From d3c6a7478e2354cf3af27c5eade8579501a9c730 Mon Sep 17 00:00:00 2001
From: Melissa Kilby <melissa.kilby.oss@gmail.com>
Date: Fri, 13 Sep 2024 04:49:06 +0000
Subject: [PATCH] update(falco_metrics): change prometheus rules metric naming

Co-authored-by: Leonardo Grasso <me@leonardograsso.com>
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
---
 falco.yaml                        |  2 +-
 userspace/falco/falco_metrics.cpp | 16 ++++++++--------
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/falco.yaml b/falco.yaml
index 07d02abb501..4e243992fec 100644
--- a/falco.yaml
+++ b/falco.yaml
@@ -1067,7 +1067,7 @@ syscall_event_drops:
 # constant stats interval.
 #
 # `kernel_event_counters_per_cpu_enabled`: Detailed kernel event and drop counters
-# per CPU. typically used when debugging and not in production.
+# per CPU. Typically used when debugging and not in production.
 #
 # `libbpf_stats_enabled`: Exposes statistics similar to `bpftool prog show`,
 # providing information such as the number of invocations of each BPF program
diff --git a/userspace/falco/falco_metrics.cpp b/userspace/falco/falco_metrics.cpp
index 102af36cb44..162423878a9 100644
--- a/userspace/falco/falco_metrics.cpp
+++ b/userspace/falco/falco_metrics.cpp
@@ -216,14 +216,14 @@ std::string falco_metrics::to_text(const falco::app::state& state)
 				if (count > 0)
 				{
 					/* Examples ...
-						# HELP falcosecurity_falco_rules_counters_total https://falco.org/docs/metrics/
-						# TYPE falcosecurity_falco_rules_counters_total counter
-						falcosecurity_falco_rules_counters_total{priority="4",rule_name="Read sensitive file untrusted",source="syscall",tags="T1555, container, filesystem, host, maturity_stable, mitre_credential_access"} 10
-						# HELP falcosecurity_falco_rules_counters_total https://falco.org/docs/metrics/
-						# TYPE falcosecurity_falco_rules_counters_total counter
-						falcosecurity_falco_rules_counters_total{priority="5",rule_name="Unexpected UDP Traffic",source="syscall",tags="TA0011, container, host, maturity_incubating, mitre_exfiltration, network"} 1
+						# HELP falcosecurity_falco_rules_matches_total https://falco.org/docs/metrics/
+						# TYPE falcosecurity_falco_rules_matches_total counter
+						falcosecurity_falco_rules_matches_total{priority="4",rule_name="Read sensitive file untrusted",source="syscall",tags="T1555, container, filesystem, host, maturity_stable, mitre_credential_access"} 10
+						# HELP falcosecurity_falco_rules_matches_total https://falco.org/docs/metrics/
+						# TYPE falcosecurity_falco_rules_matches_total counter
+						falcosecurity_falco_rules_matches_total{priority="5",rule_name="Unexpected UDP Traffic",source="syscall",tags="TA0011, container, host, maturity_incubating, mitre_exfiltration, network"} 1
 					*/
-					auto metric = libs::metrics::libsinsp_metrics::new_metric("rules_counters",
+					auto metric = libs::metrics::libsinsp_metrics::new_metric("rules_matches",
 											METRICS_V2_RULE_COUNTERS,
 											METRIC_VALUE_TYPE_U64,
 											METRIC_VALUE_UNIT_COUNT,
@@ -300,7 +300,7 @@ std::string falco_metrics::to_text(const falco::app::state& state)
 			}
 			else if (strcmp(metric.name, "n_drops_buffer_total") == 0)
 			{
-				// Skip the libs aggregate metric since we distinguish between buffer drops using labels similar to the rules_counters
+				// Skip the libs aggregate metric since we distinguish between buffer drops using labels similar to the rules_matches
 				continue;
 			}
 			else if (strncmp(metric.name, "n_drops_buffer", 14) == 0) // prefix match