Add support for dns.resolved_ip

salt/soc/files/soc/sigma_so_pipeline.yaml

@@ -190,6 +190,15 @@ transformations:
       - type: logsource
         category: network
         service: dns
+    # Maps "network + http" to SO HTTP logs
+    - id: network_http_so_add-fields
+      type: add_condition
+      conditions:
+        tags: 'http'
+      rule_conditions:
+      - type: logsource
+        category: network
+        service: http
     # Maps "network + file" to SO file logs
     - id: network_file_so_add-fields
       type: add_condition