Merge pull request #12720 from Security-Onion-Solutions/2.4/detections-defaults

Add default columns
2026-01-25 09:23:28 +01:00 · 2024-04-02 09:21:06 -04:00
parent 65f6b7022c 7f488422b0
commit 1001aa665d
1 changed files with 3 additions and 0 deletions
--- a/salt/soc/defaults.yaml
+++ b/salt/soc/defaults.yaml
@@ -2033,6 +2033,7 @@ soc:
              - so_detection.severity
              - so_detection.language
              - so_detection.ruleset
+              - soc_timestamp
          queries:
            - name: "All Detections"
              query: "_id:*"
@@ -2050,6 +2051,8 @@ soc:
              query: 'so_detection.language:sigma AND so_detection.content: "*product: windows*"'
            - name: "Detection Type - Yara (Strelka)"
              query: "so_detection.language:yara"
+            - name: "Security Onion - Grid Detections"
+              query: "so_detection.ruleset:securityonion-resources"
        detection:
          presets:
            severity: