diff --git a/x-pack/plugins/security_solution/cypress/integration/detection_rules/custom_query_rule.spec.ts b/x-pack/plugins/security_solution/cypress/integration/detection_rules/custom_query_rule.spec.ts
index 9ee80636fab2e9..6c5becdd7092df 100644
--- a/x-pack/plugins/security_solution/cypress/integration/detection_rules/custom_query_rule.spec.ts
+++ b/x-pack/plugins/security_solution/cypress/integration/detection_rules/custom_query_rule.spec.ts
@@ -13,7 +13,13 @@ import {
   getEditedRule,
   getNewOverrideRule,
 } from '../../objects/rule';
-import { ALERT_GRID_CELL, NUMBER_OF_ALERTS } from '../../screens/alerts';
+import {
+  ALERT_GRID_CELL,
+  ALERT_RISK_SCORE,
+  ALERT_RULE_NAME,
+  ALERT_SEVERITY,
+  NUMBER_OF_ALERTS,
+} from '../../screens/alerts';
 
 import {
   CUSTOM_RULES_BTN,
@@ -215,9 +221,9 @@ describe('Custom detection rules creation', () => {
     waitForAlertsToPopulate();
 
     cy.get(NUMBER_OF_ALERTS).should(($count) => expect(+$count.text().split(' ')[0]).to.be.gte(1));
-    cy.get(ALERT_GRID_CELL).eq(3).contains(this.rule.name);
-    cy.get(ALERT_GRID_CELL).eq(4).contains(this.rule.severity.toLowerCase());
-    cy.get(ALERT_GRID_CELL).eq(5).contains(this.rule.riskScore);
+    cy.get(`${ALERT_GRID_CELL} ${ALERT_RULE_NAME}`).contains(this.rule.name);
+    cy.get(`${ALERT_GRID_CELL} ${ALERT_SEVERITY}`).contains(this.rule.severity.toLowerCase());
+    cy.get(`${ALERT_GRID_CELL} ${ALERT_RISK_SCORE}`).contains(this.rule.riskScore);
   });
 });
 
diff --git a/x-pack/plugins/security_solution/cypress/integration/detection_rules/override.spec.ts b/x-pack/plugins/security_solution/cypress/integration/detection_rules/override.spec.ts
index 540d5da61dae2c..a2a1cc520e5cda 100644
--- a/x-pack/plugins/security_solution/cypress/integration/detection_rules/override.spec.ts
+++ b/x-pack/plugins/security_solution/cypress/integration/detection_rules/override.spec.ts
@@ -5,7 +5,6 @@
  * 2.0.
  */
 
-import { ALERT_RISK_SCORE } from '@kbn/rule-data-utils';
 import { formatMitreAttackDescription } from '../../helpers/rules';
 import {
   getIndexPatterns,
@@ -14,7 +13,13 @@ import {
   OverrideRule,
 } from '../../objects/rule';
 
-import { NUMBER_OF_ALERTS, ALERT_GRID_CELL } from '../../screens/alerts';
+import {
+  NUMBER_OF_ALERTS,
+  ALERT_GRID_CELL,
+  ALERT_RISK_SCORE,
+  ALERT_RULE_NAME,
+  ALERT_SEVERITY,
+} from '../../screens/alerts';
 
 import {
   CUSTOM_RULES_BTN,
@@ -188,12 +193,8 @@ describe('Detection rules, override', () => {
     waitForAlertsToPopulate();
 
     cy.get(NUMBER_OF_ALERTS).should(($count) => expect(+$count.text().split(' ')[0]).to.be.gte(1));
-    cy.get(ALERT_GRID_CELL).eq(3).contains('auditbeat');
-    cy.get(ALERT_GRID_CELL).eq(4).contains('critical');
-
-    // TODO: Is this necessary?
-    // sortRiskScore();
-
-    cy.get(ALERT_GRID_CELL).eq(5).contains('80');
+    cy.get(`${ALERT_GRID_CELL} ${ALERT_RULE_NAME}`).contains('auditbeat');
+    cy.get(`${ALERT_GRID_CELL} ${ALERT_SEVERITY}`).contains('critical');
+    cy.get(`${ALERT_GRID_CELL} ${ALERT_RISK_SCORE}`).contains('80');
   });
 });
diff --git a/x-pack/plugins/security_solution/cypress/integration/detection_rules/threshold_rule.spec.ts b/x-pack/plugins/security_solution/cypress/integration/detection_rules/threshold_rule.spec.ts
index 7bfc9631f7269d..1b991bfe4e2a3f 100644
--- a/x-pack/plugins/security_solution/cypress/integration/detection_rules/threshold_rule.spec.ts
+++ b/x-pack/plugins/security_solution/cypress/integration/detection_rules/threshold_rule.spec.ts
@@ -13,7 +13,13 @@ import {
   ThresholdRule,
 } from '../../objects/rule';
 
-import { ALERT_GRID_CELL, NUMBER_OF_ALERTS } from '../../screens/alerts';
+import {
+  ALERT_GRID_CELL,
+  ALERT_RISK_SCORE,
+  ALERT_RULE_NAME,
+  ALERT_SEVERITY,
+  NUMBER_OF_ALERTS,
+} from '../../screens/alerts';
 
 import {
   CUSTOM_RULES_BTN,
@@ -171,9 +177,9 @@ describe('Detection rules, threshold', () => {
     waitForAlertsToPopulate();
 
     cy.get(NUMBER_OF_ALERTS).should(($count) => expect(+$count.text().split(' ')[0]).to.be.lt(100));
-    cy.get(ALERT_GRID_CELL).eq(3).contains(rule.name);
-    cy.get(ALERT_GRID_CELL).eq(4).contains(rule.severity.toLowerCase());
-    cy.get(ALERT_GRID_CELL).eq(5).contains(rule.riskScore);
+    cy.get(`${ALERT_GRID_CELL} ${ALERT_RULE_NAME}`).contains(rule.name);
+    cy.get(`${ALERT_GRID_CELL} ${ALERT_SEVERITY}`).contains(rule.severity.toLowerCase());
+    cy.get(`${ALERT_GRID_CELL} ${ALERT_RISK_SCORE}`).contains(rule.riskScore);
   });
 
   it('Preview results of keyword using "host.name"', () => {
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/factories/utils/build_alert.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/factories/utils/build_alert.test.ts
index 09f35e279a2449..ed0ff92969e5ed 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/factories/utils/build_alert.test.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/factories/utils/build_alert.test.ts
@@ -33,7 +33,7 @@ import {
   ALERT_ANCESTORS,
   ALERT_ORIGINAL_EVENT,
   ALERT_ORIGINAL_TIME,
-} from '../../field_maps/field_names';
+} from '../../../../../../../timelines/common/alerts';
 import { SERVER_APP_ID } from '../../../../../../common/constants';
 
 type SignalDoc = SignalSourceHit & {
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/factories/utils/build_alert.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/factories/utils/build_alert.ts
index eea85ba26faf88..701d63bc35b75f 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/factories/utils/build_alert.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/factories/utils/build_alert.ts
@@ -25,13 +25,13 @@ import {
 import { invariant } from '../../../../../../common/utils/invariant';
 import { RACAlert } from '../../types';
 import { flattenWithPrefix } from './flatten_with_prefix';
+import { SERVER_APP_ID } from '../../../../../../common/constants';
 import {
   ALERT_ANCESTORS,
   ALERT_DEPTH,
   ALERT_ORIGINAL_EVENT,
   ALERT_ORIGINAL_TIME,
-} from '../../field_maps/field_names';
-import { SERVER_APP_ID } from '../../../../../../common/constants';
+} from '../../../../../../../timelines/common/alerts';
 
 /**
  * Takes an event document and extracts the information needed for the corresponding entry in the child
diff --git a/x-pack/plugins/timelines/common/alerts/constants.ts b/x-pack/plugins/timelines/common/alerts/constants.ts
index 4e5dda1441056c..a95c8254aa446e 100644
--- a/x-pack/plugins/timelines/common/alerts/constants.ts
+++ b/x-pack/plugins/timelines/common/alerts/constants.ts
@@ -12,17 +12,6 @@ import {
 } from '@kbn/rule-data-utils';
 import { ValuesType } from 'utility-types';
 
-// TODO: Replace the below located in: x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/field_maps/field_names.ts
-
-// export const ALERT_ANCESTORS = `${ALERT_NAMESPACE}.ancestors`;
-// export const ALERT_DEPTH = `${ALERT_NAMESPACE}.depth`;
-// export const ALERT_ORIGINAL_EVENT = `${ALERT_NAMESPACE}.original_event`;
-// export const ALERT_ORIGINAL_TIME = `${ALERT_NAMESPACE}.original_time`;
-
-/**
- * This file contains the security solution specific Alert fields not contained in the @kbn/rule-data-utils package
- */
-
 // Cast to `as const` to preserve the exact string value when using as a type rather than a value
 export const ALERT_ANCESTORS = `${ALERT_NAMESPACE}.ancestors` as const;
 export const ALERT_ANCESTORS_DEPTH = `${ALERT_ANCESTORS}.depth` as const;
diff --git a/x-pack/plugins/timelines/public/hooks/use_add_to_case.ts b/x-pack/plugins/timelines/public/hooks/use_add_to_case.ts
index 0313cd18b947bf..0b77985be71702 100644
--- a/x-pack/plugins/timelines/public/hooks/use_add_to_case.ts
+++ b/x-pack/plugins/timelines/public/hooks/use_add_to_case.ts
@@ -8,7 +8,7 @@ import { get, isEmpty } from 'lodash/fp';
 import { useState, useCallback, useMemo, SyntheticEvent } from 'react';
 import { useLocation } from 'react-router-dom';
 import { useDispatch } from 'react-redux';
-import { ALERT_RULE_NAME, ALERT_RULE_UUID } from '@kbn/rule-data-utils';
+import { ALERT_RULE_NAME, ALERT_RULE_UUID, ALERT_UUID } from '@kbn/rule-data-utils';
 import { useKibana } from '../../../../../src/plugins/kibana_react/public';
 import { Case, SubCase } from '../../../cases/common';
 import { TimelinesStartServices } from '../types';
@@ -120,7 +120,7 @@ export const useAddToCase = ({
   const isAlert = useMemo(() => {
     if (event !== undefined) {
       const data = [...event.data];
-      return data.some(({ field }) => field === 'kibana.alert.uuid');
+      return data.some(({ field }) => field === ALERT_UUID);
     } else {
       return false;
     }
diff --git a/x-pack/plugins/timelines/server/search_strategy/timeline/factory/events/all/constants.ts b/x-pack/plugins/timelines/server/search_strategy/timeline/factory/events/all/constants.ts
index 6f1cae70f950e1..6e61055f1582a1 100644
--- a/x-pack/plugins/timelines/server/search_strategy/timeline/factory/events/all/constants.ts
+++ b/x-pack/plugins/timelines/server/search_strategy/timeline/factory/events/all/constants.ts
@@ -245,6 +245,7 @@ export const TIMELINE_EVENTS_FIELDS = [
   'process.executable',
   'process.title',
   'process.working_directory',
+  'signal.rule.threshold',
   'zeek.session_id',
   'zeek.connection.local_resp',
   'zeek.connection.local_orig',