[Cases] Add cases information to the alert's schema (#147013)

## Summary This PR adds case information to the alerts' schema. More information here: #146864. ### Checklist Delete any items that are not applicable to this PR. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios ### For maintainers - [x] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) Co-authored-by: Kibana Machine <[email protected]>
elastic · Dec 15, 2022 · 9fcb5d5 · 9fcb5d5
1 parent 14899ac
commit 9fcb5d5
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 0 deletions.
diff --git a/packages/kbn-rule-data-utils/src/technical_field_names.ts b/packages/kbn-rule-data-utils/src/technical_field_names.ts
@@ -51,6 +51,9 @@ const ALERT_SUPPRESSION_START = `${ALERT_SUPPRESSION_META}.start` as const;
 const ALERT_SUPPRESSION_END = `${ALERT_SUPPRESSION_META}.end` as const;
 const ALERT_SUPPRESSION_DOCS_COUNT = `${ALERT_SUPPRESSION_META}.docs_count` as const;
 
+// Fields pertaining to the cases associated with the alert
+const ALERT_CASE_IDS = `${ALERT_NAMESPACE}.case_ids` as const;
+
 // Fields pertaining to the rule associated with the alert
 const ALERT_RULE_AUTHOR = `${ALERT_RULE_NAMESPACE}.author` as const;
 const ALERT_RULE_CREATED_AT = `${ALERT_RULE_NAMESPACE}.created_at` as const;
@@ -129,6 +132,7 @@ const fields = {
   ALERT_RULE_PRODUCER,
   ALERT_REASON,
   ALERT_RISK_SCORE,
+  ALERT_CASE_IDS,
   ALERT_RULE_AUTHOR,
   ALERT_RULE_CREATED_AT,
   ALERT_RULE_CREATED_BY,
@@ -203,6 +207,7 @@ export {
   ALERT_WORKFLOW_REASON,
   ALERT_WORKFLOW_STATUS,
   ALERT_WORKFLOW_USER,
+  ALERT_CASE_IDS,
   ALERT_RULE_AUTHOR,
   ALERT_RULE_CREATED_AT,
   ALERT_RULE_CREATED_BY,

diff --git a/x-pack/plugins/rule_registry/common/assets/field_maps/technical_rule_field_map.test.ts b/x-pack/plugins/rule_registry/common/assets/field_maps/technical_rule_field_map.test.ts
@@ -37,6 +37,11 @@ it('matches snapshot', () => {
         "required": false,
         "type": "keyword",
       },
+      "kibana.alert.case_ids": Object {
+        "array": true,
+        "required": false,
+        "type": "keyword",
+      },
       "kibana.alert.duration.us": Object {
         "type": "long",
       },

diff --git a/x-pack/plugins/rule_registry/common/assets/field_maps/technical_rule_field_map.ts b/x-pack/plugins/rule_registry/common/assets/field_maps/technical_rule_field_map.ts
@@ -79,6 +79,11 @@ export const technicalRuleFieldMap = {
     array: false,
     required: false,
   },
+  [Fields.ALERT_CASE_IDS]: {
+    type: 'keyword',
+    array: true,
+    required: false,
+  },
   [Fields.ALERT_RULE_AUTHOR]: {
     type: 'keyword',
     array: false,