[Security Solution] Required fields are getting erased on rule PATCH

[xcrzx]

Summary

After sending a PATCH update to any rule that includes the required_fields field, the field is being erased.

For example, I have a prebuilt rule with required fields:

GET /api/detection_engine/rules?id=e9c05e3b-ca79-4d61-bd9a-44995b8f762d
{
    "id": "e9c05e3b-ca79-4d61-bd9a-44995b8f762d",
    "required_fields": [
        {
            "name": "event.action",
            "type": "keyword",
            "ecs": true
        },
       // ...
    ],
  //... other fields
}

I send a PATCH request to update its description:

PATCH /api/detection_engine/rules
{
    "id": "e9c05e3b-ca79-4d61-bd9a-44995b8f762d",
    "description": "Slightly updated description"
}

After the PATCH, I retrieve the rule and find the required fields are missing:

GET /api/detection_engine/rules?id=e9c05e3b-ca79-4d61-bd9a-44995b8f762d
{
    "id": "e9c05e3b-ca79-4d61-bd9a-44995b8f762d",
    "required_fields": [],
  //... other fields
}

[elasticmachine]

Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management)

[elasticmachine]

Pinging @elastic/security-solution (Team: SecuritySolution)

[elasticmachine]

Pinging @elastic/security-detections-response (Team:Detections and Resp)