[Security Solution] Added concurrency limits and request throttling t…

…o prebuilt rule routes (#209551) **Resolves: #208357 **Resolves: #208355 ## Summary To prevent possible OOM errors, we need to limit concurrent requests to prebuilt rule routes (see attached tickets for more details). - `installation/_perform` and `upgrade/_perform` endpoints - Concurrency is limited to one parallel call. If another call is made simultaneously, the server responds with 429 Too Many Requests. - On the front end, all rule install and upgrade operations are retried in case of a 429 response. This ensures proper handling when a user clicks multiple times an update or install rule buttons - `prebuilt_rules/_bootstrap` endpoint - Install prebuilt rules and endpoint packages sequentially instead of in parallel to prevent from having them both downloaded into memory simultaneously. - Added a 30-minute socket timeout to prevent the proxy from closing the connection while rule installation is in progress. - Introduced a `throttleRequests` wrapper, ensuring the endpoint handler is called only once when multiple concurrent requests are received. - The first request triggers the handler, while subsequent requests wait for the first one to complete and reuse its result. - This prevents costly prebuilt rule package installation from running in parallel. - Reusing the response ensures the frontend correctly invalidates cached prebuilt rule queries. Since concurrent frontend requests should receive the same installed package information, responding with 421 and using the retry logic as in cases above is not an option here because the second request would receive a package installation skipped response leading to no cache invalidation. - `installation/_review` and `upgrade/_review` endpoints - Concurrency is limited to one parallel call. If another call is made simultaneously, the server responds with 429 Too Many Requests. - On the front end, all rule install and upgrade operations are retried in case of a 429 response. This ensures proper handling when a user clicks multiple times an update or install rule buttons (cherry picked from commit c5557f3) # Conflicts: # x-pack/plugins/security_solution/public/detection_engine/rule_management/api/hooks/prebuilt_rules/capped_exponential_backoff.ts # x-pack/plugins/security_solution/public/detection_engine/rule_management/api/hooks/prebuilt_rules/retry_on_rate_limited_error.ts # x-pack/plugins/security_solution/public/detection_engine/rule_management/api/hooks/prebuilt_rules/use_bootstrap_prebuilt_rules.ts # x-pack/plugins/security_solution/public/detection_engine/rule_management/api/hooks/prebuilt_rules/use_perform_specific_rules_upgrade_mutation.ts # x-pack/plugins/security_solution/public/detection_engine/rule_management/api/hooks/use_bootstrap_prebuilt_rules.ts # x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/bootstrap_prebuilt_rules/bootstrap_prebuilt_rules_handler.ts # x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/perform_rule_upgrade/perform_rule_upgrade_route.ts # x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/review_rule_installation/review_rule_installation_handler.ts # x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/review_rule_installation/review_rule_installation_route.ts # x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/review_rule_upgrade/review_rule_upgrade_handler.ts # x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/review_rule_upgrade/review_rule_upgrade_route.ts # x-pack/plugins/security_solution/server/utils/throttle_requests.test.ts # x-pack/plugins/security_solution/server/utils/throttle_requests.ts # x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management/api/hooks/use_bootstrap_prebuilt_rules.ts # x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/upgrade_prebuilt_rules_table/translations.tsx # x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/upgrade_prebuilt_rules_table/upgrade_prebuilt_rules_table_context.tsx
elastic · Feb 12, 2025 · a6c4954 · a6c4954
1 parent c16c2de
commit a6c4954
Show file tree

Hide file tree

Showing 21 changed files with 565 additions and 263 deletions.
diff --git a/...c/detection_engine/rule_management/api/hooks/prebuilt_rules/capped_exponential_backoff.ts b/...c/detection_engine/rule_management/api/hooks/prebuilt_rules/capped_exponential_backoff.ts
@@ -0,0 +1,20 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+const MAX_BACKOFF = 30000;
+
+/**
+ * Calculates a backoff delay using an exponential growth formula, capped by a
+ * predefined maximum value.
+ *
+ * @param failedAttempts - The number of consecutive failed attempts.
+ * @returns The calculated backoff delay, in milliseconds.
+ */
+export const cappedExponentialBackoff = (failedAttempts: number) => {
+  const backoff = Math.min(1000 * 2 ** failedAttempts, MAX_BACKOFF);
+  return backoff;
+};
diff --git a/.../detection_engine/rule_management/api/hooks/prebuilt_rules/retry_on_rate_limited_error.ts b/.../detection_engine/rule_management/api/hooks/prebuilt_rules/retry_on_rate_limited_error.ts
@@ -0,0 +1,22 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { get } from 'lodash';
+
+/*
+  Prebuilt rule operations like install and upgrade are rate limited to one at a
+  time. In most cases it is fine to wait for the other operation to finish using
+  the retry logic.
+
+  429 can be caused by a user clicking multiple times on the install or upgrade
+  rule buttons and in most cases the operations can be performed in succession
+  without any conflicts.
+  */
+export const retryOnRateLimitedError = (failureCount: number, error: unknown) => {
+  const statusCode = get(error, 'response.status');
+  return statusCode === 429;
+};
diff --git a/...api/hooks/use_bootstrap_prebuilt_rules.ts → ...ilt_rules/use_bootstrap_prebuilt_rules.ts b/...api/hooks/use_bootstrap_prebuilt_rules.ts → ...ilt_rules/use_bootstrap_prebuilt_rules.ts
@@ -6,18 +6,18 @@
  */
 import type { UseMutationOptions } from '@tanstack/react-query';
 import { useMutation } from '@tanstack/react-query';
-import { BOOTSTRAP_PREBUILT_RULES_URL } from '../../../../../common/api/detection_engine';
-import type { BootstrapPrebuiltRulesResponse } from '../../../../../common/api/detection_engine/prebuilt_rules/bootstrap_prebuilt_rules/bootstrap_prebuilt_rules.gen';
-import { PREBUILT_RULES_PACKAGE_NAME } from '../../../../../common/detection_engine/constants';
-import { bootstrapPrebuiltRules } from '../api';
-import { useInvalidateFetchPrebuiltRulesInstallReviewQuery } from './prebuilt_rules/use_fetch_prebuilt_rules_install_review_query';
-import { useInvalidateFetchPrebuiltRulesStatusQuery } from './prebuilt_rules/use_fetch_prebuilt_rules_status_query';
-import { useInvalidateFetchPrebuiltRulesUpgradeReviewQuery } from './prebuilt_rules/use_fetch_prebuilt_rules_upgrade_review_query';
+import { BOOTSTRAP_PREBUILT_RULES_URL } from '../../../../../../common/api/detection_engine';
+import type { BootstrapPrebuiltRulesResponse } from '../../../../../../common/api/detection_engine/prebuilt_rules/bootstrap_prebuilt_rules/bootstrap_prebuilt_rules.gen';
+import { PREBUILT_RULES_PACKAGE_NAME } from '../../../../../../common/detection_engine/constants';
+import { bootstrapPrebuiltRules } from '../../api';
+import { useInvalidateFetchPrebuiltRulesInstallReviewQuery } from './use_fetch_prebuilt_rules_install_review_query';
+import { useInvalidateFetchPrebuiltRulesStatusQuery } from './use_fetch_prebuilt_rules_status_query';
+import { useInvalidateFetchPrebuiltRulesUpgradeReviewQuery } from './use_fetch_prebuilt_rules_upgrade_review_query';
 
 export const BOOTSTRAP_PREBUILT_RULES_KEY = ['POST', BOOTSTRAP_PREBUILT_RULES_URL];
 
 export const useBootstrapPrebuiltRulesMutation = (
-  options?: UseMutationOptions<BootstrapPrebuiltRulesResponse, Error>
+  options?: UseMutationOptions<BootstrapPrebuiltRulesResponse>
 ) => {
   const invalidatePrePackagedRulesStatus = useInvalidateFetchPrebuiltRulesStatusQuery();
   const invalidatePrebuiltRulesInstallReview = useInvalidateFetchPrebuiltRulesInstallReviewQuery();
@@ -26,7 +26,7 @@ export const useBootstrapPrebuiltRulesMutation = (
   return useMutation(() => bootstrapPrebuiltRules(), {
     ...options,
     mutationKey: BOOTSTRAP_PREBUILT_RULES_KEY,
-    onSettled: (...args) => {
+    onSuccess: (...args) => {
       const response = args[0];
       if (
         response?.packages.find((pkg) => pkg.name === PREBUILT_RULES_PACKAGE_NAME)?.status ===
@@ -40,8 +40,8 @@ export const useBootstrapPrebuiltRulesMutation = (
         invalidatePrebuiltRulesUpdateReview();
       }
 
-      if (options?.onSettled) {
-        options.onSettled(...args);
+      if (options?.onSuccess) {
+        options.onSuccess(...args);
       }
     },
   });

diff --git a/...rule_management/api/hooks/prebuilt_rules/use_fetch_prebuilt_rules_install_review_query.ts b/...rule_management/api/hooks/prebuilt_rules/use_fetch_prebuilt_rules_install_review_query.ts
@@ -11,6 +11,8 @@ import { reviewRuleInstall } from '../../api';
 import { REVIEW_RULE_INSTALLATION_URL } from '../../../../../../common/api/detection_engine/prebuilt_rules/urls';
 import type { ReviewRuleInstallationResponseBody } from '../../../../../../common/api/detection_engine/prebuilt_rules';
 import { DEFAULT_QUERY_OPTIONS } from '../constants';
+import { retryOnRateLimitedError } from './retry_on_rate_limited_error';
+import { cappedExponentialBackoff } from './capped_exponential_backoff';
 
 export const REVIEW_RULE_INSTALLATION_QUERY_KEY = ['POST', REVIEW_RULE_INSTALLATION_URL];
 
@@ -26,6 +28,8 @@ export const useFetchPrebuiltRulesInstallReviewQuery = (
     {
       ...DEFAULT_QUERY_OPTIONS,
       ...options,
+      retry: retryOnRateLimitedError,
+      retryDelay: cappedExponentialBackoff,
     }
   );
 };

diff --git a/...rule_management/api/hooks/prebuilt_rules/use_fetch_prebuilt_rules_upgrade_review_query.ts b/...rule_management/api/hooks/prebuilt_rules/use_fetch_prebuilt_rules_upgrade_review_query.ts
@@ -11,6 +11,8 @@ import { reviewRuleUpgrade } from '../../api';
 import { REVIEW_RULE_UPGRADE_URL } from '../../../../../../common/api/detection_engine/prebuilt_rules/urls';
 import type { ReviewRuleUpgradeResponseBody } from '../../../../../../common/api/detection_engine/prebuilt_rules';
 import { DEFAULT_QUERY_OPTIONS } from '../constants';
+import { retryOnRateLimitedError } from './retry_on_rate_limited_error';
+import { cappedExponentialBackoff } from './capped_exponential_backoff';
 
 export const REVIEW_RULE_UPGRADE_QUERY_KEY = ['POST', REVIEW_RULE_UPGRADE_URL];
 
@@ -26,6 +28,8 @@ export const useFetchPrebuiltRulesUpgradeReviewQuery = (
     {
       ...DEFAULT_QUERY_OPTIONS,
       ...options,
+      retry: retryOnRateLimitedError,
+      retryDelay: cappedExponentialBackoff,
     }
   );
 };

diff --git a/...engine/rule_management/api/hooks/prebuilt_rules/use_perform_all_rules_install_mutation.ts b/...engine/rule_management/api/hooks/prebuilt_rules/use_perform_all_rules_install_mutation.ts
@@ -8,13 +8,15 @@ import type { UseMutationOptions } from '@tanstack/react-query';
 import { useMutation } from '@tanstack/react-query';
 import type { PerformRuleInstallationResponseBody } from '../../../../../../common/api/detection_engine/prebuilt_rules';
 import { PERFORM_RULE_INSTALLATION_URL } from '../../../../../../common/api/detection_engine/prebuilt_rules/urls';
-import { useInvalidateFetchPrebuiltRulesStatusQuery } from './use_fetch_prebuilt_rules_status_query';
-import { useInvalidateFindRulesQuery } from '../use_find_rules_query';
+import { performInstallAllRules } from '../../api';
+import { useInvalidateFetchCoverageOverviewQuery } from '../use_fetch_coverage_overview_query';
 import { useInvalidateFetchRuleManagementFiltersQuery } from '../use_fetch_rule_management_filters_query';
 import { useInvalidateFetchRulesSnoozeSettingsQuery } from '../use_fetch_rules_snooze_settings_query';
+import { useInvalidateFindRulesQuery } from '../use_find_rules_query';
+import { retryOnRateLimitedError } from './retry_on_rate_limited_error';
 import { useInvalidateFetchPrebuiltRulesInstallReviewQuery } from './use_fetch_prebuilt_rules_install_review_query';
-import { performInstallAllRules } from '../../api';
-import { useInvalidateFetchCoverageOverviewQuery } from '../use_fetch_coverage_overview_query';
+import { useInvalidateFetchPrebuiltRulesStatusQuery } from './use_fetch_prebuilt_rules_status_query';
+import { cappedExponentialBackoff } from './capped_exponential_backoff';
 
 export const PERFORM_ALL_RULES_INSTALLATION_KEY = [
   'POST',
@@ -23,7 +25,7 @@ export const PERFORM_ALL_RULES_INSTALLATION_KEY = [
 ];
 
 export const usePerformAllRulesInstallMutation = (
-  options?: UseMutationOptions<PerformRuleInstallationResponseBody, Error>
+  options?: UseMutationOptions<PerformRuleInstallationResponseBody>
 ) => {
   const invalidateFindRulesQuery = useInvalidateFindRulesQuery();
   const invalidateFetchRulesSnoozeSettings = useInvalidateFetchRulesSnoozeSettingsQuery();
@@ -33,7 +35,7 @@ export const usePerformAllRulesInstallMutation = (
   const invalidateRuleStatus = useInvalidateFetchPrebuiltRulesStatusQuery();
   const invalidateFetchCoverageOverviewQuery = useInvalidateFetchCoverageOverviewQuery();
 
-  return useMutation<PerformRuleInstallationResponseBody, Error>(() => performInstallAllRules(), {
+  return useMutation<PerformRuleInstallationResponseBody>(() => performInstallAllRules(), {
     ...options,
     mutationKey: PERFORM_ALL_RULES_INSTALLATION_KEY,
     onSettled: (...args) => {
@@ -49,5 +51,7 @@ export const usePerformAllRulesInstallMutation = (
         options.onSettled(...args);
       }
     },
+    retry: retryOnRateLimitedError,
+    retryDelay: cappedExponentialBackoff,
   });
 };
diff --git a/...e/rule_management/api/hooks/prebuilt_rules/use_perform_specific_rules_install_mutation.ts b/...e/rule_management/api/hooks/prebuilt_rules/use_perform_specific_rules_install_mutation.ts
@@ -11,15 +11,17 @@ import type {
   PerformRuleInstallationResponseBody,
 } from '../../../../../../common/api/detection_engine/prebuilt_rules';
 import { PERFORM_RULE_INSTALLATION_URL } from '../../../../../../common/api/detection_engine/prebuilt_rules/urls';
-import { useInvalidateFetchPrebuiltRulesStatusQuery } from './use_fetch_prebuilt_rules_status_query';
-import { useInvalidateFindRulesQuery } from '../use_find_rules_query';
-import { useInvalidateFetchRuleManagementFiltersQuery } from '../use_fetch_rule_management_filters_query';
-import { useInvalidateFetchRulesSnoozeSettingsQuery } from '../use_fetch_rules_snooze_settings_query';
-import { useInvalidateFetchPrebuiltRulesInstallReviewQuery } from './use_fetch_prebuilt_rules_install_review_query';
 import type { BulkAction } from '../../api';
 import { performInstallSpecificRules } from '../../api';
-import { useInvalidateFetchCoverageOverviewQuery } from '../use_fetch_coverage_overview_query';
 import { useBulkActionMutation } from '../use_bulk_action_mutation';
+import { useInvalidateFetchCoverageOverviewQuery } from '../use_fetch_coverage_overview_query';
+import { useInvalidateFetchRuleManagementFiltersQuery } from '../use_fetch_rule_management_filters_query';
+import { useInvalidateFetchRulesSnoozeSettingsQuery } from '../use_fetch_rules_snooze_settings_query';
+import { useInvalidateFindRulesQuery } from '../use_find_rules_query';
+import { retryOnRateLimitedError } from './retry_on_rate_limited_error';
+import { useInvalidateFetchPrebuiltRulesInstallReviewQuery } from './use_fetch_prebuilt_rules_install_review_query';
+import { useInvalidateFetchPrebuiltRulesStatusQuery } from './use_fetch_prebuilt_rules_status_query';
+import { cappedExponentialBackoff } from './capped_exponential_backoff';
 
 export const PERFORM_SPECIFIC_RULES_INSTALLATION_KEY = [
   'POST',
@@ -35,7 +37,7 @@ export interface UsePerformSpecificRulesInstallParams {
 export const usePerformSpecificRulesInstallMutation = (
   options?: UseMutationOptions<
     PerformRuleInstallationResponseBody,
-    Error,
+    unknown,
     UsePerformSpecificRulesInstallParams
   >
 ) => {
@@ -51,7 +53,7 @@ export const usePerformSpecificRulesInstallMutation = (
 
   return useMutation<
     PerformRuleInstallationResponseBody,
-    Error,
+    unknown,
     UsePerformSpecificRulesInstallParams
   >(
     (rulesToInstall: UsePerformSpecificRulesInstallParams) =>
@@ -81,6 +83,8 @@ export const usePerformSpecificRulesInstallMutation = (
           options.onSettled(...args);
         }
       },
+      retry: retryOnRateLimitedError,
+      retryDelay: cappedExponentialBackoff,
     }
   );
 };
diff --git a/...e/rule_management/api/hooks/prebuilt_rules/use_perform_specific_rules_upgrade_mutation.ts b/...e/rule_management/api/hooks/prebuilt_rules/use_perform_specific_rules_upgrade_mutation.ts
@@ -12,13 +12,15 @@ import type {
   UpgradeSpecificRulesRequest,
 } from '../../../../../../common/api/detection_engine/prebuilt_rules';
 import { PERFORM_RULE_UPGRADE_URL } from '../../../../../../common/api/detection_engine/prebuilt_rules/urls';
-import { useInvalidateFetchPrebuiltRulesStatusQuery } from './use_fetch_prebuilt_rules_status_query';
-import { useInvalidateFindRulesQuery } from '../use_find_rules_query';
+import { performUpgradeSpecificRules } from '../../api';
+import { useInvalidateFetchCoverageOverviewQuery } from '../use_fetch_coverage_overview_query';
 import { useInvalidateFetchRuleManagementFiltersQuery } from '../use_fetch_rule_management_filters_query';
 import { useInvalidateFetchRulesSnoozeSettingsQuery } from '../use_fetch_rules_snooze_settings_query';
-import { performUpgradeSpecificRules } from '../../api';
+import { useInvalidateFindRulesQuery } from '../use_find_rules_query';
+import { useInvalidateFetchPrebuiltRulesStatusQuery } from './use_fetch_prebuilt_rules_status_query';
 import { useInvalidateFetchPrebuiltRulesUpgradeReviewQuery } from './use_fetch_prebuilt_rules_upgrade_review_query';
-import { useInvalidateFetchCoverageOverviewQuery } from '../use_fetch_coverage_overview_query';
+import { retryOnRateLimitedError } from './retry_on_rate_limited_error';
+import { cappedExponentialBackoff } from './capped_exponential_backoff';
 
 export const PERFORM_SPECIFIC_RULES_UPGRADE_KEY = [
   'POST',
@@ -64,6 +66,8 @@ export const usePerformSpecificRulesUpgradeMutation = (
           options.onSettled(...args);
         }
       },
+      retry: retryOnRateLimitedError,
+      retryDelay: cappedExponentialBackoff,
     }
   );
 };
diff --git a/...y_solution/public/detection_engine/rule_management/logic/use_upgrade_security_packages.ts b/...y_solution/public/detection_engine/rule_management/logic/use_upgrade_security_packages.ts
@@ -10,7 +10,7 @@ import { useEffect } from 'react';
 import {
   BOOTSTRAP_PREBUILT_RULES_KEY,
   useBootstrapPrebuiltRulesMutation,
-} from '../api/hooks/use_bootstrap_prebuilt_rules';
+} from '../api/hooks/prebuilt_rules/use_bootstrap_prebuilt_rules';
 
 /**
  * Install or upgrade the security packages (endpoint and prebuilt rules)

diff --git a/...t_ui/components/rules_table/add_prebuilt_rules_table/add_prebuilt_rules_table_context.tsx b/...t_ui/components/rules_table/add_prebuilt_rules_table/add_prebuilt_rules_table_context.tsx
@@ -166,6 +166,8 @@ export const AddPrebuiltRulesTableContextProvider = ({
           rules: [{ rule_id: ruleId, version: rule.version }],
           enable,
         });
+      } catch {
+        // Error is handled by the mutation's onError callback, so no need to do anything here
       } finally {
         setLoadingRules((prev) => prev.filter((id) => id !== ruleId));
       }
@@ -182,6 +184,8 @@ export const AddPrebuiltRulesTableContextProvider = ({
       setLoadingRules((prev) => [...prev, ...rulesToUpgrade.map((r) => r.rule_id)]);
       try {
         await installSpecificRulesRequest({ rules: rulesToUpgrade, enable });
+      } catch {
+        // Error is handled by the mutation's onError callback, so no need to do anything here
       } finally {
         setLoadingRules((prev) =>
           prev.filter((id) => !rulesToUpgrade.some((r) => r.rule_id === id))
@@ -197,6 +201,8 @@ export const AddPrebuiltRulesTableContextProvider = ({
     setLoadingRules((prev) => [...prev, ...rules.map((r) => r.rule_id)]);
     try {
       await installAllRulesRequest();
+    } catch {
+      // Error is handled by the mutation's onError callback, so no need to do anything here
     } finally {
       setLoadingRules([]);
       setSelectedRules([]);

diff --git a/.../detection_engine/prebuilt_rules/api/bootstrap_prebuilt_rules/bootstrap_prebuilt_rules.ts b/.../detection_engine/prebuilt_rules/api/bootstrap_prebuilt_rules/bootstrap_prebuilt_rules.ts
@@ -5,16 +5,11 @@
  * 2.0.
  */
 
-import { transformError } from '@kbn/securitysolution-es-utils';
-import type { IKibanaResponse } from '@kbn/core/server';
 import { BOOTSTRAP_PREBUILT_RULES_URL } from '../../../../../../common/api/detection_engine/prebuilt_rules';
-import type { BootstrapPrebuiltRulesResponse } from '../../../../../../common/api/detection_engine/prebuilt_rules/bootstrap_prebuilt_rules/bootstrap_prebuilt_rules.gen';
 import type { SecuritySolutionPluginRouter } from '../../../../../types';
-import { buildSiemResponse } from '../../../routes/utils';
-import {
-  installEndpointPackage,
-  installPrebuiltRulesPackage,
-} from '../install_prebuilt_rules_and_timelines/install_prebuilt_rules_package';
+import { PREBUILT_RULES_OPERATION_SOCKET_TIMEOUT_MS } from '../../constants';
+import { bootstrapPrebuiltRulesHandler } from './bootstrap_prebuilt_rules_handler';
+import { throttleRequests } from '../../../../../utils/throttle_requests';
 
 export const bootstrapPrebuiltRulesRoute = (router: SecuritySolutionPluginRouter) => {
   router.versioned
@@ -26,43 +21,17 @@ export const bootstrapPrebuiltRulesRoute = (router: SecuritySolutionPluginRouter
           requiredPrivileges: ['securitySolution'],
         },
       },
+      options: {
+        timeout: {
+          idleSocket: PREBUILT_RULES_OPERATION_SOCKET_TIMEOUT_MS,
+        },
+      },
     })
     .addVersion(
       {
         version: '1',
         validate: {},
       },
-      async (context, _, response): Promise<IKibanaResponse<BootstrapPrebuiltRulesResponse>> => {
-        const siemResponse = buildSiemResponse(response);
-
-        try {
-          const ctx = await context.resolve(['securitySolution']);
-          const securityContext = ctx.securitySolution;
-          const config = securityContext.getConfig();
-
-          const results = await Promise.all([
-            installPrebuiltRulesPackage(config, securityContext),
-            installEndpointPackage(config, securityContext),
-          ]);
-
-          const responseBody: BootstrapPrebuiltRulesResponse = {
-            packages: results.map((result) => ({
-              name: result.package.name,
-              version: result.package.version,
-              status: result.status,
-            })),
-          };
-
-          return response.ok({
-            body: responseBody,
-          });
-        } catch (err) {
-          const error = transformError(err);
-          return siemResponse.error({
-            body: error.message,
-            statusCode: error.statusCode,
-          });
-        }
-      }
+      throttleRequests(bootstrapPrebuiltRulesHandler)
     );
 };