[8.18] [Security Solution] Add telemetry for upgrading rule using single UPDATE button (#236893) (#237343)

# Backport

This will backport the following commits from `main` to `8.18`:
- [[Security Solution] Add telemetry for upgrading rule using single
UPDATE button (#236893)](#236893)

<!--- Backport version: 9.6.6 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT [{"author":{"name":"Jacek
Kolezynski","email":"[email protected]"},"sourceCommit":{"committedDate":"2025-10-02T15:52:57Z","message":"[Security
Solution] Add telemetry for upgrading rule using single UPDATE button
(#236893)\n\n**Partially addresses:** #140369\n\n## Summary\n\nThis is
another PR from of a series of PRs I am planning to create to\ncover the
requirements in the\nhttps://github.com//issues/140369
ticket.\n\n\nThe requirement covered in this PR is: \"Collect events of
singular rule\nupdates without opening review flyout, with information
about missing\nbase
version.\"","sha":"d486d45a69f3e6317647f820bb5d82a62e13b085","branchLabelMapping":{"^v9.3.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:Detections
and Resp","Team: SecuritySolution","Team:Detection Rule
Management","Feature:Prebuilt Detection
Rules","backport:version","v9.2.0","v8.18.8","v8.19.5","v9.0.8","v9.1.5","v9.3.0"],"title":"[Security
Solution] Add telemetry for upgrading rule using single UPDATE
button","number":236893,"url":"https://github.com/elastic/kibana/pull/236893","mergeCommit":{"message":"[Security
Solution] Add telemetry for upgrading rule using single UPDATE button
(#236893)\n\n**Partially addresses:** #140369\n\n## Summary\n\nThis is
another PR from of a series of PRs I am planning to create to\ncover the
requirements in the\nhttps://github.com//issues/140369
ticket.\n\n\nThe requirement covered in this PR is: \"Collect events of
singular rule\nupdates without opening review flyout, with information
about missing\nbase
version.\"","sha":"d486d45a69f3e6317647f820bb5d82a62e13b085"}},"sourceBranch":"main","suggestedTargetBranches":["9.2","8.18","8.19","9.0","9.1"],"targetPullRequestStates":[{"branch":"9.2","label":"v9.2.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.18","label":"v8.18.8","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.19","label":"v8.19.5","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"9.0","label":"v9.0.8","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"9.1","label":"v9.1.5","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.3.0","branchLabelMappingKey":"^v9.3.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/236893","number":236893,"mergeCommit":{"message":"[Security
Solution] Add telemetry for upgrading rule using single UPDATE button
(#236893)\n\n**Partially addresses:** #140369\n\n## Summary\n\nThis is
another PR from of a series of PRs I am planning to create to\ncover the
requirements in the\nhttps://github.com//issues/140369
ticket.\n\n\nThe requirement covered in this PR is: \"Collect events of
singular rule\nupdates without opening review flyout, with information
about missing\nbase
version.\"","sha":"d486d45a69f3e6317647f820bb5d82a62e13b085"}}]}]
BACKPORT-->

Co-authored-by: Jacek Kolezynski <[email protected]>

Author: kibanamachine

x-pack/solutions/security/plugins/security_solution/public/common/lib/telemetry/events/rule_upgrade/index.ts

@@ -8,7 +8,7 @@
 import type { RuleUpgradeTelemetryEvent } from './types';
 import { RuleUpgradeEventTypes } from './types';
 
-export const flyoutButtonClickEvent: RuleUpgradeTelemetryEvent = {
+export const ruleUpgradeFlyoutButtonClickEvent: RuleUpgradeTelemetryEvent = {
   eventType: RuleUpgradeEventTypes.RuleUpgradeFlyoutButtonClick,
   schema: {
     type: {
@@ -28,7 +28,20 @@ export const flyoutButtonClickEvent: RuleUpgradeTelemetryEvent = {
   },
 };
 
-export const openFlyoutEvent: RuleUpgradeTelemetryEvent = {
+export const ruleUpgradeSingleButtonClickEvent: RuleUpgradeTelemetryEvent = {
+  eventType: RuleUpgradeEventTypes.RuleUpgradeSingleButtonClick,
+  schema: {
+    hasBaseVersion: {
+      type: 'boolean',
+      _meta: {
+        description: 'Indicates if the rule has base version',
+        optional: false,
+      },
+    },
+  },
+};
+
+export const ruleUpgradeOpenFlyoutEvent: RuleUpgradeTelemetryEvent = {
   eventType: RuleUpgradeEventTypes.RuleUpgradeFlyoutOpen,
   schema: {
     hasMissingBaseVersion: {
@@ -41,4 +54,8 @@ export const openFlyoutEvent: RuleUpgradeTelemetryEvent = {
   },
 };
 
-export const ruleUpgradeTelemetryEvents = [flyoutButtonClickEvent, openFlyoutEvent];
+export const ruleUpgradeTelemetryEvents = [
+  ruleUpgradeFlyoutButtonClickEvent,
+  ruleUpgradeOpenFlyoutEvent,
+  ruleUpgradeSingleButtonClickEvent,
+];

x-pack/solutions/security/plugins/security_solution/public/common/lib/telemetry/events/rule_upgrade/types.ts

@@ -8,19 +8,25 @@ import type { RootSchema } from '@kbn/core/public';
 
 export enum RuleUpgradeEventTypes {
   RuleUpgradeFlyoutButtonClick = 'Click Rule Upgrade Flyout Button',
+  RuleUpgradeSingleButtonClick = 'Click Rule Upgrade Single Button',
   RuleUpgradeFlyoutOpen = 'Open Rule Upgrade Flyout',
 }
 interface ReportRuleUpgradeFlyoutButtonClickParams {
   type: 'update' | 'dismiss';
   hasMissingBaseVersion: boolean;
 }
 
+interface ReportRuleUpgradeSingleButtonClickParams {
+  hasBaseVersion: boolean;
+}
+
 interface ReportRuleUpgradeFlyoutOpenParams {
   hasMissingBaseVersion: boolean;
 }
 
 export interface RuleUpgradeTelemetryEventsMap {
   [RuleUpgradeEventTypes.RuleUpgradeFlyoutButtonClick]: ReportRuleUpgradeFlyoutButtonClickParams;
+  [RuleUpgradeEventTypes.RuleUpgradeSingleButtonClick]: ReportRuleUpgradeSingleButtonClickParams;
   [RuleUpgradeEventTypes.RuleUpgradeFlyoutOpen]: ReportRuleUpgradeFlyoutOpenParams;
 }
 

x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/upgrade_prebuilt_rules_table/use_upgrade_prebuilt_rules_table_columns.tsx

@@ -15,13 +15,14 @@ import {
   EuiToolTip,
 } from '@elastic/eui';
 import React, { useMemo } from 'react';
+import { RuleUpgradeEventTypes } from '../../../../../common/lib/telemetry/events/rule_upgrade/types';
 import { ThreeWayDiffConflict } from '../../../../../../common/api/detection_engine';
 import type { RuleUpgradeState } from '../../../../rule_management/model/prebuilt_rule_upgrade/rule_upgrade_state';
 import { RulesTableEmptyColumnName } from '../rules_table_empty_column_name';
 import { SHOW_RELATED_INTEGRATIONS_SETTING } from '../../../../../../common/constants';
 import type { RuleSignatureId } from '../../../../../../common/api/detection_engine/model/rule_schema';
 import { PopoverItems } from '../../../../../common/components/popover_items';
-import { useUiSetting$ } from '../../../../../common/lib/kibana';
+import { useKibana, useUiSetting$ } from '../../../../../common/lib/kibana';
 import { hasUserCRUDPermission } from '../../../../../common/utils/privileges';
 import { IntegrationsPopover } from '../../../../../detections/components/rules/related_integrations/integrations_popover';
 import { SeverityBadge } from '../../../../../common/components/severity_badge';
@@ -184,7 +185,8 @@ const createUpgradeButtonColumn = (
   openRulePreview: UpgradePrebuiltRulesTableActions['openRulePreview'],
   loadingRules: RuleSignatureId[],
   isDisabled: boolean,
-  isPrebuiltRulesCustomizationEnabled: boolean
+  isPrebuiltRulesCustomizationEnabled: boolean,
+  telemetry: ReturnType<typeof useKibana>['services']['telemetry']
 ): TableColumn => ({
   field: 'rule_id',
   name: <RulesTableEmptyColumnName name={i18n.UPDATE_RULE_BUTTON} />,
@@ -220,7 +222,12 @@ const createUpgradeButtonColumn = (
       <EuiButtonEmpty
         size="s"
         disabled={isUpgradeButtonDisabled}
-        onClick={() => upgradeRules([ruleId])}
+        onClick={() => {
+          telemetry.reportEvent(RuleUpgradeEventTypes.RuleUpgradeSingleButtonClick, {
+            hasBaseVersion: record.has_base_version === true,
+          });
+          upgradeRules([ruleId]);
+        }}
         data-test-subj={`upgradeSinglePrebuiltRuleButton-${ruleId}`}
       >
         {isRuleUpgrading ? spinner : i18n.UPDATE_RULE_BUTTON}
@@ -241,6 +248,7 @@ export const useUpgradePrebuiltRulesTableColumns = (): TableColumn[] => {
   } = useUpgradePrebuiltRulesTableContext();
   const isDisabled = isRefetching || isUpgradingSecurityPackages;
   const { isRulesCustomizationEnabled } = usePrebuiltRulesCustomizationStatus();
+  const { telemetry } = useKibana().services;
 
   return useMemo(
     () => [
@@ -277,7 +285,8 @@ export const useUpgradePrebuiltRulesTableColumns = (): TableColumn[] => {
               openRulePreview,
               loadingRules,
               isDisabled,
-              isRulesCustomizationEnabled
+              isRulesCustomizationEnabled,
+              telemetry
             ),
           ]
         : []),
@@ -290,6 +299,7 @@ export const useUpgradePrebuiltRulesTableColumns = (): TableColumn[] => {
       loadingRules,
       isDisabled,
       isRulesCustomizationEnabled,
+      telemetry,
     ]
   );
 };