Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Alerting] Make full Alert<Params> object accessible in Alert executors #95843

Closed
marshallmain opened this issue Mar 30, 2021 · 1 comment · Fixed by #99819
Closed

[Alerting] Make full Alert<Params> object accessible in Alert executors #95843

marshallmain opened this issue Mar 30, 2021 · 1 comment · Fixed by #99819
Assignees
Labels
Feature:Alerting Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams)

Comments

@marshallmain
Copy link
Contributor

Describe the feature:
Currently the Alert executor options include

  alertId: string;
  startedAt: Date;
  previousStartedAt: Date | null;
  services: AlertServices<InstanceState, InstanceContext, ActionGroupIds>;
  params: Params;
  state: State;
  spaceId: string;
  namespace?: string;
  name: string;
  tags: string[];
  createdBy: string | null;
  updatedBy: string | null;

however the full Alert object is not directly accessible in the executor. Thus the Alert fields actions, createdAt, updatedAt, and schedule.interval can't be retrieved without using the saved objects client to get the raw alert SO. However, using the saved objects client like this exposes executor functions to more internals of how the Alerting framework is implemented. It would be useful to pass in Alert<Params> rather than just the Params and safer than using the SO client.

Describe a specific use case for the feature:
In the security solution we record the state of the Alert at the time of execution in all signal documents that we write to .siem-signals.

@marshallmain marshallmain added Feature:Alerting Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) labels Mar 30, 2021
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-alerting-services (Team:Alerting Services)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Feature:Alerting Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams)
Projects
None yet
Development

Successfully merging a pull request may close this issue.

4 participants