From 187ca4c453a4a26799f6bd13f073a0e9433b2c75 Mon Sep 17 00:00:00 2001
From: Doug Burks <doug.burks@gmail.com>
Date: Sat, 10 Dec 2022 07:33:09 -0500
Subject: [PATCH] Update soc defaults.yaml to include dnp3_control and
 dnp3_objects eventfields

---
 salt/soc/defaults.yaml | 36 ++++++++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)

diff --git a/salt/soc/defaults.yaml b/salt/soc/defaults.yaml
index fd5c65e78..7541c6763 100644
--- a/salt/soc/defaults.yaml
+++ b/salt/soc/defaults.yaml
@@ -212,6 +212,24 @@ soc:
             - destination.port
             - dnp3.fc_reply
             - log.id.uid
+          '::dnp3_control':
+            - soc_timestamp
+            - source.ip
+            - source.port
+            - destination.ip
+            - destination.port
+            - dnp3.function_code
+            - dnp3.block_type
+            - log.id.uid
+          '::dnp3_objects':
+            - soc_timestamp
+            - source.ip
+            - source.port
+            - destination.ip
+            - destination.port
+            - dnp3.function_code
+            - dnp3.object_type
+            - log.id.uid
           '::dns':
             - soc_timestamp
             - source.ip
@@ -1415,6 +1433,24 @@ soc:
             - destination.port
             - dnp3.fc_reply
             - log.id.uid
+          '::dnp3_control':
+            - soc_timestamp
+            - source.ip
+            - source.port
+            - destination.ip
+            - destination.port
+            - dnp3.function_code
+            - dnp3.block_type
+            - log.id.uid
+          '::dnp3_objects':
+            - soc_timestamp
+            - source.ip
+            - source.port
+            - destination.ip
+            - destination.port
+            - dnp3.function_code
+            - dnp3.object_type
+            - log.id.uid
           '::dns':
             - soc_timestamp
             - source.ip