Skip to content

Commit 70ed37d

Browse files
pjhamptonkibanamachine
pjhampton
authored and
kibanamachine
committed
Update security telemetry allowlist. (#103471)
1 parent 0684c4b commit 70ed37d

2 files changed

Lines changed: 6 additions & 0 deletions

File tree

x-pack/plugins/security_solution/server/lib/telemetry/sender.test.ts

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -41,6 +41,7 @@ describe('TelemetryEventsSender', () => {
4141
version: '100',
4242
},
4343
file: {
44+
extension: '.exe',
4445
size: 3,
4546
created: 0,
4647
path: 'X',
@@ -72,6 +73,7 @@ describe('TelemetryEventsSender', () => {
7273
name: 'foo.exe',
7374
nope: 'nope',
7475
executable: null, // null fields are never allowlisted
76+
working_directory: '/some/usr/dir',
7577
},
7678
Target: {
7779
process: {
@@ -101,6 +103,7 @@ describe('TelemetryEventsSender', () => {
101103
version: '100',
102104
},
103105
file: {
106+
extension: '.exe',
104107
size: 3,
105108
created: 0,
106109
path: 'X',
@@ -126,6 +129,7 @@ describe('TelemetryEventsSender', () => {
126129
},
127130
process: {
128131
name: 'foo.exe',
132+
working_directory: '/some/usr/dir',
129133
},
130134
Target: {
131135
process: {

x-pack/plugins/security_solution/server/lib/telemetry/sender.ts

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -307,6 +307,7 @@ const allowlistProcessFields: AllowlistFields = {
307307
},
308308
},
309309
thread: true,
310+
working_directory: true,
310311
};
311312

312313
// Allow list for event-related fields, which can also be nested under events[]
@@ -322,6 +323,7 @@ const allowlistBaseEventFields: AllowlistFields = {
322323
},
323324
event: true,
324325
file: {
326+
extension: true,
325327
name: true,
326328
path: true,
327329
size: true,

0 commit comments

Comments
 (0)