Merge pull request #13076 from Security-Onion-Solutions/jertel/eaconfig

provide default columns when viewing SOC logs
Security-Onion-Solutions · May 24, 2024 · 19f9c4e · 19f9c4e
2 parents 7177392 + bd11d59
commit 19f9c4e
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/salt/soc/defaults.yaml b/salt/soc/defaults.yaml
@@ -1271,6 +1271,15 @@ soc:
         - netflow.type
         - netflow.exporter.version
         - observer.ip
+      ':soc:':
+        - soc_timestamp
+        - event.dataset
+        - source.ip
+        - soc.fields.requestMethod
+        - soc.fields.requestPath
+        - soc.fields.statusCode
+        - event.action
+        - soc.fields.error
     server:
       bindAddress: 0.0.0.0:9822
       baseUrl: /