fixing rule edit rule format

x-pack/plugins/security_solution/cypress/integration/detection_rules/custom_query_rule.spec.ts

@@ -347,8 +347,17 @@ describe('Custom detection rules deletion and edition', () => {
       goToAboutStepTab();
       cy.get(TAGS_CLEAR_BUTTON).click({ force: true });
       fillAboutRule(editedRule);
+
+      cy.intercept('GET', '/api/detection_engine/rules?id').as('getRule');
+
       saveEditedRule();
 
+      cy.wait('@getRule').then(({ response }) => {
+        cy.wrap(response!.statusCode).should('eql', 200);
+        // ensure that editing rule does not modify
+        cy.wrap(response!.body.max_signals).should('eql', existingRule.maxSignals);
+      });
+
       cy.get(RULE_NAME_HEADER).should('have.text', `${editedRule.name}`);
       cy.get(ABOUT_RULE_DESCRIPTION).should('have.text', editedRule.description);
       cy.get(ABOUT_DETAILS).within(() => {

x-pack/plugins/security_solution/cypress/objects/rule.ts

@@ -54,6 +54,7 @@ export interface CustomRule {
   runsEvery: Interval;
   lookBack: Interval;
   timeline: CompleteTimeline;
+  maxSignals: number;
 }
 
 export interface ThresholdRule extends CustomRule {
@@ -174,6 +175,7 @@ export const newRule: CustomRule = {
   runsEvery,
   lookBack,
   timeline,
+  maxSignals: 100,
 };
 
 export const existingRule: CustomRule = {
@@ -192,6 +194,7 @@ export const existingRule: CustomRule = {
   runsEvery,
   lookBack,
   timeline,
+  maxSignals: 500,
 };
 
 export const newOverrideRule: OverrideRule = {
@@ -213,6 +216,7 @@ export const newOverrideRule: OverrideRule = {
   runsEvery,
   lookBack,
   timeline,
+  maxSignals: 100,
 };
 
 export const newThresholdRule: ThresholdRule = {
@@ -232,6 +236,7 @@ export const newThresholdRule: ThresholdRule = {
   runsEvery,
   lookBack,
   timeline,
+  maxSignals: 100,
 };
 
 export const machineLearningRule: MachineLearningRule = {
@@ -265,6 +270,7 @@ export const eqlRule: CustomRule = {
   runsEvery,
   lookBack,
   timeline,
+  maxSignals: 100,
 };
 
 export const eqlSequenceRule: CustomRule = {
@@ -285,6 +291,7 @@ export const eqlSequenceRule: CustomRule = {
   runsEvery,
   lookBack,
   timeline,
+  maxSignals: 100,
 };
 
 export const newThreatIndicatorRule: ThreatIndicatorRule = {
@@ -304,6 +311,7 @@ export const newThreatIndicatorRule: ThreatIndicatorRule = {
   indicatorMapping: 'agent.id',
   indicatorIndexField: 'agent.threat',
   timeline,
+  maxSignals: 100,
 };
 
 export const severitiesOverride = ['Low', 'Medium', 'High', 'Critical'];

x-pack/plugins/security_solution/cypress/tasks/api_calls/rules.ts

@@ -85,6 +85,7 @@ export const createCustomRuleActivated = (rule: CustomRule, ruleId = '1') =>
       language: 'kuery',
       enabled: true,
       tags: ['rule1'],
+      max_signals: 500,
     },
     headers: { 'kbn-xsrf': 'cypress-creds' },
     failOnStatusCode: false,

x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/edit/index.tsx

@@ -18,6 +18,7 @@ import { FormattedMessage } from '@kbn/i18n/react';
 import React, { FC, memo, useCallback, useEffect, useMemo, useRef, useState } from 'react';
 import { useParams, useHistory } from 'react-router-dom';
 
+import { DEFAULT_MAX_SIGNALS } from '../../../../../common/constants';
 import { UpdateRulesSchema } from '../../../../../../common/detection_engine/schemas/request';
 import { useRule, useUpdateRule } from '../../../../containers/detection_engine/rules';
 import { useListsConfig } from '../../../../containers/detection_engine/lists/use_lists_config';
@@ -251,6 +252,7 @@ const EditRulePageComponent: FC = () => {
           rule
         ),
         ...(ruleId ? { id: ruleId } : {}),
+        ...(rule != null ? rule.max_signals : DEFAULT_MAX_SIGNALS),
       });
     }
   }, [