From fc16411e234a47f94d83f5f8c917394ce83a06be Mon Sep 17 00:00:00 2001 From: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> Date: Tue, 24 Sep 2024 00:18:38 +1000 Subject: [PATCH] [8.15] [Security Solution] [Attack discovery] Includes the `user.target.name` field in the default Anonymization allow list to improve Attack discoveries (#193496) (#193563) # Backport This will backport the following commits from `main` to `8.15`: - [[Security Solution] [Attack discovery] Includes the `user.target.name` field in the default Anonymization allow list to improve Attack discoveries (#193496)](https://github.com/elastic/kibana/pull/193496) ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) Co-authored-by: Andrew Macri Co-authored-by: Elastic Machine --- x-pack/plugins/elastic_assistant/common/anonymization/index.ts | 2 ++ 1 file changed, 2 insertions(+) diff --git a/x-pack/plugins/elastic_assistant/common/anonymization/index.ts b/x-pack/plugins/elastic_assistant/common/anonymization/index.ts index b9d9718410a93..ebef2dff8bdef 100644 --- a/x-pack/plugins/elastic_assistant/common/anonymization/index.ts +++ b/x-pack/plugins/elastic_assistant/common/anonymization/index.ts @@ -107,6 +107,7 @@ export const DEFAULT_ALLOW = [ 'user.name', 'user.risk.calculated_level', 'user.risk.calculated_score_norm', + 'user.target.name', ]; /** By default, these fields will be anonymized */ @@ -114,6 +115,7 @@ export const DEFAULT_ALLOW_REPLACEMENT = [ 'host.ip', // not a default allow field, but anonymized by default 'host.name', 'user.name', + 'user.target.name', ]; export const getDefaultAnonymizationFields = (spaceId: string) => {