[RAM][O11Y] Integrate Conditional Actions with several Observability rule types (#159522)

## Summary Closes #159520 <img width="573" alt="Screenshot 2023-06-12 at 3 12 27 PM" src="ec16b8d7-25a5-435c-bf29-7392747b8c0f"> ### Checklist - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Patryk Kopyciński <contact@patrykkopycinski.com>
2025-04-25 02:09:32 -04:00 · 2023-06-27 11:36:49 -05:00 · 2023-06-27 11:36:49 -05:00 · faadf347ae
commit faadf347ae
parent 3bd43abd69
25 changed files with 111 additions and 11 deletions
--- a/x-pack/plugins/alerting/server/authorization/alerting_authorization.ts
+++ b/x-pack/plugins/alerting/server/authorization/alerting_authorization.ts
@ -72,6 +72,7 @@ type AuthorizedConsumers = Record<string, HasPrivileges>;
 export interface RegistryAlertTypeWithAuth extends RegistryRuleType {
  authorizedConsumers: AuthorizedConsumers;
  hasGetSummarizedAlerts?: boolean;
  hasFieldsForAAD?: boolean;
 }
 type IsAuthorizedAtProducerLevel = boolean;
--- a/x-pack/plugins/alerting/server/routes/rule_types.test.ts
+++ b/x-pack/plugins/alerting/server/routes/rule_types.test.ts
@ -88,6 +88,7 @@ describe('ruleTypesRoute', () => {
        producer: 'test',
        enabled_in_license: true,
        has_get_summarized_alerts: true,
        has_fields_for_a_a_d: false,
      },
    ];
    rulesClient.listRuleTypes.mockResolvedValueOnce(new Set(listTypes));
@ -113,6 +114,7 @@ describe('ruleTypesRoute', () => {
            "default_schedule_interval": "10m",
            "does_set_recovery_context": false,
            "enabled_in_license": true,
            "has_fields_for_a_a_d": false,
            "has_get_summarized_alerts": true,
            "id": "1",
            "is_exportable": true,
--- a/x-pack/plugins/alerting/server/routes/rule_types.ts
+++ b/x-pack/plugins/alerting/server/routes/rule_types.ts
@ -26,6 +26,7 @@ const rewriteBodyRes: RewriteResponseCase<RegistryAlertTypeWithAuth[]> = (result
      defaultScheduleInterval,
      doesSetRecoveryContext,
      hasGetSummarizedAlerts,
      hasFieldsForAAD,
      ...rest
    }) => ({
      ...rest,
@ -41,6 +42,7 @@ const rewriteBodyRes: RewriteResponseCase<RegistryAlertTypeWithAuth[]> = (result
      default_schedule_interval: defaultScheduleInterval,
      does_set_recovery_context: doesSetRecoveryContext,
      has_get_summarized_alerts: !!hasGetSummarizedAlerts,
      has_fields_for_a_a_d: !!hasFieldsForAAD,
    })
  );
 };
--- a/x-pack/plugins/alerting/server/rule_type_registry.test.ts
+++ b/x-pack/plugins/alerting/server/rule_type_registry.test.ts
@ -704,6 +704,7 @@ describe('Create Lifecycle', () => {
            "defaultScheduleInterval": undefined,
            "doesSetRecoveryContext": false,
            "enabledInLicense": false,
            "hasFieldsForAAD": false,
            "hasGetSummarizedAlerts": false,
            "id": "test",
            "isExportable": true,
--- a/x-pack/plugins/alerting/server/rule_type_registry.ts
+++ b/x-pack/plugins/alerting/server/rule_type_registry.ts
@ -61,6 +61,7 @@ export interface RegistryRuleType
    | 'ruleTaskTimeout'
    | 'defaultScheduleInterval'
    | 'doesSetRecoveryContext'
    | 'fieldsForAAD'
  > {
  id: string;
  enabledInLicense: boolean;
@ -372,6 +373,7 @@ export class RuleTypeRegistry {
            doesSetRecoveryContext,
            alerts,
            getSummarizedAlerts,
            fieldsForAAD,
          },
        ]: [string, UntypedNormalizedRuleType]) => ({
          id,
@ -392,6 +394,7 @@ export class RuleTypeRegistry {
            minimumLicenseRequired
          ).isValid,
          hasGetSummarizedAlerts: !!getSummarizedAlerts,
          hasFieldsForAAD: Boolean(fieldsForAAD),
          ...(alerts ? { alerts } : {}),
        })
      )
--- a/x-pack/plugins/infra/server/lib/alerting/inventory_metric_threshold/register_inventory_metric_threshold_rule_type.ts
+++ b/x-pack/plugins/infra/server/lib/alerting/inventory_metric_threshold/register_inventory_metric_threshold_rule_type.ts
@ -49,6 +49,7 @@ import {
  WARNING_ACTIONS,
 } from './inventory_metric_threshold_executor';
 import { MetricsRulesTypeAlertDefinition } from '../register_rule_types';
 import { O11Y_AAD_FIELDS } from '../../../../common/constants';
 const condition = schema.object({
  threshold: schema.arrayOf(schema.number()),
@ -146,5 +147,6 @@ export async function registerMetricInventoryThresholdRuleType(
    },
    getSummarizedAlerts: libs.metricsRules.createGetSummarizedAlerts(),
    alerts: MetricsRulesTypeAlertDefinition,
    fieldsForAAD: O11Y_AAD_FIELDS,
  });
 }
--- a/x-pack/plugins/infra/server/lib/alerting/log_threshold/register_log_threshold_rule_type.ts
+++ b/x-pack/plugins/infra/server/lib/alerting/log_threshold/register_log_threshold_rule_type.ts
@ -7,6 +7,7 @@
 import { i18n } from '@kbn/i18n';
 import { PluginSetupContract } from '@kbn/alerting-plugin/server';
 import { O11Y_AAD_FIELDS } from '../../../../common/constants';
 import { createLogThresholdExecutor, FIRED_ACTIONS } from './log_threshold_executor';
 import { extractReferences, injectReferences } from './log_threshold_references_manager';
 import {
@ -165,5 +166,6 @@ export async function registerLogThresholdRuleType(
      injectReferences,
    },
    alerts: LogsRulesTypeAlertDefinition,
    fieldsForAAD: O11Y_AAD_FIELDS,
  });
 }
--- a/x-pack/plugins/infra/server/lib/alerting/metric_anomaly/register_metric_anomaly_rule_type.ts
+++ b/x-pack/plugins/infra/server/lib/alerting/metric_anomaly/register_metric_anomaly_rule_type.ts
@ -14,6 +14,7 @@ import {
  AlertInstanceContext as AlertContext,
 } from '@kbn/alerting-plugin/server';
 import { RecoveredActionGroupId } from '@kbn/alerting-plugin/common';
 import { O11Y_AAD_FIELDS } from '../../../../common/constants';
 import {
  createMetricAnomalyExecutor,
  FIRED_ACTIONS,
@ -67,6 +68,7 @@ export const registerMetricAnomalyRuleType = (
  minimumLicenseRequired: 'basic',
  isExportable: true,
  executor: createMetricAnomalyExecutor(libs, ml),
  fieldsForAAD: O11Y_AAD_FIELDS,
  actionVariables: {
    context: [
      { name: 'alertState', description: alertStateActionVariableDescription },
--- a/x-pack/plugins/monitoring/public/alerts/alert_form.test.tsx
+++ b/x-pack/plugins/monitoring/public/alerts/alert_form.test.tsx
@ -252,6 +252,7 @@ describe('alert_form', () => {
                }
                actionTypeRegistry={actionTypeRegistry}
                featureId="alerting"
                producerId="alerting"
              />
            </KibanaReactContext.Provider>
          </I18nProvider>
--- a/x-pack/plugins/security_solution/public/detections/components/rules/rule_actions_field/index.tsx
+++ b/x-pack/plugins/security_solution/public/detections/components/rules/rule_actions_field/index.tsx
@ -23,6 +23,7 @@ import type {
 } from '@kbn/alerting-plugin/common';
 import { SecurityConnectorFeatureId } from '@kbn/actions-plugin/common';
 import { FormattedMessage } from '@kbn/i18n-react';
 import { AlertConsumers } from '@kbn/rule-data-utils';
 import { NOTIFICATION_DEFAULT_FREQUENCY } from '../../../../../common/constants';
 import type { FieldHook } from '../../../../shared_imports';
 import { useFormContext } from '../../../../shared_imports';
@ -243,13 +244,13 @@ export const RuleActionsField: React.FC<Props> = ({
        setActionFrequencyProperty: setActionFrequency,
        setActionAlertsFilterProperty,
        featureId: SecurityConnectorFeatureId,
        producerId: AlertConsumers.SIEM,
        defaultActionMessage: FORM_FOR_EACH_ALERT_BODY_MESSAGE,
        defaultSummaryMessage: FORM_SUMMARY_BODY_MESSAGE,
        hideActionHeader: true,
        hasSummary: true,
        notifyWhenSelectOptions: NOTIFY_WHEN_OPTIONS,
        defaultRuleFrequency: NOTIFICATION_DEFAULT_FREQUENCY,
        showActionAlertsFilter: true,
      }),
    [
      actions,
--- a/x-pack/plugins/stack_connectors/public/connector_types/slack/action_form.test.tsx
+++ b/x-pack/plugins/stack_connectors/public/connector_types/slack/action_form.test.tsx
@ -100,6 +100,7 @@ const baseProps = {
  recoveryActionGroup: 'recovered',
  actionTypeRegistry,
  minimumThrottleInterval: [1, 'm'] as [number | undefined, string],
  producerId: 'infratstructure',
  setActions: jest.fn(),
  setActionIdByIndex: jest.fn(),
  setActionParamsProperty: jest.fn(),
--- a/x-pack/plugins/triggers_actions_ui/public/application/hooks/use_rule_aad_fields.ts
+++ b/x-pack/plugins/triggers_actions_ui/public/application/hooks/use_rule_aad_fields.ts
@ -0,0 +1,28 @@
 /*
 * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
 * or more contributor license agreements. Licensed under the Elastic License
 * 2.0; you may not use this file except in compliance with the Elastic License
 * 2.0.
 */
 import { DataViewField } from '@kbn/data-views-plugin/common';
 import { useKibana } from '@kbn/kibana-react-plugin/public';
 import { BASE_RAC_ALERTS_API_PATH } from '@kbn/rule-registry-plugin/common';
 import useAsync from 'react-use/lib/useAsync';
 import type { AsyncState } from 'react-use/lib/useAsync';
 import { TriggersAndActionsUiServices } from '../..';
 export function useRuleAADFields(ruleTypeId?: string): AsyncState<DataViewField[]> {
  const { http } = useKibana<TriggersAndActionsUiServices>().services;
  const aadFields = useAsync(async () => {
    if (!ruleTypeId) return [];
    const fields = await http.get<DataViewField[]>(`${BASE_RAC_ALERTS_API_PATH}/aad_fields`, {
      query: { ruleTypeId },
    });
    return fields;
  });
  return aadFields;
 }
--- a/x-pack/plugins/triggers_actions_ui/public/application/lib/rule_api/rule_types.ts
+++ b/x-pack/plugins/triggers_actions_ui/public/application/lib/rule_api/rule_types.ts
@ -25,6 +25,7 @@ const rewriteBodyReq: RewriteRequestCase<RuleType> = ({
  does_set_recovery_context: doesSetRecoveryContext,
  default_schedule_interval: defaultScheduleInterval,
  has_get_summarized_alerts: hasGetSummarizedAlerts,
  has_fields_for_a_a_d: hasFieldsForAAD,
  ...rest
 }: AsApiContract<RuleType>) => ({
  enabledInLicense,
@ -38,6 +39,7 @@ const rewriteBodyReq: RewriteRequestCase<RuleType> = ({
  doesSetRecoveryContext,
  defaultScheduleInterval,
  hasGetSummarizedAlerts,
  hasFieldsForAAD,
  ...rest,
 });
--- a/x-pack/plugins/triggers_actions_ui/public/application/sections/action_connector_form/action_alerts_filter_query.tsx
+++ b/x-pack/plugins/triggers_actions_ui/public/application/sections/action_connector_form/action_alerts_filter_query.tsx
@ -6,6 +6,7 @@
 */
 import React, { useState, useCallback, useMemo, useEffect } from 'react';
 import { ValidFeatureId } from '@kbn/rule-data-utils';
 import { Filter } from '@kbn/es-query';
 import { i18n } from '@kbn/i18n';
 import { EuiSwitch, EuiSpacer } from '@elastic/eui';
@ -16,11 +17,17 @@ import { AlertsSearchBar } from '../alerts_search_bar';
 interface ActionAlertsFilterQueryProps {
  state?: AlertsFilter['query'];
  onChange: (update?: AlertsFilter['query']) => void;
  appName: string;
  featureIds: ValidFeatureId[];
  ruleTypeId?: string;
 }
 export const ActionAlertsFilterQuery: React.FC<ActionAlertsFilterQueryProps> = ({
  state,
  onChange,
  appName,
  featureIds,
  ruleTypeId,
 }) => {
  const [query, setQuery] = useState(state ?? { kql: '', filters: [] });
@ -61,7 +68,7 @@ export const ActionAlertsFilterQuery: React.FC<ActionAlertsFilterQueryProps> = (
        label={i18n.translate(
          'xpack.triggersActionsUI.sections.actionTypeForm.ActionAlertsFilterQueryToggleLabel',
          {
-            defaultMessage: 'if alert matches a query',
+            defaultMessage: 'If alert matches a query',
          }
        )}
        checked={queryEnabled}
@ -72,9 +79,10 @@ export const ActionAlertsFilterQuery: React.FC<ActionAlertsFilterQueryProps> = (
        <>
          <EuiSpacer size="s" />
          <AlertsSearchBar
-            appName="siem"
+            appName={appName}
            featureIds={featureIds}
            ruleTypeId={ruleTypeId}
            disableQueryLanguageSwitcher={true}
            featureIds={['siem']}
            query={query.kql}
            filters={query.filters ?? []}
            onQueryChange={onQueryChange}
--- a/x-pack/plugins/triggers_actions_ui/public/application/sections/action_connector_form/action_alerts_filter_timeframe.tsx
+++ b/x-pack/plugins/triggers_actions_ui/public/application/sections/action_connector_form/action_alerts_filter_timeframe.tsx
@ -146,7 +146,7 @@ export const ActionAlertsFilterTimeframe: React.FC<ActionAlertsFilterTimeframePr
        label={i18n.translate(
          'xpack.triggersActionsUI.sections.actionTypeForm.ActionAlertsFilterTimeframeToggleLabel',
          {
-            defaultMessage: 'if alert is generated during timeframe',
+            defaultMessage: 'If alert is generated during timeframe',
          }
        )}
        checked={timeframeEnabled}
--- a/x-pack/plugins/triggers_actions_ui/public/application/sections/action_connector_form/action_form.test.tsx
+++ b/x-pack/plugins/triggers_actions_ui/public/application/sections/action_connector_form/action_form.test.tsx
@ -314,6 +314,7 @@ describe('action_form', () => {
          context: [{ name: 'contextVar', description: 'context var1' }],
        }}
        featureId="alerting"
        producerId="alerting"
        defaultActionGroupId={'default'}
        isActionGroupDisabledForActionType={(actionGroupId: string, actionTypeId: string) => {
          const recoveryActionGroupId = customRecoveredActionGroup
--- a/x-pack/plugins/triggers_actions_ui/public/application/sections/action_connector_form/action_form.tsx
+++ b/x-pack/plugins/triggers_actions_ui/public/application/sections/action_connector_form/action_form.tsx
@ -69,6 +69,7 @@ export interface ActionAccordionFormProps {
    index: number
  ) => void;
  featureId: string;
  producerId: string;
  messageVariables?: ActionVariables;
  summaryMessageVariables?: ActionVariables;
  setHasActionsDisabled?: (value: boolean) => void;
@ -83,7 +84,8 @@ export interface ActionAccordionFormProps {
  minimumThrottleInterval?: [number | undefined, string];
  notifyWhenSelectOptions?: NotifyWhenSelectOptions[];
  defaultRuleFrequency?: RuleActionFrequency;
-  showActionAlertsFilter?: boolean;
+  ruleTypeId?: string;
  hasFieldsForAAD?: boolean;
 }
 interface ActiveActionConnectorState {
@ -117,7 +119,9 @@ export const ActionForm = ({
  minimumThrottleInterval,
  notifyWhenSelectOptions,
  defaultRuleFrequency = DEFAULT_FREQUENCY,
-  showActionAlertsFilter,
+  ruleTypeId,
  producerId,
  hasFieldsForAAD,
 }: ActionAccordionFormProps) => {
  const {
    http,
@ -491,7 +495,10 @@ export const ActionForm = ({
              minimumThrottleInterval={minimumThrottleInterval}
              notifyWhenSelectOptions={notifyWhenSelectOptions}
              defaultNotifyWhenValue={defaultRuleFrequency.notifyWhen}
-              showActionAlertsFilter={showActionAlertsFilter}
+              featureId={featureId}
              producerId={producerId}
              ruleTypeId={ruleTypeId}
              hasFieldsForAAD={hasFieldsForAAD}
            />
          );
        })}
--- a/x-pack/plugins/triggers_actions_ui/public/application/sections/action_connector_form/action_type_form.test.tsx
+++ b/x-pack/plugins/triggers_actions_ui/public/application/sections/action_connector_form/action_type_form.test.tsx
@ -634,6 +634,8 @@ function getActionTypeForm({
      summaryMessageVariables={summaryMessageVariables}
      notifyWhenSelectOptions={notifyWhenSelectOptions}
      defaultNotifyWhenValue={defaultNotifyWhenValue}
      producerId="infrastructure"
      featureId="infrastructure"
    />
  );
 }
--- a/x-pack/plugins/triggers_actions_ui/public/application/sections/action_connector_form/action_type_form.tsx
+++ b/x-pack/plugins/triggers_actions_ui/public/application/sections/action_connector_form/action_type_form.tsx
@ -8,6 +8,7 @@
 import React, { Suspense, useEffect, useState, useCallback, useMemo } from 'react';
 import { i18n } from '@kbn/i18n';
 import { FormattedMessage } from '@kbn/i18n-react';
 import { ValidFeatureId, AlertConsumers } from '@kbn/rule-data-utils';
 import {
  EuiFlexGroup,
  EuiFlexItem,
@ -87,7 +88,10 @@ export type ActionTypeFormProps = {
  minimumThrottleInterval?: [number | undefined, string];
  notifyWhenSelectOptions?: NotifyWhenSelectOptions[];
  defaultNotifyWhenValue?: RuleNotifyWhenType;
-  showActionAlertsFilter?: boolean;
+  featureId: string;
  producerId: string;
  ruleTypeId?: string;
  hasFieldsForAAD?: boolean;
 } & Pick<
  ActionAccordionFormProps,
  | 'defaultActionGroupId'
@ -134,7 +138,10 @@ export const ActionTypeForm = ({
  minimumThrottleInterval,
  notifyWhenSelectOptions,
  defaultNotifyWhenValue,
-  showActionAlertsFilter,
+  producerId,
  featureId,
  ruleTypeId,
  hasFieldsForAAD,
 }: ActionTypeFormProps) => {
  const {
    application: { capabilities },
@ -333,6 +340,8 @@ export const ActionTypeForm = ({
    setActionGroupIdByIndex &&
    !actionItem.frequency?.summary;
  const showActionAlertsFilter = hasFieldsForAAD || producerId === AlertConsumers.SIEM;
  const accordionContent = checkEnabledResult.isEnabled ? (
    <>
      <EuiSplitPanel.Inner
@ -418,6 +427,9 @@ export const ActionTypeForm = ({
            <ActionAlertsFilterQuery
              state={actionItem.alertsFilter?.query}
              onChange={(query) => setActionAlertsFilterProperty('query', query, index)}
              featureIds={[producerId as ValidFeatureId]}
              appName={featureId!}
              ruleTypeId={ruleTypeId}
            />
            <EuiSpacer size="s" />
            <ActionAlertsFilterTimeframe
--- a/x-pack/plugins/triggers_actions_ui/public/application/sections/alerts_search_bar/alerts_search_bar.tsx
+++ b/x-pack/plugins/triggers_actions_ui/public/application/sections/alerts_search_bar/alerts_search_bar.tsx
@ -13,12 +13,14 @@ import { SEARCH_BAR_PLACEHOLDER } from './translations';
 import { AlertsSearchBarProps, QueryLanguageType } from './types';
 import { useAlertDataView } from '../../hooks/use_alert_data_view';
 import { TriggersAndActionsUiServices } from '../../..';
 import { useRuleAADFields } from '../../hooks/use_rule_aad_fields';
 // TODO Share buildEsQuery to be used between AlertsSearchBar and AlertsStateTable component https://github.com/elastic/kibana/issues/144615
 export function AlertsSearchBar({
  appName,
  disableQueryLanguageSwitcher = false,
  featureIds,
  ruleTypeId,
  query,
  filters,
  onQueryChange,
@ -40,6 +42,14 @@ export function AlertsSearchBar({
  const [queryLanguage, setQueryLanguage] = useState<QueryLanguageType>('kuery');
  const { value: dataView, loading, error } = useAlertDataView(featureIds);
  const {
    value: aadFields,
    loading: fieldsLoading,
    error: fieldsError,
  } = useRuleAADFields(ruleTypeId);
  const indexPatterns =
    ruleTypeId && aadFields?.length ? [{ title: ruleTypeId, fields: aadFields }] : [dataView!];
  const onSearchQuerySubmit = useCallback(
    ({ dateRange, query: nextQuery }: { dateRange: TimeRange; query?: Query }) => {
@ -72,7 +82,10 @@ export function AlertsSearchBar({
    <SearchBar
      appName={appName}
      disableQueryLanguageSwitcher={disableQueryLanguageSwitcher}
-      indexPatterns={loading || error ? NO_INDEX_PATTERNS : [dataView!]}
+      // @ts-expect-error - DataView fields prop and SearchBar indexPatterns props are overly broad
      indexPatterns={
        loading || error || fieldsLoading || fieldsError ? NO_INDEX_PATTERNS : indexPatterns
      }
      placeholder={placeholder}
      query={{ query: query ?? '', language: queryLanguage }}
      filters={filters}
--- a/x-pack/plugins/triggers_actions_ui/public/application/sections/alerts_search_bar/types.ts
+++ b/x-pack/plugins/triggers_actions_ui/public/application/sections/alerts_search_bar/types.ts
@ -23,6 +23,7 @@ export interface AlertsSearchBarProps {
  showSubmitButton?: boolean;
  placeholder?: string;
  submitOnBlur?: boolean;
  ruleTypeId?: string;
  onQueryChange?: (query: {
    dateRange: { from: string; to: string; mode?: 'absolute' | 'relative' };
    query?: string;
--- a/x-pack/plugins/triggers_actions_ui/public/application/sections/rule_form/rule_form.tsx
+++ b/x-pack/plugins/triggers_actions_ui/public/application/sections/rule_form/rule_form.tsx
@ -661,6 +661,9 @@ export const RuleForm = ({
            defaultActionGroupId={defaultActionGroupId}
            hasSummary={selectedRuleType.hasGetSummarizedAlerts}
            featureId={connectorFeatureId}
            producerId={selectedRuleType.producer}
            hasFieldsForAAD={selectedRuleType.hasFieldsForAAD}
            ruleTypeId={rule.ruleTypeId}
            isActionGroupDisabledForActionType={(actionGroupId: string, actionTypeId: string) =>
              isActionGroupDisabledForActionType(selectedRuleType, actionGroupId, actionTypeId)
            }
--- a/x-pack/plugins/triggers_actions_ui/public/types.ts
+++ b/x-pack/plugins/triggers_actions_ui/public/types.ts
@ -337,6 +337,7 @@ export interface RuleType<
  actionVariables: ActionVariables;
  authorizedConsumers: Record<string, { read: boolean; all: boolean }>;
  enabledInLicense: boolean;
  hasFieldsForAAD?: boolean;
  hasGetSummarizedAlerts?: boolean;
 }
--- a/x-pack/test/alerting_api_integration/security_and_spaces/group1/tests/alerting/rule_types.ts
+++ b/x-pack/test/alerting_api_integration/security_and_spaces/group1/tests/alerting/rule_types.ts
@ -37,6 +37,7 @@ export default function listRuleTypes({ getService }: FtrProviderContext) {
      name: 'Recovered',
    },
    enabled_in_license: true,
    has_fields_for_a_a_d: false,
    has_get_summarized_alerts: false,
    rule_task_timeout: '5m',
  };
@ -63,6 +64,7 @@ export default function listRuleTypes({ getService }: FtrProviderContext) {
    minimum_license_required: 'basic',
    is_exportable: true,
    enabled_in_license: true,
    has_fields_for_a_a_d: false,
    has_get_summarized_alerts: false,
    rule_task_timeout: '5m',
  };
--- a/x-pack/test/alerting_api_integration/spaces_only/tests/alerting/group1/rule_types.ts
+++ b/x-pack/test/alerting_api_integration/spaces_only/tests/alerting/group1/rule_types.ts
@ -45,6 +45,7 @@ export default function listRuleTypes({ getService }: FtrProviderContext) {
        minimum_license_required: 'basic',
        is_exportable: true,
        enabled_in_license: true,
        has_fields_for_a_a_d: false,
        has_get_summarized_alerts: false,
        rule_task_timeout: '5m',
      });
@ -133,6 +134,7 @@ export default function listRuleTypes({ getService }: FtrProviderContext) {
          minimumLicenseRequired: 'basic',
          isExportable: true,
          enabledInLicense: true,
          hasFieldsForAAD: false,
          hasGetSummarizedAlerts: false,
          ruleTaskTimeout: '5m',
        });