From 2f03cbf11535b8b33190da15b2695d724df75336 Mon Sep 17 00:00:00 2001
From: Doug Burks <doug.burks@securityonionsolutions.com>
Date: Tue, 2 Apr 2024 10:42:20 -0400
Subject: [PATCH] FEATURE: Add Events table columns for event.module strelka
 #12716

---
 salt/soc/defaults.yaml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/salt/soc/defaults.yaml b/salt/soc/defaults.yaml
index db98b6b2f..711bba8d6 100644
--- a/salt/soc/defaults.yaml
+++ b/salt/soc/defaults.yaml
@@ -570,6 +570,15 @@ soc:
         - file.mime_type
         - log.id.fuid
         - event.dataset
+      ':strelka:file':
+        - soc_timestamp
+        - file.name
+        - file.size
+        - hash.md5
+        - file.source
+        - file.mime_type
+        - log.id.fuid
+        - event.dataset  
       ':suricata:':
         - soc_timestamp
         - source.ip