[Security Solution] Siem migrations remove nested fields from rules m…

…apping (elastic#207086)

## Summary

Removes the `type: "nested"` from `elastic_rule`, `original_rule` and
`original_rule.annotations` fields.

The nested type would be necessary only if we had multiple objects in
those fields and we wanted to query multiple nested fields as individual
entities.

There's no need to define these fields as nested and doing so adds some
limitations and complexities, so we changed that to plain objects.

This change does not cause any behavioral change. It will only provide
the possibility of seeing the object values in discover:

#### Discover

Before:
![discover
before](https://github.com/user-attachments/assets/0ab4e7f1-83f1-4672-942a-b972970c472b)

After:
![discover
after](https://github.com/user-attachments/assets/1d716e4f-8117-4bf9-a70f-c081a6219ae6)

#### Mappings

Before:

![console
nested](https://github.com/user-attachments/assets/f49cda1b-3f58-4c39-884f-3bf29a4f4d7f)

After

![console not
nested](https://github.com/user-attachments/assets/60e1f256-2fd0-421a-9997-d5438349b0c6)

---------

Co-authored-by: Elastic Machine <[email protected]>

x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/data/rule_migrations_field_maps.ts

@@ -17,16 +17,16 @@ export const ruleMigrationsFieldMap: FieldMap<SchemaFieldMapKeys<Omit<RuleMigrat
   migration_id: { type: 'keyword', required: true },
   created_by: { type: 'keyword', required: true },
   status: { type: 'keyword', required: true },
-  original_rule: { type: 'nested', required: true },
+  original_rule: { type: 'object', required: true },
   'original_rule.vendor': { type: 'keyword', required: true },
   'original_rule.id': { type: 'keyword', required: true },
   'original_rule.title': { type: 'text', required: true, fields: { keyword: { type: 'keyword' } } },
   'original_rule.description': { type: 'text', required: false },
   'original_rule.query': { type: 'text', required: true },
   'original_rule.query_language': { type: 'keyword', required: true },
-  'original_rule.annotations': { type: 'nested', required: false },
+  'original_rule.annotations': { type: 'object', required: false },
   'original_rule.annotations.mitre_attack': { type: 'keyword', array: true, required: false },
-  elastic_rule: { type: 'nested', required: false },
+  elastic_rule: { type: 'object', required: false },
   'elastic_rule.title': { type: 'text', required: true, fields: { keyword: { type: 'keyword' } } },
   'elastic_rule.integration_ids': { type: 'keyword', required: false, array: true },
   'elastic_rule.query': { type: 'text', required: true },

x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/data/search.ts

@@ -31,50 +31,25 @@ export const conditions = {
     return { bool: { must_not: conditions.isUntranslatable() } };
   },
   isInstalled(): QueryDslQueryContainer {
-    return {
-      nested: {
-        path: 'elastic_rule',
-        query: { exists: { field: 'elastic_rule.id' } },
-      },
-    };
+    return { exists: { field: 'elastic_rule.id' } };
   },
   isNotInstalled(): QueryDslQueryContainer {
-    return {
-      nested: {
-        path: 'elastic_rule',
-        query: { bool: { must_not: { exists: { field: 'elastic_rule.id' } } } },
-      },
-    };
+    return { bool: { must_not: conditions.isInstalled() } };
   },
   isPrebuilt(): QueryDslQueryContainer {
-    return {
-      nested: {
-        path: 'elastic_rule',
-        query: { exists: { field: 'elastic_rule.prebuilt_rule_id' } },
-      },
-    };
+    return { exists: { field: 'elastic_rule.prebuilt_rule_id' } };
   },
   isCustom(): QueryDslQueryContainer {
-    return {
-      nested: {
-        path: 'elastic_rule',
-        query: { bool: { must_not: { exists: { field: 'elastic_rule.prebuilt_rule_id' } } } },
-      },
-    };
+    return { bool: { must_not: conditions.isPrebuilt() } };
   },
   matchTitle(title: string): QueryDslQueryContainer {
-    return {
-      nested: {
-        path: 'elastic_rule',
-        query: { match: { 'elastic_rule.title': title } },
-      },
-    };
+    return { match: { 'elastic_rule.title': title } };
   },
   isInstallable(): QueryDslQueryContainer[] {
-    return [this.isFullyTranslated(), this.isNotInstalled()];
+    return [conditions.isFullyTranslated(), conditions.isNotInstalled()];
   },
   isNotInstallable(): QueryDslQueryContainer[] {
-    return [this.isNotFullyTranslated(), this.isInstalled()];
+    return [conditions.isNotFullyTranslated(), conditions.isInstalled()];
   },
   isFailed(): QueryDslQueryContainer {
     return { term: { status: SiemMigrationStatus.FAILED } };

x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/data/sort.ts

@@ -21,7 +21,6 @@ const sortingOptions = {
       {
         'elastic_rule.prebuilt_rule_id': {
           order: direction,
-          nested: { path: 'elastic_rule' },
           missing: sortMissingValue(direction),
         },
       },
@@ -47,7 +46,6 @@ const sortingOptions = {
           `,
             lang: 'painless',
           },
-          nested: { path: 'elastic_rule' },
         },
       },
     ];
@@ -87,7 +85,6 @@ const sortingOptions = {
           `,
             lang: 'painless',
           },
-          nested: { path: 'elastic_rule' },
         },
       },
     ];
@@ -96,9 +93,7 @@ const sortingOptions = {
     return [{ updated_at: direction }];
   },
   name(direction: estypes.SortOrder = 'asc'): estypes.SortCombinations[] {
-    return [
-      { 'elastic_rule.title.keyword': { order: direction, nested: { path: 'elastic_rule' } } },
-    ];
+    return [{ 'elastic_rule.title.keyword': direction }];
   },
 };