Skip to content

[8.19] [Security Solution] Add event-based telemetry for prebuilt rule upgrade API (#234571)#235318

Merged
jkelas merged 2 commits intoelastic:8.19from
jkelas:backport/8.19/pr-234571
Sep 17, 2025
Merged

[8.19] [Security Solution] Add event-based telemetry for prebuilt rule upgrade API (#234571)#235318
jkelas merged 2 commits intoelastic:8.19from
jkelas:backport/8.19/pr-234571

Conversation

@jkelas
Copy link
Copy Markdown
Contributor

@jkelas jkelas commented Sep 17, 2025

Backport

This will backport the following commits from main to 8.19:

Questions ?

Please refer to the Backport tool documentation

[Security Solution] Add event-based telemetry for prebuilt rule upgra…
77c5979 
…de API (elastic#234571)

**Partially resolves: elastic#140369**

## Summary

This is another PR from of a series of PRs I am planning to create to
cover the requirements in the elastic#140369 ticket.

The requirement covered in this ticket is req. elastic#6: "Events for
performing update (EBT backend)" and req. elastic#7 "Missing base versions".

I am adding sending telemetry events in handling of rule update request.
Each rule updated will send its own event with information about:
- ruleId
- ruleName
- if missing base version
- final result of the update
- updated fields (with breakdown per conflict type).

I tried to make the changes as little invasive as possible, and decided
to create a separate file, `update_rule_telemetry.ts`, where the logic
of building the events and sending them is encapsulated.

### Checklist

Check the PR satisfies following conditions.

Reviewers should verify this PR satisfies this list as well.

- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [x] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
used on any tests changed
- [x] The PR description includes the appropriate Release Notes section,
and the correct `release_note:*` label is applied per the
[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
- [ ] Review the [backport
guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)
and apply applicable `backport:*` labels.

(cherry picked from commit a2b7329)

# Conflicts:
#	x-pack/solutions/security/plugins/security_solution/server/lib/telemetry/event_based/events.ts
@jkelas jkelas added the backport This PR is a backport of another PR label Sep 17, 2025
@jkelas jkelas enabled auto-merge (squash) September 17, 2025 08:13
@jkelas jkelas mentioned this pull request Sep 17, 2025
Merged
4 tasks
@elasticmachine
Copy link
Copy Markdown
Contributor

elasticmachine commented Sep 17, 2025

💚 Build Succeeded

Metrics [docs]

Public APIs missing comments

Total count of every public API that lacks a comment. Target amount is 0. Run node scripts/build_api_docs --plugin [yourplugin] --stats comments for more detailed information.

id before after diff
securitySolution 126 127 +1

Saved Objects .kibana field count

Every field in each saved object type adds overhead to Elasticsearch. Kibana needs to keep the total field count below Elasticsearch's default limit of 1000 fields. Only specify field mappings for the fields you wish to search on or query. See https://www.elastic.co/guide/en/kibana/master/saved-objects-service.html#_mappings

id before after diff
_data_stream_timestamp 1 - -1
_doc_count 1 - -1
_ignored_source 1 - -1
_index_mode 1 - -1
_inference_fields 1 - -1
_tier 1 - -1
apm-custom-dashboards 5 - -5
apm-server-schema 2 - -2
apm-service-group 5 - -5
application_usage_daily 2 - -2
config 2 - -2
config-global 2 - -2
coreMigrationVersion 1 - -1
created_at 1 - -1
created_by 1 - -1
entity-definition 9 - -9
entity-discovery-api-key 2 - -2
event_loop_delays_daily 2 - -2
favorites 4 - -4
file 11 - -11
file-upload-usage-collection-telemetry 3 - -3
fileShare 5 - -5
guided-onboarding-guide-state 3 - -3
infra-custom-dashboards 4 - -4
infrastructure-monitoring-log-view 2 - -2
intercept_trigger_record 5 - -5
legacy-url-alias 7 - -7
managed 1 - -1
ml-job 6 - -6
ml-module 13 - -13
ml-trained-model 7 - -7
monitoring-telemetry 2 - -2
namespace 1 - -1
namespaces 1 - -1
observability-onboarding-state 2 - -2
originId 1 - -1
product-doc-install-status 7 - -7
references 4 - -4
sample-data-telemetry 3 - -3
security-ai-prompt 8 - -8
slo 11 - -11
space 5 - -5
synthetics-monitor 34 - -34
synthetics-monitor-multi-space 34 - -34
tag 4 - -4
type 1 - -1
typeMigrationVersion 1 - -1
ui-metric 2 - -2
updated_at 1 - -1
updated_by 1 - -1
upgrade-assistant-ml-upgrade-operation 3 - -3
upgrade-assistant-reindex-operation 3 - -3
uptime-synthetics-api-key 2 - -2
url 5 - -5
usage-counters 2 - -2
total -249
Unknown metric groups

API count

id before after diff
securitySolution 194 195 +1

ESLint disabled line counts

id before after diff
securitySolution 606 608 +2

Total ESLint disabled count

id before after diff
securitySolution 692 694 +2

History

@jkelas jkelas merged commit 4b04007 into elastic:8.19 Sep 17, 2025
8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dplumlee dplumlee dplumlee approved these changes

@kibanamachine kibanamachine Awaiting requested review from kibanamachine kibanamachine is a code owner

Assignees

No one assigned

Labels

backport This PR is a backport of another PR

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jkelas @elasticmachine @dplumlee