diff --git a/x-pack/plugins/observability_solution/apm/server/plugin.ts b/x-pack/plugins/observability_solution/apm/server/plugin.ts
index b26c99b57375f..339b394ad4815 100644
--- a/x-pack/plugins/observability_solution/apm/server/plugin.ts
+++ b/x-pack/plugins/observability_solution/apm/server/plugin.ts
@@ -7,10 +7,14 @@
 
 import { CoreSetup, CoreStart, Logger, Plugin, PluginInitializerContext } from '@kbn/core/server';
 import { isEmpty, mapValues } from 'lodash';
+import { Dataset } from '@kbn/rule-registry-plugin/server';
 import { alertsLocatorID } from '@kbn/observability-plugin/common';
 import { APMConfig, APM_SERVER_FEATURE_ID } from '.';
 import { APM_FEATURE, registerFeaturesUsage } from './feature';
-import { registerApmRuleTypes } from './routes/alerts/register_apm_rule_types';
+import {
+  registerApmRuleTypes,
+  APM_RULE_TYPE_ALERT_CONTEXT,
+} from './routes/alerts/register_apm_rule_types';
 import { registerFleetPolicyCallbacks } from './routes/fleet/register_fleet_policy_callbacks';
 import { createApmTelemetry } from './lib/apm_telemetry';
 import { getInternalSavedObjectsClient } from './lib/helpers/get_internal_saved_objects_client';
@@ -83,6 +87,13 @@ export class APMPlugin
     const getPluginStart = () =>
       core.getStartServices().then(([coreStart, pluginStart]) => pluginStart);
 
+    const { ruleDataService } = plugins.ruleRegistry;
+    ruleDataService.initializeIndex({
+      feature: APM_SERVER_FEATURE_ID,
+      registrationContext: APM_RULE_TYPE_ALERT_CONTEXT,
+      dataset: Dataset.alerts,
+    });
+
     const resourcePlugins = mapValues(plugins, (value, key) => {
       return {
         setup: value,
diff --git a/x-pack/plugins/observability_solution/infra/server/lib/infra_types.ts b/x-pack/plugins/observability_solution/infra/server/lib/infra_types.ts
index 8c97ecf48bc3d..10f80fbe86c76 100644
--- a/x-pack/plugins/observability_solution/infra/server/lib/infra_types.ts
+++ b/x-pack/plugins/observability_solution/infra/server/lib/infra_types.ts
@@ -42,6 +42,8 @@ export interface InfraBackendLibs extends InfraDomainLibs {
   basePath: IBasePath;
   configuration: InfraConfig;
   framework: KibanaFramework;
+  logsRules: RulesServiceSetup;
+  metricsRules: RulesServiceSetup;
   sources: InfraSources;
   sourceStatus: InfraSourceStatus;
   getAlertDetailsConfig: () => ObservabilityConfig['unsafe']['alertDetails'];
diff --git a/x-pack/plugins/observability_solution/infra/server/plugin.ts b/x-pack/plugins/observability_solution/infra/server/plugin.ts
index d0d0ef3821b7d..b8becb916a4e3 100644
--- a/x-pack/plugins/observability_solution/infra/server/plugin.ts
+++ b/x-pack/plugins/observability_solution/infra/server/plugin.ts
@@ -25,6 +25,7 @@ import {
 } from '@kbn/observability-shared-plugin/common';
 import { type AlertsLocatorParams, alertsLocatorID } from '@kbn/observability-plugin/common';
 import { mapValues } from 'lodash';
+import { LOGS_FEATURE_ID, METRICS_FEATURE_ID } from '../common/constants';
 import { publicConfigKeys } from '../common/plugin_config_types';
 import { LOGS_FEATURE, METRICS_FEATURE } from './features';
 import { registerRoutes } from './infra_server';
@@ -33,6 +34,10 @@ import { KibanaFramework } from './lib/adapters/framework/kibana_framework_adapt
 import { KibanaMetricsAdapter } from './lib/adapters/metrics/kibana_metrics_adapter';
 import { InfraElasticsearchSourceStatusAdapter } from './lib/adapters/source_status';
 import { registerRuleTypes } from './lib/alerting';
+import {
+  LOGS_RULES_ALERT_CONTEXT,
+  METRICS_RULES_ALERT_CONTEXT,
+} from './lib/alerting/register_rule_types';
 import { InfraMetricsDomain } from './lib/domains/metrics_domain';
 import { InfraBackendLibs, InfraDomainLibs } from './lib/infra_types';
 import { infraSourceConfigurationSavedObjectType, InfraSources } from './lib/sources';
@@ -44,6 +49,7 @@ import {
 } from './saved_objects';
 import { InventoryViewsService } from './services/inventory_views';
 import { MetricsExplorerViewsService } from './services/metrics_explorer_views';
+import { RulesService } from './services/rules';
 import {
   InfraConfig,
   InfraPluginCoreSetup,
@@ -147,6 +153,8 @@ export class InfraServerPlugin
   public libs!: InfraBackendLibs;
   public logger: Logger;
 
+  private logsRules: RulesService;
+  private metricsRules: RulesService;
   private inventoryViews: InventoryViewsService;
   private metricsExplorerViews?: MetricsExplorerViewsService;
 
@@ -154,6 +162,17 @@ export class InfraServerPlugin
     this.config = context.config.get();
     this.logger = context.logger.get();
 
+    this.logsRules = new RulesService(
+      LOGS_FEATURE_ID,
+      LOGS_RULES_ALERT_CONTEXT,
+      this.logger.get('logsRules')
+    );
+    this.metricsRules = new RulesService(
+      METRICS_FEATURE_ID,
+      METRICS_RULES_ALERT_CONTEXT,
+      this.logger.get('metricsRules')
+    );
+
     this.inventoryViews = new InventoryViewsService(this.logger.get('inventoryViews'));
     this.metricsExplorerViews = this.config.featureFlags.metricsExplorerEnabled
       ? new MetricsExplorerViewsService(this.logger.get('metricsExplorerViews'))
@@ -232,6 +251,8 @@ export class InfraServerPlugin
       sourceStatus,
       ...domainLibs,
       handleEsError,
+      logsRules: this.logsRules.setup(core, plugins),
+      metricsRules: this.metricsRules.setup(core, plugins),
       getStartServices: () => core.getStartServices(),
       getAlertDetailsConfig: () => plugins.observability.getAlertDetailsConfig(),
       logger: this.logger,
diff --git a/x-pack/plugins/observability_solution/infra/server/services/rules/rule_data_client.ts b/x-pack/plugins/observability_solution/infra/server/services/rules/rule_data_client.ts
new file mode 100644
index 0000000000000..ccf4c8e362cb6
--- /dev/null
+++ b/x-pack/plugins/observability_solution/infra/server/services/rules/rule_data_client.ts
@@ -0,0 +1,29 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { CoreSetup, Logger } from '@kbn/core/server';
+import { Dataset, RuleRegistryPluginSetupContract } from '@kbn/rule-registry-plugin/server';
+import type { InfraFeatureId } from '../../../common/constants';
+import { RuleRegistrationContext, RulesServiceStartDeps } from './types';
+
+export const createRuleDataClient = ({
+  ownerFeatureId,
+  registrationContext,
+  ruleDataService,
+}: {
+  ownerFeatureId: InfraFeatureId;
+  registrationContext: RuleRegistrationContext;
+  getStartServices: CoreSetup<RulesServiceStartDeps>['getStartServices'];
+  logger: Logger;
+  ruleDataService: RuleRegistryPluginSetupContract['ruleDataService'];
+}) => {
+  return ruleDataService.initializeIndex({
+    feature: ownerFeatureId,
+    registrationContext,
+    dataset: Dataset.alerts,
+  });
+};
diff --git a/x-pack/plugins/observability_solution/infra/server/services/rules/rules_service.ts b/x-pack/plugins/observability_solution/infra/server/services/rules/rules_service.ts
new file mode 100644
index 0000000000000..8cd3e0956c1a2
--- /dev/null
+++ b/x-pack/plugins/observability_solution/infra/server/services/rules/rules_service.ts
@@ -0,0 +1,44 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { CoreSetup, Logger } from '@kbn/core/server';
+import { InfraFeatureId } from '../../../common/constants';
+import { createRuleDataClient } from './rule_data_client';
+import {
+  RuleRegistrationContext,
+  RulesServiceSetup,
+  RulesServiceSetupDeps,
+  RulesServiceStart,
+  RulesServiceStartDeps,
+} from './types';
+
+export class RulesService {
+  constructor(
+    public readonly ownerFeatureId: InfraFeatureId,
+    public readonly registrationContext: RuleRegistrationContext,
+    private readonly logger: Logger
+  ) {}
+
+  public setup(
+    core: CoreSetup<RulesServiceStartDeps>,
+    setupDeps: RulesServiceSetupDeps
+  ): RulesServiceSetup {
+    createRuleDataClient({
+      getStartServices: core.getStartServices,
+      logger: this.logger,
+      ownerFeatureId: this.ownerFeatureId,
+      registrationContext: this.registrationContext,
+      ruleDataService: setupDeps.ruleRegistry.ruleDataService,
+    });
+
+    return {};
+  }
+
+  public start(_startDeps: RulesServiceStartDeps): RulesServiceStart {
+    return {};
+  }
+}
diff --git a/x-pack/plugins/observability_solution/infra/server/services/rules/types.ts b/x-pack/plugins/observability_solution/infra/server/services/rules/types.ts
index e1898988ff0c8..dd97e4dc6c5ea 100644
--- a/x-pack/plugins/observability_solution/infra/server/services/rules/types.ts
+++ b/x-pack/plugins/observability_solution/infra/server/services/rules/types.ts
@@ -15,6 +15,7 @@ export interface RulesServiceSetupDeps {
 // eslint-disable-next-line @typescript-eslint/no-empty-interface
 export interface RulesServiceStartDeps {}
 
+// eslint-disable-next-line @typescript-eslint/no-empty-interface
 export interface RulesServiceSetup {}
 
 // eslint-disable-next-line @typescript-eslint/no-empty-interface
diff --git a/x-pack/plugins/observability_solution/synthetics/server/plugin.ts b/x-pack/plugins/observability_solution/synthetics/server/plugin.ts
index d263f3780975b..42cf2fbe12918 100644
--- a/x-pack/plugins/observability_solution/synthetics/server/plugin.ts
+++ b/x-pack/plugins/observability_solution/synthetics/server/plugin.ts
@@ -13,6 +13,7 @@ import {
   SavedObjectsClient,
   SavedObjectsClientContract,
 } from '@kbn/core/server';
+import { Dataset } from '@kbn/rule-registry-plugin/server';
 import {
   SyntheticsPluginsSetupDependencies,
   SyntheticsPluginsStartDependencies,
@@ -26,6 +27,7 @@ import { registerSyntheticsSavedObjects } from './saved_objects/saved_objects';
 import { UptimeConfig } from './config';
 import { SyntheticsService } from './synthetics_service/synthetics_service';
 import { syntheticsServiceApiKey } from './saved_objects/service_api_key';
+import { SYNTHETICS_RULE_TYPES_ALERT_CONTEXT } from '../common/constants/synthetics_alerts';
 
 export class Plugin implements PluginType {
   private savedObjectsClient?: SavedObjectsClientContract;
@@ -43,6 +45,14 @@ export class Plugin implements PluginType {
   public setup(core: CoreSetup, plugins: SyntheticsPluginsSetupDependencies) {
     const config = this.initContext.config.get<UptimeConfig>();
 
+    const { ruleDataService } = plugins.ruleRegistry;
+
+    ruleDataService.initializeIndex({
+      feature: 'uptime',
+      registrationContext: SYNTHETICS_RULE_TYPES_ALERT_CONTEXT,
+      dataset: Dataset.alerts,
+    });
+
     this.server = {
       config,
       router: core.http.createRouter(),
diff --git a/x-pack/plugins/observability_solution/uptime/server/plugin.ts b/x-pack/plugins/observability_solution/uptime/server/plugin.ts
index 93a948e184632..e213cdbc65cbe 100644
--- a/x-pack/plugins/observability_solution/uptime/server/plugin.ts
+++ b/x-pack/plugins/observability_solution/uptime/server/plugin.ts
@@ -11,6 +11,7 @@ import {
   Plugin as PluginType,
   Logger,
 } from '@kbn/core/server';
+import { Dataset } from '@kbn/rule-registry-plugin/server';
 import { initUptimeServer } from './legacy_uptime/uptime_server';
 import {
   UptimeCorePluginsSetup,
@@ -22,6 +23,7 @@ import {
   savedObjectsAdapter,
 } from './legacy_uptime/lib/saved_objects/saved_objects';
 import { UptimeConfig } from '../common/config';
+import { SYNTHETICS_RULE_TYPES_ALERT_CONTEXT } from '../common/constants/synthetics_alerts';
 
 export class Plugin implements PluginType {
   private initContext: PluginInitializerContext;
@@ -39,6 +41,13 @@ export class Plugin implements PluginType {
     savedObjectsAdapter.config = config;
 
     this.logger = this.initContext.logger.get();
+    const { ruleDataService } = plugins.ruleRegistry;
+
+    ruleDataService.initializeIndex({
+      feature: 'uptime',
+      registrationContext: SYNTHETICS_RULE_TYPES_ALERT_CONTEXT,
+      dataset: Dataset.alerts,
+    });
 
     this.server = {
       config,
diff --git a/x-pack/plugins/rule_registry/server/rule_data_plugin_service/index_options.ts b/x-pack/plugins/rule_registry/server/rule_data_plugin_service/index_options.ts
index cdec7c609699d..0e05f128127a9 100644
--- a/x-pack/plugins/rule_registry/server/rule_data_plugin_service/index_options.ts
+++ b/x-pack/plugins/rule_registry/server/rule_data_plugin_service/index_options.ts
@@ -44,68 +44,6 @@ export interface IndexOptions {
    * @example 'alerts', 'events'
    */
   dataset: Dataset;
-
-  /**
-   * A list of references to external component templates. Those can be
-   * the common ones shared between all solutions, or special ones
-   * shared between some of them.
-   *
-   * IMPORTANT: These names should be relative.
-   * - correct: 'my-mappings'
-   * - incorrect: '.alerts-my-mappings'
-   *
-   * @example ['ecs-mappings']
-   */
-  componentTemplateRefs: string[];
-
-  /**
-   * Own component templates specified for the index by the plugin/solution
-   * defining this index.
-   *
-   * IMPORTANT: Order matters. This order is used by Elasticsearch to set
-   * priorities when merging the same field names defined in 2+ templates.
-   *
-   * IMPORTANT: Component template names should be relative.
-   * - correct: 'mappings'
-   * - incorrect: 'security.alerts-mappings'
-   * - incorrect: '.alerts-security.alerts-mappings'
-   */
-  componentTemplates: ComponentTemplateOptions[];
-
-  /**
-   * Additional properties for the namespaced index template.
-   */
-  indexTemplate?: IndexTemplateOptions;
-
-  /**
-   * Optional custom ILM policy for the index.
-   * NOTE: this policy will be shared between all namespaces of the index.
-   */
-  ilmPolicy?: IlmPolicyOptions;
-
-  /**
-   * Optional secondary alias that will be applied to concrete indices in
-   * addition to the primary one '.alerts-{reg. context}.{dataset}-{namespace}'
-   *
-   * IMPORTANT: It should not include the namespace. It will be added
-   * automatically.
-   * - correct: '.siem-signals'
-   * - incorrect: '.siem-signals-default'
-   *
-   * @example '.siem-signals', undefined
-   */
-  secondaryAlias?: string;
-
-  /**
-   * Optional prefix name that will be prepended to indices in addition to
-   * primary dataset and context naming convention.
-   *
-   * Currently used only for creating a preview index for the purpose of
-   * previewing alerts from a rule. The documents are identical to alerts, but
-   * shouldn't exist on an alert index and shouldn't be queried together with
-   * real alerts in any way, because the rule that created them doesn't exist
-   */
-  additionalPrefix?: string;
 }
 
 /**
diff --git a/x-pack/plugins/security_solution/server/plugin.ts b/x-pack/plugins/security_solution/server/plugin.ts
index 0315353de97c1..463c99e7b8786 100644
--- a/x-pack/plugins/security_solution/server/plugin.ts
+++ b/x-pack/plugins/security_solution/server/plugin.ts
@@ -10,7 +10,6 @@ import { QUERY_RULE_TYPE_ID, SAVED_QUERY_RULE_TYPE_ID } from '@kbn/securitysolut
 import type { Logger } from '@kbn/core/server';
 import { SavedObjectsClient } from '@kbn/core/server';
 import type { UsageCounter } from '@kbn/usage-collection-plugin/server';
-import { mappingFromFieldMap } from '@kbn/alerting-plugin/common';
 import type { IRuleDataClient } from '@kbn/rule-registry-plugin/server';
 import { Dataset } from '@kbn/rule-registry-plugin/server';
 import type { ListPluginSetup } from '@kbn/lists-plugin/server';
@@ -73,7 +72,6 @@ import type { ITelemetryReceiver } from './lib/telemetry/receiver';
 import { TelemetryReceiver } from './lib/telemetry/receiver';
 import { licenseService } from './lib/license';
 import { PolicyWatcher } from './endpoint/lib/policy/license_watch';
-import previewPolicy from './lib/detection_engine/routes/index/preview_policy.json';
 import type { IRuleMonitoringService } from './lib/detection_engine/rule_monitoring';
 import { createRuleMonitoringService } from './lib/detection_engine/rule_monitoring';
 import type { CreateRuleOptions } from './lib/detection_engine/rule_types/types';
@@ -82,10 +80,7 @@ import {
   isLegacyNotificationRuleExecutor,
   legacyRulesNotificationRuleType,
 } from './lib/detection_engine/rule_actions_legacy';
-import {
-  createSecurityRuleTypeWrapper,
-  securityRuleTypeFieldMap,
-} from './lib/detection_engine/rule_types/create_security_rule_type_wrapper';
+import { createSecurityRuleTypeWrapper } from './lib/detection_engine/rule_types/create_security_rule_type_wrapper';
 
 import { RequestContextFactory } from './request_context_factory';
 
@@ -305,25 +300,10 @@ export class Plugin implements ISecuritySolutionPlugin {
       feature: SERVER_APP_ID,
       registrationContext: 'security',
       dataset: Dataset.alerts,
-      componentTemplateRefs: ['ecs@mappings'],
-      componentTemplates: [
-        {
-          name: 'mappings',
-          mappings: mappingFromFieldMap(securityRuleTypeFieldMap, false),
-        },
-      ],
-      secondaryAlias: config.signalsIndex,
     };
 
     ruleDataClient = ruleDataService.initializeIndex(ruleDataServiceOptions);
-    const previewIlmPolicy = previewPolicy.policy;
-
-    previewRuleDataClient = ruleDataService.initializeIndex({
-      ...ruleDataServiceOptions,
-      additionalPrefix: '.preview',
-      ilmPolicy: previewIlmPolicy,
-      secondaryAlias: undefined,
-    });
+    previewRuleDataClient = ruleDataService.initializeIndex(ruleDataServiceOptions);
 
     const securityRuleTypeOptions = {
       lists: plugins.lists,