-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[7.12][Telemetry] Security telemetry allowlist fix. #92850
Conversation
Pinging @elastic/security-solution (Team: SecuritySolution) |
Does this fix affect the sent data downstream? do we need to reach out to infra about this change? |
I have already updated the infra indexers @Bamieh. It was just this piece that is broken |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🚢
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we also add process.thread?
"thread": {
"Ext": {
"call_stack": [
{
"instruction_pointer": 140722403727300,
"memory_section": {
"memory_address": 140722403086336,
"memory_size": 1159168,
"protection": "R-X"
},
"module_path": "c:\\windows\\system32\\ntdll.dll",
"symbol_info": "c:\\windows\\system32\\ntdll.dll!ZwCreateThreadEx+0x14"
},
{
"instruction_pointer": 140722362113391,
"memory_section": {
"memory_address": 140722361929728,
"memory_size": 1122304,
"protection": "R-X"
},
"module_path": "c:\\windows\\system32\\kernelbase.dll",
"symbol_info": "c:\\windows\\system32\\kernelbase.dll!CreateRemoteThreadEx+0x29f"
},
{
"instruction_pointer": 140722391791069,
"memory_section": {
"memory_address": 140722391683072,
"memory_size": 516096,
"protection": "R-X"
},
"module_path": "c:\\windows\\system32\\kernel32.dll",
"symbol_info": "c:\\windows\\system32\\kernel32.dll!CreateThread+0x3d"
},
{
"instruction_pointer": 140697069180492,
"memory_section": {
"memory_address": 140697069096960,
"memory_size": 1785856,
"protection": "R-X"
},
"module_path": "c:\\git\\endpoint-dev\\build\\elastic\\windows\\msvc14\\x64\\releasestatic\\memoryprotectiontests.exe",
"symbol_info": "c:\\git\\endpoint-dev\\build\\elastic\\windows\\msvc14\\x64\\releasestatic\\memoryprotectiontests.exe!0x7FF696D4564C"
}
]
},
"id": 7680
},
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
💚 Build Succeeded
Metrics [docs]
History
To update your PR or re-run it, just comment with: cc @pjhampton |
…bana into task-manager/docs-monitoring * 'task-manager/docs-monitoring' of github.com:gmmorris/kibana: (40 commits) [Security Solution][Case][Bug] Improve case logging (elastic#91924) [Alerts][Doc] Added README documentation for alerts plugin status and framework health checks configuration options. (elastic#92761) Add warning for EQL and Threshold rules if exception list contains value list items (elastic#92914) [Security Solution][Case] Fix subcases bugs on detections and case view (elastic#91836) [APM] Always allow access to Profiling via URL (elastic#92889) [Vega] Allow image loading without CORS policy by changing the default to crossOrigin=null (elastic#91991) skip flaky suite (elastic#92114) [APM] Fix for default fields in correlations view (elastic#91868) (elastic#92090) chore(NA): bump bazelisk to v1.7.5 (elastic#92905) [Maps] fix selecting EMS basemap does not populate input (elastic#92711) API docs (elastic#92827) [kbn/test] add import/export support to KbnClient (elastic#92526) Test fix management scripted field filter functional test and unskip it (elastic#92756) [App Search] Create Curation view/functionality (elastic#92560) [Reporting/Discover] include the document's entire set of fields (elastic#92730) [Fleet] Add new index to fleet for artifacts being served out of fleet-server (elastic#92860) [Alerts][Doc] Added README documentation for API key invalidation configuration options. (elastic#92757) [Discover][docs] Add search for relevance (elastic#90611) [Alerts][Docs] Extended README.md and the user docs with the licensing information. (elastic#92564) [7.12][Telemetry] Security telemetry allowlist fix. (elastic#92850) ...
Summary
There was a bug in the allowlist layout for security telemetry in #91920
We are working on ways to make this easier to extend / manage / test in backref'd protections issue.
Checklist
The allowlist is already covered with tests - see #77200
Additional fields have been vetted for PII compliance by senior managers.
For maintainers