elastic · dominiqueclarke · Jul 16, 2021 · Apr 30, 2021 · May 3, 2021 · May 6, 2021
diff --git a/x-pack/plugins/rule_registry/server/index.ts b/x-pack/plugins/rule_registry/server/index.ts
@@ -14,13 +14,17 @@ export type { RacRequestHandlerContext, RacApiRequestHandlerContext } from './ty
 export { RuleDataClient } from './rule_data_client';
 export { IRuleDataClient } from './rule_data_client/types';
 export { getRuleExecutorData, RuleExecutorData } from './utils/get_rule_executor_data';
-export { createLifecycleRuleTypeFactory } from './utils/create_lifecycle_rule_type_factory';
+export {
+  createLifecycleRuleTypeFactory,
+  LifecycleAlertService,
+} from './utils/create_lifecycle_rule_type_factory';
 export {
   LifecycleRuleExecutor,
   LifecycleAlertServices,
   createLifecycleExecutor,
 } from './utils/create_lifecycle_executor';
 export { createPersistenceRuleTypeFactory } from './utils/create_persistence_rule_type_factory';
+export type { AlertTypeWithExecutor } from './types';
 
 export const plugin = (initContext: PluginInitializerContext) =>
   new RuleRegistryPlugin(initContext);
diff --git a/x-pack/plugins/rule_registry/server/utils/create_lifecycle_rule_type_factory.ts b/x-pack/plugins/rule_registry/server/utils/create_lifecycle_rule_type_factory.ts
@@ -16,10 +16,13 @@ import { AlertInstance } from '../../../alerting/server';
 import { AlertTypeWithExecutor } from '../types';
 import { createLifecycleExecutor } from './create_lifecycle_executor';
 
-export type LifecycleAlertService<TAlertInstanceContext extends Record<string, unknown>> = (alert: {
+export type LifecycleAlertService<
+  TAlertInstanceContext extends Record<string, unknown>,
+  TActionGroupIds extends string = string
+> = (alert: {
   id: string;
   fields: Record<string, unknown>;
-}) => AlertInstance<AlertInstanceState, TAlertInstanceContext, string>;
+}) => AlertInstance<AlertInstanceState, TAlertInstanceContext, TActionGroupIds>;
 
 export const createLifecycleRuleTypeFactory = ({
   logger,

diff --git a/x-pack/plugins/rule_registry/server/utils/rbac.ts b/x-pack/plugins/rule_registry/server/utils/rbac.ts
@@ -19,6 +19,7 @@ export const mapConsumerToIndexName = {
   infrastructure: '.alerts-observability.metrics',
   observability: '.alerts-observability',
   siem: ['.alerts-security.alerts', '.siem-signals'],
+  synthetics: '.alerts-observability-synthetics',
 };
 export type ValidFeatureId = keyof typeof mapConsumerToIndexName;
 

diff --git a/x-pack/plugins/uptime/common/rules/uptime_rule_field_map.ts b/x-pack/plugins/uptime/common/rules/uptime_rule_field_map.ts
@@ -0,0 +1,60 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export const uptimeRuleFieldMap = {
+  // common fields
+  'monitor.id': {
+    type: 'keyword',
+  },
+  'url.full': {
+    type: 'keyword',
+  },
+  'observer.geo.name': {
+    type: 'keyword',
+  },
+  reason: {
+    type: 'text',
+  },
+  // monitor status alert fields
+  'error.message': {
+    type: 'text',
+  },
+  'agent.name': {
+    type: 'keyword',
+  },
+  'monitor.name': {
+    type: 'keyword',
+  },
+  'monitor.type': {
+    type: 'keyword',
+  },
+  // tls alert fields
+  'tls.server.x509.issuer.common_name': {
+    type: 'keyword',
+  },
+  'tls.server.x509.subject.common_name': {
+    type: 'keyword',
+  },
+  'tls.server.x509.not_after': {
+    type: 'date',
+  },
+  'tls.server.x509.not_before': {
+    type: 'date',
+  },
+  'tls.server.hash.sha256': {
+    type: 'keyword',
+  },
+  // anomaly alert fields
+  'anomaly.start': {
+    type: 'date',
+  },
+  'anomaly.bucket_span.minutes': {
+    type: 'keyword',
+  },
+} as const;
+
+export type UptimeRuleFieldMap = typeof uptimeRuleFieldMap;
diff --git a/x-pack/plugins/uptime/common/translations.ts b/x-pack/plugins/uptime/common/translations.ts
@@ -37,3 +37,78 @@ export const MonitorStatusTranslations = {
     defaultMessage: 'Alert when a monitor is down or an availability threshold is breached.',
   }),
 };
+
+export const TlsTranslations = {
+  defaultActionMessage: i18n.translate('xpack.uptime.alerts.tls.legacy.defaultActionMessage', {
+    defaultMessage: `Detected TLS certificate {commonName} from issuer {issuer} is {status}. Certificate {summary}
+`,
+    values: {
+      commonName: '{{state.commonName}}',
+      issuer: '{{state.issuer}}',
+      summary: '{{state.summary}}',
+      status: '{{state.status}}',
+    },
+  }),
+  name: i18n.translate('xpack.uptime.alerts.tls.legacy.clientName', {
+    defaultMessage: 'Uptime TLS (Legacy)',
+  }),
+  description: i18n.translate('xpack.uptime.alerts.tls.legacy.description', {
+    defaultMessage:
+      'Alert when the TLS certificate of an Uptime monitor is about to expire. This alert will be deprecated in a future version.',
+  }),
+};
+
+export const TlsTranslationsLegacy = {
+  defaultActionMessage: i18n.translate('xpack.uptime.alerts.tls.defaultActionMessage', {
+    defaultMessage: `Detected {count} TLS certificates expiring or becoming too old.
+{expiringConditionalOpen}
+Expiring cert count: {expiringCount}
+Expiring Certificates: {expiringCommonNameAndDate}
+{expiringConditionalClose}
+{agingConditionalOpen}
+Aging cert count: {agingCount}
+Aging Certificates: {agingCommonNameAndDate}
+{agingConditionalClose}
+`,
+    values: {
+      count: '{{state.count}}',
+      expiringCount: '{{state.expiringCount}}',
+      expiringCommonNameAndDate: '{{state.expiringCommonNameAndDate}}',
+      expiringConditionalOpen: '{{#state.hasExpired}}',
+      expiringConditionalClose: '{{/state.hasExpired}}',
+      agingCount: '{{state.agingCount}}',
+      agingCommonNameAndDate: '{{state.agingCommonNameAndDate}}',
+      agingConditionalOpen: '{{#state.hasAging}}',
+      agingConditionalClose: '{{/state.hasAging}}',
+    },
+  }),
+  name: i18n.translate('xpack.uptime.alerts.tls.clientName', {
+    defaultMessage: 'Uptime TLS',
+  }),
+  description: i18n.translate('xpack.uptime.alerts.tls.description', {
+    defaultMessage: 'Alert when the TLS certificate of an Uptime monitor is about to expire.',
+  }),
+};
+
+export const DurationAnomalyTranslations = {
+  defaultActionMessage: i18n.translate('xpack.uptime.alerts.durationAnomaly.defaultActionMessage', {
+    defaultMessage: `Abnormal ({severity} level) response time detected on {monitor} with url {monitorUrl} at {anomalyStartTimestamp}. Anomaly severity score is {severityScore}.
+Response times as high as {slowestAnomalyResponse} have been detected from location {observerLocation}. Expected response time is {expectedResponseTime}.`,
+    values: {
+      severity: '{{state.severity}}',
+      anomalyStartTimestamp: '{{state.anomalyStartTimestamp}}',
+      monitor: '{{state.monitor}}',
+      monitorUrl: '{{{state.monitorUrl}}}',
+      slowestAnomalyResponse: '{{state.slowestAnomalyResponse}}',
+      expectedResponseTime: '{{state.expectedResponseTime}}',
+      severityScore: '{{state.severityScore}}',
+      observerLocation: '{{state.observerLocation}}',
+    },
+  }),
+  name: i18n.translate('xpack.uptime.alerts.durationAnomaly.clientName', {
+    defaultMessage: 'Uptime Duration Anomaly',
+  }),
+  description: i18n.translate('xpack.uptime.alerts.durationAnomaly.description', {
+    defaultMessage: 'Alert when the Uptime monitor duration is anaomalous.',
+  }),
+};
diff --git a/x-pack/plugins/uptime/kibana.json b/x-pack/plugins/uptime/kibana.json
@@ -1,24 +1,41 @@
 {
-  "configPath": ["xpack", "uptime"],
+  "configPath": [
+    "xpack",
+    "uptime"
+  ],
   "id": "uptime",
   "kibanaVersion": "kibana",
-  "optionalPlugins": ["data", "home", "ml", "fleet"],
+  "optionalPlugins": [
+    "data",
+    "home",
+    "ml",
+    "fleet"
+  ],
   "requiredPlugins": [
     "alerting",
     "embeddable",
     "features",
     "licensing",
     "triggersActionsUi",
     "usageCollection",
+    "ruleRegistry",
     "observability"
   ],
   "server": true,
   "ui": true,
   "version": "8.0.0",
-  "requiredBundles": ["observability", "kibanaReact", "kibanaUtils", "home", "data", "ml", "fleet"],
+  "requiredBundles": [
+    "observability",
+    "kibanaReact",
+    "kibanaUtils",
+    "home",
+    "data",
+    "ml",
+    "fleet"
+  ],
   "owner": {
     "name": "Uptime",
     "githubTeam": "uptime"
   },
   "description": "This plugin visualizes data from Synthetics and Heartbeat, and integrates with other Observability solutions."
-}
+}
diff --git a/x-pack/plugins/uptime/public/apps/plugin.ts b/x-pack/plugins/uptime/public/apps/plugin.ts
@@ -4,7 +4,6 @@
  * 2.0; you may not use this file except in compliance with the Elastic License
  * 2.0.
  */
-
 import {
   CoreSetup,
   CoreStart,
@@ -29,7 +28,7 @@ import {
   DataPublicPluginSetup,
   DataPublicPluginStart,
 } from '../../../../../src/plugins/data/public';
-import { alertTypeInitializers } from '../lib/alert_types';
+import { alertTypeInitializers, legacyAlertTypeInitializers } from '../lib/alert_types';
 import { FleetStart } from '../../../fleet/public';
 import {
   FetchDataParams,
@@ -141,6 +140,36 @@ export class UptimePlugin
       )
     );
 
+    const { observabilityRuleTypeRegistry } = plugins.observability;
+
+    core.getStartServices().then(([coreStart, clientPluginsStart]) => {
+      alertTypeInitializers.forEach((init) => {
+        const alertInitializer = init({
+          core: coreStart,
+          plugins: clientPluginsStart,
+        });
+        if (
+          clientPluginsStart.triggersActionsUi &&
+          !clientPluginsStart.triggersActionsUi.alertTypeRegistry.has(alertInitializer.id)
+        ) {
+          observabilityRuleTypeRegistry.register(alertInitializer);
+        }
+      });
+
+      legacyAlertTypeInitializers.forEach((init) => {
+        const alertInitializer = init({
+          core: coreStart,
+          plugins: clientPluginsStart,
+        });
+        if (
+          clientPluginsStart.triggersActionsUi &&
+          !clientPluginsStart.triggersActionsUi.alertTypeRegistry.has(alertInitializer.id)
+        ) {
+          plugins.triggersActionsUi.alertTypeRegistry.register(alertInitializer);
+        }
+      });
+    });
+
     core.application.register({
       id: PLUGIN.ID,
       euiIconType: 'logoObservability',
@@ -171,26 +200,12 @@ export class UptimePlugin
         const [coreStart, corePlugins] = await core.getStartServices();
 
         const { renderApp } = await import('./render_app');
-
         return renderApp(coreStart, plugins, corePlugins, params);
       },
     });
   }
 
   public start(start: CoreStart, plugins: ClientPluginsStart): void {
-    alertTypeInitializers.forEach((init) => {
-      const alertInitializer = init({
-        core: start,
-        plugins,
-      });
-      if (
-        plugins.triggersActionsUi &&
-        !plugins.triggersActionsUi.alertTypeRegistry.has(alertInitializer.id)
-      ) {
-        plugins.triggersActionsUi.alertTypeRegistry.register(alertInitializer);
-      }
-    });
-
     if (plugins.fleet) {
       const { registerExtension } = plugins.fleet;
 

diff --git a/x-pack/plugins/uptime/public/lib/alert_types/common.ts b/x-pack/plugins/uptime/public/lib/alert_types/common.ts
@@ -0,0 +1,40 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { stringify } from 'querystring';
+
+export const format = ({
+  pathname,
+  query,
+}: {
+  pathname: string;
+  query: Record<string, any>;
+}): string => {
+  return `${pathname}?${stringify(query)}`;
+};
+
+export const getMonitorRouteFromMonitorId = ({
+  monitorId,
+  dateRangeStart,
+  dateRangeEnd,
+  filters = {},
+}: {
+  monitorId: string;
+  dateRangeStart: string;
+  dateRangeEnd: string;
+  filters?: Record<string, string[]>;
+}) =>
+  format({
+    pathname: `/app/uptime/monitor/${btoa(monitorId)}`,
+    query: {
+      dateRangeEnd,
+      dateRangeStart,
+      ...(Object.keys(filters).length
+        ? { filters: JSON.stringify(Object.keys(filters).map((key) => [key, filters[key]])) }
+        : {}),
+    },
+  });
diff --git a/x-pack/plugins/uptime/public/lib/alert_types/duration_anomaly.tsx b/x-pack/plugins/uptime/public/lib/alert_types/duration_anomaly.tsx
@@ -6,18 +6,23 @@
  */
 
 import React from 'react';
-import { AlertTypeModel } from '../../../../triggers_actions_ui/public';
+import moment from 'moment';
+
 import { CLIENT_ALERT_TYPES } from '../../../common/constants/alerts';
-import { DurationAnomalyTranslations } from './translations';
+import { DurationAnomalyTranslations } from '../../../common/translations';
 import { AlertTypeInitializer } from '.';
 
+import { getMonitorRouteFromMonitorId } from './common';
+
+import { ObservabilityRuleTypeModel } from '../../../../observability/public';
+
 const { defaultActionMessage, description } = DurationAnomalyTranslations;
 const DurationAnomalyAlert = React.lazy(() => import('./lazy_wrapper/duration_anomaly'));
 
 export const initDurationAnomalyAlertType: AlertTypeInitializer = ({
   core,
   plugins,
-}): AlertTypeModel => ({
+}): ObservabilityRuleTypeModel => ({
   id: CLIENT_ALERT_TYPES.DURATION_ANOMALY,
   iconClass: 'uptimeApp',
   documentationUrl(docLinks) {
@@ -30,4 +35,13 @@ export const initDurationAnomalyAlertType: AlertTypeInitializer = ({
   validate: () => ({ errors: {} }),
   defaultActionMessage,
   requiresAppContext: true,
+  format: ({ fields }) => ({
+    reason: fields.reason,
+    link: getMonitorRouteFromMonitorId({
+      monitorId: fields['monitor.id']!,
+      dateRangeEnd:
+        fields['kibana.rac.alert.status'] === 'open' ? 'now' : fields['kibana.rac.alert.end']!,
+      dateRangeStart: moment(new Date(fields['anomaly.start']!)).subtract('5', 'm').toISOString(),
+    }),
+  }),
 });