From 4cc7aabdab970f50cb784f5f0c67a217279fe58b Mon Sep 17 00:00:00 2001 From: Pete Hampton Date: Thu, 25 Feb 2021 16:52:48 +0000 Subject: [PATCH 1/2] Security telemetry allowlist fix. --- .../server/lib/telemetry/sender.ts | 114 +++++++++--------- 1 file changed, 57 insertions(+), 57 deletions(-) diff --git a/x-pack/plugins/security_solution/server/lib/telemetry/sender.ts b/x-pack/plugins/security_solution/server/lib/telemetry/sender.ts index e153c6d42225f..3220e70527544 100644 --- a/x-pack/plugins/security_solution/server/lib/telemetry/sender.ts +++ b/x-pack/plugins/security_solution/server/lib/telemetry/sender.ts @@ -364,74 +364,74 @@ const allowlistEventFields: AllowlistFields = { pid: true, ppid: true, }, - Target: { - process: { - Ext: { - architecture: true, - code_signature: true, - dll: true, - token: { - integrity_level_name: true, - }, + token: { + integrity_level_name: true, + }, + }, + Target: { + process: { + Ext: { + architecture: true, + code_signature: true, + dll: true, + token: { + integrity_level_name: true, }, - parent: { - process: { - Ext: { - architecture: true, - code_signature: true, - dll: true, - token: { - integrity_level_name: true, - }, + }, + parent: { + process: { + Ext: { + architecture: true, + code_signature: true, + dll: true, + token: { + integrity_level_name: true, }, }, }, - thread: { - Ext: { - call_stack: true, - start_address: true, - start_address_details: { - address_offset: true, - allocation_base: true, - allocation_protection: true, - allocation_size: true, - allocation_type: true, - base_address: true, - bytes_start_address: true, - compressed_bytes: true, - dest_bytes: true, - dest_bytes_disasm: true, - dest_bytes_disasm_hash: true, - pe: { - Ext: { - legal_copyright: true, - product_version: true, - code_signature: { - status: true, - subject_name: true, - trusted: true, - }, + }, + thread: { + Ext: { + call_stack: true, + start_address: true, + start_address_details: { + address_offset: true, + allocation_base: true, + allocation_protection: true, + allocation_size: true, + allocation_type: true, + base_address: true, + bytes_start_address: true, + compressed_bytes: true, + dest_bytes: true, + dest_bytes_disasm: true, + dest_bytes_disasm_hash: true, + pe: { + Ext: { + legal_copyright: true, + product_version: true, + code_signature: { + status: true, + subject_name: true, + trusted: true, }, - company: true, - description: true, - file_version: true, - imphash: true, - original_file_name: true, - product: true, }, - pe_detected: true, - region_protection: true, - region_size: true, - region_state: true, - strings: true, + company: true, + description: true, + file_version: true, + imphash: true, + original_file_name: true, + product: true, }, + pe_detected: true, + region_protection: true, + region_size: true, + region_state: true, + strings: true, }, }, }, }, - token: { - integrity_level_name: true, - }, }, }; From 58edf6042c16f140489656cc1f658fa0846d39b4 Mon Sep 17 00:00:00 2001 From: Pete Hampton Date: Thu, 25 Feb 2021 18:16:41 +0000 Subject: [PATCH 2/2] Also add process.thread. --- x-pack/plugins/security_solution/server/lib/telemetry/sender.ts | 1 + 1 file changed, 1 insertion(+) diff --git a/x-pack/plugins/security_solution/server/lib/telemetry/sender.ts b/x-pack/plugins/security_solution/server/lib/telemetry/sender.ts index 3220e70527544..6ce42eabeca5e 100644 --- a/x-pack/plugins/security_solution/server/lib/telemetry/sender.ts +++ b/x-pack/plugins/security_solution/server/lib/telemetry/sender.ts @@ -367,6 +367,7 @@ const allowlistEventFields: AllowlistFields = { token: { integrity_level_name: true, }, + thread: true, }, Target: { process: {