[Security Solution] [Detections] Adds support for system actions (and cases action) to detection rules

x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/create_rule/route.ts

@@ -56,11 +56,10 @@ export const createRuleRoute = (router: SecuritySolutionPluginRouter): void => {
             'lists',
             'actions',
           ]);
-
+          const actionsClient = ctx.actions.getActionsClient();
           const rulesClient = ctx.alerting.getRulesClient();
-          const detectionRulesClient = ctx.securitySolution.getDetectionRulesClient();
+          const detectionRulesClient = ctx.securitySolution.getDetectionRulesClient(actionsClient);
           const exceptionsClient = ctx.lists?.getExceptionListClient();
-          const actionsClient = ctx.actions.getActionsClient();
 
           if (request.body.rule_id != null) {
             const rule = await readRules({

x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/detection_rules_client.ts

@@ -6,6 +6,8 @@
  */
 
 import type { RulesClient } from '@kbn/alerting-plugin/server';
+import type { ActionsClient } from '@kbn/actions-plugin/server';
+
 import type { MlAuthz } from '../../../../machine_learning/authz';
 
 import type { RuleAlertType } from '../../../rule_schema';
@@ -31,12 +33,13 @@ import { importRule } from './methods/import_rule';
 import { withSecuritySpan } from '../../../../../utils/with_security_span';
 
 export const createDetectionRulesClient = (
+  actionsClient?: ActionsClient,
   rulesClient: RulesClient,
   mlAuthz: MlAuthz
 ): IDetectionRulesClient => ({
   async createCustomRule(args: CreateCustomRuleArgs): Promise<RuleAlertType> {
     return withSecuritySpan('DetectionRulesClient.createCustomRule', async () => {
-      return createCustomRule(rulesClient, args, mlAuthz);
+      return createCustomRule(actionsClient, rulesClient, args, mlAuthz);
     });
   },
 

x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/methods/create_custom_rule.ts

@@ -4,7 +4,9 @@
  * 2.0; you may not use this file except in compliance with the Elastic License
  * 2.0.
  */
+import { partition } from 'lodash';
 
+import type { ActionsClient } from '@kbn/actions-plugin/server';
 import type { RulesClient } from '@kbn/alerting-plugin/server';
 import type { CreateCustomRuleArgs } from '../detection_rules_client_interface';
 import type { MlAuthz } from '../../../../../machine_learning/authz';
@@ -14,14 +16,22 @@ import { convertCreateAPIToInternalSchema } from '../../../normalization/rule_co
 import { validateMlAuth } from '../utils';
 
 export const createCustomRule = async (
+  actionsClient?: ActionsClient,
   rulesClient: RulesClient,
   args: CreateCustomRuleArgs,
   mlAuthz: MlAuthz
 ): Promise<RuleAlertType> => {
-  const { params } = args;
-  await validateMlAuth(mlAuthz, params.type);
-
-  const internalRule = convertCreateAPIToInternalSchema(params, { immutable: false });
+  const params = args.params;
+  const [oldActions, systemActions] = partition(params.actions, (action) =>
+    actionsClient.isSystemAction(action.action_type_id)
+  );
+  console.log('SYSTEM ACTIONS', systemActions);
+  console.log('OLD ACTIONS', oldActions);
+  const internalRule = convertCreateAPIToInternalSchema({
+    ...params,
+    actions: oldActions,
+    systemActions,
+  });
   const rule = await rulesClient.create<RuleParams>({
     data: internalRule,
   });

x-pack/plugins/security_solution/server/request_context_factory.ts

@@ -114,7 +114,7 @@ export class RequestContextFactory implements IRequestContextFactory {
 
       getAuditLogger,
 
-      getDetectionRulesClient: memoize(() => {
+      getDetectionRulesClient: memoize((actionsClient) => {
         const mlAuthz = buildMlAuthz({
           license: licensing.license,
           ml: plugins.ml,
@@ -123,6 +123,7 @@ export class RequestContextFactory implements IRequestContextFactory {
         });
 
         return createDetectionRulesClient(
+          actionsClient,
           startPlugins.alerting.getRulesClientWithRequest(request),
           mlAuthz
         );

x-pack/plugins/security_solution/server/types.ts

@@ -11,7 +11,7 @@ import type {
   IRouter,
   KibanaRequest,
 } from '@kbn/core/server';
-import type { ActionsApiRequestHandlerContext } from '@kbn/actions-plugin/server';
+import type { ActionsApiRequestHandlerContext, ActionsClient } from '@kbn/actions-plugin/server';
 import type { AlertingApiRequestHandlerContext } from '@kbn/alerting-plugin/server';
 import type { FleetRequestHandlerContext } from '@kbn/fleet-plugin/server';
 import type { LicensingApiRequestHandlerContext } from '@kbn/licensing-plugin/server';
@@ -45,7 +45,7 @@ export interface SecuritySolutionApiRequestHandlerContext {
   getAppClient: () => AppClient;
   getSpaceId: () => string;
   getRuleDataService: () => IRuleDataService;
-  getDetectionRulesClient: () => IDetectionRulesClient;
+  getDetectionRulesClient: (actionsClient?: ActionsClient) => IDetectionRulesClient;
   getDetectionEngineHealthClient: () => IDetectionEngineHealthClient;
   getRuleExecutionLog: () => IRuleExecutionLogForRoutes;
   getRacClient: (req: KibanaRequest) => Promise<AlertsClient>;