[DOCS] Stack Management Alerts app (#184384)

docs/user/alerting/alerting-setup.asciidoc

@@ -48,18 +48,60 @@ For more information on the scalability of {alert-features}, go to
 [[alerting-security]]
 === Security
 
-If you want to use the {alert-features} in a {kib} app, you must have the appropriate feature privileges.
-For example, to create rules in *Discover* or *{stack-manage-app} > {rules-ui}*, you must have `all` privileges for the *Management > {stack-rules-feature}* feature.
-To add rule actions and test connectors, you must also have `read` privileges for the *{connectors-feature}* feature.
-To change rule settings, you must have `all` privileges for the *Rules Settings* privilege or `all` privileges for the appropriate sub-feature such as flapping detection.
-For more information on configuring roles that provide access to features, go to <<kibana-feature-privileges>>.
+To use {alert-features} in a {kib} app, you must have the appropriate feature privileges:
+
+[options="header"]
+|=== 
+
+| Action | {kib} privileges
+| Give full access to manage alerts, connectors, and rules in *{stack-manage-app}* or *Discover*
+a|
+* `All` for the *Management > {stack-rules-feature}* feature.
+* `All` for the *Management > Rules Settings* feature.
+* `All` for the *Management > {connectors-feature}* feature.
+* `Read` index privileges for the `.alerts-*` system indices
+
+[NOTE]
+====
+The *{connectors-feature}* feature privilege is required to manage connectors.
+To add rule actions and test connectors, you require only `Read` privileges.
+
+By default, `All` privileges for the *Rules Settings* feature include authority to edit flapping detection settings unless you customize the sub-feature privileges.
 
 preview:[] To create a rule that uses the <<cases-action-type,Cases connector>>, you must also have `all` privileges for the *Cases* feature.
 
-Each rule also has a rule visibility value (or `consumer` in the APIs), which affects the {kib} feature privileges that are required to access it.
-To view or edit a rule that has a `Stack Rules` rule visibility, for example, you must have the appropriate *Management > {stack-rules-feature}* feature privileges.
+The rule type also affects the privileges that are required.
+For example, to create or edit {ml} rules, you must have `all` privileges for the *Analytics > {ml-app}* feature.
+For {stack-monitor-app} rules, you must have the `monitoring_user` role.
+For {observability} rules, you must have `all` privileges for the appropriate {observability} features.
+For Security rules, refer to {security-guide}/detections-permissions-section.html[Detections prerequisites and requirements].
+====
 
-For details about the prerequisites required to run each API, refer to <<alerting-apis>>.
+| Give view-only access to alerts, connectors, and rules in  *{stack-manage-app}* or *Discover*
+a|
+* `Read` for the *Management > {stack-rules-feature}* feature.
+* `Read` for the *Management > Rules Settings* feature.
+* `Read` for the *Management > {connectors-feature}* feature.
+* `Read` index privileges for the `.alerts-*` system indices
+
+[NOTE]
+====
+The rule type also affects the privileges that are required.
+For example, to view {ml} rules, you must have `read` privileges for the *Analytics > {ml-app}* feature.
+For {stack-monitor-app} rules, you must have the `monitoring_user` role.
+For {observability} rules, you must have `read` privileges for the appropriate {observability} features.
+For Security rules, refer to {security-guide}/detections-permissions-section.html[Detections prerequisites and requirements].
+====
+
+| Revoke all access to alerts, connectors, and rules in *{stack-manage-app}* or *Discover*
+a|
+* `None` for the *Management > {stack-rules-feature}* feature.
+* `None` for the *Management > Rules Settings* feature.
+* `None` for the *Management > {connectors-feature}* feature.
+
+|===
+
+For more information on configuring roles that provide access to features, go to <<kibana-feature-privileges>>.
 
 [float]
 [[alerting-authorization]]

docs/user/alerting/create-and-manage-rules.asciidoc

@@ -170,19 +170,7 @@ image::images/rule-details-alerts-active.png[Rule details page with multiple ale
 // NOTE: This is an autogenerated screenshot. Do not edit it directly.
 
 In this example, the rule detects when a site serves more than a threshold number of bytes in a 24 hour period. Four sites are above the threshold. These are called alerts - occurrences of the condition being detected - and the alert name, status, time of detection, and duration of the condition are shown in this view. Alerts come and go from the list depending on whether the rule conditions are met.
-
-When an alert is created, it generates actions. If the conditions that caused the alert persist, the actions run again according to the rule notification settings. There are four common alert statuses:
-
-`active`:: The conditions for the rule are met and actions should be generated according to the notification settings.
-`flapping`:: The alert is switching repeatedly between active and recovered states.
-`recovered`:: The conditions for the rule are no longer met and recovery actions should be generated.
-`untracked`:: Actions are no longer generated. For example, you can choose to move active alerts to this state when you disable or delete rules.
-
-NOTE: The `flapping` state is possible only if you have enabled alert flapping detection in *{stack-manage-app}* > *{rules-ui}* > *Settings*. For each space, you can choose a look back window and threshold that are used to determine whether alerts are flapping. For example, you can specify that the alert must change status at least 6 times in the last 10 runs. If the rule has actions that run when the alert status changes, those actions are suppressed while the alert is flapping.
-
-You can mute an alert to temporarily suppress future actions.
-Open the action menu (…) for the appropriate alert in the table and select *Mute*.
-To permanently suppress actions for an alert, open the actions menu and select *Mark as untracked*.
+For more information about alerts, go to <<view-alerts>>.
 
 If there are rule actions that failed to run successfully, you can see the details on the *History* tab.
 In the *Message* column, click the warning or expand icon image:images/expand-icon-2.png[double arrow icon to open a flyout with the document details] or click the number in the *Errored actions* column to open the *Errored Actions* panel.
@@ -192,9 +180,6 @@ In this example, the action failed because the <<action-config-email-domain-allo
 image::images/rule-details-errored-actions.png[Rule histor page with alerts that have errored actions]
 // NOTE: This is an autogenerated screenshot. Do not edit it directly.
 
-If an alert was affected by a maintenance window, its identifier appears in the *Maintenance windows* column.
-For more information about their impact on alert notifications, refer to <<maintenance-windows>>.
-
 [float]
 [[importing-and-exporting-rules]]
 === Import and export rules

docs/user/alerting/index.asciidoc

@@ -1,6 +1,7 @@
 include::alerting-getting-started.asciidoc[]
 include::alerting-setup.asciidoc[]
 include::create-and-manage-rules.asciidoc[]
+include::view-alerts.asciidoc[]
 include::rule-types.asciidoc[]
 include::action-variables.asciidoc[]
 include::alerting-troubleshooting.asciidoc[]

docs/user/alerting/view-alerts.asciidoc

@@ -0,0 +1,83 @@
+[[view-alerts]]
+== View alerts
+:frontmatter-description: View and manage alerts in the {kib} {stack-manage-app} app.
+:frontmatter-tags-products: [kibana, alerting]
+:frontmatter-tags-content-type: [how-to]
+:frontmatter-tags-user-goals: [manage]
+
+When the conditions of a rule are met, it creates an alert.
+If the rule has actions, they run at the defined frequency.
+For example, the rule can send email notifications for each alert at a custom interval.
+For an introduction to the concepts of rules, alerts, and actions, refer to <<alerting-getting-started>>.
+
+You can manage the alerts for each rule in *{stack-manage-app}* > *{rules-ui}*.
+Alternatively, manage all your alerts in *{stack-manage-app}* > *Alerts*. preview:[] 
+
+[role="screenshot"]
+image::images/stack-management-alerts-page.png[Alerts page with multiple alerts]
+// NOTE: This is an autogenerated screenshot. Do not edit it directly.
+
+[NOTE]
+====
+You must have the appropriate {kib} {alert-features} and index privileges to view alerts.
+Refer to <<alerting-security,Alerting security requirements>>.
+====
+
+[discrete]
+[[filter-alerts]]
+=== Filter alerts
+
+preview::[]
+
+In *{stack-manage-app}* > *Alerts*, you can filter the list (for example, by alert status or rule type) and customize the filter controls.
+To search for specific alerts, use the KQL bar to create structured queries using {kibana-ref}/kuery-query.html[{kib} Query Language].
+
+By default, the list contains all the alerts that you have authority to view in the selected time period except those associated with Security rules.
+To view alerts for Security rules, click the query menu and select *Security rule types*:
+
+[role="screenshot"]
+image::images/stack-management-alerts-query-menu.png[The Alerts page with the query menu open]
+// NOTE: This is an autogenerated screenshot. Do not edit it directly.
+
+Alternatively, view those alerts in the {security-guide}/alerts-ui-manage.html[{security-app}].
+
+[discrete]
+[[view-alert-details]]
+=== View alert details
+
+To get more information about a specific alert, open its action menu (…) and select *View alert details* in either *{stack-manage-app} > Alerts* or *{rules-ui}*.
+There you'll see the current status of the alert, its duration, and when it was last updated.
+To help you determine what caused the alert, there is information such as the expected and actual threshold values and a summarized reason for the alert.
+
+If an alert is affected by a maintenance window, the alert details include its identifier.
+For more information about their impact on alert notifications, refer to <<maintenance-windows>>.
+
+[discrete]
+[[alert-status]]
+==== Alert statuses
+
+There are three common alert statuses:
+
+`active`:: The conditions for the rule are met and actions should be generated according to the notification settings.
+`recovered`:: The conditions for the rule are no longer met and recovery actions should be generated.
+`untracked`:: Actions are no longer generated. For example, you can choose to move active alerts to this state when you disable or delete rules.
+
+[NOTE]
+====
+An alert can also be in a "flapping" state when it is switching repeatedly between active and recovered states.
+This state is possible only if you have enabled alert flapping detection in *{stack-manage-app} > {rules-ui} > Settings*.
+For each space, you can choose a look back window and threshold that are used to determine whether alerts are flapping.
+For example, you can specify that the alert must change status at least 6 times in the last 10 runs.
+If the rule has actions that run when the alert status changes, those actions are suppressed while the alert is flapping.
+====
+
+
+[discrete]
+[[mute-alerts]]
+=== Mute alerts
+
+If an alert is active or flapping, you can mute it to temporarily suppress future actions.
+In both *{stack-manage-app} > Alerts* and *{rules-ui}*, you can open the action menu (…) for the appropriate alert and select *Mute*.
+To permanently suppress actions for an alert, open the actions menu and select *Mark as untracked*.
+
+To affect the behavior of the rule rather than individual alerts, check out <<controlling-rules>>.

x-pack/test/screenshot_creation/apps/response_ops_docs/stack_alerting/list_view.ts

@@ -58,5 +58,30 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
         1024
       );
     });
+
+    it('alerts UI screenshots', async () => {
+      await pageObjects.common.navigateToUrl(
+        'management',
+        'insightsAndAlerting/triggersActionsAlerts',
+        {
+          shouldUseHashForSubUrl: false,
+        }
+      );
+      await pageObjects.header.waitUntilLoadingHasFinished();
+      await commonScreenshots.takeScreenshot(
+        'stack-management-alerts-page',
+        screenshotDirectories,
+        1400,
+        1024
+      );
+      const queryMenu = await testSubjects.find('showQueryBarMenu');
+      await queryMenu.click();
+      await commonScreenshots.takeScreenshot(
+        'stack-management-alerts-query-menu',
+        screenshotDirectories,
+        1400,
+        1024
+      );
+    });
   });
 }