From 261acee8a0a5d884f25b8e2e09127932bb41a0ca Mon Sep 17 00:00:00 2001
From: Corey Ogburn <corey.ogburn@securityonionsolutions.com>
Date: Tue, 20 Jun 2023 13:15:15 -0600
Subject: [PATCH 1/2] New Hunt queryToggleFilter

New filter to exclude soc logs from hunt results.
---
 salt/soc/defaults.yaml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/salt/soc/defaults.yaml b/salt/soc/defaults.yaml
index 156446b7f..2e7bdcaf0 100644
--- a/salt/soc/defaults.yaml
+++ b/salt/soc/defaults.yaml
@@ -1117,6 +1117,9 @@ soc:
             - name: caseExcludeToggle
               filter: 'NOT _index:"*:so-case*"'
               enabled: true
+            - name: socExcludeToggle
+              filter: 'NOT event.module:"soc"'
+              enabled: true
           queries:
             - name: Default Query
               description: Show all events grouped by the observer host

From fb27e7c479b1d25712545ce139d8f19e09dd7376 Mon Sep 17 00:00:00 2001
From: Corey Ogburn <corey.ogburn@securityonionsolutions.com>
Date: Thu, 22 Jun 2023 17:29:11 -0600
Subject: [PATCH 2/2] Also add to dashboard

Duplicate new queryToggleFilter from hunt to dashboard.
---
 salt/soc/defaults.yaml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/salt/soc/defaults.yaml b/salt/soc/defaults.yaml
index 2e7bdcaf0..81c334d32 100644
--- a/salt/soc/defaults.yaml
+++ b/salt/soc/defaults.yaml
@@ -1387,6 +1387,9 @@ soc:
             - name: caseExcludeToggle
               filter: 'NOT _index:"*:so-case*"'
               enabled: true
+            - name: socExcludeToggle
+              filter: 'NOT event.module:"soc"'
+              enabled: true
           queries:
             - name: Overview
               description: Overview of all events