Skip to content

Detection Rule Exception List telemetry#113239

Merged
pjhampton merged 18 commits intomasterfrom
pjhampton/detection-rule-exception-list
Oct 11, 2021
Merged

Detection Rule Exception List telemetry#113239
pjhampton merged 18 commits intomasterfrom
pjhampton/detection-rule-exception-list

Conversation

@pjhampton
Copy link
Contributor

@pjhampton pjhampton commented Sep 28, 2021

Summary

For users opted in we will collect detection rule exception list telemetry to understand how our users are using the lists feature and to iterate on our detection rules. PII + List item descriptions omitted for privacy.

Checklist

Delete any items that are not applicable to this PR.

For maintainers

@pjhampton pjhampton added v8.0.0 release_note:skip Skip the PR/issue when compiling release notes Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. auto-backport Deprecated - use backport:version if exact versions are needed v7.16.0 v7.15.1 labels Sep 28, 2021
@pjhampton pjhampton requested a review from a team as a code owner September 28, 2021 10:07
@pjhampton pjhampton self-assigned this Sep 28, 2021
@elasticmachine
Copy link
Contributor

elasticmachine commented Sep 28, 2021

Pinging @elastic/security-solution (Team: SecuritySolution)

pjhampton
pjhampton commented Sep 28, 2021
View reviewed changes
donaherc
donaherc approved these changes Sep 30, 2021
View reviewed changes
Copy link
Contributor

@donaherc donaherc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice this LGTM architecturally and is in keeping with the existing tasks. Had a couple of superficial questions about things, but generally nothing stood out for concern. This is going to be extremely useful telemetry data going forward as we get the Insights stuff off the ground. @bfilar, @SourinPaul, and I were talking today about how the Insights data will need Rule contents as well as the existing alert telemetry to ensure we get the maximum value. Thanks!

@pjhampton
Copy link
Contributor Author

pjhampton commented Oct 7, 2021

@elasticmachine merge upstream

CI is more flaky than usual 👎

@pjhampton
Copy link
Contributor Author

pjhampton commented Oct 11, 2021

@elasticmachine merge upstream

@pjhampton pjhampton removed the v7.15.1 label Oct 11, 2021
@pjhampton pjhampton enabled auto-merge (squash) October 11, 2021 10:44
@pjhampton
Copy link
Contributor Author

pjhampton commented Oct 11, 2021

@elasticmachine merge upstream

@kibanamachine
Copy link
Contributor

kibanamachine commented Oct 11, 2021

💚 Build Succeeded

Metrics [docs]

✅ unchanged

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @pjhampton

@pjhampton pjhampton merged commit 53109bd into master Oct 11, 2021
@pjhampton pjhampton deleted the pjhampton/detection-rule-exception-list branch October 11, 2021 14:21
kibanamachine added a commit to kibanamachine/kibana that referenced this pull request Oct 11, 2021
@pjhampton @kibanamachine
Detection Rule Exception List telemetry (elastic#113239)
73044a6 
* Add telemetry for detection rule exception lists to improve UX.

* Add length for debugging.

* Fix type.

* Clean up exception list telemetry document.

* Dynamically set kibana index (just in case).

* Update task title.

* Rename version to rule_version.

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
@kibanamachine kibanamachine mentioned this pull request Oct 11, 2021
Merged
@kibanamachine
Copy link
Contributor

kibanamachine commented Oct 11, 2021

💚 Backport successful

Status Branch Result
7.x

This backport PR will be merged automatically after passing CI.

kibanamachine added a commit that referenced this pull request Oct 11, 2021
@kibanamachine @pjhampton
Detection Rule Exception List telemetry (#113239) (#114504)
5f9fc99 
* Add telemetry for detection rule exception lists to improve UX.

* Add length for debugging.

* Fix type.

* Clean up exception list telemetry document.

* Dynamically set kibana index (just in case).

* Update task title.

* Rename version to rule_version.

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>

Co-authored-by: Pete Hampton <pjhampton@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@donaherc donaherc donaherc approved these changes

@tsouza tsouza Awaiting requested review from tsouza

@michaelolo24 michaelolo24 Awaiting requested review from michaelolo24

@brokensound77 brokensound77 Awaiting requested review from brokensound77

Assignees

@pjhampton pjhampton

Labels

auto-backport Deprecated - use backport:version if exact versions are needed release_note:skip Skip the PR/issue when compiling release notes Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v7.16.0 v8.0.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@pjhampton @elasticmachine @kibanamachine @donaherc