From 15155613c3d60a2e48a7e0c922ae09eb5d225acb Mon Sep 17 00:00:00 2001
From: Jason Ertel <jason.ertel@securityonionsolutions.com>
Date: Fri, 24 May 2024 08:23:45 -0400
Subject: [PATCH 1/2] provide default columns when viewing SOC logs

---
 salt/soc/defaults.yaml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/salt/soc/defaults.yaml b/salt/soc/defaults.yaml
index 86170b4ce..39960d946 100644
--- a/salt/soc/defaults.yaml
+++ b/salt/soc/defaults.yaml
@@ -1271,6 +1271,14 @@ soc:
         - netflow.type
         - netflow.exporter.version
         - observer.ip
+      ':soc:':
+        - soc_timestamp
+        - source.ip
+        - soc.fields.requestMethod
+        - soc.fields.requestPath
+        - soc.fields.statusCode
+        - event.action
+        - soc.fields.error
     server:
       bindAddress: 0.0.0.0:9822
       baseUrl: /

From bd11d59c15fb711332ab0c67423e217f2b4b1b70 Mon Sep 17 00:00:00 2001
From: Jason Ertel <jason.ertel@securityonionsolutions.com>
Date: Fri, 24 May 2024 08:38:12 -0400
Subject: [PATCH 2/2] add event.dataset since there are other datasets in soc
 logs

---
 salt/soc/defaults.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/salt/soc/defaults.yaml b/salt/soc/defaults.yaml
index 39960d946..9f5faf50b 100644
--- a/salt/soc/defaults.yaml
+++ b/salt/soc/defaults.yaml
@@ -1273,6 +1273,7 @@ soc:
         - observer.ip
       ':soc:':
         - soc_timestamp
+        - event.dataset
         - source.ip
         - soc.fields.requestMethod
         - soc.fields.requestPath