elasticmachine
commented
1 year ago Pinging @elastic/response-ops (Team:ResponseOps)
Open ymao1 opened 1 year ago
elasticmachine
commented
1 year ago Pinging @elastic/response-ops (Team:ResponseOps)
ymao1
commented
1 year ago
As part of the new Alerts API, we should investigate whether we can generate context and state variables from the information stored inside the alerts as data documents to maintain backwards compatibility for all rule types. Currently, rule type executors explicitly set context and state variables when creating an alert. With the new API, they will be setting fields within the alert documents. We should provide a way for rule types to specify a converter function that takes an alert document with the generic FAAD schema and returns context and state variables. This way we can move closer to deprecating the AlertFactory.