[7.12][Telemetry] Security telemetry allowlist fix. (#92850) (#92926)

* Security telemetry allowlist fix. * Also add process.thread.
2025-04-24 17:59:23 -04:00 · 2021-02-26 00:37:31 +00:00 · 2021-02-26 00:37:31 +00:00 · db8c0894bc
commit db8c0894bc
parent 1e7eda2268
1 changed files with 62 additions and 61 deletions
--- a/x-pack/plugins/security_solution/server/lib/telemetry/sender.ts
+++ b/x-pack/plugins/security_solution/server/lib/telemetry/sender.ts
@ -364,73 +364,74 @@ const allowlistEventFields: AllowlistFields = {
      pid: true,
      ppid: true,
    },
-    Target: {
-      process: {
-        Ext: {
-          architecture: true,
-          code_signature: true,
-          dll: true,
-          token: {
-            integrity_level_name: true,
-          },
+    token: {
+      integrity_level_name: true,
+    },
+    thread: true,
+  },
+  Target: {
+    process: {
+      Ext: {
+        architecture: true,
+        code_signature: true,
+        dll: true,
+        token: {
+          integrity_level_name: true,
        },
-        parent: {
-          process: {
-            Ext: {
-              architecture: true,
-              code_signature: true,
-              dll: true,
-              token: {
-                integrity_level_name: true,
-              },
-            },
-          },
-        },
-        thread: {
+      },
+      parent: {
+        process: {
          Ext: {
-            call_stack: true,
-            start_address: true,
-            start_address_details: {
-              address_offset: true,
-              allocation_base: true,
-              allocation_protection: true,
-              allocation_size: true,
-              allocation_type: true,
-              base_address: true,
-              bytes_start_address: true,
-              compressed_bytes: true,
-              dest_bytes: true,
-              dest_bytes_disasm: true,
-              dest_bytes_disasm_hash: true,
-              pe: {
-                Ext: {
-                  legal_copyright: true,
-                  product_version: true,
-                  code_signature: {
-                    status: true,
-                    subject_name: true,
-                    trusted: true,
-                  },
-                },
-                company: true,
-                description: true,
-                file_version: true,
-                imphash: true,
-                original_file_name: true,
-                product: true,
-              },
-              pe_detected: true,
-              region_protection: true,
-              region_size: true,
-              region_state: true,
-              strings: true,
+            architecture: true,
+            code_signature: true,
+            dll: true,
+            token: {
+              integrity_level_name: true,
            },
          },
        },
      },
-    },
-    token: {
-      integrity_level_name: true,
+      thread: {
+        Ext: {
+          call_stack: true,
+          start_address: true,
+          start_address_details: {
+            address_offset: true,
+            allocation_base: true,
+            allocation_protection: true,
+            allocation_size: true,
+            allocation_type: true,
+            base_address: true,
+            bytes_start_address: true,
+            compressed_bytes: true,
+            dest_bytes: true,
+            dest_bytes_disasm: true,
+            dest_bytes_disasm_hash: true,
+            pe: {
+              Ext: {
+                legal_copyright: true,
+                product_version: true,
+                code_signature: {
+                  status: true,
+                  subject_name: true,
+                  trusted: true,
+                },
+              },
+              company: true,
+              description: true,
+              file_version: true,
+              imphash: true,
+              original_file_name: true,
+              product: true,
+            },
+            pe_detected: true,
+            region_protection: true,
+            region_size: true,
+            region_state: true,
+            strings: true,
+          },
+        },
+      },
    },
  },
 };