[RAC] integrating rbac search strategy with alert table

x-pack/plugins/observability/public/pages/alerts/alerts_table_t_grid.tsx

@@ -5,6 +5,7 @@
  * 2.0.
  */
 
+import { ALERTS_CONSUMERS } from '@kbn/rule-data-utils/target/alerts_as_data_rbac';
 import { EuiButtonIcon, EuiDataGridColumn } from '@elastic/eui';
 import { i18n } from '@kbn/i18n';
 import styled from 'styled-components';
@@ -109,6 +110,8 @@ const NO_ROW_RENDER: RowRenderer[] = [];
 
 const trailingControlColumns: never[] = [];
 
+const O11Y_ALERT_CONSUMER = [ALERTS_CONSUMERS.APM, ALERTS_CONSUMERS.LOGS];
+
 export function AlertsTableTGrid(props: AlertsTableTGridProps) {
   const { core, observabilityRuleTypeRegistry } = usePluginContext();
   const { prepend } = core.http.basePath;
@@ -184,6 +187,7 @@ export function AlertsTableTGrid(props: AlertsTableTGridProps) {
         </Suspense>
       )}
       {timelines.getTGrid<'standalone'>({
+        alertConsumers: O11Y_ALERT_CONSUMER,
         type: 'standalone',
         columns,
         deletedEventIds: [],

x-pack/plugins/timelines/common/search_strategy/timeline/events/index.ts

@@ -17,7 +17,8 @@ export enum TimelineEventsQueries {
   lastEventTime = 'eventsLastEventTime',
 }
 
-export enum EntityType {
-  ALERTS = 'alerts',
-  EVENTS = 'events',
-}
+export const EntityType = {
+  ALERTS: 'alerts',
+  EVENTS: 'events',
+} as const;
+export type EntityType = typeof EntityType[keyof typeof EntityType];

x-pack/plugins/timelines/public/components/t_grid/integrated/index.tsx

@@ -4,6 +4,8 @@
  * 2.0; you may not use this file except in compliance with the Elastic License
  * 2.0.
  */
+
+import { ALERTS_CONSUMERS } from '@kbn/rule-data-utils/target/alerts_as_data_rbac';
 import { EuiFlexGroup, EuiFlexItem, EuiPanel } from '@elastic/eui';
 import { isEmpty } from 'lodash/fp';
 import React, { useEffect, useMemo, useState } from 'react';
@@ -104,6 +106,8 @@ const HeaderFilterGroupWrapper = styled.header<{ show: boolean }>`
   ${({ show }) => (show ? '' : 'visibility: hidden;')}
 `;
 
+const SECURITY_ALERTS_CONSUMERS = [ALERTS_CONSUMERS.SIEM];
+
 export interface TGridIntegratedProps {
   browserFields: BrowserFields;
   columns: ColumnHeaderOptions[];
@@ -237,6 +241,7 @@ const TGridIntegratedComponent: React.FC<TGridIntegratedProps> = ({
     loading,
     { events, updatedAt, loadPage, pageInfo, refetch, totalCount = 0, inspect },
   ] = useTimelineEvents({
+    alertConsumers: SECURITY_ALERTS_CONSUMERS,
     docValueFields,
     fields,
     filterQuery: combinedQueries!.filterQuery,

x-pack/plugins/timelines/public/components/t_grid/standalone/index.tsx

@@ -4,6 +4,7 @@
  * 2.0; you may not use this file except in compliance with the Elastic License
  * 2.0.
  */
+import type { ALERTS_CONSUMERS } from '@kbn/rule-data-utils/target/alerts_as_data_rbac';
 import { EuiFlexGroup, EuiFlexItem, EuiPanel } from '@elastic/eui';
 import { isEmpty } from 'lodash/fp';
 import React, { useEffect, useMemo, useState } from 'react';
@@ -101,6 +102,7 @@ const HeaderFilterGroupWrapper = styled.header<{ show: boolean }>`
 `;
 
 export interface TGridStandaloneProps {
+  alertConsumers: ALERTS_CONSUMERS[];
   columns: ColumnHeaderOptions[];
   deletedEventIds: Readonly<string[]>;
   end: string;
@@ -129,6 +131,7 @@ export interface TGridStandaloneProps {
 const basicUnit = (n: number) => i18n.UNIT(n);
 
 const TGridStandaloneComponent: React.FC<TGridStandaloneProps> = ({
+  alertConsumers,
   columns,
   deletedEventIds,
   end,
@@ -217,6 +220,7 @@ const TGridStandaloneComponent: React.FC<TGridStandaloneProps> = ({
     loading,
     { events, updatedAt, loadPage, pageInfo, refetch, totalCount = 0, inspect },
   ] = useTimelineEvents({
+    alertConsumers,
     docValueFields: [],
     excludeEcsData: true,
     fields,

x-pack/plugins/timelines/public/container/index.tsx

@@ -5,6 +5,7 @@
  * 2.0.
  */
 
+import type { ALERTS_CONSUMERS } from '@kbn/rule-data-utils/target/alerts_as_data_rbac';
 import deepEqual from 'fast-deep-equal';
 import { isEmpty, isString, noop } from 'lodash/fp';
 import { useCallback, useEffect, useRef, useState } from 'react';
@@ -80,6 +81,7 @@ export interface UseTimelineEventsProps {
   startDate: string;
   timerangeKind?: 'absolute' | 'relative';
   data?: DataPublicPluginStart;
+  alertConsumers?: ALERTS_CONSUMERS[];
 }
 
 const createFilter = (filterQuery: ESQuery | string | undefined) =>
@@ -106,7 +108,9 @@ export const initSortDefault = [
   },
 ];
 
+const EMPTY_ARRAY: ALERTS_CONSUMERS[] = [];
 export const useTimelineEvents = ({
+  alertConsumers = EMPTY_ARRAY,
   docValueFields,
   endDate,
   excludeEcsData = false,
@@ -185,11 +189,16 @@ export const useTimelineEvents = ({
         setLoading(true);
         if (data && data.search) {
           searchSubscription$.current = data.search
-            .search<TimelineRequest<typeof language>, TimelineResponse<typeof language>>(request, {
-              strategy:
-                request.language === 'eql' ? 'timelineEqlSearchStrategy' : 'timelineSearchStrategy',
-              abortSignal: abortCtrl.current.signal,
-            })
+            .search<TimelineRequest<typeof language>, TimelineResponse<typeof language>>(
+              { ...request, entityType: 'alerts' },
+              {
+                strategy:
+                  request.language === 'eql'
+                    ? 'timelineEqlSearchStrategy'
+                    : 'timelineSearchStrategy',
+                abortSignal: abortCtrl.current.signal,
+              }
+            )
             .subscribe({
               next: (response) => {
                 if (isCompleteResponse(response)) {
@@ -262,6 +271,7 @@ export const useTimelineEvents = ({
         : 0;
 
       const currentRequest = {
+        alertConsumers,
         defaultIndex: indexNames,
         docValueFields: docValueFields ?? [],
         excludeEcsData,
@@ -291,6 +301,7 @@ export const useTimelineEvents = ({
       return prevRequest;
     });
   }, [
+    alertConsumers,
     dispatch,
     indexNames,
     activePage,