Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Osquery] Add telemetry for packs and saved queries #122501

Merged
merged 53 commits into from
Feb 14, 2022
Merged

[Osquery] Add telemetry for packs and saved queries #122501

merged 53 commits into from
Feb 14, 2022

Conversation

patrykkopycinski
Copy link
Contributor

@patrykkopycinski patrykkopycinski commented Jan 9, 2022
edited
Loading

Summary

Collecting telemetry of live queries.
Took it from #115180

See sender.ts
To test:
Run live query

For event sender:
Add to kibana.dev.yml to opt in telemetry and see debug logs:

telemetry.optIn: true
logging.loggers:
 - name: plugins.osquery
   level: debug

In case of success/failure of upgrades, the debug log should include events sent to telemetry v3 endpoint.

[2022-01-09T22:08:02.359+01:00][DEBUG][plugins.osquery.telemetry_events] Telemetry URL: https://telemetry-staging.elastic.co/v3/send/osquery-live-queries
[2022-01-09T22:08:02.360+01:00][DEBUG][plugins.osquery.telemetry_events] [{"event_source":"osquery_app_live_query","table":[{"name":"osquery_info","columns":["*"]},{"name":"processes","columns":["resident_size","user_time","system_time"]},{"name":"time","columns":["minutes"]}],"agent_selection":{"agents":1,"all_agents_selected":false,"platforms_selected":["darwin"],"policies":1}},{"event_source":"osquery_app_live_query","table":[{"name":"osquery_info","columns":["*"]},{"name":"processes","columns":["resident_size","user_time","system_time"]},{"name":"time","columns":["minutes"]}],"agent_selection":{"agents":1,"all_agents_selected":false,"platforms_selected":["darwin"],"policies":1}}]
[2022-01-09T22:08:02.717+01:00][DEBUG][plugins.osquery.telemetry_events] Events sent!. Response: 200 {"status":"ok"}

@patrykkopycinski
WIP
4438b3d
@patrykkopycinski
Merge branch 'main' of github.com:elastic/kibana into feat/osquery-te…
93239de 
…lemetry
@patrykkopycinski
Merge branch 'main' of github.com:elastic/kibana into feat/osquery-te…
f586da7 
…lemetry
@patrykkopycinski
Merge branch 'main' of github.com:elastic/kibana into feat/osquery-te…
c0db606 
…lemetry
@patrykkopycinski
Merge branch 'main' of github.com:elastic/kibana into feat/osquery-te…
54df855 
…lemetry
@patrykkopycinski
Merge branch 'main' of github.com:elastic/kibana into feat/osquery-te…
c25ea86 
…lemetry
@patrykkopycinski
Merge branch 'main' of github.com:elastic/kibana into feat/osquery-te…
6719b8f 
…lemetry
@patrykkopycinski
Merge branch 'main' of github.com:elastic/kibana into feat/osquery-te…
0faf401 
…lemetry
@patrykkopycinski
Merge branch 'main' of github.com:elastic/kibana into feat/osquery-te…
e9de180 
…lemetry
@patrykkopycinski
Merge branch 'main' of github.com:elastic/kibana into feat/osquery-te…
954ca68 
…lemetry
@patrykkopycinski
Merge branch 'main' of github.com:elastic/kibana into feat/osquery-te…
6ee014a 
…lemetry
@patrykkopycinski
Merge branch 'main' of github.com:elastic/kibana into feat/osquery-te…
b9548b0 
…lemetry
@patrykkopycinski
Merge branch 'main' of github.com:elastic/kibana into feat/osquery-te…
33214f8 
…lemetry
@patrykkopycinski
Merge branch 'main' of github.com:elastic/kibana into feat/osquery-te…
82ffe71 
…lemetry
@patrykkopycinski
Merge branch 'main' of github.com:elastic/kibana into feat/osquery-te…
ecfc5fb 
…lemetry
@patrykkopycinski
Merge branch 'main' of github.com:elastic/kibana into feat/osquery-te…
6dfa1e6 
…lemetry
@patrykkopycinski
Merge branch 'main' of github.com:elastic/kibana into feat/osquery-te…
f20e7ed 
…lemetry
@patrykkopycinski
Merge branch 'main' of github.com:elastic/kibana into feat/osquery-te…
7504485 
…lemetry
@patrykkopycinski
WIP
ae29f18
@patrykkopycinski patrykkopycinski self-assigned this Jan 9, 2022
@patrykkopycinski patrykkopycinski added auto-backport Deprecated - use backport:version if exact versions are needed Feature:Osquery Security Solution Osquery feature release_note:skip Skip the PR/issue when compiling release notes Team:Asset Management Security Asset Management Team v8.1.0 labels Jan 9, 2022
@patrykkopycinski patrykkopycinski marked this pull request as ready for review February 7, 2022 12:57
@patrykkopycinski patrykkopycinski requested a review from a team as a code owner February 7, 2022 12:57
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-asset-management (Team:Asset Management)

@patrykkopycinski
Copy link
Contributor Author

@afharo would you mind taking a look at this PR again?

pjhampton
pjhampton approved these changes Feb 9, 2022
View reviewed changes
Copy link
Contributor

@pjhampton pjhampton left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🌔 🚀 ✨ LGTM ✨ 🚀 🌔

Looks good from a security telemetry pov. Thanks for all the hard work you put into this

@patrykkopycinski patrykkopycinski changed the title [Osquery] Add telemetry for live queries [Osquery] Add telemetry for packs and saved queries Feb 13, 2022
@patrykkopycinski
Copy link
Contributor Author

@elasticmachine merge upstream

tomsonpl
tomsonpl approved these changes Feb 13, 2022
View reviewed changes
Copy link
Contributor

@tomsonpl tomsonpl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@kibana-ci
Copy link
Collaborator

💚 Build Succeeded

Metrics [docs]

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
osquery 941.4KB 941.4KB -10.0B
Unknown metric groups

ESLint disabled in files

id before after diff
osquery 4 5 +1

ESLint disabled line counts

id before after diff
osquery 121 123 +2

Total ESLint disabled count

id before after diff
osquery 125 128 +3

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @patrykkopycinski

@patrykkopycinski patrykkopycinski merged commit 259d1b7 into elastic:main Feb 14, 2022
@patrykkopycinski patrykkopycinski deleted the feat/osquery-telemetry branch February 14, 2022 06:43
@kibanamachine kibanamachine mentioned this pull request Feb 14, 2022
Merged
kibanamachine pushed a commit to kibanamachine/kibana that referenced this pull request Feb 14, 2022
@patrykkopycinski @kibanamachine
[Osquery] Add telemetry for packs and saved queries (elastic#122501)
6659152 
(cherry picked from commit 259d1b7)
@kibanamachine
Copy link
Contributor

💚 All backports created successfully

Status Branch Result
8.1

Note: Successful backport PRs will be merged automatically after passing CI.

Questions ?

Please refer to the Backport tool documentation

kibanamachine added a commit that referenced this pull request Feb 14, 2022
@kibanamachine @patrykkopycinski
[8.1] [Osquery] Add telemetry for packs and saved queries (#122501) (#…
bf181b7 
…125466)

* [Osquery] Add telemetry for packs and saved queries (#122501)

(cherry picked from commit 259d1b7)

* fix types

Co-authored-by: Patryk Kopyciński <contact@patrykkopycinski.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mshustov mshustov mshustov left review comments

@afharo afharo afharo approved these changes

@pjhampton pjhampton pjhampton approved these changes

@tomsonpl tomsonpl tomsonpl approved these changes

Assignees

@patrykkopycinski patrykkopycinski

Labels
auto-backport Deprecated - use backport:version if exact versions are needed Feature:Osquery Security Solution Osquery feature release_note:skip Skip the PR/issue when compiling release notes Team:Asset Management Security Asset Management Team v8.1.0 v8.2.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
9 participants
@patrykkopycinski @afharo @stevewritescode @elasticmachine @kibana-ci @kibanamachine @mshustov @pjhampton @tomsonpl