c77c7fbedb
An MVP of the RBAC work required for the "alerts as data" effort. An example of the existing implementation for alerts would be that of the security solution. The security solution stores its alerts generated from rules in a single data index - .siem-signals. In order to gain or restrict access to alerts, users do so by following the Elasticsearch privilege architecture. A user would need to go into the Kibana role access UI and give explicit read/write/manage permissions for the index itself. Kibana as a whole is moving away from this model and instead having all user interactions run through the Kibana privilege model. When solutions use saved objects, this authentication layer is abstracted away for them. Because we have chosen to use data indices for alerts, we cannot rely on this abstracted out layer that saved objects provide - we need to provide our own RBAC! Instead of giving users explicit permission to an alerts index, users are instead given access to features. They don't need to know anything about indices, that work we do under the covers now. Co-authored-by: Yara Tercero <yctercero@users.noreply.github.com> Co-authored-by: Yara Tercero <yara.tercero@elastic.co>
126 lines
4.1 KiB
TypeScript
126 lines
4.1 KiB
TypeScript
/*
|
|
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
|
|
* or more contributor license agreements. Licensed under the Elastic License
|
|
* 2.0; you may not use this file except in compliance with the Elastic License
|
|
* 2.0.
|
|
*/
|
|
|
|
import { i18n } from '@kbn/i18n';
|
|
import type { ValuesType } from 'utility-types';
|
|
import type { ActionGroup } from '../../alerting/common';
|
|
import { ANOMALY_SEVERITY, ANOMALY_THRESHOLD } from './ml_constants';
|
|
|
|
export const APM_SERVER_FEATURE_ID = 'apm';
|
|
|
|
export enum AlertType {
|
|
ErrorCount = 'apm.error_rate', // ErrorRate was renamed to ErrorCount but the key is kept as `error_rate` for backwards-compat.
|
|
TransactionErrorRate = 'apm.transaction_error_rate',
|
|
TransactionDuration = 'apm.transaction_duration',
|
|
TransactionDurationAnomaly = 'apm.transaction_duration_anomaly',
|
|
}
|
|
|
|
export const THRESHOLD_MET_GROUP_ID = 'threshold_met';
|
|
export type ThresholdMetActionGroupId = typeof THRESHOLD_MET_GROUP_ID;
|
|
const THRESHOLD_MET_GROUP: ActionGroup<ThresholdMetActionGroupId> = {
|
|
id: THRESHOLD_MET_GROUP_ID,
|
|
name: i18n.translate('xpack.apm.a.thresholdMet', {
|
|
defaultMessage: 'Threshold met',
|
|
}),
|
|
};
|
|
|
|
export const ALERT_TYPES_CONFIG: Record<
|
|
AlertType,
|
|
{
|
|
name: string;
|
|
actionGroups: Array<ActionGroup<ThresholdMetActionGroupId>>;
|
|
defaultActionGroupId: ThresholdMetActionGroupId;
|
|
minimumLicenseRequired: string;
|
|
isExportable: boolean;
|
|
producer: string;
|
|
}
|
|
> = {
|
|
[AlertType.ErrorCount]: {
|
|
name: i18n.translate('xpack.apm.errorCountAlert.name', {
|
|
defaultMessage: 'Error count threshold',
|
|
}),
|
|
actionGroups: [THRESHOLD_MET_GROUP],
|
|
defaultActionGroupId: THRESHOLD_MET_GROUP_ID,
|
|
minimumLicenseRequired: 'basic',
|
|
producer: APM_SERVER_FEATURE_ID,
|
|
isExportable: true,
|
|
},
|
|
[AlertType.TransactionDuration]: {
|
|
name: i18n.translate('xpack.apm.transactionDurationAlert.name', {
|
|
defaultMessage: 'Latency threshold',
|
|
}),
|
|
actionGroups: [THRESHOLD_MET_GROUP],
|
|
defaultActionGroupId: THRESHOLD_MET_GROUP_ID,
|
|
minimumLicenseRequired: 'basic',
|
|
producer: APM_SERVER_FEATURE_ID,
|
|
isExportable: true,
|
|
},
|
|
[AlertType.TransactionDurationAnomaly]: {
|
|
name: i18n.translate('xpack.apm.transactionDurationAnomalyAlert.name', {
|
|
defaultMessage: 'Latency anomaly',
|
|
}),
|
|
actionGroups: [THRESHOLD_MET_GROUP],
|
|
defaultActionGroupId: THRESHOLD_MET_GROUP_ID,
|
|
minimumLicenseRequired: 'basic',
|
|
producer: APM_SERVER_FEATURE_ID,
|
|
isExportable: true,
|
|
},
|
|
[AlertType.TransactionErrorRate]: {
|
|
name: i18n.translate('xpack.apm.transactionErrorRateAlert.name', {
|
|
defaultMessage: 'Transaction error rate threshold',
|
|
}),
|
|
actionGroups: [THRESHOLD_MET_GROUP],
|
|
defaultActionGroupId: THRESHOLD_MET_GROUP_ID,
|
|
minimumLicenseRequired: 'basic',
|
|
producer: APM_SERVER_FEATURE_ID,
|
|
isExportable: true,
|
|
},
|
|
};
|
|
|
|
export const ANOMALY_ALERT_SEVERITY_TYPES = [
|
|
{
|
|
type: ANOMALY_SEVERITY.CRITICAL,
|
|
label: i18n.translate('xpack.apm.alerts.anomalySeverity.criticalLabel', {
|
|
defaultMessage: 'critical',
|
|
}),
|
|
threshold: ANOMALY_THRESHOLD.CRITICAL,
|
|
},
|
|
{
|
|
type: ANOMALY_SEVERITY.MAJOR,
|
|
label: i18n.translate('xpack.apm.alerts.anomalySeverity.majorLabel', {
|
|
defaultMessage: 'major',
|
|
}),
|
|
threshold: ANOMALY_THRESHOLD.MAJOR,
|
|
},
|
|
{
|
|
type: ANOMALY_SEVERITY.MINOR,
|
|
label: i18n.translate('xpack.apm.alerts.anomalySeverity.minor', {
|
|
defaultMessage: 'minor',
|
|
}),
|
|
threshold: ANOMALY_THRESHOLD.MINOR,
|
|
},
|
|
{
|
|
type: ANOMALY_SEVERITY.WARNING,
|
|
label: i18n.translate('xpack.apm.alerts.anomalySeverity.warningLabel', {
|
|
defaultMessage: 'warning',
|
|
}),
|
|
threshold: ANOMALY_THRESHOLD.WARNING,
|
|
},
|
|
] as const;
|
|
|
|
export type AnomalyAlertSeverityType = ValuesType<
|
|
typeof ANOMALY_ALERT_SEVERITY_TYPES
|
|
>['type'];
|
|
|
|
// Server side registrations
|
|
// x-pack/plugins/apm/server/lib/alerts/<alert>.ts
|
|
// x-pack/plugins/apm/server/lib/alerts/register_apm_alerts.ts
|
|
|
|
// Client side registrations:
|
|
// x-pack/plugins/apm/public/components/alerting/<alert>/index.tsx
|
|
// x-pack/plugins/apm/public/components/alerting/register_apm_alerts
|