Security solutions currently uses the rule registry to install preview indices for detection rules. These are a set of indices that use the same mappings as normal alert indices but they use a different ILM policy that deletes the preview data within a day. As part of framework alerts as data, we'd like to migrate all resource installation out of the rule registry and into the alerting plugin so we either need to provide a specific way to install preview indices for any rule types or generic functions that can be called to install custom resources.
Security solutions currently uses the rule registry to install preview indices for detection rules. These are a set of indices that use the same mappings as normal alert indices but they use a different ILM policy that deletes the preview data within a day. As part of framework alerts as data, we'd like to migrate all resource installation out of the rule registry and into the alerting plugin so we either need to provide a specific way to install preview indices for any rule types or generic functions that can be called to install custom resources.