[RAC] [Observability] Use simpler alert severity level mapping

packages/kbn-rule-data-utils/src/technical_field_names.ts

@@ -32,8 +32,6 @@ const ALERT_ID = `${ALERT_NAMESPACE}.id` as const;
 const ALERT_REASON = `${ALERT_NAMESPACE}.reason` as const;
 const ALERT_RISK_SCORE = `${ALERT_NAMESPACE}.risk_score` as const;
 const ALERT_SEVERITY = `${ALERT_NAMESPACE}.severity` as const;
-const ALERT_SEVERITY_LEVEL = `${ALERT_NAMESPACE}.severity.level` as const;
-const ALERT_SEVERITY_VALUE = `${ALERT_NAMESPACE}.severity.value` as const;
 const ALERT_START = `${ALERT_NAMESPACE}.start` as const;
 const ALERT_STATUS = `${ALERT_NAMESPACE}.status` as const;
 const ALERT_SYSTEM_STATUS = `${ALERT_NAMESPACE}.system_status` as const;
@@ -127,8 +125,6 @@ const fields = {
   ALERT_RULE_VERSION,
   ALERT_START,
   ALERT_SEVERITY,
-  ALERT_SEVERITY_LEVEL,
-  ALERT_SEVERITY_VALUE,
   ALERT_STATUS,
   ALERT_SYSTEM_STATUS,
   ALERT_UUID,
@@ -183,8 +179,6 @@ export {
   ALERT_RULE_VERSION,
   ALERT_RULE_SEVERITY,
   ALERT_SEVERITY,
-  ALERT_SEVERITY_LEVEL,
-  ALERT_SEVERITY_VALUE,
   ALERT_START,
   ALERT_SYSTEM_STATUS,
   ALERT_UUID,

x-pack/plugins/apm/public/components/alerting/register_apm_alerts.ts

@@ -11,12 +11,12 @@ import { stringify } from 'querystring';
 import type {
   ALERT_EVALUATION_THRESHOLD as ALERT_EVALUATION_THRESHOLD_TYPED,
   ALERT_EVALUATION_VALUE as ALERT_EVALUATION_VALUE_TYPED,
-  ALERT_SEVERITY_LEVEL as ALERT_SEVERITY_LEVEL_TYPED,
+  ALERT_SEVERITY as ALERT_SEVERITY_TYPED,
 } from '@kbn/rule-data-utils';
 import {
   ALERT_EVALUATION_THRESHOLD as ALERT_EVALUATION_THRESHOLD_NON_TYPED,
   ALERT_EVALUATION_VALUE as ALERT_EVALUATION_VALUE_NON_TYPED,
-  ALERT_SEVERITY_LEVEL as ALERT_SEVERITY_LEVEL_NON_TYPED,
+  ALERT_SEVERITY as ALERT_SEVERITY_NON_TYPED,
   // @ts-expect-error
 } from '@kbn/rule-data-utils/target_node/technical_field_names';
 import type { ObservabilityRuleTypeRegistry } from '../../../../observability/public';
@@ -36,7 +36,7 @@ const TRANSACTION_TYPE = 'transaction.type';
 
 const ALERT_EVALUATION_THRESHOLD: typeof ALERT_EVALUATION_THRESHOLD_TYPED = ALERT_EVALUATION_THRESHOLD_NON_TYPED;
 const ALERT_EVALUATION_VALUE: typeof ALERT_EVALUATION_VALUE_TYPED = ALERT_EVALUATION_VALUE_NON_TYPED;
-const ALERT_SEVERITY_LEVEL: typeof ALERT_SEVERITY_LEVEL_TYPED = ALERT_SEVERITY_LEVEL_NON_TYPED;
+const ALERT_SEVERITY: typeof ALERT_SEVERITY_TYPED = ALERT_SEVERITY_NON_TYPED;
 
 const format = ({
   pathname,
@@ -211,7 +211,7 @@ export function registerApmAlerts(
     format: ({ fields }) => ({
       reason: formatTransactionDurationAnomalyReason({
         serviceName: String(fields[SERVICE_NAME][0]),
-        severityLevel: String(fields[ALERT_SEVERITY_LEVEL]),
+        severityLevel: String(fields[ALERT_SEVERITY]),
         measured: Number(fields[ALERT_EVALUATION_VALUE]),
       }),
       link: format({

x-pack/plugins/apm/public/components/shared/charts/helper/get_alert_annotations.test.tsx

@@ -13,7 +13,7 @@ import {
   ALERT_ID,
   ALERT_RULE_PRODUCER,
   ALERT_RULE_CONSUMER,
-  ALERT_SEVERITY_LEVEL,
+  ALERT_SEVERITY,
   ALERT_START,
   ALERT_STATUS,
   ALERT_UUID,
@@ -163,7 +163,7 @@ describe('getAlertAnnotations', () => {
   describe('with an alert with a warning severity', () => {
     const warningAlert: Alert = {
       ...alert,
-      [ALERT_SEVERITY_LEVEL]: ['warning'],
+      [ALERT_SEVERITY]: ['warning'],
     };
 
     it('uses the warning color', () => {
@@ -196,7 +196,7 @@ describe('getAlertAnnotations', () => {
   describe('with an alert with a critical severity', () => {
     const criticalAlert: Alert = {
       ...alert,
-      [ALERT_SEVERITY_LEVEL]: ['critical'],
+      [ALERT_SEVERITY]: ['critical'],
     };
 
     it('uses the critical color', () => {

x-pack/plugins/apm/public/components/shared/charts/helper/get_alert_annotations.tsx

@@ -14,15 +14,15 @@ import { EuiButtonIcon } from '@elastic/eui';
 import { i18n } from '@kbn/i18n';
 import type {
   ALERT_DURATION as ALERT_DURATION_TYPED,
-  ALERT_SEVERITY_LEVEL as ALERT_SEVERITY_LEVEL_TYPED,
+  ALERT_SEVERITY as ALERT_SEVERITY_TYPED,
   ALERT_START as ALERT_START_TYPED,
   ALERT_UUID as ALERT_UUID_TYPED,
   ALERT_RULE_TYPE_ID as ALERT_RULE_TYPE_ID_TYPED,
   ALERT_RULE_NAME as ALERT_RULE_NAME_TYPED,
 } from '@kbn/rule-data-utils';
 import {
   ALERT_DURATION as ALERT_DURATION_NON_TYPED,
-  ALERT_SEVERITY_LEVEL as ALERT_SEVERITY_LEVEL_NON_TYPED,
+  ALERT_SEVERITY as ALERT_SEVERITY_NON_TYPED,
   ALERT_START as ALERT_START_NON_TYPED,
   ALERT_UUID as ALERT_UUID_NON_TYPED,
   ALERT_RULE_TYPE_ID as ALERT_RULE_TYPE_ID_NON_TYPED,
@@ -38,7 +38,7 @@ import { asDuration, asPercent } from '../../../../../common/utils/formatters';
 import { APIReturnType } from '../../../../services/rest/createCallApmApi';
 
 const ALERT_DURATION: typeof ALERT_DURATION_TYPED = ALERT_DURATION_NON_TYPED;
-const ALERT_SEVERITY_LEVEL: typeof ALERT_SEVERITY_LEVEL_TYPED = ALERT_SEVERITY_LEVEL_NON_TYPED;
+const ALERT_SEVERITY: typeof ALERT_SEVERITY_TYPED = ALERT_SEVERITY_NON_TYPED;
 const ALERT_START: typeof ALERT_START_TYPED = ALERT_START_NON_TYPED;
 const ALERT_UUID: typeof ALERT_UUID_TYPED = ALERT_UUID_NON_TYPED;
 const ALERT_RULE_TYPE_ID: typeof ALERT_RULE_TYPE_ID_TYPED = ALERT_RULE_TYPE_ID_NON_TYPED;
@@ -119,7 +119,7 @@ export function getAlertAnnotations({
       new Date(parsed[ALERT_START]!).getTime()
     );
     const end = start + parsed[ALERT_DURATION]! / 1000;
-    const severityLevel = parsed[ALERT_SEVERITY_LEVEL];
+    const severityLevel = parsed[ALERT_SEVERITY];
     const color = getAlertColor({ severityLevel, theme });
     const header = getAlertHeader({ severityLevel });
     const formatter = getFormatter(parsed[ALERT_RULE_TYPE_ID]!);

x-pack/plugins/apm/public/components/shared/charts/latency_chart/latency_chart.stories.tsx

@@ -11,7 +11,7 @@ import {
   ALERT_RULE_TYPE_ID,
   ALERT_EVALUATION_VALUE,
   ALERT_ID,
-  ALERT_SEVERITY_LEVEL,
+  ALERT_SEVERITY,
   ALERT_START,
   ALERT_STATUS,
   ALERT_UUID,
@@ -158,7 +158,7 @@ Example.args = {
         tags: ['apm', 'service.name:frontend-rum'],
         'transaction.type': ['page-load'],
         [ALERT_RULE_PRODUCER]: ['apm'],
-        [ALERT_SEVERITY_LEVEL]: ['warning'],
+        [ALERT_SEVERITY]: ['warning'],
         [ALERT_UUID]: ['af2ae371-df79-4fca-b0eb-a2dbd9478181'],
         [ALERT_RULE_UUID]: ['82e0ee40-c2f4-11eb-9a42-a9da66a1722f'],
         'event.action': ['active'],
@@ -180,7 +180,7 @@ Example.args = {
         tags: ['apm', 'service.name:frontend-rum'],
         'transaction.type': ['page-load'],
         [ALERT_RULE_PRODUCER]: ['apm'],
-        [ALERT_SEVERITY_LEVEL]: ['critical'],
+        [ALERT_SEVERITY]: ['critical'],
         [ALERT_UUID]: ['af2ae371-df79-4fca-b0eb-a2dbd9478182'],
         [ALERT_RULE_UUID]: ['82e0ee40-c2f4-11eb-9a42-a9da66a1722f'],
         'event.action': ['active'],

x-pack/plugins/apm/server/lib/alerts/register_transaction_duration_anomaly_alert_type.ts

@@ -12,15 +12,13 @@ import { QueryDslQueryContainer } from '@elastic/elasticsearch/api/types';
 import type {
   ALERT_EVALUATION_THRESHOLD as ALERT_EVALUATION_THRESHOLD_TYPED,
   ALERT_EVALUATION_VALUE as ALERT_EVALUATION_VALUE_TYPED,
-  ALERT_SEVERITY_LEVEL as ALERT_SEVERITY_LEVEL_TYPED,
-  ALERT_SEVERITY_VALUE as ALERT_SEVERITY_VALUE_TYPED,
+  ALERT_SEVERITY as ALERT_SEVERITY_TYPED,
   ALERT_REASON as ALERT_REASON_TYPED,
 } from '@kbn/rule-data-utils';
 import {
   ALERT_EVALUATION_THRESHOLD as ALERT_EVALUATION_THRESHOLD_NON_TYPED,
   ALERT_EVALUATION_VALUE as ALERT_EVALUATION_VALUE_NON_TYPED,
-  ALERT_SEVERITY_LEVEL as ALERT_SEVERITY_LEVEL_NON_TYPED,
-  ALERT_SEVERITY_VALUE as ALERT_SEVERITY_VALUE_NON_TYPED,
+  ALERT_SEVERITY as ALERT_SEVERITY_NON_TYPED,
   ALERT_REASON as ALERT_REASON_NON_TYPED,
   // @ts-expect-error
 } from '@kbn/rule-data-utils/target_node/technical_field_names';
@@ -51,8 +49,7 @@ import {
 
 const ALERT_EVALUATION_THRESHOLD: typeof ALERT_EVALUATION_THRESHOLD_TYPED = ALERT_EVALUATION_THRESHOLD_NON_TYPED;
 const ALERT_EVALUATION_VALUE: typeof ALERT_EVALUATION_VALUE_TYPED = ALERT_EVALUATION_VALUE_NON_TYPED;
-const ALERT_SEVERITY_LEVEL: typeof ALERT_SEVERITY_LEVEL_TYPED = ALERT_SEVERITY_LEVEL_NON_TYPED;
-const ALERT_SEVERITY_VALUE: typeof ALERT_SEVERITY_VALUE_TYPED = ALERT_SEVERITY_VALUE_NON_TYPED;
+const ALERT_SEVERITY: typeof ALERT_SEVERITY_TYPED = ALERT_SEVERITY_NON_TYPED;
 const ALERT_REASON: typeof ALERT_REASON_TYPED = ALERT_REASON_NON_TYPED;
 
 const paramsSchema = schema.object({
@@ -258,8 +255,7 @@ export function registerTransactionDurationAnomalyAlertType({
                 ...getEnvironmentEsField(environment),
                 [TRANSACTION_TYPE]: transactionType,
                 [PROCESSOR_EVENT]: ProcessorEvent.transaction,
-                [ALERT_SEVERITY_LEVEL]: severityLevel,
-                [ALERT_SEVERITY_VALUE]: score,
+                [ALERT_SEVERITY]: severityLevel,
                 [ALERT_EVALUATION_VALUE]: score,
                 [ALERT_EVALUATION_THRESHOLD]: threshold,
                 [ALERT_REASON]: formatTransactionDurationAnomalyReason({

x-pack/plugins/observability/public/pages/alerts/example_data.ts

@@ -9,8 +9,7 @@ import {
   ALERT_DURATION,
   ALERT_END,
   ALERT_ID,
-  ALERT_SEVERITY_LEVEL,
-  ALERT_SEVERITY_VALUE,
+  ALERT_SEVERITY,
   ALERT_RULE_TYPE_ID,
   ALERT_START,
   ALERT_STATUS,
@@ -28,7 +27,7 @@ export const apmAlertResponseExample = [
     [ALERT_RULE_NAME]: ['Error count threshold | opbeans-java (smith test)'],
     [ALERT_DURATION]: [180057000],
     [ALERT_STATUS]: ['open'],
-    [ALERT_SEVERITY_LEVEL]: ['warning'],
+    [ALERT_SEVERITY]: ['warning'],
     tags: ['apm', 'service.name:opbeans-java'],
     [ALERT_UUID]: ['0175ec0a-a3b1-4d41-b557-e21c2d024352'],
     [ALERT_RULE_UUID]: ['474920d0-93e9-11eb-ac86-0b455460de81'],
@@ -123,21 +122,13 @@ export const dynamicIndexPattern = {
       readFromDocValues: true,
     },
     {
-      name: ALERT_SEVERITY_LEVEL,
+      name: ALERT_SEVERITY,
       type: 'string',
       esTypes: ['keyword'],
       searchable: true,
       aggregatable: true,
       readFromDocValues: true,
     },
-    {
-      name: ALERT_SEVERITY_VALUE,
-      type: 'number',
-      esTypes: ['long'],
-      searchable: true,
-      aggregatable: true,
-      readFromDocValues: true,
-    },
     {
       name: ALERT_START,
       type: 'date',

x-pack/plugins/observability/public/pages/alerts/render_cell_value.tsx

@@ -14,13 +14,13 @@ import React, { useEffect } from 'react';
  */
 import type {
   ALERT_DURATION as ALERT_DURATION_TYPED,
-  ALERT_SEVERITY_LEVEL as ALERT_SEVERITY_LEVEL_TYPED,
+  ALERT_SEVERITY as ALERT_SEVERITY_TYPED,
   ALERT_STATUS as ALERT_STATUS_TYPED,
   ALERT_REASON as ALERT_REASON_TYPED,
 } from '@kbn/rule-data-utils';
 import {
   ALERT_DURATION as ALERT_DURATION_NON_TYPED,
-  ALERT_SEVERITY_LEVEL as ALERT_SEVERITY_LEVEL_NON_TYPED,
+  ALERT_SEVERITY as ALERT_SEVERITY_NON_TYPED,
   ALERT_STATUS as ALERT_STATUS_NON_TYPED,
   ALERT_REASON as ALERT_REASON_NON_TYPED,
   TIMESTAMP,
@@ -37,7 +37,7 @@ import { usePluginContext } from '../../hooks/use_plugin_context';
 import { useTheme } from '../../hooks/use_theme';
 
 const ALERT_DURATION: typeof ALERT_DURATION_TYPED = ALERT_DURATION_NON_TYPED;
-const ALERT_SEVERITY_LEVEL: typeof ALERT_SEVERITY_LEVEL_TYPED = ALERT_SEVERITY_LEVEL_NON_TYPED;
+const ALERT_SEVERITY: typeof ALERT_SEVERITY_TYPED = ALERT_SEVERITY_NON_TYPED;
 const ALERT_STATUS: typeof ALERT_STATUS_TYPED = ALERT_STATUS_NON_TYPED;
 const ALERT_REASON: typeof ALERT_REASON_TYPED = ALERT_REASON_NON_TYPED;
 
@@ -118,7 +118,7 @@ export const getRenderCellValue = ({
         return <TimestampTooltip time={new Date(value ?? '').getTime()} timeUnit="milliseconds" />;
       case ALERT_DURATION:
         return asDuration(Number(value));
-      case ALERT_SEVERITY_LEVEL:
+      case ALERT_SEVERITY:
         return <SeverityBadge severityLevel={value ?? undefined} />;
       case ALERT_REASON:
         const dataFieldEs = data.reduce((acc, d) => ({ ...acc, [d.field]: d.value }), {});

x-pack/plugins/rule_registry/common/assets/field_maps/technical_rule_field_map.ts

@@ -25,8 +25,7 @@ export const technicalRuleFieldMap = {
   [Fields.ALERT_START]: { type: 'date' },
   [Fields.ALERT_END]: { type: 'date' },
   [Fields.ALERT_DURATION]: { type: 'long' },
-  [Fields.ALERT_SEVERITY_LEVEL]: { type: 'keyword' },
-  [Fields.ALERT_SEVERITY_VALUE]: { type: 'long' },
+  [Fields.ALERT_SEVERITY]: { type: 'keyword' },
   [Fields.ALERT_STATUS]: { type: 'keyword' },
   [Fields.ALERT_EVALUATION_THRESHOLD]: { type: 'scaled_float', scaling_factor: 100 },
   [Fields.ALERT_EVALUATION_VALUE]: { type: 'scaled_float', scaling_factor: 100 },

x-pack/plugins/uptime/server/lib/alerts/duration_anomaly.test.ts

@@ -5,8 +5,7 @@
  * 2.0.
  */
 import {
-  ALERT_SEVERITY_LEVEL,
-  ALERT_SEVERITY_VALUE,
+  ALERT_SEVERITY,
   ALERT_EVALUATION_VALUE,
   ALERT_EVALUATION_THRESHOLD,
   ALERT_REASON,
@@ -171,8 +170,7 @@ describe('duration anomaly alert', () => {
             'observer.geo.name': anomaly.entityValue,
             [ALERT_EVALUATION_VALUE]: anomaly.actualSort,
             [ALERT_EVALUATION_THRESHOLD]: anomaly.typicalSort,
-            [ALERT_SEVERITY_LEVEL]: getSeverityType(anomaly.severity),
-            [ALERT_SEVERITY_VALUE]: anomaly.severity,
+            [ALERT_SEVERITY]: getSeverityType(anomaly.severity),
             [ALERT_REASON]: `Abnormal (${getSeverityType(
               anomaly.severity
             )} level) response time detected on uptime-monitor with url ${

x-pack/plugins/uptime/server/lib/alerts/duration_anomaly.ts

@@ -8,8 +8,7 @@ import { KibanaRequest, SavedObjectsClientContract } from 'kibana/server';
 import moment from 'moment';
 import { schema } from '@kbn/config-schema';
 import {
-  ALERT_SEVERITY_LEVEL,
-  ALERT_SEVERITY_VALUE,
+  ALERT_SEVERITY,
   ALERT_EVALUATION_VALUE,
   ALERT_EVALUATION_THRESHOLD,
   ALERT_REASON,
@@ -135,8 +134,7 @@ export const durationAnomalyAlertFactory: UptimeAlertTypeFactory<ActionGroupIds>
             'anomaly.bucket_span.minutes': summary.bucketSpan,
             [ALERT_EVALUATION_VALUE]: anomaly.actualSort,
             [ALERT_EVALUATION_THRESHOLD]: anomaly.typicalSort,
-            [ALERT_SEVERITY_LEVEL]: summary.severity,
-            [ALERT_SEVERITY_VALUE]: summary.severityScore,
+            [ALERT_SEVERITY]: summary.severity,
             [ALERT_REASON]: generateAlertMessage(
               CommonDurationAnomalyTranslations.defaultActionMessage,
               summary

x-pack/plugins/uptime/server/lib/alerts/status_check.test.ts

@@ -4,7 +4,7 @@
  * 2.0; you may not use this file except in compliance with the Elastic License
  * 2.0.
  */
-import { ALERT_REASON, ALERT_SEVERITY_WARNING, ALERT_SEVERITY_LEVEL } from '@kbn/rule-data-utils';
+import { ALERT_REASON, ALERT_SEVERITY_WARNING, ALERT_SEVERITY } from '@kbn/rule-data-utils';
 import {
   generateFilterDSL,
   hasFilters,
@@ -75,7 +75,7 @@ const mockStatusAlertDocument = (
       [ALERT_REASON]: `Monitor first with url ${monitorInfo?.url?.full} is down from ${
         monitorInfo.observer?.geo?.name
       }. The latest error message is ${monitorInfo.error?.message || ''}`,
-      [ALERT_SEVERITY_LEVEL]: ALERT_SEVERITY_WARNING,
+      [ALERT_SEVERITY]: ALERT_SEVERITY_WARNING,
     },
     id: getInstanceId(
       monitorInfo,
@@ -96,7 +96,7 @@ const mockAvailabilityAlertDocument = (monitor: GetMonitorAvailabilityResult) =>
       )}% availability expected is 99.34% from ${
         monitorInfo.observer?.geo?.name
       }. The latest error message is ${monitorInfo.error?.message || ''}`,
-      [ALERT_SEVERITY_LEVEL]: ALERT_SEVERITY_WARNING,
+      [ALERT_SEVERITY]: ALERT_SEVERITY_WARNING,
     },
     id: getInstanceId(monitorInfo, `${monitorInfo?.monitor.id}-${monitorInfo.observer?.geo?.name}`),
   };

x-pack/plugins/uptime/server/lib/alerts/status_check.ts

@@ -7,7 +7,7 @@
 import { min } from 'lodash';
 import datemath from '@elastic/datemath';
 import { schema } from '@kbn/config-schema';
-import { ALERT_SEVERITY_WARNING, ALERT_SEVERITY_LEVEL } from '@kbn/rule-data-utils';
+import { ALERT_SEVERITY_WARNING, ALERT_SEVERITY } from '@kbn/rule-data-utils';
 import { i18n } from '@kbn/i18n';
 import { JsonObject } from '@kbn/utility-types';
 import { fromKueryExpression, toElasticsearchQuery } from '@kbn/es-query';
@@ -159,7 +159,7 @@ export const getMonitorAlertDocument = (monitorSummary: Record<string, string |
   'observer.geo.name': monitorSummary.observerLocation,
   'error.message': monitorSummary.latestErrorMessage,
   'agent.name': monitorSummary.observerHostname,
-  [ALERT_SEVERITY_LEVEL]: ALERT_SEVERITY_WARNING,
+  [ALERT_SEVERITY]: ALERT_SEVERITY_WARNING,
   [ALERT_REASON]: monitorSummary.reason,
 });
 

x-pack/plugins/uptime/server/lib/alerts/tls.test.ts

@@ -5,7 +5,7 @@
  * 2.0.
  */
 import moment from 'moment';
-import { ALERT_SEVERITY_WARNING, ALERT_SEVERITY_LEVEL } from '@kbn/rule-data-utils';
+import { ALERT_SEVERITY_WARNING, ALERT_SEVERITY } from '@kbn/rule-data-utils';
 import { tlsAlertFactory, getCertSummary, DEFAULT_SIZE } from './tls';
 import { TLS } from '../../../common/constants/alerts';
 import { CertResult, DynamicSettings } from '../../../common/runtime_types';
@@ -116,7 +116,7 @@ describe('tls alert', () => {
             'tls.server.x509.not_after': cert.not_after,
             'tls.server.x509.not_before': cert.not_before,
             'tls.server.hash.sha256': cert.sha256,
-            [ALERT_SEVERITY_LEVEL]: ALERT_SEVERITY_WARNING,
+            [ALERT_SEVERITY]: ALERT_SEVERITY_WARNING,
           }),
           id: `${cert.common_name}-${cert.issuer?.replace(/\s/g, '_')}-${cert.sha256}`,
         });

x-pack/plugins/uptime/server/lib/alerts/tls.ts

@@ -6,7 +6,7 @@
  */
 import moment from 'moment';
 import { schema } from '@kbn/config-schema';
-import { ALERT_REASON, ALERT_SEVERITY_WARNING, ALERT_SEVERITY_LEVEL } from '@kbn/rule-data-utils';
+import { ALERT_REASON, ALERT_SEVERITY_WARNING, ALERT_SEVERITY } from '@kbn/rule-data-utils';
 import { UptimeAlertTypeFactory } from './types';
 import { updateState, generateAlertMessage } from './common';
 import { TLS } from '../../../common/constants/alerts';
@@ -172,7 +172,7 @@ export const tlsAlertFactory: UptimeAlertTypeFactory<ActionGroupIds> = (_server,
             'tls.server.x509.not_after': cert.not_after,
             'tls.server.x509.not_before': cert.not_before,
             'tls.server.hash.sha256': cert.sha256,
-            [ALERT_SEVERITY_LEVEL]: ALERT_SEVERITY_WARNING,
+            [ALERT_SEVERITY]: ALERT_SEVERITY_WARNING,
             [ALERT_REASON]: generateAlertMessage(TlsTranslations.defaultActionMessage, summary),
           },
         });