT_SUPPRESSION_MISSING_FIELDS_STRATEGY,
+  [THRESHOLD_ALERT_SUPPRESSION_ENABLED]: false,
 };
 
 export const stepAboutDefaultValue: AboutStepRule = {
diff --git a/x-pack/plugins/security_solution/public/entity_analytics/components/entity_store/components/enablement_modal.test.tsx b/x-pack/plugins/security_solution/public/entity_analytics/components/entity_store/components/enablement_modal.test.tsx
new file mode 100644
index 0000000000000..cccccb175ff19
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/entity_analytics/components/entity_store/components/enablement_modal.test.tsx
@@ -0,0 +1,176 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React from 'react';
+import { fireEvent, render, screen } from '@testing-library/react';
+import { EntityStoreEnablementModal } from './enablement_modal';
+import { TestProviders } from '../../../../common/mock';
+import type { EntityAnalyticsPrivileges } from '../../../../../common/api/entity_analytics';
+import type { RiskEngineMissingPrivilegesResponse } from '../../../hooks/use_missing_risk_engine_privileges';
+
+const mockToggle = jest.fn();
+const mockEnableStore = jest.fn(() => jest.fn());
+
+const mockUseEntityEnginePrivileges = jest.fn();
+jest.mock('../hooks/use_entity_engine_privileges', () => ({
+  useEntityEnginePrivileges: () => mockUseEntityEnginePrivileges(),
+}));
+
+const mockUseMissingRiskEnginePrivileges = jest.fn();
+jest.mock('../../../hooks/use_missing_risk_engine_privileges', () => ({
+  useMissingRiskEnginePrivileges: () => mockUseMissingRiskEnginePrivileges(),
+}));
+
+const defaultProps = {
+  visible: true,
+  toggle: mockToggle,
+  enableStore: mockEnableStore,
+  riskScore: { disabled: false, checked: false },
+  entityStore: { disabled: false, checked: false },
+};
+
+const allEntityEnginePrivileges: EntityAnalyticsPrivileges = {
+  has_all_required: true,
+  privileges: {
+    elasticsearch: {
+      cluster: {
+        manage_enrich: true,
+      },
+      index: { 'logs-*': { read: false, view_index_metadata: true } },
+    },
+    kibana: {
+      'saved_object:entity-engine-status/all': true,
+    },
+  },
+};
+
+const missingEntityEnginePrivileges: EntityAnalyticsPrivileges = {
+  has_all_required: false,
+  privileges: {
+    elasticsearch: {
+      cluster: {
+        manage_enrich: false,
+      },
+      index: { 'logs-*': { read: false, view_index_metadata: false } },
+    },
+    kibana: {
+      'saved_object:entity-engine-status/all': false,
+    },
+  },
+};
+
+const allRiskEnginePrivileges: RiskEngineMissingPrivilegesResponse = {
+  hasAllRequiredPrivileges: true,
+  isLoading: false,
+};
+
+const missingRiskEnginePrivileges: RiskEngineMissingPrivilegesResponse = {
+  isLoading: false,
+  hasAllRequiredPrivileges: false,
+  missingPrivileges: {
+    clusterPrivileges: [],
+    indexPrivileges: [],
+  },
+};
+
+const renderComponent = (props = defaultProps) => {
+  return render(<EntityStoreEnablementModal {...props} />, { wrapper: TestProviders });
+};
+
+describe('EntityStoreEnablementModal', () => {
+  beforeEach(() => {
+    jest.clearAllMocks();
+  });
+
+  describe('with all privileges', () => {
+    beforeEach(() => {
+      mockUseEntityEnginePrivileges.mockReturnValue({
+        data: allEntityEnginePrivileges,
+        isLoading: false,
+      });
+
+      mockUseMissingRiskEnginePrivileges.mockReturnValue(allRiskEnginePrivileges);
+    });
+
+    it('should render the modal when visible is true', () => {
+      renderComponent();
+      expect(screen.getByRole('dialog')).toBeInTheDocument();
+    });
+
+    it('should not render the modal when visible is false', () => {
+      renderComponent({ ...defaultProps, visible: false });
+      expect(screen.queryByRole('dialog')).not.toBeInTheDocument();
+    });
+
+    it('should call toggle function when cancel button is clicked', () => {
+      renderComponent();
+      fireEvent.click(screen.getByText('Cancel'));
+      expect(mockToggle).toHaveBeenCalledWith(false);
+    });
+
+    it('should call enableStore function when enable button is clicked', () => {
+      renderComponent({
+        ...defaultProps,
+        riskScore: { ...defaultProps.riskScore, checked: true },
+        entityStore: { ...defaultProps.entityStore, checked: true },
+      });
+      fireEvent.click(screen.getByText('Enable'));
+      expect(mockEnableStore).toHaveBeenCalledWith({ riskScore: true, entityStore: true });
+    });
+
+    it('should display proceed warning when no enablement options are selected', () => {
+      renderComponent();
+      expect(screen.getByText('Please enable at least one option to proceed.')).toBeInTheDocument();
+    });
+
+    it('should disable the enable button when enablementOptions are false', () => {
+      renderComponent({
+        ...defaultProps,
+        riskScore: { ...defaultProps.riskScore, checked: false },
+        entityStore: { ...defaultProps.entityStore, checked: false },
+      });
+
+      const enableButton = screen.getByRole('button', { name: /Enable/i });
+      expect(enableButton).toBeDisabled();
+    });
+
+    it('should not show entity engine missing privileges warning when no missing privileges', () => {
+      renderComponent();
+      expect(
+        screen.queryByTestId('callout-missing-entity-store-privileges')
+      ).not.toBeInTheDocument();
+    });
+
+    it('should not show risk engine missing privileges warning when no missing privileges', () => {
+      renderComponent();
+      expect(
+        screen.queryByTestId('callout-missing-risk-engine-privileges')
+      ).not.toBeInTheDocument();
+    });
+  });
+
+  describe('with no privileges', () => {
+    beforeEach(() => {
+      mockUseEntityEnginePrivileges.mockReturnValue({
+        data: missingEntityEnginePrivileges,
+        isLoading: false,
+      });
+
+      mockUseMissingRiskEnginePrivileges.mockReturnValue(missingRiskEnginePrivileges);
+    });
+
+    it('should show entity engine missing privileges warning when missing privileges', () => {
+      renderComponent();
+      expect(screen.getByTestId('callout-missing-entity-store-privileges')).toBeInTheDocument();
+    });
+
+    it('should show risk engine missing privileges warning when missing privileges', () => {
+      renderComponent();
+      expect(screen.getByTestId('callout-missing-risk-engine-privileges')).toBeInTheDocument();
+    });
+  });
+});
diff --git a/x-pack/plugins/security_solution/public/entity_analytics/components/entity_store/components/enablement_modal.tsx b/x-pack/plugins/security_solution/public/entity_analytics/components/entity_store/components/enablement_modal.tsx
index 6c2528620eb4c..4252f71ec4baa 100644
--- a/x-pack/plugins/security_solution/public/entity_analytics/components/entity_store/components/enablement_modal.tsx
+++ b/x-pack/plugins/security_solution/public/entity_analytics/components/entity_store/components/enablement_modal.tsx
@@ -20,16 +20,22 @@ import {
   EuiButtonEmpty,
   EuiBetaBadge,
   EuiToolTip,
+  EuiCallOut,
+  useEuiTheme,
 } from '@elastic/eui';
+import { css } from '@emotion/react';
 import React, { useState } from 'react';
 import { FormattedMessage } from '@kbn/i18n-react';
 import { TECHNICAL_PREVIEW, TECHNICAL_PREVIEW_TOOLTIP } from '../../../../common/translations';
 import {
   ENABLEMENT_DESCRIPTION_RISK_ENGINE_ONLY,
   ENABLEMENT_DESCRIPTION_ENTITY_STORE_ONLY,
+  ENABLEMENT_WARNING_SELECT_TO_PROCEED,
 } from '../translations';
 import { useEntityEnginePrivileges } from '../hooks/use_entity_engine_privileges';
 import { MissingPrivilegesCallout } from './missing_privileges_callout';
+import { useMissingRiskEnginePrivileges } from '../../../hooks/use_missing_risk_engine_privileges';
+import { RiskEnginePrivilegesCallOut } from '../../risk_engine_privileges_callout';
 
 export interface Enablements {
   riskScore: boolean;
@@ -57,15 +63,30 @@ export const EntityStoreEnablementModal: React.FC<EntityStoreEnablementModalProp
   riskScore,
   entityStore,
 }) => {
+  const { euiTheme } = useEuiTheme();
   const [enablements, setEnablements] = useState({
     riskScore: !!riskScore.checked,
     entityStore: !!entityStore.checked,
   });
-  const { data: privileges, isLoading: isLoadingPrivileges } = useEntityEnginePrivileges();
+  const { data: entityEnginePrivileges, isLoading: isLoadingEntityEnginePrivileges } =
+    useEntityEnginePrivileges();
+  const riskEnginePrivileges = useMissingRiskEnginePrivileges();
+  const enablementOptions = enablements.riskScore || enablements.entityStore;
 
   if (!visible) {
     return null;
   }
+  const proceedWarning = (
+    <EuiCallOut
+      size="s"
+      color="danger"
+      css={css`
+        border-radius: ${euiTheme.border.radius.medium};
+      `}
+    >
+      <p>{ENABLEMENT_WARNING_SELECT_TO_PROCEED}</p>
+    </EuiCallOut>
+  );
   return (
     <EuiModal onClose={() => toggle(false)}>
       <EuiModalHeader>
@@ -88,15 +109,22 @@ export const EntityStoreEnablementModal: React.FC<EntityStoreEnablementModalProp
                 />
               }
               checked={enablements.riskScore}
-              disabled={riskScore.disabled || false}
+              disabled={
+                riskScore.disabled ||
+                (!riskEnginePrivileges.isLoading && !riskEnginePrivileges?.hasAllRequiredPrivileges)
+              }
               onChange={() => setEnablements((prev) => ({ ...prev, riskScore: !prev.riskScore }))}
             />
           </EuiFlexItem>
+          {!riskEnginePrivileges.isLoading && !riskEnginePrivileges.hasAllRequiredPrivileges && (
+            <EuiFlexItem>
+              <RiskEnginePrivilegesCallOut privileges={riskEnginePrivileges} />
+            </EuiFlexItem>
+          )}
           <EuiFlexItem>
             <EuiText>{ENABLEMENT_DESCRIPTION_RISK_ENGINE_ONLY}</EuiText>
           </EuiFlexItem>
           <EuiHorizontalRule margin="none" />
-
           <EuiFlexItem>
             <EuiFlexGroup justifyContent="flexStart">
               <EuiSwitch
@@ -108,7 +136,8 @@ export const EntityStoreEnablementModal: React.FC<EntityStoreEnablementModalProp
                 }
                 checked={enablements.entityStore}
                 disabled={
-                  entityStore.disabled || (!isLoadingPrivileges && !privileges?.has_all_required)
+                  entityStore.disabled ||
+                  (!isLoadingEntityEnginePrivileges && !entityEnginePrivileges?.has_all_required)
                 }
                 onChange={() =>
                   setEnablements((prev) => ({ ...prev, entityStore: !prev.entityStore }))
@@ -119,9 +148,9 @@ export const EntityStoreEnablementModal: React.FC<EntityStoreEnablementModalProp
               </EuiToolTip>
             </EuiFlexGroup>
           </EuiFlexItem>
-          {!privileges || privileges.has_all_required ? null : (
+          {!entityEnginePrivileges || entityEnginePrivileges.has_all_required ? null : (
             <EuiFlexItem>
-              <MissingPrivilegesCallout privileges={privileges} />
+              <MissingPrivilegesCallout privileges={entityEnginePrivileges} />
             </EuiFlexItem>
           )}
           <EuiFlexItem>
@@ -131,13 +160,25 @@ export const EntityStoreEnablementModal: React.FC<EntityStoreEnablementModalProp
       </EuiModalBody>
 
       <EuiModalFooter>
-        <EuiButtonEmpty onClick={() => toggle(false)}>{'Cancel'}</EuiButtonEmpty>
-        <EuiButton onClick={enableStore(enablements)} fill>
-          <FormattedMessage
-            id="xpack.securitySolution.entityAnalytics.enablements.modal.enable"
-            defaultMessage="Enable"
-          />
-        </EuiButton>
+        <EuiFlexGroup justifyContent="flexEnd" alignItems="center">
+          {!enablementOptions ? <EuiFlexItem>{proceedWarning}</EuiFlexItem> : null}
+          <EuiFlexItem grow={false}>
+            <EuiFlexGroup direction="row" justifyContent="flexEnd">
+              <EuiButtonEmpty onClick={() => toggle(false)}>{'Cancel'}</EuiButtonEmpty>
+              <EuiButton
+                onClick={enableStore(enablements)}
+                fill
+                isDisabled={!enablementOptions}
+                aria-disabled={!enablementOptions}
+              >
+                <FormattedMessage
+                  id="xpack.securitySolution.entityAnalytics.enablements.modal.enable"
+                  defaultMessage="Enable"
+                />
+              </EuiButton>
+            </EuiFlexGroup>
+          </EuiFlexItem>
+        </EuiFlexGroup>
       </EuiModalFooter>
     </EuiModal>
   );
diff --git a/x-pack/plugins/security_solution/public/entity_analytics/components/entity_store/translations.ts b/x-pack/plugins/security_solution/public/entity_analytics/components/entity_store/translations.ts
index 4c113dd533acb..f2920612543d9 100644
--- a/x-pack/plugins/security_solution/public/entity_analytics/components/entity_store/translations.ts
+++ b/x-pack/plugins/security_solution/public/entity_analytics/components/entity_store/translations.ts
@@ -62,3 +62,10 @@ export const ENABLEMENT_DESCRIPTION_BOTH = i18n.translate(
       'Your entity store is currently empty. Add information about your entities directly from your logs, or import them using a text file.',
   }
 );
+
+export const ENABLEMENT_WARNING_SELECT_TO_PROCEED = i18n.translate(
+  'xpack.securitySolution.entityAnalytics.entityStore.enablement.description.enablementWarningMessage',
+  {
+    defaultMessage: 'Please enable at least one option to proceed.',
+  }
+);
diff --git a/x-pack/plugins/security_solution/public/explore/network/components/embeddables/embedded_map.tsx b/x-pack/plugins/security_solution/public/explore/network/components/embeddables/embedded_map.tsx
index 3f3a5431c2c1d..bdd86a09ba231 100644
--- a/x-pack/plugins/security_solution/public/explore/network/components/embeddables/embedded_map.tsx
+++ b/x-pack/plugins/security_solution/public/explore/network/components/embeddables/embedded_map.tsx
@@ -40,11 +40,6 @@ interface EmbeddableMapProps {
 const EmbeddableMapRatioHolder = styled.div.attrs(() => ({
   className: 'siemEmbeddable__map',
 }))<EmbeddableMapProps>`
-  .embPanel {
-    border: none;
-    box-shadow: none;
-  }
-
   .mapToolbarOverlay__button {
     display: none;
   }
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/graph_preview_container.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/graph_preview_container.test.tsx
index d44321a4926bd..ae907af316dc9 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/graph_preview_container.test.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/graph_preview_container.test.tsx
@@ -28,15 +28,6 @@ jest.mock('../hooks/use_fetch_graph_data', () => ({
 }));
 const mockUseFetchGraphData = useFetchGraphData as jest.Mock;
 
-const mockUseUiSetting = jest.fn().mockReturnValue([false]);
-jest.mock('@kbn/kibana-react-plugin/public', () => {
-  const original = jest.requireActual('@kbn/kibana-react-plugin/public');
-  return {
-    ...original,
-    useUiSetting$: () => mockUseUiSetting(),
-  };
-});
-
 const mockGraph = () => <div data-test-subj={GRAPH_PREVIEW_TEST_ID} />;
 
 jest.mock('@kbn/cloud-security-posture-graph', () => {
@@ -64,7 +55,11 @@ describe('<GraphPreviewContainer />', () => {
       data: { nodes: [], edges: [] },
     });
 
+    const timestamp = new Date().toISOString();
+
     (useGraphPreview as jest.Mock).mockReturnValue({
+      timestamp,
+      eventIds: [],
       isAuditLog: true,
     });
 
@@ -87,9 +82,23 @@ describe('<GraphPreviewContainer />', () => {
     expect(
       getByTestId(EXPANDABLE_PANEL_HEADER_TITLE_TEXT_TEST_ID(GRAPH_PREVIEW_TEST_ID))
     ).toBeInTheDocument();
+    expect(mockUseFetchGraphData).toHaveBeenCalled();
+    expect(mockUseFetchGraphData.mock.calls[0][0]).toEqual({
+      req: {
+        query: {
+          eventIds: [],
+          start: `${timestamp}||-30m`,
+          end: `${timestamp}||+30m`,
+        },
+      },
+      options: {
+        enabled: true,
+        refetchOnWindowFocus: false,
+      },
+    });
   });
 
-  it('should render error message and text in header', () => {
+  it('should not render when graph data is not available', () => {
     mockUseFetchGraphData.mockReturnValue({
       isLoading: false,
       isError: false,
@@ -100,10 +109,10 @@ describe('<GraphPreviewContainer />', () => {
       isAuditLog: false,
     });
 
-    const { getByTestId } = renderGraphPreview();
+    const { queryByTestId } = renderGraphPreview();
 
     expect(
-      getByTestId(EXPANDABLE_PANEL_HEADER_TITLE_TEXT_TEST_ID(GRAPH_PREVIEW_TEST_ID))
-    ).toBeInTheDocument();
+      queryByTestId(EXPANDABLE_PANEL_HEADER_TITLE_TEXT_TEST_ID(GRAPH_PREVIEW_TEST_ID))
+    ).not.toBeInTheDocument();
   });
 });
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/graph_preview_container.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/graph_preview_container.tsx
index af9e8dca1f24f..0b881b8f8d439 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/graph_preview_container.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/graph_preview_container.tsx
@@ -14,57 +14,60 @@ import { useFetchGraphData } from '../hooks/use_fetch_graph_data';
 import { useGraphPreview } from '../hooks/use_graph_preview';
 import { ExpandablePanel } from '../../../shared/components/expandable_panel';
 
-const DEFAULT_FROM = 'now-60d/d';
-const DEFAULT_TO = 'now/d';
-
 /**
  * Graph preview under Overview, Visualizations. It shows a graph representation of entities.
  */
 export const GraphPreviewContainer: React.FC = () => {
   const { dataAsNestedObject, getFieldsData } = useDocumentDetailsContext();
 
-  const { eventIds } = useGraphPreview({
+  const {
+    eventIds,
+    timestamp = new Date().toISOString(),
+    isAuditLog,
+  } = useGraphPreview({
     getFieldsData,
     ecsData: dataAsNestedObject,
   });
 
   // TODO: default start and end might not capture the original event
-  const graphFetchQuery = useFetchGraphData({
+  const { isLoading, isError, data } = useFetchGraphData({
     req: {
       query: {
         eventIds,
-        start: DEFAULT_FROM,
-        end: DEFAULT_TO,
+        start: `${timestamp}||-30m`,
+        end: `${timestamp}||+30m`,
       },
     },
+    options: {
+      enabled: isAuditLog,
+      refetchOnWindowFocus: false,
+    },
   });
 
   return (
-    <ExpandablePanel
-      header={{
-        title: (
-          <FormattedMessage
-            id="xpack.securitySolution.flyout.right.visualizations.graphPreview.graphPreviewTitle"
-            defaultMessage="Graph preview"
-          />
-        ),
-        iconType: 'indexMapping',
-      }}
-      data-test-subj={GRAPH_PREVIEW_TEST_ID}
-      content={
-        !graphFetchQuery.isLoading && !graphFetchQuery.isError
-          ? {
-              paddingSize: 'none',
-            }
-          : undefined
-      }
-    >
-      <GraphPreview
-        isLoading={graphFetchQuery.isLoading}
-        isError={graphFetchQuery.isError}
-        data={graphFetchQuery.data}
-      />
-    </ExpandablePanel>
+    isAuditLog && (
+      <ExpandablePanel
+        header={{
+          title: (
+            <FormattedMessage
+              id="xpack.securitySolution.flyout.right.visualizations.graphPreview.graphPreviewTitle"
+              defaultMessage="Graph preview"
+            />
+          ),
+          iconType: 'indexMapping',
+        }}
+        data-test-subj={GRAPH_PREVIEW_TEST_ID}
+        content={
+          !isLoading && !isError
+            ? {
+                paddingSize: 'none',
+              }
+            : undefined
+        }
+      >
+        <GraphPreview isLoading={isLoading} isError={isError} data={data} />
+      </ExpandablePanel>
+    )
   );
 };
 
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/hooks/use_graph_preview.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/hooks/use_graph_preview.test.tsx
index ff6118ec9b743..d12154a390abf 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/right/hooks/use_graph_preview.test.tsx
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/hooks/use_graph_preview.test.tsx
@@ -18,7 +18,7 @@ describe('useGraphPreview', () => {
   it(`should return false when missing actor`, () => {
     const getFieldsData: GetFieldsData = (field: string) => {
       if (field === 'kibana.alert.original_event.id') {
-        return field;
+        return 'eventId';
       }
       return mockFieldData[field];
     };
@@ -35,7 +35,12 @@ describe('useGraphPreview', () => {
       },
     });
 
-    expect(hookResult.result.current.isAuditLog).toEqual(false);
+    const { isAuditLog, timestamp, eventIds, actorIds, action } = hookResult.result.current;
+    expect(isAuditLog).toEqual(false);
+    expect(timestamp).toEqual(mockFieldData['@timestamp'][0]);
+    expect(eventIds).toEqual(['eventId']);
+    expect(actorIds).toEqual([]);
+    expect(action).toEqual(['action']);
   });
 
   it(`should return false when missing event.action`, () => {
@@ -57,7 +62,12 @@ describe('useGraphPreview', () => {
       },
     });
 
-    expect(hookResult.result.current.isAuditLog).toEqual(false);
+    const { isAuditLog, timestamp, eventIds, actorIds, action } = hookResult.result.current;
+    expect(isAuditLog).toEqual(false);
+    expect(timestamp).toEqual(mockFieldData['@timestamp'][0]);
+    expect(eventIds).toEqual(['eventId']);
+    expect(actorIds).toEqual(['actorId']);
+    expect(action).toEqual(undefined);
   });
 
   it(`should return false when missing original_event.id`, () => {
@@ -80,7 +90,45 @@ describe('useGraphPreview', () => {
       },
     });
 
-    expect(hookResult.result.current.isAuditLog).toEqual(false);
+    const { isAuditLog, timestamp, eventIds, actorIds, action } = hookResult.result.current;
+    expect(isAuditLog).toEqual(false);
+    expect(timestamp).toEqual(mockFieldData['@timestamp'][0]);
+    expect(eventIds).toEqual([]);
+    expect(actorIds).toEqual(['actorId']);
+    expect(action).toEqual(['action']);
+  });
+
+  it(`should return false when timestamp is missing`, () => {
+    const getFieldsData: GetFieldsData = (field: string) => {
+      if (field === '@timestamp') {
+        return;
+      } else if (field === 'kibana.alert.original_event.id') {
+        return 'eventId';
+      } else if (field === 'actor.entity.id') {
+        return 'actorId';
+      }
+
+      return mockFieldData[field];
+    };
+
+    hookResult = renderHook((props: UseGraphPreviewParams) => useGraphPreview(props), {
+      initialProps: {
+        getFieldsData,
+        ecsData: {
+          _id: 'id',
+          event: {
+            action: ['action'],
+          },
+        },
+      },
+    });
+
+    const { isAuditLog, timestamp, eventIds, actorIds, action } = hookResult.result.current;
+    expect(isAuditLog).toEqual(false);
+    expect(timestamp).toEqual(null);
+    expect(eventIds).toEqual(['eventId']);
+    expect(actorIds).toEqual(['actorId']);
+    expect(action).toEqual(['action']);
   });
 
   it(`should return true when alert is has graph preview`, () => {
@@ -106,7 +154,12 @@ describe('useGraphPreview', () => {
       },
     });
 
-    expect(hookResult.result.current.isAuditLog).toEqual(true);
+    const { isAuditLog, timestamp, eventIds, actorIds, action } = hookResult.result.current;
+    expect(isAuditLog).toEqual(true);
+    expect(timestamp).toEqual(mockFieldData['@timestamp'][0]);
+    expect(eventIds).toEqual(['eventId']);
+    expect(actorIds).toEqual(['actorId']);
+    expect(action).toEqual(['action']);
   });
 
   it(`should return true when alert is has graph preview with multiple values`, () => {
@@ -132,6 +185,11 @@ describe('useGraphPreview', () => {
       },
     });
 
-    expect(hookResult.result.current.isAuditLog).toEqual(true);
+    const { isAuditLog, timestamp, eventIds, actorIds, action } = hookResult.result.current;
+    expect(isAuditLog).toEqual(true);
+    expect(timestamp).toEqual(mockFieldData['@timestamp'][0]);
+    expect(eventIds).toEqual(['id1', 'id2']);
+    expect(actorIds).toEqual(['actorId1', 'actorId2']);
+    expect(action).toEqual(['action1', 'action2']);
   });
 });
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/hooks/use_graph_preview.ts b/x-pack/plugins/security_solution/public/flyout/document_details/right/hooks/use_graph_preview.ts
index d833c0aa86dbc..bbaeb808c9e2a 100644
--- a/x-pack/plugins/security_solution/public/flyout/document_details/right/hooks/use_graph_preview.ts
+++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/hooks/use_graph_preview.ts
@@ -8,7 +8,7 @@
 import type { EcsSecurityExtension as Ecs } from '@kbn/securitysolution-ecs';
 import { get } from 'lodash/fp';
 import type { GetFieldsData } from '../../shared/hooks/use_get_fields_data';
-import { getFieldArray } from '../../shared/utils';
+import { getField, getFieldArray } from '../../shared/utils';
 
 export interface UseGraphPreviewParams {
   /**
@@ -25,6 +25,11 @@ export interface UseGraphPreviewParams {
  * Interface for the result of the useGraphPreview hook
  */
 export interface UseGraphPreviewResult {
+  /**
+   * The timestamp of the event
+   */
+  timestamp: string | null;
+
   /**
    * Array of event IDs associated with the alert
    */
@@ -38,7 +43,7 @@ export interface UseGraphPreviewResult {
   /**
    * Action associated with the event
    */
-  action: string | undefined;
+  action?: string[];
 
   /**
    * Boolean indicating if the event is an audit log (contains event ids, actor ids and action)
@@ -53,13 +58,15 @@ export const useGraphPreview = ({
   getFieldsData,
   ecsData,
 }: UseGraphPreviewParams): UseGraphPreviewResult => {
+  const timestamp = getField(getFieldsData('@timestamp'));
   const originalEventId = getFieldsData('kibana.alert.original_event.id');
   const eventId = getFieldsData('event.id');
   const eventIds = originalEventId ? getFieldArray(originalEventId) : getFieldArray(eventId);
 
   const actorIds = getFieldArray(getFieldsData('actor.entity.id'));
-  const action = get(['event', 'action'], ecsData);
-  const isAuditLog = actorIds.length > 0 && action?.length > 0 && eventIds.length > 0;
+  const action: string[] | undefined = get(['event', 'action'], ecsData);
+  const isAuditLog =
+    Boolean(timestamp) && actorIds.length > 0 && Boolean(action?.length) && eventIds.length > 0;
 
-  return { eventIds, actorIds, action, isAuditLog };
+  return { timestamp, eventIds, actorIds, action, isAuditLog };
 };
diff --git a/x-pack/plugins/security_solution/public/management/cypress/e2e/artifacts/blocklist.cy.ts b/x-pack/plugins/security_solution/public/management/cypress/e2e/artifacts/blocklist.cy.ts
index f0d3eb96e4581..0b010d2d60099 100644
--- a/x-pack/plugins/security_solution/public/management/cypress/e2e/artifacts/blocklist.cy.ts
+++ b/x-pack/plugins/security_solution/public/management/cypress/e2e/artifacts/blocklist.cy.ts
@@ -41,7 +41,7 @@ const {
 describe(
   'Blocklist',
   {
-    tags: ['@ess', '@serverless'],
+    tags: ['@ess', '@serverless', '@serverlessQA'],
   },
   () => {
     let indexedPolicy: IndexedFleetEndpointPolicyResponse;
diff --git a/x-pack/plugins/security_solution/public/management/cypress/e2e/policy/policy_list.cy.ts b/x-pack/plugins/security_solution/public/management/cypress/e2e/policy/policy_list.cy.ts
index fb258bc04efa8..ee6ff0951d11b 100644
--- a/x-pack/plugins/security_solution/public/management/cypress/e2e/policy/policy_list.cy.ts
+++ b/x-pack/plugins/security_solution/public/management/cypress/e2e/policy/policy_list.cy.ts
@@ -16,7 +16,7 @@ import { createAgentPolicyTask, getEndpointIntegrationVersion } from '../../task
 describe(
   'Policy List',
   {
-    tags: ['@ess', '@serverless'],
+    tags: ['@ess', '@serverless', '@serverlessQA'],
     env: {
       ftrConfig: {
         kbnServerArgs: [
diff --git a/x-pack/plugins/security_solution/public/management/cypress/e2e/response_actions/response_console/release.cy.ts b/x-pack/plugins/security_solution/public/management/cypress/e2e/response_actions/response_console/release.cy.ts
index 5ad7395efbe21..d11b7210713a8 100644
--- a/x-pack/plugins/security_solution/public/management/cypress/e2e/response_actions/response_console/release.cy.ts
+++ b/x-pack/plugins/security_solution/public/management/cypress/e2e/response_actions/response_console/release.cy.ts
@@ -27,8 +27,7 @@ import { enableAllPolicyProtections } from '../../../tasks/endpoint_policy';
 import { createEndpointHost } from '../../../tasks/create_endpoint_host';
 import { deleteAllLoadedEndpointData } from '../../../tasks/delete_all_endpoint_data';
 
-// FLAKY: https://github.com/elastic/kibana/issues/172326
-describe.skip('Response console', { tags: ['@ess', '@serverless'] }, () => {
+describe('Response console', { tags: ['@ess', '@serverless'] }, () => {
   let indexedPolicy: IndexedFleetEndpointPolicyResponse;
   let policy: PolicyData;
   let createdHost: CreateAndEnrollEndpointHostResponse;
diff --git a/x-pack/plugins/security_solution/public/management/cypress/e2e/response_actions/response_console/scan.cy.ts b/x-pack/plugins/security_solution/public/management/cypress/e2e/response_actions/response_console/scan.cy.ts
index 543961ef9900b..04630647ed35f 100644
--- a/x-pack/plugins/security_solution/public/management/cypress/e2e/response_actions/response_console/scan.cy.ts
+++ b/x-pack/plugins/security_solution/public/management/cypress/e2e/response_actions/response_console/scan.cy.ts
@@ -41,8 +41,7 @@ describe(
       login();
     });
 
-    // FLAKY: https://github.com/elastic/kibana/issues/187932
-    describe.skip('Scan operation:', () => {
+    describe('Scan operation:', () => {
       const homeFilePath = Cypress.env('IS_CI') ? '/home/vagrant' : '/home';
 
       const fileContent = 'This is a test file for the scan command.';
diff --git a/x-pack/plugins/security_solution/public/management/cypress/e2e/serverless/feature_access/api/agent_policy_settings_complete.cy.ts b/x-pack/plugins/security_solution/public/management/cypress/e2e/serverless/feature_access/api/agent_policy_settings_complete.cy.ts
index 4b2b4dbf369d2..68f1cd4e5ea63 100644
--- a/x-pack/plugins/security_solution/public/management/cypress/e2e/serverless/feature_access/api/agent_policy_settings_complete.cy.ts
+++ b/x-pack/plugins/security_solution/public/management/cypress/e2e/serverless/feature_access/api/agent_policy_settings_complete.cy.ts
@@ -17,7 +17,7 @@ import { login } from '../../../../tasks/login';
 describe(
   'Agent policy settings API operations on Complete',
   {
-    tags: ['@serverless'],
+    tags: ['@serverless', '@serverlessQA'],
     env: {
       ftrConfig: {
         productTypes: [
diff --git a/x-pack/plugins/security_solution/public/management/cypress/e2e/serverless/feature_access/components/agent_policy_settings_complete.cy.ts b/x-pack/plugins/security_solution/public/management/cypress/e2e/serverless/feature_access/components/agent_policy_settings_complete.cy.ts
index f099ac5da693b..34a09c490bcc3 100644
--- a/x-pack/plugins/security_solution/public/management/cypress/e2e/serverless/feature_access/components/agent_policy_settings_complete.cy.ts
+++ b/x-pack/plugins/security_solution/public/management/cypress/e2e/serverless/feature_access/components/agent_policy_settings_complete.cy.ts
@@ -17,7 +17,7 @@ import {
 describe(
   'Agent Policy Settings - Complete',
   {
-    tags: ['@serverless'],
+    tags: ['@serverless', '@serverlessQA'],
     env: {
       ftrConfig: {
         productTypes: [
diff --git a/x-pack/plugins/security_solution/public/management/cypress/e2e/serverless/feature_access/components/agent_policy_settings_essentials.cy.ts b/x-pack/plugins/security_solution/public/management/cypress/e2e/serverless/feature_access/components/agent_policy_settings_essentials.cy.ts
index 7fdd42ac196bd..8497806e176d2 100644
--- a/x-pack/plugins/security_solution/public/management/cypress/e2e/serverless/feature_access/components/agent_policy_settings_essentials.cy.ts
+++ b/x-pack/plugins/security_solution/public/management/cypress/e2e/serverless/feature_access/components/agent_policy_settings_essentials.cy.ts
@@ -17,7 +17,7 @@ import {
 describe(
   'Agent Policy Settings - Essentials',
   {
-    tags: ['@serverless'],
+    tags: ['@serverless', '@serverlessQA'],
     env: {
       ftrConfig: {
         productTypes: [
diff --git a/x-pack/plugins/security_solution/public/management/cypress/e2e/serverless/feature_access/components/policy_details_endpoint_essentials.cy.ts b/x-pack/plugins/security_solution/public/management/cypress/e2e/serverless/feature_access/components/policy_details_endpoint_essentials.cy.ts
index 5781fbea94880..09fd2cabd36e6 100644
--- a/x-pack/plugins/security_solution/public/management/cypress/e2e/serverless/feature_access/components/policy_details_endpoint_essentials.cy.ts
+++ b/x-pack/plugins/security_solution/public/management/cypress/e2e/serverless/feature_access/components/policy_details_endpoint_essentials.cy.ts
@@ -13,7 +13,7 @@ import { APP_POLICIES_PATH } from '../../../../../../../common/constants';
 describe(
   'When displaying the Policy Details in Endpoint Essentials PLI',
   {
-    tags: ['@serverless'],
+    tags: ['@serverless', '@serverlessQA'],
     env: {
       ftrConfig: {
         productTypes: [
diff --git a/x-pack/plugins/security_solution/public/plugin.tsx b/x-pack/plugins/security_solution/public/plugin.tsx
index 17f1ba842f8cb..b20e645d71c2c 100644
--- a/x-pack/plugins/security_solution/public/plugin.tsx
+++ b/x-pack/plugins/security_solution/public/plugin.tsx
@@ -256,8 +256,9 @@ export class Plugin implements IPlugin<PluginSetup, PluginStart, SetupPlugins, S
     plugins: StartPlugins
   ): Promise<StartedSubPlugins> {
     const subPlugins = await this.createSubPlugins();
+    const alerts = await subPlugins.alerts.start(storage, plugins);
     return {
-      alerts: subPlugins.alerts.start(storage),
+      alerts,
       attackDiscovery: subPlugins.attackDiscovery.start(),
       cases: subPlugins.cases.start(),
       cloudDefend: subPlugins.cloudDefend.start(),
diff --git a/x-pack/plugins/security_solution/public/timelines/containers/local_storage/migrate_alert_page_contorls.test.ts b/x-pack/plugins/security_solution/public/timelines/containers/local_storage/migrate_alert_page_contorls.test.ts
index 575d5bcd6dab3..de0e085fb4ed9 100644
--- a/x-pack/plugins/security_solution/public/timelines/containers/local_storage/migrate_alert_page_contorls.test.ts
+++ b/x-pack/plugins/security_solution/public/timelines/containers/local_storage/migrate_alert_page_contorls.test.ts
@@ -7,9 +7,10 @@
 
 import { Storage } from '@kbn/kibana-utils-plugin/public';
 import {
-  PAGE_FILTER_STORAGE_KEY,
+  GET_PAGE_FILTER_STORAGE_KEY,
   migrateAlertPageControlsTo816,
 } from './migrate_alert_page_controls';
+import type { StartPlugins } from '../../../types';
 
 const OLD_FORMAT = {
   viewMode: 'view',
@@ -216,40 +217,94 @@ const NEW_FORMAT = {
 };
 const storage = new Storage(localStorage);
 
+const mockPlugins = {
+  spaces: {
+    getActiveSpace: jest.fn().mockResolvedValue({ id: 'default' }),
+  },
+} as unknown as StartPlugins;
+
 describe('migrateAlertPageControlsTo816', () => {
   beforeEach(() => {
     storage.clear();
   });
-  it('should migrate the old format to the new format', () => {
-    storage.set(PAGE_FILTER_STORAGE_KEY, OLD_FORMAT);
-    migrateAlertPageControlsTo816(storage);
-    const migrated = storage.get(PAGE_FILTER_STORAGE_KEY);
-    expect(migrated).toMatchObject(NEW_FORMAT);
-  });
+  describe('Default space', () => {
+    beforeEach(() => {
+      if (mockPlugins.spaces?.getActiveSpace) {
+        mockPlugins.spaces.getActiveSpace = jest.fn().mockResolvedValue({ id: 'default' });
+      }
+    });
+    it('should migrate the old format to the new format', async () => {
+      storage.set(GET_PAGE_FILTER_STORAGE_KEY(), OLD_FORMAT);
+      await migrateAlertPageControlsTo816(storage, mockPlugins);
+      const migrated = storage.get(GET_PAGE_FILTER_STORAGE_KEY());
+      expect(migrated).toMatchObject(NEW_FORMAT);
+    });
 
-  it('should be a no-op if the new format already exists', () => {
-    storage.set(PAGE_FILTER_STORAGE_KEY, NEW_FORMAT);
-    migrateAlertPageControlsTo816(storage);
-    const migrated = storage.get(PAGE_FILTER_STORAGE_KEY);
-    expect(migrated).toMatchObject(NEW_FORMAT);
-  });
+    it('should be a no-op if the new format already exists', async () => {
+      storage.set(GET_PAGE_FILTER_STORAGE_KEY(), NEW_FORMAT);
+      await migrateAlertPageControlsTo816(storage, mockPlugins);
+      const migrated = storage.get(GET_PAGE_FILTER_STORAGE_KEY());
+      expect(migrated).toMatchObject(NEW_FORMAT);
+    });
 
-  it('should be a no-op if no value is present in localstorage for page filters ', () => {
-    migrateAlertPageControlsTo816(storage);
-    const migrated = storage.get(PAGE_FILTER_STORAGE_KEY);
-    expect(migrated).toBeNull();
+    it('should be a no-op if no value is present in localstorage for page filters ', async () => {
+      await migrateAlertPageControlsTo816(storage, mockPlugins);
+      const migrated = storage.get(GET_PAGE_FILTER_STORAGE_KEY());
+      expect(migrated).toBeNull();
+    });
+
+    it('should convert custom old format correctly', async () => {
+      const MODIFIED_OLD_FORMAT = structuredClone(OLD_FORMAT);
+      MODIFIED_OLD_FORMAT.panels['0'].explicitInput.hideExists = true;
+      MODIFIED_OLD_FORMAT.chainingSystem = 'NONE';
+      storage.set(GET_PAGE_FILTER_STORAGE_KEY(), MODIFIED_OLD_FORMAT);
+      await migrateAlertPageControlsTo816(storage, mockPlugins);
+      const migrated = storage.get(GET_PAGE_FILTER_STORAGE_KEY());
+      const EXPECTED_NEW_FORMAT = structuredClone(NEW_FORMAT);
+      EXPECTED_NEW_FORMAT.initialChildControlState['0'].hideExists = true;
+      EXPECTED_NEW_FORMAT.chainingSystem = 'NONE';
+      expect(migrated).toMatchObject(EXPECTED_NEW_FORMAT);
+    });
   });
 
-  it('should convert custom old format correctly', () => {
-    const MODIFIED_OLD_FORMAT = structuredClone(OLD_FORMAT);
-    MODIFIED_OLD_FORMAT.panels['0'].explicitInput.hideExists = true;
-    MODIFIED_OLD_FORMAT.chainingSystem = 'NONE';
-    storage.set(PAGE_FILTER_STORAGE_KEY, MODIFIED_OLD_FORMAT);
-    migrateAlertPageControlsTo816(storage);
-    const migrated = storage.get(PAGE_FILTER_STORAGE_KEY);
-    const EXPECTED_NEW_FORMAT = structuredClone(NEW_FORMAT);
-    EXPECTED_NEW_FORMAT.initialChildControlState['0'].hideExists = true;
-    EXPECTED_NEW_FORMAT.chainingSystem = 'NONE';
-    expect(migrated).toMatchObject(EXPECTED_NEW_FORMAT);
+  describe('Non Default space', () => {
+    const nonDefaultSpaceId = 'space1';
+    beforeEach(() => {
+      if (mockPlugins.spaces?.getActiveSpace) {
+        mockPlugins.spaces.getActiveSpace = jest.fn().mockResolvedValue({ id: nonDefaultSpaceId });
+      }
+    });
+    it('should migrate the old format to the new format', async () => {
+      storage.set(GET_PAGE_FILTER_STORAGE_KEY(nonDefaultSpaceId), OLD_FORMAT);
+      await migrateAlertPageControlsTo816(storage, mockPlugins);
+      const migrated = storage.get(GET_PAGE_FILTER_STORAGE_KEY(nonDefaultSpaceId));
+      expect(migrated).toMatchObject(NEW_FORMAT);
+    });
+
+    it('should be a no-op if the new format already exists', async () => {
+      storage.set(GET_PAGE_FILTER_STORAGE_KEY(nonDefaultSpaceId), NEW_FORMAT);
+      await migrateAlertPageControlsTo816(storage, mockPlugins);
+      const migrated = storage.get(GET_PAGE_FILTER_STORAGE_KEY(nonDefaultSpaceId));
+      expect(migrated).toMatchObject(NEW_FORMAT);
+    });
+
+    it('should be a no-op if no value is present in localstorage for page filters ', async () => {
+      await migrateAlertPageControlsTo816(storage, mockPlugins);
+      const migrated = storage.get(GET_PAGE_FILTER_STORAGE_KEY(nonDefaultSpaceId));
+      expect(migrated).toBeNull();
+    });
+
+    it('should convert custom old format correctly', async () => {
+      const MODIFIED_OLD_FORMAT = structuredClone(OLD_FORMAT);
+      MODIFIED_OLD_FORMAT.panels['0'].explicitInput.hideExists = true;
+      MODIFIED_OLD_FORMAT.chainingSystem = 'NONE';
+      storage.set(GET_PAGE_FILTER_STORAGE_KEY(nonDefaultSpaceId), MODIFIED_OLD_FORMAT);
+      await migrateAlertPageControlsTo816(storage, mockPlugins);
+      const migrated = storage.get(GET_PAGE_FILTER_STORAGE_KEY(nonDefaultSpaceId));
+      const EXPECTED_NEW_FORMAT = structuredClone(NEW_FORMAT);
+      EXPECTED_NEW_FORMAT.initialChildControlState['0'].hideExists = true;
+      EXPECTED_NEW_FORMAT.chainingSystem = 'NONE';
+      expect(migrated).toMatchObject(EXPECTED_NEW_FORMAT);
+    });
   });
 });
diff --git a/x-pack/plugins/security_solution/public/timelines/containers/local_storage/migrate_alert_page_controls.ts b/x-pack/plugins/security_solution/public/timelines/containers/local_storage/migrate_alert_page_controls.ts
index ac46d42035155..7152ef7738bcc 100644
--- a/x-pack/plugins/security_solution/public/timelines/containers/local_storage/migrate_alert_page_controls.ts
+++ b/x-pack/plugins/security_solution/public/timelines/containers/local_storage/migrate_alert_page_controls.ts
@@ -7,8 +7,10 @@
 
 import type { DefaultControlState, ControlGroupRuntimeState } from '@kbn/controls-plugin/common';
 import type { Storage } from '@kbn/kibana-utils-plugin/public';
+import type { StartPlugins } from '../../../types';
 
-export const PAGE_FILTER_STORAGE_KEY = 'siem.default.pageFilters';
+export const GET_PAGE_FILTER_STORAGE_KEY = (spaceId: string = 'default') =>
+  `siem.${spaceId}.pageFilters`;
 
 interface OldFormat {
   viewMode: string;
@@ -96,8 +98,11 @@ interface NewFormatExplicitInput {
  * This migration script is to migrate the old format to the new format.
  *
  */
-export function migrateAlertPageControlsTo816(storage: Storage) {
-  const oldFormat: OldFormat = storage.get(PAGE_FILTER_STORAGE_KEY);
+export async function migrateAlertPageControlsTo816(storage: Storage, plugins: StartPlugins) {
+  const space = await plugins.spaces?.getActiveSpace();
+  const spaceId = space?.id ?? 'default';
+  const storageKey = GET_PAGE_FILTER_STORAGE_KEY(spaceId);
+  const oldFormat: OldFormat = storage.get(GET_PAGE_FILTER_STORAGE_KEY(spaceId));
   if (oldFormat && Object.keys(oldFormat).includes('panels')) {
     // Only run when it is old format
     const newFormat: ControlGroupRuntimeState<NewFormatExplicitInput & DefaultControlState> = {
@@ -131,6 +136,6 @@ export function migrateAlertPageControlsTo816(storage: Storage) {
       };
     }
 
-    storage.set(PAGE_FILTER_STORAGE_KEY, newFormat);
+    storage.set(storageKey, newFormat);
   }
 }
diff --git a/x-pack/plugins/security_solution/public/types.ts b/x-pack/plugins/security_solution/public/types.ts
index 55fce6a46dba8..6642e02d5ecd6 100644
--- a/x-pack/plugins/security_solution/public/types.ts
+++ b/x-pack/plugins/security_solution/public/types.ts
@@ -248,7 +248,7 @@ export interface SubPlugins {
 // TODO: find a better way to defined these types
 export interface StartedSubPlugins {
   [CASES_SUB_PLUGIN_KEY]: ReturnType<Cases['start']>;
-  alerts: ReturnType<Detections['start']>;
+  alerts: Awaited<ReturnType<Detections['start']>>;
   attackDiscovery: ReturnType<AttackDiscovery['start']>;
   cloudDefend: ReturnType<CloudDefend['start']>;
   cloudSecurityPosture: ReturnType<CloudSecurityPosture['start']>;
diff --git a/x-pack/plugins/security_solution/server/assistant/tools/index.test.ts b/x-pack/plugins/security_solution/server/assistant/tools/index.test.ts
deleted file mode 100644
index 70d0daea037ed..0000000000000
--- a/x-pack/plugins/security_solution/server/assistant/tools/index.test.ts
+++ /dev/null
@@ -1,22 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { getAssistantTools } from '.';
-
-describe('getAssistantTools', () => {
-  beforeEach(() => {
-    jest.clearAllMocks();
-  });
-
-  it('should return an array of applicable tools', () => {
-    const tools = getAssistantTools({});
-
-    const minExpectedTools = 3; // 3 tools are currently implemented
-
-    expect(tools.length).toBeGreaterThanOrEqual(minExpectedTools);
-  });
-});
diff --git a/x-pack/plugins/security_solution/server/assistant/tools/index.ts b/x-pack/plugins/security_solution/server/assistant/tools/index.ts
index 1b6e90eb7280f..9bb85f5beedae 100644
--- a/x-pack/plugins/security_solution/server/assistant/tools/index.ts
+++ b/x-pack/plugins/security_solution/server/assistant/tools/index.ts
@@ -14,22 +14,11 @@ import { KNOWLEDGE_BASE_RETRIEVAL_TOOL } from './knowledge_base/knowledge_base_r
 import { KNOWLEDGE_BASE_WRITE_TOOL } from './knowledge_base/knowledge_base_write_tool';
 import { SECURITY_LABS_KNOWLEDGE_BASE_TOOL } from './security_labs/security_labs_tool';
 
-export const getAssistantTools = ({
-  assistantKnowledgeBaseByDefault,
-}: {
-  assistantKnowledgeBaseByDefault?: boolean;
-}): AssistantTool[] => {
-  const tools = [
-    ALERT_COUNTS_TOOL,
-    NL_TO_ESQL_TOOL,
-    KNOWLEDGE_BASE_RETRIEVAL_TOOL,
-    KNOWLEDGE_BASE_WRITE_TOOL,
-    OPEN_AND_ACKNOWLEDGED_ALERTS_TOOL,
-  ];
-
-  if (assistantKnowledgeBaseByDefault) {
-    tools.push(SECURITY_LABS_KNOWLEDGE_BASE_TOOL);
-  }
-
-  return tools;
-};
+export const assistantTools: AssistantTool[] = [
+  ALERT_COUNTS_TOOL,
+  NL_TO_ESQL_TOOL,
+  KNOWLEDGE_BASE_RETRIEVAL_TOOL,
+  KNOWLEDGE_BASE_WRITE_TOOL,
+  OPEN_AND_ACKNOWLEDGED_ALERTS_TOOL,
+  SECURITY_LABS_KNOWLEDGE_BASE_TOOL,
+];
diff --git a/x-pack/plugins/security_solution/server/assistant/tools/knowledge_base/knowledge_base_write_tool.ts b/x-pack/plugins/security_solution/server/assistant/tools/knowledge_base/knowledge_base_write_tool.ts
index 3ae47afbf05bf..c46e6a364b873 100644
--- a/x-pack/plugins/security_solution/server/assistant/tools/knowledge_base/knowledge_base_write_tool.ts
+++ b/x-pack/plugins/security_solution/server/assistant/tools/knowledge_base/knowledge_base_write_tool.ts
@@ -11,7 +11,6 @@ import type { AssistantTool, AssistantToolParams } from '@kbn/elastic-assistant-
 import type { AIAssistantKnowledgeBaseDataClient } from '@kbn/elastic-assistant-plugin/server/ai_assistant_data_clients/knowledge_base';
 import { DocumentEntryType } from '@kbn/elastic-assistant-common';
 import type { KnowledgeBaseEntryCreateProps } from '@kbn/elastic-assistant-common';
-import type { LegacyKnowledgeBaseEntryCreateProps } from '@kbn/elastic-assistant-plugin/server/ai_assistant_data_clients/knowledge_base/create_knowledge_base_entry';
 import type { AnalyticsServiceSetup } from '@kbn/core-analytics-server';
 import { APP_UI_ID } from '../../../../common';
 
@@ -59,24 +58,14 @@ export const KNOWLEDGE_BASE_WRITE_TOOL: AssistantTool = {
           () => `KnowledgeBaseWriteToolParams:input\n ${JSON.stringify(input, null, 2)}`
         );
 
-        // Backwards compatibility with v1 schema since this feature is technically supported in `8.15`
-        const knowledgeBaseEntry:
-          | KnowledgeBaseEntryCreateProps
-          | LegacyKnowledgeBaseEntryCreateProps = kbDataClient.isV2KnowledgeBaseEnabled
-          ? {
-              name: input.name,
-              kbResource: 'user',
-              source: 'conversation',
-              required: input.required,
-              text: input.query,
-              type: DocumentEntryType.value,
-            }
-          : {
-              type: DocumentEntryType.value,
-              name: 'unknown',
-              metadata: { kbResource: 'user', source: 'conversation', required: input.required },
-              text: input.query,
-            };
+        const knowledgeBaseEntry: KnowledgeBaseEntryCreateProps = {
+          name: input.name,
+          kbResource: 'user',
+          source: 'conversation',
+          required: input.required,
+          text: input.query,
+          type: DocumentEntryType.value,
+        };
 
         logger.debug(() => `knowledgeBaseEntry\n ${JSON.stringify(knowledgeBaseEntry, null, 2)}`);
         const resp = await kbDataClient.createKnowledgeBaseEntry({ knowledgeBaseEntry, telemetry });
diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/actions/audit_log.test.ts b/x-pack/plugins/security_solution/server/endpoint/routes/actions/audit_log.test.ts
deleted file mode 100644
index 71b891505860d..0000000000000
--- a/x-pack/plugins/security_solution/server/endpoint/routes/actions/audit_log.test.ts
+++ /dev/null
@@ -1,378 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import type { KibanaResponseFactory } from '@kbn/core/server';
-import {
-  coreMock,
-  elasticsearchServiceMock,
-  httpServerMock,
-  httpServiceMock,
-  savedObjectsClientMock,
-} from '@kbn/core/server/mocks';
-import { ENDPOINT_ACTION_LOG_ROUTE } from '../../../../common/endpoint/constants';
-import { EndpointAppContextService } from '../../endpoint_app_context_services';
-import {
-  createMockEndpointAppContext,
-  createMockEndpointAppContextServiceSetupContract,
-  createMockEndpointAppContextServiceStartContract,
-  createRouteHandlerContext,
-  getRegisteredVersionedRouteMock,
-} from '../../mocks';
-import { registerActionAuditLogRoutes } from './audit_log';
-import { v4 as uuidv4 } from 'uuid';
-import type { Results } from './mocks';
-import { mockAuditLogSearchResult } from './mocks';
-import type { SecuritySolutionRequestHandlerContext } from '../../../types';
-import type {
-  ActivityLog,
-  EndpointAction,
-  EndpointActionResponse,
-} from '../../../../common/endpoint/types';
-import { FleetActionGenerator } from '../../../../common/endpoint/data_generators/fleet_action_generator';
-import { EndpointActionGenerator } from '../../../../common/endpoint/data_generators/endpoint_action_generator';
-import type {
-  EndpointActionLogRequestParams,
-  EndpointActionLogRequestQuery,
-} from '../../../../common/api/endpoint';
-import { EndpointActionLogRequestSchema } from '../../../../common/api/endpoint';
-
-describe('Action Log API', () => {
-  describe('schema', () => {
-    it('should require at least 1 agent ID', () => {
-      expect(() => {
-        EndpointActionLogRequestSchema.params.validate({}); // no agent_ids provided
-      }).toThrow();
-    });
-
-    it('should accept a single agent ID', () => {
-      expect(() => {
-        EndpointActionLogRequestSchema.params.validate({ agent_id: uuidv4() });
-      }).not.toThrow();
-    });
-
-    it('should not work when no params while requesting with query params', () => {
-      expect(() => {
-        EndpointActionLogRequestSchema.query.validate({});
-      }).toThrow();
-    });
-
-    it('should work with all required query params', () => {
-      expect(() => {
-        EndpointActionLogRequestSchema.query.validate({
-          page: 10,
-          page_size: 100,
-          start_date: new Date(new Date().setDate(new Date().getDate() - 1)).toISOString(), // yesterday
-          end_date: new Date().toISOString(), // today
-        });
-      }).not.toThrow();
-    });
-
-    it('should not work without endDate', () => {
-      expect(() => {
-        EndpointActionLogRequestSchema.query.validate({
-          page: 1,
-          page_size: 100,
-          start_date: new Date(new Date().setDate(new Date().getDate() - 1)).toISOString(), // yesterday
-        });
-      }).toThrow();
-    });
-
-    it('should not work without startDate', () => {
-      expect(() => {
-        EndpointActionLogRequestSchema.query.validate({
-          page: 1,
-          page_size: 100,
-          end_date: new Date().toISOString(), // today
-        });
-      }).toThrow();
-    });
-
-    it('should not work without allowed page and page_size params', () => {
-      expect(() => {
-        EndpointActionLogRequestSchema.query.validate({ page_size: 101 });
-      }).toThrow();
-    });
-  });
-
-  describe('response', () => {
-    const mockAgentID = 'XYZABC-000';
-    let endpointAppContextService: EndpointAppContextService;
-    const fleetActionGenerator = new FleetActionGenerator('seed');
-    const endpointActionGenerator = new EndpointActionGenerator('seed');
-
-    // convenience for calling the route and handler for audit log
-    let getActivityLog: (
-      params: EndpointActionLogRequestParams,
-      query?: EndpointActionLogRequestQuery
-    ) => Promise<jest.Mocked<KibanaResponseFactory>>;
-
-    // convenience for injecting mock action requests and responses
-    // for .logs-endpoint and .fleet indices
-    let mockActions: ({
-      numActions,
-      hasFleetActions,
-      hasFleetResponses,
-      hasResponses,
-    }: {
-      numActions: number;
-      hasFleetActions?: boolean;
-      hasFleetResponses?: boolean;
-      hasResponses?: boolean;
-    }) => void;
-
-    let havingErrors: () => void;
-
-    beforeEach(() => {
-      const esClientMock = elasticsearchServiceMock.createScopedClusterClient();
-      const routerMock = httpServiceMock.createRouter();
-      endpointAppContextService = new EndpointAppContextService();
-      endpointAppContextService.setup(createMockEndpointAppContextServiceSetupContract());
-      endpointAppContextService.start(createMockEndpointAppContextServiceStartContract());
-
-      registerActionAuditLogRoutes(routerMock, createMockEndpointAppContext());
-
-      getActivityLog = async (
-        params: { agent_id: string },
-        query?: { page: number; page_size: number; start_date?: string; end_date?: string }
-      ): Promise<jest.Mocked<KibanaResponseFactory>> => {
-        const req = httpServerMock.createKibanaRequest({
-          params,
-          query,
-        });
-
-        const mockResponse = httpServerMock.createResponseFactory();
-        const { routeHandler } = getRegisteredVersionedRouteMock(
-          routerMock,
-          'get',
-          ENDPOINT_ACTION_LOG_ROUTE,
-          '2023-10-31'
-        );
-
-        await routeHandler(
-          coreMock.createCustomRequestHandlerContext(
-            createRouteHandlerContext(esClientMock, savedObjectsClientMock.create())
-          ) as SecuritySolutionRequestHandlerContext,
-          req,
-          mockResponse
-        );
-
-        return mockResponse;
-      };
-
-      // some arbitrary ids for needed actions
-      const getMockActionIds = (numAction: number): string[] => {
-        return [...Array(numAction).keys()].map(() => Math.random().toString(36).split('.')[1]);
-      };
-
-      // create as many actions as needed
-      const getEndpointActionsData = (actionIds: string[]) => {
-        const data = actionIds.map((actionId) =>
-          endpointActionGenerator.generate({
-            agent: { id: mockAgentID },
-            EndpointActions: {
-              action_id: actionId,
-            },
-          })
-        );
-        return data;
-      };
-      // create as many responses as needed
-      const getEndpointResponseData = (actionIds: string[]) => {
-        const data = actionIds.map((actionId) =>
-          endpointActionGenerator.generateResponse({
-            agent: { id: mockAgentID },
-            EndpointActions: {
-              action_id: actionId,
-            },
-          })
-        );
-        return data;
-      };
-      // create as many fleet actions as needed
-      const getFleetResponseData = (actionIds: string[]) => {
-        const data = actionIds.map((actionId) =>
-          fleetActionGenerator.generateResponse({
-            agent_id: mockAgentID,
-            action_id: actionId,
-          })
-        );
-        return data;
-      };
-      // create as many fleet responses as needed
-      const getFleetActionData = (actionIds: string[]) => {
-        const data = actionIds.map((actionId) =>
-          fleetActionGenerator.generate({
-            agents: [mockAgentID],
-            action_id: actionId,
-            data: {
-              comment: 'some comment',
-            },
-          })
-        );
-        return data;
-      };
-
-      // mock actions and responses results in a single response
-      mockActions = ({
-        numActions,
-        hasFleetActions = false,
-        hasFleetResponses = false,
-        hasResponses = false,
-      }: {
-        numActions: number;
-        hasFleetActions?: boolean;
-        hasFleetResponses?: boolean;
-        hasResponses?: boolean;
-      }) => {
-        // @ts-expect-error incomplete types
-        esClientMock.asInternalUser.search.mockResponseImplementationOnce(() => {
-          let actions: Results[] = [];
-          let fleetActions: Results[] = [];
-          let responses: Results[] = [];
-          let fleetResponses: Results[] = [];
-
-          const actionIds = getMockActionIds(numActions);
-
-          actions = getEndpointActionsData(actionIds).map((e) => ({
-            _index: '.ds-.logs-endpoint.actions-default-2021.19.10-000001',
-            _source: e,
-          }));
-
-          if (hasFleetActions) {
-            fleetActions = getFleetActionData(actionIds).map((e) => ({
-              _index: '.fleet-actions-7',
-              _source: e,
-            }));
-          }
-
-          if (hasFleetResponses) {
-            fleetResponses = getFleetResponseData(actionIds).map((e) => ({
-              _index: '.ds-.fleet-actions-results-2021.19.10-000001',
-              _source: e,
-            }));
-          }
-
-          if (hasResponses) {
-            responses = getEndpointResponseData(actionIds).map((e) => ({
-              _index: '.ds-.logs-endpoint.action.responses-default-2021.19.10-000001',
-              _source: e,
-            }));
-          }
-
-          const results = mockAuditLogSearchResult([
-            ...actions,
-            ...fleetActions,
-            ...responses,
-            ...fleetResponses,
-          ]);
-
-          return results;
-        });
-      };
-
-      havingErrors = () => {
-        esClientMock.asInternalUser.search.mockImplementationOnce(() =>
-          // @ts-expect-error wrong definition
-          Promise.resolve(() => {
-            throw new Error();
-          })
-        );
-      };
-    });
-
-    afterEach(() => {
-      endpointAppContextService.stop();
-    });
-
-    it('should return an empty array when nothing in audit log', async () => {
-      mockActions({ numActions: 0 });
-
-      const response = await getActivityLog({ agent_id: mockAgentID });
-      expect(response.ok).toBeCalled();
-      expect((response.ok.mock.calls[0][0]?.body as ActivityLog).data).toHaveLength(0);
-    });
-
-    it('should return fleet actions, fleet responses and endpoint responses', async () => {
-      mockActions({
-        numActions: 2,
-        hasFleetActions: true,
-        hasFleetResponses: true,
-        hasResponses: true,
-      });
-
-      const response = await getActivityLog({ agent_id: mockAgentID });
-      const responseBody = response.ok.mock.calls[0][0]?.body as ActivityLog;
-      expect(response.ok).toBeCalled();
-      expect(responseBody.data).toHaveLength(6);
-
-      expect(
-        responseBody.data.filter((e) => (e.item.data as EndpointActionResponse).completed_at)
-      ).toHaveLength(2);
-      expect(
-        responseBody.data.filter((e) => (e.item.data as EndpointAction).expiration)
-      ).toHaveLength(2);
-    });
-
-    it('should return only fleet actions and no responses', async () => {
-      mockActions({ numActions: 2, hasFleetActions: true });
-
-      const response = await getActivityLog({ agent_id: mockAgentID });
-      const responseBody = response.ok.mock.calls[0][0]?.body as ActivityLog;
-      expect(response.ok).toBeCalled();
-      expect(responseBody.data).toHaveLength(2);
-
-      expect(
-        responseBody.data.filter((e) => (e.item.data as EndpointAction).expiration)
-      ).toHaveLength(2);
-    });
-
-    it('should only have fleet data', async () => {
-      mockActions({ numActions: 2, hasFleetActions: true, hasFleetResponses: true });
-
-      const response = await getActivityLog({ agent_id: mockAgentID });
-      const responseBody = response.ok.mock.calls[0][0]?.body as ActivityLog;
-      expect(response.ok).toBeCalled();
-      expect(responseBody.data).toHaveLength(4);
-
-      expect(
-        responseBody.data.filter((e) => (e.item.data as EndpointAction).expiration)
-      ).toHaveLength(2);
-      expect(
-        responseBody.data.filter((e) => (e.item.data as EndpointActionResponse).completed_at)
-      ).toHaveLength(2);
-    });
-
-    it('should throw errors when no results for some agentID', async () => {
-      havingErrors();
-
-      try {
-        await getActivityLog({ agent_id: mockAgentID });
-      } catch (error) {
-        expect(error.message).toEqual(`Error fetching actions log for agent_id ${mockAgentID}`);
-      }
-    });
-
-    it('should return date ranges if present in the query', async () => {
-      mockActions({ numActions: 0 });
-
-      const startDate = new Date(new Date().setDate(new Date().getDate() - 1)).toISOString();
-      const endDate = new Date().toISOString();
-      const response = await getActivityLog(
-        { agent_id: mockAgentID },
-        {
-          page: 1,
-          page_size: 50,
-          start_date: startDate,
-          end_date: endDate,
-        }
-      );
-      expect(response.ok).toBeCalled();
-      expect((response.ok.mock.calls[0][0]?.body as ActivityLog).startDate).toEqual(startDate);
-      expect((response.ok.mock.calls[0][0]?.body as ActivityLog).endDate).toEqual(endDate);
-    });
-  });
-});
diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/actions/audit_log.ts b/x-pack/plugins/security_solution/server/endpoint/routes/actions/audit_log.ts
deleted file mode 100644
index 8ba1de0bb70d9..0000000000000
--- a/x-pack/plugins/security_solution/server/endpoint/routes/actions/audit_log.ts
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { EndpointActionLogRequestSchema } from '../../../../common/api/endpoint';
-import { ENDPOINT_ACTION_LOG_ROUTE } from '../../../../common/endpoint/constants';
-import { auditLogRequestHandler } from './audit_log_handler';
-
-import type { SecuritySolutionPluginRouter } from '../../../types';
-import type { EndpointAppContext } from '../../types';
-import { withEndpointAuthz } from '../with_endpoint_authz';
-
-/**
- * Registers the endpoint activity_log route
- * @deprecated
- * @removeBy 9.0.0
- *
- */
-export function registerActionAuditLogRoutes(
-  router: SecuritySolutionPluginRouter,
-  endpointContext: EndpointAppContext
-) {
-  router.versioned
-    .get({
-      access: 'public',
-      path: ENDPOINT_ACTION_LOG_ROUTE,
-      security: {
-        authz: {
-          requiredPrivileges: ['securitySolution'],
-        },
-      },
-      options: { authRequired: true },
-    })
-    .addVersion(
-      {
-        version: '2023-10-31',
-        validate: {
-          request: EndpointActionLogRequestSchema,
-        },
-      },
-      withEndpointAuthz(
-        { all: ['canIsolateHost'] },
-        endpointContext.logFactory.get('hostIsolationLogs'),
-        auditLogRequestHandler(endpointContext)
-      )
-    );
-}
diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/actions/audit_log_handler.ts b/x-pack/plugins/security_solution/server/endpoint/routes/actions/audit_log_handler.ts
deleted file mode 100644
index ac6243735fdba..0000000000000
--- a/x-pack/plugins/security_solution/server/endpoint/routes/actions/audit_log_handler.ts
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import type { RequestHandler } from '@kbn/core/server';
-import type {
-  EndpointActionLogRequestParams,
-  EndpointActionLogRequestQuery,
-} from '../../../../common/api/endpoint';
-import type { SecuritySolutionRequestHandlerContext } from '../../../types';
-import { getAuditLogResponse } from '../../services/actions/actions_audit_log';
-import type { EndpointAppContext } from '../../types';
-
-export const auditLogRequestHandler = (
-  endpointContext: EndpointAppContext
-): RequestHandler<
-  EndpointActionLogRequestParams,
-  EndpointActionLogRequestQuery,
-  unknown,
-  SecuritySolutionRequestHandlerContext
-> => {
-  const logger = endpointContext.logFactory.get('audit_log');
-
-  return async (context, req, res) => {
-    const {
-      params: { agent_id: elasticAgentId },
-      query: { page, page_size: pageSize, start_date: startDate, end_date: endDate },
-    } = req;
-
-    const body = await getAuditLogResponse({
-      elasticAgentId,
-      page,
-      pageSize,
-      startDate,
-      endDate,
-      context,
-      logger,
-    });
-    return res.ok({
-      body,
-    });
-  };
-};
diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/actions/index.ts b/x-pack/plugins/security_solution/server/endpoint/routes/actions/index.ts
index 6587a6446a52c..96e90e37e24cb 100644
--- a/x-pack/plugins/security_solution/server/endpoint/routes/actions/index.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/routes/actions/index.ts
@@ -12,7 +12,6 @@ import type { SecuritySolutionPluginRouter } from '../../../types';
 import type { EndpointAppContext } from '../../types';
 import { registerActionStatusRoutes } from './status';
 import { registerActionStateRoutes } from './state';
-import { registerActionAuditLogRoutes } from './audit_log';
 import { registerActionListRoutes } from './list';
 import { registerResponseActionRoutes } from './response_actions';
 
@@ -25,7 +24,6 @@ export function registerActionRoutes(
 ) {
   registerActionStatusRoutes(router, endpointContext);
   registerActionStateRoutes(router, endpointContext, canEncrypt);
-  registerActionAuditLogRoutes(router, endpointContext);
   registerActionListRoutes(router, endpointContext);
   registerActionDetailsRoutes(router, endpointContext);
   registerResponseActionRoutes(router, endpointContext);
diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/actions/response_actions.test.ts b/x-pack/plugins/security_solution/server/endpoint/routes/actions/response_actions.test.ts
index b3011005a8b76..7a3c3fe0162f1 100644
--- a/x-pack/plugins/security_solution/server/endpoint/routes/actions/response_actions.test.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/routes/actions/response_actions.test.ts
@@ -28,12 +28,10 @@ import {
   EXECUTE_ROUTE,
   GET_FILE_ROUTE,
   GET_PROCESSES_ROUTE,
-  ISOLATE_HOST_ROUTE,
   ISOLATE_HOST_ROUTE_V2,
   KILL_PROCESS_ROUTE,
   SCAN_ROUTE,
   SUSPEND_PROCESS_ROUTE,
-  UNISOLATE_HOST_ROUTE,
   UNISOLATE_HOST_ROUTE_V2,
   UPLOAD_ROUTE,
 } from '../../../../common/endpoint/constants';
@@ -245,28 +243,6 @@ describe('Response actions', () => {
       getActionDetailsByIdSpy.mockClear();
     });
 
-    it('correctly redirects legacy isolate to new route', async () => {
-      await callRoute(ISOLATE_HOST_ROUTE, {
-        body: { endpoint_ids: ['XYZ'] },
-        version: '2023-10-31',
-      });
-      expect(mockResponse.custom).toBeCalled();
-      const response = mockResponse.custom.mock.calls[0][0];
-      expect(response.statusCode).toEqual(308);
-      expect(response.headers?.location).toEqual(ISOLATE_HOST_ROUTE_V2);
-    });
-
-    it('correctly redirects legacy release to new route', async () => {
-      await callRoute(UNISOLATE_HOST_ROUTE, {
-        body: { endpoint_ids: ['XYZ'] },
-        version: '2023-10-31',
-      });
-      expect(mockResponse.custom).toBeCalled();
-      const response = mockResponse.custom.mock.calls[0][0];
-      expect(response.statusCode).toEqual(308);
-      expect(response.headers?.location).toEqual(UNISOLATE_HOST_ROUTE_V2);
-    });
-
     it('succeeds when an endpoint ID is provided', async () => {
       await callRoute(ISOLATE_HOST_ROUTE_V2, {
         body: { endpoint_ids: ['XYZ'] },
diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/actions/response_actions.ts b/x-pack/plugins/security_solution/server/endpoint/routes/actions/response_actions.ts
index 0fc90c7589b99..0c0d1f8a167de 100644
--- a/x-pack/plugins/security_solution/server/endpoint/routes/actions/response_actions.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/routes/actions/response_actions.ts
@@ -6,7 +6,6 @@
  */
 
 import type { RequestHandler } from '@kbn/core/server';
-import type { TypeOf } from '@kbn/config-schema';
 
 import { responseActionsWithLegacyActionProperty } from '../../services/actions/constants';
 import { stringify } from '../../utils/stringify';
@@ -24,7 +23,6 @@ import {
   GetProcessesRouteRequestSchema,
   IsolateRouteRequestSchema,
   KillProcessRouteRequestSchema,
-  type NoParametersRequestSchema,
   type ResponseActionGetFileRequestBody,
   type ResponseActionsRequestBody,
   type ScanActionRequestBody,
@@ -39,12 +37,10 @@ import {
   EXECUTE_ROUTE,
   GET_FILE_ROUTE,
   GET_PROCESSES_ROUTE,
-  ISOLATE_HOST_ROUTE,
   ISOLATE_HOST_ROUTE_V2,
   KILL_PROCESS_ROUTE,
   SCAN_ROUTE,
   SUSPEND_PROCESS_ROUTE,
-  UNISOLATE_HOST_ROUTE,
   UNISOLATE_HOST_ROUTE_V2,
   UPLOAD_ROUTE,
 } from '../../../../common/endpoint/constants';
@@ -73,58 +69,6 @@ export function registerResponseActionRoutes(
 ) {
   const logger = endpointContext.logFactory.get('hostIsolation');
 
-  /**
-   * @deprecated use ISOLATE_HOST_ROUTE_V2 instead
-   */
-  router.versioned
-    .post({
-      access: 'public',
-      path: ISOLATE_HOST_ROUTE,
-      security: {
-        authz: {
-          requiredPrivileges: ['securitySolution'],
-        },
-      },
-      options: { authRequired: true },
-    })
-    .addVersion(
-      {
-        version: '2023-10-31',
-        validate: {
-          request: IsolateRouteRequestSchema,
-        },
-      },
-      withEndpointAuthz({ all: ['canIsolateHost'] }, logger, redirectHandler(ISOLATE_HOST_ROUTE_V2))
-    );
-
-  /**
-   * @deprecated use RELEASE_HOST_ROUTE instead
-   */
-  router.versioned
-    .post({
-      access: 'public',
-      path: UNISOLATE_HOST_ROUTE,
-      security: {
-        authz: {
-          requiredPrivileges: ['securitySolution'],
-        },
-      },
-      options: { authRequired: true },
-    })
-    .addVersion(
-      {
-        version: '2023-10-31',
-        validate: {
-          request: UnisolateRouteRequestSchema,
-        },
-      },
-      withEndpointAuthz(
-        { all: ['canUnIsolateHost'] },
-        logger,
-        redirectHandler(UNISOLATE_HOST_ROUTE_V2)
-      )
-    );
-
   router.versioned
     .post({
       access: 'public',
@@ -475,20 +419,3 @@ async function handleActionCreation(
       );
   }
 }
-
-function redirectHandler(
-  location: string
-): RequestHandler<
-  unknown,
-  unknown,
-  TypeOf<typeof NoParametersRequestSchema.body>,
-  SecuritySolutionRequestHandlerContext
-> {
-  return async (context, _req, res) => {
-    const basePath = (await context.securitySolution).getServerBasePath();
-    return res.custom({
-      statusCode: 308,
-      headers: { location: `${basePath}${location}` },
-    });
-  };
-}
diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/metadata/index.ts b/x-pack/plugins/security_solution/server/endpoint/routes/metadata/index.ts
index 3f028719fe5ad..955b11f198a74 100644
--- a/x-pack/plugins/security_solution/server/endpoint/routes/metadata/index.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/routes/metadata/index.ts
@@ -24,7 +24,6 @@ import {
   HOST_METADATA_GET_ROUTE,
   HOST_METADATA_LIST_ROUTE,
   METADATA_TRANSFORMS_STATUS_INTERNAL_ROUTE,
-  METADATA_TRANSFORMS_STATUS_ROUTE,
 } from '../../../../common/endpoint/constants';
 import { withEndpointAuthz } from '../with_endpoint_authz';
 
@@ -95,31 +94,6 @@ export function registerEndpointRoutes(
       )
     );
 
-  router.versioned
-    .get({
-      access: 'public',
-      path: METADATA_TRANSFORMS_STATUS_ROUTE,
-      security: {
-        authz: {
-          requiredPrivileges: ['securitySolution'],
-        },
-      },
-      options: { authRequired: true },
-      // @ts-expect-error TODO(https://github.com/elastic/kibana/issues/196095): Replace {RouteDeprecationInfo}
-      deprecated: true,
-    })
-    .addVersion(
-      {
-        version: '2023-10-31',
-        validate: false,
-      },
-      withEndpointAuthz(
-        { all: ['canReadSecuritySolution'] },
-        logger,
-        getMetadataTransformStatsHandler(endpointAppContext, logger)
-      )
-    );
-
   router.versioned
     .get({
       access: 'internal',
diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/policy/handlers.test.ts b/x-pack/plugins/security_solution/server/endpoint/routes/policy/handlers.test.ts
index ab7ca52052b3d..b7aea568b6cb5 100644
--- a/x-pack/plugins/security_solution/server/endpoint/routes/policy/handlers.test.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/routes/policy/handlers.test.ts
@@ -7,12 +7,11 @@
 
 import { EndpointAppContextService } from '../../endpoint_app_context_services';
 import {
-  createMockEndpointAppContext,
   createMockEndpointAppContextServiceSetupContract,
   createMockEndpointAppContextServiceStartContract,
   createRouteHandlerContext,
 } from '../../mocks';
-import { getHostPolicyResponseHandler, getAgentPolicySummaryHandler } from './handlers';
+import { getHostPolicyResponseHandler } from './handlers';
 import type { KibanaResponseFactory, SavedObjectsClientContract } from '@kbn/core/server';
 import {
   elasticsearchServiceMock,
@@ -23,8 +22,6 @@ import type * as estypes from '@elastic/elasticsearch/lib/api/typesWithBodyKey';
 import type { GetHostPolicyResponse, HostPolicyResponse } from '../../../../common/endpoint/types';
 import { EndpointDocGenerator } from '../../../../common/endpoint/generate_data';
 import { requestContextMock } from '../../../lib/detection_engine/routes/__mocks__';
-import type { Agent } from '@kbn/fleet-plugin/common/types/models';
-import type { AgentClient } from '@kbn/fleet-plugin/server/services';
 import { get } from 'lodash';
 import type { ScopedClusterClientMock } from '@kbn/core-elasticsearch-client-server-mocks';
 import type { TypeOf } from '@kbn/config-schema';
@@ -127,141 +124,6 @@ describe('test policy response handler', () => {
       expect(getInternalFleetServicesSpy).toHaveBeenCalledWith('foo');
     });
   });
-
-  describe('test agent policy summary handler', () => {
-    let mockAgentClient: jest.Mocked<AgentClient>;
-
-    let agentListResult: {
-      agents: Agent[];
-      total: number;
-      page: number;
-      perPage: number;
-    };
-
-    let emptyAgentListResult: {
-      agents: Agent[];
-      total: number;
-      page: number;
-      perPage: number;
-    };
-
-    beforeEach(() => {
-      mockScopedClient = elasticsearchServiceMock.createScopedClusterClient();
-      mockSavedObjectClient = savedObjectsClientMock.create();
-      mockResponse = httpServerMock.createResponseFactory();
-      endpointAppContextService = new EndpointAppContextService();
-      emptyAgentListResult = {
-        agents: [],
-        total: 2,
-        page: 1,
-        perPage: 1,
-      };
-
-      agentListResult = {
-        agents: [
-          {
-            local_metadata: {
-              elastic: {
-                agent: {
-                  version: '8.0.0',
-                },
-              },
-            },
-          } as unknown as Agent,
-          {
-            local_metadata: {
-              elastic: {
-                agent: {
-                  version: '8.0.0',
-                },
-              },
-            },
-          } as unknown as Agent,
-          {
-            local_metadata: {
-              elastic: {
-                agent: {
-                  version: '8.1.0',
-                },
-              },
-            },
-          } as unknown as Agent,
-        ],
-        total: 2,
-        page: 1,
-        perPage: 1,
-      };
-      endpointAppContextService.setup(createMockEndpointAppContextServiceSetupContract());
-      endpointAppContextService.start({
-        ...createMockEndpointAppContextServiceStartContract(),
-      });
-      mockAgentClient = endpointAppContextService.getInternalFleetServices()
-        .agent as jest.Mocked<AgentClient>;
-    });
-
-    afterEach(() => endpointAppContextService.stop());
-
-    it('should return the summary of all the agent with the given policy name', async () => {
-      mockAgentClient.listAgents
-        .mockImplementation(() => Promise.resolve(emptyAgentListResult))
-        .mockImplementationOnce(() => Promise.resolve(agentListResult));
-
-      const policySummarysHandler = getAgentPolicySummaryHandler({
-        ...createMockEndpointAppContext(),
-        service: endpointAppContextService,
-      });
-
-      const mockRequest = httpServerMock.createKibanaRequest({
-        query: { policy_id: '41a1b470-221b-11eb-8fba-fb9c0d46ace3', package_name: 'endpoint' },
-      });
-
-      await policySummarysHandler(
-        requestContextMock.convertContext(
-          createRouteHandlerContext(mockScopedClient, mockSavedObjectClient)
-        ),
-        mockRequest,
-        mockResponse
-      );
-      expect(mockResponse.ok).toBeCalled();
-      expect(mockResponse.ok.mock.calls[0][0]?.body).toEqual({
-        summary_response: {
-          policy_id: '41a1b470-221b-11eb-8fba-fb9c0d46ace3',
-          package: 'endpoint',
-          versions_count: { '8.0.0': 2, '8.1.0': 1 },
-        },
-      });
-    });
-
-    it('should return the agent summary', async () => {
-      mockAgentClient.listAgents
-        .mockImplementationOnce(() => Promise.resolve(agentListResult))
-        .mockImplementationOnce(() => Promise.resolve(emptyAgentListResult));
-
-      const agentPolicySummaryHandler = getAgentPolicySummaryHandler({
-        ...createMockEndpointAppContext(),
-        service: endpointAppContextService,
-      });
-
-      const mockRequest = httpServerMock.createKibanaRequest({
-        query: { package_name: 'endpoint' },
-      });
-
-      await agentPolicySummaryHandler(
-        requestContextMock.convertContext(
-          createRouteHandlerContext(mockScopedClient, mockSavedObjectClient)
-        ),
-        mockRequest,
-        mockResponse
-      );
-      expect(mockResponse.ok).toBeCalled();
-      expect(mockResponse.ok.mock.calls[0][0]?.body).toEqual({
-        summary_response: {
-          package: 'endpoint',
-          versions_count: { '8.0.0': 2, '8.1.0': 1 },
-        },
-      });
-    });
-  });
 });
 
 /**
diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/policy/handlers.ts b/x-pack/plugins/security_solution/server/endpoint/routes/policy/handlers.ts
index 7367201f5883a..ce5ad8dda16f2 100644
--- a/x-pack/plugins/security_solution/server/endpoint/routes/policy/handlers.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/routes/policy/handlers.ts
@@ -10,13 +10,8 @@ import type { TypeOf } from '@kbn/config-schema';
 import type { SecuritySolutionRequestHandlerContext } from '../../../types';
 import type { EndpointAppContextService } from '../../endpoint_app_context_services';
 import { errorHandler } from '../error_handler';
-import type {
-  GetPolicyResponseSchema,
-  GetAgentPolicySummaryRequestSchema,
-} from '../../../../common/api/endpoint';
-import type { EndpointAppContext } from '../../types';
-import { getAgentPolicySummary, getPolicyResponseByAgentId } from './service';
-import type { GetAgentSummaryResponse } from '../../../../common/endpoint/types';
+import type { GetPolicyResponseSchema } from '../../../../common/api/endpoint';
+import { getPolicyResponseByAgentId } from './service';
 import { NotFoundError } from '../../errors';
 
 export const getHostPolicyResponseHandler = function (
@@ -50,30 +45,3 @@ export const getHostPolicyResponseHandler = function (
     }
   };
 };
-
-export const getAgentPolicySummaryHandler = function (
-  endpointAppContext: EndpointAppContext
-): RequestHandler<undefined, TypeOf<typeof GetAgentPolicySummaryRequestSchema.query>, undefined> {
-  return async (_, request, response) => {
-    const result = await getAgentPolicySummary(
-      endpointAppContext,
-      request,
-      request.query.package_name,
-      request.query?.policy_id || undefined
-    );
-    const responseBody = {
-      package: request.query.package_name,
-      versions_count: { ...result },
-    };
-
-    const body: GetAgentSummaryResponse = {
-      summary_response: request.query?.policy_id
-        ? { ...responseBody, ...{ policy_id: request.query?.policy_id } }
-        : responseBody,
-    };
-
-    return response.ok({
-      body,
-    });
-  };
-};
diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/policy/index.ts b/x-pack/plugins/security_solution/server/endpoint/routes/policy/index.ts
index f437ed332828c..cbbd53555767e 100644
--- a/x-pack/plugins/security_solution/server/endpoint/routes/policy/index.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/routes/policy/index.ts
@@ -5,16 +5,10 @@
  * 2.0.
  */
 
-import {
-  GetPolicyResponseSchema,
-  GetAgentPolicySummaryRequestSchema,
-} from '../../../../common/api/endpoint';
+import { GetPolicyResponseSchema } from '../../../../common/api/endpoint';
 import type { EndpointAppContext } from '../../types';
-import { getHostPolicyResponseHandler, getAgentPolicySummaryHandler } from './handlers';
-import {
-  AGENT_POLICY_SUMMARY_ROUTE,
-  BASE_POLICY_RESPONSE_ROUTE,
-} from '../../../../common/endpoint/constants';
+import { getHostPolicyResponseHandler } from './handlers';
+import { BASE_POLICY_RESPONSE_ROUTE } from '../../../../common/endpoint/constants';
 import { withEndpointAuthz } from '../with_endpoint_authz';
 import type { SecuritySolutionPluginRouter } from '../../../types';
 
@@ -45,29 +39,4 @@ export function registerPolicyRoutes(
         getHostPolicyResponseHandler(endpointAppContext.service)
       )
     );
-
-  /**
-   * @deprecated
-   * @removeBy 9.0.0
-   *
-   */
-  router.versioned
-    .get({
-      access: 'public',
-      path: AGENT_POLICY_SUMMARY_ROUTE,
-      options: { authRequired: true },
-    })
-    .addVersion(
-      {
-        version: '2023-10-31',
-        validate: {
-          request: GetAgentPolicySummaryRequestSchema,
-        },
-      },
-      withEndpointAuthz(
-        { all: ['canAccessEndpointManagement'] },
-        logger,
-        getAgentPolicySummaryHandler(endpointAppContext)
-      )
-    );
 }
diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/policy/service.ts b/x-pack/plugins/security_solution/server/endpoint/routes/policy/service.ts
index c5f398ee2d1f3..eb36bdf015b9f 100644
--- a/x-pack/plugins/security_solution/server/endpoint/routes/policy/service.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/routes/policy/service.ts
@@ -68,38 +68,6 @@ export async function getPolicyResponseByAgentId(
   return undefined;
 }
 
-const transformAgentVersionMap = (versionMap: Map<string, number>): { [key: string]: number } => {
-  const data: { [key: string]: number } = {};
-  versionMap.forEach((value, key) => {
-    data[key] = value;
-  });
-  return data;
-};
-
-export async function getAgentPolicySummary(
-  endpointAppContext: EndpointAppContext,
-  request: KibanaRequest,
-  packageName: string,
-  policyId?: string,
-  pageSize: number = 1000
-): Promise<{ [key: string]: number }> {
-  const agentQuery = `packages:"${packageName}"`;
-  if (policyId) {
-    return transformAgentVersionMap(
-      await agentVersionsMap(
-        endpointAppContext,
-        request,
-        `${agentQuery} AND policy_id:${policyId}`,
-        pageSize
-      )
-    );
-  }
-
-  return transformAgentVersionMap(
-    await agentVersionsMap(endpointAppContext, request, agentQuery, pageSize)
-  );
-}
-
 export async function agentVersionsMap(
   endpointAppContext: EndpointAppContext,
   request: KibanaRequest,
diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/suggestions/index.ts b/x-pack/plugins/security_solution/server/endpoint/routes/suggestions/index.ts
index bbee33114534b..494da2c2a039e 100644
--- a/x-pack/plugins/security_solution/server/endpoint/routes/suggestions/index.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/routes/suggestions/index.ts
@@ -24,7 +24,6 @@ import type { EndpointAppContext } from '../../types';
 import {
   eventsIndexPattern,
   SUGGESTIONS_INTERNAL_ROUTE,
-  SUGGESTIONS_ROUTE,
 } from '../../../../common/endpoint/constants';
 import { withEndpointAuthz } from '../with_endpoint_authz';
 import { errorHandler } from '../error_handler';
@@ -38,33 +37,6 @@ export function registerEndpointSuggestionsRoutes(
   config$: Observable<ConfigSchema>,
   endpointContext: EndpointAppContext
 ) {
-  router.versioned
-    .post({
-      access: 'public',
-      path: SUGGESTIONS_ROUTE,
-      security: {
-        authz: {
-          requiredPrivileges: ['securitySolution'],
-        },
-      },
-      options: { authRequired: true },
-      // @ts-expect-error TODO(https://github.com/elastic/kibana/issues/196095): Replace {RouteDeprecationInfo}
-      deprecated: true,
-    })
-    .addVersion(
-      {
-        version: '2023-10-31',
-        validate: {
-          request: EndpointSuggestionsSchema,
-        },
-      },
-      withEndpointAuthz(
-        { any: ['canWriteEventFilters'] },
-        endpointContext.logFactory.get('endpointSuggestions'),
-        getEndpointSuggestionsRequestHandler(config$, getLogger(endpointContext))
-      )
-    );
-
   router.versioned
     .post({
       access: 'internal',
diff --git a/x-pack/plugins/security_solution/server/endpoint/services/actions/actions_audit_log.ts b/x-pack/plugins/security_solution/server/endpoint/services/actions/actions_audit_log.ts
deleted file mode 100644
index aa31119227099..0000000000000
--- a/x-pack/plugins/security_solution/server/endpoint/services/actions/actions_audit_log.ts
+++ /dev/null
@@ -1,288 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import type { Logger } from '@kbn/core/server';
-import type * as estypes from '@elastic/elasticsearch/lib/api/types';
-import type { TransportResult } from '@elastic/elasticsearch';
-import { AGENT_ACTIONS_INDEX, AGENT_ACTIONS_RESULTS_INDEX } from '@kbn/fleet-plugin/common';
-import {
-  ENDPOINT_ACTION_RESPONSES_INDEX_PATTERN,
-  ENDPOINT_ACTIONS_DS,
-  ENDPOINT_ACTIONS_INDEX,
-} from '../../../../common/endpoint/constants';
-import type { SecuritySolutionRequestHandlerContext } from '../../../types';
-import type {
-  ActivityLog,
-  ActivityLogEntry,
-  EndpointAction,
-  EndpointActionResponse,
-  LogsEndpointAction,
-  LogsEndpointActionResponse,
-} from '../../../../common/endpoint/types';
-import { doesLogsEndpointActionsIndexExist } from '../../utils';
-
-import {
-  categorizeActionResults,
-  categorizeResponseResults,
-  getDateFilters,
-  getUniqueLogData,
-} from './utils';
-import { ACTION_REQUEST_INDICES, ACTION_RESPONSE_INDICES } from './constants';
-
-const queryOptions = {
-  headers: {
-    'X-elastic-product-origin': 'fleet',
-  },
-  ignore: [404],
-};
-
-/**
- * Used only for the deprecated `/api/endpoint/action_log/{agent_id}` legacy API route
- *
- * Use newer response action services instead
- *
- * @deprecated
- */
-export const getAuditLogResponse = async ({
-  elasticAgentId,
-  page,
-  pageSize,
-  startDate,
-  endDate,
-  context,
-  logger,
-}: {
-  elasticAgentId: string;
-  page: number;
-  pageSize: number;
-  startDate: string;
-  endDate: string;
-  context: SecuritySolutionRequestHandlerContext;
-  logger: Logger;
-}): Promise<ActivityLog> => {
-  const size = Math.floor(pageSize / 2);
-  const from = page <= 1 ? 0 : page * size - size + 1;
-
-  const data = await getActivityLog({
-    context,
-    from,
-    size,
-    startDate,
-    endDate,
-    elasticAgentId,
-    logger,
-  });
-
-  return {
-    page,
-    pageSize,
-    startDate,
-    endDate,
-    data,
-  };
-};
-
-const getActivityLog = async ({
-  context,
-  size,
-  from,
-  startDate,
-  endDate,
-  elasticAgentId,
-  logger,
-}: {
-  context: SecuritySolutionRequestHandlerContext;
-  elasticAgentId: string;
-  size: number;
-  from: number;
-  startDate: string;
-  endDate: string;
-  logger: Logger;
-}): Promise<ActivityLogEntry[]> => {
-  let actionsResult: TransportResult<estypes.SearchResponse<unknown>, unknown>;
-  let responsesResult: TransportResult<estypes.SearchResponse<unknown>, unknown>;
-
-  try {
-    // fetch actions with matching agent_id
-    const { actionIds, actionRequests } = await getActionRequestsResult({
-      context,
-      logger,
-      elasticAgentId,
-      startDate,
-      endDate,
-      size,
-      from,
-    });
-    actionsResult = actionRequests;
-
-    // fetch responses with matching unique set of `action_id`s
-    responsesResult = await getActionResponsesResult({
-      actionIds: [...new Set(actionIds)], // de-dupe `action_id`s
-      context,
-      logger,
-      elasticAgentId,
-      startDate,
-      endDate,
-    });
-  } catch (error) {
-    logger.error(error);
-    throw error;
-  }
-  if (actionsResult?.statusCode !== 200) {
-    logger.error(`Error fetching actions log for agent_id ${elasticAgentId}`);
-    throw new Error(`Error fetching actions log for agent_id ${elasticAgentId}`);
-  }
-
-  // label record as `action`, `fleetAction`
-  const responses = categorizeResponseResults({
-    results: responsesResult?.body?.hits?.hits as Array<
-      estypes.SearchHit<EndpointActionResponse | LogsEndpointActionResponse>
-    >,
-  });
-
-  // label record as `response`, `fleetResponse`
-  const actions = categorizeActionResults({
-    results: actionsResult?.body?.hits?.hits as Array<
-      estypes.SearchHit<EndpointAction | LogsEndpointAction>
-    >,
-  });
-
-  // filter out the duplicate endpoint actions that also have fleetActions
-  // include endpoint actions that have no fleet actions
-  const uniqueLogData = getUniqueLogData([...responses, ...actions]);
-
-  // sort by @timestamp in desc order, newest first
-  const sortedData = getTimeSortedData(uniqueLogData);
-
-  return sortedData;
-};
-
-const getTimeSortedData = (data: ActivityLog['data']): ActivityLog['data'] => {
-  return data.sort((a, b) =>
-    new Date(b.item.data['@timestamp']) > new Date(a.item.data['@timestamp']) ? 1 : -1
-  );
-};
-
-const getActionRequestsResult = async ({
-  context,
-  logger,
-  elasticAgentId,
-  startDate,
-  endDate,
-  size,
-  from,
-}: {
-  context: SecuritySolutionRequestHandlerContext;
-  logger: Logger;
-  elasticAgentId: string;
-  startDate: string;
-  endDate: string;
-  size: number;
-  from: number;
-}): Promise<{
-  actionIds: string[];
-  actionRequests: TransportResult<estypes.SearchResponse<unknown>, unknown>;
-}> => {
-  const dateFilters = getDateFilters({ startDate, endDate });
-  const baseActionFilters = [
-    { term: { agents: elasticAgentId } },
-    { term: { input_type: 'endpoint' } },
-    { term: { type: 'INPUT_ACTION' } },
-  ];
-  const actionsFilters = [...baseActionFilters, ...dateFilters];
-  const esClient = (await context.core).elasticsearch.client.asInternalUser;
-
-  const hasLogsEndpointActionsIndex = await doesLogsEndpointActionsIndexExist({
-    esClient,
-    logger,
-    indexName: ENDPOINT_ACTIONS_INDEX,
-  });
-
-  const actionsSearchQuery: estypes.SearchRequest = {
-    index: hasLogsEndpointActionsIndex ? ACTION_REQUEST_INDICES : AGENT_ACTIONS_INDEX,
-    size,
-    from,
-    query: {
-      bool: {
-        filter: actionsFilters,
-      },
-    },
-    sort: [
-      {
-        '@timestamp': {
-          order: 'desc',
-        },
-      },
-    ],
-  };
-
-  let actionRequests: TransportResult<estypes.SearchResponse<unknown>, unknown>;
-  try {
-    actionRequests = await esClient.search(actionsSearchQuery, { ...queryOptions, meta: true });
-    const actionIds = actionRequests?.body?.hits?.hits?.map((e) => {
-      return e._index.includes(ENDPOINT_ACTIONS_DS)
-        ? (e._source as LogsEndpointAction).EndpointActions.action_id
-        : (e._source as EndpointAction).action_id;
-    });
-
-    return { actionIds, actionRequests };
-  } catch (error) {
-    logger.error(error);
-    throw error;
-  }
-};
-
-const getActionResponsesResult = async ({
-  context,
-  logger,
-  elasticAgentId,
-  actionIds,
-  startDate,
-  endDate,
-}: {
-  context: SecuritySolutionRequestHandlerContext;
-  logger: Logger;
-  elasticAgentId: string;
-  actionIds: string[];
-  startDate: string;
-  endDate: string;
-}): Promise<TransportResult<estypes.SearchResponse<unknown>, unknown>> => {
-  const dateFilters = getDateFilters({ startDate, endDate });
-  const baseResponsesFilter = [
-    { term: { agent_id: elasticAgentId } },
-    { terms: { action_id: actionIds } },
-  ];
-  const responsesFilters = [...baseResponsesFilter, ...dateFilters];
-  const esClient = (await context.core).elasticsearch.client.asInternalUser;
-
-  const hasLogsEndpointActionResponsesIndex = await doesLogsEndpointActionsIndexExist({
-    esClient,
-    logger,
-    indexName: ENDPOINT_ACTION_RESPONSES_INDEX_PATTERN,
-  });
-
-  const responsesSearchQuery: estypes.SearchRequest = {
-    index: hasLogsEndpointActionResponsesIndex
-      ? ACTION_RESPONSE_INDICES
-      : AGENT_ACTIONS_RESULTS_INDEX,
-    size: 1000,
-    query: {
-      bool: {
-        filter: responsesFilters,
-      },
-    },
-  };
-
-  let actionResponses: TransportResult<estypes.SearchResponse<unknown>, unknown>;
-  try {
-    actionResponses = await esClient.search(responsesSearchQuery, { ...queryOptions, meta: true });
-  } catch (error) {
-    logger.error(error);
-    throw error;
-  }
-  return actionResponses;
-};
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/logic/diff/calculation/algorithms/multi_line_string_diff_algorithm.mock.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/logic/diff/calculation/algorithms/multi_line_string_diff_algorithm.mock.ts
new file mode 100644
index 0000000000000..b237a9e3c0dcc
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/logic/diff/calculation/algorithms/multi_line_string_diff_algorithm.mock.ts
@@ -0,0 +1,64 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+/**
+ * Investigation guide, medium size, version A (original).
+ */
+export const TEXT_M_A =
+  '## Triage and analysis\n\n### Investigating High Number of Process and/or Service Terminations\n\nAttackers can stop services and kill processes for a variety of purposes. For example, they can stop services associated with business applications and databases to release the lock on files used by these applications so they may be encrypted, or stop security and backup solutions, etc.\n\nThis rule identifies a high number (10) of service and/or process terminations (stop, delete, or suspend) from the same host within a short time period.\n\n#### Possible investigation steps\n\n- Investigate the script execution chain (parent process tree) for unknown processes. Examine their executable files for prevalence, whether they are located in expected locations, and if they are signed with valid digital signatures.\n- Identify the user account that performed the action and whether it should perform this kind of action.\n- Contact the account owner and confirm whether they are aware of this activity.\n- Investigate other alerts associated with the user/host during the past 48 hours.\n- Check if any files on the host machine have been encrypted.\n\n### False positive analysis\n\n- This activity is unlikely to happen legitimately. Benign true positives (B-TPs) can be added as exceptions if necessary.\n\n### Response and remediation\n\n- Initiate the incident response process based on the outcome of the triage.\n- Isolate the involved host to prevent further destructive behavior, which is commonly associated with this activity.\n- Investigate credential exposure on systems compromised or used by the attacker to ensure all compromised accounts are identified. Reset passwords for these accounts and other potentially compromised credentials, such as email, business systems, and web services.\n- Reimage the host operating system or restore it to the operational state.\n- If any other destructive action was identified on the host, it is recommended to prioritize the investigation and look for ransomware preparation and execution activities.\n- Run a full antimalware scan. This may reveal additional artifacts left in the system, persistence mechanisms, and malware components.\n- Determine the initial vector abused by the attacker and take action to prevent reinfection through the same vector.\n- Using the incident response data, update logging and audit policies to improve the mean time to detect (MTTD) and the mean time to respond (MTTR).\n';
+
+/**
+ * Investigation guide, medium size, version B (version A that was modified in one way).
+ * Modification: last line has been removed.
+ */
+export const TEXT_M_B =
+  '## Triage and analysis\n\n### Investigating High Number of Process and/or Service Terminations\n\nAttackers can stop services and kill processes for a variety of purposes. For example, they can stop services associated with business applications and databases to release the lock on files used by these applications so they may be encrypted, or stop security and backup solutions, etc.\n\nThis rule identifies a high number (10) of service and/or process terminations (stop, delete, or suspend) from the same host within a short time period.\n\n#### Possible investigation steps\n\n- Investigate the script execution chain (parent process tree) for unknown processes. Examine their executable files for prevalence, whether they are located in expected locations, and if they are signed with valid digital signatures.\n- Identify the user account that performed the action and whether it should perform this kind of action.\n- Contact the account owner and confirm whether they are aware of this activity.\n- Investigate other alerts associated with the user/host during the past 48 hours.\n- Check if any files on the host machine have been encrypted.\n\n### False positive analysis\n\n- This activity is unlikely to happen legitimately. Benign true positives (B-TPs) can be added as exceptions if necessary.\n\n### Response and remediation\n\n- Initiate the incident response process based on the outcome of the triage.\n- Isolate the involved host to prevent further destructive behavior, which is commonly associated with this activity.\n- Investigate credential exposure on systems compromised or used by the attacker to ensure all compromised accounts are identified. Reset passwords for these accounts and other potentially compromised credentials, such as email, business systems, and web services.\n- Reimage the host operating system or restore it to the operational state.\n- If any other destructive action was identified on the host, it is recommended to prioritize the investigation and look for ransomware preparation and execution activities.\n- Run a full antimalware scan. This may reveal additional artifacts left in the system, persistence mechanisms, and malware components.\n- Determine the initial vector abused by the attacker and take action to prevent reinfection through the same vector.\n';
+
+/**
+ * Investigation guide, medium size, version C (version A that was modified in another way).
+ * Modification: "Investigating High Number" -> "Investigating Low Number".
+ */
+export const TEXT_M_C =
+  '## Triage and analysis\n\n### Investigating Low Number of Process and/or Service Terminations\n\nAttackers can stop services and kill processes for a variety of purposes. For example, they can stop services associated with business applications and databases to release the lock on files used by these applications so they may be encrypted, or stop security and backup solutions, etc.\n\nThis rule identifies a high number (10) of service and/or process terminations (stop, delete, or suspend) from the same host within a short time period.\n\n#### Possible investigation steps\n\n- Investigate the script execution chain (parent process tree) for unknown processes. Examine their executable files for prevalence, whether they are located in expected locations, and if they are signed with valid digital signatures.\n- Identify the user account that performed the action and whether it should perform this kind of action.\n- Contact the account owner and confirm whether they are aware of this activity.\n- Investigate other alerts associated with the user/host during the past 48 hours.\n- Check if any files on the host machine have been encrypted.\n\n### False positive analysis\n\n- This activity is unlikely to happen legitimately. Benign true positives (B-TPs) can be added as exceptions if necessary.\n\n### Response and remediation\n\n- Initiate the incident response process based on the outcome of the triage.\n- Isolate the involved host to prevent further destructive behavior, which is commonly associated with this activity.\n- Investigate credential exposure on systems compromised or used by the attacker to ensure all compromised accounts are identified. Reset passwords for these accounts and other potentially compromised credentials, such as email, business systems, and web services.\n- Reimage the host operating system or restore it to the operational state.\n- If any other destructive action was identified on the host, it is recommended to prioritize the investigation and look for ransomware preparation and execution activities.\n- Run a full antimalware scan. This may reveal additional artifacts left in the system, persistence mechanisms, and malware components.\n- Determine the initial vector abused by the attacker and take action to prevent reinfection through the same vector.\n- Using the incident response data, update logging and audit policies to improve the mean time to detect (MTTD) and the mean time to respond (MTTR).\n';
+
+/**
+ * Investigation guide, medium size, expected result of the algorithm applied to versions A, B, and C.
+ * Changes compared to version A:
+ * - last line has been removed
+ * - "Investigating High Number" -> "Investigating Low Number"
+ */
+export const TEXT_M_MERGED =
+  '## Triage and analysis\n\n### Investigating Low Number of Process and/or Service Terminations\n\nAttackers can stop services and kill processes for a variety of purposes. For example, they can stop services associated with business applications and databases to release the lock on files used by these applications so they may be encrypted, or stop security and backup solutions, etc.\n\nThis rule identifies a high number (10) of service and/or process terminations (stop, delete, or suspend) from the same host within a short time period.\n\n#### Possible investigation steps\n\n- Investigate the script execution chain (parent process tree) for unknown processes. Examine their executable files for prevalence, whether they are located in expected locations, and if they are signed with valid digital signatures.\n- Identify the user account that performed the action and whether it should perform this kind of action.\n- Contact the account owner and confirm whether they are aware of this activity.\n- Investigate other alerts associated with the user/host during the past 48 hours.\n- Check if any files on the host machine have been encrypted.\n\n### False positive analysis\n\n- This activity is unlikely to happen legitimately. Benign true positives (B-TPs) can be added as exceptions if necessary.\n\n### Response and remediation\n\n- Initiate the incident response process based on the outcome of the triage.\n- Isolate the involved host to prevent further destructive behavior, which is commonly associated with this activity.\n- Investigate credential exposure on systems compromised or used by the attacker to ensure all compromised accounts are identified. Reset passwords for these accounts and other potentially compromised credentials, such as email, business systems, and web services.\n- Reimage the host operating system or restore it to the operational state.\n- If any other destructive action was identified on the host, it is recommended to prioritize the investigation and look for ransomware preparation and execution activities.\n- Run a full antimalware scan. This may reveal additional artifacts left in the system, persistence mechanisms, and malware components.\n- Determine the initial vector abused by the attacker and take action to prevent reinfection through the same vector.\n';
+
+/**
+ * Investigation guide, extral large size, version A (original).
+ */
+export const TEXT_XL_A =
+  '## Triage and analysis\n\n### Investigating High Number of Process and/or Service Terminations\n\nAttackers can stop services and kill processes for a variety of purposes. For example, they can stop services associated with business applications and databases to release the lock on files used by these applications so they may be encrypted, or stop security and backup solutions, etc.\n\nThis rule identifies a high number (10) of service and/or process terminations (stop, delete, or suspend) from the same host within a short time period.\n\n#### Possible investigation steps\n\n- Investigate the script execution chain (parent process tree) for unknown processes. Examine their executable files for prevalence, whether they are located in expected locations, and if they are signed with valid digital signatures.\n- Identify the user account that performed the action and whether it should perform this kind of action.\n- Contact the account owner and confirm whether they are aware of this activity.\n- Investigate other alerts associated with the user/host during the past 48 hours.\n- Check if any files on the host machine have been encrypted.\n\n### False positive analysis\n\n- This activity is unlikely to happen legitimately. Benign true positives (B-TPs) can be added as exceptions if necessary.\n\n### Response and remediation\n\n- Initiate the incident response process based on the outcome of the triage.\n- Isolate the involved host to prevent further destructive behavior, which is commonly associated with this activity.\n- Investigate credential exposure on systems compromised or used by the attacker to ensure all compromised accounts are identified. Reset passwords for these accounts and other potentially compromised credentials, such as email, business systems, and web services.\n- Reimage the host operating system or restore it to the operational state.\n- If any other destructive action was identified on the host, it is recommended to prioritize the investigation and look for ransomware preparation and execution activities.\n- Run a full antimalware scan. This may reveal additional artifacts left in the system, persistence mechanisms, and malware components.\n- Determine the initial vector abused by the attacker and take action to prevent reinfection through the same vector.\n- Using the incident response data, update logging and audit policies to improve the mean time to detect (MTTD) and the mean time to respond (MTTR).\n## Triage and analysis\n\n### Investigating High Number of Process and/or Service Terminations\n\nAttackers can stop services and kill processes for a variety of purposes. For example, they can stop services associated with business applications and databases to release the lock on files used by these applications so they may be encrypted, or stop security and backup solutions, etc.\n\nThis rule identifies a high number (10) of service and/or process terminations (stop, delete, or suspend) from the same host within a short time period.\n\n#### Possible investigation steps\n\n- Investigate the script execution chain (parent process tree) for unknown processes. Examine their executable files for prevalence, whether they are located in expected locations, and if they are signed with valid digital signatures.\n- Identify the user account that performed the action and whether it should perform this kind of action.\n- Contact the account owner and confirm whether they are aware of this activity.\n- Investigate other alerts associated with the user/host during the past 48 hours.\n- Check if any files on the host machine have been encrypted.\n\n### False positive analysis\n\n- This activity is unlikely to happen legitimately. Benign true positives (B-TPs) can be added as exceptions if necessary.\n\n### Response and remediation\n\n- Initiate the incident response process based on the outcome of the triage.\n- Isolate the involved host to prevent further destructive behavior, which is commonly associated with this activity.\n- Investigate credential exposure on systems compromised or used by the attacker to ensure all compromised accounts are identified. Reset passwords for these accounts and other potentially compromised credentials, such as email, business systems, and web services.\n- Reimage the host operating system or restore it to the operational state.\n- If any other destructive action was identified on the host, it is recommended to prioritize the investigation and look for ransomware preparation and execution activities.\n- Run a full antimalware scan. This may reveal additional artifacts left in the system, persistence mechanisms, and malware components.\n- Determine the initial vector abused by the attacker and take action to prevent reinfection through the same vector.\n- Using the incident response data, update logging and audit policies to improve the mean time to detect (MTTD) and the mean time to respond (MTTR).\n## Triage and analysis\n\n### Investigating High Number of Process and/or Service Terminations\n\nAttackers can stop services and kill processes for a variety of purposes. For example, they can stop services associated with business applications and databases to release the lock on files used by these applications so they may be encrypted, or stop security and backup solutions, etc.\n\nThis rule identifies a high number (10) of service and/or process terminations (stop, delete, or suspend) from the same host within a short time period.\n\n#### Possible investigation steps\n\n- Investigate the script execution chain (parent process tree) for unknown processes. Examine their executable files for prevalence, whether they are located in expected locations, and if they are signed with valid digital signatures.\n- Identify the user account that performed the action and whether it should perform this kind of action.\n- Contact the account owner and confirm whether they are aware of this activity.\n- Investigate other alerts associated with the user/host during the past 48 hours.\n- Check if any files on the host machine have been encrypted.\n\n### False positive analysis\n\n- This activity is unlikely to happen legitimately. Benign true positives (B-TPs) can be added as exceptions if necessary.\n\n### Response and remediation\n\n- Initiate the incident response process based on the outcome of the triage.\n- Isolate the involved host to prevent further destructive behavior, which is commonly associated with this activity.\n- Investigate credential exposure on systems compromised or used by the attacker to ensure all compromised accounts are identified. Reset passwords for these accounts and other potentially compromised credentials, such as email, business systems, and web services.\n- Reimage the host operating system or restore it to the operational state.\n- If any other destructive action was identified on the host, it is recommended to prioritize the investigation and look for ransomware preparation and execution activities.\n- Run a full antimalware scan. This may reveal additional artifacts left in the system, persistence mechanisms, and malware components.\n- Determine the initial vector abused by the attacker and take action to prevent reinfection through the same vector.\n- Using the incident response data, update logging and audit policies to improve the mean time to detect (MTTD) and the mean time to respond (MTTR).\n## Triage and analysis\n\n### Investigating High Number of Process and/or Service Terminations\n\nAttackers can stop services and kill processes for a variety of purposes. For example, they can stop services associated with business applications and databases to release the lock on files used by these applications so they may be encrypted, or stop security and backup solutions, etc.\n\nThis rule identifies a high number (10) of service and/or process terminations (stop, delete, or suspend) from the same host within a short time period.\n\n#### Possible investigation steps\n\n- Investigate the script execution chain (parent process tree) for unknown processes. Examine their executable files for prevalence, whether they are located in expected locations, and if they are signed with valid digital signatures.\n- Identify the user account that performed the action and whether it should perform this kind of action.\n- Contact the account owner and confirm whether they are aware of this activity.\n- Investigate other alerts associated with the user/host during the past 48 hours.\n- Check if any files on the host machine have been encrypted.\n\n### False positive analysis\n\n- This activity is unlikely to happen legitimately. Benign true positives (B-TPs) can be added as exceptions if necessary.\n\n### Response and remediation\n\n- Initiate the incident response process based on the outcome of the triage.\n- Isolate the involved host to prevent further destructive behavior, which is commonly associated with this activity.\n- Investigate credential exposure on systems compromised or used by the attacker to ensure all compromised accounts are identified. Reset passwords for these accounts and other potentially compromised credentials, such as email, business systems, and web services.\n- Reimage the host operating system or restore it to the operational state.\n- If any other destructive action was identified on the host, it is recommended to prioritize the investigation and look for ransomware preparation and execution activities.\n- Run a full antimalware scan. This may reveal additional artifacts left in the system, persistence mechanisms, and malware components.\n- Determine the initial vector abused by the attacker and take action to prevent reinfection through the same vector.\n- Using the incident response data, update logging and audit policies to improve the mean time to detect (MTTD) and the mean time to respond (MTTR).\n## Triage and analysis\n\n### Investigating High Number of Process and/or Service Terminations\n\nAttackers can stop services and kill processes for a variety of purposes. For example, they can stop services associated with business applications and databases to release the lock on files used by these applications so they may be encrypted, or stop security and backup solutions, etc.\n\nThis rule identifies a high number (10) of service and/or process terminations (stop, delete, or suspend) from the same host within a short time period.\n\n#### Possible investigation steps\n\n- Investigate the script execution chain (parent process tree) for unknown processes. Examine their executable files for prevalence, whether they are located in expected locations, and if they are signed with valid digital signatures.\n- Identify the user account that performed the action and whether it should perform this kind of action.\n- Contact the account owner and confirm whether they are aware of this activity.\n- Investigate other alerts associated with the user/host during the past 48 hours.\n- Check if any files on the host machine have been encrypted.\n\n### False positive analysis\n\n- This activity is unlikely to happen legitimately. Benign true positives (B-TPs) can be added as exceptions if necessary.\n\n### Response and remediation\n\n- Initiate the incident response process based on the outcome of the triage.\n- Isolate the involved host to prevent further destructive behavior, which is commonly associated with this activity.\n- Investigate credential exposure on systems compromised or used by the attacker to ensure all compromised accounts are identified. Reset passwords for these accounts and other potentially compromised credentials, such as email, business systems, and web services.\n- Reimage the host operating system or restore it to the operational state.\n- If any other destructive action was identified on the host, it is recommended to prioritize the investigation and look for ransomware preparation and execution activities.\n- Run a full antimalware scan. This may reveal additional artifacts left in the system, persistence mechanisms, and malware components.\n- Determine the initial vector abused by the attacker and take action to prevent reinfection through the same vector.\n- Using the incident response data, update logging and audit policies to improve the mean time to detect (MTTD) and the mean time to respond (MTTR).\n## Triage and analysis\n\n### Investigating High Number of Process and/or Service Terminations\n\nAttackers can stop services and kill processes for a variety of purposes. For example, they can stop services associated with business applications and databases to release the lock on files used by these applications so they may be encrypted, or stop security and backup solutions, etc.\n\nThis rule identifies a high number (10) of service and/or process terminations (stop, delete, or suspend) from the same host within a short time period.\n\n#### Possible investigation steps\n\n- Investigate the script execution chain (parent process tree) for unknown processes. Examine their executable files for prevalence, whether they are located in expected locations, and if they are signed with valid digital signatures.\n- Identify the user account that performed the action and whether it should perform this kind of action.\n- Contact the account owner and confirm whether they are aware of this activity.\n- Investigate other alerts associated with the user/host during the past 48 hours.\n- Check if any files on the host machine have been encrypted.\n\n### False positive analysis\n\n- This activity is unlikely to happen legitimately. Benign true positives (B-TPs) can be added as exceptions if necessary.\n\n### Response and remediation\n\n- Initiate the incident response process based on the outcome of the triage.\n- Isolate the involved host to prevent further destructive behavior, which is commonly associated with this activity.\n- Investigate credential exposure on systems compromised or used by the attacker to ensure all compromised accounts are identified. Reset passwords for these accounts and other potentially compromised credentials, such as email, business systems, and web services.\n- Reimage the host operating system or restore it to the operational state.\n- If any other destructive action was identified on the host, it is recommended to prioritize the investigation and look for ransomware preparation and execution activities.\n- Run a full antimalware scan. This may reveal additional artifacts left in the system, persistence mechanisms, and malware components.\n- Determine the initial vector abused by the attacker and take action to prevent reinfection through the same vector.\n- Using the incident response data, update logging and audit policies to improve the mean time to detect (MTTD) and the mean time to respond (MTTR).\n## Triage and analysis\n\n### Investigating High Number of Process and/or Service Terminations\n\nAttackers can stop services and kill processes for a variety of purposes. For example, they can stop services associated with business applications and databases to release the lock on files used by these applications so they may be encrypted, or stop security and backup solutions, etc.\n\nThis rule identifies a high number (10) of service and/or process terminations (stop, delete, or suspend) from the same host within a short time period.\n\n#### Possible investigation steps\n\n- Investigate the script execution chain (parent process tree) for unknown processes. Examine their executable files for prevalence, whether they are located in expected locations, and if they are signed with valid digital signatures.\n- Identify the user account that performed the action and whether it should perform this kind of action.\n- Contact the account owner and confirm whether they are aware of this activity.\n- Investigate other alerts associated with the user/host during the past 48 hours.\n- Check if any files on the host machine have been encrypted.\n\n### False positive analysis\n\n- This activity is unlikely to happen legitimately. Benign true positives (B-TPs) can be added as exceptions if necessary.\n\n### Response and remediation\n\n- Initiate the incident response process based on the outcome of the triage.\n- Isolate the involved host to prevent further destructive behavior, which is commonly associated with this activity.\n- Investigate credential exposure on systems compromised or used by the attacker to ensure all compromised accounts are identified. Reset passwords for these accounts and other potentially compromised credentials, such as email, business systems, and web services.\n- Reimage the host operating system or restore it to the operational state.\n- If any other destructive action was identified on the host, it is recommended to prioritize the investigation and look for ransomware preparation and execution activities.\n- Run a full antimalware scan. This may reveal additional artifacts left in the system, persistence mechanisms, and malware components.\n- Determine the initial vector abused by the attacker and take action to prevent reinfection through the same vector.\n- Using the incident response data, update logging and audit policies to improve the mean time to detect (MTTD) and the mean time to respond (MTTR).\n## Triage and analysis\n\n### Investigating High Number of Process and/or Service Terminations\n\nAttackers can stop services and kill processes for a variety of purposes. For example, they can stop services associated with business applications and databases to release the lock on files used by these applications so they may be encrypted, or stop security and backup solutions, etc.\n\nThis rule identifies a high number (10) of service and/or process terminations (stop, delete, or suspend) from the same host within a short time period.\n\n#### Possible investigation steps\n\n- Investigate the script execution chain (parent process tree) for unknown processes. Examine their executable files for prevalence, whether they are located in expected locations, and if they are signed with valid digital signatures.\n- Identify the user account that performed the action and whether it should perform this kind of action.\n- Contact the account owner and confirm whether they are aware of this activity.\n- Investigate other alerts associated with the user/host during the past 48 hours.\n- Check if any files on the host machine have been encrypted.\n\n### False positive analysis\n\n- This activity is unlikely to happen legitimately. Benign true positives (B-TPs) can be added as exceptions if necessary.\n\n### Response and remediation\n\n- Initiate the incident response process based on the outcome of the triage.\n- Isolate the involved host to prevent further destructive behavior, which is commonly associated with this activity.\n- Investigate credential exposure on systems compromised or used by the attacker to ensure all compromised accounts are identified. Reset passwords for these accounts and other potentially compromised credentials, such as email, business systems, and web services.\n- Reimage the host operating system or restore it to the operational state.\n- If any other destructive action was identified on the host, it is recommended to prioritize the investigation and look for ransomware preparation and execution activities.\n- Run a full antimalware scan. This may reveal additional artifacts left in the system, persistence mechanisms, and malware components.\n- Determine the initial vector abused by the attacker and take action to prevent reinfection through the same vector.\n- Using the incident response data, update logging and audit policies to improve the mean time to detect (MTTD) and the mean time to respond (MTTR).\n## Triage and analysis\n\n### Investigating High Number of Process and/or Service Terminations\n\nAttackers can stop services and kill processes for a variety of purposes. For example, they can stop services associated with business applications and databases to release the lock on files used by these applications so they may be encrypted, or stop security and backup solutions, etc.\n\nThis rule identifies a high number (10) of service and/or process terminations (stop, delete, or suspend) from the same host within a short time period.\n\n#### Possible investigation steps\n\n- Investigate the script execution chain (parent process tree) for unknown processes. Examine their executable files for prevalence, whether they are located in expected locations, and if they are signed with valid digital signatures.\n- Identify the user account that performed the action and whether it should perform this kind of action.\n- Contact the account owner and confirm whether they are aware of this activity.\n- Investigate other alerts associated with the user/host during the past 48 hours.\n- Check if any files on the host machine have been encrypted.\n\n### False positive analysis\n\n- This activity is unlikely to happen legitimately. Benign true positives (B-TPs) can be added as exceptions if necessary.\n\n### Response and remediation\n\n- Initiate the incident response process based on the outcome of the triage.\n- Isolate the involved host to prevent further destructive behavior, which is commonly associated with this activity.\n- Investigate credential exposure on systems compromised or used by the attacker to ensure all compromised accounts are identified. Reset passwords for these accounts and other potentially compromised credentials, such as email, business systems, and web services.\n- Reimage the host operating system or restore it to the operational state.\n- If any other destructive action was identified on the host, it is recommended to prioritize the investigation and look for ransomware preparation and execution activities.\n- Run a full antimalware scan. This may reveal additional artifacts left in the system, persistence mechanisms, and malware components.\n- Determine the initial vector abused by the attacker and take action to prevent reinfection through the same vector.\n- Using the incident response data, update logging and audit policies to improve the mean time to detect (MTTD) and the mean time to respond (MTTR).\n## Triage and analysis\n\n### Investigating High Number of Process and/or Service Terminations\n\nAttackers can stop services and kill processes for a variety of purposes. For example, they can stop services associated with business applications and databases to release the lock on files used by these applications so they may be encrypted, or stop security and backup solutions, etc.\n\nThis rule identifies a high number (10) of service and/or process terminations (stop, delete, or suspend) from the same host within a short time period.\n\n#### Possible investigation steps\n\n- Investigate the script execution chain (parent process tree) for unknown processes. Examine their executable files for prevalence, whether they are located in expected locations, and if they are signed with valid digital signatures.\n- Identify the user account that performed the action and whether it should perform this kind of action.\n- Contact the account owner and confirm whether they are aware of this activity.\n- Investigate other alerts associated with the user/host during the past 48 hours.\n- Check if any files on the host machine have been encrypted.\n\n### False positive analysis\n\n- This activity is unlikely to happen legitimately. Benign true positives (B-TPs) can be added as exceptions if necessary.\n\n### Response and remediation\n\n- Initiate the incident response process based on the outcome of the triage.\n- Isolate the involved host to prevent further destructive behavior, which is commonly associated with this activity.\n- Investigate credential exposure on systems compromised or used by the attacker to ensure all compromised accounts are identified. Reset passwords for these accounts and other potentially compromised credentials, such as email, business systems, and web services.\n- Reimage the host operating system or restore it to the operational state.\n- If any other destructive action was identified on the host, it is recommended to prioritize the investigation and look for ransomware preparation and execution activities.\n- Run a full antimalware scan. This may reveal additional artifacts left in the system, persistence mechanisms, and malware components.\n- Determine the initial vector abused by the attacker and take action to prevent reinfection through the same vector.\n- Using the incident response data, update logging and audit policies to improve the mean time to detect (MTTD) and the mean time to respond (MTTR).\n';
+
+/**
+ * Investigation guide, extral large size, version B (version A that was modified in one way).
+ * Modification: "Triage and analysis" -> "Triage or analysis".
+ */
+export const TEXT_XL_B =
+  '## Triage or analysis\n\n### Investigating High Number of Process and/or Service Terminations\n\nAttackers can stop services and kill processes for a variety of purposes. For example, they can stop services associated with business applications and databases to release the lock on files used by these applications so they may be encrypted, or stop security and backup solutions, etc.\n\nThis rule identifies a high number (10) of service and/or process terminations (stop, delete, or suspend) from the same host within a short time period.\n\n#### Possible investigation steps\n\n- Investigate the script execution chain (parent process tree) for unknown processes. Examine their executable files for prevalence, whether they are located in expected locations, and if they are signed with valid digital signatures.\n- Identify the user account that performed the action and whether it should perform this kind of action.\n- Contact the account owner and confirm whether they are aware of this activity.\n- Investigate other alerts associated with the user/host during the past 48 hours.\n- Check if any files on the host machine have been encrypted.\n\n### False positive analysis\n\n- This activity is unlikely to happen legitimately. Benign true positives (B-TPs) can be added as exceptions if necessary.\n\n### Response and remediation\n\n- Initiate the incident response process based on the outcome of the triage.\n- Isolate the involved host to prevent further destructive behavior, which is commonly associated with this activity.\n- Investigate credential exposure on systems compromised or used by the attacker to ensure all compromised accounts are identified. Reset passwords for these accounts and other potentially compromised credentials, such as email, business systems, and web services.\n- Reimage the host operating system or restore it to the operational state.\n- If any other destructive action was identified on the host, it is recommended to prioritize the investigation and look for ransomware preparation and execution activities.\n- Run a full antimalware scan. This may reveal additional artifacts left in the system, persistence mechanisms, and malware components.\n- Determine the initial vector abused by the attacker and take action to prevent reinfection through the same vector.\n- Using the incident response data, update logging and audit policies to improve the mean time to detect (MTTD) and the mean time to respond (MTTR).\n## Triage and analysis\n\n### Investigating High Number of Process and/or Service Terminations\n\nAttackers can stop services and kill processes for a variety of purposes. For example, they can stop services associated with business applications and databases to release the lock on files used by these applications so they may be encrypted, or stop security and backup solutions, etc.\n\nThis rule identifies a high number (10) of service and/or process terminations (stop, delete, or suspend) from the same host within a short time period.\n\n#### Possible investigation steps\n\n- Investigate the script execution chain (parent process tree) for unknown processes. Examine their executable files for prevalence, whether they are located in expected locations, and if they are signed with valid digital signatures.\n- Identify the user account that performed the action and whether it should perform this kind of action.\n- Contact the account owner and confirm whether they are aware of this activity.\n- Investigate other alerts associated with the user/host during the past 48 hours.\n- Check if any files on the host machine have been encrypted.\n\n### False positive analysis\n\n- This activity is unlikely to happen legitimately. Benign true positives (B-TPs) can be added as exceptions if necessary.\n\n### Response and remediation\n\n- Initiate the incident response process based on the outcome of the triage.\n- Isolate the involved host to prevent further destructive behavior, which is commonly associated with this activity.\n- Investigate credential exposure on systems compromised or used by the attacker to ensure all compromised accounts are identified. Reset passwords for these accounts and other potentially compromised credentials, such as email, business systems, and web services.\n- Reimage the host operating system or restore it to the operational state.\n- If any other destructive action was identified on the host, it is recommended to prioritize the investigation and look for ransomware preparation and execution activities.\n- Run a full antimalware scan. This may reveal additional artifacts left in the system, persistence mechanisms, and malware components.\n- Determine the initial vector abused by the attacker and take action to prevent reinfection through the same vector.\n- Using the incident response data, update logging and audit policies to improve the mean time to detect (MTTD) and the mean time to respond (MTTR).\n## Triage and analysis\n\n### Investigating High Number of Process and/or Service Terminations\n\nAttackers can stop services and kill processes for a variety of purposes. For example, they can stop services associated with business applications and databases to release the lock on files used by these applications so they may be encrypted, or stop security and backup solutions, etc.\n\nThis rule identifies a high number (10) of service and/or process terminations (stop, delete, or suspend) from the same host within a short time period.\n\n#### Possible investigation steps\n\n- Investigate the script execution chain (parent process tree) for unknown processes. Examine their executable files for prevalence, whether they are located in expected locations, and if they are signed with valid digital signatures.\n- Identify the user account that performed the action and whether it should perform this kind of action.\n- Contact the account owner and confirm whether they are aware of this activity.\n- Investigate other alerts associated with the user/host during the past 48 hours.\n- Check if any files on the host machine have been encrypted.\n\n### False positive analysis\n\n- This activity is unlikely to happen legitimately. Benign true positives (B-TPs) can be added as exceptions if necessary.\n\n### Response and remediation\n\n- Initiate the incident response process based on the outcome of the triage.\n- Isolate the involved host to prevent further destructive behavior, which is commonly associated with this activity.\n- Investigate credential exposure on systems compromised or used by the attacker to ensure all compromised accounts are identified. Reset passwords for these accounts and other potentially compromised credentials, such as email, business systems, and web services.\n- Reimage the host operating system or restore it to the operational state.\n- If any other destructive action was identified on the host, it is recommended to prioritize the investigation and look for ransomware preparation and execution activities.\n- Run a full antimalware scan. This may reveal additional artifacts left in the system, persistence mechanisms, and malware components.\n- Determine the initial vector abused by the attacker and take action to prevent reinfection through the same vector.\n- Using the incident response data, update logging and audit policies to improve the mean time to detect (MTTD) and the mean time to respond (MTTR).\n## Triage and analysis\n\n### Investigating High Number of Process and/or Service Terminations\n\nAttackers can stop services and kill processes for a variety of purposes. For example, they can stop services associated with business applications and databases to release the lock on files used by these applications so they may be encrypted, or stop security and backup solutions, etc.\n\nThis rule identifies a high number (10) of service and/or process terminations (stop, delete, or suspend) from the same host within a short time period.\n\n#### Possible investigation steps\n\n- Investigate the script execution chain (parent process tree) for unknown processes. Examine their executable files for prevalence, whether they are located in expected locations, and if they are signed with valid digital signatures.\n- Identify the user account that performed the action and whether it should perform this kind of action.\n- Contact the account owner and confirm whether they are aware of this activity.\n- Investigate other alerts associated with the user/host during the past 48 hours.\n- Check if any files on the host machine have been encrypted.\n\n### False positive analysis\n\n- This activity is unlikely to happen legitimately. Benign true positives (B-TPs) can be added as exceptions if necessary.\n\n### Response and remediation\n\n- Initiate the incident response process based on the outcome of the triage.\n- Isolate the involved host to prevent further destructive behavior, which is commonly associated with this activity.\n- Investigate credential exposure on systems compromised or used by the attacker to ensure all compromised accounts are identified. Reset passwords for these accounts and other potentially compromised credentials, such as email, business systems, and web services.\n- Reimage the host operating system or restore it to the operational state.\n- If any other destructive action was identified on the host, it is recommended to prioritize the investigation and look for ransomware preparation and execution activities.\n- Run a full antimalware scan. This may reveal additional artifacts left in the system, persistence mechanisms, and malware components.\n- Determine the initial vector abused by the attacker and take action to prevent reinfection through the same vector.\n- Using the incident response data, update logging and audit policies to improve the mean time to detect (MTTD) and the mean time to respond (MTTR).\n## Triage and analysis\n\n### Investigating High Number of Process and/or Service Terminations\n\nAttackers can stop services and kill processes for a variety of purposes. For example, they can stop services associated with business applications and databases to release the lock on files used by these applications so they may be encrypted, or stop security and backup solutions, etc.\n\nThis rule identifies a high number (10) of service and/or process terminations (stop, delete, or suspend) from the same host within a short time period.\n\n#### Possible investigation steps\n\n- Investigate the script execution chain (parent process tree) for unknown processes. Examine their executable files for prevalence, whether they are located in expected locations, and if they are signed with valid digital signatures.\n- Identify the user account that performed the action and whether it should perform this kind of action.\n- Contact the account owner and confirm whether they are aware of this activity.\n- Investigate other alerts associated with the user/host during the past 48 hours.\n- Check if any files on the host machine have been encrypted.\n\n### False positive analysis\n\n- This activity is unlikely to happen legitimately. Benign true positives (B-TPs) can be added as exceptions if necessary.\n\n### Response and remediation\n\n- Initiate the incident response process based on the outcome of the triage.\n- Isolate the involved host to prevent further destructive behavior, which is commonly associated with this activity.\n- Investigate credential exposure on systems compromised or used by the attacker to ensure all compromised accounts are identified. Reset passwords for these accounts and other potentially compromised credentials, such as email, business systems, and web services.\n- Reimage the host operating system or restore it to the operational state.\n- If any other destructive action was identified on the host, it is recommended to prioritize the investigation and look for ransomware preparation and execution activities.\n- Run a full antimalware scan. This may reveal additional artifacts left in the system, persistence mechanisms, and malware components.\n- Determine the initial vector abused by the attacker and take action to prevent reinfection through the same vector.\n- Using the incident response data, update logging and audit policies to improve the mean time to detect (MTTD) and the mean time to respond (MTTR).\n## Triage and analysis\n\n### Investigating High Number of Process and/or Service Terminations\n\nAttackers can stop services and kill processes for a variety of purposes. For example, they can stop services associated with business applications and databases to release the lock on files used by these applications so they may be encrypted, or stop security and backup solutions, etc.\n\nThis rule identifies a high number (10) of service and/or process terminations (stop, delete, or suspend) from the same host within a short time period.\n\n#### Possible investigation steps\n\n- Investigate the script execution chain (parent process tree) for unknown processes. Examine their executable files for prevalence, whether they are located in expected locations, and if they are signed with valid digital signatures.\n- Identify the user account that performed the action and whether it should perform this kind of action.\n- Contact the account owner and confirm whether they are aware of this activity.\n- Investigate other alerts associated with the user/host during the past 48 hours.\n- Check if any files on the host machine have been encrypted.\n\n### False positive analysis\n\n- This activity is unlikely to happen legitimately. Benign true positives (B-TPs) can be added as exceptions if necessary.\n\n### Response and remediation\n\n- Initiate the incident response process based on the outcome of the triage.\n- Isolate the involved host to prevent further destructive behavior, which is commonly associated with this activity.\n- Investigate credential exposure on systems compromised or used by the attacker to ensure all compromised accounts are identified. Reset passwords for these accounts and other potentially compromised credentials, such as email, business systems, and web services.\n- Reimage the host operating system or restore it to the operational state.\n- If any other destructive action was identified on the host, it is recommended to prioritize the investigation and look for ransomware preparation and execution activities.\n- Run a full antimalware scan. This may reveal additional artifacts left in the system, persistence mechanisms, and malware components.\n- Determine the initial vector abused by the attacker and take action to prevent reinfection through the same vector.\n- Using the incident response data, update logging and audit policies to improve the mean time to detect (MTTD) and the mean time to respond (MTTR).\n## Triage and analysis\n\n### Investigating High Number of Process and/or Service Terminations\n\nAttackers can stop services and kill processes for a variety of purposes. For example, they can stop services associated with business applications and databases to release the lock on files used by these applications so they may be encrypted, or stop security and backup solutions, etc.\n\nThis rule identifies a high number (10) of service and/or process terminations (stop, delete, or suspend) from the same host within a short time period.\n\n#### Possible investigation steps\n\n- Investigate the script execution chain (parent process tree) for unknown processes. Examine their executable files for prevalence, whether they are located in expected locations, and if they are signed with valid digital signatures.\n- Identify the user account that performed the action and whether it should perform this kind of action.\n- Contact the account owner and confirm whether they are aware of this activity.\n- Investigate other alerts associated with the user/host during the past 48 hours.\n- Check if any files on the host machine have been encrypted.\n\n### False positive analysis\n\n- This activity is unlikely to happen legitimately. Benign true positives (B-TPs) can be added as exceptions if necessary.\n\n### Response and remediation\n\n- Initiate the incident response process based on the outcome of the triage.\n- Isolate the involved host to prevent further destructive behavior, which is commonly associated with this activity.\n- Investigate credential exposure on systems compromised or used by the attacker to ensure all compromised accounts are identified. Reset passwords for these accounts and other potentially compromised credentials, such as email, business systems, and web services.\n- Reimage the host operating system or restore it to the operational state.\n- If any other destructive action was identified on the host, it is recommended to prioritize the investigation and look for ransomware preparation and execution activities.\n- Run a full antimalware scan. This may reveal additional artifacts left in the system, persistence mechanisms, and malware components.\n- Determine the initial vector abused by the attacker and take action to prevent reinfection through the same vector.\n- Using the incident response data, update logging and audit policies to improve the mean time to detect (MTTD) and the mean time to respond (MTTR).\n## Triage and analysis\n\n### Investigating High Number of Process and/or Service Terminations\n\nAttackers can stop services and kill processes for a variety of purposes. For example, they can stop services associated with business applications and databases to release the lock on files used by these applications so they may be encrypted, or stop security and backup solutions, etc.\n\nThis rule identifies a high number (10) of service and/or process terminations (stop, delete, or suspend) from the same host within a short time period.\n\n#### Possible investigation steps\n\n- Investigate the script execution chain (parent process tree) for unknown processes. Examine their executable files for prevalence, whether they are located in expected locations, and if they are signed with valid digital signatures.\n- Identify the user account that performed the action and whether it should perform this kind of action.\n- Contact the account owner and confirm whether they are aware of this activity.\n- Investigate other alerts associated with the user/host during the past 48 hours.\n- Check if any files on the host machine have been encrypted.\n\n### False positive analysis\n\n- This activity is unlikely to happen legitimately. Benign true positives (B-TPs) can be added as exceptions if necessary.\n\n### Response and remediation\n\n- Initiate the incident response process based on the outcome of the triage.\n- Isolate the involved host to prevent further destructive behavior, which is commonly associated with this activity.\n- Investigate credential exposure on systems compromised or used by the attacker to ensure all compromised accounts are identified. Reset passwords for these accounts and other potentially compromised credentials, such as email, business systems, and web services.\n- Reimage the host operating system or restore it to the operational state.\n- If any other destructive action was identified on the host, it is recommended to prioritize the investigation and look for ransomware preparation and execution activities.\n- Run a full antimalware scan. This may reveal additional artifacts left in the system, persistence mechanisms, and malware components.\n- Determine the initial vector abused by the attacker and take action to prevent reinfection through the same vector.\n- Using the incident response data, update logging and audit policies to improve the mean time to detect (MTTD) and the mean time to respond (MTTR).\n## Triage and analysis\n\n### Investigating High Number of Process and/or Service Terminations\n\nAttackers can stop services and kill processes for a variety of purposes. For example, they can stop services associated with business applications and databases to release the lock on files used by these applications so they may be encrypted, or stop security and backup solutions, etc.\n\nThis rule identifies a high number (10) of service and/or process terminations (stop, delete, or suspend) from the same host within a short time period.\n\n#### Possible investigation steps\n\n- Investigate the script execution chain (parent process tree) for unknown processes. Examine their executable files for prevalence, whether they are located in expected locations, and if they are signed with valid digital signatures.\n- Identify the user account that performed the action and whether it should perform this kind of action.\n- Contact the account owner and confirm whether they are aware of this activity.\n- Investigate other alerts associated with the user/host during the past 48 hours.\n- Check if any files on the host machine have been encrypted.\n\n### False positive analysis\n\n- This activity is unlikely to happen legitimately. Benign true positives (B-TPs) can be added as exceptions if necessary.\n\n### Response and remediation\n\n- Initiate the incident response process based on the outcome of the triage.\n- Isolate the involved host to prevent further destructive behavior, which is commonly associated with this activity.\n- Investigate credential exposure on systems compromised or used by the attacker to ensure all compromised accounts are identified. Reset passwords for these accounts and other potentially compromised credentials, such as email, business systems, and web services.\n- Reimage the host operating system or restore it to the operational state.\n- If any other destructive action was identified on the host, it is recommended to prioritize the investigation and look for ransomware preparation and execution activities.\n- Run a full antimalware scan. This may reveal additional artifacts left in the system, persistence mechanisms, and malware components.\n- Determine the initial vector abused by the attacker and take action to prevent reinfection through the same vector.\n- Using the incident response data, update logging and audit policies to improve the mean time to detect (MTTD) and the mean time to respond (MTTR).\n## Triage and analysis\n\n### Investigating High Number of Process and/or Service Terminations\n\nAttackers can stop services and kill processes for a variety of purposes. For example, they can stop services associated with business applications and databases to release the lock on files used by these applications so they may be encrypted, or stop security and backup solutions, etc.\n\nThis rule identifies a high number (10) of service and/or process terminations (stop, delete, or suspend) from the same host within a short time period.\n\n#### Possible investigation steps\n\n- Investigate the script execution chain (parent process tree) for unknown processes. Examine their executable files for prevalence, whether they are located in expected locations, and if they are signed with valid digital signatures.\n- Identify the user account that performed the action and whether it should perform this kind of action.\n- Contact the account owner and confirm whether they are aware of this activity.\n- Investigate other alerts associated with the user/host during the past 48 hours.\n- Check if any files on the host machine have been encrypted.\n\n### False positive analysis\n\n- This activity is unlikely to happen legitimately. Benign true positives (B-TPs) can be added as exceptions if necessary.\n\n### Response and remediation\n\n- Initiate the incident response process based on the outcome of the triage.\n- Isolate the involved host to prevent further destructive behavior, which is commonly associated with this activity.\n- Investigate credential exposure on systems compromised or used by the attacker to ensure all compromised accounts are identified. Reset passwords for these accounts and other potentially compromised credentials, such as email, business systems, and web services.\n- Reimage the host operating system or restore it to the operational state.\n- If any other destructive action was identified on the host, it is recommended to prioritize the investigation and look for ransomware preparation and execution activities.\n- Run a full antimalware scan. This may reveal additional artifacts left in the system, persistence mechanisms, and malware components.\n- Determine the initial vector abused by the attacker and take action to prevent reinfection through the same vector.\n- Using the incident response data, update logging and audit policies to improve the mean time to detect (MTTD) and the mean time to respond (MTTR).\n';
+
+/**
+ * Investigation guide, extral large size, version C (version A that was modified in another way).
+ * Modification: "Investigating High Number" -> "Investigating Low Number".
+ */
+export const TEXT_XL_C =
+  '## Triage and analysis\n\n### Investigating Low Number of Process and/or Service Terminations\n\nAttackers can stop services and kill processes for a variety of purposes. For example, they can stop services associated with business applications and databases to release the lock on files used by these applications so they may be encrypted, or stop security and backup solutions, etc.\n\nThis rule identifies a high number (10) of service and/or process terminations (stop, delete, or suspend) from the same host within a short time period.\n\n#### Possible investigation steps\n\n- Investigate the script execution chain (parent process tree) for unknown processes. Examine their executable files for prevalence, whether they are located in expected locations, and if they are signed with valid digital signatures.\n- Identify the user account that performed the action and whether it should perform this kind of action.\n- Contact the account owner and confirm whether they are aware of this activity.\n- Investigate other alerts associated with the user/host during the past 48 hours.\n- Check if any files on the host machine have been encrypted.\n\n### False positive analysis\n\n- This activity is unlikely to happen legitimately. Benign true positives (B-TPs) can be added as exceptions if necessary.\n\n### Response and remediation\n\n- Initiate the incident response process based on the outcome of the triage.\n- Isolate the involved host to prevent further destructive behavior, which is commonly associated with this activity.\n- Investigate credential exposure on systems compromised or used by the attacker to ensure all compromised accounts are identified. Reset passwords for these accounts and other potentially compromised credentials, such as email, business systems, and web services.\n- Reimage the host operating system or restore it to the operational state.\n- If any other destructive action was identified on the host, it is recommended to prioritize the investigation and look for ransomware preparation and execution activities.\n- Run a full antimalware scan. This may reveal additional artifacts left in the system, persistence mechanisms, and malware components.\n- Determine the initial vector abused by the attacker and take action to prevent reinfection through the same vector.\n- Using the incident response data, update logging and audit policies to improve the mean time to detect (MTTD) and the mean time to respond (MTTR).\n## Triage and analysis\n\n### Investigating High Number of Process and/or Service Terminations\n\nAttackers can stop services and kill processes for a variety of purposes. For example, they can stop services associated with business applications and databases to release the lock on files used by these applications so they may be encrypted, or stop security and backup solutions, etc.\n\nThis rule identifies a high number (10) of service and/or process terminations (stop, delete, or suspend) from the same host within a short time period.\n\n#### Possible investigation steps\n\n- Investigate the script execution chain (parent process tree) for unknown processes. Examine their executable files for prevalence, whether they are located in expected locations, and if they are signed with valid digital signatures.\n- Identify the user account that performed the action and whether it should perform this kind of action.\n- Contact the account owner and confirm whether they are aware of this activity.\n- Investigate other alerts associated with the user/host during the past 48 hours.\n- Check if any files on the host machine have been encrypted.\n\n### False positive analysis\n\n- This activity is unlikely to happen legitimately. Benign true positives (B-TPs) can be added as exceptions if necessary.\n\n### Response and remediation\n\n- Initiate the incident response process based on the outcome of the triage.\n- Isolate the involved host to prevent further destructive behavior, which is commonly associated with this activity.\n- Investigate credential exposure on systems compromised or used by the attacker to ensure all compromised accounts are identified. Reset passwords for these accounts and other potentially compromised credentials, such as email, business systems, and web services.\n- Reimage the host operating system or restore it to the operational state.\n- If any other destructive action was identified on the host, it is recommended to prioritize the investigation and look for ransomware preparation and execution activities.\n- Run a full antimalware scan. This may reveal additional artifacts left in the system, persistence mechanisms, and malware components.\n- Determine the initial vector abused by the attacker and take action to prevent reinfection through the same vector.\n- Using the incident response data, update logging and audit policies to improve the mean time to detect (MTTD) and the mean time to respond (MTTR).\n## Triage and analysis\n\n### Investigating High Number of Process and/or Service Terminations\n\nAttackers can stop services and kill processes for a variety of purposes. For example, they can stop services associated with business applications and databases to release the lock on files used by these applications so they may be encrypted, or stop security and backup solutions, etc.\n\nThis rule identifies a high number (10) of service and/or process terminations (stop, delete, or suspend) from the same host within a short time period.\n\n#### Possible investigation steps\n\n- Investigate the script execution chain (parent process tree) for unknown processes. Examine their executable files for prevalence, whether they are located in expected locations, and if they are signed with valid digital signatures.\n- Identify the user account that performed the action and whether it should perform this kind of action.\n- Contact the account owner and confirm whether they are aware of this activity.\n- Investigate other alerts associated with the user/host during the past 48 hours.\n- Check if any files on the host machine have been encrypted.\n\n### False positive analysis\n\n- This activity is unlikely to happen legitimately. Benign true positives (B-TPs) can be added as exceptions if necessary.\n\n### Response and remediation\n\n- Initiate the incident response process based on the outcome of the triage.\n- Isolate the involved host to prevent further destructive behavior, which is commonly associated with this activity.\n- Investigate credential exposure on systems compromised or used by the attacker to ensure all compromised accounts are identified. Reset passwords for these accounts and other potentially compromised credentials, such as email, business systems, and web services.\n- Reimage the host operating system or restore it to the operational state.\n- If any other destructive action was identified on the host, it is recommended to prioritize the investigation and look for ransomware preparation and execution activities.\n- Run a full antimalware scan. This may reveal additional artifacts left in the system, persistence mechanisms, and malware components.\n- Determine the initial vector abused by the attacker and take action to prevent reinfection through the same vector.\n- Using the incident response data, update logging and audit policies to improve the mean time to detect (MTTD) and the mean time to respond (MTTR).\n## Triage and analysis\n\n### Investigating High Number of Process and/or Service Terminations\n\nAttackers can stop services and kill processes for a variety of purposes. For example, they can stop services associated with business applications and databases to release the lock on files used by these applications so they may be encrypted, or stop security and backup solutions, etc.\n\nThis rule identifies a high number (10) of service and/or process terminations (stop, delete, or suspend) from the same host within a short time period.\n\n#### Possible investigation steps\n\n- Investigate the script execution chain (parent process tree) for unknown processes. Examine their executable files for prevalence, whether they are located in expected locations, and if they are signed with valid digital signatures.\n- Identify the user account that performed the action and whether it should perform this kind of action.\n- Contact the account owner and confirm whether they are aware of this activity.\n- Investigate other alerts associated with the user/host during the past 48 hours.\n- Check if any files on the host machine have been encrypted.\n\n### False positive analysis\n\n- This activity is unlikely to happen legitimately. Benign true positives (B-TPs) can be added as exceptions if necessary.\n\n### Response and remediation\n\n- Initiate the incident response process based on the outcome of the triage.\n- Isolate the involved host to prevent further destructive behavior, which is commonly associated with this activity.\n- Investigate credential exposure on systems compromised or used by the attacker to ensure all compromised accounts are identified. Reset passwords for these accounts and other potentially compromised credentials, such as email, business systems, and web services.\n- Reimage the host operating system or restore it to the operational state.\n- If any other destructive action was identified on the host, it is recommended to prioritize the investigation and look for ransomware preparation and execution activities.\n- Run a full antimalware scan. This may reveal additional artifacts left in the system, persistence mechanisms, and malware components.\n- Determine the initial vector abused by the attacker and take action to prevent reinfection through the same vector.\n- Using the incident response data, update logging and audit policies to improve the mean time to detect (MTTD) and the mean time to respond (MTTR).\n## Triage and analysis\n\n### Investigating High Number of Process and/or Service Terminations\n\nAttackers can stop services and kill processes for a variety of purposes. For example, they can stop services associated with business applications and databases to release the lock on files used by these applications so they may be encrypted, or stop security and backup solutions, etc.\n\nThis rule identifies a high number (10) of service and/or process terminations (stop, delete, or suspend) from the same host within a short time period.\n\n#### Possible investigation steps\n\n- Investigate the script execution chain (parent process tree) for unknown processes. Examine their executable files for prevalence, whether they are located in expected locations, and if they are signed with valid digital signatures.\n- Identify the user account that performed the action and whether it should perform this kind of action.\n- Contact the account owner and confirm whether they are aware of this activity.\n- Investigate other alerts associated with the user/host during the past 48 hours.\n- Check if any files on the host machine have been encrypted.\n\n### False positive analysis\n\n- This activity is unlikely to happen legitimately. Benign true positives (B-TPs) can be added as exceptions if necessary.\n\n### Response and remediation\n\n- Initiate the incident response process based on the outcome of the triage.\n- Isolate the involved host to prevent further destructive behavior, which is commonly associated with this activity.\n- Investigate credential exposure on systems compromised or used by the attacker to ensure all compromised accounts are identified. Reset passwords for these accounts and other potentially compromised credentials, such as email, business systems, and web services.\n- Reimage the host operating system or restore it to the operational state.\n- If any other destructive action was identified on the host, it is recommended to prioritize the investigation and look for ransomware preparation and execution activities.\n- Run a full antimalware scan. This may reveal additional artifacts left in the system, persistence mechanisms, and malware components.\n- Determine the initial vector abused by the attacker and take action to prevent reinfection through the same vector.\n- Using the incident response data, update logging and audit policies to improve the mean time to detect (MTTD) and the mean time to respond (MTTR).\n## Triage and analysis\n\n### Investigating High Number of Process and/or Service Terminations\n\nAttackers can stop services and kill processes for a variety of purposes. For example, they can stop services associated with business applications and databases to release the lock on files used by these applications so they may be encrypted, or stop security and backup solutions, etc.\n\nThis rule identifies a high number (10) of service and/or process terminations (stop, delete, or suspend) from the same host within a short time period.\n\n#### Possible investigation steps\n\n- Investigate the script execution chain (parent process tree) for unknown processes. Examine their executable files for prevalence, whether they are located in expected locations, and if they are signed with valid digital signatures.\n- Identify the user account that performed the action and whether it should perform this kind of action.\n- Contact the account owner and confirm whether they are aware of this activity.\n- Investigate other alerts associated with the user/host during the past 48 hours.\n- Check if any files on the host machine have been encrypted.\n\n### False positive analysis\n\n- This activity is unlikely to happen legitimately. Benign true positives (B-TPs) can be added as exceptions if necessary.\n\n### Response and remediation\n\n- Initiate the incident response process based on the outcome of the triage.\n- Isolate the involved host to prevent further destructive behavior, which is commonly associated with this activity.\n- Investigate credential exposure on systems compromised or used by the attacker to ensure all compromised accounts are identified. Reset passwords for these accounts and other potentially compromised credentials, such as email, business systems, and web services.\n- Reimage the host operating system or restore it to the operational state.\n- If any other destructive action was identified on the host, it is recommended to prioritize the investigation and look for ransomware preparation and execution activities.\n- Run a full antimalware scan. This may reveal additional artifacts left in the system, persistence mechanisms, and malware components.\n- Determine the initial vector abused by the attacker and take action to prevent reinfection through the same vector.\n- Using the incident response data, update logging and audit policies to improve the mean time to detect (MTTD) and the mean time to respond (MTTR).\n## Triage and analysis\n\n### Investigating High Number of Process and/or Service Terminations\n\nAttackers can stop services and kill processes for a variety of purposes. For example, they can stop services associated with business applications and databases to release the lock on files used by these applications so they may be encrypted, or stop security and backup solutions, etc.\n\nThis rule identifies a high number (10) of service and/or process terminations (stop, delete, or suspend) from the same host within a short time period.\n\n#### Possible investigation steps\n\n- Investigate the script execution chain (parent process tree) for unknown processes. Examine their executable files for prevalence, whether they are located in expected locations, and if they are signed with valid digital signatures.\n- Identify the user account that performed the action and whether it should perform this kind of action.\n- Contact the account owner and confirm whether they are aware of this activity.\n- Investigate other alerts associated with the user/host during the past 48 hours.\n- Check if any files on the host machine have been encrypted.\n\n### False positive analysis\n\n- This activity is unlikely to happen legitimately. Benign true positives (B-TPs) can be added as exceptions if necessary.\n\n### Response and remediation\n\n- Initiate the incident response process based on the outcome of the triage.\n- Isolate the involved host to prevent further destructive behavior, which is commonly associated with this activity.\n- Investigate credential exposure on systems compromised or used by the attacker to ensure all compromised accounts are identified. Reset passwords for these accounts and other potentially compromised credentials, such as email, business systems, and web services.\n- Reimage the host operating system or restore it to the operational state.\n- If any other destructive action was identified on the host, it is recommended to prioritize the investigation and look for ransomware preparation and execution activities.\n- Run a full antimalware scan. This may reveal additional artifacts left in the system, persistence mechanisms, and malware components.\n- Determine the initial vector abused by the attacker and take action to prevent reinfection through the same vector.\n- Using the incident response data, update logging and audit policies to improve the mean time to detect (MTTD) and the mean time to respond (MTTR).\n## Triage and analysis\n\n### Investigating High Number of Process and/or Service Terminations\n\nAttackers can stop services and kill processes for a variety of purposes. For example, they can stop services associated with business applications and databases to release the lock on files used by these applications so they may be encrypted, or stop security and backup solutions, etc.\n\nThis rule identifies a high number (10) of service and/or process terminations (stop, delete, or suspend) from the same host within a short time period.\n\n#### Possible investigation steps\n\n- Investigate the script execution chain (parent process tree) for unknown processes. Examine their executable files for prevalence, whether they are located in expected locations, and if they are signed with valid digital signatures.\n- Identify the user account that performed the action and whether it should perform this kind of action.\n- Contact the account owner and confirm whether they are aware of this activity.\n- Investigate other alerts associated with the user/host during the past 48 hours.\n- Check if any files on the host machine have been encrypted.\n\n### False positive analysis\n\n- This activity is unlikely to happen legitimately. Benign true positives (B-TPs) can be added as exceptions if necessary.\n\n### Response and remediation\n\n- Initiate the incident response process based on the outcome of the triage.\n- Isolate the involved host to prevent further destructive behavior, which is commonly associated with this activity.\n- Investigate credential exposure on systems compromised or used by the attacker to ensure all compromised accounts are identified. Reset passwords for these accounts and other potentially compromised credentials, such as email, business systems, and web services.\n- Reimage the host operating system or restore it to the operational state.\n- If any other destructive action was identified on the host, it is recommended to prioritize the investigation and look for ransomware preparation and execution activities.\n- Run a full antimalware scan. This may reveal additional artifacts left in the system, persistence mechanisms, and malware components.\n- Determine the initial vector abused by the attacker and take action to prevent reinfection through the same vector.\n- Using the incident response data, update logging and audit policies to improve the mean time to detect (MTTD) and the mean time to respond (MTTR).\n## Triage and analysis\n\n### Investigating High Number of Process and/or Service Terminations\n\nAttackers can stop services and kill processes for a variety of purposes. For example, they can stop services associated with business applications and databases to release the lock on files used by these applications so they may be encrypted, or stop security and backup solutions, etc.\n\nThis rule identifies a high number (10) of service and/or process terminations (stop, delete, or suspend) from the same host within a short time period.\n\n#### Possible investigation steps\n\n- Investigate the script execution chain (parent process tree) for unknown processes. Examine their executable files for prevalence, whether they are located in expected locations, and if they are signed with valid digital signatures.\n- Identify the user account that performed the action and whether it should perform this kind of action.\n- Contact the account owner and confirm whether they are aware of this activity.\n- Investigate other alerts associated with the user/host during the past 48 hours.\n- Check if any files on the host machine have been encrypted.\n\n### False positive analysis\n\n- This activity is unlikely to happen legitimately. Benign true positives (B-TPs) can be added as exceptions if necessary.\n\n### Response and remediation\n\n- Initiate the incident response process based on the outcome of the triage.\n- Isolate the involved host to prevent further destructive behavior, which is commonly associated with this activity.\n- Investigate credential exposure on systems compromised or used by the attacker to ensure all compromised accounts are identified. Reset passwords for these accounts and other potentially compromised credentials, such as email, business systems, and web services.\n- Reimage the host operating system or restore it to the operational state.\n- If any other destructive action was identified on the host, it is recommended to prioritize the investigation and look for ransomware preparation and execution activities.\n- Run a full antimalware scan. This may reveal additional artifacts left in the system, persistence mechanisms, and malware components.\n- Determine the initial vector abused by the attacker and take action to prevent reinfection through the same vector.\n- Using the incident response data, update logging and audit policies to improve the mean time to detect (MTTD) and the mean time to respond (MTTR).\n## Triage and analysis\n\n### Investigating High Number of Process and/or Service Terminations\n\nAttackers can stop services and kill processes for a variety of purposes. For example, they can stop services associated with business applications and databases to release the lock on files used by these applications so they may be encrypted, or stop security and backup solutions, etc.\n\nThis rule identifies a high number (10) of service and/or process terminations (stop, delete, or suspend) from the same host within a short time period.\n\n#### Possible investigation steps\n\n- Investigate the script execution chain (parent process tree) for unknown processes. Examine their executable files for prevalence, whether they are located in expected locations, and if they are signed with valid digital signatures.\n- Identify the user account that performed the action and whether it should perform this kind of action.\n- Contact the account owner and confirm whether they are aware of this activity.\n- Investigate other alerts associated with the user/host during the past 48 hours.\n- Check if any files on the host machine have been encrypted.\n\n### False positive analysis\n\n- This activity is unlikely to happen legitimately. Benign true positives (B-TPs) can be added as exceptions if necessary.\n\n### Response and remediation\n\n- Initiate the incident response process based on the outcome of the triage.\n- Isolate the involved host to prevent further destructive behavior, which is commonly associated with this activity.\n- Investigate credential exposure on systems compromised or used by the attacker to ensure all compromised accounts are identified. Reset passwords for these accounts and other potentially compromised credentials, such as email, business systems, and web services.\n- Reimage the host operating system or restore it to the operational state.\n- If any other destructive action was identified on the host, it is recommended to prioritize the investigation and look for ransomware preparation and execution activities.\n- Run a full antimalware scan. This may reveal additional artifacts left in the system, persistence mechanisms, and malware components.\n- Determine the initial vector abused by the attacker and take action to prevent reinfection through the same vector.\n- Using the incident response data, update logging and audit policies to improve the mean time to detect (MTTD) and the mean time to respond (MTTR).\n';
+
+/**
+ * Investigation guide, extral large size, expected result of the algorithm applied to versions A, B, and C.
+ * Changes compared to version A:
+ * - "Triage and analysis" -> "Triage or analysis"
+ * - "Investigating High Number" -> "Investigating Low Number"
+ */
+export const TEXT_XL_MERGED =
+  '## Triage or analysis\n\n### Investigating Low Number of Process and/or Service Terminations\n\nAttackers can stop services and kill processes for a variety of purposes. For example, they can stop services associated with business applications and databases to release the lock on files used by these applications so they may be encrypted, or stop security and backup solutions, etc.\n\nThis rule identifies a high number (10) of service and/or process terminations (stop, delete, or suspend) from the same host within a short time period.\n\n#### Possible investigation steps\n\n- Investigate the script execution chain (parent process tree) for unknown processes. Examine their executable files for prevalence, whether they are located in expected locations, and if they are signed with valid digital signatures.\n- Identify the user account that performed the action and whether it should perform this kind of action.\n- Contact the account owner and confirm whether they are aware of this activity.\n- Investigate other alerts associated with the user/host during the past 48 hours.\n- Check if any files on the host machine have been encrypted.\n\n### False positive analysis\n\n- This activity is unlikely to happen legitimately. Benign true positives (B-TPs) can be added as exceptions if necessary.\n\n### Response and remediation\n\n- Initiate the incident response process based on the outcome of the triage.\n- Isolate the involved host to prevent further destructive behavior, which is commonly associated with this activity.\n- Investigate credential exposure on systems compromised or used by the attacker to ensure all compromised accounts are identified. Reset passwords for these accounts and other potentially compromised credentials, such as email, business systems, and web services.\n- Reimage the host operating system or restore it to the operational state.\n- If any other destructive action was identified on the host, it is recommended to prioritize the investigation and look for ransomware preparation and execution activities.\n- Run a full antimalware scan. This may reveal additional artifacts left in the system, persistence mechanisms, and malware components.\n- Determine the initial vector abused by the attacker and take action to prevent reinfection through the same vector.\n- Using the incident response data, update logging and audit policies to improve the mean time to detect (MTTD) and the mean time to respond (MTTR).\n## Triage and analysis\n\n### Investigating High Number of Process and/or Service Terminations\n\nAttackers can stop services and kill processes for a variety of purposes. For example, they can stop services associated with business applications and databases to release the lock on files used by these applications so they may be encrypted, or stop security and backup solutions, etc.\n\nThis rule identifies a high number (10) of service and/or process terminations (stop, delete, or suspend) from the same host within a short time period.\n\n#### Possible investigation steps\n\n- Investigate the script execution chain (parent process tree) for unknown processes. Examine their executable files for prevalence, whether they are located in expected locations, and if they are signed with valid digital signatures.\n- Identify the user account that performed the action and whether it should perform this kind of action.\n- Contact the account owner and confirm whether they are aware of this activity.\n- Investigate other alerts associated with the user/host during the past 48 hours.\n- Check if any files on the host machine have been encrypted.\n\n### False positive analysis\n\n- This activity is unlikely to happen legitimately. Benign true positives (B-TPs) can be added as exceptions if necessary.\n\n### Response and remediation\n\n- Initiate the incident response process based on the outcome of the triage.\n- Isolate the involved host to prevent further destructive behavior, which is commonly associated with this activity.\n- Investigate credential exposure on systems compromised or used by the attacker to ensure all compromised accounts are identified. Reset passwords for these accounts and other potentially compromised credentials, such as email, business systems, and web services.\n- Reimage the host operating system or restore it to the operational state.\n- If any other destructive action was identified on the host, it is recommended to prioritize the investigation and look for ransomware preparation and execution activities.\n- Run a full antimalware scan. This may reveal additional artifacts left in the system, persistence mechanisms, and malware components.\n- Determine the initial vector abused by the attacker and take action to prevent reinfection through the same vector.\n- Using the incident response data, update logging and audit policies to improve the mean time to detect (MTTD) and the mean time to respond (MTTR).\n## Triage and analysis\n\n### Investigating High Number of Process and/or Service Terminations\n\nAttackers can stop services and kill processes for a variety of purposes. For example, they can stop services associated with business applications and databases to release the lock on files used by these applications so they may be encrypted, or stop security and backup solutions, etc.\n\nThis rule identifies a high number (10) of service and/or process terminations (stop, delete, or suspend) from the same host within a short time period.\n\n#### Possible investigation steps\n\n- Investigate the script execution chain (parent process tree) for unknown processes. Examine their executable files for prevalence, whether they are located in expected locations, and if they are signed with valid digital signatures.\n- Identify the user account that performed the action and whether it should perform this kind of action.\n- Contact the account owner and confirm whether they are aware of this activity.\n- Investigate other alerts associated with the user/host during the past 48 hours.\n- Check if any files on the host machine have been encrypted.\n\n### False positive analysis\n\n- This activity is unlikely to happen legitimately. Benign true positives (B-TPs) can be added as exceptions if necessary.\n\n### Response and remediation\n\n- Initiate the incident response process based on the outcome of the triage.\n- Isolate the involved host to prevent further destructive behavior, which is commonly associated with this activity.\n- Investigate credential exposure on systems compromised or used by the attacker to ensure all compromised accounts are identified. Reset passwords for these accounts and other potentially compromised credentials, such as email, business systems, and web services.\n- Reimage the host operating system or restore it to the operational state.\n- If any other destructive action was identified on the host, it is recommended to prioritize the investigation and look for ransomware preparation and execution activities.\n- Run a full antimalware scan. This may reveal additional artifacts left in the system, persistence mechanisms, and malware components.\n- Determine the initial vector abused by the attacker and take action to prevent reinfection through the same vector.\n- Using the incident response data, update logging and audit policies to improve the mean time to detect (MTTD) and the mean time to respond (MTTR).\n## Triage and analysis\n\n### Investigating High Number of Process and/or Service Terminations\n\nAttackers can stop services and kill processes for a variety of purposes. For example, they can stop services associated with business applications and databases to release the lock on files used by these applications so they may be encrypted, or stop security and backup solutions, etc.\n\nThis rule identifies a high number (10) of service and/or process terminations (stop, delete, or suspend) from the same host within a short time period.\n\n#### Possible investigation steps\n\n- Investigate the script execution chain (parent process tree) for unknown processes. Examine their executable files for prevalence, whether they are located in expected locations, and if they are signed with valid digital signatures.\n- Identify the user account that performed the action and whether it should perform this kind of action.\n- Contact the account owner and confirm whether they are aware of this activity.\n- Investigate other alerts associated with the user/host during the past 48 hours.\n- Check if any files on the host machine have been encrypted.\n\n### False positive analysis\n\n- This activity is unlikely to happen legitimately. Benign true positives (B-TPs) can be added as exceptions if necessary.\n\n### Response and remediation\n\n- Initiate the incident response process based on the outcome of the triage.\n- Isolate the involved host to prevent further destructive behavior, which is commonly associated with this activity.\n- Investigate credential exposure on systems compromised or used by the attacker to ensure all compromised accounts are identified. Reset passwords for these accounts and other potentially compromised credentials, such as email, business systems, and web services.\n- Reimage the host operating system or restore it to the operational state.\n- If any other destructive action was identified on the host, it is recommended to prioritize the investigation and look for ransomware preparation and execution activities.\n- Run a full antimalware scan. This may reveal additional artifacts left in the system, persistence mechanisms, and malware components.\n- Determine the initial vector abused by the attacker and take action to prevent reinfection through the same vector.\n- Using the incident response data, update logging and audit policies to improve the mean time to detect (MTTD) and the mean time to respond (MTTR).\n## Triage and analysis\n\n### Investigating High Number of Process and/or Service Terminations\n\nAttackers can stop services and kill processes for a variety of purposes. For example, they can stop services associated with business applications and databases to release the lock on files used by these applications so they may be encrypted, or stop security and backup solutions, etc.\n\nThis rule identifies a high number (10) of service and/or process terminations (stop, delete, or suspend) from the same host within a short time period.\n\n#### Possible investigation steps\n\n- Investigate the script execution chain (parent process tree) for unknown processes. Examine their executable files for prevalence, whether they are located in expected locations, and if they are signed with valid digital signatures.\n- Identify the user account that performed the action and whether it should perform this kind of action.\n- Contact the account owner and confirm whether they are aware of this activity.\n- Investigate other alerts associated with the user/host during the past 48 hours.\n- Check if any files on the host machine have been encrypted.\n\n### False positive analysis\n\n- This activity is unlikely to happen legitimately. Benign true positives (B-TPs) can be added as exceptions if necessary.\n\n### Response and remediation\n\n- Initiate the incident response process based on the outcome of the triage.\n- Isolate the involved host to prevent further destructive behavior, which is commonly associated with this activity.\n- Investigate credential exposure on systems compromised or used by the attacker to ensure all compromised accounts are identified. Reset passwords for these accounts and other potentially compromised credentials, such as email, business systems, and web services.\n- Reimage the host operating system or restore it to the operational state.\n- If any other destructive action was identified on the host, it is recommended to prioritize the investigation and look for ransomware preparation and execution activities.\n- Run a full antimalware scan. This may reveal additional artifacts left in the system, persistence mechanisms, and malware components.\n- Determine the initial vector abused by the attacker and take action to prevent reinfection through the same vector.\n- Using the incident response data, update logging and audit policies to improve the mean time to detect (MTTD) and the mean time to respond (MTTR).\n## Triage and analysis\n\n### Investigating High Number of Process and/or Service Terminations\n\nAttackers can stop services and kill processes for a variety of purposes. For example, they can stop services associated with business applications and databases to release the lock on files used by these applications so they may be encrypted, or stop security and backup solutions, etc.\n\nThis rule identifies a high number (10) of service and/or process terminations (stop, delete, or suspend) from the same host within a short time period.\n\n#### Possible investigation steps\n\n- Investigate the script execution chain (parent process tree) for unknown processes. Examine their executable files for prevalence, whether they are located in expected locations, and if they are signed with valid digital signatures.\n- Identify the user account that performed the action and whether it should perform this kind of action.\n- Contact the account owner and confirm whether they are aware of this activity.\n- Investigate other alerts associated with the user/host during the past 48 hours.\n- Check if any files on the host machine have been encrypted.\n\n### False positive analysis\n\n- This activity is unlikely to happen legitimately. Benign true positives (B-TPs) can be added as exceptions if necessary.\n\n### Response and remediation\n\n- Initiate the incident response process based on the outcome of the triage.\n- Isolate the involved host to prevent further destructive behavior, which is commonly associated with this activity.\n- Investigate credential exposure on systems compromised or used by the attacker to ensure all compromised accounts are identified. Reset passwords for these accounts and other potentially compromised credentials, such as email, business systems, and web services.\n- Reimage the host operating system or restore it to the operational state.\n- If any other destructive action was identified on the host, it is recommended to prioritize the investigation and look for ransomware preparation and execution activities.\n- Run a full antimalware scan. This may reveal additional artifacts left in the system, persistence mechanisms, and malware components.\n- Determine the initial vector abused by the attacker and take action to prevent reinfection through the same vector.\n- Using the incident response data, update logging and audit policies to improve the mean time to detect (MTTD) and the mean time to respond (MTTR).\n## Triage and analysis\n\n### Investigating High Number of Process and/or Service Terminations\n\nAttackers can stop services and kill processes for a variety of purposes. For example, they can stop services associated with business applications and databases to release the lock on files used by these applications so they may be encrypted, or stop security and backup solutions, etc.\n\nThis rule identifies a high number (10) of service and/or process terminations (stop, delete, or suspend) from the same host within a short time period.\n\n#### Possible investigation steps\n\n- Investigate the script execution chain (parent process tree) for unknown processes. Examine their executable files for prevalence, whether they are located in expected locations, and if they are signed with valid digital signatures.\n- Identify the user account that performed the action and whether it should perform this kind of action.\n- Contact the account owner and confirm whether they are aware of this activity.\n- Investigate other alerts associated with the user/host during the past 48 hours.\n- Check if any files on the host machine have been encrypted.\n\n### False positive analysis\n\n- This activity is unlikely to happen legitimately. Benign true positives (B-TPs) can be added as exceptions if necessary.\n\n### Response and remediation\n\n- Initiate the incident response process based on the outcome of the triage.\n- Isolate the involved host to prevent further destructive behavior, which is commonly associated with this activity.\n- Investigate credential exposure on systems compromised or used by the attacker to ensure all compromised accounts are identified. Reset passwords for these accounts and other potentially compromised credentials, such as email, business systems, and web services.\n- Reimage the host operating system or restore it to the operational state.\n- If any other destructive action was identified on the host, it is recommended to prioritize the investigation and look for ransomware preparation and execution activities.\n- Run a full antimalware scan. This may reveal additional artifacts left in the system, persistence mechanisms, and malware components.\n- Determine the initial vector abused by the attacker and take action to prevent reinfection through the same vector.\n- Using the incident response data, update logging and audit policies to improve the mean time to detect (MTTD) and the mean time to respond (MTTR).\n## Triage and analysis\n\n### Investigating High Number of Process and/or Service Terminations\n\nAttackers can stop services and kill processes for a variety of purposes. For example, they can stop services associated with business applications and databases to release the lock on files used by these applications so they may be encrypted, or stop security and backup solutions, etc.\n\nThis rule identifies a high number (10) of service and/or process terminations (stop, delete, or suspend) from the same host within a short time period.\n\n#### Possible investigation steps\n\n- Investigate the script execution chain (parent process tree) for unknown processes. Examine their executable files for prevalence, whether they are located in expected locations, and if they are signed with valid digital signatures.\n- Identify the user account that performed the action and whether it should perform this kind of action.\n- Contact the account owner and confirm whether they are aware of this activity.\n- Investigate other alerts associated with the user/host during the past 48 hours.\n- Check if any files on the host machine have been encrypted.\n\n### False positive analysis\n\n- This activity is unlikely to happen legitimately. Benign true positives (B-TPs) can be added as exceptions if necessary.\n\n### Response and remediation\n\n- Initiate the incident response process based on the outcome of the triage.\n- Isolate the involved host to prevent further destructive behavior, which is commonly associated with this activity.\n- Investigate credential exposure on systems compromised or used by the attacker to ensure all compromised accounts are identified. Reset passwords for these accounts and other potentially compromised credentials, such as email, business systems, and web services.\n- Reimage the host operating system or restore it to the operational state.\n- If any other destructive action was identified on the host, it is recommended to prioritize the investigation and look for ransomware preparation and execution activities.\n- Run a full antimalware scan. This may reveal additional artifacts left in the system, persistence mechanisms, and malware components.\n- Determine the initial vector abused by the attacker and take action to prevent reinfection through the same vector.\n- Using the incident response data, update logging and audit policies to improve the mean time to detect (MTTD) and the mean time to respond (MTTR).\n## Triage and analysis\n\n### Investigating High Number of Process and/or Service Terminations\n\nAttackers can stop services and kill processes for a variety of purposes. For example, they can stop services associated with business applications and databases to release the lock on files used by these applications so they may be encrypted, or stop security and backup solutions, etc.\n\nThis rule identifies a high number (10) of service and/or process terminations (stop, delete, or suspend) from the same host within a short time period.\n\n#### Possible investigation steps\n\n- Investigate the script execution chain (parent process tree) for unknown processes. Examine their executable files for prevalence, whether they are located in expected locations, and if they are signed with valid digital signatures.\n- Identify the user account that performed the action and whether it should perform this kind of action.\n- Contact the account owner and confirm whether they are aware of this activity.\n- Investigate other alerts associated with the user/host during the past 48 hours.\n- Check if any files on the host machine have been encrypted.\n\n### False positive analysis\n\n- This activity is unlikely to happen legitimately. Benign true positives (B-TPs) can be added as exceptions if necessary.\n\n### Response and remediation\n\n- Initiate the incident response process based on the outcome of the triage.\n- Isolate the involved host to prevent further destructive behavior, which is commonly associated with this activity.\n- Investigate credential exposure on systems compromised or used by the attacker to ensure all compromised accounts are identified. Reset passwords for these accounts and other potentially compromised credentials, such as email, business systems, and web services.\n- Reimage the host operating system or restore it to the operational state.\n- If any other destructive action was identified on the host, it is recommended to prioritize the investigation and look for ransomware preparation and execution activities.\n- Run a full antimalware scan. This may reveal additional artifacts left in the system, persistence mechanisms, and malware components.\n- Determine the initial vector abused by the attacker and take action to prevent reinfection through the same vector.\n- Using the incident response data, update logging and audit policies to improve the mean time to detect (MTTD) and the mean time to respond (MTTR).\n## Triage and analysis\n\n### Investigating High Number of Process and/or Service Terminations\n\nAttackers can stop services and kill processes for a variety of purposes. For example, they can stop services associated with business applications and databases to release the lock on files used by these applications so they may be encrypted, or stop security and backup solutions, etc.\n\nThis rule identifies a high number (10) of service and/or process terminations (stop, delete, or suspend) from the same host within a short time period.\n\n#### Possible investigation steps\n\n- Investigate the script execution chain (parent process tree) for unknown processes. Examine their executable files for prevalence, whether they are located in expected locations, and if they are signed with valid digital signatures.\n- Identify the user account that performed the action and whether it should perform this kind of action.\n- Contact the account owner and confirm whether they are aware of this activity.\n- Investigate other alerts associated with the user/host during the past 48 hours.\n- Check if any files on the host machine have been encrypted.\n\n### False positive analysis\n\n- This activity is unlikely to happen legitimately. Benign true positives (B-TPs) can be added as exceptions if necessary.\n\n### Response and remediation\n\n- Initiate the incident response process based on the outcome of the triage.\n- Isolate the involved host to prevent further destructive behavior, which is commonly associated with this activity.\n- Investigate credential exposure on systems compromised or used by the attacker to ensure all compromised accounts are identified. Reset passwords for these accounts and other potentially compromised credentials, such as email, business systems, and web services.\n- Reimage the host operating system or restore it to the operational state.\n- If any other destructive action was identified on the host, it is recommended to prioritize the investigation and look for ransomware preparation and execution activities.\n- Run a full antimalware scan. This may reveal additional artifacts left in the system, persistence mechanisms, and malware components.\n- Determine the initial vector abused by the attacker and take action to prevent reinfection through the same vector.\n- Using the incident response data, update logging and audit policies to improve the mean time to detect (MTTD) and the mean time to respond (MTTR).\n';
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/logic/diff/calculation/algorithms/multi_line_string_diff_algorithm.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/logic/diff/calculation/algorithms/multi_line_string_diff_algorithm.test.ts
index dd1d6abaa04b0..72e87fde6ca2f 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/logic/diff/calculation/algorithms/multi_line_string_diff_algorithm.test.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/logic/diff/calculation/algorithms/multi_line_string_diff_algorithm.test.ts
@@ -13,13 +13,23 @@ import {
   ThreeWayDiffConflict,
 } from '../../../../../../../../common/api/detection_engine';
 import { multiLineStringDiffAlgorithm } from './multi_line_string_diff_algorithm';
+import {
+  TEXT_M_A,
+  TEXT_M_B,
+  TEXT_M_C,
+  TEXT_M_MERGED,
+  TEXT_XL_A,
+  TEXT_XL_B,
+  TEXT_XL_C,
+  TEXT_XL_MERGED,
+} from './multi_line_string_diff_algorithm.mock';
 
 describe('multiLineStringDiffAlgorithm', () => {
   it('returns current_version as merged output if there is no update - scenario AAA', () => {
     const mockVersions: ThreeVersionsOf<string> = {
-      base_version: 'My description.\nThis is a second line.',
-      current_version: 'My description.\nThis is a second line.',
-      target_version: 'My description.\nThis is a second line.',
+      base_version: TEXT_M_A,
+      current_version: TEXT_M_A,
+      target_version: TEXT_M_A,
     };
 
     const result = multiLineStringDiffAlgorithm(mockVersions);
@@ -36,9 +46,9 @@ describe('multiLineStringDiffAlgorithm', () => {
 
   it('returns current_version as merged output if current_version is different and there is no update - scenario ABA', () => {
     const mockVersions: ThreeVersionsOf<string> = {
-      base_version: 'My description.\nThis is a second line.',
-      current_version: 'My GREAT description.\nThis is a second line.',
-      target_version: 'My description.\nThis is a second line.',
+      base_version: TEXT_M_A,
+      current_version: TEXT_M_B,
+      target_version: TEXT_M_A,
     };
 
     const result = multiLineStringDiffAlgorithm(mockVersions);
@@ -55,9 +65,9 @@ describe('multiLineStringDiffAlgorithm', () => {
 
   it('returns target_version as merged output if current_version is the same and there is an update - scenario AAB', () => {
     const mockVersions: ThreeVersionsOf<string> = {
-      base_version: 'My description.\nThis is a second line.',
-      current_version: 'My description.\nThis is a second line.',
-      target_version: 'My GREAT description.\nThis is a second line.',
+      base_version: TEXT_M_A,
+      current_version: TEXT_M_A,
+      target_version: TEXT_M_B,
     };
 
     const result = multiLineStringDiffAlgorithm(mockVersions);
@@ -74,9 +84,9 @@ describe('multiLineStringDiffAlgorithm', () => {
 
   it('returns current_version as merged output if current version is different but it matches the update - scenario ABB', () => {
     const mockVersions: ThreeVersionsOf<string> = {
-      base_version: 'My description.\nThis is a second line.',
-      current_version: 'My GREAT description.\nThis is a second line.',
-      target_version: 'My GREAT description.\nThis is a second line.',
+      base_version: TEXT_M_A,
+      current_version: TEXT_M_B,
+      target_version: TEXT_M_B,
     };
 
     const result = multiLineStringDiffAlgorithm(mockVersions);
@@ -92,20 +102,39 @@ describe('multiLineStringDiffAlgorithm', () => {
   });
 
   describe('if all three versions are different - scenario ABC', () => {
-    it('returns a computated merged version without a conflict if 3 way merge is possible', () => {
+    it('returns a computated merged version with a solvable conflict if 3 way merge is possible (real-world example)', () => {
       const mockVersions: ThreeVersionsOf<string> = {
-        base_version: `My description.\f\nThis is a second\u2001 line.\f\nThis is a third line.`,
-        current_version: `My GREAT description.\f\nThis is a second\u2001 line.\f\nThis is a third line.`,
-        target_version: `My description.\f\nThis is a second\u2001 line.\f\nThis is a GREAT line.`,
+        base_version: TEXT_M_A,
+        current_version: TEXT_M_B,
+        target_version: TEXT_M_C,
       };
 
-      const expectedMergedVersion = `My GREAT description.\f\nThis is a second\u2001 line.\f\nThis is a GREAT line.`;
+      const result = multiLineStringDiffAlgorithm(mockVersions);
+
+      expect(result).toEqual(
+        expect.objectContaining({
+          merged_version: TEXT_M_MERGED,
+          diff_outcome: ThreeWayDiffOutcome.CustomizedValueCanUpdate,
+          conflict: ThreeWayDiffConflict.SOLVABLE,
+          merge_outcome: ThreeWayMergeOutcome.Merged,
+        })
+      );
+    });
+
+    it('returns a computated merged version with a solvable conflict if 3 way merge is possible (simplified example)', () => {
+      // 3 way merge is possible when changes are made to different lines of text
+      // (in other words, there are no different changes made to the same line of text).
+      const mockVersions: ThreeVersionsOf<string> = {
+        base_version: 'My description.\nThis is a second line.',
+        current_version: 'My MODIFIED description.\nThis is a second line.',
+        target_version: 'My description.\nThis is a MODIFIED second line.',
+      };
 
       const result = multiLineStringDiffAlgorithm(mockVersions);
 
       expect(result).toEqual(
         expect.objectContaining({
-          merged_version: expectedMergedVersion,
+          merged_version: 'My MODIFIED description.\nThis is a MODIFIED second line.',
           diff_outcome: ThreeWayDiffOutcome.CustomizedValueCanUpdate,
           conflict: ThreeWayDiffConflict.SOLVABLE,
           merge_outcome: ThreeWayMergeOutcome.Merged,
@@ -113,11 +142,13 @@ describe('multiLineStringDiffAlgorithm', () => {
       );
     });
 
-    it('returns the current_version with a conflict if 3 way merge is not possible', () => {
+    it('returns the current_version with a non-solvable conflict if 3 way merge is not possible (simplified example)', () => {
+      // It's enough to have different changes made to the same line of text
+      // to trigger a NON_SOLVABLE conflict. This behavior is similar to how Git works.
       const mockVersions: ThreeVersionsOf<string> = {
         base_version: 'My description.\nThis is a second line.',
-        current_version: 'My GREAT description.\nThis is a third line.',
-        target_version: 'My EXCELLENT description.\nThis is a fourth.',
+        current_version: 'My GREAT description.\nThis is a second line.',
+        target_version: 'My EXCELLENT description.\nThis is a second line.',
       };
 
       const result = multiLineStringDiffAlgorithm(mockVersions);
@@ -131,14 +162,39 @@ describe('multiLineStringDiffAlgorithm', () => {
         })
       );
     });
+
+    it('does not exceed performance limits when diffing and merging extra large input texts', () => {
+      const mockVersions: ThreeVersionsOf<string> = {
+        base_version: TEXT_XL_A,
+        current_version: TEXT_XL_B,
+        target_version: TEXT_XL_C,
+      };
+
+      const startTime = performance.now();
+      const result = multiLineStringDiffAlgorithm(mockVersions);
+      const endTime = performance.now();
+
+      // If the regex merge in this function takes over 500ms, this test fails
+      // Performance measurements: https://github.com/elastic/kibana/pull/199388
+      expect(endTime - startTime).toBeLessThan(500);
+
+      expect(result).toEqual(
+        expect.objectContaining({
+          merged_version: TEXT_XL_MERGED,
+          diff_outcome: ThreeWayDiffOutcome.CustomizedValueCanUpdate,
+          conflict: ThreeWayDiffConflict.SOLVABLE,
+          merge_outcome: ThreeWayMergeOutcome.Merged,
+        })
+      );
+    });
   });
 
   describe('if base_version is missing', () => {
     it('returns current_version as merged output if current_version and target_version are the same - scenario -AA', () => {
       const mockVersions: ThreeVersionsOf<string> = {
         base_version: MissingVersion,
-        current_version: 'My description.\nThis is a second line.',
-        target_version: 'My description.\nThis is a second line.',
+        current_version: TEXT_M_A,
+        target_version: TEXT_M_A,
       };
 
       const result = multiLineStringDiffAlgorithm(mockVersions);
@@ -158,8 +214,8 @@ describe('multiLineStringDiffAlgorithm', () => {
     it('returns target_version as merged output if current_version and target_version are different - scenario -AB', () => {
       const mockVersions: ThreeVersionsOf<string> = {
         base_version: MissingVersion,
-        current_version: `My GREAT description.\nThis is a second line.`,
-        target_version: `My description.\nThis is a second line, now longer.`,
+        current_version: TEXT_M_A,
+        target_version: TEXT_M_B,
       };
 
       const result = multiLineStringDiffAlgorithm(mockVersions);
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/logic/diff/calculation/algorithms/multi_line_string_diff_algorithm.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/logic/diff/calculation/algorithms/multi_line_string_diff_algorithm.ts
index ab830d1b7fc14..e09d8e110bff0 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/logic/diff/calculation/algorithms/multi_line_string_diff_algorithm.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/logic/diff/calculation/algorithms/multi_line_string_diff_algorithm.ts
@@ -102,7 +102,7 @@ const mergeVersions = ({
       // TS does not realize that in ABC scenario, baseVersion cannot be missing
       // Missing baseVersion scenarios were handled as -AA and -AB.
       const mergedVersion = merge(currentVersion, baseVersion ?? '', targetVersion, {
-        stringSeparator: /(\S+|\s+)/g, // Retains all whitespace, which we keep to preserve formatting
+        stringSeparator: /(\r\n|\n|\r)/g, // Separates strings by new lines
       });
 
       return mergedVersion.conflict
diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/asset_criticality_data_client.test.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/asset_criticality_data_client.test.ts
index 75ec685a4756e..0907af8fa92d5 100644
--- a/x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/asset_criticality_data_client.test.ts
+++ b/x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/asset_criticality_data_client.test.ts
@@ -6,10 +6,12 @@
  */
 
 import { loggingSystemMock, elasticsearchServiceMock } from '@kbn/core/server/mocks';
+import { Readable } from 'stream';
 import { AssetCriticalityDataClient } from './asset_criticality_data_client';
 import { createOrUpdateIndex } from '../utils/create_or_update_index';
 import { auditLoggerMock } from '@kbn/security-plugin/server/audit/mocks';
 import type { AssetCriticalityUpsert } from '../../../../common/entity_analytics/asset_criticality/types';
+import type { ElasticsearchClientMock } from '@kbn/core-elasticsearch-client-server-mocks';
 
 type MockInternalEsClient = ReturnType<
   typeof elasticsearchServiceMock.createScopedClusterClient
@@ -264,4 +266,84 @@ describe('AssetCriticalityDataClient', () => {
       );
     });
   });
+
+  describe('#bulkUpsertFromStream()', () => {
+    let esClientMock: MockInternalEsClient;
+    let loggerMock: ReturnType<typeof loggingSystemMock.createLogger>;
+    let subject: AssetCriticalityDataClient;
+
+    beforeEach(() => {
+      esClientMock = elasticsearchServiceMock.createScopedClusterClient().asInternalUser;
+
+      esClientMock.helpers.bulk = mockEsBulk();
+      loggerMock = loggingSystemMock.createLogger();
+      subject = new AssetCriticalityDataClient({
+        esClient: esClientMock,
+        logger: loggerMock,
+        namespace: 'default',
+        auditLogger: mockAuditLogger,
+      });
+    });
+
+    it('returns valid stats', async () => {
+      const recordsStream = [
+        { idField: 'host.name', idValue: 'host1', criticalityLevel: 'high_impact' },
+      ];
+
+      const result = await subject.bulkUpsertFromStream({
+        recordsStream: Readable.from(recordsStream),
+        retries: 3,
+        flushBytes: 1_000,
+      });
+
+      expect(result).toEqual({
+        errors: [],
+        stats: {
+          failed: 0,
+          successful: 1,
+          total: 1,
+        },
+      });
+    });
+
+    it('returns error for duplicated entities', async () => {
+      const recordsStream = [
+        { idField: 'host.name', idValue: 'host1', criticalityLevel: 'high_impact' },
+        { idField: 'host.name', idValue: 'host1', criticalityLevel: 'high_impact' },
+      ];
+
+      const result = await subject.bulkUpsertFromStream({
+        recordsStream: Readable.from(recordsStream),
+        retries: 3,
+        flushBytes: 1_000,
+        streamIndexStart: 9,
+      });
+
+      expect(result).toEqual({
+        errors: [
+          {
+            index: 10,
+            message: 'Duplicated entity',
+          },
+        ],
+        stats: {
+          failed: 1,
+          successful: 1,
+          total: 2,
+        },
+      });
+    });
+  });
 });
+
+const mockEsBulk = () =>
+  jest.fn().mockImplementation(async ({ datasource }) => {
+    let count = 0;
+    for await (const _ of datasource) {
+      count++;
+    }
+    return {
+      failed: 0,
+      successful: count,
+    };
+  }) as unknown as ElasticsearchClientMock['helpers']['bulk'];
diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/asset_criticality_data_client.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/asset_criticality_data_client.ts
index b957030f2c8e5..b4d7e2f492eb8 100644
--- a/x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/asset_criticality_data_client.ts
+++ b/x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/asset_criticality_data_client.ts
@@ -35,6 +35,10 @@ type AssetCriticalityIdParts = Pick<AssetCriticalityUpsert, 'idField' | 'idValue
 
 type BulkUpsertFromStreamOptions = {
   recordsStream: NodeJS.ReadableStream;
+  /**
+   * The index number for the first stream element. By default the errors are zero-indexed.
+   */
+  streamIndexStart?: number;
 } & Pick<Parameters<ElasticsearchClient['helpers']['bulk']>[0], 'flushBytes' | 'retries'>;
 
 type StoredAssetCriticalityRecord = {
@@ -236,6 +240,7 @@ export class AssetCriticalityDataClient {
    * @param recordsStream a stream of records to upsert, records may also be an error e.g if there was an error parsing
    * @param flushBytes how big elasticsearch bulk requests should be before they are sent
    * @param retries the number of times to retry a failed bulk request
+   * @param streamIndexStart By default the errors are zero-indexed. You can change it by setting this param to a value like `1`. It could be useful for file upload.
    * @returns an object containing the number of records updated, created, errored, and the total number of records processed
    * @throws an error if the stream emits an error
    * @remarks
@@ -248,6 +253,7 @@ export class AssetCriticalityDataClient {
     recordsStream,
     flushBytes,
     retries,
+    streamIndexStart = 0,
   }: BulkUpsertFromStreamOptions): Promise<BulkUpsertAssetCriticalityRecordsResponse> => {
     const errors: BulkUpsertAssetCriticalityRecordsResponse['errors'] = [];
     const stats: BulkUpsertAssetCriticalityRecordsResponse['stats'] = {
@@ -256,10 +262,13 @@ export class AssetCriticalityDataClient {
       total: 0,
     };
 
-    let streamIndex = 0;
+    let streamIndex = streamIndexStart;
     const recordGenerator = async function* () {
+      const processedEntities = new Set<string>();
+
       for await (const untypedRecord of recordsStream) {
         const record = untypedRecord as unknown as AssetCriticalityUpsert | Error;
+
         stats.total++;
         if (record instanceof Error) {
           stats.failed++;
@@ -268,10 +277,20 @@ export class AssetCriticalityDataClient {
             index: streamIndex,
           });
         } else {
-          yield {
-            record,
-            index: streamIndex,
-          };
+          const entityKey = `${record.idField}-${record.idValue}`;
+          if (processedEntities.has(entityKey)) {
+            errors.push({
+              message: 'Duplicated entity',
+              index: streamIndex,
+            });
+            stats.failed++;
+          } else {
+            processedEntities.add(entityKey);
+            yield {
+              record,
+              index: streamIndex,
+            };
+          }
         }
         streamIndex++;
       }
diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/routes/upload_csv.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/routes/upload_csv.ts
index dccf24d161054..22dba4bf321c7 100644
--- a/x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/routes/upload_csv.ts
+++ b/x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/routes/upload_csv.ts
@@ -102,6 +102,7 @@ export const assetCriticalityPublicCSVUploadRoute = (
             recordsStream,
             retries: errorRetries,
             flushBytes: maxBulkRequestBodySizeBytes,
+            streamIndexStart: 1, // It is the first line number
           });
           const end = new Date();
 
diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/entity_store_data_client.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/entity_store_data_client.ts
index d1d56aa0e08cb..7413c365b5da6 100644
--- a/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/entity_store_data_client.ts
+++ b/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/entity_store_data_client.ts
@@ -101,7 +101,7 @@ export class EntityStoreDataClient {
     this.esClient = clusterClient.asCurrentUser;
 
     this.entityClient = new EntityClient({
-      clusterClient,
+      esClient: this.esClient,
       soClient,
       logger,
     });
diff --git a/x-pack/plugins/security_solution/server/plugin.ts b/x-pack/plugins/security_solution/server/plugin.ts
index 5b43aabbd0b62..087e3b8c3f05e 100644
--- a/x-pack/plugins/security_solution/server/plugin.ts
+++ b/x-pack/plugins/security_solution/server/plugin.ts
@@ -120,7 +120,7 @@ import {
   allRiskScoreIndexPattern,
 } from '../common/entity_analytics/risk_engine';
 import { isEndpointPackageV2 } from '../common/endpoint/utils/package_v2';
-import { getAssistantTools } from './assistant/tools';
+import { assistantTools } from './assistant/tools';
 import { turnOffAgentPolicyFeatures } from './endpoint/migrations/turn_off_agent_policy_features';
 import { getCriblPackagePolicyPostCreateOrUpdateCallback } from './security_integrations';
 import { scheduleEntityAnalyticsMigration } from './lib/entity_analytics/migrations';
@@ -554,15 +554,8 @@ export class Plugin implements ISecuritySolutionPlugin {
     this.licensing$ = plugins.licensing.license$;
 
     // Assistant Tool and Feature Registration
-    plugins.elasticAssistant.registerTools(
-      APP_UI_ID,
-      getAssistantTools({
-        assistantKnowledgeBaseByDefault:
-          config.experimentalFeatures.assistantKnowledgeBaseByDefault,
-      })
-    );
+    plugins.elasticAssistant.registerTools(APP_UI_ID, assistantTools);
     const features = {
-      assistantKnowledgeBaseByDefault: config.experimentalFeatures.assistantKnowledgeBaseByDefault,
       assistantModelEvaluation: config.experimentalFeatures.assistantModelEvaluation,
     };
     plugins.elasticAssistant.registerFeatures(APP_UI_ID, features);
diff --git a/x-pack/plugins/security_solution/tsconfig.json b/x-pack/plugins/security_solution/tsconfig.json
index 62b77b7c02f18..c0b84c2b70a84 100644
--- a/x-pack/plugins/security_solution/tsconfig.json
+++ b/x-pack/plugins/security_solution/tsconfig.json
@@ -229,5 +229,6 @@
     "@kbn/core-lifecycle-server",
     "@kbn/core-user-profile-common",
     "@kbn/langchain",
+    "@kbn/react-hooks"
   ]
 }
diff --git a/x-pack/plugins/spaces/public/nav_control/components/spaces_menu.tsx b/x-pack/plugins/spaces/public/nav_control/components/spaces_menu.tsx
index 29d360fe91f3f..3a055fabd2cbf 100644
--- a/x-pack/plugins/spaces/public/nav_control/components/spaces_menu.tsx
+++ b/x-pack/plugins/spaces/public/nav_control/components/spaces_menu.tsx
@@ -117,7 +117,7 @@ class SpacesMenuUI extends Component<Props> {
               <EuiPopoverTitle paddingSize="s">
                 {search ||
                   i18n.translate('xpack.spaces.navControl.spacesMenu.selectSpacesTitle', {
-                    defaultMessage: 'Your spaces',
+                    defaultMessage: 'Spaces',
                   })}
               </EuiPopoverTitle>
               {list}
diff --git a/x-pack/plugins/spaces/public/nav_control/nav_control_popover.tsx b/x-pack/plugins/spaces/public/nav_control/nav_control_popover.tsx
index cd08ff87e1a55..31a721e4b02ec 100644
--- a/x-pack/plugins/spaces/public/nav_control/nav_control_popover.tsx
+++ b/x-pack/plugins/spaces/public/nav_control/nav_control_popover.tsx
@@ -97,7 +97,7 @@ class NavControlPopoverUI extends Component<Props, State> {
     const isTourOpen = Boolean(activeSpace) && this.state.showTour && !this.state.showSpaceSelector;
 
     let element: React.ReactNode;
-    if (this.state.loading || this.state.spaces.length < 2) {
+    if (this.state.loading) {
       element = (
         <SpacesDescription
           id={popoutContentId}
diff --git a/x-pack/plugins/stack_connectors/public/connector_types/openai/connector.tsx b/x-pack/plugins/stack_connectors/public/connector_types/openai/connector.tsx
index 27cbb9a4dac08..7bcb818893087 100644
--- a/x-pack/plugins/stack_connectors/public/connector_types/openai/connector.tsx
+++ b/x-pack/plugins/stack_connectors/public/connector_types/openai/connector.tsx
@@ -63,7 +63,7 @@ const ConnectorFields: React.FC<ActionConnectorFieldsProps> = ({ readOnly, isEdi
             'data-test-subj': 'config.apiProvider-select',
             options: providerOptions,
             fullWidth: true,
-            hasNoInitialSelection: true,
+            hasNoInitialSelection: false,
             disabled: readOnly,
             readOnly,
           },
diff --git a/x-pack/plugins/streams/README.md b/x-pack/plugins/streams/README.md
new file mode 100644
index 0000000000000..9a3539a33535d
--- /dev/null
+++ b/x-pack/plugins/streams/README.md
@@ -0,0 +1,3 @@
+# Streams Plugin
+
+This plugin provides an interface to manage streams
\ No newline at end of file
diff --git a/x-pack/plugins/streams/common/config.ts b/x-pack/plugins/streams/common/config.ts
new file mode 100644
index 0000000000000..3371b1b6d8cbc
--- /dev/null
+++ b/x-pack/plugins/streams/common/config.ts
@@ -0,0 +1,30 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { schema, TypeOf } from '@kbn/config-schema';
+
+export const configSchema = schema.object({});
+
+export type StreamsConfig = TypeOf<typeof configSchema>;
+
+/**
+ * The following map is passed to the server plugin setup under the
+ * exposeToBrowser: option, and controls which of the above config
+ * keys are allow-listed to be available in the browser config.
+ *
+ * NOTE: anything exposed here will be visible in the UI dev tools,
+ * and therefore MUST NOT be anything that is sensitive information!
+ */
+export const exposeToBrowserConfig = {} as const;
+
+type ValidKeys = keyof {
+  [K in keyof typeof exposeToBrowserConfig as (typeof exposeToBrowserConfig)[K] extends true
+    ? K
+    : never]: true;
+};
+
+export type StreamsPublicConfig = Pick<StreamsConfig, ValidKeys>;
diff --git a/x-pack/plugins/streams/common/constants.ts b/x-pack/plugins/streams/common/constants.ts
new file mode 100644
index 0000000000000..d7595990ded6e
--- /dev/null
+++ b/x-pack/plugins/streams/common/constants.ts
@@ -0,0 +1,9 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export const ASSET_VERSION = 1;
+export const STREAMS_INDEX = '.kibana_streams';
diff --git a/x-pack/plugins/streams/common/types.ts b/x-pack/plugins/streams/common/types.ts
new file mode 100644
index 0000000000000..6cdb2f923f6f4
--- /dev/null
+++ b/x-pack/plugins/streams/common/types.ts
@@ -0,0 +1,91 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { z } from '@kbn/zod';
+
+const stringOrNumberOrBoolean = z.union([z.string(), z.number(), z.boolean()]);
+
+export const filterConditionSchema = z.object({
+  field: z.string(),
+  operator: z.enum(['eq', 'neq', 'lt', 'lte', 'gt', 'gte', 'contains', 'startsWith', 'endsWith']),
+  value: stringOrNumberOrBoolean,
+});
+
+export type FilterCondition = z.infer<typeof filterConditionSchema>;
+
+export interface AndCondition {
+  and: Condition[];
+}
+
+export interface RerouteOrCondition {
+  or: Condition[];
+}
+
+export type Condition = FilterCondition | AndCondition | RerouteOrCondition | undefined;
+
+export const conditionSchema: z.ZodType<Condition> = z.lazy(() =>
+  z.union([
+    filterConditionSchema,
+    z.object({ and: z.array(conditionSchema) }),
+    z.object({ or: z.array(conditionSchema) }),
+  ])
+);
+
+export const grokProcessingDefinitionSchema = z.object({
+  type: z.literal('grok'),
+  field: z.string(),
+  patterns: z.array(z.string()),
+  pattern_definitions: z.optional(z.record(z.string())),
+});
+
+export const dissectProcessingDefinitionSchema = z.object({
+  type: z.literal('dissect'),
+  field: z.string(),
+  pattern: z.string(),
+});
+
+export const processingDefinitionSchema = z.object({
+  condition: z.optional(conditionSchema),
+  config: z.discriminatedUnion('type', [
+    grokProcessingDefinitionSchema,
+    dissectProcessingDefinitionSchema,
+  ]),
+});
+
+export type ProcessingDefinition = z.infer<typeof processingDefinitionSchema>;
+
+export const fieldDefinitionSchema = z.object({
+  name: z.string(),
+  type: z.enum(['keyword', 'match_only_text', 'long', 'double', 'date', 'boolean', 'ip']),
+});
+
+export type FieldDefinition = z.infer<typeof fieldDefinitionSchema>;
+
+export const streamWithoutIdDefinitonSchema = z.object({
+  processing: z.array(processingDefinitionSchema).default([]),
+  fields: z.array(fieldDefinitionSchema).default([]),
+  children: z
+    .array(
+      z.object({
+        id: z.string(),
+        condition: conditionSchema,
+      })
+    )
+    .default([]),
+});
+
+export type StreamWithoutIdDefinition = z.infer<typeof streamDefinitonSchema>;
+
+export const streamDefinitonSchema = streamWithoutIdDefinitonSchema.extend({
+  id: z.string(),
+});
+
+export type StreamDefinition = z.infer<typeof streamDefinitonSchema>;
+
+export const streamDefinitonWithoutChildrenSchema = streamDefinitonSchema.omit({ children: true });
+
+export type StreamWithoutChildrenDefinition = z.infer<typeof streamDefinitonWithoutChildrenSchema>;
diff --git a/x-pack/plugins/streams/jest.config.js b/x-pack/plugins/streams/jest.config.js
new file mode 100644
index 0000000000000..43d4fd28da9b5
--- /dev/null
+++ b/x-pack/plugins/streams/jest.config.js
@@ -0,0 +1,15 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+module.exports = {
+  preset: '@kbn/test',
+  rootDir: '../../..',
+  roots: ['<rootDir>/x-pack/plugins/streams'],
+  coverageDirectory: '<rootDir>/target/kibana-coverage/jest/x-pack/plugins/streams',
+  coverageReporters: ['text', 'html'],
+  collectCoverageFrom: ['<rootDir>/x-pack/plugins/streams/{common,public,server}/**/*.{js,ts,tsx}'],
+};
diff --git a/x-pack/plugins/streams/kibana.jsonc b/x-pack/plugins/streams/kibana.jsonc
new file mode 100644
index 0000000000000..06c37ed245cf1
--- /dev/null
+++ b/x-pack/plugins/streams/kibana.jsonc
@@ -0,0 +1,28 @@
+{
+  "type": "plugin",
+  "id": "@kbn/streams-plugin",
+  "owner": "@simianhacker @flash1293 @dgieselaar",
+  "description": "A manager for Streams",
+  "group": "observability",
+  "visibility": "private",
+  "plugin": {
+    "id": "streams",
+    "configPath": ["xpack", "streams"],
+    "browser": true,
+    "server": true,
+    "requiredPlugins": [
+      "data",
+      "security",
+      "encryptedSavedObjects",
+      "usageCollection",
+      "licensing",
+      "taskManager"
+    ],
+    "optionalPlugins": [
+      "cloud",
+      "serverless"
+    ],
+    "requiredBundles": [
+    ]
+  }
+}
diff --git a/x-pack/plugins/streams/public/index.ts b/x-pack/plugins/streams/public/index.ts
new file mode 100644
index 0000000000000..5b83ea1d297d3
--- /dev/null
+++ b/x-pack/plugins/streams/public/index.ts
@@ -0,0 +1,13 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { PluginInitializer, PluginInitializerContext } from '@kbn/core/public';
+import { Plugin } from './plugin';
+
+export const plugin: PluginInitializer<{}, {}> = (context: PluginInitializerContext) => {
+  return new Plugin(context);
+};
diff --git a/x-pack/plugins/streams/public/plugin.ts b/x-pack/plugins/streams/public/plugin.ts
new file mode 100644
index 0000000000000..f35d18e06ff70
--- /dev/null
+++ b/x-pack/plugins/streams/public/plugin.ts
@@ -0,0 +1,32 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { CoreSetup, CoreStart, PluginInitializerContext } from '@kbn/core/public';
+import { Logger } from '@kbn/logging';
+
+import type { StreamsPublicConfig } from '../common/config';
+import { StreamsPluginClass, StreamsPluginSetup, StreamsPluginStart } from './types';
+
+export class Plugin implements StreamsPluginClass {
+  public config: StreamsPublicConfig;
+  public logger: Logger;
+
+  constructor(context: PluginInitializerContext<{}>) {
+    this.config = context.config.get();
+    this.logger = context.logger.get();
+  }
+
+  setup(core: CoreSetup<StreamsPluginStart>, pluginSetup: StreamsPluginSetup) {
+    return {};
+  }
+
+  start(core: CoreStart) {
+    return {};
+  }
+
+  stop() {}
+}
diff --git a/x-pack/plugins/streams/public/types.ts b/x-pack/plugins/streams/public/types.ts
new file mode 100644
index 0000000000000..61e5fa94098f0
--- /dev/null
+++ b/x-pack/plugins/streams/public/types.ts
@@ -0,0 +1,16 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { Plugin as PluginClass } from '@kbn/core/public';
+
+// eslint-disable-next-line @typescript-eslint/no-empty-interface
+export interface StreamsPluginSetup {}
+
+// eslint-disable-next-line @typescript-eslint/no-empty-interface
+export interface StreamsPluginStart {}
+
+export type StreamsPluginClass = PluginClass<{}, {}, StreamsPluginSetup, StreamsPluginStart>;
diff --git a/x-pack/plugins/streams/server/index.ts b/x-pack/plugins/streams/server/index.ts
new file mode 100644
index 0000000000000..bd8aee304ad15
--- /dev/null
+++ b/x-pack/plugins/streams/server/index.ts
@@ -0,0 +1,19 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { PluginInitializerContext } from '@kbn/core-plugins-server';
+import { StreamsConfig } from '../common/config';
+import { StreamsPluginSetup, StreamsPluginStart, config } from './plugin';
+import { StreamsRouteRepository } from './routes';
+
+export type { StreamsConfig, StreamsPluginSetup, StreamsPluginStart, StreamsRouteRepository };
+export { config };
+
+export const plugin = async (context: PluginInitializerContext<StreamsConfig>) => {
+  const { StreamsPlugin } = await import('./plugin');
+  return new StreamsPlugin(context);
+};
diff --git a/x-pack/plugins/streams/server/lib/streams/component_templates/generate_layer.ts b/x-pack/plugins/streams/server/lib/streams/component_templates/generate_layer.ts
new file mode 100644
index 0000000000000..82c89c9ab9171
--- /dev/null
+++ b/x-pack/plugins/streams/server/lib/streams/component_templates/generate_layer.ts
@@ -0,0 +1,43 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import {
+  ClusterPutComponentTemplateRequest,
+  MappingProperty,
+} from '@elastic/elasticsearch/lib/api/types';
+import { StreamDefinition } from '../../../../common/types';
+import { ASSET_VERSION } from '../../../../common/constants';
+import { logsSettings } from './logs_layer';
+import { isRoot } from '../helpers/hierarchy';
+import { getComponentTemplateName } from './name';
+
+export function generateLayer(
+  id: string,
+  definition: StreamDefinition
+): ClusterPutComponentTemplateRequest {
+  const properties: Record<string, MappingProperty> = {};
+  definition.fields.forEach((field) => {
+    properties[field.name] = {
+      type: field.type,
+    };
+  });
+  return {
+    name: getComponentTemplateName(id),
+    template: {
+      settings: isRoot(definition.id) ? logsSettings : {},
+      mappings: {
+        subobjects: false,
+        properties,
+      },
+    },
+    version: ASSET_VERSION,
+    _meta: {
+      managed: true,
+      description: `Default settings for the ${id} stream`,
+    },
+  };
+}
diff --git a/x-pack/plugins/streams/server/lib/streams/component_templates/logs_layer.ts b/x-pack/plugins/streams/server/lib/streams/component_templates/logs_layer.ts
new file mode 100644
index 0000000000000..6b41d04131c56
--- /dev/null
+++ b/x-pack/plugins/streams/server/lib/streams/component_templates/logs_layer.ts
@@ -0,0 +1,23 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { IndicesIndexSettings } from '@elastic/elasticsearch/lib/api/types';
+
+export const logsSettings: IndicesIndexSettings = {
+  index: {
+    lifecycle: {
+      name: 'logs',
+    },
+    codec: 'best_compression',
+    mapping: {
+      total_fields: {
+        ignore_dynamic_beyond_limit: true,
+      },
+      ignore_malformed: true,
+    },
+  },
+};
diff --git a/x-pack/plugins/streams/server/lib/streams/component_templates/manage_component_templates.ts b/x-pack/plugins/streams/server/lib/streams/component_templates/manage_component_templates.ts
new file mode 100644
index 0000000000000..a7d707a4ce42a
--- /dev/null
+++ b/x-pack/plugins/streams/server/lib/streams/component_templates/manage_component_templates.ts
@@ -0,0 +1,47 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { ElasticsearchClient } from '@kbn/core-elasticsearch-server';
+import { Logger } from '@kbn/logging';
+import { ClusterPutComponentTemplateRequest } from '@elastic/elasticsearch/lib/api/types';
+import { retryTransientEsErrors } from '../helpers/retry';
+
+interface DeleteComponentOptions {
+  esClient: ElasticsearchClient;
+  name: string;
+  logger: Logger;
+}
+
+interface ComponentManagementOptions {
+  esClient: ElasticsearchClient;
+  component: ClusterPutComponentTemplateRequest;
+  logger: Logger;
+}
+
+export async function deleteComponent({ esClient, name, logger }: DeleteComponentOptions) {
+  try {
+    await retryTransientEsErrors(
+      () => esClient.cluster.deleteComponentTemplate({ name }, { ignore: [404] }),
+      { logger }
+    );
+  } catch (error: any) {
+    logger.error(`Error deleting component template: ${error.message}`);
+    throw error;
+  }
+}
+
+export async function upsertComponent({ esClient, component, logger }: ComponentManagementOptions) {
+  try {
+    await retryTransientEsErrors(() => esClient.cluster.putComponentTemplate(component), {
+      logger,
+    });
+    logger.debug(() => `Installed component template: ${JSON.stringify(component)}`);
+  } catch (error: any) {
+    logger.error(`Error updating component template: ${error.message}`);
+    throw error;
+  }
+}
diff --git a/x-pack/plugins/streams/server/lib/streams/component_templates/name.ts b/x-pack/plugins/streams/server/lib/streams/component_templates/name.ts
new file mode 100644
index 0000000000000..6ea05b9a53b28
--- /dev/null
+++ b/x-pack/plugins/streams/server/lib/streams/component_templates/name.ts
@@ -0,0 +1,10 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export function getComponentTemplateName(id: string) {
+  return `${id}@stream.layer`;
+}
diff --git a/x-pack/plugins/streams/server/lib/streams/data_streams/manage_data_streams.ts b/x-pack/plugins/streams/server/lib/streams/data_streams/manage_data_streams.ts
new file mode 100644
index 0000000000000..812739db56c73
--- /dev/null
+++ b/x-pack/plugins/streams/server/lib/streams/data_streams/manage_data_streams.ts
@@ -0,0 +1,93 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { ElasticsearchClient, Logger } from '@kbn/core/server';
+import { retryTransientEsErrors } from '../helpers/retry';
+
+interface DataStreamManagementOptions {
+  esClient: ElasticsearchClient;
+  name: string;
+  logger: Logger;
+}
+
+interface DeleteDataStreamOptions {
+  esClient: ElasticsearchClient;
+  name: string;
+  logger: Logger;
+}
+
+interface RolloverDataStreamOptions {
+  esClient: ElasticsearchClient;
+  name: string;
+  logger: Logger;
+}
+
+export async function upsertDataStream({ esClient, name, logger }: DataStreamManagementOptions) {
+  const dataStreamExists = await esClient.indices.exists({ index: name });
+  if (dataStreamExists) {
+    return;
+  }
+  try {
+    await retryTransientEsErrors(() => esClient.indices.createDataStream({ name }), { logger });
+    logger.debug(() => `Installed data stream: ${name}`);
+  } catch (error: any) {
+    logger.error(`Error creating data stream: ${error.message}`);
+    throw error;
+  }
+}
+
+export async function deleteDataStream({ esClient, name, logger }: DeleteDataStreamOptions) {
+  try {
+    await retryTransientEsErrors(
+      () => esClient.indices.deleteDataStream({ name }, { ignore: [404] }),
+      { logger }
+    );
+  } catch (error: any) {
+    logger.error(`Error deleting data stream: ${error.message}`);
+    throw error;
+  }
+}
+
+export async function rolloverDataStreamIfNecessary({
+  esClient,
+  name,
+  logger,
+}: RolloverDataStreamOptions) {
+  const dataStreams = await esClient.indices.getDataStream({ name: `${name},${name}.*` });
+  for (const dataStream of dataStreams.data_streams) {
+    const currentMappings =
+      Object.values(
+        await esClient.indices.getMapping({
+          index: dataStream.indices.at(-1)?.index_name,
+        })
+      )[0].mappings.properties || {};
+    const simulatedIndex = await esClient.indices.simulateIndexTemplate({ name: dataStream.name });
+    const simulatedMappings = simulatedIndex.template.mappings.properties || {};
+
+    // check whether the same fields and same types are listed (don't check for other mapping attributes)
+    const isDifferent =
+      Object.values(simulatedMappings).length !== Object.values(currentMappings).length ||
+      Object.entries(simulatedMappings || {}).some(([fieldName, { type }]) => {
+        const currentType = currentMappings[fieldName]?.type;
+        return currentType !== type;
+      });
+
+    if (!isDifferent) {
+      continue;
+    }
+
+    try {
+      await retryTransientEsErrors(() => esClient.indices.rollover({ alias: dataStream.name }), {
+        logger,
+      });
+      logger.debug(() => `Rolled over data stream: ${dataStream.name}`);
+    } catch (error: any) {
+      logger.error(`Error rolling over data stream: ${error.message}`);
+      throw error;
+    }
+  }
+}
diff --git a/x-pack/plugins/streams/server/lib/streams/errors/component_template_not_found.ts b/x-pack/plugins/streams/server/lib/streams/errors/component_template_not_found.ts
new file mode 100644
index 0000000000000..a7e9cebf98507
--- /dev/null
+++ b/x-pack/plugins/streams/server/lib/streams/errors/component_template_not_found.ts
@@ -0,0 +1,13 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export class ComponentTemplateNotFound extends Error {
+  constructor(message: string) {
+    super(message);
+    this.name = 'ComponentTemplateNotFound';
+  }
+}
diff --git a/x-pack/plugins/streams/server/lib/streams/errors/definition_id_invalid.ts b/x-pack/plugins/streams/server/lib/streams/errors/definition_id_invalid.ts
new file mode 100644
index 0000000000000..817e8f67bf25d
--- /dev/null
+++ b/x-pack/plugins/streams/server/lib/streams/errors/definition_id_invalid.ts
@@ -0,0 +1,13 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export class DefinitionIdInvalid extends Error {
+  constructor(message: string) {
+    super(message);
+    this.name = 'DefinitionIdInvalid';
+  }
+}
diff --git a/x-pack/plugins/streams/server/lib/streams/errors/definition_not_found.ts b/x-pack/plugins/streams/server/lib/streams/errors/definition_not_found.ts
new file mode 100644
index 0000000000000..f7e60193baa5f
--- /dev/null
+++ b/x-pack/plugins/streams/server/lib/streams/errors/definition_not_found.ts
@@ -0,0 +1,13 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export class DefinitionNotFound extends Error {
+  constructor(message: string) {
+    super(message);
+    this.name = 'DefinitionNotFound';
+  }
+}
diff --git a/x-pack/plugins/streams/server/lib/streams/errors/fork_condition_missing.ts b/x-pack/plugins/streams/server/lib/streams/errors/fork_condition_missing.ts
new file mode 100644
index 0000000000000..713751dbe4363
--- /dev/null
+++ b/x-pack/plugins/streams/server/lib/streams/errors/fork_condition_missing.ts
@@ -0,0 +1,13 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export class ForkConditionMissing extends Error {
+  constructor(message: string) {
+    super(message);
+    this.name = 'ForkConditionMissing';
+  }
+}
diff --git a/x-pack/plugins/streams/server/lib/streams/errors/id_conflict_error.ts b/x-pack/plugins/streams/server/lib/streams/errors/id_conflict_error.ts
new file mode 100644
index 0000000000000..a24c7357379fa
--- /dev/null
+++ b/x-pack/plugins/streams/server/lib/streams/errors/id_conflict_error.ts
@@ -0,0 +1,13 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export class IdConflict extends Error {
+  constructor(message: string) {
+    super(message);
+    this.name = 'IdConflict';
+  }
+}
diff --git a/x-pack/plugins/streams/server/lib/streams/errors/index.ts b/x-pack/plugins/streams/server/lib/streams/errors/index.ts
new file mode 100644
index 0000000000000..73842ef3018fe
--- /dev/null
+++ b/x-pack/plugins/streams/server/lib/streams/errors/index.ts
@@ -0,0 +1,15 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export * from './definition_id_invalid';
+export * from './definition_not_found';
+export * from './id_conflict_error';
+export * from './permission_denied';
+export * from './security_exception';
+export * from './index_template_not_found';
+export * from './fork_condition_missing';
+export * from './component_template_not_found';
diff --git a/x-pack/plugins/streams/server/lib/streams/errors/index_template_not_found.ts b/x-pack/plugins/streams/server/lib/streams/errors/index_template_not_found.ts
new file mode 100644
index 0000000000000..4f4735dd15fa1
--- /dev/null
+++ b/x-pack/plugins/streams/server/lib/streams/errors/index_template_not_found.ts
@@ -0,0 +1,13 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export class IndexTemplateNotFound extends Error {
+  constructor(message: string) {
+    super(message);
+    this.name = 'IndexTemplateNotFound';
+  }
+}
diff --git a/x-pack/plugins/streams/server/lib/streams/errors/ingest_pipeline_not_found.ts b/x-pack/plugins/streams/server/lib/streams/errors/ingest_pipeline_not_found.ts
new file mode 100644
index 0000000000000..8bf9bbd4933ce
--- /dev/null
+++ b/x-pack/plugins/streams/server/lib/streams/errors/ingest_pipeline_not_found.ts
@@ -0,0 +1,13 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export class IngestPipelineNotFound extends Error {
+  constructor(message: string) {
+    super(message);
+    this.name = 'IngestPipelineNotFound';
+  }
+}
diff --git a/x-pack/plugins/streams/server/lib/streams/errors/malformed_children.ts b/x-pack/plugins/streams/server/lib/streams/errors/malformed_children.ts
new file mode 100644
index 0000000000000..699c4cdd5b1ef
--- /dev/null
+++ b/x-pack/plugins/streams/server/lib/streams/errors/malformed_children.ts
@@ -0,0 +1,13 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export class MalformedChildren extends Error {
+  constructor(message: string) {
+    super(message);
+    this.name = 'MalformedChildren';
+  }
+}
diff --git a/x-pack/plugins/streams/server/lib/streams/errors/malformed_fields.ts b/x-pack/plugins/streams/server/lib/streams/errors/malformed_fields.ts
new file mode 100644
index 0000000000000..b8f7ac1392610
--- /dev/null
+++ b/x-pack/plugins/streams/server/lib/streams/errors/malformed_fields.ts
@@ -0,0 +1,13 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export class MalformedFields extends Error {
+  constructor(message: string) {
+    super(message);
+    this.name = 'MalformedFields';
+  }
+}
diff --git a/x-pack/plugins/streams/server/lib/streams/errors/malformed_stream_id.ts b/x-pack/plugins/streams/server/lib/streams/errors/malformed_stream_id.ts
new file mode 100644
index 0000000000000..2f988204c74b0
--- /dev/null
+++ b/x-pack/plugins/streams/server/lib/streams/errors/malformed_stream_id.ts
@@ -0,0 +1,13 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export class MalformedStreamId extends Error {
+  constructor(message: string) {
+    super(message);
+    this.name = 'MalformedStreamId';
+  }
+}
diff --git a/x-pack/plugins/streams/server/lib/streams/errors/permission_denied.ts b/x-pack/plugins/streams/server/lib/streams/errors/permission_denied.ts
new file mode 100644
index 0000000000000..f0133e28063ca
--- /dev/null
+++ b/x-pack/plugins/streams/server/lib/streams/errors/permission_denied.ts
@@ -0,0 +1,13 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export class PermissionDenied extends Error {
+  constructor(message: string) {
+    super(message);
+    this.name = 'PermissionDenied';
+  }
+}
diff --git a/x-pack/plugins/streams/server/lib/streams/errors/security_exception.ts b/x-pack/plugins/streams/server/lib/streams/errors/security_exception.ts
new file mode 100644
index 0000000000000..0b4ae450c2530
--- /dev/null
+++ b/x-pack/plugins/streams/server/lib/streams/errors/security_exception.ts
@@ -0,0 +1,13 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export class SecurityException extends Error {
+  constructor(message: string) {
+    super(message);
+    this.name = 'SecurityException';
+  }
+}
diff --git a/x-pack/plugins/streams/server/lib/streams/helpers/condition_to_painless.test.ts b/x-pack/plugins/streams/server/lib/streams/helpers/condition_to_painless.test.ts
new file mode 100644
index 0000000000000..aab7f27f12d14
--- /dev/null
+++ b/x-pack/plugins/streams/server/lib/streams/helpers/condition_to_painless.test.ts
@@ -0,0 +1,133 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { conditionToPainless } from './condition_to_painless';
+
+const operatorConditionAndResutls = [
+  {
+    condition: { field: 'log.logger', operator: 'eq' as const, value: 'nginx_proxy' },
+    result: 'ctx.log?.logger == "nginx_proxy"',
+  },
+  {
+    condition: { field: 'log.logger', operator: 'neq' as const, value: 'nginx_proxy' },
+    result: 'ctx.log?.logger != "nginx_proxy"',
+  },
+  {
+    condition: { field: 'http.response.status_code', operator: 'lt' as const, value: 500 },
+    result: 'ctx.http?.response?.status_code < 500',
+  },
+  {
+    condition: { field: 'http.response.status_code', operator: 'lte' as const, value: 500 },
+    result: 'ctx.http?.response?.status_code <= 500',
+  },
+  {
+    condition: { field: 'http.response.status_code', operator: 'gt' as const, value: 500 },
+    result: 'ctx.http?.response?.status_code > 500',
+  },
+  {
+    condition: { field: 'http.response.status_code', operator: 'gte' as const, value: 500 },
+    result: 'ctx.http?.response?.status_code >= 500',
+  },
+  {
+    condition: { field: 'log.logger', operator: 'startsWith' as const, value: 'nginx' },
+    result: 'ctx.log?.logger.startsWith("nginx")',
+  },
+  {
+    condition: { field: 'log.logger', operator: 'endsWith' as const, value: 'proxy' },
+    result: 'ctx.log?.logger.endsWith("proxy")',
+  },
+  {
+    condition: { field: 'log.logger', operator: 'contains' as const, value: 'proxy' },
+    result: 'ctx.log?.logger.contains("proxy")',
+  },
+];
+
+describe('conditionToPainless', () => {
+  describe('operators', () => {
+    operatorConditionAndResutls.forEach((setup) => {
+      test(`${setup.condition.operator}`, () => {
+        expect(conditionToPainless(setup.condition)).toEqual(setup.result);
+      });
+    });
+  });
+
+  describe('and', () => {
+    test('simple', () => {
+      const condition = {
+        and: [
+          { field: 'log.logger', operator: 'eq' as const, value: 'nginx_proxy' },
+          { field: 'log.level', operator: 'eq' as const, value: 'error' },
+        ],
+      };
+      expect(
+        expect(conditionToPainless(condition)).toEqual(
+          'ctx.log?.logger == "nginx_proxy" && ctx.log?.level == "error"'
+        )
+      );
+    });
+  });
+
+  describe('or', () => {
+    test('simple', () => {
+      const condition = {
+        or: [
+          { field: 'log.logger', operator: 'eq' as const, value: 'nginx_proxy' },
+          { field: 'log.level', operator: 'eq' as const, value: 'error' },
+        ],
+      };
+      expect(
+        expect(conditionToPainless(condition)).toEqual(
+          'ctx.log?.logger == "nginx_proxy" || ctx.log?.level == "error"'
+        )
+      );
+    });
+  });
+
+  describe('nested', () => {
+    test('and with a filter and or with 2 filters', () => {
+      const condition = {
+        and: [
+          { field: 'log.logger', operator: 'eq' as const, value: 'nginx_proxy' },
+          {
+            or: [
+              { field: 'log.level', operator: 'eq' as const, value: 'error' },
+              { field: 'log.level', operator: 'eq' as const, value: 'ERROR' },
+            ],
+          },
+        ],
+      };
+      expect(
+        expect(conditionToPainless(condition)).toEqual(
+          'ctx.log?.logger == "nginx_proxy" && (ctx.log?.level == "error" || ctx.log?.level == "ERROR")'
+        )
+      );
+    });
+    test('and with 2 or with filters', () => {
+      const condition = {
+        and: [
+          {
+            or: [
+              { field: 'log.logger', operator: 'eq' as const, value: 'nginx_proxy' },
+              { field: 'service.name', operator: 'eq' as const, value: 'nginx' },
+            ],
+          },
+          {
+            or: [
+              { field: 'log.level', operator: 'eq' as const, value: 'error' },
+              { field: 'log.level', operator: 'eq' as const, value: 'ERROR' },
+            ],
+          },
+        ],
+      };
+      expect(
+        expect(conditionToPainless(condition)).toEqual(
+          '(ctx.log?.logger == "nginx_proxy" || ctx.service?.name == "nginx") && (ctx.log?.level == "error" || ctx.log?.level == "ERROR")'
+        )
+      );
+    });
+  });
+});
diff --git a/x-pack/plugins/streams/server/lib/streams/helpers/condition_to_painless.ts b/x-pack/plugins/streams/server/lib/streams/helpers/condition_to_painless.ts
new file mode 100644
index 0000000000000..539ad3603535b
--- /dev/null
+++ b/x-pack/plugins/streams/server/lib/streams/helpers/condition_to_painless.ts
@@ -0,0 +1,83 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { isBoolean, isString } from 'lodash';
+import {
+  AndCondition,
+  Condition,
+  conditionSchema,
+  FilterCondition,
+  filterConditionSchema,
+  RerouteOrCondition,
+} from '../../../../common/types';
+
+function isFilterCondition(subject: any): subject is FilterCondition {
+  const result = filterConditionSchema.safeParse(subject);
+  return result.success;
+}
+
+function isAndCondition(subject: any): subject is AndCondition {
+  const result = conditionSchema.safeParse(subject);
+  return result.success && subject.and != null;
+}
+
+function isOrCondition(subject: any): subject is RerouteOrCondition {
+  const result = conditionSchema.safeParse(subject);
+  return result.success && subject.or != null;
+}
+
+function safePainlessField(condition: FilterCondition) {
+  return `ctx.${condition.field.split('.').join('?.')}`;
+}
+
+function encodeValue(value: string | number | boolean) {
+  if (isString(value)) {
+    return `"${value}"`;
+  }
+  if (isBoolean(value)) {
+    return value ? 'true' : 'false';
+  }
+  return value;
+}
+
+function toPainless(condition: FilterCondition) {
+  switch (condition.operator) {
+    case 'neq':
+      return `${safePainlessField(condition)} != ${encodeValue(condition.value)}`;
+    case 'lt':
+      return `${safePainlessField(condition)} < ${encodeValue(condition.value)}`;
+    case 'lte':
+      return `${safePainlessField(condition)} <= ${encodeValue(condition.value)}`;
+    case 'gt':
+      return `${safePainlessField(condition)} > ${encodeValue(condition.value)}`;
+    case 'gte':
+      return `${safePainlessField(condition)} >= ${encodeValue(condition.value)}`;
+    case 'startsWith':
+      return `${safePainlessField(condition)}.startsWith(${encodeValue(condition.value)})`;
+    case 'endsWith':
+      return `${safePainlessField(condition)}.endsWith(${encodeValue(condition.value)})`;
+    case 'contains':
+      return `${safePainlessField(condition)}.contains(${encodeValue(condition.value)})`;
+    default:
+      return `${safePainlessField(condition)} == ${encodeValue(condition.value)}`;
+  }
+}
+
+export function conditionToPainless(condition: Condition, nested = false): string {
+  if (isFilterCondition(condition)) {
+    return toPainless(condition);
+  }
+  if (isAndCondition(condition)) {
+    const and = condition.and.map((filter) => conditionToPainless(filter, true)).join(' && ');
+    return nested ? `(${and})` : and;
+  }
+  if (isOrCondition(condition)) {
+    const or = condition.or.map((filter) => conditionToPainless(filter, true)).join(' || ');
+    return nested ? `(${or})` : or;
+  }
+  return 'false';
+}
diff --git a/x-pack/plugins/streams/server/lib/streams/helpers/hierarchy.ts b/x-pack/plugins/streams/server/lib/streams/helpers/hierarchy.ts
new file mode 100644
index 0000000000000..6f1cd308f3c3d
--- /dev/null
+++ b/x-pack/plugins/streams/server/lib/streams/helpers/hierarchy.ts
@@ -0,0 +1,35 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { StreamDefinition } from '../../../../common/types';
+
+export function isDescendandOf(parent: StreamDefinition, child: StreamDefinition) {
+  return child.id.startsWith(parent.id);
+}
+
+export function isChildOf(parent: StreamDefinition, child: StreamDefinition) {
+  return (
+    isDescendandOf(parent, child) && child.id.split('.').length === parent.id.split('.').length + 1
+  );
+}
+
+export function getParentId(id: string) {
+  const parts = id.split('.');
+  if (parts.length === 1) {
+    return undefined;
+  }
+  return parts.slice(0, parts.length - 1).join('.');
+}
+
+export function isRoot(id: string) {
+  return id.split('.').length === 1;
+}
+
+export function getAncestors(id: string) {
+  const parts = id.split('.');
+  return parts.slice(0, parts.length - 1).map((_, index) => parts.slice(0, index + 1).join('.'));
+}
diff --git a/x-pack/plugins/streams/server/lib/streams/helpers/retry.ts b/x-pack/plugins/streams/server/lib/streams/helpers/retry.ts
new file mode 100644
index 0000000000000..32604a22bf9be
--- /dev/null
+++ b/x-pack/plugins/streams/server/lib/streams/helpers/retry.ts
@@ -0,0 +1,58 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { setTimeout } from 'timers/promises';
+import { errors as EsErrors } from '@elastic/elasticsearch';
+import type { Logger } from '@kbn/logging';
+import { SecurityException } from '../errors';
+
+const MAX_ATTEMPTS = 5;
+
+const retryResponseStatuses = [
+  503, // ServiceUnavailable
+  408, // RequestTimeout
+  410, // Gone
+];
+
+const isRetryableError = (e: any) =>
+  e instanceof EsErrors.NoLivingConnectionsError ||
+  e instanceof EsErrors.ConnectionError ||
+  e instanceof EsErrors.TimeoutError ||
+  (e instanceof EsErrors.ResponseError && retryResponseStatuses.includes(e?.statusCode!));
+
+/**
+ * Retries any transient network or configuration issues encountered from Elasticsearch with an exponential backoff.
+ * Should only be used to wrap operations that are idempotent and can be safely executed more than once.
+ */
+export const retryTransientEsErrors = async <T>(
+  esCall: () => Promise<T>,
+  { logger, attempt = 0 }: { logger?: Logger; attempt?: number } = {}
+): Promise<T> => {
+  try {
+    return await esCall();
+  } catch (e) {
+    if (attempt < MAX_ATTEMPTS && isRetryableError(e)) {
+      const retryCount = attempt + 1;
+      const retryDelaySec = Math.min(Math.pow(2, retryCount), 64); // 2s, 4s, 8s, 16s, 32s, 64s, 64s, 64s ...
+
+      logger?.warn(
+        `Retrying Elasticsearch operation after [${retryDelaySec}s] due to error: ${e.toString()} ${
+          e.stack
+        }`
+      );
+
+      await setTimeout(retryDelaySec * 1000);
+      return retryTransientEsErrors(esCall, { logger, attempt: retryCount });
+    }
+
+    if (e.meta?.body?.error?.type === 'security_exception') {
+      throw new SecurityException(e.meta.body.error.reason);
+    }
+
+    throw e;
+  }
+};
diff --git a/x-pack/plugins/streams/server/lib/streams/index_templates/generate_index_template.ts b/x-pack/plugins/streams/server/lib/streams/index_templates/generate_index_template.ts
new file mode 100644
index 0000000000000..7a16534a618da
--- /dev/null
+++ b/x-pack/plugins/streams/server/lib/streams/index_templates/generate_index_template.ts
@@ -0,0 +1,42 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { ASSET_VERSION } from '../../../../common/constants';
+import { getProcessingPipelineName } from '../ingest_pipelines/name';
+import { getIndexTemplateName } from './name';
+
+export function generateIndexTemplate(id: string) {
+  const composedOf = id.split('.').reduce((acc, _, index, array) => {
+    const parent = array.slice(0, index + 1).join('.');
+    return [...acc, `${parent}@stream.layer`];
+  }, [] as string[]);
+
+  return {
+    name: getIndexTemplateName(id),
+    index_patterns: [id],
+    composed_of: composedOf,
+    priority: 200,
+    version: ASSET_VERSION,
+    _meta: {
+      managed: true,
+      description: `The index template for ${id} stream`,
+    },
+    data_stream: {
+      hidden: false,
+    },
+    template: {
+      settings: {
+        index: {
+          default_pipeline: getProcessingPipelineName(id),
+        },
+      },
+    },
+    allow_auto_create: true,
+    // ignore missing component templates to be more robust against out-of-order syncs
+    ignore_missing_component_templates: composedOf,
+  };
+}
diff --git a/x-pack/plugins/streams/server/lib/streams/index_templates/manage_index_templates.ts b/x-pack/plugins/streams/server/lib/streams/index_templates/manage_index_templates.ts
new file mode 100644
index 0000000000000..9383e698b3436
--- /dev/null
+++ b/x-pack/plugins/streams/server/lib/streams/index_templates/manage_index_templates.ts
@@ -0,0 +1,44 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { IndicesPutIndexTemplateRequest } from '@elastic/elasticsearch/lib/api/types';
+import { ElasticsearchClient, Logger } from '@kbn/core/server';
+import { retryTransientEsErrors } from '../helpers/retry';
+
+interface TemplateManagementOptions {
+  esClient: ElasticsearchClient;
+  template: IndicesPutIndexTemplateRequest;
+  logger: Logger;
+}
+
+interface DeleteTemplateOptions {
+  esClient: ElasticsearchClient;
+  name: string;
+  logger: Logger;
+}
+
+export async function upsertTemplate({ esClient, template, logger }: TemplateManagementOptions) {
+  try {
+    await retryTransientEsErrors(() => esClient.indices.putIndexTemplate(template), { logger });
+    logger.debug(() => `Installed index template: ${JSON.stringify(template)}`);
+  } catch (error: any) {
+    logger.error(`Error updating index template: ${error.message}`);
+    throw error;
+  }
+}
+
+export async function deleteTemplate({ esClient, name, logger }: DeleteTemplateOptions) {
+  try {
+    await retryTransientEsErrors(
+      () => esClient.indices.deleteIndexTemplate({ name }, { ignore: [404] }),
+      { logger }
+    );
+  } catch (error: any) {
+    logger.error(`Error deleting index template: ${error.message}`);
+    throw error;
+  }
+}
diff --git a/x-pack/plugins/streams/server/lib/streams/index_templates/name.ts b/x-pack/plugins/streams/server/lib/streams/index_templates/name.ts
new file mode 100644
index 0000000000000..ec8ea5519a6b4
--- /dev/null
+++ b/x-pack/plugins/streams/server/lib/streams/index_templates/name.ts
@@ -0,0 +1,10 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export function getIndexTemplateName(id: string) {
+  return `${id}@stream`;
+}
diff --git a/x-pack/plugins/streams/server/lib/streams/ingest_pipelines/generate_ingest_pipeline.ts b/x-pack/plugins/streams/server/lib/streams/ingest_pipelines/generate_ingest_pipeline.ts
new file mode 100644
index 0000000000000..eb09df8831304
--- /dev/null
+++ b/x-pack/plugins/streams/server/lib/streams/ingest_pipelines/generate_ingest_pipeline.ts
@@ -0,0 +1,42 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { StreamDefinition } from '../../../../common/types';
+import { ASSET_VERSION } from '../../../../common/constants';
+import { conditionToPainless } from '../helpers/condition_to_painless';
+import { logsDefaultPipelineProcessors } from './logs_default_pipeline';
+import { isRoot } from '../helpers/hierarchy';
+import { getProcessingPipelineName } from './name';
+
+export function generateIngestPipeline(id: string, definition: StreamDefinition) {
+  return {
+    id: getProcessingPipelineName(id),
+    processors: [
+      ...(isRoot(definition.id) ? logsDefaultPipelineProcessors : []),
+      ...definition.processing.map((processor) => {
+        const { type, ...config } = processor.config;
+        return {
+          [type]: {
+            ...config,
+            if: processor.condition ? conditionToPainless(processor.condition) : undefined,
+          },
+        };
+      }),
+      {
+        pipeline: {
+          name: `${id}@stream.reroutes`,
+          ignore_missing_pipeline: true,
+        },
+      },
+    ],
+    _meta: {
+      description: `Default pipeline for the ${id} stream`,
+      managed: true,
+    },
+    version: ASSET_VERSION,
+  };
+}
diff --git a/x-pack/plugins/streams/server/lib/streams/ingest_pipelines/generate_reroute_pipeline.ts b/x-pack/plugins/streams/server/lib/streams/ingest_pipelines/generate_reroute_pipeline.ts
new file mode 100644
index 0000000000000..9b46e0cf4ac92
--- /dev/null
+++ b/x-pack/plugins/streams/server/lib/streams/ingest_pipelines/generate_reroute_pipeline.ts
@@ -0,0 +1,34 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { StreamDefinition } from '../../../../common/types';
+import { ASSET_VERSION } from '../../../../common/constants';
+import { conditionToPainless } from '../helpers/condition_to_painless';
+import { getReroutePipelineName } from './name';
+
+interface GenerateReroutePipelineParams {
+  definition: StreamDefinition;
+}
+
+export async function generateReroutePipeline({ definition }: GenerateReroutePipelineParams) {
+  return {
+    id: getReroutePipelineName(definition.id),
+    processors: definition.children.map((child) => {
+      return {
+        reroute: {
+          destination: child.id,
+          if: conditionToPainless(child.condition),
+        },
+      };
+    }),
+    _meta: {
+      description: `Reoute pipeline for the ${definition.id} stream`,
+      managed: true,
+    },
+    version: ASSET_VERSION,
+  };
+}
diff --git a/x-pack/plugins/streams/server/lib/streams/ingest_pipelines/logs_default_pipeline.ts b/x-pack/plugins/streams/server/lib/streams/ingest_pipelines/logs_default_pipeline.ts
new file mode 100644
index 0000000000000..762155ba5047c
--- /dev/null
+++ b/x-pack/plugins/streams/server/lib/streams/ingest_pipelines/logs_default_pipeline.ts
@@ -0,0 +1,23 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export const logsDefaultPipelineProcessors = [
+  {
+    set: {
+      description: "If '@timestamp' is missing, set it with the ingest timestamp",
+      field: '@timestamp',
+      override: false,
+      copy_from: '_ingest.timestamp',
+    },
+  },
+  {
+    pipeline: {
+      name: 'logs@json-pipeline',
+      ignore_missing_pipeline: true,
+    },
+  },
+];
diff --git a/x-pack/plugins/streams/server/lib/streams/ingest_pipelines/manage_ingest_pipelines.ts b/x-pack/plugins/streams/server/lib/streams/ingest_pipelines/manage_ingest_pipelines.ts
new file mode 100644
index 0000000000000..467e2efb48f0d
--- /dev/null
+++ b/x-pack/plugins/streams/server/lib/streams/ingest_pipelines/manage_ingest_pipelines.ts
@@ -0,0 +1,48 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { ElasticsearchClient } from '@kbn/core-elasticsearch-server';
+import { Logger } from '@kbn/logging';
+import { IngestPutPipelineRequest } from '@elastic/elasticsearch/lib/api/types';
+import { retryTransientEsErrors } from '../helpers/retry';
+
+interface DeletePipelineOptions {
+  esClient: ElasticsearchClient;
+  id: string;
+  logger: Logger;
+}
+
+interface PipelineManagementOptions {
+  esClient: ElasticsearchClient;
+  pipeline: IngestPutPipelineRequest;
+  logger: Logger;
+}
+
+export async function deleteIngestPipeline({ esClient, id, logger }: DeletePipelineOptions) {
+  try {
+    await retryTransientEsErrors(() => esClient.ingest.deletePipeline({ id }, { ignore: [404] }), {
+      logger,
+    });
+  } catch (error: any) {
+    logger.error(`Error deleting ingest pipeline: ${error.message}`);
+    throw error;
+  }
+}
+
+export async function upsertIngestPipeline({
+  esClient,
+  pipeline,
+  logger,
+}: PipelineManagementOptions) {
+  try {
+    await retryTransientEsErrors(() => esClient.ingest.putPipeline(pipeline), { logger });
+    logger.debug(() => `Installed index template: ${JSON.stringify(pipeline)}`);
+  } catch (error: any) {
+    logger.error(`Error updating index template: ${error.message}`);
+    throw error;
+  }
+}
diff --git a/x-pack/plugins/streams/server/lib/streams/ingest_pipelines/name.ts b/x-pack/plugins/streams/server/lib/streams/ingest_pipelines/name.ts
new file mode 100644
index 0000000000000..8d2a97ff3137f
--- /dev/null
+++ b/x-pack/plugins/streams/server/lib/streams/ingest_pipelines/name.ts
@@ -0,0 +1,14 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export function getProcessingPipelineName(id: string) {
+  return `${id}@stream.processing`;
+}
+
+export function getReroutePipelineName(id: string) {
+  return `${id}@stream.reroutes`;
+}
diff --git a/x-pack/plugins/streams/server/lib/streams/internal_stream_mapping.ts b/x-pack/plugins/streams/server/lib/streams/internal_stream_mapping.ts
new file mode 100644
index 0000000000000..8e88eeef8cd84
--- /dev/null
+++ b/x-pack/plugins/streams/server/lib/streams/internal_stream_mapping.ts
@@ -0,0 +1,35 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { IScopedClusterClient } from '@kbn/core-elasticsearch-server';
+import { STREAMS_INDEX } from '../../../common/constants';
+
+export function createStreamsIndex(scopedClusterClient: IScopedClusterClient) {
+  return scopedClusterClient.asInternalUser.indices.create({
+    index: STREAMS_INDEX,
+    mappings: {
+      dynamic: 'strict',
+      properties: {
+        processing: {
+          type: 'object',
+          enabled: false,
+        },
+        fields: {
+          type: 'object',
+          enabled: false,
+        },
+        children: {
+          type: 'object',
+          enabled: false,
+        },
+        id: {
+          type: 'keyword',
+        },
+      },
+    },
+  });
+}
diff --git a/x-pack/plugins/streams/server/lib/streams/root_stream_definition.ts b/x-pack/plugins/streams/server/lib/streams/root_stream_definition.ts
new file mode 100644
index 0000000000000..2b7deed877309
--- /dev/null
+++ b/x-pack/plugins/streams/server/lib/streams/root_stream_definition.ts
@@ -0,0 +1,32 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { StreamDefinition } from '../../../common/types';
+
+export const rootStreamDefinition: StreamDefinition = {
+  id: 'logs',
+  processing: [],
+  children: [],
+  fields: [
+    {
+      name: '@timestamp',
+      type: 'date',
+    },
+    {
+      name: 'message',
+      type: 'match_only_text',
+    },
+    {
+      name: 'host.name',
+      type: 'keyword',
+    },
+    {
+      name: 'log.level',
+      type: 'keyword',
+    },
+  ],
+};
diff --git a/x-pack/plugins/streams/server/lib/streams/stream_crud.ts b/x-pack/plugins/streams/server/lib/streams/stream_crud.ts
new file mode 100644
index 0000000000000..78a126905d9a4
--- /dev/null
+++ b/x-pack/plugins/streams/server/lib/streams/stream_crud.ts
@@ -0,0 +1,286 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { IScopedClusterClient } from '@kbn/core-elasticsearch-server';
+import { Logger } from '@kbn/logging';
+import { FieldDefinition, StreamDefinition } from '../../../common/types';
+import { STREAMS_INDEX } from '../../../common/constants';
+import { DefinitionNotFound } from './errors';
+import { deleteTemplate, upsertTemplate } from './index_templates/manage_index_templates';
+import { generateLayer } from './component_templates/generate_layer';
+import { generateIngestPipeline } from './ingest_pipelines/generate_ingest_pipeline';
+import { generateReroutePipeline } from './ingest_pipelines/generate_reroute_pipeline';
+import { generateIndexTemplate } from './index_templates/generate_index_template';
+import { deleteComponent, upsertComponent } from './component_templates/manage_component_templates';
+import { getIndexTemplateName } from './index_templates/name';
+import { getComponentTemplateName } from './component_templates/name';
+import { getProcessingPipelineName, getReroutePipelineName } from './ingest_pipelines/name';
+import {
+  deleteIngestPipeline,
+  upsertIngestPipeline,
+} from './ingest_pipelines/manage_ingest_pipelines';
+import { getAncestors } from './helpers/hierarchy';
+import { MalformedFields } from './errors/malformed_fields';
+import {
+  deleteDataStream,
+  rolloverDataStreamIfNecessary,
+  upsertDataStream,
+} from './data_streams/manage_data_streams';
+
+interface BaseParams {
+  scopedClusterClient: IScopedClusterClient;
+}
+
+interface BaseParamsWithDefinition extends BaseParams {
+  definition: StreamDefinition;
+}
+
+interface DeleteStreamParams extends BaseParams {
+  id: string;
+  logger: Logger;
+}
+
+export async function deleteStreamObjects({ id, scopedClusterClient, logger }: DeleteStreamParams) {
+  await deleteDataStream({
+    esClient: scopedClusterClient.asCurrentUser,
+    name: id,
+    logger,
+  });
+  await deleteTemplate({
+    esClient: scopedClusterClient.asCurrentUser,
+    name: getIndexTemplateName(id),
+    logger,
+  });
+  await deleteComponent({
+    esClient: scopedClusterClient.asCurrentUser,
+    name: getComponentTemplateName(id),
+    logger,
+  });
+  await deleteIngestPipeline({
+    esClient: scopedClusterClient.asCurrentUser,
+    id: getProcessingPipelineName(id),
+    logger,
+  });
+  await deleteIngestPipeline({
+    esClient: scopedClusterClient.asCurrentUser,
+    id: getReroutePipelineName(id),
+    logger,
+  });
+  await scopedClusterClient.asInternalUser.delete({
+    id,
+    index: STREAMS_INDEX,
+    refresh: 'wait_for',
+  });
+}
+
+async function upsertInternalStream({ definition, scopedClusterClient }: BaseParamsWithDefinition) {
+  return scopedClusterClient.asInternalUser.index({
+    id: definition.id,
+    index: STREAMS_INDEX,
+    document: definition,
+    refresh: 'wait_for',
+  });
+}
+
+type ListStreamsParams = BaseParams;
+
+export async function listStreams({ scopedClusterClient }: ListStreamsParams) {
+  const response = await scopedClusterClient.asInternalUser.search<StreamDefinition>({
+    index: STREAMS_INDEX,
+    size: 10000,
+    fields: ['id'],
+    _source: false,
+    sort: [{ id: 'asc' }],
+  });
+  const definitions = response.hits.hits.map((hit) => hit.fields as { id: string[] });
+  return definitions;
+}
+
+interface ReadStreamParams extends BaseParams {
+  id: string;
+}
+
+export async function readStream({ id, scopedClusterClient }: ReadStreamParams) {
+  try {
+    const response = await scopedClusterClient.asInternalUser.get<StreamDefinition>({
+      id,
+      index: STREAMS_INDEX,
+    });
+    const definition = response._source as StreamDefinition;
+    return {
+      definition,
+    };
+  } catch (e) {
+    if (e.meta?.statusCode === 404) {
+      throw new DefinitionNotFound(`Stream definition for ${id} not found.`);
+    }
+    throw e;
+  }
+}
+
+interface ReadAncestorsParams extends BaseParams {
+  id: string;
+}
+
+export async function readAncestors({ id, scopedClusterClient }: ReadAncestorsParams) {
+  const ancestorIds = getAncestors(id);
+
+  return await Promise.all(
+    ancestorIds.map((ancestorId) => readStream({ scopedClusterClient, id: ancestorId }))
+  );
+}
+
+interface ReadDescendantsParams extends BaseParams {
+  id: string;
+}
+
+export async function readDescendants({ id, scopedClusterClient }: ReadDescendantsParams) {
+  const response = await scopedClusterClient.asInternalUser.search<StreamDefinition>({
+    index: STREAMS_INDEX,
+    size: 10000,
+    body: {
+      query: {
+        bool: {
+          filter: {
+            prefix: {
+              id,
+            },
+          },
+          must_not: {
+            term: {
+              id,
+            },
+          },
+        },
+      },
+    },
+  });
+  return response.hits.hits.map((hit) => hit._source as StreamDefinition);
+}
+
+export async function validateAncestorFields(
+  scopedClusterClient: IScopedClusterClient,
+  id: string,
+  fields: FieldDefinition[]
+) {
+  const ancestors = await readAncestors({
+    id,
+    scopedClusterClient,
+  });
+  for (const ancestor of ancestors) {
+    for (const field of fields) {
+      if (
+        ancestor.definition.fields.some(
+          (ancestorField) => ancestorField.type !== field.type && ancestorField.name === field.name
+        )
+      ) {
+        throw new MalformedFields(
+          `Field ${field.name} is already defined with incompatible type in the parent stream ${ancestor.definition.id}`
+        );
+      }
+    }
+  }
+}
+
+export async function validateDescendantFields(
+  scopedClusterClient: IScopedClusterClient,
+  id: string,
+  fields: FieldDefinition[]
+) {
+  const descendants = await readDescendants({
+    id,
+    scopedClusterClient,
+  });
+  for (const descendant of descendants) {
+    for (const field of fields) {
+      if (
+        descendant.fields.some(
+          (descendantField) =>
+            descendantField.type !== field.type && descendantField.name === field.name
+        )
+      ) {
+        throw new MalformedFields(
+          `Field ${field.name} is already defined with incompatible type in the child stream ${descendant.id}`
+        );
+      }
+    }
+  }
+}
+
+export async function checkStreamExists({ id, scopedClusterClient }: ReadStreamParams) {
+  try {
+    await readStream({ id, scopedClusterClient });
+    return true;
+  } catch (e) {
+    if (e instanceof DefinitionNotFound) {
+      return false;
+    }
+    throw e;
+  }
+}
+
+interface SyncStreamParams {
+  scopedClusterClient: IScopedClusterClient;
+  definition: StreamDefinition;
+  rootDefinition?: StreamDefinition;
+  logger: Logger;
+}
+
+export async function syncStream({
+  scopedClusterClient,
+  definition,
+  rootDefinition,
+  logger,
+}: SyncStreamParams) {
+  await upsertComponent({
+    esClient: scopedClusterClient.asCurrentUser,
+    logger,
+    component: generateLayer(definition.id, definition),
+  });
+  await upsertIngestPipeline({
+    esClient: scopedClusterClient.asCurrentUser,
+    logger,
+    pipeline: generateIngestPipeline(definition.id, definition),
+  });
+  const reroutePipeline = await generateReroutePipeline({
+    definition,
+  });
+  await upsertIngestPipeline({
+    esClient: scopedClusterClient.asCurrentUser,
+    logger,
+    pipeline: reroutePipeline,
+  });
+  await upsertTemplate({
+    esClient: scopedClusterClient.asCurrentUser,
+    logger,
+    template: generateIndexTemplate(definition.id),
+  });
+  if (rootDefinition) {
+    const parentReroutePipeline = await generateReroutePipeline({
+      definition: rootDefinition,
+    });
+    await upsertIngestPipeline({
+      esClient: scopedClusterClient.asCurrentUser,
+      logger,
+      pipeline: parentReroutePipeline,
+    });
+  }
+  await upsertDataStream({
+    esClient: scopedClusterClient.asCurrentUser,
+    logger,
+    name: definition.id,
+  });
+  await upsertInternalStream({
+    scopedClusterClient,
+    definition,
+  });
+  await rolloverDataStreamIfNecessary({
+    esClient: scopedClusterClient.asCurrentUser,
+    name: definition.id,
+    logger,
+  });
+}
diff --git a/x-pack/plugins/streams/server/plugin.ts b/x-pack/plugins/streams/server/plugin.ts
new file mode 100644
index 0000000000000..ef070984803d5
--- /dev/null
+++ b/x-pack/plugins/streams/server/plugin.ts
@@ -0,0 +1,92 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import {
+  CoreSetup,
+  CoreStart,
+  KibanaRequest,
+  Logger,
+  Plugin,
+  PluginConfigDescriptor,
+  PluginInitializerContext,
+} from '@kbn/core/server';
+import { registerRoutes } from '@kbn/server-route-repository';
+import { StreamsConfig, configSchema, exposeToBrowserConfig } from '../common/config';
+import { StreamsRouteRepository } from './routes';
+import { RouteDependencies } from './routes/types';
+import {
+  StreamsPluginSetupDependencies,
+  StreamsPluginStartDependencies,
+  StreamsServer,
+} from './types';
+
+// eslint-disable-next-line @typescript-eslint/no-empty-interface
+export interface StreamsPluginSetup {}
+// eslint-disable-next-line @typescript-eslint/no-empty-interface
+export interface StreamsPluginStart {}
+
+export const config: PluginConfigDescriptor<StreamsConfig> = {
+  schema: configSchema,
+  exposeToBrowser: exposeToBrowserConfig,
+};
+
+export class StreamsPlugin
+  implements
+    Plugin<
+      StreamsPluginSetup,
+      StreamsPluginStart,
+      StreamsPluginSetupDependencies,
+      StreamsPluginStartDependencies
+    >
+{
+  public config: StreamsConfig;
+  public logger: Logger;
+  public server?: StreamsServer;
+
+  constructor(context: PluginInitializerContext<StreamsConfig>) {
+    this.config = context.config.get();
+    this.logger = context.logger.get();
+  }
+
+  public setup(core: CoreSetup, plugins: StreamsPluginSetupDependencies): StreamsPluginSetup {
+    this.server = {
+      config: this.config,
+      logger: this.logger,
+    } as StreamsServer;
+
+    registerRoutes<RouteDependencies>({
+      repository: StreamsRouteRepository,
+      dependencies: {
+        server: this.server,
+        getScopedClients: async ({ request }: { request: KibanaRequest }) => {
+          const [coreStart] = await core.getStartServices();
+          const scopedClusterClient = coreStart.elasticsearch.client.asScoped(request);
+          const soClient = coreStart.savedObjects.getScopedClient(request);
+          return { scopedClusterClient, soClient };
+        },
+      },
+      core,
+      logger: this.logger,
+    });
+
+    return {};
+  }
+
+  public start(core: CoreStart, plugins: StreamsPluginStartDependencies): StreamsPluginStart {
+    if (this.server) {
+      this.server.core = core;
+      this.server.isServerless = core.elasticsearch.getCapabilities().serverless;
+      this.server.security = plugins.security;
+      this.server.encryptedSavedObjects = plugins.encryptedSavedObjects;
+      this.server.taskManager = plugins.taskManager;
+    }
+
+    return {};
+  }
+
+  public stop() {}
+}
diff --git a/x-pack/plugins/streams/server/routes/create_server_route.ts b/x-pack/plugins/streams/server/routes/create_server_route.ts
new file mode 100644
index 0000000000000..94d85a71c82bb
--- /dev/null
+++ b/x-pack/plugins/streams/server/routes/create_server_route.ts
@@ -0,0 +1,11 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { createServerRouteFactory } from '@kbn/server-route-repository';
+import { StreamsRouteHandlerResources } from './types';
+
+export const createServerRoute = createServerRouteFactory<StreamsRouteHandlerResources>();
diff --git a/x-pack/plugins/streams/server/routes/index.ts b/x-pack/plugins/streams/server/routes/index.ts
new file mode 100644
index 0000000000000..6fc734d3371b4
--- /dev/null
+++ b/x-pack/plugins/streams/server/routes/index.ts
@@ -0,0 +1,26 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { deleteStreamRoute } from './streams/delete';
+import { editStreamRoute } from './streams/edit';
+import { enableStreamsRoute } from './streams/enable';
+import { forkStreamsRoute } from './streams/fork';
+import { listStreamsRoute } from './streams/list';
+import { readStreamRoute } from './streams/read';
+import { resyncStreamsRoute } from './streams/resync';
+
+export const StreamsRouteRepository = {
+  ...enableStreamsRoute,
+  ...resyncStreamsRoute,
+  ...forkStreamsRoute,
+  ...readStreamRoute,
+  ...editStreamRoute,
+  ...deleteStreamRoute,
+  ...listStreamsRoute,
+};
+
+export type StreamsRouteRepository = typeof StreamsRouteRepository;
diff --git a/x-pack/plugins/streams/server/routes/streams/delete.ts b/x-pack/plugins/streams/server/routes/streams/delete.ts
new file mode 100644
index 0000000000000..3820975dbe16a
--- /dev/null
+++ b/x-pack/plugins/streams/server/routes/streams/delete.ts
@@ -0,0 +1,109 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { z } from '@kbn/zod';
+import { IScopedClusterClient } from '@kbn/core-elasticsearch-server';
+import { Logger } from '@kbn/logging';
+import {
+  DefinitionNotFound,
+  ForkConditionMissing,
+  IndexTemplateNotFound,
+  SecurityException,
+} from '../../lib/streams/errors';
+import { createServerRoute } from '../create_server_route';
+import { syncStream, readStream, deleteStreamObjects } from '../../lib/streams/stream_crud';
+import { MalformedStreamId } from '../../lib/streams/errors/malformed_stream_id';
+import { getParentId } from '../../lib/streams/helpers/hierarchy';
+
+export const deleteStreamRoute = createServerRoute({
+  endpoint: 'DELETE /api/streams/{id} 2023-10-31',
+  options: {
+    access: 'public',
+    availability: {
+      stability: 'experimental',
+    },
+    security: {
+      authz: {
+        enabled: false,
+        reason:
+          'This API delegates security to the currently logged in user and their Elasticsearch permissions.',
+      },
+    },
+  },
+  params: z.object({
+    path: z.object({
+      id: z.string(),
+    }),
+  }),
+  handler: async ({ response, params, logger, request, getScopedClients }) => {
+    try {
+      const { scopedClusterClient } = await getScopedClients({ request });
+
+      const parentId = getParentId(params.path.id);
+      if (!parentId) {
+        throw new MalformedStreamId('Cannot delete root stream');
+      }
+
+      await updateParentStream(scopedClusterClient, params.path.id, parentId, logger);
+
+      await deleteStream(scopedClusterClient, params.path.id, logger);
+
+      return response.ok({ body: { acknowledged: true } });
+    } catch (e) {
+      if (e instanceof IndexTemplateNotFound || e instanceof DefinitionNotFound) {
+        return response.notFound({ body: e });
+      }
+
+      if (
+        e instanceof SecurityException ||
+        e instanceof ForkConditionMissing ||
+        e instanceof MalformedStreamId
+      ) {
+        return response.customError({ body: e, statusCode: 400 });
+      }
+
+      return response.customError({ body: e, statusCode: 500 });
+    }
+  },
+});
+
+async function deleteStream(scopedClusterClient: IScopedClusterClient, id: string, logger: Logger) {
+  try {
+    const { definition } = await readStream({ scopedClusterClient, id });
+    for (const child of definition.children) {
+      await deleteStream(scopedClusterClient, child.id, logger);
+    }
+    await deleteStreamObjects({ scopedClusterClient, id, logger });
+  } catch (e) {
+    if (e instanceof DefinitionNotFound) {
+      logger.debug(`Stream definition for ${id} not found.`);
+    } else {
+      throw e;
+    }
+  }
+}
+
+async function updateParentStream(
+  scopedClusterClient: IScopedClusterClient,
+  id: string,
+  parentId: string,
+  logger: Logger
+) {
+  const { definition: parentDefinition } = await readStream({
+    scopedClusterClient,
+    id: parentId,
+  });
+
+  parentDefinition.children = parentDefinition.children.filter((child) => child.id !== id);
+
+  await syncStream({
+    scopedClusterClient,
+    definition: parentDefinition,
+    logger,
+  });
+  return parentDefinition;
+}
diff --git a/x-pack/plugins/streams/server/routes/streams/edit.ts b/x-pack/plugins/streams/server/routes/streams/edit.ts
new file mode 100644
index 0000000000000..b82b4d54044da
--- /dev/null
+++ b/x-pack/plugins/streams/server/routes/streams/edit.ts
@@ -0,0 +1,171 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { z } from '@kbn/zod';
+import { IScopedClusterClient } from '@kbn/core-elasticsearch-server';
+import { Logger } from '@kbn/logging';
+import {
+  DefinitionNotFound,
+  ForkConditionMissing,
+  IndexTemplateNotFound,
+  SecurityException,
+} from '../../lib/streams/errors';
+import { createServerRoute } from '../create_server_route';
+import { StreamDefinition, streamWithoutIdDefinitonSchema } from '../../../common/types';
+import {
+  syncStream,
+  readStream,
+  checkStreamExists,
+  validateAncestorFields,
+  validateDescendantFields,
+} from '../../lib/streams/stream_crud';
+import { MalformedStreamId } from '../../lib/streams/errors/malformed_stream_id';
+import { getParentId } from '../../lib/streams/helpers/hierarchy';
+import { MalformedChildren } from '../../lib/streams/errors/malformed_children';
+
+export const editStreamRoute = createServerRoute({
+  endpoint: 'PUT /api/streams/{id} 2023-10-31',
+  options: {
+    access: 'public',
+    availability: {
+      stability: 'experimental',
+    },
+    security: {
+      authz: {
+        enabled: false,
+        reason:
+          'This API delegates security to the currently logged in user and their Elasticsearch permissions.',
+      },
+    },
+  },
+  params: z.object({
+    path: z.object({
+      id: z.string(),
+    }),
+    body: streamWithoutIdDefinitonSchema,
+  }),
+  handler: async ({ response, params, logger, request, getScopedClients }) => {
+    try {
+      const { scopedClusterClient } = await getScopedClients({ request });
+
+      await validateStreamChildren(scopedClusterClient, params.path.id, params.body.children);
+      await validateAncestorFields(scopedClusterClient, params.path.id, params.body.fields);
+      await validateDescendantFields(scopedClusterClient, params.path.id, params.body.fields);
+
+      const parentId = getParentId(params.path.id);
+      let parentDefinition: StreamDefinition | undefined;
+
+      if (parentId) {
+        parentDefinition = await updateParentStream(
+          scopedClusterClient,
+          parentId,
+          params.path.id,
+          logger
+        );
+      }
+      const streamDefinition = { ...params.body };
+
+      await syncStream({
+        scopedClusterClient,
+        definition: { ...streamDefinition, id: params.path.id },
+        rootDefinition: parentDefinition,
+        logger,
+      });
+
+      for (const child of streamDefinition.children) {
+        const streamExists = await checkStreamExists({
+          scopedClusterClient,
+          id: child.id,
+        });
+        if (streamExists) {
+          continue;
+        }
+        // create empty streams for each child if they don't exist
+        const childDefinition = {
+          id: child.id,
+          children: [],
+          fields: [],
+          processing: [],
+        };
+
+        await syncStream({
+          scopedClusterClient,
+          definition: childDefinition,
+          logger,
+        });
+      }
+
+      return response.ok({ body: { acknowledged: true } });
+    } catch (e) {
+      if (e instanceof IndexTemplateNotFound || e instanceof DefinitionNotFound) {
+        return response.notFound({ body: e });
+      }
+
+      if (
+        e instanceof SecurityException ||
+        e instanceof ForkConditionMissing ||
+        e instanceof MalformedStreamId
+      ) {
+        return response.customError({ body: e, statusCode: 400 });
+      }
+
+      return response.customError({ body: e, statusCode: 500 });
+    }
+  },
+});
+
+async function updateParentStream(
+  scopedClusterClient: IScopedClusterClient,
+  parentId: string,
+  id: string,
+  logger: Logger
+) {
+  const { definition: parentDefinition } = await readStream({
+    scopedClusterClient,
+    id: parentId,
+  });
+
+  if (!parentDefinition.children.some((child) => child.id === id)) {
+    // add the child to the parent stream with an empty condition for now
+    parentDefinition.children.push({
+      id,
+      condition: undefined,
+    });
+
+    await syncStream({
+      scopedClusterClient,
+      definition: parentDefinition,
+      logger,
+    });
+  }
+  return parentDefinition;
+}
+
+async function validateStreamChildren(
+  scopedClusterClient: IScopedClusterClient,
+  id: string,
+  children: Array<{ id: string }>
+) {
+  try {
+    const { definition: oldDefinition } = await readStream({
+      scopedClusterClient,
+      id,
+    });
+    const oldChildren = oldDefinition.children.map((child) => child.id);
+    const newChildren = new Set(children.map((child) => child.id));
+    if (oldChildren.some((child) => !newChildren.has(child))) {
+      throw new MalformedChildren(
+        'Cannot remove children from a stream, please delete the stream instead'
+      );
+    }
+  } catch (e) {
+    // Ignore if the stream does not exist, but re-throw if it's another error
+    if (!(e instanceof DefinitionNotFound)) {
+      throw e;
+    }
+  }
+}
diff --git a/x-pack/plugins/streams/server/routes/streams/enable.ts b/x-pack/plugins/streams/server/routes/streams/enable.ts
new file mode 100644
index 0000000000000..27d8929b28e50
--- /dev/null
+++ b/x-pack/plugins/streams/server/routes/streams/enable.ts
@@ -0,0 +1,48 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { z } from '@kbn/zod';
+import { SecurityException } from '../../lib/streams/errors';
+import { createServerRoute } from '../create_server_route';
+import { syncStream } from '../../lib/streams/stream_crud';
+import { rootStreamDefinition } from '../../lib/streams/root_stream_definition';
+import { createStreamsIndex } from '../../lib/streams/internal_stream_mapping';
+
+export const enableStreamsRoute = createServerRoute({
+  endpoint: 'POST /api/streams/_enable 2023-10-31',
+  params: z.object({}),
+  options: {
+    access: 'public',
+    availability: {
+      stability: 'experimental',
+    },
+    security: {
+      authz: {
+        enabled: false,
+        reason:
+          'This API delegates security to the currently logged in user and their Elasticsearch permissions.',
+      },
+    },
+  },
+  handler: async ({ request, response, logger, getScopedClients }) => {
+    try {
+      const { scopedClusterClient } = await getScopedClients({ request });
+      await createStreamsIndex(scopedClusterClient);
+      await syncStream({
+        scopedClusterClient,
+        definition: rootStreamDefinition,
+        logger,
+      });
+      return response.ok({ body: { acknowledged: true } });
+    } catch (e) {
+      if (e instanceof SecurityException) {
+        return response.customError({ body: e, statusCode: 400 });
+      }
+      return response.customError({ body: e, statusCode: 500 });
+    }
+  },
+});
diff --git a/x-pack/plugins/streams/server/routes/streams/fork.ts b/x-pack/plugins/streams/server/routes/streams/fork.ts
new file mode 100644
index 0000000000000..44f4052878003
--- /dev/null
+++ b/x-pack/plugins/streams/server/routes/streams/fork.ts
@@ -0,0 +1,112 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { z } from '@kbn/zod';
+import {
+  DefinitionNotFound,
+  ForkConditionMissing,
+  IndexTemplateNotFound,
+  SecurityException,
+} from '../../lib/streams/errors';
+import { createServerRoute } from '../create_server_route';
+import { conditionSchema, streamDefinitonWithoutChildrenSchema } from '../../../common/types';
+import { syncStream, readStream, validateAncestorFields } from '../../lib/streams/stream_crud';
+import { MalformedStreamId } from '../../lib/streams/errors/malformed_stream_id';
+import { isChildOf } from '../../lib/streams/helpers/hierarchy';
+
+export const forkStreamsRoute = createServerRoute({
+  endpoint: 'POST /api/streams/{id}/_fork 2023-10-31',
+  options: {
+    access: 'public',
+    availability: {
+      stability: 'experimental',
+    },
+    security: {
+      authz: {
+        enabled: false,
+        reason:
+          'This API delegates security to the currently logged in user and their Elasticsearch permissions.',
+      },
+    },
+  },
+  params: z.object({
+    path: z.object({
+      id: z.string(),
+    }),
+    body: z.object({ stream: streamDefinitonWithoutChildrenSchema, condition: conditionSchema }),
+  }),
+  handler: async ({ response, params, logger, request, getScopedClients }) => {
+    try {
+      if (!params.body.condition) {
+        throw new ForkConditionMissing('You must provide a condition to fork a stream');
+      }
+
+      const { scopedClusterClient } = await getScopedClients({ request });
+
+      const { definition: rootDefinition } = await readStream({
+        scopedClusterClient,
+        id: params.path.id,
+      });
+
+      const childDefinition = { ...params.body.stream, children: [] };
+
+      // check whether root stream has a child of the given name already
+      if (rootDefinition.children.some((child) => child.id === childDefinition.id)) {
+        throw new MalformedStreamId(
+          `The stream with ID (${params.body.stream.id}) already exists as a child of the parent stream`
+        );
+      }
+
+      if (!isChildOf(rootDefinition, childDefinition)) {
+        throw new MalformedStreamId(
+          `The ID (${params.body.stream.id}) from the new stream must start with the parent's id (${rootDefinition.id}), followed by a dot and a name`
+        );
+      }
+
+      await validateAncestorFields(
+        scopedClusterClient,
+        params.body.stream.id,
+        params.body.stream.fields
+      );
+
+      rootDefinition.children.push({
+        id: params.body.stream.id,
+        condition: params.body.condition,
+      });
+
+      await syncStream({
+        scopedClusterClient,
+        definition: rootDefinition,
+        rootDefinition,
+        logger,
+      });
+
+      await syncStream({
+        scopedClusterClient,
+        definition: childDefinition,
+        rootDefinition,
+        logger,
+      });
+
+      return response.ok({ body: { acknowledged: true } });
+    } catch (e) {
+      if (e instanceof IndexTemplateNotFound || e instanceof DefinitionNotFound) {
+        return response.notFound({ body: e });
+      }
+
+      if (
+        e instanceof SecurityException ||
+        e instanceof ForkConditionMissing ||
+        e instanceof MalformedStreamId
+      ) {
+        return response.customError({ body: e, statusCode: 400 });
+      }
+
+      return response.customError({ body: e, statusCode: 500 });
+    }
+  },
+});
diff --git a/x-pack/plugins/streams/server/routes/streams/list.ts b/x-pack/plugins/streams/server/routes/streams/list.ts
new file mode 100644
index 0000000000000..2e4f13a89bb41
--- /dev/null
+++ b/x-pack/plugins/streams/server/routes/streams/list.ts
@@ -0,0 +1,70 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { z } from '@kbn/zod';
+import { createServerRoute } from '../create_server_route';
+import { DefinitionNotFound } from '../../lib/streams/errors';
+import { listStreams } from '../../lib/streams/stream_crud';
+
+export const listStreamsRoute = createServerRoute({
+  endpoint: 'GET /api/streams 2023-10-31',
+  options: {
+    access: 'public',
+    availability: {
+      stability: 'experimental',
+    },
+    security: {
+      authz: {
+        enabled: false,
+        reason:
+          'This API delegates security to the currently logged in user and their Elasticsearch permissions.',
+      },
+    },
+  },
+  params: z.object({}),
+  handler: async ({ response, request, getScopedClients }) => {
+    try {
+      const { scopedClusterClient } = await getScopedClients({ request });
+      const definitions = await listStreams({ scopedClusterClient });
+
+      const trees = asTrees(definitions);
+
+      return response.ok({ body: { streams: trees } });
+    } catch (e) {
+      if (e instanceof DefinitionNotFound) {
+        return response.notFound({ body: e });
+      }
+
+      return response.customError({ body: e, statusCode: 500 });
+    }
+  },
+});
+
+interface ListStreamDefinition {
+  id: string;
+  children: ListStreamDefinition[];
+}
+
+function asTrees(definitions: Array<{ id: string[] }>) {
+  const trees: ListStreamDefinition[] = [];
+  definitions.forEach((definition) => {
+    const path = definition.id[0].split('.');
+    let currentTree = trees;
+    path.forEach((_id, index) => {
+      const partialPath = path.slice(0, index + 1).join('.');
+      const existingNode = currentTree.find((node) => node.id === partialPath);
+      if (existingNode) {
+        currentTree = existingNode.children;
+      } else {
+        const newNode = { id: partialPath, children: [] };
+        currentTree.push(newNode);
+        currentTree = newNode.children;
+      }
+    });
+  });
+  return trees;
+}
diff --git a/x-pack/plugins/streams/server/routes/streams/read.ts b/x-pack/plugins/streams/server/routes/streams/read.ts
new file mode 100644
index 0000000000000..5ea2aaf5f2542
--- /dev/null
+++ b/x-pack/plugins/streams/server/routes/streams/read.ts
@@ -0,0 +1,60 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { z } from '@kbn/zod';
+import { createServerRoute } from '../create_server_route';
+import { DefinitionNotFound } from '../../lib/streams/errors';
+import { readAncestors, readStream } from '../../lib/streams/stream_crud';
+
+export const readStreamRoute = createServerRoute({
+  endpoint: 'GET /api/streams/{id} 2023-10-31',
+  options: {
+    access: 'public',
+    availability: {
+      stability: 'experimental',
+    },
+    security: {
+      authz: {
+        enabled: false,
+        reason:
+          'This API delegates security to the currently logged in user and their Elasticsearch permissions.',
+      },
+    },
+  },
+  params: z.object({
+    path: z.object({ id: z.string() }),
+  }),
+  handler: async ({ response, params, request, getScopedClients }) => {
+    try {
+      const { scopedClusterClient } = await getScopedClients({ request });
+      const streamEntity = await readStream({
+        scopedClusterClient,
+        id: params.path.id,
+      });
+
+      const ancestors = await readAncestors({
+        id: streamEntity.definition.id,
+        scopedClusterClient,
+      });
+
+      const body = {
+        ...streamEntity.definition,
+        inheritedFields: ancestors.flatMap(({ definition: { id, fields } }) =>
+          fields.map((field) => ({ ...field, from: id }))
+        ),
+      };
+
+      return response.ok({ body });
+    } catch (e) {
+      if (e instanceof DefinitionNotFound) {
+        return response.notFound({ body: e });
+      }
+
+      return response.customError({ body: e, statusCode: 500 });
+    }
+  },
+});
diff --git a/x-pack/plugins/streams/server/routes/streams/resync.ts b/x-pack/plugins/streams/server/routes/streams/resync.ts
new file mode 100644
index 0000000000000..2365252ab00e6
--- /dev/null
+++ b/x-pack/plugins/streams/server/routes/streams/resync.ts
@@ -0,0 +1,47 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { z } from '@kbn/zod';
+import { createServerRoute } from '../create_server_route';
+import { syncStream, readStream, listStreams } from '../../lib/streams/stream_crud';
+
+export const resyncStreamsRoute = createServerRoute({
+  endpoint: 'POST /api/streams/_resync 2023-10-31',
+  options: {
+    access: 'public',
+    availability: {
+      stability: 'experimental',
+    },
+    security: {
+      authz: {
+        enabled: false,
+        reason:
+          'This API delegates security to the currently logged in user and their Elasticsearch permissions.',
+      },
+    },
+  },
+  params: z.object({}),
+  handler: async ({ response, logger, request, getScopedClients }) => {
+    const { scopedClusterClient } = await getScopedClients({ request });
+
+    const streams = await listStreams({ scopedClusterClient });
+
+    for (const stream of streams) {
+      const { definition } = await readStream({
+        scopedClusterClient,
+        id: stream.id[0],
+      });
+      await syncStream({
+        scopedClusterClient,
+        definition,
+        logger,
+      });
+    }
+
+    return response.ok({});
+  },
+});
diff --git a/x-pack/plugins/streams/server/routes/types.ts b/x-pack/plugins/streams/server/routes/types.ts
new file mode 100644
index 0000000000000..d547d56c088cd
--- /dev/null
+++ b/x-pack/plugins/streams/server/routes/types.ts
@@ -0,0 +1,22 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { KibanaRequest } from '@kbn/core-http-server';
+import { DefaultRouteHandlerResources } from '@kbn/server-route-repository';
+import { IScopedClusterClient } from '@kbn/core-elasticsearch-server';
+import { SavedObjectsClientContract } from '@kbn/core-saved-objects-api-server';
+import { StreamsServer } from '../types';
+
+export interface RouteDependencies {
+  server: StreamsServer;
+  getScopedClients: ({ request }: { request: KibanaRequest }) => Promise<{
+    scopedClusterClient: IScopedClusterClient;
+    soClient: SavedObjectsClientContract;
+  }>;
+}
+
+export type StreamsRouteHandlerResources = RouteDependencies & DefaultRouteHandlerResources;
diff --git a/x-pack/plugins/streams/server/types.ts b/x-pack/plugins/streams/server/types.ts
new file mode 100644
index 0000000000000..f119faa0ed010
--- /dev/null
+++ b/x-pack/plugins/streams/server/types.ts
@@ -0,0 +1,45 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { CoreStart, ElasticsearchClient, Logger } from '@kbn/core/server';
+import { SecurityPluginStart } from '@kbn/security-plugin/server';
+import {
+  EncryptedSavedObjectsPluginSetup,
+  EncryptedSavedObjectsPluginStart,
+} from '@kbn/encrypted-saved-objects-plugin/server';
+import { LicensingPluginStart } from '@kbn/licensing-plugin/server';
+import {
+  TaskManagerSetupContract,
+  TaskManagerStartContract,
+} from '@kbn/task-manager-plugin/server';
+import { StreamsConfig } from '../common/config';
+
+export interface StreamsServer {
+  core: CoreStart;
+  config: StreamsConfig;
+  logger: Logger;
+  security: SecurityPluginStart;
+  encryptedSavedObjects: EncryptedSavedObjectsPluginStart;
+  isServerless: boolean;
+  taskManager: TaskManagerStartContract;
+}
+
+export interface ElasticsearchAccessorOptions {
+  elasticsearchClient: ElasticsearchClient;
+}
+
+export interface StreamsPluginSetupDependencies {
+  encryptedSavedObjects: EncryptedSavedObjectsPluginSetup;
+  taskManager: TaskManagerSetupContract;
+}
+
+export interface StreamsPluginStartDependencies {
+  security: SecurityPluginStart;
+  encryptedSavedObjects: EncryptedSavedObjectsPluginStart;
+  licensing: LicensingPluginStart;
+  taskManager: TaskManagerStartContract;
+}
diff --git a/x-pack/plugins/streams/tsconfig.json b/x-pack/plugins/streams/tsconfig.json
new file mode 100644
index 0000000000000..c2fde35f9ca22
--- /dev/null
+++ b/x-pack/plugins/streams/tsconfig.json
@@ -0,0 +1,31 @@
+{
+  "extends": "../../../tsconfig.base.json",
+  "compilerOptions": {
+    "outDir": "target/types"
+  },
+  "include": [
+    "../../../typings/**/*",
+    "common/**/*",
+    "server/**/*",
+    "public/**/*",
+    "types/**/*"
+  ],
+  "exclude": [
+    "target/**/*"
+  ],
+  "kbn_references": [
+    "@kbn/config-schema",
+    "@kbn/core",
+    "@kbn/logging",
+    "@kbn/core-plugins-server",
+    "@kbn/core-http-server",
+    "@kbn/security-plugin",
+    "@kbn/core-saved-objects-api-server",
+    "@kbn/core-elasticsearch-server",
+    "@kbn/task-manager-plugin",
+    "@kbn/server-route-repository",
+    "@kbn/zod",
+    "@kbn/encrypted-saved-objects-plugin",
+    "@kbn/licensing-plugin",
+  ]
+}
diff --git a/x-pack/plugins/task_manager/server/task_running/task_runner.test.ts b/x-pack/plugins/task_manager/server/task_running/task_runner.test.ts
index a7072416a062e..bcff0417cdf9a 100644
--- a/x-pack/plugins/task_manager/server/task_running/task_runner.test.ts
+++ b/x-pack/plugins/task_manager/server/task_running/task_runner.test.ts
@@ -930,9 +930,33 @@ describe('TaskManagerRunner', () => {
       const loggerCall = logger.error.mock.calls[0][0];
       const loggerMeta = logger.error.mock.calls[0][1];
       expect(loggerCall as string).toMatchInlineSnapshot(`"Task bar \\"foo\\" failed: Error: rar"`);
-      expect(loggerMeta?.tags).toEqual(['bar', 'foo', 'task-run-failed']);
+      expect(loggerMeta?.tags).toEqual(['bar', 'foo', 'task-run-failed', 'framework-error']);
       expect(loggerMeta?.error?.stack_trace).toBeDefined();
     });
+    test('logs user errors as expected when task fails', async () => {
+      const { runner, logger } = await readyToRunStageSetup({
+        instance: {
+          params: { a: 'b' },
+          state: { hey: 'there' },
+        },
+        definitions: {
+          bar: {
+            title: 'Bar!',
+            createTaskRunner: () => ({
+              async run() {
+                throw createTaskRunError(new Error('rar'), TaskErrorSource.USER);
+              },
+            }),
+          },
+        },
+      });
+      await runner.run();
+
+      const loggerCall = logger.error.mock.calls[0][0];
+      const loggerMeta = logger.error.mock.calls[0][1];
+      expect(loggerCall as string).toMatchInlineSnapshot(`"Task bar \\"foo\\" failed: Error: rar"`);
+      expect(loggerMeta?.tags).toEqual(['bar', 'foo', 'task-run-failed', 'user-error']);
+    });
     test('provides execution context on run', async () => {
       const { runner } = await readyToRunStageSetup({
         definitions: {
diff --git a/x-pack/plugins/task_manager/server/task_running/task_runner.ts b/x-pack/plugins/task_manager/server/task_running/task_runner.ts
index 10fac96fe7c0a..9f9dadbc27c93 100644
--- a/x-pack/plugins/task_manager/server/task_running/task_runner.ts
+++ b/x-pack/plugins/task_manager/server/task_running/task_runner.ts
@@ -55,11 +55,12 @@ import {
   TaskStatus,
 } from '../task';
 import { TaskTypeDictionary } from '../task_type_dictionary';
-import { isUnrecoverableError } from './errors';
+import { isUnrecoverableError, isUserError } from './errors';
 import { CLAIM_STRATEGY_MGET, type TaskManagerConfig } from '../config';
 import { TaskValidator } from '../task_validator';
 import { getRetryAt, getRetryDate, getTimeout } from '../lib/get_retry_at';
 import { getNextRunAt } from '../lib/get_next_run_at';
+import { TaskErrorSource } from '../../common/constants';
 
 export const EMPTY_RUN_RESULT: SuccessfulRunResult = { state: {} };
 
@@ -397,8 +398,9 @@ export class TaskManagerRunner implements TaskRunner {
       if (apmTrans) apmTrans.end('success');
       return processedResult;
     } catch (err) {
+      const errorSource = isUserError(err) ? TaskErrorSource.USER : TaskErrorSource.FRAMEWORK;
       this.logger.error(`Task ${this} failed: ${err}`, {
-        tags: [this.taskType, this.instance.task.id, 'task-run-failed'],
+        tags: [this.taskType, this.instance.task.id, 'task-run-failed', `${errorSource}-error`],
         error: { stack_trace: err.stack },
       });
       // in error scenario, we can not get the RunResult
diff --git a/x-pack/plugins/telemetry_collection_xpack/schema/xpack_plugins.json b/x-pack/plugins/telemetry_collection_xpack/schema/xpack_plugins.json
index 79f9a373a92ba..257ad9c3af07b 100644
--- a/x-pack/plugins/telemetry_collection_xpack/schema/xpack_plugins.json
+++ b/x-pack/plugins/telemetry_collection_xpack/schema/xpack_plugins.json
@@ -13643,6 +13643,138 @@
         }
       }
     },
+    "investigation": {
+      "properties": {
+        "investigation": {
+          "properties": {
+            "total": {
+              "type": "long",
+              "_meta": {
+                "description": "The total number of investigations in the cluster"
+              }
+            },
+            "by_status": {
+              "properties": {
+                "triage": {
+                  "type": "long",
+                  "_meta": {
+                    "description": "The number of investigations in triage status in the cluster"
+                  }
+                },
+                "active": {
+                  "type": "long",
+                  "_meta": {
+                    "description": "The number of investigations in active status in the cluster"
+                  }
+                },
+                "mitigated": {
+                  "type": "long",
+                  "_meta": {
+                    "description": "The number of investigations in mitigated status in the cluster"
+                  }
+                },
+                "resolved": {
+                  "type": "long",
+                  "_meta": {
+                    "description": "The number of investigations in resolved status in the cluster"
+                  }
+                },
+                "cancelled": {
+                  "type": "long",
+                  "_meta": {
+                    "description": "The number of investigations in cancelled status in the cluster"
+                  }
+                }
+              }
+            },
+            "by_origin": {
+              "properties": {
+                "alert": {
+                  "type": "long",
+                  "_meta": {
+                    "description": "The number of investigations created from alerts in the cluster"
+                  }
+                },
+                "blank": {
+                  "type": "long",
+                  "_meta": {
+                    "description": "The number of investigations created from scratch in the cluster"
+                  }
+                }
+              }
+            },
+            "items": {
+              "properties": {
+                "avg": {
+                  "type": "long",
+                  "_meta": {
+                    "description": "The average number of items across all investigations in the cluster"
+                  }
+                },
+                "p90": {
+                  "type": "long",
+                  "_meta": {
+                    "description": "The 90th percentile of the number of items across all investigations in the cluster"
+                  }
+                },
+                "p95": {
+                  "type": "long",
+                  "_meta": {
+                    "description": "The 95th percentile of the number of items across all investigations in the cluster"
+                  }
+                },
+                "max": {
+                  "type": "long",
+                  "_meta": {
+                    "description": "The maximum number of items across all investigations in the cluster"
+                  }
+                },
+                "min": {
+                  "type": "long",
+                  "_meta": {
+                    "description": "The minimum number of items across all investigations in the cluster"
+                  }
+                }
+              }
+            },
+            "notes": {
+              "properties": {
+                "avg": {
+                  "type": "long",
+                  "_meta": {
+                    "description": "The average number of notes across all investigations in the cluster"
+                  }
+                },
+                "p90": {
+                  "type": "long",
+                  "_meta": {
+                    "description": "The 90th percentile of the number of notes across all investigations in the cluster"
+                  }
+                },
+                "p95": {
+                  "type": "long",
+                  "_meta": {
+                    "description": "The 95th percentile of the number of notes across all investigations in the cluster"
+                  }
+                },
+                "max": {
+                  "type": "long",
+                  "_meta": {
+                    "description": "The maximum number of notes across all investigations in the cluster"
+                  }
+                },
+                "min": {
+                  "type": "long",
+                  "_meta": {
+                    "description": "The minimum number of notes across all investigations in the cluster"
+                  }
+                }
+              }
+            }
+          }
+        }
+      }
+    },
     "kibana_settings": {
       "properties": {
         "xpack": {
diff --git a/x-pack/plugins/translations/translations/fr-FR.json b/x-pack/plugins/translations/translations/fr-FR.json
index 0cff8e466d319..32e78303e7be3 100644
--- a/x-pack/plugins/translations/translations/fr-FR.json
+++ b/x-pack/plugins/translations/translations/fr-FR.json
@@ -4340,9 +4340,6 @@
     "home.tutorials.ciscoLogs.longDescription": "Il s'agit d'un module pour les logs de dispositifs réseau Cisco (ASA, FTD, IOS, Nexus). Il inclut les ensembles de fichiers suivants pour la réception des logs par le biais de Syslog ou d'un ficher. [En savoir plus]({learnMoreLink}).",
     "home.tutorials.ciscoLogs.nameTitle": "Logs Cisco",
     "home.tutorials.ciscoLogs.shortDescription": "Collectez et analysez les logs à partir des périphériques réseau Cisco avec Filebeat.",
-    "home.tutorials.cloudwatchLogs.longDescription": "Collectez les logs Cloudwatch en déployant Functionbeat à des fins d'exécution en tant que fonction AWS Lambda.",
-    "home.tutorials.cloudwatchLogs.nameTitle": "Logs Cloudwatch AWS",
-    "home.tutorials.cloudwatchLogs.shortDescription": "Collectez et analysez les logs à partir d'AWS Cloudwatch avec Functionbeat.",
     "home.tutorials.cockroachdbMetrics.artifacts.dashboards.linkLabel": "Tableau de bord des indicateurs CockroachDB",
     "home.tutorials.cockroachdbMetrics.longDescription": "Le module Metricbeat `cockroachbd` récupère les indicateurs depuis CockroachDB. [En savoir plus]({learnMoreLink}).",
     "home.tutorials.cockroachdbMetrics.nameTitle": "Indicateurs CockroachDB",
@@ -4451,41 +4448,6 @@
     "home.tutorials.common.filebeatStatusCheck.successText": "Des données ont été reçues de ce module.",
     "home.tutorials.common.filebeatStatusCheck.text": "Vérifier que des données sont reçues du module Filebeat `{moduleName}`",
     "home.tutorials.common.filebeatStatusCheck.title": "Statut du module",
-    "home.tutorials.common.functionbeat.cloudInstructions.gettingStarted.title": "Commencer",
-    "home.tutorials.common.functionbeat.premCloudInstructions.gettingStarted.title": "Commencer",
-    "home.tutorials.common.functionbeat.premInstructions.gettingStarted.title": "Commencer",
-    "home.tutorials.common.functionbeatAWSInstructions.textPost": "Où {accessKey} et {secretAccessKey} sont vos informations d'identification et `us-east-1` est la région désirée.",
-    "home.tutorials.common.functionbeatAWSInstructions.textPre": "Définissez vos informations d'identification AWS dans l'environnement :",
-    "home.tutorials.common.functionbeatAWSInstructions.title": "Définir des informations d'identification AWS",
-    "home.tutorials.common.functionbeatCloudInstructions.config.osxTextPre": "Modifiez {path} afin de définir les informations de connexion pour Elastic Cloud :",
-    "home.tutorials.common.functionbeatCloudInstructions.config.osxTitle": "Modifier la configuration",
-    "home.tutorials.common.functionbeatCloudInstructions.config.windowsTextPre": "Modifiez {path} afin de définir les informations de connexion pour Elastic Cloud :",
-    "home.tutorials.common.functionbeatCloudInstructions.config.windowsTitle": "Modifier la configuration",
-    "home.tutorials.common.functionbeatEnableOnPremInstructions.defaultTextPost": "Où `'<cloudwatch-log-group>'` est le nom du groupe de logs à importer et `'<unique-bucket-name>'` un nom de compartiment S3 valide pour la mise en œuvre du déploiement de Functionbeat.",
-    "home.tutorials.common.functionbeatEnableOnPremInstructions.defaultTitle": "Configurer le groupe de logs Cloudwatch",
-    "home.tutorials.common.functionbeatEnableOnPremInstructionsOSXLinux.textPre": "Modifiez les paramètres dans le fichier `functionbeat.yml`.",
-    "home.tutorials.common.functionbeatEnableOnPremInstructionsWindows.textPre": "Modifiez les paramètres dans le fichier {path}.",
-    "home.tutorials.common.functionbeatInstructions.config.osxTextPostMarkdown": "Où {passwordTemplate} est le mot de passe de l'utilisateur \"elastic\", {esUrlTemplate} est l'URL d'Elasticsearch et {kibanaUrlTemplate} est l'URL de Kibana. Pour [configurer SSL]({configureSslUrl}) avec le certificat par défaut généré par Elasticsearch, ajoutez son empreinte dans {esCertFingerprintTemplate}. > **_Important :_** N'utilisez pas l'utilisateur intégré `elastic` pour sécuriser les clients dans un environnement de production. À la place, configurez des utilisateurs autorisés ou des clés d'API, et n'exposez pas les mots de passe dans les fichiers de configuration. [Learn more]({linkUrl}).",
-    "home.tutorials.common.functionbeatInstructions.config.osxTextPre": "Modifiez {path} afin de définir les informations de connexion :",
-    "home.tutorials.common.functionbeatInstructions.config.osxTitle": "Configurer le cluster Elastic",
-    "home.tutorials.common.functionbeatInstructions.config.windowsTextPostMarkdown": "Où {passwordTemplate} est le mot de passe de l'utilisateur \"elastic\", {esUrlTemplate} est l'URL d'Elasticsearch et {kibanaUrlTemplate} est l'URL de Kibana. Pour [configurer SSL]({configureSslUrl}) avec le certificat par défaut généré par Elasticsearch, ajoutez son empreinte dans {esCertFingerprintTemplate}. > **_Important :_** N'utilisez pas l'utilisateur intégré `elastic` pour sécuriser les clients dans un environnement de production. À la place, configurez des utilisateurs autorisés ou des clés d'API, et n'exposez pas les mots de passe dans les fichiers de configuration. [Learn more]({linkUrl}).",
-    "home.tutorials.common.functionbeatInstructions.config.windowsTextPre": "Modifiez {path} afin de définir les informations de connexion :",
-    "home.tutorials.common.functionbeatInstructions.config.windowsTitle": "Modifier la configuration",
-    "home.tutorials.common.functionbeatInstructions.deploy.osxTextPre": "Ceci permet d'installer Functionbeat en tant que fonction Lambda. La commande `setup` vérifie la configuration d'Elasticsearch et charge le modèle d'indexation Kibana. L'omission de cette commande est normalement sans risque.",
-    "home.tutorials.common.functionbeatInstructions.deploy.osxTitle": "Déployer Functionbeat en tant que fonction AWS Lambda",
-    "home.tutorials.common.functionbeatInstructions.deploy.windowsTextPre": "Ceci permet d'installer Functionbeat en tant que fonction Lambda. La commande `setup` vérifie la configuration d'Elasticsearch et charge le modèle d'indexation Kibana. L'omission de cette commande est normalement sans risque.",
-    "home.tutorials.common.functionbeatInstructions.deploy.windowsTitle": "Déployer Functionbeat en tant que fonction AWS Lambda",
-    "home.tutorials.common.functionbeatInstructions.install.linuxTextPre": "Vous utilisez Functionbeat pour la première fois ? Consultez le [guide de démarrage rapide]({link}).",
-    "home.tutorials.common.functionbeatInstructions.install.linuxTitle": "Télécharger et installer Functionbeat",
-    "home.tutorials.common.functionbeatInstructions.install.osxTextPre": "Vous utilisez Functionbeat pour la première fois ? Consultez le [guide de démarrage rapide]({link}).",
-    "home.tutorials.common.functionbeatInstructions.install.osxTitle": "Télécharger et installer Functionbeat",
-    "home.tutorials.common.functionbeatInstructions.install.windowsTextPre": "Vous utilisez Functionbeat pour la première fois ? Consultez le [guide de démarrage rapide]({functionbeatLink}). 1. Téléchargez le fichier .zip Functionbeat pour Windows via la page [Télécharger]({elasticLink}). 2. Extrayez le contenu du fichier compressé sous {folderPath}. 3. Renommez le répertoire `{directoryName}` en `Functionbeat`. 4. Ouvrez une invite PowerShell en tant qu'administrateur (faites un clic droit sur l'icône PowerShell et sélectionnez **Exécuter en tant qu'administrateur**). Si vous exécutez Windows XP, vous devrez peut-être télécharger et installer PowerShell. 5. Depuis l'invite PowerShell, accédez au répertoire Functionbeat :",
-    "home.tutorials.common.functionbeatInstructions.install.windowsTitle": "Télécharger et installer Functionbeat",
-    "home.tutorials.common.functionbeatStatusCheck.buttonLabel": "Vérifier les données",
-    "home.tutorials.common.functionbeatStatusCheck.errorText": "Aucune donnée n'a encore été reçue de Functionbeat.",
-    "home.tutorials.common.functionbeatStatusCheck.successText": "Des données ont été reçues de Functionbeat.",
-    "home.tutorials.common.functionbeatStatusCheck.text": "Vérifier que des données sont reçues de Functionbeat",
-    "home.tutorials.common.functionbeatStatusCheck.title": "Statut de Functionbeat",
     "home.tutorials.common.heartbeat.cloudInstructions.gettingStarted.title": "Commencer",
     "home.tutorials.common.heartbeat.premCloudInstructions.gettingStarted.title": "Commencer",
     "home.tutorials.common.heartbeat.premInstructions.gettingStarted.title": "Commencer",
@@ -16200,7 +16162,6 @@
     "xpack.elasticAssistant.evaluation.fetchEvaluationDataError": "Erreur lors de la récupération des données d'évaluation…",
     "xpack.elasticAssistant.flyout.right.header.collapseDetailButtonAriaLabel": "Masquer les chats",
     "xpack.elasticAssistant.flyout.right.header.expandDetailButtonAriaLabel": "Afficher les chats",
-    "xpack.elasticAssistant.knowledgeBase.deleteError": "Erreur lors de la suppression de la base de connaissances",
     "xpack.elasticAssistant.knowledgeBase.entries.createErrorTitle": "Erreur lors de la création d’une entrée de la base de connaissances",
     "xpack.elasticAssistant.knowledgeBase.entries.createSuccessTitle": "Entrée de la base de connaissances créée",
     "xpack.elasticAssistant.knowledgeBase.entries.deleteErrorTitle": "Erreur lors de la suppression d’entrées de la base de connaissances",
@@ -23531,9 +23492,6 @@
     "xpack.idxMgmt.templateBadgeType.cloudManaged": "Géré dans le cloud",
     "xpack.idxMgmt.templateBadgeType.managed": "Géré",
     "xpack.idxMgmt.templateBadgeType.system": "Système",
-    "xpack.idxMgmt.templateContentIndicator.aliasesTooltipLabel": "Alias",
-    "xpack.idxMgmt.templateContentIndicator.indexSettingsTooltipLabel": "Paramètres des index",
-    "xpack.idxMgmt.templateContentIndicator.mappingsTooltipLabel": "Mappings",
     "xpack.idxMgmt.templateCreate.loadingTemplateToCloneDescription": "Chargement du modèle à cloner en cours…",
     "xpack.idxMgmt.templateCreate.loadingTemplateToCloneErrorMessage": "Erreur lors du chargement du modèle à cloner",
     "xpack.idxMgmt.templateDetails.aliasesTabTitle": "Alias",
@@ -24651,8 +24609,6 @@
     "xpack.infra.logs.viewInContext.logsFromContainerTitle": "Les logs affichés proviennent du conteneur {container}",
     "xpack.infra.logs.viewInContext.logsFromFileTitle": "Les logs affichés proviennent du fichier {file} et de l'hôte {host}",
     "xpack.infra.logsDeprecationCallout.euiCallOut.discoverANewLogLabel": "Il existe une nouvelle (et meilleure) façon d'explorer vos logs !",
-    "xpack.infra.logsDeprecationCallout.p.theNewLogsExplorerLabel": "Le nouveau Logs Explorer facilite la visualisation et l'inspection de vos journaux et propose davantage de fonctionnalités, des performances supérieures ainsi qu’une navigation plus intuitive. Nous vous recommandons de passer à Logs Explorer, car il remplacera Logs Stream dans une version ultérieure.",
-    "xpack.infra.logsDeprecationCallout.tryLogsExplorerButtonLabel": "Essayer Logs Explorer",
     "xpack.infra.logsHeaderAddDataButtonLabel": "Ajouter des données",
     "xpack.infra.logSourceConfiguration.childFormElementErrorMessage": "L'état d'au moins un champ du formulaire est non valide.",
     "xpack.infra.logSourceConfiguration.dataViewDescription": "Vue de données contenant les données de log",
@@ -24685,7 +24641,6 @@
     "xpack.infra.logSourceErrorPage.tryAgainButtonLabel": "Réessayer",
     "xpack.infra.logsPage.toolbar.kqlSearchFieldPlaceholder": "Recherche d'entrées de log… (par ex. host.name:host-1)",
     "xpack.infra.logsPage.toolbar.logFilterErrorToastTitle": "Erreur de filtrage du log",
-    "xpack.infra.logsSettingsDeprecationCallout.p.theNewLogsExplorerLabel": "Ces paramètres s'appliquent uniquement à l'ancienne application Logs Stream et nous vous déconseillons de les configurer. Utilisez plutôt le nouveau Logs Explorer qui facilite la visualisation et l'inspection de vos logs et propose davantage de fonctionnalités, des performances supérieures ainsi qu'une navigation plus intuitive.",
     "xpack.infra.logsSettingsPage.loadingButtonLabel": "Chargement",
     "xpack.infra.logsStreamEmbeddable.deprecationWarningDescription": "La maintenance des panneaux de flux de logs n'est plus assurée. Essayez d'utiliser {savedSearchDocsLink} pour une visualisation similaire.",
     "xpack.infra.logsStreamEmbeddable.deprecationWarningDescription.savedSearchesLinkLabel": "recherches enregistrées",
@@ -34658,8 +34613,6 @@
     "xpack.observabilityLogsExplorer.alertsPopover.createSLOMenuItem": "Créer un SLO",
     "xpack.observabilityLogsExplorer.alertsPopover.manageRulesMenuItem": "{canCreateRule, select, true{Gérer} other{Afficher}} les règles",
     "xpack.observabilityLogsExplorer.appTitle": "Explorateur de logs",
-    "xpack.observabilityLogsExplorer.betaBadgeDescription": "Il s'agit du stade bêta de l'application, qui est donc susceptible d'évoluer.",
-    "xpack.observabilityLogsExplorer.betaBadgeTitle": "Bêta",
     "xpack.observabilityLogsExplorer.createSlo": "Créer un SLO",
     "xpack.observabilityLogsExplorer.datasetQualityLinkTitle": "Ensembles de données",
     "xpack.observabilityLogsExplorer.discoverLinkTitle": "Ouvrir dans Discover",
@@ -38174,8 +38127,6 @@
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.esqlQueryFieldRequiredError": "Une requête ES|QL est requise.",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.esqlQueryLabel": "Requête ES|QL",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.fieldAnomalyThresholdLabel": "Seuil de score d'anomalie",
-    "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.fieldGroupByDurationValueHelpText": "Supprimer les alertes pour",
-    "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.fieldGroupByFieldHelpText": "Sélectionner les champs à utiliser pour la suppression d'alertes supplémentaires",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.fieldMachineLearningJobIdLabel": "Tâche de Machine Learning",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.fieldQuerBarLabel": "Requête personnalisée",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.fieldRuleTypeLabel": "Type de règle",
@@ -38191,9 +38142,6 @@
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.ga.enableThresholdSuppressionForFieldsLabel": "Supprimer les alertes par champs sélectionnés : {fieldsString}",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.ga.enableThresholdSuppressionLabel": "Supprimer les alertes",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.groupByDurationValueLabel": "Supprimer les alertes pour",
-    "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.groupByFieldsGALabelAppend": "Facultatif",
-    "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.groupByFieldsLabel": "Supprimer les alertes par",
-    "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.groupByFieldsTechPreviewLabelAppend": "Facultatif (version d'évaluation technique)",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.historyWindowSizeLabel": "Taille de la fenêtre d’historique",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.importTimelineModalTitle": "Importer la requête à partir de la chronologie enregistrée",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.importTimelineQueryButton": "Importer la requête à partir de la chronologie enregistrée",
@@ -38230,7 +38178,6 @@
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.SavedQueryFormRowLabel": "Requête enregistrée",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.source": "Source",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.Su.perRuleExecutionWarning": "L'option d'exécution par règles n'est pas disponible pour le type de règle Seuil",
-    "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.suppressionMissingFieldsLabel": "Si un champ de suppression est manquant",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.threatMatchIndexForbiddenError": "Le modèle d'indexation ne peut pas être { forbiddenString }. Veuillez choisir un modèle d'indexation plus spécifique.",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.threatMatchingIcesHelperDescription": "Sélectionner des index de menaces",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.threatMatchoutputIndiceNameFieldRequiredError": "Au minimum un modèle d'indexation est requis.",
@@ -39040,7 +38987,6 @@
     "xpack.securitySolution.detectionEngine.ruleDescription.eqlEventCategoryFieldLabel": "Champ de catégorie d'événement",
     "xpack.securitySolution.detectionEngine.ruleDescription.eqlTiebreakerFieldLabel": "Champ de départage",
     "xpack.securitySolution.detectionEngine.ruleDescription.eqlTimestampFieldLabel": "Champ d'horodatage",
-    "xpack.securitySolution.detectionEngine.ruleDescription.groupByFieldsLabel": "Supprimer les alertes par",
     "xpack.securitySolution.detectionEngine.ruleDescription.mlAdminPermissionsRequiredDescription": "Autorisations d'administrateur ML requises pour effectuer cette action",
     "xpack.securitySolution.detectionEngine.ruleDescription.mlJobStartedDescription": "Démarré",
     "xpack.securitySolution.detectionEngine.ruleDescription.mlJobStoppedDescription": "Arrêté",
@@ -39538,7 +39484,6 @@
     "xpack.securitySolution.detectionEngine.stepDefineRule.pickDataView": "Sélectionner une vue de données",
     "xpack.securitySolution.detectionEngine.userUnauthenticatedMsgBody": "Vous ne disposez pas des autorisations requises pour visualiser le moteur de détection. Pour une aide supplémentaire, contactez votre administrateur.",
     "xpack.securitySolution.detectionEngine.userUnauthenticatedTitle": "Autorisations de moteur de détection requises",
-    "xpack.securitySolution.detectionEngine.validations.stepDefineRule.groupByFieldsMax": "Le nombre de champs de regroupement doit être de 3 au maximum",
     "xpack.securitySolution.detectionEngine.validations.stepDefineRule.historyWindowSize.errMin": "La taille de la fenêtre d'historique doit être supérieure à 0.",
     "xpack.securitySolution.detectionEngine.validations.stepDefineRule.newTermsFieldsMax": "Le nombre de champs doit être de 3 au maximum.",
     "xpack.securitySolution.detectionEngine.validations.thresholdCardinalityFieldFieldData.thresholdCardinalityFieldNotSuppliedMessage": "Un champ Cardinalité est requis.",
@@ -43421,17 +43366,9 @@
     "xpack.slo.budgetingMethod.occurrences": "Occurrences",
     "xpack.slo.budgetingMethod.timeslices": "Intervalles de temps",
     "xpack.slo.burnRate.alertDetails.logRateAnalysis.sectionTitle": "Analyse du taux de log",
-    "xpack.slo.burnRate.breachedStatustSubtitle": "Au rythme actuel, le budget d'erreur sera épuisé dans {hour} heures.",
-    "xpack.slo.burnRate.breachedStatustTitle": "Valeur critique dépassée",
     "xpack.slo.burnRate.durationLabel": "Dernièr(e)(s) {duration}",
     "xpack.slo.burnRate.exhaustionTimeLabel": "À ce rythme, l'ensemble du budget d'erreur sera épuisé dans {hour} heures.",
-    "xpack.slo.burnRate.noDataStatusSubtitle": "En attente de plus de données.",
-    "xpack.slo.burnRate.noDataStatusTitle": "Aucune valeur",
-    "xpack.slo.burnRate.okStatusSubtitle": "Aucun risque d'épuisement du budget d'erreurs.",
-    "xpack.slo.burnRate.okStatusTitle": "Valeur acceptable",
-    "xpack.slo.burnRate.threshold": "Le seuil est {threshold}x",
     "xpack.slo.burnRate.timeRangeBtnLegend": "Sélectionner la plage temporelle",
-    "xpack.slo.burnRate.title": "Taux d'avancement",
     "xpack.slo.burnRateEmbeddable.ariaLabel": "Taux d’avancement du SLO",
     "xpack.slo.burnRateEmbeddable.configuration.cancelButtonLabel": "Confirmer",
     "xpack.slo.burnRateEmbeddable.configuration.durationLabel": "Durée",
@@ -43452,7 +43389,6 @@
     "xpack.slo.burnRateRule.alertDetailsAppSection.summaryField.slo": "SLO",
     "xpack.slo.burnRateRuleEditor.h5.chooseASLOToMonitorLabel": "Choisir un SLO pour monitorer",
     "xpack.slo.burnRateRuleEditor.h5.defineMultipleBurnRateLabel": "Définir des fenêtres du taux d'avancement multiples",
-    "xpack.slo.burnRates.fromRange.label": "{duration, plural, one {# heure} other {# heures}}",
     "xpack.slo.burnRates.value": "{value} fois",
     "xpack.slo.create.errorNotification": "Un problème est survenu lors de la création de {name}",
     "xpack.slo.dataPreviewChart.noResultsLabel": "aucun résultat",
@@ -45064,7 +45000,7 @@
     "xpack.spaces.navControl.spacesMenu.changeCurrentSpaceTitle": "Modifier l'espace en cours",
     "xpack.spaces.navControl.spacesMenu.findSpacePlaceholder": "Rechercher un espace",
     "xpack.spaces.navControl.spacesMenu.noSpacesFoundTitle": "aucun espace trouvé",
-    "xpack.spaces.navControl.spacesMenu.selectSpacesTitle": "Vos espaces",
+    "xpack.spaces.navControl.spacesMenu.selectSpacesTitle": "Espaces",
     "xpack.spaces.navControl.spacesMenu.spacesAriaLabel": "Espaces",
     "xpack.spaces.navControl.tour.closeBtn": "Fermer",
     "xpack.spaces.navControl.tour.content": "Il offre toutes les analyses et les fonctionnalités {solution} dont vous avez besoin. Vous pouvez changer de vue ou revenir à la navigation classique à partir des paramètres de votre espace, ou créer d'autres espaces avec des vues différentes. {learnMore}",
diff --git a/x-pack/plugins/translations/translations/ja-JP.json b/x-pack/plugins/translations/translations/ja-JP.json
index 17fb0b2ff933d..6607dff1c812a 100644
--- a/x-pack/plugins/translations/translations/ja-JP.json
+++ b/x-pack/plugins/translations/translations/ja-JP.json
@@ -4334,9 +4334,6 @@
     "home.tutorials.ciscoLogs.longDescription": "これは Cisco ネットワークデバイスのログ用のモジュールです(ASA、FTD、IOS、Nexus)。Syslog のログまたはファイルから読み取られたログを受信するための次のファイルセットが含まれます。[詳細]({learnMoreLink})。",
     "home.tutorials.ciscoLogs.nameTitle": "Ciscoログ",
     "home.tutorials.ciscoLogs.shortDescription": "Filebeatを使用してCiscoネットワークデバイスからログを収集して解析します。",
-    "home.tutorials.cloudwatchLogs.longDescription": "FunctionbeatをAWS Lambda関数として実行するようデプロイし、Cloudwatchログを収集します。",
-    "home.tutorials.cloudwatchLogs.nameTitle": "AWS Cloudwatchログ",
-    "home.tutorials.cloudwatchLogs.shortDescription": "Functionbeatを使用してAWS Cloudwatchからログを収集して解析します。",
     "home.tutorials.cockroachdbMetrics.artifacts.dashboards.linkLabel": "CockroachDB メトリックダッシュボード",
     "home.tutorials.cockroachdbMetrics.longDescription": "Metricbeat モジュール「cockroachdb」は、CockroachDB からメトリックを取得します。[詳細]({learnMoreLink})。",
     "home.tutorials.cockroachdbMetrics.nameTitle": "CockroachDB Metrics",
@@ -4446,40 +4443,6 @@
     "home.tutorials.common.filebeatStatusCheck.successText": "このモジュールからデータを受け取りました",
     "home.tutorials.common.filebeatStatusCheck.text": "Filebeat の「{moduleName}」モジュールからデータを受け取ったことを確認してください。",
     "home.tutorials.common.filebeatStatusCheck.title": "モジュールステータス",
-    "home.tutorials.common.functionbeat.cloudInstructions.gettingStarted.title": "はじめに",
-    "home.tutorials.common.functionbeat.premCloudInstructions.gettingStarted.title": "はじめに",
-    "home.tutorials.common.functionbeat.premInstructions.gettingStarted.title": "はじめに",
-    "home.tutorials.common.functionbeatAWSInstructions.textPost": "{accessKey}と{secretAccessKey}がアカウント認証情報で、us-east-1が希望の地域です。",
-    "home.tutorials.common.functionbeatAWSInstructions.textPre": "環境で AWS アカウント認証情報を設定します。",
-    "home.tutorials.common.functionbeatAWSInstructions.title": "AWS 認証情報の設定",
-    "home.tutorials.common.functionbeatCloudInstructions.config.osxTextPre": "{path} を変更して Elastic Cloud への接続情報を設定します:",
-    "home.tutorials.common.functionbeatCloudInstructions.config.osxTitle": "構成を編集する",
-    "home.tutorials.common.functionbeatCloudInstructions.config.windowsTextPre": "{path} を変更して Elastic Cloud への接続情報を設定します:",
-    "home.tutorials.common.functionbeatCloudInstructions.config.windowsTitle": "構成を編集する",
-    "home.tutorials.common.functionbeatEnableOnPremInstructions.defaultTitle": "Cloudwatch ロググループの構成",
-    "home.tutorials.common.functionbeatEnableOnPremInstructionsOSXLinux.textPre": "「functionbeat.yml」ファイルで設定を変更します。",
-    "home.tutorials.common.functionbeatEnableOnPremInstructionsWindows.textPre": "{path} ファイルで設定を変更します。",
-    "home.tutorials.common.functionbeatInstructions.config.osxTextPostMarkdown": "{passwordTemplate} が「Elastic」ユーザーのパスワード、{esUrlTemplate} が Elasticsearch の URL、{kibanaUrlTemplate} が Kibana の URL です。Elasticsearchによって生成されたデフォルトの証明書を使用して[SSLを設定]({configureSslUrl})するには、{esCertFingerprintTemplate}にそのフィンガープリントを追加します。> **_重要:_** 本番環境でクライアントを保護するために、組み込みの「elastic」ユーザーを使用しないでください。許可されたユーザーまたはAPIキーを設定し、パスワードは構成ファイルで公開しないでください。[Learn more]({linkUrl})。",
-    "home.tutorials.common.functionbeatInstructions.config.osxTextPre": "{path} を変更して Elastic Cloud への接続情報を設定します:",
-    "home.tutorials.common.functionbeatInstructions.config.osxTitle": "Elastic クラスターの構成",
-    "home.tutorials.common.functionbeatInstructions.config.windowsTextPostMarkdown": "{passwordTemplate} が「Elastic」ユーザーのパスワード、{esUrlTemplate} が Elasticsearch の URL、{kibanaUrlTemplate} が Kibana の URL です。Elasticsearchによって生成されたデフォルトの証明書を使用して[SSLを設定]({configureSslUrl})するには、{esCertFingerprintTemplate}にそのフィンガープリントを追加します。> **_重要:_** 本番環境でクライアントを保護するために、組み込みの「elastic」ユーザーを使用しないでください。許可されたユーザーまたはAPIキーを設定し、パスワードは構成ファイルで公開しないでください。[Learn more]({linkUrl})。",
-    "home.tutorials.common.functionbeatInstructions.config.windowsTextPre": "{path} を変更して Elastic Cloud への接続情報を設定します:",
-    "home.tutorials.common.functionbeatInstructions.config.windowsTitle": "構成を編集する",
-    "home.tutorials.common.functionbeatInstructions.deploy.osxTextPre": "これにより Functionbeat が Lambda 関数としてインストールされます「setup」コマンドで Elasticsearch の構成を確認し、Kibana インデックスパターンを読み込みます。通常このコマンドを省いても大丈夫です。",
-    "home.tutorials.common.functionbeatInstructions.deploy.osxTitle": "Functionbeat を AWS Lambda にデプロイ",
-    "home.tutorials.common.functionbeatInstructions.deploy.windowsTextPre": "これにより Functionbeat が Lambda 関数としてインストールされます「setup」コマンドで Elasticsearch の構成を確認し、Kibana インデックスパターンを読み込みます。通常このコマンドを省いても大丈夫です。",
-    "home.tutorials.common.functionbeatInstructions.deploy.windowsTitle": "Functionbeat を AWS Lambda にデプロイ",
-    "home.tutorials.common.functionbeatInstructions.install.linuxTextPre": "Functionbeatは初めてですか?[クイックスタート]({link})を参照してください。",
-    "home.tutorials.common.functionbeatInstructions.install.linuxTitle": "Functionbeat のダウンロードとインストール",
-    "home.tutorials.common.functionbeatInstructions.install.osxTextPre": "Functionbeatは初めてですか?[クイックスタート]({link})を参照してください。",
-    "home.tutorials.common.functionbeatInstructions.install.osxTitle": "Functionbeat のダウンロードとインストール",
-    "home.tutorials.common.functionbeatInstructions.install.windowsTextPre": "Functionbeatは初めてですか?[クイックスタート]({functionbeatLink})を参照してください。1.[ダウンロード]({elasticLink})ページからFunctionbeat Windows zipファイルをダウンロードします。2.zipファイルのコンテンツを{folderPath}に解凍します。3.「{directoryName} ディレクトリの名前を「Functionbeat」に変更します。4.管理者としてPowerShellプロンプトを開きます(PowerShellアイコンを右クリックして「管理者として実行」を選択します)。Windows XPをご使用の場合、PowerShellのダウンロードとインストールが必要な場合があります。5.PowerShell プロンプトから、Functionbeat ディレクトリに移動します:",
-    "home.tutorials.common.functionbeatInstructions.install.windowsTitle": "Functionbeat のダウンロードとインストール",
-    "home.tutorials.common.functionbeatStatusCheck.buttonLabel": "データを確認してください",
-    "home.tutorials.common.functionbeatStatusCheck.errorText": "Functionbeat からまだデータを受け取っていません",
-    "home.tutorials.common.functionbeatStatusCheck.successText": "Functionbeat からデータを受け取りました",
-    "home.tutorials.common.functionbeatStatusCheck.text": "Functionbeat からデータを受け取ったことを確認してください。",
-    "home.tutorials.common.functionbeatStatusCheck.title": "Functionbeat ステータス",
     "home.tutorials.common.heartbeat.cloudInstructions.gettingStarted.title": "はじめに",
     "home.tutorials.common.heartbeat.premCloudInstructions.gettingStarted.title": "はじめに",
     "home.tutorials.common.heartbeat.premInstructions.gettingStarted.title": "はじめに",
@@ -16176,7 +16139,6 @@
     "xpack.elasticAssistant.evaluation.fetchEvaluationDataError": "評価データの取得エラー...",
     "xpack.elasticAssistant.flyout.right.header.collapseDetailButtonAriaLabel": "チャットを非表示",
     "xpack.elasticAssistant.flyout.right.header.expandDetailButtonAriaLabel": "チャットを表示",
-    "xpack.elasticAssistant.knowledgeBase.deleteError": "ナレッジベースの削除エラー",
     "xpack.elasticAssistant.knowledgeBase.entries.createErrorTitle": "ナレッジベースエントリの作成エラー",
     "xpack.elasticAssistant.knowledgeBase.entries.createSuccessTitle": "ナレッジベースエントリが作成されました",
     "xpack.elasticAssistant.knowledgeBase.entries.deleteErrorTitle": "ナレッジベースエントリの削除エラー",
@@ -23502,9 +23464,6 @@
     "xpack.idxMgmt.templateBadgeType.cloudManaged": "クラウド管理",
     "xpack.idxMgmt.templateBadgeType.managed": "管理中",
     "xpack.idxMgmt.templateBadgeType.system": "システム",
-    "xpack.idxMgmt.templateContentIndicator.aliasesTooltipLabel": "エイリアス",
-    "xpack.idxMgmt.templateContentIndicator.indexSettingsTooltipLabel": "インデックス設定",
-    "xpack.idxMgmt.templateContentIndicator.mappingsTooltipLabel": "マッピング",
     "xpack.idxMgmt.templateCreate.loadingTemplateToCloneDescription": "クローンを作成するテンプレートを読み込み中…",
     "xpack.idxMgmt.templateCreate.loadingTemplateToCloneErrorMessage": "クローンを作成するテンプレートを読み込み中にエラーが発生",
     "xpack.idxMgmt.templateDetails.aliasesTabTitle": "エイリアス",
@@ -24625,8 +24584,6 @@
     "xpack.infra.logs.viewInContext.logsFromContainerTitle": "表示されたログはコンテナー{container}から取得されました",
     "xpack.infra.logs.viewInContext.logsFromFileTitle": "表示されたログは、ファイル{file}およびホスト{host}から取得されました",
     "xpack.infra.logsDeprecationCallout.euiCallOut.discoverANewLogLabel": "ログの探索には、新しく、もっと効果的な方法があります。",
-    "xpack.infra.logsDeprecationCallout.p.theNewLogsExplorerLabel": "新しいログエクスプローラーには、追加機能、パフォーマンスの改善、さらに直感的なナビゲーションが導入され、ログの表示と調査がさらに簡単になりました。将来のバージョンでは、ログストリームに取って代わるため、ログエクスプローラーを使用することをお勧めします。",
-    "xpack.infra.logsDeprecationCallout.tryLogsExplorerButtonLabel": "ログエクスプローラーを試す",
     "xpack.infra.logsHeaderAddDataButtonLabel": "データの追加",
     "xpack.infra.logSourceConfiguration.childFormElementErrorMessage": "1つ以上のフォームフィールドが無効な状態です。",
     "xpack.infra.logSourceConfiguration.dataViewDescription": "ログデータを含むデータビュー",
@@ -24658,7 +24615,6 @@
     "xpack.infra.logSourceErrorPage.tryAgainButtonLabel": "再試行",
     "xpack.infra.logsPage.toolbar.kqlSearchFieldPlaceholder": "ログエントリーを検索中…(例:host.name:host-1)",
     "xpack.infra.logsPage.toolbar.logFilterErrorToastTitle": "ログフィルターエラー",
-    "xpack.infra.logsSettingsDeprecationCallout.p.theNewLogsExplorerLabel": "これらの設定はレガシーログストリームアプリにのみ適用されます。これらを構成することはお勧めしません。代わりに、新しいログエクスプローラーを使用してください。追加機能、パフォーマンスの改善、さらに直感的なナビゲーションが導入され、ログの表示と調査がさらに簡単になりました。",
     "xpack.infra.logsSettingsPage.loadingButtonLabel": "読み込み中",
     "xpack.infra.logsStreamEmbeddable.deprecationWarningDescription": "ログストリームパネルは管理されていません。{savedSearchDocsLink}を同様の視覚化に活用してください。",
     "xpack.infra.logsStreamEmbeddable.deprecationWarningDescription.savedSearchesLinkLabel": "保存された検索",
@@ -34628,8 +34584,6 @@
     "xpack.observabilityLogsExplorer.alertsPopover.createSLOMenuItem": "SLOの作成",
     "xpack.observabilityLogsExplorer.alertsPopover.manageRulesMenuItem": "ルールを{canCreateRule, select, true{管理} other{表示}}",
     "xpack.observabilityLogsExplorer.appTitle": "ログエクスプローラー",
-    "xpack.observabilityLogsExplorer.betaBadgeDescription": "このアプリケーションはベータ版であるため、変更される場合があります。",
-    "xpack.observabilityLogsExplorer.betaBadgeTitle": "ベータ",
     "xpack.observabilityLogsExplorer.createSlo": "SLOの作成",
     "xpack.observabilityLogsExplorer.datasetQualityLinkTitle": "データセット",
     "xpack.observabilityLogsExplorer.discoverLinkTitle": "Discoverで開く",
@@ -38140,8 +38094,6 @@
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.esqlQueryFieldRequiredError": "ES|QLクエリは必須です。",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.esqlQueryLabel": "ES|QLクエリ",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.fieldAnomalyThresholdLabel": "異常スコアしきい値",
-    "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.fieldGroupByDurationValueHelpText": "アラートを非表示",
-    "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.fieldGroupByFieldHelpText": "追加のアラートを非表示にするために使用するフィールドを選択",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.fieldMachineLearningJobIdLabel": "機械学習ジョブ",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.fieldQuerBarLabel": "カスタムクエリー",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.fieldRuleTypeLabel": "ルールタイプ",
@@ -38157,9 +38109,6 @@
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.ga.enableThresholdSuppressionForFieldsLabel": "選択したフィールドでアラートを非表示:{fieldsString}",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.ga.enableThresholdSuppressionLabel": "アラートを非表示",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.groupByDurationValueLabel": "アラートを非表示",
-    "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.groupByFieldsGALabelAppend": "オプション",
-    "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.groupByFieldsLabel": "アラートを非表示",
-    "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.groupByFieldsTechPreviewLabelAppend": "任意(テクニカルプレビュー)",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.historyWindowSizeLabel": "履歴ウィンドウサイズ",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.importTimelineModalTitle": "保存されたタイムラインからクエリをインポート",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.importTimelineQueryButton": "保存されたタイムラインからクエリをインポート",
@@ -38196,7 +38145,6 @@
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.SavedQueryFormRowLabel": "保存されたクエリ",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.source": "送信元",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.Su.perRuleExecutionWarning": "しきい値ルールタイプでは、ルール実行単位オプションは使用できません。",
-    "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.suppressionMissingFieldsLabel": "抑制フィールドが欠落している場合",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.threatMatchIndexForbiddenError": "インデックスパターンを{ forbiddenString }にすることはできません。特定のインデックスパターンを選択してください。",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.threatMatchingIcesHelperDescription": "脅威インデックスを選択",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.threatMatchoutputIndiceNameFieldRequiredError": "インデックスパターンが最低1つ必要です。",
@@ -39005,7 +38953,6 @@
     "xpack.securitySolution.detectionEngine.ruleDescription.eqlEventCategoryFieldLabel": "イベントカテゴリーフィールド",
     "xpack.securitySolution.detectionEngine.ruleDescription.eqlTiebreakerFieldLabel": "タイブレーカーフィールド",
     "xpack.securitySolution.detectionEngine.ruleDescription.eqlTimestampFieldLabel": "タイムスタンプフィールド",
-    "xpack.securitySolution.detectionEngine.ruleDescription.groupByFieldsLabel": "アラートを非表示",
     "xpack.securitySolution.detectionEngine.ruleDescription.mlAdminPermissionsRequiredDescription": "このアクションを実行するには、ML管理者権限が必要です",
     "xpack.securitySolution.detectionEngine.ruleDescription.mlJobStartedDescription": "開始",
     "xpack.securitySolution.detectionEngine.ruleDescription.mlJobStoppedDescription": "停止",
@@ -39503,7 +39450,6 @@
     "xpack.securitySolution.detectionEngine.stepDefineRule.pickDataView": "データビューを選択",
     "xpack.securitySolution.detectionEngine.userUnauthenticatedMsgBody": "検出エンジンを表示するための必要なアクセス権がありません。ヘルプについては、管理者にお問い合わせください。",
     "xpack.securitySolution.detectionEngine.userUnauthenticatedTitle": "検出エンジンアクセス権が必要です",
-    "xpack.securitySolution.detectionEngine.validations.stepDefineRule.groupByFieldsMax": "グループフィールドの数は3以下でなければなりません",
     "xpack.securitySolution.detectionEngine.validations.stepDefineRule.historyWindowSize.errMin": "履歴ウィンドウサイズは0よりも大きい値でなければなりません。",
     "xpack.securitySolution.detectionEngine.validations.stepDefineRule.newTermsFieldsMax": "フィールド数は3以下でなければなりません。",
     "xpack.securitySolution.detectionEngine.validations.thresholdCardinalityFieldFieldData.thresholdCardinalityFieldNotSuppliedMessage": "カーディナリティフィールドは必須です。",
@@ -43384,17 +43330,9 @@
     "xpack.slo.budgetingMethod.occurrences": "出現回数",
     "xpack.slo.budgetingMethod.timeslices": "タイムスライス",
     "xpack.slo.burnRate.alertDetails.logRateAnalysis.sectionTitle": "ログレート分析",
-    "xpack.slo.burnRate.breachedStatustSubtitle": "現在のレートでは、エラー予算は{hour}時間後に使い果たされます。",
-    "xpack.slo.burnRate.breachedStatustTitle": "重大値違反",
     "xpack.slo.burnRate.durationLabel": "前回の{duration}",
     "xpack.slo.burnRate.exhaustionTimeLabel": "このレートでは、全体のエラー予算は{hour}時間後に使い果たされます。",
-    "xpack.slo.burnRate.noDataStatusSubtitle": "その他のデータを待機中です。",
-    "xpack.slo.burnRate.noDataStatusTitle": "値なし",
-    "xpack.slo.burnRate.okStatusSubtitle": "エラー予算が枯渇するリスクはありません。",
-    "xpack.slo.burnRate.okStatusTitle": "許容値",
-    "xpack.slo.burnRate.threshold": "しきい値は{threshold}xです",
     "xpack.slo.burnRate.timeRangeBtnLegend": "時間範囲を選択",
-    "xpack.slo.burnRate.title": "バーンレート",
     "xpack.slo.burnRateEmbeddable.ariaLabel": "SLOバーンレート",
     "xpack.slo.burnRateEmbeddable.configuration.cancelButtonLabel": "確認",
     "xpack.slo.burnRateEmbeddable.configuration.durationLabel": "期間",
@@ -43416,7 +43354,6 @@
     "xpack.slo.burnRateRule.name": "{name}バーンレートルール",
     "xpack.slo.burnRateRuleEditor.h5.chooseASLOToMonitorLabel": "監視するSLOを選択",
     "xpack.slo.burnRateRuleEditor.h5.defineMultipleBurnRateLabel": "複数のバーンレート時間枠を定義",
-    "xpack.slo.burnRates.fromRange.label": "{duration, plural, other {#時間}}",
     "xpack.slo.burnRates.value": "{value}x",
     "xpack.slo.create.errorNotification": "{name}の作成中に問題が発生しました",
     "xpack.slo.dataPreviewChart.noResultsLabel": "結果なし",
diff --git a/x-pack/plugins/translations/translations/zh-CN.json b/x-pack/plugins/translations/translations/zh-CN.json
index 6ea71271a6859..70c3805ff3aaa 100644
--- a/x-pack/plugins/translations/translations/zh-CN.json
+++ b/x-pack/plugins/translations/translations/zh-CN.json
@@ -4276,9 +4276,6 @@
     "home.tutorials.ciscoLogs.longDescription": "这是用于 Cisco 网络设备日志(ASA、FTD、IOS、Nexus)的模块。其包含以下用于从 Syslog 接收或从文件读取日志的文件集:[了解详情]({learnMoreLink})。",
     "home.tutorials.ciscoLogs.nameTitle": "Cisco 日志",
     "home.tutorials.ciscoLogs.shortDescription": "使用 Filebeat 从 Cisco 网络设备收集并解析日志。",
-    "home.tutorials.cloudwatchLogs.longDescription": "通过部署将运行为 AWS Lambda 函数的 Functionbeat 来收集 Cloudwatch 日志。",
-    "home.tutorials.cloudwatchLogs.nameTitle": "AWS Cloudwatch 日志",
-    "home.tutorials.cloudwatchLogs.shortDescription": "使用 Functionbeat 从 AWS Cloudwatch 收集并解析日志。",
     "home.tutorials.cockroachdbMetrics.artifacts.dashboards.linkLabel": "CockroachDB 指标仪表板",
     "home.tutorials.cockroachdbMetrics.longDescription": "Metricbeat 模块 `cockroachdb` 从 CockroachDB 提取指标。[了解详情]({learnMoreLink})。",
     "home.tutorials.cockroachdbMetrics.nameTitle": "CockroachDB 指标",
@@ -4388,41 +4385,6 @@
     "home.tutorials.common.filebeatStatusCheck.successText": "已从此模块成功接收数据",
     "home.tutorials.common.filebeatStatusCheck.text": "确认已从 Filebeat `{moduleName}` 模块成功收到数据",
     "home.tutorials.common.filebeatStatusCheck.title": "模块状态",
-    "home.tutorials.common.functionbeat.cloudInstructions.gettingStarted.title": "入门",
-    "home.tutorials.common.functionbeat.premCloudInstructions.gettingStarted.title": "入门",
-    "home.tutorials.common.functionbeat.premInstructions.gettingStarted.title": "入门",
-    "home.tutorials.common.functionbeatAWSInstructions.textPost": "其中 {accessKey} 和 {secretAccessKey} 是您的帐户凭据,`us-east-1` 是所需的地区。",
-    "home.tutorials.common.functionbeatAWSInstructions.textPre": "在环境中设置您的 AWS 帐户凭据:",
-    "home.tutorials.common.functionbeatAWSInstructions.title": "设置 AWS 凭据",
-    "home.tutorials.common.functionbeatCloudInstructions.config.osxTextPre": "修改 {path} 以设置 Elastic Cloud 的连接信息:",
-    "home.tutorials.common.functionbeatCloudInstructions.config.osxTitle": "编辑配置",
-    "home.tutorials.common.functionbeatCloudInstructions.config.windowsTextPre": "修改 {path} 以设置 Elastic Cloud 的连接信息:",
-    "home.tutorials.common.functionbeatCloudInstructions.config.windowsTitle": "编辑配置",
-    "home.tutorials.common.functionbeatEnableOnPremInstructions.defaultTextPost": "其中 `'<cloudwatch-log-group>'` 是要采集的日志组名称,`'<unique-bucket-name>'` 是将用于暂存 Functionbeat 部署的有效 S3 存储桶名称。",
-    "home.tutorials.common.functionbeatEnableOnPremInstructions.defaultTitle": "配置 Cloudwatch 日志组",
-    "home.tutorials.common.functionbeatEnableOnPremInstructionsOSXLinux.textPre": "在 `functionbeat.yml` 文件中修改设置。",
-    "home.tutorials.common.functionbeatEnableOnPremInstructionsWindows.textPre": "在 {path} 文件中修改设置。",
-    "home.tutorials.common.functionbeatInstructions.config.osxTextPostMarkdown": "其中,{passwordTemplate} 是 `elastic` 用户的密码,{esUrlTemplate} 是 Elasticsearch 的 URL,{kibanaUrlTemplate} 是 Kibana 的 URL。要使用 Elasticsearch 生成的默认证书[配置 SSL]({configureSslUrl}),请在 {esCertFingerprintTemplate} 中添加其指纹。> **_重要说明:_**在生产环境中,请勿使用内置 `elastic` 用户来保护客户端。而要设置授权用户或 API 密钥,并且不要在配置文件中暴露密码。[了解详情]({linkUrl})。",
-    "home.tutorials.common.functionbeatInstructions.config.osxTextPre": "修改 {path} 以设置连接信息:",
-    "home.tutorials.common.functionbeatInstructions.config.osxTitle": "配置 Elastic 集群",
-    "home.tutorials.common.functionbeatInstructions.config.windowsTextPostMarkdown": "其中,{passwordTemplate} 是 `elastic` 用户的密码,{esUrlTemplate} 是 Elasticsearch 的 URL,{kibanaUrlTemplate} 是 Kibana 的 URL。要使用 Elasticsearch 生成的默认证书[配置 SSL]({configureSslUrl}),请在 {esCertFingerprintTemplate} 中添加其指纹。> **_重要说明:_**在生产环境中,请勿使用内置 `elastic` 用户来保护客户端。而要设置授权用户或 API 密钥,并且不要在配置文件中暴露密码。[了解详情]({linkUrl})。",
-    "home.tutorials.common.functionbeatInstructions.config.windowsTextPre": "修改 {path} 以设置连接信息:",
-    "home.tutorials.common.functionbeatInstructions.config.windowsTitle": "编辑配置",
-    "home.tutorials.common.functionbeatInstructions.deploy.osxTextPre": "这会将 Functionbeat 安装为 Lambda 函数。`setup` 命令检查 Elasticsearch 配置并加载 Kibana 索引模式。通常可省略此命令。",
-    "home.tutorials.common.functionbeatInstructions.deploy.osxTitle": "将 Functionbeat 部署到 AWS Lambda",
-    "home.tutorials.common.functionbeatInstructions.deploy.windowsTextPre": "这会将 Functionbeat 安装为 Lambda 函数。`setup` 命令检查 Elasticsearch 配置并加载 Kibana 索引模式。通常可省略此命令。",
-    "home.tutorials.common.functionbeatInstructions.deploy.windowsTitle": "将 Functionbeat 部署到 AWS Lambda",
-    "home.tutorials.common.functionbeatInstructions.install.linuxTextPre": "首次使用 Functionbeat?查看[快速入门]({link})。",
-    "home.tutorials.common.functionbeatInstructions.install.linuxTitle": "下载并安装 Functionbeat",
-    "home.tutorials.common.functionbeatInstructions.install.osxTextPre": "首次使用 Functionbeat?查看[快速入门]({link})。",
-    "home.tutorials.common.functionbeatInstructions.install.osxTitle": "下载并安装 Functionbeat",
-    "home.tutorials.common.functionbeatInstructions.install.windowsTextPre": "首次使用 Functionbeat?查看[快速入门]({functionbeatLink})。1.从[下载]({elasticLink})页面下载 Functionbeat Windows zip 文件。2.将该 zip 文件的内容解压缩到 {folderPath}。3.将 {directoryName} 目录重命名为'Functionbeat'。4.以管理员身份打开 PowerShell 提示符(右键单击 PowerShell 图标,然后选择**以管理员身份运行**)。如果运行的是 Windows XP,则可能需要下载并安装 PowerShell。5.从 PowerShell 提示符处,前往 Functionbeat 目录:",
-    "home.tutorials.common.functionbeatInstructions.install.windowsTitle": "下载并安装 Functionbeat",
-    "home.tutorials.common.functionbeatStatusCheck.buttonLabel": "检查数据",
-    "home.tutorials.common.functionbeatStatusCheck.errorText": "尚未从 Functionbeat 收到任何数据",
-    "home.tutorials.common.functionbeatStatusCheck.successText": "已从 Functionbeat 成功接收数据",
-    "home.tutorials.common.functionbeatStatusCheck.text": "确认从 Functionbeat 收到数据",
-    "home.tutorials.common.functionbeatStatusCheck.title": "Functionbeat 状态",
     "home.tutorials.common.heartbeat.cloudInstructions.gettingStarted.title": "入门",
     "home.tutorials.common.heartbeat.premCloudInstructions.gettingStarted.title": "入门",
     "home.tutorials.common.heartbeat.premInstructions.gettingStarted.title": "入门",
@@ -15859,7 +15821,6 @@
     "xpack.elasticAssistant.evaluation.fetchEvaluationDataError": "提取评估数据时出错......",
     "xpack.elasticAssistant.flyout.right.header.collapseDetailButtonAriaLabel": "隐藏聊天",
     "xpack.elasticAssistant.flyout.right.header.expandDetailButtonAriaLabel": "显示聊天",
-    "xpack.elasticAssistant.knowledgeBase.deleteError": "删除知识库时出错",
     "xpack.elasticAssistant.knowledgeBase.entries.createErrorTitle": "创建知识库条目时出错",
     "xpack.elasticAssistant.knowledgeBase.entries.createSuccessTitle": "已创建知识库条目",
     "xpack.elasticAssistant.knowledgeBase.entries.deleteErrorTitle": "删除知识库条目时出错",
@@ -23102,9 +23063,6 @@
     "xpack.idxMgmt.templateBadgeType.cloudManaged": "云托管",
     "xpack.idxMgmt.templateBadgeType.managed": "托管",
     "xpack.idxMgmt.templateBadgeType.system": "系统",
-    "xpack.idxMgmt.templateContentIndicator.aliasesTooltipLabel": "别名",
-    "xpack.idxMgmt.templateContentIndicator.indexSettingsTooltipLabel": "索引设置",
-    "xpack.idxMgmt.templateContentIndicator.mappingsTooltipLabel": "映射",
     "xpack.idxMgmt.templateCreate.loadingTemplateToCloneDescription": "正在加载要克隆的模板……",
     "xpack.idxMgmt.templateCreate.loadingTemplateToCloneErrorMessage": "加载要克隆的模板时出错",
     "xpack.idxMgmt.templateDetails.aliasesTabTitle": "别名",
@@ -24204,8 +24162,6 @@
     "xpack.infra.logs.viewInContext.logsFromContainerTitle": "显示的日志来自容器 {container}",
     "xpack.infra.logs.viewInContext.logsFromFileTitle": "显示的日志来自文件 {file} 和主机 {host}",
     "xpack.infra.logsDeprecationCallout.euiCallOut.discoverANewLogLabel": "这是浏览日志的更有效的新方法!",
-    "xpack.infra.logsDeprecationCallout.p.theNewLogsExplorerLabel": "新的日志浏览器具有更多功能,更优异的性能和更直观的导航,便于您更轻松地查看和检查日志。建议您切换到日志浏览器,因为它将在未来版本中替代日志流。",
-    "xpack.infra.logsDeprecationCallout.tryLogsExplorerButtonLabel": "试用日志浏览器",
     "xpack.infra.logsHeaderAddDataButtonLabel": "添加数据",
     "xpack.infra.logSourceConfiguration.childFormElementErrorMessage": "至少一个表单字段处于无效状态。",
     "xpack.infra.logSourceConfiguration.dataViewDescription": "包含日志数据的数据视图",
@@ -24236,7 +24192,6 @@
     "xpack.infra.logSourceErrorPage.tryAgainButtonLabel": "重试",
     "xpack.infra.logsPage.toolbar.kqlSearchFieldPlaceholder": "搜索日志条目……(例如 host.name:host-1)",
     "xpack.infra.logsPage.toolbar.logFilterErrorToastTitle": "日志筛选错误",
-    "xpack.infra.logsSettingsDeprecationCallout.p.theNewLogsExplorerLabel": "这些设置仅适用于旧版日志流应用,不建议配置它们。相反,应使用具有更多功能,更优异的性能和更直观的导航,便于您更轻松地查看和检查日志的日志浏览器。",
     "xpack.infra.logsSettingsPage.loadingButtonLabel": "正在加载",
     "xpack.infra.logsStreamEmbeddable.deprecationWarningDescription": "将不再维护日志流面板。尝试将 {savedSearchDocsLink} 用于类似可视化。",
     "xpack.infra.logsStreamEmbeddable.deprecationWarningDescription.savedSearchesLinkLabel": "已保存的搜索",
@@ -34107,8 +34062,6 @@
     "xpack.observabilityLogsExplorer.alertsPopover.createSLOMenuItem": "创建 SLO",
     "xpack.observabilityLogsExplorer.alertsPopover.manageRulesMenuItem": "{canCreateRule, select, true{管理} other{查看}}规则",
     "xpack.observabilityLogsExplorer.appTitle": "日志浏览器",
-    "xpack.observabilityLogsExplorer.betaBadgeDescription": "此应用程序为公测版,因此可能会进行更改。",
-    "xpack.observabilityLogsExplorer.betaBadgeTitle": "公测版",
     "xpack.observabilityLogsExplorer.createSlo": "创建 SLO",
     "xpack.observabilityLogsExplorer.datasetQualityLinkTitle": "数据集",
     "xpack.observabilityLogsExplorer.discoverLinkTitle": "在 Discover 中打开",
@@ -37532,8 +37485,6 @@
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.esqlQueryFieldRequiredError": "ES|QL 查询必填。",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.esqlQueryLabel": "ES|QL 查询",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.fieldAnomalyThresholdLabel": "异常分数阈值",
-    "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.fieldGroupByDurationValueHelpText": "阻止以下项的告警",
-    "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.fieldGroupByFieldHelpText": "选择要用于阻止额外的告警的字段",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.fieldMachineLearningJobIdLabel": "Machine Learning 作业",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.fieldQuerBarLabel": "定制查询",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.fieldRuleTypeLabel": "规则类型",
@@ -37548,9 +37499,6 @@
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.ga.enableThresholdSuppressionForFieldsLabel": "对选定字段阻止告警:{fieldsString}",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.ga.enableThresholdSuppressionLabel": "阻止告警",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.groupByDurationValueLabel": "阻止以下项的告警",
-    "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.groupByFieldsGALabelAppend": "可选",
-    "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.groupByFieldsLabel": "阻止告警的依据",
-    "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.groupByFieldsTechPreviewLabelAppend": "可选(技术预览)",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.historyWindowSizeLabel": "历史记录窗口大小",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.importTimelineModalTitle": "从已保存时间线导入查询",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.importTimelineQueryButton": "从已保存时间线导入查询",
@@ -37587,7 +37535,6 @@
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.SavedQueryFormRowLabel": "已保存查询",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.source": "源",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.Su.perRuleExecutionWarning": "每次规则执行选项不可用于阈值规则类型",
-    "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.suppressionMissingFieldsLabel": "如果阻止字段缺失",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.threatMatchIndexForbiddenError": "索引模式不能是{ forbiddenString }。请选择更具体的索引模式。",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.threatMatchingIcesHelperDescription": "选择威胁索引",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.threatMatchoutputIndiceNameFieldRequiredError": "至少需要一种索引模式。",
@@ -38396,7 +38343,6 @@
     "xpack.securitySolution.detectionEngine.ruleDescription.eqlEventCategoryFieldLabel": "事件类别字段",
     "xpack.securitySolution.detectionEngine.ruleDescription.eqlTiebreakerFieldLabel": "决胜字段",
     "xpack.securitySolution.detectionEngine.ruleDescription.eqlTimestampFieldLabel": "时间戳字段",
-    "xpack.securitySolution.detectionEngine.ruleDescription.groupByFieldsLabel": "阻止告警的依据",
     "xpack.securitySolution.detectionEngine.ruleDescription.mlAdminPermissionsRequiredDescription": "需要 ML 管理员权限才能执行此操作",
     "xpack.securitySolution.detectionEngine.ruleDescription.mlJobStartedDescription": "已启动",
     "xpack.securitySolution.detectionEngine.ruleDescription.mlJobStoppedDescription": "已停止",
@@ -38888,7 +38834,6 @@
     "xpack.securitySolution.detectionEngine.stepDefineRule.pickDataView": "选择数据视图",
     "xpack.securitySolution.detectionEngine.userUnauthenticatedMsgBody": "您没有所需的权限,无法查看检测引擎。若需要更多帮助,请联系您的管理员。",
     "xpack.securitySolution.detectionEngine.userUnauthenticatedTitle": "需要检测引擎权限",
-    "xpack.securitySolution.detectionEngine.validations.stepDefineRule.groupByFieldsMax": "分组字段数必须不超过 3 个",
     "xpack.securitySolution.detectionEngine.validations.stepDefineRule.historyWindowSize.errMin": "历史记录窗口大小必须大于 0。",
     "xpack.securitySolution.detectionEngine.validations.stepDefineRule.newTermsFieldsMax": "字段数目不得超过 3 个。",
     "xpack.securitySolution.detectionEngine.validations.thresholdCardinalityFieldFieldData.thresholdCardinalityFieldNotSuppliedMessage": "基数字段必填。",
@@ -42730,17 +42675,9 @@
     "xpack.slo.budgetingMethod.occurrences": "发生次数",
     "xpack.slo.budgetingMethod.timeslices": "时间片",
     "xpack.slo.burnRate.alertDetails.logRateAnalysis.sectionTitle": "日志速率分析",
-    "xpack.slo.burnRate.breachedStatustSubtitle": "按照当前的速率,错误预算将在 {hour} 小时后耗尽。",
-    "xpack.slo.burnRate.breachedStatustTitle": "已超出临界值",
     "xpack.slo.burnRate.durationLabel": "过去 {duration}",
     "xpack.slo.burnRate.exhaustionTimeLabel": "按照此速率,整个错误预算将在 {hour} 小时后耗尽。",
-    "xpack.slo.burnRate.noDataStatusSubtitle": "等待更多数据。",
-    "xpack.slo.burnRate.noDataStatusTitle": "无值",
-    "xpack.slo.burnRate.okStatusSubtitle": "没有错误预算耗尽风险。",
-    "xpack.slo.burnRate.okStatusTitle": "可接受的值",
-    "xpack.slo.burnRate.threshold": "阈值为 {threshold}x",
     "xpack.slo.burnRate.timeRangeBtnLegend": "选择时间范围",
-    "xpack.slo.burnRate.title": "消耗速度",
     "xpack.slo.burnRateEmbeddable.ariaLabel": "SLO 消耗速度",
     "xpack.slo.burnRateEmbeddable.configuration.cancelButtonLabel": "确认",
     "xpack.slo.burnRateEmbeddable.configuration.durationLabel": "持续时间",
@@ -42762,7 +42699,6 @@
     "xpack.slo.burnRateRule.name": "{name} 消耗速度规则",
     "xpack.slo.burnRateRuleEditor.h5.chooseASLOToMonitorLabel": "选择要监测的 SLO",
     "xpack.slo.burnRateRuleEditor.h5.defineMultipleBurnRateLabel": "定义多个消耗速度窗口",
-    "xpack.slo.burnRates.fromRange.label": "{duration, plural, other {# 小时}}",
     "xpack.slo.burnRates.value": "{value} 倍",
     "xpack.slo.create.errorNotification": "创建 {name} 时出现问题",
     "xpack.slo.dataPreviewChart.noResultsLabel": "无结果",
@@ -44332,7 +44268,7 @@
     "xpack.spaces.navControl.spacesMenu.changeCurrentSpaceTitle": "更改当前空间",
     "xpack.spaces.navControl.spacesMenu.findSpacePlaceholder": "查找工作区",
     "xpack.spaces.navControl.spacesMenu.noSpacesFoundTitle": "未找到工作区",
-    "xpack.spaces.navControl.spacesMenu.selectSpacesTitle": "您的工作区",
+    "xpack.spaces.navControl.spacesMenu.selectSpacesTitle": "工作区",
     "xpack.spaces.navControl.spacesMenu.spacesAriaLabel": "工作区",
     "xpack.spaces.navControl.tour.closeBtn": "关闭",
     "xpack.spaces.navControl.tour.content": "它提供了您需要的所有分析和 {solution} 功能。您可以切换视图,或从工作区设置中返回到经典导航,或创建其他具有不同视图的工作区。{learnMore}",
diff --git a/x-pack/test/alerting_api_integration/common/plugins/alerts/server/rule_types.ts b/x-pack/test/alerting_api_integration/common/plugins/alerts/server/rule_types.ts
index 6c16c694bc9e9..a3f0f39e908ed 100644
--- a/x-pack/test/alerting_api_integration/common/plugins/alerts/server/rule_types.ts
+++ b/x-pack/test/alerting_api_integration/common/plugins/alerts/server/rule_types.ts
@@ -750,6 +750,9 @@ function getPatternFiringAutoRecoverFalseRuleType() {
           } else if (scheduleByPattern === 'timeout') {
             // delay longer than the timeout
             await new Promise((r) => setTimeout(r, 12000));
+          } else if (scheduleByPattern === 'run_long') {
+            // delay so rule runs a little longer
+            await new Promise((r) => setTimeout(r, 4000));
           } else {
             services.alertFactory.create(instanceId).scheduleActions('default', scheduleByPattern);
           }
diff --git a/x-pack/test/alerting_api_integration/security_and_spaces/group1/tests/alerting/backfill/find.ts b/x-pack/test/alerting_api_integration/security_and_spaces/group1/tests/alerting/backfill/find.ts
index 14ec909ea872d..61df6247b18bb 100644
--- a/x-pack/test/alerting_api_integration/security_and_spaces/group1/tests/alerting/backfill/find.ts
+++ b/x-pack/test/alerting_api_integration/security_and_spaces/group1/tests/alerting/backfill/find.ts
@@ -17,8 +17,7 @@ export default function findBackfillTests({ getService }: FtrProviderContext) {
   const supertest = getService('supertest');
   const supertestWithoutAuth = getService('supertestWithoutAuth');
 
-  // Failing: See https://github.com/elastic/kibana/issues/196226
-  describe.skip('find backfill', () => {
+  describe('find backfill', () => {
     let backfillIds: Array<{ id: string; spaceId: string }> = [];
     const objectRemover = new ObjectRemover(supertest);
     const start1 = moment().utc().startOf('day').subtract(14, 'days').toISOString();
@@ -279,15 +278,12 @@ export default function findBackfillTests({ getService }: FtrProviderContext) {
             .auth(apiOptions.username, apiOptions.password);
 
           // find backfill with end time that is after one backfill ends
+          const findEnd = moment(end2).utc().add(1, 'hour').toISOString();
           const findWithEndOneRuleResponse = await supertestWithoutAuth
             .post(
               `${getUrlPrefix(
                 apiOptions.spaceId
-              )}/internal/alerting/rules/backfill/_find?end=${moment()
-                .utc()
-                .startOf('day')
-                .subtract(9, 'days')
-                .toISOString()}`
+              )}/internal/alerting/rules/backfill/_find?end=${findEnd}`
             )
             .set('kbn-xsrf', 'foo')
             .auth(apiOptions.username, apiOptions.password);
diff --git a/x-pack/test/alerting_api_integration/security_and_spaces/group1/tests/alerting/backfill/schedule.ts b/x-pack/test/alerting_api_integration/security_and_spaces/group1/tests/alerting/backfill/schedule.ts
index 9d7b79d6cbce0..ab4734239ce0d 100644
--- a/x-pack/test/alerting_api_integration/security_and_spaces/group1/tests/alerting/backfill/schedule.ts
+++ b/x-pack/test/alerting_api_integration/security_and_spaces/group1/tests/alerting/backfill/schedule.ts
@@ -63,7 +63,7 @@ export default function scheduleBackfillTests({ getService }: FtrProviderContext
         rule_type_id: 'test.patternFiringAutoRecoverFalse',
         params: {
           pattern: {
-            instance: [true, false, true],
+            instance: ['run_long', 'run_long', 'run_long'],
           },
         },
         schedule: { interval: '12h' },
@@ -85,7 +85,7 @@ export default function scheduleBackfillTests({ getService }: FtrProviderContext
         expect(result.rule.tags).to.eql(['foo']);
         expect(result.rule.params).to.eql({
           pattern: {
-            instance: [true, false, true],
+            instance: ['run_long', 'run_long', 'run_long'],
           },
         });
         expect(result.rule.enabled).to.eql(true);
@@ -103,7 +103,7 @@ export default function scheduleBackfillTests({ getService }: FtrProviderContext
         expect(result.rule.tags).to.eql(['foo']);
         expect(result.rule.params).to.eql({
           pattern: {
-            instance: [true, false, true],
+            instance: ['run_long', 'run_long', 'run_long'],
           },
         });
         expect(result.rule.enabled).to.eql(true);
diff --git a/x-pack/test/api_integration/apis/entity_manager/helpers/user.ts b/x-pack/test/api_integration/apis/entity_manager/helpers/user.ts
index 89181b7e0c155..04802a43288ef 100644
--- a/x-pack/test/api_integration/apis/entity_manager/helpers/user.ts
+++ b/x-pack/test/api_integration/apis/entity_manager/helpers/user.ts
@@ -12,6 +12,7 @@ import {
   entityDefinitionDeletionPrivileges,
   entityDefinitionRuntimePrivileges,
 } from '@kbn/entityManager-plugin/server/lib/auth/privileges';
+import { BUILT_IN_ALLOWED_INDICES } from '@kbn/entityManager-plugin/server/lib/entities/built_in/constants';
 
 export const createAdmin = async ({
   esClient,
@@ -25,7 +26,7 @@ export const createAdmin = async ({
   const privileges = mergeWith(
     { application: [], index: [], cluster: [] },
     apiKeyCreationPrivileges,
-    entityDefinitionRuntimePrivileges,
+    entityDefinitionRuntimePrivileges(BUILT_IN_ALLOWED_INDICES),
     entityDefinitionDeletionPrivileges,
     (src, other) => uniq(src.concat(other))
   );
@@ -51,7 +52,7 @@ export const createRuntimeUser = async ({
   username?: string;
   password?: string;
 }) => {
-  const privileges = entityDefinitionRuntimePrivileges;
+  const privileges = entityDefinitionRuntimePrivileges(BUILT_IN_ALLOWED_INDICES);
   const role = 'entities_runtime';
 
   await esClient.security.putRole({
diff --git a/x-pack/test/api_integration/apis/management/index_management/lib/templates.api.ts b/x-pack/test/api_integration/apis/management/index_management/lib/templates.api.ts
index bae578e6c0490..21585d9f699ac 100644
--- a/x-pack/test/api_integration/apis/management/index_management/lib/templates.api.ts
+++ b/x-pack/test/api_integration/apis/management/index_management/lib/templates.api.ts
@@ -53,6 +53,12 @@ export function templatesApi(getService: FtrProviderContext['getService']) {
       .set('kbn-xsrf', 'xxx')
       .send(payload);
 
+  const simulateTemplateByName = (name: string) =>
+    supertest
+      .post(`${API_BASE_PATH}/index_templates/simulate/${name}`)
+      .set('kbn-xsrf', 'xxx')
+      .send();
+
   return {
     getAllTemplates,
     getOneTemplate,
@@ -61,5 +67,6 @@ export function templatesApi(getService: FtrProviderContext['getService']) {
     deleteTemplates,
     cleanUpTemplates,
     simulateTemplate,
+    simulateTemplateByName,
   };
 }
diff --git a/x-pack/test/api_integration/apis/management/index_management/templates.ts b/x-pack/test/api_integration/apis/management/index_management/templates.ts
index 66d6f34baa644..1fe7e022bfc9a 100644
--- a/x-pack/test/api_integration/apis/management/index_management/templates.ts
+++ b/x-pack/test/api_integration/apis/management/index_management/templates.ts
@@ -24,6 +24,7 @@ export default function ({ getService }: FtrProviderContext) {
     updateTemplate,
     cleanUpTemplates,
     simulateTemplate,
+    simulateTemplateByName,
   } = templatesApi(getService);
 
   describe('index templates', () => {
@@ -452,6 +453,18 @@ export default function ({ getService }: FtrProviderContext) {
         const { body } = await simulateTemplate(payload).expect(200);
         expect(body.template).to.be.ok();
       });
+
+      it('should simulate an index template by name', async () => {
+        const templateName = `template-${getRandomString()}`;
+        const payload = getTemplatePayload(templateName, [getRandomString()]);
+
+        await createTemplate(payload).expect(200);
+
+        await simulateTemplateByName(templateName).expect(200);
+
+        // cleanup
+        await deleteTemplates([{ name: templateName }]);
+      });
     });
   });
 }
diff --git a/x-pack/test/api_integration/apis/ml/annotations/create_annotations.ts b/x-pack/test/api_integration/apis/ml/annotations/create_annotations.ts
index 192177a086d22..68daee02e5d36 100644
--- a/x-pack/test/api_integration/apis/ml/annotations/create_annotations.ts
+++ b/x-pack/test/api_integration/apis/ml/annotations/create_annotations.ts
@@ -84,7 +84,6 @@ export default ({ getService }: FtrProviderContext) => {
       ml.api.assertResponseStatusCode(403, status, body);
 
       expect(body.error).to.eql('Forbidden');
-      expect(body.message).to.eql('Forbidden');
     });
   });
 };
diff --git a/x-pack/test/api_integration/apis/ml/annotations/delete_annotations.ts b/x-pack/test/api_integration/apis/ml/annotations/delete_annotations.ts
index 1c23805e264d1..499142a09f7d1 100644
--- a/x-pack/test/api_integration/apis/ml/annotations/delete_annotations.ts
+++ b/x-pack/test/api_integration/apis/ml/annotations/delete_annotations.ts
@@ -84,7 +84,6 @@ export default ({ getService }: FtrProviderContext) => {
       ml.api.assertResponseStatusCode(403, status, body);
 
       expect(body.error).to.eql('Forbidden');
-      expect(body.message).to.eql('Forbidden');
 
       await ml.api.waitForAnnotationToExist(annotationIdToDelete);
     });
diff --git a/x-pack/test/api_integration/apis/ml/annotations/get_annotations.ts b/x-pack/test/api_integration/apis/ml/annotations/get_annotations.ts
index 00cfda209b4fb..38c0c9d22401f 100644
--- a/x-pack/test/api_integration/apis/ml/annotations/get_annotations.ts
+++ b/x-pack/test/api_integration/apis/ml/annotations/get_annotations.ts
@@ -126,7 +126,6 @@ export default ({ getService }: FtrProviderContext) => {
       ml.api.assertResponseStatusCode(403, status, body);
 
       expect(body.error).to.eql('Forbidden');
-      expect(body.message).to.eql('Forbidden');
     });
   });
 };
diff --git a/x-pack/test/api_integration/apis/ml/annotations/update_annotations.ts b/x-pack/test/api_integration/apis/ml/annotations/update_annotations.ts
index 6b7c437eb77ca..c4ae62aafef7c 100644
--- a/x-pack/test/api_integration/apis/ml/annotations/update_annotations.ts
+++ b/x-pack/test/api_integration/apis/ml/annotations/update_annotations.ts
@@ -129,7 +129,6 @@ export default ({ getService }: FtrProviderContext) => {
       ml.api.assertResponseStatusCode(403, status, body);
 
       expect(body.error).to.eql('Forbidden');
-      expect(body.message).to.eql('Forbidden');
 
       const updatedAnnotation = await ml.api.getAnnotationById(originalAnnotation._id!);
       expect(updatedAnnotation).to.eql(originalAnnotation._source);
diff --git a/x-pack/test/api_integration/apis/ml/anomaly_detectors/create.ts b/x-pack/test/api_integration/apis/ml/anomaly_detectors/create.ts
index 44854dcaeece6..7aa328bc39d2e 100644
--- a/x-pack/test/api_integration/apis/ml/anomaly_detectors/create.ts
+++ b/x-pack/test/api_integration/apis/ml/anomaly_detectors/create.ts
@@ -92,7 +92,6 @@ export default ({ getService }: FtrProviderContext) => {
         responseBody: {
           statusCode: 403,
           error: 'Forbidden',
-          message: 'Forbidden',
         },
       },
     },
@@ -133,7 +132,6 @@ export default ({ getService }: FtrProviderContext) => {
           );
         } else {
           expect(body.error).to.eql(testData.expected.responseBody.error);
-          expect(body.message).to.eql(testData.expected.responseBody.message);
         }
       });
     }
diff --git a/x-pack/test/api_integration/apis/ml/anomaly_detectors/get.ts b/x-pack/test/api_integration/apis/ml/anomaly_detectors/get.ts
index 4dcd8f0d8c98c..b3eae761486ad 100644
--- a/x-pack/test/api_integration/apis/ml/anomaly_detectors/get.ts
+++ b/x-pack/test/api_integration/apis/ml/anomaly_detectors/get.ts
@@ -91,7 +91,6 @@ export default ({ getService }: FtrProviderContext) => {
         ml.api.assertResponseStatusCode(403, status, body);
 
         expect(body.error).to.eql('Forbidden');
-        expect(body.message).to.eql('Forbidden');
       });
     });
 
@@ -129,7 +128,6 @@ export default ({ getService }: FtrProviderContext) => {
         ml.api.assertResponseStatusCode(403, status, body);
 
         expect(body.error).to.eql('Forbidden');
-        expect(body.message).to.eql('Forbidden');
       });
     });
 
@@ -162,7 +160,6 @@ export default ({ getService }: FtrProviderContext) => {
         ml.api.assertResponseStatusCode(403, status, body);
 
         expect(body.error).to.eql('Forbidden');
-        expect(body.message).to.eql('Forbidden');
       });
     });
 
@@ -214,7 +211,6 @@ export default ({ getService }: FtrProviderContext) => {
         ml.api.assertResponseStatusCode(403, status, body);
 
         expect(body.error).to.eql('Forbidden');
-        expect(body.message).to.eql('Forbidden');
       });
     });
   });
diff --git a/x-pack/test/api_integration/apis/ml/calendars/create_calendars.ts b/x-pack/test/api_integration/apis/ml/calendars/create_calendars.ts
index fdd3d6b2806fc..352264b599118 100644
--- a/x-pack/test/api_integration/apis/ml/calendars/create_calendars.ts
+++ b/x-pack/test/api_integration/apis/ml/calendars/create_calendars.ts
@@ -64,7 +64,6 @@ export default ({ getService }: FtrProviderContext) => {
       ml.api.assertResponseStatusCode(403, status, body);
 
       expect(body.error).to.eql('Forbidden');
-      expect(body.message).to.eql('Forbidden');
       await ml.api.waitForCalendarNotToExist(calendarId);
     });
 
@@ -77,7 +76,6 @@ export default ({ getService }: FtrProviderContext) => {
       ml.api.assertResponseStatusCode(403, status, body);
 
       expect(body.error).to.eql('Forbidden');
-      expect(body.message).to.eql('Forbidden');
       await ml.api.waitForCalendarNotToExist(calendarId);
     });
   });
diff --git a/x-pack/test/api_integration/apis/ml/data_frame_analytics/create_job.ts b/x-pack/test/api_integration/apis/ml/data_frame_analytics/create_job.ts
index bc256d71e4a3e..64745218555a5 100644
--- a/x-pack/test/api_integration/apis/ml/data_frame_analytics/create_job.ts
+++ b/x-pack/test/api_integration/apis/ml/data_frame_analytics/create_job.ts
@@ -168,7 +168,6 @@ export default ({ getService }: FtrProviderContext) => {
         ml.api.assertResponseStatusCode(403, status, body);
 
         expect(body.error).to.eql('Forbidden');
-        expect(body.message).to.eql('Forbidden');
       });
 
       it('should not allow analytics job creation for the user with only view permission', async () => {
@@ -183,7 +182,6 @@ export default ({ getService }: FtrProviderContext) => {
         ml.api.assertResponseStatusCode(403, status, body);
 
         expect(body.error).to.eql('Forbidden');
-        expect(body.message).to.eql('Forbidden');
       });
     });
   });
diff --git a/x-pack/test/api_integration/apis/ml/data_frame_analytics/delete.ts b/x-pack/test/api_integration/apis/ml/data_frame_analytics/delete.ts
index f7e3d16666342..2a2b062e4f07c 100644
--- a/x-pack/test/api_integration/apis/ml/data_frame_analytics/delete.ts
+++ b/x-pack/test/api_integration/apis/ml/data_frame_analytics/delete.ts
@@ -96,7 +96,6 @@ export default ({ getService }: FtrProviderContext) => {
         ml.api.assertResponseStatusCode(403, status, body);
 
         expect(body.error).to.eql('Forbidden');
-        expect(body.message).to.eql('Forbidden');
         await ml.api.waitForDataFrameAnalyticsJobToExist(analyticsId);
       });
 
@@ -109,7 +108,6 @@ export default ({ getService }: FtrProviderContext) => {
         ml.api.assertResponseStatusCode(403, status, body);
 
         expect(body.error).to.eql('Forbidden');
-        expect(body.message).to.eql('Forbidden');
         await ml.api.waitForDataFrameAnalyticsJobToExist(analyticsId);
       });
 
diff --git a/x-pack/test/api_integration/apis/ml/data_frame_analytics/evaluate.ts b/x-pack/test/api_integration/apis/ml/data_frame_analytics/evaluate.ts
index 03cddf6a0668e..7515f8ddc2b87 100644
--- a/x-pack/test/api_integration/apis/ml/data_frame_analytics/evaluate.ts
+++ b/x-pack/test/api_integration/apis/ml/data_frame_analytics/evaluate.ts
@@ -185,7 +185,6 @@ export default ({ getService }: FtrProviderContext) => {
           ml.api.assertResponseStatusCode(403, status, body);
 
           expect(body.error).to.eql('Forbidden');
-          expect(body.message).to.eql('Forbidden');
         });
       });
     });
diff --git a/x-pack/test/api_integration/apis/ml/data_frame_analytics/explain.ts b/x-pack/test/api_integration/apis/ml/data_frame_analytics/explain.ts
index f270834e7da71..a50ae4b824dca 100644
--- a/x-pack/test/api_integration/apis/ml/data_frame_analytics/explain.ts
+++ b/x-pack/test/api_integration/apis/ml/data_frame_analytics/explain.ts
@@ -119,7 +119,6 @@ export default ({ getService }: FtrProviderContext) => {
           ml.api.assertResponseStatusCode(403, status, body);
 
           expect(body.error).to.eql('Forbidden');
-          expect(body.message).to.eql('Forbidden');
         });
 
         it(`should not allow unauthorized user to use explain endpoint for ${testConfig.jobType} job`, async () => {
@@ -131,7 +130,6 @@ export default ({ getService }: FtrProviderContext) => {
           ml.api.assertResponseStatusCode(403, status, body);
 
           expect(body.error).to.eql('Forbidden');
-          expect(body.message).to.eql('Forbidden');
         });
       });
     });
diff --git a/x-pack/test/api_integration/apis/ml/data_frame_analytics/get.ts b/x-pack/test/api_integration/apis/ml/data_frame_analytics/get.ts
index 2459f81b188b7..370542b585cae 100644
--- a/x-pack/test/api_integration/apis/ml/data_frame_analytics/get.ts
+++ b/x-pack/test/api_integration/apis/ml/data_frame_analytics/get.ts
@@ -115,7 +115,6 @@ export default ({ getService }: FtrProviderContext) => {
         ml.api.assertResponseStatusCode(403, status, body);
 
         expect(body.error).to.eql('Forbidden');
-        expect(body.message).to.eql('Forbidden');
       });
     });
 
@@ -153,7 +152,6 @@ export default ({ getService }: FtrProviderContext) => {
         ml.api.assertResponseStatusCode(403, status, body);
 
         expect(body.error).to.eql('Forbidden');
-        expect(body.message).to.eql('Forbidden');
       });
     });
 
@@ -186,7 +184,6 @@ export default ({ getService }: FtrProviderContext) => {
         ml.api.assertResponseStatusCode(403, status, body);
 
         expect(body.error).to.eql('Forbidden');
-        expect(body.message).to.eql('Forbidden');
       });
     });
 
@@ -238,7 +235,6 @@ export default ({ getService }: FtrProviderContext) => {
         ml.api.assertResponseStatusCode(403, status, body);
 
         expect(body.error).to.eql('Forbidden');
-        expect(body.message).to.eql('Forbidden');
       });
     });
 
@@ -307,7 +303,6 @@ export default ({ getService }: FtrProviderContext) => {
         ml.api.assertResponseStatusCode(403, status, body);
 
         expect(body.error).to.eql('Forbidden');
-        expect(body.message).to.eql('Forbidden');
       });
     });
   });
diff --git a/x-pack/test/api_integration/apis/ml/data_frame_analytics/start.ts b/x-pack/test/api_integration/apis/ml/data_frame_analytics/start.ts
index dd1f9fd33aaf0..5a0b1fb0d5451 100644
--- a/x-pack/test/api_integration/apis/ml/data_frame_analytics/start.ts
+++ b/x-pack/test/api_integration/apis/ml/data_frame_analytics/start.ts
@@ -118,7 +118,6 @@ export default ({ getService }: FtrProviderContext) => {
         ml.api.assertResponseStatusCode(403, status, body);
 
         expect(body.error).to.eql('Forbidden');
-        expect(body.message).to.eql('Forbidden');
       });
 
       it('should not allow to start analytics job for user with view only permission', async () => {
@@ -131,7 +130,6 @@ export default ({ getService }: FtrProviderContext) => {
         ml.api.assertResponseStatusCode(403, status, body);
 
         expect(body.error).to.eql('Forbidden');
-        expect(body.message).to.eql('Forbidden');
       });
     });
   });
diff --git a/x-pack/test/api_integration/apis/ml/data_frame_analytics/stop.ts b/x-pack/test/api_integration/apis/ml/data_frame_analytics/stop.ts
index 972a78e433932..e5084deb4e13d 100644
--- a/x-pack/test/api_integration/apis/ml/data_frame_analytics/stop.ts
+++ b/x-pack/test/api_integration/apis/ml/data_frame_analytics/stop.ts
@@ -73,7 +73,6 @@ export default ({ getService }: FtrProviderContext) => {
         ml.api.assertResponseStatusCode(403, status, body);
 
         expect(body.error).to.eql('Forbidden');
-        expect(body.message).to.eql('Forbidden');
       });
 
       it('should not allow to stop analytics job for user with view only permission', async () => {
@@ -84,7 +83,6 @@ export default ({ getService }: FtrProviderContext) => {
         ml.api.assertResponseStatusCode(403, status, body);
 
         expect(body.error).to.eql('Forbidden');
-        expect(body.message).to.eql('Forbidden');
       });
     });
   });
diff --git a/x-pack/test/api_integration/apis/ml/data_frame_analytics/update.ts b/x-pack/test/api_integration/apis/ml/data_frame_analytics/update.ts
index cb2854723bfba..f15e63af61608 100644
--- a/x-pack/test/api_integration/apis/ml/data_frame_analytics/update.ts
+++ b/x-pack/test/api_integration/apis/ml/data_frame_analytics/update.ts
@@ -226,7 +226,6 @@ export default ({ getService }: FtrProviderContext) => {
         ml.api.assertResponseStatusCode(403, status, body);
 
         expect(body.error).to.eql('Forbidden');
-        expect(body.message).to.eql('Forbidden');
 
         const fetchedJob = await getDFAJob(analyticsId);
         // Description should not have changed
@@ -247,7 +246,6 @@ export default ({ getService }: FtrProviderContext) => {
         ml.api.assertResponseStatusCode(403, status, body);
 
         expect(body.error).to.eql('Forbidden');
-        expect(body.message).to.eql('Forbidden');
 
         const fetchedJob = await getDFAJob(analyticsId);
         // Description should not have changed
diff --git a/x-pack/test/api_integration/apis/ml/data_frame_analytics/validate.ts b/x-pack/test/api_integration/apis/ml/data_frame_analytics/validate.ts
index b274a1bae4fbc..f16039ef79085 100644
--- a/x-pack/test/api_integration/apis/ml/data_frame_analytics/validate.ts
+++ b/x-pack/test/api_integration/apis/ml/data_frame_analytics/validate.ts
@@ -114,7 +114,6 @@ export default ({ getService }: FtrProviderContext) => {
         ml.api.assertResponseStatusCode(403, status, body);
 
         expect(body.error).to.eql('Forbidden');
-        expect(body.message).to.eql('Forbidden');
       });
 
       it('should not allow analytics job validation for the user with only view permission', async () => {
@@ -128,7 +127,6 @@ export default ({ getService }: FtrProviderContext) => {
         ml.api.assertResponseStatusCode(403, status, body);
 
         expect(body.error).to.eql('Forbidden');
-        expect(body.message).to.eql('Forbidden');
       });
     });
   });
diff --git a/x-pack/test/api_integration/apis/ml/filters/create_filters.ts b/x-pack/test/api_integration/apis/ml/filters/create_filters.ts
index 91d468593df82..00f230b883569 100644
--- a/x-pack/test/api_integration/apis/ml/filters/create_filters.ts
+++ b/x-pack/test/api_integration/apis/ml/filters/create_filters.ts
@@ -42,7 +42,8 @@ export default ({ getService }: FtrProviderContext) => {
         responseCode: 403,
         responseBody: {
           error: 'Forbidden',
-          message: 'Forbidden',
+          message:
+            'API [PUT /internal/ml/filters] is unauthorized for user, this action is granted by the Kibana privileges [ml:canCreateFilter]',
         },
       },
     },
@@ -58,7 +59,8 @@ export default ({ getService }: FtrProviderContext) => {
         responseCode: 403,
         responseBody: {
           error: 'Forbidden',
-          message: 'Forbidden',
+          message:
+            'API [PUT /internal/ml/filters] is unauthorized for user, this action is granted by the Kibana privileges [ml:canCreateFilter]',
         },
       },
     },
diff --git a/x-pack/test/api_integration/apis/ml/filters/get_filters.ts b/x-pack/test/api_integration/apis/ml/filters/get_filters.ts
index 791d14ad24089..64d78ac795090 100644
--- a/x-pack/test/api_integration/apis/ml/filters/get_filters.ts
+++ b/x-pack/test/api_integration/apis/ml/filters/get_filters.ts
@@ -60,7 +60,6 @@ export default ({ getService }: FtrProviderContext) => {
       ml.api.assertResponseStatusCode(403, status, body);
 
       expect(body.error).to.eql('Forbidden');
-      expect(body.message).to.eql('Forbidden');
     });
 
     it(`should not allow to retrieve filters for unauthorized user`, async () => {
@@ -71,7 +70,6 @@ export default ({ getService }: FtrProviderContext) => {
       ml.api.assertResponseStatusCode(403, status, body);
 
       expect(body.error).to.eql('Forbidden');
-      expect(body.message).to.eql('Forbidden');
     });
 
     it(`should fetch single filter by id`, async () => {
diff --git a/x-pack/test/api_integration/apis/ml/filters/get_filters_stats.ts b/x-pack/test/api_integration/apis/ml/filters/get_filters_stats.ts
index c0c2e115eb7ba..06f6d17466322 100644
--- a/x-pack/test/api_integration/apis/ml/filters/get_filters_stats.ts
+++ b/x-pack/test/api_integration/apis/ml/filters/get_filters_stats.ts
@@ -212,7 +212,6 @@ export default ({ getService }: FtrProviderContext) => {
       ml.api.assertResponseStatusCode(403, status, body);
 
       expect(body.error).to.eql('Forbidden');
-      expect(body.message).to.eql('Forbidden');
     });
 
     it(`should not allow retrieving filters stats for unauthorized user`, async () => {
@@ -223,7 +222,6 @@ export default ({ getService }: FtrProviderContext) => {
       ml.api.assertResponseStatusCode(403, status, body);
 
       expect(body.error).to.eql('Forbidden');
-      expect(body.message).to.eql('Forbidden');
     });
   });
 };
diff --git a/x-pack/test/api_integration/apis/ml/job_audit_messages/clear_messages.ts b/x-pack/test/api_integration/apis/ml/job_audit_messages/clear_messages.ts
index 4d266055dc54a..a0e214ffe7882 100644
--- a/x-pack/test/api_integration/apis/ml/job_audit_messages/clear_messages.ts
+++ b/x-pack/test/api_integration/apis/ml/job_audit_messages/clear_messages.ts
@@ -92,7 +92,6 @@ export default ({ getService }: FtrProviderContext) => {
       ml.api.assertResponseStatusCode(403, status, body);
 
       expect(body.error).to.eql('Forbidden');
-      expect(body.message).to.eql('Forbidden');
 
       const { body: getBody, status: getStatus } = await supertest
         .get(`/internal/ml/job_audit_messages/messages/test_get_job_audit_messages_2`)
@@ -115,7 +114,6 @@ export default ({ getService }: FtrProviderContext) => {
       ml.api.assertResponseStatusCode(403, status, body);
 
       expect(body.error).to.eql('Forbidden');
-      expect(body.message).to.eql('Forbidden');
 
       const { body: getBody, status: getStatus } = await supertest
         .get(`/internal/ml/job_audit_messages/messages/test_get_job_audit_messages_2`)
diff --git a/x-pack/test/api_integration/apis/ml/job_audit_messages/get_job_audit_messages.ts b/x-pack/test/api_integration/apis/ml/job_audit_messages/get_job_audit_messages.ts
index 907624586a641..02a4b6e8be3e8 100644
--- a/x-pack/test/api_integration/apis/ml/job_audit_messages/get_job_audit_messages.ts
+++ b/x-pack/test/api_integration/apis/ml/job_audit_messages/get_job_audit_messages.ts
@@ -118,7 +118,6 @@ export default ({ getService }: FtrProviderContext) => {
       ml.api.assertResponseStatusCode(403, status, body);
 
       expect(body.error).to.eql('Forbidden');
-      expect(body.message).to.eql('Forbidden');
     });
   });
 };
diff --git a/x-pack/test/api_integration/apis/ml/job_validation/cardinality.ts b/x-pack/test/api_integration/apis/ml/job_validation/cardinality.ts
index 7f625efc9d776..99663f5c57a81 100644
--- a/x-pack/test/api_integration/apis/ml/job_validation/cardinality.ts
+++ b/x-pack/test/api_integration/apis/ml/job_validation/cardinality.ts
@@ -191,7 +191,6 @@ export default ({ getService }: FtrProviderContext) => {
       ml.api.assertResponseStatusCode(403, status, body);
 
       expect(body.error).to.eql('Forbidden');
-      expect(body.message).to.eql('Forbidden');
     });
   });
 };
diff --git a/x-pack/test/api_integration/apis/ml/job_validation/validate.ts b/x-pack/test/api_integration/apis/ml/job_validation/validate.ts
index b1481ffe183d5..58dbd5560e661 100644
--- a/x-pack/test/api_integration/apis/ml/job_validation/validate.ts
+++ b/x-pack/test/api_integration/apis/ml/job_validation/validate.ts
@@ -285,7 +285,6 @@ export default ({ getService }: FtrProviderContext) => {
       ml.api.assertResponseStatusCode(403, status, body);
 
       expect(body.error).to.eql('Forbidden');
-      expect(body.message).to.eql('Forbidden');
     });
   });
 };
diff --git a/x-pack/test/api_integration/apis/ml/modules/setup_module.ts b/x-pack/test/api_integration/apis/ml/modules/setup_module.ts
index def9774a55ddc..c8d5b12f10f55 100644
--- a/x-pack/test/api_integration/apis/ml/modules/setup_module.ts
+++ b/x-pack/test/api_integration/apis/ml/modules/setup_module.ts
@@ -669,7 +669,8 @@ export default ({ getService }: FtrProviderContext) => {
       expected: {
         responseCode: 403,
         error: 'Forbidden',
-        message: 'Forbidden',
+        message:
+          'API [POST /internal/ml/modules/setup/sample_data_weblogs] is unauthorized for user, this action is granted by the Kibana privileges [ml:canCreateJob]',
       },
     },
   ];
diff --git a/x-pack/test/api_integration/apis/ml/results/get_anomalies_table_data.ts b/x-pack/test/api_integration/apis/ml/results/get_anomalies_table_data.ts
index 5cff7bca0981b..d495015b00a51 100644
--- a/x-pack/test/api_integration/apis/ml/results/get_anomalies_table_data.ts
+++ b/x-pack/test/api_integration/apis/ml/results/get_anomalies_table_data.ts
@@ -130,7 +130,6 @@ export default ({ getService }: FtrProviderContext) => {
       ml.api.assertResponseStatusCode(403, status, body);
 
       expect(body.error).to.eql('Forbidden');
-      expect(body.message).to.eql('Forbidden');
     });
   });
 };
diff --git a/x-pack/test/api_integration/apis/ml/results/get_categorizer_stats.ts b/x-pack/test/api_integration/apis/ml/results/get_categorizer_stats.ts
index 87154beb07efe..9b5c945047ac9 100644
--- a/x-pack/test/api_integration/apis/ml/results/get_categorizer_stats.ts
+++ b/x-pack/test/api_integration/apis/ml/results/get_categorizer_stats.ts
@@ -102,7 +102,6 @@ export default ({ getService }: FtrProviderContext) => {
       ml.api.assertResponseStatusCode(403, status, body);
 
       expect(body.error).to.be('Forbidden');
-      expect(body.message).to.be('Forbidden');
     });
 
     it('should fetch all the categorizer stats with per-partition value for job id', async () => {
@@ -146,7 +145,6 @@ export default ({ getService }: FtrProviderContext) => {
       ml.api.assertResponseStatusCode(403, status, body);
 
       expect(body.error).to.be('Forbidden');
-      expect(body.message).to.be('Forbidden');
     });
   });
 };
diff --git a/x-pack/test/api_integration/apis/ml/results/get_datafeed_results_chart.ts b/x-pack/test/api_integration/apis/ml/results/get_datafeed_results_chart.ts
index 07e544fd1ec2c..d8b632dbc8657 100644
--- a/x-pack/test/api_integration/apis/ml/results/get_datafeed_results_chart.ts
+++ b/x-pack/test/api_integration/apis/ml/results/get_datafeed_results_chart.ts
@@ -120,7 +120,6 @@ export default ({ getService }: FtrProviderContext) => {
       ml.api.assertResponseStatusCode(403, status, body);
 
       expect(body.error).to.eql('Forbidden');
-      expect(body.message).to.eql('Forbidden');
     });
   });
 };
diff --git a/x-pack/test/api_integration/apis/ml/results/get_stopped_partitions.ts b/x-pack/test/api_integration/apis/ml/results/get_stopped_partitions.ts
index 3dc4686102c3d..6e546df2a58e1 100644
--- a/x-pack/test/api_integration/apis/ml/results/get_stopped_partitions.ts
+++ b/x-pack/test/api_integration/apis/ml/results/get_stopped_partitions.ts
@@ -152,7 +152,6 @@ export default ({ getService }: FtrProviderContext) => {
       ml.api.assertResponseStatusCode(403, status, body);
 
       expect(body.error).to.be('Forbidden');
-      expect(body.message).to.be('Forbidden');
     });
 
     it('should fetch stopped partitions for multiple job ids', async () => {
diff --git a/x-pack/test/api_integration/apis/ml/system/has_privileges.ts b/x-pack/test/api_integration/apis/ml/system/has_privileges.ts
index 2e705240b403e..ac4872ec9c70f 100644
--- a/x-pack/test/api_integration/apis/ml/system/has_privileges.ts
+++ b/x-pack/test/api_integration/apis/ml/system/has_privileges.ts
@@ -7,7 +7,6 @@
 
 import expect from '@kbn/expect';
 
-import { MlHasPrivilegesResponse } from '@kbn/ml-plugin/public/application/services/ml_api_service';
 import { FtrProviderContext } from '../../../ftr_provider_context';
 import { getCommonRequestHeader } from '../../../../functional/services/ml/common_api';
 import { USER } from '../../../../functional/services/ml/security_common';
@@ -17,11 +16,7 @@ export default ({ getService }: FtrProviderContext) => {
   const supertest = getService('supertestWithoutAuth');
   const ml = getService('ml');
 
-  async function runRequest(
-    user: USER,
-    index: any,
-    expectedStatusCode = 200
-  ): Promise<MlHasPrivilegesResponse> {
+  async function runRequest(user: USER, index: any, expectedStatusCode = 200) {
     const { body, status } = await supertest
       .post(`/internal/ml/_has_privileges`)
       .auth(user, ml.securityCommon.getPasswordForUser(user))
@@ -104,7 +99,10 @@ export default ({ getService }: FtrProviderContext) => {
           privileges: ['write'],
         },
       ],
-      expectedResponse: { statusCode: 403, error: 'Forbidden', message: 'Forbidden' },
+      expectedResponse: {
+        statusCode: 403,
+        error: 'Forbidden',
+      },
       expectedStatusCode: 403,
     },
   ];
@@ -120,9 +118,17 @@ export default ({ getService }: FtrProviderContext) => {
     it('should return correct privileges for test data', async () => {
       for (const { user, index, expectedResponse, expectedStatusCode } of testData) {
         const response = await runRequest(user, index, expectedStatusCode);
-        expect(response).to.eql(
-          expectedResponse,
-          `expected ${JSON.stringify(expectedResponse)}, got ${JSON.stringify(response)}`
+        expect(response.statusCode).to.eql(
+          expectedResponse.statusCode,
+          `expected ${JSON.stringify(expectedResponse.statusCode)}, got ${JSON.stringify(
+            response.statusCode
+          )}`
+        );
+        expect(response.error).to.eql(
+          expectedResponse.error,
+          `expected ${JSON.stringify(expectedResponse.error)}, got ${JSON.stringify(
+            response.error
+          )}`
         );
       }
     });
diff --git a/x-pack/test/api_integration/apis/upgrade_assistant/upgrade_assistant.ts b/x-pack/test/api_integration/apis/upgrade_assistant/upgrade_assistant.ts
index f03cb6fb80e37..7d7e035741bbb 100644
--- a/x-pack/test/api_integration/apis/upgrade_assistant/upgrade_assistant.ts
+++ b/x-pack/test/api_integration/apis/upgrade_assistant/upgrade_assistant.ts
@@ -14,7 +14,8 @@ export default function ({ getService }: FtrProviderContext) {
   const es = getService('es');
   const supertest = getService('supertest');
 
-  describe('Upgrade Assistant', function () {
+  // Failing: See https://github.com/elastic/kibana/issues/199719
+  describe.skip('Upgrade Assistant', function () {
     describe('Reindex operation saved object', () => {
       const dotKibanaIndex = '.kibana';
       const fakeSavedObjectId = 'fakeSavedObjectId';
diff --git a/x-pack/test/api_integration/config.ts b/x-pack/test/api_integration/config.ts
index 9cb5a134681a9..e43c76d42adfa 100644
--- a/x-pack/test/api_integration/config.ts
+++ b/x-pack/test/api_integration/config.ts
@@ -30,9 +30,6 @@ export async function getApiIntegrationConfig({ readConfigFile }: FtrConfigProvi
         '--xpack.ruleRegistry.write.enabled=true',
         '--xpack.ruleRegistry.write.enabled=true',
         '--xpack.ruleRegistry.write.cache.enabled=false',
-        `--xpack.securitySolution.enableExperimental=${JSON.stringify([
-          'assistantKnowledgeBaseByDefault',
-        ])}`,
         '--monitoring_collection.opentelemetry.metrics.prometheus.enabled=true',
       ],
     },
diff --git a/x-pack/test/api_integration/deployment_agnostic/apis/observability/apm/environment/get_environment.spec.ts b/x-pack/test/api_integration/deployment_agnostic/apis/observability/apm/environment/get_environment.spec.ts
new file mode 100644
index 0000000000000..ba6f0df98e3a1
--- /dev/null
+++ b/x-pack/test/api_integration/deployment_agnostic/apis/observability/apm/environment/get_environment.spec.ts
@@ -0,0 +1,155 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import expect from '@kbn/expect';
+import { apm, timerange } from '@kbn/apm-synthtrace-client';
+import type { ApmSynthtraceEsClient } from '@kbn/apm-synthtrace';
+import type { DeploymentAgnosticFtrProviderContext } from '../../../../ftr_provider_context';
+
+async function generateData({
+  apmSynthtraceEsClient,
+  start,
+  end,
+}: {
+  apmSynthtraceEsClient: ApmSynthtraceEsClient;
+  start: number;
+  end: number;
+}) {
+  const environmentNames = ['production', 'development', 'staging'];
+  const serviceNames = ['go', 'java', 'node'];
+
+  const services = environmentNames.flatMap((environment) => {
+    return serviceNames.flatMap((serviceName) => {
+      return apm
+        .service({
+          name: serviceName,
+          environment,
+          agentName: serviceName,
+        })
+        .instance('instance-a');
+    });
+  });
+
+  const goServiceWithAdditionalEnvironment = apm
+    .service({
+      name: 'go',
+      environment: 'custom-go-environment',
+      agentName: 'go',
+    })
+    .instance('instance-a');
+
+  // Generate a transaction for each service
+  const docs = timerange(start, end)
+    .ratePerMinute(1)
+    .generator((timestamp) => {
+      const loopGeneratedDocs = services.flatMap((service) => {
+        return service
+          .transaction({ transactionName: 'GET /api/product/:id' })
+          .timestamp(timestamp)
+          .duration(1000);
+      });
+
+      const customDoc = goServiceWithAdditionalEnvironment
+        .transaction({
+          transactionName: 'GET /api/go/memory',
+          transactionType: 'custom-go-type',
+        })
+        .timestamp(timestamp)
+        .duration(1000);
+
+      return [...loopGeneratedDocs, customDoc];
+    });
+
+  return apmSynthtraceEsClient.index(docs);
+}
+
+const startNumber = new Date('2021-01-01T00:00:00.000Z').getTime();
+const endNumber = new Date('2021-01-01T00:05:00.000Z').getTime() - 1;
+
+const start = new Date(startNumber).toISOString();
+const end = new Date(endNumber).toISOString();
+
+export default function environmentsAPITests({ getService }: DeploymentAgnosticFtrProviderContext) {
+  const apmApiClient = getService('apmApi');
+  const synthtrace = getService('synthtrace');
+
+  describe('get environments', () => {
+    let apmSynthtraceEsClient: ApmSynthtraceEsClient;
+
+    before(async () => {
+      apmSynthtraceEsClient = await synthtrace.createApmSynthtraceEsClient();
+      await generateData({
+        apmSynthtraceEsClient,
+        start: startNumber,
+        end: endNumber,
+      });
+    });
+
+    after(async () => {
+      await apmSynthtraceEsClient.clean();
+    });
+
+    describe('when service name is not specified', () => {
+      it('returns all environments', async () => {
+        const { body } = await apmApiClient.readUser({
+          endpoint: 'GET /internal/apm/environments',
+          params: {
+            query: { start, end },
+          },
+        });
+
+        expect(body.environments.length).to.be.equal(4);
+        expectSnapshot(body.environments).toMatchInline(`
+            Array [
+              "development",
+              "production",
+              "staging",
+              "custom-go-environment",
+            ]
+          `);
+      });
+    });
+
+    describe('when service name is specified', () => {
+      it('returns service specific environments for go', async () => {
+        const { body } = await apmApiClient.readUser({
+          endpoint: 'GET /internal/apm/environments',
+          params: {
+            query: { start, end, serviceName: 'go' },
+          },
+        });
+
+        expect(body.environments.length).to.be.equal(4);
+        expectSnapshot(body.environments).toMatchInline(`
+            Array [
+              "custom-go-environment",
+              "development",
+              "production",
+              "staging",
+            ]
+          `);
+      });
+
+      it('returns service specific environments for java', async () => {
+        const { body } = await apmApiClient.readUser({
+          endpoint: 'GET /internal/apm/environments',
+          params: {
+            query: { start, end, serviceName: 'java' },
+          },
+        });
+
+        expect(body.environments.length).to.be.equal(3);
+        expectSnapshot(body.environments).toMatchInline(`
+            Array [
+              "development",
+              "production",
+              "staging",
+            ]
+          `);
+      });
+    });
+  });
+}
diff --git a/x-pack/test/api_integration/deployment_agnostic/apis/observability/apm/environment/index.ts b/x-pack/test/api_integration/deployment_agnostic/apis/observability/apm/environment/index.ts
new file mode 100644
index 0000000000000..4a77e610d5000
--- /dev/null
+++ b/x-pack/test/api_integration/deployment_agnostic/apis/observability/apm/environment/index.ts
@@ -0,0 +1,14 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { DeploymentAgnosticFtrProviderContext } from '../../../../ftr_provider_context';
+
+export default function ({ loadTestFile }: DeploymentAgnosticFtrProviderContext) {
+  describe('environment', () => {
+    loadTestFile(require.resolve('./get_environment.spec.ts'));
+  });
+}
diff --git a/x-pack/test/api_integration/deployment_agnostic/apis/observability/apm/error_rate/index.ts b/x-pack/test/api_integration/deployment_agnostic/apis/observability/apm/error_rate/index.ts
new file mode 100644
index 0000000000000..a3dd89f0ddb1a
--- /dev/null
+++ b/x-pack/test/api_integration/deployment_agnostic/apis/observability/apm/error_rate/index.ts
@@ -0,0 +1,15 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { DeploymentAgnosticFtrProviderContext } from '../../../../ftr_provider_context';
+
+export default function ({ loadTestFile }: DeploymentAgnosticFtrProviderContext) {
+  describe('error_rate', () => {
+    loadTestFile(require.resolve('./service_apis.spec.ts'));
+    loadTestFile(require.resolve('./service_maps.spec.ts'));
+  });
+}
diff --git a/x-pack/test/apm_api_integration/tests/error_rate/service_apis.spec.ts b/x-pack/test/api_integration/deployment_agnostic/apis/observability/apm/error_rate/service_apis.spec.ts
similarity index 93%
rename from x-pack/test/apm_api_integration/tests/error_rate/service_apis.spec.ts
rename to x-pack/test/api_integration/deployment_agnostic/apis/observability/apm/error_rate/service_apis.spec.ts
index 2ab6b1bb97a5e..56dded824a32d 100644
--- a/x-pack/test/apm_api_integration/tests/error_rate/service_apis.spec.ts
+++ b/x-pack/test/api_integration/deployment_agnostic/apis/observability/apm/error_rate/service_apis.spec.ts
@@ -5,6 +5,7 @@
  * 2.0.
  */
 import { apm, timerange } from '@kbn/apm-synthtrace-client';
+import type { ApmSynthtraceEsClient } from '@kbn/apm-synthtrace';
 import expect from '@kbn/expect';
 import { mean, meanBy, sumBy } from 'lodash';
 import { LatencyAggregationType } from '@kbn/apm-plugin/common/latency_aggregation_types';
@@ -12,12 +13,16 @@ import { isFiniteNumber } from '@kbn/apm-plugin/common/utils/is_finite_number';
 import { ApmDocumentType } from '@kbn/apm-plugin/common/document_type';
 import { RollupInterval } from '@kbn/apm-plugin/common/rollup';
 import { ProcessorEvent } from '@kbn/observability-plugin/common';
-import { FtrProviderContext } from '../../common/ftr_provider_context';
+import { DeploymentAgnosticFtrProviderContext } from '../../../../ftr_provider_context';
 
-export default function ApiTest({ getService }: FtrProviderContext) {
-  const registry = getService('registry');
-  const apmApiClient = getService('apmApiClient');
-  const apmSynthtraceEsClient = getService('apmSynthtraceEsClient');
+const GO_PROD_LIST_RATE = 75;
+const GO_PROD_LIST_ERROR_RATE = 25;
+const GO_PROD_ID_RATE = 50;
+const GO_PROD_ID_ERROR_RATE = 50;
+
+export default function ApiTest({ getService }: DeploymentAgnosticFtrProviderContext) {
+  const apmApiClient = getService('apmApi');
+  const synthtrace = getService('synthtrace');
 
   const serviceName = 'synth-go';
   const start = new Date('2021-01-01T00:00:00.000Z').getTime();
@@ -151,13 +156,10 @@ export default function ApiTest({ getService }: FtrProviderContext) {
   let errorRateMetricValues: Awaited<ReturnType<typeof getErrorRateValues>>;
   let errorTransactionValues: Awaited<ReturnType<typeof getErrorRateValues>>;
 
-  // FLAKY: https://github.com/elastic/kibana/issues/177321
-  registry.when('Services APIs', { config: 'basic', archives: [] }, () => {
+  describe('Services APIs', () => {
     describe('when data is loaded ', () => {
-      const GO_PROD_LIST_RATE = 75;
-      const GO_PROD_LIST_ERROR_RATE = 25;
-      const GO_PROD_ID_RATE = 50;
-      const GO_PROD_ID_ERROR_RATE = 50;
+      let apmSynthtraceEsClient: ApmSynthtraceEsClient;
+
       before(async () => {
         const serviceGoProdInstance = apm
           .service({ name: serviceName, environment: 'production', agentName: 'go' })
@@ -166,6 +168,8 @@ export default function ApiTest({ getService }: FtrProviderContext) {
         const transactionNameProductList = 'GET /api/product/list';
         const transactionNameProductId = 'GET /api/product/:id';
 
+        apmSynthtraceEsClient = await synthtrace.createApmSynthtraceEsClient();
+
         await apmSynthtraceEsClient.index([
           timerange(start, end)
             .interval('1m')
diff --git a/x-pack/test/apm_api_integration/tests/error_rate/service_maps.spec.ts b/x-pack/test/api_integration/deployment_agnostic/apis/observability/apm/error_rate/service_maps.spec.ts
similarity index 89%
rename from x-pack/test/apm_api_integration/tests/error_rate/service_maps.spec.ts
rename to x-pack/test/api_integration/deployment_agnostic/apis/observability/apm/error_rate/service_maps.spec.ts
index aa7d635b977cc..462ad8db4bdda 100644
--- a/x-pack/test/apm_api_integration/tests/error_rate/service_maps.spec.ts
+++ b/x-pack/test/api_integration/deployment_agnostic/apis/observability/apm/error_rate/service_maps.spec.ts
@@ -5,17 +5,22 @@
  * 2.0.
  */
 import { apm, timerange } from '@kbn/apm-synthtrace-client';
+import { ApmSynthtraceEsClient } from '@kbn/apm-synthtrace';
 import expect from '@kbn/expect';
 import { meanBy } from 'lodash';
 import { ApmDocumentType } from '@kbn/apm-plugin/common/document_type';
 import { RollupInterval } from '@kbn/apm-plugin/common/rollup';
 import { ProcessorEvent } from '@kbn/observability-plugin/common';
-import { FtrProviderContext } from '../../common/ftr_provider_context';
+import { DeploymentAgnosticFtrProviderContext } from '../../../../ftr_provider_context';
 
-export default function ApiTest({ getService }: FtrProviderContext) {
-  const registry = getService('registry');
-  const apmApiClient = getService('apmApiClient');
-  const apmSynthtraceEsClient = getService('apmSynthtraceEsClient');
+const GO_PROD_LIST_RATE = 75;
+const GO_PROD_LIST_ERROR_RATE = 25;
+const GO_PROD_ID_RATE = 50;
+const GO_PROD_ID_ERROR_RATE = 50;
+
+export default function ApiTest({ getService }: DeploymentAgnosticFtrProviderContext) {
+  const apmApiClient = getService('apmApi');
+  const synthtrace = getService('synthtrace');
 
   const serviceName = 'synth-go';
   const start = new Date('2021-01-01T00:00:00.000Z').getTime();
@@ -74,13 +79,11 @@ export default function ApiTest({ getService }: FtrProviderContext) {
 
   let errorRateMetricValues: Awaited<ReturnType<typeof getErrorRateValues>>;
   let errorTransactionValues: Awaited<ReturnType<typeof getErrorRateValues>>;
-  registry.when('Service Maps APIs', { config: 'trial', archives: [] }, () => {
+
+  describe('Service Maps APIs', () => {
     describe('when data is loaded ', () => {
-      const GO_PROD_LIST_RATE = 75;
-      const GO_PROD_LIST_ERROR_RATE = 25;
-      const GO_PROD_ID_RATE = 50;
-      const GO_PROD_ID_ERROR_RATE = 50;
-      before(() => {
+      let apmSynthtraceEsClient: ApmSynthtraceEsClient;
+      before(async () => {
         const serviceGoProdInstance = apm
           .service({ name: serviceName, environment: 'production', agentName: 'go' })
           .instance('instance-a');
@@ -88,6 +91,8 @@ export default function ApiTest({ getService }: FtrProviderContext) {
         const transactionNameProductList = 'GET /api/product/list';
         const transactionNameProductId = 'GET /api/product/:id';
 
+        apmSynthtraceEsClient = await synthtrace.createApmSynthtraceEsClient();
+
         return apmSynthtraceEsClient.index([
           timerange(start, end)
             .interval('1m')
@@ -140,7 +145,6 @@ export default function ApiTest({ getService }: FtrProviderContext) {
 
       after(() => apmSynthtraceEsClient.clean());
 
-      // FLAKY: https://github.com/elastic/kibana/issues/172772
       describe('compare latency value between service inventory and service maps', () => {
         before(async () => {
           [errorTransactionValues, errorRateMetricValues] = await Promise.all([
diff --git a/x-pack/test/apm_api_integration/tests/historical_data/has_data.spec.ts b/x-pack/test/api_integration/deployment_agnostic/apis/observability/apm/historical_data/has_data.spec.ts
similarity index 77%
rename from x-pack/test/apm_api_integration/tests/historical_data/has_data.spec.ts
rename to x-pack/test/api_integration/deployment_agnostic/apis/observability/apm/historical_data/has_data.spec.ts
index e0b5a0e076ffd..6ac96b8e38154 100644
--- a/x-pack/test/apm_api_integration/tests/historical_data/has_data.spec.ts
+++ b/x-pack/test/api_integration/deployment_agnostic/apis/observability/apm/historical_data/has_data.spec.ts
@@ -8,15 +8,14 @@
 import expect from '@kbn/expect';
 import { apm, timerange } from '@kbn/apm-synthtrace-client';
 import moment from 'moment';
-import { FtrProviderContext } from '../../common/ftr_provider_context';
+import { ApmSynthtraceEsClient } from '@kbn/apm-synthtrace';
+import { DeploymentAgnosticFtrProviderContext } from '../../../../ftr_provider_context';
 
-export default function ApiTest({ getService }: FtrProviderContext) {
-  const registry = getService('registry');
-  const apmApiClient = getService('apmApiClient');
-  const apmSynthtraceEsClient = getService('apmSynthtraceEsClient');
+export default function ApiTest({ getService }: DeploymentAgnosticFtrProviderContext) {
+  const apmApiClient = getService('apmApi');
+  const synthtrace = getService('synthtrace');
 
-  // FLAKY: https://github.com/elastic/kibana/issues/177385
-  registry.when('Historical data ', { config: 'basic', archives: [] }, () => {
+  describe('Historical data ', () => {
     describe('when there is not data', () => {
       it('returns hasData=false', async () => {
         const response = await apmApiClient.readUser({ endpoint: `GET /internal/apm/has_data` });
@@ -26,7 +25,11 @@ export default function ApiTest({ getService }: FtrProviderContext) {
     });
 
     describe('when there is data', () => {
+      let apmSynthtraceEsClient: ApmSynthtraceEsClient;
+
       before(async () => {
+        apmSynthtraceEsClient = await synthtrace.createApmSynthtraceEsClient();
+
         const start = moment().subtract(30, 'minutes').valueOf();
         const end = moment().valueOf();
 
diff --git a/x-pack/test/api_integration/deployment_agnostic/apis/observability/apm/historical_data/index.ts b/x-pack/test/api_integration/deployment_agnostic/apis/observability/apm/historical_data/index.ts
new file mode 100644
index 0000000000000..49f0068ee313b
--- /dev/null
+++ b/x-pack/test/api_integration/deployment_agnostic/apis/observability/apm/historical_data/index.ts
@@ -0,0 +1,14 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { DeploymentAgnosticFtrProviderContext } from '../../../../ftr_provider_context';
+
+export default function ({ loadTestFile }: DeploymentAgnosticFtrProviderContext) {
+  describe('historical_data', () => {
+    loadTestFile(require.resolve('./has_data.spec.ts'));
+  });
+}
diff --git a/x-pack/test/api_integration/deployment_agnostic/apis/observability/apm/index.ts b/x-pack/test/api_integration/deployment_agnostic/apis/observability/apm/index.ts
index cc56d0f2e6684..ff5a4618e33c3 100644
--- a/x-pack/test/api_integration/deployment_agnostic/apis/observability/apm/index.ts
+++ b/x-pack/test/api_integration/deployment_agnostic/apis/observability/apm/index.ts
@@ -16,9 +16,16 @@ export default function apmApiIntegrationTests({
     loadTestFile(require.resolve('./mobile'));
     loadTestFile(require.resolve('./custom_dashboards'));
     loadTestFile(require.resolve('./dependencies'));
+    loadTestFile(require.resolve('./environment'));
+    loadTestFile(require.resolve('./error_rate'));
     loadTestFile(require.resolve('./data_view'));
     loadTestFile(require.resolve('./correlations'));
     loadTestFile(require.resolve('./entities'));
     loadTestFile(require.resolve('./cold_start'));
+    loadTestFile(require.resolve('./historical_data'));
+    loadTestFile(require.resolve('./observability_overview'));
+    loadTestFile(require.resolve('./latency'));
+    loadTestFile(require.resolve('./infrastructure'));
+    loadTestFile(require.resolve('./service_groups'));
   });
 }
diff --git a/x-pack/test/apm_api_integration/tests/infrastructure/generate_data.ts b/x-pack/test/api_integration/deployment_agnostic/apis/observability/apm/infrastructure/generate_data.ts
similarity index 100%
rename from x-pack/test/apm_api_integration/tests/infrastructure/generate_data.ts
rename to x-pack/test/api_integration/deployment_agnostic/apis/observability/apm/infrastructure/generate_data.ts
diff --git a/x-pack/test/api_integration/deployment_agnostic/apis/observability/apm/infrastructure/index.ts b/x-pack/test/api_integration/deployment_agnostic/apis/observability/apm/infrastructure/index.ts
new file mode 100644
index 0000000000000..1351a44d41c8e
--- /dev/null
+++ b/x-pack/test/api_integration/deployment_agnostic/apis/observability/apm/infrastructure/index.ts
@@ -0,0 +1,14 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { DeploymentAgnosticFtrProviderContext } from '../../../../ftr_provider_context';
+
+export default function ({ loadTestFile }: DeploymentAgnosticFtrProviderContext) {
+  describe('infrastructure', () => {
+    loadTestFile(require.resolve('./infrastructure_attributes.spec.ts'));
+  });
+}
diff --git a/x-pack/test/apm_api_integration/tests/infrastructure/infrastructure_attributes.spec.ts b/x-pack/test/api_integration/deployment_agnostic/apis/observability/apm/infrastructure/infrastructure_attributes.spec.ts
similarity index 76%
rename from x-pack/test/apm_api_integration/tests/infrastructure/infrastructure_attributes.spec.ts
rename to x-pack/test/api_integration/deployment_agnostic/apis/observability/apm/infrastructure/infrastructure_attributes.spec.ts
index 7a79e2f8be4b1..ca70d8d1fa002 100644
--- a/x-pack/test/apm_api_integration/tests/infrastructure/infrastructure_attributes.spec.ts
+++ b/x-pack/test/api_integration/deployment_agnostic/apis/observability/apm/infrastructure/infrastructure_attributes.spec.ts
@@ -5,13 +5,13 @@
  * 2.0.
  */
 import expect from '@kbn/expect';
-import { FtrProviderContext } from '../../common/ftr_provider_context';
+import type { ApmSynthtraceEsClient } from '@kbn/apm-synthtrace';
 import { generateData } from './generate_data';
+import { DeploymentAgnosticFtrProviderContext } from '../../../../ftr_provider_context';
 
-export default function ApiTest({ getService }: FtrProviderContext) {
-  const registry = getService('registry');
-  const apmApiClient = getService('apmApiClient');
-  const apmSynthtraceEsClient = getService('apmSynthtraceEsClient');
+export default function ApiTest({ getService }: DeploymentAgnosticFtrProviderContext) {
+  const apmApiClient = getService('apmApi');
+  const synthtrace = getService('synthtrace');
 
   const start = new Date('2021-01-01T00:00:00.000Z').getTime();
   const end = new Date('2021-01-01T00:15:00.000Z').getTime() - 1;
@@ -34,10 +34,8 @@ export default function ApiTest({ getService }: FtrProviderContext) {
     return response;
   }
 
-  registry.when(
-    'Infrastructure attributes when data is not loaded',
-    { config: 'basic', archives: [] },
-    () => {
+  describe('Infrastructure attributes', () => {
+    describe('Infrastructure attributes when data is not loaded', () => {
       it('handles the empty state', async () => {
         const response = await callApi('synth-go');
         expect(response.status).to.be(200);
@@ -45,17 +43,17 @@ export default function ApiTest({ getService }: FtrProviderContext) {
         expect(response.body.hostNames.length).to.be(0);
         expect(response.body.podNames.length).to.be(0);
       });
-    }
-  );
+    });
 
-  // FLAKY: https://github.com/elastic/kibana/issues/177386
-  registry.when('Infrastructure attributes', { config: 'basic', archives: [] }, () => {
     describe('when data is loaded', () => {
-      beforeEach(async () => {
+      let apmSynthtraceEsClient: ApmSynthtraceEsClient;
+
+      before(async () => {
+        apmSynthtraceEsClient = await synthtrace.createApmSynthtraceEsClient();
         await generateData({ start, end, apmSynthtraceEsClient });
       });
 
-      afterEach(() => apmSynthtraceEsClient.clean());
+      after(() => apmSynthtraceEsClient.clean());
 
       describe('when service runs in container', () => {
         it('returns arrays of container ids and pod names', async () => {
diff --git a/x-pack/test/api_integration/deployment_agnostic/apis/observability/apm/latency/index.ts b/x-pack/test/api_integration/deployment_agnostic/apis/observability/apm/latency/index.ts
new file mode 100644
index 0000000000000..0b9a71293f687
--- /dev/null
+++ b/x-pack/test/api_integration/deployment_agnostic/apis/observability/apm/latency/index.ts
@@ -0,0 +1,15 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { DeploymentAgnosticFtrProviderContext } from '../../../../ftr_provider_context';
+
+export default function ({ loadTestFile }: DeploymentAgnosticFtrProviderContext) {
+  describe('latency', () => {
+    loadTestFile(require.resolve('./service_apis.spec.ts'));
+    loadTestFile(require.resolve('./service_maps.spec.ts'));
+  });
+}
diff --git a/x-pack/test/apm_api_integration/tests/latency/service_apis.spec.ts b/x-pack/test/api_integration/deployment_agnostic/apis/observability/apm/latency/service_apis.spec.ts
similarity index 94%
rename from x-pack/test/apm_api_integration/tests/latency/service_apis.spec.ts
rename to x-pack/test/api_integration/deployment_agnostic/apis/observability/apm/latency/service_apis.spec.ts
index 35ef23c8a4430..dee5f27b7a61d 100644
--- a/x-pack/test/apm_api_integration/tests/latency/service_apis.spec.ts
+++ b/x-pack/test/api_integration/deployment_agnostic/apis/observability/apm/latency/service_apis.spec.ts
@@ -12,12 +12,12 @@ import { isFiniteNumber } from '@kbn/apm-plugin/common/utils/is_finite_number';
 import { ApmDocumentType } from '@kbn/apm-plugin/common/document_type';
 import { RollupInterval } from '@kbn/apm-plugin/common/rollup';
 import { ProcessorEvent } from '@kbn/observability-plugin/common';
-import { FtrProviderContext } from '../../common/ftr_provider_context';
+import { ApmSynthtraceEsClient } from '@kbn/apm-synthtrace';
+import { DeploymentAgnosticFtrProviderContext } from '../../../../ftr_provider_context';
 
-export default function ApiTest({ getService }: FtrProviderContext) {
-  const registry = getService('registry');
-  const apmApiClient = getService('apmApiClient');
-  const apmSynthtraceEsClient = getService('apmSynthtraceEsClient');
+export default function ApiTest({ getService }: DeploymentAgnosticFtrProviderContext) {
+  const apmApiClient = getService('apmApi');
+  const synthtrace = getService('synthtrace');
 
   const serviceName = 'synth-go';
   const start = new Date('2021-01-01T00:00:00.000Z').getTime();
@@ -156,7 +156,13 @@ export default function ApiTest({ getService }: FtrProviderContext) {
   let latencyTransactionValues: Awaited<ReturnType<typeof getLatencyValues>>;
 
   // FLAKY: https://github.com/elastic/kibana/issues/177387
-  registry.when('Services APIs', { config: 'basic', archives: [] }, () => {
+  describe('Services APIs', () => {
+    let apmSynthtraceEsClient: ApmSynthtraceEsClient;
+
+    before(async () => {
+      apmSynthtraceEsClient = await synthtrace.createApmSynthtraceEsClient();
+    });
+
     describe('when data is loaded ', () => {
       const GO_PROD_RATE = 80;
       const GO_DEV_RATE = 20;
diff --git a/x-pack/test/apm_api_integration/tests/latency/service_maps.spec.ts b/x-pack/test/api_integration/deployment_agnostic/apis/observability/apm/latency/service_maps.spec.ts
similarity index 90%
rename from x-pack/test/apm_api_integration/tests/latency/service_maps.spec.ts
rename to x-pack/test/api_integration/deployment_agnostic/apis/observability/apm/latency/service_maps.spec.ts
index 298fde675bc4a..fa088e4f12dc9 100644
--- a/x-pack/test/apm_api_integration/tests/latency/service_maps.spec.ts
+++ b/x-pack/test/api_integration/deployment_agnostic/apis/observability/apm/latency/service_maps.spec.ts
@@ -10,12 +10,12 @@ import { meanBy } from 'lodash';
 import { ApmDocumentType } from '@kbn/apm-plugin/common/document_type';
 import { RollupInterval } from '@kbn/apm-plugin/common/rollup';
 import { ProcessorEvent } from '@kbn/observability-plugin/common';
-import { FtrProviderContext } from '../../common/ftr_provider_context';
+import { ApmSynthtraceEsClient } from '@kbn/apm-synthtrace';
+import { DeploymentAgnosticFtrProviderContext } from '../../../../ftr_provider_context';
 
-export default function ApiTest({ getService }: FtrProviderContext) {
-  const registry = getService('registry');
-  const apmApiClient = getService('apmApiClient');
-  const apmSynthtraceEsClient = getService('apmSynthtraceEsClient');
+export default function ApiTest({ getService }: DeploymentAgnosticFtrProviderContext) {
+  const apmApiClient = getService('apmApi');
+  const synthtrace = getService('synthtrace');
 
   const serviceName = 'synth-go';
   const start = new Date('2021-01-01T00:00:00.000Z').getTime();
@@ -73,7 +73,14 @@ export default function ApiTest({ getService }: FtrProviderContext) {
 
   let latencyMetricValues: Awaited<ReturnType<typeof getLatencyValues>>;
   let latencyTransactionValues: Awaited<ReturnType<typeof getLatencyValues>>;
-  registry.when('Service Maps APIs', { config: 'trial', archives: [] }, () => {
+
+  describe('Service Maps APIs', () => {
+    let apmSynthtraceEsClient: ApmSynthtraceEsClient;
+
+    before(async () => {
+      apmSynthtraceEsClient = await synthtrace.createApmSynthtraceEsClient();
+    });
+
     describe('when data is loaded ', () => {
       const GO_PROD_RATE = 80;
       const GO_DEV_RATE = 20;
diff --git a/x-pack/test/apm_api_integration/tests/observability_overview/has_data.spec.ts b/x-pack/test/api_integration/deployment_agnostic/apis/observability/apm/observability_overview/has_data.spec.ts
similarity index 57%
rename from x-pack/test/apm_api_integration/tests/observability_overview/has_data.spec.ts
rename to x-pack/test/api_integration/deployment_agnostic/apis/observability/apm/observability_overview/has_data.spec.ts
index 3aab948cd4f69..63620d514603e 100644
--- a/x-pack/test/apm_api_integration/tests/observability_overview/has_data.spec.ts
+++ b/x-pack/test/api_integration/deployment_agnostic/apis/observability/apm/observability_overview/has_data.spec.ts
@@ -7,16 +7,15 @@
 
 import expect from '@kbn/expect';
 
-import { FtrProviderContext } from '../../common/ftr_provider_context';
+import type { DeploymentAgnosticFtrProviderContext } from '../../../../ftr_provider_context';
+import { ARCHIVER_ROUTES } from '../constants/archiver';
 
-export default function ApiTest({ getService }: FtrProviderContext) {
-  const registry = getService('registry');
-  const apmApiClient = getService('apmApiClient');
+export default function ApiTest({ getService }: DeploymentAgnosticFtrProviderContext) {
+  const apmApiClient = getService('apmApi');
+  const esArchiver = getService('esArchiver');
 
-  registry.when(
-    'Observability overview when data is not loaded',
-    { config: 'basic', archives: [] },
-    () => {
+  describe('has data', () => {
+    describe('when no data is loaded', () => {
       it('returns false when there is no data', async () => {
         const response = await apmApiClient.readUser({
           endpoint: 'GET /internal/apm/observability_overview/has_data',
@@ -24,13 +23,17 @@ export default function ApiTest({ getService }: FtrProviderContext) {
         expect(response.status).to.be(200);
         expect(response.body.hasData).to.eql(false);
       });
-    }
-  );
+    });
+
+    describe('when only onboarding data is loaded', () => {
+      before(async () => {
+        await esArchiver.load(ARCHIVER_ROUTES.observability_overview);
+      });
+
+      after(async () => {
+        await esArchiver.unload(ARCHIVER_ROUTES.observability_overview);
+      });
 
-  registry.when(
-    'Observability overview when only onboarding data is loaded',
-    { config: 'basic', archives: ['observability_overview'] },
-    () => {
       it('returns false when there is only onboarding data', async () => {
         const response = await apmApiClient.readUser({
           endpoint: 'GET /internal/apm/observability_overview/has_data',
@@ -38,13 +41,16 @@ export default function ApiTest({ getService }: FtrProviderContext) {
         expect(response.status).to.be(200);
         expect(response.body.hasData).to.eql(false);
       });
-    }
-  );
+    });
+
+    describe('when data is loaded', () => {
+      before(async () => {
+        await esArchiver.load(ARCHIVER_ROUTES['8.0.0']);
+      });
+      after(async () => {
+        await esArchiver.unload(ARCHIVER_ROUTES['8.0.0']);
+      });
 
-  registry.when(
-    'Observability overview when APM data is loaded',
-    { config: 'basic', archives: ['apm_8.0.0'] },
-    () => {
       it('returns true when there is at least one document on transaction, error or metrics indices', async () => {
         const response = await apmApiClient.readUser({
           endpoint: 'GET /internal/apm/observability_overview/has_data',
@@ -52,6 +58,6 @@ export default function ApiTest({ getService }: FtrProviderContext) {
         expect(response.status).to.be(200);
         expect(response.body.hasData).to.eql(true);
       });
-    }
-  );
+    });
+  });
 }
diff --git a/x-pack/test/api_integration/deployment_agnostic/apis/observability/apm/observability_overview/index.ts b/x-pack/test/api_integration/deployment_agnostic/apis/observability/apm/observability_overview/index.ts
new file mode 100644
index 0000000000000..c43e15d005bb9
--- /dev/null
+++ b/x-pack/test/api_integration/deployment_agnostic/apis/observability/apm/observability_overview/index.ts
@@ -0,0 +1,15 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { DeploymentAgnosticFtrProviderContext } from '../../../../ftr_provider_context';
+
+export default function ({ loadTestFile }: DeploymentAgnosticFtrProviderContext) {
+  describe('observability_overview', () => {
+    loadTestFile(require.resolve('./has_data.spec.ts'));
+    loadTestFile(require.resolve('./observability_overview.spec.ts'));
+  });
+}
diff --git a/x-pack/test/apm_api_integration/tests/observability_overview/observability_overview.spec.ts b/x-pack/test/api_integration/deployment_agnostic/apis/observability/apm/observability_overview/observability_overview.spec.ts
similarity index 80%
rename from x-pack/test/apm_api_integration/tests/observability_overview/observability_overview.spec.ts
rename to x-pack/test/api_integration/deployment_agnostic/apis/observability/apm/observability_overview/observability_overview.spec.ts
index 763d8eee929d2..740dd432b670b 100644
--- a/x-pack/test/apm_api_integration/tests/observability_overview/observability_overview.spec.ts
+++ b/x-pack/test/api_integration/deployment_agnostic/apis/observability/apm/observability_overview/observability_overview.spec.ts
@@ -9,14 +9,13 @@ import expect from '@kbn/expect';
 import { meanBy, sumBy } from 'lodash';
 import { ApmDocumentType } from '@kbn/apm-plugin/common/document_type';
 import { RollupInterval } from '@kbn/apm-plugin/common/rollup';
-import { FtrProviderContext } from '../../common/ftr_provider_context';
-import { roundNumber } from '../../utils';
+import { ApmSynthtraceEsClient } from '@kbn/apm-synthtrace';
+import { roundNumber } from '../../../../../../apm_api_integration/utils';
+import type { DeploymentAgnosticFtrProviderContext } from '../../../../ftr_provider_context';
 
-export default function ApiTest({ getService }: FtrProviderContext) {
-  const registry = getService('registry');
-  const apmApiClient = getService('apmApiClient');
-
-  const apmSynthtraceEsClient = getService('apmSynthtraceEsClient');
+export default function ApiTest({ getService }: DeploymentAgnosticFtrProviderContext) {
+  const apmApiClient = getService('apmApi');
+  const synthtrace = getService('synthtrace');
 
   const start = new Date('2021-01-01T00:00:00.000Z').getTime();
   const end = new Date('2021-01-01T00:15:00.000Z').getTime() - 1;
@@ -62,35 +61,30 @@ export default function ApiTest({ getService }: FtrProviderContext) {
     };
   }
 
-  registry.when(
-    'Observability overview when data is not loaded',
-    { config: 'basic', archives: [] },
-    () => {
-      describe('when data is not loaded', () => {
-        it('handles the empty state', async () => {
-          const response = await apmApiClient.readUser({
-            endpoint: `GET /internal/apm/observability_overview`,
-            params: {
-              query: {
-                start: new Date(start).toISOString(),
-                end: new Date(end).toISOString(),
-                bucketSize,
-                intervalString,
-              },
+  describe('Observability overview', () => {
+    describe('when data is not loaded', () => {
+      it('handles the empty state', async () => {
+        const response = await apmApiClient.readUser({
+          endpoint: `GET /internal/apm/observability_overview`,
+          params: {
+            query: {
+              start: new Date(start).toISOString(),
+              end: new Date(end).toISOString(),
+              bucketSize,
+              intervalString,
             },
-          });
-          expect(response.status).to.be(200);
-
-          expect(response.body.serviceCount).to.be(0);
-          expect(response.body.transactionPerMinute.timeseries.length).to.be(0);
+          },
         });
+        expect(response.status).to.be(200);
+
+        expect(response.body.serviceCount).to.be(0);
+        expect(response.body.transactionPerMinute.timeseries.length).to.be(0);
       });
-    }
-  );
+    });
 
-  // FLAKY: https://github.com/elastic/kibana/issues/177497
-  registry.when('data is loaded', { config: 'basic', archives: [] }, () => {
     describe('Observability overview api ', () => {
+      let apmSynthtraceEsClient: ApmSynthtraceEsClient;
+
       const GO_PROD_RATE = 50;
       const GO_DEV_RATE = 5;
       const JAVA_PROD_RATE = 45;
@@ -106,6 +100,8 @@ export default function ApiTest({ getService }: FtrProviderContext) {
           .service({ name: 'synth-java', environment: 'production', agentName: 'java' })
           .instance('instance-c');
 
+        apmSynthtraceEsClient = await synthtrace.createApmSynthtraceEsClient();
+
         await apmSynthtraceEsClient.index([
           timerange(start, end)
             .interval('1m')
diff --git a/x-pack/test/api_integration/deployment_agnostic/apis/observability/apm/service_groups/index.ts b/x-pack/test/api_integration/deployment_agnostic/apis/observability/apm/service_groups/index.ts
new file mode 100644
index 0000000000000..e88208d48a9b5
--- /dev/null
+++ b/x-pack/test/api_integration/deployment_agnostic/apis/observability/apm/service_groups/index.ts
@@ -0,0 +1,18 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { DeploymentAgnosticFtrProviderContext } from '../../../../ftr_provider_context';
+
+export default function ({ loadTestFile }: DeploymentAgnosticFtrProviderContext) {
+  describe('service_groups', () => {
+    loadTestFile(require.resolve('./save_service_group.spec.ts'));
+    loadTestFile(
+      require.resolve('./service_group_with_overflow/service_group_with_overflow.spec.ts')
+    );
+    loadTestFile(require.resolve('./service_group_count/service_group_count.spec.ts'));
+  });
+}
diff --git a/x-pack/test/apm_api_integration/tests/service_groups/save_service_group.spec.ts b/x-pack/test/api_integration/deployment_agnostic/apis/observability/apm/service_groups/save_service_group.spec.ts
similarity index 78%
rename from x-pack/test/apm_api_integration/tests/service_groups/save_service_group.spec.ts
rename to x-pack/test/api_integration/deployment_agnostic/apis/observability/apm/service_groups/save_service_group.spec.ts
index b3dfdcdeb515a..a0ed02739cf9f 100644
--- a/x-pack/test/apm_api_integration/tests/service_groups/save_service_group.spec.ts
+++ b/x-pack/test/api_integration/deployment_agnostic/apis/observability/apm/service_groups/save_service_group.spec.ts
@@ -5,20 +5,19 @@
  * 2.0.
  */
 import expect from '@kbn/expect';
-import { ApmApiError } from '../../common/apm_api_supertest';
-import { FtrProviderContext } from '../../common/ftr_provider_context';
-import { expectToReject } from '../../common/utils/expect_to_reject';
+import { DeploymentAgnosticFtrProviderContext } from '../../../../ftr_provider_context';
+import { ApmApiError } from '../../../../../../apm_api_integration/common/apm_api_supertest';
+import { expectToReject } from '../../../../../../apm_api_integration/common/utils/expect_to_reject';
 import {
   createServiceGroupApi,
   deleteAllServiceGroups,
   getServiceGroupsApi,
 } from './service_groups_api_methods';
 
-export default function ApiTest({ getService }: FtrProviderContext) {
-  const registry = getService('registry');
-  const apmApiClient = getService('apmApiClient');
+export default function ApiTest({ getService }: DeploymentAgnosticFtrProviderContext) {
+  const apmApiClient = getService('apmApi');
 
-  registry.when('Service group create', { config: 'basic', archives: [] }, () => {
+  describe('Service group create', () => {
     afterEach(async () => {
       await deleteAllServiceGroups(apmApiClient);
     });
diff --git a/x-pack/test/api_integration/deployment_agnostic/apis/observability/apm/service_groups/service_group_count/generate_data.ts b/x-pack/test/api_integration/deployment_agnostic/apis/observability/apm/service_groups/service_group_count/generate_data.ts
new file mode 100644
index 0000000000000..7f9b1487bb8ef
--- /dev/null
+++ b/x-pack/test/api_integration/deployment_agnostic/apis/observability/apm/service_groups/service_group_count/generate_data.ts
@@ -0,0 +1,74 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import { apm, timerange } from '@kbn/apm-synthtrace-client';
+import type { ApmSynthtraceEsClient } from '@kbn/apm-synthtrace';
+
+export async function generateData({
+  apmSynthtraceEsClient,
+  start,
+  end,
+}: {
+  apmSynthtraceEsClient: ApmSynthtraceEsClient;
+  start: number;
+  end: number;
+}) {
+  const synthServices = [
+    apm
+      .service({ name: 'synth-go', environment: 'testing', agentName: 'go' })
+      .instance('instance-1'),
+    apm
+      .service({ name: 'synth-java', environment: 'testing', agentName: 'java' })
+      .instance('instance-2'),
+    apm
+      .service({ name: 'opbeans-node', environment: 'testing', agentName: 'nodejs' })
+      .instance('instance-3'),
+  ];
+
+  await apmSynthtraceEsClient.index(
+    synthServices.map((service) =>
+      timerange(start, end)
+        .interval('5m')
+        .rate(1)
+        .generator((timestamp) =>
+          service
+            .transaction({
+              transactionName: 'GET /api/product/list',
+              transactionType: 'request',
+            })
+            .duration(2000)
+            .timestamp(timestamp)
+            .children(
+              service
+                .span({
+                  spanName: '/_search',
+                  spanType: 'db',
+                  spanSubtype: 'elasticsearch',
+                })
+                .destination('elasticsearch')
+                .duration(100)
+                .success()
+                .timestamp(timestamp),
+              service
+                .span({
+                  spanName: '/_search',
+                  spanType: 'db',
+                  spanSubtype: 'elasticsearch',
+                })
+                .destination('elasticsearch')
+                .duration(300)
+                .success()
+                .timestamp(timestamp)
+            )
+            .errors(
+              service.error({ message: 'error 1', type: 'foo' }).timestamp(timestamp),
+              service.error({ message: 'error 2', type: 'foo' }).timestamp(timestamp),
+              service.error({ message: 'error 3', type: 'bar' }).timestamp(timestamp)
+            )
+        )
+    )
+  );
+}
diff --git a/x-pack/test/api_integration/deployment_agnostic/apis/observability/apm/service_groups/service_group_count/service_group_count.spec.ts b/x-pack/test/api_integration/deployment_agnostic/apis/observability/apm/service_groups/service_group_count/service_group_count.spec.ts
new file mode 100644
index 0000000000000..21ac03197a422
--- /dev/null
+++ b/x-pack/test/api_integration/deployment_agnostic/apis/observability/apm/service_groups/service_group_count/service_group_count.spec.ts
@@ -0,0 +1,63 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import expect from '@kbn/expect';
+import { ApmSynthtraceEsClient } from '@kbn/apm-synthtrace';
+import { DeploymentAgnosticFtrProviderContext } from '../../../../../ftr_provider_context';
+import {
+  createServiceGroupApi,
+  deleteAllServiceGroups,
+  getServiceGroupCounts,
+} from '../service_groups_api_methods';
+import { generateData } from './generate_data';
+
+export default function ApiTest({ getService }: DeploymentAgnosticFtrProviderContext) {
+  const synthtrace = getService('synthtrace');
+  const apmApiClient = getService('apmApi');
+  const start = Date.now() - 24 * 60 * 60 * 1000;
+  const end = Date.now();
+
+  describe('Service group counts', () => {
+    let synthbeansServiceGroupId: string;
+    let opbeansServiceGroupId: string;
+    let apmSynthtraceEsClient: ApmSynthtraceEsClient;
+
+    before(async () => {
+      apmSynthtraceEsClient = await synthtrace.createApmSynthtraceEsClient();
+
+      const [, { body: synthbeansServiceGroup }, { body: opbeansServiceGroup }] = await Promise.all(
+        [
+          generateData({ start, end, apmSynthtraceEsClient }),
+          createServiceGroupApi({
+            apmApiClient,
+            groupName: 'synthbeans',
+            kuery: 'service.name: synth*',
+          }),
+          createServiceGroupApi({
+            apmApiClient,
+            groupName: 'opbeans',
+            kuery: 'service.name: opbeans*',
+          }),
+        ]
+      );
+      synthbeansServiceGroupId = synthbeansServiceGroup.id;
+      opbeansServiceGroupId = opbeansServiceGroup.id;
+    });
+
+    after(async () => {
+      await deleteAllServiceGroups(apmApiClient);
+      await apmSynthtraceEsClient.clean();
+    });
+
+    it('returns the correct number of services', async () => {
+      const response = await getServiceGroupCounts(apmApiClient);
+      expect(response.status).to.be(200);
+      expect(Object.keys(response.body).length).to.be(2);
+      expect(response.body[synthbeansServiceGroupId]).to.have.property('services', 2);
+      expect(response.body[opbeansServiceGroupId]).to.have.property('services', 1);
+    });
+  });
+}
diff --git a/x-pack/test/apm_api_integration/tests/service_groups/service_group_with_overflow/es_utils.ts b/x-pack/test/api_integration/deployment_agnostic/apis/observability/apm/service_groups/service_group_with_overflow/es_utils.ts
similarity index 100%
rename from x-pack/test/apm_api_integration/tests/service_groups/service_group_with_overflow/es_utils.ts
rename to x-pack/test/api_integration/deployment_agnostic/apis/observability/apm/service_groups/service_group_with_overflow/es_utils.ts
diff --git a/x-pack/test/apm_api_integration/tests/service_groups/service_group_with_overflow/generate_data.ts b/x-pack/test/api_integration/deployment_agnostic/apis/observability/apm/service_groups/service_group_with_overflow/generate_data.ts
similarity index 100%
rename from x-pack/test/apm_api_integration/tests/service_groups/service_group_with_overflow/generate_data.ts
rename to x-pack/test/api_integration/deployment_agnostic/apis/observability/apm/service_groups/service_group_with_overflow/generate_data.ts
diff --git a/x-pack/test/api_integration/deployment_agnostic/apis/observability/apm/service_groups/service_group_with_overflow/service_group_with_overflow.spec.ts b/x-pack/test/api_integration/deployment_agnostic/apis/observability/apm/service_groups/service_group_with_overflow/service_group_with_overflow.spec.ts
new file mode 100644
index 0000000000000..9324dee60d4e7
--- /dev/null
+++ b/x-pack/test/api_integration/deployment_agnostic/apis/observability/apm/service_groups/service_group_with_overflow/service_group_with_overflow.spec.ts
@@ -0,0 +1,104 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import expect from '@kbn/expect';
+import { ValuesType } from 'utility-types';
+import { ENVIRONMENT_ALL } from '@kbn/apm-plugin/common/environment_filter_values';
+import { ApmDocumentType } from '@kbn/apm-plugin/common/document_type';
+import { RollupInterval } from '@kbn/apm-plugin/common/rollup';
+import { ApmSynthtraceEsClient } from '@kbn/apm-synthtrace';
+import { DeploymentAgnosticFtrProviderContext } from '../../../../../ftr_provider_context';
+import { createServiceGroupApi, deleteAllServiceGroups } from '../service_groups_api_methods';
+import { createServiceTransactionMetricsDocs } from './es_utils';
+import { generateData } from './generate_data';
+
+export default function ApiTest({ getService }: DeploymentAgnosticFtrProviderContext) {
+  const apmApiClient = getService('apmApi');
+  const es = getService('es');
+  const synthtrace = getService('synthtrace');
+
+  describe('Display overflow bucket in Service Groups', () => {
+    const indexName = 'metrics-apm.service_transaction.1m-default';
+    const start = '2023-06-21T06:50:15.910Z';
+    const end = '2023-06-21T06:59:15.910Z';
+    const startTime = new Date(start).getTime() + 1000;
+    const OVERFLOW_SERVICE_NAME = '_other';
+    let serviceGroupId: string;
+    let apmSynthtraceEsClient: ApmSynthtraceEsClient;
+
+    after(async () => {
+      await deleteAllServiceGroups(apmApiClient);
+      await apmSynthtraceEsClient.clean();
+    });
+
+    before(async () => {
+      apmSynthtraceEsClient = await synthtrace.createApmSynthtraceEsClient();
+
+      await generateData({ start, end, apmSynthtraceEsClient });
+
+      const docs = [
+        createServiceTransactionMetricsDocs({
+          time: startTime,
+          service: {
+            name: OVERFLOW_SERVICE_NAME,
+          },
+          overflowCount: 13,
+        }),
+      ];
+
+      const bulkActions = docs.reduce(
+        (prev, doc) => {
+          return [...prev, { create: { _index: indexName } }, doc];
+        },
+        [] as Array<
+          | {
+              create: {
+                _index: string;
+              };
+            }
+          | ValuesType<typeof docs>
+        >
+      );
+
+      await es.bulk({
+        body: bulkActions,
+        refresh: 'wait_for',
+      });
+
+      const serviceGroup = {
+        groupName: 'overflowGroup',
+        kuery: 'service.name: synth-go or service.name: synth-java',
+      };
+      const createResponse = await createServiceGroupApi({ apmApiClient, ...serviceGroup });
+      expect(createResponse.status).to.be(200);
+      serviceGroupId = createResponse.body.id;
+    });
+
+    it('get the overflow bucket even though its not added explicitly in the Service Group', async () => {
+      const response = await apmApiClient.readUser({
+        endpoint: `GET /internal/apm/services`,
+        params: {
+          query: {
+            start,
+            end,
+            environment: ENVIRONMENT_ALL.value,
+            kuery: '',
+            serviceGroup: serviceGroupId,
+            probability: 1,
+            documentType: ApmDocumentType.ServiceTransactionMetric,
+            rollupInterval: RollupInterval.OneMinute,
+            useDurationSummary: true,
+          },
+        },
+      });
+
+      const overflowBucket = response.body.items.find(
+        (service) => service.serviceName === OVERFLOW_SERVICE_NAME
+      );
+      expect(overflowBucket?.serviceName).to.equal(OVERFLOW_SERVICE_NAME);
+    });
+  });
+}
diff --git a/x-pack/test/api_integration/deployment_agnostic/apis/observability/apm/service_groups/service_groups_api_methods.ts b/x-pack/test/api_integration/deployment_agnostic/apis/observability/apm/service_groups/service_groups_api_methods.ts
new file mode 100644
index 0000000000000..bd47b80e0bef3
--- /dev/null
+++ b/x-pack/test/api_integration/deployment_agnostic/apis/observability/apm/service_groups/service_groups_api_methods.ts
@@ -0,0 +1,66 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { ApmApiClient } from '../../../../services/apm_api';
+
+export async function getServiceGroupsApi(apmApiClient: ApmApiClient) {
+  return apmApiClient.writeUser({
+    endpoint: 'GET /internal/apm/service-groups',
+  });
+}
+
+export async function createServiceGroupApi({
+  apmApiClient,
+  serviceGroupId,
+  groupName,
+  kuery,
+  description,
+  color,
+}: {
+  apmApiClient: ApmApiClient;
+  serviceGroupId?: string;
+  groupName: string;
+  kuery: string;
+  description?: string;
+  color?: string;
+}) {
+  const response = await apmApiClient.writeUser({
+    endpoint: 'POST /internal/apm/service-group',
+    params: {
+      query: {
+        serviceGroupId,
+      },
+      body: {
+        groupName,
+        kuery,
+        description,
+        color,
+      },
+    },
+  });
+  return response;
+}
+
+export async function getServiceGroupCounts(apmApiClient: ApmApiClient) {
+  return apmApiClient.readUser({
+    endpoint: 'GET /internal/apm/service-group/counts',
+  });
+}
+
+export async function deleteAllServiceGroups(apmApiClient: ApmApiClient) {
+  return await getServiceGroupsApi(apmApiClient).then((response) => {
+    const promises = response.body.serviceGroups.map((item) => {
+      if (item.id) {
+        return apmApiClient.writeUser({
+          endpoint: 'DELETE /internal/apm/service-group',
+          params: { query: { serviceGroupId: item.id } },
+        });
+      }
+    });
+    return Promise.all(promises);
+  });
+}
diff --git a/x-pack/test/api_integration/deployment_agnostic/apis/observability/dataset_quality/data_stream_details.ts b/x-pack/test/api_integration/deployment_agnostic/apis/observability/dataset_quality/data_stream_details.ts
new file mode 100644
index 0000000000000..aab50a5e8afbb
--- /dev/null
+++ b/x-pack/test/api_integration/deployment_agnostic/apis/observability/dataset_quality/data_stream_details.ts
@@ -0,0 +1,130 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { LogsSynthtraceEsClient } from '@kbn/apm-synthtrace';
+import expect from '@kbn/expect';
+import { log, timerange } from '@kbn/apm-synthtrace-client';
+
+import { SupertestWithRoleScopeType } from '../../../services';
+import { DeploymentAgnosticFtrProviderContext } from '../../../ftr_provider_context';
+
+export default function ({ getService }: DeploymentAgnosticFtrProviderContext) {
+  const roleScopedSupertest = getService('roleScopedSupertest');
+  const synthtrace = getService('synthtrace');
+  const start = '2023-12-11T18:00:00.000Z';
+  const end = '2023-12-11T18:01:00.000Z';
+  const type = 'logs';
+  const dataset = 'nginx.access';
+  const namespace = 'default';
+  const serviceName = 'my-service';
+  const hostName = 'synth-host';
+
+  async function callApiAs(
+    roleScopedSupertestWithCookieCredentials: SupertestWithRoleScopeType,
+    dataStream: string
+  ) {
+    return roleScopedSupertestWithCookieCredentials
+      .get(`/internal/dataset_quality/data_streams/${dataStream}/details`)
+      .query({
+        start,
+        end,
+      });
+  }
+
+  describe('DataStream Details', function () {
+    let synthtraceLogsEsClient: LogsSynthtraceEsClient;
+
+    before(async () => {
+      synthtraceLogsEsClient = await synthtrace.createLogsSynthtraceEsClient();
+
+      await synthtraceLogsEsClient.index([
+        timerange(start, end)
+          .interval('1m')
+          .rate(1)
+          .generator((timestamp) =>
+            log
+              .create()
+              .message('This is a log message')
+              .timestamp(timestamp)
+              .dataset(dataset)
+              .namespace(namespace)
+              .defaults({
+                'log.file.path': '/my-service.log',
+                'service.name': serviceName,
+                'host.name': hostName,
+              })
+          ),
+      ]);
+    });
+
+    after(async () => {
+      await synthtraceLogsEsClient.clean();
+    });
+
+    describe('Viewer User', function () {
+      let supertestViewerWithCookieCredentials: SupertestWithRoleScopeType;
+
+      before(async () => {
+        supertestViewerWithCookieCredentials = await roleScopedSupertest.getSupertestWithRoleScope(
+          'viewer',
+          {
+            useCookieHeader: true,
+            withInternalHeaders: true,
+          }
+        );
+      });
+
+      it('returns lastActivity as undefined when user does not have access to the data stream', async () => {
+        const resp = await callApiAs(
+          supertestViewerWithCookieCredentials,
+          `${type}-${dataset}-${namespace}`
+        );
+        expect(resp.body.lastActivity).to.be(undefined);
+
+        // userPrivileges.canMonitor should be false for readUser
+        expect(resp.body.userPrivileges?.canMonitor).to.be(false);
+      });
+    });
+
+    describe('Editor User', function () {
+      let supertestEditorWithCookieCredentials: SupertestWithRoleScopeType;
+
+      before(async () => {
+        supertestEditorWithCookieCredentials = await roleScopedSupertest.getSupertestWithRoleScope(
+          'editor',
+          {
+            useCookieHeader: true,
+            withInternalHeaders: true,
+          }
+        );
+      });
+
+      it('returns error when dataStream param is not provided', async () => {
+        const expectedMessage = 'Data Stream name cannot be empty';
+        const resp = await callApiAs(supertestEditorWithCookieCredentials, encodeURIComponent(' '));
+        expect(resp.status).to.be(400);
+        expect(resp.body.message.indexOf(expectedMessage)).to.greaterThan(-1);
+      });
+
+      it('returns {} if matching data stream is not available', async () => {
+        const nonExistentDataSet = 'Non-existent';
+        const nonExistentDataStream = `${type}-${nonExistentDataSet}-${namespace}`;
+        const resp = await callApiAs(supertestEditorWithCookieCredentials, nonExistentDataStream);
+        expect(resp.body).empty();
+      });
+
+      it('returns service.name and host.name correctly', async () => {
+        const resp = await callApiAs(
+          supertestEditorWithCookieCredentials,
+          `${type}-${dataset}-${namespace}`
+        );
+        expect(resp.body.services).to.eql({ ['service.name']: [serviceName] });
+        expect(resp.body.hosts?.['host.name']).to.eql([hostName]);
+      });
+    });
+  });
+}
diff --git a/x-pack/test/api_integration/deployment_agnostic/apis/observability/dataset_quality/data_stream_settings.ts b/x-pack/test/api_integration/deployment_agnostic/apis/observability/dataset_quality/data_stream_settings.ts
index 8d6b219457dbd..4a8ed68401cc7 100644
--- a/x-pack/test/api_integration/deployment_agnostic/apis/observability/dataset_quality/data_stream_settings.ts
+++ b/x-pack/test/api_integration/deployment_agnostic/apis/observability/dataset_quality/data_stream_settings.ts
@@ -13,7 +13,7 @@ import {
   createBackingIndexNameWithoutVersion,
   getDataStreamSettingsOfEarliestIndex,
   rolloverDataStream,
-} from './utils/es_utils';
+} from './utils';
 import { DeploymentAgnosticFtrProviderContext } from '../../../ftr_provider_context';
 import { RoleCredentials, SupertestWithRoleScopeType } from '../../../services';
 
diff --git a/x-pack/test/api_integration/deployment_agnostic/apis/observability/dataset_quality/degraded_docs.ts b/x-pack/test/api_integration/deployment_agnostic/apis/observability/dataset_quality/degraded_docs.ts
new file mode 100644
index 0000000000000..422d14eb5667a
--- /dev/null
+++ b/x-pack/test/api_integration/deployment_agnostic/apis/observability/dataset_quality/degraded_docs.ts
@@ -0,0 +1,212 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { LogsSynthtraceEsClient } from '@kbn/apm-synthtrace';
+import expect from '@kbn/expect';
+import rison from '@kbn/rison';
+import { log, timerange } from '@kbn/apm-synthtrace-client';
+import { DataStreamDocsStat } from '@kbn/dataset-quality-plugin/common/api_types';
+import { SupertestWithRoleScopeType } from '../../../services';
+import { DeploymentAgnosticFtrProviderContext } from '../../../ftr_provider_context';
+
+export default function ({ getService }: DeploymentAgnosticFtrProviderContext) {
+  const roleScopedSupertest = getService('roleScopedSupertest');
+  const synthtrace = getService('synthtrace');
+  const start = '2023-12-11T18:00:00.000Z';
+  const end = '2023-12-11T18:01:00.000Z';
+
+  async function callApiAs(roleScopedSupertestWithCookieCredentials: SupertestWithRoleScopeType) {
+    return roleScopedSupertestWithCookieCredentials
+      .get(`/internal/dataset_quality/data_streams/degraded_docs`)
+      .query({
+        types: rison.encodeArray(['logs']),
+        start,
+        end,
+      });
+  }
+
+  describe('Degraded docs', function () {
+    describe('Querying', function () {
+      let synthtraceLogsEsClient: LogsSynthtraceEsClient;
+      let supertestViewerWithCookieCredentials: SupertestWithRoleScopeType;
+
+      before(async () => {
+        synthtraceLogsEsClient = await synthtrace.createLogsSynthtraceEsClient();
+        supertestViewerWithCookieCredentials = await roleScopedSupertest.getSupertestWithRoleScope(
+          'viewer',
+          {
+            useCookieHeader: true,
+            withInternalHeaders: true,
+          }
+        );
+      });
+
+      describe('and there are log documents', () => {
+        before(async () => {
+          await synthtraceLogsEsClient.index([
+            timerange(start, end)
+              .interval('1m')
+              .rate(1)
+              .generator((timestamp) =>
+                log
+                  .create()
+                  .message('This is a log message')
+                  .timestamp(timestamp)
+                  .dataset('synth.1')
+                  .defaults({
+                    'log.file.path': '/my-service.log',
+                  })
+              ),
+            timerange(start, end)
+              .interval('1m')
+              .rate(1)
+              .generator((timestamp) =>
+                log
+                  .create()
+                  .message('This is a log message')
+                  .timestamp(timestamp)
+                  .dataset('synth.2')
+                  .logLevel(MORE_THAN_1024_CHARS)
+                  .defaults({
+                    'log.file.path': '/my-service.log',
+                  })
+              ),
+          ]);
+        });
+
+        it('returns stats correctly', async () => {
+          const stats = await callApiAs(supertestViewerWithCookieCredentials);
+          expect(stats.body.degradedDocs.length).to.be(1);
+
+          const degradedDocsStats = stats.body.degradedDocs.reduce(
+            (acc: Record<string, { count: number }>, curr: DataStreamDocsStat) => ({
+              ...acc,
+              [curr.dataset]: {
+                count: curr.count,
+              },
+            }),
+            {}
+          );
+
+          expect(degradedDocsStats['logs-synth.2-default']).to.eql({
+            count: 1,
+          });
+        });
+
+        after(async () => {
+          await synthtraceLogsEsClient.clean();
+        });
+      });
+
+      describe('and there are not log documents', () => {
+        it('returns stats correctly', async () => {
+          const stats = await callApiAs(supertestViewerWithCookieCredentials);
+
+          expect(stats.body.degradedDocs.length).to.be(0);
+        });
+      });
+
+      describe('when there are data streams of different spaces', () => {
+        const spaces = ['default', 'space1', 'space2'];
+        const datasetsWithNoDegradedDocs = ['nginx.access', 'apache.access', 'mysql.access'];
+        const datasetsWithDegradedDocs = ['nginx.error', 'apache.error', 'mysql.error'];
+
+        before(async () => {
+          for (const space of spaces) {
+            for (const dataset of datasetsWithNoDegradedDocs) {
+              await synthtraceLogsEsClient.index([
+                timerange(start, end)
+                  .interval('1m')
+                  .rate(1)
+                  .generator((timestamp) =>
+                    log
+                      .create()
+                      .message('This is a log message')
+                      .timestamp(timestamp)
+                      .dataset(dataset)
+                      .namespace(space)
+                  ),
+              ]);
+            }
+
+            for (const dataset of datasetsWithDegradedDocs) {
+              await synthtraceLogsEsClient.index([
+                timerange(start, end)
+                  .interval('1m')
+                  .rate(2)
+                  .generator((timestamp: number, index: number) =>
+                    log
+                      .create()
+                      .message('This is a log message')
+                      .timestamp(timestamp)
+                      .dataset(dataset)
+                      .namespace(space)
+                      .logLevel(index % 2 === 0 ? MORE_THAN_1024_CHARS : 'This is a log message')
+                  ),
+              ]);
+            }
+          }
+        });
+
+        it('returns counts and list of datasets correctly', async () => {
+          const stats = await callApiAs(supertestViewerWithCookieCredentials);
+          expect(stats.body.degradedDocs.length).to.be(9);
+
+          const expected = {
+            degradedDocs: [
+              {
+                dataset: 'logs-apache.error-default',
+                count: 1,
+              },
+              {
+                dataset: 'logs-apache.error-space1',
+                count: 1,
+              },
+              {
+                dataset: 'logs-apache.error-space2',
+                count: 1,
+              },
+              {
+                dataset: 'logs-mysql.error-default',
+                count: 1,
+              },
+              {
+                dataset: 'logs-mysql.error-space1',
+                count: 1,
+              },
+              {
+                dataset: 'logs-mysql.error-space2',
+                count: 1,
+              },
+              {
+                dataset: 'logs-nginx.error-default',
+                count: 1,
+              },
+              {
+                dataset: 'logs-nginx.error-space1',
+                count: 1,
+              },
+              {
+                dataset: 'logs-nginx.error-space2',
+                count: 1,
+              },
+            ],
+          };
+
+          expect(stats.body).to.eql(expected);
+        });
+
+        after(async () => {
+          await synthtraceLogsEsClient.clean();
+        });
+      });
+    });
+  });
+}
+
+const MORE_THAN_1024_CHARS =
+  'Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum. Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium, totam rem aperiam, eaque ipsa quae ab illo inventore veritatis et quasi architecto beatae vitae dicta sunt explicabo. Nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit, sed quia consequuntur magni dolores eos qui ratione voluptatem sequi nesciunt. Neque porro quisquam est, qui dolorem ipsum quia dolor sit amet, consectetur, adipisci velit, sed quia non numquam eius modi tempora incidunt ut labore et dolore magnam aliquam quaerat voluptatem. Ut enim ad minima veniam, quis nostrum exercitationem ullam corporis suscipit laboriosam, nisi ut aliquid ex ea commodi consequatur? Quis autem vel eum iure reprehenderit qui in ea voluptate velit esse quam nihil molestiae consequatur, vel illum qui dolorem eum fugiat quo voluptas nulla pariatur?';
diff --git a/x-pack/test/api_integration/deployment_agnostic/apis/observability/dataset_quality/degraded_field_analyze.ts b/x-pack/test/api_integration/deployment_agnostic/apis/observability/dataset_quality/degraded_field_analyze.ts
index 38ad6e04e2ef8..13a862d4847ea 100644
--- a/x-pack/test/api_integration/deployment_agnostic/apis/observability/dataset_quality/degraded_field_analyze.ts
+++ b/x-pack/test/api_integration/deployment_agnostic/apis/observability/dataset_quality/degraded_field_analyze.ts
@@ -10,7 +10,7 @@ import { log, timerange } from '@kbn/apm-synthtrace-client';
 import { LogsSynthtraceEsClient } from '@kbn/apm-synthtrace';
 import { SupertestWithRoleScopeType } from '../../../services';
 import { DeploymentAgnosticFtrProviderContext } from '../../../ftr_provider_context';
-import { createBackingIndexNameWithoutVersion, setDataStreamSettings } from './utils/es_utils';
+import { createBackingIndexNameWithoutVersion, setDataStreamSettings } from './utils';
 import { logsSynthMappings } from './custom_mappings/custom_synth_mappings';
 
 const MORE_THAN_1024_CHARS =
diff --git a/x-pack/test_serverless/api_integration/test_suites/observability/dataset_quality_api_integration/degraded_field_values.ts b/x-pack/test/api_integration/deployment_agnostic/apis/observability/dataset_quality/degraded_field_values.ts
similarity index 69%
rename from x-pack/test_serverless/api_integration/test_suites/observability/dataset_quality_api_integration/degraded_field_values.ts
rename to x-pack/test/api_integration/deployment_agnostic/apis/observability/dataset_quality/degraded_field_values.ts
index 397e191d450a8..b1c12dc793d15 100644
--- a/x-pack/test_serverless/api_integration/test_suites/observability/dataset_quality_api_integration/degraded_field_values.ts
+++ b/x-pack/test/api_integration/deployment_agnostic/apis/observability/dataset_quality/degraded_field_values.ts
@@ -5,10 +5,12 @@
  * 2.0.
  */
 
-import { log, timerange } from '@kbn/apm-synthtrace-client';
+import { LogsSynthtraceEsClient } from '@kbn/apm-synthtrace';
 import expect from '@kbn/expect';
-import { DatasetQualityFtrContextProvider } from './common/services';
-import type { InternalRequestHeader, RoleCredentials } from '../../../../shared/services';
+import { log, timerange } from '@kbn/apm-synthtrace-client';
+
+import { SupertestWithRoleScopeType } from '../../../services';
+import { DeploymentAgnosticFtrProviderContext } from '../../../ftr_provider_context';
 
 const MORE_THAN_1024_CHARS =
   'Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum. Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium, totam rem aperiam, eaque ipsa quae ab illo inventore veritatis et quasi architecto beatae vitae dicta sunt explicabo. Nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit, sed quia consequuntur magni dolores eos qui ratione voluptatem sequi nesciunt. Neque porro quisquam est, qui dolorem ipsum quia dolor sit amet, consectetur, adipisci velit, sed quia non numquam eius modi tempora incidunt ut labore et dolore magnam aliquam quaerat voluptatem. Ut enim ad minima veniam, quis nostrum exercitationem ullam corporis suscipit laboriosam, nisi ut aliquid ex ea commodi consequatur? Quis autem vel eum iure reprehenderit qui in ea voluptate velit esse quam nihil molestiae consequatur, vel illum qui dolorem eum fugiat quo voluptas nulla pariatur?';
@@ -16,11 +18,9 @@ const MORE_THAN_1024_CHARS =
 const ANOTHER_1024_CHARS =
   'grape fig tangerine tangerine kiwi lemon papaya cherry nectarine papaya mango cherry nectarine fig cherry fig grape mango mango quince fig strawberry mango quince date kiwi quince raspberry apple kiwi banana quince fig papaya grape mango cherry banana mango cherry lemon cherry tangerine fig quince quince papaya tangerine grape strawberry banana kiwi grape mango papaya nectarine banana nectarine kiwi papaya lemon apple lemon orange fig cherry grape apple nectarine papaya orange fig papaya date mango papaya mango cherry tangerine papaya apple banana papaya cherry strawberry grape raspberry lemon date papaya mango kiwi cherry fig banana banana apple date strawberry mango tangerine date lemon kiwi quince date orange orange papaya date apple fig tangerine quince tangerine date papaya banana banana orange raspberry papaya apple nectarine lemon raspberry raspberry mango cherry kiwi cherry cherry nectarine cherry date strawberry banana orange mango mango tangerine quince papaya papaya kiwi papaya strawberry date mango';
 
-export default function ApiTest({ getService }: DatasetQualityFtrContextProvider) {
-  const synthtrace = getService('logSynthtraceEsClient');
-  const datasetQualityApiClient = getService('datasetQualityApiClient');
-  const svlUserManager = getService('svlUserManager');
-  const svlCommonApi = getService('svlCommonApi');
+export default function ({ getService }: DeploymentAgnosticFtrProviderContext) {
+  const roleScopedSupertest = getService('roleScopedSupertest');
+  const synthtrace = getService('synthtrace');
   const start = '2024-08-28T08:00:00.000Z';
   const end = '2024-08-28T08:02:00.000Z';
   const degradedFieldDataset = 'nginx.error';
@@ -29,39 +29,31 @@ export default function ApiTest({ getService }: DatasetQualityFtrContextProvider
   const regularFieldName = 'service.name';
   const serviceName = 'my-service';
 
-  async function callApiAs({
-    dataStream,
-    degradedField,
-    roleAuthc,
-    internalReqHeader,
-  }: {
-    dataStream: string;
-    degradedField: string;
-    roleAuthc: RoleCredentials;
-    internalReqHeader: InternalRequestHeader;
-  }) {
-    return await datasetQualityApiClient.slsUser({
-      endpoint:
-        'GET /internal/dataset_quality/data_streams/{dataStream}/degraded_field/{degradedField}/values',
-      params: {
-        path: {
-          dataStream,
-          degradedField,
-        },
-      },
-      roleAuthc,
-      internalReqHeader,
-    });
+  async function callApiAs(
+    roleScopedSupertestWithCookieCredentials: SupertestWithRoleScopeType,
+    dataStream: string,
+    degradedField: string
+  ) {
+    return roleScopedSupertestWithCookieCredentials.get(
+      `/internal/dataset_quality/data_streams/${dataStream}/degraded_field/${degradedField}/values`
+    );
   }
 
   describe('Degraded Fields Values per field', () => {
-    let roleAuthc: RoleCredentials;
-    let internalReqHeader: InternalRequestHeader;
+    let synthtraceLogsEsClient: LogsSynthtraceEsClient;
+    let supertestEditorWithCookieCredentials: SupertestWithRoleScopeType;
 
     before(async () => {
-      roleAuthc = await svlUserManager.createM2mApiKeyWithRoleScope('admin');
-      internalReqHeader = svlCommonApi.getInternalRequestHeader();
-      await synthtrace.index([
+      synthtraceLogsEsClient = await synthtrace.createLogsSynthtraceEsClient();
+      supertestEditorWithCookieCredentials = await roleScopedSupertest.getSupertestWithRoleScope(
+        'editor',
+        {
+          useCookieHeader: true,
+          withInternalHeaders: true,
+        }
+      );
+
+      await synthtraceLogsEsClient.index([
         timerange(start, end)
           .interval('1m')
           .rate(1)
@@ -83,27 +75,24 @@ export default function ApiTest({ getService }: DatasetQualityFtrContextProvider
     });
 
     after(async () => {
-      await synthtrace.clean();
-      await svlUserManager.invalidateM2mApiKeyWithRoleScope(roleAuthc);
+      await synthtraceLogsEsClient.clean();
     });
 
     it('returns no values when provided field has no degraded values', async () => {
-      const resp = await callApiAs({
-        dataStream: degradedFieldsDatastream,
-        degradedField: regularFieldName,
-        roleAuthc,
-        internalReqHeader,
-      });
+      const resp = await callApiAs(
+        supertestEditorWithCookieCredentials,
+        degradedFieldsDatastream,
+        regularFieldName
+      );
       expect(resp.body.values.length).to.be(0);
     });
 
     it('returns values when provided field has degraded values', async () => {
-      const resp = await callApiAs({
-        dataStream: degradedFieldsDatastream,
-        degradedField: degradedFieldName,
-        roleAuthc,
-        internalReqHeader,
-      });
+      const resp = await callApiAs(
+        supertestEditorWithCookieCredentials,
+        degradedFieldsDatastream,
+        degradedFieldName
+      );
       expect(resp.body.values.length).to.be(2);
     });
   });
diff --git a/x-pack/test/dataset_quality_api_integration/tests/data_streams/degraded_fields.spec.ts b/x-pack/test/api_integration/deployment_agnostic/apis/observability/dataset_quality/degraded_fields.ts
similarity index 77%
rename from x-pack/test/dataset_quality_api_integration/tests/data_streams/degraded_fields.spec.ts
rename to x-pack/test/api_integration/deployment_agnostic/apis/observability/dataset_quality/degraded_fields.ts
index 100783e26e0ee..ef0798ef2beb7 100644
--- a/x-pack/test/dataset_quality_api_integration/tests/data_streams/degraded_fields.spec.ts
+++ b/x-pack/test/api_integration/deployment_agnostic/apis/observability/dataset_quality/degraded_fields.ts
@@ -5,21 +5,20 @@
  * 2.0.
  */
 
+import { LogsSynthtraceEsClient } from '@kbn/apm-synthtrace';
 import { log, timerange } from '@kbn/apm-synthtrace-client';
 import expect from '@kbn/expect';
 import { DegradedField } from '@kbn/dataset-quality-plugin/common/api_types';
-import { DatasetQualityApiClientKey } from '../../common/config';
-import { FtrProviderContext } from '../../common/ftr_provider_context';
-import { rolloverDataStream } from '../../utils';
-import { createBackingIndexNameWithoutVersion } from './es_utils';
+import { DeploymentAgnosticFtrProviderContext } from '../../../ftr_provider_context';
+import { SupertestWithRoleScopeType } from '../../../services';
+import { rolloverDataStream, createBackingIndexNameWithoutVersion } from './utils';
 
 const MORE_THAN_1024_CHARS =
   'Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum. Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium, totam rem aperiam, eaque ipsa quae ab illo inventore veritatis et quasi architecto beatae vitae dicta sunt explicabo. Nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit, sed quia consequuntur magni dolores eos qui ratione voluptatem sequi nesciunt. Neque porro quisquam est, qui dolorem ipsum quia dolor sit amet, consectetur, adipisci velit, sed quia non numquam eius modi tempora incidunt ut labore et dolore magnam aliquam quaerat voluptatem. Ut enim ad minima veniam, quis nostrum exercitationem ullam corporis suscipit laboriosam, nisi ut aliquid ex ea commodi consequatur? Quis autem vel eum iure reprehenderit qui in ea voluptate velit esse quam nihil molestiae consequatur, vel illum qui dolorem eum fugiat quo voluptas nulla pariatur?';
 
-export default function ApiTest({ getService }: FtrProviderContext) {
-  const registry = getService('registry');
-  const synthtrace = getService('logSynthtraceEsClient');
-  const datasetQualityApiClient = getService('datasetQualityApiClient');
+export default function ({ getService }: DeploymentAgnosticFtrProviderContext) {
+  const roleScopedSupertest = getService('roleScopedSupertest');
+  const synthtrace = getService('synthtrace');
   const esClient = getService('es');
   const start = '2024-05-22T08:00:00.000Z';
   const end = '2024-05-23T08:02:00.000Z';
@@ -30,25 +29,36 @@ export default function ApiTest({ getService }: FtrProviderContext) {
   const serviceName = 'my-service';
   const hostName = 'synth-host';
 
-  async function callApiAs(user: DatasetQualityApiClientKey, dataStream: string) {
-    return await datasetQualityApiClient[user]({
-      endpoint: 'GET /internal/dataset_quality/data_streams/{dataStream}/degraded_fields',
-      params: {
-        path: {
-          dataStream,
-        },
-        query: {
-          start,
-          end,
-        },
-      },
-    });
+  async function callApiAs(
+    roleScopedSupertestWithCookieCredentials: SupertestWithRoleScopeType,
+    dataStream: string
+  ) {
+    return roleScopedSupertestWithCookieCredentials
+      .get(`/internal/dataset_quality/data_streams/${dataStream}/degraded_fields`)
+      .query({
+        start,
+        end,
+      });
   }
 
-  registry.when('Degraded Fields per DataStream', { config: 'basic' }, () => {
+  describe('Degraded Fields per DataStream', function () {
+    let synthtraceLogsEsClient: LogsSynthtraceEsClient;
+    let supertestEditorWithCookieCredentials: SupertestWithRoleScopeType;
+
+    before(async () => {
+      synthtraceLogsEsClient = await synthtrace.createLogsSynthtraceEsClient();
+      supertestEditorWithCookieCredentials = await roleScopedSupertest.getSupertestWithRoleScope(
+        'editor',
+        {
+          useCookieHeader: true,
+          withInternalHeaders: true,
+        }
+      );
+    });
+
     describe('gets the degraded fields per data stream', () => {
       before(async () => {
-        await synthtrace.index([
+        await synthtraceLogsEsClient.index([
           timerange(start, end)
             .interval('1m')
             .rate(1)
@@ -86,12 +96,12 @@ export default function ApiTest({ getService }: FtrProviderContext) {
       });
 
       after(async () => {
-        await synthtrace.clean();
+        await synthtraceLogsEsClient.clean();
       });
 
       it('returns no results when dataStream does not have any degraded fields', async () => {
         const resp = await callApiAs(
-          'datasetQualityMonitorUser',
+          supertestEditorWithCookieCredentials,
           `${type}-${dataset}-${namespace}`
         );
         expect(resp.body.degradedFields.length).to.be(0);
@@ -100,7 +110,7 @@ export default function ApiTest({ getService }: FtrProviderContext) {
       it('returns results when dataStream do have degraded fields', async () => {
         const expectedDegradedFields = ['log.level', 'trace.id'];
         const resp = await callApiAs(
-          'datasetQualityMonitorUser',
+          supertestEditorWithCookieCredentials,
           `${type}-${degradedFieldDataset}-${namespace}`
         );
         const degradedFields = resp.body.degradedFields.map((field: DegradedField) => field.name);
@@ -123,12 +133,12 @@ export default function ApiTest({ getService }: FtrProviderContext) {
         ];
 
         const resp = await callApiAs(
-          'datasetQualityMonitorUser',
+          supertestEditorWithCookieCredentials,
           `${type}-${degradedFieldDataset}-${namespace}`
         );
 
         const logLevelTimeSeries = resp.body.degradedFields.find(
-          (dFields) => dFields.name === 'log.level'
+          (dFields: DegradedField) => dFields.name === 'log.level'
         )?.timeSeries;
 
         expect(logLevelTimeSeries).to.eql(logsTimeSeriesData);
@@ -136,7 +146,7 @@ export default function ApiTest({ getService }: FtrProviderContext) {
 
       it('should return the backing index where the ignored field was last seen', async () => {
         await rolloverDataStream(esClient, `${type}-${degradedFieldDataset}-${namespace}`);
-        await synthtrace.index([
+        await synthtraceLogsEsClient.index([
           timerange(start, end)
             .interval('1m')
             .rate(1)
@@ -156,16 +166,16 @@ export default function ApiTest({ getService }: FtrProviderContext) {
         ]);
 
         const resp = await callApiAs(
-          'datasetQualityMonitorUser',
+          supertestEditorWithCookieCredentials,
           `${type}-${degradedFieldDataset}-${namespace}`
         );
 
         const logLevelLastBackingIndex = resp.body.degradedFields.find(
-          (dFields) => dFields.name === 'log.level'
+          (dFields: DegradedField) => dFields.name === 'log.level'
         )?.indexFieldWasLastPresentIn;
 
         const traceIdLastBackingIndex = resp.body.degradedFields.find(
-          (dFields) => dFields.name === 'trace.id'
+          (dFields: DegradedField) => dFields.name === 'trace.id'
         )?.indexFieldWasLastPresentIn;
 
         expect(logLevelLastBackingIndex).to.be(
diff --git a/x-pack/test/api_integration/deployment_agnostic/apis/observability/dataset_quality/index.ts b/x-pack/test/api_integration/deployment_agnostic/apis/observability/dataset_quality/index.ts
index 28133d6c8e613..0481e882aee6e 100644
--- a/x-pack/test/api_integration/deployment_agnostic/apis/observability/dataset_quality/index.ts
+++ b/x-pack/test/api_integration/deployment_agnostic/apis/observability/dataset_quality/index.ts
@@ -15,5 +15,9 @@ export default function ({ loadTestFile }: DeploymentAgnosticFtrProviderContext)
     loadTestFile(require.resolve('./data_stream_rollover'));
     loadTestFile(require.resolve('./update_field_limit'));
     loadTestFile(require.resolve('./data_stream_total_docs'));
+    loadTestFile(require.resolve('./degraded_docs'));
+    loadTestFile(require.resolve('./degraded_fields'));
+    loadTestFile(require.resolve('./data_stream_details'));
+    loadTestFile(require.resolve('./degraded_field_values'));
   });
 }
diff --git a/x-pack/test/api_integration/deployment_agnostic/apis/observability/dataset_quality/utils/index.ts b/x-pack/test/api_integration/deployment_agnostic/apis/observability/dataset_quality/utils/index.ts
new file mode 100644
index 0000000000000..5e02d4f42da3a
--- /dev/null
+++ b/x-pack/test/api_integration/deployment_agnostic/apis/observability/dataset_quality/utils/index.ts
@@ -0,0 +1,8 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export * from './es_utils';
diff --git a/x-pack/test/api_integration/deployment_agnostic/apis/observability/slo/find_slo.ts b/x-pack/test/api_integration/deployment_agnostic/apis/observability/slo/find_slo.ts
index 1d1be9dc338af..6c49cb9df751e 100644
--- a/x-pack/test/api_integration/deployment_agnostic/apis/observability/slo/find_slo.ts
+++ b/x-pack/test/api_integration/deployment_agnostic/apis/observability/slo/find_slo.ts
@@ -67,7 +67,6 @@ export default function ({ getService }: DeploymentAgnosticFtrProviderContext) {
           .get(`/api/observability/slos`)
           .set(adminRoleAuthc.apiKeyHeader)
           .set(internalHeaders)
-          .set('elastic-api-version', '1')
           .send();
 
         expect(response.body.results).length(2);
@@ -76,7 +75,6 @@ export default function ({ getService }: DeploymentAgnosticFtrProviderContext) {
           .get(`/api/observability/slos?kqlQuery=slo.name%3Airrelevant`)
           .set(adminRoleAuthc.apiKeyHeader)
           .set(internalHeaders)
-          .set('elastic-api-version', '1')
           .send()
           .expect(200);
 
@@ -87,7 +85,6 @@ export default function ({ getService }: DeploymentAgnosticFtrProviderContext) {
           .get(`/api/observability/slos?kqlQuery=slo.name%3Aintegration`)
           .set(adminRoleAuthc.apiKeyHeader)
           .set(internalHeaders)
-          .set('elastic-api-version', '1')
           .send()
           .expect(200);
 
diff --git a/x-pack/test/api_integration/services/security_solution_api.gen.ts b/x-pack/test/api_integration/services/security_solution_api.gen.ts
index 67dcee5be34dc..8f88457547386 100644
--- a/x-pack/test/api_integration/services/security_solution_api.gen.ts
+++ b/x-pack/test/api_integration/services/security_solution_api.gen.ts
@@ -56,12 +56,10 @@ import { EndpointGetActionsStatusRequestQueryInput } from '@kbn/security-solutio
 import { EndpointGetFileActionRequestBodyInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/response_actions/get_file/get_file.gen';
 import { EndpointGetProcessesActionRequestBodyInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/response_actions/running_procs/running_procs.gen';
 import { EndpointIsolateActionRequestBodyInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/response_actions/isolate/isolate.gen';
-import { EndpointIsolateRedirectRequestBodyInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/response_actions/isolate/deprecated_isolate.gen';
 import { EndpointKillProcessActionRequestBodyInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/response_actions/kill_process/kill_process.gen';
 import { EndpointScanActionRequestBodyInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/response_actions/scan/scan.gen';
 import { EndpointSuspendProcessActionRequestBodyInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/response_actions/suspend_process/suspend_process.gen';
 import { EndpointUnisolateActionRequestBodyInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/response_actions/unisolate/unisolate.gen';
-import { EndpointUnisolateRedirectRequestBodyInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/response_actions/unisolate/deprecated_unisolate.gen';
 import { EndpointUploadActionRequestBodyInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/response_actions/upload/upload.gen';
 import {
   ExportRulesRequestQueryInput,
@@ -74,7 +72,6 @@ import {
 import { FinalizeAlertsMigrationRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/signals_migration/finalize_signals_migration/finalize_signals_migration.gen';
 import { FindAssetCriticalityRecordsRequestQueryInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/asset_criticality/list_asset_criticality.gen';
 import { FindRulesRequestQueryInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/find_rules/find_rules_route.gen';
-import { GetAgentPolicySummaryRequestQueryInput } from '@kbn/security-solution-plugin/common/api/endpoint/policy/deprecated_agent_policy_summary.gen';
 import { GetAssetCriticalityRecordRequestQueryInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/asset_criticality/get_asset_criticality.gen';
 import { GetDraftTimelinesRequestQueryInput } from '@kbn/security-solution-plugin/common/api/timeline/get_draft_timelines/get_draft_timelines_route.gen';
 import { GetEndpointMetadataListRequestQueryInput } from '@kbn/security-solution-plugin/common/api/endpoint/metadata/get_metadata.gen';
@@ -614,20 +611,6 @@ If a record already exists for the specified entity, that record is overwritten
         .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
         .send(props.body as object);
     },
-    /**
-      * Isolate an endpoint from the network.
-> info
-> This URL will return a 308 permanent redirect to `POST <kibana host>:<port>/api/endpoint/action/isolate`.
-
-      */
-    endpointIsolateRedirect(props: EndpointIsolateRedirectProps, kibanaSpace: string = 'default') {
-      return supertest
-        .post(routeWithNamespace('/api/endpoint/isolate', kibanaSpace))
-        .set('kbn-xsrf', 'true')
-        .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31')
-        .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
-        .send(props.body as object);
-    },
     /**
      * Terminate a running process on an endpoint.
      */
@@ -678,23 +661,6 @@ If a record already exists for the specified entity, that record is overwritten
         .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
         .send(props.body as object);
     },
-    /**
-      * Release an isolated endpoint, allowing it to rejoin a network.
-> info
-> This URL will return a 308 permanent redirect to `POST <kibana host>:<port>/api/endpoint/action/unisolate`.
-
-      */
-    endpointUnisolateRedirect(
-      props: EndpointUnisolateRedirectProps,
-      kibanaSpace: string = 'default'
-    ) {
-      return supertest
-        .post(routeWithNamespace('/api/endpoint/unisolate', kibanaSpace))
-        .set('kbn-xsrf', 'true')
-        .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31')
-        .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
-        .send(props.body as object);
-    },
     /**
      * Upload a file to an endpoint.
      */
@@ -781,14 +747,6 @@ finalize it.
         .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
         .query(props.query);
     },
-    getAgentPolicySummary(props: GetAgentPolicySummaryProps, kibanaSpace: string = 'default') {
-      return supertest
-        .get(routeWithNamespace('/api/endpoint/policy/summaries', kibanaSpace))
-        .set('kbn-xsrf', 'true')
-        .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31')
-        .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
-        .query(props.query);
-    },
     /**
      * Retrieves the rule migrations stats for all migrations stored in the system
      */
@@ -843,7 +801,7 @@ finalize it.
       return supertest
         .post(
           routeWithNamespace(
-            replaceParams('/api/endpoint/suggestions/{suggestion_type}', props.params),
+            replaceParams('/internal/api/endpoint/suggestions/{suggestion_type}', props.params),
             kibanaSpace
           )
         )
@@ -1535,9 +1493,6 @@ export interface EndpointGetProcessesActionProps {
 export interface EndpointIsolateActionProps {
   body: EndpointIsolateActionRequestBodyInput;
 }
-export interface EndpointIsolateRedirectProps {
-  body: EndpointIsolateRedirectRequestBodyInput;
-}
 export interface EndpointKillProcessActionProps {
   body: EndpointKillProcessActionRequestBodyInput;
 }
@@ -1550,9 +1505,6 @@ export interface EndpointSuspendProcessActionProps {
 export interface EndpointUnisolateActionProps {
   body: EndpointUnisolateActionRequestBodyInput;
 }
-export interface EndpointUnisolateRedirectProps {
-  body: EndpointUnisolateRedirectRequestBodyInput;
-}
 export interface EndpointUploadActionProps {
   body: EndpointUploadActionRequestBodyInput;
 }
@@ -1573,9 +1525,6 @@ export interface FindAssetCriticalityRecordsProps {
 export interface FindRulesProps {
   query: FindRulesRequestQueryInput;
 }
-export interface GetAgentPolicySummaryProps {
-  query: GetAgentPolicySummaryRequestQueryInput;
-}
 export interface GetAssetCriticalityRecordProps {
   query: GetAssetCriticalityRecordRequestQueryInput;
 }
diff --git a/x-pack/test/apm_api_integration/common/fixtures/es_archiver/apm_8.0.0/mappings.json b/x-pack/test/apm_api_integration/common/fixtures/es_archiver/apm_8.0.0/mappings.json
index ee8b97f7ac0ae..c6f64e5026456 100644
--- a/x-pack/test/apm_api_integration/common/fixtures/es_archiver/apm_8.0.0/mappings.json
+++ b/x-pack/test/apm_api_integration/common/fixtures/es_archiver/apm_8.0.0/mappings.json
@@ -6213,10 +6213,6 @@
           "read_only_allow_delete": "false"
         },
         "codec": "best_compression",
-        "lifecycle": {
-          "name": "apm-rollover-30-days",
-          "rollover_alias": "apm-7.14.0-error"
-        },
         "mapping": {
           "total_fields": {
             "limit": "2000"
@@ -6225,8 +6221,7 @@
         "max_docvalue_fields_search": "200",
         "number_of_replicas": "1",
         "number_of_shards": "1",
-        "priority": "100",
-        "refresh_interval": "5s"
+        "priority": "100"
       }
     }
   }
@@ -11748,10 +11743,6 @@
           "read_only_allow_delete": "false"
         },
         "codec": "best_compression",
-        "lifecycle": {
-          "name": "apm-rollover-30-days",
-          "rollover_alias": "apm-7.14.0-metric"
-        },
         "mapping": {
           "total_fields": {
             "limit": "2000"
@@ -11760,8 +11751,7 @@
         "max_docvalue_fields_search": "200",
         "number_of_replicas": "1",
         "number_of_shards": "1",
-        "priority": "100",
-        "refresh_interval": "5s"
+        "priority": "100"
       }
     }
   }
@@ -16847,10 +16837,6 @@
           "read_only_allow_delete": "false"
         },
         "codec": "best_compression",
-        "lifecycle": {
-          "name": "apm-rollover-30-days",
-          "rollover_alias": "apm-7.14.0-span"
-        },
         "mapping": {
           "total_fields": {
             "limit": "2000"
@@ -16859,8 +16845,7 @@
         "max_docvalue_fields_search": "200",
         "number_of_replicas": "1",
         "number_of_shards": "1",
-        "priority": "100",
-        "refresh_interval": "5s"
+        "priority": "100"
       }
     }
   }
@@ -22037,10 +22022,6 @@
           "read_only_allow_delete": "false"
         },
         "codec": "best_compression",
-        "lifecycle": {
-          "name": "apm-rollover-30-days",
-          "rollover_alias": "apm-7.14.0-transaction"
-        },
         "mapping": {
           "total_fields": {
             "limit": "2000"
@@ -22049,9 +22030,8 @@
         "max_docvalue_fields_search": "200",
         "number_of_replicas": "1",
         "number_of_shards": "1",
-        "priority": "100",
-        "refresh_interval": "5s"
+        "priority": "100"
       }
     }
   }
-}
\ No newline at end of file
+}
diff --git a/x-pack/test/apm_api_integration/common/fixtures/es_archiver/observability_overview/mappings.json b/x-pack/test/apm_api_integration/common/fixtures/es_archiver/observability_overview/mappings.json
index 544ad95203c6a..95636d5ee1c1d 100644
--- a/x-pack/test/apm_api_integration/common/fixtures/es_archiver/observability_overview/mappings.json
+++ b/x-pack/test/apm_api_integration/common/fixtures/es_archiver/observability_overview/mappings.json
@@ -4222,8 +4222,7 @@
             "transaction.message.queue.name",
             "fields.*"
           ]
-        },
-        "refresh_interval": "1ms"
+        }
       }
     }
   }
diff --git a/x-pack/test/apm_api_integration/tests/environment/generate_data.ts b/x-pack/test/apm_api_integration/tests/environment/generate_data.ts
deleted file mode 100644
index 3cfd5d92e00f1..0000000000000
--- a/x-pack/test/apm_api_integration/tests/environment/generate_data.ts
+++ /dev/null
@@ -1,67 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { apm, timerange } from '@kbn/apm-synthtrace-client';
-import type { ApmSynthtraceEsClient } from '@kbn/apm-synthtrace';
-
-// Generate synthetic data for the environment test suite
-export async function generateData({
-  apmSynthtraceEsClient,
-  start,
-  end,
-}: {
-  apmSynthtraceEsClient: ApmSynthtraceEsClient;
-  start: number;
-  end: number;
-}) {
-  const environmentNames = ['production', 'development', 'staging'];
-  const serviceNames = ['go', 'java', 'node'];
-
-  const services = environmentNames.flatMap((environment) => {
-    return serviceNames.flatMap((serviceName) => {
-      return apm
-        .service({
-          name: serviceName,
-          environment,
-          agentName: serviceName,
-        })
-        .instance('instance-a');
-    });
-  });
-
-  const goServiceWithAdditionalEnvironment = apm
-    .service({
-      name: 'go',
-      environment: 'custom-go-environment',
-      agentName: 'go',
-    })
-    .instance('instance-a');
-
-  // Generate a transaction for each service
-  const docs = timerange(start, end)
-    .ratePerMinute(1)
-    .generator((timestamp) => {
-      const loopGeneratedDocs = services.flatMap((service) => {
-        return service
-          .transaction({ transactionName: 'GET /api/product/:id' })
-          .timestamp(timestamp)
-          .duration(1000);
-      });
-
-      const customDoc = goServiceWithAdditionalEnvironment
-        .transaction({
-          transactionName: 'GET /api/go/memory',
-          transactionType: 'custom-go-type',
-        })
-        .timestamp(timestamp)
-        .duration(1000);
-
-      return [...loopGeneratedDocs, customDoc];
-    });
-
-  return apmSynthtraceEsClient.index(docs);
-}
diff --git a/x-pack/test/apm_api_integration/tests/environment/get_environment.spec.ts b/x-pack/test/apm_api_integration/tests/environment/get_environment.spec.ts
deleted file mode 100644
index e67c601e7713c..0000000000000
--- a/x-pack/test/apm_api_integration/tests/environment/get_environment.spec.ts
+++ /dev/null
@@ -1,94 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-import expect from '@kbn/expect';
-import { FtrProviderContext } from '../../common/ftr_provider_context';
-import { generateData } from './generate_data';
-
-const startNumber = new Date('2021-01-01T00:00:00.000Z').getTime();
-const endNumber = new Date('2021-01-01T00:05:00.000Z').getTime() - 1;
-
-const start = new Date(startNumber).toISOString();
-const end = new Date(endNumber).toISOString();
-
-export default function environmentsAPITests({ getService }: FtrProviderContext) {
-  const registry = getService('registry');
-  const apmApiClient = getService('apmApiClient');
-  const apmSynthtraceEsClient = getService('apmSynthtraceEsClient');
-
-  registry.when('environments when data is loaded', { config: 'basic', archives: [] }, async () => {
-    before(async () =>
-      generateData({
-        apmSynthtraceEsClient,
-        start: startNumber,
-        end: endNumber,
-      })
-    );
-
-    after(() => apmSynthtraceEsClient.clean());
-
-    describe('get environments', () => {
-      describe('when service name is not specified', () => {
-        it('returns all environments', async () => {
-          const { body } = await apmApiClient.readUser({
-            endpoint: 'GET /internal/apm/environments',
-            params: {
-              query: { start, end },
-            },
-          });
-          expect(body.environments.length).to.be.equal(4);
-          expectSnapshot(body.environments).toMatchInline(`
-            Array [
-              "development",
-              "production",
-              "staging",
-              "custom-go-environment",
-            ]
-          `);
-        });
-      });
-
-      describe('when service name is specified', () => {
-        it('returns service specific environments for go', async () => {
-          const { body } = await apmApiClient.readUser({
-            endpoint: 'GET /internal/apm/environments',
-            params: {
-              query: { start, end, serviceName: 'go' },
-            },
-          });
-
-          expect(body.environments.length).to.be.equal(4);
-          expectSnapshot(body.environments).toMatchInline(`
-            Array [
-              "custom-go-environment",
-              "development",
-              "production",
-              "staging",
-            ]
-          `);
-        });
-
-        it('returns service specific environments for java', async () => {
-          const { body } = await apmApiClient.readUser({
-            endpoint: 'GET /internal/apm/environments',
-            params: {
-              query: { start, end, serviceName: 'java' },
-            },
-          });
-
-          expect(body.environments.length).to.be.equal(3);
-          expectSnapshot(body.environments).toMatchInline(`
-            Array [
-              "development",
-              "production",
-              "staging",
-            ]
-          `);
-        });
-      });
-    });
-  });
-}
diff --git a/x-pack/test/apm_api_integration/tests/service_groups/service_group_count/service_group_count.spec.ts b/x-pack/test/apm_api_integration/tests/service_groups/service_group_count/service_group_count.spec.ts
index d39724b0570b2..8b43114ba0ed6 100644
--- a/x-pack/test/apm_api_integration/tests/service_groups/service_group_count/service_group_count.spec.ts
+++ b/x-pack/test/apm_api_integration/tests/service_groups/service_group_count/service_group_count.spec.ts
@@ -74,14 +74,6 @@ export default function ApiTest({ getService }: FtrProviderContext) {
       await apmSynthtraceEsClient.clean();
     });
 
-    it('returns the correct number of services', async () => {
-      const response = await getServiceGroupCounts(apmApiClient);
-      expect(response.status).to.be(200);
-      expect(Object.keys(response.body).length).to.be(2);
-      expect(response.body[synthbeansServiceGroupId]).to.have.property('services', 2);
-      expect(response.body[opbeansServiceGroupId]).to.have.property('services', 1);
-    });
-
     describe('with alerts', () => {
       let ruleId: string;
       before(async () => {
diff --git a/x-pack/test/apm_api_integration/tests/service_groups/service_group_with_overflow/service_group_with_overflow.spec.ts b/x-pack/test/apm_api_integration/tests/service_groups/service_group_with_overflow/service_group_with_overflow.spec.ts
deleted file mode 100644
index 205b43b57bdcf..0000000000000
--- a/x-pack/test/apm_api_integration/tests/service_groups/service_group_with_overflow/service_group_with_overflow.spec.ts
+++ /dev/null
@@ -1,105 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-import expect from '@kbn/expect';
-import { ValuesType } from 'utility-types';
-import { ENVIRONMENT_ALL } from '@kbn/apm-plugin/common/environment_filter_values';
-import { ApmDocumentType } from '@kbn/apm-plugin/common/document_type';
-import { RollupInterval } from '@kbn/apm-plugin/common/rollup';
-import { FtrProviderContext } from '../../../common/ftr_provider_context';
-import { createServiceGroupApi, deleteAllServiceGroups } from '../service_groups_api_methods';
-import { createServiceTransactionMetricsDocs } from './es_utils';
-import { generateData } from './generate_data';
-
-export default function ApiTest({ getService }: FtrProviderContext) {
-  const registry = getService('registry');
-  const apmApiClient = getService('apmApiClient');
-  const es = getService('es');
-  const apmSynthtraceEsClient = getService('apmSynthtraceEsClient');
-
-  registry.when(
-    'Display overflow bucket in Service Groups',
-    { config: 'basic', archives: [] },
-    () => {
-      const indexName = 'metrics-apm.service_transaction.1m-default';
-      const start = '2023-06-21T06:50:15.910Z';
-      const end = '2023-06-21T06:59:15.910Z';
-      const startTime = new Date(start).getTime() + 1000;
-      const OVERFLOW_SERVICE_NAME = '_other';
-      let serviceGroupId: string;
-
-      after(async () => {
-        await deleteAllServiceGroups(apmApiClient);
-        await apmSynthtraceEsClient.clean();
-      });
-
-      before(async () => {
-        await generateData({ start, end, apmSynthtraceEsClient });
-
-        const docs = [
-          createServiceTransactionMetricsDocs({
-            time: startTime,
-            service: {
-              name: OVERFLOW_SERVICE_NAME,
-            },
-            overflowCount: 13,
-          }),
-        ];
-
-        const bulkActions = docs.reduce(
-          (prev, doc) => {
-            return [...prev, { create: { _index: indexName } }, doc];
-          },
-          [] as Array<
-            | {
-                create: {
-                  _index: string;
-                };
-              }
-            | ValuesType<typeof docs>
-          >
-        );
-
-        await es.bulk({
-          body: bulkActions,
-          refresh: 'wait_for',
-        });
-
-        const serviceGroup = {
-          groupName: 'overflowGroup',
-          kuery: 'service.name: synth-go or service.name: synth-java',
-        };
-        const createResponse = await createServiceGroupApi({ apmApiClient, ...serviceGroup });
-        expect(createResponse.status).to.be(200);
-        serviceGroupId = createResponse.body.id;
-      });
-
-      it('get the overflow bucket even though its not added explicitly in the Service Group', async () => {
-        const response = await apmApiClient.readUser({
-          endpoint: `GET /internal/apm/services`,
-          params: {
-            query: {
-              start,
-              end,
-              environment: ENVIRONMENT_ALL.value,
-              kuery: '',
-              serviceGroup: serviceGroupId,
-              probability: 1,
-              documentType: ApmDocumentType.ServiceTransactionMetric,
-              rollupInterval: RollupInterval.OneMinute,
-              useDurationSummary: true,
-            },
-          },
-        });
-
-        const overflowBucket = response.body.items.find(
-          (service) => service.serviceName === OVERFLOW_SERVICE_NAME
-        );
-        expect(overflowBucket?.serviceName).to.equal(OVERFLOW_SERVICE_NAME);
-      });
-    }
-  );
-}
diff --git a/x-pack/test/cases_api_integration/security_and_spaces/tests/trial/attachments_framework/registered_persistable_state_trial.ts b/x-pack/test/cases_api_integration/security_and_spaces/tests/trial/attachments_framework/registered_persistable_state_trial.ts
index c5e5a23032f66..0969a9261df26 100644
--- a/x-pack/test/cases_api_integration/security_and_spaces/tests/trial/attachments_framework/registered_persistable_state_trial.ts
+++ b/x-pack/test/cases_api_integration/security_and_spaces/tests/trial/attachments_framework/registered_persistable_state_trial.ts
@@ -39,6 +39,7 @@ export default ({ getService }: FtrProviderContext): void => {
           ml_anomaly_charts: '23e92e824af9db6e8b8bb1d63c222e04f57d2147',
           ml_anomaly_swimlane: 'a3517f3e53fb041e9cbb150477fb6ef0f731bd5f',
           ml_single_metric_viewer: '8b9532b0a40dfdfa282e262949b82cc1a643147c',
+          aiopsPatternAnalysisEmbeddable: '6c2809a0c51e668d11794de0815b293fdb3a9060',
         });
       });
     });
diff --git a/x-pack/test/cloud_security_posture_api/routes/graph.ts b/x-pack/test/cloud_security_posture_api/routes/graph.ts
index 8043e6e22feb6..95625b24fa59a 100644
--- a/x-pack/test/cloud_security_posture_api/routes/graph.ts
+++ b/x-pack/test/cloud_security_posture_api/routes/graph.ts
@@ -399,7 +399,7 @@ export default function (providerContext: FtrProviderContext) {
         });
       });
 
-      it('Should filter unknown targets', async () => {
+      it('should filter unknown targets', async () => {
         const response = await postGraph(supertest, {
           query: {
             eventIds: [],
@@ -424,7 +424,7 @@ export default function (providerContext: FtrProviderContext) {
         expect(response.body).not.to.have.property('messages');
       });
 
-      it('Should return unknown targets', async () => {
+      it('should return unknown targets', async () => {
         const response = await postGraph(supertest, {
           showUnknownTarget: true,
           query: {
@@ -450,7 +450,7 @@ export default function (providerContext: FtrProviderContext) {
         expect(response.body).not.to.have.property('messages');
       });
 
-      it('Should limit number of nodes', async () => {
+      it('should limit number of nodes', async () => {
         const response = await postGraph(supertest, {
           nodesLimit: 1,
           query: {
@@ -476,6 +476,20 @@ export default function (providerContext: FtrProviderContext) {
         expect(response.body).to.have.property('messages').length(1);
         expect(response.body.messages[0]).equal(ApiMessageCode.ReachedNodesLimit);
       });
+
+      it('should support date math', async () => {
+        const response = await postGraph(supertest, {
+          query: {
+            eventIds: ['kabcd1234efgh5678'],
+            start: '2024-09-01T12:30:00.000Z||-30m',
+            end: '2024-09-01T12:30:00.000Z||+30m',
+          },
+        }).expect(result(200));
+
+        expect(response.body).to.have.property('nodes').length(3);
+        expect(response.body).to.have.property('edges').length(2);
+        expect(response.body).not.to.have.property('messages');
+      });
     });
   });
 }
diff --git a/x-pack/test/cloud_security_posture_functional/es_archives/security_alerts/data.json b/x-pack/test/cloud_security_posture_functional/es_archives/security_alerts/data.json
new file mode 100644
index 0000000000000..e28c92931b619
--- /dev/null
+++ b/x-pack/test/cloud_security_posture_functional/es_archives/security_alerts/data.json
@@ -0,0 +1,708 @@
+{
+  "type": "doc",
+  "value": {
+    "id": "589e086d7ceec7d4b353340578bd607e96fbac7eab9e2926f110990be15122f1",
+    "index": ".internal.alerts-security.alerts-default-000001",
+    "source": {
+      "@timestamp": "2024-09-01T12:44:02.109Z",
+      "actor": {
+        "entity": {
+          "id": "admin@example.com"
+        }
+      },
+      "client": {
+        "user": {
+          "email": "admin@example.com"
+        }
+      },
+      "cloud": {
+        "project": {
+          "id": "your-project-id"
+        },
+        "provider": "gcp"
+      },
+      "ecs": {
+        "version": "8.11.0"
+      },
+      "event": {
+        "action": "google.iam.admin.v1.CreateRole",
+        "agent_id_status": "missing",
+        "category": [
+          "session",
+          "network",
+          "configuration"
+        ],
+        "dataset": "gcp.audit",
+        "id": "kabcd1234efgh5678",
+        "ingested": "2024-09-01T12:40:17Z",
+        "module": "gcp",
+        "outcome": "success",
+        "provider": "activity",
+        "type": [
+          "end",
+          "access",
+          "allowed"
+        ]
+      },
+      "event.kind": "signal",
+      "gcp": {
+        "audit": {
+          "authorization_info": [
+            {
+              "granted": true,
+              "permission": "iam.roles.create",
+              "resource": "projects/your-project-id"
+            }
+          ],
+          "logentry_operation": {
+            "id": "operation-0987654321"
+          },
+          "request": {
+            "@type": "type.googleapis.com/google.iam.admin.v1.CreateRoleRequest",
+            "parent": "projects/your-project-id",
+            "role": {
+              "description": "A custom role with specific permissions",
+              "includedPermissions": [
+                "resourcemanager.projects.get",
+                "resourcemanager.projects.list"
+              ],
+              "name": "projects/your-project-id/roles/customRole",
+              "title": "Custom Role"
+            },
+            "roleId": "customRole"
+          },
+          "resource_name": "projects/your-project-id/roles/customRole",
+          "response": {
+            "@type": "type.googleapis.com/google.iam.admin.v1.Role",
+            "description": "A custom role with specific permissions",
+            "includedPermissions": [
+              "resourcemanager.projects.get",
+              "resourcemanager.projects.list"
+            ],
+            "name": "projects/your-project-id/roles/customRole",
+            "stage": "GA",
+            "title": "Custom Role"
+          },
+          "type": "type.googleapis.com/google.cloud.audit.AuditLog"
+        }
+      },
+      "kibana.alert.ancestors": [
+        {
+          "depth": 0,
+          "id": "MhKch5IBGYRrfvcTQNbO",
+          "index": ".ds-logs-gcp.audit-default-2024.10.13-000001",
+          "type": "event"
+        }
+      ],
+      "kibana.alert.depth": 1,
+      "kibana.alert.intended_timestamp": "2024-09-01T12:44:02.117Z",
+      "kibana.alert.last_detected": "2024-09-01T12:44:02.117Z",
+      "kibana.alert.original_event.action": "google.iam.admin.v1.CreateRole",
+      "kibana.alert.original_event.agent_id_status": "missing",
+      "kibana.alert.original_event.category": [
+        "session",
+        "network",
+        "configuration"
+      ],
+      "kibana.alert.original_event.dataset": "gcp.audit",
+      "kibana.alert.original_event.id": "kabcd1234efgh5678",
+      "kibana.alert.original_event.ingested": "2024-09-01T12:40:17Z",
+      "kibana.alert.original_event.kind": "event",
+      "kibana.alert.original_event.module": "gcp",
+      "kibana.alert.original_event.outcome": "success",
+      "kibana.alert.original_event.provider": "activity",
+      "kibana.alert.original_event.type": [
+        "end",
+        "access",
+        "allowed"
+      ],
+      "kibana.alert.original_time": "2024-09-01T12:34:56.789Z",
+      "kibana.alert.reason": "session, network, configuration event with source 10.0.0.1 created medium alert GCP IAM Custom Role Creation.",
+      "kibana.alert.risk_score": 47,
+      "kibana.alert.rule.actions": [
+      ],
+      "kibana.alert.rule.author": [
+        "Elastic"
+      ],
+      "kibana.alert.rule.category": "Custom Query Rule",
+      "kibana.alert.rule.consumer": "siem",
+      "kibana.alert.rule.created_at": "2024-09-01T12:38:49.650Z",
+      "kibana.alert.rule.created_by": "elastic",
+      "kibana.alert.rule.description": "Identifies an Identity and Access Management (IAM) custom role creation in Google Cloud Platform (GCP). Custom roles are user-defined, and allow for the bundling of one or more supported permissions to meet specific needs. Custom roles will not be updated automatically and could lead to privilege creep if not carefully scrutinized.",
+      "kibana.alert.rule.enabled": true,
+      "kibana.alert.rule.exceptions_list": [
+      ],
+      "kibana.alert.rule.execution.timestamp": "2024-09-01T12:44:02.117Z",
+      "kibana.alert.rule.execution.uuid": "a440f349-1900-4087-b507-f2b98c6cfa79",
+      "kibana.alert.rule.false_positives": [
+        "Custom role creations may be done by a system or network administrator. Verify whether the user email, resource name, and/or hostname should be making changes in your environment. Role creations by unfamiliar users or hosts should be investigated. If known behavior is causing false positives, it can be exempted from the rule."
+      ],
+      "kibana.alert.rule.from": "now-6m",
+      "kibana.alert.rule.immutable": true,
+      "kibana.alert.rule.indices": [
+        "filebeat-*",
+        "logs-gcp*"
+      ],
+      "kibana.alert.rule.interval": "5m",
+      "kibana.alert.rule.license": "Elastic License v2",
+      "kibana.alert.rule.max_signals": 100,
+      "kibana.alert.rule.name": "GCP IAM Custom Role Creation",
+      "kibana.alert.rule.note": "",
+      "kibana.alert.rule.parameters": {
+        "author": [
+          "Elastic"
+        ],
+        "description": "Identifies an Identity and Access Management (IAM) custom role creation in Google Cloud Platform (GCP). Custom roles are user-defined, and allow for the bundling of one or more supported permissions to meet specific needs. Custom roles will not be updated automatically and could lead to privilege creep if not carefully scrutinized.",
+        "exceptions_list": [
+        ],
+        "false_positives": [
+          "Custom role creations may be done by a system or network administrator. Verify whether the user email, resource name, and/or hostname should be making changes in your environment. Role creations by unfamiliar users or hosts should be investigated. If known behavior is causing false positives, it can be exempted from the rule."
+        ],
+        "from": "now-6m",
+        "immutable": true,
+        "index": [
+          "filebeat-*",
+          "logs-gcp*"
+        ],
+        "language": "kuery",
+        "license": "Elastic License v2",
+        "max_signals": 100,
+        "note": "",
+        "query": "event.dataset:gcp.audit and event.action:google.iam.admin.v*.CreateRole and event.outcome:success\n",
+        "references": [
+          "https://cloud.google.com/iam/docs/understanding-custom-roles"
+        ],
+        "related_integrations": [
+          {
+            "integration": "audit",
+            "package": "gcp",
+            "version": "^2.0.0"
+          }
+        ],
+        "required_fields": [
+          {
+            "ecs": true,
+            "name": "event.action",
+            "type": "keyword"
+          },
+          {
+            "ecs": true,
+            "name": "event.dataset",
+            "type": "keyword"
+          },
+          {
+            "ecs": true,
+            "name": "event.outcome",
+            "type": "keyword"
+          }
+        ],
+        "risk_score": 47,
+        "risk_score_mapping": [
+        ],
+        "rule_id": "aa8007f0-d1df-49ef-8520-407857594827",
+        "rule_source": {
+          "is_customized": false,
+          "type": "external"
+        },
+        "setup": "The GCP Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
+        "severity": "medium",
+        "severity_mapping": [
+        ],
+        "threat": [
+          {
+            "framework": "MITRE ATT&CK",
+            "tactic": {
+              "id": "TA0001",
+              "name": "Initial Access",
+              "reference": "https://attack.mitre.org/tactics/TA0001/"
+            },
+            "technique": [
+              {
+                "id": "T1078",
+                "name": "Valid Accounts",
+                "reference": "https://attack.mitre.org/techniques/T1078/"
+              }
+            ]
+          },
+          {
+            "framework": "MITRE ATT&CK",
+            "tactic": {
+              "id": "TA0003",
+              "name": "Persistence",
+              "reference": "https://attack.mitre.org/tactics/TA0003/"
+            },
+            "technique": [
+              {
+                "id": "T1078",
+                "name": "Valid Accounts",
+                "reference": "https://attack.mitre.org/techniques/T1078/"
+              }
+            ]
+          }
+        ],
+        "timestamp_override": "event.ingested",
+        "to": "now",
+        "type": "query",
+        "version": 104
+      },
+      "kibana.alert.rule.producer": "siem",
+      "kibana.alert.rule.references": [
+        "https://cloud.google.com/iam/docs/understanding-custom-roles"
+      ],
+      "kibana.alert.rule.revision": 0,
+      "kibana.alert.rule.risk_score": 47,
+      "kibana.alert.rule.risk_score_mapping": [
+      ],
+      "kibana.alert.rule.rule_id": "aa8007f0-d1df-49ef-8520-407857594827",
+      "kibana.alert.rule.rule_type_id": "siem.queryRule",
+      "kibana.alert.rule.severity": "medium",
+      "kibana.alert.rule.severity_mapping": [
+      ],
+      "kibana.alert.rule.tags": [
+        "Domain: Cloud",
+        "Data Source: GCP",
+        "Data Source: Google Cloud Platform",
+        "Use Case: Identity and Access Audit",
+        "Tactic: Initial Access"
+      ],
+      "kibana.alert.rule.threat": [
+        {
+          "framework": "MITRE ATT&CK",
+          "tactic": {
+            "id": "TA0001",
+            "name": "Initial Access",
+            "reference": "https://attack.mitre.org/tactics/TA0001/"
+          },
+          "technique": [
+            {
+              "id": "T1078",
+              "name": "Valid Accounts",
+              "reference": "https://attack.mitre.org/techniques/T1078/"
+            }
+          ]
+        },
+        {
+          "framework": "MITRE ATT&CK",
+          "tactic": {
+            "id": "TA0003",
+            "name": "Persistence",
+            "reference": "https://attack.mitre.org/tactics/TA0003/"
+          },
+          "technique": [
+            {
+              "id": "T1078",
+              "name": "Valid Accounts",
+              "reference": "https://attack.mitre.org/techniques/T1078/"
+            }
+          ]
+        }
+      ],
+      "kibana.alert.rule.timestamp_override": "event.ingested",
+      "kibana.alert.rule.to": "now",
+      "kibana.alert.rule.type": "query",
+      "kibana.alert.rule.updated_at": "2024-09-01T12:39:00.099Z",
+      "kibana.alert.rule.updated_by": "elastic",
+      "kibana.alert.rule.uuid": "c6f64115-5941-46ef-bfa3-61a4ecb4f3ba",
+      "kibana.alert.rule.version": 104,
+      "kibana.alert.severity": "medium",
+      "kibana.alert.start": "2024-09-01T12:44:02.117Z",
+      "kibana.alert.status": "active",
+      "kibana.alert.uuid": "589e086d7ceec7d4b353340578bd607e96fbac7eab9e2926f110990be15122f1",
+      "kibana.alert.workflow_assignee_ids": [
+      ],
+      "kibana.alert.workflow_status": "open",
+      "kibana.alert.workflow_tags": [
+      ],
+      "kibana.space_ids": [
+        "default"
+      ],
+      "kibana.version": "9.0.0",
+      "log": {
+        "level": "NOTICE",
+        "logger": "projects/your-project-id/logs/cloudaudit.googleapis.com%2Factivity"
+      },
+      "related": {
+        "ip": [
+          "10.0.0.1"
+        ],
+        "user": [
+          "admin@example.com"
+        ]
+      },
+      "service": {
+        "name": "iam.googleapis.com"
+      },
+      "source": {
+        "ip": "10.0.0.1"
+      },
+      "tags": [
+        "_geoip_database_unavailable_GeoLite2-City.mmdb",
+        "_geoip_database_unavailable_GeoLite2-ASN.mmdb"
+      ],
+      "target": {
+        "entity": {
+          "id": "projects/your-project-id/roles/customRole"
+        }
+      },
+      "user_agent": {
+        "device": {
+          "name": "Other"
+        },
+        "name": "Other",
+        "original": "google-cloud-sdk/324.0.0"
+      }
+    }
+  }
+}
+
+{
+  "type": "doc",
+  "value": {
+    "id": "838ea37ab43ab7d2754d007fbe8191be53d7d637bea62f6189f8db1503c0e250",
+    "index": ".internal.alerts-security.alerts-default-000001",
+    "source": {
+      "@timestamp": "2024-09-01T12:39:03.646Z",
+      "actor": {
+        "entity": {
+          "id": "admin@example.com"
+        }
+      },
+      "client": {
+        "user": {
+          "email": "admin@example.com"
+        }
+      },
+      "cloud": {
+        "project": {
+          "id": "your-project-id"
+        },
+        "provider": "gcp"
+      },
+      "ecs": {
+        "version": "8.11.0"
+      },
+      "event": {
+        "action": "google.iam.admin.v1.CreateRole",
+        "agent_id_status": "missing",
+        "category": [
+          "session",
+          "network",
+          "configuration"
+        ],
+        "dataset": "gcp.audit",
+        "id": "kabcd1234efgh5678",
+        "ingested": "2024-09-01T12:38:13Z",
+        "module": "gcp",
+        "outcome": "success",
+        "provider": "activity",
+        "type": [
+          "end",
+          "access",
+          "allowed"
+        ]
+      },
+      "event.kind": "signal",
+      "gcp": {
+        "audit": {
+          "authorization_info": [
+            {
+              "granted": true,
+              "permission": "iam.roles.create",
+              "resource": "projects/your-project-id"
+            }
+          ],
+          "logentry_operation": {
+            "id": "operation-0987654321"
+          },
+          "request": {
+            "@type": "type.googleapis.com/google.iam.admin.v1.CreateRoleRequest",
+            "parent": "projects/your-project-id",
+            "role": {
+              "description": "A custom role with specific permissions",
+              "includedPermissions": [
+                "resourcemanager.projects.get",
+                "resourcemanager.projects.list"
+              ],
+              "name": "projects/your-project-id/roles/customRole",
+              "title": "Custom Role"
+            },
+            "roleId": "customRole"
+          },
+          "resource_name": "projects/your-project-id/roles/customRole",
+          "response": {
+            "@type": "type.googleapis.com/google.iam.admin.v1.Role",
+            "description": "A custom role with specific permissions",
+            "includedPermissions": [
+              "resourcemanager.projects.get",
+              "resourcemanager.projects.list"
+            ],
+            "name": "projects/your-project-id/roles/customRole",
+            "stage": "GA",
+            "title": "Custom Role"
+          },
+          "type": "type.googleapis.com/google.cloud.audit.AuditLog"
+        }
+      },
+      "kibana.alert.ancestors": [
+        {
+          "depth": 0,
+          "id": "rhKah5IBGYRrfvcTXtWe",
+          "index": ".ds-logs-gcp.audit-default-2024.10.13-000001",
+          "type": "event"
+        }
+      ],
+      "kibana.alert.depth": 1,
+      "kibana.alert.intended_timestamp": "2024-09-01T12:39:03.657Z",
+      "kibana.alert.last_detected": "2024-09-01T12:39:03.657Z",
+      "kibana.alert.original_event.action": "google.iam.admin.v1.CreateRole",
+      "kibana.alert.original_event.agent_id_status": "missing",
+      "kibana.alert.original_event.category": [
+        "session",
+        "network",
+        "configuration"
+      ],
+      "kibana.alert.original_event.dataset": "gcp.audit",
+      "kibana.alert.original_event.id": "kabcd1234efgh5678",
+      "kibana.alert.original_event.ingested": "2024-09-01T12:38:13Z",
+      "kibana.alert.original_event.kind": "event",
+      "kibana.alert.original_event.module": "gcp",
+      "kibana.alert.original_event.outcome": "success",
+      "kibana.alert.original_event.provider": "activity",
+      "kibana.alert.original_event.type": [
+        "end",
+        "access",
+        "allowed"
+      ],
+      "kibana.alert.original_time": "2024-09-01T12:34:56.789Z",
+      "kibana.alert.reason": "session, network, configuration event with source 10.0.0.1 created medium alert GCP IAM Custom Role Creation.",
+      "kibana.alert.risk_score": 47,
+      "kibana.alert.rule.actions": [
+      ],
+      "kibana.alert.rule.author": [
+        "Elastic"
+      ],
+      "kibana.alert.rule.category": "Custom Query Rule",
+      "kibana.alert.rule.consumer": "siem",
+      "kibana.alert.rule.created_at": "2024-09-01T12:38:49.650Z",
+      "kibana.alert.rule.created_by": "elastic",
+      "kibana.alert.rule.description": "Identifies an Identity and Access Management (IAM) custom role creation in Google Cloud Platform (GCP). Custom roles are user-defined, and allow for the bundling of one or more supported permissions to meet specific needs. Custom roles will not be updated automatically and could lead to privilege creep if not carefully scrutinized.",
+      "kibana.alert.rule.enabled": true,
+      "kibana.alert.rule.exceptions_list": [
+      ],
+      "kibana.alert.rule.execution.timestamp": "2024-09-01T12:39:03.657Z",
+      "kibana.alert.rule.execution.uuid": "939d34e1-1e74-480d-90ae-24079d9b40d3",
+      "kibana.alert.rule.false_positives": [
+        "Custom role creations may be done by a system or network administrator. Verify whether the user email, resource name, and/or hostname should be making changes in your environment. Role creations by unfamiliar users or hosts should be investigated. If known behavior is causing false positives, it can be exempted from the rule."
+      ],
+      "kibana.alert.rule.from": "now-6m",
+      "kibana.alert.rule.immutable": true,
+      "kibana.alert.rule.indices": [
+        "filebeat-*",
+        "logs-gcp*"
+      ],
+      "kibana.alert.rule.interval": "5m",
+      "kibana.alert.rule.license": "Elastic License v2",
+      "kibana.alert.rule.max_signals": 100,
+      "kibana.alert.rule.name": "GCP IAM Custom Role Creation",
+      "kibana.alert.rule.note": "",
+      "kibana.alert.rule.parameters": {
+        "author": [
+          "Elastic"
+        ],
+        "description": "Identifies an Identity and Access Management (IAM) custom role creation in Google Cloud Platform (GCP). Custom roles are user-defined, and allow for the bundling of one or more supported permissions to meet specific needs. Custom roles will not be updated automatically and could lead to privilege creep if not carefully scrutinized.",
+        "exceptions_list": [
+        ],
+        "false_positives": [
+          "Custom role creations may be done by a system or network administrator. Verify whether the user email, resource name, and/or hostname should be making changes in your environment. Role creations by unfamiliar users or hosts should be investigated. If known behavior is causing false positives, it can be exempted from the rule."
+        ],
+        "from": "now-6m",
+        "immutable": true,
+        "index": [
+          "filebeat-*",
+          "logs-gcp*"
+        ],
+        "language": "kuery",
+        "license": "Elastic License v2",
+        "max_signals": 100,
+        "note": "",
+        "query": "event.dataset:gcp.audit and event.action:google.iam.admin.v*.CreateRole and event.outcome:success\n",
+        "references": [
+          "https://cloud.google.com/iam/docs/understanding-custom-roles"
+        ],
+        "related_integrations": [
+          {
+            "integration": "audit",
+            "package": "gcp",
+            "version": "^2.0.0"
+          }
+        ],
+        "required_fields": [
+          {
+            "ecs": true,
+            "name": "event.action",
+            "type": "keyword"
+          },
+          {
+            "ecs": true,
+            "name": "event.dataset",
+            "type": "keyword"
+          },
+          {
+            "ecs": true,
+            "name": "event.outcome",
+            "type": "keyword"
+          }
+        ],
+        "risk_score": 47,
+        "risk_score_mapping": [
+        ],
+        "rule_id": "aa8007f0-d1df-49ef-8520-407857594827",
+        "rule_source": {
+          "is_customized": false,
+          "type": "external"
+        },
+        "setup": "The GCP Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.",
+        "severity": "medium",
+        "severity_mapping": [
+        ],
+        "threat": [
+          {
+            "framework": "MITRE ATT&CK",
+            "tactic": {
+              "id": "TA0001",
+              "name": "Initial Access",
+              "reference": "https://attack.mitre.org/tactics/TA0001/"
+            },
+            "technique": [
+              {
+                "id": "T1078",
+                "name": "Valid Accounts",
+                "reference": "https://attack.mitre.org/techniques/T1078/"
+              }
+            ]
+          },
+          {
+            "framework": "MITRE ATT&CK",
+            "tactic": {
+              "id": "TA0003",
+              "name": "Persistence",
+              "reference": "https://attack.mitre.org/tactics/TA0003/"
+            },
+            "technique": [
+              {
+                "id": "T1078",
+                "name": "Valid Accounts",
+                "reference": "https://attack.mitre.org/techniques/T1078/"
+              }
+            ]
+          }
+        ],
+        "timestamp_override": "event.ingested",
+        "to": "now",
+        "type": "query",
+        "version": 104
+      },
+      "kibana.alert.rule.producer": "siem",
+      "kibana.alert.rule.references": [
+        "https://cloud.google.com/iam/docs/understanding-custom-roles"
+      ],
+      "kibana.alert.rule.revision": 0,
+      "kibana.alert.rule.risk_score": 47,
+      "kibana.alert.rule.risk_score_mapping": [
+      ],
+      "kibana.alert.rule.rule_id": "aa8007f0-d1df-49ef-8520-407857594827",
+      "kibana.alert.rule.rule_type_id": "siem.queryRule",
+      "kibana.alert.rule.severity": "medium",
+      "kibana.alert.rule.severity_mapping": [
+      ],
+      "kibana.alert.rule.tags": [
+        "Domain: Cloud",
+        "Data Source: GCP",
+        "Data Source: Google Cloud Platform",
+        "Use Case: Identity and Access Audit",
+        "Tactic: Initial Access"
+      ],
+      "kibana.alert.rule.threat": [
+        {
+          "framework": "MITRE ATT&CK",
+          "tactic": {
+            "id": "TA0001",
+            "name": "Initial Access",
+            "reference": "https://attack.mitre.org/tactics/TA0001/"
+          },
+          "technique": [
+            {
+              "id": "T1078",
+              "name": "Valid Accounts",
+              "reference": "https://attack.mitre.org/techniques/T1078/"
+            }
+          ]
+        },
+        {
+          "framework": "MITRE ATT&CK",
+          "tactic": {
+            "id": "TA0003",
+            "name": "Persistence",
+            "reference": "https://attack.mitre.org/tactics/TA0003/"
+          },
+          "technique": [
+            {
+              "id": "T1078",
+              "name": "Valid Accounts",
+              "reference": "https://attack.mitre.org/techniques/T1078/"
+            }
+          ]
+        }
+      ],
+      "kibana.alert.rule.timestamp_override": "event.ingested",
+      "kibana.alert.rule.to": "now",
+      "kibana.alert.rule.type": "query",
+      "kibana.alert.rule.updated_at": "2024-09-01T12:39:00.099Z",
+      "kibana.alert.rule.updated_by": "elastic",
+      "kibana.alert.rule.uuid": "c6f64115-5941-46ef-bfa3-61a4ecb4f3ba",
+      "kibana.alert.rule.version": 104,
+      "kibana.alert.severity": "medium",
+      "kibana.alert.start": "2024-09-01T12:39:03.657Z",
+      "kibana.alert.status": "active",
+      "kibana.alert.uuid": "838ea37ab43ab7d2754d007fbe8191be53d7d637bea62f6189f8db1503c0e250",
+      "kibana.alert.workflow_assignee_ids": [
+      ],
+      "kibana.alert.workflow_status": "open",
+      "kibana.alert.workflow_tags": [
+      ],
+      "kibana.space_ids": [
+        "default"
+      ],
+      "kibana.version": "9.0.0",
+      "log": {
+        "level": "NOTICE",
+        "logger": "projects/your-project-id/logs/cloudaudit.googleapis.com%2Factivity"
+      },
+      "related": {
+        "ip": [
+          "10.0.0.1"
+        ],
+        "user": [
+          "admin@example.com"
+        ]
+      },
+      "service": {
+        "name": "iam.googleapis.com"
+      },
+      "source": {
+        "ip": "10.0.0.1"
+      },
+      "tags": [
+        "_geoip_database_unavailable_GeoLite2-City.mmdb",
+        "_geoip_database_unavailable_GeoLite2-ASN.mmdb"
+      ],
+      "user_agent": {
+        "device": {
+          "name": "Other"
+        },
+        "name": "Other",
+        "original": "google-cloud-sdk/324.0.0"
+      }
+    }
+  }
+}
diff --git a/x-pack/test/cloud_security_posture_functional/es_archives/security_alerts/data.json.gz b/x-pack/test/cloud_security_posture_functional/es_archives/security_alerts/data.json.gz
deleted file mode 100644
index 93b2c20b81c86..0000000000000
Binary files a/x-pack/test/cloud_security_posture_functional/es_archives/security_alerts/data.json.gz and /dev/null differ
diff --git a/x-pack/test/cloud_security_posture_functional/pages/alerts_flyout.ts b/x-pack/test/cloud_security_posture_functional/pages/alerts_flyout.ts
index 9657c0f212f9b..63eafc4107bc1 100644
--- a/x-pack/test/cloud_security_posture_functional/pages/alerts_flyout.ts
+++ b/x-pack/test/cloud_security_posture_functional/pages/alerts_flyout.ts
@@ -17,8 +17,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) {
   const pageObjects = getPageObjects(['common', 'header', 'alerts']);
   const alertsPage = pageObjects.alerts;
 
-  // Failing: See https://github.com/elastic/kibana/issues/198632
-  describe.skip('Security Alerts Page - Graph visualization', function () {
+  describe('Security Alerts Page - Graph visualization', function () {
     this.tags(['cloud_security_posture_graph_viz']);
 
     before(async () => {
@@ -34,8 +33,8 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) {
       // Setting the timerange to fit the data and open the flyout for a specific alert
       await alertsPage.navigateToAlertsPage(
         `${alertsPage.getAbsoluteTimerangeFilter(
-          '2024-10-13T00:00:00.000Z',
-          '2024-10-14T00:00:00.000Z'
+          '2024-09-01T00:00:00.000Z',
+          '2024-09-02T00:00:00.000Z'
         )}&${alertsPage.getFlyoutFilter(
           '589e086d7ceec7d4b353340578bd607e96fbac7eab9e2926f110990be15122f1'
         )}`
diff --git a/x-pack/test/dataset_quality_api_integration/tests/data_streams/data_stream_details.spec.ts b/x-pack/test/dataset_quality_api_integration/tests/data_streams/data_stream_details.spec.ts
index 44e1dc08689b2..0c9297ab0d426 100644
--- a/x-pack/test/dataset_quality_api_integration/tests/data_streams/data_stream_details.spec.ts
+++ b/x-pack/test/dataset_quality_api_integration/tests/data_streams/data_stream_details.spec.ts
@@ -8,9 +8,7 @@
 import { log, timerange } from '@kbn/apm-synthtrace-client';
 import expect from '@kbn/expect';
 import { DatasetQualityApiClientKey } from '../../common/config';
-import { DatasetQualityApiError } from '../../common/dataset_quality_api_supertest';
 import { FtrProviderContext } from '../../common/ftr_provider_context';
-import { expectToReject } from '../../utils';
 
 export default function ApiTest({ getService }: FtrProviderContext) {
   const registry = getService('registry');
@@ -62,30 +60,6 @@ export default function ApiTest({ getService }: FtrProviderContext) {
         ]);
       });
 
-      it('returns lastActivity as undefined when user does not have access to the data stream', async () => {
-        const resp = await callApiAs('viewerUser', `${type}-${dataset}-${namespace}`);
-        expect(resp.body.lastActivity).to.be(undefined);
-
-        // userPrivileges.canMonitor should be false for readUser
-        expect(resp.body.userPrivileges?.canMonitor).to.be(false);
-      });
-
-      it('returns error when dataStream param is not provided', async () => {
-        const expectedMessage = 'Data Stream name cannot be empty';
-        const err = await expectToReject<DatasetQualityApiError>(() =>
-          callApiAs('datasetQualityMonitorUser', encodeURIComponent(' '))
-        );
-        expect(err.res.status).to.be(400);
-        expect(err.res.body.message.indexOf(expectedMessage)).to.greaterThan(-1);
-      });
-
-      it('returns {} if matching data stream is not available', async () => {
-        const nonExistentDataSet = 'Non-existent';
-        const nonExistentDataStream = `${type}-${nonExistentDataSet}-${namespace}`;
-        const resp = await callApiAs('datasetQualityMonitorUser', nonExistentDataStream);
-        expect(resp.body).empty();
-      });
-
       it('returns "sizeBytes" correctly', async () => {
         const resp = await callApiAs(
           'datasetQualityMonitorUser',
@@ -95,15 +69,6 @@ export default function ApiTest({ getService }: FtrProviderContext) {
         expect(resp.body.sizeBytes).to.be.greaterThan(0);
       });
 
-      it('returns service.name and host.name correctly', async () => {
-        const resp = await callApiAs(
-          'datasetQualityMonitorUser',
-          `${type}-${dataset}-${namespace}`
-        );
-        expect(resp.body.services).to.eql({ ['service.name']: [serviceName] });
-        expect(resp.body.hosts?.['host.name']).to.eql([hostName]);
-      });
-
       after(async () => {
         await synthtrace.clean();
       });
diff --git a/x-pack/test/dataset_quality_api_integration/tests/data_streams/degraded_docs.spec.ts b/x-pack/test/dataset_quality_api_integration/tests/data_streams/degraded_docs.spec.ts
deleted file mode 100644
index 60aeef1af9c93..0000000000000
--- a/x-pack/test/dataset_quality_api_integration/tests/data_streams/degraded_docs.spec.ts
+++ /dev/null
@@ -1,198 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { log, timerange } from '@kbn/apm-synthtrace-client';
-import expect from '@kbn/expect';
-import rison from '@kbn/rison';
-import { DatasetQualityApiClientKey } from '../../common/config';
-import { FtrProviderContext } from '../../common/ftr_provider_context';
-
-export default function ApiTest({ getService }: FtrProviderContext) {
-  const registry = getService('registry');
-  const synthtrace = getService('logSynthtraceEsClient');
-  const datasetQualityApiClient = getService('datasetQualityApiClient');
-  const start = '2023-12-11T18:00:00.000Z';
-  const end = '2023-12-11T18:01:00.000Z';
-
-  async function callApiAs(user: DatasetQualityApiClientKey) {
-    return await datasetQualityApiClient[user]({
-      endpoint: 'GET /internal/dataset_quality/data_streams/degraded_docs',
-      params: {
-        query: {
-          types: rison.encodeArray(['logs']),
-          start,
-          end,
-        },
-      },
-    });
-  }
-
-  registry.when('Degraded docs', { config: 'basic' }, () => {
-    describe('and there are log documents', () => {
-      before(async () => {
-        await synthtrace.index([
-          timerange(start, end)
-            .interval('1m')
-            .rate(1)
-            .generator((timestamp) =>
-              log
-                .create()
-                .message('This is a log message')
-                .timestamp(timestamp)
-                .dataset('synth.1')
-                .defaults({
-                  'log.file.path': '/my-service.log',
-                })
-            ),
-          timerange(start, end)
-            .interval('1m')
-            .rate(1)
-            .generator((timestamp) =>
-              log
-                .create()
-                .message('This is a log message')
-                .timestamp(timestamp)
-                .dataset('synth.2')
-                .logLevel(MORE_THAN_1024_CHARS)
-                .defaults({
-                  'log.file.path': '/my-service.log',
-                })
-            ),
-        ]);
-      });
-
-      it('returns stats correctly', async () => {
-        const stats = await callApiAs('datasetQualityMonitorUser');
-        expect(stats.body.degradedDocs.length).to.be(1);
-
-        const degradedDocsStats = stats.body.degradedDocs.reduce(
-          (acc, curr) => ({
-            ...acc,
-            [curr.dataset]: {
-              count: curr.count,
-            },
-          }),
-          {} as Record<string, { count: number }>
-        );
-
-        expect(degradedDocsStats['logs-synth.2-default']).to.eql({
-          count: 1,
-        });
-      });
-
-      after(async () => {
-        await synthtrace.clean();
-      });
-    });
-
-    describe('and there are not log documents', () => {
-      it('returns stats correctly', async () => {
-        const stats = await callApiAs('datasetQualityMonitorUser');
-
-        expect(stats.body.degradedDocs.length).to.be(0);
-      });
-    });
-
-    describe('when there are data streams of different spaces', () => {
-      const spaces = ['default', 'space1', 'space2'];
-      const datasetsWithNoDegradedDocs = ['nginx.access', 'apache.access', 'mysql.access'];
-      const datasetsWithDegradedDocs = ['nginx.error', 'apache.error', 'mysql.error'];
-
-      before(async () => {
-        for (const space of spaces) {
-          for (const dataset of datasetsWithNoDegradedDocs) {
-            await synthtrace.index([
-              timerange(start, end)
-                .interval('1m')
-                .rate(1)
-                .generator((timestamp) =>
-                  log
-                    .create()
-                    .message('This is a log message')
-                    .timestamp(timestamp)
-                    .dataset(dataset)
-                    .namespace(space)
-                ),
-            ]);
-          }
-
-          for (const dataset of datasetsWithDegradedDocs) {
-            await synthtrace.index([
-              timerange(start, end)
-                .interval('1m')
-                .rate(2)
-                .generator((timestamp: number, index: number) =>
-                  log
-                    .create()
-                    .message('This is a log message')
-                    .timestamp(timestamp)
-                    .dataset(dataset)
-                    .namespace(space)
-                    .logLevel(index % 2 === 0 ? MORE_THAN_1024_CHARS : 'This is a log message')
-                ),
-            ]);
-          }
-        }
-      });
-
-      it('returns counts and list of datasets correctly', async () => {
-        const stats = await callApiAs('datasetQualityMonitorUser');
-        expect(stats.body.degradedDocs.length).to.be(9);
-
-        const expected = {
-          degradedDocs: [
-            {
-              dataset: 'logs-apache.error-default',
-              count: 1,
-            },
-            {
-              dataset: 'logs-apache.error-space1',
-              count: 1,
-            },
-            {
-              dataset: 'logs-apache.error-space2',
-              count: 1,
-            },
-            {
-              dataset: 'logs-mysql.error-default',
-              count: 1,
-            },
-            {
-              dataset: 'logs-mysql.error-space1',
-              count: 1,
-            },
-            {
-              dataset: 'logs-mysql.error-space2',
-              count: 1,
-            },
-            {
-              dataset: 'logs-nginx.error-default',
-              count: 1,
-            },
-            {
-              dataset: 'logs-nginx.error-space1',
-              count: 1,
-            },
-            {
-              dataset: 'logs-nginx.error-space2',
-              count: 1,
-            },
-          ],
-        };
-
-        expect(stats.body).to.eql(expected);
-      });
-
-      after(async () => {
-        await synthtrace.clean();
-      });
-    });
-  });
-}
-
-const MORE_THAN_1024_CHARS =
-  'Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum. Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium, totam rem aperiam, eaque ipsa quae ab illo inventore veritatis et quasi architecto beatae vitae dicta sunt explicabo. Nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit, sed quia consequuntur magni dolores eos qui ratione voluptatem sequi nesciunt. Neque porro quisquam est, qui dolorem ipsum quia dolor sit amet, consectetur, adipisci velit, sed quia non numquam eius modi tempora incidunt ut labore et dolore magnam aliquam quaerat voluptatem. Ut enim ad minima veniam, quis nostrum exercitationem ullam corporis suscipit laboriosam, nisi ut aliquid ex ea commodi consequatur? Quis autem vel eum iure reprehenderit qui in ea voluptate velit esse quam nihil molestiae consequatur, vel illum qui dolorem eum fugiat quo voluptas nulla pariatur?';
diff --git a/x-pack/test/dataset_quality_api_integration/tests/data_streams/degraded_field_values.spec.ts b/x-pack/test/dataset_quality_api_integration/tests/data_streams/degraded_field_values.spec.ts
deleted file mode 100644
index 6eae916116e5c..0000000000000
--- a/x-pack/test/dataset_quality_api_integration/tests/data_streams/degraded_field_values.spec.ts
+++ /dev/null
@@ -1,99 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { log, timerange } from '@kbn/apm-synthtrace-client';
-import expect from '@kbn/expect';
-import { DatasetQualityApiClientKey } from '../../common/config';
-import { FtrProviderContext } from '../../common/ftr_provider_context';
-
-const MORE_THAN_1024_CHARS =
-  'Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum. Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium, totam rem aperiam, eaque ipsa quae ab illo inventore veritatis et quasi architecto beatae vitae dicta sunt explicabo. Nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit, sed quia consequuntur magni dolores eos qui ratione voluptatem sequi nesciunt. Neque porro quisquam est, qui dolorem ipsum quia dolor sit amet, consectetur, adipisci velit, sed quia non numquam eius modi tempora incidunt ut labore et dolore magnam aliquam quaerat voluptatem. Ut enim ad minima veniam, quis nostrum exercitationem ullam corporis suscipit laboriosam, nisi ut aliquid ex ea commodi consequatur? Quis autem vel eum iure reprehenderit qui in ea voluptate velit esse quam nihil molestiae consequatur, vel illum qui dolorem eum fugiat quo voluptas nulla pariatur?';
-
-const ANOTHER_1024_CHARS =
-  'grape fig tangerine tangerine kiwi lemon papaya cherry nectarine papaya mango cherry nectarine fig cherry fig grape mango mango quince fig strawberry mango quince date kiwi quince raspberry apple kiwi banana quince fig papaya grape mango cherry banana mango cherry lemon cherry tangerine fig quince quince papaya tangerine grape strawberry banana kiwi grape mango papaya nectarine banana nectarine kiwi papaya lemon apple lemon orange fig cherry grape apple nectarine papaya orange fig papaya date mango papaya mango cherry tangerine papaya apple banana papaya cherry strawberry grape raspberry lemon date papaya mango kiwi cherry fig banana banana apple date strawberry mango tangerine date lemon kiwi quince date orange orange papaya date apple fig tangerine quince tangerine date papaya banana banana orange raspberry papaya apple nectarine lemon raspberry raspberry mango cherry kiwi cherry cherry nectarine cherry date strawberry banana orange mango mango tangerine quince papaya papaya kiwi papaya strawberry date mango';
-
-export default function ApiTest({ getService }: FtrProviderContext) {
-  const registry = getService('registry');
-  const synthtrace = getService('logSynthtraceEsClient');
-  const datasetQualityApiClient = getService('datasetQualityApiClient');
-  const start = '2024-08-28T08:00:00.000Z';
-  const end = '2024-08-28T08:02:00.000Z';
-  const degradedFieldDataset = 'nginx.error';
-  const degradedFieldsDatastream = 'logs-nginx.error-default';
-  const degradedFieldName = 'test_field';
-  const regularFieldName = 'service.name';
-  const serviceName = 'my-service';
-
-  async function callApiAs({
-    user,
-    dataStream,
-    degradedField,
-  }: {
-    user: DatasetQualityApiClientKey;
-    dataStream: string;
-    degradedField: string;
-  }) {
-    return await datasetQualityApiClient[user]({
-      endpoint:
-        'GET /internal/dataset_quality/data_streams/{dataStream}/degraded_field/{degradedField}/values',
-      params: {
-        path: {
-          dataStream,
-          degradedField,
-        },
-      },
-    });
-  }
-
-  registry.when('Degraded Fields Values per field', { config: 'basic' }, () => {
-    describe('gets the degraded fields values for a given field', () => {
-      before(async () => {
-        await synthtrace.index([
-          timerange(start, end)
-            .interval('1m')
-            .rate(1)
-            .generator((timestamp) =>
-              log
-                .create()
-                .message('This is a error message')
-                .logLevel(MORE_THAN_1024_CHARS)
-                .timestamp(timestamp)
-                .dataset(degradedFieldDataset)
-                .defaults({
-                  'log.file.path': '/error.log',
-                  'service.name': serviceName + 1,
-                  'trace.id': MORE_THAN_1024_CHARS,
-                  test_field: [ANOTHER_1024_CHARS, 'hello world', MORE_THAN_1024_CHARS],
-                })
-            ),
-        ]);
-      });
-
-      after(async () => {
-        await synthtrace.clean();
-      });
-
-      it('returns no values when provided field has no degraded values', async () => {
-        const resp = await callApiAs({
-          user: 'datasetQualityMonitorUser',
-          dataStream: degradedFieldsDatastream,
-          degradedField: regularFieldName,
-        });
-        expect(resp.body.values.length).to.be(0);
-      });
-
-      it('returns values when provided field has degraded values', async () => {
-        const resp = await callApiAs({
-          user: 'datasetQualityMonitorUser',
-          dataStream: degradedFieldsDatastream,
-          degradedField: degradedFieldName,
-        });
-        expect(resp.body.values.length).to.be(2);
-      });
-    });
-  });
-}
diff --git a/x-pack/test/fleet_api_integration/apis/epm/install_with_streaming.ts b/x-pack/test/fleet_api_integration/apis/epm/install_with_streaming.ts
index 4fa0e485be2b5..95968cd519768 100644
--- a/x-pack/test/fleet_api_integration/apis/epm/install_with_streaming.ts
+++ b/x-pack/test/fleet_api_integration/apis/epm/install_with_streaming.ts
@@ -36,8 +36,7 @@ export default function (providerContext: FtrProviderContext) {
     return res?._source?.['epm-packages'] as Installation;
   };
 
-  // Failing: See https://github.com/elastic/kibana/issues/199701
-  describe.skip('Installs a package using stream-based approach', () => {
+  describe('Installs a package using stream-based approach', () => {
     skipIfNoDockerRegistry(providerContext);
 
     before(async () => {
@@ -50,7 +49,8 @@ export default function (providerContext: FtrProviderContext) {
         await uninstallPackage('security_detection_engine', '8.16.0');
       });
       it('should install security-rule assets from the package', async () => {
-        await installPackage('security_detection_engine', '8.16.0').expect(200);
+        // Force install to install an outdatded version
+        await installPackage('security_detection_engine', '8.16.0', { force: true }).expect(200);
         const installationSO = await getInstallationSavedObject('security_detection_engine');
         expect(installationSO?.installed_kibana).toEqual(
           expect.arrayContaining([
diff --git a/x-pack/test/fleet_api_integration/apis/event_ingested/index.js b/x-pack/test/fleet_api_integration/apis/event_ingested/index.js
new file mode 100644
index 0000000000000..c6c76ca423b5f
--- /dev/null
+++ b/x-pack/test/fleet_api_integration/apis/event_ingested/index.js
@@ -0,0 +1,17 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { setupTestUsers } from '../test_users';
+
+export default function loadTests({ loadTestFile, getService }) {
+  describe('Event Ingested', () => {
+    before(async () => {
+      await setupTestUsers(getService('security'));
+    });
+    loadTestFile(require.resolve('./use_event_ingested'));
+  });
+}
diff --git a/x-pack/test/fleet_api_integration/apis/event_ingested/use_event_ingested.ts b/x-pack/test/fleet_api_integration/apis/event_ingested/use_event_ingested.ts
new file mode 100644
index 0000000000000..7badbedbd77ba
--- /dev/null
+++ b/x-pack/test/fleet_api_integration/apis/event_ingested/use_event_ingested.ts
@@ -0,0 +1,197 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import expect from '@kbn/expect';
+import { FtrProviderContext } from '../../../api_integration/ftr_provider_context';
+import { skipIfNoDockerRegistry } from '../../helpers';
+import { testUsers } from '../test_users';
+
+const TEST_INDEX = 'logs-log.log-test';
+
+const FLEET_EVENT_INGESTED_PIPELINE_ID = '.fleet_event_ingested_pipeline-1';
+
+// TODO: Use test package or move to input package version github.com/elastic/kibana/issues/154243
+const LOG_INTEGRATION_VERSION = '1.1.2';
+
+const FLEET_EVENT_INGESTED_PIPELINE_VERSION = 1;
+
+export default function (providerContext: FtrProviderContext) {
+  const { getService } = providerContext;
+  const supertestWithoutAuth = getService('supertestWithoutAuth');
+  const es = getService('es');
+  const esArchiver = getService('esArchiver');
+  const fleetAndAgents = getService('fleetAndAgents');
+
+  describe('fleet_event_ingested_pipeline', () => {
+    skipIfNoDockerRegistry(providerContext);
+    before(async () => {
+      await esArchiver.load('x-pack/test/functional/es_archives/fleet/empty_fleet_server');
+      await fleetAndAgents.setup();
+      // Use the custom log package to test the fleet final pipeline
+      await supertestWithoutAuth
+        .post(`/api/fleet/epm/packages/log/${LOG_INTEGRATION_VERSION}`)
+        .auth(testUsers.fleet_all_int_all.username, testUsers.fleet_all_int_all.password)
+        .set('kbn-xsrf', 'xxxx')
+        .send({ force: true })
+        .expect(200);
+    });
+
+    after(async () => {
+      await supertestWithoutAuth
+        .delete(`/api/fleet/epm/packages/log/${LOG_INTEGRATION_VERSION}`)
+        .auth(testUsers.fleet_all_int_all.username, testUsers.fleet_all_int_all.password)
+        .set('kbn-xsrf', 'xxxx')
+        .send({ force: true })
+        .expect(200);
+      await esArchiver.unload('x-pack/test/functional/es_archives/fleet/empty_fleet_server');
+      const res = await es.search({
+        index: TEST_INDEX,
+      });
+
+      for (const hit of res.hits.hits) {
+        await es.delete({
+          id: hit._id!,
+          index: hit._index,
+        });
+      }
+    });
+
+    it('should correctly update the event ingested pipeline', async () => {
+      await es.ingest.putPipeline({
+        id: FLEET_EVENT_INGESTED_PIPELINE_ID,
+        body: {
+          description: 'Test PIPELINE WITHOUT version',
+          processors: [
+            {
+              set: {
+                field: 'my-keyword-field',
+                value: 'foo',
+              },
+            },
+          ],
+        },
+      });
+      await supertestWithoutAuth
+        .post(`/api/fleet/setup`)
+        .auth(testUsers.fleet_all_int_all.username, testUsers.fleet_all_int_all.password)
+        .set('kbn-xsrf', 'xxxx');
+      const pipelineRes = await es.ingest.getPipeline({ id: FLEET_EVENT_INGESTED_PIPELINE_ID });
+      expect(pipelineRes).to.have.property(FLEET_EVENT_INGESTED_PIPELINE_ID);
+      expect(pipelineRes[FLEET_EVENT_INGESTED_PIPELINE_ID].version).to.be(1);
+    });
+
+    it('should correctly setup the event ingested pipeline and apply to fleet managed index template', async () => {
+      const pipelineRes = await es.ingest.getPipeline({ id: FLEET_EVENT_INGESTED_PIPELINE_ID });
+      expect(pipelineRes).to.have.property(FLEET_EVENT_INGESTED_PIPELINE_ID);
+      const res = await es.indices.getIndexTemplate({ name: 'logs-log.log' });
+      expect(res.index_templates.length).to.be(FLEET_EVENT_INGESTED_PIPELINE_VERSION);
+      expect(res.index_templates[0]?.index_template?.composed_of).to.contain('ecs@mappings');
+      expect(res.index_templates[0]?.index_template?.composed_of).to.contain('.fleet_globals-1');
+      expect(res.index_templates[0]?.index_template?.composed_of).to.contain(
+        '.fleet_event_ingested-1'
+      );
+    });
+
+    it('all docs should contain event.ingested without sub-seconds', async () => {
+      const res = await es.index({
+        index: 'logs-log.log-test',
+        body: {
+          '@timestamp': '2020-01-01T09:09:00',
+          message: 'hello',
+        },
+      });
+
+      const doc = await es.get({
+        id: res._id,
+        index: res._index,
+      });
+      // @ts-expect-error
+      const ingestTimestamp = doc._source.event.ingested;
+
+      // 2021-06-30T12:06:28Z
+      expect(ingestTimestamp).to.match(/^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}Z$/);
+    });
+
+    it('should remove agent_id_status', async () => {
+      const res = await es.index({
+        index: 'logs-log.log-test',
+        body: {
+          message: 'message-test-1',
+          '@timestamp': '2020-01-01T09:09:00',
+          agent: {
+            id: 'agent1',
+          },
+          event: {
+            agent_id_status: 'dummy',
+          },
+        },
+      });
+
+      const doc = await es.get({
+        id: res._id,
+        index: res._index,
+      });
+      // @ts-expect-error
+      const event = doc._source.event;
+
+      expect(event.agent_id_status).to.be(undefined);
+      expect(event).to.have.property('ingested');
+    });
+
+    it('removes event.original if preserve_original_event is not set', async () => {
+      const res = await es.index({
+        index: 'logs-log.log-test',
+        body: {
+          message: 'message-test-1',
+          event: {
+            original: JSON.stringify({ foo: 'bar' }),
+          },
+          '@timestamp': '2023-01-01T09:00:00',
+          tags: [],
+          agent: {
+            id: 'agent1',
+          },
+        },
+      });
+
+      const doc: any = await es.get({
+        id: res._id,
+        index: res._index,
+      });
+
+      const event = doc._source.event;
+
+      expect(event.original).to.be(undefined);
+    });
+
+    it('preserves event.original if preserve_original_event is set', async () => {
+      const res = await es.index({
+        index: 'logs-log.log-test',
+        body: {
+          message: 'message-test-1',
+          event: {
+            original: JSON.stringify({ foo: 'bar' }),
+          },
+          '@timestamp': '2023-01-01T09:00:00',
+          tags: ['preserve_original_event'],
+          agent: {
+            id: 'agent1',
+          },
+        },
+      });
+
+      const doc: any = await es.get({
+        id: res._id,
+        index: res._index,
+      });
+
+      const event = doc._source.event;
+
+      expect(event.original).to.eql(JSON.stringify({ foo: 'bar' }));
+    });
+  });
+}
diff --git a/x-pack/test/fleet_api_integration/apis/space_awareness/change_space_agent_policies.ts b/x-pack/test/fleet_api_integration/apis/space_awareness/change_space_agent_policies.ts
index 4d1d08ac7b35c..df3aa6f8f257b 100644
--- a/x-pack/test/fleet_api_integration/apis/space_awareness/change_space_agent_policies.ts
+++ b/x-pack/test/fleet_api_integration/apis/space_awareness/change_space_agent_policies.ts
@@ -109,18 +109,29 @@ export default function (providerContext: FtrProviderContext) {
           })
           .catch(() => {});
       });
-      async function assertPolicyAvailableInSpace(spaceId?: string) {
-        await apiClient.getAgentPolicy(defaultSpacePolicy1.item.id, spaceId);
+
+      async function assertPackagePolicyAvailableInSpace(spaceId?: string) {
         await apiClient.getPackagePolicy(defaultPackagePolicy1.item.id, spaceId);
+      }
+
+      async function assertPackagePolicyNotAvailableInSpace(spaceId?: string) {
+        await expectToRejectWithNotFound(() =>
+          apiClient.getPackagePolicy(defaultPackagePolicy1.item.id, spaceId)
+        );
+      }
+
+      async function assertAgentPolicyAvailableInSpace(policyId: string, spaceId?: string) {
+        await apiClient.getAgentPolicy(policyId, spaceId);
         const enrollmentApiKeys = await apiClient.getEnrollmentApiKeys(spaceId);
-        expect(
-          enrollmentApiKeys.items.find((item) => item.policy_id === defaultSpacePolicy1.item.id)
-        ).not.to.be(undefined);
+        expect(enrollmentApiKeys.items.find((item) => item.policy_id === policyId)).not.to.be(
+          undefined
+        );
 
         const agents = await apiClient.getAgents(spaceId);
-        expect(
-          agents.items.filter((a) => a.policy_id === defaultSpacePolicy1.item.id).length
-        ).to.be(1);
+        expect(agents.items.filter((a) => a.policy_id === policyId).length).to.be(1);
+
+        const uninstallTokens = await apiClient.getUninstallTokens(spaceId);
+        expect(uninstallTokens.items.filter((t) => t.policy_id === policyId).length).to.be(1);
       }
 
       async function assertEnrollemntApiKeysForSpace(spaceId?: string, policyIds?: string[]) {
@@ -136,23 +147,19 @@ export default function (providerContext: FtrProviderContext) {
         expect([...foundPolicyIds].sort()).to.eql(policyIds?.sort());
       }
 
-      async function assertPolicyNotAvailableInSpace(spaceId?: string) {
-        await expectToRejectWithNotFound(() =>
-          apiClient.getPackagePolicy(defaultPackagePolicy1.item.id, spaceId)
-        );
-        await expectToRejectWithNotFound(() =>
-          apiClient.getAgentPolicy(defaultSpacePolicy1.item.id, spaceId)
-        );
+      async function assertAgentPolicyNotAvailableInSpace(policyId: string, spaceId?: string) {
+        await expectToRejectWithNotFound(() => apiClient.getAgentPolicy(policyId, spaceId));
 
         const enrollmentApiKeys = await apiClient.getEnrollmentApiKeys(spaceId);
-        expect(
-          enrollmentApiKeys.items.find((item) => item.policy_id === defaultSpacePolicy1.item.id)
-        ).to.be(undefined);
+        expect(enrollmentApiKeys.items.find((item) => item.policy_id === policyId)).to.be(
+          undefined
+        );
 
         const agents = await apiClient.getAgents(spaceId);
-        expect(
-          agents.items.filter((a) => a.policy_id === defaultSpacePolicy1.item.id).length
-        ).to.be(0);
+        expect(agents.items.filter((a) => a.policy_id === policyId).length).to.be(0);
+
+        const uninstallTokens = await apiClient.getUninstallTokens(spaceId);
+        expect(uninstallTokens.items.filter((t) => t.policy_id === policyId).length).to.be(0);
       }
 
       async function assertAgentSpaces(agentId: string, expectedSpaces: string[]) {
@@ -173,8 +180,11 @@ export default function (providerContext: FtrProviderContext) {
           space_ids: ['default', TEST_SPACE_1],
         });
 
-        await assertPolicyAvailableInSpace();
-        await assertPolicyAvailableInSpace(TEST_SPACE_1);
+        await assertAgentPolicyAvailableInSpace(defaultSpacePolicy1.item.id);
+        await assertAgentPolicyAvailableInSpace(defaultSpacePolicy1.item.id, TEST_SPACE_1);
+
+        await assertPackagePolicyAvailableInSpace();
+        await assertPackagePolicyAvailableInSpace(TEST_SPACE_1);
 
         await assertAgentSpaces(policy1AgentId, ['default', TEST_SPACE_1]);
         await assertAgentSpaces(policy2AgentId, ['default']);
@@ -184,6 +194,9 @@ export default function (providerContext: FtrProviderContext) {
           defaultSpacePolicy2.item.id,
         ]);
         await assertEnrollemntApiKeysForSpace(TEST_SPACE_1, [defaultSpacePolicy1.item.id]);
+        // Ensure no side effect on other policies
+        await assertAgentPolicyAvailableInSpace(defaultSpacePolicy2.item.id);
+        await assertAgentPolicyNotAvailableInSpace(defaultSpacePolicy2.item.id, TEST_SPACE_1);
       });
 
       it('should allow set policy in test space only', async () => {
@@ -194,12 +207,17 @@ export default function (providerContext: FtrProviderContext) {
           space_ids: [TEST_SPACE_1],
         });
 
-        await assertPolicyNotAvailableInSpace();
-        await assertPolicyAvailableInSpace(TEST_SPACE_1);
+        await assertAgentPolicyNotAvailableInSpace(defaultSpacePolicy1.item.id);
+        await assertAgentPolicyAvailableInSpace(defaultSpacePolicy1.item.id, TEST_SPACE_1);
+        await assertPackagePolicyAvailableInSpace(TEST_SPACE_1);
+        await assertPackagePolicyNotAvailableInSpace();
         await assertAgentSpaces(policy1AgentId, [TEST_SPACE_1]);
         await assertAgentSpaces(policy2AgentId, ['default']);
         await assertEnrollemntApiKeysForSpace('default', [defaultSpacePolicy2.item.id]);
         await assertEnrollemntApiKeysForSpace(TEST_SPACE_1, [defaultSpacePolicy1.item.id]);
+        // Ensure no side effect on other policies
+        await assertAgentPolicyAvailableInSpace(defaultSpacePolicy2.item.id);
+        await assertAgentPolicyNotAvailableInSpace(defaultSpacePolicy2.item.id, TEST_SPACE_1);
       });
 
       it('should not allow add policy to a space where user do not have access', async () => {
diff --git a/x-pack/test/fleet_api_integration/config.event_ingested.ts b/x-pack/test/fleet_api_integration/config.event_ingested.ts
new file mode 100644
index 0000000000000..cbdf4d501e1d2
--- /dev/null
+++ b/x-pack/test/fleet_api_integration/config.event_ingested.ts
@@ -0,0 +1,30 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { FtrConfigProviderContext } from '@kbn/test';
+
+export default async function ({ readConfigFile }: FtrConfigProviderContext) {
+  const baseFleetApiConfig = await readConfigFile(require.resolve('./config.base.ts'));
+  const serverArgs: string[] = [
+    ...baseFleetApiConfig.get('kbnTestServer.serverArgs'),
+    // serverless oblt needs only event.ingested, without agent id verification
+    `--xpack.fleet.agentIdVerificationEnabled=false`,
+    `--xpack.fleet.eventIngestedEnabled=true`,
+  ];
+
+  return {
+    ...baseFleetApiConfig.getAll(),
+    kbnTestServer: {
+      ...baseFleetApiConfig.get('kbnTestServer'),
+      serverArgs,
+    },
+    testFiles: [require.resolve('./apis/event_ingested')],
+    junit: {
+      reportName: 'X-Pack Event Ingested API Integration Tests',
+    },
+  };
+}
diff --git a/x-pack/test/functional/apps/aiops/change_point_detection.ts b/x-pack/test/functional/apps/aiops/change_point_detection.ts
index 22177a0a9166d..c0ac744e687b5 100644
--- a/x-pack/test/functional/apps/aiops/change_point_detection.ts
+++ b/x-pack/test/functional/apps/aiops/change_point_detection.ts
@@ -7,11 +7,13 @@
 
 import expect from '@kbn/expect';
 import { FtrProviderContext } from '../../ftr_provider_context';
+import { USER } from '../../services/ml/security_common';
 
 export default function ({ getPageObjects, getService }: FtrProviderContext) {
   const elasticChart = getService('elasticChart');
   const esArchiver = getService('esArchiver');
   const aiops = getService('aiops');
+  const cases = getService('cases');
 
   // aiops lives in the ML UI so we need some related services.
   const ml = getService('ml');
@@ -26,6 +28,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) {
 
     after(async () => {
       await ml.testResources.deleteDataViewByTitle('ft_ecommerce');
+      await cases.api.deleteAllCases();
     });
 
     it(`loads the change point detection page`, async () => {
@@ -108,5 +111,26 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) {
         maxSeries: 1,
       });
     });
+
+    it('attaches change point charts to a case', async () => {
+      await ml.navigation.navigateToMl();
+      await elasticChart.setNewChartUiDebugFlag(true);
+      await aiops.changePointDetectionPage.navigateToDataViewSelection();
+      await ml.jobSourceSelection.selectSourceForChangePointDetection('ft_ecommerce');
+      await aiops.changePointDetectionPage.assertChangePointDetectionPageExists();
+
+      await aiops.changePointDetectionPage.clickUseFullDataButton();
+      await aiops.changePointDetectionPage.selectMetricField(0, 'products.discount_amount');
+
+      const caseParams = {
+        title: 'ML Change Point Detection case',
+        description: 'Case with a change point detection attachment',
+        tag: 'ml_change_point_detection',
+        reporter: USER.ML_POWERUSER,
+      };
+
+      await aiops.changePointDetectionPage.attachChartsToCases(0, caseParams);
+      await ml.cases.assertCaseWithChangePointDetectionChartsAttachment(caseParams);
+    });
   });
 }
diff --git a/x-pack/test/functional/apps/aiops/log_pattern_analysis.ts b/x-pack/test/functional/apps/aiops/log_pattern_analysis.ts
index 4cfca6d4d82b5..b056b3d6ec8fb 100644
--- a/x-pack/test/functional/apps/aiops/log_pattern_analysis.ts
+++ b/x-pack/test/functional/apps/aiops/log_pattern_analysis.ts
@@ -6,6 +6,7 @@
  */
 
 import { FtrProviderContext } from '../../ftr_provider_context';
+import { USER } from '../../services/ml/security_common';
 
 export default function ({ getPageObjects, getService }: FtrProviderContext) {
   const elasticChart = getService('elasticChart');
@@ -16,6 +17,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) {
   const ml = getService('ml');
   const selectedField = '@message';
   const totalDocCount = 14005;
+  const cases = getService('cases');
 
   async function retrySwitchTab(tabIndex: number, seconds: number) {
     await retry.tryForTime(seconds * 1000, async () => {
@@ -43,6 +45,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) {
 
     after(async () => {
       await ml.testResources.deleteDataViewByTitle('logstash-*');
+      await cases.api.deleteAllCases();
     });
 
     it(`loads the log pattern analysis page and filters in patterns in discover`, async () => {
@@ -97,5 +100,44 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) {
       // ensure the discover doc count is greater than 0
       await aiops.logPatternAnalysisPage.assertDiscoverDocCountGreaterThan(0);
     });
+
+    it('attaches log pattern analysis table to a dashboard', async () => {
+      // Start navigation from the base of the ML app.
+      await ml.navigation.navigateToMl();
+      await elasticChart.setNewChartUiDebugFlag(true);
+      await aiops.logPatternAnalysisPage.navigateToDataViewSelection();
+      await ml.jobSourceSelection.selectSourceForLogPatternAnalysisDetection('logstash-*');
+      await aiops.logPatternAnalysisPage.assertLogPatternAnalysisPageExists();
+
+      await aiops.logPatternAnalysisPage.clickUseFullDataButton(totalDocCount);
+      await aiops.logPatternAnalysisPage.selectCategoryField(selectedField);
+      await aiops.logPatternAnalysisPage.clickRunButton();
+
+      await aiops.logPatternAnalysisPage.attachToDashboard();
+    });
+
+    it('attaches log pattern analysis table to a case', async () => {
+      // Start navigation from the base of the ML app.
+      await ml.navigation.navigateToMl();
+      await elasticChart.setNewChartUiDebugFlag(true);
+      await aiops.logPatternAnalysisPage.navigateToDataViewSelection();
+      await ml.jobSourceSelection.selectSourceForLogPatternAnalysisDetection('logstash-*');
+      await aiops.logPatternAnalysisPage.assertLogPatternAnalysisPageExists();
+
+      await aiops.logPatternAnalysisPage.clickUseFullDataButton(totalDocCount);
+      await aiops.logPatternAnalysisPage.selectCategoryField(selectedField);
+      await aiops.logPatternAnalysisPage.clickRunButton();
+
+      const caseParams = {
+        title: 'ML Log pattern analysis case',
+        description: 'Case with a log pattern analysis attachment',
+        tag: 'ml_log_pattern_analysis',
+        reporter: USER.ML_POWERUSER,
+      };
+
+      await aiops.logPatternAnalysisPage.attachToCase(caseParams);
+
+      await ml.cases.assertCaseWithLogPatternAnalysisAttachment(caseParams);
+    });
   });
 }
diff --git a/x-pack/test/functional/apps/index_management/index_template_wizard.ts b/x-pack/test/functional/apps/index_management/index_template_wizard.ts
index cf6f1bf6a44a1..581a0b2761644 100644
--- a/x-pack/test/functional/apps/index_management/index_template_wizard.ts
+++ b/x-pack/test/functional/apps/index_management/index_template_wizard.ts
@@ -107,6 +107,76 @@ export default ({ getPageObjects, getService }: FtrProviderContext) => {
       });
     });
 
+    // https://github.com/elastic/kibana/pull/195174
+    it('can preview index template that matches a_fake_index_pattern_that_wont_match_any_indices', async () => {
+      // Click Create Template button
+      await testSubjects.click('createTemplateButton');
+      const pageTitleText = await testSubjects.getVisibleText('pageTitle');
+      expect(pageTitleText).to.be('Create template');
+
+      const stepTitle1 = await testSubjects.getVisibleText('stepTitle');
+      expect(stepTitle1).to.be('Logistics');
+
+      // Fill out required fields
+      await testSubjects.setValue('nameField', 'a-star');
+      await testSubjects.setValue('indexPatternsField', 'a*');
+      await testSubjects.setValue('priorityField', '1000');
+
+      // Click Next button
+      await pageObjects.indexManagement.clickNextButton();
+
+      // Verify empty prompt
+      const emptyPrompt = await testSubjects.exists('emptyPrompt');
+      expect(emptyPrompt).to.be(true);
+
+      // Click Next button
+      await pageObjects.indexManagement.clickNextButton();
+
+      // Verify step title
+      const stepTitle2 = await testSubjects.getVisibleText('stepTitle');
+      expect(stepTitle2).to.be('Index settings (optional)');
+
+      // Click Next button
+      await pageObjects.indexManagement.clickNextButton();
+
+      // Verify step title
+      const stepTitle3 = await testSubjects.getVisibleText('stepTitle');
+      expect(stepTitle3).to.be('Mappings (optional)');
+
+      // Click Next button
+      await pageObjects.indexManagement.clickNextButton();
+
+      // Verify step title
+      const stepTitle4 = await testSubjects.getVisibleText('stepTitle');
+      expect(stepTitle4).to.be('Aliases (optional)');
+
+      // Click Next button
+      await pageObjects.indexManagement.clickNextButton();
+
+      // Verify step title
+      const stepTitle = await testSubjects.getVisibleText('stepTitle');
+      expect(stepTitle).to.be("Review details for 'a-star'");
+
+      // Verify that summary exists
+      const summaryTabContent = await testSubjects.exists('summaryTabContent');
+      expect(summaryTabContent).to.be(true);
+
+      // Verify that index mode is set to "Standard"
+      expect(await testSubjects.exists('indexModeTitle')).to.be(true);
+      expect(await testSubjects.getVisibleText('indexModeValue')).to.be('Standard');
+
+      // Click Create template
+      await pageObjects.indexManagement.clickNextButton();
+
+      // Click preview tab, we know its the last one
+      const tabs = await testSubjects.findAll('tab');
+      await tabs[tabs.length - 1].click();
+      const templatePreview = await testSubjects.getVisibleText('simulateTemplatePreview');
+      expect(templatePreview).to.not.contain('error');
+
+      await testSubjects.click('closeDetailsButton');
+    });
+
     describe('Mappings step', () => {
       beforeEach(async () => {
         await pageObjects.common.navigateToApp('indexManagement');
diff --git a/x-pack/test/functional/apps/lens/group1/smokescreen.ts b/x-pack/test/functional/apps/lens/group1/smokescreen.ts
index dbe48cdd395da..68d9f1ee9345d 100644
--- a/x-pack/test/functional/apps/lens/group1/smokescreen.ts
+++ b/x-pack/test/functional/apps/lens/group1/smokescreen.ts
@@ -23,7 +23,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
     it('should allow creation of lens xy chart', async () => {
       await visualize.navigateToNewVisualization();
       await visualize.clickVisType('lens');
-      await lens.goToTimeRange();
 
       await lens.configureDimension({
         dimension: 'lnsXY_xDimensionPanel > lns-empty-dimension',
@@ -60,7 +59,7 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
       await visualize.gotoVisualizationLandingPage();
       await listingTable.searchForItemWithName('Afancilenstest');
       await lens.clickVisualizeListItemTitle('Afancilenstest');
-      await lens.goToTimeRange();
+
       await lens.waitForVisualization('xyVisChart');
 
       expect(await lens.getTitle()).to.eql('Afancilenstest');
@@ -75,7 +74,7 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
       await visualize.gotoVisualizationLandingPage();
       await listingTable.searchForItemWithName('lnsXYvis');
       await lens.clickVisualizeListItemTitle('lnsXYvis');
-      await lens.goToTimeRange();
+
       // Change the IP field to filters
       await lens.configureDimension({
         dimension: 'lnsXY_splitDimensionPanel > lns-dimensionTrigger',
@@ -94,7 +93,7 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
       await visualize.gotoVisualizationLandingPage();
       await listingTable.searchForItemWithName('Artistpreviouslyknownaslens');
       await lens.clickVisualizeListItemTitle('Artistpreviouslyknownaslens');
-      await lens.goToTimeRange();
+
       await lens.assertLegacyMetric('Maximum of bytes', '19,986');
       await lens.switchToVisualization('lnsDatatable');
       expect(await lens.getDatatableHeaderText()).to.eql('Maximum of bytes');
@@ -106,7 +105,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
     it('should transition from a multi-layer stacked bar to a multi-layer line chart and correctly remove all layers', async () => {
       await visualize.navigateToNewVisualization();
       await visualize.clickVisType('lens');
-      await lens.goToTimeRange();
 
       await lens.configureDimension({
         dimension: 'lnsXY_xDimensionPanel > lns-empty-dimension',
@@ -150,7 +148,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
     it('should transition selected layer in a multi layer bar using layer chart switch', async () => {
       await visualize.navigateToNewVisualization();
       await visualize.clickVisType('lens');
-      await lens.goToTimeRange();
 
       await lens.configureDimension({
         dimension: 'lnsXY_xDimensionPanel > lns-empty-dimension',
@@ -197,7 +194,7 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
       await visualize.gotoVisualizationLandingPage();
       await listingTable.searchForItemWithName('lnsXYvis');
       await lens.clickVisualizeListItemTitle('lnsXYvis');
-      await lens.goToTimeRange();
+
       await lens.removeDimension('lnsXY_splitDimensionPanel');
       await lens.switchToVisualization('line');
       await lens.configureDimension({
@@ -255,7 +252,7 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
       await visualize.navigateToNewVisualization();
       await visualize.clickVisType('lens');
       await elasticChart.setNewChartUiDebugFlag(true);
-      await lens.goToTimeRange();
+
       await lens.switchToVisualization('bar');
 
       await lens.configureDimension({
@@ -323,7 +320,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
     it('should transition from a multi-layer stacked bar to treemap chart using suggestions', async () => {
       await visualize.navigateToNewVisualization();
       await visualize.clickVisType('lens');
-      await lens.goToTimeRange();
 
       await lens.configureDimension({
         dimension: 'lnsXY_xDimensionPanel > lns-empty-dimension',
@@ -367,7 +363,7 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
       await visualize.gotoVisualizationLandingPage();
       await listingTable.searchForItemWithName('lnsXYvis');
       await lens.clickVisualizeListItemTitle('lnsXYvis');
-      await lens.goToTimeRange();
+
       expect(await lens.hasChartSwitchWarning('pie')).to.eql(true);
       await lens.switchToVisualization('pie');
 
@@ -394,7 +390,7 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
       await visualize.gotoVisualizationLandingPage();
       await listingTable.searchForItemWithName('lnsXYvis');
       await lens.clickVisualizeListItemTitle('lnsXYvis');
-      await lens.goToTimeRange();
+
       await lens.switchToVisualization('line');
       expect(await lens.getTitle()).to.eql('lnsXYvis');
       expect(await lens.getDimensionTriggerText('lnsXY_xDimensionPanel')).to.eql('@timestamp');
@@ -410,7 +406,7 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
       await visualize.gotoVisualizationLandingPage();
       await listingTable.searchForItemWithName('lnsPieVis');
       await lens.clickVisualizeListItemTitle('lnsPieVis');
-      await lens.goToTimeRange();
+
       expect(await lens.hasChartSwitchWarning('treemap')).to.eql(false);
       await lens.switchToVisualization('treemap');
       expect(await lens.getDimensionTriggersTexts('lnsPie_groupByDimensionPanel')).to.eql([
@@ -425,7 +421,7 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
     it('should create a pie chart and switch to datatable', async () => {
       await visualize.navigateToNewVisualization();
       await visualize.clickVisType('lens');
-      await lens.goToTimeRange();
+
       await lens.switchToVisualization('pie');
       await lens.configureDimension({
         dimension: 'lnsPie_sliceByDimensionPanel > lns-empty-dimension',
@@ -452,7 +448,7 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
     it('should create a heatmap chart and transition to barchart', async () => {
       await visualize.navigateToNewVisualization();
       await visualize.clickVisType('lens');
-      await lens.goToTimeRange();
+
       await lens.switchToVisualization('heatmap', 'heat');
 
       await lens.configureDimension({
@@ -482,7 +478,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
     it('should create a valid XY chart with references', async () => {
       await visualize.navigateToNewVisualization();
       await visualize.clickVisType('lens');
-      await lens.goToTimeRange();
 
       await lens.configureDimension({
         dimension: 'lnsXY_xDimensionPanel > lns-empty-dimension',
@@ -517,7 +512,7 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
     it('should allow formatting on references', async () => {
       await visualize.navigateToNewVisualization();
       await visualize.clickVisType('lens');
-      await lens.goToTimeRange();
+
       await lens.switchToVisualization('lnsDatatable');
 
       await lens.configureDimension({
@@ -563,7 +558,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
     it('should handle edge cases in reference-based operations', async () => {
       await visualize.navigateToNewVisualization();
       await visualize.clickVisType('lens');
-      await lens.goToTimeRange();
 
       await lens.configureDimension({
         dimension: 'lnsXY_xDimensionPanel > lns-empty-dimension',
@@ -596,7 +590,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
     it('should keep the field selection while transitioning to every reference-based operation', async () => {
       await visualize.navigateToNewVisualization();
       await visualize.clickVisType('lens');
-      await lens.goToTimeRange();
 
       await lens.configureDimension({
         dimension: 'lnsXY_xDimensionPanel > lns-empty-dimension',
@@ -633,7 +626,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
     it('should not leave an incomplete column in the visualization config with field-based operation', async () => {
       await visualize.navigateToNewVisualization();
       await visualize.clickVisType('lens');
-      await lens.goToTimeRange();
 
       await lens.configureDimension({
         dimension: 'lnsXY_yDimensionPanel > lns-empty-dimension',
@@ -646,7 +638,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
     it('should revert to previous configuration and not leave an incomplete column in the visualization config with reference-based operations', async () => {
       await visualize.navigateToNewVisualization();
       await visualize.clickVisType('lens');
-      await lens.goToTimeRange();
 
       await lens.configureDimension({
         dimension: 'lnsXY_xDimensionPanel > lns-empty-dimension',
@@ -682,7 +673,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
     it('should transition from unique count to last value', async () => {
       await visualize.navigateToNewVisualization();
       await visualize.clickVisType('lens');
-      await lens.goToTimeRange();
 
       await lens.configureDimension({
         dimension: 'lnsXY_yDimensionPanel > lns-empty-dimension',
@@ -715,7 +705,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
     it('should allow filtering by legend on an xy chart', async () => {
       await visualize.navigateToNewVisualization();
       await visualize.clickVisType('lens');
-      await lens.goToTimeRange();
 
       await lens.configureDimension({
         dimension: 'lnsXY_xDimensionPanel > lns-empty-dimension',
@@ -745,7 +734,7 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
     it('should allow filtering by legend on a pie chart', async () => {
       await visualize.navigateToNewVisualization();
       await visualize.clickVisType('lens');
-      await lens.goToTimeRange();
+
       await lens.switchToVisualization('pie');
 
       await lens.configureDimension({
diff --git a/x-pack/test/functional/apps/lens/group2/field_formatters.ts b/x-pack/test/functional/apps/lens/group2/field_formatters.ts
index 33c2c02e7b372..e5fe83c72cc45 100644
--- a/x-pack/test/functional/apps/lens/group2/field_formatters.ts
+++ b/x-pack/test/functional/apps/lens/group2/field_formatters.ts
@@ -20,7 +20,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
       before(async () => {
         await visualize.navigateToNewVisualization();
         await visualize.clickVisType('lens');
-        await lens.goToTimeRange();
         await lens.switchToVisualization('lnsDatatable');
       });
 
@@ -115,7 +114,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
       before(async () => {
         await visualize.navigateToNewVisualization();
         await visualize.clickVisType('lens');
-        await lens.goToTimeRange();
         await lens.switchToVisualization('lnsDatatable');
       });
 
@@ -189,7 +187,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
       before(async () => {
         await visualize.navigateToNewVisualization();
         await visualize.clickVisType('lens');
-        await lens.goToTimeRange();
         await lens.switchToVisualization('lnsDatatable');
       });
 
diff --git a/x-pack/test/functional/apps/lens/group2/fields_list.ts b/x-pack/test/functional/apps/lens/group2/fields_list.ts
index b08538829b13f..73e6a6035ca53 100644
--- a/x-pack/test/functional/apps/lens/group2/fields_list.ts
+++ b/x-pack/test/functional/apps/lens/group2/fields_list.ts
@@ -262,6 +262,7 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
           path: '/field-update-test',
           method: 'DELETE',
         });
+        await timePicker.setDefaultAbsoluteRangeViaUiSettings();
       });
 
       it('should show new fields Available fields', async () => {
diff --git a/x-pack/test/functional/apps/lens/group2/index.ts b/x-pack/test/functional/apps/lens/group2/index.ts
index 8d74dd4930b89..790e42162dc74 100644
--- a/x-pack/test/functional/apps/lens/group2/index.ts
+++ b/x-pack/test/functional/apps/lens/group2/index.ts
@@ -36,22 +36,21 @@ export default ({ getService, loadTestFile, getPageObjects }: FtrProviderContext
       fixtureDirs = localFixtures;
       indexPatternString = localIndexPatternString;
       await esNode.load(esArchive);
-      // changing the timepicker default here saves us from having to set it in Discover (~8s)
-      await timePicker.setDefaultAbsoluteRangeViaUiSettings();
       await kibanaServer.uiSettings.update({
         defaultIndex: indexPatternString,
         'dateFormat:tz': 'UTC',
       });
       await kibanaServer.importExport.load(fixtureDirs.lensBasic);
       await kibanaServer.importExport.load(fixtureDirs.lensDefault);
+      await timePicker.setDefaultAbsoluteRangeViaUiSettings();
     });
 
     after(async () => {
       await esNode.unload(esArchive);
-      await timePicker.resetDefaultAbsoluteRangeViaUiSettings();
       await kibanaServer.importExport.unload(fixtureDirs.lensBasic);
       await kibanaServer.importExport.unload(fixtureDirs.lensDefault);
       await kibanaServer.savedObjects.cleanStandardList();
+      await timePicker.resetDefaultAbsoluteRangeViaUiSettings();
     });
 
     // total run time ~ 16m 20s
diff --git a/x-pack/test/functional/apps/lens/group2/layer_actions.ts b/x-pack/test/functional/apps/lens/group2/layer_actions.ts
index cc301c2dd57e5..4417a5ecbadec 100644
--- a/x-pack/test/functional/apps/lens/group2/layer_actions.ts
+++ b/x-pack/test/functional/apps/lens/group2/layer_actions.ts
@@ -18,7 +18,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
     it('should allow creation of lens xy chart', async () => {
       await visualize.navigateToNewVisualization();
       await visualize.clickVisType('lens');
-      await lens.goToTimeRange();
 
       // check that no sampling info is shown in the dataView picker
       expect(await testSubjects.exists('lnsChangeIndexPatternSamplingInfo')).to.be(false);
@@ -188,7 +187,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
     it('should show visualization modifiers for layer settings when embedded in a dashboard', async () => {
       await visualize.navigateToNewVisualization();
       await visualize.clickVisType('lens');
-      await lens.goToTimeRange();
       // click on open layer settings
       await lens.openLayerContextMenu();
       await testSubjects.click('lnsLayerSettings');
diff --git a/x-pack/test/functional/apps/lens/group2/partition.ts b/x-pack/test/functional/apps/lens/group2/partition.ts
index f828c65eab284..a6a65fdac2aa3 100644
--- a/x-pack/test/functional/apps/lens/group2/partition.ts
+++ b/x-pack/test/functional/apps/lens/group2/partition.ts
@@ -16,7 +16,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
     before(async () => {
       await visualize.navigateToNewVisualization();
       await visualize.clickVisType('lens');
-      await lens.goToTimeRange();
     });
 
     it('should be able to nest up to 3 levels for Pie charts', async () => {
diff --git a/x-pack/test/functional/apps/lens/group2/persistent_context.ts b/x-pack/test/functional/apps/lens/group2/persistent_context.ts
index 0d34b0f68564d..6a6f56578882b 100644
--- a/x-pack/test/functional/apps/lens/group2/persistent_context.ts
+++ b/x-pack/test/functional/apps/lens/group2/persistent_context.ts
@@ -42,7 +42,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
         before(async () => {
           await visualize.navigateToNewVisualization();
           await visualize.clickVisType('lens');
-          await lens.goToTimeRange();
           await navigationalSearch.focus();
           await navigationalSearch.searchFor('type:lens lnsTableVis');
           await navigationalSearch.clickOnOption(0);
@@ -74,7 +73,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
           await visualize.gotoVisualizationLandingPage();
           await listingTable.searchForItemWithName('lnsTableVis');
           await lens.clickVisualizeListItemTitle('lnsTableVis');
-          await lens.goToTimeRange();
           await navigationalSearch.focus();
           await navigationalSearch.searchFor('type:application lens');
           await navigationalSearch.clickOnOption(0);
@@ -109,7 +107,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
         await visualize.gotoVisualizationLandingPage();
         await listingTable.searchForItemWithName('lnsTableVis');
         await lens.clickVisualizeListItemTitle('lnsTableVis');
-        await lens.goToTimeRange();
         // go to empty vis
         await lens.goToListingPageViaBreadcrumbs();
         await visualize.clickNewVisualization();
diff --git a/x-pack/test/functional/apps/lens/group2/table.ts b/x-pack/test/functional/apps/lens/group2/table.ts
index 7de5645b16b03..c359039bae343 100644
--- a/x-pack/test/functional/apps/lens/group2/table.ts
+++ b/x-pack/test/functional/apps/lens/group2/table.ts
@@ -20,7 +20,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
       await visualize.gotoVisualizationLandingPage();
       await listingTable.searchForItemWithName('lnsXYvis');
       await lens.clickVisualizeListItemTitle('lnsXYvis');
-      await lens.goToTimeRange();
       await lens.switchToVisualization('lnsDatatable');
       // Sort by number
       await lens.changeTableSortingBy(2, 'ascending');
diff --git a/x-pack/test/functional/apps/lens/group3/add_to_dashboard.ts b/x-pack/test/functional/apps/lens/group3/add_to_dashboard.ts
index 9b5d46dd06170..433fc2dbc943f 100644
--- a/x-pack/test/functional/apps/lens/group3/add_to_dashboard.ts
+++ b/x-pack/test/functional/apps/lens/group3/add_to_dashboard.ts
@@ -27,8 +27,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
   const createNewLens = async () => {
     await visualize.navigateToNewVisualization();
     await visualize.clickVisType('lens');
-    await lens.goToTimeRange();
-
     await lens.configureDimension({
       dimension: 'lnsXY_yDimensionPanel > lns-empty-dimension',
       operation: 'average',
@@ -48,8 +46,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
     await dashboardAddPanel.filterEmbeddableNames('lnsXYvis');
     await find.clickByButtonText('lnsXYvis');
     await dashboardAddPanel.closeAddPanel();
-    await lens.goToTimeRange();
-
     await dashboard.saveDashboard(dashboardName);
     await dashboard.gotoDashboardLandingPage();
     await listingTable.searchAndExpectItemsCount('dashboard', dashboardName, 1);
@@ -59,7 +55,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
     await visualize.gotoVisualizationLandingPage();
     await listingTable.searchForItemWithName('Artistpreviouslyknownaslens');
     await lens.clickVisualizeListItemTitle('Artistpreviouslyknownaslens');
-    await lens.goToTimeRange();
     await lens.waitForVisualization('legacyMtrVis');
     await lens.assertLegacyMetric('Maximum of bytes', '19,986');
   };
@@ -226,7 +221,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
     it('should add a Lens heatmap to the dashboard', async () => {
       await visualize.navigateToNewVisualization();
       await visualize.clickVisType('lens');
-      await lens.goToTimeRange();
 
       await lens.configureDimension({
         dimension: 'lnsXY_xDimensionPanel > lns-empty-dimension',
@@ -281,8 +275,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
           it('should not display', async () => {
             await visualize.navigateToNewVisualization();
             await visualize.clickVisType('lens');
-            await lens.goToTimeRange();
-
             await lens.configureDimension({
               dimension: 'lnsXY_yDimensionPanel > lns-empty-dimension',
               operation: 'average',
@@ -330,7 +322,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
           it('should not display', async () => {
             await visualize.navigateToNewVisualization();
             await visualize.clickVisType('lens');
-            await lens.goToTimeRange();
 
             await lens.configureDimension({
               dimension: 'lnsXY_yDimensionPanel > lns-empty-dimension',
diff --git a/x-pack/test/functional/apps/lens/group3/dashboard_inline_editing.ts b/x-pack/test/functional/apps/lens/group3/dashboard_inline_editing.ts
index 312bddba10eac..3790c22c377be 100644
--- a/x-pack/test/functional/apps/lens/group3/dashboard_inline_editing.ts
+++ b/x-pack/test/functional/apps/lens/group3/dashboard_inline_editing.ts
@@ -23,7 +23,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
   const createNewLens = async () => {
     await visualize.navigateToNewVisualization();
     await visualize.clickVisType('lens');
-    await lens.goToTimeRange();
 
     await lens.configureDimension({
       dimension: 'lnsXY_yDimensionPanel > lns-empty-dimension',
@@ -39,7 +38,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
     await visualize.gotoVisualizationLandingPage();
     await listingTable.searchForItemWithName('lnsXYvis');
     await lens.clickVisualizeListItemTitle('lnsXYvis');
-    await lens.goToTimeRange();
     await lens.waitForVisualization('xyVisChart');
   };
 
diff --git a/x-pack/test/functional/apps/lens/group3/epoch_millis.ts b/x-pack/test/functional/apps/lens/group3/epoch_millis.ts
index 30f3ffddfcff1..23a1254c1aa24 100644
--- a/x-pack/test/functional/apps/lens/group3/epoch_millis.ts
+++ b/x-pack/test/functional/apps/lens/group3/epoch_millis.ts
@@ -31,7 +31,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
       await visualize.navigateToNewVisualization();
       await visualize.clickVisType('lens');
       await lens.switchDataPanelIndexPattern('epoch-millis*');
-      await lens.goToTimeRange();
       await lens.switchToVisualization('lnsDatatable');
       const fieldList = await lens.findAllFields();
       expect(fieldList).to.contain('@timestamp');
diff --git a/x-pack/test/functional/apps/lens/group3/runtime_fields.ts b/x-pack/test/functional/apps/lens/group3/runtime_fields.ts
index e04a00a64c81a..26c2134a68e10 100644
--- a/x-pack/test/functional/apps/lens/group3/runtime_fields.ts
+++ b/x-pack/test/functional/apps/lens/group3/runtime_fields.ts
@@ -19,7 +19,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
     it('should be able to add runtime field and use it', async () => {
       await visualize.navigateToNewVisualization();
       await visualize.clickVisType('lens');
-      await lens.goToTimeRange();
       await lens.switchToVisualization('lnsDatatable');
       await retry.try(async () => {
         await dataViews.clickAddFieldFromSearchBar();
diff --git a/x-pack/test/functional/apps/lens/group3/terms.ts b/x-pack/test/functional/apps/lens/group3/terms.ts
index 86c43a7549e0e..5c7f2c8669381 100644
--- a/x-pack/test/functional/apps/lens/group3/terms.ts
+++ b/x-pack/test/functional/apps/lens/group3/terms.ts
@@ -26,7 +26,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
         await visualize.navigateToNewVisualization();
         await visualize.clickVisType('lens');
         await elasticChart.setNewChartUiDebugFlag(true);
-        await lens.goToTimeRange();
 
         await lens.configureDimension({
           dimension: 'lnsXY_yDimensionPanel > lns-empty-dimension',
@@ -164,7 +163,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
           await visualize.navigateToNewVisualization();
           await visualize.clickVisType('lens');
           await elasticChart.setNewChartUiDebugFlag(true);
-          await lens.goToTimeRange();
 
           await lens.configureDimension({
             dimension: 'lnsXY_yDimensionPanel > lns-empty-dimension',
@@ -282,7 +280,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
         await visualize.navigateToNewVisualization();
         await visualize.clickVisType('lens');
         await elasticChart.setNewChartUiDebugFlag(true);
-        await lens.goToTimeRange();
         await lens.switchDataPanelIndexPattern(esIndexPrefix);
 
         await lens.configureDimension({
diff --git a/x-pack/test/functional/apps/lens/group4/chart_data.ts b/x-pack/test/functional/apps/lens/group4/chart_data.ts
index 512f820e7ed75..3b3a51c289473 100644
--- a/x-pack/test/functional/apps/lens/group4/chart_data.ts
+++ b/x-pack/test/functional/apps/lens/group4/chart_data.ts
@@ -19,7 +19,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
       await visualize.navigateToNewVisualization();
       await visualize.clickVisType('lens');
       await elasticChart.setNewChartUiDebugFlag(true);
-      await lens.goToTimeRange();
 
       await lens.configureDimension({
         dimension: 'lnsXY_xDimensionPanel > lns-empty-dimension',
diff --git a/x-pack/test/functional/apps/lens/group4/color_mapping.ts b/x-pack/test/functional/apps/lens/group4/color_mapping.ts
index 932c628a09afa..008ffa1cb53e1 100644
--- a/x-pack/test/functional/apps/lens/group4/color_mapping.ts
+++ b/x-pack/test/functional/apps/lens/group4/color_mapping.ts
@@ -22,7 +22,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
     before(async () => {
       await visualize.navigateToNewVisualization();
       await visualize.clickVisType('lens');
-      await lens.goToTimeRange();
       await elasticChart.setNewChartUiDebugFlag(true);
 
       await lens.configureDimension({
diff --git a/x-pack/test/functional/apps/lens/group4/colors.ts b/x-pack/test/functional/apps/lens/group4/colors.ts
index 96e1866250da2..5c5bbea4ba2c5 100644
--- a/x-pack/test/functional/apps/lens/group4/colors.ts
+++ b/x-pack/test/functional/apps/lens/group4/colors.ts
@@ -14,7 +14,6 @@ export default function ({ getPageObjects }: FtrProviderContext) {
     it('should allow to pick legacy color palette in xy chart', async () => {
       await visualize.navigateToNewVisualization();
       await visualize.clickVisType('lens');
-      await lens.goToTimeRange();
 
       await lens.configureDimension({
         dimension: 'lnsXY_xDimensionPanel > lns-empty-dimension',
@@ -41,7 +40,6 @@ export default function ({ getPageObjects }: FtrProviderContext) {
     it('should allow to pick color mapping palette in xy chart', async () => {
       await visualize.navigateToNewVisualization();
       await visualize.clickVisType('lens');
-      await lens.goToTimeRange();
 
       await lens.configureDimension({
         dimension: 'lnsXY_xDimensionPanel > lns-empty-dimension',
diff --git a/x-pack/test/functional/apps/lens/group4/dashboard.ts b/x-pack/test/functional/apps/lens/group4/dashboard.ts
index 563023a6d2ee0..670ee2cb22da5 100644
--- a/x-pack/test/functional/apps/lens/group4/dashboard.ts
+++ b/x-pack/test/functional/apps/lens/group4/dashboard.ts
@@ -61,7 +61,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
       await dashboardAddPanel.filterEmbeddableNames('Artistpreviouslyknownaslens');
       await find.clickByButtonText('Artistpreviouslyknownaslens');
       await dashboardAddPanel.closeAddPanel();
-      await lens.goToTimeRange();
       await lens.assertLegacyMetric('Maximum of bytes', '19,986');
     });
 
@@ -72,7 +71,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
       await dashboardAddPanel.filterEmbeddableNames('lnsXYvis');
       await find.clickByButtonText('lnsXYvis');
       await dashboardAddPanel.closeAddPanel();
-      await lens.goToTimeRange();
       await retry.try(async () => {
         await clickInChart(30, 5); // hardcoded position of bar, depends heavy on data and charts implementation
         await testSubjects.existOrFail('applyFiltersPopoverButton', { timeout: 2500 });
@@ -98,7 +96,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
       await dashboardAddPanel.filterEmbeddableNames('lnsXYvis');
       await find.clickByButtonText('lnsXYvis');
       await dashboardAddPanel.closeAddPanel();
-      await lens.goToTimeRange();
       await retry.try(async () => {
         // show the tooltip actions
         await rightClickInChart(30, 5); // hardcoded position of bar, depends heavy on data and charts implementation
@@ -122,7 +119,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
       await dashboardAddPanel.filterEmbeddableNames('lnsXYvis');
       await find.clickByButtonText('lnsXYvis');
       await dashboardAddPanel.closeAddPanel();
-      await lens.goToTimeRange();
       await dashboard.saveDashboard('lnsDrilldown');
 
       await panelActions.expectMissingPanelAction(
@@ -139,7 +135,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
       await find.clickByButtonText('lnsPieVis');
       await dashboardAddPanel.closeAddPanel();
 
-      await lens.goToTimeRange();
       await clickInChart(5, 5); // hardcoded position of the slice, depends heavy on data and charts implementation
 
       await lens.assertExactText(
@@ -189,7 +184,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
       await dashboard.clickNewDashboard();
       await dashboardAddPanel.clickCreateNewLink();
       await header.waitUntilLoadingHasFinished();
-      await lens.goToTimeRange();
       await lens.configureDimension({
         dimension: 'lnsXY_xDimensionPanel > lns-empty-dimension',
         operation: 'date_histogram',
@@ -251,7 +245,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
 
       await dashboardAddPanel.clickCreateNewLink();
       await header.waitUntilLoadingHasFinished();
-      await lens.goToTimeRange();
 
       await lens.configureDimension({
         dimension: 'lnsXY_xDimensionPanel > lns-empty-dimension',
@@ -282,7 +275,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
       await dashboardAddPanel.filterEmbeddableNames('lnsXYvis');
       await find.clickByButtonText('lnsXYvis');
       await dashboardAddPanel.closeAddPanel();
-      await lens.goToTimeRange();
       // type an invalid search query, hit refresh
       await queryBar.setQuery('this is > not valid');
       await queryBar.submitQuery();
diff --git a/x-pack/test/functional/apps/lens/group4/logsdb.ts b/x-pack/test/functional/apps/lens/group4/logsdb.ts
index a58b5c6bf806f..8071ad58ac09a 100644
--- a/x-pack/test/functional/apps/lens/group4/logsdb.ts
+++ b/x-pack/test/functional/apps/lens/group4/logsdb.ts
@@ -17,11 +17,12 @@ import {
 } from './tsdb_logsdb_helpers';
 
 export default function ({ getService, getPageObjects }: FtrProviderContext) {
-  const { common, lens, discover, header } = getPageObjects([
+  const { common, lens, discover, header, timePicker } = getPageObjects([
     'common',
     'lens',
     'discover',
     'header',
+    'timePicker',
   ]);
   const testSubjects = getService('testSubjects');
   const find = getService('find');
@@ -65,6 +66,7 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
     after(async () => {
       await kibanaServer.savedObjects.cleanStandardList();
       await kibanaServer.uiSettings.replace({});
+      await timePicker.setDefaultAbsoluteRangeViaUiSettings();
       await es.indices.delete({ index: [logsdbIndex] });
     });
 
@@ -72,7 +74,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
       before(async () => {
         await common.navigateToApp('lens');
         await lens.switchDataPanelIndexPattern(logsdbDataView);
-        await lens.goToTimeRange();
       });
 
       afterEach(async () => {
diff --git a/x-pack/test/functional/apps/lens/group4/share.ts b/x-pack/test/functional/apps/lens/group4/share.ts
index 4d01b3cf65c91..94634b093dcc3 100644
--- a/x-pack/test/functional/apps/lens/group4/share.ts
+++ b/x-pack/test/functional/apps/lens/group4/share.ts
@@ -30,7 +30,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
     it('should disable the share button if no request is made', async () => {
       await visualize.navigateToNewVisualization();
       await visualize.clickVisType('lens');
-      await lens.goToTimeRange();
 
       expect(await lens.isShareable()).to.eql(false);
     });
diff --git a/x-pack/test/functional/apps/lens/group4/show_underlying_data.ts b/x-pack/test/functional/apps/lens/group4/show_underlying_data.ts
index 5caf47a41847d..18bd3bb830bba 100644
--- a/x-pack/test/functional/apps/lens/group4/show_underlying_data.ts
+++ b/x-pack/test/functional/apps/lens/group4/show_underlying_data.ts
@@ -28,7 +28,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
       await visualize.gotoVisualizationLandingPage();
       await listingTable.searchForItemWithName('lnsXYvis');
       await lens.clickVisualizeListItemTitle('lnsXYvis');
-      await lens.goToTimeRange();
 
       await lens.waitForVisualization('xyVisChart');
 
diff --git a/x-pack/test/functional/apps/lens/group4/show_underlying_data_dashboard.ts b/x-pack/test/functional/apps/lens/group4/show_underlying_data_dashboard.ts
index de563366af3fb..40169ef15ccfe 100644
--- a/x-pack/test/functional/apps/lens/group4/show_underlying_data_dashboard.ts
+++ b/x-pack/test/functional/apps/lens/group4/show_underlying_data_dashboard.ts
@@ -34,7 +34,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
       await visualize.gotoVisualizationLandingPage();
       await listingTable.searchForItemWithName('lnsXYvis');
       await lens.clickVisualizeListItemTitle('lnsXYvis');
-      await lens.goToTimeRange();
       await lens.save('Embedded Visualization', true, false, false, 'new');
 
       await dashboard.saveDashboard(`Open in Discover Testing ${uuidv4()}`, {
diff --git a/x-pack/test/functional/apps/lens/group4/time_shift.ts b/x-pack/test/functional/apps/lens/group4/time_shift.ts
index 9cbe84f033ff2..de341945b3f45 100644
--- a/x-pack/test/functional/apps/lens/group4/time_shift.ts
+++ b/x-pack/test/functional/apps/lens/group4/time_shift.ts
@@ -8,14 +8,13 @@
 import expect from '@kbn/expect';
 import { FtrProviderContext } from '../../../ftr_provider_context';
 
-export default function ({ getService, getPageObjects }: FtrProviderContext) {
+export default function ({ getPageObjects }: FtrProviderContext) {
   const { visualize, lens } = getPageObjects(['visualize', 'lens']);
 
   describe('time shift', () => {
     it('should able to configure a shifted metric', async () => {
       await visualize.navigateToNewVisualization();
       await visualize.clickVisType('lens');
-      await lens.goToTimeRange();
       await lens.switchToVisualization('lnsDatatable');
       await lens.configureDimension({
         dimension: 'lnsDatatable_rows > lns-empty-dimension',
diff --git a/x-pack/test/functional/apps/lens/group5/drag_and_drop.ts b/x-pack/test/functional/apps/lens/group5/drag_and_drop.ts
index 144c9f0b8995f..1950edc28a9e9 100644
--- a/x-pack/test/functional/apps/lens/group5/drag_and_drop.ts
+++ b/x-pack/test/functional/apps/lens/group5/drag_and_drop.ts
@@ -16,14 +16,23 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
 
   describe('lens drag and drop tests', () => {
     describe('basic drag and drop', () => {
-      it('should construct the basic split xy chart', async () => {
+      it('should construct a bar chart when dropping a field to create top values chart', async () => {
+        await visualize.navigateToNewVisualization();
+        await visualize.clickVisType('lens');
+        await header.waitUntilLoadingHasFinished();
+        await lens.dragFieldToWorkspace('machine.os.raw', xyChartContainer);
+        expect(await lens.getDimensionTriggerText('lnsXY_xDimensionPanel')).to.eql(
+          'Top 5 values of machine.os.raw'
+        );
+        expect(await lens.getChartTypeFromChartSwitcher()).to.eql('Bar');
+      });
+      it('should construct a bar chart when dropping a time field to create a date histogram chart', async () => {
         await visualize.navigateToNewVisualization();
         await visualize.clickVisType('lens');
-        await lens.goToTimeRange();
         await header.waitUntilLoadingHasFinished();
         await lens.dragFieldToWorkspace('@timestamp', xyChartContainer);
-
         expect(await lens.getDimensionTriggerText('lnsXY_xDimensionPanel')).to.eql('@timestamp');
+        expect(await lens.getChartTypeFromChartSwitcher()).to.eql('Bar');
       });
 
       it('should allow dropping fields to existing and empty dimension triggers', async () => {
@@ -224,7 +233,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
       it('should drop a field to workspace', async () => {
         await visualize.navigateToNewVisualization();
         await visualize.clickVisType('lens');
-        await lens.goToTimeRange();
         await header.waitUntilLoadingHasFinished();
         await lens.dragFieldWithKeyboard('@timestamp');
         expect(await lens.getDimensionTriggerText('lnsXY_xDimensionPanel')).to.eql('@timestamp');
@@ -300,7 +308,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
       it('should always nest time dimension in categorical dimension', async () => {
         await visualize.navigateToNewVisualization();
         await visualize.clickVisType('lens');
-        await lens.goToTimeRange();
         await header.waitUntilLoadingHasFinished();
         await lens.dragFieldToWorkspace('@timestamp', xyChartContainer);
         await lens.waitForVisualization(xyChartContainer);
@@ -330,7 +337,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
         await visualize.gotoVisualizationLandingPage();
         await listingTable.searchForItemWithName('lnsXYvis');
         await lens.clickVisualizeListItemTitle('lnsXYvis');
-        await lens.goToTimeRange();
 
         await lens.createLayer('data');
 
@@ -410,7 +416,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
         await visualize.gotoVisualizationLandingPage();
         await listingTable.searchForItemWithName('lnsXYvis');
         await lens.clickVisualizeListItemTitle('lnsXYvis');
-        await lens.goToTimeRange();
 
         await lens.createLayer('data');
         await lens.dragFieldToDimensionTrigger(
diff --git a/x-pack/test/functional/apps/lens/group5/formula.ts b/x-pack/test/functional/apps/lens/group5/formula.ts
index 95404faf5a99d..c12551bed35f6 100644
--- a/x-pack/test/functional/apps/lens/group5/formula.ts
+++ b/x-pack/test/functional/apps/lens/group5/formula.ts
@@ -23,7 +23,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
       await visualize.gotoVisualizationLandingPage();
       await listingTable.searchForItemWithName('lnsXYvis');
       await lens.clickVisualizeListItemTitle('lnsXYvis');
-      await lens.goToTimeRange();
 
       await lens.configureDimension({
         dimension: 'lnsXY_yDimensionPanel > lns-dimensionTrigger',
@@ -43,7 +42,7 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
     it('should update and delete a formula', async () => {
       await visualize.navigateToNewVisualization();
       await visualize.clickVisType('lens');
-      await lens.goToTimeRange();
+
       await lens.switchToVisualization('lnsDatatable');
 
       await lens.configureDimension({
@@ -64,7 +63,7 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
     it('should insert single quotes and escape when needed to create valid KQL', async () => {
       await visualize.navigateToNewVisualization();
       await visualize.clickVisType('lens');
-      await lens.goToTimeRange();
+
       await lens.switchToVisualization('lnsDatatable');
 
       await lens.configureDimension({
@@ -96,7 +95,7 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
     it('should insert single quotes and escape when needed to create valid field name', async () => {
       await visualize.navigateToNewVisualization();
       await visualize.clickVisType('lens');
-      await lens.goToTimeRange();
+
       await lens.switchToVisualization('lnsDatatable');
       await dataViews.clickAddFieldFromSearchBar();
       await fieldEditor.setName(`ab' "'`, true, true);
@@ -127,7 +126,7 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
     it('should persist a broken formula on close', async () => {
       await visualize.navigateToNewVisualization();
       await visualize.clickVisType('lens');
-      await lens.goToTimeRange();
+
       await lens.switchToVisualization('lnsDatatable');
 
       // Close immediately
@@ -145,7 +144,7 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
     it('should keep the formula when entering expanded mode', async () => {
       await visualize.navigateToNewVisualization();
       await visualize.clickVisType('lens');
-      await lens.goToTimeRange();
+
       await lens.switchToVisualization('lnsDatatable');
 
       await lens.configureDimension({
@@ -164,7 +163,7 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
     it('should allow an empty formula combined with a valid formula', async () => {
       await visualize.navigateToNewVisualization();
       await visualize.clickVisType('lens');
-      await lens.goToTimeRange();
+
       await lens.switchToVisualization('lnsDatatable');
 
       await lens.configureDimension({
@@ -184,7 +183,7 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
     it('should duplicate a moving average formula and be a valid table with conditional coloring', async () => {
       await visualize.navigateToNewVisualization();
       await visualize.clickVisType('lens');
-      await lens.goToTimeRange();
+
       await lens.switchToVisualization('lnsDatatable');
 
       await lens.configureDimension({
@@ -219,7 +218,7 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
     it('should keep the formula if the user does not fully transition to a quick function', async () => {
       await visualize.navigateToNewVisualization();
       await visualize.clickVisType('lens');
-      await lens.goToTimeRange();
+
       await lens.switchToVisualization('lnsDatatable');
 
       await lens.configureDimension({
@@ -240,7 +239,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
     it('should keep the formula if the user does not fully transition to a static value', async () => {
       await visualize.navigateToNewVisualization();
       await visualize.clickVisType('lens');
-      await lens.goToTimeRange();
 
       await lens.configureDimension({
         dimension: 'lnsXY_yDimensionPanel > lns-empty-dimension',
@@ -269,7 +267,7 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
     it('should allow numeric only formulas', async () => {
       await visualize.navigateToNewVisualization();
       await visualize.clickVisType('lens');
-      await lens.goToTimeRange();
+
       await lens.switchToVisualization('lnsDatatable');
 
       await lens.configureDimension({
@@ -289,7 +287,7 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
     it('should apply a global filter to the current formula', async () => {
       await visualize.navigateToNewVisualization();
       await visualize.clickVisType('lens');
-      await lens.goToTimeRange();
+
       await lens.switchToVisualization('lnsDatatable');
 
       await lens.configureDimension({
diff --git a/x-pack/test/functional/apps/lens/group5/gauge.ts b/x-pack/test/functional/apps/lens/group5/gauge.ts
index eea38d486833d..6aab255337e7e 100644
--- a/x-pack/test/functional/apps/lens/group5/gauge.ts
+++ b/x-pack/test/functional/apps/lens/group5/gauge.ts
@@ -10,13 +10,12 @@ import expect from '@kbn/expect';
 import { FtrProviderContext } from '../../../ftr_provider_context';
 
 export default function ({ getService, getPageObjects }: FtrProviderContext) {
-  const { visualize, lens, timePicker } = getPageObjects(['visualize', 'lens', 'timePicker']);
+  const { visualize, lens } = getPageObjects(['visualize', 'lens']);
   const elasticChart = getService('elasticChart');
   const testSubjects = getService('testSubjects');
 
   describe('lens gauge', () => {
     before(async () => {
-      await timePicker.setDefaultAbsoluteRangeViaUiSettings();
       await visualize.navigateToNewVisualization();
       await visualize.clickVisType('lens');
       await elasticChart.setNewChartUiDebugFlag(true);
diff --git a/x-pack/test/functional/apps/lens/group5/geo_field.ts b/x-pack/test/functional/apps/lens/group5/geo_field.ts
index a5851263fae89..a184aad12c46e 100644
--- a/x-pack/test/functional/apps/lens/group5/geo_field.ts
+++ b/x-pack/test/functional/apps/lens/group5/geo_field.ts
@@ -9,12 +9,13 @@ import expect from '@kbn/expect';
 import { FtrProviderContext } from '../../../ftr_provider_context';
 
 export default function ({ getPageObjects }: FtrProviderContext) {
-  const { visualize, lens, header, maps, common } = getPageObjects([
+  const { visualize, lens, header, maps, common, timePicker } = getPageObjects([
     'visualize',
     'lens',
     'header',
     'maps',
     'common',
+    'timePicker',
   ]);
   const from = 'Sep 22, 2015 @ 00:00:00.000';
   const to = 'Sep 22, 2015 @ 04:00:00.000';
@@ -25,7 +26,7 @@ export default function ({ getPageObjects }: FtrProviderContext) {
     });
 
     after(async () => {
-      await common.unsetTime();
+      await timePicker.setDefaultAbsoluteRangeViaUiSettings();
     });
 
     it('should visualize geo fields in maps', async () => {
diff --git a/x-pack/test/functional/apps/lens/group5/heatmap.ts b/x-pack/test/functional/apps/lens/group5/heatmap.ts
index 7597b0448433d..7abcba0cb0780 100644
--- a/x-pack/test/functional/apps/lens/group5/heatmap.ts
+++ b/x-pack/test/functional/apps/lens/group5/heatmap.ts
@@ -19,7 +19,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
       await visualize.navigateToNewVisualization();
       await visualize.clickVisType('lens');
       await elasticChart.setNewChartUiDebugFlag(true);
-      await lens.goToTimeRange();
 
       await lens.configureDimension({
         dimension: 'lnsXY_xDimensionPanel > lns-empty-dimension',
diff --git a/x-pack/test/functional/apps/lens/group5/tagcloud.ts b/x-pack/test/functional/apps/lens/group5/tagcloud.ts
index dd718a476a489..bab136bcc1c52 100644
--- a/x-pack/test/functional/apps/lens/group5/tagcloud.ts
+++ b/x-pack/test/functional/apps/lens/group5/tagcloud.ts
@@ -23,7 +23,7 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
       await visualize.navigateToNewVisualization();
       await visualize.clickVisType('lens');
       await elasticChart.setNewChartUiDebugFlag(true);
-      await lens.goToTimeRange();
+
       await lens.switchToVisualization('lnsTagcloud', 'Tag cloud');
 
       await lens.configureDimension({
diff --git a/x-pack/test/functional/apps/lens/group6/annotations.ts b/x-pack/test/functional/apps/lens/group6/annotations.ts
index 7556440eeb3bb..6738a0c7fd459 100644
--- a/x-pack/test/functional/apps/lens/group6/annotations.ts
+++ b/x-pack/test/functional/apps/lens/group6/annotations.ts
@@ -9,28 +9,14 @@ import expect from '@kbn/expect';
 import { FtrProviderContext } from '../../../ftr_provider_context';
 
 export default function ({ getService, getPageObjects }: FtrProviderContext) {
-  const { visualize, lens, common, tagManagement } = getPageObjects([
-    'visualize',
-    'lens',
-    'common',
-    'tagManagement',
-  ]);
+  const { visualize, lens, tagManagement } = getPageObjects(['visualize', 'lens', 'tagManagement']);
   const find = getService('find');
   const retry = getService('retry');
   const toastsService = getService('toasts');
   const testSubjects = getService('testSubjects');
   const listingTable = getService('listingTable');
-  const from = 'Sep 19, 2015 @ 06:31:44.000';
-  const to = 'Sep 23, 2015 @ 18:31:44.000';
 
   describe('lens annotations tests', () => {
-    before(async () => {
-      await common.setTime({ from, to });
-    });
-    after(async () => {
-      await common.unsetTime();
-    });
-
     it('should show a disabled annotation layer button if there is no date histogram in data layer', async () => {
       await visualize.navigateToNewVisualization();
       await visualize.clickVisType('lens');
@@ -46,7 +32,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
 
     it('should add manual annotation layer with static date and allow edition', async () => {
       await lens.removeLayer();
-      await lens.goToTimeRange();
       await lens.dragFieldToWorkspace('@timestamp', 'xyVisChart');
 
       await lens.createLayer('annotations');
@@ -117,8 +102,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
       it('should save annotation group to library', async () => {
         await visualize.navigateToNewVisualization();
         await visualize.clickVisType('lens');
-
-        await lens.goToTimeRange();
         await lens.dragFieldToWorkspace('@timestamp', 'xyVisChart');
 
         await lens.createLayer('annotations');
@@ -166,8 +149,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
       it('should add annotation group from library', async () => {
         await visualize.navigateToNewVisualization();
         await visualize.clickVisType('lens');
-
-        await lens.goToTimeRange();
         await lens.dragFieldToWorkspace('@timestamp', 'xyVisChart');
 
         await lens.createLayer('annotations', ANNOTATION_GROUP_TITLE);
diff --git a/x-pack/test/functional/apps/lens/group6/disable_auto_apply.ts b/x-pack/test/functional/apps/lens/group6/disable_auto_apply.ts
index 8cccfd759450d..56d182e007135 100644
--- a/x-pack/test/functional/apps/lens/group6/disable_auto_apply.ts
+++ b/x-pack/test/functional/apps/lens/group6/disable_auto_apply.ts
@@ -47,8 +47,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
     });
 
     it('should preserve apply-changes button with full-screen datasource', async () => {
-      await lens.goToTimeRange();
-
       await lens.disableAutoApply();
       await lens.closeSettingsMenu();
 
diff --git a/x-pack/test/functional/apps/lens/group6/inspector.ts b/x-pack/test/functional/apps/lens/group6/inspector.ts
index 56d8fd3cdd7b1..a21abe85fe73e 100644
--- a/x-pack/test/functional/apps/lens/group6/inspector.ts
+++ b/x-pack/test/functional/apps/lens/group6/inspector.ts
@@ -18,7 +18,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
       await visualize.navigateToNewVisualization();
       await visualize.clickVisType('lens');
       await elasticChart.setNewChartUiDebugFlag(true);
-      await lens.goToTimeRange();
 
       await lens.configureDimension({
         dimension: 'lnsXY_xDimensionPanel > lns-empty-dimension',
diff --git a/x-pack/test/functional/apps/lens/group6/legacy_metric.ts b/x-pack/test/functional/apps/lens/group6/legacy_metric.ts
index 9b404e7f8e531..5385422a7bfef 100644
--- a/x-pack/test/functional/apps/lens/group6/legacy_metric.ts
+++ b/x-pack/test/functional/apps/lens/group6/legacy_metric.ts
@@ -20,7 +20,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
       await visualize.gotoVisualizationLandingPage();
       await listingTable.searchForItemWithName('Artistpreviouslyknownaslens');
       await lens.clickVisualizeListItemTitle('Artistpreviouslyknownaslens');
-      await lens.goToTimeRange();
       await lens.assertLegacyMetric('Maximum of bytes', '19,986');
     });
 
diff --git a/x-pack/test/functional/apps/lens/group6/lens_reporting.ts b/x-pack/test/functional/apps/lens/group6/lens_reporting.ts
index 4b2a182df741a..26f68e73d10ef 100644
--- a/x-pack/test/functional/apps/lens/group6/lens_reporting.ts
+++ b/x-pack/test/functional/apps/lens/group6/lens_reporting.ts
@@ -43,7 +43,7 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
 
     after(async () => {
       await kibanaServer.savedObjects.cleanStandardList();
-      await timePicker.resetDefaultAbsoluteRangeViaUiSettings();
+      await timePicker.setDefaultAbsoluteRangeViaUiSettings();
       await es.deleteByQuery({
         index: '.reporting-*',
         refresh: true,
@@ -78,7 +78,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
           await visualize.gotoVisualizationLandingPage();
           await visualize.navigateToNewVisualization();
           await visualize.clickVisType('lens');
-          await lens.goToTimeRange();
 
           await lens.configureDimension({
             dimension: 'lnsXY_xDimensionPanel > lns-empty-dimension',
diff --git a/x-pack/test/functional/apps/lens/group6/lens_tagging.ts b/x-pack/test/functional/apps/lens/group6/lens_tagging.ts
index 56f97c8751d77..b6b441249f21f 100644
--- a/x-pack/test/functional/apps/lens/group6/lens_tagging.ts
+++ b/x-pack/test/functional/apps/lens/group6/lens_tagging.ts
@@ -16,13 +16,12 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
   const find = getService('find');
   const dashboardAddPanel = getService('dashboardAddPanel');
   const dashboardPanelActions = getService('dashboardPanelActions');
-  const { tagManagement, header, dashboard, visualize, lens, timePicker } = getPageObjects([
+  const { tagManagement, header, dashboard, visualize, lens } = getPageObjects([
     'tagManagement',
     'header',
     'dashboard',
     'visualize',
     'lens',
-    'timePicker',
   ]);
 
   const lensTag = 'extreme-lens-tag';
@@ -31,20 +30,14 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
   describe('lens tagging', () => {
     before(async () => {
       await esArchiver.loadIfNeeded('x-pack/test/functional/es_archives/logstash_functional');
-      await timePicker.setDefaultAbsoluteRangeViaUiSettings();
       await dashboard.navigateToApp();
       await dashboard.preserveCrossAppState();
       await dashboard.clickNewDashboard();
     });
 
-    after(async () => {
-      await timePicker.setDefaultAbsoluteRangeViaUiSettings();
-    });
-
     it('adds a new tag to a Lens visualization', async () => {
       // create lens
       await dashboardAddPanel.clickCreateNewLink();
-      await lens.goToTimeRange();
       await lens.configureDimension({
         dimension: 'lnsXY_xDimensionPanel > lns-empty-dimension',
         operation: 'date_histogram',
diff --git a/x-pack/test/functional/apps/lens/group6/metric.ts b/x-pack/test/functional/apps/lens/group6/metric.ts
index fcf8cd6f7e557..03ca571c48d00 100644
--- a/x-pack/test/functional/apps/lens/group6/metric.ts
+++ b/x-pack/test/functional/apps/lens/group6/metric.ts
@@ -76,7 +76,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
     it('should render a metric', async () => {
       await visualize.navigateToNewVisualization();
       await visualize.clickVisType('lens');
-      await lens.goToTimeRange();
 
       await lens.switchToVisualization('lnsMetric', 'Metric');
 
@@ -349,7 +348,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
     it('does carry custom formatting when transitioning from other visualization', async () => {
       await visualize.navigateToNewVisualization();
       await visualize.clickVisType('lens');
-      await lens.goToTimeRange();
 
       await lens.switchToVisualization('lnsLegacyMetric');
       // await lens.clickLegacyMetric();
diff --git a/x-pack/test/functional/apps/lens/group6/reference_lines.ts b/x-pack/test/functional/apps/lens/group6/reference_lines.ts
index 245162b5e4742..b1d4a3e77ee3c 100644
--- a/x-pack/test/functional/apps/lens/group6/reference_lines.ts
+++ b/x-pack/test/functional/apps/lens/group6/reference_lines.ts
@@ -29,8 +29,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
     });
 
     it('should add a reference layer with a static value in it', async () => {
-      await lens.goToTimeRange();
-
       await lens.configureDimension({
         dimension: 'lnsXY_xDimensionPanel > lns-empty-dimension',
         operation: 'date_histogram',
diff --git a/x-pack/test/functional/apps/lens/group6/rollup.ts b/x-pack/test/functional/apps/lens/group6/rollup.ts
index c1d3c343350d7..7eab6d86b6510 100644
--- a/x-pack/test/functional/apps/lens/group6/rollup.ts
+++ b/x-pack/test/functional/apps/lens/group6/rollup.ts
@@ -9,7 +9,7 @@ import expect from '@kbn/expect';
 import { FtrProviderContext } from '../../../ftr_provider_context';
 
 export default function ({ getService, getPageObjects }: FtrProviderContext) {
-  const { visualize, lens, timePicker } = getPageObjects(['visualize', 'lens', 'timePicker']);
+  const { visualize, lens } = getPageObjects(['visualize', 'lens']);
   const find = getService('find');
   const listingTable = getService('listingTable');
   const esArchiver = getService('esArchiver');
@@ -22,20 +22,16 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
       await kibanaServer.importExport.load(
         'x-pack/test/functional/fixtures/kbn_archiver/rollup/config.json'
       );
-      await timePicker.setDefaultAbsoluteRangeViaUiSettings();
     });
 
     after(async () => {
       await esArchiver.unload('x-pack/test/functional/es_archives/lens/rollup/data');
       await kibanaServer.savedObjects.cleanStandardList();
-      await timePicker.resetDefaultAbsoluteRangeViaUiSettings();
     });
 
     it('should allow creation of lens xy chart', async () => {
       await visualize.navigateToNewVisualization();
       await visualize.clickVisType('lens');
-      await lens.goToTimeRange();
-
       await lens.configureDimension({
         dimension: 'lnsXY_xDimensionPanel > lns-empty-dimension',
         operation: 'date_histogram',
@@ -62,8 +58,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
       await visualize.gotoVisualizationLandingPage();
       await listingTable.searchForItemWithName('Afancilenstest');
       await lens.clickVisualizeListItemTitle('Afancilenstest');
-      await lens.goToTimeRange();
-
       expect(await lens.getTitle()).to.eql('Afancilenstest');
 
       // .echLegendItem__title is the only viable way of getting the xy chart's
@@ -82,7 +76,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
     it('should allow to switch from regular index to rollup index retaining config', async () => {
       await visualize.navigateToNewVisualization();
       await visualize.clickVisType('lens');
-      await lens.goToTimeRange();
       await lens.switchDataPanelIndexPattern('lens_regular_data');
       await lens.switchToVisualization('lnsLegacyMetric');
       await lens.configureDimension({
diff --git a/x-pack/test/functional/apps/lens/group6/workspace_size.ts b/x-pack/test/functional/apps/lens/group6/workspace_size.ts
index 0ba44a5249c6e..9ae8f21cebf69 100644
--- a/x-pack/test/functional/apps/lens/group6/workspace_size.ts
+++ b/x-pack/test/functional/apps/lens/group6/workspace_size.ts
@@ -44,7 +44,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
 
       await visualize.navigateToNewVisualization();
       await visualize.clickVisType('lens');
-      await lens.goToTimeRange();
       // Detect here if the Chrome bug is present, and adjust the aspect ratio accordingly if not
       if (!within(width, DEFAULT_WINDOW_SIZE[0]) || !within(height, DEFAULT_WINDOW_SIZE[1])) {
         const { width: containerWidth, height: containerHeight } =
diff --git a/x-pack/test/functional/apps/lens/open_in_lens/agg_based/gauge.ts b/x-pack/test/functional/apps/lens/open_in_lens/agg_based/gauge.ts
index 2d302bd7b7466..b765bb4665bff 100644
--- a/x-pack/test/functional/apps/lens/open_in_lens/agg_based/gauge.ts
+++ b/x-pack/test/functional/apps/lens/open_in_lens/agg_based/gauge.ts
@@ -10,10 +10,9 @@ import expect from '@kbn/expect';
 import { FtrProviderContext } from '../../../../ftr_provider_context';
 
 export default function ({ getPageObjects, getService }: FtrProviderContext) {
-  const { visualize, lens, timePicker, visEditor, visChart } = getPageObjects([
+  const { visualize, lens, visEditor, visChart } = getPageObjects([
     'visualize',
     'lens',
-    'timePicker',
     'visEditor',
     'visChart',
   ]);
@@ -30,7 +29,6 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) {
       await visualize.navigateToNewAggBasedVisualization();
       await visualize.clickGauge();
       await visualize.clickNewSearch();
-      await timePicker.setDefaultAbsoluteRange();
       await elasticChart.setNewChartUiDebugFlag(true);
     });
 
diff --git a/x-pack/test/functional/apps/lens/open_in_lens/agg_based/goal.ts b/x-pack/test/functional/apps/lens/open_in_lens/agg_based/goal.ts
index 89d08c0abeb16..2815a5774af0c 100644
--- a/x-pack/test/functional/apps/lens/open_in_lens/agg_based/goal.ts
+++ b/x-pack/test/functional/apps/lens/open_in_lens/agg_based/goal.ts
@@ -9,11 +9,10 @@ import expect from '@kbn/expect';
 import { FtrProviderContext } from '../../../../ftr_provider_context';
 
 export default function ({ getPageObjects, getService }: FtrProviderContext) {
-  const { visualize, lens, visChart, timePicker, visEditor } = getPageObjects([
+  const { visualize, lens, visChart, visEditor } = getPageObjects([
     'visualize',
     'lens',
     'visChart',
-    'timePicker',
     'visEditor',
   ]);
 
@@ -28,7 +27,6 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) {
       await visualize.navigateToNewAggBasedVisualization();
       await visualize.clickGoal();
       await visualize.clickNewSearch();
-      await timePicker.setDefaultAbsoluteRange();
     });
 
     it('should show the "Edit Visualization in Lens" menu item', async () => {
diff --git a/x-pack/test/functional/apps/lens/open_in_lens/agg_based/heatmap.ts b/x-pack/test/functional/apps/lens/open_in_lens/agg_based/heatmap.ts
index 0f30e21942734..6ebc6ce20e90d 100644
--- a/x-pack/test/functional/apps/lens/open_in_lens/agg_based/heatmap.ts
+++ b/x-pack/test/functional/apps/lens/open_in_lens/agg_based/heatmap.ts
@@ -9,11 +9,10 @@ import expect from '@kbn/expect';
 import { FtrProviderContext } from '../../../../ftr_provider_context';
 
 export default function ({ getPageObjects }: FtrProviderContext) {
-  const { visualize, lens, visChart, timePicker, visEditor } = getPageObjects([
+  const { visualize, lens, visChart, visEditor } = getPageObjects([
     'visualize',
     'lens',
     'visChart',
-    'timePicker',
     'visEditor',
   ]);
 
@@ -26,7 +25,6 @@ export default function ({ getPageObjects }: FtrProviderContext) {
       await visualize.navigateToNewAggBasedVisualization();
       await visualize.clickHeatmapChart();
       await visualize.clickNewSearch();
-      await timePicker.setDefaultAbsoluteRange();
     });
 
     it('should show the "Edit Visualization in Lens" menu item if no X-axis was specified', async () => {
diff --git a/x-pack/test/functional/apps/lens/open_in_lens/agg_based/index.ts b/x-pack/test/functional/apps/lens/open_in_lens/agg_based/index.ts
index e0e5eca1a0ffc..3f9c2eb1802eb 100644
--- a/x-pack/test/functional/apps/lens/open_in_lens/agg_based/index.ts
+++ b/x-pack/test/functional/apps/lens/open_in_lens/agg_based/index.ts
@@ -53,11 +53,11 @@ export default function ({ loadTestFile, getService, getPageObjects }: FtrProvid
 
       await esNode.load(esArchive);
       // changing the timepicker default here saves us from having to set it in Discover (~8s)
-      await timePicker.setDefaultAbsoluteRangeViaUiSettings();
       await kibanaServer.uiSettings.update({
         defaultIndex: indexPatternString,
         'dateFormat:tz': 'UTC',
       });
+      await timePicker.setDefaultAbsoluteRangeViaUiSettings();
       await kibanaServer.importExport.load(fixtureDirs.lensBasic);
       await kibanaServer.importExport.load(fixtureDirs.lensDefault);
     });
diff --git a/x-pack/test/functional/apps/lens/open_in_lens/agg_based/metric.ts b/x-pack/test/functional/apps/lens/open_in_lens/agg_based/metric.ts
index 0ff670848d47b..c0149f3b6f39b 100644
--- a/x-pack/test/functional/apps/lens/open_in_lens/agg_based/metric.ts
+++ b/x-pack/test/functional/apps/lens/open_in_lens/agg_based/metric.ts
@@ -9,7 +9,7 @@ import expect from '@kbn/expect';
 import { FtrProviderContext } from '../../../../ftr_provider_context';
 
 export default function ({ getPageObjects, getService }: FtrProviderContext) {
-  const { visEditor, visualize, lens, timePicker, visChart } = getPageObjects([
+  const { visEditor, visualize, lens, visChart, timePicker } = getPageObjects([
     'visEditor',
     'visualize',
     'visChart',
diff --git a/x-pack/test/functional/apps/lens/open_in_lens/agg_based/navigation.ts b/x-pack/test/functional/apps/lens/open_in_lens/agg_based/navigation.ts
index 1eb41d6dc86c8..d76a2ec0154bc 100644
--- a/x-pack/test/functional/apps/lens/open_in_lens/agg_based/navigation.ts
+++ b/x-pack/test/functional/apps/lens/open_in_lens/agg_based/navigation.ts
@@ -9,7 +9,7 @@ import expect from '@kbn/expect';
 import { FtrProviderContext } from '../../../../ftr_provider_context';
 
 export default function ({ getPageObjects, getService }: FtrProviderContext) {
-  const { visualize, lens, timePicker } = getPageObjects(['visualize', 'lens', 'timePicker']);
+  const { visualize, lens } = getPageObjects(['visualize', 'lens']);
 
   const testSubjects = getService('testSubjects');
   const retry = getService('retry');
@@ -20,7 +20,6 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) {
       await visualize.navigateToNewAggBasedVisualization();
       await visualize.clickLineChart();
       await visualize.clickNewSearch();
-      await timePicker.setDefaultAbsoluteRange();
     });
 
     it('should let the user return back to Visualize if no changes were made', async () => {
diff --git a/x-pack/test/functional/apps/lens/open_in_lens/agg_based/pie.ts b/x-pack/test/functional/apps/lens/open_in_lens/agg_based/pie.ts
index 785c1706ffbeb..42a015acdd31d 100644
--- a/x-pack/test/functional/apps/lens/open_in_lens/agg_based/pie.ts
+++ b/x-pack/test/functional/apps/lens/open_in_lens/agg_based/pie.ts
@@ -9,11 +9,10 @@ import expect from '@kbn/expect';
 import { FtrProviderContext } from '../../../../ftr_provider_context';
 
 export default function ({ getPageObjects, getService }: FtrProviderContext) {
-  const { visualize, visEditor, lens, timePicker, header } = getPageObjects([
+  const { visualize, visEditor, lens, header } = getPageObjects([
     'visualize',
     'lens',
     'visEditor',
-    'timePicker',
     'header',
   ]);
 
@@ -29,7 +28,6 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) {
       await visualize.navigateToNewAggBasedVisualization();
       await visualize.clickPieChart();
       await visualize.clickNewSearch();
-      await timePicker.setDefaultAbsoluteRange();
     });
 
     it('should hide the "Edit Visualization in Lens" menu item if no split slices were defined', async () => {
diff --git a/x-pack/test/functional/apps/lens/open_in_lens/agg_based/table.ts b/x-pack/test/functional/apps/lens/open_in_lens/agg_based/table.ts
index 380f58f2ea8bb..0b50c226cab5e 100644
--- a/x-pack/test/functional/apps/lens/open_in_lens/agg_based/table.ts
+++ b/x-pack/test/functional/apps/lens/open_in_lens/agg_based/table.ts
@@ -9,11 +9,10 @@ import expect from '@kbn/expect';
 import { FtrProviderContext } from '../../../../ftr_provider_context';
 
 export default function ({ getPageObjects, getService }: FtrProviderContext) {
-  const { visualize, visEditor, lens, timePicker, header } = getPageObjects([
+  const { visualize, visEditor, lens, header } = getPageObjects([
     'visualize',
     'lens',
     'visEditor',
-    'timePicker',
     'header',
   ]);
 
@@ -29,7 +28,6 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) {
       await visualize.navigateToNewAggBasedVisualization();
       await visualize.clickDataTable();
       await visualize.clickNewSearch();
-      await timePicker.setDefaultAbsoluteRange();
     });
 
     it('should not allow converting of unsupported aggregations', async () => {
diff --git a/x-pack/test/functional/apps/lens/open_in_lens/agg_based/xy.ts b/x-pack/test/functional/apps/lens/open_in_lens/agg_based/xy.ts
index d417129b58f9f..4f5aa005b9026 100644
--- a/x-pack/test/functional/apps/lens/open_in_lens/agg_based/xy.ts
+++ b/x-pack/test/functional/apps/lens/open_in_lens/agg_based/xy.ts
@@ -9,11 +9,10 @@ import expect from '@kbn/expect';
 import { FtrProviderContext } from '../../../../ftr_provider_context';
 
 export default function ({ getPageObjects, getService }: FtrProviderContext) {
-  const { visualize, visEditor, lens, timePicker, header, visChart } = getPageObjects([
+  const { visualize, visEditor, lens, header, visChart } = getPageObjects([
     'visualize',
     'lens',
     'visEditor',
-    'timePicker',
     'header',
     'visChart',
   ]);
@@ -30,7 +29,6 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) {
       await visualize.navigateToNewAggBasedVisualization();
       await visualize.clickLineChart();
       await visualize.clickNewSearch();
-      await timePicker.setDefaultAbsoluteRange();
     });
 
     it('should show the "Edit Visualization in Lens" menu item', async () => {
diff --git a/x-pack/test/functional/page_objects/lens_page.ts b/x-pack/test/functional/page_objects/lens_page.ts
index 310f52f7e651b..f4db890b26952 100644
--- a/x-pack/test/functional/page_objects/lens_page.ts
+++ b/x-pack/test/functional/page_objects/lens_page.ts
@@ -915,6 +915,10 @@ export function LensPageProvider({ getService, getPageObjects }: FtrProviderCont
         }
       });
     },
+    async getChartTypeFromChartSwitcher() {
+      const chartSwitcher = await testSubjects.find('lnsChartSwitchPopover');
+      return await chartSwitcher.getVisibleText();
+    },
 
     async openChartSwitchPopover(layerIndex = 0) {
       if (await testSubjects.exists('lnsChartSwitchList', { timeout: 50 })) {
diff --git a/x-pack/test/functional/services/aiops/change_point_detection_page.ts b/x-pack/test/functional/services/aiops/change_point_detection_page.ts
index 79bc4c378fb1a..e4eceb5539856 100644
--- a/x-pack/test/functional/services/aiops/change_point_detection_page.ts
+++ b/x-pack/test/functional/services/aiops/change_point_detection_page.ts
@@ -8,6 +8,7 @@
 import expect from '@kbn/expect';
 import { FtrProviderContext } from '../../ftr_provider_context';
 import { MlTableService } from '../ml/common_table_service';
+import { CreateCaseParams } from '../cases/create';
 
 export interface DashboardAttachmentOptions {
   applyTimeRange: boolean;
@@ -24,6 +25,7 @@ export function ChangePointDetectionPageProvider(
   const browser = getService('browser');
   const elasticChart = getService('elasticChart');
   const dashboardPage = getPageObject('dashboard');
+  const cases = getService('cases');
 
   return {
     async navigateToDataViewSelection() {
@@ -160,6 +162,17 @@ export function ChangePointDetectionPageProvider(
       });
     },
 
+    async clickAttachCasesButton() {
+      await testSubjects.click('aiopsChangePointDetectionAttachToCaseButton');
+      await retry.tryForTime(30 * 1000, async () => {
+        await testSubjects.existOrFail('aiopsChangePointDetectionCaseAttachmentForm');
+      });
+    },
+
+    async clickSubmitCaseAttachButton() {
+      await testSubjects.click('aiopsChangePointDetectionSubmitCaseAttachButton');
+    },
+
     async assertApplyTimeRangeControl(expectedValue: boolean) {
       const isChecked = await testSubjects.isEuiSwitchChecked(
         `aiopsChangePointDetectionAttachToDashboardApplyTimeRangeSwitch`
@@ -281,5 +294,15 @@ export function ChangePointDetectionPageProvider(
         `aiopsChangePointPanel_${index}`
       );
     },
+
+    async attachChartsToCases(panelIndex: number, params: CreateCaseParams) {
+      await this.assertPanelExist(panelIndex);
+      await this.openPanelContextMenu(panelIndex);
+      await this.clickAttachChartsButton();
+      await this.clickAttachCasesButton();
+      await this.clickSubmitCaseAttachButton();
+
+      await cases.create.createCaseFromModal(params);
+    },
   };
 }
diff --git a/x-pack/test/functional/services/aiops/log_pattern_analysis_page.ts b/x-pack/test/functional/services/aiops/log_pattern_analysis_page.ts
index 558cfb0af9f0b..f1c62cf63ae5e 100644
--- a/x-pack/test/functional/services/aiops/log_pattern_analysis_page.ts
+++ b/x-pack/test/functional/services/aiops/log_pattern_analysis_page.ts
@@ -8,11 +8,14 @@
 import expect from '@kbn/expect';
 
 import type { FtrProviderContext } from '../../ftr_provider_context';
+import { CreateCaseParams } from '../cases/create';
 
 export function LogPatternAnalysisPageProvider({ getService, getPageObject }: FtrProviderContext) {
   const retry = getService('retry');
   const testSubjects = getService('testSubjects');
   const comboBox = getService('comboBox');
+  const dashboardPage = getPageObject('dashboard');
+  const cases = getService('cases');
 
   type RandomSamplerOption =
     | 'aiopsRandomSamplerOptionOnAutomatic'
@@ -249,5 +252,63 @@ export function LogPatternAnalysisPageProvider({ getService, getPageObject }: Ft
         await testSubjects.missingOrFail('aiopsRandomSamplerOptionsFormRow', { timeout: 1000 });
       });
     },
+
+    async openAttachmentsMenu() {
+      await testSubjects.click('aiopsLogPatternAnalysisAttachmentsMenuButton');
+    },
+
+    async clickAttachToDashboard() {
+      await testSubjects.click('aiopsLogPatternAnalysisAttachToDashboardButton');
+    },
+
+    async clickAttachToCase() {
+      await testSubjects.click('aiopsLogPatternAnalysisAttachToCaseButton');
+    },
+
+    async confirmAttachToDashboard() {
+      await testSubjects.click('aiopsLogPatternAnalysisAttachToDashboardSubmitButton');
+    },
+
+    async completeSaveToDashboardForm(createNew?: boolean) {
+      const dashboardSelector = await testSubjects.find('add-to-dashboard-options');
+      if (createNew) {
+        const label = await dashboardSelector.findByCssSelector(
+          `label[for="new-dashboard-option"]`
+        );
+        await label.click();
+      }
+
+      await testSubjects.click('confirmSaveSavedObjectButton');
+      await retry.waitForWithTimeout('Save modal to disappear', 1000, () =>
+        testSubjects
+          .missingOrFail('confirmSaveSavedObjectButton')
+          .then(() => true)
+          .catch(() => false)
+      );
+
+      // make sure the dashboard page actually loaded
+      const dashboardItemCount = await dashboardPage.getSharedItemsCount();
+      expect(dashboardItemCount).to.not.eql(undefined);
+
+      const embeddable = await testSubjects.find('aiopsEmbeddablePatternAnalysis', 30 * 1000);
+      expect(await embeddable.isDisplayed()).to.eql(
+        true,
+        'Log pattern analysis chart should be displayed in dashboard'
+      );
+    },
+
+    async attachToDashboard() {
+      await this.openAttachmentsMenu();
+      await this.clickAttachToDashboard();
+      await this.confirmAttachToDashboard();
+      await this.completeSaveToDashboardForm(true);
+    },
+
+    async attachToCase(params: CreateCaseParams) {
+      await this.openAttachmentsMenu();
+      await this.clickAttachToCase();
+
+      await cases.create.createCaseFromModal(params);
+    },
   };
 }
diff --git a/x-pack/test/functional/services/ml/cases.ts b/x-pack/test/functional/services/ml/cases.ts
index 6c481df8b99a8..2245410985592 100644
--- a/x-pack/test/functional/services/ml/cases.ts
+++ b/x-pack/test/functional/services/ml/cases.ts
@@ -81,5 +81,18 @@ export function MachineLearningCasesProvider(
         expectedChartsCount
       );
     },
+
+    async assertCaseWithLogPatternAnalysisAttachment(params: CaseParams) {
+      await this.assertBasicCaseProps(params);
+      await testSubjects.existOrFail('comment-persistableState-aiopsPatternAnalysisEmbeddable');
+      await testSubjects.existOrFail('aiopsEmbeddablePatternAnalysis');
+      await testSubjects.existOrFail('aiopsLogPatternsTable');
+    },
+
+    async assertCaseWithChangePointDetectionChartsAttachment(params: CaseParams) {
+      await this.assertBasicCaseProps(params);
+      await testSubjects.existOrFail('comment-persistableState-aiopsChangePointChart');
+      await testSubjects.existOrFail('aiopsEmbeddableChangePointChart');
+    },
   };
 }
diff --git a/x-pack/test/localization/tests/lens/formula.ts b/x-pack/test/localization/tests/lens/formula.ts
index dcb63b2bdb484..6239460f89d63 100644
--- a/x-pack/test/localization/tests/lens/formula.ts
+++ b/x-pack/test/localization/tests/lens/formula.ts
@@ -17,7 +17,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
       await visualize.navigateToNewVisualization();
       await visualize.clickVisType('lens');
       await elasticChart.setNewChartUiDebugFlag(true);
-      await lens.goToTimeRange();
 
       await lens.configureDimension({
         dimension: 'lnsXY_yDimensionPanel > lns-empty-dimension',
diff --git a/x-pack/test/localization/tests/lens/smokescreen.ts b/x-pack/test/localization/tests/lens/smokescreen.ts
index 5e679febb5d63..d3b33a72a7208 100644
--- a/x-pack/test/localization/tests/lens/smokescreen.ts
+++ b/x-pack/test/localization/tests/lens/smokescreen.ts
@@ -170,7 +170,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
     it('should allow creation of lens xy chart', async () => {
       await visualize.navigateToNewVisualization();
       await visualize.clickVisType('lens');
-      await lens.goToTimeRange();
 
       await lens.configureDimension({
         dimension: 'lnsXY_xDimensionPanel > lns-empty-dimension',
@@ -207,7 +206,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
       await visualize.gotoVisualizationLandingPage();
       await listingTable.searchForItemWithName('Afancilenstest');
       await lens.clickVisualizeListItemTitle('Afancilenstest');
-      await lens.goToTimeRange();
       await lens.waitForVisualization('xyVisChart');
 
       expect(await lens.getTitle()).to.eql('Afancilenstest');
@@ -222,7 +220,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
       await visualize.gotoVisualizationLandingPage();
       await listingTable.searchForItemWithName('lnsXYvis');
       await lens.clickVisualizeListItemTitle('lnsXYvis');
-      await lens.goToTimeRange();
       // Change the IP field to filters
       await lens.configureDimension({
         dimension: 'lnsXY_splitDimensionPanel > lns-dimensionTrigger',
@@ -241,7 +238,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
       await visualize.gotoVisualizationLandingPage();
       await listingTable.searchForItemWithName('Artistpreviouslyknownaslens');
       await lens.clickVisualizeListItemTitle('Artistpreviouslyknownaslens');
-      await lens.goToTimeRange();
       await lens.assertLegacyMetric(termTranslator('max', 'bytes'), '19,986');
       await lens.switchToVisualization('lnsDatatable', termTranslator('datatable'));
       expect(await lens.getDatatableHeaderText()).to.eql(termTranslator('max', 'bytes'));
@@ -253,7 +249,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
     it('should transition from a multi-layer stacked bar to a multi-layer line chart and correctly remove all layers', async () => {
       await visualize.navigateToNewVisualization();
       await visualize.clickVisType('lens');
-      await lens.goToTimeRange();
 
       await lens.configureDimension({
         dimension: 'lnsXY_xDimensionPanel > lns-empty-dimension',
@@ -297,7 +292,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
     it('should transition selected layer in a multi layer bar using layer chart switch', async () => {
       await visualize.navigateToNewVisualization();
       await visualize.clickVisType('lens');
-      await lens.goToTimeRange();
 
       await lens.configureDimension({
         dimension: 'lnsXY_xDimensionPanel > lns-empty-dimension',
@@ -345,7 +339,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
       await visualize.gotoVisualizationLandingPage();
       await listingTable.searchForItemWithName('lnsXYvis');
       await lens.clickVisualizeListItemTitle('lnsXYvis');
-      await lens.goToTimeRange();
       await lens.removeDimension('lnsXY_splitDimensionPanel');
       await lens.switchToVisualization('line', termTranslator('line'));
       await lens.configureDimension({
@@ -403,7 +396,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
       await visualize.navigateToNewVisualization();
       await visualize.clickVisType('lens');
       await elasticChart.setNewChartUiDebugFlag(true);
-      await lens.goToTimeRange();
       await lens.switchToVisualization('bar', termTranslator('bar'));
 
       await lens.configureDimension({
@@ -479,7 +471,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
       await visualize.gotoVisualizationLandingPage();
       await listingTable.searchForItemWithName('lnsXYvis');
       await lens.clickVisualizeListItemTitle('lnsXYvis');
-      await lens.goToTimeRange();
       expect(await lens.hasChartSwitchWarning('pie', termTranslator('pie'))).to.eql(true);
       await lens.switchToVisualization('pie', termTranslator('pie'));
 
@@ -506,7 +497,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
       await visualize.gotoVisualizationLandingPage();
       await listingTable.searchForItemWithName('lnsXYvis');
       await lens.clickVisualizeListItemTitle('lnsXYvis');
-      await lens.goToTimeRange();
       await lens.switchToVisualization('line', termTranslator('line'));
       expect(await lens.getTitle()).to.eql('lnsXYvis');
       expect(await lens.getDimensionTriggerText('lnsXY_xDimensionPanel')).to.eql('@timestamp');
@@ -522,7 +512,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
       await visualize.gotoVisualizationLandingPage();
       await listingTable.searchForItemWithName('lnsPieVis');
       await lens.clickVisualizeListItemTitle('lnsPieVis');
-      await lens.goToTimeRange();
       expect(await lens.hasChartSwitchWarning('treemap', termTranslator('treemap'))).to.eql(false);
       await lens.switchToVisualization('treemap', termTranslator('treemap'));
       expect(await lens.getDimensionTriggersTexts('lnsPie_groupByDimensionPanel')).to.eql([
@@ -537,7 +526,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
     it('should create a pie chart and switch to datatable', async () => {
       await visualize.navigateToNewVisualization();
       await visualize.clickVisType('lens');
-      await lens.goToTimeRange();
       await lens.switchToVisualization('pie', termTranslator('pie'));
       await lens.configureDimension({
         dimension: 'lnsPie_sliceByDimensionPanel > lns-empty-dimension',
@@ -567,7 +555,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
     it('should create a heatmap chart and transition to barchart', async () => {
       await visualize.navigateToNewVisualization();
       await visualize.clickVisType('lens');
-      await lens.goToTimeRange();
       await lens.switchToVisualization('heatmap', termTranslator('heatmap'));
 
       await lens.configureDimension({
@@ -596,7 +583,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
     it('should create a valid XY chart with references', async () => {
       await visualize.navigateToNewVisualization();
       await visualize.clickVisType('lens');
-      await lens.goToTimeRange();
 
       await lens.configureDimension({
         dimension: 'lnsXY_xDimensionPanel > lns-empty-dimension',
@@ -631,7 +617,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
     it('should allow formatting on references', async () => {
       await visualize.navigateToNewVisualization();
       await visualize.clickVisType('lens');
-      await lens.goToTimeRange();
       await lens.switchToVisualization('lnsDatatable', termTranslator('datatable'));
 
       await lens.configureDimension({
@@ -677,7 +662,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
     it('should handle edge cases in reference-based operations', async () => {
       await visualize.navigateToNewVisualization();
       await visualize.clickVisType('lens');
-      await lens.goToTimeRange();
 
       await lens.configureDimension({
         dimension: 'lnsXY_xDimensionPanel > lns-empty-dimension',
@@ -713,7 +697,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
     it('should keep the field selection while transitioning to every reference-based operation', async () => {
       await visualize.navigateToNewVisualization();
       await visualize.clickVisType('lens');
-      await lens.goToTimeRange();
 
       await lens.configureDimension({
         dimension: 'lnsXY_xDimensionPanel > lns-empty-dimension',
@@ -748,7 +731,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
     it('should not leave an incomplete column in the visualization config with field-based operation', async () => {
       await visualize.navigateToNewVisualization();
       await visualize.clickVisType('lens');
-      await lens.goToTimeRange();
 
       await lens.configureDimension({
         dimension: 'lnsXY_yDimensionPanel > lns-empty-dimension',
@@ -761,7 +743,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
     it('should revert to previous configuration and not leave an incomplete column in the visualization config with reference-based operations', async () => {
       await visualize.navigateToNewVisualization();
       await visualize.clickVisType('lens');
-      await lens.goToTimeRange();
 
       await lens.configureDimension({
         dimension: 'lnsXY_xDimensionPanel > lns-empty-dimension',
@@ -797,7 +778,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
     it('should transition from unique count to last value', async () => {
       await visualize.navigateToNewVisualization();
       await visualize.clickVisType('lens');
-      await lens.goToTimeRange();
 
       await lens.configureDimension({
         dimension: 'lnsXY_yDimensionPanel > lns-empty-dimension',
@@ -828,7 +808,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
     it('should allow filtering by legend on an xy chart', async () => {
       await visualize.navigateToNewVisualization();
       await visualize.clickVisType('lens');
-      await lens.goToTimeRange();
 
       await lens.configureDimension({
         dimension: 'lnsXY_xDimensionPanel > lns-empty-dimension',
@@ -858,7 +837,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
     it('should allow filtering by legend on a pie chart', async () => {
       await visualize.navigateToNewVisualization();
       await visualize.clickVisType('lens');
-      await lens.goToTimeRange();
       await lens.switchToVisualization('pie', termTranslator('pie'));
 
       await lens.configureDimension({
diff --git a/x-pack/test/plugin_api_integration/test_suites/task_manager/task_management_scheduled_at.ts b/x-pack/test/plugin_api_integration/test_suites/task_manager/task_management_scheduled_at.ts
index a70225035d03c..1a393b126dfda 100644
--- a/x-pack/test/plugin_api_integration/test_suites/task_manager/task_management_scheduled_at.ts
+++ b/x-pack/test/plugin_api_integration/test_suites/task_manager/task_management_scheduled_at.ts
@@ -14,7 +14,8 @@ export default function createTaskManagementScheduledAtTests({ getService }: Ftr
   const esArchiver = getService('esArchiver');
   const retry = getService('retry');
 
-  describe('task management scheduled at', () => {
+  // FLAKY: https://github.com/elastic/kibana/issues/198664
+  describe.skip('task management scheduled at', () => {
     before(async () => {
       await esArchiver.load('x-pack/test/functional/es_archives/task_manager_tasks');
     });
diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/upgrade_review_prebuilt_rules.multi_line_string_fields.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/upgrade_review_prebuilt_rules.multi_line_string_fields.ts
index 55a924cc5e45c..d9c20fc28b43a 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/upgrade_review_prebuilt_rules.multi_line_string_fields.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/upgrade_review_prebuilt_rules.multi_line_string_fields.ts
@@ -10,6 +10,12 @@ import {
   ThreeWayDiffOutcome,
   ThreeWayMergeOutcome,
 } from '@kbn/security-solution-plugin/common/api/detection_engine';
+import {
+  TEXT_XL_A,
+  TEXT_XL_B,
+  TEXT_XL_C,
+  TEXT_XL_MERGED,
+} from '@kbn/security-solution-plugin/server/lib/detection_engine/prebuilt_rules/logic/diff/calculation/algorithms/multi_line_string_diff_algorithm.mock';
 import { FtrProviderContext } from '../../../../../../ftr_provider_context';
 import {
   deleteAllTimelines,
@@ -249,6 +255,56 @@ export default ({ getService }: FtrProviderContext): void => {
             expect(reviewResponse.stats.num_rules_with_conflicts).toBe(1);
             expect(reviewResponse.stats.num_rules_with_non_solvable_conflicts).toBe(0);
           });
+
+          it('should handle long multi-line strings without timing out', async () => {
+            // Install base prebuilt detection rule
+            await createHistoricalPrebuiltRuleAssetSavedObjects(es, [
+              createRuleAssetSavedObject({
+                rule_id: 'rule-1',
+                version: 1,
+                description: TEXT_XL_A,
+              }),
+            ]);
+            await installPrebuiltRules(es, supertest);
+
+            // Customize a multi line string field on the installed rule
+            await patchRule(supertest, log, {
+              rule_id: 'rule-1',
+              description: TEXT_XL_B,
+            });
+
+            // Increment the version of the installed rule, update a multi line string field, and create the new rule assets
+            const updatedRuleAssetSavedObjects = [
+              createRuleAssetSavedObject({
+                rule_id: 'rule-1',
+                version: 2,
+                description: TEXT_XL_C,
+              }),
+            ];
+            await createHistoricalPrebuiltRuleAssetSavedObjects(es, updatedRuleAssetSavedObjects);
+
+            // Call the upgrade review prebuilt rules endpoint and check that one rule is eligible for update
+            // and multi line string field update has no conflict
+            const reviewResponse = await reviewPrebuiltRulesToUpgrade(supertest);
+            expect(reviewResponse.rules[0].diff.fields.description).toEqual({
+              base_version: TEXT_XL_A,
+              current_version: TEXT_XL_B,
+              target_version: TEXT_XL_C,
+              merged_version: TEXT_XL_MERGED,
+              diff_outcome: ThreeWayDiffOutcome.CustomizedValueCanUpdate,
+              merge_outcome: ThreeWayMergeOutcome.Merged,
+              conflict: ThreeWayDiffConflict.SOLVABLE,
+              has_update: true,
+              has_base_version: true,
+            });
+            expect(reviewResponse.rules[0].diff.num_fields_with_updates).toBe(2);
+            expect(reviewResponse.rules[0].diff.num_fields_with_conflicts).toBe(1);
+            expect(reviewResponse.rules[0].diff.num_fields_with_non_solvable_conflicts).toBe(0);
+
+            expect(reviewResponse.stats.num_rules_to_upgrade_total).toBe(1);
+            expect(reviewResponse.stats.num_rules_with_conflicts).toBe(1);
+            expect(reviewResponse.stats.num_rules_with_non_solvable_conflicts).toBe(0);
+          });
         });
 
         describe('when all versions are not mergable', () => {
diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/trial_license_complete_tier/import_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/trial_license_complete_tier/import_rules.ts
index 038ed1787843a..2dc5358f0f7ad 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/trial_license_complete_tier/import_rules.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/trial_license_complete_tier/import_rules.ts
@@ -1215,6 +1215,58 @@ export default ({ getService }: FtrProviderContext): void => {
           });
         });
 
+        it('should be able to import a rule with both single space and space agnostic exception lists', async () => {
+          const ndjson = combineToNdJson(
+            getCustomQueryRuleParams({
+              exceptions_list: [
+                {
+                  id: 'agnostic',
+                  list_id: 'test_list_agnostic_id',
+                  type: 'detection',
+                  namespace_type: 'agnostic',
+                },
+                {
+                  id: 'single',
+                  list_id: 'test_list_id',
+                  type: 'rule_default',
+                  namespace_type: 'single',
+                },
+              ],
+            }),
+            { ...getImportExceptionsListSchemaMock('test_list_id'), type: 'rule_default' },
+            getImportExceptionsListItemNewerVersionSchemaMock('test_item_id', 'test_list_id'),
+            {
+              ...getImportExceptionsListSchemaMock('test_list_agnostic_id'),
+              type: 'detection',
+              namespace_type: 'agnostic',
+            },
+            {
+              ...getImportExceptionsListItemNewerVersionSchemaMock(
+                'test_item_id',
+                'test_list_agnostic_id'
+              ),
+              namespace_type: 'agnostic',
+            }
+          );
+
+          const { body } = await supertest
+            .post(`${DETECTION_ENGINE_RULES_URL}/_import`)
+            .set('kbn-xsrf', 'true')
+            .set('elastic-api-version', '2023-10-31')
+            .attach('file', Buffer.from(ndjson), 'rules.ndjson')
+            .expect(200);
+
+          expect(body).toMatchObject({
+            success: true,
+            success_count: 1,
+            rules_count: 1,
+            errors: [],
+            exceptions_errors: [],
+            exceptions_success: true,
+            exceptions_success_count: 2,
+          });
+        });
+
         it('should only remove non existent exception list references from rule', async () => {
           // create an exception list
           const { body: exceptionBody } = await supertest
diff --git a/x-pack/test/security_solution_api_integration/test_suites/edr_workflows/authentication/trial_license_complete_tier/endpoint_authz.ts b/x-pack/test/security_solution_api_integration/test_suites/edr_workflows/authentication/trial_license_complete_tier/endpoint_authz.ts
index c8dd877849b35..df2f55ccb8d04 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/edr_workflows/authentication/trial_license_complete_tier/endpoint_authz.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/edr_workflows/authentication/trial_license_complete_tier/endpoint_authz.ts
@@ -9,7 +9,6 @@ import { wrapErrorAndRejectPromise } from '@kbn/security-solution-plugin/common/
 import {
   ACTION_DETAILS_ROUTE,
   ACTION_STATUS_ROUTE,
-  AGENT_POLICY_SUMMARY_ROUTE,
   BASE_ENDPOINT_ACTION_ROUTE,
   BASE_POLICY_RESPONSE_ROUTE,
   EXECUTE_ROUTE,
@@ -145,15 +144,6 @@ export default function ({ getService }: FtrProviderContext) {
       },
     ];
 
-    const superuserApiList: ApiCallsInterface[] = [
-      {
-        method: 'get',
-        path: `${AGENT_POLICY_SUMMARY_ROUTE}?package_name=endpoint`,
-        version: '2023-10-31',
-        body: undefined,
-      },
-    ];
-
     function replacePathIds(path: string) {
       return path.replace('{action_id}', actionId).replace('{agentId}', agentId);
     }
@@ -188,7 +178,6 @@ export default function ({ getService }: FtrProviderContext) {
         ...canReadActionsLogManagementApiList,
         ...canIsolateHostApiList,
         ...canWriteProcessOperationsApiList,
-        ...superuserApiList,
       ]) {
         it(`should return 403 when [${apiListItem.method.toUpperCase()} ${
           apiListItem.path
@@ -224,11 +213,7 @@ export default function ({ getService }: FtrProviderContext) {
     });
 
     describe('with minimal_all and actions_log_management_read', () => {
-      for (const apiListItem of [
-        ...canIsolateHostApiList,
-        ...canWriteProcessOperationsApiList,
-        ...superuserApiList,
-      ]) {
+      for (const apiListItem of [...canIsolateHostApiList, ...canWriteProcessOperationsApiList]) {
         it(`should return 403 when [${apiListItem.method.toUpperCase()} ${
           apiListItem.path
         }]`, async () => {
@@ -265,24 +250,6 @@ export default function ({ getService }: FtrProviderContext) {
     });
 
     describe('with minimal_all, actions_log_management_all, host_isolation_all, and process_operations_all', () => {
-      for (const apiListItem of superuserApiList) {
-        it(`should return 403 when [${apiListItem.method.toUpperCase()} ${
-          apiListItem.path
-        }]`, async () => {
-          await endpointOperationsAnalystSupertest[apiListItem.method](
-            replacePathIds(apiListItem.path)
-          )
-            .set('kbn-xsrf', 'xxx')
-            .send(getBodyPayload(apiListItem))
-            .expect(403, {
-              statusCode: 403,
-              error: 'Forbidden',
-              message: 'Endpoint authorization failure',
-            })
-            .catch(wrapErrorAndRejectPromise);
-        });
-      }
-
       for (const apiListItem of [
         ...canReadSecuritySolutionApiList,
         ...canReadActionsLogManagementApiList,
@@ -330,17 +297,6 @@ export default function ({ getService }: FtrProviderContext) {
             .expect(200);
         });
       }
-      for (const apiListItem of [...superuserApiList]) {
-        // Admin user has no access to these APIs
-        it(`@skipInServerless should return 200 when [${apiListItem.method.toUpperCase()} ${
-          apiListItem.path
-        }]`, async () => {
-          await adminSupertest[apiListItem.method](replacePathIds(apiListItem.path))
-            .set('kbn-xsrf', 'xxx')
-            .send(getBodyPayload(apiListItem))
-            .expect(200);
-        });
-      }
     });
   });
 }
diff --git a/x-pack/test/security_solution_api_integration/test_suites/edr_workflows/resolver/trial_license_complete_tier/entity.ts b/x-pack/test/security_solution_api_integration/test_suites/edr_workflows/resolver/trial_license_complete_tier/entity.ts
index 680a439e326f5..141c9c0d864ef 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/edr_workflows/resolver/trial_license_complete_tier/entity.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/edr_workflows/resolver/trial_license_complete_tier/entity.ts
@@ -15,7 +15,7 @@ export default function ({ getService }: FtrProviderContext) {
   const esArchiver = getService('esArchiver');
   const utils = getService('securitySolutionUtils');
 
-  describe('@ess @serverless Resolver tests for the entity route', function () {
+  describe('@ess @serverless @serverlessQA Resolver tests for the entity route', function () {
     let adminSupertest: TestAgent;
 
     before(async () => {
diff --git a/x-pack/test/security_solution_api_integration/test_suites/edr_workflows/resolver/trial_license_complete_tier/entity_id.ts b/x-pack/test/security_solution_api_integration/test_suites/edr_workflows/resolver/trial_license_complete_tier/entity_id.ts
index 05e7c72c98d4b..6ed414f6a0abd 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/edr_workflows/resolver/trial_license_complete_tier/entity_id.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/edr_workflows/resolver/trial_license_complete_tier/entity_id.ts
@@ -38,7 +38,7 @@ export default function ({ getService }: FtrProviderContext) {
     }
   };
 
-  describe('@ess @serverless Resolver handling of entity ids', function () {
+  describe('@ess @serverless @serverlessQA Resolver handling of entity ids', function () {
     let adminSupertest: TestAgent;
 
     before(async () => {
diff --git a/x-pack/test/security_solution_api_integration/test_suites/edr_workflows/resolver/trial_license_complete_tier/events.ts b/x-pack/test/security_solution_api_integration/test_suites/edr_workflows/resolver/trial_license_complete_tier/events.ts
index 91345c22ac82b..7e5848b5016a3 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/edr_workflows/resolver/trial_license_complete_tier/events.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/edr_workflows/resolver/trial_license_complete_tier/events.ts
@@ -52,7 +52,7 @@ export default function ({ getService }: FtrProviderContext) {
     ancestryArraySize: 2,
   };
 
-  describe('@ess @serverless event route', function () {
+  describe('@ess @serverless @serverlessQA event route', function () {
     let entityIDFilterArray: JsonObject[] | undefined;
     let entityIDFilter: string | undefined;
     let adminSupertest: TestAgent;
diff --git a/x-pack/test/security_solution_api_integration/test_suites/edr_workflows/resolver/trial_license_complete_tier/tree.ts b/x-pack/test/security_solution_api_integration/test_suites/edr_workflows/resolver/trial_license_complete_tier/tree.ts
index 8ecfab9335a79..aa68fbc692ae5 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/edr_workflows/resolver/trial_license_complete_tier/tree.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/edr_workflows/resolver/trial_license_complete_tier/tree.ts
@@ -56,7 +56,7 @@ export default function ({ getService }: FtrProviderContext) {
     alwaysGenMaxChildrenPerNode: true,
     ancestryArraySize: 2,
   };
-  describe('@ess @serverless Resolver tree', function () {
+  describe('@ess @serverless @serverlessQA Resolver tree', function () {
     let adminSupertest: TestAgent;
 
     before(async () => {
diff --git a/x-pack/test/security_solution_api_integration/test_suites/edr_workflows/response_actions/trial_license_complete_tier/agent_type_support.ts b/x-pack/test/security_solution_api_integration/test_suites/edr_workflows/response_actions/trial_license_complete_tier/agent_type_support.ts
index c006ecb88ad84..9fbc8e3f15507 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/edr_workflows/response_actions/trial_license_complete_tier/agent_type_support.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/edr_workflows/response_actions/trial_license_complete_tier/agent_type_support.ts
@@ -10,7 +10,7 @@ import TestAgent from 'supertest/lib/agent';
 import { FtrProviderContext } from '../../../../ftr_provider_context_edr_workflows';
 
 export default function ({ getService }: FtrProviderContext) {
-  describe('@ess @serverless Response Actions support for sentinelOne agentType', function () {
+  describe('@ess @serverless @serverlessQA Response Actions support for sentinelOne agentType', function () {
     const utils = getService('securitySolutionUtils');
 
     let adminSupertest: TestAgent;
diff --git a/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/risk_engine/trial_license_complete_tier/asset_criticality_csv_upload.ts b/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/risk_engine/trial_license_complete_tier/asset_criticality_csv_upload.ts
index 496cde9a79e13..737458f75a516 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/risk_engine/trial_license_complete_tier/asset_criticality_csv_upload.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/risk_engine/trial_license_complete_tier/asset_criticality_csv_upload.ts
@@ -102,36 +102,36 @@ export default ({ getService }: FtrProviderContext) => {
 
       expect(body.errors).toEqual([
         {
-          index: 0,
+          index: 1,
           message:
             'Invalid criticality level "invalid_criticality", expected one of extreme_impact, high_impact, medium_impact, low_impact',
         },
         {
-          index: 1,
+          index: 2,
           message: 'Invalid entity type "invalid_entity", expected host or user',
         },
         {
-          index: 2,
+          index: 3,
           message: 'Missing identifier',
         },
         {
-          index: 3,
+          index: 4,
           message: 'Missing criticality level',
         },
         {
-          index: 4,
+          index: 5,
           message: 'Missing entity type',
         },
         {
-          index: 5,
+          index: 6,
           message: 'Expected 3 columns, got 2',
         },
         {
-          index: 6,
+          index: 7,
           message: 'Expected 3 columns, got 4',
         },
         {
-          index: 7,
+          index: 8,
           message: `Identifier is too long, expected less than 1000 characters, got 1001`,
         },
       ]);
@@ -154,7 +154,7 @@ export default ({ getService }: FtrProviderContext) => {
 
       expect(body.errors).toEqual([
         {
-          index: 1,
+          index: 2,
           message:
             'Invalid criticality level "invalid_criticality", expected one of extreme_impact, high_impact, medium_impact, low_impact',
         },
diff --git a/x-pack/test/security_solution_api_integration/test_suites/genai/knowledge_base/entries/trial_license_complete_tier/configs/ess.config.ts b/x-pack/test/security_solution_api_integration/test_suites/genai/knowledge_base/entries/trial_license_complete_tier/configs/ess.config.ts
index 7954db769a6d5..c466c21480816 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/genai/knowledge_base/entries/trial_license_complete_tier/configs/ess.config.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/genai/knowledge_base/entries/trial_license_complete_tier/configs/ess.config.ts
@@ -28,9 +28,6 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) {
               )
           ),
         '--elasticsearch.hosts=http://localhost:9220',
-        `--xpack.securitySolution.enableExperimental=${JSON.stringify([
-          'assistantKnowledgeBaseByDefault',
-        ])}`,
       ],
     },
     testFiles: [require.resolve('..')],
diff --git a/x-pack/test/security_solution_api_integration/test_suites/genai/knowledge_base/entries/trial_license_complete_tier/configs/serverless.config.ts b/x-pack/test/security_solution_api_integration/test_suites/genai/knowledge_base/entries/trial_license_complete_tier/configs/serverless.config.ts
index 0c09bbaeceaee..f4c1860fe7c6a 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/genai/knowledge_base/entries/trial_license_complete_tier/configs/serverless.config.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/genai/knowledge_base/entries/trial_license_complete_tier/configs/serverless.config.ts
@@ -9,9 +9,6 @@ import { createTestConfig } from '../../../../../../config/serverless/config.bas
 
 export default createTestConfig({
   kbnTestServerArgs: [
-    `--xpack.securitySolution.enableExperimental=${JSON.stringify([
-      'assistantKnowledgeBaseByDefault',
-    ])}`,
     `--xpack.securitySolutionServerless.productTypes=${JSON.stringify([
       { product_line: 'security', product_tier: 'complete' },
       { product_line: 'endpoint', product_tier: 'complete' },
diff --git a/x-pack/test/security_solution_api_integration/test_suites/genai/knowledge_base/entries/trial_license_complete_tier/mocks/entries.ts b/x-pack/test/security_solution_api_integration/test_suites/genai/knowledge_base/entries/trial_license_complete_tier/mocks/entries.ts
index 27db88ec7150e..570d9d8b5f30d 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/genai/knowledge_base/entries/trial_license_complete_tier/mocks/entries.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/genai/knowledge_base/entries/trial_license_complete_tier/mocks/entries.ts
@@ -39,9 +39,3 @@ export const indexEntry: IndexEntryCreateFields = {
   queryDescription: 'Use sample-field to search in sample-index',
   users: undefined,
 };
-
-export const globalIndexEntry: IndexEntryCreateFields = {
-  ...indexEntry,
-  name: 'Sample Global Index Entry',
-  users: [],
-};
diff --git a/x-pack/test/security_solution_cypress/cypress/cypress.config.ts b/x-pack/test/security_solution_cypress/cypress/cypress.config.ts
index ef9a5b6130966..3b42b205e6030 100644
--- a/x-pack/test/security_solution_cypress/cypress/cypress.config.ts
+++ b/x-pack/test/security_solution_cypress/cypress/cypress.config.ts
@@ -7,6 +7,7 @@
 
 import { defineCypressConfig } from '@kbn/cypress-config';
 import { esArchiver } from './support/es_archiver';
+import { esClient } from './support/es_client';
 
 export default defineCypressConfig({
   chromeWebSecurity: false,
@@ -31,6 +32,7 @@ export default defineCypressConfig({
     experimentalCspAllowList: ['default-src', 'script-src', 'script-src-elem'],
     setupNodeEvents(on, config) {
       esArchiver(on, config);
+      esClient(on, config);
       on('before:browser:launch', (browser, launchOptions) => {
         if (browser.name === 'chrome' && browser.isHeadless) {
           launchOptions.args.push('--window-size=1920,1200');
diff --git a/x-pack/test/security_solution_cypress/cypress/cypress_ci.config.ts b/x-pack/test/security_solution_cypress/cypress/cypress_ci.config.ts
index 3fae578ab1145..d621b844786dd 100644
--- a/x-pack/test/security_solution_cypress/cypress/cypress_ci.config.ts
+++ b/x-pack/test/security_solution_cypress/cypress/cypress_ci.config.ts
@@ -7,6 +7,7 @@
 
 import { defineCypressConfig } from '@kbn/cypress-config';
 import { esArchiver } from './support/es_archiver';
+import { esClient } from './support/es_client';
 
 // eslint-disable-next-line import/no-default-export
 export default defineCypressConfig({
@@ -40,6 +41,7 @@ export default defineCypressConfig({
     specPattern: './cypress/e2e/**/*.cy.ts',
     setupNodeEvents(on, config) {
       esArchiver(on, config);
+      esClient(on, config);
       on('before:browser:launch', (browser, launchOptions) => {
         if (browser.name === 'chrome' && browser.isHeadless) {
           launchOptions.args.push('--window-size=1920,1200');
diff --git a/x-pack/test/security_solution_cypress/cypress/cypress_ci_serverless.config.ts b/x-pack/test/security_solution_cypress/cypress/cypress_ci_serverless.config.ts
index a5d59ca4dd4c6..2786ce7539092 100644
--- a/x-pack/test/security_solution_cypress/cypress/cypress_ci_serverless.config.ts
+++ b/x-pack/test/security_solution_cypress/cypress/cypress_ci_serverless.config.ts
@@ -8,6 +8,7 @@
 import { defineCypressConfig } from '@kbn/cypress-config';
 import { esArchiver } from './support/es_archiver';
 import { samlAuthentication } from './support/saml_auth';
+import { esClient } from './support/es_client';
 
 // eslint-disable-next-line import/no-default-export
 export default defineCypressConfig({
@@ -54,6 +55,8 @@ export default defineCypressConfig({
         return launchOptions;
       });
       samlAuthentication(on, config);
+      process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';
+      esClient(on, config);
       // eslint-disable-next-line @typescript-eslint/no-var-requires
       require('@cypress/grep/src/plugin')(config);
       return config;
diff --git a/x-pack/test/security_solution_cypress/cypress/cypress_ci_serverless_qa.config.ts b/x-pack/test/security_solution_cypress/cypress/cypress_ci_serverless_qa.config.ts
index c2ad97b6ddb05..2e76bcf87bf1f 100644
--- a/x-pack/test/security_solution_cypress/cypress/cypress_ci_serverless_qa.config.ts
+++ b/x-pack/test/security_solution_cypress/cypress/cypress_ci_serverless_qa.config.ts
@@ -8,6 +8,7 @@
 import { defineCypressConfig } from '@kbn/cypress-config';
 import { esArchiver } from './support/es_archiver';
 import { samlAuthentication } from './support/saml_auth';
+import { esClient } from './support/es_client';
 
 // eslint-disable-next-line import/no-default-export
 export default defineCypressConfig({
@@ -56,6 +57,7 @@ export default defineCypressConfig({
         return launchOptions;
       });
       samlAuthentication(on, config);
+      esClient(on, config);
       process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';
       // eslint-disable-next-line @typescript-eslint/no-var-requires
       require('@cypress/grep/src/plugin')(config);
diff --git a/x-pack/test/security_solution_cypress/cypress/cypress_serverless.config.ts b/x-pack/test/security_solution_cypress/cypress/cypress_serverless.config.ts
index 5ca79319c8c32..dda12e04890c6 100644
--- a/x-pack/test/security_solution_cypress/cypress/cypress_serverless.config.ts
+++ b/x-pack/test/security_solution_cypress/cypress/cypress_serverless.config.ts
@@ -8,6 +8,7 @@
 import { defineCypressConfig } from '@kbn/cypress-config';
 import { esArchiver } from './support/es_archiver';
 import { samlAuthentication } from './support/saml_auth';
+import { esClient } from './support/es_client';
 
 // eslint-disable-next-line import/no-default-export
 export default defineCypressConfig({
@@ -33,6 +34,7 @@ export default defineCypressConfig({
     experimentalMemoryManagement: true,
     setupNodeEvents(on, config) {
       esArchiver(on, config);
+      esClient(on, config);
       on('before:browser:launch', (browser, launchOptions) => {
         if (browser.name === 'chrome' && browser.isHeadless) {
           launchOptions.args.push('--window-size=1920,1200');
@@ -46,6 +48,7 @@ export default defineCypressConfig({
         return launchOptions;
       });
       samlAuthentication(on, config);
+      process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';
       // eslint-disable-next-line @typescript-eslint/no-var-requires
       require('@cypress/grep/src/plugin')(config);
       return config;
diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/exceptions/shared_exception_lists_management/shared_exception_list_page/manage_lists.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/exceptions/shared_exception_lists_management/shared_exception_list_page/manage_lists.cy.ts
index d97481d5489bf..5682a89fd6990 100644
--- a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/exceptions/shared_exception_lists_management/shared_exception_list_page/manage_lists.cy.ts
+++ b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/exceptions/shared_exception_lists_management/shared_exception_list_page/manage_lists.cy.ts
@@ -6,6 +6,7 @@
  */
 
 import { ExceptionListSchema } from '@kbn/securitysolution-io-ts-list-types';
+import { getUsername } from '../../../../../../tasks/common';
 import {
   expectedExportedExceptionList,
   getExceptionList,
@@ -97,11 +98,12 @@ describe(
         exportExceptionList(getExceptionList1().list_id);
 
         cy.wait('@export').then(({ response }) => {
-          cy.wrap(response?.body).should(
-            'eql',
-            expectedExportedExceptionList(exceptionListResponse)
-          );
-
+          getUsername('admin').then((username) => {
+            cy.wrap(response?.body).should(
+              'eql',
+              expectedExportedExceptionList(exceptionListResponse, username as string)
+            );
+          });
           cy.get(TOASTER).should(
             'have.text',
             `Exception list "${EXCEPTION_LIST_NAME}" exported successfully`
diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/common_flows_supression_ess_basic.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/common_flows_supression_ess_basic.cy.ts
index a4e7a7dabb5fe..99f9e1c145796 100644
--- a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/common_flows_supression_ess_basic.cy.ts
+++ b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/common_flows_supression_ess_basic.cy.ts
@@ -7,8 +7,9 @@
 
 import {
   THRESHOLD_ENABLE_SUPPRESSION_CHECKBOX,
-  ALERT_SUPPRESSION_DURATION_INPUT,
+  ALERT_SUPPRESSION_DURATION_VALUE_INPUT,
   MACHINE_LEARNING_TYPE,
+  ALERT_SUPPRESSION_DURATION_UNIT_INPUT,
 } from '../../../../screens/create_new_rule';
 
 import {
@@ -62,8 +63,8 @@ describe(
         // Platinum license is required, tooltip on disabled alert suppression checkbox should tell this
         cy.get(TOOLTIP).contains('Platinum license');
 
-        cy.get(ALERT_SUPPRESSION_DURATION_INPUT).eq(0).should('be.disabled');
-        cy.get(ALERT_SUPPRESSION_DURATION_INPUT).eq(1).should('be.disabled');
+        cy.get(ALERT_SUPPRESSION_DURATION_VALUE_INPUT).should('be.disabled');
+        cy.get(ALERT_SUPPRESSION_DURATION_UNIT_INPUT).should('be.disabled');
       });
     });
   }
diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/machine_learning_rule_suppression.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/machine_learning_rule_suppression.cy.ts
index 45ccc2c5aba8d..3ce0003dccf90 100644
--- a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/machine_learning_rule_suppression.cy.ts
+++ b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/machine_learning_rule_suppression.cy.ts
@@ -8,8 +8,8 @@
 import { getMachineLearningRule } from '../../../../objects/rule';
 import { TOOLTIP } from '../../../../screens/common';
 import {
-  ALERT_SUPPRESSION_FIELDS,
   ALERT_SUPPRESSION_FIELDS_INPUT,
+  ALERT_SUPPRESSION_WARNING,
 } from '../../../../screens/create_new_rule';
 import {
   DEFINITION_DETAILS,
@@ -102,7 +102,7 @@ describe(
 
           it('displays a warning message on the suppression fields', () => {
             cy.get(ALERT_SUPPRESSION_FIELDS_INPUT).should('be.enabled');
-            cy.get(ALERT_SUPPRESSION_FIELDS).should(
+            cy.get(ALERT_SUPPRESSION_WARNING).should(
               'contain.text',
               'This list of fields might be incomplete as some Machine Learning jobs are not running. Start all relevant jobs for a complete list.'
             );
diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_edit/esql_rule.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_edit/esql_rule.cy.ts
index 34f301602b692..33589e6655174 100644
--- a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_edit/esql_rule.cy.ts
+++ b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_edit/esql_rule.cy.ts
@@ -18,9 +18,10 @@ import {
 
 import {
   ESQL_QUERY_BAR,
-  ALERT_SUPPRESSION_DURATION_INPUT,
   ALERT_SUPPRESSION_FIELDS,
   ALERT_SUPPRESSION_MISSING_FIELDS_SUPPRESS,
+  ALERT_SUPPRESSION_DURATION_VALUE_INPUT,
+  ALERT_SUPPRESSION_DURATION_UNIT_INPUT,
 } from '../../../../screens/create_new_rule';
 
 import { createRule } from '../../../../tasks/api_calls/rules';
@@ -136,9 +137,8 @@ describe.skip(
         editFirstRule();
 
         // check saved suppression settings
-        cy.get(ALERT_SUPPRESSION_DURATION_INPUT).eq(0).should('be.enabled').should('have.value', 3);
-        cy.get(ALERT_SUPPRESSION_DURATION_INPUT)
-          .eq(1)
+        cy.get(ALERT_SUPPRESSION_DURATION_VALUE_INPUT).should('be.enabled').should('have.value', 3);
+        cy.get(ALERT_SUPPRESSION_DURATION_UNIT_INPUT)
           .should('be.enabled')
           .should('have.value', 'h');
         cy.get(ALERT_SUPPRESSION_FIELDS).should('contain', SUPPRESS_BY_FIELDS.join(''));
diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_edit/indicator_match_rule.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_edit/indicator_match_rule.cy.ts
index 648fa51f0abb1..674d3a014fa28 100644
--- a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_edit/indicator_match_rule.cy.ts
+++ b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_edit/indicator_match_rule.cy.ts
@@ -15,7 +15,8 @@ import {
 } from '../../../../screens/rule_details';
 
 import {
-  ALERT_SUPPRESSION_DURATION_INPUT,
+  ALERT_SUPPRESSION_DURATION_UNIT_INPUT,
+  ALERT_SUPPRESSION_DURATION_VALUE_INPUT,
   ALERT_SUPPRESSION_FIELDS,
   ALERT_SUPPRESSION_MISSING_FIELDS_DO_NOT_SUPPRESS,
 } from '../../../../screens/create_new_rule';
@@ -113,12 +114,10 @@ describe(
         goToRuleEditSettings();
 
         // check saved suppression settings
-        cy.get(ALERT_SUPPRESSION_DURATION_INPUT)
-          .eq(0)
+        cy.get(ALERT_SUPPRESSION_DURATION_VALUE_INPUT)
           .should('be.enabled')
           .should('have.value', 360);
-        cy.get(ALERT_SUPPRESSION_DURATION_INPUT)
-          .eq(1)
+        cy.get(ALERT_SUPPRESSION_DURATION_UNIT_INPUT)
           .should('be.enabled')
           .should('have.value', 's');
 
diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_edit/machine_learning_rule.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_edit/machine_learning_rule.cy.ts
index 7410d9fefae6d..e7c6d0d208dd1 100644
--- a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_edit/machine_learning_rule.cy.ts
+++ b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_edit/machine_learning_rule.cy.ts
@@ -7,7 +7,8 @@
 
 import { getMachineLearningRule } from '../../../../objects/rule';
 import {
-  ALERT_SUPPRESSION_DURATION_INPUT,
+  ALERT_SUPPRESSION_DURATION_UNIT_INPUT,
+  ALERT_SUPPRESSION_DURATION_VALUE_INPUT,
   ALERT_SUPPRESSION_FIELDS,
   ALERT_SUPPRESSION_MISSING_FIELDS_DO_NOT_SUPPRESS,
 } from '../../../../screens/create_new_rule';
@@ -109,12 +110,10 @@ describe(
 
       it('allows editing of a rule to change its suppression configuration', () => {
         // check saved suppression settings
-        cy.get(ALERT_SUPPRESSION_DURATION_INPUT)
-          .eq(0)
+        cy.get(ALERT_SUPPRESSION_DURATION_VALUE_INPUT)
           .should('be.enabled')
           .should('have.value', 360);
-        cy.get(ALERT_SUPPRESSION_DURATION_INPUT)
-          .eq(1)
+        cy.get(ALERT_SUPPRESSION_DURATION_UNIT_INPUT)
           .should('be.enabled')
           .should('have.value', 's');
 
@@ -135,12 +134,10 @@ describe(
 
       it('allows editing of a rule to remove suppression configuration', () => {
         // check saved suppression settings
-        cy.get(ALERT_SUPPRESSION_DURATION_INPUT)
-          .eq(0)
+        cy.get(ALERT_SUPPRESSION_DURATION_VALUE_INPUT)
           .should('be.enabled')
           .should('have.value', 360);
-        cy.get(ALERT_SUPPRESSION_DURATION_INPUT)
-          .eq(1)
+        cy.get(ALERT_SUPPRESSION_DURATION_UNIT_INPUT)
           .should('be.enabled')
           .should('have.value', 's');
 
diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_edit/new_terms_rule.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_edit/new_terms_rule.cy.ts
index a6ec738a3402d..9bea17601043f 100644
--- a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_edit/new_terms_rule.cy.ts
+++ b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_edit/new_terms_rule.cy.ts
@@ -15,7 +15,8 @@ import {
 } from '../../../../screens/rule_details';
 
 import {
-  ALERT_SUPPRESSION_DURATION_INPUT,
+  ALERT_SUPPRESSION_DURATION_UNIT_INPUT,
+  ALERT_SUPPRESSION_DURATION_VALUE_INPUT,
   ALERT_SUPPRESSION_FIELDS,
   ALERT_SUPPRESSION_MISSING_FIELDS_SUPPRESS,
 } from '../../../../screens/create_new_rule';
@@ -69,12 +70,10 @@ describe(
         editFirstRule();
 
         // check saved suppression settings
-        cy.get(ALERT_SUPPRESSION_DURATION_INPUT)
-          .eq(0)
+        cy.get(ALERT_SUPPRESSION_DURATION_VALUE_INPUT)
           .should('be.enabled')
           .should('have.value', 20);
-        cy.get(ALERT_SUPPRESSION_DURATION_INPUT)
-          .eq(1)
+        cy.get(ALERT_SUPPRESSION_DURATION_UNIT_INPUT)
           .should('be.enabled')
           .should('have.value', 'm');
         cy.get(ALERT_SUPPRESSION_FIELDS).should('contain', SUPPRESS_BY_FIELDS.join(''));
diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_edit/threshold_rule.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_edit/threshold_rule.cy.ts
index dcc35a9e00080..727a8828f5231 100644
--- a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_edit/threshold_rule.cy.ts
+++ b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_edit/threshold_rule.cy.ts
@@ -14,11 +14,12 @@ import {
 } from '../../../../screens/rule_details';
 
 import {
-  ALERT_SUPPRESSION_DURATION_INPUT,
   THRESHOLD_ENABLE_SUPPRESSION_CHECKBOX,
   ALERT_SUPPRESSION_DURATION_PER_RULE_EXECUTION,
   ALERT_SUPPRESSION_DURATION_PER_TIME_INTERVAL,
   ALERT_SUPPRESSION_FIELDS,
+  ALERT_SUPPRESSION_DURATION_VALUE_INPUT,
+  ALERT_SUPPRESSION_DURATION_UNIT_INPUT,
 } from '../../../../screens/create_new_rule';
 
 import { createRule } from '../../../../tasks/api_calls/rules';
@@ -54,7 +55,7 @@ describe(
         editFirstRule();
 
         // suppression fields are hidden since threshold fields used for suppression
-        cy.get(ALERT_SUPPRESSION_FIELDS).should('not.be.visible');
+        cy.get(ALERT_SUPPRESSION_FIELDS).should('not.exist');
 
         enablesAndPopulatesThresholdSuppression(60, 'm');
 
@@ -89,12 +90,10 @@ describe(
 
         // ensures enable suppression checkbox is checked and suppression options displayed correctly
         cy.get(THRESHOLD_ENABLE_SUPPRESSION_CHECKBOX).should('be.enabled').should('be.checked');
-        cy.get(ALERT_SUPPRESSION_DURATION_INPUT)
-          .eq(0)
+        cy.get(ALERT_SUPPRESSION_DURATION_VALUE_INPUT)
           .should('be.enabled')
           .should('have.value', 360);
-        cy.get(ALERT_SUPPRESSION_DURATION_INPUT)
-          .eq(1)
+        cy.get(ALERT_SUPPRESSION_DURATION_UNIT_INPUT)
           .should('be.enabled')
           .should('have.value', 's');
 
diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/explore/cases/creation.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/explore/cases/creation.cy.ts
index c0895ec187365..05d2cddc8eaca 100644
--- a/x-pack/test/security_solution_cypress/cypress/e2e/explore/cases/creation.cy.ts
+++ b/x-pack/test/security_solution_cypress/cypress/e2e/explore/cases/creation.cy.ts
@@ -51,18 +51,9 @@ import {
 import { visit, visitWithTimeRange } from '../../../tasks/navigation';
 
 import { CASES_URL, OVERVIEW_URL } from '../../../urls/navigation';
-import { ELASTICSEARCH_USERNAME, IS_SERVERLESS } from '../../../env_var_names_constants';
 import { deleteCases } from '../../../tasks/api_calls/cases';
 import { login } from '../../../tasks/login';
-
-const isServerless = Cypress.env(IS_SERVERLESS);
-const getUsername = () => {
-  if (isServerless) {
-    return cy.task('getFullname');
-  } else {
-    return cy.wrap(Cypress.env(ELASTICSEARCH_USERNAME));
-  }
-};
+import { getFullname } from '../../../tasks/common';
 
 // Tracked by https://github.com/elastic/security-team/issues/7696
 describe('Cases', { tags: ['@ess', '@serverless'] }, () => {
@@ -120,7 +111,7 @@ describe('Cases', { tags: ['@ess', '@serverless'] }, () => {
       `${this.mycase.description} ${this.mycase.timeline.title}`
     );
 
-    getUsername().then((username) => {
+    getFullname('platform_engineer').then((username) => {
       cy.get(CASE_DETAILS_USERNAMES).eq(REPORTER).should('contain', username);
       cy.get(CASE_DETAILS_USERNAMES).eq(PARTICIPANTS).should('contain', username);
     });
diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/investigations/timeline_templates/export.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/investigations/timeline_templates/export.cy.ts
index 7aff512667068..3c407a7506762 100644
--- a/x-pack/test/security_solution_cypress/cypress/e2e/investigations/timeline_templates/export.cy.ts
+++ b/x-pack/test/security_solution_cypress/cypress/e2e/investigations/timeline_templates/export.cy.ts
@@ -13,6 +13,7 @@ import { expectedExportedTimelineTemplate } from '../../../objects/timeline';
 import { TIMELINE_TEMPLATES_URL } from '../../../urls/navigation';
 import { createTimelineTemplate, deleteTimelines } from '../../../tasks/api_calls/timelines';
 import { searchByTitle } from '../../../tasks/table_pagination';
+import { getFullname } from '../../../tasks/common';
 
 describe('Export timelines', { tags: ['@ess', '@serverless'] }, () => {
   beforeEach(() => {
@@ -36,11 +37,12 @@ describe('Export timelines', { tags: ['@ess', '@serverless'] }, () => {
 
     cy.wait('@export').then(({ response }) => {
       cy.wrap(response?.statusCode).should('eql', 200);
-
-      cy.wrap(response?.body).should(
-        'eql',
-        expectedExportedTimelineTemplate(this.templateResponse)
-      );
+      getFullname('admin').then((username) => {
+        cy.wrap(response?.body).should(
+          'eql',
+          expectedExportedTimelineTemplate(this.templateResponse, username as string)
+        );
+      });
     });
   });
 });
diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/investigations/timelines/export.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/investigations/timelines/export.cy.ts
index e1e3a5cf2de32..826ca78228b61 100644
--- a/x-pack/test/security_solution_cypress/cypress/e2e/investigations/timelines/export.cy.ts
+++ b/x-pack/test/security_solution_cypress/cypress/e2e/investigations/timelines/export.cy.ts
@@ -21,6 +21,7 @@ import { TIMELINE_CHECKBOX } from '../../../screens/timelines';
 import { createTimeline } from '../../../tasks/api_calls/timelines';
 import { expectedExportedTimeline } from '../../../objects/timeline';
 import { closeToast } from '../../../tasks/common/toast';
+import { getFullname } from '../../../tasks/common';
 
 describe('Export timelines', { tags: ['@ess', '@serverless'] }, () => {
   beforeEach(() => {
@@ -51,7 +52,12 @@ describe('Export timelines', { tags: ['@ess', '@serverless'] }, () => {
     exportTimeline(this.timelineId1);
     cy.wait('@export').then(({ response }) => {
       cy.wrap(response?.statusCode).should('eql', 200);
-      cy.wrap(response?.body).should('eql', expectedExportedTimeline(this.timelineResponse1));
+      getFullname('admin').then((username) => {
+        cy.wrap(response?.body).should(
+          'eql',
+          expectedExportedTimeline(this.timelineResponse1, username as string)
+        );
+      });
     });
     closeToast();
 
@@ -61,7 +67,13 @@ describe('Export timelines', { tags: ['@ess', '@serverless'] }, () => {
     exportSelectedTimelines();
     cy.wait('@export').then(({ response }) => {
       cy.wrap(response?.statusCode).should('eql', 200);
-      cy.wrap(response?.body).should('eql', expectedExportedTimeline(this.timelineResponse1));
+
+      getFullname('admin').then((username) => {
+        cy.wrap(response?.body).should(
+          'eql',
+          expectedExportedTimeline(this.timelineResponse1, username as string)
+        );
+      });
     });
 
     closeToast();
@@ -81,8 +93,17 @@ describe('Export timelines', { tags: ['@ess', '@serverless'] }, () => {
     cy.wait('@export').then(({ response }) => {
       cy.wrap(response?.statusCode).should('eql', 200);
       const timelines = response?.body?.split('\n');
-      assert.deepEqual(JSON.parse(timelines[0]), expectedExportedTimeline(this.timelineResponse2));
-      assert.deepEqual(JSON.parse(timelines[1]), expectedExportedTimeline(this.timelineResponse1));
+
+      getFullname('admin').then((username) => {
+        assert.deepEqual(
+          JSON.parse(timelines[0]),
+          expectedExportedTimeline(this.timelineResponse2, username as string)
+        );
+        assert.deepEqual(
+          JSON.parse(timelines[1]),
+          expectedExportedTimeline(this.timelineResponse1, username as string)
+        );
+      });
     });
   });
 });
diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/investigations/timelines/notes_tab.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/investigations/timelines/notes_tab.cy.ts
index 7bda7c4e4bfc3..7eead20dcb8c1 100644
--- a/x-pack/test/security_solution_cypress/cypress/e2e/investigations/timelines/notes_tab.cy.ts
+++ b/x-pack/test/security_solution_cypress/cypress/e2e/investigations/timelines/notes_tab.cy.ts
@@ -23,6 +23,7 @@ import { createTimeline, deleteTimelines } from '../../../tasks/api_calls/timeli
 import { login } from '../../../tasks/login';
 import { visitTimeline } from '../../../tasks/navigation';
 import { addNotesToTimeline, goToNotesTab } from '../../../tasks/timeline';
+import { getFullname } from '../../../tasks/common';
 
 const author = Cypress.env('ELASTICSEARCH_USERNAME');
 const link = 'https://www.elastic.co/';
@@ -66,8 +67,10 @@ describe('Timeline notes tab', { tags: ['@ess', '@serverless'] }, () => {
   });
 
   it('should render the right author', () => {
-    addNotesToTimeline(getTimelineNonValidQuery().notes);
-    cy.get(NOTES_AUTHOR).first().should('have.text', author);
+    getFullname('admin').then((username) => {
+      addNotesToTimeline(getTimelineNonValidQuery().notes);
+      cy.get(NOTES_AUTHOR).first().should('have.text', username);
+    });
   });
 
   // this test is failing on MKI only, the change was introduced by this EUI PR https://github.com/elastic/kibana/pull/195525
diff --git a/x-pack/test/security_solution_cypress/cypress/objects/exception.ts b/x-pack/test/security_solution_cypress/cypress/objects/exception.ts
index 394130a257637..c4138052db304 100644
--- a/x-pack/test/security_solution_cypress/cypress/objects/exception.ts
+++ b/x-pack/test/security_solution_cypress/cypress/objects/exception.ts
@@ -6,7 +6,6 @@
  */
 
 import type { ExceptionListSchema } from '@kbn/securitysolution-io-ts-list-types';
-import { ELASTICSEARCH_USERNAME } from '../env_var_names_constants';
 
 export interface Exception {
   field: string;
@@ -59,18 +58,9 @@ export const getException = (): Exception => ({
 });
 
 export const expectedExportedExceptionList = (
-  exceptionListResponse: Cypress.Response<ExceptionListSchema>
+  exceptionListResponse: Cypress.Response<ExceptionListSchema>,
+  username: string
 ): string => {
   const jsonRule = exceptionListResponse.body;
-  return `{"_version":"${jsonRule._version}","created_at":"${
-    jsonRule.created_at
-  }","created_by":"${Cypress.env(ELASTICSEARCH_USERNAME)}","description":"${
-    jsonRule.description
-  }","id":"${jsonRule.id}","immutable":false,"list_id":"${jsonRule.list_id}","name":"${
-    jsonRule.name
-  }","namespace_type":"single","os_types":[],"tags":[],"tie_breaker_id":"${
-    jsonRule.tie_breaker_id
-  }","type":"${jsonRule.type}","updated_at":"${jsonRule.updated_at}","updated_by":"${Cypress.env(
-    ELASTICSEARCH_USERNAME
-  )}","version":1}\n{"exported_exception_list_count":1,"exported_exception_list_item_count":0,"missing_exception_list_item_count":0,"missing_exception_list_items":[],"missing_exception_lists":[],"missing_exception_lists_count":0}\n`;
+  return `{"_version":"${jsonRule._version}","created_at":"${jsonRule.created_at}","created_by":"${username}","description":"${jsonRule.description}","id":"${jsonRule.id}","immutable":false,"list_id":"${jsonRule.list_id}","name":"${jsonRule.name}","namespace_type":"single","os_types":[],"tags":[],"tie_breaker_id":"${jsonRule.tie_breaker_id}","type":"${jsonRule.type}","updated_at":"${jsonRule.updated_at}","updated_by":"${username}","version":1}\n{"exported_exception_list_count":1,"exported_exception_list_item_count":0,"missing_exception_list_item_count":0,"missing_exception_list_items":[],"missing_exception_lists":[],"missing_exception_lists_count":0}\n`;
 };
diff --git a/x-pack/test/security_solution_cypress/cypress/objects/timeline.ts b/x-pack/test/security_solution_cypress/cypress/objects/timeline.ts
index 1dcaae65a3392..1aea82de6612d 100644
--- a/x-pack/test/security_solution_cypress/cypress/objects/timeline.ts
+++ b/x-pack/test/security_solution_cypress/cypress/objects/timeline.ts
@@ -69,7 +69,8 @@ export const getTimelineNonValidQuery = (): CompleteTimeline => ({
 });
 
 export const expectedExportedTimelineTemplate = (
-  templateResponse: Cypress.Response<PersistTimelineResponse>
+  templateResponse: Cypress.Response<PersistTimelineResponse>,
+  username: string
 ) => {
   const timelineTemplateBody = templateResponse.body.data.persistTimeline.timeline;
 
@@ -102,9 +103,9 @@ export const expectedExportedTimelineTemplate = (
     templateTimelineVersion: 1,
     timelineType: 'template',
     created: timelineTemplateBody.created,
-    createdBy: Cypress.env('ELASTICSEARCH_USERNAME'),
+    createdBy: username,
     updated: timelineTemplateBody.updated,
-    updatedBy: Cypress.env('ELASTICSEARCH_USERNAME'),
+    updatedBy: username,
     sort: [],
     eventNotes: [],
     globalNotes: [],
@@ -114,7 +115,8 @@ export const expectedExportedTimelineTemplate = (
 };
 
 export const expectedExportedTimeline = (
-  timelineResponse: Cypress.Response<PersistTimelineResponse>
+  timelineResponse: Cypress.Response<PersistTimelineResponse>,
+  username: string
 ) => {
   const timelineBody = timelineResponse.body.data.persistTimeline.timeline;
 
@@ -140,9 +142,9 @@ export const expectedExportedTimeline = (
     description: timelineBody.description,
     title: timelineBody.title,
     created: timelineBody.created,
-    createdBy: Cypress.env('ELASTICSEARCH_USERNAME'),
+    createdBy: username,
     updated: timelineBody.updated,
-    updatedBy: Cypress.env('ELASTICSEARCH_USERNAME'),
+    updatedBy: username,
     timelineType: 'default',
     sort: [],
     eventNotes: [],
diff --git a/x-pack/test/security_solution_cypress/cypress/screens/create_new_rule.ts b/x-pack/test/security_solution_cypress/cypress/screens/create_new_rule.ts
index a191fc22aa339..315e89564aae2 100644
--- a/x-pack/test/security_solution_cypress/cypress/screens/create_new_rule.ts
+++ b/x-pack/test/security_solution_cypress/cypress/screens/create_new_rule.ts
@@ -26,8 +26,10 @@ export const ALERT_SUPPRESSION_FIELDS_COMBO_BOX =
 
 export const ALERT_SUPPRESSION_FIELDS_INPUT = `${ALERT_SUPPRESSION_FIELDS_COMBO_BOX} input`;
 
+export const ALERT_SUPPRESSION_WARNING = '[data-test-subj="alertSuppressionWarning"]';
+
 export const ALERT_SUPPRESSION_DURATION_OPTIONS =
-  '[data-test-subj="alertSuppressionDuration"] [data-test-subj="groupByDurationOptions"]';
+  '[data-test-subj="alertSuppressionDuration"] [data-test-subj="alertSuppressionDurationOptions"]';
 
 export const ALERT_SUPPRESSION_DURATION_PER_TIME_INTERVAL = `${ALERT_SUPPRESSION_DURATION_OPTIONS} #per-time-period`;
 
@@ -40,11 +42,14 @@ export const ALERT_SUPPRESSION_MISSING_FIELDS_SUPPRESS = `${ALERT_SUPPRESSION_MI
 
 export const ALERT_SUPPRESSION_MISSING_FIELDS_DO_NOT_SUPPRESS = `${ALERT_SUPPRESSION_MISSING_FIELDS_OPTIONS} #doNotSuppress`;
 
-export const ALERT_SUPPRESSION_DURATION_INPUT =
-  '[data-test-subj="alertSuppressionDuration"] [data-test-subj="alertSuppressionDurationInput"]';
+export const ALERT_SUPPRESSION_DURATION_VALUE_INPUT =
+  '[data-test-subj="alertSuppressionDuration"] [data-test-subj="interval"]';
+
+export const ALERT_SUPPRESSION_DURATION_UNIT_INPUT =
+  '[data-test-subj="alertSuppressionDuration"] [data-test-subj="timeType"]';
 
 export const THRESHOLD_ENABLE_SUPPRESSION_CHECKBOX =
-  '[data-test-subj="detectionEngineStepDefineRuleThresholdEnableSuppression"] input';
+  '[data-test-subj="thresholdAlertSuppressionEnabled"] input';
 
 export const ANOMALY_THRESHOLD_INPUT = '[data-test-subj="anomalyThresholdSlider"] .euiFieldNumber';
 
diff --git a/x-pack/test/security_solution_cypress/cypress/support/es_client.ts b/x-pack/test/security_solution_cypress/cypress/support/es_client.ts
new file mode 100644
index 0000000000000..4b5e114ed33dd
--- /dev/null
+++ b/x-pack/test/security_solution_cypress/cypress/support/es_client.ts
@@ -0,0 +1,156 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { systemIndicesSuperuser } from '@kbn/test';
+import { createEsClient } from '@kbn/security-solution-plugin/scripts/endpoint/common/stack_services';
+
+export const esClient = (
+  on: Cypress.PluginEvents,
+  config: Cypress.PluginConfigOptions
+): Promise<void> => {
+  const isServerless = config.env.IS_SERVERLESS;
+  const isCloudServerless = config.env.CLOUD_SERVERLESS;
+
+  const user = {
+    username: config.env.ELASTICSEARCH_USERNAME,
+    password: config.env.ELASTICSEARCH_PASSWORD,
+  };
+
+  /*
+  system_indices_superuser is a user created for testing purposes (an operator one) that does not have restrictions,
+  that user is the one used on ESS and stateless environments to access internal indexes directly and does not exist on MKI environments. 
+  */
+  const authOverride = isServerless ? (isCloudServerless ? user : systemIndicesSuperuser) : user;
+
+  const client = createEsClient({
+    url: config.env.ELASTICSEARCH_URL,
+    username: authOverride?.username,
+    password: authOverride?.password,
+  });
+
+  on('task', {
+    putMapping: async (index: string) => {
+      await client.indices.putMapping({
+        index,
+        body: {
+          dynamic: true,
+        },
+      });
+      return null;
+    },
+    bulkInsert: async (body) => {
+      await client.bulk({
+        refresh: true,
+        body,
+      });
+      return null;
+    },
+    refreshIndex: async (index: string) => {
+      try {
+        await client.indices.refresh({ index });
+        return true;
+      } catch (error) {
+        return false;
+      }
+    },
+    searchIndex: async (index) => {
+      try {
+        const response = await client.search({
+          index,
+          body: {
+            query: {
+              match_all: {},
+            },
+          },
+        });
+
+        return response.hits.hits.length;
+      } catch (error) {
+        return null;
+      }
+    },
+    deleteDataStream: async (dataStreamName) => {
+      try {
+        await client.indices.deleteDataStream({
+          name: dataStreamName,
+        });
+
+        return { success: true };
+      } catch (error) {
+        return { success: false, error: error.message };
+      }
+    },
+    deleteIndex: async (index) => {
+      try {
+        await client.indices.delete({
+          index,
+        });
+
+        return { success: true };
+      } catch (error) {
+        return { success: false, error: error.message };
+      }
+    },
+    deleteDocuments: async (index: string) => {
+      await client.deleteByQuery({
+        index,
+        body: {
+          query: {
+            match_all: {},
+          },
+        },
+        conflicts: 'proceed',
+        scroll_size: 10000,
+        refresh: true,
+      });
+      return null;
+    },
+    createIndex: async ({ index: indexName, properties }) => {
+      const result = await client.indices.create({
+        index: indexName,
+        body: {
+          mappings: {
+            properties,
+          },
+        },
+      });
+      return result;
+    },
+    createDocument: async ({ index: indexName, document }) => {
+      const result = await client.index({
+        index: indexName,
+        body: document,
+        refresh: 'wait_for',
+      });
+
+      return result;
+    },
+    deleteSecurityRulesFromKibana: async () => {
+      await client.deleteByQuery({
+        index: '.kibana_*',
+        body: {
+          query: {
+            bool: {
+              filter: [
+                {
+                  match: {
+                    type: 'security-rule',
+                  },
+                },
+              ],
+            },
+          },
+        },
+        conflicts: 'proceed',
+        refresh: true,
+      });
+      return null;
+    },
+  });
+
+  return Promise.resolve();
+};
diff --git a/x-pack/test/security_solution_cypress/cypress/support/saml_auth.ts b/x-pack/test/security_solution_cypress/cypress/support/saml_auth.ts
index 1b5c2adcae455..1f95d373b2c17 100644
--- a/x-pack/test/security_solution_cypress/cypress/support/saml_auth.ts
+++ b/x-pack/test/security_solution_cypress/cypress/support/saml_auth.ts
@@ -11,6 +11,9 @@ import { SecurityRoleName } from '@kbn/security-solution-plugin/common/test';
 import { HostOptions, SamlSessionManager } from '@kbn/test';
 import { REPO_ROOT } from '@kbn/repo-info';
 import { resolve } from 'path';
+import axios from 'axios';
+import fs from 'fs';
+import yaml from 'js-yaml';
 import { DEFAULT_SERVERLESS_ROLE } from '../env_var_names_constants';
 
 export const samlAuthentication = async (
@@ -31,31 +34,81 @@ export const samlAuthentication = async (
     password: config.env.ELASTICSEARCH_PASSWORD,
   };
 
+  const rolesPath =
+    '../../../../packages/kbn-es/src/serverless_resources/project_roles/security/roles.yml';
+
   // If config.env.PROXY_ORG is set, it means that proxy service is used to create projects. Define the proxy org filename to override the roles.
   const rolesFilename = config.env.PROXY_ORG ? `${config.env.PROXY_ORG}.json` : undefined;
   const cloudUsersFilePath = resolve(REPO_ROOT, '.ftr', rolesFilename ?? 'role_users.json');
 
+  const INTERNAL_REQUEST_HEADERS = {
+    'kbn-xsrf': 'cypress-creds',
+    'x-elastic-internal-origin': 'security-solution',
+  };
+
+  const getYamlData = (filePath: string): any => {
+    const fileContents = fs.readFileSync(filePath, 'utf8');
+    return yaml.load(fileContents);
+  };
+
+  const getRoleConfiguration = (role: string, filePath: string): any => {
+    const data = getYamlData(filePath);
+    if (data[role]) {
+      return data[role];
+    } else {
+      throw new Error(`Role '${role}' not found in the YAML file.`);
+    }
+  };
+
+  const sessionManager = new SamlSessionManager({
+    hostOptions,
+    log,
+    isCloud: config.env.CLOUD_SERVERLESS,
+    cloudUsersFilePath,
+  });
+
   on('task', {
     getSessionCookie: async (role: string | SecurityRoleName): Promise<string> => {
-      const sessionManager = new SamlSessionManager({
-        hostOptions,
-        log,
-        isCloud: config.env.CLOUD_SERVERLESS,
-        cloudUsersFilePath,
-      });
       return sessionManager.getInteractiveUserSessionCookieWithRoleScope(role);
     },
+    getApiKeyForRole: async (role: string | SecurityRoleName): Promise<string> => {
+      const adminCookieHeader = await sessionManager.getApiCredentialsForRole('admin');
+
+      let roleDescriptor = {};
+
+      const roleConfig = getRoleConfiguration(role, rolesPath);
+
+      roleDescriptor = { [role]: roleConfig };
+
+      const response = await axios.post(
+        `${kbnHost}/internal/security/api_key`,
+        {
+          name: 'myTestApiKey',
+          metadata: {},
+          role_descriptors: roleDescriptor,
+        },
+        {
+          headers: {
+            ...INTERNAL_REQUEST_HEADERS,
+            ...adminCookieHeader,
+          },
+        }
+      );
+
+      const apiKey = response.data.encoded;
+      return apiKey;
+    },
     getFullname: async (
       role: string | SecurityRoleName = DEFAULT_SERVERLESS_ROLE
     ): Promise<string> => {
-      const sessionManager = new SamlSessionManager({
-        hostOptions,
-        log,
-        isCloud: config.env.CLOUD_SERVERLESS,
-        cloudUsersFilePath,
-      });
       const { full_name: fullName } = await sessionManager.getUserData(role);
       return fullName;
     },
+    getUsername: async (
+      role: string | SecurityRoleName = DEFAULT_SERVERLESS_ROLE
+    ): Promise<string> => {
+      const { username } = await sessionManager.getUserData(role);
+      return username;
+    },
   });
 };
diff --git a/x-pack/test/security_solution_cypress/cypress/tasks/api_calls/common.ts b/x-pack/test/security_solution_cypress/cypress/tasks/api_calls/common.ts
index 80d7c2c106815..480d97bf35979 100644
--- a/x-pack/test/security_solution_cypress/cypress/tasks/api_calls/common.ts
+++ b/x-pack/test/security_solution_cypress/cypress/tasks/api_calls/common.ts
@@ -14,7 +14,7 @@ import { deleteAllDocuments } from './elasticsearch';
 import { getSpaceUrl } from '../space';
 import { DEFAULT_ALERTS_INDEX_PATTERN } from './alerts';
 
-export const API_AUTH = Object.freeze({
+export const ESS_API_AUTH = Object.freeze({
   user: Cypress.env(ELASTICSEARCH_USERNAME),
   pass: Cypress.env(ELASTICSEARCH_PASSWORD),
 });
@@ -28,17 +28,32 @@ export const API_HEADERS = Object.freeze({
 export const INTERNAL_CLOUD_CONNECTORS = ['Elastic-Cloud-SMTP'];
 
 export const rootRequest = <T = unknown>({
-  headers: optionHeaders,
+  headers: optionHeaders = {},
+  role = 'admin',
   ...restOptions
-}: Partial<Cypress.RequestOptions>): Cypress.Chainable<Cypress.Response<T>> =>
-  cy.request<T>({
-    auth: API_AUTH,
-    headers: {
-      ...API_HEADERS,
-      ...(optionHeaders || {}),
-    },
-    ...restOptions,
-  });
+}: Partial<Cypress.RequestOptions> & { role?: string }): Cypress.Chainable<Cypress.Response<T>> => {
+  if (Cypress.env('IS_SERVERLESS')) {
+    return cy.task('getApiKeyForRole', role).then((response) => {
+      return cy.request<T>({
+        headers: {
+          ...API_HEADERS,
+          ...optionHeaders,
+          Authorization: `ApiKey ${response}`,
+        },
+        ...restOptions,
+      });
+    });
+  } else {
+    return cy.request<T>({
+      auth: ESS_API_AUTH,
+      headers: {
+        ...API_HEADERS,
+        ...optionHeaders,
+      },
+      ...restOptions,
+    });
+  }
+};
 
 // a helper function to wait for the root request to be successful
 // defaults to 5 second intervals for 3 attempts
@@ -105,24 +120,7 @@ export const deleteConnectors = () => {
 };
 
 export const deletePrebuiltRulesAssets = () => {
-  const kibanaIndexUrl = `${Cypress.env('ELASTICSEARCH_URL')}/.kibana_\*`;
-  rootRequest({
-    method: 'POST',
-    url: `${kibanaIndexUrl}/_delete_by_query?conflicts=proceed&refresh`,
-    body: {
-      query: {
-        bool: {
-          filter: [
-            {
-              match: {
-                type: 'security-rule',
-              },
-            },
-          ],
-        },
-      },
-    },
-  });
+  cy.task('deleteSecurityRulesFromKibana');
 };
 
 export const postDataView = (indexPattern: string, name?: string, id?: string) => {
diff --git a/x-pack/test/security_solution_cypress/cypress/tasks/api_calls/elasticsearch.ts b/x-pack/test/security_solution_cypress/cypress/tasks/api_calls/elasticsearch.ts
index 6dc3622f72a03..b169a37154a5b 100644
--- a/x-pack/test/security_solution_cypress/cypress/tasks/api_calls/elasticsearch.ts
+++ b/x-pack/test/security_solution_cypress/cypress/tasks/api_calls/elasticsearch.ts
@@ -4,70 +4,37 @@
  * 2.0; you may not use this file except in compliance with the Elastic License
  * 2.0.
  */
-import { rootRequest } from './common';
 
 export const deleteIndex = (index: string) => {
-  rootRequest({
-    method: 'DELETE',
-    url: `${Cypress.env('ELASTICSEARCH_URL')}/${index}`,
-    failOnStatusCode: false,
-  });
+  cy.task('deleteIndex', index);
 };
 
 export const deleteDataStream = (dataStreamName: string) => {
-  rootRequest({
-    method: 'DELETE',
-    url: `${Cypress.env('ELASTICSEARCH_URL')}/_data_stream/${dataStreamName}`,
-    failOnStatusCode: false,
-  });
+  cy.task('deleteDataStream', dataStreamName);
 };
 
 export const deleteAllDocuments = (target: string) => {
   refreshIndex(target);
 
-  rootRequest({
-    method: 'POST',
-    url: `${Cypress.env(
-      'ELASTICSEARCH_URL'
-    )}/${target}/_delete_by_query?conflicts=proceed&scroll_size=10000&refresh`,
-    body: {
-      query: {
-        match_all: {},
-      },
-    },
-  });
+  cy.task('deleteDocuments', target);
 };
 
-export const createIndex = (indexName: string, properties: Record<string, unknown>) =>
-  rootRequest({
-    method: 'PUT',
-    url: `${Cypress.env('ELASTICSEARCH_URL')}/${indexName}`,
-    body: {
-      mappings: {
-        properties,
-      },
-    },
-  });
+export const createIndex = (indexName: string, properties: Record<string, unknown>) => {
+  cy.task('createIndex', { index: indexName, properties });
+};
 
-export const createDocument = (indexName: string, document: Record<string, unknown>) =>
-  rootRequest({
-    method: 'POST',
-    url: `${Cypress.env('ELASTICSEARCH_URL')}/${indexName}/_doc?refresh=wait_for`,
-    body: document,
-  });
+export const createDocument = (indexName: string, document: Record<string, unknown>) => {
+  cy.task('createDocument', { index: indexName, document });
+};
 
 export const waitForNewDocumentToBeIndexed = (index: string, initialNumberOfDocuments: number) => {
   cy.waitUntil(
     () =>
-      rootRequest<{ hits: { hits: unknown[] } }>({
-        method: 'GET',
-        url: `${Cypress.env('ELASTICSEARCH_URL')}/${index}/_search`,
-        failOnStatusCode: false,
-      }).then((response) => {
-        if (response.status !== 200) {
-          return false;
+      cy.task('searchIndex', index).then((currentNumberOfDocuments) => {
+        if (typeof currentNumberOfDocuments === 'number') {
+          return currentNumberOfDocuments > initialNumberOfDocuments;
         } else {
-          return response.body.hits.hits.length > initialNumberOfDocuments;
+          return false;
         }
       }),
     { interval: 500, timeout: 12000 }
@@ -77,15 +44,8 @@ export const waitForNewDocumentToBeIndexed = (index: string, initialNumberOfDocu
 export const refreshIndex = (index: string) => {
   cy.waitUntil(
     () =>
-      rootRequest({
-        method: 'POST',
-        url: `${Cypress.env('ELASTICSEARCH_URL')}/${index}/_refresh`,
-        failOnStatusCode: false,
-      }).then((response) => {
-        if (response.status !== 200) {
-          return false;
-        }
-        return true;
+      cy.task('refreshIndex', index).then((result) => {
+        return result === true;
       }),
     { interval: 500, timeout: 12000 }
   );
diff --git a/x-pack/test/security_solution_cypress/cypress/tasks/api_calls/prebuilt_rules.ts b/x-pack/test/security_solution_cypress/cypress/tasks/api_calls/prebuilt_rules.ts
index 420794de7e338..08de9decbddf1 100644
--- a/x-pack/test/security_solution_cypress/cypress/tasks/api_calls/prebuilt_rules.ts
+++ b/x-pack/test/security_solution_cypress/cypress/tasks/api_calls/prebuilt_rules.ts
@@ -122,7 +122,6 @@ export const createNewRuleAsset = ({
           headers: {
             'Content-Type': 'application/json',
           },
-          failOnStatusCode: false,
           body: rule,
         })
         .then((response) => response.status === 200);
@@ -142,7 +141,6 @@ export const bulkCreateRuleAssets = ({
     'Bulk Install prebuilt rules',
     rules?.map((rule) => rule['security-rule'].rule_id).join(', ')
   );
-  const url = `${Cypress.env('ELASTICSEARCH_URL')}/${index}/_bulk?refresh`;
 
   const bulkIndexRequestBody = rules.reduce((body, rule) => {
     const document = JSON.stringify(rule);
@@ -165,29 +163,8 @@ export const bulkCreateRuleAssets = ({
     return body.concat(indexRuleAsset, indexHistoricalRuleAsset);
   }, '');
 
-  rootRequest({
-    method: 'PUT',
-    url: `${Cypress.env('ELASTICSEARCH_URL')}/${index}/_mapping`,
-    body: {
-      dynamic: true,
-    },
-    headers: {
-      'Content-Type': 'application/json',
-    },
-  });
-
-  cy.waitUntil(
-    () => {
-      return rootRequest({
-        method: 'POST',
-        url,
-        headers: { 'Content-Type': 'application/json' },
-        failOnStatusCode: false,
-        body: bulkIndexRequestBody,
-      }).then((response) => response.status === 200);
-    },
-    { interval: 500, timeout: 12000 }
-  );
+  cy.task('putMapping', index);
+  cy.task('bulkInsert', bulkIndexRequestBody);
 };
 
 export const getRuleAssets = (index: string | undefined = '.kibana_security_solution') => {
@@ -198,7 +175,6 @@ export const getRuleAssets = (index: string | undefined = '.kibana_security_solu
     headers: {
       'Content-Type': 'application/json',
     },
-    failOnStatusCode: false,
     body: {
       query: {
         term: { type: { value: 'security-rule' } },
diff --git a/x-pack/test/security_solution_cypress/cypress/tasks/common.ts b/x-pack/test/security_solution_cypress/cypress/tasks/common.ts
index ff0bbac6866cd..2e109805c4c0a 100644
--- a/x-pack/test/security_solution_cypress/cypress/tasks/common.ts
+++ b/x-pack/test/security_solution_cypress/cypress/tasks/common.ts
@@ -56,6 +56,22 @@ export const drop = (dropTarget: JQuery<HTMLElement>) => {
     .wait(300);
 };
 
+const getUserValue = (taskName: 'getFullname' | 'getUsername', role: string = 'admin') => {
+  if (Cypress.env('IS_SERVERLESS')) {
+    return cy.task(taskName, role);
+  } else {
+    return cy.wrap(Cypress.env('ELASTICSEARCH_USERNAME'));
+  }
+};
+
+export const getFullname = (role: string = 'admin') => {
+  return getUserValue('getFullname', role);
+};
+
+export const getUsername = (role: string = 'admin') => {
+  return getUserValue('getUsername', role);
+};
+
 export const reload = () => {
   cy.reload();
   cy.contains('a', 'Security');
diff --git a/x-pack/test/security_solution_cypress/cypress/tasks/create_new_rule.ts b/x-pack/test/security_solution_cypress/cypress/tasks/create_new_rule.ts
index d84968a215a43..5890dba3a9e68 100644
--- a/x-pack/test/security_solution_cypress/cypress/tasks/create_new_rule.ts
+++ b/x-pack/test/security_solution_cypress/cypress/tasks/create_new_rule.ts
@@ -31,7 +31,6 @@ import { convertHistoryStartToSize, getHumanizedDuration } from '../helpers/rule
 
 import {
   ABOUT_CONTINUE_BTN,
-  ALERT_SUPPRESSION_DURATION_INPUT,
   ALERT_SUPPRESSION_FIELDS,
   ALERT_SUPPRESSION_FIELDS_INPUT,
   ALERT_SUPPRESSION_FIELDS_COMBO_BOX,
@@ -133,6 +132,8 @@ import {
   PREVIEW_LOGGED_REQUESTS_ACCORDION_BUTTON,
   PREVIEW_LOGGED_REQUESTS_ITEM_ACCORDION_BUTTON,
   PREVIEW_LOGGED_REQUESTS_CHECKBOX,
+  ALERT_SUPPRESSION_DURATION_VALUE_INPUT,
+  ALERT_SUPPRESSION_DURATION_UNIT_INPUT,
 } from '../screens/create_new_rule';
 import {
   INDEX_SELECTOR,
@@ -951,8 +952,8 @@ export const selectDoNotSuppressForMissingFields = () => {
 };
 
 export const setAlertSuppressionDuration = (interval: number, timeUnit: 's' | 'm' | 'h') => {
-  cy.get(ALERT_SUPPRESSION_DURATION_INPUT).first().type(`{selectall}${interval}`);
-  cy.get(ALERT_SUPPRESSION_DURATION_INPUT).eq(1).select(timeUnit);
+  cy.get(ALERT_SUPPRESSION_DURATION_VALUE_INPUT).type(`{selectall}${interval}`);
+  cy.get(ALERT_SUPPRESSION_DURATION_UNIT_INPUT).select(timeUnit);
 };
 
 /**
diff --git a/x-pack/test/security_solution_cypress/cypress/tasks/privileges.ts b/x-pack/test/security_solution_cypress/cypress/tasks/privileges.ts
index bd7c9d9178198..7f2d0dea8b545 100644
--- a/x-pack/test/security_solution_cypress/cypress/tasks/privileges.ts
+++ b/x-pack/test/security_solution_cypress/cypress/tasks/privileges.ts
@@ -5,7 +5,7 @@
  * 2.0.
  */
 
-import { API_AUTH } from './api_calls/common';
+import { ESS_API_AUTH } from './api_calls/common';
 
 interface User {
   username: string;
@@ -193,7 +193,7 @@ export const createUsersAndRoles = (users: User[], roles: Role[]) => {
       body: role.privileges,
       headers: { 'kbn-xsrf': 'cypress-creds', 'x-elastic-internal-origin': 'security-solution' },
       method: 'PUT',
-      auth: API_AUTH,
+      auth: ESS_API_AUTH,
       url: `/api/security/role/${role.name}`,
     })
       .its('status')
@@ -213,7 +213,7 @@ export const createUsersAndRoles = (users: User[], roles: Role[]) => {
       },
       headers: { 'kbn-xsrf': 'cypress-creds', 'x-elastic-internal-origin': 'security-solution' },
       method: 'POST',
-      auth: API_AUTH,
+      auth: ESS_API_AUTH,
       url: `/internal/security/users/${user.username}`,
     })
       .its('status')
@@ -227,7 +227,7 @@ export const deleteUsersAndRoles = (users: User[], roles: Role[]) => {
     cy.request({
       headers: { 'kbn-xsrf': 'cypress-creds', 'x-elastic-internal-origin': 'security-solution' },
       method: 'DELETE',
-      auth: API_AUTH,
+      auth: ESS_API_AUTH,
       url: `/internal/security/users/${user.username}`,
       failOnStatusCode: false,
     })
@@ -240,7 +240,7 @@ export const deleteUsersAndRoles = (users: User[], roles: Role[]) => {
     cy.request({
       headers: { 'kbn-xsrf': 'cypress-creds', 'x-elastic-internal-origin': 'security-solution' },
       method: 'DELETE',
-      auth: API_AUTH,
+      auth: ESS_API_AUTH,
       url: `/api/security/role/${role.name}`,
       failOnStatusCode: false,
     })
diff --git a/x-pack/test/upgrade_assistant_integration/upgrade_assistant/api_deprecations.ts b/x-pack/test/upgrade_assistant_integration/upgrade_assistant/api_deprecations.ts
index bbce39e9fb29a..74c3064f9341d 100644
--- a/x-pack/test/upgrade_assistant_integration/upgrade_assistant/api_deprecations.ts
+++ b/x-pack/test/upgrade_assistant_integration/upgrade_assistant/api_deprecations.ts
@@ -28,7 +28,8 @@ export default function ({ getService }: FtrProviderContext) {
   const retry = getService('retry');
   const es = getService('es');
 
-  describe('Kibana API Deprecations', function () {
+  // FLAKY: https://github.com/elastic/kibana/issues/199782
+  describe.skip('Kibana API Deprecations', function () {
     // bail on first error in this suite since cases sequentially depend on each other
     this.bail(true);
 
diff --git a/x-pack/test_serverless/api_integration/test_suites/observability/dataset_quality_api_integration/common/services.ts b/x-pack/test_serverless/api_integration/test_suites/observability/dataset_quality_api_integration/common/services.ts
index 3c15e7fffae04..8e1b727f378d7 100644
--- a/x-pack/test_serverless/api_integration/test_suites/observability/dataset_quality_api_integration/common/services.ts
+++ b/x-pack/test_serverless/api_integration/test_suites/observability/dataset_quality_api_integration/common/services.ts
@@ -21,13 +21,13 @@ export type DatasetQualityServices = InheritedServices & {
   datasetQualityApiClient: (
     context: InheritedFtrProviderContext
   ) => Promise<DatasetQualityApiClient>;
-  logSynthtraceEsClient: (context: InheritedFtrProviderContext) => Promise<LogsSynthtraceEsClient>;
+  logsSynthtraceEsClient: (context: InheritedFtrProviderContext) => Promise<LogsSynthtraceEsClient>;
 };
 
 export const services: DatasetQualityServices = {
   ...inheritedServices,
   datasetQualityApiClient: getDatasetQualityApiClientService,
-  logSynthtraceEsClient: async (context: InheritedFtrProviderContext) =>
+  logsSynthtraceEsClient: async (context: InheritedFtrProviderContext) =>
     new LogsSynthtraceEsClient({
       client: context.getService('es'),
       logger: createLogger(LogLevel.info),
diff --git a/x-pack/test_serverless/api_integration/test_suites/observability/dataset_quality_api_integration/data_stream_details.ts b/x-pack/test_serverless/api_integration/test_suites/observability/dataset_quality_api_integration/data_stream_details.ts
index f6028c11f734a..27ee47d3e4110 100644
--- a/x-pack/test_serverless/api_integration/test_suites/observability/dataset_quality_api_integration/data_stream_details.ts
+++ b/x-pack/test_serverless/api_integration/test_suites/observability/dataset_quality_api_integration/data_stream_details.ts
@@ -8,16 +8,12 @@
 import { log, timerange } from '@kbn/apm-synthtrace-client';
 import expect from '@kbn/expect';
 import type { InternalRequestHeader, RoleCredentials } from '../../../../shared/services';
-import { expectToReject } from './utils';
-import {
-  DatasetQualityApiClient,
-  DatasetQualityApiError,
-} from './common/dataset_quality_api_supertest';
+import { DatasetQualityApiClient } from './common/dataset_quality_api_supertest';
 import { DatasetQualityFtrContextProvider } from './common/services';
 
 export default function ({ getService }: DatasetQualityFtrContextProvider) {
   const datasetQualityApiClient: DatasetQualityApiClient = getService('datasetQualityApiClient');
-  const synthtrace = getService('logSynthtraceEsClient');
+  const synthtrace = getService('logsSynthtraceEsClient');
   const svlUserManager = getService('svlUserManager');
   const svlCommonApi = getService('svlCommonApi');
   const retry = getService('retry');
@@ -82,22 +78,6 @@ export default function ({ getService }: DatasetQualityFtrContextProvider) {
       await svlUserManager.invalidateM2mApiKeyWithRoleScope(roleAuthc);
     });
 
-    it('returns error when dataStream param is not provided', async () => {
-      const expectedMessage = 'Data Stream name cannot be empty';
-      const err = await expectToReject<DatasetQualityApiError>(() =>
-        callApi(encodeURIComponent(' '), roleAuthc, internalReqHeader)
-      );
-      expect(err.res.status).to.be(400);
-      expect(err.res.body.message.indexOf(expectedMessage)).to.greaterThan(-1);
-    });
-
-    it('returns {} if matching data stream is not available', async () => {
-      const nonExistentDataSet = 'Non-existent';
-      const nonExistentDataStream = `${type}-${nonExistentDataSet}-${namespace}`;
-      const resp = await callApi(nonExistentDataStream, roleAuthc, internalReqHeader);
-      expect(resp.body).empty();
-    });
-
     it('returns "sizeBytes" correctly', async () => {
       // Metering stats api is cached and refreshed every 30 seconds
       await retry.waitForWithTimeout('Metering stats cache is refreshed', 45000, async () => {
@@ -117,11 +97,5 @@ export default function ({ getService }: DatasetQualityFtrContextProvider) {
       expect(isNaN(resp.body.sizeBytes as number)).to.be(false);
       expect(resp.body.sizeBytes).to.be.greaterThan(0);
     });
-
-    it('returns service.name and host.name correctly', async () => {
-      const resp = await callApi(`${type}-${dataset}-${namespace}`, roleAuthc, internalReqHeader);
-      expect(resp.body.services).to.eql({ ['service.name']: [serviceName] });
-      expect(resp.body.hosts?.['host.name']).to.eql([hostName]);
-    });
   });
 }
diff --git a/x-pack/test_serverless/api_integration/test_suites/observability/dataset_quality_api_integration/index.ts b/x-pack/test_serverless/api_integration/test_suites/observability/dataset_quality_api_integration/index.ts
index 39b6a3cb476c1..680bb76432b3a 100644
--- a/x-pack/test_serverless/api_integration/test_suites/observability/dataset_quality_api_integration/index.ts
+++ b/x-pack/test_serverless/api_integration/test_suites/observability/dataset_quality_api_integration/index.ts
@@ -9,6 +9,5 @@ import { FtrProviderContext } from '../../../ftr_provider_context';
 export default function ({ loadTestFile }: FtrProviderContext) {
   describe('Dataset Quality', function () {
     loadTestFile(require.resolve('./data_stream_details'));
-    loadTestFile(require.resolve('./degraded_field_values'));
   });
 }
diff --git a/x-pack/test_serverless/functional/page_objects/svl_common_page.ts b/x-pack/test_serverless/functional/page_objects/svl_common_page.ts
index 5533128c2d19e..a298ed5f7d0c1 100644
--- a/x-pack/test_serverless/functional/page_objects/svl_common_page.ts
+++ b/x-pack/test_serverless/functional/page_objects/svl_common_page.ts
@@ -134,6 +134,21 @@ export function SvlCommonPageProvider({ getService, getPageObjects }: FtrProvide
       await this.loginWithRole('viewer');
     },
 
+    /**
+     *
+     * Login to Kibana using SAML authentication with Editor role (observability, security)
+     */
+    async loginAsEditor() {
+      await this.loginWithRole('editor');
+    },
+
+    /**
+     * Login to Kibana using SAML authentication with Developer role (search)
+     */
+    async loginAsDeveloper() {
+      await this.loginWithRole('developer');
+    },
+
     /**
      * Login to Kibana using SAML authentication with Editor/Developer role
      */
diff --git a/x-pack/test_serverless/functional/page_objects/svl_management_page.ts b/x-pack/test_serverless/functional/page_objects/svl_management_page.ts
index 5676975a89c08..e5e510c2d22d2 100644
--- a/x-pack/test_serverless/functional/page_objects/svl_management_page.ts
+++ b/x-pack/test_serverless/functional/page_objects/svl_management_page.ts
@@ -64,6 +64,9 @@ export function SvlManagementPageProvider({ getService }: FtrProviderContext) {
     async assertDataUsageManagementCardExists() {
       await testSubjects.existOrFail('app-card-data_usage');
     },
+    async assertDataUsageManagementCardDoesNotExist() {
+      await testSubjects.missingOrFail('app-card-data_usage');
+    },
     async clickDataUsageManagementCard() {
       await testSubjects.click('app-card-data_usage');
     },
diff --git a/x-pack/test_serverless/functional/test_suites/common/data_usage/index.ts b/x-pack/test_serverless/functional/test_suites/common/data_usage/index.ts
index dcdd23b13605f..9d3668aeb2ec5 100644
--- a/x-pack/test_serverless/functional/test_suites/common/data_usage/index.ts
+++ b/x-pack/test_serverless/functional/test_suites/common/data_usage/index.ts
@@ -10,5 +10,6 @@ import { FtrProviderContext } from '../../../ftr_provider_context';
 export default ({ loadTestFile }: FtrProviderContext) => {
   describe('Data Usage', function () {
     loadTestFile(require.resolve('./main'));
+    loadTestFile(require.resolve('./privileges'));
   });
 };
diff --git a/x-pack/test_serverless/functional/test_suites/common/data_usage/privileges.ts b/x-pack/test_serverless/functional/test_suites/common/data_usage/privileges.ts
new file mode 100644
index 0000000000000..7865672e90498
--- /dev/null
+++ b/x-pack/test_serverless/functional/test_suites/common/data_usage/privileges.ts
@@ -0,0 +1,105 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { FtrProviderContext } from '../../../ftr_provider_context';
+
+export default ({ getPageObjects, getService }: FtrProviderContext) => {
+  const pageObjects = getPageObjects(['svlCommonPage', 'svlManagementPage', 'common']);
+  const testSubjects = getService('testSubjects');
+  const samlAuth = getService('samlAuth');
+  const retry = getService('retry');
+  const dataUsageAppUrl = 'management/data/data_usage';
+
+  const navigateAndVerify = async (expectedVisible: boolean) => {
+    await pageObjects.common.navigateToApp('management');
+    await retry.waitFor('page to be visible', async () =>
+      testSubjects.exists('cards-navigation-page')
+    );
+
+    if (expectedVisible) {
+      await pageObjects.svlManagementPage.assertDataUsageManagementCardExists();
+      await pageObjects.common.navigateToApp(dataUsageAppUrl);
+      await testSubjects.exists('DataUsagePage');
+    } else {
+      await pageObjects.svlManagementPage.assertDataUsageManagementCardDoesNotExist();
+      await pageObjects.common.navigateToApp(dataUsageAppUrl);
+      await testSubjects.missingOrFail('DataUsagePage');
+    }
+  };
+
+  describe('privileges', function () {
+    // plugin needs to be enabled in serverless
+    this.tags(['skipMKI']);
+
+    it('renders for the admin role', async () => {
+      await pageObjects.svlCommonPage.loginAsAdmin();
+      await navigateAndVerify(true);
+    });
+
+    it('does not render for viewer', async () => {
+      await pageObjects.svlCommonPage.loginAsViewer();
+      await navigateAndVerify(false);
+    });
+    describe('with editor role', function () {
+      // editor role does not exist in search solution
+      this.tags(['skipSvlSearch']);
+      it('does not render for default (editor) role', async () => {
+        await pageObjects.svlCommonPage.loginAsEditor();
+        await navigateAndVerify(false);
+      });
+    });
+    describe('with developer role', function () {
+      // developer role only exists in ecs solution
+      this.tags(['skipSvlOblt', 'skipSvlSec']);
+      it('renders for developer role', async () => {
+        await pageObjects.svlCommonPage.loginAsDeveloper();
+        await navigateAndVerify(true);
+      });
+    });
+    describe('with custom role', function () {
+      // custom roles aren't available in observability yet
+      this.tags(['skipSvlOblt']);
+      afterEach(async () => {
+        await samlAuth.deleteCustomRole();
+      });
+      it('renders with a custom role that has the monitor cluster privilege', async () => {
+        await samlAuth.setCustomRole({
+          elasticsearch: {
+            cluster: ['monitor'],
+            indices: [{ names: ['*'], privileges: ['all'] }],
+          },
+          kibana: [
+            {
+              base: ['all'],
+              feature: {},
+              spaces: ['*'],
+            },
+          ],
+        });
+        await pageObjects.svlCommonPage.loginWithCustomRole();
+        await navigateAndVerify(true);
+      });
+
+      it('does not render with a custom role that does not have the monitor cluster privilege', async () => {
+        await samlAuth.setCustomRole({
+          elasticsearch: {
+            indices: [{ names: ['*'], privileges: ['all'] }],
+          },
+          kibana: [
+            {
+              base: ['all'],
+              feature: {},
+              spaces: ['*'],
+            },
+          ],
+        });
+        await pageObjects.svlCommonPage.loginWithCustomRole();
+        await navigateAndVerify(false);
+      });
+    });
+  });
+};
diff --git a/x-pack/test_serverless/functional/test_suites/common/discover/esql/_esql_view.ts b/x-pack/test_serverless/functional/test_suites/common/discover/esql/_esql_view.ts
index 83aea5e94f421..ae3d2da4238ae 100644
--- a/x-pack/test_serverless/functional/test_suites/common/discover/esql/_esql_view.ts
+++ b/x-pack/test_serverless/functional/test_suites/common/discover/esql/_esql_view.ts
@@ -90,8 +90,8 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
 
         await testSubjects.missingOrFail('showQueryBarMenu');
         await testSubjects.missingOrFail('addFilter');
-        await testSubjects.existOrFail('dscViewModeToggle');
-        await testSubjects.existOrFail('dscViewModeDocumentButton');
+        await testSubjects.missingOrFail('dscViewModeToggle');
+        await testSubjects.missingOrFail('dscViewModeDocumentButton');
         // when Lens suggests a table, we render an ESQL based histogram
         await testSubjects.existOrFail('unifiedHistogramChart');
         await testSubjects.existOrFail('discoverQueryHits');
diff --git a/x-pack/test_serverless/functional/test_suites/common/management/landing_page.ts b/x-pack/test_serverless/functional/test_suites/common/management/landing_page.ts
index 1080ba0bc5c6b..fb1a13e3b45a9 100644
--- a/x-pack/test_serverless/functional/test_suites/common/management/landing_page.ts
+++ b/x-pack/test_serverless/functional/test_suites/common/management/landing_page.ts
@@ -46,27 +46,5 @@ export default ({ getPageObjects, getService }: FtrProviderContext) => {
         await pageObjects.common.waitUntilUrlIncludes('/app/management/security/api_keys');
       }).not.to.throwError();
     });
-
-    // Skipped due to change in QA environment for role management and spaces
-    // TODO: revisit once the change is rolled out to all environments
-    describe.skip('Roles management card', () => {
-      it('should not be displayed by default', async () => {
-        await retry.waitFor('page to be visible', async () => {
-          return await testSubjects.exists('cards-navigation-page');
-        });
-        await pageObjects.svlManagementPage.assertRoleManagementCardDoesNotExist();
-      });
-    });
-
-    // Skipped due to change in QA environment for role management and spaces
-    // TODO: revisit once the change is rolled out to all environments
-    describe.skip('Organization members management card', () => {
-      it('should not be displayed by default', async () => {
-        await retry.waitFor('page to be visible', async () => {
-          return await testSubjects.exists('cards-navigation-page');
-        });
-        await pageObjects.svlManagementPage.assertOrgMembersManagementCardDoesNotExist();
-      });
-    });
   });
 };
diff --git a/x-pack/test_serverless/functional/test_suites/observability/config.screenshots.ts b/x-pack/test_serverless/functional/test_suites/observability/config.screenshots.ts
index 196de4506f38d..ae56c9fe4ece6 100644
--- a/x-pack/test_serverless/functional/test_suites/observability/config.screenshots.ts
+++ b/x-pack/test_serverless/functional/test_suites/observability/config.screenshots.ts
@@ -17,6 +17,7 @@ const enabledActionTypes = [
   '.servicenow-itom',
   '.servicenow-sir',
   '.swimlane',
+  '.thehive',
 ];
 
 export default createTestConfig({
diff --git a/x-pack/test_serverless/functional/test_suites/observability/dataset_quality/degraded_field_flyout.ts b/x-pack/test_serverless/functional/test_suites/observability/dataset_quality/degraded_field_flyout.ts
index 1fe53b2aa7ce7..42a5a095ed6c4 100644
--- a/x-pack/test_serverless/functional/test_suites/observability/dataset_quality/degraded_field_flyout.ts
+++ b/x-pack/test_serverless/functional/test_suites/observability/dataset_quality/degraded_field_flyout.ts
@@ -194,7 +194,7 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
 
         // Set Limit of 42
         await PageObjects.datasetQuality.setDataStreamSettings(nginxAccessDataStreamName, {
-          'mapping.total_fields.limit': 43,
+          'mapping.total_fields.limit': 42,
         });
 
         await synthtrace.index([
@@ -262,13 +262,13 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
           }
         );
 
-        // Set Limit of 44
+        // Set Limit of 43
         await PageObjects.datasetQuality.setDataStreamSettings(
           PageObjects.datasetQuality.generateBackingIndexNameWithoutVersion({
             dataset: nginxAccessDatasetName,
           }) + '-000002',
           {
-            'mapping.total_fields.limit': 44,
+            'mapping.total_fields.limit': 43,
           }
         );
 
@@ -745,7 +745,7 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
             'disabled'
           );
 
-          expect(currentFieldLimit).to.be(44);
+          expect(currentFieldLimit).to.be(43);
           expect(currentFieldLimitDisabledStatus).to.be('true');
 
           // Should display new field limit
@@ -816,13 +816,12 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
             expandedDegradedField: 'cloud.project.id',
           });
 
-          const applyButton = await testSubjects.find(
-            'datasetQualityIncreaseFieldMappingLimitButtonButton'
-          );
-
-          await applyButton.click();
-
           await retry.tryForTime(5000, async () => {
+            const applyButton = await testSubjects.find(
+              'datasetQualityIncreaseFieldMappingLimitButtonButton'
+            );
+            await applyButton.click();
+
             // Should display the error callout
             await testSubjects.existOrFail('datasetQualityDetailsNewFieldLimitErrorCallout');
           });
diff --git a/x-pack/test_serverless/functional/test_suites/observability/screenshot_creation/response_ops_docs/cases/settings.ts b/x-pack/test_serverless/functional/test_suites/observability/screenshot_creation/response_ops_docs/cases/settings.ts
index 63332200a9dd5..d692442c55717 100644
--- a/x-pack/test_serverless/functional/test_suites/observability/screenshot_creation/response_ops_docs/cases/settings.ts
+++ b/x-pack/test_serverless/functional/test_suites/observability/screenshot_creation/response_ops_docs/cases/settings.ts
@@ -10,21 +10,31 @@ import { FtrProviderContext } from '../../../../../ftr_provider_context';
 import { navigateToCasesApp } from '../../../../../../shared/lib/cases';
 
 export default function ({ getPageObject, getPageObjects, getService }: FtrProviderContext) {
+  const retry = getService('retry');
   const svlCases = getService('svlCases');
   const svlCommonScreenshots = getService('svlCommonScreenshots');
+  const svlCommonPage = getPageObject('svlCommonPage');
   const screenshotDirectories = ['response_ops_docs', 'observability_cases'];
   const testSubjects = getService('testSubjects');
   const owner = OBSERVABILITY_OWNER;
 
-  // FLAKY:https://github.com/elastic/kibana/issues/189058
-  describe.skip('Observability case settings', function () {
+  describe('Observability case settings', function () {
+    before(async () => {
+      await svlCommonPage.loginWithPrivilegedRole();
+    });
     after(async () => {
       await svlCases.api.deleteAllCaseItems();
     });
 
     it('case settings screenshots', async () => {
       await navigateToCasesApp(getPageObject, getService, owner);
+      await retry.waitFor('configure-case-button exist', async () => {
+        return await testSubjects.exists('configure-case-button');
+      });
       await testSubjects.click('configure-case-button');
+      await retry.waitFor('add-custom-field exist', async () => {
+        return await testSubjects.exists('add-custom-field');
+      });
       await testSubjects.click('add-custom-field');
       await svlCommonScreenshots.takeScreenshot(
         'observability-cases-custom-fields',
@@ -33,11 +43,17 @@ export default function ({ getPageObject, getPageObjects, getService }: FtrProvi
         700
       );
       await testSubjects.setValue('custom-field-label-input', 'my-field');
+      await retry.waitFor('common-flyout-save exist', async () => {
+        return await testSubjects.exists('common-flyout-save');
+      });
       await testSubjects.click('common-flyout-save');
       await svlCommonScreenshots.takeScreenshot(
         'observability-cases-settings',
         screenshotDirectories
       );
+      await retry.waitFor('add-template exist', async () => {
+        return await testSubjects.exists('add-template');
+      });
       await testSubjects.click('add-template');
       await svlCommonScreenshots.takeScreenshot(
         'observability-cases-templates',
@@ -45,13 +61,21 @@ export default function ({ getPageObject, getPageObjects, getService }: FtrProvi
         1400,
         1000
       );
+      await retry.waitFor('common-flyout-cancel exist', async () => {
+        return await testSubjects.exists('common-flyout-cancel');
+      });
       await testSubjects.click('common-flyout-cancel');
-      await testSubjects.click('dropdown-connectors');
-      await testSubjects.click('dropdown-connector-add-connector');
+      await retry.waitFor('dropdown-connectors exist', async () => {
+        return await testSubjects.exists('dropdown-connectors');
+      });
+      await testSubjects.click('add-new-connector');
       await svlCommonScreenshots.takeScreenshot(
         'observability-cases-add-connector',
         screenshotDirectories
       );
+      await retry.waitFor('euiFlyoutCloseButton exist', async () => {
+        return await testSubjects.exists('euiFlyoutCloseButton');
+      });
       await testSubjects.click('euiFlyoutCloseButton');
     });
   });
diff --git a/x-pack/test_serverless/functional/test_suites/security/ftr/cloud_security_posture/agentless_api/create_agent.ts b/x-pack/test_serverless/functional/test_suites/security/ftr/cloud_security_posture/agentless_api/create_agent.ts
index b26581fb46dfd..7611061398f18 100644
--- a/x-pack/test_serverless/functional/test_suites/security/ftr/cloud_security_posture/agentless_api/create_agent.ts
+++ b/x-pack/test_serverless/functional/test_suites/security/ftr/cloud_security_posture/agentless_api/create_agent.ts
@@ -54,6 +54,22 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) {
       await cisIntegration.selectSetupTechnology('agentless');
       await cisIntegration.selectAwsCredentials('direct');
 
+      if (
+        process.env.TEST_CLOUD &&
+        process.env.CSPM_AWS_ACCOUNT_ID &&
+        process.env.CSPM_AWS_SECRET_KEY
+      ) {
+        await cisIntegration.fillInTextField(
+          cisIntegration.testSubjectIds.DIRECT_ACCESS_KEY_ID_TEST_ID,
+          process.env.CSPM_AWS_ACCOUNT_ID
+        );
+
+        await cisIntegration.fillInTextField(
+          cisIntegration.testSubjectIds.DIRECT_ACCESS_SECRET_KEY_TEST_ID,
+          process.env.CSPM_AWS_SECRET_KEY
+        );
+      }
+
       await pageObjects.header.waitUntilLoadingHasFinished();
 
       await cisIntegration.clickSaveButton();
diff --git a/x-pack/test_serverless/functional/test_suites/security/screenshot_creation/response_ops_docs/cases/settings.ts b/x-pack/test_serverless/functional/test_suites/security/screenshot_creation/response_ops_docs/cases/settings.ts
index 76dd5529cbafc..59e1adab34078 100644
--- a/x-pack/test_serverless/functional/test_suites/security/screenshot_creation/response_ops_docs/cases/settings.ts
+++ b/x-pack/test_serverless/functional/test_suites/security/screenshot_creation/response_ops_docs/cases/settings.ts
@@ -11,14 +11,14 @@ import { navigateToCasesApp } from '../../../../../../shared/lib/cases';
 
 export default function ({ getPageObject, getPageObjects, getService }: FtrProviderContext) {
   const pageObjects = getPageObjects(['common', 'header', 'svlCommonPage', 'svlCommonNavigation']);
+  const retry = getService('retry');
   const svlCases = getService('svlCases');
   const svlCommonScreenshots = getService('svlCommonScreenshots');
   const screenshotDirectories = ['response_ops_docs', 'security_cases'];
   const testSubjects = getService('testSubjects');
   const owner = SECURITY_SOLUTION_OWNER;
 
-  // FLAKY: https://github.com/elastic/kibana/issues/188997
-  describe.skip('security case settings', function () {
+  describe('security case settings', function () {
     after(async () => {
       await svlCases.api.deleteAllCaseItems();
     });
@@ -29,8 +29,14 @@ export default function ({ getPageObject, getPageObjects, getService }: FtrProvi
 
     it('case settings screenshot', async () => {
       await navigateToCasesApp(getPageObject, getService, owner);
+      await retry.waitFor('configure-case-button exist', async () => {
+        return await testSubjects.exists('configure-case-button');
+      });
       await testSubjects.click('configure-case-button');
       await pageObjects.header.waitUntilLoadingHasFinished();
+      await retry.waitFor('add-custom-field exist', async () => {
+        return await testSubjects.exists('add-custom-field');
+      });
       await testSubjects.click('add-custom-field');
       await svlCommonScreenshots.takeScreenshot(
         'security-cases-custom-fields',
@@ -38,9 +44,18 @@ export default function ({ getPageObject, getPageObjects, getService }: FtrProvi
         1400,
         700
       );
+      await retry.waitFor('custom-field-label-input exist', async () => {
+        return await testSubjects.exists('custom-field-label-input');
+      });
       await testSubjects.setValue('custom-field-label-input', 'my-field');
+      await retry.waitFor('common-flyout-save exist', async () => {
+        return await testSubjects.exists('common-flyout-save');
+      });
       await testSubjects.click('common-flyout-save');
       await svlCommonScreenshots.takeScreenshot('security-cases-settings', screenshotDirectories);
+      await retry.waitFor('add-template to exist', async () => {
+        return await testSubjects.exists('add-template');
+      });
       await testSubjects.click('add-template');
       await svlCommonScreenshots.takeScreenshot(
         'security-cases-templates',
@@ -48,11 +63,10 @@ export default function ({ getPageObject, getPageObjects, getService }: FtrProvi
         1400,
         1000
       );
+      await retry.waitFor('common-flyout-cancel to exist', async () => {
+        return await testSubjects.exists('common-flyout-cancel');
+      });
       await testSubjects.click('common-flyout-cancel');
-      await testSubjects.click('dropdown-connectors');
-      await testSubjects.click('dropdown-connector-add-connector');
-      await svlCommonScreenshots.takeScreenshot('security-cases-connectors', screenshotDirectories);
-      await testSubjects.click('euiFlyoutCloseButton');
     });
   });
 }
diff --git a/yarn.lock b/yarn.lock
index ca28b48ef37c4..a6befe6cf3110 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -5322,6 +5322,10 @@
   version "0.0.0"
   uid ""
 
+"@kbn/index-adapter@link:packages/kbn-index-adapter":
+  version "0.0.0"
+  uid ""
+
 "@kbn/index-lifecycle-management-common-shared@link:x-pack/packages/index-lifecycle-management/index_lifecycle_management_common_shared":
   version "0.0.0"
   uid ""
@@ -5910,7 +5914,15 @@
   version "0.0.0"
   uid ""
 
-"@kbn/observability-utils@link:x-pack/packages/observability/observability_utils":
+"@kbn/observability-utils-browser@link:x-pack/packages/observability/observability_utils/observability_utils_browser":
+  version "0.0.0"
+  uid ""
+
+"@kbn/observability-utils-common@link:x-pack/packages/observability/observability_utils/observability_utils_common":
+  version "0.0.0"
+  uid ""
+
+"@kbn/observability-utils-server@link:x-pack/packages/observability/observability_utils/observability_utils_server":
   version "0.0.0"
   uid ""
 
@@ -6906,6 +6918,10 @@
   version "0.0.0"
   uid ""
 
+"@kbn/streams-plugin@link:x-pack/plugins/streams":
+  version "0.0.0"
+  uid ""
+
 "@kbn/synthetics-e2e@link:x-pack/plugins/observability_solution/synthetics/e2e":
   version "0.0.0"
   uid ""