[Security Solution][Detection Engine] adds EBT telemetry for rule pre…

…view (#194326)

## Summary

 - adds basic EBT telemetry for rule preview

### To test 

Use Discover Data View in staging to see reported events:
https://telemetry-v2-staging.elastic.dev/s/securitysolution/app/discover#/?_g=(filters:!(),refreshInterval:(pause:!t,value:60000),time:(from:now-28h,to:now))&_a=(columns:!(properties.ruleType,properties.loggedRequestsEnabled),filters:!(),index:security-solution-ebt-kibana-browser,interval:auto,query:(language:kuery,query:'event_type%20:%20%22Preview%20rule%22'),sort:!(!(timestamp,desc)))

Note, there is a few hours delay from event reported locally to be
stored on staging host

x-pack/plugins/security_solution/public/common/lib/telemetry/constants.ts

@@ -86,6 +86,7 @@ export enum TelemetryEventTypes {
   EventLogShowSourceEventDateRange = 'Event Log -> Show Source -> Event Date Range',
   OpenNoteInExpandableFlyoutClicked = 'Open Note In Expandable Flyout Clicked',
   AddNoteFromExpandableFlyoutClicked = 'Add Note From Expandable Flyout Clicked',
+  PreviewRule = 'Preview rule',
 }
 
 export enum ML_JOB_TELEMETRY_STATUS {

x-pack/plugins/security_solution/public/common/lib/telemetry/events/preview_rule/index.ts

@@ -0,0 +1,29 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { TelemetryEvent } from '../../types';
+import { TelemetryEventTypes } from '../../constants';
+
+export const previewRuleEvent: TelemetryEvent = {
+  eventType: TelemetryEventTypes.PreviewRule,
+  schema: {
+    ruleType: {
+      type: 'keyword',
+      _meta: {
+        description: 'Rule type',
+        optional: false,
+      },
+    },
+    loggedRequestsEnabled: {
+      type: 'boolean',
+      _meta: {
+        description: 'shows if preview executed with enabled logged requests',
+        optional: false,
+      },
+    },
+  },
+};

x-pack/plugins/security_solution/public/common/lib/telemetry/events/preview_rule/types.ts

@@ -0,0 +1,20 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import type { Type } from '@kbn/securitysolution-io-ts-alerting-types';
+
+import type { RootSchema } from '@kbn/core/public';
+import type { TelemetryEventTypes } from '../../constants';
+
+export interface PreviewRuleParams {
+  ruleType: Type;
+  loggedRequestsEnabled: boolean;
+}
+
+export interface PreviewRuleTelemetryEvent {
+  eventType: TelemetryEventTypes.PreviewRule;
+  schema: RootSchema<PreviewRuleParams>;
+}

x-pack/plugins/security_solution/public/common/lib/telemetry/events/telemetry_events.ts

@@ -48,6 +48,7 @@ import {
   addNoteFromExpandableFlyoutClickedEvent,
   openNoteInExpandableFlyoutClickedEvent,
 } from './notes';
+import { previewRuleEvent } from './preview_rule';
 
 const mlJobUpdateEvent: TelemetryEvent = {
   eventType: TelemetryEventTypes.MLJobUpdate,
@@ -192,4 +193,5 @@ export const telemetryEvents = [
   eventLogShowSourceEventDateRangeEvent,
   openNoteInExpandableFlyoutClickedEvent,
   addNoteFromExpandableFlyoutClickedEvent,
+  previewRuleEvent,
 ];

x-pack/plugins/security_solution/public/common/lib/telemetry/telemetry_client.mock.ts

@@ -42,4 +42,5 @@ export const createTelemetryClientMock = (): jest.Mocked<TelemetryClientStart> =
   reportManualRuleRunOpenModal: jest.fn(),
   reportOpenNoteInExpandableFlyoutClicked: jest.fn(),
   reportAddNoteFromExpandableFlyoutClicked: jest.fn(),
+  reportPreviewRule: jest.fn(),
 });

x-pack/plugins/security_solution/public/common/lib/telemetry/telemetry_client.ts

@@ -44,6 +44,7 @@ import type {
   ReportManualRuleRunOpenModalParams,
   ReportEventLogShowSourceEventDateRangeParams,
   ReportEventLogFilterByRunTypeParams,
+  PreviewRuleParams,
 } from './types';
 import { TelemetryEventTypes } from './constants';
 
@@ -211,4 +212,8 @@ export class TelemetryClient implements TelemetryClientStart {
   ) => {
     this.analytics.reportEvent(TelemetryEventTypes.AddNoteFromExpandableFlyoutClicked, params);
   };
+
+  public reportPreviewRule = (params: PreviewRuleParams) => {
+    this.analytics.reportEvent(TelemetryEventTypes.PreviewRule, params);
+  };
 }

x-pack/plugins/security_solution/public/common/lib/telemetry/types.ts

@@ -72,6 +72,7 @@ import type {
   NotesTelemetryEvents,
   OpenNoteInExpandableFlyoutClickedParams,
 } from './events/notes/types';
+import type { PreviewRuleParams, PreviewRuleTelemetryEvent } from './events/preview_rule/types';
 
 export * from './events/ai_assistant/types';
 export * from './events/alerts_grouping/types';
@@ -91,6 +92,7 @@ export type {
 export * from './events/document_details/types';
 export * from './events/manual_rule_run/types';
 export * from './events/event_log/types';
+export * from './events/preview_rule/types';
 
 export interface TelemetryServiceSetupParams {
   analytics: AnalyticsServiceSetup;
@@ -136,6 +138,7 @@ export type TelemetryEventParams =
   | OnboardingHubStepLinkClickedParams
   | ReportManualRuleRunTelemetryEventParams
   | ReportEventLogTelemetryEventParams
+  | PreviewRuleParams
   | NotesTelemetryEventParams;
 
 export interface TelemetryClientStart {
@@ -194,6 +197,9 @@ export interface TelemetryClientStart {
   // new notes
   reportOpenNoteInExpandableFlyoutClicked(params: OpenNoteInExpandableFlyoutClickedParams): void;
   reportAddNoteFromExpandableFlyoutClicked(params: AddNoteFromExpandableFlyoutClickedParams): void;
+
+  // preview rule
+  reportPreviewRule(params: PreviewRuleParams): void;
 }
 
 export type TelemetryEvent =
@@ -221,4 +227,5 @@ export type TelemetryEvent =
   | OnboardingHubTelemetryEvent
   | ManualRuleRunTelemetryEvent
   | EventLogTelemetryEvent
+  | PreviewRuleTelemetryEvent
   | NotesTelemetryEvents;

x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/rule_preview/use_preview_rule.ts

@@ -12,7 +12,7 @@ import type {
   RuleCreateProps,
   RulePreviewResponse,
 } from '../../../../../common/api/detection_engine';
-
+import { useKibana } from '../../../../common/lib/kibana';
 import { previewRule } from '../../../rule_management/api/api';
 import { transformOutput } from '../../../../detections/containers/detection_engine/rules/transforms';
 import type { TimeframePreviewOptions } from '../../../../detections/pages/detection_engine/rules/types';
@@ -37,6 +37,7 @@ export const usePreviewRule = ({
   const [isLoading, setIsLoading] = useState(false);
   const { addError } = useAppToasts();
   const { invocationCount, interval, from } = usePreviewInvocationCount({ timeframeOptions });
+  const { telemetry } = useKibana().services;
 
   const timeframeEnd = useMemo(
     () => timeframeOptions.timeframeEnd.toISOString(),
@@ -57,6 +58,10 @@ export const usePreviewRule = ({
     const createPreviewId = async () => {
       if (rule != null) {
         try {
+          telemetry.reportPreviewRule({
+            loggedRequestsEnabled: enableLoggedRequests ?? false,
+            ruleType: rule.type,
+          });
           setIsLoading(true);
           const previewRuleResponse = await previewRule({
             rule: {
@@ -90,7 +95,16 @@ export const usePreviewRule = ({
       isSubscribed = false;
       abortCtrl.abort();
     };
-  }, [rule, addError, invocationCount, from, interval, timeframeEnd, enableLoggedRequests]);
+  }, [
+    rule,
+    addError,
+    invocationCount,
+    from,
+    interval,
+    timeframeEnd,
+    enableLoggedRequests,
+    telemetry,
+  ]);
 
   return { isLoading, response, rule, setRule };
 };