[7.12][Security] Shellcode telemetry update for schema adjustment (#9…

…3143) (#93341) * Shellcode telemetry update for schema adjustment * Lint * Lint Co-authored-by: Kibana Machine <[email protected]> Co-authored-by: Kibana Machine <[email protected]>
elastic · Mar 3, 2021 · 6c63bb7 · 6c63bb7
1 parent 0398d35
commit 6c63bb7
Showing 1 changed file with 28 additions and 9 deletions.
diff --git a/x-pack/plugins/security_solution/server/lib/telemetry/sender.ts b/x-pack/plugins/security_solution/server/lib/telemetry/sender.ts
@@ -395,27 +395,45 @@ const allowlistEventFields: AllowlistFields = {
         Ext: {
           call_stack: true,
           start_address: true,
+          start_address_allocation_offset: true,
+          start_address_bytes: true,
+          start_address_bytes_disasm: true,
+          start_address_bytes_disasm_hash: true,
           start_address_details: {
-            address_offset: true,
             allocation_base: true,
             allocation_protection: true,
             allocation_size: true,
             allocation_type: true,
-            base_address: true,
-            bytes_start_address: true,
-            compressed_bytes: true,
-            dest_bytes: true,
-            dest_bytes_disasm: true,
-            dest_bytes_disasm_hash: true,
-            pe: {
+            bytes_address: true,
+            bytes_allocation_offset: true,
+            bytes_compressed: true,
+            mapped_pe: {
               Ext: {
+                code_signature: {
+                  status: true,
+                  subject_name: true,
+                  trusted: true,
+                },
                 legal_copyright: true,
                 product_version: true,
+              },
+              company: true,
+              description: true,
+              file_version: true,
+              imphash: true,
+              original_file_name: true,
+              product: true,
+            },
+            mapped_pe_path: true,
+            memory_pe: {
+              Ext: {
                 code_signature: {
                   status: true,
                   subject_name: true,
                   trusted: true,
                 },
+                legal_copyright: true,
+                product_version: true,
               },
               company: true,
               description: true,
@@ -424,7 +442,8 @@ const allowlistEventFields: AllowlistFields = {
               original_file_name: true,
               product: true,
             },
-            pe_detected: true,
+            memory_pe_detected: true,
+            region_base: true,
             region_protection: true,
             region_size: true,
             region_state: true,