CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

FEATURE: Add SOC default fields for CEF logs #14837

Browse Source
This commit is contained in:
Doug Burks
2025-07-14 12:07:02 -04:00
committed by GitHub
parent f8108e93d5
commit 10bf3e8fab
1 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
salt/soc/defaults.yaml
View File

@@ -1343,6 +1343,14 @@ soc:
- destination.ip - destination.ip
- destination.port - destination.port
- message - message
':cef:':
- soc_timestamp
- cef.device.event_class_id
- cef.device.vendor
- cef.device.product
- cef.device.version
- log.source.address
- message
server: server:
bindAddress: 0.0.0.0:9822 bindAddress: 0.0.0.0:9822
baseUrl: / baseUrl: /