[RAM] Add support for aggregating over any params
to RulesClient
#159602
Labels
Feature:Alerting/RulesFramework
Issues related to the Alerting Rules Framework
Feature:Rule Management
Security Solution Detection Rule Management area
response-ops-mx-backlog
ResponseOps MX backlog
Team:Detection Rule Management
Security Detection Rule Management Team
Team:Detections and Resp
Security Detection Response Team
Team:ResponseOps
Label for the ResponseOps team (formerly the Cases and Alerting teams)
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
technical debt
Improvement of the software architecture and operational architecture
Summary
The
RulesClient.aggregate()
method should allow solutions to aggregate over any fields inside theparams
object.This is needed for various functionality in Security Solution, such as:
Details
Currently, this support is "added" via adding
alert.attributes.params.*
toALLOW_FIELDS
, but it doesn't work:kibana/x-pack/plugins/alerting/server/rules_client/lib/validate_rule_aggregation_fields.ts
Line 20 in e893133
The support for the
*
pattern should be added to thevalidateFields
function:kibana/x-pack/plugins/alerting/server/rules_client/lib/validate_rule_aggregation_fields.ts
Lines 61 to 73 in e893133
The text was updated successfully, but these errors were encountered: