From 3fd682a399e56959f0f12066937dea76773914fc Mon Sep 17 00:00:00 2001 From: Jessica David Date: Fri, 10 Sep 2021 16:47:43 -0400 Subject: [PATCH] Added in 'Responses' field in alert telemetry & updated test (#111892) # Conflicts: # x-pack/plugins/security_solution/server/lib/telemetry/filters.ts --- .../security_solution/server/lib/telemetry/sender.test.ts | 5 +++++ .../plugins/security_solution/server/lib/telemetry/sender.ts | 1 + 2 files changed, 6 insertions(+) diff --git a/x-pack/plugins/security_solution/server/lib/telemetry/sender.test.ts b/x-pack/plugins/security_solution/server/lib/telemetry/sender.test.ts index 4e6520b67ab05..45dbfb0af43bf 100644 --- a/x-pack/plugins/security_solution/server/lib/telemetry/sender.test.ts +++ b/x-pack/plugins/security_solution/server/lib/telemetry/sender.test.ts @@ -80,6 +80,7 @@ describe('TelemetryEventsSender', () => { executable: null, // null fields are never allowlisted working_directory: '/some/usr/dir', }, + Responses: '{ "result": 0 }', // >= 7.15 Target: { process: { name: 'bar.exe', @@ -89,6 +90,9 @@ describe('TelemetryEventsSender', () => { }, }, }, + threat: { + ignored_object: true, // this field is not allowlisted + }, }, ]; @@ -136,6 +140,7 @@ describe('TelemetryEventsSender', () => { name: 'foo.exe', working_directory: '/some/usr/dir', }, + Responses: '{ "result": 0 }', Target: { process: { name: 'bar.exe', diff --git a/x-pack/plugins/security_solution/server/lib/telemetry/sender.ts b/x-pack/plugins/security_solution/server/lib/telemetry/sender.ts index c7bb58dd2251b..34e00e7954e65 100644 --- a/x-pack/plugins/security_solution/server/lib/telemetry/sender.ts +++ b/x-pack/plugins/security_solution/server/lib/telemetry/sender.ts @@ -630,6 +630,7 @@ const allowlistEventFields: AllowlistFields = { events: allowlistBaseEventFields, // behavioral protection re-nests some field sets under Events.* (>=7.15) Events: allowlistBaseEventFields, + Responses: true, rule: { id: true, name: true,