Create an issue from an Audit Event alert
Problem to solve
We want to add audit alerts in https://gitlab.com/gitlab-org/gitlab-ee/issues/6762. These alerts simply present themselves, and any action on them must be taken manually.
When an administrator notices a triggered alert, we anticipate them needing to schedule a follow-up investigation. We should make this process easy, and allow others to help.
Proposal
An administrator should be able to take two actions on an alert:
- Dismiss it (alert is not seen again and is no longer presented in the UI), or
- Create an issue for follow-up.
The admin must be able to specify the project they're creating the issue in, and have some boilerplate alert information entered into the issue on their behalf. They can then do the investigation later, or then assign the issue to someone else for further examination.
What does success look like, and how can we measure that?
- Users can create investigation issues from triggered alerts.
- X% of alerts become issues.