elastic · pjhampton · Nov 27, 2023 · Oct 27, 2023 · Oct 27, 2023 · Oct 27, 2023
diff --git a/x-pack/plugins/security_solution/server/lib/telemetry/sender.ts b/x-pack/plugins/security_solution/server/lib/telemetry/sender.ts
@@ -27,7 +27,7 @@ import type { SecurityTelemetryTaskConfig } from './task';
 import { SecurityTelemetryTask } from './task';
 import { telemetryConfiguration } from './configuration';
 
-const usageLabelPrefix: string[] = ['security_telemetry', 'sender'];
+export const usageLabelPrefix: string[] = ['security_telemetry', 'sender'];
 
 export interface ITelemetryEventsSender {
   setup(

diff --git a/x-pack/plugins/security_solution/server/lib/telemetry/tasks/detection_rule.ts b/x-pack/plugins/security_solution/server/lib/telemetry/tasks/detection_rule.ts
@@ -11,7 +11,14 @@ import {
   TELEMETRY_CHANNEL_LISTS,
   TASK_METRICS_CHANNEL,
 } from '../constants';
-import { batchTelemetryRecords, templateExceptionList, tlog, createTaskMetric } from '../helpers';
+import {
+  batchTelemetryRecords,
+  templateExceptionList,
+  tlog,
+  createTaskMetric,
+  createUsageCounterLabel,
+} from '../helpers';
+import { usageLabelPrefix } from '../sender';
 import type { ITelemetryEventsSender } from '../sender';
 import type { ITelemetryReceiver } from '../receiver';
 import type { ExceptionListItem, ESClusterInfo, ESLicense, RuleSearchResult } from '../types';
@@ -31,9 +38,13 @@ export function createTelemetryDetectionRuleListsTaskConfig(maxTelemetryBatch: n
       sender: ITelemetryEventsSender,
       taskExecutionPeriod: TaskExecutionPeriod
     ) => {
+      const usageCollector = sender.getTelemetryUsageCluster();
+
       const startTime = Date.now();
       const taskName = 'Security Solution Detection Rule Lists Telemetry';
       try {
+        let detectionRuleCount = 0;
+
         const [clusterInfoPromise, licenseInfoPromise] = await Promise.allSettled([
           receiver.fetchClusterInfo(),
           receiver.fetchLicenseInfo(),
@@ -98,14 +109,22 @@ export function createTelemetryDetectionRuleListsTaskConfig(maxTelemetryBatch: n
           LIST_DETECTION_RULE_EXCEPTION
         );
         tlog(logger, `Detection rule exception json length ${detectionRuleExceptionsJson.length}`);
+
+        detectionRuleCount = detectionRuleExceptionsJson.length;
+        usageCollector?.incrementCounter({
+          counterName: createUsageCounterLabel(usageLabelPrefix.concat(['detection_rule'])),
+          counterType: 'detection_rule_count',
+          incrementBy: detectionRuleCount,
+        });
+
         const batches = batchTelemetryRecords(detectionRuleExceptionsJson, maxTelemetryBatch);
         for (const batch of batches) {
           await sender.sendOnDemand(TELEMETRY_CHANNEL_LISTS, batch);
         }
         await sender.sendOnDemand(TASK_METRICS_CHANNEL, [
           createTaskMetric(taskName, true, startTime),
         ]);
-        return detectionRuleExceptions.length;
+        return detectionRuleCount;
       } catch (err) {
         await sender.sendOnDemand(TASK_METRICS_CHANNEL, [
           createTaskMetric(taskName, false, startTime, err.message),

diff --git a/x-pack/plugins/security_solution/server/lib/telemetry/tasks/security_lists.ts b/x-pack/plugins/security_solution/server/lib/telemetry/tasks/security_lists.ts
@@ -24,7 +24,9 @@ import {
   tlog,
   createTaskMetric,
   formatValueListMetaData,
+  createUsageCounterLabel,
 } from '../helpers';
+import { usageLabelPrefix } from '../sender';
 import type { ITelemetryEventsSender } from '../sender';
 import type { ITelemetryReceiver } from '../receiver';
 import type { TaskExecutionPeriod } from '../task';
@@ -43,10 +45,14 @@ export function createTelemetrySecurityListTaskConfig(maxTelemetryBatch: number)
       sender: ITelemetryEventsSender,
       taskExecutionPeriod: TaskExecutionPeriod
     ) => {
+      const usageCollector = sender.getTelemetryUsageCluster();
+
       const startTime = Date.now();
       const taskName = 'Security Solution Lists Telemetry';
       try {
-        let count = 0;
+        let trustedApplicationsCount = 0;
+        let endpointExceptionsCount = 0;
+        let endpointEventFiltersCount = 0;
 
         const [clusterInfoPromise, licenseInfoPromise] = await Promise.allSettled([
           receiver.fetchClusterInfo(),
@@ -73,7 +79,13 @@ export function createTelemetrySecurityListTaskConfig(maxTelemetryBatch: number)
             LIST_TRUSTED_APPLICATION
           );
           tlog(logger, `Trusted Apps: ${trustedAppsJson}`);
-          count += trustedAppsJson.length;
+          trustedApplicationsCount = trustedAppsJson.length;
+
+          usageCollector?.incrementCounter({
+            counterName: createUsageCounterLabel(usageLabelPrefix.concat(['security_lists'])),
+            counterType: 'trusted_apps_count',
+            incrementBy: trustedApplicationsCount,
+          });
 
           const batches = batchTelemetryRecords(trustedAppsJson, maxTelemetryBatch);
           for (const batch of batches) {
@@ -92,7 +104,13 @@ export function createTelemetrySecurityListTaskConfig(maxTelemetryBatch: number)
             LIST_ENDPOINT_EXCEPTION
           );
           tlog(logger, `EP Exceptions: ${epExceptionsJson}`);
-          count += epExceptionsJson.length;
+          endpointExceptionsCount = epExceptionsJson.length;
+
+          usageCollector?.incrementCounter({
+            counterName: createUsageCounterLabel(usageLabelPrefix.concat(['security_lists'])),
+            counterType: 'endpoint_exceptions_count',
+            incrementBy: endpointExceptionsCount,
+          });
 
           const batches = batchTelemetryRecords(epExceptionsJson, maxTelemetryBatch);
           for (const batch of batches) {
@@ -111,7 +129,13 @@ export function createTelemetrySecurityListTaskConfig(maxTelemetryBatch: number)
             LIST_ENDPOINT_EVENT_FILTER
           );
           tlog(logger, `EP Event Filters: ${epFiltersJson}`);
-          count += epFiltersJson.length;
+          endpointEventFiltersCount = epFiltersJson.length;
+
+          usageCollector?.incrementCounter({
+            counterName: createUsageCounterLabel(usageLabelPrefix.concat(['security_lists'])),
+            counterType: 'endpoint_event_filters_count',
+            incrementBy: endpointEventFiltersCount,
+          });
 
           const batches = batchTelemetryRecords(epFiltersJson, maxTelemetryBatch);
           for (const batch of batches) {
@@ -135,7 +159,7 @@ export function createTelemetrySecurityListTaskConfig(maxTelemetryBatch: number)
         await sender.sendOnDemand(TASK_METRICS_CHANNEL, [
           createTaskMetric(taskName, true, startTime),
         ]);
-        return count;
+        return trustedApplicationsCount + endpointExceptionsCount + endpointEventFiltersCount;
       } catch (err) {
         await sender.sendOnDemand(TASK_METRICS_CHANNEL, [
           createTaskMetric(taskName, false, startTime, err.message),