diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc
index 58ce7ac0f65..40fd34b15e1 100644
--- a/CHANGELOG.next.asciidoc
+++ b/CHANGELOG.next.asciidoc
@@ -202,6 +202,7 @@ https://github.com/elastic/beats/compare/v8.8.1\...main[Check the HEAD diff]
 - Add container id to file events (Linux only, eBPF backend). {pull}38328[38328]
 - Add procfs backend to the `add_session_metadata` processor. {pull}38799[38799]
 - Add process.entity_id, process.group.name and process.group.id in add_process_metadata processor. Make fim module with kprobes backend to always add an appropriately configured add_process_metadata processor to enrich file events {pull}38776[38776]
+- Reduce data size for add_session_metadata processor by removing unneeded fields {pull}39500[39500]
 
 *Filebeat*
 
diff --git a/x-pack/auditbeat/processors/sessionmd/types/process.go b/x-pack/auditbeat/processors/sessionmd/types/process.go
index daf989ef3cd..8f52a9c5aa5 100644
--- a/x-pack/auditbeat/processors/sessionmd/types/process.go
+++ b/x-pack/auditbeat/processors/sessionmd/types/process.go
@@ -356,18 +356,6 @@ func (p *Process) ToMap() mapstr.M {
 		"pid":  p.PID,
 		"vpid": p.Vpid,
 		"args": p.Args,
-		"thread": mapstr.M{
-			"capabilities": mapstr.M{
-				"permitted": p.Thread.Capabilities.Permitted,
-				"effective": p.Thread.Capabilities.Effective,
-			},
-		},
-		"tty": mapstr.M{
-			"char_device": mapstr.M{
-				"major": p.TTY.CharDevice.Major,
-				"minor": p.TTY.CharDevice.Minor,
-			},
-		},
 		"parent": mapstr.M{
 			"entity_id":         p.Parent.EntityID,
 			"executable":        p.Parent.Executable,
@@ -384,12 +372,6 @@ func (p *Process) ToMap() mapstr.M {
 			},
 			"pid":  p.Parent.PID,
 			"args": p.Parent.Args,
-			"thread": mapstr.M{
-				"capabilities": mapstr.M{
-					"permitted": p.Parent.Thread.Capabilities.Permitted,
-					"effective": p.Parent.Thread.Capabilities.Effective,
-				},
-			},
 		},
 		"group_leader": mapstr.M{
 			"entity_id":         p.GroupLeader.EntityID,