Skip to content

Commit

Permalink
[7.12][Telemetry] Security telemetry allowlist fix. (#92850)
Browse files Browse the repository at this point in the history
* Security telemetry allowlist fix.

* Also add process.thread.
  • Loading branch information
pjhampton authored Feb 25, 2021
1 parent fa4dda0 commit 9306663
Showing 1 changed file with 58 additions and 57 deletions.
115 changes: 58 additions & 57 deletions x-pack/plugins/security_solution/server/lib/telemetry/sender.ts
Original file line number Diff line number Diff line change
Expand Up @@ -364,74 +364,75 @@ const allowlistEventFields: AllowlistFields = {
pid: true,
ppid: true,
},
Target: {
process: {
Ext: {
architecture: true,
code_signature: true,
dll: true,
token: {
integrity_level_name: true,
},
token: {
integrity_level_name: true,
},
thread: true,
},
Target: {
process: {
Ext: {
architecture: true,
code_signature: true,
dll: true,
token: {
integrity_level_name: true,
},
parent: {
process: {
Ext: {
architecture: true,
code_signature: true,
dll: true,
token: {
integrity_level_name: true,
},
},
parent: {
process: {
Ext: {
architecture: true,
code_signature: true,
dll: true,
token: {
integrity_level_name: true,
},
},
},
thread: {
Ext: {
call_stack: true,
start_address: true,
start_address_details: {
address_offset: true,
allocation_base: true,
allocation_protection: true,
allocation_size: true,
allocation_type: true,
base_address: true,
bytes_start_address: true,
compressed_bytes: true,
dest_bytes: true,
dest_bytes_disasm: true,
dest_bytes_disasm_hash: true,
pe: {
Ext: {
legal_copyright: true,
product_version: true,
code_signature: {
status: true,
subject_name: true,
trusted: true,
},
},
thread: {
Ext: {
call_stack: true,
start_address: true,
start_address_details: {
address_offset: true,
allocation_base: true,
allocation_protection: true,
allocation_size: true,
allocation_type: true,
base_address: true,
bytes_start_address: true,
compressed_bytes: true,
dest_bytes: true,
dest_bytes_disasm: true,
dest_bytes_disasm_hash: true,
pe: {
Ext: {
legal_copyright: true,
product_version: true,
code_signature: {
status: true,
subject_name: true,
trusted: true,
},
company: true,
description: true,
file_version: true,
imphash: true,
original_file_name: true,
product: true,
},
pe_detected: true,
region_protection: true,
region_size: true,
region_state: true,
strings: true,
company: true,
description: true,
file_version: true,
imphash: true,
original_file_name: true,
product: true,
},
pe_detected: true,
region_protection: true,
region_size: true,
region_state: true,
strings: true,
},
},
},
},
token: {
integrity_level_name: true,
},
},
};

Expand Down

0 comments on commit 9306663

Please sign in to comment.