[Security Solution] Deprecate some of the Bulk API endpoints

[xcrzx]

Related to: #126068

Summary

On the frontend side of Elastic Security app, calls to some of our Bulk API endpoints were superseded by calls to the new Bulk Action API. The following endpoints are not used from Kibana anymore:

• detection_engine/rules/_bulk_create
• detection_engine/rules/_bulk_delete
• detection_engine/rules/_bulk_update

This means we don't need these endpoints ourselves, but we might have users who use them from their scripts and tools.

We would like to mark these 3 endpoints as deprecated and, ideally, let the users know:

• when we're going to delete them (presumably after 18 months)
• what APIs they could use instead (presumably the Bulk Action API, especially if we add new create and update actions to it)

Todo

• Figure out the deprecation period
  • UPD: It's 18 months or more: MAX(18 months, time till the next major version).
• Figure out what could be the replacement for the deprecated APIs (not immediately, but eventually)
  • UPD: Bulk actions API should be the replacement for actions like enabling/disabling, duplicating, deleting, or any other new actions in the future. In order to continue bulk creating or updating rules, users will need to switch to normal CRUD endpoints and call them N times in their scripts.
• [DOCS] Mark old rules Bulk API as deprecated security-docs#1729 (PR)
• Mention these deprecations in the release notes (PR)
• Add a Warning: 299 header to responses of the deprecated endpoints. See this example for reference. (PR)
• Log a console warning from each deprecated endpoint. See this example for reference. (PR)
• Add a JSDoc annotation to each deprecated endpoint. See this example for reference. (PR)

These items were converted to tasks to be tracked separately:

• Add telemetry to the deprecated endpoints (or ideally to all Kibana endpoints) to be able to track how many users (still) use these 3 endpoints. It would be great to distinguish between API calls from Kibana and calls from user scripts and tools. ([Security Solution] Add telemetry to gather usage statistics of Security API routes #129484)
• Create a ticket for checking the added telemetry in 6-12 months and making a decision on what to do with the deprecated endpoints. ([Security Solution] Check usages of deprecated bulk APIs to decide whether we can delete them #130963)

Notes

Example PR with Cases endpoint deprecations: #124773

[elasticmachine]

Pinging @elastic/security-detections-response (Team:Detections and Resp)

[elasticmachine]

Pinging @elastic/security-solution (Team: SecuritySolution)

[banderror]

After having a chat with @xcrzx on deprecating the bulk APIs we decided to rephrase this ticket and add everything we will need to do to implement this deprecation. I just updated its title and description.

[xcrzx]

Closing this issue as the leftover items were converted into separate tickets:

• Add telemetry to the deprecated endpoints (or ideally to all Kibana endpoints) to be able to track how many users (still) use these 3 endpoints. It would be great to distinguish between API calls from Kibana and calls from user scripts and tools. ([Security Solution] Add telemetry to gather usage statistics of Security API routes #129484)
• Create a ticket for checking the added telemetry in 6-12 months and making a decision on what to do with the deprecated endpoints. ([Security Solution] Check usages of deprecated bulk APIs to decide whether we can delete them #130963)