From 1fb3a595735fdbebf9eed6e8649b5a919d1f2f61 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Fri, 11 Aug 2023 13:41:58 -0400 Subject: [PATCH] add missing annotations to avoid soc crash --- salt/soc/soc_soc.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/soc/soc_soc.yaml b/salt/soc/soc_soc.yaml index 03fd47e80..b2ed893f6 100644 --- a/salt/soc/soc_soc.yaml +++ b/salt/soc/soc_soc.yaml @@ -48,7 +48,7 @@ soc: forcedType: "[]{}" eventFields: default: - description: Event fields mappings are defined by the format ":event.module:event.dataset", so if you would like to customize which fields show for syslog events of originating from zeek you will find that entry in the left panel that looks like :zeek:syslog. This default entry is used for all events that do not match an existing mapping defined on the left side of this configuration screen. + description: Event fields mappings are defined by the format ":event.module:event.dataset". For example, to customize which fields show for 'syslog' events originating from 'zeek', find the eventField item in the left panel that looks like ':zeek:syslog'. This 'default' entry is used for all events that do not match an existing mapping defined in the list to the left. global: True advanced: True server: