diff --git a/x-pack/plugins/security_solution/server/lib/telemetry/sender.ts b/x-pack/plugins/security_solution/server/lib/telemetry/sender.ts
index e8ef18ec798ae..6c0b9f4b8236e 100644
--- a/x-pack/plugins/security_solution/server/lib/telemetry/sender.ts
+++ b/x-pack/plugins/security_solution/server/lib/telemetry/sender.ts
@@ -464,6 +464,7 @@ const allowlistProcessFields: AllowlistFields = {
   args: true,
   name: true,
   executable: true,
+  code_signature: true,
   command_line: true,
   hash: true,
   pid: true,
@@ -555,8 +556,10 @@ const allowlistEventFields: AllowlistFields = {
   data_stream: true,
   ecs: true,
   elastic: true,
-  // behavioral protection re-nests some field sets under events.*
+  // behavioral protection re-nests some field sets under events.* (< 7.15)
   events: allowlistBaseEventFields,
+  // behavioral protection re-nests some field sets under Events.* (>=7.15)
+  Events: allowlistBaseEventFields,
   rule: {
     id: true,
     name: true,