[Security Solution] Add Persistence to allow filter list (#139515) (#139748)

* Add Persistence fields * [CI] Auto-commit changed files from 'node scripts/precommit_hook.js --ref HEAD~1..HEAD --fix' Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Colson Wilhoit <48036388+DefSecSentinel@users.noreply.github.com> (cherry picked from commit c6a360d978) Co-authored-by: Ricardo Ungureanu <81707160+ricardoungureanu@users.noreply.github.com>
2025-04-24 09:48:58 -04:00 · 2022-08-30 14:12:49 -04:00 · 2022-08-30 14:12:49 -04:00 · f9c7246560
commit f9c7246560
parent f7c7d82ab5
2 changed files with 13 additions and 0 deletions
--- a/x-pack/plugins/security_solution/server/lib/telemetry/filterlists/endpoint_alerts.ts
+++ b/x-pack/plugins/security_solution/server/lib/telemetry/filterlists/endpoint_alerts.ts
@ -102,6 +102,7 @@ const allowlistBaseEventFields: AllowlistFields = {
  user: {
    id: true,
  },
+  Persistence: true,
 };

 // Allow list for the data we include in the events. True means that it is deep-cloned
--- a/x-pack/plugins/security_solution/server/lib/telemetry/sender.test.ts
+++ b/x-pack/plugins/security_solution/server/lib/telemetry/sender.test.ts
@ -150,6 +150,12 @@ describe('TelemetryEventsSender', () => {
          threat: {
            ignored_object: true, // this field is not allowlisted
          },
+          Persistence: {
+            name: 'foo',
+            path: '/foo/bar',
+            runatload: true,
+            args: ['foo', 'bar'],
+          },
        },
      ];

@ -263,6 +269,12 @@ describe('TelemetryEventsSender', () => {
              },
            },
          },
+          Persistence: {
+            name: 'foo',
+            path: '/foo/bar',
+            runatload: true,
+            args: ['foo', 'bar'],
+          },
        },
      ]);
    });