Merge pull request #10986 from Security-Onion-Solutions/fix/windows_e…

…vent_table

Fix/windows event table

salt/soc/defaults.yaml

@@ -69,7 +69,7 @@ soc:
         - log.id.uid
         - network.community_id
         - event.dataset
-      ':kratos:kratos.audit':
+      ':kratos:audit':
         - soc_timestamp
         - http_request.headers.x-real-ip
         - identity_id
@@ -570,14 +570,13 @@ soc:
         - destination.geo.country_iso_code
         - user.name
         - source.ip
-      ':windows.sysmon_operational:':
+      '::sysmon_operational':
         - soc_timestamp
         - event.action
-        - process.executable
+        - winlog.computer_name
         - user.name
-        - file.target
-        - dns.question.name
-        - winlog.event_data.TargetObject
+        - process.executable
+        - process.pid
       '::network_connection':
         - soc_timestamp
         - source.ip