github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-23 09:19:04 -04:00
Code Issues Projects Releases Packages Wiki Activity

[8.13] [Security Solution][Detection Engine] enables telemetry for ES|QL rule type (#177193) (#177742)

Browse source 
# Backport

This will backport the following commits from `main` to `8.13`:
- [[Security Solution][Detection Engine] enables telemetry for ES|QL
rule type (#177193)](https://github.com/elastic/kibana/pull/177193)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Vitalii
Dmyterko","email":"92328789+vitaliidm@users.noreply.github.com"},"sourceCommit":{"committedDate":"2024-02-23T17:04:31Z","message":"[Security
Solution][Detection Engine] enables telemetry for ES|QL rule type
(#177193)\n\n## Summary\r\n\r\n- addresses
https://github.com/elastic/kibana/issues/176785\r\n- enables telemetry
for Security Detection ES|QL rule
type","sha":"5a9cd830271491a2e7393686b5fd0a22aeb09e9e","branchLabelMapping":{"^v8.14.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:
SecuritySolution","telemetry","backport:prev-minor","Team:Detection
Engine","8.13 candidate","v8.14.0"],"title":"[Security
Solution][Detection Engine] enables telemetry for ES|QL rule
type","number":177193,"url":"https://github.com/elastic/kibana/pull/177193","mergeCommit":{"message":"[Security
Solution][Detection Engine] enables telemetry for ES|QL rule type
(#177193)\n\n## Summary\r\n\r\n- addresses
https://github.com/elastic/kibana/issues/176785\r\n- enables telemetry
for Security Detection ES|QL rule
type","sha":"5a9cd830271491a2e7393686b5fd0a22aeb09e9e"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v8.14.0","branchLabelMappingKey":"^v8.14.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/177193","number":177193,"mergeCommit":{"message":"[Security
Solution][Detection Engine] enables telemetry for ES|QL rule type
(#177193)\n\n## Summary\r\n\r\n- addresses
https://github.com/elastic/kibana/issues/176785\r\n- enables telemetry
for Security Detection ES|QL rule
type","sha":"5a9cd830271491a2e7393686b5fd0a22aeb09e9e"}}]}] BACKPORT-->

Co-authored-by: Vitalii Dmyterko <92328789+vitaliidm@users.noreply.github.com>
This commit is contained in:
Kibana Machine 2024-02-23 14:35:14 -05:00 committed by GitHub
parent 7a4e192ea2
commit 8010f7de76
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
6 changed files with 129 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

43
x-pack/plugins/security_solution/server/usage/collector.ts
View file

@ -286,6 +286,49 @@ export const registerCollector: RegisterCollector = ({
},
},
},
esql: {
enabled: {
type: 'long',
_meta: { description: 'Number of esql rules enabled' },
},
disabled: {
type: 'long',
_meta: { description: 'Number of esql rules disabled' },
},
alerts: {
type: 'long',
_meta: { description: 'Number of alerts generated by esql rules' },
},
cases: {
type: 'long',
_meta: {
description: 'Number of cases attached to esql detection rule alerts',
},
},
legacy_notifications_enabled: {
type: 'long',
_meta: { description: 'Number of legacy notifications enabled' },
},
legacy_notifications_disabled: {
type: 'long',
_meta: { description: 'Number of legacy notifications disabled' },
},
notifications_enabled: {
type: 'long',
_meta: { description: 'Number of notifications enabled' },
},
notifications_disabled: {
type: 'long',
_meta: { description: 'Number of notifications enabled' },
},
legacy_investigation_fields: {
type: 'long',
_meta: {
description:
'Number of rules using the legacy investigation fields type introduced only in 8.10 ESS',
},
},
},
elastic_total: {
enabled: { type: 'long', _meta: { description: 'Number of elastic rules enabled' } },
disabled: {

11
x-pack/plugins/security_solution/server/usage/detections/rules/get_initial_usage.ts
View file

@ -83,6 +83,17 @@ export const getInitialRulesUsage = (): RulesTypeUsage => ({
notifications_disabled: 0,
legacy_investigation_fields: 0,
},
esql: {
enabled: 0,
disabled: 0,
alerts: 0,
cases: 0,
legacy_notifications_enabled: 0,
legacy_notifications_disabled: 0,
notifications_enabled: 0,
notifications_disabled: 0,
legacy_investigation_fields: 0,
},
elastic_total: {
enabled: 0,
disabled: 0,

1
x-pack/plugins/security_solution/server/usage/detections/rules/types.ts
View file

@ -26,6 +26,7 @@ export interface RulesTypeUsage {
new_terms: FeatureTypeUsage;
elastic_total: FeatureTypeUsage;
custom_total: FeatureTypeUsage;
esql: FeatureTypeUsage;
}
export interface RuleAdoption {

7
x-pack/plugins/security_solution/server/usage/detections/rules/update_usage.test.ts
View file

@ -250,6 +250,13 @@ describe('Detections Usage and Metrics', () => {
${'new_terms'} | ${false} | ${true} | ${false} | ${0} | ${1} | ${0} | ${0} | ${0}
${'new_terms'} | ${false} | ${false} | ${false} | ${0} | ${0} | ${0} | ${0} | ${0}
${'new_terms'} | ${false} | ${false} | ${false} | ${0} | ${0} | ${0} | ${0} | ${1}
${'esql'} | ${true} | ${true} | ${false} | ${1} | ${0} | ${0} | ${0} | ${0}
${'esql'} | ${true} | ${false} | ${true} | ${0} | ${0} | ${1} | ${0} | ${0}
${'esql'} | ${false} | ${false} | ${true} | ${0} | ${0} | ${0} | ${1} | ${0}
${'esql'} | ${true} | ${false} | ${true} | ${0} | ${0} | ${1} | ${0} | ${0}
${'esql'} | ${false} | ${true} | ${false} | ${0} | ${1} | ${0} | ${0} | ${0}
${'esql'} | ${false} | ${false} | ${false} | ${0} | ${0} | ${0} | ${0} | ${0}
${'esql'} | ${false} | ${false} | ${false} | ${0} | ${0} | ${0} | ${0} | ${1}
`(
'expect { "ruleType": $ruleType, "enabled": $enabled, "hasLegacyNotification": $hasLegacyNotification, "hasNotification": $hasNotification, hasLegacyInvestigationField: $hasLegacyInvestigationField } to equal { legacy_notifications_enabled: $expectedLegacyNotificationsEnabled, legacy_notifications_disabled: $expectedLegacyNotificationsDisabled, notifications_enabled: $expectedNotificationsEnabled, notifications_disabled, $expectedNotificationsDisabled, hasLegacyInvestigationField: $hasLegacyInvestigationField }',
({

9
x-pack/plugins/security_solution/server/usage/detections/rules/update_usage.ts
View file

@ -68,6 +68,15 @@ export const updateRuleUsage = (
detectionRuleMetric,
}),
};
} else if (detectionRuleMetric.rule_type === 'esql') {
updatedUsage = {
...usage,
esql: updateQueryUsage({
ruleType: detectionRuleMetric.rule_type,
usage,
detectionRuleMetric,
}),
};
}
if (detectionRuleMetric.elastic_rule) {

58
x-pack/plugins/telemetry_collection_xpack/schema/xpack_plugins.json
View file

@ -12899,6 +12899,64 @@
}
}
},
"esql": {
"properties": {
"enabled": {
"type": "long",
"_meta": {
"description": "Number of esql rules enabled"
}
},
"disabled": {
"type": "long",
"_meta": {
"description": "Number of esql rules disabled"
}
},
"alerts": {
"type": "long",
"_meta": {
"description": "Number of alerts generated by esql rules"
}
},
"cases": {
"type": "long",
"_meta": {
"description": "Number of cases attached to esql detection rule alerts"
}
},
"legacy_notifications_enabled": {
"type": "long",
"_meta": {
"description": "Number of legacy notifications enabled"
}
},
"legacy_notifications_disabled": {
"type": "long",
"_meta": {
"description": "Number of legacy notifications disabled"
}
},
"notifications_enabled": {
"type": "long",
"_meta": {
"description": "Number of notifications enabled"
}
},
"notifications_disabled": {
"type": "long",
"_meta": {
"description": "Number of notifications enabled"
}
},
"legacy_investigation_fields": {
"type": "long",
"_meta": {
"description": "Number of rules using the legacy investigation fields type introduced only in 8.10 ESS"
}
}
}
},
"elastic_total": {
"properties": {
"enabled": {