[Security Solution] Prebuilt rules marked as customized after applying updates

[xcrzx]

Summary

Non-customized rules are incorrectly marked as customized after applying an update.

Steps to Reproduce

1. Enable the rule customization feature flag
2. Install rules from an older package version.
3. Upgrade the rules package to the latest version.
4. Find any upgradable rule without conflicts.
5. Update the rule to the latest version accepting all incoming changes.

Expected Result

The rule is upgraded and remains marked as non-customized.

Actual Result

The rule is upgraded but is incorrectly marked as customized.

Initial analysis shows a difference in the lookback field between the saved updated rule and the target version. The value changes from -60s to 240s.

[elasticmachine]

Pinging @elastic/security-solution (Team: SecuritySolution)

[elasticmachine]

Pinging @elastic/security-detections-response (Team:Detections and Resp)

[elasticmachine]

Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management)

[banderror]

@xcrzx Is it with the feature flag ON or OFF?