[Security Solution] Add detection rules customization status for telemetry snapshot #237583
+834
−30
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jkelas
force-pushed
the
140369_req_2_customization_status_telemetry
branch
6 times, most recently
from
96cc9de to
c91b984
Compare
jkelas
changed the title
jkelas
added
release_note:skip
|
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
|
Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management) |
35 tasks
jkelas
force-pushed
the
140369_req_2_customization_status_telemetry
branch
from
c91b984 to
9c5fee8
Compare
maximpn
reviewed
Oct 8, 2025
x-pack/platform/plugins/private/telemetry_collection_xpack/schema/xpack_security.json
Outdated
Show resolved
Hide resolved
...api_integration/test_suites/detections_response/utils/rules/prebuilt_rules/customize_rule.ts
Outdated
Show resolved
Hide resolved
...ity/plugins/security_solution/server/usage/detections/rules/get_rule_customization_status.ts
Outdated
Show resolved
Hide resolved
...ity/plugins/security_solution/server/usage/detections/rules/get_rule_customization_status.ts
Outdated
Show resolved
Hide resolved
|
Created visualization here: https://telemetry-v2-staging.elastic.dev/s/securitysolution/app/dashboards#/view/ed2311c0-4920-4d2a-bebb-b7a5ef18b511?_g=(filters:!(),refreshInterval:(pause:!t,value:60000),time:(from:now-7d%2Fd,to:now)) At the moment there is little data. 
|
jkelas
force-pushed
the
140369_req_2_customization_status_telemetry
branch
from
2ba68c0 to
234d324
Compare
maximpn
approved these changes
Oct 9, 2025
There was a problem hiding this comment.
@jkelas Thanks for addressing my comments 👍
I've tested the PR locally and it works as expected. The only thing would be nice to have is a comment explaining why we track only specific fields and a link to the details (task or PR on GitHub).
...ity/plugins/security_solution/server/usage/detections/rules/get_rule_customization_status.ts
Show resolved
Hide resolved
jkelas
force-pushed
the
140369_req_2_customization_status_telemetry
branch
from
1dd28b6 to
daca2b0
Compare
|
/ci |
banderror
force-pushed
the
140369_req_2_customization_status_telemetry
branch
from
daca2b0 to
8fe9d70
Compare
banderror
force-pushed
the
140369_req_2_customization_status_telemetry
branch
from
8fe9d70 to
7f5b4f3
Compare
banderror
approved these changes
Oct 13, 2025
|
/ci |
|
@elasticmachine run docs-build |
💛 Build succeeded, but was flaky
Failed CI StepsMetrics [docs]
History
cc @jkelas |
banderror
force-pushed
the
140369_req_2_customization_status_telemetry
branch
from
7f5b4f3 to
ca4c8b0
Compare
|
/ci |
|
@elasticmachine run docs-build |
|
Starting backport for target branches: 8.18, 8.19, 9.1, 9.2 |
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Oct 14, 2025
…metry snapshot (elastic#237583) **Partially addresses: elastic#140369** ## Summary This is another PR from of a series of PRs I am planning to create to cover the requirements in the elastic#140369 ticket. The requirement covered in this PR is: " Breakdown of which fields are being customized." Testing: Display the snapshot: ``` POST kbn:/internal/telemetry/clusters/_stats?apiVersion=2 { "unencrypted": true, "refreshCache": true } ``` Send the snapshot to staging telemetry cluster. ``` POST kbn:/internal/telemetry/force_send?apiVersion=1&elasticInternalOrigin=true {} ``` Co-authored-by: Georgii Gorbachev <georgii.gorbachev@elastic.co> (cherry picked from commit 1f41564)
💔 Some backports could not be created
Note: Successful backport PRs will be merged automatically after passing CI. Manual backportTo create the backport manually run: Questions ?Please refer to the Backport tool documentation |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
7 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Partially addresses: #140369
Summary
This is another PR from of a series of PRs I am planning to create to cover the requirements in the #140369 ticket.
The requirement covered in this PR is: " Breakdown of which fields are being customized."
Testing:
Display the snapshot:
Send the snapshot to staging telemetry cluster.