From 261acee8a0a5d884f25b8e2e09127932bb41a0ca Mon Sep 17 00:00:00 2001
From: Corey Ogburn <corey.ogburn@securityonionsolutions.com>
Date: Tue, 20 Jun 2023 13:15:15 -0600
Subject: [PATCH] New Hunt queryToggleFilter

New filter to exclude soc logs from hunt results.
---
 salt/soc/defaults.yaml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/salt/soc/defaults.yaml b/salt/soc/defaults.yaml
index 156446b7f..2e7bdcaf0 100644
--- a/salt/soc/defaults.yaml
+++ b/salt/soc/defaults.yaml
@@ -1117,6 +1117,9 @@ soc:
             - name: caseExcludeToggle
               filter: 'NOT _index:"*:so-case*"'
               enabled: true
+            - name: socExcludeToggle
+              filter: 'NOT event.module:"soc"'
+              enabled: true
           queries:
             - name: Default Query
               description: Show all events grouped by the observer host