github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-24 17:59:23 -04:00
Code Issues Projects Releases Packages Wiki Activity

Security Telemetry: Allow env vars through on security telemtery record. (#153000)

Browse source 
## Summary

Lets `env_vars` through on security endpoint telemetry alert record.
An artifact will be released independently before 8.8.

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
This commit is contained in:
Pete Hampton 2023-03-16 13:39:39 -04:00 committed by GitHub
parent 0ca0717a29
commit 8746648d1a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 3 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
x-pack/plugins/security_solution/server/lib/telemetry/filterlists/endpoint_alerts.ts
View file

@ -15,6 +15,7 @@ const baseAllowlistFields: AllowlistFields = {
executable: true,
code_signature: true,
command_line: true,
env_vars: true,
hash: true,
pid: true,
pe: true,

2
x-pack/plugins/security_solution/server/lib/telemetry/sender.test.ts
View file

@ -178,6 +178,7 @@ describe('TelemetryEventsSender', () => {
executable: null, // null fields are never allowlisted
working_directory: '/some/usr/dir',
entity_id: 'some_entity_id',
env_vars: [{ name: 'foo', value: 'bar' }],
Ext: {
protection: 'PsProtectedSignerAntimalware-Light',
relative_file_creation_time: 48628704.4029488,
@ -355,6 +356,7 @@ describe('TelemetryEventsSender', () => {
name: 'foo.exe',
working_directory: '/some/usr/dir',
entity_id: 'some_entity_id',
env_vars: [{ name: 'foo', value: 'bar' }],
Ext: {
protection: 'PsProtectedSignerAntimalware-Light',
relative_file_creation_time: 48628704.4029488,