This Integration uses transforms; the source index for one of the transforms is the default alerts index in Security - .alerts-security.alerts-default.

.alerts-security.alerts-default is only created in a new stack once the first alert is generated. Hence, when I was using elastic-package stack up for development, a workaround is creating a rule that runs when @timestamp: * so that any alert is generated, thus causing .alerts-security.alerts-default to be created. After that, I will then elastic-package install the Host Risk Score package. This worked well.

However, on the repo, the tests and CI are fresh Elastic stacks, and don't have the default alerts index, and so I get the build error: no such index [.alerts-security.alerts-default];

Is there any way for the build CI test environment Elastic stack to have that index created?