Lead generation telemetry changes

Author: abhishekbhatia1710

x-pack/solutions/security/plugins/security_solution/public/common/lib/telemetry/events/entity_analytics/index.ts

@@ -423,6 +423,16 @@ const anomaliesCountClickedEvent: EntityAnalyticsTelemetryEvent = {
   },
 };
 
+export const leadGenerationGenerateClickedEvent: EntityAnalyticsTelemetryEvent = {
+  eventType: EntityEventTypes.LeadGenerationGenerateClicked,
+  schema: {},
+};
+
+export const leadGenerationLeadClickedEvent: EntityAnalyticsTelemetryEvent = {
+  eventType: EntityEventTypes.LeadGenerationLeadClicked,
+  schema: {},
+};
+
 export const entityTelemetryEvents = [
   entityClickedEvent,
   entityAlertsClickedEvent,
@@ -440,4 +450,6 @@ export const entityTelemetryEvents = [
   addRiskInputToTimelineClickedEvent,
   mlJobUpdateEvent,
   anomaliesCountClickedEvent,
+  leadGenerationGenerateClickedEvent,
+  leadGenerationLeadClickedEvent,
 ];

x-pack/solutions/security/plugins/security_solution/public/common/lib/telemetry/events/entity_analytics/types.ts

@@ -26,6 +26,8 @@ export enum EntityEventTypes {
   PrivilegedUserMonitoringCsvImported = 'Privileged User Monitoring CSV Imported',
   AnomaliesCountClicked = 'Anomalies Count Clicked',
   MLJobUpdate = 'ML Job Update',
+  LeadGenerationGenerateClicked = 'Lead Generation Generate Clicked',
+  LeadGenerationLeadClicked = 'Lead Generation Lead Clicked',
 }
 
 export enum ML_JOB_TELEMETRY_STATUS {
@@ -110,6 +112,11 @@ interface ReportMLJobUpdateParams {
   errorMessage?: string;
 }
 
+// eslint-disable-next-line @typescript-eslint/no-empty-interface
+interface ReportLeadGenerationGenerateClickedParams {}
+// eslint-disable-next-line @typescript-eslint/no-empty-interface
+interface ReportLeadGenerationLeadClickedParams {}
+
 export interface EntityAnalyticsTelemetryEventsMap {
   [EntityEventTypes.EntityDetailsClicked]: ReportEntityDetailsClickedParams;
   [EntityEventTypes.EntityAlertsClicked]: ReportEntityAlertsClickedParams;
@@ -128,6 +135,8 @@ export interface EntityAnalyticsTelemetryEventsMap {
   [EntityEventTypes.PrivilegedUserMonitoringCsvImported]: ReportAssetCriticalityCsvImportedParams;
   [EntityEventTypes.AnomaliesCountClicked]: ReportAnomaliesCountClickedParams;
   [EntityEventTypes.MLJobUpdate]: ReportMLJobUpdateParams;
+  [EntityEventTypes.LeadGenerationGenerateClicked]: ReportLeadGenerationGenerateClickedParams;
+  [EntityEventTypes.LeadGenerationLeadClicked]: ReportLeadGenerationLeadClickedParams;
 }
 
 export interface EntityAnalyticsTelemetryEvent {

x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/threat_hunting/top_threat_hunting_leads/use_hunting_leads.ts

@@ -5,9 +5,11 @@
  * 2.0.
  */
 
-import { useRef, useEffect, useState } from 'react';
+import { useRef, useEffect, useState, useCallback } from 'react';
 import { useQuery, useMutation, useQueryClient } from '@kbn/react-query';
 import { useAppToasts } from '../../../../common/hooks/use_app_toasts';
+import { useKibana } from '../../../../common/lib/kibana';
+import { EntityEventTypes } from '../../../../common/lib/telemetry';
 import { useEntityAnalyticsRoutes } from '../../../api/api';
 import { fromApiLead } from './types';
 import * as i18n from './translations';
@@ -39,6 +41,7 @@ export const useHuntingLeads = (isEnabled: boolean = true) => {
   } = useEntityAnalyticsRoutes();
   const queryClient = useQueryClient();
   const { addSuccess, addError } = useAppToasts();
+  const { telemetry } = useKibana().services;
   const abortCtrl = useRef(new AbortController());
   const [hasGenerated, setHasGenerated] = useState(false);
 
@@ -64,6 +67,7 @@ export const useHuntingLeads = (isEnabled: boolean = true) => {
       abortCtrl.current = new AbortController();
       const { signal } = abortCtrl.current;
 
+      telemetry.reportEvent(EntityEventTypes.LeadGenerationGenerateClicked, {});
       await generateLeadsApi({ params: {}, signal });
 
       if (signal.aborted) return;
@@ -97,6 +101,10 @@ export const useHuntingLeads = (isEnabled: boolean = true) => {
 
   const isLoading = isLeadsLoading || isStatusLoading;
 
+  const reportLeadClicked = useCallback(() => {
+    telemetry.reportEvent(EntityEventTypes.LeadGenerationLeadClicked, {});
+  }, [telemetry]);
+
   return {
     leads: data?.leads?.map(fromApiLead) ?? [],
     totalCount: data?.total ?? 0,
@@ -108,5 +116,6 @@ export const useHuntingLeads = (isEnabled: boolean = true) => {
     refetch,
     isScheduled: statusData?.isEnabled ?? false,
     toggleSchedule,
+    reportLeadClicked,
   };
 };

x-pack/solutions/security/plugins/security_solution/public/entity_analytics/pages/entity_analytics_home_page.tsx

@@ -78,6 +78,7 @@ export const EntityAnalyticsHomePage = () => {
     generate,
     isScheduled,
     toggleSchedule,
+    reportLeadClicked,
   } = useHuntingLeads(leadGenerationEnabled);
   const openAgentBuilderWithLead = useLeadAttachment();
 
@@ -131,8 +132,11 @@ export const EntityAnalyticsHomePage = () => {
   const handleCloseFlyout = useCallback(() => setIsFlyoutOpen(false), []);
 
   const handleOpenLeadInChat = useCallback(
-    (lead: HuntingLead) => openAgentBuilderWithLead(lead),
-    [openAgentBuilderWithLead]
+    (lead: HuntingLead) => {
+      reportLeadClicked();
+      openAgentBuilderWithLead(lead);
+    },
+    [openAgentBuilderWithLead, reportLeadClicked]
   );
 
   const handleHuntInChat = useCallback(() => {

x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/lead_generation/routes/generate_leads.ts

@@ -56,7 +56,7 @@ export const generateLeadsRoute = (
           const executionUuid = uuidv4();
           const riskScoreDataClient = secSol.getRiskScoreDataClient();
 
-          const [, startPlugins] = await getStartServices();
+          const [coreStart, startPlugins] = await getStartServices();
           const crudClient = startPlugins.entityStore.createCRUDClient(esClient, spaceId);
 
           void (async () => {
@@ -69,6 +69,7 @@ export const generateLeadsRoute = (
                 riskScoreDataClient,
                 executionId: executionUuid,
                 sourceType: 'adhoc',
+                analytics: coreStart.analytics,
               });
               logger.info(
                 `[LeadGeneration] Background generation completed (executionUuid=${executionUuid})`

x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/lead_generation/run_pipeline.ts

@@ -6,9 +6,10 @@
  */
 
 import { v4 as uuidv4 } from 'uuid';
-import type { ElasticsearchClient, Logger } from '@kbn/core/server';
+import type { AnalyticsServiceStart, ElasticsearchClient, Logger } from '@kbn/core/server';
 
 import type { LeadGenerationMode } from '../../../../common/entity_analytics/lead_generation/constants';
+import { LEAD_GENERATION_EXECUTION_EVENT } from '../../telemetry/event_based/events';
 import { getAlertsIndex } from '../../../../common/entity_analytics/utils';
 import { createLeadGenerationEngine } from './engine/lead_generation_engine';
 import { createRiskScoreModule } from './observation_modules/risk_score_module';
@@ -26,6 +27,7 @@ export interface RunPipelineParams {
   readonly riskScoreDataClient: RiskScoreDataClient;
   readonly executionId?: string;
   readonly sourceType: LeadGenerationMode;
+  readonly analytics?: AnalyticsServiceStart;
 }
 
 export interface RunPipelineResult {
@@ -44,6 +46,7 @@ export const runLeadGenerationPipeline = async ({
   riskScoreDataClient,
   executionId: providedExecutionId,
   sourceType,
+  analytics,
 }: RunPipelineParams): Promise<RunPipelineResult> => {
   const executionId = providedExecutionId ?? uuidv4();
   const pipelineStart = Date.now();
@@ -109,5 +112,11 @@ export const runLeadGenerationPipeline = async ({
     }ms (executionId=${executionId})`
   );
 
+  analytics?.reportEvent(LEAD_GENERATION_EXECUTION_EVENT.eventType, {
+    spaceId,
+    leadsGenerated: leads.length,
+    sourceType,
+  });
+
   return { total: leads.length };
 };

x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/lead_generation/tasks/lead_generation_task.ts

@@ -185,6 +185,7 @@ const runLeadGenerationTask = async ({
       spaceId: state.namespace,
       riskScoreDataClient,
       sourceType: 'scheduled',
+      analytics: core.analytics,
     });
   } catch (e) {
     logger.error(`[LeadGeneration] Error running scheduled lead generation task: ${e.message}`);

x-pack/solutions/security/plugins/security_solution/server/lib/telemetry/event_based/events.ts

@@ -1859,6 +1859,34 @@ export const GAP_DETECTED_EVENT: EventTypeOpts<{
   },
 };
 
+export const LEAD_GENERATION_EXECUTION_EVENT: EventTypeOpts<{
+  spaceId: string;
+  leadsGenerated: number;
+  sourceType: string;
+}> = {
+  eventType: 'lead_generation_execution',
+  schema: {
+    spaceId: {
+      type: 'keyword',
+      _meta: {
+        description: 'Space ID where lead generation was run',
+      },
+    },
+    leadsGenerated: {
+      type: 'long',
+      _meta: {
+        description: 'Number of leads successfully generated',
+      },
+    },
+    sourceType: {
+      type: 'keyword',
+      _meta: {
+        description: 'How lead generation was triggered: "adhoc" or "scheduled"',
+      },
+    },
+  },
+};
+
 export const events = [
   DETECTION_RULE_UPGRADE_EVENT,
   DETECTION_RULE_BULK_UPGRADE_EVENT,
@@ -1896,4 +1924,5 @@ export const events = [
   ...SIEM_MIGRATIONS_EVENTS,
   GAP_DETECTED_EVENT,
   ...TRIAL_COMPANION_EVENTS,
+  LEAD_GENERATION_EXECUTION_EVENT,
 ];