FIX: Improve File dashboard #12914

salt/soc/defaults.yaml

@@ -1739,7 +1739,7 @@ soc:
               description: Process activity captured on an endpoint
               query: 'event.category:process | groupby host.name | groupby -sankey host.name user.name* | groupby user.name | groupby event.dataset event.action | groupby process.working_directory | groupby process.executable | groupby process.command_line | groupby process.parent.executable | groupby process.parent.command_line | groupby -sankey process.parent.executable process.executable | table soc_timestamp host.name user.name process.parent.name process.name event.action process.working_directory event.dataset'
             - name: Host File and Process Mappings
-              description: File activity captured on an endpoint
+              description: File activity mapped to originating processes
               query: 'event.category: file AND _exists_:process.name AND _exists_:process.executable | groupby host.name | groupby -sankey host.name process.name | groupby process.name | groupby process.executable | groupby event.dataset event.action event.type | groupby file.name'
             - name: Host Network and Process Mappings
               description: Network activity mapped to originating processes