Adding new fields to the allowlist for alert telemetry (#90868)

2025-04-23 09:19:04 -04:00 · 2021-02-10 11:26:58 -05:00 · 2021-02-10 11:26:58 -05:00 · d1653bc425
commit d1653bc425
parent f563a82903
3 changed files with 8 additions and 0 deletions
--- a/x-pack/plugins/security_solution/common/endpoint/generate_data.ts
+++ b/x-pack/plugins/security_solution/common/endpoint/generate_data.ts
@ -558,6 +558,8 @@ export class EndpointDocGenerator {
            version: '3.0.33',
          },
          temp_file_path: 'C:/temp/fake_malware.exe',
+          quarantine_result: true,
+          quarantine_message: 'fake quarantine message',
        },
      },
      process: {
--- a/x-pack/plugins/security_solution/server/lib/telemetry/sender.test.ts
+++ b/x-pack/plugins/security_solution/server/lib/telemetry/sender.test.ts
@ -47,6 +47,8 @@ describe('TelemetryEventsSender', () => {
              malware_classification: {
                key1: 'X',
              },
+              quarantine_result: true,
+              quarantine_message: 'this file is bad',
              something_else: 'nope',
            },
          },
@ -79,6 +81,8 @@ describe('TelemetryEventsSender', () => {
              malware_classification: {
                key1: 'X',
              },
+              quarantine_result: true,
+              quarantine_message: 'this file is bad',
            },
          },
          host: {
--- a/x-pack/plugins/security_solution/server/lib/telemetry/sender.ts
+++ b/x-pack/plugins/security_solution/server/lib/telemetry/sender.ts
@ -320,6 +320,8 @@ const allowlistEventFields: AllowlistFields = {
    Ext: {
      code_signature: true,
      malware_classification: true,
+      quarantine_result: true,
+      quarantine_message: true,
    },
  },
  host: {