[Contextual Security] SIEM Readiness Coverage All Rules Bug Fix

[animehart]

Summary

This PR is to address the Fix for the recently merged SIEM Readiness All Rules panel where Installed integration shows up when there are 0 Enabled Rules

This Issue was caused because the Installed integration was purely from packages API. We instead should be comparing those result with the list of related_integrations we get from the rules

** Before **

** After **

[animehart]

/ci

[animehart]

/ci

[elasticmachine]

Pinging @elastic/contextual-security-apps (Team:Cloud Security)

[animehart]

/ci

[Copilot]

Pull request overview

This PR fixes a bug in the SIEM Readiness Coverage All Rules panel where installed integrations were incorrectly displayed even when there were zero enabled rules. The fix ensures that only integrations related to enabled rules are shown in the installed/missing integrations lists.

Changes:

• Modified integration filtering logic to derive installed/missing integrations from enabled rules rather than purely from the packages API
• Added memoized computation to extract integrations from enabled rules and compare with installed packages
• Updated type definition to include enabled field in RelatedIntegrationRuleResponse

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File	Description
x-pack/solutions/security/plugins/security_solution/public/siem_readiness/pages/tabs/coverage_tab/rule_coverage_panels/all_rules.tsx	Refactored integration filtering to only include integrations from enabled rules, replacing direct usage of installedIntegrationRules coverage data
x-pack/solutions/security/packages/siem-readiness/src/types.ts	Added enabled field to RelatedIntegrationRuleResponse type definition

[Copilot]

The enabled field appears to be misplaced in the type definition. Based on the usage in all_rules.tsx where rule.enabled is accessed as a boolean and rule.related_integrations is accessed as an array, the enabled field should be a boolean property at the same level as related_integrations, not an array of integration objects. The current definition suggests enabled contains integration data rather than representing the rule's enabled state.

Suggested change

	enabled: { package: string; version?: string; integration?: string }[] | undefined;
	enabled: boolean;

[Copilot]

The new logic for filtering integrations from enabled rules lacks test coverage. This is critical functionality that determines which integrations are displayed as installed or missing. Tests should verify: (1) integrations are correctly extracted from enabled rules only, (2) disabled rules are properly excluded, (3) the intersection logic between related and installed integrations works correctly, and (4) edge cases like rules without related_integrations are handled.

[elasticmachine]

💛 Build succeeded, but was flaky

• Buildkite Build
• Commit: 01a3c60

Failed CI Steps

• FTR Configs #44

Test Failures

• [job] [logs] FTR Configs #44 / Endpoint plugin @ess @serverless @skipInServerlessMKI When attempting to call an endpoint api "before all" hook in "@ess @serverless @skipInServerlessMKI When attempting to call an endpoint api"

Metrics [docs]

Public APIs missing comments

Total count of every public API that lacks a comment. Target amount is 0. Run node scripts/build_api_docs --plugin [yourplugin] --stats comments for more detailed information.

id	before	after	diff
@kbn/siem-readiness	64	65	+1

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id	before	after	diff
securitySolution	10.8MB	10.8MB	+176.0B

Unknown metric groups

API count

id	before	after	diff
@kbn/siem-readiness	64	65	+1

History

• 💛 Build #389594 was flaky 651c2f6
• 💛 Build #388359 was flaky a869eae
• 💛 Build #387096 was flaky e9b762a
• 💛 Build #386251 was flaky 24ee3a6
• 💛 Build #385202 was flaky 21f1feb
• 💔 Build #385009 failed e9ba7e0