[Security Solution][Detections][Threshold Rules] Threshold Rule Bug Fixes (elastic#84918)

* Move threshold dupe detection logic to its own function

* Minor fixup

* Refactor and remove property injection for threshold signals

* Only show aggregatable fields for threshold rule grouping

* Add threshold rule kql filter to timeline

* Remove outdated getThresholdSignalQueryFields tests

* Filter aggregatable fields on client

* Revert "Only show aggregatable fields for threshold rule grouping"

This reverts commit 539fa49.

* Fix bug with incorrect calculation of threshold signal dupes when no threshold field present

* Revert "Add threshold rule kql filter to timeline"

This reverts commit 6482374.

* Add test skeleton

* Finish tests

* Address comment

Author: madirey

x-pack/plugins/security_solution/public/detections/components/rules/step_define_rule/index.tsx

@@ -52,7 +52,7 @@ import {
 } from '../../../../../common/detection_engine/utils';
 import { EqlQueryBar } from '../eql_query_bar';
 import { ThreatMatchInput } from '../threatmatch_input';
-import { useFetchIndex } from '../../../../common/containers/source';
+import { BrowserField, BrowserFields, useFetchIndex } from '../../../../common/containers/source';
 import { PreviewQuery, Threshold } from '../query_preview';
 
 const CommonUseField = getUseField({ component: Field });
@@ -168,6 +168,26 @@ const StepDefineRuleComponent: FC<StepDefineRuleProps> = ({
   const queryBarQuery =
     formQuery != null ? formQuery.query.query : '' || initialState.queryBar.query.query;
   const [indexPatternsLoading, { browserFields, indexPatterns }] = useFetchIndex(index);
+  const aggregatableFields = Object.entries(browserFields).reduce<BrowserFields>(
+    (groupAcc, [groupName, groupValue]) => {
+      return {
+        ...groupAcc,
+        [groupName]: {
+          fields: Object.entries(groupValue.fields ?? {}).reduce<Partial<BrowserField>>(
+            (fieldAcc, [fieldName, fieldValue]) => {
+              if (fieldValue.aggregatable === true) {
+                return { ...fieldAcc, [fieldName]: fieldValue };
+              }
+              return fieldAcc;
+            },
+            {}
+          ),
+        } as Partial<BrowserField>,
+      };
+    },
+    {}
+  );
+
   const [
     threatIndexPatternsLoading,
     { browserFields: threatBrowserFields, indexPatterns: threatIndexPatterns },
@@ -262,12 +282,12 @@ const StepDefineRuleComponent: FC<StepDefineRuleProps> = ({
   const ThresholdInputChildren = useCallback(
     ({ thresholdField, thresholdValue }) => (
       <ThresholdInput
-        browserFields={browserFields}
+        browserFields={aggregatableFields}
         thresholdField={thresholdField}
         thresholdValue={thresholdValue}
       />
     ),
-    [browserFields]
+    [aggregatableFields]
   );
 
   const ThreatMatchInputChildren = useCallback(