Update soc defaults.yaml to include dnp3_control and dnp3_objects eventfields

2026-02-03 13:53:29 +01:00 · 2022-12-10 07:33:09 -05:00
parent c4ea39d1ba
commit 187ca4c453
1 changed files with 36 additions and 0 deletions
--- a/salt/soc/defaults.yaml
+++ b/salt/soc/defaults.yaml
@@ -212,6 +212,24 @@ soc:
            - destination.port
            - dnp3.fc_reply
            - log.id.uid
+          '::dnp3_control':
+            - soc_timestamp
+            - source.ip
+            - source.port
+            - destination.ip
+            - destination.port
+            - dnp3.function_code
+            - dnp3.block_type
+            - log.id.uid
+          '::dnp3_objects':
+            - soc_timestamp
+            - source.ip
+            - source.port
+            - destination.ip
+            - destination.port
+            - dnp3.function_code
+            - dnp3.object_type
+            - log.id.uid
          '::dns':
            - soc_timestamp
            - source.ip
@@ -1415,6 +1433,24 @@ soc:
            - destination.port
            - dnp3.fc_reply
            - log.id.uid
+          '::dnp3_control':
+            - soc_timestamp
+            - source.ip
+            - source.port
+            - destination.ip
+            - destination.port
+            - dnp3.function_code
+            - dnp3.block_type
+            - log.id.uid
+          '::dnp3_objects':
+            - soc_timestamp
+            - source.ip
+            - source.port
+            - destination.ip
+            - destination.port
+            - dnp3.function_code
+            - dnp3.object_type
+            - log.id.uid
          '::dns':
            - soc_timestamp
            - source.ip