diff --git a/x-pack/plugins/security_solution/server/lib/telemetry/filters.ts b/x-pack/plugins/security_solution/server/lib/telemetry/filters.ts
index 938772ce72367..18c3baccf9aa0 100644
--- a/x-pack/plugins/security_solution/server/lib/telemetry/filters.ts
+++ b/x-pack/plugins/security_solution/server/lib/telemetry/filters.ts
@@ -111,6 +111,8 @@ export const allowlistEventFields: AllowlistFields = {
   events: allowlistBaseEventFields,
   // behavioral protection re-nests some field sets under Events.* (>=7.15)
   Events: allowlistBaseEventFields,
+  // behavioral protection response data under Response.* (>=7.15)
+  Responses: true,
   rule: {
     id: true,
     name: true,
diff --git a/x-pack/plugins/security_solution/server/lib/telemetry/sender.test.ts b/x-pack/plugins/security_solution/server/lib/telemetry/sender.test.ts
index a4f8033f1160d..d04d0ab49afe9 100644
--- a/x-pack/plugins/security_solution/server/lib/telemetry/sender.test.ts
+++ b/x-pack/plugins/security_solution/server/lib/telemetry/sender.test.ts
@@ -80,6 +80,7 @@ describe('TelemetryEventsSender', () => {
             executable: null, // null fields are never allowlisted
             working_directory: '/some/usr/dir',
           },
+          Responses: '{ "result": 0 }', // >= 7.15
           Target: {
             process: {
               name: 'bar.exe',
@@ -89,6 +90,9 @@ describe('TelemetryEventsSender', () => {
               },
             },
           },
+          threat: {
+            ignored_object: true, // this field is not allowlisted
+          },
         },
       ];
 
@@ -136,6 +140,7 @@ describe('TelemetryEventsSender', () => {
             name: 'foo.exe',
             working_directory: '/some/usr/dir',
           },
+          Responses: '{ "result": 0 }',
           Target: {
             process: {
               name: 'bar.exe',