FEATURE: Add SOC default fields for CEF logs #14837

2025-12-06 09:12:45 +01:00 · 2025-07-14 12:07:02 -04:00
parent f8108e93d5
commit 10bf3e8fab
1 changed files with 8 additions and 0 deletions
--- a/salt/soc/defaults.yaml
+++ b/salt/soc/defaults.yaml
@@ -1343,6 +1343,14 @@ soc:
        - destination.ip
        - destination.port
        - message
+      ':cef:':
+        - soc_timestamp
+        - cef.device.event_class_id
+        - cef.device.vendor
+        - cef.device.product
+        - cef.device.version
+        - log.source.address
+        - message
    server:
      bindAddress: 0.0.0.0:9822
      baseUrl: /