* Add aliases mapping signal fields to alerts as data fields
* Add aliases mapping alerts as data fields to signal fields
* Replace siem signals templates per space and add AAD index aliases to siem signals indices
* Remove first version of new mapping json file
* Convert existing legacy siem-signals templates to new ES templates
* Catch 404 if siem signals templates were already updated
* Enhance error message when index exists but is not write index for alias
* Check if alias write index exists before creating new write index
* More robust write target creation logic
* Add RBAC required fields for AAD to siem signals indices
* Fix index name in index mapping update
* Throw errors if bulk retry fails or existing indices are not writeable
* Add new template to routes even without experimental rule registry flag enabled
* Check template version before updating template
* First pass at modifying routes to handle inserting field aliases
* Always insert field aliases when create_index_route is called
* Update snapshot test
* Remove template update logic from plugin setup
* Use aliases_version field to detect if aliases need update
* Fix bugs
* oops update snapshot
* Use internal user for PUT alias to fix perms issue
* Update comment
* Disable new resource creation if ruleRegistryEnabled
* Only attempt to add aliases if siem-signals index already exists
* Fix types, add aliases to aad indices, use package field names
* Undo adding aliases to AAD indices
* Remove unused import
* Update test and snapshot oops
* Filter out kibana.* fields from generated signals
* Update cypress test to account for new fields in table
* Properly handle space ids with dashes in them
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
28084f858d